Re: postfix alternatives on NetBSD / pkgsrc
On Sat, Jan 19, 2019 at 05:56:31PM +0530, Mayuresh wrote: > In rejectall > /./ REJECT 550 5.1.1 > > Now gmail does not complain. However I still don't know why it still shows > 554 5.7.1 first and then 550 5.1.1 Dropped the word REJECT and now it works fine. Mayuresh
Re: postfix alternatives on NetBSD / pkgsrc
On Fri, Jan 18, 2019 at 08:34:21AM -0600, Edgar Pettijohn wrote: > The only way I know is through an access(5) map. But I'm not sure if it > can be done with this specific use case. I replaced `reject' with a regexp in class definition: insiders_only = check_sender_access hash:/etc/postfix/insiders, check_sender_access regexp:/etc/postfix/rejectall #was just reject here (Well why doesn't posfix let me write the code right after reject instead of having to create another regexp? I think it believes in making itself a black art of sorts.) In rejectall /./ REJECT 550 5.1.1 Now gmail does not complain. However I still don't know why it still shows 554 5.7.1 first and then 550 5.1.1 Jan 19 17:45:24 localhost postfix/smtpd[8783]: NOQUEUE: reject: RCPT from mail-it1-f176.google.com[209.85.166.176]: 554 5.7.1 : Sender address rejected: 550 5.1.1; gmail says: 554 5.7.1 : Sender address rejected: 550 5.1.1 Mayuresh
Re: postfix alternatives on NetBSD / pkgsrc
On Jan 18, 2019 8:16 AM, Mayuresh wrote: > > On Fri, Jan 18, 2019 at 08:03:41AM -0600, Edgar Pettijohn wrote: > > > 554 5.7.1 > > > > Seems like 550 would be a better error code for this situation. > > I was trying to set that (as I noticed gmail didn't complain for a mail > that was bounced "normally" - such as non existent id). > > But struggling to find out an example of how to do it - how do I relate my > reject point with a certain reject code? > > Mayuresh The only way I know is through an access(5) map. But I'm not sure if it can be done with this specific use case. Edgar
Re: postfix alternatives on NetBSD / pkgsrc
On Fri, Jan 18, 2019 at 08:03:41AM -0600, Edgar Pettijohn wrote: > > 554 5.7.1 > > Seems like 550 would be a better error code for this situation. I was trying to set that (as I noticed gmail didn't complain for a mail that was bounced "normally" - such as non existent id). But struggling to find out an example of how to do it - how do I relate my reject point with a certain reject code? Mayuresh
Re: postfix alternatives on NetBSD / pkgsrc
Am 18. Januar 2019 14:49:15 MEZ schrieb Tobias Ulmer : >On Fri, Jan 18, 2019 at 07:50:52AM +0100, Niels Dettenbach (Syndicat IT >& Internet) wrote: >> The security footprint is very good. > >https://www.cvedetails.com/vulnerability-list/vendor_id-10919/product_id-19563/Exim-Exim.html I know the Exim CVEs - we (as many even larger mail service providers worldwide) run EXIM since many years (nearly 20 years now) and had only one real urgent sec flaw to "close" some monthes ago, requiring urgent updates. I remember the "postfix tricks" in the last decade too... The very most of "more dangerous" sounding Exim CVEs describe flaws which require typically special setups and/or all possible features compiled in and/or foreign libraries onto (what a lot of end users with binary distributions typically use, because their distributors compile anything in by default (by docs, this is not the recommened way to install and use Exim) - but no professional mail ISP nor pkgsrc users (as here) does this afaik. So, things are very relative between numbers and the real world...ß) Cheers, niels. -- Niels Dettenbach Syndicat IT & Internet https://www.syndicat.com
Re: postfix alternatives on NetBSD / pkgsrc
On Jan 18, 2019 7:41 AM, Mayuresh wrote: > > On Fri, Jan 18, 2019 at 06:45:06AM -0600, Edgar Pettijohn wrote: > > I think you should post the logs from your postfix test with Gmail > > issue. I bet someone here knows an option to correct it. > > Not much I can see. I think it has more to do with the error code > interpretation by gmail. For other rejects such as mails directed to non > existent users gmail doesn't call the server as misconfigured. > > Jan 18 09:21:15 localhost postfix/smtpd[28050]: connect from > mail-lj1-f177.google.com[209.85.208.177] > Jan 18 09:21:15 localhost postfix/smtpd[28050]: NOQUEUE: reject: RCPT from > mail-lj1-f177.google.com[209.85.208.177]: 554 5.7.1 : > Recipient address rejected: Access denied; from= > to= proto=ESMTP helo= > Jan 18 09:21:16 localhost postfix/smtpd[28050]: disconnect from > mail-lj1-f177.google.com[209.85.208.177] ehlo=1 mail=1 rcpt=0/1 data=0/1 > quit=1 commands=3/5 > > > Gmail bounced to y...@gmail.com says: > > > Message not delivered Your message couldn't be delivered to > x...@myhost.com because the remote server is misconfigured. See technical > details below for more information. > > The response from the remote server was: > > 554 5.7.1 Seems like 550 would be a better error code for this situation. : Recipient address rejected: Access denied > > I have also posted my postfix conf in previous mail. > > Mayuresh
Re: postfix alternatives on NetBSD / pkgsrc
On Fri, Jan 18, 2019 at 02:49:15PM +0100, Tobias Ulmer wrote: > On Fri, Jan 18, 2019 at 07:50:52AM +0100, Niels Dettenbach (Syndicat IT & > Internet) wrote: > > The security footprint is very good. > > https://www.cvedetails.com/vulnerability-list/vendor_id-10919/product_id-19563/Exim-Exim.html I am not an expert in comparing these and I am not taking any side. But let's put both on the table to make a fair comparison: https://www.cvedetails.com/vulnerability-list/vendor_id-8450/product_id-14794/Postfix-Postfix.html Mayuresh
Re: postfix alternatives on NetBSD / pkgsrc
On Fri, Jan 18, 2019 at 07:50:52AM +0100, Niels Dettenbach (Syndicat IT & Internet) wrote: > The security footprint is very good. https://www.cvedetails.com/vulnerability-list/vendor_id-10919/product_id-19563/Exim-Exim.html
Re: postfix alternatives on NetBSD / pkgsrc
On Fri, Jan 18, 2019 at 06:45:06AM -0600, Edgar Pettijohn wrote: > I think you should post the logs from your postfix test with Gmail > issue. I bet someone here knows an option to correct it. Not much I can see. I think it has more to do with the error code interpretation by gmail. For other rejects such as mails directed to non existent users gmail doesn't call the server as misconfigured. Jan 18 09:21:15 localhost postfix/smtpd[28050]: connect from mail-lj1-f177.google.com[209.85.208.177] Jan 18 09:21:15 localhost postfix/smtpd[28050]: NOQUEUE: reject: RCPT from mail-lj1-f177.google.com[209.85.208.177]: 554 5.7.1 : Recipient address rejected: Access denied; from= to= proto=ESMTP helo= Jan 18 09:21:16 localhost postfix/smtpd[28050]: disconnect from mail-lj1-f177.google.com[209.85.208.177] ehlo=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=3/5 Gmail bounced to y...@gmail.com says: Message not delivered Your message couldn't be delivered to x...@myhost.com because the remote server is misconfigured. See technical details below for more information. The response from the remote server was: 554 5.7.1 : Recipient address rejected: Access denied I have also posted my postfix conf in previous mail. Mayuresh
Re: postfix alternatives on NetBSD / pkgsrc
On Jan 18, 2019 2:08 AM, Mayuresh wrote: > > On Fri, Jan 18, 2019 at 07:50:52AM +0100, Niels Dettenbach (Syndicat IT & > Internet) wrote: > > We use EXIM since decades now from small satellite mailer setups to very > > large ISP setups after migrated from sendmail and postfix as they brought > > our hardware down in performance with heavy mail loads. > > > > EXIM is very (!) efficient - especially when build from sources the > > "official" way (what is provided by pkgsrc by build options). This means > > you just compile fucntionality / code into the binary what you really need. > > > Thanks a lot - a first hand account really helps. > > In general searches on comparison between the two, most often claim > postfix to have better performance than exim (some qualify the statement > saying "for large queues" - which does not bother me for my use case, but > in your case you have seen it scaling well as well). > > > The security footprint is very good. > > > > The config is very flexible but of consistent syntax (developed my a > > mathematican - Phillip Hazel) - for me much more transparent then on > > postfix. There are many of good examples and howtos out there which provide > > single config files you could easily adapt and use. But you can split > > config files too if you prefer that. > > By profession I am a in programming languages researchers and have created > many DSLs in my career. I can say in light of whatever little experience > of inventing notations I have, postfix notation does not really sound > intuitive, particularly when the problem domain does not require it to be > that complex. I'll definitely give exim a try on this aspect. > > Mayuresh I prefer opensmtpd. Unfortunately the pkgsrc version is quite old. I like the config it's quite simple. I also like postfix. The only problem with postfix is the overwhelming number of options to research. I think you should post the logs from your postfix test with Gmail issue. I bet someone here knows an option to correct it. Edgar
Re: postfix alternatives on NetBSD / pkgsrc
On Fri, Jan 18, 2019 at 07:50:52AM +0100, Niels Dettenbach (Syndicat IT & Internet) wrote: > We use EXIM since decades now from small satellite mailer setups to very > large ISP setups after migrated from sendmail and postfix as they brought our > hardware down in performance with heavy mail loads. > > EXIM is very (!) efficient - especially when build from sources the > "official" way (what is provided by pkgsrc by build options). This means you > just compile fucntionality / code into the binary what you really need. Thanks a lot - a first hand account really helps. In general searches on comparison between the two, most often claim postfix to have better performance than exim (some qualify the statement saying "for large queues" - which does not bother me for my use case, but in your case you have seen it scaling well as well). > The security footprint is very good. > > The config is very flexible but of consistent syntax (developed my a > mathematican - Phillip Hazel) - for me much more transparent then on postfix. > There are many of good examples and howtos out there which provide single > config files you could easily adapt and use. But you can split config files > too if you prefer that. By profession I am a in programming languages researchers and have created many DSLs in my career. I can say in light of whatever little experience of inventing notations I have, postfix notation does not really sound intuitive, particularly when the problem domain does not require it to be that complex. I'll definitely give exim a try on this aspect. Mayuresh
Re: postfix alternatives on NetBSD / pkgsrc
>A quick search shows exim as the main alternative. I am looking for >efficiency and if possible clearer semantics (than postfix!) of the >configuration files. We use EXIM since decades now from small satellite mailer setups to very large ISP setups after migrated from sendmail and postfix as they brought our hardware down in performance with heavy mail loads. EXIM is very (!) efficient - especially when build from sources the "official" way (what is provided by pkgsrc by build options). This means you just compile fucntionality / code into the binary what you really need. The security footprint is very good. The config is very flexible but of consistent syntax (developed my a mathematican - Phillip Hazel) - for me much more transparent then on postfix. There are many of good examples and howtos out there which provide single config files you could easily adapt and use. But you can split config files too if you prefer that. i can hardly recommend it. just my .02$ good luck, niels. -- Niels Dettenbach Syndicat IT & Internet https://www.syndicat.com
postfix alternatives on NetBSD / pkgsrc
Short story: A quick search shows exim as the main alternative. I am looking for efficiency and if possible clearer semantics (than postfix!) of the configuration files. Please do suggest alternatives. Long story: There is a separate mail thread in which I am sharing my experience of setting up a mailing list (on an experimental basis right now). I'd prefer using an MTA first for this, the list being mostly static. Would go to MLM software only if I fail to get it right with MTA. I think I have got nearly everything right with postfix (my current and default MTA), except that when I `reject' an email sent by a non member to the list, the sending servers (such as gmail) report that my mail server is not configured properly. The status code returned is (554 5.7.1) actually fine, but I am not sure whether there is indeed any issue with my configuration that draw this remark. Bouncing of an email for protecting senders to an id should not be such an unusual scenario for the sending server. Further I am not sure whether to just ignore the error that senders would get. This is because there is some probability of sending server blacklisting the domain on recurrence of such bounce. So thought of giving an alternative server a try to see if for a similar situation sending servers complain or not. Mayuresh
