Ausrastender Postfix ;-)

sebastian at debianfan.de sebastian at debianfan.de
Do Aug 18 20:53:33 CEST 2022


Ich hatte sowas immer wenn ich an der config etwas geändert hatte.

Was hast Du denn angepasst?

Oder hast Du Updates anderer Pakete gemacht ?



Am 18. August 2022 19:40:21 MESZ schrieb "Günther J. Niederwimmer" <gjn at gjn.priv.at>:
>Hallo Profis und Helfer in der Liste,
>
>Ich bräuchte Hilfe, mein postfix den ich letztens mal auf den neuesten
>Stand 
>gebracht habe, scheint mit meiner config nicht mehr glücklich zu sein?
>ich habe 
>dabei auch mal das Programm "pflogsum" installiert, habe früher nur
>sporadisch 
>die Logs durchsucht da es mein Heimserver ist!
>Nur jetzt sehe ich eine Unmenge an Fehlern die von Tag zu Tag steigen,
>vor 
>allem diese "throttling" nervt
>
>Warnings
>--------
>  master (total: 328)
>    147   /usr/libexec/postfix/smtpd: bad command startup -- throttling
>        1   process /usr/libexec/postfix/smtpd pid 251086 exit status 1
>        1   process /usr/libexec/postfix/smtpd pid 271671 exit status 1
>        1   process /usr/libexec/postfix/smtpd pid 257703 exit status 1
>..........
> das sind nochmal so an die 100-150       
>wie kann man das abstellen?
>
>das nächste Problem ist seit neuestem der SASL Fehler
>Fatal Errors
>------------
>  smtpd (total: 181)
>       181   no SASL authentication mechanisms
>
>ich bin mir nicht bewusst etwas geändert zu haben! Aber kann natürlich
>im 
>Unterbewusstsein passiert sein ;-) vielleicht findet Ihr was was ich
>nicht 
>seehen kann. DANKE
>
>postconf -n
>alias_database = hash:/etc/aliases
>alias_maps = hash:/etc/aliases
>bounce_template_file = /etc/postfix/bounce.de-DE.cf
>broken_sasl_auth_clients = yes
>canonical_maps = lmdb:/etc/postfix/canonical
>command_directory = /usr/sbin
>compatibility_level = 3.6
>daemon_directory = /usr/libexec/postfix
>data_directory = /var/lib/postfix
>debug_peer_level = 2
>debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
>
>$daemon_directory/$process_name $process_id & sleep 5
>default_database_type = lmdb
>html_directory = no
>inet_interfaces = all
>inet_protocols = all
>lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
>lmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
>mail_owner = postfix
>mailbox_size_limit = 0
>mailq_path = /usr/bin/mailq.postfix
>manpage_directory = /usr/share/man
>meta_directory = /etc/postfix
>milter_default_action = accept
>milter_mail_macros = i {mail_addr} {client_addr} {client_name}
>{auth_authen}
>mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
>myhostname = mx02.4gjn.com
>mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
>89.26.108.0/28 
>192.168.0.0/16 [fe80::]/10 [fc00::]/7 [2001:470:1f0b:371::]/64
>myorigin = $myhostname
>newaliases_path = /usr/bin/newaliases.postfix
>non_smtpd_milters = inet:localhost:11332
>postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/
>postscreen_access.cidr,
>cidr:/etc/postfix/postscreen_spf_whitelist.cidr,
>postscreen_bare_newline_enable = no
>postscreen_blacklist_action = drop
>postscreen_cache_cleanup_interval = 72h
>postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
>postscreen_dnsbl_action = enforce
>postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7 
>dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5 
>bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8 
>dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3 
>dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2 
>dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8 
>zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4 
>zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3 
>hostkarma.junkemailfilter.com=127.0.0.4*1 
>hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.
>[18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2
>postscreen_dnsbl_threshold = 8
>postscreen_dnsbl_ttl = 5m
>postscreen_greet_action = enforce
>postscreen_greet_banner = $smtpd_banner
>postscreen_greet_ttl = 2d
>postscreen_greet_wait = 3s
>postscreen_non_smtp_command_enable = no
>postscreen_pipelining_enable = no
>proxy_write_maps = proxy:lmdb:/var/lib/postfix/postscreen_cache
>queue_directory = /var/spool/postfix
>readme_directory = /usr/share/doc/postfix3-3.7.2/README_FILES
>recipient_delimiter = +
>relay_domains = lmdb:/etc/postfix/relay_domains
>sample_directory = /usr/share/doc/postfix3-3.7.2/samples
>sendmail_path = /usr/sbin/sendmail.postfix
>setgid_group = postdrop
>shlib_directory = /usr/lib/postfix
>smtp_dns_support_level = dnssec
>smtp_tls_CAfile = /etc/pki/tls/cert.pem
>smtp_tls_cert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain.pem
>smtp_tls_eccert_file =
>/etc/letsencrypt/live/mx02.4gjn.com/fullchain-ecdsa.pem
>smtp_tls_eckey_file = /etc/pki/tls/private/4gjn.com_ec.key
>smtp_tls_key_file = /etc/pki/tls/private/4gjn.com.key
>smtp_tls_loglevel = 2
>smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
>smtp_tls_note_starttls_offer = yes
>smtp_tls_protocols = !SSLv2, !SSLv3
>smtp_tls_security_level = dane
>smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache
>smtpd_banner = $myhostname ESMTP $mail_name
>smtpd_milters = inet:localhost:11332
>smtpd_recipient_restrictions = permit_sasl_authenticated,
>permit_mynetworks, 
>reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, 
>reject_unauth_destination
>smtpd_sasl_auth_enable = yes
>smtpd_sasl_authenticated_header = yes
>smtpd_sasl_path = private/auth
>smtpd_sasl_type = dovecot
>smtpd_tls_auth_only = yes
>smtpd_tls_cert_file = /etc/letsencrypt/live/mx02.4gjn.com/fullchain.pem
>smtpd_tls_dh1024_param_file = /etc/pki/tls/certs/dh_4096.pem
>smtpd_tls_dh512_param_file = /etc/pki/tls/certs/dh_2048.pem
>smtpd_tls_eccert_file =
>/etc/letsencrypt/live/mx02.4gjn.com/fullchain-ecdsa.pem
>smtpd_tls_eckey_file = /etc/pki/tls/private/4gjn.com_ec.key
>smtpd_tls_eecdh_grade = auto
>smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL,
>DES-CBC3-SHA, 
>ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, IDEA-CBC-SHA
>smtpd_tls_key_file = /etc/pki/tls/private/4gjn.com.key
>smtpd_tls_loglevel = 1
>smtpd_tls_mandatory_ciphers = high
>smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
>smtpd_tls_protocols = !SSLv2, !SSLv3
>smtpd_tls_received_header = yes
>smtpd_tls_security_level = may
>smtpd_tls_session_cache_database = lmdb:${data_directory}/smtpd_scache
>smtpd_use_tls = yes
>smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
>tls_preempt_cipherlist = yes
>tls_ssl_options = NO_COMPRESSION NO_RENEGOTIATION
>transport_maps = lmdb:/etc/postfix/transport, $relay_domains
>unknown_local_recipient_reject_code = 550
>unverified_recipient_reject_code = 577
>virtual_alias_maps = lmdb:/etc/postfix/virtual_aliases
>
>postconf -M
>smtp       inet  n       -       n       -       -       smtpd
>smtpd      pass  -       -       n       -       -       smtpd -o 
>smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname
>-o 
>smtpd_sasl_auth_enable=no -o 
>smtpd_sender_restrictions=permit_mynetworks,reject_unlisted_sender,reject_unknown_sender_domain
>submission inet  n       -       n       -       -       smtpd -o 
>smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
>-
>o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o 
>smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 -o
>tls_preempt_cipherlist=yes -o 
>syslog_name=postfix/submission -o 
>smtpd_relay_restrictions=permit_sasl_authenticated,reject -o 
>milter_macro_daemon_name=ORIGINATING -o smtpd_sasl_auth_enable=yes
>smtps      inet  n       -       n       -       -       smtpd -o 
>smtpd_tls_wrappermode=yes -o 
>smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
>-
>o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols -o
>
>tls_preempt_cipherlist=yes -o cleanup_service_name=smtp_sender_cleanup
>-o 
>syslog_name=postfix/smtps
>pickup     unix  n       -       n       60      1       pickup
>cleanup    unix  n       -       n       -       0       cleanup
>qmgr       unix  n       -       n       300     1       qmgr
>tlsmgr     unix  -       -       n       1000?   1       tlsmgr
>rewrite    unix  -       -       n       -       -      
>trivial-rewrite
>bounce     unix  -       -       n       -       0       bounce
>defer      unix  -       -       n       -       0       bounce
>trace      unix  -       -       n       -       0       bounce
>verify     unix  -       -       n       -       1       verify
>flush      unix  n       -       n       1000?   0       flush
>proxymap   unix  -       -       n       -       -       proxymap
>proxywrite unix  -       -       n       -       1       proxymap
>smtp       unix  -       -       n       -       -       smtp
>relay      unix  -       -       n       -       -       smtp -o 
>syslog_name=postfix/$service_name
>showq      unix  n       -       n       -       -       showq
>error      unix  -       -       n       -       -       error
>retry      unix  -       -       n       -       -       error
>discard    unix  -       -       n       -       -       discard
>local      unix  -       n       n       -       -       local
>virtual    unix  -       n       n       -       -       virtual
>lmtp       unix  -       -       n       -       -       lmtp
>anvil      unix  -       -       n       -       1       anvil
>scache     unix  -       -       n       -       1       scache
>postlog    unix-dgram n  -       n       -       1       postlogd
>
>Ein Dankeschön für jeden Hinweis oder Hilfe,
>-- 
>mit freundlichen Grüßen / best Regards,
>
> Günther J. Niederwimmer

-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20220818/82dbbb92/attachment-0001.htm>


Mehr Informationen über die Mailingliste Postfixbuch-users