On Fri, Aug 06, 2021 at 10:59:00PM +0000, [email protected] wrote:
> On 8/6/21 1:00 AM, Viktor Dukhovni wrote: > > On Fri, Aug 06, 2021 at 03:05:03AM +0000, [email protected] > > wrote: > > > >> I followed your advice and now the traffic is hitting my gateway as it > >> should. The problem is, now it's getting refused. > >> > >> Firewall rules specify input interface in DNAT rules now. So instead of > >> simply forwarding ports 587 and 465, it is also requiring that the > >> public interface is the originating one. Let's call it "enp1s0". > >> > >> I eagerly await your feedback. > > > > I eagerly await the relevant log entries (and "postconf -nf" + "postconf > > -Mf" > > outputs) posted to the list. > > Here are the results for postconf -nf: And what question did you want to ask in relation to this configuration, and where are the relevant logs? Post your reply to the postfix-users *list*, not to my personal email address. > ###BEGIN OUTPUT### > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > command_directory = /usr/sbin > compatibility_level = 2 > daemon_directory = /usr/lib/postfix/sbin > data_directory = /var/lib/postfix > debug_peer_list = 127.0.0.1 > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd > $daemon_directory/$process_name $process_id & sleep 5 > home_mailbox = Maildir/ > inet_interfaces = all > inet_protocols = ipv4 > local_recipient_maps = unix:passwd.byname $alias_maps > mail_owner = postfix > mailbox_size_limit = 18253611008 > mailq_path = /usr/bin/mailq > message_size_limit = 10485760 > mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain > mydomain = krowverse.services > myhostname = mx.krowverse.services > mynetworks = 127.0.0.0/8 172.16.101.0/27 > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases > proxy_interfaces = 172.16.101.4 > relay_domains = > relayhost = [mx.krowverse.services] > sendmail_path = /usr/sbin/postfix > setgid_group = postdrop > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd > smtp_tcp_port = submission > smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 > smtpd_banner = $myhostname ESMTP > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname > smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, > permit_sasl_authenticated, reject_rbl_client cbl.abuseat.org, > reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org, > reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client > zen.spamhaus.org, permit > smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = $myhostname > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > smtpd_tls_cert_file = > /import/RAPTORGAZE/LetsEncrypt/live/mx.krowverse.services/fullchain.pem > smtpd_tls_key_file = > /import/RAPTORGAZE/LetsEncrypt/live/mx.krowverse.services/privkey.pem > smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > smtpd_use_tls = yes > unknown_local_recipient_reject_code = 550 > > ###END OUTPUT### > > And here is the output of postconf -Mf: > > ###BEGIN OUTPUT### > smtp inet n - y - - smtpd > submission inet n - n - - smtpd -v > -o syslog_name=postfix/submission > -o smtpd_sasl_auth_enable=yes > -o smtpd_tls_auth_only=yes > smtps inet n - y - - smtpd > -o syslog_name=postfix/smtps > -o smtpd_tls_wrappermode=yes > -o > smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain > -o milter_macro_daemon_name=ORIGINATING > pickup unix n - y 60 1 pickup > cleanup unix n - y - 0 cleanup > qmgr unix n - n 300 1 qmgr > tlsmgr unix - - y 1000? 1 tlsmgr > rewrite unix - - y - - trivial-rewrite > bounce unix - - y - 0 bounce > defer unix - - y - 0 bounce > trace unix - - y - 0 bounce > verify unix - - y - 1 verify > flush unix n - y 1000? 0 flush > proxymap unix - - n - - proxymap > proxywrite unix - - n - 1 proxymap > smtp unix - - y - - smtp > relay unix - - y - - smtp > -o syslog_name=postfix/$service_name > showq unix n - y - - showq > error unix - - y - - error > retry unix - - y - - error > discard unix - - y - - discard > local unix - n n - - local > virtual unix - n n - - virtual > lmtp unix - - y - - lmtp > anvil unix - - y - 1 anvil > scache unix - - y - 1 scache > postlog unix-dgram n - n - 1 postlogd > maildrop unix - n n - - pipe flags=DRhu > user=vmail argv=/usr/bin/maildrop -d ${recipient} > uucp unix - n n - - pipe flags=Fqhu > user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) > ifmail unix - n n - - pipe flags=F > user=ftn > argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) > bsmtp unix - n n - - pipe flags=Fq. > user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient > scalemail-backend unix - n n - 2 pipe flags=R > user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} > ${user} ${extension} > mailman unix - n n - - pipe flags=FR > user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} > ${user} > > ###END OUTPUT### > > I hope this helps. I eagerly await your feedback. Sadly none is possible, without the relevant context. -- Viktor.
