Re: Betr.: Re: Betr.: Re: Trim part of the header with header rewriting ?
Op 12-11-2009 om 21:35 is door Wietse Venema wie...@porcupine.org geschreven: As shown below, Postfix 2.7 can fix commands from remote SMTP clients. Meanwhile, I am adding a similar feature to fix replies from remote SMTP servers. In your case the regexp could look like: /^RCPT\s+TO:(.*);1:1$/ RCPT TO:$1 This an incredibly unsafe tool. Wietse smtpd_command_filter (default: empty) A mechanism to substitute incoming SMTP commands. This is a last- resort tool to work around problems with clients that send invalid com- mand syntax that would otherwise be rejected by Postfix. Specify the name of a type:table lookup table. The search string is the SMTP command as received from the SMTP client, except that initial whitespace and the trailing CRLF are removed. The result value is executed by the Postfix SMTP server. Examples: /etc/postfix/main.cf: smtpd_command_filter = pcre:/etc/postfix/command_filter /etc/postfix/command_filter: # Work around clients that send malformed HELO commands. /^HELO\s*$/ HELO domain.invalid # Work around clients that send empty lines. /^\s*$/ NOOP # Work around clients that send RCPT TO:'u...@domain'. # WARNING: do not lose the parameters that follow the address. /^RCPT\s+TO:\s*'([^[:space:]]+)'(.*)/ RCPT TO:$1$2 This feature is available in Postfix 2.7. It's been a few days but i just ran into a little bump in the road.. It looks like the ;1:1 actually changes depending on the number of recipients. How would I change '/^RCPT\s+TO:(.*);1:1$/ RCPT TO:$1' into matching 'domain.tld;#:#' and put the domain.tld back without the ;#:# - Arjan
Re: mx fails due to typo on remote dns
Thanks Wietse, Thats the answer i was looking for - wil upgrade today. Wietse Venema wie...@porcupine.org 17/11/09 00:18:48 Postfix versions 2.3 and later skip a DNS record with a bad name. Unsupported Postfix versions pretend that the lookup failed when the result is invalid. Wietse
Re: mx fails due to typo on remote dns
Ok , I upgraded to 2.6.5 - and still fails, eg Nov 17 10:42:21 obeml1 postfix/smtp[5444]: [ID 197553 mail.info] 6D12F239406: to=postmas...@eurocommerce.ie, relay=none, delay=40, delays=0.26/0/40/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=eurocommerce.ie type=MX: Host not found, try again) however when i DIG i get ; DiG 9.3.2 @localhost eurocommerce.ie MX ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 19671 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;eurocommerce.ie. IN MX ;; ANSWER SECTION: eurocommerce.ie. 3600IN MX 10 cluster8.eu.messagelabs.com. eurocommerce.ie.3600IN MX 20 cluster8a.eu.messagelabs.com\032. ;; Query time: 29 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Nov 17 11:44:15 2009 ;; MSG SIZE rcvd: 121 Should this new postfix not just ignore the bad entryt and use the primary mx anyway ? or is postfix ignoreing all due to the error Wietse Venema wie...@porcupine.org 17/11/09 00:18:48 Postfix versions 2.3 and later skip a DNS record with a bad name. Unsupported Postfix versions pretend that the lookup failed when the result is invalid. Wietse
Re: mx fails due to typo on remote dns
Laurence Moughan: Ok , I upgraded to 2.6.5 - and still fails, Works for me. I suspect that your LOCAL dns server is making trouble. Wietse
Re: mx fails due to typo on remote dns
Wietse Venema: Laurence Moughan: Ok , I upgraded to 2.6.5 - and still fails, Works for me. I suspect that your LOCAL dns server is making trouble. Logging: Nov 17 06:34:54 spike postfix/qmgr[6861]: 509F61F3EA7: from=wie...@porcupine.org, size=338, nrcpt=1 (queue active) Nov 17 06:34:54 spike postfix/smtp[56957]: warning: valid_hostname: invalid character 92(decimal): cluster8a.eu.messagelabs.com\032 Nov 17 06:34:54 spike postfix/smtp[56957]: warning: malformed domain name in resource data of MX record for eurocommerce.ie: cluster8a.eu.messagelabs.com\032 Nov 17 06:34:55 spike postfix/smtp[56957]: 509F61F3EA7: to=postmas...@eurocommerce.ie, relay=cluster8.eu.messagelabs.com[85.158.140.211]:25, delay=1.4, delays=0.19/0.01/0.82/0.4, dsn=2.0.0, status=deliverable (250 OK) You need to test with a different up-stream DNS server. Wietse
Re: Betr.: Re: Betr.: Re: Trim part of the header with header rewriting ?
Arjan Melein: It's been a few days but i just ran into a little bump in the road.. It looks like the ;1:1 actually changes depending on the number of recipients. How would I change '/^RCPT\s+TO:(.*);1:1$/ RCPT TO:$1' into matching 'domain.tld;#:#' and put the domain.tld back without the ;#:# What does the # stand for? If it is one digit, replace 1 by [0-9], to handle multiple digits, replace 1 by [0-9]+ You can test this with: postmap -q RCPT TO:x.y.z ORCPT=rfc822;a...@b.c;3;4 pcre:/file/name Wietse
Re: Betr.: Re: Betr.: Re: Trim part of the header with header rewriting ?
Op 17-11-2009 om 12:48 is door Wietse Venema wie...@porcupine.org geschreven: Arjan Melein: It's been a few days but i just ran into a little bump in the road.. It looks like the ;1:1 actually changes depending on the number of recipients. How would I change '/^RCPT\s+TO:(.*);1:1$/ RCPT TO:$1' into matching 'domain.tld;#:#' and put the domain.tld back without the ;#:# What does the # stand for? If it is one digit, replace 1 by [0-9], to handle multiple digits, replace 1 by [0-9]+ You can test this with: postmap -q RCPT TO:x.y.z ORCPT=rfc822;a...@b.c;3;4 pcre:/file/name Wietse I thought it was 1 number at first, but it seems to be going multi digit as well.. I changed it into /^RCPT\s+TO:(.*);[0-9]+:[0-9]+$/ RCPT TO:$1 and it seems to work. If I've learned one thing from this, its that I really need to brush up on regexp :-) - Arjan
Re: Trim part of the header with header rewriting ?
11/13/2009 11:11 AM, Arjan Melein: First, Sorry for the top posting before. Client default puts replies on top. You are wrong. The cursor has to start blinking somewhere, it starts at the beginning. You have to make the effort to move it down. Secondly, you also MUST trim the message, as I did when replying to you. I just take the part I want to reply to and answer below. As the cursor start on top, you can just remove useless parts. Now, it's over about that endless topic. -- Architecte Informatique chez Blueline/Gulfsat: Administration Systeme, Recherche Developpement +261 33 11 207 36
How to intercept delivery errors?
Hi there, if I configure my /etc/aliases to read: test: |/bin/false, u...@external-server owner-test: u...@external-server I correctly receive E-Mail to test and owner test at u...@external-server, but the error-message which is generated by /bin/false is send back to the original sender. If I interpret http://www.postfix.org/aliases.5.html correctly, this should not be possible (and is not desired in my case). The configuration does not seem to contain any way to change the behavior of owner- besides expand_owner_alias and owner_request_special, which both are unrelated to my issue. Can you tell me how I can intercept all error-messages generated by external commands? Regards Matthias
Re: How to intercept delivery errors?
Matthias Vill: Hi there, if I configure my /etc/aliases to read: test: |/bin/false, u...@external-server owner-test: u...@external-server I correctly receive E-Mail to test and owner test at u...@external-server, but the error-message which is generated by /bin/false is send back to the original sender. Apparently, owner-foo works for email addresses but not commands. That would be a bug. Wietse If I interpret http://www.postfix.org/aliases.5.html correctly, this should not be possible (and is not desired in my case). The configuration does not seem to contain any way to change the behavior of owner- besides expand_owner_alias and owner_request_special, which both are unrelated to my issue. Can you tell me how I can intercept all error-messages generated by external commands? Regards Matthias
per user transport
Hi, I'm going to be migrating users onto new back end servers and so need to enable per user transports. I know I need to change my mysql_transport_maps.cf query from this: query = SELECT transport FROM domains WHERE DomainName='%s' to something like: query = SELECT transport FROM members WHERE Username='%u' AND Domain='%d' Is there anything else I should need to change on the gateway to enable per user transport to the back end servers or is that it? Thanks Guy #postconf -n 2bounce_notice_recipient = postmas...@domain.net alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases anvil_rate_time_unit = 60s biff = no bounce_notice_recipient = postmas...@domain.net bounce_template_file = /etc/postfix/bounce.cf broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix delay_warning_time = 4h error_notice_recipient = postmas...@domain.net inet_interfaces = all local_recipient_maps = local_transport = error:local mail delivery is disabled mail_owner = postfix mailq_path = /usr/bin/mailq maximal_queue_lifetime = 2d message_size_limit = 3124 mydestination = myhostname = server.domain.net mynetworks = 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases proxy_read_maps = $relay_domains $relay_recipient_maps $virtual_alias_maps $transport_maps queue_directory = /var/spool/postfix relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains.cf relay_recipient_maps = proxy:mysql:/etc/postfix/ mysql_relay_recipient_maps.cf proxy:mysql:/etc/postfix/ mysql_relay_recipient_alias_maps.cf remote_header_rewrite_domain = domain.unspecified sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_client_connection_count_limit = 50 smtpd_client_connection_rate_limit = 100 smtpd_client_message_rate_limit = 500 smtpd_client_recipient_rate_limit = 100 smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031, smtpd_error_sleep_time = 1s smtpd_hard_error_limit = 20 smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, check_client_access cidr:/etc/postfix/postfix-dnswl-permit, check_client_access cidr:/etc/postfix/postfix-dnswl-custom, reject_invalid_hostname, check_recipient_access mysql:/etc/postfix/mysql_spamcheck_alias_bypass.cfmysql:/etc/postfix/ mysql_spamcheck_bypass.cf, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client b.barracudacentral.org, reject_rbl_client dnsbl.aluminati.org, check_policy_service inet:127.0.0.1:10031, permit smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth-client smtpd_sasl_type = dovecot smtpd_soft_error_limit = 10 smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtpd_tls_cert_file = /etc/ssl/certs/imapd.pem smtpd_tls_key_file = /etc/ssl/private/imapd.key smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/virtual_exception_transport_maps proxy:mysql:/etc/postfix/mysql_transport_maps.cf unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cfproxy:mysql:/etc/postfix/ mysql_virtual_catchall_maps.cf -- Don't just do something...sit there!
Re: How to intercept delivery errors?
On Tue, Nov 17, 2009 at 09:39:53AM -0500, Wietse Venema wrote: if I configure my /etc/aliases to read: test: |/bin/false, u...@external-server owner-test: u...@external-server I correctly receive E-Mail to test and owner test at u...@external-server, but the error-message which is generated by /bin/false is send back to the original sender. Apparently, owner-foo works for email addresses but not commands. That would be a bug. It is not easy to solve, since bounces are not sent by local(8), so we would need new a queue-file with owner-test as the new sender, but there is no secure mechanism to record a command as the recipient in the queue file. So it seems to me that this is more of a feature than a bug, and the solution could be along the lines of: aliases: owner-test: test-bounce-reader test: command-al...@indirect.invalid, u...@external-server command-alias: /bin/false master.cf: lcl-clnup unix n - n - 0 cleanup -o virtual_alias_maps=$local_valias_maps local unix - n n - - local -o cleanup_service_name=lcl-clnup lcl-virtual: # # Only addressable via indirect delivery in local(8) # command-alias command-al...@localhost.invalid command-al...@localhost.invalid command-al...@localhost.invalid command-al...@indirect.invalid command-al...@localhost.invalid virtual: # Special virtual mappings for restricted aliases # # Only addressable via indirect delivery in local(8) # command-alias command-al...@restricted.invalid command-al...@localhost.invalid command-al...@restricted.invalid command-al...@indirect.invalid command-al...@restricted.invalid # ... Regular virtual mappings below transport: # Note: not a local domain in the sense of $mydestination! localhost.invalid local:localhost restricted.invalid error:5.1.1 Mailbox unavailable .invaliderror:5.1.2 Invalid destination domain main.cf: indexed = ${default_database_type}:${config_directory}/ virtual_alias_maps = ${indexed}virtual local_valias_maps = ${indexed}lcl-virtual, $virtual_alias_maps transport_maps = ${indexed}transport alias_database = ${indexed}aliases alias_maps = $alias_database -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: How to intercept delivery errors?
On Tue, Nov 17, 2009 at 01:12:26PM -0500, Wietse Venema wrote: Apparently, owner-foo works for email addresses but not commands. That would be a bug. It is not easy to solve, since bounces are not sent by local(8), so we would need new a queue-file with owner-test as the new sender, but there is no secure mechanism to record a command as the recipient in the queue file. What about using the bounce_one() approach? local(8) already solved the notification problem with mail delivery loops that way. It would be nice to avoid synchronous single-recipient bounces whenever possible. With Delivered-To:, we expect at most one such bounce per current queue file, because the header in question is a message property. With failure reasons other than Delivered-To: loops, I would prefer to stick to indirect bounces. So perhaps we can avoid this code-path when the command is the *sole* (unowned) expansion of the original queue-file recipient address. Not sure how expensive it would to keep track of this. I am not a big fan of Sendmail-compatible alias semantics. Whenever possible I arrange for *all* alias expansion to be indirect, by making sure that $myorigin is not a local domain, and only suitably *rewritten* (in virtual(5)) mail is handed to the local transport. Command expansion poses a special problem in this respect, and the solution is typically to wrap-up the command in its own alias, and use its external (non-local) address when delivering mail to the command and other recipients. I do the same for non-command recipients also. So local(8) delivery is always indirect at non-leaf nodes, and most lists are managed on input via virtual alias expansion. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: How to intercept delivery errors?
Victor Duchovni: On Tue, Nov 17, 2009 at 01:12:26PM -0500, Wietse Venema wrote: Apparently, owner-foo works for email addresses but not commands. That would be a bug. It is not easy to solve, since bounces are not sent by local(8), so we would need new a queue-file with owner-test as the new sender, but there is no secure mechanism to record a command as the recipient in the queue file. What about using the bounce_one() approach? local(8) already solved the notification problem with mail delivery loops that way. It would be nice to avoid synchronous single-recipient bounces whenever possible. With Delivered-To:, we expect at most one such bounce per current queue file, because the header in question is a message property. With failure reasons other than Delivered-To: loops, I would prefer to stick to indirect bounces. You may stick to indirect bounces. Generally, I think it is a better trade-off if the mail system can solve a problem without exposing it to the user. Fewer mistakes will be made, and the current case is not a hot code path. Wietse So perhaps we can avoid this code-path when the command is the *sole* (unowned) expansion of the original queue-file recipient address. Not sure how expensive it would to keep track of this. I am not a big fan of Sendmail-compatible alias semantics. Whenever possible I arrange for *all* alias expansion to be indirect, by making sure that $myorigin is not a local domain, and only suitably *rewritten* (in virtual(5)) mail is handed to the local transport. Command expansion poses a special problem in this respect, and the solution is typically to wrap-up the command in its own alias, and use its external (non-local) address when delivering mail to the command and other recipients. I do the same for non-command recipients also. So local(8) delivery is always indirect at non-leaf nodes, and most lists are managed on input via virtual alias expansion. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Problem re-directing root's email
Hi I'm trying to re-direct my root email to my external email address. I altered the entry in /etc/aliases to root: n...@external-address.co.uk Ran newaliases, reloaded postfix and tried sending an email to root The email gets sent to r...@bxxx-hxxx.co.uk where bxxx-hxxx.co.uk is the domain set in postfix's main.cf as follows: myhostname = dxxx.bxxx-hxxx.co.uk mydomain = bxxx-hxxx.co.uk myorigin = bxxx-hxxx.co.uk mydestination = $myhostname, localhost.$mydomain, localhost I had to set myorigin to be mydomain because my ISP will only relay emails from this domain and not sub/hosts within it. I'm assuming that this is the problem, but am banging my head against a brick wall. I have a local account npr on the machine, but even if I just use root: npr and use a .forward to my external address, root's email still goes to r...@bxxx-hxxx.co.uk although emails to npr will get forwarded correctly. Any help gratefully received! Thanks Nick
Re: Problem re-directing root's email
Nicholas Robinson: Hi I'm trying to re-direct my root email to my external email address. See: http://www.postfix.org/STANDARD_CONFIGURATION_README.html#some_local Wietse
Re: How to intercept delivery errors?
First of all thank you for the quick responses. Victor Duchovni wrote: On Tue, Nov 17, 2009 at 09:39:53AM -0500, Wietse Venema wrote: if I configure my /etc/aliases to read: test: |/bin/false, u...@external-server owner-test: u...@external-server I correctly receive E-Mail to test and owner test at u...@external-server, but the error-message which is generated by /bin/false is send back to the original sender. Apparently, owner-foo works for email addresses but not commands. That would be a bug. It is not easy to solve, since bounces are not sent by local(8), so we would need new a queue-file with owner-test as the new sender, but there is no secure mechanism to record a command as the recipient in the queue file. The documentation reads: expand_owner_alias (default: no) When delivering to an alias aliasname that has an owner-aliasname companion alias, set the envelope sender address to the expansion of the owner-aliasname alias. Normally, Postfix sets the envelope sender address to the name of the owner-aliasname alias. To me this means that owner-aliasname is the new sender. I understand the trouble with a command as receiver, but the documentation just omits this. Also I am really sure nobody is interessted in my bad programming skills if they send me an E-Mail - even if they know how to improve my programm they just have no access to it. Therefore I think this is one of the best ways one could use owner-aliasname. So it seems to me that this is more of a feature than a bug, and the solution could be along the lines of: aliases: owner-test: test-bounce-reader test: command-al...@indirect.invalid, u...@external-server command-alias: /bin/false master.cf: lcl-clnup unix n - n - 0 cleanup -o virtual_alias_maps=$local_valias_maps local unix - n n - - local -o cleanup_service_name=lcl-clnup lcl-virtual: # # Only addressable via indirect delivery in local(8) # command-alias command-al...@localhost.invalid command-al...@localhost.invalid command-al...@localhost.invalid command-al...@indirect.invalid command-al...@localhost.invalid virtual: # Special virtual mappings for restricted aliases # # Only addressable via indirect delivery in local(8) # command-alias command-al...@restricted.invalid command-al...@localhost.invalid command-al...@restricted.invalid command-al...@indirect.invalid command-al...@restricted.invalid # ... Regular virtual mappings below transport: # Note: not a local domain in the sense of $mydestination! localhost.invalid local:localhost restricted.invalid error:5.1.1 Mailbox unavailable .invaliderror:5.1.2 Invalid destination domain main.cf: indexed = ${default_database_type}:${config_directory}/ virtual_alias_maps = ${indexed}virtual local_valias_maps = ${indexed}lcl-virtual, $virtual_alias_maps transport_maps = ${indexed}transport alias_database = ${indexed}aliases alias_maps = $alias_database I guess I will try this, but as Wietse pointed out: I don't think this is an obvious (easy) solution. Especially as this should be a common scenario with external commands, the documentation could provide more hints. Regards Matthias
Re: Problem re-directing root's email
On Tue, Nov 17, 2009 at 07:26:34PM -0700, LuKreme wrote: On 17-Nov-2009, at 15:56, Nicholas Robinson wrote: I altered the entry in /etc/aliases to /etc/postfix/aliases Why do you suggest this? Typically the default value is: alias_maps = hash:/etc/aliases, nis:mail.aliases -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
How to restrict domain in postfix ?
Dear list, My postfix server is running on a internal test server and we use the mail server to test the different services which has mail sending capabilities. I like to tweak the postfix so that it only and only send emails to a specific domain and not anywhere else. Is it possible to implement in postfix ? Please let me know. Thanks -- জয়দীপ বক্সী
Re: Problem re-directing root's email
On 17-Nov-2009, at 19:53, /dev/rob0 wrote: On Tue, Nov 17, 2009 at 07:26:34PM -0700, LuKreme wrote: On 17-Nov-2009, at 15:56, Nicholas Robinson wrote: I altered the entry in /etc/aliases to /etc/postfix/aliases Why do you suggest this? Typically the default value is: alias_maps = hash:/etc/aliases, nis:mail.aliases Erm… Typical for whom? My aliases has always been at /etc/postfix/aliases -- 'Tell me, sir Samuel, do you know the phrase Quis custodiet isos custodes?? (...) It means Who guards the guards themselves? (...) Who watches the Watch?' --Feet of Clay
Re: How to restrict domain in postfix ?
On Wed, 18 Nov 2009, J. Bakshi wrote: My postfix server is running on a internal test server and we use the mail server to test the different services which has mail sending capabilities. I like to tweak the postfix so that it only and only send emails to a specific domain and not anywhere else. Is it possible to implement in postfix? Yes: http://www.postfix.org/access.5.html -- Sahil Tandon sa...@tandon.net
Re: How to restrict domain in postfix ?
Sahil Tandon wrote: On Wed, 18 Nov 2009, J. Bakshi wrote: My postfix server is running on a internal test server and we use the mail server to test the different services which has mail sending capabilities. I like to tweak the postfix so that it only and only send emails to a specific domain and not anywhere else. Is it possible to implement in postfix? Yes: http://www.postfix.org/access.5.html Hello Sahil, Thanks to point it out :-) I am looking into it. Is there any other option so that I can only define the domain name with the proper keyword in main.cf and postfix send mails to only that domain ? thanks -- জয়দীপ বক্সী
Re: Problem re-directing root's email
For a while, for Fedora at least, /etc/postfix/aliases was the default location - or there was a link to /etc/aliases in /etc/postfix (or vice versa!). However, it returned to /etc/aliases some time ago. Presumably, some distros still put it in /etc/postfix and others in /etc? Thank you for all the suggestions, Wietse's link fixed it for me. I'd had a fiddle with virtual, but hadn't stumbled on that particular pair! Best Wishes On Tue, 2009-11-17 at 20:13 -0700, LuKreme wrote: On 17-Nov-2009, at 19:53, /dev/rob0 wrote: On Tue, Nov 17, 2009 at 07:26:34PM -0700, LuKreme wrote: On 17-Nov-2009, at 15:56, Nicholas Robinson wrote: I altered the entry in /etc/aliases to /etc/postfix/aliases Why do you suggest this? Typically the default value is: alias_maps = hash:/etc/aliases, nis:mail.aliases Erm… Typical for whom? My aliases has always been at /etc/postfix/aliases
Re: Problem re-directing root's email
On Tue, 17 Nov 2009, LuKreme wrote: On 17-Nov-2009, at 19:53, /dev/rob0 wrote: On Tue, Nov 17, 2009 at 07:26:34PM -0700, LuKreme wrote: On 17-Nov-2009, at 15:56, Nicholas Robinson wrote: I altered the entry in /etc/aliases to /etc/postfix/aliases Why do you suggest this? Typically the default value is: alias_maps = hash:/etc/aliases, nis:mail.aliases Erm… Typical for whom? For many users of Postfix. My aliases has always been at /etc/postfix/aliases Now *that* is atypical. The default value of $alias_maps, as per postconf(5), is system-dependent. I cannot find your value anywhere in src/util/sys_defs.h. -- Sahil Tandon sa...@tandon.net
Re: How to restrict domain in postfix ?
J. Bakshi wrote: Thanks to point it out :-) I am looking into it. Is there any other option so that I can only define the domain name with the proper keyword in main.cf and postfix send mails to only that domain ? Err.. why? I think access is nicest way to do it. -- Eero
Re: How to restrict domain in postfix ?
Eero Volotinen wrote: J. Bakshi wrote: Thanks to point it out :-) I am looking into it. Is there any other option so that I can only define the domain name with the proper keyword in main.cf and postfix send mails to only that domain ? Err.. why? I think access is nicest way to do it. Could you kindly give me an example to restrict the domain with access ? Thanks -- জয়দীপ বক্সী
Re: How to restrict domain in postfix ?
J. Bakshi wrote: Eero Volotinen wrote: J. Bakshi wrote: Thanks to point it out :-) I am looking into it. Is there any other option so that I can only define the domain name with the proper keyword in main.cf and postfix send mails to only that domain ? Err.. why? I think access is nicest way to do it. Could you kindly give me an example to restrict the domain with access ? How about following: access.pcre: /^DOMAIN\.NET$/ OK /./ REJECT And then you can use it on various places in main.cf: (pcre:/etc/postfix/access.pcre) -- Eero
Attempt MX, fallback to relay in case of error only
Is there a way to configure postfix to use a relay only if direct delivery is rejected? The case being a web application that has to send notification to subscribers, but some servers reject the connection (app IP originates from AWS EC2). I want those cases to be retried using a paid SMTP relay like authsmtp.com. However I don't want to use the relay for everything since it costs per mail. Thanks, ~ Remus
Re: How to restrict domain in postfix ?
J. Bakshi wrote: Eero Volotinen wrote: J. Bakshi wrote: Eero Volotinen wrote: J. Bakshi wrote: Thanks to point it out :-) I am looking into it. Is there any other option so that I can only define the domain name with the proper keyword in main.cf and postfix send mails to only that domain ? Err.. why? I think access is nicest way to do it. Could you kindly give me an example to restrict the domain with access ? How about following: access.pcre: /^DOMAIN\.NET$/ OK /./REJECT And then you can use it on various places in main.cf: (pcre:/etc/postfix/access.pcre) -- Eero Thanks for the example. I am telling you what I have already done here. Could you please enlighten me what is missing here ? Yes, you didn't follow my example. How about replacing DOMAIN\.NET with your domain without deleting /./ REJECT line. It's also pcre, not hash table. Please post questions also to mailinglist, since I am your personal helpdesk. -- Eero
Re: How to restrict domain in postfix ?
Eero Volotinen wrote: Please post questions also to mailinglist, since I am your personal helpdesk. Not personal helpdesk, sorry. -- Eero
Re: How to restrict domain in postfix ?
Eero Volotinen wrote: J. Bakshi wrote: Eero Volotinen wrote: J. Bakshi wrote: Thanks to point it out :-) I am looking into it. Is there any other option so that I can only define the domain name with the proper keyword in main.cf and postfix send mails to only that domain ? Err.. why? I think access is nicest way to do it. Could you kindly give me an example to restrict the domain with access ? How about following: access.pcre: /^DOMAIN\.NET$/ OK /./REJECT And then you can use it on various places in main.cf: (pcre:/etc/postfix/access.pcre) -- Eero Thanks for the example. I am telling you what I have already done here. 1# create the acl file /etc/postfix/send_domain_restriction = mydomain.com OK #2 configure mail.cf smtpd_recipient_restrictions = hash:/etc/postfix/send_domain_restriction #3. create the db and restart postfix = postmap /etc/postfix/send_domain_restriction restart /etc/init.d/postfix But still I am able send email to other domains :-( It should be restricted to mydomain.com Could you please enlighten me what is missing here ? thanks -- জয়দীপ বক্সী
Re: How to restrict domain in postfix ?
Eero Volotinen wrote: J. Bakshi wrote: Eero Volotinen wrote: J. Bakshi wrote: Thanks to point it out :-) I am looking into it. Is there any other option so that I can only define the domain name with the proper keyword in main.cf and postfix send mails to only that domain ? Err.. why? I think access is nicest way to do it. Could you kindly give me an example to restrict the domain with access ? How about following: access.pcre: /^DOMAIN\.NET$/ OK /./REJECT And then you can use it on various places in main.cf: (pcre:/etc/postfix/access.pcre) -- Eero I am afraid to say but no luck yet :-( I have already installed postfix-pcre and created the access.pcre accordingky the above pattern. main.cf has ` ` ` ` smtpd_recipient_restrictions = check_recipient_access pcre:/etc/postfix/access.pcre, reject ` ` ` ` -- জয়দীপ বক্সী
Re: How to restrict domain in postfix ?
smtpd_recipient_restrictions = check_recipient_access pcre:/etc/postfix/access.pcre, reject see also: http://www.postfix.org/postconf.5.html#smtpd_client_restrictions I think smtpd_recipient_restrictions applies only server to server connections. -- Eero
Re: Problem re-directing root's email
On 17-Nov-2009, at 20:58, Sahil Tandon wrote: On Tue, 17 Nov 2009, LuKreme wrote: My aliases has always been at /etc/postfix/aliases Now *that* is atypical. No, it's really not. Anyone who's been using postfix for a while is quite likely to have their alias file in the postfix folder. That was certainly the default setting when I first setup postfix in … 1999? 2000? because I distinctly recall it biting me in the ass at the time. Here's a How-To from about 2003? specifically showing /etc/postfix/aliases as the preferred and default setting. http://www.hmug.org/UnixHowTos/index.php?postfix Postfix keeps its version in /etc/postfix/aliases. -- Clark's Law: Sufficiently advanced cluelessness is indistinguishable from malice Clark Slaw: Anything that has been severely damaged or destroyed by application of Clark's Law
Re: Problem re-directing root's email
On 17-Nov-2009, at 23:46, LuKreme wrote: I first setup postfix in … 1999? 2000? Erm, confusion reins. It was late in 2002 with, iirc, a prerelease 2.x -- 'Are you Death?' IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. --The Fifth Elephant
Re: Problem re-directing root's email
On 2009-11-17 LuKreme wrote: On 17-Nov-2009, at 20:58, Sahil Tandon wrote: On Tue, 17 Nov 2009, LuKreme wrote: My aliases has always been at /etc/postfix/aliases Now *that* is atypical. No, it's really not. Anyone who's been using postfix for a while is quite likely to have their alias file in the postfix folder. I have been using Postfix for a couple years now, and I don't. That was certainly the default setting when I first setup postfix in ??? 1999? 2000? because I distinctly recall it biting me in the ass at the time. Here's a How-To from about 2003? specifically showing /etc/postfix/aliases as the preferred and default setting. http://www.hmug.org/UnixHowTos/index.php?postfix Postfix keeps its version in /etc/postfix/aliases. It's neither preferred, nor default, for Postfix on both Debian GNU/Linux and Mac OS X. r...@iridium:~ # postconf -d | grep ^alias_maps alias_maps = hash:/etc/aliases, nis:mail.aliases r...@iridium:~ # _ Regards Ansgar Wiechers -- All vulnerabilities deserve a public fear period prior to patches becoming available. --Jason Coombs on Bugtraq
Re: Attempt MX, fallback to relay in case of error only
On Tue, 2009-11-17 at 20:55 -0800, cont...@rusanu.com wrote: Is there a way to configure postfix to use a relay only if direct delivery is rejected? The case being a web application that has to send notification to subscribers, but some servers reject the connection (app IP originates from AWS EC2). I want those cases to be retried using a paid SMTP relay like authsmtp.com. However I don't want to use the relay for everything since it costs per mail. Thanks, ~ Remus I think you need a fallback_relay http://www.postfix.org/postconf.5.html#fallback_relay
Re: How to restrict domain in postfix ?
On Wed, November 18, 2009 5:38 am, Eero Volotinen said: J. Bakshi wrote: Could you kindly give me an example to restrict the domain with access ? How about following: access.pcre: /^DOMAIN\.NET$/ OK /./ REJECT No, this is wrong. As per the documentation, partial lookup keys aren't used with regexp/pcre maps, only the full recipient address. /@example\.com$/ OK /./ REJECT But you could just as well list reject in smtpd_xxx_restrictions, after the check_recipient_access restriction. -- Magnus Bäck mag...@dsek.lth.se
Re: How to restrict domain in postfix ?
On Wed, November 18, 2009 7:09 am, Eero Volotinen said: smtpd_recipient_restrictions = check_recipient_access pcre:/etc/postfix/access.pcre, reject see also: http://www.postfix.org/postconf.5.html#smtpd_client_restrictions I think smtpd_recipient_restrictions applies only server to server connections. What's server to server supposed to mean? smtpd_recipient_restrictions is fine here. -- Magnus Bäck mag...@dsek.lth.se