Hi
After years of a smoothly running mail server, my logs are starting to
fill with this error message:
fatal: proxy:mysql:/etc/postfix/mailalias.cf(0,lock|fold_fix): table
lookup problem
I haven't updated anything or changed any configs (in either mysql or
postfix) so I'd appreciate some hints as to how to track this down?
According to mysql postfix is behaving properly (as you'd expect).
+------+---------+-----------+-------+---------+------+-------+------------------+
| Id | User | Host | db | Command | Time | State | Info |
+------+---------+-----------+-------+---------+------+-------+------------------+
| 379 | postfix | localhost | Mail | Sleep | 25 | | NULL
|
So I'm not sure why it thinks there is a lock. I found one stub that
suggested this happened with the mysql.sock was not in the chroot
jail. But as I said, it's been running flawlessly for years, so I
don't forsee that as the issue.
Nevertheless, here's my postconf -n
access_map_reject_code = 550
alias_database = hash:/etc/postfix/aliases
alias_maps = $alias_database
allow_untrusted_routing = no
append_dot_mydomain = no
biff = no
body_checks_size_limit = 51200
bounce_size_limit = 50000
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
debug_peer_level = 1
default_destination_concurrency_limit = 25
disable_vrfy_command = yes
fast_flush_domains = $relay_domains
header_checks = regexp:/etc/postfix/header_checks
header_size_limit = 102400
home_mailbox = Maildir/
inet_interfaces = all
invalid_hostname_reject_code = 501
local_destination_concurrency_limit = 2
local_recipient_maps = proxy:unix:passwd.byname $virtual_alias_maps $alias_maps
mail_spool_directory = /var/spool/mail
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 5120000000
message_size_limit = 20480000
mydestination =
mydomain = perlphreak.net
myhostname = mail.perphreak.net
mynetworks = 127.0.0.0/8
mynetworks_style = host
myorigin = $mydomain
recipient_delimiter = -
reject_code = 550
relay_domains = /etc/postfix/mxbackups
relay_domains_reject_code = 550
relayhost =
smtp_tls_CAfile = /etc/ssl/keys/perlphreak-ca.crt
smtp_tls_cert_file = /etc/ssl/keys/mail.perlphreak.net.crt
smtp_tls_key_file = /etc/ssl/private/mail.perlphreak.net.key
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (Debian/GNU)
smtpd_data_restrictions = sleep 1, reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_limit = 250
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient, permit_sasl_authenticated,
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch, check_helo_access
hash:/etc/postfix/helo_checks, reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
permit_mynetworks, reject_unauth_destination,
reject_unlisted_recipient, check_recipient_access
mysql:/etc/postfix/Mail-Disabled.cf, check_helo_access
hash:/etc/postfix/helo_checks, check_recipient_access
hash:/etc/postfix/laxdomains, check_client_access
hash:/etc/postfix/ip_whitelist, check_sender_access
hash:/etc/postfix/backscatter
check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre,
check_policy_service unix:private/policy-spf, check_policy_service
inet:127.0.0.1:10031, reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = perlphreak.net
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_timeout = 300s
smtpd_tls_CAfile = /etc/ssl/keys/perlphreak-ca.crt
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/keys/mail.perlphreak.net.crt
smtpd_tls_key_file = /etc/ssl/private/mail.perlphreak.net.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
virtual_alias_maps = hash:/etc/postfix/virtual_user_aliases,
proxy:mysql:/etc/postfix/mailalias.cf
virtual_gid_maps = static:115
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = proxy:mysql:/etc/postfix/maildomain.cf
virtual_mailbox_limit = 5000000000
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = mysql:/etc/postfix/Mail-Quota.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps = mysql:/etc/postfix/Mail-Mailbox.cf
virtual_maildir_extended = yes
virtual_maildir_limit_message = "User over quota, try again later"
virtual_minimum_uid = 108
virtual_overquota_bounce = yes
virtual_transport = dovecot
virtual_uid_maps = static:108
The relevant lines from master.cf
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd -v
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_delay_reject=yes
-o receive_override_options=no_address_mappings
-o always_add_missing_headers=yes
-o content_filter=dksign:[127.0.0.1]:10028
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_auth_only=yes
-o
smtpd_recipient_restrictions=reject_non_fqdn_sender,reject_non_fqdn_recipient,permit_sasl_authenticated,reject
Should submission be chrooted? I can't see why it would need to be if
smtp isn't. It is working, but I'm happy to change it if that's the
issue.
Thanks
Simon
