On 6/12/20 12:26 PM, Wietse Venema wrote:
Gary Aitken:
I had previously edited main.cf to set
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
$ sudo postfix check
postfix: fatal: bad string length 0 < 1: mailq_path =
Not sure what mailq_path should be set to... /var/spool/postfix/ ?
http://www.postfix.org/postconf.5.html#mailq_path
Sendmail compatibility feature that specifies where the Postfix
mailq(1) command is installed. This command can be used to list
the Postfix mail queue.
Do all of these need to be set? I thought the re-configure should
have taken care of this, and reasonable defaults would be applied?
Do I need to remove main.cf before doing a dpkg-reconfigure?
Perhaps you're better of with
- uninstall Postfix
- reinstall Postfix
and only after doing that edit Postfix config files.
A simple uninstall and reinstall of postfix could not be used, as the uninstall
would remove another package (automysqlbackup) which depended on postfix.
That package was already working, and I didn't want to disturb it. I got
around that by installing nullmailer, which satisfied the default-mta and
mail-transfer-agent dependencies from automysqlbackup; then uninstalled
postfix without removing/uninstalling anything else. Then purge postfix
to remove the config files, then reinstall postfix.
So, now I have it installed "properly". yea!
However...
This is a satellite system which should receive no mail, but which needs to
post mail from root and other daemon-users. I thought I had it set up by
answering the setup questions as:
Type of system: Satellite
Domain: xbiologix.net
mail relay: aspmx3.googlemail.com
I have modified main.cf by adding:
smtpd_tls_cert_file=/etc/letsencrypt/live/xbiologix.net/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/xbiologix.net/privkey.key
...
smtp_tls_security_level = may
smtp_tls_loglevel = 1
$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
html_directory = /usr/share/doc/postfix/html
inet_interfaces = loopback-only
inet_protocols = all
mailbox_size_limit = 0
mydestination =
myhostname = xblgx-ops.c.insidexblgx.internal
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains =
relayhost = aspmx3.googlemail.com
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_tls_cert_file = /etc/letsencrypt/live/xbiologix.net/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/xbiologix.net/privkey.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
When attempting to send mail, /var/log/mail.log shows the following:
Jun 16 17:18:11 xblgx-ops postfix/smtp[26224]: connect to
aspmx3.googlemail.com[142.250.10.27]:25: Connection timed out
It is using default mail port, 25; I need port 465 or 587 because it's my
understanding google blocks everything on port 25.
During the setup, I was not (I don't think) given the option of specifying
smtps or the port.
There is supposedly a default egress rule from google cloud vm instances,
but I don't see it listed in my firewall rules. However, I think the listed
firewall rules do not include the default *implied* rules imposed at a higher
level; at least the google cloud docs kind of imply this:
"Firewall rules must allow egress traffic from the instance. Unless overridden by a
higher priority rule, the implied allow rule for egress traffic permits outbound traffic
from all instances."
In any case, I added an explicit rule to allow egress on port 465.
tcpdump shows attempts going out, but on port 25, not 465.
struggling along, any help much appreciated
Gary
