решено ФорумAdmin

Не работает почта?




Доброго времени суток уважаемые форумчане! Столкнулся с «проблемой» в виде связки Postfix+Dovecot+..., т.е. почта не отправляется и не принимается :(. НО - если воспользоваться утилитой mail из консоли, типа: mail -c «Hello World» накатать какой-нить текст и отправить.... то письмо отправляется, и причем нормально. т.е. письмо попадает именно туда, куда нужно... Дабы не быть голословным, привожу конфиги для Postfix и Dovecot:

command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
myhostname =
mydomain =
myorigin = $mydomain
# Enable IPv4, and IPv6 if supported
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain
unknown_local_recipient_reject_code = 550
mynetworks =,
mynetworks = $config_directory/mynetworks
mynetworks = hash:/etc/postfix/network_table
alias_maps = hash:/etc/aliases
home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
debugger_command =
	 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
always_bcc =
myhostname =
ipc_idle = 100s
recipient_delimiter = +
relay_domains = $mydestination,
queue_run_delay = 1000s
minimal_backoff_time = 1000s
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
sender_canonical_maps = hash:/etc/postfix/canonical
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
inet_interfaces = all
smtpd_sasl_security_options = noanonymous
mydestination = $myhostname, localhost.$mydomain, localhost,

# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
# Do not forget to execute "postfix reload" after editing this file.
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp	inet	n	-	n	-	-	smtpd -o smtpd_sasl_auth_enable=yes
#submission inet n       -       n       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
	-o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in maildrop_destination_recipient_limit=1
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
# ====================================================================
# The Cyrus deliver program has changed incompatibly, multiple times.
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
# ====================================================================
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in cyrus_destination_recipient_limit=1
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
# ====================================================================
# See the Postfix UUCP_README file for configuration details.
#uucp      unix  -       n       n       -       -       pipe
#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
# ====================================================================
# Other external delivery methods.
#ifmail    unix  -       n       n       -       -       pipe
#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#bsmtp     unix  -       n       n       -       -       pipe
#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#scalemail-backend unix -       n       n       -       2       pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#mailman   unix  -       n       n       -       -       pipe
#  flags=FR user=list argv=/usr/lib/mailman/bin/
#  ${nexthop} ${user}
submission	inet	n	-	n	-	-	smtpd -o smtpd_sasl_auth_enable=yes
## Dovecot configuration file

# If you're in a hurry, see

# "doveconf -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting files when posting to the Dovecot mailing list.

# '#' character and everything after it is treated as comments. Extra spaces
# and tabs are ignored. If you want to use either of these explicitly, put the
# value inside quotes, eg.: key = "# char and trailing whitespace  "

# Default values are shown for each setting, it's not required to uncomment
# those. These are exceptions to this though: No sections (e.g. namespace {})
# or plugin settings are added by default, they're listed only as examples.
# Paths are also just examples with the real defaults being based on configure
# options. The paths listed here are for configure --prefix=/usr
# --sysconfdir=/etc --localstatedir=/var

# Protocols we want to be serving.
#protocols = imap pop3 lmtp
#protocols = imap pop3
protocols = imap pop3
mail_location = maildir:~/Maildir
pop3_uidl_format = %08Xu%08Xv
# Required on x86_64 kernels
#login_process_size = 64
# A comma separated list of IPs or hosts where to listen in for connections. 
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::
listen = *

# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/

# Greeting message for clients.
#login_greeting = Dovecot ready.

# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks =

# Sepace separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets = 

# Show more verbose process titles (in ps). Currently shows user name and
# IP address. Useful for seeing who are actually using the IMAP processes
# (eg. shared mailboxes or if same uid is used for multiple accounts).
#verbose_proctitle = no

# Should all processes be killed when Dovecot master process shuts down.
# Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be
# a problem if the upgrade is e.g. because of a security fix).
#shutdown_clients = yes

# If non-zero, run mail commands via this many connections to doveadm server,
# instead of running them directly in the same process.
#doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server

## Dictionary server settings

# Dictionary can be used to store key=value lists. This is used by several
# plugins. The dictionary can be accessed either directly or though a
# dictionary server. The following dict block maps dictionary names to URIs
# when the server is used. These can then be referenced using URIs in format
# "proxy::<name>".

dict {
  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext

# Most of the actual configuration gets included below. The filenames are
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
# in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf

# A config file can also tried to be included without giving an error if
# it's not found:
#!include_try /etc/dovecot/local.conf
#ssl_listen = *
За «портянки» не судите строго, а мож и нужно... кому как... Прошу помощи в решении данной «проблемы». Заранее спасибо!

Кто создавал эти конфиги и по каким руководствам?

А так, почтовый клиент отправляет почту по smtp, Dovecot тут не причём, нужно уточнить, где именно возникает проблема. Почтовый клиент устанавливает соедиение с сервером? Авторизуется? Передаёт письмо? По логам postfix принимает письмо от клиента?

mky ★★★★★ ()
Ответ на: комментарий от no-dashi


# Generated by iptables-save v1.4.7 on Sat Mar 29 20:43:38 2014
:PREROUTING ACCEPT [12742:632945]
:OUTPUT ACCEPT [1240:76096]
# Completed on Sat Mar 29 20:43:38 2014
# Generated by iptables-save v1.4.7 on Sat Mar 29 20:43:38 2014
:PREROUTING ACCEPT [40017:2190535]
:INPUT ACCEPT [40017:2190535]
:OUTPUT ACCEPT [19115:3511748]
:POSTROUTING ACCEPT [19115:3511748]
# Completed on Sat Mar 29 20:43:38 2014
# Generated by iptables-save v1.4.7 on Sat Mar 29 20:43:38 2014
:OUTPUT ACCEPT [19115:3511748]
-A INPUT -i lo -j ACCEPT 
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT 
-A INPUT -p icmp -m icmp --icmp-type 8 -j DROP 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 2 --hashlimit-mode srcip --hashlimit-name SSH --hashlimit-htable-expire 60000 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 80 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j DROP 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT 
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 953 -j ACCEPT 
-A INPUT -s -j DROP 
-A INPUT -p udp -m udp --dport 20 -j ACCEPT 
-A INPUT -p udp -m udp --dport 21 -j ACCEPT 
-A INPUT -p udp -m udp --dport 53 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 12000 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m multiport --dports 30000:30999 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j ACCEPT 
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j ACCEPT 
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 60 --connlimit-mask 32 -j REJECT --reject-with icmp-port-unreachable 
-A FORWARD -p icmp -m limit --limit 250/sec --limit-burst 500 -j QUEUE 
-A FORWARD -p icmp -j DROP 
-A FORWARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT 
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 15/min -j QUEUE 
# Completed on Sat Mar 29 20:43:39 2014
xanderlexx ()
Ответ на: комментарий от mky

Thunderbird - дает возможность создать новую запись, но при попытке проврить почту - ессно пишет, что пароль не подходит и .... о пересылке письма думаю говорить не стоит :). /var/log/maillog - пуст как ...

xanderlexx ()
Ответ на: комментарий от mky

Оказывается - теперь почтовик при создании новой записи - ругается, что пароль или логин не катят.... что м.б. за Х..? Кстати - конфиги правил сам...

xanderlexx ()

появляется в /var/log/maillog при отправке сообщения с удалённого клиента или попытке проверить учётку в тандырбёрде?

anonymous ()
Ответ на: комментарий от AlfaStriker

Смотрю! Но они пустые, хотя отметка об обращении системы к файлу имеется

xanderlexx ()
Ответ на: комментарий от anonymous

Вот этот момент самый «непонятный», т.к. Thunderbird кое-как соединяется с сервом и даже пишет, что новых сообщений нет, но отметок в логе также нет.

xanderlexx ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.