LINUX.ORG.RU
решено ФорумAdmin

postfix перестала приходить почта извне

 


0

1

Здравствуйте. Перестала приходить почта из внешней сети. Локальная почта приходит и отправляется в т.ч. и во внешнюю сеть. Настроек ни каких не менял. Ubuntu Server 14.04, Postfix 2.11.0, IRedMail-0.9.2 Ошибка в логе

mail.log

Apr 27 16:00:45 teploenergo postfix/postscreen[26915]: fatal: service smtp requires a process limit of 1

Apr 27 16:00:46 teploenergo postfix/master[24100]: warning: process /usr/lib/postfix/postscreen pid 26915 exit status 1

Apr 27 16:00:46 teploenergo postfix/master[24100]: warning: /usr/lib/postfix/postscreen: bad command startup – throttling

Уважаемые Гуру!, подскажите, что пишет лог. В поиске не нашел соответствий. Ответ об ошибке доставки, например на ya.ru: loshko_wr@teploenergo.org: conversation with

mail.teploenergo.org[109.170.45.126] timed out while receiving the initial server greeting

Reporting-MTA: dns; forward202b.mail.yandex.net

X-Yandex-Queue-ID: AF92C68122

X-Yandex-Sender: rfc822; loshko@ya.ru

Arrival-Date: Mon, 24 Apr 2023 11:35:45 +0300 (MSK)

Final-Recipient: rfc822; loshko_wr@teploenergo.org

Original-Recipient: rfc822;loshko_wr@teploenergo.org

Action: failed

Status: 4.4.2

Diagnostic-Code: X-Yandex; conversation with

mail.teploenergo.org[109.170.45.126] timed out while receiving the initial server greeting

main.cf

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)

biff = no

append_dot_mydomain = no

readme_directory = no

smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt

smtpd_tls_key_file = /etc/ssl/private/iRedMail.key

smtpd_use_tls=yes

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

alias_maps = hash:/etc/postfix/aliases

alias_database = hash:/etc/postfix/aliases

myorigin = mail.teploenergo.org

mydestination = $myhostname, localhost, localhost.localdomain

relayhost =

mynetworks = 192.168.0.0/24, 127.0.0.0/8

mailbox_size_limit = 0

recipient_delimiter = +

inet_interfaces = all

inet_protocols = ipv4

virtual_alias_domains =

mydomain = teploenergo.org

allow_percent_hack = no

swap_bangpath = no

mynetworks_style = host

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_reject_unlisted_recipient = yes

smtpd_reject_unlisted_sender = yes

smtpd_tls_protocols = !SSLv2 !SSLv3

lmtp_tls_protocols = !SSLv2 !SSLv3

smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3

smtp_tls_mandatory_protocols = !SSLv2 !SSLv3

lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3

smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA

smtpd_tls_dh1024_param_file = /etc/ssl/dhparams.pem

smtp_tls_security_level = may

smtp_tls_CAfile = $smtpd_tls_CAfile

smtp_tls_loglevel = 0

smtp_tls_note_starttls_offer = yes

smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unlisted_sender, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access

delay_warning_time = 0h

maximal_queue_lifetime = 4h

bounce_queue_lifetime = 4h

proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions

smtp_data_init_timeout = 240s

smtp_data_xfer_timeout = 600s

smtpd_delay_reject = yes

smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access regexp:/etc/postfix/helo_regexp, check_helo_access pcre:/etc/postfix/helo_access.pcre

smtpd_client_restrictions = permit_mynetworks, regexp:/etc/postfix/dul_checks, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client psbl.surriel.com, reject_rbl_client spamsources.fabel.dk, reject_rbl_client opm.blitzed.org, reject_rbl_client combined.njabl.org, reject_rbl_client dul.ru, reject_rbl_client dialup.balcklist.jippg.org, reject_rbl_client relays.mail-abuse.org, reject_rbl_client dnsbl.sorbs.net, reject_unknown_client, permit

header_checks = regexp:/etc/postfix/header_checks

unknown_local_recipient_reject_code = 550

queue_run_delay = 300s

minimal_backoff_time = 300s

maximal_backoff_time = 4000s

enable_original_recipient = no

disable_vrfy_command = yes

home_mailbox = Maildir/

allow_min_user = no

message_size_limit = 45200000

virtual_minimum_uid = 2000

virtual_uid_maps = static:2000

virtual_gid_maps = static:2000

virtual_mailbox_base = /var/vmail

transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf

virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf

virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf

virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf

sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf

recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf

relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf

smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain =

broken_sasl_auth_clients = yes

smtpd_sasl_security_options = noanonymous

smtpd_tls_auth_only = yes

smtpd_recipient_restrictions = reject_unauth_pipelining, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031, permit_sasl_authenticated, regexp:/etc/postfix/recipient_access, permit_mynetworks, reject_unauth_destination

smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031,

smtpd_tls_security_level = may

smtpd_tls_loglevel = 0

smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt

tls_random_source = dev:/dev/urandom

mailbox_command = /usr/lib/dovecot/deliver

virtual_transport = dovecot

dovecot_destination_recipient_limit = 1

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/dovecot-auth

content_filter = smtp-amavis:[127.0.0.1]:10024

smtp-amavis_destination_recipient_limit = 1

body_checks = regexp:/etc/postfix/body_checks

address_verify_sender = $double_bounce_sender

master.cf

smtp inet n - - - - postscreen

pickup unix n - - 60 1 pickup

cleanup unix n - - - 0 cleanup

qmgr unix n - n 300 1 oqmgr

tlsmgr unix - - - 1000? 1 tlsmgr

rewrite unix - - - - - trivial-rewrite

bounce unix - - - - 0 bounce

defer unix - - - - 0 bounce

trace unix - - - - 0 bounce

verify unix - - - - 1 verify

flush unix n - - 1000? 0 flush

proxymap unix - - n - - proxymap

proxywrite unix - - n - 1 proxymap

smtp unix - - - - - smtp

relay unix - - - - - smtp

showq unix n - - - - showq

error unix - - - - - error

retry unix - - - - - error

discard unix - - - - - discard

local unix - n n - - local

virtual unix - n n - - virtual

lmtp unix - - - - - lmtp

anvil unix - - - - 1 anvil

scache unix - - - - 1 scache

maildrop unix - n n - - pipe

flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

uucp unix - n n - - pipe

flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail unix - n n - - pipe

flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp unix - n n - - pipe

flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient

scalemail-backend unix - n n - 2 pipe

flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}

mailman unix - n n - - pipe

flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py

${nexthop} ${user}

submission inet n - n - - smtpd

-o smtpd_tls_security_level=encrypt

-o smtpd_sasl_auth_enable=yes

-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

dovecot unix - n n - - pipe

flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}

smtp-amavis unix - - - - 4 smtp

-o smtp_data_done_timeout=1200

-o smtp_send_xforward_command=yes

-o disable_dns_lookups=yes

-o max_use=20

127.0.0.1:10025 inet n - - - - smtpd

-o content_filter=

-o mynetworks_style=host

-o mynetworks=127.0.0.0/8

-o local_recipient_maps=

-o relay_recipient_maps=

-o strict_rfc821_envelopes=yes

-o smtp_tls_security_level=none

-o smtpd_tls_security_level=none

-o smtpd_restriction_classes=

-o smtpd_delay_reject=no

-o smtpd_client_restrictions=permit_mynetworks,reject

-o smtpd_helo_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o smtpd_end_of_data_restrictions=

-o smtpd_error_sleep_time=0

-o smtpd_soft_error_limit=1001

-o smtpd_hard_error_limit=1000

-o smtpd_client_connection_count_limit=0

-o smtpd_client_connection_rate_limit=0

-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

Ответ на: комментарий от hobbit

Спасибо, что не бросили. Вот выяснил, что кодга в master.cf заменяю строку

smtp inet n - - - - postscreen

на

smtp inet n - - - 1 smtpd

тогда почта из вне начинает приходить, причем, и за все время «простоя».

Сервер настраивал в 2012 году по кускам мануалов из интернета, что где лежит и тогда не знал, и сейчас не найду. Вот и обратился за помощью.

loshko
() автор топика