Here are configurations:
Postfix version 2.11.3
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mydestination = myserver.hide_example.com, localhost.hide_example.com, localhost
myhostname = myserver.hide_example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
sender_bcc_maps = hash:/etc/postfix/bcc
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_sasl_authenticated reject_unauth_destination permit_inet_interfaces reject_unknown_client
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous noplaintext
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual
postconf -M
smtp inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes
pickup unix n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
submission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=$myhostname -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_login_maps=hash:/etc/postfix/virtual -o smtpd_sender_restrictions=reject_sender_login_mismatch -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
smtp-14563106839717 unix - - - - - smtp -o smtp_bind_address=xxx.xxx.xxx.xxx
doveconf -n
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.7
auth_mechanisms = plain login
disable_plaintext_auth = no
mail_location = maildir:~/Maildir
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap pop3 pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
}
ssl = no
userdb {
driver = passwd
}
more /etc/procmailrc
LOGFILE=/var/log/procmail.log
TRAP=/etc/webmin/virtual-server/procmail-logger.pl
:0wi
VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl $LOGNAME
EXITCODE=$?
:0
* ?/usr/bin/test "$EXITCODE" = "73"
/dev/null
EXITCODE=0
:0
* ?/usr/bin/test "$VIRTUALMIN" != ""
{
INCLUDERC=/etc/webmin/virtual-server/procmail/$VIRTUALMIN
}
DEFAULT=$HOME/Maildir/
ORGMAIL=$HOME/Maildir/
DROPPRIVS=yes
:0
$DEFAULT
Error log /var/log/mail.info
Feb 10 09:57:12 myserver postfix/smtpd[28560]: connect from localhost[127.0.0.1]
Feb 10 09:57:12 myservers postfix/smtpd[28560]: C5DA71760831: client=localhost[127.0.0.1]
Feb 10 09:57:12 myservers postfix/cleanup[28356]: C5DA71760831: message-id=<1486695432.28525@mydomains.example>
Feb 10 09:57:12 myservers postfix/qmgr[2001]: C5DA71760831: from=<user_a@mydomains.example>, size=678, nrcpt=1 (queue active)
Feb 10 09:57:12 myservers postfix/smtpd[28560]: disconnect from localhost[127.0.0.1]
Feb 10 09:57:12 myservers dovecot: imap(user_a@mydomains.example): Connection closed in=781 out=2433
Feb 10 09:57:12 myservers postfix/local[28566]: C5DA71760831: to=<user_b-mydomains.example@myservers.com>, orig_to=<user_b@mydomains.example>, relay=local, delay=0.09, delays=0.04/0/0/0.04, dsn=5.2.0, status=bounced (can't create user output file)
Feb 10 09:57:12 myservers postfix/cleanup[28356]: DBB201761DF6: message-id=<20170210025712.DBB201761DF6@myservers.com>
Feb 10 09:57:12 myservers postfix/bounce[28576]: C5DA71760831: sender non-delivery notification: DBB201761DF6
Feb 10 09:57:12 myservers postfix/qmgr[2001]: DBB201761DF6: from=<>, size=2580, nrcpt=1 (queue active)
Feb 10 09:57:12 myservers postfix/qmgr[2001]: C5DA71760831: removed
Feb 10 09:57:12 myservers postfix/local[28566]: DBB201761DF6: to=<user_a-mydomains.example@myservers.hide_example.com>, orig_to=<user_a@mydomains.example>, relay=local, delay=0.03, delays=0/0/0/0.03, dsn=5.2.0, status=bounced (can't create user output file)
Feb 10 09:57:12 myservers postfix/qmgr[2001]: DBB201761DF6: removed
Related to virtual /etc/postfix/virtual
...
user_a@mydomains.example user_a-mydomains.example
user_b@mydomains.example user_b-mydomains.example
...
It was working before postfix distribution upgrade (debian_version 8.7). This server can not send between its virtual user/domain, cannot send to external, and cannot receive from external.
Thank you
IGAM
First try to reboot your server as there is a small chance it will help. If after server restart the problem is still present try to force logrotate. If that doesnt help check the log files it could be some (one) of them got too big. Sometimes Vm for one reason or another will not rotate the log file and it could cause to grow up hundreds of MB or even few dozen GB.
If all this didnt help check the quota for that user(s). If all this is ok, then i suspect it could be that upgrade messed up user permissions and now users cant write in mail folders.
This is all what i can think of right now, but maybe after i drink my first morning coffee something new comes into my mind.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
I did restarting the server, but the problem still exist.
Did you try my other suggestions? Now thinking, if you didnt try my other suggestions go with reverse order. The message "(can't create user output file)" sometimes show up when user permissions for mail folder(s) are wrong.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
Yes I did your suggestion. I restart the VPN and also its host (its host is Centos 6 with KVM). I also did "Force Log Rotation" via webmin -> System -> Log File Rotation.
I suspect something wrong with maildir after postfix upgrade. I also put -v option on master.cf at line smtp inet n - - - - smtpd -v -o smtpd_sasl_auth_enable=yes. But I don't understand how to read it :( .
btw, does virtualmin use virtual_alias_domains option in main.cf?
are there something wrong with mailbox configuration?
# postconf -d | grep mailboxhome_mailbox =
mailbox_command =
mailbox_command_maps =
mailbox_delivery_lock = fcntl, dotlock
mailbox_size_limit = 51200000
mailbox_transport =
mailbox_transport_maps =
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps
strict_mailbox_ownership = yes
unknown_virtual_mailbox_reject_code = 550
virtual_mailbox_base =
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl, dotlock
virtual_mailbox_maps =
Virtualmin 5.05 Webmin 1.831
Did you check your email files and folders if they have correct user and group? Check if "/home/vs_name/homes/xxxxx" have owner/group set to xxxxx.vs_name/vs_name, where xxxxx is the name of that user.
For example: If you have user "Jim" with "yourdomain.tld" you should have inside "/home/yourdomain/homes/" a folder named "jim" with permissions set to jim.yourdomain as owner and yourdomain as group.
I dont want to rule out wrong settings but that error usually is connected with wrong permissions so before you start digging in settings and changing them just be sure that permissions are properly set. Otherwise you will end in even bigger mess than you have now.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
Thank you for your guide. Here is the folder owner, group and permission:
# ls /home/mydomains/homes/user_a -al
total 20
drwxrwxrwx 5 user_a@mydomains.example mydomains 4096 Feb 12 15:51 .
drwxr-xr-x 9 mydomains mydomains 4096 Feb 12 15:32 ..
drwxrwxrwx 9 user_a@mydomains.example mydomains 4096 Feb 8 08:40 Maildir
drwxr-xr-x 2 user_a@mydomains.example mydomains 4096 Feb 12 15:51 .tmp
drwxrwxrwx 6 user_a@mydomains.example mydomains 4096 Feb 8 08:40 .usermin
# ls /home/mydomains/homes/user_a/Maildir/ -al
total 52
drwxrwxrwx 9 user_a@mydomains.example mydomains 4096 Feb 8 08:40 .
drwxrwxrwx 5 user_a@mydomains.example mydomains 4096 Feb 12 15:51 ..
drwxrwxrwx 2 user_a@mydomains.example mydomains 4096 Feb 8 08:39 cur
-rwxrwxrwx 1 user_a@mydomains.example mydomains 168 Feb 8 08:40 dovecot.index.log
-rwxrwxrwx 1 user_a@mydomains.example mydomains 51 Feb 8 08:40 dovecot-uidlist
-rwxrwxrwx 1 user_a@mydomains.example mydomains 8 Feb 8 08:40 dovecot-uidvalidity
-rwxrwxrwx 1 user_a@mydomains.example mydomains 0 Feb 8 08:40 dovecot-uidvalidity.589a770f
drwxrwxrwx 5 user_a@mydomains.example mydomains 4096 Feb 8 08:40 .Drafts
drwxrwxrwx 2 user_a@mydomains.example mydomains 4096 Feb 8 08:39 new
drwxrwxrwx 5 user_a@mydomains.example mydomains 4096 Feb 12 15:51 .Sent
drwxrwxrwx 5 user_a@mydomains.example mydomains 4096 Feb 8 08:40 .spam
-rwxrwxrwx 1 user_a@mydomains.example mydomains 23 Feb 8 08:39 subscriptions
drwxrwxrwx 2 user_a@mydomains.example mydomains 4096 Feb 8 08:39 tmp
drwxrwxrwx 5 user_a@mydomains.example mydomains 4096 Feb 8 08:40 .Trash
First add "permit_mynetworks" to "smtpd_recipient_restrictions". Second, (re)check mail, user and server quota and take a look if there is any email in mail queue.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
I foolow your instrauction add smtpd_recipient_restrictions in line permit_networks at /etc/postfix/main.cf and here are quota check results
# repquota -u user_a@mydomains.example
repquota: Cannot stat() given mountpoint user_a@mydomains.example: No such file or directory
Skipping...
repquota: No correct mountpoint specified.
repquota: Cannot initialize mountpoint scan.
# quota -u user_a@mydomains.example
Disk quotas for user user_a@mydomains.example (uid 1017):
Filesystem blocks quota limit grace files quota limit grace
/dev/sda2 236 1048576 1048576 65 0 0
# quota -g mydomains
Disk quotas for group mydomains (gid 1011): none
# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda2 396379400 5262328 370959072 2% /
udev 10240 0 10240 0% /dev
tmpfs 618520 16276 602244 3% /run
tmpfs 1546292 4 1546288 1% /dev/shm
tmpfs 5120 4 5116 1% /run/lock
tmpfs 1546292 0 1546292 0% /sys/fs/cgroup
/dev/sda1 944120 31764 847180 4% /boot
# quota -u mail
Disk quotas for user mail (uid 8): none
# quota -g mail
Disk quotas for group mail (gid 8): none
# repquota -a
*** Report for user quotas on device /dev/sda2
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
...
mydomains -- 1189124 0 0 26665 0 0
user_a@mydomains.example -- 236 1048576 1048576 65 0 0
I can email to outside gmail, when this server receive email from gmail, error "postfix/smtpd[]: fatal: no SASL authentication mechanisms" appears in /var/log/mail.info
Try this: Run "systemctl status saslauthd" and see what you get as answer. If you get anything else of "Active: active (running) ..." it means saslauthd is not running or somehow isnt installed. In this case try with "systemctl start saslauthd". If even this doesnt help then probably is missing from your system and you must install it "yum install cyrus-sasl-plain".
This commands are for Centos 7, if you are using other distro you must change them accordingly.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
Saslauthd is running, here is the output:
Using service
# service saslauthd status
● saslauthd.service - LSB: saslauthd startup script
Loaded: loaded (/etc/init.d/saslauthd)
Active: active (running) since Thu 2017-02-16 14:59:37 WIB; 1 day 2h ago
Process: 589 ExecStart=/etc/init.d/saslauthd start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/saslauthd.service
├─705 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
├─706 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
├─707 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
├─708 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
└─709 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
Feb 16 14:59:37 myservers saslauthd[705]: detach_tty : master pid is: 705
Feb 16 14:59:37 myservers saslauthd[705]: ipc_init : listening on socket: /var/spool/postfix/var/run/saslauthd/mux
Feb 16 14:59:37 myservers saslauthd[589]: Starting SASL Authentication Daemon: saslauthd.
Feb 16 14:59:37 myservers systemd[1]: Started LSB: saslauthd startup script.
Using systemctl
# systemctl status saslauthd
● saslauthd.service - LSB: saslauthd startup script
Loaded: loaded (/etc/init.d/saslauthd)
Active: active (running) since Thu 2017-02-16 14:59:37 WIB; 1 day 2h ago
Process: 589 ExecStart=/etc/init.d/saslauthd start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/saslauthd.service
├─705 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
├─706 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
├─707 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
├─708 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
└─709 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
Feb 16 14:59:37 myservers saslauthd[705]: detach_tty : master pid is: 705
Feb 16 14:59:37 myservers saslauthd[705]: ipc_init : listening on socket: /var/spool/postfix/var/run/saslauthd/mux
Feb 16 14:59:37 myservers saslauthd[589]: Starting SASL Authentication Daemon: saslauthd.
Feb 16 14:59:37 myservers systemd[1]: Started LSB: saslauthd startup script.
here is /etc/default/saslauthd
START=yesDESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/run/saslauthd"
OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r"
I remove the comment tag #
Ok last try, run "iptables -L -n", "netstat -l", "netstat -na | grep -i LISTEN" and post it here.
If all this comes out in order i would make a backup per domain (data/mysql), wipe out the server and start fresh. Other solution would be to hire Vm devs to check your server. In case you have Pro version i think this is included in their support, so maybe you dont have to pay anything just open a ticket under "Issues".
For now post the results so we can see if the problem is with software not listening, listening on wrong ports or maybe iptables are wrongly configured.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.