RE: virtual.regexp not working

[Kammen van, Marco, Springer SBM NL]

>> One of our users is requesting a batch of e-mail aliases ranging
from:
>>
>> j10...@domain.com to j10...@domain.com
>>
>> I made the following regexp which kind of does the trick:
>>
>> /j10[0-3][0-9][0-...@domain\.com/ thisaddr...@domain.com
>>
>> But this adds the range of j10300 to j10399 which isn't wanted.
>> So I tried the following regexp:
>>
>> /j(10001..10300)\...@domain\.com/ thisaddr...@domain.com
>>
>> But that's not working

>Indeed, since ranges like that simply are not supported in regular
>expressions. This should work:

>/^j10([0-2][0-9][0-9]|300)@example\.com$/ thisaddr...@example.com

Ofcourse! Guess I mixed up the ranges thing from doing too many Perl
stuff...

This will work just fine 

Thanks! 

Re: virtual.regexp not working

[Ralf Hildebrandt]

* Kammen van, Marco, Springer SBM NL :
> Hi All,
> 
>  
> 
> One of our users is requesting a batch of e-mail aliases ranging from:
> 
> j10...@domain.com to j10...@domain.com
> 
>  
> 
> I made the following regexp which kind of does the trick:
> 
>  
> 
> /j10[0-3][0-9][0-...@domain\.com/ thisaddr...@domain.com

/^j10[0-2][0-9][0...@domain\.com$/ thisaddr...@domain.com
/^j10...@domain\.com$/ thisaddr...@domain.com

-- 
Ralf Hildebrandt
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.computerbeschimpfung.de
A crash reduces
Your expensive computer
To a simple stone.

RE: [SPAM?] Re: SPF implementation not working

[Paul Cocker]

> -Original Message-
> From: Noel Jones [mailto:njo...@megan.vbhcs.org] 
> Sent: 01 June 2009 14:30
> To: Paul Cocker; postfix-users@postfix.org
> Subject: [SPAM?] Re: SPF implementation not working
> Importance: Low
> 
> Paul Cocker wrote:
> > I'm trying to implement SPF on our Postfix 2.3.3 
> installation running 
> > on CentOS 5.2 and have been using the "Sender address 
> verification for 
> > all e-mail" article on the postfix site. We're also using a 
> Barracuda 
> > filter and SPF verification hasn't been leading to false 
> positives so 
> > we're happy to enable it for everything.
> 
> The article you refer to is about sending address 
> verification probes, not SPF.  You have not enabled SPF in 
> postfix.  Note that some sites consider the address probes 
> you have enabled a form of abuse - if you send too many of 
> them them, they will blacklist you.  You might want to turn 
> that feature back off.
> 

Ah, clearly I have become confused somewhere along the line. Thanks,
I'll check the articles you linked.

Would I be correct in thinking you are referring only to
reject_unverified_sender, or do you mean the entire
smtpd_sender_restrictions block I posted?
_

Please consider the environment, think before you print.

TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), 
TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897), TNT 
Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post 
Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary 
and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd 
(02556692). All companies are registered in England and Wales; registered 
address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, 
SL7 1HY.

Re: Impossible to send mail using SSL for SMTP connection.

[Sthu Pous]

Thank You for Your time and answer, Rainer:

> Amazingly this thread has moved in a totally strange direction (or I overlook 
> s.th. and I make a fool of myself).  The server does not advertise STARTTLS, 
> so "command not implemented" is a correct response. You didn't have TLS 
> enabled in the config you posted. You need to put "smtpd_tls_security_level = 
> may" (or =encrypt) in main.cf or in the smtpd service definition in 

For smtpd_tls_security_level = encrypt I have:

* Connecting to SMTP server: abc.com ...
[17:32:38] SMTP< 220 The ABC Center ESMTP Service
[17:32:38] ESMTP> EHLO localhost
[17:32:40] ESMTP< 250-abc.com
[17:32:40] ESMTP< 250-PIPELINING
[17:32:40] ESMTP< 250-SIZE 3072
[17:32:40] ESMTP< 250-VRFY
[17:32:40] ESMTP< 250-ETRN
[17:32:40] ESMTP< 250-STARTTLS
[17:32:40] ESMTP< 250-ENHANCEDSTATUSCODES
[17:32:40] ESMTP< 250-8BITMIME
[17:32:40] ESMTP< 250 DSN
[17:32:40] ESMTP> STARTTLS
[17:32:42] ESMTP< 454 4.7.0 TLS not available due to local problem
** error occurred on SMTP session
*** Error occurred while sending the message:
454 4.7.0 TLS not available due to local problem

For smtpd_tls_security_level = may I have:

* Connecting to SMTP server: abc.com ...
[17:33:45] SMTP< 220 The ABC Center ESMTP Service
[17:33:45] ESMTP> EHLO localhost
[17:33:46] ESMTP< 250-abc.com
[17:33:46] ESMTP< 250-PIPELINING
[17:33:46] ESMTP< 250-SIZE 3072
[17:33:46] ESMTP< 250-VRFY
[17:33:46] ESMTP< 250-ETRN
[17:33:46] ESMTP< 250-STARTTLS
[17:33:46] ESMTP< 250-AUTH PLAIN LOGIN
[17:33:46] ESMTP< 250-AUTH=PLAIN LOGIN
[17:33:46] ESMTP< 250-ENHANCEDSTATUSCODES
[17:33:46] ESMTP< 250-8BITMIME
[17:33:46] ESMTP< 250 DSN
[17:33:46] ESMTP> STARTTLS
[17:33:47] ESMTP< 454 4.7.0 TLS not available due to local problem
** error occurred on SMTP session
*** Error occurred while sending the message:
454 4.7.0 TLS not available due to local problem

And what is the local problem? Some permissions?
I'm new to email servers, so, any simple/foolish problem can have a place.

> master.cf. You also need to configure the certificate and key files. See 
> TLS_README in the postfix documentation.

Well. I have those already:

# postconf -n | grep tls

smtpd_tls_CAfile = /etc/ssl/ca.crt
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key

Re: Impossible to send mail using SSL for SMTP connection.

[Rainer Frey (Inxmail GmbH)]

On Wednesday 03 June 2009 13:02:08 Sthu Pous wrote:

[...]

> 454 4.7.0 TLS not available due to local problem
>
> And what is the local problem? Some permissions?

Read the log (and post it if you need help).

Rainer

Re: Postfix with PostgreSQL

[Charles Marcus]

On 6/2/2009, Just E. Mail (justem...@imwell-usa.com) wrote:
> I am setting up LVS. I have two Real Servers running CentOS,
> PostgeSQL Client, freeRADIUS, Postfix, etc. Both of the Real Servers
> access data from the backend PostgreSQL Server.
> 
> I have setup freeRADIUS application. It authenticates users from the
> SQL database. Postfix is much more flexible where it is open to
> creating Schema to one's own design. There is no sample Schema to
> start with. That's why I have so many questions but I am trying hard.
> I do have Postfix working (but not with PGSQL)!

If you already have a functioning pgsql server authenticating users,
then why not simply use that? Define a .cf map query that will work
against your *current* *working* schema, and just point it to your
current/working SQL server...

Or maybe I'm not understanding something?

-- 

Best regards,

Charles

Re: How is it: mynetworks = 127.0.0.0/8 yet local network users are able to send.

[Sthu Pous]

Thank You for Your time and answer, Carlos:

> So for those three machines above to be able to send email using
> Postfix, I need add the
> following to '/etc/postfix/mynetworks':
> 
> 127.0.0.0/8
> 10.1.0.0/16
> 
> Try that, reload Postfix and try and send email. Hope that helps. Also
> your logs should show
> some errors if not resolving.

Interesting to note, but on

postconf -d

I see mynetworks = 127.0.0.0/8 v.x.y.z/25 192.168.0.0/24

from whence it comes? - I have no mynetworks file.

Re: How is it: mynetworks = 127.0.0.0/8 yet local network users are able to send.

[Wietse Venema]

Sthu Pous:
> Thank You for Your time and answer, Carlos:
> 
> > So for those three machines above to be able to send email using
> > Postfix, I need add the
> > following to '/etc/postfix/mynetworks':
> > 
> > 127.0.0.0/8
> > 10.1.0.0/16
> > 
> > Try that, reload Postfix and try and send email. Hope that helps. Also
> > your logs should show
> > some errors if not resolving.
> 
> Interesting to note, but on
> 
> postconf -d
> 
> I see mynetworks = 127.0.0.0/8 v.x.y.z/25 192.168.0.0/24
> 
> from whence it comes? - I have no mynetworks file.

The command "postconf -d" does NOT show main.cf.

Formatting page, please wait...Done.

POSTCONF(1)   POSTCONF(1)

NAME
   postconf - Postfix configuration utility
...

   -d Print default parameter settings instead of  actual
  settings.
...
   -n Print parameter settings that are not left at their
  built-in default value, because they are explicitly
  specified in main.cf.

Re: How is it: mynetworks = 127.0.0.0/8 yet local network users are able to send.

[Ralf Hildebrandt]

* Sthu Pous :

> Interesting to note, but on
> 
> postconf -d
> 
> I see mynetworks = 127.0.0.0/8 v.x.y.z/25 192.168.0.0/24
> 
> from whence it comes?

postconf -d shows the defaults
-- 
Ralf Hildebrandt
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.computerbeschimpfung.de
Computer /nm./: a device designed to speed and automate errors.
   -- From the Jargon File. 

Re: How is it: mynetworks = 127.0.0.0/8 yet local network users are able to send.

[Barney Desmond]

2009/6/3 Sthu Pous :
> Interesting to note, but on
>
> postconf -d
>
> I see mynetworks = 127.0.0.0/8 v.x.y.z/25 192.168.0.0/24


That's well and good, but -d is for defaults, don't use it to make
judgements. All that matters is what you see here and now with
`postconf -n`, which you haven't shown us.

This might also be of interest:
http://www.postfix.org/postconf.5.html#mynetworks_style

The default is "subnet", which will include your attached networks.
For an internet-facing MX this may be undesirable. When you use
`postconf -d`, it will assume "subnet", so you have to interpret
"mynetworks" with that in mind.

> from whence it comes? - I have no mynetworks file.

The docs explain this:
http://www.postfix.org/postconf.5.html#mynetworks
"Specify a list of network addresses or network/netmask patterns,
separated by commas and/or whitespace. You can also specify
"/file/name" or "type:table" patterns"
I'd dare say the "normal" configuration for most of us is just putting
your networks directly in main.cf, but you have the freedom to make it
external.


As mouss suggested, your query is unclear. I can think of two interpretations:
1. "I've set mynetworks=127.0.0.0/8 in main.cf but for some reason
machines on my LAN can relay mail out to the internet, how do I stop
this?"
2. "I've set mynetworks=127.0.0.0/8 in main.cf and I want to allow
machines on my LAN to relay mail out to the internet, how do I make
this possible?"

getting an address in virtual_alias_maps to use different transport

[Calvin Browne]

Hi all - need someone to hit me with a clue bat.

I have one particular address in a domain that is handled by
virtual_alias_domains through a virtual_alias_maps table. This address
gets redirected to an account on another smtp server. I would like to
rate limit the delivery perhaps by sending it over its own transport?

Any clues/pointers appreciated.
mail_version = 2.2.10

--Calvin

Re: getting an address in virtual_alias_maps to use different transport

[Wietse Venema]

Calvin Browne:
> Hi all - need someone to hit me with a clue bat.
> 
> I have one particular address in a domain that is handled by
> virtual_alias_domains through a virtual_alias_maps table. This address
> gets redirected to an account on another smtp server. I would like to
> rate limit the delivery perhaps by sending it over its own transport?
> 
> Any clues/pointers appreciated.
> mail_version = 2.2.10

A workaround for Postfix < 2.5 is in
http://www.postfix.org/QSHAPE_README.html#backlog:

* In the transport map entry for the problem destination,
  specify a dead host as the primary nexthop.

* In the master.cf entry for the transport specify the problem
  destination as the fallback_relay and specify a small
  smtp_connect_timeout value.

  /etc/postfix/main.cf:
  transport_maps = hash:/etc/postfix/transport

  /etc/postfix/transport:
  example.com  slow:[dead.host]

  /etc/postfix/master.cf:
  # service type  private unpriv  chroot  wakeup  maxproc command
  slow  unix -   -   n   -   1smtp
  -o fallback_relay=problem.example.com
  -o smtp_connect_timeout=10
  -o smtp_connection_cache_on_demand=no

With recent Postfix versions, use a transport map and
the _destination_rate_delay feature.

/etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport
slow_destination_rate_delay = 10

/etc/postfix/transport:
u...@example.comslow:

Wietse

Re: Postfix with PostgreSQL - CLOSE

[Just E. Mail]

I have this posting out for couple of days and many Techies from this 
mailing list responded with suggestions. I did not understand any one of 
them because I am a NEWBIE and I was thinking more closed in a SQL box 
and thinking of Postfix using the backend PGSQL in some what  a 
conventional  way - database, schema, quiries, so on...


So today with good night sleep, I got up and read "POSTFIX - The 
Definitive Guide" by Kyle D. Dent & it made sense. So now I understand 
that in Postfix there are MAPS for Data/Information. Each MAP handles a 
particular data. For example a MAP for Virtual Domains handles a list of 
Virtual Domains, an Aliases Map has a list of emails pointing to other 
emails (forwarding), etc. One has to configure each MAP to retrieve its 
underlying data/information from a table or a database.


This is very good design used in Postfix but not understanding it 
clearly got me down. Now I can setup one or more MAPS to connect to 
backend PGSQL as Imake progress.


Thank you all.

I have only one more wish; I wish there was a list of all the MAPS used 
in Postfix?


Jennifer King

[queues] - in/out messages

[no7find -]

Hi list !

I want to know if there is any way to find out the IN and OUT messages
per queue (active, incoming, ...). And later I want to estimate the
rate on each queue.

The way I'm trying to this is by parsing mail.log file and it require
to active verbose/debug mode of queue manager daemon.

master.cf:
   qmgr  fifo  n   -   n   300 1   qmgr -v

The disadvantage is an increment of lines on the log file: ~9 to ~123.

= 9 lines = (without verbose/debug mode)
Apr 16 17:16:50 debian postfix/postlog[2258]:
===START(qmgr)=
Apr 16 17:16:56 debian postfix/smtpd[2259]: connect from
example.com[192.168.56.1]
Apr 16 17:16:56 debian postfix/smtpd[2259]: 3B22C4571:
client=example.com[192.168.56.1]
Apr 16 17:16:56 debian postfix/cleanup[2263]: 3B22C4571:
message-id=<20090416161656.3b22c4...@debian.lan>
Apr 16 17:16:56 debian postfix/qmgr[2251]: 3B22C4571:
from=, size=348, nrcpt=1 (queue active)
Apr 16 17:16:56 debian postfix/smtpd[2259]: disconnect from
example.com[192.168.56.1]
Apr 16 17:16:56 debian postfix/local[2264]: 3B22C4571:
to=, relay=local, delay=0.08,
delays=0.04/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
Apr 16 17:16:56 debian postfix/qmgr[2251]: 3B22C4571: removed
Apr 16 17:17:01 debian postfix/postlog[2265]:
===END(qmgr)=

= 123 lines = (with verbose/debug mode)
Apr 16 17:52:27 debian postfix/postlog[3019]:
===START(qmgr -v)=
Apr 16 17:52:44 debian postfix/smtpd[3022]: connect from
example.com[192.168.56.1]
Apr 16 17:52:44 debian postfix/smtpd[3022]: 809BB459F:
client=example.com[192.168.56.1]
Apr 16 17:52:44 debian postfix/cleanup[3026]: 809BB459F:
message-id=<20090416165244.809bb4...@debian.lan>
Apr 16 17:52:44 debian postfix/qmgr[3012]: trigger_server_accept_fifo:
trigger arrived
Apr 16 17:52:44 debian postfix/qmgr[3012]: master_notify: status 0
Apr 16 17:52:44 debian postfix/qmgr[3012]: request: 87 (W)
Apr 16 17:52:44 debian postfix/qmgr[3012]: qmgr_scan_start: start
incoming queue scan
Apr 16 17:52:44 debian postfix/qmgr[3012]: master_notify: status 1
Apr 16 17:52:44 debian postfix/qmgr[3012]: qmgr_active_feed: queue incoming
Apr 16 17:52:44 debian postfix/qmgr[3012]: qmgr_active_feed:
incoming/809BB459F  <-- 
IN to
incoming queue
Apr 16 17:52:44 debian postfix/qmgr[3012]: qmgr_message_alloc: active
809BB459F   <-- IN to 
active queue
Apr 16 17:52:44 debian postfix/qmgr[3012]: 809BB459F: recipient limit 5000
Apr 16 17:52:44 debian postfix/qmgr[3012]: 809BB459F:
from=, size=348, nrcpt=1 (queue active)
Apr 16 17:52:44 debian postfix/qmgr[3012]: start sorted recipient list
Apr 16 17:52:44 debian postfix/qmgr[3012]: qmgr_message_sort:
billga...@debian.lan
Apr 16 17:52:44 debian postfix/qmgr[3012]: end sorted recipient list
Apr 16 17:52:44 debian postfix/qmgr[3012]: connect to subsystem private/rewrite
Apr 16 17:52:44 debian postfix/qmgr[3012]: send attr request = resolve
Apr 16 17:52:44 debian postfix/qmgr[3012]: send attr sender = b...@debian.lan
Apr 16 17:52:44 debian postfix/qmgr[3012]: send attr address =
billga...@debian.lan
Apr 16 17:52:44 debian postfix/qmgr[3012]: private/rewrite socket:
wanted attribute: flags
Apr 16 17:52:44 debian postfix/qmgr[3012]: input attribute name: flags
Apr 16 17:52:44 debian postfix/qmgr[3012]: input attribute value: 0
Apr 16 17:52:44 debian postfix/qmgr[3012]: private/rewrite socket:
wanted attribute: transport
Apr 16 17:52:44 debian postfix/qmgr[3012]: input attribute name: transport
Apr 16 17:52:44 debian postfix/qmgr[3012]: input attribute value: local
Apr 16 17:52:44 debian postfix/qmgr[3012]: private/rewrite socket:
wanted attribute: nexthop
Apr 16 17:52:44 debian postfix/qmgr[3012]: input attribute name: nexthop
Apr 16 17:52:44 debian postfix/qmgr[3012]: input attribute value: debian.lan
Apr 16 17:52:44 debian postfix/qmgr[3012]: private/rewrite socket:
wanted attribute: recipient
Apr 16 17:52:44 debian postfix/qmgr[3012]: input attribute name: recipient
Apr 16 17:52:44 debian postfix/qmgr[3012]: input attribute value:
billga...@debian.lan
Apr 16 17:52:44 debian postfix/qmgr[3012]: private/rewrite socket:
wanted attribute: flags
Apr 16 17:52:44 debian postfix/qmgr[3012]: input attribute name: flags
Apr 16 17:52:44 debian postfix/qmgr[3012]: input attribute value: 256
Apr 16 17:52:44 debian postfix/qmgr[3012]: private/rewrite socket:
wanted attribute: (list terminator)
Apr 16 17:52:44 debian postfix/qmgr[3012]: input attribute name: (end)
Apr 16 17:52:44 debian postfix/qmgr[3012]: resolve_clnt:
`...@debian.lan' -> `billga...@debian.lan' -> transp=`local'
host=`debian.lan' rcpt=`billga...@debian.lan' flags= class=local
Apr 16 17:52:44 debian postfix/qmgr[3012]: dict_eval: const  2
Apr 16 17:52:44 debian postfix/qmgr[3012]: dict_eval: const  1
Apr 16 17:52:44 

Re: getting an address in virtual_alias_maps to use different transport

[Wietse Venema]

Correction in-line.

Wietse Venema:
> Calvin Browne:
> > Hi all - need someone to hit me with a clue bat.
> > 
> > I have one particular address in a domain that is handled by
> > virtual_alias_domains through a virtual_alias_maps table. This address
> > gets redirected to an account on another smtp server. I would like to
> > rate limit the delivery perhaps by sending it over its own transport?
> > 
> > Any clues/pointers appreciated.
> > mail_version = 2.2.10
> 
> A workaround for Postfix < 2.5 is in
> http://www.postfix.org/QSHAPE_README.html#backlog:
> 
> * In the transport map entry for the problem destination,
>   specify a dead host as the primary nexthop.
> 
> * In the master.cf entry for the transport specify the problem
>   destination as the fallback_relay and specify a small
>   smtp_connect_timeout value.
> 
>   /etc/postfix/main.cf:
>   transport_maps = hash:/etc/postfix/transport
> 
>   /etc/postfix/transport:
>   example.com  slow:[dead.host]

Make that:
u...@example.com slow:[dead.host]

Where u...@example.com is the output from virtual aliasing.


>   /etc/postfix/master.cf:
>   # service type  private unpriv  chroot  wakeup  maxproc command
>   slow  unix -   -   n   -   1smtp
>   -o fallback_relay=problem.example.com
>   -o smtp_connect_timeout=10
>   -o smtp_connection_cache_on_demand=no
> 
> With recent Postfix versions, use a transport map and
> the _destination_rate_delay feature.
> 
> /etc/postfix/main.cf:
> transport_maps = hash:/etc/postfix/transport
> slow_destination_rate_delay = 10
> 
> /etc/postfix/transport:
> u...@example.com  slow:
> 
>   Wietse
> 
> 

Re: Postfix with PostgreSQL - CLOSE

[Victor Duchovni]

On Wed, Jun 03, 2009 at 09:05:16AM -0600, Just E. Mail wrote:

> I have only one more wish; I wish there was a list of all the MAPS used in 
> Postfix?

You really don't want this. Less is more. Only define or override Postfix
parameters that implement a non-default behaviour you need to control
in order to achieve a particular behaviour.

Generally, stick to what's described in:

- An example configuration in the (in your case O'Reilly) book, or

* BASIC_CONFIGURATION_README.html
* STANDARD_CONFIGURATION_README.html
* ADDRESS_REWRITING_README.html
* ADDRESS_CLASS_README.html
* VIRTUAL_README.html
* TLS_README.html
* SASL_README.html
* QSHAPE_README.html
* ... other tutorials in http://www.postfix.org/documentation.html

Venture into any given tutorial as and when necessary, otherwise read them
slowly approximately in the order suggested. Resist the urge to tweak
parameters (except on test servers) unless it is *vital* to change them
from their default value, cosmetic changes will only cause you grief later.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: [SPAM?] Re: SPF implementation not working

[Noel Jones]

Paul Cocker wrote:

-Original Message-
From: Noel Jones [mailto:njo...@megan.vbhcs.org] 
postfix.  Note that some sites consider the address probes 
you have enabled a form of abuse - if you send too many of 
them them, they will blacklist you.  You might want to turn 
that feature back off.




Would I be correct in thinking you are referring only to
reject_unverified_sender, or do you mean the entire
smtpd_sender_restrictions block I posted?


I was referring specifically to reject_unverified_sender.

  -- Noel Jones

Re: [queues] - in/out messages

[Victor Duchovni]

On Wed, Jun 03, 2009 at 04:11:42PM +0100, no7find - wrote:

> Hi list !
> 
> I want to know if there is any way to find out the IN and OUT messages
> per queue (active, incoming, ...). And later I want to estimate the
> rate on each queue.

The rate at which messages enter the incoming queue is determined by
looking at log entries of the form (system dependent):

postfix/cleanup[]: : message-id=...

> The way I'm trying to this is by parsing mail.log file and it require
> to active verbose/debug mode of queue manager daemon.
>
> master.cf:
>qmgr  fifo  n   -   n   300 1   qmgr -v

NO. DO NOT DO THIS. This totally destroys the performance you are trying
to measure, and is COMPLETELY unnecessary.

> Apr 16 17:52:44 debian postfix/qmgr[3012]: qmgr_active_feed:
> incoming/809BB459F<-- 
> IN to

You are measuring the wrong thing. When the rates are unequal and the
queue manager is falling behind you won't see this until long after the
message enters the incoming queue.

The other log entry of interest is:

postfix/qmgr[]: : from=<...>, 

which indicates entry into the active queue, from either incoming or
deferred, to know which, you need state parsed from the logs for messages
not yet logged as "removed" that have been in the active queue before.

What's wrong with just measuing the incoming queue size? It is generally
very near zero, and if not, you probably have a problem.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Always_BCC Exceptions

[Nikos Papadopoulos]

Dear friends,

I have configured Postfix with the Always_BCC and I would like to exclude some 
of 
the email accounts from being copied to the "BCC Account".
Is it possible? If so what should I do?


Best Regards,

Nikos

Re: Always_BCC Exceptions

[Victor Duchovni]

On Wed, Jun 03, 2009 at 09:11:52PM +0300, Nikos Papadopoulos wrote:

> Dear friends,
> 
> I have configured Postfix with the Always_BCC and I would like to exclude 
> some of 
> the email accounts from being copied to the "BCC Account".
> Is it possible? If so what should I do?

Disable always_bcc (always => always) and use recipient_bcc_maps or
sender_bcc_maps to selectively "bcc", based on the sender or recipients.
Exceptions, are possible via regexp or PCRE tables.

if !/^us...@example\.com/
/^/ bcc_for_everyone_e...@example.com
endif

Alternatively, you can "bcc" a discarded address:

us...@example.com   nob...@discard.invalid
@example.combcc_for_everyone_e...@example.com

transport:
discard.invalid discard:silently

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Postfix with support for Mysql

[mouss]

Corey Chandler a écrit :
> Juan Antonio Cuesta wrote:
>> Hello,
>>
>> i have installed Postfix with support for Mysql, i want to write my
>> virtual file over a Mysql table.
>> I have 5 servers with postfix and is very simple shared the conf with
>> the 5 servers.
>>
>> All works very very well, but if the Server of Mysql y down the emails
>> are rejected and the smtp server stop working. Can i resolv this? i
>> would like that postfix do failover of mysql and continue with other
>> files:
>>   
> You're looking more along the lines of doing master-slave failover
> within MySQL, perhaps using some form of load balancer.  It's not really
> a Postfix function, unfortunately.
> 

he can put multiple IPs in "hosts=..." statement.

What happens when the policy server crashes

[Rob Tanner]

Hi,

We have some email policies that we want to implement and it looks like a
policy server is the perfect tool.  We have two edge servers on which we
want to implement the policies.  My thought is to build a threaded server in
Java and run it actually one the machine that the databases it will consult
are already running.  My question is what happens if for any reason the
policy server hangs, crashes, etc, and stops accepting connections.  Does
Postfix also hang and stop processing mail or does Postfix simply timeout
and is the timeout length a settable parameter in main.cf?

Thanks,
Rob



--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville Oregon
503-883-2558

Re: What happens when the policy server crashes

[Wietse Venema]

Rob Tanner:
> Hi,
> 
> We have some email policies that we want to implement and it looks like a
> policy server is the perfect tool.  We have two edge servers on which we
> want to implement the policies.  My thought is to build a threaded server in
> Java and run it actually one the machine that the databases it will consult
> are already running.  My question is what happens if for any reason the
> policy server hangs, crashes, etc, and stops accepting connections.  Does
> Postfix also hang and stop processing mail or does Postfix simply timeout
> and is the timeout length a settable parameter in main.cf?

Postfix detects connection timeout or connection failure and tries
to reconnect a few times. It then sends a 4xx reply to the client
so that the client can try again later.

The default setting is:

smtpd_policy_service_timeout = 100s

You'll want to use a robust policy server (like, one that is
restarted) and a monitor that checks if it is still responsive.

Wietse

smtpd_client_restrictions: "permit_mynetworks" additionally necessary!?

[meyer-jordan]

Hi there!

Can someone give me a hint:

I've two postfix servers which both have two NICs, one with an official IP to 
the internet, and one with a private IP to the internal LAN.

I want to permit SMTP from the outside via submission port with SMTP Auth. It 
runs like expected with the older 2.0.18 server (see master.cf snippet below) 
with internal and external clients. But 
with the newer 2.3.8 server it only runs with external clients.

I get "554 5.7.1 : Client host rejected: Access denied; 
from= [...]". (The client didn't reach SASL authentication state.)

I've to add "permit_mynetworks" as first item to smtpd_client_restrictions to 
send with internal clients. "permit_sasl_authenticated" should be enough, in my 
opinion - especially because it runs for 
external internet clients which are not member of $mynetworks.

Where's my mistake?


Possibly there's some preferred rule at the older 2.0.18 system, which will 
permit $mynetwork (internal LAN) clients before master.cf's submission 
"smtpd_client_restrictions=permit_sasl_authenticated,reject" can take effect?


-
Postfix 2.3.8

master.cf
[...]
submission inet n - - - - smtpd
  [...]
  -o 
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  [...]

-
Postfix 2.0.18

master.cf
[...]
submission inet n - - - - smtpd -o cleanup_service_name=pre-cleanup
  [...]
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  [...]
-


Thanks,
  Hasso

Re: Postfix with support for Mysql

[Corey Chandler]

mouss wrote:

Corey Chandler a écrit :
  

C'est vrai.  J'ai ecrit:

Juan Antonio Cuesta wrote:


Hello,

i have installed Postfix with support for Mysql, i want to write my
virtual file over a Mysql table.
I have 5 servers with postfix and is very simple shared the conf with
the 5 servers.

All works very very well, but if the Server of Mysql y down the emails
are rejected and the smtp server stop working. Can i resolv this? i
would like that postfix do failover of mysql and continue with other
files:
  
  

You're looking more along the lines of doing master-slave failover
within MySQL, perhaps using some form of load balancer.  It's not really
a Postfix function, unfortunately.




he can put multiple IPs in "hosts=..." statement.
  


Within the mysql map file itself?  That's nifty; I wasn't aware that was 
there; I'll have to revisit some of my own configs.


Does it roundrobin, tackle them in order, etc?

--
Corey Chandler / KB1JWQ
Living Legend / Systems Exorcist
Today's Excuse: firewall needs cooling

Re: virtual.regexp not working

[LuKreme]

On 3-Jun-2009, at 00:28, Kammen van, Marco, Springer SBM NL wrote:

/j(10001..10300)\...@domain\.com/ thisaddr...@domain.com



/j10(300|2\d\d)@example\.com$/ thisaddr...@example.com

--
Q how do you titillate an ocelot?
A you oscillate its tit a lot.

Re: virtual.regexp not working

[LuKreme]

On 3-Jun-2009, at 20:51, LuKreme wrote:

/j10(300|2\d\d)@example\.com$/ thisaddr...@example.com



Oops.

/j10(300|[0-2]\d\d)@example\.com$/ thisaddr...@example.com

--
And I just don't care what happens next / looks like freedom but it
feels like death / it's something in between, I guess

Re: smtpd_client_restrictions: "permit_mynetworks" additionally necessary!?

[Noel Jones]

meyer-jor...@t-online.de wrote:

Hi there!

Can someone give me a hint:

I've two postfix servers which both have two NICs, one with an official IP to 
the internet, and one with a private IP to the internal LAN.

I want to permit SMTP from the outside via submission port with SMTP Auth. It runs like expected with the older 2.0.18 server (see master.cf snippet below) with internal and external clients. But 
with the newer 2.3.8 server it only runs with external clients.


I get "554 5.7.1 : Client host rejected: Access denied; from= 
[...]". (The client didn't reach SASL authentication state.)

I've to add "permit_mynetworks" as first item to smtpd_client_restrictions to send with internal clients. "permit_sasl_authenticated" should be enough, in my opinion - especially because it runs for 
external internet clients which are not member of $mynetworks.


Where's my mistake?


Your error report is inconsistent with how postfix works, 
which usually means the actual configuration isn't what you 
think it is.


Please post "postconf -n" output, master.cf contents, and log 
entries from the non-working system.  It's best if you post 
unaltered entries, if you must alter entries, do so coherently.


  -- Noel Jones

Re: Postfix with support for Mysql

[Magnus Bäck]

On Thursday, June 04, 2009 at 03:41 CEST,
 Corey Chandler  wrote:

> mouss wrote:
>
> > he can put multiple IPs in "hosts=..." statement.
>
> Within the mysql map file itself?  That's nifty; I wasn't aware that
> was there; I'll have to revisit some of my own configs.
>
> Does it roundrobin, tackle them in order, etc?

Quoting mysql_table(5):

 The hosts are tried in random order, with all  connections over
 UNIX domain sockets being tried before those over TCP.  The con-
 nections are automatically closed after being idle for about  1
 minute, and are re-opened as necessary. Postfix versions 2.0 and
 earlier do not randomize the host order.

-- 
Magnus Bäck
mag...@dsek.lth.se

Re: virtual.regexp not working

[Victor Duchovni]

On Wed, Jun 03, 2009 at 08:52:49PM -0600, LuKreme wrote:

> On 3-Jun-2009, at 20:51, LuKreme wrote:
>> /j10(300|2\d\d)@example\.com$/ thisaddr...@example.com
>
>
> Oops.
>
> /j10(300|[0-2]\d\d)@example\.com$/ thisaddr...@example.com

Unless you really watch match the OP's range exactly, close enough
matches have already been posted.

# Match j1 .. j10300
#
if /^j10([0-2]\d\d|300)@example\.com/

# but not j1
#
if !/^j1/

# Leaving exactly j10001 .. j10300
#
/^/ thisaddr...@example.com

endif
endif

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.