0

I started setting up my mail-server in February. I haven't been able to get it working since. I also haven't been able to get issue specific guidance from google.

My issue as it stands now is as follows:

Nov 19 14:20:35 Domain postfix/smtp[1134]: < xxx.xxx.x.x[xxx.xxx.x.x]:465: 554 5.4.0 Error: too many hops

Postconf -n output is as follows:

root@1ag:~# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes compatibility_level = 2 data_directory = /var/lib/postfix debug_peer_list = xxx.xxx.x.x inet_interfaces = all inet_protocols = all mail_owner = postfix mailbox_size_limit = 0 mydestination = localhost mydomain = domain myhostname = mail.domain.co.za mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = $mydomain newaliases_path = /usr/bin/newaliasess notify_classes = delay, resource, software readme_directory = no recipient_delimiter = + relayhost = [mail.domain.co.za]:465 smtp_bind_address = xxx.xxx.x.x smtp_tls_security_level = encrypt smtp_tls_wrappermode = yes smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_helo_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname smtpd_recipient_restrictions = permit_mynetworks permit_auth_destination permit_sasl_authenticated reject_unauth_destination smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = !192.0.2.171/32, 192.0.2.0/24 smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/apache-selfsigned.crt smtpd_tls_key_file = /etc/ssl/private/apache-selfsigned.key smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 smtpd_tls_mandatory_protocols = TLSv1 smtpd_tls_security_level = may smtpd_use_tls = yes transport_maps = hash:/etc/postfix/transport virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_transport = lmtp:unix:private/dovecot-lmtp

Thanks in advance.

So, I got the "too many hops" cleared by setting up Amavis and Spamassassin. Not sure how they're related?

The issue now is as follows:

Domain amavis[6983]: (!)DENIED ACCESS from IP *internal, policy bank ''

and

Domain postfix/smtp[11593]: 0E6A580207: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=1047, delays=1046/0.1/0.04/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure)

Many thanks!

Thomas Ward
  • 74,764
Carel de Lange
  • 1
  • Your server is using itself as a relayhost, for one thing. – fkraiem Nov 19 '18 at 14:46
  • It should. In order to use port 465 the server should be a relay host together with these settings: smtp_tls_security_level = encrypt smtp_tls_wrappermode = yes – Carel de Lange Nov 19 '18 at 15:26
  • If my relayhost is not set up Postfix switches to port 25 which is closed on my router. – Carel de Lange Nov 19 '18 at 15:48
  • It looks to me like there'd be bouncing back and forth between the two. Do you need mail to go through Amavis? It sounds like Amavis might be at fault, but if you have a different issue than the "too many hops" now that needs its own question – Thomas Ward Nov 19 '18 at 16:00
  • I've used the method as explained here: https://askubuntu.com/questions/862714/problem-with-amavis-and-relayhost-on-postfix/863048. But my problem persists. – Carel de Lange Nov 19 '18 at 16:19
  • I've started from scratch and configred postfix in stages (like I should have from the start). I did the basic configuration in main.cf and kept master.cf unchanged. I do believe that my SSL configuration is correct. I then just copied the TLS and SASL configuration parameters into the main.cf file. I believe I'm making some solid progress there. My issues now is being unable to get an ehlo response from the smtp server. I've tried Google but none of the advice seems to encompass my problem. Any advise? – Carel de Lange Nov 24 '18 at 08:54

1 Answers1

0

The original problem was solved by reconfiguring Postfix on a step by step basis. I have a new issue which pertains to ehlo smtp server verification. As such I will raise a new question and consider this one closed.

Carel de Lange
  • 1