Hello everyone,
I am recently no longer able to send mail out from my postfix server. Receiving
email works fine. Connecting via IMAPS from Mail.app and sending either to a
local recipient or to an external recipient is rejected with:
Jun 11 20:35:05 grover postfix/submission/smtpd[11782]: NOQUEUE: reject: RCPT
from subscriber-dhcp-cgn-#-191-7-1.ISP.net[#.191.7.1]: 554 5.7.1
<subscriber-dhcp-cgn-#-191-7-1.ISP.net[#.191.7.1]>: Client host rejected:
Access denied; from=<da...@bigbird.com> to=<da...@oscar.org> proto=ESMTP
helo=<[10.5.19.6]>
Jun 11 20:45:32 grover postfix/submission/smtpd[12054]: NOQUEUE: reject: RCPT
from subscriber-dhcp-cgn-#-191-7-1.ISP.net[#.191.7.1]: 554 5.7.1
<subscriber-dhcp-cgn-#-191-7-1.ISP.net[#.191.7.1]>: Client host rejected:
Access denied; from=<da...@bigbird.com> to=<da...@bigbird.com> proto=ESMTP
helo=<[10.5.19.6]>
I've been through so many Google searches and how-tos nothing is making sense
any more. I throw myself on the mercy of the Postfix gods. I very much
appreciate your time.
# /root/bin/postfinger --all --nowarn
postfinger - postfix configuration on Tue Jun 11 21:33:18 CDT 2019
version: 1.30
--System Parameters--
mail_version = 3.3.0
hostname = grover
uname = Linux grover 4.15.0-34-generic #37-Ubuntu SMP Mon Aug 27 15:21:48 UTC
2018 x86_64 x86_64 x86_64 GNU/Linux
--Packaging information--
looks like this postfix comes from deb package: postfix-3.3.0-1ubuntu0.2
--Mailbox locking methods--
flock fcntl dotlock
--Supported Lookup tables--
btree cidr environ fail hash inline internal memcache nis pipemap proxy randmap
regexp socketmap sqlite static tcp texthash unionmap unix
--main.cf non-default parameters--
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
disable_vrfy_command = yes
home_mailbox = Maildir/
mailbox_command = /usr/lib/dovecot/deliver -c
/etc/dovecot/conf.d/01-mail-stack-delivery.conf -m "${EXTENSION}"
mailbox_size_limit = 0
message_size_limit = 20971520
mydestination = bigbird.com lists.bigbird.com localhost.localdomain localhost
myhostname = grover.bigbird.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/16
#.191.4.0/22
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_tls_all_clientcerts,
reject_unauth_pipelining
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_helo_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_hostname, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unverified_recipient,
check_client_access regexp:/etc/postfix/rbl_override, reject_rbl_client
zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client
b.barracudacentral.org, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/bigbird.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/bigbird.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
tls_high_cipherlist =
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256:NULL-SHA256
tls_preempt_cipherlist = yes
virtual_alias_domains = codecats.us
virtual_alias_maps = hash:/etc/postfix/virtual
--master.cf--
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtp inet n - y - - smtpd
pickup fifo n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
--Specific file and directory permissions--
drwx-wx--T 2 postfix postdrop 4096 Oct 22 2018 /var/spool/postfix/maildrop
drwx--s--- 2 postfix postdrop 4096 Jun 11 21:31 /var/spool/postfix/public
total 0
srw-rw-rw- 1 postfix postdrop 0 Jun 11 21:31 cleanup
srw-rw-rw- 1 postfix postdrop 0 Jun 11 21:31 flush
prw--w--w- 1 postfix postdrop 0 Jun 11 21:32 pickup
prw--w--w- 1 postfix postdrop 0 Jun 11 21:31 qmgr
srw-rw-rw- 1 postfix postdrop 0 Jun 11 21:31 showq
drwx------ 2 postfix root 4096 Jun 11 21:31 /var/spool/postfix/private
total 0
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 anvil
srw-rw-rw- 1 root root 0 Jun 11 12:23 auth
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 bounce
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 bsmtp
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 defer
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 discard
srw-rw---- 1 postfix postfix 0 Jun 11 12:23 dovecot-auth
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 error
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 ifmail
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 lmtp
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 local
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 maildrop
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 mailman
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 proxymap
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 proxywrite
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 relay
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 retry
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 rewrite
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 scache
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 scalemail-backend
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 smtp
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 tlsmgr
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 trace
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 uucp
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 verify
srw-rw-rw- 1 postfix postfix 0 Jun 11 21:31 virtual
-r-xr-sr-x 1 root postdrop 14456 Oct 11 2018 /usr/sbin/postdrop
-r-xr-sr-x 1 root postdrop 22600 Oct 11 2018 /usr/sbin/postqueue
--Library dependencies--
/usr/lib/postfix/sbin/smtpd:
linux-vdso.so.1 (0x00007ffe9af16000)
libpostfix-master.so => /usr/lib/postfix/libpostfix-master.so
(0x00007f30e869a000)
libpostfix-tls.so => /usr/lib/postfix/libpostfix-tls.so
(0x00007f30e8481000)
libpostfix-dns.so => /usr/lib/postfix/libpostfix-dns.so
(0x00007f30e827a000)
libpostfix-global.so => /usr/lib/postfix/libpostfix-global.so
(0x00007f30e8035000)
libpostfix-util.so => /usr/lib/postfix/libpostfix-util.so
(0x00007f30e7df2000)
libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2
(0x00007f30e7bd7000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x00007f30e79b8000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f30e75c7000)
libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1
(0x00007f30e733a000)
libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
(0x00007f30e6e70000)
libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2
(0x00007f30e6c55000)
libdb-5.3.so => /usr/lib/x86_64-linux-gnu/libdb-5.3.so
(0x00007f30e68ac000)
libnsl.so.1 => /lib/x86_64-linux-gnu/libnsl.so.1 (0x00007f30e6692000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f30e648e000)
libicuuc.so.60 => /usr/lib/x86_64-linux-gnu/libicuuc.so.60
(0x00007f30e60d7000)
/lib64/ld-linux-x86-64.so.2 (0x00007f30e8ade000)
libicudata.so.60 => /usr/lib/x86_64-linux-gnu/libicudata.so.60
(0x00007f30e452e000)
libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6
(0x00007f30e41a5000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f30e3e07000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1
(0x00007f30e3bef000)
-- end of postfinger output --
# saslfinger -s
saslfinger - postfix Cyrus sasl configuration Tue Jun 11 21:33:56 CDT 2019
version: 1.0.4
mode: server-side SMTP AUTH
-- basics --
Postfix: 3.3.0
System: Ubuntu 18.04.2 LTS \n \l
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2
(0x00007f185c4a5000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/bigbird.com/fullchain.pem
smtpd_tls_ciphers = medium
smtpd_tls_key_file = /etc/letsencrypt/live/bigbird.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
-- listing of /usr/lib/sasl2 --
total 24
drwxr-xr-x 2 root root 4096 Sep 23 2018 .
drwxr-xr-x 81 root root 12288 Mar 7 20:30 ..
-rw-r--r-- 1 root root 4 May 6 2017 berkeley_db.active
-rw-r--r-- 1 root root 4 Feb 5 2018 berkeley_db.txt
-- listing of /etc/postfix/sasl --
total 12
drwxr-xr-x 2 root root 4096 Jun 11 21:23 .
drwxr-xr-x 6 root root 4096 Jun 11 21:33 ..
-rw-r--r-- 1 root root 49 Jun 11 21:23 smtpd.conf
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtp inet n - y - - smtpd
pickup fifo n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
-- mechanisms on localhost --
-- end of saslfinger output --
Regards,
David Drum
da...@mu.org
--
"Penultimate." Ooh! Second-best word ever!--Frazz
