Модераторы: Trinity admin`s, Free-lance moderator`s
-
_DimON_
- Junior member
- Сообщения: 13
- Зарегистрирован: 13 апр 2006, 09:29
- Откуда: Белгород
Postfix. 451 4.3.0 Temporary lookup failure
Приветствую! Господа, в логе почтовика встречается следующая запись
Код: Выделить всё
postfix/smtpd[22009]: 1695731B930: reject: RCPT from unknown[81.17.85.187]: 451 4.3.0 <user@mydomen.ru>: Temporary lookup failure; from=<tengdq@msn.com> to=<user@mydomen.ru> proto=ESMTP helo=<[81.17.85.187]>Используется Postfix. Аккаунты, транспорт, домены хранятся в MySQL. Куда копать?.
Перерыл пол гугля. Пока никаких выводов не сделал. На момент появления ошибок в логе Postfix’а, в логе MySQL чисто. Проблема проявляется и для внешних адресов и при пересылке внутри домена.
При необходимости могу выложить нужные конфиги…
Заранее спасибо.
-
spiner
- Junior member
- Сообщения: 5
- Зарегистрирован: 17 мар 2009, 19:35
- Откуда: Moscow
Re: Postfix. 451 4.3.0 Temporary lookup failure
Сообщение
spiner » 17 мар 2009, 19:37
Выложи postconf -n | grep mysql
-
Fast
- Power member
- Сообщения: 37
- Зарегистрирован: 03 авг 2007, 15:10
- Откуда: Minsk
- Контактная информация:
Re: Postfix. 451 4.3.0 Temporary lookup failure
Сообщение
Fast » 17 мар 2009, 20:43
а заодно приведите вывод:
из mysql.
Есть подозрение на то что по дефолту значения в 100 коннектов не хватает.
-
_DimON_
- Junior member
- Сообщения: 13
- Зарегистрирован: 13 апр 2006, 09:29
- Откуда: Белгород
Re: Postfix. 451 4.3.0 Temporary lookup failure
Сообщение
_DimON_ » 18 мар 2009, 09:20
Код: Выделить всё
mail# postconf -n | grep mysql | less
transport_maps = mysql:$base/mysqlLookupMaps/transport.conf
virtual_alias_maps = mysql:$base/mysqlLookupMaps/alias.conf
virtual_mailbox_domains = mysql:$base/mysqlLookupMaps/domain.conf
virtual_mailbox_limit_maps = mysql:$base/mysqlLookupMaps/quota.conf
virtual_mailbox_maps = mysql:$base/mysqlLookupMaps/mailbox.conf
Код: Выделить всё
mysql> show variables like '%connections';
+----------------------+-------+
| Variable_name | Value |
+----------------------+-------+
| max_connections | 300 |
| max_user_connections | 0 |
+----------------------+-------+
2 rows in set (0.00 sec)
-
spiner
- Junior member
- Сообщения: 5
- Зарегистрирован: 17 мар 2009, 19:35
- Откуда: Moscow
Re: Postfix. 451 4.3.0 Temporary lookup failure
Сообщение
spiner » 18 мар 2009, 16:15
Попробуйте к mysql через прокси подключаться.
proxy:mysql:
-
_DimON_
- Junior member
- Сообщения: 13
- Зарегистрирован: 13 апр 2006, 09:29
- Откуда: Белгород
Re: Postfix. 451 4.3.0 Temporary lookup failure
Сообщение
_DimON_ » 18 мар 2009, 22:51
Через прокси пробовал — легче, но не намного…
Сегодня, в качестве эксперимента, сделал замену.
Код: Выделить всё
transport_maps = mysql:$base/mysqlLookupMaps/transport.confпоменял на
Выбор был обусловлен тем, что в логах было обнаружено сообщение
Код: Выделить всё
postfix/trivial-rewrite[12580]: warning: transport_maps lookup failureПроблема, по крайней мере на данный момент, ушла или существенно стала меньше. Но теперь через postfix-admin не добавишь виртуальных доменов. Да и не аккуратненько получается, т.к. отломал чать функционала.
-
spiner
- Junior member
- Сообщения: 5
- Зарегистрирован: 17 мар 2009, 19:35
- Откуда: Moscow
Re: Postfix. 451 4.3.0 Temporary lookup failure
Сообщение
spiner » 18 мар 2009, 23:17
А если сделать более детальные логи postfix? Они очень информативны.
-
_DimON_
- Junior member
- Сообщения: 13
- Зарегистрирован: 13 апр 2006, 09:29
- Откуда: Белгород
Re: Postfix. 451 4.3.0 Temporary lookup failure
Сообщение
_DimON_ » 18 мар 2009, 23:22
Благодаря детальным и нашел… В них видно, что идет коннект к серверу, потом ошибка в trivial-rewrite и отправителю говорят Reject и, указанную в теме ошибку, видит и отправитель и я в логах. Письмо отбито.
Более точно видно будет на работе. Удаленный доступ наружу не провешен…
-
spiner
- Junior member
- Сообщения: 5
- Зарегистрирован: 17 мар 2009, 19:35
- Откуда: Moscow
Re: Postfix. 451 4.3.0 Temporary lookup failure
Сообщение
spiner » 18 мар 2009, 23:31
Правильно ли я понял, что ошибка появляется не всегда? Может все-таки изучить во время ошибки запросы к mysql? Мне кажется, что именно туда и надо копать.
-
_DimON_
- Junior member
- Сообщения: 13
- Зарегистрирован: 13 апр 2006, 09:29
- Откуда: Белгород
Re: Postfix. 451 4.3.0 Temporary lookup failure
Сообщение
_DimON_ » 19 мар 2009, 10:00
Правильно. Но в логах мускула чисто. Ощущение, будто postfix обратился, но запрос до мускула не дошел. Как-будто какое-то ограничение сработало.
Выяснил еще одну вещь. Старый админ, от которого мне сервер достался, на почтовике не пересобирал ядро. Там Generic крутится.
-
spiner
- Junior member
- Сообщения: 5
- Зарегистрирован: 17 мар 2009, 19:35
- Откуда: Moscow
Re: Postfix. 451 4.3.0 Temporary lookup failure
Сообщение
spiner » 19 мар 2009, 10:52
Хм.. Пусть крутится. Если использование прокси для подключения к mysql хоть как-то, но помогает, может использовать его или увеличить число коннектов в mysql (хотя 300 — это много, но я не знаю нагрузку на сервер)
Вернуться в «Серверы — ПО, Unix подобные системы»
Перейти
- Серверы
- ↳ Серверы — Конфигурирование
- ↳ Конфигурации сервера для 1С
- ↳ Серверы — Решение проблем
- ↳ Серверы — ПО, Unix подобные системы
- ↳ Серверы — ПО, Windows система, приложения.
- ↳ Серверы — ПО, Базы Данных и их использование
- ↳ Серверы — FAQ
- Дисковые массивы, RAID, SCSI, SAS, SATA, FC
- ↳ Массивы — RAID технологии.
- ↳ Массивы — Технические вопросы, решение проблем.
- ↳ Массивы — FAQ
- Майнинг, плоттинг, фарминг (Добыча криптовалют)
- ↳ Proof Of Work
- ↳ Proof Of Space
- Кластеры — вычислительные и отказоустойчивые ( SMP, vSMP, NUMA, GRID , NAS, SAN)
- ↳ Кластеры, Аппаратная часть
- ↳ Deep Learning и AI
- ↳ Кластеры, Программное обеспечение
- ↳ Кластеры, параллельные файловые системы
- Медиа технологии, и цифровое ТВ, IPTV, DVB
- ↳ Станции видеомонтажа, графические системы, рендеринг.
- ↳ Видеонаблюдение
- ↳ Компоненты Digital TV решений
- ↳ Студийные системы, производство ТВ, Кино и рекламы
- Инфраструктурное ПО и его лицензирование
- ↳ Виртуализация
- ↳ Облачные технологии
- ↳ Резервное копирования / Защита / Сохранение данных
- Сетевые решения
- ↳ Сети — Вопросы конфигурирования сети
- ↳ Сети — Технические вопросы, решение проблем
- Общие вопросы
- ↳ Обсуждение общих вопросов
- ↳ Приколы нашего IT городка
- ↳ Регистрация на форуме
Добрый день. Имеется Centos 6.2, а на нем Postfix-2.6.6. Работал полгода без проблем.Проблема в следующем вот уже несколько дней появляется прихожу утром и вижу в логах следующее:
Nov 6 06:55:27 proxy postfix/smtpd[26398]: NOQUEUE: reject_warning: RCPT from vancoover.org.ua[85.17.138.224]: 451 4.3.0 <market@domain.com>: Temporary lookup failure; from=<???@espro.org.ua> to=<market@domain.com> proto=ESMTP helo=<star-media.org>
Nov 6 06:55:27 proxy postfix/smtpd[26269]: NOQUEUE: reject_warning: RCPT from vancoover.org.ua[85.17.138.224]: 451 4.3.0 <market@domain.com>: Temporary lookup failure; from=<???@hijet.org.ua> to=<market@domain.com> proto=ESMTP helo=<star-media.org>
Nov 6 06:55:27 proxy postfix/smtpd[25823]: NOQUEUE: reject_warning: RCPT from vancoover.org.ua[85.17.138.224]: 451 4.3.0 <market@domain.com>: Temporary lookup failure; from=<???@hijet.org.ua> to=<market@domain.com> proto=ESMTP helo=<star-media.org>
На root пришло след письмо
Transcript of session follows.
Out: 220 post.betonmash.com ESMTP Postfix
In: EHLO star-media.org
Out: 250-post.betonmash.com
Out: 250-PIPELINING
Out: 250-SIZE 35840000
Out: 250-ETRN
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In: MAIL FROM:<???@barracuda.org.ua> SIZE=280572
Out: 250 2.1.0 Ok
In: RCPT TO:<urist@betonmash.com> ORCPT=rfc822;urist@betonmash.com
Out: 451 4.3.0 < @barracuda.org.ua>: Temporary lookup failure
In: DATA
Out: 554 5.5.1 Error: no valid recipients
In: RSET
Out: 250 2.0.0 Ok
In: QUIT
Out: 221 2.0.0 Bye
For other details, see the local mail logfile
При этом лог разрастается до вселенских размеров. При этом в 23:00 запускается awstats для парсинга и отжирает все ресурсы, все начинат дико тормозить.
Так как думал что спам атака то в первый день закрыл этот ip 85.17.138.134 в iptables. И добавил ограничения на соединения в main.cf
anvil_rate_time_unit=60s
smtpd_client_connection_rate_limit=20
smtpd_client_connection_count_limit=3
smtpd_connection_message_rate_limit=10
И внес в проверку заголовков header_checks=pcre:/etc/… след строку /From:.*<[?]+([^>]+)/ REJECT In your email adress wrong symbols Для отсеивания адресов вида ????@.
Но сегодня ситуация опять повторилась но в логе уже был другой ip и сервак
Nov 9 07:15:35 proxy postfix/smtpd[19579]: NOQUEUE: reject_warning: RCPT from mail.betterwitnesses.com[63.226.243.162]: 451 4.3.0 <urist@domain.com>: Temporary lookup failure; from=<MASTERGROUP???@pledgebank.org.ua> to=<urist@domain.com> proto=ESMTP helo=<betterwitnesses.com>
Nov 9 07:15:35 proxy postfix/smtpd[19579]: NOQUEUE: reject_warning: RCPT from mail.betterwitnesses.com[63.226.243.162]: 451 4.3.0 <urist@domain.com>: Temporary lookup failure; from=<MASTERGROUP???@pledgebank.org.ua> to=<urist@domain.com> proto=ESMTP helo=<betterwitnesses.com>
Тогда прслушал tcpdumpom все интерфейсы никаких соединений на smtp порт не было. Но ошибки продолжали сыпаться. Затем обрубил 25 порт на инетовском и локальном интерфейсе — ошибки все равно продолжали валиться. Посмотрел qshape — все очереди пусты, да и в логах пишет что NOQUEUE.
Только после перезапуска postfix ошибки перестали валиться.
Очень прошу помогите, в чем может быть причина.
Вот конфиги постфикса и mysql:
myhostname = post.betonmash.com
smtp_helo_name = post.betonmash.com
mydomain = betonmash.com
myorigin = betonmash.com
mynetworks_style = host
mynetworks = 127.0.0.0/8 192.168.0.0/24
mydestination =
#local_recipient_maps = $virtual_mailbox_maps
##############System defaults###################
inet_protocols = ipv4
#inet_ifaces = all
#########Section for users and aliases##########
alias_maps = hash:/etc/aliases
virtual_mailbox_base = /var/spool/mailboxes
virtual_mailbox_domains = mysql:/etc/postfix/virtual_maps/virtual_domains.cf
virtual_uid_maps = mysql:/etc/postfix/virtual_maps/virtual_uid.cf
virtual_gid_maps = $virtual_uid_maps
transport_maps = mysql:/etc/postfix/virtual_maps/virtual_transport.cf
virtual_mailbox_maps = mysql:/etc/postfix/virtual_maps/virtual_users.cf
virtual_alias_maps = mysql:/etc/postfix/virtual_maps/virtual_aliases.cf
debug_peer_level = 2
##########Section for restrictions and spamming##############
smtpd_recipient_restrictions =
warn_if_reject reject_non_fqdn_recipient
warn_if_reject reject_unknown_recipient_domain
permit_mynetworks
reject_unauth_destination
check_recipient_access hash:/etc/postfix/restrictions/recipient_exceptions
check_client_access hash:/etc/postfix/restrictions/client_access
reject_unknown_reverse_client_hostname
reject_unknown_client
check_helo_access hash:/etc/postfix/restrictions/hello_access
check_helo_access pcre:/etc/postfix/restrictions/hello_checks
reject_unknown_hostname
reject_non_fqdn_hostname
reject_invalid_hostname
check_sender_access hash:/etc/postfix/restrictions/sender_access
check_sender_mx_access cidr:/etc/postfix/restrictions/bogus_mx
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_rbl_client dnsbl.njabl.org
reject_rbl_client bl.spamcop.net
reject_rbl_client cbl.abuseat.org
check_policy_service inet:127.0.0.1:2501
permit
header_checks = pcre:/etc/postfix/restrictions/mime_header_checks
smtp_data_restrictions = reject_multi_recipient_bounce
################Restrictions for connections################
smtp_soft_error_limit = 5
smtp_hard_error_limit = 10
smtp_error_sleep_time = 1s
#################Restriction for lifetime##################
maximum_queue_lifetime = 5d
queue_run_delay = 10m
anvil_rate_time_unit=60s
smtpd_client_connection_rate_limit=20
smtpd_client_connection_count_limit=3
smtpd_connection_message_rate_limit=10
###########Other restrictions##################
disable_vrfy_command = yes
smtpd_banner = $myhostname ESMTP $mail_name
message_size_limit = 35840000
###########SMTP AUTH FOR SERVER-SERVER###########
#smtp_sasl_auth_enable = yes
#smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd.db
##########Scaning conent for viruses and spam###############
content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings
***********************Вот mysql***********************
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
default-character-set=utf8
character-set-server=utf8
init-connect=’SET NAMES UTF8′
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[client]
default-character-set=utf8
Ошибок в mysqllog нет:
121101 11:12:21 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
121101 11:13:30 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
121101 11:13:30 [Warning] ‘—default-character-set’ is deprecated and will be removed in a future release. Please use ‘—character-set-server’ instead.
121101 11:13:31 InnoDB: Initializing buffer pool, size = 8.0M
121101 11:13:31 InnoDB: Completed initialization of buffer pool
121101 11:13:31 InnoDB: Started; log sequence number 0 44233
121101 11:13:31 [Note] Event Scheduler: Loaded 0 events
121101 11:13:31 [Note] /usr/libexec/mysqld: ready for connections.
Version: ‘5.1.61’ socket: ‘/var/lib/mysql/mysql.sock’ port: 3306 Source distribution
This problem caused me quite a bit of grief, nearly a whole day of tweaking and learning and finally I figured it out.
The problem was a password mismatch. I guess I had a weird character in my mySQL password, that I didn’t have in my query string.
A little more background.
I’ve been configuring a postfix mail engine with a mySQL database, using table lookups and virtual hosts. (Note: if you’re looking for a great tutorial, you can find one at flurdy.com)
According that that tutorial, I had set up everything as it asked, so I went to test the configuration using a telnet session through my SSH interface Putty.
It would consistently allow me to start my give me the error very similar to:
telnet localhost 25
Connected to localhost.220 my.domain ESMTP Postfix (Ubuntu)
EHLO my.domain
250-my.domain
250-PIPELINING
…
MAIL FROM: root
250 2.1.0 Ok
RCPT TO: root
451 4.3.0 <root>: Temporary lookup failure
quit
221 2.0.0 Bye
It should be clear the 451 4.3.0 Temporary lookup failure was not a good thing.
Looking at my mail.log files, I should have clued in earlier since it was saying:
warning: mysql:/etc/postfix/mysql_alias.cf lookup error for “root@my.domain”
warning: virtual_alias_maps map lookup problem for root@my.domain — deferring delivery
What I kept doing was looking at the mysql_alias.cf file and double checking all of the configurations, making sure it all worked.
What I should have done was immediately try using postmap. To use this, I tested with the following query:
sudo postmap -q <domain I have added to my mailboxes file (any domain will return something really)> mysql:/etc/postfix/mysql_mailbox.cf
What this basically does is use the handy postmap program, which can be used to quickly test your postfix installation, to query mySQL using the mysql_mailbox.cf configuration file, and the query string supplied.
This returned:
postmap: warning: connect to mysql server 127.0.0.1: Access denied for user ‘<user>’@’localhost’ (using password: YES)
postmap: fatal: table mysql:/etc/postfix/mysql_mailbox.cf: query error: Success
Well, obviously it was trying to send the query, but the mySQL db wasn’t letting it get in!
A quick test now connecting to the database:
mysql -u <user> -p
And entering the password when prompted that I was using returned another Access denied for user.
So, as stated at the start, the problem was simply solved by re-entering the password used for the user I was trying to access the database with. After doing this, the quick connect to database test mysql -u <user> -p allowed me access, and everybody is happy!
Hope this helps!
I referenced workaround.org’s Postfix Configuration page for help using the postmap query.
I also referenced Postfix’s manual for table 5, relating to the mySQL query configuration file.
Context
I’m trying to setup a mailserver with an LDAP backend.
What does not work
Resolving an LDAP backed address
-> MAIL FROM:<user@hsh-pro.underworld.lan>
<- 250 2.1.0 Ok
-> RCPT TO:<mailtest@domain.tld>
<** 451 4.3.0 <mailtest@domain.tld>: Temporary lookup failure
-> QUIT
<- 221 2.0.0 Bye
See detailed logs and config files below…
What works
Setting up the server without LDAP and creating test users works and receiving emails works, but not with LDAP.
LDAP address lookup
root@mail:/etc/postfix# postmap -q mailtest@domain.tld ldap:/etc/postfix/ldap-users.cf'
mailtest@domain.tld
LDAP authentication
root@mail:/etc/postfix# testsaslauthd -u mailtest -p PASSWORD
0: OK "Success."
$ swaks --to mailtest@domain.tld --server dupre --auth-user mailtest --auth-password PASSWORD
=== Trying dupre:25...
=== Connected to dupre.
<- 220 mail.domain.tld ESMTP
-> EHLO hsh-pro.underworld.lan
<- 250-mail.dupre.ath.cx
<- 250-PIPELINING
<- 250-SIZE 10240000
<- 250-ETRN
<- 250-STARTTLS
<- 250-AUTH PLAIN LOGIN
<- 250-AUTH=PLAIN LOGIN
<- 250-ENHANCEDSTATUSCODES
<- 250-8BITMIME
<- 250-DSN
<- 250 CHUNKING
-> AUTH LOGIN
<- 334 VXNlcmXXX
-> bWFpbXXX=
<- 334 UGFzc3XXX
-> YVNMRzQydzZNODROXXX==
<- 235 2.7.0 Authentication successful
Detailed logs
Container creation
#!/bin/bash
SCRIPT_DIR=$(dirname "$0")
SERVICE_DIR=$(cd "$SCRIPT_DIR"/..; pwd)
IMAGE=tvial/docker-mailserver
IMAGE_TAG=stable
CONTAINER_NAME=mailserver
podman create
--name $CONTAINER_NAME
--hostname mail.domain.tld
--restart always
--network infra
--ip $(getent hosts infra-mail | cut -f1 -d )
--volume ${SERVICE_DIR}/data/maildata:/var/mail:Z
--volume ${SERVICE_DIR}/data/state:/var/mail-state:Z
--volume ${SERVICE_DIR}/data/logs:/var/log/mail:Z
--volume ${SERVICE_DIR}/config/custom:/tmp/docker-mailserver:Z
--volume ${SERVICE_DIR}/config/overrides/auth-ldap.conf.ext:/etc/dovecot/conf.d/auth-ldap.conf.ext:Z
--env ENABLE_LDAP=1
--env LDAP_SERVER_HOST=ldap.underworld.lan
--env LDAP_SEARCH_BASE=ou=people,ou=accounts,ou=underworld,dc=underworld,dc=lan
--env LDAP_BIND_DN=cn=mailserverauth,ou=technical,ou=accounts,ou=underworld,dc=underworld,dc=lan
--env LDAP_BIND_PW=PASSWORD
--env LDAP_QUERY_FILTER_USER='(mail=%s)'
--env ENABLE_SASLAUTHD=1
--env SASLAUTHD_LDAP_SERVER=ldap.underworld.lan
--env SASLAUTHD_LDAP_PROTO=
--env SASLAUTHD_LDAP_BIND_DN=cn=mailserverauth,ou=technical,ou=accounts,ou=underworld,dc=underworld,dc=lan
--env SASLAUTHD_LDAP_PASSWORD=PASSWORD
--env SASLAUTHD_LDAP_SEARCH_BASE=ou=people,ou=accounts,ou=underworld,dc=underworld,dc=lan
--env SASLAUTHD_LDAP_FILTER='(&(uid=%U)(objectClass=person))'
--env SASLAUTHD_MECHANISMS=ldap
-p 25:25
-p 143:143
-p 587:587
-p 993:993
${IMAGE}:${IMAGE_TAG}
podman start $CONTAINER_NAME
ldap-users.cf
bind = yes
bind_dn = cn=mailserverauth,ou=technical,ou=accounts,ou=underworld,dc=underworld,dc=lan
bind_pw = PASSWORD
query_filter = (mail=%s)
result_attribute = mail
search_base = ou=people,ou=accounts,ou=underworld,dc=underworld,dc=lan
server_host = ldap.underworld.lan
start_tls = no
version = 3
LDAP log
5f09e317 conn=1233 fd=13 ACCEPT from IP=10.100.2.1:42072 (IP=0.0.0.0:389)
5f09e317 conn=1233 op=0 BIND dn="cn=mailserverauth,ou=technical,ou=accounts,ou=underworld,dc=underworld,dc=lan" method=128
5f09e317 conn=1233 op=0 BIND dn="cn=mailserverauth,ou=technical,ou=accounts,ou=underworld,dc=underworld,dc=lan" mech=SIMPLE ssf=0
5f09e317 conn=1233 op=0 RESULT tag=97 err=0 text=
5f09e317 conn=1233 op=1 SRCH base="ou=people,ou=accounts,ou=underworld,dc=underworld,dc=lan" scope=2 deref=0 filter="(&(uid=mailtest)(objectClass=person))"
5f09e317 conn=1233 op=1 SRCH attr=dn
5f09e317 conn=1233 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
5f09e317 conn=1233 op=2 BIND anonymous mech=implicit ssf=0
5f09e317 conn=1233 op=2 BIND dn="uid=mailtest,ou=people,ou=accounts,ou=underworld,dc=underworld,dc=lan" method=128
5f09e317 conn=1233 op=2 BIND dn="uid=mailtest,ou=people,ou=accounts,ou=underworld,dc=underworld,dc=lan" mech=SIMPLE ssf=0
5f09e317 conn=1233 op=2 RESULT tag=97 err=0 text=
5f09e317 conn=1234 fd=14 ACCEPT from IP=10.100.2.1:42074 (IP=0.0.0.0:389)
5f09e317 conn=1234 op=0 BIND dn="cn=mailserverauth,ou=technical,ou=accounts,ou=underworld,dc=underworld,dc=lan" method=128
5f09e317 conn=1234 op=0 BIND dn="cn=mailserverauth,ou=technical,ou=accounts,ou=underworld,dc=underworld,dc=lan" mech=SIMPLE ssf=0
5f09e317 conn=1234 op=0 RESULT tag=97 err=0 text=
5f09e317 get_filter: unknown filter type=48
5f09e317 conn=1234 op=1 DISCONNECT tag=120 err=2 text=decoding attrs error
5f09e317 conn=1234 fd=14 closed (operations error)
5f09e317 conn=1235 fd=14 ACCEPT from IP=10.100.2.1:42076 (IP=0.0.0.0:389)
5f09e317 conn=1235 op=0 BIND dn="cn=mailserverauth,ou=technical,ou=accounts,ou=underworld,dc=underworld,dc=lan" method=128
5f09e317 conn=1235 op=0 BIND dn="cn=mailserverauth,ou=technical,ou=accounts,ou=underworld,dc=underworld,dc=lan" mech=SIMPLE ssf=0
5f09e317 conn=1235 op=0 RESULT tag=97 err=0 text=
5f09e317 get_filter: unknown filter type=48
5f09e317 conn=1235 op=1 DISCONNECT tag=120 err=2 text=decoding attrs error
5f09e317 conn=1235 fd=14 closed (operations error)
Verbose smtpd log
Jul 11 15:32:28 mail postfix/smtpd[3635]: < hsh-pro.underworld.lan[192.168.47.167]: RCPT TO:<mailtest@domain.tld>
Jul 11 15:32:28 mail postfix/smtpd[3635]: extract_addr: input: <mailtest@domain.tld>
Jul 11 15:32:28 mail postfix/smtpd[3635]: smtpd_check_addr: addr=mailtest@domain.tld
Jul 11 15:32:28 mail postfix/smtpd[3635]: send attr request = rewrite
Jul 11 15:32:28 mail postfix/smtpd[3635]: send attr rule = local
Jul 11 15:32:28 mail postfix/smtpd[3635]: send attr address = user@hsh-pro.underworld.lan
Jul 11 15:32:28 mail postfix/smtpd[3635]: private/rewrite socket: wanted attribute: flags
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute name: flags
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute value: 0
Jul 11 15:32:28 mail postfix/smtpd[3635]: private/rewrite socket: wanted attribute: address
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute name: address
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute value: user@hsh-pro.underworld.lan
Jul 11 15:32:28 mail postfix/smtpd[3635]: private/rewrite socket: wanted attribute: (list terminator)
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute name: (end)
Jul 11 15:32:28 mail postfix/smtpd[3635]: rewrite_clnt: local: user@hsh-pro.underworld.lan -> user@hsh-pro.underworld.lan
Jul 11 15:32:28 mail postfix/smtpd[3635]: send attr request = rewrite
Jul 11 15:32:28 mail postfix/smtpd[3635]: send attr rule = local
Jul 11 15:32:28 mail postfix/smtpd[3635]: send attr address = mailtest@domain.tld
Jul 11 15:32:28 mail postfix/smtpd[3635]: private/rewrite socket: wanted attribute: flags
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute name: flags
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute value: 0
Jul 11 15:32:28 mail postfix/smtpd[3635]: private/rewrite socket: wanted attribute: address
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute name: address
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute value: mailtest@domain.tld
Jul 11 15:32:28 mail postfix/smtpd[3635]: private/rewrite socket: wanted attribute: (list terminator)
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute name: (end)
Jul 11 15:32:28 mail postfix/smtpd[3635]: rewrite_clnt: local: mailtest@domain.tld -> mailtest@domain.tld
Jul 11 15:32:28 mail postfix/smtpd[3635]: send attr request = resolve
Jul 11 15:32:28 mail postfix/smtpd[3635]: send attr sender = user@hsh-pro.underworld.lan
Jul 11 15:32:28 mail postfix/smtpd[3635]: send attr address = mailtest@domain.tld
Jul 11 15:32:28 mail postfix/trivial-rewrite[3639]: warning: dict_ldap_lookup: Search error 2: Protocol error
Jul 11 15:32:28 mail postfix/trivial-rewrite[3639]: warning: virtual_alias_domains: ldap:/etc/postfix/ldap-aliases.cf: table lookup problem
Jul 11 15:32:28 mail postfix/trivial-rewrite[3639]: warning: virtual_alias_domains lookup failure
Jul 11 15:32:28 mail postfix/smtpd[3635]: private/rewrite socket: wanted attribute: flags
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute name: flags
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute value: 0
Jul 11 15:32:28 mail postfix/smtpd[3635]: private/rewrite socket: wanted attribute: transport
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute name: transport
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute value: CHANNEL NOT UPDATED
Jul 11 15:32:28 mail postfix/smtpd[3635]: private/rewrite socket: wanted attribute: nexthop
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute name: nexthop
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute value: NEXTHOP NOT UPDATED
Jul 11 15:32:28 mail postfix/smtpd[3635]: private/rewrite socket: wanted attribute: recipient
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute name: recipient
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute value: mailtest@domain.tld
Jul 11 15:32:28 mail postfix/smtpd[3635]: private/rewrite socket: wanted attribute: flags
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute name: flags
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute value: 8
Jul 11 15:32:28 mail postfix/smtpd[3635]: private/rewrite socket: wanted attribute: (list terminator)
Jul 11 15:32:28 mail postfix/smtpd[3635]: input attribute name: (end)
Jul 11 15:32:28 mail postfix/smtpd[3635]: resolve_clnt: `user@hsh-pro.underworld.lan' -> `mailtest@domain.tld' -> transp=`CHANNEL NOT UPDATED' host=`NEXTHOP NOT UPDATED' rcpt=`mailtest@domain.tld' flags=fail class=
Jul 11 15:32:28 mail postfix/smtpd[3635]: ctable_locate: install entry key user@hsh-pro.underworld.lan?mailtest@domain.tld
Jul 11 15:32:28 mail postfix/smtpd[3635]: extract_addr: in: <mailtest@domain.tld>, result: mailtest@domain.tld
Jul 11 15:32:28 mail postfix/smtpd[3635]: >>> START Client host RESTRICTIONS <<<
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit_mynetworks
Jul 11 15:32:28 mail postfix/smtpd[3635]: permit_mynetworks: hsh-pro.underworld.lan 192.168.47.167
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostname: mynetworks: hsh-pro.underworld.lan ~? 127.0.0.0/8
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostaddr: mynetworks: 192.168.47.167 ~? 127.0.0.0/8
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostname: mynetworks: hsh-pro.underworld.lan ~? [::1]/128
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostaddr: mynetworks: 192.168.47.167 ~? [::1]/128
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostname: mynetworks: hsh-pro.underworld.lan ~? [fe80::]/64
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostaddr: mynetworks: 192.168.47.167 ~? [fe80::]/64
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostname: mynetworks: hsh-pro.underworld.lan ~? 10.100.2.4/32
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostaddr: mynetworks: 192.168.47.167 ~? 10.100.2.4/32
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_list_match: hsh-pro.underworld.lan: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_list_match: 192.168.47.167: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit_mynetworks status=0
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit_sasl_authenticated
Jul 11 15:32:28 mail postfix/smtpd[3635]: smtpd_acl_permit: checking smtpd_log_access_permit_actions settings
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_list_match: permit_sasl_authenticated: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: smtpd_acl_permit: smtpd_log_access_permit_actions: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit_sasl_authenticated status=1
Jul 11 15:32:28 mail postfix/smtpd[3635]: >>> END Client host RESTRICTIONS <<<
Jul 11 15:32:28 mail postfix/smtpd[3635]: >>> START Helo command RESTRICTIONS <<<
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit_mynetworks
Jul 11 15:32:28 mail postfix/smtpd[3635]: permit_mynetworks: hsh-pro.underworld.lan 192.168.47.167
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostname: mynetworks: hsh-pro.underworld.lan ~? 127.0.0.0/8
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostaddr: mynetworks: 192.168.47.167 ~? 127.0.0.0/8
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostname: mynetworks: hsh-pro.underworld.lan ~? [::1]/128
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostaddr: mynetworks: 192.168.47.167 ~? [::1]/128
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostname: mynetworks: hsh-pro.underworld.lan ~? [fe80::]/64
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostaddr: mynetworks: 192.168.47.167 ~? [fe80::]/64
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostname: mynetworks: hsh-pro.underworld.lan ~? 10.100.2.4/32
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostaddr: mynetworks: 192.168.47.167 ~? 10.100.2.4/32
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_list_match: hsh-pro.underworld.lan: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_list_match: 192.168.47.167: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit_mynetworks status=0
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=reject_invalid_helo_hostname
Jul 11 15:32:28 mail postfix/smtpd[3635]: reject_invalid_hostname: hsh-pro.underworld.lan
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=reject_invalid_helo_hostname status=0
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit
Jul 11 15:32:28 mail postfix/smtpd[3635]: smtpd_acl_permit: checking smtpd_log_access_permit_actions settings
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_list_match: permit: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: smtpd_acl_permit: smtpd_log_access_permit_actions: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit status=1
Jul 11 15:32:28 mail postfix/smtpd[3635]: >>> END Helo command RESTRICTIONS <<<
Jul 11 15:32:28 mail postfix/smtpd[3635]: >>> START Sender address RESTRICTIONS <<<
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit_sasl_authenticated
Jul 11 15:32:28 mail postfix/smtpd[3635]: smtpd_acl_permit: checking smtpd_log_access_permit_actions settings
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_list_match: permit_sasl_authenticated: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: smtpd_acl_permit: smtpd_log_access_permit_actions: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit_sasl_authenticated status=1
Jul 11 15:32:28 mail postfix/smtpd[3635]: >>> END Sender address RESTRICTIONS <<<
Jul 11 15:32:28 mail postfix/smtpd[3635]: >>> START Recipient address RESTRICTIONS <<<
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit_sasl_authenticated
Jul 11 15:32:28 mail postfix/smtpd[3635]: smtpd_acl_permit: checking smtpd_log_access_permit_actions settings
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_list_match: permit_sasl_authenticated: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: smtpd_acl_permit: smtpd_log_access_permit_actions: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit_sasl_authenticated status=1
Jul 11 15:32:28 mail postfix/smtpd[3635]: >>> END Recipient address RESTRICTIONS <<<
Jul 11 15:32:28 mail postfix/smtpd[3635]: >>> START Recipient address RESTRICTIONS <<<
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit_mynetworks
Jul 11 15:32:28 mail postfix/smtpd[3635]: permit_mynetworks: hsh-pro.underworld.lan 192.168.47.167
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostname: mynetworks: hsh-pro.underworld.lan ~? 127.0.0.0/8
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostaddr: mynetworks: 192.168.47.167 ~? 127.0.0.0/8
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostname: mynetworks: hsh-pro.underworld.lan ~? [::1]/128
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostaddr: mynetworks: 192.168.47.167 ~? [::1]/128
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostname: mynetworks: hsh-pro.underworld.lan ~? [fe80::]/64
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostaddr: mynetworks: 192.168.47.167 ~? [fe80::]/64
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostname: mynetworks: hsh-pro.underworld.lan ~? 10.100.2.4/32
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_hostaddr: mynetworks: 192.168.47.167 ~? 10.100.2.4/32
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_list_match: hsh-pro.underworld.lan: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_list_match: 192.168.47.167: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit_mynetworks status=0
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit_sasl_authenticated
Jul 11 15:32:28 mail postfix/smtpd[3635]: smtpd_acl_permit: checking smtpd_log_access_permit_actions settings
Jul 11 15:32:28 mail postfix/smtpd[3635]: match_list_match: permit_sasl_authenticated: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: smtpd_acl_permit: smtpd_log_access_permit_actions: no match
Jul 11 15:32:28 mail postfix/smtpd[3635]: generic_checks: name=permit_sasl_authenticated status=1
Jul 11 15:32:28 mail postfix/smtpd[3635]: >>> END Recipient address RESTRICTIONS <<<
Jul 11 15:32:28 mail postfix/smtpd[3635]: >>> CHECKING Recipient address VALIDATION MAPS <<<
Jul 11 15:32:28 mail postfix/smtpd[3635]: ctable_locate: leave existing entry key user@hsh-pro.underworld.lan?mailtest@domain.tld
Jul 11 15:32:28 mail postfix/smtpd[3635]: NOQUEUE: reject: RCPT from hsh-pro.underworld.lan[192.168.47.167]: 451 4.3.0 <mailtest@domain.tld>: Temporary lookup failure; from=<user@hsh-pro.underworld.lan> to=<mailtest@domain.tld> proto=ESMTP helo=<hsh-pro.underworld.lan>
What is affected by this bug?
Receiving emails
When does this occur?
When receiving emails, always.
How do we replicate the issue?
See above.
Actual Behavior
See above.
Expected behavior (i.e. solution)
See above.
Your Environment
- Amount of RAM available: Lots
- Mailserver version used: 7.0.0
- Docker version used: podman 2.0.2
- Environment settings relevant to the config: See above.
- Any relevant stack traces («Full trace» preferred):
i configure Postfix and dovecot in fedora 20 my problem is when set RCPT TO return me
451 4.3.0 <test@example.com>: Temporary lookup failure
my postfix Configuration
main.cf
# postfix config file
# uncomment for debugging if needed
soft_bounce=yes
# postfix main
mail_owner = postfix
setgid_group = postdrop
delay_warning_time = 4
# postfix paths
html_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
queue_directory = /var/spool/postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix/samples
readme_directory = /usr/share/doc/postfix/README_FILES
#header_checks = regexp:/etc/postfix/header_checks
#body_checks = regexp:/etc/postfix/body_checks
# network settings
#inet_interfaces = virtual.host.tld
mydomain = sepidarcms.ir
myhostname = mail.sepidarcms.ir
mynetworks = 127.0.0.0/8,192.187.96.246/30
mydestination = $myhostname,localhost.$mydomain,localhost,www.$mydomain,ftp.$mydomain
#.$mydomain, localhost
relay_domains = mysql:/etc/zpanel/configs/postfix/mysql-relay_domains_maps.cf
#relay_domains = *
# mail delivery
recipient_delimiter = +
myorigin = $relay_domains
relayhost = [mail.$mydomain]
# mappings
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#transport_maps = hash:/etc/postfix/transport
#local_recipient_maps =
inet_interfaces= mail.sepidarcms.ir localhost
#$relay_domains
# virtual setup
virtual_alias_maps = mysql:/etc/zpanel/configs/postfix/mysql-virtual_alias_maps.cf
#,
#regexp:/etc/zpanel/configs/postfix/virtual_regexp
virtual_mailbox_base = /home/zpanel/vmail
virtual_mailbox_domains = mysql:/etc/zpanel/configs/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_maps.cf
#virtual_mailbox_limit_maps = mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_minimum_uid = 101
virtual_uid_maps = static:101
virtual_gid_maps = static:12
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
# debugging
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
# authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
# tls config
smtp_use_tls = no
smtpd_use_tls = no
#smtp_tls_note_starttls_offer = yes
#smtpd_tls_loglevel = 1
#smtpd_tls_received_header = yes
#smtpd_tls_session_cache_timeout = 3600s
#tls_random_source = dev:/dev/urandom
#smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
# Change mail.example.com.* to your host name
#smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
#smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt
# smtpd_tls_CAfile = /etc/pki/tls/root.crt
# rules restrictions
smtpd_client_restrictions =permit
smtpd_helo_restrictions =permit
smtpd_sender_restrictions = permit
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,permit
#reject_unauth_destination,
#reject_non_fqdn_sender,
#reject_non_fqdn_recipient,
#reject_unknown_recipient_domain,permit
# uncomment for realtime black list checks
# ,reject_rbl_client zen.spamhaus.org
# ,reject_rbl_client bl.spamcop.net
# ,reject_rbl_client dnsbl.sorbs.net
smtpd_helo_required = yes
#unknown_local_recipient_reject_code = 550
disable_vrfy_command = no
smtpd_data_restrictions =permit,reject_unauth_pipelining
smtpd_banner = $myhostname ESMTP
message_size_limit = 20480000
inet_protocols = ipv4
master.cf
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ***** Unused items removed *****
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
# -o content_filter=smtp-amavis:127.0.0.1:10024
# -o receive_override_options=no_address_mappings
pickup fifo n - n 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# ====================================================================
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
# spam/virus section
#
smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,permit
-o mynetworks=127.0.0.0/8,192.187.96.246/30
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_header_body_checks
# -o smtpd_bind_address=127.0.0.1
-o smtpd_helo_required=yes
-o smtpd_client_restrictions=
-o smtpd_restriction_classes=
-o disable_vrfy_command=yes
-o strict_rfc821_envelopes=yes
#
# Dovecot LDA
dovecot unix - n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}
#
# Vacation mail
vacation unix - n n - - pipe
flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
and aliases
#
# Aliases in this file will NOT be expanded in the header from
# Mail, but WILL be visible over networks or from /bin/mail.
#
# >>>>>>>>>> The program "newaliases" must be run after
# >> NOTE >> this file is updated for any changes to
# >>>>>>>>>> show through to sendmail.
#
# Basic system aliases -- these MUST be present.
mailer-daemon: postmaster
postmaster: root
# General redirections for pseudo accounts.
bin: root
daemon: root
adm: root
lp: root
sync: root
shutdown: root
halt: root
mail: root
news: root
uucp: root
operator: root
games: root
gopher: root
ftp: root
nobody: root
radiusd: root
nut: root
dbus: root
vcsa: root
canna: root
wnn: root
rpm: root
nscd: root
pcap: root
apache: root
webalizer: root
dovecot: root
fax: root
quagga: root
radvd: root
pvm: root
amandabackup: root
privoxy: root
ident: root
named: root
xfs: root
gdm: root
mailnull: root
postgres: root
sshd: root
smmsp: root
postfix: root
netdump: root
ldap: root
squid: root
ntp: root
mysql: root
desktop: root
rpcuser: root
rpc: root
nfsnobody: root
ingres: root
system: root
toor: root
manager: root
dumper: root
abuse: root
newsadm: news
newsadmin: news
usenet: news
ftpadm: ftp
ftpadmin: ftp
ftp-adm: ftp
ftp-admin: ftp
www: webmaster
webmaster: root
noc: root
security: root
hostmaster: root
#info: postmaster
marketing: postmaster
sales: postmaster
support: postmaster
# trap decode to catch security attacks
decode: root
# Person who should get root's mail
#root: marc
this is output test by online smtp test https://pingability.com/smtptest.jsp
input information
SMTP Server : mail.sepidar.org
From Email : info@sepidar.org
SMTP Username : info@sepidar.org
SMTP Password : zxcvASDFqwer!@#$
220 mail.sepidarcms.ir ESMTP
DEBUG SMTP: connected to host "mail.sepidar.org", port: 25
EHLO localhost
250-mail.sepidarcms.ir
250-PIPELINING
250-SIZE 20480000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
DEBUG SMTP: Found extension "PIPELINING", arg ""
DEBUG SMTP: Found extension "SIZE", arg "20480000"
DEBUG SMTP: Found extension "VRFY", arg ""
DEBUG SMTP: Found extension "ETRN", arg ""
DEBUG SMTP: Found extension "AUTH", arg "PLAIN LOGIN"
DEBUG SMTP: Found extension "AUTH=PLAIN", arg "LOGIN"
DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
DEBUG SMTP: Found extension "8BITMIME", arg ""
DEBUG SMTP: Found extension "DSN", arg ""
DEBUG SMTP: Attempt to authenticate
DEBUG SMTP: check mechanisms: LOGIN PLAIN DIGEST-MD5 NTLM
AUTH LOGIN
334 VXNlcm5hbWU6
aW5mb0BzZXBpZGFyLm9yZw==
334 UGFzc3dvcmQ6
enhjdkFTREZxd2VyIUAjJA==
235 2.7.0 Authentication successful
DEBUG SMTP: use8bit false
MAIL FROM:<info@sepidar.org>
250 2.1.0 Ok
RCPT TO:<smtptester@pingability.com>
451 4.3.0 <smtptester@pingability.com>: Temporary lookup failure
DEBUG SMTP: Valid Unsent Addresses
DEBUG SMTP: smtptester@pingability.com
DEBUG SMTP: Sending failed because of invalid destination addresses
RSET
250 2.0.0 Ok
javax.mail.SendFailedException: Invalid Addresses;
nested exception is:
com.sun.mail.smtp.SMTPAddressFailedException: 451 4.3.0 <smtptester@pingability.com>: Temporary lookup failure
at com.sun.mail.smtp.SMTPTransport.rcptTo(SMTPTransport.java:1812)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1075)
at com.rimuhosting.util.email.EmailDetails.sendEmail(EmailDetails.java:581)
at com.rimuhosting.util.email.EmailDetails.sendEmail(EmailDetails.java:398)
at org.apache.jsp.smtptest_jsp._jspService(smtptest_jsp.java:203)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.rimuhosting.util.webrequest.DoNothingFilter.doFilter(DoNothingFilter.java:90)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.planetj.servlet.filter.compression.CompressingFilter.doFilter(CompressingFilter.java:270)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:193)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: com.sun.mail.smtp.SMTPAddressFailedException: 451 4.3.0 <smtptester@pingability.com>: Temporary lookup failure
at com.sun.mail.smtp.SMTPTransport.rcptTo(SMTPTransport.java:1677)
... 36 more
QUIT
221 2.0.0 Bye
I test output of mysql query by postmap -q output is correct
Edit:
this is my test from MYSQL
relay_domains
postmap -q sepidar.org mysql:/etc/zpanel/configs/postfix/mysql-relay_domains_maps.cf
result:
sepidar.org
virtual_alias_maps :
postmap -q info@sepidar.org mysql:/etc/zpanel/configs/postfix/mysql-virtual_alias_maps.cf
result:
info@sepidar.org
virtual_mailbox_domains
postmap -q sepidar.org mysql:/etc/zpanel/configs/postfix/mysql-virtual_domains_maps.cf
result:
sepidar.org
virtual_mailbox_maps
postmap -q info@sepidar.org mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_maps.cf
result:
sepidar.org/info/
virtual_mailbox_limit_maps
postmap -q info@sepidar.org mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_limit_maps.cf
result:
200
EDIT2:
after some search i solve last problem but now i have problem on send email
error is:
mail transport unavailable
my new postfix Configuration
main.cf
# basic server settings
myhostname = mail.sepidarcms.ir
mydomain = sepidarcms.ir
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = all
#127.0.0.0/8
inet_interfaces = all
smtpd_banner = $myhostname ESMTP $mail_name: You can put your own message here.
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
parent_domain_matches_subdomains = no
# Remember to run "newaliases" when you change this file
alias_maps = hash:/etc/aliases
relay_domains = mysql:/etc/zpanel/configs/postfix/mysql-relay_domains_maps.cf
virtual_mailbox_base = /home/zpanel/vmail
# Configuration for Postfix/SQL interation
# This allows Postfix to know which domains it should be handling
virtual_mailbox_domains = mysql:/etc/zpanel/configs/postfix/mysql-virtual_domains_maps.cf
# This tells Postfix which virtual users are present
virtual_mailbox_maps = mysql:/etc/zpanel/configs/postfix/mysql-virtual_mailbox_maps.cf
# Additional alias maps (SQL) for Postfix
virtual_alias_maps = mysql:/etc/zpanel/configs/postfix/mysql-virtual_alias_maps.cf
# Enables dovecot local delivery agent (lda). When mail is sent to this server,
# it is passed onto Dovecot for delivery into the user's mbox
dovecot_destination_recipient_limit = 1
virtual_transport = lmtp:unix:private/dovecot-lmtp
#lmtp:unix:private/auth
#dovecot
relayhost = [mail.$mydomain]
# SASL authentication via dovecot.
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
#/var/run/dovecot/auth-client
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
# Reject unknown local users with error code to prevent backscatter spam
# Mail to unknown virtual users is also automatically deflected with a 550
unknown_local_recipient_reject_code = 550
# Disallow non fully qualified domain names & relay if user isn't authenticated
# Stops spammers from using the mail server
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain
# Do not discard messages at HELO until RCPT TO command is given
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject, reject_non_fqdn_helo_hostname, reject_invalid_hostname
smtp_bind_address = all
# TLS config
smtpd_tls_security_level = may
# You need to create these keys manually - look online for more info
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
#/etc/pki/tls/private/server-ssl.key
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
#/etc/pki/tls/certs/server-ssl.cert
# Send session info to log
smtpd_tls_loglevel = 1
# Don't renegotiate new TLS sessions with the same client for an hour
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
tls_random_source = dev:/dev/urandom
# Enable me to force TLS connections
#smtpd_tls_auth_only = yes
# Spam filtering - relays to amavisd
#content_filter = smtp:[127.0.0.1]:10024
# Limit how fast we can accept mail so that is is processed correctly
default_process_limit = 20
# Some standard defaults
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/libexec/postfix
queue_directory = /var/spool/postfix
mail_owner = postfix
# Max message size of ~20MB
message_size_limit = 20480000
mailbox_command = /usr/libexec/dovecot/deliver
master.cf
smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
smtps inet n - n - - smtpd
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
# Dovecot LDA
dovecot unix - n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}
#
# Vacation mail
vacation unix - n n - - pipe
flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}
smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_header_body_checks
-o smtpd_bind_address=127.0.0.1
-o smtpd_helo_required=no
-o smtpd_client_restrictions=
-o smtpd_restriction_classes=
-o disable_vrfy_command=no
-o strict_rfc821_envelopes=yes
my new dovecot configuration
dovecot.conf
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.15.10-201.fc20.x86_64 x86_64 Fedora release 20 (Heisenbug) ext4
auth_mechanisms = plain login
debug_log_path = /var/log/dovecot-debug.log
dict {
quotadict = mysql:/etc/zpanel/configs/dovecot2/dovecot-dict-quota.conf
}
disable_plaintext_auth = no
first_valid_gid = 12
first_valid_uid = 101
info_log_path = /var/log/dovecot-info.log
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = *
lmtp_save_to_detail_mailbox = yes
log_path = /var/log/dovecot.log
mail_debug = yes
#ssl = yes
mail_location = maildir:/home/zpanel/vmail/%d/%n
passdb {
args = /etc/zpanel/configs/dovecot2/dovecot-mysql.conf
driver = sql
}
plugin {
acl = vfile:/etc/dovecot/acls
quota = maildir:User quota
sieve = ~/dovecot.sieve
sieve_dir = ~/sieve
sieve_global_dir = /home/zpanel/sieve/
sieve_global_path = /home/zpanel/sieve/globalfilter.sieve
sieve_max_script_size = 1M
trash = /etc/zpanel/configs/dovecot2/dovecot-trash.conf
}
protocols = imap pop3 lmtp
#sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = mail
mode = 0666
user = vmail
}
}
service dict {
unix_listener dict {
group = mail
mode = 0666
user = vmail
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service imap {
vsz_limit = 256 M
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
process_min_avail = 0
service_count = 1
vsz_limit = 64 M
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_cipher_list = ALL:!LOW:!SSLv2
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
driver = prefetch
}
userdb {
args = /etc/zpanel/configs/dovecot2/dovecot-mysql.conf
driver = sql
}
protocol lda {
mail_plugins = quota sieve
postmaster_address = a_idm@yahoo.com
}
protocol imap {
imap_client_workarounds = delay-newmail
mail_plugins = quota imap_quota trash
}
protocol lmtp {
mail_plugins = quota sieve
}
protocol pop3 {
mail_plugins = quota
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
# Create inet listener only if you can't use the above UNIX socket
#inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
#address =
#port =
#}
}