I’ve installed a new Zimbra 6.0.8 server approximately one month ago. Everything was working fine till one day, when the server stopped processing incoming emails due to a configuration issue in postfix’ main.cf.
The issue is pretty weird as no one altered any configurations and no updates were manually or automatically applied to the server during the last month. It just stopped working.
The zimbra.log was showing the following error message on acceptance of a new email:
Nov 1 12:18:19 postfix/smtpd[1660]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
Nov 1 12:18:19 postfix/master[754]: warning: process /opt/zimbra/postfix/libexec/smtpd pid 1660 exit status 1
Nov 1 12:18:19 postfix/master[754]: warning: /opt/zimbra/postfix/libexec/smtpd: bad command startup -- throttling
The corresponding line in /opt/zimbra/postfix/conf/main.cf was:
smtpd_recipient_restrictions =
And this is what was causing the issue.
The first thing I did was update of main.cf directly with:
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
Then I reloaded postfix (# /opt/zimbra/postfix/sbin/postfix reload).
That solved the issue, but obviously that was not persistent across Zimbra restarts…
I needed a way to make the change in main.cf persistent while keeping the current recipient restriction policy.
Here is the solution that worked for me:
The zmlocalconfig (in accordance with the /opt/zimbra/conf/ localconfig.xml) was:
# zmlocalconfig | grep recipient_restrictions
# smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
Which I guess is the actual configuration for smtpd_recipient_restrictions behavior.
On the other hand, the file /opt/zimbra/conf/zmmta.cf, which also controls the way different configuration files (including main.cf) are built during Zimbra restarts, had the following:
POSTCONF smtpd_recipient_restrictions FILE postfix_recipient_restrictions.cf
Assuming that the zmlocalconfig is the configuration which is in effect, I changed zmmta.cf file’s line to have the needed value built into main.cf:
Changed this:
POSTCONF smtpd_recipient_restrictions FILE postfix_recipient_restrictions.cf
To this:
POSTCONF smtpd_recipient_restrictions permit_mynetworks,reject_unauth_destination
As expected, after Zimbra restart, the required line was built into main.cf.
AGAIN: This solution does not change the recipient restriction behavior while solving the email processing issue, and making the change persistent.
In case more flexibility in recipient restriction policy is required, I guess the main.cf through zmmta.cf and/or zmlocalconfig need to be updated to use the postfix_recipient_restrictions.cf file which than can be changed as needed.
It looks like this link has some sort of solution - http://wiki.zimbra.com/wiki/RestrictPostfixRecipients
I found that my problem was that /tmp isn't rewritable.
ReplyDeletechmod 777 /tmp
solve the problem.
Hmm, interesting...
ReplyDeleteUsually /tmp has 1777. Probably that changed at some point on your system and caused the issue.
It looks though that despite having similar symptoms, the issues are somewhat different.
In any case, I'm glad you found the fix and are back up now!
@Milhomem
ReplyDeletethanks for the feedback, I had a non writable /tmp after a server reinstall, and I got the same issue
People, I am Brazilian!
ReplyDeleteSolution:
Change or Edit the file:
/opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf and will automaticaly changed the file main.cf after apply.
Apply:
su zimbra
mmtactl restart or postfix reload
exit
My mail is: israelborges@outlook.com
Israel Apolinario Borges.