Postfix Configuration File Plesk Port
Postfix Debugging Howto Postfix Debugging Howto Purpose of this document This document describes how to debug parts of the Postfix mail system when things do not work according to expectation. The methods vary from making Postfix log a lot of detail, to running some daemon processes under control of a call tracer or debugger. The text assumes that the Postfix and configuration files are stored in directory /etc/postfix. You can use the command ' postconf ' to find out the actual location of this directory on your machine.
Postfix Configuration Guide
Listed in order of increasing invasiveness, the debugging techniques are as follows:. Postfix logs all failed and successful deliveries to a logfile. The file is usually called /var/log/maillog or /var/log/mail; the exact pathname is defined in the /etc/syslog.conf file. When Postfix does not receive or deliver mail, the first order of business is to look for errors that prevent Postfix from working properly:% egrep '(warning error fatal panic):' /some/log/file more Note: the most important message is near the BEGINNING of the output. Error messages that come later are less useful. The nature of each problem is indicated as follows:.
' panic' indicates a problem in the software itself that only a programmer can fix. Postfix cannot proceed until this is fixed. ' fatal' is the result of missing files, incorrect permissions, incorrect configuration file settings that you can fix. Postfix cannot proceed until this is fixed. ' error' reports an error condition. For safety reasons, a Postfix process will terminate when more than 13 of these happen. ' warning' indicates a non-fatal error.
These are problems that you may not be able to fix (such as a broken DNS server elsewhere on the network) but may also indicate local configuration errors that could become a problem later. Postfix version 2.1 and later can produce mail delivery reports for debugging purposes. These reports not only show sender/recipient addresses after address rewriting and alias expansion or forwarding, they also show information about delivery to mailbox, delivery to non-Postfix command, responses from remote SMTP servers, and so on.
Open the Postfix configuration file main.cf using located in /etc/postfix/ directory. Sudo nano /etc/postfix/main.cf. Scroll to the bottom to find the relayhost = option and set it to Gmail SMTP server. Relayhost = smtp.gmail.com:587. We will be using the encrypted TLS connection for all the outgoing emails, hence the port number is set to 587.
Postfix can produce two types of mail delivery reports for debugging:. What-if: report what would happen, but do not actually deliver mail. This mode of operation is requested with:% /usr/sbin/sendmail -bv address.
Mail Delivery Status Report will be mailed to. What happened: deliver mail and report successes and/or failures, including replies from remote SMTP servers. This mode of operation is requested with:% /usr/sbin/sendmail -v address. Mail Delivery Status Report will be mailed to. These reports contain information that is generated by Postfix delivery agents. Since these run as daemon processes that cannot interact with users directly, the result is sent as mail to the sender of the test message.
The format of these reports is practically identical to that of ordinary non-delivery notifications. For a detailed example of a mail delivery status report, see the section at the end of the document. A common mistake is to turn on chroot operation in the file without going through all the necessary steps to set up a chroot environment.
This causes Postfix daemon processes to fail due to all kinds of missing files. The example below shows an SMTP server that is configured with chroot turned off: /etc/postfix/: # # service type private unpriv chroot wakeup maxproc command # (yes) (yes) (yes) (never) (100) # smtp inet n - n -smtpd Inspect for any processes that have chroot operation not turned off. If you find any, save a copy of the file, and edit the entries in question. After executing the command ' postfix reload', see if the problem has gone away. If turning off chrooted operation made the problem go away, then congratulations. Leaving Postfix running in this way is adequate for most sites. If you prefer chrooted operation, see the Postfix file for information about how to prepare Postfix for chrooted operation.
In /etc/postfix/, list the remote site name or address in the parameter. For example, in order to make the software log a lot of information to the syslog daemon for connections from or to the loopback interface: /etc/postfix/: = 127.0.0.1 You can specify one or more hosts, domains, addresses or net/masks.
To make the change effective immediately, execute the command ' postfix reload'. This example uses tcpdump. In order to record a conversation you need to specify a large enough buffer with the ' -s' option or else you will miss some or all of the packet payload. # tcpdump -w /file/name -s 0 host example.com and port 25 Older tcpdump versions don't support ' -s 0'; in that case, use ' -s 2000' instead.
Run this for a while, stop with Ctrl-C when done. To view the data use a binary viewer, ethereal, or good old less. Append one or more ' -v' options to selected daemon definitions in /etc/postfix/ and type ' postfix reload'.
This will cause a lot of activity to be logged to the syslog daemon. For example, to make the Postfix SMTP server process more verbose: /etc/postfix/: smtp inet n - n -smtpd -v To diagnose problems with address rewriting specify a ' -v' option for the and/or daemon, and to diagnose problems with mail delivery specify a ' -v' option for the or queue manager, or for the, or delivery agent. Many systems allow you to inspect a running process with a system call tracer.
For example: # trace -p process-id (SunOS 4) # strace -p process-id (Linux and many others) # truss -p process-id (Solaris, FreeBSD) # ktrace -p process-id (generic 4.4BSD) Even more informative are traces of system library calls. Examples: # ltrace -p process-id (Linux, also ported to FreeBSD and BSD/OS) # sotruss -p process-id (Solaris) See your system documentation for details.
Tracing a running process can give valuable information about what a process is attempting to do. This is as much information as you can get without running an interactive debugger program, as described in a later section.
Postfix can attach a call tracer whenever a daemon process starts. Call tracers come in several kinds. System call tracers such as trace, truss, strace, or ktrace. These show the communication between the process and the kernel. Library call tracers such as sotruss and ltrace. These show calls of library routines, and give a better idea of what is going on within the process. Append a -D option to the suspect command in /etc/postfix/, for example: /etc/postfix/: smtp inet n - n -smtpd -D Edit the definition in /etc/postfix/ so that it invokes the call tracer of your choice, for example: /etc/postfix/: = PATH=/bin:/usr/bin:/usr/local/bin; (truss -p $ 2&1 logger -p mail.info) & sleep 5 Type ' postfix reload' and watch the logfile.
If you have X Windows installed on the Postfix machine, then an interactive debugger such as ddd can be convenient. Edit the definition in /etc/postfix/ so that it invokes ddd: /etc/postfix/: = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $/$ $ & sleep 5 Be sure that gdb is in the command search path, and export XAUTHORITY so that X access control works, for example:% setenv XAUTHORITY /.Xauthority (csh syntax) $ export XAUTHORITY=$HOME/.Xauthority (sh syntax) Append a -D option to the suspect daemon definition in /etc/postfix/, for example: /etc/postfix/: smtp inet n - n -smtpd -D Stop and start the Postfix system. This is necessary so that Postfix runs with the proper XAUTHORITY and DISPLAY settings. Whenever the suspect daemon process is started, a debugger window pops up and you can watch in detail what happens. If you have the screen command installed on the Postfix machine, then you can run an interactive debugger such as gdb as follows. Edit the definition in /etc/postfix/ so that it runs gdb inside a detached screen session: /etc/postfix/: = PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; HOME=/root; export HOME; screen -e^tt -dmS $ gdb $/$ $ & sleep 2 Be sure that gdb is in the command search path. Append a -D option to the suspect daemon definition in /etc/postfix/, for example: /etc/postfix/: smtp inet n - n -smtpd -D Execute the command ' postfix reload' and wait until a daemon process is started (you can see this in the maillog file).
Then attach to the screen, and debug away: # HOME=/root screen -r gdb) continue gdb) where If you do not have X Windows installed on the Postfix machine, or if you are not familiar with interactive debuggers, then you can try to run gdb in non-interactive mode, and have it print a stack trace when the process crashes. Edit the definition in /etc/postfix/ so that it invokes the gdb debugger: /etc/postfix/: = PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; echo where; sleep 8640000) gdb $/$ $ 2&1 $/$.$.log & sleep 5 Append a -D option to the suspect daemon in /etc/postfix/, for example: /etc/postfix/: smtp inet n - n -smtpd -D Type ' postfix reload' to make the configuration changes effective. Whenever a suspect daemon process is started, an output file is created, named after the daemon and process ID (for example, smtpd.12345.log).
When the process crashes, a stack trace (with output from the ' where' command) is written to its logfile. Sometimes the behavior exhibited by Postfix just does not match the source code. Why can a program deviate from the instructions given by its author? There are two possibilities. The compiler has erred.
This rarely happens. The hardware has erred.
Does the machine have ECC memory? In both cases, the program being executed is not the program that was supposed to be executed, so anything could happen. There is a third possibility:. Bugs in system software (kernel or libraries). Hardware-related failures usually do not reproduce in exactly the same way after power cycling and rebooting the system. There's little Postfix can do about bad hardware. Be sure to use hardware that at the very least can detect memory errors.
Otherwise, Postfix will just be waiting to be hit by a bit error. Critical systems deserve real hardware.
When a compiler makes an error, the problem can be reproduced whenever the resulting program is run. Compiler errors are most likely to happen in the code optimizer. If a problem is reproducible across power cycles and system reboots, it can be worthwhile to rebuild Postfix with optimization disabled, and to see if optimization makes a difference. In order to compile Postfix with optimizations turned off:% make tidy% make makefiles OPT= This produces a set of Makefiles that do not request compiler optimization. Once the makefiles are set up, build the software:% make% su Password: # make install If the problem goes away, then it is time to ask your vendor for help. The people who participate on postfix-users@postfix.org are very helpful, especially if YOU provide them with sufficient information. Remember, these volunteers are willing to help, but their time is limited.
When reporting a problem, be sure to include the following information. A summary of the problem. Please do not just send some logging without explanation of what YOU believe is wrong. Complete error messages. Please use cut-and-paste, or use attachments, instead of reciting information from memory. Postfix logging.
See the text at the top of the document to find out where logging is stored. Please do not frustrate the helpers by word wrapping the logging. If the logging is more than a few kbytes of text, consider posting an URL on a web or ftp site.
Rhel Postfix Configuration
Consider using a test email address so that you don't have to reveal email addresses or passwords of innocent people. If you can't use a test email address, please anonymize email addresses and host names consistently. Replace each letter by 'A', each digit by 'D' so that the helpers can still recognize syntactical errors.
Command output from:. ' postconf -n'. Please do not send your file, or 1000+ lines of postconf command output. ' postconf -Mf' (Postfix 2.9 or later). Better, provide output from the postfinger tool. This can be found.
If the problem is SASL related, consider including the output from the saslfinger tool. This can be found. If the problem is about too much mail in the queue, consider including output from the qshape tool, as described in the file. If the problem is protocol related (connections time out, or an SMTP server complains about syntax errors etc.) consider recording a session with tcpdump, as described in the document.
New server just installed, CentOs 7.3 and Plesk 17.5.3, mail server DoveCoat + PostFix. After migration of some domains we got 'None of the authentication methods supported by this client on this server' Outlook error code: 0x800ccc80.
We are sending on port 25 with None option. Also webmail can't send with 'authentication faild' error.
With the same configuration on previous server CentOs 6.8 and Plesk 12.5 we are sending mails on both Outlook and Webmail without problems. I tried also to send via 587 SSL or TLS but not working also. Lastly we switched to Qmail and.
Perfectly working without any other workaround. We have no problem using Qmail but should be interesting to understand what is this problem and to find a solution. Well the problem seems to be deeper in real. Update: on the new server (Onyx 17.5) i have migrated 10 domains from old server (Plesk 12.5). Websites and db are ok.
Some customers are ok also with mail with the same configuration using Outlook. One is not ok using Mail on Apple pc (port 25 no ssl, but working with 25 ssl). Another is not ok using Ms Live Mail (port 25 no ssl, but working on 465 ssl). I've tried on a clean pc the same account not working of the last user with 25 no ssl and it works!! Can't understand why. Smartphone with imap port 143 before migration was working fine, after migration can't connect to the server. Tried with TLS/any and it works.
Same customer can't connect to the webspace via ftp, while on my pc no problem, no ssl, no tls, no passive mode. The question is, what's the difference between plesk 12.5 and Onyx 17.5?
My configuration is an OVH preinstalled O.S. Image so i think it's ok.
It's possible i've clicked on Protect Plesk with certificate, can that be the cause of the problem? How to solve? Look at the attached image, please I'm going crazy, just want to use the server as the previous one (that is Let's enscrypt for https on websites, port 25 no ssl for smtp, port 110 no ssl for pop3, port 143 no encryption for imap).
Who can help me? Hi, the option to secure port 25 ( smtp ) and port 110/143 ( pop3/imap ) with a certificate is OPTIONAL and is setup in your depending configuration files ( postfix/qmail - dovecot/courier-imap ), while port 465 ( smtp s ), port 587 ( submission ) port 993 ( imap s ) and port 995 ( pop3 s ) requires a certificate.
As asked before ( = ), you should consider to post your corresponding configuration files, so that people willing to help you can point you to possible configuration issues/failures/problems. If you don't provide these configuration files, we are only able to point you to the basic manuals, as for example. I've reinstalled the server with the same O.S. This time i've not protected Plesk as asked just after the first login to the panel, but the problem is the same so it's not related to the SSL certificate.