I'm having some issues with my mail server. I'm unable to send or receive any mail.
Here's what I see in /var/log/mail.info:
Aug 12 20:09:34 REDACTED postfix/submission/smtpd[23064]: connect from ***[***]
Aug 12 20:09:34 REDACTED postfix/submission/smtpd[23064]: Anonymous TLS connection established from ***[***]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Aug 12 20:09:34 REDACTED postfix/submission/smtpd[23064]: 9ADA33260108: client=***[***], sasl_method=PLAIN, sasl_username=***
Aug 12 20:09:34 REDACTED postfix/cleanup[23068]: 9ADA33260108: message-id=<***@mail.gmail.com>
Aug 12 20:09:34 REDACTED spamd[30569]: spamd: connection from localhost.localdomain [127.0.0.1] at port 36295
Aug 12 20:09:34 REDACTED spamd[30569]: spamd: setuid to spamass-milter succeeded
Aug 12 20:09:34 REDACTED spamd[30569]: spamd: processing message <*@mail.gmail.com> for spamass-milter:109
Aug 12 20:09:34 REDACTED spamd[30569]: spamd: clean message (-1.0/3.0) for spamass-milter:109 in 0.1 seconds, 1482 bytes.
Aug 12 20:09:34 REDACTED spamd[30569]: spamd: result: . 0 - ALL_TRUSTED,HTML_MESSAGE scantime=0.1,size=1482,user=spamass-milter,uid=109,required_score=3.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=36295,mid=<***@mail.gmail.com>,autolearn=unavailable
Aug 12 20:09:34 REDACTED postfix/cleanup[23068]: 9ADA33260108: milter-reject: END-OF-MESSAGE from ***[***]: 4.7.1 Service unavailable - try again later; from=<***> to=<***> proto=ESMTP helo=<mail-it0-f45.google.com>
Aug 12 20:09:34 REDACTED spamd[30568]: prefork: child states: II
Aug 12 20:09:34 REDACTED postfix/submission/smtpd[23064]: disconnect from mail-it0-f45.google.com[***]
And here's some output from Telnet:
*@*:/home/mydir# telnet localhost 25
Trying ::1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 * ESMTP Postfix
HELO example.com
250 *
MAIL FROM:<*@*>
250 2.1.0 Ok
RCPT TO:<*@*>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
test
.
451 4.7.1 Service unavailable - try again later
And finally here's my main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = example
mydomain = example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = localhost, localhost.example.com
relayhost =
mynetworks = 127.0.0.0/8, [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
default_process_limit = 3
inet_interfaces = all
queue_directory = /var/spool/postfix
# Virtual mailbox configuration
dovecot_destination_recipient_limit = 1
virtual_mailbox_base=/var/email
virtual_mailbox_domains=hash:/etc/postfix/vmail_domains
virtual_mailbox_maps=hash:/etc/postfix/vmail_mailbox
virtual_alias_maps=hash:/etc/postfix/vmail_aliases
virtual_minimum_uid=10
virtual_uid_maps=static:7788
virtual_gid_maps=static:7788
virtual_transport=dovecot
# SSL configuration
smtpd_tls_cert_file=/etc/letsencrypt/live/www.example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/www.example.com/privkey.pem
#smtpd_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
#smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3
smtp_use_tls=yes
smtpd_use_tls=yes
smtpd_tls_auth_only=no
smtpd_tls_loglevel=1
smtpd_tls_received_header=yes
smtpd_banner=$myhostname ESMTP $mail_name
tls_random_source=dev:/dev/urandom
smtp_tls_note_starttls_offer=yes
smtpd_tls_session_cache_timeout=3600s
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
queue_directory=/var/spool/postfix
# Anti-spam
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_invalid_hostname,
reject_unauth_destination,
check_policy_service unix:private/policy,
reject_unauth_pipelining,
reject_rbl_client sbl.spamhaus.org,
check_policy_service unix:private/policy,
permit
smtpd_helo_restrictions = reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
# reject_unknown_helo_hostname
smtpd_client_restrictions = reject_rbl_client dnsbl.sorbs.net, permit
# Authentication settings, making use of SASL
smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth
smtpd_sasl_auth_enable=yes
broken_sasl_auth_clients=yes
smtpd_sasl_security_options=noanonymous
smtpd_sasl_tls_security_options=$smtpd_sasl_security_options
smtpd_sasl_local_domain=$myhostname
smtpd_helo_required=yes
# Milters and Filters (copyright by bgm for band reasons)
header_checks = pcre:/etc/postfix/header_checks.pcre
policy_time_limit = 3600s
policy-spf_time_limit = 3600s
non_smtpd_milters = unix:/milter-greylist/milter-greylist.sock, unix:/spamass/spamass.sock, unix:/clamav/clamav-milter.ctl, unix:/var/run/opendkim/opendkim.sock
#unix:/milter-greylist/milter-greylist.sock, unix:/clamav/clamav-milter.ctl, unix:/spamass/spamass.sock, unix:/var/run/opendkim/opendkim.sock
smtpd_milters = unix:/milter-greylist/milter-greylist.sock, unix:/spamass/spamass.sock, unix:/clamav/clamav-milter.ctl, unix:/var/run/opendkim/opendkim.sock
#unix:/milter-greylist/milter-greylist.sock, unix:/clamav/clamav-milter.ctl, unix:/spamass/spamass.sock
#, unix:/var/run/opendkim/opendkim.sock
milter_connect_macros = i b j _ {daemon_name} {if_name} {client_addr}
#milter_connect_macros = j {daemon_name} v {if_name} _
milter_protocol = 2
milter_default_action = accept
Can anyone offer any insight into this issue? I feel like I've been troubleshooting for hours and I don't see an obvious problem.
UPDATE: It seems the problem is with clamav. I'll update below if I find a solution.
UPDATE 2: The issue was clamav-daemon was taking up too much memory and my system was killing it. I guess we can call this one solved for now.
Best Answer
Try removing your greylist milter. Greylisting is the practice of returning a termporary error to everyone in order to discourage spammers, since spammers don't typically retry messages but real mail servers will retry.
If that doesn't work, try disabling all of your milters. The Postfix log says "milter-reject" so it seems like one of your milters is causing the problem.