I needed to power down my mail server. After that, it would not boot. There is a hardware failure somewhere in it. I had a backup machine, but it was running an old version of Freebsd. Couldn't ssh into it from the most recent version. So I built a new mail server. The mail files (data and configuration) were on a removable drive. I mostly got it back running again. However, mail from one of my machines on the local network (10.0.1.x) is rejected. Mail from outside that network is accepted and delivered fine. I enabled trace for 10.0.1.250 and tried to deliver a message. It failed and here is an extract of the debug log:
Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: >>> START Recipient address RESTRICTIONS <<< Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: generic_checks: name=permit _mynetworks Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: permit_mynetworks: master 1 0.0.1.250 Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: match_hostname: mynetworks: master ~? 10.0.1.0/24 Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: match_hostaddr: mynetworks: 10.0.1.250 ~? 10.0.1.0/24 Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: smtpd_acl_permit: checking smtpd_log_access_permit_actions settings Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: match_list_match: permit_my networks: no match Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: smtpd_acl_permit: smtpd_log _access_permit_actions: no match Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: generic_checks: name=permit _mynetworks status=1 Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: >>> END Recipient address R ESTRICTIONS <<< Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: >>> START Recipient address RESTRICTIONS <<< Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: generic_checks: name=permit _sasl_authenticated status=0 Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: NOQUEUE: reject: RCPT from master[10.0.1.250]: 554 5.7.1 <[email protected]>: Recipient address rejected: Acces s denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<master.sermon-archive.info> Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: generic_checks: name=reject status=2 Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: > master[10.0.1.250]: 554 5 .7.1 <[email protected]>: Recipient address rejected: Access denied Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: smtp_get: EOF Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: smtp_stream_setup: maxtime= 300 enable_deadline=0 min_data_rate=0 Mar 4 23:49:52 mail postfix-submission/smtpd[9591]: NOQUEUE: lost connection af ter RCPT from master[10.0.1.250] In each case where it tests the recipient address it shows ~? in the line. I suspect that means that the match failed. However, those work when the email comes from outside my LAN. postconf -n: alias_maps = hash:/usr/local/etc/postfix/aliases bounce_queue_lifetime = 1d command_directory = /usr/local/sbin compatibility_level = 3.7 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 1 debug_peer_list = 10.0.1.250 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 default_privs = mailnull dovecot_destination_concurrency_limit = 1 dovecot_destination_recipient_limit = 1 enable_long_queue_ids = yes header_checks = pcre:/usr/local/etc/postfix/header_checks.pcre home_mailbox = Maildir/ html_directory = /usr/local/share/doc/postfix incoimg_recipient_restrictions = check_policy_service inet:127.0.0.1:10040, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, check_sender_access inline:{digitalinsight.firefightersfirstcreditunion.org=permit_auth_destination} check_sender_access hash:/usr/local/etc/postfix/sender_access reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, check_policy_service inet:127.0.0.1:10023, reject_unauth_pipelining, check_client_access hash:/usr/local/etc/postfix/tempfail, reject_unauth_destination, reject_unlisted_recipient reject_unlisted_sender reject_rbl_client bl.spamcop.net, reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, permit inet_protocols = ipv4 local_recipient_maps = unix:passwd.byname $alias_maps mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = 0 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man max_use = 5 message_size_limit = 1024000000 mydestination = localhost.$mydomain, localhost mydomain = sermon-archive.info mynetworks = 10.0.1.0/24, 127.0.0.0/8 mynetworks_style = host newaliases_path = /usr/local/bin/newaliases postscreen_access_list = permit_mynetworks, cidr:/usr/local/etc/postfix/access.cidr postscreen_greet_action = enforce queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix recipient_canonical_classes = envelope_recipient, header_recipient recipient_canonical_maps = socketmap:unix:srs:reverse relocated_maps = hash:/usr/local/etc/postfix/relocated sample_directory = /usr/local/etc/postfix sender_canonical_classes = envelope_sender sender_canonical_maps = socketmap:unix:srs:forward sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_destination_concurrency_limit = 2 smtp_destination_recipient_limit = 25 smtp_generic_maps = hash:/usr/local/etc/postfix/generic smtp_tls_loglevel = 1 smtp_tls_security_level = may smtpd_authorized_xclient_hosts = 10.0.1.0/24 smtpd_client_auth_rate_limit = 10 smtpd_client_connection_rate_limit = 10 smtpd_command_filter = pcre:/usr/local/etc/postfix/quote smtpd_error_sleep_time = 10 smtpd_hard_error_limit = 10 smtpd_milters = smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_soft_error_limit = 1 smtpd_tls_cert_file = /www/certs/mail.pem smtpd_tls_key_file = /www/certs/mail.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/usr/local/etc/postfix/doug_aliases, hash:/usr/local/etc/postfix/test_aliases, hash:/usr/local/etc/postfix/ccb_aliases, hash:/usr/local/etc/postfix/beneke_aliases, hash:/usr/local/etc/postfix/lafn_aliases virtual_gid_maps = static:2222 virtual_mailbox_base = /var/mail/ virtual_mailbox_domains = hash:/usr/local/etc/postfix/vmail_domains virtual_mailbox_limit = 1024000000 virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmail_mailbox virtual_minimum_uid = 2222 virtual_transport = dovecot virtual_uid_maps = static:2222 postconf -Mf: alias_maps = hash:/usr/local/etc/postfix/aliases bounce_queue_lifetime = 1d command_directory = /usr/local/sbin compatibility_level = 3.7 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 1 debug_peer_list = 10.0.1.250 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 default_privs = mailnull dovecot_destination_concurrency_limit = 1 dovecot_destination_recipient_limit = 1 enable_long_queue_ids = yes header_checks = pcre:/usr/local/etc/postfix/header_checks.pcre home_mailbox = Maildir/ html_directory = /usr/local/share/doc/postfix incoimg_recipient_restrictions = check_policy_service inet:127.0.0.1:10040, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, check_sender_access inline:{digitalinsight.firefightersfirstcreditunion.org=permit_auth_destination} check_sender_access hash:/usr/local/etc/postfix/sender_access reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, check_policy_service inet:127.0.0.1:10023, reject_unauth_pipelining, check_client_access hash:/usr/local/etc/postfix/tempfail, reject_unauth_destination, reject_unlisted_recipient reject_unlisted_sender reject_rbl_client bl.spamcop.net, reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, permit inet_protocols = ipv4 local_recipient_maps = unix:passwd.byname $alias_maps mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = 0 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man max_use = 5 message_size_limit = 1024000000 mydestination = localhost.$mydomain, localhost mydomain = sermon-archive.info mynetworks = 10.0.1.0/24, 127.0.0.0/8 mynetworks_style = host newaliases_path = /usr/local/bin/newaliases postscreen_access_list = permit_mynetworks, cidr:/usr/local/etc/postfix/access.cidr postscreen_greet_action = enforce queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix recipient_canonical_classes = envelope_recipient, header_recipient recipient_canonical_maps = socketmap:unix:srs:reverse relocated_maps = hash:/usr/local/etc/postfix/relocated sample_directory = /usr/local/etc/postfix sender_canonical_classes = envelope_sender sender_canonical_maps = socketmap:unix:srs:forward sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_destination_concurrency_limit = 2 smtp_destination_recipient_limit = 25 smtp_generic_maps = hash:/usr/local/etc/postfix/generic smtp_tls_loglevel = 1 smtp_tls_security_level = may smtpd_authorized_xclient_hosts = 10.0.1.0/24 smtpd_client_auth_rate_limit = 10 smtpd_client_connection_rate_limit = 10 smtpd_command_filter = pcre:/usr/local/etc/postfix/quote smtpd_error_sleep_time = 10 smtpd_hard_error_limit = 10 smtpd_milters = smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_soft_error_limit = 1 smtpd_tls_cert_file = /www/certs/mail.pem smtpd_tls_key_file = /www/certs/mail.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/usr/local/etc/postfix/doug_aliases, hash:/usr/local/etc/postfix/test_aliases, hash:/usr/local/etc/postfix/ccb_aliases, hash:/usr/local/etc/postfix/beneke_aliases, hash:/usr/local/etc/postfix/lafn_aliases virtual_gid_maps = static:2222 virtual_mailbox_base = /var/mail/ virtual_mailbox_domains = hash:/usr/local/etc/postfix/vmail_domains virtual_mailbox_limit = 1024000000 virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmail_mailbox virtual_minimum_uid = 2222 virtual_transport = dovecot virtual_uid_maps = static:2222 Log entries for an email from an outside host that was delivered: Mar 5 00:26:30 mail postfix/postscreen[11753]: CONNECT from [209.85.219.50]:404 14 to [10.0.1.230]:25 Mar 5 00:26:30 mail postfix/postscreen[11753]: PASS OLD [209.85.219.50]:40414 Mar 5 00:26:30 mail postfix/smtpd[11893]: connect from mail-qv1-f50.google.com[ 209.85.219.50] Mar 5 00:26:30 mail postfix/smtpd[11893]: Anonymous TLS connection established from mail-qv1-f50.google.com[209.85.219.50]: TLSv1.3 with cipher TLS_AES_128_GCM _SHA256 (128/128 bits) key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 Mar 5 00:26:30 mail postgrey[8456]: action=pass, reason=client whitelist, clien t_name=mail-qv1-f50.google.com, client_address=209.85.219.50, sender=linda.rhyme [email protected], [email protected] Mar 5 00:26:30 mail postsrsd[11896]: <[email protected]> not reversed: Not an SRS address. Mar 5 00:26:30 mail postsrsd[11896]: <[email protected]> not reversed: Not an SRS address. Mar 5 00:26:30 mail postsrsd[11896]: <[email protected]> forwarded as <SRS [email protected]> Mar 5 00:26:31 mail postfix/smtpd[11893]: 4fRN130SxzzMvn4: client=mail-qv1-f50. google.com[209.85.219.50] Mar 5 00:26:31 mail postsrsd[11898]: <[email protected]> forwarded as <SRS [email protected]> Mar 5 00:26:31 mail postsrsd[11898]: <SRS0=e3+S=BF=gmail.com=linda.rhymes@lafn. org> not rewritten: local domain Mar 5 00:26:31 mail postsrsd[11898]: <[email protected]> not reversed: Not an SRS address. Mar 5 00:26:31 mail postfix/cleanup[11897]: 4fRN130SxzzMvn4: message-id=<CA+quw [email protected]> Mar 5 00:26:35 mail postfix/qmgr[11747]: 4fRN130SxzzMvn4: from=<SRS0=e3+S=BF=gm [email protected]>, size=29021526, nrcpt=1 (queue active) Mar 5 00:26:35 mail postfix/smtpd[11893]: disconnect from mail-qv1-f50.google.c om[209.85.219.50] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=2 quit=1 commands=8 Mar 5 00:26:40 mail postfix/pipe[11900]: 4fRN130SxzzMvn4: to=<[email protected] archive.info>, orig_to=<[email protected]>, relay=dovecot, delay=10, delays=4.9/0.0 2/0/5.3, dsn=2.0.0, status=sent (delivered via dovecot service) Mar 5 00:26:40 mail postfix/qmgr[11747]: 4fRN130SxzzMvn4: removedMar 5 00:26:30 mail postfix/postscreen[11753]: CONNECT from [209.85.219.50]:404 14 to [10.0.1.230]:25 Mar 5 00:26:30 mail postfix/postscreen[11753]: PASS OLD [209.85.219.50]:40414 Mar 5 00:26:30 mail postfix/smtpd[11893]: connect from mail-qv1-f50.google.com[ 209.85.219.50] Mar 5 00:26:30 mail postfix/smtpd[11893]: Anonymous TLS connection established from mail-qv1-f50.google.com[209.85.219.50]: TLSv1.3 with cipher TLS_AES_128_GCM _SHA256 (128/128 bits) key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 Mar 5 00:26:30 mail postgrey[8456]: action=pass, reason=client whitelist, clien t_name=mail-qv1-f50.google.com, client_address=209.85.219.50, sender=linda.rhyme [email protected], [email protected] Mar 5 00:26:30 mail postsrsd[11896]: <[email protected]> not reversed: Not an SRS address. Mar 5 00:26:30 mail postsrsd[11896]: <[email protected]> not reversed: Not an SRS address. Mar 5 00:26:30 mail postsrsd[11896]: <[email protected]> forwarded as <SRS [email protected]> Mar 5 00:26:31 mail postfix/smtpd[11893]: 4fRN130SxzzMvn4: client=mail-qv1-f50. google.com[209.85.219.50] Mar 5 00:26:31 mail postsrsd[11898]: <[email protected]> forwarded as <SRS [email protected]> Mar 5 00:26:31 mail postsrsd[11898]: <SRS0=e3+S=BF=gmail.com=linda.rhymes@lafn. org> not rewritten: local domain Mar 5 00:26:31 mail postsrsd[11898]: <[email protected]> not reversed: Not an SRS address. Mar 5 00:26:31 mail postfix/cleanup[11897]: 4fRN130SxzzMvn4: message-id=<CA+quw [email protected]> Mar 5 00:26:35 mail postfix/qmgr[11747]: 4fRN130SxzzMvn4: from=<SRS0=e3+S=BF=gm [email protected]>, size=29021526, nrcpt=1 (queue active) Mar 5 00:26:35 mail postfix/smtpd[11893]: disconnect from mail-qv1-f50.google.c om[209.85.219.50] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=2 quit=1 commands=8 Mar 5 00:26:40 mail postfix/pipe[11900]: 4fRN130SxzzMvn4: to=<[email protected] archive.info>, orig_to=<[email protected]>, relay=dovecot, delay=10, delays=4.9/0.0 2/0/5.3, dsn=2.0.0, status=sent (delivered via dovecot service) Mar 5 00:26:40 mail postfix/qmgr[11747]: 4fRN130SxzzMvn4: removed The doug_aliases file: # Mail System Aliases postmaster doug [email protected] doug [email protected] doug [email protected] doug [email protected] doug [email protected] jeanne [email protected] doug [email protected] doug [email protected] doug [email protected] doug [email protected] doug [email protected] doug [email protected] doug [email protected] doug [email protected] doug A db dump of doug_aliases.db shows the same entries. What is blocking delivery from hosts on my LAN? -- Doug -- Doug _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
