Mal wieder Postfix

B

BrainPain

Well-Known Member
Hallo Leute,

ich denke ich habe nun endlich Postfix zum Laufen bekommen.
Wenn ich nun jedoch mal eine Testmail via telnet schicken möchte wird jedes Mal nach Eingabe der Empfängeradresse die Verbindung abgebrochen.

Code: 
# telnet 192.168.0.2 smtp
Trying 192.168.0.2...
Connected to 192.168.0.2.
Escape character is '^]'.
220 mail.xxx.com ESMTP Postfix
ehlo example.com
250-mail.xxx.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<test@example.com>
250 2.1.0 Ok
rcpt to:<chris@xxx.com>
Connection closed by foreign host.

Im maillog steht dazu folgendes:
Code: 
Jan  9 15:23:37 mail postfix/smtpd[9416]: cannot load Certificate Authority data
Jan  9 15:23:37 mail postfix/smtpd[9416]: connect from unknown[192.168.0.2]
Jan  9 15:24:17 mail postfix/cleanup[9424]: fatal: unexpected command-line argument: =
Jan  9 15:24:18 mail postfix/master[9233]: warning: process /usr/local/libexec/postfix/cleanup pid 9424 exit status 1
Jan  9 15:24:18 mail postfix/master[9233]: warning: /usr/local/libexec/postfix/cleanup: bad command startup -- throttling
Jan  9 15:24:18 mail postfix/smtpd[9416]: fatal: unable to connect to the public pre-cleanup service
Jan  9 15:24:19 mail postfix/master[9233]: warning: process /usr/local/libexec/postfix/smtpd pid 9416 exit status 1
Jan  9 15:24:19 mail postfix/master[9233]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling

Wäre nett wenn da jemand helfen könnte.

Viele Grüße
 
Hast Du Aenderungen an der master.cf gemacht? Anscheinend kann Postfix das cleanup Binary nicht starten, weil die Argumente falsch sind.

HTH
 
Hallo BrainPain,

wenn Du einen Zeilenumbruch in der master.cf machst, weil zu viele Argumente drinstehen, mußt Du unbedingt darauf achten, dass in der neuen Zeile zwei Leerzeichen am Anfang stehen. Nur so weiß der Parser, dass die Zeilen zusammengehören.

Viele Grüße

JueDan
 
Hi Leute,

danke für die Antworten.

hier die master.cf:
Code: 
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
#smtp      inet  n       -       n       -       -       smtpd
#submission inet n       -       n       -       -       smtpd
#  -o smtpd_enforce_tls=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps     inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628      inet  n       -       n       -       -       qmqpd
#pickup    fifo  n       -       n       60      1       pickup
#cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
#local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#
# ====================================================================

# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp      unix  -       n       n       -       -       pipe
#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient
)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail    unix  -       n       n       -       -       pipe
#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp     unix  -       n       n       -       -       pipe
#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipien
t
#
#scalemail-backend unix -       n       n       -       2       pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#
#mailman   unix  -       n       n       -       -       pipe
#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
#  ${nexthop} ${user}

smtp                 inet      n      -      n      -      -      smtpd
  -o cleanup_service_name=pre-cleanup
  -o content_filter=smtp-amavis:[[192.168.0.2]]:10024
  
pickup               fifo      n      -      n      60     1      pickup
  -o cleanup_service_name=pre-cleanup

smtp-amavis          unix      -      -      n      -      2      lmtp
  -o smtp_send_xforward_command=yes

192.168.0.2:10025      inet      n      -      n      -      -      smtpd
  -o cleanup_service_name=pre-cleanup
  -o local_recipient_maps =
  -o relay_recipient_maps =
  -o smtpd_restriction_classes =
  -o smtpd_client_restrictions =
  -o smtpd_helo_restrictions =
  -o smtpd_sender_restrictions =
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=192.168.0.2/24
  -o strict_rfc821_envelopes=yes
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000

192.168.0.2:10026      inet      n      -      n      -      -      smtpd
  -o local_recipient_maps =
  -o relay_recipient_maps =
  -o smtpd_restriction_classes =
  -o smtpd_client_restrictions =
  -o smtpd_helo_restrictions =
  -o smtpd_sender_restrictions =
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=192.168.0.2/24
  -o strict_rfc821_envelopes=yes
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000

cleanup              unix      n      -      n      -      0      cleanup
  -o header_checks =
  -o mime_header_checks =
  -o nested_header_checks =
  -o body_checks =

pre-cleanup          unix      n      -      n      -      0      cleanup
  -o canonical_maps =
  -o sender_canonical_maps =
  -o recipient_canonical_maps =
  -o masquerade_domains =
  -o always_bcc =
  -o sender_bcc_maps =
  -o recipient_bcc_maps =

local                unix      -      n      n      -      -      local
  -o content_filter =
  -o myhostname=HOSTNAME
  -o local_recipient_maps =
  -o relay_recipient_maps =
  -o mynetworks=192.168.0.2/24
  -o mynetworks_style=host
  -o smtpd_restriction_classes =
  -o smtpd_client_restrictions =
  -o smtpd_helo_restrictions =
  -o smtpd_sender_restrictions =
  -o smtpd_recipient_restrictions=permit_mynetworks,reject

Sorry für die vielen Kommentare. Ich denke mal dass das Problem daher kommt dass öfters mal ein Gleichzeichen da ist und jedoch nix auf der anderen Seite steht, oder?

Viele Grüße
 
Hallo BrainPain,

Du hast um die "=" Leerzeichen platziert. Das darfst Du nicht:belehren:
Man-page master.cf(5):
NOTE 1: do not specify whitespace around the"=".

Viele Grüße

JueDan
 
Vielen Dank juedan,

das scheint es wirklich gewesen zu sein. Eigentlich seltsam, da ich schwören könnte dass ich in der master.cf nur die IP angepasst hätte. Nun komme ich ein wenig weiter:
Code: 
# telnet 192.168.0.2 smtp
Trying 192.168.0.2...
Connected to 192.168.0.2.
Escape character is '^]'.
220 mail.xxx.com ESMTP Postfix
ehlo example.com
250-mail.xxx.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<test@example.com>
250 2.1.0 Ok
rcpt to:<chris@xxx.com>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Hi chris,
das ist ein toller Text.
.
451 4.3.0 Error: queue file write error
quit
221 2.0.0 Bye
Connection closed by foreign host.

maillog:
Code: 
Jan  9 22:32:16 mail postfix/smtpd[11958]: cannot load Certificate Authority data
Jan  9 22:32:16 mail postfix/smtpd[11958]: connect from unknown[192.168.0.2]
Jan  9 22:33:21 mail postfix/smtpd[11958]: D673F37BB3E: client=unknown[192.168.0.2]
Jan  9 22:33:21 mail postfix/cleanup[12006]: warning: connect to pgsql server 192.168.0.3:4477: FATAL:  connection limit exceeded for non-superusers?
Jan  9 22:33:21 mail postfix/cleanup[12006]: warning: D673F37BB3E: virtual_alias_maps map lookup problem for chris@xxx.com
Jan  9 22:34:12 mail postfix/cleanup[12006]: warning: 232EC37B842: virtual_alias_maps map lookup problem for postmaster@mail.xxx.com
Jan  9 22:34:12 mail postfix/smtpd[11958]: disconnect from unknown[192.168.0.2]

Sieht stark nach einem Datenbank-Problem aus oder irre ich wieder?

Viele Grüße
 
Moin BrainPain,

da ich nicht weiß, wieviele User über Deinen Mailserver laufen, ist die Antwort etwas schwierig.
Ein Punkt wäre, dass Du die maximal möglichen Verbindungen erhöhst:
postgresql.conf: max_connections

Viele Grüße

JueDan
 
Nochmals vielen Dank, juedan.
Ich habe die Anzahl der Verbindungen auf 20 erhöht und den Tomcat der auf die gleiche DB zugreift erstmal runtergefahren.
Nun funktioniert die Mail-Eingabe per telnet ohne Probleme. Dann gab es noch ein paar Fehler in der master.cf die ich hoffentlich alle beseitigt habe. Nun sieht der Eintrag im mailllog wie folgt aus:

Code: 
Jan 10 09:21:18 mail postfix/qmgr[16975]: warning: private/smtp-amavis socket: malformed response
Jan 10 09:21:18 mail postfix/master[16974]: warning: process /usr/local/libexec/postfix/lmtp pid 16981 exit status 1
Jan 10 09:21:18 mail postfix/master[16974]: warning: /usr/local/libexec/postfix/lmtp: bad command startup -- throttling
Jan 10 09:21:18 mail postfix/qmgr[16975]: warning: transport smtp-amavis failure -- see a previous warning/fatal/panic logfile record for the problem description
Jan 10 09:21:18 mail postfix/error[17026]: E8A4037B843: to=<chris@xxx.com>, relay=none, delay=1112, delays=1111/1/0/0.01, dsn=4.3.0, status=deferred (unknown mail transport error)
Jan 10 09:21:24 mail postfix/smtpd[17029]: cannot load Certificate Authority data
Jan 10 09:21:24 mail postfix/smtpd[17029]: connect from unknown[192.168.0.2]
Jan 10 09:22:09 mail postfix/smtpd[17029]: EC5A037BBA9: client=unknown[192.168.0.2]
Jan 10 09:22:21 mail postfix/cleanup[17077]: EC5A037BBA9: message-id=<20080110092209.EC5A037BBA9@mail.xxx.com>
Jan 10 09:22:21 mail postfix/qmgr[16975]: EC5A037BBA9: from=<test@example.com>, size=384, nrcpt=1 (queue active)
Jan 10 09:22:21 mail amavis[17025]: (17025-01) (!!)WARN: all primary virus scanners failed, considering backups
Jan 10 09:22:23 mail postfix/smtpd[17083]: cannot load Certificate Authority data
Jan 10 09:22:23 mail postfix/smtpd[17083]: connect from unknown[192.168.0.2]
Jan 10 09:22:23 mail postfix/smtpd[17083]: 4557E37B62A: client=unknown[192.168.0.2]
Jan 10 09:22:23 mail postfix/cleanup[17077]: 4557E37B62A: message-id=<20080110092209.EC5A037BBA9@mail.xxx.com>
Jan 10 09:22:23 mail postfix/smtpd[17083]: disconnect from unknown[192.168.0.2]
Jan 10 09:22:23 mail postfix/qmgr[16975]: 4557E37B62A: from=<test@example.com>, size=866, nrcpt=1 (queue active)
Jan 10 09:22:23 mail amavis[17025]: (17025-01) Passed CLEAN, [192.168.0.2] <test@example.com> -> <chris@xxx.com>, Message-ID: <20080110092209.EC5A037BBA9@mail.xxx.com>, mail_id: 6Cbd0UjpmE5J, Hits: -, size: 384, queued_as: 4557E37B62A, 2185 ms
Jan 10 09:22:23 mail postfix/lmtp[17080]: EC5A037BBA9: to=<chris@xxx.com>, relay=192.168.0.2[192.168.0.2]:10024, delay=32, delays=30/0.01/0.01/2.2, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4557E37B62A)
Jan 10 09:22:23 mail postfix/qmgr[16975]: EC5A037BBA9: removed
Jan 10 09:22:23 mail postfix/virtual[17086]: 4557E37B62A: to=<chris@xxx.com>, relay=virtual, delay=0.05, delays=0.02/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
Jan 10 09:22:23 mail postfix/qmgr[16975]: 4557E37B62A: removed
Jan 10 09:22:24 mail postfix/smtpd[17029]: disconnect from unknown[192.168.0.2]

Ich denke bis auf folgenden Ausschnitt sieht doch alles okay aus, oder?

Code: 
Jan 10 09:21:18 mail postfix/master[16974]: warning: /usr/local/libexec/postfix/lmtp: bad command startup -- throttling
Jan 10 09:21:18 mail postfix/qmgr[16975]: warning: transport smtp-amavis failure -- see a previous warning/fatal/panic logfile record for the problem description
Jan 10 09:21:18 mail postfix/error[17026]: E8A4037B843: to=<chris@xxx.com>, relay=none, delay=1112, delays=1111/1/0/0.01, dsn=4.3.0, status=deferred (unknown mail transport error)
Jan 10 09:21:24 mail postfix/smtpd[17029]: cannot load Certificate Authority data


Viele Grüße
 
letzteres weist wieder auf die master.cf hin!

wegen "cannot loead cerf.authortity ".." check deine ssl/tls-config in main.cf

meine sieht so aus:

# TLS - Server
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/ssl/newkey.pem
smtpd_tls_cert_file = /etc/postfix/ssl/newcert.pem
smtpd_tls_CAfile = /etc/postfix/ssl/ca-bundle.crt
smtpd_tls_loglevel = 0
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_received_header = yes
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom



# TLS Client
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_key_file = $smtpd_tls_key_file
smtp_tls_per_site = hash:/etc/postfix/tls_per_site
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = encrypt


# allow plaintext over encrypted channel
smtp_sasl_tls_security_options = noanonymous
 
Hi rakso, hier schonmal die

main.cf:
Code: 
smtpd_client_restrictions  =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_rbl_client dnsbl.sorbs.net,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client list.dsbl.org,
    permit
smtpd_helo_restrictions  =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    permit
smtpd_sender_restrictions  =
    reject_unknown_sender_domain,
    reject_non_fqdn_sender,
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_rhsbl_sender rhsbl.sorbs.net,
    reject_rhsbl_sender dsn.rfc-ignorant.org,
    permit
smtpd_recipient_restrictions  =
    reject_unknown_recipient_domain,
    reject_non_fqdn_recipient,
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    check_policy_service inet:192.168.0.2:10023,
    permit
smtpd_data_restrictions  =
    permit_mynetworks,
    reject_unauth_pipelining,
    permit

# TLS-Server
smtpd_use_tls = yes
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname

header_checks = pcre:/usr/local/etc/postfix/header_checks.pcre

#relay_domains = proxy:pgsql:/usr/local/etc/postfix/sql_relay_domains_maps.cf
#transport_maps = pgsql:/usr/local/etc/postfix/sql_transport_maps.cf, pcre:/usr/local/etc/postfix/transport.pcre
virtual_alias_maps = pgsql:/usr/local/etc/postfix/sql_virtual_alias_maps.cf, pgsql:/usr/local/etc/postfix/sql_email2email_maps.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = pgsql:/usr/local/etc/postfix/sql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
#virtual_mailbox_maps = $transport_maps, pgsql:/usr/local/etc/postfix/sql_virtual_mailbox_maps.cf
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/sql_virtual_mailbox_maps.cf
virtual_minimum_uid = 125
virtual_transport = virtual
virtual_uid_maps = static:125
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = pgsql:/usr/local/etc/postfix/sql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
daemon_directory = /usr/local/libexec/postfix
readme_directory = no
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
html_directory = no
setgid_group = maildrop
command_directory = /usr/local/sbin
manpage_directory = /usr/local/man
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix

Bei mir liegt der RSA-Private key in der usr/local/etc/postfix/ssl/smtpd.pem
und das Zertifikat in usr/local/etc/postfix/ssl/smtpd-pem. Also wird wohl der Eintrag smtpd_tls_cert_file bei mir falsch sein. Und woher bekomme ich das File welches du bei smtpd_tls_CAfile eingetragen hast? Der TLS-Client-Kram fehlt scheinbar vollständig.

Viele Grüße
 
Du musst dich einloggen oder registrieren, um hier zu antworten.
Zurück
Oben