LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Post rejecting connections on 127.0.0.1 on localhost (http://www.linuxquestions.org/questions/linux-server-73/post-rejecting-connections-on-127-0-0-1-on-localhost-548924/)

flashingcurser 04-25-2007 12:23 PM

Post rejecting connections on 127.0.0.1 on localhost
 
I took the plunge and updated sarge to etch and now it rejects localhost proxy connections from spamassassin, postgrey, clamsmtp.

Other clues: outgoing works fine. It is queueing up the mail just fine, because I am not getting any bounces when I sent to addresses on that machine. It is also unable to deliver admin system messages.

Main.cf
Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h

myhostname = webservices1.firstdomain.us
myorigin = /etc/mailname
mydestination = webservices1.firstdomain.us, mail.firstdomain.us, lists.firstdomain.us, firstdomain.us, mail.seconddomain.org, etc....
mynetworks = 127.0.0.0/8 192.168.2.0/24 192.168.1.0/24

smtpd_sasl_local_domain =
## $myhostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
virtual_alias_maps = hash:/etc/postfix/virtual, hash:/var/lib/mailman/data/aliases
##, hash:/var/lib/mailman/data/aliases
##virtual_maps = hash:/var/lib/mailman/data/virtual-mailman

relayhost =
## mailmain stuff
relay_domains = lists.fistdomain.us, lists.seconddomain.org
transport_maps = hash:/etc/postfix/transport
mailmain_destination_recipient_limit = 1
mailbox_command =
mailbox_size_limit = 0

recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

disable_vrfy_command = yes
strict_rfc821_envelopes = yes

smtpd_helo_required = yes

smtpd_helo_restrictions =
        permit_mynetworks,
        reject_invalid_hostname,
        regexp:/etc/postfix/helo.regexp,
        permit

smtpd_recipient_limit = 20
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 10
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination,
        check_policy_service inet:127.0.0.1:60000,
        check_recipient_access hash:/etc/postfix/access,
        check_client_access hash:/etc/postfix/helo_client_exceptions,
        check_sender_access  hash:/etc/postfix/sender_checks,
        reject_rbl_client sbl-xbl.spamhaus.org,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client bl.spamcop.net,
        reject_rhsbl_sender dsn.rfc-ignorant.org,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_non_fqdn_sender,
        reject_unauth_pipelining,
        check_client_access hash:/etc/postfix/rbl_client_exceptions,
        permit

unknown_address_reject_code  = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
unknown_client_reject_code  = 554

smtpd_sender_restrictions =
        permit_mynetworks,
        reject_rhsbl_sender dsn.rfc-ignorant.org,
        permit_sasl_authenticated,
        reject_sender_login_mismatch,
        hash:/etc/postfix/access,
        permit

content_filter = scan:[127.0.0.1]:10025

home_mailbox = Maildir/

A snipit of a typical error message:
Code:

Apr 25 09:59:27 webservices1 postfix/smtp[20814]: connect to 127.0.0.1[127.0.0.1]: Connection refused (port 10025)
The above is the outgoing connection from antivirus proxy on 10025

Thanks

dan

Okie 04-25-2007 03:42 PM

/usr/sbin/iptables -A INPUT -i lo -j ACCEPT
/usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT


no guarentees, this might fix it

flashingcurser 04-26-2007 12:48 PM

Thanks Okie for responding. I don't use iptables on this box, as it is behind a firewall in a dmz and has only very specific services that are well maintained.

I did figure out what it was. I am using clamsmpt, as an anti-virus proxy. The config script for clamsmtp in sarge had the ports reversed for incoming and outgoing as compared with clamsmtp's install instructions. Somewhere between then and now the maintainers corrected this, I naturally kept my config script during the upgrade from sarg to etch. So in essence, after the upgrade MY set up was backwards. I simply set the ports per clamsmtp's install instructions and viola mail queue's started dumping.

What I don't fully understand, however, is why other services like spamassassin were coming up with similar errors in log files.


All times are GMT -5. The time now is 04:31 AM.