fatal: parameter "smtpd_recipient_restrictions"

[Robin]

I've got a big problem with postfix/smtpd.
All of a sudden I get this error when trying to send a mail:

Code:

Dec 21 16:31:33 mail postfix/smtpd[1576]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
Dec 21 16:31:34 mail postfix/master[32341]: warning: process /opt/zimbra/postfix/libexec/smtpd pid 1576 exit status 1
Dec 21 16:31:34 mail postfix/master[32341]: warning: /opt/zimbra/postfix/libexec/smtpd: bad command startup -- throttling

I'm not quite sure when this problem occured, but yesterday I was working to get the backup script for open source to work, and I know I had some trouble with the mail that is supposed to be mailed after a backup, because I couldn't install mailx because it's not a available packade anymore, so I chose bsd-mailx I finally got it to work.
But if that has something to do with the error I don't know.

Code:

zimbra@mail:~/postfix/conf$ cat main.cf
sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf
virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
lmtp_connection_cache_time_limit = 4s
recipient_delimiter =
smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
smtpd_tls_auth_only = yes
myhostname = mail.bispp.se
virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
mydestination = localhost
mailbox_size_limit = 0
setgid_group = postdrop
smtpd_client_restrictions = reject_unauth_pipelining
queue_run_delay = 300s
minimal_backoff_time = 300s
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
message_size_limit = 52224000
sendmail_path = /opt/zimbra/postfix/sbin/sendmail
broken_sasl_auth_clients = yes
lmtp_connection_cache_destinations =
alias_maps = hash:/etc/aliases
manpage_directory = /opt/zimbra/postfix/man
policy_time_limit = 3600
smtpd_helo_required = yes
in_flow_delay = 1s
daemon_directory = /opt/zimbra/postfix/libexec
maximal_backoff_time = 4000s
virtual_transport = error
mynetworks = 127.0.0.0/8 172.20.2.0/24
bounce_queue_lifetime = 5d
smtpd_recipient_restrictions =
lmtp_host_lookup = dns
smtpd_tls_loglevel = 1
relayhost =
disable_dns_lookups = no
always_add_missing_headers = yes
smtpd_sasl_authenticated_header = no
mail_owner = postfix
virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
content_filter = smtp-amavis:[127.0.0.1]:10024
smtpd_tls_security_level = may
mailq_path = /opt/zimbra/postfix/sbin/mailq
header_checks =
queue_directory = /opt/zimbra/data/postfix/spool
newaliases_path = /opt/zimbra/postfix/sbin/newaliases
smtpd_data_restrictions = reject_unauth_pipelining
local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
smtpd_reject_unlisted_recipient = no
propagate_unmatched_extensions = canonical
command_directory = /opt/zimbra/postfix/sbin
smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
smtpd_sasl_auth_enable = yes
zimbra@mail:~/postfix/conf$

If I understand it right the smtpd_recipient_restrictions should be taken from /opt/zimbra/conf/postfix_recipient_restrictions.cf which exists and contains:

Code:

reject_non_fqdn_recipient
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
reject_unlisted_recipient
%%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
%%contains VAR:zimbraMtaRestriction reject_unknown_client%%
%%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%
%%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
%%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%
%%contains VAR:zimbraMtaRestriction check_policy_service unix:private/policy%%
permit

What to do?!

[Saturdays]

check this,

Zimbra MTA

Here is an example:

cat /opt/zimbra/postfix/conf/main.cf | grep smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, permit

[Robin]

Gives me:

Code:

zimbra@localhost:~$ cat /opt/zimbra/postfix/conf/main.cf | grep smtpd_recipient_restrictions
smtpd_recipient_restrictions =
zimbra@localhost:~$

[Saturdays]

Quote:

Originally Posted by Robin

Gives me:

Code:

zimbra@localhost:~$ cat /opt/zimbra/postfix/conf/main.cf | grep smtpd_recipient_restrictions
smtpd_recipient_restrictions =
zimbra@localhost:~$

what is the output of:

zmprov gacf | grep zimbraMtaRestriction

if there is no restrictions, you can add this from CLI. Check the Section: "Turning On or Off RBLs" on the above link. Hope this helps you.

[Robin]

Code:

zimbra@localhost:~$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbra@localhost:~$

[Saturdays]

please add some of the RBLs and restart using using zmprov command and have a try again.

[Robin]

Code:

zimbra@localhost:~$ zmprov mcf zimbraMtaRestriction reject_invalid_hostname zimbraMtaRestriction reject_non-fqdn_hostname zimbraMtaRestriction reject_non_fqdn_sender zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org"

zimbra@localhost:~$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_non-fqdn_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbra@localhost:~$

Did a zmcontrol restart after adding the restrictions, but no change, still got:

Code:

Dec 21 17:27:11 localhost postfix/smtpd[21084]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
Dec 21 17:27:12 localhost postfix/master[18997]: warning: process /opt/zimbra/postfix/libexec/smtpd pid 21084 exit status 1
Dec 21 17:27:12 localhost postfix/master[18997]: warning: /opt/zimbra/postfix/libexec/smtpd: bad command startup -- throttling

[Robin]

I tried to add some from the file postfix_recipient_restrictions.cf located:

Code:

zimbra@localhost:~/conf$ ls -ls
total 632
  0 -rw-r----- 1 zimbra zimbra       0 Dec 21 15:26 __db.postfix_header_checks.db
 28 -r--r----- 1 zimbra zimbra   27611 Dec 22 03:00 amavisd.conf
 28 -r--r--r-- 1 zimbra zimbra   28655 Nov 16 08:56 amavisd.conf.in
  4 drwxr-xr-x 2 zimbra zimbra    4096 Dec 14 10:02 attrs
  4 drwxr-xr-x 2 zimbra zimbra    4096 Dec 16 08:52 ca
 12 -r--r----- 1 zimbra zimbra    9167 Dec 22 03:00 clamd.conf
 12 -r--r--r-- 1 zimbra zimbra    9274 Nov 16 08:56 clamd.conf.in
 28 -r--r--r-- 1 zimbra zimbra   28025 Nov 16 08:56 dspam.conf
  4 drwxr-xr-x 2 zimbra zimbra    4096 Dec 14 10:02 externaldirsync
  8 -rw------- 1 zimbra zimbra    4233 Dec 22 03:00 freshclam.conf
  8 -r--r--r-- 1 zimbra zimbra    4284 Nov 16 08:56 freshclam.conf.in
 24 -r--r--r-- 1 zimbra zimbra   20928 Nov 16 09:22 globs2
  4 -r--r--r-- 1 zimbra zimbra      64 Nov 16 09:22 globs2.zimbra
 36 -r--r--r-- 1 zimbra zimbra   35200 Nov 16 09:00 httpd.conf
  4 -rw-r----- 1 zimbra postfix    436 Dec 22 03:01 ldap-scm.cf
  4 -rw-r----- 1 zimbra postfix    364 Dec 22 03:01 ldap-transport.cf
  4 -rw-r----- 1 zimbra postfix    352 Dec 22 03:01 ldap-vad.cf
  4 -rw-r----- 1 zimbra postfix    495 Dec 22 03:01 ldap-vam.cf
  4 -rw-r----- 1 zimbra postfix    352 Dec 22 03:01 ldap-vmd.cf
  4 -rw-r----- 1 zimbra postfix    346 Dec 22 03:01 ldap-vmm.cf
  4 -rw-r----- 1 zimbra zimbra    3219 Dec 14 10:15 localconfig.xml
  8 -r--r----- 1 zimbra zimbra    4444 Dec 22 03:00 log4j.properties
  8 -rw-r--r-- 1 zimbra zimbra    4761 Nov 16 08:56 log4j.properties.in
  4 -r--r--r-- 1 zimbra zimbra      89 Nov 16 08:56 logswatchrc
  4 -r--r--r-- 1 zimbra zimbra    1799 Nov 16 08:56 logswatchrc.in
 20 -r--r--r-- 1 zimbra zimbra   19651 Nov 16 09:22 magic
  4 -r--r--r-- 1 zimbra zimbra      63 Nov 16 09:22 magic.zimbra
  4 drwxr-xr-x 2 zimbra zimbra    4096 Dec 14 10:02 msgs
  4 -rw-r----- 1 zimbra zimbra    1122 Dec 14 10:14 my.cnf
  4 drwxr-xr-x 4 zimbra zimbra    4096 Dec 14 10:02 nginx
  4 -rw-r--r-- 1 zimbra zimbra     284 Dec 16 09:57 nginx.conf
 20 -r--r--r-- 1 zimbra zimbra   19487 Nov 16 08:56 nginx.conf.in
  4 -rw-r----- 1 zimbra zimbra    1164 Dec 16 08:52 nginx.crt
  4 -rw-r----- 1 zimbra zimbra    1675 Dec 16 08:52 nginx.key
 48 -r--r--r-- 1 zimbra zimbra   45523 Nov 16 09:00 php.ini
  4 -r--r----- 1 zimbra zimbra     242 Dec 22 03:01 postfix_header_checks
  4 -r--r--r-- 1 zimbra zimbra     488 Nov 16 08:56 postfix_header_checks.in
  4 -r--r--r-- 1 zimbra zimbra     642 Nov 16 08:56 postfix_recipient_restrictions.cf
  4 drwxr-xr-x 2 zimbra zimbra    4096 Dec 14 10:02 rights
  4 -r--r----- 1 zimbra zimbra    1008 Dec 22 03:00 salocal.cf
  4 -r--r--r-- 1 zimbra zimbra    1113 Nov 16 08:56 salocal.cf.in
  4 -rw-r----- 1 zimbra zimbra    1164 Dec 16 08:52 slapd.crt
  4 -rw-r----- 1 zimbra zimbra    1675 Dec 16 08:52 slapd.key
  4 -rw-r----- 1 zimbra zimbra    1164 Dec 16 08:52 smtpd.crt
  4 -rw-r----- 1 zimbra zimbra    1675 Dec 16 08:52 smtpd.key
  4 drwxr-xr-x 2 zimbra zimbra    4096 Dec 14 10:02 spamassassin
  4 -rw-r----- 1 zimbra zimbra    2036 Dec 14 10:14 swatchrc
  4 -r--r--r-- 1 zimbra zimbra    2073 Nov 16 08:56 swatchrc.in
144 -r--r--r-- 1 zimbra zimbra  143583 Nov 16 08:56 timezones.ics
 24 -r--r--r-- 1 zimbra zimbra   23130 Nov 16 09:22 zimbra-contact-fields.xml
  4 -r--r--r-- 1 zimbra zimbra     194 Nov 16 08:56 zimbra.ld.conf
  4 -rw-r----- 1 zimbra zimbra    2496 Dec 14 10:11 zimbra.ldif
  4 -r--r--r-- 1 zimbra zimbra    2592 Nov 16 08:56 zmlogrotate
 12 -r--r--r-- 1 zimbra zimbra   11611 Nov 16 08:56 zmmta.cf
  8 -rw-r----- 1 zimbra zimbra    7795 Dec 16 08:51 zmssl.cnf
  8 -r--r--r-- 1 zimbra zimbra    7742 Nov 16 08:56 zmssl.cnf.in
  4 -r--r--r-- 1 zimbra zimbra    1821 Nov 16 09:22 zmztozmig.conf
zimbra@localhost:~/conf$

... in the file main.cf like:

Code:

zimbra@localhost:~/postfix/conf$ more main.cf
sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf
virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
lmtp_connection_cache_time_limit = 4s
recipient_delimiter =
smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
smtpd_tls_auth_only = yes
myhostname = mail.bispp.se
virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
mydestination = localhost
mailbox_size_limit = 0
setgid_group = postdrop
smtpd_client_restrictions = reject_unauth_pipelining
queue_run_delay = 300s
minimal_backoff_time = 300s
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
message_size_limit = 52224000
sendmail_path = /opt/zimbra/postfix/sbin/sendmail
broken_sasl_auth_clients = yes
lmtp_connection_cache_destinations =
alias_maps = hash:/etc/aliases
manpage_directory = /opt/zimbra/postfix/man
policy_time_limit = 3600
smtpd_helo_required = yes
in_flow_delay = 1s
daemon_directory = /opt/zimbra/postfix/libexec
maximal_backoff_time = 4000s
virtual_transport = error
mynetworks = 127.0.0.0/8 172.20.2.0/24
bounce_queue_lifetime = 5d
smtpd_recipient_restrictions = reject_non_fqdn_recipient,permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_unlisted_recipient
lmtp_host_lookup = dns
smtpd_tls_loglevel = 1
relayhost =
disable_dns_lookups = no
always_add_missing_headers = yes
smtpd_sasl_authenticated_header = no
mail_owner = postfix
virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
content_filter = smtp-amavis:[127.0.0.1]:10024
smtpd_tls_security_level = may
mailq_path = /opt/zimbra/postfix/sbin/mailq
header_checks =
queue_directory = /opt/zimbra/data/postfix/spool
newaliases_path = /opt/zimbra/postfix/sbin/newaliases
smtpd_data_restrictions = reject_unauth_pipelining
local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
smtpd_reject_unlisted_recipient = no
propagate_unmatched_extensions = canonical
command_directory = /opt/zimbra/postfix/sbin
smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
smtpd_sasl_auth_enable = yes
zimbra@localhost:~/postfix/conf$

Even a reboot of the server worked, but today I guess it has been some kind om postfix config reload because today it doesn't work and the smtpd_recipient_restrictions is empty again.

Is there some read problem that makes postfix not able to read the smtpd_recipient_restrictions.cf? Is it some permission problems?

Please help!

[Robin]

I'm doing a total reinstall now.