Hi Guys I need urgent help, I made a change to my config files and now mail is not being delivered I get the following 2 messages Code: postfix/smtpd[11644]: NOQUEUE: reject: RCPT from bay0-omc2-s32.bay0.hotmail.com[65.54.246.168]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<bay0-omc2-s32.bay0.hotmail.com> and Code: postfix/smtp[11172]: 4B619B1440C: to=<[email protected]>, relay=mail.xxxxx.co.za[196.213.164.26]:25, delay=0.15, delays=0.06/0/0.09/0, dsn=5.4.6, status=bounced (mail for xxxxx.co.za loops back to myself the xxxxx represent the same domain name. these are my config files, I install Amavis-new, clamav, spamassasin, and Maia MailGaurd. It's been running fine for that past 3 weeks, last week I was doing a compare of my files to ISPConfig3 to do with another issue I have there and I think I made a change to worng server. If it's an easy fix cool if not I have no problem setting my server back to default ISPConfig and scraping the above programs as long as I can get it to work. master.cf Code: # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd #submission inet n - - - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - - - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} # This Part is for amavisd-new amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bind_address=127.0.0.1 main.cf Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = bigb.xxxxx.co.za alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = bigb.xxxxx.co.za, localhost.xxxxx.co.za, localhost.localdomain, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_tls_auth_only = no smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom amavisd.conf Code: # Sample amavisd.conf file for Maia Mailguard 1.0 use strict; $max_servers = 2; # number of pre-forked children (2..15 is common) $daemon_user = 'amavis'; # (no default; customary: vscan or amavis) $daemon_group = 'amavis'; # (no default; customary: vscan or amavis) $sa_timeout = 60; # give SpamAssassin time (in seconds) to do its work $mydomain = 'xxxxx.co.za'; # a convenient default for other settings $MYHOME = '/var/amavisd'; # a convenient default for other settings $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to be created manually $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR #$QUARANTINEDIR = '/var/virusmails'; # Blowfish encryption key file (optional) # NOTE: leave this commented out to disable encryption features # $key_file = "$MYHOME/maia.key"; #$daemon_chroot_dir = $MYHOME; # chroot directory or undef $db_home = "$MYHOME/db"; # $helpers_home = "$MYHOME/var"; # prefer $MYHOME clean and owned by root? # $pid_file = "$MYHOME/var/amavisd.pid"; # $lock_file = "$MYHOME/var/amavisd.lock"; #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually # NOTE: most _maps variables are depreciated in Maia, and may not work, since this # should be defined in the web interface #@local_domains_maps = ( [".$mydomain"] ); # @mynetworks = qw( 127.0.0.0/8 ); # Access control list - restricts the hosts allowed to connect to amavisd-maia # NOTE: this setting is unnecessary for most installations, as amavisd-maia's # defaults are usually adequate. # @inet_acl = qw( 127.0.0.1 ); $log_level = 2; # verbosity 0..5 $log_recip_templ = undef; # disable by-recipient level-0 log entries $LOGFILE = "/var/log/amavis.log"; $DO_SYSLOG = 0; # log via syslogd (preferred) $SYSLOG_LEVEL = 'mail.debug'; $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $inet_socket_port = 10024; # listen on this local TCP port(s) (see $protocol) $sa_tag_level_deflt = -999; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level $sa_kill_level_deflt = 5.0; # triggers spam evasive actions $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent $sa_mail_body_size_limit = 256*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access? $sa_auto_whitelist = 0; # turn on AWL in SA 2.63 or older (irrelevant # for SA 3.0, cf option is 'use_auto_whitelist') # Database connection string @lookup_sql_dsn = ( ['DBI:mysql:maia:localhost', 'amavis', 'Passwd'] ); $virus_admin = undef; # notifications recip. $mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender $mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender $mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef @addr_extension_virus_maps = ('virus'); @addr_extension_spam_maps = ('spam'); @addr_extension_banned_maps = ('banned'); @addr_extension_bad_header_maps = ('badh'); # $recipient_delimiter = '+'; # undef disables address extensions altogether # when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+ $recipient_delimiter = undef; $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; $file = '/usr/bin/file'; # file(1) utility; use recent versions $gzip = 'gzip'; $bzip2 = 'bzip2'; $lzop = 'lzop'; $rpm2cpio = ['rpm2cpio.pl','rpm2cpio']; $cabextract = 'cabextract'; $uncompress = ['uncompress', 'gzip -d', 'zcat']; #$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat']; $arc = ['nomarch', 'arc']; $unarj = ['arj', 'unarj']; $unrar = ['rar', 'unrar']; $zoo = 'zoo'; $lha = 'lha'; $cpio = ['gcpio','cpio']; $ar = 'ar'; #$dspam = 'dspam'; $pax = 'pax'; $ripole = 'ripole'; $MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) $sa_spam_subject_tag = '***SPAM*** '; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name $myhostname = 'mail.xxxxx.co.za'; # must be a fully-qualified domain name! $notify_method = 'smtp:[127.0.0.1]:10025'; $forward_method = 'smtp:[127.0.0.1]:10025'; $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_DISCARD; $final_spam_destiny = D_DISCARD; $final_bad_header_destiny = D_DISCARD; $warnvirussender = 0; $warnspamsender = 0; $X_HEADER_TAG = 'X-Virus-Scanned'; $X_HEADER_LINE = "Maia Mailguard 1.0.2a"; @viruses_that_fake_sender_maps = (new_RE( [qr'\bEICAR\b'i => 0], # av test pattern name [qr'^(WM97|OF97|Joke\.)'i => 0], # adjust names to match your AV scanner [qr/.*/ => 1], # true for everything else )); @keep_decoded_original_maps = (new_RE( # qr'^MAIL$', # retain full original message for virus checking (can be slow) qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, # qr'^Zip archive data', # don't trust Archive::Zip )); $banned_filename_re = new_RE( # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components # block certain double extensions anywhere in the base name qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, # qr'[{}]', # curly braces in names (serve as Class ID extensions - CLSID) qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types # [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any type in Unix-compressed # [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any type in Unix archives # [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any type within such archives # qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|exe|fxp|hlp|hta|inf|ins|isp| js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|ops|pcd|pif|prg| reg|scr|sct|shb|shs|vb|vbe|vbs|wsc|wsf|wsh)$'ix, # banned ext - long # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. qr'^\.(exe-ms)$', # banned file(1) types qr'^\.(exe|lha|cab|dll)$', # banned file(1) types ); @score_sender_maps = ({}); # should be empty if using Maia Mailguard # See https://secure.renaissoft.com/maia/wiki/VirusScannerConfig # for more virus scanner definitions. @av_scanners = ( ### http://www.clamav.net/ ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # NOTE: run clamd under the same user as amavisd; match the socket # name (LocalSocket) in clamav.conf to the socket name in this entry # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"], ); # See http://www.maiamailguard.com/maia/wiki/VirusScannerConfig # for more virus scanner definitions. @av_scanners_backup = ( ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV ['ClamAV-clamscan', 'clamscan', "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ); 1; # insure a defined return netstat -tap Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost.localad:10024 *:* LISTEN 13178/amavisd (mast tcp 0 0 *:mysql *:* LISTEN 5002/mysqld tcp 0 0 localhost.localad:spamd *:* LISTEN 5065/spamd.pid tcp 0 0 *:www *:* LISTEN 6297/apache2 tcp 0 0 *:81 *:* LISTEN 6071/ispconfig_http tcp 0 0 *:ssh *:* LISTEN 4873/sshd tcp 0 0 *:smtp *:* LISTEN 11152/master tcp 0 0 *:https *:* LISTEN 6297/apache2 tcp 0 0 bigb.xxxxx.co.za:ssh MOM:1962 ESTABLISHED 7084/sshd: barts [p tcp 0 0 bigb.xxxxx.co.za:smtp outmail005.ash1.t:18480 TIME_WAIT - tcp 0 148 bigb.xxxxx.co.za:ssh MOM:1914 ESTABLISHED 6757/sshd: barts [p tcp6 0 0 [::]:imaps [::]:* LISTEN 5693/couriertcpd tcp6 0 0 [::]:pop3s [::]:* LISTEN 5731/couriertcpd tcp6 0 0 [::]:pop3 [::]:* LISTEN 5709/couriertcpd tcp6 0 0 [::]:imap2 [::]:* LISTEN 5671/couriertcpd tcp6 0 0 [::]:ftp [::]:* LISTEN 6451/proftpd: (acce tcp6 0 0 [::]:ssh [::]:* LISTEN 4873/sshd tcp6 0 0 [::]:smtp [::]:* LISTEN 11152/master tcp6 0 0 bigb.xxxxx.co.za:52887 72.5.124.55%1255454:www ESTABLISHED 5802/java Please remember the mail always used to work
More info If I send an email to [email protected] the mail get's delivered and I can retrieve it I have also just noticed that bind is not working, the service has failed and will not start, we don't use it as we use external DNS servers but would this have an effect on postfix ?
Which ISPConfig version do you have installed? You wrote above that you use ispconfig 3, but ISPConfig 3 does not have mail users in the form web3_username.
I have another post open about v3 and mail issue, I use v2 for live, the problem I have on this thead is for v2. it runs on ubuntu 8.10
And you had not tried to install ispconfig 3 on that server before? Because both versions are completely incompatible and you wont get a working mail system in this case. Also ISPConfig 2 does not use amavisd for spam filtering, it filters with spamassassin and procmail. If this is really a ispconfig 2 system, then the following 2 lines are missing in main.cf: virtual_maps = hash:/etc/postfix/virtusertable mydestination = /etc/postfix/local-host-names
Till........ you are da Man !!!!!!!! it def is a v2 I added these 2 lines : virtual_maps = hash:/etc/postfix/virtusertable mydestination = /etc/postfix/local-host-names and the emails are now going through, I shall keep an eye out on the log's Thanx again and excellent service for a free product
