Re: postfix queue grep

[Rob Chanter]

On Wed, Feb 04, 2009 at 10:25:21AM +0200, Marc Silver wrote:
> Hi guys,
> 
> First and foremost, apologies if this message shouldn't be going to this  
> list, but it seemed like the logical place.
> 
> I have written a small tool for Postfix in Python that duplicates most of  
> the functionality of exiqgrep, a tool that comes bundled with Exim making  
> it easier for mail administrators to find messages in the queue.  I've  
> been using it for a couple of months now with great success (Postfix  
> 2.3.3), so I thought I'd share it with the Postfix community in the hopes  
> that some of you may find it useful.
> 
> The tool is available at http://draenor.org/public/python/pqgrep.py
> Should you find any bugs/problems, please mail me.
> 

Heh. That looks a lot like a script I wrote a few years ago and which Ralf was
kind enough to include on his scripts page. I've found it indispensible over
the years, too.

cheers
rob

Re: unusual access requirement

[Res]

On Sun, 29 Mar 2009, Noel Jones wrote:


Res wrote:

On Sat, 28 Mar 2009, Sahil Tandon wrote:


Don't use amavisd-new; it would be overkill for this task.  And from my


After looking at it, I tend to agree :)



Actually, amavisd-new is well suited for this.

At it's core, it's a high performance and very robust smtp proxy - just what 
you need.  You can easily disable the SpamAssassin and antivirus plugins, 
which are the main CPU and memory hogs associated with it.



Thanks, but since we happily use MailScanner already on all our MTA's, it 
seemed overkill to install amavisd-new as well, it was easy to modify 
milter-regex to do what we needed.


--
Res

-Beware of programmers who carry screwdrivers

Re: SASL Authenticated user blocked for non fqdn helo

[Sahil Tandon]

On Tue, 31 Mar 2009, Russell Horn wrote:

> I've a user who had their mail rejected for not presenting a FQDN as part of
> the SMTP HELO, yet they were sasl authenticated.
> 
> The log says:
> 
> Apr  1 01:06:31 paddington postfix/smtpd[3215]: NOQUEUE: reject: RCPT from
> xxx.blueyonder.co.uk[92.xxx.xxx.xxx]: 504 : Helo command rejected:
> need fully-qualified hostname; from= to=<
> russ...@example.com> proto=ESMTP helo=

Can you show logging that confirms this client authenticated?  For example,
what is the output of:

% grep 3215 /var/log/maillog | grep sasl_method

> I thought is premit_sasl_authenticated came first, then that would take
> precidence over the reject_non_fqdn, is that not the case, or is something
> else wrong?

smtpd_recipient_restrictions are applied in the order they are specified.

> access_map_reject_code = 550

What's wrong with 554?

> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
> body_checks = pcre:/etc/postfix/virus
> bounce_size_limit = 1000
> broken_sasl_auth_clients = yes
> canonical_maps = hash:/etc/postfix/canonical
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 3
> default_destination_concurrency_limit = 20
> default_process_limit = 20
> defer_transports =
> disable_dns_lookups = no
> disable_vrfy_command = yes
> header_checks = pcre:/etc/postfix/headerchecks
> html_directory = /usr/share/doc/packages/postfix/html
> invalid_hostname_reject_code = 501
> lmtp_sasl_security_options = noanonymous
> local_destination_concurrency_limit = 3
> local_recipient_maps =
> mail_name = Postfix ESMTP $myhostname

Your $smtpd_banner must look ridiculous.

> mail_spool_directory = /var/mail
> mailbox_transport = lmtp:unix:/var/spool/postfix/socket/lmtp
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> maps_rbl_domains = blackholes.mail-abuse.org, sbl.spamhaus.org,
> bl.spamcop.net, blackholes.easynet.nl

Obsolete; consider using reject_rbl_client instead.

> maps_rbl_reject_code = 550

Why did you change this from 554?

> masquerade_exceptions = root
> message_size_limit = 3500
> mime_header_checks = pcre:/etc/postfix/virus
> mydestination = example.com
> mynetworks = 87.117.xxx.xxx
> myorigin = example.com
> newaliases_path = /usr/bin/newaliases
> owner_request_special = no
> readme_directory = /usr/share/doc/packages/postfix/README_FILES
> recipient_delimiter = +
> reject_code = 550

Why?  Just curious.

> relay_domains_reject_code = 550
> relocated_maps = hash:/etc/postfix/relocated
> sample_directory = /usr/share/doc/packages/postfix/samples
> sendmail_path = /usr/sbin/sendmail
> setgid_group = maildrop
> smtp_sasl_security_options =
> smtp_tls_CAfile = /etc/postfix/certs/ssl.ca
> smtp_tls_cert_file = /etc/postfix/certs/ssl.cert
> smtp_tls_key_file = /etc/postfix/certs/ssl.key
> smtp_tls_loglevel = 1
> smtp_tls_note_starttls_offer = yes
> smtp_tls_session_cache_database = sdbm:/etc/postfix/cache/smtp_scache
> smtp_tls_session_cache_timeout = 3600s
> smtp_use_tls = yes
> smtpd_client_restrictions = hash:/etc/postfix/access, reject_maps_rbl

This is odd.  You have type:table without specifying a restriction that
queries that type:table; see postconf(5).

> smtpd_delay_reject = no
> smtpd_helo_required = yes
> smtpd_recipient_limit = 300
> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
> check_client_access hash:/etc/postfix/access, reject_unauth_destination
> hash:/etc/postfix/block, reject_non_fqdn_hostname, reject_non_fqdn_sender,
> reject_non_fqdn_recipient, reject_invalid_hostname,
> reject_unknown_sender_domain, check_relay_domains
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = foo
> smtpd_sasl_security_options = noanonymous
> smtpd_sender_restrictions = check_sender_access, hash:/etc/postfix/spammers

Extraneous comma.

-- 
Sahil Tandon 

Re: SASL Authenticated user blocked for non fqdn helo

[Matt Hayes]

Russell Horn wrote:
> Sorry, I missed a line:
> 
> submission   inetn   -   n   -   -   smtpd
>   -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
> 
> Russell.
> 
> 

Keep in mind that any smtpd_*_restrictions you have in main.cf have to
be zeroed out in the submission line or where ever you have your clients
authing too.

This is mine:

submission inet n   -   n   -   -   smtpd
  -o smtpd_tls_security_level=may
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_delay_reject=yes
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o smtpd_data_restrictions=


I have to explicitly set smtpd_recipient_restrictions to what I want and
 "zero out" smtpd_data_restrictions as I have those defined in main.cf

-matt

Re: SASL Authenticated user blocked for non fqdn helo

[Matt Hayes]

Russell Horn wrote:
> Hi,
> 
> I've a user who had their mail rejected for not presenting a FQDN as
> part of the SMTP HELO, yet they were sasl authenticated.
> 
> The log says:
> 
> Apr  1 01:06:31 paddington postfix/smtpd[3215]: NOQUEUE: reject: RCPT
> from xxx.blueyonder.co.uk [92.xxx.xxx.xxx]:
> 504 : Helo command rejected: need fully-qualified hostname;
> from=mailto:b...@example.com>> to= > proto=ESMTP helo=
> 
> And main.cf  has
> 
**snip**
Russell,

Can you provide us your "submission" lines from your master.cf?

-Matt

SASL Authenticated user blocked for non fqdn helo

[Russell Horn]

Hi,

I've a user who had their mail rejected for not presenting a FQDN as part of
the SMTP HELO, yet they were sasl authenticated.

The log says:

Apr  1 01:06:31 paddington postfix/smtpd[3215]: NOQUEUE: reject: RCPT from
xxx.blueyonder.co.uk[92.xxx.xxx.xxx]: 504 : Helo command rejected:
need fully-qualified hostname; from= to=<
russ...@example.com> proto=ESMTP helo=

And main.cf has

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_client_access hash:/etc/postfix/access, reject_unauth_destination
hash:/etc/postfix/block, reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_invalid_hostname,
reject_unknown_sender_domain, check_relay_domains

I thought is premit_sasl_authenticated came first, then that would take
precidence over the reject_non_fqdn, is that not the case, or is something
else wrong? postconf -n is below.

Thanks for any suggestions,

Russell.

--- postconf -n ---

access_map_reject_code = 550
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
body_checks = pcre:/etc/postfix/virus
bounce_size_limit = 1000
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 3
default_destination_concurrency_limit = 20
default_process_limit = 20
defer_transports =
disable_dns_lookups = no
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/headerchecks
html_directory = /usr/share/doc/packages/postfix/html
invalid_hostname_reject_code = 501
lmtp_sasl_security_options = noanonymous
local_destination_concurrency_limit = 3
local_recipient_maps =
mail_name = Postfix ESMTP $myhostname
mail_spool_directory = /var/mail
mailbox_transport = lmtp:unix:/var/spool/postfix/socket/lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains = blackholes.mail-abuse.org, sbl.spamhaus.org,
bl.spamcop.net, blackholes.easynet.nl
maps_rbl_reject_code = 550
masquerade_exceptions = root
message_size_limit = 3500
mime_header_checks = pcre:/etc/postfix/virus
mydestination = example.com
mynetworks = 87.117.xxx.xxx
myorigin = example.com
newaliases_path = /usr/bin/newaliases
owner_request_special = no
readme_directory = /usr/share/doc/packages/postfix/README_FILES
recipient_delimiter = +
reject_code = 550
relay_domains_reject_code = 550
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_security_options =
smtp_tls_CAfile = /etc/postfix/certs/ssl.ca
smtp_tls_cert_file = /etc/postfix/certs/ssl.cert
smtp_tls_key_file = /etc/postfix/certs/ssl.key
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = sdbm:/etc/postfix/cache/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = yes
smtpd_client_restrictions = hash:/etc/postfix/access, reject_maps_rbl
smtpd_delay_reject = no
smtpd_helo_required = yes
smtpd_recipient_limit = 300
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_client_access hash:/etc/postfix/access, reject_unauth_destination
hash:/etc/postfix/block, reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_invalid_hostname,
reject_unknown_sender_domain, check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = foo
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access, hash:/etc/postfix/spammers
smtpd_tls_CAfile = /etc/postfix/certs/ssl.ca
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/postfix/certs/ssl.cert
smtpd_tls_key_file = /etc/postfix/certs/ssl.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = sdbm:/etc/postfix/cache/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 450

Re: Piping /etc/aliases to newaliases

[mouss]

Bryce Nesbitt a écrit :
> Here is try two at the end of line comment script for /etc/aliases.  Can
> anyone do this more elegantly?
> 
> #!/bin/sh
> # Created so we can have end of line comments in /etc/aliases
> sed 's/#.*$//;/^$/d' < /etc/aliases > /tmp/aliases_tmp ;
> /usr/sbin/sendmail -bi -oA/tmp/aliases_tmp ; mv /tmp/aliases_tmp.db
> /etc/aliases.db
> 
> Wietse wrote the cryptic note "All the supported features are in the
> DOCUMENTATION.".  But I have a different question: is this as elegant as
> it gets?  Is there a more clever solution using the DOCUMENTATION
> features that is available?  Will the moving of the aliases.db cause
> other problems with postfix or postalias?

you are fighting against the system. and usually at least, the system
wins and you lose.

there is no reason to prefer:

joe jim # blah blah

to

# blah blah
joe  jim

or we could want

joe (blah blah) jim (blah blah)

or

blah  blah blah  blah


so yes, you can play a lot of shell games to support any format you
want. you can even support an xml format (well, this would be hard with
the shell...) if you like that. The only thing that counts here is that
your script generates a file that conforms with postfix specs.

note that for those of us who use an rdbms, this is a non-question.

Re: Active/passive cluster and postfix running on both nodes

[mouss]

Vianney Lejeune a écrit :
> Hello !
> 
> I have a 2-nodes-active/passive cluster, each node runs postfix
> independently, only for local email.
> 
> I would like to achieve this scenario:
> 
> -if the nodes are both secondary, or one is down and the other one is
> secondary, each node stores locally iits own emails.
> 
> -If a node `is or becomes primary`, the secondary node transfers its own
> emails to the primary node.
> 
> Could you give me some clues ?

this is unclear. can you explain what you exactly want?

Re: Piping /etc/aliases to newaliases

[Victor Duchovni]

On Tue, Mar 31, 2009 at 10:59:41AM -0700, Bryce Nesbitt wrote:

> Here is try two at the end of line comment script for /etc/aliases.  Can
> anyone do this more elegantly?
> 
> #!/bin/sh
> # Created so we can have end of line comments in /etc/aliases
> sed 's/#.*$//;/^$/d' < /etc/aliases > /tmp/aliases_tmp ;
> /usr/sbin/sendmail -bi -oA/tmp/aliases_tmp ; mv /tmp/aliases_tmp.db
> /etc/aliases.db

Only if /etc and /tmp are in the same file-system. Only if you don't
use a fixed predictable temporary file name. Much better to do the the
work in the directory containing the aliases file, and do it robustly
(on systems that have mktemp(1)). Something along the lines of:

shift $#; set -- $(postconf -h alias_database)
if [ $# -eq 1 ]; then
mappath=$(echo "$1" | sed -e 's/^[^:]*://')
case "$mappath" in /*) ;; *) exit 1;; esac
test -f "$mappath" || exit 1
mapdir=$(dirname "$mappath")
mapfile=$(basename "$mappath")
test -n "$mapfile" || exit 1
cd "$mapdir" || exit 1
find . ! -name . -type d -prune -o \
-name ".$mapfile.??" -mtime +1 -exec rm "{}" ";"
maptmp=$(mktemp ".$mapfile.XX") || exit 1
rm -f "${maptmp}".*
cp -p "$mappath" "$maptmp"  # preserve file owner/permissions
sed 's/#.*$//;/^$/d' < "$mapfile" > "$maptmp"
postalias "$maptmp"
test -f "$maptmp".db && mv $maptmp.db "$mapfile.db"
rm -f "$maptmp".*
rm "$maptmp"
fi

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Piping /etc/aliases to newaliases

[Wietse Venema]

Bryce Nesbitt:
> Here is try two at the end of line comment script for /etc/aliases.  Can
> anyone do this more elegantly?
> 
> #!/bin/sh
> # Created so we can have end of line comments in /etc/aliases
> sed 's/#.*$//;/^$/d' < /etc/aliases > /tmp/aliases_tmp ;
> /usr/sbin/sendmail -bi -oA/tmp/aliases_tmp ; mv /tmp/aliases_tmp.db
> /etc/aliases.db

The /etc/aliases file uses email address notation as defined in
Internet standards such as RFC 822.  When you have a chance to look
up this 27-year old document, then you will discover that it
describes a recursive language. 

For this reason, the contents of /etc/aliases cannot be parsed
correctly with regular expressions

In case you aren't aware of this, /#.*$/ is a regular expression.

Wietse

Re: Piping /etc/aliases to newaliases

[Bryce Nesbitt]

Here is try two at the end of line comment script for /etc/aliases.  Can
anyone do this more elegantly?

#!/bin/sh
# Created so we can have end of line comments in /etc/aliases
sed 's/#.*$//;/^$/d' < /etc/aliases > /tmp/aliases_tmp ;
/usr/sbin/sendmail -bi -oA/tmp/aliases_tmp ; mv /tmp/aliases_tmp.db
/etc/aliases.db

Wietse wrote the cryptic note "All the supported features are in the
DOCUMENTATION.".  But I have a different question: is this as elegant as
it gets?  Is there a more clever solution using the DOCUMENTATION
features that is available?  Will the moving of the aliases.db cause
other problems with postfix or postalias?

Re: recipient_bcc_maps, sender_bcc_maps

[Victor Duchovni]

On Tue, Mar 31, 2009 at 09:57:12AM -0500, Noel Jones wrote:

> BTW, you can use "DUNNO" as the result in a pcre table to pretend the 
> string wasn't found.  No need to use a "null" alias.

No, this is wrong. DUNNO is an access(5) action, which has no special
meaning in address rewriting tables.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: recipient_bcc_maps, sender_bcc_maps

[Noel Jones]

csere matyas wrote:

hi

i have a postfix set up with a bunch of virtual domains.
we've been using always_bcc to archive the mail, until one of the 
paranoid users asked us not to include his mail in the archive.


so i'm trying to do the same with recipient/sender maps:

recipient_bcc_maps = 
pcre:/etc/postfix/recipient_bcc


sender_bcc_maps = pcre:/etc/postfix/sender_bcc

the contents of the two files are the same:

/^paranoid\.u...@my\.tld$)/   
null 


/.*/mailbac...@my.tld

null points to /dev/null in my aliases file.

if i enable only the recipient line, it works, his mail gets delivered 
to null and his mailbox.
if i enable only the sender line, it works, mail sent from him, gets 
sent to null, and whoever.
BUT, if i enable both rules, both his sent and recieved emails get 
archived!


Of course it's archived - unless he's both the sender and 
recipient.


You can use a policy server that checks {sender, recipient} 
and returns "BCC whate...@example.com" if Mr. Paranoid isn't 
found.  This may be tricky since the policy protocol doesn't 
report a full list of recipients, only the "current" recipient.


Better solution is to bcc everything and use a delivery filter 
(procmail or whatever) to throw away mail this is neither to 
nor from him.


But what about mail from him to someone who needs to be 
archived? or vice versa?  What about multi-recipient mail to 
him plus someone that must be archived?  Can't solve all these 
problems in an MTA.


BTW, you can use "DUNNO" as the result in a pcre table to 
pretend the string wasn't found.  No need to use a "null" alias.


  -- Noel Jones

Re: recipient_bcc_maps, sender_bcc_maps

[Victor Duchovni]

On Tue, Mar 31, 2009 at 12:34:21AM +0200, csere matyas wrote:

> so i'm trying to do the same with recipient/sender maps:
> 
> recipient_bcc_maps = pcre:/etc/postfix/recipient_bcc
> 
> sender_bcc_maps = pcre:/etc/postfix/sender_bcc
> 
> the contents of the two files are the same:
> 
> /^paranoid\.u...@my\.tld$)/   null  
>
> /.*/mailbac...@my.tld
> 
> null points to /dev/null in my aliases file.

What happens to the "null" recipient after it goes through amavis?
Don't enable "bcc" rewriting on both sides of the content filter.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: etc/postfix/sender_access_map and /etc/aliases

[Noel Jones]

Dave Johnson wrote:

sender_access_map

Stops the server receiving mail when installed via postfix reload



No doubt postfix logs a helpful message telling what the 
problem is.

http://www.postfix.org/DEBUG_README.html#logging


warning: restriction `check_client_access' after `permit' is ignored



That's just a warning that your map is ignored.  It won't stop 
postfix from receiving mail.


And the warning is about a client access map, not the sender 
access map your question was about.


  -- Noel Jones

Re: postfix under windows domain controller

[Victor Duchovni]

On Tue, Mar 31, 2009 at 03:16:53PM +0300, Veiko Kukk wrote:

>> I want to add my postfix mail server under active directory (domain 
>> controller), so that i dont create any user in my linux box, i will create 
>> in my DC, but mailbox will create in linux postfix.
>> please help, how i will do it.
>
> winbind

Not necessarily. Rather depends on how users will access mail. Many
POP/IMAP servers work with "virtual" mail stores with mailboxes owned
by the IMAP server, not the user. In this case system accounts for
users are not needed, and probably not desired.

The OP should probably ask more specific questions, as "please design
my system" is to broad a question for this list.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Logging Postfix Activity

[Ralf Hildebrandt]

* Marky Yehezkiel (SNC) :
> Hi all,
> I got info from courier imap mailing list that Dovecot able to answer what I
> required.

Yes

> Is it true? 

Yes

> Does anyone has try this?

Yes

-- 
Ralf Hildebrandt
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.computerbeschimpfung.de
Programmer /n./ A red-eyed, mumbling mammal capable of conversing with
inanimate objects. 

RE: Logging Postfix Activity

[Marky Yehezkiel (SNC)]

Hi all,
I got info from courier imap mailing list that Dovecot able to answer what I
required.
Is it true? Does anyone has try this? Thank you


-Original Message-
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Marky Yehezkiel (SNC)
Sent: 31 Maret 2009 10:38
To: postfix-users@postfix.org
Subject: RE: Logging Postfix Activity


Hi Sahil,
Thank you for your help.

-Original Message-
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Sahil Tandon
Sent: 31 Maret 2009 10:26
To: postfix-users@postfix.org
Subject: Re: Logging Postfix Activity

On Tue, 31 Mar 2009, Marky Yehezkiel (SNC) wrote:

> Is there any way to logging/record the activity pop3,IMAP when they
deleted
> email via IMAP and POP3 ( outlook deleted email when outlook download it
> from server)

Yes.

> I have problem when my customer he lost his email on my server he said he
> didn't deleted his email, he set his outlook 'leave copy on server'
without
> set when it will be removed from server, but old his email were gone.
> 
> Anyone can help? Thank you

You are using Courier-IMAP; ask on the appropriate mailing list:
https://lists.sourceforge.net/lists/listinfo/courier-imap

-- 
Sahil Tandon 

Re: postfix under windows domain controller

[Veiko Kukk]

Meshbah Uddin Ahmed wrote:

Hi,

I want to add my postfix mail server under active directory (domain 
controller), so that i dont create any user in my linux box, i will 
create in my DC, but mailbox will create in linux postfix.


please help, how i will do it.


winbind

--
Veiko

Re: selective milter possible?

[Danilo Paffi Monteiro]

you can use one or more simple rule with postfix+iptables(if you use linux).

example.

postfix on port 25 uses milter
postfix on port 26 doesn't use

iptables -t nat -A PREROUTING -p tcp -i ethXX --source HOST_SOURCE -j
REDIRECT --to-port 26

this way you can choose milter or not, content_filter or not... there
are a lot of possibilities.

Danilo Paffi Monteiro
UOL S/A

2009/3/30 Rudy Gevaert :
> Hello,
>
> I was looking for a way to do selective milter.  Meaning if a specific host
> connects I send it trough the milter.
>
> I couldn't find it however.  Is it possible?
>
> Thanks in advance,
>
> --
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Rudy Gevaert          rudy.geva...@ugent.be          tel:+32 9 264 4734
> Directie ICT, afd. Infrastructuur  Direction ICT, Infrastructure dept.
> Groep Systemen                     Systems group
> Universiteit Gent                  Ghent University
> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>
>



-- 
Danilo Paffi Monteiro
UOL S/A

postfix under windows domain controller

[Meshbah Uddin Ahmed]

Hi,

I want to add my postfix mail server under active directory (domain
controller), so that i dont create any user in my linux box, i will create
in my DC, but mailbox will create in linux postfix.

please help, how i will do it.

Regards-
Meshbah

Re: selective milter possible?

[Kouhei Sutou]

Oops, I drew a strange picture...

2009/3/31 Kouhei Sutou :
> 2009/3/30 Rudy Gevaert :
>
>> I was looking for a way to do selective milter.  Meaning if a specific host
>> connects I send it trough the milter.
>>
>> I couldn't find it however.  Is it possible?
>
> You can do it with milter manager(*).
> (*) http://milter-manager.sourceforge.net/
>
> milter manager is worked at between Postfix and milters:
>
> MTA <- milter protocol <-> milter manager <-> milter1..n

MTA <- milter protocol -> milter manager <- milter protocol -> milter1..n

> milter manager applies a milter only when a specific condition.
> (e.g. your case: specific host is connected.)
> Both of MTA and a milter aren't needed to be changed.
>
> If you are interested in milter manager, I'll describe more details about it.


--
kou

Re: selective milter possible?

[Kouhei Sutou]

Hi,

2009/3/30 Rudy Gevaert :

> I was looking for a way to do selective milter.  Meaning if a specific host
> connects I send it trough the milter.
>
> I couldn't find it however.  Is it possible?

You can do it with milter manager(*).
(*) http://milter-manager.sourceforge.net/

milter manager is worked at between Postfix and milters:

MTA <- milter protocol <-> milter manager <-> milter1..n

milter manager applies a milter only when a specific condition.
(e.g. your case: specific host is connected.)
Both of MTA and a milter aren't needed to be changed.

If you are interested in milter manager, I'll describe more details about it.


Thanks,
--
kou

Re: selective milter possible?

[ram]

On Mon, 2009-03-30 at 11:51 +0200, Rudy Gevaert wrote:
> Hello,
> 
> I was looking for a way to do selective milter.  Meaning if a specific  
> host connects I send it trough the milter.
> 

I would suggest you try implement the logic in the milter itself

That would be very trivial to do , even if it is not your own milter

for eg look at the connect funtion 
https://www.milter.org/developers/api/xxfi_connect 







> I couldn't find it however.  Is it possible?
> 
> Thanks in advance,
>