Previous 1 2 Next 18 Replies Latest reply: Sep 10, 2012 5:32 PM by Rubi08
FlorianLeo Level 1 Level 1 (0 points)

Hello everybody,

since the Upgrade from 10.7 to 10.8 the mailservice isn't working like it used to. After the Upgrade Mail-Application on the Apple-Laptops show a green dot when verifying connectivity but the users can't send mails any more

 

 

Some interesting output from the CLI

macmini:/ admin$ sudo serveradmin start mail -d

Sending to mail

 

 

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

          <key>command</key>

          <string>setState</string>

          <key>state</key>

          <string>START</string>

</dict>

</plist>

 

 

2012-07-29 21:02:42.507 serveradmin[16849:a07] Error executing: postfix set-permissions: with error: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

2012-07-29 21:02:42.970 serveradmin[16849:a07] Error executing: postfix check: with error: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: virus_db_update_enabled=1

mail:state = "STARTING"

 

 

Not that I wouldn't understand the words - I can find the variable in the main.cf file - still, what does this message exactly mean?

 

Shell this variable be set to a different value? What are the values?

Shell this variable be removed?

 

I wonder if this would solve the issue of not being able to use the SMTP via Mail-Application any more.....

 

Please, somebody who knows what to do, would you mind and help me out?


OS 10.6 and 10.7
  • FlorianLeo Level 1 Level 1 (0 points)

    I was able to solve the issue myself

     

    I spent some time figuring out what is written in the file:

    /Library/Server/Mail/Config/postfix/main.cf

     

    and took a closer look to the directories:

    • /Library/Server/Mail/Config/postfix
    • /private/etc/postfix.

     

     

     

    And then I saw that something was different and so I edited the main.cf in the following ways:

     

    change:

    smtpd_client_restrictions = hash:/etc/postfix/smtpdreject cidr:/etc/postfix/smtpdreject.cidr permit_mynetworks

    to:

    smtpd_client_restrictions = hash:/Library/Server/Mail/Config/postfix/smtpdreject cidr:/Library/Server/Mail/Config/postfix/smtpdreject.cidr permit_mynetworks

     

    change:

    alias_maps = hash:/etc/postfix/aliases

    to:

    alias_maps = hash:/Library/Server/Mail/Config/postfix/aliases

     

    remove (because there's no such file):

    virtual_alias_maps = $virtual_map

    add:

    virtual_alias_domains = hash:/Library/Server/Mail/Config/postfix/virtual_domains

     

     

    I hope this will help others, too.

  • Stefan R Level 1 Level 1 (15 points)

    Did you make the changes in both instans of main.cf (/etc/postfix/main.ch and /Library/Server/Ma... ...fix/mail.cf?

     

    I have been working on this for three days. It *****!

     

    Thanks for your inputs :-)

  • Stefan R Level 1 Level 1 (15 points)

    I have tried it but it doesn't work. I have also tried to synchronize (manually) the two instanses of main.cf so that they have the same parameters and values.

     

    So I learn while I'm testing everything: What is hash: and cidr: ? It is paths to databases etc but what differs from just starting with /Library...and so on?

  • FlorianLeo Level 1 Level 1 (0 points)

    Hello Stefan,

     

     

    no I didn't. I edited only the main.cf in /Library/Server/Mail/Config/postfix/ - and miraciously the main.cf in /private/etc/postfix/ was updated, too!

     

     

    The thing was: I examined all the paths in the main.cf after I stumbled over a message in one of the discussions stating that all server-related files have now moved to the /Library/Server/ directory. Then I saw in the main.cf that some paths where still pointing to the /private/etc/postfix/ directory while others pointed to the /Library/Server/Mail/Config/postfix directory?! I also looked at the logs and entered "postfix" as filter. There I saw postfix complaining that an aliases database was missing. The path was in the main.cf, the file though wasn't in the directory, yet.

     

     

    I had to create the database. Again - I stumbled over 2 commands.

    https://discussions.apple.com/thread/4141996?start=15&tstart=0

    The newaliases didn't help at all - but postalises did its job and created the database - finally.

     

     

    From there it started to work.

     

     

    Resumé:

    • stop Mail with sudo serveradmin stop mail
    • verify that the main.cf in /Library/Server/Mail/Config/postfix has all paths pointing to the previous /etc/postfix (real path is /private/etc/postfix) redirected to /Library/Server/Mail/Config/postfix.
    • verify that the files the pointers are showing to exist in the directory, too.
    • start Mail with sudo serveradmin start mail
  • FlorianLeo Level 1 Level 1 (0 points)

    Hello Stefan,

     

    regarding your statement: "So I learn while I'm testing everything: What is hash: and cidr: ? It is paths to databases etc but what differs from just starting with /Library...and so on?"

     

    Take this URL for example:

    http://www.postfix.org/postconf.5.html

     

    Frome there I learned that it does matter what type the value of a variable actually is - and with hash:, cidr: and so on you instruct the postfix what format it has to expect that comes with the variable.

  • Stefan R Level 1 Level 1 (15 points)

    Hi again,

     

    Thanks for all info so far. But I'm sure it is just like my cat, perfectly understand what I want but... no...

     

     

    I have instered what you have stated ealier in this discussion and compared master.cf and main.cf with my 10.7.4 server, which works. No... have exactly the same settings as my older server it still doesn't send outgoind mails.

     

    Status:

    - Email accounts works using IMAP/POP √

    - Incoming emails are recieved and distributed by the server √

    - Sending email to accounts handled by the server works √

    - Sending outgoind emails to the rest of the world... (acts like my cat in the chower)

     

    Sending outgoing emails are show in the SMTP log as follows:

    #(web-in.com is my server domain)

    #(mericor.eu is one of the alias domain to web-in.com, i.e my business account)

    #(snormunk@me.com is my personal testing and messing around account)

     

    Aug  7 13:15:09 web-in.com postfix/smtpd[87729]: connect from 78-72-69-7-no33.tbcn.telia.com[78.72.69.7]

    Aug  7 13:15:09 web-in.com postfix/smtpd[87729]: NOQUEUE: reject: RCPT from 78-72-69-7-no33.tbcn.telia.com[78.72.69.7]: 554 5.7.1 <snormunk@me.com>: Relay access denied; from=<stefan.rundgren@mericor.eu> to=<snormunk@me.com> proto=ESMTP helo=<[192.168.1.24]>

    Aug  7 13:15:09 web-in.com postfix/smtpd[87729]: disconnect from 78-72-69-7-no33.tbcn.telia.com[78.72.69.7]

     

    Any idea?

     

    Since my computer/my account is allowed sending to other accounts and any of the alias domain on the same server, it can't be that my account is not authorized. So... is this a denial by the ISP's SMTP server (relay server) or my own server? Or... is my account not allowed to send outgoing messages?

     

    I will make some more test and then post my settings in main.cf and if you have time please comment on those, if you can see any error etc.

  • Stefan R Level 1 Level 1 (15 points)

    I can't find smtpdreject in any folder on my server.

     

    Do you know how to create them?

  • FlorianLeo Level 1 Level 1 (0 points)

    Hello Stefan,

     

    what I can see from your output is that postfix is accepting emails from other MTAs (MTA = Mail Transport Agent) BUT it denies relaying emails. There's a difference between accepting and relaying.

     

    Accepting:

    another MTA has a message for the domain your MTA (=postfix) has the authority. Your MTA then verifies that it has a valid account (=the recipients address) and accepts the email, passes it to the MDA (Mail Delivery Agent) which will store physicly the email where it is supposed to go to.

     

    Relaying:

    on your computer you run a of software that helps you doing email = MUA (Mail User Agent), which will contact the configured MTA in the case you want to send an email. Your MUA will then ask your MTA to forward, or relay, the email for you = your MUA.

     

    I hope you can see the difference - the latter is what postfix is denying you to do. Why? Maybe credentials are incorrect? Maybe you have some sort of access-list accidentially activated that denies generally relaying from some IP-addresses - yes this is possible!? Maybe the method of authentication is wrong - or wrong configured - or not configured at all?

     

    You need to figure out why postfix is not relaying messages.

     

    Some source of info:

    http://www.postfix.org/start.html

    Books:

    http://shop.oreilly.com/product/9780596002121.do

  • FlorianLeo Level 1 Level 1 (0 points)

    Hello Stefan,

     

    a segment from http://www.postfix.org/SMTPD_ACCESS_README.html will maybe help?

    Bildschirmfoto 2012-08-07 um 14.30.29.png

    I think this is spot for you begin your research.

  • FlorianLeo Level 1 Level 1 (0 points)

    Hello Stefan,

     

    this might help you, too? Since the log shows a "554" error-code

     

    Bildschirmfoto 2012-08-07 um 14.57.06.png

    this info comes from:  http://www.postfix.org/RESTRICTION_CLASS_README.html

  • Stefan R Level 1 Level 1 (15 points)

    Again thanx everyone for assisting me.

     

    The error is possibly stairing me stright in the face but I can't find it.

     

    I still thinking my problem could have something to with my ISP (or not). They are demanding a "relayhost = mailout.telia.com" port 465 SSL. I guess this could be a problem since port 465 is no longer used accodring to since sites. I found that it can be re-activated by unhashing a few lines in master.cf. Could this cause my problem?

     

    So far I have a main.cf looking like this:

    mydomain_fallback = localhost

    message_size_limit = 0

    biff = no

    mynetworks = 192.168.1.0/24 127.0.0.0/8

    config_directory = /Library/Server/Mail/Config/postfix

    smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.org permit

    #smtpd_client_restrictions = hash:/Library/Server/Mail/Config/postfix/smtpdreject cidr:/Library/Server/Mail/Config/postfix/smtpdreject.cidr permit_mynetworks

    recipient_delimiter = +

    smtpd_tls_ciphers = medium

    inet_protocols = all

    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

    recipient_canonical_maps = hash:/Library/Server/Mail/Config/postfix/system_user_maps

    smtpd_use_pw_server = yes

    smtpd_sasl_auth_enable = yes

    content_filter =

    inet_interfaces = all

    smtpd_helo_required = yes

    smtpd_pw_server_security_options = cram-md5,gssapi,login,plain,digest-md5

    header_checks = pcre:/Library/Server/Mail/Config/postfix/custom_header_checks

    smtpd_tls_CAfile = /etc/certificates/server.web-in.com.250139B6935FC0DF03032BF950E1189EC80F5725.ch ain.pem

    smtpd_helo_restrictions = reject_non_fqdn_helo_hostname reject_invalid_helo_hostname

    relayhost = mailout.telia.com

    smtpd_recipient_restrictions = reject_unauth_destination permit

    #_sasl_authenticated permit_mynetworks reject_unauth_destination check_policy_service unix:private/policy permit

    smtpd_enforce_tls = no

    smtpd_use_tls = yes

    enable_server_options = yes

    smtpd_tls_key_file = /etc/certificates/server.web-in.com.250139B6935FC0DF03032BF950E1189EC80F5725.ke y.pem

    smtpd_tls_cert_file = /etc/certificates/server.web-in.com.250139B6935FC0DF03032BF950E1189EC80F5725.ce rt.pem

    mydomain = web-in.com

    virtual_alias_maps = $virtual_maps hash:/Library/Server/Mail/Config/postfix/virtual_users

    mailbox_transport = dovecot

    postscreen_dnsbl_sites = zen.spamhaus.org*2

    maps_rbl_domains =

    myhostname = mail.web-in.com

    virus_db_update_enabled = 1

    virtual_alias_domains = hash:/Library/Server/Mail/Config/postfix/virtual_domains

    owner_request_special = no

    alias_maps = hash:/Library/Server/Mail/Config/postfix/aliases

    alias_database = hash:/Library/Server/Mail/Config/postfix/aliases.db

    smtpd_sasl_local_domain = web-in.com

    smtpd_tls_loglevel = 0

     

    Question: Some smtpd_[settings] end the line with "permit". Why? According to Postfix you can have either "reject" or ""defer" or [nothing]. Is "permit" by itself correct?

  • Stefan R Level 1 Level 1 (15 points)

    Of course there is more in the main.cf file than what I have attached above, but that is standard and not in need to be modified.

  • FlorianLeo Level 1 Level 1 (0 points)

    Hello Stefan,

     

    I can see the file smtpdreject in the /Library/Server/Mail/Config/postfix directroy only - and its basically empty.

     

    Bildschirmfoto 2012-08-07 um 15.59.47.png

    However from this file the binaries with .db and .cidr are created - usually with the GUI Serveradmin Tool. Since this is no longer available maybe this works with the CLI serveradmin (with sudo permissions), too? Give it a try.

     

    You can create this file with editors like nano or vi besides a comand like touch. Fill it with the exact same letters as you can see from the print screen here?! If you the use sudo serveradmin stop mail followed by sudo serveradmin start mail this may create the .db and .cidr?

  • FlorianLeo Level 1 Level 1 (0 points)

    Hello Stefan,

     

    another comand I just found:

     

    postmap creates databases How about that?!

     

    Try: sudo postmap /Library/Server/Mail/Config/postfix/smtpdreject after you've created the smtpdreject-file?

Previous 1 2 Next