Good morning everybody, I was wondering for quite some weeks now how to fix this issue with my postfix. I had a brief discussion with Ralf Hildebrandt and he suggested asking via the users lists, that's what I am doing now.
I have the situation that the PF currently doesn't seem to get proper information about the state of the SSL connection, as you can see below. ==> mail/mail.log <== Nov 3 08:50:29 blueberry postfix/tlsproxy[8057]: CONNECT from [2a01:111:f400:fe02::31f]:39552 Nov 3 08:50:29 blueberry postfix/tlsproxy[8057]: setting up TLS connection from [2a01:111:f400:fe02::31f]:39552 Nov 3 08:50:29 blueberry postfix/tlsproxy[8057]: [2a01:111:f400:fe02::31f]:39552: TLS cipher list "aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH:!aNULL" Nov 3 08:50:29 blueberry postfix/tlsproxy[8057]: SSL_accept:before/accept initialization Nov 3 08:50:30 blueberry postfix/tlsproxy[8057]: SSL_accept:unknown state Nov 3 08:50:30 blueberry postfix/tlsproxy[8057]: message repeated 5 times: [ SSL_accept:unknown state] Nov 3 08:50:30 blueberry postfix/tlsproxy[8057]: SSL_accept:failed in unknown state It doesn't matter if it is an IPv6 host, if the host is in mynetworks or not (all postfixes with CACert issues certs and working properly between each of the others finely). Any pointers what to check/where to lock/what to fix are highly appreciated. And I will probably drop another mail around another issue in conjunction with dovecot virtual user delivery pf->dovecot... but first this SSL thing... Thanks! Florian =========================================================================== Note: this message was send by me *only* if the eMail message contains a correct pgp signature corresponding to my address at flo...@floppy.org. Do you need my PGP public key? Check out http://www.floppy.org or send me an email with the subject "send pgp public key" to this address of mine.Thx!
2bounce_notice_recipient = postmaster-bounce address_verify_map = btree:/var/lib/postfix/verify address_verify_negative_cache = yes address_verify_negative_expire_time = 3d address_verify_negative_refresh_time = 300s address_verify_positive_expire_time = 31d address_verify_positive_refresh_time = 7d alias_database = btree:/etc/aliases alias_maps = btree:/etc/aliases allow_percent_hack = no always_bcc = biff = no body_checks = regexp:/etc/postfix/body_checks.regexp bounce_notice_recipient = postmaster-bounce bounce_queue_lifetime = 1d bounce_size_limit = 10240 broken_sasl_auth_clients = yes canonical_maps = btree:/etc/postfix/canonical command_directory = /usr/sbin compatibility_level = 2 content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 default_database_type = btree default_destination_concurrency_limit = 10 default_privs = nobody default_process_limit = 12 defer_transports = hold delay_notice_recipient = postmaster-delay delay_warning_time = 2d disable_dns_lookups = no disable_vrfy_command = yes error_notice_recipient = postmaster-error header_checks = regexp:/etc/postfix/block255, regexp:/etc/postfix/header_checks.regexp html_directory = /srv/www/yadda.dadd-do.de/html/postfix inet_interfaces = all inet_protocols = all lmtp_tls_ciphers = export lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3 lmtp_tls_protocols = !SSLv2 !SSLv3 local_destination_concurrency_limit = 4 mail_owner = postfix mail_spool_directory = /var/mail mailbox_size_limit = 1000000000 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root maximal_queue_lifetime = 3d message_size_limit = 125000000 meta_directory = /etc/postfix mydestination = localhost.$mydomain, localhost, localhost.localdomain, $myhostname myhostname = yadda.dadd-do.de mynetworks = 127.0.0.0/8 [::1]/128... newaliases_path = /usr/bin/newaliases notify_classes = bounce, resource, software, delay, policy postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr postscreen_bare_newline_action = drop postscreen_bare_newline_enable = yes postscreen_blacklist_action = drop postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = postscreen_dnsbl_threshold = 2 postscreen_greet_action = enforce postscreen_non_smtp_command_enable = yes postscreen_pipelining_enable = yes queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES relay_domains = btree:/etc/postfix/relay_domains relay_recipient_maps = btree:/etc/postfix/recipient_maps.outpost relayhost = outpost.post-peine.de relocated_maps = btree:/etc/postfix/relocated resolve_dequoted_address = yes sample_directory = /usr/share/doc/packages/postfix/samples sendmail_path = /usr/sbin/sendmail setgid_group = postdrop shlib_directory = /usr/lib/postfix smtp_sasl_auth_enable = yes smtp_sasl_password_maps = btree:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_send_xforward_command = yes smtp_tls_CApath = /etc/ssl/certs smtp_tls_cert_file = /etc/ssl/certs/blueberry.pem smtp_tls_ciphers = export smtp_tls_key_file = /etc/ssl/private/blueberry.key smtp_tls_loglevel = 2 smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 smtp_tls_note_starttls_offer = yes smtp_tls_policy_maps = btree:/etc/postfix/tls_nach_ziel smtp_tls_protocols = !SSLv2 !SSLv3 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_session_cache smtp_tls_session_cache_timeout = 3600s smtp_use_tls = no smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128 smtpd_banner = $myhostname ESMTP $mail_name smtpd_client_restrictions = permit_mynetworks smtpd_error_sleep_time = 1 smtpd_hard_error_limit = 3 smtpd_proxy_timeout = 3600s smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service inet:localhost:10023 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_soft_error_limit = 7 smtpd_timeout = 3600s smtpd_tls_CApath = /etc/ssl/certs smtpd_tls_ask_ccert = yes smtpd_tls_cert_file = /etc/ssl/certs/blueberry.pem smtpd_tls_ciphers = export smtpd_tls_key_file = /etc/ssl/private/blueberry.key smtpd_tls_loglevel = 2 smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 smtpd_tls_protocols = !SSLv2 !SSLv3 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_session_cache smtpd_tls_session_cache_timeout = 7200s smtpd_use_tls = yes smtputf8_enable = no strict_rfc821_envelopes = yes swap_bangpath = no tls_random_source = dev:/dev/urandom transport_maps = btree:/etc/postfix/transport unknown_local_recipient_reject_code = 550 unverified_sender_reject_code = 554 virtual_alias_maps = $virtual_maps virtual_gid_maps = static:31 virtual_mailbox_base = /var/spool/mail/vmail virtual_mailbox_domains = $virtual_mailbox_maps virtual_maps = btree:/etc/postfix/virtual virtual_transport = dovecot virtual_uid_maps = static:110
smtp inet n - n - 1 postscreen smtp unix - - n - - smtp hold unix - - n - 25 smtp pickup fifo n - - 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 1 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient procmail unix - n n - - pipe flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient} trace unix - - n - 0 bounce verify unix - - n - 1 verify smtp-amavis unix - - n - 2 lmtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes anvil unix - - n - 1 anvil scache unix - - n - 1 scache discard unix - - n - - discard tlsmgr unix - - n 1000? 1 tlsmgr retry unix - - n - - error proxywrite unix - - n - 1 proxymap smtpd pass - - n - - smtpd dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
root@blueberry:/home/software/saslfinger-1.0.3# saslfinger -s saslfinger - postfix Cyrus sasl configuration Do 3. Nov 09:10:17 CET 2016 version: 1.0.2 mode: server-side SMTP AUTH -- basics -- Postfix: 3.2-20161101 System: Ubuntu 16.04.1 LTS \n \l -- smtpd is linked to -- libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007fb3db0ac000) -- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_CApath = /etc/ssl/certs smtpd_tls_ask_ccert = yes smtpd_tls_cert_file = /etc/ssl/certs/blueberry.pem smtpd_tls_ciphers = export smtpd_tls_key_file = /etc/ssl/private/blueberry.key smtpd_tls_loglevel = 2 smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 smtpd_tls_protocols = !SSLv2 !SSLv3 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_session_cache smtpd_tls_session_cache_timeout = 7200s smtpd_use_tls = yes -- listing of /usr/lib/sasl2 -- total 8 drwxr-xr-x 2 root root 4096 Apr 5 2016 . drwxr-xr-x 49 root root 4096 Okt 10 21:38 .. -- content of /etc/postfix/sasl/smtpd.conf -- pwcheck_method: saslauthd mech_list: PLAIN LOGIN autotransition: true saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux -- active services in /etc/postfix/master.cf -- # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) smtp inet n - n - 1 postscreen smtp unix - - n - - smtp hold unix - - n - 25 smtp pickup fifo n - - 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 1 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient procmail unix - n n - - pipe flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient} trace unix - - n - 0 bounce verify unix - - n - 1 verify smtp-amavis unix - - n - 2 lmtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes anvil unix - - n - 1 anvil scache unix - - n - 1 scache discard unix - - n - - discard tlsmgr unix - - n 1000? 1 tlsmgr retry unix - - n - - error proxywrite unix - - n - 1 proxymap smtpd pass - - n - - smtpd dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop} -- mechanisms on localhost -- 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN -- end of saslfinger output --
root@blueberry:/home/software# postfinger --all postfinger - postfix configuration on Do 3. Nov 09:17:35 CET 2016 version: 1.30 Warning: postfinger output may show private configuration information, such as ip addresses and/or domain names which you do not want to show to the public. If this is the case it is your responsibility to modify the output to hide this private information. [Remove this warning with the --nowarn option.] --System Parameters-- mail_version = 3.2-20161101 hostname = blueberry.post-peine.de uname = Linux yadda.dadda-do.de 4.4.0-042stab113.17 #1 SMP Wed Feb 10 18:31:00 MSK 2016 x86_64 x86_64 x86_64 GNU/Linux --Packaging information-- --Mailbox locking methods-- flock fcntl dotlock --Supported Lookup tables-- btree cdb cidr environ fail hash inline internal ldap memcache nis pcre pipemap proxy randmap regexp socketmap static tcp texthash unionmap unix --main.cf non-default parameters-- 2bounce_notice_recipient = postmaster-bounce address_verify_map = btree:/var/lib/postfix/verify address_verify_negative_refresh_time = 300s alias_database = btree:/etc/aliases alias_maps = btree:/etc/aliases allow_percent_hack = no biff = no body_checks = regexp:/etc/postfix/body_checks.regexp bounce_notice_recipient = postmaster-bounce bounce_queue_lifetime = 1d bounce_size_limit = 10240 broken_sasl_auth_clients = yes canonical_maps = btree:/etc/postfix/canonical compatibility_level = 2 content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/lib/postfix debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 default_database_type = btree default_destination_concurrency_limit = 10 default_process_limit = 12 defer_transports = hold delay_notice_recipient = postmaster-delay delay_warning_time = 2d disable_vrfy_command = yes error_notice_recipient = postmaster-error header_checks = regexp:/etc/postfix/block255, regexp:/etc/postfix/header_checks.regexp html_directory = /srv/www/yadda.dadd-do.de/html/postfix lmtp_tls_ciphers = export lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3 lmtp_tls_protocols = !SSLv2 !SSLv3 local_destination_concurrency_limit = 4 mailbox_size_limit = 1000000000 manpage_directory = /usr/share/man masquerade_exceptions = root maximal_queue_lifetime = 3d message_size_limit = 125000000 mydestination = localhost.$mydomain, localhost, localhost.localdomain, $myhostname mynetworks = 127.0.0.0/8 [::1]/128 ... notify_classes = bounce, resource, software, delay, policy postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr postscreen_bare_newline_action = drop postscreen_bare_newline_enable = yes postscreen_blacklist_action = drop postscreen_dnsbl_action = enforce postscreen_dnsbl_threshold = 2 postscreen_greet_action = enforce postscreen_non_smtp_command_enable = yes postscreen_pipelining_enable = yes readme_directory = /usr/share/doc/packages/postfix/README_FILES relay_domains = btree:/etc/postfix/relay_domains relayhost = outpost.post-peine.de relay_recipient_maps = btree:/etc/postfix/recipient_maps.outpost relocated_maps = btree:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128 smtpd_client_restrictions = permit_mynetworks smtpd_error_sleep_time = 1 smtpd_hard_error_limit = 3 smtpd_proxy_timeout = 3600s smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service inet:localhost:10023 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_soft_error_limit = 7 smtpd_timeout = 3600s smtpd_tls_ask_ccert = yes smtpd_tls_CApath = /etc/ssl/certs smtpd_tls_cert_file = /etc/ssl/certs/blueberry.pem smtpd_tls_ciphers = export smtpd_tls_key_file = /etc/ssl/private/blueberry.key smtpd_tls_loglevel = 2 smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 smtpd_tls_protocols = !SSLv2 !SSLv3 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_session_cache smtpd_tls_session_cache_timeout = 7200s smtpd_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = btree:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_send_xforward_command = yes smtp_tls_CApath = /etc/ssl/certs smtp_tls_cert_file = /etc/ssl/certs/blueberry.pem smtp_tls_ciphers = export smtp_tls_key_file = /etc/ssl/private/blueberry.key smtp_tls_loglevel = 2 smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 smtp_tls_note_starttls_offer = yes smtp_tls_policy_maps = btree:/etc/postfix/tls_nach_ziel smtp_tls_protocols = !SSLv2 !SSLv3 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_session_cache smtputf8_enable = no strict_rfc821_envelopes = yes swap_bangpath = no transport_maps = btree:/etc/postfix/transport unverified_sender_reject_code = 554 virtual_gid_maps = static:31 virtual_mailbox_base = /var/spool/mail/vmail virtual_maps = btree:/etc/postfix/virtual virtual_transport = dovecot virtual_uid_maps = static:110 --master.cf-- smtp inet n - n - 1 postscreen smtp unix - - n - - smtp hold unix - - n - 25 smtp pickup fifo n - - 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 1 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient procmail unix - n n - - pipe flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient} trace unix - - n - 0 bounce verify unix - - n - 1 verify smtp-amavis unix - - n - 2 lmtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes anvil unix - - n - 1 anvil scache unix - - n - 1 scache discard unix - - n - - discard tlsmgr unix - - n 1000? 1 tlsmgr retry unix - - n - - error proxywrite unix - - n - 1 proxymap smtpd pass - - n - - smtpd dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop} --Specific file and directory permissions-- drwx-wx--- 2 postfix postdrop 4096 Nov 3 09:16 /var/spool/postfix/maildrop drwx--s--- 2 postfix postdrop 4096 Nov 3 09:16 /var/spool/postfix/public total 0 srw-rw-rw- 1 postfix postdrop 0 Nov 3 09:16 cleanup srw-rw-rw- 1 postfix postdrop 0 Nov 3 09:16 flush prw--w--w- 1 postfix postdrop 0 Nov 3 09:16 pickup prw--w--w- 1 postfix postdrop 0 Nov 3 09:16 qmgr srw-rw-rw- 1 postfix postdrop 0 Nov 3 09:16 showq drwx------ 2 postfix root 4096 Nov 3 09:16 /var/spool/postfix/private total 0 srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 anvil srw-rw---- 1 postfix postfix 0 Okt 13 15:29 auth srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 bounce srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 bsmtp srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 cyrus srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 defer srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 discard srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 dnsblog srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 dovecot srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 error srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 hold srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 ifmail srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 lmtp srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 local srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 maildrop srw-rw-rw- 1 postfix postfix 0 Okt 8 18:38 mailman srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 procmail srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 proxymap srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 proxywrite srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 relay srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 retry srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 rewrite srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 scache srw-rw-rw- 1 postfix postfix 0 Okt 8 18:38 scalemail-backend srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 smtp srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 smtp-amavis srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 smtpd srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 tlsmgr srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 tlsproxy srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 trace srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 uucp srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 verify srw-rw-rw- 1 postfix postfix 0 Nov 3 09:16 virtual -rwxr-sr-x 1 root postdrop 34504 Nov 1 22:04 /usr/sbin/postdrop -rwxr-sr-x 1 root postdrop 54304 Nov 1 22:04 /usr/sbin/postqueue --Library dependencies-- /usr/lib/postfix/smtpd: linux-vdso.so.1 => (0x00007ffd2c4fe000) libpostfix-master.so => /usr/lib/postfix/libpostfix-master.so (0x00007eff7a5ea000) libpostfix-tls.so => /usr/lib/postfix/libpostfix-tls.so (0x00007eff7a3d2000) libpostfix-dns.so => /usr/lib/postfix/libpostfix-dns.so (0x00007eff7a1ca000) libpostfix-global.so => /usr/lib/postfix/libpostfix-global.so (0x00007eff79f87000) libpostfix-util.so => /usr/lib/postfix/libpostfix-util.so (0x00007eff79d48000) libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007eff79b24000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007eff7975b000) libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007eff794f2000) libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007eff790ad000) libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007eff78e92000) libnsl.so.1 => /lib/x86_64-linux-gnu/libnsl.so.1 (0x00007eff78c79000) libdb-5.3.so => /usr/lib/x86_64-linux-gnu/libdb-5.3.so (0x00007eff788cb000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007eff786c7000) /lib64/ld-linux-x86-64.so.2 (0x00007eff7aa30000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007eff784a9000) -- end of postfinger output --
signature.asc
Description: OpenPGP digital signature