Postfix and mailman problems

[Guillaume HILT]

   Hi,

I'm using mailman 2.1.11 on gentoo AMD64.
It's running with postfix, dspam and virtual domains/users (managed by 
postfixadmin).


My problem is that all emails sent to a mailing list fall in the catchall.
I'm using a specifig subdomain for the lists, ml.domain.com and I 
configured it with postfix admin to use mailman transport instead of 
virtual.
It seems that postfix strips the ml. in the subdomain, acts like it was 
sent to domain.com, and then deliver the mail (using virtual transport) 
to the catchall since no mail account exists by the list name.


May  5 09:48:28 srv1 postfix/qmgr[30291]: EA9AC7746063: 
from=gh...@domain.com, size=802, nrcpt=1 (queue active)
May  5 09:48:28 srv1 postfix/cleanup[28540]: 4F22A77460A4: 
message-id=49ffef39.9080...@domain.com
May  5 09:48:28 srv1 postfix/qmgr[30291]: 4F22A77460A4: 
from=gh...@domain.com, size=1240, nrcpt=1 (queue active)
May  5 09:48:28 srv1 postfix/lmtp[28542]: EA9AC7746063: 
to=catch...@domain.com, orig_to=inte...@ml.domain.com, 
relay=mail.domain.com[/var/run/dspam/dspam.sock], delay=0.94, 
delays=0.35/0/0/0.59, dsn=2.6.0, status=sent (250 2.6.0 
catch...@domain.com Message accepted for delivery)

May  5 09:48:28 srv1 postfix/qmgr[30291]: EA9AC7746063: removed
deliver(catch...@domain.com): May 05 09:48:29 Info: 
msgid=49ffef39.9080...@domain.com: saved mail to INBOX

May  5 09:48:29 srv1 postfix/qmgr[30291]: 4F22A77460A4: removed
May  5 09:48:29 srv1 postfix/pipe[28546]: 4F22A77460A4: 
to=catch...@domain.com, relay=virtual, delay=0.78, 
delays=0.54/0/0/0.25, dsn=2.0.0, status=sent (delivered via virtual service)


Here's the relevant part of my configuration.
main.cf :
alias_database = dbm:/etc/mail/aliases
alias_maps = hash:/var/lib/mailman/data/aliases, hash:/etc/mail/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib64/postfix
data_directory = /var/lib/postfix
debug_peer_level = 10
home_mailbox = .maildir/
html_directory = /usr/share/doc/postfix-2.5.5/html
inet_interfaces = all
local_recipient_maps =
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_domains = ml.domain.com
masquerade_exceptions = root
message_size_limit = 15728640
mydestination = $myhostname, localhost, locahost.localdomain
mydomain = domain.com
myhostname = mail.domain.com
mynetworks = 127.0.0.0/8, hash:/etc/postfix/pop-before-smtp
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
owner_request_special = no
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.5/readme
recipient_delimiter = +
relayhost =
remote_header_rewrite_domain = domain.invalid
sample_directory = /etc/postfix
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_data_restrictions = permit_mynetworks 
permit_sasl_authenticated   reject_unauth_destination   
reject_unauth_pipeliningreject_multi_recipient_bouncepermit

smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks
permit_tls_all_clientcerts  permit_sasl_authenticated   
reject_non_fqdn_hostnamereject_non_fqdn_sender   
reject_non_fqdn_recipient   reject_unauth_destination   
reject_unauth_pipeliningreject_invalid_hostname 
reject_rhsbl_sender dsn.rfc-ignorant.org check_recipient_access 
hash:/etc/postfix/postgrey_whitelist_recipients  check_sender_access 
hash:/etc/postfix/postgrey_whitelist_clients check_client_access 
regexp:/etc/postfix/prepend_client  reject_rbl_client 
zen.spamhaus.org  reject_rbl_client bl.spamcop.net
reject_rbl_client cbl.abuseat.orgreject_rbl_client 
dnsbl.njabl.org   reject_rbl_client dnsbl.sorbs.net   permit

smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
strict_mailbox_ownership = no
transport_maps = mysql:/etc/postfix/mysql_virtual_transports.cf
unknown_local_recipient_reject_code = 450
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, 
mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_destination_recipient_limit = 1
virtual_gid_maps = static:12
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit_maps = 
mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = no
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_maildir_limit_message = L'utilisateur que vous tentez de 
contacter a atteint son quota.

virtual_minimum_uid = 1001
virtual_overquota_bounce = yes
virtual_transport = dovecot
virtual_trash_count = no
virtual_uid_maps = static:1001

master.cf :
smtp  inet  n   -   n   -   -   

question on permit_sasl_authenticated and check_sender_access

[Gaël Lams]

Hi all,

One of the restrictions I perform is the following one: I requires
that mail from outside do not use our domain in their envelope sender.
I performs this check by  inserting in main.cf a check_sender_access
hash:/etc/postfix/not_our_domains_as_sender line with the map
containing our domains.

What seems to happen is that some providers transparently send emails
through their own smtp server instead of allowing our users to use the
configured smtp server. The check_sender_access check is after
permit_sasl_authenticated with the idea  that the request would be
permittted when the client is successfully authenticated, thinking
that it would do the trick (afterall, the user submits a username and
a password which are corrects) but still the email is blocked by the
check_sender_access control.

From the postfix log:
May  5 00:42:09 whale postfix/smtpd[2600]: NOQUEUE: reject: RCPT from
ev-217-129-81-154.netvisao.pt[217.129.81.154]: 554 j.p
ino...@itcilo.org: Sender address rejected: Do not use our domain in
your envelope sender; from=j.pino...@itcilo.org to=n
.cas...@itcilo.org proto=ESMTP helo=JosPinotesPC

Here are the relevant lines from  the postfix configuration:

whale:/etc/postfix # postconf -n | grep smtpd
smtpd_client_restrictions =
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unknown_sender_domain,   reject_unknown_recipient_domain,
check_client_access
hash:/etc/postfix/internal_server_ips   permit_mynetworks,  
permit_sasl_authenticated,
   reject_unauth_destination,   check_client_access
hash:/etc/postfix/helo_whitelistcheck_sender_access
hash:/etc/postfix/not_our_domains_as_sender
reject_non_fqdn_hostname,
reject_invalid_hostname,reject_unlisted_recipient,
check_helo_access hash:/etc/postfix/helo_access,check_policy_service
inet:127.0.0.1:2501 permit
smtpd_restriction_classes = must_be_valid_sender
smtpd_sasl_auth_enable = yes

It's not clear what I should/could do to solve this problem. Any
advice would be appreciated.

Regards,

Gaël

Re: Implication of policy_time_limit

[Wietse Venema]

Brian Mathis:
 What is the effect of the policy_time_limit parameter on an smtpd
 policy process?  In the readme I see the mentions that the default 100

According to the spawn(8) manpage:

RESOURCE AND RATE CONTROL
   transport_time_limit ($command_time_limit)
  The  amount  of  time the command is allowed to run before it is
  terminated.

  Postfix 2.4 and later support a suffix that specifies  the  time
  unit:  s (seconds), m (minutes), h (hours), d (days), w (weeks).
  The default time unit is seconds.

 My guess is that after 100s, the subprocess will be killed if it's in
 use or not,

Indeed. If it is used for a policy daemon, don't set the time limit
shorter than the expected life time of an smtpd process. Use the
suggested default in the README file.

Wietse

Re: question on permit_sasl_authenticated and check_sender_access

[Scott Haneda]

On May 5, 2009, at 12:57 AM, Gaël Lams wrote:


What seems to happen is that some providers transparently send emails
through their own smtp server instead of allowing our users to use the
configured smtp server. The check_sender_access check is after
permit_sasl_authenticated with the idea  that the request would be
permittted when the client is successfully authenticated, thinking
that it would do the trick (afterall, the user submits a username and
a password which are corrects) but still the email is blocked by the
check_sender_access control.



I believe you need to move your users to the alternate submission  
port.  The normal widely used port for this is 587.  Some people will  
lock down port 587 to only allow authenticated and encrypted  
connections.  Others will allow non crypto, but mandate authentication.


You can not trust any connection your road warriors or even desktop  
users are on.  Most ISP's I have had to deal with block port 25, many  
hotels and hotspots will blindly intercept port 25, and route it  
through their machines.


You have no idea what they do with that traffic; they could relay it  
on, or they could be storing and relaying, or flat out intercepting  
for nefarious means.


Switch your users to port 587, assuming you have set up the submission  
port in master.cf and you should be good to go.  I suggest also  
enabling TLS as well.

--
Scott * If you contact me off list replace talklists@ with scott@ *

Redirect messages for just one recipient

[Rocco Scappatura]

Hello,

I have a Postfix-based system which consist of a front end side (mail
gateway) and a post office side.

I receive messages for different domain. Every message destined for a
domain, say domain.tld, is forwarded to the post office and there the
recipient will eventually be translated and delivered into the
appropriate mailbox.

I need to deliver messages for a particular recipient belonging to the
domain, say re...@domain.tld, which is an alias of a domain not
managed on my post office, say re...@extdomain.tld. This is not a
problem on my architecture obviously. But I would like to deliver
message for re...@extdomain.tld without pass through my post office.

Basically, I need to translate re...@domain.tld in
re...@extdomain.tld and deliver re...@extdomain.tld from my mail
gateway directly to the mail server responsible for extdomain.tld.

Is it possible? I've tried to accomplish this inserting on /etc/aliases
file of mail gateway the entry:

re...@domain.tld:   re...@extdomain.tld

But I get:

# newaliases
postalias: warning: /etc/aliases, line 85: name must be local

Anyone has any idea?

Thanks, rocsca

Re: Redirect messages for just one recipient

[Reinaldo de Carvalho]

On Tue, May 5, 2009 at 10:25 AM, Rocco Scappatura
rocco.scappat...@infracom.it wrote:
 Basically, I need to translate re...@domain.tld in
 re...@extdomain.tld and deliver re...@extdomain.tld from my mail
 gateway directly to the mail server responsible for extdomain.tld.

 Is it possible? I've tried to accomplish this inserting on /etc/aliases
 file of mail gateway the entry:

 re...@domain.tld:       re...@extdomain.tld

 But I get:

 # newaliases
 postalias: warning: /etc/aliases, line 85: name must be local

 Anyone has any idea?

See virtual_alias_maps


-- 
Reinaldo de Carvalho
http://korreio.sf.net
http://python-cyrus.sf.net

Re:

[Reinaldo de Carvalho]

On Tue, May 5, 2009 at 12:32 AM, Jonathan McMahon jongmcma...@yahoo.com wrote:

 I'm trying to set up an extremely basic mailserver on Leopard 10.5 in order 
 to check the behavior of some PHP scripts. Nothing fancy needed - I just want 
 to send and receive mail to/from myself without having to go out to my ISP.


 QUESTION #1
 I've been able to get Postfix started and can telnet into 127.0.0.1 to get a 
 test email sent. The issue is that it bounces as an unknown user...is there a 
 basic checklist I can run through to make sure the user does in fact exist? I 
 can only find buts and pieces on the web.

 Here is the error message I'm getting:

 to=j...@john-does-imac.localhost, orig_to=j...@john-does-imac, 
 relay=local, delay=0.07, delays=0.06/0/0/0, dsn=5.1.1, status=bounced 
 (unknown user: john)

 I modified  /etc/postfix/aliases:

 root:    john


Add user 'john' on your system. You are using postfix-local mda.

 then ran newaliases, but that doesn't seem to help.

 QUESTION #2
 I know that I need an FQDN in order for Postfix to function properly, but I'm 
 having trouble understanding what goes where in the u...@host.domain.tld 
 scheme.

 My System Preferences list the following:

 Computer Name: John Doe's iMac

 Computers on your local network can access your computer at:
 john-does-imac.local

 Assuming I want to send a message to johndoe, what does the FQDN look like? 
 How about the following parameters?

 myhostname =
 mydomain =
 myorigin =

 The confusing part is what to use for the domain and tld since I don't own an 
 actual domain like yahoo.com. My best guess is:

 j...@john-does-imac.localdomain.local

myhostname = john-does-imac.localdomain.local
mydomain = localdomain.local
myorigin = $mydomain
mydestination = $myhostname, $mydomain, localhost

Now j...@john-does-imac.localdomain.local, j...@localdomain.local and
j...@localhost are valids.




-- 
Reinaldo de Carvalho
http://korreio.sf.net
http://python-cyrus.sf.net

Re: Redirect messages for just one recipient

[Barney Desmond]

2009/5/5 Rocco Scappatura rocco.scappat...@infracom.it:
 Basically, I need to translate re...@domain.tld in
 re...@extdomain.tld and deliver re...@extdomain.tld from my mail
 gateway directly to the mail server responsible for extdomain.tld.

 Is it possible? I've tried to accomplish this inserting on /etc/aliases
 file of mail gateway the entry:

 re...@domain.tld:       re...@extdomain.tld

 But I get:

 # newaliases
 postalias: warning: /etc/aliases, line 85: name must be local

/etc/aliases is only used for local delivery, which means the
left-hand-side must be a local system account name. As mentioned, you
probably want virtual_alias_maps, which I wouldn't be surprised if
you're already using them. If domain.tld isn't already in
virtual_alias_domains then you need to add it, as well as the mapping
to extdomain.tld

You mentioned you don't want it to go through your post office. If
your mail routing is setup sanely, no mail would ever be relayed
through your post office. If this does happen, you can add a transport
map entry to have it delivered directly (either by IP if it's static,
or by MX lookup if you don't control it).

Eg.

virtual_alias_maps file: (virtual_alias_domains uses the same by default)

domain.tldOK
re...@domain.tldre...@extdomain.tld

transport_maps file:

re...@extdomain.tld   smtp:mail.extdomain.tld
# or, to do an A-lookup instead of an MX lookup
re...@extdomain.tld   smtp:[mx01.extdomain.tld]

Postfix Setup

[Jeff Bernier]

Hello,
 
I am a newbie...
 
I wish to use my Postfix system (v2.1.5) to accept mail for, and relay mail to 
another MTA. How do I go about doing this?
 
Thank you for any help offered.
 
Jeff 
 
 
It does not require many words to speak the truth. - Chief Joseph, Great Nez 
Perce Indian Chief

Re: Postfix Setup

[Victor Duchovni]

On Tue, May 05, 2009 at 10:51:58AM -0400, Jeff Bernier wrote:

 Hello,
  
 I am a newbie...
  
 I wish to use my Postfix system (v2.1.5) to accept mail for, and relay
 mail to another MTA. How do I go about doing this?

http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: Postfix Setup

[Jeff Bernier]

I don't want to sound ungrateful for pointing me at the docs, but I was hoping 
for a little clarification on the process. I had looked at the docs, but was 
still unclear on how to go about it.
 
Jeff

victor.ducho...@morganstanley.com 5/5/2009 11:00 AM 
On Tue, May 05, 2009 at 10:51:58AM -0400, Jeff Bernier wrote:

 Hello,
  
 I am a newbie...
  
 I wish to use my Postfix system (v2.1.5) to accept mail for, and relay
 mail to another MTA. How do I go about doing this?

http://www.postfix.org/BASIC_CONFIGURATION_README.html 
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall 

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: Postfix Setup

[Victor Duchovni]

On Tue, May 05, 2009 at 11:32:36AM -0400, Jeff Bernier wrote:

 I don't want to sound ungrateful for pointing me at the docs, but I
 was hoping for a little clarification on the process. I had looked at
 the docs, but was still unclear on how to go about it.

Specific questions are much easier to answer than How do I go about
doing this?.

Carefully identify and write down the requirements for the new system.
What must it do (in detail). What must it not do (in detail). This means
identifying use cases, concrete events that occur and how the system
should respond.

Once you understand the requirements, you need to configure the system
to behave the way you want it to behave.  Divide the problem into parts,
identify which parts you understand and which you are unclear about. Ask
specific questions about the parts that are not clear to you and provide
a detailed description of the relevant use case.

 victor.ducho...@morganstanley.com 5/5/2009 11:00 AM 
 On Tue, May 05, 2009 at 10:51:58AM -0400, Jeff Bernier wrote:
 
  Hello,
   
  I am a newbie...
   
  I wish to use my Postfix system (v2.1.5) to accept mail for, and relay
  mail to another MTA. How do I go about doing this?
 
 http://www.postfix.org/BASIC_CONFIGURATION_README.html 
 http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall 

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: Postfix Setup

[Jeff Bernier]

I had asked a fairly clear question... it was: Ho do I set Postfix to accept 
email for, and relay email to another MTA? This is the one thing I need to 
accomplish.
 
There's really no need to berate me and otherwise treat me like a buffoon 
Victor.
Is there someone willing to help? Please?
 

 Victor Duchovni victor.ducho...@morganstanley.com 5/5/2009 11:47 AM 
On Tue, May 05, 2009 at 11:32:36AM -0400, Jeff Bernier wrote:

 I don't want to sound ungrateful for pointing me at the docs, but I
 was hoping for a little clarification on the process. I had looked at
 the docs, but was still unclear on how to go about it.

Specific questions are much easier to answer than How do I go about
doing this?.

Carefully identify and write down the requirements for the new system.
What must it do (in detail). What must it not do (in detail). This means
identifying use cases, concrete events that occur and how the system
should respond.

Once you understand the requirements, you need to configure the system
to behave the way you want it to behave.  Divide the problem into parts,
identify which parts you understand and which you are unclear about. Ask
specific questions about the parts that are not clear to you and provide
a detailed description of the relevant use case.

 victor.ducho...@morganstanley.com 5/5/2009 11:00 AM 
 On Tue, May 05, 2009 at 10:51:58AM -0400, Jeff Bernier wrote:
 
  Hello,
   
  I am a newbie...
   
  I wish to use my Postfix system (v2.1.5) to accept mail for, and relay
  mail to another MTA. How do I go about doing this?
 
 http://www.postfix.org/BASIC_CONFIGURATION_README.html 
 http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall 

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: Postfix Setup

[Ralf Hildebrandt]

* Jeff Bernier jbern...@risd.edu:

 I had asked a fairly clear question... it was: Ho do I set Postfix to
 accept email for, and relay email to another MTA? This is the one thing
 I need to accomplish.

It's not really easy to answer that question:

accept email for another MTA: why does the mail arrive on the Postfix
box? What should the Postfix DO with the mail? For all recipients? Or
just for existing recipients? Where do you get a list of valid recipients
from?

relay email to another MTA: what email? All email? Just email TO a
certain destination domain? For all recipients? Or just for existing
recipients? Where do you get a list of valid recipients from?

You PROBABLY need to set:

relay_domains = domain.to.relay.to
relay_recipient_maps = hash:/etc/postfix/relay_recipients
# that makes postfix accept mail TO valid_recipi...@domain.to.relay.to

transport_maps = hash:/etc/postfix/transport
# containing:
# domain.to.relay.to[mta.to.relay.to]

-- 
Ralf Hildebrandt
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.computerbeschimpfung.de
One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.

Re: Postfix Setup

[Brian Evans - Postfix List]

Jeff Bernier wrote:
 I had asked a fairly clear question... it was: Ho do I set Postfix to
 accept email for, and relay email to another MTA? This is the one
 thing I need to accomplish.
  
 There's really no need to berate me and otherwise treat me like a
 buffoon Victor.
 Is there someone willing to help? Please?
Victor gave the answer we all would give.
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall
defines your situation, how to become a gateway MX to an internal network.

If there is something you do not understand from that document, please
ask questions.

Note: Postfix 2.1.x is very old.  Lots of things have changed since then.

Brian
  

  Victor Duchovni victor.ducho...@morganstanley.com 5/5/2009 11:47
 AM 
 On Tue, May 05, 2009 at 11:32:36AM -0400, Jeff Bernier wrote:

  I don't want to sound ungrateful for pointing me at the docs, but I
  was hoping for a little clarification on the process. I had looked at
  the docs, but was still unclear on how to go about it.

 Specific questions are much easier to answer than How do I go about
 doing this?.

 Carefully identify and write down the requirements for the new system.
 What must it do (in detail). What must it not do (in detail). This means
 identifying use cases, concrete events that occur and how the system
 should respond.

 Once you understand the requirements, you need to configure the system
 to behave the way you want it to behave.  Divide the problem into parts,
 identify which parts you understand and which you are unclear about. Ask
 specific questions about the parts that are not clear to you and provide
 a detailed description of the relevant use case.

  victor.ducho...@morganstanley.com 5/5/2009 11:00 AM 
  On Tue, May 05, 2009 at 10:51:58AM -0400, Jeff Bernier wrote:
 
   Hello,
   
   I am a newbie...
   
   I wish to use my Postfix system (v2.1.5) to accept mail for, and relay
   mail to another MTA. How do I go about doing this?
 
  http://www.postfix.org/BASIC_CONFIGURATION_README.html
  http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall

 -- 
 Viktor.

 Disclaimer: off-list followups get on-list replies or get ignored.
 Please do not ignore the Reply-To header.

 To unsubscribe from the postfix-users list, visit
 http://www.postfix.org/lists.html or click the link below:
 mailto:majord...@postfix.org?body=unsubscribe postfix-users

 If my response solves your problem, the best way to thank me is to not
 send an it worked, thanks follow-up. If you must respond, please put
 It worked, thanks in the Subject so I can delete these quickly.

Re: Redirect messages for just one recipient

[Noel Jones]

Barney Desmond wrote:

If domain.tld isn't already in
virtual_alias_domains then you need to add it, as well as the mapping
to extdomain.tld


No, domain.tld must not be added to virtual_alias_domains if 
postfix already accepts mail for that domain.  A domain must 
not be listed in more than one address class.


All email is processed by virtual_alias_maps.  The domain need 
not be a virtual_alias_domain.



You mentioned you don't want it to go through your post office. If
your mail routing is setup sanely, no mail would ever be relayed
through your post office. If this does happen, you can add a transport
map entry to have it delivered directly (either by IP if it's static,
or by MX lookup if you don't control it).

Eg.

virtual_alias_maps file: (virtual_alias_domains uses the same by default)

domain.tldOK


Do NOT add the above line.


re...@domain.tldre...@extdomain.tld


Yes, this is a correct entry for virtual_alias_maps.

Re: Postfix Setup

[Brett Dikeman]

On Tue, May 5, 2009 at 12:04 PM, Jeff Bernier jbern...@risd.edu wrote:

 I had asked a fairly clear question... it was: Ho do I set Postfix to accept
 email for, and relay email to another MTA? This is the one thing I need to
 accomplish.

http://www.lmgtfy.com/?q=postfix+firewall

 There's really no need to berate me and otherwise treat me like a
 buffoon Victor. Is there someone willing to help? Please?

You're being berated because there is specific documentation for this
simple, common task.

Brett

Re: Postfix Setup

[Victor Duchovni]

On Tue, May 05, 2009 at 03:18:18PM -0400, Brett Dikeman wrote:

  I had asked a fairly clear question... it was: Ho do I?set Postfix to accept
  email for, and relay email to another MTA? This is the one thing I need to
  accomplish.
 
 http://www.lmgtfy.com/?q=postfix+firewall
 
  There's really no need to berate me and otherwise treat me like a
  buffoon Victor. Is there someone willing to help? Please?
 
 You're being berated because there is specific documentation for this
 simple, common task.

I don't know who was berating the user, I just provided the best answers
I could give and explained why it was difficult to give more specific
answers to the original question as posed. If the OP felt berated, he
can rest assured that was not the intent. There is no need to actually
berate the OP, it suffices to adjust his expectations of how this list can
be best put to good use.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: Transport Maps Ignored After Upgrade

[Eric Cunningham]

Thanks Victor.  Ok, so I:

- removed .$mydomain from $mydestination
- have set relay_domains = $mydestination, $mynetworks
- have set parent_domain_matches_subdomains to it's default
- have added permit_mx_backup to smtpd_recipient_restrictions
- set permit_mx_backup_networks = $mynetworks

but I'm still unable to have email accepted for MX'ed hosts or those 
hosts listed in my transport file due to Relay access denied.  Which, 
of these, or any other parameters, should I focus on to correct the 
denial?  I've attached a fresh postconf -n for a more detailed  updated 
picture.


Regards,
-Eric

Victor Duchovni wrote:

On Fri, May 01, 2009 at 01:54:03PM -0400, Eric Cunningham wrote:

I think I've found a/the fix for re-enabling the original behavior of my 
transport maps and MX relaying.  I added .$mydomain to mydestination in 
main.cf.  This is in addition to $mydomain which was already in 
mydestination.


$mydomain vs. .$mydomain is subtle but apparently important.


Postfix will never search for .example.com domains in the
$mydestination list, so this change has no effect. Perhaps in making
this change you also triggered other changes that solved the problem.

Now, in fact, if you don't set relay_domains explicitly, as a matter
of regrettable backwards compatibility requirements, the value of
$relay_domains defaults to to $mydestination and in the context of
$relay_domains, .example.com keys do come into play given an
appropriate setting of parent_domain_matches_subdomains.

The right solution is to set relay_domains explicitly and correctly,
rather than rely on side-effects from $mydestination.

Secondly, it appears that you have changed the default value of
parent_domain_matches_subdomains. You should review this parameter
and make sure you understand its impact.

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, ldap:ldap
anvil_rate_time_unit = 60s
append_dot_mydomain = yes
body_checks = pcre:/etc/postfix/access/body_access
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] 
blocked using $rbl_domain${rbl_reason?; $rbl_reason}.  Contact 
postmas...@whoi.edu if this is in error.
header_checks = pcre:/etc/postfix/access/header_access
html_directory = /usr/share/doc/postfix/html
mailbox_size_limit = 0
message_size_limit = 104857600
mydestination = $myhostname, $mydomain, postal1.$mydomain, outbox.$mydomain,
mail.$mydomain, localhost.$mydomain, localhost.localdomain, localhost,  
beachcomberscompanion.net,  whoi.net,   oceansites.org, interridge.org
myhostname = postal1.whoi.edu
mynetworks = 128.128.0.0/16, 127.0.0.0/8, 199.92.168.150, 172.16.8.0/24
myorigin = $mydomain
parent_domain_matches_subdomains = 
permit_mx_backup_networks = $mynetworks
rbl_reply_maps = hash:/etc/postfix/access/dnsbl_replies
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = $mydestination, $mynetworks
relayhost = 
relocated_maps = hash:/etc/postfix/relocated
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_connection_rate_limit = 60
smtpd_client_message_rate_limit = 250
smtpd_client_new_tls_session_rate_limit = 60
smtpd_client_recipient_rate_limit = 300
smtpd_client_restrictions = check_client_access 
hash:/etc/postfix/access/connect_client_access
smtpd_error_sleep_time = 5s
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
check_recipient_access pcre:/etc/postfix/access/final_recipient_access,
reject_unauth_pipelining,check_helo_access 
pcre:/etc/postfix/access/final_helo_access,check_client_access 
hash:/etc/postfix/access/final_client_access,check_sender_access 
pcre:/etc/postfix/access/final_sender_access,permit_mynetworks,  
permit_auth_destination,permit_mx_backup,
reject_unknown_sender_domain,reject_unauth_destination,
check_helo_access pcre:/etc/postfix/access/suspect_helo,
reject_rbl_client autospam.whoi.edu,reject_rhsbl_sender 
dsn.rfc-ignorant.org,   reject_rbl_client zen.spamhaus.org,
reject_rbl_client dnsbl.ahbl.org,reject_rbl_client 
http.dnsbl.sorbs.net,reject_rbl_client socks.dnsbl.sorbs.net,
reject_rbl_client misc.dnsbl.sorbs.net,reject_rbl_client 
web.dnsbl.sorbs.net,reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,reject_rbl_client bl.spamcop.net,   
 reject_rbl_client cbl.abuseat.org,reject_rbl_client 
combined.njabl.org,reject_rbl_client bhnc.njabl.org
smtpd_restriction_classes = require_reverse_dns
smtpd_sasl_local_domain = 
smtpd_sasl_security_options = noanonymous

Re: Postfix Setup

[Aaron Wolfe]

On Tue, May 5, 2009 at 3:32 PM, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
 On Tue, May 05, 2009 at 03:18:18PM -0400, Brett Dikeman wrote:

  I had asked a fairly clear question... it was: Ho do I?set Postfix to 
  accept
  email for, and relay email to another MTA? This is the one thing I need to
  accomplish.

 http://www.lmgtfy.com/?q=postfix+firewall

  There's really no need to berate me and otherwise treat me like a
  buffoon Victor. Is there someone willing to help? Please?

 You're being berated because there is specific documentation for this
 simple, common task.

 I don't know who was berating the user, I just provided the best answers
 I could give and explained why it was difficult to give more specific
 answers to the original question as posed. If the OP felt berated, he
 can rest assured that was not the intent. There is no need to actually
 berate the OP, it suffices to adjust his expectations of how this list can
 be best put to good use.


I fully believe that the experts on this list have good intentions and
I appreciate the time they spend helping us.  However, this scenario
has happened quite a few times..  A new user asks questions that are
vague or easily answered by the docs, etc and then (justified or not)
gets offended by the responses.  Is there any interest in creating a
postfix-noobs (or postfix-lusers :) list where all questions,
especially these types, are allowed and those who care to offer
assistance can do so?   A kinder, gentler list of sorts that the real
experts here can simply ignore?

Personally, I'm rarely qualified to help with most of the good
questions on this list and read it just to learn.  However I wouldn't
mind spending a little time here and there helping people like the OP
who are trying to do simple things that I am able to help with.  I'd
guess there are more admins like me out there that wouldn't mind being
helpful to very new users who maybe haven't discovered how excellent
the documentation is or maybe don't have the background to make good
use of the docs yet.

I'm sure there are reasons not to have such a thing, just though I'd
put it out there.
-Aaron

Re: Postfix Setup

[LuKreme]

On 5-May-2009, at 10:04, Jeff Bernier wrote:
There's really no need to berate me and otherwise treat me like a  
buffoon Victor.

Is there someone willing to help? Please?



Consider two things.  First, stop top-posting.  Trim your quoted  
material and reply after, preserving the conversational thread.   
Second, consider growing a much thicker skin before getting on the  
Internet.  If you think Viktor 'berated' you, you are going to be in  
for a whole world of hurt.


http://en.wikipedia.org/wiki/Top-posting#Top-posting

--
It's like looking for the farmer's daughter in a haystack, and
finding the needle.

Re: Redirect messages for just one recipient

[Barney Desmond]

2009/5/6 Noel Jones njo...@megan.vbhcs.org:
 If domain.tld isn't already in
 virtual_alias_domains then you need to add it, as well as the mapping
 to extdomain.tld

 No, domain.tld must not be added to virtual_alias_domains if postfix already
 accepts mail for that domain.  A domain must not be listed in more than one
 address class.

Yes, I probably should have qualified that for my own assumptions of
the setup. But of course, without postconf -n we don't really know ;)

Re: Postfix Setup

[Scott Haneda]

On May 5, 2009, at 12:58 PM, Aaron Wolfe wrote:


I fully believe that the experts on this list have good intentions and
I appreciate the time they spend helping us.  However, this scenario
has happened quite a few times..  A new user asks questions that are
vague or easily answered by the docs, etc and then (justified or not)
gets offended by the responses.  Is there any interest in creating a
postfix-noobs (or postfix-lusers :) list where all questions,
especially these types, are allowed and those who care to offer
assistance can do so?   A kinder, gentler list of sorts that the real
experts here can simply ignore?



I would not go the road of list fragmentation for a beginners list.   
You end up with a list that beginners go to, but the only way for them  
to get answers is if experts are in that list.  With a list of that  
nature, questions of How do I set up postfix will be far too many.


I myself have only recently come to this list.  I am a beginner, and I  
came with some trepidation.  I learned I need not have, but there is a  
certain way to do things.  Every list is a little different; if you  
have not posted to a list before, you *must* lurk a while, and get a  
feel. At the very least, you *must* read some of the archives.  Put  
your question into search, see what comes up.


The help I got was on the order of what I would consider better than  
any paid for consulting support I have received, and I got it for no  
cost.  I am massively grateful for this, and if I have to do a little  
du-diligence to get that, I take no issue with that at all.


The issue the OP had, and I saw it the second I read the OP's first  
post, is that my assumption was that the question was not possible to  
answer.  In order for it to be answered, the list people would have to  
ask questions, just to get to a point where they could answer  
questions.  Mailing lists are for getting answers, list users are not  
apt to coax questions out of posters.


If a question comes up and a link to the docs is given, that is a  
gentle suggestion to dive in, start settings things up, and report  
back with your first stumbling block.  Then your reply will not be a  
link to the docs, but to a specific *section* within the docs.  Solve  
that issue, move on to the next, rinse and repeat until you are done.


I have been given links to sub sections of docs, I give it a shot, if  
it makes sense, I move on, if not, I re-read the section multiple  
times, hit up google, and do all I can to make sure I can not find  
alternate ways to answer the question on my own.  If I can, I try to  
come back and report success and where I got stuck, so perhaps, some  
other person reading the archives will be helped later on.


Email servers in general are a complicated thing, postfix is one part  
of the puzzle, you still need a pop/IMAP server, spam filtering,  
filter rules, greylisting setup, and the list goes on and on.  I can  
certainly see why.



I wish to use my Postfix system (v2.1.5) to accept mail for, and relay
mail to another MTA. How do I go about doing this?


Pointing the user to:

http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall

In reality, is about as good as it is going to get.  The guidelines  
state to post postconf -n output, that alone is helpful.  The OP's  
question lacked far too many details, any answer had a high chance of  
being a waste of the list members time.  We need to know current  
config, current workflow, why the OP wants to do this, perhaps a  
config change would render the need moot, etc etc.


I always look at mailing lists as if I am asking someone to help me  
move because they have a truck. To a degree, I am burdening them, and  
try my best to make it as simple on them as possible.  I apply that  
same line of thought to mailing lists.


New mailing list users need to read the guidelines/faq, lurk a while,  
and see how things work.

My two cents.
--
Scott * If you contact me off list replace talklists@ with scott@ *

Re: Postfix Setup

[Jonathan McMahon]

I'm 100% completely new to Postfix, somewhat new to *nix. 

My general feedback:

1. I find Postfix to be somewhat difficult, and the google search 
documentation for my specific setup is fragmented and incomplete at best. I did 
expect this given the number of possible system permutations. 

2. I'm convinced that the postfix.org information is complete and accurate, but 
it is nearly indecipherable for the truly new user.

3. I realized that the best solution was to sign up for this mailing list and 
politely ask for some help, while at the same time educating myself as much as 
possible via books/internet resources.

4. After I learn how to get my setup working, I plan on posting it to help 
others.

-

For all the Postfix pros out there, I think new users would find the following 
very helpful in getting started. If the sites already exist, can they be added 
to the main documentation, or posted, or added to your own personal Postfix 
sites?

1. A website dedicated to the most basic/safest configuration, integrated with 
*nix concepts. 

The links on postfix.org pointing to basic configuration are helpful to a 
point, but as a new user I find myself stuck at times.  Would it be possible to 
present these in a chronological order, e.g., create a new user, modify 
mail.cf, create aliases, send an email after running postconf -n to postfix.org 
 etc.?

Everything is there, but the order is aimed at the proficient user. A stripped 
down version would eliminate a lot of the redundant questions from new users 
like myself.

2. A high-depth/low-breadth Postfix website.
 In other words, show me the basics and explain the hell out of them - then let 
me explore the intricacies on my own.  Most of the concepts on Postfix.org are 
given equal weight, out-of-step with their actual importance. If a usable 
system is predicated on having an existing user, why not list that? 


Finally, I believe empathizing with new users without dumbing down the Postfix 
site is extremely important. PLEASE don't add a newbies distro, or segregate 
the list in any way. 

People with the wherewithal to learn Postfix aren't lazy or stupid. We 
understand that just because you add One Fish, Two Fish to the library at 
Alexandria doesn't mean you need to include it in the English 101 curriculum at 
Yale University. 

If you want to tell us to Go away, please, just tell us where to go and we'll 
come back later when we're ready.

-Jon