Problems with aliases

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Problems with aliases

wa6vvv
I have a situation that is most likely a problem with my understanding of postfix and not a code problem.  I am getting ready to take over a domain name for mail service.  A number of new addresses in that domain need to be forwarded to other mail servers.  I setup postfix to do that and it worked fine.  However, there is still some time before I actually take over the domain.  In the meantime I was entering some of the addresses and forwarding addresses into the vmail alias file.  Each entry was preceded by "# ".  My understanding was that lines starting with a # would be ignored.  I did not bother to run postmap as it would do nothing useful.

Several hours later I noticed that no outgoing mail was going out.  Everything was receiving an error in maillog:

May  8 00:02:49 mail postfix/error[83540]: 8A72B114C3EE: to=<[hidden email]>, relay=none, delay=94792, delays=94792/0.03/0/0, dsn=4.3.0, status=deferred (mail transport unavailable)

Note, this address was not in the vmail alias file.  It appears to have affected all outgoing mail.  Incoming mail was processed normally.

In addition there were a number of these messages (starting hours later in the day):

May  8 23:44:57 mail postfix/smtpd[95331]: warning: database /usr/local/etc/postfix/vmail_alias.db is older than source file /usr/local/etc/postfix/vmail_alias


To restore service, I removed all these entries, ran post map and did postfix restart.  Problem continued until I terminated postfix and restarted it.  Then outgoing mail resumed delivery properly.


mail# postconf -n
command_directory = /usr/local/sbin
compatibility_level = 2
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
dovecot_destination_recipient_limit = 1
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 0
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
max_use = 5
message_size_limit = 102400000
mydestination = localhost.$mydomain, localhost
mydomain = sermon-archive.info
mynetworks_style = subnet
newaliases_path = /usr/local/bin/newaliases
postscreen_access_list = permit_mynetworks, cidr:/usr/local/etc/postfix/access.cidr
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_destination_recipient_limit = 25
smtpd_authorized_xclient_hosts = 10.0.1.0/24
smtpd_command_filter = pcre:/usr/local/etc/postfix/quote
smtpd_error_sleep_time = 10
smtpd_hard_error_limit = 10
smtpd_milters = unix:/var/run/clamav/clmilter.sock
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 1
smtpd_tls_cert_file = /etc/ssl/certs/mail.pem
smtpd_tls_key_file = /etc/ssl/private/mail.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/vmail_alias
virtual_gid_maps = static:2222
virtual_mailbox_base = /var/mail/
virtual_mailbox_domains = hash:/usr/local/etc/postfix/vmail_domains
virtual_mailbox_limit = 102400000
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmail_mailbox
virtual_minimum_uid = 2222
virtual_transport = dovecot
virtual_uid_maps = static:2222
mail#


mail# postconf -Mf
smtpd      pass  -       -       n       -       -       smtpd
smtp       inet  n       -       n       -       1       postscreen
dnsblog    unix  -       -       n       -       0       dnsblog
tlsproxy   unix  -       -       n       -       0       tlsproxy
submission inet  n       -       n       -       -       smtpd
dovecot    unix  -       n       n       -       -       pipe flags=DRhu
    user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender}
    -d ${recipient}
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
mail#


vmail_alias file contained

# user1@domain1 user1@domain2
# user2@domain1 user2@domain3
# user3@domain1 user3@domain4

The domain names 1-4 above are not in any of the other maps, or in any file in the config directory.  When I had only the following in vmail_alias:

testuser@domain5 testuser@domain1

Mail to testuser@domain5 was properly forwarded to testuser@domain1.  Domain5 is in the virtual_mailbox_domains file.



— Doug

Reply | Threaded
Open this post in threaded view
|

Re: Problems with aliases

James B. Byrne

On Wed, May 10, 2017 00:48, Doug Hardie wrote:

> I have a situation that is most likely a problem with my understanding
> of postfix and not a code problem.  I am getting ready to take over a
> domain name for mail service.  A number of new addresses in that
> domain need to be forwarded to other mail servers.  I setup postfix to
> do that and it worked fine.  However, there is still some time before
> I actually take over the domain.  In the meantime I was entering some
> of the addresses and forwarding addresses into the vmail alias file.
> Each entry was preceded by "# ".  My understanding was that lines
> starting with a # would be ignored.  I did not bother to run postmap
> as it would do nothing useful.
>
> Several hours later I noticed that no outgoing mail was going out.
> Everything was receiving an error in maillog:
>

If the source file has an mtime later than the resulting map file then
postfix will treat this as an error condition. At least this is my
experience so far.  If you check your maillog file you will find
entries if this is the case.  Further, if you rebuild a mapfile then
you must reload postfix for it to recognize the changes contained
therein.



--
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:[hidden email]
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

Reply | Threaded
Open this post in threaded view
|

Re: Problems with aliases

wa6vvv

> On 9 May 2017, at 22:19, James B. Byrne <[hidden email]> wrote:
>
>
> On Wed, May 10, 2017 00:48, Doug Hardie wrote:
>> I have a situation that is most likely a problem with my understanding
>> of postfix and not a code problem.  I am getting ready to take over a
>> domain name for mail service.  A number of new addresses in that
>> domain need to be forwarded to other mail servers.  I setup postfix to
>> do that and it worked fine.  However, there is still some time before
>> I actually take over the domain.  In the meantime I was entering some
>> of the addresses and forwarding addresses into the vmail alias file.
>> Each entry was preceded by "# ".  My understanding was that lines
>> starting with a # would be ignored.  I did not bother to run postmap
>> as it would do nothing useful.
>>
>> Several hours later I noticed that no outgoing mail was going out.
>> Everything was receiving an error in maillog:
>>
>
> If the source file has an mtime later than the resulting map file then
> postfix will treat this as an error condition. At least this is my
> experience so far.

That is what I noticed although I didn't expect postfix to do anything different in that situation.

>  If you check your maillog file you will find
> entries if this is the case.

Several hours after I changed the file, those messages began to appear.

>  Further, if you rebuild a mapfile then
> you must reload postfix for it to recognize the changes contained
> therein.

That doesn't seem correct.  I just ran another test and added a valid forward in vmail_alias file and ran postmap on it.  Then I sent to that address and sure enough it was delivered to the forward address.  I did not run postfix reload or restart the service.


Reply | Threaded
Open this post in threaded view
|

Re: Problems with aliases

Viktor Dukhovni
In reply to this post by wa6vvv

> On May 10, 2017, at 12:48 AM, Doug Hardie <[hidden email]> wrote:
>
> In the meantime I was entering some of the addresses and forwarding addresses
> into the vmail alias file.  Each entry was preceded by "# ".  My understanding
> was that lines starting with a # would be ignored.  I did not bother to run
> postmap as it would do nothing useful.

Adding comments to a table has no effect, other than warnings in the log file
that the source file is newer than the table.

> Several hours later I noticed that no outgoing mail was going out.  Everything
> was receiving an error in maillog:
>
> May  8 00:02:49 mail postfix/error[83540]: 8A72B114C3EE: to=<[hidden email]>,
> relay=none, delay=94792, delays=94792/0.03/0/0, dsn=4.3.0, status=deferred
> (mail transport unavailable)

There were earlier failures in the log for mail to this domain, with a delivery
agent other than "postfix/error".  The error messages for those failures are the
reason why mail to the destination is not being delivered.

> Note, this address was not in the vmail alias file.  It appears to have affected
> all outgoing mail.  Incoming mail was processed normally.

Coincidence is not causality, something else broke.

> In addition there were a number of these messages (starting hours later in the day):
>
> May  8 23:44:57 mail postfix/smtpd[95331]: warning: database
> /usr/local/etc/postfix/vmail_alias.db is older than source file
> /usr/local/etc/postfix/vmail_alias

This warning is harmless.

> To restore service, I removed all these entries, ran post map and did postfix
> restart.  Problem continued until I terminated postfix and restarted it.
> Then outgoing mail resumed delivery properly.

The "restart" cleared the list of throttled transports, but the problem is
likely to return.  I still get annoyed when folks seem too lazy to look more
closely at their logs. :-(

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Problems with aliases

Viktor Dukhovni

> On May 10, 2017, at 3:43 AM, Doug Hardie <[hidden email]> wrote:
>
> I have spent quite a bit of time in the logs, and I don't find anything else that seems to indicate an issue.  The problem occurred with all outgoing mail to multiple domains.  I have no idea what to look for. There are numerous errors logged for spammers trying to send to me and postfix disconnected them and logged it.  I don't see anything else.  How do you identify these errors if they are not labeled as error?

http://www.postfix.org/DEBUG_README.html#logging

--
        Viktor.