# [SOLVED] postfix error in main.cf

## cach0rr0

So here's an odd one. 

Vanilla postfix setup, done enough of them that I suppose I'm comfortable with it now. 

From Sep 24th until Nov 14th, all is working without issue. Since then I've done a reboot or two, but don't recall any config changes.

It's a low-volume home server, so not getting any mail really doesn't raise heaps of suspicion. 

I send myself a test via telnet for an unrelated reason, notice it isn't delivered. 

I check mail.log and see

```

fatal: main.cf configuration error: mailbox_size_limit is smaller than message_size_limit

```

errrr, ok...I don't even recall defining that?

```

gentoob0x active # grep mailbox_size_limit /etc/postfix/main.cf

gentoob0x active #

```

Sure enough, I hadn't defined it - intentionally, I don't care to define it. 

Things don't just arbitrarily happen for no reason, right? So let us see when this started:

grep fatal /var/log/mail.log |more

```

Sep 24 19:11:25 gentoob0x postfix/postalias[28305]: fatal: unsupported map type: dbm

Nov 14 17:44:09 gentoob0x postfix/sendmail[15229]: fatal: root@mydomain.tld(81): message file too big

Nov 14 17:48:35 gentoob0x postfix/local[15261]: fatal: main.cf configuration error: mailbox_size_limit is smaller than message_size_limit

```

Of course, I got around the issue by setting mailbox_size_limit (which was previously undef) and chunking it up to something obscene

Postfix reload, and all is well

The bit I'm curious about....the middle entry on Nov 14 17:44:09...I'm pretty sure that was me sending a test via telnet, passing a SIZE argument in the MAIL command. I was testing this to double-check my brain and make sure I remembered how to pass a SIZE argument properly, so I intentionally breach $message_size_limit

And of course the problem starts immediately after that

As of today, in working on this issue, I not only postfix reload'd, but also /etc/init.d/postfix restart

Why on earth...would breaching $message_size_limit for the first time send Postfix into this infinite cycle of complaining about $mailbox_size_limit ?

I don't see anything in my main.cf that would cause this. I mean, even if I *had* changed something, I don't see anything in here that would cause such erratic behaviour

(in case anyone curious why the config, it sits behind another SMTP server - my gateway SMTP server that does all the filtering)

```

gentoob0x active # grep -v \# /etc/postfix/main.cf |grep -v ^$

queue_directory = /var/spool/postfix

message_size_limit = 100000000

mailbox_size_limit = 800000000

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

data_directory = /var/lib/postfix

mail_owner = postfix

default_privs = nobody

myhostname = gentoob0x.mydomain.tld

mydomain = mydomain.tld

myorigin = $myhostname

inet_interfaces = all

mydestination = $myhostname, localhost, $mydomain

local_recipient_maps =

unknown_local_recipient_reject_code = 550

mynetworks = 192.168.1.0/24, 127.0.0.0/8

relayhost = [192.168.1.125]

alias_database = hash:/etc/mail/aliases

home_mailbox = Maildir/

mail_spool_directory = /var/spool/mail

luser_relay = deleteme@mydomain.tld

smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

local_destination_concurrency_limit = 2

default_destination_concurrency_limit = 20

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

html_directory = /usr/share/doc/postfix-2.5.5/html

manpage_directory = /usr/share/man

sample_directory = /etc/postfix

readme_directory = /usr/share/doc/postfix-2.5.5/readme

home_mailbox = .maildir/

smtpd_tls_security_level = may

smtpd_tls_cert_file = /etc/ssl/postfix/server.pem

smtpd_tls_key_file = /etc/ssl/postfix/server.pem

smtpd_tls_CAfile = /etc/ssl/postfix/server.pem

smtpd_tls_ask_ccert = yes

smtpd_tls_loglevel = 1

```

....well now, this is an interesting coincidence

```

gentoob0x active # grep -i sendmail /var/log/grsec.log

Nov 14 17:44:09 gentoob0x grsec: From 192.168.1.125: denied resource overstep by requesting 10240000 for RLIMIT_FSIZE against limit 10240000 for /usr/sbin/postdrop[postdrop:15230] uid/euid:81/81 gid/egid:81/208, parent /usr/sbin/sendmail[sendmail:15229] uid/euid:81/81 gid/egid:81/81

```

This directly corresponds to

```

Nov 14 17:44:09 gentoob0x postfix/sendmail[15229]: fatal: mylocalpart@mydomain.tld(81): message file too big

```

This...doesn't make any sense to me. Yes, I've built all of the GRSEC stuff into my kernel, but grsec system isn't active at the moment

Just to double-check

```

gentoob0x active # gradm -D

The operation you requested cannot be performed because the RBAC system is currently disabled.

```

Can anyone help me make sense of this? I'm completely baffled as to:

a)did grsec cause this, or merely report this, 

and 

b)if the latter is true, what on earth would cause this setting to *completely arbitrarily* be checked and prompt all subsequent message delivery to fail (queue) ?

This is bloody weird. It's certainly not how I would *expect* it to behave. The only thing I can gather, is that *maybe* the fact my telnet test was to root (i.e. root@mydomain.tld )

Any thoughts?

relevant environmental info:

```

Portage 2.1.4.5 (hardened/linux/x86/2008.0, gcc-3.4.6, glibc-2.6.1-r0, 2.6.25-hardened-r7 i686)

=================================================================

System uname: 2.6.25-hardened-r7 i686 AMD Athlon(tm)

```

postfix version the latest in portage back as of late SeptemberLast edited by cach0rr0 on Wed Nov 19, 2008 6:51 pm; edited 1 time in total

----------

## magic919

 *cach0rr0 wrote:*   

> 
> 
> ```
> 
> Sep 24 19:11:25 gentoob0x postfix/postalias[28305]: fatal: unsupported map type: dbm
> ...

 

Nope.  The sendmail bit in the log does not agree with your theory.  You'd see smtpd receiving the connection instead.

Have a look at postfconf -n and see what appears.  It's not making much sense at the moment.

----------

## overkll

Just because you don't have something set in main.cf doesn't mean it is not set to a default value.  The postconf command can reveal default or non-default settings.  Here's an example:

for current settings with the word "size" in them:

```
postconf | grep size

berkeley_db_create_buffer_size = 16777216

berkeley_db_read_buffer_size = 131072

body_checks_size_limit = 51200

bounce_size_limit = 50000

header_size_limit = 102400

mailbox_size_limit = 1024800000

message_size_limit = 30720000
```

for the default settings with the word size in them:

```
postconf -d | grep size

berkeley_db_create_buffer_size = 16777216

berkeley_db_read_buffer_size = 131072

body_checks_size_limit = 51200

bounce_size_limit = 50000

header_size_limit = 102400

mailbox_size_limit = 51200000

message_size_limit = 10240000
```

See `man postconf` for more details on it's usage

What is strange is that a message that is larger than the "message_size_limit" causes a fatal error.  It shouldn't do that, it should just reject the message.

It may have something to do with your grsec, but I've never used grsec so I can't offer any help there.

----------

## cach0rr0

the  bit that I find especially baffling

...ALL subsequent messages were then queued up

messages that weren't anywhere near either size

```

gentoob0x active # grep fatal.*mailbox_size.limit /var/log/mail.log |more

Nov 14 17:48:35 gentoob0x postfix/local[15261]: fatal: main.cf configuration err

or: mailbox_size_limit is smaller than message_size_limit

Nov 14 17:49:36 gentoob0x postfix/local[15262]: fatal: main.cf configuration err

or: mailbox_size_limit is smaller than message_size_limit

Nov 14 17:50:37 gentoob0x postfix/local[15276]: fatal: main.cf configuration err

or: mailbox_size_limit is smaller than message_size_limit

```

I find the timing to be entirely too fishy. That's when it first *started* - never happened before that, dug through every log I have, this is the first of it

And of course, this continues on indefinitely - the infinite nature of this is what has me perplexed. 

```

gentoob0x active # grep -c fatal.*mailbox_size.limit /var/log/mail.log

6985

```

Presumably raised every time message delivery was retried. Again, this is a very, very low volume system (I might get 3 messages a day that arent filtered at the gateway as spam)

I will try to recreate this, but it's truly odd. If I can repro, I'll post exact steps

EDIT: (btw, 192.168.1.100 is the postfix box. 192.168.1.125 is the filtering mail system, in case that was unclear)

----------

## cach0rr0

reproduced

full log:

```

Nov 19 18:11:17 gentoob0x postfix/master[9527]: reload configuration /etc/postfix

Nov 19 18:24:32 gentoob0x postfix/smtpd[10798]: connect from unknown[192.168.1.125]

Nov 19 18:24:54 gentoob0x postfix/smtpd[10798]: NOQUEUE: reject: MAIL from unknown[192.168.1.125]: 552 5.3.4 Message size exceeds fixed limit; proto=ESMTP helo=<mate>

Nov 19 18:25:14 gentoob0x postfix/smtpd[10798]: disconnect from unknown[192.168.1.125]

Nov 19 18:27:08 gentoob0x postfix/smtpd[10836]: connect from unknown[192.168.1.125]

Nov 19 18:27:08 gentoob0x postfix/smtpd[10836]: setting up TLS connection from unknown[192.168.1.125]

Nov 19 18:27:08 gentoob0x postfix/smtpd[10836]: Anonymous TLS connection established from unknown[192.168.1.125]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)

Nov 19 18:27:08 gentoob0x postfix/smtpd[10836]: 620C329CE3: client=unknown[192.168.1.125]

Nov 19 18:27:08 gentoob0x postfix/cleanup[10838]: 620C329CE3: message-id=<~B492445280000.492468740000.0001.mml.98197807@M1.domain.de>

Nov 19 18:27:08 gentoob0x postfix/qmgr[10697]: 620C329CE3: from=<>, size=8595, nrcpt=1 (queue active)

Nov 19 18:27:08 gentoob0x postfix/local[10839]: fatal: main.cf configuration error: mailbox_size_limit is smaller than message_size_limit

Nov 19 18:27:08 gentoob0x postfix/smtpd[10836]: disconnect from unknown[192.168.1.125]

Nov 19 18:27:09 gentoob0x postfix/master[9527]: warning: process /usr/lib/postfix/local pid 10839 exit status 1

Nov 19 18:27:09 gentoob0x postfix/master[9527]: warning: /usr/lib/postfix/local: bad command startup -- throttling

Nov 19 18:28:09 gentoob0x postfix/local[10844]: fatal: main.cf configuration error: mailbox_size_limit is smaller than message_size_limit

Nov 19 18:28:10 gentoob0x postfix/master[9527]: warning: process /usr/lib/postfix/local pid 10844 exit status 1

Nov 19 18:28:10 gentoob0x postfix/master[9527]: warning: /usr/lib/postfix/local: bad command startup -- throttling

```

To break it down

Telnet test

telnet 192.168.1.100 25

EHLO mate

MAIL FROM:<test@test.com> SIZE=99999999999

//the response is the 552 as seen in the logs

```

Nov 19 18:11:17 gentoob0x postfix/master[9527]: reload configuration /etc/postfix

Nov 19 18:24:32 gentoob0x postfix/smtpd[10798]: connect from unknown[192.168.1.125]

Nov 19 18:24:54 gentoob0x postfix/smtpd[10798]: NOQUEUE: reject: MAIL from unknown[192.168.1.125]: 552 5.3.4 Message size exceeds fixed limit; proto=ESMTP helo=<mate>

Nov 19 18:25:14 gentoob0x postfix/smtpd[10798]: disconnect from unknown[192.168.1.125]

```

I then re-send a message from my filtering MTA at the perimeter

```

Nov 19 18:27:08 gentoob0x postfix/smtpd[10836]: connect from unknown[192.168.1.125]

Nov 19 18:27:08 gentoob0x postfix/smtpd[10836]: setting up TLS connection from unknown[192.168.1.125]

Nov 19 18:27:08 gentoob0x postfix/smtpd[10836]: Anonymous TLS connection established from unknown[192.168.1.125]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)

Nov 19 18:27:08 gentoob0x postfix/smtpd[10836]: 620C329CE3: client=unknown[192.168.1.125]

Nov 19 18:27:08 gentoob0x postfix/cleanup[10838]: 620C329CE3: message-id=<~B492445280000.492468740000.0001.mml.98197807@M1.domain.de>

Nov 19 18:27:08 gentoob0x postfix/qmgr[10697]: 620C329CE3: from=<>, size=8595, nrcpt=1 (queue active)

Nov 19 18:27:08 gentoob0x postfix/local[10839]: fatal: main.cf configuration error: mailbox_size_limit is smaller than message_size_limit

Nov 19 18:27:08 gentoob0x postfix/smtpd[10836]: disconnect from unknown[192.168.1.125]

Nov 19 18:27:09 gentoob0x postfix/master[9527]: warning: process /usr/lib/postfix/local pid 10839 exit status 1

Nov 19 18:27:09 gentoob0x postfix/master[9527]: warning: /usr/lib/postfix/local: bad command startup -- throttling

Nov 19 18:28:09 gentoob0x postfix/local[10844]: fatal: main.cf configuration error: mailbox_size_limit is smaller than message_size_limit

Nov 19 18:28:10 gentoob0x postfix/master[9527]: warning: process /usr/lib/postfix/local pid 10844 exit status 1

Nov 19 18:28:10 gentoob0x postfix/master[9527]: warning: /usr/lib/postfix/local: bad command startup -- throttling

```

NB: grsec has nothing to do with this, so whomever mentioned that - spot on, nothing in my grsec logs. 

Indeed it's a case of the default settings burning me

```

mailbox_size_limit = 51200000

message_size_limit = 100000000

```

EDIT: I'm full of it. See belowLast edited by cach0rr0 on Wed Nov 19, 2008 6:54 pm; edited 1 time in total

----------

## cach0rr0

Yeah, I'm full of crap

I did the classic clueless admin thing, "but it was working fine before!"

There's a very, very reasonable chance I was screwing with the max size at some point. Otherwise, why would I be testing it? 

Self-inflicted wound. Thanks gents, marking as [SOLVED]

Somewhere in my brain I knew there were default settings besides what's in the file, never occurred to me postconf would show me this

Sorry to waste your time!

----------

## overkll

No need to apologize.  Sometimes one just needs a fresh set of eyes that are not clouded by the frustration of the problem.

Postfix yields very accurate errors in the log.  We just need to pay attention to what postfix is telling us.  :Wink: 

----------

