Ausrastender Postfix ;-)

Günther J. Niederwimmer gjn at gjn.priv.at
Do Aug 18 19:40:21 CEST 2022


Hallo Profis und Helfer in der Liste,

Ich bräuchte Hilfe, mein postfix den ich letztens mal auf den neuesten Stand 
gebracht habe, scheint mit meiner config nicht mehr glücklich zu sein? ich habe 
dabei auch mal das Programm "pflogsum" installiert, habe früher nur sporadisch 
die Logs durchsucht da es mein Heimserver ist!
Nur jetzt sehe ich eine Unmenge an Fehlern die von Tag zu Tag steigen, vor 
allem diese "throttling" nervt

Warnings
--------
  master (total: 328)
       147   /usr/libexec/postfix/smtpd: bad command startup -- throttling
         1   process /usr/libexec/postfix/smtpd pid 251086 exit status 1
         1   process /usr/libexec/postfix/smtpd pid 271671 exit status 1
         1   process /usr/libexec/postfix/smtpd pid 257703 exit status 1
..........
 das sind nochmal so an die 100-150       
wie kann man das abstellen?

das nächste Problem ist seit neuestem der SASL Fehler
Fatal Errors
------------
  smtpd (total: 181)
       181   no SASL authentication mechanisms

ich bin mir nicht bewusst etwas geändert zu haben! Aber kann natürlich im 
Unterbewusstsein passiert sein ;-) vielleicht findet Ihr was was ich nicht 
seehen kann. DANKE

postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_template_file = /etc/postfix/bounce.de-DE.cf
broken_sasl_auth_clients = yes
canonical_maps = lmdb:/etc/postfix/canonical
command_directory = /usr/sbin
compatibility_level = 3.6
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd 
$daemon_directory/$process_name $process_id & sleep 5
default_database_type = lmdb
html_directory = no
inet_interfaces = all
inet_protocols = all
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
lmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
myhostname = mx02.4gjn.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 89.26.108.0/28 
192.168.0.0/16 [fe80::]/10 [fc00::]/7 [2001:470:1f0b:371::]/64
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:11332
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/
postscreen_access.cidr, cidr:/etc/postfix/postscreen_spf_whitelist.cidr,
postscreen_bare_newline_enable = no
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 72h
postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7 
dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5 
bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8 
dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3 
dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2 
dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8 
zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4 
zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3 
hostkarma.junkemailfilter.com=127.0.0.4*1 
hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.
[18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_ttl = 5m
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 2d
postscreen_greet_wait = 3s
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
proxy_write_maps = proxy:lmdb:/var/lib/postfix/postscreen_cache
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix3-3.7.2/README_FILES
recipient_delimiter = +
relay_domains = lmdb:/etc/postfix/relay_domains
sample_directory = /usr/share/doc/postfix3-3.7.2/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtp_dns_support_level = dnssec
smtp_tls_CAfile = /etc/pki/tls/cert.pem
smtp_tls_cert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain.pem
smtp_tls_eccert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain-ecdsa.pem
smtp_tls_eckey_file = /etc/pki/tls/private/4gjn.com_ec.key
smtp_tls_key_file = /etc/pki/tls/private/4gjn.com.key
smtp_tls_loglevel = 2
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = dane
smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_milters = inet:localhost:11332
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, 
reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, 
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/pki/tls/certs/dh_4096.pem
smtpd_tls_dh512_param_file = /etc/pki/tls/certs/dh_2048.pem
smtpd_tls_eccert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain-ecdsa.pem
smtpd_tls_eckey_file = /etc/pki/tls/private/4gjn.com_ec.key
smtpd_tls_eecdh_grade = auto
smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL, DES-CBC3-SHA, 
ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, IDEA-CBC-SHA
smtpd_tls_key_file = /etc/pki/tls/private/4gjn.com.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = lmdb:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION NO_RENEGOTIATION
transport_maps = lmdb:/etc/postfix/transport, $relay_domains
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 577
virtual_alias_maps = lmdb:/etc/postfix/virtual_aliases

postconf -M
smtp       inet  n       -       n       -       -       smtpd
smtpd      pass  -       -       n       -       -       smtpd -o 
smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname -o 
smtpd_sasl_auth_enable=no -o 
smtpd_sender_restrictions=permit_mynetworks,reject_unlisted_sender,reject_unknown_sender_domain
submission inet  n       -       n       -       -       smtpd -o 
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -
o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o 
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 -o tls_preempt_cipherlist=yes -o 
syslog_name=postfix/submission -o 
smtpd_relay_restrictions=permit_sasl_authenticated,reject -o 
milter_macro_daemon_name=ORIGINATING -o smtpd_sasl_auth_enable=yes
smtps      inet  n       -       n       -       -       smtpd -o 
smtpd_tls_wrappermode=yes -o 
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -
o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols -o 
tls_preempt_cipherlist=yes -o cleanup_service_name=smtp_sender_cleanup -o 
syslog_name=postfix/smtps
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp -o 
syslog_name=postfix/$service_name
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
postlog    unix-dgram n  -       n       -       1       postlogd

Ein Dankeschön für jeden Hinweis oder Hilfe,
-- 
mit freundlichen Grüßen / best Regards,

 Günther J. Niederwimmer




Mehr Informationen über die Mailingliste Postfixbuch-users