Re: New Postfix install
On Wed, 1 Oct 2008, Ujjval K wrote: Date: Wed, 1 Oct 2008 14:51:49 -0700 (PDT) From: Ujjval K [EMAIL PROTECTED] To: Wietse Venema [EMAIL PROTECTED] Cc: postfix users list postfix-users@postfix.org Subject: Re: New Postfix install Thx I was able to change MTAs to point to postfix... However , here is teh next error when trying to send email to myself.. Again I am using smtp.comcast.net:587 as my relayhost Oct 1 15:48:38 fedoracore2uk postfix/pickup[8658]: D34AF170AF0: uid=0 from=root Oct 1 15:48:38 fedoracore2uk postfix/cleanup[8701]: D34AF170AF0: message-id=[EMAIL PROTECTED],net Oct 1 15:48:38 fedoracore2uk postfix/nqmgr[8659]: D34AF170AF0: from=[EMAIL PROTECTED], size=314, nrcpt=1 (queue active) Oct 1 15:48:38 fedoracore2uk postfix/nqmgr[8659]: warning: connect to transport smtp: Connection refused Oct 1 15:48:39 fedoracore2uk postfix/error[8703]: D34AF170AF0: to=[EMAIL PROTECTED], relay=none, delay=0.3, delays=0.11/0.05/0/0.14, dsn=4.3.0, status=deferred (mail transport unavailable) Show your main.conf, maybe you did some configuration errors. --- On Thu, 10/2/08, Wietse Venema [EMAIL PROTECTED] wrote: From: Wietse Venema [EMAIL PROTECTED] Subject: Re: New Postfix install To: [EMAIL PROTECTED] Cc: postfix users list postfix-users@postfix.org Date: Thursday, October 2, 2008, 3:14 AM Ujjval K: Hi, Thx for the reply..I have the mail Program, but it tries to use/usr/sbin/sendmail to send the email... That is the correct pathname Can that be configured to use postfix? No, you should instead configure the system MTA type so that everything will use Postfix. See: $ alternatives --config mta Wietse -- -- Grüße Alex
Re[2]: receiving smtpd[25253] error from sender
-Original Message- From: Sahil Tandon [EMAIL PROTECTED] To: postfix-users@postfix.org Date: Wed, 1 Oct 2008 23:03:45 -0400 Subject: Re: receiving smtpd[25253] error from sender Wray, Oran [EMAIL PROTECTED] wrote: smtpd[25253]: NOQUEUE: reject: RCPT from mailgw1.per-se.com[199.190.235.46]: 450 4.1.8 [EMAIL PROTECTED]: Sender address rejected: Domain not found; from=[EMAIL PROTECTED] to=[EMAIL PROTECTED] proto=ESMTP helo=mailgw1.per-se.com Please post the output of 'postconf -n' and follow the instructions in the DEBUG_README (a document to which you were referred upon subscribing to this mailing list) when asking for help. The rejecting server has probably specified reject_unknown_sender_domain: http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain % host css2.ndcorp.com Host css2.ndcorp.com not found: 3(NXDOMAIN) ?! For domain lookup You should use whois instead of host # whois css2.ndcorp.com [Querying whois.verisign-grs.com] [whois.verisign-grs.com] Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. No match for domain CSS2.NDCORP.COM. Last update of whois database: Thu, 02 Oct 2008 03:40:28 EDT
Re[4]: receiving smtpd[25253] error from sender
For domain lookup You should use whois instead of host Nonsense. $ host css2.ndcorp.com Host css2.ndcorp.com not found: 3(NXDOMAIN) $ host -t mx css2.ndcorp.com Host css2.ndcorp.com not found: 3(NXDOMAIN) WHOIS is use to look up the REGISTRATION details od a delegated domain. If domain does not exist there are no REGISTRATION detail. Are you agree? css2.ndcorp.com is not delegated, but ndcorp.com is: I think css2.ndcorp.com it's a host, not subdomain
Re: receiving smtpd[25253] error from sender
Hi, On Thu, Oct 02, 2008 at 12:15:43PM +0400, Алексей Доморадов wrote: css2.ndcorp.com is not delegated, but ndcorp.com is: I think css2.ndcorp.com it's a host, not subdomain And? It does not matter. Postfix like any other MTA does A and MX record lookup from DNS, it does not care about whois, etc. Also you can put even xxx.yyy.zzz.www.domain.tld into your domain, of course there will be no whois information for that. It's even possible that you have a domain but no A nor MX records for a given name, also you can have some private DNS zones, split-DNS config etc etc. Since MTAs using DNS to look up things you should do that as well to debug mail problems. It's also possible that there are registration details but the domain does not work (none of the authoritative DNS servers responds, other problem etc). I really don't understand why you'd like to force this whois thing here ... It won't help you to solve this problem ... -- - Gábor
Re: receiving smtpd[25253] error from sender
Wray, Oran: smtpd[25253]: NOQUEUE: reject: RCPT from mailgw1.per-se.com[199.190.235.46]: 450 4.1.8 [EMAIL PROTECTED]: Sender address rejected: Domain not found; from=[EMAIL PROTECTED] to=[EMAIL PROTECTED] proto=ESMTP helo=mailgw1.per-se.com css2.ndcorp.com is not valid. The SMTP protocol requires that email addresses can be resolved with an MX and/or A lookup in the DNS. To fix, change the sender address, or change the DNS. To kludge around, change Postfix not to reject unknown sender domains. Wietse
Re: How to send 7bit mail to certain users when mime headers are missing (are missing headers the problem?)
Wietse Venema: rc: #transport [EMAIL PROTECTED] sevenbit:[my.relayhost] [EMAIL PROTECTED] sevenbit:[my.relayhost] [EMAIL PROTECTED] sevenbit:[my.relayhost] [EMAIL PROTECTED] sevenbit:[my.relayhost] I recommend that you run ALL mail FROM this application through the filter so that it is always MIME compliant. Yes, that is exactly what I am doing on the first pass with formail. This transport is only used on the second pass to convert to 7 bit only email to certain destinations (the infamous Exchange 5 bug) There is no way then to remove :[my.relayhost] from these entries and let it use the one configured in main.cf? Yes. If sevenbit: ignores 8BITMIME announcements in EHLO replies, then you don't need to override the recipient domain with [my.relayhost]. Moreover, you can safely omit the user@ portions in your transport map entries, because the infamous Exchange 5 bug (*) will happen with all recipients that have the same domain. Wietse (*) Actually the behavior to bounce-instead-of-convert is legitimized by the MIME RFCs, but we all know how politics tend to take precedence over correctness.
Re: New Postfix install
On 10/1/2008, Ujjval K ([EMAIL PROTECTED]) wrote: The geniuses at Comcast (my ISP; no, I don't have any choice) have suddenly decided that I am a source of spam and hence require me to send e-mail to port 587 instead of port 25. Or maybe you should consider whether you ARE a source of spam. Are you an open relay? Since you have so far refused to follow the instructions provided in the welcome message you received when joining this list, it is impossible to say. Please at least provide output of postconf -n -- Best regards, Charles
Re: Adding SASL to existing Postfix installation on FreeBSD
Wietse Venema wrote: Mark Goodge: [FreeBSD ports stuff] However, when I start Postfix, I get these errors in maillog: warning: smtpd_sasl_auth_enable is true, but SASL support is not compiled in Then the FreeBSD ports stuff is broken. That's what I suspected. If you look in the Postfix conf/makedefs.out file, you will probably find that they failed to include a line that says -DUSE_SASL_AUTH. Spot on. To work around this, build with Cyrus SASL support even though you will never use it, and configure Dovecot in main.cf. Actually, I solved the problem by updating to the current version in ports, so the bug has obviously been fixed since the original install on this machine. But thanks for the pointer, that was exactly what I needed. Mark -- http://mark.goodge.co.uk - my pointless blog http://www.good-stuff.co.uk - my less pointless stuff
Re: Adding SASL to existing Postfix installation on FreeBSD
Mark Goodge: [FreeBSD ports stuff] However, when I start Postfix, I get these errors in maillog: warning: smtpd_sasl_auth_enable is true, but SASL support is not compiled in Then the FreeBSD ports stuff is broken. If you look in the Postfix conf/makedefs.out file, you will probably find that they failed to include a line that says -DUSE_SASL_AUTH. To work around this, build with Cyrus SASL support even though you will never use it, and configure Dovecot in main.cf. Wietse
Re: How to send 7bit mail to certain users when mime headers are missing (are missing headers the problem?)
On Thu, Oct 02, 2008 at 03:36:58PM +0200, rc wrote: # header_checks /^Date/ PREPEND MIME-Version: 1.0^MContent-Type: text/plain^MContent-Transfer-Encoding: 8bit I've seen no documentation of support for PREPENDING multiple headers in this fashion. It should not work, unless something downstream treats CR as a line terminator for RFC 822/2822/5322 content. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:[EMAIL PROTECTED] If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: RFCs 5321 and 5322 published
Andrzej Kukula wrote: On Wed, Oct 1, 2008 at 18:29, mouss [EMAIL PROTECTED] wrote: FYI, RFCs 5321 and 5322 obsolete 2821 and 2822 (respectively). Again there's no mention of Delivered-To header for loop detection. loop detection is not part of smtp. Did you spot anything useful there? This is not the place to discuss the standards.
Re: receiving smtpd[25253] error from sender
Алексей Доморадов wrote: -Original Message- From: Sahil Tandon [EMAIL PROTECTED] To: postfix-users@postfix.org Date: Wed, 1 Oct 2008 23:03:45 -0400 Subject: Re: receiving smtpd[25253] error from sender Wray, Oran [EMAIL PROTECTED] wrote: smtpd[25253]: NOQUEUE: reject: RCPT from mailgw1.per-se.com[199.190.235.46]: 450 4.1.8 [EMAIL PROTECTED]: Sender address rejected: Domain not found; from=[EMAIL PROTECTED] to=[EMAIL PROTECTED] proto=ESMTP helo=mailgw1.per-se.com Please post the output of 'postconf -n' and follow the instructions in the DEBUG_README (a document to which you were referred upon subscribing to this mailing list) when asking for help. The rejecting server has probably specified reject_unknown_sender_domain: http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain % host css2.ndcorp.com Host css2.ndcorp.com not found: 3(NXDOMAIN) ?! For domain lookup You should use whois instead of host are you kidding or do you live in a parallel internet? Domain lookup uses the Domain Name System, or DNS for short.
Re: New Postfix install
Thx for the nice commentsAppreciate your help and everyone on this forum has been great...!! I am going to make sendmail work BTW - There were no instructions in the welcome message.. === Welcome to the postfix-users mailing list! Please save this message for future reference. Thank you. If you ever want to remove yourself from this mailing list, you can send mail to [EMAIL PROTECTED] with the following command in the body of your email message: unsubscribe postfix-users or from another account, besides [EMAIL PROTECTED]: unsubscribe postfix-users [EMAIL PROTECTED] If you ever need to get in contact with the owner of the list, (if you have trouble unsubscribing, or have questions about the list itself) send email to [EMAIL PROTECTED] . This is the general rule for most mailing lists when you need to contact a human. Here's the general information for the list you've subscribed to, in case you don't already have it: [Last updated on: Wed Apr 25 7:50:55 2007] TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Thank you for using Postfix. == Welcome msg posted above (No Top posting). --- On Thu, 10/2/08, Charles Marcus [EMAIL PROTECTED] wrote: From: Charles Marcus [EMAIL PROTECTED] Subject: Re: New Postfix install To: postfix users list postfix-users@postfix.org Date: Thursday, October 2, 2008, 5:50 PM On 10/1/2008, Ujjval K ([EMAIL PROTECTED]) wrote: The geniuses at Comcast (my ISP; no, I don't have any choice) have suddenly decided that I am a source of spam and hence require me to send e-mail to port 587 instead of port 25. Or maybe you should consider whether you ARE a source of spam. Are you an open relay? Since you have so far refused to follow the instructions provided in the welcome message you received when joining this list, it is impossible to say. Please at least provide output of postconf -n -- Best regards, Charles
Re: receiving smtpd[25253] error from sender
??? ? [EMAIL PROTECTED] wrote: % host css2.ndcorp.com Host css2.ndcorp.com not found: 3(NXDOMAIN) ?! For domain lookup You should use whois instead of host No. [...] Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Pedantry is OK, but it is reserved only for those who know what they're talking about. That is to say, it is not for you. -- Sahil Tandon [EMAIL PROTECTED]
Re: New Postfix install
Ujjval K wrote: Thx for the nice commentsAppreciate your help and everyone on this forum has been great...!! I am going to make sendmail work You're welcome. To each his own. BTW - There were no instructions in the welcome message.. [...] [Last updated on: Wed Apr 25 7:50:55 2007] TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail See above... -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
Re: New Postfix install
Ujjval K [EMAIL PROTECTED] wrote: BTW - There were no instructions in the welcome message.. [...] TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail That, right there, looks like a pretty clear instruction to me. -- Sahil Tandon [EMAIL PROTECTED]
Re: RFCs 5321 and 5322 published
On 10/2/08, mouss [EMAIL PROTECTED] wrote: Andrzej Kukula wrote: On Wed, Oct 1, 2008 at 18:29, mouss [EMAIL PROTECTED] wrote: FYI, RFCs 5321 and 5322 obsolete 2821 and 2822 (respectively). Again there's no mention of Delivered-To header for loop detection. loop detection is not part of smtp. Did you spot anything useful there? This is not the place to discuss the standards. Delivered to could be mentioned by the RFC, as well as Apparently-to is mentioned as should not be used. -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net
Re: RFCs 5321 and 5322 published
mouss: Andrzej Kukula wrote: On Wed, Oct 1, 2008 at 18:29, mouss [EMAIL PROTECTED] wrote: FYI, RFCs 5321 and 5322 obsolete 2821 and 2822 (respectively). Again there's no mention of Delivered-To header for loop detection. loop detection is not part of smtp. Did you spot anything useful there? This is not the place to discuss the standards. But it is OK to talk about changes (with respect to earlier RFCs) that affect Postfix use or development. Wietse
throttling delivery rate question
First off, I'm not a postfix expert... in fact I'm no kind of expert, just a very well rounded jack of all trades. My current install is fairly generic and I know there are plenty of places it could be improved (and I would welcome constructive criticism). My problem is that I support a number of email lists (using mailman), none are particularly big or busy and, until recently, have been chugging merrily along without a problem. However, a number of domains we deliver to have suddenly started complaining and my outbound queue is filling up with: refused to talk to me: 421 Too many concurrent SMTP connections and 452 Too many recipients received this hour (in reply to RCPT TO command) I've contacted one of the receivers to see what changed. Of course, they claim they didn't change anything but they have configured rate limit for all servers that send us mail is currently set to 15 messages per connection and 500 recipients per message. The email list they are denying only has 20 subscribers on their domain and usually tops out around 10 to 15 messages a day (though it can get a little busier) so I'm not really clear on how their limits are working against me. My config worked up until about a 1.5 weeks ago and it appears I now need to configure postfix to accomodate these restrictions. While I think I've identified the appropriate changes I'd very much appreciate help in correctly identifying the changes my config needs for this. Many thanks to anyone who can help! # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 html_directory = no mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail -f- -a $USER mailbox_size_limit = 0 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, $mydomain, localhost, aspenlibrary.org, budwerner.lib.co.us, eagle.lib.co.us, garfieldlibraries.org, gcld.lib.co.us, gcld.org, grandcountylibraries.org, literarysojourn.org, mcpld.org, mesa.lib.co.us, pitcolib.org, pitkincountylibrary.org,steamboat.lib.co.us, steamboatlibrary.org mynetworks = 127.0.0.0/8, 63.238.70.0/24, 72.165.24.0/24, 192.245.61.0/24, 204.133.21.0/24, 205.169.128.0/24, 205.169.218.0/24, 208.47.174.0/24 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_client_restrictions = check_client_access hash:/etc/postfix/access unknown_local_recipient_reject_code = 550 -- Steve Lindemann __ Network Administrator //\\ ASCII Ribbon Campaign Marmot Library Network, Inc. \\// against HTML/RTF email, http://www.marmot.org //\\ vCards M$ attachments +1.970.242.3331 x116
Re: RFCs 5321 and 5322 published
On Thu, Oct 2, 2008 at 1:51 PM, Victor Duchovni [EMAIL PROTECTED] wrote: On Thu, Oct 02, 2008 at 01:27:46PM -0300, Reinaldo de Carvalho wrote: Delivered to could be mentioned by the RFC, as well as No reason to, it has no end-to-end semantics. The only valid consumer of Delivered-To is the system that added it. The header could be: X-Loop-COM-EXAMPLE: date hmac-sha1(secret, date+address) and would work just as well (or perhaps better) for loop detection. The point is that RFCs don't need to cover purely local issues. -- Viktor. Don't need but could be. The standards *could be suggest* something about loop detection. -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net
Re: throttling delivery rate question
Steve Lindemann: My problem is that I support a number of email lists (using mailman), none are particularly big or busy and, until recently, have been chugging merrily along without a problem. However, a number of domains we deliver to have suddenly started complaining and my outbound queue is filling up with: refused to talk to me: 421 Too many concurrent SMTP connections Adjust smtp_destination_concurrency_limit in main.cf, or configure an additional clone of the smtp client in master.cf. Let's assume that you give it the name mumble. You would then specify a lower mumble_destination_concurrency_limit in main.cf. 452 Too many recipients received this hour (in reply to RCPT TO command) Same deal: either adjust smtp_destination_rate_delay in main.cf, or make a mumble clone of the smtp client in master.cf, and specify a low mumble_destination_rate_delay in main.cf. Postfix by default sends no more than 50 recipients per MAIL FROM transaction; there is no lomit on the number of deliveries per SMTP session. Wietse
exclude some senders from anvil restriction
Hi! I'm using postfix 2.5.4 and it works great :-) I'm using the following parameters to limit traffic on my server: smtpd_client_connection_rate_limit = 10 anvil_rate_time_unit = 60s smtpd_client_event_limit_exceptions not defined, so default=$mynetworks I know that any client registered in smtpd_client_event_limit_exceptions are excluded from this restriction I would like to exclude some senders based on their sender email address, NOT on their IP address . Can it be done ? Any pointers will be appreciated. Workaround ? Using maps ? Thanks Eddy -- Eddy Beliveau HEC Montreal Montreal (Quebec) Canada
Re: exclude some senders from anvil restriction
Victor Duchovni wrote: On Thu, Oct 02, 2008 at 01:48:40PM -0400, Eddy Beliveau wrote: Hi! I'm using postfix 2.5.4 and it works great :-) I'm using the following parameters to limit traffic on my server: smtpd_client_connection_rate_limit = 10 anvil_rate_time_unit = 60s smtpd_client_event_limit_exceptions not defined, so default=$mynetworks I know that any client registered in smtpd_client_event_limit_exceptions are excluded from this restriction I would like to exclude some senders based on their sender email address, NOT on their IP address . Can it be done ? No, anvil constraints are imposed at 220 banner time, and the sender is not known at that point. In order to find the sender, you need to allow the client to tie up a connection, which makes the control useless. If the sender is under your control, you could set up an alternate smtpd listener (with different/no rate limit) on another IP or port for this specific sender to use. Or just raise the rate limit. -- Noel Jones
RE: receiving smtpd[25253] error from sender
Here is the results of the postconf -n # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases biff = no command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 1 debug_peer_list = 172.18.3.116 default_destination_concurrency_limit = 20 disable_vrfy_command = yes empty_address_recipient = MAILER-DAEMON header_checks = regexp:/etc/postfix/header_checks html_directory = /var/www/htdocs inet_interfaces = all inet_protocols = all local_recipient_maps = local_transport = error:local mail delivery is disabled mail_owner = postfix mailbox_size_limit = 10 mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man message_size_limit = 8000 mydestination = marsh.net, omalias.com, crystalfs.com, mydomain = marsh.net myhostname = srvmailtmp.marsh.net mynetworks = 198.212.128.0/24, 172.0.0.0/8, 127.0.0.0/8, 192.168.200.0/24 myorigin = srvmailtmp.marsh.net newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix queue_minfree = 12000 readme_directory = no relay_domains = crystalfs.com, marsh.net, omalias.com, relay_recipient_maps = hash:/etc/postfix/relay_recipients sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP smtpd_data_restrictions = reject_unauth_pipelining,permit smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/sender_checks check_client_access hash:/etc/postfix/helo_client_exceptions reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023 reject_unauth_pipelining, reject_invalid_hostname, reject_non_fqdn_hostname, reject_rbl_client zen.spamhaus.org reject_rbl_clientcbl.abuseat.org permit soft_bounce = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sahil Tandon Sent: Wednesday, October 01, 2008 11:04 PM To: postfix-users@postfix.org Subject: Re: receiving smtpd[25253] error from sender Wray, Oran [EMAIL PROTECTED] wrote: smtpd[25253]: NOQUEUE: reject: RCPT from mailgw1.per-se.com[199.190.235.46]: 450 4.1.8 [EMAIL PROTECTED]: Sender address rejected: Domain not found; from=[EMAIL PROTECTED] to=[EMAIL PROTECTED] proto=ESMTP helo=mailgw1.per-se.com Please post the output of 'postconf -n' and follow the instructions in the DEBUG_README (a document to which you were referred upon subscribing to this mailing list) when asking for help. The rejecting server has probably specified reject_unknown_sender_domain: http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain % host css2.ndcorp.com Host css2.ndcorp.com not found: 3(NXDOMAIN) -- Sahil Tandon [EMAIL PROTECTED]
Re: RFCs 5321 and 5322 published
Reinaldo de Carvalho wrote: Don't need but could be. The standards *could be suggest* something about loop detection. only if you can get consensus, which is much harder than you might think. while almost everybody now agrees that putting the envelope recipient in a header (except for mail delivered to a single recipient) was a borked idea, there is no consensus about loop detection. (or if you prefer, Apparently-To is ok, but given that it has already been used the wrong way, it is easier to obsolete it rather than to give 100 lines explaining how/when/why to [not] use it). add to this that getting consensus on smtp related drafts/rfcs is a lot harder than it should. not only because the spam and malware problem makes some people think in transient solutions terms, but also because smtp has been implemented since long, and a lot of people have different ideas of what is best to do. as a result, I don't expect changes (other than clarifications or esmtp extensions) in the smtp specs in the short future.
Re: receiving smtpd[25253] error from sender
Wray, Oran wrote: Here is the results of the postconf -n [snip] myhostname = srvmailtmp.marsh.net $ host srvmailtmp.marsh.net Host srvmailtmp.marsh.net not found: 3(NXDOMAIN) if you want to join the internet, please use names registered in the DNS. [snip] smtpd[25253]: NOQUEUE: reject: RCPT from mailgw1.per-se.com[199.190.235.46]: 450 4.1.8 [EMAIL PROTECTED]: Sender address rejected: Domain not found; from=[EMAIL PROTECTED] to=[EMAIL PROTECTED] proto=ESMTP helo=mailgw1.per-se.com some application/machine/tool is using @css2.ndcorp.com and the recipient system doesn't like it (because css2.ndcorp.com doesn't exist in DNS). either configure the said application/machine/tool to use another domain or use postfix address rewrite to fix the address. [snip]
Re: exclude some senders from anvil restriction
On Thu, Oct 02, 2008 at 01:48:40PM -0400, Eddy Beliveau wrote: Hi! I'm using postfix 2.5.4 and it works great :-) I'm using the following parameters to limit traffic on my server: smtpd_client_connection_rate_limit = 10 anvil_rate_time_unit = 60s smtpd_client_event_limit_exceptions not defined, so default=$mynetworks I know that any client registered in smtpd_client_event_limit_exceptions are excluded from this restriction I would like to exclude some senders based on their sender email address, NOT on their IP address . Can it be done ? No, anvil constraints are imposed at 220 banner time, and the sender is not known at that point. In order to find the sender, you need to allow the client to tie up a connection, which makes the control useless. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:[EMAIL PROTECTED] If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
RE: receiving smtpd[25253] error from sender
I've inherited POSTFIX from someone that left a month ago, so I have a lot of discovery work to do and a lot of questions. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Evans - Postfix List Sent: Thursday, October 02, 2008 2:32 PM To: postfix-users@postfix.org Subject: Re: receiving smtpd[25253] error from sender Wray, Oran wrote: Here is the results of the postconf -n # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases You do know these are never triggered with local disabled. local_recipient_maps = local_transport = error:local mail delivery is disabled [...] mydestination = marsh.net, omalias.com, crystalfs.com, mydomain = marsh.net myhostname = srvmailtmp.marsh.net [...] relay_domains = crystalfs.com, marsh.net, omalias.com, Do not list domains in both relay_domains and mydestination. This can lead to unexpected results. Since you had local disabled.. try setting 'mydestination= ' (note: this breaks any scripts that don't specify a FQDN mail address) relay_recipient_maps = hash:/etc/postfix/relay_recipients Thank goodness. smtpd_recipient_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/sender_checks check_client_access hash:/etc/postfix/helo_client_exceptions reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023 reject_unauth_pipelining, reject_invalid_hostname, reject_non_fqdn_hostname, reject_rbl_client zen.spamhaus.org reject_rbl_clientcbl.abuseat.org permit This setting is *very* dangerous if you have an OK in /etc/postfix/sender_checks. You will be an open relay if any matches are in there. Immediately move reject_unauth_destination after permit_mynetworks to close this hole. Also, cbl.abuseat.org is included in zen.. remove it as it will never hit by itself. reject_unknown_sender_domain is the cause of the message as others have said. soft_bounce = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sahil Tandon Sent: Wednesday, October 01, 2008 11:04 PM To: postfix-users@postfix.org Subject: Re: receiving smtpd[25253] error from sender Wray, Oran [EMAIL PROTECTED] wrote: smtpd[25253]: NOQUEUE: reject: RCPT from mailgw1.per-se.com[199.190.235.46]: 450 4.1.8 [EMAIL PROTECTED]: Sender address rejected: Domain not found; from=[EMAIL PROTECTED] to=[EMAIL PROTECTED] proto=ESMTP helo=mailgw1.per-se.com Please post the output of 'postconf -n' and follow the instructions in the DEBUG_README (a document to which you were referred upon subscribing to this mailing list) when asking for help. The rejecting server has probably specified reject_unknown_sender_domain: http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain % host css2.ndcorp.com Host css2.ndcorp.com not found: 3(NXDOMAIN) -- Sahil Tandon [EMAIL PROTECTED]
Re: Trouble setting up SASL authentication with postfix
* Lists [EMAIL PROTECTED]: Hi Patrick, I want a single username and password to be used for all people sending through this install. Which method would be best for this? Any method as long as you only create one user and use that for all mail clients, but I totally agree with Victor: You don't want to do that. If you want to simplify things, consider using the main mail address as username. That makes one thing less your users will have to think about. They will have to provide their credentials to the mail client anyway, if they want to be able to pick up mail (POP/IMAP). Almost all clients support an optional switch that will let the client reuse these credentials for SMTP Authentication. Use the same password backend for SMTP/POP/IMAP. [EMAIL PROTECTED] Kate Patrick Ben Koetter wrote: * Lists [EMAIL PROTECTED]: Not sure if this is the right place to post, apologies if it is not. This is my first MailScanner / Postfix install - on CentOS 5.2 I have attempted to setup the smtp authentication using SASL following various tutorials. When I attempted to authenticate I am getting the following error pam_succeed_if(smtp:auth):error retrieving information about user test You are using the saslauthd daemon to connect via PAM to a password backend. If the backend is the local shadow file, reconfigure saslauthd to use shadow as method and not pam. If you need to use PAM to access credentials in e.g. a MySQL database, then you need to fix your PAM setup /etc/pam.d/smtp. Use the testsaslauthd command to test saslauthd SASL authentication. Proceed to Postfix and mail clients only if testsaslauthd succeeds. A typical testsaslauthd call using PAM looks like this: $ testsaslauthd -s smtp -r /path/to/saslauthd/socket -u test -p password [EMAIL PROTECTED] I have been searching the net for a couple of hours but havn't been able to get it to work. Start here: http://www.postfix.org/DEBUG_README.html#mail http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ http://www.postfix.org/SASL_README.html Give more information; at least the output of 'postconf -n' and saslfinger. saslfinger - postfix Cyrus sasl configuration Wed Oct 1 14:42:58 NZDT 2008 version: 1.0.2 mode: server-side SMTP AUTH -- basics -- Postfix: 2.3.3 System: CentOS release 5.2 (Final) -- smtpd is linked to -- libsasl2.so.2 = /usr/lib/libsasl2.so.2 (0x001f8000) -- active SMTP AUTH and TLS parameters for smtpd -- smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname -- listing of /usr/lib/sasl -- total 56 drwxr-xr-x 2 root root 4096 Oct 1 09:07 . drwxr-xr-x 68 root root 36864 Oct 1 10:02 .. -rw-r--r-- 1 root root47 Aug 15 09:06 smtpd.conf -- listing of /usr/lib/sasl2 -- total 3468 drwxr-xr-x 2 root root 4096 Oct 1 12:52 . drwxr-xr-x 68 root root 36864 Oct 1 10:02 .. -rwxr-xr-x 1 root root884 Jan 8 2007 libanonymous.la -rwxr-xr-x 1 root root 14372 Jan 8 2007 libanonymous.so -rwxr-xr-x 1 root root 14372 Jan 8 2007 libanonymous.so.2 -rwxr-xr-x 1 root root 14372 Jan 8 2007 libanonymous.so.2.0.22 -rwxr-xr-x 1 root root870 Jan 8 2007 libcrammd5.la -rwxr-xr-x 1 root root 16832 Jan 8 2007 libcrammd5.so -rwxr-xr-x 1 root root 16832 Jan 8 2007 libcrammd5.so.2 -rwxr-xr-x 1 root root 16832 Jan 8 2007 libcrammd5.so.2.0.22 -rwxr-xr-x 1 root root893 Jan 8 2007 libdigestmd5.la -rwxr-xr-x 1 root root 47204 Jan 8 2007 libdigestmd5.so -rwxr-xr-x 1 root root 47204 Jan 8 2007 libdigestmd5.so.2 -rwxr-xr-x 1 root root 47204 Jan 8 2007 libdigestmd5.so.2.0.22 -rwxr-xr-x 1 root root933 Jan 8 2007 libgssapiv2.la -rwxr-xr-x 1 root root 26528 Jan 8 2007 libgssapiv2.so -rwxr-xr-x 1 root root 26528 Jan 8 2007 libgssapiv2.so.2 -rwxr-xr-x 1 root root 26528 Jan 8 2007 libgssapiv2.so.2.0.22 -rwxr-xr-x 1 root root877 Jan 8 2007 libldapdb.la -rwxr-xr-x 1 root root 15472 Jan 8 2007 libldapdb.so -rwxr-xr-x 1 root root 15472 Jan 8 2007 libldapdb.so.2 -rwxr-xr-x 1 root root 15472 Jan 8 2007 libldapdb.so.2.0.22 -rwxr-xr-x 1 root root856 Jan 8 2007 liblogin.la -rwxr-xr-x 1 root root 14752 Jan 8 2007 liblogin.so -rwxr-xr-x 1 root root 14752 Jan 8 2007 liblogin.so.2 -rwxr-xr-x 1 root root 14752 Jan 8 2007 liblogin.so.2.0.22 -rwxr-xr-x 1 root root858 Jan 8 2007 libntlm.la -rwxr-xr-x 1 root root 31516 Jan 8 2007 libntlm.so -rwxr-xr-x 1 root root 31516 Jan 8 2007 libntlm.so.2 -rwxr-xr-x 1 root root 31516 Jan 8 2007 libntlm.so.2.0.22 -rwxr-xr-x 1 root root856 Jan 8 2007 libplain.la -rwxr-xr-x 1 root root 14848 Jan 8 2007 libplain.so -rwxr-xr-x 1 root root 14848 Jan 8 2007 libplain.so.2 -rwxr-xr-x 1 root root 14848 Jan 8 2007 libplain.so.2.0.22 -rwxr-xr-x 1 root root930 Jan 8 2007 libsasldb.la -rwxr-xr-x 1 root root 905200 Jan 8 2007
Re: Trouble setting up SASL authentication with postfix
Thanks for the suggestions, sounds like a good idea. Which method is the simplest to implement and get up and running? I am running MailScanner, Postfix, Spamassassin. Patrick Ben Koetter wrote: * Lists [EMAIL PROTECTED]: Hi Patrick, I want a single username and password to be used for all people sending through this install. Which method would be best for this? Any method as long as you only create one user and use that for all mail clients, but I totally agree with Victor: You don't want to do that. If you want to simplify things, consider using the main mail address as username. That makes one thing less your users will have to think about. They will have to provide their credentials to the mail client anyway, if they want to be able to pick up mail (POP/IMAP). Almost all clients support an optional switch that will let the client reuse these credentials for SMTP Authentication. Use the same password backend for SMTP/POP/IMAP. [EMAIL PROTECTED] Kate Patrick Ben Koetter wrote: * Lists [EMAIL PROTECTED]: Not sure if this is the right place to post, apologies if it is not. This is my first MailScanner / Postfix install - on CentOS 5.2 I have attempted to setup the smtp authentication using SASL following various tutorials. When I attempted to authenticate I am getting the following error pam_succeed_if(smtp:auth):error retrieving information about user test You are using the saslauthd daemon to connect via PAM to a password backend. If the backend is the local shadow file, reconfigure saslauthd to use shadow as method and not pam. If you need to use PAM to access credentials in e.g. a MySQL database, then you need to fix your PAM setup /etc/pam.d/smtp. Use the testsaslauthd command to test saslauthd SASL authentication. Proceed to Postfix and mail clients only if testsaslauthd succeeds. A typical testsaslauthd call using PAM looks like this: $ testsaslauthd -s smtp -r /path/to/saslauthd/socket -u test -p password [EMAIL PROTECTED] I have been searching the net for a couple of hours but havn't been able to get it to work. Start here: http://www.postfix.org/DEBUG_README.html#mail http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ http://www.postfix.org/SASL_README.html Give more information; at least the output of 'postconf -n' and saslfinger. saslfinger - postfix Cyrus sasl configuration Wed Oct 1 14:42:58 NZDT 2008 version: 1.0.2 mode: server-side SMTP AUTH -- basics -- Postfix: 2.3.3 System: CentOS release 5.2 (Final) -- smtpd is linked to -- libsasl2.so.2 = /usr/lib/libsasl2.so.2 (0x001f8000) -- active SMTP AUTH and TLS parameters for smtpd -- smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname -- listing of /usr/lib/sasl -- total 56 drwxr-xr-x 2 root root 4096 Oct 1 09:07 . drwxr-xr-x 68 root root 36864 Oct 1 10:02 .. -rw-r--r-- 1 root root47 Aug 15 09:06 smtpd.conf -- listing of /usr/lib/sasl2 -- total 3468 drwxr-xr-x 2 root root 4096 Oct 1 12:52 . drwxr-xr-x 68 root root 36864 Oct 1 10:02 .. -rwxr-xr-x 1 root root884 Jan 8 2007 libanonymous.la -rwxr-xr-x 1 root root 14372 Jan 8 2007 libanonymous.so -rwxr-xr-x 1 root root 14372 Jan 8 2007 libanonymous.so.2 -rwxr-xr-x 1 root root 14372 Jan 8 2007 libanonymous.so.2.0.22 -rwxr-xr-x 1 root root870 Jan 8 2007 libcrammd5.la -rwxr-xr-x 1 root root 16832 Jan 8 2007 libcrammd5.so -rwxr-xr-x 1 root root 16832 Jan 8 2007 libcrammd5.so.2 -rwxr-xr-x 1 root root 16832 Jan 8 2007 libcrammd5.so.2.0.22 -rwxr-xr-x 1 root root893 Jan 8 2007 libdigestmd5.la -rwxr-xr-x 1 root root 47204 Jan 8 2007 libdigestmd5.so -rwxr-xr-x 1 root root 47204 Jan 8 2007 libdigestmd5.so.2 -rwxr-xr-x 1 root root 47204 Jan 8 2007 libdigestmd5.so.2.0.22 -rwxr-xr-x 1 root root933 Jan 8 2007 libgssapiv2.la -rwxr-xr-x 1 root root 26528 Jan 8 2007 libgssapiv2.so -rwxr-xr-x 1 root root 26528 Jan 8 2007 libgssapiv2.so.2 -rwxr-xr-x 1 root root 26528 Jan 8 2007 libgssapiv2.so.2.0.22 -rwxr-xr-x 1 root root877 Jan 8 2007 libldapdb.la -rwxr-xr-x 1 root root 15472 Jan 8 2007 libldapdb.so -rwxr-xr-x 1 root root 15472 Jan 8 2007 libldapdb.so.2 -rwxr-xr-x 1 root root 15472 Jan 8 2007 libldapdb.so.2.0.22 -rwxr-xr-x 1 root root856 Jan 8 2007 liblogin.la -rwxr-xr-x 1 root root 14752 Jan 8 2007 liblogin.so -rwxr-xr-x 1 root root 14752 Jan 8 2007 liblogin.so.2 -rwxr-xr-x 1 root root 14752 Jan 8 2007 liblogin.so.2.0.22 -rwxr-xr-x 1 root root858 Jan 8 2007 libntlm.la -rwxr-xr-x 1 root root 31516 Jan 8 2007 libntlm.so -rwxr-xr-x 1 root root 31516 Jan 8 2007 libntlm.so.2 -rwxr-xr-x 1 root root 31516 Jan 8 2007 libntlm.so.2.0.22 -rwxr-xr-x 1 root root856 Jan 8 2007 libplain.la -rwxr-xr-x 1 root root 14848 Jan 8 2007 libplain.so -rwxr-xr-x 1 root root 14848