On 21-02-13 16:16, Wietse Venema wrote:
Erik Slagter: TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Thank you for using Postfix.
And I always thought I could be blunt at moments ;-) PROBLEM (apparently this is a "problem") * SummarySetting up postscreen on a system with multiple external interfaces causes per-interface smtpd options not to be honoured
* Complete error messages None. * Postfix loggingNone relevant (really! the logging is exactly the same for postscreen and non-postscreen operation, up to the problem the problem occurs).
* Postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases allow_mail_to_commands = alias,forward allow_mail_to_files = alias,forward append_at_myorigin = yes append_dot_mydomain = yes command_time_limit = 300 config_directory = /etc/postfix data_directory = /var/lib/postfix default_destination_concurrency_limit = 2 default_privs = amavis default_transport = smtp-default delay_warning_time = 4 fast_flush_domains = $mydomain inet_protocols = ipv6 ipv4 local_destination_concurrency_limit = 2 local_transport = local mail_owner = postfix mailbox_size_limit = 0 masquerade_domains = $mydomain masquerade_exceptions = root maximal_backoff_time = 1h maximal_queue_lifetime = 21d message_size_limit = 100000000 minimal_backoff_time = 2mmydestination = nemesis.slagter.name, eriks.xs4all.nl, $myhostname, localhost.$mydomain, localhost
mydomain = slagter.name myhostname = nemesis.slagter.namemynetworks = 10.0.0.0/8, 127.0.0.0/8, [2001:980:5fef::]/48 [::1]/128 [fe80::]/10
myorigin = $mydomain notify_classes = bounce,2bounce,data,delay,resource,softwarepostscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
postscreen_bare_newline_action = enforce postscreen_bare_newline_enable = yes postscreen_blacklist_action = enforce postscreen_cache_retention_time = 30d postscreen_greet_action = enforce postscreen_greet_banner = $smtpd_banner postscreen postscreen_greet_ttl = 1h postscreen_greet_wait = 2s postscreen_non_smtp_command_action = enforce postscreen_non_smtp_command_enable = yes postscreen_pipelining_enable = yes queue_directory = /var/spool/postfix queue_minfree = 0 queue_run_delay = 5m recipient_delimiter = + relay_domains = slagter.name, eriks...@xs4all.nl, eriks.xs4all.nl setgid_group = postdrop smtp_helo_name = eriks.xs4all.nl smtp_send_xforward_command = yes smtp_tls_block_early_mail_reply = yes smtp_tls_cert_file = /etc/postfix/mx1_slagter_name_all_crt.pem smtp_tls_key_file = /etc/postfix/mx1_slagter_name_key.pem smtp_tls_loglevel = 1 smtp_tls_security_level = none smtpd_authorized_xforward_hosts = 127.0.0.0/8,10.1.0.0/16,10.0.0.0/16 smtpd_banner = $myhostname ESMTP $mail_name smtpd_client_restrictions = permit smtpd_delay_reject = no smtpd_etrn_restrictions = permit smtpd_helo_required = yes smtpd_helo_restrictions = permitsmtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unauth_destination check_recipient_access hash:/etc/postfix/local_users permit
smtpd_sender_restrictions = permit smtpd_tls_ask_ccert = yes smtpd_tls_cert_file = /etc/postfix/mx1_slagter_name_all_crt.pem smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem smtpd_tls_key_file = /etc/postfix/mx1_slagter_name_key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_req_ccert = no smtpd_tls_security_level = none strict_rfc821_envelopes = no tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport virtual_alias_maps = hash:/etc/postfix/virtual * Postfinger ostfinger - postfix configuration on do feb 21 16:32:28 CET 2013 version: 1.30 Warning: postfinger output may show private configuration information, such as ip addresses and/or domain names which you do not want to show to the public. If this is the case it is your responsibility to modify the output to hide this private information. [Remove this warning with the --nowarn option.] --System Parameters-- mail_version = 2.9.4 hostname = nemesisuname = Linux nemesis 3.5.3 #1 SMP Thu Aug 30 18:52:19 CEST 2012 x86_64 x86_64 x86_64 GNU/Linux
--Packaging information-- looks like this postfix comes from RPM package: postfix-2.9.4-2.fc17.x86_64 --main.cf non-default parameters-- alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases allow_mail_to_commands = alias,forward allow_mail_to_files = alias,forward command_time_limit = 300 default_destination_concurrency_limit = 2 default_privs = amavis default_transport = smtp-default delay_warning_time = 4 fast_flush_domains = $mydomain inet_protocols = ipv6 ipv4 local_transport = local mailbox_size_limit = 0 masquerade_domains = $mydomain masquerade_exceptions = root maximal_backoff_time = 1h maximal_queue_lifetime = 21d message_size_limit = 100000000 minimal_backoff_time = 2mmydestination = nemesis.slagter.name, eriks.xs4all.nl, $myhostname, localhost.$mydomain, localhost
mydomain = slagter.name myhostname = nemesis.slagter.namemynetworks = 10.0.0.0/8, 127.0.0.0/8, [2001:980:5fef::]/48 [::1]/128 [fe80::]/10
myorigin = $mydomain notify_classes = bounce,2bounce,data,delay,resource,softwarepostscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
postscreen_bare_newline_action = enforce postscreen_bare_newline_enable = yes postscreen_blacklist_action = enforce postscreen_cache_retention_time = 30d postscreen_greet_action = enforce postscreen_greet_banner = $smtpd_banner postscreen postscreen_greet_ttl = 1h postscreen_greet_wait = 2s postscreen_non_smtp_command_action = enforce postscreen_non_smtp_command_enable = yes postscreen_pipelining_enable = yes queue_run_delay = 5m recipient_delimiter = + relay_domains = slagter.name, eriks...@xs4all.nl, eriks.xs4all.nl smtpd_authorized_xforward_hosts = 127.0.0.0/8,10.1.0.0/16,10.0.0.0/16 smtpd_client_restrictions = permit smtpd_delay_reject = no smtpd_etrn_restrictions = permit smtpd_helo_required = yes smtpd_helo_restrictions = permitsmtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unauth_destination check_recipient_access hash:/etc/postfix/local_users permit
smtpd_sender_restrictions = permit
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/postfix/mx1_slagter_name_all_crt.pem
smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
smtpd_tls_key_file = /etc/postfix/mx1_slagter_name_key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = none
smtp_helo_name = eriks.xs4all.nl
smtp_send_xforward_command = yes
smtp_tls_block_early_mail_reply = yes
smtp_tls_cert_file = /etc/postfix/mx1_slagter_name_all_crt.pem
smtp_tls_key_file = /etc/postfix/mx1_slagter_name_key.pem
smtp_tls_loglevel = 1
smtp_tls_security_level = none
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual
--master.cf--
mx1.ipv4.slagter.name:smtp inet n - n - 2
smtpd
-o myhostname=eriks.xs4all.nl
-o smtpd_banner=mx1.slagter.name-ESMTP-$mail_name-mx1-ppp0-ipv4-25
-o smtpd_tls_security_level=may
-o postscreen_tls_security_level=may
-o tlsproxy_tls_security_level=may
-o smtpd_proxy_filter=nemesis.ipv4:10025
-o soft_bounce=no
-o postscreen_cache_map=btree:$data_directory/postscreen_cache-ipv4
mx1.ipv6.slagter.name:smtp inet n - n - 2
smtpd
-o myhostname=mx1.ipv6.slagter.name
-o smtpd_banner=mx1.slagter.name-ESMTP-$mail_name-mx1-ppp0-ipv6-25
-o smtpd_tls_security_level=may
-o postscreen_tls_security_level=may
-o tlsproxy_tls_security_level=may
-o smtpd_proxy_filter=nemesis.ipv4:10025
-o soft_bounce=no
-o postscreen_cache_map=btree:$data_directory/postscreen_cache-ipv6
nemesis.ipv4:10026 inet n - n - 2 smtpd
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o body_checks=
-o header_checks=
-o myhostname=nemesis.slagter.name
-o smtp_helo_name=nemesis.slagter.name
-o smtpd_banner=nemesis.slagter.name-ESMTP-$mail_name-lo-ipv4-10026
-o smtpd_client_restrictions=
-o smtpd_authorized_xforward_hosts=10.1.1.1
nemesis.ipv4:smtp inet n - n - 2 smtpd
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o body_checks=
-o header_checks=
-o myhostname=nemesis.slagter.name
-o smtp_helo_name=nemesis.slagter.name
-o smtpd_banner=nemesis.slagter.name-ESMTP-$mail_name-eth0-ipv4-25
-o mynetworks=127.0.0.0/8
-o smtpd_proxy_filter=nemesis.ipv4:11025
nemesis.ipv6:smtp inet n - n - 2 smtpd
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o body_checks=
-o header_checks=
-o myhostname=nemesis.slagter.name
-o smtp_helo_name=nemesis.slagter.name
-o smtpd_banner=nemesis.slagter.name-ESMTP-$mail_name-eth0-ipv6-25
-o smtpd_proxy_filter=nemesis.ipv4:11025
nemesis.ipv4:11026 inet n - n - 2 smtpd
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o body_checks=
-o header_checks=
-o myhostname=nemesis.slagter.name
-o smtp_helo_name=nemesis.slagter.name
-o smtpd_banner=nemesis.slagter.name-ESMTP-$mail_name-lo-ipv4-11026
-o smtpd_client_restrictions=
-o smtpd_authorized_xforward_hosts=10.1.1.1
localhost.ipv4:smtp inet n - n - - smtpd
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o body_checks=
-o header_checks=
-o myhostname=nemesis.slagter.name
-o smtp_helo_name=nemesis.slagter.name
-o smtpd_banner=nemesis.slagter.name-ESMTP-$mail_name-lo-ipv4-25
-o mynetworks=127.0.0.0/8
nemesis.ipv4:smtp inet n - n - - smtpd
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o body_checks=
-o header_checks=
-o myhostname=nemesis.slagter.name
-o smtp_helo_name=nemesis.slagter.name
-o smtpd_banner=nemesis.slagter.name-ESMTP-$mail_name-vlan2-alt-ipv4-25
-o mynetworks=10.0.2.0/24
::1:smtp inet n - n - - smtpd
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o body_checks=
-o header_checks=
-o myhostname=nemesis.slagter.name
-o smtp_helo_name=nemesis.slagter.name
-o smtpd_banner=nemesis.slagter.name-ESMTP-$mail_name-lo-ipv6-25
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp -o
smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
smtp-inside unix - - n - - smtp
-o myhostname=nemesis.slagter.name
-o smtp_helo_name=nemesis.slagter.name
-o smtp_bind_address6=2001:980:5fef:1::1
smtp-default unix - - n - - smtp
-o myhostname=eriks.xs4all.nl
-o smtp_helo_name=eriks.xs4all.nl
-o smtp_bind_address6=2001:980:5fef::1
-o smtp_tls_security_level=may
-- end of postfinger output --
* All other paragraphs are not relevant.
Thank you for your attention.
smime.p7s
Description: S/MIME Cryptographic Signature
