I have a newly installed Debian 8 server, created to replace an old postfix
server running on Debian Lenny. I've installed and reconfigured as needed
the following newer packages on the new server:
postfix 2.1.3-1
dovecot 2.2.13-12~deb8u1
amavisd-new 2.10.1-2~deb8u1
spamassasin 3.4.0-6
clamav 0.99.2+dfsg-0+deb8u2
dkimproxy 1.4.1-3
I am able to send and receive mail between local users using both
Thunderbird and Squirrelmail. I can also send to external users using both
mail clients.
What I cannot do is send to any user, local or external, from the server
itself. This affects not just the console program 'mail', but also daily
reports sent via scripts called in cron jobs. Attempts using 'mail' or via
the script files trying to send to local accounts result in:
status=deferred (delivery temporarily suspended: host 127.0.0.1[127.0.0.1]
refused to talk to me: 421 Internal error (Next hop is down))
Here is main.cf:
==========
mailbox_size_limit = 0
message_size_limit = 30000000
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
myhostname = host.domain.com
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
virtual_alias_maps = hash:/etc/postfix/virtual
mynetworks = 10.0.0.0/8, 127.0.0.0/8
relay_domains =
virtual_alias_domains =
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
content_filter = smtp-amavis:[127.0.0.1]:10028
smtp-amavis_destination_concurrency_limit = 20
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_delay_reject = no
header_checks = regexp:/etc/postfix/header_checks.regexp
nested_header_checks =
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject_unlisted_recipient,
check_client_access hash:/etc/postfix/GEN000_override,
check_client_access regexp:/etc/postfix/fqrdns.regexp,
check_helo_access hash:/etc/postfix/access,
check_helo_access regexp:/etc/postfix/helo_blacklist.regexp,
check_sender_access hash:/etc/postfix/blacklist,
check_sender_access regexp:/etc/postfix/sender_blacklist.regexp,
check_sender_mx_access cidr:/etc/postfix/mx_access.txt,
check_sender_access hash:/etc/postfix/bdwl
check_client_access hash:/etc/postfix/broken_helos,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
check_sender_access regexp:/etc/postfix/filter_10026_catchall,
permit_mynetworks,
reject_non_fqdn_hostname,
reject_non_fqdn_recipient,
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/restricted,
reject_unknown_client,
reject_unknown_hostname,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
smtpd_data_restrictions =
reject_unauth_pipelining
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.1.5/samples
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
inet_protocols = ipv4
And here is master.cf:
==============
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
-o content_filter=dkimsign:127.0.0.1:10026
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension}
${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
scache unix - - n - 1 scache
discard unix - - n - - discard
tlsmgr unix - - n 1000 1 tlsmgr
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=yes
-o content_filter=dkimsign:[127.0.0.1]:10027
-o receive_override_options=no_address_mappings
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_client_restrictions=permit_mynetworks,reject
dkimsign unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime,starttls
127.0.0.1:10028 inet n - n - 10 smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
I have determined through trial and error that disabling this content filter
in master.cf...
pickup fifo n - n 60 1 pickup
-o content_filter=dkimsign:127.0.0.1:10026
...enables mail sent via 'mail' or cron jobs to be processed. However the
problem does not exist with that line enabled on the original postfix
(2.5.5-1.1+lenny1) server. Having inherited the old server, I'm not fully up
to speed on what that line does, but the old server works and has been for
years, so I don't want to blindly take the line out not knowing what I might
break in the process.
Here is some of the output from netstat -tapn, showing that the server is
listening on port 10026:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
1/init
tcp 0 0 127.0.0.1:10023 0.0.0.0:* LISTEN
4404/postgrey.pid -
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN
4731/amavisd-new (m
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN
4699/master
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
4385/mysqld
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN
4424/perl
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
4699/master
tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN
4442/perl
tcp 0 0 127.0.0.1:10028 0.0.0.0:* LISTEN
4699/master
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
1/init
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
3205/rpcbind
And here is the same from the original fully functional server:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN
3649/postgrey.pid -
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
4254/dovecot
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN
3504/amavisd (maste
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN
4186/master
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN
4098/perl
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
3573/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
4186/master
tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN
4106/perl
tcp 0 0 127.0.0.1:10028 0.0.0.0:* LISTEN
4186/master
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
4146/inetd
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
4254/dovecot
With the exception of the port for postgrey, I've made sure all of the 100xx
ports match functions on both servers.
At this point I don't know where else to look. Please help if you can!
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Postfix-can-t-send-from-localhost-tp88417.html
Sent from the Postfix Users mailing list archive at Nabble.com.
