Postfix not working after adding SSL

mainenotarynet · October 16, 2018, 7:25pm

My mail is receiving, not sending stuck in MailQueue here aare the files you need. I have been looking for DAYS no help on internet

Main.cf All comments taken out – if it matters, my SSL is through letsencrypt. All my domains have their own but a default matching the ‘master’ domain was copied within virtualmin


daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
inet_protocols = all
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
broken_sasl_auth_clients = yes
mailbox_size_limit = 0
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtp_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination permit_inet_interfaces
smtp_sasl_auth_enable = yes
smtpd_helo_required = yes
smtp_use_tls = yes
smtpd_sasl_auth_enable = yes

Master.cf – also with all commented lines (except ones with -o in them, not sure what these are anyways)


# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp	inet	n	-	n	-	-	smtpd -o smtpd_sasl_auth_enable=yes
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
#submission inet n       -       n       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps	inet	n	-	n	-	-	smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       n       -       -       qmqpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
submission	inet	n	-	n	-	-	smtpd -o smtpd_sasl_auth_enable=yes

Since I have absolutely no idea why it stopped working after ‘forcing’ SSL like the rest of my site(s) I may have broken something and not known it.

Also is there a pgp encryption, and how to use it.

Any help or insight as to where I puked it, would be greatly appreciated.

Jfro · October 25, 2018, 7:16am

Some info’s to read also forumrules say to post all software versions used and error log messages while in the blind… for the support guys of virtualmin
https://www.virtualmin.com/node/53663

https://github.com/virtualmin/Virtualmin-Config/blob/master/lib/Virtualmin/Config/Plugin/Postfix.pm

https://www.virtualmin.com/comment/804095#comment-804095

And postfix info from postfix http://www.postfix.org/postconf.5.html

So please read some and then post more info what didn’t work with versions and errors or other messages.
You can config in the admin GUI part or also there edit the config manualy.

You didn’t say also with other mailpart you use ( dovecot? )

Do some telnet tests on your box to.
And take care of ports trafic tcp, udp … and firewalls

mainenotarynet · October 25, 2018, 12:20pm

OK I have no idea on the version (whatever the last update in Virtualmin set it at – all I know is I get mail but cannot SEND any mail and it started not working after SSL. I searched online for weeks and weeks and no help in ANY place, but every post asked for these two files.

But it seems there is no help here either – maybe I’ll just have to find how to swith over to Sendmail, but evenn THAT may Barf at me, I’d rather fix this, don’t spew rules and sites at me, ofer help or don’t.

Jfro · October 25, 2018, 2:44pm

I don’t then.
While above was help, but refusing to look a litle further for example how to find versions which virtualmin and OS and so on , i expect support can’t help you either if not knowing more.

Good luck

Eric · October 25, 2018, 2:57pm

Howdy,

You mentioned that the emails were stuck in the mail queue – often when that happens, there is an error associated those messages.

What error do you see?

That is, try running this command:

mailq | tail -30

Can you share the output you see with that command?

Also, what if you try to send a new email, can you share what message(s) appear in the mail logs, which would be either /var/log/maillog or /var/log/mail.log?

-Eric

atleast · October 25, 2018, 3:12pm

mainenotarynet Can you brief if you followed any instructions to config postfix and dovecot? If yes where. I can give you a link that I followed and it worked.
After that I have had to tweak a lot. On this same forum there are many threads that discuss these issues.
For now virtualmin handling of postfix is the best and extremely userfriendly but it still requires configuration.
Please reply to last post of Eric and he can throw some light.

I will compare your configs with what i have on a functional setup and will revert