Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

lost connection after UNKNOWN from unknown[192.168.1.5]

2,290 views
Skip to first unread message

kloaka

unread,
Aug 30, 2011, 2:44:13 PM8/30/11
to
Hi,
i want my postfix to be able to relay mail for me wherever i am setting
all necessary spam blacklists and all other security measures to not
make it an openrlay. My postfix is going to be ssl/tls capable and it
has a basic configuration by now:
# postconf -n

> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> config_directory = /etc/postfix
> debug_peer_list = $mydomaine
> disable_dns_lookups = yes
> html_directory = /usr/share/doc/postfix/html
> inet_interfaces = all
> mailbox_command = procmail -a "$EXTENSION"
> mailbox_size_limit = 0
> mydestination = xyz.dyndns.org, localhost.dyndns.org, , localhost
> myhostname = xyz.dyndns.org
> mynetworks = 192.168.1.0/24 192.168.1.5 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> myorigin = /etc/mailname
> readme_directory = /usr/share/doc/postfix
> recipient_delimiter = +
> relayhost = [smtp.relayhost.com]:587
> smtp_sasl_auth_enable = yes
> smtp_sasl_mechanism_filter = plain, login
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_sasl_security_options = noanonymous
> smtp_tls_CAfile = /etc/postfix/ssl/CA.pem
> smtp_tls_cert_file = /etc/postfix/ssl/cert.pem
> smtp_tls_key_file = /etc/postfix/ssl/key.pem
> smtp_tls_mandatory_ciphers = high
> smtp_tls_mandatory_protocols = TLSv1
> smtp_tls_scert_verifydepth = 1
> smtp_tls_secure_cert_match = nexthop
> smtp_tls_security_level = secure
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_sasl_auth_enable = no
> smtpd_tls_cert_file = /etc/postfix/ssl/cert.pem
> smtpd_tls_key_file = =/etc/postfix/ssl/key.pem
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
> transport_maps = hash:/etc/postfix/transport

and these are the errors reported by logs:

> match_list_match: ?: no match
> unknown[192.168.1.5]: 502 5.5.2 Error: command not recognized
> smtp_get: EOF
> match_hostname: unknown ~? 192.168.1.0/24
> match_hostaddr: 192.168.1.5 ~? 192.168.1.0/24
> lost connection after UNKNOWN from unknown[192.168.1.5]
> disconnect from unknown[192.168.1.5]

Plus some other SSL errors like:

> cannot get private key from file =/etc/postfix/ssl/key.pem
> warning: TLS library problem: 29546:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('=/etc/postfix/ssl/key.pem','r'):
> warning: TLS library problem: 29546:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
> warning: TLS library problem: 29546:error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib:ssl_rsa.c:648:

If youhave anyother question just ask ... cheers

G

Martin Gregorie

unread,
Aug 30, 2011, 3:22:46 PM8/30/11
to
On Tue, 30 Aug 2011 20:44:13 +0200, kloaka wrote:

> i want my postfix to be able to relay mail for me wherever i am setting
>

What does this mean? Does it mean that you want set up a home Postfix MTA
that can send and receive mail to and from a single laptop wherever it
happens to be?

- If so, what are you running on the laptop to talk the your home MTA and
what protocols and ports will it use to send and receive mail?

- Is the 'relayhost' directive supposed to help with this transfer or
is it doing something else?

If this is not what you mean, kindly explain in greater detail what you
are trying to do.


--
martin@ | Martin Gregorie
gregorie. | Essex, UK
org |

kloaka

unread,
Sep 2, 2011, 10:59:46 PM9/2/11
to
On 08/30/2011 09:22 PM, Martin Gregorie wrote:

> If this is not what you mean, kindly explain in greater detail what you
> are trying to do.
>
>

At the moment i just want to be able to use my local postfix to emails
from hosts in my lan and it's not happening :

> Sep 3 04:44:45 smtp postfix/smtpd[10791]: < smtp.mydyndomain.org[192.168.1.2]: ?
> Sep 3 04:44:45 smtp postfix/smtpd[10791]: match_string: ? ~? CONNECT
> Sep 3 04:44:45 smtp postfix/smtpd[10791]: match_string: ? ~? GET
> Sep 3 04:44:45 smtp postfix/smtpd[10791]: match_string: ? ~? POST
> Sep 3 04:44:45 smtp postfix/smtpd[10791]: match_list_match: ?: no match
> Sep 3 04:44:45 smtp postfix/smtpd[10791]: > smtp.mydyndomain.org[192.168.1.2]: 502 5.5.2 Error: command not recognized
> Sep 3 04:45:17 smtp postfix/smtpd[10791]: smtp_get: EOF
> Sep 3 04:45:17 smtp postfix/smtpd[10791]: match_hostname: smtp.mydyndomaim.org ~? 192.168.1.0/24
> Sep 3 04:45:17 smtp postfix/smtpd[10791]: match_hostaddr: 192.168.1.2 ~? 192.168.1.0/24
> Sep 3 04:45:17 smtp postfix/smtpd[10791]: lost connection after UNKNOWN from smtp.mydyndomain.org[192.168.1.2]
> Sep 3 04:45:17 smtp postfix/smtpd[10791]: disconnect from smtp.mydyndomain.org[192.168.1.2]

i'm trying to send from the same machine where postfix is i show you my
actual configuration:

> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> config_directory = /etc/postfix

> delay_warning_time = 4h
> disable_dns_lookups = yes
> home_mailbox = Maildir/
> inet_interfaces = all
> inet_protocols = all


> mailbox_command = procmail -a "$EXTENSION"
> mailbox_size_limit = 0

> mydestination = $mydomain, $myhostname, localhost.dyndns.org, , localhost
> mydomain = mydyndomain.org
> myhostname = smtp.$mydomain
> mynetworks = 192.168.1.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> mynetworks_style = subnet
> myorigin = /etc/mailname
> readme_directory = no
> recipient_delimiter = +
> relayhost = [smtp.myrelayhost.org]:587


> smtp_sasl_auth_enable = yes
> smtp_sasl_mechanism_filter = plain, login
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_sasl_security_options = noanonymous

> smtp_sasl_tls_security_options = $smtp_sasl_security_options


> smtp_tls_CAfile = /etc/postfix/ssl/CA.pem
> smtp_tls_cert_file = /etc/postfix/ssl/cert.pem
> smtp_tls_key_file = /etc/postfix/ssl/key.pem

> smtp_tls_security_level = may


> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname ESMTP $mail_name

> smtpd_tls_cert_file = /etc/postfix/ssl/cert.pem
> smtpd_tls_key_file = /etc/postfix/ssl/key.pem
> smtpd_tls_security_level = may


> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
> transport_maps = hash:/etc/postfix/transport

I don't understand that
> lost connection after UNKNOWN from smtp.mydyndomain.org[192.168.1.2]

do you know what it is due ? it looks to me a basic configuration it's
not the fist time i'm on postfix but it's getting frustrating ...

Cheers

Martin Gregorie

unread,
Sep 3, 2011, 9:54:39 AM9/3/11
to
On Sat, 03 Sep 2011 04:59:46 +0200, kloaka wrote:

> At the moment i just want to be able to use my local postfix to emails
> from hosts in my lan and it's not happening :
>

I'm doing just that. Here's how I have things set up:

- on my LAN mailserver

- I have postfix configured to put all mail addressed to people
on the LAN in local mailboxes, so they all have logins on the
mail server. /etc/aliases is configured to support this and to
divert all system mail, such as mail sent to root, into my mailbox.

The postfix 'relayhost' directive points to my ISP's mail server
so that all mail addressed to people outside my LAN gets sent via
my ISP's mail service. This is standard practice.

- I use getmail to retrieve incoming mail from my ISP using POP3.

Its MDA script passes incoming mail to Spamassassin by passing it
to spamc and then piping spamc output to the postfix sendmail
utility for delivery to postfix.

- I have the Spamassassin server, spamd, running as a service on
the mail server.

- I have Dovecot running on my mail server. It allows other hosts
on the LAN to retrieve their mail via POP3 or IMAP.

- I copy all mail to a mail archive in the LAN mail server by adding
an 'always_bcc' directive to the postfix configuration. This sends
copies of incoming and outgoing mail to a dedicated local mailbox
which belongs to the user where the mail archive is installed.

- on other computers on the LAN:

- I use Evolution as my MUA on Linux hosts and Pegasus on the
sole Windows host. These are configured to use POP3
to retrieve incoming mail via Dovecot and to send outbound mail
to the LAN mail server using SMTP.

- the Linux hosts on the LAN all run Postfix instead of the
default sendmail. These have /etc/aliases set to redirect all system
generated messages, that normally go the root, to my mailbox on the
LAN mail server. The 'relay_host' directive is set to point to the
LAN mail server.

The major benefits of this arrangement are that:

- all logwatch reports, etc arrive in my mailbox each morning.

- copies of all incoming mail as well as copies of all mail sent from
any host on the LAN get put in the mail archive.

- if I should change my ISP I'd only need to reconfigure getmail and the
central copy of Postfix. Nothing else would change.

> i'm trying to send from the same machine where postfix is i show you my
> actual configuration:
>

The best way to do this is to run the command:

postconf -n

which gives nicely formatted output and only shows the directives you
have changed.

0 new messages