Hi all, I was too keen on pulling 3.2beta2 and do now regret it. I updated from a Debian 10 perfect server setup on ISPConfig 3.1.15p3. It screwed up my (personal) mail server setup: - Incoming mails get bounced with "Relay access denied" - Local to-myself-mails (from [email protected] to [email protected]) through "Recipient address rejected: User unknown in virtual mailbox table" during sending This still persists with 3.2dev20200923. Reconfigured everything and the diff of the postfix/main.cf to the working version on 3.1.15p3 does not show any significant differences. Any idea? Thanks a lot! /etc/postfix/main.cf: Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination myhostname = mail.mydomain.com alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = nx.mydomain.com, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 10737418240 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html inet_protocols = all virtual_alias_domains = virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client mail.bl.blocklist.de, reject_rbl_client dnsbl.inps.de, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client dul.dnsbl.sorbs.net, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/policy-spf smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = lmtp:unix:private/dovecot-lmtp header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth message_size_limit = 104857600 sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf smtpd_helo_required = yes #smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL strict_rfc821_envelopes = yes smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = yes policy-spf_time_limit = 3600s compatibility_level = 2 non_smtpd_milters = inet:localhost:11332 address_verify_sender_ttl = 15686s enable_original_recipient = no smtpd_milters = inet:localhost:11332 milter_protocol = 6 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_default_action = accept
Hello @NueX, Sorry you're having problems there, but we should be able to get things back up shortly. I updated a production system last night and ran into one issue of bad sql updates on tables, so that I ended up missing at least one column - that is almost certainly my fault, as I have run a few past 3.1dev versions there, as well as tested some features as I developed them. But it sure doesn't hurt to check your table definitions, or re-run the sql commands in install/sql/incremental/upd_0089.sql and upd_0090.sql (that's what fixed me). Do you have any templates in /usr/local/ispconfig/server/conf-custom/ ? If so, and you didn't update them, that could well be your problem. Can you post some mail.log output beyond just the 'relay access denied' error, there may be some other clues in there. Meanwhile I'll browse your above config.
You have numerous postfix settings that aren't current, I'd guess this is your problem. Or postconf failed to run on your system for some reason...
Hi Jesse, Indeed! I forgot about the old templates, but now renamed them to *.bak to check: /usr/local/ispconfig/server/conf-custom/install/debian6_dovecot2.conf.master.bak /usr/local/ispconfig/server/conf-custom/install/debian_postfix.conf.master.bak After rerunning the installer, mails from the outside now make it to the inbox. The local to-myself test still fails: Code: Sep 23 22:29:08 nx postfix/submission/smtpd[18289]: NOQUEUE: reject: RCPT from unknown[179.42.29.86]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mycomputer.lan>
Tested further: only some mailboxes are now reachable from the outside, the one from the local test also fails from external: Code: Sep 23 22:32:49 nx postfix/smtpd[19154]: NOQUEUE: reject: RCPT from mail-gateway-shared03.cyon.net[94.126.200.53]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-gateway-shared03.cyon.net>
Do you have any other templates, in particular ones for mysql-virtual* files? You should check every single template you have with this update.
Only a single one for apache which should not interfere? Code: # find /usr/local/ispconfig/server/conf-custom/ -name "*" /usr/local/ispconfig/server/conf-custom/ /usr/local/ispconfig/server/conf-custom/mail /usr/local/ispconfig/server/conf-custom/mail/empty.dir /usr/local/ispconfig/server/conf-custom/apache_apps.vhost.master /usr/local/ispconfig/server/conf-custom/index /usr/local/ispconfig/server/conf-custom/index/empty.dir /usr/local/ispconfig/server/conf-custom/empty.dir /usr/local/ispconfig/server/conf-custom/error /usr/local/ispconfig/server/conf-custom/error/empty.dir /usr/local/ispconfig/server/conf-custom/install /usr/local/ispconfig/server/conf-custom/install/debian6_dovecot2.conf.master.bak /usr/local/ispconfig/server/conf-custom/install/empty.dir /usr/local/ispconfig/server/conf-custom/install/debian_postfix.conf.master.bak
Ok, what do you have for main.cf now? And what is in /etc/postfix/mysql-virtual_recipient.cf (remove your password).
No, but you'll probably have to update/adjust that as well before you create or update a website in ISPConfig.
/etc/postfix/main.cf: Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination myhostname = mail.mydomain.com alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = nx.mydomain.com, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 10737418240 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html inet_protocols = all virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:/etc/postfix/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, reject_rbl_client cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client mail.bl.blocklist.de, reject_rbl_client dnsbl.inps.de, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client dul.dnsbl.sorbs.net, permit_sasl_authenticated, reject_unauth_pipelining , permit smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = lmtp:unix:private/dovecot-lmtp header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_protocols = !SSLv2,!SSLv3, !TLSv1, !TLSv1.1 smtp_tls_protocols = !SSLv2,!SSLv3, !TLSv1, !TLSv1.1 dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth message_size_limit = 104857600 sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf smtpd_helo_required = yes #smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL strict_rfc821_envelopes = yes smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_delay_reject = yes policy-spf_time_limit = 3600s compatibility_level = 2 non_smtpd_milters = inet:localhost:11332 address_verify_sender_ttl = 15686s enable_original_recipient = no smtpd_milters = inet:localhost:11332 milter_protocol = 6 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_default_action = accept smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_tls_mandatory_ciphers = medium tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 tls_preempt_cipherlist = no /etc/postfix/mysql-virtual_recipient.cf Code: user = ispconfig password = xxxxxxx dbname = dbispconfig hosts = 127.0.0.1 query = select access from mail_access where source = '%s' and type = 'recipient' and active = 'y' and server_id = 1
The query returns 0 rows: Code: MariaDB [dbispconfig]> select access from mail_access where type = 'recipient' and active = 'y' and server_id = 1; Empty set (0.000 sec)
Ok, without reading too detailed, that definitely looks better. Any mail.log errors? Eg. the issue I had with a missing table column showed up as: Code: postfix/proxymap[21258]: warning: mysql:/etc/postfix/mysql-virtual_email2email.cf: query failed: Unknown column 'forward_in_lda' in 'where clause'
So "[email protected]" is setup as a mailbox or ?? What do you get for these commands?: Code: postmap -q [email protected] mysql:/etc/postfix/mysql-virtual_alias_maps.cf postmap -q [email protected] mysql:/etc/postfix/mysql-virtual_email2email.cf postmap -q [email protected] mysql:/etc/postfix/mysql-virtual_forwardings.cf postmap -q [email protected] mysql:/etc/postfix/mysql-virtual_mailboxes.cf postmap -q [email protected] mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf postmap -q [email protected] mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf postmap -q [email protected] mysql:/etc/postfix/mysql-virtual_sender.cf postmap -q [email protected] mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
Did some more investigations. My setup is as follows: mydomain.com with mailbox [email protected] domain2.com as Domain Alias for mydomain.com Now, mails to [email protected] from external get to the inbox, mails to [email protected] get bounced "Recipient address rejected: User unknown in virtual mailbox table"
Only Code: postmap -q [email protected] mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf [email protected] returns a result, the address.
Go ahead and get all the postmap output from above, but the virtual_mailboxes output will be most interesting. I still suspect an sql table issue, what do you have for table definitions of mail_domain, mail_user and mail_forwarding?
What is in your /etc/postfix/mysql-virtual_mailboxes.cf ? And if you run the query manually, what does it return (just change '%s' in the query to '[email protected]')?