Re: consolidate multiple maillog files
El mar, 14-07-2009 a las 13:59 -0700, Sanjay Saha escribió: So different maillogs are in specific directory /home/maillogs/Log1 2 3 and onwards . But i need a way to consolidate it in single file which could be used by mailgraph. Any pointer to the right direction is welcome. have you tried to just merge the files? A sort -m over those files? -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 868887590 Fax: 86337
Re: temporary errors for DNS
On Tue, Jul 14, 2009 at 07:57:27PM -0400, John Peach wrote: On Tue, 14 Jul 2009 17:49:13 -0600 LuKreme krem...@kreme.com wrote: On 13-Jul-2009, at 16:24, Keld J__rn Simonsen wrote: Is there a way to disambiguate between DNS timeouts and DNS errors, and discard the latter? Why the devil would you want to discard mail based on a DNS error? DNS errors have a habit of being quite transient. The OP seems determined to shoot himself in the head, never mind the foot. Well, a DNS NXDOMAIN error seems a good reason for discarding mail. I am not so sure about the SERVFAIL error, so I would leave that for now. Thanks to everybody that helped soved my problems here. Best regards Keld
Re: Setting up postfix problems
* proph...@vizion.occoxmail.com proph...@vizion.occoxmail.com: Hi I am comparatively new to postfix and seem unable to get my configuration correct to ensure there are no open relays. For obvious reasons I am not posting from the network concerned! I set out below 1. Details of test with abuse.net 2. maillog entries for the test 3. network requirements for the server 4. entries in main.cf 1. A test with abuse.net produces the following: 220 xxx.x.tld ESMTP Postfix (2.6.2) HELO www.abuse.net 250 xxx.x.tld Relay test 1 RSET 250 2.0.0 Ok MAIL FROM:spamt...@abuse.net 250 2.1.0 Ok RCPT TO:x...@.tld 250 2.1.5 Ok DATA 354 End data with CRLF.CRLF (message body) 250 2.0.0 Ok: queued as 15F7234D421 A report was received indication an open relay 2. The Maillog entry (abbreviated) shows: date time postfix/smptd[] connect from verify.abuse.net [] 15F7234D421 client=verify.abuse.net /cleanup[] 15F7234D421 message- id=rlytest-...@abuse.net /qmgr[] 15F7234D421 from =spamt...@abuse.net,size =1125, ncrpt=1 (queue active) /local [] 15F7234D421 to=x...@mydomain.tld, relay = local,delay=0.41,delays =0.41/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox) It was delivered locally, thus no relay -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
store mail in eml or pst format
HiI have a mailserver with postfix, dovecot , mailscanner and procmail. I want to store mail of one user in a directory, out of his home, directly in eml or pst format. Is there a way to make this? ---Valore legale alle tue mailInterfreePEC - la tua Posta Elettronica Certificatahttp://pec.interfree.it---
Re: store mail in eml or pst format
gianluca...@interfree.it schrieb: Hi I have a mailserver with postfix, dovecot , mailscanner and procmail. I want to store mail of one user in a directory, out of his home, directly in eml or pst format. Is there a way to make this? --- Valore legale alle tue mail InterfreePEC - la tua Posta Elettronica Certificata http://pec.interfree.it --- i just tested renaming a mail in my maildir to eml and open it with thunderbird local, this works so you might try using procmail copy every incoming mail to a ie ftp folder ( with that users auth permission ) rename it to .eml and using a short version of the subject like shortversionmailsubject.eml, then download it and open local with tb but what are you trying to solve, so there may better options to solve it, anyway i dont know any solution which operates with pst ( there might be some exotic stuff out there) -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: Re: store mail in eml or pst format
Thank you for the answer, Is there a way with procmail or mailscanner to rename mail automatically in eml? I can't use a script or make this manually. ---Valore legale alle tue mailInterfreePEC - la tua Posta Elettronica Certificatahttp://pec.interfree.it---
Simple Aliases question
Hi all, I have what I think is a simple question regarding Postfix and aliases. I would like all mail for a particular user which is currently being delivered locally and then picked up via dovecot to be 'forked'(For want of a better word) to the usual local mailbox AND forwarded to his home work address. I have attempted to just add an entry in aliases file as below: Cory: c...@work.com This works fine, but it does not appear to deliver locally, and if i do: Cory: Cory c...@work.com I get a mail forwarding loop for... NDR sent back to the sender and postfix logs: Jul 15 14:11:28 MUK postfix/local[29463]: BCB363FAC: to=c...@hawkless.id.au, relay=local, delay=0.24, delays=0.23/0/0/0.01, dsn=5.4.6, status=bounced (mail forwarding loop for c...@hawkless.id.au) I've done googleing and searching previous threads on this forum and cant seem to find anything that fits my situation. Thanks Cory
Re: store mail in eml or pst format
gianluca...@interfree.it schrieb: Thank you for the answer, Is there a way with procmail or mailscanner to rename mail automatically in eml? I can't use a script or make this manually. --- Valore legale alle tue mail InterfreePEC - la tua Posta Elettronica Certificata http://pec.interfree.it --- try it as described using procmail starting an external script but what are you trying to solve ? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
mail to alias problem
Hi, some times when we send mail to a...@mydomain.com, it is sending three mail to each email in alias list. suggestions appreciated in fixing my problem. Thanks, Regards, Ramesh
RE: fatal: garbage after ] in server description:
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Wednesday, July 15, 2009 1:07 PM To: Postfix users Subject: Re: fatal: garbage after ] in server description: Are you perhaps using a mis-configured using LDAP or *SQL query? Multiple replies are concatenated with ','. That got me on the right track. The ldap queries are fine as far as I know, only the duplicate address in AD messed things up (which shouldn't even be possible) Removed the duplicate address and the error is gone. Thanks!
Re: Hourly Limits
Hi All, ok, i've installed postfwd, added the provided line to the end of the postfwd.cf file but nothing happens (mails are sent withouth checks). Any help? Thankyou 2009/7/13 ad...@gg-lab.net ad...@gg-lab.net: Ok, so, in other words: that's a solution but not the better solution. Now, i can ALSO use thge sendmail wrapper. I need to have a look at postfwd code to see if and where i can increment mail counters. In this way, i will use postfwd for mail coming from CGI scripts and Remote SMTP, and the wrapper for mail coming from php. But, with an unique counter. Any other idea? 2009/7/13 Sahil Tandon sa...@tandon.net: On Jul 13, 2009, at 11:51 AM, ad...@gg-lab.net ad...@gg-lab.net wrote: Hi, i don't think my situation keeps changing- That's simple: on my evinronment users can send email via CGI + PHP + SMTP (sasl), and i want to limit them globally. Example: user giorgio can send 100 emails. I want him locked also on CGI, if he send 100 emails with PHP. I can't: - use a custom php sendmail wrapper - it would only work with php - limit the sender - a randomized from would broke my limit - limit the host - all mail are sent from localhost - limit via sasl - i can't request all users to authenticate Limiting the envelope user, is perfect for me. But, i'm asking if there is a simplier solution. The postfwd policy server solution works with the envelope sender. But for that to work you need mail coming in on an smtpd listener for the policy server to be queried, which won't be the case when you have mail being submitted via pickup service. 2009/7/13 Sahil Tandon sa...@tandon.net: On Jul 13, 2009, at 5:54 AM, ad...@gg-lab.net ad...@gg-lab.net wrote: Lucian, i saw that solution, but i want something that can globally limit EVERY mail sent: i'll also offer smtp access, and a sendmail wrapper isn't a solution. Benny: ok, so we are speaking about the evenlope sender, so, it seems this is the solution. What are you trying to do exactly? Your requirements and situation keep changing with every email. Use examples with all details to explain exactly what you want. Benny - postfwd is sasl_username aware. 2009/7/13 Benny Pedersen m...@junc.org: On Mon, July 13, 2009 09:51, ad...@gg-lab.net wrote: i want to limit mail sent via php mainly, so i can't limit via sasl simply because users aren't authenticated. remove 127.0.0.1 in mynetworks, and make sasl usage from all what got sent from this box, problem solved, next step is a policy server that can handle sasl limits all else will fail another way is to seperate web and mail server so 127.0.0.1 is another box :) Of course i can't limit the host ip (all mail sent from my webserver). as Obama says yes we can :) The most beautiful thing would be limiting system user (each user has an entry in /etc/passwd). Limiting the sender would be unuseful, because all spammers randomiza the sender, bypassing the limit. randomize there from: but not envelope sender (apa...@myhostname) and this email is unknown in my virtual alias for good reason, apache is local and stays here at so Now, i know that cPanel with Exim has a limit of this tipe. I'll request them WHAT is exactly limited (maybe we can replicate with postfix). dont use cpanel here so cant say how thay mix up the problem I'll also write to the postfix-policyd mailing list. i work on something to fail2ban, will need to write some php and extend policyd 1.80 more to handle this here, point is that none have done it before so when i make it, it will be the best :) Sahil, maybe we can continue here? Postfixfw rules are completely in topic and maybe we can help someone else... exactly -- xpoint
Re: mail to alias problem
itsramesh_s: Hi, some times when we send mail to a...@mydomain.com, it is sending three mail - to each email in alias list. suggestions appreciated in fixing my problem. Create an owner-all alias. Wietse ALIASES(5) ALIASES(5) NAME aliases - Postfix local alias database format SYNOPSIS newaliases DESCRIPTION ... In addition, when an alias exists for owner-name, delivery diagnostics are directed to that address, instead of to the originator of the mes- sage. This is typically used to direct delivery errors to the main- tainer of a mailing list, who is in a better position to deal with mailing list delivery problems than the originator of the undelivered mail.
Re: Can't send to email starting with exclamation point
Gavin Kistner wrote: I just set up postfix+amavis+clamav+dovecot on ubuntu, moving my server from Windows/hMailServer. On the old system, I had an email alias of !...@phrogz.net that I want to get working again. (As best I can tell, this is valid according to both RFC2822 and RFC5322.) Trying to send to that on the smtp server gives me: 501 5.1.3 Bad recipient address syntax Following are some possibly salient details. If more are needed, just tell me what they are (and possibly how to get them). Thanks in advance for any help. phr...@nematode:~$ apt-cache show postfix | grep Version Version: 2.5.5-1.1 Generally.. including !, @ or % in the user part of an address is usually a bad idea. Several servers consider these special characters. Some spammers also, at one point, like(d) to use them to try to fool your server into being a relay. For your case, you should understand that ! is a UUCP routing definition called bang path. Google it to understand more. Postfix handles them according to http://www.postfix.org/postconf.5.html#swap_bangpath However, I strongly advise against using them in an address in modern times over the internet. This is mainly due to the fact that you cannot control every mail server in the world.
Re: scheduled queue
thanks, I will try this. - Original Message - From: Brian Evans - Postfix List grkni...@scent-team.com To: Postfix users postfix-users@postfix.org Sent: Tuesday, July 14, 2009 11:42 AM Subject: Re: scheduled queue Ing. Davy Leon wrote: Hi guys I have a question. Is that possible to make postfix keep messages bigger than let's say 500K in the queue for delivery at certain hours, let say night hours to save bandwith? You can do this with a policy service such as postfwd or roll your own (if desired). Simply tell the policy daemon to HOLD mail of your defined size. In a cron job, you can run 'postsuper -r ALL' or 'postsuper -H ALL' (see man 1 postsuper) to release. For more information, please see: http://www.postfix.org/SMTPD_POLICY_README.html
Re: Hourly Limits
Still any result. Can the problem be on this line? smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040 Policyd site says to add it, but in postfix manual i can't find any description of smtpd_end_of_data_restrictions. Thankyou 2009/7/15 ad...@gg-lab.net ad...@gg-lab.net: Hi All, ok, i've installed postfwd, added the provided line to the end of the postfwd.cf file but nothing happens (mails are sent withouth checks). Any help? Thankyou 2009/7/13 ad...@gg-lab.net ad...@gg-lab.net: Ok, so, in other words: that's a solution but not the better solution. Now, i can ALSO use thge sendmail wrapper. I need to have a look at postfwd code to see if and where i can increment mail counters. In this way, i will use postfwd for mail coming from CGI scripts and Remote SMTP, and the wrapper for mail coming from php. But, with an unique counter. Any other idea? 2009/7/13 Sahil Tandon sa...@tandon.net: On Jul 13, 2009, at 11:51 AM, ad...@gg-lab.net ad...@gg-lab.net wrote: Hi, i don't think my situation keeps changing- That's simple: on my evinronment users can send email via CGI + PHP + SMTP (sasl), and i want to limit them globally. Example: user giorgio can send 100 emails. I want him locked also on CGI, if he send 100 emails with PHP. I can't: - use a custom php sendmail wrapper - it would only work with php - limit the sender - a randomized from would broke my limit - limit the host - all mail are sent from localhost - limit via sasl - i can't request all users to authenticate Limiting the envelope user, is perfect for me. But, i'm asking if there is a simplier solution. The postfwd policy server solution works with the envelope sender. But for that to work you need mail coming in on an smtpd listener for the policy server to be queried, which won't be the case when you have mail being submitted via pickup service. 2009/7/13 Sahil Tandon sa...@tandon.net: On Jul 13, 2009, at 5:54 AM, ad...@gg-lab.net ad...@gg-lab.net wrote: Lucian, i saw that solution, but i want something that can globally limit EVERY mail sent: i'll also offer smtp access, and a sendmail wrapper isn't a solution. Benny: ok, so we are speaking about the evenlope sender, so, it seems this is the solution. What are you trying to do exactly? Your requirements and situation keep changing with every email. Use examples with all details to explain exactly what you want. Benny - postfwd is sasl_username aware. 2009/7/13 Benny Pedersen m...@junc.org: On Mon, July 13, 2009 09:51, ad...@gg-lab.net wrote: i want to limit mail sent via php mainly, so i can't limit via sasl simply because users aren't authenticated. remove 127.0.0.1 in mynetworks, and make sasl usage from all what got sent from this box, problem solved, next step is a policy server that can handle sasl limits all else will fail another way is to seperate web and mail server so 127.0.0.1 is another box :) Of course i can't limit the host ip (all mail sent from my webserver). as Obama says yes we can :) The most beautiful thing would be limiting system user (each user has an entry in /etc/passwd). Limiting the sender would be unuseful, because all spammers randomiza the sender, bypassing the limit. randomize there from: but not envelope sender (apa...@myhostname) and this email is unknown in my virtual alias for good reason, apache is local and stays here at so Now, i know that cPanel with Exim has a limit of this tipe. I'll request them WHAT is exactly limited (maybe we can replicate with postfix). dont use cpanel here so cant say how thay mix up the problem I'll also write to the postfix-policyd mailing list. i work on something to fail2ban, will need to write some php and extend policyd 1.80 more to handle this here, point is that none have done it before so when i make it, it will be the best :) Sahil, maybe we can continue here? Postfixfw rules are completely in topic and maybe we can help someone else... exactly -- xpoint
Re: scheduled queue
Ing. Davy Leon wrote: thanks, I will try this. - Original Message - From: Brian Evans - Postfix List grkni...@scent-team.com To: Postfix users postfix-users@postfix.org Sent: Tuesday, July 14, 2009 11:42 AM Subject: Re: scheduled queue Ing. Davy Leon wrote: Hi guys I have a question. Is that possible to make postfix keep messages bigger than let's say 500K in the queue for delivery at certain hours, let say night hours to save bandwith? You can do this with a policy service such as postfwd or roll your own (if desired). Simply tell the policy daemon to HOLD mail of your defined size. In a cron job, you can run 'postsuper -r ALL' or 'postsuper -H ALL' (see man 1 postsuper) to release. For more information, please see: http://www.postfix.org/SMTPD_POLICY_README.html NOTE: This only works for mail submitted via smtp. Those submitted with the sendmail command are NOT affected.
Re: Hourly Limits
ad...@gg-lab.net wrote: Still any result. Can the problem be on this line? smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040 Policyd site says to add it, but in postfix manual i can't find any description of smtpd_end_of_data_restrictions. That restriction is documented: http://www.postfix.org/postconf.5.html#smtpd_end_of_data_restrictions
Re: Hourly Limits
Thankyou. So, that restriction is configured correctly. Postfwd daemon is started (it checks incoming mail for RBL. I think i have to move to the postfwd lit. Thankyou again 2009/7/15 Brian Evans - Postfix List grkni...@scent-team.com: ad...@gg-lab.net wrote: Still any result. Can the problem be on this line? smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040 Policyd site says to add it, but in postfix manual i can't find any description of smtpd_end_of_data_restrictions. That restriction is documented: http://www.postfix.org/postconf.5.html#smtpd_end_of_data_restrictions
About reject_rbl_client, What url must put?
Greetings list. I am activating the check through blacklists (RBL) for receipt of mail, you can find many on the web, in fact place as a top 5, but first he had not placed let emails come even as hotmail, yahoo, gmail, among others. If it got to the final 2 below: smtpd_recipient_restrictions = ... ... reject_rbl_client sbl.spamhaus.org, reject_rbl_client list.dsbl.org, ... ... permit My question is to see what I recommended for urls reject_rbl_client in place, if you need more than that I have there? alone or with just one?, what? Thank you. Using Postfix 2.3.8-2 + etch1 -- Jose Alberto Pertuz GNU-Linux user #452473 Caracas,Venezuela 58+414+1279657
Verisign Cert
Hello Gurus, Currently my postfix server runs with self-signed cert, but now I was asked to implement verisign cert for some of the outgoing mails. My question is when the verisign is cert installed, will all the outgoing mails such as toyahoo.com, gmail.com will be encrypted? Do the clients neeeds any certificate information? I am not very clear. Please throw some light.. ~LA
Re: Verisign Cert
I assume you're using this certificate for TLS, so the answer is NO, no single mails will be encrypted - TLS is only there to allow MTA's to encrypt their transport layer. If no restrictions are configured this happens automagically if both endpoints support TLS. Best regards, Thomas Gelf Linux Addict wrote: Hello Gurus, Currently my postfix server runs with self-signed cert, but now I was asked to implement verisign cert for some of the outgoing mails. My question is when the verisign is cert installed, will all the outgoing mails such as toyahoo.com http://yahoo.com/, gmail.com http://gmail.com/ will be encrypted? Do the clients neeeds any certificate information? I am not very clear. Please throw some light.. ~LA
Re: Simple Aliases question
On Jul 15, 2009, at 5:55 AM, Cory Hawkless c...@hawkless.id.au wrote: Hi all, I have what I think is a simple question regarding Postfix and aliases. I would like all mail for a particular user which is currently being delivered locally and then picked up via dovecot to be 'forked'(For want of a better word) to the usual local mailbox AND forwarded to his home work address. I have attempted to just add an entry in aliases file as below: Cory: c...@work.com This works fine, but it does not appear to deliver locally, and if i do: Cory: Cory c...@work.com I get a mail forwarding loop for... NDR sent back to the sender and postfix logs: Jul 15 14:11:28 MUK postfix/local[29463]: BCB363FAC: to=c...@hawkless.id.au, relay=local, delay=0.24, delays=0.23/0/0/0.01 , dsn=5.4.6, status=bounced (mail forwarding loop for c...@hawkless.id.au ) Consider virtual alias maps to deliver locally and forward externally.
virtual alias problem
Hi guys, I currently have two gateways which accept mail for local domains and process any aliases using virtual_alias_maps. Local addresses are relayed to our backend mail servers and remote address relayed out to their MXs. The backend servers just accept mail and deliver it as all the alias/relay checks are done on the gateways. The problem I have is that the backend servers use maildrop to handle vacation messages with this chunk of code: #emulate vacation.msg behaviour `test -e $HOME/vacation.msg exit 1 || exit 0` if ( $RETURNCODE == 1 ) { if( ( !/^.*List-Unsubscribe:.*/ ) ( !/^.*X-Spam-Flag: YES/) ) { MATCH=tolower($5) SUBJ=`cat $HOME/vacation.sub` cc | mailbot -t $HOME/vacation.msg -d $HOME/vacation.lst -D 1 -A 'From: $...@$1' -s '$SUBJ' /usr/sbin/sendmail -t -f '$...@$1' } } This works fine if the message came from a remote address or a virtual account which obviously exists on the backend server, but if it came from an local alias it gets bounced since the alias is an unknown user. Is there some way to get sendmail to use an alternate config file? I've tried the -C option with a main.cf that includes the virtual_alias_maps but had no success. Is there a reasonable way to implement the vacation stuff on the gateways or some other solution that I'm missing? Thanks Guy -- Don't just do something...sit there!
Re: About reject_rbl_client, What url must put?
Jose Alberto wrote: Greetings list. I am activating the check through blacklists (RBL) for receipt of mail, you can find many on the web, in fact place as a top 5, but first he had not placed let emails come even as hotmail, yahoo, gmail, among others. If it got to the final 2 below: smtpd_recipient_restrictions = ... ... reject_rbl_client sbl.spamhaus.org, reject_rbl_client list.dsbl.org, ... ... permit My question is to see what I recommended for urls reject_rbl_client in place, if you need more than that I have there? alone or with just one?, what? Thank you. Using Postfix 2.3.8-2 + etch1 For my 5 user selfhosted email domain, I personally use the following smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client dnsbl-2.uceprotect.net, permit I find that this does a damn good job at stopping 99.9% of spam. Some people think that uceprotect.net are too reactive but I have not had any issues so far. Stats for today (16/7/2009) are as follows; Grand Totals messages 193 received 196 delivered 0 forwarded 0 deferred 0 bounced 392 rejected (66%) 0 reject warnings 0 held 0 discarded (0%) Of those 392 rejected the RBLs rejected as follows; bl.spamcop.net 113 dnsbl-2.uceprotect.net27 sbl-xbl.spamhaus.org 21 dnsbl-1.uceprotect.net 1 dnsbl.njabl.org1 = Total DNSBL rejections: 163 Hope this is useful to you.
Re: virtual alias problem
2009/7/15 Guy wyldf...@gmail.com: Is there some way to get sendmail to use an alternate config file? I've tried the -C option with a main.cf that includes the virtual_alias_maps but had no success. I've just tried the -oA option. My sendmail command now looks like this: sendmail -t -oAmysql:/etc/postfix/mysql_virtual_alias_maps.cf -f envelope_sen...@mydomain.com I'm still getting the message bounced as an unknown user although testing that alias file with postmap returned the result properly. Is there something more needed to get the mysql alias map to be read correctly? Thanks Guy -- Don't just do something...sit there!
Restricted Outbound Email
Hi everyone. I'm thinking of a kind of unusual setup and I was hoping for pointers. I want to set up a gateway to limit email outbound. I've found lots of documents about limiting inbound, but not much on limiting outbound. Here's my story. I'm a sysadmin at a community college. I have a number of web servers and lots of users who write incompetent CGI mail forms. After having two of my servers blacklisted as spam relays, I wised up and blocked SMTP outbound at the firewall. I allow email to the district email server (not run by me), again with simple port block/allow rules on the firewall. Student email is hosted on google apps. If I allow uninspected STMP to google's email servers I'll still be a nice target for spammers. I also have a few other email addresses I'd like to send email to, like my cell phone's SMS email address etc... So, I want to set up an outbound only SMTP gateway which only allows email to 1) the student email domain (seattlecentral.edu) 2) other addresses I specify 3) possibly other things I haven't thought of yet and I also want to drop any attempts to send millions of emails, in case I screw up the by-address filters. Again, this server should allow no inbound email at all. This is purely to allow CGI and other automata to contact a limited set of external email addresses. I've found some postfix docs describing similar things for inbound, but not outbound. I haven't started actually experimenting yet, so I don't know if this is a silly idea, or what. (Hence the email to this list.) So, any advice would be wonderful. Pointers to useful docs would be superb. If there are any good search terms I might use while googling for this kind of thing, that would also be helpful. -- Thanks! Dylan Martin Network Admin Seattle Central Community College
Re: virtual alias problem
On Wed, Jul 15, 2009 at 04:14:25PM +0100, Guy wrote: Is there some way to get sendmail to use an alternate config file? No. Address rewriting is done by cleanup(8), not sendmail(1), and aliases(5) expansion is done in the local(8) delivery agent. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: virtual alias problem
Guy wrote: 2009/7/15 Guy wyldf...@gmail.com: Is there some way to get sendmail to use an alternate config file? I've tried the -C option with a main.cf that includes the virtual_alias_maps but had no success. I've just tried the -oA option. My sendmail command now looks like this: sendmail -t -oAmysql:/etc/postfix/mysql_virtual_alias_maps.cf -f envelope_sen...@mydomain.com I'm still getting the message bounced as an unknown user although testing that alias file with postmap returned the result properly. Is there something more needed to get the mysql alias map to be read correctly? First, cleanup(8) is responsible for address lookup/rewriting from the pickup queue. Changing sendmail(1)'s parameters won't do anything. Second, we need some more concrete examples in order to help. Logs, 'postconf -n' and other tips in http://www.postfix.org/DEBUG_README.html#mail will help us help you. (Replace your domain with example.(com|net|org) if you like) Brian
Re: Restricted Outbound Email
Dylan Martin wrote: Hi everyone. I'm thinking of a kind of unusual setup and I was hoping for pointers. I want to set up a gateway to limit email outbound. I've found lots of documents about limiting inbound, but not much on limiting outbound. Here's my story. I'm a sysadmin at a community college. I have a number of web servers and lots of users who write incompetent CGI mail forms. After having two of my servers blacklisted as spam relays, I wised up and blocked SMTP outbound at the firewall. I allow email to the district email server (not run by me), again with simple port block/allow rules on the firewall. Student email is hosted on google apps. If I allow uninspected STMP to google's email servers I'll still be a nice target for spammers. I also have a few other email addresses I'd like to send email to, like my cell phone's SMS email address etc... So, I want to set up an outbound only SMTP gateway which only allows email to 1) the student email domain (seattlecentral.edu) 2) other addresses I specify Very easy, just something like: smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/allowed_recipients reject and list all valid recipients (or recipient domains) in the allowed recipients file. # allowed_recipients seattlecentral.edu OK u...@example.com OK ... It might be useful to limit seattlecentral.edu mail to valid recipients, by replacing the OK above with reject_unverified_recipient, OK See: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient 3) possibly other things I haven't thought of yet and I also want to drop any attempts to send millions of emails, in case I screw up the by-address filters. Generally, quotas require an external policy service, such as policyd. -- Noel Jones
Re: Verisign Cert
On Wed, Jul 15, 2009 at 10:38:55AM -0400, Linux Addict wrote: Hello Gurus, Currently my postfix server runs with self-signed cert, but now I was asked to implement verisign cert for some of the outgoing mails. You are mightily confused. X.509 certificates with SMTP STARTTLS are for *incoming* mail, so that *senders* can authenticate your server: http://www.postfix.org/TLS_README.html#client_tls_secure The *server installs* a certificate signed by a trusted CA, and the *client verifies* it. My question is when the verisign is cert installed, will all the outgoing mails such as toyahoo.com, gmail.com will be encrypted? Do the clients neeeds any certificate information? I am not very clear. Please throw some light.. Your client certificate play no role in the delivery of email to other domains, and will almost never be used, because the vast majority of MX hosts that support STARTTLS do not request client certificates. The recommended configuration for TLS enabled Postfix servers is: # SMTP Server TLS (cert + key): smtpd_tls_cert_file = /etc/postfix/your-cert.pem smtpd_tls_key_file = /etc/postfix/your-key.pem # SMTP Client TLS (no cert or key): smtp_tls_cert_file = smtp_tls_key_file = -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
RE: customize bounce behavior
From: georgeforma...@hotmail.com To: mouss+nob...@netoyen.net; postfix-users@postfix.org Subject: RE: customize bounce behavior Date: Fri, 26 Jun 2009 02:00:58 + Date: Thu, 25 Jun 2009 23:56:34 +0200 From: mo...@ml.netoyen.net To: postfix-users@postfix.org Subject: Re: customize bounce behavior George Forman a écrit : Hi, I apologize if this has already been covered but I can't seem to find any information. I need to customize the bounce behavior for the following: 1. If a bounce message is created because it can't deliver to a specified list of email addresses we don't want a bounce returned. can you explain a little? what exactly do you mean by a list? and why it wouldn't be delivered? (the reason is important). We have several mail accounts (ie list) that have automated mailgenerated and sent to these accounts for security reasons. Under normal conditions, the mailbox for these few accountsshould accept mail. However, there have been situation in the past wherethe process on these boxes accepting the mail has problems and the mailcan't be delivered. Typically they resolve the problems and SMTP retries.However for extend period outages or their is a bug in their code,the process rejects the mail, postfix will generate a bounce message.In these cases, we don't want to have a bounce message generated. Does anyone have an answer to my problem?Thanks, George _ Lauren found her dream laptop. Find the PC that’s right for you. http://www.microsoft.com/windows/choosepc/?ocid=ftp_val_wl_290
Re: Verisign Cert
On Wed, Jul 15, 2009 at 12:52 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Wed, Jul 15, 2009 at 10:38:55AM -0400, Linux Addict wrote: Hello Gurus, Currently my postfix server runs with self-signed cert, but now I was asked to implement verisign cert for some of the outgoing mails. You are mightily confused. X.509 certificates with SMTP STARTTLS are for *incoming* mail, so that *senders* can authenticate your server: http://www.postfix.org/TLS_README.html#client_tls_secure The *server installs* a certificate signed by a trusted CA, and the *client verifies* it. My question is when the verisign is cert installed, will all the outgoing mails such as toyahoo.com, gmail.com will be encrypted? Do the clients neeeds any certificate information? I am not very clear. Please throw some light.. Your client certificate play no role in the delivery of email to other domains, and will almost never be used, because the vast majority of MX hosts that support STARTTLS do not request client certificates. The recommended configuration for TLS enabled Postfix servers is: # SMTP Server TLS (cert + key): smtpd_tls_cert_file = /etc/postfix/your-cert.pem smtpd_tls_key_file = /etc/postfix/your-key.pem # SMTP Client TLS (no cert or key): smtp_tls_cert_file = smtp_tls_key_file = -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly. On Wed, Jul 15, 2009 at 10:46 AM, Thomas Gelf tho...@gelf.net wrote: I assume you're using this certificate for TLS, so the answer is NO, no single mails will be encrypted - TLS is only there to allow MTA's to encrypt their transport layer. If no restrictions are configured this happens automagically if both endpoints support TLS. Best regards, Thomas Gelf Linux Addict wrote: Hello Gurus, Currently my postfix server runs with self-signed cert, but now I was asked to implement verisign cert for some of the outgoing mails. My question is when the verisign is cert installed, will all the outgoing mails such as toyahoo.com http://yahoo.com/, gmail.com http://gmail.com/ will be encrypted? Do the clients neeeds any certificate information? I am not very clear. Please throw some light.. ~LA Thank you. Looks like I need to stand up another postfix instance since the outgoing mails domain will different from the one on $mydomain. On the current instance(self-signed), when I do telnet to port 25, I get the below. 250-PIPELINING 250-SIZE 1024 250-ETRN 250-STARTTLS 250-AUTH PLAIN DIGEST-MD5 LOGIN CRAM-MD5 250-AUTH=PLAIN DIGEST-MD5 LOGIN CRAM-MD5 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN The postconf output is below smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_tls_CAfile = /usr/share/ssl/certs/cacert.pem smtpd_tls_auth_only = no smtpd_tls_cert_file = /usr/share/ssl/certs/cert.pem smtpd_tls_key_file = /usr/share/ssl/certs/key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_exchange_name = /var/lib/postfix/prng_exch tls_random_source = dev:/dev/urandom I read on one of the doc, http://palmcoder.net/files/howtos/Postfix%20SSL/Postfix_SSL-HOWTO-2.html#ss2.1, for a successfull TLS setup, the last line shud be 220 Ready to start TLS. I dont see any error on the logs, does my current setup really has TLS enabled? thanks LA
Re: Can't send to email starting with exclamation point
On Jul 15, 2009, at 7:01 AM, Brian Evans - Postfix List wrote: Gavin Kistner wrote: I just set up postfix+amavis+clamav+dovecot on ubuntu, moving my server from Windows/hMailServer. On the old system, I had an email alias of !...@phrogz.net that I want to get working again. (As best I can tell, this is valid according to both RFC2822 and RFC5322.) Trying to send to that on the smtp server gives me: 501 5.1.3 Bad recipient address syntax Postfix handles them according to http://www.postfix.org/postconf.5.html#swap_bangpath Thanks! Adding swap_bangpath = no to my main.cf allows postfix to accept this (crazy, ill-advised) email. However, I strongly advise against using them in an address in modern times over the internet. This is mainly due to the fact that you cannot control every mail server in the world. Understood. This is just an alias used under certain circumstances.
Re: Verisign Cert
On Wed, Jul 15, 2009 at 1:58 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Wed, Jul 15, 2009 at 01:49:24PM -0400, Linux Addict wrote: smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_tls_CAfile = /usr/share/ssl/certs/cacert.pem Make that: smtp_tls_CAfile = ... you don't need an smtpd_tls_CAfile, unless your cert file is missing the intermediate CA issuing certificates that are found in this file. The right solution is to include your trust chain in the cert.pem file (in the right order, subject cert before issuer cert, leaf to root). smtpd_tls_session_cache_timeout = 3600s No need if you don't also specify a btree cache database. smtpd_use_tls = yes Make that: smtpd_tls_security_level = may I read on one of the doc, http://palmcoder.net/files/howtos/Postfix%20SSL/Postfix_SSL-HOWTO-2.html#ss2.1 , for a successfull TLS setup, the last line should be 220 Ready to start TLS. No, this is not the case. To test: openssl s_client -starttls stmp -connect 192.0.2.1:25 where 192.0.2.1 is replaced by the IP address of your SMTP server. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly. I think I lack knowledge on this.. I gotta do some reading. I ran openssl test command that you provided and doesn't look like my cert config is good. [r...@mx01 ~]# openssl s_client -starttls smtp -connect localhost:25 CONNECTED(0003) depth=0 /C=US/ST=NY/L=NY/O=XXX/OU=XXX/CN=XXX/emailAddress=XXX verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=NY/L=NY/O=XXX/OU=XXX/CN=XXX/emailAddress=XXX verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=US/ST=NY/L=NY/O=XXX/OU=XXX/CN=XXX/emailAddress=XXX i:/C=US/ST=NY/L=NY/O=XXX/OU=XXX/CN=XXX/emailAddress=XXX --- Server certificate -BEGIN CERTIFICATE- MIIDvzCCAyigAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkzELMAkGA1UEBhMCVVMx CzAJBgNVBAgTAk5ZMQswCQYDVQQHEwJOWTEOMAwGA1UEChMFV2ViTUQxDzANBgNV BAsTBnN5c29wczEjMCEGA1UEAxMabXgwMXgtb3BzLTAxLnBvZC53ZWJtZC5uZXQx JDAiBgkqhkiG9w0BCQEWFW1rYW50aGFzYW15QHdlYm1kLm5ldDAeFw0wODA5MTIx NjM1MzRaFw0wOTA5MTIxNjM1MzRaMIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMC TlkxCzAJBgNVBAcTAk5ZMQ4wDAYDVQQKEwVXZWJNRDEPMA0GA1UECxMGc3lzb3Bz MSMwIQYDVQQDExpteDAxeC1vcHMtMDEucG9kLndlYm1kLm5ldDEkMCIGCSqGSIb3 DQEJARYVbWthbnRoYXNhbXlAd2VibWQubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQC9FTsWjPgYo6mxFVwuEkS9VkAdzZCpWHjx1Dyu+LhNdGhatz309tiw lMo45z+DhIm0mlm8GoIsWRneZSQMHWAL6Jq1uDg5BaATtntsZAF+29oLeB5CsCZL IScdGs0NI5gnV4OC8r/Ne5mH47gKMSXVifhR9TGGF/rweuXYuK3CdwIDAQABo4IB HzCCARswCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFMzUytMgpvHMtuIvrPwl86EIYsKLMIHA BgNVHSMEgbgwgbWAFGNNJBeYOV6PTYePdDE1mDPyd8bioYGZpIGWMIGTMQswCQYD VQQGEwJVUzELMAkGA1UECBMCTlkxCzAJBgNVBAcTAk5ZMQ4wDAYDVQQKEwVXZWJN RDEPMA0GA1UECxMGc3lzb3BzMSMwIQYDVQQDExpteDAxeC1vcHMtMDEucG9kLndl Ym1kLm5ldDEkMCIGCSqGSIb3DQEJARYVbWthbnRoYXNhbXlAd2VibWQubmV0ggEA MA0GCSqGSIb3DQEBBAUAA4GBAKValmAURkIp3r17tNbehKsRCsYsEjtUDGE9T+EB 4Ig9N2G8JztAWeXIltDRgpS1j2sKVrXTxxA5UntrB0T7nYRzPpEG6B7wl4pu4jHf iq+hUiiPU8vdED4/d5xiM0bpn9TdFRpgqI+0DNNBE34613P5Hw8iqwH1KTJE2/nU PZ6H -END CERTIFICATE- subject=/C=US/ST=NY/L=NY/O=XXX/OU=XXX/CN=XXX/emailAddress=XXX issuer=/C=US/ST=NY/L=NY/O=XXX/OU=XXX/CN=XXX/emailAddress=XXX --- No client certificate CA names sent --- SSL handshake has read 1595 bytes and written 350 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: E73EFFA5B6E8331A2571E2B15E43189D1F585D4B9D64128E6C09CE67190E2B64 Session-ID-ctx: Master-Key: BD77CCB997AFCD42BDFDC750763FD56FD82237E09686F6E596A9E885AD5B46C5FD99E9C5B45A7BBDE25A183F8BAA05D5 Key-Arg : None Krb5 Principal: None Start Time: 1247682108 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- 220 XXX ESMTP
Re: Verisign Cert
On Wed, Jul 15, 2009 at 02:33:46PM -0400, Linux Addict wrote: I ran openssl test command that you provided and doesn't look like my cert config is good. [r...@mx01 ~]# openssl s_client -starttls smtp -connect localhost:25 CONNECTED(0003) --- Certificate chain 0 s:/C=US/ST=NY/L=NY/O=XXX/OU=XXX/CN=XXX/emailAddress=XXX i:/C=US/ST=NY/L=NY/O=XXX/OU=XXX/CN=XXX/emailAddress=XXX --- No client certificate CA names sent --- SSL handshake has read 1595 bytes and written 350 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit --- 220 XXX ESMTP This is exactly what you would expect. Everything is working fine. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
warning:address not listed
i get the following warning from the relay log; this happens when this client connect to my relay; always i get this Jul 15 17:06:07 relay1 postfix/qmgr[3664]: 5CA7F16135E: from=a...@foo.com, size=483945, nrcpt=2 (queue active) Jul 15 17:13:59 relay1 postfix/smtpd[16344]: warning: 192.168.2.35: address not listed for hostname smtp.foo.com Jul 15 17:28:11 relay1 postfix/smtpd[15893]: warning: 192.168.2.35: address not listed for hostname smtp.foo.com Jul 15 17:31:06 relay1 postfix/smtpd[16490]: warning: 192.168.2.35: address not listed for hostname smtp.foo.com Jul 15 17:31:40 relay1 postfix/smtpd[16345]: warning: 192.168.2.35: address not listed for hostname smtp.foo.com what could be causing this warning?
Fwd: Reg: Reusing common configurations in main.cf config file in a multiple Postfix instances setup
Hello, I am running three Postfix instances (Postfix version - 2.6.2) on a single host. I have separate postfix configuration files (main.cf and master.cf) specific to each instance. I have most of the configurations common in all of the instances. I want to put all common configurations in one file, and each instance should include configuration details from common file + specific configuration to that particular instance like data_directory etc. Does Postfix -2.6.2 support such resue of common configurations? Please let me know if you need any other details. Thanks, Priyanka
Re: Fwd: Reg: Reusing common configurations in main.cf config file in a multiple Postfix instances setup
On Wed, Jul 15, 2009 at 12:43:37PM -0700, Priyanka Tyagi wrote: Hello, I am running three Postfix instances (Postfix version - 2.6.2) on a single host. I have separate postfix configuration files (main.cf and master.cf) specific to each instance. I have most of the configurations common in all of the instances. I want to put all common configurations in one file, and each instance should include configuration details from common file + specific configuration to that particular instance like data_directory etc. Does Postfix -2.6.2 support such resue of common configurations? Use make(1) to machine-construct your main.cf files in such a way that the common files are stored and edited just once. Postfix does not attempt to solve this problem, because it is solved by other existing tools. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Fwd: Reg: Reusing common configurations in main.cf config file in a multiple Postfix instances setup
Priyanka Tyagi: Hello, I am running three Postfix instances (Postfix version - 2.6.2) on a single host. I have separate postfix configuration files (main.cf and master.cf) specific to each instance. I have most of the configurations common in all of the instances. I want to put all common configurations in one file, and each instance should include configuration details from common file + specific configuration to that particular instance like data_directory etc. Does Postfix -2.6.2 support such resue of common configurations? Please let me know if you need any other details. Here is a complete example of how to maintain multiple main.cf files that share common content. Contents of /etc/postfix-shared/makefile: = /etc/postfix1/main.cf: /etc/postfix-shared/main.cf main.cf-private cat /etc/postfix-shared/main.cf main.cf-private /etc/postfix1/main.cf postfix -c /etc/postfix1 reload /etc/postfix2/main.cf: /etc/postfix-shared/main.cf main.cf-private cat /etc/postfix-shared/main.cf main.cf-private /etc/postfix2/main.cf postfix -c /etc/postfix2 reload Command to update Postfix: == $ cd /etc/postfix-shared $ vi main.cf $ make More details in the make(1) manpage. It is available since 1976 or so. Wietse
Re: warning:address not listed
K bharathan wrote: i get the following warning from the relay log; this happens when this client connect to my relay; always i get this Jul 15 17:06:07 relay1 postfix/qmgr[3664]: 5CA7F16135E: from=a...@foo.com mailto:a...@foo.com, size=483945, nrcpt=2 (queue active) Jul 15 17:13:59 relay1 postfix/smtpd[16344]: warning: 192.168.2.35 http://192.168.2.35: address not listed for hostname smtp.foo.com http://smtp.foo.com Jul 15 17:28:11 relay1 postfix/smtpd[15893]: warning: 192.168.2.35 http://192.168.2.35: address not listed for hostname smtp.foo.com http://smtp.foo.com Jul 15 17:31:06 relay1 postfix/smtpd[16490]: warning: 192.168.2.35 http://192.168.2.35: address not listed for hostname smtp.foo.com http://smtp.foo.com Jul 15 17:31:40 relay1 postfix/smtpd[16345]: warning: 192.168.2.35 http://192.168.2.35: address not listed for hostname smtp.foo.com http://smtp.foo.com what could be causing this warning? The DNS for that client is not set correctly, therefore postfix will label the client as unknown. 192.168.2.35 resolves to smtp.foo.com smtp.foo.com resolves to some other IP. If it's not your client, it's not your problem. -- Noel Jones
Re: temporary errors for DNS
Keld Jørn Simonsen a écrit : On Tue, Jul 14, 2009 at 07:57:27PM -0400, John Peach wrote: On Tue, 14 Jul 2009 17:49:13 -0600 LuKreme krem...@kreme.com wrote: On 13-Jul-2009, at 16:24, Keld J__rn Simonsen wrote: Is there a way to disambiguate between DNS timeouts and DNS errors, and discard the latter? Why the devil would you want to discard mail based on a DNS error? DNS errors have a habit of being quite transient. The OP seems determined to shoot himself in the head, never mind the foot. Well, a DNS NXDOMAIN error seems a good reason for discarding mail. even NXDOMAIN may be a temporary error that the admin can fix. discarding mail is bad. reject is ok. (that said, I stopped using this check since a long time, because I saw it defer mail from good senders, without much benefits (it didn't stop spam that wasn't blocked by other safer rules, or at worst by spamassassin). note that the envelope sender may be wrong (misconfiguration) while the From: header be good, which means the sender is reachable. I am not so sure about the SERVFAIL error, so I would leave that for now. Thanks to everybody that helped soved my problems here. Best regards Keld
Re: About reject_rbl_client, What url must put?
Jose Alberto a écrit : Greetings list. I am activating the check through blacklists (RBL) for receipt of mail, you can find many on the web, in fact place as a top 5, but first he had not placed let emails come even as hotmail, yahoo, gmail, among others. If it got to the final 2 below: smtpd_recipient_restrictions = ... ... reject_rbl_client sbl.spamhaus.org, reject_rbl_client list.dsbl.org, dsbl is dead. ... ... permit My question is to see what I recommended for urls reject_rbl_client in place, if you need more than that I have there? alone or with just one?, what? Rule 1: go for quality, not for quantity. don't try to maximize the number of DNSBLs (and more generally, don't try to maximize the number of checks that you use). regerding DNSBLs, reject_rbl_client zen.spamhaus.org should be enough. other lists are either unsafe (block legitimate mail) or don't block much spam (that is not blocked by zen). leave the messages that are not blocked by postfix to a spam filter (spamassassin for example). some DNSBLs are better used in a score based system such as spamassassin. anyway, when you decide to use a DNSBL, check it. for a list some.domain.tld, the following tests are a minimum: $ host 2.0.0.127.some.domain.tld should return a result (127.0.0.2 should be listed) $ host 1.0.0.127.some.domain.tld should return NXDOMAIN (127.0.0.1 should not be listed). of course, it is your job to check that the DNSBL policy matches your site policy. so visit the DNSBL web site. if you can't find enough infos, ignore it.
Re: Fwd: Reg: Reusing common configurations in main.cf config file in a multiple Postfix instances setup
Wietse Venema: Wietse Venema: Priyanka Tyagi: Hello, I am running three Postfix instances (Postfix version - 2.6.2) on a single host. I have separate postfix configuration files (main.cf and master.cf) specific to each instance. I have most of the configurations common in all of the instances. I want to put all common configurations in one file, and each instance should include configuration details from common file + specific configuration to that particular instance like data_directory etc. Does Postfix -2.6.2 support such resue of common configurations? Please let me know if you need any other details. Here is a complete example of how to maintain multiple main.cf files that share common content. One missing line added below (first line in the makefile). OK, third and final attempt. Wietse Contents of /etc/postfix-shared/makefile: = POSTFIX1= /etc/postfix1 POSTFIX2= /etc/postfix2 COMMON = /etc/postfix-common all:$(POSTFIX1)/main.cf $(POSTFIX2)/main.cf $(POSTFIX1)/main.cf: $(COMMON)/main.cf $(POSTFIX1)/main.cf-private cat $(COMMON)/main.cf $(POSTFIX1)/main.cf-private $(POSTFIX1)/main.cf postfix -c $(POSTFIX1) reload $(POSTFIX2)/main.cf: $(COMMON)/main.cf $(POSTFIX2)/main.cf-private cat $(COMMON)/main.cf $(POSTFIX2)/main.cf-private $(POSTFIX2)/main.cf postfix -c $(POSTFIX2) reload Commands to update multiple Postfix main.cf files: == $ cd /etc/postfix-common $ vi main.cf $ make More details in the make(1) manpage. It is available since 1976 or so. Wietse
Re: warning:address not listed
thnaks On Wed, Jul 15, 2009 at 10:00 PM, Noel Jones njo...@megan.vbhcs.org wrote: K bharathan wrote: i get the following warning from the relay log; this happens when this client connect to my relay; always i get this Jul 15 17:06:07 relay1 postfix/qmgr[3664]: 5CA7F16135E: from=a...@foo.commailto: a...@foo.com, size=483945, nrcpt=2 (queue active) Jul 15 17:13:59 relay1 postfix/smtpd[16344]: warning: 192.168.2.35 http://192.168.2.35: address not listed for hostname smtp.foo.com http://smtp.foo.com Jul 15 17:28:11 relay1 postfix/smtpd[15893]: warning: 192.168.2.35 http://192.168.2.35: address not listed for hostname smtp.foo.com http://smtp.foo.com Jul 15 17:31:06 relay1 postfix/smtpd[16490]: warning: 192.168.2.35 http://192.168.2.35: address not listed for hostname smtp.foo.com http://smtp.foo.com Jul 15 17:31:40 relay1 postfix/smtpd[16345]: warning: 192.168.2.35 http://192.168.2.35: address not listed for hostname smtp.foo.com http://smtp.foo.com what could be causing this warning? The DNS for that client is not set correctly, therefore postfix will label the client as unknown. 192.168.2.35 resolves to smtp.foo.com smtp.foo.com resolves to some other IP. If it's not your client, it's not your problem. -- Noel Jones