Re: delay all outbound mail
On Wednesday 18 February 2009 19:32:53 Michael Orlitzky wrote: > I won't make any claims as to the correctness or efficiency of this > approach, but one way that I've seen this done is to store a record in > the database immediately, and then have a (cron) PHP script running > every 5 minutes or so to process any "ripe" messages. > > The script would execute the following pseudo-SQL, "SELECT * FROM > pending_messages WHERE subscription_level=cheap_bastard AND (now - > time_submitted) >= 2 hours". You would then loop through the results, > sending them off to mail() or whatever one at a time. At the risk of going too much off-topic, this is a valid solution if the app stores the data it's going to mail and you can get support for the feature upstream or it's you own app. Otherwise it's going to be a administrative nightmare. -- Melvyn Sopacua
Re: Postfix 2.6 changelog ?
* ram : > The docs at http://www.postfix.org mention several features available in > postfix 2.6(experimental). > > Where is the complete changelog of postfix 2.6 available ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/*.HISTORY -- Ralf Hildebrandt (ralf.hildebra...@charite.de) snick...@charite.de Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de Penguins are knocking at the door. Check your winter equipment, Bill
Re: delay all outbound mail
On Wednesday 18 February 2009 17:45:20 Sahil Tandon wrote: > My point was to implement the delay based on the OP's criteria *outside* of > Postfix. Whether this is done in the same application the OP mentioned or > another one (say, a policy service as you mention below) is an interesting > discussion, but probably off-topic here. Ah, gotcha and point taken. On Wednesday 18 February 2009 17:50:14 Noel Jones wrote: > A policy server won't really help here. > OP should read up on the "at" command. Yes it will. At/cron still means the php app needs to queue, then it gets passed to the postfix queue. Extra overhead, copied content, multiple points of failure in the queueing, having to write logging and debugging for the queue (logging and debugging is already available in postfix queues). A policy server is made for: implementing policies that fall outside of the realm of the mailserver. Delaying mail is one of those policies, as the nature of a mailserver is to deliver mail as fast as possible. -- Melvyn Sopacua
Re: Policy for outgoing messages
On Wed, Feb 18, 2009 at 3:59 AM, Rocco Scappatura wrote: > My aim, anyway, is to apply a such policy for outgoing messages > (including internal-to-internal messages). So I have to define a group > which contains the IPs enabled for relay through my mail server. smtpd_end_of_data_restrictions = check_policy_service inet:foo:12345 Postfix will send something like: request=smtpd_access_policy protocol_state=END-OF-MESSAGE protocol_name=ESMTP client_address=1.2.3.4 client_name=4.3.2.1.rfc1918.com reverse_client_name=4.3.2.1.rfc1918.com helo_name=[1.2.3.4] sender=sen...@example.com recipient...@domain.org recipient_count=1 instance=581.4821e789.60a46.0 size=500 etrn_domain= sasl_method=PLAIN sasl_username=sen...@example.com sasl_sender= ccert_subject= ccert_issuer= ccert_fingerprint= encryption_protocol= encryption_cipher= encryption_keysize=0 Take the "sasl_username", and use it as a key to lookup the number of messages sent in your homebrew database. Then add an entry with a count equal to "recipient_count". If the number < some pre-defined threshold within time period, then allow it. Otherwise reject it with some meaningful text.
Re: Too many connections on port 25
smtpd_delay_reject = no ? On Wed, Feb 18, 2009 at 3:09 PM, Alexey V Paramonov wrote: > Hi, > I'm looking for a good solution to make my postfix server operate faster. > My setup is Postfix + Policyd-weight + fail2ban, but nothing helps under > heavy load, and the problem is not with the server performance (CPU load is > not so high, about 30%), the problem is in the number of > smtp connections to port 25 - it's about 400-600 and "normal" users just > can't get through and connect to the server to send their mail (they get > "server timeout"). > Policyd-weight filteres such connections, but it doesn't drop them - seems > like it holds them open for some time and gives penality for each mail send > attempt, closing them only after N retries. > Is it possible to drop such too fast reconnections from same IPs using > Postfix or maybe iptables? > Or, maybe there is another way? > >
Postfix 2.6 changelog ?
The docs at http://www.postfix.org mention several features available in postfix 2.6(experimental). Where is the complete changelog of postfix 2.6 available
delay all outbound mail
jeffs wrote: Sahil Tandon wrote: On Wed, 18 Feb 2009, jeffs wrote: Thank you for your prompt reply. No problem, but please do not top-post; place all future replies *below* quoted text. Thanks. I am working on a project in which -- depending on the level of the users subscription -- either their mail is delayed for at least 2 hours or it is sent out immediately. Actually, I could use some advice on the best way to implement this. Because of the application in use all email whether or not it belongs to one group or another, originates from the same domain. It is an application sitting on the smtp server which processes mail for the application. The users fill in a form and depending on their level of subscription, the values from the form are converted into an email message, go out right away or are delayed. So, as far as the smtp server is concerned , all mail originates from the same user but in fact gets destined for different recipients. The application can ad tags or codes to the individual messages to indicate which group they are in so perhaps if postfix can look inside the message or something and see the tag or code, it can then decide if it should delay or deliver immediately the message. I hope I'm making myself clear and please ask if you need clarification. Why not configure your application to inspect the mail and, depending on your criteria, submit to Postfix immediately or after a two hour delay? You raise an interesting twist. The mail is sent out via php -- I really don't know how to make it delay the submitting of the mail to postfix unless you might have some ideas on that one. I'm very good with cron jobs and I was thinking if I could only get one group of messages into a queue or delayed queue then I could fire off the cron job every few hours, but I'm at a loss as to what queue and how to get it into that without postfix gobbling it up and sending it out right away. I won't make any claims as to the correctness or efficiency of this approach, but one way that I've seen this done is to store a record in the database immediately, and then have a (cron) PHP script running every 5 minutes or so to process any "ripe" messages. The script would execute the following pseudo-SQL, "SELECT * FROM pending_messages WHERE subscription_level=cheap_bastard AND (now - time_submitted) >= 2 hours". You would then loop through the results, sending them off to mail() or whatever one at a time. The benefit of using PHP, I suppose, is that you can use your existing application code to do most of that work. It's also slightly more robust in that you don't need to control the outgoing mail server for the application to function properly. I did look at defer_transports and that looks promising. Would I simple put defer_transports = smtp in the main.cf or do I have to fiddle with other settings someplace too? I'd prefer something a little more elegant than defer_transports unless I can, again, specify somehow which mails are to be delayed. Thanks again.
Re: delay all outbound mail
> --- Original Message --- > From: Melvyn Sopacua > To: postfix-users@postfix.org, je...@speakeasy.net > Sent: 18-Feb-09, 20:35:59 > Subject: Re: delay all outbound mail > > On Wednesday 18 February 2009 16:56:05 jeffs wrote: > > Sahil Tandon wrote: > > > On Wed, 18 Feb 2009, jeffs wrote: > > >> Thank you for your prompt reply. > > > > > > No problem, but please do not top-post; place all future replies *below* > > > quoted text. Thanks. > > > > > >> I am working on a project in which -- depending on the level of the > > >> users subscription -- either their mail is delayed for at least 2 hours > > >> or it is sent out immediately. Actually, I could use some advice on the > > >> best way to implement this. Because of the application in use all email > > >> whether or not it belongs to one group or another, originates from the > > >> same domain. It is an application sitting on the smtp server which > > >> processes mail for the application. The users fill in a form and > > >> depending on their level of subscription, the values from the form are > > >> converted into an email message, go out right away or are delayed. So, > > >> as far as the smtp server is concerned , all mail originates from the > > >> same user but in fact gets destined for different recipients. The > > >> application can ad tags or codes to the individual messages to indicate > > >> which group they are in so perhaps if postfix can look inside the > > >> message or something and see the tag or code, it can then decide if it > > >> should delay or deliver immediately the message. > > >> > > >> I hope I'm making myself clear and please ask if you need clarification. > > > > > > Why not configure your application to inspect the mail and, depending on > > > your criteria, submit to Postfix immediately or after a two hour delay? > > Because he then creates a queue for an application that already has a queue. > It's possible, but he'd have to create and maintain N queue directories, then > let cron pick up each queue by inspecting the date header. > > > I did look at defer_transports and that looks promising. Would I simple > > put defer_transports = smtp in the main.cf or do I have to fiddle with > > other settings someplace too? I'd prefer something a little more > > elegant than defer_transports unless I can, again, specify somehow which > > mails are to be delayed. > > This sounds more like something for a policy server. Take a look at postgrey > for example, it defers mail based on criteria postfix does not care about. > All information is available to a policy server to enforce the delay policy > you're describing. > -- > Melvyn Sopacua > A policy server won't really help here. OP should read up on the "at" command. -- Noel Jones
Re: delay all outbound mail
On Wed, 18 Feb 2009, Melvyn Sopacua wrote: > On Wednesday 18 February 2009 16:56:05 jeffs wrote: > > Sahil Tandon wrote: > > > On Wed, 18 Feb 2009, jeffs wrote: > > >> Thank you for your prompt reply. > > > > > > No problem, but please do not top-post; place all future replies *below* > > > quoted text. Thanks. > > > > > >> I am working on a project in which -- depending on the level of the > > >> users subscription -- either their mail is delayed for at least 2 hours > > >> or it is sent out immediately. Actually, I could use some advice on the > > >> best way to implement this. Because of the application in use all email > > >> whether or not it belongs to one group or another, originates from the > > >> same domain. It is an application sitting on the smtp server which > > >> processes mail for the application. The users fill in a form and > > >> depending on their level of subscription, the values from the form are > > >> converted into an email message, go out right away or are delayed. So, > > >> as far as the smtp server is concerned , all mail originates from the > > >> same user but in fact gets destined for different recipients. The > > >> application can ad tags or codes to the individual messages to indicate > > >> which group they are in so perhaps if postfix can look inside the > > >> message or something and see the tag or code, it can then decide if it > > >> should delay or deliver immediately the message. > > >> > > >> I hope I'm making myself clear and please ask if you need clarification. > > > > > > Why not configure your application to inspect the mail and, depending on > > > your criteria, submit to Postfix immediately or after a two hour delay? > > Because he then creates a queue for an application that already has a queue. > It's possible, but he'd have to create and maintain N queue directories, then > let cron pick up each queue by inspecting the date header. My point was to implement the delay based on the OP's criteria *outside* of Postfix. Whether this is done in the same application the OP mentioned or another one (say, a policy service as you mention below) is an interesting discussion, but probably off-topic here. -- Sahil Tandon
Re: delay all outbound mail
On Wednesday 18 February 2009 16:56:05 jeffs wrote: > Sahil Tandon wrote: > > On Wed, 18 Feb 2009, jeffs wrote: > >> Thank you for your prompt reply. > > > > No problem, but please do not top-post; place all future replies *below* > > quoted text. Thanks. > > > >> I am working on a project in which -- depending on the level of the > >> users subscription -- either their mail is delayed for at least 2 hours > >> or it is sent out immediately. Actually, I could use some advice on the > >> best way to implement this. Because of the application in use all email > >> whether or not it belongs to one group or another, originates from the > >> same domain. It is an application sitting on the smtp server which > >> processes mail for the application. The users fill in a form and > >> depending on their level of subscription, the values from the form are > >> converted into an email message, go out right away or are delayed. So, > >> as far as the smtp server is concerned , all mail originates from the > >> same user but in fact gets destined for different recipients. The > >> application can ad tags or codes to the individual messages to indicate > >> which group they are in so perhaps if postfix can look inside the > >> message or something and see the tag or code, it can then decide if it > >> should delay or deliver immediately the message. > >> > >> I hope I'm making myself clear and please ask if you need clarification. > > > > Why not configure your application to inspect the mail and, depending on > > your criteria, submit to Postfix immediately or after a two hour delay? Because he then creates a queue for an application that already has a queue. It's possible, but he'd have to create and maintain N queue directories, then let cron pick up each queue by inspecting the date header. > I did look at defer_transports and that looks promising. Would I simple > put defer_transports = smtp in the main.cf or do I have to fiddle with > other settings someplace too? I'd prefer something a little more > elegant than defer_transports unless I can, again, specify somehow which > mails are to be delayed. This sounds more like something for a policy server. Take a look at postgrey for example, it defers mail based on criteria postfix does not care about. All information is available to a policy server to enforce the delay policy you're describing. -- Melvyn Sopacua
Re: delay all outbound mail
Sahil Tandon wrote: On Wed, 18 Feb 2009, jeffs wrote: On Wed, 18 Feb 2009, jeffs wrote: Thank you for your prompt reply. No problem, but please do not top-post; place all future replies *below* quoted text. Thanks. I am working on a project in which -- depending on the level of the users subscription -- either their mail is delayed for at least 2 hours or it is sent out immediately. Actually, I could use some advice on the best way to implement this. Because of the application in use all email whether or not it belongs to one group or another, originates from the same domain. It is an application sitting on the smtp server which processes mail for the application. The users fill in a form and depending on their level of subscription, the values from the form are converted into an email message, go out right away or are delayed. So, as far as the smtp server is concerned , all mail originates from the same user but in fact gets destined for different recipients. The application can ad tags or codes to the individual messages to indicate which group they are in so perhaps if postfix can look inside the message or something and see the tag or code, it can then decide if it should delay or deliver immediately the message. I hope I'm making myself clear and please ask if you need clarification. Why not configure your application to inspect the mail and, depending on your criteria, submit to Postfix immediately or after a two hour delay? You raise an interesting twist. The mail is sent out via php -- I really don't know how to make it delay the submitting of the mail to postfix unless you might have some ideas on that one. I'm very good with cron jobs and I was thinking if I could only get one group of messages into a queue or delayed queue then I could fire off the cron job every few hours, but I'm at a loss as to what queue and how to get it into that without postfix gobbling it up and sending it out right away. I did look at defer_transports and that looks promising. Would I simple put defer_transports = smtp in the main.cf or do I have to fiddle with other settings someplace too? I'd prefer something a little more elegant than defer_transports unless I can, again, specify somehow which mails are to be delayed. You needn't fiddle with other settings. To deliver deferred mail, issue the "sendmail -q" command. Okay that works -- thanks for your help!
Re: delay all outbound mail
Sahil Tandon wrote: On Wed, 18 Feb 2009, jeffs wrote: On Wed, 18 Feb 2009, jeffs wrote: Thank you for your prompt reply. No problem, but please do not top-post; place all future replies *below* quoted text. Thanks. I am working on a project in which -- depending on the level of the users subscription -- either their mail is delayed for at least 2 hours or it is sent out immediately. Actually, I could use some advice on the best way to implement this. Because of the application in use all email whether or not it belongs to one group or another, originates from the same domain. It is an application sitting on the smtp server which processes mail for the application. The users fill in a form and depending on their level of subscription, the values from the form are converted into an email message, go out right away or are delayed. So, as far as the smtp server is concerned , all mail originates from the same user but in fact gets destined for different recipients. The application can ad tags or codes to the individual messages to indicate which group they are in so perhaps if postfix can look inside the message or something and see the tag or code, it can then decide if it should delay or deliver immediately the message. I hope I'm making myself clear and please ask if you need clarification. Why not configure your application to inspect the mail and, depending on your criteria, submit to Postfix immediately or after a two hour delay? You raise an interesting twist. The mail is sent out via php -- I really don't know how to make it delay the submitting of the mail to postfix unless you might have some ideas on that one. I'm very good with cron jobs and I was thinking if I could only get one group of messages into a queue or delayed queue then I could fire off the cron job every few hours, but I'm at a loss as to what queue and how to get it into that without postfix gobbling it up and sending it out right away. I did look at defer_transports and that looks promising. Would I simple put defer_transports = smtp in the main.cf or do I have to fiddle with other settings someplace too? I'd prefer something a little more elegant than defer_transports unless I can, again, specify somehow which mails are to be delayed. You needn't fiddle with other settings. To deliver deferred mail, issue the "sendmail -q" command. So let me make sure I have this straight -- I put: defer_transports = smtp in the main.cf which results in all mail being deferred until I issue the: sendmail -q command? Is that right?
Re: delay all outbound mail
On Wed, 18 Feb 2009, jeffs wrote: >> On Wed, 18 Feb 2009, jeffs wrote: >> >>> Thank you for your prompt reply. >> >> No problem, but please do not top-post; place all future replies *below* >> quoted text. Thanks. >> >>> I am working on a project in which -- depending on the level of the >>> users subscription -- either their mail is delayed for at least 2 >>> hours or it is sent out immediately. Actually, I could use some >>> advice on the best way to implement this. Because of the >>> application in use all email whether or not it belongs to one group >>> or another, originates from the same domain. It is an application >>> sitting on the smtp server which processes mail for the application. >>> The users fill in a form and depending on their level of >>> subscription, the values from the form are converted into an email >>> message, go out right away or are delayed. So, as far as the smtp >>> server is concerned , all mail originates from the same user but in >>> fact gets destined for different recipients. The application can ad >>> tags or codes to the individual messages to indicate which group >>> they are in so perhaps if postfix can look inside the message or >>> something and see the tag or code, it can then decide if it should >>> delay or deliver immediately the message. >>> >>> I hope I'm making myself clear and please ask if you need clarification. >> >> Why not configure your application to inspect the mail and, depending on >> your criteria, submit to Postfix immediately or after a two hour delay? > > You raise an interesting twist. The mail is sent out via php -- I > really don't know how to make it delay the submitting of the mail to > postfix unless you might have some ideas on that one. I'm very good > with cron jobs and I was thinking if I could only get one group of > messages into a queue or delayed queue then I could fire off the cron > job every few hours, but I'm at a loss as to what queue and how to get > it into that without postfix gobbling it up and sending it out right > away. > > I did look at defer_transports and that looks promising. Would I simple > put defer_transports = smtp in the main.cf or do I have to fiddle with > other settings someplace too? I'd prefer something a little more > elegant than defer_transports unless I can, again, specify somehow which > mails are to be delayed. You needn't fiddle with other settings. To deliver deferred mail, issue the "sendmail -q" command. -- Sahil Tandon
Re: delay all outbound mail
Sahil Tandon wrote: On Wed, 18 Feb 2009, jeffs wrote: Thank you for your prompt reply. No problem, but please do not top-post; place all future replies *below* quoted text. Thanks. I am working on a project in which -- depending on the level of the users subscription -- either their mail is delayed for at least 2 hours or it is sent out immediately. Actually, I could use some advice on the best way to implement this. Because of the application in use all email whether or not it belongs to one group or another, originates from the same domain. It is an application sitting on the smtp server which processes mail for the application. The users fill in a form and depending on their level of subscription, the values from the form are converted into an email message, go out right away or are delayed. So, as far as the smtp server is concerned , all mail originates from the same user but in fact gets destined for different recipients. The application can ad tags or codes to the individual messages to indicate which group they are in so perhaps if postfix can look inside the message or something and see the tag or code, it can then decide if it should delay or deliver immediately the message. I hope I'm making myself clear and please ask if you need clarification. Why not configure your application to inspect the mail and, depending on your criteria, submit to Postfix immediately or after a two hour delay? You raise an interesting twist. The mail is sent out via php -- I really don't know how to make it delay the submitting of the mail to postfix unless you might have some ideas on that one. I'm very good with cron jobs and I was thinking if I could only get one group of messages into a queue or delayed queue then I could fire off the cron job every few hours, but I'm at a loss as to what queue and how to get it into that without postfix gobbling it up and sending it out right away. I did look at defer_transports and that looks promising. Would I simple put defer_transports = smtp in the main.cf or do I have to fiddle with other settings someplace too? I'd prefer something a little more elegant than defer_transports unless I can, again, specify somehow which mails are to be delayed. Thanks again.
Re: postfix - amavisd - TLS
Thanks for the lesson, much appreciated. secondary question, would I be better off using LMTP rather than SMTP for the amavisd. JLA
Re: delay all outbound mail
On Wed, 18 Feb 2009, jeffs wrote: > Thank you for your prompt reply. No problem, but please do not top-post; place all future replies *below* quoted text. Thanks. > I am working on a project in which -- depending on the level of the > users subscription -- either their mail is delayed for at least 2 hours > or it is sent out immediately. Actually, I could use some advice on the > best way to implement this. Because of the application in use all email > whether or not it belongs to one group or another, originates from the > same domain. It is an application sitting on the smtp server which > processes mail for the application. The users fill in a form and > depending on their level of subscription, the values from the form are > converted into an email message, go out right away or are delayed. So, > as far as the smtp server is concerned , all mail originates from the > same user but in fact gets destined for different recipients. The > application can ad tags or codes to the individual messages to indicate > which group they are in so perhaps if postfix can look inside the > message or something and see the tag or code, it can then decide if it > should delay or deliver immediately the message. > > I hope I'm making myself clear and please ask if you need clarification. Why not configure your application to inspect the mail and, depending on your criteria, submit to Postfix immediately or after a two hour delay? -- Sahil Tandon
Re: delay all outbound mail
Thank you for your prompt reply. I have a postfix smtp server which connects directly to the internet and does not relay mail through an ISP. I am working on a project in which -- depending on the level of the users subscription -- either their mail is delayed for at least 2 hours or it is sent out immediately. Actually, I could use some advice on the best way to implement this. Because of the application in use all email whether or not it belongs to one group or another, originates from the same domain. It is an application sitting on the smtp server which processes mail for the application. The users fill in a form and depending on their level of subscription, the values from the form are converted into an email message, go out right away or are delayed. So, as far as the smtp server is concerned , all mail originates from the same user but in fact gets destined for different recipients. The application can ad tags or codes to the individual messages to indicate which group they are in so perhaps if postfix can look inside the message or something and see the tag or code, it can then decide if it should delay or deliver immediately the message. I hope I'm making myself clear and please ask if you need clarification. In my original post I was thinking well, perhaps I could set up two smtp servers and two domains and put the delayed group into one server/domain combo and the other group into a different server/domain combo and then just delay for two hours any mail in the delayed group server/domain combo. That was a stab at that idea. Sahil Tandon wrote: On Wed, 18 Feb 2009, jeffs wrote: I need to delay all outbound email, not specific to destination domains. I have tried to make the smtp_destination_rate_delay = 180 This increases the delay that is inserted between individual deliveries to the same destination via the smtp(8) delivery agent. but I believe that must work in conjunction with specific domains (please someone tell me if that is the case because the documentation, although it says one should specify the delayed to domain, doesn't specify that this MUST be the case). Where in the documentation is it stated that the destination domain needs to be specified? What would be the best way to delay ALL outbound email? What is the problem you're trying to solve? Maybe defer_transports would help in this situation.
Re: should main.cf treat whitespace characters identically?
On Wed, 18 Feb 2009, Travis wrote: > I recently started bouncing email because (it appears) I had a mixture > of space-indentation and tab-indentation on the multi-line $mydestinations > line. Show logs and output of the following command: % postconf mydestination -- Sahil Tandon
Re: delay all outbound mail
On Wed, 18 Feb 2009, jeffs wrote: > I need to delay all outbound email, not specific to destination domains. > I have tried to make the smtp_destination_rate_delay = 180 This increases the delay that is inserted between individual deliveries to the same destination via the smtp(8) delivery agent. > but I believe that must work in conjunction with specific domains > (please someone tell me if that is the case because the documentation, > although it says one should specify the delayed to domain, doesn't > specify that this MUST be the case). Where in the documentation is it stated that the destination domain needs to be specified? > What would be the best way to delay ALL outbound email? What is the problem you're trying to solve? Maybe defer_transports would help in this situation. -- Sahil Tandon
Re: should main.cf treat whitespace characters identically?
Travis: > I recently started bouncing email because (it appears) I had a mixture > of space-indentation and tab-indentation on the multi-line $mydestinations > line. > > Should postfix really be doing this? It seems straightforward to me > to treat all whitespace the same, and it would prevent a mail-losing > error like this... Please provide actual evidence that different whitespaces are producing different results. Show the file in one form and the other form. Show the logging. Wietse
should main.cf treat whitespace characters identically?
I recently started bouncing email because (it appears) I had a mixture of space-indentation and tab-indentation on the multi-line $mydestinations line. Should postfix really be doing this? It seems straightforward to me to treat all whitespace the same, and it would prevent a mail-losing error like this... -- http://www.subspacefield.org/~travis/ The United States is an Obama Nation. If you are a spammer, please email j...@subspacefield.org to get blacklisted.
Re: pipe - setup question
Jon Drukman: > : Recipient address rejected: User unknown in > local recipient table; from= USE relay_domains and relay_recipient_maps NOT virtual_alias_* NOT virtual_mailbox_* NOT mydestination
Re: pipe - setup question
On Wed, Feb 18, 2009 at 3:49 PM, Jon Drukman wrote: > unsuccessful delivery from the outside: > Feb 18 15:39:41 181379-web1 postfix/smtpd[30983]: NOQUEUE: reject: > RCPT from wf-out-1314.google.com[209.85.200.175]: 550 5.1.1 > : Recipient address rejected: User unknown in > local recipient table; from= > to= proto=ESMTP helo= > > i have 'in...@in.thismoment.com' in my relay_recipient_maps hash. adding local_recipient_maps = and reloading fixed it.
Re: pipe - setup question
On Wed, Feb 18, 2009 at 2:34 PM, Jon Drukman wrote: > On Wed, Feb 18, 2009 at 2:30 PM, Wietse Venema wrote: >>> what am i missing? >> >> Are the transport map lookups configured? >>$ postconf -n transport_maps > > that was it. for some reason that option is not listed in the default > main.cf on my box. my next problem is that this setup works fine for local deliveries (ie: running sendmail on the same box) but it doesn't work if i try to mail to it from the outside world. successful local delivery: Feb 18 15:32:31 181379-web1 postfix/pipe[30864]: 2F4A1B782C7: to=, relay=parsemail, delay=0.1, delays=0.03/0.01/0/0.05, dsn=2.0.0, status=sent (delivered via parsemail service) unsuccessful delivery from the outside: Feb 18 15:39:41 181379-web1 postfix/smtpd[30983]: NOQUEUE: reject: RCPT from wf-out-1314.google.com[209.85.200.175]: 550 5.1.1 : Recipient address rejected: User unknown in local recipient table; from= to= proto=ESMTP helo= i have 'in...@in.thismoment.com' in my relay_recipient_maps hash.
delay all outbound mail
I need to delay all outbound email, not specific to destination domains. I have tried to make the smtp_destination_rate_delay = 180 but I believe that must work in conjunction with specific domains (please someone tell me if that is the case because the documentation, although it says one should specify the delayed to domain, doesn't specify that this MUST be the case). What would be the best way to delay ALL outbound email? Thanks in advance
Re: postfix/milter added headers and header_check feature
Charles Account wrote: Hi, I found an email from Noel Jones: >>At 09:51 AM 8/2/2007, Marshal Newrock wrote: >>If not, what do I need to do in order to use header and body >>checks to reject mail after it has been scanned with the milter? >> >>Header_checks does not inspect headers added by milters in the same instance of postfix. You cannot use >>header_checks to reject mail based on milter-added headers. Still true. Here's my problem... I want to running a postfix (outbound mail) where the milter adds an RFC822 header. The added header classifies the mail. If the header classification is good, I would like the mail to be deliver to its final destination (ie lmtp or smtp). If the header classification is bad, I would like the mail to be routed to a secondary postfix. Use two (or more) postfix instances. Do the header_checks in the second instance. Postfix 2.6 will have a simplified multi-instance interface to make it easier. -- Noel Jones
postfix/milter added headers and header_check feature
Hi, I found an email from Noel Jones: >>At 09:51 AM 8/2/2007, Marshal Newrock wrote: >>If not, what do I need to do in order to use header and body >>checks to reject mail after it has been scanned with the milter? >> >>Header_checks does not inspect headers added by milters in the same instance >>of postfix. You cannot use >>header_checks to reject mail based on >>milter-added headers. Here's my problem... I want to running a postfix (outbound mail) where the milter adds an RFC822 header. The added header classifies the mail. If the header classification is good, I would like the mail to be deliver to its final destination (ie lmtp or smtp). If the header classification is bad, I would like the mail to be routed to a secondary postfix. I originally had configured postfix to do a header_check. Based on the exists and the RFC822 header (added by the milter), it would route the mail to a second postfix. This works great as long as the original message contained the header classification. However, if I configured the milter to add the RFC822 header, the header_check is skipped. Any suggestions on how I can configure postfix to route mail based on milter added RFC822 header? Thanks Charles _ See how Windows connects the people, information, and fun that are part of your life. http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/
Re: pipe - setup question
On Wed, Feb 18, 2009 at 2:30 PM, Wietse Venema wrote: >> what am i missing? > > Are the transport map lookups configured? >$ postconf -n transport_maps that was it. for some reason that option is not listed in the default main.cf on my box. thanks! -jsd-
Re: pipe - setup question
Jon Drukman: > On Wed, Feb 18, 2009 at 2:15 PM, Wietse Venema wrote: > > Jon Drukman: > >> still getting this > >> to=, relay=local, delay=0.05, > > > > This mail is sent to LOCAL not PIPE. Your transport map is not working. > > $ cat transport > in.thismoment.com parsemail: > > $ grep parsemail master.cf > parsemail unix - n n - 10 pipe flags=Rq user=filter argv=/usr/bin/php > /usr/local/bin/filter.php > > what am i missing? Are the transport map lookups configured? $ postconf -n transport_maps Does the hash file contain the expected data? $ postmap -q in.thismoment.com hash:/etc/postfix/transport Wietse
Re: pipe - setup question
On Wed, Feb 18, 2009 at 2:15 PM, Wietse Venema wrote: > Jon Drukman: >> still getting this >> to=, relay=local, delay=0.05, > > This mail is sent to LOCAL not PIPE. Your transport map is not working. $ cat transport in.thismoment.com parsemail: $ grep parsemail master.cf parsemail unix - n n - 10 pipe flags=Rq user=filter argv=/usr/bin/php /usr/local/bin/filter.php what am i missing?
Re: pipe - setup question
Jon Drukman: > still getting this > to=, relay=local, delay=0.05, This mail is sent to LOCAL not PIPE. Your transport map is not working. Wieste
Re: pipe - setup question
On Wed, Feb 18, 2009 at 12:12 PM, Wietse Venema wrote: >> i followed your instructions but i am getting "status=bounced (unknown >> user: "input")" when i try to send to in...@in.mydomain.com > > You still have it configured as virtual domain. Don't do that. I don't. I even removed the virtual_alias_maps line from main.cf and restarted. $ postconf -n | grep virtual $ > USE relay_domains and relay_recipient_maps, $ postconf -n | grep relay relay_domains = in.thismoment.com relay_recipient_maps = hash:/etc/postfix/thismoment-recipients $ cat /etc/postfix/thismoment-recipients in...@in.thismoment.com whatever > NOT virtual_alias_* > NOT virtual_mailbox_* still getting this to=, relay=local, delay=0.05, delays=0.02/0.01/0/0.01, dsn=5.1.1, status=bounced (unknown user: "input") -jsd-
Re: Too many connections on port 25
Alexey V Paramonov wrote: > Hi, > I'm looking for a good solution to make my postfix server operate faster. > My setup is Postfix + Policyd-weight + fail2ban, but nothing helps under > heavy load, and the problem is not with the server performance (CPU load > is not so high, about 30%), the problem is in the number of > smtp connections to port 25 - it's about 400-600 and "normal" users just > can't get through and connect to the server to send their mail (they get > "server timeout"). > Policyd-weight filteres such connections, but it doesn't drop them - > seems like it holds them open for some time and gives penality for each > mail send attempt, closing them only after N retries. > Is it possible to drop such too fast reconnections from same IPs using > Postfix or maybe iptables? > Or, maybe there is another way? > Why dont you just use port 587 for submission? -- David Schraeder Russell Regional Hospital Direct Dial: 785-483-0890 Direct Fax: 785-483-0891 dav...@russellhospital.org ** Electronic Mail Confidentiality Notice: This electronic mail message and all attachments may contain confidential information belonging to the sender or the intended recipient(s). This information is intended ONLY for the use of the individual or entity named above. If you are not the intended recipient(s), you are hereby notified that any disclosure, copying, distribution (electronic or otherwise), forwarding or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this electronic transmission in error, please immediately notify the sender by telephone, facsimile, or email to arrange for the return of the electronic mail, attachments, or documents and delete all materials from any and all computers. Russell Regional Hospital 200 South Main Street Tele. 785-483-3131 Russell, KS 67665Fax 785-483-4859 **
Re: Postfix + Maildrop
Simon Aquilina a écrit :
>[snip]
>>
>> >
>> > Enterting the command maildrop -V 4 -d sysad...@mydomain.com < 1 return
>> > the following:
>> > base 1: No such file or directory.
>>
>> well, you asked it to read from a file named "1". use "< /dev/null"
>> instead.
>
> I did as you suggested and the results I get are the following;
>
> Message start at 0 bytes, envelope sender=root
> maildrop: Attempting sysad...@mydomain.com
> maildrop: Unable to open filter file, errno=2
>
well, since your maildrop doesn't use authlib, it wants a real user (one
that it can find in /etc/passwd).
anyway, you can try with a higher verbosity level. for example
maildrop -V 9 -d someuser < /dev/null
> However I cannot understand why I am getting the third line. On the
> documentation it says that .maildropfilter should be in $HOME/. I
> understand that this means the home directory of the user used by
> maildrop. In my case the user is 'mail' and the home directory is
> '/var/mail/'. I created a file named '.maildropfilter' and inside it I
> placed only a single line to point to the mailbox (available further
> below). To be sure I also passed the following commands; chown mail
> .maildropfilter and chmod 666 .maildropfilter. I then copied the file to
> '/etc/courier/' as well but still had the same results :(
>
>>
>> >
>> > Enter the command maildrop -v returns the following:
>> > maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc
>> > GDBM/DB extensions enabled
>> > Maildir quota extensions enabled
>> >
>>
>> so your maildrop was not built with authlib support. as a result, it
>> can't query authdaemon. with authlib support, you get something like:
>>
>> $ maildrop -v
>> maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc.
>> GDBM extensions enabled.
>> Courier Authentication Library extension enabled.
>> Maildir quota extension enabled.
>> This program is distributed under the terms of the GNU General Public
>> License. See COPYING for additional information.
>>
>
> I spent all morning on the internet trying to find how to install
> maildrop with authlib support and did not find much. However I did find
> something interesting. On one website there was written that maildrop
> started displaying "Courier Authentication Library extension enabled."
> after it was configured to use authmysqlrc. Needless to say I did not
> fine the information where such setting should be placed!
>
maybe try:
http://www.ckvsoft.at/pmwh/index.php/Installation:Ubuntu:Maildrop
>>
>> look at the "Courier Authentication Library extension enabled." line.
>>
>> if the mailbox location or uid/gid is "dynamic", yiu'll need to
>> reinstall maildrop with authlib support.
>>
>> if the mailbox location is "static" (for example
>> /base/domain/user/maildir/) and you use a single uid:gid for all
>> mailboxes, then you can run maildrop with -d mailboxuid and have
>> maildroprc determine the mailbox path.
>
> At the moment all uid:gid have the same value. Therefore I was trying to
> get maildrop to work with the auth support and then work on connecting
> maildrop to mysql later.
>
> For this reason I changed my master.cf file maildrop setting to be
> finish with '... -d 1000 ${recipient} ${user}'. Considering maildrop
> should drop the emails in: '/var/mail/virtual/{user}/new/' I put a
> single line in .maildropfilter file as follows: 'MAILBOX =
> "/var/mail/virtual/$1/new/" '. NOTE: I only have this line in the
> .maildropfilter file.
>
1- The variable is DEFAULT, not MAILBOX.
2- don't put a "new/" there. maildrop will try to deliver to
$whatyoutellit/new/.
3- in your example, ${user} is $2, not $1. but you lose the domain part
(${nexthop} or ${domain} depending on your postfix version).
>>
>> >
>> > Enter the command authtest sysad...@mydomain.com return the following:
>> > Authentication FAILED: Operation not permitted
>> >
>>
>> if you got this as root, then you have a problem. any selinux, apparmor,
>> ... ?
>
> It seems I have apparmor installed... is this a problem?
>
it may be. you can uninstall it and see. the day you feel "confident",
you can reinstall it (or install selinux instead). you'll need to
understand how it works and how to configure it to allow what you want
to allow (I personally don't know!).
>>
>> > Also from where do I turn logging on? I do not have the file
>> > /etc/maildroprc!
>>
>> you create it. but the location is system dependent. so you'll have to
>> fins out whether your maildrop uses this file. this is easy: just put
>> random stuff there and see maildrop barking for syntax errors...
>
> I created the maildroprc in '/etc/courier/' I put a single line (again)
> which is as follows 'logfile = "/var/log/maildrop.log" '. When I run the
> above mentioned commands I do not get anything written in the log file
> (I pre-created and gave all type of rights on it). Where should I see
> maildrop complain about the syntax?
>
well, you're not making it easy. maildrop won't be allowed to write to
/var/l
Re: Too many connections on port 25
Alexey V Paramonov: > Hi, > I'm looking for a good solution to make my postfix server operate faster. > My setup is Postfix + Policyd-weight + fail2ban, but nothing helps under > heavy load, and the problem is not with the server performance (CPU load > is not so high, about 30%), the problem is in the number of > smtp connections to port 25 - it's about 400-600 and "normal" users just > can't get through and connect to the server to send their mail (they get > "server timeout"). > Policyd-weight filteres such connections, but it doesn't drop them - > seems like it holds them open for some time and gives penality for each > mail send attempt, closing them only after N retries. > Is it possible to drop such too fast reconnections from same IPs using > Postfix or maybe iptables? > Or, maybe there is another way? Use an SMTP reply code of "421" to force Postfix to disconnect. (with Postfix 2.6, reply code "521" will work too). Wietse
Re: pipe - setup question
Jon Drukman: > On Wed, Feb 18, 2009 at 11:50 AM, Wietse Venema wrote: > > /etc/postfix/example-recipients > >o...@example.com whatever > >t...@example.com whatever > > > > This is a relay domain setup. Virtual aliases solve a different problem. > > could i use a virtual alias to relay an entire domain to a single > script and use the script to parse the incoming address and decide > what to do? Again, the question has nothing to do with virtual aliases. > i followed your instructions but i am getting "status=bounced (unknown > user: "input")" when i try to send to in...@in.mydomain.com You still have it configured as virtual domain. Don't do that. USE relay_domains and relay_recipient_maps, NOT virtual_alias_* NOT virtual_mailbox_*
Too many connections on port 25
Hi, I'm looking for a good solution to make my postfix server operate faster. My setup is Postfix + Policyd-weight + fail2ban, but nothing helps under heavy load, and the problem is not with the server performance (CPU load is not so high, about 30%), the problem is in the number of smtp connections to port 25 - it's about 400-600 and "normal" users just can't get through and connect to the server to send their mail (they get "server timeout"). Policyd-weight filteres such connections, but it doesn't drop them - seems like it holds them open for some time and gives penality for each mail send attempt, closing them only after N retries. Is it possible to drop such too fast reconnections from same IPs using Postfix or maybe iptables? Or, maybe there is another way?
Re: pipe - setup question
On Wed, Feb 18, 2009 at 11:50 AM, Wietse Venema wrote: > /etc/postfix/example-recipients >o...@example.com whatever >t...@example.com whatever > > This is a relay domain setup. Virtual aliases solve a different problem. could i use a virtual alias to relay an entire domain to a single script and use the script to parse the incoming address and decide what to do? i followed your instructions but i am getting "status=bounced (unknown user: "input")" when i try to send to in...@in.mydomain.com i put "in...@in.mydomain.com" in the mydomain-recipients file and did a postmap on it. -jsd-
Re: pipe - setup question
Jon Drukman: > I read this page http://www.postfix.org/FILTER_README.html but I am > not having any luck getting my pipe set up. > > I want to make it so all mail destined for a particular subdomain is > run through a script and then discarded. For that, FILTER_README is not applicable (it delvers ALL MAIL) through a content filter). To deliver example.com to a pipe transport in master.cf, use a transport map /etc/postfix/transport example.com pipe-transport: And set up mail relaying in main.cf: /etc/postfix/main.cf: relay_domains = example.com relay_recipient_maps = hash:/etc/postfix/example-recipients /etc/postfix/example-recipients o...@example.comwhatever t...@example.comwhatever This is a relay domain setup. Virtual aliases solve a different problem. Wietse
pipe - setup question
I read this page http://www.postfix.org/FILTER_README.html but I am not having any luck getting my pipe set up. I want to make it so all mail destined for a particular subdomain is run through a script and then discarded. The 'all mail for a subdomain' requirement makes me think I need to use the virtual map. Can you connect the output of a virtual domain to a particular transport? I haven't had any success getting it to work. i added this line to master.cf: myfilter unix - n n - 10 pipe flags=Rq user=filter argv=/usr/bin/php /usr/local/bin/filter.php and this line to transport: in.mydomain.com myfilter: not sure what to add (if anything) to virtual. i tried this: in.mydomain.com virtual in...@in.mydomain.commyfilter: -jsd-
Re: New Pflogsumm Maintainer Needed
Jim Seymour wrote: Hi All, I'm simplifiying my life. Amonst other things, that means I'm dropping my business class DSL circuit and all of my involvement in projects, documentation, anti-spam efforts, etc. If somebody *qualified* wants to officially take over maintenance of Pflogsumm, please speak up. Jim, Did you get any takers? Rod -- "Qualified" means at least as knowledgable as I about Perl (not too-difficult a hurdle) and not the type to bloat a utility beyond all reason by bowing to every piddling little feature request everybody asks for in a bid to retain the popularity of your project. If somebody has a recommentation for another individual, that, too, is welcome. I hope those of you that have used it have found pflogsumm useful, and I'll take this opportunity to again thank the various contributors, over the years. Regards, Jim
RE: using reject_rbl_client with rbldnsd daemon RESOLVED
Noel, Thanks for pointing out the obvious!!! I had my head in the weeds. I'm in the processes of setting up a valid DNS entry for the authoritative query and it should then connect to my rbldnsd server. Charles > Date: Tue, 17 Feb 2009 13:39:15 -0600 > From: njo...@megan.vbhcs.org > To: georgeforma...@hotmail.com; postfix-users@postfix.org > Subject: Re: using reject_rbl_client with rbldnsd daemon > > George Forman wrote: > > Hi, > > > > I am attempting to setup and run my own dnsbl service. > > I am using rbldnsd: Small Daemon for DNSBLs from > > http://www.corpit.ru/mjt/rbldnsd.html > > I have setup the dnsbl daemon to run on server3.com (same server postfix > > is running on). > > I have verified using dig that the A record is found: > > > > dig @server3.com -p 53 47.85.81.1.server3.com > > You must test with > dig 47.85.81.1.server3.com. > > Additionally, if you are running postfix with the chroot flag > in master.cf, you need to test as the postfix user from within > the chroot jail. > > >-- Noel Jones _ Get more out of the Web. Learn 10 hidden secrets of Windows Live. http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
Re: Address verification question
Halassy Zoltán wrote:
Halassy Zoltán írta:
(sorry pushed the send button accidentally previously)
Take a look at
http://www.postfix.org/postconf.5.html#unverified_recipient_reject_code
> man 5 postconf
>
>reject_unverified_recipient
Yes, i know this one exists. But i guess this one would reject mails
with 5xx, when the foreign server tells me a 4xx message with quota
problems. Am i wrong?
You're wrong. With
unverified_{sender, recipient}_reject_code = 550
postfix will convert the rejection to a 450 if the probe fails
for some temporary reason, or if the remote server answers
with 4xx.
Also, i would like to use the reject_unverified_sender mechanism, not
the reject_unverified_recipient one.
Right. Same thing.
-- Noel Jones
Re: Requeue if DNS server is down
Thanks for the help guys, I was unaware of that option and have no idea why I enabled it in the first place. Sorry about that. -- Sincerely Erik Paulsen Skålerud
Re: Sender address rejected: undeliverable address
Alexandre Balistrieri wrote: I am not receiving from ukranz-r...@unfccc.int Why? - reject_unverified_sender?? == maillog = Feb 17 09:02:30 guarani postfix/smtpd[18968]: NOQUEUE: reject: RCPT from unknown[62.225.2.61]:550 5.1.7 : Sender address rejected: undeliverable address: host svmviruswall01.unfccc.int[62.225.2.62] said: 501 Syntax error in parameters or arguments - (in reply to MAIL FROM command); from= to= proto=ESMTP helo= = Yes, reject_unverified_sender is the problem. The MX for unfccc.int doesn't like your address probe. You may possibly be able to fix this by adjusting the value of address_verify_sender; some misconfigured systems don't accept mail from "postmaster" or "<>" http://www.postfix.org/postconf.5.html#address_verify_sender If that doesn't help, you will need to add the client to a whitelist, or stop using reject_unverified_sender. -- Noel Jones
Re: Postfix + Maildrop
2009/2/18 Simon Aquilina : > What command did you use to install maildrop? Also did you have the > configure maildrop to use the authmysqlrc file? if so where? aptitude install courier-maildrop aptitude install courier-authlib-mysql authmysqlrc then needs to be completed with MySQL server details and details appropriate to your database set up. Descriptions and examples of the settings required are included in the authmysqlrc.dpkg-dist file. Cheers Guy -- Don't just do something...sit there!
Sender address rejected: undeliverable address
I am not receiving from ukranz-r...@unfccc.int Why? - reject_unverified_sender?? == maillog = Feb 17 09:02:30 guarani postfix/smtpd[18968]: NOQUEUE: reject: RCPT from unknown[62.225.2.61]:550 5.1.7 : Sender address rejected: undeliverable address: host svmviruswall01.unfccc.int[62.225.2.62] said: 501 Syntax error in parameters or arguments - (in reply to MAIL FROM command); from= to= proto=ESMTP helo= = == postconf -n === guarani:~ # postconf -n address_verify_map = btree:/var/spool/postfix/verified alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases biff = no broken_sasl_auth_clients = yes canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:127.0.0.1:10024 daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no disable_mime_output_conversion = no disable_vrfy_command = yes home_mailbox = Maildir/ html_directory = /usr/share/doc/packages/postfix/html inet_interfaces = all inet_protocols = ipv4 mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = mailbox_size_limit = 0 mailbox_transport = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 2048 mydestination = $myhostname, localhost.$mydomain, $mydomain mydomain = gsr.inpe.br myhostname = guarani.$mydomain mynetworks = 150.163.0.0/16, 127.0.0.0/8 mynetworks_style = subnet newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES recipient_delimiter = + relay_domains = $mydestination relayhost = relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_sasl_auth_enable = no smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_client_restrictions = smtpd_data_restrictions = reject_multi_recipient_bounce, reject_unauth_pipelining,permit smtpd_error_sleep_time = 1 smtpd_hard_error_limit = 5 smtpd_helo_required = yes smtpd_helo_restrictions = smtpd_recipient_restrictions = reject_unlisted_recipient reject_unlisted_senderpermit_sasl_authenticated, permit_mynetworks,reject_unauth_destination, reject_multi_recipient_bounce,reject_invalid_hostname, reject_non_fqdn_sender,reject_non_fqdn_recipient, reject_unknown_sender_domain,reject_unverified_recipient, reject_non_fqdn_hostname,reject_unverified_
RE: Postfix + Maildrop
Sorry for taking long ... tried to do some research on the hints I got
from over here but failed miserably... below are my comments ...
> Date: Wed, 18 Feb 2009 00:13:32 +0100
> From: mo...@ml.netoyen.net
> To: postfix-users@postfix.org
> Subject: Re: Postfix + Maildrop
>
> sim085 a écrit :
> > [snip]
> > Thank you for your reply. I do have the courier authmysqlrc file set up
> > however it is located at /etc/courier/ not /etc/authlib/.
>
> The location is system dependent. if your courier (imap, pop, webmail)
> works, it's ok.
yes, I can confirm courier-imap is working fine.
>
> > In my opinion this
> > file is set up properly since otherwise squirrelmail would not be working.
>
> well... squirrelmail doesn't access that files. what you mean is that
> your imap server is working.
>
> > However just in case I created the /etc/authlib/ directory and copied
> > authmysqlrc there.
>
> don't create random files. ok for testing. but now, remove'em.
:) definitely ...
>
> > Unfortunately still no good results :(
> >
> > Enterting the command maildrop -V 4 -d sysad...@mydomain.com < 1 return
> > the following:
> > base 1: No such file or directory.
>
> well, you asked it to read from a file named "1". use "< /dev/null"
> instead.
I did as you suggested and the results I get are the following;
Message start at 0 bytes, envelope sender=root
maildrop: Attempting sysad...@mydomain.com
maildrop: Unable to open filter file, errno=2
However
I cannot understand why I am getting the third line. On the
documentation it says that .maildropfilter should be in $HOME/. I
understand that this means the home directory of the user used by
maildrop. In my case the user is 'mail' and the home directory is
'/var/mail/'. I created a file named '.maildropfilter' and inside it I
placed only a single line to point to the mailbox (available further
below). To be sure I also passed the following commands; chown mail
.maildropfilter and chmod 666 .maildropfilter. I then copied the file
to '/etc/courier/' as well but still had the same results :(
>
> >
> > Enter the command maildrop -v returns the following:
> > maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc
> > GDBM/DB extensions enabled
> > Maildir quota extensions enabled
> >
>
> so your maildrop was not built with authlib support. as a result, it
> can't query authdaemon. with authlib support, you get something like:
>
> $ maildrop -v
> maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc.
> GDBM extensions enabled.
> Courier Authentication Library extension enabled.
> Maildir quota extension enabled.
> This program is distributed under the terms of the GNU General Public
> License. See COPYING for additional information.
>
I
spent all morning on the internet trying to find how to install
maildrop with authlib support and did not find much. However I did find
something interesting. On one website there was written that maildrop
started displaying "Courier Authentication Library extension enabled."
after it was configured to use authmysqlrc. Needless to say I did not
fine the information where such setting should be placed!
>
> look at the "Courier Authentication Library extension enabled." line.
>
> if the mailbox location or uid/gid is "dynamic", yiu'll need to
> reinstall maildrop with authlib support.
>
> if the mailbox location is "static" (for example
> /base/domain/user/maildir/) and you use a single uid:gid for all
> mailboxes, then you can run maildrop with -d mailboxuid and have
> maildroprc determine the mailbox path.
At
the moment all uid:gid have the same value. Therefore I was trying to
get maildrop to work with the auth support and then work on connecting
maildrop to mysql later.
For this reason I changed my
master.cf file maildrop setting to be finish with '... -d 1000
${recipient} ${user}'. Considering maildrop should drop the emails in:
'/var/mail/virtual/{user}/new/' I put a single line in .maildropfilter
file as follows: 'MAILBOX = "/var/mail/virtual/$1/new/" '. NOTE: I only
have this line in the .maildropfilter file.
>
> >
> > Enter the command authtest sysad...@mydomain.com return the following:
> > Authentication FAILED: Operation not permitted
> >
>
> if you got this as root, then you have a problem. any selinux, apparmor,
> ... ?
It seems I have apparmor installed... is this a problem?
>
> > Also from where do I turn logging on? I do not have the file
> > /etc/maildroprc!
>
> you create it. but the location is system dependent. so you'll have to
> fins out whether your maildrop uses this file. this is easy: just put
> random stuff there and see maildrop barking for syntax errors...
I
created the maildroprc in '/etc/courier/' I put a single line (again)
which is as follows 'logfile = "/var/log/maildrop.log" '. When I run
the above mentioned commands I do not get anything written in the log
file (I pre-created and gave all type of rights on it). Where should I
see maildrop complain about the syntax?
RE: Postfix + Maildrop
> Date: Wed, 18 Feb 2009 09:50:49 + > Subject: Re: Postfix + Maildrop > From: wyldf...@gmail.com > To: postfix-users@postfix.org > > 2009/2/17 mouss : > > $ maildrop -v > > maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc. > > GDBM extensions enabled. > > Courier Authentication Library extension enabled. > > Maildir quota extension enabled. > > This program is distributed under the terms of the GNU General Public > > License. See COPYING for additional information. > > I'm also using Ubuntu. I've got the courier-maildrop package installed > which includes the auth library extension. > Perhaps you have the plain "maildrop" package installed? > > -- > Don't just do something...sit there! What command did you use to install maildrop? Also did you have the configure maildrop to use the authmysqlrc file? if so where? _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE
[no subject]
-- С уважением, Пименов Д.А.
Re: Address verification question
Halassy Zoltán írta: (sorry pushed the send button accidentally previously) Take a look at http://www.postfix.org/postconf.5.html#unverified_recipient_reject_code > man 5 postconf > >reject_unverified_recipient Yes, i know this one exists. But i guess this one would reject mails with 5xx, when the foreign server tells me a 4xx message with quota problems. Am i wrong? Also, i would like to use the reject_unverified_sender mechanism, not the reject_unverified_recipient one.
Re: Address verification question
(sorry pushed the send button accidentally previously) Take a look at http://www.postfix.org/postconf.5.html#unverified_recipient_reject_code > man 5 postconf > >reject_unverified_recipient Yes, i know this one exists. But i guess this one would reject mails with 5xx, when the foreign server tells me a 4xx message with quota problems. Am i wrong?
Re: Address verification question
Take a look at http://www.postfix.org/postconf.5.html#unverified_recipient_reject_code
Re: Address verification question
Halassy Zolt??n: > Hello! > > I am using Address verification now with ~90% success (using it over a > year now). > > The only flaw i didn't find a solution yet is the following: > > When a server rejects an e-mail address with 5xx, mine rejects it only > with 4xx. But! I would like to reject them with 4xx if the foreign > server sends 4xx, or unreachable, DNS failures etc... Is this possible? > > Example: > > NOQUEUE: reject: RCPT from example.com[1.2.3.4]: 450 4.1.7 > : Sender address rejected: undeliverable address: > host example.com[1.2.3.4] said: > 551 5.1.1 user does not exist (in reply to RCPT TO command); > from= to= proto=ESMTP > helo= > > I would like to answer 550 instead of 450 in this case, but 4xx any > other case. man 5 postconf reject_unverified_recipient Reject the request when mail to the RCPT TO address is known to bounce, or when the recipient address destination is not reach- able. Address verification information is managed by the ver- ify(8) server; see the ADDRESS_VERIFICATION_README file for details. The unverified_recipient_reject_code parameter specifies the numerical response code when an address is known to bounce (default: 450, change into 550 when you are confident that it is safe to do so). [... more text deleted...]
Re: Address verification question
Halassy Zoltán schrieb: > When a server rejects an e-mail address with 5xx, mine rejects it only > with 4xx. But! I would like to reject them with 4xx if the foreign > server sends 4xx, or unreachable, DNS failures etc... Is this possible? Take a look at http://www.postfix.org/postconf.5.html#unverified_recipient_reject_code
Address verification question
Hello! I am using Address verification now with ~90% success (using it over a year now). The only flaw i didn't find a solution yet is the following: When a server rejects an e-mail address with 5xx, mine rejects it only with 4xx. But! I would like to reject them with 4xx if the foreign server sends 4xx, or unreachable, DNS failures etc... Is this possible? Example: NOQUEUE: reject: RCPT from example.com[1.2.3.4]: 450 4.1.7 : Sender address rejected: undeliverable address: host example.com[1.2.3.4] said: 551 5.1.1 user does not exist (in reply to RCPT TO command); from= to= proto=ESMTP helo= I would like to answer 550 instead of 450 in this case, but 4xx any other case.
Re: Postfix + Maildrop
2009/2/17 mouss : > $ maildrop -v > maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc. > GDBM extensions enabled. > Courier Authentication Library extension enabled. > Maildir quota extension enabled. > This program is distributed under the terms of the GNU General Public > License. See COPYING for additional information. I'm also using Ubuntu. I've got the courier-maildrop package installed which includes the auth library extension. Perhaps you have the plain "maildrop" package installed? -- Don't just do something...sit there!
Policy for outgoing messages
Hello,
I have a number of networks from which is possible to use my mail
gateway system (Postfix+Amavisd-new+MySQL) to relay email messages
(directly through a mail client or through another MTA that uses my mail
gateway system as smart host). The mail gateway system moreover is used
as MX record for the email domains that I maintain.
I have already tried a policy that limits (setting a quota) the number
of messages by sender (from any IP to any IP, excluding mail from "<>")
to a certain number during a time slot.
My aim, anyway, is to apply a such policy for outgoing messages
(including internal-to-internal messages). So I have to define a group
which contains the IPs enabled for relay through my mail server.
The problem is that I have no a static list of IPs/networks. Infact, my
Postfix looks up the underlying database to permit or deny the relay to
a client:
smtpd_recipient_restrictions =
check_client_access
proxy:mysql:/etc/postfix/mysql-check-client-access.cf
where the query is:
query = select action from access where inet_aton(ip) & inet_aton(mask)
= inet_aton('%s') & inet_aton(mask) order by mask DESC limit 0,1;
How could define a such group in Policyd V2?
At the same time, I place the same question to Postfix and Amavisd-new
lists, hoping that someone can suggest me a "to the bottom" solution to
this issue..
Thanks,
rocsca
