Re: Changeing outgoing port
On Fri, 19 Sep 2008 07:39:37 +0200, Ralf Hildebrandt wrote: * RYAN vAN GINNEKEN [EMAIL PROTECTED]: Hello all i need to change the outgoing port used by postfix from 25 to 325. I need to do this as my isp blocks outgoing port 25 however my incoming isp forwards port 325 Use transport_maps -- Ralf, I think you might want to rethink that. To me it seems that the OP is under the misapprehension that because his ISP blocks out bound port 25 traffic that he needs to use another port to get his mail out. Postfix does not use port 25 to send mail. That's what it listens on. You knew that ;) I bet that his ISP is blocking traffic outbound TO port 25, not from. He's not going to like it but I think he needs to use his ISP's relay. (N.B. Replies on-list are fine by me. Off-list replies don't get here unless the reply-to: address is used. This is an IQ test 8-) Failures are tarpitted. ) Rod/ In the beginning was The Word and The Word was Content-type: text/plain The Word of Rod.
Re: Changeing outgoing port
I only need to send mail receiving is not that big of a deal for this machine. If i could get postfix to send outbound mail on port 325 that would be all i need. The server on the other end is already listening to port 325 actually port 325 is forwarded to 25 on the receiving end of things. Does this mean the transport map thing will work ?? Computer King CaN Mail - Sales Service Hosting Backup http://www.computerking.ca http://www.canmail.org NEW!!! Custom Service Packages Secure IMAP Email - Automated Remote Backups - Photo Blogs - Online Accounting Packages - Rod Whitworth [EMAIL PROTECTED] wrote: On Fri, 19 Sep 2008 07:39:37 +0200, Ralf Hildebrandt wrote: * RYAN vAN GINNEKEN [EMAIL PROTECTED]: Hello all i need to change the outgoing port used by postfix from 25 to 325. I need to do this as my isp blocks outgoing port 25 however my incoming isp forwards port 325 Use transport_maps -- Ralf, I think you might want to rethink that. To me it seems that the OP is under the misapprehension that because his ISP blocks out bound port 25 traffic that he needs to use another port to get his mail out. Postfix does not use port 25 to send mail. That's what it listens on. You knew that ;) I bet that his ISP is blocking traffic outbound TO port 25, not from. He's not going to like it but I think he needs to use his ISP's relay. (N.B. Replies on-list are fine by me. Off-list replies don't get here unless the reply-to: address is used. This is an IQ test 8-) Failures are tarpitted. ) Rod/ In the beginning was The Word and The Word was Content-type: text/plain The Word of Rod.
Re: Question on Mail Forwarding with Virtual Hosts.
Daniel V. Reinhardt wrote: All, I just set up virtual maps and virtual hosting using postfix, and would like to know how I can forward email from a non-unix account to someone who has a unix account. For example, cryptodan is a user on the unix machine and has a shell and login credentials. However, I would like to create [EMAIL PROTECTED] to be foardwared to cryptodan the local unix account. How would I go about doing this? use virtual_alias_maps [EMAIL PROTECTED] [EMAIL PROTECTED] assuming you have localhost in mydestination. otherwise replace it with any domain listed in mydestination.
Re: weird problem with smtpd_recipient_restrictions
[EMAIL PROTECTED] wrote: [snip] My domain is example.com, and i have some subdomains (ie ldap.example.com). So the problem is: If i send a message with RCPT TO [EMAIL PROTECTED], check_recipient_access rules starts checking this subdomain, but since i don't have this subdomain in my ldap lookup table and directory, it must finish with a reject right? No. it depends on parent_domain_matches_subdomains. see http://www.postfix.org/access.5.html [snip]
Re: Changeing outgoing port
RYAN vAN GINNEKEN wrote: Hello all i need to change the outgoing port used by postfix from 25 to 325. I need to do this as my isp blocks outgoing port 25 however my incoming isp forwards port 325 I know this has been discussed many times on many lists but i cannot get any of the posted solutions to work. Maybe i am encountering a different problem?? Here is a the simple break down need to send mail out on port 325 there is a firewall that is allowing all outbound traffic. As you can see from the output of the telnet command below that i can access the email server i wish to send mail to with port 325. telnet mx1.canmail.org 325 Trying 66.244.200.225... Connected to mx1.canmail.org. Escape character is '^]'. 220 mx1.canmail.org ESMTP Postfix *I have tried changing this in master.cf but is does not work think smtpd is inbound anyway. #smtp inet n - - - - smtpd 325 inet n - - - - smtpd you are changing the port on which _your_ smtpd is listening. undo the change. Sep 18 19:05:45 bao postfix/smtp[8072]: 767BF32092: to=[EMAIL PROTECTED], relay=none, delay=2113, delays=2083/0.07/30/0, dsn=4.4.1, status=deferred (connect to mx1.canmail.org[66.244.200.225]:25: Connection timed out) *I have also tried this thinking this might control outbound port but it does not work #smtp unix - - - - - smtp 325 unix - - - - - smtp you have renamed the smtp transport. now its name is 325. undo the change. Sep 18 19:08:31 bao postfix/pickup[8172]: 12D7B32094: uid=1000 from=c0mputerking Sep 18 19:08:31 bao postfix/cleanup[8190]: 12D7B32094: message-id=[EMAIL PROTECTED] Sep 18 19:08:31 bao postfix/qmgr[8174]: 12D7B32094: from=[EMAIL PROTECTED], size=343, nrcpt=1 (queue active) Sep 18 19:08:31 bao postfix/qmgr[8174]: warning: connect to transport smtp: Connection refused Sep 18 19:08:31 bao postfix/error[8192]: 12D7B32094: to=[EMAIL PROTECTED], relay=none, delay=0.11, delays=0.08/0.01/0/0.02, dsn=4.3.0, status=deferred (mail transport unavailable) since you renamed your smtp transport, postfix can't find it anymore! put everything back to how you found it and use relayhost = [boa.computerking.ca]:325 in your master.cf *I have tried adding this to my master.cf file but always get errors in my mail.log like below * smtp:[boa.computerking.ca]:325 fatal: /etc/postfix/master.cf: line 26: bad transport type: smtp:[boa.computerking.ca]:325 stop doing random changes. read the docs.
Re: Changeing outgoing port
* RYAN vAN GINNEKEN [EMAIL PROTECTED]: I only need to send mail receiving is not that big of a deal for this machine. If i could get postfix to send outbound mail on port 325 that would be all i need. The server on the other end is already listening to port 325 actually port 325 is forwarded to 25 on the receiving end of things. Does this mean the transport map thing will work ?? Yes. Or a relayhost setting, like: relayhost = [hostaddress]:325 -- Ralf Hildebrandt ([EMAIL PROTECTED]) [EMAIL PROTECTED] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job Any sufficiently advanced bug is indistinguishable from a feature. -Rich Kulawiec
Re: Changeing outgoing port
Ok Thank you very much ladies/gentlemen OK i added this to my /etc/postfix/main.cf transport_maps = hash:/etc/postfix/transport Then set up this rule * smtp:[hostaddress]:325 in my transport file then hashed it with posthash to create transport.db an like magic it all works i am receiving mail However you are stating that if i add this line to main.cf it would work the same!! seems easier but which is more correct? relayhost = [hostaddress]:325 ps I had made all changes one at a time and changed them back one at time when they did not work. Did not want you all to think i was being lazy posting with out reading and trying and testing first. I had read some docs just not the right ones Thank you so much for again pointing me in the right direction. Computer King CaN Mail - Sales Service Hosting Backup http://www.computerking.ca http://www.canmail.org NEW!!! Custom Service Packages Secure IMAP Email - Automated Remote Backups - Photo Blogs - Online Accounting Packages - Ralf Hildebrandt [EMAIL PROTECTED] wrote: * RYAN vAN GINNEKEN [EMAIL PROTECTED]: I only need to send mail receiving is not that big of a deal for this machine. If i could get postfix to send outbound mail on port 325 that would be all i need. The server on the other end is already listening to port 325 actually port 325 is forwarded to 25 on the receiving end of things. Does this mean the transport map thing will work ?? Yes. Or a relayhost setting, like: relayhost = [hostaddress]:325 -- Ralf Hildebrandt ([EMAIL PROTECTED]) [EMAIL PROTECTED] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job Any sufficiently advanced bug is indistinguishable from a feature. -Rich Kulawiec
Re: Changeing outgoing port
RYAN vAN GINNEKEN wrote: Ok Thank you very much ladies/gentlemen OK i added this to my /etc/postfix/main.cf transport_maps = hash:/etc/postfix/transport Then set up this rule * smtp:[hostaddress]:325 in my transport file then hashed it with posthash to create transport.db an like magic it all works i am receiving mail However you are stating that if i add this line to main.cf it would work the same!! seems easier but which is more correct? relayhost = [hostaddress]:325 This is better. the * entry in transports is a bit ugly.
Re: Changeing outgoing port
Thanks again i added the relay host line you are right seems nicer no hashing involved that makes it easier too. Computer King CaN Mail - Sales Service Hosting Backup http://www.computerking.ca http://www.canmail.org NEW!!! Custom Service Packages Secure IMAP Email - Automated Remote Backups - Photo Blogs - Online Accounting Packages - mouss [EMAIL PROTECTED] wrote: RYAN vAN GINNEKEN wrote: Ok Thank you very much ladies/gentlemen OK i added this to my /etc/postfix/main.cf transport_maps = hash:/etc/postfix/transport Then set up this rule * smtp:[hostaddress]:325 in my transport file then hashed it with posthash to create transport.db an like magic it all works i am receiving mail However you are stating that if i add this line to main.cf it would work the same!! seems easier but which is more correct? relayhost = [hostaddress]:325 This is better. the * entry in transports is a bit ugly.
Re: checking integrity
It's too late to reject the mail that's already in your queue, better to identify the spam and discard it. I see. That is an important information. OK, I will set up spamassassin and requeue all mail. Thanks to everyone for help. -- Milos Prudek
Re: getting 'mail transport unavailable'
Thanks. I had added one transport which I had forgotten to add in master.cf (braindead). Regards, ANANT. Quoting Duane Hill [EMAIL PROTECTED]: On Fri, 19 Sep 2008, [EMAIL PROTECTED] wrote: Dear List, I am getting mail transport unavailable for one specific domain 'elsevier.com'. How should I debug? We have recently upgraded to Postfix 2.5.5 running on AIX 5.3 OS. http://www.postfix.org/DEBUG_README.html See the logs below. Sep 19 10:05:59 dnserns.isac.gov.in Message forwarded from dnserns: postfix/smtpd[995364]: 72740104E: client=loopback[127.0.0.1] Sep 19 10:06:07 dnserns.isac.gov.in Message forwarded from dnserns: postfix/error[504048]: 72740104E: to=[EMAIL PROTECTED], relay=none, delay=18, delays=17/0.02/0/0.03, dsn=4.3.0, status=deferred (mail transport unavailable) Sep 19 10:17:24 services postfix/cleanup[4156]: 4E849108457: message-id=[EMAIL PROTECTED] Sep 19 10:17:24 services amavis[4159]: (04159-10) Passed CLEAN, LOCAL [172.20.2.58] [172.20.2.58] [EMAIL PROTECTED] - [EMAIL PROTECTED], Message-ID: [EMAIL PROTECTED], mail_id: 1mCx7IM5f7Xl, Hits: -3.366, queued_as: 4E849108457, 294 ms Sep 19 10:17:24 services postfix/cleanup[4154]: 94D4F10844E: message-id=[EMAIL PROTECTED] Sep 19 10:12:15 dnserns.isac.gov.in Message forwarded from dnserns: postfix/qmgr[1220690]: 72740104E: from=[EMAIL PROTECTED], size=360, nrcpt=2 (queue active) Sep 19 10:12:15 dnserns.isac.gov.in Message forwarded from dnserns: postfix/error[1048648]: 72740104E: to=[EMAIL PROTECTED], relay=none, delay=386, delays=386/0.03/0/0.03, dsn=4.3.0, status=deferred (mail transport unavailable) Sep 19 10:15:00 dnserns.isac.gov.in Message forwarded from dnserns: postfix/qmgr[1220690]: 72740104E: from=[EMAIL PROTECTED], size=360, nrcpt=2 (queue active) Sep 19 10:15:00 dnserns.isac.gov.in Message forwarded from dnserns: postfix/error[975044]: 72740104E: to=[EMAIL PROTECTED], relay=none, delay=551, delays=551/0.06/0/0.05, dsn=4.3.0, status=deferred (mail transport unavailable) Sep 19 10:27:15 dnserns.isac.gov.in Message forwarded from dnserns: postfix/qmgr[1220690]: 72740104E: from=[EMAIL PROTECTED], size=360, nrcpt=2 (queue active) Sep 19 10:27:15 dnserns.isac.gov.in Message forwarded from dnserns: postfix/error[970774]: 72740104E: to=[EMAIL PROTECTED], relay=none, delay=1286, delays=1286/0.03/0/0.03, dsn=4.3.0, status=deferred (mail transport unavailable) Sep 19 10:30:00 dnserns.isac.gov.in Message forwarded from dnserns: postfix/qmgr[1220690]: 72740104E: from=[EMAIL PROTECTED], size=360, nrcpt=2 (queue active) Sep 19 10:30:00 dnserns.isac.gov.in Message forwarded from dnserns: postfix/error[381050]: 72740104E: to=[EMAIL PROTECTED], relay=none, delay=1451, delays=1451/0.06/0/0.05, dsn=4.3.0, status=deferred (mail transport unavailable) Sep 19 10:45:00 dnserns.isac.gov.in Message forwarded from dnserns: postfix/qmgr[1220690]: 72740104E: from=[EMAIL PROTECTED], size=360, nrcpt=2 (queue active) Sep 19 10:45:00 dnserns.isac.gov.in Message forwarded from dnserns: postfix/error[544782]: 72740104E: to=[EMAIL PROTECTED], relay=none, delay=2351, delays=2351/0.06/0/0.05, dsn=4.3.0, status=deferred (mail transport unavailable) Waiting for info. Regards, ANANT. This message was sent using IMP, the Internet Messaging Program. -d This message was sent using IMP, the Internet Messaging Program.
Re: distribution lists.
Il giorno gio, 18/09/2008 alle 14.11 +0200, mouss ha scritto: Mauro Sanna wrote: Hello, sorry for my bad english. I have to send messages to more than one person using a single mail address. So I've created a virtual-alias: [EMAIL PROTECTED] myaccount and a text file, myaccount.txt, with all the addresses that I want to send mail. Then I put in /etc/aliases: myaccount: :include:/etc/postfix/myaccount.txt. Now I send my mail to [EMAIL PROTECTED] and it is received by all the accounts that are in the file myaccount.txt and it's all ok. The problem is that the server name is mail.example.com and if I send a mail to [EMAIL PROTECTED] it is delivered in the same way as [EMAIL PROTECTED] I don't want that [EMAIL PROTECTED] is delivered. I want that only adresses with @example.com are delivered. How can I solve it? remove $myhostname from mydestination. In mydestination I have only mail.example.com, localhost.example.com, , localhost. example.com is managed as a virtual domain. Can I leave mydestination empty?
Re: distribution lists.
On Fri, Sep 19, 2008 at 12:41:13PM +0200, Mauro Sanna wrote: Il giorno gio, 18/09/2008 alle 14.11 +0200, mouss ha scritto: Mauro Sanna wrote: Hello, sorry for my bad english. I have to send messages to more than one person using a single mail address. So I've created a virtual-alias: [EMAIL PROTECTED] myaccount and a text file, myaccount.txt, with all the addresses that I want to send mail. Then I put in /etc/aliases: myaccount: :include:/etc/postfix/myaccount.txt. Now I send my mail to [EMAIL PROTECTED] and it is received by all the accounts that are in the file myaccount.txt and it's all ok. The problem is that the server name is mail.example.com and if I send a mail to [EMAIL PROTECTED] it is delivered in the same way as [EMAIL PROTECTED] I don't want that [EMAIL PROTECTED] is delivered. I want that only adresses with @example.com are delivered. How can I solve it? remove $myhostname from mydestination. In mydestination I have only mail.example.com, localhost.example.com, , localhost. example.com is managed as a virtual domain. Can I leave mydestination empty? Almost. You should probably still have at least one domain listed, that is used for the right-hand-side of aliases where the target should be a local delivery. One approach is to use: main.cf: mydestination = local.invalid smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/reject_invalid check_recipient_access regexp:/etc/postfix/reject_invalid reject_invalid: /[EMAIL PROTECTED]/ REJECT invalid sender or recipient domain with this local.invalid is delivered locally after aliasing, but never accepted via SMTP. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:[EMAIL PROTECTED] If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Could someone explain whats happening or whether undetected outbound traffic is going through postfix/smtp
HostA is: internal mailhost, CNAME of ns.example.com and a fresh install of: Fedora Core 8 Firestarter w open ports 53, 80, closed 25, filtered 587, 3306 amavisd, spamassasin, etc. Postfix w/ TLS, SASLAUTH, and only submission in master.cf Only one user account There are no entries in syslog, secure, audit, or maillog alerting about sessions for 58.55.12.123, 190-50-124-109, 222.162.134.199, etc. netstat, lsof, nnmap, iptables, etc. do not show open/listening ports other than configured open ports. hostA scanned from outside network do not show open ports. Yet, using tcpdump there appears to be traffic dst port 25. How do I troubleshoot to find hole that allows smtp traffic? [EMAIL PROTECTED] ~]# tcpdump dst port 25 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 18:29:39.833622 IP 58.55.12.123.4493 hostA.example.com.smtp: S 1223686926:1223686926(0) win 16384 mss 1440,nop,nop,sackOK 18:29:43.104312 IP 58.55.12.123.4493 hostA.example.com.smtp: S 1223686926:1223686926(0) win 16384 mss 1440,nop,nop,sackOK 18:29:49.652882 IP 58.55.12.123.4493 hostA.example.com.smtp: S 1223686926:1223686926(0) win 16384 mss 1440,nop,nop,sackOK 18:30:03.791511 IP 190-50-124-109.speedy.com.ar.screencast ns.example.com.smtp: S 729051831:729051831(0) win 65535 mss 1440,nop,wscale 0,nop,nop,sackOK 18:30:04.254891 IP 190-50-124-109.speedy.com.ar.screencast ns.example.com.smtp: . ack 435012380 win 65535 18:30:06.003350 IP 190-50-124-109.speedy.com.ar.screencast ns.example.com.smtp: . ack 28 win 65508 18:30:06.301533 IP 190-50-124-109.speedy.com.ar.screencast ns.example.com.smtp: P 0:35(35) ack 28 win 65508 18:30:06.752339 IP 190-50-124-109.speedy.com.ar.screencast ns.example.com.smtp: . ack 49 win 65487 18:30:07.116750 IP 190-50-124-109.speedy.com.ar.screencast ns.example.com.smtp: P 35:67(32) ack 49 win 65487 18:30:07.580371 IP 190-50-124-109.speedy.com.ar.screencast ns.example.com.smtp: . ack 63 win 65473 18:30:07.921756 IP 190-50-124-109.speedy.com.ar.screencast ns.example.com.smtp: P 67:103(36) ack 63 win 65473 18:30:08.345567 IP 190-50-124-109.speedy.com.ar.screencast ns.example.com.smtp: . ack 140 win 65396 18:30:08.806004 IP 190-50-124-109.speedy.com.ar.screencast ns.example.com.smtp: P 103:109(6) ack 140 win 65396 18:30:09.147135 IP 190-50-124-109.speedy.com.ar.screencast ns.example.com.smtp: . ack 156 win 65381 18:30:09.153795 IP 190-50-124-109.speedy.com.ar.screencast ns.example.com.smtp: F 109:109(0) ack 156 win 65381 18:30:46.727189 IP 222.162.134.199.tapeware hostA.example.com.smtp: S 2476760398:2476760398(0) win 64800 mss 1440,nop,nop,sackOK 18:30:49.831556 IP 222.162.134.199.tapeware hostA.example.com.smtp: S 2476760398:2476760398(0) win 64800 mss 1440,nop,nop,sackOK 18:30:52.208057 IP 163.180.130.99.surveyinst ns.example.com.smtp: S 1324864061:1324864061(0) win 16384 mss 1460,nop,nop,sackOK 18:30:52.384717 IP 163.180.130.99.surveyinst ns.example.com.smtp: . ack 1189490064 win 1460 18:30:53.550460 IP 163.180.130.99.surveyinst ns.example.com.smtp: . ack 28 win 17493 18:30:53.802689 IP 163.180.130.99.surveyinst ns.example.com.smtp: P 0:15(15) ack 28 win 17493 18:30:54.100565 IP 163.180.130.99.surveyinst ns.example.com.smtp: . ack 142 win 17379 18:30:54.804252 IP 163.180.130.99.surveyinst ns.example.com.smtp: P 15:88(73) ack 142 win 17379 18:30:55.195768 IP 163.180.130.99.surveyinst ns.example.com.smtp: . ack 271 win 17250 18:30:55.303963 IP 163.180.130.99.surveyinst ns.example.com.smtp: F 88:88(0) ack 271 win 17250 18:30:55.482087 IP 163.180.130.99.surveyinst ns.example.com.smtp: . ack 272 win 17250 18:30:55.797787 IP 222.162.134.199.tapeware hostA.example.com.smtp: S 2476760398:2476760398(0) win 64800 mss 1440,nop,nop,sackOK 18:31:04.455971 IP 163.180.130.99.krb5gatekeeper ns.example.com.smtp: S 1421630867:1421630867(0) win 16384 mss 1460,nop,nop,sackOK 18:31:04.628559 IP 163.180.130.99.krb5gatekeeper ns.example.com.smtp: . ack 1374260047 win 1460 18:31:05.030708 IP 163.180.130.99.krb5gatekeeper ns.example.com.smtp: . ack 28 win 17493 18:31:05.622120 IP 163.180.130.99.krb5gatekeeper ns.example.com.smtp: P 0:15(15) ack 28 win 17493 18:31:06.014558 IP 163.180.130.99.krb5gatekeeper ns.example.com.smtp: . ack 142 win 17379 18:31:06.647155 IP 163.180.130.99.krb5gatekeeper ns.example.com.smtp: P 15:93(78) ack 142 win 17379 18:31:07.004928 IP 163.180.130.99.krb5gatekeeper ns.example.com.smtp: . ack 271 win 17250 18:31:07.130454 IP 163.180.130.99.krb5gatekeeper ns.example.com.smtp: F 93:93(0) ack 271 win 17250 18:31:07.314074 IP 163.180.130.99.krb5gatekeeper ns.example.com.smtp: . ack 272 win 17250 18:31:07.835731 IP 222.162.134.199.4611 ns.example.com.smtp: S 3872927950:3872927950(0) win 64800 mss 1440,nop,nop,sackOK 18:31:08.108249 IP 222.162.134.199.4611 ns.example.com.smtp: . ack 1427428045 win 64800 18:31:08.720372 IP 222.162.134.199.4611 ns.example.com.smtp: P 0:22(22) ack 28 win
Re: weird problem with smtpd_recipient_restrictions
mouss wrote: [EMAIL PROTECTED] wrote: [snip] My domain is example.com, and i have some subdomains (ie ldap.example.com). So the problem is: If i send a message with RCPT TO [EMAIL PROTECTED], check_recipient_access rules starts checking this subdomain, but since i don't have this subdomain in my ldap lookup table and directory, it must finish with a reject right? No. it depends on parent_domain_matches_subdomains. see http://www.postfix.org/access.5.html I'm using postfix default values for parent_domain_matches_subdomains. See postconf -d |grep parent_domain_matches_subdomains parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
Re: weird problem with smtpd_recipient_restrictions
Manuel Mely wrote: mouss wrote: [EMAIL PROTECTED] wrote: [snip] My domain is example.com, and i have some subdomains (ie ldap.example.com). So the problem is: If i send a message with RCPT TO [EMAIL PROTECTED], check_recipient_access rules starts checking this subdomain, but since i don't have this subdomain in my ldap lookup table and directory, it must finish with a reject right? No. it depends on parent_domain_matches_subdomains. see http://www.postfix.org/access.5.html I'm using postfix default values for parent_domain_matches_subdomains. See postconf -d |grep parent_domain_matches_subdomains Hint: You can do 'postconf var_here' (for current) or 'postconf -d var_here' (for default) then, no need for grep. parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps By default (for backwards compatibility sake), Postfix will match all subdomains with their parents if the initial match is not found. mouss was pointing you in the right direction. Perhaps set 'parent_domain_matches_subdomains=' (that is empty). This changes the meaning of all subdomains to be explicitly set, the parent is prepended by a period, or fall prey to things like reject_unauth_destination and non-matching maps. Brian
Re: weird problem with smtpd_recipient_restrictions
Manuel Mely wrote: mouss wrote: [EMAIL PROTECTED] wrote: [snip] My domain is example.com, and i have some subdomains (ie ldap.example.com). So the problem is: If i send a message with RCPT TO [EMAIL PROTECTED], check_recipient_access rules starts checking this subdomain, but since i don't have this subdomain in my ldap lookup table and directory, it must finish with a reject right? No. it depends on parent_domain_matches_subdomains. see http://www.postfix.org/access.5.html I'm using postfix default values for parent_domain_matches_subdomains. See postconf -d |grep parent_domain_matches_subdomains parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps 'postconf -d' output is useless here. Anyway, try $ postconf -e parent_domain_matches_subdomains= to understand what this does, read the docs, including the already cited access.5.html, as well as the postconf man page (which is also available on the postfix site).
Re: Could someone explain whats happening or whether undetected outbound traffic is going through postfix/smtp
Maple wrote: HostA is: internal mailhost, CNAME of ns.example.com and a fresh install of: Fedora Core 8 Firestarter w open ports 53, 80, closed 25, filtered 587, 3306 amavisd, spamassasin, etc. Postfix w/ TLS, SASLAUTH, and only submission in master.cf Only one user account There are no entries in syslog, secure, audit, or maillog alerting about sessions for 58.55.12.123, 190-50-124-109, 222.162.134.199, etc. netstat, lsof, nnmap, iptables, etc. do not show open/listening ports other than configured open ports. hostA scanned from outside network do not show open ports. Yet, using tcpdump there appears to be traffic dst port 25. How do I troubleshoot to find hole that allows smtp traffic? [EMAIL PROTECTED] ~]# tcpdump dst port 25 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 18:29:39.833622 IP 58.55.12.123.4493 hostA.example.com.smtp: S 1223686926:1223686926(0) win 16384 mss 1440,nop,nop,sackOK 18:29:43.104312 IP 58.55.12.123.4493 hostA.example.com.smtp: S 1223686926:1223686926(0) win 16384 mss 1440,nop,nop,sackOK This shows an incoming connection to port 25, not outgoing. http://www.postfix.org/DEBUG_README.html -- Noel Jones
Delivering to 2 imap servers
Is it possible to have postfix deliver mail to 2 mda's at the same time ? ie. 1 imap server on box 1 and another imapserver on box 2 ? thnx -- Test [EMAIL PROTECTED]
Re: Delivering to 2 imap servers
Test wrote: Is it possible to have postfix deliver mail to 2 mda's at the same time ? ie. 1 imap server on box 1 and another imapserver on box 2 ? thnx Personally, I would setup a second Postfix instance on the box 2 as an internal only machine and then put a virtual_alias_maps, on box 1, entry for every user referencing both the box 1 and box 2 entries. Doing this redundancy will save you from worrying about a network file system failure (loss of connectivity incl.) and errors that may result from it. Brian
Re: Delivering to 2 imap servers
Test wrote: Is it possible to have postfix deliver mail to 2 mda's at the same time ? please explain your problem more clearly. postfix can deliver via: - smtp - lmtp - pipe (exec a command) it can deliver to as many smtp/lmtp servers and as many MDAs as you want. ie. 1 imap server on box 1 and another imapserver on box 2 ? postfix doesn't deliver to imap. postfix can deliver to a remote smtp or lmtp server; or can deliver to a command that does whatever you want. but in general, you don't use commands to deliver to remote servers: you use smtp or lmtp.
Postfix release schedule?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm wondering if there is a release schedule available somewhere. I poked around on postfix.org without really finding anything. Specifically, I'm wondering if anyone has any sort of approximate release date for a 2.6 stable? I've played around with the experimental releases and there are a couple of features I'm really excited about getting into production, but I want to wait for a stable release (even though the Postfix experimentals are more stable than a lot of other projects stable releases). Thanks, Jay Deiman -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjT0/0ACgkQQ0lr+ZVKSBgB9gCbBdaeW3ySj7R3YJx/yO3TP6MW llwAnA49LeOphgW0CDOV+K2TuzcKqzTl =iCFC -END PGP SIGNATURE-
RE: Postfix statistics from log stored on RDBMS
I have hacked pflogsumm so that it could be read log from database used by PHP-syslog-ng. If someone is interested, I will make it public. rocsca -Original Message- From: [EMAIL PROTECTED] [mailto:owner-postfix- [EMAIL PROTECTED] On Behalf Of Rocco Scappatura Sent: Friday, September 19, 2008 3:20 PM To: Robert Schetterer Cc: postfix-users@postfix.org Subject: RE: Postfix statistics from log stored on RDBMS look http://code.google.com/p/php-syslog-ng/ OK, it is very nice even if it takes a long time to analyze very large database. Moreover, it not represents much information about mail log. I prefer a tool like pflogsumm so that it can run 'off time' and it cointains many other information that are more interesting for a postmaster. Thanks a lot. rocsca
Re: Postfix release schedule?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Victor Duchovni wrote: | On Fri, Sep 19, 2008 at 11:31:58AM -0500, Jay Deiman wrote: | | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | I'm wondering if there is a release schedule available somewhere. I | poked around on postfix.org without really finding anything. | | Specifically, I'm wondering if anyone has any sort of approximate | release date for a 2.6 stable? I've played around with the experimental | releases and there are a couple of features I'm really excited about | getting into production, but I want to wait for a stable release (even | though the Postfix experimentals are more stable than a lot of other | projects stable releases). | | Short answer: when it is ready. | | Long answer: Postfix official releases appear approximately once a year, | as early in the year as possible, but if you review previous release | dates, you will observe some variability: | | 1.0 2001-02-28 | 1.1 2002-01-17 | 2.0 2002-12-22 | 2.1 2004-04-22 | 2.2 2005-03-09 | 2.3 2006-07-11 | 2.4 2007-03-28 | 2.5 2008-01-23 | Well, that pretty much answers that question. Thanks Victor, Jay -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjT24gACgkQQ0lr+ZVKSBiv7QCdH+YHHq6LBBWRzH/bzLbtJX/b qIwAn0XVXnyf/rSl4MQtUKl4iZXt3Enb =9PA8 -END PGP SIGNATURE-
Re: Delivering to 2 imap servers
Ok, small clarification: Postfix delivers to cyrus-imapd via lmtp I want to deliver the same messages to another imap server (Zarafa) for testing purposes... I can off course configure postfix to deliver to another lmtp target, but i want to deliver to the both... -- Test [EMAIL PROTECTED]
Postfix setup with no true domain just a no-ip/dyndns address?
I have looked for a guide on the Internet on how to do this but I have never found one. I am wishing to run a request tracker (RT) and need postfix. Now I already have the email coming in, sent to RT by fetch mail of a gmail account. Now how can I make it so that postfix sends replies and other stuff back to the users that will work with me having either just an IP for my postfix or my DNS. I guess to sum it all up, how can I use postfix with just an IP or a DNS that just translates to my IP though I can't do stuff like add on to the DNS like mail.mymachine.no-ip.org.
Re: Delivering to 2 imap servers
Test wrote: Ok, small clarification: Postfix delivers to cyrus-imapd via lmtp I want to deliver the same messages to another imap server (Zarafa) for testing purposes... I can off course configure postfix to deliver to another lmtp target, but i want to deliver to the both... Postfix delivers mail to recipients. Each recipient must have exactly one final destination. To deliver to multiple destinations, you need multiple recipients. Use virtual_alias_maps (not virtual_alias_domains) or recipient_bcc_maps to add a second recipient. Although there is some overlap of which method to use when, generally one would use virtual_alias_maps to duplicate mail for specified users, and recipient_bcc_maps to duplicate mail for everyone in a specific domain. a bare-bones example: # main.cf virtual_alias_maps = hash:/etc/postfix/virtual smtp_generic_maps = hash:/etc/postfix/generic # virtual_alias_maps [EMAIL PROTECTED] [EMAIL PROTECTED], [EMAIL PROTECTED] # smtp_generic_maps @server2.example.com @example.com -- Noel Jones
Re: Postfix setup with no true domain just a no-ip/dyndns address?
So would I just tell no-ip.org (seperate from DynDNS as fair as I know, but they also have MX records.), to just put in my address or would I just throw in my ISP's SMTP server? On Fri, Sep 19, 2008 at 4:12 PM, J.P. Trosclair [EMAIL PROTECTED] wrote: I think DynDNS.com (the folks who have no-ip.org right?) have an option to setup a MX record for dynamic host names. You'll more than likely want to enable this unless you have a reason not to. Basic setup for accepting and sending mail with your ddns hostname: mydomain = mymachine.no-ip.org myhostname = $mydomain myorigin = $mydomain mydestination = $mydomain Problems to consider: 1. Your ISP may block smtp traffic from you to any other server except their very own smtp servers. This is pretty common from what I've seen. 2. Some servers may reject your mail if you do not have a valid PTR record for your IP address. By default your ISP will probably have one, but it won't resolve to mymachine.no-ip.org which may cause the delivery problem mentioned before. J.P. Adam McCarthy wrote: I have looked for a guide on the Internet on how to do this but I have never found one. I am wishing to run a request tracker (RT) and need postfix. Now I already have the email coming in, sent to RT by fetch mail of a gmail account. Now how can I make it so that postfix sends replies and other stuff back to the users that will work with me having either just an IP for my postfix or my DNS. I guess to sum it all up, how can I use postfix with just an IP or a DNS that just translates to my IP though I can't do stuff like add on to the DNS like mail.mymachine.no-ip.org.
Re: Postfix setup with no true domain just a no-ip/dyndns address?
I would not point the MX record for your dynamic domain name (or any other domain name) at your ISP's server. The mail will almost certainly be rejected. Adam McCarthy wrote: So would I just tell no-ip.org (seperate from DynDNS as fair as I know, but they also have MX records.), to just put in my address or would I just throw in my ISP's SMTP server? On Fri, Sep 19, 2008 at 4:12 PM, J.P. Trosclair [EMAIL PROTECTED] wrote: I think DynDNS.com (the folks who have no-ip.org right?) have an option to setup a MX record for dynamic host names. You'll more than likely want to enable this unless you have a reason not to. Basic setup for accepting and sending mail with your ddns hostname: mydomain = mymachine.no-ip.org myhostname = $mydomain myorigin = $mydomain mydestination = $mydomain Problems to consider: 1. Your ISP may block smtp traffic from you to any other server except their very own smtp servers. This is pretty common from what I've seen. 2. Some servers may reject your mail if you do not have a valid PTR record for your IP address. By default your ISP will probably have one, but it won't resolve to mymachine.no-ip.org which may cause the delivery problem mentioned before. J.P. Adam McCarthy wrote: I have looked for a guide on the Internet on how to do this but I have never found one. I am wishing to run a request tracker (RT) and need postfix. Now I already have the email coming in, sent to RT by fetch mail of a gmail account. Now how can I make it so that postfix sends replies and other stuff back to the users that will work with me having either just an IP for my postfix or my DNS. I guess to sum it all up, how can I use postfix with just an IP or a DNS that just translates to my IP though I can't do stuff like add on to the DNS like mail.mymachine.no-ip.org. -- J.P. Trosclair Systems Administrator Jude Jude, PLLC Phone: (601) 579-8411 Fax: (601) 579-8461
Re: Postfix setup with no true domain just a no-ip/dyndns address?
Send us the output of postconf -n from your smtp server. If your logs didn't indicate the mail was rejected it could have been silently discarded by spam filters or something of the like. Adam McCarthy wrote: Well as far as I know SMTP is not blocked. I wanted to go through my ISP's server to begin with, because places such as GMail didn't like me. Yet everyone seems to love my ISP's server. I had relayhost set to my ISP, but I musta had something wrong, because some people would get replies, while other people wouldn't. On Fri, Sep 19, 2008 at 6:36 PM, Adam McCarthy [EMAIL PROTECTED] wrote: So would I just tell no-ip.org (seperate from DynDNS as fair as I know, but they also have MX records.), to just put in my address or would I just throw in my ISP's SMTP server? On Fri, Sep 19, 2008 at 4:12 PM, J.P. Trosclair [EMAIL PROTECTED] wrote: I think DynDNS.com (the folks who have no-ip.org right?) have an option to setup a MX record for dynamic host names. You'll more than likely want to enable this unless you have a reason not to. Basic setup for accepting and sending mail with your ddns hostname: mydomain = mymachine.no-ip.org myhostname = $mydomain myorigin = $mydomain mydestination = $mydomain Problems to consider: 1. Your ISP may block smtp traffic from you to any other server except their very own smtp servers. This is pretty common from what I've seen. 2. Some servers may reject your mail if you do not have a valid PTR record for your IP address. By default your ISP will probably have one, but it won't resolve to mymachine.no-ip.org which may cause the delivery problem mentioned before. J.P. Adam McCarthy wrote: I have looked for a guide on the Internet on how to do this but I have never found one. I am wishing to run a request tracker (RT) and need postfix. Now I already have the email coming in, sent to RT by fetch mail of a gmail account. Now how can I make it so that postfix sends replies and other stuff back to the users that will work with me having either just an IP for my postfix or my DNS. I guess to sum it all up, how can I use postfix with just an IP or a DNS that just translates to my IP though I can't do stuff like add on to the DNS like mail.mymachine.no-ip.org. -- J.P. Trosclair Systems Administrator Jude Jude, PLLC Phone: (601) 579-8411 Fax: (601) 579-8461
Re: Postfix setup with no true domain just a no-ip/dyndns address?
Also, have a look here: http://www.postfix.org/DEBUG_README.html Adam McCarthy wrote: Well as far as I know SMTP is not blocked. I wanted to go through my ISP's server to begin with, because places such as GMail didn't like me. Yet everyone seems to love my ISP's server. I had relayhost set to my ISP, but I musta had something wrong, because some people would get replies, while other people wouldn't. On Fri, Sep 19, 2008 at 6:36 PM, Adam McCarthy [EMAIL PROTECTED] wrote: So would I just tell no-ip.org (seperate from DynDNS as fair as I know, but they also have MX records.), to just put in my address or would I just throw in my ISP's SMTP server? On Fri, Sep 19, 2008 at 4:12 PM, J.P. Trosclair [EMAIL PROTECTED] wrote: I think DynDNS.com (the folks who have no-ip.org right?) have an option to setup a MX record for dynamic host names. You'll more than likely want to enable this unless you have a reason not to. Basic setup for accepting and sending mail with your ddns hostname: mydomain = mymachine.no-ip.org myhostname = $mydomain myorigin = $mydomain mydestination = $mydomain Problems to consider: 1. Your ISP may block smtp traffic from you to any other server except their very own smtp servers. This is pretty common from what I've seen. 2. Some servers may reject your mail if you do not have a valid PTR record for your IP address. By default your ISP will probably have one, but it won't resolve to mymachine.no-ip.org which may cause the delivery problem mentioned before. J.P. Adam McCarthy wrote: I have looked for a guide on the Internet on how to do this but I have never found one. I am wishing to run a request tracker (RT) and need postfix. Now I already have the email coming in, sent to RT by fetch mail of a gmail account. Now how can I make it so that postfix sends replies and other stuff back to the users that will work with me having either just an IP for my postfix or my DNS. I guess to sum it all up, how can I use postfix with just an IP or a DNS that just translates to my IP though I can't do stuff like add on to the DNS like mail.mymachine.no-ip.org. -- J.P. Trosclair Systems Administrator Jude Jude, PLLC Phone: (601) 579-8411 Fax: (601) 579-8461
Re: Changeing outgoing port
You are right my posts are sometimes poorly written usually by the time i get around to posting it is 4am and i have been staring at the screen for days on end. Not really conducive to descriptive English but sometime i just have to get it out before i die heehee. PS Can't count the amount of times i have been writing up a question for a list somewhere and by going through all the docs data and logs one last time end up solving my own problem before sending to the fourm. Does this happen to anyone else? Computer King CaN Mail - Sales Service Hosting Backup http://www.computerking.ca http://www.canmail.org NEW!!! Custom Service Packages Secure IMAP Email - Automated Remote Backups - Photo Blogs - Online Accounting Packages - modster v wtw [EMAIL PROTECTED] wrote: On Fri, 19 Sep 2008 00:35:28 -0600 (MDT), RYAN vAN GINNEKEN - [EMAIL PROTECTED] wrote: I only need to send mail receiving is not that big of a deal for this machine. If i could get postfix to send outbound mail on port 325 that would be all i need. The server on the other end is already listening to port 325 actually port 325 is forwarded to 25 on the receiving end of things. I think you have your answer from others before I saw this but I do want to say that your question was confusing. You don't really care what port the mail goes out on. In fact systems that use predictable ports to initiate connections are considered insecure. What you needed to say (that I did not see at the time I replied) was that you needed to use port 325 on a remote box to relay your mail. People who do not have English as a first language (or even a good second or third) have a battle in the computer world where so much is in English even when the programmer is not a native speaker in that tongue. You have the problem that your English is quite good but not perfect. It was so good that I thought you meant exactly what I read and I did not try to interpret what the real meaning was. Sorry I guessed badly but glad you are now in good hands. Rod/ From the land down under: Australia. Do we look umop apisdn from up over? Computer King CaN Mail - Sales Service Hosting Backup http://www.computerking.ca http://www.canmail.org NEW!!! Custom Service Packages Secure IMAP Email - Automated Remote Backups - Photo Blogs - Online Accounting Packages - modster v wtw [EMAIL PROTECTED] wrote: On Fri, 19 Sep 2008 00:35:28 -0600 (MDT), RYAN vAN GINNEKEN - [EMAIL PROTECTED] wrote: I only need to send mail receiving is not that big of a deal for this machine. If i could get postfix to send outbound mail on port 325 that would be all i need. The server on the other end is already listening to port 325 actually port 325 is forwarded to 25 on the receiving end of things. I think you have your answer from others before I saw this but I do want to say that your question was confusing. You don't really care what port the mail goes out on. In fact systems that use predictable ports to initiate connections are considered insecure. What you needed to say (that I did not see at the time I replied) was that you needed to use port 325 on a remote box to relay your mail. People who do not have English as a first language (or even a good second or third) have a battle in the computer world where so much is in English even when the programmer is not a native speaker in that tongue. You have the problem that your English is quite good but not perfect. It was so good that I thought you meant exactly what I read and I did not try to interpret what the real meaning was. Sorry I guessed badly but glad you are now in good hands. Rod/ From the land down under: Australia. Do we look umop apisdn from up over?
destination_rate_delay clarification
Hi! If I have in my master.cf: slow unix - - n - - smtp in my transport: ex.domain slow: and main.cf: slow_destination_rate_delay = 5s Will this mean - my Postfix server will have a 5 sec. delay after sending an email (this was the obvious thing I can monitor on the log file) - the process count for transport slow will always be 1? (because am sending 1 email at a time) - and lastly, does destination means a domain or the IP address of the destination? (I was wondering if ex.domain has multiple MX records with equal priority the behavior will be different compared to having a single MX record for ex.domain) Thanks for any advise. Regards, Julius
