HowTo: Fix Postgrey not working after upgrading from an older version of Ubuntu to a newer version.
Scenario: You’ve got some Postfix mail servers running with Postgrey for anti-spam greylisting. They’re all using older versions of Ubuntu such as 10.04 LTS. You’ve decided that it’s time to upgrade them to the next LTS, Ubuntu 12.04.
You do the upgrade and it goes without a hitch. You restart the server, everything looks good, until you start seeing this message in your server’s mail log:
Jan 23 21:17:58 mymailserver postfix/smtpd[7976]: connect from somecompany.com[100.200.300.400] Jan 23 21:17:59 mymailserver postfix/smtpd[7976]: warning: connect to 127.0.0.1:10023: Connection refused Jan 23 21:17:59 mymailserver postfix/smtpd[7976]: warning: problem talking to server 127.0.0.1:10023: Connection refused Jan 23 21:18:00 mymailserver postfix/smtpd[7976]: warning: connect to 127.0.0.1:10023: Connection refused Jan 23 21:18:00 mymailserver postfix/smtpd[7976]: warning: problem talking to server 127.0.0.1:10023: Connection refused Jan 23 21:18:00 mymailserver postfix/smtpd[7976]: NOQUEUE: reject: RCPT from somecompany.com[100.200.300.400]: 451 4.3.5 Server configuration problem; from=<m-1wu7GywwdBK9XOl40cdonjrOvQVbXrSQjrNIttfwaHqBuxTEiR4njb_ n@bounce.somecompany.com> to=<myrecipient@mycompany.com> proto=ESMTP helo=<mail.somecompany.com> Jan 23 21:18:05 mymailserver postfix/smtpd[7976]: disconnect from somecompany.com[100.200.300.400] Jan 23 21:18:10 mymailserver postfix/smtpd[7955]: connect from unknown[200.300.400.500] Jan 23 21:18:11 mymailserver postfix/smtpd[7955]: warning: connect to 127.0.0.1:10023: Connection refused Jan 23 21:18:11 mymailserver postfix/smtpd[7955]: warning: problem talking to server 127.0.0.1:10023: Connection refused Jan 23 21:18:12 mymailserver postfix/smtpd[7955]: warning: connect to 127.0.0.1:10023: Connection refused Jan 23 21:18:12 mymailserver postfix/smtpd[7955]: warning: problem talking to server 127.0.0.1:10023: Connection refused Jan 23 21:18:12 mymailserver postfix/smtpd[7955]: NOQUEUE: reject: RCPT from unknown[200.300.400.500]: 451 4.3.5 Server configuration problem; from=<someone@anothercompany.com> to=<myrecipient@mycompany.com> proto=ESMTP helo=<m ail.anothercompany.com> Jan 23 21:18:12 mymailserver postfix/smtpd[7955]: disconnect from unknown[200.300.400.500] Jan 23 21:18:17 mymailserver postfix/smtpd[7976]: connect from mta.ilikecheese.com[300.400.500.600] Jan 23 21:18:18 mymailserver postfix/smtpd[7976]: warning: connect to 127.0.0.1:10023: Connection refused Jan 23 21:18:18 mymailserver postfix/smtpd[7976]: warning: problem talking to server 127.0.0.1:10023: Connection refused Jan 23 21:18:19 mymailserver postfix/smtpd[7976]: warning: connect to 127.0.0.1:10023: Connection refused Jan 23 21:18:19 mymailserver postfix/smtpd[7976]: warning: problem talking to server 127.0.0.1:10023: Connection refused Jan 23 21:18:19 mymailserver postfix/smtpd[7976]: NOQUEUE: reject: RCPT from mta.ilikecheese.com[300.400.500.600]: 451 4.3.5 Server configuration problem; from=<someone@thatcompany.com> to=<myrecipient@mycompany.com> pro to=ESMTP helo=<MTA.thatcompany.com> Jan 23 21:18:20 mymailserver postfix/smtpd[7976]: disconnect from mta.thatcompany.com[300.400.500.600]
You almost have a heart attack – every single email is bouncing back and it’s clear that it’s something to do with your upgrade. What went wrong? The errors refer to a configuration issue, but you didn’t change any of the configuration in your upgrade!
Closer inspection reveals that for some reason, Postfix is unable pass messages onto Postgrey which is a local service running on port 10023 by default on Ubuntu systems. If you try telnetting to port 10023 on 127.0.0.1 , you also get a “connection refused” error. So what’s happened?
The answer is that somewhere between Ubuntu 10.04 and Ubuntu 12.04, Postgrey changed the protocol it binds on. It now binds to IPv6 instead of IPv4 so we need to make some minor changes to Postfix’s configuration to get Postgrey working again.
- First up, we need to stop mail being bounced. It’s better to have sending servers pool up mail a little and then send it all through at once later, so at a Terminal prompt on your server, type in:
$ sudo service postfix stop
- Now we need to edit Postfix’s configuration file:
$ sudo nano /etc/postfix/main.cf
- Scroll down until you can see the line inside the “smtp_recipient_restrictions” section that directs Postfix to send mail to Postgrey for checking (or use CTRL+W to search for it), which looks like this:
check_policy_service inet:127.0.0.1:10023,
- And now modify that line to look like the following. This will make Postfix pass on the mail to Postgrey using IPv6 instead of IPv4:
check_policy_service inet:::1:10023,
- Now on a new line outside of the “smtp_recipient_restrictions” section, add the following line:
inet_protocols=all
- Save your changes by pressing CTRL+X, then “Y” and then Enter.
- Now we can restart Postfix with:
$ sudo service postfix restart
- Now start tailing your log with the “follow” parameter using the following command:
$ tail -f /var/log/mail.log
- Now send a test email and watch what new information appears in the terminal log. This time the mail should be successfully received and processed as normal.
- Pat yourself on the back and breath a sigh of relief.
Leave a Reply