I am able to send and receive mail between local users using both Thunderbird and Squirrelmail. I can also send to external users using both mail clients.
What I cannot do is send to any user, local or external, from the server itself. This affects not just the console program 'mail', but also daily reports sent via scripts called in cron jobs. Attempts using 'mail' or via the script files trying to send to local accounts result in:
status=deferred (delivery temporarily suspended: host 127.0.0.1[127.0.0.1] refused to talk to me: 421 Internal error (Next hop is down))
I have determined through trial and error that disabling this content filter in master.cf...
pickup fifo n - n 60 1 pickup
...enables mail sent via 'mail' or cron jobs to be processed. However the problem does not exist with that line enabled on the original postfix (2.5.5-1.1+lenny1) server. Having inherited the old server, I'm not fully up to speed on what that line does, but the old server works and has been for years, so I don't want to blindly take the line out not knowing what I might break in the process.
Here is some of the output from netstat -tapn, showing that the server is listening on port 10026:
On Monday, January 23, 2017 11:52:09 AM bithead wrote:
> postfix 2.1.3-1
OP meant 2.11.3-1.
> ... replace an old postfix server running on Debian Lenny ...
Which is ancient.
The Debian dkimproxy package no longer provides some of the helper scripts it
once did. Instead of trying to fix your DKIM signing to work like it used to,
you are probably better off switching to something like a opendkim milter.
This is entirely a distribution specific issue, so I'd recommend pursuing this
via Debian support resources rather than here.
Scott - can you (or anyone else) shed some light on why there would be a DKIM content filter on the pickup process? Nothing I've read about DKIM so far has ever shown an example of why one might do that. As previously indicated, I've inherited this server, so am trying to back-learn the previous admin's thinking.
On 1/24/2017 1:03 PM, bithead wrote:
> Scott - can you (or anyone else) shed some light on why there would be a DKIM
> content filter on the pickup process? Nothing I've read about DKIM so far
> has ever shown an example of why one might do that. As previously
> indicated, I've inherited this server, so am trying to back-learn the
> previous admin's thinking.
That would be a reasonable place to put a DKIM signing filter to
insure local mail is signed.
It turns out the previous admin neglected to include a section in master.cf to indicate the relay port that was specified in the dkimproxy_in.conf file. Adding that section cured the problem. Apparently the old system running on lenny somehow tolerates the omission without causing any problems.
Thanks to those who took the time to read and/or reply!