Hello,
I'm trying to migrate to a new setup, Debian 12 with Postfix 3.7 and
Dovecot 2.3 using virtual mailbox domains. There are no local everyone
is virtual. The first problem I'm seeing is the Postfix process is
exiting:
#systemctl status postfix
? postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/lib/systemd/system/postfix.service; enabled; preset: e>
Active: active (exited) since Wed 2023-07-19 15:02:03 EDT; 4s ago
I suspect this is occurring because of this:
2023-07-19T15:19:58.474716-04:00 hostname postfix/master[41002]:
warning: process /usr/lib/postfix/sbin/smtpd pid 41013 exit status 1
A few lines earlier:
2023-07-19T15:19:57.473608-04:00 hostname postfix/proxymap[41014]:
warning: request for unapproved table: "unix:passwd.byname"
2023-07-19T15:19:57.473797-04:00 hostname postfix/proxymap[41014]:
warning: to approve this table for read-only access, list
proxy:unix:passwd.byname in main.cf:proxy_read_maps
2023-07-19T15:19:57.474399-04:00 hostname postfix/smtpd[41013]: fatal:
proxymap service is not configured for table "unix:passwd.byname"
I don't have that table listed in my proxy configuration.
I'm also getting errors when atempting to access my sql aliases.cf
configuration. That looks like this and it's looking like others:
2023-07-19T15:20:02.693395-04:00 hostname postfix/proxymap[41014]:
error: open /etc/postfix/sql/aliases.cf: Permission denied
2023-07-19T15:20:02.700548-04:00 hostname postfix/proxymap[41014]:
error: open /etc/postfix/sql/domains.cf: Permission denied
2023-07-19T15:20:02.701021-04:00 hostname postfix/proxymap[41014]:
warning: mysql:/etc/postfix/sql/aliases.cf is unavailable. open
/etc/postfix/sql/aliases.cf: Permission denied
2023-07-19T15:20:02.701791-04:00 hostname postfix/cleanup[41032]:
warning: proxy:mysql:/etc/postfix/sql/aliases.cf lookup error for
"[email protected]"
I'm seeing issues with postfix local trying to get in to this whenever
it does it tries to send to [email protected].
Given the above I would think anything wouldn't be working since
domains.cf can't be found then receiving any email shouldn't work,
sent a test message through and it does, if I send to a non-aliases
address i.e. [email protected] does not work, yet [email protected] goes
through just fine. Here's my master.cf file and a postconf -n output.
Here's also a permissions of /etc/postfix/sql/*.cf.
Any help appreciated.
Thanks.
Dave.
#cat master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
#smtp inet n - y - - smtpd
smtp inet n - y - 1 postscreen
smtpd pass - - y - - smtpd
dnsblog unix - - y - 0 dnsblog
tlsproxy unix - - y - 0 tlsproxy
# Choose one: enable submission for loopback clients only, or for any client.
#127.0.0.1:submission inet n - y - - smtpd
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_relay_restrictions=$mua_relay_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o cleanup_service_name=submission-header-cleanup
-o milter_macro_daemon_name=ORIGINATING
# Choose one: enable submissions for loopback clients only, or for any client.
#127.0.0.1:submissions inet n - y - - smtpd
#submissions inet n - y - - smtpd
# -o syslog_name=postfix/submissions
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
submission-header-cleanup unix n - n - 0 cleanup
-o header_checks=regexp:/etc/postfix/submission_header_cleanup
#postconf -n
append_dot_mydomain = no
biff = no
compatibility_level = 3.7
disable_vrfy_command = yes
inet_interfaces = 127.0.0.1, xxx.xxx.xxx.xxx
mailbox_size_limit = 0
message_size_limit = 52428800
mydomain = example.com
myhostname = mail.example.com
mynetworks = 127.0.0.0/8
myorigin = $mydomain
proxy_read_maps = proxy:mysql:/etc/postfix/sql/aliases.cf
proxy:mysql:/etc/postfix/sql/accounts.cf
proxy:mysql:/etc/postfix/sql/domains.cf
proxy:mysql:/etc/postfix/sql/recipient-access.cf
proxy:mysql:/etc/postfix/sql/sender-login-maps.cf
proxy:mysql:/etc/postfix/sql/tls-policy.cf
recipient_delimiter = +
smtp_dns_support_level = dnssec
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_ciphers = high
smtp_tls_policy_maps = proxy:mysql:/etc/postfix/sql/tls-policy.cf
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_client_restrictions = permit_mynetworks reject_unknown_client_hostname
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks
reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
smtpd_recipient_restrictions = check_recipient_access
proxy:mysql:/etc/postfix/sql/recipient-access.cf
smtpd_relay_restrictions = reject_non_fqdn_recipient
reject_unknown_recipient_domain permit_mynetworks
reject_unauth_destination
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/example.com/example.com.fullchain.crt
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = /etc/postfix/dhparams.pem
smtpd_tls_key_file = /etc/ssl/example.com/example.com.key
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_high_cipherlist =
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = yes
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/aliases.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/accounts.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
#ls -la /etc/postfix/sql
total 32
drwxr-xr-x 2 root root 4096 Jul 19 15:18 ./
drwxr-xr-x 5 root root 4096 Jul 19 16:52 ../
-rw-r--r-- 1 root root 194 Jul 19 13:12 accounts.cf
-rw-r--r-- 1 root root 562 Jul 19 15:18 aliases.cf
-rw-r--r-- 1 root root 152 Jul 17 11:18 domains.cf
-rw-r--r-- 1 root root 237 Jul 19 13:14 recipient-access.cf
-rw-r--r-- 1 root root 390 Jul 19 13:18 sender-login-maps.cf
-rw-r--r-- 1 root root 166 Jul 17 11:20 tls-policy.cf
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
