[pfx] postfix database, aliases, permissions, configuration issue, help requested, perplexed
Hello, I'm trying to migrate to a new setup, Debian 12 with Postfix 3.7 and Dovecot 2.3 using virtual mailbox domains. There are no local everyone is virtual. The first problem I'm seeing is the Postfix process is exiting: #systemctl status postfix ? postfix.service - Postfix Mail Transport Agent Loaded: loaded (/lib/systemd/system/postfix.service; enabled; preset: e> Active: active (exited) since Wed 2023-07-19 15:02:03 EDT; 4s ago I suspect this is occurring because of this: 2023-07-19T15:19:58.474716-04:00 hostname postfix/master[41002]: warning: process /usr/lib/postfix/sbin/smtpd pid 41013 exit status 1 A few lines earlier: 2023-07-19T15:19:57.473608-04:00 hostname postfix/proxymap[41014]: warning: request for unapproved table: "unix:passwd.byname" 2023-07-19T15:19:57.473797-04:00 hostname postfix/proxymap[41014]: warning: to approve this table for read-only access, list proxy:unix:passwd.byname in main.cf:proxy_read_maps 2023-07-19T15:19:57.474399-04:00 hostname postfix/smtpd[41013]: fatal: proxymap service is not configured for table "unix:passwd.byname" I don't have that table listed in my proxy configuration. I'm also getting errors when atempting to access my sql aliases.cf configuration. That looks like this and it's looking like others: 2023-07-19T15:20:02.693395-04:00 hostname postfix/proxymap[41014]: error: open /etc/postfix/sql/aliases.cf: Permission denied 2023-07-19T15:20:02.700548-04:00 hostname postfix/proxymap[41014]: error: open /etc/postfix/sql/domains.cf: Permission denied 2023-07-19T15:20:02.701021-04:00 hostname postfix/proxymap[41014]: warning: mysql:/etc/postfix/sql/aliases.cf is unavailable. open /etc/postfix/sql/aliases.cf: Permission denied 2023-07-19T15:20:02.701791-04:00 hostname postfix/cleanup[41032]: warning: proxy:mysql:/etc/postfix/sql/aliases.cf lookup error for "r...@mail.example.com" I'm seeing issues with postfix local trying to get in to this whenever it does it tries to send to r...@mail.example.com. Given the above I would think anything wouldn't be working since domains.cf can't be found then receiving any email shouldn't work, sent a test message through and it does, if I send to a non-aliases address i.e. r...@domain.com does not work, yet u...@domain.com goes through just fine. Here's my master.cf file and a postconf -n output. Here's also a permissions of /etc/postfix/sql/*.cf. Any help appreciated. Thanks. Dave. #cat master.cf # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no)(never) (100) # == #smtp inet n - y - - smtpd smtp inet n - y - 1 postscreen smtpd pass - - y - - smtpd dnsblog unix - - y - 0 dnsblog tlsproxy unix - - y - 0 tlsproxy # Choose one: enable submission for loopback clients only, or for any client. #127.0.0.1:submission inet n - y - - smtpd submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes -o smtpd_reject_unlisted_recipient=no # Instead of specifying complex smtpd__restrictions here, # specify "smtpd__restrictions=$mua__restrictions" # here, and specify mua__restrictions in main.cf (where # "" is "client", "helo", "sender", "relay", or "recipient"). -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions= -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_relay_restrictions=$mua_relay_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o cleanup_service_name=submission-header-cleanup -o milter_macro_daemon_name=ORIGINATING # Choose one: enable submissions for loopback clients only, or for any client. #127.0.0.1:submissions inet n - y - - smtpd #submissions inet n - y - - smtpd # -o syslog_name=postfix/submissions # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # Instead of specifying complex smtpd__restrictions here, # specify "smtpd__restrictions=$mua__restrictions" # here, and specify mua__restrictions in main.cf (where # "" is "client", "helo", "sender", "relay", or "recipient"). # -o smtpd_client_restrictions= # -o smtpd_helo_restrictions= # -o smtpd_sender_restrictions= # -o s
[pfx] Re: postfix database, aliases, permissions, configuration issue, help requested, perplexed
Hello, Thank you for your reply. My apologies, I thought these issues were all possibly interrelated. To the first issue the postfix process dying. I looked at the service startup definition on my debian 12 system that's in /lib/systemd/system/postfix.service I believe this is the section with the information you requested: [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/true ExecReload=/bin/true I stopped and started postfix and used: systemctl --full --no-pager status postfix that didn't tell me more than I already knew: #systemctl --full --no-pager status postfix ? postfix.service - Postfix Mail Transport Agent Loaded: loaded (/lib/systemd/system/postfix.service; enabled; preset: enabled) Active: active (exited) since Thu 2023-07-20 08:31:16 EDT; 11s ago Docs: man:postfix(1) Process: 59286 ExecStart=/bin/true (code=exited, status=0/SUCCESS) Main PID: 59286 (code=exited, status=0/SUCCESS) Jul 20 08:31:16 hostname.example.com systemd[1]: Starting postfix.service - Postfix Mail Transport Agent... Jul 20 08:31:16 hostname.example.com systemd[1]: Finished postfix.service - Postfix Mail Transport Agent. I ran "postfix check" I get no warnings. I checked for both selinux and apparmor neither is installed. I ran "postfix set-permissions" again no warnings. I hope this information helps. Thanks. Dave. On 7/19/23, Viktor Dukhovni via Postfix-users wrote: > On Wed, Jul 19, 2023 at 06:03:17PM -0400, David Mehler via Postfix-users > wrote: > >> I'm trying to migrate to a new setup, Debian 12 with Postfix 3.7 and >> Dovecot 2.3 using virtual mailbox domains. There are no local everyone >> is virtual. The first problem I'm seeing is the Postfix process is >> exiting: > > You're packing too many problems into one post, which discourages > substantive help. Best to restart one problem at a time. > >> #systemctl status postfix >> ? postfix.service - Postfix Mail Transport Agent >> Loaded: loaded (/lib/systemd/system/postfix.service; enabled; preset: >> e> >> Active: active (exited) since Wed 2023-07-19 15:02:03 EDT; 4s ago > > This is likely because of a mismatch between the service defintion and > the actual Postfix start code it invokes. Is the (ultimately master(8)) > process actually expected to remain in the foreground? Or is the > "exited" actually normal here, because the service definition is > starting a "background" job? > > See the postfix(1) manpage about various ways to start Postfix, and > see what the service definition is trying to do. > >> I suspect this is occurring because of this: >> >> 2023-07-19T15:19:58.474716-04:00 hostname postfix/master[41002]: >> warning: process /usr/lib/postfix/sbin/smtpd pid 41013 exit status 1 > > No, because master(8) keeps running regardless of whether various > services are failing or not. Once the service startup issue is > put to bed (it is probably fine, but let's get that out of the way), > we can try to solve each of the remaining problems one at a time. > > Some of them suggest that perhaps you have SELinux or AppArmor, ... > refusing to allow various kinds of file access. > > Run "postfix check" and address any reported problems. If "postfix > set_permissions" does not fix the various file permission problems, > look to disable SELinux or AppArmor. > > -- > Viktor. > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org > ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postfix database, aliases, permissions, configuration issue, help requested, perplexed
Hello, Thanks everyone for the feedback. I've commented out proxy_read_maps which seems to have done it, postfix/local isn't trying to get in to things and aliases are working, though I'm not sure if the perms there are right, 755 root:root on /etc/postfix/sql and 644 root:root on the various .cf files. Thanks. Dave. On 7/20/23, Viktor Dukhovni via Postfix-users wrote: > On Thu, Jul 20, 2023 at 08:45:46AM -0400, David Mehler via Postfix-users > wrote: > >> Thank you for your reply. My apologies, I thought these issues were >> all possibly interrelated. >> >> To the first issue the postfix process dying. > > Quite possibly, the right formulation is "exiting as expected", rather > than "dying". > > If the master(8) process is still running, "Postfix" is running and not > "dead", but individual services listed in master.cf may be encountering > fatal problems. > > So the "exited" status may be a non-problem, and your problems are all > the file permission and related issues. If so, now move on to one of > the other problems. > > -- > Viktor. > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org > ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Thunderbird 91, Postfix 3.7.x, Debian 12, Virtual Mailbox Users, TLS with Letsencrypt, error improper command pipelining after helo
Hello,
I've got a Debian 12.5 vps going, it's running Dovecot 2.3.x, Postfix
3.7.x, secured with letsencrypt. I've confirmed that my certificates are
valid and unexpired. I'm trying to connect via StartTLS to Dovecot 143,
for retrieving mail, and Postfix 587 submission to send it. I'm wanting
to utilize Thunderbird v91.x. I've tried configuring with both the
automatic configuration and the manual configuration, in both cases I am
getting an error in my maillog from submission/smtpd service stating
error improper command pipelining after helo. Googling showed this error
but in that case the solution was he was running Avast Antivirus, I am
not. In either case manual or automatic the configuration does not
complete. I'm wondering if anyone else has seen this with these versions
of Thunderbird and Postfix?
Do my *restrictions and tls configurations look good?
Here's my postconf -n output hope it helps.
Suggestions welcome.
Thanks.
Dave.
# postconf -n
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 1h
compatibility_level =
disable_vrfy_command = yes
inet_interfaces = 127.0.0.1, xxx.xxx.xxx.xxx
inet_protocols = ipv4
mailbox_size_limit = 0
maximal_backoff_time = 15m
maximal_queue_lifetime = 1h
message_size_limit = 52428800
minimal_backoff_time = 5m
mydomain = example.com
myhostname = mail.example.com
mynetworks = 127.0.0.0/8
myorigin = $mydomain
policyd-spf_time_limit = 3600
postscreen_access_list = permit_mynetworks
cidr:/etc/postfix/postscreen_access
postscreen_blacklist_action = drop
postscreen_dnsbl_action = drop
postscreen_dnsbl_sites = ix.dnsbl.manitu.net*2 zen.spamhaus.org*2
bl.spamcop.net*2
postscreen_dnsbl_threshold = 2
postscreen_greet_action = drop
queue_run_delay = 5m
recipient_delimiter = +
smtp_dns_support_level = dnssec
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_ciphers = high
smtp_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
smtp_tls_policy_maps = proxy:mysql:/etc/postfix/sql/tls-policy.cf
smtp_tls_protocols = $smtpd_tls_mandatory_protocols
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unknown_client_hostname
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_helo_access hash:/etc/postfix/helo_access,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname
smtpd_recipient_restrictions = check_recipient_access
proxy:mysql:/etc/postfix/sql/recipient-access.cf, permit_mynetworks,
permit_sasl_authenticated, reject_invalid_hostname,
reject_unknown_client_hostname, reject_unknown_recipient_domain,
reject_non_fqdn_recipient, reject_unauth_destination,
reject_sender_access pcre:/etc/postfix/sender_access,
check_policy_service unix:private/dovecot-quota
smtpd_relay_restrictions = reject_non_fqdn_recipient
reject_unknown_recipient_domain permit_mynetworks
permit_sasl_authenticated reject_unauth_destination,
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/example.com/example.com.fullchain.crt
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = /etc/postfix/dhparams.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_key_file = /etc/ssl/example.com/example.com.key
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = $smtpd_tls_mandatory_protocols
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_high_cipherlist =
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION NO_RENEGOTIATION
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/aliases.cf
virtual_gid_maps = static:992
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/accounts.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:999
#cat /etc/postfix/master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
#
==
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
#
==
#smtp inet n - n - - smtpd
smtp inet
[pfx] Re: Thunderbird 91, Postfix 3.7.x, Debian 12, Virtual Mailbox Users, TLS with Letsencrypt, error improper command pipelining after helo
Hello Wietse Thank you for your reply. > Thunderbird pipelining errors after helo? That is the problem yes. In my master.cf I do have smtpd_tls_wrappermode but it's in the commented out service for port 465, I'm using submission. I've checked with postconf and smtpd_tls_wrappermode is set to no. Is there any additional information I can provide? Please keep the suggestions coming. Thanks. Dave. On 4/1/2024 3:41 PM, Wietse Venema via Postfix-users wrote: David Mehler via Postfix-users: to utilize Thunderbird v91.x. I've tried configuring with both the automatic configuration and the manual configuration, in both cases I am getting an error in my maillog from submission/smtpd service stating error improper command pipelining after helo. Googling showed this error Thunderbird pipelining errors after helo? People sometimes have improper command pipelining errors after *connect*, when - The Postfix SMTP server is configured in master.cf with smtpd_tls_wrappermode turned off (this is the usual configuration for connect to the submission service a.k.a. port 587). - The SMTP client is configured with smtpd_tls_wrappermode turned on (this is the usual configuration for clients that connect to the submissions service a.k.a. port 465). The client then starts talking befor the server expects that to happen. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org -- Sent from Mozilla Thunderbird 91.13.1 ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Thunderbird 91, Postfix 3.7.x, Debian 12, Virtual Mailbox Users, TLS with Letsencrypt, error improper command pipelining after helo
s/smtpd[1575]: input attribute value: 0 2024-04-02T09:49:26.016422-04:00 hostname postfix/smtps/smtpd[1575]: private/anvil: wanted attribute: (list terminator) 2024-04-02T09:49:26.016475-04:00 hostname postfix/smtps/smtpd[1575]: input attribute name: (end) 2024-04-02T09:49:26.016528-04:00 hostname postfix/smtps/smtpd[1575]: lost connection after CONNECT from xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] 2024-04-02T09:49:26.016584-04:00 hostname postfix/smtps/smtpd[1575]: disconnect from xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] commands=0/0 On 4/1/2024 4:17 PM, Viktor Dukhovni via Postfix-users wrote: On Mon, Apr 01, 2024 at 04:09:34PM -0400, David Mehler via Postfix-users wrote: In my master.cf I do have smtpd_tls_wrappermode but it's in the commented out service for port 465, I'm using submission. I've checked with postconf and smtpd_tls_wrappermode is set to no. Of course, but Thunderbird might be attempting wrapper-mode (implicit TLS), which could then be logged as a pipelining violation. Is there any additional information I can provide? Please keep the suggestions coming. The full unedited log entry has already been requested. For meaningful help, post the log entry. -- Sent from Mozilla Thunderbird 91.13.1 ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Mails ending up in spam when sending to gmail address
Hello, I'm not sure if this is a Postfix or an Rspamd problem or a Gmail problem, the first two I can do something about the third one not so sure. I'm running a personal E-mail server running on a VPS via a2hosting. I'm using Cloudflare for my DNS. I've got Postfix 3.7.11 and Rspamd 3.8.4 going. All appears well on my end, I've got dns MX, a PTR, SPF, DKIM, and DMARC with what I thought was abiding by Google's new email sending policy so I could get a message through. On my side the email is accepted from here, and relayed, Rspamd does sign it, and Postfix's last message in the log is a message sent delivered, and removed from my queue. I check my test Gmail account, and the message is indeed there, but Gmail has placed it in the spam folder. I check the headers of said message, an SPF and DKIM both pass. I am open to suggestions. Thanks. Dave. -- Sent from Mozilla Thunderbird 91.13.1 ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
