I set the server back, because otherwise my email wasn't working properly.
[root@mcq postfix]# postconf -nf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
compatibility_level = 3.6
content_filter = smtp-amavis:[127.0.0.1]:10024 meta_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 1
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
default_destination_concurrency_limit = 20
fast_flush_domains = $relay_domains
header_checks = pcre:/etc/postfix/maps/header_checks
home_mailbox = Maildir/
html_directory = no
in_flow_delay = 1s
inet_interfaces = all
inet_protocols = all
local_destination_concurrency_limit = 2
mail_owner = postfix
mail_spool_directory = /var/spool/mail
maillog_file = /var/log/maillog
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = sbanetweb.com
myhostname = mcq.sbanetweb.com
mynetworks = 96.224.250.24 127.0.0.1
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/README_FILES
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib64/postfix
smtp_tls_CAfile = /etc/postfix/tls/ChainBundle.pem
smtp_tls_CApath = /etc/postfix/tls/
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_destination reject_unauth_pipelining
reject_unknown_client_hostname permit
smtpd_data_restrictions = permit_sasl_authenticated,
reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions = check_client_access hash:/etc/postfix/maps/access
reject
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_hostname reject_non_fqdn_sender
reject_non_fqdn_recipient reject_unknown_recipient_domain permit
smtpd_junk_command_limit = 10
smtpd_milters = inet:localhost:8891, inet:localhost:8893
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks
check_recipient_access hash:/etc/postfix/maps/rejected_recips
reject_unauth_destination check_policy_service inet:127.0.0.1:2501
check_policy_service unix:private/policyd-spf
smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks
reject_unauth_destination reject_unknown_recipient_domain
reject_unverified_recipient
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated
check_sender_access hash:/etc/postfix/maps/sender_access
reject_unknown_sender_domain warn_if_reject reject_unverified_sender
reject_unknown_reverse_client_hostname reject_unknown_client_hostname
smtpd_soft_error_limit = 10
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/tls/ServerCert-combined.pem
smtpd_tls_dh1024_param_file = /etc/postfix/tls/dh.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_security_level = may
soft_bounce = no
transport_maps = hash:/etc/postfix/maps/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains = /etc/postfix/maps/localdomains
virtual_alias_maps = hash:/etc/postfix/maps/virtual
[root@mcq postfix]# postconf -Mf
smtp inet n - n - - smtpd
spamassassin unix - n n - - pipe user=spamd
argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender}
${recipient}
policyd-spf unix - n n - 0 spawn
user=policyd-spf
argv=/usr/bin/python /usr/libexec/postfix/policyd-spf
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_recipient_restrictions=
-o smtpd_client_restrictions=permit_sasl_authenticated
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
[root@mcq postfix]#
[root@mcq postfix]# openssl crl2pkcs7 -nocrl -certfile $(postconf -xh
smtpd_tls_cert_file) |
openssl pkcs7 -print_certs -noout |
grep subject=
subject=C = US, ST = New York, L = Bellmore, O = SBA Consulting LTD, CN =
mcq.sbanetweb.com
[root@mcq postfix]#
-----Original Message-----
From: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> On
Behalf Of Viktor Dukhovni
Sent: Wednesday, January 19, 2022 3:17 PM
To: postfix-users@postfix.org
Subject: Re: Doing something wrong.
On Wed, Jan 19, 2022 at 03:07:29PM -0500, Wayne Spivak wrote:
> Still not working...
That's not particularly illuminating. You'll need to reply with "postconf
-nf" and "postconf -Mf" output (inserted verbatim without any changes in
linebreaks or other whitespace).
Also with the output of (assuming bash-compatible shell):
openssl crl2pkcs7 -nocrl -certfile $(postconf -xh smtpd_tls_cert_file) |
openssl pkcs7 -print_certs -noout |
grep subject=
Your SMTP server is still responding with just the leaf (a.k.a. EE or
end-entity) certificate.
--
Viktor.
