can't relay even for mynetworks

[Madeleine Birkemose]

I have a very simple problem. I have a small /28 network and I want my
postfix host (mose.fekiworld.dk, 87.48.217.12) to relay ALL mail for
all my other machines in this network. However, even if I set
mynetworks right, and I still get 554-rejections like this (from
mail.log):

Mar 21 17:25:50 mose postfix/smtpd[14019]: NOQUEUE: reject: RCPT from
ippenutt.fekiworld.dk[87.48.217.3]: 554 5.7.1 :
Relay access denied; from=
to= proto=SMTP helo=

How is this possible?

mose.fekiworld.dk has ip 87.48.217.12.

Names has been changed to protect the innocent.

This was so simple with qmail.

-- Madeleine



My postconf -n looks like this:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = mose.fekiworld.dk, localhost
myhostname = mose.fekiworld.dk
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

postconf -d | grep -i mynetwork looks like this:

mynetworks = 127.0.0.0/8 87.48.217.0/28
mynetworks_style = subnet
parent_domain_matches_subdomains =
debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks $sender_bcc_maps
$recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps
smtpd_client_event_limit_exceptions =
${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

Re: Postfix and virtual users with additional_condition

[Sebastian Chociwski]

Hello,
sorry for the trouble i couse but as you may nothice I'm not very
experienced user .
I am really grateful for your help. I DO.

Victor Duchovni pisze:
> On Fri, Mar 20, 2009 at 11:35:09PM +0100, Sebastian Chociwski wrote:
>
>> I am (almost ;) ) 100% sure that only mail could be delivered is in ONE
>> mysql db.
>
> What in your Postfix configuration do you expect to reject mail not
> listed in that MySQL table?
I configured postfix to use one table to deliver mails to.
When I send email to non-existing account it is rejected. As well as
I try to send email to user I changed in table. 
>
>> _email2email.cf points at DB I use to decide what mails to deliver
>> _domains.cf is DB with domains i want to accept (one column with domain
>> name)
>
> How did you communicate your intent (decision) to Postfix?
I made additional column in table. Default integer is "1".
...
And I just realized why it don't work ...
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
All changes I made in ALIAS_MAPS. Adding condition to mailbox_maps file
make it work.

So sorry for the time you lost on me. And THANK YOU , without your help it
would take weeks before I realize 
why it don't work :(

-- 
best regards,
Sebastian Chociwski

Re: can't relay even for mynetworks

[Barney Desmond]

2009/3/23 Madeleine Birkemose :
> I have a very simple problem. I have a small /28 network and I want my
> postfix host (mose.fekiworld.dk, 87.48.217.12) to relay ALL mail for
> all my other machines in this network. However, even if I set
> mynetworks right, and I still get 554-rejections like this (from
> mail.log):
>
> Mar 21 17:25:50 mose postfix/smtpd[14019]: NOQUEUE: reject: RCPT from
> ippenutt.fekiworld.dk[87.48.217.3]: 554 5.7.1 :
> Relay access denied; from=
> to= proto=SMTP helo=

Your setup sounds okay, but the postconf says otherwise. From the docs:

"$mynetworks_style (default: subnet)"

"If you specify the mynetworks list by hand, Postfix ignores the
mynetworks_style setting."

> postconf -d | grep -i mynetwork looks like this:
>
> mynetworks = 127.0.0.0/8 87.48.217.0/28
> mynetworks_style = subnet

That looks correct to me.

> My postconf -n looks like this:
>
> 
> myhostname = mose.fekiworld.dk
> mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
> myorigin = /etc/mailname
> 

It looks like you (or something else) have set $mynetworks to
localhost addresses and no subnet addresses (IPv6, too!). Check your
main.cf and check. You should be able to remove mynetworks and restart
postfix, I think it should Just Work then.

Separating relay control from other checks

[Rocco Scappatura]

Hello,

I felt interesting the discussion started by mouss in thread "whitelist
from spamhaus", and particularly the content of the email:

http://archives.neohapsis.com/archives/postfix/2006-05/0598.html

written by Viktor.

Indeed, I have started since some weeks to use the Postfix SMTP policy
access delegation. Because I need to apply a policy to the outgoing
messages, I have been obliged to put the policy check delegation on top
of "smtpd_recipient_restrictions" class:

smtpd_recipient_restrictions =
check_policy_service inet:127.0.0.1:10031
check_client_access
proxy:mysql:/etc/postfix/mysql-check-client-access.cf
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
.
.
.

I don't like much this solution because doing so I apply policy even
before to check If an IP is enabled to relay through my mail gateway.
Neverthless, I could move down "check_policy_service" after
"reject_unauth_destination" because the policy wouldn't be applied to
the outgoing messages..

In the solution proposed by Viktor, it seems that I could separate the
two stages (UCE control - including policy, and relay). So I can rewrite
the stage above as the following:

smtpd_rcpt_restriction_classes =
smtpd_relay_restrictions
smtpd_recipient_restrictions

where

smtpd_relay_restrictions =
check_client_access
proxy:mysql:/etc/postfix/mysql-check-client-access.cf
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination

smtpd_recipient_restrictions = check_policy_service
inet:127.0.0.1:10031

What do you think? Could be ok?

A further question: "How I say to postfix to use
'smtpd_rcpt_restriction_classes' and where it will be evaluated?"

Thanks,

rocsca

header_checks for a specific client or sender

[Martin Strand]

Is it possible to make a header_checks rule apply only to a certain client?

I've got an annoying piece of software which sends messages through Postfix.
This software insists on including a "Sender" header that I wish to filter out 
with Postfix, but only for this certain client (or the envelope sender, which 
is always the same)
Unfortunately, fixing the software is not an option :(
Any tips?

Restrict delivery of mail to some addresses to local senders

[mikie mike]

Sorry for this simple and probably already asked question but I couldn't
find any answer anyway...

How to restrict delivery of mail to some addresses (especially local
aliases) to senders from local domains only?

e.g.

I would like only senders from @mycompany.com to be allowed to send a
message to an alias a...@mycompany.com

milter protocol

[Danilo Paffi Monteiro]

Hello,

This question is stupid, I Think.

I'm trying to understand how milter works, to implement some filters
(develop a milter program)

I haven't found a good documentation about the protocol, actually the
ones that I found are very hard to understand.

Does anyone knows some documentation like this
(http://www.postfix.org/SMTPD_POLICY_README.html) for milter protocol?

Or the milter protocol is too complex to have one doc like the policy has ?

-- 
Danilo Paffi Monteiro
UOL S/A

Re: milter protocol

[Erwan David]

On Mon, Mar 23, 2009 at 01:12:53PM CET, Danilo Paffi Monteiro 
 said:
> Hello,
> 
> This question is stupid, I Think.
> 
> I'm trying to understand how milter works, to implement some filters
> (develop a milter program)
> 
> I haven't found a good documentation about the protocol, actually the
> ones that I found are very hard to understand.
> 
> Does anyone knows some documentation like this
> (http://www.postfix.org/SMTPD_POLICY_README.html) for milter protocol?
> 
> Or the milter protocol is too complex to have one doc like the policy has ?

I find https://www.milter.org/developers quite easy to understand (but
I did not actually develop a milter).

-- 
Erwan

Re: Restrict delivery of mail to some addresses to local senders

[Costin Guşă]

On Mon, Mar 23, 2009 at 1:32 PM, mikie mike  wrote:
> Sorry for this simple and probably already asked question but I couldn't
> find any answer anyway...
>
> How to restrict delivery of mail to some addresses (especially local
> aliases) to senders from local domains only?
>
> e.g.
>
> I would like only senders from @mycompany.com to be allowed to send a
> message to an alias a...@mycompany.com
>

http://www.postfix.org/RESTRICTION_CLASS_README.html
and search for restriction class (or restriction classes) on the list

Re: milter protocol

[Andrzej Adam Filip]

Danilo Paffi Monteiro  wrote:
> This question is stupid, I Think.
>
> I'm trying to understand how milter works, to implement some filters
> (develop a milter program)
>
> I haven't found a good documentation about the protocol, actually the
> ones that I found are very hard to understand.
>
> Does anyone knows some documentation like this
> (http://www.postfix.org/SMTPD_POLICY_README.html) for milter protocol?
>
> Or the milter protocol is too complex to have one doc like the policy
> has ?

Milter has been designed by sendmail's team and officially released in
2001 (sendmail-8.12.0). Postfix added support for milters in 2006
(postfix-2.3.0).

Sendmail's team policy has been that users/developers should use milter
library provided by sendmail (milter API) => the milter protocol has
been treated as "internal implementation detail" and (AFAIK) it has
never been *officially* documented.

One of milter *protocol* documentation is available in pmilter project 
(pure perl milter) http://pmilter.sourceforge.net/

If you want "milter API" documentation for milter developers than look
into documentation provided in sendmail.

-- 
[pl>en: Andrew] Andrzej Adam Filip : a...@onet.eu
I didn't get sophisticated -- I just got tired.
But maybe that's what sophisticated is -- being tired.
  -- Rita Gain

Re: milter protocol

[Wietse Venema]

Danilo Paffi Monteiro:
> Hello,
> 
> This question is stupid, I Think.
> 
> I'm trying to understand how milter works, to implement some filters
> (develop a milter program)

The Milter API documentation is included with Sendmail source code.
It describes the over-all architecture and API. It's not a tutorial
for writing applications.

There exists a book for writing Milter applications.  Bryan Costales,
Marcia Flynt: "sendmail Milters: A Guide for Fighting Spam".  It
has some reviews on-line at Amazon etc.  I remember stumbling across
it after I had already started, and I haven't looked into it since
Postfix 2.3.


Wietse

Re: Postfix and virtual users with additional_condition

[Brian Evans - Postfix List]

Sebastian Chociwski wrote:
> myhostname = suse11.eurimage.pl
> mydestination = suse11.eurimage.pl, localhost, localhost.localdomain
> mynetworks = 127.0.0.0/8
> virtual_alias_domains =
> virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
> mysql:/etc/postfix/mysql-virtual_email2email.cf
>   

You are asking Postfix to rewrite addresses in
mysql:/etc/postfix/mysql-virtual_email2email.cf
If not found, no harm done.

> virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
> virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
>   
For domains listed in mysql:/etc/postfix/mysql-virtual_domains.cf, you
should put the active check in
mysql:/etc/postfix/mysql-virtual_mailboxes.cf as this will reject messages.
The SQL will depend on your table structure.

Brian

Re: Postfix and virtual users with additional_condition

[Victor Duchovni]

On Mon, Mar 23, 2009 at 09:41:14AM +0100, Sebastian Chociwski wrote:

> > On Fri, Mar 20, 2009 at 11:35:09PM +0100, Sebastian Chociwski wrote:
> >
> >> I am (almost ;) ) 100% sure that only mail could be delivered is in ONE
> >> mysql db.
> >
> > What in your Postfix configuration do you expect to reject mail not
> > listed in that MySQL table?
>
> I configured postfix to use one table to deliver mails to.

WHICH CONFIGURATION SETTINGS DO YOU EXPECT DO THIS?

Forget the SQL, focus on the Postfix feature that you are using, and
figure out whether it will or will not in fact restrict access to
unlisted addresses.

> And I just realized why it don't work ...
>
> virtual_alias_maps =
>   proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
>   mysql:/etc/postfix/mysql-virtual_email2email.cf
> virtual_mailbox_domains =
>   proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
> virtual_mailbox_maps =
>   proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
>
> All changes I made in ALIAS_MAPS. Adding condition to mailbox_maps file
> make it work.

This is exactly the point, you were too immersed in SQL tweaking to
notice that for mailbox domains the valid users are listed *primarily*
in the mailbox maps table.

While *not* being listed in the alias table does not make an address fail
"reject_unlisted_recipient", being listed in the alias table makes an
address pass "reject_unlisted_recipient", so if you really want to
reject an invalid address at SMTP time, you need to not list it in
either table.

Identity mappings (fixedu...@example.com -> fixedu...@example.com) are not
terribly useful unless you also have a catch-all address. Why do you have
these at all?

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Postfix and virtual users with additional_condition

[Sebastian Chociwski]

Victor Duchovni pisze:
> On Mon, Mar 23, 2009 at 09:41:14AM +0100, Sebastian Chociwski wrote:
>
>>> On Fri, Mar 20, 2009 at 11:35:09PM +0100, Sebastian Chociwski wrote:
>>>
> WHICH CONFIGURATION SETTINGS DO YOU EXPECT DO THIS?
Of course I thought it was _email2email.cf .
Now I see how wrong I was.
>
> Identity mappings (fixedu...@example.com -> fixedu...@example.com) are
not
> terribly useful unless you also have a catch-all address. Why do you have
> these at all?
>
Becouse I thought it is responsible for delivering mails. It's my first
postfix working with 
any DB and after some problems with makeing it work I didn't catch what I
dmade wrong.
_email2email on my system is useless. I guess when I use second DB
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf,
proxy:mysql:/etc/postfix/mysql-virtual_SECOND_mailboxes.cf
it won't be a problem ? Does it matter which is first ?

thanks again Victor.
Own you a beer ;)

-- 
best regards,
Sebastian Chociwski

Re: header_checks for a specific client or sender

[Terry Carmen]

Martin Strand wrote:

Is it possible to make a header_checks rule apply only to a certain client?

I've got an annoying piece of software which sends messages through Postfix.
This software insists on including a "Sender" header that I wish to filter out 
with Postfix, but only for this certain client (or the envelope sender, which is always 
the same)
Unfortunately, fixing the software is not an option :(
Any tips?
  


If you want to change the sender's email address for the message, you 
can use


smtp_generic_maps = hash:/etc/postfix/generic

In main.cf

and add the address translation to

/etc/postfix/generic

(don't forget to postmap and reload config)

If you really want to not deliver it, you can add:

badsen...@yourdomain.tlderror:mail from badsender is not deliverable

to your transport table.

Terry




Terry

Fedora10 RPM build from src fails.

[James A R Brown]

Hi,

Hopefully someone can point me in the right direction to resolving the
following attempted RPM build on Fedora10 X86_64.

I have tried this now on 2 F10 machines.

I also revisited Postfix 2.4.5 src which used to build on F7 ok, but
this package will also not build on F10 as won't 2.5.6

Thanks

James

Src used : 
http://ftp.wl0.org/official/2.5/SRPMS/postfix-2.5.6-1.src.rpm


Error is
---
[r...@www SOURCES]# sh make-postfix.spec

Creating Postfix spec file: /root/rpmbuild/SPECS/postfix.spec
  Checking rpm database for distribution information...
  - if the script gets stuck here:
check and remove /var/lib/rpm/__db.00? files
  Distribution is: fedora-release-10-1.noarch (fedora-10.0)

  enabling LDAP support in spec file by default (disable with
POSTFIX_LDAP=0)
  enabling PCRE support in spec file
  enabling MySQL support (RedHat mysql* packages) in spec file
  enabling Dovecot SASL support in spec file
  enabling TLS support in spec file by default (disable with
POSTFIX_TLS=0)

[r...@www SPECS]# rpmbuild -ba postfix.spec
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.ZgMFpv
+ umask 022
+ cd /root/rpmbuild/BUILD
+ umask 022
+ '[' 0 '!=' 0 ']'
+++ rpm --eval /root/rpmbuild/SOURCES
++ sh /root/rpmbuild/SOURCES/postfix-get-distribution
+ distribution=fedora-10.0
+ '[' fedora-10.0 '!=' fedora-10.0 ']'
+ cd /root/rpmbuild/BUILD
+ rm -rf postfix-2.4.5
+ /usr/bin/gzip -dc /root/rpmbuild/SOURCES/postfix-2.4.5.tar.gz
+ /bin/tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd postfix-2.4.5
+ /bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ echo 'Patch #3 (postfix-files.patch):'
Patch #3 (postfix-files.patch):
+ /bin/cat /root/rpmbuild/SOURCES/postfix-files.patch
+ /usr/bin/patch -s -p1 -b --suffix .alternatives --fuzz=0
1 out of 2 hunks FAILED -- saving rejects to file conf/postfix-files.rej
error: Bad exit status from /var/tmp/rpm-tmp.ZgMFpv (%prep)


RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.ZgMFpv (%prep)

Fedora10 RPM build from src fails.

[James A R Brown]

Hi,

Hopefully someone can point me in the right direction to resolving the
following attempted RPM build on Fedora10 X86_64.

I have tried this now on 2 F10 machines.

I also revisited Postfix 2.4.5 src which used to build on F7 ok, but
this package will also not build on F10 as won't 2.5.6

Thanks

James

Src used : 
http://ftp.wl0.org/official/2.5/SRPMS/postfix-2.5.6-1.src.rpm


Error is
---
[r...@www SOURCES]# sh make-postfix.spec

Creating Postfix spec file: /root/rpmbuild/SPECS/postfix.spec
  Checking rpm database for distribution information...
  - if the script gets stuck here:
check and remove /var/lib/rpm/__db.00? files
  Distribution is: fedora-release-10-1.noarch (fedora-10.0)

  enabling LDAP support in spec file by default (disable with
POSTFIX_LDAP=0)
  enabling PCRE support in spec file
  enabling MySQL support (RedHat mysql* packages) in spec file
  enabling Dovecot SASL support in spec file
  enabling TLS support in spec file by default (disable with
POSTFIX_TLS=0)

[r...@www SPECS]# rpmbuild -ba postfix.spec
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.ZgMFpv
+ umask 022
+ cd /root/rpmbuild/BUILD
+ umask 022
+ '[' 0 '!=' 0 ']'
+++ rpm --eval /root/rpmbuild/SOURCES
++ sh /root/rpmbuild/SOURCES/postfix-get-distribution
+ distribution=fedora-10.0
+ '[' fedora-10.0 '!=' fedora-10.0 ']'
+ cd /root/rpmbuild/BUILD
+ rm -rf postfix-2.4.5
+ /usr/bin/gzip -dc /root/rpmbuild/SOURCES/postfix-2.4.5.tar.gz
+ /bin/tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd postfix-2.4.5
+ /bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ echo 'Patch #3 (postfix-files.patch):'
Patch #3 (postfix-files.patch):
+ /bin/cat /root/rpmbuild/SOURCES/postfix-files.patch
+ /usr/bin/patch -s -p1 -b --suffix .alternatives --fuzz=0
1 out of 2 hunks FAILED -- saving rejects to file conf/postfix-files.rej
error: Bad exit status from /var/tmp/rpm-tmp.ZgMFpv (%prep)


RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.ZgMFpv (%prep)

Re: Fedora10 RPM build from src fails.

[Alan Munday]

James A R Brown wrote the following on 23/03/09 14:38:
> Hi,
> 
> Hopefully someone can point me in the right direction to resolving the
> following attempted RPM build on Fedora10 X86_64.
> 
> I have tried this now on 2 F10 machines.
> 
> I also revisited Postfix 2.4.5 src which used to build on F7 ok, but
> this package will also not build on F10 as won't 2.5.6
> 
> Thanks
> 
> James
> 
> Src used : 
> http://ftp.wl0.org/official/2.5/SRPMS/postfix-2.5.6-1.src.rpm
> 



James

I'm seeing the same problem with Simon's sources. He is aware of this as
I've been in contact with him about this for a little while.

The cause looks like it is due to the change of the default location for
the build tree in Fedora 10. In previous versions it has been under
/usr/src/readhat/ while it now appears to be under ~/

Alan

Re: header_checks for a specific client or sender

[Martin Strand]

On Mon, 23 Mar 2009 15:28:03 +0100, Terry Carmen  wrote:

> Martin Strand wrote:
>> Is it possible to make a header_checks rule apply only to a certain client?
>>
>> I've got an annoying piece of software which sends messages through Postfix.
>> This software insists on including a "Sender" header that I wish to filter 
>> out with Postfix, but only for this certain client (or the envelope sender, 
>> which is always the same)
>> Unfortunately, fixing the software is not an option :(
>> Any tips?
>>
>
> If you want to change the sender's email address for the message, you
> can use
>
> smtp_generic_maps = hash:/etc/postfix/generic
>
> In main.cf
>
> and add the address translation to
>
> /etc/postfix/generic
>
> (don't forget to postmap and reload config)
>
> If you really want to not deliver it, you can add:
>
> badsen...@yourdomain.tlderror:mail from badsender is not deliverable
>
> to your transport table.
>
> Terry
>
> Terry

No, it's only the "Sender" *header* that's causing problems, not the actual 
envelope sender.
I added an IGNORE line to filter out all Sender headers, but I would prefer to 
only apply that filter to this specific client.
After reading the header_checks documentation several times I still can't find 
a way to do this so I'll live with the current workaround for now.
Thanks anyway!

Re: header_checks for a specific client or sender

[Noel Jones]

Martin Strand wrote:

On Mon, 23 Mar 2009 15:28:03 +0100, Terry Carmen  wrote:


Martin Strand wrote:

Is it possible to make a header_checks rule apply only to a certain client?

I've got an annoying piece of software which sends messages through Postfix.
This software insists on including a "Sender" header that I wish to filter out 
with Postfix, but only for this certain client (or the envelope sender, which is always 
the same)
Unfortunately, fixing the software is not an option :(
Any tips?


If you want to change the sender's email address for the message, you
can use

smtp_generic_maps = hash:/etc/postfix/generic

In main.cf

and add the address translation to

/etc/postfix/generic

(don't forget to postmap and reload config)

If you really want to not deliver it, you can add:

badsen...@yourdomain.tlderror:mail from badsender is not deliverable

to your transport table.

Terry

Terry


No, it's only the "Sender" *header* that's causing problems, not the actual 
envelope sender.
I added an IGNORE line to filter out all Sender headers, but I would prefer to 
only apply that filter to this specific client.
After reading the header_checks documentation several times I still can't find 
a way to do this so I'll live with the current workaround for now.
Thanks anyway!


Header_checks apply to all clients.  If the Sender header is a 
specific value, you can just IGNORE that specific header; you 
don't need to remove all Sender headers.


It is possible to have postfix listen on a different IP:port 
with a different set of header_checks, see the archives for 
examples.  Have the problem client submit mail to the 
alternate IP:port with a custom header_checks file, or use 
firewall rules to redirect the problem client to the alternate 
IP:port if you can't change the client.


  -- Noel Jones

Re: can't relay even for mynetworks

[Noel Jones]

Madeleine Birkemose wrote:

I have a very simple problem. I have a small /28 network and I want my
postfix host (mose.fekiworld.dk, 87.48.217.12) to relay ALL mail for
all my other machines in this network. However, even if I set
mynetworks right, and I still get 554-rejections like this (from
mail.log):

Mar 21 17:25:50 mose postfix/smtpd[14019]: NOQUEUE: reject: RCPT from
ippenutt.fekiworld.dk[87.48.217.3]: 554 5.7.1 :
Relay access denied; from=
to= proto=SMTP helo=

How is this possible?


The error suggests the client is not listed in mynetworks.



mose.fekiworld.dk has ip 87.48.217.12.

Names has been changed to protect the innocent.

This was so simple with qmail.


Any new system requires a learning curve.  In this case, the 
curve isn't too steep and well worth the effort.




-- Madeleine



My postconf -n looks like this:

mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128


This shows the setting in main.cf, ie. what postfix will use. 
 The client IP from the log snippet is not included here.




postconf -d | grep -i mynetwork looks like this:

mynetworks = 127.0.0.0/8 87.48.217.0/28


postconf -d shows compiled-in defaults, which are overridden 
by settings in main.cf.  In particular, postconf -d does NOT 
show what settings postfix will use.


To fix the problem, change the setting of mynetworks in your 
main.cf to include the networks authorized to relay.  Maybe 
all you need to do is remove the explicit setting and let 
postfix use the default... can't get easier than that.


  -- Noel Jones

Re: Fedora10 RPM build from src fails.

[James A R Brown]

Hi Alan,

Have you managed a temporary workaround to build the rpm?

ie there a way of changing the build root directory which is indexed I
guess by
rpm --eval '%{_sourcedir}'

Or is this hard compiled into the RPM program?

If what you are saying is the case, bit concerned how to get the mail
server back up as it needs a custom compiled version inc Mysql and
dovecot.

Guess I could start looking and a source source build. Ack!

James



On Mon, 2009-03-23 at 14:54 +, Alan Munday wrote:
> James A R Brown wrote the following on 23/03/09 14:38:
> > Hi,
> > 
> > Hopefully someone can point me in the right direction to resolving the
> > following attempted RPM build on Fedora10 X86_64.
> > 
> > I have tried this now on 2 F10 machines.
> > 
> > I also revisited Postfix 2.4.5 src which used to build on F7 ok, but
> > this package will also not build on F10 as won't 2.5.6
> > 
> > Thanks
> > 
> > James
> > 
> > Src used : 
> > http://ftp.wl0.org/official/2.5/SRPMS/postfix-2.5.6-1.src.rpm
> > 
> 
> 
> 
> James
> 
> I'm seeing the same problem with Simon's sources. He is aware of this as
> I've been in contact with him about this for a little while.
> 
> The cause looks like it is due to the change of the default location for
> the build tree in Fedora 10. In previous versions it has been under
> /usr/src/readhat/ while it now appears to be under ~/
> 
> Alan

Re: header_checks for a specific client or sender

[Terry Carmen]

Martin Strand wrote:

On Mon, 23 Mar 2009 15:28:03 +0100, Terry Carmen  wrote:

  

Martin Strand wrote:


Is it possible to make a header_checks rule apply only to a certain client?

I've got an annoying piece of software which sends messages through Postfix.
This software insists on including a "Sender" header that I wish to filter out 
with Postfix, but only for this certain client (or the envelope sender, which is always 
the same)
Unfortunately, fixing the software is not an option :(
Any tips?

  

If you want to change the sender's email address for the message, you
can use

smtp_generic_maps = hash:/etc/postfix/generic

In main.cf

and add the address translation to

/etc/postfix/generic

(don't forget to postmap and reload config)

If you really want to not deliver it, you can add:

badsen...@yourdomain.tlderror:mail from badsender is not deliverable

to your transport table.

Terry

Terry



No, it's only the "Sender" *header* that's causing problems, not the actual 
envelope sender.
I added an IGNORE line to filter out all Sender headers, but I would prefer to 
only apply that filter to this specific client.
After reading the header_checks documentation several times I still can't find 
a way to do this so I'll live with the current workaround for now.
Thanks anyway!
  

Can you post the bad header?

Terry

Re: Fedora10 RPM build from src fails.

[Terry Carmen]

James A R Brown wrote:

Hi Alan,

Have you managed a temporary workaround to build the rpm?

ie there a way of changing the build root directory which is indexed I
guess by
rpm --eval '%{_sourcedir}'

Or is this hard compiled into the RPM program?

If what you are saying is the case, bit concerned how to get the mail
server back up as it needs a custom compiled version inc Mysql and
dovecot.

Guess I could start looking and a source source build. Ack!
  

I always build from the official postfix sources.

Unless you have a lot of non-standard options you need to enable, it's 
usually a really quick and simple build, and has been much easier to 
maintain than the packaged builds.


Terry

Re: can't relay even for mynetworks

[Wietse Venema]

Madeleine Birkemose:
> Mar 21 17:25:50 mose postfix/smtpd[14019]: NOQUEUE: reject: RCPT from
> ippenutt.fekiworld.dk[87.48.217.3]: 554 5.7.1 :
> Relay access denied; from=
> to= proto=SMTP helo=
...
> mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128

87.48.217.3 does not match the mynetworks setting. Deleting
the broken mynetworks line from main.cf usually does the trick.

Wietse

Re: Postfix and virtual users with additional_condition

[Victor Duchovni]

On Mon, Mar 23, 2009 at 03:26:36PM +0100, Sebastian Chociwski wrote:

> > Identity mappings (fixedu...@example.com -> fixedu...@example.com) are
> > not terribly useful unless you also have a catch-all address. Why do you
> > have these at all?
>
> Becouse I thought it is responsible for delivering mails. It's my first
> postfix working with 
> any DB and after some problems with makeing it work I didn't catch what I
> dmade wrong.
> _email2email on my system is useless.

Get rid of this mapping.

> I guess when I use second DB
> virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf,
>   proxy:mysql:/etc/postfix/mysql-virtual_SECOND_mailboxes.cf
>
> it won't be a problem ? Does it matter which is first ?

Just get rid of the useless identity email2email mappings.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Separating relay control from other checks

[Victor Duchovni]

On Mon, Mar 23, 2009 at 10:16:45AM +0100, Rocco Scappatura wrote:

> A further question: "How I say to postfix to use
> 'smtpd_rcpt_restriction_classes' and where it will be evaluated?"

You can't. This is a hypothetical feature. It has not yet been (and may
never be) implemented.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

RE: Separating relay control from other checks

[Rocco Scappatura]

> > A further question: "How I say to postfix to use
> > 'smtpd_rcpt_restriction_classes' and where it will be evaluated?"
> 
> You can't. This is a hypothetical feature. It has not yet been (and
may
> never be) implemented.

:-(

What a shame! I think that it could be very nice..

rocsca

Re: Separating relay control from other checks

[Victor Duchovni]

On Mon, Mar 23, 2009 at 05:10:49PM +0100, Rocco Scappatura wrote:

> > > A further question: "How I say to postfix to use
> > > 'smtpd_rcpt_restriction_classes' and where it will be evaluated?"
> > 
> > You can't. This is a hypothetical feature. It has not yet been (and
> may
> > never be) implemented.
> 
> :-(
> 
> What a shame! I think that it could be very nice..

Well, I thought it would be a cool idea too, but it is not clear that
this is the right next step in the evolution of the Postfix restriction
framework.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

RE: Separating relay control from other checks

[Rocco Scappatura]

Viktor,
 
> > > > A further question: "How I say to postfix to use
> > > > 'smtpd_rcpt_restriction_classes' and where it will be
evaluated?"
> > >
> > > You can't. This is a hypothetical feature. It has not yet been
(and
> > may
> > > never be) implemented.
> >
> > :-(
> >
> > What a shame! I think that it could be very nice..
> 
> Well, I thought it would be a cool idea too, but it is not clear that
> this is the right next step in the evolution of the Postfix
restriction
> framework.

Thanks,

BTW, is still Morgan Stanley looking for a Senior Unix system/email
administrator? 

:-)

Let me know..

rocsca

Re: Fedora10 RPM build from src fails.

[James A R Brown]

Hi Alan,

Looks like its not the paths.

I edited /usr/lib/rpm/macros :-

#Path to top of build area.
#%_topdir   %(echo $HOME)/rpmbuild
%_topdir/usr/src/redhat

Then I tried again from fresh.

You can see below same error, but new path is being used.

James

[r...@jblaptop SPECS]# rpmbuild -bb postfix.spec
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.GAhWtR
+ umask 022
+ cd /usr/src/redhat/BUILD
+ umask 022
+ '[' 0 '!=' 0 ']'
+++ rpm --eval /usr/src/redhat/SOURCES
++ sh /usr/src/redhat/SOURCES/postfix-get-distribution
+ distribution=fedora-10.0
+ '[' fedora-10.0 '!=' fedora-10.0 ']'
+ cd /usr/src/redhat/BUILD
+ rm -rf postfix-2.5.6
+ /usr/bin/gzip -dc /usr/src/redhat/SOURCES/postfix-2.5.6.tar.gz
+ /bin/tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd postfix-2.5.6
+ /bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ echo 'Patch #3 (postfix-files.patch):'
Patch #3 (postfix-files.patch):
+ /bin/cat /usr/src/redhat/SOURCES/postfix-files.patch
+ /usr/bin/patch -s -p1 -b --suffix .alternatives --fuzz=0
1 out of 2 hunks FAILED -- saving rejects to file conf/postfix-files.rej
error: Bad exit status from /var/tmp/rpm-tmp.GAhWtR (%prep)


RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.GAhWtR (%prep)





> James
> 
> I'm seeing the same problem with Simon's sources. He is aware of this as
> I've been in contact with him about this for a little while.
> 
> The cause looks like it is due to the change of the default location for
> the build tree in Fedora 10. In previous versions it has been under
> /usr/src/readhat/ while it now appears to be under ~/
> 
> Alan

Re: Fedora10 RPM build from src fails.

[Roderick A. Anderson]

James A R Brown wrote:

Hi Alan,

Looks like its not the paths.

I edited /usr/lib/rpm/macros :-

#Path to top of build area.
#%_topdir   %(echo $HOME)/rpmbuild
%_topdir/usr/src/redhat

Then I tried again from fresh.

You can see below same error, but new path is being used.

James

[r...@jblaptop SPECS]# rpmbuild -bb postfix.spec
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.GAhWtR
+ umask 022
+ cd /usr/src/redhat/BUILD
+ umask 022
+ '[' 0 '!=' 0 ']'
+++ rpm --eval /usr/src/redhat/SOURCES
++ sh /usr/src/redhat/SOURCES/postfix-get-distribution
+ distribution=fedora-10.0
+ '[' fedora-10.0 '!=' fedora-10.0 ']'
+ cd /usr/src/redhat/BUILD
+ rm -rf postfix-2.5.6
+ /usr/bin/gzip -dc /usr/src/redhat/SOURCES/postfix-2.5.6.tar.gz
+ /bin/tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd postfix-2.5.6
+ /bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ echo 'Patch #3 (postfix-files.patch):'
Patch #3 (postfix-files.patch):
+ /bin/cat /usr/src/redhat/SOURCES/postfix-files.patch
+ /usr/bin/patch -s -p1 -b --suffix .alternatives --fuzz=0
1 out of 2 hunks FAILED -- saving rejects to file conf/postfix-files.rej


Try looking in conf/postfix-files.rej to find out why the patch is failing.

Then maybe look in look in the file 
/usr/src/redhat/SOURCES/postfix-files.patch.


I don't have a build system available right now (and I run CentOS 5.x 
systems) but it could be a bleeding-edge-Fedora problem.



\\||/
Rod
--

error: Bad exit status from /var/tmp/rpm-tmp.GAhWtR (%prep)


RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.GAhWtR (%prep)






James

I'm seeing the same problem with Simon's sources. He is aware of this as
I've been in contact with him about this for a little while.

The cause looks like it is due to the change of the default location for
the build tree in Fedora 10. In previous versions it has been under
/usr/src/readhat/ while it now appears to be under ~/

Alan

Sender Notification of Defered messages

[Christopher Fisk]

I can't seem to create a proper google search to help me find what I'm 
looking for, I'm hoping someone here can point me to the configuration 
option.


I want to send a notification to our users if an email hasn't been sent 
for 4 hours after they hit the send button.  Right now the user gets a 
bounce message after 4 days, but they want to be kept up to date on the 
status of the message, in instances where their email isn't getting there, 
waiting 4 days for the bounce is too much.



What's the configuration option I should look at to make sure the user 
gets the notification instead of postmaster?




Thanks!


Christopher Fisk
--
Stewie Griffin:  Oh, I must give you my e-mail address. It's loismustdie, 
all one word, at yahoo dot com.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Mail drop

[Brandon Hilkert]

Does postfix have the ability to send out emails placed in a specific folder 
through the file system, or does it require a sendmail-style command to get the 
sending invoked?

If so, what folder will do this?

Re: Mail drop

[Victor Duchovni]

On Mon, Mar 23, 2009 at 01:09:12PM -0400, Brandon Hilkert wrote:

> Does postfix have the ability to send out emails placed in a specific
> folder through the file system, or does it require a sendmail-style
> command to get the sending invoked?
> 
> If so, what folder will do this?

http://www.postfix.org/OVERVIEW.html#receiving

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Sender Notification of Defered messages

[lst_hoe02]

Zitat von Christopher Fisk :

I can't seem to create a proper google search to help me find what  
I'm looking for, I'm hoping someone here can point me to the  
configuration option.


I want to send a notification to our users if an email hasn't been  
sent for 4 hours after they hit the send button.  Right now the user  
gets a bounce message after 4 days, but they want to be kept up to  
date on the status of the message, in instances where their email  
isn't getting there, waiting 4 days for the bounce is too much.


http://www.postfix.org/postconf.5.html#delay_warning_time

Regards

Andreas

Re: Fedora10 RPM build from src fails.

[James A R Brown]

Rod, This is the reject file. Think I will look at the possibility of
tweaking the postfix-files.patch as clearly the patch is finding a
difference it is not expecting.

I think you are right... its something to do with Fedora, but patching a
file should not really change.

/usr/src/redhat/BUILD/postfix-2.5.6/conf/postfix-files.rej

***
*** 141,149 
  $manpage_directory/man1/postmap.1:f:root:-:644
  $manpage_directory/man1/postqueue.1:f:root:-:644
  $manpage_directory/man1/postsuper.1:f:root:-:644
- $manpage_directory/man1/sendmail.1:f:root:-:644
  $manpage_directory/man5/access.5:f:root:-:644
- $manpage_directory/man5/aliases.5:f:root:-:644
  $manpage_directory/man5/body_checks.5:f:root:-:644
  $manpage_directory/man5/canonical.5:f:root:-:644
  $manpage_directory/man5/cidr_table.5:f:root:-:644
--- 141,149 
  $manpage_directory/man1/postmap.1:f:root:-:644
  $manpage_directory/man1/postqueue.1:f:root:-:644
  $manpage_directory/man1/postsuper.1:f:root:-:644
+ $manpage_directory/man1/sendmail.postfix.1:f:root:-:644
  $manpage_directory/man5/access.5:f:root:-:644
+ $manpage_directory/man5/aliases.postfix.5:f:root:-:644
  $manpage_directory/man5/body_checks.5:f:root:-:644
  $manpage_directory/man5/canonical.5:f:root:-:644
  $manpage_directory/man5/cidr_table.5:f:root:-:644


On Mon, 2009-03-23 at 10:01 -0700, Roderick A. Anderson wrote:
> James A R Brown wrote:
> > Hi Alan,
> > 
> > Looks like its not the paths.
> > 
> > I edited /usr/lib/rpm/macros :-
> > 
> > #Path to top of build area.
> > #%_topdir   %(echo $HOME)/rpmbuild
> > %_topdir/usr/src/redhat
> > 
> > Then I tried again from fresh.
> > 
> > You can see below same error, but new path is being used.
> > 
> > James
> > 
> > [r...@jblaptop SPECS]# rpmbuild -bb postfix.spec
> > Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.GAhWtR
> > + umask 022
> > + cd /usr/src/redhat/BUILD
> > + umask 022
> > + '[' 0 '!=' 0 ']'
> > +++ rpm --eval /usr/src/redhat/SOURCES
> > ++ sh /usr/src/redhat/SOURCES/postfix-get-distribution
> > + distribution=fedora-10.0
> > + '[' fedora-10.0 '!=' fedora-10.0 ']'
> > + cd /usr/src/redhat/BUILD
> > + rm -rf postfix-2.5.6
> > + /usr/bin/gzip -dc /usr/src/redhat/SOURCES/postfix-2.5.6.tar.gz
> > + /bin/tar -xf -
> > + STATUS=0
> > + '[' 0 -ne 0 ']'
> > + cd postfix-2.5.6
> > + /bin/chmod -Rf a+rX,u+w,g-w,o-w .
> > + echo 'Patch #3 (postfix-files.patch):'
> > Patch #3 (postfix-files.patch):
> > + /bin/cat /usr/src/redhat/SOURCES/postfix-files.patch
> > + /usr/bin/patch -s -p1 -b --suffix .alternatives --fuzz=0
> > 1 out of 2 hunks FAILED -- saving rejects to file conf/postfix-files.rej
> 
> Try looking in conf/postfix-files.rej to find out why the patch is failing.
> 
> Then maybe look in look in the file 
> /usr/src/redhat/SOURCES/postfix-files.patch.
> 
> I don't have a build system available right now (and I run CentOS 5.x 
> systems) but it could be a bleeding-edge-Fedora problem.
> 
> 
> \\||/
> Rod

Re: Fedora10 RPM build from src fails.

[Melvyn Sopacua]

On Monday 23 March 2009 18:29:40 James A R Brown wrote:
> Rod, This is the reject file. Think I will look at the possibility of
> tweaking the postfix-files.patch as clearly the patch is finding a
> difference it is not expecting.
>
> I think you are right... its something to do with Fedora, but patching a
> file should not really change.
>
> /usr/src/redhat/BUILD/postfix-2.5.6/conf/postfix-files.rej
>
> ***
> *** 141,149 
>   $manpage_directory/man1/postmap.1:f:root:-:644
>   $manpage_directory/man1/postqueue.1:f:root:-:644
>   $manpage_directory/man1/postsuper.1:f:root:-:644
> - $manpage_directory/man1/sendmail.1:f:root:-:644
>   $manpage_directory/man5/access.5:f:root:-:644
> - $manpage_directory/man5/aliases.5:f:root:-:644
>   $manpage_directory/man5/body_checks.5:f:root:-:644
>   $manpage_directory/man5/canonical.5:f:root:-:644
>   $manpage_directory/man5/cidr_table.5:f:root:-:644
> --- 141,149 
>   $manpage_directory/man1/postmap.1:f:root:-:644
>   $manpage_directory/man1/postqueue.1:f:root:-:644
>   $manpage_directory/man1/postsuper.1:f:root:-:644
> + $manpage_directory/man1/sendmail.postfix.1:f:root:-:644
>   $manpage_directory/man5/access.5:f:root:-:644
> + $manpage_directory/man5/aliases.postfix.5:f:root:-:644
>   $manpage_directory/man5/body_checks.5:f:root:-:644
>   $manpage_directory/man5/canonical.5:f:root:-:644
>   $manpage_directory/man5/cidr_table.5:f:root:-:644

This isn't OS specific. The patch in the rpm is wrong, because since a few 
versions there is a bounce(5) manpage at line 148.

As a side-note, a change like this can be much easier implemented and be 
forward compatible, using sed[1] rather then patch, but I'm rpm-liberated so 
do not know whether rpm can run replace commands on sources.

[1] sed -i.bak -e 's/sendmail\.1/sendmail.postfix.1/' -e 
's/aliases.5/aliases.postfix.5/' conf/postfix-files
-- 
Melvyn Sopacua

Re: Fedora10 RPM build from src fails.

[Wietse Venema]

Melvyn Sopacua:
> >   $manpage_directory/man1/postmap.1:f:root:-:644
> >   $manpage_directory/man1/postqueue.1:f:root:-:644
> >   $manpage_directory/man1/postsuper.1:f:root:-:644
> > + $manpage_directory/man1/sendmail.postfix.1:f:root:-:644
> >   $manpage_directory/man5/access.5:f:root:-:644
> > + $manpage_directory/man5/aliases.postfix.5:f:root:-:644
> >   $manpage_directory/man5/body_checks.5:f:root:-:644
> >   $manpage_directory/man5/canonical.5:f:root:-:644
> >   $manpage_directory/man5/cidr_table.5:f:root:-:644
> 
> This isn't OS specific. The patch in the rpm is wrong, because since a few 
> versions there is a bounce(5) manpage at line 148.

Correct. With Postfix 2.3 and later, file conf/postfix-files
has a line with

$manpage_directory/man5/bounce.5:f:root:-:644

between the lines with "body_checks.5" and "canonical.5".  So it
looks like Fedora Core 10 is using an ancient version of their
patchfile.

Wietse

Re: Mail drop

[Brandon Hilkert]

- Original Message - 
From: "Victor Duchovni" 

To: 
Sent: Monday, March 23, 2009 1:12 PM
Subject: Re: Mail drop



On Mon, Mar 23, 2009 at 01:09:12PM -0400, Brandon Hilkert wrote:


Does postfix have the ability to send out emails placed in a specific
folder through the file system, or does it require a sendmail-style
command to get the sending invoked?

If so, what folder will do this?


http://www.postfix.org/OVERVIEW.html#receiving


We have a large text file with contents of the eml message for each person 
in a list. If I find a way to parse each email, is there an easy way to 
inject them into the queue, rather than relaying, because as many have said 
and through testing, we have found performance of sending local email to be 
far superior than relaying?




--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly. 

Re: Mail drop

[Victor Duchovni]

On Mon, Mar 23, 2009 at 03:33:01PM -0400, Brandon Hilkert wrote:

> We have a large text file with contents of the eml message for each person 
> in a list. If I find a way to parse each email, is there an easy way to 
> inject them into the queue, rather than relaying, because as many have said 
> and through testing, we have found performance of sending local email to be 
> far superior than relaying?

If many messages are to be sent, SMTP submission (even with a concurrency
of of 1, but you could use ~10 in practice for sending to 127.0.0.1 at
full speed) is faster than local submission. Not sure what you mean by
"relaying".

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Fedora10 RPM build from src fails.

[James A R Brown]

Hi Wietse,

The rpm in question that I was using is this one :-

http://ftp.wl0.org/official/2.5/SRPMS/postfix-2.5.6-1.src.rpm

I have emailed Simon Mudd.

James

On Mon, 2009-03-23 at 15:14 -0400, Wietse Venema wrote:
> Melvyn Sopacua:
> > >   $manpage_directory/man1/postmap.1:f:root:-:644
> > >   $manpage_directory/man1/postqueue.1:f:root:-:644
> > >   $manpage_directory/man1/postsuper.1:f:root:-:644
> > > + $manpage_directory/man1/sendmail.postfix.1:f:root:-:644
> > >   $manpage_directory/man5/access.5:f:root:-:644
> > > + $manpage_directory/man5/aliases.postfix.5:f:root:-:644
> > >   $manpage_directory/man5/body_checks.5:f:root:-:644
> > >   $manpage_directory/man5/canonical.5:f:root:-:644
> > >   $manpage_directory/man5/cidr_table.5:f:root:-:644
> > 
> > This isn't OS specific. The patch in the rpm is wrong, because since a few 
> > versions there is a bounce(5) manpage at line 148.
> 
> Correct. With Postfix 2.3 and later, file conf/postfix-files
> has a line with
> 
> $manpage_directory/man5/bounce.5:f:root:-:644
> 
> between the lines with "body_checks.5" and "canonical.5".  So it
> looks like Fedora Core 10 is using an ancient version of their
> patchfile.
> 
>   Wietse

Re: Mail drop

[Magnus Bäck]

On Monday, March 23, 2009 at 20:33 CET,
 Brandon Hilkert  wrote:

> > http://www.postfix.org/OVERVIEW.html#receiving
> 
> We have a large text file with contents of the eml message for each
> person in a list. If I find a way to parse each email, is there an
> easy way to inject them into the queue, rather than relaying, because
> as many have said and through testing, we have found performance of
> sending local email to be far superior than relaying?

It's not clear what you mean with "relaying" here, but I suppose you
want to insert the message straight into the queue. Don't attempt to
do that. Use either of the published submission interfaces; SMTP and
sendmail(1). You'll get the best performance with multiple concurrent
SMTP clients. mini_sendmail can be used for such SMTP submission.

If you give us more details it'll be easier to give you a good answer.

-- 
Magnus Bäck
mag...@dsek.lth.se

Re: Mail drop

[Wietse Venema]

Brandon Hilkert:
> From: "Victor Duchovni" 
> To: 
> Sent: Monday, March 23, 2009 1:12 PM
> Subject: Re: Mail drop
> 
> 
> > On Mon, Mar 23, 2009 at 01:09:12PM -0400, Brandon Hilkert wrote:
> >
> >> Does postfix have the ability to send out emails placed in a specific
> >> folder through the file system, or does it require a sendmail-style
> >> command to get the sending invoked?
> >>
> >> If so, what folder will do this?
> >
> > http://www.postfix.org/OVERVIEW.html#receiving
> 
> We have a large text file with contents of the eml message for each person 
> in a list. If I find a way to parse each email, is there an easy way to 
> inject them into the queue, rather than relaying, because as many have said 
> and through testing, we have found performance of sending local email to be 
> far superior than relaying?

With submission from a single master file, you would need one reader
that feeds a pool of SMTP clients that send mail into Postfix.

The alternative is to feed the messages into the Postfix sendmail
command, but this loads the disk more than submission via SMTP, and
moreover, delivery of local submissions has negligible parallelism.

Wietse

Re: Mail drop

[Brandon Hilkert]

- Original Message - 
From: "Victor Duchovni" 

To: 
Sent: Monday, March 23, 2009 3:37 PM
Subject: Re: Mail drop



On Mon, Mar 23, 2009 at 03:33:01PM -0400, Brandon Hilkert wrote:

We have a large text file with contents of the eml message for each 
person

in a list. If I find a way to parse each email, is there an easy way to
inject them into the queue, rather than relaying, because as many have 
said
and through testing, we have found performance of sending local email to 
be

far superior than relaying?


If many messages are to be sent, SMTP submission (even with a concurrency
of of 1, but you could use ~10 in practice for sending to 127.0.0.1 at
full speed) is faster than local submission. Not sure what you mean by
"relaying".



Right now we use some .net code to submit mail for delivery on IIS SMTP 
servers running on the local machine. Because of issues that aren't worth 
mention in this conversation, we're looking to other means of delivery. The 
idea of postfix came up. Because the utility that is basically pulling stuff 
from SQL is .NET, we figured we could just "relay" mail to the postfix box, 
which would then send the mail to the internet.


Having mentioned that, I can't find the message, but someone suggested that 
sending mail through postfix rather than developing the message on the local 
machine was much more clostly in terms of time. We do have a need to DKIM 
our messages, and after some benchmarks, we found that the rates for 
relaying mail from one source through postfix, which then sens to the 
internet were poor relative to the rates of using a simple bash script to 
send mail to postfix via "mail" command on the local machine. That 
essentially means we have to adapt our email sender to get the SQL info on 
the Linux machine, which is another project in itself.


So I was wondering how we can inject the emails from the local machine into 
postfix, which from what I was told, will significantly help the send rates.


Having said that, we build a huge text file (~30GB) with about 1 million eml 
messages as its contents. The sender utility then parses out email by email 
and submits it to the IIS SMTP. We're trying to not have to modify the 
sender that much, so I was wondering if I could write a comparable perl 
script to do the same or something like that. So maybe something that I 
could submit a text string to (containing the message and all the headers) 
and have it be submitted to postfix.


thoughts?


--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly. 

Re: Mail drop

[Victor Duchovni]

On Mon, Mar 23, 2009 at 03:58:29PM -0400, Brandon Hilkert wrote:

> Having said that, we build a huge text file (~30GB) with about 1 million 
> eml messages as its contents. The sender utility then parses out email by 
> email and submits it to the IIS SMTP. We're trying to not have to modify 
> the sender that much, so I was wondering if I could write a comparable perl 
> script to do the same or something like that. So maybe something that I 
> could submit a text string to (containing the message and all the headers) 
> and have it be submitted to postfix.

There's your bottle-neck. The 30GB file created and read sequentially.
This is a terrible design, and with this in place nothing you can do
will make the process faster.

The right approach is to store one copy of the message as a template,
use a pool of processes or threads to send messages in parallel, and
to use a database back-end to retrieve users for processing and mark
them done (recording the VERP id for each recipient so you can process
bounces).

If you are filling a bottle through a straw, having a wider bottle
won't help.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Mail drop

[Brandon Hilkert]

- Original Message - 
From: "Victor Duchovni" 

To: 
Sent: Monday, March 23, 2009 4:08 PM
Subject: Re: Mail drop



On Mon, Mar 23, 2009 at 03:58:29PM -0400, Brandon Hilkert wrote:


Having said that, we build a huge text file (~30GB) with about 1 million
eml messages as its contents. The sender utility then parses out email by
email and submits it to the IIS SMTP. We're trying to not have to modify
the sender that much, so I was wondering if I could write a comparable 
perl

script to do the same or something like that. So maybe something that I
could submit a text string to (containing the message and all the 
headers)

and have it be submitted to postfix.


There's your bottle-neck. The 30GB file created and read sequentially.
This is a terrible design, and with this in place nothing you can do
will make the process faster.

The right approach is to store one copy of the message as a template,
use a pool of processes or threads to send messages in parallel, and
to use a database back-end to retrieve users for processing and mark
them done (recording the VERP id for each recipient so you can process
bounces).



I appreciate the insight. Unfortunately the process is what it is. I don't 
have any control over development. My job is to make sure the systems work 
properly. I'm trying to help as asked. The file also contains html to allow 
a user to see the contents in a browser if they choose. Point being, the 
idea of redesigning the system isn't up for debate.




If you are filling a bottle through a straw, having a wider bottle
won't help.

--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly. 

Re: Mail drop

[Victor Duchovni]

On Mon, Mar 23, 2009 at 04:16:06PM -0400, Brandon Hilkert wrote:

>>> Having said that, we build a huge text file (~30GB) with about 1 million
>>> eml messages as its contents. The sender utility then parses out email by
>>> email and submits it to the IIS SMTP. We're trying to not have to modify
>>> the sender that much, so I was wondering if I could write a comparable 
>>> perl script to do the same or something like that. So maybe something that
>>> I could submit a text string to (containing the message and all the 
>>> headers) and have it be submitted to postfix.
>>
>> The right approach is to store one copy of the message as a template,
>> use a pool of processes or threads to send messages in parallel, and
>> to use a database back-end to retrieve users for processing and mark
>> them done (recording the VERP id for each recipient so you can process
>> bounces).
>>
>
> I appreciate the insight. Unfortunately the process is what it is. I don't 
> have any control over development. My job is to make sure the systems work 
> properly. I'm trying to help as asked. The file also contains html to allow 
> a user to see the contents in a browser if they choose. Point being, the 
> idea of redesigning the system isn't up for debate.
>

The application won't run any faster than the code that serially parses
the 30GB file. If this code can use a pool of SMTP sender "threads" and
can parse the file quickly enough, you could try that.

>> If you are filling a bottle through a straw, having a wider bottle
>> won't help.

You need to make submission parallel. Good luck.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Mail drop

[Brandon Hilkert]

- Original Message - 
From: "Victor Duchovni" 

To: 
Sent: Monday, March 23, 2009 4:29 PM
Subject: Re: Mail drop



On Mon, Mar 23, 2009 at 04:16:06PM -0400, Brandon Hilkert wrote:

Having said that, we build a huge text file (~30GB) with about 1 
million
eml messages as its contents. The sender utility then parses out email 
by
email and submits it to the IIS SMTP. We're trying to not have to 
modify

the sender that much, so I was wondering if I could write a comparable
perl script to do the same or something like that. So maybe something 
that

I could submit a text string to (containing the message and all the
headers) and have it be submitted to postfix.


The right approach is to store one copy of the message as a template,
use a pool of processes or threads to send messages in parallel, and
to use a database back-end to retrieve users for processing and mark
them done (recording the VERP id for each recipient so you can process
bounces).



I appreciate the insight. Unfortunately the process is what it is. I 
don't
have any control over development. My job is to make sure the systems 
work
properly. I'm trying to help as asked. The file also contains html to 
allow

a user to see the contents in a browser if they choose. Point being, the
idea of redesigning the system isn't up for debate.



The application won't run any faster than the code that serially parses
the 30GB file. If this code can use a pool of SMTP sender "threads" and
can parse the file quickly enough, you could try that.


The parsing isn't a bottleneck. It currently sends over 6,000/min and we had 
to actually slow it done intentionally because IIS's SMTP server was backing 
up. So I don't think that's an issue. However, if we just relaying the 
message to the posfix machine, the rates will not hold up either based on my 
testing with smtp-source using DKIM, so that's why I'm asking if local 
submission would be any faster?





If you are filling a bottle through a straw, having a wider bottle
won't help.


You need to make submission parallel. Good luck.

--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly. 

Re: Mail drop

[Victor Duchovni]

On Mon, Mar 23, 2009 at 04:32:43PM -0400, Brandon Hilkert wrote:

>> The application won't run any faster than the code that serially parses
>> the 30GB file. If this code can use a pool of SMTP sender "threads" and
>> can parse the file quickly enough, you could try that.
>
> The parsing isn't a bottleneck. It currently sends over 6,000/min and we 
> had to actually slow it done intentionally because IIS's SMTP server was 
> backing up. So I don't think that's an issue. However, if we just relaying 
> the message to the posfix machine,

Postfix can accept mail via SMTP very quickly.

> the rates will not hold up either based 
> on my testing with smtp-source using DKIM,

This is a waste of time unless you can identify the bottle-neck in your
tests. How are you doing DKIM signing? Are you running out of CPU, ...

> so that's why I'm asking if 
> local submission would be any faster?

Not until you find out what's slowing you down. You may need to pay
someone (good) money to figure this out for you. This is an advanced
problem, and few on the list have both the skills and the time to
debug this with you.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Mail drop

[Brandon Hilkert]

- Original Message - 
From: "Victor Duchovni" 

To: 
Sent: Monday, March 23, 2009 4:43 PM
Subject: Re: Mail drop



On Mon, Mar 23, 2009 at 04:32:43PM -0400, Brandon Hilkert wrote:


The application won't run any faster than the code that serially parses
the 30GB file. If this code can use a pool of SMTP sender "threads" and
can parse the file quickly enough, you could try that.


The parsing isn't a bottleneck. It currently sends over 6,000/min and we
had to actually slow it done intentionally because IIS's SMTP server was
backing up. So I don't think that's an issue. However, if we just 
relaying

the message to the posfix machine,


Postfix can accept mail via SMTP very quickly.


I"m not disputing this fact. I used smtp-source with 10 connections.

Without DKIM signing - 14,634 emails/min
With DKIM signing - 4,762 emails/min

I think we would both agree that that's a large discrepancy.






the rates will not hold up either based
on my testing with smtp-source using DKIM,


This is a waste of time unless you can identify the bottle-neck in your
tests. How are you doing DKIM signing? Are you running out of CPU, ...


I'm using DKIM-milter. During the testing, the CPU nevers goes over 3-4%
.



so that's why I'm asking if
local submission would be any faster?


Not until you find out what's slowing you down. You may need to pay
someone (good) money to figure this out for you. This is an advanced
problem, and few on the list have both the skills and the time to
debug this with you.


hahah ok. Thanks for your high level expertise.



--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly. 

Re: Mail drop

[Melvyn Sopacua]

On Monday 23 March 2009 21:16:06 Brandon Hilkert wrote:

> I appreciate the insight. Unfortunately the process is what it is. I don't
> have any control over development. My job is to make sure the systems work
> properly. I'm trying to help as asked. The file also contains html to allow
> a user to see the contents in a browser if they choose. Point being, the
> idea of redesigning the system isn't up for debate.

Then I would suggest the "other side" to consider using software that is made 
for this, like Lyris HQ [1]. And I'm sure their bosses will appreciate the 
perty graphs.
Other points adequately addressed by Victor.

[1] http://www.lyris.com/solutions/lyris-hq/
-- 
Melvyn Sopacua

Re: Mail drop

[Victor Duchovni]

On Mon, Mar 23, 2009 at 04:51:17PM -0400, Brandon Hilkert wrote:

>
> - Original Message - From: "Victor Duchovni" 
> 
> To: 
> Sent: Monday, March 23, 2009 4:43 PM
> Subject: Re: Mail drop
>
>
>> On Mon, Mar 23, 2009 at 04:32:43PM -0400, Brandon Hilkert wrote:
>>
 The application won't run any faster than the code that serially parses
 the 30GB file. If this code can use a pool of SMTP sender "threads" and
 can parse the file quickly enough, you could try that.
>>>
>>> The parsing isn't a bottleneck. It currently sends over 6,000/min and we
>>> had to actually slow it done intentionally because IIS's SMTP server was
>>> backing up. So I don't think that's an issue. However, if we just 
>>> relaying
>>> the message to the posfix machine,
>>
>> Postfix can accept mail via SMTP very quickly.
>
> I"m not disputing this fact. I used smtp-source with 10 connections.
>
> Without DKIM signing - 14,634 emails/min
> With DKIM signing - 4,762 emails/min
>
> I think we would both agree that that's a large discrepancy.

Yes, but these numbers are much better than what you reported originally,
if DKIM consumes all available CPU, find a faster DKIM engine. If DKIM
clobbers the disk capacity, consider placing the working area of the DKIM
process in tmpfs, because neither milters nor SMTP proxies queue mail, so
their need persistent storage.

How are you doing DKIM signing and which resource is consumed, CPU,
disk, memory or network?

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Mail drop

[Brandon Hilkert]

- Original Message - 
From: "Victor Duchovni" 

To: 
Sent: Monday, March 23, 2009 5:15 PM
Subject: Re: Mail drop



On Mon, Mar 23, 2009 at 04:51:17PM -0400, Brandon Hilkert wrote:



- Original Message - From: "Victor Duchovni"

To: 
Sent: Monday, March 23, 2009 4:43 PM
Subject: Re: Mail drop



On Mon, Mar 23, 2009 at 04:32:43PM -0400, Brandon Hilkert wrote:

The application won't run any faster than the code that serially 
parses
the 30GB file. If this code can use a pool of SMTP sender "threads" 
and

can parse the file quickly enough, you could try that.


The parsing isn't a bottleneck. It currently sends over 6,000/min and 
we
had to actually slow it done intentionally because IIS's SMTP server 
was

backing up. So I don't think that's an issue. However, if we just
relaying
the message to the posfix machine,


Postfix can accept mail via SMTP very quickly.


I"m not disputing this fact. I used smtp-source with 10 connections.

Without DKIM signing - 14,634 emails/min
With DKIM signing - 4,762 emails/min

I think we would both agree that that's a large discrepancy.


Yes, but these numbers are much better than what you reported originally,


Very true. I realized my script that I was using to send may have not been 
able to send at the speed of what postfix could receive. Also, being single 
threaded, I was only seeing a small proportion. After having found the 
smtp-source/smtp-sink utilities, I saw much better performance that everyone 
had mentioned.



if DKIM consumes all available CPU, find a faster DKIM engine. If DKIM
clobbers the disk capacity, consider placing the working area of the DKIM
process in tmpfs, because neither milters nor SMTP proxies queue mail, so
their need persistent storage.

How are you doing DKIM signing and which resource is consumed, CPU,
disk, memory or network?


I'm using dk-milter and dkim-milter and it's doing it through CPU I think. 
Showing atop during the processing, I see a percent or two of CPU during the 
transmission, and that's about it. The disk will show up to 20% busy, but 
nothing out of the ordinary. Am I missing something?




--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly. 

Re: Mail drop

[Wietse Venema]

Brandon Hilkert:
> I"m not disputing this fact. I used smtp-source with 10 connections.
> 
> Without DKIM signing - 14,634 emails/min
> With DKIM signing - 4,762 emails/min
> 
> I think we would both agree that that's a large discrepancy.

Yes. 

> I'm using DKIM-milter. During the testing, the CPU nevers goes over 3-4%

3-4% of how many CPUs?

dkim-milter is one program that you are asking to sign lots of
messages in parallel. To implement parallelism, dkim-milter uses
mutiple threads in one process. To keep the threads from tripping
over each other, dkim-milter uses locks. With a bit of bad luck,
your DKIM requests are blocking each other.

Wietse

Re: Mail drop

[Victor Duchovni]

On Mon, Mar 23, 2009 at 05:34:42PM -0400, Brandon Hilkert wrote:

>> if DKIM consumes all available CPU, find a faster DKIM engine. If DKIM
>> clobbers the disk capacity, consider placing the working area of the DKIM
>> process in tmpfs, because neither milters nor SMTP proxies queue mail, so
>> their need persistent storage.
>>
>> How are you doing DKIM signing and which resource is consumed, CPU,
>> disk, memory or network?
>
> I'm using dk-milter and dkim-milter and it's doing it through CPU I think. 

Don't speculate. Measure. Is the CPU saturated or not?

> Showing atop during the processing, I see a percent or two of CPU during 
> the transmission, and that's about it. The disk will show up to 20% busy, 
> but nothing out of the ordinary. Am I missing something?

If so, perhaps the DKIM milter is writing the content to disk for signing,
and may be causing high disk latency. You have to tune the milter configuration
for high throughput. The RSA signature algorithm is expensive, but not that 
expensive.
Using a single Xeon CPU:

$ openssl speed rsa1024
Doing 1024 bit private rsa's for 10s: 10230 1024 bit private RSA's in 10.00s
Doing 1024 bit public rsa's for 10s: 181020 1024 bit public RSA's in 10.00s
OpenSSL 0.9.8i 15 Sep 2008
built on: Wed Jan  7 16:41:43 EST 2009
options:bn(64,64) md2(int) rc4(8x,char) des(idx,cisc,16,int) aes(partial) 
blowfish(ptr2)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT 
-DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int 
-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
  signverifysign/s verify/s
rsa 1024 bits 0.000978s 0.55s   1023.0  18102.0

With < 100 msgs/sec RSA is not your bottleneck, and not much else in
the milter should be CPU-intensive. So it is disk I/O or poor concurrency.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Mail drop

[Brandon Hilkert]

- Original Message - 
From: "Wietse Venema" 

To: "Postfix users" 
Sent: Monday, March 23, 2009 5:39 PM
Subject: Re: Mail drop



Brandon Hilkert:

I"m not disputing this fact. I used smtp-source with 10 connections.

Without DKIM signing - 14,634 emails/min
With DKIM signing - 4,762 emails/min

I think we would both agree that that's a large discrepancy.


Yes. 


I'm using DKIM-milter. During the testing, the CPU nevers goes over 3-4%


3-4% of how many CPUs?


It's a Intel Xeon Quad core.



dkim-milter is one program that you are asking to sign lots of
messages in parallel. To implement parallelism, dkim-milter uses
mutiple threads in one process. To keep the threads from tripping
over each other, dkim-milter uses locks. With a bit of bad luck,
your DKIM requests are blocking each other.


Is there nothing I can do to either improve or prevent this?



Wietse

Re: Mail drop

[Victor Duchovni]

On Mon, Mar 23, 2009 at 05:54:07PM -0400, Brandon Hilkert wrote:

>> dkim-milter is one program that you are asking to sign lots of
>> messages in parallel. To implement parallelism, dkim-milter uses
>> mutiple threads in one process. To keep the threads from tripping
>> over each other, dkim-milter uses locks. With a bit of bad luck,
>> your DKIM requests are blocking each other.
>
> Is there nothing I can do to either improve or prevent this?

MEASURE! Find out what is slowing it down. When you know what that
is, ask the question again.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Mail drop

[Brandon Hilkert]

- Original Message - 
From: "Victor Duchovni" 

To: 
Sent: Monday, March 23, 2009 5:57 PM
Subject: Re: Mail drop



On Mon, Mar 23, 2009 at 05:54:07PM -0400, Brandon Hilkert wrote:


dkim-milter is one program that you are asking to sign lots of
messages in parallel. To implement parallelism, dkim-milter uses
mutiple threads in one process. To keep the threads from tripping
over each other, dkim-milter uses locks. With a bit of bad luck,
your DKIM requests are blocking each other.


Is there nothing I can do to either improve or prevent this?


MEASURE! Find out what is slowing it down. When you know what that
is, ask the question again.


What are the best tools to get a feel for hardware performance and 
utilitization? Top, atop, vmstat ?


As you can probably tell, I don't have much experience working with Linux. 
If you feel like this is a question not worth the time, then don't feel like 
you have to respond.




--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly. 

Special Characters in Address

[Mischa Gresser]

Hello all,
I'm having an issue that I believe is coming from Postfix. I am sending mail
to an address which contains special characters. Those characters aid me in
routing the mail but unfortunately it seems to be rejected before being
relayed. The format is as follows, a block of text followed by an "="
followed by more text and a number, followed by a "|" and then numbers @ the
domain.com ie: "text=option1|123456...@address.com".
When sending from Gmail for instance I get the following error:

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient
domain. We recommend contacting the other email provider for further
information about the cause of this error. The error that the other server
returned was: 501 501 5.1.3 Bad recipient address syntax (state 14).

Also, I am seeing the following error in Postfix:

*'501 5.1.3 Bad recipient address syntax'   *

Any suggestions or assistance would be greatly appreciated.
Thanks

Re: Special Characters in Address

[Evan Platt]

At 03:54 PM 3/23/2009, you wrote:

Hello all,
I'm having an issue that I believe is coming from Postfix. I am 
sending mail to an address which contains special characters. Those 
characters aid me in routing the mail but unfortunately it seems to 
be rejected before being relayed. The format is as follows, a block 
of text followed by an "=" followed by more text and a number, 
followed by a "|" and then numbers @ the 
domain.com ie: 
"text=option1|123456...@address.com".

When sending from Gmail for instance I get the following error:

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the 
recipient domain. We recommend contacting the other email provider 
for further information about the cause of this error. The error 
that the other server returned was: 501 501 5.1.3 Bad recipient 
address syntax (state 14).


Also, I am seeing the following error in Postfix:

'501 5.1.3 Bad recipient address syntax'

Any suggestions or assistance would be greatly appreciated.
Thanks



I'm certainly no Postfix expert, pretty straightforward install... 
but I tried setting up an account, and it worked fine - So, likely 
anyone who can help you will need / want

postconf -n
entries from mail log showing the reject

Not sure what else... But here's my mail log showing the mail accepted.

Mar 23 16:01:03 www postfix/qmgr[11482]: 3FE281DA4E8: 
from=, size=2313, nrcpt=1 (queue active)
Mar 23 16:01:03 www postfix/local[13208]: 3FE281DA4E8: 
to=, 
orig_to=, relay=local, 
delay=0, status=sent (delivered to mailbox)

Mar 23 16:01:03 www postfix/qmgr[11482]: 3FE281DA4E8: removed


I use one main mailbox and /etc/postfix/aliases ...

Evan 

Re: Special Characters in Address

[Mischa Gresser]

Thanks for the quick reply. Sure thing on the logs.

20090320 22:42:55 38236   49A2055900086768 QUEUE
From=>
Size=1203 Relay=192.168.xxx.xxx

20090320 22:42:55 38237   49A2055900086768 QUEUE Recipient=>

20090320 22:42:55 38238   49A2055900086768 QUEUE Message-ID=<
11b8df6cb941d111a6810060972ce19102406...@xxx.pvt<11b8df6cb941d111a6810060972ce19102406...@ivmsxgate.crc.pvt>>


20090320 22:42:55 38239   49A2055900086768 QUEUE Subject=Mb >
0x52cfd3c0 0x1b9160 2009.3.20 22 42 54 < Mb

*20090320 22:42:56 38241   49A2055900086768 SMTP opened connection
to '192.168.xx.xx' IP 192.168.xx.xx *

*20090320 22:42:56 38242   49A2055900086768 SMTP RCPT TO > got reply '501 5.1.3 Bad
recipient address syntax'   *

20090320 22:42:57 38243   49A2055900086768 DSN
To=>


20090320 22:42:57 38244   49A2055900086768 DSN
RemoteMTA=192.168.xx.xx

20090320 22:42:57 38245   49A2055900086768 DSN Subject=Mb >
0x52cfd3c0 0x1b9160 2009.3.20 22 42 54 < Mb

20090320 22:42:57 38246   49A2055900086768 DSN Relay=192.168.xx.xx

20090320 22:42:57 38247   49A2055900086768 DSN For=> Action=Failed Status=5.5.0
(other or undefined protocol status) Diagnostic 501 5.1.3 Bad recipient
address syntax


On Mon, Mar 23, 2009 at 7:04 PM, Evan Platt  wrote:

> At 03:54 PM 3/23/2009, you wrote:
>
>> Hello all,
>> I'm having an issue that I believe is coming from Postfix. I am sending
>> mail to an address which contains special characters. Those characters aid
>> me in routing the mail but unfortunately it seems to be rejected before
>> being relayed. The format is as follows, a block of text followed by an "="
>> followed by more text and a number, followed by a "|" and then numbers @ the
>> domain.com ie: "text=option1|> 123456...@address.com>123456...@address.com".
>> When sending from Gmail for instance I get the following error:
>>
>> Technical details of permanent failure:
>> Google tried to deliver your message, but it was rejected by the recipient
>> domain. We recommend contacting the other email provider for further
>> information about the cause of this error. The error that the other server
>> returned was: 501 501 5.1.3 Bad recipient address syntax (state 14).
>>
>> Also, I am seeing the following error in Postfix:
>>
>> '501 5.1.3 Bad recipient address syntax'
>>
>> Any suggestions or assistance would be greatly appreciated.
>> Thanks
>>
>
>
> I'm certainly no Postfix expert, pretty straightforward install... but I
> tried setting up an account, and it worked fine - So, likely anyone who can
> help you will need / want
> postconf -n
> entries from mail log showing the reject
>
> Not sure what else... But here's my mail log showing the mail accepted.
>
> Mar 23 16:01:03 www postfix/qmgr[11482]: 3FE281DA4E8: from=<
> m...@anotherdomain.com>, size=2313, nrcpt=1 (queue active)
> Mar 23 16:01:03 www postfix/local[13208]: 3FE281DA4E8: to=,
> orig_to=, relay=local, delay=0,
> status=sent (delivered to mailbox)
> Mar 23 16:01:03 www postfix/qmgr[11482]: 3FE281DA4E8: removed
>
>
> I use one main mailbox and /etc/postfix/aliases ...
>
> Evan
>

Re: Special Characters in Address

[Aaron Wolfe]

On Mon, Mar 23, 2009 at 7:11 PM, Mischa Gresser  wrote:
> Thanks for the quick reply. Sure thing on the logs.
>
> 20090320 22:42:55 38236   49A2055900086768 QUEUE
> From= Size=1203 Relay=192.168.xxx.xxx
>
> 20090320 22:42:55 38237   49A2055900086768 QUEUE
> Recipient=
>
> 20090320 22:42:55 38238   49A2055900086768 QUEUE
> Message-ID=<11b8df6cb941d111a6810060972ce19102406...@xxx.pvt>
>
> 20090320 22:42:55 38239   49A2055900086768 QUEUE Subject=Mb >
> 0x52cfd3c0 0x1b9160 2009.3.20 22 42 54 < Mb
>
> 20090320 22:42:56 38241   49A2055900086768 SMTP opened connection to
> '192.168.xx.xx' IP 192.168.xx.xx
>
> 20090320 22:42:56 38242   49A2055900086768 SMTP RCPT TO
>  got reply '501 5.1.3 Bad recipient address
> syntax'
>
> 20090320 22:42:57 38243   49A2055900086768 DSN
> To=
>
> 20090320 22:42:57 38244   49A2055900086768 DSN
> RemoteMTA=192.168.xx.xx
>
> 20090320 22:42:57 38245   49A2055900086768 DSN Subject=Mb >
> 0x52cfd3c0 0x1b9160 2009.3.20 22 42 54 < Mb
>
> 20090320 22:42:57 38246   49A2055900086768 DSN Relay=192.168.xx.xx
>
> 20090320 22:42:57 38247   49A2055900086768 DSN
> For= Action=Failed Status=5.5.0 (other or undefined
> protocol status) Diagnostic 501 5.1.3 Bad recipient address syntax
>

those don't look like postfix logs.  also please include the output of postconf
it is needed to help you.


> On Mon, Mar 23, 2009 at 7:04 PM, Evan Platt  wrote:
>>
>> At 03:54 PM 3/23/2009, you wrote:
>>>
>>> Hello all,
>>> I'm having an issue that I believe is coming from Postfix. I am sending
>>> mail to an address which contains special characters. Those characters aid
>>> me in routing the mail but unfortunately it seems to be rejected before
>>> being relayed. The format is as follows, a block of text followed by an "="
>>> followed by more text and a number, followed by a "|" and then numbers @ the
>>> domain.com ie:
>>> "text=option1|123456...@address.com".
>>> When sending from Gmail for instance I get the following error:
>>>
>>> Technical details of permanent failure:
>>> Google tried to deliver your message, but it was rejected by the
>>> recipient domain. We recommend contacting the other email provider for
>>> further information about the cause of this error. The error that the other
>>> server returned was: 501 501 5.1.3 Bad recipient address syntax (state 14).
>>>
>>> Also, I am seeing the following error in Postfix:
>>>
>>> '501 5.1.3 Bad recipient address syntax'
>>>
>>> Any suggestions or assistance would be greatly appreciated.
>>> Thanks
>>
>>
>> I'm certainly no Postfix expert, pretty straightforward install... but I
>> tried setting up an account, and it worked fine - So, likely anyone who can
>> help you will need / want
>> postconf -n
>> entries from mail log showing the reject
>>
>> Not sure what else... But here's my mail log showing the mail accepted.
>>
>> Mar 23 16:01:03 www postfix/qmgr[11482]: 3FE281DA4E8:
>> from=, size=2313, nrcpt=1 (queue active)
>> Mar 23 16:01:03 www postfix/local[13208]: 3FE281DA4E8:
>> to=, orig_to=,
>> relay=local, delay=0, status=sent (delivered to mailbox)
>> Mar 23 16:01:03 www postfix/qmgr[11482]: 3FE281DA4E8: removed
>>
>>
>> I use one main mailbox and /etc/postfix/aliases ...
>>
>> Evan
>
>

Re: Mail drop

[Victor Duchovni]

On Mon, Mar 23, 2009 at 06:15:13PM -0400, Brandon Hilkert wrote:

>> MEASURE! Find out what is slowing it down. When you know what that
>> is, ask the question again.
>
> What are the best tools to get a feel for hardware performance and 
> utilitization? Top, atop, vmstat ?
>
> As you can probably tell, I don't have much experience working with Linux. 
> If you feel like this is a question not worth the time, then don't feel 
> like you have to respond.

It is a difficult question. The tools in hand are strace, iostat, top,
mpstat, ... You can also add a CPU-intensive task in the background and
see whether this impacts DKIM throughput. You could add a disk intensive
task and see how that impacts throughput... You could switch to tmpfs
for everything, increase concurrency (won't help with CPU but can ammortize
latency). Is the DKIM filter doing DNS lookups? If so you could have a latency
problem, without exhausting any local resources...

Identifying bottlenecks is hard work. Good luck. Your Postfix can go fast,
now you just need to configure DKIM to not get in the way. This should
be possible.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Special Characters in Address

[Melvyn Sopacua]

On Monday 23 March 2009 23:54:24 Mischa Gresser wrote:

> The format is as follows, a block of text followed by an "="
> followed by more text and a number, followed by a "|" and then numbers @
> the domain.com ie: "text=option1|123456...@address.com".
> When sending from Gmail for instance I get the following error:
>

> *'501 5.1.3 Bad recipient address syntax'   *

Let me guess, option1 contains either '<' or '>':

RCPT TO: text=|12...@localhost
501 5.1.3 Bad recipient address syntax
RCPT TO: |12...@localhost>
501 5.1.3 Bad recipient address syntax

-- 
Melvyn Sopacua

Re: Special Characters in Address

[Victor Duchovni]

On Mon, Mar 23, 2009 at 07:15:02PM -0400, Aaron Wolfe wrote:

> > 20090320 22:42:57 38247?? 49A2055900086768 DSN
> > For= Action=Failed Status=5.5.0 (other or undefined
> > protocol status) Diagnostic 501 5.1.3 Bad recipient address syntax
> >
> 
> those don't look like postfix logs.  also please include the output of 
> postconf
> it is needed to help you.

They are unequivocally NOT Postfix logs. The OP should find out what SMTP
software is actually running on the system in question.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Mail drop

[Wietse Venema]

Victor Duchovni:
> and may be causing high disk latency. You have to tune the milter 
> configuration

There is no need for dkim-milter to touch the disk. It receives
header and body content from Postfix via the Milter protocol.  I
know this, because I implemented the Postfix side of the protocol.

Wietse

Re: Mail drop

[Wietse Venema]

Brandon Hilkert:
[ Charset ISO-8859-1 unsupported, converting... ]
> 
> - Original Message - 
> From: "Wietse Venema" 
> To: "Postfix users" 
> Sent: Monday, March 23, 2009 5:39 PM
> Subject: Re: Mail drop
> 
> 
> > Brandon Hilkert:
> >> I"m not disputing this fact. I used smtp-source with 10 connections.
> >> 
> >> Without DKIM signing - 14,634 emails/min
> >> With DKIM signing - 4,762 emails/min
> >> 
> >> I think we would both agree that that's a large discrepancy.
> > 
> > Yes. 
> > 
> >> I'm using DKIM-milter. During the testing, the CPU nevers goes over 3-4%
> > 
> > 3-4% of how many CPUs?
> 
> It's a Intel Xeon Quad core.

It uses 3-4% of all CPUS or just one?

> > dkim-milter is one program that you are asking to sign lots of
> > messages in parallel. To implement parallelism, dkim-milter uses
> > mutiple threads in one process. To keep the threads from tripping
> > over each other, dkim-milter uses locks. With a bit of bad luck,
> > your DKIM requests are blocking each other.
> 
> Is there nothing I can do to either improve or prevent this?

To change this, re-implement libmilter and change the milter
programming model.

Wietse

Re: Special Characters in Address

[Wietse Venema]

Aaron Wolfe:
> > 20090320 22:42:56 38242?? 49A2055900086768 SMTP RCPT TO
> >  got reply '501 5.1.3 Bad recipient address
> > syntax'

The above logging is from the system that is sending mail into
Postfix.

To find out what commands the client sends you need to turn on
logging (debug_peer_list=192.168.1.1 or whatever).

I am pretty sure that your software does not correctly quote special
characters by the rules of RFC 821/2821/5321.

Postfix will not receive mail from clients that don't implement
basic SMTP syntax. This will not be changed.

Wietse

Re: Mail drop

[Victor Duchovni]

On Mon, Mar 23, 2009 at 07:24:50PM -0400, Wietse Venema wrote:

> Victor Duchovni:
> > and may be causing high disk latency. You have to tune the milter 
> > configuration
> 
> There is no need for dkim-milter to touch the disk. It receives
> header and body content from Postfix via the Milter protocol.  I
> know this, because I implemented the Postfix side of the protocol.

No need perhaps, but does that prove that no disk I/O takes place? I am
not saying there is disk I/O, but lack of need is not lack of use. So
that should be excluded. If the disk is not saturated, perhaps there
are DNS lookups or other sources of latency.

Tracing the system calls in the milter may help (when sending just
one message to reduce confusion).

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Best method to throttle mail to one user

[jeffs]

I have a postfix system set up that works fine (well, maybe that is 
because it is not totally on-line yet :-\ ).  But testing has been great.


Once it goes live this system is going to be used to send email alerts 
to users based on certain database activity.  Actually, a script which 
runs against user names and email addresses in the database will be 
kicking off the alerts.  This is not a system that uses postfix for 
general email type of activity -- it will be used only for outbound 
alerts.   I've got that  part to work already just fine.


There is the slight potential for abuse by these logged in users that 
one or two may figure out a way to send spam through this system by 
forging (not login) credentials that the database uses to sort out 
outbound email.


In this particular system if spam is going to go out via the method 
mentioned above, it will always be destined for one particular user, 
although those users will change over time and it is not feasible to 
predetermine which user may be on the receiving end.


What would be the best method in postfix to shut down or stop a sudden 
flurry of emails to one user.  It will always be a sudden jump in 
outbound emails since typical outbound alerts will not happen that often.


Thanks in advance.

Re: Best method to throttle mail to one user

[Terry Carmen]

jeffs wrote:
I have a postfix system set up that works fine (well, maybe that is 
because it is not totally on-line yet :-\ ).  But testing has been great.


Once it goes live this system is going to be used to send email alerts 
to users based on certain database activity.  Actually, a script which 
runs against user names and email addresses in the database will be 
kicking off the alerts.  This is not a system that uses postfix for 
general email type of activity -- it will be used only for outbound 
alerts.   I've got that  part to work already just fine.


There is the slight potential for abuse by these logged in users that 
one or two may figure out a way to send spam through this system by 
forging (not login) credentials that the database uses to sort out 
outbound email.


In this particular system if spam is going to go out via the method 
mentioned above, it will always be destined for one particular user, 
although those users will change over time and it is not feasible to 
predetermine which user may be on the receiving end.


What would be the best method in postfix to shut down or stop a sudden 
flurry of emails to one user.  It will always be a sudden jump in 
outbound emails since typical outbound alerts will not happen that often.


Postfix has rate-limiting features, but I'm not sure that would be very 
helpful, since even a low rate-limit will still let a lot of messages 
though (over a weekend, for example).


A better solution would be to secure the system that generates the 
emails and use authentication for sending mail.


If that isn't an option, you could install spamassassin and use 
header_checks to HOLD anything with an X-Spam-Level > a defined maximum. 
It's very effective especially if you teach it what the legitimate 
emails look like.


Terry

Re: Special Characters in Address

[Aaron Wolfe]

On Mon, Mar 23, 2009 at 7:44 PM, Mischa Gresser  wrote:
> Is this the correct log?
>
> Mar 20 10:13:01 hostname postfix/qmgr[15441]: 39F9BAD0063: removed
> Mar 20 10:13:31 hostname postfix/smtpd[31210]: connect from
> qw-out-2122.google.com[74.125.92.26]
> Mar 20 10:13:32 hostname postfix/smtpd[31210]: warning: Illegal address
> syntax from qw-out-2122.google.com[74.125.92.26] in RCPT command:  1231231...@xxx.ca>
> Mar 20 10:13:32 hostname postfix/smtpd[31210]: disconnect from
> qw-out-2122.google.com[74.125.92.26]
>

It's sort of hard (for me at least) to tell what really is in the log
and what your mail client (or mine) has mangled up, does it actually
say:

>

in the log?  Is that a newline or space or something? between 'cover1'
and '1231231234'?  what exactly is the address you are sending to?
where did that extra address (403 etc .ca) come from?  It would help
if you could use plain text only when posting.

i think the simple answer is that postfix is getting garbage and
saying 'no thanks'. maybe your client sends garbage, maybe your client
sends something valid but weird and google turns it into garbage?

-Aaron

Re: Special Characters in Address

[Wietse Venema]

Mischa Gresser:
> Mar 20 10:13:32 hostname postfix/smtpd[31210]: warning: Illegal address
> syntax from qw-out-2122.google.com[74.125.92.26] in RCPT command:  1231231...@xxx.ca <4034767...@crebifax.ca>>

The RCPT command syntax is:

RCPT TO:<4034767...@crebifax.ca>

Not:

RCPT TO:>

The author of this software should study RFC 821/2821/5321.

Wietse

Re: Best method to throttle mail to one user

[jeffs]

Sahil Tandon wrote:

On Mon, 23 Mar 2009, jeffs wrote:

  
There is the slight potential for abuse by these logged in users that  
one or two may figure out a way to send spam through this system by  
forging (not login) credentials that the database uses to sort out  
outbound email.



This is really shady.  Why can't you secure the system?

  
I'm developing a system that examines the apache logs for a particular 
string of characters, which only occasionally are present in the URLs -- 
very rarely.  Actually, the presence of those strings, is the mechanism 
that kicks off a script that sends email to an email address. Now, it is 
difficult but not impossible for someone to calculate what those strings 
may be.  If they guess right, they could flood my apache logs with those 
strings and thereby kick off a flurry of alerts to an email address.


Sorry if I'm sounding cryptic here but this is a development project and 
I'm not free to completely divulge all aspects of how it works.  What's 
important, is that postfix handles the outbound alerts and could 
possibly be tricked into sending out a bunch of email alerts to an email 
address and I don't want that to happen because then my legitimate 
system is marked as a spam generator when it is not. 

Now I could run an sql query that counts the number of times the URLs 
are present in the logs (the logs are actually saved in a MySQL 
database) within a specified window of time, and stop the script from 
kicking of the alerts that way.  However, rather than building (for me) 
a difficult query I thought there might be a mechanism in Postfix which 
could be used to stop a sudden increase of outbound emails.

Re: Special Characters in Address

[Mischa Gresser]

Is this the correct log?


Mar 20 10:13:01 hostname postfix/qmgr[15441]: 39F9BAD0063: removed
Mar 20 10:13:31 hostname postfix/smtpd[31210]: connect from
qw-out-2122.google.com[74.125.92.26]
Mar 20 10:13:32 hostname postfix/smtpd[31210]: warning: Illegal address
syntax from qw-out-2122.google.com[74.125.92.26] in RCPT command: >
Mar 20 10:13:32 hostname postfix/smtpd[31210]: disconnect from
qw-out-2122.google.com[74.125.92.26]

Re: Mail drop

[Brandon Hilkert]

- Original Message - 
From: "Wietse Venema" 

To: 
Sent: Monday, March 23, 2009 7:42 PM
Subject: Re: Mail drop



Victor Duchovni:

On Mon, Mar 23, 2009 at 07:24:50PM -0400, Wietse Venema wrote:

> Victor Duchovni:
> > and may be causing high disk latency. You have to tune the milter 
> > configuration

>
> There is no need for dkim-milter to touch the disk. It receives
> header and body content from Postfix via the Milter protocol.  I
> know this, because I implemented the Postfix side of the protocol.

No need perhaps, but does that prove that no disk I/O takes place? I am
not saying there is disk I/O, but lack of need is not lack of use. So
that should be excluded. If the disk is not saturated, perhaps there
are DNS lookups or other sources of latency.


dkim-milter does not store the email message outside the mail queue.
In signing mode, it receives the headers and body from Postfix,
and then it asks Postfix to add a message header with the DKIM
signature.

dkim-milter does not use DNS lookups while signing mail. It has
a copy of the private key.

dkim-milter does of course use DNS lookups when verifying signatures.
It is possible that he is running it in verify mode, and that his
DNS has a 13ms round-trip time over a slow 128kbps ADSL uplink.
But it seems unlikely.


We're just signing. No lookups.




Tracing the system calls in the milter may help (when sending just
one message to reduce confusion).


strace-ing a multi-threaded program, have fun.

Wietse 

Re: Best method to throttle mail to one user

[Sahil Tandon]

On Mon, 23 Mar 2009, jeffs wrote:

> There is the slight potential for abuse by these logged in users that  
> one or two may figure out a way to send spam through this system by  
> forging (not login) credentials that the database uses to sort out  
> outbound email.

This is really shady.  Why can't you secure the system?

-- 
Sahil Tandon 

Re: Mail drop

[Wietse Venema]

Victor Duchovni:
> On Mon, Mar 23, 2009 at 07:24:50PM -0400, Wietse Venema wrote:
> 
> > Victor Duchovni:
> > > and may be causing high disk latency. You have to tune the milter 
> > > configuration
> > 
> > There is no need for dkim-milter to touch the disk. It receives
> > header and body content from Postfix via the Milter protocol.  I
> > know this, because I implemented the Postfix side of the protocol.
> 
> No need perhaps, but does that prove that no disk I/O takes place? I am
> not saying there is disk I/O, but lack of need is not lack of use. So
> that should be excluded. If the disk is not saturated, perhaps there
> are DNS lookups or other sources of latency.

dkim-milter does not store the email message outside the mail queue.
In signing mode, it receives the headers and body from Postfix,
and then it asks Postfix to add a message header with the DKIM
signature.

dkim-milter does not use DNS lookups while signing mail. It has
a copy of the private key.

dkim-milter does of course use DNS lookups when verifying signatures.
It is possible that he is running it in verify mode, and that his
DNS has a 13ms round-trip time over a slow 128kbps ADSL uplink.
But it seems unlikely.

> Tracing the system calls in the milter may help (when sending just
> one message to reduce confusion).

strace-ing a multi-threaded program, have fun.

Wietse

OT Re: Best method to throttle mail to one user

[Terry Carmen]

jeffs wrote:

Sahil Tandon wrote:

On Mon, 23 Mar 2009, jeffs wrote:

  
There is the slight potential for abuse by these logged in users that  
one or two may figure out a way to send spam through this system by  
forging (not login) credentials that the database uses to sort out  
outbound email.



This is really shady.  Why can't you secure the system?

  
I'm developing a system that examines the apache logs for a particular 
string of characters, which only occasionally are present in the URLs 
-- very rarely.  Actually, the presence of those strings, is the 
mechanism that kicks off a script that sends email to an email 
address. Now, it is difficult but not impossible for someone to 
calculate what those strings may be.  If they guess right, they could 
flood my apache logs with those strings and thereby kick off a flurry 
of alerts to an email address.


AFAIK, there's no way to do what you want using any type of postfix or 
postfix add-on software.  A bunch of log hits could just as easily be 
real hits for your string as someone playing with you.


What you need is more intelligence in your app, not better mail server 
security.


A good place to start would be to model your app after syslogd, which 
will report "last message repeated  times", so instead of becoming a 
DDOS attack on your intended recipients, they would get a single email 
that says "Found string '" 34,100 times in the last 20 minutes"


In any case, this isn't a postfix problem.

Terry

Re: header_checks for a specific client or sender

[mouss]

Martin Strand a écrit :
> Is it possible to make a header_checks rule apply only to a certain client?
> 

No.

> I've got an annoying piece of software which sends messages through Postfix.
> This software insists on including a "Sender" header that I wish to filter 
> out with Postfix, but only for this certain client (or the envelope sender, 
> which is always the same)
> Unfortunately, fixing the software is not an option :(
> Any tips?

get that client to send mail to a specific postfix IP:port.

if this is not possible, you'll need a specific content filter.

Re: header_checks for a specific client or sender

[Martin Strand]

On Mon, 23 Mar 2009 16:22:42 +0100, Noel Jones  wrote:
>> No, it's only the "Sender" *header* that's causing problems, not the actual 
>> envelope sender.
>> I added an IGNORE line to filter out all Sender headers, but I would prefer 
>> to only apply that filter to this specific client.
>> After reading the header_checks documentation several times I still can't 
>> find a way to do this so I'll live with the current workaround for now.
>> Thanks anyway!
>
> Header_checks apply to all clients.  If the Sender header is a
> specific value, you can just IGNORE that specific header; you
> don't need to remove all Sender headers.
>
> It is possible to have postfix listen on a different IP:port
> with a different set of header_checks, see the archives for
> examples.  Have the problem client submit mail to the
> alternate IP:port with a custom header_checks file, or use
> firewall rules to redirect the problem client to the alternate
> IP:port if you can't change the client.
>
>-- Noel Jones

I think I found a header_check pattern that should work ok without interfering 
with other messages.
If not, an alternate port would be the way to go.
Thanks!

Re: Mail drop

[Victor Duchovni]

On Mon, Mar 23, 2009 at 07:46:16PM -0400, Brandon Hilkert wrote:

>>> Tracing the system calls in the milter may help (when sending just
>>> one message to reduce confusion).
>>
>> strace-ing a multi-threaded program, have fun.

That's why only one message should be sent. There should not be too many threads
for processing a single message. If the issue is not lock contention or other
inter-thread problem, strace could shed some light on it.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Special Characters in Address

[Victor Duchovni]

On Mon, Mar 23, 2009 at 07:44:28PM -0400, Mischa Gresser wrote:

> Is this the correct log?
> 
> 
> Mar 20 10:13:01 hostname postfix/qmgr[15441]: 39F9BAD0063: removed
> Mar 20 10:13:31 hostname postfix/smtpd[31210]: connect from
> qw-out-2122.google.com[74.125.92.26]
> Mar 20 10:13:32 hostname postfix/smtpd[31210]: warning: Illegal address
> syntax from qw-out-2122.google.com[74.125.92.26] in RCPT command:  1231231...@xxx.ca <4034767...@crebifax.ca>>

Your HTML mail client has mangled the content. Please disable all HTML
in the MUA and try again. In any case, it looks like the sending system
sent garbage.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Special Characters in Address

[Aaron Wolfe]

On Mon, Mar 23, 2009 at 8:11 PM, Wietse Venema  wrote:
> Mischa Gresser:
>> Mar 20 10:13:32 hostname postfix/smtpd[31210]: warning: Illegal address
>> syntax from qw-out-2122.google.com[74.125.92.26] in RCPT command: > 1231231...@xxx.ca <4034767...@crebifax.ca>>
>
> The RCPT command syntax is:
>
>    RCPT TO:<4034767...@crebifax.ca>
>
> Not:
>
>    RCPT TO:>
>
> The author of this software should study RFC 821/2821/5321.
>
>        Wietse
>

I think we are actually seeing a botched attempt to alter log lines by
hand using an HTML mua.

In any case, the format described (not the one "shown") works fine
from my google mail to my instance of postfix at least. without
accurate logs or postconf output, who could guess what is going wrong
for the OP.

Mar 23 22:47:39 mx1 postfix/smtpd[22236]: NOQUEUE: reject: RCPT from
mail-gx0-f207.google.com[209.85.217.207]: 550 5.1.1
: Recipient address rejected:
User unknown in virtual mailbox table; from=
to= proto=ESMTP
helo=

-Aaron

MAIL TO DEAD DESTINATION

[Ashwin Muni]

I have a query i want postfix not to try sending mails to a destination
which is dead. Does postfix maintains cache or is there any settings to be
done for it. Tried googleing found this two directives. But dont exactly
know it really works .

minimal_backoff_time = 86400

maximal_backoff_time = 86400


Ex: I'm sending a mail to xyz.com and my server could not connect to the
xyz.com smtp server. My mail gets deffered and then it tries as per my
setting but later another user of mine tries to send mail to the same domain
and it happens again. I dont want postfix to try instead it can check the
cache for the domain and not try delivering it.

-- 
Ashwin R.

Re: MAIL TO DEAD DESTINATION

[Sahil Tandon]

On Tue, 24 Mar 2009, Ashwin Muni wrote:

> I have a query i want postfix not to try sending mails to a destination
> which is dead. Does postfix maintains cache or is there any settings to be
> done for it. Tried googleing found this two directives. But dont exactly
> know it really works .
> 
> minimal_backoff_time = 86400
> 
> maximal_backoff_time = 86400
> 
> Ex: I'm sending a mail to xyz.com and my server could not connect to the
> xyz.com smtp server. My mail gets deffered and then it tries as per my
> setting but later another user of mine tries to send mail to the same domain
> and it happens again. I dont want postfix to try instead it can check the
> cache for the domain and not try delivering it.

If you set minimal_backoff_time as high as 86400s, xyz.com's SMTP server
might become reachable in a few minutes, but qmgr(8) will not try to deliver
for another day!  Is this what you want?

-- 
Sahil Tandon 

Re: MAIL TO DEAD DESTINATION

[Jim Wright]

On Mar 23, 2009, at 11:01 PM, Ashwin Muni wrote:

Ex: I'm sending a mail to xyz.com and my server could not connect to  
the xyz.com smtp server. My mail gets deffered and then it tries as  
per my setting but later another user of mine tries to send mail to  
the same domain and it happens again. I dont want postfix to try  
instead it can check the cache for the domain and not try delivering  
it.


Connection errors occur for any number of reasons, this is a common  
occurrence,and should be allowed for.  You are asking for one such  
temporary instance to block all future mails?  If gmail had a problem  
with one of their servers, you would never want to send to gmail again?


Please clarify exactly what problem you are trying to solve. 
 

Re: MAIL TO DEAD DESTINATION

[Victor Duchovni]

On Tue, Mar 24, 2009 at 09:31:03AM +0530, Ashwin Muni wrote:

> I have a query i want postfix not to try sending mails to a destination
> which is dead. Does postfix maintains cache or is there any settings to be
> done for it. Tried googleing found this two directives. But dont exactly
> know it really works .
> 
> minimal_backoff_time = 86400

Insane, restore this to the default setting.

> maximal_backoff_time = 86400

Too high, anythind over an hour or two does not help much.

Postfix automatically defers mail to dead destinations. It will allow
a retry of a few messages no sooner than $minimal_backoff_time, but this
does no harm.

> Ex: I'm sending a mail to xyz.com and my server could not connect to the
> xyz.com smtp server. My mail gets deffered and then it tries as per my
> setting but later another user of mine tries to send mail to the same domain
> and it happens again. I dont want postfix to try instead it can check the
> cache for the domain and not try delivering it.

You are chasing phantom problems. The default settings are fine, and what
you are proposing is extremely fragile.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: MAIL TO DEAD DESTINATION

[Ashwin Muni]

On Tue, Mar 24, 2009 at 9:31 AM, Ashwin Muni  wrote:

> I have a query i want postfix not to try sending mails to a destination
> which is dead. Does postfix maintains cache or is there any settings to be
> done for it. Tried googleing found this two directives. But dont exactly
> know it really works .
>
> minimal_backoff_time = 86400
>
> maximal_backoff_time = 86400
>
>
> Ex: I'm sending a mail to xyz.com and my server could not connect to the
> xyz.com smtp server. My mail gets deffered and then it tries as per my
> setting but later another user of mine tries to send mail to the same domain
> and it happens again. I dont want postfix to try instead it can check the
> cache for the domain and not try delivering it.
>
> --
> Ashwin R.
>

I get around "HARD Bounces" for huge no. of domain from my environment every
day. I want postfix to record these types of domain and use as reference for
later sending of mail. When a mail comes if the domain is present in the
list then it should not try sending instead defer it or send an
notification.

say i send a mail to xyz.com and it got bounced i want postfix not to try
sent mail to this domain for a specific time.


-- 
Ashwin R.

MAX SMTP connection

[Ashwin Muni]

what is the directive to limit no of smtp connection to a same destination
(Not Message) and what is the directive that can set no of messages per smtp
connections

-- 
Ashwin R.

Re: MAX SMTP connection

[Barney Desmond]

2009/3/24 Ashwin Muni :
> what is the directive to limit no of smtp connection to a same destination
> (Not Message) and what is the directive that can set no of messages per smtp
> connections

http://www.postfix.org/postconf.5.html#default_destination_concurrency_limit

http://www.postfix.org/postconf.5.html#default_destination_recipient_limit

The latter is the number of recipients for a given message. I'm not
sure if postfix sends more than one distinct message in a single
connection.

Re: restricting sender to send outside and allow only as defined (now ok)

[aio shin]

On 3/17/09, Charles Marcus  wrote:
> On 3/16/2009, aio shin (aios...@gmail.com) wrote:
>> here the result of postconf -n
>
> Please don't FORMAT it (ie, add blank lines, etc)... just copy/paste it
> AS IS.
>
> I fyou really want help on the postfix list, you really do need to read
> the DEBUG_README that was included in the welcome message to this list,
> and that you have been pointed to multiple times now.
>
> --
>
> Best regards,
>
> Charles
>


really sorry guys, for not actually following the lists instructions,
anyway, its been solved... my config are correct. only the mistake I
made was, im testing the sending from horde, and on hordes config, I
used the sending option to sendmail command instead of smtp...  when I
changed it to smtp and used the postfix server, the configurations I
copy/paste (formatted) has no problem, in particular to the
restriction class portion...

thanks guys. next time, I'll not do a formatting on the postconf -n output.