Solved Postfix stopped working after upgrading postsrsd to 2.0.8 and rebooting

[kjpetrie]

I recently upgraded ftp/curl to 8.3.0. A number of other packages including, I believe mail/postfix, were reinstalled at the same time. (Is there a way to get the history of upgrades with pkg so we can see what was installed together? I can't see anything in its man page.) I ran postfix reload afterwards.

Yesterday I had to shut the machine down to enable an electrician to work on my house, and after restarting the machine Postfix will no longer accept mail. I have switched to my backup machine upgraded at the same time, but that won't work either.

The log shows:

Sep 23 13:32:28 mailin postfix/smtpd[1627]: connect from avasout-ptp-003.plus.
net[84.93.230.244]
Sep 23 13:32:30 mailin postfix/smtpd[1627]: warning: connect to TCP map mailin
:10002: Connection refused
Sep 23 13:32:39 mailin syslogd: last message repeated 9 times
Sep 23 13:32:39 mailin postfix/smtpd[1627]: warning: tcp:mailin:10002 lookup e
rror for "xxxx@yyyy.co.uk"
Sep 23 13:32:39 mailin postfix/smtpd[1627]: NOQUEUE: reject: RCPT from avasout-ptp-003.plus.net[84.93.230.244]: 451 4.3.0 <xxxx@yyyy.co.uk>: Temporary lookup failure; from=<xxxx@yyyy.co.uk> to=<xxxx@yyyy.co.uk> proto=ESMTP helo=<avasout-ptp-003.plus.net>
Sep 23 13:33:04 mailin postfix/smtpd[1699]: connect from xxxx.plus.com[84.92.47.176]
Sep 23 13:33:04 mailin postfix/smtpd[1699]: warning: connect to TCP map mailin:10002: Connection refused
Sep 23 13:33:14 mailin syslogd: last message repeated 9 times
Sep 23 13:33:14 mailin postfix/smtpd[1699]: warning: tcp:mailin:10002 lookup error for "xxxx@yyyy.co.uk"
Sep 23 13:33:14 mailin postfix/smtpd[1699]: NOQUEUE: reject: RCPT from xxxx.plus.com[84.92.47.176]: 451 4.3.0 <xxxx@yyyy.co.uk>: Temporary lookup failure; from=<root@zzzz.org> to=<xxxx@yyyy.co.uk> proto=ESMTP helo=<evenas.org>
Sep 23 13:33:14 mailin postfix/smtpd[1699]: disconnect from xxxx.plus.com[84.92.47.176] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=4/6
Sep 23 13:33:39 mailin postfix/smtpd[1627]: disconnect from avasout-ptp-003.plus.net[84.93.230.244] ehlo=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5

(addresses munged)

I presume the restart reset something which was still running from an older copy in memory and something changed in the upgrade which has only just come to light as both systems are affected.

The question is, what has changed to stop Postfix delivering mail?

 

[Charlie_]

Is there a way to get the history of upgrades with pkg so we can see what was installed together?

pkg.conf(5)

SYSLOG: boolean  Log all of the installation/deinstallation/upgrade
                           operations via syslog(3).  Default: YES.

more /var/log/messages

 

[kjpetrie]

Thanks:

Sep 22 09:14:24 mailin pkg[36974]: libnghttp2 upgraded: 1.55.1_1 -> 1.56.0
Sep 22 09:14:24 mailin pkg[36974]: postsrsd upgraded: 2.0.8,1 -> 2.0.8_1,1
Sep 22 09:14:26 mailin pkg[36974]: curl upgraded: 8.2.1 -> 8.3.0

So Postfix was not upgraded, just the three above.

 

[cyclaero]

Have a closer look at the log file:

451 4.3.0 <xxxx@yyyy.co.uk>: Temporary lookup failure; from=<xxxx@yyyy.co.uk> to=<xxxx@yyyy.co.uk> proto=ESMTP helo=<avasout-ptp-003.plus.net>

You probably got running a policy agent on port 10002. You want to check, why it does not like "<xxxx@yyyy.co.uk>"

 

[kjpetrie]

My installation of FreeBSD has no man page for postsrsd, but there's an Ubuntu one online which begins:

Implements two TCP lookup tables to rewrite mail addresses as needed. The forward SRS is
for sender envelope addresses to prevent SPF-related bounces. The reverse SRS is for
recipient envelope addresses so that bounced mails can be routed back to their original
sender.

That message is certainly reminiscent of the error message. I notice that was upgraded twice this week, starting from 1.10 and ending up on 2.0.8_1,1. Maybe a major version change needs different config options. I'll take a more detailed look.

 

[cyclaero]

postsrsd

man.freebsd.org

That's for the old version 1.10, though.

Out of curiosity, I read some articles on for what PostSRSd might be useful - answer to pass e-mails from a server without a valid SPF record to a receiver which requires a valid SPF.

Why not simply setup SPF correctly? Besides Spammers, who needs this?

Well, for my mail servers I don't need nor want it.

 

[kjpetrie]

Relays need it. I use my server as the MX for clients' mail, so it needs to be able to forward mail to their ISPs etc, mail it has not originated but which they need to receive. Don't assume only spammers need to relay mail. That's a bit like assuming everyone using torrents is infringing copyright. And yes, I do check the SPF records of incoming mail before sending it on. I also check several blocklists and greylist anything not recognised. This catches most spam as by the time the greylist expires spam servers will generally be on a blocklist.

Update: mail/postsrsd has changed its configuration file location and format and dropped support for tcp tables in favour of socketmap ones. It took some degree of detective work to set up the new configuration file, as some of the defaults don't fit the FreeBSD file tree. I had to hunt for the chroot directory, not the suggested /usr/local/var/lib/postsrsd in my case, but /var/db/postsrsd. /usr/local/etc/postfix/main.cf also needed rewriting as per the instructions at https://github.com/roehling/postsrsd. I also found postsrsd won't recognise one of my machine names as a valid domain, possibly because it contains an underline character (a bad RE test, perhaps?). Once I sorted that lot out everything started working again.

Thanks to all who made suggestions. It helped me get there.