[SOLVED] Deferred, mail transport unavailable

[St.John]

I flushed the postfix queue while monitoring the zimbra.log and that's when I spotted this.

Code:

Passed BAD-HEADER, [10.10.10.249] [10.10.10.249] <user@hotmail.com> -> <info@domin.tld>, quarantine: badh-pTm9BwhiWgVW, Message-ID: <1257755229@www.domin.tld>, mail_id: pTm9BwhiWgVW, Hits: 3.218, size: 672, queued_as: 5192B1A80145, 4868 ms

Followed up by tracing it's id.

Code:

[root@mail ~]# grep 5192B1A80145 /var/log/zimbra.log | tail -20
Nov  9 09:27:19 mail postfix/smtpd[3132]: 5192B1A80145: client=localhost.localdomain[127.0.0.1]
Nov  9 09:27:19 mail postfix/cleanup[27767]: 5192B1A80145: message-id=<1257755229@www.domain.tld>
Nov  9 09:27:19 mail postfix/qmgr[27391]: 5192B1A80145: from=<remote_user@hotmail.com>, size=1252, nrcpt=1 (queue active)
Nov  9 09:27:19 mail amavis[29168]: (29168-03) FWD via SMTP: <remote_user@hotmail.com> -> <info@domain.tld>, 250 2.6.0 Ok, id=29168-03, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5192B1A80145
Nov  9 09:27:19 mail amavis[29168]: (29168-03) Passed BAD-HEADER, [10.10.10.249] [10.10.10.249] <remote_user@hotmail.com> -> <info@domain.tld>, quarantine: badh-pTm9BwhiWgVW, Message-ID: <1257755229@www.domain.tld>, mail_id: pTm9BwhiWgVW, Hits: 3.218, size: 672, queued_as: 5192B1A80145, 4868 ms
Nov  9 09:27:19 mail postfix/smtp[32194]: 4C2DE1A802A2: to=<info@domain.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.1, delays=0.25/0/0/4.9, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 5192B1A80145)
Nov  9 09:27:19 mail postfix/qmgr[27391]: 5192B1A80145: to=<info@domain.tld>, relay=none, delay=0.26, delays=0.09/0.17/0/0, dsn=4.3.0, status=deferred (mail transport unavailable)
Nov  9 09:36:50 mail postfix/qmgr[27391]: 5192B1A80145: from=<remote_user@hotmail.com>, size=1252, nrcpt=1 (queue active)
Nov  9 09:36:50 mail postfix/smtp[9108]: 5192B1A80145: to=<info@domain.tld>, relay=none, delay=571, delays=571/0.01/0/0, dsn=4.4.1, status=deferred (connect to mail.domain.tld[10.10.10.119]: Connection refused)

I suspect this could be one of the reasons why the deferred queue has grown. Is there any way I could force amavis to accept the headers while I figure out why the headers are regarded as invalid? I really need to get all the deferred mailed delivered.

[St.John]

I would like to point out once again the issue with port 10025. I can telnet to it on the server itself using telnet localhost 10025 but not with it's FQDN.

Code:

[root@mail ~]# telnet localhost 10025
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mai.domain.tld ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@mail ~]# telnet mail.domain.tld 10025
Trying 10.10.10.119...
telnet: connect to address 10.10.10.119: Connection refused

I think this could also be a part of the problem with my deferred queue.

Code:

status=deferred (connect to mail.domain.tld[10.10.10.119]: Connection refused)

The log doesnt say what port it used but 25 and 7025 works. 10024 and 10025 are both rejected.

[veronica]

Can you paste master.cf file please ?

[St.John]

Quote:

Originally Posted by veronica

Can you paste master.cf file please ?

Thank you for your reply.

[zimbra@mail root]$ cat /opt/zimbra/postfix-2.4.7.5z/conf/master.cf

Code:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
#submission inet n      -       n       -       -       smtpd
#       -o smtpd_etrn_restrictions=reject
#       -o smtpd_client_restrictions=permit_sasl_authenticated,reject
465    inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission   inet    n       -       n       -       -       smtpd
#  -o smtpd_etrn_restrictions=reject
#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#policy    unix  -       n       n       -       0       spawn
#       user=zimbra argv=/usr/bin/perl /opt/zimbra/libexec/zmpostfixpolicyd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
# AMAVISD-NEW
#
smtp-amavis unix -      -       n       -       10  smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
        -o max_use=20
127.0.0.1:10025 inet n  -       n       -       -  smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o virtual_mailbox_maps=
        -o virtual_alias_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
  -o smtpd_milters=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

[veronica]

Are you trying to deliver the mails using 465 port ? Thats now obsolete and postfix no more support mail delivery using that port.

Regarding :-
[root@mail ~]# telnet mail.domain.tld 10025
Trying 10.10.10.119...
telnet: connect to address 10.10.10.119: Connection refused

This is expected behavior. Can you try telnet to 127.0.0.1 on 10025 ?

telnet 127.0.0.1 10025

[St.John]

Quote:

Originally Posted by veronica

Are you trying to deliver the mails using 465 port ? Thats now obsolete and postfix no more support mail delivery using that port.

About using port 456, I don't know what port postfix is using for mail delivery.
Should I change this to something else?

Quote:

Originally Posted by veronica

Can you try telnet to 127.0.0.1 on 10025 ?

I can telnet to 127.0.0.1 on 10025. It responded with
220 mail.domain.tld ESMTP Postfix

[veronica]

Comment these 2 lines in master.cf.in :-

465 inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

Retart mta ans try sending mail

[St.John]

Quote:

Originally Posted by veronica

Comment these 2 lines in master.cf.in :-

465 inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

Retart mta ans try sending mail

I commented the two lines, restarted zimbra and flushed but all mails got re-queued again after a few minutes.

When I viewed the log and traced one of the deferred mail I see the same error in the log. Bad header, quarantined and connection refused.

Code:

Nov  9 12:29:26 mail amavis[21079]: (21079-05) Passed BAD-HEADER, LOCAL [127.0.0.1] [10.10.10.249] <user@email.dk> -> <info@domain.tld>, quarantine: badh-tjAN6UhHQcnd, Message-ID: <1257698662@www.domain.tld>, mail_id: tjAN6UhHQcnd, Hits: 1.716, size: 2934, queued_as: 818FA1A802BA, 6479 ms
Nov  9 12:29:26 mail postfix/qmgr[21654]: 818FA1A802BA: to=<info@domain.tld>, relay=none, delay=1.3, delays=0.9/0.38/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mail.domain.tld[10.10.10.119]: Connection refused)

[St.John]

With much help from the user veronica, who I can't thank enough, we where able to solve the issue by removing the value for the MTA relay host and enabling DNS-lookup.