Loading ...
Sorry, an error occurred while loading the content.

2.10 problem

Expand Messages
  • Grant
    I recently upgraded from 2.9.5 to 2.10 and ever since I ve been having an intermittent problem with email sent from within my web framework (Interchange -
    Message 1 of 15 , Jun 3, 2013
    • 0 Attachment
      I recently upgraded from 2.9.5 to 2.10 and ever since I've been having
      an intermittent problem with email sent from within my web framework
      (Interchange - icdevgroup.org) not reaching its recipient. I usually
      get an error message in Interchange's log when there's a postfix
      problem but not with this latest issue. I know this is incredibly
      vague, but can anyone hazard a guess as to what the problem might be?

      The big config change I see referenced with regard to 2.10 is
      smtpd_relay_restrictions but I don't see how that could be related.
      My smtpd_relay_restrictions is blank.

      - Grant
    • Wietse Venema
      ... What does Postfix log for a good transaction? What does Postfix log for a bad transaction? Wietse
      Message 2 of 15 , Jun 3, 2013
      • 0 Attachment
        Grant:
        > I recently upgraded from 2.9.5 to 2.10 and ever since I've been having
        > an intermittent problem with email sent from within my web framework
        > (Interchange - icdevgroup.org) not reaching its recipient. I usually
        > get an error message in Interchange's log when there's a postfix
        > problem but not with this latest issue. I know this is incredibly
        > vague, but can anyone hazard a guess as to what the problem might be?
        >
        > The big config change I see referenced with regard to 2.10 is
        > smtpd_relay_restrictions but I don't see how that could be related.
        > My smtpd_relay_restrictions is blank.

        What does Postfix log for a good transaction?

        What does Postfix log for a bad transaction?

        Wietse
      • Viktor Dukhovni
        ... L OOOOOOOOO GGGGGGGGG SSSSSSSSS L 0 0 G G S L 0 0 G GG S L 0 0 G SSSSSSSSS L 0
        Message 3 of 15 , Jun 3, 2013
        • 0 Attachment
          On Mon, Jun 03, 2013 at 04:45:41PM -0700, Grant wrote:

          > I know this is incredibly vague, but can anyone hazard a guess as to
          > what the problem might be?

          L OOOOOOOOO GGGGGGGGG SSSSSSSSS
          L 0 0 G G S
          L 0 0 G GG S
          L 0 0 G SSSSSSSSS
          L 0 0 G S
          L 0 0 G GGGG S
          L 0 0 G G S
          LLLLLLLLL OOOOOOOOO GGGGGGGGG SSSSSSSSS

          --
          Viktor.
        • Jerry
          On Tue, 4 Jun 2013 00:08:17 +0000 ... Someone has way too much time on their hands! -- Jerry ✌ postfix-user@seibercom.net
          Message 4 of 15 , Jun 4, 2013
          • 0 Attachment
            On Tue, 4 Jun 2013 00:08:17 +0000
            Viktor Dukhovni articulated:

            > On Mon, Jun 03, 2013 at 04:45:41PM -0700, Grant wrote:
            >
            > > I know this is incredibly vague, but can anyone hazard a guess as to
            > > what the problem might be?
            >
            > L OOOOOOOOO GGGGGGGGG SSSSSSSSS
            > L 0 0 G G S
            > L 0 0 G GG S
            > L 0 0 G SSSSSSSSS
            > L 0 0 G S
            > L 0 0 G GGGG S
            > L 0 0 G G S
            > LLLLLLLLL OOOOOOOOO GGGGGGGGG SSSSSSSSS

            Someone has way too much time on their hands!

            --
            Jerry ✌
            postfix-user@...
            _____________________________________________________________________
            TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
            TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
          • Lima Union
            not much required, man 6 figlet ... not much required, man 6 figlet On Tue, Jun 4, 2013 at 7:09 AM, Jerry wrote: On Tue, 4
            Message 5 of 15 , Jun 4, 2013
            • 0 Attachment
              not much required, 'man 6 figlet'


              On Tue, Jun 4, 2013 at 7:09 AM, Jerry <postfix-user@...> wrote:
              On Tue, 4 Jun 2013 00:08:17 +0000
              Viktor Dukhovni articulated:

              > On Mon, Jun 03, 2013 at 04:45:41PM -0700, Grant wrote:
              >
              > > I know this is incredibly vague, but can anyone hazard a guess as to
              > > what the problem might be?
              >
              >     L         OOOOOOOOO GGGGGGGGG SSSSSSSSS
              >     L         0       0 G       G S
              >     L         0       0 G      GG S
              >     L         0       0 G         SSSSSSSSS
              >     L         0       0 G                 S
              >     L         0       0 G    GGGG         S
              >     L         0       0 G       G         S
              >     LLLLLLLLL OOOOOOOOO GGGGGGGGG SSSSSSSSS

              Someone has way too much time on their hands!

              --
              Jerry ✌
              postfix-user@...
              _____________________________________________________________________
              TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
              TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html


            • Benny Pedersen
              ... suggest to make it not in main.cf, but use this restriction only on master.cf to disable it for submission and pickup service ports so its just add -o
              Message 6 of 15 , Jun 4, 2013
              • 0 Attachment
                Grant skrev den 2013-06-04 01:45:

                > The big config change I see referenced with regard to 2.10 is
                > smtpd_relay_restrictions but I don't see how that could be related.
                > My smtpd_relay_restrictions is blank.

                suggest to make it not in main.cf, but use this restriction only on
                master.cf to disable it for submission and pickup service ports so its
                just add -o smtpd_relay_restrictions= on this lines in master.cf

                it worked for me :)

                --
                senders that put my email into body content will deliver it to my own
                trashcan, so if you like to get reply, dont do it
              • Benny Pedersen
                ... and others still not understanding configure postfix 2.10 yet :) -- senders that put my email into body content will deliver it to my own trashcan, so if
                Message 7 of 15 , Jun 4, 2013
                • 0 Attachment
                  Jerry skrev den 2013-06-04 12:09:

                  > Someone has way too much time on their hands!

                  and others still not understanding configure postfix 2.10 yet :)

                  --
                  senders that put my email into body content will deliver it to my own
                  trashcan, so if you like to get reply, dont do it
                • Marko Weber | ZBF
                  ... am i allowed to ask why disabling smtpd_relay_restrictions only on submission? & is this really the way to use it? ( in master.cf ?)
                  Message 8 of 15 , Jun 4, 2013
                  • 0 Attachment
                    Am 2013-06-04 15:00, schrieb Benny Pedersen:
                    > Grant skrev den 2013-06-04 01:45:
                    >
                    >> The big config change I see referenced with regard to 2.10 is
                    >> smtpd_relay_restrictions but I don't see how that could be related.
                    >> My smtpd_relay_restrictions is blank.
                    >
                    > suggest to make it not in main.cf, but use this restriction only on
                    > master.cf to disable it for submission and pickup service ports so its
                    > just add -o smtpd_relay_restrictions= on this lines in master.cf
                    >
                    > it worked for me :)

                    am i allowed to ask why disabling smtpd_relay_restrictions only on
                    submission?
                    &
                    is this really the way to use it? ( in master.cf ?)
                  • Benny Pedersen
                    ... submission users is here sasl auth users, if sasl is not enforced then it will be in error to remove relay restrictions, if you ensure smtp auth its
                    Message 9 of 15 , Jun 4, 2013
                    • 0 Attachment
                      Marko Weber | ZBF skrev den 2013-06-04 17:34:

                      > am i allowed to ask why disabling smtpd_relay_restrictions only on
                      > submission?

                      submission users is here sasl auth users, if sasl is not enforced then
                      it will be in error to remove relay restrictions, if you ensure smtp
                      auth its perfectly ok

                      > is this really the way to use it? ( in master.cf ?)

                      depending of logs yes

                      --
                      senders that put my email into body content will deliver it to my own
                      trashcan, so if you like to get reply, dont do it
                    • Noel Jones
                      ... This is not good general advice. A properly-configured smtpd_relay_restrictions should not interfere with submission, and is not used by pickup (since
                      Message 10 of 15 , Jun 4, 2013
                      • 0 Attachment
                        On 6/4/2013 10:34 AM, Marko Weber | ZBF wrote:
                        >
                        >
                        > Am 2013-06-04 15:00, schrieb Benny Pedersen:
                        >> Grant skrev den 2013-06-04 01:45:
                        >>
                        >>> The big config change I see referenced with regard to 2.10 is
                        >>> smtpd_relay_restrictions but I don't see how that could be related.
                        >>> My smtpd_relay_restrictions is blank.
                        >>
                        >> suggest to make it not in main.cf, but use this restriction only on
                        >> master.cf to disable it for submission and pickup service ports so
                        >> its
                        >> just add -o smtpd_relay_restrictions= on this lines in master.cf
                        >>
                        >> it worked for me :)
                        >
                        > am i allowed to ask why disabling smtpd_relay_restrictions only on
                        > submission?
                        > &
                        > is this really the way to use it? ( in master.cf ?)

                        This is not good general advice. A properly-configured
                        smtpd_relay_restrictions should not interfere with submission, and
                        is not used by pickup (since it's not SMTP).

                        The intention of smtpd_relay_restrictions is to be a last-ditch
                        anti-relay rule to prevent accidents from a misconfigured
                        smtpd_recipient_restrictions. As such, it should be as bare-bones as
                        possible, containing ONLY rules related to relaying and not
                        encumbered with anti-spam or other access rules.

                        I expect 99%+ of postfix sites can safely set it to

                        # main.cf
                        smtpd_relay_restrictions =
                        permit_mynetworks,
                        # uncomment next line if using SASL
                        # permit_sasl_authenticated,
                        reject_unauth_destination

                        and leave it at that, with no changes to existing rules. The same
                        smtpd_relay_restrictions setting should work for
                        smtp/submission/smtps, so no overrides should be needed in master.cf.

                        The only place this won't work correctly is sites doing something
                        "odd" in smtpd_recipient_restrictions to allow relay from
                        unauthenticated clients who are not in $mynetworks.

                        I've also seen some people suggest that reject_unauth_destination
                        should be removed from smtpd_recipient_restrictions. I disagree
                        with that advice too. While technically correct that
                        reject_unauth_destination is no longer required, there is no general
                        benefit in removing it except possibly those very few sites with
                        complex relay rules.




                        -- Noel Jones
                      • Grant
                        ... I upgraded to 2.11 and I ll post back with log info if the problem persists. - Grant
                        Message 11 of 15 , Jun 4, 2013
                        • 0 Attachment
                          > Grant:
                          >> I recently upgraded from 2.9.5 to 2.10 and ever since I've been having
                          >> an intermittent problem with email sent from within my web framework
                          >> (Interchange - icdevgroup.org) not reaching its recipient. I usually
                          >> get an error message in Interchange's log when there's a postfix
                          >> problem but not with this latest issue. I know this is incredibly
                          >> vague, but can anyone hazard a guess as to what the problem might be?
                          >>
                          >> The big config change I see referenced with regard to 2.10 is
                          >> smtpd_relay_restrictions but I don't see how that could be related.
                          >> My smtpd_relay_restrictions is blank.
                          >
                          > What does Postfix log for a good transaction?
                          >
                          > What does Postfix log for a bad transaction?

                          I upgraded to 2.11 and I'll post back with log info if the problem persists.

                          - Grant
                        • Grant
                          ... I ve been running like this: # main.cf smtpd_recipient_restrictions = reject_unauth_destination,permit smtpd_relay_restrictions = # master.cf submission
                          Message 12 of 15 , Jun 4, 2013
                          • 0 Attachment
                            >> am i allowed to ask why disabling smtpd_relay_restrictions only on
                            >> submission?
                            >> &
                            >> is this really the way to use it? ( in master.cf ?)
                            >
                            > This is not good general advice. A properly-configured
                            > smtpd_relay_restrictions should not interfere with submission, and
                            > is not used by pickup (since it's not SMTP).
                            >
                            > The intention of smtpd_relay_restrictions is to be a last-ditch
                            > anti-relay rule to prevent accidents from a misconfigured
                            > smtpd_recipient_restrictions. As such, it should be as bare-bones as
                            > possible, containing ONLY rules related to relaying and not
                            > encumbered with anti-spam or other access rules.
                            >
                            > I expect 99%+ of postfix sites can safely set it to
                            >
                            > # main.cf
                            > smtpd_relay_restrictions =
                            > permit_mynetworks,
                            > # uncomment next line if using SASL
                            > # permit_sasl_authenticated,
                            > reject_unauth_destination
                            >
                            > and leave it at that, with no changes to existing rules. The same
                            > smtpd_relay_restrictions setting should work for
                            > smtp/submission/smtps, so no overrides should be needed in master.cf.
                            >
                            > The only place this won't work correctly is sites doing something
                            > "odd" in smtpd_recipient_restrictions to allow relay from
                            > unauthenticated clients who are not in $mynetworks.
                            >
                            > I've also seen some people suggest that reject_unauth_destination
                            > should be removed from smtpd_recipient_restrictions. I disagree
                            > with that advice too. While technically correct that
                            > reject_unauth_destination is no longer required, there is no general
                            > benefit in removing it except possibly those very few sites with
                            > complex relay rules.

                            I've been running like this:

                            # main.cf
                            smtpd_recipient_restrictions = reject_unauth_destination,permit
                            smtpd_relay_restrictions =

                            # master.cf
                            submission inet n - n - - smtpd
                            -o smtpd_sasl_auth_enable=yes
                            -o smtpd_recipient_restrictions=permit_mynetworks,reject_plaintext_session,permit_sasl_authenticated,reject

                            I tried switching to the following in main.cf:

                            smtpd_relay_restrictions = permit_mynetworks,permit_sasl_auth

                            but I started getting messages like this in the log:

                            warning: unknown smtpd restriction: "permit_sasl_auth"
                            451 4.3.5 Server configuration error

                            - Grant
                          • Larry Stone
                            ... permit_sasl_auth permit_sasl_authenticated -- Larry Stone lstone19@stonejongleux.com http://www.stonejongleux.com/
                            Message 13 of 15 , Jun 4, 2013
                            • 0 Attachment
                              On Jun 4, 2013, at 10:28 PM, Grant <emailgrant@...> wrote:
                              > I tried switching to the following in main.cf:
                              >
                              > smtpd_relay_restrictions = permit_mynetworks,permit_sasl_auth
                              >
                              > but I started getting messages like this in the log:
                              >
                              > warning: unknown smtpd restriction: "permit_sasl_auth"
                              > 451 4.3.5 Server configuration error


                              permit_sasl_auth <> permit_sasl_authenticated

                              --
                              Larry Stone
                              lstone19@...
                              http://www.stonejongleux.com/
                            • Benny Pedersen
                              ... let this be undefined in main.cf ... change -o smtpd_recipient_restrictions= add -o
                              Message 14 of 15 , Jun 5, 2013
                              • 0 Attachment
                                Grant skrev den 2013-06-05 05:28:

                                > # main.cf
                                > smtpd_relay_restrictions =

                                let this be undefined in main.cf

                                > # master.cf
                                > submission inet n - n - - smtpd
                                > -o smtpd_sasl_auth_enable=yes

                                > -o
                                > smtpd_recipient_restrictions=permit_mynetworks,reject_plaintext_session,permit_sasl_authenticated,reject
                                change -o smtpd_recipient_restrictions=
                                add -o
                                smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

                                > I tried switching to the following in main.cf:
                                >
                                > smtpd_relay_restrictions = permit_mynetworks,permit_sasl_auth

                                postconf -d |grep relay

                                defaults would be good, if you make the changes in master.cf as write
                                above

                                > but I started getting messages like this in the log:
                                > warning: unknown smtpd restriction: "permit_sasl_auth"
                                > 451 4.3.5 Server configuration error

                                permit_sasl_authenticated vs permit_sasl_auth

                                --
                                senders that put my email into body content will deliver it to my own
                                trashcan, so if you like to get reply, dont do it
                              • Grant
                                ... Following your advice, I ve switched to the following config. Does it look OK? I don t need reject_plaintext_session? master.cf: smtp inet n
                                Message 15 of 15 , Jul 18, 2013
                                • 0 Attachment
                                  >> # main.cf
                                  >> smtpd_relay_restrictions =
                                  >
                                  >
                                  > let this be undefined in main.cf
                                  >
                                  >
                                  >> # master.cf
                                  >> submission inet n - n - - smtpd
                                  >> -o smtpd_sasl_auth_enable=yes
                                  >
                                  >
                                  >> -o
                                  >> smtpd_recipient_restrictions=permit_mynetworks,reject_plaintext_session,permit_sasl_authenticated,reject
                                  >
                                  > change -o smtpd_recipient_restrictions=
                                  > add -o
                                  > smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

                                  Following your advice, I've switched to the following config. Does it
                                  look OK? I don't need reject_plaintext_session?

                                  master.cf:
                                  smtp inet n - n - 1 postscreen
                                  smtpd pass - - n - - smtpd
                                  tlsproxy unix - - n - 0 tlsproxy
                                  submission inet n - n - - smtpd
                                  -o smtpd_sasl_auth_enable=yes
                                  -o smtpd_recipient_restrictions=
                                  -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

                                  main.cf (no smtpd_relay_restrictions):
                                  smtpd_recipient_restrictions = reject_unauth_destination,permit
                                  postscreen_greet_action = enforce
                                  postscreen_pipelining_enable = yes
                                  postscreen_pipelining_action = enforce
                                  postscreen_non_smtp_command_enable = yes
                                  postscreen_non_smtp_command_action = enforce
                                  postscreen_bare_newline_enable = yes
                                  postscreen_bare_newline_action = enforce

                                  - Grant
                                Your message has been successfully submitted and would be delivered to recipients shortly.