On 2015-08-03 16:16, Viktor Dukhovni wrote:
On Mon, Aug 03, 2015 at 09:48:35AM -0400, Postfix User wrote:
On Mon, 03 Aug 2015 14:52:33 +0200, Istvan Prosinger stated:
Yeah when I took the server for audit, Postfix was dead and couldn't
start -the config file was (and stil is) in mess.
Nevertheless, accepting SMTP is not the issue at this moment.
The issue is that it seems to be disregarding the policy check.
I have even precompiled it from source yesterday, thinking that it might
be damaged, but no effect...
I assume you have read everything at
http://www.postfix.org/DEBUG_README.html#mail
Might I suggest you provide output from the postfinger tool. This can
be found
at http://ftp.wl0.org/SOURCES/postfinger.
Also post the output of:
ps -o pid,command -p $(pgrep -x master)
along with the output of:
strings $command | grep /postfix
where $command is the full pathname of the master executable
reported running by ps. If you can examine the process environment
via /proc or by other means, also report the value of the MAIL_CONFIG
environment variable of the master process.
Here goes:
[root@top ~]# ./postfinger
postfinger - postfix configuration on Wed Aug 5 02:41:25 MDT 2015
version: 1.30
Warning: postfinger output may show private configuration information,
such as ip addresses and/or domain names which you do not want to show
to the public. If this is the case it is your responsibility to modify
the output to hide this private information. [Remove this warning with
the --nowarn option.]
--System Parameters--
mail_version = 3.0.2
hostname = top.tesspot.com
uname = Linux top.tesspot.com 3.10.0-229.7.2.el7.x86_64 #1 SMP Tue Jun
23 22:06:11 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
--Packaging information--
looks like this postfix comes from RPM package:
postfix-2.10.1-6.el7.x86_64
--main.cf non-default parameters--
alias_maps = hash:/etc/aliases
allow_percent_hack = no
broken_sasl_auth_clients = yes
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id sleep 5
home_mailbox = Maildir/
inet_protocols = ipv4
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost,
top.tesspot.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sender_bcc_maps = hash:/etc/postfix/bcc
sendmail_path = /usr/sbin/sendmail.postfix
smtpd_end_of_data_restrictions = check_policy_service
inet:127.0.0.1:10031
smtpd_recipient_restrictions = check_policy_service
inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual
--master.cf--
smtpinetn - n - - smtpd -o
smtpd_sasl_auth_enable=yes
smtps inetn - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickupunix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgrunix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounceunix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verifyunix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix -