Postfix mail is held in queue indefinitely...

Discussion in 'Server Operation' started by squallbsr, Jan 12, 2006.

  1. squallbsr

    squallbsr New Member

    I am running Debian 3.1 on a VMS From TekTonic Hosting.

    I installed Postfix, SASL, Courier-IMAP(-SSL), MySQL from this howto: http://www.howtoforge.com/virtual_postfix_mysql_quota_courier

    Postfix 2.1.5

    I have gotten the SMTP server authenticating, accepting mail from clients, delivering it to other email servers, but when the mail is destined for the local machine, it just sits in queue. Postfix is successfully chrooted and all authentication is working fine, I do not want to remove it from the chroot, so I cannot remove the proxy:mysql:... entries from the main.cf file. I cannot change those entries to just mysql:... because it breaks the SASL authentication (even when postfix has been removed from chroot mode in master.cf).

    Here is a snapshot of my log - which starts with a test email from my personal domain to <username>@hidesato.com.
    Code:
    Jan 11 22:08:22 mail postfix/smtpd[7407]: connect from cpe-x-x-x-x.satx.res.rr.com[x.x.x.x]
    Jan 11 22:08:22 mail postfix/smtpd[7407]: D62AD4832496: client=cpe-xxx-xxx-xxx-xxx.satx.res.rr.com[x.x.x.x], sasl_method=PLAIN, sasl_username=<username>@hidesato.com
    Jan 11 22:08:23 mail postfix/cleanup[7423]: D62AD4832496: message-id=<[email protected]>
    Jan 11 22:08:23 mail postfix/qmgr[5834]: D62AD4832496: from=<[email protected]>, size=568, nrcpt=1 (queue active)
    Jan 11 22:08:23 mail postfix/smtpd[7407]: disconnect from cpe-x-x-x-x.satx.res.rr.com[x.x.x.x]
    Jan 11 22:08:42 mail postfix/virtual[7798]: fatal: mysql:/etc/postfix/mysql-virtual_mailboxes.cf: proxy map is not allowed for security sensitive data
    Jan 11 22:08:43 mail postfix/master[5830]: warning: process /usr/lib/postfix/virtual pid 7798 exit status 1
    Jan 11 22:08:43 mail postfix/master[5830]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling
    
    My guess is that this is related to the delivery to Maildir under the username vmail, in order to get the IMAP client to connect to the server I had to manually do a maildirmake /home/vmail/<username>. After those directories existed, the IMAP client (thunderbird) connected just fine - but all my mail is stuck in queue.

    Code:
    mail:/usr/src# mailq
    -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
    D62AD4832496*     568 Wed Jan 11 22:08:22  <username>@hidesato.com
                                             <username>@hidesato.com
    
    -- 0 Kbytes in 1 Request.
    
    I really would like to get the mail delivery working, thats the last thing to fix and I can get my email up and going on this new host. Any help would be appreciated. I followed the tutorial very closely, I did change all the references to 127.0.0.1 to localhost in the mysql files because for some reason the loopback ip address wasn't working. I can provide more information if needed of course.
     
  2. falko

    falko Super Moderator Howtoforge Staff

    Did you run this command, as described in the tutorial:
    Code:
    postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'
    What's in /etc/hosts? Also post the output of
    Code:
    ifconfig
     
  3. squallbsr

    squallbsr New Member

    More Info

    Here is the info requested...
    I'm in a hurry so here is a big copy/paste with that info

    Code:
    mail:~# cat /etc/hosts
    127.0.0.1  localhost localhost.localdomain
    <my-ip> mail.hidesato.com mail
    mail:~# ifconfig
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:7881716 errors:0 dropped:0 overruns:0 frame:0
              TX packets:7881716 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:1815973554 (1.6 GiB)  TX bytes:1815973554 (1.6 GiB)
    
    venet0    Link encap:UNSPEC  HWaddr 00-00-FF-00-00-00-00-00-00-00-00-00-00-00-00-00
              inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
              UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
              RX packets:173754 errors:0 dropped:0 overruns:0 frame:0
              TX packets:143919 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:82388623 (78.5 MiB)  TX bytes:24854901 (23.7 MiB)
    
    venet0:0  Link encap:UNSPEC  HWaddr 00-00-FF-FF-FF-FF-00-00-00-00-00-00-00-00-00-00
              inet addr:<my-ip>  P-t-P:<my-ip>  Bcast:0.0.0.0  Mask:255.255.255.255
              UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
    
    mail:~# postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'
    
    mail:~# /etc/init.d/postfix restart
    Stopping mail transport agent: Postfix.
    Starting mail transport agent: Postfix.
    
    mail:~# postqueue -f
    
    mail:~# sleep 30 && mailq
    -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
    C231E48324EA*     487 Thu Jan 12 00:00:04  [email protected]
                                             [email protected]
    
    D62AD4832496*     568 Wed Jan 11 22:08:22  <username>@hidesato.com
                                             <username>@hidesato.com
    
    -- 1 Kbytes in 2 Requests.
    
     
  4. falko

    falko Super Moderator Howtoforge Staff

    Is this a virtual server?

    Anyway, after you've run the postconf command and restarted Postfix, has Postfix delivered the mails in the queue?
     
  5. squallbsr

    squallbsr New Member

    Virtual Server

    Yes, this is a virtual server, no the emails have not gone through.
     
  6. falko

    falko Super Moderator Howtoforge Staff

    What's in the mail log now?
    Please post /etc/postfix/main.cf here.
     
  7. squallbsr

    squallbsr New Member

    Here is the same thing repeated over and over in the mail log...

    Code:
    Jan 12 21:58:41 mail postfix/virtual[3077]: fatal: mysql:/etc/postfix/mysql-virtual_mailboxes.cf: proxy map is not allowed for security sensitive data
    Jan 12 21:58:42 mail postfix/master[22249]: warning: process /usr/lib/postfix/virtual pid 3077 exit status 1
    Jan 12 21:58:42 mail postfix/master[22249]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling
    
    Here is main.cf
    Code:
    mail:~# cat /etc/postfix/main.cf
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    myhostname = mail.hidesato.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    smtpd_use_tls = yes
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_create_maildirsize = yes
    virtual_mailbox_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    unknown_local_recipient_reject_code = 450
    mail:~#
    
    Keep in mind that mail works just fine when it goes to another server, the mail client will logonto smtp-tls (mail.hidesato.com) and send the email to the correct server (i.e. hotmail.com). I don't have refused connections, it just cannot deliver local mail. /me scratches head
     
  8. falko

    falko Super Moderator Howtoforge Staff

    Have you tried to remove all the proxy: strings in /etc/postfix/main.cf (restart Postfix afterwards)?
     
  9. squallbsr

    squallbsr New Member

    Proxy removed doesn't help

    I remove the proxy: from proxy:mysql:...

    Mail still sits in queue. smtp is still chrooted, IMAP-SSL still works fine, SMTP to other mail servers works fine. For some reason it just cannot deliver the mail to one of the MailDir's under /home/vmail (i.e. /home/vmail/hidesato.com/<username>/ OR /home/vmail/mail.hidesato.com/test/)

    I would imagine that the proxy items need to be there because of the chroot and not being able to read config from the /etc/postfix directory.

    The postfix documentation is confusing because in places talking about virtual hosts and storing all the accounts under one unix account is allowed and can be mapped. But other places talking about the virtual hosts having no privileges on the filesystem and being unable to write to any files. I wish the error messages would lead me to a more conclusive answer...
     
  10. falko

    falko Super Moderator Howtoforge Staff

    No, that's just a performance tuning. If you use proxy, then there's only one MYSQL connection open which is used by all Postfix processes. If you don't use proxy, then every Postfix process which needs to access the database opens a new connection.
     

Share This Page