Re: Problem DNS-resolving single helo-hostnames
Victor Duchovni wrote: On Thu, Jan 22, 2009 at 12:57:30PM +0100, Schilling, Timo wrote: Hello to everybody, while we use the option reject_unknown_helo_hostname we noticed, that single hostnames will be rejected without contacting the dns-servers. After some debugging of the source code we got to this line: This part is out of the dns_lookup.c and function dns_query 226 _res.options = ~saved_options; where the flag RES_DEFNAMES will be negated and so no domain-information will be added to the hostname. The hostname is used with the HELO command in SMTP is required to be the full hostname of the client not a leading prefix. If the hostname is really just a single label as in: ai. 14388 IN A 209.59.119.34 ai. 14388 IN MX 10 mail.offshore.ai. Then it can use HELO ai and will pass the reject_unknown_helo_hostname test. I think you get my question wrong. I don't want the TLD as hostname, I mean a hostname in a non-fqdn-format. So for example a mail server connects with: ehlo server1 but it should be: server1.mydomain.com I know the name should be fqdn, but we have the option reject_non_fqdn_helo_hostname to reject such hosts, if we want too. Postfix shouldn't negate the flag (from 1 to 0) so that the function res_search doesn't append the known domain-informations. But it is done in the above mentioned file, but why? BTW: I don't think the ai from you example will be resolved, because postfix will not ask the dns-server while there are no dots in the name. Regards Timo Schilling Whether TLDs as hosts or mail domains are a good idea, is not a discussion I want to repeat here, too badly bruised from the one just dying down on another list. Summary: FWIW, I believe that ICANN's gTLD expansion is a terrible, perhaps even irresponsible idea, and the changes in RFC 5321 to support localp...@tld email addresses is not well thought out. I hope such addresses never come into serious use. The folks arguing stridently against me also think ICANNs policy is a bad idea, but believe that progress in this direction is inevitable, and that it is OK to implement unreliable behaviour provided it is right most of the time, and so want to see localp...@tld work when the TLD is known to exist, and to be treated as a local partial name otherwise. This have your cake and eat it requirement has no reliable implementation that does the right thing when DNS lookups tempfail. It also has no sensible implementation in disconnected environments, ... The above is just for the record. I *really* don't want to start a discussion of the merits here. Time will tell whether Postfix needs to adapt to a world with mail-enabled TLD domains and/or hosts.
Any improvement suggestions for main.cf + master.cf ?
Hi postfix profis, I'm running postfix 2.1.5-9 for several domains. Of course it handles the workload with ease, but when I tail the mail.log the screen scrolls constantly as it's just rejecting spam every second. The good thing is that all these accesses are rejected, and logged. Also good is that postfix seems to do most of the rejecting before handing off to amavis-new, for example, so the CPU is used fairly efficiently I suspect. The bad thing is that this still seems as though this amount of data processing must surely be excessive for just a couple of domains, and and I'm wondering if I can reduce that overhead any more. I've attached my main and master cf's and a few hundred lines of mail.log output which shows less than one minutes worth of logging, with the vain hope that someone might have some constructive criticisms to offer with which to improve this setup. Thanks in advance for any (helpful ;) comments. -- Richard Foley Ciao - shorter than aufwiedersehen http://www.rfi.net/ # See /usr/share/postfix/main.cf.dist for a commented, more complete version # # postfix config - postfix reload # smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no append_at_myorigin = no # Uncomment the next line to generate delayed mail warnings #delay_warning_time = 4h myhostname = blix.rfi.net mydomain = rfi.net # alias_maps = pcre:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases alias_database = alias_maps myorigin = /etc/mailname mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost relayhost = mynetworks = 127.0.0.0/8, 195.10.223.184 mailbox_size_limit = 0 home_mailbox = mbox # mailbox_command = mailbox_command = /usr/bin/procmail -t recipient_delimiter = + inet_interfaces = all # rfi virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains virtual_alias_maps = pcre:/etc/postfix/virtual_alias_maps # relay_domains = lists.nakedeurope.org # mailman # transport_maps = hash:/etc/postfix/transport # mailman_destination_recipient_limit = 1 # sasl smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # clamav + spamassassin # content_filter = smtp-amavis:[127.0.0.1]:10024 content_filter = amavisfeed:[127.0.0.1]:10024 # receive_override_options = no_address_mappings # http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt smtpd_helo_required = yes disable_vrfy_command = yes smtpd_delay_reject = yes parent_domain_matches_subdomains = smtpd_access_maps header_checks = pcre:/etc/postfix/header_checks # mime_header_checks = pcre:/etc/postfix/mime_header_checks # body_checks = pcre:/etc/postfix/body_checks smtpd_data_restrictions = reject_unauth_pipelining permit smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain reject_rhsbl_sender dsn.rfc-ignorant.org permit smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_non_fqdn_sender reject_unknown_sender_domain reject_unknown_recipient_domain permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_recipient_access pcre:/etc/postfix/recipient_checks reject_multi_recipient_bounce check_helo_access hash:/etc/postfix/helo_checks reject_non_fqdn_hostname reject_invalid_hostname check_sender_access hash:/etc/postfix/sender_checks check_client_access pcre:/etc/postfix/client_checks # reject_rbl_client cbl.abuseat.org # reject_rbl_client list.dsbl.org # reject_rbl_client sbl.spamhaus.org # reject_rbl_client pbl.spamhaus.org # NB. zen.spamhaus incorporates the CBL list from abuseat.org, as well as all # the zen.spamhaus.org SBL/XBL/PBL lists reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.njabl.org permit # # Postfix master process configuration file. Each logical line # describes how a Postfix daemon program should be run. # # A logical line starts with non-whitespace, non-comment text. # Empty lines and whitespace-only lines are ignored, as are comment # lines whose first non-whitespace character is a `#'. # A line that starts with whitespace continues a logical line. # # The fields that make up each line are described below. A - field # value requests that a default value be used for that field. # # Service: any name that is valid for the specified transport type # (the next
501 The first command in a session must be the HELO command
Hi, I have a strange problem with some email sessions. Postfix 2.5.2 is configured like email router. It receives emails from many sources and sends them to one destination. Each rules for mail routing are done by transport table. Everything works properly but sometimes some emails are bounced. Could you help me to find where the problem is. LOG: Jan 23 08:05:42 aaa.bbb.sk postfix/smtp[28591]: 08ECEA73CD: to=b...@ccc.ddd.sk, relay=ee.sk[10.10.10.101]:25, conn_use=2, delay=10, delays=10/0.03/0/0, dsn=5.0.0, status=bounced (host ee.sk[10.10.10.101] said: 501 The first command in a session must be the HELO command (in reply to MAIL FROM command)) SESSION: (C - postfix) (S - propietary SMTPD) C --- HELO aaa.bbb.sk S --- 250 Hello ccc.ddd.sk C --- MAIL FROM:sm...@ee.sk S --- 250 sm...@ee.sk Sender ok C --- RCPT TO:b...@ccc.ddd.sk S --- 250 b...@ccc.ddd.sk Recipient ok C --- DATA S --- 354 Start mail input; end with CRLF.CRLF C --- . S --- 250 Message accepted for delivery C --- RSET S --- 250 Reset state C --- MAIL FROM:j...@xx.sk S --- 501 The first command in a session must be the HELO command BR Peter --- Stavebna fakulta STU, Bratislava Faculty of Civil Engineering STU, Bratislava http://www.svf.stuba.sk
Re: Any improvement suggestions for main.cf + master.cf ?
On Fri, 2009-01-23 at 11:04 +0100, Richard Foley wrote: Hi postfix profis, I'm running postfix 2.1.5-9 for several domains. Of course it handles the workload with ease, but when I tail the mail.log the screen scrolls constantly as it's just rejecting spam every second. The good thing is that all these accesses are rejected, and logged. Also good is that postfix seems to do most of the rejecting before handing off to amavis-new, for example, so the CPU is used fairly efficiently I suspect. The bad thing is that this still seems as though this amount of data processing must surely be excessive for just a couple of domains, and and I'm wondering if I can reduce that overhead any more. I've attached my main and master cf's and a few hundred lines of mail.log output which shows less than one minutes worth of logging, with the vain hope that someone might have some constructive criticisms to offer with which to improve this setup. Thanks in advance for any (helpful ;) comments. If it isnt broken , dont fix it :-) If you are seeing a lot of reject lines ( because of spamhaus ? ). That is natural. We get upto 400k connections per hour on some of our postfix servers and postfix handles them all well. 80% get rejected. What are you trying to optimize ? Are you looking to upgrade your postfix (2.1x is old ) 1) Do you reject unknown users using check_recipient_access pcre:/etc/postfix/recipient_checks a hash map or a cdb map file may be better 2) smtpd_sender_restrictions seems to duplicate checks in smtpd_recipient_restrictions , so you may drop them 3)The smtpd_recipient_restrictions seems to have an unnecessary reject_unknown_recipient_domain, If you are rejecting unknown users
Re: Question re: config_directory setting
On 1/21/2009 8:46 AM, Charles Marcus wrote: I try to keep my postconf -n output clean/small by not explicitly setting anything that is not different from the default (postconf -d), and I just noticed that my postconf -n output contains the following: config_directory = /etc/postfix and this setting is the default (included in output of postconf -d), but this entry doesn't exist anywhere in my main.cf file: myhost ~ # grep config_directory /etc/postfix/main.cf #mynetworks = $config_directory/mynetworks # $config_directory/$process_name.$process_id.log sleep 5 myhost ~ # ? I guess this is a dumb/obvious question... I'll do some more googling... -- Best regards, Charles
Re: Confirm: home_mailbox not needed/used in this setup?
On 1/21/2009, Victor Duchovni (victor.ducho...@morganstanley.com) wrote: Your question cannot be answered based just on the data you have provided. Many thanks for the response Victor... I've been trying to digest it fully... I thought I had a good, basic understanding of the different address classes, but looks like I need to ... go back to class... ;) -- Best regards, Charles
Re: Postfix mail queue
On Thu, 2009-01-22 at 15:16 -0600, Noel Jones wrote: Martin Spinassi wrote: Hi list! I've been using postfix since a few weeks. I always used qmail before for mail servers, and I'm really impressed by postfix but there is something that I really miss... I use to use qmHandle -m'MAIL_ID' to see some mails that looks strange or not normal, but can't figure out if there is something similar in postfix or have to search it at the posfix path by myself. Google can't answer (yes it can, but I'm probably asking it wrong) if there is some kind of qmHandle for postfix. Is there something to read a specific mail using the id that appears at posqueue -p? What do you use for that task? Thanks! Cheers Martín I use postcat -q QUEUEID | less http://www.postfix.org/postcat.1.html Hey, that's what I was talking about! :D Thank you very much Noel! Reinaldo, I'll check korreio. I need to see if it's possible to do it remotely, I don't want to install X on a production server. Thanks for your support guys! Cheers. Martín
Re: Problem DNS-resolving single helo-hostnames
Schilling, Timo: Postfix shouldn't negate the flag (from 1 to 0) so that the function res_search doesn't append the known domain-informations. But it is done in the above mentioned file, but why? Because it makes no sense to append MY OWN DOMAIN to the hostname from a REMOTE client. Wietse
Re: remote_header_rewrite_domain ignored.
Guy: Hi, I added the following line to main.cf but the server name was still appended to an incomplete sender address. content_filter = smtp-amavis:[127.0.0.1]:10024 begin speculation You're appending it on return from the filter. end speculation Don't list the local machine as a local rewrite client. Wietse
Re: 501 The first command in a session must be the HELO command
Peter Micunek: Hi, I have a strange problem with some email sessions. Postfix 2.5.2 is configured like email router. It receives emails from many sources and sends them to one destination. Each rules for mail routing are done by transport table. Everything works properly but sometimes some emails are bounced. Could you help me to find where the problem is. LOG: Jan 23 08:05:42 aaa.bbb.sk postfix/smtp[28591]: 08ECEA73CD: to=b...@ccc.ddd.sk, relay=ee.sk[10.10.10.101]:25, conn_use=2, delay=10, delays=10/0.03/0/0, dsn=5.0.0, status=bounced (host ee.sk[10.10.10.101] said: 501 The first command in a session must be the HELO command (in reply to MAIL FROM command)) SESSION: (C - postfix) (S - propietary SMTPD) C --- HELO aaa.bbb.sk S --- 250 Hello ccc.ddd.sk C --- MAIL FROM:sm...@ee.sk S --- 250 sm...@ee.sk Sender ok C --- RCPT TO:b...@ccc.ddd.sk S --- 250 b...@ccc.ddd.sk Recipient ok C --- DATA S --- 354 Start mail input; end with CRLF.CRLF C --- . S --- 250 Message accepted for delivery C --- RSET S --- 250 Reset state C --- MAIL FROM:j...@xx.sk S --- 501 The first command in a session must be the HELO command Postfix sends HELO. Why are you sending this question to the Postfix list? Wietse
Re: Any improvement suggestions for main.cf + master.cf ?
On Friday 23 January 2009 11:32:04 ram wrote: On Fri, 2009-01-23 at 11:04 +0100, Richard Foley wrote: Hi postfix profis, I'm running postfix 2.1.5-9 If it isnt broken , dont fix it :-) Sage advice :-) If you are seeing a lot of reject lines ( because of spamhaus ? ). That is natural. We get upto 400k connections per hour on some of our postfix servers and postfix handles them all well. 80% get rejected. Yep, I think postfix is doing a fine job, and I've RTFM'd quite a bit as well and read this list (not back2back...), and I'm happy to see the rejects. I was just wondering if I was doing anything obviously inefficient, given that I'm not an expert postfix admin. I realise it's a bit of a 'how long is a piece of string' question, because there's almost always some room for improvement... What are you trying to optimize ? Are you looking to upgrade your postfix (2.1x is old ) Upgrade is imminent. 1) Do you reject unknown users using check_recipient_access pcre:/etc/postfix/recipient_checks a hash map or a cdb map file may be better This file is very minimal: /^\@/ 550 invalid address /[...@].*\@/550 weird addresses 2) smtpd_sender_restrictions seems to duplicate checks in smtpd_recipient_restrictions , so you may drop them Ah, well spotted. 3)The smtpd_recipient_restrictions seems to have an unnecessary reject_unknown_recipient_domain, If you are rejecting unknown users Ok. Thanks for your feedback. -- Richard Foley Ciao - shorter than aufwiedersehen http://www.rfi.net/
Re: Problem DNS-resolving single helo-hostnames
Wietse Venema wrote: Schilling, Timo: Postfix shouldn't negate the flag (from 1 to 0) so that the function res_search doesn't append the known domain-informations. But it is done in the above mentioned file, but why? Because it makes no sense to append MY OWN DOMAIN to the hostname from a REMOTE client. Wietse Yes thats true, if the postfix-server is connected to the internet. In our case we use the server only for internal mail-communication, so that the remote-domain matches MY OWN DOMAIN. Regards Timo Schilling
No filters for authenticated users
Hi all, I want to the authenticated users (who are authenticated using SASL2 and SQL backend) don't pass to several filters detailed in master.cf file; on the other hand, I want to still using the same filter for all the remain world. My first thought has been to create another smtpd daemon in master.cf which uses other port, and not put any filter on it. ¿Another approach to this issue? -- Thanks, Jordi Espasa Clofent
Re: No filters for authenticated users
* Jordi Espasa Clofent jespa...@minibofh.org: Hi all, I want to the authenticated users (who are authenticated using SASL2 and SQL backend) don't pass to several filters detailed in master.cf file; on the other hand, I want to still using the same filter for all the remain world. My first thought has been to create another smtpd daemon in master.cf which uses other port, and not put any filter on it. ¿Another approach to this issue? Use a policy service and send everything that does not have a sasl_username to your filter. p...@rick -- The Book of Postfix http://www.postfix-book.com saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
Re: Problem DNS-resolving single helo-hostnames
Schilling, Timo: Wietse Venema wrote: Schilling, Timo: Postfix shouldn't negate the flag (from 1 to 0) so that the function res_search doesn't append the known domain-informations. But it is done in the above mentioned file, but why? Because it makes no sense to append MY OWN DOMAIN to the hostname from a REMOTE client. Wietse Yes thats true, if the postfix-server is connected to the internet. In our case we use the server only for internal mail-communication, so that the remote-domain matches MY OWN DOMAIN. If you use only internal communication, then I see no justification for using an uncooperative server configuration. This is a polite version of what I wanted to write. Wietse
Re: 501 The first command in a session must be the HELO command
Zitat von Wietse Venema wie...@porcupine.org: Peter Micunek: Hi, I have a strange problem with some email sessions. Postfix 2.5.2 is configured like email router. It receives emails from many sources and sends them to one destination. Each rules for mail routing are done by transport table. Everything works properly but sometimes some emails are bounced. Could you help me to find where the problem is. LOG: Jan 23 08:05:42 aaa.bbb.sk postfix/smtp[28591]: 08ECEA73CD: to=b...@ccc.ddd.sk, relay=ee.sk[10.10.10.101]:25, conn_use=2, delay=10, delays=10/0.03/0/0, dsn=5.0.0, status=bounced (host ee.sk[10.10.10.101] said: 501 The first command in a session must be the HELO command (in reply to MAIL FROM command)) SESSION: (C - postfix) (S - propietary SMTPD) C --- HELO aaa.bbb.sk S --- 250 Hello ccc.ddd.sk C --- MAIL FROM:sm...@ee.sk S --- 250 sm...@ee.sk Sender ok C --- RCPT TO:b...@ccc.ddd.sk S --- 250 b...@ccc.ddd.sk Recipient ok C --- DATA S --- 354 Start mail input; end with CRLF.CRLF C --- . S --- 250 Message accepted for delivery C --- RSET S --- 250 Reset state C --- MAIL FROM:j...@xx.sk S --- 501 The first command in a session must be the HELO command Postfix sends HELO. Why are you sending this question to the Postfix list? Wietse Seams the receiving side is broken regarding connection reuse? Regards Andreas
Feature request
As older postfix installations have a fallback_relay variable and newer installations have a smtp_fallback_relay, i wanted to use postconf to check, which version is supported. Usally, i would expect a program to return with a non-zero exit-code at such a failure: r...@localhost# postconf fallback_relay postconf: warning: fallback_relay: unknown parameter r...@localhost## echo $? 0 So, any chance of getting a non-zero return code for errors like unknown parameter? Would be great for scripting ...
To [ and ] or not to [ and ] in relayhost entries ...
Hello, i read the documentation about the usage of [ and ] in relayhost entries ... I still not quite sure what happens or not happens when using an IP with or without such signs... relayhost = 1.2.3.4 may use MX records from DNS? What if there is no nameserver configured? Will there be any timeouts? relayhost = [1.2.3.4] may not use MX records from DNS? What if there is no nameserver configured? Will there be any timeouts? The same goes for FQHNs ... So, does anybody know what technically is the difference between the use with and without the signs? I mean, what network things may happen or not happen?
Re: No filters for authenticated users
Jordi Espasa Clofent wrote: Hi all, I want to the authenticated users (who are authenticated using SASL2 and SQL backend) don't pass to several filters detailed in master.cf file; on the other hand, I want to still using the same filter for all the remain world. My first thought has been to create another smtpd daemon in master.cf which uses other port, and not put any filter on it. Yes, the submission port is reserved for this purpose and supported by most mail clients. ¿Another approach to this issue? You can use something like: # content_filter is NOT set smtpd_sender_restrictions = permit_sasl_authenticated permit_mynetworks check_client_access regexp:/etc/postfix/set_filter # contents of set_filter /^/ FILTER smtp:[some.ip.addr.ess]:PORT -- Noel Jones
Re: Problem DNS-resolving single helo-hostnames
Schilling, Timo wrote: Wietse Venema wrote: Schilling, Timo: Postfix shouldn't negate the flag (from 1 to 0) so that the function res_search doesn't append the known domain-informations. But it is done in the above mentioned file, but why? Because it makes no sense to append MY OWN DOMAIN to the hostname from a REMOTE client. Wietse Yes thats true, if the postfix-server is connected to the internet. In our case we use the server only for internal mail-communication, so that the remote-domain matches MY OWN DOMAIN. Regards Timo Schilling Why on earth would you check the HELO name of local clients? Many user mail programs will send junk HELO names; it's nearly universal practice to exclude local and/or authenticated clients from such checks. -- Noel Jones
Re: Any improvement suggestions for main.cf + master.cf ?
Richard Foley wrote: This file is very minimal: /^\@/ 550 invalid address /[...@].*\@/550 weird addresses Don't escape @ in postfix regular expressions. Don't escape characters inside [ ] classes. /^@/550 invalid address /[...@].*@/ 550 weird addresses -- Noel Jones
Re: 501 The first command in a session must be the HELO command
Peter Micunek wrote: Hi, I have a strange problem with some email sessions. Postfix 2.5.2 is configured like email router. It receives emails from many sources and sends them to one destination. Each rules for mail routing are done by transport table. Everything works properly but sometimes some emails are bounced. Could you help me to find where the problem is. LOG: Jan 23 08:05:42 aaa.bbb.sk postfix/smtp[28591]: 08ECEA73CD: to=b...@ccc.ddd.sk, relay=ee.sk[10.10.10.101]:25, conn_use=2, delay=10, delays=10/0.03/0/0, dsn=5.0.0, status=bounced (host ee.sk[10.10.10.101] said: 501 The first command in a session must be the HELO command (in reply to MAIL FROM command)) SESSION: (C - postfix) (S - propietary SMTPD) C --- HELO aaa.bbb.sk S --- 250 Hello ccc.ddd.sk C --- MAIL FROM:sm...@ee.sk S --- 250 sm...@ee.sk Sender ok C --- RCPT TO:b...@ccc.ddd.sk S --- 250 b...@ccc.ddd.sk Recipient ok C --- DATA S --- 354 Start mail input; end with CRLF.CRLF C --- . S --- 250 Message accepted for delivery C --- RSET S --- 250 Reset state C --- MAIL FROM:j...@xx.sk S --- 501 The first command in a session must be the HELO command BR Peter The S server doesn't speak SMTP. You can work around this error by setting in postfix main.cf smtp_connection_cache_on_demand = no -- Noel Jones
Re: Blocking account from sending (Still not working)
Bill Loy wrote: After adding the lines smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders smtpd_restriction_classes = local_only local_only = check_recipient_access hash:/etc/postfix/local_domains, reject to the file /etc/postfix/main.cf: the server sill not allow anyone to send, but when I remove the smtpd like the servers allows sending Any ideas? Welcome to postfix! To debug problems using postfix, please see: http://www.postfix.org/DEBUG_README.html When requesting help from this list, please see: http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones
Re: Blocking account from sending (Still not working)
Noel Jones wrote: Bill Loy wrote: After adding the lines smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders smtpd_restriction_classes = local_only local_only = check_recipient_access hash:/etc/postfix/local_domains, reject to the file /etc/postfix/main.cf: the server sill not allow anyone to send, but when I remove the smtpd like the servers allows sending Any ideas? Welcome to postfix! To debug problems using postfix, please see: http://www.postfix.org/DEBUG_README.html When requesting help from this list, please see: http://www.postfix.org/DEBUG_README.html#mail My wild guess is that you need to put this under smtpd_sender_restrictions rather than smtpd_recipient_restrictions, but we need a more complete description of what you've done and what's not working and the errors logged by postfix. -- Noel Jones
Blocking Phishing emails
Hello, I know this is not specifically a postfix question, but I know there are a lot of very knowledgeable people on this list. I'm wondering what success others have had blocking Phishing emails? We can block them using header/body checks, but one is always playing catch up. It's a game you can never win. Is anyone using ClamAV with Postfix with the phishing filters? Are they effective? Does anyone know of any other service offering Phishing signatures that one can employ? Are there any other tools/strategies that people are using to tackle this? Thanks, Paul
Re: Blocking Phishing emails
Paul Reilly wrote: Hello, I know this is not specifically a postfix question, but I know there are a lot of very knowledgeable people on this list. I'm wondering what success others have had blocking Phishing emails? We can block them using header/body checks, but one is always playing catch up. It's a game you can never win. Is anyone using ClamAV with Postfix with the phishing filters? Are they effective? Yes, clamav is pretty effective against phish, although the heustric anti-phishing feature is somewhat more prone to false positives than the signature-based detection. Effectiveness goes up considerably if you also use the unofficial Sanesecurity add-on signatures. Does anyone know of any other service offering Phishing signatures that one can employ? SpamAssassin also does a fairly good job of detecting phish, especially if you use the add-on SOUGHT rule set. Are there any other tools/strategies that people are using to tackle this? reject_unknown_reverse_client_hostname reject_rbl_client zen.spamhaus.org {a greylisting policy service} YMMV. -- Noel Jones
RE: Blocking Phishing emails
Is anyone using ClamAV with Postfix with the phishing filters? Are they effective? Does anyone know of any other service offering Phishing signatures that one can employ? SaneSecurity (they're back) is providing ClamAV signatures for spam, phishing, etc. Rsync scripts are available to download the signatures to your server and install them automatically. You can give them a try: http://www.sanesecurity.com/ Rob
Postfix multi-instance support ready for testing
Postfix snapshot 20090123 provides support for managing multiple Postfix instances. It was designed, implemented and documented during this week (implementation taking about 1/6 of that time). Citing from the RELEASE_NOTES: This can automatically apply your postfix start etc. command to multiple Postfix instances, including upgrades to new Postfix versions. Multi-instance support allows you to do the following and more: - Simplify post-queue content filter configuration by using separate Postfix instances before and after the filter. This simplifies trouble shooting and performance tuning. - Implement per-user content filters (or no filter) via transport map lookups instead of content_filter settings. Mail for some users can be sent directly from the before-filter instance to the after-filter instance. - Test new configuration settings (on a different server IP address or TCP port) without disturbing production instances. - Each additional Postfix instance uses a few files and directories, plus memory for an extra master daemon and queue manager. The pickup daemon is needed only if you use local submission or postsuper -r. Best of all, nothing changes when you use only one Postfix instance. The postfix-wrapper script (in the daemon directory) implements a simple but useful multi-instance manager, with instructions. The plug-in API itself is described in the postfix-wrapper(5) manpage. A more sophisticated multi-instance manager called postmulti(1) is approaching completion. A prototype version has been used internally at Morgan Stanley. This version will be adapted to the new plug-in API which makes some simplification possible. Wietse
forged outlook html
X-Spam-Status: No, score=2.797 tagged_above=2 required=5 tests=[BAYES_00=-2.599, FORGED_MUA_OUTLOOK=3.116, FORGED_OUTLOOK_HTML=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, MSOE_MID_WRONG_CASE=0.82, NORMAL_HTTP_TO_IP=0.001] the above header details are of a message which was a spam; what does this 'forged' mean? this passed amavisd on postfix relay help appreciated thanks
Re: forged outlook html
On 1/23/2009 11:33 AM, bharathan kailath wrote: X-Spam-Status: No, score=2.797 tagged_above=2 required=5 tests=[BAYES_00=-2.599, FORGED_MUA_OUTLOOK=3.116, FORGED_OUTLOOK_HTML=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, MSOE_MID_WRONG_CASE=0.82, NORMAL_HTTP_TO_IP=0.001] the above header details are of a message which was a spam; what does this 'forged' mean? this passed amavisd on postfix relay help appreciated Wrong list... ask on the spamassassin and/or amavisd lists... -- Best regards, Charles
MAILER-DAEMON question
Hi all, We are using Postfix and I have a little question. When I send an e-mail to a bad external address (example: jdhfjdfjdhfjdhfj...@yahoo.com), my SMTP gateway send me an error message from mailer-dea...@mydomain.com because the target address doesn't exist. Question: Do you know where I can change mydomain.com (after the MAILER-DAEMON@) ? Best Regards, (Sorry for my bad English) Luís Esteves This e-mail transmission (message and any attached files) may contain information that is proprietary, privileged and/or confidential to Veolia Environnement and/or its affiliates and is intended exclusively for the person(s) to whom it is addressed. If you are not the intended recipient, please notify the sender by return e-mail and delete all copies of this e-mail, including all attachments. Unless expressly authorized, any use, disclosure, publication, retransmission or dissemination of this e-mail and/or of its attachments is strictly prohibited. Ce message electronique et ses fichiers attaches sont strictement confidentiels et peuvent contenir des elements dont Veolia Environnement et/ou l'une de ses entites affiliees sont proprietaires. Ils sont donc destines a l'usage de leurs seuls destinataires. Si vous avez recu ce message par erreur, merci de le retourner a son emetteur et de le detruire ainsi que toutes les pieces attachees. L'utilisation, la divulgation, la publication, la distribution, ou la reproduction non expressement autorisees de ce message et de ses pieces attachees sont interdites.
Re: MAILER-DAEMON question
ESTEVES, Luis: When I send an e-mail to a bad external address (example: jdhfjdfjdhfjdhfj...@yahoo.com), my SMTP gateway send me an error message from mailer-dea...@mydomain.com because the target address doesn't exist. Question: Do you know where I can change mydomain.com (after the MAILER-DAEMON@) ? See: http://www.postfix.org/BASIC_CONFIGURATION_README.html#myorigin This document also has other useful information. Wietse
Re: speeding dkim filtering
Hi, The incoming queue was big and increased continually ( from 2000 to up to 5 messages) The active queue was full. The traffic was not to too heavy ( 5,000- messages per 10 minutes). Trivial-rewrite is using LDAP lookups (locally) to route messages. System CPU, disk or network were NOT starved. The qmgr was getting enough CPU, RAM (i do not know for disk I/O inputs). What I also noticed is a lot of qmgr error log lines: Jan 19 08:01:41 fe2 postfix/qmgr[9644]: 5DF7D12AAF4: to=s...@foo.org, relay=none, delay=4825, delays=4825/0.11/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: Connection refused) and also cleanup error log lines: Jan 19 00:19:22 fe2 postfix/cleanup[22033]: 17A48126FA4: milter-reject: END-OF-MESSAGE from srv[a.b.c.d]: 4.7.1 Service unavailable - try again later; from=i...@foo.com to=a...@foo.org proto=SMTP helo=foo.com and also Kernel logs warnings (kernel: VFS: file-max limit 16384 reached) Can you explain the qmgr log I had (qmgr wants to connect to what at 127.0.0.1 ?) ? Can you explain the cleanup log I had (why milter-reject in a cleanup log line ? while milter uses the smtpd daemon = smtpd_milters = inet:localhost:10030 ) ? Finally I increased the sys file-max parameter to 32768 and things went back to a normal situation. Any similar cases ?(I looked at Postfix archives but without success) Thank you. Alain - Original Message - From: test Victor Duchovni victor.ducho...@morganstanley.com Date: Tuesday, January 20, 2009 8:14 pm Subject: Re: speeding dkim filtering To: postfix-users@postfix.org On Tue, Jan 20, 2009 at 07:25:20PM +0100, postfix wrote: I have milter/dkim filter installed on a rhel4 linux server. I noticed a delay between dkim-filter and qmgr processes when the traffic becomes important. Jan 20 12:35:04 fe2 dkim-filter[3380]: 9E463127A68 DKIM-Signature header added Jan 20 12:43:14 fe2 postfix/qmgr[20888]: 9E463127A68: from=jairo.ab...@foo.com, size=11787, nrcpt=1 Is it possible to speed up dkim filter? It is not clear that the delay you are reporting is the result of the DKIM milter. How big is your incoming queue? Is your system CPU, disk or network starved? The queue manager serially imports mail from the incoming queue. Messagesare elgible for import as soon as cleanup processing is complete. What we don't know here is when cleanup (including milter) processing completed.We also don't know whether trivial-rewrite is using any high-latency lookup tables, whether the queue manager is not getting enough CPU or disk I/O, whether the active queue is full, ... You need to identify the cause of the delay first. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
something+em...@example.com
Can anyone tell me what the formal name of the email technique of placing something + a delimiter + your email is? I can't seem to remember... hose
Re: speeding dkim filtering
On Fri, Jan 23, 2009 at 07:24:08PM +0100, postfix wrote: The incoming queue was big and increased continually ( from 2000 to up to 5 messages) Symptom. The active queue was full. Cause. The traffic was not to too heavy ( 5,000- messages per 10 minutes). Trivial-rewrite is using LDAP lookups (locally) to route messages. Potential problem if LDAP lookup latency is high, because this kills queue-manager throughput, and there is only one queue manager. System CPU, disk or network were NOT starved. The qmgr was getting enough CPU, RAM (i do not know for disk I/O inputs). Yes, but what about latency? How quick are those LDAP lookups? Jan 19 08:01:41 fe2 postfix/qmgr[9644]: 5DF7D12AAF4: to=s...@foo.org, relay=none, delay=4825, delays=4825/0.11/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: Connection refused) Well, you have a content filter that is unresponsive. What is it? Jan 19 00:19:22 fe2 postfix/cleanup[22033]: 17A48126FA4: milter-reject: END-OF-MESSAGE from srv[a.b.c.d]: 4.7.1 Service unavailable - try again later; from=i...@foo.com to=a...@foo.org proto=SMTP helo=foo.com Well, your milter is broken. Is this pre-filter mail or after filter re-injection. and also Kernel logs warnings (kernel: VFS: file-max limit 16384 reached) That's really bad, your process limits, ... are too large for the kernel's default resource limits (16K descriptors is way too low for a modern server, you should raise those unless running with very low RAM). Can you explain the qmgr log I had (qmgr wants to connect to what at 127.0.0.1 ?) ? Can you explain the cleanup log I had (why milter-reject in a cleanup log line ? while milter uses the smtpd daemon = smtpd_milters = inet:localhost:10030 ) ? Finally I increased the sys file-max parameter to 32768 and things went back to a normal situation. Your system is hosed in multiple ways. I can't help with quite this much breakage. You need on site help, or someone very patient with a lot of time who can help you off list. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Feature request
Thomas Ackermann a écrit : As older postfix installations have a fallback_relay variable and newer installations have a smtp_fallback_relay, i wanted to use postconf to check, which version is supported. Usally, i would expect a program to return with a non-zero exit-code at such a failure: r...@localhost# postconf fallback_relay postconf: warning: fallback_relay: unknown parameter r...@localhost## echo $? 0 So, any chance of getting a non-zero return code for errors like unknown parameter? Would be great for scripting ... check_parameter() { postconf $1 21 | grep -vq unknown parameter return $? } or check_parameter() { postconf $1 2/dev/null | grep -q = return $? }
Re: How to reject mispelled recipient domain
christopher andrews a écrit : I was reading this subject and I was wondering, if you thought about what would happen if you compile a list of misspelled domains and denied them instantly and the user mint to send it to one of those domains. I'm saying this because what you may think is misspelled domain maybe a real domain that user is sending a e-mail to. There are lot domains out there are taken, so many people use domains that are spelled close to the one that was taken. and there's another problem: if the user sends to multiple recipients, and one gets rejected, MUA errors are sometimes (most of the time?) unclear: he will wonder if he should resend to all or only to the mistyped address.
Re: something+em...@example.com
On Fri, Jan 23, 2009 at 02:37:55PM -0500, Charles Marcus wrote: On 1/23/2009, hose (h...@bluemaggottowel.com) wrote: Can anyone tell me what the formal name of the email technique of placing something + a delimiter + your email is? I can't seem to remember... Are you talking about 'plus-addressing'? The postfix terms of art are: - recipient delimiter, the + or sometimes - (...) character that separates the base address from the address: - extension, the rest of the address localpart between the delimiter and the domain. These are often used with the envelope sender address in VERP to facilitate bounce processing in bulk mailings. Another use it to help sort mail for a recipient into various folders by giving different senders different mail address extensions to use when sending mail to the same person. These were a key feature of the CMU Cyrus mail system. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Zone record set up
Kevin Bailey a écrit : Hi Guys, Just a question RE setting up the DNS zone record correctly for a mail server. I have a couple of setups which work but have just copied one and I'm getting the following response. j.gilb...@watercooledsurf.com: Host or domain name not found. Name service error for name=watercooledsurf.com type=A: Host found but no data record of requested type One zone I have is set up as ; Zone: grosvenorchambers.co.uk ; Generated: Fri Jan 23 14:53:53 2009 ; @ IN SOA ns0.dnsmaster.net. hostmaster.dnsmaster.net. ( 2008110301 43200 1800 604000 86400 ) IN NS ns1.dnsmaster.net. IN NS ns2.dnsmaster.net. IN NS ns3.dnsmaster.net. grosvenorchambers.co.uk. IN MX 10 mail2.freewayprojects.com. ftp IN CNAME ftp2.freewayprojects.com. mailIN CNAME mail2.freewayprojects.com. smtpIN CNAME smtp2.freewayprojects.com. webmail IN CNAME webmail2.freewayprojects.com. www IN CNAME web2.freewayprojects.com. And another is set up as ; Zone: firetecworld.com ; Generated: Fri Jan 23 14:54:29 2009 ; @ IN SOA ns0.dnsmaster.net. hostmaster.dnsmaster.net. ( 2008081001 43200 1800 604800 86400 ) IN NS ns1.dnsmaster.net. IN NS ns2.dnsmaster.net. IN NS ns3.dnsmaster.net. IN MX 10 mail.firetecworld.com. IN A 212.84.168.98 ftp IN CNAME ftp2.freewayprojects.com. mailIN CNAME mail2.freewayprojects.com. smtpIN CNAME smtp2.freewayprojects.com. webmail IN CNAME webmail2.freewayprojects.com. www IN CNAME web2.freewayprojects.com. wrong. the MX should not be a cname. see http://www.rfc-ignorant.org/policy-bogusmx.php use IN MC 10 mail2.freewayprojects.com. instead. In both cases I am trying to keep them set up so that if the main server fails I can then repoint mail2.freewayprojects.com, smtp2.freewayprojects.com, web2.freewayprojects.com etc to the secondary/backup server and the service will continue. I.e. I won't have to change all the clients DNS records - just the *2.freewayprojects.com IP addresses. I tried initially to copy the first one. What is the best/canonical way for setting up DNS reocrds? We have www happily CNAME'd to the web server address. Similarly for mail, ftp, smtp, webmail etc. The mail should just need an MX record. Does the mail need an 'A' record of some sort? yes, use A records instead of CNAME. you can generate the zone file using a script.
Re: Zone record set up
On Fri, Jan 23, 2009 at 08:53:21PM +0100, mouss wrote: wrong. the MX should not be a cname. see http://www.rfc-ignorant.org/policy-bogusmx.php use IN MC 10 mail2.freewayprojects.com. This requirement was relaxed in RFC 2821. It is OK (though still better not to if not necessary) to use CNAMES. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: something+em...@example.com
On 1/23/2009, Victor Duchovni (victor.ducho...@morganstanley.com) wrote: - recipient delimiter, the + or sometimes - (...) character that separates the base address from the address: - extension, the rest of the address localpart between the delimiter and the domain. These are often used with the envelope sender address in VERP to facilitate bounce processing in bulk mailings. Another use it to help sort mail for a recipient into various folders by giving different senders different mail address extensions to use when sending mail to the same person. These were a key feature of the CMU Cyrus mail system. I'd love to see support for multiple delimeter characters... Also, gmail supports plus-addressing, as well as something else very unique... you can add a '.' anywhere in the local part of your address, and it is delivered as if the '.' wasn't there. This can be used in all sorts of creative ways, ie, use a different form for different purposes, then filter on that... Then, if you start getting spammed from somewhere to one of these, you'll know where it came from - and, be able to filter it... -- Best regards, Charles
can't authenticate to gmail: CAPTCHA needed
I have a voip server that receives faxes in a tif file. I use fax2email to convert the tif to a pdf and send it as an attachment over postfix. My isp blocks port 22, so I've setup a gmail account to use as a relay. That generally works. But, every once in a while, authentication fails. When I try to log in over the web, gmail requires not just userword and password, but also a CAPTCHA. That's obviously why postfix authentication won't work. I've unlocked the CAPTCHA, so the gmail account works now. Anybody know why the gmail account required the CAPTCHA? How can I keep it from happening again? The account is only used by postfix for this purpose. Is there some postfix magic I'm missing? sean
Postfix - Blackberry
I don't currently own a blackberry, but am thinking about getting one (the Obama effect). A friend who works in the Cellphone business has warned me that if I just setup the BB to go get my email from my postfix server this will treated as internet data, whereas if I can interface postfix - BB then the data transfer is treated as email, different and lower tariff. Does anybody know if and how such synchronization might be achieved. TIA JLA
Re: Postfix - Blackberry
postmas...@klam.ca escreveu: I don't currently own a blackberry, but am thinking about getting one (the Obama effect). A friend who works in the Cellphone business has warned me that if I just setup the BB to go get my email from my postfix server this will treated as internet data, whereas if I can interface postfix - BB then the data transfer is treated as email, different and lower tariff. Does anybody know if and how such synchronization might be achieved. as far as i know, blackberry platform works only with MS Exchange. And it requires you to install some software with will be the Blackberry-MS Exchange gateway . i dont know if blackberry gateway works with another platform . -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: Postfix - Blackberry
postmas...@klam.ca ha scritto: I don't currently own a blackberry, but am thinking about getting one (the Obama effect). A friend who works in the Cellphone business has warned me that if I just setup the BB to go get my email from my postfix server this will treated as internet data, whereas if I can interface postfix - BB then the data transfer is treated as email, different and lower tariff. Does anybody know if and how such synchronization might be achieved. TIA JLA You would have to install a bes server, that, as far as i know, runs only on windows servers. Hth. Cheers, Dario subbia Cavallaro
Re: can't authenticate to gmail: CAPTCHA needed
Victor Duchovni wrote: On Fri, Jan 23, 2009 at 04:09:07PM -0500, sean darcy wrote: I have a voip server that receives faxes in a tif file. I use fax2email to convert the tif to a pdf and send it as an attachment over postfix. My isp blocks port 22, so I've setup a gmail account to use as a relay. That generally works. But, every once in a while, authentication fails. When I try to log in over the web, gmail requires not just userword and password, but also a CAPTCHA. That's obviously why postfix authentication won't work. I've unlocked the CAPTCHA, so the gmail account works now. Anybody know why the gmail account required the CAPTCHA? How can I keep it from happening again? The account is only used by postfix for this purpose. Is there some postfix magic I'm missing? Using a stronger (as deemd by Gmail) password may help, but they probably have abuse heuristics that trigger re-CAPTCHA of accounts that appear compromised. Sending high volumes of mail via automation (non-personal use) may fairly reliably trigger this. Gmail is not a submission service for MTAs handling something other than mail composed (infrequently) by humans. We probably email 3-5 faxes a day, never more than 10, so it's hardly high volume. In any event, how can gmail know it's not me at the command line? I will try a scarier password. sean
Re: can't authenticate to gmail: CAPTCHA needed
Victor Duchovni: On Fri, Jan 23, 2009 at 04:09:07PM -0500, sean darcy wrote: I have a voip server that receives faxes in a tif file. I use fax2email to convert the tif to a pdf and send it as an attachment over postfix. My isp blocks port 22, so I've setup a gmail account to use as a relay. That generally works. But, every once in a while, authentication fails. When I try to log in over the web, gmail requires not just userword and password, but also a CAPTCHA. That's obviously why postfix authentication won't work. I've unlocked the CAPTCHA, so the gmail account works now. Anybody know why the gmail account required the CAPTCHA? How can I keep it from happening again? The account is only used by postfix for this purpose. Is there some postfix magic I'm missing? Using a stronger (as deemd by Gmail) password may help, but they probably have abuse heuristics that trigger re-CAPTCHA of accounts that appear compromised. Sending high volumes of mail via automation (non-personal use) may fairly reliably trigger this. Gmail is not a submission service for MTAs handling something other than mail composed (infrequently) by humans. When transaction rates are a problem, it may help to insert delays. main.cf: default_transport = smtp relay_transport = smtp smtp_destination_rate_delay = 60s Requires Postfix 2.5 or later. Wietse
Re: Postfix - Blackberry
postmas...@klam.ca wrote: I don't currently own a blackberry, but am thinking about getting one (the Obama effect). A friend who works in the Cellphone business has warned me that if I just setup the BB to go get my email from my postfix server this will treated as internet data, whereas if I can interface postfix - BB then the data transfer is treated as email, different and lower tariff. Does anybody know if and how such synchronization might be achieved. there are basically two options synchronizing your BB device: * use blackberry internet service (BIS) typically a telephony provider specifiy microsite on blackberry.com, allows you to configure IMAP, POP3 and SMTP (= postfix) servers. The easy (and cheapest) way. * use blackberry enterprise service (BES) you have to install a dedicated server component, interfacing with either exchange or lotus notes, entirely windows based. The difficult (and expensive) way. But to be honest: just don't do it. In terms of supporting open standards, even an iPhone or windows mobile based devices are ways better, IMHO. From a postfix side there is nothing special about it, so this is quite out of scope for this ML. -- Udo Rader, CTO http://www.bestsolution.at
OT Re: Postfix - Blackberry
postmas...@klam.ca wrote: I don't currently own a blackberry, but am thinking about getting one (the Obama effect). A friend who works in the Cellphone business has warned me that if I just setup the BB to go get my email from my postfix server this will treated as internet data, whereas if I can interface postfix - BB then the data transfer is treated as email, different and lower tariff. Does anybody know if and how such synchronization might be achieved. This is not a Postfix question, but... To integrate a BB into an enterprise requires RIMs back-end enterprise-server solution which I understand goes well beyond just email. Traditional carriers selling to the public (non-enterprise users) typically use RIM's servers in a couple ways. First, you can use a Blackberry email address. In the case, for example, of T-Mobile, you can create a Blackberry email account which looks like your.email.addr...@tmo.blackberry.net (where I believe the tmo is for T-Mobile users and would change for other carriers). Email to this address is typically delivered virtually instantly. Second, T-Mobile lets you set up several additional email addresses and I imagine other carriers are similar. For these addresses, RIM's servers try to POP (I don't know if IMAP is supported) messages from your server something like every 15 minutes but it starts looking every three minutes or so if there is activity on that account. Outbound messages have your from address but are sent from their server. So other than, perhaps, aliasing mail to your Blackberry, Postfix is not in the equation. Gmail is also an option. (Google has a number of good Blackberry apps including a pretty good version of Gmail as well as chat, maps and so on.) Just plan on buying the unlimited data plan if you get a BB, otherwise it will be pretty crippled. And forget about the Obama effect - there are plenty of other options. Get what works for you. Cheers, Steve
Re: Feature request
mouss wrote: check_parameter() { postconf $1 21 | grep -vq unknown parameter return $? } or check_parameter() { postconf $1 2/dev/null | grep -q = return $? } Then, you need an exit-code wrapper for grep too, it seems :) check_result() { RESULT=$( grep ${1} ${2} 2/dev/null ) [ ${RESULT} = ] return 1 return 0 } So, why not directly? Would be neat, great for functionality and just one line more of code
Re: To [ and ] or not to [ and ] in relayhost entries ...
Thomas Ackermann wrote: So, does anybody know what technically is the difference between the use with and without the signs? I mean, what network things may happen or not happen? Nobody knows the technical differences? :-(
Re: To [ and ] or not to [ and ] in relayhost entries ...
Thomas wrote: Thomas Ackermann wrote: So, does anybody know what technically is the difference between the use with and without the signs? I mean, what network things may happen or not happen? Nobody knows the technical differences? :-( ... more likely nobody cares, because postfix behavior is documented. When the relayhost is a hostname enclosed by [ ] brackets, postfix asks for an A record and does not ask for an MX record. If relayhost is an IP address enclosed by brackets, postfix uses that IP with no additional lookups. If realyhost is a hostname with no brackets, postfix will request an MX record, if no MX exists, postfix will then request an A record. If relayhost is an IP address with no brackets, postfix will request a PTR lookup to find the hostname, then request an MX lookup on that hostname. If no MX record exists, then an A record is requested for the hostname. Either the MX lookup or the A lookup may return a result different from the original bare IP; this is why you should always enclose a literal IP address relayhost in brackets. Actual lookups are performed by system libraries, not by postfix. -- Noel Jones
Re: To [ and ] or not to [ and ] in relayhost entries ...
On Sat, 24 Jan 2009, Thomas wrote: Thomas Ackermann wrote: So, does anybody know what technically is the difference between the use with and without the signs? I mean, what network things may happen or not happen? Nobody knows the technical differences? Care to take a look at the Postfix documentation? http://www.postfix.org/postconf.5.html#relayhost
Re: Postfix - Blackberry
Steve Crawford wrote: postmas...@klam.ca wrote: I don't currently own a blackberry, but am thinking about getting one (the Obama effect). A friend who works in the Cellphone business has warned me that if I just setup the BB to go get my email from my postfix server this will treated as internet data, whereas if I can interface postfix - BB then the data transfer is treated as email, different and lower tariff. Does anybody know if and how such synchronization might be achieved. This is not a Postfix question, but... To integrate a BB into an enterprise requires RIMs back-end enterprise-server solution which I understand goes well beyond just email. Traditional carriers selling to the public (non-enterprise users) typically use RIM's servers in a couple ways. First, you can use a Blackberry email address. In the case, for example, of T-Mobile, you can create a Blackberry email account which looks like your.email.addr...@tmo.blackberry.net (where I believe the tmo is for T-Mobile users and would change for other carriers). Email to this address is typically delivered virtually instantly. Second, T-Mobile lets you set up several additional email addresses and I imagine other carriers are similar. For these addresses, RIM's servers try to POP (I don't know if IMAP is supported) messages from your server something like every 15 minutes but it starts looking every three minutes or so if there is activity on that account. Outbound messages have your from address but are sent from their server. So other than, perhaps, aliasing mail to your Blackberry, Postfix is not in the equation. Gmail is also an option. (Google has a number of good Blackberry apps including a pretty good version of Gmail as well as chat, maps and so on.) Just plan on buying the unlimited data plan if you get a BB, otherwise it will be pretty crippled. And forget about the Obama effect - there are plenty of other options. Get what works for you. For Sony-Ericsson's Imap with email push, check that the phone supports email push. http://feetup.org/blog/mobile/Easy-Push.html http://branimir.com/blog/one-entry%3Fentry_id=701.html For sending email use SASL with Postfix.
Re: Feature request
J.P. Trosclair wrote: This is really off topic, but grep already returns a success and failure code based on if there were any matches which mouss's code uses from what I can tell. There's really no reason to look at grep's stdout, if it has a match the return code is 0, it doesn't it's != 0. $ echo foo | grep -q bar; echo $? 1 $ echo bar | grep -q bar; echo $? 0 Maybe I misunderstood what you're saying. Yes :D I wanted to say exactly this - it is quite handy to have a meaningfull exit-code - like with grep. And no, creating such wrappers is not realy the same ... Thanx ...
Re: To [ and ] or not to [ and ] in relayhost entries ...
Duane Hill wrote: Care to take a look at the Postfix documentation? http://www.postfix.org/postconf.5.html#relayhost As i wrote, i read the documentation i found - it was exactly this small entry about relayhost! The answer from Noel Jones contains quite some more and deeper information - i did not find it so far, but it shows that there IS more information :)
Re: To [ and ] or not to [ and ] in relayhost entries ...
Noel Jones wrote: ... more likely nobody cares, because postfix behavior is documented. When the relayhost is a hostname enclosed by [ ] brackets, postfix asks for an A record and does not ask for an MX record. If relayhost is an IP address enclosed by brackets, postfix uses that IP with no additional lookups. If realyhost is a hostname with no brackets, postfix will request an MX record, if no MX exists, postfix will then request an A record. If relayhost is an IP address with no brackets, postfix will request a PTR lookup to find the hostname, then request an MX lookup on that hostname. If no MX record exists, then an A record is requested for the hostname. Either the MX lookup or the A lookup may return a result different from the original bare IP; this is why you should always enclose a literal IP address relayhost in brackets. Actual lookups are performed by system libraries, not by postfix. Now, exactly this was my problem - i could not find the above information.. Only the small entry about relayhost ... Could you point me to your source? Thanx!
Re: To [ and ] or not to [ and ] in relayhost entries ...
Thomas: Duane Hill wrote: Care to take a look at the Postfix documentation? http://www.postfix.org/postconf.5.html#relayhost As i wrote, i read the documentation i found - it was exactly this small entry about relayhost! The answer from Noel Jones contains quite some more and deeper information - i did not find it so far, but it shows that there IS more information :) This may come as a surprise. The SMTP destination syntax is documented as part of the Postfix SMTP client. Just consider that this is the program that makes the SMTP connections in the first place. Wietse
RE: example.com problem?
Wietse Venema [mailto:wie...@porcupine.org] wrote: Norm Mackey: The situation reached the point where the mail queue could not even be listed completely with postqueue without postqueue failing, and What was the failure? I suppose that after $daemon_timeout seconds (1800s default) the daemon that lists the queue is terminated for safety reasons. If there were other errors then I would like to know. If you don't want to deliver example.com, a transport map with example.com discard: will do the job (Postfix 2.2 or later), as will an access map rule. -- The failure was logged in /var/log/mail/errors as messages like: [r...@relay mail]# cat errors |grep open files|head -n 5 Jan 19 00:39:43 relay postfix/qmgr[26415]: fatal: socket: Too many open files Jan 19 00:40:48 relay postfix/qmgr[29208]: fatal: socket: Too many open files Jan 19 00:42:07 relay postfix/qmgr[29255]: fatal: socket: Too many open files Jan 19 00:43:25 relay postfix/qmgr[29328]: fatal: socket: Too many open files Jan 19 00:44:43 relay postfix/qmgr[29523]: fatal: socket: Too many open files Norm
Re: example.com problem?
Norm Mackey: The failure was logged in /var/log/mail/errors as messages like: [r...@relay mail]# cat errors |grep open files|head -n 5 Jan 19 00:39:43 relay postfix/qmgr[26415]: fatal: socket: Too many open files Your machine resources don't match the Postfix configuration. Either scale down Postfix (the process limits) or get a better machine. Running Postfix like this is like cramming a school class into a telephone booth, if you are old enough to remember what that is. Wietse
forged spam mails
i get spam mails that pretend to be from yahoo (eg.from yahoo.it, yahoo.nl) on my postfix relay; how can i prevent such kind of foregeries help appreciated thanks