Ausrastender Postfix ;-)
Günther J. Niederwimmer
gjn at gjn.priv.at
Do Aug 18 19:40:21 CEST 2022
Hallo Profis und Helfer in der Liste,
Ich bräuchte Hilfe, mein postfix den ich letztens mal auf den neuesten Stand
gebracht habe, scheint mit meiner config nicht mehr glücklich zu sein? ich habe
dabei auch mal das Programm "pflogsum" installiert, habe früher nur sporadisch
die Logs durchsucht da es mein Heimserver ist!
Nur jetzt sehe ich eine Unmenge an Fehlern die von Tag zu Tag steigen, vor
allem diese "throttling" nervt
Warnings
--------
master (total: 328)
147 /usr/libexec/postfix/smtpd: bad command startup -- throttling
1 process /usr/libexec/postfix/smtpd pid 251086 exit status 1
1 process /usr/libexec/postfix/smtpd pid 271671 exit status 1
1 process /usr/libexec/postfix/smtpd pid 257703 exit status 1
..........
das sind nochmal so an die 100-150
wie kann man das abstellen?
das nächste Problem ist seit neuestem der SASL Fehler
Fatal Errors
------------
smtpd (total: 181)
181 no SASL authentication mechanisms
ich bin mir nicht bewusst etwas geändert zu haben! Aber kann natürlich im
Unterbewusstsein passiert sein ;-) vielleicht findet Ihr was was ich nicht
seehen kann. DANKE
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_template_file = /etc/postfix/bounce.de-DE.cf
broken_sasl_auth_clients = yes
canonical_maps = lmdb:/etc/postfix/canonical
command_directory = /usr/sbin
compatibility_level = 3.6
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
default_database_type = lmdb
html_directory = no
inet_interfaces = all
inet_protocols = all
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
lmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
myhostname = mx02.4gjn.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 89.26.108.0/28
192.168.0.0/16 [fe80::]/10 [fc00::]/7 [2001:470:1f0b:371::]/64
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:11332
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/
postscreen_access.cidr, cidr:/etc/postfix/postscreen_spf_whitelist.cidr,
postscreen_bare_newline_enable = no
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 72h
postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7
dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5
bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8
dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3
dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2
dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8
zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4
zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3
hostkarma.junkemailfilter.com=127.0.0.4*1
hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.
[18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_ttl = 5m
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 2d
postscreen_greet_wait = 3s
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
proxy_write_maps = proxy:lmdb:/var/lib/postfix/postscreen_cache
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix3-3.7.2/README_FILES
recipient_delimiter = +
relay_domains = lmdb:/etc/postfix/relay_domains
sample_directory = /usr/share/doc/postfix3-3.7.2/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtp_dns_support_level = dnssec
smtp_tls_CAfile = /etc/pki/tls/cert.pem
smtp_tls_cert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain.pem
smtp_tls_eccert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain-ecdsa.pem
smtp_tls_eckey_file = /etc/pki/tls/private/4gjn.com_ec.key
smtp_tls_key_file = /etc/pki/tls/private/4gjn.com.key
smtp_tls_loglevel = 2
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = dane
smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_milters = inet:localhost:11332
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/pki/tls/certs/dh_4096.pem
smtpd_tls_dh512_param_file = /etc/pki/tls/certs/dh_2048.pem
smtpd_tls_eccert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain-ecdsa.pem
smtpd_tls_eckey_file = /etc/pki/tls/private/4gjn.com_ec.key
smtpd_tls_eecdh_grade = auto
smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL, DES-CBC3-SHA,
ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, IDEA-CBC-SHA
smtpd_tls_key_file = /etc/pki/tls/private/4gjn.com.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = lmdb:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION NO_RENEGOTIATION
transport_maps = lmdb:/etc/postfix/transport, $relay_domains
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 577
virtual_alias_maps = lmdb:/etc/postfix/virtual_aliases
postconf -M
smtp inet n - n - - smtpd
smtpd pass - - n - - smtpd -o
smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname -o
smtpd_sasl_auth_enable=no -o
smtpd_sender_restrictions=permit_mynetworks,reject_unlisted_sender,reject_unknown_sender_domain
submission inet n - n - - smtpd -o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -
o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 -o tls_preempt_cipherlist=yes -o
syslog_name=postfix/submission -o
smtpd_relay_restrictions=permit_sasl_authenticated,reject -o
milter_macro_daemon_name=ORIGINATING -o smtpd_sasl_auth_enable=yes
smtps inet n - n - - smtpd -o
smtpd_tls_wrappermode=yes -o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -
o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols -o
tls_preempt_cipherlist=yes -o cleanup_service_name=smtp_sender_cleanup -o
syslog_name=postfix/smtps
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp -o
syslog_name=postfix/$service_name
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
Ein Dankeschön für jeden Hinweis oder Hilfe,
--
mit freundlichen Grüßen / best Regards,
Günther J. Niederwimmer
Mehr Informationen über die Mailingliste Postfixbuch-users