Hello all, I am a n00b here so please forgive me if I sound a bit n00bish on these questions. So I recently gave Microsoft products the boot and discovered free open source. Recently I ran across ISPConfig (which is awesome work to whomever the compliments are owed.) I went ahead and followed the perfect server tutorial using Ubuntu 12.04 and Apache2. Everything was working fine for about 30 days. One day out of the blue I was not able to receive any incoming mail. I sent into my domain e mails from yahoo,gmail and windows live mail. All of them bounced with an error. This was the error in the bounce message: 554 5.7.1 <mail-pb0-f53.google.com[209.85.160.53]>: Client host rejected: Access denied So I went into my master.cf and commented out smtpd_client_restrictions=permit from this part of the configuration submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING That seemed to allow incoming mail but then I started getting an unusual error from yahoo and microsofts web mail. The bounce message read: Remote host said: 530 5.7.0 Must issue a STARTTLS command first [MAIL_FROM] So upon doing some research the only answer I could find was to switch off TLS in the main.cf by adding another line. That works. But randomly. SOme messages will get in, others will bounce. I am using only my yahoo account to test it. It seems gmail woks fine. I have no idea what is going on. Checking the mail.log I dont see anything in there other than the same error messages that I am finding in the bounce e mail headers. Can anyone be of help? Here is the output of postconf -n alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases append_dot_mydomain = no biff = no body_checks = regexp:/etc/postfix/body_checks broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = amavis:[127.0.0.1]:10024 dovecot_destination_recipient_limit = 1 header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix/html inet_interfaces = all mailbox_size_limit = 0 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 message_size_limit = 0 mime_header_checks = regexp:/etc/postfix/mime_header_checks mydestination = masterblaster.atomiccomputerservice.com, localhost, localhost.localdomain myhostname = masterblaster.atomiccomputerservice.com mynetworks = 127.0.0.0/8 [::1]/128 myorigin = /etc/mailname nested_header_checks = regexp:/etc/postfix/nested_header_checks owner_request_special = no proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps readme_directory = /usr/share/doc/postfix receive_override_options = no_address_mappings recipient_delimiter = + relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_client_message_rate_limit = 100 smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_security_level = none smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = no transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/var/lib/mailman/data/virtual-mailman virtual_gid_maps = static:5000 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_transport = dovecot virtual_uid_maps = static:5000 postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1 Also I noticed that when I commented out the line in my master.cf I now get a unused parameter warning when I restart the service. Thanks! Oh yeah, I also checked to see if I was blacklisted and no my server and domain are not listed. DNS seems to resolve ok too. Dig shows proper MX record for my server.
Anyone have any ideas? This is driving me batty. None of it makes sense as some mail gets in, others do not. I can send into my network 10 e mails from the same address and some will get in others will not so it is not a domain thing. tried gmail, yahoo, msn, aol. Same results with all of them.
The table is empty. I set smtpd_tls_security_level to "may" and things seem to be working fine for the moment. However everything was running great and I did not have to change anything at all.
No I did not. Mine was set to encrypt by default. I figure it was forcing TLS on servers trying to connect. It would seem that some servers out there still are not using TLS by default. So I set that to "May" and things seem to be working fine now. Not seeing anything in mail.log that is rejecting anything now. I don't quite understand the ins and outs TLS as well as I should so correct me if my above statement is wrong and my configuration should be set another way.
