Re: need help with pcre for postfix
Viktor, Yes, Milter seems way to much for what i wanna do. i installed postfix-pcre on ubuntu 8.04. and add this line in my main.cf postfix configuration : header_checks = pcre:/etc/postfix/header_checks then here is the content of my /etc/postfix/header_checks : !/postmas...@devinci\.fr/ REJECT go away but when this is enables, all mail are rejected. can anyone help me with this ? Le vendredi 06 novembre 2009 à 14:56 -0500, Victor Duchovni a écrit : On Fri, Nov 06, 2009 at 10:17:26AM +, Sharma, Ashish wrote: Pascal, You can create a mail filter for Postfix using Milter API. Massive overkill for a simple recipient address access policy. -- Pascal Valois Service Informatique Pôle Universitaire Léonard de Vinci
Re: need help with pcre for postfix
hum, i think i found what was wrong. when checking with pcre, all lines in the header are processed. and then the from: adress get a REJECT go away reponse from the filter. i though that all the subject was processed as once ? right or wrong ? Le mercredi 18 novembre 2009 à 09:17 +0100, pascal valois a écrit : Viktor, Yes, Milter seems way to much for what i wanna do. i installed postfix-pcre on ubuntu 8.04. and add this line in my main.cf postfix configuration : header_checks = pcre:/etc/postfix/header_checks then here is the content of my /etc/postfix/header_checks : !/postmas...@devinci\.fr/ REJECT go away but when this is enables, all mail are rejected. can anyone help me with this ? Le vendredi 06 novembre 2009 à 14:56 -0500, Victor Duchovni a écrit : On Fri, Nov 06, 2009 at 10:17:26AM +, Sharma, Ashish wrote: Pascal, You can create a mail filter for Postfix using Milter API. Massive overkill for a simple recipient address access policy. -- Pascal Valois Service Informatique Pôle Universitaire Léonard de Vinci
Re: How to restrict domain in postfix ?
Magnus Bäck wrote: On Wed, November 18, 2009 5:38 am, Eero Volotinen said: J. Bakshi wrote: Could you kindly give me an example to restrict the domain with access ? How about following: access.pcre: /^DOMAIN\.NET$/ OK /./ REJECT No, this is wrong. As per the documentation, partial lookup keys aren't used with regexp/pcre maps, only the full recipient address. /@example\.com$/ OK /./ REJECT But you could just as well list reject in smtpd_xxx_restrictions, after the check_recipient_access restriction. Hello Magnus, Thanks for your hints. I am also searching for a simple solution which just start working from main.cf . I like my postfix to send email to a very specific domain only; just say gmail.com so if you try to send a mail to both gmail.com and yahoo.in then the mail will be successfully sent to gmail account only. Unfortunately nothing of my previous experiments are successful :-( Thanks -- জয়দীপ বক্সী
Re: Attempt MX, fallback to relay in case of error only
Zitat von cont...@rusanu.com cont...@rusanu.com: Is there a way to configure postfix to use a relay only if direct delivery is rejected? The case being a web application that has to send notification to subscribers, but some servers reject the connection (app IP originates from AWS EC2). I want those cases to be retried using a paid SMTP relay like authsmtp.com. However I don't want to use the relay for everything since it costs per mail. If it is rejected with a permanent error code (5xx) no retry an no fallback will happen. This is required by RFC. If the reject is with some temporary reject code or the connection is not accepted at all you need the fallback_relay parameter. Regards Andreas
Relayhost to multiple hosts
Hi, I am looking for a solution where i would be able to configure one postfix instance in such a way that it rotates multiple relayhosts and acts as a host that relays emails to multiple hosts. For eg. we currently have the option of entering just one relayhost = xx.xx.xx.xx. However i need a solution where i shuld be able to map multiple relayhosts and make postfix relay via those list of hosts. P.S. The ports also might be different in some cases. Rgds Dhiraj
fatal: error reading /var/lib/drac/dracd.db: Unknown error 4294936309 (Debian lenny)
Hi I'm working on upgrading to debian lenny and ran into this problem. I have dovecot with the drac plugin sending IPs to dracd writing to /var/lib/drac/dracd.db. The btree db seems okay - I can look up the IPs using postmap -q but I get intermittent (every 4 minutes) the following errors from postfix: Nov 18 11:42:33 mail postfix/smtpd[12958]: fatal: error reading /var/lib/drac/dracd.db: Unknown error 4294936309 Nov 18 11:42:33 mail postfix/smtpd[12959]: fatal: error reading /var/lib/drac/dracd.db: Unknown error 4294936309 Nov 18 11:42:34 mail postfix/smtpd[12949]: fatal: error reading /var/lib/drac/dracd.db: Unknown error 4294936309 Nov 18 11:42:34 mail postfix/smtpd[12945]: fatal: error reading /var/lib/drac/dracd.db: Unknown error 4294936309 Nov 18 11:42:37 mail postfix/smtpd[12794]: fatal: error reading /var/lib/drac/dracd.db: Unknown error 4294936309 Nov 18 11:42:50 mail postfix/smtpd[12642]: fatal: error reading /var/lib/drac/dracd.db: Unknown error 4294936309 Nov 18 11:43:15 mail postfix/smtpd[12496]: fatal: error reading /var/lib/drac/dracd.db: Unknown error 4294936309 Thanks for any help mimo
Re: Relayhost to multiple hosts
Quoting Dhiraj Chatpar dchat...@gmail.com: Hi, I am looking for a solution where i would be able to configure one postfix instance in such a way that it rotates multiple relayhosts and acts as a host that relays emails to multiple hosts. For eg. we currently have the option of entering just one relayhost = xx.xx.xx.xx. However i need a solution where i shuld be able to map multiple relayhosts and make postfix relay via those list of hosts. P.S. The ports also might be different in some cases. You can use iptables for that or make dns round robin entry and point relayhost to that hostname. -- Eero
Re: Relayhost to multiple hosts
can you please give me a tutorial to achieve this? Joan Crawfordhttp://www.brainyquote.com/quotes/authors/j/joan_crawford.html - I, Joan Crawford, I believe in the dollar. Everything I earn, I spend. On Wed, Nov 18, 2009 at 17:57, Eero Volotinen eero.voloti...@iki.fi wrote: Quoting Dhiraj Chatpar dchat...@gmail.com: Hi, I am looking for a solution where i would be able to configure one postfix instance in such a way that it rotates multiple relayhosts and acts as a host that relays emails to multiple hosts. For eg. we currently have the option of entering just one relayhost = xx.xx.xx.xx. However i need a solution where i shuld be able to map multiple relayhosts and make postfix relay via those list of hosts. P.S. The ports also might be different in some cases. You can use iptables for that or make dns round robin entry and point relayhost to that hostname. -- Eero
Re: Relayhost to multiple hosts
Quoting Dhiraj Chatpar dchat...@gmail.com: can you please give me a tutorial to achieve this? See the: http://cormander.com/blog/2008/05/round-robin-balancing-with-iptables/ and http://www.zytrax.com/books/dns/ch9/rr.html -- Eero
Re: Relayhost to multiple hosts
I believe there is an option within postfix too to achieve this? Ogden Nash http://www.brainyquote.com/quotes/authors/o/ogden_nash.html - The trouble with a kitten is that when it grows up, it's always a cat. On Wed, Nov 18, 2009 at 18:50, Eero Volotinen eero.voloti...@iki.fi wrote: Quoting Dhiraj Chatpar dchat...@gmail.com: can you please give me a tutorial to achieve this? See the: http://cormander.com/blog/2008/05/round-robin-balancing-with-iptables/ and http://www.zytrax.com/books/dns/ch9/rr.html -- Eero
Re: Relayhost to multiple hosts
Quoting Dhiraj Chatpar dchat...@gmail.com: I believe there is an option within postfix too to achieve this? As far as I known, postfix only supports one relayhost plus backup host. -- Eero
Re: Relayhost to multiple hosts
2009/11/19 Dhiraj Chatpar dchat...@gmail.com: I believe there is an option within postfix too to achieve this? I'm fairly sure there's not. If you don't like the idea of using iptables, the alternative would be a customised DNS entry for your relayhost. Create a virtual relayhost A-record (eg. relayhost.mydomain.com) that returns multiple IP addresses, this will produce a rudimentary form of round-robin. Then just set relayhost=relayhost.mydomain.com in main.cf
Re: Relayhost to multiple hosts
What do you think about this?? will this work? http://souptonuts.sourceforge.net/postfix_sbr.html Ted Turner http://www.brainyquote.com/quotes/authors/t/ted_turner.html - Sports is like a war without the killing. On Wed, Nov 18, 2009 at 19:08, Barney Desmond barneydesm...@gmail.comwrote: 2009/11/19 Dhiraj Chatpar dchat...@gmail.com: I believe there is an option within postfix too to achieve this? I'm fairly sure there's not. If you don't like the idea of using iptables, the alternative would be a customised DNS entry for your relayhost. Create a virtual relayhost A-record (eg. relayhost.mydomain.com) that returns multiple IP addresses, this will produce a rudimentary form of round-robin. Then just set relayhost=relayhost.mydomain.com in main.cf
Re: How to restrict domain in postfix ?
On 11/18/2009 2:49 AM, J. Bakshi wrote: Thanks for your hints. I am also searching for a simple solution which just start working from main.cf . I like my postfix to send email to a very specific domain only; just say gmail.com so if you try to send a mail to both gmail.com and yahoo.in then the mail will be successfully sent to gmail account only. Unfortunately nothing of my previous experiments are successful :-( You have not sufficiently defined for us what you want postfix to do. The solution will probably involve more than just setting some flag in main.cf, but we don't really understand the problem yet. You keep getting conflicting answers because everyone is solving a different problem for you. The answers you need are likely listed in the docs http://www.postfix.org/documentation.html and we will happily guide you to the correct section once we have an idea of what you're looking for. How does this mail enter postfix? SMTP? The sendmail(1) command? What should postfix do with mail addressed to the wrong domain? Reject it? Force delivery to the proper domain? Discard it? If you try something and don't get the results you expected, you need to show the configuration you tried, what you expected to happen, and postfix logging of what actually occurred. Reporting it didn't work just wastes time, both ours and yours. Before you answer, please read: http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones
Re: Relayhost to multiple hosts
We have 5 different servers.. all of them are mailing servers for our main company domain, I wish to Balance the mails across these 5 servers. Ogden Nash http://www.brainyquote.com/quotes/authors/o/ogden_nash.html - The trouble with a kitten is that when it grows up, it's always a cat. On Wed, Nov 18, 2009 at 19:34, Wietse Venema wie...@porcupine.org wrote: Dhiraj Chatpar: Hi, I am looking for a solution where i would be able to configure one postfix instance in such a way that it rotates multiple relayhosts and acts as a host that relays emails to multiple hosts. For eg. we currently have the option of entering just one relayhost = xx.xx.xx.xx. However i need a solution where i shuld be able to map multiple relayhosts and make postfix relay via those list of hosts. What problem are you trying to solve? State the problem, not the solution of multiple relayhosts and ports. Wietse
Re: mx fails due to typo on remote dns
Hi, Got my network team to allow me port 53 to another dns resolver1.opendns.com ( entered this into my resolv.conf ) and get similar results, Nov 18 14:20:32 obeml1 postfix/smtp[21362]: [ID 197553 mail.info] AAC73239403: to=postmas...@eurocommerce.ie, relay=none, delay=20, delays=0.25/0/20/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=eurocommerce.ie type=MX: Host not found, try again) however i also get poor resuls from manual dig on the server ( solaris 8 ) obeml1# dig @resolver1.opendns.com eurocommerce.ie mx ; DiG 8.3 @resolver1.opendns.com eurocommerce.ie mx ; (1 server found) ;; res options: init recurs defnam dnsrch ;; res_nsend to server resolver1.opendns.com 208.67.222.222: Connection timed out obeml1# dig @resolver1.opendns.com eurocommerce.ie ; DiG 8.3 @resolver1.opendns.com eurocommerce.ie ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; eurocommerce.ie, type = A, class = IN ;; ANSWER SECTION: eurocommerce.ie.0S IN A 67.215.65.132 ;; Total query time: 22 msec ;; FROM: obeml1 to SERVER: resolver1.opendns.com 208.67.222.222 ;; WHEN: Wed Nov 18 14:24:38 2009 ;; MSG SIZE sent: 33 rcvd: 49 The other mail server in my mail cluster has a later dig and still fails, obeml2# dig @resolver1.opendns.com eurocommerce.ie ; DiG 9.6.1-P1 @resolver1.opendns.com eurocommerce.ie ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 273 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;eurocommerce.ie. IN A ;; ANSWER SECTION: eurocommerce.ie.0 IN A 67.215.65.132 ;; Query time: 16 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Wed Nov 18 14:37:13 2009 ;; MSG SIZE rcvd: 49 obeml2# dig @resolver1.opendns.com eurocommerce.ie mx ; DiG 9.6.1-P1 @resolver1.opendns.com eurocommerce.ie mx ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached I'm suspecting something OS now is broke - not postfix - This is only an issue where remote DNS has typo on the mx record. Thanks Laurence Wietse Venema wie...@porcupine.org 17/11/09 11:39:43 Wietse Venema: Laurence Moughan: Ok , I upgraded to 2.6.5 - and still fails, Works for me. I suspect that your LOCAL dns server is making trouble. Logging: Nov 17 06:34:54 spike postfix/qmgr[6861]: 509F61F3EA7: from=wie...@porcupine.org, size=338, nrcpt=1 (queue active) Nov 17 06:34:54 spike postfix/smtp[56957]: warning: valid_hostname: invalid character 92(decimal): cluster8a.eu.messagelabs.com\032 Nov 17 06:34:54 spike postfix/smtp[56957]: warning: malformed domain name in resource data of MX record for eurocommerce.ie: cluster8a.eu.messagelabs.com\032 Nov 17 06:34:55 spike postfix/smtp[56957]: 509F61F3EA7: to=postmas...@eurocommerce.ie, relay=cluster8.eu.messagelabs.com[85.158.140.211]:25, delay=1.4, delays=0.19/0.01/0.82/0.4, dsn=2.0.0, status=deliverable (250 OK) You need to test with a different up-stream DNS server. Wietse
Re: Relayhost to multiple hosts
Dhiraj Chatpar: We have 5 different servers.. all of them are mailing servers for our main company domain, I wish to Balance the mails across these 5 servers. Isn't that what the DNS was invented for? You specify the domain and its servers, and then all standards-compliant mail systems will distribute the load according to MX preferences. Wietse
Re: mx fails due to typo on remote dns
Laurence Moughan: obeml1# dig @resolver1.opendns.com eurocommerce.ie ; DiG 8.3 @resolver1.opendns.com eurocommerce.ie ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; eurocommerce.ie, type = A, class = IN That is the wrong query. You need to ask for the MX record. Wietse
Limit send mail to alias
Hello I created an alias with the email address of all users in my workplace to let them get notifications or possible changes in the system through email. Would like to limit the shipment from certain recipients, and if possible when you put the address or alias to the line of this is removed and placed in hidden delivery, bcc. so you do not release the addresses, preventing it from being intentionally misused. quite apart from the subject, whether it is possible to limit the amount of my users to target mailings. Thanks Michel
Re: Relayhost to multiple hosts
Yes the DNS is a good idea.. However what will i achieve if i implement the following? # Changes in /etc/postfix2/main.cf sender_based_routing = yes relay unix - - n - - smtp -o fallback_relay= smtp_act1 unix - - n - - smtp -o smtp_sasl_password_maps=hash:/etc/postfix2/sasl_passwd_act1 smtp_act2 unix - - n - - smtp -o smtp_sasl_password_maps=hash:/etc/postfix2/sasl_passwd_act2 smtp_act3 unix - - n - - smtp -o smtp_sasl_password_maps=hash:/etc/postfix2/sasl_passwd_act3 smtp_act4 unix - - n - - smtp -o smtp_sasl_password_maps=hash:/etc/postfix2/sasl_passwd_act4 #/etc/postfix2/sasl_passwd_act1 domainname.com Mike Ditka http://www.brainyquote.com/quotes/authors/m/mike_ditka.html - If God had wanted man to play soccer, he wouldn't have given us arms. On Wed, Nov 18, 2009 at 20:10, Wietse Venema wie...@porcupine.org wrote: Dhiraj Chatpar: We have 5 different servers.. all of them are mailing servers for our main company domain, I wish to Balance the mails across these 5 servers. Isn't that what the DNS was invented for? You specify the domain and its servers, and then all standards-compliant mail systems will distribute the load according to MX preferences. Wietse
Re: mx fails due to typo on remote dns
I do ( detailed in the same email ) - and i get timeouts when there is a typo in the record - all correct records come back fine. Wietse Venema wie...@porcupine.org 18/11/09 14:43:46 Laurence Moughan: obeml1# dig @resolver1.opendns.com eurocommerce.ie ; DiG 8.3 @resolver1.opendns.com eurocommerce.ie ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; eurocommerce.ie, type = A, class = IN That is the wrong query. You need to ask for the MX record. Wietse
A way to trace the mail flow
Hi all, sometimes (...) I need to trace the complete flow of mails through postfix queues until the delivered to dovecot (including the clients connections/disconnections and obviously the operations execute by Mailscanner). Usually I trace it with tail -f mail.log grepping sender/receiver or message id but it's a little bit silly do it every days, I notice that I can't use pid to trace these actions. Exists a logview for postfix that do that? Or a way to associate an unique id to a mail process ? Best regards.
Re: Relayhost to multiple hosts
Dhiraj Chatpar: Yes the DNS is a good idea.. However what will i achieve if i implement the following? The solution is to have multiple MX records in the DNS. All standards-compliant MTAs will spread the load WITHOUT ANY SENDER SIDE CONFIGURATION. Wietse
Re: mx fails due to typo on remote dns
Laurence Moughan: I do ( detailed in the same email ) - and i get timeouts when there is a typo in the record - all correct records come back fine. You are doing one MX lookup that times out. Then, two A lookups for the email domain name, and that is wrong. Instead, you need to do one MX lookup for the email domain, and A lookups for the MX hostnames. Wietse
Re: mx fails due to typo on remote dns
Found problem, Its not postfix nor os - thanks for all the help, its my toplayer IDS ! Nov 18 14:16:31 [10.142.4.252.2.2] 10.142.4.252 IPS5500-150E: id=060002 pt=TLN-TS prot=UDP cip=208.67.222.222 cprt=53 sip=193.95.152.20 sprt=48020 atck=tln-101047 disp=mitigate ckt=1 src=extern msg=PROTO: DNS Inbound Resource Record Data Contains Invalid Character Wietse Venema wie...@porcupine.org 18/11/09 14:43:46 Laurence Moughan: obeml1# dig @resolver1.opendns.com eurocommerce.ie ; DiG 8.3 @resolver1.opendns.com eurocommerce.ie ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; eurocommerce.ie, type = A, class = IN That is the wrong query. You need to ask for the MX record. Wietse
Re: Attempt MX, fallback to relay in case of error only
Thanks Andreas, The reject would be '553 Mail from ... not allowed', so it sounds like a dead end trying to configure postfix to handle this. Suggestions on how to workaround are welcome. Thanks, ~ Remus On Nov 18, 2009, at 1:12 AM, lst_ho...@kwsoft.de wrote: Zitat von cont...@rusanu.com cont...@rusanu.com: Is there a way to configure postfix to use a relay only if direct delivery is rejected? The case being a web application that has to send notification to subscribers, but some servers reject the connection (app IP originates from AWS EC2). I want those cases to be retried using a paid SMTP relay like authsmtp.com. However I don't want to use the relay for everything since it costs per mail. If it is rejected with a permanent error code (5xx) no retry an no fallback will happen. This is required by RFC. If the reject is with some temporary reject code or the connection is not accepted at all you need the fallback_relay parameter. Regards Andreas
Re: Attempt MX, fallback to relay in case of error only
cont...@rusanu.com: Thanks Andreas, The reject would be '553 Mail from ... not allowed', so it sounds like a dead end trying to configure postfix to handle this. Suggestions on how to workaround are welcome. This is essentially the same problem as home office sites trying to send direct mail from a residential pool with fall-back to some ISP because their address is listed in zen.spamhaus.org. /etc/postfix/main.cf: smtp_fallback_relay=mail.isp.net /etc/postfix/master.cf: smtp unix - - n - - smtp -o soft_bounce=yes When the direct-to-destination delivery attempt fails, it will be the same Postfix SMTP client process that dumps the message to the fallback host, so 5xx replies will be ignored in both cases, and mail may remain queued forever. Ignoring 5xx responses is not kosher use of SMTP, and there is no enthousiastic support for Postfix to give 5xx replies a treatment that depends on context. Wietse Thanks, ~ Remus On Nov 18, 2009, at 1:12 AM, lst_ho...@kwsoft.de wrote: Zitat von cont...@rusanu.com cont...@rusanu.com: Is there a way to configure postfix to use a relay only if direct delivery is rejected? The case being a web application that has to send notification to subscribers, but some servers reject the connection (app IP originates from AWS EC2). I want those cases to be retried using a paid SMTP relay like authsmtp.com. However I don't want to use the relay for everything since it costs per mail. If it is rejected with a permanent error code (5xx) no retry an no fallback will happen. This is required by RFC. If the reject is with some temporary reject code or the connection is not accepted at all you need the fallback_relay parameter. Regards Andreas
Re: need help with pcre for postfix
On Wed, Nov 18, 2009 at 09:17:14AM +0100, pascal valois wrote: i installed postfix-pcre on ubuntu 8.04. and add this line in my main.cf postfix configuration : header_checks = pcre:/etc/postfix/header_checks Why are using header checks to filter the envelope recipient address? (Hint: DO NOT). http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions http://www.postfix.org/postconf.5.html#check_recipient_access http://www.postfix.org/access.5.html Find a decent tutorial on Postfix restriction processing. then here is the content of my /etc/postfix/header_checks : !/postmas...@devinci\.fr/ REJECT go away but when this is enables, all mail are rejected. can anyone help me with this ? Don't reject all messages that contain header lines that don't mention the postmaster address. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Attempt MX, fallback to relay in case of error only
cont...@rusanu.com put forth on 11/18/2009 10:05 AM: Thanks Andreas, The reject would be '553 Mail from ... not allowed', so it sounds like a dead end trying to configure postfix to handle this. Suggestions on how to workaround are welcome. Given that the Amazon cloud is likely universally smtp blocked and will continue to be in the foreseeable future, you're probably not going to be able to work around this rejection problem by tweaking how postfix delivers mail. I blocked the Amazon cloud /18 in April, and sometime around late summer (US) a thread ran through the spam-l list causing universal blocking via the members. I'm sure the list of sites blocking it has only grown since then. Your best solution is to find a relayhost with good reputation from which you can send the email, one that doesn't cost you an arm and a leg to do so. Or, better yet, ditch the Amazon cloud and sign up with a decent colo/vps/web hosting shop whose IP space isn't universally smtp blocked. There are thousands of such providers out there offering ultra cheap service. Do some research and pick one whose IP space isn't in scorched earth territory. -- Stan
Relayhost to multiple hosts
Wietse Venema put forth on 11/18/2009 9:25 AM: Dhiraj Chatpar: Yes the DNS is a good idea.. However what will i achieve if i implement the following? The solution is to have multiple MX records in the DNS. All standards-compliant MTAs will spread the load WITHOUT ANY SENDER SIDE CONFIGURATION. Wietse That master.cf with all the sasl makes me think he's wanting to spread spam load out over 5 broadband smtp submission servers over 5 dsl lines or similar. His resistance to using DNS, which is the proper (and easy) solution for a legit operation, and the fact that he's spreading the load of only one server across 5 also smells of a spammer. Are we assisting a spammer or a legit operation? Dhiraj? What's the skinny? -- Stan
Re: Problem re-directing root's email
On Wed, Nov 18, 2009 at 07:56:40AM +0100, Ansgar Wiechers wrote: On 2009-11-17 LuKreme wrote: Here's a How-To from about 2003? specifically showing /etc/postfix/aliases as the preferred and default setting. http://www.hmug.org/UnixHowTos/index.php?postfix Without bothering to look at the site, I am going to suggest that is not official Postfix documentation. Postfix keeps its version in /etc/postfix/aliases. It's neither preferred, nor default, for Postfix on both Debian GNU/Linux and Mac OS X. r...@iridium:~ # postconf -d | grep ^alias_maps alias_maps = hash:/etc/aliases, nis:mail.aliases My pasted value, on Slackware (installed from source), was also from postconf -d alias_maps. Anyone who is giving advice which relies upon non-default Postfix settings is misleading other posters, and thus should be corrected. There was absolutely no indication in this thread that the OP should have used /etc/postfix/aliases, and yet that advice was given: authoritative-sounding but probably wrong. A distributor's non-default settings as shipped in their main.cf are still that: non-default settings. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Limit send mail to alias
Michel Bulgado put forth on 11/18/2009 8:54 AM: Hello I created an alias with the email address of all users in my workplace to let them get notifications or possible changes in the system through email. Would like to limit the shipment from certain recipients, and if possible when you put the address or alias to the line of this is removed and placed in hidden delivery, bcc. so you do not release the addresses, preventing it from being intentionally misused. Sounds like a case for recipient_bcc_maps: http://www.postfix.org/postconf.5.html#recipient_bcc_maps That will solve part of the problem. If you are wanting to restrict who can send email to the alias send.notification.to.every...@myorg.tld I'm not sure on that one. Basically you want an ACL of who can send to this alias? -- Stan
Re: Relayhost to multiple hosts
On 11/18/2009 11:47 AM, Dhiraj Chatpar wrote: Well sir its our friend yahoo which is going to get me kicked off my job as an administrator. I had an issue where a email sent to a yahoo email address from My CEO didnt end up delivering. Ever since i have been wondering for solutions. You're trying to solve a problem that you can't solve. If 99% of your mail addressed to yahoo eventually gets delivered, you've done as well as can be expected and better than most. Your real job is to explain this in terms the CEO can understand.
Re: Limit send mail to alias
On Wed, Nov 18, 2009 at 11:51:22AM -0600, Stan Hoeppner wrote: I created an alias with the email address of all users in my workplace to let them get notifications or possible changes in the system through email. Would like to limit the shipment from certain recipients, and if possible when you put the address or alias to the line of this is removed and placed in hidden delivery, bcc. so you do not release the addresses, preventing it from being intentionally misused. Sounds like a case for recipient_bcc_maps: To me, this sounds like a moderated list, or at least a closed list with designated pre-approved senders, managed by a list manager. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Limit send mail to alias
On Wed, 2009-11-18 at 13:11 -0500, Victor Duchovni wrote: On Wed, Nov 18, 2009 at 11:51:22AM -0600, Stan Hoeppner wrote: I created an alias with the email address of all users in my workplace to let them get notifications or possible changes in the system through email. Would like to limit the shipment from certain recipients, and if possible when you put the address or alias to the line of this is removed and placed in hidden delivery, bcc. so you do not release the addresses, preventing it from being intentionally misused. Sounds like a case for recipient_bcc_maps: To me, this sounds like a moderated list, or at least a closed list with designated pre-approved senders, managed by a list manager. Maybe resolved by creating a closed list with mailman moderate. The list currently use the alias is updated with a script that exports the new users from LDAP (Active Directory) to a text file. maybe it's possible to do the same or similar to mailman, because this list would have to update manually. however look for a variant. Another question they had done, they know if you can limit the number of recipients by sending mail?
server configuration error
hi all the following is the log from my relay for example.com; this is read receipt which failed; this is happening only with this client domain; Nov 18 20:13:59 relay2 postfix/smtpd[4225]: NOQUEUE: reject: RCPT from ex.2n.cz[90.182.112.11]: 451 4.3.5 Server configuration error; from= to= a...@example.com proto=ESMTP helo=ex.2n.cz Nov 18 20:13:59 relay2 postfix/smtpd[4225]: disconnect from ex.2n.cz [90.182.112.11] the below is my restrictions: smtpd_helo_required = yes smtpd_helo_restrictions = smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_non_fqdn_sender reject_unknown_sender_domain reject_unknown_recipient_domain permit_mynetworks reject_unauth_destination check_recipient_access hash:/etc/postfix/roleaccount_exceptions check_client_access hash:/etc/postfix/backscatterer_whitelist check_sender_access hash:/etc/postfix/check_backscatterer reject_non_fqdn_hostname reject_invalid_hostname check_client_access cidr:/etc/postfix/spam_cidr check_helo_access pcre:/etc/postfix/helo_checks check_recipient_access hash:/etc/postfix/whitelist_recipients reject_rbl_client zen.spamhaus.org reject_rhsbl_sender dsn.rfc-ignorant.org permit smtpd_data_restrictions = reject_multi_recipient_bounce reject_unauth_pipelining permit smtpd_sender_restrictions = hash:/etc/postfix/access check_sender_access hash:/etc/postfix/strict_sender_map smtpd_restriction_classes = strict_client_domain strict_client_domain = reject_unknown_client check_client_access hash:/etc/postfix/strict_client_map reject smtpd_use_tls = no strict_8bitmime = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_client_reject_code = 554 unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual pcre:/etc/postfix/virtual_pcre -is anything wrong with my settings?! help appreciated
Re: server configuration error
On 11/18/2009 1:36 PM, K bharathan wrote: hi all the following is the log from my relay for example.com http://example.com; this is read receipt which failed; this is happening only with this client domain; Nov 18 20:13:59 relay2 postfix/smtpd[4225]: NOQUEUE: reject: RCPT from ex.2n.cz http://ex.2n.cz[90.182.112.11]: 451 4.3.5 Server configuration error; from= to=a...@example.com mailto:a...@example.com proto=ESMTP helo=ex.2n.cz http://ex.2n.cz Nov 18 20:13:59 relay2 postfix/smtpd[4225]: disconnect from ex.2n.cz http://ex.2n.cz[90.182.112.11] The interesting error message is probably a couple lines above this in the log. Details of the error are not sent to the client. the below is my restrictions: Please show postconf -n output, and log entries proceeding the one you posted. http://www.postfix.org/DEBUG_README.html#logging -is anything wrong with my settings?! Almost certainly, and postfix probably tells you exactly what the problem is in the logs. -- Noel Jones
Re: server configuration error
K bharathan: hi all the following is the log from my relay for example.com; this is read receipt which failed; this is happening only with this client domain; Nov 18 20:13:59 relay2 postfix/smtpd[4225]: NOQUEUE: reject: RCPT from ex.2n.cz[90.182.112.11]: 451 4.3.5 Server configuration error; from= to= Postfix sends problem details to the maillog file. http://www.postfix.org/DEBUG_README.html#logging Wietse
server configuration error
K bharathan put forth on 11/18/2009 1:36 PM: -is anything wrong with my settings?! help appreciated Try: grep warning: /the/maillog/file -- Stan
Sending from multiple IPs, based on a header?
I am trying to configure postfix to work as follows: 1) In a header_check, look for a header X-Vmta: n where n is some number. 2) Based on n, choose an outgoing smtp transport (bound to some ip) Basically I want postfix to choose the outgoing IP based on a header that can be placed within the message. I have configured it thusly, so far, but I am getting a mail loops back to myself error. main.cf: header_checks = regexp:/etc/postfix/header_checks header_checks: /^X-Vmta.*1$/ FILTER vmta1: /^X-Vmta.*2$/ FILTER vmta2: /^X-Vmta.*3$/ FILTER vmta3: /^X-Vmta.*4$/ FILTER vmta4: /^X-Vmta.*5$/ FILTER vmta5: master.cf: vmta1 unix - - n - - smtp -o smtp_bind_address=x.x.x.x vmta2 unix - - n - - smtp -o smtp_bind_address=y.y.y.y vmta3 unix - - n - - smtp -o smtp_bind_address=z.z.z.z vmta4 unix - - n - - smtp -o smtp_bind_address=w.w.w.w.w vmta5 unix - - n - - smtp -o smtp_bind_address=v.v.v.v My expectation was that the header_check would tag the mails when readding them to the queue and then they would go out the specified transport, but maybe the loop detection in postfix is defeating me? Is it that the requeued emails also pass through the header_checks? I'm fine with stripping off the header during the check to avoid that, but I don't see how to FILTER and IGNORE the same line based on header_checks(5). Ideas? --Ian
Re: Sending from multiple IPs, based on a header?
Ian Duggan: I am trying to configure postfix to work as follows: 1) In a header_check, look for a header X-Vmta: n where n is some number. 2) Based on n, choose an outgoing smtp transport (bound to some ip) Basically I want postfix to choose the outgoing IP based on a header that can be placed within the message. I have configured it thusly, so far, but I am getting a mail loops back to myself error. It means that the recipient domain resolves to a local address. Unfortunately you ignored instructions in the mailing list welcome message, and therefore there is no more concrete answer. Wietse main.cf: header_checks = regexp:/etc/postfix/header_checks header_checks: /^X-Vmta.*1$/ FILTER vmta1: /^X-Vmta.*2$/ FILTER vmta2: /^X-Vmta.*3$/ FILTER vmta3: /^X-Vmta.*4$/ FILTER vmta4: /^X-Vmta.*5$/ FILTER vmta5: master.cf: vmta1 unix - - n - - smtp -o smtp_bind_address=x.x.x.x vmta2 unix - - n - - smtp -o smtp_bind_address=y.y.y.y vmta3 unix - - n - - smtp -o smtp_bind_address=z.z.z.z vmta4 unix - - n - - smtp -o smtp_bind_address=w.w.w.w.w vmta5 unix - - n - - smtp -o smtp_bind_address=v.v.v.v My expectation was that the header_check would tag the mails when readding them to the queue and then they would go out the specified transport, but maybe the loop detection in postfix is defeating me? Is it that the requeued emails also pass through the header_checks? I'm fine with stripping off the header during the check to avoid that, but I don't see how to FILTER and IGNORE the same line based on header_checks(5). Ideas? --Ian
Re: server configuration error
K bharathan wrote: but when i do a egrep '(warning|error|fatal|panic):' /var/log/mail | more i don't see any log details related to this client! You seem to be confused. The messages in the egrep command *may not* be directly related to a client. It can be very generalized but very useful in finding a configuration error. One of the warning message to safely ignore are DNS lookups to machines outside of your control.
Re: Sending from multiple IPs, based on a header?
On Wed, Nov 18, 2009 at 12:34 PM, Wietse Venema wie...@porcupine.org wrote: far, but I am getting a mail loops back to myself error. It means that the recipient domain resolves to a local address. Unfortunately you ignored instructions in the mailing list welcome message, and therefore there is no more concrete answer. My apologies, trying again. The recipient domain does not map to this machine, as near as I can tell. This machine hosts mail for users @scribd.com. I am sending mail to i...@ianduggan.net, through this server. I am trying to configure postfix to work as follows: 1) In a header_check, look for a header X-Vmta: n where n is some number. 2) Based on n, choose an outgoing smtp transport (bound to some ip) Basically I want postfix to choose the outgoing IP based on a header that can be placed within the message. I am getting a mail loops back to myself error, however. The log output produced during the send is this: Nov 18 15:19:22 mail01 postfix/cleanup[3242]: D9024B689D2: filter: header X-Vmta: 2 from unknown[192.168.100.114]; from=donotre...@scribd.com to=test.scr...@gmail.com proto=SMTP helo=raptor.local: vmta2: Nov 18 15:19:22 mail01 postfix/smtp[]: D9024B689D2: to=test.scr...@gmail.com, relay=none, delay=0.05, delays=0.05/0/0/0, dsn=5.4.6, status=bounced (mail for mail01.scribd.com loops back to myself) header_checks is here: header_checks: /^X-Vmta.*1$/ FILTER vmta1: /^X-Vmta.*2$/ FILTER vmta2: /^X-Vmta.*3$/ FILTER vmta3: /^X-Vmta.*4$/ FILTER vmta4: /^X-Vmta.*5$/ FILTER vmta5: Postfinger output: [r...@mail01 postfix]# postfinger postfinger - postfix configuration on Wed Nov 18 15:26:55 CST 2009 version: 1.30 Warning: postfinger output may show private configuration information, such as ip addresses and/or domain names which you do not want to show to the public. If this is the case it is your responsibility to modify the output to hide this private information. [Remove this warning with the --nowarn option.] --System Parameters-- mail_version = 2.5.1 hostname = mail01.scribd.com uname = Linux mail01.scribd.com 2.6.18-128.el5 #1 SMP Wed Jan 21 10:41:14 EST 2009 x86_64 x86_64 x86_64 GNU/Linux --Packaging information-- looks like this postfix comes from RPM package: postfix-2.5.1-1.mysql.sasl2.vda.rhel5 --main.cf non-default parameters-- alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases bounce_queue_lifetime = 3d disable_vrfy_command = yes header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix-2.5.1-documentation/html mailbox_size_limit = 10 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 1 milter_default_action = accept mydestination = mail01.scribd.com, localhost, mail01.local, localhost.scribd.com mynetworks = 192.168.0.0/16, 10.0.0.0/8, 127.0.0.0/8, 87.228.12.149 myorigin = scribd.com newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = inet:localhost:10099 readme_directory = /usr/share/doc/postfix-2.5.1-documentation/readme recipient_delimiter = + sendmail_path = /usr/sbin/sendmail.postfix smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_milters = inet:localhost:10099 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, check_policy_service inet:127.0.0.1:6, permit transport_maps = hash:/etc/postfix/transport virtual_alias_domains = scribd.com, ipaper.scribd.com virtual_alias_maps = hash:/etc/postfix/virtual --master.cf-- smtp inet n - n - - smtpd pickupfifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgrunix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounceunix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verifyunix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp fast unix - - n - 50 smtp vmta1 unix - - n - - smtp -o smtp_bind_address=87.228.12.149 vmta2 unix - - n - - smtp -o smtp_bind_address=174.66.250.36 vmta3 unix - - n - - smtp -o
Re: server configuration error
K bharathan: [90.182.112.11] Nov 18 20:06:10 relay1 postfix/smtpd[21876]: NOQUEUE: reject: RCPT from ex.2n.cz[90.182.112.11]: 451 4.3.5 Server configurati Now try: grep 21876 /the/log/file Wietse
Re: Sending from multiple IPs, based on a header?
Ian Duggan: Nov 18 15:19:22 mail01 postfix/smtp[]: D9024B689D2: to=test.scr...@gmail.com, relay=none, delay=0.05, delays=0.05/0/0/0, dsn=5.4.6, status=bounced (mail for mail01.scribd.com loops back to myself) header_checks is here: header_checks: /^X-Vmta.*1$/ FILTER vmta1: /^X-Vmta.*2$/ FILTER vmta2: /^X-Vmta.*3$/ FILTER vmta3: /^X-Vmta.*4$/ FILTER vmta4: /^X-Vmta.*5$/ FILTER vmta5: Could the problem be that FILTER, as documented, expects a destination? FILTER transport:destination Write a content filter request to the queue file, and inspect the next input line. After the complete message is received it will be sent through the specified external content filter. More information about external content filters is in the Post- fix FILTER_README file. The header_checks(5) manpage does not say what happens when the destination is omitted. The access(5) manpage refers to the transports(5) manpage for syntax (the syntax depends on the type of delivery agent). The transports(5) manpage mentions that the destination defaults to the recipient domain. However, the scheduler uses a different default, which appears to be inconsistent. I wonder what would break if this were to be changed. For now, perhaps your header_checks rules can copy the recipient domain to the FILTER command. Wietse
Re: Postfix Multiple IPs
2009/11/18 Dhiraj Chatpar dchat...@gmail.com: Dear Sir, I read your post on the postfix forum. I am a fan of yours after what solutions you gave regarding iptables and rotation of IPs. i tried doing that on my server and still get deferred from yahoo. Is there a way i can rotate my IPs by way of a script or something. Please advice me. Please also mention that iptables method.. will it send each email from the new ip i mention or just rotate the IPs? how does it work? Need your help Rgds Dhiraj The IP tables rules I posted will Source NAT each *new* outbound connection on port 25 to a different IP address. This should make each new connection appear from a different IP address. It works at the TCP level (layer 3) and as such is not aware of the SMTP transaction(s) at Layer 4. If your mail server is configured to deliver multiple messages per SMTP session, then the IP address will not be cycled since they are being delivered in the same single TCP connection. Please do not reply off-list in future. The mailing list exists for a reason.
Postfix Multiple IPs
Phillip Smith put forth on 11/18/2009 4:41 PM: 2009/11/18 Dhiraj Chatpar dchat...@gmail.com: Dear Sir, I read your post on the postfix forum. I am a fan of yours after what solutions you gave regarding iptables and rotation of IPs. i tried doing that on my server and still get deferred from yahoo. Merely rotating connections within the same /24 subnet isn't going to help solve your problem. It may in fact make it worse, as you'll start looking like a snowshoe spammer spreading out his load. Have you by chance followed Yahoo guidelines yet? If not, doing so will likely produce far better results than hacking your postfix server(s): http://help.yahoo.com/l/us/yahoo/mail/postmaster/forms_index.html This assumes you are sending legitimate email, not spam. Fill out their bulk sender forms, set up a feedback loop, follow their guidelines, and you'll likely see your message deferral problem solved. -- Stan
Re: Sending from multiple IPs, based on a header?
On Wed, Nov 18, 2009 at 2:03 PM, Wietse Venema wie...@porcupine.org wrote:
The transports(5) manpage mentions that the destination defaults
to the recipient domain. However, the scheduler uses a different
default, which appears to be inconsistent. I wonder what would
break if this were to be changed.
Yes, this seems to be the issue. I'm depending on, from transport(5):
A non-null transport field with a null nexthop field resets
the nexthop information to the recipient domain.
which doesn't seem to be happening. If you can direct me to the
relevant scheduler code or have a patch I could try, I'd be happy to
test it and see what happens.
For now, perhaps your header_checks rules can copy the recipient
domain to the FILTER command.
Success! Well, more or less. This is working, but I'm not 100%
satisfied with it since the sender has to specify the domain to send
to twice in the email, making sure the X-Vmta header matches the
recipient domain.
/^X-Vmta.*\s*([0-9]+)(\s*(\S*))?/ FILTER vmta${1}:${3}
So:
X-Vmta: 3 gmail.com maps to vmta3:gmail.com
Can anyone think of a way to easily grab the recipient domain from the
To: header line and have it available somehow when writing the FILTER
line? I can't envision a way to pass information between lines like
that.
My preference is to figure out how to get postfix to do what
transport(5) seems to indicate it should, however.
--Ian
Re: Sending from multiple IPs, based on a header?
Ian Duggan:
On Wed, Nov 18, 2009 at 2:03 PM, Wietse Venema wie...@porcupine.org wrote:
The transports(5) manpage mentions that the destination defaults
to the recipient domain. However, the scheduler uses a different
default, which appears to be inconsistent. I wonder what would
break if this were to be changed.
Yes, this seems to be the issue. I'm depending on, from transport(5):
A non-null transport field with a null nexthop field resets
the nexthop information to the recipient domain.
which doesn't seem to be happening. If you can direct me to the
relevant scheduler code or have a patch I could try, I'd be happy to
test it and see what happens.
The Postfix scheduler uses $myhostname as the default for all
imssing destinations. Transport maps are implemented by a different
program, hence the difference in default policies.
Making changes to the scheduler is non-trivial (i.e. it actually
requires more testing than simply it works) and it is not a good
idea to do this at the end of along day.
Apart from that is the question what existing usage patterns would
break if this default behavior were to be changed almost 10 years
after it was introduced. It is not a win if I piss of lots of
others.
For now, perhaps your header_checks rules can copy the recipient
domain to the FILTER command.
Success! Well, more or less. This is working, but I'm not 100%
satisfied with it since the sender has to specify the domain to send
to twice in the email, making sure the X-Vmta header matches the
recipient domain.
/^X-Vmta.*\s*([0-9]+)(\s*(\S*))?/ FILTER vmta${1}:${3}
So:
X-Vmta: 3 gmail.com maps to vmta3:gmail.com
In smtpd_recipient_restrictions you can have an access(5) map
that uses PREPEND.
/@([...@]+)$/ PREPEND X-Vmta: $1
which can be picked up by header_checks, because thuse happen later.
And that is as far as I am willing to reach out at this time.
Can anyone think of a way to easily grab the recipient domain from the
To: header line and have it available somehow when writing the FILTER
line? I can't envision a way to pass information between lines like
that.
As documented there is no way to pass information from one header/body
action to another header/body action.
My preference is to figure out how to get postfix to do what
transport(5) seems to indicate it should, however.
I think this use case is so peripheral to legitimacy that it's not
a priority for me to find out what things will break when this were
to be changed.
I am suspicious when people try to use Postfix to implement
IP-based reputation tricks.
Wietse
Re: How to restrict domain in postfix ?
Noel Jones wrote: On 11/18/2009 2:49 AM, J. Bakshi wrote: Thanks for your hints. I am also searching for a simple solution which just start working from main.cf . I like my postfix to send email to a very specific domain only; just say gmail.com so if you try to send a mail to both gmail.com and yahoo.in then the mail will be successfully sent to gmail account only. Unfortunately nothing of my previous experiments are successful :-( You have not sufficiently defined for us what you want postfix to do. The solution will probably involve more than just setting some flag in main.cf, but we don't really understand the problem yet. You keep getting conflicting answers because everyone is solving a different problem for you. The answers you need are likely listed in the docs http://www.postfix.org/documentation.html and we will happily guide you to the correct section once we have an idea of what you're looking for. How does this mail enter postfix? SMTP? The sendmail(1) command? What should postfix do with mail addressed to the wrong domain? Reject it? Force delivery to the proper domain? Discard it? If you try something and don't get the results you expected, you need to show the configuration you tried, what you expected to happen, and postfix logging of what actually occurred. Reporting it didn't work just wastes time, both ours and yours. Before you answer, please read: http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones Hello Noel, I really don't know why you fell so; but I have come here to solve the issue with the mastery knowledge you all have. And I really have no intension to create any conflict, I have already discussed what I am trying to achieve and here it is once more ` ` ` ` I like my postfix server to send email not to all domains but a very specific domain only; just say gmail.com so if you try to send emails from this very server to both gmail.com and yahoo.in then the mail will be successfully delivered to gmail account only and not to yahoo account. ` ` ` ` I don't know if postfix can do so or not and I like to know it. If postfix can do it then I am also eager to know the configuration. Thanks -- জয়দীপ বক্সী
Re: How to restrict domain in postfix ?
J. Bakshi wrote: Noel Jones wrote: On 11/18/2009 2:49 AM, J. Bakshi wrote: Thanks for your hints. I am also searching for a simple solution which just start working from main.cf . I like my postfix to send email to a very specific domain only; just say gmail.com so if you try to send a mail to both gmail.com and yahoo.in then the mail will be successfully sent to gmail account only. Unfortunately nothing of my previous experiments are successful :-( You have not sufficiently defined for us what you want postfix to do. The solution will probably involve more than just setting some flag in main.cf, but we don't really understand the problem yet. You keep getting conflicting answers because everyone is solving a different problem for you. The answers you need are likely listed in the docs http://www.postfix.org/documentation.html and we will happily guide you to the correct section once we have an idea of what you're looking for. How does this mail enter postfix? SMTP? The sendmail(1) command? What should postfix do with mail addressed to the wrong domain? Reject it? Force delivery to the proper domain? Discard it? If you try something and don't get the results you expected, you need to show the configuration you tried, what you expected to happen, and postfix logging of what actually occurred. Reporting it didn't work just wastes time, both ours and yours. Before you answer, please read: http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones Hello Noel, I really don't know why you fell so; but I have come here to solve the issue with the mastery knowledge you all have. And I really have no intension to create any conflict, I have already discussed what I am trying to achieve and here it is once more ` ` ` ` I like my postfix server to send email not to all domains but a very specific domain only; just say gmail.com so if you try to send emails from this very server to both gmail.com and yahoo.in then the mail will be successfully delivered to gmail account only and not to yahoo account. ` ` ` ` More precisely, if the outgoing mails are not for a specific domain, postfix will block those mails as well as delete it from queue. I don't know if postfix can do so or not and I like to know it. If postfix can do it then I am also eager to know the configuration. Thanks -- জয়দীপ বক্সী
Trying to exclude content_filter for submission users, but its still being applied if message delivered locally
I had a user that has a 3G data dongle and we found that their messages were being discarded. SpamAssassin was identifying the sender IP as from a DUL and assigned a very high score. I realized that I had not set the content-filter to be excluded for submission users, so I went and did that in master.cf: submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o content_filter= At this point, the user could now send mail via submission, but only to EXTERNAL users. Any mail set for local users was still getting tested by amavisd-new and thus SA, and thus getting rejected. Here is the mail.log: Nov 19 12:08:21 extranet postfix/smtpd[27677]: warning: 114.75.3.145: hostname 114.75.3.145.optusnet.com.au verification failed: Name or service not known Nov 19 12:08:21 extranet postfix/smtpd[27677]: connect from unknown[114.75.3.145] Nov 19 12:08:24 extranet postfix/smtpd[27677]: 384BF1E880EA: client=unknown[114.75.3.145], sasl_method=PLAIN, sasl_username=sen...@domain.com Nov 19 12:08:24 extranet postfix/cleanup[27681]: 384BF1E880EA: message-id=981e4e91-c396-412f-8d55-6f93f26a3...@domain.com Nov 19 12:08:25 extranet postfix/qmgr[15871]: 384BF1E880EA: from=sen...@domain.com, size=57892, nrcpt=1 (queue active) Nov 19 12:08:25 extranet postfix-local[27944]: postfix-local: from=sen...@domain.com, to=recipi...@domain.com, dirname=/var/qmail/mailnames Nov 19 12:08:25 extranet postfix-local[27944]: hook_dir = '/usr/local/psa/handlers/before-local' Nov 19 12:08:25 extranet postfix-local[27944]: recipient[3] = 'recipi...@domain.com' Nov 19 12:08:25 extranet postfix-local[27944]: handlers dir = '/usr/local/psa/handlers/before-local/recipient/recipi...@domain.com' Nov 19 01:08:26 extranet postfix/pickup[13775]: 216641E880EF: uid=110 from=sen...@domain.com Nov 19 12:08:26 extranet postfix/cleanup[27681]: 216641E880EF: message-id=981e4e91-c396-412f-8d55-6f93f26a3...@domain.com Nov 19 12:08:26 extranet postfix/pipe[27698]: 384BF1E880EA: to=recipi...@domain.com, relay=plesk_virtual, delay=2, delays=1.8/0/0/0.17, dsn=2.0.0, status=sent (delivered via plesk_virtual service) Nov 19 12:08:26 extranet postfix/qmgr[15871]: 384BF1E880EA: removed Nov 19 12:08:26 extranet postfix/qmgr[15871]: 216641E880EF: from=sen...@domain.com, size=58088, nrcpt=1 (queue active) Nov 19 12:08:29 extranet postfix/smtpd[27719]: CD6EC1E880EA: client=unknown[114.75.3.145] Nov 19 12:08:29 extranet postfix/cleanup[27681]: CD6EC1E880EA: message-id=981e4e91-c396-412f-8d55-6f93f26a3...@domain.com Nov 19 12:08:29 extranet postfix/smtpd[27719]: disconnect from localhost.localdomain[127.0.0.1] Nov 19 12:08:29 extranet postfix/qmgr[15871]: CD6EC1E880EA: from=sen...@domain.com, size=58565, nrcpt=1 (queue active) Nov 19 12:08:29 extranet amavis[26386]: (26386-02) Passed SPAMMY, [114.75.3.145] [114.75.3.145] sen...@domain.com - recipi...@office.p3.com.au, Message-ID: 981e4e91-c396-412f-8d55-6f93f26a3...@domain.com, mail_id: 4NBOTooBA2EW, Hits: 9.651, size: 58074, queued_as: CD6EC1E880EA, 3714 ms Nov 19 12:08:29 extranet postfix/lmtp[27712]: 216641E880EF: to=recipi...@office.p3.com.au, relay=127.0.0.1[127.0.0.1]:10024, delay=3.7, delays=0.01/0/0/3.7, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=26386-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as CD6EC1E880EA) Nov 19 12:08:29 extranet postfix/qmgr[15871]: 216641E880EF: removed It seems that 384BF1E880EA is the message coming in via submission and it is happily accepted without being content-filtered. But then it seems to be run through processes again, obviously following different parameters than the ones I set in submission, as message CD6EC1E880EA is run through SA. Can I how do I stop these local emails sent via submission from getting run through the content-filter? -- Here is some of my non-default config -- master.cf: amavisfeed unix- - n- 2 lmtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n- n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings -o local_header_rewrite_clients= -o smtpd_milters= -o
Re: How to restrict domain in postfix ?
On Thu, 19 Nov 2009, J. Bakshi wrote: Noel Jones wrote: You have not sufficiently defined for us what you want postfix to do. The solution will probably involve more than just setting some flag in main.cf, but we don't really understand the problem yet. You keep getting conflicting answers because everyone is solving a different problem for you. The answers you need are likely listed in the docs http://www.postfix.org/documentation.html and we will happily guide you to the correct section once we have an idea of what you're looking for. How does this mail enter postfix? SMTP? The sendmail(1) command? What should postfix do with mail addressed to the wrong domain? Reject it? Force delivery to the proper domain? Discard it? If you try something and don't get the results you expected, you need to show the configuration you tried, what you expected to happen, and postfix logging of what actually occurred. Reporting it didn't work just wastes time, both ours and yours. Before you answer, please read: http://www.postfix.org/DEBUG_README.html#mail I really don't know why you fell so; but I have come here to solve the issue with the mastery knowledge you all have. And I really have no intension to create any conflict, I have already discussed what I am trying to achieve and here it is once more You have already been directed to relevant sections of the documentation. And you have repeatedly ignored requests for more information. I like my postfix server to send email not to all domains but a very specific domain only; just say gmail.com so if you try to send emails from this very server to both gmail.com and yahoo.in then the mail will be successfully delivered to gmail account only and not to yahoo account. I don't know if postfix can do so or not and I like to know it. If postfix can do it then I am also eager to know the configuration. Postfix can do it; one way is to use transport(5) maps. Untested example: # main.cf transport_maps = cdb:/usr/local/etc/postfix/foo.map # foo.map gmail.com : * error:mail to this destination is prohibited -- Sahil Tandon sa...@tandon.net
Re: server configuration error
On Wed, Nov 18, 2009 at 11:39 PM, Wietse Venema wie...@porcupine.orgwrote: K bharathan: [90.182.112.11] Nov 18 20:06:10 relay1 postfix/smtpd[21876]: NOQUEUE: reject: RCPT from ex.2n.cz[90.182.112.11]: 451 4.3.5 Server configurati Now try: grep 21876 /the/log/file Wietse grep 21876 /var/log/mail: Nov 18 20:05:20 relay1 postfix/smtpd[21876]: disconnect from abhx10.neoplus.adsl.tpnet.pl[83.7.113.10] Nov 18 20:06:10 relay1 postfix/smtpd[21876]: connect from ex.2n.cz [90.182.112.11] Nov 18 20:06:10 relay1 postfix/smtpd[21876]: warning: unknown smtpd restriction: ACCEPT Nov 18 20:06:10 relay1 postfix/smtpd[21876]: NOQUEUE: reject: RCPT from ex.2n.cz[90.182.112.11]: 451 4.3.5 Server configuration error; from= to= dee...@kal.bw proto=ESMTP helo=ex.2n.cz Nov 18 20:06:11 relay1 postfix/smtpd[21876]: disconnect from ex.2n.cz [90.182.112.11] now i understand ; in my check_client_access cidr:/etc/postfix/spam_cidr there was a block of IPs: 90.150.32.0/19REJECT 90.150.64.0/18REJECT 90.150.128.0/17 REJECT 90.151.0.0/16 REJECT 90.152.0.0/13 REJECT 90.160.0.0/11 REJECT which caused this particular client 'access denied' and to give exception to this i made an entry in spam_cidr: 90.182.112.11ACCEPT i think this is what it's complaining [warning: unknown smtpd restriction: ACCEPT] now i've commented out all the ips in the above block and removed this ACCEPT entry; can i give an exception only for this 90.182.112.11 instead of opening all the ip blocks!? thanks for the clue and help
Re: Trying to exclude content_filter for submission users, but its still being applied if message delivered locally
On Nov 19, 2009, at 2:39 PM, Jay wrote: I had a user that has a 3G data dongle and we found that their messages were being discarded. SpamAssassin was identifying the sender IP as from a DUL and assigned a very high score. I realized that I had not set the content-filter to be excluded for submission users, so I went and did that in master.cf: submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o content_filter= At this point, the user could now send mail via submission, but only to EXTERNAL users. Any mail set for local users was still getting tested by amavisd-new and thus SA, and thus getting rejected. Here is the mail.log: Nov 19 12:08:21 extranet postfix/smtpd[27677]: warning: 114.75.3.145: hostname 114.75.3.145.optusnet.com.au verification failed: Name or service not known Nov 19 12:08:21 extranet postfix/smtpd[27677]: connect from unknown[114.75.3.145] Nov 19 12:08:24 extranet postfix/smtpd[27677]: 384BF1E880EA: client=unknown[114.75.3.145], sasl_method=PLAIN, sasl_username=sen...@domain.com Nov 19 12:08:24 extranet postfix/cleanup[27681]: 384BF1E880EA: message-id=981e4e91-c396-412f-8d55-6f93f26a3...@domain.com Nov 19 12:08:25 extranet postfix/qmgr[15871]: 384BF1E880EA: from=sen...@domain.com, size=57892, nrcpt=1 (queue active) Nov 19 12:08:25 extranet postfix-local[27944]: postfix-local: from=sen...@domain.com, to=recipi...@domain.com, dirname=/var/qmail/mailnames Nov 19 12:08:25 extranet postfix-local[27944]: hook_dir = '/usr/local/psa/handlers/before-local' Nov 19 12:08:25 extranet postfix-local[27944]: recipient[3] = 'recipi...@domain.com' Nov 19 12:08:25 extranet postfix-local[27944]: handlers dir = '/usr/local/psa/handlers/before-local/recipient/recipi...@domain.com' Nov 19 01:08:26 extranet postfix/pickup[13775]: 216641E880EF: uid=110 from=sen...@domain.com Nov 19 12:08:26 extranet postfix/cleanup[27681]: 216641E880EF: message-id=981e4e91-c396-412f-8d55-6f93f26a3...@domain.com Nov 19 12:08:26 extranet postfix/pipe[27698]: 384BF1E880EA: to=recipi...@domain.com, relay=plesk_virtual, delay=2, delays=1.8/0/0/0.17, dsn=2.0.0, status=sent (delivered via plesk_virtual service) Nov 19 12:08:26 extranet postfix/qmgr[15871]: 384BF1E880EA: removed Nov 19 12:08:26 extranet postfix/qmgr[15871]: 216641E880EF: from=sen...@domain.com, size=58088, nrcpt=1 (queue active) Nov 19 12:08:29 extranet postfix/smtpd[27719]: CD6EC1E880EA: client=unknown[114.75.3.145] Nov 19 12:08:29 extranet postfix/cleanup[27681]: CD6EC1E880EA: message-id=981e4e91-c396-412f-8d55-6f93f26a3...@domain.com Nov 19 12:08:29 extranet postfix/smtpd[27719]: disconnect from localhost.localdomain[127.0.0.1] Nov 19 12:08:29 extranet postfix/qmgr[15871]: CD6EC1E880EA: from=sen...@domain.com, size=58565, nrcpt=1 (queue active) Nov 19 12:08:29 extranet amavis[26386]: (26386-02) Passed SPAMMY, [114.75.3.145] [114.75.3.145] sen...@domain.com - recipi...@office.p3.com.au, Message-ID: 981e4e91-c396-412f-8d55-6f93f26a3...@domain.com, mail_id: 4NBOTooBA2EW, Hits: 9.651, size: 58074, queued_as: CD6EC1E880EA, 3714 ms Nov 19 12:08:29 extranet postfix/lmtp[27712]: 216641E880EF: to=recipi...@office.p3.com.au, relay=127.0.0.1[127.0.0.1]:10024, delay=3.7, delays=0.01/0/0/3.7, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=26386-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as CD6EC1E880EA) Nov 19 12:08:29 extranet postfix/qmgr[15871]: 216641E880EF: removed It seems that 384BF1E880EA is the message coming in via submission and it is happily accepted without being content-filtered. But then it seems to be run through processes again, obviously following different parameters than the ones I set in submission, as message CD6EC1E880EA is run through SA. Can I how do I stop these local emails sent via submission from getting run through the content-filter? -- Here is some of my non-default config -- master.cf: amavisfeed unix- - n- 2 lmtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n- n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o
Re: How to restrict domain in postfix ?
Sahil Tandon wrote: On Thu, 19 Nov 2009, J. Bakshi wrote: Noel Jones wrote: You have not sufficiently defined for us what you want postfix to do. The solution will probably involve more than just setting some flag in main.cf, but we don't really understand the problem yet. You keep getting conflicting answers because everyone is solving a different problem for you. The answers you need are likely listed in the docs http://www.postfix.org/documentation.html and we will happily guide you to the correct section once we have an idea of what you're looking for. How does this mail enter postfix? SMTP? The sendmail(1) command? What should postfix do with mail addressed to the wrong domain? Reject it? Force delivery to the proper domain? Discard it? If you try something and don't get the results you expected, you need to show the configuration you tried, what you expected to happen, and postfix logging of what actually occurred. Reporting it didn't work just wastes time, both ours and yours. Before you answer, please read: http://www.postfix.org/DEBUG_README.html#mail I really don't know why you fell so; but I have come here to solve the issue with the mastery knowledge you all have. And I really have no intension to create any conflict, I have already discussed what I am trying to achieve and here it is once more You have already been directed to relevant sections of the documentation. And you have repeatedly ignored requests for more information. I like my postfix server to send email not to all domains but a very specific domain only; just say gmail.com so if you try to send emails from this very server to both gmail.com and yahoo.in then the mail will be successfully delivered to gmail account only and not to yahoo account. I don't know if postfix can do so or not and I like to know it. If postfix can do it then I am also eager to know the configuration. Postfix can do it; one way is to use transport(5) maps. Untested example: # main.cf transport_maps = cdb:/usr/local/etc/postfix/foo.map # foo.map gmail.com: *error:mail to this destination is prohibited Hello Sahil, Thanks for your response. I have not ignored any suggestions so far because I have come here to get suggestions. If I was not able to clarify properly then I am sorry but I discussed what I am trying to achieve. I am very grateful to you as your suggestion is working here. Now the postfix reports for non-allowed domain as ` ` ` ` status=bounced (mail to this destination is prohibited) ` ` ` ` Thanks to all of you. -- জয়দীপ বক্সী
Re: server configuration error
On 19.11.2009 06:02, K bharathan wrote: now i understand ; in my check_client_access cidr:/etc/postfix/spam_cidr there was a block of IPs: 90.150.32.0/19 http://90.150.32.0/19REJECT 90.150.64.0/18 http://90.150.64.0/18REJECT 90.150.128.0/17 http://90.150.128.0/17 REJECT 90.151.0.0/16 http://90.151.0.0/16 REJECT 90.152.0.0/13 http://90.152.0.0/13 REJECT 90.160.0.0/11 http://90.160.0.0/11 REJECT which caused this particular client 'access denied' and to give exception to this i made an entry in spam_cidr: 90.182.112.11ACCEPT i think this is what it's complaining [warning: unknown smtpd restriction: ACCEPT] now i've commented out all the ips in the above block and removed this ACCEPT entry; can i give an exception only for this 90.182.112.11 instead of opening all the ip blocks!? Use OK instead of ACCEPT. This is documented in cidr_table(5) and access(5) amoung others: http://www.postfix.org/access.5.html http://www.postfix.org/cidr_table.5.html Postfix has excellent documentation. You might want to have a look: http://www.postfix.org/documentation.html -- Eray
Re: server configuration error
On Thu, Nov 19, 2009 at 8:36 AM, Eray Aslan eray.as...@caf.com.tr wrote: On 19.11.2009 06:02, K bharathan wrote: now i understand ; in my check_client_access cidr:/etc/postfix/spam_cidr there was a block of IPs: 90.150.32.0/19 http://90.150.32.0/19REJECT 90.150.64.0/18 http://90.150.64.0/18REJECT 90.150.128.0/17 http://90.150.128.0/17 REJECT 90.151.0.0/16 http://90.151.0.0/16 REJECT 90.152.0.0/13 http://90.152.0.0/13 REJECT 90.160.0.0/11 http://90.160.0.0/11 REJECT which caused this particular client 'access denied' and to give exception to this i made an entry in spam_cidr: 90.182.112.11ACCEPT i think this is what it's complaining [warning: unknown smtpd restriction: ACCEPT] now i've commented out all the ips in the above block and removed this ACCEPT entry; can i give an exception only for this 90.182.112.11 instead of opening all the ip blocks!? Use OK instead of ACCEPT. This is documented in cidr_table(5) and access(5) amoung others: http://www.postfix.org/access.5.html http://www.postfix.org/cidr_table.5.html Postfix has excellent documentation. You might want to have a look: http://www.postfix.org/documentation.html -- Eray yes i'm learning thanks
Use MX record when sending to $mydomain
Hello, I'm using sendmail to send to someu...@mydomain.com from the machine that is the A DNS of mydomain, but is not the MX one. postfix relays this to 127.0.0.1 and it gets rejected with 450 user unknown. I want it to use the normal rules and deliver it to the MX registered address for mydomain.com, where my pop box is. I looked over the main.cf but nothing jumped out 'fix me here' to solve this. Any hint? Thanks, ~ Remus
