Join Log in
Score:0
El-Salatinie avatar Server

Postfix -- Not sending and not receiving and mails!

cn flag
El-Salatinie

I've installed yesterday the Mododoa mail server on my linux Ubunto maschine, which is hosted on internet.

Source of installation is:

https://github.com/modoboa/modoboa-installer

DNS should be working correctly. That what is been told on https://mxtoolbox.com/

When i connect my laptop over iamp and stmp it gives me that it is connected. But i can't receive or send any mails.

Following error is from postfix log:

connect from p2e50c2a6.dip0.t-ipconnect.de[46.80.194.166]
Oct 20 12:09:18 mail postfix/submission/smtpd[25138]: Anonymous TLS connection established from p2e50c2a6.dip0.t-ipconnect.de[46.80.194.166]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Oct 20 12:09:18 mail postfix/submission/smtpd[25138]: warning: connect to 127.0.0.1:9999: Connection refused
Oct 20 12:09:18 mail postfix/submission/smtpd[25138]: warning: problem talking to server 127.0.0.1:9999: Connection refused
Oct 20 12:09:19 mail postfix/submission/smtpd[25138]: warning: connect to 127.0.0.1:9999: Connection refused
Oct 20 12:09:19 mail postfix/submission/smtpd[25138]: warning: problem talking to server 127.0.0.1:9999: Connection refused
Oct 20 12:09:19 mail postfix/submission/smtpd[25138]: NOQUEUE: reject: RCPT from p2e50c2a6.dip0.t-ipconnect.de[46.80.194.166]: 451 4.3.5 <[email protected]>: Recipient address rejected: Server configuration problem; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<smtpclient.apple>
Oct 20 12:09:19 mail postfix/submission/smtpd[25138]: disconnect from p2e50c2a6.dip0.t-ipconnect.de[46.80.194.166] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 quit=1 commands=6/7
Oct 20 12:09:22 mail postfix/submission/smtpd[25138]: connect from p2e50c2a6.dip0.t-ipconnect.de[46.80.194.166]
Oct 20 12:09:22 mail postfix/submission/smtpd[25138]: Anonymous TLS connection established from p2e50c2a6.dip0.t-ipconnect.de[46.80.194.166]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

my domain is example.com and mail domain is mail.example.com

following are the configurations:

# This file was automatically installed on 2022-10-19T17:34:22.359534
inet_interfaces = all
inet_protocols = all
myhostname = mail.example.com
myorigin = $myhostname
mydestination = $myhostname
mynetworks = 127.0.0.0/8 [::1]/128
smtpd_banner = $myhostname ESMTP
biff = no
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550

# appending .domain is the MUA's job.
append_dot_mydomain = no

readme_directory = no

mailbox_size_limit = 0
message_size_limit = 11534336
recipient_delimiter = +

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

## Proxy maps
proxy_read_maps =
        proxy:unix:passwd.byname
        proxy:pgsql:/etc/postfix/sql-domains.cf
        proxy:pgsql:/etc/postfix/sql-domain-aliases.cf
        proxy:pgsql:/etc/postfix/sql-aliases.cf
        proxy:pgsql:/etc/postfix/sql-relaydomains.cf
        proxy:pgsql:/etc/postfix/sql-maintain.cf
        proxy:pgsql:/etc/postfix/sql-relay-recipient-verification.cf
        proxy:pgsql:/etc/postfix/sql-sender-login-map.cf
        proxy:pgsql:/etc/postfix/sql-spliteddomains-transport.cf
        proxy:pgsql:/etc/postfix/sql-transport.cf
recipient_delimiter = +

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

## Proxy maps
proxy_read_maps =
        proxy:unix:passwd.byname
        proxy:pgsql:/etc/postfix/sql-domains.cf
        proxy:pgsql:/etc/postfix/sql-domain-aliases.cf
        proxy:pgsql:/etc/postfix/sql-aliases.cf
        proxy:pgsql:/etc/postfix/sql-relaydomains.cf
        proxy:pgsql:/etc/postfix/sql-maintain.cf
        proxy:pgsql:/etc/postfix/sql-relay-recipient-verification.cf
        proxy:pgsql:/etc/postfix/sql-sender-login-map.cf
        proxy:pgsql:/etc/postfix/sql-spliteddomains-transport.cf
        proxy:pgsql:/etc/postfix/sql-transport.cf

## TLS settings
#
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_key_file = /etc/letsencrypt/live/mail.example.de/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_received_header = yes

# Disallow SSLv2 and SSLv3, only accept secure ciphers
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL

#
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_received_header = yes

# Disallow SSLv2 and SSLv3, only accept secure ciphers
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL

# Enable elliptic curve cryptography
smtpd_tls_eecdh_grade = strong

# Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_exclude_ciphers = EXPORT, LOW

## Virtual transport settings
#
virtual_transport = lmtp:unix:private/dovecot-lmtp

virtual_mailbox_domains = proxy:pgsql:/etc/postfix/sql-domains.cf
virtual_alias_domains = proxy:pgsql:/etc/postfix/sql-domain-aliases.cf
virtual_alias_maps =
        proxy:pgsql:/etc/postfix/sql-aliases.cf

# Enable elliptic curve cryptography
smtpd_tls_eecdh_grade = strong

# Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_exclude_ciphers = EXPORT, LOW

## Virtual transport settings
#
virtual_transport = lmtp:unix:private/dovecot-lmtp

virtual_mailbox_domains = proxy:pgsql:/etc/postfix/sql-domains.cf
virtual_alias_domains = proxy:pgsql:/etc/postfix/sql-domain-aliases.cf
virtual_alias_maps =
        proxy:pgsql:/etc/postfix/sql-aliases.cf

## Relay domains
#
relay_domains =
        proxy:pgsql:/etc/postfix/sql-relaydomains.cf
transport_maps =
        proxy:pgsql:/etc/postfix/sql-transport.cf
        proxy:pgsql:/etc/postfix/sql-spliteddomains-transport.cf

## SASL authentication through Dovecot
#
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

## SMTP session policies
#
#
relay_domains =
        proxy:pgsql:/etc/postfix/sql-relaydomains.cf
transport_maps =
        proxy:pgsql:/etc/postfix/sql-transport.cf
        proxy:pgsql:/etc/postfix/sql-spliteddomains-transport.cf

## SASL authentication through Dovecot
#
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

## SMTP session policies
#

# We require HELO to check it later
smtpd_helo_required = yes

# We do not let others find out which recipients are valid
disable_vrfy_command = yes

# MTA to MTA communication on Port 25. We expect (!) the other party to
# specify messages as required by RFC 821.
strict_rfc821_envelopes = yes

# Verify cache setup
address_verify_map = proxy:btree:$data_directory/verify_cache

proxy_write_maps =
    $smtp_sasl_auth_cache_name
    $lmtp_sasl_auth_cache_name
    $address_verify_map

smtpd_helo_required = yes

# We do not let others find out which recipients are valid
disable_vrfy_command = yes

# MTA to MTA communication on Port 25. We expect (!) the other party to
# specify messages as required by RFC 821.
strict_rfc821_envelopes = yes

# Verify cache setup
address_verify_map = proxy:btree:$data_directory/verify_cache

proxy_write_maps =
    $smtp_sasl_auth_cache_name
    $lmtp_sasl_auth_cache_name
    $address_verify_map

# OpenDKIM setup
smtpd_milters = inet:127.0.0.1:12345
non_smtpd_milters = inet:127.0.0.1:12345
milter_default_action = accept
milter_content_timeout = 30s

# List of authorized senders
smtpd_sender_login_maps =
        proxy:pgsql:/etc/postfix/sql-sender-login-map.cf

# Recipient restriction rules
smtpd_recipient_restrictions =
      check_policy_service inet:127.0.0.1:9999
      permit_mynetworks
      permit_sasl_authenticated
      check_recipient_access
          proxy:pgsql:/etc/postfix/sql-maintain.cf
          proxy:pgsql:/etc/postfix/sql-relay-recipient-verification.cf
      reject_unverified_recipient
      reject_unauth_destination

non_smtpd_milters = inet:127.0.0.1:12345
milter_default_action = accept
milter_content_timeout = 30s

# List of authorized senders
smtpd_sender_login_maps =
        proxy:pgsql:/etc/postfix/sql-sender-login-map.cf

# Recipient restriction rules
smtpd_recipient_restrictions =
      check_policy_service inet:127.0.0.1:9999
      permit_mynetworks
      permit_sasl_authenticated
      check_recipient_access
          proxy:pgsql:/etc/postfix/sql-maintain.cf
          proxy:pgsql:/etc/postfix/sql-relay-recipient-verification.cf
      reject_unverified_recipient
      reject_unauth_destination
      reject_non_fqdn_sender
      reject_non_fqdn_recipient
      reject_non_fqdn_helo_hostname

## Postcreen settings
#
postscreen_access_list =
       permit_mynetworks
       cidr:/etc/postfix/postscreen_spf_whitelist.cidr
postscreen_blacklist_action = enforce

# Use some DNSBL
postscreen_dnsbl_sites =
        zen.spamhaus.org=127.0.0.[2..11]*3
        bl.spameatingmonkey.net=127.0.0.2*2
        bl.spamcop.net=127.0.0.2
        dnsbl.sorbs.net=127.0.0.[2..15]
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_action = enforce

postscreen_greet_banner = Welcome, please wait...
postscreen_greet_action = enforce

#postscreen_pipelining_enable = yes
#postscreen_pipelining_action = enforce

#postscreen_non_smtp_command_enable = yes
#postscreen_non_smtp_command_action = enforce

#postscreen_bare_newline_enable = yes
#postscreen_bare_newline_action = enforce

Edit: Following is the log of /var/log/supervisor/supervisord.log:

2022-10-20 12:09:09,989 INFO exited: policyd (exit status 1; not expected)
2022-10-20 12:09:10,992 INFO spawned: 'policyd' with pid 24193
2022-10-20 12:09:11,993 INFO success: policyd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-10-20 12:09:12,766 INFO exited: policyd (exit status 1; not expected)
2022-10-20 12:09:13,768 INFO spawned: 'policyd' with pid 25067
2022-10-20 12:09:14,770 INFO success: policyd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-10-20 12:09:15,452 INFO exited: policyd (exit status 1; not expected)
2022-10-20 12:09:16,454 INFO spawned: 'policyd' with pid 25102
2022-10-20 12:09:17,456 INFO success: policyd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-10-20 12:09:17,999 INFO exited: policyd (exit status 1; not expected)
2022-10-20 12:09:19,002 INFO spawned: 'policyd' with pid 25149
2022-10-20 12:09:20,003 INFO success: policyd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-10-20 12:09:20,708 INFO exited: policyd (exit status 1; not expected)
2022-10-20 12:09:21,710 INFO spawned: 'policyd' with pid 25188
2022-10-20 12:09:22,711 INFO success: policyd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-10-20 12:09:23,296 INFO exited: policyd (exit status 1; not expected)
2022-10-20 12:09:24,298 INFO spawned: 'policyd' with pid 25258
2022-10-20 12:09:25,299 INFO success: policyd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-10-20 12:09:25,769 INFO exited: policyd (exit status 1; not expected)
2022-10-20 12:09:26,771 INFO spawned: 'policyd' with pid 25300
2022-10-20 12:09:27,772 INFO success: policyd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-10-20 12:09:28,367 INFO exited: policyd (exit status 1; not expected)

and following is an error log of /var/log/supervisor/policyd-stdout---supervisor-RuM9yD.log that keeps repeating:

/srv/modoboa/env/lib/python3.6/site-packages/redis/utils.py:12: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
  import cryptography  # noqa
/srv/modoboa/env/lib/python3.6/site-packages/requests/__init__.py:104: RequestsDependencyWarning: urllib3 (1.26.12) or chardet (5.0.0)/charset_normalizer (2.0.12) doesn't match a supported version!
  RequestsDependencyWarning)
Traceback (most recent call last):
  File "/usr/lib/python3.6/asyncio/base_events.py", line 1062, in create_server
    sock.bind(sa)
OSError: [Errno 99] Cannot assign requested address

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/srv/modoboa/instance/manage.py", line 21, in <module>
    main()
  File "/srv/modoboa/instance/manage.py", line 17, in main
    execute_from_command_line(sys.argv)
  File "/srv/modoboa/env/lib/python3.6/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
    utility.execute()
  File "/srv/modoboa/env/lib/python3.6/site-packages/django/core/management/__init__.py", line 375, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/srv/modoboa/env/lib/python3.6/site-packages/django/core/management/base.py", line 323, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/srv/modoboa/env/lib/python3.6/site-packages/django/core/management/base.py", line 364, in execute
    output = self.handle(*args, **options)
  File "/srv/modoboa/env/lib/python3.6/site-packages/modoboa/policyd/management/commands/policy_daemon.py", line 39, in handle
    server = loop.run_until_complete(coro)
  File "/usr/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete
    return future.result()
  File "/usr/lib/python3.6/asyncio/streams.py", line 119, in start_server
    return (yield from loop.create_server(factory, host, port, **kwds))
  File "/usr/lib/python3.6/asyncio/base_events.py", line 1066, in create_server
    % (sa, err.strerror.lower()))
OSError: [Errno 99] error while attempting to bind on address ('::1', 9999, 0, 0): cannot assign requested address

I hope some one can help me here. Thank you in advance.

331
1 + 4
anx avatar
fr flag
anx
So, go ask the service manager (supervisord, I assume, so check `/var/log/supervisor/`) what happened to the policy daemon that was supposed listening on port 9999? It probably failed to start and printed the reason for that on startup.
3
Reply
El-Salatinie avatar
cn flag
El-Salatinie
Hi @anx, Thanks for your reply. I've added the logs of supervisor. It seems that an exception has occured there.
0
Reply
El-Salatinie avatar
cn flag
El-Salatinie
I've also checked if the port 9999 is already in use with the command: netstat -na | grep "9999" but it was not.
0
Reply
El-Salatinie avatar
cn flag
El-Salatinie
Thank you for your comment. It helped me to solve it by doing the following: In /etc/supervisor/conf.d/policyd.conf command=/srv/modoboa/env/bin/python /srv/modoboa/instance/manage.py policy_daemon --host 127.0.0.1 Now i can receive over iamp and webmail. But i can't send over stmp but i can send over WebMail
0
Reply
Score:0
El-Salatinie avatar Server
cn flag
El-Salatinie

I could solve it. Problem was, that i had to add --host 127.0.0.1 to the following line:

command=/srv/modoboa/env/bin/python /srv/modoboa/instance/manage.py policy_daemon --host 127.0.0.1

in the file:

/etc/supervisor/conf.d/policyd.conf command=/srv/modoboa/env/bin/python

and then restart the system.

after that i could receive emails normaly. However, i couldn't send E-Mails over STMP, because it was restricted to local networks only. i had always following error:

NOQUEUE: reject: RCPT from p2e50c2a6.dip0.t-ipconnect.de[00.00.00.00]: 451 4.3.5 <[email protected]>: Recipient address rejected: Server configuration problem;

this could be solved by uncommenting following line in main.cf of postfix:

smtpd_recipient_restrictions =
      #check_policy_service inet:127.0.0.1:9999
      permit_mynetworks

i hope this could be helpful for somebody!

+ 1
anx avatar
fr flag
anx
I recommend you look more into the configuration of the software you are using and how it could be made to serve your use case. It seems odd to install, then try to diagnose a policy service - only then to proceed to stop using it altogether?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.