Postfix and mailman problems
Hi, I'm using mailman 2.1.11 on gentoo AMD64. It's running with postfix, dspam and virtual domains/users (managed by postfixadmin). My problem is that all emails sent to a mailing list fall in the catchall. I'm using a specifig subdomain for the lists, ml.domain.com and I configured it with postfix admin to use mailman transport instead of virtual. It seems that postfix strips the ml. in the subdomain, acts like it was sent to domain.com, and then deliver the mail (using virtual transport) to the catchall since no mail account exists by the list name. May 5 09:48:28 srv1 postfix/qmgr[30291]: EA9AC7746063: from=gh...@domain.com, size=802, nrcpt=1 (queue active) May 5 09:48:28 srv1 postfix/cleanup[28540]: 4F22A77460A4: message-id=49ffef39.9080...@domain.com May 5 09:48:28 srv1 postfix/qmgr[30291]: 4F22A77460A4: from=gh...@domain.com, size=1240, nrcpt=1 (queue active) May 5 09:48:28 srv1 postfix/lmtp[28542]: EA9AC7746063: to=catch...@domain.com, orig_to=inte...@ml.domain.com, relay=mail.domain.com[/var/run/dspam/dspam.sock], delay=0.94, delays=0.35/0/0/0.59, dsn=2.6.0, status=sent (250 2.6.0 catch...@domain.com Message accepted for delivery) May 5 09:48:28 srv1 postfix/qmgr[30291]: EA9AC7746063: removed deliver(catch...@domain.com): May 05 09:48:29 Info: msgid=49ffef39.9080...@domain.com: saved mail to INBOX May 5 09:48:29 srv1 postfix/qmgr[30291]: 4F22A77460A4: removed May 5 09:48:29 srv1 postfix/pipe[28546]: 4F22A77460A4: to=catch...@domain.com, relay=virtual, delay=0.78, delays=0.54/0/0/0.25, dsn=2.0.0, status=sent (delivered via virtual service) Here's the relevant part of my configuration. main.cf : alias_database = dbm:/etc/mail/aliases alias_maps = hash:/var/lib/mailman/data/aliases, hash:/etc/mail/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib64/postfix data_directory = /var/lib/postfix debug_peer_level = 10 home_mailbox = .maildir/ html_directory = /usr/share/doc/postfix-2.5.5/html inet_interfaces = all local_recipient_maps = mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_domains = ml.domain.com masquerade_exceptions = root message_size_limit = 15728640 mydestination = $myhostname, localhost, locahost.localdomain mydomain = domain.com myhostname = mail.domain.com mynetworks = 127.0.0.0/8, hash:/etc/postfix/pop-before-smtp myorigin = $mydomain newaliases_path = /usr/bin/newaliases owner_request_special = no queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.5.5/readme recipient_delimiter = + relayhost = remote_header_rewrite_domain = domain.invalid sample_directory = /etc/postfix sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name smtpd_data_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unauth_pipeliningreject_multi_recipient_bouncepermit smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks permit_tls_all_clientcerts permit_sasl_authenticated reject_non_fqdn_hostnamereject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_destination reject_unauth_pipeliningreject_invalid_hostname reject_rhsbl_sender dsn.rfc-ignorant.org check_recipient_access hash:/etc/postfix/postgrey_whitelist_recipients check_sender_access hash:/etc/postfix/postgrey_whitelist_clients check_client_access regexp:/etc/postfix/prepend_client reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client cbl.abuseat.orgreject_rbl_client dnsbl.njabl.org reject_rbl_client dnsbl.sorbs.net permit smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot strict_mailbox_ownership = no transport_maps = mysql:/etc/postfix/mysql_virtual_transports.cf unknown_local_recipient_reject_code = 450 virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_destination_recipient_limit = 1 virtual_gid_maps = static:12 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = no virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_maildir_limit_message = L'utilisateur que vous tentez de contacter a atteint son quota. virtual_minimum_uid = 1001 virtual_overquota_bounce = yes virtual_transport = dovecot virtual_trash_count = no virtual_uid_maps = static:1001 master.cf : smtp inet n - n - -
question on permit_sasl_authenticated and check_sender_access
Hi all, One of the restrictions I perform is the following one: I requires that mail from outside do not use our domain in their envelope sender. I performs this check by inserting in main.cf a check_sender_access hash:/etc/postfix/not_our_domains_as_sender line with the map containing our domains. What seems to happen is that some providers transparently send emails through their own smtp server instead of allowing our users to use the configured smtp server. The check_sender_access check is after permit_sasl_authenticated with the idea that the request would be permittted when the client is successfully authenticated, thinking that it would do the trick (afterall, the user submits a username and a password which are corrects) but still the email is blocked by the check_sender_access control. From the postfix log: May 5 00:42:09 whale postfix/smtpd[2600]: NOQUEUE: reject: RCPT from ev-217-129-81-154.netvisao.pt[217.129.81.154]: 554 j.p ino...@itcilo.org: Sender address rejected: Do not use our domain in your envelope sender; from=j.pino...@itcilo.org to=n .cas...@itcilo.org proto=ESMTP helo=JosPinotesPC Here are the relevant lines from the postfix configuration: whale:/etc/postfix # postconf -n | grep smtpd smtpd_client_restrictions = smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, check_client_access hash:/etc/postfix/internal_server_ips permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_client_access hash:/etc/postfix/helo_whitelistcheck_sender_access hash:/etc/postfix/not_our_domains_as_sender reject_non_fqdn_hostname, reject_invalid_hostname,reject_unlisted_recipient, check_helo_access hash:/etc/postfix/helo_access,check_policy_service inet:127.0.0.1:2501 permit smtpd_restriction_classes = must_be_valid_sender smtpd_sasl_auth_enable = yes It's not clear what I should/could do to solve this problem. Any advice would be appreciated. Regards, Gaël
Re: Implication of policy_time_limit
Brian Mathis: What is the effect of the policy_time_limit parameter on an smtpd policy process? In the readme I see the mentions that the default 100 According to the spawn(8) manpage: RESOURCE AND RATE CONTROL transport_time_limit ($command_time_limit) The amount of time the command is allowed to run before it is terminated. Postfix 2.4 and later support a suffix that specifies the time unit: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is seconds. My guess is that after 100s, the subprocess will be killed if it's in use or not, Indeed. If it is used for a policy daemon, don't set the time limit shorter than the expected life time of an smtpd process. Use the suggested default in the README file. Wietse
Re: question on permit_sasl_authenticated and check_sender_access
On May 5, 2009, at 12:57 AM, Gaël Lams wrote: What seems to happen is that some providers transparently send emails through their own smtp server instead of allowing our users to use the configured smtp server. The check_sender_access check is after permit_sasl_authenticated with the idea that the request would be permittted when the client is successfully authenticated, thinking that it would do the trick (afterall, the user submits a username and a password which are corrects) but still the email is blocked by the check_sender_access control. I believe you need to move your users to the alternate submission port. The normal widely used port for this is 587. Some people will lock down port 587 to only allow authenticated and encrypted connections. Others will allow non crypto, but mandate authentication. You can not trust any connection your road warriors or even desktop users are on. Most ISP's I have had to deal with block port 25, many hotels and hotspots will blindly intercept port 25, and route it through their machines. You have no idea what they do with that traffic; they could relay it on, or they could be storing and relaying, or flat out intercepting for nefarious means. Switch your users to port 587, assuming you have set up the submission port in master.cf and you should be good to go. I suggest also enabling TLS as well. -- Scott * If you contact me off list replace talklists@ with scott@ *
Redirect messages for just one recipient
Hello, I have a Postfix-based system which consist of a front end side (mail gateway) and a post office side. I receive messages for different domain. Every message destined for a domain, say domain.tld, is forwarded to the post office and there the recipient will eventually be translated and delivered into the appropriate mailbox. I need to deliver messages for a particular recipient belonging to the domain, say re...@domain.tld, which is an alias of a domain not managed on my post office, say re...@extdomain.tld. This is not a problem on my architecture obviously. But I would like to deliver message for re...@extdomain.tld without pass through my post office. Basically, I need to translate re...@domain.tld in re...@extdomain.tld and deliver re...@extdomain.tld from my mail gateway directly to the mail server responsible for extdomain.tld. Is it possible? I've tried to accomplish this inserting on /etc/aliases file of mail gateway the entry: re...@domain.tld: re...@extdomain.tld But I get: # newaliases postalias: warning: /etc/aliases, line 85: name must be local Anyone has any idea? Thanks, rocsca
Re: Redirect messages for just one recipient
On Tue, May 5, 2009 at 10:25 AM, Rocco Scappatura rocco.scappat...@infracom.it wrote: Basically, I need to translate re...@domain.tld in re...@extdomain.tld and deliver re...@extdomain.tld from my mail gateway directly to the mail server responsible for extdomain.tld. Is it possible? I've tried to accomplish this inserting on /etc/aliases file of mail gateway the entry: re...@domain.tld: re...@extdomain.tld But I get: # newaliases postalias: warning: /etc/aliases, line 85: name must be local Anyone has any idea? See virtual_alias_maps -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net
Re:
On Tue, May 5, 2009 at 12:32 AM, Jonathan McMahon jongmcma...@yahoo.com wrote: I'm trying to set up an extremely basic mailserver on Leopard 10.5 in order to check the behavior of some PHP scripts. Nothing fancy needed - I just want to send and receive mail to/from myself without having to go out to my ISP. QUESTION #1 I've been able to get Postfix started and can telnet into 127.0.0.1 to get a test email sent. The issue is that it bounces as an unknown user...is there a basic checklist I can run through to make sure the user does in fact exist? I can only find buts and pieces on the web. Here is the error message I'm getting: to=j...@john-does-imac.localhost, orig_to=j...@john-does-imac, relay=local, delay=0.07, delays=0.06/0/0/0, dsn=5.1.1, status=bounced (unknown user: john) I modified /etc/postfix/aliases: root: john Add user 'john' on your system. You are using postfix-local mda. then ran newaliases, but that doesn't seem to help. QUESTION #2 I know that I need an FQDN in order for Postfix to function properly, but I'm having trouble understanding what goes where in the u...@host.domain.tld scheme. My System Preferences list the following: Computer Name: John Doe's iMac Computers on your local network can access your computer at: john-does-imac.local Assuming I want to send a message to johndoe, what does the FQDN look like? How about the following parameters? myhostname = mydomain = myorigin = The confusing part is what to use for the domain and tld since I don't own an actual domain like yahoo.com. My best guess is: j...@john-does-imac.localdomain.local myhostname = john-does-imac.localdomain.local mydomain = localdomain.local myorigin = $mydomain mydestination = $myhostname, $mydomain, localhost Now j...@john-does-imac.localdomain.local, j...@localdomain.local and j...@localhost are valids. -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net
Re: Redirect messages for just one recipient
2009/5/5 Rocco Scappatura rocco.scappat...@infracom.it: Basically, I need to translate re...@domain.tld in re...@extdomain.tld and deliver re...@extdomain.tld from my mail gateway directly to the mail server responsible for extdomain.tld. Is it possible? I've tried to accomplish this inserting on /etc/aliases file of mail gateway the entry: re...@domain.tld: re...@extdomain.tld But I get: # newaliases postalias: warning: /etc/aliases, line 85: name must be local /etc/aliases is only used for local delivery, which means the left-hand-side must be a local system account name. As mentioned, you probably want virtual_alias_maps, which I wouldn't be surprised if you're already using them. If domain.tld isn't already in virtual_alias_domains then you need to add it, as well as the mapping to extdomain.tld You mentioned you don't want it to go through your post office. If your mail routing is setup sanely, no mail would ever be relayed through your post office. If this does happen, you can add a transport map entry to have it delivered directly (either by IP if it's static, or by MX lookup if you don't control it). Eg. virtual_alias_maps file: (virtual_alias_domains uses the same by default) domain.tldOK re...@domain.tldre...@extdomain.tld transport_maps file: re...@extdomain.tld smtp:mail.extdomain.tld # or, to do an A-lookup instead of an MX lookup re...@extdomain.tld smtp:[mx01.extdomain.tld]
Postfix Setup
Hello, I am a newbie... I wish to use my Postfix system (v2.1.5) to accept mail for, and relay mail to another MTA. How do I go about doing this? Thank you for any help offered. Jeff It does not require many words to speak the truth. - Chief Joseph, Great Nez Perce Indian Chief
Re: Postfix Setup
On Tue, May 05, 2009 at 10:51:58AM -0400, Jeff Bernier wrote: Hello, I am a newbie... I wish to use my Postfix system (v2.1.5) to accept mail for, and relay mail to another MTA. How do I go about doing this? http://www.postfix.org/BASIC_CONFIGURATION_README.html http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Postfix Setup
I don't want to sound ungrateful for pointing me at the docs, but I was hoping for a little clarification on the process. I had looked at the docs, but was still unclear on how to go about it. Jeff victor.ducho...@morganstanley.com 5/5/2009 11:00 AM On Tue, May 05, 2009 at 10:51:58AM -0400, Jeff Bernier wrote: Hello, I am a newbie... I wish to use my Postfix system (v2.1.5) to accept mail for, and relay mail to another MTA. How do I go about doing this? http://www.postfix.org/BASIC_CONFIGURATION_README.html http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Postfix Setup
On Tue, May 05, 2009 at 11:32:36AM -0400, Jeff Bernier wrote: I don't want to sound ungrateful for pointing me at the docs, but I was hoping for a little clarification on the process. I had looked at the docs, but was still unclear on how to go about it. Specific questions are much easier to answer than How do I go about doing this?. Carefully identify and write down the requirements for the new system. What must it do (in detail). What must it not do (in detail). This means identifying use cases, concrete events that occur and how the system should respond. Once you understand the requirements, you need to configure the system to behave the way you want it to behave. Divide the problem into parts, identify which parts you understand and which you are unclear about. Ask specific questions about the parts that are not clear to you and provide a detailed description of the relevant use case. victor.ducho...@morganstanley.com 5/5/2009 11:00 AM On Tue, May 05, 2009 at 10:51:58AM -0400, Jeff Bernier wrote: Hello, I am a newbie... I wish to use my Postfix system (v2.1.5) to accept mail for, and relay mail to another MTA. How do I go about doing this? http://www.postfix.org/BASIC_CONFIGURATION_README.html http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Postfix Setup
I had asked a fairly clear question... it was: Ho do I set Postfix to accept email for, and relay email to another MTA? This is the one thing I need to accomplish. There's really no need to berate me and otherwise treat me like a buffoon Victor. Is there someone willing to help? Please? Victor Duchovni victor.ducho...@morganstanley.com 5/5/2009 11:47 AM On Tue, May 05, 2009 at 11:32:36AM -0400, Jeff Bernier wrote: I don't want to sound ungrateful for pointing me at the docs, but I was hoping for a little clarification on the process. I had looked at the docs, but was still unclear on how to go about it. Specific questions are much easier to answer than How do I go about doing this?. Carefully identify and write down the requirements for the new system. What must it do (in detail). What must it not do (in detail). This means identifying use cases, concrete events that occur and how the system should respond. Once you understand the requirements, you need to configure the system to behave the way you want it to behave. Divide the problem into parts, identify which parts you understand and which you are unclear about. Ask specific questions about the parts that are not clear to you and provide a detailed description of the relevant use case. victor.ducho...@morganstanley.com 5/5/2009 11:00 AM On Tue, May 05, 2009 at 10:51:58AM -0400, Jeff Bernier wrote: Hello, I am a newbie... I wish to use my Postfix system (v2.1.5) to accept mail for, and relay mail to another MTA. How do I go about doing this? http://www.postfix.org/BASIC_CONFIGURATION_README.html http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Postfix Setup
* Jeff Bernier jbern...@risd.edu: I had asked a fairly clear question... it was: Ho do I set Postfix to accept email for, and relay email to another MTA? This is the one thing I need to accomplish. It's not really easy to answer that question: accept email for another MTA: why does the mail arrive on the Postfix box? What should the Postfix DO with the mail? For all recipients? Or just for existing recipients? Where do you get a list of valid recipients from? relay email to another MTA: what email? All email? Just email TO a certain destination domain? For all recipients? Or just for existing recipients? Where do you get a list of valid recipients from? You PROBABLY need to set: relay_domains = domain.to.relay.to relay_recipient_maps = hash:/etc/postfix/relay_recipients # that makes postfix accept mail TO valid_recipi...@domain.to.relay.to transport_maps = hash:/etc/postfix/transport # containing: # domain.to.relay.to[mta.to.relay.to] -- Ralf Hildebrandt Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.computerbeschimpfung.de One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them.
Re: Postfix Setup
Jeff Bernier wrote: I had asked a fairly clear question... it was: Ho do I set Postfix to accept email for, and relay email to another MTA? This is the one thing I need to accomplish. There's really no need to berate me and otherwise treat me like a buffoon Victor. Is there someone willing to help? Please? Victor gave the answer we all would give. http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall defines your situation, how to become a gateway MX to an internal network. If there is something you do not understand from that document, please ask questions. Note: Postfix 2.1.x is very old. Lots of things have changed since then. Brian Victor Duchovni victor.ducho...@morganstanley.com 5/5/2009 11:47 AM On Tue, May 05, 2009 at 11:32:36AM -0400, Jeff Bernier wrote: I don't want to sound ungrateful for pointing me at the docs, but I was hoping for a little clarification on the process. I had looked at the docs, but was still unclear on how to go about it. Specific questions are much easier to answer than How do I go about doing this?. Carefully identify and write down the requirements for the new system. What must it do (in detail). What must it not do (in detail). This means identifying use cases, concrete events that occur and how the system should respond. Once you understand the requirements, you need to configure the system to behave the way you want it to behave. Divide the problem into parts, identify which parts you understand and which you are unclear about. Ask specific questions about the parts that are not clear to you and provide a detailed description of the relevant use case. victor.ducho...@morganstanley.com 5/5/2009 11:00 AM On Tue, May 05, 2009 at 10:51:58AM -0400, Jeff Bernier wrote: Hello, I am a newbie... I wish to use my Postfix system (v2.1.5) to accept mail for, and relay mail to another MTA. How do I go about doing this? http://www.postfix.org/BASIC_CONFIGURATION_README.html http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Redirect messages for just one recipient
Barney Desmond wrote: If domain.tld isn't already in virtual_alias_domains then you need to add it, as well as the mapping to extdomain.tld No, domain.tld must not be added to virtual_alias_domains if postfix already accepts mail for that domain. A domain must not be listed in more than one address class. All email is processed by virtual_alias_maps. The domain need not be a virtual_alias_domain. You mentioned you don't want it to go through your post office. If your mail routing is setup sanely, no mail would ever be relayed through your post office. If this does happen, you can add a transport map entry to have it delivered directly (either by IP if it's static, or by MX lookup if you don't control it). Eg. virtual_alias_maps file: (virtual_alias_domains uses the same by default) domain.tldOK Do NOT add the above line. re...@domain.tldre...@extdomain.tld Yes, this is a correct entry for virtual_alias_maps.
Re: Postfix Setup
On Tue, May 5, 2009 at 12:04 PM, Jeff Bernier jbern...@risd.edu wrote: I had asked a fairly clear question... it was: Ho do I set Postfix to accept email for, and relay email to another MTA? This is the one thing I need to accomplish. http://www.lmgtfy.com/?q=postfix+firewall There's really no need to berate me and otherwise treat me like a buffoon Victor. Is there someone willing to help? Please? You're being berated because there is specific documentation for this simple, common task. Brett
Re: Postfix Setup
On Tue, May 05, 2009 at 03:18:18PM -0400, Brett Dikeman wrote: I had asked a fairly clear question... it was: Ho do I?set Postfix to accept email for, and relay email to another MTA? This is the one thing I need to accomplish. http://www.lmgtfy.com/?q=postfix+firewall There's really no need to berate me and otherwise treat me like a buffoon Victor. Is there someone willing to help? Please? You're being berated because there is specific documentation for this simple, common task. I don't know who was berating the user, I just provided the best answers I could give and explained why it was difficult to give more specific answers to the original question as posed. If the OP felt berated, he can rest assured that was not the intent. There is no need to actually berate the OP, it suffices to adjust his expectations of how this list can be best put to good use. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Transport Maps Ignored After Upgrade
Thanks Victor. Ok, so I: - removed .$mydomain from $mydestination - have set relay_domains = $mydestination, $mynetworks - have set parent_domain_matches_subdomains to it's default - have added permit_mx_backup to smtpd_recipient_restrictions - set permit_mx_backup_networks = $mynetworks but I'm still unable to have email accepted for MX'ed hosts or those hosts listed in my transport file due to Relay access denied. Which, of these, or any other parameters, should I focus on to correct the denial? I've attached a fresh postconf -n for a more detailed updated picture. Regards, -Eric Victor Duchovni wrote: On Fri, May 01, 2009 at 01:54:03PM -0400, Eric Cunningham wrote: I think I've found a/the fix for re-enabling the original behavior of my transport maps and MX relaying. I added .$mydomain to mydestination in main.cf. This is in addition to $mydomain which was already in mydestination. $mydomain vs. .$mydomain is subtle but apparently important. Postfix will never search for .example.com domains in the $mydestination list, so this change has no effect. Perhaps in making this change you also triggered other changes that solved the problem. Now, in fact, if you don't set relay_domains explicitly, as a matter of regrettable backwards compatibility requirements, the value of $relay_domains defaults to to $mydestination and in the context of $relay_domains, .example.com keys do come into play given an appropriate setting of parent_domain_matches_subdomains. The right solution is to set relay_domains explicitly and correctly, rather than rely on side-effects from $mydestination. Secondly, it appears that you have changed the default value of parent_domain_matches_subdomains. You should review this parameter and make sure you understand its impact. alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, ldap:ldap anvil_rate_time_unit = 60s append_dot_mydomain = yes body_checks = pcre:/etc/postfix/access/body_access broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}. Contact postmas...@whoi.edu if this is in error. header_checks = pcre:/etc/postfix/access/header_access html_directory = /usr/share/doc/postfix/html mailbox_size_limit = 0 message_size_limit = 104857600 mydestination = $myhostname, $mydomain, postal1.$mydomain, outbox.$mydomain, mail.$mydomain, localhost.$mydomain, localhost.localdomain, localhost, beachcomberscompanion.net, whoi.net, oceansites.org, interridge.org myhostname = postal1.whoi.edu mynetworks = 128.128.0.0/16, 127.0.0.0/8, 199.92.168.150, 172.16.8.0/24 myorigin = $mydomain parent_domain_matches_subdomains = permit_mx_backup_networks = $mynetworks rbl_reply_maps = hash:/etc/postfix/access/dnsbl_replies readme_directory = /usr/share/doc/postfix recipient_delimiter = + relay_domains = $mydestination, $mynetworks relayhost = relocated_maps = hash:/etc/postfix/relocated setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_client_connection_rate_limit = 60 smtpd_client_message_rate_limit = 250 smtpd_client_new_tls_session_rate_limit = 60 smtpd_client_recipient_rate_limit = 300 smtpd_client_restrictions = check_client_access hash:/etc/postfix/access/connect_client_access smtpd_error_sleep_time = 5s smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_hard_error_limit = 20 smtpd_helo_required = yes smtpd_recipient_restrictions = permit_sasl_authenticated, check_recipient_access pcre:/etc/postfix/access/final_recipient_access, reject_unauth_pipelining,check_helo_access pcre:/etc/postfix/access/final_helo_access,check_client_access hash:/etc/postfix/access/final_client_access,check_sender_access pcre:/etc/postfix/access/final_sender_access,permit_mynetworks, permit_auth_destination,permit_mx_backup, reject_unknown_sender_domain,reject_unauth_destination, check_helo_access pcre:/etc/postfix/access/suspect_helo, reject_rbl_client autospam.whoi.edu,reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.ahbl.org,reject_rbl_client http.dnsbl.sorbs.net,reject_rbl_client socks.dnsbl.sorbs.net, reject_rbl_client misc.dnsbl.sorbs.net,reject_rbl_client web.dnsbl.sorbs.net,reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client list.dsbl.org,reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org,reject_rbl_client combined.njabl.org,reject_rbl_client bhnc.njabl.org smtpd_restriction_classes = require_reverse_dns smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous
Re: Postfix Setup
On Tue, May 5, 2009 at 3:32 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Tue, May 05, 2009 at 03:18:18PM -0400, Brett Dikeman wrote: I had asked a fairly clear question... it was: Ho do I?set Postfix to accept email for, and relay email to another MTA? This is the one thing I need to accomplish. http://www.lmgtfy.com/?q=postfix+firewall There's really no need to berate me and otherwise treat me like a buffoon Victor. Is there someone willing to help? Please? You're being berated because there is specific documentation for this simple, common task. I don't know who was berating the user, I just provided the best answers I could give and explained why it was difficult to give more specific answers to the original question as posed. If the OP felt berated, he can rest assured that was not the intent. There is no need to actually berate the OP, it suffices to adjust his expectations of how this list can be best put to good use. I fully believe that the experts on this list have good intentions and I appreciate the time they spend helping us. However, this scenario has happened quite a few times.. A new user asks questions that are vague or easily answered by the docs, etc and then (justified or not) gets offended by the responses. Is there any interest in creating a postfix-noobs (or postfix-lusers :) list where all questions, especially these types, are allowed and those who care to offer assistance can do so? A kinder, gentler list of sorts that the real experts here can simply ignore? Personally, I'm rarely qualified to help with most of the good questions on this list and read it just to learn. However I wouldn't mind spending a little time here and there helping people like the OP who are trying to do simple things that I am able to help with. I'd guess there are more admins like me out there that wouldn't mind being helpful to very new users who maybe haven't discovered how excellent the documentation is or maybe don't have the background to make good use of the docs yet. I'm sure there are reasons not to have such a thing, just though I'd put it out there. -Aaron
Re: Postfix Setup
On 5-May-2009, at 10:04, Jeff Bernier wrote: There's really no need to berate me and otherwise treat me like a buffoon Victor. Is there someone willing to help? Please? Consider two things. First, stop top-posting. Trim your quoted material and reply after, preserving the conversational thread. Second, consider growing a much thicker skin before getting on the Internet. If you think Viktor 'berated' you, you are going to be in for a whole world of hurt. http://en.wikipedia.org/wiki/Top-posting#Top-posting -- It's like looking for the farmer's daughter in a haystack, and finding the needle.
Re: Redirect messages for just one recipient
2009/5/6 Noel Jones njo...@megan.vbhcs.org: If domain.tld isn't already in virtual_alias_domains then you need to add it, as well as the mapping to extdomain.tld No, domain.tld must not be added to virtual_alias_domains if postfix already accepts mail for that domain. A domain must not be listed in more than one address class. Yes, I probably should have qualified that for my own assumptions of the setup. But of course, without postconf -n we don't really know ;)
Re: Postfix Setup
On May 5, 2009, at 12:58 PM, Aaron Wolfe wrote: I fully believe that the experts on this list have good intentions and I appreciate the time they spend helping us. However, this scenario has happened quite a few times.. A new user asks questions that are vague or easily answered by the docs, etc and then (justified or not) gets offended by the responses. Is there any interest in creating a postfix-noobs (or postfix-lusers :) list where all questions, especially these types, are allowed and those who care to offer assistance can do so? A kinder, gentler list of sorts that the real experts here can simply ignore? I would not go the road of list fragmentation for a beginners list. You end up with a list that beginners go to, but the only way for them to get answers is if experts are in that list. With a list of that nature, questions of How do I set up postfix will be far too many. I myself have only recently come to this list. I am a beginner, and I came with some trepidation. I learned I need not have, but there is a certain way to do things. Every list is a little different; if you have not posted to a list before, you *must* lurk a while, and get a feel. At the very least, you *must* read some of the archives. Put your question into search, see what comes up. The help I got was on the order of what I would consider better than any paid for consulting support I have received, and I got it for no cost. I am massively grateful for this, and if I have to do a little du-diligence to get that, I take no issue with that at all. The issue the OP had, and I saw it the second I read the OP's first post, is that my assumption was that the question was not possible to answer. In order for it to be answered, the list people would have to ask questions, just to get to a point where they could answer questions. Mailing lists are for getting answers, list users are not apt to coax questions out of posters. If a question comes up and a link to the docs is given, that is a gentle suggestion to dive in, start settings things up, and report back with your first stumbling block. Then your reply will not be a link to the docs, but to a specific *section* within the docs. Solve that issue, move on to the next, rinse and repeat until you are done. I have been given links to sub sections of docs, I give it a shot, if it makes sense, I move on, if not, I re-read the section multiple times, hit up google, and do all I can to make sure I can not find alternate ways to answer the question on my own. If I can, I try to come back and report success and where I got stuck, so perhaps, some other person reading the archives will be helped later on. Email servers in general are a complicated thing, postfix is one part of the puzzle, you still need a pop/IMAP server, spam filtering, filter rules, greylisting setup, and the list goes on and on. I can certainly see why. I wish to use my Postfix system (v2.1.5) to accept mail for, and relay mail to another MTA. How do I go about doing this? Pointing the user to: http://www.postfix.org/BASIC_CONFIGURATION_README.html http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall In reality, is about as good as it is going to get. The guidelines state to post postconf -n output, that alone is helpful. The OP's question lacked far too many details, any answer had a high chance of being a waste of the list members time. We need to know current config, current workflow, why the OP wants to do this, perhaps a config change would render the need moot, etc etc. I always look at mailing lists as if I am asking someone to help me move because they have a truck. To a degree, I am burdening them, and try my best to make it as simple on them as possible. I apply that same line of thought to mailing lists. New mailing list users need to read the guidelines/faq, lurk a while, and see how things work. My two cents. -- Scott * If you contact me off list replace talklists@ with scott@ *
Re: Postfix Setup
I'm 100% completely new to Postfix, somewhat new to *nix. My general feedback: 1. I find Postfix to be somewhat difficult, and the google search documentation for my specific setup is fragmented and incomplete at best. I did expect this given the number of possible system permutations. 2. I'm convinced that the postfix.org information is complete and accurate, but it is nearly indecipherable for the truly new user. 3. I realized that the best solution was to sign up for this mailing list and politely ask for some help, while at the same time educating myself as much as possible via books/internet resources. 4. After I learn how to get my setup working, I plan on posting it to help others. - For all the Postfix pros out there, I think new users would find the following very helpful in getting started. If the sites already exist, can they be added to the main documentation, or posted, or added to your own personal Postfix sites? 1. A website dedicated to the most basic/safest configuration, integrated with *nix concepts. The links on postfix.org pointing to basic configuration are helpful to a point, but as a new user I find myself stuck at times. Would it be possible to present these in a chronological order, e.g., create a new user, modify mail.cf, create aliases, send an email after running postconf -n to postfix.org etc.? Everything is there, but the order is aimed at the proficient user. A stripped down version would eliminate a lot of the redundant questions from new users like myself. 2. A high-depth/low-breadth Postfix website. In other words, show me the basics and explain the hell out of them - then let me explore the intricacies on my own. Most of the concepts on Postfix.org are given equal weight, out-of-step with their actual importance. If a usable system is predicated on having an existing user, why not list that? Finally, I believe empathizing with new users without dumbing down the Postfix site is extremely important. PLEASE don't add a newbies distro, or segregate the list in any way. People with the wherewithal to learn Postfix aren't lazy or stupid. We understand that just because you add One Fish, Two Fish to the library at Alexandria doesn't mean you need to include it in the English 101 curriculum at Yale University. If you want to tell us to Go away, please, just tell us where to go and we'll come back later when we're ready. -Jon