Postfix over ldap stalled

Fri, 28 Sep 2012 07:22:44 -0700 

Hi,
I am running CentOS 5.8 with postfix-2.9.1-1.pcre.sasl2.dovecot.rhel5 (a build based on Simon J. Mudd's SRPM) using LTB openldap server (openldap-ltb-2.4.31-1.el5) to host user accounts / aliases. 

The setup has been working fine for many months.


Today, after a user sent (on 14:53:39) a mass mail (through a group 
alias, implemented using ldap dynlist), Postfix stalled and the server 
(a VM under KVM) became overloaded. I noticed that openldap was using 
all the cpu.


I can't tell if the primary cause was Postfix or OpenLDAP.


Please help to troubleshoot so that this problem may be avoided in the 
future.


Thanks in advance.

Regards,
Nick

*********************************************************************************************************************
Postfix logged:


Sep 28 14:53:21 vmail postfix/submission/smtpd[2531]: Anonymous TLS 
connection established from echri.admin.noa.gr[195.251.204.39]: TLSv1 
with cipher RC4-SHA (1

28/128 bits)

Sep 28 14:53:21 vmail postfix/submission/smtpd[2531]: 55BDE6E65D9: 
client=echri.admin.noa.gr[195.251.204.39]
Sep 28 14:53:24 vmail postfix/cleanup[1171]: 55BDE6E65D9: 
message-id=<002801cd9d6f$dcc3e9d0$964bbd70$@gr>
Sep 28 14:53:39 vmail postfix/qmgr[23305]: 55BDE6E65D9: 
from=<secret...@noa.gr>, size=20884349, nrcpt=237 (queue active)
Sep 28 14:53:42 vmail postfix/submission/smtpd[2531]: disconnect from 
echri.admin.noa.gr[195.251.204.39]
Sep 28 14:53:47 vmail postfix/smtp[1851]: 55BDE6E65D9: 
to=<abel...@otenet.gr>, orig_to=<eaa_...@noa.gr>, 
relay=mx.otenet.gr[62.103.147.198]:25, delay=26, delays
=18/0.19/3/4.7, dsn=2.0.0, status=sent (250 2.0.0 q8SBrdse020184 Message 
accepted for delivery)
Sep 28 14:53:47 vmail postfix/smtp[1851]: 55BDE6E65D9: 
to=<gch...@otenet.gr>, orig_to=<eaa_...@noa.gr>, 
relay=mx.otenet.gr[62.103.147.198]:25, delay=26, delays=
18/0.19/3/4.7, dsn=2.0.0, status=sent (250 2.0.0 q8SBrdse020184 Message 
accepted for delivery)
Sep 28 14:53:48 vmail postfix/smtp[2534]: 55BDE6E65D9: 
to=<agiakatsi...@gmail.com>, orig_to=<eaa_...@noa.gr>, 
relay=gmail-smtp-in.l.google.com[173.194.70.27]:25
, delay=28, delays=18/0.19/0.87/8.4, dsn=2.0.0, status=sent (250 2.0.0 
OK 1348833228 j41si10601414weo.34)
Sep 28 14:53:48 vmail postfix/smtp[2534]: 55BDE6E65D9: 
to=<cpevangeli...@gmail.com>, orig_to=<eaa_...@noa.gr>, 
relay=gmail-smtp-in.l.google.com[173.194.70.27]:2
5, delay=28, delays=18/0.19/0.87/8.4, dsn=2.0.0, status=sent (250 2.0.0 
OK 1348833228 j41si10601414weo.34)
Sep 28 14:54:51 vmail postfix/smtpd[3154]: connect from 
mailgw.admin.noa.gr[195.251.204.12]
Sep 28 14:54:52 vmail postfix/smtpd[3149]: connect from 
mailgw.admin.noa.gr[195.251.204.12]
Sep 28 14:55:05 vmail postfix/submission/smtpd[2531]: connect from 
unknown[2001:648:2011:3:cdca:e4c5:f3c1:f129]
Sep 28 14:55:35 vmail fetchmail[2479]: awakened at Fri 28 Sep 2012 
02:55:35 PM EEST
Sep 28 14:55:59 vmail postfix/submission/smtpd[3182]: connect from 
unknown[2001:648:2011:8002:65c0:e8d3:360f:10d1]
Sep 28 14:56:35 vmail postfix/submission/smtpd[3195]: connect from 
unknown[2001:648:2011:3:cdca:e4c5:f3c1:f129]
Sep 28 14:57:16 vmail postfix/smtpd[3217]: connect from 
mailgw.admin.noa.gr[195.251.204.12]
Sep 28 14:57:48 vmail postfix/smtpd[3232]: connect from 
mailgw.admin.noa.gr[195.251.204.12]
Sep 28 14:58:12 vmail postfix/smtpd[3305]: connect from 
mailgw.admin.noa.gr[195.251.204.12]
Sep 28 14:58:33 vmail postfix/smtp[2536]: 55BDE6E65D9: 
to=<mat...@hol.gr>, orig_to=<eaa_...@noa.gr>, 
relay=982722360.pamx1.hotmail.com[65.54.188.109]:25, delay=
313, delays=18/0.19/0.74/294, dsn=2.0.0, status=sent (250 
<002801cd9d6f$dcc3e9d0$964bbd70$@gr> Queued mail for delivery)
Sep 28 14:58:55 vmail postfix/submission/smtpd[3386]: connect from 
unknown[2001:648:2011:3:cdca:e4c5:f3c1:f129]
Sep 28 14:59:25 vmail postfix/submission/smtpd[3407]: connect from 
server.admin.noa.gr[195.251.204.14]
Sep 28 14:59:59 vmail postfix/smtpd[3437]: connect from 
mailgw.admin.noa.gr[195.251.204.12]
Sep 28 15:00:03 vmail postfix/smtpd[3439]: connect from 
geodesy.gein.noa.gr[194.177.194.91]
Sep 28 15:00:50 vmail postfix/smtpd[3455]: connect from 
mailgw.admin.noa.gr[195.251.204.12]

...

Sep 28 15:09:13 vmail postfix/submission/smtpd[3740]: connect from 
server.admin.noa.gr[195.251.204.14]
Sep 28 15:09:17 vmail postfix/smtpd[3743]: connect from 
mailgw.admin.noa.gr[195.251.204.12]
Sep 28 15:09:26 vmail postfix/smtpd[3745]: connect from 
mailgw.admin.noa.gr[195.251.204.12]
Sep 28 15:09:32 vmail postfix/smtpd[3748]: connect from 
mailgw.admin.noa.gr[195.251.204.12]
Sep 28 15:09:54 vmail postfix/smtpd[3761]: connect from 
netview.noa.gr[2001:648:2011:8010::211]
Sep 28 15:10:19 vmail postfix/pipe[2874]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:19 vmail postfix/pipe[2873]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:21 vmail postfix/pipe[2875]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:21 vmail postfix/pipe[2877]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:24 vmail postfix/submission/smtpd[3773]: connect from 
unknown[2001:648:2011:3:cdca:e4c5:f3c1:f129]
Sep 28 15:10:24 vmail postfix/pipe[2879]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:24 vmail postfix/pipe[2881]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:26 vmail postfix/pipe[2895]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:26 vmail postfix/pipe[2897]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:27 vmail postfix/pipe[2892]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:28 vmail postfix/submission/smtpd[3776]: connect from 
server.admin.noa.gr[195.251.204.14]
Sep 28 15:10:29 vmail postfix/pipe[2883]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:29 vmail postfix/pipe[2888]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:29 vmail postfix/pipe[2890]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:29 vmail postfix/pipe[2903]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:29 vmail postfix/pipe[2905]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:29 vmail postfix/pipe[2894]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:33 vmail postfix/pipe[2899]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:34 vmail postfix/pipe[2907]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:10:35 vmail postfix/pipe[2922]: warning: pipe_command_read: 
read time limit exceeded
Sep 28 15:32:45 vmail postfix/pipe[2922]: warning: 55BDE6E65D9: defer 
service failure
Sep 28 15:32:45 vmail postfix/pipe[2922]: 55BDE6E65D9: 
to=<ame...@noa.gr>, orig_to=<eaa_...@noa.gr>, relay=dovecot, delay=2364, 
delays=18/7.1/0/2339, dsn=4.3.0, status=deferred (bounce or trace 
service failure)

...

Sep 28 15:32:47 vmail postfix/pipe[2879]: 55BDE6E65D9: 
to=<abard...@noa.gr>, orig_to=<eaa_...@noa.gr>, relay=dovecot, 
delay=2366, delays=18/0.22/0/2348, dsn=4.3.0, status=deferred (bounce or 
trace service failure)
Sep 28 15:32:45 vmail postfix/pipe[2881]: warning: 55BDE6E65D9: defer 
service failure
Sep 28 15:32:45 vmail postfix/pipe[2895]: warning: 55BDE6E65D9: defer 
service failure

...

Sep 28 15:32:49 vmail postfix/pipe[3021]: 55BDE6E65D9: 
to=<d.ma...@noa.gr>, orig_to=<eaa_...@noa.gr>, relay=dovecot, 
delay=2368, delays=18/23/0/2326, dsn=2.0.0,

 status=sent (delivered via dovecot service)

Sep 28 15:32:56 vmail postfix/smtpd[3439]: warning: connect #2 to 
subsystem private/rewrite: Connection refused
Sep 28 15:32:58 vmail postfix/submission/smtpd[3475]: fatal: no SASL 
authentication mechanisms
Sep 28 15:32:58 vmail postfix/submission/smtpd[3471]: fatal: no SASL 
authentication mechanisms
Sep 28 15:33:06 vmail postfix/smtpd[3439]: warning: connect #3 to 
subsystem private/rewrite: Connection refused
Sep 28 15:33:16 vmail postfix/smtpd[3439]: warning: connect #4 to 
subsystem private/rewrite: Connection refused
Sep 28 15:33:26 vmail postfix/smtpd[3439]: warning: connect #5 to 
subsystem private/rewrite: Connection refused
Sep 28 15:33:36 vmail postfix/smtpd[3439]: warning: connect #6 to 
subsystem private/rewrite: Connection refused
Sep 28 15:33:37 vmail postfix/postfix-script[4728]: starting the Postfix 
mail system
Sep 28 15:33:37 vmail postfix/master[4729]: fatal: bind 0.0.0.0 port 25: 
Address already in use
Sep 28 15:33:46 vmail postfix/smtpd[3439]: warning: connect #7 to 
subsystem private/rewrite: Connection refused
Sep 28 15:33:56 vmail postfix/smtpd[3439]: warning: connect #8 to 
subsystem private/rewrite: Connection refused
Sep 28 15:34:06 vmail postfix/smtpd[3439]: warning: connect #9 to 
subsystem private/rewrite: Connection refused
Sep 28 15:34:16 vmail postfix/smtpd[3439]: warning: connect #10 to 
subsystem private/rewrite: Connection refused
Sep 28 15:34:26 vmail postfix/smtpd[3439]: fatal: connect #11 to 
subsystem private/rewrite: Connection refused
Sep 28 15:34:27 vmail fetchmail[2479]: reading message 
080@195.251.204.117:14 of 14 (294688 octets) (log message incomplete)
Sep 28 15:34:27 vmail fetchmail[2479]: connection to localhost:smtp 
[127.0.0.1/25] failed: Connection refused.

Sep 28 15:34:27 vmail fetchmail[2479]: SMTP connect to localhost failed

Sep 28 15:34:27 vmail fetchmail[2479]: SMTP transaction error while 
fetching from 080@195.251.204.117 and delivering to SMTP host localhost

Sep 28 15:34:27 vmail fetchmail[2479]: Query status=10 (SMTP)

Sep 28 15:34:28 vmail fetchmail[2479]: 2 messages (2 seen) for 005 at 
195.251.204.117 (1646622 octets).
Sep 28 15:34:28 vmail fetchmail[2479]: sleeping at Fri 28 Sep 2012 
03:34:28 PM EEST for 300 seconds

Sep 28 15:37:34 vmail postfix/postsuper[5010]: Deleted: 14 messages

Sep 28 15:37:48 vmail postfix/postfix-script[5044]: fatal: the Postfix 
mail system is not running
Sep 28 15:37:49 vmail postfix/postfix-script[5114]: starting the Postfix 
mail system
Sep 28 15:37:49 vmail postfix/master[5115]: daemon started -- version 
2.9.1, configuration /etc/postfix

<then it ran smoothly>

while openldap logged only:


Sep 28 15:00:07 mail slapd[2209]: connection_input: conn=14847 deferring 
operation: too many executing
Sep 28 15:00:38 mail slapd[2209]: connection_input: conn=19285 deferring 
operation: too many executing
Sep 28 15:32:46 mail slapd[2209]: connection_input: conn=19419 deferring 
operation: binding
Sep 28 15:32:47 mail slapd[2209]: connection_input: conn=19419 deferring 
operation: binding
Sep 28 15:32:57 mail slapd[4484]: [INFO] Using /etc/default/slapd for 
configuration

Sep 28 15:32:57 mail slapd[4489]: [INFO] Halting OpenLDAP...
Sep 28 15:32:57 mail slapd[2209]: daemon: shutdown requested and initiated.

Sep 28 15:32:57 mail slapd[2209]: slapd shutdown: waiting for 1 
operations/tasks to finish

Sep 28 15:33:03 mail slapd[2209]: slapd stopped.
Sep 28 15:33:05 mail slapd[4510]: [OK] OpenLDAP stopped after 7 seconds
Sep 28 15:33:05 mail slapd[4511]: [INFO] No data backup done

Sep 28 15:33:12 mail slapd[4529]: [INFO] Using /etc/default/slapd for 
configuration
Sep 28 15:33:12 mail slapd[4534]: [INFO] Launching OpenLDAP 
configuration test...
Sep 28 15:33:16 mail slapd[4568]: [OK] OpenLDAP configuration test 
successful

Sep 28 15:33:16 mail slapd[4578]: [INFO] No db_recover done
Sep 28 15:33:16 mail slapd[4579]: [INFO] Launching OpenLDAP...
Sep 28 15:33:16 mail slapd[4580]: [OK] File descriptor limit set to 1024

Sep 28 15:33:17 mail slapd[4581]: @(#) $OpenLDAP: slapd 2.4.31 (Apr 26 
2012 19:53:11) $ 
clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2.4.31/servers/slapd 




***************************************************************************************************
Here is my handling:
***************************************************************************************************
# tail -f /var/log/maillog
...

Sep 28 14:53:21 vmail postfix/submission/smtpd[2531]: connect from 
echri.admin.noa.gr[195.251.204.39]
Sep 28 14:53:21 vmail postfix/submission/smtpd[2531]: Anonymous TLS 
connection established from echri.admin.noa.gr[195.251.204.39]: TLSv1 
with cipher RC4-SHA (128/128 bits)
Sep 28 14:53:21 vmail postfix/submission/smtpd[2531]: 55BDE6E65D9: 
client=echri.admin.noa.gr[195.251.204.39]
Sep 28 14:53:24 vmail postfix/cleanup[1171]: 55BDE6E65D9: 
message-id=<002801cd9d6f$dcc3e9d0$964bbd70$@gr>
Sep 28 14:53:39 vmail postfix/qmgr[23305]: 55BDE6E65D9: 
from=<secret...@noa.gr>, size=20884349, nrcpt=237 (queue active)


[root@vmail postfix]# service slapd restart

[root@vmail postfix]# top


top - 15:32:11 up 81 days,  2:13,  1 user,  load average: 110.09, 
112.83, 104.77

Tasks: 458 total,   2 running, 456 sleeping,   0 stopped,   0 zombie

Cpu(s): 98.0%us,  0.7%sy,  0.0%ni,  0.0%id,  0.0%wa,  1.3%hi, 0.0%si,  
0.0%st

Mem:   3089988k total,  3073268k used,    16720k free,    12372k buffers
Swap:  2064376k total,       92k used,  2064284k free,  1915676k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+ COMMAND
 2209 ldap      18   0  577m  17m 8952 S 97.3  0.6  56:04.49 slapd
 3804 apache    15   0  409m  24m 3848 S  1.3  0.8   0:00.27 httpd
 4327 root      15   0 13020 1380  816 R  0.3  0.0   0:00.17 top
    1 root      15   0 10364  636  544 S  0.0  0.0   0:32.58 init
    2 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/0
    3 root      34  19     0    0    0 S  0.0  0.0   0:11.12 ksoftirqd/0
    4 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/0
    5 root      10  -5     0    0    0 S  0.0  0.0   1:21.87 events/0
    6 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 khelper
   31 root      10  -5     0    0    0 S  0.0  0.0   0:01.03 kthread
   35 root      10  -5     0    0    0 S  0.0  0.0  81:21.11 kblockd/0
   36 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 kacpid
  107 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 cqueue/0
  110 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 khubd
  112 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kseriod
  179 root      15   0     0    0    0 S  0.0  0.0   0:00.61 khungtaskd
  182 root      10  -5     0    0    0 S  0.0  0.0  18:21.95 kswapd0
  183 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 aio/0
  322 root      11  -5     0    0    0 S  0.0  0.0   0:00.00 kpsmoused
  356 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 ata/0
  357 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 ata_aux
  362 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 kstriped
  371 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 ksnapd
  382 root      10  -5     0    0    0 D  0.0  0.0 175:45.51 kjournald
  407 root      10  -5     0    0    0 S  0.0  0.0   0:00.79 kauditd
  440 root      11  -4 12788  820  480 S  0.0  0.0   0:00.32 udevd
  930 root      15   0 92244 3428 2672 R  0.0  0.1   0:01.87 sshd
  932 root      15   0 66192 1764 1228 S  0.0  0.1   0:00.98 bash
 1091 root      18  -5     0    0    0 S  0.0  0.0   0:00.00 kmpathd/0

 1092 root      18  -5     0    0    0 S  0.0  0.0   0:00.00 
kmpath_handlerd

 1111 root      10  -5     0    0    0 S  0.0  0.0   0:00.22 kjournald
 1201 apache    15   0  472m  78m 5684 S  0.0  2.6   2:02.51 httpd
 1202 apache    15   0  442m  53m 5696 S  0.0  1.8   2:02.32 httpd
 1203 apache    15   0  469m  76m 5704 S  0.0  2.5   2:02.31 httpd
 1204 apache    15   0  471m  77m 5700 S  0.0  2.6   2:12.33 httpd
[root@vmail postfix]#
[root@vmail postfix]# service postfix stop
Shutting down postfix: [FAILED]
[root@vmail postfix]# service slapd stop
slapd: [INFO] Using /etc/default/slapd for configuration
slapd: [INFO] Halting OpenLDAP...
slapd: [OK] OpenLDAP stopped after 7 seconds
slapd: [INFO] No data backup done
[root@vmail postfix]#
[root@vmail postfix]# service slapd start
slapd: [INFO] Using /etc/default/slapd for configuration
slapd: [INFO] Launching OpenLDAP configuration test...
slapd: [OK] OpenLDAP configuration test successful
slapd: [INFO] No db_recover done
slapd: [INFO] Launching OpenLDAP...
slapd: [OK] File descriptor limit set to 1024
slapd: [OK] OpenLDAP started
[root@vmail postfix]#
[root@vmail postfix]# service postfix start
Starting postfix:                                          [ OK  ]
[root@vmail postfix]#
[root@vmail postfix]# qshape active


                                        T  5 10 20 40  80 160 320 640 
1280 1280+
                                TOTAL 223  0  0  0  0 219   0 0   0    
0     4
                               noa.gr 219  0  0  0  0 219   0 0   0    
0     0
                         panafonet.gr   3  0  0  0  0   0   0 0   0    
0     3
                          geomorph.gr   1  0  0  0  0   0   0 0   0    
0     1


[root@vmail postfix]# tail -f /var/log/maillog

Sep 28 15:33:06 vmail postfix/smtpd[3439]: warning: connect #3 to 
subsystem private/rewrite: Connection refused
Sep 28 15:33:16 vmail postfix/smtpd[3439]: warning: connect #4 to 
subsystem private/rewrite: Connection refused
Sep 28 15:33:26 vmail postfix/smtpd[3439]: warning: connect #5 to 
subsystem private/rewrite: Connection refused
Sep 28 15:33:36 vmail postfix/smtpd[3439]: warning: connect #6 to 
subsystem private/rewrite: Connection refused
Sep 28 15:33:37 vmail postfix/postfix-script[4728]: starting the Postfix 
mail system
Sep 28 15:33:37 vmail postfix/master[4729]: fatal: bind 0.0.0.0 port 25: 
Address already in use
Sep 28 15:33:46 vmail postfix/smtpd[3439]: warning: connect #7 to 
subsystem private/rewrite: Connection refused
Sep 28 15:33:56 vmail postfix/smtpd[3439]: warning: connect #8 to 
subsystem private/rewrite: Connection refused
Sep 28 15:34:06 vmail postfix/smtpd[3439]: warning: connect #9 to 
subsystem private/rewrite: Connection refused
Sep 28 15:34:16 vmail postfix/smtpd[3439]: warning: connect #10 to 
subsystem private/rewrite: Connection refused
Sep 28 15:34:26 vmail postfix/smtpd[3439]: fatal: connect #11 to 
subsystem private/rewrite: Connection refused


[root@vmail postfix]# postsuper -d ALL
postsuper: Deleted: 14 messages
[root@vmail postfix]#
[root@vmail postfix]# qshape active


                                         T  5 10 20 40 80 160 320 640 
1280 1280+
                                  TOTAL  0  0  0  0  0  0   0 0   0    
0     0


[root@vmail postfix]# service postfix restart
Shutting down postfix: [FAILED]
Starting postfix:                                          [ OK  ]

**********************************************************************************
# postconf -n


alias_database = hash:/etc/postfix/aliases, 
hash:/etc/postfix/aliases.d/virtual_aliases

alias_maps = hash:/etc/aliases
allowed_list1 = check_client_access cidr:/etc/postfix/client2.cidr,reject
allowed_list2 = permit_mynetworks,reject
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
controlled_senders = check_sender_access hash:/etc/postfix/blocked_senders
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin 
xxgdb $daemon_directory/$process_name $process_id & sleep 5

delay_logging_resolution_limit = 3
deliver_lock_attempts = 40
dovecot_destination_recipient_limit = 1
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4, ipv6
local_header_rewrite_clients = static:all
mail_owner = postfix
mailbox_command = /usr/lib/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 41943040
milter_default_action = accept
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = noa.gr
myhostname = vmail.noa.gr

mynetworks = 195.251.204.0/24, 195.251.202.0/24, 195.251.203.0/24, 
194.177.194.0/24, 194.177.195.0/24, 127.0.0.0/8, 195.251.5.0/24, 
[2001:648:2011::]/48, 83.212.5.24/29, [2001:648:2ffc:1115::]/64

myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
parent_domain_matches_subdomains =
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_canonical_maps = hash:/etc/postfix/domainrecipientmap
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sender_canonical_maps = hash:/etc/postfix/domainsendermap
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop

smtpd_client_restrictions = 
permit_mynetworks,permit_sasl_authenticated,reject

smtpd_delay_reject = yes
smtpd_milters = inet:127.0.0.1:8891

smtpd_recipient_restrictions = check_recipient_access 
hash:/etc/postfix/protected_destinations, 
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination, 
reject_unknown_recipient_domain,reject_unverified_recipient

smtpd_restriction_classes = controlled_senders,allowed_list1,allowed_list2
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/tls/certs/chain-180.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/cert-180.pem
smtpd_tls_exclude_ciphers = DES,3DES,MD5,aNULL,AES128,CAMELLIA128
smtpd_tls_key_file = /etc/pki/tls/private/key.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550

virtual_alias_maps = hash:/etc/postfix/aliases, 
hash:/etc/postfix/aliases.d/virtual_aliases, 
proxy:ldap:/etc/postfix/ldap-alias-vacation.cf, 
proxy:ldap:/etc/postfix/ldap-aliases.cf

virtual_gid_maps = static:500
virtual_mailbox_base = /home/vmail/

virtual_mailbox_domains = $mydomain, space.$mydomain, admin.$mydomain, 
nestor.$mydomain, gein.$mydomain, meteo.$mydomain, technet.$mydomain, 
astro.$mydomain

virtual_mailbox_limit = 0
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-users.cf
virtual_transport = dovecot
virtual_uid_maps = static:500

********************************************************************************************
/etc/postfix/ldap-aliases.cf:

server_host = localhost
search_base = ou=Aliases, dc=noa, dc=gr
version = 3
scope = sub

query_filter = 
(&(mailacceptinggeneralid=%s)(!(objectClass=Vacation))(!(aliasInactive=TRUE)))

result_attribute = maildrop, uid
bind = yes
bind_dn = uid=mailusr,ou=System,dc=noa,dc=gr
bind_pw = secret

********************************************************************************************
/etc/postfix/ldap-users.cf:

server_host = localhost
search_base = ou=people,dc=noa,dc=gr
version = 3
query_filter = (emailLocalAddress=%s)
result_attribute = uid
result_format = %s/Maildir/
bind = yes
bind_dn = uid=mailusr,ou=System,dc=noa,dc=gr
bind_pw = secret

********************************************************************************************
/etc/postfix/ldap-alias-vacation.cf

server_host = localhost
search_base = ou=Aliases, dc=noa, dc=gr
version = 3
scope = one

query_filter = 
(&(objectClass=Vacation)(mailacceptinggeneralid=%s)(vacationActive=TRUE))

result_attribute = maildrop
bind = yes
bind_dn = uid=mailusr,ou=System,dc=noa,dc=gr
bind_pw = secret

********************************************************************************************






















					Reply via email to