Postfix lässt nach Upgrade nicht alle Domains mehr senden

Andreas postfix at linuxmaker.de
Fr Dez 6 18:52:31 CET 2019


Hallo zusammen,

ich habe hier ein seltsames Verhalten von Postfix, nach einem Routine-Upgrade 
(Debian Buster) von Paketen (u.a. Postfix und MariaDB).

Auf dem Mailserver mx.example.tld lassen sich alle Mails verschicken der 
Domain example.tld. Die Domain swabia.tld mit dem Mailserver mail.swabia.tld, 
der auf mx.example.tld können seit dem Upgrade keine Mails versandt werden, 
obwohl das bisher ging.
Kmail meldet "Fehler beim Übertragen der Nachricht. Server error" und 
Thunderbird liefert dieses Log:

[11679:Unnamed thread 0x132b6df60]: D/IMAP ImapThreadMainLoop entering 
[this=0x14c706000]
[11679:Unnamed thread 0x1377a2710]: D/IMAP ImapThreadMainLoop entering 
[this=0x14f57c000]
[11679:Main Thread]: I/IMAP 
0x14c706000:mx.example.tld:NA:SetupWithUrlCallback: clearing 
IMAP_CONNECTION_IS_OPEN
[11679:Main Thread]: I/IMAP 
0x14f57c000:mail.swabia.tld:NA:SetupWithUrlCallback: clearing 
IMAP_CONNECTION_IS_OPEN
[11679:Unnamed thread 0x132b6df60]: I/IMAP 
0x14c706000:mx.example.tld:NA:ProcessCurrentURL: entering
[11679:Unnamed thread 0x132b6df60]: I/IMAP 
0x14c706000:mx.example.tld:NA:ProcessCurrentURL:imap://
wh%40germany%2Ecom at mx.example.tld:993/select%3E/INBOX:  = currentUrl
[11679:Unnamed thread 0x1377a2710]: I/IMAP 
0x14f57c000:mail.swabia.tld:NA:ProcessCurrentURL: entering
[11679:Unnamed thread 0x1377a2710]: I/IMAP 
0x14f57c000:mail.swabia.tld:NA:ProcessCurrentURL:imap://lk-
kfurt%40schwaben%2Ede at mail.swabia.tld:993/select%3E/INBOX:  = currentUrl
[11679:Main Thread]: D/IMAP proposed url = Sent folder for connection  has To 
Wait = FALSE can run = FALSE
[11679:Unnamed thread 0x1377a3550]: D/IMAP ImapThreadMainLoop entering 
[this=0x14f59a000]
[11679:Main Thread]: I/IMAP 
0x14f59a000:mail.swabia.tld:NA:SetupWithUrlCallback: clearing 
IMAP_CONNECTION_IS_OPEN
[11679:Unnamed thread 0x1377a3550]: I/IMAP 
0x14f59a000:mail.swabia.tld:NA:ProcessCurrentURL: entering
[11679:Unnamed thread 0x1377a3550]: I/IMAP 
0x14f59a000:mail.swabia.tld:NA:ProcessCurrentURL:imap://lk-
kfurt%40schwaben%2Ede at mail.swabia.tld:993/select%3E/Sent:  = currentUrl
[11679:Unnamed thread 0x1377a2710]: D/IMAP ReadNextLine [stream=0x1270b6900 
nb=123 needmore=0]
[11679:Unnamed thread 0x132b6df60]: D/IMAP ReadNextLine [stream=0x1270b7100 
nb=123 needmore=0]
[11679:Unnamed thread 0x1377a2710]: I/IMAP 
0x14f57c000:mail.swabia.tld:NA:CreateNewLineFromSocket: * OK [CAPABILITY 
IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN 
AUTH=LOGIN] Dovecot (Debian) ready.
[11679:Unnamed thread 0x132b6df60]: I/IMAP 
0x14c706000:mx.example.tld:NA:CreateNewLineFromSocket: * OK [CAPABILITY 
IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN 
AUTH=LOGIN] Dovecot (Debian) ready.
[11679:Unnamed thread 0x1377a2710]: D/IMAP try to log in
[11679:Unnamed thread 0x1377a2710]: D/IMAP IMAP auth: server caps 0x4085427, 
pref 0x1006, failed 0x0, avail caps 0x1006
[11679:Unnamed thread 0x1377a2710]: D/IMAP (GSSAPI = 0x1000000, CRAM = 
0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000, LOGIN = 0x2, old-
style IMAP login = 0x4, auth external IMAP login = 0x20000000, OAUTH2 = 
0x800000000)
[11679:Unnamed thread 0x1377a2710]: D/IMAP trying auth method 0x1000
[11679:Unnamed thread 0x132b6df60]: D/IMAP try to log in
[11679:Unnamed thread 0x132b6df60]: D/IMAP IMAP auth: server caps 0x4085427, 
pref 0x1006, failed 0x0, avail caps 0x1006
[11679:Unnamed thread 0x132b6df60]: D/IMAP (GSSAPI = 0x1000000, CRAM = 
0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000, LOGIN = 0x2, old-
style IMAP login = 0x4, auth external IMAP login = 0x20000000, OAUTH2 = 
0x800000000)
[11679:Unnamed thread 0x132b6df60]: D/IMAP trying auth method 0x1000
[11679:Unnamed thread 0x1377a3550]: D/IMAP ReadNextLine [stream=0x1270b6f00 
nb=123 needmore=0]
[11679:Unnamed thread 0x1377a3550]: I/IMAP 
0x14f59a000:mail.swabia.tld:NA:CreateNewLineFromSocket: * OK [CAPABILITY 
IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN 
AUTH=LOGIN] Dovecot (Debian) ready.
[11679:Unnamed thread 0x1377a3550]: D/IMAP try to log in
[11679:Unnamed thread 0x1377a3550]: D/IMAP IMAP auth: server caps 0x4085427, 
pref 0x1006, failed 0x0, avail caps 0x1006
[11679:Unnamed thread 0x1377a3550]: D/IMAP (GSSAPI = 0x1000000, CRAM = 
0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000, LOGIN = 0x2, old-
style IMAP login = 0x4, auth external IMAP login = 0x20000000, OAUTH2 = 
0x800000000)
[11679:Unnamed thread 0x1377a3550]: D/IMAP trying auth method 0x1000
[11679:Unnamed thread 0x1377a2710]: E/IMAP IMAP: password prompt failed or 
user canceled it
[11679:Unnamed thread 0x1377a2710]: E/IMAP login failed entirely
[11679:Unnamed thread 0x1377a3550]: E/IMAP IMAP: password prompt failed or 
user canceled it
[11679:Unnamed thread 0x1377a3550]: E/IMAP login failed entirely
[11679:Unnamed thread 0x132b6df60]: D/IMAP got new password
[11679:Unnamed thread 0x132b6df60]: D/IMAP IMAP: trying auth method 0x1000
[11679:Unnamed thread 0x132b6df60]: D/IMAP PLAIN auth
[11679:Unnamed thread 0x132b6df60]: I/IMAP 
0x14c706000:mx.example.tld:NA:SendData: 1 authenticate PLAIN
[11679:Unnamed thread 0x132b6df60]: D/IMAP ReadNextLine [stream=0x1270b7100 
nb=4 needmore=0]
[11679:Unnamed thread 0x132b6df60]: I/IMAP 
0x14c706000:mx.example.tld:NA:CreateNewLineFromSocket: + 
[11679:Unnamed thread 0x132b6df60]: I/IMAP 
0x14c706000:mx.example.tld:NA:SendData: Logging suppressed for this command 
(it probably contained authentication information)
[11679:Unnamed thread 0x1377a2710]: I/IMAP 
0x14f57c000:mail.swabia.tld:NA:ProcessCurrentURL: aborting queued urls
[11679:Unnamed thread 0x1377a3550]: I/IMAP 
0x14f59a000:mail.swabia.tld:NA:ProcessCurrentURL: aborting queued urls
[11679:Unnamed thread 0x1377a2710]: I/IMAP 
0x14f57c000:mail.swabia.tld:NA:TellThreadToDie: close socket connection
[11679:Unnamed thread 0x1377a2710]: D/IMAP ImapThreadMainLoop leaving 
[this=0x14f57c000]
[11679:Unnamed thread 0x1377a3550]: I/IMAP 
0x14f59a000:mail.swabia.tld:NA:TellThreadToDie: close socket connection
[11679:Unnamed thread 0x1377a3550]: D/IMAP ImapThreadMainLoop leaving 
[this=0x14f59a000]
[11679:Unnamed thread 0x132b6df60]: D/IMAP ReadNextLine [stream=0x1270b7100 
nb=395 needmore=0]
[11679:Unnamed thread 0x132b6df60]: I/IMAP 
0x14c706000:mx.example.tld:NA:CreateNewLineFromSocket: 1 OK [CAPABILITY 
IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY 
THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL 
CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 
CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS 
BINARY MOVE SNIPPET=FUZZY LITERAL+ NOTIFY SPECIAL-USE QUOTA ACL RIGHTS=texk] 
Logged in
[11679:Unnamed thread 0x132b6df60]: D/IMAP login succeeded

Anbei die Postfix-Config:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 1h
broken_sasl_auth_clients = yes
compatibility_level = 2
debug_peer_level = 2
debug_peer_list = 192.168.1.66/32
disable_vrfy_command = yes
greylist = permit_dnswl_client list.dnswl.org, check_policy_service inet:
127.0.0.1:10023
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
maximal_backoff_time = 15m
maximal_queue_lifetime = 1h
message_size_limit = 26214400
milter_default_action = accept
milter_protocol = 6
minimal_backoff_time = 300s
mydestination = mx.example.tld, localhost.example.tld, localhost
myhostname = mx.example.tld
mynetworks = 127.0.0.0/8 192.168.1.0/24 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
non_smtpd_milters = inet:127.0.0.1:12248
plaintext_reject_code = 550
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/
postscreen_access.cidr
postscreen_bare_newline_enable = no
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 24h
postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
postscreen_dnsbl_action = drop
postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7 
dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5 
bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8 
dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3 
dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2 
dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8 
zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4 
zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3 
hostkarma.junkemailfilter.com=127.0.0.4*1 
hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.
[18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_ttl = 5m
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 2d
postscreen_greet_wait = 3s
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
proxy_read_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_sender_acl.cf, 
proxy:mysql:/etc/postfix/sql/mysql_tls_enforce_out_policy.cf, proxy:mysql:/
etc/postfix/sql/mysql_tls_enforce_in_policy.cf, $local_recipient_maps 
$mydestination $virtual_alias_maps $virtual_alias_domains 
$virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps 
$relay_domains $canonical_maps $sender_canonical_maps 
$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks 
$smtpd_sender_login_maps
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_mxdomain_maps.cf
relay_recipient_maps = proxy:mysql:/etc/postfix/sql/
mysql_relay_recipient_maps.cf
relayhost =
sender_dependent_default_transport_maps = proxy:mysql:/etc/postfix/sql/
mysql_tls_enforce_out_policy.cf
smtp_dns_support_level = dnssec
smtp_header_checks = pcre:/etc/postfix/submission_header_cleanup
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_loglevel = 1
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname
smtpd_client_restrictions = permit_mynetworks check_client_access hash:/etc/
postfix/without_ptr reject_unknown_client_hostname
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 10s
smtpd_hard_error_limit = ${stress?1}${stress:5}
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:12248
smtpd_proxy_timeout = 600s
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, 
reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, 
reject_unauth_destination
smtpd_restriction_classes = greylist
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth_dovecot
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/sql/
mysql_virtual_sender_acl.cf
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, 
permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, 
reject_unlisted_sender, reject_unknown_sender_domain
smtpd_soft_error_limit = 3
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/mail/mail.crt
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL
smtpd_tls_key_file = /etc/ssl/mail/mail.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL
smtpd_tls_mandatory_protocols = !SSLv3
smtpd_tls_protocols = !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_high_cipherlist = 
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:
+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!
MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-
SHA:AES128-SHA
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, 
proxy:mysql:/etc/postfix/sql/mysql_virtual_spamalias_maps.cf, proxy:mysql:/
etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/
sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/
mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/
mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/
mysql_virtual_alias_domain_mailbox_maps.cf
virtual_minimum_uid = 104
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:5000

Was könnte der mögliche Fehler sein?

Beste Grüße

Andreas
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20191206/7c080351/attachment-0001.html>


Mehr Informationen über die Mailingliste Postfixbuch-users