Postfix refuses to accept emails from the internet
Thomas Spuhler
thomas.spuhler at btspuhler.com
Tue Apr 7 00:32:38 CEST 2015
On Saturday, April 04, 2015 09:37:27 PM Marco Betschart wrote:
> Hi @All!
>
> A few hours ago I’ve setup a fresh Ubuntu 14.04 Server and installed the Kolab Community Version
> on it. I also setup the Multi-Domain support as described over here
> <http://docs.kolab.org/howtos/multi-domain.html>.
>
> Nearly everything works. Only postfix refuses to accept emails from the internet - and I do not
> have any clue why!! :( Any help would be greatly appreciated!!!
>
>
>
> Ausgabe in /var/log/mail.log
> Apr 4 21:00:50 alex postfix/smtpd[4795]: >>> START Recipient address RESTRICTIONS <<<
> Apr 4 21:00:50 alex postfix/smtpd[4795]: generic_checks: name=permit_mynetworks
> Apr 4 21:00:50 alex postfix/smtpd[4795]: permit_mynetworks: mail-lb0-f179.google.com
> <http://mail-lb0-f179.google.com/> 209.85.217.179 Apr 4 21:00:50 alex postfix/smtpd[4795]:
> match_hostname: mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/> ~? 127.0.0.0/8 Apr 4
> 21:00:50 alex postfix/smtpd[4795]: match_hostaddr: 209.85.217.179 ~? 127.0.0.0/8
> Apr 4 21:00:50 alex postfix/smtpd[4795]: match_hostname: mail-lb0-f179.google.com
> <http://mail-lb0-f179.google.com/> ~? [::ffff:127.0.0.0]/104 Apr 4 21:00:50 alex
> postfix/smtpd[4795]: match_hostaddr: 209.85.217.179 ~? [::ffff:127.0.0.0]/104 Apr 4 21:00:50
> alex postfix/smtpd[4795]: match_hostname: mail-lb0-f179.google.com
> <http://mail-lb0-f179.google.com/> ~? [::1]/128 Apr 4 21:00:50 alex postfix/smtpd[4795]:
> match_hostaddr: 209.85.217.179 ~? [::1]/128
> Apr 4 21:00:50 alex postfix/smtpd[4795]: match_list_match: mail-lb0-f179.google.com
> <http://mail-lb0-f179.google.com/>: no match Apr 4 21:00:50 alex postfix/smtpd[4795]:
> match_list_match: 209.85.217.179: no match
> Apr 4 21:00:50 alex postfix/smtpd[4795]: generic_checks: name=permit_mynetworks status=0
> Apr 4 21:00:50 alex postfix/smtpd[4795]: generic_checks: name=permit_sasl_authenticated
> Apr 4 21:00:50 alex postfix/smtpd[4795]: generic_checks: name=permit_sasl_authenticated status=0
> Apr 4 21:00:50 alex postfix/smtpd[4795]: generic_checks: name=defer_unauth_destination
> Apr 4 21:00:50 alex postfix/smtpd[4795]: reject_unauth_destination: marco at mandelkind.ch
> <mailto:marco at mandelkind.ch> Apr 4 21:00:50 alex postfix/smtpd[4795]: permit_auth_destination:
> marco at mandelkind.ch <mailto:marco at mandelkind.ch> Apr 4 21:00:50 alex postfix/smtpd[4795]:
> ctable_locate: leave existing entry key marco at mandelkind.ch <mailto:marco at mandelkind.ch> Apr 4
> 21:00:50 alex postfix/smtpd[4795]: NOQUEUE: reject: RCPT from mail-lb0-f179.google.com
> <http://mail-lb0-f179.google.com/>[209.85.217.179]: 454 4.7.1 <marco at mandelkind.ch
> <mailto:marco at mandelkind.ch>>: Relay access denied; from=<marbetschar at gmail.com
> <mailto:marbetschar at gmail.com>> to=<marco at mandelkind.ch <mailto:marco at mandelkind.ch>> proto=ESMTP
> helo=<mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/>> Apr 4 21:00:50 alex
> postfix/smtpd[4795]: generic_checks: name=defer_unauth_destination status=2 Apr 4 21:00:50 alex
> postfix/smtpd[4795]: >>> END Recipient address RESTRICTIONS <<<
> Apr 4 21:00:50 alex postfix/smtpd[4795]: > mail-lb0-f179.google.com
> <http://mail-lb0-f179.google.com/>[209.85.217.179]: 454 4.7.1 <marco at mandelkind.ch
> <mailto:marco at mandelkind.ch>>: Relay access denied Apr 4 21:00:50 alex postfix/smtpd[4795]: <
> mail-lb0-f179.google.com <http://mail-lb0-f179.google.com/>[209.85.217.179]: DATA Apr 4 21:00:50
> alex postfix/smtpd[4795]: > mail-lb0-f179.google.com
> <http://mail-lb0-f179.google.com/>[209.85.217.179]: 554 5.5.1 Error: no valid recipients Apr 4
> 21:00:50 alex postfix/smtpd[4795]: < mail-lb0-f179.google.com
> <http://mail-lb0-f179.google.com/>[209.85.217.179]: QUIT Apr 4 21:00:50 alex
> postfix/smtpd[4795]: > mail-lb0-f179.google.com
> <http://mail-lb0-f179.google.com/>[209.85.217.179]: 221 2.0.0 Bye
>
>
> main.cf
> smtpd_banner = $myhostname ESMTP $mail_name
> biff = no
> append_dot_mydomain = no
> readme_directory = no
> smtpd_tls_cert_file=/etc/ssl/ch.mandelkind/wildcard.crt
> smtpd_tls_key_file=/etc/ssl/ch.mandelkind/wildcard.key
> smtpd_use_tls=yes
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> myhostname = mail.mandelkind.ch <http://mail.mandelkind.ch/>
> myorigin = /etc/mailname
> relayhost =
> relay_domains =
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> mydestination = ldap:/etc/postfix/ldap/mydestination.cf
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> mailbox_size_limit = 0
> recipient_delimiter = +
> inet_interfaces = all
> inet_protocols = all
> smtpd_tls_auth_only = yes
> transport_maps = hash:/etc/postfix/transport,
> ldap:/etc/postfix/ldap/hosted_triplet_transport_maps.cf,
> ldap:/etc/postfix/ldap/hosted_duplet_transport_maps.cf
> content_filter = smtp-amavis:[127.0.0.1]:10024
> smtpd_sender_login_maps = $local_recipient_maps
> local_recipient_maps = ldap:/etc/postfix/ldap/hosted_triplet_local_recipient_maps.cf,
> ldap:/etc/postfix/ldap/hosted_duplet_local_recipient_maps.cf
> virtual_alias_maps = $alias_maps,
> ldap:/etc/postfix/ldap/hosted_triplet_virtual_alias_maps.cf,
> ldap:/etc/postfix/ldap/hosted_duplet_virtual_alias_maps.cf,
> ldap:/etc/postfix/ldap/hosted_triplet_virtual_alias_maps_mailforwarding.cf,
> ldap:/etc/postfix/ldap/hosted_duplet_virtual_alias_maps_mailforwarding.cf,
> ldap:/etc/postfix/ldap/hosted_triplet_virtual_alias_maps_sharedfolders.cf,
> ldap:/etc/postfix/ldap/hosted_duplet_virtual_alias_maps_sharedfolders.cf,
> ldap:/etc/postfix/ldap/hosted_triplet_mailenabled_distgroups.cf,
> ldap:/etc/postfix/ldap/hosted_duplet_mailenabled_distgroups.cf,
> ldap:/etc/postfix/ldap/hosted_triplet_mailenabled_dynamic_distgroups.cf,
> ldap:/etc/postfix/ldap/hosted_duplet_mailenabled_dynamic_distgroups.cf,
> ldap:/etc/postfix/ldap/hosted_triplet_virtual_alias_maps_catchall.cf,
> ldap:/etc/postfix/ldap/hosted_duplet_virtual_alias_maps_catchall.cf
> submission_sender_restrictions = reject_non_fqdn_sender, check_policy_service
> unix:private/submission_policy, permit_sasl_authenticated, reject
> submission_recipient_restrictions = check_policy_service unix:private/submission_policy,
> permit_sasl_authenticated, reject smtpd_recipient_restrictions = reject_unauth_pipelining,
> reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org/>,
> reject_non_fqdn_recipient,
> reject_invalid_helo_hostname,
> reject_unknown_recipient_domain,
> check_policy_service unix:private/recipient_policy_incoming
> smtp_tls_security_level = may
> submission_data_restrictions = check_policy_service unix:private/submission_policy
> smtpd_tls_security_level = may
> smtpd_sasl_auth_enable = yes
> smtpd_sender_restrictions = permit_mynetworks, check_policy_service
> unix:private/sender_policy_incoming
>
>
> master.cf
> smtp inet n - n - - smtpd -v
> submission inet n - n - - smtpd
> -o cleanup_service_name=cleanup_submission
> -o syslog_name=postfix/submission
> -o smtpd_tls_security_level=encrypt
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_sasl_authenticated_header=yes
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> -o smtpd_data_restrictions=$submission_data_restrictions
> -o smtpd_recipient_restrictions=$submission_recipient_restrictions
> -o smtpd_sender_restrictions=$submission_sender_restrictions
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> -o header_checks=regexp:/etc/postfix/header_checks.inbound
> -o mime_header_checks=regexp:/etc/postfix/header_checks.inbound
> cleanup_internal unix n - n - 0 cleanup
> -o header_checks=regexp:/etc/postfix/header_checks.internal
> -o mime_header_checks=regexp:/etc/postfix/header_checks.internal
> cleanup_submission unix n - n - 0 cleanup
> -o header_checks=regexp:/etc/postfix/header_checks.submission
> -o mime_header_checks=regexp:/etc/postfix/header_checks.submission
> qmgr fifo n - n 300 1 qmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> proxywrite unix - - n - 1 proxymap
> smtp unix - - n - - smtp
> relay unix - - n - - smtp
> showq unix n - n - - showq
> error unix - - n - - error
> retry unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
> smtp-amavis unix - - n - 3 smtp
> -o smtp_data_done_timeout=1800
> -o disable_dns_lookups=yes
> -o smtp_send_xforward_command=yes
> -o max_use=20
> -o smtp_bind_address=127.0.0.1
> 127.0.0.1:10025 inet n - n - 100 smtpd
> -o cleanup_service_name=cleanup_internal
> -o content_filter=smtp-wallace:[127.0.0.1]:10026
> -o local_recipient_maps=
> -o relay_recipient_maps=
> -o smtpd_restriction_classes=
> -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o mynetworks=127.0.0.0/8
> -o smtpd_authorized_xforward_hosts=127.0.0.0/8
> smtp-wallace unix - - n - 3 smtp
> -o smtp_data_done_timeout=1800
> -o disable_dns_lookups=yes
> -o smtp_send_xforward_command=yes
> -o max_use=20
> 127.0.0.1:10027 inet n - n - 100 smtpd
> -o cleanup_service_name=cleanup_internal
> -o content_filter=
> -o local_recipient_maps=
> -o relay_recipient_maps=
> -o smtpd_restriction_classes=
> -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o mynetworks=127.0.0.0/8
> -o smtpd_authorized_xforward_hosts=127.0.0.0/8
> recipient_policy unix - n n - - spawn
> user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-recipient
> recipient_policy_incoming unix - n n - - spawn
> user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-recipient
> --allow-unauthenticated sender_policy unix - n n - -
> spawn
> user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-sender
> sender_policy_incoming unix - n n - - spawn
> user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-sender
> --allow-unauthenticated submission_policy unix - n n - -
> spawn
> user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-sender --verify-recipient
What is your postfix main.cf?
--
Best regards
Thomas Spuhler
All of my e-mails have a valid digital signature
ID 60114E63
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.kolab.org/pipermail/users/attachments/20150406/55c1d560/attachment.sig>
More information about the users
mailing list