Can not receive mails

Discussion in 'Installation/Configuration' started by Curtis Maurand, Feb 26, 2021.

  1. Hello,
    I've been following this thread with fascination and difficulty. I just did two upgrades and I'm not sure which update was the problem. First I run Devuan, not Debian or Ubuntu. My system does not have systemd on it. Consider it Debian without sytemd. I state the debian versions this is based on above. Until now, it has been running fine. I upgraded the machine from Devuan Ascii (Debian Jesse) to Devuan Beowulf (Debian Buster) via apt-get dist-upgrade per the instructions on Devuan's website. I had to solve dovecot SSL troubles due to changes between 2.1 and 2.3. I then upgraded ispconfig to 3.2. Now I can no longer receive email from outside. I've tried sending between my hosted domains and it works fine.

    All of the posts that I've been reading involve postgrey not listening on 127.0.0.1:10023. That is not my issue.
    Please let me know what you need from me. I do have the differences in the main.cf and master.cf files handy. The error I get is the same amorphous "Server configuration problem"

    I did edit the main.cf and comment out the lines involving postgrey and it made no difference.

    Please tell me what you need. I'm pasting the diff between the two main.cf's below.
    Thanks, Curtis
    ********** Begin diff output *******************
    input file left: /var/backup/ispconfig_sirius.xyonet.com_2021-02-25_06-32/etc/postfix/main.cf
    input file right: /etc/postfix/main.cf
    < smtpd_tls_cert_file = /etc/letsencrypt/live/sirius.xyonet.com/fullchain.pem
    < smtpd_tls_key_file = /etc/letsencrypt/live/sirius.xyonet.com/privkey.pem
    ---
    > smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    > smtpd_tls_key_file = /etc/postfix/smtpd.key
    38c38
    < smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    ---
    > smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    50c50
    < inet_protocols = ipv4
    ---
    > inet_protocols = all
    52,53c52,53
    < virtual_alias_domains =
    < virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    ---
    > virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf
    > virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    57,58c57,58
    < virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
    < virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
    ---
    > virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
    > virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
    63,65c63,65
    < smtpd_restriction_classes = greylisting
    < greylisting = check_policy_service inet:127.0.0.1:10023
    < smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
    ---
    > #smtpd_restriction_classes = greylisting
    > #greylisting = check_policy_service inet:127.0.0.1:10023
    > smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:/etc/postfix/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status
    68c68
    < relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    ---
    > relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    70c70
    < relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    ---
    > relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    72c72
    < proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
    ---
    > proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
    74,76c74,76
    < smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
    < smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    < smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    ---
    > smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit
    > smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf
    > smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining , permit
    80c80
    < virtual_transport = dovecot
    ---
    > virtual_transport = lmtp:unix:private/dovecot-lmtp
    86c86
    < smtp_tls_security_level = may
    ---
    > smtp_tls_security_level = dane
    99c99
    < content_filter = amavis:[127.0.0.1]:10024
    ---
    > content_filter = lmtp:[127.0.0.1]:10024
    101a102,112
    > smtpd_reject_unlisted_sender = yes
    > smtpd_etrn_restrictions = permit_mynetworks, reject
    > smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
    > smtpd_tls_mandatory_ciphers = medium
    > tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
    > tls_preempt_cipherlist = yes
    > address_verify_negative_refresh_time = 60s
    > enable_original_recipient = no
    > smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS
    > address_verify_sender_ttl = 15686s
    > smtp_dns_support_level = dnssec
     
    Last edited: Feb 26, 2021
  2. Hello,
    An update. I copied the older main.cf back to /etc backing up the new one prior to the copy. Postfix is working, so there is something in that new config that broke postfix. There was essentially no difference in the master.cf files. Looking at that cf file, it looks like it assumes systemd. We don't all run systemd.

    Thanks, curtis
     
    Last edited: Feb 26, 2021
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Jesse Norell likes this.
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    What do you mean by that?

    The only thing that stands out as maybe likely is the path to the lmtp socket; I don't know if that is created by systemd or elsewhere.

    What do you get in mail log when starting postfix and/or when sending mail from the outside?
     

Share This Page