Postfix drives me crazy

tpe · January 9, 2010, 10:10am

Hi all,
I upgraded my home server from openSUSE 10.3 to 11.2. From that day, postfix rejects every email I try to receive by using fetchmail.

The main.cf file was unchanged after the upgrade, postfix starts correctly, but it does not accepts emails!

The errors I receive are:


NOQUEUE: reject: RCPT from localhost::1]: 504 5.5.2 <localhost>: Helo command rejected: need fully-qualified hostname; from=<> to=<correctuser@somedomain.com> proto=SMTP helo=<localhost>

NOQUEUE: reject: RCPT from localhost::1]: 504 5.5.2 <tpe@localhost>: Recipient address rejected: need fully-qualified address; from=<hidden@domain.com> to=<tpe@localhost> proto=ESMTP helo=<server.home>

A full session log is:


Jan  9 11:05:41 server postfix/smtpd[22613]: connect from localhost::1]
Jan  9 11:05:41 server postfix/smtpd[22613]: NOQUEUE: reject: RCPT from localhost::1]: 554 5.7.1 <username@hotmail.com>: Relay access denied; from=<> to=<username@hotmail.com> proto=SMTP helo=<server.home>
Jan  9 11:05:41 server postfix/smtpd[22613]: disconnect from localhost::1]
Jan  9 11:05:41 server postfix/smtpd[22616]: NOQUEUE: reject: RCPT from localhost::1]: 504 5.5.2 <tpe@localhost>: Recipient address rejected: need fully-qualified address; from=<username@hotmail.com> to=<tpe@localhost> proto=ESMTP helo=<server.home>
Jan  9 11:05:41 server postfix/smtpd[22616]: disconnect from localhost::1]

Now, what drives me crazy, is the fact that I have not modified the main.cf and until the upgrade, everything was fine!

The main.cf file is:


#Program Directories
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix

#Paths
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
mail_spool_directory = /var/mail

#Suse related (DO I need them?)
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES

#Owners (Queue and mail)
mail_owner = postfix
setgid_group = maildrop

#MAPS
alias_maps = hash:/etc/aliases
canonical_maps = hash:/etc/postfix/canonical
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_maps = hash:/etc/postfix/virtual

#Debug Level
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 xxgdb $daemon_directory/$process_name $process_id & sleep 5

#New Mail Notifications
biff = no

#Hostname and networks
mydomain=home
myhostname=server.home
mydestination = $myhostname localhost.$mydomain localhost $mydomain
inet_interfaces = all
inet_protocols = all
defer_transports =
relayhost = smtp.myisp.com

#Networks
mynetworks=127.0.0.0/8, 192.168.0.0/16

#mailbox_command = 
mailbox_command = /usr/lib/dovecot/deliver
mailbox_transport = 
home_mailbox = Mail/

#Some Codes
unknown_local_recipient_reject_code = 550

#Access Control/Restrictions
strict_rfc821_envelopes = yes
disable_vrfy_command = yes

#Sender
#smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions = permit_mynetworks,
	permit_inet_interfaces,
	reject_plaintext_session

#EHLO
smtpd_helo_required=yes
smtpd_helo_restrictions = permit_mynetworks,
	reject_invalid_helo_hostname,
	reject_unknown_helo_hostname,
	reject_non_fqdn_helo_hostname,
	reject_non_fqdn_hostname,
	reject_invalid_hostname,
	permit

#Recipients
smtpd_recipient_restrictions =
	permit_mynetworks,
	reject_unauth_pipelining,
	reject_invalid_hostname,
	reject_non_fqdn_hostname,
	reject_non_fqdn_sender,
	reject_non_fqdn_recipient,
	reject_unknown_sender_domain,
	reject_unknown_recipient_domain,
	reject_unauth_destination,
	reject_rbl_client list.dsbl.org,
	reject_rbl_client zen.spamhaus.org
	reject_rbl_client cbl.abuseat.org,
	reject_rbl_client dul.dnsbl.sorbs.net,
	reject_rbl_client bl.spamcop.net
	permit
smtpd_sasl_auth_enable = no

#TLS Options
#### SSL - TLS #########################################
#smtp_tls_per_site = hash:/etc/postfix/ssl/tls_per_site
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_cert_file = /etc/postfix/ssl/postfix-cert.pem
smtp_tls_key_file = /etc/postfix/ssl/postfix-key.pem

smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_key_file = /etc/postfix/ssl/postfix-key.pem
smtpd_tls_cert_file = /etc/postfix/ssl/postfix-cert.pem
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

tls_random_source = dev:/dev/urandom

#Mailboxes and message Options
mailbox_size_limit = 0
message_size_limit = 104857600

strict_8bitmime = no
disable_mime_output_conversion = no
mynetworks_style = subnet
smtp_sasl_security_options = 
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

#Other commands
smtpd_policy_service_max_idle = 30s

Any help would be appreciated.

syampillai · January 9, 2010, 10:15am

Check your host name set up.

tpe · January 9, 2010, 4:09pm

What do you mean?
All other servers (Apache eg, samba etc) work fine.
And, I have a local DNS server (which of course has no problem). So, it is an issue of postfix I suppose. Hostname is correct and until the upgrade I had no problem at all.

syampillai · January 9, 2010, 7:36pm

Most servers do not accept mail connections from localhost.
I don’t know why it was accepting earlier.

Also, in 11.2, IPv6 is enabled by default and I can see that your ‘Helo’ command went from the IPv6 address. So, try disabling IPv6 too.

tpe · January 10, 2010, 7:32am

The localhost is definately a valid destination and most servers accept email from that point. I actually looking at this point, since I believe that the problem is the IPv6. It seems that it uses IPv6, so it is possible that the IPv6 is the problem.
I will report back later.

tpe · January 10, 2010, 7:53am

OK, IPv4 did the trick, but obviously this is not what I like. In any case, solved.

syampillai · January 10, 2010, 3:52pm

Good to know that the problem is solved. The problem with IPv6 is that not everyone is ready for that.

Email servers accepting mails from localhost are prone to spams and generally, it is not a good idea to accept such mails unless other authentication mechanisms (example sasl) are in place.