Postfix problems since version 3.7.0

[Günther J . Niederwimmer]

Hello List and Profis,

I need help, my postfix that I recently updated
brought seems no longer happy with my config? I have
sometimes the program "pflogsum" installed, used to only sporadically
searched the logs because it's my home server!
Only now I see a plethora of errors that increase from day to day, especially 
this "throttling" is scary to me.

Also the SASL problem is getting worse, the whole thing worked before I 
upgraded to 3.7.0 and is getting worse 3.7.1 =>. I hope I give all relevant 
configs logs?

An extract from pflogsum:

Warnings
--------
  master (total: 328)
       147   /usr/libexec/postfix/smtpd: bad command startup -- throttling
         1   process /usr/libexec/postfix/smtpd pid 251086 exit status 1
         1   process /usr/libexec/postfix/smtpd pid 271671 exit status 1
         1   process /usr/libexec/postfix/smtpd pid 257703 exit status 1
..........
Fatal Errors
------------
  smtpd (total: 181)
       181   no SASL authentication mechanisms

I am not aware of having changed anything since 3.5.x ?
maybe you'll find something I didn't can see. THANKS

There is also a problem when sending emails, one time it works, the next time 
it doesn't !

postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_template_file = /etc/postfix/bounce.de-DE.cf
broken_sasl_auth_clients = yes
canonical_maps = lmdb:/etc/postfix/canonical
command_directory = /usr/sbin
compatibility_level = 3.6
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd 
$daemon_directory/$process_name $process_id & sleep 5
default_database_type = lmdb
html_directory = no
inet_interfaces = all
inet_protocols = all
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
lmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
myhostname = mx02.4gjn.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 89.xx.xxx.x/xx 
192.168.0.0/16 [fe80::]/10 [fc00::]/7 [2001:470:xxxx:xxx::]/64
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:11332
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/
postscreen_access.cidr, cidr:/etc/postfix/postscreen_spf_whitelist.cidr,
postscreen_bare_newline_enable = no
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 72h
postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7 
dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5 
bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8 
dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3 
dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2 
dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8 
zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4 
zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3 
hostkarma.junkemailfilter.com=127.0.0.4*1 
hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.
[18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_ttl = 5m
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 2d
postscreen_greet_wait = 3s
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
proxy_write_maps = proxy:lmdb:/var/lib/postfix/postscreen_cache
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix3-3.7.2/README_FILES
recipient_delimiter = +
relay_domains = lmdb:/etc/postfix/relay_domains
sample_directory = /usr/share/doc/postfix3-3.7.2/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtp_dns_support_level = dnssec
smtp_tls_CAfile = /etc/pki/tls/cert.pem
smtp_tls_cert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain.pem
smtp_tls_eccert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain-ecdsa.pem
smtp_tls_eckey_file = /etc/pki/tls/private/4gjn.com_ec.key
smtp_tls_key_file = /etc/pki/tls/private/4gjn.com.key
smtp_tls_loglevel = 2
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = dane
smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_milters = inet:localhost:11332
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, 
reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, 
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/pki/tls/certs/dh_4096.pem
smtpd_tls_dh512_param_file = /etc/pki/tls/certs/dh_2048.pem
smtpd_tls_eccert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain-ecdsa.pem
smtpd_tls_eckey_file = /etc/pki/tls/private/4gjn.com_ec.key
smtpd_tls_eecdh_grade = auto
smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL, DES-CBC3-SHA, 
ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, IDEA-CBC-SHA
smtpd_tls_key_file = /etc/pki/tls/private/4gjn.com.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = lmdb:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION NO_RENEGOTIATION
transport_maps = lmdb:/etc/postfix/transport, $relay_domains
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 577
virtual_alias_maps = lmdb:/etc/postfix/virtual_aliases

What I find in the logs is hundreds of times,
e.g.
Aug 27 14:18:27 mx02 postfix/smtpd[1417085]: connect from 
camomile.cloud9.net[168.100.1.3]
Aug 27 14:18:28 mx02 postfix/smtpd[1417085]: Anonymous TLS connection 
established from camomile.cloud9.net[168.100.1.3]: TLSv1.2 with cipher ECDHE-
ECDSA-AES256-GCM-SHA384 (256/256 bits)
Aug 27 14:18:38 mx02 postfix/smtpd[1417085]: fatal: no SASL authentication 
mechanisms
Aug 27 14:18:39 mx02 postfix/master[213623]: warning: process /usr/libexec/
postfix/smtpd pid 1417085 exit status 1
Aug 27 14:18:39 mx02 postfix/master[213623]: warning: /usr/libexec/postfix/
smtpd: bad command startup -- throttling

Thanks for any hint or help,
-- 
mit freundlichen Grüßen / best Regards,

 Günther J. Niederwimmer