Re: forward problem: mail delivered twice
On Mon, Jan 4, 2010 at 11:26 PM, mouss mo...@ml.netoyen.net wrote: nik600 a écrit : On Mon, Jan 4, 2010 at 12:52 PM, nik600 nik...@gmail.com wrote: Dear all i've installed a postfix server with mysql support. i've also set-up a custom filter script shell that calls spamc and some other custom utils, this script cannot handle multiple recipients, so i've set filter_destination_recipient_limit = 1 The problem that i've experienced is that when i've got an entry like this in the alias table: I've also tried to change master.cf like: smtp inet n - n - - smtpd -o content_filter=filter:dummy -o receive_override_options=no_address_mappings 9009 inet n - n - - smtpd -o content_filter=filter:dummy -o receive_override_options=no_address_mappings This fix the problem for the forward, but stops to apply custom spam settings, infact in that case the filter is called only for forwar...@foo.com and obviosly it doesn't load any custom spam option of i...@foo.com f...@yahoo.it f...@libero.it Is it possible to avoid that? if you want your filter to see rewritten addresses, remove the no_address_mappins option from before-the-filter smtpd listeners and put it in the after-the-filter smtpd listener(s). Sorry I've read the documentation at http://www.postfix.org/FILTER_README.html but i can't figure it out. In my configuration i'm using the Simple content filter configuration, wich call an external script that - at the end of the filter - send the mail using the sendmail command. I don't have any smptd listener after the filter, or have i to create one? You mean that my master.cf must be changed like this? smtp inet n - n - - smtpd -o content_filter=filter:dummy filterunix - n n - 20 pipe flags=Rq user=filter argv=/var/programmi/script/filtra_spamc_1.6 -f ${sender} -- ${recipient} ${sasl_username} smtp inet n - n - - smtpd -o content_filter=filter:dummy -o receive_override_options=no_address_mappings Thanks -- /*/ nik600 http://www.kumbe.it
Re: XCLIENT patch for postfix
jeff geng: Wietse: Please see my reply marked as blue. :) jeff geng 2010/1/5 Wietse Venema wie...@porcupine.org jeff geng: Wietse: Happy new year :) We use niginx's smtp function to redirect mail to postfix server. But in postfix, XCLIENT command can't support the LOGIN paremeter. Severial months ago, I write a patch for postfix-2.5.3. Now nginx official website also supply a patch for this situation as followed: http://www.citrin.ru/nginx:xclient-login-patch. In additional, my patch also support xforward function. We will be very grateful to you if you can accept these patch (nginx official patch or our patch). Of course, you'd better add this function to your new version. After that We can use new version directly, other than patch the original source manually. Can you explain the following: + int got_login =0; ... + got_login = 1; Why is the got_login variable introduced? It is a write-only variable. We introduce got_login is for the same reason as got_helo and got_proto.It means postfix has got login information from client, and postfix should save the username and password from XCLIENT. Your patch is no code that reads the got_login variable. This this is a dead assignment. #ifdef USE_SASL_AUTH if (var_smtpd_sasl_enable) ! if (got_proto == 0) ! smtpd_sasl_auth_reset(state); #endif Why test for the PROTO attribute here? What happens when the client sends LOGIN=username before PROTO=SMTP? As documented XCLIENT does not require that attributes are sent in a specific order. This is my mistake. It should be if (got_login == 0 ar_smtpd_sasl_enable(state)) . It means if postfix can't get login This explains why you had a variable that was written to but that was never read. + UPDATE_STR(state-sasl_username, attr_value); + printable(state-sasl_username, '?'); + UPDATE_STR(state-sasl_method, xclient); Why not use the real authentication mechanism? Otherwise, if XCLIENT pass LOGIN parameter, state-sasl_username and state-sasl_method will be updated, postfix will deem it as an authenticated client. So , if nginx pass through LOGIN parameter, postfix should identify it as a authenticated client, but postix XCLIENT can't support this parameter. XCLIENT can support both the login name and the authentication method name, and therefore nginx should pass both to Postfix. Wietse PS I don't use a web browser to read mail, so there is no need to color your responses.
GUI for maillog
Hi, Any GUI based application to view postfix mail.log file? Thanks and Regards, Kaushal
Re: GUI for maillog
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kaushal Shriyan said the following on 06/01/10 13:40: Any GUI based application to view postfix mail.log file? Maybe rsyslog logging (also) to sql and phpLogCon to view it Ciao, luigi - -- / +--[Luigi Rosa]-- \ I see no good reasons why the views given in this volume should shock the religious sensibilities of anyone. --Charles Darwin, The Origin of Species, 1869 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktEh6gACgkQ3kWu7Tfl6ZS2IACfWTpuGlh3tMmILgkQsxXiwece JRwAnj6H0+fV0hj9+oaWcT9ksSvCRQ9A =/oIB -END PGP SIGNATURE-
Re: GUI for maillog
On Wed, Jan 6, 2010 at 6:10 PM, Kaushal Shriyan kaushalshri...@gmail.com wrote: Hi, Any GUI based application to view postfix mail.log file? On GNOME you have system log viewer http://library.gnome.org/users/gnome-system-log/2.28/
TLS Root Certificate Problem
I am using CACert as my signing authority. I have included their root certificate in my main.cf: smtpd_tls_CAfile = /etc/postfix/ssl/root.crt However, I get this error when it tries to set up a TLS connection: postfix/smtp[5298]: certificate verification failed for xserveoda.aimaudit.com[70.158.194.7]:25: untrusted issuer /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailaddress=supp...@cacert.org What is a little confusing to me, and my be the crux of the problem, is which parameter applies to which server, when. Is this error because something is not right on this server or because something is wrong on the initiating server? Both are using CACert as their signing authority. Thanks. Dennis Putnam Sr. IT Systems Administrator AIM Systems, Inc. 11675 Rainwater Dr., Suite 200 Alpharetta, GA 30009 Phone: 678-240-4112 Main Phone: 678-297-0700 FAX: 678-297-2666 or 770-576-1000 The information contained in this e-mail and any attachments is strictly confidential. If you are not the intended recipient, any use, dissemination, distribution, or duplication of any part of this e-mail or any attachment is prohibited. If you are not the intended recipient, please notify the sender by return e-mail and delete all copies, including the attachments.
Re: TLS Root Certificate Problem
On Wed, Jan 06, 2010 at 10:00:37AM -0500, Dennis Putnam wrote: I am using CACert as my signing authority. I have included their root certificate in my main.cf: smtpd_tls_CAfile = /etc/postfix/ssl/root.crt This is for verifying client certificates when clients connect to your SMTP server. However, I get this error when it tries to set up a TLS connection: postfix/smtp[5298]: certificate verification failed for xserveoda.aimaudit.com[70.158.194.7]:25: untrusted issuer /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailaddress=supp...@cacert.org This is your SMTP client sending to remote servers. Consider adding this certificate to: smtp_tls_CAfile = /some/file/with/all/trusted/ca/certs.pem OR smtp_tls_CApath = /some/directory/with/all/trusted/ca/certs/ In the latter case, you need to run the c_rehash utility from OpenSSL, to re-index the directory when it is updated. Note that c_rehash is not atomic, and may temporarily disrupt verification while it is running, so if you use the secure or verify tls levels, you want to stop your MTA before running c_rehash, or run c_rehash in new directory, and atomically update a symlink to cut-over to the new certificate set. I have as yet been too lazy to contribute a more robust c_rehash to the OpenSSL project. Sorry about that... :-( -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: XCLIENT patch for postfix
Wietse Venema: + UPDATE_STR(state-sasl_username, attr_value); + printable(state-sasl_username, '?'); + UPDATE_STR(state-sasl_method, xclient); Why not use the real authentication mechanism? Otherwise, if XCLIENT pass LOGIN parameter, state-sasl_username and state-sasl_method will be updated, postfix will deem it as an authenticated client. So , if nginx pass through LOGIN parameter, postfix should identify it as a authenticated client, but postix XCLIENT can't support this parameter. XCLIENT can support both the login name and the authentication method name, and therefore nginx should pass both to Postfix. I noticed that the nginx reverse proxy implements TLS, so it makes sense to plan for future XCLIENT extensions that propagate TLS attributes, besides the extension for SASL that you introduced with this thread. This means using something like SASL_USER and SASL_METH for the proposed SASL attributes, and TLS_XXX for future TLS attributes, so that there will be no conflicts between the names. I keep whining about the SASL authentication method, because that information is used by the Postfix permit_sasl_authenticated access control feature. It would therefore be wrong to set this to a fixed value like your patch does. Now that I understand how your patch is supposed to work, I can put something into Postfix, but it would help if we can agree on the attribute names and on the protocol details. I am sure that there are a few gotchas when you poke Postfix SASL attributes without proper initialization and cleanup of the Postfix SASL layer, but that can be fixed by adding a few functions to that SASL layer that handle support for proxied attributes. Wietse
Re: GUI for maillog
On Jan 6, 2010, at 5:40 AM, Kaushal Shriyan wrote: Any GUI based application to view postfix mail.log file? It's not exactly GUI, but logwatch emails me nicely organized reports every morning. No graphs or anything, though... -- Glenn English g...@slsware.com
Re: GUI for maillog
Kaushal Shriyan wrote: Hi, Any GUI based application to view postfix mail.log file? Thanks and Regards, Kaushal It is not a GUI, I like to see colorized logs with multitail and the postfix schema, you can even set your own regex to match and colorize specific log entries. Best regards. -- Jorge Armando Medina Computación Gráfica de México Web: http://www.e-compugraf.com Tel: 55 51 40 72, Ext: 124 Email: jmed...@e-compugraf.com GPG Key: 1024D/28E40632 2007-07-26 GPG Fingerprint: 59E2 0C7C F128 B550 B3A6 D3AF C574 8422 28E4 0632
delays=a/b/c/d in docs
Does anyone know offhand where the logging string delays=a/b/c/d is defined in the documentation? I can't seem to find it. ~Seth
Re: delays=a/b/c/d in docs
On 01/06/2010 05:29 PM Seth Mattinen wrote: Does anyone know offhand where the logging string delays=a/b/c/d is defined in the documentation? I can't seem to find it. see man postconf(5): man 5 postconf | less +/^delay_logging_resolution_limit Regards, Pascal -- The trapper recommends today: defaced.1000...@localdomain.org
Re: delays=a/b/c/d in docs
Seth Mattinen wrote: Does anyone know offhand where the logging string delays=a/b/c/d is defined in the documentation? I can't seem to find it. Nevermind, it's in RELEASE_NOTES. I would humbly suggest putting it in the DEBUG_README as well. ~Seth
postdrop?
Hi, What is the proper command that a client can use to send an email using Postfix? Searching through some old posts, I believe the postdrop command is not intended to be used by client software. Is that correct? I have seen references to sendmail but I am not sure if it refers to a command or another email system.
Re: postdrop?
* Port Able ablep...@yahoo.com: Hi, What is the proper command that a client can use to send an email using Postfix? sendmail -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postdrop?
Port Able: Hi, What is the proper command that a client can use to send an email using Postfix?? Searching through some old posts, I believe the postdrop command is not intended to be used by client software.? Is that correct?? You use the Postfix sendmail command. Wietse
Re: delays=a/b/c/d in docs
Pascal Volk wrote: On 01/06/2010 05:29 PM Seth Mattinen wrote: Does anyone know offhand where the logging string delays=a/b/c/d is defined in the documentation? I can't seem to find it. see man postconf(5): man 5 postconf | less +/^delay_logging_resolution_limit Ah, thanks. Even more useful than what I found in the release notes. It never occurred to me to look in the postconf man page. ~Seth
Re: TLS Root Certificate Problem
Hi Viktor, Thanks, that seems to have worked. Now for the next layer of the onion. Do I just keep appending root certificates to that same file or does each certificate have to be set up separately somehow? On Jan 6, 2010, at 10:09 AM, Victor Duchovni wrote: On Wed, Jan 06, 2010 at 10:00:37AM -0500, Dennis Putnam wrote: I am using CACert as my signing authority. I have included their root certificate in my main.cf: smtpd_tls_CAfile = /etc/postfix/ssl/root.crt This is for verifying client certificates when clients connect to your SMTP server. However, I get this error when it tries to set up a TLS connection: postfix/smtp[5298]: certificate verification failed for xserveoda.aimaudit.com[70.158.194.7]:25: untrusted issuer /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailaddress=supp...@cacert.org This is your SMTP client sending to remote servers. Consider adding this certificate to: smtp_tls_CAfile = /some/file/with/all/trusted/ca/certs.pem OR smtp_tls_CApath = /some/directory/with/all/trusted/ca/certs/ In the latter case, you need to run the c_rehash utility from OpenSSL, to re-index the directory when it is updated. Note that c_rehash is not atomic, and may temporarily disrupt verification while it is running, so if you use the secure or verify tls levels, you want to stop your MTA before running c_rehash, or run c_rehash in new directory, and atomically update a symlink to cut-over to the new certificate set. I have as yet been too lazy to contribute a more robust c_rehash to the OpenSSL project. Sorry about that... :-( -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly. Dennis Putnam Sr. IT Systems Administrator AIM Systems, Inc. 11675 Rainwater Dr., Suite 200 Alpharetta, GA 30009 Phone: 678-240-4112 Main Phone: 678-297-0700 FAX: 678-297-2666 or 770-576-1000 The information contained in this e-mail and any attachments is strictly confidential. If you are not the intended recipient, any use, dissemination, distribution, or duplication of any part of this e-mail or any attachment is prohibited. If you are not the intended recipient, please notify the sender by return e-mail and delete all copies, including the attachments.
Messages stuck in queue forever
Hello: I maintain a database of e-mail messages for my law firm client -- I wrote an application that inserts e-mail messages into a database and then used an alias to pipe e-mail to that application, and the clients e-mail server forwards all mail for certain litigants to that e-mail address. Nominally this works great, but I've noticed an odd issue: some messages get queued and are never released. I'd like to force postfix to redeliver these messages (I've tried postsuper and postsuper -r ALL with no luck) -- does anybody have any pointers? It's 2.4.3 on Mac OS X Server 10.5. Sample mailq entries (one has been stuck since August, the other since Monday: F423E1976D72 444129 Fri Aug 1 15:23:30 MAILER-DAEMON 001F224CE9559*3080 Wed Jan 6 14:51:58 MAILER-DAEMON msgrece...@10.188.237.22 Thanks, Wendy
Re: Messages stuck in queue forever
Wendigo Thompson: Hello: I maintain a database of e-mail messages for my law firm client -- I wrote an application that inserts e-mail messages into a database and then used an alias to pipe e-mail to that application, and the clients e-mail server forwards all mail for certain litigants to that e-mail address. Nominally this works great, but I've noticed an odd issue: some messages get queued and are never released. I'd like to force postfix to redeliver these messages (I've tried postsuper and postsuper -r ALL with no luck) -- does anybody have any pointers? It's 2.4.3 on Mac OS X Server 10.5. Beware, I don't have a Mac, and Apple has made some changes to Postfix so I may have to refer you to the vendor if this does not work out on the mailing list. Sample mailq entries (one has been stuck since August, the other since Monday: F423E1976D72 444129 Fri Aug 1 15:23:30 MAILER-DAEMON This message has no recipients, and should have been removed from the queue long ago. Please report results of the following shell command (as root): find /var/spool/postfix -name F423E1976D72 -ls (instead of /var/spool/postfix, specify the name where Apple stores the Postfix queue. That is the output of the command: postconf queue_directory ) 001F224CE9559*3080 Wed Jan 6 14:51:58 MAILER-DAEMON msgrece...@10.188.237.22 This message is in the active queue. Do you have any qmgr processes running? If not, then nothing will happen with this mail. Apple has added an automatic shutdown feature to Postfix that may get in the way of progress. Do you have any mail logfile information for this message? If there is none, then that is also a problem that needs to be solved before we can find out why these messages are not moving. Wietse
Re: quick query re forwarding local mail to another server
Carl Brewer a écrit : mouss wrote: move all domains from mydestination and virtual_mailbox_domains to relay_domains. To confirm, (there's no relay_domains in my main.cf at the moment) : I have at present : mydestination = $myhostname, localhost.$mydomain, localhost, /etc/postfix/relay_domains.cf I should change that to : relay_domains = /etc/postfix/relay_domains.cf ? yes. that said, you still have $myhostname, ... as for local delivery. it's unclear if you want these to be passed to the remote server. if so, add them to relay_domains (and remove them from mydestination). if there is no MX, you may need to add transport_maps entries and configure the remote system to accept mail for these domains.
Re: XCLIENT patch for postfix
Wietse: If We modify #ifdef USE_SASL_AUTH if (var_smtpd_sasl_enable) if (got_proto == 0) smtpd_sasl_auth_reset(state); #endif to #ifdef USE_SASL_AUTH if (var_smtpd_sasl_enable) if (got_login == 0) smtpd_sasl_auth_reset(state); #endif the got_login will be used.But this is not the key issues. If nginx will support SASL_USER and SASL_METH parameters, it would be best. If you can put something into Postfix for current nginx We will be very grateful to you. Thank you. jeff geng 2010/1/6 Wietse Venema wie...@porcupine.org Wietse Venema: + UPDATE_STR(state-sasl_username, attr_value); + printable(state-sasl_username, '?'); + UPDATE_STR(state-sasl_method, xclient); Why not use the real authentication mechanism? Otherwise, if XCLIENT pass LOGIN parameter, state-sasl_username and state-sasl_method will be updated, postfix will deem it as an authenticated client. So , if nginx pass through LOGIN parameter, postfix should identify it as a authenticated client, but postix XCLIENT can't support this parameter. XCLIENT can support both the login name and the authentication method name, and therefore nginx should pass both to Postfix. I noticed that the nginx reverse proxy implements TLS, so it makes sense to plan for future XCLIENT extensions that propagate TLS attributes, besides the extension for SASL that you introduced with this thread. This means using something like SASL_USER and SASL_METH for the proposed SASL attributes, and TLS_XXX for future TLS attributes, so that there will be no conflicts between the names. I keep whining about the SASL authentication method, because that information is used by the Postfix permit_sasl_authenticated access control feature. It would therefore be wrong to set this to a fixed value like your patch does. Now that I understand how your patch is supposed to work, I can put something into Postfix, but it would help if we can agree on the attribute names and on the protocol details. I am sure that there are a few gotchas when you poke Postfix SASL attributes without proper initialization and cleanup of the Postfix SASL layer, but that can be fixed by adding a few functions to that SASL layer that handle support for proxied attributes. Wietse
Re: XCLIENT patch for postfix
jeff geng: Wietse: If We modify #ifdef USE_SASL_AUTH if (var_smtpd_sasl_enable) if (got_proto == 0) smtpd_sasl_auth_reset(state); #endif to #ifdef USE_SASL_AUTH if (var_smtpd_sasl_enable) if (got_login == 0) smtpd_sasl_auth_reset(state); #endif the got_login will be used.But this is not the key issues. If nginx will support SASL_USER and SASL_METH parameters, it would be best. If you can put something into Postfix for current nginx We will be very grateful to you. Thank you. I'll give it a try. I looked at nginx and I think it does a good job. Wietse jeff geng 2010/1/6 Wietse Venema wie...@porcupine.org Wietse Venema: + UPDATE_STR(state-sasl_username, attr_value); + printable(state-sasl_username, '?'); + UPDATE_STR(state-sasl_method, xclient); Why not use the real authentication mechanism? Otherwise, if XCLIENT pass LOGIN parameter, state-sasl_username and state-sasl_method will be updated, postfix will deem it as an authenticated client. So , if nginx pass through LOGIN parameter, postfix should identify it as a authenticated client, but postix XCLIENT can't support this parameter. XCLIENT can support both the login name and the authentication method name, and therefore nginx should pass both to Postfix. I noticed that the nginx reverse proxy implements TLS, so it makes sense to plan for future XCLIENT extensions that propagate TLS attributes, besides the extension for SASL that you introduced with this thread. This means using something like SASL_USER and SASL_METH for the proposed SASL attributes, and TLS_XXX for future TLS attributes, so that there will be no conflicts between the names. I keep whining about the SASL authentication method, because that information is used by the Postfix permit_sasl_authenticated access control feature. It would therefore be wrong to set this to a fixed value like your patch does. Now that I understand how your patch is supposed to work, I can put something into Postfix, but it would help if we can agree on the attribute names and on the protocol details. I am sure that there are a few gotchas when you poke Postfix SASL attributes without proper initialization and cleanup of the Postfix SASL layer, but that can be fixed by adding a few functions to that SASL layer that handle support for proxied attributes. Wietse
return smtp result based on lookup
I want to deploy a system whereby it will do an SQL lookup and depending on the result will either continue processing the message as per usual or issue a 'temporary' reject (Ie: Over quota message). This is on a relaying/gateway machine so it does not have direct access to the mail queue to do it's own calculation so would need to work it out based on information available from an SQL table.
several question from newbie
Dear All, I just installed postfix and now I have several questions about it: 1. How to make it accessible from outside but not making it as an open relay? 2. Related to question #1, if possible I want to make it serve as main MX, what things should be prepared? What document should I read? where can I get it? I would prefer how to document. Thanks in advance for the help. -- Best regards, -Sobari Tanuwijaya- - Without positive attitudes, the best techniques in the world won't have much impact. (Anonymous)
Re: several question from newbie
On Thu, 2010-01-07 at 13:53 +0700, Tanuwijaya wrote: Dear All, I just installed postfix and now I have several questions about it: 1. How to make it accessible from outside but not making it as an open relay? 2. Related to question #1, if possible I want to make it serve as main MX, what things should be prepared? What document should I read? where can I get it? I would prefer how to document. Thanks in advance for the help. You should look at the standard configurations document Especially the MX server part http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup