Re: Working thru some issues in configuring my postfix setup

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Working thru some issues in configuring my postfix setup

Michael Segel
Got this one fixed. 
I just had to set mydestination = localhost 
and restarted. 

This then let the stuff in mySQL control the other accounts and I can see it in my mail client on my mac. 


The last issue that’s killing me is that I’m rejecting mail from unknown hosts. That is hosts that do not have a rDNS set up. 

The problem is that all of the inbound emails aren’t getting recognized even though the test emails are coming from known domains like hotmail. com . 

So what did I muck up? 

Thx

-Mike

On Apr 20, 2017, at 6:24 PM, Michael Segel <[hidden email]> wrote:

Thx, 

Then the question is how should I set up virtual users? 


On Apr 20, 2017, at 6:16 PM, Thermi <[hidden email]> wrote:

Hello,

I just stumbled upon this myself.
mydestination is described here:
http://www.postfix.org/postconf.5.html#mydestination

> mydestination (default: $myhostname, localhost.$mydomain, localhost)

Am 21.04.2017 um 01:13 schrieb Michael Segel:
I’m working thru some issues on my new server setup. 

I wanted to set up some virtual user mailboxes so I don’t have to create actual accounts but add them to the mySQL (MariaDB) database. 

I am having an issue with the following :
postfix/trivial-rewrite[8120]: warning: do not list domain stealth.segel.com in BOTH mydestination and virtual_mailbox_domains

Not sure why this is happening.  I don’t see where I set mydestination. 

Below is from postconf -n , any help is appreciated. 

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
html_directory = no
inet_protocols = all
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 30720000
mydomain = segel.com
myhostname = stealth.segel.com
mynetworks = 173.15.87.0/24, 127.0.0.0/8, 10.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $local_recipient_maps $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces permit_tls_all_clientcerts reject_rbl_client zen.spamhaus.org reject_rhsbl_client dbl.spamhaus.org
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client, reject_maps_rbl, reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination permit_inet_interfaces permit_mx_backup
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/dovecot/mailCert8192.pem
smtpd_tls_key_file = /etc/pki/dovecot/mailCert8192.pem
smtpd_tls_loglevel = 4
smtpd_tls_security_level = may
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000




Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Working thru some issues in configuring my postfix setup

Mark Constable
On 21/4/17 10:59 am, Michael Segel wrote:
> The last issue that’s killing me is that I’m rejecting mail from
> unknown hosts. That is hosts that do not have a rDNS set up.
>
> The problem is that all of the inbound emails aren’t getting
> recognized even though the test emails are coming from known domains
> like hotmail.com.

I'm no expert but try removing reject_invalid_hostname...

smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client, reject_maps_rbl, reject_invalid_hostname
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Working thru some issues in configuring my postfix setup

Michael Segel
Well it would be reject_unknown_client, but that’s not really a good idea.
I’ve already turned off the spamhaus checks because it was throwing an error.

Want to solve this, not ignore it.

Thanks though.

-Mike

> On Apr 20, 2017, at 8:13 PM, Mark Constable <[hidden email]> wrote:
>
> On 21/4/17 10:59 am, Michael Segel wrote:
>> The last issue that’s killing me is that I’m rejecting mail from
>> unknown hosts. That is hosts that do not have a rDNS set up.
>> The problem is that all of the inbound emails aren’t getting
>> recognized even though the test emails are coming from known domains
>> like hotmail.com.
>
> I'm no expert but try removing reject_invalid_hostname...
>
> smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client, reject_maps_rbl, reject_invalid_hostname

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Working thru some issues in configuring my postfix setup

Viktor Dukhovni
In reply to this post by Mark Constable

> On Apr 20, 2017, at 9:13 PM, Mark Constable <[hidden email]> wrote:
>
>> The last issue that’s killing me is that I’m rejecting mail from
>> unknown hosts. That is hosts that do not have a rDNS set up.
>> The problem is that all of the inbound emails aren’t getting
>> recognized even though the test emails are coming from known domains
>> like hotmail.com.
>
> I'm no expert but try removing reject_invalid_hostname...
>
> smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client, reject_maps_rbl, reject_invalid_hostname

Close, but the real problem is most likely "reject_unknown_client".

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Working thru some issues in configuring my postfix setup

Viktor Dukhovni
In reply to this post by Michael Segel

> On Apr 20, 2017, at 9:17 PM, Michael Segel <[hidden email]> wrote:
>
> Well it would be reject_unknown_client, but that’s not really a good idea.

Actually, it is a good idea, as the restriction is rarely usable and is
not intended for broad use.

> I’ve already turned off the spamhaus checks because it was throwing an
> error.

Solve that.  Sounds like you have DNS issues, or are using a public
recursive DNS server (Google's or similar), instead of deploying a local
one on the MTA.  Deploy unbound or BIND on the MTA, and make sure that
queries for SpamHaus RBLs are not forwarded to remote recursive resolvers.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Working thru some issues in configuring my postfix setup

Michael Segel
In reply to this post by Michael Segel
For some reason this hit my email junk box…

I fixed the problem… just have the mail server handle localhost and then the virtual mail folders will pick up those users in the mySQL/MariaDB database.

The issue was that I had thought i needed to put in my domain and hostname there and not just local host.  (I didn’t see that in the READMEs. )

It looks like I may be running in to a couple of issues with DNS that may be Comcast related. (Note: I’m a business user on Comcast so I have support and its not the residential issues.)

The frustrating thing is that I used to know this stuff many, many moons ago when I actually did Sysadmin work and now its only coming back to me very slowly… ;-)

Again, thanks to everyone who’s been helping me get thru this.

-Mike

> On Apr 20, 2017, at 6:28 PM, Viktor Dukhovni <[hidden email]> wrote:
>
>
>> On Apr 20, 2017, at 7:24 PM, Michael Segel <[hidden email]> wrote:
>>
>> Then the question is how should I set up virtual users?
>
> That's not well-posed question.  As stated, the answer is
> any way that meets your requirements.
>
> See http://www.postfix.org/VIRTUAL_README.html
>
> --
> Viktor.
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Working thru some issues in configuring my postfix setup

Michael Segel
In reply to this post by Viktor Dukhovni
Again, not sure why this fell in to the junk folder.


The issue here is that when the initial DNS check for hostname happens, it can’t find the host name.
(Weird that the EHLO has the hostname. So it looks like the rDNS check is failing. )

Since I’m on Comcast, I’m checking 75.75.x.x [Their DNS server] first and it should provide the name.  This is working on my older Linux box that I am currently using for mail.

So if it fails at the rDNS lookup… then its going to fail these checks and get rejected.

The other weird thing is that its not seeing ZEN or the other spamhaus.org servers to help filter junk.
(Again my other mail server is doing this correctly. )


So hopefully a call to Comcast can help sort this out.

If I’m missing anything, please let me know.

Thx

-Mike

> On Apr 20, 2017, at 8:27 PM, Viktor Dukhovni <[hidden email]> wrote:
>
>
>> On Apr 20, 2017, at 9:13 PM, Mark Constable <[hidden email]> wrote:
>>
>>> The last issue that’s killing me is that I’m rejecting mail from
>>> unknown hosts. That is hosts that do not have a rDNS set up.
>>> The problem is that all of the inbound emails aren’t getting
>>> recognized even though the test emails are coming from known domains
>>> like hotmail.com.
>>
>> I'm no expert but try removing reject_invalid_hostname...
>>
>> smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client, reject_maps_rbl, reject_invalid_hostname
>
> Close, but the real problem is most likely "reject_unknown_client".
>
> --
> Viktor.
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Working thru some issues in configuring my postfix setup

Kris Deugau
Michael Segel wrote:
> Again, not sure why this fell in to the junk folder.
>
>
> The issue here is that when the initial DNS check for hostname happens, it can’t find the host name.
> (Weird that the EHLO has the hostname. So it looks like the rDNS check is failing. )

The EHLO name is directly sent by the remote system in the SMTP
conversation, it's not something your server looks up.

> Since I’m on Comcast, I’m checking 75.75.x.x [Their DNS server] first and it should provide the name.  This is working on my older Linux box that I am currently using for mail.
>
> So if it fails at the rDNS lookup… then its going to fail these checks and get rejected.
>
> The other weird thing is that its not seeing ZEN or the other spamhaus.org servers to help filter junk.
> (Again my other mail server is doing this correctly. )
>
>
> So hopefully a call to Comcast can help sort this out.

Install a local caching nameserver and do your own lookups.

Chances are you'll have to do this for the Spamhaus lookups anyway;  I
would be extremely surprised if Comcast's customer-facing cache servers
haven't been blocked from Spamhaus lookups for a long time.  Comcast is
a far larger ISP than I work for, and *we* hit the public query limit
several years ago.  I suppose it's possible they've paid for a datafeed
subscription and are providing that to their customers, but I don't
think it's likely...

-kgd
Loading...