I am setting up a new mail hub in a FreeBSD-11.1 jail. When routing
traffic through this host to our existing IMAP service I see this
error in the maillog file:
84A19B389 1256 Wed Jun 13 16:03:45 byrn...@harte-lyne.ca
(delivery temporarily suspended: connect to
inet07.hamilton.harte-lyne.ca[216.185.71.27]:25: Can't assign
requested address)
byrn...@harte-lyne.ca
But, if I telnet from the same host then I see this:
# telnet 216.185.71.27 25
Trying 216.185.71.27...
Connected to inet07.hamilton.harte-lyne.ca.
Escape character is '^]'.
220 inet07.hamilton.harte-lyne.ca ESMTP Postfix
ehlo mx31.harte-lyne.ca
250-inet07.hamilton.harte-lyne.ca
250-PIPELINING
250-SIZE 20480000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
Likewise swaks run on the same host connects and delivers:
# swaks --from=byrn...@harte-lyne.ca --to=byrn...@harte-lyne.ca
--server=216.185.71.27
=== Trying 216.185.71.27:25...
=== Connected to 216.185.71.27.
<- 220 inet07.hamilton.harte-lyne.ca ESMTP Postfix
-> EHLO mx31.harte-lyne.ca
<- 250-inet07.hamilton.harte-lyne.ca
<- 250-PIPELINING
<- 250-SIZE 20480000
<- 250-ETRN
<- 250-STARTTLS
<- 250-ENHANCEDSTATUSCODES
<- 250-8BITMIME
<- 250 DSN
-> MAIL FROM:<byrn...@harte-lyne.ca>
<- 250 2.1.0 Ok
-> RCPT TO:<byrn...@harte-lyne.ca>
<- 250 2.1.5 Ok
-> DATA
<- 354 End data with <CR><LF>.<CR><LF>
-> Date: Fri, 15 Jun 2018 14:29:04 -0400
-> To: byrn...@harte-lyne.ca
-> From: byrn...@harte-lyne.ca
-> Subject: test Fri, 15 Jun 2018 14:29:04 -0400
-> Message-Id: <20180615142904.092...@mx31.harte-lyne.ca>
-> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
->
-> This is a test mailing
->
-> .
<- 250 2.0.0 Ok: queued as D22B48A345
-> QUIT
<- 221 2.0.0 Bye
=== Connection closed with remote host.
Our set-up requires authenticated senders and this is accomplished by
using saslauthd configured to connect to a remote IMAP service.
However, we do this over an encrypted pipe to the IMAP server.
Saslauthd is therefore configured thus:
root 55176 0.0 0.0 43928 0 - IWsJ - 0:00.00
/usr/local/sbin/saslauthd -a rimap -O localhost
# ping localhost
PING localhost (127.0.31.1): 56 data bytes
We also use dkim and this is running as well:
mailnull 69811 0.0 0.0 33952 0 - IWsJ - 0:00.00
/usr/local/sbin/opendkim -l -u mailnull:mailnull -P /var/run/milter
mailnull 70080 0.0 0.1 52004 3388 - SJ Thu10 0:03.22
/usr/local/sbin/opendkim -l -u mailnull:mailnull -P /var/run/milter
Likewise we use amavisd-new:
vscan 60254 0.0 0.1 250264 4440 - SsJ Thu10 0:02.62
/usr/local/sbin/amavisd (master) (perl)
I have searched for an answer to this but have not found anything that
I find useful. Can anyone give me a clue as to what I have
misconfigured and where?
The sockets using port 25 on mx31.harte-lyne.ca are:
# sockstat -l | grep 25
root master 304 105 tcp4 127.0.31.1:10025 *:*
root master 304 108 tcp4 127.0.31.1:25 *:*
root master 304 109 tcp4 216.185.71.31:25 *:*
root master 304 110 tcp4 192.168.216.31:25 *:*
My main.cf settings are reproduced below:
# postconf -nf
alias_database = hash:/usr/local/etc/postfix/aliases.main,
hash:/usr/local/etc/postfix/aliases.domains,
hash:/usr/local/etc/postfix/private/aliases.byrnejb
alias_maps = hash:/usr/local/etc/postfix/aliases.main,
hash:/usr/local/etc/postfix/aliases.domains,
hash:/usr/local/etc/postfix/private/aliases.byrnejb
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
compatibility_level = 2
content_filter = smtp-amavis:[127.0.31.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 15m
disable_vrfy_command = yes
header_checks = regexp:$config_directory/header_checks.regexp
html_directory = /usr/local/share/doc/postfix
ignore_mx_lookup_error = no
inet_interfaces = 127.0.31.1, 192.168.216.31, 216.185.71.31
inet_protocols = all
local_transport = smtp
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 20480000
meta_directory = /usr/local/libexec/postfix
milter_default_action = accept
milter_protocol = 2
mydestination =
mydomain = harte-lyne.ca
myhostname = mx31.harte-lyne.ca
mynetworks = 216.185.71.0/26, 216.185.71.64/27, 209.47.176.0/26,
192.168.216.0/24, 192.168.209.0/24, 192.168.8.0/24,
192.168.7.0/24,
192.168.6.0/24, 127.0.0.0/8
mynetworks_style = subnet
newaliases_path = /usr/local/bin/newaliases
non_smtpd_milters = $smtpd_milters
policyd-spf_time_limit = 3600
postscreen_access_list = permit_mynetworks,
cidr:/usr/local/etc/postfix/postscreen_access.cidr
postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1
dun.dnsrbl.net*1
escalations.dnsbl.sorbs.net*1
postscreen_dnsbl_threshold = 2
queue_minfree = 40960000
rbl_reply_maps = hash:/usr/local/etc/postfix/rbl_reply
readme_directory = /usr/local/share/doc/postfix
recipient_delimiter = +
relay_clientcerts = hash:/usr/local/etc/postfix/relay_clientcerts
relay_domains = hash:/usr/local/etc/postfix/relay_domains
sample_directory = /usr/local/etc/postfix
sender_canonical_maps = hash:/usr/local/etc/postfix/canonical
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
shlib_directory = /usr/local/lib/postfix
smtp_bind_address = 127.0.31.1
smtp_dns_support_level = dnssec
smtp_host_lookup = dns
smtp_tls_CAfile = /usr/local/etc/pki/tls/certs/ca-bundle.crt
smtp_tls_cert_file =
/usr/local/etc/pki/tls/certs/ca.harte-lyne.mx31.crt
smtp_tls_ciphers = medium
smtp_tls_exclude_ciphers = MD5, aDSS, SRP, PSK, aECDH, aDH, SEED,
IDEA, RC2, RC5
smtp_tls_key_file =
/usr/local/etc/pki/tls/private/ca.harte-lyne.mx31.key
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtpd_client_restrictions = permit
smtpd_data_restrictions = permit_mynetworks,
reject_multi_recipient_bounce,
reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
pcre:/usr/local/etc/postfix/helo_checks.pcre,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname, permit
smtpd_milters = inet:127.0.31.1:8891
smtpd_proxy_timeout = 300s
smtpd_recipient_restrictions = reject_non_fqdn_recipient
reject_unknown_recipient_domain permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination reject_unauth_pipelining
check_policy_service
inet:10023 check_policy_service unix:private/policyd-spf permit
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sender_restrictions = permit_mynetworks, check_sender_access
hash:/usr/local/etc/postfix/sender_access, check_sender_mx_access
hash:/usr/local/etc/postfix/sender_mx_access,
check_sender_ns_access
hash:/usr/local/etc/postfix/sender_ns_access,
permit_sasl_authenticated,
reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_starttls_timeout = ${stress?10}${stress:120}s
smtpd_timeout = ${stress?10}${stress:120}s
smtpd_tls_CAfile = /usr/local/etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file =
/usr/local/etc/pki/tls/certs/ca.harte-lyne.mx31.crt
smtpd_tls_ciphers = medium
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_fingerprint_digest = sha256
smtpd_tls_key_file =
/usr/local/etc/pki/tls/private/ca.harte-lyne.mx31.key
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual,
regexp:/usr/local/etc/postfix/virtual.regexp
# sockstat -l | grep 25
root master 304 105 tcp4 127.0.31.1:10025 *:*
root master 304 108 tcp4 127.0.31.1:25 *:*
root master 304 109 tcp4 216.185.71.31:25 *:*
root master 304 110 tcp4 192.168.216.31:25 *:*
My master.cf settings are reproduced below:
# postconf -Mf
smtpd pass - - n - - smtpd
-o smtpd_tls_security_level=may
-o smtpd_proxy_filter=127.0.31.1:10024
-o smtpd_client_connection_count_limit=10
-o smtpd_proxy_options=speed_adjust
-o syslog_name=postfix-p25
submission inet n - n - - smtpd -v
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_tls_clientcerts,reject_unauth_destination
-o
smtpd_sender_restrictions=permit_sasl_authenticated,permit_tls_clientcerts,reject
-o milter_macro_daemon_name=ORIGINATING
-o syslog_name=postfix-p587
smtps inet n - n - - smtpd -v
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_tls_clientcerts,reject_unauth_destination
-o
smtpd_sender_restrictions=permit_sasl_authenticated,permit_tls_clientcerts,reject_unauth_destination
-o milter_macro_daemon_name=ORIGINATING
-o syslog_name=postfix-p465
pickup fifo n - n 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
127.0.31.1:2626 inet n - n - - smtpd
-o smtpd_tls_security_level=none
-o smtpd_sasl_auth_enable=no
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=
-o milter_macro_daemon_name=ORIGINATING
-o syslog_name=postfix-p2626
policyd-spf unix y n n - - spawn
user=nobody
argv=/usr/local/bin/policyd-spf
smtp-amavis unix - - n - 6 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.31.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o mynetworks=127.0.0.0/8
-o relay_recipient_maps=
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_delay_reject=no
-o smtpd_milters=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
smtp inet n - n - 1 postscreen
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
