ispconfig postifx centos 5.7

[djoey]

It seems mailboxes arent receiving e-mail properly:

Code:

tcp        0      0 0.0.0.0:993                 0.0.0.0:*                   LISTEN      2470/dovecot
tcp        0      0 0.0.0.0:995                 0.0.0.0:*                   LISTEN      2470/dovecot
tcp        0      0 127.0.0.1:199               0.0.0.0:*                   LISTEN      13207/snmpd
tcp        0      0 127.0.0.1:10024             0.0.0.0:*                   LISTEN      11773/amavisd (mast
tcp        0      0 127.0.0.1:10025             0.0.0.0:*                   LISTEN      10412/master
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      2441/mysqld
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      2470/dovecot
tcp        0      0 127.0.0.1:3310              0.0.0.0:*                   LISTEN      2353/clamd
tcp        0      0 0.0.0.0:143                 0.0.0.0:*                   LISTEN      2470/dovecot
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1959/portmap
tcp        0      0 0.0.0.0:912                 0.0.0.0:*                   LISTEN      2002/rpc.statd
tcp        0      0 xx.xx.xx.xx:53            0.0.0.0:*                   LISTEN      8139/named
tcp        0      0 xx.xx.xx.xx:53            0.0.0.0:*                   LISTEN      8139/named
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      8139/named
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      2604/pure-ftpd (SER
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      2308/cupsd
tcp        0      0 xx.xx.xx.xx:25            0.0.0.0:*                   LISTEN      10412/master
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      10412/master
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      8139/named
tcp        0      0 :::993                      :::*                        LISTEN      2470/dovecot
tcp        0      0 :::995                      :::*                        LISTEN      2470/dovecot
tcp        0      0 :::110                      :::*                        LISTEN      2470/dovecot
tcp        0      0 :::143                      :::*                        LISTEN      2470/dovecot
tcp        0      0 :::8080                     :::*                        LISTEN      11604/httpd
tcp        0      0 :::80                       :::*                        LISTEN      11604/httpd
tcp        0      0 :::8081                     :::*                        LISTEN      11604/httpd
tcp        0      0 :::53                       :::*                        LISTEN      8139/named
tcp        0      0 :::21                       :::*                        LISTEN      2604/pure-ftpd (SER
tcp        0      0 :::22                       :::*                        LISTEN      2295/sshd
tcp        0      0 ::1:953                     :::*                        LISTEN      8139/named
tcp        0      0 :::443                      :::*                        LISTEN      11604/httpd

This is in the maillog:

Code:

Dec 13 16:31:18 linuxserver postfix/smtpd[10598]: connect from mailserver.fap.com[xx.xx.xx.xx]
Dec 13 16:31:18 linuxserver postfix/smtpd[10598]: CC6A2267011A: client=mailserver.fap.com[xx.xx.xx.xx]
Dec 13 16:31:19 linuxserver postfix/cleanup[11827]: CC6A2267011A: message-id=<7C850B548D274C44B5016C7EE9ED386AE87BEF44@mailserver.fap.com>
Dec 13 16:31:19 linuxserver postfix/qmgr[10415]: CC6A2267011A: from=<test@fap.com>, size=4142, nrcpt=1 (queue active)
Dec 13 16:31:19 linuxserver postfix/smtpd[10598]: disconnect from mail.fap.com[xx.xx.xx.xx]
Dec 13 16:31:19 linuxserver postfix/qmgr[10415]: CC6A2267011A: to=<recipient@website.org>, relay=none, delay=0.59, delays=0.55/0.04/0/0, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting)
Dec 13 16:32:01 linuxserver postfix/smtpd[10598]: connect from localhost.localdomain[127.0.0.1]
Dec 13 16:32:01 linuxserver postfix/smtpd[10598]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
Dec 13 16:32:01 linuxserver postfix/smtpd[10598]: disconnect from localhost.localdomain[127.0.0.1]
Dec 13 16:32:01 linuxserver dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Dec 13 16:32:01 linuxserver dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured

All necessary services seem to be running, it receives email from the sending server but the it deffers the mail being delivered to the mailbox because of initial server greeting? Or perhaps amavisd?

Need help on this one.

[djoey]

I think i know what the problem is, but i'm unsure how to resolve it.

I have 2 public IP's on my machine so i set the smtp_bind_address in main.cf

Apperantly postfix now tries to connect from the specified public IP to amavis.
But amavis doesn't allow that, it only allows connections from localhost.

This is what get's logged in the maillog:

amavis[21502]: (!)DENIED ACCESS from IP mypublicIP, policy bank ''

[djoey]

Sorry for spamming this topic. instead of using smtp_bind_address i have set the inet_interfaces to only use localhost and the IP i want to use for postfix. Now incoming email is working properly.

But will this also make sure outgoing e-mail is always sent from that single public IP? faqforge is stating we need to use smtp_bind_address but apperantly that cannot be use combined with amavis, perhaps worth mentioning on the site?

I tried other solutions in amavisd.conf:
adding:

$inet_socket_bind = undef; # binds to all IP interfaces if undef
@inet_acl = qw( 127.0.0.1 [::1] x.x.x.40/32 );

But that didn't work either in combination with the smto_bind_address set.
Hopefully this will help some people when they are looking for an answer next time.

[falko]

Quote:

Originally Posted by djoey

But will this also make sure outgoing e-mail is always sent from that single public IP?

No, you need smtp_bind_address for it.

These links might help:

http://www.mail-archive.com/amavis-u.../msg10465.html
http://groups.google.com/group/maili...8a3d1ba2?pli=1

[djoey]

Got it to work including the smtp_bind_address!

first edit /etc/amavisd.conf

To allow connections from the IP you have set as smtp_bind_address add:

Code:

@inet_acl = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 IP4/32 );

And then to bind amavisd to all listen to all interfaces:

Code:

$inet_socket_bind = undef;

Now we also need to set that amavisd resends the scanned e-mail to the correct interface because we later will specify this in the master.cf file

Uncomment the existing lines and add your IP4

Code:

$notify_method  = 'smtp:[IP4]:10025';
$forward_method = 'smtp:[IP4]:10025';

Now we edit main.cf to make the return and scanned mail send listen on the IP4:

Code:

amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

IP4:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=IP4
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=IP4

Afterwards we can add smtp_bind_address in /etc/postfix/main.cf
This will work combined with amavis.