6 Replies Latest reply: Oct 1, 2013 1:51 PM by Israel Brewster
Firebox7 Level 1 Level 1 (0 points)

Evening all,

 

Having a few problems after changing the TLS config on 10.8.2 Server:

 

After changing the smtp_tls_security_level from = may to = encrypt to try to force TLS when sending to specific domains - Postfix now will not start and I'm getting the following error in the logs:

 

postfix/master[2953]: fatal: bind: private/smtp: Permission denied

 

I backed up my main.cf before any changes but even when I restore the pre "encrypt" version, I get the same error.

 

Any help would be much appreciated!

 

postconf -n ...

 

biff = no

command_directory = /usr/sbin

config_directory = /Library/Server/Mail/Config/postfix

daemon_directory = /usr/libexec/postfix

data_directory = /Library/Server/Mail/Data/mta

debug_peer_level = 2

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5

dovecot_destination_recipient_limit = 1

html_directory = /usr/share/doc/postfix/html

imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred

inet_interfaces = loopback-only

inet_protocols = all

mail_owner = _postfix

mailbox_size_limit = 0

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

message_size_limit = 10485760

mydomain_fallback = localhost

mynetworks = 127.0.0.0/8, [::1]/128

newaliases_path = /usr/bin/newaliases

queue_directory = /Volumes/DataHD/Services/Data/spool

readme_directory = /usr/share/doc/postfix

recipient_delimiter = +

sample_directory = /usr/share/doc/postfix/examples

sendmail_path = /usr/sbin/sendmail

setgid_group = _postdrop

smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit

smtpd_tls_ciphers = medium

smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL

tls_random_source = dev:/dev/urandom

unknown_local_recipient_reject_code = 550

use_sacl_cache = yes

 

Thanks,

 

Paul.


OS X Mountain Lion (10.8.2)
  • Firebox7 Level 1 Level 1 (0 points)

    A little update... After the last 4 hours trying to figue this out I'm really stumped now!

     

    The only thing I could find was a dodgy queue_directory path from pre 10.8 migration from months ago (which appeared to be a valid path from / anyway, which is odd and must have been where it was working from until today). Also added local trusted subnet (*hidden* from below).

     

    I've been over permissions manually, run postfix set_permissions, tried the link here:

     

    http://blog.deversus.com/2012/07/fix-for-postfix-in-mac-os-x-10-8-mountain-lion/

     

    Nothing seems to make a difference... Amongst other things, including exhausing searches of google / forums!

     

    I have backups of main.cf from both /etc/postfix and /Lbrary/Server/Mail/Config/postfix doesn't seem to make a difference which I use as it seems that postfix is failing before any of that config makes any difference at all.

     

    An updated postconf -n in case I'm missing something, which I obviously am!:

     

    biff = no

    command_directory = /usr/sbin

    config_directory = /Library/Server/Mail/Config/postfix

    daemon_directory = /usr/libexec/postfix

    data_directory = /Library/Server/Mail/Data/mta

    debug_peer_level = 2

    debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5

    dovecot_destination_recipient_limit = 1

    html_directory = /usr/share/doc/postfix/html

    imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred

    inet_interfaces = all

    inet_protocols = all

    mail_owner = _postfix

    mailbox_size_limit = 0

    mailq_path = /usr/bin/mailq

    manpage_directory = /usr/share/man

    message_size_limit = 10485760

    mydomain_fallback = localhost

    mynetworks = 127.0.0.0/8, 192.168.*hidden*.0/24

    newaliases_path = /usr/bin/newaliases

    queue_directory = /Library/Server/Mail/Data/spool

    readme_directory = /usr/share/doc/postfix

    recipient_delimiter = +

    sample_directory = /usr/share/doc/postfix/examples

    sendmail_path = /usr/sbin/sendmail

    setgid_group = _postdrop

    smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit

    smtpd_tls_ciphers = medium

    smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL

    tls_random_source = dev:/dev/urandom

    unknown_local_recipient_reject_code = 550

    use_sacl_cache = yes

  • Linc Davis Level 10 Level 10 (169,365 points)

    What else from postfix is in the log before the above message?

  • Firebox7 Level 1 Level 1 (0 points)

    Thanks for the reply, that seems to be the first message, I have SMTP set to debug.

     

    Feb  6 08:27:11 mail.*.com postfix/master[7241]: fatal: bind: private/smtp: Permission denied

    Feb  6 08:27:12 mail com.apple.launchd[1] (org.postfix.master[7241]): Exited with code: 1

    Feb  6 08:27:12 mail com.apple.launchd[1] (org.postfix.master): Throttling respawn: Will start in 9 seconds

    Feb  6 08:27:21 mail.*.com postfix/master[7242]: fatal: bind: private/smtp: Permission denied

    Feb  6 08:27:22 mail com.apple.launchd[1] (org.postfix.master[7242]): Exited with code: 1

    Feb  6 08:27:22 mail com.apple.launchd[1] (org.postfix.master): Throttling respawn: Will start in 9 seconds

     

    Thanks, Paul.

  • Linc Davis Level 10 Level 10 (169,365 points)

    Please post the output of

     

    postconf -c /Library/Server/Mail/Config/postfix -n

  • Firebox7 Level 1 Level 1 (0 points)

    Thanks Linc, but all sort now.

     

    Alex from Topicdesk provided a sterling service this morning and had us all back up and running within an hour!

     

    Without time to properly diagnose what went wrong, it looks like some bad syntax in the main.cf input as a mistake, possibly even an invisible character that was preventing postfix from starting up.

     

    Thankfully, I run a clone of the system nightly as so he was able to restore good working copies of the config files, get postfix up and running, confirm SSL/TLS config and make some nice little amendments to both postfix and dovecot configurations - all with great comms and effeciency!

     

    Thanks,

     

    Paul.

  • Israel Brewster Level 1 Level 1 (15 points)

    Sorry to resurect a dead thread, but I'm having the same issue. In my case it occured immediately after upgrading to server version 2.2.2 on Mac OS X 10.8. At that point, I started getting repeated postfix/master[2953]: fatal: bind: private/smtp: Permission denied errors in my log, and mail stopped working. While I have backups of the configs (and would even be willing to start from scratch), nothing I have tried in the way of replacing config files has worked. The output of postconf -c /Library/Server/Mail/Config/postfix -n is here:

     

    alias_maps = hash:/etc/aliases

    always_bcc =

    biff = no

    command_directory = /usr/sbin

    config_directory = /Library/Server/Mail/Config/postfix

    content_filter = smtp-amavis:[127.0.0.1]:10024

    daemon_directory = /usr/libexec/postfix

    data_directory = /Library/Server/Mail/Data/mta

    debug_peer_level = 2

    debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5

    dovecot_destination_recipient_limit = 1

    enable_server_options = yes

    header_checks =

    html_directory = /usr/share/doc/postfix/html

    imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred

    inet_interfaces = all

    inet_protocols = all

    local_recipient_maps = proxy:unix:passwd.byname $alias_maps

    mail_owner = _postfix

    mailbox_size_limit = 0

    mailbox_transport = dovecot

    mailq_path = /usr/bin/mailq

    manpage_directory = /usr/share/man

    message_size_limit = 10485760

    mydestination = $myhostname, localhost.$mydomain, localhost, frontierflying.com, approach.frontierflying.com, eraaviaton.com, $mydomain

    mydomain = eraalaska.net

    mydomain_fallback = localhost

    myhostname = approach.eraalaska.net

    mynetworks = 127.0.0.0/8,10.0.0.0/8,12.12.105.0/24

    newaliases_path = /usr/bin/newaliases

    postscreen_dnsbl_sites =

    queue_directory = /Volumes/Data/spool

    readme_directory = /usr/share/doc/postfix

    recipient_canonical_maps = hash:/Library/Server/Mail/Config/postfix/system_user_maps

    recipient_delimiter = +

    relayhost = foundry.frontierflying.com

    sample_directory = /usr/share/doc/postfix/examples

    sendmail_path = /usr/sbin/sendmail

    setgid_group = _postdrop

    smtp_sasl_auth_enable = no

    smtp_sasl_password_maps =

    smtp_tls_loglevel = 1

    smtpd_client_restrictions = permit_mynetworks,permit_sasl_authenticated,permit

    smtpd_enforce_tls = no

    smtpd_helo_required = no

    smtpd_helo_restrictions =

    smtpd_pw_server_security_options = cram-md5,login,plain

    smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination permit

    smtpd_sasl_auth_enable = yes

    smtpd_tls_CAfile = /etc/certificates/*.eraalaska.net.608D33EEB356031F788E5C09A542653D1F0FAF96.chai n.pem

    smtpd_tls_cert_file = /etc/certificates/*.eraalaska.net.608D33EEB356031F788E5C09A542653D1F0FAF96.cert .pem

    smtpd_tls_ciphers = medium

    smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL

    smtpd_tls_key_file = /etc/certificates/*.eraalaska.net.608D33EEB356031F788E5C09A542653D1F0FAF96.key. pem

    smtpd_tls_loglevel = 1

    smtpd_use_pw_server = yes

    smtpd_use_tls = yes

    tls_random_source = dev:/dev/urandom

    unknown_local_recipient_reject_code = 550

    use_sacl_cache = yes

    virtual_alias_domains = $virtual_alias_maps

    virtual_alias_maps = $virtual_maps hash:/Library/Server/Mail/Config/postfix/virtual_users