DevHeads.net

I've done something that's causing email to be thrown away.

Hi,

I've been running postfix under SuSE now for several years. I keep
up to date with SuSE by every now and then moving everything across
to a newly installed machine (git repository for config, and rsync
for data). This time something has gone wrong which prevents
fetchmail sending to postfix. In the logs I see:

fetchmail: reading message ... at dsl dot pipex. ... at pop dot dsl.pipex.com:1 of 1
(2319 octets) (log message incomplete)fetchmail: SMTP error: 554 5.7.1
<paul@localhost>: Recipient address rejected: Access denied

Locally "mail paul" and "mail paul@localhost" works, which I guess goes
via postfix's sendmail command, so I guess it's a problem with local
smtp. I don't understand what has changed. My config from the previous
machine reapplied without problem.

Attached is main.cf and master.cf in case that helps.

Hope someone can help. I'm at a loss.

Cheers,
Paul.

Comments

Re: I've done something that's causing email to be thrown away.

By Brian Evans - P... at 03/18/2009 - 21:35

First, you seem to have missed the welcome message:
TO REPORT A PROBLEM SEE: <a href="http://www.postfix.org/DEBUG_README.html#mail" title="http://www.postfix.org/DEBUG_README.html#mail">http://www.postfix.org/DEBUG_README.html#mail</a>

You post a fetchmail log entry, but no Postfix ones.
A bit more clarification of what Postfix is doing may help us help you.

Your master.cf does not seem to have a reentry point for a before-queue
filter either.

Brian

Re: I've done something that's causing email to be thrown away.

By Paul Gardiner at 03/18/2009 - 21:35

Oh, yes I did. Sorry. I was in such a hurry. I hadn't realised quite how
much I rely on all this working flawlessly, as it has for years, until
this recent misconfiguration I must have done. Thanks for responding
so quickly.

Ah right. I have a simpler test without using fetchmail now (
I've substituted host.domain for the from address). if I issue:

echo Test at `date` | from=" ... at host dot domain" smtp="localhost"
mailx -s "Test at `date`" paul@localhost

then I get back:

smtp-server: 554 5.7.1 <paul@localhost>: Recipient address rejected:
Access denied

And in the postfix logs, I see:

Feb 5 15:12:34 glidos postfix/smtpd[15222]: connect from localhost[::1]
Feb 5 15:12:34 glidos postfix/smtpd[15222]: NOQUEUE: reject: RCPT from
localhost[::1]: 554 5.7.1 <paul@localhost>: Recipient address rejected:
Access denied; from=< ... at host dot domain> to=<paul@localhost> proto=SMTP
helo=<glidos.site>
Feb 5 15:12:34 glidos postfix/smtpd[15222]: lost connection after RCPT
from localhost[::1]
Feb 5 15:12:34 glidos postfix/smtpd[15222]: disconnect from localhost[::1]

The before-queue filtering seems to be working: mail that comes direct,
rather than via fetchmail, is getting through ok and being scanned. And
the received messages show two headers mentioning smtp.glidos.net. I
think I have something configured in main.cf so that the first smtp
listens only on 10.0.0.5. The second one explicitly is written
localhost:smtp, so they don't conflict... or maybe I've mistunderstood
what you've pointed out. The filter listens on localhost:10025 and
outputs on localhost:25. This lets me use localhost:25 internally to
skip the filter.

Cheers,
Paul.

Re: I've done something that's causing email to be thrown away.

By Paul Gardiner at 03/18/2009 - 21:35

Apologies again for contacting the list when I hadn't exhausted my own
tests. Thing was, when I sent the first message, I was completely at
a loss.

I think I might be close to finding the cause. If I do the same test on
my old working system, there is no rejection and the "RCPT from" message
shows localhost[127.0.0.1] in place of localhost[::1]. My master.cf
entry for the after-filter smtp server has mynetworks=127.0.0.0/8. I
don't know enough about postfix to work out what effect that would
have and exactly what I should change, but that's looking like it
could be related to the problem.

Has postfix just recently been updated to use IPv6 when present?

Cheers,
Paul.

Re: I've done something that's causing email to be thrown away.

By Brian Evans - P... at 03/18/2009 - 21:35

From <a href="http://www.postfix.org/IPV6_README.html:" title="http://www.postfix.org/IPV6_README.html:">http://www.postfix.org/IPV6_README.html:</a>
The first new parameter is called inet_protocols. This specifies what
protocols Postfix will use when it makes or accepts network connections,
and also controls what DNS lookups Postfix will use when it makes
network connections.

/etc/postfix/main.cf:
# You must stop/start Postfix after changing this parameter.
inet_protocols = ipv4 (DEFAULT: enable IPv4 only)
inet_protocols = all (enable IPv4, and IPv6 if supported)
inet_protocols = ipv4, ipv6 (enable both IPv4 and IPv6)
inet_protocols = ipv6 (enable IPv6 only)

By default, Postfix uses IPv4 only, because most systems aren't attached
to an IPv6 network.

Brian

Re: I've done something that's causing email to be thrown away.

By Paul Gardiner at 03/18/2009 - 21:35

Phew! All working again. Thanks so much Brian. Setting
inet-protocols = ipv4 made my mailx test work, but fetchmail then
starting failing with:

fetchmail: reading message ... at host dot domain:1 of 1 (2428 octets) (log
message incomplete)fetchmail: connection to localhost:smtp [::1/25]
failed: Connection refused.

It looks like I've had postfix set up this way since I first used it.
I think fetchmail must have changed. Anyway, I disabled IPv6 completely
and deleted stray IPv6 entries from /etc/hosts, and now all is well
again. (It may be that on past installs of SuSE, I have deleted the
IPv6 entries from /etc/hosts, and I just didn't this time).

Great support. I wish it was like this with things I've paid for.

Cheers,
Paul.

Re: I've done something that's causing email to be thrown away.

By mouss at 03/18/2009 - 21:35

Paul Gardiner a écrit :

in your fetchmailrc, set

smtphost 127.0.0.1/25

so that fetchmail connects to 127.0.0.1 instead of ::1 (which is
probably obtained by resolving localhost).

Re: I've done something that's causing email to be thrown away.

By Brian Evans - P... at 03/18/2009 - 21:35

Note the IPv6 connect and usage.

mynetworks only has IPv4, so reject.

Brian

Re: I've done something that's causing email to be thrown away.

By Paul Gardiner at 03/18/2009 - 21:35

And in a hurry again, I forgot the output of postconf -n... attached.

Cheers,
Paul.

Re: I've done something that's causing email to be thrown away.

By Paul Gardiner at 03/18/2009 - 21:35

I've just had one thought as to one thing that may be contributing to
this. I'm using a before-queue content filter. The setting up, in
master.cf, of the second smtp server in the chain requires several
options to be set to "". I wonder if there are some new options that
have appeared recently to postfix that need similar treatment?

Cheers,
Paul.