Postfix refuses to accept emails from the internet

Marco Betschart marbetschar at me.com
Sat Apr 4 21:37:27 CEST 2015


Hi @All!

A few hours ago I’ve setup a fresh Ubuntu 14.04 Server and installed the Kolab Community Version on it.
I also setup the Multi-Domain support as described over here <http://docs.kolab.org/howtos/multi-domain.html>.

Nearly everything works. Only postfix refuses to accept emails from the internet - and I do not have any clue why!! :(
Any help would be greatly appreciated!!!



Ausgabe in /var/log/mail.log
Apr  4 21:00:50 alex postfix/smtpd[4795]: >>> START Recipient address RESTRICTIONS <<<
Apr  4 21:00:50 alex postfix/smtpd[4795]: generic_checks: name=permit_mynetworks
Apr  4 21:00:50 alex postfix/smtpd[4795]: permit_mynetworks: mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/> 209.85.217.179
Apr  4 21:00:50 alex postfix/smtpd[4795]: match_hostname: mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/> ~? 127.0.0.0/8
Apr  4 21:00:50 alex postfix/smtpd[4795]: match_hostaddr: 209.85.217.179 ~? 127.0.0.0/8
Apr  4 21:00:50 alex postfix/smtpd[4795]: match_hostname: mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/> ~? [::ffff:127.0.0.0]/104
Apr  4 21:00:50 alex postfix/smtpd[4795]: match_hostaddr: 209.85.217.179 ~? [::ffff:127.0.0.0]/104
Apr  4 21:00:50 alex postfix/smtpd[4795]: match_hostname: mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/> ~? [::1]/128
Apr  4 21:00:50 alex postfix/smtpd[4795]: match_hostaddr: 209.85.217.179 ~? [::1]/128
Apr  4 21:00:50 alex postfix/smtpd[4795]: match_list_match: mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/>: no match
Apr  4 21:00:50 alex postfix/smtpd[4795]: match_list_match: 209.85.217.179: no match
Apr  4 21:00:50 alex postfix/smtpd[4795]: generic_checks: name=permit_mynetworks status=0
Apr  4 21:00:50 alex postfix/smtpd[4795]: generic_checks: name=permit_sasl_authenticated
Apr  4 21:00:50 alex postfix/smtpd[4795]: generic_checks: name=permit_sasl_authenticated status=0
Apr  4 21:00:50 alex postfix/smtpd[4795]: generic_checks: name=defer_unauth_destination
Apr  4 21:00:50 alex postfix/smtpd[4795]: reject_unauth_destination: marco at mandelkind.ch <mailto:marco at mandelkind.ch>
Apr  4 21:00:50 alex postfix/smtpd[4795]: permit_auth_destination: marco at mandelkind.ch <mailto:marco at mandelkind.ch>
Apr  4 21:00:50 alex postfix/smtpd[4795]: ctable_locate: leave existing entry key marco at mandelkind.ch <mailto:marco at mandelkind.ch>
Apr  4 21:00:50 alex postfix/smtpd[4795]: NOQUEUE: reject: RCPT from mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/>[209.85.217.179]: 454 4.7.1 <marco at mandelkind.ch <mailto:marco at mandelkind.ch>>: Relay access denied; from=<marbetschar at gmail.com <mailto:marbetschar at gmail.com>> to=<marco at mandelkind.ch <mailto:marco at mandelkind.ch>> proto=ESMTP helo=<mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/>>
Apr  4 21:00:50 alex postfix/smtpd[4795]: generic_checks: name=defer_unauth_destination status=2
Apr  4 21:00:50 alex postfix/smtpd[4795]: >>> END Recipient address RESTRICTIONS <<<
Apr  4 21:00:50 alex postfix/smtpd[4795]: > mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/>[209.85.217.179]: 454 4.7.1 <marco at mandelkind.ch <mailto:marco at mandelkind.ch>>: Relay access denied
Apr  4 21:00:50 alex postfix/smtpd[4795]: < mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/>[209.85.217.179]: DATA
Apr  4 21:00:50 alex postfix/smtpd[4795]: > mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/>[209.85.217.179]: 554 5.5.1 Error: no valid recipients
Apr  4 21:00:50 alex postfix/smtpd[4795]: < mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/>[209.85.217.179]: QUIT
Apr  4 21:00:50 alex postfix/smtpd[4795]: > mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/>[209.85.217.179]: 221 2.0.0 Bye


main.cf
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/ch.mandelkind/wildcard.crt
smtpd_tls_key_file=/etc/ssl/ch.mandelkind/wildcard.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = mail.mandelkind.ch <http://mail.mandelkind.ch/>
myorigin = /etc/mailname
relayhost =
relay_domains =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = ldap:/etc/postfix/ldap/mydestination.cf
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_tls_auth_only = yes
transport_maps = hash:/etc/postfix/transport,
	ldap:/etc/postfix/ldap/hosted_triplet_transport_maps.cf,
	ldap:/etc/postfix/ldap/hosted_duplet_transport_maps.cf
content_filter = smtp-amavis:[127.0.0.1]:10024
smtpd_sender_login_maps = $local_recipient_maps
local_recipient_maps = ldap:/etc/postfix/ldap/hosted_triplet_local_recipient_maps.cf,
	ldap:/etc/postfix/ldap/hosted_duplet_local_recipient_maps.cf
virtual_alias_maps = $alias_maps,
	ldap:/etc/postfix/ldap/hosted_triplet_virtual_alias_maps.cf,
	ldap:/etc/postfix/ldap/hosted_duplet_virtual_alias_maps.cf,
	ldap:/etc/postfix/ldap/hosted_triplet_virtual_alias_maps_mailforwarding.cf,
	ldap:/etc/postfix/ldap/hosted_duplet_virtual_alias_maps_mailforwarding.cf,
	ldap:/etc/postfix/ldap/hosted_triplet_virtual_alias_maps_sharedfolders.cf,
	ldap:/etc/postfix/ldap/hosted_duplet_virtual_alias_maps_sharedfolders.cf,
	ldap:/etc/postfix/ldap/hosted_triplet_mailenabled_distgroups.cf,
	ldap:/etc/postfix/ldap/hosted_duplet_mailenabled_distgroups.cf,
	ldap:/etc/postfix/ldap/hosted_triplet_mailenabled_dynamic_distgroups.cf,
	ldap:/etc/postfix/ldap/hosted_duplet_mailenabled_dynamic_distgroups.cf,
	ldap:/etc/postfix/ldap/hosted_triplet_virtual_alias_maps_catchall.cf,
	ldap:/etc/postfix/ldap/hosted_duplet_virtual_alias_maps_catchall.cf
submission_sender_restrictions = reject_non_fqdn_sender, check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject
submission_recipient_restrictions = check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject
smtpd_recipient_restrictions = reject_unauth_pipelining,
	reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org/>,
	reject_non_fqdn_recipient,
	reject_invalid_helo_hostname,
	reject_unknown_recipient_domain,
	check_policy_service unix:private/recipient_policy_incoming
smtp_tls_security_level = may
submission_data_restrictions = check_policy_service unix:private/submission_policy
smtpd_tls_security_level = may
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = permit_mynetworks, check_policy_service unix:private/sender_policy_incoming


master.cf
smtp                inet        n       -       n       -       -       smtpd -v
submission          inet        n       -       n       -       -       smtpd
    -o cleanup_service_name=cleanup_submission
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_sasl_authenticated_header=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o smtpd_data_restrictions=$submission_data_restrictions
    -o smtpd_recipient_restrictions=$submission_recipient_restrictions
    -o smtpd_sender_restrictions=$submission_sender_restrictions
pickup              fifo        n       -       n       60      1       pickup
cleanup             unix        n       -       n       -       0       cleanup
    -o header_checks=regexp:/etc/postfix/header_checks.inbound
    -o mime_header_checks=regexp:/etc/postfix/header_checks.inbound
cleanup_internal    unix        n       -       n       -       0       cleanup
    -o header_checks=regexp:/etc/postfix/header_checks.internal
    -o mime_header_checks=regexp:/etc/postfix/header_checks.internal
cleanup_submission  unix        n       -       n       -       0       cleanup
    -o header_checks=regexp:/etc/postfix/header_checks.submission
    -o mime_header_checks=regexp:/etc/postfix/header_checks.submission
qmgr                fifo        n       -       n       300     1       qmgr
tlsmgr              unix        -       -       n       1000?   1       tlsmgr
rewrite             unix        -       -       n       -       -       trivial-rewrite
bounce              unix        -       -       n       -       0       bounce
defer               unix        -       -       n       -       0       bounce
trace               unix        -       -       n       -       0       bounce
verify              unix        -       -       n       -       1       verify
flush               unix        n       -       n       1000?   0       flush
proxymap            unix        -       -       n       -       -       proxymap
proxywrite          unix        -       -       n       -       1       proxymap
smtp                unix        -       -       n       -       -       smtp
relay               unix        -       -       n       -       -       smtp
showq               unix        n       -       n       -       -       showq
error               unix        -       -       n       -       -       error
retry               unix        -       -       n       -       -       error
discard             unix        -       -       n       -       -       discard
local               unix        -       n       n       -       -       local
virtual             unix        -       n       n       -       -       virtual
lmtp                unix        -       -       n       -       -       lmtp
anvil               unix        -       -       n       -       1       anvil
scache              unix        -       -       n       -       1       scache
smtp-amavis         unix        -       -       n       -       3       smtp
    -o smtp_data_done_timeout=1800
    -o disable_dns_lookups=yes
    -o smtp_send_xforward_command=yes
    -o max_use=20
    -o smtp_bind_address=127.0.0.1
127.0.0.1:10025     inet        n       -       n       -       100     smtpd
    -o cleanup_service_name=cleanup_internal
    -o content_filter=smtp-wallace:[127.0.0.1]:10026
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8
smtp-wallace        unix        -       -       n       -       3       smtp
    -o smtp_data_done_timeout=1800
    -o disable_dns_lookups=yes
    -o smtp_send_xforward_command=yes
    -o max_use=20
127.0.0.1:10027     inet        n       -       n       -       100     smtpd
    -o cleanup_service_name=cleanup_internal
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8
recipient_policy    unix        -       n       n       -       -       spawn
    user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-recipient
recipient_policy_incoming unix  -       n       n       -       -       spawn
    user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-recipient --allow-unauthenticated
sender_policy       unix        -       n       n       -       -       spawn
    user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-sender
sender_policy_incoming unix     -       n       n       -       -       spawn
    user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-sender --allow-unauthenticated
submission_policy   unix        -       n       n       -       -       spawn
    user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-sender --verify-recipient
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20150404/50bec143/attachment-0001.html>


More information about the users mailing list