Greetings!
Looks as if I have traded in one problem for a bunch of more malfunctions by getting rid of the initial problem…
Now Postfix properly recognizes anything that’s coming in via port 25 (although the IMAP server any inbound mail is supposed to be forwarded to still misbehaves - but that’s not my concern here) from other SMTP servers, but instead anything I attempt to submit via port 587 causes it to complain (yes, the port has been unblocked in the master.cf, and the firewall is open as well) - strangely enough this won’t produce ANY log messages whatsoever that would allow me to figure out what’s going on in the first place.
The error message Postfix returns is “Requested action not taken: mailbox unavailable Sender address is not allowed.”
FYI, the master.cf:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#amavis unix - - n - 4 smtp
# -o smtp_data_done_timeout=1200
# -o smtp_send_xforward_command=yes
# -o disable_dns_lookups=yes
# -o max_use=20
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_type=cyrus
-o smtpd_sasl_path=smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_sender=yes
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_sasl_auth_enable=yes
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_sasl_auth_enable=yes
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#localhost:10025 inet n - n - - smtpd
# -o content_filter=
# -o smtpd_delay_reject=no
# -o smtpd_client_restrictions=permit_mynetworks,reject
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_recipient_restrictions=permit_mynetworks,reject
# -o smtpd_data_restrictions=reject_unauth_pipelining
# -o smtpd_end_of_data_restrictions=
# -o smtpd_restriction_classes=
# -o mynetworks=127.0.0.0/8
# -o smtpd_error_sleep_time=0
# -o smtpd_soft_error_limit=1001
# -o smtpd_hard_error_limit=1000
# -o smtpd_client_connection_count_limit=0
# -o smtpd_client_connection_rate_limit=0
# -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings
# -o local_header_rewrite_clients=
# -o local_recipient_maps=
# -o relay_recipient_maps=
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
#
#procmail unix - n n - - pipe
# flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
#
My main.cf:
# Basic directory setup
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
# Postfix ownership & security
mail_owner = postfix
setgid_group = maildrop
# Mailer identification
mail_name = robidu.de mail
smtpd_banner = $mail_name. All spam is reported. ESMTP
# Listen everywhere
inet_interfaces = all
# Default user to deliver mail to
luser_relay =
append_dot_mydomain = no
append_at_myorigin = yes
# Aliases
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# Various whitelist stuff
local_recipient_maps = $alias_maps
# Identification of system
myhostname = mail.robidu.de
mydomain = robidu.de
myorigin = $mydomain
# Deliver mails to these domains
mydestination = $myhostname, localhost.$mydomain, localhost, dl3ola.de, 13welten.net
# External networks from which to accept relayed emails
mynetworks_style = subnet
mynetworks = 127.0.0.0/8, 81.169.175.87/32
# Do not use a relay!
relayhost =
# What do I relay?
relay_domains = dl3ola.de, 13welten.net
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
# Set some limitations
bounce_size_limit = 1024
mailbox_size_limit = 0
message_size_limit = 104857600
# Message restrictions
header_checks = regexp:/etc/postfix/header_checks
# Defines how long messages remain in the queue before being bounced
bounce_queue_lifetime = 4h
maximal_queue_lifetime = 4h
delay_warning_time = 1h
# Force parallel delivery
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 20
# For traffic tempering
in_flow_delay = 1s
# Require strict RFC 821-style envelope addresses!
strict_rfc821_envelopes = yes
# Limit info given to outside servers!
show_user_unknown_table_name = no
disable_vrfy_command = yes
# Require HELO or EHLO?
smtpd_helo_required = yes
# Notification and delimiter
biff = no
recipient_delimiter =
# Disable certain substitutions
allow_percent_hack = no
swap_bangpath = no
# Tarpit until RCPT TO: is received
smtpd_delay_reject = yes
# Tarpit bots that send errors or scan for accounts
smtpd_error_sleep_time = 30
smtpd_soft_error_limit = 1
smtpd_hard_error_limit = 3
smtpd_junk_command_limit = 2
# Error codes
access_map_reject_code = 554
invalid_hostname_reject_code = 554
maps_rbl_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
plaintext_reject_code = 554
reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
# Login names mapped to particular senders
# smtpd_sender_login_maps = hash:/etc/postfix/addrmaps
# Access restrictions
smtpd_client_restrictions = permit_mynetworks,
check_client_access regexp:/etc/postfix/client_restrictions,
reject_invalid_hostname,
reject_rbl_client zen.spamhaus.org,
reject_unknown_client,
permit
smtpd_helo_restrictions = permit_mynetworks,
check_helo_access hash:/etc/postfix/helo_access,
reject_unauth_pipelining,
reject_non_fqdn_hostname,
reject_invalid_hostname,
warn_if_reject reject_unknown_hostname,
permit
smtpd_sender_restrictions = permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_address
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:60000
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit_mynetworks,
reject_unauth_pipelining,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_unknown_client,
permit
smtpd_etrn_restrictions = permit_mynetworks,
reject
smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
# Manage my virtual mailboxes
virtual_mailbox_limit = 10737418240
#virtual_mailbox_domains = robidu.de, dl3ola.de, 13welten.net
virtual_mailbox_domains = robidu.de
virtual_mailbox_base = /var/mail
virtual_mailbox_maps = hash:/etc/postfix/vboxes
virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = hash:/etc/postfix/virtual
# TLS for mail reception
smtpd_use_tls = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_cert_file = /etc/ssl/private/mail.robidu.de/selfmail.cert
smtpd_tls_key_file = /etc/ssl/private/mail.robidu.de/selfmail.key
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
tls_random_prng_update_period = 3600s
smtpd_tls_CApath = /etc/ssl/certs
# TLS for mail transmission
smtp_use_tls = yes
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_cert_file = /etc/ssl/private/mail.robidu.de/selfmail.cert
smtp_tls_key_file = /etc/ssl/private/mail.robidu.de/selfmail.key
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_cache
smtp_tls_CApath = /etc/ssl/certs
The SASL configuration:
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: plain login
sasldb_path: /etc/postfix/passwd.db
TLS is working properly (I’ve checked that with openssl), and I could authenticate myself to the server by manually issuing an AUTH PLAIN.
However, that still doesn’t explain why attempting to send a mail with KMail continually gets rejected. The other problem (albeit a minor one): I even cannot probe the server’s capabilities.
Does anyone know what’s going on here? For my part, I have run out of options now…
