Postfix - connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)

guylabbe.ca picture guylabbe.ca · May 20, 2015 · Viewed 13k times · Source

I have a recurring problem with postfix (on Debian Squeeze, amavisd-new and fail2ban are also installed) : All of a sudden, often at night (but not always), mail stop being delivered and the queue fulls up. Log shows a bunch of entries of this style :

May 18 19:54:16 ks4000003 postfix/error[6889]: 376352016039: to=<info@xxxxxxx>, relay=none, delay=0.62, delays=0.58/0.01/0/0.04, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)

Once I reboot the server, it then works (and the queue is all cleared). It remains without any problem until the next time (usally once every 1-2 weeks but recently every morning I have to reboot the server).

Any idea on this would be very appreciated. I should mention I'm really a newbie in server management; I searched for similar problems on google/stackoverflow and couldn't find a real similar one.

My postfix conf :

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
always_add_missing_headers = yes
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 0
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = ks4000003.ip-198-245-60.net, localhost, localhost.localdomain
myhostname = ks4000003.ip-198-245-60.net
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = /etc/mailname
nested_header_checks = regexp:/etc/postfix/nested_header_checks
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost = 
smtp_destination_concurrency_limit = 5
smtp_destination_rate_delay = 1s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_error_sleep_time = 0
smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/rbl_whitelist, permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unknown_recipient_domain, reject_unauth_destination, reject_unverified_sender, reject_unauth_destination,reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org, reject_rbl_client truncate.gbudb.net
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access mysql:/etc/postfix/mysql-virtual_sender.cf reject_non_fqdn_sender reject_unknown_sender_domain
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains = 
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000

Answer

Peter Paul Kiefer picture Peter Paul Kiefer · May 21, 2015

First to the amavis problem: According to you pastebin: qmgr requests something from amavis and gets a response it does not understand. I assume that qmgr send a mail to amavis that should be checked. Either amavis is down or the mail causes amavis to produce a corrupt response. But how can you check this?

The best method is to stop the amavis service and start it from a console with

# amavisd debug

Then amavis will output to the console. Here is a link that might help: http://www.amavis.org/#faq

Then the database issues:

According to your pastebin: dovecot and postfix try to connect to the mysql database. postfix uses a tcp socket with the adress localhost or 127.0.0.1, dovecot uses a unix socket. If you did not change the configuration for the mysql port there should be a listening socket at the address 127.0.0.1:3306. It is possible that the listening adress is an IPv6 address like ::1:3306

you can verify that with: netstat -ltn

If you configered a different port, this port must be shown in the netstat ouput. You might have configured your mysql to your outgoing ip address. Then you find something like 198.245.60.7:3306. Access to 127.0.0.1:3306 will not work in this case.

The "postfix" error message says that there is no listener at that port or you don't have access. The "dovecot" message says you provided none or a wrong password to the mysql server, so it does not authenticate dovecot. Please check the configurations.