1

Firstly, YES I'm aware of the other post about this, but it didn't help me.

A short time ago our sysadmin unexpectedly left the company with no replacement or handover, and now it's on me for the time being. I'm just a developer with no sysadmin experience.

After he left we changed root passwords on all servers, and we also rebooted that server which runs our postfix. But since then, no mail is being sent.

Logs at /var/log/mail.log are full of entries like these:

postfix/smtp[31834]: fatal: unknown service: smtp/tcp
postfix/smtpd[31815]: disconnect from unknown[IP censored]
postfix/qmgr[31806]: warning: private/smtp socket: malformed response
postfix/qmgr[31806]: warning: transport smtp failure -- see a previous     warning/fatal/panic logfile record for the problem description
postfix/master[31799]: warning: process /usr/lib/postfix/smtp pid 31834 exit status 1
postfix/master[31799]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling

Here are the logs around the moment of reboot which happened between 10:37 and 10:38:

10:31:36  postfix/qmgr[24341]: 1B4463E9C7E: from=<root@tmg-aly-chn-hng-2-0.ourdomain.tld>, size=1191, nrcpt=1 (queue active)
10:31:36  postfix/qmgr[24341]: E5F003F1132: from=<root@tmg-aly-chn-hng-2-0.ourdomain.tld>, size=12656, nrcpt=1 (queue active)
10:31:36  postfix/qmgr[24341]: 86E0E42A6A7: from=<>, size=5109, nrcpt=1 (queue active)
10:31:36  postfix/smtp[24765]: connect to b.zj.cn.x.ourdomain.tld[IP]:25: Connection refused
10:31:36  postfix/smtp[24766]: connect to b.zj.cn.x.ourdomain.tld[IP]:25: Connection refused
10:31:36  postfix/smtp[24765]: 1B4463E9C7E: to=<root@b.zj.cn.x.ourdomain.tld>, relay=none, delay=29793, delays=29793/0.01/0/0, dsn=4.4.1, status=deferred (connect to b.zj.cn.x.ourdomain.tld[IP]:25: Connection refused)
10:31:36  postfix/smtp[24766]: E5F003F1132: to=<root@b.zj.cn.x.ourdomain.tld>, relay=none, delay=29792, delays=29792/0.01/0/0, dsn=4.4.1, status=deferred (connect to b.zj.cn.x.ourdomain.tld[IP]:25: Connection refused)
10:31:57  postfix/smtp[24768]: connect to tmg-tmg-chn-shn-1-1.l.ourdomain.tld[IP]:25: Connection timed out
10:31:57  postfix/smtp[24768]: 86E0E42A6A7: to=<backup@tmg-tmg-chn-shn-1-1.l.ourdomain.tld>, relay=none, delay=29794, delays=29773/0.02/21/0, dsn=4.4.1, status=deferred (connect to tmg-tmg-chn-shn-1-1.l.ourdomain.tld[IP]:25: Connection timed out)
10:32:17  postfix/anvil[24722]: statistics: max connection rate 1/60s for (smtp:IP) at 10:28:55
10:32:17  postfix/anvil[24722]: statistics: max connection count 1 for (smtp:IP) at 10:28:55
10:32:17  postfix/anvil[24722]: statistics: max cache size 1 at 10:28:55
10:37:41  postfix/master[24334]: terminating on signal 15
10:37:45  opendkim[29682]: OpenDKIM Filter: mi_stop=1
10:37:45  opendkim[29682]: OpenDKIM Filter v2.0.1 terminating with status 0, errno = 0
10:38:51  opendkim[1188]: OpenDKIM Filter v2.0.1 starting (args: -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@127.0.0.1)
10:39:03  spamd[1179]: logger: removing stderr method
10:39:05  spamd[1415]: spamd: server started on port 783/tcp (running version 3.3.1)
10:39:05  spamd[1415]: spamd: server pid: 1415
10:39:05  spamd[1415]: spamd: server successfully spawned child process, pid 1422
10:39:05  spamd[1415]: spamd: server successfully spawned child process, pid 1423
10:39:05  spamd[1415]: prefork: child states: II
10:39:23  postfix/master[1646]: daemon started -- version 2.7.1, configuration /etc/postfix
10:39:24  postfix/qmgr[1661]: A80B73EA677: from=<root@tmg-aly-chn-hng-2-0.ourdomain.tld>, size=1069, nrcpt=1 (queue active)
10:39:24  postfix/smtp[1663]: fatal: unknown service: smtp/tcp
10:39:24  postfix/qmgr[1661]: 981B73EAB53: from=<root@tmg-aly-chn-hng-2-0.ourdomain.tld>, size=1034, nrcpt=1 (queue active)
10:39:24  postfix/qmgr[1661]: 91A0F42A8CC: from=<>, size=3722, nrcpt=1 (queue active)
10:39:24  postfix/smtp[1664]: fatal: unknown service: smtp/tcp
10:39:24  postfix/smtp[1665]: fatal: unknown service: smtp/tcp
10:39:24  postfix/qmgr[1661]: 3E73F42A8CB: from=<>, size=24898, nrcpt=1 (queue active)
10:39:24  postfix/smtp[1666]: fatal: unknown service: smtp/tcp
10:39:25  postfix/qmgr[1661]: warning: private/smtp socket: malformed response
10:39:25  postfix/qmgr[1661]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description
10:39:25  postfix/master[1646]: warning: process /usr/lib/postfix/smtp pid 1663 exit status 1
10:39:25  postfix/master[1646]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling

Answers to similar questions all revolve around whether or not smtp runs chrooted. The default seems to be yes on my Debian Squeeze server, and all their advice are already happening on my server:

  • I restarted postfix with the proper scripts by using service postfix restart
  • the relevant files from /etc all get copied into /var/spool/postfix/etc
  • /var/spool/postfix/etc/services contains the required

entries:

smtp        25/tcp      mail
ssmtp       465/tcp     smtps       # SMTP over SSL

I also tried to make smtp not chrooted, but nothing changed. One thing that confuses me a little is that besides /etc/postfix/master.cf there is also another such file at /usr/lib/postfix/master.cf.

For completeness, here are the contents/outputs of what people usually seem to ask for.

Output of postconf -n (censored)

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
config_directory = /etc/postfix
html_directory = /usr/share/doc/postfix/html
inet_interfaces = mail.ourdomain.tld (...other IPs from our servers...) 127.0.0.1
lmtp_host_lookup = native
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 2
mydestination = mail.ourdomain.tld tmg-aly-chn-hng-1-0.ourdomain.tld localhost
myhostname = mail.ourdomain.tld
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 (...other IPs from our servers...)
myorigin = mail.ourdomain.tld
non_smtpd_milters = inet:127.0.0.1:8891
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
smtp_host_lookup = native
smtp_sasl_path = smtpd
smtp_sasl_security_options = 
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = 
smtpd_tls_cert_file = ...our cert path...
smtpd_tls_key_file = ...our key path...
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_use_tls = yes

Contents of /etc/postfix/master.cf:

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_sasl_path=smtpd
#  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
    -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

Any ideas what else I can try, where I can look? It keeps logging unknown service: smtp/tcp ...

peedee
  • 381
  • 4
  • 12
  • But is the services file _readable_? – Michael Hampton Oct 28 '15 at 03:38
  • Yes, it's got permissions `-rw-r--r-- 1 root root`, so should be readable by anyone – peedee Oct 28 '15 at 04:22
  • Do you run apparmor or similar? – Dan Oct 28 '15 at 07:01
  • @Dan I removed my previous comments. I can't find any indication of apparmor or selinux. – peedee Oct 29 '15 at 03:01
  • This problem didn't occur until Postfix was restarted at 10:37:41. But you were having a different problem before then. I suspect that something you did to try to solve the other problem caused this problem. What other changes did you make? – Michael Hampton Oct 29 '15 at 03:09
  • it must still be some kind of chroot problem. I turned off chroot for every single entry in master.cf and now email is being sent. guess I'll have to work backwards and reenable them step by step to see when if fails again... – peedee Oct 29 '15 at 08:19

0 Answers0