[pfx] Re: Painful Postfix
On April 30, 2023 7:03:59 AM GMT+02:00, Kolusion K via Postfix-users wrote: >So, I tried using the 'debug_peer_list' parameter like this, but it didn't >work... > >debug_peer_list = 1.2.3.4, 5.6.7.8 Last time i had to debug an smtp session i implemented it as, in main.cf (i use cdb, but hash should also work) debug_peer_list = cdb:/etc/postfix/debug_peer The content of debug_peer beeing 1.2.3.4 check 2.3.4.5 check Don't forget to postmap that file: postmap /etc/postfix/debug_peer The smtp session is in your mail log. >I did restart the Postfix service after applying the change to 'main.cf'. > > >It looks like Postfix lacks the capability to show the SMTP session, right? > >Thanks > > >Kolusion > > > >Sent: Sunday, April 30, 2023 at 2:54 PM >From: "Kolusion K" >To: postfix-users@postfix.org >Subject: Painful Postfix >Hello again > > >I am again trying to use the 'debug_peer_list' parameter to see if it will >show me the SMTP session in the mail log. > >The e-mail address I am sending to has a server or servers with multiple IP >addresses. How can I go about using multiple IP addresses with the >'debug_peer_list' parameter? > >Like this? > >debug_peer_list = 1.2.3.4 5.6.7.8 > >or perhaps like this? > >debug_peer_list = 1.2.3.4, 5.6.7.8 > > >Thanks > >Kolusion >___ >Postfix-users mailing list -- postfix-users@postfix.org >To unsubscribe send an email to postfix-users-le...@postfix.org -- Christian Kivalo ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Painful Postfix
On 30.04.23 07:25, Kolusion K via Postfix-users wrote: Subject: [pfx] Painful Postfix it would be much better if you provided better Subject: for questions/problems like this, e.g. "debug_peer_level question". Can somebody please tell me what levels are available for the 'debug_peer_level' parameter? The parameter is not fully documented. it's documented here: http://www.postfix.org/postconf.5.html#debug_peer_level higher level - more verbose information, lower level - less verbose. more details are available in postfix sources. Also, can somebody please tell me if a parameter is used twice in 'main.cf', will the first line its used on be ignored if the parameter is used on a line after it? For example: Will this work? debug_peer_list = 47.246.99.195 debug_peer_list = 47.246.136.231 debug_peer_list = 47.246.137.47 you would override setting in each line. postconf would complain. Or would I need to use something like this? debug_peer_list = 47.246.99.195, 47.246.136.231, 47.246.137.47 this one. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside... ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Painful Postfix
On 30.04.23 07:35, Kolusion K via Postfix-users wrote: My e-mail server is able to deliver e-mail to some hosts but will time out when attempting to deliver to other hosts. What could be causing this problem? network firewall at your or recipients' side. Routing problems can cause this too. check your server hosting provider if they don't block outgoing connections to port 25. Also check your IP address if it's not in DNS blocklists, e.g. spamhaus' DROP: https://www.spamhaus.org/drop/ -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Saving Private Ryan... Private Ryan exists. Overwrite? (Y/N) ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Painful Postfix
Intrigued by a complaint about poor logging from Postfix, I decided to investigate. What was logged? Apr 30 14:32:16 generalpurpose postfix/smtp[2299]: 78D1D80AD7: to=, relay=none, delay=414074, delays=413981/0.19/93/0, dsn=4.4.1, status=deferred (connect to mxw.mxhichina.com[47.246.99.195]:25: Connection timed out) What failed? connect to mxw.mxhichina.com[ipaddr]. The attempt to connect to mxw.mxhichina.com[ipaddr] failed. There was no TCP connection, thus no SMTP commands could be sent, and no SMTP responses could be received. I like to think that a reasonable person would agree with the above assessment. Why did it fail? Connection timed out. This is the system-defined error text for an error code that is defined by a POSIX standard. I like to think that a reasonable person would agree that regardless of what the exact error was, an attempt to log SMTP commands or responses would be pointless, because there was no TCP connection. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Painful Postfix
Hello. You can try adding to your main.conf: tcp_windowsize=65535 See also: https://www.postfix.org/postconf.5.html That can help fixing broken window sizes because of a firewall. Thanks Matthew On 4/30/2023 12:35 AM, Kolusion K via Postfix-users wrote: Hello again My e-mail server is able to deliver e-mail to some hosts but will time out when attempting to deliver to other hosts. What could be causing this problem? Thanks Sincerely, Kolusion ___ Postfix-users mailing list --postfix-users@postfix.org To unsubscribe send an email topostfix-users-le...@postfix.org___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Painful Postfix
On Sun, Apr 30, 2023 at 06:06:48PM -0500, Matthew McGehrin via Postfix-users wrote: > You can try adding to your main.conf: > > tcp_windowsize=65535 > > See also: > > https://www.postfix.org/postconf.5.html > > That can help fixing broken window sizes because of a firewall. This won't help. The choice of TCP window size can sometimes play a contributing role in problems during message *transmission*, but not during TCP connection setup. [ TCP fast-open aside, the SYN and SYN-ACK packets carry no data. Postfix does not enable TFO, and it is not on by default. ] The OP may be on a network that is blocked by the receiving system, or from which SMTP connections are filtered by the local provider. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Painful Postfix
When I open a raw socket to the remote server on port 25 using telnet, I am able to connect and see the server announce itself, so, it is reasonable to assume that Postfix is doing the same and timing out during the SMTP transaction because Postfix is not having a problem sending mail to other servers. A reasonable person does not assume their software is always telling the truth. > Sent: Sunday, April 30, 2023 at 8:45 pm > From: "Wietse Venema via Postfix-users" > To: "Postfix users" > Subject: [pfx] Re: Painful Postfix > > Intrigued by a complaint about poor logging from Postfix, I decided > to investigate. > > What was logged? > > Apr 30 14:32:16 generalpurpose postfix/smtp[2299]: 78D1D80AD7: > to=, relay=none, delay=414074, delays=413981/0.19/93/0, > dsn=4.4.1, status=deferred (connect to > mxw.mxhichina.com[47.246.99.195]:25: Connection timed out) > > What failed? > > connect to mxw.mxhichina.com[ipaddr]. > > The attempt to connect to mxw.mxhichina.com[ipaddr] failed. > There was no TCP connection, thus no SMTP commands could be > sent, and no SMTP responses could be received. > > I like to think that a reasonable person would agree with the above > assessment. > > Why did it fail? > > Connection timed out. > > This is the system-defined error text for an error code that > is defined by a POSIX standard. > > I like to think that a reasonable person would agree that regardless > of what the exact error was, an attempt to log SMTP commands or > responses would be pointless, because there was no TCP connection. > > Wietse > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Painful Postfix
Kolusion K via Postfix-users wrote: > When I open a raw socket to the remote server on port 25 using telnet, I am > able to connect and see the server announce itself […] Then, do continue to provide all essential *FURTHER* commands via telnet and see and report what happens. Michael ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] E-mail problem
So I have a bizarre problem. I can't send e-mail to some servers but I can to others. The e-mail that doesn't get sent is due to the connection timing out to the remote server. Another strange problem is that some people can e-mail me while others can't. This is how my e-mail server is setup off the top of my head: E-mail server has a CG-NAT IP address. E-mail server connects to a VPN on a VPS. Postfix uses VPN interface '192.168.2.2'. VPS routes port 25 from WAN interface to '192.168.2.2'. VPS routes port 25 from '192.168.2.2' to WAN interface. E-mail server firewall allows port 25 in and out on '192.168.2.2'. VPS firewall allows port 25 in and out on WAN interface. MX record points to VPS WAN interface IP address. Everything should work, but it doesn't always. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: E-mail problem
This is typical networking issues. Nothing about postfix. Regards > > So I have a bizarre problem. I can't send e-mail to some servers but I can to > others. The e-mail that doesn't get sent is due to the connection timing out > to the remote server. > > Another strange problem is that some people can e-mail me while others can't. > > This is how my e-mail server is setup off the top of my head: > > E-mail server has a CG-NAT IP address. > E-mail server connects to a VPN on a VPS. > Postfix uses VPN interface '192.168.2.2'. > VPS routes port 25 from WAN interface to '192.168.2.2'. > VPS routes port 25 from '192.168.2.2' to WAN interface. > E-mail server firewall allows port 25 in and out on '192.168.2.2'. > VPS firewall allows port 25 in and out on WAN interface. > MX record points to VPS WAN interface IP address. > > Everything should work, but it doesn't always. > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org > -- https://kenpeng.pages.dev/ ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: E-mail problem
Kolusion K via Postfix-users wrote: > So I have a bizarre problem. I can't send e-mail to some servers but I can to > others. The e-mail that doesn't get sent is due to the connection timing out > to the remote server. > > Another strange problem is that some people can e-mail me while others can't. > > This is how my e-mail server is setup off the top of my head: > > E-mail server has a CG-NAT IP address. Citating https://en.wikipedia.org/wiki/Carrier-grade_NAT Disadvantages Critics of carrier-grade NAT argue the following aspects: • Like any form of NAT, it breaks the end-to-end principle.[6] • It has significant security, scalability, and reliability problems, by virtue of being stateful. • It does not solve the IPv4 address exhaustion problem when a public IP address is needed, such as in web hosting. Carrier-grade NAT usually prevents the ISP customers from using port forwarding, because the network address translation (NAT) is usually implemented by mapping ports of the NAT devices in the network to other ports in the external interface. This is done so the router will be able to map the responses to the correct device; in carrier-grade NAT networks, even though the router at the consumer end might be configured for port forwarding, the "master router" of the ISP, which runs the CGN, will block this port forwarding because the actual port would not be the port configured by the consumer.[7] In order to overcome the former disadvantage, the Port Control Protocol (PCP) has been standardized in the RFC 6887. In cases of banning traffic based on IP addresses, the system might block the traffic of a spamming user by banning the user's IP address. If that user happens to be behind carrier-grade NAT, other users sharing the same public address with the spammer will be mistakenly blocked.[7] This can create serious problems for forum and wiki administrators attempting to address disruptive actions from a single user sharing an IP address with legitimate users. FYI, Michael ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] E-mail problem
Hello So I have a problem sending and receiving e-mail from some people. The problem I have sending e-mail to some people is that Postfix says the connection times out when attempting to connect to the server. This is my setup: E-mail server connects to VPN on VPS on its WAN IP address using PPTP and obtains the IP address '192.168.2.2' on ppp0 interface, using gateway '192.168.2.1'. Postfix starts on e-mail server and uses '192.168.2.2' on ppp0 interface. E-mail server allows port 25 traffic in and out on '192.168.2.2' from anywhere on ppp0. VPS allows port 25 traffic in and out on WAN IP address on eth0 from anywhere. VPS allows port 25 traffic in and out on '192.168.2.1' on ppp0 from '192.168.2.2'. VPS routes port 25 traffic on WAN IP address on eth0 to '192.168.2.2'. VPS routes port 25 traffic from '192.168.2.2' on ppp0 to WAN IP address. MX record is VPS WAN IP address. The strange thing is, when I Telnet on port 25 on the VPS to the e-mail servers Postfix can't connect to from my e-mail server, I can connect to them. What could be causing Postfix being able to send e-mail to some servers but not others, and some people being able to e-mail me but not others? Kolusion ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Painful Postfix
On Mon, May 01, 2023 at 04:46:20AM +0200, Michael Grimm via Postfix-users wrote: > > When I open a raw socket to the remote server on port 25 using > > telnet, I am able to connect and see the server announce itself […] > > Then, do continue to provide all essential *FURTHER* commands via > telnet and see and report what happens. There's no point in any of that. The actual problem is TCP connection establishment, not SMTP chit-chat. The OP's various tunnels may behave differently when tested by hand, but regardless no SMTP dialogues over established connections shed any light on connection failure. To debug networking issues, use "tcpdump" to record and analyse traffic. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Sorry for the double post
Sorry for double post about my e-mail problem. When I hit send, this crap e-mail service returned me to its FQDN landing page and I thought I lost my e-mail, so I logged in and wrote it all again. This time it sent, and then I returned to my inbox to find replies to the e-mail that appeared not to send. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
