Good morning everybody,

I was wondering for quite some weeks now how to fix this issue with my
postfix. I had a brief discussion with Ralf Hildebrandt and he suggested
asking via the users lists, that's what I am doing now.

I have the situation that the PF currently doesn't seem to get proper
information about the state of the SSL connection, as you can see below.

==> mail/mail.log <==
Nov  3 08:50:29 blueberry postfix/tlsproxy[8057]: CONNECT from
[2a01:111:f400:fe02::31f]:39552
Nov  3 08:50:29 blueberry postfix/tlsproxy[8057]: setting up TLS connection
from [2a01:111:f400:fe02::31f]:39552
Nov  3 08:50:29 blueberry postfix/tlsproxy[8057]:
[2a01:111:f400:fe02::31f]:39552: TLS cipher list
"aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH:!aNULL"
Nov  3 08:50:29 blueberry postfix/tlsproxy[8057]: SSL_accept:before/accept
initialization
Nov  3 08:50:30 blueberry postfix/tlsproxy[8057]: SSL_accept:unknown state
Nov  3 08:50:30 blueberry postfix/tlsproxy[8057]: message repeated 5 times:
[ SSL_accept:unknown state]
Nov  3 08:50:30 blueberry postfix/tlsproxy[8057]: SSL_accept:failed in
unknown state

It doesn't matter if it is an IPv6 host, if the host is in mynetworks or not
(all postfixes with CACert issues certs and working properly between each of
the others finely).

Any pointers what to check/where to lock/what to fix are highly appreciated.

And I will probably drop another mail around another issue in conjunction
with dovecot virtual user delivery pf->dovecot... but first this SSL thing...

Thanks!

Florian

===========================================================================
Note:  this message was  send by me *only* if the  eMail message contains a
correct pgp signature corresponding to my address at  flo...@floppy.org. Do
you need my  PGP  public key? Check out http://www.floppy.org or send me an
email with  the subject "send pgp public key" to  this address of mine.Thx!

2bounce_notice_recipient = postmaster-bounce
address_verify_map = btree:/var/lib/postfix/verify
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 300s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
alias_database = btree:/etc/aliases
alias_maps = btree:/etc/aliases
allow_percent_hack = no
always_bcc =
biff = no
body_checks = regexp:/etc/postfix/body_checks.regexp
bounce_notice_recipient = postmaster-bounce
bounce_queue_lifetime = 1d
bounce_size_limit = 10240
broken_sasl_auth_clients = yes
canonical_maps = btree:/etc/postfix/canonical
command_directory = /usr/sbin
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb 
$daemon_directory/$process_name $process_id & sleep 5
default_database_type = btree
default_destination_concurrency_limit = 10
default_privs = nobody
default_process_limit = 12
defer_transports = hold
delay_notice_recipient = postmaster-delay
delay_warning_time = 2d
disable_dns_lookups = no
disable_vrfy_command = yes
error_notice_recipient = postmaster-error
header_checks = regexp:/etc/postfix/block255, 
regexp:/etc/postfix/header_checks.regexp
html_directory = /srv/www/yadda.dadd-do.de/html/postfix
inet_interfaces = all
inet_protocols = all
lmtp_tls_ciphers = export
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
local_destination_concurrency_limit = 4
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 1000000000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
maximal_queue_lifetime = 3d
message_size_limit = 125000000
meta_directory = /etc/postfix
mydestination = localhost.$mydomain, localhost, localhost.localdomain, 
$myhostname
myhostname = yadda.dadd-do.de
mynetworks = 127.0.0.0/8 [::1]/128...
newaliases_path = /usr/bin/newaliases
notify_classes = bounce, resource, software, delay, policy
postscreen_access_list = permit_mynetworks 
cidr:/etc/postfix/postscreen_access.cidr
postscreen_bare_newline_action = drop
postscreen_bare_newline_enable = yes
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites =
postscreen_dnsbl_threshold = 2
postscreen_greet_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_enable = yes
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relay_domains = btree:/etc/postfix/relay_domains
relay_recipient_maps = btree:/etc/postfix/recipient_maps.outpost
relayhost = outpost.post-peine.de
relocated_maps = btree:/etc/postfix/relocated
resolve_dequoted_address = yes
sample_directory = /usr/share/doc/packages/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = btree:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_send_xforward_command = yes
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_cert_file = /etc/ssl/certs/blueberry.pem
smtp_tls_ciphers = export
smtp_tls_key_file = /etc/ssl/private/blueberry.key
smtp_tls_loglevel = 2
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_policy_maps = btree:/etc/postfix/tls_nach_ziel
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_session_cache
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = no
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks
smtpd_error_sleep_time = 1
smtpd_hard_error_limit = 3
smtpd_proxy_timeout = 3600s
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_unauth_destination, check_policy_service inet:localhost:10023
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 7
smtpd_timeout = 3600s
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/ssl/certs/blueberry.pem
smtpd_tls_ciphers = export
smtpd_tls_key_file = /etc/ssl/private/blueberry.key
smtpd_tls_loglevel = 2
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_session_cache
smtpd_tls_session_cache_timeout = 7200s
smtpd_use_tls = yes
smtputf8_enable = no
strict_rfc821_envelopes = yes
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = btree:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
unverified_sender_reject_code = 554
virtual_alias_maps = $virtual_maps
virtual_gid_maps = static:31
virtual_mailbox_base = /var/spool/mail/vmail
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_maps = btree:/etc/postfix/virtual
virtual_transport = dovecot
virtual_uid_maps = static:110

smtp       inet  n       -       n       -       1       postscreen
smtp       unix  -       -       n       -       -       smtp
hold       unix  -       -       n       -       25      smtp
pickup     fifo  n       -       -       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       fifo  n       -       n       1       1       qmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
maildrop   unix  -       n       n       -       -       pipe flags=DRhu
    user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus      unix  -       n       n       -       -       pipe user=cyrus
    argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu
    user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn
    argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq.
    user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail   unix  -       n       n       -       -       pipe flags=R
    user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender}
    ${recipient}
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
smtp-amavis unix -       -       n       -       2       lmtp
    -o smtp_data_done_timeout=1200
    -o disable_dns_lookups=yes
127.0.0.1:10025 inet n   -       n       -       -       smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
discard    unix  -       -       n       -       -       discard
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
retry      unix  -       -       n       -       -       error
proxywrite unix  -       -       n       -       1       proxymap
smtpd      pass  -       -       n       -       -       smtpd
dnsblog    unix  -       -       n       -       0       dnsblog
tlsproxy   unix  -       -       n       -       0       tlsproxy
smtps      inet  n       -       -       -       -       smtpd
    -o smtpd_tls_wrappermode=yes
submission inet  n       -       -       -       -       smtpd
    -o smtpd_enforce_tls=yes
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_sasl_type=dovecot
    -o smtpd_sasl_path=private/auth
    -o smtpd_sasl_security_options=noanonymous
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o smtpd_sender_restrictions=
    -o 
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
dovecot    unix  -       n       n       -       -       pipe flags=DRhu
    user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a
    ${original_recipient} -d ${user}@${nexthop}

root@blueberry:/home/software/saslfinger-1.0.3# saslfinger -s
saslfinger - postfix Cyrus sasl configuration Do 3. Nov 09:10:17 CET 2016
version: 1.0.2
mode: server-side SMTP AUTH

-- basics --
Postfix: 3.2-20161101
System: Ubuntu 16.04.1 LTS \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 
(0x00007fb3db0ac000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/ssl/certs/blueberry.pem
smtpd_tls_ciphers = export
smtpd_tls_key_file = /etc/ssl/private/blueberry.key
smtpd_tls_loglevel = 2
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_session_cache
smtpd_tls_session_cache_timeout = 7200s
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
total 8
drwxr-xr-x  2 root root 4096 Apr  5  2016 .
drwxr-xr-x 49 root root 4096 Okt 10 21:38 ..




-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
autotransition: true
saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       1       postscreen
smtp      unix  -       -       n       -       -       smtp
hold      unix  -       -       n       -       25      smtp
pickup fifo n - - 60 1 pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr fifo n - n 1 1 qmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} 
${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail  unix  -       n       n       -       -       pipe
  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} 
${recipient}
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
smtp-amavis unix -      -       n     -       2  lmtp
    -o smtp_data_done_timeout=1200
    -o disable_dns_lookups=yes
127.0.0.1:10025 inet n  -       n     -       -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
discard   unix  -       -       n       -       -       discard
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
retry     unix  -       -       n       -       -       error
proxywrite unix -       -       n       -       1       proxymap
smtpd     pass  -       -       n       -       -       smtpd
dnsblog  unix  -       -       n       -       0       dnsblog
tlsproxy unix  -       -       n       -       0       tlsproxy


smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes

submission inet n - - - - smtpd
 -o smtpd_enforce_tls=yes
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/auth
 -o smtpd_sasl_security_options=noanonymous
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 -o smtpd_sender_restrictions=
 -o 
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail 
argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d 
${user}@${nexthop}

-- mechanisms on localhost --
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN

-- end of saslfinger output --

root@blueberry:/home/software# postfinger --all
postfinger - postfix configuration on Do 3. Nov 09:17:35 CET 2016
version: 1.30

Warning: postfinger output may show private configuration information,
such as ip addresses and/or domain names which you do not want to show
to the public.  If this is the case it is your responsibility to modify
the output to hide this private information.  [Remove this warning with
the --nowarn option.]

--System Parameters--
mail_version = 3.2-20161101
hostname = blueberry.post-peine.de
uname = Linux yadda.dadda-do.de 4.4.0-042stab113.17 #1 SMP Wed Feb 10 18:31:00 
MSK 2016 x86_64 x86_64 x86_64 GNU/Linux

--Packaging information--

--Mailbox locking methods--
flock fcntl dotlock

--Supported Lookup tables--
btree cdb cidr environ fail hash inline internal ldap memcache nis pcre pipemap 
proxy randmap regexp socketmap static tcp texthash unionmap unix

--main.cf non-default parameters--
2bounce_notice_recipient = postmaster-bounce
address_verify_map = btree:/var/lib/postfix/verify
address_verify_negative_refresh_time = 300s
alias_database = btree:/etc/aliases
alias_maps = btree:/etc/aliases
allow_percent_hack = no
biff = no
body_checks = regexp:/etc/postfix/body_checks.regexp
bounce_notice_recipient = postmaster-bounce
bounce_queue_lifetime = 1d
bounce_size_limit = 10240
broken_sasl_auth_clients = yes
canonical_maps = btree:/etc/postfix/canonical
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb 
$daemon_directory/$process_name $process_id & sleep 5
default_database_type = btree
default_destination_concurrency_limit = 10
default_process_limit = 12
defer_transports = hold
delay_notice_recipient = postmaster-delay
delay_warning_time = 2d
disable_vrfy_command = yes
error_notice_recipient = postmaster-error
header_checks = regexp:/etc/postfix/block255, 
regexp:/etc/postfix/header_checks.regexp
html_directory = /srv/www/yadda.dadd-do.de/html/postfix
lmtp_tls_ciphers = export
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
local_destination_concurrency_limit = 4
mailbox_size_limit = 1000000000
manpage_directory = /usr/share/man
masquerade_exceptions = root
maximal_queue_lifetime = 3d
message_size_limit = 125000000
mydestination = localhost.$mydomain, localhost, localhost.localdomain, 
$myhostname
mynetworks = 127.0.0.0/8 [::1]/128 ...
notify_classes = bounce, resource, software, delay, policy
postscreen_access_list = permit_mynetworks 
cidr:/etc/postfix/postscreen_access.cidr
postscreen_bare_newline_action = drop
postscreen_bare_newline_enable = yes
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_threshold = 2
postscreen_greet_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_enable = yes
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relay_domains = btree:/etc/postfix/relay_domains
relayhost = outpost.post-peine.de
relay_recipient_maps = btree:/etc/postfix/recipient_maps.outpost
relocated_maps = btree:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_client_restrictions = permit_mynetworks
smtpd_error_sleep_time = 1
smtpd_hard_error_limit = 3
smtpd_proxy_timeout = 3600s
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_unauth_destination, check_policy_service inet:localhost:10023
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 7
smtpd_timeout = 3600s
smtpd_tls_ask_ccert = yes
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_cert_file = /etc/ssl/certs/blueberry.pem
smtpd_tls_ciphers = export
smtpd_tls_key_file = /etc/ssl/private/blueberry.key
smtpd_tls_loglevel = 2
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_session_cache
smtpd_tls_session_cache_timeout = 7200s
smtpd_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = btree:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_send_xforward_command = yes
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_cert_file = /etc/ssl/certs/blueberry.pem
smtp_tls_ciphers = export
smtp_tls_key_file = /etc/ssl/private/blueberry.key
smtp_tls_loglevel = 2
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_policy_maps = btree:/etc/postfix/tls_nach_ziel
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_session_cache
smtputf8_enable = no
strict_rfc821_envelopes = yes
swap_bangpath = no
transport_maps = btree:/etc/postfix/transport
unverified_sender_reject_code = 554
virtual_gid_maps = static:31
virtual_mailbox_base = /var/spool/mail/vmail
virtual_maps = btree:/etc/postfix/virtual
virtual_transport = dovecot
virtual_uid_maps = static:110

--master.cf--
smtp      inet  n       -       n       -       1       postscreen
smtp      unix  -       -       n       -       -       smtp
hold      unix  -       -       n       -       25      smtp
pickup fifo n - - 60 1 pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr fifo n - n 1 1 qmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} 
${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail  unix  -       n       n       -       -       pipe
  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} 
${recipient}
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
smtp-amavis unix -      -       n     -       2  lmtp
    -o smtp_data_done_timeout=1200
    -o disable_dns_lookups=yes
127.0.0.1:10025 inet n  -       n     -       -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
discard   unix  -       -       n       -       -       discard
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
retry     unix  -       -       n       -       -       error
proxywrite unix -       -       n       -       1       proxymap
smtpd     pass  -       -       n       -       -       smtpd
dnsblog  unix  -       -       n       -       0       dnsblog
tlsproxy unix  -       -       n       -       0       tlsproxy
smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes
submission inet n - - - - smtpd
 -o smtpd_enforce_tls=yes
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/auth
 -o smtpd_sasl_security_options=noanonymous
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 -o smtpd_sender_restrictions=
 -o 
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail 
argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d 
${user}@${nexthop}

--Specific file and directory permissions--
drwx-wx--- 2 postfix postdrop 4096 Nov  3 09:16 /var/spool/postfix/maildrop
drwx--s--- 2 postfix postdrop 4096 Nov  3 09:16 /var/spool/postfix/public
total 0
srw-rw-rw- 1 postfix postdrop 0 Nov  3 09:16 cleanup
srw-rw-rw- 1 postfix postdrop 0 Nov  3 09:16 flush
prw--w--w- 1 postfix postdrop 0 Nov  3 09:16 pickup
prw--w--w- 1 postfix postdrop 0 Nov  3 09:16 qmgr
srw-rw-rw- 1 postfix postdrop 0 Nov  3 09:16 showq
drwx------ 2 postfix root 4096 Nov  3 09:16 /var/spool/postfix/private
total 0
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 anvil
srw-rw---- 1 postfix postfix 0 Okt 13 15:29 auth
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 bounce
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 bsmtp
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 cyrus
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 defer
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 discard
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 dnsblog
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 dovecot
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 error
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 hold
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 ifmail
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 lmtp
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 local
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 maildrop
srw-rw-rw- 1 postfix postfix 0 Okt  8 18:38 mailman
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 procmail
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 proxymap
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 proxywrite
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 relay
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 retry
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 rewrite
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 scache
srw-rw-rw- 1 postfix postfix 0 Okt  8 18:38 scalemail-backend
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 smtp
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 smtp-amavis
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 smtpd
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 tlsmgr
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 tlsproxy
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 trace
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 uucp
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 verify
srw-rw-rw- 1 postfix postfix 0 Nov  3 09:16 virtual
-rwxr-sr-x 1 root postdrop 34504 Nov  1 22:04 /usr/sbin/postdrop
-rwxr-sr-x 1 root postdrop 54304 Nov  1 22:04 /usr/sbin/postqueue

--Library dependencies--
/usr/lib/postfix/smtpd:
        linux-vdso.so.1 =>  (0x00007ffd2c4fe000)
        libpostfix-master.so => /usr/lib/postfix/libpostfix-master.so 
(0x00007eff7a5ea000)
        libpostfix-tls.so => /usr/lib/postfix/libpostfix-tls.so 
(0x00007eff7a3d2000)
        libpostfix-dns.so => /usr/lib/postfix/libpostfix-dns.so 
(0x00007eff7a1ca000)
        libpostfix-global.so => /usr/lib/postfix/libpostfix-global.so 
(0x00007eff79f87000)
        libpostfix-util.so => /usr/lib/postfix/libpostfix-util.so 
(0x00007eff79d48000)
        libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 
(0x00007eff79b24000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007eff7975b000)
        libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 
(0x00007eff794f2000)
        libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 
(0x00007eff790ad000)
        libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 
(0x00007eff78e92000)
        libnsl.so.1 => /lib/x86_64-linux-gnu/libnsl.so.1 (0x00007eff78c79000)
        libdb-5.3.so => /usr/lib/x86_64-linux-gnu/libdb-5.3.so 
(0x00007eff788cb000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007eff786c7000)
        /lib64/ld-linux-x86-64.so.2 (0x00007eff7aa30000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 
(0x00007eff784a9000)
-- end of postfinger output --

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to