postfix smtp 4.3.5 Server configuration error

Discussion in 'Installation/Configuration' started by Alexisjaja, Dec 16, 2016.

  1. Alexisjaja

    Alexisjaja New Member

    Hi,
    well i realy need help here. I got my ISP config server running, and was happy until the update of ISPconfig.
    Then mail server is no more working. I'm browsing google and feel absolutly desesperated ! so i ask for help.
    I get "4.3.5 Server configuration error" when i'm trying to send mail with smtp.
    here are stranges logs
    Code:
    Dec 15 16:57:17 cherchedieu dovecot: imap-login: Login: user=<postmaster@cherchedieu.net>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=19607, secured, session=<Fgt5iblDoQB/AAAB>
    Dec 15 16:57:18 cherchedieu dovecot: imap(postmaster@cherchedieu.net): Disconnected: Logged out in=79 out=779
    Dec 15 16:58:01 cherchedieu postfix/smtpd[19394]: connect from localhost[127.0.0.1]
    Dec 15 16:58:01 cherchedieu postfix/smtpd[19394]: lost connection after CONNECT from localhost[127.0.0.1]
    Dec 15 16:58:01 cherchedieu postfix/smtpd[19394]: disconnect from localhost[127.0.0.1]
    Dec 15 16:58:01 cherchedieu dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<UacYjLlDNgB/AAAB>
    Dec 15 16:58:01 cherchedieu dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<xsoYjLlDpgB/AAAB>
    Dec 15 16:58:34 cherchedieu postfix/qmgr[19361]: 34B491211B7: from=<somemail@gmail.com>, size=3041, nrcpt=1 (queue active)
    Dec 15 16:58:34 cherchedieu postfix/qmgr[19361]: warning: connect to transport private/amavis: Connection refused
    Dec 15 16:58:34 cherchedieu postfix/error[19648]: 34B491211B7: to=<postmaster@cherchedieu.net>, relay=none, delay=271664, delays=271664/0.01/0/0.01, dsn=4.3.0, status=deferred (mail transport unavailable)
    Dec 15 16:58:55 cherchedieu postfix/anvil[19365]: statistics: max connection rate 1/60s for (submission:185.100.216.159) at Dec 15 16:53:40
    Dec 15 16:58:55 cherchedieu postfix/anvil[19365]: statistics: max connection count 1 for (submission:185.100.216.159) at Dec 15 16:53:40
    Dec 15 16:58:55 cherchedieu postfix/anvil[19365]: statistics: max cache size 1 at Dec 15 16:53:40
    Dec 15 16:59:01 cherchedieu postfix/smtpd[19394]: connect from localhost[127.0.0.1]
    Dec 15 16:59:01 cherchedieu postfix/smtpd[19394]: lost connection after CONNECT from localhost[127.0.0.1]
    Dec 15 16:59:01 cherchedieu postfix/smtpd[19394]: disconnect from localhost[127.0.0.1]
    
    master.cf
    Code:
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    
    myhostname = mail.cherchedieu.net
    mydomain = cherchedieu.net
    myorigin = /etc/mailname
    mydestination = $myhostname, localhost, localhost.localdomain
    mynetworks_style = host
    
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    # mynetworks = 127.0.0.0/8 [::1]/128 178.62.100.158
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = ipv4
    virtual_transport = dovecot
    message_size_limit = 0
    relayhost =
    readme_directory = no
    
    # SASL SUPPORT FOR CLIENTS
    # The following options set parameters needed by Postfix to enable
    # Cyrus-SASL support for authentication of mail clients.
    #
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_local_domain = $myhostname
    broken_sasl_auth_clients = yes
    
    virtual_alias_domains =
    # virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/e$
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
    virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
    smtpd_sasl_auth_enable = yes
    # smtpd_sasl_application_name     = smtpd
    smtpd_recipient_restrictions    = permit_sasl_authenticated,
                                      permit_mynetworks,
                                      reject_unauth_destination,
                                      reject_invalid_hostname,
                                      reject_non_fqdn_hostname,
                                      reject_non_fqdn_sender,
                                      reject_non_fqdn_recipient,
                                      reject_unknown_sender_domain,
                                      reject_unknown_recipient_domain,
                                      reject_unauth_pipelining,
                                      reject_rbl_client zen.spamhaus.org,
                                      reject_rbl_client bl.spamcop.net,
                                      reject_rbl_client dnsbl.njabl.org,
                                      reject_rbl_client dnsbl.sorbs.net,
                                      permit
    
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    # TLS parameters
    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_use_tls=yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    smtpd_relay_restrictions = permit_mynetworks permit_ssl_authenticated defer_unauth_destination
    
    
    

    and main.cf
    Code:
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    
    myhostname = mail.cherchedieu.net
    mydomain = cherchedieu.net
    myorigin = /etc/mailname
    mydestination = $myhostname, localhost, localhost.localdomain
    mynetworks_style = host
    
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    # mynetworks = 127.0.0.0/8 [::1]/128 178.62.100.158
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = ipv4
    virtual_transport = dovecot
    message_size_limit = 0
    relayhost =
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    
    myhostname = mail.cherchedieu.net
    mydomain = cherchedieu.net
    myorigin = /etc/mailname
    mydestination = $myhostname, localhost, localhost.localdomain
    mynetworks_style = host
    
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    # mynetworks = 127.0.0.0/8 [::1]/128 178.62.100.158
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = ipv4
    virtual_transport = dovecot
    message_size_limit = 0
    relayhost =
    smtpd_recipient_restrictions    = permit_sasl_authenticated,
                                      permit_mynetworks,
                                      reject_unauth_destination,
                                      reject_invalid_hostname,
                                      reject_non_fqdn_hostname,
                                      reject_non_fqdn_sender,
                                      reject_non_fqdn_recipient,
                                      reject_unknown_sender_domain,
                                      reject_unknown_recipient_domain,
                                      reject_unauth_pipelining,
                                      reject_rbl_client zen.spamhaus.org,
                                      reject_rbl_client bl.spamcop.net,
                                      reject_rbl_client dnsbl.njabl.org,
                                      reject_rbl_client dnsbl.sorbs.net,
                                      permit
    
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    
    
    
    # TLS parameters
    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_use_tls=yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    smtpd_relay_restrictions = permit_mynetworks permit_ssl_authenticated defer_unauth_destination
    
    help from the postfix gurus would be realy apreciated
    thanks a lot for caring !
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Which ISPConfig version do you use?
     
  3. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    warning: connect to transport private/amavis: Connection refused - is amavis running?
     
  4. Alexisjaja

    Alexisjaja New Member

    hello,
    ispconfig is : 3.1.1p1

    as i'm working the week end (i posted saturday morning i think) it changed a litle.
    now here is the situation:
    i cannot get mails from outside. from somemail@gmail.com to blabla@mysite.net
    but i can recive from inside. from blabla@exemple.net to blablabla@exemple.net
    I can also send mail from my client mail.(smtp)

    here are the modified files main and master cf
    thanks for folowing.
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version



    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no


    append_dot_mydomain = no



    readme_directory = no
    inet_protocols = ipv4

    # TLS parameters
    #smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    #smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    #smtpd_use_tls=yes
    #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    #smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    # smtpd_tls_cert_file=/etc/dovecot/dovecot.pem
    #smtpd_tls_key_file=/etc/dovecot/private/dovecot.pem

    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


    smtpd_use_tls=yes
    smtpd_tls_auth_only = yes

    #Enabling SMTP for authenticated users, and handing off authentication to Dovecot
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

    # virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/e$
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    #smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, r$
    #smtpd_tls_security_level = may
    # transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc$
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    # proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $vir$


    smtpd_recipient_restrictions =
    permit_mynetworks,
    reject_unauth_destination,
    permit
    smtpd_data_restrictions =
    reject_unauth_pipelining,
    permit

    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot

    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

    smtp_sasl_auth_enable = no
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options =
    # import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY$
    message_size_limit = 0



    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    myhostname = exemple.net
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    # mydestination = cherchedieu.net, mail.exemple.net, localhost
    mydestination = localhost
    relayhost =
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all

    master.cf
    # Postfix master process configuration file. For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master" or
    # on-line: http://www.postfix.org/master.5.html).
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type private unpriv chroot wakeup maxproc command + args
    # (yes) (yes) (yes) (never) (100)
    # ==========================================================================
    smtp inet n - - - - smtpd
    #smtp inet n - - - 1 postscreen
    #smtpd pass - - - - - smtpd
    #dnsblog unix - - - - 0 dnsblog
    #tlsproxy unix - - - - 0 tlsproxy

    submission inet n - - - - smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,check_relay_domains,reject
    -o smtpd_reject_unlisted_recipient=no
    # -o smtpd_client_restrictions=$mua_client_restrictions
    # -o smtpd_helo_restrictions=$mua_helo_restrictions
    # -o smtpd_sender_restrictions=$mua_sender_restrictions
    -o smtpd_recipient_restrictions=
    -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING
    # -o smtpd_sasl_type=dovecot
    # -o smtpd_sasl_path=private/auth
    smtps inet n - - - - smtpd
    -o syslog_name=postfix/smtps
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=
    -o smtpd_reject_unlisted_recipient=no
    #
    -o smtpd_recipient_restrictions=
    -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING

    #628 inet n - - - - qmqpd
    pickup unix n - - 60 1 pickup
    cleanup unix n - - - 0 cleanup
    qmgr unix n - n 300 1 qmgr
    #qmgr unix n - n 300 1 oqmgr
    tlsmgr unix - - - 1000? 1 tlsmgr
    rewrite unix - - - - - trivial-rewrite
    bounce unix - - - - 0 bounce
    defer unix - - - - 0 bounce
    trace unix - - - - 0 bounce
    verify unix - - - - 1 verify
    flush unix n - - 1000? 0 flush
    proxymap unix - - n - - proxymap
    proxywrite unix - - n - 1 proxymap
    smtp unix - - - - - smtp
    relay unix - - - - - smtp

    showq unix n - - - - showq
    error unix - - - - - error
    retry unix - - - - - error
    discard unix - - - - - discard
    local unix - n n - - local
    virtual unix - n n - - virtual
    lmtp unix - - - - - lmtp
    anvil unix - - - - 1 anvil
    scache unix - - - - 1 scache
    ${recipient}
    maildrop unix - n n - - pipe
    flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}



    # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

    uucp unix - n n - - pipe
    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

    ifmail unix - n n - - pipe
    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp unix - n n - - pipe
    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix - n n - 2 pipe
    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman unix - n n - - pipe
    flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
    ${nexthop} ${user}

    dovecot unix - n n - - pipe
    flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
    # amavis unix - - - - 2 smtp
    # -o smtp_data_done_timeout=1200
    # -o smtp_send_xforward_command=yes

    127.0.0.1:10025 inet n - - - - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    Dec 19 07:38:01 exemple postfix/smtpd[29890]: connect from localhost.localdomain[127.0.0.1]
    Dec 19 07:38:01 exemple postfix/smtpd[29890]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    Dec 19 07:38:01 exemple postfix/smtpd[29890]: disconnect from localhost.localdomain[127.0.0.1]
    Dec 19 07:38:01 exemple dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<vCa6MAJEtQB/AAAB>
    Dec 19 07:38:01 exemple dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<OCm6MAJEsQB/AAAB>
    Dec 19 07:39:02 exemple postfix/smtpd[29890]: connect from localhost.localdomain[127.0.0.1]
    Dec 19 07:39:02 cherchedieu postfix/smtpd[29890]: lost
     
  5. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    This is not the master.cf from postfix with ispconfig 3.1. it seems, that you either did not choose reconfigure services during the update or you have a custom-config for postfix installed.
     
  6. Alexisjaja

    Alexisjaja New Member

    you are right ... i look like i'm lost after having tried a lot of tutos and tried to understand how it works.
    is there some solution to do agin config... without loosing my data !
     
  7. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    you can run install.php again and choose "reconfigure services"
     
  8. Alexisjaja

    Alexisjaja New Member

    i'm going to try that
    thanks for helping
     
  9. Alexisjaja

    Alexisjaja New Member

    hem, after install i deleted the "install" repertory, do i have to upload it again? or the all ispconfig software?
    sory for asking but i do not want to do it wrong !!
    thansk a lot
     
  10. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    Code:
    cd /tmp
    wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
    tar xfz ISPConfig-3-stable.tar.gz
    cd ispconfig3_install/install/
    php -q update.php
     
  11. Alexisjaja

    Alexisjaja New Member

    ok,
    thanks so much,
    still having problem with receving mail from outsite (it works for sending, and reciving form inside)
    i think i's in this log (as much as i understand)

    (in a file because of the limit)
     

    Attached Files:

  12. Alexisjaja

    Alexisjaja New Member

    okay
    all right now,
    it was the port 25 that was blocked by the firewall...
    Thanks a lot for helping me, go back to safety.
    God bless you all
    Thanks
    ALexis
     

Share This Page