[tor-bugs] #31743 [Internal Services/Tor Sysadmin Team]: SMTP on carinatum

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Sep 16 16:04:25 UTC 2019 

#31743: SMTP on carinatum
-------------------------------------------------+-------------------------
 Reporter:  atagar                               |          Owner:  anarcat
     Type:  defect                               |         Status:  closed
 Priority:  Very High                            |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:  fixed
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by anarcat):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 This is the problem:

 {{{
 Sep 16 15:21:45 carinatum/carinatum postfix/smtpd[18138]: fatal: in
 parameter smtpd_relay_restrictions or smtpd_recipient_restrictions,
 specify at least one working instance of: reject_unauth_destination,
 defer_unauth_destination, reject, defer, defer_if_permit or
 check_relay_domains
 }}}

 {{{
 root at carinatum:/etc/postfix# postconf smtpd_relay_restrictions
 smtpd_relay_restrictions = ${{$compatibility_level} < {1} ? {} :
 {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}
 root at carinatum:/etc/postfix# postconf smtpd_recipient_restrictions
 smtpd_recipient_restrictions =
 root at carinatum:/etc/postfix# postconf compatibility_level
 compatibility_level = 0
 }}}

 This is the last change to Postfix's `main.cf` before july 8th:

 {{{
 commit 0dbf5557fc3dec867c63482b0255ba9acffa4a29
 Author: Peter Palfrader <peter at palfrader.org>
 Date:   Thu Jun 27 09:02:42 2019 +0200

     set unverified_recipient_reject_code to 550, this should address
 #30911

 diff --git a/modules/postfix/templates/main.cf.erb
 b/modules/postfix/templates/m
 ain.cf.erb
 index 4b789ca5..f713d407 100644
 --- a/modules/postfix/templates/main.cf.erb
 +++ b/modules/postfix/templates/main.cf.erb
 @@ -99,6 +99,7 @@ maximal_queue_lifetime = 7d
  address_verify_map = btree:${data_directory}/verify
  address_verify_negative_refresh_time = 840s
  unverified_sender_reject_code = 450
 +unverified_recipient_reject_code = 550
  address_verify_sender = <>

  <% if @hostname == "eugeni" -%>

 }}}

 I doubt it's related.

 The host *may* have been upgraded to buster in July, however:

 {{{
 Start-Date: 2019-07-09  19:10:31
 Commandline: apt dist-upgrade
 }}}

 So this could be a matter of upgrading the postfix config template to
 buster.

 I fixed this on this specific host by adding `compatibility_level=2` to
 the configuration, but I'll need to check this across the infra to make
 sure we don't have the problem elsewhere. Will open a different ticket on
 this, however (#31743).

 thanks for the report, I hope this fixes it to your satisfaction. :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31743#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list