Loading ...
Sorry, an error occurred while loading the content.

mail transport unavailable for email in the queue

Expand Messages
  • Marco Fioretti
    Greetings. I just moved to Centos 6 a postfix/dovecot email server previously (left for a long time, alas...) on Centos 4. Right now: the dkim configuration on
    Message 1 of 5 , Jul 28 1:25 AM
    • 0 Attachment
      Greetings.
      I just moved to Centos 6 a postfix/dovecot email server previously (left for a long time, alas...) on Centos 4.

      Right now:
      the dkim configuration on the old server was not working with the new versions of postfix etc.. So I temporarily disabled it (commented out all relevant lines in master.cf)

      email from the outside is received correctly, and delivered to the right maildirs

      outgoing email sent via webmail (with roundcube in case it matters) is delivered

      but if I try to flush the queue after restarting postfix I get one error like this (even if dkim is now disabled):

      postfix/qmgr[3601]: warning: connect to transport private/dksign: Connection refused

      and many errors like this, all from, AFAICT, messages in the queue:

      postfix/error[3640]: D7C00A4E96D: to=<marco.fioretti@...>, relay=none, delay=144677, delays=144677/0.01/0/0.14, dsn=4.3.0, status=deferred (mail transport unavailable)

      The relevant lines of master.cf, and the output of postconf -n are below. Any help to figure out what happened/is still happening and fix it is very welcome, thanks.

      Marco

      [root@newvps postfix]# grep smtp master.cf | grep -v '^#'
      smtp      inet  n       -       n       -       -       smtpd
      submission inet n       -       n       -       -       smtpd
        -o smtpd_enforce_tls=yes
        -o smtpd_sasl_auth_enable=yes
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      smtps     inet  n       -       n       -       -       smtpd
        -o smtpd_tls_wrappermode=yes
        -o smtpd_sasl_auth_enable=yes
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      smtp      unix  -       -       n       -       -       smtp
      relay     unix  -       -       n       -       -       smtp

      POSTCONF -N
      alias_database = hash:/etc/aliases
      alias_maps = hash:/etc/aliases
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      daemon_directory = /usr/libexec/postfix
      debug_peer_level = 2
      disable_vrfy_command = yes
      html_directory = /usr/share/doc/postfix-2.4.3-documentation/html
      inet_interfaces = all
      mail_owner = postfix
      mailq_path = /usr/bin/mailq.postfix
      manpage_directory = /usr/share/man
      mydestination = $myhostname, localhost
      mydomain = $myhostname
      myhostname = a.mx.example.com
      mynetworks = 127.0.0.0/8, ip.1, ip.2 (THESE ARE FIXED IPS OF TWO MACHINES THAT USE THIS ONE AS THEIR RELAY)
      myorigin = $mydomain
      newaliases_path = /usr/bin/newaliases.postfix
      queue_directory = /var/spool/postfix
      readme_directory = /usr/share/doc/postfix-2.4.3-documentation/readme
      relay_domains =
      relayhost =
      sample_directory = /etc/postfix
      sendmail_path = /usr/sbin/sendmail.postfix
      setgid_group = postdrop
      smtpd_helo_required = yes
      smtpd_helo_restrictions =
      smtpd_recipient_restrictions = reject_invalid_hostname,                reject_non_fqdn_hostname,        reject_non_fqdn_sender,                reject_non_fqdn_recipient,                reject_unknown_sender_domain,                reject_unknown_recipient_domain,                permit_mynetworks,                                permit_sasl_authenticated,                reject_unauth_destination,                                check_helo_access hash:/etc/postfix/reject_own_helo
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_path = /var/spool/postfix/private/auth
      smtpd_sasl_type = dovecot
      smtpd_tls_auth_only = yes
      smtpd_tls_cert_file = /etc/myssl/mycert.pem
      smtpd_tls_key_file = /etc/myssl/mycert.pem
      smtpd_tls_loglevel = 1
      smtpd_tls_security_level = may
      strict_rfc821_envelopes = yes
      unknown_address_reject_code = 554
      unknown_client_reject_code = 554
      unknown_hostname_reject_code = 554
      unknown_local_recipient_reject_code = 550
      virtual_alias_maps = hash:/etc/postfix/mymaps/valias.map
      virtual_gid_maps = static:5000
      virtual_mailbox_base = /var/mail/mymail_storage
      virtual_mailbox_domains = /etc/postfix/mymaps/vhosts.map
      virtual_mailbox_maps = hash:/etc/postfix/mymaps/vmailboxes.map
      virtual_transport = procmail
      virtual_uid_maps = static:5000


    • Marco Fioretti
      in addition to what I just wrote, I realized only in this instant that an email from one of two IPs in mynetworks: mynetworks = 127.0.0.0/8, ip.1, ip.2 (THESE
      Message 2 of 5 , Jul 28 1:39 AM
      • 0 Attachment
        in addition to what I just wrote, I realized only in this instant that an email from one of two IPs in mynetworks:

        mynetworks = 127.0.0.0/8, ip.1, ip.2 (THESE ARE FIXED IPS OF TWO

         
        is rejected with this message in the log:

        master.cf.orig:smtp      inet  n       -       n       -       -       smtpd
         Jul 28 10:35:24 newvps postfix/smtpd[3800]: NOQUEUE: reject: RCPT from...[ip.2]: 554 5.7.1 <[ip.2]>: Client host rejected: Access denied; from=<mfioretti@...> to=<marco@...> proto=ESMTP helo=<polaris.local>


      • Wietse Venema
        ... And, you configured the dksign service as a content filter? In that case postsuper -r ALL (or postsuper -r queue_id). Wietse
        Message 3 of 5 , Jul 28 4:31 AM
        • 0 Attachment
          Marco Fioretti:
          > postfix/qmgr[3601]: warning: connect to transport private/dksign:
          > Connection refused

          And, you configured the dksign service as a content filter? In
          that case "postsuper -r ALL" (or postsuper -r queue_id).

          Wietse
        • Marco Fioretti
          ... postsuper -r ALL (or postsuper -r queue_id). Yes and no. the old (centos 4 +postfix 2.whatever it was) **had** dksign configured in that way. Then I got
          Message 4 of 5 , Jul 28 5:04 AM
          • 0 Attachment

            > And, you configured the dksign service as a content filter?  In that case "postsuper -r ALL" (or postsuper -r queue_id).

            Yes and no. the old (centos 4 +postfix 2.whatever it was) **had** dksign configured in that way.

            Then I got this brand new cento6 server with postfix 2.6.6. While configuring it, I did a mistake: I ran it for an hour or so with the **old** master.cf file, and without dksign. So messages were not relayed because not signed. Then I figured out the mistake and fixed (I think) the master.cf. But the message previously stuck in the queue remained there until this sugggetion of yours.

            "postsuper -r ALL" worked fine, thanks. So the issue was that those messages had been stucked in a particolar queue that ONLY postsuper can flush, did I get this right? OK. So this seems settled, thanks again.

            Of course, any comment on the postconf -n output I posted at the beginning of the thread, to improve the setup, is still very welcome, if anybody feels like it!

            Marco


          • Noel Jones
            ... The access denied message is from a reject statement somewhere in your config. My guess is the client is connecting to either submission or smtps and
            Message 5 of 5 , Jul 28 11:21 AM
            • 0 Attachment
              On 7/28/2014 3:39 AM, Marco Fioretti wrote:
              > in addition to what I just wrote, I realized only in this instant
              > that an email from one of two IPs in mynetworks:
              >
              > mynetworks = 127.0.0.0/8 <http://127.0.0.0/8>, ip.1, ip.2 (THESE ARE
              > FIXED IPS OF TWO
              >
              >
              > is rejected with this message in the log:
              >
              > master.cf.orig:smtp inet n - n -
              > - smtpd
              > Jul 28 10:35:24 newvps postfix/smtpd[3800]: NOQUEUE: reject: RCPT
              > from...[ip.2]: 554 5.7.1 <[ip.2]>: Client host rejected: Access
              > denied; from=<mfioretti@...> to=<marco@...
              > <mailto:marco@...>> proto=ESMTP helo=<polaris.local>
              >
              >


              The "access denied" message is from a "reject" statement somewhere
              in your config. My guess is the client is connecting to either
              submission or smtps and not authenticating. (has auth been tested?)

              You can edit the submission/smtps master.cf entries so you can tell
              which service the client connects to. Add to each as appropriate:
              -o syslog_name=postfix/submission
              or
              -o syslog_name=postfix/smtps




              -- Noel Jones
            Your message has been successfully submitted and would be delivered to recipients shortly.