Re: Temporary Lookup Failure

On 29 Aug 2020, at 07:17, Viktor Dukhovni  wrote:
> On Sat, Aug 29, 2020 at 06:16:27AM -0600, @lbutlr wrote:
> 
>> After updating Bind and dovecot and rebooting the server, I am getting these 
>> errors on almost every incoming mail.
>> Bind is running, and I can manually lookup the domains and dig -x the IPs, 
>> so I don’t think bind is the issue?
> 
> Red herrings.
> 
> 
>> Aug 29 01:30:13 mail.covisp.net postfix/smtpd[40178] 4Bdp5d3gF5z36j0y:
>> reject: RCPT from mx2.freebsd.org[96.47.72.81]: 451 4.3.0
>> : Temporary lookup failure;
>> from= to=
>> proto=ESMTP helo=
> 
> Who said the lookup failure is a DNS problem?  More likely some table
> driver no longer works after the upgrade, or other similar resource.
> 
> The real error is earlier in the logs.

The previous line is mostly the same, only it says permit. I posted all the 
lines for the given QID.Looking at the logs for other errors the only thing I 
see is that occasionally (but far less than the number of lookup errors) was 
"(address resolver failure)" and ,mysql connection issues when I was stopping 
the various services. And to was not just freebsd.org that failed, it was most 
things.

After several hours last night and this morning with a trickle of mail coming 
in and several reboots I finally got it working with a manual shutdown of all 
the related services, a removal of several ancillary ports (spamassin, etc) and 
rebuilding those ports. And then manually starting the services back up. 
Nothing showed as an out of date port, but spamassasin, at least, showed 
something that was updated instead of installed.

Haven’t gotten a recourance in just about an hour.

Still don't know what the cause was and find it rather concerning because of 
the reboots. 

When I can get there in person, I'll reboot again and see if all comes back up 
this time.



-- 
Bowling scores are way up, minigolf scores are way down, and we have
more excellent waterslides than any other planet we communicate
with

Re: Checking from-addresses on outbound mail

[Nick]

On 2020-08-09 21:52 BST, Ansgar Wiechers wrote:
> On 2020-08-09 Nick wrote:
> > For mail sent via submission it's possible to prevent a forged
> > mail-from, by using options on the submission service in master.cf.
> > 
> > It's also possible to prevent a forged header-from, by using a
> > submission-specific cleanup service, as in the BUILTIN_FILTER_README.
> > 
> > But these don't work for mail originating locally via the sendmail
> > command.  What does work for that?
> 
> Nothing. The sendmail command submits mail via pickup, i.e. puts it as a
> file into a particular directory from which the pickup daemon then reads
> the file. The usual filters don't apply to that.
> 
> What you can do is disable pickup entirely so that even local users are
> required to submit mail via SMTP (on localhost).

Thanks.  I have an idea which is probably infeasible...

In the OVERVIEW document, the path for local sendmail is shown as

  sendmail(1) -> postdrop(1) -> maildrop -> pickup(8) -> cleanup(8) ->
  incoming

I would like to have a postconf(5) parameter such as
"local_via_submission = yes" which changes that path to something like

  sendmail(1) -> postdrop(1) -> maildrop -> pickup(8) -> smtpd(8) ->
  cleanup(8) -> incoming

where the smtpd(8) process is the submission service.  Since postfix
already knows who submitted the mail, smtpd regards it as already
authenticated in this case.  The locally submitted mail now has the
benefit of all the usual filters available to smtpd.

Perhaps I could have that in time for Christmas?

Thanks,
-- 
Nick

mynetworks equivalent for sender address

[dave]

Hi,

Here is my problem. I have a Raspberry running in my home network, and I 
want it to be able to send me email. I set up a send only postfix on it 
and that works fine. The email that arrives on my email server fails a 
couple of tests  - domain not found and need FQDN.


The email is from root@raspberrypi.

Obviously I could change that, but I don't think I could get it to a 
proper domain and FQDN, and I'd rather not if I can avoid it. The IP 
address it arrives from is random as it's sometimes through a VPN.


I have full control of the email server, which is a latest standard 
Debian/postfix/dovecot set up.


So what I'm looking for is the easiest way of accepting that email, 
while staying pretty secure. I could update the sending domain to be 
some random unguessable string.


There appear to be some ways that might work (TLS fingerprint of the 
client sort of stuff?)


A simple equivalent of mynetworks, but for a from address rather than an 
IP/network would be ideal.


Thanks in advance for any suggestions.

regards

Dave

Re: mynetworks equivalent for sender address

[Nick]

On 2020-08-30 18:08 BST, dave wrote:
> So what I'm looking for is the easiest way of accepting that email,
> while staying pretty secure.

>From your home machine, send mail to the server's submission port and
with authentication, as in
.

HTH,
-- 
Nick

Re: mynetworks equivalent for sender address

[dave]

Great, thanks. Do I need the "enabling DSASL authion postfix client 
section, or configure sender dependent SASL. And do I need to use 
relayhosts?


thanks

Dave


On 30/08/2020 18:24, Nick wrote:

On 2020-08-30 18:08 BST, dave wrote:

So what I'm looking for is the easiest way of accepting that email,
while staying pretty secure.

 From your home machine, send mail to the server's submission port and
with authentication, as in
.

HTH,

postfix not listening on 25/587

[Doug Denault]

I am upgrading from postfix-2.8.7,1 and cyrus-imapd-2.3.18 to 
postfix-3.5.6,1 and cyrus-imapd30-3.0.14. The old system uses sasldb 
authentication, the new one MySQL. This is on FreeBSD.


I have compared the conf files on two addition postfix systems and can see 
no differences of consequence. I am not sure which files or parts thereof 
to show. I am kind of surprised postfix can be encouraged not to listen on 
these ports. I am quite lost and can supply whatever information that will 
help anyone with a idea on how I messed this up.


_
Douglas Denault
http://www.safeport.com
d...@safeport.com
Voice: 301-217-9220
  Fax: 301-217-9277

Re: postfix not listening on 25/587

[Noel Jones]

On 8/30/2020 2:57 PM, Doug Denault wrote:
I am upgrading from postfix-2.8.7,1 and cyrus-imapd-2.3.18 to 
postfix-3.5.6,1 and cyrus-imapd30-3.0.14. The old system uses sasldb 
authentication, the new one MySQL. This is on FreeBSD.


I have compared the conf files on two addition postfix systems and 
can see no differences of consequence. I am not sure which files or 
parts thereof to show. I am kind of surprised postfix can be 
encouraged not to listen on these ports. I am quite lost and can 
supply whatever information that will help anyone with a idea on how 
I messed this up.


_
Douglas Denault
http://www.safeport.com
d...@safeport.com
Voice: 301-217-9220
   Fax: 301-217-9277



Likely is postfix is failing to start, with clues in the logfile.
http://www.postfix.org/DEBUG_README.html#logging

If you need to ask for further help:
http://www.postfix.org/DEBUG_README.html#mail



  -- Noel Jones

Re: mynetworks equivalent for sender address

[Viktor Dukhovni]

On Sun, Aug 30, 2020 at 06:08:36PM +0100, dave wrote:

> A simple equivalent of mynetworks, but for a from address rather than an 
> IP/network would be ideal.

There is, for good reason, no relay authorisation based on sender
address, because unlike a source IP address on your network (which is
difficult to forge with TCP) without being on your network, a sender
address is trivially forged by just using it.  Sender addresses are
neither secret not difficult to forge.

Thus permit_mynetworks (and thus mynetworks) is a thing, but there
is no permit_sender_domain (nor thus mydomains).

-- 
Viktor.

Re: Checking from-addresses on outbound mail

[Wietse Venema]

Nick:
> I would like to have a postconf(5) parameter such as
> "local_via_submission = yes" which changes that path to something like
> 
>   sendmail(1) -> postdrop(1) -> maildrop -> pickup(8) -> smtpd(8) ->
>   cleanup(8) -> incoming

And HOW THE HELL is that supposed to work when Postfix is not up
(not yet started, down for maintenance, or whatever).

Wietse

Re: Checking from-addresses on outbound mail

[Nick]

On 2020-08-30 21:30 BST, Wietse Venema wrote:
> Nick:
> > I would like to have a postconf(5) parameter such as
> > "local_via_submission = yes" which changes that path to something like
> > 
> >   sendmail(1) -> postdrop(1) -> maildrop -> pickup(8) -> smtpd(8) ->
> >   cleanup(8) -> incoming
> 
> And HOW THE HELL is that supposed to work when Postfix is not up
> (not yet started, down for maintenance, or whatever).

I'm sensing a slight reluctance but will plough on...

In that case pickup is also not running, so the mail stays in maildrop.
Isn't that what happens now?
-- 
Nick

Re: Checking from-addresses on outbound mail

[Wietse Venema]

Nick:
> On 2020-08-30 21:30 BST, Wietse Venema wrote:
> > Nick:
> > > I would like to have a postconf(5) parameter such as
> > > "local_via_submission = yes" which changes that path to something like
> > > 
> > >   sendmail(1) -> postdrop(1) -> maildrop -> pickup(8) -> smtpd(8) ->
> > >   cleanup(8) -> incoming
> > 
> > And HOW THE HELL is that supposed to work when Postfix is not up
> > (not yet started, down for maintenance, or whatever).
> 
> I'm sensing a slight reluctance but will plough on...
> 
> In that case pickup is also not running, so the mail stays in maildrop.
> Isn't that what happens now?

An SMTP client in the pickup daemon? How shall the pickup daemon
send a non-delivery notification to the sender?

Wietse

Re: Checking from-addresses on outbound mail

[Peter]

On 31/08/20 4:58 am, Nick wrote:

On 2020-08-09 21:52 BST, Ansgar Wiechers wrote:

On 2020-08-09 Nick wrote:

For mail sent via submission it's possible to prevent a forged
mail-from, by using options on the submission service in master.cf.

It's also possible to prevent a forged header-from, by using a
submission-specific cleanup service, as in the BUILTIN_FILTER_README.

But these don't work for mail originating locally via the sendmail
command.  What does work for that?


Nothing. The sendmail command submits mail via pickup, i.e. puts it as a
file into a particular directory from which the pickup daemon then reads
the file. The usual filters don't apply to that.

What you can do is disable pickup entirely so that even local users are
required to submit mail via SMTP (on localhost).


Thanks.  I have an idea which is probably infeasible...

In the OVERVIEW document, the path for local sendmail is shown as

   sendmail(1) -> postdrop(1) -> maildrop -> pickup(8) -> cleanup(8) ->
   incoming

I would like to have a postconf(5) parameter such as
"local_via_submission = yes" which changes that path to something like


Just grab a copy of msmtp and have it submit to the localhost submission 
service.  Use the sendmail binary from msmtp instead of postfix's 
sendmail binary.



Peter

Re: Checking from-addresses on outbound mail

[Viktor Dukhovni]

On Sun, Aug 30, 2020 at 05:58:01PM +0100, Nick wrote:

> I would like to have a postconf(5) parameter such as
> "local_via_submission = yes" which changes that path to something like
> 
>   sendmail(1) -> postdrop(1) -> maildrop -> pickup(8) -> smtpd(8) ->
>   cleanup(8) -> incoming

Sorry, that's not possible, but see:

http://www.postfix.org/MULTI_INSTANCE_README.html
http://www.postfix.org/MULTI_INSTANCE_README.html#split

for a way to separate local submission from outbound mail processing,
even on an SMTP relay.  Keep in mind however, that SASL authentication
of each user will not be possible, the user is long gone by the time
the null-client instance is using SMTP to forward the mail.

All you can do is parse the "uid" out of the "Received:" header added by
"pickup", and apply whatever policy is appropriate to the rest of the
message.

-- 
Viktor.

Re: Checking from-addresses on outbound mail

[Nick]

On 2020-08-30 21:55 BST, Wietse Venema wrote:
> An SMTP client in the pickup daemon? How shall the pickup daemon send
> a non-delivery notification to the sender?

It looks like we're one objection down!  Can I make it two...

The pickup daemon doesn't, the mail goes into the hold queue.  It's then
for the postmaster to check what's going on.  If the mail's from-address
is forged, which is my concern in this thread, then it's better that no
non-delivery notification is attempted.

Thank you for your attention to my question, this is more than I had
expected.
-- 
Nick

Re: Checking from-addresses on outbound mail

[Wietse Venema]

Wietse Venema:
> Nick:
> > On 2020-08-30 21:30 BST, Wietse Venema wrote:
> > > Nick:
> > > > I would like to have a postconf(5) parameter such as
> > > > "local_via_submission = yes" which changes that path to something like
> > > > 
> > > >   sendmail(1) -> postdrop(1) -> maildrop -> pickup(8) -> smtpd(8) ->
> > > >   cleanup(8) -> incoming
> > > 
> > > And HOW THE HELL is that supposed to work when Postfix is not up
> > > (not yet started, down for maintenance, or whatever).
> > 
> > I'm sensing a slight reluctance but will plough on...
> > 
> > In that case pickup is also not running, so the mail stays in maildrop.
> > Isn't that what happens now?
> 
> An SMTP client in the pickup daemon? How shall the pickup daemon
> send a non-delivery notification to the sender?

Answer: don't change the pickup daemon, but do this instead:

/etc/postfix/master.cf:
pickup unix .. .. .. .. .. pickup
-o content_filter=smtp:[localhost]:25

- Wietse

Re: Checking from-addresses on outbound mail

[Wietse Venema]

Wietse Venema:
> Wietse Venema:
> > Nick:
> > > On 2020-08-30 21:30 BST, Wietse Venema wrote:
> > > > Nick:
> > > > > I would like to have a postconf(5) parameter such as
> > > > > "local_via_submission = yes" which changes that path to something like
> > > > > 
> > > > >   sendmail(1) -> postdrop(1) -> maildrop -> pickup(8) -> smtpd(8) ->
> > > > >   cleanup(8) -> incoming
> > > > 
> > > > And HOW THE HELL is that supposed to work when Postfix is not up
> > > > (not yet started, down for maintenance, or whatever).
> > > 
> > > I'm sensing a slight reluctance but will plough on...
> > > 
> > > In that case pickup is also not running, so the mail stays in maildrop.
> > > Isn't that what happens now?
> > 
> > An SMTP client in the pickup daemon? How shall the pickup daemon
> > send a non-delivery notification to the sender?
> 
> Answer: don't change the pickup daemon, but do this instead:
> 
> /etc/postfix/master.cf:
> pickup unix .. .. .. .. .. pickup
>   -o content_filter=smtp:[localhost]:25

Well almost: it needs a custom SMTP client to avoid loop detection.

/etc/postfix/master.cf:
 pickup unix .. .. .. .. .. pickup
-o { content_filter = local-smtp:[localhost]:25 }

 local-smtp unix  .. .. .. .. .. smtp
-o { inet_interfaces = }
-o { myhostname = localhost }

Let me know if that does the job.

Wietse

Re: Checking from-addresses on outbound mail

[Viktor Dukhovni]

On Sun, Aug 30, 2020 at 05:33:51PM -0400, Wietse Venema wrote:

> Well almost: it needs a custom SMTP client to avoid loop detection.
> 
> /etc/postfix/master.cf:
>  pickup unix .. .. .. .. .. pickup
> -o { content_filter = local-smtp:[localhost]:25 }
> 
>  local-smtp unix  .. .. .. .. .. smtp
> -o { inet_interfaces = }
> -o { myhostname = localhost }
> 
> Let me know if that does the job.

Looks about right, perhaps a final note that with this one MUST NOT then
use "simple" content filters that resubit mail back into Postfix via
sendmail(1) (i.e. ultimately pickup).

Another thing to keep in mind with trying to prevent address forgery, is
that it can break various ways in which messages are forwarded (via e.g.
procmail) or "Resent" (via mail user agents), e.g. "mutt" can "bounce"
(really resend) a message, but it is polite and adds "Resent-From"
headers.

Also vacation message envelope sender addresses should be the null
sender address to avoid loops (see also RFC3834).

-- 
Viktor.

Re: mynetworks equivalent for sender address

[Jaroslaw Rafa]

Dnia 30.08.2020 o godz. 16:11:32 Viktor Dukhovni pisze:
> 
> There is, for good reason, no relay authorisation based on sender
> address, because unlike a source IP address on your network (which is
> difficult to forge with TCP) without being on your network, a sender
> address is trivially forged by just using it.  Sender addresses are
> neither secret not difficult to forge.
> 
> Thus permit_mynetworks (and thus mynetworks) is a thing, but there
> is no permit_sender_domain (nor thus mydomains).

However if someone wants to take a risk, I guess they can still put in
main.cf something like

smtpd_relay_restrictions = ..., check_sender_access /etc/postfix/relayuser, ...

where /etc/postfix/relayuser contains something like

usern...@domain.com PERMIT

Wouldn't it work?
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

Re: mynetworks equivalent for sender address

[dave]

That would be great if it works.

It may be easy to forge, but it can be harder to guess depending on what 
name I choose?


But you both mention relay - is that in the loose sense of the word? I 
don't need to relay it do I? Just permit?


thanks

Dave

On 30/08/2020 23:31, Jaroslaw Rafa wrote:

Dnia 30.08.2020 o godz. 16:11:32 Viktor Dukhovni pisze:

There is, for good reason, no relay authorisation based on sender
address, because unlike a source IP address on your network (which is
difficult to forge with TCP) without being on your network, a sender
address is trivially forged by just using it.  Sender addresses are
neither secret not difficult to forge.

Thus permit_mynetworks (and thus mynetworks) is a thing, but there
is no permit_sender_domain (nor thus mydomains).

However if someone wants to take a risk, I guess they can still put in
main.cf something like

smtpd_relay_restrictions = ..., check_sender_access /etc/postfix/relayuser, ...

where /etc/postfix/relayuser contains something like

usern...@domain.com PERMIT

Wouldn't it work?

Re: mynetworks equivalent for sender address

[Viktor Dukhovni]

On Sun, Aug 30, 2020 at 11:54:19PM +0100, dave wrote:

> That would be great if it works.

You mean that would be a double-barrelled shotgun you aim at your feet,
sure...

> It may be easy to forge, but it can be harder to guess depending on what 
> name I choose?
> 
> But you both mention relay - is that in the loose sense of the word? I 
> don't need to relay it do I? Just permit?

Mail to your own domains is permitted by default.  You don't need to
"permit" specific sender domains.  It is sending to other people's
domains (relaying) that requires access control.  The rest of the
access policy is then about blocking inbound spam and the like.

Now you for some reason report that your Raspberry Pi client is
not a stable client IP on your network.  If you take it with
you on the road, you'll need either a VPN back to an internal
network, a client cert or SASL auth.

-- 
Viktor.

Re: postfix not listening on 25/587

[Doug Denault]

On Sun, 30 Aug 2020, Noel Jones wrote:


On 8/30/2020 2:57 PM, Doug Denault wrote:
I am upgrading from postfix-2.8.7,1 and cyrus-imapd-2.3.18 to 
postfix-3.5.6,1 and cyrus-imapd30-3.0.14. The old system uses sasldb 
authentication, the new one MySQL. This is on FreeBSD.


I have compared the conf files on two addition postfix systems and can see 
no differences of consequence. I am not sure which files or parts thereof 
to show. I am kind of surprised postfix can be encouraged not to listen on 
these ports. I am quite lost and can supply whatever information that will 
help anyone with a idea on how I messed this up.


_
Douglas Denault
http://www.safeport.com
d...@safeport.com
Voice: 301-217-9220
   Fax: 301-217-9277



Likely is postfix is failing to start, with clues in the logfile.
http://www.postfix.org/DEBUG_README.html#logging

If you need to ask for further help:
http://www.postfix.org/DEBUG_README.html#mail


Thank you for your thought, but not exactly. Postfix sort starts, cyrus is 
all there:


working system:
   lighthouse:~> sockstat | egrep "postfix|master" | egrep ":[2\5]+"
   postfix  smtpd  98709 6  tcp4   *:25  *:*
   postfix  smtpd  98656 6  tcp4   *:25  *:*
   postfix  smtpd  98656 19 tcp4   127.0.0.1:53654
   127.0.0.1:10023
   postfix  smtpd  98612 6  tcp4   *:25  *:*
   root master 52014 12 tcp4   *:25  *:*
   root master 52014 16 tcp4   *:587 *:*

The one in question
   freeport:~> sockstat | egrep "postfix|master" | egrep ":[2\5]+"
   root master 3938  13 tcp4   *:25  *:*
   root master 3938  17 tcp4   *:587 *:*

Any thought much appreciated. The only difference between two of the 
other postfix/cyrus systems: one use sasldb, the other kerberos. The Not 
working one uses mysql. There are some cyrus gliches not relevant to 
this list. On the post fix front, the system can receive email, that's 
what master does, it can not send email. Apparently what postfix does.


Honestly as for RTFM, been there, done that. Did little for mysql all 
help there came from /var/log/messages and sql errors.


_
Douglas Denault
http://www.safeport.com
d...@safeport.com
Voice: 301-217-9220
  Fax: 301-217-9277

Re: "max_use=1" does not work at a situation

[kawakami]

On 2020/08/28 23:50, Wietse Venema wrote:

kawakami:

On 2020/08/27 20:54, Wietse Venema wrote:

kawakami:

Hi all,

Setting "max_use=1" on /etc/master.cf, but the same process ID was
assigned to different connections(postfix/smtpd process) at particular
situation.


SHOW LOGS.



Thank you for your reply.

Here are the logs I picked out:

Aug  3 15:10:11 dummy postfix/smtpd[5254]: connect from
example.com[X.X.X.X]:56925

...

Aug  3 15:10:11 dummy postfix/smtpd[5254]: disconnect from
example.com[X.X.X.X]:56925
Aug  3 15:10:11 dummy postfix/smtpd[5254]: connect from
example.net[aa:bb:ccc::e]:15480

...

Aug  3 15:10:26 dummy postfix/smtpd[5254]: disconnect from
example.net[aa:bb:ccc::e]:15480


Good. Now I have a few momre requests.

1) Execute this command:

# postfix reload.

2) Show the output of this command:

# grep smtpd $(postconf config_directory)/master.cf

3) Show logging that one smtpd process still handles more than one
connection.

Wietse





Sorry, the logs I showed was that after I reload postfix.

And this problem occurs NOT always, only in following situatision,


2, A message was sent on IPv4, but resuted 451 error.
3, A message was sent on IPv6, but resuted 451 error. 


Except the above situation, the "max_use = 1" normally works.

kawakami

Re: postfix not listening on 25/587

[Bill Cole]

On 30 Aug 2020, at 20:24, Doug Denault wrote:


On Sun, 30 Aug 2020, Noel Jones wrote:


On 8/30/2020 2:57 PM, Doug Denault wrote:
I am upgrading from postfix-2.8.7,1 and cyrus-imapd-2.3.18 to 
postfix-3.5.6,1 and cyrus-imapd30-3.0.14. The old system uses sasldb 
authentication, the new one MySQL. This is on FreeBSD.


I have compared the conf files on two addition postfix systems and 
can see no differences of consequence. I am not sure which files or 
parts thereof to show. I am kind of surprised postfix can be 
encouraged not to listen on these ports. I am quite lost and can 
supply whatever information that will help anyone with a idea on how 
I messed this up.





Likely is postfix is failing to start, with clues in the logfile.
http://www.postfix.org/DEBUG_README.html#logging

If you need to ask for further help:
http://www.postfix.org/DEBUG_README.html#mail


Thank you for your thought, but not exactly. Postfix sort starts, 
cyrus is all there:


working system:
   lighthouse:~> sockstat | egrep "postfix|master" | egrep ":[2\5]+"
   postfix  smtpd  98709 6  tcp4   *:25  *:*
   postfix  smtpd  98656 6  tcp4   *:25  *:*
   postfix  smtpd  98656 19 tcp4   127.0.0.1:53654
   127.0.0.1:10023
   postfix  smtpd  98612 6  tcp4   *:25  *:*
   root master 52014 12 tcp4   *:25  *:*
   root master 52014 16 tcp4   *:587 *:*

The one in question
   freeport:~> sockstat | egrep "postfix|master" | egrep ":[2\5]+"
   root master 3938  13 tcp4   *:25  *:*
   root master 3938  17 tcp4   *:587 *:*


That's absolutely normal. Postfix's 'master' process only spawns smtpd 
processes as needed to handle SMTP sessions. As shown, it listens on any 
ports that need persistent listeners, and hands off connections to child 
processes.


Any thought much appreciated. The only difference between two of the 
other postfix/cyrus systems: one use sasldb, the other kerberos. The 
Not working one uses mysql. There are some cyrus gliches not relevant 
to this list. On the post fix front, the system can receive email, 
that's what master does, it can not send email. Apparently what 
postfix does.


So, your chosen subject makes no sense. The master process is part of 
Postfix, and it is what listens on ports 25 and 587.



Honestly as for RTFM, been there, done that.


The bit of the documentation that you seem to have ignored is what Noel 
mentioned:  http://www.postfix.org/DEBUG_README.html#mail


Actual log entries and actual configuration are essential information.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)