Re: Alias members based on LDAP attribute value

[Edgar Fuß]

> So you can store the "foo=bar" query in a "special_result_attribute"
> of an object whose primary lookup key is foobars, and a special
> result attribute specifies the desired query as an LDAP URL.
Ah, neat, thanks!

Am I right to assume that the original (key=alias, value=URI) entry must reside 
in LDAP itself or is there a way of keeping that table statically? Since, for 
our application, it will just consist of one (or, in the future, a handful of) 
entry, it seem a bit of an overkill to ha an LDAP tree just for that one.
In case it has to reside in LDAP: Can you recommend a schema for that subtree?

A an aside: Is there any example in the docs for this most useful feature that 
I overlooked?

Re: Exempting localhost from STARTTLS

[Geert Hendrickx]

On Wed, Sep 09, 2009 at 03:19:11PM -0400, Gerard wrote:
> I use fetchmail to harvest mail from a couple of accounts. I added
> this to the main.cf file and fetchmail stopped delivering mail.


Do you actually need fetchmail to deliver mail via smtp?  If you don't
need special handling by postfix and just want to drop the messages into
your mailbox, you could just as well deliver directly via procmail,
dovecot deliver or any other LDA.  Or use Postfix' sendmail command line
interface.

Just add "mda /path/do/delivry/program" to your .fetchmailrc.


Geert


-- 
Geert Hendrickx  -=-  g...@telenet.be  -=-  PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!

Re: Exempting localhost from STARTTLS

[Gerard]

On Thu, 10 Sep 2009 11:20:28 +0200
Geert Hendrickx  wrote:

> On Wed, Sep 09, 2009 at 03:19:11PM -0400, Gerard wrote:
> > I use fetchmail to harvest mail from a couple of accounts. I added
> > this to the main.cf file and fetchmail stopped delivering mail.
> 
> Do you actually need fetchmail to deliver mail via smtp?  If you don't
> need special handling by postfix and just want to drop the messages
> into your mailbox, you could just as well deliver directly via
> procmail, dovecot deliver or any other LDA.  Or use Postfix' sendmail
> command line interface.
> 
> Just add "mda /path/do/delivry/program" to your .fetchmailrc.

Well, for one thing, I wouldn't use Procmail if you paid me.
(Well, maybe a lot of money anyway).

Second, not all mail is received via Fetchmail.

Third, it is not my system. However, it does use clamav-milter with
Postfix. Wouldn't delivering directly Dovecot by pass virus scanning?

-- 
Gerard
postfix.u...@yahoo.com

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Barth's Distinction:
There are two types of people: those who divide people into two
types, and those who don't.

Re: piped transports error message

[Wietse Venema]

Marcel Montes:
> What does postfix actually add to the bounce message?
> The STDERR output if the return status is not 0?

Postfix absorbs stdout and stderr.  There is some information in
the pipe(8) man page, but it is not complete.

Wietse

DIAGNOSTICS
   Command  exit  status  codes  are  expected  to  follow the conventions
   defined in .  Exit status 0 means normal successful comple-
   tion.

   Postfix  version  2.3  and later support RFC 3463-style enhanced status
   codes.  If a command terminates with a non-zero exit  status,  and  the
   command  output  begins  with an enhanced status code, this status code
   takes precedence over the non-zero exit status.

   Problems and transactions are logged to syslogd(8).  Corrupted  message
   files are marked so that the queue manager can move them to the corrupt
   queue for further inspection.

Re: Exempting localhost from STARTTLS

[Gerard]

On Wed, 9 Sep 2009 15:30:22 -0400 (EDT)
wie...@porcupine.org (Wietse Venema) wrote:

> Gerard:
> > I use fetchmail to harvest mail from a couple of accounts. I added
> > this to the main.cf file and fetchmail stopped delivering mail.
> > 
> > smtpd_tls_security_level = encrypt
> > 
> > This was the error message:
> > 
> > fetchmail: SMTP error: 530 5.7.0 Must issue a STARTTLS command first
> > fetchmail: SMTP server requires STARTTLS, keeping message.
> 
> /etc/postfix/master.cf:
> 192.168.1.1:smtp  inet  n   -   -   -   -
> smtpd 127.0.0.1:smtpinet  n   -   -   -   -
> smtpd -o smtpd_tls_security_level=may
> 
> > I then added this to the main.cf file:
> > 
> > smtpd_sasl_exceptions_networks = localhost
> 
> That controls SASL not TLS.
> 
>   Wietse

I had to modify that slightly and use 192.168.1.103 instead. I received
an error about not being able to bind to the address.

Unfortunately, there still seems to be a problem. The clamav-milter is
now apparently not working correctly.

From maillog:

Sep 10 07:15:18 scorpio postfix/smtpd[59459]: connect from unknown[127.0.0.1]
Sep 10 07:15:18 scorpio postfix/smtpd[59459]: warning: connect to Milter 
service unix:/var/run/clamav/clmilter.sock: No such file or directory
Sep 10 07:15:18 scorpio postfix/smtpd[59459]: 1BF4322834: 
client=unknown[127.0.0.1]

I checked, and clamav-milter is running and the file does exist:
srwxrwxr-x   1 clamav  postfix 0B Sep 10 07:14 clmilter.sock=

In any case, I have activated the submission port and am attempting to
get all the mail users to use that instead. So far, so good.

-- 
Gerard
postfix.u...@yahoo.com

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Likewise, the national appetizer, brine-cured herring with raw onions,
wins few friends, Germans excepted.

Darwin Porter "Scandinavia On $50 A Day"

Re: Postfix not sending SMFIC_RCPT to milter, libmilter rejecting state transition

[Wietse Venema]

Postfix VSTREAMs automatically flush output on the next read
operation; a lot of things depend on this, including the SMTP client
and SMTP server protocol implementations. This is how Postfix avoids
sending silly little network packets.

In the case of skipping Milter replies, the idea is that queued
SMFIC_RCPT messages will be eventually be flushed when Postfix
reads a response from the Milter application; normally that
would be at or before the end-of-body reply.

I am surprised that the VSTREAM doesn't flush SMFIC_RCPT as it
should; normally one has to jump ugly hoops to lose output like
that.

Just so I know I reproduce this correctly, can I have a copy of a
recording (off-list mail is OK)? I can't fix a problem if I don't
know if I reproduce it. I cannot drop what I am doing now, so I
will analyze this later.


Wietse

Re: Formatting of 544- ... lines in "Undelivered Mail Returned to Sender"

[Wietse Venema]

Robin Whittle:
> I am not sure whether this is specified in an RFC, but I understand
> that for every part of the remote MTA's response which starts with
> "544-" there should be a new line in the message to the sender.

Error reports are standardized in 346[1-4]. I invite you to point
out the requirement that ASCII art shall be preserved.

I just can't wait until people start using dotplan(1) animations
(text that uses backspace and other control characters in creative
ways) in their delivery status notifications and demand that these
be reproduced faithfully on recipient screens.

Wietse

(1) http://www.faqs.org/faqs/signature_finger_faq/section-36.html

Re: Exempting localhost from STARTTLS

[Wietse Venema]

Gerard:
> On Wed, 9 Sep 2009 15:30:22 -0400 (EDT)
> wie...@porcupine.org (Wietse Venema) wrote:
> 
> > Gerard:
> > > I use fetchmail to harvest mail from a couple of accounts. I added
> > > this to the main.cf file and fetchmail stopped delivering mail.
> > > 
> > > smtpd_tls_security_level = encrypt
> > > 
> > > This was the error message:
> > > 
> > > fetchmail: SMTP error: 530 5.7.0 Must issue a STARTTLS command first
> > > fetchmail: SMTP server requires STARTTLS, keeping message.
> > 
> > /etc/postfix/master.cf:
> > 192.168.1.1:smtp  inet  n   -   -   -   -
> > smtpd 127.0.0.1:smtpinet  n   -   -   -   -
> > smtpd -o smtpd_tls_security_level=may
> > 
> > > I then added this to the main.cf file:
> > > 
> > > smtpd_sasl_exceptions_networks = localhost
> > 
> > That controls SASL not TLS.
> > 
> > Wietse
> 
> I had to modify that slightly and use 192.168.1.103 instead. I received
> an error about not being able to bind to the address.
> 
> Unfortunately, there still seems to be a problem. The clamav-milter is
> now apparently not working correctly.

Use Victor's suggestion instead.

smtpd_tls_security_level = may
smtpd_client_restrictions = permit_mynetworks, reject_plaintext_session

Wietse

Writing an after-queue content filter in php

[Mathias Tausig]

Hy!

I want to write an after-queue content filter for my postfix
installation which is invoked by spawn (according to the FILTER_README
from postfix.org).

My problem is, that the input/output part simply does not work. I am
sending a "220 localhost SMTP foo" to STDOUT at the beginning of the
script, but somehow, this never reaches the SMTP client in a correct
way. Has anyone ever managed to accomplish such a soultion?

cheers
Mathias

P.S.: I am using posstfix 2.4.5 and php-5.1.2

Re: Writing an after-queue content filter in php

[Wietse Venema]

Mathias Tausig:
> Hy!
> 
> I want to write an after-queue content filter for my postfix
> installation which is invoked by spawn (according to the FILTER_README
> from postfix.org).
> 
> My problem is, that the input/output part simply does not work. I am
> sending a "220 localhost SMTP foo" to STDOUT at the beginning of the
> script, but somehow, this never reaches the SMTP client in a correct
> way. Has anyone ever managed to accomplish such a soultion?

This is an output buffering problem. You need to flush output
after each reply, perhaps by calling the flush() function.

Wietse

Re: Writing an after-queue content filter in php

[Thomas Gelf]

Mathias Tausig wrote:
> I want to write an after-queue content filter for my postfix
> installation which is invoked by spawn (according to the FILTER_README
> from postfix.org).
> 
> My problem is, that the input/output part simply does not work. I am
> sending a "220 localhost SMTP foo" to STDOUT at the beginning of the
> script, but somehow, this never reaches the SMTP client in a correct
> way. Has anyone ever managed to accomplish such a soultion?

You should provide some more details, code samples, whatever. Or sniff
on your lookback to see what's going on. Stream handling in PHP can be
a mess ;-)

Cheers,
Thomas

-- 
 mail: tho...@gelf.net
  web: http://thomas.gelf.net/

Re: Writing an after-queue content filter in php

[Thomas Gelf]

Wietse Venema wrote:
> This is an output buffering problem. You need to flush output
> after each reply, perhaps by calling the flush() function.

Good catch, I guess this could most likely be his problem!

-- 
 mail: tho...@gelf.net
  web: http://thomas.gelf.net/

Postfix unable to delivery mail

[Mark Johnson]

All,

I have 2 mail servers within the same network (One Postfix and One Sendmail). 
Djbdns was also installed in Postfix Mail Server. Sendmail is hosting our 
client email.

The configuration is any incoming mail will send to Postfix first then forward 
to Sendmail. Postfix is also setup as relay mail server.

Postfix is working well to send outgoing mail to outside world, but it won't 
work to forward to another internal mail server. From the Mail Log file, it 
kept looking at external IP address of the domain.

I already modify /etc/postfix/transport, /etc/postfix/access and /etc/hosts and 
add the domainname and ip address.

Any insight suggestion is appreciated.

Thanks.

MJ










  

Configuration question

[Duncan B.]

Hi,

Just a quick config question, which I'm not too sure how to achieve.
I'd like to enable recipient domain validation, which I've partly done (at 
the data stage), however if you then enter another "rcpt to" after the 
data command failed, it'll allow it through.  E.g.


220 relay4.post.newnet.co.uk ESMTP
helo localhost.localdomain
250 relay4.post.newnet.co.uk
mail from: 
250 2.1.0 Ok
rcpt to: 
250 2.1.5 Ok
data
450 4.1.2 : Recipient address rejected: Domain 
not foun

d
rcpt to: 
250 2.1.5 Ok
data
354 End data with .


I assume this is because my "smtpd_recipient_resrictions" doesn't have 
"reject_unknown_recipient_domain"


Here is the config:

relay4# postconf -n | grep restriction
smtpd_client_restrictions = sleep 3, reject_unauth_pipelining
smtpd_data_restrictions = reject_multi_recipient_bounce, 
reject_unauth_pipelining, reject_non_fqdn_recipient, 
reject_unknown_recipient_domain
smtpd_helo_restrictions = reject_non_fqdn_helo_hostname, 
reject_unauth_pipelining
smtpd_sender_restrictions = reject_non_fqdn_sender, 
reject_unknown_sender_domain



The list of CIDR IP ranges to relay for is in the mynetworks variable, 
so I can't do the recipient domain verification in "smtpd_recipient_restrictions" 
because I need "permit_mynetworks", so that my networks can relay through 
the box! permit_mynetworks skips the other checks for those networks.


So, how do I make mynetworks exempt from the smtpd_recipient_restrictions, 
yet make mynetworks able to relay through the box?



Cheers!
Duncan

Re: Postfix unable to delivery mail

[Wietse Venema]

Mark Johnson:
> All,
> 
> I have 2 mail servers within the same network (One Postfix and One Sendmail). 
> Djbdns was also installed in Postfix Mail Server. Sendmail is hosting our 
> client email.
> 
> The configuration is any incoming mail will send to Postfix first then 
> forward to Sendmail. Postfix is also setup as relay mail server.
> 
> Postfix is working well to send outgoing mail to outside world, but it won't 
> work to forward to another internal mail server. From the Mail Log file, it 
> kept looking at external IP address of the domain.
> 
> I already modify /etc/postfix/transport, /etc/postfix/access and /etc/hosts 
> and add the domainname and ip address.
> 
> Any insight suggestion is appreciated.

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail

TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Thank you for using Postfix.

Re: Alias members based on LDAP attribute value

[Victor Duchovni]

On Thu, Sep 10, 2009 at 10:13:35AM +0200, Edgar Fuß wrote:

> > So you can store the "foo=bar" query in a "special_result_attribute"
> > of an object whose primary lookup key is foobars, and a special
> > result attribute specifies the desired query as an LDAP URL.
>
> Ah, neat, thanks!
> 
> Am I right to assume that the original (key=alias, value=URI) entry
> must reside in LDAP itself

Yes the "dynamic group" (typical use-case of this feature) must be
defined as an LDAP object.

> or is there a way of keeping that table statically?

No.

> Since, for our application, it will just consist of one (or,
in the future, a handful of) entry, it seem a bit of an overkill to ha
an LDAP tree just for that one.

You don't need a new "LDAP tree", just a suitable object endowed with
the right attributes.

> In case it has to reside in LDAP: Can you recommend a schema for that subtree?
> 

Sorry, I don't do LDAP schema design, but you should be able to Google
some examples along these lines, separately from any interaction with
Postfix. Just look for schemas for dynammic LDAP groups.

> A an aside: Is there any example in the docs for this most useful
> feature that I overlooked?

The docs describe "special_result_attribute".

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

forged domain in message-id?

[LuKreme]

I've started seeing "forged domain name in Message-ID: header: covisp.net 
" recently when sending from a covisp.net email address. I suspect  
that it is the OS X Mail.app generating it's own Message-ID.


What I'd like is to know how I can let postfix know that Message-IDs  
from authenticated clients with local user addresses are not forged;  
or if that's possible.



postfix 2.62
 $ postconf -n
alias_database = hash:$config_directory/aliases
alias_maps = hash:$config_directory/aliases
allow_percent_hack = no
anvil_rate_time_unit = 60s
body_checks = pcre:$config_directory/body_checks.pcre
bounce_size_limit = 10240
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
default_process_limit = 50
disable_vrfy_command = yes
header_checks = pcre:$config_directory/header_checks.pcre
header_size_limit = 10240
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
mail_owner = postfix
mailbox_command = /usr/local/bin/procmail -t -a $EXTENSION
mailbox_size_limit = 52428800
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_reject_code = 521
message_size_limit = 15728640
mime_header_checks = pcre:$config_directory/mime_headers.pcre
mydestination = $myhostname, localhost.$mydomain, $mydomain,  
localhost,	ns1.$mydomain, ns2.$mydomain, mail.$mydomain, www. 
$mydomain, webmail.$mydomain

mydomain = covisp.net
myhostname = mail.covisp.net
mynetworks = [various IPs], 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
parent_domain_matches_subdomains =  
debug_peer_list 
,fast_flush_domains,mynetworks,qmqpd_authorized_clients,relay_domains

queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
show_user_unknown_table_name = no
smtpd_banner = $myhostname ESMTP $mail_name $mail_version
smtpd_client_connection_count_limit = 15
smtpd_client_connection_rate_limit = 8
smtpd_data_restrictions = reject_unauth_pipelining, 
reject_multi_recipient_bounce,check_sender_access hash: 
$config_directory/backscatterpermit

smtpd_error_sleep_time = 28
smtpd_hard_error_limit = 8
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,	 
reject_invalid_helo_hostname,	reject_non_fqdn_helo_hostname,	permit

smtpd_recipient_limit = 25
smtpd_recipient_restrictions = reject_non_fqdn_sender,  
reject_non_fqdn_recipient, reject_unknown_sender_domain,  
reject_invalid_hostname, permit_mynetworks, check_client_access hash: 
$config_directory/pbs, permit_sasl_authenticated,  
reject_unauth_destination, reject_unlisted_recipient,  
reject_unlisted_sender, reject_unknown_reverse_client_hostname,  
warn_if_reject reject_unknown_client_hostname, check_client_access  
cidr:/var/db/dnswl/postfix-dnswl-permit check_sender_access pcre: 
$config_directory/sender_access.pcre, check_client_access pcre: 
$config_directory/check_client_fqdn.pcre, check_recipient_access pcre: 
$config_directory/recipient_checks.pcre, check_client_access hash: 
$config_directory/access, reject_rbl_client  
zen.spamhaus.org=127.0.0.10 permit

smtpd_restriction_classes = check_greylist
smtpd_sender_restrictions = check_client_access hash:$config_directory/ 
pbs,  permit_sasl_authenticated,   permit_mynetworks

smtpd_soft_error_limit = 4
smtpd_starttls_timeout = 90s
smtpd_tls_cert_file = /etc/postfix/server.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 2
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_sessions
smtpd_tls_session_cache_timeout = 1800s
soft_bounce = no
swap_bangpath = no
transport_maps = hash:/etc/postfix/transport
undisclosed_recipients_header = To: List of Bcc addresses:;
unknown_local_recipient_reject_code = 550
virtual_alias_domains = kreme.com
virtual_alias_maps = hash:$config_directory/virtualpcre: 
$config_directory/virtual.pcre,pcre:$config_directory/ 
virtual_sql.pcre,proxy:mysql:$config_directory/ 
mysql_virtual_alias_maps.cf

virtual_gid_maps = static:89
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = proxy:mysql:$config_directory/ 
mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:$config_directory/ 
mysql_virtual_mailbox_maps.cf

virtual_minimum_uid = 89
virtual_transport = procmail
virtual_uid_maps = static:89




--
Can I borrow your underpants for 10 minutes?

Re: forged domain in message-id?

[Wietse Venema]

LuKreme:
> I've started seeing "forged domain name in Message-ID: header: covisp.net 
> " recently when sending from a covisp.net email address. I suspect  
> that it is the OS X Mail.app generating it's own Message-ID.

Some mail client software will use the domain as the message-id
domain. BACKSCATTER_README has a workaround but that does not work
if you have many such clients.

> What I'd like is to know how I can let postfix know that Message-IDs  
> from authenticated clients with local user addresses are not forged;  
> or if that's possible.

If the client uses the submission service then you could jump the
necessary hoops to give them their own cleanup server with its own
header_checks that discards the message ID.

This is one of those things that would be easier if the cleanup
daemon's code was included into the SMTP server.

Wietse

postfix maildir outside of user home dirs

[Sukh Khehra]

I am installing postfix on a box where all users don't necessarily have
a home directory. Anyone know of a way to configure "home_mailbox"  to
an absolute path(with username var) so every user's mailbox directory
resides under one top level directory?

 

Something like "/var/spool/mail/$USER/", e.g.

 

If I set it to "/var/spool/mail/$USER/" it creates that directory
structure under the user's home directory and doesn't expand the USER
var. This was a total guess on my part and I have no reason to believe I
can use a variable like that.

 

 

Any help would be appreciated. I'd love to avoid procmail to do this as
my installation's workload is sensitive to the extra resource expense
procmail adds.

 

 

 

Re: postfix maildir outside of user home dirs

[Wietse Venema]

Sukh Khehra:
> I am installing postfix on a box where all users don't necessarily have
> a home directory. Anyone know of a way to configure "home_mailbox"  to
> an absolute path(with username var) so every user's mailbox directory
> resides under one top level directory?

If the user has no UNIX account, use the virtual(8) delivery agent.

See also:
http://www.postfix.org/postconf.5.html#mailbox_transport
http://www.postfix.org/VIRTUAL_README.html

Wietse

slow mail delivering

[Israel Garcia]

I've the following issue, sometimes I have some apps who use to send
to the smarthost a lot of mail (hundreds) in just one connection. So,
my smarthost tries to deliver it as soon as mail are coming from
client servers. My question is:

How can I rate limit mail delivering on the smarthost, although he is
receiving a lot of mail from internal clients?

-- 
Regards;
Israel Garcia

Re: Formatting of 544- ... lines in "Undelivered Mail Returned to Sender"

[Robin Whittle]

Hi Wietse,

Thanks for your reply:

>> I am not sure whether this is specified in an RFC, but I understand
>> that for every part of the remote MTA's response which starts with
>> "544-" there should be a new line in the message to the sender.
> 
> Error reports are standardized in 346[1-4]. I invite you to point
> out the requirement that ASCII art shall be preserved.

I understand that the requirements for the section of the error
message I am concerned with is the "Diagnostic code field":

 http://tools.ietf.org/html/rfc3464#section-2.3.6

= = = =

. . .

diagnostic-code-field =
  "Diagnostic-Code" ":" diagnostic-type ";" *text


   . . .

   Since the Status code
   will sometimes be less precise than the actual transport diagnostic
   code, the Diagnostic-Code field is provided to retain the latter
   information.  Such information may be useful in a trouble ticket sent
   to the administrator of the Reporting MTA, or when tunneling foreign
   non-delivery reports through DSNs.

   . . .

   In addition to the Diagnostic-Code itself, additional textual
   description of the diagnostic, MAY appear in a comment enclosed in
   parentheses.

   This field is optional, because some mail systems supply no
   additional information beyond that which is returned in the 'action'
   and 'status' fields.  However, this field SHOULD be included if
   transport-specific diagnostic information is available.

= = = = =

My understanding is that the MTA returns multiple lines, each starting
with the required diagnostic code.

Neither qmail or Postfix follows the RFC in terms of using brackets to
enclose any text following the diagnostic code.  Including such text is
optional anyway (MAY).

I agree there is no requirement about preserving formatting.  It seems
there is no requirement to handle multiple diagnostic codes following a
CR/LF.

It is reasonable to assume that these diagnostic codes and any text
which follows them is the MTA supplying information which is intended to
help a human.

I find qmail's approach of not altering the formatting of the MTA's
output to be more helpful than Postfix's approach of arbitrarily
reformatting this text, by ignoring newlines, by adding newlines
according to an 80 column wrapping limit and by inserting four
blank spaces at the start of every such reformatted line.

What benefits could there be to Postfix's reformatting of the
diagnostic information?

 - Robin

Re: postfix maildir outside of user home dirs

[/dev/rob0]

On Thursday 10 September 2009 18:46:25 Sukh Khehra wrote:
> I am installing postfix on a box where all users don't necessarily
> have a home directory.

Sounds odd, almost like a case for virtual(8), although even virtual
users should have a $HOME.

> Anyone know of a way to configure "home_mailbox" to an absolute
> path(with username var) so every user's mailbox directory 
> resides under one top level directory?

home_mailbox is a path relative to $HOME, as you seem to have
discovered. Next time, postconf.5.html#home_mailbox might expedite
discovery.

> Something like "/var/spool/mail/$USER/", e.g.

Perhaps you want postconf.5.html#mail_spool_directory ? Note, for
local(8) delivery, this directory would probably need mode 1777. I
prefer maildirs under $HOME, personally.

See also local.8.html (prefix these all with your own html_directory,
or use the online copies at www.postfix.org.)
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: slow mail delivering

[Sahil Tandon]

On Thu, 10 Sep 2009, Israel Garcia wrote:

> I've the following issue, sometimes I have some apps who use to send
> to the smarthost a lot of mail (hundreds) in just one connection. So,
> my smarthost tries to deliver it as soon as mail are coming from
> client servers. My question is:
> 
> How can I rate limit mail delivering on the smarthost, although he is
> receiving a lot of mail from internal clients?

You need to provide more information.  See DEBUG_README.  Also who is "he"?
The smarthost?  Do you want to rate limit mail coming IN or mail going OUT
from smarthost to nexthops?

-- 
Sahil Tandon 

Re: Problem with spam messages

[Sahil Tandon]

On Thu, 10 Sep 2009, an...@iguanait.com wrote:

> in our two mail servers i see last weeks this:
> 
> non-SMTP command from 250.84.221.62.dyn.idknet.com[62.221.84.250]:
> From: ? VIAGRA ? Official Site
> 
> How can i block these accesses?

These are harmless; leave it alone.  If you are adamant on REJECTing, parse
the logs for repeated non-SMTP command errors from a given client and then
block said client with an access(5) map.

-- 
Sahil Tandon 

Re: slow mail delivering

[Israel Garcia]

On 9/10/09, Sahil Tandon  wrote:
> On Thu, 10 Sep 2009, Israel Garcia wrote:
>
>> I've the following issue, sometimes I have some apps who use to send
>> to the smarthost a lot of mail (hundreds) in just one connection. So,
>> my smarthost tries to deliver it as soon as mail are coming from
>> client servers. My question is:
>>
>> How can I rate limit mail delivering on the smarthost, although he is
>> receiving a lot of mail from internal clients?
>
> You need to provide more information.  See DEBUG_README.  Also who is "he"?
> The smarthost?  Do you want to rate limit mail coming IN or mail going OUT
> from smarthost to nexthops?
Hi Sahil,

Yes, he = smarthost and I want to rate limit on mail going out from smarthost.

regards,
Israel.
>
> --
> Sahil Tandon 
>


-- 
Regards;
Israel Garcia

Re: Configuration question

[Sahil Tandon]

On Thu, 10 Sep 2009, Duncan B. wrote:

> The list of CIDR IP ranges to relay for is in the mynetworks variable,  
> so I can't do the recipient domain verification in 
> "smtpd_recipient_restrictions" because I need "permit_mynetworks", so 
> that my networks can relay through the box! permit_mynetworks skips the 
> other checks for those networks.

Why don't you reject_unknown_recipient_domain BEFORE permitting your networks
(and/or SASL authenticated clients) in smtpd_recipient_restrictions?

> So, how do I make mynetworks exempt from the 
> smtpd_recipient_restrictions, yet make mynetworks able to relay through 
> the box?

Huh?

As an aside, you appear to be confused by how Postfix processes various
restriction lists.  Just because a client is OK'd in
smtpd_recipient_restrictions does NOT mean that client gets a free pass
through smtpd_data_restrictions or any following restrictions in the SMTP
conversation.

-- 
Sahil Tandon 

Re: python framework for a policy daemon?

[Zhang Huangbin]

On Sep 9, 2009, at 5:50 PM, Ralf Hildebrandt wrote:


Is there a ready to use python framework for a policy daemon?
I have a nice idea for a policy daemon :)


Reference: http://www.apolicy.org/cgi-bin/moin.cgi

--
Best Regards.

Zhang Huangbin

- Open Source Mail Server Solution for Red Hat(R) Enterprise Linux,
  CentOS, Debian, Ubuntu: http://www.iredmail.org/