Ok, I had followed the perfect setup for CentOs, and its been working great since setup. The problem started when I did some networking at home, and was forced to change the IP on the server. Ever since I changed the IP on the server, I have been unable to send emails, period! I tried to recreate the SSL key and still no cigar. I will post all info below so that you can see exactly what is happening. Please advise. Mail log: Sep 1 08:52:26 3cwired postfix/qmgr[14213]: D7422D1861F: from=<>, size=6071, nrcpt=1 (queue active) Sep 1 08:52:26 3cwired postfix/qmgr[14213]: D8FD4D18615: removed Sep 1 08:52:27 3cwired postfix/pickup[14212]: 31432D1861D: uid=10004 from=<web6_xxxxx> Sep 1 08:52:27 3cwired postfix/cleanup[14545]: 31432D1861D: message-id=<[email protected]> Sep 1 08:52:27 3cwired postfix/qmgr[14213]: 31432D1861D: from=<[email protected]>, size=353, nrcpt=1 (queue active) Sep 1 08:52:27 3cwired postfix/local[14561]: 31432D1861D: to=<[email protected]>, relay=local, delay=0, status=sent (delivered to command: /usr/bin/procmail -f-) Sep 1 08:52:27 3cwired postfix/qmgr[14213]: 31432D1861D: removed Sep 1 08:52:28 3cwired postfix/local[14552]: D7422D1861F: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=2, status=sent (delivered to command: /usr/bin/procmail -f-) Sep 1 08:52:28 3cwired postfix/qmgr[14213]: D7422D1861F: removed Sep 1 08:52:30 3cwired pop3-login: Login: web6_brian [::ffff:127.0.0.1] Sep 1 08:52:41 3cwired pop3-login: Login: web6_brian [::ffff:127.0.0.1] Sep 1 08:54:52 3cwired postfix/smtpd[14611]: unable to get certificate from '/etc/postfix/ssl/smtpd.crt' Sep 1 08:54:52 3cwired postfix/smtpd[14611]: 14611:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/etc/postfix/ssl/smtpd.crt','r'): Sep 1 08:54:52 3cwired postfix/smtpd[14611]: 14611:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: Sep 1 08:54:52 3cwired postfix/smtpd[14611]: 14611:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758: Sep 1 08:54:52 3cwired postfix/smtpd[14611]: TLS engine: cannot load RSA cert/key data Sep 1 08:54:52 3cwired postfix/smtpd[14611]: connect from mail.corp.valueclick.com[216.34.207.14] Sep 1 08:54:53 3cwired postfix/smtpd[14611]: B5241D18615: client=mail.corp.valueclick.com[216.34.207.14] Sep 1 08:54:54 3cwired postfix/cleanup[14612]: B5241D18615: message-id=<[email protected]> Sep 1 08:54:54 3cwired postfix/qmgr[14213]: B5241D18615: from=<[email protected]>, size=11062, nrcpt=1 (queue active) Sep 1 08:54:55 3cwired postfix/pickup[14212]: 2E3F0D1861F: uid=10004 from=<web6_xxxxx> Sep 1 08:54:55 3cwired postfix/cleanup[14612]: 2E3F0D1861F: message-id=<[email protected]> Sep 1 08:54:55 3cwired postfix/qmgr[14213]: 2E3F0D1861F: from=<[email protected]>, size=354, nrcpt=1 (queue active) Sep 1 08:54:55 3cwired postfix/local[14622]: 2E3F0D1861F: to=<[email protected]>, relay=local, delay=1, status=sent (delivered to command: /usr/bin/procmail -f-) Sep 1 08:54:55 3cwired postfix/qmgr[14213]: 2E3F0D1861F: removed Sep 1 08:54:56 3cwired postfix/local[14613]: B5241D18615: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=3, status=sent (delivered to command: /usr/bin/procmail -f-) Sep 1 08:54:56 3cwired postfix/qmgr[14213]: B5241D18615: removed Sep 1 08:55:00 3cwired postfix/smtpd[14611]: disconnect from mail.corp.valueclick.com[216.34.207.14] my Main.cf file: #soft_bounce = no command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix #default_privs = nobody #myhostname = host.domain.tld #myhostname = virtual.domain.tld #mydomain = domain.tld #myorigin = $myhostname #myorigin = $mydomain # RECEIVING MAIL #inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost #proxy_interfaces = #proxy_interfaces = 1.2.3.4 #mydestination = $myhostname, localhost.$mydomain, localhost ##mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain ##mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, # mail.$mydomain, www.$mydomain, ftp.$mydomain # local_recipient_maps = (i.e. empty). #local_recipient_maps = unixasswd.byname $alias_maps #local_recipient_maps = proxy:unixasswd.byname $alias_maps #local_recipient_maps = # The unknown_local_recipient_reject_code specifies the SMTP server unknown_local_recipient_reject_code = 550 #mynetworks_style = class #mynetworks_style = subnet #mynetworks_style = host #mynetworks = 192.168.1.1/28, 127.0.0.0/8 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table relay_domains = $#mydestination # INTERNET OR INTRANET #relayhost = $mydomain #relayhost = [gateway.my.domain] #relayhost = [mailserver.isp.tld] #relayhost = uucphost #relayhost = [an.ip.add.ress] # REJECTING UNKNOWN RELAY USERS # #relay_recipient_maps = hash:/etc/postfix/relay_recipients # INPUT RATE CONTROL #in_flow_delay = 1s # ADDRESS REWRITING #alias_maps = dbm:/etc/aliases alias_maps = hash:/etc/aliases #alias_maps = hash:/etc/aliases, nis:mail.aliases #alias_maps = netinfo:/aliases #alias_database = dbm:/etc/aliases #alias_database = dbm:/etc/mail/aliases alias_database = hash:/etc/aliases #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases # ADDRESS EXTENSIONS (e.g., user+foo) #recipient_delimiter = + # DELIVERY TO MAILBOX #home_mailbox = Mailbox #home_mailbox = Maildir/ #mail_spool_directory = /var/mail #mail_spool_directory = /var/spool/mail #mailbox_command = /some/where/procmail #mailbox_command = /some/where/procmail -a "$EXTENSION" #mailbox_transport = lmtp:unix:/file/name #mailbox_transport = cyrus #fallback_transport = lmtp:unix:/file/name #fallback_transport = cyrus #fallback_transport = #luser_relay = [email protected] #luser_relay = [email protected] #luser_relay = admin+$local # JUNK MAIL CONTROLS #header_checks = regexp:/etc/postfix/header_checks # FAST ETRN SERVICE #fast_flush_domains = $relay_domains # SHOW SOFTWARE VERSION OR NOT #smtpd_banner = $myhostname ESMTP $mail_name #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) # PARALLEL DELIVERY TO THE SAME DESTINATION #local_destination_concurrency_limit = 2 #default_destination_concurrency_limit = 20 debug_peer_level = 2 #debug_peer_list = 127.0.0.1 #debug_peer_list = some.domain # INSTALL-TIME CONFIGURATION INFORMATION # sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # html_directory = no # manpage_directory: The location of the Postfix on-line manual pages. # manpage_directory = /usr/share/man # sample_directory: The location of the Postfix sample configuration files. # This parameter is obsolete as of Postfix 2.1. # sample_directory = /usr/share/doc/postfix-2.1.5/samples # readme_directory: The location of the Postfix README files. # readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom home_mailbox = Maildir/ mailbox_command = virtual_maps = hash:/etc/postfix/virtusertable mydestination = /etc/postfix/local-host-names -------------------------------------------------------- Hopefully this is enough information. Everything is configured properly through the router. I am behind a linksys router, in a nat environment. It is on a DSL line, I do have port 25 available.
Also this is the error message I get, I am using the uebimiau webmail client: Final-Recipient: rfc822; [email protected] Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; host mx1.hotmail.com[65.54.244.8] said: 550 Command rejected for policy reasons. (in reply to MAIL FROM command) --1AE26D1861D.1157121434/3cwired.com Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Received: from UebiMiau (3cwired.com [127.0.0.1]) by 3cwired.com (Postfix) with SMTP id 1AE26D1861D for <[email protected]>; Fri, 1 Sep 2006 10:27:28 -0400 (EDT) Received: from client 192.168.1.135 for UebiMiau2.7 (webmail client); Fri, 1 Sep 2006 10:27:27 +0100 Date: Fri, 1 Sep 2006 10:27:27 +0100 From: "Brian Baxter" <[email protected]> To: "Brian" <[email protected]> Reply-To: "Brian Baxter" <[email protected]>
I guess you're on a DSL line and/or use a dynamic IP address? Hotmail and some other big freemailers refuse to work with dynamic IP addresses. You should try relaying through your ISP's mail server: http://www.howtoforge.com/forums/showthread.php?t=72&highlight=relayhost
I will try that and see if it resolves the issue. I do however have a static IP address. Thanks for the quick reply.
Ok I now am getting messages in postfix that are stuck in the queue, and not moving, and they have messages such as Could not start TLS: client failure and delivery temporarily suspended: Could not start TLS: client failure Any idea? btw, It still doesn't work, with the addition of the smtp address.
Here is my output, sorry for being gone for so long, problem still persists though. -bash-3.00# netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address Stat e PID/Program name tcp 0 0 *:mysql *:* LIST EN 2883/mysqld tcp 0 0 *:sunrpc *:* LIST EN 2640/portmap tcp 0 0 *:10000 *:* LIST EN 13969/perl tcp 0 0 *:81 *:* LIST EN 3303/ispconfig_http tcp 0 0 *:721 *:* LIST EN 2659/rpc.statd tcp 0 0 *:ftp *:* LIST EN 31278/proftpd: (acc tcp 0 0 3cwired.com:domain *:* LIST EN 3570/named tcp 0 0 3cwired.com:domain *:* LIST EN 3570/named tcp 0 0 *:smtp *:* LIST EN 31389/master tcp 0 0 3cwired.com:rndc *:* LIST EN 3570/named tcp 1 0 3cwired.com:46748 vhost.sourceforge.net:http CLOS E_WAIT 12672/upgrade.cgi tcp 1 0 3cwired.com:10000 192.168.1.139:4503 CLOS E_WAIT 12672/upgrade.cgi tcp 0 0 3cwired.com:46749 osdn.dl.sourceforge.ne:http ESTA BLISHED 12672/upgrade.cgi tcp 0 0 *:imaps *:* LIST EN 2906/dovecot tcp 0 0 *op3s *:* LIST EN 2906/dovecot tcp 0 0 *op3 *:* LIST EN 2906/dovecot tcp 0 0 *:imap *:* LIST EN 2906/dovecot tcp 0 0 *:http *:* LIST EN 3403/httpd tcp 0 0 *:ssh *:* LIST EN 2764/sshd tcp 0 0 *:https *:* LIST EN 3403/httpd tcp 0 0 3cwired.com:http pm81.internetseer.com:2593 TIME _WAIT - tcp 0 0 3cwired.com:ssh ::ffff:192.168.1.139:2115 ESTA BLISHED 17845/0 tcp 0 0 3cwired.com:http DD-WRT:2113 TIME _WAIT - tcp 0 0 3cwired.com:imap 3cwired.com:46964 TIME
Looks ok. Any errors in your mail log? Please check if you're blacklisted: http://www.mxtoolbox.com/blacklists.aspx
Ok, actually I reinstalled postfix again, and recreated the certificates... I almost rendered my server useless in the process when I was working on it by uninstalling a bunch of http/mail server related files by accident. Nonetheless I reinstalled all successfully except for saslauth, and the mailserver has been working fine since then. (knock on wood) I checked my status in the mxtoolbox, and noticed that I was on about 4-6 blacklists, I got all removed except for one, which I am still waiting on. Thanks for the help, I will recheck my maillog and look for any suspicious errors.
i just checked to see if my ip is blacklisted and unfortunatly i am on 11 because i currently have a dynamic IP address
Just start the process to removed yourself from the different lists, and you should be able to remove yourself from them rather quickly and easily.
could spend the time and request that my IP be un-blacklisted from all 11 or could just get a static IP address
The possibility a dynamic IP get's removed from block lists is highly UN-likely. For myself, I block dynamic IP's right at the MTA level and I never look back. There are way too many zombies nowadays. Getting a proper fixed IP on a home line is rather unlikely. In NL, poroviders say you get a static address, but that still is in the dynamic range, so no luck. Might differ in other countries though. Servers in approved datacenters normally get a real fixed IP, which are worldwide recognized as static.
out here in Canada, well saskatchewan if you want to narrow it down to ISPs we can request a static IP address but it will cost a bit more for the internet like $30cad more then the regular internet with a dynamic IP and well, i cant afford an extra $30 ontop of what i pay for bills
Perhaps you can configure postfix to use your ISP mailserver as a relay? That's the most common 'trick' to avoid sending mail from dynamic IP's. Receivers will then see the mailserver of the ISP as the sender and your mail will not be blocked (unless your ISP is on blacklists )
