ispconfig 3.1 to 3.2 upgrade dovecot/postfix issues

Discussion in 'Installation/Configuration' started by vwpete, Oct 24, 2021.

Page 2 of 2
  1. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Fix that (missing newline) in your main.cf.
     
    Jesse Norell, Oct 25, 2021
    #21
  2. vwpete

    vwpete Member

    ooh how do i do that? what line do i need in main.cf ?

    this is my main.cf
    # my new config changes #
    authorized_submit_users = root, vmail, www-data
    maximal_backoff_time = 3d
    maximal_queue_lifetime = 5d
    # mail.add_x_header = on
    smtpd_delay_reject = yes
    disable_vrfy_command = yes
    smtpd_delay_reject = yes
    strict_rfc821_envelopes = yes
    smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
    policy-spf_time_limit = 3600s
    unknown_address_reject_code = 554
    unknown_hostname_reject_code = 554
    unknown_virtual_alias_reject_code = 554
    unknown_virtual_mailbox_reject_code = 554
    smtpd_soft_error_limit = 3
    smtpd_hard_error_limit = 12
    smtpd_recipient_limit = 100
    smtpd_error_sleep_time = 1s
    # send mail from differant ip
    #

    #
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    #
    # Debian specific: Specifying a file name will cause the first
    # line of that file to be used as the name. The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    #
    smtpd_banner = $myhostname ESMTP $mail_name (Red Cloud tech)
    biff = no
    #
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    #
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    #
    readme_directory = /usr/share/doc/postfix
    #
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    #
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    #
    smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    myhostname = server8.redcloudtech.com.au
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination = server8.redcloudtech.com.au, localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
    virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
    sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_restriction_classes = greylisting
    greylisting = check_policy_service inet:127.0.0.1:10023
    #
    # old smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
    #smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client cbl.abuseat.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf

    smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status


    smtpd_tls_security_level = may
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps
    smtpd_helo_required = yes
    #
    smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit
    #
    smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    #
    smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining , permit

    #
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = lmtp:unix:private/dovecot-lmtp
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    smtp_tls_security_level = dane
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_exclude_ciphers = RC4, aNULL
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    content_filter = lmtp:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    #
    message_size_limit = 26214400
    #
    #
    smtpd_recipient_overshoot_limit = 71
    #
    smtpd_client_recipient_rate_limit = 70
    smtpd_client_connection_rate_limit = 15
    #
    default_extra_recipient_limit = 50
    default_destination_recipient_limit = 50smtpd_reject_unlisted_sender = no
    smtpd_etrn_restrictions = permit_mynetworks, reject
    smtpd_tls_mandatory_ciphers = medium
    tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
    tls_preempt_cipherlist = yes
    address_verify_negative_refresh_time = 60s
    enable_original_recipient = yes
    sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayhost.cf
    smtp_sasl_password_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayauth.cf, texthash:/etc/postfix/sasl_passwd
    smtp_sender_dependent_authentication = yes
    smtp_sasl_auth_enable = yes
    smtp_sasl_security_options = noanonymous, noplaintext
    smtp_sasl_tls_security_options = noanonymous
    smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS
    address_verify_sender_ttl = 15686s
    smtp_dns_support_level = dnssec
    smtpd_reject_unlisted_sender = no
     
    vwpete, Oct 25, 2021
    #22
  3. vwpete

    vwpete Member

    also maybe a red herring, i have webmin installed, when i look at

    SMTP Server Options

    i see this error at the bottom
    Allowed addresses for relaying
    This map cannot be edited : Failed to query table : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from where = limit 1' at line 1

    Restrictions on sender addresses
    This map cannot be edited : Failed to query table : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from where = limit 1' at line 1

    doe sthis have anything to do with it maybe?
     
    vwpete, Oct 25, 2021
    #23
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    The error message text says error is in line with
    Code:
    default_destination_recipient_limit = 50smtpd_reject_unli
    Find where that line is in the configuration file. Then, like @Jesse Norell advised, add the missing newline (that is, smtpd_reject_until should start a new line). Make it so:
    Code:
    default_destination_recipient_limit = 50
smtpd_reject_unli.....
     
    Taleman, Oct 25, 2021
    #24
  5. vwpete

    vwpete Member

    oh wow yes that was the problem
    i had
    default_extra_recipient_limit = 50
    default_destination_recipient_limit = 50smtpd_reject_unlisted_sender = no
    smtpd_etrn_restrictions = permit_mynetworks, reject

    just made it a new line so its
    default_extra_recipient_limit = 50
    default_destination_recipient_limit = 50
    smtpd_reject_unlisted_sender = no
    smtpd_etrn_restrictions = permit_mynetworks, reject

    problem solved all working, most of the mail queue has been processed

    thankyou

    I now have a few emails still in the queue with this error

    delivery temporarily suspended: conversation with 127.0.0.1[127.0.0.1] timed out while receiving the initial server greeting.

    however i can send and receive new emails

    again thanx for spotting the main.cf error
     
    vwpete, Oct 25, 2021
    #25
  6. vwpete

    vwpete Member

    all ok now
    delivery temporarily suspended: conversation with 127.0.0.1[127.0.0.1] timed out while receiving the initial server greeting.
    was caused by an earlier issue with amavis

    i just flushed the mail queue and all mails were then sent

    anyways again thanks very much
     
    vwpete, Oct 26, 2021
    #26
Page 2 of 2

Share This Page