Hi Robert,
Am 10.09.2014 um 10:11 schrieb Robert Schetterer:
> Am 10.09.2014 um 09:56 schrieb Sean Durkin:
>> The first question is:
>> Can I rule out it's my fault?
>
> have you changed anything last days/month upgrades/updates software
> hardware ?
Hardware is unchanged.
The Ubuntu postfix package was upgraded in August (2.9.6-1~12.04.2), but this
problem seems to have started before that, looking at older logs. Except that,
I don't see any updates directly related to the mail system in the past half
year. There's of course other system/security updates, but how should I know
which of these might possibly be responsible?
I haven't changed the basic Postfix configuration lately. I did add OpenDKIM a
few months back, but I removed that a few days ago to rule out that's the
problem. I also removed Spamassassin, any RBLs and Postgrey, which I normally
have running there; that does not seem to make a difference. So I'm now back to
a very basic Postfix conf, but the problem persists.
> please send you postfix config ,
Anonymized postfinger-output is attached below.
> search list archive "lost connection after DATA"
I did that, I couldn't find anything that really applies in my case... most
problems there are either related to DATA size 0 or to weird MTU issues. Mostly
this seems to happen for connections from spam bots or misconfigured clients
and people tell you you should just ignore it, but that doesn't really apply
here.
I've tried getting a TCP dump of such an SMTP session, but since most of the
interesting mail is coming from server clusters and the external hosts trying
to deliver mail keep changing I'm still waiting to catch a good one...
Regards,
Sean
Here, as promised, postfinger-output:
--System Parameters--
mail_version = 2.9.6
hostname = mail
uname = Linux mail 3.2.0-65-virtual #99-Ubuntu SMP Fri Jul 4 21:23:03 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
--Packaging information--
looks like this postfix comes from deb package: postfix-2.9.6-1~12.04.2
--main.cf non-default parameters--
alias_maps = $alias_database
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
debug_peer_list = amazon.com, srv2.de, psi.cust-cluster.com,
outbound.protection.outlook.com
delay_warning_time = 4h
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
mailbox_size_limit = 0
mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
message_size_limit = 262144000
mydestination = localhost, localhost.$mydomain, $mydomain, mail.$mydomain,
mysql:/etc/postfix/mysql-mydestination.cf
myhostname = my.host.name
mynetworks = 127.0.0.0/8, ip.add.re.ss
myorigin = /etc/mailname
proxy_interfaces = ip.add.re.ss
recipient_delimiter = +
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
smtp_destination_concurrency_limit = 1
smtp_destination_rate_delay = 1s
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain,
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain
reject_unknown_recipient_domain, reject_unauth_pipelining
smtpd_tls_auth_only = yes
smtpd_tls_CAfile = /etc/postfix/ssl/ca.pem
smtpd_tls_cert_file = /etc/postfix/ssl/my_cert.crt
smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
smtpd_tls_key_file = /etc/postfix/ssl/my_key.key
smtpd_tls_protocols = !SSLv2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
strict_rfc821_envelopes = yes
tls_preempt_cipherlist = yes
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
--master.cf--
smtp inet n - y - - smtpd
submission inet n - y - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - y - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 100 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - n - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/sbin/cyrdeliver -r ${sender} -m ${extension}
${user}
retry unix - - - - - error
-- end of postfinger output --
