Re: BURL

[Charles Marcus]

On 3/31/2014 7:22 AM, wie...@porcupine.org (Wietse Venema)
 wrote:
> Viktor Dukhovni:
>> On Sun, Mar 30, 2014 at 09:13:19PM -0400, Wietse Venema wrote:
>>
>>> Viktor Dukhovni:
 Postfix does not yet support Apple's BURL SMTP extension.  With
 Apple as the only MUA that supports BURL, it probably does not make
 sense for Postfix to support BURL.
>>> Last time I asked (late 2013) Apple currently does not support BURL.
> I was looking for client software so that I could test Postfix
> BURL support without having to implement my own mail client first.
> I saw no BURL activity from iPhone or iPad with Apple's patch for
> Postfix, and the author of the patch confirmed that IOS had no BURL
> support. If anyone knows of a real client that implements BURL (not
> some unmaintained beta) then I am interested.

I guess maybe this is sort of a 'chicken and egg' conundrum? Why would a
client implement something that has no server side support? It seems to
me that it would make more sense for servers to be the first to add
support for things like this. Label it experimental of course
unless/until there is at least one client that can be used for real
world testing, but somebody has to go first...

A question came up recently on the Thunderbird list about BURL support,
and I did some checking and found this as the only message in the
postfix archives with BURL in the subject...

I also found this email from Mike Abbot in April 2010 announcing Apple's
contribution of a patch for both postfix and dovecot for BURL support,
and for CATENATE and URLAUTH support for dovecot too, so I'm confused
about the comment about Apple not supporting it.

So... anyone know what happened here?

I would s love to be able to uncheck the 'Save copy to Sent folder'
for my postfix+dovecot accounts.


*/Charles/*/*
*/

Re: BURL

[Charles Marcus]

On 4/18/2016 9:42 AM, Charles Marcus  wrote:
> I also found this email from Mike Abbot in April 2010 announcing
> Apple's contribution of a patch for both postfix and dovecot for BURL
> support, and for CATENATE and URLAUTH support for dovecot too, so I'm
> confused about the comment about Apple not supporting it:

Sorry, forgot the link:

http://opensource.apple.com//source/postfix/postfix-229/patches/burl.patch

>
> So... anyone know what happened here?
>
> I would s love to be able to uncheck the 'Save copy to Sent
> folder' for my postfix+dovecot accounts.
>
>
> */Charles/*/*
> */
>

Re: BURL

[Charles Marcus]

On 4/18/2016 11:46 AM, wie...@porcupine.org (Wietse Venema)
 wrote:
> Charles Marcus:
>> I would s love to be able to uncheck the 'Save copy to Sent folder'
>> for my postfix+dovecot accounts.
> What client would do this?

Thunderbird (alluded to this in my OP, as this was a result of a
question on the Thunderbird list)...

Although, if you recall, there was a short conversation between you and
Timo (dovecot author) about him implementing this in dovecot, which
required a little help on the postfix side - one of you said something
about 20 lines or so of code - or, whatever, it appeared to be
relatively trivial and you didn't seem averse to doing it.

Copying Timo in in case he wants to add anything...

Thanks as always Wietse for postfix!

Charles

Re: BURL

[Charles Marcus]

On 4/18/2016 11:46 AM, wie...@porcupine.org (Wietse Venema)
 wrote:
> Charles Marcus:
>> I would s love to be able to uncheck the 'Save copy to Sent folder'
>> for my postfix+dovecot accounts.
> What client would do this?

Also, just noticed that there is apparently one MUA (work in progress)
that supports BURL:

https://docs.kde.org/trunk4/en/extragear-pim/trojita/using-kapp.html

Main page here:

http://trojita.flaska.net/

Re: Is this sane submission setup?

[Charles Marcus]

On 4/29/2016 3:02 AM, Alice Wonder  wrote:
> submission inet n   -   n   -   -   smtpd
>-o syslog_name=postfix/submission
>-o smtpd_tls_security_level=encrypt
>-o smtpd_sasl_auth_enable=yes
>-o smtpd_reject_unlisted_recipient=no
>-o smtpd_client_restrictions=permit_mynetworks,reject
>-o smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destination

What about permit_sasl_authenticated ? Without that external clients
will not be able to use it.

Also, personally I would *never* allow unauthenticated, except only from
specific older clients that don't support SASL AUTH - and I would do
that on a separate port with additional checks - but that is me, I know
it isn't uncommon to do this.

Re: Is this sane submission setup?

[Charles Marcus]

On 4/29/2016 9:51 AM, Alice Wonder  wrote:
> What I'm trying to have it do is define the blog hosts (there are three 
> or four of them, with about 20 different domain names on each host) can 
> connect over 587 with authentication but that even with the right uname 
> / password, connection is refused from any other host.

For that you use client_restrictions... permit only the ones you want to
allow, reject all others...

Re: Prevent Backscatter

[Charles Marcus]

Maybe I'm blind, but I don't see any recipient restrictions at all

On January 20, 2017 5:41:29 PM EST, Postfix User  wrote:
>My test procedure follows
>telnet domain.com 25
>ehlo me
>mail from: 
>rcpt to: 
>At this point I get "Ok" message, and I can continue writing the body
>of the
>e-mail. Because account doesn't exist, Postfix sends bounce
>notification
>back to sender address. 
>
>This is the output of postconf -n
>
>append_dot_mydomain = no
>biff = no
>broken_sasl_auth_clients = yes
>config_directory = /etc/postfix
>dovecot_destination_recipient_limit = 1
>inet_interfaces = all
>inet_protocols = ipv4
>mailbox_size_limit = 0
>message_size_limit = 10240
>milter_default_action = accept
>milter_protocol = 2
>mydestination = localhost
>myhostname = domain.com
>mynetworks = 127.0.0.0/8
>non_smtpd_milters = inet:localhost:8891
>readme_directory = no
>recipient_delimiter = +
>relayhost =
>resolve_numeric_domain = yes
>smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
>smtpd_milters = inet:localhost:8891
>smtpd_relay_restrictions = permit_mynetworks,
>permit_sasl_authenticated,
>check_sender_access $virtual_alias_maps, reject_unauth_destination
>smtpd_sasl_auth_enable = yes
>smtpd_sasl_path = private/auth
>smtpd_sasl_security_options = noanonymous
>smtpd_sasl_tls_security_options = noanonymous
>smtpd_sasl_type = dovecot
>smtpd_tls_CAfile = /etc/ssl/certs/domain.com.chain.crt
>smtpd_tls_cert_file = /etc/ssl/certs/domain.com.crt
>smtpd_tls_key_file = /etc/ssl/private/domain.com.key
>smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>smtpd_use_tls = yes
>virtual_alias_maps = mysql:/etc/postfix/sqlconf/virtual_mailbox_maps.cf
>virtual_mailbox_domains = mysql:/etc/postfix/sqlconf/mydestination.cf
>virtual_transport = dovecot
>
>
>
>--
>View this message in context:
>http://postfix.1071664.n5.nabble.com/Prevent-Backscatter-tp88359p88372.html
>Sent from the Postfix Users mailing list archive at Nabble.com.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Spammers abusing my postfix box

[Charles Marcus]

On 11/11/2008 11:07 AM, Jaap Westerbeek wrote:
> Digging into the logfiles, I could not find the spammer (64.129.70.219) had
> used SASL

So if he didn't get in through sasl_auth, obviously he must have gotten
in through a hole in your

check_recipient_access hash:/etc/postfix/access_recipient,

file... thats where to look...

-- 

Best regards,

Charles

Re: DKIMproxy Information.

[Charles Marcus]

On 11/11/2008 4:35 PM, Brian Evans - Postfix List wrote:
> Linux Addict wrote:
>> While I read through this, I understand that to use domain keys, the
>> client has to send mails through submission port 587. Does that sound
>> right? Just to use domainkeys, all clients to has to send mails to
>> port 587 instead of port 25? Please clarify. Thank you
> The submission port is required for signing due to the nature of trust.
> 
> Common administrative practices include submission on 587 for trusted
> clients only and should not be permitted on the internet.
> This port should be firewalled outside of your network.

Excuse me?!?!? Thats ridiculous... in fact, just the OPPOSITE is true.

-- 

Best regards,

Charles

Re: DKIMproxy Information.

[Charles Marcus]

On 11/11/2008 4:49 PM, Charles Marcus wrote:
>> Common administrative practices include submission on 587 for
>> trusted clients only and should not be permitted on the internet. 
>> This port should be firewalled outside of your network.

> Excuse me?!?!? Thats ridiculous... in fact, just the OPPOSITE is
> true.

Well... correction...

Port 587 is designed to provide smtp_auth services to trusted clients
VIA an UNtrusted network (like the internet)...

So, no WAY should it be firewalled - just limit it to sasl_auth based
sessions - and hopefully you enforce strong password policies too...

-- 

Best regards,

Charles

Re: Strange behavior from postfix..

[Charles Marcus]

On 11/13/2008, Nick ([EMAIL PROTECTED]) wrote:
> Basically, the server after recieving the mail, does a few checks
> then delivers it to the final destination just fine, but for a few
> users (for a reason I'm not able to understand) it sends a delivery
> report after successful deliveries (obviously an unsuccessful
> delivery should generate a message).
> 
> for example:
> 
> Nov 13 08:38:26 mail2 postfix/qmgr[3157]: 606062280A3:
> from=<[EMAIL PROTECTED]>, size=5133, nrcpt=1 (queue active) Nov 13
> 08:38:26 mail2 postfix/virtual[10094]: 606062280A3:
> to=<[EMAIL PROTECTED]>, relay=virtual, delay=0.16,
> delays=0.06/0.06/0/0.04, dsn=2.0.0, status=sent (delivered to
> maildir) Nov 13 08:38:26 mail2 postfix/bounce[10275]: 606062280A3:
> sender delivery status notification: 8769C2280B0

Does it do this for every message that that user receives? Or just some
messages?

Maybe these users have their mail clients configured to automatically
send DSN responses (return receipt) to messages that request them? I
always configure mine to ignore those personally, but...

-- 

Best regards,

Charles

Re: Why I set a specific transport parameter on show up?

[Charles Marcus]

On 11/13/2008, Jacky Chan ([EMAIL PROTECTED]) wrote:
> I would like to set a specific tranport for mail sending to yahoo, which
> slow it down to avoid getting greylisted. I set a dedicated transport in
> master.cf like
> 
> slow  unix  -   -   n   -   1   smtp
> 
> And set the pre-transport parameters in main.cf like
> slow_destination_recipient_limit = 2
> 
> I would like to ask, why this configuration doesn't show up after I issue
> postfix reload or even restart the server?

Please follow the troubleshooting instructions you got when signing up
for this list... specifically:

postconf -n output

and

logs showing the problem...

-- 

Best regards,

Charles

Re: Spamcop's position on backscatter

[Charles Marcus]

On 11/13/2008, D G Teed ([EMAIL PROTECTED]) wrote:
> 
> I'll report the smtpd related details here so those who
> want to know how it is set up can see.

postconf -n output is preferred... all of it...

-- 

Best regards,

Charles

Re: courier authlib with smtp auth

[Charles Marcus]

On 11/14/2008, Wietse Venema ([EMAIL PROTECTED]) wrote:
> Postfix as released by me does not chroot anything. Some
> Linux distributors insist on setting up things this way, 
> which only can give Postfix a bad reputation.
> 
> Perhaps if enough people complain it will be changed.

I'd be very interested in the response that the postfix author (and
other vastly more knowledgable people than I, like Victor) would give to
the people who claim that if it isn't chrooted, it isn't secure.

The only answer I can give right now is 'well, I've heard the author
Witese enema) on the email support list say that it doesn't really
provide any more security and isn't worth the headache'.

:)

-- 

Best regards,

Charles

Re: courier authlib with smtp auth

[Charles Marcus]

On 11/14/2008 4:28 PM, Wietse Venema wrote:
>> I'd be very interested in the response that the postfix author (and
>> other vastly more knowledgable people than I, like Victor) would give to
>> the people who claim that if it isn't chrooted, it isn't secure.
>>
>> The only answer I can give right now is 'well, I've heard the author
>> Witese enema) on the email support list say that it doesn't really
>> provide any more security and isn't worth the headache'.

> That is certainly not what I wrote. I would appreciate it if you
> kept your fantasies in check.

Well, I was certainly para-phrasing, and no offense was intended, but on
what seems like more than a few occasions over the last couple of years
(that I've been on the list), when people show up with problems and it
turns out to be related to some [often a debian] package that is
configured to run chrooted by default, I have seen comments from you like:

"Postfix as released by me does not chroot anything. Some Linux
distributors insist on setting up things this way, which only can give
Postfix a bad reputation."

Seeing this many times must have given me the wrong impression, and it
certainly isn't the same as '... doesn't really provide any more
security...', so my apologies for remembering it wrong.

-- 

Best regards,

Charles

Re: 3dm2 (3ware daemon) smtp/e-mail issue (lost connection after QUIT)

[Charles Marcus]

On 12/1/2008 11:54 AM, Victor Duchovni wrote:
> There is nothing wrong with lost connections after QUIT. Newer versions
> of Postfix only log "lost connection" in the SMTP server during data
> transfer or when sending the "." response. The client is free to
> disconnect without "QUIT" at all other SMTP protocol stages.
> 
> Sufficiently new Postfix releases will not log this condition.

Hmmm...

I'm running 2.5.5, and get this almost every time (maybe every time)
when people send through the webmail interface...

It is an older version of squirrelmail (1.4.6)... maybe time to upgrade?

-- 

Best regards,

Charles

Re: 3dm2 (3ware daemon) smtp/e-mail issue (lost connection after QUIT)

[Charles Marcus]

On 12/1/2008 12:40 PM, Victor Duchovni wrote:
>>> There is nothing wrong with lost connections after QUIT. Newer versions
>>> of Postfix only log "lost connection" in the SMTP server during data
>>> transfer or when sending the "." response. The client is free to
>>> disconnect without "QUIT" at all other SMTP protocol stages.
>>>
>>> Sufficiently new Postfix releases will not log this condition.

>> I'm running 2.5.5, and get this almost every time (maybe every time)
>> when people send through the webmail interface...

> Sorry, Postfix won't log clients disconnecting without sending QUIT,
> but it will log failure to send "221 ...".

Ok... we only have a few users who ever use the webmail interface, and
grepping the logs shows this only happens to two of them, and pretty
much every time...

I'm guessing something interfering on their end (router/firewall, web
'protection' software (Norton, Macafee, etc))...

Don't see the 'lost connection' log entry when sending from my home, or
from inside the office.

Sorry for the noise...

-- 

Best regards,

Charles

Re: Visibility of Postfix docs,

[Charles Marcus]

On 12/4/2008, M. Fioretti ([EMAIL PROTECTED]) wrote:
> It would be a very useful service to the community if you or any other
> of the real gurus could compile a short list, say one or two pages at
> postfix.org, of which howtos are wrong, where and above all why. It
> may save further question and confusion in the future.

You're not serious?

That said, I am sure that the website maintainer would be happy to post
such a list if you were to provide it...

-- 

Best regards,

Charles

Re: Visibility of Postfix docs,

[Charles Marcus]

On 12/4/2008 8:42 AM, Charles Marcus wrote:
> That said, I am sure that the website maintainer would be happy to post
> such a list if you were to provide it...

Actually, that should have read '...would be happy to *consider* posting
such a list...'

-- 

Best regards,

Charles

Re: Domain emails from outside

[Charles Marcus]

On 12/4/2008, Gabriel Hahmann ([EMAIL PROTECTED]) wrote:
> My configuration is listed below

Output of postconf -n is preferred...

-- 

Best regards,

Charles

Re: Transitive Closure for Whole Domain Mapping

[Charles Marcus]

On 12/9/2008 11:38 AM, Fat Bear Mail Services wrote:
> With:
> 
> virtual_alias_maps = hash:/etc/postfix/virtual
> 
> and:
> 
> /etc/postfix/virtual:
>...
>domainA.com domainA.com
>[EMAIL PROTECTED] mailboxForUser1-A
>[EMAIL PROTECTED] mailboxForUser2-A
>domainB.com domainB.com
>@domainB.com @domainA.com

Wildcard Alias ^^



> gives an undesired 250 status for the unknown [EMAIL PROTECTED]  Is
> there a way to configure Postfix, leaving the file /etc/postfix virtual
> unchanged, so that the response to an unknown user via a whole-domain
> mapping results in a 550 status?  [Note: please don't ask me to change
> the /etc/postfix/virtual file... it is not possible at this time].

This is why wildcard aliases are bad.

-- 

Best regards,

Charles

Re: Transitive Closure for Whole Domain Mapping

[Charles Marcus]

On 12/9/2008, Steve Amerige ([EMAIL PROTECTED]) wrote:
>>> gives an undesired 250 status for the unknown [EMAIL PROTECTED]  Is
>>> there a way to configure Postfix, leaving the file /etc/postfix virtual
>>> unchanged, so that the response to an unknown user via a whole-domain
>> mapping results in a 550 status?  [Note: please don't ask me to change
>>> the /etc/postfix/virtual file... it is not possible at this time].

>> This is why wildcard aliases are bad.

> Are you saying that it is not possible?

Not without fixing the /virtual file. Sorry...

-- 

Best regards,

Charles

Re: Alias and mailbox under one e-mail address

[Charles Marcus]

On 12/11/2008, Jakub Nadolny ([EMAIL PROTECTED]) wrote:
> Yes, it uses sendmail command. It is common vacation.pl by Mischa Peters, but
> quite old version, I can not find newer one. What would be the best solution 
> for
> postfix auto-responder which could be easily integrated with postfix admin and
> mysql?

Upgrade postfixadmin. Current version is 2.2.1.1, and the vacation
autoresponder has changed dramatically for the better (thanks in no
small part to mouss)

-- 

Best regards,

Charles

Re: Bounces for the relocated?

[Charles Marcus]

On 12/13/2008, Ville Walveranta (walvera...@gmail.com) wrote:
> Unfortunately I don't control the MX that initially accepts the mails
> (beyond accepting/rejecting an email for a specific address).

There are really very, very few situations where you should NOT reject
all mail destined for invalid recipients...

-- 

Best regards,

Charles

Re: RBL & Postfix

[Charles Marcus]

On 12/15/2008, neugi (neu...@gmail.com) wrote:
> smtpd_recipient_restrictions = permit_sasl_authenticated,
>   permit_mynetworks, reject_rbl_client sbl.spamhaus.org,
>   reject_unauth_destination, reject_non_fqdn_recipient,
>   reject_non_fqdn_sender, reject_unauth_pipelining,
>   reject_unknown_recipient_domain, reject_unknown_sender_domain,
>   check_policy_service inet:127.0.0.1:6

First, put reject_unauth_destination BEFORE reject_rbl_client - this
will prevent lots of unnecessary DNS queries...

As for your problem, the only thing I can think of is your users are not
actually using sasl_auth?

-- 

Best regards,

Charles

Re: RBL & Postfix

[Charles Marcus]

On 12/15/2008, neugi (neu...@gmail.com) wrote:
> complete config:

Always show output of postconf -n, not copy/paste from main.cf...

Someone else recently discovered they were editing the wrong main.cf
file this way...

Re: RBL & Postfix

[Charles Marcus]

On 12/15/2008 2:34 PM, Benny Pedersen wrote:
> On Mon, December 15, 2008 11:19, neugi wrote:
> 
>> smtpd_recipient_restrictions =
> 
> 
> smtpd_recipient_restrictions =
>reject_non_fqdn_sender,
>reject_unknown_sender_domain,
>permit_sasl_authenticated,
>permit_mynetworks,
>reject_non_fqdn_recipient,
>reject_unknown_recipient_domain,
>reject_rbl_client sbl.spamhaus.org,
>reject_unauth_destination,
>reject_unauth_pipelining,
>check_policy_service inet:127.0.0.1:6

No...

reject_unauth_destination should definitely be before reject_rbl_client
(move it up to right after 'permit_mynetworks) - and
reject_unauth_pipelining is useless here...

-- 

Best regards,

Charles

Re: fight spam problem: sender equal to receiver

[Charles Marcus]

On 12/15/2008 2:44 PM, Roland Plüss wrote:
>> # grep smtpd_recipient_restrictions main.cf
>> If you see two occurences or more, you have redefined it. postfix only
>> uses the last.

> Looks like on of the latest etc-update must have smuggled a line in.

Thats gentoo-speak for 'ooops, I fat-fingered the merge when running
etc-update'...

I run gentoo... I know (been there, done that)...

-- 

Best regards,

Charles

Re: fight spam problem: sender equal to receiver

[Charles Marcus]

On 12/15/2008 3:13 PM, Charles Marcus wrote:
>>> # grep smtpd_recipient_restrictions main.cf
>>> If you see two occurences or more, you have redefined it. postfix only
>>> uses the last.

>> Looks like on of the latest etc-update must have smuggled a line in.

> Thats gentoo-speak for 'ooops, I fat-fingered the merge when running
> etc-update'...

Oh... and this is why I put all of my customizations for postfix at the
very end of the file, in its own block... then, even if something slips
in above, my custom settings will override it.

But, I am always very careful when running etc-update - its too easy to
goof...

-- 

Best regards,

Charles

Re: Weird disconnections after RCPT using TLS

[Charles Marcus]

On 12/15/2008, Jesús Manuel Loaiza Vidal (jloa...@ich.edu.mx) wrote:
> Here is the log
> 
> postfix-1.txt  

It would be much easeir to help you if you'd paste the logs into the
email body..

-- 

Best regards,

Charles

Re: fight spam problem: sender equal to receiver

[Charles Marcus]

On 12/15/2008, Roland Plüss (rol...@rptd.ch) wrote:
>> Oh... and this is why I put all of my customizations for postfix at the
>> very end of the file, in its own block... then, even if something slips
>> in above, my custom settings will override it.
>>
>> But, I am always very careful when running etc-update - its too easy to
>> goof...

> I do the same. But it managed to smuggle that line into the sasl block
> before the ldap block. I tend to reject changes to this config file by
> default. Must have been a "trivial merge" case that kicked in there. But
> whatever... not the first time something like this happened but usually
> the config fails to load then.

A 'trivial merge' will never overwrite your custom settings if you have
them in your own separate section at the very bottom of the file. This
entire block will always be seen as 'foreign', and etc-update will want
to replace it (with nothing). I've been through 3 years of updates (some
major) with my config file like this, so I know...

-- 

Best regards,

Charles

Re: RBL & Postfix

[Charles Marcus]

On 12/16/2008 2:40 AM, neugi wrote:
>>> As for your problem, the only thing I can think of is your
>>> users are not actually using sasl_auth?

>> 1. check the logs, there should be lines like these
>>
>> --CUT
>> Dec 14 08:34:39 hel postfix/smtpd[9845]: 7566CBC05FE:
>> client=client.example.com[192.168.17.34], sasl_method=CRAM-MD5,
>> sasl_username=whoever
>> --CUT
>>
>> if not, your users are not using SMTP auth and this is a client side issue.
>>
>> 2. please don't top post :-)

> okay got many of this lines in my log. seems everybody is using the SMTP auth.

What is in master.cf?

-- 

Best regards,

Charles

Re: Problems with user's mail file

[Charles Marcus]

On 12/19/2008, Pedro Augusto (augusto.pe...@gmail.com) wrote:
> It works perfectly, I have no problems sending or receiving e-mail
> but sometimes the user can't receive any e-mail using his client
> (such as Outlook Express) or through webmail. When we check the mail
> file, the first line is full of @ signs. The situation only gets back
> to normal when we remove all of these @ signs from the first line of
> the file.
> 
> This only happens with some users and not all the time. I'm using
> Postfix 2.2.10, Dovecot 0.99.11-9 without virtual domains,

This is actually a well known problem with dovecot 0.99.x and mbox files.

Current version of dovecot is 1.1.7, and is so different from 0.99 as to
be considered an entirely different animal.

Major upgrades are in order...

-- 

Best regards,

Charles

Re: DIGEST-MD5 user/realm mismatch with Dovecot auth

[Charles Marcus]

On 12/25/2008, Darren Pilgrim (post...@bitfreak.org) wrote:
> Cyrus-SASL 2.1.22 (on B and C for SMTP client SASL) 

You might try just using dovecot-sasl - one less package to
install/maintain, and it works as well or better than cyrus-sasl, and is
much easier to configure...

http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL

-- 

Best regards,

Charles

Re: [resolved]how to have a sure postfix safe and stable

[Charles Marcus]

On 1/5/2009, swilting (john.swilt...@wanadoo.fr) wrote:
> i  top-post sorry
> i newbie

Ok, but thats no excuse to *continue* to top-post. If you want help in
the future, you should learn how to bottom/in-line post...

> smtpd_client_restrictions = permit_mynetworks , permit

As Noel pointed out - remove these completely, they are redundant and
unnecessary

> smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces

As Noel pointed out, permit_inet_interfaces

> permit_sasl_authenticated permit_mx_backup  permit_mynetworks
> permit_sasl_authenticated

Remove the second permit_mynetworks and permit_sasl_authenticated

Again, as Noel already pointed out, based on what you have said so far,
the ONLY restrictions you need are:

smtpd_recipient_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_unauth_destination

-- 

Best regards,

Charles

Adding a table to proxy_read_maps...

[Charles Marcus]

Hello,

I want to convert my table lookups to use the proxymap service, but have
a question...

The docs for proxy_read_maps states:

"proxy_read_maps (default: see "postconf -d" output)

The lookup tables that the proxymap(8) server is allowed to access
for the read-only service. Table references that don't begin with proxy:
are ignored.

This feature is available in Postfix 2.0 and later."

But it doesn't say anything explicitly about *how* to add a map to this
list.

I am referencing virtual_mailbox_limit_maps but this table is not
showing in the proxy_read_maps table:

myhost ~ # postconf -d | grep proxy_read_maps
proxy_read_maps =
$local_recipient_maps
$mydestination
$virtual_alias_maps
$virtual_alias_domains
$virtual_mailbox_maps
$virtual_mailbox_domains
$relay_recipient_maps
$relay_domains
$canonical_maps
$sender_canonical_maps
$recipient_canonical_maps
$relocated_maps
$transport_maps
$mynetworks
$sender_bcc_maps
$recipient_bcc_maps
$smtp_generic_maps
$lmtp_generic_maps
myhost ~ #

First question... is there a reason that none of the *_limit_maps are
included in proxy_read_maps by default? I.e., maybe doing this is not
recommended?

Otherwise... is there a simple way to simply *append* the desired
table(s) to the defaults? Or do I have to add a custom proxy_read_maps =
line in main.cf and repeat all of the defaults, adding the desired table(s)?

Thanks,

-- 

Best regards,

Charles

Re: Adding a table to proxy_read_maps...

[Charles Marcus]

On 1/11/2009, Victor Duchovni (victor.ducho...@morganstanley.com) wrote:
>> First question... is there a reason that none of the *_limit_maps are
>> included in proxy_read_maps by default? I.e., maybe doing this is not
>> recommended?

> Ask the maintainers of the unofficial VDA quota patch.

I didn't know I was using that patch, but considering your reply,
apparently the *_limit_maps are a sure sign of it? I'm on gentoo, and
have the vda USE flag explicitly DISABLED...

Hmmm... closer examination shows that I am not actually using this patch
OR table, since it (the Table) doesn't show up in postconf -n output,
even though it is specified in main.cf. This system was originally set
up by someone else, so they must have set this, and I just never noticed
it, since I have not actually implemented quotas yet - although I've
been toying with the idea, which is why I had not commented out those
lines in main.cf...

I've been planning on switching this installation over to dovecot soon
anyway for POP/IMAP access, so will just use the dovecot LDA and quota
plug-in if/when I decide to implement quotas...

> There is as-yet no support for "+=" in main.cf parameter settings.

Ok, thanks for the confirmation...

-- 

Best regards,

Charles

Re: Problem with Zen filtering legit e-mail

[Charles Marcus]

On 1/13/2009, Roland Plüss (rol...@rptd.ch) wrote:
> Unfortunately nothing except SASL not working ( if telnetting to 25 ). I
> tried tons of tutorials but the SASL stays broken. Most probably a
> GenToo problem I suspect.

Actually, I've been using SASL on gentoo for years, so it is more likely
a PEBKAC problem...

-- 

Best regards,

Charles

Re: What do these logs mean?

[Charles Marcus]

On 1/14/2009, Rupert Reid (isingl...@madasafish.com) wrote:
> What is "fail2ban" and how would I implement that? 

Google is your friend...

-- 

Best regards,

Charles

Question re: config_directory setting

[Charles Marcus]

Hello,

I try to keep my postconf -n output clean/small by not explicitly
setting anything that is not different from the default (postconf -d),
and I just noticed that my postconf -n output contains the following:

config_directory = /etc/postfix

and this setting is the default (included in output of postconf -d), but
this entry doesn't exist anywhere in my main.cf file:

myhost ~ # grep config_directory /etc/postfix/main.cf
#mynetworks = $config_directory/mynetworks
#   >$config_directory/$process_name.$process_id.log & sleep 5
myhost ~ #

?

-- 

Best regards,

Charles

Confirm: home_mailbox not needed/used in this setup?

[Charles Marcus]

Hello,

I am cleaning up a friends postfix install, and just want to confirm
something...

His system uses only virtual users, and according to the man page,
home_mailbox is only for local users, so, considering the following
complete postconf -n output, I think I can safely remove this setting?

myhost ~ # postconf -n
alias_maps = hash:/etc/mail/aliases, hash:/var/lib/mailman/data/aliases
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = .maildir/
message_size_limit = 512
mydomain = example.com
myhostname = smtp.example.com
mynetworks = 127.0.0.0/8
parent_domain_matches_subdomains =
recipient_delimiter = +
relay_domains =
relayhost = [smtp.myisp.com]
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
reject_unlisted_sender, reject_unlisted_recipient,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
reject_unknown_sender_domain, reject_unknown_reverse_client_hostname,
reject_rbl_client cbl.abuseat.org, reject_rbl_client list.dsbl.org,
reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client
korea.services.net, reject_rbl_client zen.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/wildcard.crt
smtpd_tls_key_file = /etc/ssl/wildcard.key
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
hash:/var/lib/mailman/data/virtual-mailman
virtual_gid_maps = static:207
virtual_mailbox_base = /var/virtual/mail
virtual_mailbox_domains =
mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf
virtual_mailbox_limit = 512
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 207
virtual_uid_maps = static:207
myhost ~ #

-- 

Best regards,

Charles

Re: Looking for opinions on changing maildrop to dovecot deliver

[Charles Marcus]

On 1/21/2009, Guy (wyldf...@gmail.com) wrote:
> I was mostly just wanting to know what guys on this list thought of
> Dovecot delivery.

One thing to be aware of... dovecot sasl auth does not support CLIENT
side SASL suth, only server side...

So, if you use postfix, and need postfix to be able to SASL_AUTH as a
CLIENT to other servers - e.g. for relaying - then you'll still need
cyrus_sasl...

-- 

Best regards,

Charles

Re: overriding/modifying smtp error codes from other MTAs

[Charles Marcus]

On 1/22/2009, ram (r...@netcore.co.in) wrote:
> I have a got a stupid problem. We have some customers saying they 
> can't and don't want to reconfigure their mail servers even if
> Planet-X hits Earth and that would help to avoid it :) And their MTAs
> always responds with:

If they are that brain dead/irresponsible, I would simply provide
references to the appropriate RFCs, and inform them that if they had not
remedied the problem within 72 hours, their contract would be terminated.

There is no excuse for such idiocy.

-- 

Best regards,

Charles

Re: Question re: config_directory setting

[Charles Marcus]

On 1/21/2009 8:46 AM, Charles Marcus wrote:
> I try to keep my postconf -n output clean/small by not explicitly
> setting anything that is not different from the default (postconf -d),
> and I just noticed that my postconf -n output contains the following:
> 
> config_directory = /etc/postfix
> 
> and this setting is the default (included in output of postconf -d), but
> this entry doesn't exist anywhere in my main.cf file:
> 
> myhost ~ # grep config_directory /etc/postfix/main.cf
> #mynetworks = $config_directory/mynetworks
> #   >$config_directory/$process_name.$process_id.log & sleep 5
> myhost ~ #
> 
> ?

I guess this is a dumb/obvious question... I'll do some more googling...

-- 

Best regards,

Charles

Re: Confirm: home_mailbox not needed/used in this setup?

[Charles Marcus]

On 1/21/2009, Victor Duchovni (victor.ducho...@morganstanley.com) wrote:
> Your question cannot be answered based just on the data you have
> provided.

Many thanks for the response Victor... I've been trying to digest it
fully... I thought I had a good, basic understanding of the different
address classes, but looks like I need to ... go back to class... ;)

-- 

Best regards,

Charles

Re: forged outlook html

[Charles Marcus]

On 1/23/2009 11:33 AM, bharathan kailath wrote:
> 
> X-Spam-Status: No, score=2.797 tagged_above=2 required=5
> tests=[BAYES_00=-2.599, FORGED_MUA_OUTLOOK=3.116,
> FORGED_OUTLOOK_HTML=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457,
> MSOE_MID_WRONG_CASE=0.82, NORMAL_HTTP_TO_IP=0.001]
> 
> the above header details are of a message which was a spam; what does
> this 'forged' mean? this passed amavisd on postfix relay
> help appreciated

Wrong list... ask on the spamassassin and/or amavisd lists...

-- 

Best regards,

Charles

Re: +em...@example.com

[Charles Marcus]

On 1/23/2009, hose (h...@bluemaggottowel.com) wrote:
> Can anyone tell me what the formal name of the email technique of
> placing something + a delimiter + your email is?  I can't seem to
> remember...

Are you talking about 'plus-addressing'?

-- 

Best regards,

Charles

Re: +em...@example.com

[Charles Marcus]

On 1/23/2009, Victor Duchovni (victor.ducho...@morganstanley.com) wrote:
> - recipient "delimiter", the "+" or sometimes "-" (...)
>   character that separates the base address from the address:
> 
> -  "extension", the rest of the address localpart between
>the delimiter and the domain.
> 
> These are often used with the envelope sender address in VERP to
> facilitate bounce processing in bulk mailings.
> 
> Another use it to help sort mail for a recipient into various "folders"
> by giving different senders different mail address extensions to use
> when sending mail to the same person. These were a key feature of the
> CMU Cyrus mail system.

I'd love to see support for multiple delimeter characters...

Also, gmail supports plus-addressing, as well as something else very
unique... you can add a '.' anywhere in the local part of your address,
and it is delivered as if the '.' wasn't there. This can be used in all
sorts of creative ways, ie, use a different form for different purposes,
then filter on that...

Then, if you start getting spammed from somewhere to one of these,
you'll know where it came from - and, be able to filter it...

-- 

Best regards,

Charles

Re: "Aliasing" of local mail account not working

[Charles Marcus]

On 1/30/2009, Marcial Rion (marcial.r...@swissonline.ch) wrote:
> Ok, your explanation - and as far as I can understand the code -
> makes sense to me, though I cannot explain why my box is using
> modified code (I initially emerged postfix on my Gentoo box [is
> Gentoo known to change postfix code?], and after I started having
> problems, I did a re-emerge and restarted with the configuration from
> scratch). However, I am really greatful and appreciate your help a
> lot. Now, at least, I have a new point from where to start. I'll
> probably first check my box for anomalies(!), before I will download
> the original source code, compile it "by hand" and try again.

Gentoo only modifies the code if you enable a USE flag that applies a
patch - like the vda USE flag...

-- 

Best regards,

Charles

Re: SMTP AUTH failing

[Charles Marcus]

On 2/3/2009, punit jain (contactpunitj...@gmail.com) wrote:
> But when i use telnet to send mail , it goes w/o authentication: -

You forgot logs of the session...

-- 

Best regards,

Charles

Re: Taking over for another admin

[Charles Marcus]

On 2/4/2009, David Bishop (t...@gnuconsulting.com) wrote:
> So are you recommending dropping courier for imap/pop completely? Or
> just using the SASL portion of dovecot?  I guess I don't particularly
> care what imap/pop server I use, as long as it can use a
> crypted-password from a mysql database, and read/write maildir...

I highly recommend changing to dovecot if you have the opportunity...
the performance difference is incredible, as Patrick pointed out, and I
have to say, Timo does far more than a 'good job' on dovecot... he
usually will have a fix for a well reported bug within hours, if not
sooner (depends on if he is sleeping or not when it is reported I
guess)... :)

-- 

Best regards,

Charles

Re: reject_unverified_sender vs greylisting

[Charles Marcus]

On 2/8/2009, João Miguel Neves (joao.ne...@intraneia.com) wrote:
> I recently enabled reject_unverified_sender in my postfix configuration,
> but it seems like it fails when the server against which the sender is
> verified uses greylisting. I've been getting log entries like (@ were
> replaced by _AT_):

You're not trying to verify ALL senders are you? This ia a really bad
idea, and will get you blacklisted by a lot of providers, especially if
you have high traffic .

You should only perform SAV against servers that YOU control, or at
least have an agreement ahead of time with them.

-- 

Best regards,

Charles

Re: reject_unverified_sender vs greylisting

[Charles Marcus]

On 2/9/2009 9:36 AM, João Miguel Neves wrote:
> That would mean that the most useful use of SAV is negated. Or is there
> some prior arrangement that would allow me to do that to hotmail.com,
> gmail.com, yahoo.com*?
> 
> I'm going to reduce the target domains, but is there a known agreement
> with MS, Google or Yahoo to use SAV against their servers?

No...

Here's a link informing why indiscriminate use of SAV is bad, and what
it should be used for:

http://www.backscatterer.org/?target=sendercallouts

-- 

Best regards,

Charles

Re: DNS lookups not working?

[Charles Marcus]

On 2/10/2009, David Cottle (webmas...@aus-city.com) wrote:
> Feb 10 09:38:30 server postfix/smtpd[21977]: NOQUEUE: reject: RCPT
> from unknown[72.4.168.106]: 554 5.7.1 Service unavailable;

Are you usin the free zen service? If so, are you exceeding the limits
they place on free usage?

-- 

Best regards,

Charles

Re: reject_unverified_sender vs greylisting

[Charles Marcus]

On 2/10/2009, João Miguel Neves (joao.ne...@intraneia.com) wrote:
> Right now, I'm preparing my top 10 domains used in spam and enabling SAV
> for those.

Do you have their PERMISSION? If not, then DON'T... otherwise you risk
getting BLACKLISTED. I know that *I* will blackilist you for doing this,
and so will many, many others.

Did you read the info at the link I provided?

Using SAV just 'passes the buck' - please STOP passing YOUR problem on
to other INNOCENTS.

Besides, there are many other far more effective ways of minimizing spam.

-- 

Best regards,

Charles

Re: No reason not to use reject_unverified sender (was Re: reject_unverified_sender vs greylisting)

[Charles Marcus]

On 2/10/2009 1:49 PM, João Miguel Neves wrote:
> Charles Marcus escreveu:
>> Here's a link informing why indiscriminate use of SAV is bad, and what
>> it should be used for:
>>
>> http://www.backscatterer.org/?target=sendercallouts

> OK, I've finished reading and analyzing that text. My conclusion is that
> there's no reason not to use reject_unverified sender.

Your conclusion is flawed.

> Most people disabled VRFY to prevent spammer tests for email addresses,
> nothing else. If you want to disable all tests for email addresses you
> accept all email for all email addresses, even non-existing ones and
> later discard the invalid ones. That's the only way to do it (and the
> reason why some of my clients are using catch-all addresses that they
> redirect to /dev/null).

Using catch-all for production mail servers is bad. It breaks recipient
validation - meaning, if Some Important Person sends an email to the
owner of one of the companies you are hosting, and typo's his email
address, the sender will NOT get an NDR, and will NOT know that his
important message was not delivered.

Security by obscurity simply does not work... it causes far more
problems than it solves, one of which is a FALSE sense of security.

> 2) That a spammer can create a DDOS using SAV.
> 
> You'll get a connection per server to which those were sent (postfix
> caches the request, so it will only validate an email adress once).
> 
> SAV actually helps reduce the effect of the DDOS attack. In the non-SAV
> scenario, you get 30 million bounce messages. In the SAV cenario, each
> server does one check per email adress (that costs you less bandwidth
> and disk space than a Bounce message) and that single check will avoid
> several bounce messages.

As I said, your conclusion is terribly flawed.

> 3) That SAV might create a loop.
> 
> The SAV check in postfix is done with the postmaster address by default.
> If the target server does the same check back, then the SAV server
> replies that postmaster is valid (assuming it's well-configured and
> RFC-compliant).
> 
> Have I missed anything?

Every SAV your server performs is arguably an ABUSE of the server being
probed. For small sites, that abuse would be negligible and even
unnoticeable.

I agree with John. Please provide all IP addresses you are using so I
can block them all now.

-- 

Best regards,

Charles

Re: Problem with postfix and amavisd-new

[Charles Marcus]

On 2/11/2009, Vittorio Manfredini (vitto...@vitsoft.bz) wrote:
> I setup amavisd-new to rejict messages that are disoverd as SPAM, but
> seem that postfix bounce this messages and sent a sender non-delivery
> notification.

Never bounce a message once its been accepted.

Either setup amavisd-new as a pre-queue content filter, or simply
tag+deliver.

-- 

Best regards,

Charles

Re: Problem with sending email to multiple recipients

[Charles Marcus]

On 2/13/2009, sim085 (sim...@hotmail.com) wrote:
> Any suggestions?

You'll get a lot more help if you follow the instructions that were in
the welcome message you got when you signed up to the list...

Specifically and for starters, output of postconf -n and logs exhibiting
the problem?

-- 

Best regards,

Charles

Re: About filtering mail with mailq

[Charles Marcus]

On 2/13/2009 6:36 AM, deconya wrote:
> Im new postfix and Im learning how to use. My first problem is about the
> spam because in my server are incoming mails with my domain but using
> bad adresses and making copy to the aol.com  domain. Im
> making:

Don't accept messages for invalid recipients.

I'm confused about the second part of your complaint... are you sure you
are not an open relay?

> #postqueue -p | grep ' Feb @aol.com ' | sed 's/*//' |
> awk '{print $1}' >spam.txt
> 
> but not appears de ID. I need to filter to domins in different lines,
> for exemple:
> 
> ID -m...@mydomina.com 
> -m...@aol.com 
> 
> How I can make this?

You'll get a lot more help if you follow the instructions that were in
the welcome message you got when you signed up to the list...

Specifically and for starters, output of postconf -n and logs exhibiting
the problem?

-- 

Best regards,

Charles

More main.cf cleanup

[Charles Marcus]

Hello again,

I just want to confirm before I change this that I'm not missing
something that will cause me some pain...

Currently I have all of my restrictions under
smtpd_recipient_restrictions, but after seeing some questions about
these on the list, I'm thinking that there are two that should be moved.

My current restrictions are:

smtpd_recipient_restrictions =
 check_recipient_access hash:/etc/postfix/moved-employees,
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_unauth_destination,
## only allow outsourced anti-spam service to send us email
 check_client_access cidr:/etc/postfix/allowed_clients.cidr,
## custom rejects for x-employees
 check_recipient_access hash:/etc/postfix/x-employees,
## block certain senders from sending us mail
 check_sender_access hash:/etc/postfix/blocked_senders

I'm thinking it would be better to move the check_client_access check to
smtpd_client_restrictions, and the check_sender_access check to
smtpd_sender_restrictions, so I'd then have:

smtpd_client_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  check_client_access cidr:/etc/postfix/allowed_clients.cidr,
smtpd_sender_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  check_sender_access hash:/etc/postfix/blocked_senders
smtpd_recipient_restrictions =
 check_recipient_access hash:/etc/postfix/moved-employees,
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_unauth_destination,
 check_recipient_access hash:/etc/postfix/x-employees,

I'm unsure if the permit_mynetworks and permit_sasl_authenticated checks
are necessary under all three - is it sufficient to just have these
under recipient_restrictions, or do you need to add them to each when
breaking things up like this?

Or does this make sense to change this? Would it be better/ok to just
leave them all under recipient_restrictions?

Tia for any comments/help,

-- 

Best regards,

Charles

Re: More main.cf cleanup

[Charles Marcus]

On 2/13/2009, Ralf Hildebrandt (ralf.hildebra...@charite.de) wrote:
>> I'm thinking it would be better to move the check_client_access check to
>> smtpd_client_restrictions, and the check_sender_access check to
>> smtpd_sender_restrictions, so I'd then have:

> No, don't do it.

Ok... I do appreciate the response, but I'd be more comfortable with a
bit more of an explanation as to why...

-- 

Best regards,

Charles

Re: More main.cf cleanup

[Charles Marcus]

On 2/13/2009, Justin Piszcz (jpis...@lucidpixels.com) wrote:
> I have one question to add to this thread, in the past it has always
> been up to the admin whether to put all beneath recipient
> restrictions (with the exception of SAV), is this still considered
> best-practice?  Or should one follow Charles' method and put each set
> of checks under the approrpriate restriction class?

Actually after an email exchange with Ralf off list, I decided against
doing this, because in my case - that these checks come after
reject_unauth_destination - it would be of no benefit, and only
complicate things.

-- 

Best regards,

Charles

Re: relay through smtps

[Charles Marcus]

On 2/13/2009, gianluca...@interfree.it (gianluca...@interfree.it) wrote:
> Is it possible relay mail trhough smstps under postfix?

Assuming you meant smtps, you can enable this in master.cf, by
uncommenting these lines (I'm unsure what the last line does though):

#smtps  inet  n   -   n   -   -   smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

-- 

Best regards,

Charles

Re: Relaying question

[Charles Marcus]

On 2/13/2009 2:08 PM, Joseph Mays wrote:
> We have long had a postfix system for a cluster of machines that accepts
> incoming mail from a spam filtering system, and sends outgoing mail
> directly out to other servers in the world. I am currently trying to
> change it to send outgoing mail out through the smtp filter server, too.
> However, if I change the relayhosts on the cluster postfix config to the
> ip number of the mail server, any thing sending outgoing mail through
> the cluster machines gets a response of "relaying denied" from the
> cluster machines. If I take the relayhosts line out so that the cluster
> machines just directly send mail to the outgoing world, again, the
> problem goes away.

What service is it, and why are they not allowing you to relay?

Did you ask them for directions for enabling this? Or did you just try
to use the same IP(s) that mail from them comes in on?

Often it is NOT the same...

-- 

Best regards,

Charles

Re: More main.cf cleanup

[Charles Marcus]

On 2/13/2009 3:42 PM, mouss wrote:
> you can do this
> 
> smtpd_sender_restrictions =
>  check_recipient_access hash:/etc/postfix/moved-employees,

Ah! I never even considered I could put check_recipient_access under
smtpd_sender_restrictions... but if I can put check_client_access under
smtpd_recipient_restrictions, why not? :)

Just to clarify: doing the above keeps me from becoming an open relay if
I typo something in the map, while keeping it under
smtpd_recipient_restrictions leaves me vulnerable to such an error, is
that correct?

Thanks mouss!

-- 

Best regards,

Charles

Re: More main.cf cleanup

[Charles Marcus]

On 2/13/2009 4:23 PM, mouss wrote:
>>> smtpd_sender_restrictions =
>>>  check_recipient_access hash:/etc/postfix/moved-employees,

>> Ah! I never even considered I could put check_recipient_access under
>> smtpd_sender_restrictions... but if I can put check_client_access under
>> smtpd_recipient_restrictions, why not? :)
>>
>> Just to clarify: doing the above keeps me from becoming an open relay if
>> I typo something in the map, while keeping it under
>> smtpd_recipient_restrictions leaves me vulnerable to such an error, is
>> that correct?

> that's the idea. you may decide to replace the hash with a mysql or a
> pcre that returns OK for any domain.
> 
> As I said before, this is not a check to fight spammers, but a check you
> want to apply to all mail.

Right...

One more question... in the above example, you did NOT add redundant
permit_mynetworks and permit_sasl_authenticated entries above the
check_recipient_access under smtpd_sender_restrictions... is this not
necessary? If not, why? Or, when *is* it necessary to add the redundant
entries?

Sorry for being so dense, just want to make sure I understand this
correctly...

'it ain't what you don't know that gets you in trouble, it whats you
know for sure that just aint so'

-- 

Best regards,

Charles

Re: More main.cf cleanup

[Charles Marcus]

On 2/13/2009, mouss (mo...@ml.netoyen.net) wrote:
> because in your original post, the check in question was before
> permit_*, so doesn't need a permit_* when moved.

Actually, I guess that was confusing, but...

The check that is above the permit_* in my original post was the
check_recipient_access, and was *not* one of the two
(check_client_access and check_sender_access) I was moving.

But your answer makes sense, so now I know the answer too... :)

Thanks again...

-- 

Best regards,

Charles

Re: Postfix + Maildrop

[Charles Marcus]

On 2/19/2009 8:01 AM, Gejo Paul wrote:



Gejo,

Unedited/mindless bottom posting is WORSE than top-posting.

Please snip/cut out all but the relevant text you are quoting before
clicking the send button.

-- 

Best regards,

Charles

Re: Prevent vacation autoreply for recipient_delimiter?

[Charles Marcus]

On 2/19/2009, post...@corwyn.net (post...@corwyn.net) wrote:
> However, when that spam hits a mailbox that has vacation enabled (the
> perl script from postfixadmin), vacation.pl sends an automatic reply
> from: first.last#example.com+s...@autoreply.example.com
> 
> Is there a relatively trivial way inside of postfix to not send an
> autoresponse when the sender is "+s...@autoreply.example.com", yet
> also not send a bounce notification back to the user?

What version of postfixadmin/vacation.pl?

The new version (2.2.1) has been greatly improved (and even more
improvements in the 2.3 beta) to not reply based on a lot of criteria,
inclusing spam headers added by spamassassin... so there wouldn't need
to be a check on the recipient delimeter, as long as you have configured
spamassassin to add the appropriate header.

-- 

Best regards,

Charles

Re: Prevent vacation autoreply for recipient_delimiter?

[Charles Marcus]

On 2/19/2009, post...@corwyn.net (post...@corwyn.net) wrote:
> The new 2.3 beta. 

So, is spamassassin adding the appropriate header?

-- 

Best regards,

Charles

Re: Prevent vacation autoreply for recipient_delimiter?

[Charles Marcus]

On 2/19/2009 2:40 PM, post...@corwyn.net wrote:
> Spam assassin is configured to not add spam headers to outbound mail, so
> that won't help. (I don't want to flag my own outbound mail as spam).

Eh? Who's talking about outbound email? Vacation.pl only executes for
inbound mail.

> There's not a way to get postfix to not deliver (reject/drop/whatever)
> messages based on the "From" address having an recipient_delimiter field
> that includes "+Spam"?

Hmmm... ok, I guess I missed that you were referring to the 'From'
address... are you talking about the From HEADER or the envelope From?

Besides... recipient_delimeter is for RECIPIENTS, not the envelope FROM
(or From headers)...

I guess maybe I'm missing something, so I'll shut up now...

-- 

Best regards,

Charles

Re: Prevent vacation autoreply for recipient_delimiter?

[Charles Marcus]

On 2/19/2009, post...@corwyn.net (post...@corwyn.net) wrote:
> When mail is inbound and is spam, it gets flagged as spam by spam
> assassin, and becomes addressed to , with recipient_delimiter,
> user+s...@example.com

Right... so just configure spamassassin to add the x-spam header (I
can't help you with particulars for that) IN ADDITION TO adding the
recipient delimeter, and it will 'just work'.

-- 

Best regards,

Charles

Re: Prevent vacation autoreply for recipient_delimiter?

[Charles Marcus]

On 2/19/2009, post...@corwyn.net (post...@corwyn.net) wrote:
>>> When mail is inbound and is spam, it gets flagged as spam by spam
>>> assassin, and becomes addressed to, with recipient_delimiter, 
>>> user+s...@example.com

>> Right... so just configure spamassassin to add the x-spam header (I
>> can't help you with particulars for that) IN ADDITION TO adding
>> the recipient delimeter, and it will 'just work'.

> Spam assassin sets the x-spam header on the way in. When it gets sent
> back out, it doesn't get spam headers added. And since it's a reply,
> the fact that spam headers were set set on the way in doesn't matter
> since those headers, are no longer the headers. It's a new message, 
> with new headers.

That doesn't make sense. I've never used spamassassin, so this just may
be the way it works, and I really want to understand what I'm missing
here, so...

My understanding is that even though spamassassin is involved, and may
even rewrite the recipient with the recipient delimeter, it should STILL
be the same message (messageID, PREVIOUS HEADERS and so forth) - it just
doesn't make sense that it is a NEW message and LOSES all of the
previous header information.

It sounds TO ME like you are simply doing it wrong.

I would appreciate it if someone more knowledgable would chime in here.

-- 

Best regards,

Charles

Re: Prevent vacation autoreply for recipient_delimiter?

[Charles Marcus]

On 2/20/2009, Charles Marcus (cmar...@media-brokers.com) wrote:
> Spam assassin sets the x-spam header on the way in. When it gets sent
> > back out, it doesn't get spam headers added. And since it's a reply,
> > the fact that spam headers were set set on the way in doesn't matter
> > since those headers, are no longer the headers. It's a new message, 
> > with new headers.

What do you mean 'since its a reply'??

The path should be:

internet > postfix > spamassassin > postfix > delivery

The vacation auto-response (reply) doesn't get generated until AFTER the
inbound message is delivered. Up to the 'delivery' point above, the
message is the SAME message, and should have the same messageID and
headers (with additional x-spam header(s) after it passes through
spamassassin). So, the x-spam headers SHOULD still be present in the
message when it hits the deliver agent, thus vacation.pl should NOT send
an auto-response.

-- 

Best regards,

Charles

Re: a problem with catch-all alias handling in virtuals

[Charles Marcus]

On 2/20/2009, Andi Raicu (raicua...@gmail.com) wrote:
> I don't want to be in the situation where I didn't create an account
> to the new server and emails that were supposed to be recieved are
> now, well, kind of lost; so I need a catch-all email.

catchalls are almost never a good idea... it breaks recipient
validation, meaning, if someone sends a message to a valid user, but
typos their address, they will never know that the message was NOT
delivered. This is bad. It would be much better to simply not forget to
add a new user account when a new user starts working there.

-- 

Best regards,

Charles

Re: Prevent vacation autoreply for recipient_delimiter?

[Charles Marcus]

On 2/20/2009 10:42 AM, post...@corwyn.net wrote:
> Let's try a different approach. Let's say a user, spamt...@example.com,
> sends mail to a user test...@example.com, which includes the GTUBE sting
> (guaranteed to make it flag as spam). test...@example.com has vacation
> turned on. test...@example.com received the following mail, with headers:



> It includes all the X-Spam headers appropriately.  spamt...@example.com
> receives the following headers from the autoreply indicating that
> test222 is on vacation:

Ok... we can stop there...

The auto-reply should NOT be going out, so you need to go ask on the
postfixadmin list... this is not a postfix problem that I can see...

-- 

Best regards,

Charles

Re: Prevent vacation autoreply for recipient_delimiter?

[Charles Marcus]

On 2/20/2009 10:42 AM, post...@corwyn.net wrote:
> vacation   unix-nn--pipe
>flags=DRhu

The vacation doc with 2.3b says to use flags=Rq, not DRhu... don't know
if that matters (don't have a clue what the flags mean off the top of my
head)...

> dovecot unix-   n   n   -   -  pipe
>   flags=DR user=vuser:vuser argv=/usr/libexec/dovecot/deliver -f
> ${sender} -d ${us...@${nexthop} -n -m ${extension}

Since you're using dovecot's LDA, I guess another option would be to use
the sieve/vacation functionality...

http://wiki.dovecot.org/LDA/Sieve#head-f083c4265adca5ce0fecf17d7684bd2dedbd5812

-- 

Best regards,

Charles

Re: Prevent vacation autoreply for recipient_delimiter?

[Charles Marcus]

On 2/21/2009, post...@corwyn.net (post...@corwyn.net) wrote:
>> Alternatively, change your delivery config so that mail to
>> *+s...@yourdomain.example uses a different delivery mechanism, one that
>> doesn't call your vacation script.

> See, I knew there'd be a way in postfix. Can you provide a quick
> pointer to how to do that; I'm not quite sure where to start. I
> changed the delivery agent to dovecot previously, but I know that
> postfix feeds things back through vacation somehow, and if I could
> just change that I'd be all set!

Yes, but this is only a WORKAROUND. You should focus on fixing the
PROBLEM. The PROBLEM is a vacation message is being sent when it shoudln't.

-- 

Best regards,

Charles

Re: Prevent vacation autoreply for recipient_delimiter?

[Charles Marcus]

On 2/21/2009, post...@corwyn.net (post...@corwyn.net) wrote:
> I think our thought process is different. I have a technical thing I
> want to do (and understand in postfix).  So it depends on how you
> define things as a problem.

Fair enough, but the email subject and problem description were, why is
the vacation mail getting sent twice.

Hmmm... I have a question for you... I had assumed it was being sent
twice everytime... but is it only being sent twice for messages TO a
recipient that contained the delimiter?

-- 

Best regards,

Charles

Re: /usr/sbin/sendmail requeue and address expansion

[Charles Marcus]

On 2/26/2009 11:00 AM, Magnus Bäck wrote:
>> You need to disable it on one side, but then enable it on the other.
>> In addition to receive_override_options = no_address_mappings in
>> main.cf
>>
>> Add something like
>> -o receive_override_options=
>>
>> to the other side that you've defined in master.cf

> I would suggest selectively disabling the address rewriting instead of
> the other way around. The risk of error is greater if rewriting is
> disabled by default.

Hmmm, ok, I'll bite, since I may do this some day soon...

If this is better, why does 'The Book' - and more importantly, the
official docs (FILTER_README) - say to do it the other way?

-- 

Best regards,

Charles

Re: smtps and sent mail

[Charles Marcus]

On 2/26/2009, mouss (mo...@ml.netoyen.net) wrote:
> Can't you configure outlook to save copies on your imap server? I
> don't have outlook but if my memory is correct, this is possible
> (otherwise, it's time to switch to thunderbird :)

Outlook 2007 finally provided a direct way to do this. Earlier versions
require a message rule to be used, but it's a kludge at best.

-- 

Best regards,

Charles

Plus addressing not delivering to folder

[Charles Marcus]

Hello,

I'm sure this is something I'm totally missing but I have a system I'm
trying to get plus addressing working, and not having any luck. The
email is delivered, but just to the Inbox, not to the folder...

I've got the recipient delimiter enabled in main.cf (output of postconf
-n shows it enabled). I'm using virtual mailbox domains/maps and the
postfix virtual delivery agent. The folder 'test' (minus the quotes)
does exist... but not as a subdirectory of Inbox (is that the problem?).

Here's the log of the received mail that didn't get delivered to the sub
folder:

Feb 27 17:26:06 myhost postfix/smtpd[14440]: connect from
ixe-mta-18-tx.emailfiltering.com[194.116.198.213]
Feb 27 17:26:07 myhost postfix/smtpd[14440]: 87CA049C274:
client=ixe-mta-18-tx.emailfiltering.com[194.116.198.213]
Feb 27 17:26:07 mmyhost postfix/cleanup[14446]: 87CA049C274:
message-id=<49a8687b.8080...@example.org>
Feb 27 17:26:07 mmyhost postfix/qmgr[1524]: 87CA049C274:
from=, size=1378, nrcpt=1 (queue active)
Feb 27 17:26:07 myhost postfix/virtual[14449]: 87CA049C274:
to=, relay=virtual, delay=0.47,
delays=0.47/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Feb 27 17:26:07 myhost postfix/qmgr[1524]: 87CA049C274: removed

Here's postconf -n:

alias_maps = hash:/etc/mail/aliases, hash:/var/lib/mailman/data/aliases
anvil_rate_time_unit = 360s
anvil_status_update_time = 3600s
bounce_size_limit = 1
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
delay_warning_time = 15m
home_mailbox = .maildir/
message_size_limit = 5120
mydomain = media-brokers.com
myhostname = smtp.media-brokers.com
mynetworks = 127.0.0.0/8
parent_domain_matches_subdomains =
recipient_delimiter = +
relay_domains =
relayhost = [post18.emailfiltering.com]
smtp_fallback_relay = [smtp.nuvox.net]
smtpd_hard_error_limit = 3
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/moved-employees,  permit_mynetworks,
permit_sasl_authenticated,  reject_unauth_destination,
check_client_access cidr:/etc/postfix/allowed_clients.cidr,
check_recipient_access hash:/etc/postfix/x-employees,
check_sender_access hash:/etc/postfix/blocked_senders,
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/.../wildcard.crt
smtpd_tls_key_file = /etc/.../wildcard.key
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = mysql:/etc/postfix/mysql_vam.cf,
hash:/var/lib/mailman/data/virtual-mailman
virtual_gid_maps = static:207
virtual_mailbox_base = /var/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_vmd.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_vmm.cf
virtual_minimum_uid = 207
virtual_uid_maps = static:207

Thanks for any 2x4 whacks...

-- 

Best regards,

Charles

Re: smtpd_recipient_restrictions suddenly stopping mail

[Charles Marcus]

On 3/3/2009 2:17 PM, LuKreme wrote:
>>  host -t a 27a28250f4b7c74acc01d042687e2273.com

> Perhaps they are using OpenDNS?

opendns works very well, as long as you disable the helper crap, so, no,
has nothing to do with opendns.

Re: smtpd_recipient_restrictions suddenly stopping mail

[Charles Marcus]

On 3/3/2009 7:18 PM, LuKreme wrote:
>> opendns works very well, as long as you disable the helper crap,
>> so, no, has nothing to do with opendns.

> Since one of the features of OpenDNS Is the so-called helper crap,
> and is enabled by default, this can easily be a problem.

For the clueless maybe, but any competent admin should do their
homework, and this issue with opendns is easily discoverable...

We have been using it for over 2 years with zero problems...

Re: That Relay Access Denied Thing

[Charles Marcus]

On 3/4/2009, Robert A. Ober (ro...@robob.com) wrote:
> # "dovecot -n" command gives a clean output of the changed settings. Use it
> # instead of copy&pasting this file when posting to the Dovecot mailing list.
> # --with-ssldir=/etc/ssl 

You need to read the welcome message you got...

ONLY provide postfix -n output, and if needed, dovecot -n output.

Also description of what you are trying to do and logs of the error...

Re: That Relay Access Denied Thing

[Charles Marcus]

Hi Robert,

You need to read the responses you are getting...

> PS:  postfix -n gives invalid option.

This is because of this:

>> If I recall correctly the OP reported using Postfix 2.2 and- should
>> see:
>>
>>   http://www.postfix.org/postconf.5.html#smtpd_sasl_type
>>
>> attempts to use Dovecot SASL auth with Postfix 2.2 are unlikely to 
>> get very far.

> Plaintext would be ok for now,  what pop3 should I be using with 2.2?

NONE. What you need to do is UPGRADE POSTFIX to a version that is known
to work with dovecot-sasl. 2.2 is ancient...

-- 

Best regards,

Charles

Re: That Relay Access Denied Thing

[Charles Marcus]

On 3/4/2009, Scent-Sations Support (grkni...@scent-team.com) wrote:
> Charles means 'postconf -n'.
> This gives us a better picture of what Postfix is using and avoids fat
> finger mistakes.

Ooops... lol, sorry, thanks for catching that...

postconf -n suggestion

[Charles Marcus]

Dovecot has added two lines of text to the beginning output of dovecot
-n that could possibly save some time with troubleshooting...

It adds the version on the first line, and OS/platform info on the
second line, like so:

# 1.1.11: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.23-gentoo-r9 x86_64 Gentoo Base System release 1.12.11.1

Maybe postfix could do the same with postconf -n output?

-- 

Best regards,

Charles

Re: postconf -n suggestion

[Charles Marcus]

On 3/4/2009 11:22 AM, Wietse Venema wrote:
>> Dovecot has added two lines of text to the beginning output of dovecot
>> -n that could possibly save some time with troubleshooting...
>>
>> It adds the version on the first line, and OS/platform info on the
>> second line, like so:
>>
>> # 1.1.11: /etc/dovecot/dovecot.conf
>> # OS: Linux 2.6.23-gentoo-r9 x86_64 Gentoo Base System release 1.12.11.1
>>
>> Maybe postfix could do the same with postconf -n output?

> No. The output has a defined "name = value" format. Adding
> cruft would break bazillions of scripts that rely on it.

Understood... so, maybe another flag (postconf -z)?

Anyway, no biggie, just a suggestion...

-- 

Best regards,

Charles

Re: postconf -n suggestion

[Charles Marcus]

On 3/4/2009 12:26 PM, Victor Duchovni wrote:
>> Dovecot has added two lines of text to the beginning output of dovecot
>> -n that could possibly save some time with troubleshooting...
>>
>> It adds the version on the first line, and OS/platform info on the
>> second line, like so:
>>
>> # 1.1.11: /etc/dovecot/dovecot.conf
>> # OS: Linux 2.6.23-gentoo-r9 x86_64 Gentoo Base System release 1.12.11.1

> (
>   echo $(postconf -h mail_name mail_version mail_release_date)
>   uname -a
> ) | sed -e 's/^/# /'
> postconf -n

Thats easy for *you* to say! (ianap)

;)

I was just talking about something that would make it easier when
someone was asking for help on the list... I don't think the above will
quite accomplish that...

-- 

Best regards,

Charles

Re: Spam attacks

[Charles Marcus]

On 3/4/2009, PaweB Le[niak (warl...@lesniakowie.com) wrote:
> Looking at first email in thread carefully you'd see that Dave has 
> (or had) problem with spam sent from j...@foo.com to j...@foo.com. And 
> that's the case where authentication will do the job perfectly - IMHO
> way better then zen.

You do realize that if you did that you wouldn't be able to receive your
own messages from mail lists such as this one, correct?

-- 

Best regards,

Charles

Re: postconf -n suggestion

[Charles Marcus]

On 3/4/2009 2:36 PM, Paweł Leśniak wrote:
>> I was just talking about something that would make it easier when
>> someone was asking for help on the list... I don't think the above will
>> quite accomplish that...

> In many cases (I'm not gonna do statistics) new users do not post their
> questions correctly - often we can see 2nd message in thread asking for
> more information according to MAIL_DEBUG readme.
> So I think that making changes to postconf -n output are useless. If one
> will manage to read MAIL_DEBUG, one will also be able to have a look at
> postfix version and other system-related informations. If not, certainly
> one should not do any changes to mail server. Honestly.

Irrelevant. There is nothing wrong with simplifying things...

By your argument, there is no need for the postconf tool at all...

Wietse has already explained why this will not be done, so further
discussion is useless. Personally, I don't see any reason to not add a
new flag that does this, but again - it doesn't matter what I think...

Besides, Victor did provide a way to do this on an individual basis, and
even though ianap, I may play with it a bit...

Oh, and thanks Victor for that...

Re: Plus addressing not delivering to folder

[Charles Marcus]

>> I'm sure this is something I'm totally missing but I have a system I'm
>> trying to get plus addressing working, and not having any luck. The
>> email is delivered, but just to the Inbox, not to the folder...
>>
>> I've got the recipient delimiter enabled in main.cf (output of postconf
>> -n shows it enabled). I'm using virtual mailbox domains/maps and the
>> postfix virtual delivery agent. The folder 'test' (minus the quotes)
>> does exist... but not as a subdirectory of Inbox (is that the problem?).

> have you defined a "user+t...@example.com" entry in your
> virtual_mailbox_maps?
> http://www.postfix.org/postconf.5.html#virtual_mailbox_maps

OK, so from the responses its obvious I had a flawed expectation... not
the first time, thats for sure.

Hmmm... I'm now wondering if ${extension} can somehow be used with the
virtual_mailbox_maps query to accomplish what I want?

I want to be able to use plussed addresses in such a way that if such a
message comes in and a subfolder matches the extension, the message will
be delivered to that subfolder, and if there is no matching subfolder,
it is just delivered to the Inbox.

Obviously (also judging from the replies so far), the postfix DA's don't
support adding flags to accomplish this, like you can with the dovecot
LDA master.cf entry. So, an obvious follow-up would be, is there a
reason postfix's DAs don't support this? I'm not complaining, just
asking... :)

It would be nice if the postfix local and/or virtual DA master.cf
entries allowed the addition of these flags to be able to do this...

I guess in this situation I'll have to wait until I have converted to
dovecot so I can use its LDA...

Anyway, thanks for the replies...

-- 

Best regards,

Charles

Re: Plus addressing not delivering to folder

[Charles Marcus]

On 3/6/2009 3:43 PM, LuKreme wrote:
> On 6-Mar-2009, at 12:27, Charles Marcus wrote:
>> Hmmm... I'm now wondering if ${extension} can somehow be used with the
>> virtual_mailbox_maps query to accomplish what I want?

> Yes, but you need procmail (or, I assume, Maildrop)

Many thanks for the detail... but with Victor and Wietse's responses, I
think the 2x4 is no longer needed... :)

Procmail is not a beast I want to unleash on my server, so, since the
conversion to dovecot is probably not far away (I'm waiting for 1.2),
I'll just wait for that...

Thanks again for straightening me out...

-- 

Best regards,

Charles

Re: Plus addressing not delivering to folder

[Charles Marcus]

On 3/7/2009, mouss (mo...@ml.netoyen.net) wrote:
> if all extensions are acceptable (not very recommended),

Ok, this caught my attention...

Yes, I was planning on allowing any extension to be used/made up on the
fly... thje purpose for using the extension will be for signing up for
different sites/lists/things, so I can use the same address, but be able
to distinguish mail that comes to me via that service...

I just don't want to have to create the alias before I use it...

So, is there maybe some kind of regex that could be used to make this
safer? Ie, only allow safe characters, or something?

Thanks mouss,

-- 

Best regards,

Charles

Re: Plus addressing not delivering to folder

[Charles Marcus]

On 3/7/2009, Noel Jones (njo...@megan.vbhcs.org) wrote:
> Some third-party IMAP servers may support "deliver to any extension
> subfolder", I haven't looked.

They do... both cyrus and dovecot, and I think courier maildrop does as
well...

Since I'm going to be converting to dovecot soon, I'll be using its LDA...

Thanks again for the responses and leading me to the watering hole... :)

-- 

Best regards,

Charles

Re: Plus addressing not delivering to folder

[Charles Marcus]

On 3/7/2009 1:45 PM, LuKreme wrote:
>> Yes, I was planning on allowing any extension to be used/made up on
>> the fly... thje purpose for using the extension will be for signing
>> up for different sites/lists/things, so I can use the same address,
>> but be able to distinguish mail that comes to me via that
>> service...

> Yep, that's what I do, and I've yet to hear a valid security concern
> other than "user could create a lot of folders in their Maildir.



> It is pretty easy to set up a procmail transport to be used by postfix:
> 
> procmail  unix  -   n   n   -   -   pipe
>   -o flags=uhFORD user=vpopmail argv=/usr/local/bin/procmail -t -m
> USER=${recipient} EXTENSION=${extension} /usr/local/etc/procmailrc.common

Ok, I'm intrigued... if it is this simple, maybe I'll go ahead and do
it, but...

As I said in an earlier mail, I do NOT want the folder auto-created - if
it doesn't exist, I want the message deliver to fall back to the Inbox...

Is there a way to tweak the above to accomplish this?

Thanks!

-- 

Best regards,

Charles

Re: Variables for addresses in master.cf

[Charles Marcus]

On 3/8/2009, Wietse Venema (wie...@porcupine.org) wrote:
> It is not created with Star Trek transporter beams that materialize a
> complete object all at once.

I am very disappointed. I began using postfix based solely on the
assurance of one person that Start Trek transporter beams could most
suredly materialize a complete object all at once.

Oh, well, guess I"m off to find some *legitimate* software that can
provide a reasonable level of Star Trek transporter beam functionality.

-- 

Best regards,

Charles

Re: hold all relayed mail by default

[Charles Marcus]

On 3/9/2009, Costin Gu_ (costi...@gmail.com) wrote:
> yes, it's true that people expect instant delivery; however I was
> thinking at short delays such as 5 minutes, since most regrettable
> errors are discovered within the next few seconds following the event,
> so keeping the mail in queue for extra five minutes wouldn't bother
> the majority.
> 
> note that I didn't mention that I actually _want_ to do this, but this
> has come up as a proposed solution to these kind of people with whom I
> am interacting - I am supporting the IT in a field where being
> computer literate is not a mandatory skill for a manager.

This is actually an interesting idea... but I think it should only be
available on an opt-in basis, where the end user understands that all of
their mail will be subject to this delay...

I wonder how hard some kind of automatic script processing would be,
where the user could just add a 'RECALL' to the subject beginning, and
have postfix delete the message from the queue if it found a match with
the sender and subject and then deliver a confirmation, or simply send a
'Too late' response if there is no match...

-- 

Best regards,

Charles

Re: hold all relayed mail by default

[Charles Marcus]

On 3/9/2009, Jorey Bump (l...@joreybump.com) wrote:
> Isn't this best implemented at the MUA level? At the very least, a user
> can simply save drafts of all composed email, then review & send
> messages periodically. Not only does this address the problem, it is
> more convenient for everyone, including the user, who can edit the
> message in place before finally sending.

It will never fail that the user will decide right after clicking the
send button that they want to recall it, no matter how long they wait
prior to sending...

I can't tell you how many times I've had to explain to one of our users
why we cannot recall their message - whcih usually ends up with me
describing how this exchange capability works, and why it only works
under certain limited circumstances, which does NOT include any
destinations that are NOT exchange servers configured to cooperate with
these requests.

I only said it was an interesting idea, and wondered if it could be
automated... I'm still not sure it *should* be done... :)

-- 

Best regards,

Charles