Spooler unable to connect to SMTP
-
Firewall?
runuser -u kopano -- telnet ::1 25
-
the runuser command you gave didn’t succeed - the telnet session is never established.
Scanning the server from the LAN yields the following:PORT STATE SERVICE 22/tcp open ssh 25/tcp filtered smtp 80/tcp open http 110/tcp open pop3 143/tcp open imap 443/tcp open https 465/tcp open smtps 587/tcp open submission 2003/tcp open finger 8080/tcp open http-proxy 9090/tcp open zeus-admin
Port 9090 is used by cockpit.
netstat -tulpen | grep 25
on the server shows this:
tcp 3 0 0.0.0.0:587 0.0.0.0:* LISTEN 0 155156 25893/master tcp 3 0 0.0.0.0:465 0.0.0.0:* LISTEN 0 155162 25893/master tcp 101 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 155150 25893/master tcp6 0 0 :::587 :::* LISTEN 0 155157 25893/master tcp6 0 0 :::465 :::* LISTEN 0 155163 25893/master tcp6 101 0 :::25 :::* LISTEN 0 155151 25893/master
The PID is a child of ‘service postfix@- start’
● postfix@-.service - Postfix Mail Transport Agent (instance -) Loaded: loaded (/lib/systemd/system/postfix@.service; enabled-runtime; vendor preset: enabled) Active: active (running) since Tue 2019-12-10 21:59:52 CET; 5 days ago Docs: man:postfix(1) Tasks: 4 (limit: 4915) Memory: 17.4M CGroup: /system.slice/system-postfix.slice/postfix@-.service ├─ 3035 pickup -l -t unix -u -c ├─ 5095 proxymap -t unix -u ├─25893 /usr/lib/postfix/sbin/master -w └─25895 qmgr -l -t unix -u
The log excerpt from ‘service postfix@- status’ reads:
Dez 16 16:24:38 mail postfix/smtps/smtpd[5295]: fatal: open dictionary: expecting "type:name" form instead of "#" Dez 16 16:24:38 mail postfix/submission/smtpd[5294]: fatal: open dictionary: expecting "type:name" form instead of "#" Dez 16 16:24:39 mail postfix/master[25893]: warning: process /usr/lib/postfix/sbin/cleanup pid 5292 exit status 1 Dez 16 16:24:39 mail postfix/master[25893]: warning: /usr/lib/postfix/sbin/cleanup: bad command startup -- throttling Dez 16 16:24:39 mail postfix/master[25893]: warning: process /usr/lib/postfix/sbin/smtpd pid 5293 exit status 1 Dez 16 16:24:39 mail postfix/master[25893]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling Dez 16 16:24:39 mail postfix/master[25893]: warning: process /usr/lib/postfix/sbin/smtpd pid 5295 exit status 1 Dez 16 16:24:39 mail postfix/master[25893]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling Dez 16 16:24:39 mail postfix/master[25893]: warning: process /usr/lib/postfix/sbin/smtpd pid 5294 exit status 1 Dez 16 16:24:39 mail postfix/master[25893]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
Any ideas?
-
Oh, and according to the output ‘iptables -L’ I think the firewall is not to blame:
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- anywhere anywhere DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:9980 Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-ISOLATION-STAGE-2 (1 references) target prot opt source destination DROP all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- anywhere anywhere
-
@Miyamoto72 said in Spooler unable to connect to SMTP:
the runuser command you gave didn’t succeed - the telnet session is never established.
Scanning the server from the LAN yields the following:PORT STATE SERVICE 22/tcp open ssh 25/tcp filtered smtp 80/tcp open http 110/tcp open pop3 143/tcp open imap 443/tcp open https 465/tcp open smtps 587/tcp open submission 2003/tcp open finger 8080/tcp open http-proxy 9090/tcp open zeus-admin
So there is your answer. if neither telnet nor nmap can connect, how could kopano …
-
Yeah, right - but what’s the problem here, how can I solve it?
-
Disable the firewall and test.
-
@Miyamoto72 said in Spooler unable to connect to SMTP:
fatal: open dictionary: expecting “type:name” form instead of “#”
This looks like a config error, post the master.cf and main.cf
This has nothing todo with kopano.Your postfix mappings are not correct.
Dez 16 16:24:38 mail postfix/smtps/smtpd[5295]: fatal: open dictionary: expecting "type:name" form instead of "#" Dez 16 16:24:38 mail postfix/submission/smtpd[5294]: fatal: open dictionary: expecting "type:name" form instead of "#"
And this clearly shows it, due too these above errors postfix not starting fully.
I suggest, compair your settings with these, to give you the idea whats wrong.
### virtual alias mailbox transport virtual_alias_maps = mysql:/etc/postfix/mysql/mysql-users.cf, hash:/etc/postfix/virtual-kopano.map, virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql-users.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql-domains.cf virtual_transport = lmtp:127.0.0.1:2003
And you want to see this when you check postfix.
sudo systemctl status postfix ● postfix.service - Postfix Mail Transport Agent Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/postfix.service.d └─override.conf Active: active (exited) since Fri 2019-11-22 11:21:30 CET; 3 weeks 3 days ago Main PID: 1183 (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 4915) Memory: 0B CGroup: /system.slice/postfix.service
-
@WalterHof said in Spooler unable to connect to SMTP:
Disable the firewall and test.
There’s no firewall enabled. Except for docker rules iptables are empty AFAIUI
-
# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - y - - smtpd #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - y - - qmqpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache postlog unix-dgram n - n - 1 postlogd # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_security_level = verify smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1 smtpd_tls_mandatory_ciphers = medium tls_medium_cipherlist = AES128+EECDH:AES128+EDH # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = mail.fritz.box alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = mail.example.com, $myhostname, mail.fritz.box, localhost.fritz.box, localhost # relay mails via hosted.mailcow.de relayhost = [hosted.mailcow.de]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/relay smtp_sasl_security_options = noanonymous mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all ### RSpamD # # include rspamd via milter smtpd_milters = unix:/var/lib/rspamd/milter.sock # or for TCP socket #smtpd_milters = inet:localhost:11332 # rspamd: skip mail without checks if something goes wrong milter_default_action = accept #Kopano Custom virtual_alias_maps = hash:/etc/postfix/aliases # Aliase/Weiterleitungen für Postfächer virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf # Auslesen vorhandener Postfächer virtual_transport = lmtp:127.0.0.1:2003 # Weiterleiten der Mail an Dagent für die Zustellung an das Postfach virtual_mailbox_domains = example.org # Berechtigte Empfangs-Domains smtpd_recipient_restrictions = permit_mynetworks,reject_non_fqdn_recipient,reject_non_fqdn_hostname,reject_invalid_hostname,reject_non_fqdn_recipient,reject_non_fqdn_sender,reject_unauth_pipelining,reject_unverified_recipient
As far as I can see the kopano map you mentioned in your post is not in main.cf - but it doesn’t exist at all either. And virtual_mailbox_domains is given directly, not via a hashed table.
I know, main.cf is to be optimized in regards of crypto. But first I have to get stuff up and running.
For those who speak master.cf and main.cf fluently - any obvious error that could be fixed easily?
-
alias_maps = hash:/etc/aliases and virtual_alias_maps = hash:/etc/postfix/aliases
The format (content) of these to “alias” files are different, thats all.
I’m betting you copied the alias file, only the format in alias is diffent …
per example, from : http://www.postfix.org/VIRTUAL_README.html/etc/postfix/virtual: listname-request@example.com listname-request listname@example.com listname owner-listname@example.com owner-listname /etc/aliases: listname: "|/some/where/majordomo/wrapper ..." owner-listname: ... listname-request: ...
And i also recommend to rename the file to virtual-kopano
-
I’m sorry, you lost your bet ;-) - /etc/postfix/aliases actually is an empty file (that I postmapped, of course)
But thanks for clearing up the different formats and the suggestion to rename /etc/postfix/aliases to a kopano-related name.