I just ran the upgrade script and selected to reconfigure the services. Everything post-upgrade seems to run fine except for postfix sending email. Upon inspection, there are a few differences in the main.cf file. Old file before upgrade: Code: proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, reject_unknown_helo_hostname, permit smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re smtpd_reject_unlisted_sender = no smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining, permit New file post upgrade: Code: proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_reject_unlisted_sender = yes smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining , permit Having temporarily restored the old version, email can be sent, but I'm concerned this might have loosened security. Any idea what to check? Is there another component that I've missed? Thanks!
Sorry, Till, Yes, ISPConfig3. Thank you for moving the thread. Logs revealed some errors: Code: Mar 21 14:56:12 mail1 postfix/proxymap[839554]: warning: request for unapproved table: "mysql:/etc/postfix/mysql-virtual_sender-relayhost.cf" Mar 21 14:56:12 mail1 postfix/proxymap[839554]: warning: to approve this table for read-only access, list proxy:mysql:/etc/postfix/mysql-virtual_sender-relayhost.cf in main.cf:proxy_read_maps Mar 21 14:56:12 mail1 postfix/trivial-rewrite[839930]: fatal: proxymap service is not configured for table "mysql:/etc/postfix/mysql-virtual_sender-relayhost.cf" Mar 21 14:56:13 mail1 postfix/master[839551]: warning: process /usr/lib/postfix/sbin/trivial-rewrite pid 839930 exit status 1 Mar 21 14:56:13 mail1 postfix/master[839551]: warning: /usr/lib/postfix/sbin/trivial-rewrite: bad command startup -- throttling Looking at the differences between the files: new version does not have "$smtp_sasl_password_maps $sender_dependent_relayhost_maps" in the proxy_read_maps list. new version has additional "reject_invalid_helo_hostname" in smtp_helo_restrictions new version does not have "reject_unlisted_sender" in smtpd_sender_restrictions new version has smtpd_reject_unlisted_sender = yes (old version = no) What I'm trying to understand is why the error and if the new file is correct, does that point to some other data migration or configuration change which hasn't been correctly executed. Thanks
Checking just this point, the upstream templates have this correct, so it's safe to say either you have custom templates that need updated, or something went wrong when you thought you had reconfigured services.
Very strange, I re-ran the upgrade script and it seems to have made a few more changes elsewhere and the problem has now disappeared. Thanks for the pointers and help
