Dear postfix users,
Finally, I cut over my old server onto the replacement server. I
wonder if some of you would have a gander at these questions, and then
point me in the right direction?
Regards,s.
Broken Pipe (plumber wanted)
1) Just noticed this message in the logs just as a new mail server
went into production:
Jan 25 13:54:20 logout postfix/qmgr[2599]: 2F19A8437B:
from=<owner-postfix-us...@cloud9.net>, size=2847, nrcpt=1 (queue active)
Jan 25 13:54:20 logout postfix/smtpd[21183]: warning:
network_biopair_interop: error writing 53 bytes to the network: Broken pipe
Jan 25 13:54:20 logout postfix/smtpd[21183]: warning:
network_biopair_interop: error writing 37 bytes to the network: Broken pipe
Jan 25 13:54:20 logout postfix/smtpd[21183]: disconnect from
smtp143.junkemailfilter.com[69.50.231.143]
junkmailfilter.com kindly provides the secondary MX. (They are great :D )
Does anyone recognise this error message and know what action should be
taken (if any).
MILTER QUESTION
2) The spamass-milter used to fire during the SMTP session, yet
checking the logs, I see that it does not anymore (grep -i milter
/var/loh/mail.* gives nothing).
The main.cf has :
milter_default_action = tempfail
smtpd_milters = unix:/spamass/spamass.sock
The full postconf -n is this:
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
disable_vrfy_command = yes
inet_interfaces = all
mailbox_size_limit = 0
maps_rbl_domains = sbl.spamhaus.org
message_size_limit = 20480000
milter_default_action = tempfail
mydestination = localhost.localdomain, localhost
myhostname = omgnomail.co.uk
mynetworks = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_helo_timeout = 60s
smtp_mail_timeout = 60s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 40
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
reject_unlisted_recipient, reject_unlisted_sender,
regexp:/etc/postfix/helo.regexp, permit
smtpd_milters = unix:/spamass/spamass.sock
smtpd_recipient_restrictions = sleep 3,
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service
inet:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
virtual_alias_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/sql/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot-spamass
3) My last question is a little config one. I see that port 25 smtpd
advertised SMTP-AUTH. Frankly, no users should authenicate nor send
email on port 25. They should be using port 587 for SMTP-AUTH. The
only use of AUTH I have noticed on port 25 to-day was from the script
kiddie running every second:
Jan 24 21:47:10 logout dovecot: auth-worker(default):
pam(stefano,72.55.148.230): pam_authenticate() failed: Authentication
failure (password mismatch?)
Jan 24 21:47:10 logout dovecot: auth-worker(default):
sql(stefano,72.55.148.230): unknown user
There are many guides out there on how to get SMTP-AUTH working, yet no
article I could find about disabling SMTP-AUTH on port 25.
Would anyone know how I could do this. Presumably in the master.cf, as
I only want port 25, and not the other ports, affected.
