Re: [Mailman-Users] Problems with undeliverable mail
On Mon, 31 Dec 2001 12:22:16 -0800 Michelle Brownsworth <[EMAIL PROTECTED]> wrote: > I appreciate Graham's suggestion, but after having a good look-see > at Postfix last night, I'm leaning toward giving it a shot. Its an admirable MTA. > However, it might be wise to investigate Exim as well. Any > thoughts as to relative strengths and weaknesses, features, ease > of configuration, security, etc. between the two? Please see my notes in the Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.002.htp -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] Problems with undeliverable mail
On Mon, 31 Dec 2001 13:40:41 -0500 Graham Dunn <[EMAIL PROTECTED]> wrote: > On Sun, Dec 30, 2001 at 11:48:21PM -0800, Michelle Brownsworth > wrote: > In your .mc file, > define(`confDELIVERY_MODE', `deferred') > This will stop sendmail from doing DNS queries upon accepting the > mail. It's intended for situations where you want to prevent DNS > lookups (dialup, mainly). > I hope that does what you want. It has the side effect of disabling many of Sendmail's anti-spam traps. You may also want to re-examine the Mail-followup-To: header you are inserting: Mail-followup-to: Graham Dunn <[EMAIL PROTECTED]>, Michelle Brownsworth <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Note the first address. <> -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
RE: [Mailman-Users] Problems with undeliverable mail
http://www.bsdtoday.com/2000/September/Features274.html Is a good how-to for installing postfix on BSD. -Richard Idalski -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michelle Brownsworth Sent: Monday, December 31, 2001 3:22 PM To: [EMAIL PROTECTED] Cc: Richard Idalski; Graham Dunn Subject: RE: [Mailman-Users] Problems with undeliverable mail >This works, and works well, but If I'm correct also creates an open-relay, >for security reasons this is usually unacceptable. This was the primary >reason I switched to postfix, same functionality minus the security gap. > > -Richard Idalski I appreciate Graham's suggestion, but after having a good look-see at Postfix last night, I'm leaning toward giving it a shot. It certainly comes well-recommended. However, it might be wise to investigate Exim as well. Any thoughts as to relative strengths and weaknesses, features, ease of configuration, security, etc. between the two? .\\ichelle >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Graham Dunn >Sent: Monday, December 31, 2001 1:41 PM >To: Michelle Brownsworth >Cc: [EMAIL PROTECTED] >Subject: Re: [Mailman-Users] Problems with undeliverable mail > > >On Sun, Dec 30, 2001 at 11:48:21PM -0800, Michelle Brownsworth wrote: >> To: [EMAIL PROTECTED] >> From: Michelle Brownsworth <[EMAIL PROTECTED]> >> Subject: Re: [Mailman-Users] Problems with undeliverable mail >> Cc: J C Lawrence <[EMAIL PROTECTED]> >> Date: Sun, 30 Dec 2001 23:48:21 -0800 >> >[snip] >> >> Okay, okay... I know when to throw in the towel. :^) I'll >> investigate Postfix, with the hope that it's better than Qmail. >> After running it on a server for a couple of years, I don't care for >> Qmail at all. > >In your .mc file, > >define(`confDELIVERY_MODE', `deferred') > >This will stop sendmail from doing DNS queries upon accepting the mail. >It's intended for situations where you want to prevent DNS lookups (dialup, >mainly). > >I hope that does what you want. > >Graham > > >-- >Mailman-Users maillist - [EMAIL PROTECTED] >http://mail.python.org/mailman/listinfo/mailman-users > > >-- >Mailman-Users maillist - [EMAIL PROTECTED] >http://mail.python.org/mailman/listinfo/mailman-users -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
RE: [Mailman-Users] Problems with undeliverable mail
As far as ease of configuration goes, postfix was a snap. It's basically a drop in replacement for sendmail, simpley backup you sendmail binaries, ie; /usr/bin/mailq /usr/bin/newaliases, and /usr/sbin/sendmail. If you have any problems with postfix reverting back to sendmail is as easy as repacing the new binaries with the old. That came in handy as I was working out bugs on a live system. This was on a FreeBSD 4.3 system running mailman 2.08. I've never run Exim so I know not of the ease of it's transition. -Richard Idalski -Original Message- From: Michelle Brownsworth [mailto:[EMAIL PROTECTED]] Sent: Monday, December 31, 2001 3:22 PM To: [EMAIL PROTECTED] Cc: Richard Idalski; Graham Dunn Subject: RE: [Mailman-Users] Problems with undeliverable mail >This works, and works well, but If I'm correct also creates an open-relay, >for security reasons this is usually unacceptable. This was the primary >reason I switched to postfix, same functionality minus the security gap. > > -Richard Idalski I appreciate Graham's suggestion, but after having a good look-see at Postfix last night, I'm leaning toward giving it a shot. It certainly comes well-recommended. However, it might be wise to investigate Exim as well. Any thoughts as to relative strengths and weaknesses, features, ease of configuration, security, etc. between the two? .\\ichelle >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Graham Dunn >Sent: Monday, December 31, 2001 1:41 PM >To: Michelle Brownsworth >Cc: [EMAIL PROTECTED] >Subject: Re: [Mailman-Users] Problems with undeliverable mail > > >On Sun, Dec 30, 2001 at 11:48:21PM -0800, Michelle Brownsworth wrote: >> To: [EMAIL PROTECTED] >> From: Michelle Brownsworth <[EMAIL PROTECTED]> >> Subject: Re: [Mailman-Users] Problems with undeliverable mail >> Cc: J C Lawrence <[EMAIL PROTECTED]> >> Date: Sun, 30 Dec 2001 23:48:21 -0800 >> >[snip] >> >> Okay, okay... I know when to throw in the towel. :^) I'll >> investigate Postfix, with the hope that it's better than Qmail. >> After running it on a server for a couple of years, I don't care for >> Qmail at all. > >In your .mc file, > >define(`confDELIVERY_MODE', `deferred') > >This will stop sendmail from doing DNS queries upon accepting the mail. >It's intended for situations where you want to prevent DNS lookups (dialup, >mainly). > >I hope that does what you want. > >Graham > > >-- >Mailman-Users maillist - [EMAIL PROTECTED] >http://mail.python.org/mailman/listinfo/mailman-users > > >-- >Mailman-Users maillist - [EMAIL PROTECTED] >http://mail.python.org/mailman/listinfo/mailman-users -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
RE: [Mailman-Users] Problems with undeliverable mail
>This works, and works well, but If I'm correct also creates an open-relay, >for security reasons this is usually unacceptable. This was the primary >reason I switched to postfix, same functionality minus the security gap. > > -Richard Idalski I appreciate Graham's suggestion, but after having a good look-see at Postfix last night, I'm leaning toward giving it a shot. It certainly comes well-recommended. However, it might be wise to investigate Exim as well. Any thoughts as to relative strengths and weaknesses, features, ease of configuration, security, etc. between the two? .\\ichelle >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Graham Dunn >Sent: Monday, December 31, 2001 1:41 PM >To: Michelle Brownsworth >Cc: [EMAIL PROTECTED] >Subject: Re: [Mailman-Users] Problems with undeliverable mail > > >On Sun, Dec 30, 2001 at 11:48:21PM -0800, Michelle Brownsworth wrote: >> To: [EMAIL PROTECTED] >> From: Michelle Brownsworth <[EMAIL PROTECTED]> >> Subject: Re: [Mailman-Users] Problems with undeliverable mail >> Cc: J C Lawrence <[EMAIL PROTECTED]> >> Date: Sun, 30 Dec 2001 23:48:21 -0800 >> >[snip] >> >> Okay, okay... I know when to throw in the towel. :^) I'll >> investigate Postfix, with the hope that it's better than Qmail. >> After running it on a server for a couple of years, I don't care for >> Qmail at all. > >In your .mc file, > >define(`confDELIVERY_MODE', `deferred') > >This will stop sendmail from doing DNS queries upon accepting the mail. >It's intended for situations where you want to prevent DNS lookups (dialup, >mainly). > >I hope that does what you want. > >Graham > > >-- >Mailman-Users maillist - [EMAIL PROTECTED] >http://mail.python.org/mailman/listinfo/mailman-users > > >-- >Mailman-Users maillist - [EMAIL PROTECTED] >http://mail.python.org/mailman/listinfo/mailman-users -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
RE: [Mailman-Users] Problems with undeliverable mail
This works, and works well, but If I'm correct also creates an open-relay, for security reasons this is usually unacceptable. This was the primary reason I switched to postfix, same functionality minus the security gap. -Richard Idalski -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Graham Dunn Sent: Monday, December 31, 2001 1:41 PM To: Michelle Brownsworth Cc: [EMAIL PROTECTED] Subject: Re: [Mailman-Users] Problems with undeliverable mail On Sun, Dec 30, 2001 at 11:48:21PM -0800, Michelle Brownsworth wrote: > To: [EMAIL PROTECTED] > From: Michelle Brownsworth <[EMAIL PROTECTED]> > Subject: Re: [Mailman-Users] Problems with undeliverable mail > Cc: J C Lawrence <[EMAIL PROTECTED]> > Date: Sun, 30 Dec 2001 23:48:21 -0800 > [snip] > > Okay, okay... I know when to throw in the towel. :^) I'll > investigate Postfix, with the hope that it's better than Qmail. > After running it on a server for a couple of years, I don't care for > Qmail at all. In your .mc file, define(`confDELIVERY_MODE', `deferred') This will stop sendmail from doing DNS queries upon accepting the mail. It's intended for situations where you want to prevent DNS lookups (dialup, mainly). I hope that does what you want. Graham -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] Problems with undeliverable mail
On Sun, Dec 30, 2001 at 11:48:21PM -0800, Michelle Brownsworth wrote: > To: [EMAIL PROTECTED] > From: Michelle Brownsworth <[EMAIL PROTECTED]> > Subject: Re: [Mailman-Users] Problems with undeliverable mail > Cc: J C Lawrence <[EMAIL PROTECTED]> > Date: Sun, 30 Dec 2001 23:48:21 -0800 > [snip] > > Okay, okay... I know when to throw in the towel. :^) I'll > investigate Postfix, with the hope that it's better than Qmail. > After running it on a server for a couple of years, I don't care for > Qmail at all. In your .mc file, define(`confDELIVERY_MODE', `deferred') This will stop sendmail from doing DNS queries upon accepting the mail. It's intended for situations where you want to prevent DNS lookups (dialup, mainly). I hope that does what you want. Graham -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] Problems with undeliverable mail
On Sun, 30 Dec 2001 23:48:21 -0800 Michelle Brownsworth <[EMAIL PROTECTED]> wrote: > Okay, okay... I know when to throw in the towel. :^) I'll > investigate Postfix, with the hope that it's better than > Qmail. > After running it on a server for a couple of years, I don't care > for Qmail at all. I like, run, and generally recommend both Postfix and Exim. They each have significant advantages depending on your loads. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] Problems with undeliverable mail
>On Sun, 30 Dec 2001 14:37:08 -0800 >Michelle Brownsworth <[EMAIL PROTECTED]> wrote: > >> That makes good sense, Charlie. Only problem is, I don't know how >> to accomplish it in sendmail without enabling >> FEATURE(relay_local_from), something I am loath to do for security >> reasons. According to cf/README in the sendmail source: > >You have just found one of the larger reasons Sendmail is well >thought on these lists. > >> If anyone on the list can tell me how to configure sendmail to >> accept mail from localhost without checking for a valid domain >> either without using FEATURE(relay_local_from) or using it without >> compromising security, I would greatly appreciate it. > >Chuq Von Rospach has posted extensive details on the area to the >-developers list. Search the archives (it may also have been copied >to the FAQ by now). > >Best advice: Install a decent MTA. > >-- >J C Lawrence >-(*)Satan, oscillate my metallic sonatas. >[EMAIL PROTECTED] He lived as a devil, eh? >http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. > >-- >Mailman-Users maillist - [EMAIL PROTECTED] >http://mail.python.org/mailman/listinfo/mailman-users Okay, okay... I know when to throw in the towel. :^) I'll investigate Postfix, with the hope that it's better than Qmail. After running it on a server for a couple of years, I don't care for Qmail at all. .\\ichelle -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] Problems with undeliverable mail
On Sun, 30 Dec 2001 14:37:08 -0800 Michelle Brownsworth <[EMAIL PROTECTED]> wrote: > That makes good sense, Charlie. Only problem is, I don't know how > to accomplish it in sendmail without enabling > FEATURE(relay_local_from), something I am loath to do for security > reasons. According to cf/README in the sendmail source: You have just found one of the larger reasons Sendmail is well thought on these lists. > If anyone on the list can tell me how to configure sendmail to > accept mail from localhost without checking for a valid domain > either without using FEATURE(relay_local_from) or using it without > compromising security, I would greatly appreciate it. Chuq Von Rospach has posted extensive details on the area to the -developers list. Search the archives (it may also have been copied to the FAQ by now). Best advice: Install a decent MTA. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] Problems with undeliverable mail
>On Sat, 29 Dec 2001, Michelle Brownsworth wrote: >> >On Thu, 27 Dec 2001 14:06:53 -0800 >> >Michelle Brownsworth <[EMAIL PROTECTED]> wrote: >> > >> >> My mailhost is chugging away, trying over and over to deliver to a >> >> large batch of addresses with a .gov domain that doesn't resolve; >> >> this particular .gov nameserver is obviously having problems. And >> >> it's not from the sendmail's mail queue; /var/spool/mqueue/ is >> >> completely empty. It's Mailman reattempting to send to the >> >> problem addresses. >> > >> >Configure your MTA to not do DNS verifies on deliveries from >> >localhost. >> >> But since none of the subscribers are local, I don't see how that >> will help in this situation. And as I said, the batch of reattempts >> didn't seem to be coming from sendmail's mail queue. The only >> explanation is that Mailman must have a means of keeping track of >> failed deliveries. > >Perhaps a re-phrasing: configure your MTA to blindly accept mail from >localhost without verifying that the *destination* domain is valid. > >Many MTA configurations won't accept mail that they know they can't >deliver - if the destination domain doesn't resolve, there's no point in >accepting it. So the MTA reports, typically, a temporary SMTP error. > >Sounds like Mailman is trying, over and over, to get these messages into >the MTA. > >If you instead configure your MTA to accept the message, it will accept it >and immediately generate a bounce. Mailman does the right thing with >bounces. > >Here's an example: my list of SMTPD restrictions from postfix. I reject >mail for unknown recipient domains - but I have an exception list for my >list servers. /etc/postfix/class_host_exception includes localhost and a >few other machines that I let dump blindly into the system. > >smtpd_recipient_restrictions = > check_client_access hash:/etc/postfix/class_host_exception, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > reject_unauth_pipelining, > permit_mynetworks, > reject_unauth_destination, > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_invalid_hostname, > permit > >This can also speed up injection into the MTA, if that's important to you. > >-- >Charlie Watts >[EMAIL PROTECTED] >Frontier Internet >http://www.frontier.net/ That makes good sense, Charlie. Only problem is, I don't know how to accomplish it in sendmail without enabling FEATURE(relay_local_from), something I am loath to do for security reasons. According to cf/README in the sendmail source: FEATURE(relay_local_from) Allows relaying if the domain portion of the mail sender is a local host. This should only be used if absolutely necessary as it opens a window for spammers. Specifically, they can send mail to your mail server that claims to be from your domain (either directly or via a routed address), and you will go ahead and relay it out to arbitrary hosts on the Internet. If anyone on the list can tell me how to configure sendmail to accept mail from localhost without checking for a valid domain either without using FEATURE(relay_local_from) or using it without compromising security, I would greatly appreciate it. .\\ichelle - Michelle Brownsworth System Administrator PrimeLogic Corporation http://www.primelogic.com -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] Problems with undeliverable mail
On Sat, 29 Dec 2001, Michelle Brownsworth wrote: > >On Thu, 27 Dec 2001 14:06:53 -0800 > >Michelle Brownsworth <[EMAIL PROTECTED]> wrote: > > > >> My mailhost is chugging away, trying over and over to deliver to a > >> large batch of addresses with a .gov domain that doesn't resolve; > >> this particular .gov nameserver is obviously having problems. And > >> it's not from the sendmail's mail queue; /var/spool/mqueue/ is > >> completely empty. It's Mailman reattempting to send to the > >> problem addresses. > > > >Configure your MTA to not do DNS verifies on deliveries from > >localhost. > > But since none of the subscribers are local, I don't see how that > will help in this situation. And as I said, the batch of reattempts > didn't seem to be coming from sendmail's mail queue. The only > explanation is that Mailman must have a means of keeping track of > failed deliveries. Perhaps a re-phrasing: configure your MTA to blindly accept mail from localhost without verifying that the *destination* domain is valid. Many MTA configurations won't accept mail that they know they can't deliver - if the destination domain doesn't resolve, there's no point in accepting it. So the MTA reports, typically, a temporary SMTP error. Sounds like Mailman is trying, over and over, to get these messages into the MTA. If you instead configure your MTA to accept the message, it will accept it and immediately generate a bounce. Mailman does the right thing with bounces. Here's an example: my list of SMTPD restrictions from postfix. I reject mail for unknown recipient domains - but I have an exception list for my list servers. /etc/postfix/class_host_exception includes localhost and a few other machines that I let dump blindly into the system. smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/class_host_exception, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, permit This can also speed up injection into the MTA, if that's important to you. -- Charlie Watts [EMAIL PROTECTED] Frontier Internet http://www.frontier.net/ -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] Problems with undeliverable mail
>On Thu, 27 Dec 2001 14:06:53 -0800 >Michelle Brownsworth <[EMAIL PROTECTED]> wrote: > >> My mailhost is chugging away, trying over and over to deliver to a >> large batch of addresses with a .gov domain that doesn't resolve; >> this particular .gov nameserver is obviously having problems. And >> it's not from the sendmail's mail queue; /var/spool/mqueue/ is >> completely empty. It's Mailman reattempting to send to the >> problem addresses. > >Configure your MTA to not do DNS verifies on deliveries from >localhost. > >-- >J C Lawrence >-(*)Satan, oscillate my metallic sonatas. >[EMAIL PROTECTED] He lived as a devil, eh? >http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. But since none of the subscribers are local, I don't see how that will help in this situation. And as I said, the batch of reattempts didn't seem to be coming from sendmail's mail queue. The only explanation is that Mailman must have a means of keeping track of failed deliveries. .\\ichelle - Michelle Brownsworth System Administrator PrimeLogic Corporation http://www.primelogic.com -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] Problems with undeliverable mail
On Thu, 27 Dec 2001 14:06:53 -0800 Michelle Brownsworth <[EMAIL PROTECTED]> wrote: > My mailhost is chugging away, trying over and over to deliver to a > large batch of addresses with a .gov domain that doesn't resolve; > this particular .gov nameserver is obviously having problems. And > it's not from the sendmail's mail queue; /var/spool/mqueue/ is > completely empty. It's Mailman reattempting to send to the > problem addresses. Configure your MTA to not do DNS verifies on deliveries from localhost. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users