Hallo Liste,
nach Umstellung von 7.3 auf 9.2, ich dachte es wäre Zeit weil 7.3
nicht mehr supportet, habe ich massive Probleme den Mailserver
konfiguriert zu bekommen.
Was der Mailserver machen soll
A. Mails von verschiedenen Konten abholen
B. An einen Benutzer "Mailer" weiterleiten, der via procmail Filter
an die anderen Benutzer weiterverteilt
C. Spamassassin und antivir über die Mails laufen lässt
D. lokale Mails lokal zustellen
E. die anderen Mails über ein Relay weltweit verschickt
Was bisher funktioniert ist E. und A. sonst nichts, wobei die
Zustellung auch unter A. nicht funktioniert, die Mails landen ...
ja wo landen sie denn?
in /var/log/mail steht sowas wie
Mar 4 11:10:12 mserver postfix/qmgr[5879]: 8F4445C090: from=, size=22526, nrcpt=1 (queue active)
Mar 4 11:10:23 mserver postfix/smtpd[8769]: connect from localhost[127.0.0.1]
Mar 4 11:10:23 mserver postfix/smtpd[8769]: F084E5DDED: client=localhost[127.0.0.1]
Mar 4 11:10:24 mserver postfix/cleanup[8900]: F084E5DDED: message-id=<20050216162349.800381BB7D@mserver.itega.org>
Mar 4 11:10:24 mserver postfix/smtpd[8769]: disconnect from localhost[127.0.0.1]
Mar 4 11:10:24 mserver amavis[9030]: (client-XX6Lnysl) Passed CLEAN, -> , Message-ID: <20050216162349.800381BB7D@mserver.itega.org>, Hits: -2.82
Mar 4 11:10:24 mserver amavis[9030]: (client-XX6Lnysl) WARN: no recips left (forgot to set $forward_method=undef using milter?), 250 2.6.0 Ok, id=client-XX6Lnysl, from MTA: 250 Ok: queued as F084E5DDED
Mar 4 11:10:24 mserver postfix/pipe[5888]: 092FE5E1A0: to=, orig_to=<dietmar>, relay=vscan, delay=801378, status=SOFTBOUNCE (Command died with status 99: "/usr/sbin/amavis")
Mar 4 11:10:24 mserver postfix/qmgr[5879]: 092FE5E1A0: from=, status=expired, returned to sender
Mar 4 11:10:25 mserver postfix/cleanup[8962]: 1D87160996: message-id=<20050304101024.1D87160996@mserver.itega.org>
Mar 4 11:10:25 mserver postfix/qmgr[5879]: 092FE5E1A0: removed
Mar 4 11:10:25 mserver postfix/qmgr[5879]: 8C3655CD50: from=, size=34192, nrcpt=1 (queue active)
in mail.info steht sowas
Mar 4 11:10:12 mserver postfix/cleanup[8962]: 147D960A0D: message-id=<20050304101011.147D960A0D@mserver.itega.org>
Mar 4 11:10:12 mserver postfix/qmgr[5879]: 047EE5E7C2: removed
Mar 4 11:10:12 mserver postfix/qmgr[5879]: 8F4445C090: from=, size=22526, nrcpt=1 (queue active)
Mar 4 11:10:23 mserver postfix/smtpd[8769]: connect from localhost[127.0.0.1]
Mar 4 11:10:23 mserver postfix/smtpd[8769]: F084E5DDED: client=localhost[127.0.0.1]
Mar 4 11:10:24 mserver postfix/cleanup[8900]: F084E5DDED: message-id=<20050216162349.800381BB7D@mserver.itega.org>
Mar 4 11:10:24 mserver postfix/smtpd[8769]: disconnect from localhost[127.0.0.1]
Mar 4 11:10:24 mserver amavis[9030]: (client-XX6Lnysl) Passed CLEAN, -> , Message-ID: <20050216162349.800381BB7D@mserver.itega.org>, Hits: -2.82
Mar 4 11:10:24 mserver amavis[9030]: (client-XX6Lnysl) WARN: no recips left (forgot to set $forward_method=undef using milter?), 250 2.6.0 Ok, id=client-XX6Lnysl, from MTA: 250 Ok: queued as F084E5DDED
Mar 4 11:10:24 mserver postfix/pipe[5888]: 092FE5E1A0: to=, orig_to=<dietmar>, relay=vscan, delay=801378, status=SOFTBOUNCE (Command died with status 99: "/usr/sbin/amavis")
Mar 4 11:10:24 mserver postfix/qmgr[5879]: 092FE5E1A0: from=, status=expired, returned to sender
Mar 4 11:10:25 mserver postfix/cleanup[8962]: 1D87160996: message-id=<20050304101024.1D87160996@mserver.itega.org>
Mar 4 11:10:25 mserver postfix/qmgr[5879]: 092FE5E1A0: removed
Mar 4 11:10:25 mserver postfix/qmgr[5879]: 8C3655CD50: from=, size=34192, nrcpt=1 (queue active)
in mail.warn sowas
Mar 4 11:10:24 mserver amavis[9030]: (client-XX6Lnysl) WARN: no recips left (forgot to set $forward_method=undef using milter?), 250 2.6.0 Ok, id=client-XX6Lnysl, from MTA: 250 Ok: queued as F084E5DDED
.
.
.
Mar 4 11:15:05 mserver postfix/qmgr[5879]: warning: mail for mserver.itega.org is using up 20000 of 20000 active queue entries
Mar 4 11:15:05 mserver postfix/qmgr[5879]: warning: you may need to reduce vscan connect and helo timeouts
Mar 4 11:15:05 mserver postfix/qmgr[5879]: warning: so that Postfix quickly skips unavailable hosts
Mar 4 11:15:05 mserver postfix/qmgr[5879]: warning: you may need to increase the main.cf minimal_backoff_time and maximal_backoff_time
Mar 4 11:15:05 mserver postfix/qmgr[5879]: warning: so that Postfix wastes less time on undeliverable mail
Mar 4 11:15:05 mserver postfix/qmgr[5879]: warning: you may need to increase the master.cf vscan process limit
Mar 4 11:15:05 mserver postfix/qmgr[5879]: warning: please avoid flushing the whole queue when you have
Mar 4 11:15:05 mserver postfix/qmgr[5879]: warning: lots of deferred mail, that is bad for performance
Mar 4 11:15:05 mserver postfix/qmgr[5879]: warning: to turn off these warnings specify: qmgr_clog_warn_time = 0
Das deutet auf Probleme mit amavis hin. Aber ich finde den Fehler
nicht.
amavisd.conf (gekürzt)
use strict;
$max_servers = 2; # number of pre-forked children (2..15 is common)
$daemon_user = 'vscan';
$daemon_group = 'vscan';
$mydomain = 'itega.org';
$MYHOME = '/var/spool/amavis';
$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to be created manually
$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR
$QUARANTINEDIR = '/var/spool/amavis/virusmails';
@local_domains_maps = ( [".$mydomain"] );
$log_level = 0; # verbosity 0..5
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$SYSLOG_LEVEL = 'mail.debug';
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1
$inet_socket_port = 10024; # listen on this local TCP port(s) (see $protocol)
$unix_socketname = "$MYHOME/amavisd.sock"; # when using sendmail milter
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?
$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant
# for SA 3.0, cf option is 'use_auto_whitelist')
$virus_admin = "virusalert\@$mydomain"; # notifications recip.
$mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender
$mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
@addr_extension_virus_maps = ('virus');
@addr_extension_spam_maps = ('spam');
@addr_extension_banned_maps = ('banned');
@addr_extension_bad_header_maps = ('badh');
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use recent versions
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$rpm2cpio = ['rpm2cpio.pl','rpm2cpio'];
$cabextract = 'cabextract';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj'];
$unrar = ['rar', 'unrar'];
$zoo = 'zoo';
$lha = 'lha';
$cpio = ['gcpio','cpio'];
$dspam = 'dspam';
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus = 1; # MIME-wrap passed infected mail
$defang_banned = 1; # MIME-wrap passed mail containing banned name
$final_spam_destiny = D_PASS;
@viruses_that_fake_sender_maps = (new_RE(
[qr'\bEICAR\b'i => 0], # av test pattern name
[qr'^(WM97|OF97|Joke\.)'i => 0], # adjust names to match your AV scanner
[qr/.*/ => 1], # true for everything else
));
@keep_decoded_original_maps = (new_RE(
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));
$banned_filename_re = new_RE(
qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)\.?$'i,
qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any type in Unix archives
qr'.\.(exe|vbs|pif|scr|bat|cmd|com)$'i, # banned extension - basic
qr'^\.(exe-ms)$', # banned file(1) types
);
@score_sender_maps = ({ # a by-recipient hash lookup table,
# results from all matching recipient tables are summed
'.' => [ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],
[qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0],
[qr'^(your_friend|greatoffers)@'i => 5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
),
{ # a hash-type lookup table (associative array)
'nobody@cert.org' => -3.0,
'cert-advisory@us-cert.gov' => -3.0,
'owner-alert@iss.net' => -3.0,
'slashdot@slashdot.org' => -3.0,
'bugtraq@securityfocus.com' => -3.0,
'ntbugtraq@listserv.ntbugtraq.com' => -3.0,
'security-alerts@linuxsecurity.com' => -3.0,
'mailman-announce-admin@python.org' => -3.0,
'amavis-user-admin@lists.sourceforge.net'=> -3.0,
'notification-return@lists.sophos.com' => -3.0,
'owner-postfix-users@postfix.org' => -3.0,
'owner-postfix-announce@postfix.org' => -3.0,
'owner-sendmail-announce@lists.sendmail.org' => -3.0,
'sendmail-announce-request@lists.sendmail.org' => -3.0,
'donotreply@sendmail.org' => -3.0,
'ca+envelope@sendmail.org' => -3.0,
'noreply@freshmeat.net' => -3.0,
'owner-technews@postel.acm.org' => -3.0,
'ietf-123-owner@loki.ietf.org' => -3.0,
'cvs-commits-list-admin@gnome.org' => -3.0,
'rt-users-admin@lists.fsck.com' => -3.0,
'clp-request@comp.nus.edu.sg' => -3.0,
'surveys-errors@lists.nua.ie' => -3.0,
'emailnews@genomeweb.com' => -5.0,
'yahoo-dev-null@yahoo-inc.com' => -3.0,
'returns.groups.yahoo.com' => -3.0,
'clusternews@linuxnetworx.com' => -3.0,
lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0,
lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
# soft-blacklisting (positive score)
'sender@example.net' => 3.0,
'.example.net' => 1.0,
},
], # end of site-wide tables
});
postconf -n
alias_maps = hash:/etc/aliases
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = vscan:
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
disable_dns_lookups = yes
html_directory = /usr/share/doc/packages/postfix/html
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 0
mailbox_transport = procmail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 10240000
mydestination = $myhostname,localhost.$mydomain,$mydomain
mydomain = itega.org
myhostname = mserver.itega.org
mynetworks = 172.16.2.0/24, 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relayhost = postman.arcor.de
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_use_tls = yes
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_use_tls = yes
soft_bounce = yes
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
main.cf
soft_bounce = yes
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
myhostname = mserver.itega.org
mydomain = itega.org
inet_interfaces = all
unknown_local_recipient_reject_code = 450
mynetworks = 172.16.2.0/24, 127.0.0.0/8
mailbox_command = /usr/bin/procmail
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
mydestination = $myhostname,localhost.$mydomain,$mydomain
defer_transports =
disable_dns_lookups = yes
relayhost = postman.arcor.de
content_filter = vscan:
mailbox_command = /usr/bin/procmail
mailbox_transport = procmail
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes
smtpd_use_tls = yes
smtp_use_tls = yes
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
html_directory = /usr/share/doc/packages/postfix/html
master.cf
smtp inet n - n - 2 smtpd -o content_filter=smtp:[127.0.0.1]:10024
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
localhost:10025 inet n - n - - smtpd -o content_filter=
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
vscan unix - n n - 10 pipe
user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
Any hints?
--
Best regards,
Dietmar mailto:earthmate@gmx.net
