Getting default Postfix conf? [#44260]

Submitted by KingstonDC on Tue, 11/22/2016 - 14:49 Pro Licensee

I'm wondering if there's a way to get the default configuration files for Postfix, i.e. as they come out from installation.

Thanks!

Status:

Active

Comments

Submitted by andreychek on Tue, 11/22/2016 - 15:08 Comment #1

Howdy -- sorry, there isn't a way to get the default Postfix config back... the best you could do is find a server with a freshly installed version of Virtualmin, and compare those two.

Is there a particular problem you're having? If so, feel free to describe the problem, and share your "postconf -n" output and we'd be happy to take a look.

Submitted by KingstonDC on Tue, 11/22/2016 - 16:58 Pro Licensee Comment #2

We're using a third party spam service (www.spamexperts.com). We're using ufw to block connections on port 25 from everybody except spamexperts.com.

I had Postfix running perfectly, but had an issue, so I went in and tweaked the configuration a bit. Unfortunately, our nightly backups also failed, so I didn't have an old version of the main.cf to go back to when I screwed things up.

Now, some email addresses aren't able to get mail with a "550 no mailbox by that name is currently available" -- and people getting mail from their phones are no longer receiving email. I suspect we're missing other mail, as well.

This is how SpamExperts tells you to configure the email, but in my case, that just causes email to fail completely. https://my.spamexperts.com/kb/31/accept-email-only-from-the-hosted-cloud-filter-nodes.html.

I recognize this is not a specific Virtualmin issue, so feel free to beg off from helping with this one. Here's the news from Postfix:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
compatibility_level = 2
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
message_size_limit = 52428800
mydestination = $myhostname, localdomain, localhost, localhost.localdomain, localhost, prime
myhostname = prime.kingstondc.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
readme_directory = no
recipient_delimiter = +
relayhost =
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual

Submitted by andreychek on Tue, 11/22/2016 - 17:42 Comment #3

You'd want to make certain that the domains in question have the "Mail for Domain" feature enabled. Without that, there wouldn't be an entry for the accounts in "/etc/postfix/virtual", which could cause a similar issue.

Also, you could try commenting out these params, as these are some that I recall aren't set by default: smtpd_tls_mandatory_ciphers, sender_dependent_default_transport_maps, smtpd_client_restrictions, smtpd_relay_restrictions

If you comment those out, be sure to restart Postfix afterwards.

If you still have trouble after that -- I'd be curious to see what the full error messages look like in /var/log/mail.log.

Submitted by KingstonDC on Tue, 11/22/2016 - 19:56 Pro Licensee Comment #4

I commented out the client and relay restrictions, and it worked. Thank you!

Submitted by andreychek on Tue, 11/22/2016 - 20:26 Comment #5

Gah, I'm so sorry, I re-read my post above and it's riddled with typos. I was apparently in a little too much of a hurry when I wrote that, I need to slow down a bit next time :-)

I'm glad you were able to make sense of it and get things working though, thanks for letting us know!