Re: Virtual canonical domains?
On Mon, Nov 17, 2008 at 1:04 AM, Darren Pilgrim [EMAIL PROTECTED] wrote: Use a pcre map to return the local part @someotherdomain.com: /^(.+)@fourthdomain\.com$/ [EMAIL PROTECTED] Where would you put that pcre map? I tried few different patterns in check_recipient_access in smtpd_recipient_restrictions but Postfix didn't like it (server misconfiguration). Ville
Re: TLS and Avast anti-virus
brian wrote: TLS not supported by avast mail scanner. I'm using Postfix with Cyrus-IMAP. I realise that this isn't really Postfix-specific but hope that someone might know of a work-around for this (aside from getting rid of Avast). I don't use Avast (nor Windows) so don't really know what to do about this. Google shows very little for this msg. This really isn't the right place for it, but... * Avast is effectively trying to eavesdrop on your connection * TLS is designed to prevent exactly this from happening * To get around this, Avast would have to perform a man-in-the-middle attack, or act as a proxy for your mail client. I can think of ways this is *possible*, but it would never work in practise. Avast should have a way to disable this behaviour (mail scanning), I'd be surprised if it didn't. signature.asc Description: OpenPGP digital signature
Re: TLS and Avast anti-virus
On Mon, 17 Nov 2008 16:32:32 -0500 brian [EMAIL PROTECTED] wrote: A client who uses Windows/Thunderbird is reporting the following error when attempting to connect to her INBOX: TLS not supported by avast mail scanner. She needs to disable mail-scanning in Avast.
Forward one user with address rewriting
Hi folks. I'm running postfix 2.5.1-2ubuntu1.2 on Ubuntu 8.04. I think I understand postfix admin pretty well, but I have one question I don't know how to solve. I have two machines running postfix and delivering mail locally. Call them m1.sub1.example.com and m2.sub2.example.com. Most people get their mail on m1. I have one user, call him user, who should instead have his mail forwarded to m2 (including locally generated mail on that machine e.g. from cron jobs); the catch is m2 only accepts mail addressed to example.com and I can't change that. I can set up this virtual mapping to make it forward the mail: [EMAIL PROTECTED] [EMAIL PROTECTED] but I need postfix to rewrite the recipient envelope addr to say [EMAIL PROTECTED], only in that case. Otherwise m2 bounces the mail. How can I do that without disturbing all the other users? Thanks very much; -- Gary
sender_bcc, recipient_bcc, double messages: Need some help
Hi guys. I need some help. I've setup postfix to use sender_bcc_maps and recipient_bcc_maps so that only one of the virtual domains which we host, is forwarded to a backup account. The sender_bcc and recipient_bcc statements are in the main.cf The problem, as so many have posted before, is that the backup mailbox receives every mail twice. I realize this has to do with our external filters in our postfix queue, however Im totally lost as to where exactly to insert the options that have been posted in this newsgroup as a solution. I've have tried various options before, but either BCC gets disabled completely, or postfix refuses to accept smtp connections. I'm aware of the recieve_override_options=no_address_mappings setting. But if I put in the main.cf then no mails get sent via BCC to the backup mailbox. I have experimented with placing the sender_bcc_maps and recipient_bcc_maps at several different places within my master.cf. But whenever I do that, postfix stops working properly and refuses smtp connections. In other words, I can't send out email. Some additional info about our postfix setup: We use mysql as a user database in combination with postfixadmin. Secondly we filter emails via postgrey, amavisd, spamassassin and maildrop. The configuration wasn't entirely done by me, different admins added and modified different things, so I've lost the overview a bit. Can anyone help me? Below is the output of my postconf -n and my master.cf Thanks. broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib64/postfix data_directory = /var/lib/postfix debug_peer_level = 1 default_destination_concurrency_limit = 20 home_mailbox = .maildir/ html_directory = /usr/share/doc/postfix-2.2.9/html inet_interfaces = 1.1.1.1, mail.com, localhost local_destination_concurrency_limit = 4 mail_owner = postfix mailbox_size_limit = 102400 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 102400 mydestination = $myhostname myhostname = mail.com mynetworks = 1.1.1.1, 127.0.0.0/8 mynetworks_style = host myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.2.9/readme recipient_bcc_maps = hash:/etc/postfix/recipient_bcc sample_directory = /etc/postfix sender_bcc_maps = hash:/etc/postfix/sender_bcc sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_tls_note_starttls_offer = yes smtpd_client_connection_rate_limit = 10 smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination check_policy_service inet:127.0.0.1:10030 smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/ssl/demoCA/cacert.pem smtpd_tls_CApath = /etc/ssl/certs smtpd_tls_cert_file = /etc/postfix/ssl/server-crt.pem smtpd_tls_key_file = /etc/postfix/ssl/server-key.pem smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:207 virtual_mailbox_base = /var/vmail/ virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domain_maps.cf virtual_mailbox_limit = 10240 virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 207 virtual_transport = maildrop virtual_uid_maps = static:207 ### smtp inet n - n - 8 smtpd #-o content_filter=scan:[127.0.0.1]:10024 -o content_filter=spamchk:dummy -o recieve_override_options=no_address_mappings # #Mail transport used above. scan unix - - n - 4 lmtp -o disable_dns_lookup=yes -o lmtp_send_xforward_command=yes -o lmtp_data_done_timeout=1200 #Injecting mail back into Postfix after content filter localhost:10025 inet n - n - 4 smtpd -o content_filter= -o myhostname=localhost.mail.com -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelope=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 smtps inet
Re: Forward one user with address rewriting
To redirect one without changing the recipient address: /etc/postfix main.cf: transport_maps = hash:/etc/postfix/transport /etc/postfix/transport: [EMAIL PROTECTED] smtp:mx.b.example.com Many years ago I tried to unify virtual aliasing and transport mapping into one table, but I gave up because it would be too hard to use, and it would be too fragile for regular expressions. Wietse
Re: Postfix's SMTP outbound mail filtering of header content
On Tue, Nov 18, 2008 at 02:24:38PM +, Charles Account wrote: I am running Postfix with zimbra, our milter checks for specific content, etc.If it exists, it is allowed to be delivered to the local lmtp queues, however,as for company policy, it must be run through a black box service beforebeing sent outside the company. The milter will put an RFC822 X-headerin the message to indicate additional checks are required. This calls for a 2.5 stage Postfix: input --- output destination | | v scrutiny -- destination The X-Header is added between the input and output stages (via a milter in the input stage, or a content_filter between the input and output stages). The output stage Looks for the X-Header and if present, shunts mail into the scrutiny stage, otherwise delivers to the real destination. I would use three separate Postfix instances for this, but it can be done with multiple services in a single instance. In most of my systems that are similar, the scrutiny stage is actually a quarantine, and mail does not leave directly from there, but the idea is the same... -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:[EMAIL PROTECTED] If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Evolution unable to login mail server.
Stephen Liu wrote: Following is the mail.log reporting the failure of login to download mails. IMAP is running here. Are you still having issues with SASL integration with Postfix? This list does not support IMAP clients since it is the Postfix list and not the (Cyrus|Dovecot|other) IMAP list. Brian
Re: sender_bcc, recipient_bcc, double messages: Need some help
Please see FILTER_README and search for receive_override_options. Wieste
Re: Virtual canonical domains?
Ville Walveranta a écrit : On Mon, Nov 17, 2008 at 1:04 AM, Darren Pilgrim [EMAIL PROTECTED] wrote: Use a pcre map to return the local part @someotherdomain.com: /^(.+)@fourthdomain\.com$/ [EMAIL PROTECTED] Where would you put that pcre map? depends on what you want to do with the map. but don't use this in virtual_alias_maps, because 1- as said before, it rbeaks recipient validation, 2- you don't need regular expressions here: @fourthdomain.com @someotherdomain.com does exactly the same. I tried few different patterns in check_recipient_access in smtpd_recipient_restrictions but Postfix didn't like it (server misconfiguration). without more infos, we can't help. you first ned to verify that your postfix was built with pcre support: # postconf -m and if so, you can use pcre maps in many places. if you get an error, look at other errors/warnings in the logs and you'll see the reason for the error.
Re: Virtual canonical domains?
ACL Policy Daemon for Postfix http://www.apolicy.org/cgi-bin/moin.cgimight do the trick without me having to write the policy daemon myself. It provides numerous ACL methodshttp://www.apolicy.org/cgi-bin/moin.cgi/Tutorialand Regex ACLs http://www.apolicy.org/cgi-bin/moin.cgi/AclList. Ville
Re: Virtual canonical domains?
Ville Walveranta a écrit : On Tue, Nov 18, 2008 at 11:43 AM, Darren Pilgrim [EMAIL PROTECTED] wrote: /^(info|sales|test1)@fourthdomain\.com$/ [EMAIL PROTECTED] I'm not having luck with that. I put... [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] /^(user1|user2)@fourthdomain\.com$/ [EMAIL PROTECTED] .. in virtual_alias_maps and refreshed with postmap, yet I get.. you are mixing different formats. virtual_alias_maps = hash:/etc/postfix/virtual_alias.hash pcre:/etc/postfix/virtual_alias.pcre then put the two first lines in the .hash file and the last one (the /.../ ... line) in the .pcre file. and by the way, only postmap the .hash file. RCPT TO:[EMAIL PROTECTED] 450 4.1.1 [EMAIL PROTECTED]: Recipient address rejected: undeliverable address: User unknown in virtual alias table --- current main.cf: in the future, send output of 'postconf -n' instead of main.cf. [snip]
always_bcc problem
Hi, I'm using `always_bcc` to backup all my messages to a monitor user, and it works fine. My problems is: if a message was sent to more than one recipients, the message will bcc to the monitor user several copies. I just hope to backup every messages only once, is there any way to make it? Thanks? :)
Re: Virtual canonical domains?
On Tue, Nov 18, 2008 at 12:25 PM, Darren Pilgrim [EMAIL PROTECTED] wrote: You have different lookup types in the same table. The pcre line goes in a second lookup table (i.e., virtual_alias_maps.pcre) added to virtual_alias_maps: virtual_alias_maps = hash:${config_directory}/tables/virtual_alias_maps pcre:${config_directory}/tables/virtual_alias_maps.pcre That works! The domains in question have about 20 users that would need to be aliased through a dozen or so domains. So while not exactly pretty and probably not terribly powerful, it'll save the typing. I can have 20 of these: /^(user1|user2|user3|user4|user5|user6|user7|user8|user9|user10|user11|user12|user13|user14|user15|user16|user17|user18|user19|user20)@aliasdomain1\.com$/ [EMAIL PROTECTED] .. instead of 240 individual alias lines (and since the users are the same for all 20 domains, just the aliasdomain name needs to be modified on each line). ACL through policy daemon or some sort of SQL setup may be the ultimate solution but this will work well for starters. Thank you very much for helping me out with this! Ville
Re: Virtual canonical domains?
Ville Walveranta a écrit : On Tue, Nov 18, 2008 at 12:25 PM, Darren Pilgrim [EMAIL PROTECTED] wrote: You have different lookup types in the same table. The pcre line goes in a second lookup table (i.e., virtual_alias_maps.pcre) added to virtual_alias_maps: virtual_alias_maps = hash:${config_directory}/tables/virtual_alias_maps pcre:${config_directory}/tables/virtual_alias_maps.pcre That works! The domains in question have about 20 users that would need to be aliased through a dozen or so domains. So while not exactly pretty and probably not terribly powerful, it'll save the typing. I can have 20 of these: /^(user1|user2|user3|user4|user5|user6|user7|user8|user9|user10|user11|user12|user13|user14|user15|user16|user17|user18|user19|user20)@aliasdomain1\.com$/ [EMAIL PROTECTED] .. instead of 240 individual alias lines (and since the users are the same for all 20 domains, just the aliasdomain name needs to be modified on each line). after some time, a script will save more... # cat alias-target.users user1 user2 ... # cat myscript #!/bin/sh grep -v ^# alias-target.users | while read _user; do echo [EMAIL PROTECTED] [EMAIL PROTECTED] done ACL through policy daemon or some sort of SQL setup may be the ultimate solution but this will work well for starters.
Re: always_bcc problem
Xueron Nee: Hi, I'm using `always_bcc` to backup all my messages to a monitor user, and it works fine. My problems is: if a message was sent to more than one recipients, the message will bcc to the monitor user several copies. I just hope to backup every messages only once, is there any way to make it? Please see http://www.postfix.org/FILTER_README.html and look for receive_override_options. Wietse
anvil and ip exclusions
Is there a way to exclude an IP/range from anvil? I have a mail server where 95% of the users are on the same IP (not local to mail server) and they're triggering anvil 10+ times a day for that IP address. Or is there a different way to work around this? Thanks.
multiple recipient_delimiters?
currently i have recipient_delimiter = + which i use for automatic mail filtering into different maildir folder. however, lots of websides dont know that a + in the address is a valid character and dont allow it. They think the . is the character to have in the local part of the email. arguing did not change anything, so i would like to have both + and . as recipient_delimiters. does that work?
Re: /etc/aliases.db - invalid argument
v0id null wrote: Tried to rebuild aliases.db with postalias, nada Tried BDB v4.2 and v4.1, nada FreeBSD 6.3 Postfix v2.5.4 bdb 4.1.25 Maillog: Nov 18 23:43:01 sloshed postfix/smtpd[60929]: fatal: open database /etc/aliases.db: Invalid argument Nov 18 23:43:02 sloshed postfix/master[54129]: warning: process /usr/local/libexec/postfix/smtpd pid 60929 exit status 1 Nov 18 23:43:02 sloshed postfix/master[54129]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/local/sbin config_directory = /etc/postfix daemon_directory = /usr/local/libexec/postfix debug_peer_level = 2 html_directory = no inet_interfaces = $myhostname, localhost local_recipient_maps = $alias_maps mail_owner = postfix mailbox_transport = cyrus mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man mydestination = $myhostname, localhost.$mydomain, localhost, mail.$mydomain mydomain = someDomain.com myhostname = smtp.someDomain.com mynetworks = 168.100.189.0/28, 127.0.0.0/8 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no recipient_delimiter = + relay_domains = $mydestination $transport_maps sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_tls_note_starttls_offer = no smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = smtpd_tls_auth_only = yes smtpd_tls_cert_file = /usr/local/etc/postfix/postfix.pem smtpd_tls_key_file = /usr/local/etc/postfix/postfix.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:/usr/local/etc/postfix/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 1024 virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_transport = cyrus yeah, domain name altered I've scoured google, newsgroups, mailing lists, all I get are people saying they have the same problem, then others telling them to rebuild aliases.db, then that seemed to solve the problem. No such luck for me though ;( Thanks in advance Are you certain that your version of postfix supports Berkley db files? Try: postconf -m |grep hash Terry
Re: /etc/aliases.db - invalid argument
Well, no. But when I recompiled postfix, the freebsd port grabbed db 4.1 and installed it Hash shows up in postconf -m $ postconf -m btree cidr environ hash mysql pcre proxy regexp static unix On Tue, Nov 18, 2008 at 11:45 PM, Terry Carmen [EMAIL PROTECTED] wrote: v0id null wrote: Tried to rebuild aliases.db with postalias, nada Tried BDB v4.2 and v4.1, nada FreeBSD 6.3 Postfix v2.5.4 bdb 4.1.25 Maillog: Nov 18 23:43:01 sloshed postfix/smtpd[60929]: fatal: open database /etc/aliases.db: Invalid argument Nov 18 23:43:02 sloshed postfix/master[54129]: warning: process /usr/local/libexec/postfix/smtpd pid 60929 exit status 1 Nov 18 23:43:02 sloshed postfix/master[54129]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/local/sbin config_directory = /etc/postfix daemon_directory = /usr/local/libexec/postfix debug_peer_level = 2 html_directory = no inet_interfaces = $myhostname, localhost local_recipient_maps = $alias_maps mail_owner = postfix mailbox_transport = cyrus mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man mydestination = $myhostname, localhost.$mydomain, localhost, mail.$mydomain mydomain = someDomain.com myhostname = smtp.someDomain.com mynetworks = 168.100.189.0/28, 127.0.0.0/8 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no recipient_delimiter = + relay_domains = $mydestination $transport_maps sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_tls_note_starttls_offer = no smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = smtpd_tls_auth_only = yes smtpd_tls_cert_file = /usr/local/etc/postfix/postfix.pem smtpd_tls_key_file = /usr/local/etc/postfix/postfix.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:/usr/local/etc/postfix/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 1024 virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_transport = cyrus yeah, domain name altered I've scoured google, newsgroups, mailing lists, all I get are people saying they have the same problem, then others telling them to rebuild aliases.db, then that seemed to solve the problem. No such luck for me though ;( Thanks in advance Are you certain that your version of postfix supports Berkley db files? Try: postconf -m |grep hash Terry
Re: /etc/aliases.db - invalid argument
On Tue, Nov 18, 2008 at 11:33:28PM -0500, v0id null wrote: Tried to rebuild aliases.db with postalias, nada Tried BDB v4.2 and v4.1, nada Please expand nada into a meaningful english sentence. Usually invalid argument in this context means that the .db file is not a compatible database built with the same version of Berkeley DB. So either postalias is not from the same Postfix version as smtpd, or you are not providing sufficient detail to expose the real problem. FreeBSD 6.3 Postfix v2.5.4 bdb 4.1.25 Maillog: Nov 18 23:43:01 sloshed postfix/smtpd[60929]: fatal: open database /etc/aliases.db: Invalid argument Nov 18 23:43:02 sloshed postfix/master[54129]: warning: process /usr/local/libexec/postfix/smtpd pid 60929 exit status 1 Nov 18 23:43:02 sloshed postfix/master[54129]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:[EMAIL PROTECTED] If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.