Mailserver kann einige Mails nicht zustellen.

  • Hi,


    ich habe leider einige Probleme mit meinem Postfix und der Oberfläche Froxlor. Ich betreibe den Postfix auf einem CentOS 7. Folgende Probleme:


    Ich rufe meine Verwaltungsoberfläche mit der URL froxlor.meinedomain.de auf. Ich kann für andere Domains auch Mailadressen anlegen die auch alle halbwegs funktionieren (Problem 2 weiter unten). Erstelle ich eine Mailadresse wie zum Beispiel postmaster@meinedomain.de kann ich daraus auch mails versenden, nur empfangen geht nicht.


    [root@vserver3 ~]# tail -f /var/log/maillog | grep postmaster
    Aug 27 15:27:35 vserver3 postfix/local[16572]: 23EA5D00: to=<root@mail.meinedomain.de>, orig_to=<postmaster@meinedomain.de>, relay=local, delay=0.1, delays=0.1/0/0/0, dsn=4.3.0, status=deferred (temporary failure. Command output: local: fatal: execvp /usr/lib/dovecot/deliver: Permission denied )
    Aug 27 15:32:09 vserver3 postfix/local[16844]: 6990ACF5: to=<root@meinedomain.de>, orig_to=<postmaster@meinedomain.de>, relay=local, delay=465, delays=465/0.02/0/0.01, dsn=4.3.0, status=deferred (temporary failure. Command output: local: fatal: execvp /usr/lib/dovecot/deliver: Permission denied )


    Ich finde den Fehler nicht :(


    Problem 2:


    Für meine Mailadressen anderer Domains möchte ich SSL auf Port 587 aktivieren, dafür habe ich die Configs angepasst. Der Port ist auf dem Server offen, Thunderbird nimmt für das Postfach auch den Port 587. Jedoch kommen diese trotzdem nicht bei einigen Providern wie zum Beispiel AOL an. Hier meine Configs:


    postconf -n


    alias_maps = $alias_database
    append_dot_mydomain = no
    biff = no
    broken_sasl_auth_clients = yes
    config_directory = /etc/postfix
    debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
    default_destination_concurrency_limit = 20
    dovecot_destination_recipient_limit = 1
    inet_interfaces = all
    local_destination_concurrency_limit = 2
    local_transport = local
    mailbox_command = /usr/lib/dovecot/deliver
    mailbox_size_limit = 0
    message_size_limit = 52428800
    mydestination = $myhostname, $mydomain, localhost.$myhostname, localhost.$mydomain, localhost
    mydomain = meineDomain.de
    myhostname = mail.$mydomain
    mynetworks = 127.0.0.0/8
    smtpd_banner = $myhostname ESMTP $mail_name
    smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname
    smtpd_helo_required = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient
    smtpd_relay_restrictions =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = $myhostname
    smtpd_sasl_path = private/auth
    smtpd_sasl_type = dovecot
    smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_permissions.cf
    smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unknown_helo_hostname, reject_unknown_recipient_domain, reject_unknown_sender_domain
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_loglevel = 1
    virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
    virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
    virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
    virtual_transport = dovecot
    [root@vserver3 ~]# vim /etc/postfix/main.cf
    [root@vserver3 ~]# vim /etc/postfix/master.cf
    [root@vserver3 ~]# postconf -n
    alias_maps = $alias_database
    append_dot_mydomain = no
    biff = no
    broken_sasl_auth_clients = yes
    config_directory = /etc/postfix
    debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
    default_destination_concurrency_limit = 20
    dovecot_destination_recipient_limit = 1
    inet_interfaces = all
    local_destination_concurrency_limit = 2
    local_transport = local
    mailbox_command = /usr/lib/dovecot/deliver
    mailbox_size_limit = 0
    message_size_limit = 52428800
    mydestination = $myhostname, $mydomain, localhost.$myhostname, localhost.$mydomain, localhost
    mydomain = meineDomain.de
    myhostname = mail.$mydomain
    mynetworks = 127.0.0.0/8
    smtpd_banner = $myhostname ESMTP $mail_name
    smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname
    smtpd_helo_required = yes


    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient
    smtpd_relay_restrictions =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = $myhostname
    smtpd_sasl_path = private/auth
    smtpd_sasl_type = dovecot
    smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_permissions.cf
    smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unknown_helo_hostname, reject_unknown_recipient_domain, reject_unknown_sender_domain
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_loglevel = 1virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cfvirtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cfvirtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cfvirtual_transport = dovecot


    /etc/main.cf


    ## General Postfix configuration


    mydomain = meineDOMAIN.de


    # should be different from $mydomain eg. "mail.$mydomain"
    myhostname = mail.$mydomain


    mydestination = $myhostname,
    $mydomain,
    localhost.$myhostname,
    localhost.$mydomain,
    localhost
    mynetworks = 127.0.0.0/8
    inet_interfaces = all
    append_dot_mydomain = no
    biff = no


    # Postfix performance settings
    default_destination_concurrency_limit = 20
    local_destination_concurrency_limit = 2


    # SMTPD Settings
    smtpd_banner = $myhostname ESMTP $mail_name
    smtpd_helo_required = yes
    smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_unauth_pipelining,
    reject_non_fqdn_recipient
    smtpd_sender_restrictions = permit_mynetworks,
    reject_sender_login_mismatch,
    permit_sasl_authenticated,
    reject_unknown_helo_hostname,
    reject_unknown_recipient_domain,
    reject_unknown_sender_domain
    smtpd_client_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_unknown_client_hostname


    # Postfix 2.10 requires this option. Postfix < 2.10 ignores this.
    # The option is intentionally left empty.
    smtpd_relay_restrictions =


    # Maximum size of Message in bytes (50MB)
    message_size_limit = 52428800
    mailbox_size_limit = 0


    ## SASL Auth Settings
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = $myhostname
    broken_sasl_auth_clients = yes
    ## Dovecot Settings for deliver, SASL Auth and virtual transport
    smtpd_sasl_type = dovecot
    mailbox_command = /usr/lib/dovecot/deliver
    virtual_transport = dovecot
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_path = private/auth


    # Virtual delivery settings
    virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
    virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
    virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
    smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_permissions.cf


    # Local delivery settings
    local_transport = local
    alias_maps = $alias_database


    ### TLS settings
    ###
    ## TLS for outgoing mails from the server to another server
    #smtp_tls_security_level = may
    #smtp_tls_note_starttls_offer = yes
    ## TLS for email client
    #smtpd_tls_security_level = may
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_loglevel = 1
    #smtpd_tls_received_header = yes


    debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    ddd $daemon_directory/$process_name $process_id & sleep 5




    Ich danke euch !


    Viele Grüße,


    Lars

    2 Mal editiert, zuletzt von usernew () aus folgendem Grund: Optische Verbesserung

  • Hier noch die master.cf


    /etc/master.cf


    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type private unpriv chroot wakeup maxproc command + args
    # (yes) (yes) (yes) (never) (100)
    # ==========================================================================
    smtp inet n - n - - smtpd
    #smtp inet n - n - 1 postscreen
    #smtpd pass - - n - - smtpd
    #dnsblog unix - - n - 0 dnsblog
    #tlsproxy unix - - n - 0 tlsproxy
    submission inet n - n - - smtpd
    # -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    # -o smtpd_reject_unlisted_recipient=no
    # -o smtpd_client_restrictions=$mua_client_restrictions
    # -o smtpd_helo_restrictions=$mua_helo_restrictions
    # -o smtpd_sender_restrictions=$mua_sender_restrictions
    -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING
    #smtps inet n - n - - smtpd
    # -o syslog_name=postfix/smtps
    # -o smtpd_tls_wrappermode=yes
    # -o smtpd_sasl_auth_enable=yes
    # -o smtpd_reject_unlisted_recipient=no
    # -o smtpd_client_restrictions=$mua_client_restrictions
    # -o smtpd_helo_restrictions=$mua_helo_restrictions
    # -o smtpd_sender_restrictions=$mua_sender_restrictions
    # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING
    #628 inet n - n - - qmqpd
    pickup unix n - n 60 1 pickup
    cleanup unix n - n - 0 cleanup
    qmgr unix n - n 300 1 qmgr
    #qmgr unix n - n 300 1 oqmgr
    tlsmgr unix - - n 1000? 1 tlsmgr
    rewrite unix - - n - - trivial-rewrite
    bounce unix - - n - 0 bounce
    defer unix - - n - 0 bounce
    trace unix - - n - 0 bounce
    verify unix - - n - 1 verify
    flush unix n - n 1000? 0 flush
    proxymap unix - - n - - proxymap
    proxywrite unix - - n - 1 proxymap
    smtp unix - - n - - smtp
    relay unix - - n - - smtp
    # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq unix n - n - - showq
    error unix - - n - - error
    retry unix - - n - - error
    discard unix - - n - - discard
    local unix - n n - - local
    virtual unix - n n - - virtual
    lmtp unix - - n - - lmtp
    anvil unix - - n - 1 anvil
    scache unix - - n - 1 scache
    #
    #
    # added for Froxlor
    dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}

  • Scheinbar stimmen die Rechte des /usr/lib/dovecot/deliver-Verzeichnisses nicht. Wer ist der Besitzer dieser Datei?


    Bzw, wer ist der Besitzer des Mail-Verzeichnisses? Wenn du Froxlor-Standards nutzt, ist das unter /var/customers/mail/.

  • Hi,


    das habe ich schon überprüft, Besitzer ist vmail:vmail, als Berechtigung habe ich ebenfalls zu testzwecken 777 gesetzt. Auch mit root:root und postfix:postfix wird es nicht besser.


    Das Froxlorverzeichnis /var/customers/mail gehört auch vmail:vmail


    Das Verzeichnis /usr/lib/dovecot/deliver ist allerdings leer

  • Zitat

    Das Verzeichnis /usr/lib/dovecot/deliver ist allerdings leer


    Der Pfad kommt mir nicht bekannt vor.


    Bei 'Permission denied' solltest du auch mal in /var/log/audit/audit.log gucken (| grep denied | grep dovecot), falls SELinux läuft.

    CentOS 7 / nginx / php-fpm / postfix / rspamd / clamav / dovecot / nextcloud running on RS 1000 SSDx4 G8 / VPS 500 G8 / VPS 2000 G8 Plus

  • Hi,


    im Logfile kann grep weder ein denied, noch ein dovecot finden. Ich habe nach beiden nochmal einzeln gegrept.


    Der Eintrag für den Pfad befindet sich in der /etc/postfix/main.cf und wird per default von froxlor so vorgegeben.