Ja
Server-Betriebssystem + Version
Debian 11
Eingesetzte Server-Virtualisierung-Technologie
KVM
KeyHelp-Version + Build-Nummer
23.2 (Build 3097)
Problembeschreibung / Fehlermeldungen
Nach Upgrade mit Upgrade Script tauchen die Fehlermeldungen aus dem Log auf und eingehende E-Mails werden nicht mehr zugestellt. Ausgehende E-Mails funktionieren noch. Absender bekommen auch keine Reject-Mail. Das Upgrade wurde mit dem Script gemacht.
Code: Select all
Oct 25 18:29:52 marge postfix/smtpd[28350]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient "income@email.com" from client "xx.foobar.com[XXX.XXX.XXX.XXX]"
Oct 25 18:29:52 marge postfix/spawn[28958]: warning: command /usr/bin/policyd-spf exit status 1
Oct 25 18:29:57 marge postfix/smtpd[28350]: disconnect from xx.foobar.com[XXX.XXX.XXX.XXX] ehlo=2 starttls=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=6/7
Oct 25 18:30:17 marge postfix/smtpd[28350]: connect from smtp-07.m-1.eu-1.quentn.com[XXX.XXX.XXX.XXX]
Oct 25 18:30:17 marge postfix/smtpd[28350]: TLS SNI marge.quemed.de from smtp-07.m-1.eu-1.quentn.com[XXX.XXX.XXX.XXX] not matched, using default chain
Oct 25 18:30:17 marge postfix/smtpd[28350]: warning: missing attribute action in input from private/policy
Oct 25 18:30:17 marge postfix/spawn[28958]: warning: command /usr/bin/policyd-spf exit status 1
Oct 25 18:30:18 marge postfix/smtpd[28350]: warning: missing attribute action in input from private/policy
Oct 25 18:30:18 marge postfix/smtpd[28350]: warning: problem talking to server private/policy: Application error
Oct 25 18:30:18 marge postfix/smtpd[28350]: NOQUEUE: reject: RCPT from smtp-07.m-1.eu-1.quentn.com[XXX.XXX.XXX.XXX]: 451 4.3.5 <info@company.de>: Recipient address rejected: Server configuration problem; from=<return-qx0cwt-qn297qx0cwt22n-info=foobar.de@m-1.eu-1.quentn.com> to=<info@company.de> proto=ESMTP helo=<smtp-07.m-1.eu-1.quentn.com>
Oct 25 18:30:18 marge postfix/smtpd[28350]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient "info@company.de" from client "smtp-07.m-1.eu-1.quentn.com[XXX.XXX.XXX.XXX]"
Oct 25 18:30:18 marge postfix/smtpd[28350]: disconnect from smtp-07.m-1.eu-1.quentn.com[XXX.XXX.XXX.XXX] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
Oct 25 18:30:18 marge postfix/spawn[28958]: warning: command /usr/bin/policyd-spf exit status 1
Oct 25 18:30:19 marge postfix/smtpd[28350]: connect from mout.gmx.net[XXX.XXX.XXX.XXX]
Oct 25 18:30:19 marge postfix/smtpd[28350]: TLS SNI marge.quemed.de from mout.gmx.net[XXX.XXX.XXX.XXX] not matched, using default chain
Oct 25 18:30:19 marge postfix/smtpd[28350]: warning: missing attribute action in input from private/policy
Oct 25 18:30:19 marge postfix/spawn[28958]: warning: command /usr/bin/policyd-spf exit status 1
Oct 25 18:30:20 marge postfix/smtpd[28350]: warning: missing attribute action in input from private/policy
Oct 25 18:30:20 marge postfix/smtpd[28350]: warning: problem talking to server private/policy: Application error
Oct 25 18:30:20 marge postfix/smtpd[28350]: NOQUEUE: reject: RCPT from mout.gmx.net[XXX.XXX.XXX.XXX]: 451 4.3.5 <income@email.com>: Recipient address rejected: Server configuration problem; from=<sender@gmx.de> to=<income@email.com> proto=ESMTP helo=<mout.gmx.net>
Oct 25 18:30:20 marge postfix/smtpd[28350]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient "income@email.com" from client "mout.gmx.net[XXX.XXX.XXX.XXX]"
Oct 25 18:30:20 marge postfix/spawn[28958]: warning: command /usr/bin/policyd-spf exit status 1
Oct 25 18:30:20 marge postfix/smtpd[28350]: disconnect from mout.gmx.net[XXX.XXX.XXX.XXX] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7
Oct 25 18:30:20 marge postfix/smtpd[28350]: NOQUEUE: reject: RCPT from mout.gmx.net[XXX.XXX.XXX.XXX]: 451 4.3.5 <income@email.com>: Recipient address rejected: Server configuration problem; from=<sender@gmx.de> to=<income@email.com> proto=ESMTP helo=<mout.gmx.net>
Oct 25 18:30:20 marge postfix/smtpd[28350]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient "income@email.com" from client "mout.gmx.net[XXX.XXX.XXX.XXX]"
Oct 25 18:30:20 marge postfix/spawn[28958]: warning: command /usr/bin/policyd-spf exit status 1
Oct 25 18:30:20 marge postfix/smtpd[28350]: disconnect from mout.gmx.net[XXX.XXX.XXX.XXX] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7
E-Mails sollen wie gewohnt im Posteingang landen.
Tatsächliches Ergebnis
E-Mails kommen nicht im Posteingang an.
Schritte zur Reproduktion
Do upgrade.
Zusätzliche Informationen
Ich habe nun den Server mittels Snapshot wieder zugespielt und er läuft wieder auf Debian 11.
/etc/postfix/main.cf
Code: Select all
myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# Turning off the backwards-compatibility safety net
# http://www.postfix.org/COMPATIBILITY_README.html
compatibility_level = 2
# Appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# Max mail size in byte
message_size_limit = 36700160
# TLS parameters
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/keyhelp/mail.pem
smtpd_tls_key_file = /etc/ssl/keyhelp/mail.pem
smtpd_tls_CAfile = /etc/ssl/keyhelp/mail-ca.crt
smtp_tls_CApath = /etc/ssl/certs
smtpd_tls_CApath = /etc/ssl/certs
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
smtp_tls_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
smtpd_tls_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
smtp_tls_security_level = may
smtpd_tls_security_level = may
# TLS cypher for PFS
smtp_tls_mandatory_ciphers = high
smtpd_tls_mandatory_ciphers = high
# medium for now, otherwise breakes with older SMTP
smtp_tls_ciphers = medium
smtpd_tls_ciphers = medium
smtpd_tls_dh512_param_file = /etc/postfix/dh512.pem
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
smtpd_tls_exclude_ciphers = RC4, 3DES, aNULL
smtp_tls_exclude_ciphers = RC4, 3DES, aNULL
smtpd_tls_eecdh_grade = ultra
tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp384r1
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = no
# Dovecot Settings for deliver, SASL Auth and virtual transport
# uncomment those line to use Dovecot
mailbox_command = /usr/lib/dovecot/deliver
#dovecot_destination_recipient_limit = 1
#transport_maps = hash:/etc/postfix/transport
mailbox_transport = dovecot
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
myhostname = marge.quemed.de
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost, $myhostname
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
# Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
virtual_transport = lmtp:unix:private/dovecot-lmtp
#virtual_transport = dovecot
# Virtual domains, users, and aliases
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
# Concerning the peer
smtpd_soft_error_limit = 5
smtpd_error_sleep_time = 10s
smtpd_helo_required = yes
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_multi_recipient_bounce,
reject_unauth_destination
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
# check_helo_access regexp:/etc/postfix/helo_access,
reject_invalid_hostname,
reject_non_fqdn_hostname
# Concerning the envelope
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unauth_destination,
reject_unknown_sender_domain,
reject_unknown_client,
reject_non_fqdn_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient, check_policy_service unix:private/policy, hash:/etc/postfix/rbl_override, permit, reject_rbl_client bl.spamcop.net, reject_rbl_client bl.score.senderscore.com, reject_rbl_client b.barracudacentral.org
smtpd_recipient_limit = 50
smtpd_recipient_overshoot_limit = 50
# Header checks
header_checks = regexp:/etc/postfix/header_checks
# Rspamd
milter_protocol = 6
milter_default_action = accept
smtpd_milters = inet:localhost:11332
non_smtpd_milters = inet:localhost:11332
# SNI support
tls_server_sni_maps = hash:/etc/postfix/postfix-sni.conf