relaying from localhost

2009-06-06 Thread Mike Robinson 

Hi there,

We have a server on the internet which provides spam filtering and a couple of 
other bits and bobs.

Spam filtering is by postgrey, amavis, clamav and spamassassin. There are no 
local recipients, and all mail is forwarded to the mailbox servers (via 
transport maps) on our various internal nets. Here's the main.cf:

myhostname = server.domain.name
mydomain = domain.name
myorigin = $mydomain
mydestination = server.domain.name
local_recipient_maps =
content_filter = smtp-amavis:[localhost]:10024
mynetworks = xxx.xxx.xxx.xxx
relay_domains = $transport_maps
mailbox_size_limit = 10500
message_size_limit = 10500
bounce_queue_lifetime = 15d
maximal_queue_lifetime = 15d
transport_maps = hash:/etc/postfix/transport
smtpd_helo_required = yes
disable_vrfy_command = yes
virtual_alias_maps = hash:/etc/postfix/virtual
alias_maps = hash:/etc/aliases
recipient_delimiter =
smtpd_client_restrictions = check_client_access 
hash:/etc/postfix/client_access, reject_rbl_client bl.spamcop.net, 
reject_rbl_client dnsbl.njabl.org, reject_rbl_client cbl.abuseat.org
smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, 
reject_invalid_hostname
smtpd_sender_restrictions = check_sender_access 
hash:/etc/postfix/sender_access, reject_non_fqdn_sender, 
reject_unknown_sender_domain
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:6, 
reject_non_fqdn_recipient, reject_unverified_recipient, 
reject_unknown_recipient_domain, reject_unauth_destination
smtpd_data_restrictions = reject_unauth_pipelining
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix

This server is not heavily used, so we would like to add a web app. The web 
app needs to be able to send email to a range of email destinations which is 
broader than that listed in the transport file. I don't want to have to add 
recipient domains to the transport file, because there will be recipients using 
this web app for whom we don't want to relay mail coming from the internet. We 
will want to relay all mail originating from the webserver on localhost.

If what we're trying to do is very bad practice, we'll come up with another 
solution. But if there's no problem with it in principle, can anyone offer any 
hints for how to set it up?

Many thanks,

Mike.

Re: relaying from localhost

2009-06-06 Thread Magnus Bäck 
On Saturday, June 06, 2009 at 16:24 CEST,
 Mike Robinson  wrote:

> We have a server on the internet which provides spam filtering and a
> couple of other bits and bobs.
> 
> Spam filtering is by postgrey, amavis, clamav and spamassassin. There
> are no local recipients,

If that is the case, why isn't mydestination empty? You have emptied
local_recipient_maps, but this means that all addresses are accepted
(and then possibly bounced, which is bad).

> and all mail is forwarded to the mailbox servers (via transport maps)
> on our various internal nets. Here's the main.cf:

"postconf -n" output is preferred.

[...]

> This server is not heavily used, so we would like to add a web app.
> The web app needs to be able to send email to a range of email
> destinations which is broader than that listed in the transport file.
> I don't want to have to add recipient domains to the transport file,
> because there will be recipients using this web app for whom we don't
> want to relay mail coming from the internet. We will want to relay all
> mail originating from the webserver on localhost.
> 
> If what we're trying to do is very bad practice, we'll come up with
> another solution. But if there's no problem with it in principle, can
> anyone offer any hints for how to set it up?

Just make sure 127.0.0.1/32 (or 127.0.0.0/8) is listed in mynetworks.

-- 
Magnus Bäck
mag...@dsek.lth.se

About Postfix Crash

2009-06-06 Thread Sriram Nyshadham 
Hi All,

Please help me understand why this happened. Postfix has been running fine for 
the past one year + without any issues and suddenly it crashed yesterday on one 
of
our production servers with the following messages:


Jun 6 10:41:52 in02 postfix/smtpd[82431]: warning: connect #1 to subsystem 
private/rewrite: Connection refused
Jun 6 10:41:52 in02 postfix/anvil[25220]: statistics: max connection rate 
50/60s for (smtp:77.46.208.152) at Jun 6 10:40:01
Jun 6 10:41:52 in02 postfix/scache[25282]: statistics: start interval Jun 6 
10:39:42
Jun 6 10:41:52 in02 postfix/scache[25282]: statistics: domain lookup hits=175 
miss=68 success=72%
Jun 6 10:41:52 in02 postfix/scache[25282]: statistics: address lookup hits=0 
miss=272 success=0%
Jun 6 10:41:52 in02 postfix/scache[25282]: statistics: max simultaneous 
domains=1 addresses=4 connection=7
Jun 6 10:41:52 in02 postfix/anvil[25220]: statistics: max connection count 11 
for (smtp:84.36.152.220) at Jun 6 10:40:00
Jun 6 10:41:52 in02 postfix/anvil[25220]: statistics: max cache size 3657 at 
Jun 6 10:40:34
Jun 6 10:41:52 in02 postfix/smtpd[83750]: warning: premature end-of-input on 
private/anvil while reading input attribute name
Jun 6 10:41:52 in02 postfix/smtpd[82923]: warning: connect #1 to subsystem 
private/rewrite: Connection refused
Jun 6 10:41:52 in02 postfix/smtpd[82657]: warning: premature end-of-input on 
private/anvil while reading input attribute name
Jun 6 10:41:52 in02 postfix/smtpd[82427]: warning: premature end-of-input on 
private/anvil while reading input attribute name
Jun 6 10:41:52 in02 postfix/smtpd[82587]: warning: premature end-of-input on 
private/anvil while reading input attribute name
Jun 6 10:41:52 in02 postfix/smtpd[83571]: warning: premature end-of-input on 
private/anvil while reading input attribute name
Jun 6 10:41:52 in02 postfix/smtpd[83829]: warning: premature end-of-input on 
private/anvil while reading input attribute name
Jun 6 10:41:52 in02 postfix/smtpd[84124]: warning: premature end-of-input on 
private/anvil while reading input attribute name
Jun 6 10:41:52 in02 postfix/smtpd[83819]: warning: connect #1 to subsystem 
private/rewrite: Connection refused
Jun 6 10:41:53 in02 postfix/smtpd[83526]: warning: connect #1 to subsystem 
private/rewrite: Connection refused
Jun 6 10:41:53 in02 postfix/smtpd[82886]: warning: connect #1 to subsystem 
private/rewrite: Connection refused
Jun 6 10:41:53 in02 postfix/smtpd[83259]: connect from unknown[119.153.70.150]
Jun 6 10:41:53 in02 postfix/smtpd[83467]: warning: connect #1 to subsystem 
private/rewrite: Connection refused
Jun 6 10:41:53 in02 postfix/smtpd[82492]: NOQUEUE: reject: RCPT from 
unknown[58.187.88.223]: 554 5.7.1 : Recipient address rejected: Access
denied; from= to= proto=ESMTP helo=

I haven't made any configuration changes to any of main.cf or master.cf or any 
other files. When i restarted postfix.. it worked fine again. Wondering what 
would
have caused this to make sure it doesnt happen again.


Please help..


Thanks,
Sriram Nyshadham.

--
Confidentiality And Disclaimer Notice
Please do not print this email unless it is absolutely necessary. The 
information contained in this electronic message and any attachments to this 
message are intended for the exclusive use of the addressee(s) and may contain 
proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. WARNING: Computer viruses can be transmitted via email. The 
recipient should check this email and any attachments for the presence of 
viruses. The company accepts no liability for any damage caused by any virus 
transmitted by this email. ..www.netenrich.com
-

Re: About Postfix Crash

2009-06-06 Thread Sahil Tandon 
On Sat, 06 Jun 2009, Sriram Nyshadham wrote:

> Please help me understand why this happened. Postfix has been running fine
> for the past one year + without any issues and suddenly it crashed
> yesterday on one of our production servers with the following messages:
> 
> Jun 6 10:41:52 in02 postfix/smtpd[82431]: warning: connect #1 to subsystem 
> private/rewrite: Connection refused

Are you on a Solaris box by any chance?  Seems the socket used by
trivial-rewrite is down or unresponsive, and when you restart, it is
once again available which is why the problem 'goes away'.  Just a guess.
There have been some posts about this on the mailing list before -- check
archives.

-- 
Sahil Tandon

RE: About Postfix Crash

2009-06-06 Thread Sriram Nyshadham 
Well I am using FreeBSD 6.3 and not solaris. Is it quite possible the same 
thing would have been done on BSD as well?


> Please help me understand why this happened. Postfix has been running fine
> for the past one year + without any issues and suddenly it crashed
> yesterday on one of our production servers with the following messages:
>
> Jun 6 10:41:52 in02 postfix/smtpd[82431]: warning: connect #1 to subsystem 
> private/rewrite: Connection refused

Are you on a Solaris box by any chance?  Seems the socket used by
trivial-rewrite is down or unresponsive, and when you restart, it is
once again available which is why the problem 'goes away'.  Just a guess.
There have been some posts about this on the mailing list before -- check
archives.

--
Sahil Tandon 

--
Confidentiality And Disclaimer Notice
Please do not print this email unless it is absolutely necessary. The 
information contained in this electronic message and any attachments to this 
message are intended for the exclusive use of the addressee(s) and may contain 
proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. WARNING: Computer viruses can be transmitted via email. The 
recipient should check this email and any attachments for the presence of 
viruses. The company accepts no liability for any damage caused by any virus 
transmitted by this email. ..www.netenrich.com
-

Re: About Postfix Crash

2009-06-06 Thread Sahil Tandon 
On Sat, 06 Jun 2009, Sriram Nyshadham wrote:

> Well I am using FreeBSD 6.3 and not solaris. Is it quite possible the same
> thing would have been done on BSD as well?

Please don't top-post.  I'm not sure -- but one of the experts will likely
chime in.  Good luck!

-- 
Sahil Tandon

Re: About Postfix Crash

2009-06-06 Thread Ralf Hildebrandt 
* Sriram Nyshadham :
> Hi All,
> 
> Please help me understand why this happened. Postfix has been running
> fine for the past one year + without any issues and suddenly it crashed
> yesterday on one of our production servers with the following messages:

I see no crash in the logs you posted.

-- 
Ralf Hildebrandt
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.computerbeschimpfung.de
Wenn die Leute mit dem Logfile die IT-Kompetenz von einem Kilo
Torfmoos an den Tag legen, ist dem Anschein nach davon auszugehen,
dass sie schlicht nicht faehig sind, die Logfiles entsprechend zu
verfaelschen. Bei Microsoft Exchange Admins ist das bezueglich SMTP
u.ae. leider des Oefteren der Fall. (Ja, es gibt viele Ausnahmen, aber
wer Kompetenz im Bezug auf E-Mail besitzt, setzt Exchange nicht direkt
am Internet ein.)

Re: About Postfix Crash

2009-06-06 Thread Victor Duchovni 
On Sat, Jun 06, 2009 at 11:56:42AM -0700, Sriram Nyshadham wrote:

> 
> Jun 6 10:41:52 in02 postfix/smtpd[82431]: warning: connect #1 to subsystem 
> private/rewrite: Connection refused

Don't remove the "rewrite" socket in /var/spool/postfix/private/

What happened after this? When you stop, there is a brief period of time
when some daemons are still running, and others are not. During this time,
you may see symptoms like the above, especially with "reload".

> Jun 6 10:41:52 in02 postfix/smtpd[83750]: warning: premature end-of-input on 
> private/anvil while reading input attribute name
> Jun 6 10:41:52 in02 postfix/smtpd[82923]: warning: connect #1 to subsystem 
> private/rewrite: Connection refused
> Jun 6 10:41:52 in02 postfix/smtpd[84124]: warning: premature end-of-input on 
> private/anvil while reading input attribute name
> Jun 6 10:41:52 in02 postfix/smtpd[83819]: warning: connect #1 to subsystem 
> private/rewrite: Connection refused
> Jun 6 10:41:53 in02 postfix/smtpd[83526]: warning: connect #1 to subsystem 
> private/rewrite: Connection refused
> Jun 6 10:41:53 in02 postfix/smtpd[82886]: warning: connect #1 to subsystem 
> private/rewrite: Connection refused

Did this persist, or was it a single event...

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: About Postfix Crash

2009-06-06 Thread Wietse Venema 
Sriram Nyshadham:
> Jun 6 10:41:52 in02 postfix/smtpd[82431]: warning: connect #1 to subsystem 
> private/rewrite: Connection refused
> Jun 6 10:41:52 in02 postfix/anvil[25220]: statistics: max connection rate 
> 50/60s for (smtp:77.46.208.152) at Jun 6 10:40:01
> Jun 6 10:41:52 in02 postfix/scache[25282]: statistics: start interval Jun 6 
> 10:39:42
> Jun 6 10:41:52 in02 postfix/scache[25282]: statistics: domain lookup hits=175 
> miss=68 success=72%
> Jun 6 10:41:52 in02 postfix/scache[25282]: statistics: address lookup hits=0 
> miss=272 success=0%
> Jun 6 10:41:52 in02 postfix/scache[25282]: statistics: max simultaneous 
> domains=1 addresses=4 connection=7
> Jun 6 10:41:52 in02 postfix/anvil[25220]: statistics: max connection count 11 
> for (smtp:84.36.152.220) at Jun 6 10:40:00
> Jun 6 10:41:52 in02 postfix/anvil[25220]: statistics: max cache size 3657 at 
> Jun 6 10:40:34

Your Postfix master daemon process was terminated.

Wietse

Re: relaying from localhost

2009-06-06 Thread Mike Robinson 
Hi Magnus,

Thanks for replying. 

>
> If that is the case, why isn't mydestination empty? You have emptied
> local_recipient_maps, but this means that all addresses are accepted
> (and then possibly bounced, which is bad).
>

Because I was getting messages in the logs like this, and 
/var/spool/clientmqueue/ was filling up, even though I have an alias to a real 
email address set up for emails to root:

to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, 
pri=30372, relay=[127.0.0.1] [127.0.0.1], dsn=4.1.1, stat=Deferred: 450 4.1.1 
: Recipient address rejected: undeliverable address: mail 
for server.domain loops back to myself

>
> Just make sure 127.0.0.1/32 (or 127.0.0.0/8) is listed in mynetworks.

I had tried that, and it doesn't work. If there is no server defined in 
/etc/postfix/transport for the recipient's domain, it won't relay:

Jun  7 06:35:04 servername postgrey[2392]: action=pass, reason=client AWL, 
client_name=localhost.localdomain, client_address=127.0.0.1, 
sender=ad...@server.domain, recipient=exter...@email.address 
Jun  7 06:35:04 servername postfix/smtp[28011]: 1F9033BE46: 
to=, relay=external.relay.server[xxx.xxx.xxx.xxx]:25, 
delay=0.3, delays=0.01/0.01/0.16/0.12, dsn=2.0.0, status=deliverable (250 
 ok)
Jun  7 06:35:07 spam1 postfix/smtpd[28007]: NOQUEUE: reject: RCPT from 
localhost.localdomain[127.0.0.1]: 554 5.7.1 : Relay 
access denied; from= to= 
proto=ESMTP helo=

Here's postconf -n:

alias_maps = hash:/etc/aliases
bounce_queue_lifetime = 15d
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[localhost]:10024
daemon_directory = /usr/libexec/postfix
disable_vrfy_command = yes
html_directory = no
local_recipient_maps = 
mail_owner = postfix
mailbox_size_limit = 10500
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 15d
message_size_limit = 10500
mydestination = server.domain.name
mydomain = domain.name
myhostname = server.domain.name
mynetworks = xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx,127.0.0.1/32
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_delimiter = 
relay_domains = $transport_maps
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = check_client_access 
hash:/etc/postfix/client_access, reject_rbl_client bl.spamcop.net, 
reject_rbl_client dnsbl.njabl.org, reject_rbl_client cbl.abuseat.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, 
reject_invalid_hostname
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:6, 
reject_non_fqdn_recipient, reject_unverified_recipient, 
reject_unknown_recipient_domain, reject_unauth_destination
smtpd_sender_restrictions = check_sender_access 
hash:/etc/postfix/sender_access, reject_non_fqdn_sender, 
reject_unknown_sender_domain
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual