Re: Betr.: Re: Betr.: Re: Trim part of the header with header rewriting ?

[Arjan Melein]

>>> Op 12-11-2009 om 21:35 is door Wietse Venema 
geschreven:
> Noel Jones:
>> On 11/12/2009 12:28 PM, Arjan Melein wrote:
>> > Yea I just found that out when I just tried to sed the queue file :-)
>> > Any way to limit it to only take out the line on domain X Y and Z ?
>> > On a sidenote, its actually the RCPT TO: line and not the normal TO:
>> > line ... not sure if that's going to be a problem ..
>> > RCPT TO: ORCPT=rfc822;groupwise-sou...@email.addy;1:1 
>> >
>> > Thanks for the help so far.
>> 
>> That doesn't look like a header.  You need to show exact 
>> evidence of the error you're getting.
> 
> As shown below, Postfix 2.7 can "fix" commands from remote SMTP
> clients.  Meanwhile, I am adding a similar feature to "fix" replies
> from remote SMTP servers.
> 
> In your case the regexp could look like:
> 
> /^RCPT\s+TO:(.*);1:1$/ RCPT TO:$1
> 
> This an incredibly unsafe tool.
> 
>   Wietse
> 
> smtpd_command_filter (default: empty)
>A mechanism to substitute incoming SMTP  commands.   This  is  a  
> last-
>resort tool to work around problems with clients that send invalid 
> com-
>mand syntax that would otherwise be rejected by Postfix.
> 
>Specify the name of a "type:table" lookup table. The search  string  
> is
>the  SMTP command as received from the SMTP client, except that 
> initial
>whitespace and the trailing  are removed. The result  value  is
>executed by the Postfix SMTP server.
> 
>Examples:
> 
>/etc/postfix/main.cf:
>smtpd_command_filter = pcre:/etc/postfix/command_filter
> 
>/etc/postfix/command_filter:
># Work around clients that send malformed HELO commands.
>/^HELO\s*$/ HELO domain.invalid
> 
># Work around clients that send empty lines.
>/^\s*$/ NOOP
> 
># Work around clients that send RCPT TO:<'u...@domain'>.
># WARNING: do not lose the parameters that follow the address.
>/^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/ RCPT TO:<$1>$2
> 
>This feature is available in Postfix 2.7.

First, Sorry for the top posting before. Client default puts replies on top.

Second, I'll try and get another relay setup with 2.7 and just add an extra hop 
to our internal mail path so I can take it out again eventually and not have a 
ton of configuration changing to do.. if they ever manage to fix it. Its only 
for outgoing e-mails and people are getting mad enough for me that resorting to 
IPoAC is even an option as long as it works.

-
Arjan

Re: A question about plain and cram-md5 authentication mechanisms

[Ali Majdzadeh]

Patrick,
Hi
Thanks for your reply and for your attention. I think it would be better to
find a solution so that we can utilize these two authentication mechanisms.
Thanks again.

Warm Regards
Ali Majdzadeh Kohbanani


2009/11/13 Ali Majdzadeh 

> Patrick,
> Hi
> Thanks for your reply and for your attention. I think it would be better to
> find a solution so that we can utilize these two authentication mechanisms.
> Thanks again.
>
> Warm Regards
> Ali Majdzadeh Kohbanani
>
> 2009/11/12 Patrick Ben Koetter 
>
> * Ali Majdzadeh :
>> > Viktor,
>> > Thanks for your attention. You are right, but unfortunately we have got
>> some
>> > in-house developed mail clients which are bound to use cram-md5
>> > authentication mechanism. Well, I think I should investigate on
>> integrating
>> > LDAP to our architecture and figure out the new opportunities.
>>
>> If that is only a few and if they can be identified by IP range, offer
>> them a
>> dedicated Postfix smtpd instance, which uses a separate sasldb database
>> without lowering the security standards for the rest of your clients.
>>
>> p...@rick
>>
>> --
>> All technical questions asked privately will be automatically answered on
>> the
>> list and archived for public access unless privacy is explicitely required
>> and
>> justified.
>>
>> saslfinger (debugging SMTP AUTH):
>> 
>>
>
>

Re: status during email life ...

[Stéphane MERLE]

Hi,

Victor Duchovni a écrit :
  2009-11-12T10:59:33-0500 amnesiac postfix/qmgr[1706]: A323688C523: 
removed


  2009-11-12T10:59:33-0500 amnesiac postfix/smtp[29704]: 71FDF88C221:
to=, relay=mail.example.com[192.168.0.1]:25,
delay=0.15, delays=0.01/0/0.03/0.12, dsn=2.6.0, status=sent
(250 2.6.0 <20091112155933.71fdf88c...@amnesiac.example.com>
 Queued mail for delivery)
  
I don't get what this previous log is ... the mail is now sent but the 
lines before it, it was expired  (and it doesnt look like the 
notification mail, as it got the same "to").



This logs the delivery of a bounce message that is "returned to the
sender".
  

I just saw that those mail are sent to n...@localhost :

8652C2E741C6: to=, orig_to=, 
relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=5.1.1, status=bounced 
(unknown user: "null")


surely because I set : bounce_notice_recipient = null
in main.cf

how can I cancel any notification email ? (I am parsing the log files to 
get those informations).


Thanks.

Stéphane

Mail sending problem.

[Manoj Burande]

Hello There,

 I am just trying to configure my postfix to send only mail server.
presently used parameters in "main.cf" configuration file is as
follows:

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = loopback-only
mydestination = textwand.com, localhost, localhost.localdomain, localhost
mailbox_size_limit = 0
myhostname = mail.textwand.com
mynetworks = 127.0.0.0/8
myorigin = textwand.com
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name
notify_classes = resource, software, bounce

But whenever I am trying to send an I got following mail logs:

Nov 13 14:30:27 r1 postfix/pickup[2287]: CCC958FE066: uid=0 from=
Nov 13 14:30:27 r1 postfix/cleanup[2292]: CCC958FE066:
message-id=<20091113090027.ccc958fe...@mail.textwand.com>
Nov 13 14:30:27 r1 postfix/qmgr[2288]: CCC958FE066:
from=, size=464, nrcpt=1 (queue active)
Nov 13 14:30:27 r1 postfix/cleanup[2292]: D19DC8FE063:
message-id=<20091113090027.ccc958fe...@mail.textwand.com>
Nov 13 14:30:27 r1 postfix/local[2294]: CCC958FE066:
to=, relay=local, delay=0.04, delays=0.02/0.01/0/0.01,
dsn=2.0.0, status=sent (forwarded as D19DC8FE063)
Nov 13 14:30:27 r1 postfix/qmgr[2288]: D19DC8FE063:
from=, size=595, nrcpt=1 (queue active)
Nov 13 14:30:27 r1 postfix/qmgr[2288]: CCC958FE066: removed
Nov 13 14:30:51 r1 postfix/smtp[2295]: D19DC8FE063: host
mail.artificialmachines.com[66.226.64.55] said: 451 4.1.8 Domain of sender
address r...@textwand.com does not resolve (in reply to RCPT TO command)
Nov 13 14:31:02 r1 postfix/smtp[2295]: D19DC8FE063:
to=, orig_to=,
relay=mx2.abac.com[216.55.191.203]:25, delay=35, delays=0.01/0.01/33/1.9,
dsn=4.1.8, status=deferred (host mx2.abac.com[216.55.191.203] said: 451
4.1.8 Domain of sender address r...@textwand.com does not resolve (in
reply to RCPT TO command))

  So please guide me if I am doing anything wrong.

-- 
Manoj M. Burande,
Artificial Machines Pvt Ltd,
System Administrator.

Relaying problems

[Stan Hoeppner]

Alex put forth on 11/12/2009 10:09 PM:

> Perhaps the "reject_invalid_helo_hostname" doesn't work with postfix-v1?

Postfix 1.1 was released sometime around Jan 2002. Patch 1.1.13, the
last patch for Postfix 1.1,  was released  July 2003.  So, you're
running 6-7 year old code _at best_, there Alex.  Many solutions people
offer you here possibly won't work because so much has changed.

As a general rule, Postfix versions prior to 2.3 aren't supported here.
 I've seen a few exceptions.  But if you're below 2.0, people might
throw shoes at you, or just ignore you until you upgrade.

If I may ask, why are you still running Postfix 1.x?  Why haven't you
upgraded?

--
Stan

Re: Mail sending problem.

[Barney Desmond]

2009/11/13 Manoj Burande :
> presently used parameters in "main.cf" configuration file is as
> follows:

No, please show the output of `postconf -n` when describing your
configuration. The contents of main.cf is less useful as it doesn't
accurately describe the configuration Postfix is using.

>    But whenever I am trying to send an I got following mail logs:
>
> Nov 13 14:31:02 r1 postfix/smtp[2295]: D19DC8FE063:
> to=, orig_to=,
> relay=mx2.abac.com[216.55.191.203]:25, delay=35, delays=0.01/0.01/33/1.9,
> dsn=4.1.8, status=deferred (host mx2.abac.com[216.55.191.203] said: 451
> 4.1.8 Domain of sender address r...@textwand.com does not resolve (in
> reply to RCPT TO command))

This is quite clear. The sender address is r...@textwand.com. The
remote server (mx2.abac.com) is unable to (DNS) lookup textwand.com,
so it refuses to accept the mail. You have no useful DNS records for
textwand.com, so this is pretty reasonable.
http://www.robtex.com/dns/textwand.com.html

Re: status during email life ...

[Wietse Venema]

St?phane MERLE:
> I just saw that those mail are sent to n...@localhost :
> 
> 8652C2E741C6: to=, orig_to=, 
> relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=5.1.1, status=bounced 
> (unknown user: "null")
> 
> surely because I set : bounce_notice_recipient = null
> in main.cf
> 
> how can I cancel any notification email ? (I am parsing the log files to 
> get those informations).

You don't delete bounce messages.

Instead, you fix the problem that causes mail to bounce.

Wietse

Re: Mail sending problem.

[Manoj Burande]

Hi Barney,

   Here I just wanted to explain you that what exactly I am trying to do is,

1] I am trying to configure postfix mail server that can only send mails.
It receives no mail from the network.

2] The MX records tell the world which server will accept inbound mail for
your domain. They have nothing to do with sending outbound mail. That's
why I have not made any DNS entry for my domain "textwand.com".

3] Locally generated mails will be forward ALERT / INFO /CRITICAL
notifications generated by my local syslogd to me. I want generated log
reports to go to my "manoj.bura...@artificialmachines.com" account.

4] I have hosted my JAVA application on the same server. And it will
generate mail to deliver to the users. e.g. mmbura...@gmail.com /
yahoo.com or manoj.bura...@artificialmachines.com etc..In short it will
deliver mail on the internet to other domain users.


Here I am providing you the output of "postconf -n". Please guide me
if I am doing anything wrong. Please...


[r...@r1 ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = /usr/share/doc/postfix-2.5.6-documentation/html
inet_interfaces = loopback-only
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = textwand.com, localhost, localhost.localdomain, localhost
myhostname = mail.textwand.com
mynetworks = 127.0.0.0/8
myorigin = textwand.com
newaliases_path = /usr/bin/newaliases.postfix
notify_classes = resource, software, bounce
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.6-documentation/readme
recipient_delimiter = +
relayhost =
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name
unknown_local_recipient_reject_code = 550



> 2009/11/13 Manoj Burande :
>> presently used parameters in "main.cf" configuration file is as
>> follows:
>
> No, please show the output of `postconf -n` when describing your
> configuration. The contents of main.cf is less useful as it doesn't
> accurately describe the configuration Postfix is using.
>
>>    But whenever I am trying to send an I got following mail logs:
>>
>> Nov 13 14:31:02 r1 postfix/smtp[2295]: D19DC8FE063:
>> to=, orig_to=,
>> relay=mx2.abac.com[216.55.191.203]:25, delay=35,
>> delays=0.01/0.01/33/1.9,
>> dsn=4.1.8, status=deferred (host mx2.abac.com[216.55.191.203] said: 451
>> 4.1.8 Domain of sender address r...@textwand.com does not resolve (in
>> reply to RCPT TO command))
>
> This is quite clear. The sender address is r...@textwand.com. The
> remote server (mx2.abac.com) is unable to (DNS) lookup textwand.com,
> so it refuses to accept the mail. You have no useful DNS records for
> textwand.com, so this is pretty reasonable.
> http://www.robtex.com/dns/textwand.com.html
>


-- 
Manoj M. Burande,
Artificial Machines Pvt Ltd,
System Administrator.

quota.txt file

[listas]

Hi,

Where I get the quota.txt file?

Not found in http://puuhis.net/vhcs/quota.txt

Thanks


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: quota.txt file

[Steve]

 Original-Nachricht 
> Datum: Fri, 13 Nov 2009 10:06:32 -0200 (BRST)
> Von: lis...@hidrautronica.ind.br
> An: postfix-users@postfix.org
> Betreff: quota.txt file

> Hi,
> 
> Where I get the quota.txt file?
> 
> Not found in http://puuhis.net/vhcs/quota.txt
> 
And what does VHCS have to do with Postfix? This is the Postfix mailing list 
and not the VHCS mailing list. Use Google to search for the file and you will 
quickly get to this link: 
http://www.howtoforge.net/forums/showthread.php?p=206333


> Thanks
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.

-- 
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01

Re: Betr.: Re: Betr.: Re: Trim part of the header with header rewriting ?

[Arjan Melein]

>>> Op 12-11-2009 om 21:35 is door Wietse Venema 
geschreven:
> Noel Jones:
>> On 11/12/2009 12:28 PM, Arjan Melein wrote:
>> > Yea I just found that out when I just tried to sed the queue file :-)
>> > Any way to limit it to only take out the line on domain X Y and Z ?
>> > On a sidenote, its actually the RCPT TO: line and not the normal TO:
>> > line ... not sure if that's going to be a problem ..
>> > RCPT TO: ORCPT=rfc822;groupwise-sou...@email.addy;1:1 
>> >
>> > Thanks for the help so far.
>> 
>> That doesn't look like a header.  You need to show exact 
>> evidence of the error you're getting.
> 
> As shown below, Postfix 2.7 can "fix" commands from remote SMTP
> clients.  Meanwhile, I am adding a similar feature to "fix" replies
> from remote SMTP servers.
> 
> In your case the regexp could look like:
> 
> /^RCPT\s+TO:(.*);1:1$/ RCPT TO:$1
> 
> This an incredibly unsafe tool.
> 
>   Wietse
> 
> smtpd_command_filter (default: empty)
>A mechanism to substitute incoming SMTP  commands.   This  is  a  
> last-
>resort tool to work around problems with clients that send invalid 
> com-
>mand syntax that would otherwise be rejected by Postfix.
> 
>Specify the name of a "type:table" lookup table. The search  string  
> is
>the  SMTP command as received from the SMTP client, except that 
> initial
>whitespace and the trailing  are removed. The result  value  is
>executed by the Postfix SMTP server.
> 
>Examples:
> 
>/etc/postfix/main.cf:
>smtpd_command_filter = pcre:/etc/postfix/command_filter
> 
>/etc/postfix/command_filter:
># Work around clients that send malformed HELO commands.
>/^HELO\s*$/ HELO domain.invalid
> 
># Work around clients that send empty lines.
>/^\s*$/ NOOP
> 
># Work around clients that send RCPT TO:<'u...@domain'>.
># WARNING: do not lose the parameters that follow the address.
>/^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/ RCPT TO:<$1>$2
> 
>This feature is available in Postfix 2.7.

It might be unsafe, but it seems to do its job properly from what I can see in 
the tcpdumps..
I set up an extra relay between our enterprise system and our gateway and just 
re-routed outgoing e-mails for certain domains from GroupWise over that extra 
relay, that changes the header and hands it off to our normal gateway.
This way e-mail which was working normally does not run over anything marked as 
incredibly unsafe :-)
Thanks for the help both of you.

-
Arjan

Re: Mail sending problem.

[Barney Desmond]

2009/11/13 Manoj Burande :
>   Here I just wanted to explain you that what exactly I am trying to do is,
>
> 1] I am trying to configure postfix mail server that can only send mails.
> It receives no mail from the network.
>
> 2] The MX records tell the world which server will accept inbound mail for
> your domain. They have nothing to do with sending outbound mail. That's
> why I have not made any DNS entry for my domain "textwand.com".

This is reasonable. *However*, most mail providers tend to reject mail
from domains like yours, which have no DNS records. There's
theoretically nothing wrong with your setup, but given that most email
nowadays is spam, mail providers are only interested in "legitimate"
looking mail.

Furthermore, mail "should" be able to go back to the sender for
accountability, such as spamming problems and administrative issues.
It's basically, "if I can't contact you, then I'm not interested in
your mail". See further down for more notes.

> 3] Locally generated mails will be forward ALERT / INFO /CRITICAL
> notifications generated by my local syslogd to me. I want generated log
> reports to go to my "manoj.bura...@artificialmachines.com" account.
>
> 4] I have hosted my JAVA application on the same server. And it will
> generate mail to deliver to the users. e.g. mmbura...@gmail.com /
> yahoo.com or manoj.bura...@artificialmachines.com etc..In short it will
> deliver mail on the internet to other domain users.

Big, free providers like Gmail and Yahoo are *very* strict on things
like this. Yahoo is notoriously difficult to get mail to sometimes, as
an example, but your mileage may vary.

> Here I am providing you the output of "postconf -n".

For outbound-only mail that generally looks okay. It's worth noting
that some mail servers will perform "sender callback", where they
attempt to connect to the MX of the sending domain (again, they want
to check that the sender will also receive mail, in case of problems,
abuse, etc.). Because you're only listening on loopback addresses, you
may fail that check on some servers, so they'll refuse your mail.

It's difficult to make a comprehensive list of things you can/should
do to successfully send mail, but having DNS records would be an
important step - you don't *have* to accept inbound email, but it'll
help your legitimacy.

Experience with the new speed_adjust feature

[Mark Martinec]

For the last couple of days I'm now experimenting with the
2.7-20091105-nonprod with the new speed_adjust experimental feature
turned on at the MX port, along with the postscreen. Seems to work
as advertised: timing reports by a pre-queue proxy content filter confirm
that the content filter is invoked only after data has been received.
Current mail load on our server is not high, so I haven't yet seen
what happens under high mail rate conditions.

Here is the relevant part of my master.cf:

dnsblog  unix  -   -   n   -   0   dnsblog
smtp inet  n   -   n   -   1   postscreen
smtpdpass  -   -   n   -  150  smtpd
-o smtpd_proxy_filter=127.0.0.1:10010
-o smtpd_proxy_options=speed_adjust
-o smtpd_client_connection_count_limit=30
-o smtpd_proxy_timeout=600

Two things are on my mind:

1. I'm dearly missing in the postfix log the SMTP response from a
pre-queue content filter (or better, a response that was sent back to a SMTP
client), at least in case of a 5xx or 4xx response. With a post-queue filter
setup the response is clearly logged, unlike in the pre-queue setup where it
is not. It makes it hard to correlate a spartanic postfix log of a rejected
transaction (due to a proxy filter rejection) with a log from a content
filter. Even if the correlation were somehow available, seeing a confirmation
of what was really sent back to the client in a postfix log would contribute
to the confidence in the correctness of operation.


2. A couple of times per day I see that postfix terminates its smtpd service:

  +pid 9297 (smtpd), uid 125: exited on signal 6
  +pid 12680 (smtpd), uid 125: exited on signal 6
  +pid 9306 (smtpd), uid 125: exited on signal 6

and a corresponding log entry from a smtpd process:

  panic: smtpd_proxy_replay_setup:
non-empty before-queue filter speed-adjust log

The log (some other PIDs) can look like (a grep by PID,
showing previous two transaction of the same process):

Nov 13 13:07:07 dorothy postfix/smtpd[82601]:
 connect from unknown[74.63.109.233]
Nov 13 13:07:08 dorothy postfix/smtpd[82601]:
 NOQUEUE: client=unknown[74.63.109.233]
Nov 13 13:07:12 dorothy postfix/smtpd[82601]:
 disconnect from unknown[74.63.109.233]

Nov 13 13:07:29 dorothy postfix/smtpd[82601]:
 connect from 201-92-220-64.dsl.telesp.net.br[201.92.220.64]
Nov 13 13:07:30 dorothy postfix/smtpd[82601]:
 NOQUEUE: client=201-92-220-64.dsl.telesp.net.br[201.92.220.64]
Nov 13 13:07:36 dorothy postfix/smtpd[82601]:
 disconnect from 201-92-220-64.dsl.telesp.net.br[201.92.220.64]

Nov 13 13:07:43 dorothy postfix/smtpd[82601]:
 warning: 122.168.228.121: hostname
 ABTS-mpdynamic-121.228.168.122.airtelbroadband.in
 verification failed: hostname nor servname provided, or not known
Nov 13 13:07:43 dorothy postfix/smtpd[82601]:
 connect from unknown[122.168.228.121]
Nov 13 13:08:26 dorothy postfix/smtpd[82601]:
 NOQUEUE: client=unknown[122.168.228.121]
Nov 13 13:08:26 dorothy postfix/smtpd[82601]:
 lost connection after RCPT from unknown[122.168.228.121]
Nov 13 13:08:26 dorothy postfix/smtpd[82601]:
 disconnect from unknown[122.168.228.121]

Nov 13 13:08:32 dorothy postfix/smtpd[82601]:
 connect from unknown[121.139.242.179]
Nov 13 13:08:34 dorothy postfix/smtpd[82601]:
 panic: smtpd_proxy_replay_setup: non-empty before-queue
 filter speed-adjust log


Here is another case:

Nov 13 13:52:43 dorothy postfix/smtpd[4186]:
 NOQUEUE: client=200-199-119-208.user.neoline.com.br[200.199.119.208]
Nov 13 13:52:53 dorothy postfix/smtpd[4186]:
 disconnect from 200-199-119-208.user.neoline.com.br[200.199.119.208]

Nov 13 13:52:58 dorothy postfix/smtpd[4186]:
 connect from unknown[77.29.4.99]
Nov 13 13:53:01 dorothy postfix/smtpd[4186]:
 NOQUEUE: client=unknown[77.29.4.99]
Nov 13 13:54:23 dorothy postfix/smtpd[4186]:
 lost connection after DATA (1589 bytes) from unknown[77.29.4.99]
Nov 13 13:54:23 dorothy postfix/smtpd[4186]:
 disconnect from unknown[77.29.4.99]

Nov 13 13:54:28 dorothy postfix/smtpd[4186]:
 connect from unknown[170.51.195.142]
Nov 13 13:54:31 dorothy postfix/smtpd[4186]:
 panic: smtpd_proxy_replay_setup: non-empty before-queue
 filter speed-adjust log


So what does this mean?

  Mark

Re: status during email life ...

[Stéphane MERLE]

Hi,

Wietse Venema a écrit :

St�phane MERLE:
  

I just saw that those mail are sent to n...@localhost :

8652C2E741C6: to=, orig_to=, 
relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=5.1.1, status=bounced 
(unknown user: "null")


surely because I set : bounce_notice_recipient = null
in main.cf

how can I cancel any notification email ? (I am parsing the log files to 
get those informations).



You don't delete bounce messages.

Instead, you fix the problem that causes mail to bounce.
  
Some bounce have no solution ...like spam (false) detection by hotmail 
(if I retry the same adress on an another server, with another ip, it go 
through most of the time ...) . And I don't want to delete a bounce 
message (especially in the logs) I just want to avoid to send an email 
to sender or null when a message is bounced or even expired  is that 
possible ?
because right now, the notification mail doesn't go out, but I assume 
that it takes some of the machine time 

Wietse
  


thanks for you help and patience 

Stéphane

Creation of Message-ID

[lst_hoe02]

Hello

as far as i know Postfix does not alter a Message-ID beside when it  
creates a missing one. Is there some way one could find out later in  
the logfile if Postfix has created one? Is it sufficient if the  
Message-ID looks like "@" or  
is there some other thing to check?


Many Thanks

Andreas

Re: Experience with the new speed_adjust feature

[Wietse Venema]

Mark Martinec:
> For the last couple of days I'm now experimenting with the
> 2.7-20091105-nonprod with the new speed_adjust experimental feature
> turned on at the MX port, along with the postscreen. Seems to work
> as advertised: timing reports by a pre-queue proxy content filter confirm
> that the content filter is invoked only after data has been received.
> Current mail load on our server is not high, so I haven't yet seen
> what happens under high mail rate conditions.

Thanks.  20091105-nonprod has a known problem when the temp file
can't be written for some reason (fixed in 20091109).

I speculate that under load, clients will experience delays at a
different point in the conversation.

Assume that the maximal number of filter processes is tuned such
that the machine does not collapse under that load.

Without speed-match, there is exactly one smtpd process for each
filter.  As soon as all smtpd processes are busy (whether or not
these sessions rejecting mail early), new tcp connections will get
queued, and clients experience a delay before the 220 welcome
greeting.

With speed-match, there can be more smtpd processes than filters,
Once all filters are busy, clients that complete an SMTP delivery
will experience a delay after sending ".".  When the load increases
to the point that all smtpd processes are busy, which should happen
later than in the "no speed-match" scenario, new tcp connections
will get queued and clients experience a delay before the 220
welcome greeting.

As for the second problem, it would help if you could add a missing
sanity check here:

*** ./smtpd_proxy.c-Thu Nov  5 16:48:53 2009
--- ./smtpd_proxy.c Fri Nov 13 08:27:37 2009
***
*** 1027,1032 
--- 1027,1038 
 (p)->a10, (p)->a11, (p))
  
  /*
+  * Sanity check.
+  */
+ if (state->proxy != 0)
+   msg_panic("smtpd_proxy_create: handle still exists");
+ 
+ /*
   * Connect to the before-queue filter immediately.
   */
  if ((flags & SMTPD_PROXY_FLAG_SPEED_ADJUST) == 0) {

It will help to get closer to the root cause. Meanwhile, I can set
up a null-filter measurement on my tiny site and see if this triggers
something. I thought that every mail transaction ends with truncating
the temporary file, even when the transaction is aborted early.

> Two things are on my mind:
> 
> 1. I'm dearly missing in the postfix log the SMTP response from a
> pre-queue content filter (or better, a response that was sent back to a SMTP
> client), at least in case of a 5xx or 4xx response. With a post-queue filter
> setup the response is clearly logged, unlike in the pre-queue setup where it
> is not. It makes it hard to correlate a spartanic postfix log of a rejected
> transaction (due to a proxy filter rejection) with a log from a content
> filter. Even if the correlation were somehow available, seeing a confirmation
> of what was really sent back to the client in a postfix log would contribute
> to the confidence in the correctness of operation.

I assumed that the filter will already log the rejects (possible with the
client name/address from xforward), and therefore Postfix would
not need to add to the noise, but this can be changed.

Wietse

Re: status during email life ...

[Wietse Venema]

St??phane MERLE:
> Hi,
> 
> Wietse Venema a ?crit :
> > St?phane MERLE:
> >   
> >> I just saw that those mail are sent to n...@localhost :
> >>
> >> 8652C2E741C6: to=, orig_to=, 
> >> relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=5.1.1, status=bounced 
> >> (unknown user: "null")
> >>
> >> surely because I set : bounce_notice_recipient = null
> >> in main.cf
> >>
> >> how can I cancel any notification email ? (I am parsing the log files to 
> >> get those informations).
> >> 
> >
> > You don't delete bounce messages.
> >
> > Instead, you fix the problem that causes mail to bounce.
> >   
> Some bounce have no solution ...like spam (false) detection by hotmail 

Sorry, that is NOT a good reason to throw away rejected mail.

When non-spam mail is rejected, the sender needs to know. It is
up to the sender to deal with this, not the MTA operator.

When people are sending real spam to hotmail, then silencing Postfix
is not the proper solution.

Wietse

Re: status during email life ...

[Stéphane MERLE]

Wietse Venema a écrit :

Sorry, that is NOT a good reason to throw away rejected mail.

When non-spam mail is rejected, the sender needs to know. It is
up to the sender to deal with this, not the MTA operator.

When people are sending real spam to hotmail, then silencing Postfix
is not the proper solution.

Wietse
  
Ok, I just get what you meant, here, the sender is a robot, those smtp 
server are use for mass mailing (subscription mailing like horoscope or 
daily recipe), so I don't need an actual email to know that a mail is 
bounced or expired. I am dealing directly with the postfix log files to 
get this and to react on the database. This is why I'd like to "cancel" 
the notification message. But I do understand perfectly that the MTA 
have to send the notification most of the time, because people who sent 
mail need to know that the mail is wrong or rejected.

I am sorry, I should have made myself clearer from the beginning.

Thanks again for your patience.

Stéphane

Re: status during email life ...

[Wietse Venema]

St?phane MERLE:
> Wietse Venema a ?crit :
> > Sorry, that is NOT a good reason to throw away rejected mail.
> >
> > When non-spam mail is rejected, the sender needs to know. It is
> > up to the sender to deal with this, not the MTA operator.
> >
> > When people are sending real spam to hotmail, then silencing Postfix
> > is not the proper solution.
> >
> > Wietse
> >   
> Ok, I just get what you meant, here, the sender is a robot, those smtp 
> server are use for mass mailing (subscription mailing like horoscope or 
> daily recipe), so I don't need an actual email to know that a mail is 
> bounced or expired. I am dealing directly with the postfix log files to 
> get this and to react on the database. This is why I'd like to "cancel" 
> the notification message. But I do understand perfectly that the MTA 
> have to send the notification most of the time, because people who sent 
> mail need to know that the mail is wrong or rejected.
> I am sorry, I should have made myself clearer from the beginning.

I will not post instructions to throw away non-delivery notices.
I know that people would mis-use this to cover up their mistakes
so that their users don't find out that mail was mis-handled.

If you have a specialized need that never needs to deliver NDRs,
then it is easy enough to edit the Postfix SMTP client source code
and change the SMTP_STATE_DOT reply handler so that it skips the
server reply code test.

Wietse

Re: status during email life ...

[Stéphane MERLE]

I will not post instructions to throw away non-delivery notices.
I know that people would mis-use this to cover up their mistakes
so that their users don't find out that mail was mis-handled.

If you have a specialized need that never needs to deliver NDRs,
then it is easy enough to edit the Postfix SMTP client source code
and change the SMTP_STATE_DOT reply handler so that it skips the
server reply code test.

Wietse
  


You're probably right, I will not edit the source code, too much work to 
spraid the change over all the servers and to keep them updated. I will 
just keep using the NULL, thanks for your help anyway.


Stéphane

Re: status during email life ...

[Victor Duchovni]

On Fri, Nov 13, 2009 at 10:06:09AM +0100, St?phane MERLE wrote:

>> This logs the delivery of a bounce message that is "returned to the
>> sender".
>>   
> I just saw that those mail are sent to n...@localhost :
>
> 8652C2E741C6: to=, orig_to=, 
> relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=5.1.1, status=bounced 
> (unknown user: "null")
>
> surely because I set : bounce_notice_recipient = null
> in main.cf

No, the "orig_to" tells us that the mail was addressed to
"john@distdomain.com", and rewritten to "n...@localhost" via
canonical_maps or virtual_alias_maps (more likely the latter).

Such a rewrite seems unwise...

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Server-side mail filtering (postfix+cyrus-imap)

[Julien Vehent]

Can you send the result of "grep sieve /etc/imapd.conf", I wonder if your
sieve configuration in /etc/imapd.conf is correct...
maybe the path of sievedir leads to a directory that's not writable...



On Fri, 13 Nov 2009 13:30:23 +0100, nunatarsuaq 
wrote:
> Same thing.
> I logged in with a personal account put a filter (tried
> "user.testowy.Junk", "user/testowy.Junk" and "user/testowy/Junk") with
> the same error
> 
> upload failed: put script: script errors:
> line 2: fileinto not required
> 
> Folder /var/spool/imap/t/user/testowy/Junk exists.

Re: Postfix version.

[Noel Jones]

On 11/12/2009 11:56 PM, Manoj Burande wrote:

Hello Noel,

   As I checked with "http://www.postfix.org/announcements.html"; I
found the following current stable version of postfix mail server.
But I do not find any RPM for the same.

# August 28, 2009: Stable release Postfix 2.6.5.

   Currently I am using postfix version as resulted with # postconf
mail_version command. So can you please tell me is it ok to use this
version on my production servers?

[r...@ns ~]# postconf mail_version
mail_version = 2.5.6



Pretty much any postfix version from 2.3.0 thru the current 
snapshot will be reasonably safe and stable in a production 
environment.


Newer versions will have bug fixes and new features that may 
or may not affect you.  Bugs in postfix tend to be small 
annoyances rather than major issues.  New features are only 
useful if they fix some problem you have.


Check the online HISTORY and RELEASE_NOTES to see what's been 
changed.


  -- Noel Jones

Re: Relaying problems

[Noel Jones]

On 11/12/2009 10:09 PM, Alex wrote:

Hi,


If you don't want to whitelist the IP address completely but instead just
want to allow it to bypass your HELO checks, then check_helo_access will
work. However, you should first understand that the type of lookup performed
depends on the name of the restriction, NOT where the restriction is placed.

For example, as was mentioned before, check_client_access looks up the
"client" (hostname, IP address,...). Likewise, check_sender_access looks up
the envelope sender, domain, etc. In this case, check_helo_access is going
to look up the HELO hostname of the client.


But helo is a component of the envelope, no? Wouldn't it then make
sense to have it in sender_checks?


On 11/13/2009 1:30 AM, LuKreme wrote:
> On 12-Nov-2009, at 21:09, Alex wrote:
>> But helo is a component of the envelope, no?
>
> No.
>

Technically, the envelop is only the sender and receiver. 
However, for purposes of this list we commonly also include 
the client IP/hostname and HELO in discussions of envelope data.


So you do finely get that "yes and no" answer you've been 
looking for.  ;)


At any rate, you miss the point.
The smtpd_{client, helo, sender, recipient}_restrictions are 
about *when* a check takes place, corresponding to the {client 
connection, HELO, MAIL FROM, RCPT TO} stage of the SMTP 
transaction.


(The *when* is altered by the smtpd_delay_reject (default yes) 
which delays all those restrictions from running until the 
client sends RCPT TO.  This was added as a feature and as a 
default after it was discovered that some clients react badly 
to being rejected prior to RCPT TO.  It also has the 
beneficial side effect that you get more complete logging of 
rejected transactions.  But this is distracting from your issue.)


The check_{client, helo, sender, recipient}_access tests look 
for something in a list, and if the something is found, do 
that function.  You have to tell postfix /what/ to look for by 
specifying client, helo, sender, or recipient.


So, for example, if you tell postfix to look for the client IP 
in a table by using check_client_access, you don't want to put 
a HELO name or a sender address in the table -- it will never 
match.



Okay, just tried that from a test network, and it doesn't work for me.
In helo_checks.pcre I have:

/^inside.testdomain.com$/ DUNNO
/./ reject_invalid_helo_hostname


There is no reject_invalid_helo_hostname in postfix 1.1.  If 
that table was used, you would have received a server 
configuration error and the mail would have been deferred with 
a 421 code.



I've reloaded postfix and performed the same steps as I have
previously, and it produces this in the logs:

Nov 12 22:48:51 smtp01 postfix/smtpd[6860]: reject: RCPT from albert.testdomain
.com[192.168.1.99]: 504: Helo command rejected: need fully-qualified hos
tname; from=  to=

To follow up with Noel's post,


You use check_client_access because your table contains a client IP.  If your 
table
contained the actual bad HELO name you could use check_helo_access, but 
generally
it's better to whitelist by client address.


Does that conflict with what Michael was saying about not allowing IP
addresses in access files, or am I misunderstanding what Michael was
saying?


Eh? I didn't see anything about not allowing IPs.



Assuming we do know that the helo would consistently be "alex123" for
test purposes, I could somehow configure the helo_access to permit
based on that string?


Yes, you can whitelist the specific bad helo.  However, it's 
generally better to whitelist a client (verified property 
unique to that client) rather than a helo or sender address 
(something easily forged).





Below is the postconf -n. Thanks very much for analyzing it for me.
Actually, I didn't want to be presumptuous, but it probably would have
been quicker in the end :-)

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
alternate_config_directories = /etc/postfix_f
always_bcc =
biff = no
body_checks = regexp:/etc/postfix/body_checks
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_process_limit = 120
delay_warning_time = 0
disable_mime_input_processing = yes
disable_vrfy_command = yes
enabled = yes
fallback_relay =
header_checks = pcre:/etc/postfix/header_checks
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 25600
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
zen.spamhaus.org
cbl.abuseat.org
sbl.spamhaus.org
pbl.spamhaus.org


zen.spamhaus.org already includes both sbl.spamhaus.org and 
pbl.spamhaus.org.



maximal_queue_lifetime = 5d
message_size_limit = 13312000
mime_header_checks =
minimal_backoff_time = 800s
mydestination = $myhostname, localhost.$mydomain
myhostname = smtp01.testdomain.com
mynetworks = 127.0.0.0/8, 192.168.161.45/32, 192.168.174.45/32, 192.168.227.0/24
newali

Re: Experience with the new speed_adjust feature

[Mark Martinec]

On Friday 13 November 2009 14:48:27 Wietse Venema wrote:
> 20091105-nonprod has a known problem when the temp file
> can't be written for some reason (fixed in 20091109).
> As for the second problem, it would help if you could add
> a missing sanity check here:

Thanks. Done both: upgraded to 20091109 and applied the patch.

> Assume that the maximal number of filter processes is tuned such
> that the machine does not collapse under that load.

For the time being it is all very comfortable, less then 10% of
available content filtering processes are actually busy.
 
> It will help to get closer to the root cause.

So far no "smtpd_proxy_create: handle still exists" were logged,
despite several panics.

I have simplified the setup, no more postscreen, and TLS is no longer
offered, but the problem remains. Here is another fresh sample, this
one covers the full lifetime of one smtpd process (full grep by its PID):

Nov 13 17:42:44 dorothy postfix/smtpd[28345]: warning: 190.205.148.176: 
hostname 190-205-148-176.dyn.dsl.cantv.net verification failed: hostname nor 
servname provided, or not known
Nov 13 17:42:44 dorothy postfix/smtpd[28345]: connect from 
unknown[190.205.148.176]
Nov 13 17:42:46 dorothy postfix/smtpd[28345]: NOQUEUE: reject: RCPT from 
unknown[190.205.148.176]: 550 5.1.8 : Sender address 
rejected: Domain not found; 
from= to= proto=ESMTP 
helo=
Nov 13 17:42:48 dorothy postfix/smtpd[28345]: NOQUEUE: reject: RCPT from 
unknown[190.205.148.176]: 550 5.1.8 : Sender address 
rejected: Domain not found; 
from= to= proto=ESMTP 
helo=
Nov 13 17:42:50 dorothy postfix/smtpd[28345]: NOQUEUE: reject: RCPT from 
unknown[190.205.148.176]: 550 5.1.8 : Sender 
address rejected: Domain not found; 
from= to= proto=ESMTP 
helo=
Nov 13 17:42:51 dorothy postfix/smtpd[28345]: disconnect from 
unknown[190.205.148.176]
Nov 13 17:42:56 dorothy postfix/smtpd[28345]: connect from 
gtwout2.ill.fr[193.49.43.102]
Nov 13 17:42:56 dorothy postfix/smtpd[28345]: NOQUEUE: 
client=gtwout2.ill.fr[193.49.43.102]
Nov 13 17:42:59 dorothy postfix/smtpd[28345]: disconnect from 
gtwout2.ill.fr[193.49.43.102]
Nov 13 17:42:59 dorothy postfix/smtpd[28345]: warning: 189.20.244.170: hostname 
189-20-244-170.customer.tdatabrasil.net.br verification failed: hostname nor 
servname provided, or not 
known
Nov 13 17:42:59 dorothy postfix/smtpd[28345]: connect from 
unknown[189.20.244.170]
Nov 13 17:43:01 dorothy postfix/smtpd[28345]: NOQUEUE: 
client=unknown[189.20.244.170]
Nov 13 17:43:03 dorothy postfix/smtpd[28345]: disconnect from 
unknown[189.20.244.170]
Nov 13 17:43:08 dorothy postfix/smtpd[28345]: connect from 
71-231-58-66.gci.net[66.58.231.71]
Nov 13 17:43:09 dorothy postfix/smtpd[28345]: NOQUEUE: 
client=71-231-58-66.gci.net[66.58.231.71]
Nov 13 17:43:13 dorothy postfix/smtpd[28345]: disconnect from 
71-231-58-66.gci.net[66.58.231.71]
Nov 13 17:43:15 dorothy postfix/smtpd[28345]: connect from 
cernmx13.cern.ch[137.138.142.200]
Nov 13 17:43:15 dorothy postfix/smtpd[28345]: NOQUEUE: 
client=cernmx13.cern.ch[137.138.142.200]
Nov 13 17:43:18 dorothy postfix/smtpd[28345]: NOQUEUE: 
client=cernmx13.cern.ch[137.138.142.200]
Nov 13 17:43:25 dorothy postfix/smtpd[28345]: disconnect from 
cernmx13.cern.ch[137.138.142.200]
Nov 13 17:43:28 dorothy postfix/smtpd[28345]: connect from 
bpost.kek.jp[130.87.105.111]
Nov 13 17:43:29 dorothy postfix/smtpd[28345]: NOQUEUE: 
client=bpost.kek.jp[130.87.105.111]
Nov 13 17:43:33 dorothy postfix/smtpd[28345]: disconnect from 
bpost.kek.jp[130.87.105.111]
Nov 13 17:43:37 dorothy postfix/smtpd[28345]: connect from 
host-93-124-65-201.dsl.sura.ru[93.124.65.201]
Nov 13 17:43:37 dorothy postfix/smtpd[28345]: NOQUEUE: 
client=host-93-124-65-201.dsl.sura.ru[93.124.65.201]
Nov 13 17:43:41 dorothy postfix/smtpd[28345]: disconnect from 
host-93-124-65-201.dsl.sura.ru[93.124.65.201]
Nov 13 17:43:44 dorothy postfix/smtpd[28345]: connect from 
backup002.host1.eu[62.75.216.27]
Nov 13 17:43:46 dorothy postfix/smtpd[28345]: NOQUEUE: 
client=backup002.host1.eu[62.75.216.27]
Nov 13 17:43:51 dorothy postfix/smtpd[28345]: disconnect from 
backup002.host1.eu[62.75.216.27]
Nov 13 17:43:56 dorothy postfix/smtpd[28345]: connect from unknown[41.130.65.71]
Nov 13 17:43:57 dorothy postfix/smtpd[28345]: NOQUEUE: 
client=unknown[41.130.65.71]
Nov 13 17:44:02 dorothy postfix/smtpd[28345]: disconnect from 
unknown[41.130.65.71]
Nov 13 17:44:05 dorothy postfix/smtpd[28345]: connect from 
unknown[195.94.133.112]
Nov 13 17:44:09 dorothy postfix/smtpd[28345]: NOQUEUE: reject: RCPT from 
unknown[195.94.133.112]: 550 5.1.7 : Sender address rejected: 
undeliverable address: ...
Nov 13 17:44:11 dorothy postfix/smtpd[28345]: disconnect from 
unknown[195.94.133.112]
Nov 13 17:44:11 dorothy postfix/smtpd[28345]: warning: 78.138.169.171: hostname 
171.169.138.78.in-addr.arpa verification failed: hostname nor servname 
provided, or not known
Nov 13 17:44:11 dorothy postfix/smtpd[28345]: connect from 
unknown[78.138.169.171]
Nov 13 17:44:11 dorothy postfi

Re: Relaying problems

[Noel Jones]

On 11/13/2009 10:57 AM, Noel Jones wrote:

maps_rbl_domains =
zen.spamhaus.org
cbl.abuseat.org
sbl.spamhaus.org
pbl.spamhaus.org


zen.spamhaus.org already includes both sbl.spamhaus.org and
pbl.spamhaus.org.


Oops, zen also includes cbl.abuseat.org.  So you're doing 1 
lookup for the price of 4.


  -- Noel Jones

looking for real time per mail detail

[Rahul Amaram]

Hi,
I have a specific requirement. I have been searching for an appropriate 
tool for my purpose for the past 2 days but have found none. I hope 
someone in this list can help. Here is my requirement.


I have a client who often calls up and asks me if a particular mail has 
been sent or that some other person (outside the company) has sent the 
mail and it has not yet reached him. Now as he is not a techie, I cannot 
ask him to view the mail.log file and know the status. Now I was 
wondering if there would be any tool which would generate a detailed 
report of all the mails which have been sent or received by analyzing 
the log files and publish this information in a html page, then that 
would be great.


But here comes the hiccup. I must have tried about half-a-dozen postfix 
log analyzers and all of them just provide a batch summary and do not 
bother to give the individual status of each mail sent/received and 
whether they were rejected, bounnced, deferred, etc.


I would like to know if there is any tool which you are aware of which 
would solve my problem. So far the closest I could come was using 
pflogsumm with the "-e" option which displays all the mails which have 
been sent with the mail's from and to addresses. But I would like this 
to be more detailed with deferred mails, bounced mails, rejects, date, etc.


Looking forward to a response.

Regards,
Rahul.

Re: Mail sending problem.

[Ansgar Wiechers]

On 2009-11-13 Manoj Burande wrote:
> Here I just wanted to explain you that what exactly I am trying to do
> is,
> 
> 1] I am trying to configure postfix mail server that can only send
>mails. It receives no mail from the network.
> 
> 2] The MX records tell the world which server will accept inbound mail
>for your domain. They have nothing to do with sending outbound
>mail. That's why I have not made any DNS entry for my domain
>"textwand.com".

Since I was the one who gave you this advice: you can send e-mail
perfectly fine without having any DNS record for your server. However,
as Barney already pointed out, the MXs of other domains may refuse to
accept mail from your server unless it does have valid DNS records.
That's one of the reasons why you'd normally relay mail from such hosts
through some "official" mail server (e.g. your company's or your ISP's
MTA).

The "null client" standard configuration example to which I had pointed
you used a relayhost (for a number of other reasons, too). Why didn't
you stick with that?

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Re: Experience with the new speed_adjust feature

[Wietse Venema]

Thanks for the logging. If you have time, can you change the code
to print information about the non-zero size? This could be a
filesystem feature where ftruncate() does not reset st_size until
the file is rewritten or closed (in which case my attempt to force
easly release of disk blocks are in vain).

Otherwise, I'll try some experiments over the weekend.

Wietse

*** ./smtpd_proxy.c.origMon Nov  9 19:41:50 2009
--- ./smtpd_proxy.c Fri Nov 13 12:44:46 2009
***
*** 975,983 
(void) vstream_fclose(smtpd_proxy_replay_stream);
smtpd_proxy_replay_stream = 0;
} else {
!   if (st.st_size > 0)
!   msg_panic("%s: non-empty before-queue filter speed-adjust log",
! myname);
vstream_clearerr(smtpd_proxy_replay_stream);
if (msg_verbose)
msg_info("%s: reuse speed-adjust stream fd=%d", myname,
--- 975,992 
(void) vstream_fclose(smtpd_proxy_replay_stream);
smtpd_proxy_replay_stream = 0;
} else {
!   /* This file system does not reset st_size after ftruncate(). */
!   if (st.st_size > 0) {
!   msg_warn("%s: non-zero speed-adjust logfile size: %lu",
!myname, (unsigned long) st.st_size);
!   if (ftruncate(vstream_fileno(smtpd_proxy_replay_stream), 
(off_t) 0) < 0) {
!   msg_warn("truncate before-queue filter speed-adjust log: 
%m");
!   (void) vstream_fclose(smtpd_proxy_replay_stream);
!   smtpd_proxy_replay_stream = 0;
!   }
!   }
!   }
!   if (smtpd_proxy_replay_stream != 0) {
vstream_clearerr(smtpd_proxy_replay_stream);
if (msg_verbose)
msg_info("%s: reuse speed-adjust stream fd=%d", myname,

Bug

[Dhiraj Chatpar]

Dear Sir,

I have noticed a bug in the 2.6 version of postfix where it says that cannot
find /postmulti folder. Wondering if this is a bug or a installation error
on my part. This error happens when i start postfix on centos.

Rgds
Dhiraj

Re: Experience with the new speed_adjust feature

[Mark Martinec]

On Friday 13 November 2009 18:52:03 Wietse Venema wrote:
> Thanks for the logging. If you have time, can you change the code
> to print information about the non-zero size? This could be a
> filesystem feature where ftruncate() does not reset st_size until
> the file is rewritten or closed (in which case my attempt to force
> easly release of disk blocks are in vain).

This is running on FreeBSD 7.2-RELEASE-p2. The usual UFS file system.

> *** ./smtpd_proxy.c.orig  Mon Nov  9 19:41:50 2009
> --- ./smtpd_proxy.c   Fri Nov 13 12:44:46 2009

Thanks, applied the patch.

$ tail -500 -f /var/log/mail.log | egrep -i 'panic|smtpd_proxy|speed-adjust'

Nov 13 19:04:14 dorothy postfix/smtpd[65777]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 20081 

   
Nov 13 19:04:38 dorothy postfix/smtpd[65645]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 114   

   
Nov 13 19:04:40 dorothy postfix/smtpd[65624]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 201   

   
Nov 13 19:05:04 dorothy postfix/smtpd[67884]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 49

   
Nov 13 19:05:12 dorothy postfix/smtpd[68082]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 37

   
Nov 13 19:05:21 dorothy postfix/smtpd[68339]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 37
Nov 13 19:05:45 dorothy postfix/smtpd[67901]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 43
Nov 13 19:05:45 dorothy postfix/smtpd[67884]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 31
Nov 13 19:06:01 dorothy postfix/smtpd[68614]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 26
Nov 13 19:06:12 dorothy postfix/smtpd[67997]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 25
Nov 13 19:06:13 dorothy postfix/smtpd[68397]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 32
Nov 13 19:06:19 dorothy postfix/smtpd[68557]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 31
Nov 13 19:06:22 dorothy postfix/smtpd[68064]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 26
Nov 13 19:06:23 dorothy postfix/smtpd[68155]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 35
Nov 13 19:06:23 dorothy postfix/smtpd[67953]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 218
Nov 13 19:06:26 dorothy postfix/smtpd[67999]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 37
Nov 13 19:06:27 dorothy postfix/smtpd[68670]: warning: 
smtpd_proxy_replay_setup: non-zero speed-adjust logfile size: 38


but no more panics.

  Mark

Re: Experience with the new speed_adjust feature

[Wietse Venema]

Mark Martinec:
> On Friday 13 November 2009 18:52:03 Wietse Venema wrote:
> > Thanks for the logging. If you have time, can you change the code
> > to print information about the non-zero size? This could be a
> > filesystem feature where ftruncate() does not reset st_size until
> > the file is rewritten or closed (in which case my attempt to force
> > easly release of disk blocks are in vain).

Victor found it (missing fflush before ftruncate). If you can back
out the changes and apply the patch below.

Wietse

*** ./smtpd_proxy.c.origMon Nov  9 19:41:50 2009
--- ./smtpd_proxy.c Fri Nov 13 13:15:25 2009
***
*** 1030,1035 
--- 1030,1041 
 (p)->a10, (p)->a11, (p))
  
  /*
+  * Sanity check.
+  */
+ if (state->proxy != 0)
+   msg_panic("smtpd_proxy_create: handle still exists");
+ 
+ /*
   * Connect to the before-queue filter immediately.
   */
  if ((flags & SMTPD_PROXY_FLAG_SPEED_ADJUST) == 0) {
***
*** 1126,1132 
   */
  if (smtpd_proxy_replay_stream == 0)
return;
! if (vstream_ferror(smtpd_proxy_replay_stream)) {
(void) vstream_fclose(smtpd_proxy_replay_stream);
smtpd_proxy_replay_stream = 0;
return;
--- 1132,1139 
   */
  if (smtpd_proxy_replay_stream == 0)
return;
! if (vstream_fflush(smtpd_proxy_replay_stream)
!   || vstream_ferror(smtpd_proxy_replay_stream)) {
(void) vstream_fclose(smtpd_proxy_replay_stream);
smtpd_proxy_replay_stream = 0;
return;

Re: Bug

[Wietse Venema]

Dhiraj Chatpar:
> Dear Sir,
> 
> I have noticed a bug in the 2.6 version of postfix where it says that cannot
> find /postmulti folder. Wondering if this is a bug or a installation error
> on my part. This error happens when i start postfix on centos.

Wasn't this fixed recently?

Wietse

Re: Bug

[Dhiraj Chatpar]

Sir, I just did a fresh installation yesterday. and fresh complied the new
version of postfix 2.6 on a centos machine and i got this error. I dont know
why it came. but it did.

Rgds
Dhiraj


Charles de 
Gaulle
- "The better I get to know men, the more I find myself loving dogs."

On Fri, Nov 13, 2009 at 23:47, Wietse Venema  wrote:

> Dhiraj Chatpar:
> > Dear Sir,
> >
> > I have noticed a bug in the 2.6 version of postfix where it says that
> cannot
> > find /postmulti folder. Wondering if this is a bug or a installation
> error
> > on my part. This error happens when i start postfix on centos.
>
> Wasn't this fixed recently?
>
>Wietse
>

Re: Bug

[Wietse Venema]

Dhiraj Chatpar:
> Sir, I just did a fresh installation yesterday. and fresh complied the new
> version of postfix 2.6 on a centos machine and i got this error. I dont know
> why it came. but it did.

This was fixed 20091026, and will be part of Postfix 2.6.6.

Wietse

Re: Experience with the new speed_adjust feature

[Mark Martinec]

On Friday 13 November 2009 19:17:07 Wietse Venema wrote:
> Victor found it (missing fflush before ftruncate).
> If you can back out the changes and apply the patch below.
> *** ./smtpd_proxy.c.orig  Mon Nov  9 19:41:50 2009
> --- ./smtpd_proxy.c   Fri Nov 13 13:15:25 2009

Thanks, done. So far so good, running smoothly.

  Mark

Re: Experience with the new speed_adjust feature

[Wietse Venema]

Wietse Venema:
> Mark Martinec:
> > On Friday 13 November 2009 18:52:03 Wietse Venema wrote:
> > > Thanks for the logging. If you have time, can you change the code
> > > to print information about the non-zero size? This could be a
> > > filesystem feature where ftruncate() does not reset st_size until
> > > the file is rewritten or closed (in which case my attempt to force
> > > easly release of disk blocks are in vain).
> 
> Victor found it (missing fflush before ftruncate). If you can back
> out the changes and apply the patch below.
> 

To be really safe, replace vstream_fflush(stream) by 
(vstream_bufstat(stream, VSTREAM_BST_OUT_PEND) && vstream_fflush(stream)).

Wietse

*** ./smtpd_proxy.c.origMon Nov  9 19:41:50 2009
--- ./smtpd_proxy.c Fri Nov 13 13:29:55 2009
***
*** 1030,1035 
--- 1030,1041 
 (p)->a10, (p)->a11, (p))
  
  /*
+  * Sanity check.
+  */
+ if (state->proxy != 0)
+   msg_panic("smtpd_proxy_create: handle still exists");
+ 
+ /*
   * Connect to the before-queue filter immediately.
   */
  if ((flags & SMTPD_PROXY_FLAG_SPEED_ADJUST) == 0) {
***
*** 1126,1132 
   */
  if (smtpd_proxy_replay_stream == 0)
return;
! if (vstream_ferror(smtpd_proxy_replay_stream)) {
(void) vstream_fclose(smtpd_proxy_replay_stream);
smtpd_proxy_replay_stream = 0;
return;
--- 1132,1140 
   */
  if (smtpd_proxy_replay_stream == 0)
return;
! if ((vstream_bufstat(smtpd_proxy_replay_stream, VSTREAM_BST_OUT_PEND) > 0
!&& vstream_fflush(smtpd_proxy_replay_stream) != 0)
!   || vstream_ferror(smtpd_proxy_replay_stream)) {
(void) vstream_fclose(smtpd_proxy_replay_stream);
smtpd_proxy_replay_stream = 0;
return;

Re: Relaying problems

[Alex]

Hi,

> At any rate, you miss the point.
> The smtpd_{client, helo, sender, recipient}_restrictions are about *when* a
> check takes place, corresponding to the {client connection, HELO, MAIL FROM,
> RCPT TO} stage of the SMTP transaction.

It works now, thanks so much.

I understand much more clearly how this all goes together. I was
rejecting non-fqdn hostnames before I was giving it the opportunity to
override the restriction according to the data flow.

I'm really excited and inspired by what I've been able to do with
everyone's help.

I hope to upgrade the server before the end of the year. It's been
running fine the way it is. We haven't really had the resources to
spend on something that's working just fine. The server is on the
other side of the country, and it just routes mail all day and doesn't
complain. It had nearly 700 days of uptime before I rebooted it
recently, without incident.

Thanks again,
Alex

Re: Experience with the new speed_adjust feature

[Victor Duchovni]

On Fri, Nov 13, 2009 at 01:17:07PM -0500, Wietse Venema wrote:

> Mark Martinec:
> > On Friday 13 November 2009 18:52:03 Wietse Venema wrote:
> > > Thanks for the logging. If you have time, can you change the code
> > > to print information about the non-zero size? This could be a
> > > filesystem feature where ftruncate() does not reset st_size until
> > > the file is rewritten or closed (in which case my attempt to force
> > > easly release of disk blocks are in vain).
> 
> Victor found it (missing fflush before ftruncate). If you can back
> out the changes and apply the patch below.

We could also choose to rewind the proxy log stream in the "free"
code-path (and check that it is already re-wound in the re-use code-path),
which would look something like:

Index: src/smtpd/smtpd_proxy.c
--- src/smtpd/smtpd_proxy.c 11 Nov 2009 04:41:53 -  1.1.1.5
+++ src/smtpd/smtpd_proxy.c 13 Nov 2009 18:41:04 -
@@ -966,16 +966,13 @@
  * truncating the file redundantly.
  */
 if (smtpd_proxy_replay_stream != 0) {
-   if (vstream_fseek(smtpd_proxy_replay_stream, (off_t) 0, SEEK_SET) < 0) {
-   msg_warn("seek before-queue filter speed-adjust log: %m");
-   (void) vstream_fclose(smtpd_proxy_replay_stream);
-   smtpd_proxy_replay_stream = 0;
-   } else if (fstat(vstream_fileno(smtpd_proxy_replay_stream), &st) < 0) {
+   if (fstat(vstream_fileno(smtpd_proxy_replay_stream), &st) < 0) {
msg_warn("fstat before-queue filter speed-adjust log: %m");
(void) vstream_fclose(smtpd_proxy_replay_stream);
smtpd_proxy_replay_stream = 0;
} else {
-   if (st.st_size > 0)
+   if (st.st_size > 0
+   || vstream_ftell(smtpd_proxy_replay_stream) != 0)
msg_panic("%s: non-empty before-queue filter speed-adjust log",
  myname);
vstream_clearerr(smtpd_proxy_replay_stream);
@@ -1126,6 +1123,17 @@
  */
 if (smtpd_proxy_replay_stream == 0)
return;
+
+/*
+ * Rewind the stream for re-use.
+ * NOTE: This has the side-effect of flushing any buffered data!
+ */
+if (vstream_fseek(smtpd_proxy_replay_stream, (off_t) 0, SEEK_SET) < 0) {
+   msg_warn("seek before-queue filter speed-adjust log: %m");
+   (void) vstream_fclose(smtpd_proxy_replay_stream);
+   smtpd_proxy_replay_stream = 0;
+   return;
+}
 if (vstream_ferror(smtpd_proxy_replay_stream)) {
(void) vstream_fclose(smtpd_proxy_replay_stream);
smtpd_proxy_replay_stream = 0;

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Bug

[Victor Duchovni]

On Fri, Nov 13, 2009 at 01:27:30PM -0500, Wietse Venema wrote:

> Dhiraj Chatpar:
> > Sir, I just did a fresh installation yesterday. and fresh complied the new
> > version of postfix 2.6 on a centos machine and i got this error. I dont know
> > why it came. but it did.
> 
> This was fixed 20091026, and will be part of Postfix 2.6.6.

In the mean-time, there is an easy work-around:

# postconf -e "command_directory = $(postconf -d command_directory)"

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Mail sending problem.

[Victor Duchovni]

On Fri, Nov 13, 2009 at 06:27:59PM +0100, Ansgar Wiechers wrote:

> On 2009-11-13 Manoj Burande wrote:
> > Here I just wanted to explain you that what exactly I am trying to do
> > is,
> > 
> > 1] I am trying to configure postfix mail server that can only send
> >mails. It receives no mail from the network.
> > 
> > 2] The MX records tell the world which server will accept inbound mail
> >for your domain. They have nothing to do with sending outbound
> >mail. That's why I have not made any DNS entry for my domain
> >"textwand.com".
> 
> Since I was the one who gave you this advice: you can send e-mail
> perfectly fine without having any DNS record for your server.

No, the server itself need not have MX records and its hostname need
not match the envelope sender domain. The server must have matching PTR
and A records, and the envelope sender domain must be valid (have MX or
A records).

Processing bounces and spam complaints is NOT optional. There is no
such thing as "send-only" email, once one takes non-optional list
management into account.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

processing mail differently for local and relay

[Lou Duchez]

Hello,

At present my Postfix is configured to do virus and spam filtering on 
all E-Mails it receives, whether for local delivery or relay.  My goal 
is to scrub the E-Mails only on local delivery; I don't want any virus 
or spam filtering on relay.  Here is how I am currently scrubbing all 
E-Mails, via master.cf:


smtp  inet  n   -   n   -   -   smtpd
 -o content_filter=mycustomfilter

("mycustomfilter" is defined elsewhere in master.cf; it calls a script 
that scrubs the E-Mail and then invokes "/usr/sbin/sendmail".  I can 
supply details if needed, but the script does its job reliably, so I 
don't imagine its innards will be of consequence.)


Now, how do I get Postfix to send the E-Mail without scrubbing if it's 
being relayed?  I assume I would want to configure this via the "relay" 
and "local" lines in master.cf; but thus far it's not working -- the 
"smtp" line apparently takes precedence and there is no evidence that 
"relay" or "local" is being visited.


smtp  inet  n   -   n   -   -   smtpd
relay unix  -   -   n   -   -   smtpd
local unix  -   n   n   -   -   smtpd
 -o content_filter=mycustomfilter

Clearly I'm doing something wrong; tips or clues?  What conditions are 
required to hit the "relay" or "local" handlers, or am I going about it 
all wrong?

Re: processing mail differently for local and relay

[Victor Duchovni]

On Fri, Nov 13, 2009 at 02:10:11PM -0500, Lou Duchez wrote:

> smtp  inet  n   -   n   -   -   smtpd
>  -o content_filter=mycustomfilter

This service fills the Postfix queue with new mail, content filtering
is done on input, so this setting makes sense.

> local unix  -   n   n   -   -   smtpd
>  -o content_filter=mycustomfilter

This service, is a delivery agent, it drains mail from the Postfix
queue, content filtering is NOT done on output, so this setting does
not make sense.

http://www.postfix.org/OVERVIEW.html#receiving
http://www.postfix.org/FILTER_README.html#advanced_filter

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Deferrals

[Dhiraj Chatpar]

help!!!

i am continually getting deferalls from yahoo, rediffmail which are 2 ISPs
in our country. We are a big organization and we send a good number of
emails in a day. But this deferral problem is a pain. I have implemented,
feedbackloop, PTR, Domainkeys, DKIM, etc.. but still face the same problem.
I have even reduced postfix to the bare minimum throttle speed for outgoing
mail as per instructions from Mr. Wietse. Still face the same problem.
Please tell me how to go about this problem and the solution.

Rgds
Dhiraj


Ted Turner   -
"Sports is like a war without the killing."

RE: Deferrals

[Gary Smith]

Dhiraj,


First off, if Wietse said how to do it then it’s the right way.  The question I 
have is how many emails are you sending to these two organizations?  Can you 
quantify “a good number”?

Gary Smith

From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of Dhiraj Chatpar
Sent: Friday, November 13, 2009 11:41 AM
To: Postfix users
Subject: Deferrals

help!!!

i am continually getting deferalls from yahoo, rediffmail which are 2 ISPs in 
our country. We are a big organization and we send a good number of emails in a 
day. But this deferral problem is a pain. I have implemented, feedbackloop, 
PTR, Domainkeys, DKIM, etc.. but still face the same problem. I have even 
reduced postfix to the bare minimum throttle speed for outgoing mail as per 
instructions from Mr. Wietse. Still face the same problem. Please tell me how 
to go about this problem and the solution.

Rgds
Dhiraj


Ted Turner  - 
"Sports is like a war without the killing."

Re: Deferrals

[Dhiraj Chatpar]

Dear Mr. Smith,

Thank you for your reply, hmm there is no fixed number per say. but
sometimes the users in our organization send emails in good numbers.
Fortunately or unfortunately they sometimes send more emails to these
domains than others. as most of our clients or others are hosted on these
ISP's.. I am sure from my experience that the MTA has to be the only best
way to throttle the emails so that i get good deliveries. IP reputation is
clean. All looks good.. just this temp deferrals from these ISP and
sometimes others based on the kind of emails that are send from my org email
servers.

Please advice a way to get thru this issue.

Rgds
Dhiraj


Stephen 
Leacock
- "I detest life-insurance agents: they always argue that I shall some
day
die, which is not so."

On Sat, Nov 14, 2009 at 01:14, Gary Smith  wrote:

>  Dhiraj,
>
>
>
>
>
> First off, if Wietse said how to do it then it’s the right way.  The
> question I have is how many emails are you sending to these two
> organizations?  Can you quantify “a good number”?
>
>
>
> Gary Smith
>
>
>
> *From:* owner-postfix-us...@postfix.org [mailto:
> owner-postfix-us...@postfix.org] *On Behalf Of *Dhiraj Chatpar
> *Sent:* Friday, November 13, 2009 11:41 AM
> *To:* Postfix users
> *Subject:* Deferrals
>
>
>
> help!!!
>
>
>
> i am continually getting deferalls from yahoo, rediffmail which are 2 ISPs
> in our country. We are a big organization and we send a good number of
> emails in a day. But this deferral problem is a pain. I have implemented,
> feedbackloop, PTR, Domainkeys, DKIM, etc.. but still face the same problem.
> I have even reduced postfix to the bare minimum throttle speed for outgoing
> mail as per instructions from Mr. Wietse. Still face the same problem.
> Please tell me how to go about this problem and the solution.
>
>
>
> Rgds
>
> Dhiraj
>
>
> Ted Turner  - 
> "Sports is like a war without the killing."
>

Re: Deferrals

[Larry Stone]

On Sat, 14 Nov 2009, Dhiraj Chatpar wrote:


All looks good.. just this temp deferrals from these ISP and
sometimes others based on the kind of emails that are send from my org email
servers.

Please advice a way to get thru this issue.


And how long are they deferred for? My experience is Yahoo defers lots of 
mail. But, none of it stays deferred very long. Almost always goes through 
on the next attempt.


Why is this a problem for you? Is it because you just don't like seeing 
deferred mail in your queues? If so, get over it. Mail gets deferred.


Is it because your users expect immediate delivery? If so, they need to be 
educated that there is no guarantee of immediate delivery with e-mail. It 
is store and forward technology and in these cases, it is getting stored 
for a bit before getting forwarded.


-- Larry Stone
   lston...@stonejongleux.com

Re: Deferrals

[Dhiraj Chatpar]

Thanks larry will remember that


Mike Ditka   -
"If God had wanted man to play soccer, he wouldn't have given us arms."

On Sat, Nov 14, 2009 at 01:29, Larry Stone wrote:

> On Sat, 14 Nov 2009, Dhiraj Chatpar wrote:
>
>  All looks good.. just this temp deferrals from these ISP and
>> sometimes others based on the kind of emails that are send from my org
>> email
>> servers.
>>
>> Please advice a way to get thru this issue.
>>
>
> And how long are they deferred for? My experience is Yahoo defers lots of
> mail. But, none of it stays deferred very long. Almost always goes through
> on the next attempt.
>
> Why is this a problem for you? Is it because you just don't like seeing
> deferred mail in your queues? If so, get over it. Mail gets deferred.
>
> Is it because your users expect immediate delivery? If so, they need to be
> educated that there is no guarantee of immediate delivery with e-mail. It is
> store and forward technology and in these cases, it is getting stored for a
> bit before getting forwarded.
>
> -- Larry Stone
>   lston...@stonejongleux.com
>

Re: Deferrals

[Victor Duchovni]

On Sat, Nov 14, 2009 at 01:11:18AM +0530, Dhiraj Chatpar wrote:

> i am continually getting deferalls from yahoo, rediffmail which are 2 ISPs
> in our country. We are a big organization and we send a good number of
> emails in a day. But this deferral problem is a pain. I have implemented,
> feedbackloop, PTR, Domainkeys, DKIM, etc.. but still face the same problem.
> I have even reduced postfix to the bare minimum throttle speed for outgoing
> mail as per instructions from Mr. Wietse. Still face the same problem.
> Please tell me how to go about this problem and the solution.

This problem report is content free, because it neither quantifies the
problem, nor gives specific examples. To report and get help with
performance issues, you must compile detailed statistics, and post
these along with related sample log entries.

- What fraction of email gets through on the first try

- What is the average number of retries for mail that gets delayed

- What fraction eventually bounces

- How much mail is reported as spam by recipients via the various
  feedback loops you've signed up for

- What is the age distribution of deferred mail ("qshape deferred"
  output)

Are you sending email only to users who requested to receive said email,
or are you running "opt-out" lists?

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Deferrals

[Dhiraj Chatpar]

Dear Mr. Viktor,

1. Most of the emails get through on the first try,
2. The mails is on an average retried 2-3 times
3. 1/3 of the messages bounce
4. the feedback loop looks clean as the employees of my org only send to
people they know.. thus if you are referring to spam like activity then that
is in check
5. I purge the emails every night so there is no question of age
distribution.

There is no opt in list.. employees of my org send emails to our clients in
various parts of india and abroad. Thus there is no list per say.. however,
It is certain that the mail is not marked as spam as its coming from a
trusted source.

Rgds
Dhiraj


Pablo Picasso
- "Computers are useless. They can only give you answers."

On Sat, Nov 14, 2009 at 01:41, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:

> On Sat, Nov 14, 2009 at 01:11:18AM +0530, Dhiraj Chatpar wrote:
>
> > i am continually getting deferalls from yahoo, rediffmail which are 2
> ISPs
> > in our country. We are a big organization and we send a good number of
> > emails in a day. But this deferral problem is a pain. I have implemented,
> > feedbackloop, PTR, Domainkeys, DKIM, etc.. but still face the same
> problem.
> > I have even reduced postfix to the bare minimum throttle speed for
> outgoing
> > mail as per instructions from Mr. Wietse. Still face the same problem.
> > Please tell me how to go about this problem and the solution.
>
> This problem report is content free, because it neither quantifies the
> problem, nor gives specific examples. To report and get help with
> performance issues, you must compile detailed statistics, and post
> these along with related sample log entries.
>
>- What fraction of email gets through on the first try
>
>- What is the average number of retries for mail that gets delayed
>
>- What fraction eventually bounces
>
>- How much mail is reported as spam by recipients via the various
>  feedback loops you've signed up for
>
>- What is the age distribution of deferred mail ("qshape deferred"
>  output)
>
> Are you sending email only to users who requested to receive said email,
> or are you running "opt-out" lists?
>
> --
>Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> 
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>

Re: Deferrals

[Victor Duchovni]

On Sat, Nov 14, 2009 at 01:48:34AM +0530, Dhiraj Chatpar wrote:

> 1. Most of the emails get through on the first try,

Quantify "most". What fraction is that? Out of what overall volume
(msgs/day)?

> 2. The mails is on an average retried 2-3 times

What is the average time before deferred mail is finally delivered,
excluding mail that is finally bounced.

> 3. 1/3 of the messages bounce

This is a very high proportion. Why does so much of the mail bounce?
Is it expired, or are the recipient addresses invalid?

> 4. the feedback loop looks clean as the employees of my org only send to
> people they know.. thus if you are referring to spam like activity then that
> is in check

Why so many bounces? Are the messages immediately rejected, eventually
rejected or eventually expired?

> 5. I purge the emails every night so there is no question of age
> distribution.

Why do you do that? This is far from best practice. What mail do you
"purge" and how is it accounted for in the above statistics.

Even a 24-hour interval contains an "age distribution".

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Creation of Message-ID

[Sahil Tandon]

On Fri, 13 Nov 2009, lst_ho...@kwsoft.de wrote:

> as far as i know Postfix does not alter a Message-ID beside when it
> creates a missing one. 

There is more to it since the release of 2.6.  From RELEASE_NOTES:

 Major changes - header rewriting
 

 [Incompat 20090330] Postfix now adds (Resent-) From:, Date:,
 Message-ID: or To: headers only when clients match
 $local_header_rewrite_clients.  Specify "always_add_missing_headers
 = yes" for backwards compatibility.  Adding such headers can break
 DKIM signatures that cover headers that are not present.
 compatibility with existing logfile processing software, Postfix
 will log ``message-id=<>'' for messages without Message-Id header.

> Is there some way one could find out later in the logfile if Postfix
> has created one? Is it sufficient if the Message-ID looks like
> "@" or is there some other
> thing to check?

When adding a missing Message-Id: header, the cleanup(8) service uses
the queue file creation time (in GMT), the queue ID and $myhostname.
For example:

 message-id=<20091113223127.8814b17...@mailin.kwsoft.de>
 ^^ ^^ 
 time in GMTqueue ID   $myhostname

-- 
Sahil Tandon 

Re: processing mail differently for local and relay

[Sahil Tandon]

On Fri, 13 Nov 2009, Lou Duchez wrote:

> At present my Postfix is configured to do virus and spam filtering
> on all E-Mails it receives, whether for local delivery or relay.  My
> goal is to scrub the E-Mails only on local delivery; I don't want
> any virus or spam filtering on relay.  Here is how I am currently
> scrubbing all E-Mails, via master.cf:

Viktor already described the flaws in your master.cf attempt, but you
might want to consider a multi-instance Postfix setup.  It can be
especially handy when you are responsible for delivering a single
message to multiple recipients, not all of whom require content
filtering.  I set it up here after reading the MULTI_INSTANCE_README
and, FWIW, it is working well.

-- 
Sahil Tandon