postfix quit nach starttls

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

postfix quit nach starttls

Dr. Martin Mandelkow
Hallo!

Aus irgendeinem Grund kann ich per roundcube keine Mails per SMTP
rausschicken. Und es scheint kein roundcube Problem zu sein.

Was ist an meiner Konfiguration kaputt?

Maillog:
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: connect from
localhost[127.0.0.1]
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: smtp_stream_setup:
maxtime=300 enable_deadline=0
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: match_hostname:
smtpd_client_event_limit_exceptions: localhost ~? 82.165.117.238/32
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: match_hostaddr:
smtpd_client_event_limit_exceptions: 127.0.0.1 ~? 82.165.117.238/32
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: match_hostname:
smtpd_client_event_limit_exceptions: localhost ~? 127.0.0.0/8
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: match_hostaddr:
smtpd_client_event_limit_exceptions: 127.0.0.1 ~? 127.0.0.0/8
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: report connect to
all milters
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter_macro_lookup: "j"
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter_macro_lookup: result "martin-mandelkow.de"
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter_macro_lookup: "{daemon_name}"
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter_macro_lookup: result "ORIGINATING"
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter_macro_lookup: "{daemon_addr}"
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter_macro_lookup: result "127.0.0.1"
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter_macro_lookup: "v"
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter_macro_lookup: result "Postfix 3.3.1"
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: milter8_connect:
non-protocol events for protocol version 6:
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: milter8_connect:
transport=inet endpoint=localhost:8891
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: trying...
[127.0.0.1]
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: vstream_tweak_tcp:
TCP_MAXSEG 21845
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: fd=28: stream
buffer size old=0 new=43690
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: milter8_connect:
my_version=0x6
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: milter8_connect:
my_actions=0x1ff SMFIF_ADDHDRS SMFIF_CHGBODY SMFIF_ADDRCPT SMFIF_DELRCPT
SMFIF_CHGHDRS SMFIF_QUARANTINE SMFIF_CHGFROM SMFIF_ADDRCPT_PAR
SMFIF_SETSYMLIST
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: milter8_connect:
my_events=0x1fffff SMFIP_NOCONNECT SMFIP_NOHELO SMFIP_NOMAIL
SMFIP_NORCPT SMFIP_NOBODY SMFIP_NOHDRS SMFIP_NOEOH SMFIP_NR_HDR
SMFIP_NOUNKNOWN SMFIP_NODATA SMFIP_SKIP SMFIP_RCPT_REJ SMFIP_NR_CONN
SMFIP_NR_HELO SMFIP_NR_MAIL SMFIP_NR_RCPT SMFIP_NR_DATA SMFIP_NR_UNKN
SMFIP_NR_EOH SMFIP_NR_BODY SMFIP_HDR_LEADSPC
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_fflush_some: fd 28 flush 17
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_buf_get_ready: fd 28 got 17
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: milter8_connect:
milter inet:localhost:8891 version 6
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: milter8_connect:
events SMFIP_NOHELO SMFIP_NOUNKNOWN SMFIP_NODATA SMFIP_SKIP
SMFIP_HDR_LEADSPC
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: milter8_connect:
requests SMFIF_ADDHDRS SMFIF_CHGHDRS SMFIF_SETSYMLIST
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter8_conn_event: milter inet:localhost:8891: connect
localhost/127.0.0.1
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: event:
SMFIC_CONNECT; macros: j=martin-mandelkow.de {daemon_name}=ORIGINATING
{daemon_addr}=127.0.0.1 v=Postfix 3.3.1
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_fflush_some: fd 28 flush 122
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_buf_get_ready: fd 28 got 5
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: reply:
SMFIR_CONTINUE data 0 bytes
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: >
localhost[127.0.0.1]: 220 martin-mandelkow.de ESMTP Postfix
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: watchdog_pat:
0x5630ea107520
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_fflush_some: fd 27 flush 39
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_buf_get_ready: fd 27 got 26
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: <
localhost[127.0.0.1]: EHLO martin-mandelkow.de
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: report helo to all
milters
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter_macro_lookup: "{tls_version}"
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter_macro_lookup: "{cipher}"
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter_macro_lookup: "{cipher_bits}"
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter_macro_lookup: "{cert_subject}"
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter_macro_lookup: "{cert_issuer}"
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter8_helo_event: milter inet:localhost:8891: helo martin-mandelkow.de
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: event: SMFIC_HELO;
macros: (none)
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: skipping event
SMFIC_HELO for milter inet:localhost:8891
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: match_list_match:
localhost: no match
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: match_list_match:
127.0.0.1: no match
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: >
localhost[127.0.0.1]: 250-martin-mandelkow.de
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: >
localhost[127.0.0.1]: 250-PIPELINING
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: >
localhost[127.0.0.1]: 250-SIZE 10240000
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: >
localhost[127.0.0.1]: 250-VRFY
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: >
localhost[127.0.0.1]: 250-ETRN
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: >
localhost[127.0.0.1]: 250-STARTTLS
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: >
localhost[127.0.0.1]: 250-ENHANCEDSTATUSCODES
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: >
localhost[127.0.0.1]: 250-8BITMIME
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: >
localhost[127.0.0.1]: 250-DSN
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: >
localhost[127.0.0.1]: 250 SMTPUTF8
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: watchdog_pat:
0x5630ea107520
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_fflush_some: fd 27 flush 156
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_buf_get_ready: fd 27 got 10
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: <
localhost[127.0.0.1]: STARTTLS
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: query milter
states for other event
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter8_other_event: milter inet:localhost:8891
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: >
localhost[127.0.0.1]: 220 2.0.0 Ready to start TLS
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_fflush_some: fd 27 flush 30
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: abort all milters
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: milter8_abort:
abort milter inet:localhost:8891
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
event_request_timer: reset 0x7efee5ba3b10 0x5630ea00f4e0 5
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: send attr request
= seed
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: send attr size = 32
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_fflush_some: fd 15 flush 22
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_buf_get_ready: fd 15 got 60
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: private/tlsmgr:
wanted attribute: status
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: input attribute
name: status
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: input attribute
value: 0
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: private/tlsmgr:
wanted attribute: seed
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: input attribute
name: seed
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: input attribute
value: o0hIxCvmbtaNJPap4lGlY8IFEJCsNkB6FTbKJOumJyc=
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: private/tlsmgr:
wanted attribute: (list terminator)
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: input attribute
name: (end)
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
event_request_timer: reset 0x7efee5ba3b10 0x5630ea00f4e0 5
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: send attr request
= tktkey
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: send attr keyname
= [data 0 bytes]
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_fflush_some: fd 15 flush 25
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_buf_get_ready: fd 15 got 138
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: private/tlsmgr:
wanted attribute: status
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: input attribute
name: status
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: input attribute
value: 0
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: private/tlsmgr:
wanted attribute: keybuf
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: input attribute
name: keybuf
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: input attribute
value:
GEjFJkIDoZeqxL/4UX0+QfCyqrJ1oOJxRSqHSpN1A6HQBMhCKGtb0s4VTZbiuEzWJmTVoxxNVQPBzONthZQoo2j+0iVk8dGFXoveYnYoNx7Ga2pfAAAAAA==
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: private/tlsmgr:
wanted attribute: (list terminator)
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: input attribute
name: (end)
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
xsasl_dovecot_server_create: SASL service=smtp, realm=(null)
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: name_mask:
noanonymous
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
xsasl_dovecot_server_connect: Connecting
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_fflush_some: fd 29 flush 22
Sep 22 23:05:04 martin-mandelkow dovecot[2233]: auth: Debug: Loading
modules from directory: /usr/lib64/dovecot/auth
Sep 22 23:05:04 martin-mandelkow dovecot[2233]: auth: Debug: Module
loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Sep 22 23:05:04 martin-mandelkow dovecot[2233]: auth: Debug: Module
loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_buf_get_ready: fd 29 got 148
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
xsasl_dovecot_server_connect: auth reply: VERSION?1?2
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
xsasl_dovecot_server_connect: auth reply: MECH?CRAM-MD5?dictionary?active
Sep 22 23:05:04 martin-mandelkow dovecot[2233]: auth: Debug: Read auth
token secret from /var/run/dovecot/auth-token-secret.dat
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: name_mask:
dictionary
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: name_mask: active
Sep 22 23:05:04 martin-mandelkow dovecot[2233]: auth: Debug: passwd-file
/etc/dovecot/users: Read 4 users in 0 secs
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
xsasl_dovecot_server_connect: auth reply: MECH?PLAIN?plaintext
Sep 22 23:05:04 martin-mandelkow dovecot[2233]: auth: Debug: auth client
connected (pid=0)
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: name_mask: plaintext
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
xsasl_dovecot_server_connect: auth reply: MECH?LOGIN?plaintext
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: name_mask: plaintext
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
xsasl_dovecot_server_connect: auth reply: SPID?3017
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
xsasl_dovecot_server_connect: auth reply: CUID?1
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
xsasl_dovecot_server_connect: auth reply:
COOKIE?87f8c974599f9d294eb35dfb027c8248
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
xsasl_dovecot_server_connect: auth reply: DONE
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
xsasl_dovecot_server_mech_filter: keep mechanism: CRAM-MD5
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
xsasl_dovecot_server_mech_filter: keep mechanism: PLAIN
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
xsasl_dovecot_server_mech_filter: keep mechanism: LOGIN
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: watchdog_pat:
0x5630ea107520
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: smtp_get: EOF
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: match_hostname:
smtpd_client_event_limit_exceptions: localhost ~? 82.165.117.238/32
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: match_hostaddr:
smtpd_client_event_limit_exceptions: 127.0.0.1 ~? 82.165.117.238/32
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: match_hostname:
smtpd_client_event_limit_exceptions: localhost ~? 127.0.0.0/8
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: match_hostaddr:
smtpd_client_event_limit_exceptions: 127.0.0.1 ~? 127.0.0.0/8
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: lost connection
after STARTTLS from localhost[127.0.0.1]
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: disconnect event
to all milters
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
milter8_disc_event: quit milter inet:localhost:8891
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]:
vstream_fflush_some: fd 28 flush 16
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: disconnect from
localhost[127.0.0.1] ehlo=1 starttls=1 commands=2
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: free all milters
Sep 22 23:05:04 martin-mandelkow postfix/smtpd[3015]: free milter
inet:localhost:8891


Der Blick auf den Server via openssl:
[root@s17775789 ~]# openssl s_client -connect martin-mandelkow.de:587
CONNECTED(00000003)
140094835521352:error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 247 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---


Und hier ist meine postconf:
[root@martin-mandelkow ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 4
debug_peer_list = 127.0.0.1
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_transport = lmtp:unix:private/dovecot-lmtp
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
milter_default_action = accept
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, www.$mydomain, ftp.$mydomain
myhostname = martin-mandelkow.de
mynetworks = 82.165.117.238/32, 127.0.0.0/8, 10.8.0.0/16,
[2001:8d8:1800:33d::1]/128, [::1]/128
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:8891
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/README_FILES
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib64/postfix
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_security_level = may
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/recipient_access, reject_unauth_pipelining,
check_sender_access hash:/etc/postfix/sender_access,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
permit_sasl_authenticated, permit_tls_clientcerts, permit_mynetworks,
reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client
zen.spamhaus.org, permit_mx_backup, reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file =
/etc/letsencrypt/live/martin-mandelkow.de/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/martin-mandelkow.de/privkey.pem
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = lmtp:unix:private/dovecot-lmtp