Re: Finding the envelope-sender after always_bcc? (SOLVED)
Jeff Weinberger a écrit :
I used a pcre: table for smtpd_sender_restrictions and the PREPEND
action as follows:
main.cf:
smtpd_sender_restrictions = check_sender_access
pcre:/etc/postfix/smtpd_sender_restrictions.pcre
smtpd_sender_restrictions.pcre
/^(.*)/ PREPEND X-Envelope-Sender: ${1}
this will insert into every message a header X-Envelope-Sender:
followed by the envelope sender value. It won't pass the
envelope-sender as SMTP MAIL FROM (dspam wasn't designed to do that,
dspam gets it via LMTP MAIL FROM, and it will pass it back to postfix
with SMT MAIL FROM. I have used this in the past and I'm sure others are
using it now (ping steve?). something in your setup prevents this from
working but I don' think it is a dspam limitation.
and
until I take the step to a better before-queue filter or something that
does, this will work, since all I needed was to capture the
envelope-sender).
Limited testing shows this to work. There might be cases beyond what I
tested that will behave differently than I expect or very oddly.
Thanks again!
reject_rbl_client after check_policy_service
Hi, I have a smtpd_recipient_restrictions section as follows: smtpd_recipient_restrictions = reject_unknown_sender_domain, permit_mynetworks, reject_non_fqdn_sender, reject_non_fqdn_hostname, reject_invalid_hostname, reject_unauth_destination reject_rbl_client sip.invaluement.local reject_rbl_client sip24.invaluement.local check_policy_service inet:127.0.0.1:9997, reject_rbl_client zen.spamhaus.org Greylisting server returns defer_if_permit to defer a mail. My objective is to lookup only those domains in zen whcih has passed greylisting test. But in my configuration above mails which are greylisted also gets blocked by zen. I guess this is the way defer_if_permit works. But is there any way to get the behavior I want? Thanks and regards, raj
Re: reject_rbl_client after check_policy_service
Rajkumar S a écrit : Hi, I have a smtpd_recipient_restrictions section as follows: smtpd_recipient_restrictions = reject_unknown_sender_domain, permit_mynetworks, reject_non_fqdn_sender, reject_non_fqdn_hostname, reject_invalid_hostname, reject_unauth_destination reject_rbl_client sip.invaluement.local reject_rbl_client sip24.invaluement.local check_policy_service inet:127.0.0.1:9997, reject_rbl_client zen.spamhaus.org Greylisting server returns defer_if_permit to defer a mail. My objective is to lookup only those domains in zen whcih has passed greylisting test. But in my configuration above mails which are greylisted also gets blocked by zen. I guess this is the way defer_if_permit works. But is there any way to get the behavior I want? you need to change your policy service to return defer instead of defer_if_permit.
Re: reject_rbl_client after check_policy_service
On Fri, Jan 2, 2009 at 5:47 PM, mouss mo...@ml.netoyen.net wrote: smtpd_recipient_restrictions = snip check_policy_service inet:127.0.0.1:9997, reject_rbl_client zen.spamhaus.org Greylisting server returns defer_if_permit to defer a mail. My objective is to lookup only those domains in zen whcih has passed greylisting test. But in my configuration above mails which are greylisted also gets blocked by zen. I guess this is the way defer_if_permit works. But is there any way to get the behavior I want? you need to change your policy service to return defer instead of defer_if_permit. Thanks! I have changed my greylisting server to return defer Greylisted Come back after 30 seconds But I get a warning: postfix/smtpd[27732]: warning: restriction `Greylisted' after `defer' is ignored But if I use defer_if_permit Greylisted Come back after 30 seconds then there is no warning. am I missing some thing here? raj
Re: reject_rbl_client after check_policy_service
On Fri, Jan 2, 2009 at 6:19 PM, mouss mo...@netoyen.net wrote: just use: 450 4.7.1 Greylisted Come back after 30 seconds Thanks! raj
Re: rate limit outgoing mails with mailman
ja...@monsterjam.org: hey folks.. Im running the latest postfix on an ubuntu server with mailmain for mailing list management.. everything is pretty much working fine except that Im trying to get some kind of rate-limiting or throttling working for all outbound messages. Ive searched all over and The following requires Postfix 2.5 or later: /etc/postfix/main.cf: # Deliver all mail via the smtp transport in master.cf. # Use [] to suppress MX lookup. relayhost = [mail.example.com] default_transport = smtp smtp_destination_rate_delay = 30 This will deliver one message every 30 seconds. Wietse
Re: Finding the envelope-sender after always_bcc? (SOLVED)
Original-Nachricht
Datum: Fri, 02 Jan 2009 11:30:18 +0100
Von: mouss mo...@ml.netoyen.net
An: Jeff Weinberger j...@jweinberger.homeip.net
CC: postfix-users@postfix.org
Betreff: Re: Finding the envelope-sender after always_bcc? (SOLVED)
Jeff Weinberger a écrit :
Hallo Jeff, Salut Mouss
I used a pcre: table for smtpd_sender_restrictions and the PREPEND
action as follows:
main.cf:
smtpd_sender_restrictions = check_sender_access
pcre:/etc/postfix/smtpd_sender_restrictions.pcre
smtpd_sender_restrictions.pcre
/^(.*)/ PREPEND X-Envelope-Sender: ${1}
this will insert into every message a header X-Envelope-Sender:
followed by the envelope sender value. It won't pass the
envelope-sender as SMTP MAIL FROM (dspam wasn't designed to do that,
dspam gets it via LMTP MAIL FROM, and it will pass it back to postfix
with SMT MAIL FROM. I have used this in the past and I'm sure others are
using it now (ping steve?).
I hear you :) Have not followed the discussion. So I don't know exactly what
the problem is. I will need to read the thread. However... I have the same
setup as you mouss. I get the mail from Postfix into DSPAM with LMTP and then
inject the message back to Postfix with SMTP. Has worked that way for the last
years. Never had I any issue with that. In the beginning I was using pipe and
then later SMTP for transporting mail to DSPAM but after having issues with
pipe/smtp I switched to LMTP and have not had any issues since then.
@Jeff: If you want, you could quickly address me directly with your DSPAM issue
and save me some time to read the whole thread.
something in your setup prevents this from
working but I don' think it is a dspam limitation.
and
until I take the step to a better before-queue filter or something that
does, this will work, since all I needed was to capture the
envelope-sender).
Limited testing shows this to work. There might be cases beyond what I
tested that will behave differently than I expect or very oddly.
Thanks again!
// Steve
--
Pt! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen:
http://www.gmx.net/de/go/multimessenger
Re: reject_rbl_client after check_policy_service
On Fri, Jan 2, 2009 at 10:14 AM, Rajkumar S rajkum...@gmail.com wrote: On Fri, Jan 2, 2009 at 6:19 PM, mouss mo...@netoyen.net wrote: just use: 450 4.7.1 Greylisted Come back after 30 seconds Ooops I still get postfix/smtpd[27954]: warning: restriction `450' after `defer' is ignored btw, I am using postfix debian package version 2.5.5-1.1 in Debian Lenny :( The same occurs in postfix 2.3.8 (Debian Etch) and postgrey. DEFER_IF_PERMIT accept a text after restriction, and DEFER don't. - default action DEFER_IF_PERMIT. # tcpdump -i lo -nn -s0 -A port 6 | grep --line-buffered action action=DEFER_IF_PERMIT Try again later. # grep 'warning: restriction' /var/log/mail/mail.log nothing - changing postgrey --greylist-action parameter to DEFER. # tcpdump -i lo -nn -s0 -A port 6 | grep --line-buffered action action=DEFER Try again later. # grep 'warning: restriction' /var/log/mail/mail.log Jan 2 12:27:57 marajo postfix/smtpd[11688]: warning: restriction `Try' after `defer' is ignored -- Reinaldo de Carvalho http://korreio.sf.net (Now available in English) http://python-cyrus.sf.net
Re: rate limit outgoing mails with mailman
The following requires Postfix 2.5 or later: /etc/postfix/main.cf: # Deliver all mail via the smtp transport in master.cf. # Use [] to suppress MX lookup. relayhost = [mail.example.com] default_transport = smtp smtp_destination_rate_delay = 30 This will deliver one message every 30 seconds. Wietse aah heck, I lied to you.. I have postfix 2.4.5-3ubuntu1.3 installed :( Is there a way to accomplish the same thing for this version or should I compile the new one? I couldnt find postfix 2.5 for Ubuntu 7.10 thanks/regards, Jason
understanding postfix log
Hello, I have searched around trying to understand the postfix log message because I found that my server is being abused by the spammer which the spammer sending me the message with the sender as my email. I have a form that allow user to send message to their friends about my website link, but when I checked the apache log files, I did not see the spammer abusing that dynamic link. What are the possibilities that the spammer could use my mail server to spam ? I have googled on how to understand the postfix log file but not much useful information that I got, do you know any good one ? Thank you very much. Best regards, William Kisman
keep Sensitivity MIME header upon bounces/DSNs
Since certain MUAs such as MS Outlook allow the user to label messages as confidential which according to http://www.faqs.org/rfcs/rfc1327.html gets translated into MIME header Sensitivity=Company-Confidential, quite some secure mail gateways ensure higher transmission secrecy (e.g. smtp_enforce_tls) for such messages. To not loose such labeling, some MUAs also set this MIME-Header upon replies/forwards. Unfortunately, if such a message causes a bounce (e.g. inexistent recipient), postfix sends such a bounce without the sensitivity header. This can cause contents to be disclosed since not treated properly by above-mentioned gateways (in particular, if the main.cf doesn't say bounce_size_limit=1 [the value 0 is not permitted??]). Is there any reason for postfix not to keep the sensitivity mime header even on DSNs? Ralf -- Securely and spam-free via: https://www.privasphere.com/e?hau...@acm.org gpg fingerprint: B7BE 9E33 7AA0 9FA5 8D3A 9718 2A20 188E 8782 6F38 https://www.privasphere.com/keys/gpg/RHpub.asc 0x87826F38
Re: rate limit outgoing mails with mailman
ja...@monsterjam.org: The following requires Postfix 2.5 or later: /etc/postfix/main.cf: # Deliver all mail via the smtp transport in master.cf. # Use [] to suppress MX lookup. relayhost = [mail.example.com] default_transport = smtp smtp_destination_rate_delay = 30 This will deliver one message every 30 seconds. Wietse aah heck, I lied to you.. I have postfix 2.4.5-3ubuntu1.3 installed :( Is there a way to accomplish the same thing for this version or should I compile the new one? I couldnt find postfix 2.5 for Ubuntu 7.10 For a collection of rate limiting examples, see the Postfix documentation at http://www.postfix.org/QSHAPE_README.html#backlog Wietse
Re: understanding postfix log
William Kisman wrote: What are the possibilities that the spammer could use my mail server to spam ? First check if your server is an open relay using this service: http://www.abuse.net/relay.html Also if you think that a sasl user/pass has been compromised, change the password. You can look through the mail log for an instance where a spam passed through and get the id: Jan 2 07:05:04 mail1 postfix/smtp[26253]: 0B2DC6A009B: -- This is the id Once you get the id, you can grep that specific id to get all of the log entries related to it at which point you can see where the connection came from and if it was authenticated: Jan 2 01:05:03 mail1 postfix/smtpd[25860]: 0B2DC6A009B: client=mail1.xxx.com[x.x.x.x], sasl_method=LOGIN, sasl_username=johndoe If the connection was authenticated and you know it should not have been and the message should have been rejected, then a password has possibly been compromised. J.P.
Re: keep Sensitivity MIME header upon bounces/DSNs
Ralf Hauser: Since certain MUAs such as MS Outlook allow the user to label messages as confidential which according to http://www.faqs.org/rfcs/rfc1327.html gets translated into MIME header Sensitivity=Company-Confidential, quite some secure mail gateways ensure higher transmission secrecy (e.g. smtp_enforce_tls) for such messages. To not loose such labeling, some MUAs also set this MIME-Header upon replies/forwards. Unfortunately, if such a message causes a bounce (e.g. inexistent recipient), postfix sends such a bounce without the sensitivity header. Just to be clear about this, Postfix is an MTA, not a security gateway. For this reason, Postfix has no code that recognizes message headers that control behavior of security gateways. It's not like I deliberately deleted the ability to do this. The whole question simply never came up so the code was never implemented. This can cause contents to be disclosed since not treated properly by above-mentioned gateways (in particular, if the main.cf doesn't say bounce_size_limit=1 [the value 0 is not permitted??]). Normally, zero means no limit in Postfix. I did not think that that would be desirable in the case of bounce messages. Is there any reason for postfix not to keep the sensitivity mime header even on DSNs? Postfix implements RFCs, to avoid re-inventing the wheel poorly. Can you refer me to an RFC that requires MTAs to copy header fields from an original message to the message header of a delivery status notification? The only RFC that I am aware of is propagation of the MIME 7bit/8bit content transfer encoding. It would also help if you could point to an RFC that requires MTAs to the change delivery method depending on the content of a message header. Wietse
Re: understanding postfix log
Dear J.P. Trosclair, Thank you for your prompt reply and your help. Before I could locate the an intance where a spam passed through, how can I locate that ? Below are my test, there is no open relay. (my real domain had been replaced to mydomain.com as well as a dummy IP address) *Mail relay testing* Connecting to mail.mydomain.com for anonymous test ... 220 mail.mydomain.com ESMTP Postfix HELO www.abuse.net 250 mail.mydomain.com Relay test 1 RSET 250 2.0.0 Ok MAIL FROM:spamt...@abuse.net 250 2.1.0 Ok RCPT TO:securityt...@abuse.net 554 5.7.1 securityt...@abuse.net: Relay access denied Relay test 2 RSET 250 2.0.0 Ok MAIL FROM:spamtest 250 2.1.0 Ok RCPT TO:securityt...@abuse.net 554 5.7.1 securityt...@abuse.net: Relay access denied Relay test 3 RSET 250 2.0.0 Ok MAIL FROM: 250 2.1.0 Ok RCPT TO:securityt...@abuse.net 554 5.7.1 securityt...@abuse.net: Relay access denied Relay test 4 RSET 250 2.0.0 Ok MAIL FROM:spamt...@mydomain.com 250 2.1.0 Ok RCPT TO:securityt...@abuse.net 554 5.7.1 securityt...@abuse.net: Relay access denied Relay test 5 RSET 250 2.0.0 Ok MAIL FROM:spamt...@[123.123.123.11] 250 2.1.0 Ok RCPT TO:securityt...@abuse.net 554 5.7.1 securityt...@abuse.net: Relay access denied Relay test 6 RSET 250 2.0.0 Ok MAIL FROM:spamt...@mydomain.com 250 2.1.0 Ok RCPT TO:securitytest%abuse@mydomain.com 554 5.7.1 securitytest%abuse@mydomain.com: Relay access denied Relay test 7 RSET 250 2.0.0 Ok MAIL FROM:spamt...@mydomain.com 250 2.1.0 Ok RCPT TO:securitytest%abuse@[123.123.123.11] 554 5.7.1 securitytest%abuse@[123.123.123.11]: Relay access denied Relay test 8 RSET 250 2.0.0 Ok MAIL FROM:spamt...@mydomain.com 250 2.1.0 Ok RCPT TO:securityt...@abuse.net 554 5.7.1 securityt...@abuse.net: Relay access denied Relay test 9 RSET 250 2.0.0 Ok MAIL FROM:spamt...@mydomain.com 250 2.1.0 Ok RCPT TO:securitytest%abuse.net 554 5.7.1 securitytest%abuse.net: Relay access denied Relay test 10 RSET 250 2.0.0 Ok MAIL FROM:spamt...@mydomain.com 250 2.1.0 Ok RCPT TO:securityt...@abuse.net@mydomain.com 554 5.7.1 securityt...@abuse.net@mydomain.com: Relay access denied Relay test 11 RSET 250 2.0.0 Ok MAIL FROM:spamt...@mydomain.com 250 2.1.0 Ok RCPT TO:securityt...@abuse.net@mydomain.com 554 5.7.1 securityt...@abuse.net@mydomain.com: Relay access denied Relay test 12 RSET 250 2.0.0 Ok MAIL FROM:spamt...@mydomain.com 250 2.1.0 Ok RCPT TO:securityt...@abuse.net@[123.123.123.11] 554 5.7.1 securityt...@abuse.net@[123.123.123.11]: Relay access denied Relay test 13 RSET 250 2.0.0 Ok MAIL FROM:spamt...@mydomain.com 250 2.1.0 Ok RCPT TO:@mydomain.com:securityt...@abuse.net 554 5.7.1 securityt...@abuse.net: Relay access denied Relay test 14 RSET 250 2.0.0 Ok MAIL FROM:spamt...@mydomain.com 250 2.1.0 Ok RCPT TO:@[123.123.123.11]:securityt...@abuse.net 554 5.7.1 securityt...@abuse.net: Relay access denied Relay test 15 RSET 250 2.0.0 Ok MAIL FROM:spamt...@mydomain.com 250 2.1.0 Ok RCPT TO:abuse.net!securitytest 554 5.7.1 abuse.net!securitytest: Relay access denied Relay test 16 RSET 250 2.0.0 Ok MAIL FROM:spamt...@mydomain.com 250 2.1.0 Ok RCPT TO:abuse.net!securityt...@mydomain.com 554 5.7.1 abuse.net!securityt...@mydomain.com: Relay access denied Relay test 17 RSET 250 2.0.0 Ok MAIL FROM:spamt...@mydomain.com 250 2.1.0 Ok RCPT TO:abuse.net!securityt...@[123.123.123.11] 554 5.7.1 abuse.net!securityt...@[123.123.123.11]: Relay access denied Relay test result All tests performed, no relays accepted. Thank you On Fri, Jan 2, 2009 at 11:56 PM, J.P. Trosclair jptroscl...@judelawfirm.com wrote: William Kisman wrote: What are the possibilities that the spammer could use my mail server to spam ? First check if your server is an open relay using this service: http://www.abuse.net/relay.html Also if you think that a sasl user/pass has been compromised, change the password. You can look through the mail log for an instance where a spam passed through and get the id: Jan 2 07:05:04 mail1 postfix/smtp[26253]: 0B2DC6A009B: -- This is the id Once you get the id, you can grep that specific id to get all of the log entries related to it at which point you can see where the connection came from and if it was authenticated: Jan 2 01:05:03 mail1 postfix/smtpd[25860]: 0B2DC6A009B: client= mail1.xxx.com[x.x.x.x], sasl_method=LOGIN, sasl_username=johndoe If the connection was authenticated and you know it should not have been and the message should have been rejected, then a password has possibly been compromised. J.P. -- Best regards, William Kisman
Re: Finding the envelope-sender after always_bcc? (SOLVED)
On Jan 2, 2009, at 2:30 AM, mouss wrote:
Jeff Weinberger a écrit :
I used a pcre: table for smtpd_sender_restrictions and the PREPEND
action as follows:
main.cf:
smtpd_sender_restrictions = check_sender_access
pcre:/etc/postfix/smtpd_sender_restrictions.pcre
smtpd_sender_restrictions.pcre
/^(.*)/ PREPEND X-Envelope-Sender: ${1}
this will insert into every message a header X-Envelope-Sender:
followed by the envelope sender value. It won't pass the
envelope-sender as SMTP MAIL FROM (dspam wasn't designed to do that,
dspam gets it via LMTP MAIL FROM, and it will pass it back to postfix
with SMT MAIL FROM. I have used this in the past and I'm sure others
are
using it now (ping steve?). something in your setup prevents this from
working but I don' think it is a dspam limitation.
It's definitely my set up. I don't use LMTP to pass the message to
dspam, I use a transport called dspam that uses pipe. That means
there's no S/LMTP dialog, just the message itself passed as STDIN.
I have to move dspam to use LMTP and then move it to a before-queue
content filter so that this workaround becomes unnecessary, but until
I go to make those changes, this will suffice.
I'm not completely convinced that dspam will work seamlessly as a
before-queue content filter, so I'll have to do some testing to see
how well that works and whether it can do what I need and hand fully
formed messages with SMTP dialog information back to postfix.
Thank you!!
and
until I take the step to a better before-queue filter or something
that
does, this will work, since all I needed was to capture the
envelope-sender).
Limited testing shows this to work. There might be cases beyond
what I
tested that will behave differently than I expect or very oddly.
Thanks again!
Re: reject_rbl_client after check_policy_service
Rajkumar S a écrit : On Fri, Jan 2, 2009 at 6:19 PM, mouss mo...@netoyen.net wrote: just use: 450 4.7.1 Greylisted Come back after 30 seconds Ooops I still get postfix/smtpd[27954]: warning: restriction `450' after `defer' is ignored Remove the defer keyword. Return 450 4.7.1 Greylisted Come back after 30 seconds with no defer before it. btw, I am using postfix debian package version 2.5.5-1.1 in Debian Lenny :(
Re: understanding postfix log
On Fri, Jan 02, 2009 at 11:42:17PM +0800, William Kisman wrote: Hello, I have searched around trying to understand the postfix log message because I found that my server is being abused by the spammer which the spammer sending me the message with the sender as my email. Email sender addresses are easily forged. Nothing new here. I have a form that allow user to send message to their friends about my website link, but when I checked the apache log files, I did not see the spammer abusing that dynamic link. What are the possibilities that the spammer could use my mail server to spam ? How is this related to receiving email with forged sender addresses? Do check the headers of the forged email, if it arrived from outside, no point in checking web logs, I have googled on how to understand the postfix log file but not much useful information that I got, do you know any good one ? First take the time to understand that email envelope and sender information is unauthenticated and subject to forgery. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Finding the envelope-sender after always_bcc? (SOLVED)
Jeff Weinberger:
[ Charset ISO-8859-1 unsupported, converting... ]
On Jan 2, 2009, at 2:30 AM, mouss wrote:
Jeff Weinberger a ?crit :
I used a pcre: table for smtpd_sender_restrictions and the PREPEND
action as follows:
main.cf:
smtpd_sender_restrictions = check_sender_access
pcre:/etc/postfix/smtpd_sender_restrictions.pcre
smtpd_sender_restrictions.pcre
/^(.*)/ PREPEND X-Envelope-Sender: ${1}
this will insert into every message a header X-Envelope-Sender:
followed by the envelope sender value. It won't pass the
envelope-sender as SMTP MAIL FROM (dspam wasn't designed to do that,
dspam gets it via LMTP MAIL FROM, and it will pass it back to postfix
with SMT MAIL FROM. I have used this in the past and I'm sure others
are
using it now (ping steve?). something in your setup prevents this from
working but I don' think it is a dspam limitation.
It's definitely my set up. I don't use LMTP to pass the message to
dspam, I use a transport called dspam that uses pipe. That means
there's no S/LMTP dialog, just the message itself passed as STDIN.
If you can show what you've configured to pass mail into dspam,
then perhaps someone can tell you how to get that envelope sender
address into dspam, too.
Wietse
Re: rate limit outgoing mails with mailman
On Fri, 2 Jan 2009 10:40:45 -0500 ja...@monsterjam.org wrote: The following requires Postfix 2.5 or later: /etc/postfix/main.cf: # Deliver all mail via the smtp transport in master.cf. # Use [] to suppress MX lookup. relayhost = [mail.example.com] default_transport = smtp smtp_destination_rate_delay = 30 This will deliver one message every 30 seconds. Wietse aah heck, I lied to you.. I have postfix 2.4.5-3ubuntu1.3 installed :( Is there a way to accomplish the same thing for this version or should I compile the new one? I couldnt find postfix 2.5 for Ubuntu 7.10 Look in gutsy-backports or upgrade to 8.04. Also note that the release you are using will be unsupported in another 3 months, so upgrading is likely your best bet. Scott K
Re: Finding the envelope-sender after always_bcc? (SOLVED)
Jeff Weinberger a écrit : It's definitely my set up. I don't use LMTP to pass the message to dspam, I use a transport called dspam that uses pipe. That means there's no S/LMTP dialog, just the message itself passed as STDIN. so _you_ are not passing the envelope sender to dspam. Consider running dspam in relay mode: postfix --(LMTP)-- dspam --(SMTP)-- postfix I have to move dspam to use LMTP and then move it to a before-queue why do you want to run it in pre-queue mode? This is not needed and is not simple to setup. content filter so that this workaround becomes unnecessary, but until I go to make those changes, this will suffice. I'm not completely convinced that dspam will work seamlessly as a before-queue content filter, so I'll have to do some testing to see how well that works and whether it can do what I need and hand fully formed messages with SMTP dialog information back to postfix.
Re: understanding postfix log
Thank you IBBoard, that is a nice idea, I am trying to understand it. Now I understand, thank you very much. This is the first time I make use of my evolution mail menu to view the message headers, so the header does show the SMTP id as well and I can use that to grep it in postfix log. Return-path: i...@qwestcz.cz X-original-to: i...@mydomain.com Delivered-to: i...@mydomain.com Received: from conaxedition (unknown [88.229.53.253]) by mail.mydomain.com(Postfix) with SMTP id 2D1A31980003 for i...@mydomain.com; Thu, 1 Jan 2009 11:04:47 -0800 (PST) To: i...@mydomain.com Subject: nhmt i...@mydomain.com Thu, 1 Jan 2009 09:05:34 +0200 70%0FF fqnjw From: Viagra.com i...@mydomain.com Mime-version: 1.0 Content-type: text/html Message-id: 20090101190448.2d1a31980...@mail.mydomain.com Date: Thu, 1 Jan 2009 11:04:47 -0800 (PST) (Fri, 03:04 MYT) X-evolution-source: imap://will...@mail.mydomain.com/ Jan 1 11:04:48 www postfix/smtpd[18133]: 2D1A31980003: client=unknown[88.229.53.253] Jan 1 11:04:49 www postfix/cleanup[18139]: 2D1A31980003: message-id= 20090101190448.2d1a31980...@mail.mydomain.com Jan 1 11:04:49 www postfix/qmgr[28143]: 2D1A31980003: from=i...@qwestcz.cz, size=2162, nrcpt=1 (queue active) Jan 1 11:04:49 www postfix/local[18143]: 2D1A31980003: to= will...@mydomain.com, orig_to=i...@mydomain.com, relay=local, delay=1.9, delays=1.9/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir) Jan 1 11:04:49 www postfix/qmgr[28143]: 2D1A31980003: removed One more thing, here is a log that show three trials but actually there are at least 30 trials of that, when I grep that queue ID it does not show the client address that is trying to send the message, is that a spammer that trying to use my mail server to send message to some one ? How can I block it ? or What should I do ? Dec 28 01:03:25 www postfix/qmgr[32221]: B041D198056F: from=, size=4247, nrcpt=1 (queue active) Dec 28 01:04:16 www postfix/smtp[25721]: B041D198056F: to= tizia...@barak.net, relay=none, delay=62670, delays=62618/0.21/51/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=barak.net type=MX: Host not found, try again) Dec 28 02:26:44 www postfix/qmgr[32221]: B041D198056F: from=, size=4247, nrcpt=1 (queue active) Dec 28 02:27:35 www postfix/smtp[21822]: B041D198056F: to= tizia...@barak.net, relay=none, delay=67669, delays=67618/0.02/51/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=barak.net type=MX: Host not found, try again) Dec 28 03:50:04 www postfix/qmgr[32221]: B041D198056F: from=, size=4247, nrcpt=1 (queue active) Dec 28 03:50:56 www postfix/smtp[28421]: B041D198056F: to= tizia...@barak.net, relay=none, delay=72670, delays=72618/1.1/51/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=barak.net type=MX: Host not found, try again) Jan 1 07:54:32 www postfix/qmgr[28143]: B041D198056F: from=, status=expired, returned to sender Jan 1 07:54:32 www postfix/qmgr[28143]: B041D198056F: removed On Sat, Jan 3, 2009 at 1:07 AM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Fri, Jan 02, 2009 at 11:42:17PM +0800, William Kisman wrote: Hello, I have searched around trying to understand the postfix log message because I found that my server is being abused by the spammer which the spammer sending me the message with the sender as my email. Email sender addresses are easily forged. Nothing new here. I have a form that allow user to send message to their friends about my website link, but when I checked the apache log files, I did not see the spammer abusing that dynamic link. What are the possibilities that the spammer could use my mail server to spam ? How is this related to receiving email with forged sender addresses? Do check the headers of the forged email, if it arrived from outside, no point in checking web logs, I have googled on how to understand the postfix log file but not much useful information that I got, do you know any good one ? First take the time to understand that email envelope and sender information is unauthenticated and subject to forgery. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly. -- Thank you Best regards, William Kisman
Re: rate limit outgoing mails with mailman
aah heck, I lied to you.. I have postfix 2.4.5-3ubuntu1.3 installed :( Is there a way to accomplish the same thing for this version or should I compile the new one? I couldnt find postfix 2.5 for Ubuntu 7.10 Look in gutsy-backports or upgrade to 8.04. Also note that the release you are using will be unsupported in another 3 months, so upgrading is likely your best bet. Scott K excellent idea, so I did install the 2.5.4 version from the backport and I now have r...@ohs:~# grep smtp_destination_rate_delay /etc/postfix/main.cf smtp_destination_rate_delay = 10 r...@ohs:~# and I restarted postfix Jan 2 08:03:56 ohs postfix/master[16208]: terminating on signal 15 Jan 2 08:03:58 ohs postfix/master[16312]: daemon started -- version 2.5.4, configuration /etc/postfix and now when I send an email to my mailman mailing list, I still see it sending out emails with no delay.. Jan 2 08:04:52 ohs postfix/smtp[16349]: 72292189FF: to=someu...@monsterjam.org, relay=outgoing.verizon.net[206.46.232.12]:25, delay=5.3, delays=0.12/0.51/0.36/4.3, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Jan 2 08:04:52 ohs postfix/qmgr[16316]: 72292189FF: removed Jan 2 08:04:52 ohs postfix/smtp[16347]: 950C118A00: to=someu...@gmail.com, relay=outgoing.verizon.net[206.46.232.12]:25, delay=5.2, delays=0.13/0.39/0.37/4.3, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Jan 2 08:04:52 ohs postfix/smtp[16350]: 950C118A00: to=someu...@yahoo.com, relay=outgoing.verizon.net[206.46.232.12]:25, delay=5.3, delays=0.13/0.37/0.38/4.5, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Jan 2 08:04:52 ohs postfix/qmgr[16316]: 950C118A00: removed so it looks like all three of these went out with no delays inbetween each message, right? regards, Jason
giving more resources to procmail/crm
I have 2.5.5 installed on my postfix server at home.. and postfix delivers to procmail on my system mailbox_command = /usr/bin/procmail and then my procmail then calls CRM114 for spam processing.. but more often than not, procmail fails with procmail: Program failure (-25) of /usr/bin/crm which I know means that procmail failed to run the command because of processing limits memory/disk/whatever.. I have jacked up what I *thought* would fix it message_size_limit = 6024 mailbox_size_limit = 6124 but it still fails. Does anyone know if these are the right values to be playing with? regards, Jason
Re: understanding postfix log
On Sat, Jan 03, 2009 at 01:32:39AM +0800, William Kisman wrote: Thank you IBBoard, that is a nice idea, I am trying to understand it. Now I understand, thank you very much. This is the first time I make use of my evolution mail menu to view the message headers, so the header does show the SMTP id as well and I can use that to grep it in postfix log. Return-path: i...@qwestcz.cz X-original-to: i...@mydomain.com Delivered-to: i...@mydomain.com Received: from conaxedition (unknown [88.229.53.253]) by mail.mydomain.com(Postfix) with SMTP id 2D1A31980003 for i...@mydomain.com; Thu, 1 Jan 2009 11:04:47 -0800 (PST) To: i...@mydomain.com Subject: nhmt i...@mydomain.com Thu, 1 Jan 2009 09:05:34 +0200 70%0FF fqnjw From: Viagra.com i...@mydomain.com Mime-version: 1.0 Content-type: text/html Message-id: 20090101190448.2d1a31980...@mail.mydomain.com Date: Thu, 1 Jan 2009 11:04:47 -0800 (PST) (Fri, 03:04 MYT) X-evolution-source: imap://will...@mail.mydomain.com/ This message is a remote forgery received from 88.229.53.253. You must not expect the From: header to be authentic. Senders (spammers, newspapers with send this article links, ...) will for various reasons use your address in email headers. This cannot be prevented. You can refuse your domain in envelope sender addresses, but this has drawbacks (mail sent out is refused if forwarded back in by an external mailbox owned by one of your users or a naive external distribution list that does not replace the envelope sender address with the list owner address). -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: giving more resources to procmail/crm
On Fri, Jan 02, 2009 at 01:28:23PM -0500, ja...@monsterjam.org wrote: I have 2.5.5 installed on my postfix server at home.. and postfix delivers to procmail on my system mailbox_command = /usr/bin/procmail and then my procmail then calls CRM114 for spam processing.. but more often than not, procmail fails with procmail: Program failure (-25) of /usr/bin/crm which I know means that procmail failed to run the command because of processing limits memory/disk/whatever.. I have jacked up what I *thought* would fix it message_size_limit = 6024 mailbox_size_limit = 6124 but it still fails. Does anyone know if these are the right values to be playing with? The mailbox_size_limit is the most likely problem. Programs launched from delivery agents cannot write to files that are larger than the message_size_limit, this includes any Berkeley-DB or other database files, ... -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: VERP uses the recipient name after virtual_regexp rewriting
On Mon, 29 Dec 2008 21:54:52 +0100, I wrote: ... I was surprised to see that when the recipient address provided by Mailman is rewritten by Postfix' virtual_regexp, then the recipient address that Postfix encodes in the envelope return path is the rewritten address, rather than the original subscriber address that Mailman knows. I have just realized that there is another way to look at this, which may be a better argument for the semantics I would like: The problem occurs only because the sending server and the receiving server is the same; the recipient address is in a domain handled by the same postfix instance that Mailman uses to submit mail. If there were two independent postfix instances, this would not happen. In such a case, it seems to me that the result ought to be the same as if processing clearly related to the sending side, such as VERP address generation, happened before processing clearly clearly related to the receiving side, such as recipient address rewriting in virtual_maps. I.e., VERP belongs to sending processing and its result should therefore not depend on virtual_maps rewriting, which are part of the receiving processing and thus belongs logically later; it comes into effect in the same postfix instance only because the subscriber happens to be a local user. (But as I wrote earlier, I can live with the current semantics, and this will - probably - be my last attempt to convince you that the order ought to be different.)
Re: rate limit outgoing mails with mailman
On Fri, Jan 02, 2009 at 01:09:41PM -0500, ja...@monsterjam.org wrote: Jan 2 08:03:56 ohs postfix/master[16208]: terminating on signal 15 Jan 2 08:03:58 ohs postfix/master[16312]: daemon started -- version 2.5.4, configuration /etc/postfix and now when I send an email to my mailman mailing list, I still see it sending out emails with no delay.. Jan 2 08:04:52 ohs postfix/smtp[16349]: 72292189FF: to=someu...@monsterjam.org, relay=outgoing.verizon.net[206.46.232.12]:25, delay=5.3, delays=0.12/0.51/0.36/4.3, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Jan 2 08:04:52 ohs postfix/smtp[16347]: 950C118A00: to=someu...@gmail.com, relay=outgoing.verizon.net[206.46.232.12]:25, delay=5.2, delays=0.13/0.39/0.37/4.3, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Jan 2 08:04:52 ohs postfix/smtp[16350]: 950C118A00: to=someu...@yahoo.com, relay=outgoing.verizon.net[206.46.232.12]:25, delay=5.3, delays=0.13/0.37/0.38/4.5, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Have you fixed your recipient concurrency limit yet, or is it still 1. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: VERP uses the recipient name after virtual_regexp rewriting
Jesper Dybdal: On Mon, 29 Dec 2008 21:54:52 +0100, I wrote: ... I was surprised to see that when the recipient address provided by Mailman is rewritten by Postfix' virtual_regexp, then the recipient address that Postfix encodes in the envelope return path is the rewritten address, rather than the original subscriber address that Mailman knows. I have just realized that there is another way to look at this, which may be a better argument for the semantics I would like: The problem occurs only because the sending server and the receiving server is the same; the recipient address is in a domain handled by the same postfix instance that Mailman uses to submit mail. If there were two independent postfix instances, this would not happen. In such a case, it seems to me that the result ought to be the same as if processing clearly related to the sending side, such as VERP address generation, happened before processing clearly clearly related to the receiving side, such as recipient address rewriting in virtual_maps. I.e., VERP belongs to sending processing and its result should therefore not depend on virtual_maps rewriting, which are part of the receiving processing and thus belongs logically later; it comes into effect in the same postfix instance only because the subscriber happens to be a local user. (But as I wrote earlier, I can live with the current semantics, and this will - probably - be my last attempt to convince you that the order ought to be different.) You don't need to convince me of anything. Where possible Postfix is based on general principles that solve a larger class of problems, instead of a bunch of special-purpose hacks that tend to get in the way when I want to add other features in the same area. In your case, the general principle was not obvious: VERP is a form of input processing. Fortunately, Postfix has original recipient information at hand. Unfortunately, the information is not guaranteed to be in the canonical u...@domain form. However, in the special case of VERP this is OK. The consumer of VERP bounces really wants to see the same string that it gave to the MTA. Wietse Wietse
Re: rate limit outgoing mails with mailman
On Fri, Jan 02, 2009 at 03:43:15PM -0500, Jason Welsh wrote: initial_destination_concurrency = 1 default_destination_concurrency_limit = 1 default_destination_recipient_limit = 1 smtpd_recipient_limit = 1 Point shotgun away from foot. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: rate limit outgoing mails with mailman
yes, and I also realized I had commented out the item that Wietse had wanted me to put in.. Im just trying too many things at once.. Let me clean it up and try again. Jason On Fri, Jan 02, 2009 at 03:54:21PM -0500, Victor Duchovni wrote: On Fri, Jan 02, 2009 at 03:43:15PM -0500, Jason Welsh wrote: initial_destination_concurrency = 1 default_destination_concurrency_limit = 1 default_destination_recipient_limit = 1 smtpd_recipient_limit = 1 Point shotgun away from foot. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly. -- |Jason Welsh ja...@monsterjam.org| | http://monsterjam.orgDSS PGP: 0x5E30CC98 | |gpg key: http://monsterjam.org/gpg/ |
Re: rate limit outgoing mails with mailman
Jason Welsh: my apologies.. here is the output of postconf -n Did you notice that there is no smtp_destination_rate_delay Wietse
Re: rate limit outgoing mails with mailman
On Fri, Jan 02, 2009 at 03:54:21PM -0500, Victor Duchovni wrote:
On Fri, Jan 02, 2009 at 03:43:15PM -0500, Jason Welsh wrote:
initial_destination_concurrency = 1
default_destination_concurrency_limit = 1
default_destination_recipient_limit = 1
smtpd_recipient_limit = 1
Point shotgun away from foot.
--
Viktor.
ok, here is my latest config..
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
default_transport = smtp
home_mailbox = Maildir/
inet_interfaces = all
mailbox_size_limit = 0
mydestination = orientalhealthsolutions.com, ohs.com, localhost.localdomain,
localhost
myhostname = ohs
mynetworks = 127.0.0.0/8 192.168.1.5/32
myorigin = /etc/mailname
recipient_delimiter = +
relay_destination_rate_delay = 10
relayhost = outgoing.verizon.net
smtp_destination_rate_delay = 10
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options =
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
and heres my logs now
Jan 2 16:04:57 ohs postfix/smtp[18389]: B08B018A00:
to=someu...@monsterjam.org, relay=outgoing.verizon.net[206.46.232.12]:25,
delay=0.89, delays=0.08/0.28/0.35/0.17, dsn=2.5.0, status=sent (250 2.5.0 Ok.)
Jan 2 16:04:57 ohs postfix/qmgr[18371]: B08B018A00: removed
Jan 2 16:05:12 ohs postfix/smtp[18389]: E50B018A02: to=someu...@gmail.com,
relay=outgoing.verizon.net[206.46.232.12]:25, delay=15,
delays=0.24/11/0.34/4.4, dsn=2.5.0, status=sent (250 2.5.0 Ok.)
Jan 2 16:05:12 ohs postfix/smtp[18389]: E50B018A02: to=someu...@yahoo.com,
relay=outgoing.verizon.net[206.46.232.12]:25, delay=15,
delays=0.24/11/0.34/4.4, dsn=2.5.0, status=sent (250 2.5.0 Ok.)
Jan 2 16:05:12 ohs postfix/qmgr[18371]: E50B018A02: removed
so there WAS a delay after the first one, but the second two seemed to go out
together..
so we are making progress.. i think.. ;)
Jason
Re: rate limit outgoing mails with mailman
Jan 2 16:04:57 ohs postfix/smtp[18389]: B08B018A00: to=someu...@monsterjam.org, relay=outgoing.verizon.net[206.46.232.12]:25, delay=0.89, delays=0.08/0.28/0.35/0.17, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Jan 2 16:04:57 ohs postfix/qmgr[18371]: B08B018A00: removed Jan 2 16:05:12 ohs postfix/smtp[18389]: E50B018A02: to=someu...@gmail.com, relay=outgoing.verizon.net[206.46.232.12]:25, delay=15, delays=0.24/11/0.34/4.4, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Jan 2 16:05:12 ohs postfix/smtp[18389]: E50B018A02: to=someu...@yahoo.com, relay=outgoing.verizon.net[206.46.232.12]:25, delay=15, delays=0.24/11/0.34/4.4, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Jan 2 16:05:12 ohs postfix/qmgr[18371]: E50B018A02: removed so there WAS a delay after the first one, but the second two seemed to go out together.. so we are making progress.. i think.. ;) The second message has TWO RECIPIENTS. Postfix inserts 10s delay between MESSAGE deliveries not RECIPIENTS. Wieste
Re: rate limit outgoing mails with mailman
Wietse Venema wrote: Jan 2 16:04:57 ohs postfix/smtp[18389]: B08B018A00: to=someu...@monsterjam.org, relay=outgoing.verizon.net[206.46.232.12]:25, delay=0.89, delays=0.08/0.28/0.35/0.17, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Jan 2 16:04:57 ohs postfix/qmgr[18371]: B08B018A00: removed Jan 2 16:05:12 ohs postfix/smtp[18389]: E50B018A02: to=someu...@gmail.com, relay=outgoing.verizon.net[206.46.232.12]:25, delay=15, delays=0.24/11/0.34/4.4, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Jan 2 16:05:12 ohs postfix/smtp[18389]: E50B018A02: to=someu...@yahoo.com, relay=outgoing.verizon.net[206.46.232.12]:25, delay=15, delays=0.24/11/0.34/4.4, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Jan 2 16:05:12 ohs postfix/qmgr[18371]: E50B018A02: removed so there WAS a delay after the first one, but the second two seemed to go out together.. so we are making progress.. i think.. ;) The second message has TWO RECIPIENTS. Postfix inserts 10s delay between MESSAGE deliveries not RECIPIENTS. Wieste well, right, like I said, this is from a mailman mailing list , and there are 3 remote recipients in the list. But in the real list I want to implement, there are hundreds at various addresses and I would like to throttle ALL outgoing deliveries if I can. I guess best case scenario now is to serialize the delivery process somehow. thanks/regards, Jason -- |Jason Welsh ja...@monsterjam.org| | http://monsterjam.orgDSS PGP: 0x5E30CC98 | |gpg key: http://monsterjam.org/gpg/ |
Re: Finding the envelope-sender after always_bcc? (SOLVED)
On Jan 2, 2009, at 9:20 AM, mouss wrote: Jeff Weinberger a écrit : It's definitely my set up. I don't use LMTP to pass the message to dspam, I use a transport called dspam that uses pipe. That means there's no S/LMTP dialog, just the message itself passed as STDIN. so _you_ are not passing the envelope sender to dspam. Consider running dspam in relay mode: postfix --(LMTP)-- dspam --(SMTP)-- postfix I have to move dspam to use LMTP and then move it to a before-queue why do you want to run it in pre-queue mode? This is not needed and is not simple to setup. If I understand your diagram, then the content_filter would look like: content_filter=lmtp:unix:/path/to/dspam args and that might pass through the envelope information (I'm not convinced, but if dspam can do it, that would be how). But since dspam can speak LMTP and SMTP why would an smtpd proxy be hard to set up? It would certainly avoid the bcc issues, etc. that I experiences by having the message run through postfix twice. After reading through SMTPD_PROXY_README, it seems like a bit of a challenge to make it work, but not that hard...what do you think might be difficult? Thanks for all your help - over the course of thi dialog I've learned a lot about postfix and have become more aware of and proficient with parts I knew little about. This has been very helpful. content filter so that this workaround becomes unnecessary, but until I go to make those changes, this will suffice. I'm not completely convinced that dspam will work seamlessly as a before-queue content filter, so I'll have to do some testing to see how well that works and whether it can do what I need and hand fully formed messages with SMTP dialog information back to postfix.
Re: rate limit outgoing mails with mailman
On Fri, Jan 02, 2009 at 04:16:26PM -0500, Jason Welsh wrote: Wietse Venema wrote: Jan 2 16:04:57 ohs postfix/smtp[18389]: B08B018A00: to=someu...@monsterjam.org, relay=outgoing.verizon.net[206.46.232.12]:25, delay=0.89, delays=0.08/0.28/0.35/0.17, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Jan 2 16:04:57 ohs postfix/qmgr[18371]: B08B018A00: removed Jan 2 16:05:12 ohs postfix/smtp[18389]: E50B018A02: to=someu...@gmail.com, relay=outgoing.verizon.net[206.46.232.12]:25, delay=15, delays=0.24/11/0.34/4.4, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Jan 2 16:05:12 ohs postfix/smtp[18389]: E50B018A02: to=someu...@yahoo.com, relay=outgoing.verizon.net[206.46.232.12]:25, delay=15, delays=0.24/11/0.34/4.4, dsn=2.5.0, status=sent (250 2.5.0 Ok.) Jan 2 16:05:12 ohs postfix/qmgr[18371]: E50B018A02: removed so there WAS a delay after the first one, but the second two seemed to go out together.. so we are making progress.. i think.. ;) The second message has TWO RECIPIENTS. Postfix inserts 10s delay between MESSAGE deliveries not RECIPIENTS. well, right, like I said, this is from a mailman mailing list , and there are 3 remote recipients in the list. But in the real list I want to implement, there are hundreds at various addresses and I would like to throttle ALL outgoing deliveries if I can. I guess best case scenario now is to serialize the delivery process somehow. Postfix will send 50 recipients at a time by default. Does the ISP mandate a lower number of recipients per message? Sending more messages with fewer recipients each is certainly not helpful to the ISP. Whatever you set the smtp_destination_recipient_limit to, don't make it 1. If you really want to get one recipient per message, consider using VERP, a good idea with lists anyway. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: rate limit outgoing mails with mailman
well, right, like I said, this is from a mailman mailing list , and there are 3 remote recipients in the list. But in the real list I want to implement, there are hundreds at various addresses and I would like to throttle ALL outgoing deliveries if I can. I guess best case scenario now is to serialize the delivery process somehow. Postfix will send 50 recipients at a time by default. Does the ISP mandate a lower number of recipients per message? Sending more messages with fewer recipients each is certainly not helpful to the ISP. Whatever you set the smtp_destination_recipient_limit to, don't make it 1. If you really want to get one recipient per message, consider using VERP, a good idea with lists anyway. I looked it up and here is the real scoop.. ;) *You may not include more than 100 recipients in a single email. Messages will not be sent to any recipients in excess of 100. *You may not exceed 500 recipients in 1 hour. Exceeding 500 recipients in 1 hour will result in the suspension of your ability to send email for 24 hours. so If I use the following: smtp_destination_recipient_limit = 8 smtp_destination_rate_delay = 60 this means that only 480 messages will get relayed in one hour, right? thanks/regards, Jason
Re: rate limit outgoing mails with mailman
On Fri, Jan 02, 2009 at 04:53:23PM -0500, Jason Welsh wrote: I looked it up and here is the real scoop.. ;) *You may not include more than 100 recipients in a single email. Messages will not be sent to any recipients in excess of 100. *You may not exceed 500 recipients in 1 hour. Exceeding 500 recipients in 1 hour will result in the suspension of your ability to send email for 24 hours. so If I use the following: smtp_destination_recipient_limit = 8 smtp_destination_rate_delay = 60 this means that only 480 messages will get relayed in one hour, right? No, it means up to 60 messages an hour with up to 8 recipients each. Using this ISP for bulk mailing is a really poor infrastructure choice. If you can't make better choices, you may be better off with VERP (resulting in 1 recipient per message), and at most 450 messages per hour via a rate delay of 8 seconds per message. With VERP you can also determine, in a lot more cases, which recipient is causing persistent bounces and must be removed from your list. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: rate limit outgoing mails with mailman
please see inline No, it means up to 60 messages an hour with up to 8 recipients each. but this still keeps me within the limits that verizon has set, right? Using this ISP for bulk mailing is a really poor infrastructure choice. wasnt my choice, it was my client's If you can't make better choices, you may be better off with VERP (resulting in 1 recipient per message), and at most 450 messages per hour via a rate delay of 8 seconds per message. With VERP you can also determine, in a lot more cases, which recipient is causing persistent bounces and must be removed from your list. fair enough, Ill look into it. thanks for your patience and help! Jason
Re: Finding the envelope-sender after always_bcc? (SOLVED)
Wietse Venema wrote:
Jeff Weinberger:
[ Charset ISO-8859-1 unsupported, converting... ]
On Jan 2, 2009, at 2:30 AM, mouss wrote:
Jeff Weinberger a ?crit :
I used a pcre: table for smtpd_sender_restrictions and the
PREPEND
action as follows:
main.cf:
smtpd_sender_restrictions = check_sender_access
pcre:/etc/postfix/smtpd_sender_restrictions.pcre
smtpd_sender_restrictions.pcre
/^(.*)/ PREPEND X-Envelope-Sender: ${1}
this will insert into every message a header X-Envelope-
Sender:
followed by the envelope sender value. It won't pass the
envelope-sender as SMTP MAIL FROM (dspam wasn't designed to do
that,
dspam gets it via LMTP MAIL FROM, and it will pass it back to
postfix
with SMT MAIL FROM. I have used this in the past and I'm sure
others
are
using it now (ping steve?). something in your setup prevents
this from
working but I don' think it is a dspam limitation.
It's definitely my set up. I don't use LMTP to pass the message to
dspam, I use a transport called dspam that uses pipe. That means
there's no S/LMTP dialog, just the message itself passed as STDIN.
If you can show what you've configured to pass mail into dspam,
then perhaps someone can tell you how to get that envelope sender
address into dspam, too.
Wietse
I thought I had a while back, but Im not sure it matters. Right now I
am passing mail to dspam via pipe, which means dspam does not know how
to handle the envelope-sender as a command-line argument. I need to
change this to passing mail to dspam via LMTP.
I don't know how exactly, but I hope with some help, I can make it work!
That said, here's the current configuration:
content_filter=dspam:dspam
and in master.cf:
dspam unix - n n - 10 pipe
flags=Ru user=_dspam argv=/usr/local/bin/dspam --
deliver=innocent --user ${recipient} -i - f $sender -- $recipient
dspam is running as a daemon .and re-injects the mail as SMTP to an
alternate port.
I assume the LMTP setup should look something like:
main.cf:
content_filter=lmtp:unix:/path/to/dspam --deliver=innocent --
user ${recipient} -i - f $sender -- $recipient
and the transport in master.cf becomes unnecessary.
I don't know how to handle the command line arguments (or even if I
have to), so suggestions, help and especially examples would be most
helpful.
Thank you!
--
Jeff Weinberger
http://disruptivemarketing.jeffweinberger.com
Re: Finding the envelope-sender after always_bcc? (SOLVED)
On Fri, Jan 02, 2009 at 05:20:16PM -0500, Wietse Venema wrote:
Jeff Weinberger:
That said, here's the current configuration:
content_filter=dspam:dspam
and in master.cf:
dspam unix - n n - 10 pipe
flags=Ru user=_dspam argv=/usr/local/bin/dspam --
deliver=innocent --user ${recipient} -i - f $sender -- $recipient
Hmm, so dspam is getting the envelope recipent.
Why is there a space between - and f in the above recipe?
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users
If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.
Re: Finding the envelope-sender after always_bcc? (SOLVED)
On Jan 2, 2009, at 2:17 PM, mouss wrote: Jeff Weinberger a écrit : On Jan 2, 2009, at 9:20 AM, mouss wrote: Jeff Weinberger a écrit : It's definitely my set up. I don't use LMTP to pass the message to dspam, I use a transport called dspam that uses pipe. That means there's no S/LMTP dialog, just the message itself passed as STDIN. so _you_ are not passing the envelope sender to dspam. Consider running dspam in relay mode: postfix --(LMTP)-- dspam --(SMTP)-- postfix I have to move dspam to use LMTP and then move it to a before-queue why do you want to run it in pre-queue mode? This is not needed and is not simple to setup. Is there a reason why you keep adding yahoo groups after I remove them fro CC? This is starting to annoy me... Sorry!! I was having problems with my messages not posting. I will stop adding :) and by the way, disable the X-DSPAM-Factors header. dspam doesn't encode it, which results in things like: X-DSPAM-Factors: 27, ... a+écrit, 0.01000, and this is not a valid header. OK thanks! If I understand your diagram, then the content_filter would look like: content_filter=lmtp:unix:/path/to/dspam args No. content_filter=lmtp:inet:127.0.0.1:10024 where the 10024 is the same port used in dspam.conf: ServerPort10024 of course, dspam must be running in daemon mode. dspam is running in daemon mode. This makes sense as a setup. The example in the dspam docs for postfix shows content_filter=lmtp:unix:/path/to/dspam.sock which is why I thought unix: instead of inet: is there any difference, other than performance? On a related question (if more broad): some content_filter examples I see use content_filter in main.cf and some as -o content_filter=... in master.cf. I understand from prior conversations here that you can't override content filters, they are global. (yes?) So is there an advantage/disadvantage to specifying the content filter in main.cf vs. master.cf? and that might pass through the envelope information (I'm not convinced, but if dspam can do it, that would be how). LMTP is similar to SMTP, and dspam can run as an LMTP server (this is configured in dspam.conf). But since dspam can speak LMTP and SMTP dspam has a server and a client. so which speaks what? if we are talking about the server part: $ cd dspam-3.8.0/src $ cat daemon.c .. input = daemon_expect(TTX, LHLO); if (input == NULL) goto CLOSE; .. it wants LHLO (which is for LMTP), not HELO or EHLO. so no smtp there. why would an smtpd proxy be hard to set up? It would certainly avoid the bcc issues, etc. I don't understand why you mix pre-queue and bcc. maybe you confuse pre-queue with a not simple content filter? I am new to pre-queue filtering and am clearly still confused :) you had asked: why do you want to run it in pre-queue mode? This is not needed and is not simple to setu so I thought it might be hard. It's not important for now...getting dspam working as LMTP will be fine (assuming it passes along all the right information once it works) Thank you!! that I experiences by having the message run through postfix twice. After reading through SMTPD_PROXY_README, it seems like a bit of a challenge to make it work, but not that hard...what do you think might be difficult? Thanks for all your help - over the course of thi dialog I've learned a lot about postfix and have become more aware of and proficient with parts I knew little about. This has been very helpful. content filter so that this workaround becomes unnecessary, but until I go to make those changes, this will suffice. I'm not completely convinced that dspam will work seamlessly as a before-queue content filter, so I'll have to do some testing to see how well that works and whether it can do what I need and hand fully formed messages with SMTP dialog information back to postfix.
Re: VERP uses the recipient name after virtual_regexp rewriting
On Fri, 2 Jan 2009 15:25:14 -0500 (EST), wie...@porcupine.org (Wietse Venema) wrote: Fortunately, Postfix has original recipient information at hand. Unfortunately, the information is not guaranteed to be in the canonical u...@domain form. However, in the special case of VERP this is OK. I'm glad to hear that sufficient information is available at the relevant point in Postfix' processing. The consumer of VERP bounces really wants to see the same string that it gave to the MTA. We agree completely then. Thanks for your response (and for Postfix in general - it is excellent software).
Re: Finding the envelope-sender after always_bcc? (SOLVED)
On Jan 2, 2009, at 3:20 PM, mouss wrote: Jeff Weinberger a écrit : content_filter=lmtp:unix:/path/to/dspam args No. content_filter=lmtp:inet:127.0.0.1:10024 where the 10024 is the same port used in dspam.conf: ServerPort10024 of course, dspam must be running in daemon mode. dspam is running in daemon mode. This makes sense as a setup. The example in the dspam docs for postfix shows content_filter=lmtp:unix:/path/to/dspam.sock which is why I thought unix: instead of inet: it's ok to use a unix socket, but it's a socket, not the dspam binary with args. OK, thanks. I will set up dspam to listen on port 10024 - seems to make the most sense. I don't need a localhost:10024 entry in master.cf then? right? is there any difference, other than performance? I wouldn't put performances into the equation without measurements (one should tune where the bottleneck is, not in every small piece). if you use a unix socket, you'll have to make sure it is accessible. In particular, if someday you decide to chroot postfix, you'll need to put the unix socket in the chroot jail. exactly. Thanks On a related question (if more broad): some content_filter examples I see use content_filter in main.cf and some as -o content_filter=... in master.cf. I understand from prior conversations here that you can't override content filters, they are global. (yes?) no, they are not global. each smtpd may have its own content_filter. (don't confuse with: one message, one filter. The latter simply means that postfix won't split a single message into one message per recipient before passing it to the content filter). That makes sense. thank you. So is there an advantage/disadvantage to specifying the content filter in main.cf vs. master.cf? I guess an example is better than literature, no? here is a not uncommon setup: - port 25 is used for MX mail (aka inbound mail). it uses the content_filter defined in main.cf right, as I do right now. - port 587 is used for submission (authenticated, ...). such mail is scanned for viruses but not for spam (there's not much things a bayesian filter could do here, except in simple setups with a site-wide bayes). so -o is used to set the filter for this service I need to set this up also - seems easy, but is there an example of the localhost:587 master.cf entry somewhere I could start with? - sendmail mail is not filtered, because we trust the box (there's no user, ... etc) and we don't want anything blocking such mail. or we use sendmail to reinject mail after filtering, so we don't want to create a loop. for this, we set -o content_filter=. do you mean the re-injection into postfix? I have -o content_filter= there already. I'm re-injecting mail via SMTP, not sendmail... I am new to pre-queue filtering and am clearly still confused :) - content_filter refers to after-the-queue filtering. This means postfix saves the mail on disk, says ok to the client, and sometimes after that, postfix passes the message to the filter - proxy_filter refers to pre-queue: postfix keeps the client connected, passed the message to the filter and waits for the filter response before responding to the client. This assumes SMTP, because the message was received via SMTP, so the client wants a single response for the whole message, and not one response per recipient. the pipe method that you were using is an example of a content_filter, and is referred to as a simple filter in postfix docs. but a content_filter need not be a pipe. you had asked: why do you want to run it in pre-queue mode? This is not needed and is not simple to setu so I thought it might be hard. and it is. reread what I said about dspam and lmtp... Thank you! It's not important for now...getting dspam working as LMTP will be fine (assuming it passes along all the right information once it works)
Re: issue connecting to mysql after upgrade (issue not postfix)
On Jan 1, 2009, at 4:53 PM, mouss wrote: Jeff Weinberger a écrit : [snip] - try with hosts = 127.0.0.1 (without localhost) Tried this - no change. :( ahem. if you do this, you should not hear about a socket. it should use a TCP connection. can you show the errors? OK, now I've taken out the localhost again and there's no more complaining. (not sure why It continued complaining last time...) This is not a postfix issue. This is clearly a MySQL socket issue. I'm pursuing this on the MySQL lists. Thank you! [snip] why do use sender_canonical instead of canonical? rewrite should be consistent, and your sender is the recipient's recipient... This is mostly because I use maildrop as the virtual delivery agent for many of the virtual mailboxes. I'm really just testing this, and may end up using canonical instead. But here's my thinking: I have one user who wants a minor change - sounds silly, but gives me a good chance to experiment/learn. I'm rewriting the one address to a specific capitalization. I know I'll be doing more with more users soon. I want to rewrite when mail goes to someone outside my postfix install. canonical_maps would also rewrite inbound mail to that address, which is not bad, but not the desired behavior. So I am trying sender_canonical_maps to get the behavior I want. Then you may want to use smtp_generic_maps instead of canonical.
Re: Finding the envelope-sender after always_bcc? (SOLVED)
Jeff Weinberger a écrit : OK, thanks. I will set up dspam to listen on port 10024 - seems to make the most sense. I don't need a localhost:10024 entry in master.cf then? right? no, 10024 will be used by dspam. your postfix should have a 127.0.0.1:10025 to get mail back. So is there an advantage/disadvantage to specifying the content filter in main.cf vs. master.cf? I guess an example is better than literature, no? here is a not uncommon setup: - port 25 is used for MX mail (aka inbound mail). it uses the content_filter defined in main.cf right, as I do right now. - port 587 is used for submission (authenticated, ...). such mail is scanned for viruses but not for spam (there's not much things a bayesian filter could do here, except in simple setups with a site-wide bayes). so -o is used to set the filter for this service I need to set this up also - seems easy, but is there an example of the localhost:587 master.cf entry somewhere I could start with? your master.cf should already contain a submission service (it's commented out by default). you can add -o conten_filter and other parameters. - sendmail mail is not filtered, because we trust the box (there's no user, ... etc) and we don't want anything blocking such mail. or we use sendmail to reinject mail after filtering, so we don't want to create a loop. for this, we set -o content_filter=. do you mean the re-injection into postfix? I have -o content_filter= there already. I'm re-injecting mail via SMTP, not sendmail... so you already had an example that overrides the content_filter in master.cf ;-)
Re: Finding the envelope-sender after always_bcc? (SOLVED)
On Jan 2, 2009, at 4:03 PM, mouss wrote: Jeff Weinberger a écrit : OK, thanks. I will set up dspam to listen on port 10024 - seems to make the most sense. I don't need a localhost:10024 entry in master.cf then? right? no, 10024 will be used by dspam. your postfix should have a 127.0.0.1:10025 to get mail back. perfect thanks! So is there an advantage/disadvantage to specifying the content filter in main.cf vs. master.cf? I guess an example is better than literature, no? here is a not uncommon setup: - port 25 is used for MX mail (aka inbound mail). it uses the content_filter defined in main.cf right, as I do right now. - port 587 is used for submission (authenticated, ...). such mail is scanned for viruses but not for spam (there's not much things a bayesian filter could do here, except in simple setups with a site-wide bayes). so -o is used to set the filter for this service I need to set this up also - seems easy, but is there an example of the localhost:587 master.cf entry somewhere I could start with? your master.cf should already contain a submission service (it's commented out by default). you can add -o conten_filter and other parameters. it didn't - but that's probably because apple modified the example file and took out the submission entry. I found it in the distribution. I'm guessing I should leave my port 25 (smtp) entry to allow submission on that port with authentication (leaving smtpd_client_restrictions=permit_sasl_authenticated...) - is there any harm in that? - sendmail mail is not filtered, because we trust the box (there's no user, ... etc) and we don't want anything blocking such mail. or we use sendmail to reinject mail after filtering, so we don't want to create a loop. for this, we set -o content_filter=. do you mean the re-injection into postfix? I have -o content_filter= there already. I'm re-injecting mail via SMTP, not sendmail... so you already had an example that overrides the content_filter in master.cf ;-) I see that I did... oops ;)
Re: Finding the envelope-sender after always_bcc? (SOLVED)
Jeff Weinberger a écrit : I'm guessing I should leave my port 25 (smtp) entry to allow submission on that port with authentication (leaving smtpd_client_restrictions=permit_sasl_authenticated...) - is there any harm in that? no. but separating roles makes configuration easier. so encourage users to use 587.
Re: rate limit outgoing mails with mailman (solved)
so If I use the following: smtp_destination_recipient_limit = 8 smtp_destination_rate_delay = 60 I tested and it looks like these settings will do what I want. thanks folks. Jason
Re: relayhost not working correctly
Arthur Wiebe wrote:
Hey folks,
I'm setting up a mail server using postfix, don't have a whole lot of
experience with it and so here's what I want to do.
I want Postfix to be a smarthost, with internal connections to use
SSL. Dovecot is my MDA as well. The relay host (smarthost) is my ISP,
and it does not require any authentication (no login). I've sent an
email successfully over a telnet session on port 25 and it works fine.
Also I've monitored my firewall and I can see the connection to my
ISP's mail server when attempting to send an email using postfix. But
the email never get's delivered so I assume it's something to do with
the relayhost authentication.
Perhaps the log of that delivery attempt will be useful to the diagnosis.
So here's my main.cf configuration file, hopefully one of you can
point out my fault?
Thanks!
main.cf -
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate delayed mail warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = mail.mynetwork.tld
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.mynetwork.tld, localhost.mail.mynetwork.tld, , localhost
relayhost = mail.myisp.tld
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
mail_spool_directory = /var/spool/mail/
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
---
Arthur
Re: relayhost not working correctly
Arthur Wiebe wrote: [...] Also I've monitored my firewall and I can see the connection to my ISP's mail server when attempting to send an email using postfix. But the email never get's delivered so I assume it's something to do with the relayhost authentication. So here's my main.cf configuration file, hopefully one of you can point out my fault? The first fault is not pasting the output of 'postconf -n', which is always preferred over entire (or selected snippets of) main.cf. Before asking for help on this list, read: http://www.postfix.org/DEBUG_README.html#mail -- Sahil Tandon sa...@tandon.net
Re: relayhost not working correctly
On Sat, Jan 3, 2009 at 1:06 PM, Dan Langille d...@langille.org wrote:
Arthur Wiebe wrote:
Hey folks,
I'm setting up a mail server using postfix, don't have a whole lot of
experience with it and so here's what I want to do.
I want Postfix to be a smarthost, with internal connections to use
SSL. Dovecot is my MDA as well. The relay host (smarthost) is my ISP,
and it does not require any authentication (no login). I've sent an
email successfully over a telnet session on port 25 and it works fine.
Also I've monitored my firewall and I can see the connection to my
ISP's mail server when attempting to send an email using postfix. But
the email never get's delivered so I assume it's something to do with
the relayhost authentication.
Perhaps the log of that delivery attempt will be useful to the diagnosis.
The firewall log I'm assuming you're talking about, just a very simple entry:
22:43:42 TCP 10.142.11.17:59763 - 67.58.192.15:25 [SYN] len=60 ttl=63
tos=0x00 srcmac=__ dstmac=00:0c:29:12:42:12
(Passed)
I've looked through /var/log/mail.log,mail.err are there any others
logs for postfix that I should be looking at? (There's nothing in
those two)
So here's my main.cf configuration file, hopefully one of you can
point out my fault?
Thanks!
main.cf -
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate delayed mail warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = mail.mynetwork.tld
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.mynetwork.tld, localhost.mail.mynetwork.tld, ,
localhost
relayhost = mail.myisp.tld
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
mail_spool_directory = /var/spool/mail/
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
---
Arthur
Re: relayhost not working correctly
Arthur Wiebe wrote: On Sat, Jan 3, 2009 at 1:06 PM, Dan Langille d...@langille.org wrote: Arthur Wiebe wrote: Hey folks, I'm setting up a mail server using postfix, don't have a whole lot of experience with it and so here's what I want to do. I want Postfix to be a smarthost, with internal connections to use SSL. Dovecot is my MDA as well. The relay host (smarthost) is my ISP, and it does not require any authentication (no login). I've sent an email successfully over a telnet session on port 25 and it works fine. Also I've monitored my firewall and I can see the connection to my ISP's mail server when attempting to send an email using postfix. But the email never get's delivered so I assume it's something to do with the relayhost authentication. Perhaps the log of that delivery attempt will be useful to the diagnosis. The firewall log I'm assuming you're talking about, just a very simple entry: 22:43:42 TCP 10.142.11.17:59763 - 67.58.192.15:25 [SYN] len=60 ttl=63 tos=0x00 srcmac=__ dstmac=00:0c:29:12:42:12 (Passed) I've looked through /var/log/mail.log,mail.err are there any others logs for postfix that I should be looking at? (There's nothing in those two) If there's nothing in the mail.log file, then you haven't found the correct file. At the very least you should have an entry for the delivery attempt, regardless of whether or not it was successful. Terry
