RE: Postfix Pipe Error

[Tait Grove]

Why would I be getting this error message? I am experiencing message delays
with this too.

 

Aug  4 22:46:56 app1 postfix/pipe[54935]: fatal: watchdog timeout

Aug  4 22:48:21 app1 postfix/pipe[54454]: fatal: watchdog timeout

Aug  4 22:50:22 app1 postfix/pipe[55545]: fatal: watchdog timeout

Aug  4 22:51:35 app1 postfix/pipe[55546]: fatal: watchdog timeout

Aug  4 23:04:22 app1 postfix/pipe[62922]: fatal: watchdog timeout

 

 

-- T

Re: Postfix Pipe Error

[Wietse Venema]

Tait Grove:
 Why would I be getting this error message? I am experiencing message delays
 with this too.
 
  
 
 Aug  4 22:46:56 app1 postfix/pipe[54935]: fatal: watchdog timeout
 
 Aug  4 22:48:21 app1 postfix/pipe[54454]: fatal: watchdog timeout
 
 Aug  4 22:50:22 app1 postfix/pipe[55545]: fatal: watchdog timeout
 
 Aug  4 22:51:35 app1 postfix/pipe[55546]: fatal: watchdog timeout
 
 Aug  4 23:04:22 app1 postfix/pipe[62922]: fatal: watchdog timeout
 

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail

TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Thank you for using Postfix.

spam status with postfix ( thank you )

[Richard Foley]

Hi all,

When I first ran postfix, on my own machine instead of having my mail hosted 
by an ISP, the set up was as it came 'out of the box' - I was absolutely 
swamped by spam, probably one every second or two - and I almost panicked 
when I saw what a horrendous volume of crap I was recieving.  At first I 
tried to handle these using header- and body- checks, looking for 
recognisable spam strings via regexes, and brought the volume down to 
something more managable.  Then I sat down, RTFM'd some more, (read lots of 
posts on this list and Ralf's excellent postfix book), and set up my main- 
and master- .cf files to something more sensible using postfixes reject- this 
and reject- that filters (which reject most of the spam at connection time). 
I ensured I wasn't an open-relay, and incorporated an RBL check as well as 
ensuring amavis-new worked correctly.  Additions to this was a minimum of 
regex checks to suit my particular domain usage and to ensure I'm RFC 
compliant.  This was all a little complex to make sure I wasn't disabling one 
thing while enabling another, but in the end I think I have it reasonably 
under control.  I now recieve approx. five spam messages each day, which 
while in a perfect world this may be five too many, is really quite 
acceptable when you consider from where I started.

This mail is just FYI and by way of saying: 

postfix and friends do a great job - many thanks!

-- 
Richard Foley
Ciao - shorter than aufwiedersehen

http://www.rfi.net/

lmtp port in 2.1.5 vs 2.3.8

[Rudy Gevaert]

Hi,

Previously we were running postfix 2.1.5 (Debian Sarge) and now have 
upgraded to 2.3.8 (Etch).


We have several lmtp transports in master.cf:

mail1 unix  -   -   n   -   -   lmtp
mail2 unix  -   -   n   -   -   lmtp
mail3 unix  -   -   n   -   -   lmtp

We used an ldap directory to route to the correct backend:
umTransport: mail1:mail1.ugent.be

In postfix 2.1.5 the destination port of our lmtp connections was *by 
default* 2003.  Because we had the following entry  in /etc/services:

lmtp  2003/tcp

When I did the upgrade to 2.3.8 I noticed that was not the case anymore. 
 It connected to an other port (I can't remember what anymore).


I tried changing lmtp_tcp_port to 2003 but that didn't help.  In the end 
I changed the result attribute of my ldap lookup to add the port number 
to the transport:

result_format = %s:2003

I was wondering why this was changed, or did I miss something?

Thanks in advance,
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert  [EMAIL PROTECTED]  tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office
Groep SystemenSystems group
Universiteit Gent Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie   www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

Re: Problem sending to email, getting sender verify failed

[Charles Marcus]

On 8/4/2008 9:10 PM, fajar wrote:

Why are you using sender verification? You should NOT use SAV for all
messages, only for messages destined to domains that you control or have
already gotten permission to do SAV for, or you WILL evenutally get
blacklisted.

Please post postconf -n output...



This response wasn't generated by our postfix server, but, by remote
destination mail server, and I believe it is Exim mail server. Our postfix
mail server is working fine. It can send to other mail server without
problem. Thanks.


Sorry... I thought that was from your logs...

Obviously, then, THEY are trying to perform sender verification on you 
AFTER they have already accepted your message for delivery - which means 
they are engaging in backscatter.


Still no postconf -n output - how do you expect anyone to help?

--

Best regards,

Charles

Re: Whitelist a host using check_client_access before the rbl check?

[Nicolas KOWALSKI]

On Mon, Aug 04, 2008 at 02:40:54PM -0400, Brian Evans - Postfix List wrote:
 Nicolas KOWALSKI wrote:
 On Mon, Aug 04, 2008 at 12:29:34PM -0400, Brian Evans - Postfix List wrote:
   
 A *better* way is force them to Authenticate using SASL.
 See http://www.postfix.org/SASL_README.html
 Postfix supports either Cyrus or Dovecot SASL.

 P.S. This is if you fully trust and know this host

 Yes, I fully trust this host. Actually, it is the mx backup for my home 
 server:

 $ host petole.dyndns.org
 petole.dyndns.org has address 87.90.240.206
 petole.dyndns.org mail is handled by 10 demisel.dyndns.org.
 petole.dyndns.org mail is handled by 5 petole.dyndns.org.

 Can I use authentication for MX?

 I would highly recommend setting SASL up on both ends in this case. This  
 is much more secure and reliable than whitelisting a dynamic host.
 See the above link for details.

Just to close this thread, we implemented SMTP AUTH over TLS between my 
server and its secondary MX, and it works perfectly.

Thanks for your suggestions,
-- 
Nicolas

Re: spam status with postfix ( thank you )

[Stan Hoeppner]

Richard Foley wrote:


This mail is just FYI and by way of saying: 


postfix and friends do a great job - many thanks!



Hi Richard,

I second your sentiments and would like to shout out a big thank you to 
Wietse for creating Postfix!


I was at about the same point you are now for more than 2 of the last 3 
years, with about 5 spam a day making it into my inbox.  Over the last 6 
months or so that number has steadily increased, and in the last month 
the curve has become much steeper, averaging 25-40 spam per day until 
just this past week.


Over the weekend I implemented an access table and have started adding 
the class C network of each host successfully getting spam into my 
inbox.  I'm down to less than 5 a day again.  :)


Give it a shot.  It doesn't take much time at all and the results are 
well worth the effort.


Stan

Re: sasl parameters missing

[Daniel Black]

Thanks Wietse,

On Tue, 5 Aug 2008 09:30:44 am Wietse Venema wrote:
 Postfix passes the information in the SMTP client's AUTH command.
 This is how I got the Dovecot extension from Timo. If someone is
 willing to monitor his docs for changes,

it seems fairly stable. Going off the doc/auth-protocol.txt changelog
Nov 12 2006 lport/rport was added.
Aug 07 2005 changed valid-client-cert to ssl-valid-cert
Oct 22 2004 original documentation

Current implementation of the authentication server in dovecot seems to ignore 
parameters it doesn't understand.

 then they are welcome to do so. I won't.

On the basis of this apparent stability and compatibility would you consider 
accepting a patch?

  Is adding these parameters to postfix's sasl authentication a useful
  feature request?
 
  Should I be doing this another way?

 Just whitelist the client with:

good idea. Though by offering smtp services to users I don't think I can get 
away with something so simple.

Strictly speaking don't need the web mail to authenticate though I like the 
added anti-spoofing protection it provides.

I guess a password so long that it isn't realistically brute-forceable will 
do.

-- 

Daniel Black
--
Proudly a Gentoo Linux User.
Gnu-PG/PGP signed and encrypted email preferred
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x76677097
GPG Signature D934 5397 A84A 6366 9687  9EB2 861A 4ABA 7667 7097


signature.asc
Description: This is a digitally signed message part.

Re: postfix 2.5.1: smtp_sasl_tls_verified_security_options non-functional?

[Matthias Andree]

Victor Duchovni [EMAIL PROTECTED] writes:

 On Tue, Jul 29, 2008 at 08:21:09PM +0200, Matthias Andree wrote:

   smtp_sasl_tls_verified_security_options apparently stopped working after
   the upgrade.
  
  There has never been an official release where this feature is fully
  implemented. The code for 2.6 is ready, but it is in the review queue
  behind multi-instance support.
 
 Well - then the smtp(8) manpage and postfix -n could need fixing for
 the next 2.5.X and 2.4.Y releases to remove this confusion, as the
 former (as of 2.5.1, I didn't check 2.4.X) states:

 |  Available in Postfix version 2.4 and later:
 |
 |  smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)
 |
 |  The SASL authentication security options that the Postfix SMTP
 |  client uses for TLS encrypted SMTP sessions with a verified server
 |  certificate.

 The docs I see say:

 The SASL authentication security options that the Postfix SMTP
 client uses for TLS encrypted SMTP sessions with a verified server
 certificate. This feature is under construction as of Postfix
 version 2.3.

 You have left out the crucial final sentence. If the TLS patch-set
 for 2.6 is reviewed in time, this should be fully available in 2.6.

No Victor, I haven't left that out, I simply don't have it in the smtp(8)
manual page:

$ cat /etc/SuSE-release 
openSUSE 11.0 (i586)
VERSION = 11.0
$ rpm -qf $(man -w 8 smtp)
postfix-2.5.1-28.1
$ postconf mail_version
mail_version = 2.5.1
$ postconf mail_release_date
mail_release_date = 20080216

and Novell isn't patching documentation in said RPM - I downloaded the
.src.rpm and checked - the contained 2.5.1 tarball verifies with
Wietse's official .sig GnuPG checksum, and smtp.c, .8 and .8.html also
match what I quoted (left in).

Conclusion: documentation doesn't match implementation. Reason unknown.
I suggest to fix the former in the current situation.

Best regards,

-- 
Matthias Andree

RE: spam status with postfix ( thank you )

[Darin McGee]

I too would like to thank Wietse for Postfix along with the authors of
Maia Mailguard, amavis-new, clamav, spamhaus, et al..

Our Postfix frontend gateway processes almost 500,000 emails a day of
which we only accept less than 3% as being legitimate email for over
4,000 user accounts. Enterprise environment with the majority of users
are minimal Internet mail users.

We do this on one HP DL360G4 dual Xeon, 4GB RAM, (1 GB used as RAM disk
for amavis temporary work space) mirrored 36GB 15K SCSI320 drives
running SUSE Enterprise 10. We have been using this configuration for
almost two years now. 

Considering we have been quoted well over $30,000 per year for a
commercial spam / anti-virus solution that would require a beefier
piece of hardware, Postfix has proved to our management that open source
software is in fact a very viable alternative to commercial software.

Thanks,
Darin



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stan Hoeppner
Sent: Tuesday, August 05, 2008 8:21 AM
To: postfix-users@postfix.org
Subject: Re: spam status with postfix ( thank you )

Richard Foley wrote:
 
 This mail is just FYI and by way of saying: 
 
   postfix and friends do a great job - many thanks!


Hi Richard,

I second your sentiments and would like to shout out a big thank you to 
Wietse for creating Postfix!

I was at about the same point you are now for more than 2 of the last 3 
years, with about 5 spam a day making it into my inbox.  Over the last 6

months or so that number has steadily increased, and in the last month 
the curve has become much steeper, averaging 25-40 spam per day until 
just this past week.

Over the weekend I implemented an access table and have started adding 
the class C network of each host successfully getting spam into my 
inbox.  I'm down to less than 5 a day again.  :)

Give it a shot.  It doesn't take much time at all and the results are 
well worth the effort.

Stan
 

__ Information from ESET Smart Security, version of virus
signature database 3328 (20080805) __

The message was checked by ESET Smart Security.

http://www.eset.com
 
 

__ Information from ESET Smart Security, version of virus
signature database 3328 (20080805) __

The message was checked by ESET Smart Security.

http://www.eset.com
 

log file help

[Ebbe Hjorth]

Hi,

On of my users asked me about, why she got an error sending mail with
attachment in squirrelmail, i dont know - but the thing i want to ask you
about, is that the reciever got 2 emails, one with no attachments and one
with.

cat /var/log/maillog | grep [EMAIL PROTECTED]

Aug  5 14:51:09 yyy01 postfix/pipe[42017]: 49D181CC70:
to=[EMAIL PROTECTED], relay=spamd, delay=1.1, delays=0.32/0.04/0/0.71,
dsn=2.0.0, status=sent (delivered via spamd service)
Aug  5 14:51:11 yyy01 amavis[41452]: (41452-06) ESMTP::10024
/var/amavis/tmp/amavis-20080805T134904-41452: [EMAIL PROTECTED] -
[EMAIL PROTECTED] SIZE=1087360 BODY=8BITMIME Received: from yyy01.apz.dk
([127.0.0.1]) by localhost (yyy01.apz.dk [127.0.0.1]) (amavisd-new, port
10024) with ESMTP for [EMAIL PROTECTED]; Tue,  5 Aug 2008 14:51:11 +0200
(CEST)
Aug  5 14:51:12 yyy01 amavis[41452]: (41452-06) Checking: OHI8Y0pDs4kn
[127.0.0.1] [EMAIL PROTECTED] - [EMAIL PROTECTED]
Aug  5 14:52:28 yyy01 postfix/pipe[42033]: 071071CCDB:
to=[EMAIL PROTECTED], relay=spamd, delay=52, delays=0.19/0.02/0/52,
dsn=2.0.0, status=sent (delivered via spamd service)
Aug  5 14:52:31 yyy01 amavis[41452]: (41452-06) FWD via SMTP:
[EMAIL PROTECTED] - [EMAIL PROTECTED],BODY=8BITMIME 250 2.0.0 Ok,
id=41452-06, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
0B6DA1CD00
Aug  5 14:52:35 yyy01 amavis[41452]: (41452-06) Passed CLEAN, [127.0.0.1]
[83.92.80.128] [EMAIL PROTECTED] - [EMAIL PROTECTED], Message-ID:
[EMAIL PROTECTED], yyy_id:
OHI8Y0pDs4kn, Hits: -, size: 1087360, queued_as: 0B6DA1CD00, 85268 ms
Aug  5 14:52:37 yyy01 postfix/smtp[42024]: 343691CCC6:
to=[EMAIL PROTECTED], relay=127.0.0.1[127.0.0.1]:10024, delay=88,
delays=0.61/0.02/1.8/86, dsn=2.0.0, status=sent (250 2.0.0 Ok,
id=41452-06, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
0B6DA1CD00)
Aug  5 14:52:44 yyy01 amavis[41452]: (41452-07) ESMTP::10024
/var/amavis/tmp/amavis-20080805T134904-41452: [EMAIL PROTECTED] -
[EMAIL PROTECTED] SIZE=1680 BODY=8BITMIME Received: from yyy01.apz.dk
([127.0.0.1]) by localhost (yyy01.apz.dk [127.0.0.1]) (amavisd-new, port
10024) with ESMTP for [EMAIL PROTECTED]; Tue,  5 Aug 2008 14:52:44 +0200
(CEST)
Aug  5 14:52:45 yyy01 amavis[41452]: (41452-07) Checking: px8-36kEpiPY
[127.0.0.1] [EMAIL PROTECTED] - [EMAIL PROTECTED]
Aug  5 14:52:53 yyy01 postfix/smtp[42046]: 0B6DA1CD00:
to=[EMAIL PROTECTED], relay=yyy.6agency.dk[64.106.174.62]:25, delay=23,
delays=1.2/0.37/15/6.5, dsn=2.6.0, status=sent (250 2.6.0 1087776 bytes
received in 00:00:06; Message id LUG13401 accepted for delivery)
Aug  5 14:53:37 yyy01 amavis[41452]: (41452-07) FWD via SMTP:
[EMAIL PROTECTED] - [EMAIL PROTECTED],BODY=8BITMIME 250 2.0.0 Ok,
id=41452-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
EB2CB1CC70
Aug  5 14:53:37 yyy01 amavis[41452]: (41452-07) Passed CLEAN, [127.0.0.1]
[83.92.80.128] [EMAIL PROTECTED] - [EMAIL PROTECTED], Message-ID:
[EMAIL PROTECTED], yyy_id:
px8-36kEpiPY, Hits: -3.83, size: 1680, queued_as: EB2CB1CC70, 53300 ms
Aug  5 14:53:38 yyy01 postfix/smtp[42024]: 70CEE1CCFF:
to=[EMAIL PROTECTED], relay=127.0.0.1[127.0.0.1]:10024, delay=122,
delays=52/9.1/6.9/53, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=41452-07,
from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as EB2CB1CC70)
Aug  5 14:53:53 yyy01 postfix/smtp[42046]: EB2CB1CC70:
to=[EMAIL PROTECTED], relay=yyy.6agency.dk[64.106.174.62]:25, delay=18,
delays=1.9/0.72/15/0.38, dsn=2.6.0, status=sent (250 2.6.0 1907 bytes
received in 00:00:00; Message id LUH58707 accepted for delivery)

Can you help me analyse?

Thank you very much,


Ebbe, Denmark

System: Freebsd, with postfix, amavis-new and spamassassin.

Re: log file help

[Wietse Venema]

Ebbe Hjorth:
 Hi,
 
 On of my users asked me about, why she got an error sending mail with
 attachment in squirrelmail, i dont know - but the thing i want to ask you
 about, is that the reciever got 2 emails, one with no attachments and one
 with.

Postfix cannot remove attachments.

Wietse

Question about Bounces

[Richard Wolterink]

Hello Postfix-users

Sorry for being so rude for being a new member and immediately sending a 
pleed for help.


I have been surfing the internet for serveral days now, searching for 
information on the problem I am having.


I use postfix on several linux servers and I am very pleased with how 
well everything functions.


On one machine however (It is a so called virtual private server with a 
limit to the number of sockets and processes) I have a lot of the 
following logfile entries.


Aug  5 18:37:36 vps683 postfix/bounce[15429]: warning: unexpected 
attribute W from bounce socket (expecting: nrequest)

Aug  5 18:37:36 vps683 postfix/bounce[15429]: warning: malformed request

It looks something goes wrong with bounces wich are generated for mails 
send to users which do not exist on the server. But what do these 
entries exactly mean and what can I do to correct them?


Thanks for any help.

Kind regards
Richard Wolterink

Re: Question about Bounces

[Wietse Venema]

Richard Wolterink:
 Aug  5 18:37:36 vps683 postfix/bounce[15429]: warning: unexpected 
 attribute W from bounce socket (expecting: nrequest)
 Aug  5 18:37:36 vps683 postfix/bounce[15429]: warning: malformed request

In master.cf you have turned on the wakeup timer for the bounce service.

See: man 5 master.

Only these entries have a wakeup timer by default:
pickupfifo  n   -   n   60  1   pickup
qmgr  fifo  n   -   n   300 1   qmgr
#qmgr fifo  n   -   n   300 1   oqmgr
tlsmgrunix  -   -   n   1000?   1   tlsmgr
flush unix  n   -   n   1000?   0   flush

Wietse

Re: Question about Bounces

[Noel Jones]

Wietse Venema wrote:

Richard Wolterink:
Aug  5 18:37:36 vps683 postfix/bounce[15429]: warning: unexpected 
attribute W from bounce socket (expecting: nrequest)

Aug  5 18:37:36 vps683 postfix/bounce[15429]: warning: malformed request


In master.cf you have turned on the wakeup timer for the bounce service.

See: man 5 master.

Only these entries have a wakeup timer by default:
pickupfifo  n   -   n   60  1   pickup
qmgr  fifo  n   -   n   300 1   qmgr
#qmgr fifo  n   -   n   300 1   oqmgr
tlsmgrunix  -   -   n   1000?   1   tlsmgr
flush unix  n   -   n   1000?   0   flush

Wietse



It looks something goes wrong with bounces wich are generated for mails send to 
users which do not exist on the server. But what do these entries exactly mean 
and what can I do to correct them?


You should configure your system so it doesn't accept then 
bounce unknown recipients; they should be rejected during SMTP 
and not generate a bounce.  Accepting and bouncing adds extra 
load to your server, clogs your queue with undeliverable 
bounces, and annoys innocent forged senders with your 
backscatter.  Here's a place to start with fixing the problem:

http://www.postfix.org/LOCAL_RECIPIENT_README.html

--
Noel Jones

poor perfomance for multiple-recipient emails

[Aaron Bennett]

Hello,

I'm experiencing very poor performance on receipt of email with large 
numbers of multiple recipients.  One particular listserv for example 
sends emails to 1600+ users in chunks of 50-60 per message.  Users are 
either local (maildir) or forwarded.  We do have three ldap maps in each 
receipt so that's a possible source of slowness, however, a previous 
setup that used sendmail with the same ldap server didn't experience 
this at all.  By 'very poor' I mean it takes almost two hours for the 
message to be delivered to all 1600 users.  Each message of 50 users 
sits in the incoming queue for quite a while and then in the active 
queue for quite a while as well.


Any tips?   The hardware is sufficient to run almost any number of smtp 
or local processes if that is what's required.


thanks,

Aaron Bennett

# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, proxy:ldap:/etc/postfix/ldap-localonly.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 1
default_destination_concurrency_limit = 50
default_process_limit = 500
home_mailbox =
html_directory = no
in_flow_delay = 0
inet_interfaces = all
local_recipient_maps = $alias_maps $virtual_alias_maps
mail_owner = postfix
mail_spool_directory = /export/maildirs/
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, 
depot.bwh.harvard.edu, maildrop.bwh.harvard.edu, bwh.harvard.edu, 
spl.harvard.edu
mynetworks = 127.0.0.1, 134.174.8.0/24, 134.174.9.0/24, 134.174.54.0/24, 
170.223.221.0/24, 155.52.0.0/16

mynetworks_style = host
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_client_connection_count_limit = 500
smtpd_recipient_restrictions = permit_sasl_authenticated, 
permit_mynetworks, reject

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_tls_CAfile = /etc/pki/smtp.bwh.harvard.edu.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/smtp.bwh.harvard.edu.pem
smtpd_tls_key_file = /etc/pki/smtp.bwh.harvard.edu.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-forwardonly.cf, 
proxy:ldap:/etc/postfix/ldap-forwardkeep.cf

Postfix log warning

[Ken Hathaway]

First off I don't think this is a postfix problem. I'm hoping someone here
has seen something similar and can help me out. Google so far has turned up
nothing for me. :(

I get this same warning from gmail, yahoo  live. The email goes straight
the the junk email folder on all of these systems. :( Makes me very unhappy.


Log snippet: (74.86.26.64 spellwellinc.com is my server)

Aug  4 16:55:03 swi postfix/smtpd[23275]: warning: 74.86.26.64: address not
listed for hostname spellwellinc.com
Aug  4 16:55:03 swi postfix/smtpd[23275]: connect from unknown[74.86.26.64]
Aug  4 16:55:03 swi postfix/smtpd[23275]: 03377BDCC2: client=unknown[
74.86.26.64]
Aug  4 16:55:03 swi postfix/cleanup[23278]: 03377BDCC2: message-id=
[EMAIL PROTECTED] (Spell Well Inc. Password
Reset)
Aug  4 16:55:03 swi postfix/qmgr[66310]: 03377BDCC2: from=
[EMAIL PROTECTED], size=1193, nrcpt=1 (queue active)
Aug  4 16:55:03 swi postfix/smtpd[23275]: disconnect from unknown[
74.86.26.64]
Aug  4 16:55:04 swi postfix/smtp[23279]: 03377BDCC2: to=[EMAIL PROTECTED],
relay=gmail-smtp-in.l.google.com[64.233.185.27]:25, delay=1.4,
delays=0.11/0.01/0.09/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1217868904
l43si10712889wrl.17)
Aug  4 16:55:04 swi postfix/qmgr[66310]: 03377BDCC2: removed

I assume the warning: 27.86.26.64: address not listed message if from the
far end. I check DNS and see PTR is there. Then check dig -x

kenhat: dig -x 74.86.26.64

;  DiG 9.4.1-P1  -x 74.86.26.64
;; global options:  printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 12869
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;64.26.86.74.in-addr.arpa.INPTR

;; ANSWER SECTION:
64.26.86.74.in-addr.arpa. 86400INPTRspellwellinc.com.

;; Query time: 79 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Tue Aug  5 12:36:02 2008
;; MSG SIZE  rcvd: 72

So dig finds the correct lookup. I'm stumped on where to go now.

I must have something screwed up in DNS but can't find it. I can post my
zone file if that helps. Anyone out there that can toss me a bone?

I'm only using postfix for outgoing mail. No incoming.

Just in case someone thinks my postconf might help.

root: postconf -n
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = no
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550

Re: Postfix log warning

[Brian Evans - Postfix List]

Ken Hathaway wrote:


First off I don't think this is a postfix problem. I'm hoping someone 
here has seen something similar and can help me out. Google so far has 
turned up nothing for me. :(


I get this same warning from gmail, yahoo  live. The email goes 
straight the the junk email folder on all of these systems. :( Makes 
me very unhappy.


Log snippet: (74.86.26.64 http://74.86.26.64 spellwellinc.com 
http://spellwellinc.com is my server)


Aug  4 16:55:03 swi postfix/smtpd[23275]: warning: 74.86.26.64 
http://74.86.26.64: address not listed for hostname spellwellinc.com 
http://spellwellinc.com
Aug  4 16:55:03 swi postfix/smtpd[23275]: connect from 
unknown[74.86.26.64 http://74.86.26.64]
Aug  4 16:55:03 swi postfix/smtpd[23275]: 03377BDCC2: 
client=unknown[74.86.26.64 http://74.86.26.64]
Aug  4 16:55:03 swi postfix/cleanup[23278]: 03377BDCC2: 
message-id=[EMAIL PROTECTED] 
mailto:[EMAIL PROTECTED] (Spell Well 
Inc. Password Reset)
Aug  4 16:55:03 swi postfix/qmgr[66310]: 03377BDCC2: 
from=[EMAIL PROTECTED] mailto:[EMAIL PROTECTED], 
size=1193, nrcpt=1 (queue active)
Aug  4 16:55:03 swi postfix/smtpd[23275]: disconnect from 
unknown[74.86.26.64 http://74.86.26.64]
Aug  4 16:55:04 swi postfix/smtp[23279]: 03377BDCC2: 
to=[EMAIL PROTECTED] mailto:[EMAIL PROTECTED], 
relay=gmail-smtp-in.l.google.com 
http://gmail-smtp-in.l.google.com[64.233.185.27 
http://64.233.185.27]:25, delay=1.4, delays=0.11/0.01/0.09/1.2, 
dsn=2.0.0, status=sent (250 2.0.0 OK 1217868904 l43si10712889wrl.17)

Aug  4 16:55:04 swi postfix/qmgr[66310]: 03377BDCC2: removed

I assume the warning: 27.86.26.64 http://27.86.26.64: address not 
listed message if from the far end. I check DNS and see PTR is there. 
Then check dig -x


Postfix smtpd uses gethostbyaddr() and gethostbyname() system libraries.
Here's a great post by Wietse from the archives to see what Postfix 
sees: http://archives.neohapsis.com/archives/postfix/2001-02/1165.html

This should help you debug a bit more.

If that turns up nothing interesting, someone more knowledgeable than me 
can help further.


I must have something screwed up in DNS but can't find it. I can post 
my zone file if that helps. Anyone out there that can toss me a bone?


I'm only using postfix for outgoing mail. No incoming.

Just in case someone thinks my postconf might help.

root: postconf -n

[...]

mydestination = $myhostname, localhost.$mydomain, localhost

myhostname is default.  Hard to tell what it is from this output.
'postconf -d myhostname' may help you know what postfix is using.


smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks


This line is useless as everything permits (implied permit at the end).

Brian

Bounce problem continued

[Richard Wolterink]

Hello postfix-users,

The problem with the bounce warning is fixed due to the alteration 
sugested in the master.cf


Now I have another one. The mailq clogs up with bounces. I have altered 
main.cf and added the line local_recipient_maps = but with no result.


What could be wrong.

I installed and configured postfix by using the following tutorial: 
http://www.howtoforge.com/virtual_users_and_domains_with_postfix_debian_etch


I left out the parts concerning spamfilters



This is my main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate delayed mail warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = vps683.wolvecreations.eu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = vps683.wolvecreations.eu, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a $EXTENSION
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

smtpd_reject_unlisted_recipient = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = vps683.wolvecreations.eu
smtpd_recipient_restrictions = permit_mynetworks, 
permit_sasl_authenticated, reject_unauth_destination


smtpd_sasl_security_options = noanonymous
html_directory = /usr/share/doc/postfix/html
local_recipient_maps =
virtual_alias_domains =
virtual_alias_maps = 
proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, 
mysql:/etc/postfix/mysql-virtual_email2email.cf

virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
broken_sasl_auth_clients = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = 
proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = The user you are trying to reach is 
over quota.

virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination 
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps 
$virtual_mailbox_domains $relay_recipient_maps $relay_domains 
$canonical_maps $sender_canonical_maps $recipient_canonical_maps 
$relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps

default_process_limit = 20

My master.cf looks like this
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: man 5 master).
#
# Do not forget to execute postfix reload after editing this file.
#
# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
smtp  inet  n   -   -   -   -   smtpd
#submission inet n   -   -   -   -   smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps inet  n   -   -   -   -   smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628  inet  n   -   -   -   -   qmqpd
pickupfifo  n   -   -   60  1   pickup
cleanup   unix  n   -   -   -   0   cleanup
qmgr  fifo  n   -   n   300 1   qmgr
#qmgr fifo  n   -   -   300 1   oqmgr
tlsmgrunix  -   -   -   10?   1   tlsmgr
rewrite   unix  -   -   -   -   -   trivial-rewrite
#bounceunix  -   -   -   10   0   bounce
#defer unix  -   -   -   -   0   bounce
#trace unix  -   -   -   -   0   bounce
verifyunix  -   -   -   - 

Re: Bounce problem continued

[Noel Jones]

Richard Wolterink wrote:

Hello postfix-users,

The problem with the bounce warning is fixed due to the alteration 
sugested in the master.cf


Now I have another one. The mailq clogs up with bounces. I have altered 
main.cf and added the line local_recipient_maps = but with no result.


What could be wrong.

I installed and configured postfix by using the following tutorial: 
http://www.howtoforge.com/virtual_users_and_domains_with_postfix_debian_etch 





If you're using virtual users, then the LOCAL_RECIPIENT_README 
doesn't apply.  for why, see:

http://www.postfix.org/ADDRESS_CLASS_README.html

Make sure you don't have any wildcard rewrites in your 
virtual_alias_maps or *canonical_maps, and that your SQL 
lookups don't return succeed for unknown/undeliverable recipients.


If you need more help, please see:
http://www.postfix.org/DEBUG_README.html#mail

--
Noel Jones

Re: Bounce problem continued

[Wietse Venema]

Richard Wolterink:
 tlsmgrunix  -   -   -   10?   1   tlsmgr
 flush unix  n   -   -   10?   0   flush

Undo these changes. They are detrimental to Postfix performance.

Wietse

Re: Bounce problem continued

[Richard Wolterink]

Noel Jones schreef:

Richard Wolterink wrote:

Hello postfix-users,

The problem with the bounce warning is fixed due to the alteration 
sugested in the master.cf


Now I have another one. The mailq clogs up with bounces. I have 
altered main.cf and added the line local_recipient_maps = but with no 
result.


What could be wrong.

I installed and configured postfix by using the following tutorial: 
http://www.howtoforge.com/virtual_users_and_domains_with_postfix_debian_etch 





If you're using virtual users, then the LOCAL_RECIPIENT_README doesn't 
apply.  for why, see:

http://www.postfix.org/ADDRESS_CLASS_README.html

Make sure you don't have any wildcard rewrites in your 
virtual_alias_maps or *canonical_maps, and that your SQL lookups don't 
return succeed for unknown/undeliverable recipients.


If you need more help, please see:
http://www.postfix.org/DEBUG_README.html#mail


Noel,

You are my hero.
Many thanks

The removal of the *canonical_maps did the trick

Kind regards

Richard Wolterink

Re: Bounce problem continued

[Richard Wolterink]

Wietse Venema schreef:

Richard Wolterink:
  

tlsmgrunix  -   -   -   10?   1   tlsmgr
flush unix  n   -   -   10?   0   flush



Undo these changes. They are detrimental to Postfix performance.

Wietse

  

Do I have to comment them out or alter them?

Kind regards

Richard Wolterink

Re: Bounce problem continued

[Brian Evans - Postfix List]

Richard Wolterink wrote:

Wietse Venema schreef:

Richard Wolterink:
 

tlsmgrunix  -   -   -   10?   1   tlsmgr
flush unix  n   -   -   10?   0   flush



Undo these changes. They are detrimental to Postfix performance.

Wietse

  

Do I have to comment them out or alter them?

Kind regards

Richard Wolterink

Their defaults are 1000? not 10?.

Please change them back to this to be more sane.

Brian

Re: Bounce problem continued

[Richard Wolterink]

Brian Evans - Postfix List schreef:

Richard Wolterink wrote:

Wietse Venema schreef:

Richard Wolterink:
 

tlsmgrunix  -   -   -   10?   1   tlsmgr
flush unix  n   -   -   10?   0   flush



Undo these changes. They are detrimental to Postfix performance.

Wietse

  

Do I have to comment them out or alter them?

Kind regards

Richard Wolterink

Their defaults are 1000? not 10?.

Please change them back to this to be more sane.

Brian


Brian,

I have altered them to the defaults.
Thanks for your help.

Kind regards

Richard Wolterink

Re: Bounce problem continued

[Wietse Venema]

Richard Wolterink:
 Wietse Venema schreef:
  Richard Wolterink:

  tlsmgrunix  -   -   -   10?   1   tlsmgr
  flush unix  n   -   -   10?   0   flush
  
 
  Undo these changes. They are detrimental to Postfix performance.
 
  Wietse
 

 Do I have to comment them out or alter them?

It is a good idea to make a backup copy before changing a configuration
file.

It is also a good idea to make notes of configuration changes that
you make.

Wietse

Re: poor perfomance for multiple-recipient emails

[Wietse Venema]

Aaron Bennett:
 Hello,
 
 I'm experiencing very poor performance on receipt of email with large 
 numbers of multiple recipients.  One particular listserv for example 
 sends emails to 1600+ users in chunks of 50-60 per message.  Users are 
 either local (maildir) or forwarded.  We do have three ldap maps in each 
 receipt so that's a possible source of slowness, however, a previous 
 setup that used sendmail with the same ldap server didn't experience 
 this at all.  By 'very poor' I mean it takes almost two hours for the 
 message to be delivered to all 1600 users.  Each message of 50 users 
 sits in the incoming queue for quite a while and then in the active 
 queue for quite a while as well.
 
 Any tips?   The hardware is sufficient to run almost any number of smtp 
 or local processes if that is what's required.

man ldap_table
...
   domain (default: no domain list)
  This is a list of domain names, paths to files, or dictionaries.
  When  specified,  only  fully qualified search keys with a *non-
  empty* localpart and a matching domain are eligible for  lookup:
  'user'  lookups,  bare  domain lookups and @domain lookups are
  not performed. This can significantly reduce the query  load  on
  the LDAP server.

  domain = postfix.org, hash:/etc/postfix/searchdomains

E-mail alias

[Dov Oxenberg]

Hello,
Please forgive the stupid question but I have done my due diligence and was 
unable to locate a definitive answer in the Postfix FAQ, Documentation, or How 
To.
Basically what I want to do seems simple enough I am just not sure how to go 
about it.  Currently I run a Mailman mailing list using Postfix as the MTA and 
all mail is getting sent to the subscribers.  
Outside of the mailing list, I want to create an e-mail alias such as [EMAIL 
PROTECTED] where example.com is my qualified Internet Domain name (same as the 
Domain name used for the Mailman mailing list), and have that forwarded to 
either this Hotmail account or my BellSouth e-mail box.
Where would I create this e-mail address and how do I tell Postfix to send the 
mail to my legitimate mailbox?
Secondly, would it be possible to compose a message from my legitimate e-mail 
account and use my Postfix as a sort of relay, where Postfix would accept my 
message, then make it appear as though it were coming from [EMAIL PROTECTED] 
and send it to its intended recipient?  What I mean is, at the final intended 
destination of the message, I would like the e-mail to appear as though it was 
from [EMAIL PROTECTED] as opposed to my real e-mail address.
Thanks!
Dov

Re: E-mail alias

[Noel Jones]

Dov Oxenberg wrote:

Hello,
Please forgive the stupid question but I have done my due diligence and 
was unable to locate a definitive answer in the Postfix FAQ, 
Documentation, or How To.
Basically what I want to do seems simple enough I am just not sure how 
to go about it.  Currently I run a Mailman mailing list using Postfix as 
the MTA and all mail is getting sent to the subscribers. 
Outside of the mailing list, I want to create an e-mail alias such as 
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] where example.com is my 
qualified Internet Domain name (same as the Domain name used for the 
Mailman mailing list), and have that forwarded to either this Hotmail 
account or my BellSouth e-mail box.
Where would I create this e-mail address and how do I tell Postfix to 
send the mail to my legitimate mailbox?


A virtual_alias_maps entry should do what you want.  Note that 
example.com does *not* need to be defined in 
virtual_alias_domains (but OK if it is for other purposes).


# virtual_alias
[EMAIL PROTECTED]  [EMAIL PROTECTED]


Secondly, would it be possible to compose a message from my legitimate 
e-mail account and use my Postfix as a sort of relay, where Postfix 
would accept my message, then make it appear as though it were coming 
from [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] and send it to its 
intended recipient?  What I mean is, at the final intended destination 
of the message, I would like the e-mail to appear as though it was from 
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] as opposed to my real 
e-mail address.

Thanks!
Dov


It's generally better to configure your mail client to set the 
sender address to what you need.
You can use smtp_generic_maps to rewrite some address to some 
other specific address.

http://www.postfix.org/ADDRESS_REWRITING_README.html#generic

If what you are wanting to do is send mail through your 
hotmail account and have it appear as if it comes from 
example.com, that depends on what hotmail allows.  Gmail, for 
example, allows you to set an alternate sender address once 
you prove you control that alternate address - but this has 
nothing to do with postfix or your local server.


--
Noel Jones

smart hosting issues

[Stan Hoeppner]

Hello fellow smart hosters,

I've been running this way for 3 years now because I could never figure 
out how to wildcard everything else.  Here's the top of my transport 
file (a very small portion of it):


hardwarefreak.com   smtp:[192.168.100.2]
earthlink.net   smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.earthlink.net  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
sbcglobal.net   smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.sbcglobal.net  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
swbell.net  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.swbell.net smtp:[smtp.sbc.mail.yahoo4.akadns.net]
sbc.com smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.sbc.comsmtp:[smtp.sbc.mail.yahoo4.akadns.net]
yahoo.com   smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.yahoo.com  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
aol.com smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.aol.comsmtp:[smtp.sbc.mail.yahoo4.akadns.net]


Is there a way to wildcard everything other than hardwarefreak.com?  I'd 
sure like to have a two line transport file instead of 200.


Any help in getting this fixed would be greatly appreciated.

Thanks.

Stan Hoeppner
TheHardwareFreak

mail queue is filling up with bounce messages

[Tait Grove]

I have a lot of messages that are being delivered to `double-bounce`
accounts. What setting do I have that may cause this buildup?

 

Sample log:

 

-Queue ID- --Size-- Arrival Time -Sender/Recipient---

AE3FD7E833* 288 Tue Aug  5 16:57:20
[EMAIL PROTECTED]

 [EMAIL PROTECTED]

 

 

Postconf -n:

alias_database = hash:/etc/mail/aliases

alias_maps = hash:/etc/mail/aliases

bounce_queue_lifetime = 2d

broken_sasl_auth_clients = yes

command_directory = /usr/local/sbin

config_directory = /usr/local/etc/postfix

daemon_directory = /usr/local/libexec/postfix

data_directory = /var/db/postfix

debug_peer_level = 2

disable_vrfy_command = yes

enable_original_recipient = no

html_directory = no

inet_interfaces = 127.0.0.1, localhost, $myhostname

invalid_hostname_reject_code = 550

mail_owner = postfix

mailq_path = /usr/local/bin/mailq

manpage_directory = /usr/local/man

maps_rbl_reject_code = 554

maximal_backoff_time = 5135s

maximal_queue_lifetime = 2d

message_size_limit = 4096

minimal_backoff_time = 535s

mydestination = localhost.$mydomain, $mydomain, localhost, $myhostname

myhostname = post-app1.tdpserver.net

mynetworks = 127.0.0.0/8, 10.0.0.0/8, 38.119.86.0/25, $myhostname

newaliases_path = /usr/local/bin/newaliases

non_fqdn_reject_code = 504

proxy_interfaces = 10.11.0.29

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
$virtual_mailbox_limit_maps

queue_directory = /var/spool/postfix

queue_run_delay = 535s

readme_directory = no

relay_domains =

sample_directory = /usr/local/etc/postfix

sendmail_path = /usr/local/sbin/sendmail

setgid_group = maildrop

smtp_sasl_password_maps =
proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf

smtp_tls_CAfile = /usr/local/share/certs/ca-root.crt

smtp_tls_cert_file = /usr/local/etc/dovecot/certs/tdpserver.crt

smtp_tls_key_file = /usr/local/etc/dovecot/certs/tdpserver.key

smtp_tls_security_level = may

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_client_connection_rate_limit = 400

smtpd_client_event_limit_exceptions = $mynetworks, 10.0.0.0/8, 127.0.0.1,
38.119.86.0/25, localhost

smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce,permit

smtpd_recipient_limit = 3000

smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,reject_invalid_helo_hostname,
reject_non_fqdn_sender,reject_non_fqdn_recipient,
check_policy_service inet:127.0.0.1:10031,permit_tls_clientcerts,
reject_unauth_destination,warn_if_reject
reject_non_fqdn_helo_hostname,warn_if_reject
reject_unknown_helo_hostname,warn_if_reject reject_unknown_client,
reject_unverified_recipient,reject_unknown_sender_domain,
check_recipient_access  hash:$config_directory/recipient.list,
reject_rbl_client zen.spamhaus.org,permit

smtpd_sasl_auth_enable = yes

smtpd_sasl_exceptions_networks = $mynetworks

smtpd_sasl_local_domain = $myhostname

smtpd_sasl_path = private/auth

smtpd_sasl_security_options = noanonymous

smtpd_sasl_type = dovecot

smtpd_tls_CAfile = /usr/local/share/certs/ca-root.crt

smtpd_tls_ask_ccert = no

smtpd_tls_cert_file = /usr/local/etc/dovecot/certs/tdpserver.crt

smtpd_tls_key_file = /usr/local/etc/dovecot/certs/tdpserver.key

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

smtpd_tls_security_level = may

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

soft_bounce = no

transport_maps = hash:/etc/mail/transport

unknown_local_recipient_reject_code = 550

unverified_sender_reject_code = 550

virtual_alias_maps =
proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf

virtual_mailbox_domains =
proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf

virtual_mailbox_maps =
proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf

virtual_transport = dovecot

 

 

-- Tait

 

 

Re: Postfix log warning

[Ken Hathaway]

Thanks Brian! You got me going in the right direction.

I probably should have mentioned that this running in a FreeBSD jail.

I read the archive reference you gave and pulled and compiled gethostbyaddr
 gethostbyname. I haven't used c in long time so I was pretty impressed
with myself getting these to compile. ;) So here is what I got.

SWI.spellwellinc.com:~
kenhat: ./gethostbyaddr 74.86.26.64
host 74.86.26.64 not found
SWI.spellwellinc.com:~
kenhat: ./gethostbyname swi.spellwellinc.com
Hostname:swi.spellwellinc.com
Aliases:
Addresses:74.86.26.64
SWI.spellwellinc.com:~
kenhat:

I copied these programs to my master server (not a jail) and get the same
results.

While I'm further along with my debugging I'm still not sure how to fix it.
Any help appreciated...

Also would this cause the assorted email ISP out there to classify my email
as junk? Is postfix passing on the warning message to the far end smtp? That
doesn't seem right.

Anyway thanks for the help

ken



So if I'm reading this right the warning message is coming from postfix.

On Tue, Aug 5, 2008 at 1:12 PM, Brian Evans - Postfix List 
[EMAIL PROTECTED] wrote:

 Ken Hathaway wrote:


 First off I don't think this is a postfix problem. I'm hoping someone here
 has seen something similar and can help me out. Google so far has turned up
 nothing for me. :(

 I get this same warning from gmail, yahoo  live. The email goes straight
 the the junk email folder on all of these systems. :( Makes me very unhappy.

 Log snippet: (74.86.26.64 http://74.86.26.64 spellwellinc.com 
 http://spellwellinc.com is my server)

 Aug  4 16:55:03 swi postfix/smtpd[23275]: warning: 74.86.26.64 
 http://74.86.26.64: address not listed for hostname spellwellinc.com 
 http://spellwellinc.com
 Aug  4 16:55:03 swi postfix/smtpd[23275]: connect from unknown[
 74.86.26.64 http://74.86.26.64]
 Aug  4 16:55:03 swi postfix/smtpd[23275]: 03377BDCC2: client=unknown[
 74.86.26.64 http://74.86.26.64]
 Aug  4 16:55:03 swi postfix/cleanup[23278]: 03377BDCC2: message-id=
 [EMAIL PROTECTED] mailto:
 [EMAIL PROTECTED] (Spell Well Inc.
 Password Reset)
 Aug  4 16:55:03 swi postfix/qmgr[66310]: 03377BDCC2: from=
 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED], size=1193,
 nrcpt=1 (queue active)
 Aug  4 16:55:03 swi postfix/smtpd[23275]: disconnect from unknown[
 74.86.26.64 http://74.86.26.64]
 Aug  4 16:55:04 swi postfix/smtp[23279]: 03377BDCC2: to=
 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED], relay=
 gmail-smtp-in.l.google.com http://gmail-smtp-in.l.google.com[
 64.233.185.27 http://64.233.185.27]:25, delay=1.4,
 delays=0.11/0.01/0.09/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1217868904
 l43si10712889wrl.17)
 Aug  4 16:55:04 swi postfix/qmgr[66310]: 03377BDCC2: removed

 I assume the warning: 27.86.26.64 http://27.86.26.64: address not
 listed message if from the far end. I check DNS and see PTR is there. Then
 check dig -x


 Postfix smtpd uses gethostbyaddr() and gethostbyname() system libraries.
 Here's a great post by Wietse from the archives to see what Postfix sees:
 http://archives.neohapsis.com/archives/postfix/2001-02/1165.html
 This should help you debug a bit more.

 If that turns up nothing interesting, someone more knowledgeable than me
 can help further.

  I must have something screwed up in DNS but can't find it. I can post my
 zone file if that helps. Anyone out there that can toss me a bone?

 I'm only using postfix for outgoing mail. No incoming.

 Just in case someone thinks my postconf might help.

 root: postconf -n

 [...]

 mydestination = $myhostname, localhost.$mydomain, localhost

 myhostname is default.  Hard to tell what it is from this output.
 'postconf -d myhostname' may help you know what postfix is using.

  smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks


 This line is useless as everything permits (implied permit at the end).

 Brian

Re: Postfix log warning

[Ken Hathaway]

Doh! forgot to include this

kenhat: postconf -d myhostname
myhostname = swi.spellwellinc.com
SWI.spellwellinc.com:~


On Tue, Aug 5, 2008 at 6:01 PM, Ken Hathaway [EMAIL PROTECTED]
 wrote:

 Thanks Brian! You got me going in the right direction.

 I probably should have mentioned that this running in a FreeBSD jail.

 I read the archive reference you gave and pulled and compiled gethostbyaddr
  gethostbyname. I haven't used c in long time so I was pretty impressed
 with myself getting these to compile. ;) So here is what I got.

 SWI.spellwellinc.com:~
 kenhat: ./gethostbyaddr 74.86.26.64
 host 74.86.26.64 not found
 SWI.spellwellinc.com:~
 kenhat: ./gethostbyname swi.spellwellinc.com
 Hostname:swi.spellwellinc.com
 Aliases:
 Addresses:74.86.26.64
 SWI.spellwellinc.com:~
 kenhat:

 I copied these programs to my master server (not a jail) and get the same
 results.

 While I'm further along with my debugging I'm still not sure how to fix it.
 Any help appreciated...

 Also would this cause the assorted email ISP out there to classify my email
 as junk? Is postfix passing on the warning message to the far end smtp? That
 doesn't seem right.

 Anyway thanks for the help

 ken



 So if I'm reading this right the warning message is coming from postfix.


 On Tue, Aug 5, 2008 at 1:12 PM, Brian Evans - Postfix List 
 [EMAIL PROTECTED] wrote:

 Ken Hathaway wrote:


 First off I don't think this is a postfix problem. I'm hoping someone
 here has seen something similar and can help me out. Google so far has
 turned up nothing for me. :(

 I get this same warning from gmail, yahoo  live. The email goes straight
 the the junk email folder on all of these systems. :( Makes me very unhappy.

 Log snippet: (74.86.26.64 http://74.86.26.64 spellwellinc.com 
 http://spellwellinc.com is my server)

 Aug  4 16:55:03 swi postfix/smtpd[23275]: warning: 74.86.26.64 
 http://74.86.26.64: address not listed for hostname spellwellinc.com 
 http://spellwellinc.com
 Aug  4 16:55:03 swi postfix/smtpd[23275]: connect from unknown[
 74.86.26.64 http://74.86.26.64]
 Aug  4 16:55:03 swi postfix/smtpd[23275]: 03377BDCC2: client=unknown[
 74.86.26.64 http://74.86.26.64]
 Aug  4 16:55:03 swi postfix/cleanup[23278]: 03377BDCC2: message-id=
 [EMAIL PROTECTED] mailto:
 [EMAIL PROTECTED] (Spell Well Inc.
 Password Reset)
 Aug  4 16:55:03 swi postfix/qmgr[66310]: 03377BDCC2: from=
 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED], size=1193,
 nrcpt=1 (queue active)
 Aug  4 16:55:03 swi postfix/smtpd[23275]: disconnect from unknown[
 74.86.26.64 http://74.86.26.64]
 Aug  4 16:55:04 swi postfix/smtp[23279]: 03377BDCC2: to=
 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED], relay=
 gmail-smtp-in.l.google.com http://gmail-smtp-in.l.google.com[
 64.233.185.27 http://64.233.185.27]:25, delay=1.4,
 delays=0.11/0.01/0.09/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1217868904
 l43si10712889wrl.17)
 Aug  4 16:55:04 swi postfix/qmgr[66310]: 03377BDCC2: removed

 I assume the warning: 27.86.26.64 http://27.86.26.64: address not
 listed message if from the far end. I check DNS and see PTR is there. Then
 check dig -x


 Postfix smtpd uses gethostbyaddr() and gethostbyname() system libraries.
 Here's a great post by Wietse from the archives to see what Postfix sees:
 http://archives.neohapsis.com/archives/postfix/2001-02/1165.html
 This should help you debug a bit more.

 If that turns up nothing interesting, someone more knowledgeable than me
 can help further.

  I must have something screwed up in DNS but can't find it. I can post my
 zone file if that helps. Anyone out there that can toss me a bone?

 I'm only using postfix for outgoing mail. No incoming.

 Just in case someone thinks my postconf might help.

 root: postconf -n

 [...]

 mydestination = $myhostname, localhost.$mydomain, localhost

 myhostname is default.  Hard to tell what it is from this output.
 'postconf -d myhostname' may help you know what postfix is using.

  smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks


 This line is useless as everything permits (implied permit at the end).

 Brian

Re: mail queue is filling up with bounce messages

[Sahil Tandon]

Tait Grove [EMAIL PROTECTED] wrote:

 I have a lot of messages that are being delivered to `double-bounce`
 accounts. What setting do I have that may cause this buildup?

Might be related to the existence and placement of your 
reject_unverified_recipient parameter.  See:

http://article.gmane.org/gmane.mail.postfix.user/181317

-- 
Sahil Tandon [EMAIL PROTECTED]

Re: smart hosting issues

[Noel Jones]

Stan Hoeppner wrote:

Hello fellow smart hosters,

I've been running this way for 3 years now because I could never figure 
out how to wildcard everything else.  Here's the top of my transport 
file (a very small portion of it):


hardwarefreak.com   smtp:[192.168.100.2]
earthlink.net   smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.earthlink.net  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
sbcglobal.net   smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.sbcglobal.net  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
swbell.net  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.swbell.net smtp:[smtp.sbc.mail.yahoo4.akadns.net]
sbc.com smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.sbc.comsmtp:[smtp.sbc.mail.yahoo4.akadns.net]
yahoo.com   smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.yahoo.com  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
aol.com smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.aol.comsmtp:[smtp.sbc.mail.yahoo4.akadns.net]


Is there a way to wildcard everything other than hardwarefreak.com?  I'd 
sure like to have a two line transport file instead of 200.


Any help in getting this fixed would be greatly appreciated.

Thanks.

Stan Hoeppner
TheHardwareFreak


# main.cf
relayhost = [smtp.sbc.mail.yahoo4.akadns.net]

# transport
hardwarefreak.com   smtp:[192.168.100.2]

All mail is sent to the relayhost, except for overrides listed 
in the transport map.


--
Noel Jones

Missing Something - header_checks Entry

[Steve Lowe]

I am testing a new entry in my header_checks file:

   /^Return-Path:.*mjhunter=aurora\.edu*/DISCARD From Address Rejected 
018

in an attempt to test this header entry:

Return-Path: [EMAIL PROTECTED]

I have entries for From, Subject, X-Barracuda-Connect and they work.

For some reason, I cannot see the 'Trees for the Forest on this new entry.

Any suggestions?

Steve

==
Steve Lowe
Information Technology Services
Aurora University
(630) 844 4200

RE: E-mail alias

[Dov Oxenberg]

Sorry to be a bother, but another newbie question - in my main.cf, when 
creating the entry for virtual_alias_maps = do I have to prepend the path 
value with hash:? or do I just put the path to the virtual_alias file?
 
Thanks!
Dov



 A virtual_alias_maps entry should do what you want. Note that  example.com 
 does *not* need to be defined in  virtual_alias_domains (but OK if it is for 
 other purposes).  # virtual_alias [EMAIL PROTECTED] [EMAIL PROTECTED]

RE: E-mail alias

[Dov Oxenberg]

In my post below the question mark in the hash:? was a typo

From: [EMAIL PROTECTED]: [EMAIL PROTECTED]: RE: E-mail aliasDate: Tue, 5 Aug 
2008 22:05:23 -0400


Sorry to be a bother, but another newbie question - in my main.cf, when 
creating the entry for virtual_alias_maps = do I have to prepend the path 
value with hash:? or do I just put the path to the virtual_alias file? 
Thanks!Dov

 A virtual_alias_maps entry should do what you want. Note that  example.com 
 does *not* need to be defined in  virtual_alias_domains (but OK if it is for 
 other purposes).  # virtual_alias [EMAIL PROTECTED] [EMAIL PROTECTED]

RE: E-mail alias

[Dov Oxenberg]

Thank you Sahil, and Noel, works beautifully!
 



 Date: Tue, 5 Aug 2008 22:14:24 -0400 From: [EMAIL PROTECTED] To: [EMAIL 
 PROTECTED] CC: postfix-users@postfix.org Subject: Re: E-mail alias  Dov 
 Oxenberg [EMAIL PROTECTED] wrote:   Sorry to be a bother, but another 
 newbie question - in my main.cf, when   creating the entry for 
 virtual_alias_maps = do I have to prepend the   path value with hash:? 
 or do I just put the path to the virtual_alias   file?  It doesn't have 
 to be hash, but it does have to be the database type that  corresponds to 
 that map. For more information and examples, see:  
 http://www.postfix.org/postconf.5.html#virtual_alias_maps 
 http://www.postfix.org/postmap.1.html  --  Sahil Tandon [EMAIL PROTECTED]

Re: Missing Something - header_checks Entry

[Noel Jones]

Sahil Tandon wrote:

Steve Lowe [EMAIL PROTECTED] wrote:


I am testing a new entry in my header_checks file:

   /^Return-Path:.*mjhunter=aurora\.edu*/DISCARD From Address 
 Rejected 018


Sorry for the wrapping above.  PCRE right?  You don't need the second 
*, so the following should work:


/^Return-Path:.*mjhunter=aurora\.edu/

But even with the extraneous *, the PCRE hits here with postmap -q.



The bigger problem is that the Return-Path header isn't 
present in the original mail, so header_checks is the wrong 
tool here.


Steve will need to use a check_sender_access map to reject 
unwanted envelope senders.


--
Noel Jones