RE: Spam: IP not authorized

[MacShane, Tracy]

 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Tony Yarusso
> Sent: Thursday, 30 October 2008 3:03 PM
> To: Postfix users
> Subject: Spam: IP not authorized
> 
> We're having no end of trouble setting up a new server here, 
> so I'm hoping someone can explain what's going on.  
> Basically, we have a new server that of course will generate 
> messages from cron jobs, PHP mailers, and that sort of thing, 
> and we want them to be able to make it out to people.  To do 
> so we wanted to use GMail as our SMTP server to relay 
> through.  We seem to have gotten all of the TLS stuff taken 
> care of okay, but now are getting the error described on 
> http://mail.google.com/support/bin/answer.py?answer=10336.  
> It appears that this comes up on the _Receiving_ end of 
> things, with any address that belongs to Google (either 
> through standard GMail or Google Apps).
>  We've tried sending out through GMail, no-ip's alternate 
> port SMTP, and Comcast's SMTP.  Other errors occur with 
> different providers, which I suspect are from the same root reason.
> 
> My theory is that it has something to do with the 
> A/MX/PTR/SPF records for the domain.
> The domain is flamtap.com
> The IP address is currently 76.113.154.202, but is dynamic 
> (through no-ip.com) That address also goes by 
> c-76-113-154-202.hsd1.mn.comcast.net
> 
> Any ideas of what we need to do to appear legitimate and not 
> get caught by anti-spam measures?
> 
> --
> Tony Yarusso
> http://tonyyarusso.com/
> 

Please provide examples of your logs that show the errors you mention,
and the output of your postconf -n. Assuming you're a Comcast customer,
and you have everything set up to their specification, I imagine you
should be able to relay via their servers, so perhaps figuring out that
particular issue should be the priority.

Since the sender domain is "flamtrap.com" and your sending server's rDNS
is "...comcast.net", I imagine that's what Gmail is objecting to.

IP not authorized

[Tony Yarusso]

We're having no end of trouble setting up a new server here, so I'm
hoping someone can explain what's going on.  Basically, we have a new
server that of course will generate messages from cron jobs, PHP
mailers, and that sort of thing, and we want them to be able to make
it out to people.  To do so we wanted to use GMail as our SMTP server
to relay through.  We seem to have gotten all of the TLS stuff taken
care of okay, but now are getting the error described on
http://mail.google.com/support/bin/answer.py?answer=10336.  It appears
that this comes up on the _Receiving_ end of things, with any address
that belongs to Google (either through standard GMail or Google Apps).
 We've tried sending out through GMail, no-ip's alternate port SMTP,
and Comcast's SMTP.  Other errors occur with different providers,
which I suspect are from the same root reason.

My theory is that it has something to do with the A/MX/PTR/SPF records
for the domain.
The domain is flamtap.com
The IP address is currently 76.113.154.202, but is dynamic (through no-ip.com)
That address also goes by c-76-113-154-202.hsd1.mn.comcast.net

Any ideas of what we need to do to appear legitimate and not get
caught by anti-spam measures?

-- 
Tony Yarusso
http://tonyyarusso.com/

Re: SecuritySage header_check, mime_header_check, and access files

[Noel Jones]

Ryan Turnbull wrote:

Hello,
   I'm just rebuilding one of our old servers here and I see that the 
previous administrator was using the header_check, mime_header_check, 
and access regex files from SecuritySage.  I tried to go the security 
sage site and it appears to be down, and most posts I have seen out 
there support that assumption.  Anyways, my question for Postfix users 
is, is there another site/company that is providing those files 
updated?  Should I be abandoning this old method for RBLDNS?  If there 
are any suggestions or sites to point me in the right direction for 
lists of valid RBLs or someone/company that is producing those regex 
check files, it would be appreciated.


Thanks

Ryan


My opinion is you're fighting a losing battle trying to reject 
spam using header_checks.  Rather use RBLs, RHSRBLs, and some 
common rules to prevent bots.  How far you go with these 
depends on your tolerance for false positives, but you should 
be able to get most stuff without constantly updating rules.


Check recent archives for discussions of rbls and rhsbls to use.

You can add greylisting and SpamAssassin to catch the rest.

--
Noel Jones

SecuritySage header_check, mime_header_check, and access files

[Ryan Turnbull]

Hello,
   I'm just rebuilding one of our old servers here and I see that the 
previous administrator was using the header_check, mime_header_check, 
and access regex files from SecuritySage.  I tried to go the security 
sage site and it appears to be down, and most posts I have seen out 
there support that assumption.  Anyways, my question for Postfix users 
is, is there another site/company that is providing those files 
updated?  Should I be abandoning this old method for RBLDNS?  If there 
are any suggestions or sites to point me in the right direction for 
lists of valid RBLs or someone/company that is producing those regex 
check files, it would be appreciated.


Thanks

Ryan

Re: Delivery for local users when using pam_mysql (PAM)

[Victor Duchovni]

On Wed, Oct 29, 2008 at 11:04:27PM +0200, Ilo Lorusso wrote:

>  perl -le 'for (@ARGV) { print join(":",getpwnam($_)) }' ipnoc
> 
> -bash-3.2$
> 
> nope.. not successfull, what does this mean?

Your MySQL (IIRC) nss module is misconfigured. Only root can do
passwd lookups.  You must allow all users to consult the logical
"passwd" database.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Which FileSystem do you use on your postfix server?

[Charles Marcus]

On 10/29/2008, Joe Sloan ([EMAIL PROTECTED]) wrote:
> All our production boxes are 100% reiserfs, and have been for some
> years, based on performance testing. They have been rock solid, and most
> of them have 800 day uptimes at this point. I did some performance
> comparisons a few months ago and reiser still has a large lead over
> ext3. As reiser has always been the default filesystem on suse
> enterprise linux, it stands to reason that it has been well vetted.

I'd have to say 'me too' here, although I only use it for our maildirs...

My understanding is reiserfs' big weak point is unclean shutdowns, which
can be minimized/eliminated by using good UPS's and hardware RAID cards
with battery backup for the cache...

Mine survived one unclean shutdown (extended power outage in the middle
of the night) with no problems...

I've also hear people who have had nightmares with ext3...

No filesystem is perfect.

-- 

Best regards,

Charles

Re: Delivery for local users when using pam_mysql (PAM)

[Ilo Lorusso]

-bash-3.2$  perl -le 'for (@ARGV) { print join(":",getpwnam($_)) }' ipnoc

-bash-3.2$ whoami
sneak
-bash-3.2$ who am i
sneakpts/62008-10-29 23:10 (172.69.128.108)
-bash-3.2$

On Wed, Oct 29, 2008 at 11:04 PM, Ilo Lorusso <[EMAIL PROTECTED]> wrote:
>  perl -le 'for (@ARGV) { print join(":",getpwnam($_)) }' ipnoc
>
> -bash-3.2$
>
> nope.. not successfull, what does this mean?
>
> On Wed, Oct 29, 2008 at 10:35 PM, Victor Duchovni
> <[EMAIL PROTECTED]> wrote:
>> On Wed, Oct 29, 2008 at 10:12:19PM +0200, Ilo Lorusso wrote:
>>
>>> [EMAIL PROTECTED] ~]#perl -le 'for (@ARGV) { print join(":",
>>> getpwnam($_)) }' ipnoc
>>>
>>> ipnoc:bb8mChsjCXn.c:5000:5000:/bin/bash
>>>
>>> So what now ?
>>
>> Now repeat the experiment when not running as root. If it still works,
>> post the "local" entry from master.cf.
>>
>> --
>>Viktor.
>>
>> Disclaimer: off-list followups get on-list replies or get ignored.
>> Please do not ignore the "Reply-To" header.
>>
>> To unsubscribe from the postfix-users list, visit
>> http://www.postfix.org/lists.html or click the link below:
>> 
>>
>> If my response solves your problem, the best way to thank me is to not
>> send an "it worked, thanks" follow-up. If you must respond, please put
>> "It worked, thanks" in the "Subject" so I can delete these quickly.
>>
>

Re: Delivery for local users when using pam_mysql (PAM)

[Ilo Lorusso]

 perl -le 'for (@ARGV) { print join(":",getpwnam($_)) }' ipnoc

-bash-3.2$

nope.. not successfull, what does this mean?

On Wed, Oct 29, 2008 at 10:35 PM, Victor Duchovni
<[EMAIL PROTECTED]> wrote:
> On Wed, Oct 29, 2008 at 10:12:19PM +0200, Ilo Lorusso wrote:
>
>> [EMAIL PROTECTED] ~]#perl -le 'for (@ARGV) { print join(":",
>> getpwnam($_)) }' ipnoc
>>
>> ipnoc:bb8mChsjCXn.c:5000:5000:/bin/bash
>>
>> So what now ?
>
> Now repeat the experiment when not running as root. If it still works,
> post the "local" entry from master.cf.
>
> --
>Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> 
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>

Re: Which FileSystem do you use on your postfix server?

[Joe Sloan]

Ralf Hildebrandt wrote:
> * Simone Felici <[EMAIL PROTECTED]>:
>   
>> Hi Postfix-Users!
>>
>> I know, there is enough written on the net and on the mailinglist too, but 
>> have found only old results, maybe the meanwhile something is different, 
>> also I would ask you...
>> Which filesystem do you use on your mailserver?
>> I'm going to migrate a mailserver with EXT3 (and qmail) to a new postfix 
>> mailserver (virtual domains on mysql, ...).
>> I would create the system on EXT3 (RHES) and the following partitions on 
>> rieserfs:
>> 
>
> I would never use reiserfs for anything except our disposable Squid
> Cache. Stay with ext3, it works.

But ext3 does have problems - 

All our production boxes are 100% reiserfs, and have been for some
years, based on performance testing. They have been rock solid, and most
of them have 800 day uptimes at this point. I did some performance
comparisons a few months ago and reiser still has a large lead over
ext3. As reiser has always been the default filesystem on suse
enterprise linux, it stands to reason that it has been well vetted.

Of course, the legal woes of the reiserfs creator have put the future of
the filesystem in doubt. The future seems to be btrfs. ext4 might be a
good stepping stone along the way, when it's ready, but if I had to pick
a filesystem to deploy today, it would be reiserfs - xfs could get some
consideration as well, but we just really don't want the performance hit 
that comes with ext3.

Joe

Re: Delivery for local users when using pam_mysql (PAM)

[Victor Duchovni]

On Wed, Oct 29, 2008 at 10:12:19PM +0200, Ilo Lorusso wrote:

> [EMAIL PROTECTED] ~]#perl -le 'for (@ARGV) { print join(":",
> getpwnam($_)) }' ipnoc
> 
> ipnoc:bb8mChsjCXn.c:5000:5000:/bin/bash
> 
> So what now ?

Now repeat the experiment when not running as root. If it still works,
post the "local" entry from master.cf.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Delivery for local users when using pam_mysql (PAM)

[Wietse Venema]

Ilo Lorusso:
> [EMAIL PROTECTED] ~]#perl -le 'for (@ARGV) { print join(":",
> getpwnam($_)) }' ipnoc

DO NOT RUN THE TEST AS ROOT.

Wietse

Re: Delivery for local users when using pam_mysql (PAM)

[Ilo Lorusso]

[EMAIL PROTECTED] ~]#perl -le 'for (@ARGV) { print join(":",
getpwnam($_)) }' ipnoc

ipnoc:bb8mChsjCXn.c:5000:5000:/bin/bash

So what now ?



On Wed, Oct 29, 2008 at 9:57 PM, Ilo Lorusso <[EMAIL PROTECTED]> wrote:
> yeah I just did a perl
>
> script which look like this
>
> #!/usr/bin/perl
>
> print getpwnam("ipnoc"),"\n";
>
> and this was my output
> ===
> ipnocbb8mChsjCXn.c50005000/bin/bash
> ===
>
> everything looks right except for the colons missing between the fields..
>
> is that cause of perl? or what?
>
> On Wed, Oct 29, 2008 at 9:38 PM, Gustav Meirinho <[EMAIL PROTECTED]> wrote:
>> Try this:
>>
>> # perl -e 'print getpwnam "username",$/'
>>
>>
>>
>>
>>
>>
>> Ilo Lorusso escreveu:
>>
>> if getpwnam() is a system library routine and not a command how would
>> I go about performing those tests?
>> please forgive my ignorance ..
>> On Wed, Oct 29, 2008 at 8:44 PM, Wietse Venema <[EMAIL PROTECTED]> wrote:
>>
>>
>> Postfix uses the standard getpwnam() system library routine to
>> determine if a user exists.
>> You should do your tests with getpwnam(), not with the
>> getent command.
>>Wietse
>>
>>
>>
>

Re: XFORWARD Vs PDP

[Gustav Meirinho]

    Guys, I'm still accepting
ideas. :D




Gustav Meirinho escreveu:

  
      If it can not be done
at
the moment, all right (I found a similar request in 2006 - message
209338).
  
    My real problem is this: 
  
    Many customers use mail groups (virtual_alias_maps). Each
destination account can create their own rules for releasing and
blocking, which is consulted by the Delegation Protocol. When a person
has a blocking rule and e-mail is sent to a group, the message can not
be blocked at the moment, only after the delivery of mail by
destination. When that happens, the envelope of information are lost,
because final assessment is carried out in other instances. 
  
    Any ideas? 
  
  
  
  
Wietse Venema escreveu:
  
Victor Duchovni:
  

  On Mon, Oct 27, 2008 at 03:47:08PM -0400, Wietse Venema wrote:


  
This thread suggests that each xforward attribute also needs to be
made available via Milter macros (in smtpd and cleanup), and via
the policy delegation protocol.
  
  
  There seems to be some demand for this, but the OP seems to be asking
to override XFORWARD with policy actions. A most surprising request...



I may have missed that amidst the HTML. What I could recognize was
an example request from the SMTP server with a couple more attributes.

Using this protocol to modify attributes would indeed be against
the spirit of the design, and would give too much control to
untrusted code.

	Wietse

  
  

Re: Delivery for local users when using pam_mysql (PAM)

[Ilo Lorusso]

yeah I just did a perl

script which look like this

#!/usr/bin/perl

print getpwnam("ipnoc"),"\n";

and this was my output
===
ipnocbb8mChsjCXn.c50005000/bin/bash
===

everything looks right except for the colons missing between the fields..

is that cause of perl? or what?

On Wed, Oct 29, 2008 at 9:38 PM, Gustav Meirinho <[EMAIL PROTECTED]> wrote:
> Try this:
>
> # perl -e 'print getpwnam "username",$/'
>
>
>
>
>
>
> Ilo Lorusso escreveu:
>
> if getpwnam() is a system library routine and not a command how would
> I go about performing those tests?
> please forgive my ignorance ..
> On Wed, Oct 29, 2008 at 8:44 PM, Wietse Venema <[EMAIL PROTECTED]> wrote:
>
>
> Postfix uses the standard getpwnam() system library routine to
> determine if a user exists.
> You should do your tests with getpwnam(), not with the
> getent command.
>Wietse
>
>
>

Re: Delivery for local users when using pam_mysql (PAM)

[Victor Duchovni]

On Wed, Oct 29, 2008 at 05:38:35PM -0200, Gustav Meirinho wrote:

>Try this:
> 
># perl -e 'print getpwnam "username",$/'

A slightly more clean Perl "getent passwd" clone:

perl -le 'for (@ARGV) { print join(":", getpwnam($_)) }' "username" ...

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Delivery for local users when using pam_mysql (PAM)

[Gustav Meirinho]

    Try this:

    # perl -e 'print getpwnam "username",$/'

    






Ilo Lorusso escreveu:

  if getpwnam() is a system library routine and not a command how would
I go about performing those tests?

please forgive my ignorance ..

On Wed, Oct 29, 2008 at 8:44 PM, Wietse Venema <[EMAIL PROTECTED]> wrote:
  
  
Postfix uses the standard getpwnam() system library routine to
determine if a user exists.

You should do your tests with getpwnam(), not with the
getent command.

   Wietse


  
  
  

Re: Delivery for local users when using pam_mysql (PAM)

[Victor Duchovni]

On Wed, Oct 29, 2008 at 09:26:32PM +0200, Ilo Lorusso wrote:

> if getpwnam() is a system library routine and not a command how would
> I go about performing those tests?

With a C program, or perhaps a Perl script (if we trust Perl's
getpwnam()). You should also make sure that getent(1) works when running
as the "postfix" user, not just "root", ...

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Delivery for local users when using pam_mysql (PAM)

[Ilo Lorusso]

if getpwnam() is a system library routine and not a command how would
I go about performing those tests?

please forgive my ignorance ..

On Wed, Oct 29, 2008 at 8:44 PM, Wietse Venema <[EMAIL PROTECTED]> wrote:
> Postfix uses the standard getpwnam() system library routine to
> determine if a user exists.
>
> You should do your tests with getpwnam(), not with the
> getent command.
>
>Wietse
>

Re: Delivery for local users when using pam_mysql (PAM)

[Wietse Venema]

Postfix uses the standard getpwnam() system library routine to
determine if a user exists.

You should do your tests with getpwnam(), not with the
getent command.

Wietse

Re: Return-Path and Errors-To not behaving as expected

[Wietse Venema]

Jeff:
> So
> I tried inserting "Return-Path: [EMAIL PROTECTED]" in the
> headers, but they still bounced to the script user.

As documented, use the "sendmail -f" option.

Return-Path: is created on OUTPUT, it is not used for INPUT.

> Same deal with
> inserting "Errors-To: [EMAIL PROTECTED]".

Errors-To: is a non-standard header.

Wietse

Re: How can I override previous FILTER action

[Wietse Venema]

Eddy Beliveau:
> Documentation said:
> /"In the case that multiple *FILTER* actions fire, only the last one is 
> executed. "
> 
> /I try without success to override previously defined FILTER
> /^some-special-header/ FILTER my-filter
> /^my-filter-been-there: Yes/   FILTER none

As documented, the syntax of a filter is "transport:destination",
where an SMTP destination is typically of the form "host:port".

To skip filters, specify the port that re-injects mail back into Postfix.

filter scan:127.0.0.1:the_postfix_inject_port

Wietse

Re: Return-Path and Errors-To not behaving as expected

[Noel Jones]

Jeff wrote:

I have a shell script that generates simple emails by piping text
(with To, From and Subject headers) to 'sendmail -t' (the postfix
version). All is well with that except when a message bounces. The
failure notice comes back to the user that ran the script. The script
is run from cron under an administrative account. I would prefer to
redirect bounces to a customer service agent that can deal with it. So
I tried inserting "Return-Path: [EMAIL PROTECTED]" in the
headers, but they still bounced to the script user. Same deal with
inserting "Errors-To: [EMAIL PROTECTED]".



The Return-Path: header is added (or replaced) by the final 
delivery agent, using the envelope sender address.
The Errors-To: header is a non-standard header and is ignored 
by most MTAs including current postfix versions.


To control where bounces are delivered, set the envelope 
sender address to your bounce address.  With the sendmail(1) 
interface, use the -f option.



--
Noel Jones


I have verified that [EMAIL PROTECTED] is deliverable.

In the first case, my manual Return-Path header was replaced with the
script user address. In the second case, I can see my Errors-To
header, but a Return-Path header is also inserted (by
postfix/sendmail?) with the script user address.

What am I doing wrong? http://www.postfix.org/sendmail.1.html says
that Errors-To overrides command line options to sendmail, so why is
it not heeded when no return path command line options are used?

If possible, I would like the bounce address to be something that is
not normally displayed by common mail clients.

Hello Postfix guys

[Hemanth Gopal]

Dear Guys,

I am having a postfix+ldap+jamm  debian server having more than 15 mail
accounts and so now, Jamm is not able to load all the mail accounts together
and not able to reset a mail account password due to this. Please let me
know is there any alternative to Jamm, i am not able to see any option for
search and find a mail account and edit it , rather it tries to load the
email accounts in one page. Also someone please advise the commands on how
we can do delete mail accounts and reset passwords from command line from
the backend in ldap+postix server.

Regard,
Hemanth

Re: Return-Path and Errors-To not behaving as expected

[Brian Evans]

Jeff wrote:
> What am I doing wrong? http://www.postfix.org/sendmail.1.html says
> that Errors-To overrides command line options to sendmail, so why is
> it not heeded when no return path command line options are used?
>   

Please, reread it again..

   -f sender
  Set  the  envelope  sender  address.  This  is  the
  address  where  delivery problems are sent to. With
  Postfix versions *before 2.1*, the Errors-To: message
  header overrides the error return address.

Brian

Return-Path and Errors-To not behaving as expected

[Jeff]

I have a shell script that generates simple emails by piping text
(with To, From and Subject headers) to 'sendmail -t' (the postfix
version). All is well with that except when a message bounces. The
failure notice comes back to the user that ran the script. The script
is run from cron under an administrative account. I would prefer to
redirect bounces to a customer service agent that can deal with it. So
I tried inserting "Return-Path: [EMAIL PROTECTED]" in the
headers, but they still bounced to the script user. Same deal with
inserting "Errors-To: [EMAIL PROTECTED]".

I have verified that [EMAIL PROTECTED] is deliverable.

In the first case, my manual Return-Path header was replaced with the
script user address. In the second case, I can see my Errors-To
header, but a Return-Path header is also inserted (by
postfix/sendmail?) with the script user address.

What am I doing wrong? http://www.postfix.org/sendmail.1.html says
that Errors-To overrides command line options to sendmail, so why is
it not heeded when no return path command line options are used?

If possible, I would like the bounce address to be something that is
not normally displayed by common mail clients.

-- 
Jeff

Re: XFORWARD Vs PDP

[Gustav Meirinho]

    If it can not be done at
the moment, all right (I found a similar request in 2006 - message
209338).

    My real problem is this: 

    Many customers use mail groups (virtual_alias_maps). Each
destination account can create their own rules for releasing and
blocking, which is consulted by the Delegation Protocol. When a person
has a blocking rule and e-mail is sent to a group, the message can not
be blocked at the moment, only after the delivery of mail by
destination. When that happens, the envelope of information are lost,
because final assessment is carried out in other instances. 

    Any ideas? 




Wietse Venema escreveu:

  Victor Duchovni:
  
  
On Mon, Oct 27, 2008 at 03:47:08PM -0400, Wietse Venema wrote:



  This thread suggests that each xforward attribute also needs to be
made available via Milter macros (in smtpd and cleanup), and via
the policy delegation protocol.
  

There seems to be some demand for this, but the OP seems to be asking
to override XFORWARD with policy actions. A most surprising request...

  
  
I may have missed that amidst the HTML. What I could recognize was
an example request from the SMTP server with a couple more attributes.

Using this protocol to modify attributes would indeed be against
the spirit of the design, and would give too much control to
untrusted code.

	Wietse

  

Delivery for local users when using pam_mysql (PAM)

[Ilo Lorusso]

Hi,

I've got my system using pam_mysql for authentication for horde and
dovecot which is working great.

when I wish to try send a message to one of my local users which
resides in the MySQL database

postfix keeps bouncing the message as user unknown.. logs below..

==
Oct 29 18:26:16 hordepri postfix/smtpd[17457]: 7DD8C4712DC:
client=localhost[127.0.0.1]
Oct 29 18:26:28 hordepri postfix/cleanup[17466]: 7DD8C4712DC:
message-id=<[EMAIL PROTECTED]>
Oct 29 18:26:28 hordepri postfix/qmgr[17308]: 7DD8C4712DC:
from=<[EMAIL PROTECTED]>, size=387, nrcpt=1 (queue active)
Oct 29 18:26:28 hordepri postfix/local[17468]: 7DD8C4712DC:
to=<[EMAIL PROTECTED]>, relay=local, delay=30,
delays=30/0.01/0/0.02, dsn=5.1.1, status=bounced (unknown user:
"ipnoc")
Oct 29 18:26:28 hordepri postfix/bounce[17470]: 7DD8C4712DC: sender
non-delivery notification: 33C9A4712DF
Oct 29 18:26:28 hordepri postfix/qmgr[17308]: 7DD8C4712DC: removed


I know my libnss-mysql (nsswitch) is working as when I do a "getent
passwd ipnoc" I get the following



[EMAIL PROTECTED] pam.d]# getent passwd ipnoc
ipnoc:x:5000:5000:::/bin/bash



Ive also setup my /etc/pam.d/smtp file as follows but still but still
no delivery to local users.
is there somthing I have to do to get postfix to read from the
/etc/pam.d/smtp file? is the below correct ? or anything else im
missing
with regards to postfix and PAM?

=

authrequiredpam_mysql.souser=nss-root   passwd=mypass
 host=127.0.0.1  db=auth table=users usercolumn=username
passwdcolumn=password   crypt=1 verbose=1
account sufficient  pam_mysql.souser=nss-root   passwd=mypass
 host=127.0.0.1  db=auth table=users usercolumn=username
passwdcolumn=password   crypt=1 verbose=1

=

otherwise Is there another way I could tell postfix what my local
users are? as I could use postfix mysql support but not sure on which
statement would fine my local users???



Thanks,

any help appreciated

Ilo

Re: RE : RE : Big incoming queue, slow qmgr, idle system. It worked, thanks

[Francis SOUYRI]

Viktor,

No problem the server is now very speed...

Thank you for all your help.

Best regards.

Francis

Victor Duchovni wrote:

On Wed, Oct 29, 2008 at 11:18:13AM +0100, Francis SOUYRI wrote:

  

I have just a little question, how can I disable de qmgr logging ?
In a "normal" case I am interrested in the log by the
smtpd/smtp/delevery agents activity (mail come from, go to filter, go to
dest...), but not by the cleanup/qmgr activity... what do you think ?



Leave these logs in place. They are an important part of the message
audit trail, logging the message-id and envelope sender, the additional
disk space overhead is negligible and with syslog not misconfigured,
there is no performance impact.

--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

  

How can I override previous FILTER action

[Eddy Beliveau]

Hi! Networkers,

I'm using postfix 2.5.4 and it works perfectly.  Thanks  ;-)
/
/25 -> 10024 -> 10025/

/I add FILTER action within my header_checks file and it works correctly.

My header_checks file contains:
/^some-special-header/ FILTER my-filter

25 -> 10024 -> 10025 -> 10027 -> 10025

During execution, my-filter append the header "my-filter-been-there: Yes"
so, I want to NOT execute my-filter if that header is present.
otherwise, I will get the infamous "too many hops" error message.

Documentation said:
/"In the case that multiple *FILTER* actions fire, only the last one is 
executed. "


/I try without success to override previously defined FILTER
/^some-special-header/ FILTER my-filter
/^my-filter-been-there: Yes/   FILTER none

Can it be done ?
How can I remove the current FILTER action ?

Thanks in advance,
Eddy


Eddy Beliveau
HEC Montreal
Montreal (Quebec)
Canada

Re: RE : RE : Big incoming queue, slow qmgr, idle system. It worked, thanks

[Victor Duchovni]

On Wed, Oct 29, 2008 at 11:18:13AM +0100, Francis SOUYRI wrote:

> I have just a little question, how can I disable de qmgr logging ?
> In a "normal" case I am interrested in the log by the 
> smtpd/smtp/delevery agents activity (mail come from, go to filter, go to 
> dest...), but not by the cleanup/qmgr activity... what do you think ?

Leave these logs in place. They are an important part of the message
audit trail, logging the message-id and envelope sender, the additional
disk space overhead is negligible and with syslog not misconfigured,
there is no performance impact.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Which FileSystem do you use on your postfix server?

[Simone Felici]

Stefan Förster ha scritto:

Conclusion: Don't put valuable data on ReiserFS. Don't do premature
optimization. You can always change filesystems if your tests show
performance gains and you run into performance shortages.


Cheers
Stefan



Thank you for the answer, I'll take a look to your tests too, no problem for German language (lebe in Südtirol, hier 
deutsch muss man kennen ;) )
Also now I've a good point to start migration and tests on the server with more or less 1000 domains. Mopst of them with 
some mails, only a few domains with more than thousend mailboxes.

Nice work will be the migration of the old server (qmail and mails stored in 
maildir format).

Byebye

simon

Re: SMTP transaction interrupted

[Wietse Venema]

Rocco Scappatura:
> Oct 29 10:27:58 av3 postfix/smtpd[16988]: connect from
> unknown[xxx.yyy.www.zzz]
> Oct 29 10:27:58 av3 postfix/smtpd[16988]: 7B98D75008D:
> client=unknown[xxx.yyy.www.zzz]
> Oct 29 10:34:25 av3 postfix/smtpd[16988]: timeout after DATA from
> unknown[xxx.yyy.www.zzz]
> Oct 29 10:34:25 av3 postfix/smtpd[16988]: disconnect from
> unknown[xxx.yyy.www.zzz]
> 
> What I can suspect about the cause? Firewall, Protection software on
> sending client or what?

All of the above, including firewalls that break IP path MTU
discovery or TCP window scaling.  A tcpdump recording will 
help to distinguish between these. I don't think that packet
content is needed for this.

Wietse

Re: SMTP transaction interrupted

[Terry Carmen]

Rocco Scappatura wrote:

I can't identify the cause of impossibility to relay emails


through
  

my


Postifix mail gateway, from a Outlook express client.


Indeed, I get the problem while sending email with attachment with
  

size


above 5-6 MB..

  

From mail log, I saw:

postfix/smtpd[16988]: connect from unknown[xxx.yyy.www.zzz]
postfix/smtpd[16988]: 7B98D75008D: client=unknown[xxx.yyy.www.zzz]
postfix/cleanup[22797]: 7B98D75008D:
message-id=<[EMAIL PROTECTED]>

From client side I get a pop-up window that points out problems


with


server communication or even network..

What it couuld be inferred from postfix log above? How could


continue


to
investigate to get the cause of interruption?


Look for the records at the END of the SMTP session.

$ egrep 'postfix/cleanup\[22797\]|postfix/smtpd\[16988\]'
/var/log/maillog



Thanks Wietse:

Oct 29 10:27:58 av3 postfix/smtpd[16988]: connect from
unknown[xxx.yyy.www.zzz]
Oct 29 10:27:58 av3 postfix/smtpd[16988]: 7B98D75008D:
client=unknown[xxx.yyy.www.zzz]
Oct 29 10:34:25 av3 postfix/smtpd[16988]: timeout after DATA from
unknown[xxx.yyy.www.zzz]
Oct 29 10:34:25 av3 postfix/smtpd[16988]: disconnect from
unknown[xxx.yyy.www.zzz]

What I can suspect about the cause? Firewall, Protection software on
sending client or what?

rocsca
  
It might be helpful to verify that postfix's debug_peer_level is still 
set at 2 (default, I believe), then add the problem remote addresses or 
domains to the debug peer list. Postfix will issue very detailed 
messages isf you ask it to.


#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain

http://www.postfix.org/postconf.5.html#debug_peer_list

Terry

RE: SMTP transaction interrupted

[Rocco Scappatura]

> > > I can't identify the cause of impossibility to relay emails
through
> my
> > > Postifix mail gateway, from a Outlook express client.
> >
> > Indeed, I get the problem while sending email with attachment with
> size
> > above 5-6 MB..
> >
> > > From mail log, I saw:
> > >
> > > postfix/smtpd[16988]: connect from unknown[xxx.yyy.www.zzz]
> > > postfix/smtpd[16988]: 7B98D75008D: client=unknown[xxx.yyy.www.zzz]
> > > postfix/cleanup[22797]: 7B98D75008D:
> > > message-id=<[EMAIL PROTECTED]>
> > >
> > > From client side I get a pop-up window that points out problems
> with
> > > server communication or even network..
> > >
> > > What it couuld be inferred from postfix log above? How could
> continue
> > > to
> > > investigate to get the cause of interruption?
> 
> Look for the records at the END of the SMTP session.
> 
> $ egrep 'postfix/cleanup\[22797\]|postfix/smtpd\[16988\]'
> /var/log/maillog

Thanks Wietse:

Oct 29 10:27:58 av3 postfix/smtpd[16988]: connect from
unknown[xxx.yyy.www.zzz]
Oct 29 10:27:58 av3 postfix/smtpd[16988]: 7B98D75008D:
client=unknown[xxx.yyy.www.zzz]
Oct 29 10:34:25 av3 postfix/smtpd[16988]: timeout after DATA from
unknown[xxx.yyy.www.zzz]
Oct 29 10:34:25 av3 postfix/smtpd[16988]: disconnect from
unknown[xxx.yyy.www.zzz]

What I can suspect about the cause? Firewall, Protection software on
sending client or what?

rocsca

Re: VRFY problem

[Wietse Venema]

Pete Fuggle:
> So it seems that
> smtpd_recipient_restrictions are somehow being invoked when VRFY is used? 

VRFY is pretty useless by now because many sites disable it.
Postfix invokes smtpd_recipient_restrictions to make the reply
similar to that of RCPT TO (no point to have VRFY reply with 2xx
when we already know that RCPT TO would reject the same address).

However, that similarity broke long ago with the introduction of
smtpd_delay_reject=yes, and with client/helo/sender restrictions
in smtpd_recipient_restrictions.

> My understanding is that VRFY
> should respond with; 250, 251 or 252 only.

That understanding is not supported by RFC 821, 2821, ...

Wietse

> So apart from wanting to understand what is going on, my question is whether
> or not I should just disable VRFY, and what are any pitfalls of doing so? I
> was content to have it monotonously return 252 but if it is broken and I
> don't need it then I will turn it off.
> 
> Cheers,
> 
> Pete

Re: postfix 2.5 vmail hosting - Resource temporarily unavailable + mail transport unavailable

[Wietse Venema]

?li?s Tam?s:
> Oct 24 22:09:24 ** postfix/master[27379]: warning: master_wakeup_timer_event: 
> service tlsmgr(private/tlsmgr): Resource temporarily unavailable
> Oct 24 22:33:54 *** postfix/qmgr[741]: warning: connect to transport 
> maildrop: Resource temporarily unavailable
> Oct 24 22:33:54 *** postfix/qmgr[741]: warning: connect to transport retry: 
> Resource temporarily unavailable

You need to scale up your kernel, or reduce the number of processes
(with the default_process_limit parameter in main.cf, or with the
process limit fields in master.cf).

Wietse

Re: Sender Bcc Maps

[Nikita Kipriyanov]

Ranjith Kumar пишет:

Hi,

I have enabled sender_bcc_maps on my postfix mta using the
documentation available on postfix site. The mails are being forwarded
successfully, but I am receiving 2 copies of the mail.

What could be the problem?
  

Please, show main.cf and master.cf, specifically
recieve_override_options and content_filter

postfix 2.5 vmail hosting - Resource temporarily unavailable + mail transport unavailable - master.cf -

[Éliás Tamás]

Udv / Greetings!

Attachment dod not go through. I post my master.cf here:

# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
smtp  inet  n   -   -   -   30   smtpd
-o smtpd_client_connection_count_limit=20
smtps inet  n   -   -   -   30   smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_connection_count_limit=20
pickupfifo  n   -   -   60  1   pickup
cleanup   unix  n   -   -   -   0   cleanup
qmgr  fifo  n   -   n   300 1   qmgr -v
tlsmgrunix  -   -   -   1000?   1   tlsmgr
rewrite   unix  -   -   -   -   -   trivial-rewrite
bounceunix  -   -   -   -   0   bounce
defer unix  -   -   -   -   0   bounce
trace unix  -   -   -   -   0   bounce
verifyunix  -   -   -   -   1   verify
flush unix  n   -   -   1000?   0   flush
proxymap  unix  -   -   n   -   -   proxymap
proxywrite unix -   -   n   -   1   proxymap
smtp  unix  -   -   -   -   -   smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix  -   -   -   -   -   smtp
-o fallback_relay=
-o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix  n   -   -   -   -   showq
error unix  -   -   -   -   -   error
discard   unix  -   -   -   -   -   discard
local unix  -   n   n   -   -   local
virtual   unix  -   n   n   -   -   virtual
lmtp  unix  -   -   -   -   -   lmtp
anvil unix  -   -   -   -   1   anvil
scacheunix  -   -   -   -   1   scache
retry unix  -   -   -   -   -   error
error unix  -   -   n   -   -   error

maildrop  unix  -   n   n   -   -   pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -V 10 -w 91 -d ${recipient} 
${recipient} ${user} ${nexthop} ${sender}

gnarwlunix  -   n   n   -   -   pipe
   flags=F  user=vmail argv=/usr/bin/gnarwl -a [EMAIL PROTECTED] -s ${sender}

##
# BLD - BlackList Daemon
##

bld-policy  unix  -   n   n   -   -   spawn
  user=nobody argv=/usr/sbin/bld-pf_policy


##
# ESET anti-malware
##

127.0.0.1:2525 inet  n - n - - smtpd
  -o content_filter=
  -o myhostname=pszinfo
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
  -o smtpd_helo_restrictions=
  -o smtpd_client_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o smtp_send_xforward_command=yes
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8
  -o disable_mime_output_conversion=yes
  -o smtp_generic_maps=
  -o smtpd_error_sleep_time=10s


My /etc/maildroprc:

logfile "/data/logs/mail/maildrop.log"

RECIPIENT=tolower("$1")
USER=tolower("$2")
HOST=tolower("$3")
SENDER=tolower("$4")

if (!$SENDER)
{
SENDER = ""
}

#
# Autocreate maildir, if not existant
#

`test -e /data/vmail.INBOX/$HOST`
if ( $RETURNCODE != 0 )
{
`mkdir /data/vmail.INBOX/$HOST`
}

`test -e /data/vmail.INBOX/$HOST/$USER`
if ( $RETURNCODE != 0 )
{
`/usr/bin/maildirmake /data/vmail.INBOX/$HOST/$USER`
`chmod -R 0600 /data/vmail.INBOX/$HOST`
}


-- 
Éliás Tamás / Thomas Elias
*NIX System administrator, Certified Cisco Network Engineer, Pascal/Bash/C++ 
programmer, Certified IBM UDB DB2 Database Administrator
mailto: [EMAIL PROTECTED]
Tel.: +3630/4971626 ; ICQ UIN: 206-714-459 ; SKYPE: "elias.tamas"
OpenPGP public key: http://pszinfo.hu/elias.tamas.asc
Quote: "Non Omnis Moriar"

pgptNxzK3b2WA.pgp
Description: PGP signature

relocated_maps in LDAP

[Udo Rader]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

this is a bit OT, but I just don't seem be be able to find a satisfying
solution for my problem:

Up to now we have been maintaining the relocated_maps as an ordinary
hash table, while all the "other" things like domains, users, aliases
etc. are stored in LDAP.

Now we have to relocate quite a number of users that cannot be
generalized in the form olddomain -> newdomain but rather on a per user
base.

So what does not want out of my head is how to "best" store this
information in our LDAP server.

How do other admins deal with that? Where do you (best) store the
relocation information? Within the "old" LDAP entries or do you have a
seperate "relocation" tree in your DIT?

- --
Udo Rader
http://www.bestsolution.at
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iEYEARECAAYFAkkIUFYACgkQJkMMup66A9wMnwCg3s7YLenw48WAMI2fWhEM3zsu
L7oAmwUhDCibSCXX5JQianxDEGqHiqhU
=rHeZ
-END PGP SIGNATURE-

Re: Sender Bcc Maps

[Ralf Hildebrandt]

* Ranjith Kumar <[EMAIL PROTECTED]>:
> Hi,
> 
> I am not using amavisd-new. I am using spamassassin as the content filter.

Please show master.cf then.
-- 
Ralf Hildebrandt ([EMAIL PROTECTED])  [EMAIL PROTECTED]
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de  I'm looking for a job
Windows has detected that a gnat has farted near your computer. Press
any key to reboot. 

postfix 2.5 vmail hosting - Resource temporarily unavailable + mail transport unavailable

[Éliás Tamás]

Udv / Greetings!

I have a classic virtual mail hosting setup, with postfix 2.5,
dovecot, maildrop, ldap and sasl authentication. I've just setup
quotas and upgraded he server from posfix 2.3. All is is working fine,
but. I'm starting to receive the following messages:

Oct 24 22:09:24 ** postfix/master[27379]: warning: master_wakeup_timer_event: 
service tlsmgr(private/tlsmgr): Resource temporarily unavailable
Oct 24 22:33:54 *** postfix/qmgr[741]: warning: connect to transport maildrop: 
Resource temporarily unavailable
Oct 24 22:33:54 *** postfix/qmgr[741]: warning: connect to transport retry: 
Resource temporarily unavailable
Oct 24 22:33:54 *** postfix/qmgr[741]: D2CA1100BC1: to=<[EMAIL PROTECTED]>, 
orig_to=<[EMAIL PROTECTED]>, relay=none, delay=907,
delays=907/0.17/0/0, dsn=4.3.0, status=deferred (mail transport unavailable)
Oct 24 22:33:54 *** postfix/qmgr[741]: D2CA1100BC1: to=<[EMAIL PROTECTED]>, 
orig_to=<[EMAIL PROTECTED]>, relay=none, delay=908,
delays=907/0.23/0/0, dsn=4.3.0, status=deferred (mail transport unavailable)
Oct 24 22:33:54 *** postfix/qmgr[741]: D2CA1100BC1: to=<[EMAIL PROTECTED]>, 
orig_to=<[EMAIL PROTECTED]>, relay=none, delay=908,
delays=907/0.25/0/0, dsn=4.3.0, status=deferred (mail transport unavailable)

I've googled but no useable answer found. (tlsmgr -v startup simply
shows everything ok) These messages are starting to popup when there is a mail 
alias, wich
has multiple maildrops. So in general, mail send/receive is working
when it addresses an existing account, or a simple alias. In my case:
[EMAIL PROTECTED] is OK.
[EMAIL PROTECTED] -redirected to- [EMAIL PROTECTED] is OK.
[EMAIL PROTECTED] -redirected to MULTIPLE EXISTING accounts- is NOT OK.

An example ldap entry:

dn: [EMAIL PROTECTED],vd=***.hu,o=hosting,dc=***,dc=hu
accountActive: TRUE
lastChange: 1165829161
mail: [EMAIL PROTECTED]
objectClass: top
objectClass: VirtualMailAlias
cn: hiba
sn: hiba
maildrop: [EMAIL PROTECTED]
maildrop: [EMAIL PROTECTED]
maildrop: [EMAIL PROTECTED]

I roughly tested the problem, and I could state the following:

ldap connection fine. Entrys got fine. since standard and mails with
only one alias wrking fine, it must be some timing or bottleneck
issue.

Let me show you a normal connection (mail is sent to a mail alias,
wich has been redirected to a normal address [EMAIL PROTECTED]>elias.tamas@)
I can see the following in the log (qmgr -v), and also the courier
authdaemon's logging set to "2":

Oct 24 23:19:47 *** postfix/smtpd[4455]: connect from 
fibhost-12-130.fibernet.bacs-net.hu[85.66.12.130]
Oct 24 23:19:48 *** postfix/smtpd[4455]: 9FB78100BC1: 
client=fibhost-12-130.fibernet.bacs-net.hu[85.66.12.130], sasl_method=PLAIN, 
sasl_username=
[EMAIL PROTECTED]
Oct 24 23:19:48 *** postfix/cleanup[4458]: 9FB78100BC1: message-id=<[EMAIL 
PROTECTED]>
Oct 24 23:19:48 *** postfix/qmgr[4149]: trigger_server_accept_fifo: trigger 
arrived
Oct 24 23:19:48 *** postfix/qmgr[4149]: master_notify: status 0
Oct 24 23:19:48 *** postfix/qmgr[4149]: request: 87 (W)
Oct 24 23:19:48 *** postfix/qmgr[4149]: qmgr_scan_start: start incoming queue 
scan
Oct 24 23:19:48 *** postfix/qmgr[4149]: master_notify: status 1
Oct 24 23:19:48 *** postfix/qmgr[4149]: qmgr_active_feed: queue incoming
Oct 24 23:19:48 *** postfix/qmgr[4149]: qmgr_active_feed: 
incoming/9/F/9FB78100BC1
Oct 24 23:19:48 *** postfix/qmgr[4149]: qmgr_message_alloc: active 9FB78100BC1
Oct 24 23:19:48 *** postfix/qmgr[4149]: 9FB78100BC1: recipient limit 5000
Oct 24 23:19:48 *** postfix/qmgr[4149]: 9FB78100BC1: from=<[EMAIL PROTECTED]>, 
size=1535, nrcpt=1 (queue active)
Oct 24 23:19:48 *** postfix/qmgr[4149]: start sorted recipient list
Oct 24 23:19:48 *** postfix/qmgr[4149]: qmgr_message_sort: [EMAIL PROTECTED]
Oct 24 23:19:48 *** postfix/qmgr[4149]: end sorted recipient list
Oct 24 23:19:48 *** postfix/qmgr[4149]: connect to subsystem private/rewrite
Oct 24 23:19:48 *** postfix/qmgr[4149]: send attr request = resolve
Oct 24 23:19:48 *** postfix/qmgr[4149]: send attr sender = [EMAIL PROTECTED]
Oct 24 23:19:48 *** postfix/qmgr[4149]: send attr address = [EMAIL PROTECTED]
Oct 24 23:19:48 *** postfix/qmgr[4149]: private/rewrite socket: wanted 
attribute: flags
Oct 24 23:19:48 *** postfix/qmgr[4149]: input attribute name: flags
Oct 24 23:19:48 *** postfix/qmgr[4149]: input attribute value: 0
Oct 24 23:19:48 *** postfix/qmgr[4149]: private/rewrite socket: wanted 
attribute: transport
Oct 24 23:19:48 *** postfix/qmgr[4149]: input attribute name: transport
Oct 24 23:19:48 *** postfix/qmgr[4149]: input attribute value: maildrop
Oct 24 23:19:48 *** postfix/qmgr[4149]: private/rewrite socket: wanted 
attribute: nexthop
Oct 24 23:19:48 *** postfix/qmgr[4149]: input attribute name: nexthop
Oct 24 23:19:48 *** postfix/qmgr[4149]: input attribute value: ***.hu
Oct 24 23:19:48 *** postfix/qmgr[4149]: private/rewrite socket: wanted 
attribute: recipient
Oct 24 23:19:48 *** postfix/qmgr[4149]: input attribute name: recipient
Oct 24 23:19:48 *** postfix/qmgr[4149]

Re: SMTP transaction interrupted

[Wietse Venema]

Rocco Scappatura:
> > I can't identify the cause of impossibility to relay emails through my
> > Postifix mail gateway, from a Outlook express client.
> 
> Indeed, I get the problem while sending email with attachment with size
> above 5-6 MB..
> 
> > From mail log, I saw:
> > 
> > postfix/smtpd[16988]: connect from unknown[xxx.yyy.www.zzz]
> > postfix/smtpd[16988]: 7B98D75008D: client=unknown[xxx.yyy.www.zzz]
> > postfix/cleanup[22797]: 7B98D75008D:
> > message-id=<[EMAIL PROTECTED]>
> > 
> > From client side I get a pop-up window that points out problems with
> > server communication or even network..
> > 
> > What it couuld be inferred from postfix log above? How could continue
> > to
> > investigate to get the cause of interruption?

Look for the records at the END of the SMTP session.

$ egrep 'postfix/cleanup\[22797\]|postfix/smtpd\[16988\]' /var/log/maillog

Wietse

Re: OT: Email courtesy

[MailingListe]

Zitat von "MacShane, Tracy" <[EMAIL PROTECTED]>:


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Vince LaMonica
Sent: Tuesday, 28 October 2008 4:11 AM
To: Patrick Ben Koetter
Cc: postfix-users@postfix.org
Subject: Re: problems authenticating

[snip]

TIA once again,

/vjl/



Could you please remove the annoying header that tells me I should use
Pine instead of Outlook if "I'm worried about Outlook viruses"? I have
the courtesy not to tell you that Pine doesn't have the functionality I
(and my corporate environment) require in each and every one of my
emails, so please have the courtesy not to give unsolicited opinions by
default. Especially when they're based on misleading information (what
"Outlook" viruses? Also, many of the vulnerabilities in older versions
of Outlook have been fixed).



Please keep your personal dispute about e-mail clients private !!


--
All your trash belong to us ;-)  www.spamschlucker.org
To: [EMAIL PROTECTED]

Re: Which FileSystem do you use on your postfix server?

[Stefan Förster]

* Simone Felici <[EMAIL PROTECTED]> wrote:
> I know, there is enough written on the net and on the mailinglist too, but
> have found only old results, maybe the meanwhile something is different,
> also I would ask you...
> Which filesystem do you use on your mailserver?
> I'm going to migrate a mailserver with EXT3 (and qmail) to a new postfix
> mailserver (virtual domains on mysql, ...).
> I would create the system on EXT3 (RHES) and the following partitions on
> rieserfs:
> /var/spool/postfix AND the partition that will contain all mails in MailDir
> format.

Postfix works perfectly with it's spool on an ext3 filesystem - or rather,
the list of Linux specific issues at http://www.postfix.org/LINUX_README.html
does not mention ext3. Given this and the fact that a lot of people
are running Postfix with it's spool on an ext3 filesystem suggests
that there are no fundamental problems with this setup (well, there is
one gotcha: At least on i386, ext3 can only handle 32k inodes per
directory).

Since some point during development of the 2.4 kernel, ext3 got the
ability to use htree hashing for direcotry indexing. I don't know
whether the Orlov allocator ever made it to the official kernel, but
nevertheless, an ext3 filesystem initialized for storing a lot of
small files (inode_ratio = 4096) and htree inidces (-O dir_index) is
perfectly capable of dealing with the requirements that mail handling
imposes.

That said, although I personally never had any issues with ReiserFS,
there are really tons of problem reports out there on the net - so I'd
never use ReiserFS for any data I care for - though it might be
perfectly fine for things like a proxy cache.

Besides, I never saw any real performance gains (see below).

> At the moment the server has ~100.000 mailboxes and more or less 120.000
> mails stored per day (already filtered trought spam filters from frontend
> servers).

If directory access times really become an issue, you can always work
around that: The configuration parameter virtual_mailbox_maps allows
you to store incoming mail in a directory structure of several levels
instead of a flat hierarchy. For example:

[EMAIL PROTECTED] -> $virtual_mailbox_base/incertum.invalid/cite

could also become

[EMAIL PROTECTED] -> $virtual_mailbox_base/i/incertum.net/c/cite

We cannot give you any advice on a possible way to organize your mail
storage without knowing some real data on the number of domains and
localparts per domain involved.

> Any suggestions? Any test results on both FS to compare with mine I'll
> create?

Back in 2004, during my time at university, me and some friends
performed some quick tests, which you can find at:

http://tinyurl.com/6bb3q4

It's in German, but perhaps you can find an online service to
translate it - though I seriously doubt it's worth the trouble: Old
kernel and we didn't really put that much effort into the tests we
performed.

There are a number of performance related docs in the Postfix website:

http://www.postfix.org/TUNING_README.html
http://www.postfix.org/QSHAPE_README.html

As a last remark: IMAP servers typically impose a greater I/O load on
a system than the MTA itself. There are massive performance
differences betweens Cyrus, Courier, uw-imapd and Dovecot, so perhaps
you might want to search for a benchmark on those programs.

Conclusion: Don't put valuable data on ReiserFS. Don't do premature
optimization. You can always change filesystems if your tests show
performance gains and you run into performance shortages.


Cheers
Stefan
-- 
Stefan Förster http://www.incertum.net/ Public Key: 0xBBE2A9E9

RE: SMTP transaction interrupted

[Rocco Scappatura]

> I can't identify the cause of impossibility to relay emails through my
> Postifix mail gateway, from a Outlook express client.

Indeed, I get the problem while sending email with attachment with size
above 5-6 MB..

> From mail log, I saw:
> 
> postfix/smtpd[16988]: connect from unknown[xxx.yyy.www.zzz]
> postfix/smtpd[16988]: 7B98D75008D: client=unknown[xxx.yyy.www.zzz]
> postfix/cleanup[22797]: 7B98D75008D:
> message-id=<[EMAIL PROTECTED]>
> 
> From client side I get a pop-up window that points out problems with
> server communication or even network..
> 
> What it couuld be inferred from postfix log above? How could continue
> to
> investigate to get the cause of interruption?
> 
> TIA,
> 
> rocsca

Re: Sender Bcc Maps

[Ranjith Kumar]

Hi,

I am not using amavisd-new. I am using spamassassin as the content filter.

On Wed, Oct 29, 2008 at 2:35 PM, Ralf Hildebrandt
<[EMAIL PROTECTED]> wrote:
> * Ranjith Kumar <[EMAIL PROTECTED]>:
>
>> I have enabled sender_bcc_maps on my postfix mta using the
>> documentation available on postfix site. The mails are being forwarded
>> successfully, but I am receiving 2 copies of the mail.
>>
>> What could be the problem?
>
> You didn't read the installation instructions for amavisd-new
> carefully enough.
>
> --
> Ralf Hildebrandt ([EMAIL PROTECTED])  [EMAIL PROTECTED]
> Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
> http://www.arschkrebs.de  I'm looking for a job
> Nichts kann ohne Einsamkeit entstehen.
>

Re: RE : RE : Big incoming queue, slow qmgr, idle system. It worked, thanks

[Francis SOUYRI]

Hi Viktor,

   Normaly at this time I have lot of mail in the incoming, but with 
your modification nothing... the response of the server, and the mail 
process are perfect THANK YOU !


I have just a little question, how can I disable de qmgr logging ?
In a "normal" case I am interrested in the log by the 
smtpd/smtp/delevery agents activity (mail come from, go to filter, go to 
dest...), but not by the cleanup/qmgr activity... what do you think ?


Best regards.

Francis

Victor Duchovni wrote:

On Tue, Oct 28, 2008 at 09:12:34PM +0100, Francis SOUYRI wrote:

  

Is syslog configured to not log each line synchronously??? On Linux systems
with syslogd make sure that the log file has "-/var/log/maillog" not
"/var/log/maillog". Otherwise syslog can't keep up and the queue manager
is blocked trying to syslog...
  

Yes... I changed the syslog config.
# Log all the mail messages in one place.
mail.*   /opt/pmx/postfix/var/log/maillog
by
# Log all the mail messages in one place.
mail.* -/opt/pmx/postfix/var/log/maillog

See you tomorrow at this time there is less activity on the server.

I hope the problem is solved, because since we activated the RDNS/HELO/IP 
checks and put the server on internet the system log activity increase a lot 
of...

Just one question how can the qmgr blocked be by the syslog ?




The queue manager writes a log entry every time it moves a file from
"incoming" to "active". If syslog is not servicing the log socket in
a timely fashion, these writes will block. With smtpd and cleanup and
spam filters wring piles of logs in parallel, the qmgr does not stand
a chance...

Also make sure your log socket is a datagram socket, not a stream socket,
otherwise logs are recorded (badly) out of order, and syslogd does not
scale to hundreds/thousands of processes (smtpd, cleanup, delivery agents)
connecting via stream sockets at the same time.

--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
  

Re: Which FileSystem do you use on your postfix server?

[Adam Tauno Williams]

> > I know, there is enough written on the net and on the mailinglist too, but 
> > have found only old results, maybe the meanwhile something is different, 
> > also I would ask you...
> > Which filesystem do you use on your mailserver?
> > I'm going to migrate a mailserver with EXT3 (and qmail) to a new postfix 
> > mailserver (virtual domains on mysql, ...).
> > I would create the system on EXT3 (RHES) and the following partitions on 
> > rieserfs:
> I would never use reiserfs for anything except our disposable Squid
> Cache. Stay with ext3, it works.

Ditto.  Unless your mail volume is pretty extreme it is hard to believe
you'll see performance difference of filesystems;  if your I/O is slow
your disk / controller are a much more source of the problem.

SMTP transaction interrupted

[Rocco Scappatura]

Hello,

I can't identify the cause of impossibility to relay emails through my
Postifix mail gateway, from a Outlook express client.

>From mail log, I saw:

postfix/smtpd[16988]: connect from unknown[xxx.yyy.www.zzz]
postfix/smtpd[16988]: 7B98D75008D: client=unknown[xxx.yyy.www.zzz]
postfix/cleanup[22797]: 7B98D75008D:
message-id=<[EMAIL PROTECTED]>

>From client side I get a pop-up window that points out problems with
server communication or even network..

What it couuld be inferred from postfix log above? How could continue to
investigate to get the cause of interruption?

TIA,

rocsca

Re: Sender Bcc Maps

[Ralf Hildebrandt]

* Ranjith Kumar <[EMAIL PROTECTED]>:

> I have enabled sender_bcc_maps on my postfix mta using the
> documentation available on postfix site. The mails are being forwarded
> successfully, but I am receiving 2 copies of the mail.
> 
> What could be the problem?

You didn't read the installation instructions for amavisd-new
carefully enough.

-- 
Ralf Hildebrandt ([EMAIL PROTECTED])  [EMAIL PROTECTED]
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de  I'm looking for a job
Nichts kann ohne Einsamkeit entstehen.

Re: Which FileSystem do you use on your postfix server?

[Ralf Hildebrandt]

* Simone Felici <[EMAIL PROTECTED]>:
> Hi Postfix-Users!
>
> I know, there is enough written on the net and on the mailinglist too, but 
> have found only old results, maybe the meanwhile something is different, 
> also I would ask you...
> Which filesystem do you use on your mailserver?
> I'm going to migrate a mailserver with EXT3 (and qmail) to a new postfix 
> mailserver (virtual domains on mysql, ...).
> I would create the system on EXT3 (RHES) and the following partitions on 
> rieserfs:

I would never use reiserfs for anything except our disposable Squid
Cache. Stay with ext3, it works.

-- 
Ralf Hildebrandt ([EMAIL PROTECTED])  [EMAIL PROTECTED]
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de  I'm looking for a job
Given the opacity of the product, how could a Windows admin ever know
as much about Windows as a UNIX admin does about UNIX?! (Roger B. A.
Klorese on Postfix Mailing List) 

Re: Sender Bcc Maps

[Ranjith Kumar]

Hi,

I have enabled sender_bcc_maps on my postfix mta using the
documentation available on postfix site. The mails are being forwarded
successfully, but I am receiving 2 copies of the mail.

What could be the problem?




On Tue, Oct 14, 2008 at 3:35 PM, Barney Desmond <[EMAIL PROTECTED]> wrote:
> Ranjith Kumar wrote:
>> I want to forward outgoing mails of particular user to another
>> account. I searched on the internet and found that it is possible
>> using  sender_bcc_maps command.
>>
>> What is the procedure to use this command.
>
> The documentation indicates it functions much like any other table-based
> lookup.
> http://www.postfix.org/postconf.5.html#sender_bcc_maps
>
> `postconf -m` will show you what table types you can use, hash is
> probably the most common. Create the table, run postmap to generate the
> table file, add the configuration to main.cf, reload postfix.
>
>

Which FileSystem do you use on your postfix server?

[Simone Felici]

Hi Postfix-Users!

I know, there is enough written on the net and on the mailinglist too, but have found only old results, maybe the 
meanwhile something is different, also I would ask you...

Which filesystem do you use on your mailserver?
I'm going to migrate a mailserver with EXT3 (and qmail) to a new postfix 
mailserver (virtual domains on mysql, ...).
I would create the system on EXT3 (RHES) and the following partitions on 
rieserfs:
/var/spool/postfix AND the partition that will contain all mails in MailDir 
format.
At the moment the server has ~100.000 mailboxes and more or less 120.000 mails stored per day (already filtered trought 
spam filters from frontend servers).

Any suggestions? Any test results on both FS to compare with mine I'll create?

Thank's a lot!

Simon

--
Simone FeliciE-Mail: [EMAIL PROTECTED]
Divisione TecnicaTel:0461 030 111
Alpikom S.p.A.   Fax:0461 030 112
v.Fersina, 23 - 38100 Trento URL:http://www.alpikom.it

OT: Email courtesy

[MacShane, Tracy]

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Vince LaMonica
> Sent: Tuesday, 28 October 2008 4:11 AM
> To: Patrick Ben Koetter
> Cc: postfix-users@postfix.org
> Subject: Re: problems authenticating
> 
> [snip]
> 
> TIA once again,
> 
> /vjl/
> 

Could you please remove the annoying header that tells me I should use
Pine instead of Outlook if "I'm worried about Outlook viruses"? I have
the courtesy not to tell you that Pine doesn't have the functionality I
(and my corporate environment) require in each and every one of my
emails, so please have the courtesy not to give unsolicited opinions by
default. Especially when they're based on misleading information (what
"Outlook" viruses? Also, many of the vulnerabilities in older versions
of Outlook have been fixed).