There are lot's of discussions on virtualmin.com which mention the same postfix -n warnings, however they are mostly about delivery or other issues. So most relevant one is probably https://www.virtualmin.com/node/35021 and that one is left without final resolution. Everything works as expected, so we have ignored the following warnings for long time, but it's really high time to get to the gist of the issue and to receive definitive answer of Virtualmin team on the subject.
So if you run the postfix reload or postconf -n command, then you will receive:
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
One one of the virtualmin.com discussion I've noticed recommendation just to delete occurrences of "mua" variable in master.cf. Could you please confirm it is really the best resolution for the issue?
Comments
Submitted by yngens on Thu, 10/18/2018 - 12:07 Comment #1
let's change the title to find this easier in posterity.
Submitted by andreychek on Thu, 10/18/2018 - 12:14 Comment #2
Submitted by JamieCameron on Fri, 10/19/2018 - 00:54 Comment #3
So I'm confuses as to where
mua_helo_restrictionsis coming from in the first place - it's not actually something that Virtualmin sets.Submitted by Jfro on Fri, 10/19/2018 - 03:33 Comment #4
Hmm somehow it did by us to.
With the Install Virtualmin V6 august-sep 2017.
Don't know or it was there right after the install, or it became after the config tried in the GUI settings of virtualmin. ( postfix and exim in there) also the sasl was not set configured that period. Did the install 2 times so i am sure about that.
But for sure it was there only few other things installed.: Things for DKIM while not worked out of the box and UH CSF.. Those YEP > (remi php ( for having php 5.6 fpm and iondcube working) repo and codeitguru apache for the http2 and therefore depending parts from epel)
Also for me now access denied https://www.virtualmin.com/node/52695#comment-798214
smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
And:.
Sep 2 07:02:20 vp postfix/smtpd[5026]: connect from unknown[.......iphere]Sep 2 07:02:20 vp postfix/smtpd[5026]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep 2 07:02:20 vp postfix/smtpd[5026]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep 2 07:02:20 vp postfix/smtpd[5026]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep 2 07:02:20 vp postfix/smtpd[5026]: warning: xsasl_cyrus_server_get_mechanism_list: no mechanism available
Sep 2 07:02:20 vp postfix/smtpd[5026]: fatal: no SASL authentication mechanisms
was in it at that time, now solved here but posting FYI. ( changing all manually after)
So maybe with the older initial installs off V6 virtualmin.
Or but i can't see why because of the other repo;s we use.
ONly trying to help here, not to spam topic! (CENTOS 7x)
Submitted by yngens on Fri, 10/19/2018 - 03:11 Comment #5
Checking with
repoquery -i postfixshows it is installed frombaserepository:repoquery -i postfix
Name : postfix
Version : 2.10.1
Release : 6.el7
Architecture: x86_64
Size : 12773475
Packager : CentOS BuildSystem <http://bugs.centos.org>
Group : System Environment/Daemons
URL : http://www.postfix.org
Repository : base
Summary : Postfix Mail Transport Agent
Source : postfix-2.10.1-6.el7.src.rpm
Description :
Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
TLS
Is that right, Jamie, should Postfix be installed from Virtualmin's repository or
base? If it should be installed frombasethen should we script automatic deletion of those two variables or Webmin/Virtualmin can deal with this?I understand that those settings might not be coming from Virtualmin, however the issue is taking place on Virtualmin systems (if you google $mua_sender_restrictions, then you will find lot's of Virtualmin discussions) and we'd like to find the best solution to it. So what's your best advice?
Submitted by Jfro on Fri, 10/19/2018 - 03:50 Comment #6
Here base also and the same output.
Submitted by JamieCameron on Fri, 10/19/2018 - 23:43 Comment #7
Do those directives perhaps exist in your
/etc/postfix/master.cffile in a commented-out block?Submitted by yngens on Sat, 10/20/2018 - 01:16 Comment #8
Here is the output of the whole /etc/postfix/master.cf file. Note this is taking place on a fresh Virtualmin install, no any customizations made yet:
## Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
submission inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
Submitted by Jfro on Sat, 10/20/2018 - 03:19 Comment #9
No not a commented out here that for sure also. ;)
CENTOS 7.x base Package from hoster before the installation, if only with CENTOS 7?
Submitted by JamieCameron on Sat, 10/20/2018 - 19:07 Comment #10
Ok, so those existing commented lines
# -o smtpd_client_restrictions=$mua_client_restrictions# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
which are part of the default config is what Virtualmin is picking up and duplicating.
Submitted by JamieCameron on Sat, 10/20/2018 - 19:16 Comment #11
The next release of Virtualmin will remove these since they seem un-necessary.
Submitted by JamieCameron on Sat, 10/20/2018 - 19:16 Comment #12
Submitted by yngens on Sat, 10/20/2018 - 19:31 Comment #13
Cool as finally this bug which has lasted for many years will be addressed!
Submitted by IssueBot on Thu, 02/28/2019 - 09:07 Comment #14
Automatically closed - issue fixed for 2 weeks with no activity.
Submitted by aaronroydhouse on Sat, 08/31/2019 - 13:40 Comment #15
Which version is this fixed in? I just installed a fresh 6.07 on Ubuntu 18.04 and this problem still occurs. If you run postcheck you get the same problem as reported here.
root@rapid:/etc/postfix# service postfix check/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
/usr/sbin/postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
...
Checking master.fs it is referencing these symbols.
# -o syslog_name=postfix/submission# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
Submitted by aaronroydhouse on Sat, 08/31/2019 - 13:59 Comment #16
Seems like this started about 2014 with a postfix update.
https://sourceforge.net/p/webadmin/mailman/message/32955304/
Reading above it sounds like Virtualmin if copying them out of the comments. I think those are just example options, not necessary the setting you would actually use. And that you can add your own values here or to 'main.cf'. Probably more robust to add the actual options Virtualmin wants to the bottom of 'main.cf' with the other settings.
Submitted by Dexter00 on Thu, 04/16/2020 - 05:00 Comment #17
Just delete those variables from master.cf you don't want to override them , you should have all your restrictions set in main.cf
example line from master.cf :
smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATINGIf you have set rest of variables in main.cf you can delete the rest of overrides.