Re: create allusers alias dynamically from LDAP

[Christoph Erdle]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am 12.02.2009 um 00:58 schrieb Christoph Erdle:

I want to create an alias which contains all LDAP accounts of a  
specific object class (VirtualMailAccount) to create a mailinglist  
containing all mail accounts on the server. Maybe I'm thinking to  
complicated, but is it possible to create such an alias dynamically  
using postfix's LDAP lookups?


Problem is solved: I'm now using the OpenLDAP dynlist overlay to  
dynamically generate the list in LDAP using the memberURL attribute,  
so for Postfix the only thing to add was an additional ldap lookup in  
virtual_alias_maps.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkmTjQgACgkQqqYbNmv9eYkMFwCffIqDVYxq8Og6UcRC94d96lRj
kEQAn0tsHUoE97dCAqcOU5SxE5kYtV/J
=9NRe
-END PGP SIGNATURE-

recipient_delimiter and virtual users

[postfix]

OK, so I've become intrigued with recipient delimiters.

My users are currently stored in a mysql database, 'postfix'.  The 
table format is as postfixadmin sets it up, so in the  username is 
the user email address u...@example.com


Before I started tinkering, email to u...@example.com worked. Email 
to user+...@example.com failed with "unknown recipient", all well and good.


It looks like even with recipient_delimiter = + set, mail is still 
bounced for the same reason. I theorize that recipient_delimiter is 
actually checked at the end of the address such that with it enabled 
what I really have is u...@example.com+foo working (which, of course, 
won't work).


Does this mean that I can't really use recipient_delimiter with my 
users defined as u...@example.com? If so, I presume I need to munge 
up (even more) my SQL statement so that instead of checking for 
username='%s'  I'm going to need to strip %s apart into its 
constituent components and then reassemble it, so that 
user+...@example.com, user+...@example.com works?  Or would I just 
use '%d', which looks like it might be the left side of the email 
address (tho I'd still have to make the SQL match that).


The end result that would be cool would be that if foo was defined as 
a folder, mail would get delivered there, and if not mail would be 
delivered to the default inbox.


I can currently (with my existing sql) create a second user 
user+...@example.com and get mail to deliver to inbox/foo , but that 
means that a) I have to maintain a u...@example.com AND a 
user+...@example.com, and additionally if I want to add additional 
extensions I have to create additional accounts, which seems tiresome.


Thanks for any guidance!

rick



Rick Steeves
http://www.sinister.net

"The journey is the destination"

Re: How to safely re-inject an archived queue file?

[Victor Duchovni]

On Thu, Feb 12, 2009 at 02:46:54AM +0100, Victor Jerlin wrote:

> Hi,
> 
> I usually put it into the hold queue and then run postsuper -H 
> to release it from the hold queue.
> 

This is not enough for queue files copied from another location, you
have to adjust the queue file name to give it a suitably "unique" id.

The right way to do this is to create an idle Postfix queue (instance)
in the same file-system, place the archived queue in the maildrop queue
of the idle queue, then run "postsuper -s" in the context of the idle
instance. After the queue file name is adjusted, rename the queue file
into the maildrop queue (same filesystem!) of the active instance.

Putting archived files into a live queue can lead to queue-id collisions
and lost mail.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: How to safely re-inject an archived queue file?

[Wietse Venema]

Curtis:
> Hi,
> 
> I'm looking for a safe way to re-inject an archived queue file that
> was backed up and removed (via postsuper) from the hold queue.  (Not
> just this once, but on a regular basis.)  I realize that it would be
> possible to use postcat to grab the raw contents of the archived
> message and feed it back through sendmail (after first parsing and
> then removing the envelope information), but before I went through
> that much trouble, I wanted to see if there was an easier way.
> 
> On a test machine, I threw it into the incoming queue and ran
> "postkick public qmgr I" and it seemed to deliver to all original
> recipients of the message.  But, I have a feeling that direct
> insertion into the incoming directory is not the right way to do this.
> 
> If the above method is unsafe, is there a postfix command that I can
> pipe an archived queue file to that would safely re-inject the
> message?  Or, am I stuck with the sendmail method?
> 
> Thanks for any advice anyone has on this...

On a quiet system, put it into the maildrop directory, as a file
that is owned by the postfix user.

If you manually insert files into the incoming/active/deferred
queues then you may lose mail. Postfix ensures that queue files
have unique names, but that guarantee fails when you insert queue
files in by hand.

Wietse

Re: How to safely re-inject an archived queue file?

[Victor Jerlin]

Hi,

I usually put it into the hold queue and then run postsuper -H 
to release it from the hold queue.

/Victor

Curtis wrote:
> Hi,
> 
> I'm looking for a safe way to re-inject an archived queue file that
> was backed up and removed (via postsuper) from the hold queue.  (Not
> just this once, but on a regular basis.)  I realize that it would be
> possible to use postcat to grab the raw contents of the archived
> message and feed it back through sendmail (after first parsing and
> then removing the envelope information), but before I went through
> that much trouble, I wanted to see if there was an easier way.
> 
> On a test machine, I threw it into the incoming queue and ran
> "postkick public qmgr I" and it seemed to deliver to all original
> recipients of the message.  But, I have a feeling that direct
> insertion into the incoming directory is not the right way to do this.
> 
> If the above method is unsafe, is there a postfix command that I can
> pipe an archived queue file to that would safely re-inject the
> message?  Or, am I stuck with the sendmail method?
> 
> Thanks for any advice anyone has on this...
> 
> Curtis


-- 
Victor Jerlin, CTO
Gränslösa System GSYS HB
Cell#: +356--0125

Re: Virtual domains, aliases and deliver (Dovecot)

[Victor Duchovni]

On Wed, Feb 11, 2009 at 02:11:00PM -0800, Roderick A. Anderson wrote:

> The documentation indicates a virtual_alias_maps with a line like:
>
> ab...@mydomain.tldab...@anotherdomain.tld
>
> should work.  But I'm getting this in /var/log/maillog:
>

The documentation is correct.

> Feb 11 13:57:59 mx0 postfix/smtpd[2487]: NOQUEUE: reject: RCPT from 
> mx100.thesenderdomain.tld[10.10.3.21]: 550 5.1.1 : 
> Recipient address rejected : User unknown in virtual mailbox table; 
> from= to= proto=ESMTP 
> helo=

Your configuration does not include the recommended rewrite, or rewrites
are disabled via "receive_override_options" on *both* sides of a filter
(or perhaps there is no filter).

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

How to safely re-inject an archived queue file?

[Curtis]

Hi,

I'm looking for a safe way to re-inject an archived queue file that
was backed up and removed (via postsuper) from the hold queue.  (Not
just this once, but on a regular basis.)  I realize that it would be
possible to use postcat to grab the raw contents of the archived
message and feed it back through sendmail (after first parsing and
then removing the envelope information), but before I went through
that much trouble, I wanted to see if there was an easier way.

On a test machine, I threw it into the incoming queue and ran
"postkick public qmgr I" and it seemed to deliver to all original
recipients of the message.  But, I have a feeling that direct
insertion into the incoming directory is not the right way to do this.

If the above method is unsafe, is there a postfix command that I can
pipe an archived queue file to that would safely re-inject the
message?  Or, am I stuck with the sendmail method?

Thanks for any advice anyone has on this...

Curtis

Re: Mail Received But Not Delivered

[Rich Shepard]

On Wed, 11 Feb 2009, Sahil Tandon wrote:


Figure out why Postfix is passing the message on to procmail.  Is it a
.forward file?  A transport setting in main.cf?


Sahil,

  No, because the delivery address is local.

  I've turned on (and up) procmail logging. Perhaps that will help.

  Why, after a dozen years, one sender's mail doesn't make it through the
LDA to my inbox is a great mystery to me.

Thanks,

Rich

--
Richard B. Shepard, Ph.D.   |  IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
 Voice: 503-667-4517  Fax: 503-667-8863

Re: Virtual domains, aliases and deliver (Dovecot)

[Sahil Tandon]

On Wed, 11 Feb 2009, Roderick A. Anderson wrote:

> I'm still trying to get my head wrapped around all the options and how
> they interact with each other and non-Postfix stuff.
>
> I have questions in regards to a mail server that will be a virtual
> mailbox server.
>
> I have set virtual_mailbox_domains and virtual_mailbox_maps (I think I
> got this one right and most mail is delivered) but I'm now trying to set  
> up, for each virtual domain those required and helpful aliases typically  
> found in the single domain aliases file.
>
> The documentation indicates a virtual_alias_maps with a line like:
>
> ab...@mydomain.tldab...@anotherdomain.tld
>
> should work.  But I'm getting this in /var/log/maillog:
>
> Feb 11 13:57:59 mx0 postfix/smtpd[2487]: NOQUEUE: reject: RCPT from  
> mx100.thesenderdomain.tld[10.10.3.21]: 550 5.1.1 :  
> Recipient address rejected : User unknown in virtual mailbox table;  
> from= to= proto=ESMTP  
> helo=
>
> This should be only an alias not a real account and I _do not_ have an  
> entry in virtual_mailbox_maps for ab...@mydomain.tld but do for  
> ab...@anotherdomain.tld.

Can you show 'postconf -n' and confirm that you postmap'd (if necessary,
depending on your map type) the virtual_alias_maps file after adding the
above alias to it?

-- 
Sahil Tandon 

Re: Mail Received But Not Delivered

[Sahil Tandon]

On Wed, 11 Feb 2009, Rich Shepard wrote:

> On Wed, 11 Feb 2009, J.P. Trosclair wrote:
>
>> Might be worth turning on logging procmail. I don't see any problem from
>> postfix, looks like the mail was delivered and whatever procmail did with
>> it will probably revealed via procmail's log for future messsages.
>
>   Done.
>
>   As I wrote earlier, procmail's not delivered mail to me before this.

Figure out why Postfix is passing the message on to procmail.  Is it a
.forward file?  A transport setting in main.cf?

-- 
Sahil Tandon 

Re: Permit TLS connections from LAN but not from Internet

[Victor Duchovni]

On Wed, Feb 11, 2009 at 10:07:18PM -0200, Alejandro Cabrera wrote:

> Dear all, I have Postfix + TLS and have this two lines in my main.cf 
> :
>
> #For daemon component
> smtpd_tls_security_level = may

Mail your receive from others.

> #For client component
> smtp_tls_security_level = may

Mail you send to others.

> But I'm confused because if I use:
>
> smtpd_tls_security_level = encrypt

Force senders to use TLS when sending your email

> smtp_tls_security_level = encrypt

Only deliver email to receiving systems that do TLS.

> Is there any manner to force TLS connectiosn only for my LAN mail clients 
> and not for the SMTP servers from Internet ???




main.cf:
smtpd_sender_restrictions =
check_client_access cidr:/etc/postfix/client_access

client_access:
192.0.2.0/24reject_plaintext_session

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Permit TLS connections from LAN but not from Internet

[Alejandro Cabrera]

Dear all, I have Postfix + TLS and have this two lines in my main.cf 
:


#For daemon component
smtpd_tls_security_level = may
#For client component
smtp_tls_security_level = may

This imply that depending on the mail client settings, it can use or not 
TLS (may).


But I'm confused because if I use:

smtpd_tls_security_level = encrypt
or

smtp_tls_security_level = encrypt

I'm forcing the mail client or another SMTP server that connect to my 
mail server to use TLS mandatory.


Is there any manner to force TLS connectiosn only for my LAN mail 
clients and not for the SMTP servers from Internet ???


Thanks a lot,

Alejandro

Re: postfix benchmark performance

[Wietse Venema]

Silas Boyd-Wickizer:
> > Why do you believe that this should use 100% of ALL Cpus?
> > 
> > If you look at your synthetic test then you will likely find that
> > there are at any point in time only a few mail receiving processes
> > and mail delivering processes, and that these processes will all
> > be waiting for kernel system calls to complete.
> > 
> > With this synthetic test you really have only a low-concurrency load.
> 
> Yes, there are only a few mail delivering processes (virtual).  
> Why is this a function of my load?  There are many messages 
> waiting for delivery, so why doesn't postfix run more virtuals 
> to increase concurrency?

One Postfix process uses one CPU at any point in time. The Postfix
scheduler is one such process. You have clocked this process at
300 microseconds per message. Congratulations. You will never have
a real network or real file system that can sustain this. So now
you can focus on real problems instead.

> I'm not sure what you mean by "waiting for kernel system calls to 
> complete".  Do you mean "executing kernel system calls" (reading 
> from a pipe), or "blocked on kernel system calls" (i.e. waiting 
> on a pipe)?

Kernels execute system calls. Processes can only ask and wait
while the kernel is doing kernel thingies.

Wietse

create allusers alias dynamically from LDAP

[Christoph Erdle]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi list,

I'm running Postfix with OpenLDAP as user backend for quite a long  
time now. All is working like a charm, but atm I'm struggling with the  
following problem :


I want to create an alias which contains all LDAP accounts of a  
specific object class (VirtualMailAccount) to create a mailinglist  
containing all mail accounts on the server. Maybe I'm thinking to  
complicated, but is it possible to create such an alias dynamically  
using postfix's LDAP lookups?


Thanks in advance,
Christoph Erdle
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkmTZhkACgkQqqYbNmv9eYktygCfWuU1he2n2uoB3Pj/R7aKU3WR
KUgAniPnIrqlpJ1E0emn8IkmAsxNgKy0
=jRaY
-END PGP SIGNATURE-

Re: postfix logs, spams and bounce messages

[Justin Piszcz]

On Wed, 11 Feb 2009, Victor Duchovni wrote:


You are doing Sender Address Verification (reject_unverified_sender)
before doing RBL checks. Fix this. Do the RBL checks first, and consider
not doing SAV at all, but if you do use it, do SAV *last*.




smtpd_data_restrictions =
reject_unverified_sender

--
Viktor.



Hi,

Quick question, if one has all of his restrictions in 
smtpd_recipient_restrictions, why is it(?) better to put the 
reject_unverified_sender within the smtpd_data_restrictions?


Justin.

Re: Create additional sub-folders postfix/courier

[postfix]

At 03:46 PM 2/11/2009, mouss wrote:

Victor Duchovni a écrit :
>>>  SELECT
>>> 
if(INSTR(maildir,'+'),concat(left(maildir,instr(maildir,'+')-1),'/Maildir/.',right(maildir,length(maildir)-instr(maildir,'+'))),CONCAT(maildir,'Maildir/'))

>>> from mailbox where username ='%s' and active='1'
>> you are still allowing random folder names.
>
> That's what I thought at first, but now I am not so sure. Perhaps all
> this string munging is based on an attribute from the table, not the
> input address. It sems that the database does not hold mailbox paths,
> and they are always constructed from the user name, with special logic
> for user+spam user names. That's OK, provided the OP controls user
> names.
>

ah! indeed, he puts complete addresses in the mailbox table.


In the table, as defined by postfixadmin, is 
username (which is the email address) and maildir 
(the location of the users Maildir folder). I 
initially was using the username for the SQL, but 
changed it to the maildir value, which is defined 
at the point of user creation, and thus only 
tweakable by someone who can make changes to the postfix mysql database.


the folder would be "domain/username/" normally, 
so all the SQL is doing is checking to see if 
there's a "+ in it (ex: 
"example.com/user+foo/")  and breaking it apart 
so that it's correctly formatted:

example.com/user/Maildir/.foo/


This is too much work however, IMHO. using a "Folder" table would be
better.


Since I"ve already figured out how the SQL works, 
I'm not sure how this is "too much work".


Can you expound on a "folder" table as I don't 
understand how that's "better".  (Keep in mind I 
don't know what you mean by a "folder table" 
except that obviously it's a table in the same 
mysql database). Since this way (above) looks 
like it works, isn't anything else more work? :-)


I thought I'd made it work the way the intial 
suggestion ... suggested. More than happy to learn what's better.


Rick

Virtual domains, aliases and deliver (Dovecot)

[Roderick A. Anderson]

I'm still trying to get my head wrapped around all the options and how
they interact with each other and non-Postfix stuff.

I have questions in regards to a mail server that will be a virtual
mailbox server.

I have set virtual_mailbox_domains and virtual_mailbox_maps (I think I
got this one right and most mail is delivered) but I'm now trying to set 
up, for each virtual domain those required and helpful aliases typically 
found in the single domain aliases file.


The documentation indicates a virtual_alias_maps with a line like:

ab...@mydomain.tld  ab...@anotherdomain.tld

should work.  But I'm getting this in /var/log/maillog:


Feb 11 13:57:59 mx0 postfix/smtpd[2487]: NOQUEUE: reject: RCPT from 
mx100.thesenderdomain.tld[10.10.3.21]: 550 5.1.1 : 
Recipient address rejected : User unknown in virtual mailbox table; 
from= to= proto=ESMTP 
helo=


This should be only an alias not a real account and I _do not_ have an 
entry in virtual_mailbox_maps for ab...@mydomain.tld but do for 
ab...@anotherdomain.tld.



Clue-stick please!
Rod
--

Mail looping with transport maps and virtual alias maps

[Brian Mathis]

I have a few requirements which seem to be opposed to each other, as
what I'm currently doing is causing a mail loop and bounce.  Here's
what I'm trying to accomplish:
1) This server is a standalone server sending outgoing mail, it is not
receiving anything other than locally posted messages
2) Messages need to come from "mydomain.com" (myorigin = $mydomain)
3) Messages sent to local 'root' account must be forwarded to a
different account @mydomain.com
4) Delivery to all but a few domains is not allowed, and must be discarded

For #2 I'm using the already mentioned myorigin = $mydomain.  This
works as expected, but $mydomain is not listed in mydestination, so
for #3 I am using the method mentioned here:
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#some_local
(virtual_alias_maps) to deliver the root mail locally, and allowing
the rest to go off to our main mail server.

For #4, I am using transport_maps (which was suggested in this thread
http://archives.neohapsis.com/archives/postfix/2008-07/0875.html), and
my transport file contains the following:
mydomain.comsmtp
*.mydomain.comsmtp
* discard

The problem I am seeing is that when I send a message to root using
the local command "mail root", the domain gets added (as expected),
then the virtual alias changes the to address to
r...@localhost.mydomain.com, but then it is bounced because of
looping.

I've reached the edge of my current postfix knowledge, and would
appreciate any input or suggestions.


Relevant information:
Server is running CentOS 5.2 Linux

 rpm -q postfix:
postfix-2.3.3-2.1.el5_2

- postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = localhost
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

 /etc/aliases
root:ad...@mydomain.com

 /etc/postfix/transport:
mydomain.comsmtp
*.mydomain.comsmtp
* discard

 /etc/postfix/virtual:
rootr...@localhost

 maillog:
postfix/pickup[5241]: AAB102019B: uid=0 from=
postfix/pickup[5241]: AAB102019B: uid=0 from=
postfix/cleanup[5248]: AAB102019B:
message-id=<20090211213405.aab1020...@server.mydomain.com>
postfix/cleanup[5248]: AAB102019B:
message-id=<20090211213405.aab1020...@server.mydomain.com>
postfix/qmgr[5242]: AAB102019B: from=, size=307,
nrcpt=1 (queue active)
postfix/qmgr[5242]: AAB102019B: from=, size=307,
nrcpt=1 (queue active)
postfix/smtp[5250]: AAB102019B: to=,
orig_to=, relay=none, delay=0.09, delays=0.01/0/0.07/0,
dsn=5.4.6, status=bounced (mail for localhost.mydomain.com loops back
to myself)
postfix/cleanup[5248]: BF9BF2019C:
message-id=<20090211213405.bf9bf20...@server.mydomain.com>
postfix/bounce[5251]: AAB102019B: sender non-delivery notification: BF9BF2019C
postfix/qmgr[5242]: BF9BF2019C: from=<>, size=2174, nrcpt=1 (queue active)
postfix/qmgr[5242]: AAB102019B: removed
postfix/smtp[5250]: AAB102019B: to=,
orig_to=, relay=none, delay=0.09, delays=0.01/0/0.07/0,
dsn=5.4.6, status=bounced (mail for localhost.mydomain.com loops back
to myself)
postfix/cleanup[5248]: BF9BF2019C:
message-id=<20090211213405.bf9bf20...@server.mydomain.com>
postfix/bounce[5251]: AAB102019B: sender non-delivery notification: BF9BF2019C
postfix/qmgr[5242]: BF9BF2019C: from=<>, size=2174, nrcpt=1 (queue active)
postfix/qmgr[5242]: AAB102019B: removed
postfix/smtp[5250]: BF9BF2019C: to=,
orig_to=, relay=none, delay=0, delays=0/0/0/0,
dsn=5.4.6, status=bounced (mail for localhost.mydomain.com loops back
to myself)
postfix/qmgr[5242]: BF9BF2019C: removed
postfix/smtp[5250]: BF9BF2019C: to=,
orig_to=, relay=none, delay=0, delays=0/0/0/0,
dsn=5.4.6, status=bounced (mail for localhost.mydomain.com loops back
to myself)
postfix/qmgr[5242]: BF9BF2019C: removed


PS. Please forgive that I have changed the server name and domain.

Re: postfix benchmark performance

[Victor Duchovni]

On Wed, Feb 11, 2009 at 03:57:45PM -0600, Noel Jones wrote:

> Silas Boyd-Wickizer wrote:
>> Yes, there are only a few mail delivering processes (virtual).  Why is 
>> this a function of my load?  There are many messages waiting for delivery, 
>> so why doesn't postfix run more virtuals to increase concurrency?
>
> This might have something to do with concurrency...
>> postconf -n
>> default_destination_concurrency_limit = 1

For maildirs this is not necessary. More reasonable, is a recipient
limit of 1.

> But really, this whole exercise seems fairly meaningless.

Indeed, benchmarks of peak queue manager throughput are not that useful.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: postfix benchmark performance

[Victor Duchovni]

On Wed, Feb 11, 2009 at 04:47:40PM -0500, Silas Boyd-Wickizer wrote:

> There are many messages 
> waiting for delivery, so why doesn't postfix run more virtuals 
> to increase concurrency?

Because it can't decide where to send the mail any faster. This thread
is not very productive, the benchmark is measuring a part of the system
that is never the bottle-neck in real configurations.

If you test a real configuration and you don't over-saturate the input
rate, you'll find that the incoming queue stays small, and throughput
is disk I/O limited. If you then push harder (more input concurrency),
throughput will drop-off slowly as input I/O starves output I/O and
the queue manager.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: postfix benchmark performance

[Noel Jones]

Silas Boyd-Wickizer wrote:
Yes, there are only a few mail delivering processes (virtual).  
Why is this a function of my load?  There are many messages 
waiting for delivery, so why doesn't postfix run more virtuals 
to increase concurrency?


This might have something to do with concurrency...

postconf -n
default_destination_concurrency_limit = 1


But really, this whole exercise seems fairly meaningless.

  -- Noel Jones

Re: postfix benchmark performance

[Silas Boyd-Wickizer]

> Why do you believe that this should use 100% of ALL Cpus?
> 
> If you look at your synthetic test then you will likely find that
> there are at any point in time only a few mail receiving processes
> and mail delivering processes, and that these processes will all
> be waiting for kernel system calls to complete.
> 
> With this synthetic test you really have only a low-concurrency load.

Yes, there are only a few mail delivering processes (virtual).  
Why is this a function of my load?  There are many messages 
waiting for delivery, so why doesn't postfix run more virtuals 
to increase concurrency?

I'm not sure what you mean by "waiting for kernel system calls to 
complete".  Do you mean "executing kernel system calls" (reading 
from a pipe), or "blocked on kernel system calls" (i.e. waiting 
on a pipe)?

Thanks.

Silas

Re: Mail Received But Not Delivered

[Rich Shepard]

On Wed, 11 Feb 2009, J.P. Trosclair wrote:


Might be worth turning on logging procmail. I don't see any problem from
postfix, looks like the mail was delivered and whatever procmail did with
it will probably revealed via procmail's log for future messsages.


  Done.

  As I wrote earlier, procmail's not delivered mail to me before this.

  I'll ask the sender to send a test message so I can see what's recorded.

Thanks,

Rich

--
Richard B. Shepard, Ph.D.   |  IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
 Voice: 503-667-4517  Fax: 503-667-8863

Re: Mail Received But Not Delivered

[Terry Carmen]

Rich Shepard wrote:

On Wed, 11 Feb 2009, Terry Carmen wrote:


Postfix delivered it to procmail, so postfix is done with it.


  I saw that, but there's nothing in ~/procmail/log since 2007.

  Time to look further.


Yep.

That's definitely a good place to start. At a minimum the procmail log 
should show the messages its processing.


Terry

Re: Mail Received But Not Delivered

[Rich Shepard]

On Wed, 11 Feb 2009, Terry Carmen wrote:


Postfix delivered it to procmail, so postfix is done with it.


  I saw that, but there's nothing in ~/procmail/log since 2007.

  Time to look further.

Thanks,

Rich

--
Richard B. Shepard, Ph.D.   |  IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
 Voice: 503-667-4517  Fax: 503-667-8863

Re: Create additional sub-folders postfix/courier

[mouss]

Victor Duchovni a écrit :
> On Wed, Feb 11, 2009 at 09:24:25PM +0100, mouss wrote:
> 
>> post...@corwyn.net a ?crit :
>>> And a last betterer/simpler way to do it.
>>>
>>>  SELECT
>>> if(INSTR(maildir,'+'),concat(left(maildir,instr(maildir,'+')-1),'/Maildir/.',right(maildir,length(maildir)-instr(maildir,'+'))),CONCAT(maildir,'Maildir/'))
>>> from mailbox where username ='%s' and active='1'
>> you are still allowing random folder names.
> 
> That's what I thought at first, but now I am not so sure. Perhaps all
> this string munging is based on an attribute from the table, not the
> input address. It sems that the database does not hold mailbox paths,
> and they are always constructed from the user name, with special logic
> for user+spam user names. That's OK, provided the OP controls user
> names.
> 

ah! indeed, he puts complete addresses in the mailbox table.

This is too much work however, IMHO. using a "Folder" table would be
better.

Re: Create additional sub-folders postfix/courier

[Victor Duchovni]

On Wed, Feb 11, 2009 at 09:24:25PM +0100, mouss wrote:

> post...@corwyn.net a ?crit :
> > And a last betterer/simpler way to do it.
> > 
> >  SELECT
> > if(INSTR(maildir,'+'),concat(left(maildir,instr(maildir,'+')-1),'/Maildir/.',right(maildir,length(maildir)-instr(maildir,'+'))),CONCAT(maildir,'Maildir/'))
> > from mailbox where username ='%s' and active='1'
> 
> you are still allowing random folder names.

That's what I thought at first, but now I am not so sure. Perhaps all
this string munging is based on an attribute from the table, not the
input address. It sems that the database does not hold mailbox paths,
and they are always constructed from the user name, with special logic
for user+spam user names. That's OK, provided the OP controls user
names.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: postfix benchmark performance

[Victor Duchovni]

On Wed, Feb 11, 2009 at 02:28:40PM -0500, Silas Boyd-Wickizer wrote:

> > With 16 logical CPUs, in this configuration you'll find your CPU load
> > to be 1/16th of the theoretical maximum + overhead. Your report of 10%
> > is about right.
> 
> The system has 16 physical execution units: four quad core AMD 
> Opterons.  In the configuration I described, 90% of total cycles 
> are unused.

Yes, but in this configuration, 1 CPU is pegged, and the others are idle,
actually the others are working baout as hard combined, so that's where
you get the ~10%.

> > What exactly are you trying to measure with this "benchmark"?
> 
> I'm measuring how many emails Postfix can deliver per-sec to some 
> number of virtual aliases.  I'm not interested so much in the 
> absolute throughput performance, but in the reasons for the 
> performance.

Why is this an interseting measurement? In practice, your performance will
be at least a factor of 10 (more likely 30-100) lower, once you add
real disk latency, and other real loads.

> > No realistic configuration has the same critical resource, and you'll
> > run out of disk I/O throughput or CPU first depending on how CPU hungry
> > your content-filters are.
> 
> I understand this.
> 
> > If you really are planning to host all spools in RAM disk, and need more
> > than 3000 msgs/sec, I am most curious what use-case motivates this design
> > and performance requirement.
> 
> I don't have a real use-case in mind.

This benchmark is essentially meaningless, it proves that Postfix
switching won't be a problem util you reach 3000 msgs/sec. Since
your real loads will be much lower, you don't have to worry about it.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Create additional sub-folders postfix/courier

[mouss]

post...@corwyn.net a écrit :
> And a last betterer/simpler way to do it.
> 
>  SELECT
> if(INSTR(maildir,'+'),concat(left(maildir,instr(maildir,'+')-1),'/Maildir/.',right(maildir,length(maildir)-instr(maildir,'+'))),CONCAT(maildir,'Maildir/'))
> from mailbox where username ='%s' and active='1'
> 
> 
> 


you are still allowing random folder names. create a table, say Folder,
where you put the folders you want to support ("spam", ). That
should also make your query a little simpler (unfortunately,
postfixadmin table structure makes this and other things harder...).

Re: postfix benchmark performance

[Wietse Venema]

Silas Boyd-Wickizer:
> Hello, I'm doing some experiments with a synthetic benchmark and 
> postfix.  My current postfix configuration can deliver ~3000 
> msg/sec to 1000 virtual mailboxes; however, the system (16 
> core/4x4 AMD opteron) is ~90% idle.  All logs and queues reside 

Why do you believe that this should use 100% of ALL Cpus?

If you look at your synthetic test then you will likely find that
there are at any point in time only a few mail receiving processes
and mail delivering processes, and that these processes will all
be waiting for kernel system calls to complete.

With this synthetic test you really have only a low-concurrency load.
 
Wietse

Re: Mail Received But Not Delivered

[J.P. Trosclair]

Rich Shepard wrote:

On Wed, 11 Feb 2009, Terry Carmen wrote:


What do you get with:
grep E4041AAE /var/log/maillog


Terry,

Feb  9 11:43:58 salmo postfix/smtpd[17963]: E4041AAE:
client=vms173007pub.verizon.net[206.46.173.7]
Feb  9 11:43:59 salmo postfix/cleanup[17966]: E4041AAE:
message-id=<88ba18204f8d4137a8f4a4b0601d2...@mrdsoffice>
Feb  9 11:43:59 salmo postfix/qmgr[32715]: E4041AAE:
from=, size=4572, nrcpt=1 (queue active)
Feb  9 11:44:01 salmo postfix/local[17967]: E4041AAE:
to=, relay=local, delay=4, delays=1.4/0/0/2.6,
dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail)
Feb  9 11:44:01 salmo postfix/qmgr[32715]: E4041AAE: removed



Might be worth turning on logging procmail. I don't see any problem from 
postfix, looks like the mail was delivered and whatever procmail did 
with it will probably revealed via procmail's log for future messsages.


In procmailrc:
LOGFILE="/path/to/procmail.log"


J.P.

Re: Mail Received But Not Delivered

[Terry Carmen]

Rich Shepard wrote:

On Wed, 11 Feb 2009, Terry Carmen wrote:


What do you get with:
grep E4041AAE /var/log/maillog


Terry,

Feb  9 11:43:58 salmo postfix/smtpd[17963]: E4041AAE:
client=vms173007pub.verizon.net[206.46.173.7]
Feb  9 11:43:59 salmo postfix/cleanup[17966]: E4041AAE:
message-id=<88ba18204f8d4137a8f4a4b0601d2...@mrdsoffice>
Feb  9 11:43:59 salmo postfix/qmgr[32715]: E4041AAE:
from=, size=4572, nrcpt=1 (queue active)
Feb  9 11:44:01 salmo postfix/local[17967]: E4041AAE:
to=, relay=local, delay=4, delays=1.4/0/0/2.6,
dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail)
Feb  9 11:44:01 salmo postfix/qmgr[32715]: E4041AAE: removed



Feb  9 11:44:01 salmo postfix/local[17967]: E4041AAE:
to=,
relay=local,
delay=4,
delays=1.4/0/0/2.6,
dsn=2.0.0,
--> status=sent (delivered to command: /usr/bin/procmail)

Postfix delivered it to procmail, so postfix is done with it.

I don't use procmail so I can't help you there, but I would assume it 
has some sort of log you could check to follow the message.


Terry

Re: Redirect all mail from one domain to the same u...@otherdomain?

[mouss]

Jeff Weinberger a écrit :
> [snip]
> 
> This is helpful, but I still need the query to take all the other
> alias domains into account. So, I need the IF condition, or a second map.
> 

I don't think so. I used this. I don't remember the details, but the
idea is that you can often get rid of flow control (if, ...) using
additional tables.

> Thank you for your help...it's informative as always!
> 
> if the wildcard alias will produce the result I need then this is
> resolved.
> 

@example.org@example.com

works, but smtpd will accept mail to anyth...@example.org
(virtual_alias_maps are used for recipient validation during the smtp
transaction). if all addresses are valid (catchall or whatver), this is
ok. otherwise, it's bad. in any case, you must make sure that mail isn't
bounced after it is accepted (queued). This is what happens by default
(after virtual alias expansion, a delivery error occurs, and an NDR is
generated).

Re: Mail Received But Not Delivered

[Rich Shepard]

On Wed, 11 Feb 2009, Terry Carmen wrote:


What do you get with:
grep E4041AAE /var/log/maillog


Terry,

Feb  9 11:43:58 salmo postfix/smtpd[17963]: E4041AAE:
client=vms173007pub.verizon.net[206.46.173.7]
Feb  9 11:43:59 salmo postfix/cleanup[17966]: E4041AAE:
message-id=<88ba18204f8d4137a8f4a4b0601d2...@mrdsoffice>
Feb  9 11:43:59 salmo postfix/qmgr[32715]: E4041AAE:
from=, size=4572, nrcpt=1 (queue active)
Feb  9 11:44:01 salmo postfix/local[17967]: E4041AAE:
to=, relay=local, delay=4, delays=1.4/0/0/2.6,
dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail)
Feb  9 11:44:01 salmo postfix/qmgr[32715]: E4041AAE: removed


and
postqueue -p


-Queue ID- --Size-- Arrival Time -Sender/Recipient---
B1FF5F50*  3326 Wed Feb 11 11:59:54
pgsql-general-owner+m143814=rshepard=appl-ecosys@postgresql.org
 rshep...@appl-ecosys.com

-- 3 Kbytes in 1 Request.

  Procmail's not held out on me before, and I've been using it for more than
a decade. I'm puzzled.

Thanks,

Rich

--
Richard B. Shepard, Ph.D.   |  IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
 Voice: 503-667-4517  Fax: 503-667-8863

Re: No reason not to use reject_unverified sender (was Re: reject_unverified_sender vs greylisting)

[mouss]

Paweł Leśniak a écrit :
> mouss pisze:
>> João Miguel Neves a écrit :
>>  
>>> OK, I'll take that into consideration if I re-enable SAV.
>>>
>>> 
>>
>>
>> if you re-enable SAV, do as much checks as you can. the minimum is
>> zen.spamhaus.org. but you can also use spamcop.
>>
>> it would also be good to do it after greylisting, but this means your GL
>> server need to return a defer instead of defer_if_permit.
>>
>> what you can also do is run a log parser that counts the SAV probes you
>> send, and disable the feature if some threshold is reached (rate limit
>> per client network, per sender domain, and global).  (an alternative is
>> a policy server that implements this, but a log parser is enough).
>>
>> I was under the impression that you did it before zen check because the
>> log you posted has a client listed in zen. but I now realize it may have
>> been listed later.
>>   
> And again my 5 cents. I think that people should take advantage of SPF
> and/or DKIM records. If you'll check DKIM/SPF then you could for example
> do SAV for clients/senders who are not allowed via SPF/DKIM or do not
> provide those records. I believe this change is no cost for you, and is
> saving some resources on both sides. Anyways whether you'll do SAV for
> "bad" hosts or just reject emails from them is your choice. But no one
> will blame you if you reject those emails, as you should be informed by
> administrator (in terms of SPF/DKIM records) which hosts are permitted
> to send (relay) - if you're given SPF record it should be correct, right?
> 


first, let's rule DKIM out of this. DKIM doesn't tell you "which hosts
are permitted". And DKIM verification requires getting the message DATA.
people want to reject a transaction before getting this data. In
addition, doing verification based on data requires a milter or a proxy
filter.

second, many of us ignore SPF at once. if you think it is good, go on.
but there will be no discussion on this list (it is taboo here. search
the archives).

Re: Mail Received But Not Delivered

[Terry Carmen]

Rich Shepard wrote:
  This has not happened before: two messages sent to me, and received, 
but

not delivered to my mailbox. Here's what the maillog shows:

Feb  9 11:43:59 salmo postfix/qmgr[32715]: E4041AAE:
from=, size=4572, nrcpt=1 (queue active)
Feb 11 11:33:33 salmo postfix/qmgr[21684]: 8BA1AF50:
from=, size=4839, nrcpt=1 (queue active)

  I've replace the actual username.

  There should be nothing in procmail that prevents delivery so I'm 
really

puzzled where these went.

Thanks,

Rich




What do you get with:

grep E4041AAE /var/log/maillog
and
postqueue -p

?
Terry


--
Terry Carmen
CNY Support, LLC
http://cnysupport.com

Mail Received But Not Delivered

[Rich Shepard]

  This has not happened before: two messages sent to me, and received, but
not delivered to my mailbox. Here's what the maillog shows:

Feb  9 11:43:59 salmo postfix/qmgr[32715]: E4041AAE:
from=, size=4572, nrcpt=1 (queue active)
Feb 11 11:33:33 salmo postfix/qmgr[21684]: 8BA1AF50:
from=, size=4839, nrcpt=1 (queue active)

  I've replace the actual username.

  There should be nothing in procmail that prevents delivery so I'm really
puzzled where these went.

Thanks,

Rich

--
Richard B. Shepard, Ph.D.   |  IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
 Voice: 503-667-4517  Fax: 503-667-8863

Re: postfix benchmark performance

[Silas Boyd-Wickizer]

> With 16 logical CPUs, in this configuration you'll find your CPU load
> to be 1/16th of the theoretical maximum + overhead. Your report of 10%
> is about right.

The system has 16 physical execution units: four quad core AMD 
Opterons.  In the configuration I described, 90% of total cycles 
are unused.

> What exactly are you trying to measure with this "benchmark"?

I'm measuring how many emails Postfix can deliver per-sec to some 
number of virtual aliases.  I'm not interested so much in the 
absolute throughput performance, but in the reasons for the 
performance.

> No realistic configuration has the same critical resource, and you'll
> run out of disk I/O throughput or CPU first depending on how CPU hungry
> your content-filters are.

I understand this.

> If you really are planning to host all spools in RAM disk, and need more
> than 3000 msgs/sec, I am most curious what use-case motivates this design
> and performance requirement.

I don't have a real use-case in mind.  For curiosities sake I 
would like to know what the second-order bottlenecks are after 
the disk and network.  I suspect that I mis-configured because 
postfix only utilizes 10% of available cycles.  I realize this is 
a synthetic/contrived/silly "benchmark" and a little outside the 
scope of what is normally discussed on this list..but I would 
still like to know why postfix uses 10% of available cycles.

Silas

Re: problem with virtual domains and mailman

[Göran Höglund]

Hi
Thanks that helped!

Now i just have to get the listmanager deliver the mails ... But that is 
another list I assume.


/GH

Wietse Venema skrev:

G?ran H?glund:
  
virtual_alias_maps = 
proxy:mysql:/etc/postfix/mysql-virtual-alias-maps.cf, 
proxy:mysql:/etc/postfix/mysql-virtual-mailbox-to-alias-maps.cf 
hash:/usr/local/mailman/data/aliases



As I suspected, you are mixing local alias syntax with virtual
alias syntax.

The two have different syntax.  In particular, virtual aliases do
not support "|command" syntax, and local aliases never have a
@domain part.

Remove the domain from virtual_alias_domains, and remove
mailman/data/aliases from virtual_alias_maps.

Add the domain to mydestination, and add mailman/data/aliases to
the alias_maps and alias_database parameters.

Wietse
  

Re: postfix benchmark performance

[Victor Duchovni]

On Wed, Feb 11, 2009 at 01:41:19PM -0500, Silas Boyd-Wickizer wrote:

> Hello, I'm doing some experiments with a synthetic benchmark and 
> postfix.  My current postfix configuration can deliver ~3000 
> msg/sec to 1000 virtual mailboxes; however, the system (16 
> core/4x4 AMD opteron) is ~90% idle.  All logs and queues reside 
> in a RAM filesystem, so disk IO is not a bottleneck.  I am 
> generating the incoming load locally using (a slightly modified) 
> smtp-source, so the network is not a bottleneck.  smtp-source is 
> generating 10k emails and smtpd/cleanup can put the incoming 
> emails on the incoming queue much faster than the qmgr can pull 
> them off.  Besides the incoming and active queues, all queues are 
> empty during the benchmark.  Ideally I want the system to be 0% 
> idle.  Any suggestions on how to achieve this?

With 16 logical CPUs, in this configuration you'll find your CPU load
to be 1/16th of the theoretical maximum + overhead. Your report of 10%
is about right.

What exactly are you trying to measure with this "benchmark"?

No realistic configuration has the same critical resource, and you'll
run out of disk I/O throughput or CPU first depending on how CPU hungry
your content-filters are.

If you really are planning to host all spools in RAM disk, and need more
than 3000 msgs/sec, I am most curious what use-case motivates this design
and performance requirement.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: best book to learn on?

[Charlie]

Noel Jones wrote:
> Charlie wrote:
>> Hi,
>>
>> Looking to get educated on postfix, and I started browsing through
>> amazons reviews. I've found the book 'The book of postfix' and that
>> everyone seemed quite happy with it. But the problem is the book is from
>> 2005 / 2006.
>>
>> Is this book still current? Or has there been enough revisions that I
>> would be better off with a more current book?
>>
>
> Welcome to postfix.
>
> That's an excellent book, and I'm not aware of any more current. 
> (It's impossible for treeware to keep up with active software projects.)
>
> Since postfix tries hard to be backwards-compatible, everything
> described in that book should still work.
>
> Postfix has added several new features since that book was published. 
> Once you grasp the musty old basics, the new features will likely make
> sense to you, should you need them.
>
> Current documentation is always on the postfix web site.
> http://www.postfix.org/documentation.html
>
>   -- Noel Jones
>
Thanks everyone!

postfix benchmark performance

[Silas Boyd-Wickizer]

Hello, I'm doing some experiments with a synthetic benchmark and 
postfix.  My current postfix configuration can deliver ~3000 
msg/sec to 1000 virtual mailboxes; however, the system (16 
core/4x4 AMD opteron) is ~90% idle.  All logs and queues reside 
in a RAM filesystem, so disk IO is not a bottleneck.  I am 
generating the incoming load locally using (a slightly modified) 
smtp-source, so the network is not a bottleneck.  smtp-source is 
generating 10k emails and smtpd/cleanup can put the incoming 
emails on the incoming queue much faster than the qmgr can pull 
them off.  Besides the incoming and active queues, all queues are 
empty during the benchmark.  Ideally I want the system to be 0% 
idle.  Any suggestions on how to achieve this?

postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
alternate_config_directories = /etc/postfix1, /etc/postfix2
append_dot_mydomain = no
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /tmp/mail/0/lib/postfix
default_destination_concurrency_limit = 1
default_destination_recipient_limit = 1000
default_process_limit = 200
default_recipient_refill_limit = 10
disable_dns_lookups = yes
html_directory = no
in_flow_delay = 0
inet_interfaces = all
initial_destination_concurrency = 500
mail_owner = postfix
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = localhost.csail.mit.edu, , localhost
myhostname = localhost.csail.mit.edu
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
newaliases_path = /usr/bin/newaliases
qmgr_message_active_limit = 8
qmgr_message_recipient_limit = 8
queue_directory = /tmp/mail/0/postfix
readme_directory = no
recipient_delimiter = +
relayhost = 
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_connection_count_limit = 0
smtpd_peername_lookup = no
syslog_facility = local0
virtual_gid_maps = static:1000
virtual_mailbox_base = /tmp/mail/vhosts
virtual_mailbox_domains = goo.com
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:1000

Here is sequence from strace -p  -T -tt:

12:34:33.138590 lstat("incoming/2303823913A8", {st_mode=S_IFREG|0700, 
st_size=10797, ...}) = 0 <0.09>
12:34:33.138648 rename("incoming/2303823913A8", "active/2303823913A8") = 0 
<0.12>
12:34:33.138697 open("active/2303823913A8", O_RDWR) = 10 <0.08>
12:34:33.138738 flock(10, LOCK_EX|LOCK_NB) = 0 <0.06>
12:34:33.138773 lseek(10, 0, SEEK_CUR)  = 0 <0.06>
12:34:33.138808 read(10, "CO  10291 50"..., 4096) = 4096 
<0.09>
12:34:33.138863 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, 
...}) = 0 <0.07>
12:34:33.138925 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, 
...}) = 0 <0.07>
12:34:33.138981 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, 
...}) = 0 <0.07>
12:34:33.139044 sendto(7, "<134>Feb 11 12:34:33 postfix/qmg"..., 108, 
MSG_NOSIGNAL, NULL, 0) = 108 <0.13>
12:34:33.139114 lseek(10, 6697, SEEK_CUR) = 10793 <0.06>
12:34:33.139149 read(10, "X\0E\0", 4096) = 4 <0.06>
12:34:33.139187 lseek(10, 0, SEEK_END)  = 10797 <0.06>
12:34:33.139221 unlink("defer/2/2303823913A8") = -1 ENOENT (No such file or 
directory) <0.08>
12:34:33.139266 poll([{fd=11, events=POLLIN}], 1, 0) = 0 <0.06>
12:34:33.139305 poll([{fd=11, events=POLLOUT, revents=POLLOUT}], 1, 360) = 
1 <0.06>
12:34:33.139345 write(11, "request\0resolve\0sender\0...@josmp"..., 57) = 57 
<0.68>
12:34:33.139478 poll([{fd=11, events=POLLIN, revents=POLLIN}], 1, 360) = 1 
<0.07>
12:34:33.139524 read(11, "flags\\0transport\0virtual\0nextho"..., 4096) = 
79 <0.09>
12:34:33.139579 close(10)   = 0 <0.07>
12:34:33.139617 epoll_wait(8, {}, 100, 0) = 0 <0.06>
12:34:33.139651 alarm(333)  = 333 <0.06>
12:34:33.139699 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, 
...}) = 0 <0.08>
12:34:33.139763 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, 
...}) = 0 <0.08>
12:34:33.139824 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, 
...}) = 0 <0.07>
12:34:33.139888 sendto(7, "<134>Feb 11 12:34:33 postfix/qmg"..., 82, 
MSG_NOSIGNAL, NULL, 0) = 82 <0.11>
12:34:33.139947 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, 
...}) = 0 <0.07>
12:34:33.140012 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, 
...}) = 0 <0.08>
12:34:33.140070 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, 
...}) = 0 <0.08>
12:34:33.140134 sendto(7, "<134>Feb 11 12:34:33 postfix/qmg"..., 131, 
MSG_NOSIGNAL, NULL, 0) = 131 <0.11>
12:34:33.140190 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, 
...}) = 0 <0.08>
12:34:33.

Re: postfix logs, spams and bounce messages

[Noel Jones]

ddaas wrote:

Hi there,
Yahoo starts blocking e-mails from our server.
It is possible that someone/somehow is sending spams.
Please help me find what is sending spam from our server.

First please explain to me the following logs (ourdomain is hosted on 
our server):



Feb  3 14:45:57 softexp postfix/smtpd[23394]: NOQUEUE: reject: RCPT from 
unknown[117.87.x.x]: 554 5.7.1 Service unavailable; Client host 
[117.87.x.x] blocked using sbl-xbl.spamhaus.org; 
http://www.spamhaus.org/query/bl?ip=117.87.x.x; from= 
to= proto=ESMTP helo=


Your system rejects a message because the client is listed at 
spamhaus.  Good.


Feb  3 14:45:58 softexp postfix/smtp[23424]: 56966AC86D: 
to=, relay=d.mx.mail.yahoo.com[66.196.82.7]:25, 
delay=7.6, delays=0/0.01/7.6/0, dsn=4.7.0, status=undeliverable (host 
d.mx.mail.yahoo.com[66.196.82.7] refused to talk to me: 421 4.7.0 [TS02] 
Messages from 80.96.148.194 temporarily deferred due to user complaints 
- 4.16.56.1; see http://postmaster.yahoo.com/421-ts02.html)


You've configured your server to verify sender addresses.
Apparently Yahoo doesn't like it, and refuses to answer.


The output of postconf -n:
smtpd_recipient_restrictions = permit_mynetworks  
permit_sasl_authenticated  reject_unauth_destination check_sender_access 
hash:/usr/local/etc/postfix/access_sender check_helo_access 
pcre:/usr/local/etc/postfix/helo_checks reject_non_fqdn_recipient 
reject_unknown_recipient_domain reject_unverified_recipient 
reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, 
reject_rhsbl_senderdsn.rfc-ignorant.org permit


Note that list.dsbl.org is no longer active.  Remove it.
Rather than sbl-xbl.spamhaus.org, you might want to use 
zen.spamhaus.org as it's more effective.


smtpd_sender_restrictions = reject_unknown_sender_domain, 
reject_non_fqdn_sender, reject_unverified_sender, permit


remove "reject_unverified_sender" or move it to 
smtpd_data_restrictions.  Probably better to remove it.



  -- Noel Jones

Re: postfix logs, spams and bounce messages

[Victor Duchovni]

On Wed, Feb 11, 2009 at 08:05:56PM +0200, ddaas wrote:

>Feb  3 14:45:57 softexp postfix/smtpd[23394]: NOQUEUE: reject: RCPT from
>unknown[117.87.x.x]: 554 5.7.1 Service unavailable; Client host
>[117.87.x.x] blocked using sbl-xbl.spamhaus.org;
>[1]http://www.spamhaus.org/query/bl?ip=117.87.x.x;
>from=[2] to=[3]
>proto=ESMTP helo=
> 
>Feb  3 14:45:58 softexp postfix/smtp[23424]: 56966AC86D:
>to=[4], relay=d.mx.mail.yahoo.com[66.196.82.7]:25,
>delay=7.6, delays=0/0.01/7.6/0, dsn=4.7.0, status=undeliverable (host
>d.mx.mail.yahoo.com[66.196.82.7] refused to talk to me: 421 4.7.0 [TS02]
>Messages from 80.96.148.194 temporarily deferred due to user complaints -
>4.16.56.1; see [5]http://postmaster.yahoo.com/421-ts02.html)

You are doing Sender Address Verification (reject_unverified_sender)
before doing RBL checks. Fix this. Do the RBL checks first, and consider
not doing SAV at all, but if you do use it, do SAV *last*.

smtpd_client_restrictions =
... no reject_unverified_sender ...

smtpd_helo_restrictions =
... no reject_unverified_sender ...

smtpd_sender_restrictions =
... no reject_unverified_sender ...

smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org
... no reject_unverified_sender ...

smtpd_data_restrictions =
reject_unverified_sender

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: best book to learn on?

[Noel Jones]

Charlie wrote:

Hi,

Looking to get educated on postfix, and I started browsing through
amazons reviews. I've found the book 'The book of postfix' and that
everyone seemed quite happy with it. But the problem is the book is from
2005 / 2006.

Is this book still current? Or has there been enough revisions that I
would be better off with a more current book?



Welcome to postfix.

That's an excellent book, and I'm not aware of any more 
current.  (It's impossible for treeware to keep up with active 
software projects.)


Since postfix tries hard to be backwards-compatible, 
everything described in that book should still work.


Postfix has added several new features since that book was 
published.  Once you grasp the musty old basics, the new 
features will likely make sense to you, should you need them.


Current documentation is always on the postfix web site.
http://www.postfix.org/documentation.html

  -- Noel Jones

postfix logs, spams and bounce messages

[ddaas]

Hi there,

Yahoo starts blocking e-mails from our server.

It is possible that someone/somehow is sending spams.

Please help me find what is sending spam from our server.


First please explain to me the following logs (ourdomain is hosted on
our server):


Feb  3 14:45:57 softexp postfix/smtpd[23394]: NOQUEUE: reject:
RCPT
from unknown[117.87.x.x]: 554 5.7.1 Service unavailable; Client host
[117.87.x.x] blocked using sbl-xbl.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=117.87.x.x;
from= to=
proto=ESMTP helo=


Feb  3 14:45:58 softexp postfix/smtp[23424]: 56966AC86D:
to=, relay=d.mx.mail.yahoo.com[66.196.82.7]:25,
delay=7.6, delays=0/0.01/7.6/0, dsn=4.7.0, status=undeliverable (host
d.mx.mail.yahoo.com[66.196.82.7] refused to talk to me: 421 4.7.0
[TS02] Messages from 80.96.148.194 temporarily deferred due to user
complaints - 4.16.56.1; see http://postmaster.yahoo.com/421-ts02.html)

What I understand:

1. the client 117.87.x.x tries to connect to our server but is blocked.
(it is at spamhouse). It tries to send frm x...@yahoo.com to experienceof...@ourdomain.com.

Everything ok till now.

2. what does the second line means? Our server is tring to send to x...@yahoo.com. Why? It is for sure
related with the first log line...

It is because of some bounce message or what?


t looks like Postfix is accepting
messages even
though the RBL check happened after RCPT. That means even though the
message is rejected, Postfix has accepted it, then sent a bounce later.
Is this correct? How can I solve it?



The output of postconf -n:

postconf -n

command_directory = /usr/local/sbin

config_directory = /usr/local/etc/postfix

daemon_directory = /usr/local/libexec/postfix

data_directory = /var/db/postfix

debug_peer_level = 2

debug_peer_list = dom1.com

html_directory = no

mail_owner = postfix

mailq_path = /usr/local/bin/mailq

manpage_directory = /usr/local/man

myhostname = mail.dom1.com

mynetworks_style = host

newaliases_path = /usr/local/bin/newaliases

queue_directory = /var/spool/postfix

readme_directory = no

sample_directory = /usr/local/etc/postfix

sendmail_path = /usr/local/sbin/sendmail

setgid_group = maildrop

smtpd_helo_restrictions = reject_invalid_hostname

smtpd_recipient_restrictions = permit_mynetworks 
permit_sasl_authenticated  reject_unauth_destination
check_sender_access hash:/usr/local/etc/postfix/access_sender
check_helo_access pcre:/usr/local/etc/postfix/helo_checks
reject_non_fqdn_recipient reject_unknown_recipient_domain
reject_unverified_recipient reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org, reject_rhsbl_sender   
dsn.rfc-ignorant.org permit

smtpd_sasl_auth_enable = yes

smtpd_sender_restrictions = reject_unknown_sender_domain,
reject_non_fqdn_sender, reject_unverified_sender, permit

unknown_local_recipient_reject_code = 550

virtual_alias_maps = hash:/usr/local/etc/postfix/valias.txt

virtual_gid_maps = static:1000

virtual_mailbox_base = /var/spool/vmail

virtual_mailbox_domains = /usr/local/etc/postfix/vhost.txt

virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmaps.txt

virtual_uid_maps = static:1000

best book to learn on?

[Charlie]

Hi,

Looking to get educated on postfix, and I started browsing through
amazons reviews. I've found the book 'The book of postfix' and that
everyone seemed quite happy with it. But the problem is the book is from
2005 / 2006.

Is this book still current? Or has there been enough revisions that I
would be better off with a more current book?

Thanks,

Charlie

Re: problem with virtual domains and mailman

[Wietse Venema]

G?ran H?glund:
> virtual_alias_maps = 
> proxy:mysql:/etc/postfix/mysql-virtual-alias-maps.cf, 
> proxy:mysql:/etc/postfix/mysql-virtual-mailbox-to-alias-maps.cf 
> hash:/usr/local/mailman/data/aliases

As I suspected, you are mixing local alias syntax with virtual
alias syntax.

The two have different syntax.  In particular, virtual aliases do
not support "|command" syntax, and local aliases never have a
@domain part.

Remove the domain from virtual_alias_domains, and remove
mailman/data/aliases from virtual_alias_maps.

Add the domain to mydestination, and add mailman/data/aliases to
the alias_maps and alias_database parameters.

Wietse

Re: Whitelist final draft

[Noel Jones]

David Cottle wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi All,

I now have added dnswl to my config to whitelist.

Can I get some comments it looks okay please?

smtpd_client_restrictions = check_client_access
hash:/etc/postfix/whitelist, check_sender_access
hash:/etc/postfix/check_backscatterer, check_sender_access
hash:/etc/postfix/check_spamcannibal, check_client_access
cidr:/etc/postfix/postfix-dnswl-permit, reject_rbl_client
bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client
b.barracudacentral.org

I want my whitelist run first and anyone on it gets to the end
I then want to remove those pesky backscatters to <>, postmaster and
MAILER_DAEMON
I then want to run my postfix-dnswl-permit
And then onto the RBLs


Looks OK from here.  As I said before, I would be surprised if 
"postmaster" or "MAILER_DAEMON" ever match anything, but 
leaving them does no harm.




postconf -n

smtpd_sender_restrictions = check_sender_access
hash:/var/spool/postfix/plesk/blacklists, reject_non_fqdn_sender


What's in this blacklist?  You may want to list your client 
whitelist before the blacklist.
It's also common (but not required) to list permit_mynetworks 
before these checks to exempt local mail.



  -- Noel Jones

PATCH: postfix, dovecot auth and rip/lip

[Wietse Venema]

Can someone have a look at this patch for Postfix >= 2.5? The patch
for Postfix 2.3 does not work because I had to add a "SASL mechanism
filter" feature.

Wietse

*** xsasl_dovecot_server.c.orig Sun Mar 16 19:09:04 2008
--- xsasl_dovecot_server.c  Wed Feb 11 10:26:37 2009
***
*** 65,70 
--- 65,71 
  #include 
  #include 
  #include 
+ #include 
  
  /* Global library. */
  
***
*** 162,167 
--- 163,170 
  unsigned int sec_props;   /* Postfix mechanism filter */
  char   *mechanism_list;   /* filtered mechanism list */
  ARGV   *mechanism_argv;   /* ditto */
+ MAI_HOSTADDR_STR server_addr; /* local IP address */
+ MAI_HOSTADDR_STR client_addr; /* remote IP address */
  } XSASL_DOVECOT_SERVER;
  
   /*
***
*** 379,391 
  /* xsasl_dovecot_server_create - create server instance */
  
  static XSASL_SERVER *xsasl_dovecot_server_create(XSASL_SERVER_IMPL *impl,
!VSTREAM *unused_stream,
 const char *service,
 const char *realm,
  const char *sec_props)
  {
  const char *myname = "xsasl_dovecot_server_create";
  XSASL_DOVECOT_SERVER *server;
  
  if (msg_verbose)
msg_info("%s: SASL service=%s, realm=%s",
--- 382,397 
  /* xsasl_dovecot_server_create - create server instance */
  
  static XSASL_SERVER *xsasl_dovecot_server_create(XSASL_SERVER_IMPL *impl,
!VSTREAM *stream,
 const char *service,
 const char *realm,
  const char *sec_props)
  {
  const char *myname = "xsasl_dovecot_server_create";
  XSASL_DOVECOT_SERVER *server;
+ struct sockaddr_storage ss;
+ struct sockaddr *sa = (struct sockaddr *) & ss;
+ SOCKADDR_SIZE salen = sizeof(ss);
  
  if (msg_verbose)
msg_info("%s: SASL service=%s, realm=%s",
***
*** 413,418 
--- 419,435 
name_mask_opt(myname, xsasl_dovecot_conf_sec_props,
  sec_props, NAME_MASK_ANY_CASE | NAME_MASK_FATAL);
  
+ /*
+  * XXX This is not the right place: it ignores client overrides with the
+  * XCLIENT command.
+  */
+ if (getpeername(vstream_fileno(stream), sa, &salen) < 0
+   || sockaddr_to_hostaddr(sa, salen, &server->client_addr, 0, 0) != 0)
+   server->client_addr.buf[0] = 0;
+ if (getsockname(vstream_fileno(stream), sa, &salen) < 0
+   || sockaddr_to_hostaddr(sa, salen, &server->server_addr, 0, 0) != 0)
+   server->server_addr.buf[0] = 0;
+ 
  return (&server->xsasl);
  }
  
***
*** 605,613 
/* send the request */
server->last_request_id = ++server->impl->request_id_counter;
vstream_fprintf(server->impl->sasl_stream,
!   "AUTH\t%u\t%s\tservice=%s\tnologin",
server->last_request_id, sasl_method,
!   server->service);
if (init_response) {
  
/*
--- 622,631 
/* send the request */
server->last_request_id = ++server->impl->request_id_counter;
vstream_fprintf(server->impl->sasl_stream,
!   "AUTH\t%u\t%s\tservice=%s\tlip=%s\trip=%s",
server->last_request_id, sasl_method,
!   server->service, server->client_addr.buf,
!   server->server_addr.buf);
if (init_response) {
  
/*

Re: how to accept some addresses but relay the rest?

[Noel Jones]

Andy Spiegl wrote:

On 2009-02-10, 12:00, Noel Jones wrote:


This should get you started:

Thanks!


# relay_recipients
... list of valid recipients at example.com ...
us...@example.com  OK
us...@example.com  OK
...

Hm, but I don't have the list of valid recipients. :-(

All I have is the list of valid LOCAL recipients.  Everything else I
have to relay to the MX of example.com...


If the receiving server rejects unknown recipients during SMTP 
(it should), you can use reject_unverified_recipient and let 
postfix maintain the list of valid users for you.

http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient

  -- Noel Jones

Re: 451 Remote TLS ERROR - Connection closed by peer

[Victor Duchovni]

On Wed, Feb 11, 2009 at 04:27:07PM +0100, Ralf Hildebrandt wrote:

> When sending to nashfinch.com I get:
> 
> Feb 11 16:23:36 mail postfix/smtp[22382]: setting up TLS connection to
> nashfinch.com.s5a1.psmtp.com[64.18.4.10]:25
> 
> Feb 11 16:23:37 mail postfix/smtp[22382]: Trusted TLS connection
> established to nashfinch.com.s5a1.psmtp.com[64.18.4.10]:25: TLSv1 with
> cipher AES256-SHA (256/256 bits)

The nashfinch.com email service is proxied by Postini.

> Feb 11 16:23:42 mail postfix/smtp[22382]: BDCC11C35E9: host
> nashfinch.com.s5a1.psmtp.com[64.18.4.10] said: 451 Remote TLS ERROR -
> Connection closed by peer (state:SSLv2/v3 read server hello A)
> (host:[63.85.29.124]) - psmtp (in reply to RCPT TO command)
> on all of their 4 Postini MX hosts.

Postini connects to the remote system at "RCPT TO" and tries to maintain
the same security level by using STARTTLS with the next-hop server. This
fails, and Postini gives you the bad news.

> This started shortly after midnight (local time), thus no changes to
> the system.

The real nashfinch.com server is not feeling well.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: how to accept some addresses but relay the rest?

[Noel Jones]

Andy Spiegl wrote:

On 2009-02-10, 18:51, João Miguel Neves wrote:


I tried putting this into /etc/postfix/virtual :

 example.com anything


@example.com anything

You forgot the at-sign.


Oops, really?
In http://www.postfix.org/virtual.5.html I don't see the at-sign:
   /etc/postfix/virtual:
   virtual-alias.domain anything (right-hand content does not 
matter)
   postmas...@virtual-alias.domain  postmaster
   us...@virtual-alias.domain   address1
   us...@virtual-alias.domain   address2, address3

   The  virtual-alias.domain anything entry is required for a
   virtual alias domain. Without this entry, mail is rejected
   with  "relay  access  denied", or bounces with "mail loops
   back to myself".


Thanks,
 Andy.



Listing a bare domain name in virtual_alias_maps makes it a 
virtual_alias_domain.  I believe you already have the domain 
listed in relay_domains.  Don't list the domain in both places.


From your earlier description, it seems the domain should be 
listed only in relay_domains.


  -- Noel Jones

451 Remote TLS ERROR - Connection closed by peer

[Ralf Hildebrandt]

When sending to nashfinch.com I get:

Feb 11 16:23:36 mail postfix/smtp[22382]: setting up TLS connection to
nashfinch.com.s5a1.psmtp.com[64.18.4.10]:25

Feb 11 16:23:37 mail postfix/smtp[22382]: Trusted TLS connection
established to nashfinch.com.s5a1.psmtp.com[64.18.4.10]:25: TLSv1 with
cipher AES256-SHA (256/256 bits)

Feb 11 16:23:42 mail postfix/smtp[22382]: BDCC11C35E9: host
nashfinch.com.s5a1.psmtp.com[64.18.4.10] said: 451 Remote TLS ERROR -
Connection closed by peer (state:SSLv2/v3 read server hello A)
(host:[63.85.29.124]) - psmtp (in reply to RCPT TO command)
on all of their 4 Postini MX hosts.

This started shortly after midnight (local time), thus no changes to
the system.

-- 
Ralf Hildebrandt (ralf.hildebra...@charite.de)  snick...@charite.de
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
You're lacking the garlic-saturated placidity of the Orient!
 -- Hans Hildebrandt

Re: problem with virtual domains and mailman

[Göran Höglund]

Hi
Ok this is the output, the mailman is a standard install right out of 
the box.


# postconf -n
alias_database = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_process_limit = 50
delay_warning_time = 4h
disable_vrfy_command = yes
home_mailbox = Maildir/
html_directory = /etc/postfix/html
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mailbox_size_limit = 10240
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maximal_queue_lifetime = 5d
message_size_limit = 2028
mydestination = $myhostname, localhost.$mydomain, localhost, 
lists.telemar.se

mydomain = telemar.se
myhostname = apollo.telemar.se
mynetworks = $config_directory/mynetworks
newaliases_path = /usr/bin/newaliases
parent_domain_matches_subdomains =
proxy_read_maps = $local_recipient_maps, $mydestination, 
$virtual_alias_maps, $virtual_alias_domains, $virtual_mailbox_maps, 
$virtual_mailbox_domains, $relay_recipient_maps, $relay_domains, 
$canonical_maps, $sender_canonical_maps, $recipient_canonical_maps, 
$relocated_maps, $transport_maps, $mynetworks, $smtpd_recipient_restrictions

queue_directory = /var/spool/postfix
readme_directory = /etc/postfix/readmes
recipient_delimiter = +
relayhost = 172.16.1.10
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_use_tls = no
smtpd_client_restrictions =
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_restrictions =
smtpd_recipient_limit = 250
smtpd_recipient_restrictions = check_client_access 
proxy:mysql:/etc/postfix/mysql-client-access.cf, check_sender_access 
proxy:mysql:/etc/postfix/mysql-sender-access.cf, check_recipient_access 
proxy:mysql:/etc/postfix/mysql-recipient-access.cf, 
permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, 
reject_invalid_helo_hostname, reject_non_fqdn_sender, 
reject_non_fqdn_recipient, reject_unknown_sender_domain, 
reject_unknown_recipient_domain, reject_rbl_client list.dsbl.org, 
reject_rbl_client cbl.abuseat.org, reject_rbl_client dnsbl.njabl.org, permit

smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions =
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /usr/local/ssl/apollo.telemar.se.crt
smtpd_tls_key_file = /usr/local/ssl/apollo.telemar.se.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/etc/postfix/tls_smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains = 
proxy:mysql:/etc/postfix/mysql-virtual-alias-domains.cf
virtual_alias_maps = 
proxy:mysql:/etc/postfix/mysql-virtual-alias-maps.cf, 
proxy:mysql:/etc/postfix/mysql-virtual-mailbox-to-alias-maps.cf 
hash:/usr/local/mailman/data/aliases

virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = 
proxy:mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf

virtual_mailbox_limit = 10240
virtual_mailbox_maps = 
proxy:mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf

virtual_transport = maildrop

/GH

Wietse Venema skrev:

G?ran H?glund:
  

Hi
As I understod your posting I'd simply make an addenment to mydestination:

mydestination = $myhostname, localhost.$mydomain, localhost, 
lists.telemar.se


Copying your suggestion and I have my aliases files in my alias_maps:
alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
and
alias_database = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases

I got one step further mailman is found as a local user causing my 
server to accept the mail but the redirection fails.

I must have mixed up domain or something

Error message in the bounced email corresponds to my maillogs error:

<"|/usr/local/mailman/mail/mailman post mailman"@apollo.telemar.se> (expanded
from ): unknown user:
"|/usr/local/mailman/mail/mailman post mailman"

Im confused here...



You're mixing up virtual aliases with local aliases.

We can clear this up if you can show the "postconf -n" command
output, instead of selectively pasting what you believe is relevant.

Wietse
  

Re: Strange problem with pickup process (maybe just a coincidence)

[Wietse Venema]

Santiago Romero:
> > There is no requirement that pickup runs 100% of the time. I
> > don't know where you got this ill-conceived idea from.
> >   
> 
>  Opps.
> 
>  After my very first postfix install (last year), on a new server with 
> no email traffic, I did a "postfix start" and noticed that only 
> "master", "qmgr" and "pickup" appeared in the process table, so I 
> assumed that those 3 processes were always "running" in postfix.

That is not a good way to determine what processes are required.
It also does not inform you about problems that prevent processes
from being started (SMTP daemon, and so on).

If you want to find out if email is working, send probe messages
at set times, and raise an alert when mail does not arrive within
some deadline. Ideally, this would submit probes via both
/usr/sbin/sendmail AND via the SMTP port.

In my case, the spammers are providing the SMTP probes already.

Wietse

>  So, there is no need to monitor "pickup", right?
> 
>  Thanks a lot :-)
> 
> -- 
> Santiago Romero
> 
> 
> 
> 

Re: problem with virtual domains and mailman

[Wietse Venema]

G?ran H?glund:
> Hi
> As I understod your posting I'd simply make an addenment to mydestination:
> 
> mydestination = $myhostname, localhost.$mydomain, localhost, 
> lists.telemar.se
> 
> Copying your suggestion and I have my aliases files in my alias_maps:
> alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
> and
> alias_database = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
> 
> I got one step further mailman is found as a local user causing my 
> server to accept the mail but the redirection fails.
> I must have mixed up domain or something
> 
> Error message in the bounced email corresponds to my maillogs error:
> 
> <"|/usr/local/mailman/mail/mailman post mailman"@apollo.telemar.se> (expanded
> from ): unknown user:
> "|/usr/local/mailman/mail/mailman post mailman"
> 
> Im confused here...

You're mixing up virtual aliases with local aliases.

We can clear this up if you can show the "postconf -n" command
output, instead of selectively pasting what you believe is relevant.

Wietse

Re: Strange problem with pickup process (maybe just a coincidence)

[Santiago Romero]

There is no requirement that pickup runs 100% of the time. I
don't know where you got this ill-conceived idea from.
  


Opps.

After my very first postfix install (last year), on a new server with 
no email traffic, I did a "postfix start" and noticed that only 
"master", "qmgr" and "pickup" appeared in the process table, so I 
assumed that those 3 processes were always "running" in postfix.


So, there is no need to monitor "pickup", right?

Thanks a lot :-)

--
Santiago Romero

Re: problem with virtual domains and mailman

[Göran Höglund]

Hi
As I understod your posting I'd simply make an addenment to mydestination:

mydestination = $myhostname, localhost.$mydomain, localhost, 
lists.telemar.se


Copying your suggestion and I have my aliases files in my alias_maps:
alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
and
alias_database = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases

I got one step further mailman is found as a local user causing my 
server to accept the mail but the redirection fails.

I must have mixed up domain or something

Error message in the bounced email corresponds to my maillogs error:

<"|/usr/local/mailman/mail/mailman post mailman"@apollo.telemar.se> (expanded
   from ): unknown user:
   "|/usr/local/mailman/mail/mailman post mailman"

Im confused here...

/GH


mouss skrev:

Göran Höglund a écrit :
  

Hi
Sorry my fault! I did change the original listname and made an error in
the snippet.
Here is the correct errorlog:
Feb  8 13:06:05 apollo postfix/smtpd[12115]: NOQUEUE: reject: RCPT from
unknown[172.16.254.4]: 550 5.1.1 : Recipient
address rejected: User unknown in virtual mailbox table;
from= to= proto=ESMTP
helo=<[192.168.0.4]>

And my alias file looks as below. It seems as if Postfix ignores this
alias file or do I need to define a mailbox for the list, I have lost
track here.




alias_maps is only used for local domains (domains listed in
mydestination). but telemar.se is listed in virtual_mailbox_maps.

if you want to use alias_maps, you need to use virtual_alias_maps to
pass the addresses to a domain that is listed in mydestination
(localhost?). note that virtual won't execute commands, so you can't
simply put your aliases in virtual_alias_maps. you need a two-steps
process (first to pass mail to a local domain, and then use alias_maps
to exec mailman).

a better idea is to use a dedicated domain, say lists.telemar.se. you
can then simply list this domain in mydestination, and alias_maps will
do the rest.


  

Re: Problem with postfix and amavisd-new

[Brian Evans - Postfix List]

Vittorio Manfredini wrote:
> I have some problem with postfix and amavisd-new.
> Postfix is configured as a mx backup and use amavisd-new to check
> about spam.
>
> I setup amavisd-new to rejict messages that are disoverd as SPAM, but
> seem that postfix bounce this messages and sent a sender non-delivery
> notification.
>
> Why this happen and is possible to disable sender non-delivery
> notification ?
>

You already accepted  the message when using a post-queue filter.

Either use a pre-queue filter setup or use amavisd-milter interface
(requires Postfix 2.3+, improved in Postfix 2.4+).
I personally use the latter.

Brian

Re: Assistance with email error

[Terry Carmen]

Joey wrote:


Hello All,

I have researched this without a 100% clear reason that an exchange 
server would return this error:


The error that the other server returned was: 550 550 #5.1.0 Address 
rejected


My guess is it’s an invalid email address that we attempted to be 
delivered to, but I want to be positive.


Exchange doesn't like your server or something about the message it 
tried to send.


That's about as specific as you'll be able to get unless you can talk to 
the Exchange admin and ask him/her what the problem is.


Terry

Re: filtering mail

[Michael Katz]

Ilo Lorusso wrote:
> Hi
> 
> 
> is their a way I can reject messages when its from address does not
> match the envelope from address?

Doing that will drop tons of legit email.

Mike Katz
http://messagepartners.com

> 
> using postfix ofcourse
> 
> 
> Thanks
> 
> Regards
> 
> 
> Ilo
> 
> 
> 

Re: filtering mail

[Erwan David]

On Wed, Feb 11, 2009 at 03:21:39PM CET, Ilo Lorusso  said:
> Hi
> 
> 
> is their a way I can reject messages when its from address does not
> match the envelope from address?
> 
> using postfix ofcourse

Bad idea. I'm just answering anemail with header from Ito Lorusso and
envelop from owner-postfix-us...@postfix.org

And quite legitimate...

-- 
Erwan

filtering mail

[Ilo Lorusso]

Hi


is their a way I can reject messages when its from address does not
match the envelope from address?

using postfix ofcourse


Thanks

Regards


Ilo

Re: Connection Refused

[Martin Schmitt]

Jason Wohlford schrieb:

> I thought
> 'notify_classes=bounce,delay,policy,protocol,resource,software' would do
> the trick, but no luck.

I have the default setting "notify_classes = resource, software" active
and receive those notifications all the time.

Check the value of error_notice_recipient and check your
postmas...@myorigin alias.

-martin


-- 
Martin Schmitt / Schmitt Systemberatung / www.scsy.de
--> http://www.pug.org/index.php/Benutzer:Martin <--



signature.asc
Description: OpenPGP digital signature

Assistance with email error

[Joey]

Hello All,

 

I have researched this without a 100% clear reason that an exchange server
would return this error:

 

The error that the other server returned was: 550 550 #5.1.0 Address
rejected

 

My guess is it's an invalid email address that we attempted to be delivered
to, but I want to be positive.

 

Thanks!

 

Joey

 

Re: Connection Refused

[Jason Wohlford]

On Feb 10, 2009, at 9:05 PM, Sahil Tandon wrote:


On Tue, 10 Feb 2009, Jason Wohlford wrote:

Is there a way to notify me (i.e. postmaster) when my  
smtpd_proxy_filter

fails? I see in the logs where a "warning: connect to proxy service
127.0.0.1:10024: Connection refused" occurs. How do I get a message  
sent

to me when this happens?


Try monit, or some log monitoring service that notifies you when  
service X
fails.  But if service X is required for root to send you email,  
you'll have

to figure out a way around that.



I thought  
'notify_classes=bounce,delay,policy,protocol,resource,software' would  
do the trick, but no luck.


--
Jason Wohlford

Re: how to accept some addresses but relay the rest?

[Andy Spiegl]

On 2009-02-10, 18:51, João Miguel Neves wrote:

>> I tried putting this into /etc/postfix/virtual :
>>
>>  example.com anything
>>
> @example.com anything
>
> You forgot the at-sign.

Oops, really?
In http://www.postfix.org/virtual.5.html I don't see the at-sign:
   /etc/postfix/virtual:
   virtual-alias.domain anything (right-hand content does not 
matter)
   postmas...@virtual-alias.domain  postmaster
   us...@virtual-alias.domain   address1
   us...@virtual-alias.domain   address2, address3

   The  virtual-alias.domain anything entry is required for a
   virtual alias domain. Without this entry, mail is rejected
   with  "relay  access  denied", or bounces with "mail loops
   back to myself".


Thanks,
 Andy.

-- 
 BAYERISCHER RUNDFUNK  |  Programmbereich Multimedia und Jugend
 Dr. Andy Spiegl   |  mailto:andy.spi...@br-online.de
 Rundfunkplatz 1   |  Fon +49 (0)89 5900 16062
 D-80335 Muenchen  |  Fax +49 (0)89 5900 16120

Re: Strange problem with pickup process (maybe just a coincidence)

[Wietse Venema]

Santiago Romero:
> 
>  Hi.
> 
>  I have a strange problem monitoring the "pickup" process: we have a 
> monitoring system that, sometimes, warns us with "pickup process not in 
> memory" (master and qmgr seems to continue running). When we enter the 

There is no requirement that pickup runs 100% of the time. I
don't know where you got this ill-conceived idea from.

Wietse

Re: how to accept some addresses but relay the rest?

[Andy Spiegl]

On 2009-02-10, 12:00, Noel Jones wrote:

> This should get you started:
Thanks!

> # relay_recipients
> ... list of valid recipients at example.com ...
> us...@example.com  OK
> us...@example.com  OK
> ...
Hm, but I don't have the list of valid recipients. :-(

All I have is the list of valid LOCAL recipients.  Everything else I
have to relay to the MX of example.com...

Thanks,
 Andy.


-- 
 BAYERISCHER RUNDFUNK  |  Programmbereich Multimedia und Jugend
 Dr. Andy Spiegl   |  mailto:andy.spi...@br-online.de
 Rundfunkplatz 1   |  Fon +49 (0)89 5900 16062
 D-80335 Muenchen  |  Fax +49 (0)89 5900 16120

Re: Problem with postfix and amavisd-new

[Charles Marcus]

On 2/11/2009, Vittorio Manfredini (vitto...@vitsoft.bz) wrote:
> I setup amavisd-new to rejict messages that are disoverd as SPAM, but
> seem that postfix bounce this messages and sent a sender non-delivery
> notification.

Never bounce a message once its been accepted.

Either setup amavisd-new as a pre-queue content filter, or simply
tag+deliver.

-- 

Best regards,

Charles

Whitelist final draft

[David Cottle]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi All,

I now have added dnswl to my config to whitelist.

Can I get some comments it looks okay please?

smtpd_client_restrictions = check_client_access
hash:/etc/postfix/whitelist, check_sender_access
hash:/etc/postfix/check_backscatterer, check_sender_access
hash:/etc/postfix/check_spamcannibal, check_client_access
cidr:/etc/postfix/postfix-dnswl-permit, reject_rbl_client
bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client
b.barracudacentral.org

I want my whitelist run first and anyone on it gets to the end
I then want to remove those pesky backscatters to <>, postmaster and
MAILER_DAEMON
I then want to run my postfix-dnswl-permit
And then onto the RBLs

postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
local_recipient_maps = $virtual_mailbox_maps
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 1024
mydestination = localhost.$mydomain, localhost, localhost.localdomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.5.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_send_xforward_command = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_authorized_xforward_hosts = 127.0.0.0/8
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/whitelist, check_sender_access
hash:/etc/postfix/check_backscatterer, check_sender_access
hash:/etc/postfix/check_spamcannibal, check_client_access
cidr:/etc/postfix/postfix-dnswl-permit, reject_rbl_client
bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client
b.barracudacentral.org
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = check_sender_access
hash:/var/spool/postfix/plesk/blacklists, reject_non_fqdn_sender
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
transport_maps = hash:/var/spool/postfix/plesk/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_gid_maps = static:31
virtual_mailbox_base = /var/qmail/mailnames
virtual_mailbox_domains = $virtual_mailbox_maps,
hash:/var/spool/postfix/plesk/virtual_domains
virtual_mailbox_maps = hash:/var/spool/postfix/plesk/vmailbox
virtual_transport = plesk_virtual
virtual_uid_maps = static:110
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmSqMcACgkQi1lOcz5YUMgKdACgtMofPO1k6EMvi4Hg8VV/gkLm
ZV4AoMTXs2E+iU+VgkY0yFEUXgbaxoW9
=Y4OA
-END PGP SIGNATURE-

begin:vcard
fn:David Cottle
n:Cottle;David
email;internet:webmas...@aus-city.com
title:Webmaster
version:2.1
end:vcard

Re: How to allow mails from some other servers to pass: reject_sender_login_mismatch

[an...@iguanait.com]

Hi,

yes, you are right using mynetworks is ok. I also though for this way. I
just didn't understood from beginning why it didn't work with access
file, but now is clear.

Thanks!

On Wed, 2009-02-11 at 04:35 -0500, Digest of postfix-users list wrote:
> your access file is used for check_SENDER_access, not for
> check_client_access.
> 
> the easy way is to add the IP to mynetworks. otherwise add
> check_client_access cidr:/etc/postfix/access_client
> before reject_sender_login_mismatch and put the IP in acces_client:
> 
> 10.1.2.3/32 OK
> 
> do not postmap this, since it is a cidr map.

Re: Strange problem with pickup process (maybe just a coincidence)

[Santiago Romero]

Bastian Blank escribió:

On Wed, Feb 11, 2009 at 09:00:14AM +0100, Santiago Romero wrote:
  
I have a strange problem monitoring the "pickup" process: we have a  
monitoring system that, sometimes, warns us with "pickup process not in  
memory"



What is the meaning of this message?

  



This one (this morning!):


truth:~# date
mie feb 11 09:52:04 CET 2009

b...@truth:/usr/local/bb/ext$ ps auxwww | grep pickup
bb   12674  0.0  0.0  1332  432 pts/0S09:50   0:00 grep pickup

b...@truth:/usr/local/bb/ext$ ps auxwww | grep pickup
bb   12692  0.0  0.0  1332  432 pts/0S09:50   0:00 grep pickup

b...@truth:/usr/local/bb/ext$ ps auxwww | grep pickup
bb   12705  0.0  0.0  1332  432 pts/0S09:50   0:00 grep pickup

b...@truth:/usr/local/bb/ext$ ps auxwww | grep pickup
bb   12712  0.0  0.0  1332  432 pts/0S09:50   0:00 grep pickup

truth:~# /etc/init.d/postfix restart
Shutting down postfix:
postfix/postfix-script: stopping the Postfix mail system

Starting postfix:
postfix/postfix-script: starting the Postfix mail system

truth:~# ps auxwww | grep pickup
postfix  13427  0.1  0.0  2864  976 ?S09:51   0:00 pickup -l 
-t fifo -u

root 13560  0.0  0.0  1752  732 pts/0S09:51   0:00 grep pickup


Pickup process just disappears from memory, and no info about that is 
shown in log files :-?


--
Santiago Romero

Re: Strange problem with pickup process (maybe just a coincidence)

[Bastian Blank]

On Wed, Feb 11, 2009 at 09:00:14AM +0100, Santiago Romero wrote:
> I have a strange problem monitoring the "pickup" process: we have a  
> monitoring system that, sometimes, warns us with "pickup process not in  
> memory"

What is the meaning of this message?

> Does the "wake up" restart the process itself?

No, why should it? All the postfix processes are reused for a long time.

> Is it safe to raise those 60 seconds to a more higher value, such as 600 
> or so?

No, at least not if you use the sendmail command.

> Am I right with the "synchronization" hypotesis or could be something  
> different?

Find out what the message means.

What I would suspect: the check wants to warn if the memory of a process
gets swapped out. On a modern operation system such a metric is
unusable.

Bastian

-- 
Conquest is easy. Control is not.
-- Kirk, "Mirror, Mirror", stardate unknown

Problem with postfix and amavisd-new

[Vittorio Manfredini]

I have some problem with postfix and amavisd-new.
Postfix is configured as a mx backup and use amavisd-new to check about spam.

I setup amavisd-new to rejict messages that are disoverd as SPAM, but  
seem that postfix bounce this messages and sent a sender non-delivery  
notification.


Why this happen and is possible to disable sender non-delivery notification ?

This is the log that I found :

Feb 11 05:43:40 relay2-new2 postfix/smtp[5003]: F1DA1F9054:  
to=, relay=127.0.0.1[127.0.0.1]:10024, conn_use=6,  
delay=84, delays=1.3/69/0/14, dsn=5.7.0, status=bounced (host  
127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, id=01422-15-6 - SPAM (in  
reply to end of DATA command))
Feb 11 05:43:40 relay2-new2 postfix/cleanup[4994]: CE905F8FE6:  
message-id=<20090211044340.ce905f8...@relay2-new.n.nnn>
Feb 11 05:43:40 relay2-new2 postfix/bounce[5012]: F1DA1F9054: sender  
non-delivery notification: CE905F8FE6


Thanks in advance


This message was sent using IMP, the Internet Messaging Program.

Strange problem with pickup process (maybe just a coincidence)

[Santiago Romero]

Hi.

I have a strange problem monitoring the "pickup" process: we have a 
monitoring system that, sometimes, warns us with "pickup process not in 
memory" (master and qmgr seems to continue running). When we enter the 
machine, we notice that pickup is really in memory, but after that 
alarm, every monitoring cycle (every 180 seconds) tells us that pickup 
is not present in memory as a process.


Starting with the first "alarm" reported by the monitoring tool, pickup 
process is reported as "not in memory" in each monitoring cycle, until 
we do a "postfix restart". Then it works perfectly again for a 
undeterminated amount of time (days, weeks, months).


I can't find any error in the logs... and my master.cf shows:

# grep pickup /etc/postfix/master.cf
pickupfifo  n   -   n   60  1   pickup

I noticed that pickup "wakes up" every 60 seconds, and my monitoring 
system "checks processes" every 180 seconds. Maybe it's just 
"synchronization" and my monitoring system performs the checking just 
when postfix is restarting pickup?


Does the "wake up" restart the process itself?

The docs just say:

"""
Wake up time (default: 0)
 Automatically  wake  up the named service after the
 specified number of seconds. The wake up is  imple-
 mented  by  connecting to the service and sending a
 wake up request.  A ? at the  end  of  the  wake-up
 time  field requests that no wake up events be sent
 before the first time a service is used.  Specify 0
 for no automatic wake up.
""

But I don't now if "wake up" means "a signal" or an o.s. "kill + new 
process" (which could explain my monitoring incidence).


(if it's that, I can just change 60 to 70 seconds, and that way the "ps 
auxwww | grep pickup" won't synchronize with pickup restart).


Is it safe to raise those 60 seconds to a more higher value, such as 
600 or so?


Am I right with the "synchronization" hypotesis or could be something 
different?


Thanks a lot.

--
Santiago Romero