undefined parameter: mua_sender_restrictions

There are lot's of discussions on virtualmin.com which mention the same postfix -n warnings, however they are mostly about delivery or other issues. So most relevant one is probably https://www.virtualmin.com/node/35021 and that one is left without final resolution. Everything works as expected, so we have ignored the following warnings for long time, but it's really high time to get to the gist of the issue and to receive definitive answer of Virtualmin team on the subject.

So if you run the postfix reload or postconf -n command, then you will receive:

-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions

One one of the virtualmin.com discussion I've noticed recommendation just to delete occurrences of "mua" variable in master.cf. Could you please confirm it is really the best resolution for the issue?

Status: 
Closed (fixed)

Comments

Title: postconf -n warnings » undefined parameter: mua_sender_restrictions

let's change the title to find this easier in posterity.

Assigned: Unassigned »

So I'm confuses as to where mua_helo_restrictions is coming from in the first place - it's not actually something that Virtualmin sets.

Hmm somehow it did by us to.

With the Install Virtualmin V6 august-sep 2017.

Don't know or it was there right after the install, or it became after the config tried in the GUI settings of virtualmin. ( postfix and exim in there) also the sasl was not set configured that period. Did the install 2 times so i am sure about that.

But for sure it was there only few other things installed.: Things for DKIM while not worked out of the box and UH CSF.. Those YEP > (remi php ( for having php 5.6 fpm and iondcube working) repo and codeitguru apache for the http2 and therefore depending parts from epel)

Also for me now access denied https://www.virtualmin.com/node/52695#comment-798214

smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING


smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING

And:.

Sep  2 07:02:20 vp postfix/smtpd[5026]: connect from unknown[.......iphere]
Sep  2 07:02:20 vp postfix/smtpd[5026]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep  2 07:02:20 vp postfix/smtpd[5026]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep  2 07:02:20 vp postfix/smtpd[5026]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep  2 07:02:20 vp postfix/smtpd[5026]: warning: xsasl_cyrus_server_get_mechanism_list: no mechanism available
Sep  2 07:02:20 vp postfix/smtpd[5026]: fatal: no SASL authentication mechanisms

was in it at that time, now solved here but posting FYI. ( changing all manually after)

So maybe with the older initial installs off V6 virtualmin.

Or but i can't see why because of the other repo;s we use.

ONly trying to help here, not to spam topic! (CENTOS 7x)

Checking with repoquery -i postfix shows it is installed from base repository:

repoquery -i postfix

Name        : postfix
Version     : 2.10.1
Release     : 6.el7
Architecture: x86_64
Size        : 12773475
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Group       : System Environment/Daemons
URL         : http://www.postfix.org
Repository  : base
Summary     : Postfix Mail Transport Agent
Source      : postfix-2.10.1-6.el7.src.rpm
Description :
Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
TLS

Is that right, Jamie, should Postfix be installed from Virtualmin's repository or base? If it should be installed from base then should we script automatic deletion of those two variables or Webmin/Virtualmin can deal with this?

I understand that those settings might not be coming from Virtualmin, however the issue is taking place on Virtualmin systems (if you google $mua_sender_restrictions, then you will find lot's of Virtualmin discussions) and we'd like to find the best solution to it. So what's your best advice?

Here base also and the same output.

Do those directives perhaps exist in your /etc/postfix/master.cf file in a commented-out block?

Here is the output of the whole /etc/postfix/master.cf file. Note this is taking place on a fresh Virtualmin install, no any customizations made yet:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
#submission inet n       -       n       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       n       -       -       qmqpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp      unix  -       n       n       -       -       pipe
#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail    unix  -       n       n       -       -       pipe
#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp     unix  -       n       n       -       -       pipe
#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix -       n       n       -       2       pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#
#mailman   unix  -       n       n       -       -       pipe
#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
#  ${nexthop} ${user}
submission inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes

No not a commented out here that for sure also. ;)

CENTOS 7.x base Package from hoster before the installation, if only with CENTOS 7?

Ok, so those existing commented lines

#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions

which are part of the default config is what Virtualmin is picking up and duplicating.

The next release of Virtualmin will remove these since they seem un-necessary.

Status: Active » Fixed (pending)

Cool as finally this bug which has lasted for many years will be addressed!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Which version is this fixed in? I just installed a fresh 6.07 on Ubuntu 18.04 and this problem still occurs. If you run postcheck you get the same problem as reported here.

root@rapid:/etc/postfix# service postfix check
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
...

Checking master.fs it is referencing these symbols.

#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps   inet    n       -       y       -       -       smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING

Seems like this started about 2014 with a postfix update.

https://sourceforge.net/p/webadmin/mailman/message/32955304/

Reading above it sounds like Virtualmin if copying them out of the comments. I think those are just example options, not necessary the setting you would actually use. And that you can add your own values here or to 'main.cf'. Probably more robust to add the actual options Virtualmin wants to the bottom of 'main.cf' with the other settings.

Just delete those variables from master.cf you don't want to override them , you should have all your restrictions set in main.cf

example line from master.cf :

smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING

If you have set rest of variables in main.cf you can delete the rest of overrides.