Ausrastender Postfix ;-)
sebastian at debianfan.de
sebastian at debianfan.de
Do Aug 18 20:53:33 CEST 2022
Ich hatte sowas immer wenn ich an der config etwas geändert hatte.
Was hast Du denn angepasst?
Oder hast Du Updates anderer Pakete gemacht ?
Am 18. August 2022 19:40:21 MESZ schrieb "Günther J. Niederwimmer" <gjn at gjn.priv.at>:
>Hallo Profis und Helfer in der Liste,
>
>Ich bräuchte Hilfe, mein postfix den ich letztens mal auf den neuesten
>Stand
>gebracht habe, scheint mit meiner config nicht mehr glücklich zu sein?
>ich habe
>dabei auch mal das Programm "pflogsum" installiert, habe früher nur
>sporadisch
>die Logs durchsucht da es mein Heimserver ist!
>Nur jetzt sehe ich eine Unmenge an Fehlern die von Tag zu Tag steigen,
>vor
>allem diese "throttling" nervt
>
>Warnings
>--------
> master (total: 328)
> 147 /usr/libexec/postfix/smtpd: bad command startup -- throttling
> 1 process /usr/libexec/postfix/smtpd pid 251086 exit status 1
> 1 process /usr/libexec/postfix/smtpd pid 271671 exit status 1
> 1 process /usr/libexec/postfix/smtpd pid 257703 exit status 1
>..........
> das sind nochmal so an die 100-150
>wie kann man das abstellen?
>
>das nächste Problem ist seit neuestem der SASL Fehler
>Fatal Errors
>------------
> smtpd (total: 181)
> 181 no SASL authentication mechanisms
>
>ich bin mir nicht bewusst etwas geändert zu haben! Aber kann natürlich
>im
>Unterbewusstsein passiert sein ;-) vielleicht findet Ihr was was ich
>nicht
>seehen kann. DANKE
>
>postconf -n
>alias_database = hash:/etc/aliases
>alias_maps = hash:/etc/aliases
>bounce_template_file = /etc/postfix/bounce.de-DE.cf
>broken_sasl_auth_clients = yes
>canonical_maps = lmdb:/etc/postfix/canonical
>command_directory = /usr/sbin
>compatibility_level = 3.6
>daemon_directory = /usr/libexec/postfix
>data_directory = /var/lib/postfix
>debug_peer_level = 2
>debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
>
>$daemon_directory/$process_name $process_id & sleep 5
>default_database_type = lmdb
>html_directory = no
>inet_interfaces = all
>inet_protocols = all
>lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
>lmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
>mail_owner = postfix
>mailbox_size_limit = 0
>mailq_path = /usr/bin/mailq.postfix
>manpage_directory = /usr/share/man
>meta_directory = /etc/postfix
>milter_default_action = accept
>milter_mail_macros = i {mail_addr} {client_addr} {client_name}
>{auth_authen}
>mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
>myhostname = mx02.4gjn.com
>mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
>89.26.108.0/28
>192.168.0.0/16 [fe80::]/10 [fc00::]/7 [2001:470:1f0b:371::]/64
>myorigin = $myhostname
>newaliases_path = /usr/bin/newaliases.postfix
>non_smtpd_milters = inet:localhost:11332
>postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/
>postscreen_access.cidr,
>cidr:/etc/postfix/postscreen_spf_whitelist.cidr,
>postscreen_bare_newline_enable = no
>postscreen_blacklist_action = drop
>postscreen_cache_cleanup_interval = 72h
>postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
>postscreen_dnsbl_action = enforce
>postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7
>dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5
>bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8
>dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3
>dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2
>dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8
>zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4
>zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3
>hostkarma.junkemailfilter.com=127.0.0.4*1
>hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.
>[18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2
>postscreen_dnsbl_threshold = 8
>postscreen_dnsbl_ttl = 5m
>postscreen_greet_action = enforce
>postscreen_greet_banner = $smtpd_banner
>postscreen_greet_ttl = 2d
>postscreen_greet_wait = 3s
>postscreen_non_smtp_command_enable = no
>postscreen_pipelining_enable = no
>proxy_write_maps = proxy:lmdb:/var/lib/postfix/postscreen_cache
>queue_directory = /var/spool/postfix
>readme_directory = /usr/share/doc/postfix3-3.7.2/README_FILES
>recipient_delimiter = +
>relay_domains = lmdb:/etc/postfix/relay_domains
>sample_directory = /usr/share/doc/postfix3-3.7.2/samples
>sendmail_path = /usr/sbin/sendmail.postfix
>setgid_group = postdrop
>shlib_directory = /usr/lib/postfix
>smtp_dns_support_level = dnssec
>smtp_tls_CAfile = /etc/pki/tls/cert.pem
>smtp_tls_cert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain.pem
>smtp_tls_eccert_file =
>/etc/letsencrypt/live/mx02.4gjn.com/fullchain-ecdsa.pem
>smtp_tls_eckey_file = /etc/pki/tls/private/4gjn.com_ec.key
>smtp_tls_key_file = /etc/pki/tls/private/4gjn.com.key
>smtp_tls_loglevel = 2
>smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
>smtp_tls_note_starttls_offer = yes
>smtp_tls_protocols = !SSLv2, !SSLv3
>smtp_tls_security_level = dane
>smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache
>smtpd_banner = $myhostname ESMTP $mail_name
>smtpd_milters = inet:localhost:11332
>smtpd_recipient_restrictions = permit_sasl_authenticated,
>permit_mynetworks,
>reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname,
>reject_unauth_destination
>smtpd_sasl_auth_enable = yes
>smtpd_sasl_authenticated_header = yes
>smtpd_sasl_path = private/auth
>smtpd_sasl_type = dovecot
>smtpd_tls_auth_only = yes
>smtpd_tls_cert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain.pem
>smtpd_tls_dh1024_param_file = /etc/pki/tls/certs/dh_4096.pem
>smtpd_tls_dh512_param_file = /etc/pki/tls/certs/dh_2048.pem
>smtpd_tls_eccert_file =
>/etc/letsencrypt/live/mx02.4gjn.com/fullchain-ecdsa.pem
>smtpd_tls_eckey_file = /etc/pki/tls/private/4gjn.com_ec.key
>smtpd_tls_eecdh_grade = auto
>smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL,
>DES-CBC3-SHA,
>ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, IDEA-CBC-SHA
>smtpd_tls_key_file = /etc/pki/tls/private/4gjn.com.key
>smtpd_tls_loglevel = 1
>smtpd_tls_mandatory_ciphers = high
>smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
>smtpd_tls_protocols = !SSLv2, !SSLv3
>smtpd_tls_received_header = yes
>smtpd_tls_security_level = may
>smtpd_tls_session_cache_database = lmdb:${data_directory}/smtpd_scache
>smtpd_use_tls = yes
>smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
>tls_preempt_cipherlist = yes
>tls_ssl_options = NO_COMPRESSION NO_RENEGOTIATION
>transport_maps = lmdb:/etc/postfix/transport, $relay_domains
>unknown_local_recipient_reject_code = 550
>unverified_recipient_reject_code = 577
>virtual_alias_maps = lmdb:/etc/postfix/virtual_aliases
>
>postconf -M
>smtp inet n - n - - smtpd
>smtpd pass - - n - - smtpd -o
>smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname
>-o
>smtpd_sasl_auth_enable=no -o
>smtpd_sender_restrictions=permit_mynetworks,reject_unlisted_sender,reject_unknown_sender_domain
>submission inet n - n - - smtpd -o
>smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
>-
>o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o
>smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 -o
>tls_preempt_cipherlist=yes -o
>syslog_name=postfix/submission -o
>smtpd_relay_restrictions=permit_sasl_authenticated,reject -o
>milter_macro_daemon_name=ORIGINATING -o smtpd_sasl_auth_enable=yes
>smtps inet n - n - - smtpd -o
>smtpd_tls_wrappermode=yes -o
>smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
>-
>o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols -o
>
>tls_preempt_cipherlist=yes -o cleanup_service_name=smtp_sender_cleanup
>-o
>syslog_name=postfix/smtps
>pickup unix n - n 60 1 pickup
>cleanup unix n - n - 0 cleanup
>qmgr unix n - n 300 1 qmgr
>tlsmgr unix - - n 1000? 1 tlsmgr
>rewrite unix - - n - -
>trivial-rewrite
>bounce unix - - n - 0 bounce
>defer unix - - n - 0 bounce
>trace unix - - n - 0 bounce
>verify unix - - n - 1 verify
>flush unix n - n 1000? 0 flush
>proxymap unix - - n - - proxymap
>proxywrite unix - - n - 1 proxymap
>smtp unix - - n - - smtp
>relay unix - - n - - smtp -o
>syslog_name=postfix/$service_name
>showq unix n - n - - showq
>error unix - - n - - error
>retry unix - - n - - error
>discard unix - - n - - discard
>local unix - n n - - local
>virtual unix - n n - - virtual
>lmtp unix - - n - - lmtp
>anvil unix - - n - 1 anvil
>scache unix - - n - 1 scache
>postlog unix-dgram n - n - 1 postlogd
>
>Ein Dankeschön für jeden Hinweis oder Hilfe,
>--
>mit freundlichen Grüßen / best Regards,
>
> Günther J. Niederwimmer
--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20220818/82dbbb92/attachment-0001.htm>
Mehr Informationen über die Mailingliste Postfixbuch-users