These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for postfix smtp relay fail after recent virtualmin upgrade on the new forum.
Web Hosting and Cloud Computing Control Panels
Howdy,
Hmm, upgrading Virtualmin shouldn't affect the Postfix configuration.
See your Postfix config would help -- could you paste in the output of "postconf -n"?
-Eric
thanks Eric and yes i never ever had a problem before, i been using the virtualmin GPL version on over 30 servers for over 6 years and nothing like this, i login and see things changed that shouldn't be but i can't figure out all the issues with this one server, thanks again.
alias_database = hash:/etc/aliasesalias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
fallback_relay =
home_mailbox = Maildir/
ignore_mx_lookup_error = yes
inet_interfaces = all
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mydestination = ns313.atozstoresonline.info, localhost.atozstoresonline.info, , localhost
myhostname = ns313.atozstoresonline.info
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
sender_bcc_maps = hash:/etc/postfix/bcc
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_delay_reject = no
smtpd_sasl_auth_enable = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual
postconf: warning: /etc/postfix/main.cf: unused parameter: smtpd_relay_restrictions=permit_mynetworks permit_sasl_authenticated reject_unauth_destination
Howdy,
Hmm, it doesn't appear that there is a
smtpd_recipient_restrictionsline in your /etc/postfix/main.cf.Also, it appears that there is a line
smtpd_relay_restrictions, containing what should be in thesmtpd_recipient_restrictions.Is it possible that someone accidentally changed that?
The smtpd_relay_restrictions parameter isn't actually valid though, except on very recent Postfix versions -- more recent than any Virtualmin distro provides by default.
In theory though, it may be as simple as renaming
smtpd_relay_restrictionstosmtpd_recipient_restrictions, and then restarting Postfix.-Eric
Hi Eric, i checked everything and i don't see anyway it could have been changed manually, i don't see any flags by our security dept. that monitors all traffic and no one here had changed it (2 other admins)
it was caused after a ubuntu update to 12.04.3 Postfix version 2.9.6
are u able to make the change to the below that i can paste right into the cf file,.
main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = ns313.atozstoresonline.info
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = ns313.atozstoresonline.info, localhost.atozstoresonline.info, , localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
ignore_mx_lookup_error = yes
fallback_relay =
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_delay_reject = no
Hmm, that's very odd! Ubuntu 12.04 is one of the most common distros running Virtualmin, and I use that for the majority of my systems -- but we hadn't received any reports of that happening before.
That parameter isn't valid on that Postfix version, so if that happened to anyone else, it would have broken their installation as well.
The fix should be straight forward though -- you'd just need to find this line:
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destinationAnd change it to read as follows:
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destinationAnd then restart Postfix:
/etc/init.d/postfix restartLet us know if that fixes it up for you!
-Eric
Hi Eric, it fixed the relay message but when email is to be sent it pops up with bad username/password instead now, wonder if someone tried to fix the relay issue and turned off something else but the server receives mail and users can send mail using usermin but not smtp through outlook, thunderbird, etc.,
Howdy,
When that happens, what error shows up in the email log in /var/log/mail.log?
-Eric
Nov 18 13:06:29 ns313 postfix/smtpd[3116]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Nov 18 13:06:29 ns313 postfix/smtpd[3114]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Nov 18 13:06:29 ns313 postfix/smtpd[3114]: warning: 50-202-171-113-static.hfc.comcastbusiness.net[50.202.171.113]: SASL LOGIN authentication failed: generic failure Nov 18 13:06:29 ns313 postfix/smtpd[3116]: warning: 50-202-171-113-static.hfc.comcastbusiness.net[50.202.171.113]: SASL LOGIN authentication failed: generic failure Nov 18 13:06:29 ns313 postfix/smtpd[3114]: lost connection after AUTH from 50-202-171-113-static.hfc.comcastbusiness.net[50.202.171.113] Nov 18 13:06:29 ns313 postfix/smtpd[3114]: disconnect from 50-202-171-113-static.hfc.comcastbusiness.net[50.202.171.113] Nov 18 13:06:29 ns313 postfix/smtpd[3116]: lost connection after AUTH from 50-202-171-113-static.hfc.comcastbusiness.net[50.202.171.113] Nov 18 13:06:29 ns313 postfix/smtpd[3116]: disconnect from 50-202-171-113-static.hfc.comcastbusiness.net[50.202.171.113]
here is a error from the log
looks like a director is missing for SASL authentication
It looks like your SASL installation is incorrect... What output do you get for these command?
I'm surprised a simple Ubuntu update should cause all this to happen. I have serious doubts that an update modifies your main.cf and replaces the client_restrictions directive with relay_restrictions, that doesn't make any sense.
IF there is an update that modifies the config (it can happen - when there's a new config file in the package), you're asked if you want to keep your version of the config, use the new package one, or merge the two. And the default action (which is applied during unattended updates) is to keep the existing config.
that was the case and i chose new package without thinking about it
3741 0.0 0.1 4388 804 pts/0 S+ 18:23 0:00 grep --color=auto sasl
this is what i get for the command.
Okay, looks like the saslauthd is not running. What about the second command I listed?
/usr/sbin/