Bonjour à tous,
j’ai mis en place un serveur postfix/dovecot sur mon serveur
J’aimerais bien faire fonctionner amavis maintenant, le probleme est que quand je veux le mettre en pace via mon fichier /etc/postfix/master.cf
content_filter = amavis:localhost:10024
receive_override_options = no_address_mappings
je n’arrive pas a redemarrer postfix, j’ai ce message
[....] Stopping Postfix Mail Transport Agent: postfix/usr/sbin/postconf: fatal: file /etc/postfix/master.cf: line 139: bad field count
postfix/postfix-script: fatal: cannot execute /usr/sbin/postconf!
failed!
voici le contenu de mon /etc/init.d/firewall
[code]#!/bin/sh
Vider les tables actuelles
iptables -t filter -F
Vider les règles personnelles
iptables -t filter -X
Interdire toute connexion entrante et sortante
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP
—
Ne pas casser les connexions etablies
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
Autoriser loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
ICMP (Ping)
iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT
—
SSH In
iptables -t filter -A INPUT -p tcp --dport 1354 -j ACCEPT
SSH Out
iptables -t filter -A OUTPUT -p tcp --dport 1354 -j ACCEPT
DNS In/Out
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
NTP Out
iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
HTTP + HTTPS Out
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
HTTP + HTTPS In
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT
FTP Out
iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
FTP In
iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Mail SMTP:25
iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
Mail SMTP:465
iptables -t filter -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 465 -j ACCEPT
Mail SMTP:465
iptables -t filter -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 587 -j ACCEPT
Mail POP3:110
iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
Mail IMAP:143
iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
Mail IMAPs:993
iptables -t filter -A INPUT -p tcp --dport 993 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 993 -j ACCEPT
Mail POP3S:995
iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 995 -j ACCEPT
Monit
iptables -t filter -A INPUT -p tcp --dport 1337 -j ACCEPT
Mail Fetchmail:5432
iptables -t filter -A INPUT -p tcp --dport 5432 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 5432 -j ACCEPT
Mail IPSconfig:8080
#iptables -t filter -A INPUT -p tcp --dport 8080 -j ACCEPT
#iptables -t filter -A OUTPUT -p tcp --dport 8080 -j ACCEPT
Webmin
iptables -t filter -A INPUT -p tcp --dport 10000 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 10000 -j ACCEPT
MetaGlances
iptables -t filter -A INPUT -p tcp --dport 61209 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 61209 -j ACCEPT
postfix auth
iptables -t filter -A INPUT -p tcp --dport 10025 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 10025 -j ACCEPT
Amavis
iptables -t filter -A INPUT -p tcp --dport 10024 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 10024 -j ACCEPT
Postgrey
iptables -t filter -A INPUT -p tcp --dport 10023 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 10023 -j ACCEPT
Seafile
#iptables -t filter -A INPUT -p tcp --dport 8082 -j ACCEPT
#iptables -t filter -A OUTPUT -p tcp --dport 8082 -j ACCEPT
Seafile bas
#iptables -t filter -A INPUT -p tcp --dport 10001 -j ACCEPT
#iptables -t filter -A OUTPUT -p tcp --dport 10001 -j ACCEPT
ccnet
#iptables -t filter -A INPUT -p tcp --dport 12001 -j ACCEPT
#iptables -t filter -A OUTPUT -p tcp --dport 12001 -j ACCEPT
Seafile hub
#iptables -t filter -A INPUT -p tcp --dport 8000 -j ACCEPT
#iptables -t filter -A OUTPUT -p tcp --dport 8000 -j ACCEPT
Opendkim
iptables -t filter -A INPUT -p tcp --dport 8891 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 8891 -j ACCEPT
[/code]
Si je regarde mon fichier /var/log/mail.info au moment ou j’ai fais la manip 17h40, j’ai redemarré ensuite avec le parametre commenté dans le fichier master.cf
Jun 28 17:40:02 brizou postfix/smtpd[28363]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
Jun 28 17:40:02 brizou postfix/smtpd[28363]: disconnect from localhost.localdomain[127.0.0.1]
Jun 28 17:41:10 brizou postfix/smtpd[28363]: connect from localhost.localdomain[127.0.0.1]
Jun 28 17:41:10 brizou postfix/smtpd[28363]: disconnect from localhost.localdomain[127.0.0.1]
Jun 28 17:43:08 brizou postfix/qmgr[28304]: 25442808AC: from=<root@domaine.fr>, size=446, nrcpt=3 (queue active)
Jun 28 17:43:08 brizou postfix/qmgr[28304]: 5FAEE806C6: from=<monit@domaine.fr>, size=734, nrcpt=1 (queue active)
Jun 28 17:43:08 brizou postfix/qmgr[28304]: 3D55780759: from=<frnog-owner@frnog.org>, size=3775, nrcpt=1 (queue active)
Jun 28 17:43:08 brizou postfix/pipe[28908]: 25442808AC: to=<email@domaine.fr>, orig_to=<Shell@domaine.fr>, relay=dovecot, delay=485, delays=485/0.06/0/0.06, dsn=4.3.5, status=deferred (mail system configuration$
Jun 28 17:43:08 brizou postfix/pipe[28908]: 25442808AC: to=<email@domaine.fr>, orig_to=<Root@domaine.fr>, relay=dovecot, delay=485, delays=485/0.06/0/0.12, dsn=4.3.5, status=deferred (mail system configuration $
Jun 28 17:43:08 brizou postfix/pipe[28908]: warning: pipe flag `D' requires dovecot_destination_recipient_limit = 1
Jun 28 17:43:09 brizou postfix/smtpd[28916]: fatal: unexpected command-line argument: reject_unauth_pipelining,
Jun 28 17:43:10 brizou amavis[20846]: (20846-13) (!)FWD from <email@domaine.fr> -> <email@gmail.com>, 451 4.5.0 From MTA() during fwd-connect (Negative greeting: at (eval 109) line 479, <GEN35> line 1053.): id$
Jun 28 17:43:10 brizou postfix/master[28295]: warning: process /usr/lib/postfix/smtpd pid 28916 exit status 1
Jun 28 17:43:10 brizou postfix/master[28295]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Jun 28 17:43:10 brizou amavis[20846]: (20846-13) Blocked MTA-BLOCKED {TempFailedOutbound}, LOCAL [127.0.0.1]:49778 [127.0.0.1] <monit@domaine.fr> -> <email>, Queue-ID: 5FAEE806C6, Message-ID: <1372265$
Jun 28 17:43:10 brizou postfix/smtpd[28917]: fatal: unexpected command-line argument: reject_unauth_pipelining,
Jun 28 17:43:10 brizou postfix/smtp[28909]: 5FAEE806C6: to=<email>, relay=127.0.0.1[127.0.0.1]:10024, delay=168701, delays=168699/0.05/0.01/1.7, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] $
Jun 28 17:43:10 brizou postfix/smtpd[28921]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Jun 28 17:43:10 brizou postfix/smtpd[28921]: connect from localhost.localdomain[127.0.0.1]
Jun 28 17:43:10 brizou postfix/smtpd[28921]: disconnect from localhost.localdomain[127.0.0.1]
Jun 28 17:43:11 brizou amavis[28331]: (28331-01) (!)FWD from <frnog-owner@frnog.org> -> <adresseemail@mondomaine.fr>, 451 4.5.0 From MTA() during fwd-connect (Negative greeting: at (eval 109) line 479, <GEN35> line 129$
Si vous avez une idée merci d’avance