Hi LQ!
My postfix stopped working after complaining about permissions on its $data_directory which are:
Code:
root@mail:~# ls -ld /var/lib/postfix/
drwxrw-rw- 2 postfix postdrop 4096 2008-11-17 22:49 /var/lib/postfix/
That's after i have changed it to get it working but it was owned by root.
These are the permissions for the file inside the $data_direcoty i have not changed:
Code:
root@mail:~# ls -la /var/lib/postfix/
total 120
drwxrw-rw- 2 postfix postdrop 4096 2008-11-17 22:49 .
drwx------ 65 root root 4096 2009-01-28 22:03 ..
-rw-rw-rw- 1 postfix postdrop 17 2009-01-27 01:47 master.lock
-rw-rw-rw- 1 postfix postdrop 1024 2009-01-28 23:19 prng_exch
-rw-rw-rw- 1 postfix postdrop 16384 2008-11-17 21:28 smtpd_scache.db
-rw-rw-rw- 1 postfix postdrop 24576 2009-01-28 23:18 smtpd_tls_session_cache.db
-rw-rw-rw- 1 postfix postdrop 8192 2008-11-17 21:10 smtp_scache.db
-rw-rw-rw- 1 postfix postdrop 53248 2009-01-28 22:56 smtp_tls_session_cache.db
The logs started complaining about tlsmgr not able to open PNRG file:
Code:
Jan 28 23:41:47 mail postfix/tlsmgr[11160]: fatal: tls_prng_exch_open: cannot open PRNG exchange file /var/lib/postfix/prng_exch: Permission denied
Jan 28 23:41:48 mail postfix/master[6728]: warning: process /usr/lib/postfix/tlsmgr pid 11160 exit status 1
.
Than postfix stopped running because not able to open its lockfile:
Code:
fatal: open lock file /var/lib/postfix/master.lock: cannot open file: Permission denied
This is my main.cf.
Code:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debug_peer_list = $mydomain
delay_warning_time = 4h
disable_dns_lookups = yes
disable_vrfy_command = yes
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
local_recipient_maps =
mail_owner = postfix
mailbox_command =
mailbox_size_limit = 0
masquerade_domains = domain.com
masquerade_exceptions = root
mydestination = $mydomain, mail.$mydomain ,smtp.$mydomain ,pop.$mydomain ,www.$mydomain ,ns2.$mydomain ,argo.$mydomain,localhost,/etc/postfix/mixmaster_domains
mydomain = domain.com
myhostname = mail.$mydomain
mynetworks = 127.0.0.0/8 , 192.168.1.0/24, 10.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
queue_directory = /var/spool/postfix
recipient_delimiter = +
relay_domains = hash:/etc/postfix/relay_domains
relayhost = [smtp.relayhost]:587
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain,login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_CApath = /etc/postfix/certs
smtp_tls_cert_file = /etc/postfix/ssl/cert.pem
smtp_tls_exclude_ciphers = aNULL
smtp_tls_fingerprint_cert_match = 51:20:AA:D3:1C:2B:5E:51:01:78:90:DE:6F:09:3D:EE:03:CF:69:85
smtp_tls_fingerprint_digest = sha1
smtp_tls_key_file = /etc/postfix/ssl/key.pem
smtp_tls_mandatory_exclude_ciphers = RC4
smtp_tls_mandatory_protocols = SSLv2, SSLv3, TLSv1
smtp_tls_note_starttls_offer = yes
smtp_tls_policy_maps = hash:/etc/postfix/tls_per_site
smtp_tls_security_level = fingerprint
smtp_tls_session_cache_database = ${data_directory}/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP $mail_name (Free/OS)
smtpd_client_restrictions = reject_unauth_hostname, reject_invalid_hostname, permit_mynetworks, permit_tls_all_clientcerts, permit_sasl_authenticated, check_recipient_access hash:/etc/postfix/client_access.txt, reject_rbl_client zen.spamhaus.org, reject_rbl_client combined.njabl.org, reject_rbl_client bl.spamcop.net, reject_rhsbl_client rhsbl.sorbs.net, permit
smtpd_error_sleep_time = 0
smtpd_helo_required = no
smtpd_reject_unlisted_sender = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_starttls_timeout = 300s
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/key.pem
smtpd_tls_received_header = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = ${data_directory}/smtpd_tls_session_cache
smtpd_use_tls = yes
soft_bounce = yes
strict_rfc821_envelopes = no
tls_random_exchange_name = ${data_directory}/prng_exch
tls_random_source = dev:/dev/urandom
One last thing :
do they look regular permissions on $spool_directory:
Code:
root@mail:~# ls -ld /var/spool/postfix/
drwxr-xr-x 21 root root 4096 2008-11-17 02:56 /var/spool/postfix/
and inside:
Code:
root@mail:~# ls -la /var/spool/postfix/
total 84
drwxr-xr-x 21 root root 4096 2008-11-17 02:56 .
drwxr-xr-x 12 root root 4096 2009-01-11 06:50 ..
drwx------ 2 postfix root 4096 2009-01-28 23:46 active
drwx------ 2 postfix root 4096 2008-11-28 10:58 bounce
drwx------ 2 postfix root 4096 2008-11-17 01:58 corrupt
drwx------ 18 postfix root 4096 2008-11-28 06:40 defer
drwx------ 18 postfix root 4096 2008-11-28 06:40 deferred
drwxr-xr-x 2 root root 4096 2008-09-14 16:09 dev
drwxr-xr-x 3 root root 4096 2009-01-29 04:04 etc
drwx------ 2 postfix root 4096 2009-01-17 00:01 flush
drwx------ 2 postfix root 4096 2008-11-17 01:58 hold
drwx------ 2 postfix root 4096 2009-01-28 23:41 incoming
drwxr-xr-x 2 root root 4096 2009-01-29 04:04 lib
drwx-wx--T 2 postfix postdrop 4096 2009-01-29 03:58 maildrop
drwxr-xr-x 2 postfix root 4096 2009-01-28 20:37 pid
drwx------ 2 postfix root 4096 2009-01-28 23:57 private
drwx--s--- 2 postfix postdrop 4096 2009-01-27 01:47 public
drwx------ 2 postfix root 4096 2008-11-17 01:58 saved
drwx------ 2 postfix root 4096 2009-01-28 20:37 trace
drwxr-xr-x 3 root root 4096 2008-11-17 01:55 usr
drwxr-xr-x 3 root root 4096 2008-11-17 02:56 var
I have tried to use also this directory as data directory but with no success , at this stage i could say i'm a little confused about ownerships and permissions of postfix directory and file and home dirs etc.
I hope i gave all the infos necessary to help me out , the problem is really urgent , whatever else you need just ask , thanks !!!