Linux Postfix Troubleshooting

KodeKloud Engineer — Linux System Administrator Task

In this task, proposed here, the sysadmin has to troubleshoot Postfix Mail service issue. The full prompt goes as follows:

Question : Some users of the monitoring app have reported issues with xFusionCorp Industries mail server. They have a mail server in Stork DC where they are using postfix mail transfer agent. Postfix service seems to fail. Try to identify the root cause and fix it.

Note :- Perform commands based on your question ie server, user name & other details might be different so modify the commands accordingly

1. You will be on jump server you need to Login on mail server as per the task given “ ssh groot@stmail01 ” and become sudo user with “ sudo su ” command (you can find out the architecture and wiki in side bar )

2. Start postfix service with “ systemctl start postfix ” command you can see the below output to check the details.

use “ systemctl status postfix -l ” for checking detail error output.

3. As we can see that in output that the service is showing that it is trying to look for local interface that means we need to check the configuration file for that use “ vi /etc/postfix/main.cf ” and find inet_interfaces by typing
“ /inet_interfaces “ in vi editor it will show below output

4. as we can see we need to comment out the inet_interfaces = localhost so that it will not check the localhost save the file by with Esc + :wq + enter

c

5.and start the services with “ systemctl start postfix ” and check the status with “ systemctl status postfix ”

6. now we can validate the task by using telnet command and the port which the service is using is 25 so use this command “ telnet stmail01 25 “
if you are able to connect to the service that means the service is working fine

7. After configuring and verifying click on Finish & Confirm to complete the task successful

TIPS -
inet_interfaces (default: all) The network interface addresses that this mail system receives mail on. Specify “all” to receive mail on all network interfaces (default), and “loopback-only” to receive mail on loopback network interfaces only (Postfix version 2.2 and later). The parameter also controls delivery of mail to user@[ip.address].
Note 1: you need to stop and start Postfix when this parameter changes.
Note 2: address information may be enclosed inside [], but this form is not required here.
When inet_interfaces specifies just one IPv4 and/or IPv6 address that is not a loopback address, the Postfix SMTP client will use this address as the IP source address for outbound mail. Support for IPv6 is available in Postfix version 2.2 and later.
On a multi-homed firewall with separate Postfix instances listening on the “inside” and “outside” interfaces, this can prevent each instance from being able to reach remote SMTP servers on the “other side” of the firewall. Setting smtp_bind_address to 0.0.0.0 avoids the potential problem for IPv4, and setting smtp_bind_address6 to :: solves the problem for IPv6.|
A better solution for multi-homed firewalls is to leave inet_interfaces at the default value and instead use explicit IP addresses in the master.cf SMTP server definitions. This preserves the Postfix SMTP client’s loop detection, by ensuring that each side of the firewall knows that the other IP address is still the same host. Setting $inet_interfaces to a single IPv4 and/or IPV6 address is primarily useful with virtual hosting of domains on secondary IP addresses, when each IP address serves a different domain (and has a different $myhostname setting).
See also the proxy_interfaces parameter, for network addresses that are forwarded to Postfix by way of a proxy or address translator.
Examples: inet_interfaces = all (DEFAULT) inet_interfaces = loopback-only (Postfix version 2.2 and later) inet_interfaces = 127.0.0.1 inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later) inet_interfaces = 192.168.1.2, 127.0.0.1

When is this useful?
You can manipulate the main.cf file and bind port 25 to multiple IP addresses to have slightly different configurations.
When would I use loopback-only
When you want to use postfix simply to queue emails for your application to be forwarded to another email system, handling smtp in an app is easy, handling queues, delays and encryption is less easy. Many devs will add postfix to handle this for you, similarly to using nginx for SSL.
This also prevent systems that do not additionally have a firewall (Centos vs Ubuntu) to protect against other localnet systems from using your relay to spam/phish.
You would not use this setting in docker as you’d generally link them with docker-compose and would not want to make this change as it is not longer local only.