Re: temporary errors for DNS
On Mon, Jul 13, 2009 at 06:58:28PM -0400, Wietse Venema wrote: Keld Jørn Simonsen: Is there a way to disambiguate between DNS timeouts and DNS errors, and discard the latter? Postfix is only the messenger of the bad news. When the server responds, Postfix acts accordingly. When the server does not reply, Postfix assumes that this is a temporary error, because assuming otherwise would cause a lot of mail to fail. Yes, but there are two types of bad news: one is that we do not know if everything is fine, timeout, and the other that we positively know something is wrong. I understand that in both cases postfix gives a 450 code, and that there is no way in postfix to change this code. Is that so? Best regards keld
Message Size Limit Exceed
Hi all, I would like to ask if the size of message exceeds the one defined in main.cf, how can I configure Postfix to generate a bounce or error notice to user/admins? Thank you very much! Best, Jacky -- View this message in context: http://www.nabble.com/Message-Size-Limit-Exceed-tp24476172p24476172.html Sent from the Postfix mailing list archive at Nabble.com.
Re: Wrong FQDN in From
On Mon, July 13, 2009 18:05, Jaime Kikpole wrote: When RT sends an email to me, it is coming from r...@atlas.cairodurham.org. I am trying to make that say r...@cns.cairodurham.org, instead. postconf -e 'myorigin=cns.cairodurham.org' postconf -e 'myhostname=atlas.cairodurham.org' more problems ? postconf -n to pastebin, none here have a crystallball :) -- xpoint
Re: Wrong FQDN in From
On Mon, July 13, 2009 19:34, Noel Jones wrote: Don't use a CNAME in a mail address. hmm i belived it was just for the mx to not be a cname ? -- xpoint
Re: Message Size Limit Exceed
On Tuesday 14 July 2009 10:20:09 Jacky Chan wrote: I would like to ask if the size of message exceeds the one defined in main.cf, how can I configure Postfix to generate a bounce or error notice to user/admins? User? On our boxes it returns an appropriate error code to the sender (who is the only person who can fix the issue), and logs an error. I use logcheck and pflogsumm, so as administrator this is picked out of mail logs and reported to me. One could create an event from the log file entry, plenty of tools to do that sort of thing around, but I'd say half of these events are things the users wouldn't want to know about anyway (i.e. things (read bots) gone mad, rather than genuine attempts to send email with big attachments, although that may depend on the largest size allowed).
Re: temporary errors for DNS
Keld J?rn Simonsen: On Mon, Jul 13, 2009 at 06:58:28PM -0400, Wietse Venema wrote: Keld J?rn Simonsen: Is there a way to disambiguate between DNS timeouts and DNS errors, and discard the latter? Postfix is only the messenger of the bad news. When the server responds, Postfix acts accordingly. When the server does not reply, Postfix assumes that this is a temporary error, because assuming otherwise would cause a lot of mail to fail. Yes, but there are two types of bad news: one is that we do not know if everything is fine, timeout, and the other that we positively know something is wrong. I understand that in both cases postfix gives a 450 code, and that there is no way in postfix to change this code. Is that so? Some people are thick enough that they need everything spelled out. OK, here goes: 1) The server replies with good news. Postfix replies with good news. 2) The server replies with bad news. Postfix replies with 5xx. 3) No server reply. Postfix replies with 4xx. Is this finally clear? Wietse
Re: temporary errors for DNS
On Tue, Jul 14, 2009 at 06:37:30AM -0400, Wietse Venema wrote: Keld Jørn Simonsen: On Mon, Jul 13, 2009 at 06:58:28PM -0400, Wietse Venema wrote: Keld J?rn Simonsen: Is there a way to disambiguate between DNS timeouts and DNS errors, and discard the latter? Postfix is only the messenger of the bad news. When the server responds, Postfix acts accordingly. When the server does not reply, Postfix assumes that this is a temporary error, because assuming otherwise would cause a lot of mail to fail. Yes, but there are two types of bad news: one is that we do not know if everything is fine, timeout, and the other that we positively know something is wrong. I understand that in both cases postfix gives a 450 code, and that there is no way in postfix to change this code. Is that so? Some people are thick enough that they need everything spelled out. Oh, you mean me? No, I am bright, so that can't be:-) But I see that you did say that it reacts differnetly on timeouts and error codes. Still there is something that I do not understand, and which gives me problems, see below. OK, here goes: 1) The server replies with good news. Postfix replies with good news. 2) The server replies with bad news. Postfix replies with 5xx. 3) No server reply. Postfix replies with 4xx. Is this finally clear? Yes, thanks. But it seems that my postfix reacts differently on a NXDOMAIN and SVRFAIL, although they both should lead to 5xx error codes. That is why I am so thick to not understand. From my previous post: Jul 14 00:11:58 rap postfix/smtpd[1054]: NOQUEUE: reject: RCPT from rap.rap.dk[127.0.0.1]: 450 4.1.8 jets...@server30.reverya.com: Sender address +rejected: Domain not found; from=jets...@server30.reverya.com to=k...@localhost proto=ESMTP helo=rap.rap.dk Jul 14 00:11:58 rap postfix/smtpd[1054]: + rap.rap.dk[127.0.0.1]: 450 4.1.8 jets...@server30.reverya.com: Sender address rejected: Domain not found here there is a 450 response to a name server error. You said above: 2) The server replies with bad news. Postfix replies with 5xx. 5xx is not 450, so what is happening? And thanks for you patience with me. Best regards keld
Re: temporary errors for DNS
On 14/7/09 12:10, Keld Jørn Simonsen wrote: OK, here goes: 1) The server replies with good news. Postfix replies with good news. 2) The server replies with bad news. Postfix replies with 5xx. 3) No server reply. Postfix replies with 4xx. Is this finally clear? Yes, thanks. But it seems that my postfix reacts differently on a NXDOMAIN and SVRFAIL, although they both should lead to 5xx error codes. That is why I am so thick to not understand. I think the distinction here is between a DNS server (what you're referring to) and an SMTP server (what Wietse is referring to). DNS server response failure implies no SMTP server reply, thus 4xx. seem reasonable? - Mark
Re: Wrong FQDN in From
Jaime Kikpole a écrit : On Mon, Jul 13, 2009 at 1:47 PM, Victor Duchovnivictor.ducho...@morganstanley.com wrote: Don't use a CNAME in a mail address. Why not? After all, how would you handle vhosts if you can't send as the CNAME record? since when CNAME was needed for vhosts? alice A 192.0.2.1 bob A 192.0.2.1 ... CNAME is necessary when the name points to an external zone which is not under your control. that is: alice CNAME joe.example.com. bob CNAME joe.example.com. with example.com being an external domain (that is not under your control). if example.com zone is under your control, it is easy to use a script to generate A records instead. [snip] So its caused by some combination of factors which includes the CNAME and Request Tracker. (Remember, using telnet to manually build and send a message sent it as cns.cairodurham.org before the DNS changed.) maybe submission is using Sendmail and not the sendmail command provided by postfix. It is generally easier to uninstall Sendmail when you want to use postfix. Any reason I shouldn't leave the DNS like this? As Noel already said, external MTAs may replace the CNAME, which would cause problems. Also, that question about virtual hosting of several email domains was not rhetorical. How is a sysadmin supposed to configure their DNS for such a thing? see above.
Re: temporary errors for DNS
Wietse Venema: Keld J_rn Simonsen: OK, here goes: 1) The server replies with good news. Postfix replies with good news. 2) The server replies with bad news. Postfix replies with 5xx. 3) No server reply. Postfix replies with 4xx. Is this finally clear? Yes, thanks. But it seems that my postfix reacts differently on a NXDOMAIN and SVRFAIL, although they both should lead to 5xx error codes. NXDOMAIN is an example of case 1). SERVFAIL (not SVRFAIL) is an example of case 3): the server is unable to provide an answer. It is not appropriate to treat all SERVFAIL results as if the domain is illegitimate. If you have a problem with particular DNS servers, use check_sender_ns_access, possibly in the form of a dynamically-updated blacklist, or suggest a reject_rbl_xxx feature that targets the DNS operator of the sender or client domain. Wietse
fatal: garbage after ] in server description:
Hi All, After adding a couple of hundred lines to transport.misc, these errors are popping up in the mail.log: Jul 14 04:09:14 servername postfix/smtp[22020]: fatal: garbage after ] in server description: [SEGBLOGR0008.springer-sbm.com],relay:[SEGBLOGR0008.springer -sbm.com] It's a shame it doesn't tell you which line contains the error cause we have a few thousand lines in that file, and lots of them contain this server. When searching for a invalid entry using that servername I wasn't able to find anything wrong. The only thing I can imagine is that we hit some kind of limit Is there a limit in the length of an email address? We have a couple of crazy long addresses in there e.g. bmccomplementaryandalternativemedic...@biomedcentral.com bmcmedicalinformaticsanddecisionmak...@biomedcentral.com Thanks! - Marco van Kammen Springer Science+Business Media System Manager Postmaster - van Godewijckstraat 30 | 3311 GX Office Number: 05E21 Dordrecht | The Netherlands - tel +31(78)6576446 fax +31(78)6576302 - www.springeronline.com http://www.springeronline.com www.springer.com http://www.springer.com/ -
Re: temporary errors for DNS
On Tue, Jul 14, 2009 at 09:04:15AM -0400, Wietse Venema wrote: Wietse Venema: Keld J_rn Simonsen: OK, here goes: 1) The server replies with good news. Postfix replies with good news. 2) The server replies with bad news. Postfix replies with 5xx. 3) No server reply. Postfix replies with 4xx. Is this finally clear? Yes, thanks. But it seems that my postfix reacts differently on a NXDOMAIN and SVRFAIL, although they both should lead to 5xx error codes. NXDOMAIN is an example of case 1). You mean case 2) ? SERVFAIL (not SVRFAIL) is an example of case 3): the server is unable to provide an answer. It is not appropriate to treat all SERVFAIL results as if the domain is illegitimate. OK, I see. Actually NXDOMAIN and SERVFAIL are the only two error statuses that DNS gives (according to some googeling I just did), So I was misled by treating one DNS error in one way, and the only other DNS error in another way, when you said 2) The server replies with bad news. Postfix replies with 5xx.. The DNS server that is being queried does give an answer, namely SERVFAIL. But on the other hand that reflects an error in responding from the partners of the queried DNS server. Maybe this distinction could be clarified in TFM. I did have: unknown_address_reject_code = 550 in my main.cf (and I did do some RTFM before asking) but was not aware that SERVFAIL was considered a temporary DNS error. I would have thought that SERVFAIL was a permanent DNS error, at least it seems a bit more permanent than just a timeout. And in my case it is predominantly spam, but then more than 99 % of the mail handled by postfix here is spam. SERVFAIL means that there is data for the domain in the root servers, but that the servers giving authorative answers do not answer. The latter may be due to timeouts, perhaps? Or it may be misconfiguration, or nonavailablilty. An aside: would it then be possible to ask for a non-authorative answer and rely on that in postfix? If you have a problem with particular DNS servers, use check_sender_ns_access, possibly in the form of a dynamically-updated blacklist, or suggest a reject_rbl_xxx feature that targets the DNS operator of the sender or client domain. Well, it is spam, so the servers would change all the time. A hand-coded setup is not feasible. I am not aware of dynamic blacklists for this, whould the be a tutorial for handling this somewhere? Best regards keld
scheduled queue
Hi guys I have a question. Is that possible to make postfix keep messages bigger than let's say 500K in the queue for delivery at certain hours, let say night hours to save bandwith? Thanks in advance David
Best practices for port setup
Hello. I am looking for clarification on RFC 5068 3.2 or any related/ updated/replaced RFC's. Outside of those, general best practice ideas for moving forward would be appreciated. In regards to AUTH on ports 25 and 587, I was under the impression we should be trying to migrate all clients to 587 for AUTH when in submission. Does this also mean best practice would be to close AUTH on 25 in order to more aggressively pursue this? What administrative plusses are there by doing so, if any. I would think at the least, being able to disable 25 when under attack but still allow users to sumbit would be one reason. Are there other benefits? Is there another RFC that addresses this? I'm being told that disabling AUTH on 25 would be in violation of the above RFC, though that is not how I read it. In regards to opportunistic TLS, a quick telnet to 10 random MX's shows STARTTLS after ehlo in about 50% of the cases. Disabled AUTH was in 90%. Is there RFC for opportunistic TLS? I'm running it now, but wonder what your experiences are. It's certainly nice to see a 50% use rate, but I worry I may have delivery problems. Is there general high reliability to this? Is there a way to disable opportunistic TLS coming from specific senders if I do run into problems? I am looking to do the right thing moving forward, and want to be sure I am not implementing bad internal policy as a result of misunderstanding RFC and best practices for moving forward. Thank you postfixers. -- Scott Iphone says hello.
Re: temporary errors for DNS
Keld J?rn Simonsen: Jul 14 00:11:58 rap postfix/smtpd[1054]: NOQUEUE: reject: RCPT from rap.rap.dk[127.0.0.1]: 450 4.1.8 jets...@server30.reverya.com: Sender address rejected: Domain not found; from=jets...@server30.reverya.com to=k...@localhost proto=ESMTP helo=rap.rap.dk Jul 14 00:11:58 rap postfix/smtpd[1054]: rap.rap.dk[127.0.0.1]: 450 4.1.8 jets...@server30.reverya.com: Sender address rejected: Domain not found Your DNS is still screwed up, that's why it can't find out that server30.reverya.com has an A record, and that is why Postfix receives a temporary error. Wietse
Re: temporary errors for DNS
Keld Jørn Simonsen a écrit : On Tue, Jul 14, 2009 at 12:24:10AM +0200, Keld Jørn Simonsen wrote: Well, still problems, but of the more understandable type. Jul 14 00:11:58 rap postfix/smtpd[1054]: NOQUEUE: reject: RCPT from rap.rap.dk[127.0.0.1]: 450 4.1.8 jets...@server30.reverya.com: Sender address rejected: Domain not found; from=jets...@server30.reverya.com to=k...@localhost proto=ESMTP helo=rap.rap.dk Jul 14 00:11:58 rap postfix/smtpd[1054]: rap.rap.dk[127.0.0.1]: 450 4.1.8 jets...@server30.reverya.com: Sender address rejected: Domain not found host server30.reverya.com gives: Host server30.reverya.com not found: 2(SERVFAIL) So this would probably never resolve, but fail with a 450 error. I would like to discard it. I had 3 mails like that earlier today, with a nonresolvable domain, and they will keep lying in my IMAP box till I do special things to delete them. Is there a way to disambiguate between DNS timeouts and DNS errors, and discard the latter? I did have in main.cf: unknown_address_reject_code = 550 Now I also have: reject_tempfail_action = discard Still postfix respond with a 450 to fetchmail: Jul 14 18:52:43 rap postfix/smtpd[17637]: NOQUEUE: reject: RCPT from rap.rap.dk[127.0.0.1]: 450 4.1.8 jets...@server30.reverya.com: Sender address rejected : Domain not found; from=jets...@server30.reverya.com to=k...@localhost proto=ESMTP helo=rap.rap.dk the client is 127.0.0.1, why do you reject/defer mail from localhost? are you using a transparent proxy in front of postfix? if not, you should not reject mail as it has already been accepted by your server. your only choice is to discard, quarantine or deliver. otherwise, you'll be a backscatter source. and if you had the real IP, you would have other means of blocking the junk. something is borked in your setup. I now have 6 of such email in my IMAP folder. can you show the headers? (feel free to hide private infos, but do so coherently). I noticed anther thing: another of my domain not found emails really times out. sys...@doremo.jp - And then I don't understand why this is not a SERVFAIL. This happens repededly. And acces to the .jp domain should be readily available, and then the .jp root server should be able to tell if it did have any info in the second level domain. But then .jp has sectoral domains on the 2nd level, like ac.jp and or.jo. An arbitrary abdjd.jp yields a NXDOMAIN, The query times out after 30 secs. So in my humble eyes it seems like a DNS timeout is actually a timeout on the authoriative server, and that SERVFAIL is not at timeout, and it does not reflect a timeout at the authoritative server. Consequently it should be handled by the unknown_address_reject_code statement. nah. the domain is unknown if its DNS server SAYS that the domain does not exist. in this case, there is NO ERROR. If you ask my whether I have seen Joe in the crime scene, then yes is positive, no is negative, and anything else (such as me running away or shooting you with a gun) is nor positive nor negative. Hmm, also tried to do reject_tempfail_action = accept To get the mail thru, and hope that razor/spamassassin would kill them, eventually I would had to delete it by hand. But still I get the 450 response code from postfix... Any ideas on how to get rid of the 450 code, or other actions?
Re: temporary errors for DNS
On Tue, Jul 14, 2009 at 01:55:39PM -0400, Wietse Venema wrote: Keld Jørn Simonsen: Jul 14 00:11:58 rap postfix/smtpd[1054]: NOQUEUE: reject: RCPT from rap.rap.dk[127.0.0.1]: 450 4.1.8 jets...@server30.reverya.com: Sender address rejected: Domain not found; from=jets...@server30.reverya.com to=k...@localhost proto=ESMTP helo=rap.rap.dk Jul 14 00:11:58 rap postfix/smtpd[1054]: rap.rap.dk[127.0.0.1]: 450 4.1.8 jets...@server30.reverya.com: Sender address rejected: Domain not found Your DNS is still screwed up, that's why it can't find out that server30.reverya.com has an A record, and that is why Postfix receives a temporary error. I changed the nameserver and it resolved the problem. Thanks for your help! Best regards keld
[no subject]
Hi I am comparatively new to postfix and seem unable to get my configuration correct to ensure there are no open relays. For obvious reasons I am not posting from the network concerned! I set out below 1. Details of test with abuse.net 2. maillog entries for the test 3. network requirements for the server 4. entries in main.cf 1. A test with abuse.net produces the following: 220 xxx.x.tld ESMTP Postfix (2.6.2) HELO www.abuse.net 250 xxx.x.tld Relay test 1 RSET 250 2.0.0 Ok MAIL FROM:spamt...@abuse.net 250 2.1.0 Ok RCPT TO:x...@.tld 250 2.1.5 Ok DATA 354 End data with CRLF.CRLF (message body) 250 2.0.0 Ok: queued as 15F7234D421 A report was received indication an open relay 2. The Maillog entry (abbreviated) shows: date time postfix/smptd[] connect from verify.abuse.net [] 15F7234D421 client=verify.abuse.net /cleanup[] 15F7234D421 message- id=rlytest-...@abuse.net /qmgr[] 15F7234D421 from =spamt...@abuse.net,size =1125, ncrpt=1 (queue active) /local [] 15F7234D421 to=x...@mydomain.tld, relay = local,delay=0.41,delays =0.41/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox) /qmgr [] 15F7234D421 removed /smptd [] disconnect from verify.abuse.net[IP] 3. The mail server is freebsd 7.2 and intended to be the primary mail server for a small local network for its own domain and supports mail for multiple virtual domains. The virtual domains are specified in virtual_alias_domains. The server also runs qpopper to provide pop3 service to the local network. 4. Entries from main.cf relay_domains = $mydestination [mydomain].tld smptd_recipent_restrictions = permit_mynetworks, reject_unauth_destinations ### ### NOTE I tried adding ### { smptd_client_restrictions = permit_mynetworks, reject} ### WHICH solved the open relay problem but hardly any mail got through from the internet!!! smptd_sender_restrictions = reject_unknown_sender_domain smptd_sender_restrictions = reject_non_fqdn_sender smptd_helo_required = yes smptd_helo_restrictions = reject_invalid_hostname smptd_helo_restrictions = reject_non_fqdn_hostname mynetworks_style = subnet If anyone could point me in the right direction I would be most obliged Thanks in advance David David Southwell ARPS Photographic Artist Permanent Installations and Design
Setting up postfix problems
Hi I am comparatively new to postfix and seem unable to get my configuration correct to ensure there are no open relays. For obvious reasons I am not posting from the network concerned! I set out below 1. Details of test with abuse.net 2. maillog entries for the test 3. network requirements for the server 4. entries in main.cf 1. A test with abuse.net produces the following: 220 xxx.x.tld ESMTP Postfix (2.6.2) HELO www.abuse.net 250 xxx.x.tld Relay test 1 RSET 250 2.0.0 Ok MAIL FROM:spamt...@abuse.net 250 2.1.0 Ok RCPT TO:x...@.tld 250 2.1.5 Ok DATA 354 End data with CRLF.CRLF (message body) 250 2.0.0 Ok: queued as 15F7234D421 A report was received indication an open relay 2. The Maillog entry (abbreviated) shows: date time postfix/smptd[] connect from verify.abuse.net [] 15F7234D421 client=verify.abuse.net /cleanup[] 15F7234D421 message- id=rlytest-...@abuse.net /qmgr[] 15F7234D421 from =spamt...@abuse.net,size =1125, ncrpt=1 (queue active) /local [] 15F7234D421 to=x...@mydomain.tld, relay = local,delay=0.41,delays =0.41/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox) /qmgr [] 15F7234D421 removed /smptd [] disconnect from verify.abuse.net[IP] 3. The mail server is freebsd 7.2 and intended to be the primary mail server for a small local network for its own domain and supports mail for multiple virtual domains. The virtual domains are specified in virtual_alias_domains. The server also runs qpopper to provide pop3 service to the local network. 4. Entries from main.cf relay_domains = $mydestination [mydomain].tld smptd_recipent_restrictions = permit_mynetworks, reject_unauth_destinations ### ### NOTE I tried adding ### { smptd_client_restrictions = permit_mynetworks, reject} ### WHICH solved the open relay problem but hardly any mail got through from the internet!!! smptd_sender_restrictions = reject_unknown_sender_domain smptd_sender_restrictions = reject_non_fqdn_sender smptd_helo_required = yes smptd_helo_restrictions = reject_invalid_hostname smptd_helo_restrictions = reject_non_fqdn_hostname mynetworks_style = subnet If anyone could point me in the right direction I would be most obliged Thanks in advance David David Southwell ARPS Photographic Artist Permanent Installations and Design
Re: Setting up postfix problems
I am comparatively new to postfix and seem unable to get my configuration correct to ensure there are no open relays. For obvious reasons I am not posting from the network concerned! I set out below 1. Details of test with abuse.net 2. maillog entries for the test 3. network requirements for the server 4. entries in main.cf Post the output from postconf -n. Terry
re: Setting up postfix problems
dns1# postconf -n alias_maps = hash:/etc/aliases command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/mail mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1 mydomain = vizion2000.net myhostname = dns1.vizion2000.net mynetworks = 192.168.15.0/24, 127.0.0.0/8 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases proxy_interfaces = dns1.vizion2000.net queue_directory = /var/spool/postfix readme_directory = no relay_domains = $mydestination relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination unknown_local_recipient_reject_code = 550 virtual_alias_domains = workplacemassage.co.uk, atf4.com, methuselaproject.org, methuselaproject.com, tiptogo.com, virtual_alias_maps = hash:/usr/local/etc/postfix/virtual, dns1# David Southwell ARPS Photographic Artist Permanent Installations and Design
Should MX record name be same as hostname?
Hello, Now that I have my local mail set up, I can let my domain name come up from hiding. When I run: # hostname -f genex.timothylegg.com and # dig timothylegg.com MX ;; QUESTION SECTION: ;timothylegg.com. IN MX ;; ANSWER SECTION: timothylegg.com.9220IN MX 10 mail.timothylegg.com. My hostname is genex.timothylegg.com on my machine and my MX record points to mail.timothylegg.com I was wondering if the MX record should point to the same name as my hostname. Obviously, this isn't too big of a problem, since my mail works after all. I don't know if this something that I should have corrected or if is it standard as it is? Below is a the untrimmed output of the dig output. Thanks, Tim Legg # dig timothylegg.com MX ; DiG 9.5.1-P1 timothylegg.com MX ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 30816 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;timothylegg.com. IN MX ;; ANSWER SECTION: timothylegg.com.9220IN MX 10 mail.timothylegg.com. ;; Query time: 10 msec ;; SERVER: 65.106.1.196#53(65.106.1.196) ;; WHEN: Tue Jul 14 13:49:15 2009 ;; MSG SIZE rcvd: 54
Re: Should MX record name be same as hostname?
On Jul 14, 2009, at 12:06 PM, Tim Legg wrote: ;; ANSWER SECTION: timothylegg.com.9220IN MX 10 mail.timothylegg.com. My hostname is genex.timothylegg.com on my machine and my MX record points to mail.timothylegg.com I was wondering if the MX record should point to the same name as my hostname. Obviously, this isn't too big of a problem, since my mail works after all. I don't know if this something that I should have corrected or if is it standard as it is? The MX should point to an A record that resolves to the IP address that postfix listens on. I believe that is the only requirement. My postfix server will use the hostname of the ehlo/helo in a transaction, which is not the same as my MX, and has never caused me any trouble. I believe your setup is perfectly reasonable, and should work fine. -- Scott * If you contact me off list replace talklists@ with scott@ *
Re: Should MX record name be same as hostname?
Tim Legg a écrit : Hello, Now that I have my local mail set up, I can let my domain name come up from hiding. When I run: # hostname -f genex.timothylegg.com and # dig timothylegg.com MX ;; QUESTION SECTION: ;timothylegg.com. IN MX ;; ANSWER SECTION: timothylegg.com. 9220IN MX 10 mail.timothylegg.com. $ host mail.timothylegg.com mail.timothylegg.com is an alias for timothylegg.com. ... the MX must not be a CNAME. add mail.timothylegg.com. A 67.104.200.131 to your zone and remove the corresponding CNAME line. My hostname is genex.timothylegg.com $ host genex.timothylegg.com Host genex.timothylegg.com not found: 3(NXDOMAIN) on my machine and my MX record points to mail.timothylegg.com I was wondering if the MX record should point to the same name as my hostname. no. a single host can handle mail for many domains, and a single domain can have multiple MXes. [snip]
Re: Setting up postfix problems
proph...@vizion.occoxmail.com a écrit : dns1# postconf -n alias_maps = hash:/etc/aliases command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/mail mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1 mydomain = vizion2000.net myhostname = dns1.vizion2000.net mynetworks = 192.168.15.0/24, 127.0.0.0/8 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases proxy_interfaces = dns1.vizion2000.net queue_directory = /var/spool/postfix readme_directory = no relay_domains = $mydestination This is the (old) compatibility default. set relay_domains = (empty value). relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination with this configuration, you are not an open relay. unknown_local_recipient_reject_code = 550 virtual_alias_domains = workplacemassage.co.uk, atf4.com, methuselaproject.org, methuselaproject.com, tiptogo.com, virtual_alias_maps = hash:/usr/local/etc/postfix/virtual,
Re: Should MX record name be same as hostname?
On Jul 14, 2009, at 15:32, Scott Haneda wrote: On Jul 14, 2009, at 12:06 PM, Tim Legg wrote: ;; ANSWER SECTION: timothylegg.com.9220IN MX 10 mail.timothylegg.com. My hostname is genex.timothylegg.com on my machine and my MX record points to mail.timothylegg.com I was wondering if the MX record should point to the same name as my hostname. Obviously, this isn't too big of a problem, since my mail works after all. I don't know if this something that I should have corrected or if is it standard as it is? The MX should point to an A record that resolves to the IP address that postfix listens on. I believe that is the only requirement. My postfix server will use the hostname of the ehlo/helo in a transaction, which is not the same as my MX, and has never caused me any trouble. I believe your setup is perfectly reasonable, and should work fine. My server runs on a dynamic IP address on a cable modem, and I use dyndns.org to get to it from remote. The machine's hostname matches the name in the MX record, but the host record in DNS is a CNAME record, not an A record. The CNAME points to a dyndns.org hostname, which does have an A record (which is updated by a dyndns client running on my server). I have run things this way for a long while with no issue. A long while is: years on sendmail, and months on postfix. Daniel
Re: Should MX record name be same as hostname?
On Tue, Jul 14, 2009 at 3:41 PM, Daniel L'Hommedieu dlhommed...@gmail.com wrote: On Jul 14, 2009, at 15:32, Scott Haneda wrote: On Jul 14, 2009, at 12:06 PM, Tim Legg wrote: ;; ANSWER SECTION: timothylegg.com. 9220 IN MX 10 mail.timothylegg.com. My hostname is genex.timothylegg.com on my machine and my MX record points to mail.timothylegg.com I was wondering if the MX record should point to the same name as my hostname. Obviously, this isn't too big of a problem, since my mail works after all. I don't know if this something that I should have corrected or if is it standard as it is? The MX should point to an A record that resolves to the IP address that postfix listens on. I believe that is the only requirement. My postfix server will use the hostname of the ehlo/helo in a transaction, which is not the same as my MX, and has never caused me any trouble. I believe your setup is perfectly reasonable, and should work fine. My server runs on a dynamic IP address on a cable modem, and I use dyndns.org to get to it from remote. The machine's hostname matches the name in the MX record, but the host record in DNS is a CNAME record, not an A record. The CNAME points to a dyndns.org hostname, which does have an A record (which is updated by a dyndns client running on my server). I have run things this way for a long while with no issue. A long while is: years on sendmail, and months on postfix. RFC 2181Clarifications to the DNS SpecificationJuly 1997 10.3. MX and NS records The domain name used as the value of a NS resource record, or part of the value of a MX resource record must not be an alias. Not only is the specification clear on this point, but using an alias in either of these positions neither works as well as might be hoped, nor well fulfills the ambition that may have led to this approach. This domain name must have as its value one or more address records. Currently those will be A records, however in the future other record types giving addressing information may be acceptable. It can also have other RRs, but never a CNAME RR. Searching for either NS or MX records causes additional section processing in which address records associated with the value of the record sought are appended to the answer. This helps avoid needless extra queries that are easily anticipated when the first was made. Additional section processing does not include CNAME records, let alone the address records that may be associated with the canonical name derived from the alias. Thus, if an alias is used as the value of an NS or MX record, no address will be returned with the NS or MX value. This can cause extra queries, and extra network burden, on every query. It is trivial for the DNS administrator to avoid this by resolving the alias and placing the canonical name directly in the affected record just once when it is updated or installed. In some particular hard cases the lack of the additional section address records in the results of a NS lookup can cause the request to fail. Daniel
Re: Re: Setting up postfix problems
From: mouss mo...@ml.netoyen.net Date: 2009/07/14 Tue PM 03:40:14 EDT To: postfix-users@postfix.org Subject: Re: Setting up postfix problems proph...@vizion.occoxmail.com a écrit : dns1# postconf -n alias_maps = hash:/etc/aliases command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/mail mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1 mydomain = vizion2000.net myhostname = dns1.vizion2000.net mynetworks = 192.168.15.0/24, 127.0.0.0/8 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases proxy_interfaces = dns1.vizion2000.net queue_directory = /var/spool/postfix readme_directory = no relay_domains = $mydestination This is the (old) compatibility default. set relay_domains = (empty value). relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination with this configuration, you are not an open relay. unknown_local_recipient_reject_code = 550 virtual_alias_domains = workplacemassage.co.uk, atf4.com, methuselaproject.org, methuselaproject.com, tiptogo.com, virtual_alias_maps = hash:/usr/local/etc/postfix/virtual, Tried that buy still get the same open relay on test from abuse.net David Southwell ARPS Photographic Artist Permanent Installations and Design
Re: Setting up postfix problems
On Tue, Jul 14, 2009 at 2:28 PM, proph...@vizion.occoxmail.com wrote: Hi I am comparatively new to postfix and seem unable to get my configuration correct to ensure there are no open relays. For obvious reasons I am not posting from the network concerned! I set out below 1. Details of test with abuse.net 2. maillog entries for the test 3. network requirements for the server 4. entries in main.cf 1. A test with abuse.net produces the following: 220 xxx.x.tld ESMTP Postfix (2.6.2) HELO www.abuse.net 250 xxx.x.tld Relay test 1 RSET 250 2.0.0 Ok MAIL FROM:spamt...@abuse.net 250 2.1.0 Ok RCPT TO:x...@.tld 250 2.1.5 Ok DATA 354 End data with CRLF.CRLF (message body) 250 2.0.0 Ok: queued as 15F7234D421 A report was received indication an open relay 2. The Maillog entry (abbreviated) shows: date time postfix/smptd[] connect from verify.abuse.net [] 15F7234D421 client=verify.abuse.net /cleanup[] 15F7234D421 message- id=rlytest-...@abuse.net /qmgr[] 15F7234D421 from =spamt...@abuse.net,size =1125, ncrpt=1 (queue active) /local [] 15F7234D421 to=x...@mydomain.tld, relay = local,delay=0.41,delays =0.41/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox) /qmgr [] 15F7234D421 removed /smptd [] disconnect from verify.abuse.net[IP] this seems to show the test message being delivered to a local mailbox. if you are testing relay using an address that the server should accept mail for, and it accepts it, that is not an open relay. that is a mail server accepting mail as it should. what matters is how the server behaves when you try to deliver to a non local recipient. unless I am just missing something, I think youre doing the test wrong. 3. The mail server is freebsd 7.2 and intended to be the primary mail server for a small local network for its own domain and supports mail for multiple virtual domains. The virtual domains are specified in virtual_alias_domains. The server also runs qpopper to provide pop3 service to the local network. 4. Entries from main.cf relay_domains = $mydestination [mydomain].tld smptd_recipent_restrictions = permit_mynetworks, reject_unauth_destinations ### ### NOTE I tried adding ### { smptd_client_restrictions = permit_mynetworks, reject} ### WHICH solved the open relay problem but hardly any mail got through from the internet!!! smptd_sender_restrictions = reject_unknown_sender_domain smptd_sender_restrictions = reject_non_fqdn_sender smptd_helo_required = yes smptd_helo_restrictions = reject_invalid_hostname smptd_helo_restrictions = reject_non_fqdn_hostname mynetworks_style = subnet If anyone could point me in the right direction I would be most obliged Thanks in advance David David Southwell ARPS Photographic Artist Permanent Installations and Design
Re: Setting up postfix problems
proph...@vizion.occoxmail.com wrote: Hi I am comparatively new to postfix and seem unable to get my configuration correct to ensure there are no open relays. For obvious reasons I am not posting from the network concerned! I set out below 1. Details of test with abuse.net 2. maillog entries for the test 3. network requirements for the server 4. entries in main.cf 1. A test with abuse.net produces the following: A report was received indication an open relay I see no relay: grkni...@mx1 ~ $ telnet dns1.vizion2000.net 25 Trying 77.99.36.42... Connected to dns1.vizion2000.net. Escape character is '^]'. 220 dns1.vizion2000.net ESMTP Postfix (2.6.2) EHLO example.com 250-dns1.vizion2000.net 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM:grkni...@example.com 250 2.1.0 Ok RCPT TO:grkni...@example.com 554 5.7.1 grkni...@example.com: Relay access denied RCPT TO:nobyh...@vizion2000.net 550 5.1.1 nobyh...@vizion2000.net: Recipient address rejected: User unknown in local recipient table QUIT 221 2.0.0 Bye
consolidate multiple maillog files
Hello, Is there any way we can consolidate multiple maillog files ( from single domain) but different hosts. I am trying to bring up mailgraph (http://mailgraph.schweikert.ch/) to read from one single source for log file. Since rrd tool is very strict about the records in the log it doesnt pick the expression i passed to read multiple log files. The mailgraph initscript has a MAILLOG variable which need the actual log file location. I tried to feed an expression but failed. #!/bin/bash # # Startup script for the mailgraph service # # chkconfig: - 82 28 # description: mailgraph mail log file analyzer # processname: mailgraph # pidfile: /var/run/mailgraph.pid # config: ### BEGIN INIT INFO # Provides: mailgraph # Required-Start:$local_fs # Should-Start: # Required-Stop: # Default-Stop: 0 1 2 6 # Short-Description: Start mailgraph daemon # Description: Mailgraph is a very simple mail statistics RRDtool \ #frontend for Postfix and Sendmail that produces daily, \ #weekly, monthly and yearly graphs of received/sent and \ #bounced/rejected mail. ### END INIT INFO #MAILLOG=/var/log/maillog MAILLOG=`ls -rt /home/maillogs/Log[1-9]/*` PRIORITY=-19 .. .. .. exit $RETVAL So different maillogs are in specific directory /home/maillogs/Log1 2 3 and onwards . But i need a way to consolidate it in single file which could be used by mailgraph. Any pointer to the right direction is welcome. -- Sanjay
Re: Re: Setting up postfix problems
From: Brian Evans - Postfix List grkni...@scent-team.com Date: 2009/07/14 Tue PM 04:14:41 EDT To: postfix-users@postfix.org Subject: Re: Setting up postfix problems proph...@vizion.occoxmail.com wrote: Hi I am comparatively new to postfix and seem unable to get my configuration correct to ensure there are no open relays. For obvious reasons I am not posting from the network concerned! I set out below 1. Details of test with abuse.net 2. maillog entries for the test 3. network requirements for the server 4. entries in main.cf 1. A test with abuse.net produces the following: A report was received indication an open relay I see no relay: grkni...@mx1 ~ $ telnet dns1.vizion2000.net 25 Trying 77.99.36.42... Connected to dns1.vizion2000.net. Escape character is '^]'. 220 dns1.vizion2000.net ESMTP Postfix (2.6.2) EHLO example.com 250-dns1.vizion2000.net 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM:grkni...@example.com 250 2.1.0 Ok RCPT TO:grkni...@example.com 554 5.7.1 grkni...@example.com: Relay access denied RCPT TO:nobyh...@vizion2000.net 550 5.1.1 nobyh...@vizion2000.net: Recipient address rejected: User unknown in local recipient table QUIT 221 2.0.0 Bye Thanks I think you are right - it looks as though the abuse.net test gave a false positive David David Southwell ARPS Photographic Artist Permanent Installations and Design
Re: temporary errors for DNS
On 13-Jul-2009, at 16:24, Keld Jørn Simonsen wrote: Is there a way to disambiguate between DNS timeouts and DNS errors, and discard the latter? Why the devil would you want to discard mail based on a DNS error? DNS errors have a habit of being quite transient. -- Lithium will no longer be available on credit
Re: Message Size Limit Exceed
On Tue, 14 Jul 2009, Jacky Chan wrote: I would like to ask if the size of message exceeds the one defined in main.cf, how can I configure Postfix to generate a bounce or error notice to user/admins? Why? Postfix replies with a 552 so the *client* can inform the envelope sender. -- Sahil Tandon sa...@tandon.net
RE: fatal: garbage after ] in server description:
* Kammen van, Marco, Springer SBM NL marco.vankam...@springer.com: Hi All, After adding a couple of hundred lines to transport.misc, these errors are popping up in the mail.log: Jul 14 04:09:14 servername postfix/smtp[22020]: fatal: garbage after ] in server description: [SEGBLOGR0008.springer-sbm.com],relay:[SEGBLOGR0008.springer-sbm.com] [SEGBLOGR0008.springer-sbm.com],relay:[SEGBLOGR0008.springer-sbm.com] is invalid as right hand side Either use: [SEGBLOGR0008.springer-sbm.com] or relay:[SEGBLOGR0008.springer-sbm.com] Thats the strange thing, the right hand side is just relay:[SEGBLOGR0008.springer-sbm.com] I can't find any line which has [SEGBLOGR0008.springer-sbm.com],relay:[SEGBLOGR0008.springer-sbm.com] Is there a way we can get the error message to tell which line in the config has this error?