Rejecting invalid email addresses with SMTP relay/forward
I have a couple of mail servers that act only as SMTP relay, and SMTP backup servers. How can I reject invalid recipient addresses at these servers? I have investigated the manual on local_recipient_maps, however it appears that this is only useful for email where the machine involved is the final destination. In this case these 2 machines operate in a load-balanced manner, forwarding email onto the final server, or in a few instances acting as an MX20 backup. I can make available to these servers (via SQL replication) a list of 'valid' email addresses from the destination mail server(s), how can the valid/invalid address accept/deny be deployed?
Re: Rejecting invalid email addresses with SMTP relay/forward
On Wed, 2009-12-30 at 22:09 +1300, Michael wrote: I have a couple of mail servers that act only as SMTP relay, and SMTP backup servers. How can I reject invalid recipient addresses at these servers? I have investigated the manual on local_recipient_maps, however it appears that this is only useful for email where the machine involved is the final destination. In this case these 2 machines operate in a load-balanced manner, forwarding email onto the final server, or in a few instances acting as an MX20 backup. I can make available to these servers (via SQL replication) a list of 'valid' email addresses from the destination mail server(s), how can the valid/invalid address accept/deny be deployed? Look for relay_domains and relay_recipient_maps, that will solve your problem. -- Martijn de Munnik mart...@youngguns.nl YoungGuns
Re: Rejecting invalid email addresses with SMTP relay/forward
Quoting Michael p...@nettrust.co.nz: I have a couple of mail servers that act only as SMTP relay, and SMTP backup servers. How can I reject invalid recipient addresses at these servers? I have investigated the manual on local_recipient_maps, however it appears that this is only useful for email where the machine involved is the final destination. In this case these 2 machines operate in a load-balanced manner, forwarding email onto the final server, or in a few instances acting as an MX20 backup. I can make available to these servers (via SQL replication) a list of 'valid' email addresses from the destination mail server(s), how can the valid/invalid address accept/deny be deployed? See address verification (verify) at postfix documentation -- Eero
Re: Transport sintax for 2 backend servers of the same domain
* Luis Conrado Andrade luis.conr...@live.com: Hi, I have this situation 2 postfix accting as a relay for domain.com and 2 internal exchange servers as mailbox server. I have MX records pointing to both postfix servers, so if one is down the message is sent to the other. I want to do the same for internal servers, so I would like to now if it´s possible to set primary and backup internal servers on the transport configuration file Setup an MX interally :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Transport sintax for 2 backend servers of the same domain
* Ralf Hildebrandt ralf.hildebra...@charite.de: * Luis Conrado Andrade luis.conr...@live.com: Hi, I have this situation 2 postfix accting as a relay for domain.com and 2 internal exchange servers as mailbox server. I have MX records pointing to both postfix servers, so if one is down the message is sent to the other. I want to do the same for internal servers, so I would like to now if it´s possible to set primary and backup internal servers on the transport configuration file Setup an MX interally :) MX record... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
RE: Transport sintax for 2 backend servers of the same domain
Hi Ralf, But my server use an DNS server where the MX for domain.com points to them. In the relay_domain, I have domain.com and to send this message I have to use the transport file. How can I set internal MX servers and set postfix to check the domain again? Thanks. Date: Wed, 30 Dec 2009 14:30:42 +0100 From: ralf.hildebra...@charite.de To: postfix-users@postfix.org Subject: Re: Transport sintax for 2 backend servers of the same domain * Luis Conrado Andrade : Hi, I have this situation 2 postfix accting as a relay for domain.com and 2 internal exchange servers as mailbox server. I have MX records pointing to both postfix servers, so if one is down the message is sent to the other. I want to do the same for internal servers, so I would like to now if it´s possible to set primary and backup internal servers on the transport configuration file Setup an MX interally :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de _ Windows 7: agora com conexões automáticas de rede. Conheça. http://www.microsoft.com/brasil/windows7/default.html?WT.mc_id=1539
sender-dependent default_transport using FILTER
I need a sender dependent smtp service for my shared postfix servers This is similar to what was discussed in the thread a month ago http://www.mail-archive.com/postfix-users@postfix.org/msg18419.html This is because some of our clients require a dedicated outgoing IP ( for sender accreditation ) I was thinking of a solution using a FILTER. But unfortunately FILTER does now work without a destination apparently I created a file called senderwise ==senderwise== netcore.co.in FILTER smtp1: ==main.cf== mynetworks=192.168.0.0/16,127.0.0.1 smtpd_sender_restrictions= check_sender_access hash:/etc/postfix/senderwise, permit smtpd_recipient_restrictions = permit_mynetworks, reject relayhost=[192.168.2.105] ==master.cf== smtp1 unix - - n - - smtp -o smtp_bind_address=192.168.50.11 -o smtp_helo_name=client2.netcore.co.in -- But FILTER smtp1: is apparently no a valid format Is there a way out Thanks Ram
RE: Transport sintax for 2 backend servers of the same domain
On Wed, 2009-12-30 at 16:38 +0300, Luis Conrado Andrade wrote: Hi Ralf, But my server use an DNS server where the MX for domain.com points to them. In the relay_domain, I have domain.com and to send this message I have to use the transport file. How can I set internal MX servers and set postfix to check the domain again? Thanks. use in your transport file domain.comsmtp:mailhost.domain.com for mailhost.domain.com , create 2 MX records
Re: Code burn-in: postscreen/verify cache cleanup
On Wed, Dec 30, 2009 at 08:26:45AM +0100, Stefan F??rster wrote: I've noticed a vast deterioration of the databases's performance, though. 20091209 only emitted some timing warnings for updates from time to time (database rotated every Saturday as per your recommendation). With the new code, lookup timing warnings are emitted frequently for approximately 30 minutes after every cache cleanup. Guess I need a better database library. What database type are you using? -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: address rewriting
On Wed, Dec 30, 2009 at 01:58:32AM +0100, Christoph Anton Mitterer wrote: - When validating the recipients, normalisation and all other rewritings (canonical and virtual aliases) are taken into account? Is it here where the probe messages are sent? No probe messages. Don't confuse passive table-based recipient validation with active probe-based recipient verification. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Code burn-in: postscreen/verify cache cleanup
Stefan F?rster: * Ralf Hildebrandt ralf.hildebra...@charite.de: * Wietse Venema wie...@porcupine.org: Dec 29 04:20:17 spike postfix/postscreen[44900]: cache /var/lib/postfix/ps_cache.db full cleanup: retained=134 dropped=19 entries Dec 29 06:19:33 spike postfix/verify[46072]: cache /var/lib/postfix/verify.db full cleanup: retained=1726 dropped=28 entries The initial cleanup: Dec 29 10:16:35 mail postfix/postscreen[12078]: cache /var/lib/postfix/ps_cache.db full cleanup: retained=8460 dropped=274056 entries Dec 29 10:17:13 mail postfix/verify[12105]: cache /var/lib/postfix/verify.db full cleanup: retained=109892 dropped=648105 entries Not using verify here, for postscreen, the number of entries retained settled itself between 2500 and 2900, the number of dropped entries varies around 300 and 500. I've noticed a vast deterioration of the databases's performance, though. 20091209 only emitted some timing warnings for updates from time to time (database rotated every Saturday as per your recommendation). With the new code, lookup timing warnings are emitted frequently for approximately 30 minutes after every cache cleanup. Guess I need a better database library. As is to be expected, cache cleanup increases disk activity and reduces the time that postscreen has available for SMTP client requests. My theory is that postscreen falls behind, and that it catches up after the cache cleanup completes. As postscreen catches up, the mail system load slowly returns to normal and the update warnings slowly go away. Why does this take 30 minutes? Perhaps most SMTP clients have 30min retry timers. To reduce the performance impact from cache cleanup I could implement a lower-priority scheduling mechanism in the Postfix event manager. However, if cache cleanup takes too long then the database will keep growing forever. Systems that run close to the capacity limit probably should not expire caches but simply rotate them. I already have a version of Postfix that allows you to turn off cache cleanup. Wietse
Re: Code burn-in: postscreen/verify cache cleanup
* Victor Duchovni victor.ducho...@morganstanley.com: On Wed, Dec 30, 2009 at 08:26:45AM +0100, Stefan F??rster wrote: I've noticed a vast deterioration of the databases's performance, though. 20091209 only emitted some timing warnings for updates from time to time (database rotated every Saturday as per your recommendation). With the new code, lookup timing warnings are emitted frequently for approximately 30 minutes after every cache cleanup. Guess I need a better database library. What database type are you using? Berkeley DB 4.6.21-11 from libdb4.6_4.6.21-11_amd64.deb. Stefan
How to ensure that either FROM or TO is local
Hi,
I'm trying to install a postfix server and everything seemed to work ok.
Until I tried to mail from a remote domain to a remote domain, but
from 'telnet localhost 25'
I understand (suspect) this works because 127.0.0.0/8 is in mynetworks.
How do I ensure that my mail server can only send mails either to or
from mydomains?
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_transport = zarafa
mydestination = mydomainformail.org, mailserver.mydomainformail.org
mydomain = mydomainformail.org
myhostname = mailserver.mydomainformail.org
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = Infracom Mail Server
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf
Thanks in advance.
Regards,
Serge Fonville
--
http://www.sergefonville.nl
Convince Google!!
They need to support Adsense over SSL
https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528
http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Email service providers
I am currently consulting for a small retailer. They have been using an online email service provider for the past few years to blast personalized emails to their customers (opt-in, and 100-200 thousand emails at a time). They have asked me to see if we can install an email server in house to accomplish the same thing and eliminate the monthly costs. I am fairly familiar with Linux/Unix and with databases (mysql and postgresql). I have not done anything with Sendmail or Postfix but feel comfortable following the documentation. I have also ordered the two books that I could find on Postfix. My questions are: has anyone used Postfix for this purpose? Do the online ESP's develop their own email servers? Do any of them use Sendmail, Postfix or qmail? Thanks in advance for any information or links.
Re: How to ensure that either FROM or TO is local
On 12/30/2009 11:21 AM, Serge Fonville wrote: Hi, I'm trying to install a postfix server and everything seemed to work ok. Until I tried to mail from a remote domain to a remote domain, but from 'telnet localhost 25' I understand (suspect) this works because 127.0.0.0/8 is in mynetworks. How do I ensure that my mail server can only send mails either to or from mydomains? Postfix, by default, only queues mail that is destined for that system (mydestination or virtual settings), included in mynetworks, or listed in relay_domains This only changes if *you* tell Postfix not to. The config below does not follow this. There are open relay test websites you can verify this at. postconf -n smtpd_banner = Infracom Mail Server Don't change this unless you have a really good reason. Some functionality can be lost by those connecting to you and the current line breaks the SMTP standard. smtpd_use_tls = yes This is deprecated. Newer versions of Postfix should use smtpd_tls_security_level = may
Re: Email service providers
On 12/30/2009 1:43 PM, Port Able wrote: I am currently consulting for a small retailer. They have been using an online email service provider for the past few years to blast personalized emails to their customers (opt-in, and 100-200 thousand emails at a time). They have asked me to see if we can install an email server in house to accomplish the same thing and eliminate the monthly costs. I am fairly familiar with Linux/Unix and with databases (mysql and postgresql). I have not done anything with Sendmail or Postfix but feel comfortable following the documentation. I have also ordered the two books that I could find on Postfix. My questions are: has anyone used Postfix for this purpose? Do the online ESP's develop their own email servers? Do any of them use Sendmail, Postfix or qmail? Thanks in advance for any information or links. Port, I would suggest checking into MailMan or other mail 'list' software. -Matt
Re: Transport sintax for 2 backend servers of the same domain
On Wed, Dec 30, 2009 at 07:42:28PM +0530, ram wrote: use in your transport file domain.comsmtp:mailhost.domain.com for mailhost.domain.com , create 2 MX records At that rate the OP could simply use an alternate DNS view, set the MX for the parent domain as needed, and skip the transport_maps. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: Email service providers
On Wed, Dec 30, 2009 at 1:43 PM, Port Able ablep...@yahoo.com wrote: I am currently consulting for a small retailer. They have been using an online email service provider for the past few years to blast personalized emails to their customers (opt-in, and 100-200 thousand emails at a time). They have asked me to see if we can install an email server in house to accomplish the same thing and eliminate the monthly costs. I am fairly familiar with Linux/Unix and with databases (mysql and postgresql). I have not done anything with Sendmail or Postfix but feel comfortable following the documentation. I have also ordered the two books that I could find on Postfix. My questions are: has anyone used Postfix for this purpose? Do the online ESP's develop their own email servers? Do any of them use Sendmail, Postfix or qmail? Thanks in advance for any information or links. I've not used mailmain or ezmlm for this purpose, but so called mailing list software that's available as open source is often meant to be used for having discussions with numerous people through email. Using systems like that as a bulk mailer is generally a really bad idea and requires a lot of intricate configuration to ensure no one can reply to the whole list, etc... To accomplish this in my company, I setup postfix as the mail relay server, and use GroupMail 5 (http://www.group-mail.com/asp/common/default.asp) [1] as the sending client. Groupmail manages the lists and provides a nice Windows front-end for whoever is doing the sending. GroupMail isn't free, but we've been using the Personal Edition and it has enough features to meet our needs. One of the biggest issues you're going to run into is that your IPs might get labeled as a spammer, even though this is opt-in. Dealing with that can be a big headache and is generally what you pay the monthly fee for. Sending legitimate bulk email is not a simple matter of hitting Send -- you also need to deal with the multiple issues that come up when doing it. This is the value that the other company brings to the table. [1] I have no affiliation with GroupMail 5.
Re: Email service providers
Port Able put forth on 12/30/2009 12:43 PM: I am currently consulting for a small retailer. They have been using an online email service provider for the past few years to blast personalized emails to their customers (opt-in, and 100-200 thousand emails at a time). They have asked me to see if we can install an email server in house to accomplish the same thing and eliminate the monthly costs. I am fairly familiar with Linux/Unix and with databases (mysql and postgresql). I have not done anything with Sendmail or Postfix but feel comfortable following the documentation. I have also ordered the two books that I could find on Postfix. My questions are: has anyone used Postfix for this purpose? Do the online ESP's develop their own email servers? Do any of them use Sendmail, Postfix or qmail? You really should ask this question on spam-l. There is an ESP discussion currently taking place. Would be perfect timing. Far more important that the software platform you choose to do this is your deliverability. Good ESPs know how to keep their customers mailings from hitting DNSBLs and other black lists. The last thing you want to do is set this thing up, and on the first run get your IP address blacklisted by Spamhaus. http://spam-l.com/mailman/listinfo/spam-l 100K to 200K bulk mailings are not for amateurs. One question: are they not happy with the level of service their current ESP is providing, or are they merely trying to cut costs? -- Stan
Re: Email service providers
+-- | On 2009-12-30 10:43:48, Port Able wrote: | | I am currently consulting for a small retailer. They have been using | an online email service provider for the past few years to blast | personalized emails to their customers (opt-in, and 100-200 thousand | emails at a time). They have asked me to see if we can install an | email server in house to accomplish the same thing and eliminate the | monthly costs. I am fairly familiar with Linux/Unix and with databases | (mysql and postgresql). I have not done anything with Sendmail or | Postfix but feel comfortable following the documentation. I have also | ordered the two books that I could find on Postfix. | | My questions | are: has anyone used Postfix for this purpose? Do the online ESP's | develop their own email servers? Do any of them use Sendmail, | Postfix or qmail? I work for an ESP who provides email forwarding, storage, and as a seperate service, email marketing and mailing lists. We use Postfix; as other commenters have said, it's a (very good) delivery mechanism. But: It doesn't generate messages, just ensures they get where they're going. Working with Postfix as a delivery platform is very pleasant. It's easy to configure, extremely stable, well-documented, the code is super clean, and wrapping your application around it is quite easy. Our mailing list software is developed in-house. We used to use mailman (almost a decade ago?), but it's very limited for email marketing purposes. Some general suggestions: Keep your streams clear: Never mix IPs sending misc non-bulk mail with IPs sending bulk mail. This does not mean snowshoe, but you don't want your CEO's mail getting bounced to his best buddy at gmail because gmail now hates your marketing dept. PTRs are important. Sign up for every FBL you can. Track bounces. Never resub someone who has unsubscribed from your lists. SPF and DKIM matter to varying degrees. Some MXes you deliver to will want to be coddled (specific delivery settings). IP reputation is key. You have to grow it. Blasting Yahoo with 200k messages in 5 minutes is going to cause headaches for everyone involved. If you end up on a blacklist, treat the operators with respect. Giving them crap is not going to help anyone. Engaging in scummy behavior for a short-term win is going to screw you long-term. Your marketing dept may not understand that; you'll have to stand firm with them. Do no let them buy email address lists. Delivering email, especially for marketing purposes, is very complex. If it isn't your core competency I would suggest outsourcing it to a dedicated ESP. -- bda cyberpunk is dead. long live cyberpunk.
Re: Email service providers
On 12/30/09 8:49 PM, Brian Evans - Postfix List wrote: On 12/30/2009 1:43 PM, Port Able wrote: I am currently consulting for a small retailer. They have been using an online email service provider for the past few years to blast personalized emails to their customers (opt-in, and 100-200 thousand emails at a time). They have asked me to see if we can install an email server in house to accomplish the same thing and eliminate the monthly costs. I am fairly familiar with Linux/Unix and with databases (mysql and postgresql). I have not done anything with Sendmail or Postfix but feel comfortable following the documentation. I have also ordered the two books that I could find on Postfix. My questions are: has anyone used Postfix for this purpose? Do the online ESP's develop their own email servers? Do any of them use Sendmail, Postfix or qmail? Postfix does not create any messages (minus administrative notices). It is simply the delivery vehicle. Software such as mailman or ezmlm is more suited to mailing lists. All such software can use Postfix to do the delivery. Well. usually people use sql+php style software for generating this kind of spam messages ;) -- Eero
Re: How to ensure that either FROM or TO is local
Thx for the reply. postconf -n smtpd_banner = Infracom Mail Server Don't change this unless you have a really good reason. Some functionality can be lost by those connecting to you and the current line breaks the SMTP standard. Ok, thx I'll revert this to the default then ;-) There are open relay test websites you can verify this at. The mail server isn't public currently, but thx for the reminder :-) Postfix, by default, only queues mail that is destined for that system (mydestination or virtual settings), included in mynetworks, or listed in relay_domains This only changes if *you* tell Postfix not to. The config below does not show any such weakness. Hmmm, so basically there is no way to enforce that mail sent through the mail server will always be either from or to one of my domains :-( Not really what I was hoping for, but thx for clarifying this Brian! Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: In-queue rejections
Geert Hendrickx wrote: On Tue, Dec 29, 2009 at 04:07:01PM -0800, Daniel L. Miller wrote: My understanding is a MUA (for convenience, call it Thunderbird) will talk to a local MTA (Postfix, of course!) to send mail. After authentication and any other local checks, the local MTA accepts responsibility for the message - the MUA disconnects. The local MTA then attempts to send the message to the remote MTA. If successful...unless there's something else I don't know about, nothing further happens between the local MTA and MUA. If unsuccessful, and idiot OP's like me don't have soft_bounce enabled, the MTA will generate a bounce message and send it to the sender's address, and cancel the send. Then do the recipient domain validity check *before* accepting and queuing the message: put reject_unknown_recipient_domain in your smtpd_recipient_restrictions. This will make Postfix respond with: 450 4.1.2 x...@y.z: Recipient address rejected: Domain not found You know, it's not fair to give me an answer that not only answers my question - but eliminates the need for a complicated new project just by proper configuration! Geez! Hmm...can I extend this and use reject_unverified_recipient? Or will this cause problems? -- Daniel5276
Re: Email service providers
--- On Wed, 12/30/09, Eero Volotinen eero.voloti...@iki.fi wrote: Software such as mailman or ezmlm is more suited to mailing lists. All such software can use Postfix to do the delivery. Well. usually people use sql+php style software for generating this kind of spam messages ;) -- Eero That is a good point. Mailman and ezmlm are not suitable for the scenario we imagine. The primary reason for us is that, membership is not going to be fixed but dynamic, i.e., not everyone will receive an email each time.
Re: Email service providers
--- On Wed, 12/30/09, Stan Hoeppner s...@hardwarefreak.com wrote: You really should ask this question on spam-l. There is an ESP discussion currently taking place. Would be perfect timing. Far more important that the software platform you choose to do this is your deliverability. Good ESPs know how to keep their customers mailings from hitting DNSBLs and other black lists. The last thing you want to do is set this thing up, and on the first run get your IP address blacklisted by Spamhaus. http://spam-l.com/mailman/listinfo/spam-l 100K to 200K bulk mailings are not for amateurs. One question: are they not happy with the level of service their current ESP is providing, or are they merely trying to cut costs? -- Stan Thanks for the link! I will check it out. To answer your question: it is a combination of both: they would like better integration with their CRM system, and the cost is really a reflection of the poor quality of service they are receiving.
Re: Email service providers
--- On Wed, 12/30/09, Bryan Allen b...@mirrorshades.net wrote: [a lot of useful points] -- bda cyberpunk is dead. long live cyberpunk. This is very helpful information - thanks a bunch! This gives me the confidence to go ahead to build a test environment based on Postfix.
Re: In-queue rejections
On 12/30/2009 3:19 PM, Daniel L. Miller wrote: Geert Hendrickx wrote: Then do the recipient domain validity check *before* accepting and queuing the message: put reject_unknown_recipient_domain in your smtpd_recipient_restrictions. This will make Postfix respond with: 450 4.1.2 x...@y.z: Recipient address rejected: Domain not found You know, it's not fair to give me an answer that not only answers my question - but eliminates the need for a complicated new project just by proper configuration! Geez! Hmm...can I extend this and use reject_unverified_recipient? Or will this cause problems? It is not recommended to use reject_unverified_recipient for domains you are not responsible for. Reason: some people may take offense at your server checking addresses and put you on a personal blacklist. Also, the solution above is subject to transient DNS errors. Make sure your DNS source is rock solid.
Re: Email service providers
Bryan Allen wrote: +-- | On 2009-12-30 10:43:48, Port Able wrote: | | I am currently consulting for a small retailer. They have been using | an online email service provider for the past few years to blast | personalized emails to their customers (opt-in, and 100-200 thousand | emails at a time). They have asked me to see if we can install an | email server in house to accomplish the same thing and eliminate the | monthly costs. I am fairly familiar with Linux/Unix and with databases | (mysql and postgresql). I have not done anything with Sendmail or | Postfix but feel comfortable following the documentation. I have also | ordered the two books that I could find on Postfix. | | My questions | are: has anyone used Postfix for this purpose? Do the online ESP's | develop their own email servers? Do any of them use Sendmail, | Postfix or qmail? You can try PHPLIST a newsletter manager: http://www.phplist.com/ I work for an ESP who provides email forwarding, storage, and as a seperate service, email marketing and mailing lists. We use Postfix; as other commenters have said, it's a (very good) delivery mechanism. But: It doesn't generate messages, just ensures they get where they're going. Working with Postfix as a delivery platform is very pleasant. It's easy to configure, extremely stable, well-documented, the code is super clean, and wrapping your application around it is quite easy. Our mailing list software is developed in-house. We used to use mailman (almost a decade ago?), but it's very limited for email marketing purposes. Some general suggestions: Keep your streams clear: Never mix IPs sending misc non-bulk mail with IPs sending bulk mail. This does not mean snowshoe, but you don't want your CEO's mail getting bounced to his best buddy at gmail because gmail now hates your marketing dept. PTRs are important. Sign up for every FBL you can. Track bounces. Never resub someone who has unsubscribed from your lists. SPF and DKIM matter to varying degrees. Some MXes you deliver to will want to be coddled (specific delivery settings). IP reputation is key. You have to grow it. Blasting Yahoo with 200k messages in 5 minutes is going to cause headaches for everyone involved. If you end up on a blacklist, treat the operators with respect. Giving them crap is not going to help anyone. Engaging in scummy behavior for a short-term win is going to screw you long-term. Your marketing dept may not understand that; you'll have to stand firm with them. Do no let them buy email address lists. Delivering email, especially for marketing purposes, is very complex. If it isn't your core competency I would suggest outsourcing it to a dedicated ESP. -- Jorge Armando Medina Computación Gráfica de México Web: http://www.e-compugraf.com Tel: 55 51 40 72, Ext: 124 Email: jmed...@e-compugraf.com GPG Key: 1024D/28E40632 2007-07-26 GPG Fingerprint: 59E2 0C7C F128 B550 B3A6 D3AF C574 8422 28E4 0632
virtual_alias_domains vs. virtual_mailbox_domains
Hi. When havin a domain that hast just aliases on no real maliboxes, on could either use virtual_alias_domains or virtual_mailbox_domains and in the later case simply not creating any mailboxes but just configuring addresses in virtual_alias_maps. Is there any performance benfit or something like this when using virtual_alias_domains? Thanks, Philippe.
Re: virtual_alias_domains vs. virtual_mailbox_domains
On Wed, Dec 30, 2009 at 11:49:24PM +0100, Philippe Cerfon wrote: When havin a domain that hast just aliases on no real maliboxes, on could either use virtual_alias_domains or virtual_mailbox_domains and in the later case simply not creating any mailboxes but just configuring addresses in virtual_alias_maps. Is there any performance benfit or something like this when using virtual_alias_domains? Use the right tool for the job. No possible performance improvement is worth the configuration confusion. No, there is no performance advantage, more likely a negligible loss, but this is not the main reason to choose the right answer. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Code burn-in: postscreen/verify cache cleanup
* Victor Duchovni victor.ducho...@morganstanley.com: On Wed, Dec 30, 2009 at 05:08:23PM +0100, Stefan F??rster wrote: What database type are you using? Berkeley DB 4.6.21-11 from libdb4.6_4.6.21-11_amd64.deb. That's software package not database type. Is it hash or btree? $ postconf postscreen_cache_map postscreen_cache_map = btree:$data_directory/ps_cache Stefan
Re: Code burn-in: postscreen/verify cache cleanup
As a side note: * Stefan F??rster cite+postfix-us...@incertum.net: I took care of that problem - permanently. I understand that an UTF-8 encoded realname might pose serious problems to some MUAs and I don't want to cause any, erm, inconveniences. Stefan
Re: Code burn-in: postscreen/verify cache cleanup
* Wietse Venema wie...@porcupine.org: Systems that run close to the capacity limit probably should not expire caches but simply rotate them. I already have a version of Postfix that allows you to turn off cache cleanup. I deployed 20091230-nonprod before I went to town this evening and until now, there is not a single warning emitted by postscreen in my logs, although the server has been handling about twice the mail volume and about three times as many connections during this time period as in the previous days. I really don't know why. Sorry. As for the Debian packaging, I sorted out the problem with dynamic map loading, replaced a few instances of $config_directory/postfix-script in conf/postfix-script to use $daemon_directory/postfix-script instead, added the creation of a symlink to the main dynamicmaps.cf file when creating a new instance in conf/postmulti-script, made the chroot preparation in Debian's init.d script aware of multiple instances and modified the packaging scripts so that a purge operation will now remove config and queue directories of all instances. Before bothering the Debian developer, I'd need a few people willing to test those changes - please contact me off-list. Stefan
postscreen: refresh of stored entries?
from /var/log/mail.log: Dec 31 01:49:47 nemea postfix/postscreen[2994]: PASS OLD 168.100.1.4 # postmap -q 168.100.1.4 btree:/var/lib/postfix/ps_cache 1262188493 # date --date Dec 31 01:49:47 +%s 1262220587 # echo $(((1262220587-1262188493)/3600)) 8 If a client that has passed postscreen in the past connects again, should the timestamp stored in $postscreen_cache_map be updated? For legitimate clients, this would avoid a delay and/or DNS lookups every $postscreen_cache_retention_time. OTOH, if a non-legitimate client somehow gets to use the IP address of a sender previously added to the database, we lose our first line of defense. Small gain, big potential risk? Stefan^:wq
Re: postscreen: refresh of stored entries?
Stefan Foerster: from /var/log/mail.log: Dec 31 01:49:47 nemea postfix/postscreen[2994]: PASS OLD 168.100.1.4 # postmap -q 168.100.1.4 btree:/var/lib/postfix/ps_cache 1262188493 # date --date Dec 31 01:49:47 +%s 1262220587 # echo $(((1262220587-1262188493)/3600)) 8 If a client that has passed postscreen in the past connects again, should the timestamp stored in $postscreen_cache_map be updated? Currently the time stamp says when the IP address passed the tests. If the time stamp is updated without passing a test, then I don't understand what the time stamp means: something passed a test, maybe weeks or perhaps months ago? I also don't understand what the problem is with repeating a test once after 24 hours. Wietse For legitimate clients, this would avoid a delay and/or DNS lookups every $postscreen_cache_retention_time. OTOH, if a non-legitimate client somehow gets to use the IP address of a sender previously added to the database, we lose our first line of defense. Small gain, big potential risk? Stefan^:wq
Re: sender-dependent default_transport using FILTER
ram: I need a sender dependent smtp service for my shared postfix servers This is similar to what was discussed in the thread a month ago http://www.mail-archive.com/postfix-users@postfix.org/msg18419.html This is because some of our clients require a dedicated outgoing IP ( for sender accreditation ) I was thinking of a solution using a FILTER. But unfortunately FILTER does now work without a destination apparently Maybe you can explain the problem, instead of the solution. Wietse
Re: sender-dependent default_transport using FILTER
On Wed, 2009-12-30 at 20:43 -0500, Wietse Venema wrote: ram: I need a sender dependent smtp service for my shared postfix servers This is similar to what was discussed in the thread a month ago http://www.mail-archive.com/postfix-users@postfix.org/msg18419.html This is because some of our clients require a dedicated outgoing IP ( for sender accreditation ) I was thinking of a solution using a FILTER. But unfortunately FILTER does now work without a destination apparently Maybe you can explain the problem, instead of the solution. The requirement is that the outgoing mail for every sender-domain should be using different bind-ips dedicated to sender domain If I clone smtp service in master.cf to smtp1 with -o smtp_bind_address=XX and use a FILTER senderdomain1.comFILTER smtp1 that doesnt work. Thanks Ram
About reject_authenticated_sender_login_mismatch
Hi All. I want to restrict the smtpd with reject_authenticated_sender_login_mismatch when the sasl login name and the sender mismatch. So I need to set a lookup tables for the smtpd_sender_login_maps. But I only want to check if the login name and the user that the first part of the sender(u...@domain) is the same. For example,I allow the user who's id is uid to send the mail from u...@domain. Can I set a simple lookup tables or other way to implement it? Thanks and happy new year. Jeff
Re: How to ensure that either FROM or TO is local
I was wondering... smtpd_banner = Infracom Mail Server Don't change this unless you have a really good reason. Some functionality can be lost by those connecting to you and the current line breaks the SMTP standard. Ok, thx I'll revert this to the default then ;-) There are open relay test websites you can verify this at. The mail server isn't public currently, but thx for the reminder :-) Postfix, by default, only queues mail that is destined for that system (mydestination or virtual settings), included in mynetworks, or listed in relay_domains This only changes if *you* tell Postfix not to. The config below does not show any such weakness. Hmmm, so basically there is no way to enforce that mail sent through the mail server will always be either from or to one of my domains :-( Would it be possible to use sender verification to match negatively? That way I could run two instances of postfix and have one check sender and the other recipient If it comes from the internal interface at lease sender should be local if it comes from the external interface at least recipient should be local Not sure if this is possible, but it would definitely solve it, at least I think Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
virtual domains for wildcard MX records?
Forgive me if this is a FAQ, but I've looked all over and I don't see it addressed. I have a wildcard MX record for *.example.com which points to mail.example.com. I know how to configure postfix to accept individual virtual domains such as host1.example.com, but how can I set it up to handle any domains which match the wildcard MX record? e.g.: b...@host1.example.com b...@host2.example.com b...@gibberish.example.com ... should all map to b...@mail.example.com. I'm only concerned about the user bob if that matters. I won't know in advance all the hosts in example.com, so I can't add them one at a time. Any ideas? Bob
