Postfix issue. Need help please.

Discussion in 'Server Operation' started by fr0stsp1re, Feb 6, 2013.

  1. fr0stsp1re

    fr0stsp1re New Member

    Hello all,

    I am a n00b here so please forgive me if I sound a bit n00bish on these questions.

    So I recently gave Microsoft products the boot and discovered free open source. Recently I ran across ISPConfig (which is awesome work to whomever the compliments are owed.) I went ahead and followed the perfect server tutorial using Ubuntu 12.04 and Apache2.

    Everything was working fine for about 30 days. One day out of the blue I was not able to receive any incoming mail.

    I sent into my domain e mails from yahoo,gmail and windows live mail. All of them bounced with an error. This was the error in the bounce message:

    554 5.7.1 <[]>: Client host rejected: Access denied

    So I went into my and commented out smtpd_client_restrictions=permit from this part of the configuration

    submission inet n - - - - smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING

    That seemed to allow incoming mail but then I started getting an unusual error from yahoo and microsofts web mail. The bounce message read:

    Remote host said: 530 5.7.0 Must issue a STARTTLS command first [MAIL_FROM]

    So upon doing some research the only answer I could find was to switch off TLS in the by adding another line.

    That works. But randomly. SOme messages will get in, others will bounce. I am using only my yahoo account to test it. It seems gmail woks fine.

    I have no idea what is going on. Checking the mail.log I dont see anything in there other than the same error messages that I am finding in the bounce e mail headers. Can anyone be of help?

    Here is the output of postconf -n

    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    append_dot_mydomain = no
    biff = no
    body_checks = regexp:/etc/postfix/body_checks
    broken_sasl_auth_clients = yes
    config_directory = /etc/postfix
    content_filter = amavis:[]:10024
    dovecot_destination_recipient_limit = 1
    header_checks = regexp:/etc/postfix/header_checks
    html_directory = /usr/share/doc/postfix/html
    inet_interfaces = all
    mailbox_size_limit = 0
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    message_size_limit = 0
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    mydestination =, localhost, localhost.localdomain
    myhostname =
    mynetworks = [::1]/128
    myorigin = /etc/mailname
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    owner_request_special = no
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    readme_directory = /usr/share/doc/postfix
    receive_override_options = no_address_mappings
    recipient_delimiter = +
    relay_domains = mysql:/etc/postfix/
    relay_recipient_maps = mysql:/etc/postfix/
    relayhost =
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    smtpd_client_message_rate_limit = 100
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/, reject_unauth_destination
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_sasl_path = private/auth
    smtpd_sasl_type = dovecot
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/
    smtpd_tls_auth_only = no
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_security_level = none
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtpd_use_tls = no
    transport_maps = proxy:mysql:/etc/postfix/
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/, proxy:mysql:/etc/postfix/, hash:/var/lib/mailman/data/virtual-mailman
    virtual_gid_maps = static:5000
    virtual_mailbox_base = /var/vmail
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/
    virtual_transport = dovecot
    virtual_uid_maps = static:5000
    postconf: warning: /etc/postfix/ unused parameter: smtpd_bind_address=

    Also I noticed that when I commented out the line in my I now get a unused parameter warning when I restart the service.


    Oh yeah, I also checked to see if I was blacklisted and no my server and domain are not listed. DNS seems to resolve ok too. Dig shows proper MX record for my server.
  2. fr0stsp1re

    fr0stsp1re New Member

    Anyone have any ideas?

    This is driving me batty. None of it makes sense as some mail gets in, others do not. I can send into my network 10 e mails from the same address and some will get in others will not so it is not a domain thing. tried gmail, yahoo, msn, aol. Same results with all of them.
  3. falko

    falko Super Moderator ISPConfig Developer

    Is there anything in the mail_access table in the ISPConfig database?
  4. fr0stsp1re

    fr0stsp1re New Member

    The table is empty.

    I set smtpd_tls_security_level to "may" and things seem to be working fine for the moment. However everything was running great and I did not have to change anything at all.
  5. falko

    falko Super Moderator ISPConfig Developer

    AFAIK, this is the default setting. Did you or anyone else modify it?
  6. fr0stsp1re

    fr0stsp1re New Member

    No I did not. Mine was set to encrypt by default. I figure it was forcing TLS on servers trying to connect. It would seem that some servers out there still are not using TLS by default. So I set that to "May" and things seem to be working fine now. Not seeing anything in mail.log that is rejecting anything now.

    I don't quite understand the ins and outs TLS as well as I should so correct me if my above statement is wrong and my configuration should be set another way.

Share This Page