Outgoing server is unable to receive mail with the following configuration:
RelayHost servername:465
file smtp_auth has servername:465 :password
The file was processed using postmap smtp_auth
postmap reload done
The error message is: server unavailable or unable to receive mail.
I can telnet into the server using port 465.
Please help.
There should be more detailed information in you logfiles. Check for postfix related entries in /ver/log/mail*
The logfile:
Dec 27 09:20:34 ucs-4590 postfix/smtpd[27114]: connect from localhost[127.0.0.1]
Dec 27 09:20:34 ucs-4590 postfix/smtpd[27114]: 3F0D8E85569: client=localhost[127.0.0.1], orig_queue_id=EAFE3E85508, orig_client=localhost[127.0.0.1]
Dec 27 09:20:34 ucs-4590 postfix/cleanup[27110]: 3F0D8E85569: message-id=<kcis.1C5B7D63805E4D428A026FB4C6EDC87E<at>ucs-4590>
Dec 27 09:20:34 ucs-4590 postfix/smtpd[27114]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 quit=1 commands=6
Dec 27 09:20:34 ucs-4590 postfix/qmgr[20017]: 3F0D8E85569: from=<sanjay.wadhwa<at>h1.intranet>, size=3389, nrcpt=1 (queue active)
Dec 27 09:20:34 ucs-4590 amavis[4584]: (04584-01) Passed CLEAN {RelayedOutbound}, LOCAL [127.0.0.1]:45214 <sanjay.wadhwa<at>h1.intranet> -> <sanjayw<at>gmail<dot>com>, Queue-ID: EAFE3E85508, Message-ID: <kcis.1C5B7D63805E4D428A026FB4C6EDC87E<at>ucs-4590>, mail_id: bdlTSxc3YJNA, Hits: -0.999, size: 2917, queued_as: 3F0D8E85569, 286 ms
Dec 27 09:20:34 ucs-4590 postfix/smtp[27111]: EAFE3E85508: to=<sanjayw<at>gmail<dot>com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.34, delays=0.04/0.01/0/0.29, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3F0D8E85569)
Dec 27 09:20:34 ucs-4590 postfix/qmgr[20017]: EAFE3E85508: removed
Dec 27 09:20:34 ucs-4590 postfix/smtp[27115]: warning: database /etc/postfix/tls_policy.db is older than source file /etc/postfix/tls_policy
Dec 27 09:20:34 ucs-4590 postfix/smtp[27115]: SMTPS wrappermode (TCP port 465) requires setting "smtp_tls_wrappermode = yes", and "smtp_tls_security_level = encrypt" (or stronger)
postfix main.cf
root@ucs-4590:/var/log# cat /etc/postfix/main.cf
# Warning: This file is auto-generated and might be overwritten by
# univention-config-registry.
# Please edit the following file(s) instead:
# Warnung: Diese Datei wurde automatisch generiert und kann durch
# univention-config-registry ueberschrieben werden.
# Bitte bearbeiten Sie an Stelle dessen die folgende(n) Datei(en):
#
# /etc/univention/templates/files/etc/postfix/main.cf.d/10_general
# /etc/univention/templates/files/etc/postfix/main.cf.d/30_maps
# /etc/univention/templates/files/etc/postfix/main.cf.d/40_postscreen
# /etc/univention/templates/files/etc/postfix/main.cf.d/50_restrictions
# /etc/univention/templates/files/etc/postfix/main.cf.d/60_tls
# /etc/univention/templates/files/etc/postfix/main.cf.d/80_delivery
# /etc/univention/templates/files/etc/postfix/main.cf.d/99_local
#
# The message_size_limit parameter limits the total size in bytes of
# a message, including envelope information. Default is 10240000
message_size_limit = 10240000
# mailbox_size_limit limits the max. size of local mailboxes. Default is 51200000
# mailbox_size_limit = 51200000
# some basic path definitions
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
# some basic mail system settings
myhostname = ucs-4590.h1.intranet
# mydomain is unset - The default is to use $myhostname minus the first component.
myorigin = ucs-4590.h1.intranet
smtp_helo_name = tmsofwilmington.com
append_dot_mydomain = no
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
masquerade_domains = $mydomain
masquerade_exceptions = root
transport_maps = hash:/etc/postfix/transport
relay_domains = $mydestination
# we need to name a smtp relay host to which we forward non-local
# mails. smtp authentication is also possible.
relayhost = [mail<dot>tmsofwilmington<dot>com]:465
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
disable_vrfy_command = no
# banner
smtputf8_enable = no
local_header_rewrite_clients =
virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/virtual,
ldap:/etc/postfix/ldap.groups,
ldap:/etc/postfix/ldap.distlist,
ldap:/etc/postfix/ldap.virtual,
ldap:/etc/postfix/ldap.external_aliases,
ldap:/etc/postfix/ldap.sharedfolderremote,
ldap:/etc/postfix/ldap.sharedfolderlocal_aliases
virtual_mailbox_domains = ldap:/etc/postfix/ldap.virtualdomains
virtual_mailbox_maps = ldap:/etc/postfix/ldap.virtual_mailbox,
ldap:/etc/postfix/ldap.sharedfolderlocal
virtual_transport = lmtp:127.0.0.1:2003
canonical_maps = hash:/etc/postfix/canonical
relocated_maps = hash:/etc/postfix/relocated
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# postscreen settings
postscreen_dnsbl_action = enforce
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_sites =
postscreen_helo_required = no
postscreen_greet_action = drop
postscreen_greet_ttl = 1d
postscreen_non_smtp_command_enable = no
postscreen_non_smtp_command_action = ignore
postscreen_bare_newline_enable = no
postscreen_bare_newline_action = ignore
postscreen_blacklist_action = ignore
postscreen_access_list = permit_mynetworks
cidr:/etc/postfix/postscreen_access.cidr
# smtpd_sender_restrictions is not defined since all relevant checks have been moved to
# smtpd_recipient_restrictions (see below) and every mail has to pass smtpd_recipient_restrictions too.
#smtpd_sender_restrictions =
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient
# special recipient_restrictions which may be used by smtps/submission services
# (can be configured via UCR: mail/postfix/submission/restrictions/recipient/...)
# submission_recipient_restrictions =
#TLS settings
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
#smtp_tls_wrappermode = yes
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols =
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_cert_file = /etc/univention/ssl/ucs-4590.h1.intranet/cert.pem
smtpd_tls_key_file = /etc/univention/ssl/ucs-4590.h1.intranet/private.key
smtpd_tls_received_header = no
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
# smtp client
smtp_tls_security_level = encrypt
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
# Support broken clients like Microsoft Outlook Express 4.x which expect AUTH=LOGIN instead of AUTH LOGIN
broken_sasl_auth_clients = yes
# tls logging
smtp_tls_loglevel = 0
smtpd_tls_loglevel = 6
# EDH config
smtpd_tls_dh1024_param_file = /etc/postfix/dh_2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
# use the Postfix SMTP server's cipher preference order instead of the remote client's cipher preference order.
tls_preempt_cipherlist = yes
# The Postfix SMTP server security grade for ephemeral elliptic-curve Diffie-Hellman (EECDH) key exchange
smtpd_tls_eecdh_grade = strong
# if virus scanning is desired, all mails can be redirected through amavis.
content_filter = smtp-amavis:[127.0.0.1]:10024
I have another system running Zarafa with Postfix 2.6.6 connecting to the same email hosting co where I use stunnel for ssl, and the main.cf file is:
# require helo
smtpd_delay_reject = yes
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
myorigin = /etc/mailname
myhostname = hm
mydestination = $myorigin,$myhostname,localhost,localhost.$mydomain
smtp_helo_name = hm
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
relayhost = localhost:11125
transport_maps = hash:/etc/postfix/transport
local_recipient_maps =
fax_destination_recipient_limit = 1
zarafa_destination_recipient_limit = 1
smtp_tls_security_level = may
smtp_tls_key_file = /etc/postfix/sasl/postfix.pem
smtp_tls_cert_file = /etc/postfix/sasl/postfix.pem
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
mynetworks = 127.0.0.0/8 192.168.4.0/24
message_size_limit = 0
mailbox_size_limit = 0
virtual_mailbox_limit = 0
recipient_delimiter = +
inet_interfaces = all
# Virtual Aliases
virtual_alias_maps = ldap:valiases
valiases_server_host = 127.0.0.1
valiases_search_base = ou=mailalias,ou=postfix,dc=hm
valiases_query_filter = (&(mail=%s)(objectClass=CourierMailAlias))
valiases_result_attribute = maildrop
aliases_bind = no
# Virtual Domains
dovecot_destination_recipient_limit = 1
virtual_transport = transport_maps
#virtual_transport = dovecot
#virtual_transport = virtual
virtual_mailbox_base = /var/vmail/
virtual_mailbox_maps= ldap:ldapvirtualmap
ldapvirtualmap_server_host = 127.0.0.1:389
ldapvirtualmap_bind = no
ldapvirtualmap_search_base = ou=Users,dc=hm
ldapvirtualmap_query_filter = (&(mail=%s)(!(quota=-1))(objectClass=CourierMailAccount))
ldapvirtualmap_result_attribute = mailbox
virtual_mailbox_domains = ldap:vmaildomains
vmaildomains_server_host = 127.0.0.1
vmaildomains_bind = no
vmaildomains_search_base = ou=postfix,dc=hm
vmaildomains_query_filter = (|(&(objectclass=domain)(domainComponent=%s))(&(objectclass=CourierMailAlias)(mail=@%s)))
vmaildomains_result_attribute = dc, maildrop
virtual_minimum_uid = 100
virtual_uid_maps = static:108
virtual_gid_maps = static:115
## TLS/SSL
smtpd_use_tls = yes
smtpd_tls_note_starttls = yes
smtpd_tls_key_file = /etc/postfix/sasl/postfix.pem
smtpd_tls_cert_file = /etc/postfix/sasl/postfix.pem
smtpd_tls_loglevel = 1
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access pcre:/etc/postfix/helo_checks.pcre
#SASL authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = $myorigin
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
data_directory = /var/lib/postfix
Please advise on the needed changes to UCR parameters.
Thanks for your help.