On Wed, Jul 28, 2021 at 06:21:55AM +0200, Jean-François Bachelet <jfbache...@free.fr> wrote:
> Hello ^^) > > I have some problems with my postfix install, will report one by one : > > I have activated the 'soft_bounce = yes' option in main.cf to see what > happens. > > > 1 / Mail sent by some daemons running as 'root' (here it's Pflogsumm, per > example) with 'r...@server.mydomain.com' > > for 'r...@server.domain.com' are bounced/rejected, as reported in > '/var/spool/postfix/defer/' : > > ---------------------------------------------------------------------------------------------------------------------- > <r...@server.mydomain.com>: mail for server.mydomain.com loops back to > myself > recipient=r...@server.mydomain.com > offset=780 > dsn_orig_rcpt=rfc822;r...@server.mydomain.com > status=4.4.6 > action=delayed > reason=mail for server.mydomain.com loops back to myself > > --------------------------------------------------------------------------------------------------------------------- > > > in the '/var/spool/postfix/deferred' dir I find the 'pflogsumm' mail for > 'root' > > ---------------------------------------------------------------------------------------------------------------------- > > Postfix log summaries for Jul 28 > > Grand Totals > ------------ > messages > > 14 received > 9 delivered > 0 forwarded > 0 deferred > 4 bounced > 0 rejected (0%) > 0 reject warnings > 0 held > 0 discarded (0%) > > 78102 bytes received > 50082 bytes delivered > 1 senders > 1 sending hosts/domains > 2 recipients > 2 recipient hosts/domains > > > Per-Hour Traffic Summary > ------------------------ > time received delivered deferred bounced rejected > -------------------------------------------------------------------- > 0000-0100 0 0 0 0 0 > 0100-0200 2 1 0 2 0 > 0200-0300 0 0 0 0 0 > 0300-0400 4 2 0 2 0 > 0400-0500 8 6 0 0 0 > 0500-0600 0 0 0 0 0 > 0600-0700 0 0 0 0 0 > 0700-0800 0 0 0 0 0 > 0800-0900 0 0 0 0 0 > 0900-1000 0 0 0 0 0 > 1000-1100 0 0 0 0 0 > 1100-1200 0 0 0 0 0 > 1200-1300 0 0 0 0 0 > 1300-1400 0 0 0 0 0 > 1400-1500 0 0 0 0 0 > 1500-1600 0 0 0 0 0 > 1600-1700 0 0 0 0 0 > 1700-1800 0 0 0 0 0 > 1800-1900 0 0 0 0 0 > 1900-2000 0 0 0 0 0 > 2000-2100 0 0 0 0 0 > 2100-2200 0 0 0 0 0 > 2200-2300 0 0 0 0 0 > 2300-2400 0 0 0 0 0 > > Host/Domain Summary: Message Delivery > -------------------------------------- > sent cnt bytes defers avg dly max dly host/domain > -------- ------- ------- ------- ------- ----------- > 5 25140 0 0.3 s 0.4 s server.mydomain.com > 4 24942 0 3.2 s 6.5 s me@my_email.fr > > Host/Domain Summary: Messages Received > --------------------------------------- > msg cnt bytes host/domain > -------- ------- ----------- > 14 78102 server.mydomain.com > > Senders by message count > ------------------------ > 14r...@server.mydomain.com > > Recipients by message count > --------------------------- > 5r...@dserver.mydomain.com > 4me@my_email.fr > > Senders by message size > ----------------------- > 78102r...@server.mydomain.com > > Recipients by message size > -------------------------- > 25140r...@server.mydomain.com > 24942me@my_email.fr > > message deferral detail: none > > message bounce detail (by relay) > -------------------------------- > none (total: 4) > 4 mail for server.mydomain.com loops back to myself > > message reject detail: none > > message reject warning detail: none > > message hold detail: none > > message discard detail: none > > smtp delivery failures: none > > Warnings > -------- > anvil (total: 6) > 6 /etc/postfix/main.cf, line 704: overriding earlier entry: > smtpd... > bounce (total: 4) > 2 /etc/postfix/main.cf, line 704: overriding earlier entry: > smtpd... > 2 /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd... > cleanup (total: 2) > 2 /etc/postfix/main.cf, line 704: overriding earlier entry: > smtpd... > master (total: 6) > 6 /etc/postfix/main.cf, line 710: overriding earlier entry: > smtpd... > pickup (total: 5) > 3 /etc/postfix/main.cf, line 704: overriding earlier entry: > smtpd... > 2 /etc/postfix/main.cf, line 710: overriding earlier entry: > smtpd... > postdrop (total: 2) > 2 /etc/postfix/main.cf, line 704: overriding earlier entry: > smtpd... > postfix (total: 3) > 3 /etc/postfix/main.cf, line 710: overriding earlier entry: > smtpd... > postfix-script (total: 5) > 5 symlink leaves directory:/etc/postfix/./makedefs.out > postlog (total: 5) > 5 /etc/postfix/main.cf, line 710: overriding earlier entry: > smtpd... > postsuper (total: 2) > 2 /etc/postfix/main.cf, line 710: overriding earlier entry: > smtpd... > qmgr (total: 2) > 2 /etc/postfix/main.cf, line 710: overriding earlier entry: > smtpd... > sendmail (total: 2) > 2 /etc/postfix/main.cf, line 704: overriding earlier entry: > smtpd... > smtp (total: 6) > 4 /etc/postfix/main.cf, line 704: overriding earlier entry: > smtpd... > 2 /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd... > smtpd (total: 8) > 8 /etc/postfix/main.cf, line 704: overriding earlier entry: > smtpd... > trivial-rewrite (total: 4) > 2 /etc/postfix/main.cf, line 704: overriding earlier entry: > smtpd... > 2 /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd... > > Fatal Errors: none > > Panics: none > > Master daemon messages > ---------------------- > 5 daemon started -- version 3.4.14, configuration /etc/postfix > 2 terminating on signal 15 > > ------------------------------------------------------------------------------------------------------------------ > > > as you can see messages sent by 'pflogsumm for 'root' are pruned, and if I > tell 'pflogsumm' to send to me directly messages are delivered fine to my > personal mailbox > > > I don't understand as in the 'aliases' file I have set 'root: > me@my_email.fr' so mail sent to 'root' should end in my personal mailbox... > > Postfix problems should be reported to 'postmaster' too (in aliases it's set > to deliver to root) and it's not, but I don't find any bounced or > rejected/deffered > > messages for 'postmaster' in the entire '/var/spool/postfix' dir... > > > what can prevent the aliases to work there ? > > the aliases file : > > ------------------------------------------------------------ > > # See man 5 aliases for format > postmaster: root > clamav: root > root: me@my_email.fr > ------------------------------------------------------------ > > > there is a lot of warnings at the end of the report too. that warnings are > the reason of my second question/problem : > > > 2 / in the Postfix logfile '/var/log/mail.warn' I find the whole lines > reported in the 'pflogsumm' warnings : > > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Jul 28 03:56:52 discovery postfix/postfix-script[1525]: warning: symlink > leaves directory: /etc/postfix/./makedefs.out > Jul 28 04:05:16 discovery postfix/postfix-script[1185]: warning: symlink > leaves directory: /etc/postfix/./makedefs.out > Jul 28 05:10:16 discovery postfix/trivial-rewrite[1830]: warning: > /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > Jul 28 05:10:16 discovery postfix/smtp[1831]: warning: /etc/postfix/main.cf, > line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > Jul 28 05:10:16 discovery postfix/bounce[1832]: warning: > /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > Jul 28 05:15:16 discovery postfix/trivial-rewrite[1841]: warning: > /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > Jul 28 05:15:16 discovery postfix/smtp[1842]: warning: /etc/postfix/main.cf, > line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > Jul 28 05:15:16 discovery postfix/bounce[1843]: warning: > /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > Jul 28 05:25:10 discovery postfix/sendmail[1882]: warning: > /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > Jul 28 05:25:10 discovery postfix/postdrop[1883]: warning: > /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > Jul 28 05:25:10 discovery postfix/cleanup[1884]: warning: > /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > Jul 28 05:25:10 discovery postfix/trivial-rewrite[1885]: warning: > /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > Jul 28 05:25:10 discovery postfix/smtp[1886]: warning: /etc/postfix/main.cf, > line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > Jul 28 05:25:10 discovery postfix/smtpd[1889]: warning: > /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > Jul 28 05:25:10 discovery postfix/smtp[1891]: warning: /etc/postfix/main.cf, > line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > Jul 28 05:25:16 discovery postfix/bounce[1892]: warning: > /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > Jul 28 05:40:21 discovery postfix/pickup[1958]: warning: > /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > beside the habitual (on debian) 'makedefs.out' warning I have a problem with > my postfix configuration that I don't see how to correct it... > > ----------------------------------------------------------- > > ~# postconf -n > > postconf: warning: /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > command_directory = /usr/sbin > compatibility_level = 2 > content_filter = smtp-amavis:[127.0.0.1]:10024 > daemon_directory = /usr/lib/postfix/sbin > data_directory = /var/lib/postfix > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd > $daemon_directory/$process_name $process_id & sleep 5 > home_mailbox = Maildir/ > inet_interfaces = all > inet_protocols = ipv4 > local_recipient_maps = unix:passwd.byname $alias_maps > mail_owner = postfix > mailbox_size_limit = 2147483648 > mailq_path = /usr/bin/mailq > message_size_limit = 10485760 > mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain > mydomain = my_domainFQDN.com > myhostname = mail.my_domainFQDN.com > mynetworks = 127.0.0.0/8, 10.0.0.0/24 > mynetworks_style = subnet > myorigin = $myhostname > newaliases_path = /usr/bin/newaliases > sendmail_path = /usr/bin/postfix > setgid_group = postdrop > smtpd_banner = $myhostname ESMTP > smtpd_helo_restrictions = reject_invalid_helo_hostname, > reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname > (the line #705) : smtpd_recipient_restrictions = reject_invalid_hostname, > reject_unknown_recipient_domain, reject_unauth_destination, > reject_rbl_client sbl.spamhaus.org, permit > smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = $myhostname > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > soft_bounce = yes (for now, I'm debugging ;)) > unknown_local_recipient_reject_code = 550 > > -------------------------------------------------------------------------- > > > and what's exactly in 'main.cf' around that problematic 705 line : > > -------------------------------------------------------------------------------------------------- > > 692 > 693 # SMTP-Auth settings > 694 smtpd_sasl_type = dovecot > 695 smtpd_sasl_path = private/auth > 696 smtpd_sasl_auth_enable = yes > 697 smtpd_sasl_security_options = noanonymous > 698 smtpd_sasl_local_domain = $myhostname > 699 smtpd_recipient_restrictions = permit_mynetworks, > permit_auth_destination, permit_sasl_authenticated, reject > 700 > 701 # Content Filter for Antivirus Scan (ClamAV + Amavis) > 702 content_filter = smtp-amavis:[127.0.0.1]:10024 > 703 > 704 # SMTP Restrictions Defaults + Anti-Spam > 705 smtpd_recipient_restrictions = reject_invalid_hostname, > 706 reject_unknown_recipient_domain, > 707 reject_unauth_destination, > 708 reject_rbl_client sbl.spamhaus.org, > 709 permit > 710 > 711 smtpd_helo_restrictions = reject_invalid_helo_hostname, > 712 reject_non_fqdn_helo_hostname, > 713 reject_unknown_helo_hostname > 714 > > --------------------------------------------------------------------------------------------------- > > > I took the defaults 'SMTP Restrictions' stuff (line 704 to 713) in there : > https://wiki.debian.org/Postfix#anti-spam:_smtp_restrictions > > btw now I think 'if this are SMTP restrictions, so why the 'smtpd' at > beginning of line 705 ???' shouln't it be 'smtp' there. > > (same question for 'smtpd_helo' at line 711 : shouldn't it be 'smtp' there.) > > > that will explain the > > postconf: warning: /etc/postfix/main.cf, line 705: overriding earlier entry: > smtpd_recipient_restrictions=permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject... > > > Thanks by advance to light my (postfix newbee) bulb ^^) > > Jeff Hi, The "overriding earlier entry" warning means that you have two definitions of smtpd_recipient_restrictions in main.cf. The first of them (above line 705, the one being overridden) is: smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject The second of them (at line 705, the one doing the overriding) is: smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, permit Postfix uses whichever comes last, and warns you about the earlier ones. If the value in use is correct, then delete the one that appears above it in main.cf, and the warning should stop. The makedefs.out warning can be stopped by deleting the makedefs.out symlink, or by replacing it with the real symlinked-to file in /usr/share/postfix/makedefs.out. I can't see what's causing your real problem (non-delivery to root), but a theory is that you have: local_recipient_maps = unix:passwd.byname $alias_maps which is slightly different to the default: local_recipient_maps = proxy:unix:passwd.byname $alias_maps The difference means that access to /etc/passwd might not work for postfix services that are chrooted. Just a thought. It might be irrelevant. You could try leaving local_recipient_maps at its default, and see what happens. One thing that seems strange to me is that permit_mynetworks and permit_sasl_authenticated don't appear in your smtpd_recipient_restrictions. These were in the overridden value. Maybe you need to add them back into your smtpd_recipient_restrictions. But again, this might not be relevant to your problem. There seem to be a lot of things in the postconf -n output that match the default values (e.g. newaliases_path, setgid_group, ...). They can be removed from main.cf. But there's one setting that seems very odd: sendmail_path = /usr/bin/postfix Is there a good reason for that? It would normally be sendmail_path = /usr/sbin/sendmail You could try removing that and seeing if it helps. As for the real problem "mail for server.mydomain.com loops back to myself", maybe "server.mydomain.com" should be in $mydestinations? If MX for sender.mydomain.com is mail.my_domainFQDN.com but mail.my_domainFQDN.com doesn't know to deliver mail for sender.mydomain.com locally, then it might loop(?). But don't trust me. I'm not an expert. This might be a bad idea. Good luck. cheers, raf
