Re: submission port woes
On 13/10/15 04:41, Viktor Dukhovni wrote: > On Tue, Oct 13, 2015 at 02:11:59AM +0100, niya levi wrote: > >> I can connect to smtpd and SASL with TLS on port 25, >> but port 587 only responds with connected, then hangs >> for a while, then quits without any certificate activity. >> Is my submission section in master.cf incorrect? > Perhaps, but you're not using it. > >> (port 587) >> >> Oct 13 00:51:07 testy postfix/smtps/smtpd[23482]: connect from >> testy.tissisat.co.uk[10.2.1.10] >> Oct 13 00:51:24 testy postfix/smtps/smtpd[23482]: SSL_accept error from >> testy.tissisat.co.uk[10.2.1.10]: lost connection >> Oct 13 00:51:24 testy postfix/smtps/smtpd[23482]: lost connection after >> CONNECT from testy.tissisat.co.uk[10.2.1.10] >> Oct 13 00:51:24 testy postfix/smtps/smtpd[23482]: disconnect from >> testy.tissisat.co.uk[10.2.1.10] commands=0/0 > This service is using "wrapper mode" (fails SSL_accept right after > connect), and its syslog_name is "postfix/smtps". > >> nano /etc/postfix/master.cf >> # == >> # service type private unpriv chroot wakeup maxproc command + args >> # (yes) (yes) (yes) (never) (100) >> # == >> smtp inet n - n - - smtpd >> smtp inet n - n - - smtpd > You probably don't need two of these. > >> submission inet n - n - - smtpd >> -o syslog_name=postfix/submission >> -o smtpd_tls_security_level=encrypt >> -o smtpd_sasl_auth_enable=yes >> -o smtpd_reject_unlisted_recipient=no >> -o smtpd_sasl_security_options=noanonymous >> -o smtpd_sasl_local_domain=testy.tissisat.co.uk >> -o smtpd_client_restrictions=permit_sasl_authenticated,reject >> -o smtpd_sender_login_maps=proxy:pgsql:/etc/postfix/pgsql-boxes.cf >> -o >> smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,permit_mynetwo$ >> -o smtpd_sasl_tls_security_options=noanonymous >> -o smtpd_sasl_type=dovecot >> -o smtpd_sasl_path=private/auth >> -o milter_macro_daemon_name=ORIGINATING > This master.cf definition does not enable wrapper mode, and its > syslog_name is postfix/submission. > > So the logs you posted are for some other service (perhaps port > 465, not shown in your master.cf extract). > Hi Victor thanks for your reply the two smtp lines is a cut and paste error , there is only one line, after you mentioned wrapper mode and the syslog name i figured out the problem i had the following in master.cf # smtps inet n - n - - smtpd -v -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=no -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=testy.tissisat.co.uk -o smtpd_sender_login_maps=proxy:pgsql:/etc/postfix/pgsql-boxes.cf -o smtpd_sender_restrictions=reject_sender_login_mismatch -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_recipient,reject_unknown_recipient_dom$ -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_tls_security_options=noanonymous -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o milter_macro_daemon_name=ORIGINATING after removing the whole section, submission now works, i was under the impression that commenting the first line commented out the options also. thanks again shadrock
submission port woes
hi everyone i can connect to smtpd and sasl with tls on port 25 but port 587 only responds with connected then hangs for a while then quits without any certificate activity. is my submission section in master.cf incorrect ? [root@testy worker]# openssl s_client -starttls smtp -connect testy.tissisat.co.uk:25 CONNECTED(0003) depth=1 C = UK, ST = UK, L = Nottingham, O = tissisat, OU = hq, CN = tissisat CA, name = Tissisat, emailAddress = n...@tissisat.co.uk verify error:num=19:self signed certificate in certificate chain --- Certificate chain 0 s:/C=UK/ST=UK/L=Nottingham/O=tissisat/OU=hq/CN=testy.tissisat.co.uk/name=Tissisat/emailAddress=n...@tissisat.co.uk i:/C=UK/ST=UK/L=Nottingham/O=tissisat/OU=hq/CN=tissisat CA/name=Tissisat/emailAddress=n...@tissisat.co.uk 1 s:/C=UK/ST=UK/L=Nottingham/O=tissisat/OU=hq/CN=tissisat CA/name=Tissisat/emailAddress=n...@tissisat.co.uk i:/C=UK/ST=UK/L=Nottingham/O=tissisat/OU=hq/CN=tissisat CA/name=Tissisat/emailAddress=n...@tissisat.co.uk --- Server certificate -BEGIN CERTIFICATE- MIIFEzCCA/ugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCVUsx CzAJBgNVBAgTAlVLMRMwEQYDVQQHEwpOb3R0aW5naGFtMREwDwYDVQQKEwh0aXNz aXNhdDELMAkGA1UECxMCaHExFDASBgNVBAMTC3Rpc3Npc2F0IENBMREwDwYDVQQp EwhUaXNzaXNhdDEiMCAGCSqGSIb3DQEJARYTbml5YUB0aXNzaXNhdC5jby51azAe Fw0xNTEwMTIxMDExMzZaFw0yNTEwMDkxMDExMzZaMIGlMQswCQYDVQQGEwJVSzEL MAkGA1UECBMCVUsxEzARBgNVBAcTCk5vdHRpbmdoYW0xETAPBgNVBAoTCHRpc3Np c2F0MQswCQYDVQQLEwJocTEdMBsGA1UEAxMUdGVzdHkudGlzc2lzYXQuY28udWsx ETAPBgNVBCkTCFRpc3Npc2F0MSIwIAYJKoZIhvcNAQkBFhNuaXlhQHRpc3Npc2F0 LmNvLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrO9EhaBlneb +Cw9+uHcjJLdDlULw0xABdA0kMczL0tYu9icnIgPKbHheHTOWJIzik4y6MIokJJT 0BXgZUyW9pyqe7Sh6xsD+hG04SW6rHQ/PgEaqPZymYFzFo7anbMCDVrTuGByaBbY bFlBKvjUigXOCDNl+YMRDyXF/Rl1RoHfxbxhtRF5uHQcsxa1yNBm9OImiQdTfPpy zqUD/9eBQloECetX8zYhHstZIUMrSXX3eNQH7zJdnia/DTyC1gxFTeD8uJCPy3XC taaoBCln5dn+DlmMa4KYH5V/IeQ0t2zpuQAS3nmGpObYs5k54x7YuTLZi2iyY7z/ 6KkksWigswIDAQABo4IBUzCCAU8wCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYe RWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSZtwljwGpd LlPc9JF3C1iAc4TdFjCB0QYDVR0jBIHJMIHGgBR7WJOIihMY+aI70RnunW4V8pJq KaGBoqSBnzCBnDELMAkGA1UEBhMCVUsxCzAJBgNVBAgTAlVLMRMwEQYDVQQHEwpO b3R0aW5naGFtMREwDwYDVQQKEwh0aXNzaXNhdDELMAkGA1UECxMCaHExFDASBgNV BAMTC3Rpc3Npc2F0IENBMREwDwYDVQQpEwhUaXNzaXNhdDEiMCAGCSqGSIb3DQEJ ARYTbml5YUB0aXNzaXNhdC5jby51a4IJAOYX/JigH7gdMBMGA1UdJQQMMAoGCCsG AQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAWDJ4/FAFY6+n DgMkTfM/vrjyhrgOm4vWCS7HePeZPzPXqGK1HZ5ZcZL5w2SHgrN9r03Ai9mIJtP2 vjjpMBAMdeG/ePJOR3K+o0s6efJBgcCO4XwG8g9lYLbcfClmP5zvGC6nic3HbSIB feV5QrErDe2zUKK33U1ErLRC9Jjr3q6oinbzgYFu2tDuC9/mIcnQ1oa8Hyi3UfX7 qEsBuBVzhog2wU3zkhZyi+IKHAUILEj1zDQBhaeZBr8NGbiJbbgIkO3p7OOvy6Sv EwnmVw0yH5+5n1IeaxFTrZBSiJTKrnEu7lhSXeMrPDBHIEcfVmt82lYiyoAyp+1R gVGqnrMleg== -END CERTIFICATE- subject=/C=UK/ST=UK/L=Nottingham/O=tissisat/OU=hq/CN=testy.tissisat.co.uk/name=Tissisat/emailAddress=n...@tissisat.co.uk issuer=/C=UK/ST=UK/L=Nottingham/O=tissisat/OU=hq/CN=tissisat CA/name=Tissisat/emailAddress=n...@tissisat.co.uk --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3485 bytes and written 488 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 6E4020BD2EEC00C0B2BBE5949B4BCEF4CE85ED5DAAAB2090E070F1D81867C6BD Session-ID-ctx: Master-Key: F9C12FC0E28408293436FBEC1407D6A629522C7E2ABFD094400AB44E62EAEC0BDE33A116811560F035FA8AE30E603821 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: - d6 4f 5f 0d 92 62 6c 18-85 b7 11 50 1e 28 54 f8 .O_..blP.(T. 0010 - 1a 4f 50 a5 ce 72 65 fe-f7 51 4c f1 aa 6b bd 6a .OP..re..QL..k.j 0020 - 90 73 50 bb 2d 88 7b 6e-a0 48 ec 01 7d 7d e9 20 .sP.-.{n.H..}}. 0030 - aa 29 d2 9b bc 86 a2 e3-e1 80 23 ac 52 0f 7f df .)#.R... 0040 - fe d9 d5 2c 52 dc 15 8b-2a 9f f8 a8 54 79 ba 25 ...,R...*...Ty.% 0050 - 8e 15 a1 05 02 6f af 1b-d1 83 48 dd 01 11 25 ef .oH...%. 0060 - ec 95 20 52 36 ed 82 ca-f9 28 5e 6b 15 1e 26 c4 .. R6(^k..&. 0070 - b5 b4 ce 3a f5 43 8d 00-70 36 c9 33 e7 08 63 0b ...:.C..p6.3..c. 0080 - 1a d3 e2 51 95 11 cd 9d-e5 91 dc 06 27 20 4f dd ...Q' O. 0090 - 9f 94 42 cf 19 46 24 6d-63 a6 52 9a c2 ae 0d 78 ..B..F$mc.Rx 00a0 - 04 e1 a7 4b 54 29 f5 1b-b0 e7 48 f8 7e 1e 70 74 ...KT)H.~.pt Compression: 1 (zlib compression) Start Time: 1444691377 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- 250 SMTPUTF8 ehlo testy 250-testy.tissisat.co.uk
no SASL authentication mechanisms
hi everyone i have postfix dovecot and postgresql installed on arch linux, the server delivers mail correctly without sasl enabled when i setup and enable sasl and telnet from localhost or from a remote connection i get 'Connection closed by foreign host' immediately and i get in the logs no SASL authentication mechanisms these are my configuration files and logs. nano /etc/dovecot/dovecot.conf disable_plaintext_auth = no mail_privileged_group = vmail log_timestamp = "%Y-%m-%d %H:%M:%S " log_path = /var/log/dovecot.log # enables logging all failed authentication attempts. # auth_verbose=yes # enables all authentication debug logging (also enables auth_verbose). Passwords are logged as . # auth_debug=yes # does everything that auth_debug=yes does, but it also removes password hiding. auth_debug_passwords=yes # enables all kinds of mail related debug logging, such as showing where Dovecot is looking for mails. mail_debug=yes # enables logging SSL errors and warnings. Even without this setting if connection is closed because of an SSL error, the error is logged as the disconnection reason (v1.1+) # verbose_ssl=yes passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocols = "pop3 imap lmtp" protocol imap { mail_plugins = " autocreate" } plugin { autocreate = Trash autocreate2 = Sent autosubscribe = Trash autosubscribe2 = Sent } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } protocol lmtp { postmaster_address=postmas...@testy.tissisat.co.uk hostname=testy.tissisat.co.uk info_log_path = /var/log/dovecot-lmtp.log } ssl_cert = localhost.localdomain[127.0.0.1]: 220 testy.tissisat.co.uk ESMTP Postfix Oct 11 10:45:43 testy postfix/smtpd[16760]: xsasl_dovecot_server_create: SASL service=smtp, realm=testy.tissisat.co.uk Oct 11 10:45:43 testy postfix/smtpd[16760]: name_mask: noanonymous Oct 11 10:45:43 testy postfix/smtpd[16760]: name_mask: noplaintext Oct 11 10:45:43 testy postfix/smtpd[16760]: xsasl_dovecot_server_connect: Connecting Oct 11 10:45:43 testy postfix/smtpd[16760]: xsasl_dovecot_server_connect: auth reply: VERSION?1?1 Oct 11 10:45:43 testy postfix/smtpd[16760]: xsasl_dovecot_server_connect: auth reply: MECH?PLAIN?plaintext Oct 11 10:45:43 testy postfix/smtpd[16760]: name_mask: plaintext Oct 11 10:45:43 testy postfix/smtpd[16760]: xsasl_dovecot_server_connect: auth reply: MECH?LOGIN?plaintext Oct 11 10:45:43 testy postfix/smtpd[16760]: name_mask: plaintext Oct 11 10:45:43 testy postfix/smtpd[16760]: xsasl_dovecot_server_connect: auth reply: SPID?16763 Oct 11 10:45:43 testy postfix/smtpd[16760]: xsasl_dovecot_server_connect: auth reply: CUID?1 Oct 11 10:45:43 testy postfix/smtpd[16760]: xsasl_dovecot_server_connect: auth reply: COOKIE?5144cccf9d947e85a107922ec961648c Oct 11 10:45:43 testy postfix/smtpd[16760]: xsasl_dovecot_server_connect: auth reply: DONE Oct 11 10:45:43 testy postfix/smtpd[16760]: xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN Oct 11 10:45:43 testy postfix/smtpd[16760]: xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN Oct 11 10:45:43 testy postfix/smtpd[16760]: fatal: no SASL authentication mechanisms Oct 11 10:45:44 testy postfix/master[396]: warning: process /usr/lib/postfix/bin/smtpd pid 16760 exit status 1 Oct 11 10:45:44 testy postfix/master[396]: warning: /usr/lib/postfix/bin/smtpd: bad command startup -- throttling Shadrock
Re: no SASL authentication mechanisms
On 11/10/15 11:49, Patrick Ben Koetter wrote: > * niya levi <niyal...@gmail.com>: >> nano /etc/dovecot/dovecot.conf >> >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0666 >> user = postfix >> } >> } > No reason to let others read auth data. Make that: > > mode = 0660 > >> postconf -n >> broken_sasl_auth_clients = yes >> >> >> myorigin = $myhostname >> smtpd_sasl_auth_enable = yes >> smtpd_sasl_exceptions_networks = $mynetworks >> smtpd_sasl_local_domain = $myhostname >> smtpd_sasl_path = private/auth >> smtpd_sasl_security_options = noanonymous noplaintext > That's the problem. Your dovecot server only annouces PLAIN as auth mechanism > (by default). Modify the smtpd_sasl_security_options like this: > > smtpd_sasl_security_options = noanonymous > > Then try again. > > I suggest to configure your mail server to offer SMTP AUTH on submission (587) > only. Enforce TLS on the submission port and PLAIN will be safe to use. > > p@rick > >> Oct 11 10:45:43 testy postfix/smtpd[16760]: >> xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN >> Oct 11 10:45:43 testy postfix/smtpd[16760]: >> xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN >> Oct 11 10:45:43 testy postfix/smtpd[16760]: fatal: no SASL authentication >> mechanisms thanks p@rick have corrected smtpd_sasl_security_options. > I suggest to configure your mail server to offer SMTP AUTH on submission (587) > only. Enforce TLS on the submission port and PLAIN will be safe to use. should i change smtpd_sasl_auth_enable = yes to no in main.cf move the rest of the sasl entries in main.cf yo master.cf and change the smtpd_tls_auth_only in the submission section in master.cf to yes ? shadrock
Re: no SASL authentication mechanisms
On 11/10/15 15:57, Patrick Ben Koetter wrote: > * niya levi <niyal...@gmail.com>: >> >> On 11/10/15 11:49, Patrick Ben Koetter wrote: >>> * niya levi <niyal...@gmail.com>: >>>> nano /etc/dovecot/dovecot.conf >>>> >>>> service auth { >>>> unix_listener /var/spool/postfix/private/auth { >>>> group = postfix >>>> mode = 0666 >>>> user = postfix >>>> } >>>> } >>> No reason to let others read auth data. Make that: >>> >>> mode = 0660 >>> >>>> postconf -n >>>> broken_sasl_auth_clients = yes >>>> >>>> >>>> myorigin = $myhostname >>>> smtpd_sasl_auth_enable = yes >>>> smtpd_sasl_exceptions_networks = $mynetworks >>>> smtpd_sasl_local_domain = $myhostname >>>> smtpd_sasl_path = private/auth >>>> smtpd_sasl_security_options = noanonymous noplaintext >>> That's the problem. Your dovecot server only annouces PLAIN as auth >>> mechanism >>> (by default). Modify the smtpd_sasl_security_options like this: >>> >>> smtpd_sasl_security_options = noanonymous >>> >>> Then try again. >>> >>> I suggest to configure your mail server to offer SMTP AUTH on submission >>> (587) >>> only. Enforce TLS on the submission port and PLAIN will be safe to use. >>> >>> p@rick >>> >>>> Oct 11 10:45:43 testy postfix/smtpd[16760]: >>>> xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN >>>> Oct 11 10:45:43 testy postfix/smtpd[16760]: >>>> xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN >>>> Oct 11 10:45:43 testy postfix/smtpd[16760]: fatal: no SASL authentication >>>> mechanisms >> thanks p@rick >> have corrected smtpd_sasl_security_options. >>> I suggest to configure your mail server to offer SMTP AUTH on submission >>> (587) >>> only. Enforce TLS on the submission port and PLAIN will be safe to use. >> should i change smtpd_sasl_auth_enable = yes to no in main.cf >> move the rest of the sasl entries in main.cf yo master.cf > Leave all settings in main.cf and disable smtpd_sasl_auth_enable in main.cf. > Then turn it on in master.cf in context of the submission service. > >> and change the smtpd_tls_auth_only in the submission section in >> master.cf to yes ? > yep. > > p@rick > > many thanks Patrick
re:postgresql table does not exist error
> Date: From: Subject: [none] hi everyone i have installed and > configured postgresql postfix and dovecot on arch linux the database > called mail has this table and is owned by mailreader CREATE TABLE > "al" ( alias text NOT NULL, email text NOT NULL ); the postfix file > (/etc/postfix/pgsql-aliases.cf) has this hosts = /run/postgresql/ user > = mailreader dbname = mail query = SELECT alias FROM "al" WHERE > email='%s' (postgresql log file) ERROR: relation "al" does not exist > at character STATEMENT: SELECT alias FROM "al" WHERE > email='ivy.tissisat.co.uk' (postfix log) Oct 05 18:19:33 testy > postfix/smtpd[801]: connect from localhost.localdomain[127.0.0.1] Oct > 05 18:20:21 testy postfix/proxymap[802]: warning: pgsql query failed: > fatal error from host /run/postgresql: ERROR: relation "al" does not > exist?LINE 1: SELECT alias FROM "al" WHERE email='ivy.tissi Oct 05 > 18:20:21 testy postfix/trivial-rewrite[805]: warning: > virtual_alias_domains: proxy:pgsql:/etc/postfix/pgsql-aliases.cf: > table lookup problem Oct 05 18:20:21 testy > postfix/trivial-rewrite[805]: warning: virtual_alias_domains lookup > failure Oct 05 18:21:07 testy postfix/trivial-rewrite[805]: warning: > virtual_alias_domains: proxy:pgsql:/etc/postfix/pgsql-aliases.cf: > table lookup problem Oct 05 18:21:07 testy > postfix/trivial-rewrite[805]: warning: virtual_alias_domains lookup > failure Oct 05 18:21:07 testy postfix/smtpd[801]: NOQUEUE: reject: > RCPT from localhost.localdomain[127.0.0.1]: 451 4.3.0 >: Temporary lookup failure; > from=3D to=3D > proto=3DESMTP helo=3D Oct 05 18:26:07 testy postfix/smtpd[801]: > timeout after RCPT from localhost.localdomain[127.0.0.1] Oct 05 > 18:26:07 testy postfix/smtpd[801]: disconnect from > localhost.localdomain[127.0.0.1] ehlo=3D1 mail=3D1 rcpt=3D0/1 > commands=3D= 2/3 i have read about quoting and case folding in > postgresql my original table name and references to it was in lower > case and without quotes so i recreated a new table with name lowercase > characters with quotes and referenced the table with quotes and i > still have the same errors. i also changed the host line to localhost > in /etc/postfix/pgsql-aliases.cf and the error still occurs any > sugestions what the problem might be ? shadrock > -- Date: From: Subject: [none] Hi, >> the postfix file (/etc/postfix/pgsql-aliases.cf) has this >> >>hosts = /run/postgresql/ > You should specify the socket to use. > > From http://www.postfix.org/pgsql_table.5.html > > hosts > The hosts that Postfix will try to connect to and query from. Specify unix: > for UNIX-domain sockets, inet: for TCP connections (default). Example: > hosts = host1.some.domain host2.some.domain:port > hosts = unix:/file/name > The hosts are tried in random order, with all connections over UNIX domain > sockets being tried before those over TCP. The connections are automatically > closed after being idle for about 1 minute, and are re-opened as necessary. > NOTE: the unix: and inet: prefixes are accepted for backwards compatibility > reasons, but are actually ignored. > The PostgreSQL client library will always try to connect to an UNIX socket if > the name starts with a slash, and will try a TCP connection otherwise. > >>user = mailreader >>dbname = mail >>query = SELECT alias FROM "al" WHERE email='%s' > Regards > - christian hi christian thanks for the reply i have fixed the error, it was a database problem , i removed the tables then recreated them and the error cleared, as a side note your suggestion about the hosts line entry is incorrect the socket name is automatically appended when the socket directory is specified else it will throw an error asking if the database is running and listening on localhost so no need to add the socket name. thanks again. shadrock
postgresql table does not exist error
hi everyone i have installed and configured postgresql postfix and dovecot on arch linux the database called mail has this table and is owned by mailreader CREATE TABLE "al" ( alias text NOT NULL, email text NOT NULL ); the postfix file (/etc/postfix/pgsql-aliases.cf) has this hosts = /run/postgresql/ user = mailreader dbname = mail query = SELECT alias FROM "al" WHERE email='%s' (postgresql log file) ERROR: relation "al" does not exist at character 19 STATEMENT: SELECT alias FROM "al" WHERE email='ivy.tissisat.co.uk' (postfix log) Oct 05 18:19:33 testy postfix/smtpd[801]: connect from localhost.localdomain[127.0.0.1] Oct 05 18:20:21 testy postfix/proxymap[802]: warning: pgsql query failed: fatal error from host /run/postgresql: ERROR: relation "al" does not exist?LINE 1: SELECT alias FROM "al" WHERE email='ivy.tissi Oct 05 18:20:21 testy postfix/trivial-rewrite[805]: warning: virtual_alias_domains: proxy:pgsql:/etc/postfix/pgsql-aliases.cf: table lookup problem Oct 05 18:20:21 testy postfix/trivial-rewrite[805]: warning: virtual_alias_domains lookup failure Oct 05 18:21:07 testy postfix/trivial-rewrite[805]: warning: virtual_alias_domains: proxy:pgsql:/etc/postfix/pgsql-aliases.cf: table lookup problem Oct 05 18:21:07 testy postfix/trivial-rewrite[805]: warning: virtual_alias_domains lookup failure Oct 05 18:21:07 testy postfix/smtpd[801]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 451 4.3.0: Temporary lookup failure; from= to= proto=ESMTP helo= Oct 05 18:26:07 testy postfix/smtpd[801]: timeout after RCPT from localhost.localdomain[127.0.0.1] Oct 05 18:26:07 testy postfix/smtpd[801]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 mail=1 rcpt=0/1 commands=2/3 i have read about quoting and case folding in postgresql my original table name and references to it was in lower case and without quotes so i recreated a new table with name lowercase characters with quotes and referenced the table with quotes and i still have the same errors. i also changed the host line to localhost in /etc/postfix/pgsql-aliases.cf and the error still occurs any sugestions what the problem might be ? shadrock