strange issue with postfix

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

strange issue with postfix

Ranjan Maitra
Hi,

I have an issue that I can not resolve at my work environment.

When I use commandline mail, my e-mail gets delivered.

However, when I use a mailer (like sylpheed) to use localhost, it does not get delivered. I have SMTP port set to the default, and this same setup works fine when I send e-mail from my home machine. What could be wrong, and how may I fix it? Any suggestions?

Many thanks and best wishes,
Ranjan

Reply | Threaded
Open this post in threaded view
|

Re: strange issue with postfix

ilyak
Hi.
I'd start with checking your logs (i.e. "/var/log/maillog")

On Thu, Oct 1, 2020 at 10:01 PM Ranjan Maitra <[hidden email]> wrote:
Hi,

I have an issue that I can not resolve at my work environment.

When I use commandline mail, my e-mail gets delivered.

However, when I use a mailer (like sylpheed) to use localhost, it does not get delivered. I have SMTP port set to the default, and this same setup works fine when I send e-mail from my home machine. What could be wrong, and how may I fix it? Any suggestions?

Many thanks and best wishes,
Ranjan

Reply | Threaded
Open this post in threaded view
|

Re: strange issue with postfix

Ranjan Maitra
Thanks, very much. So when I hit "Send" on sylpheed, it goes on a tailspin, and says: Connecting to SMTP server: localhost

Looking at the /var/log/maillog as you suggested, I get:

Oct  1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains
Oct  1 14:08:01 localhost postfix/master[1216]: warning: process /usr/libexec/postfix/smtpd pid 4142479 exit status 1
Oct  1 14:08:01 localhost postfix/master[1216]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

And here is what happens when I send mail from the commandline:


Oct  1 14:11:42 localhost postfix/pickup[3995696]: 44C4416239C: uid=1000 from=<usernam>
Oct  1 14:11:42 localhost postfix/cleanup[4148016]: 44C4416239C: message-id=<[hidden email]>
Oct  1 14:11:42 localhostlocalhost postfix/qmgr[1218]: 44C4416239C: from=<[hidden email]>, size=492, nrcpt=1 (queue active)
Oct  1 14:11:42 localhost postfix/smtp[4148018]: 44C4416239C: to=<[hidden email]>, relay=mailhub.name.removed[129.186.140.5]:25, delay=0.09, delays=0.07/0/0.01/0.02, dsn=2.0.0, status=sent (250 2.0.0 091JBg2r014199 Message accepted for delivery)
Oct  1 14:11:42 localhost postfix/cleanup[4148016]: 5D4A616239D: message-id=<[hidden email]>
Oct  1 14:11:42 localhost postfix/bounce[4148019]: 44C4416239C: sender delivery status notification: 5D4A616239D
Oct  1 14:11:42 localhost postfix/qmgr[1218]: 5D4A616239D: from=<>, size=2305, nrcpt=1 (queue active)
Oct  1 14:11:42 localhost postfix/qmgr[1218]: 44C4416239C: removed
Oct  1 14:11:42 localhost postfix/local[4148020]: 5D4A616239D: to=<[hidden email]>, relay=local, delay=0.07, delays=0.04/0/0/0.03, dsn=2.0.0, status=sent (delivered to mailbox)
Oct  1 14:11:42 localhost postfix/qmgr[1218]: 5D4A616239D: removed


What should I be looking at from here? The thing is that sylpheed is set up exactly the same for my home (the same machine).

Many thanks,
Ranjan

On Thu, 1 Oct 2020 22:04:26 +0300 IL Ka <[hidden email]> wrote:

> Hi.
> I'd start with checking your logs (i.e. "/var/log/maillog")
>
> On Thu, Oct 1, 2020 at 10:01 PM Ranjan Maitra <[hidden email]> wrote:
>
> > Hi,
> >
> > I have an issue that I can not resolve at my work environment.
> >
> > When I use commandline mail, my e-mail gets delivered.
> >
> > However, when I use a mailer (like sylpheed) to use localhost, it does not
> > get delivered. I have SMTP port set to the default, and this same setup
> > works fine when I send e-mail from my home machine. What could be wrong,
> > and how may I fix it? Any suggestions?
> >
> > Many thanks and best wishes,
> > Ranjan
> >
> >


--
Important Notice: This mailbox is ignored: e-mails are set to be deleted on receipt. Please respond to the mailing list if appropriate. For those needing to send personal or professional e-mail, please use appropriate addresses.

Reply | Threaded
Open this post in threaded view
|

Re: strange issue with postfix

Demi M. Obenour
On 2020-10-01 15:18, Ranjan Maitra wrote:
> Thanks, very much. So when I hit "Send" on sylpheed, it goes on a tailspin, and says: Connecting to SMTP server: localhost
>
> Looking at the /var/log/maillog as you suggested, I get:
>
> Oct  1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains

That is your problem.  You haven’t told Postfix what restrictions
it should impose on mail relaying, so it exits to avoid becoming an
open relay.

Demi


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: strange issue with postfix

Ranjan Maitra
On Thu, 1 Oct 2020 15:39:55 -0400 "Demi M. Obenour" <[hidden email]> wrote:

> On 2020-10-01 15:18, Ranjan Maitra wrote:
> > Thanks, very much. So when I hit "Send" on sylpheed, it goes on a tailspin, and says: Connecting to SMTP server: localhost
> >
> > Looking at the /var/log/maillog as you suggested, I get:
> >
> > Oct  1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains
>
> That is your problem.  You haven’t told Postfix what restrictions
> it should impose on mail relaying, so it exits to avoid becoming an
> open relay.
>

My apologies: how do I do this/what should I do here?

Thanks,
Ranjan
Reply | Threaded
Open this post in threaded view
|

Re: strange issue with postfix

Larry Stone
In reply to this post by Ranjan Maitra
>
> On Oct 1, 2020, at 2:18 PM, Ranjan Maitra <[hidden email]> wrote:
>
> Thanks, very much. So when I hit "Send" on sylpheed, it goes on a tailspin, and says: Connecting to SMTP server: localhost
>
> Looking at the /var/log/maillog as you suggested, I get:
>
> Oct  1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains

As someone else already replied, the problem is with the smtp_relay_restrictions or smtp_recipient_restrictions.

> And here is what happens when I send mail from the commandline:
>
> Oct  1 14:11:42 localhost postfix/pickup[3995696]: 44C4416239C: uid=1000 from=<usernam>

But when you use the command line, the mail enters Postfix via the pickup service. That’s completely different from smtpd (that’s the SMTP daemon). Command line works because having the mail enter via pickup does not use the bad smtpd_…_restrictions parameters.

--
Larry Stone
[hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: strange issue with postfix

Bob Proulx
In reply to this post by Ranjan Maitra
Ranjan Maitra wrote:
> > > Oct  1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains
>
> My apologies: how do I do this/what should I do here?

Since you haven't shared your postfix configuration but just parts of
it in the master.cf then we can only point to the documentation.

Start here and read these:

    http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions

    http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions

What is the value of these for you?  This will produce some output
which shows the current configuration.

    postconf smtpd_recipient_restrictions smtpd_relay_restrictions

For my use I leave smtpd_relay_restrictions set to the default value
and then set smtpd_recipient_restrictions.  That's one valid
combination.  But there are others.

At the least I would think something like this:

smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain

But in real use I have a much longer list with a lot more there for
blocking spam and other things.  You should understand it before using
it and adjust it as needed for your environment.

Bob
Reply | Threaded
Open this post in threaded view
|

Re: strange issue with postfix

Erik Thuning
Thank you! I had this exact issue and just couldn't wrap my head around what was wrong, this solved things quite nicely.

/T

On 2020-10-02 00:00, Bob Proulx wrote:
Ranjan Maitra wrote:
> > > Oct  1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains
>
> My apologies: how do I do this/what should I do here?

Since you haven't shared your postfix configuration but just parts of
it in the master.cf then we can only point to the documentation.

Start here and read these:

    http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions

    http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions

What is the value of these for you?  This will produce some output
which shows the current configuration.

    postconf smtpd_recipient_restrictions smtpd_relay_restrictions

For my use I leave smtpd_relay_restrictions set to the default value
and then set smtpd_recipient_restrictions.  That's one valid
combination.  But there are others.

At the least I would think something like this:

smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain

But in real use I have a much longer list with a lot more there for
blocking spam and other things.  You should understand it before using
it and adjust it as needed for your environment.

Bob

Reply | Threaded
Open this post in threaded view
|

Re: strange issue with postfix

Ranjan Maitra
Hi,

Thanks, I am not very knowledgeable with regard to postfix being a simple user, so do you mind letting me/us know what you had to fix? It is kind of forbidding to me.

Thanks again and best wishes,
Ranjan

On Fri, 2 Oct 2020 15:52:34 +0200 Erik Thuning <[hidden email]> wrote:

> Thank you! I had this exact issue and just couldn't wrap my head around
> what was wrong, this solved things quite nicely.
>
> /T
>
> On 2020-10-02 00:00, Bob Proulx wrote:
> > Ranjan Maitra wrote:
> > > > > Oct  1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in
> > parameter smtpd_relay_restrictions or smtpd_recipient_restrictions,
> > specify at least one working instance of: reject_unauth_destination,
> > defer_unauth_destination, reject, defer, defer_if_permit or
> > check_relay_domains
> > >
> > > My apologies: how do I do this/what should I do here?
> >
> > Since you haven't shared your postfix configuration but just parts of
> > it in the master.cf then we can only point to the documentation.
> >
> > Start here and read these:
> >
> > http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
> >
> > http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
> >
> > What is the value of these for you?  This will produce some output
> > which shows the current configuration.
> >
> >     postconf smtpd_recipient_restrictions smtpd_relay_restrictions
> >
> > For my use I leave smtpd_relay_restrictions set to the default value
> > and then set smtpd_recipient_restrictions.  That's one valid
> > combination.  But there are others.
> >
> > At the least I would think something like this:
> >
> > smtpd_recipient_restrictions =
> >         permit_mynetworks,
> >         reject_unauth_destination,
> >         reject_invalid_hostname,
> >         reject_non_fqdn_hostname,
> >         reject_non_fqdn_sender,
> >         reject_non_fqdn_recipient,
> >         reject_unknown_sender_domain,
> >         reject_unknown_recipient_domain
> >
> > But in real use I have a much longer list with a lot more there for
> > blocking spam and other things.  You should understand it before using
> > it and adjust it as needed for your environment.
> >
> > Bob
>
--
Important Notice: This mailbox is ignored: e-mails are set to be deleted on receipt. Please respond to the mailing list if appropriate. For those needing to send personal or professional e-mail, please use appropriate addresses.

Reply | Threaded
Open this post in threaded view
|

Re: strange issue with postfix

Erik Thuning
I set the following in main.cf:

smtpd_relay_restrictions = permit_mynetworks, reject

Which, if I understand correctly, should mean that any email coming from addresses specified in mynetworks will be accepted, while all others get rejected.

Mynetworks in my case only specifies loopback addresses, so my SMTP server will accept email from localhost and reject all others.

If you have different needs you should look into the links sent by Bob earlier in this thread, there's quite a number of possible policies available.

/T

On 2020-10-02 19:55, Ranjan Maitra wrote:
Hi,

Thanks, I am not very knowledgeable with regard to postfix being a simple user, so do you mind letting me/us know what you had to fix? It is kind of forbidding to me.

Thanks again and best wishes,
Ranjan

On Fri, 2 Oct 2020 15:52:34 +0200 Erik Thuning [hidden email] wrote:

> Thank you! I had this exact issue and just couldn't wrap my head around
> what was wrong, this solved things quite nicely.
>
> /T
>
> On 2020-10-02 00:00, Bob Proulx wrote:
> > Ranjan Maitra wrote:
> > > > > Oct  1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in
> > parameter smtpd_relay_restrictions or smtpd_recipient_restrictions,
> > specify at least one working instance of: reject_unauth_destination,
> > defer_unauth_destination, reject, defer, defer_if_permit or
> > check_relay_domains
> > >
> > > My apologies: how do I do this/what should I do here?
> >
> > Since you haven't shared your postfix configuration but just parts of
> > it in the master.cf then we can only point to the documentation.
> >
> > Start here and read these:
> >
> > http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
> >
> > http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
> >
> > What is the value of these for you?  This will produce some output
> > which shows the current configuration.
> >
> >     postconf smtpd_recipient_restrictions smtpd_relay_restrictions
> >
> > For my use I leave smtpd_relay_restrictions set to the default value
> > and then set smtpd_recipient_restrictions.  That's one valid
> > combination.  But there are others.
> >
> > At the least I would think something like this:
> >
> > smtpd_recipient_restrictions =
> >         permit_mynetworks,
> >         reject_unauth_destination,
> >         reject_invalid_hostname,
> >         reject_non_fqdn_hostname,
> >         reject_non_fqdn_sender,
> >         reject_non_fqdn_recipient,
> >         reject_unknown_sender_domain,
> >         reject_unknown_recipient_domain
> >
> > But in real use I have a much longer list with a lot more there for
> > blocking spam and other things.  You should understand it before using
> > it and adjust it as needed for your environment.
> >
> > Bob
>
--
Important Notice: This mailbox is ignored: e-mails are set to be deleted on receipt. Please respond to the mailing list if appropriate. For those needing to send personal or professional e-mail, please use appropriate addresses.


Reply | Threaded
Open this post in threaded view
|

Re: strange issue with postfix

Bob Proulx
Erik Thuning wrote:

> Ranjan Maitra wrote:
> > Thanks, I am not very knowledgeable with regard to postfix being a
> > simple user, so do you mind letting me/us know what you had to fix? It
> > is kind of forbidding to me.
> >
> > > Thank you! I had this exact issue and just couldn't wrap my head around
> > > what was wrong, this solved things quite nicely.
>
> If you have different needs you should look into the links sent by Bob
> earlier in this thread, there's quite a number of possible policies
> available.

Here is an old resource but one that I think is still very good is
"Jim Seymour's suggestions/examples for Postfix anti-UCE configuration."

    http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

That posting is filled with very useful, real world, down and dirty,
practical information about Postfix configuration in the face of
hostile spammers, backscatter, and other abuse.  If you have trouble
getting started on how things work together then I think that is a
good guide to read through carefully.  A few times! :-)

Bob
Reply | Threaded
Open this post in threaded view
|

Re: strange issue with postfix

@lbutlr
On 05 Oct 2020, at 13:17, Bob Proulx <[hidden email]> wrote:
> Here is an old resource but one that I think is still very good is
> "Jim Seymour's suggestions/examples for Postfix anti-UCE configuration."
>
>    http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

It's good, but it does need some updating as some things are… misleading.

For example:

    If you want smtpd access map entries to match hosts and sub-domains
    on just the domain part (e.g.: "example.com" matches "host.example.com"
    and "host.subdomain.example.com," you must specify:

        parent_domain_matches_subdomains = smtpd_access_maps

However, that is the default:

# postconf -d parent_domain_matches_subdomains
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps

There's the whole section on postfix not supporting cidr tables, which was certainly possible in 2005, but not so much in 2020.

But yes, it's still a good starter document for understanding the configuration parameters and the order-of-operations flow, but I wouldn't rely on it to generate you own config without checking some of the `postconf -n` output that gets posted to the list.

The one thing that it tries very hard to do is explain the meaning of the sender and recipient maps and while everything there is correct, I think it would still be quite confusing to someone starting off with postfix who is likely to wonder if it means that senders are always local or is senders are never local or if sender might be local and might be not local, which I think is the single biggest stumbling block for those undertaking modifying their postfix configs. Pr maybe it's smtp_ versus smtpd_, a mistake that is in the post:

The "general flow" of the smtp_recipient_restrictions …

But only smtpd_recipient_restrictions are in the file.

But, the biggest thing that makes this document in real need of an update, is the complete lack of mention of postfix's best antispam feature: postscreen.








--
Bart, don't use the Touch of Death on your sister.