Transparent mail filter
Hi, I am in the process of setting up a t ransparent mail filter<http://www.linuxquestions.org/questions/linux-server-73/transparent-mail-filter-distribution-714608/#post3488536> . Postfix seems the best I could find for this. I already have the following 'idea' about how it should be NAT router 172.16.0.254 Existing MS Exchange Server 172.16.0.2 In between I intend to place a transparent host (through a bridged interface) that redirects all traffic destined for 172.16.0.2 on port 25 to a local postfix instance. The postfix instance relays the mail to the exchange server after processed by Spamassasin. The source and destination domains are unkown. This seems to mean a couple of things I think (after reading the docs) mynetworks should be 0.0.0.0/0 (which seems really odd to me) I am not sure what I need to set relaydomains to, since these are unkown... relayhost should be 172.16.0.2 Any help is greatly appreciated Thanks a lot. Regards, Serge Fonville
Re: Transparent mail filter
> Please don't post HTML to the list. Sorry about the HTML. > Postfix is not a transparent proxy and can not be made to behave like one. > Postfix can be used as an MX gateway in front of exchange, here's a general > If you want a transparent proxy, you might look at ASSP. Thanks for the answer, I will look into that then Regards, Serge Fonville
Re: Fw: Not able to add disclaimer
>> I have a local mail server installed inside the LAN. From >> the Firewall all port 25 traffic is being delivered to this >> mail server. I am trying to add disclaimer on the local mail >> server for the outgoing emails. There is only one interface >> for outgoing and incoming mail on to mail server. > Some body please help me, its very urgent. What have you already tried? I googled: postfix outgoing disclaimer The first I got was http://www.howtoforge.com/add-disclaimers-to-outgoing-emails-with-altermime-postfix-debian-etch HTH Regards, Serge Fonville
asterisks in smtp banner
Hi, I noticed with a couple of mail servers that the smtp greeting contains 220 followed by a lot of asterisks. When I do a check using mxtoolbox I get "Warning - Reverse DNS does not match SMTP Banner" How do I assure that the normal text is displayed instead of the asterisks? Thanks in advance. Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: asterisks in smtp banner
Thanks for the replies >> How do I assure that the normal text is displayed instead of the asterisks? >> > Well, ask the administrator of network to disable cisco smtp fixup? > Turn off the SMTP protocol fixup in the Pix. I also found that as a solution. Unfortunately there is no pix in between. Only an ASA. I also found it might be related to inspect on ASAs, but again this is not enabled. Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: asterisks in smtp banner
Thanks for the reply >>>> How do I assure that the normal text is displayed instead of the asterisks? >>>> >>> Well, ask the administrator of network to disable cisco smtp fixup? >>> Turn off the SMTP protocol fixup in the Pix. >> >> I also found that as a solution. >> Unfortunately there is no pix in between. >> >> Only an ASA. >> I also found it might be related to inspect on ASAs, but again this is >> not enabled. > > http://www.binarywar.com/2009/11/cisco-pixasa-causes-smtp-banner-corruption/ > > Note that other end might also use cisco asa or pix before mailserver. Yes, I thought of that right after I clicked send. Thanks all Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: lost connection after MAIL
Have you tried sending mail through telnet? That way you can determine if it is in your script or in your postfix config. Could you post your configuration and the perl script? Is there any relevant logging? HTH Regards, Serge Fonville On Thu, Jul 2, 2009 at 10:23 AM, Shane Ardeen wrote: > Hi > I recently installed and configured postfix as my dev mail server. It's been > working well but when I tried to send mail by a perl script I kept getting > "lost connection after MAIL" as a result of "smtp_get: EOF". > The same perl script sends mail to my production server which is hosted by > my ISP and there's no problem at all. > > Here's my mail.log extract: > > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: resolve_clnt: `' -> > `mym...@mydomain.com' -> transp=`maildrop' host=`mydomain.com' > rcpt=`mym...@mydomain.com' flags= class=virtual > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: ctable_locate: install > entry key mym...@mydomain.com > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: extract_addr: in: > , result: mym...@mydomain.com > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: fsspace: .: block size > 4096, blocks free 1953241 > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: smtpd_check_queue: blocks > 4096 avail 1953241 min_free 0 msg_size_limit 0 > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: > > ...xx[xx.xx.xxx.xxx]: 250 2.1.0 Ok > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: watchdog_pat: 0xb8a16808 > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: vstream_fflush_some: fd 14 > flush 14 > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: smtp_get: EOF > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: match_hostname: > ...xx ~? 127.0.0.0/8 > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: match_hostaddr: > xx.xx.xxx.xxx ~? 127.0.0.0/8 > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: match_list_match: > ...xx: no match > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: match_list_match: > xx.xx.xxx.xxx: no match > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: send attr request = > disconnect > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: send attr ident = > smtp:xx.xx.xxx.xxx > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: vstream_fflush_some: fd 15 > flush 45 > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: vstream_buf_get_ready: fd > 15 got 10 > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: private/anvil: wanted > attribute: status > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: input attribute name: > status > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: input attribute value: 0 > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: private/anvil: wanted > attribute: (list terminator) > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: input attribute name: (end) > Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: lost connection after MAIL > from ...xx[xx.xx.xxx.xxx] > > Thanks for any help > Shane >
Re: Need Outbound Only
Hi, > I would like to configure postfix to send whatever is in its queue to > whatever is setup as smarthost, but *NOT* listen for incoming mail; this > particular server is not a mail relay and I do not want to allow it to be an > open relay. Start by looking here: http://groups.google.com/group/mailing.postfix.users/browse_thread/thread/7852b397d05ebb20/011bd8c4cfc7bc1b?lnk=raot HTH Regards, Serge Fonville
Need Outbound Only
> Thanks Serge, my needs are different. What I've done so far was the > following: > > myhostname = nonrelayhost.example.com > mynetworks = 127.0.0.0/8, 192.168.100.10/32 > > # Or, this? > # mynetworks = 127.0.0.0/8, $myhostname If you just want to block incoming mails from outside your network use a block or reject rule with iptables and either specify the wan interface or a subnet exclusion/inclusion HTH
Re: Need Outbound Only
> To turn off incoming mail completely, comment out the > "smtp ... smtpd" service in master.cf. Wouldn't that completely disable smtp then?
Re: Need Outbound Only
> * Serge Fonville : >> > To turn off incoming mail completely, comment out the >> > "smtp ... smtpd" service in master.cf. >> >> Wouldn't that completely disable smtp then? > > Incoming, yes. Perhaps I misunderstood then, but when would a mail be send then if it can't listen to SMTP requests? To me, sending a mail goes like this Client makes connection to smtp server Client talks smtp to server Server determines whom the mail is for Server sends (or stores) the mail to wherever it is supposed to When there is no SMTP server, how would a (local) client send a mail through it? Perhaps the OP can clarify a bit more, because an MTA without SMTP seems kinda useless to me...
Re: Blocking Hotmail
> What would be the appropriate command to simply reject this domain? I'd google for: postfix block domains The first result I would get is: http://www.linuxquestions.org/questions/linux-server-73/how-to-block-domains-postfix-684924/ HTH Regards, Serge Fonville
Re: Blocking Hotmail
You're welcome! Well, "Google is your friend" Probably more than any other non-human resource And very often it is faster as well In my experience, mailing lists, are more of a 'last resort' If you want a postfix forum, I'd say, start one Just my 2ct Regards, Serge Fonville On Thu, Jul 30, 2009 at 4:50 PM, Rodman Frowert wrote: > Thanks! > > I did a search on the Postfix main site for "block" but didn't get any > results. > > I wish there was a message board on the Postfix main site instead of JUST > the mailing list. Would making find things that are asked a lot quite > easier. Some of the mailing list archives don't have search functions... > > Rodman > - Original Message - From: "Serge Fonville" > > To: "postfix" > Sent: Thursday, July 30, 2009 9:37 AM > Subject: Re: Blocking Hotmail > > >>> What would be the appropriate command to simply reject this domain? >> >> I'd google for: postfix block domains >> The first result I would get is: >> >> http://www.linuxquestions.org/questions/linux-server-73/how-to-block-domains-postfix-684924/ >> >> HTH >> >> Regards, >> >> Serge Fonville > >
Re: Exchange --> Postfix
www.postfix.org www.google.com On Tue, Aug 4, 2009 at 11:53 AM, Paweł Ch. wrote: > Hello, > I want to _change_ MsExchange to Postfix in my corporation. I have 150 users > in my network. They work in Outlook 2003. We are using Active Directory to > authentification. Could you tell me what is the consequencies of making that > change. > > Especialy I would like to know: > 1. Is Postfix cooperate with Active Directory or eDirectory? Anybody use > Postfix with AD or eDirectory? > 2. I know that communication between Exchange and Outlook is with MAPI > protocol. Does Postfix use the MAPI protocol? > 3. If 2 is no, Is Postfix POP or IMAP server? I would like to use POP or > IMAP protocol instead MAPI. > 4. Is this possible that Postfix has a "Outlook calendar" feature and other > "Outlook like feature". > 5. Does Postfix support TLS, SSL? > 6. Does Postfix support acces via http to mail box? > > Thanks > pch0317
Re: is my server an open relay?"
Well, To determine you are an opne relay, there are a couple of things you can do Google for open relay check >From a remote site send an email from another domain to another domain through your mail server Check your settings agains the manual HTH Regards, Serge Fonville On Thu, Aug 20, 2009 at 2:54 PM, Israel Garcia wrote: > My scenario: > > I have a lot of postfix servers, each one, use to sent mail directly > to internet, so It's difficult to monitor them. > What I want? > > Put all postfix's of my servers to send all their external mail to an > smarthost server in my network. I mean, the smarthost must receive > ONLY mail from my servers and relay them mail to internet. Remember I > have a lot of different servers and domains so I don't know how to > configure this smarthost becasuse in some way it's becoming an open > relay. > > My question: > How can I setup a secure smarthost to my network that receive mail > ONLY from my servers and relay all mail directly to Internet? Include > some configuration if possible. > > regards, > Israel. >
Re: is my server an open relay?"
My bad, I misunderstood the question, skimmed to the msg to fast ;-) Sorry 'bout that As mentioned read the section on mynetworks Regards, Serge Fonville On Thu, Aug 20, 2009 at 3:23 PM, Israel Garcia wrote: > Serge, I mean I'm an open relay to my servers, becasue any user from > any server can send mail putting any sender..I'm looking a way to > block that... > > regards, > Israel. > > On Thu, Aug 20, 2009 at 8:02 AM, Serge Fonville > wrote: >> Well, >> >> To determine you are an opne relay, there are a couple of things you can do >> Google for open relay check >> From a remote site send an email from another domain to another domain >> through your mail server >> Check your settings agains the manual >> >> HTH >> >> Regards, >> >> Serge Fonville >> >> On Thu, Aug 20, 2009 at 2:54 PM, Israel Garcia wrote: >>> My scenario: >>> >>> I have a lot of postfix servers, each one, use to sent mail directly >>> to internet, so It's difficult to monitor them. >>> What I want? >>> >>> Put all postfix's of my servers to send all their external mail to an >>> smarthost server in my network. I mean, the smarthost must receive >>> ONLY mail from my servers and relay them mail to internet. Remember I >>> have a lot of different servers and domains so I don't know how to >>> configure this smarthost becasuse in some way it's becoming an open >>> relay. >>> >>> My question: >>> How can I setup a secure smarthost to my network that receive mail >>> ONLY from my servers and relay all mail directly to Internet? Include >>> some configuration if possible. >>> >>> regards, >>> Israel. >>> >> > > > > -- > Regards; > Israel Garcia >
Re: Get username of local user from recipient address
Hi, >> Michal Kurka: >> >> > Because I have not got any answer, I tried trace an internal communication >> > between postfix'es processes via UNIX-sockets. I discovered that >> > "trivial-rewrite" only specifies transport or does a canonicalizing. >> > Process "verify" right tell that recipient address is alias to a >> > concrete username. If recipient is aliased to more users, all usernames >> > is announced. >> > Now I'm trying use "verify" for my business. If simply execute >> > "verify", it ends with error message in Log "fatal: service verify >> > requires a process limit of 1". >> >> Sorry, you are playing with Postfix-internal interfaces. Use of >> these by non-Postfix programs is UNSUPPORTED meaning that it can >> break even after minor Postfix release changes. > > I aware of this. But do I have any other option? Unfortunately I haven't > got any suggestion from anybody :-( Can't you just use virtual alias maps based on an external service for this purpose? For example in case of mysql you can create a stored procedure that 'logs' when the resultset is empty HTH Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
How to ensure that either FROM or TO is local
Hi, I'm trying to install a postfix server and everything seemed to work ok. Until I tried to mail from a remote domain to a remote domain, but from 'telnet localhost 25' I understand (suspect) this works because 127.0.0.0/8 is in mynetworks. How do I ensure that my mail server can only send mails either to or from mydomains? postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all mailbox_transport = zarafa mydestination = mydomainformail.org, mailserver.mydomainformail.org mydomain = mydomainformail.org myhostname = mailserver.mydomainformail.org mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = Infracom Mail Server smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf Thanks in advance. Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: How to ensure that either FROM or TO is local
Thx for the reply. >> postconf -n >> >> smtpd_banner = Infracom Mail Server >> > Don't change this unless you have a really good reason. > Some functionality can be lost by those connecting to you and the > current line breaks the SMTP standard. Ok, thx I'll revert this to the default then ;-) > There are "open relay" test websites you can verify this at. The mail server isn't public currently, but thx for the reminder :-) > Postfix, by default, only queues mail that is destined for that system > (mydestination or virtual settings), included in mynetworks, or listed > in relay_domains > This only changes if *you* tell Postfix not to. The config below does > not show any such weakness. Hmmm, so basically there is no way to enforce that mail sent through the mail server will always be either from or to one of my domains :-( Not really what I was hoping for, but thx for clarifying this Brian! Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: How to ensure that either FROM or TO is local
I was wondering... >>> smtpd_banner = Infracom Mail Server >>> >> Don't change this unless you have a really good reason. >> Some functionality can be lost by those connecting to you and the >> current line breaks the SMTP standard. > Ok, thx I'll revert this to the default then ;-) > >> There are "open relay" test websites you can verify this at. > The mail server isn't public currently, but thx for the reminder :-) > >> Postfix, by default, only queues mail that is destined for that system >> (mydestination or virtual settings), included in mynetworks, or listed >> in relay_domains >> This only changes if *you* tell Postfix not to. The config below does >> not show any such weakness. > Hmmm, so basically there is no way to enforce that mail sent through > the mail server will always be either from or to one of my domains :-( Would it be possible to use sender verification to match negatively? That way I could run two instances of postfix and have one check sender and the other recipient If it comes from the internal interface at lease sender should be local if it comes from the external interface at least recipient should be local Not sure if this is possible, but it would definitely solve it, at least I think Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: How to ensure that either FROM or TO is local
>>> Postfix, by default, only queues mail that is destined for that system >>> (mydestination or virtual settings), included in mynetworks, or listed >>> in relay_domains >>> This only changes if *you* tell Postfix not to. The config below does >>> not show any such weakness. >> Hmmm, so basically there is no way to enforce that mail sent through >> the mail server will always be either from or to one of my domains :-( > > Would it be possible to use sender verification to match negatively? > That way I could run two instances of postfix and have one check > sender and the other recipient > If it comes from the internal interface at lease sender should be local > if it comes from the external interface at least recipient should be local > > Not sure if this is possible, but it would definitely solve it, at least I > think I believe I have the solution. Unfortunately no way to implement it :-( When I add the following to main.cf, this should perform the check, so only people I know are allowed to send through postfix and they can send anywhere. This should also prevent anyone to send mail from an address that isn't one of mine. smtpd_reject_unlisted_recipient = no smtpd_reject_unlisted_sender = yes smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination smtpd_sender_restrictions = Unfortunately, it does not work. The output of postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all mailbox_size_limit = 0 mydestination = myhostname = server01.fonville-it.nl mynetworks = 0.0.0.0 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_mailbox_domains = mail.fonville-it.nl, fonville-it.nl virtual_mailbox_maps = ldap:/etc/postfix/ldap-mailbox-maps.cf virtual_transport = zarafa What have I done wrong? Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: How to ensure that either FROM or TO is local
Thx for the reply > Questions similar to yours come up fairly often, I'm not sure why > noone's jumped in yet with a rough solution that will do what you > want. What you've mentioned you want: > >> How do I ensure that my mail server can only send mails either to or >> from mydomains? > > I *think* the short, correct answer is to use a policy server: > http://www.postfix.org/SMTPD_POLICY_README.html I will look into those then >> When I add the following to main.cf, this should perform the check, so >> only people I know are allowed to send through postfix and they can >> send anywhere. This should also prevent anyone to send mail from an >> address that isn't one of mine. >> >> smtpd_reject_unlisted_recipient = no >> smtpd_reject_unlisted_sender = yes >> smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination >> smtpd_sender_restrictions = >> Unfortunately, it does not work. > > When you report that something doesn't work, it's best to provide log > entries that support what you're saying. Basically, it's most helpful > if you: > 1. Describe what you expected to happen > 2. Describe what you saw actually happened. > 3. Show the log entries so we can see what happened. With the current configuration I'd expect some sort of 'denied' message for MAIL FROM: when it is not in mydomains instead I get '250 2.1.0 Ok' when specifying a MAIL FROM that is not in mydomains For example: Config: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all mailbox_size_limit = 0 mydestination = myhostname = server01.fonville-it.nl mynetworks = 0.0.0.0 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination smtpd_reject_unlisted_recipient = no smtpd_reject_unlisted_sender = yes smtpd_sender_restrictions = smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_mailbox_domains = mail.fonville-it.nl, fonville-it.nl virtual_mailbox_maps = ldap:/etc/postfix/ldap-mailbox-maps.cf virtual_transport = zarafa Telnet session; 220 server01.fonville-it.nl ESMTP Postfix (Ubuntu) ehlo fonville-it.nl 250-server01.fonville-it.nl 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: 250 2.1.0 Ok RCPT TO: 250 2.1.5 Ok RSET 250 2.0.0 Ok MAIL FROM: 250 2.1.0 Ok RCPT TO: 554 5.7.1 <: Relay access denied QUIT 221 2.0.0 Bye Log: Jan 3 14:36:10 server01 postfix/smtpd[9110]: connect from localhost[127.0.0.1] Jan 3 14:36:38 server01 postfix/smtpd[9110]: DF06F5302F: client=localhost[127.0.0.1] Jan 3 14:37:08 server01 postfix/smtpd[9110]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo= Jan 3 14:37:13 server01 postfix/smtpd[9110]: disconnect from localhost[127.0.0.1] No particular logging is present, /var/log/mail.log only shows what is also visible in the telnet session >> mydestination = > This is likely to be wrong. I can see you're using virtual mailboxes, > but not having any local domains at all is odd. I removed these in the many attempts >> mynetworks = 0.0.0.0 > This is *definitely* very wrong! smtpd_recipient_restrictions will > allow ANY client in mynetworks to relay mail to any destination. I > don't know if using smtpd_reject_unlisted_sender would prevent > anything going wrong here, but this is likely to make you an open > relay. I am aware of open relay, that's why it is no longer internet accessible Thanks a lot for all the help so far Regards, Serge Fonivlle -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: How to ensure that either FROM or TO is local
>> I *think* the short, correct answer is to use a policy server: >> http://www.postfix.org/SMTPD_POLICY_README.html > I will look into those then I read into http://www.postfix.org/SMTPD_POLICY_README.html, but I do not see how I can use this to solve my problem. Perhaps I am missing something... Any help is greatly appreciated Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: How to ensure that either FROM or TO is local
Wietse, Thx for the reply > The policy server can reject mail from a remote network with a > local sender address. > > Isn't that what you want? > > As an added bonus, it can also reject mail from a local network > with a remote sender address. This can help to stop outbound spam > from zombie-infested PCs. Yes exactly. I read into the page again and it seems to be suitable for my purpose. Unfortunately it also seems to mean I have to write my own policy server.. At least I have a starting point from now on. Thanks a lot for the help! Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: How to ensure that either FROM or TO is local
Thx for the reply. > While it was intended, no doubt, to be very wrong, it failed. Lacking > a valid CIDR expression, that only matches the single IPv4 address of > 0.0.0.0, which, having special meaning in networking, is unroutable. > A setting of equivalent functionality is "mynetworks =". > > The OP would be well advised to review the BASIC_CONFIGURATION_README, > listing in $mynetworks the client networks which should be allowed to > relay. I read all the postfix docs I could find... > If the OP does not wish to allow any to relay on the basis of IP > address unless using a "local sender", as the $SUBJECT suggests, the > solution is pretty simple. > > main.cf : > mynetworks = real.IP.add.ress/CIDR[, ...] > smtpd_recipient_restrictions = reject_unlisted_sender, > permit_mynetworks, permit_sasl_authenticated, > reject_unauth_destination[, ...] This did not seem to work as expected. >> don't know if using smtpd_reject_unlisted_sender would prevent >> anything going wrong here, but this is likely to make you an open >> relay. > > If the wrong thing had been done correctly ;) I think this would have > worked too, that is, if I understood the OP's goal correctly. I'm using a virtual transport for all my mail. With local mail I meant all mail that goes through this transport. To verify the 'local' users I use LDAP. It contains all my users and their email addresses. So basically, what my 'ideal' configuration would offer If someone from a none private IP (or localhost) tries to send a mail it is required to have a recipient that is part of the service that offers the virtual transport (this way internal people can send to each other and to people outside the interna; environment. When someone from a public IP tries to send a mail it is required that the sender is an unkown address and the recipient is known. This (I believe) can be resolved by using either two instances. or some sort of policy daemon. What I currently don't know is how I would go about and resolve this. I hope I have clarified any euhh... unclarities Thanks a lot! Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: virtual_alias_maps mysql
Hi, > I using virtual_alias_maps with mysql for storage. Working fine. > > Does anyone have a suggestion on how to update a timestamp field in the > mysql table when postfix finds a virtual_alias_maps match? > > I'm looking for a way to measure alias usage and cull unused aliases. Have you considered a stored procedure? HTH Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: virtual_alias_maps mysql
>>> I using virtual_alias_maps with mysql for storage. Working fine. >>> >>> Does anyone have a suggestion on how to update a timestamp field in the >>> mysql table when postfix finds a virtual_alias_maps match? >>> >>> I'm looking for a way to measure alias usage and cull unused aliases. >>> >> Have you considered a stored procedure? >> > > Stored procedures do not work in Postfix without code changes because > the |CLIENT_MULTI_RESULTS connect flag, for MySQL API, is not turned on. >From the manual: http://dev.mysql.com/doc/refman/5.0/en/mysql-real-connect.html CLIENT_MULTI_RESULTS Tell the server that the client can handle multiple result sets from multiple-statement executions or stored procedures. This flag is automatically enabled if CLIENT_MULTI_STATEMENTS is enabled. See the note following this table for more information about this flag. If your program uses CALL statements to execute stored procedures, the CLIENT_MULTI_RESULTS flag must be enabled. Not sure if I understand this right then, but to me this reads that if you use SELECT to get results from a stored procedure your fine Correct me if I'm wrong HTH Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: virtual_alias_maps mysql
On Thu, Jan 28, 2010 at 10:40 PM, Brian Evans - Postfix List wrote: > On 1/28/2010 4:12 PM, Serge Fonville wrote: >>>>> I using virtual_alias_maps with mysql for storage. Working fine. >>>>> >>>>> Does anyone have a suggestion on how to update a timestamp field in the >>>>> mysql table when postfix finds a virtual_alias_maps match? >>>>> >>>>> I'm looking for a way to measure alias usage and cull unused aliases. >>>>> >>>>> >>>> Have you considered a stored procedure? >>>> >>>> >>> Stored procedures do not work in Postfix without code changes because >>> the |CLIENT_MULTI_RESULTS connect flag, for MySQL API, is not turned on. >>> >> From the manual: >> http://dev.mysql.com/doc/refman/5.0/en/mysql-real-connect.html >> CLIENT_MULTI_RESULTS >> >> > [...] >> If your program uses CALL statements to execute stored procedures, the >> CLIENT_MULTI_RESULTS flag must be enabled. >> > Reread this ^^^. If you use a SELECT query, does it use CALL? -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: virtual_alias_maps mysql
On Fri, Jan 29, 2010 at 9:19 AM, Bradley Giesbrecht wrote: > > On Jan 28, 2010, at 12:35 PM, Serge Fonville wrote: > >> Hi, >> >>> I using virtual_alias_maps with mysql for storage. Working fine. >>> >>> Does anyone have a suggestion on how to update a timestamp field in the >>> mysql table when postfix finds a virtual_alias_maps match? >>> >>> I'm looking for a way to measure alias usage and cull unused aliases. >> >> Have you considered a stored procedure? > > I have but was hoping for something simpler like I do with dovecot deliver > where you create a script that calls deliver after you do what you want for > logging and then name your script in something like deliver_exec = script. > > Might be wrong with the names but thats more or less what takes place. > > I'd prefer to keep as much of this type of thing in the config files. It > seems to be easier to quickly see what's up when there is a problem. > > I'll try the stored procedure if nothing more attractive turns up. > Well, possibly you could edit your transport to use a script and pass all the relevant variables to it, it can then also do an insert on your database. -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: virtual_alias_maps mysql
On Fri, Jan 29, 2010 at 2:51 PM, Brian Evans - Postfix List wrote: > On 1/29/2010 2:41 AM, Serge Fonville wrote: >> On Thu, Jan 28, 2010 at 10:40 PM, Brian Evans - Postfix List >> wrote: >> >>> On 1/28/2010 4:12 PM, Serge Fonville wrote: >>> >>>>>>> I using virtual_alias_maps with mysql for storage. Working fine. >>>>>>> >>>>>>> Does anyone have a suggestion on how to update a timestamp field in the >>>>>>> mysql table when postfix finds a virtual_alias_maps match? >>>>>>> >>>>>>> I'm looking for a way to measure alias usage and cull unused aliases. >>>>>>> >>>>>>> >>>>>>> >>>>>> Have you considered a stored procedure? >>>>>> >> If you use a SELECT query, does it use CALL? >> >> > > This would be a stored function, not a procedure, to be called from a > SELECT. > A stored function *must* return a single result and cannot output a > result set. > This does not seem it would work for the OP because the query would > always match from the Postfix point of view. > > Stored procedures in MySQL must be invoked by CALL. > Hmmm... Makes sense. A stored function then would solve it? Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: Mail archiving user to store mail on maildir and not at DB
Hi Janantha, > I have configured a mail system on Zarafa (collaboration platform). In that > mails are stored on the mysql db. What i want to do is to use always_bcc > and send all sent/recieved mail on postfix to a particular user but the mail > to be stored on maildir format. Is this possible to do? I tried > virtualmailbox maps but it didnt work. Zarafa has documentation on how to use maildir format instead of MySQL to store mails. Please see the Zarafa wiki and Server manual for the required information. You still need MySQL since Zarafa also supports features not provided through postfix. Since this is a feature more related to Zarafa than to postfix. It is likely better to ask this question on the Zarafa forums. If they refer you to this mailinglist, please add a link to the thread and also add the required information as per the welcome message HTH Kind regards/met vriendelijke groet, Serge Fonville http://www.sergefonville.nl Convince Google!! They need to add GAL support on Android (star to agree) http://code.google.com/p/android/issues/detail?id=4602
Re: Advice Needed / .NET Postfix Control
Hi, >From your mail it seems you desire a backend that can handle all that, you should be able to setup postfix to retrieve its users from AD. HTH Kind regards/met vriendelijke groet, Serge Fonville http://www.sergefonville.nl Convince Microsoft! They need to add TRUNCATE PARTITION in SQL Server https://connect.microsoft.com/SQLServer/feedback/details/417926/truncate-partition-of-partitioned-table 2013/5/21 Greg Deward > NEWBIE WARNING: I have never used Postfix and am not a Linux guru. > Please be gentile. > > Is there an existing .NET library (DLL, etc.) for controlling Postfix? If > not, is there an existing API for applications that are NOT running on the > same server as Postfix? More specifically, I have a need for creating > users, deleting users, changing passwords, and the like. I have been > tasked with implementing an Ubuntu mail server and tying it into our custom > ERP application (written in ASP.NET MVC and running on Windows). The > goal is to be able to dynamically create user accounts, leverage them for a > period of time, and then shut them down when a project is finished. > > Thank you, in advance, for any assistance you may provide. > > - G. Deward
Re: Advice Needed / .NET Postfix Control
Ah, ok. Well you can run OpenLDAP (for example) as a backend in the same way you could use AD. Postfix can use multiple backends depending on your needs. What requirements do you have? Kind regards/met vriendelijke groet, Serge Fonville http://www.sergefonville.nl Convince Microsoft! They need to add TRUNCATE PARTITION in SQL Server https://connect.microsoft.com/SQLServer/feedback/details/417926/truncate-partition-of-partitioned-table 2013/5/21 Greg Deward > Sorry... should have specified... cannot integrate with AD or the > Microsoft environment. This needs to remain entirely stand-alone. This > means our member base will be stored in the application's database and we > will need to call out to Postfix to manually perform account provisioning > and the like. > > - G. Deward > > > > On May 21, 2013, at 2:18 PM, Serge Fonville > wrote: > > Hi, > > From your mail it seems you desire a backend that can handle all that, you > should be able to setup postfix to retrieve its users from AD. > > HTH > > Kind regards/met vriendelijke groet, > > Serge Fonville > > http://www.sergefonville.nl > > Convince Microsoft! > They need to add TRUNCATE PARTITION in SQL Server > > https://connect.microsoft.com/SQLServer/feedback/details/417926/truncate-partition-of-partitioned-table > > > 2013/5/21 Greg Deward > >> NEWBIE WARNING: I have never used Postfix and am not a Linux guru. >> Please be gentile. >> >> Is there an existing .NET library (DLL, etc.) for controlling Postfix? >> If not, is there an existing API for applications that are NOT running on >> the same server as Postfix? More specifically, I have a need for creating >> users, deleting users, changing passwords, and the like. I have been >> tasked with implementing an Ubuntu mail server and tying it into our custom >> ERP application (written in ASP.NET <http://asp.net/> MVC and running on >> Windows). The goal is to be able to dynamically create user accounts, >> leverage them for a period of time, and then shut them down when a project >> is finished. >> >> Thank you, in advance, for any assistance you may provide. >> >> - G. Deward > > > >
Re: Advice Needed / .NET Postfix Control
A few challenges then I suspect. Postfix does SMTP, you need a different service for IMAP It is likely easier (to maintain) a full solution (i.e. zarafa, zimbra) instead of a combination of services (postfix/dovecot) The point you make about low maintenance complicates things especially since there are multiple components that make up a solution. HTH Kind regards/met vriendelijke groet, Serge Fonville http://www.sergefonville.nl Convince Microsoft! They need to add TRUNCATE PARTITION in SQL Server https://connect.microsoft.com/SQLServer/feedback/details/417926/truncate-partition-of-partitioned-table 2013/5/21 Greg Deward > In our conversations, the overall goal was to have a stand-alone mail > server running Ubuntu and whatever mail packages are installed in [as close > to default as possible] configuration. The server should remain isolated > and not be connected to any other box or resource. We would call into it > programmatically for all administrative functions. Since we are a > Microsoft shop, there is an overwhelming concern (read "fear") that we will > be less qualified to maintain the platform as we add other services to the > mix... in essence, we need to keep the overall mail platform as simplistic > as possible to increase the chance that our folks can maintain it with > ease. Unless an LDAP server was an absolute requirement for Postfix we > could not look at it. And, more than likely, if it was a requirement, we > would probably look to a different product. > > Early on in this project we were given a requirement to allow our members > the ability to receive "messages" from our server via IMAP. Someone > assumed writing an IMAP server service would be simple and that we would > have the cycles to do so. Over time we have discouraged this and tried to > find another IMAP service that will be able to marshal and deliver our > messages to the client. This was unsuccessful. Postfix, and a simple > server like Ubuntu, seems like the easiest method for dropping in a box > that can receive messages and allow a standard email client to pull them > down. Ultimately, it would be great to find an IMAP Server Service to > negotiate the client calls act as a proxy to our application. Until then, > Postfix appears to be the path we are on. > > I hope this helps. > > - G. Deward > > > > On May 21, 2013, at 2:32 PM, Serge Fonville > wrote: > > Ah, ok. > > Well you can run OpenLDAP (for example) as a backend in the same way you > could use AD. > > Postfix can use multiple backends depending on your needs. > > What requirements do you have? > > > > Kind regards/met vriendelijke groet, > > Serge Fonville > > http://www.sergefonville.nl > > Convince Microsoft! > They need to add TRUNCATE PARTITION in SQL Server > > https://connect.microsoft.com/SQLServer/feedback/details/417926/truncate-partition-of-partitioned-table > > > 2013/5/21 Greg Deward > >> Sorry... should have specified... cannot integrate with AD or the >> Microsoft environment. This needs to remain entirely stand-alone. This >> means our member base will be stored in the application's database and we >> will need to call out to Postfix to manually perform account provisioning >> and the like. >> >> - G. Deward >> >> >> >> On May 21, 2013, at 2:18 PM, Serge Fonville >> wrote: >> >> Hi, >> >> From your mail it seems you desire a backend that can handle all that, >> you should be able to setup postfix to retrieve its users from AD. >> >> HTH >> >> Kind regards/met vriendelijke groet, >> >> Serge Fonville >> >> http://www.sergefonville.nl >> >> Convince Microsoft! >> They need to add TRUNCATE PARTITION in SQL Server >> >> https://connect.microsoft.com/SQLServer/feedback/details/417926/truncate-partition-of-partitioned-table >> >> >> 2013/5/21 Greg Deward >> >>> NEWBIE WARNING: I have never used Postfix and am not a Linux guru. >>> Please be gentile. >>> >>> Is there an existing .NET library (DLL, etc.) for controlling Postfix? >>> If not, is there an existing API for applications that are NOT running on >>> the same server as Postfix? More specifically, I have a need for creating >>> users, deleting users, changing passwords, and the like. I have been >>> tasked with implementing an Ubuntu mail server and tying it into our custom >>> ERP application (written in ASP.NET <http://asp.net/> MVC and running >>> on Windows). The goal is to be able to dynamically create user accounts, >>> leverage them for a period of time, and then shut them down when a project >>> is finished. >>> >>> Thank you, in advance, for any assistance you may provide. >>> >>> - G. Deward >> >> >> >> > >