Re: ATRN reloaded
Should ODMR support be in the primary MTA queue? Or should mail for ODMR destinations be batched up onto disk out of the MTA's queue, and served by dedicated servers as in: http://www.plonk.de/sw/odmr/ odmr is mail relaying. if one chooses this solution then one probably wants to do the same thing for any type of relaying. It is far from clear that one wants to gum-up the active and deferred queues of a real MTA with ODMR mail. If we can deliver envelope + message to suitable stable storage, and use a standalone ODMR server to make said storage available to ODMR clients, that is likely a better solution and is much less intrusive. You just a need a delivery agent that records the envelope in detail and delivers to a maildir or similar associated with the owner of the domain. Then a non-Postfix server that supports retrieval. No pointless retries or gumming up the deferred/active queue unless the user connects, though your probably need a daily scan to bounce over-age messages. What you describe sounds like day-by-day mail relaying, practically for me there's no ODMR mail, just mail waiting to be relayed. Maybe I'm wrong and ODMR must be seen as delivery or something else since it must be hooked up everywhere in the process, it seems. The only difference is how the relaying process is finalized. Normal smtp, etrn or atrn. So i think that no matter what the transport is, the queueing rules should be the same for every email that needs to be relayed. The pointless retries or gumming up the deferred/active queue may also refer to mail waiting to be relayed in a normal fashion (e.g. smtp/lmtp transport) but with destination being down. I mean, we will succeed to gumup the queue no matter what transport. Thats one point I can't agree with for having the atrn totally decoupled from postfix queue and related configurations. And there are at least 2 kilotons of logic in postfix that can and should be reused . So i wont duplicate authentication, queueing and other pieces of code. When i was thinking exporting more functionality via a library - `that can be made in a very spartan way, e.g. smtpd.c: EXT_SMTPD_LIB int etrn_cmd(...) user_compiletime_config.h: #define EXPORT_SMTPD_LIB 1 build_exports.h #ifndef EXPORT_SMTPD_LIB #define EXT_SMTPD_LIB static #endif and have in fact no library/extraheaders built, the developer can use directly the .o via externs, its not very hard to build your own stuff in a postfix source tree instead of using a well defined exported api. no bells and whistles. by default no exports, if enduser knows what he wants he defines his exports (SMTPD_LIB,SMTPD_SASL_LIB) at compiletime. i can't tell what security considerations must be applied when doing this but I understand it's complicated, it may break things and in the end its work with possible no payback in time. i'm not thinking only atrnd, but other services that can successfully reuse pieces of code. as a normal postfix user i vote for this and against patching smtpd, assuming more extensions needing to be added in the future. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note. -- adrian ilarion ciobanu adria...@ciobanu.name http://pub.mud.ro/~cia +40 788 319 497
Filter on recipient and subject
Hi all, postfix-2.3.3-2.1.el5_2 If the subject does not match match /*.ABC.*/ and the recipient is f...@example.com I want this email to be discarded. This is not for spam detection it's simply an organisational requirement. Does anyone have a method to achieve this ? Many thanks Nick. Postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES relayhost = myrelayhost sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual __ Information from ESET NOD32 Antivirus, version of virus signature database 4813 (20100128) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
RE: OT: The Book of Postfix
My personal goal is to finish editing within the next 4 weeks. Add some delay due to 'reality meets patricks schedule'. We'll start an iterative review process with the publisher next week. I don't know how quick they are, but midth of 2010 seems feasible to me. p...@rick Excellent news! thanks for your answer. I hope to be able to buy it in pdf format from the publisher's site. Cuidar la naturaleza es vivir mejor... hag?moslo juntos. Imprime s?lo lo necesario. La informaci?n transmitida en este mensaje est? destinada ?nicamente a la persona o entidad a la cual el mismo est? dirigido, y puede contener material confidencial, reservado o sujeto al secreto profesional. Cualquier revisi?n, retransmisi?n, divulgaci?n u otro uso de la misma, o la realizaci?n de cualquier acci?n basada en ella por personas o entidades distintas de la indicada, no est? permitida. Si usted ha recibido este mensaje por error, tenga la amabilidad de destruirlo, sin copiarlo ni divulgar su contenido. Muchas gracias. The information contained in this message is directed exclusively to the person or entity to whom the message is addressed, and it might contain information that is confidential, privileged or otherwise legally exempt from disclosure. Any action based on it, performed by an individual or entity different from the one it was intended, is not allowed and its contents should not be read, forwarded, disclosed, or used in any other way. If you have received it by mistake please delete it from your system, you should also not copy the message nor disclose its contents to anyone. Thank you.
Re: Filter on recipient and subject
On 1/28/2010 5:32 AM, Nick Lunt wrote: Hi all, postfix-2.3.3-2.1.el5_2 If the subject does not match match /*.ABC.*/ and the recipient is f...@example.com I want this email to be discarded. This is not for spam detection it's simply an organisational requirement. Does anyone have a method to achieve this ? Many thanks Nick. This requires a content_filter or milter that can compare both the subject and the envelope recipient. Probably SpamAssassin with some custom rules would be the easiest (or maybe regexp-milter if it can compare multiple items -- don't know, I don't use it). -- Noel Jones
Re: Milter by domain
On 1/28/2010 1:46 AM, Jonathan Cutting wrote: Hello fellow Postfix users, I am attempting to configure a postfix server for multiple domains, which will use a milter to send an email to a mailarchiving store (mailarchiva). What I would like to do is: Match the originating domain in outbound mail using a hash table or sql lookup and use a specific milter depending on domain Match the to: address in incoming mail to similarly choose a milter based on domain Not possible. Postfix must connect to the milter before it knows the recipient. The reason is that I should like each company(domain) to have its own mailarchiving store containing only their own emails, and I would like to run multiple instances of the mailarchiving software on another server distinguished from each other by port number. I guess some sort of domain:port_number mapping would suffice. Is this possible using milters or might it be easier to use a custom script? A single milter that handles all domains is what you need. Or maybe a master milter that can connect to multiple secondary milters based on the recipient. Or easiest would be to use MX records to send mail for each domain to its own postfix instance. -- Noel Jones
Re: Filter on recipient and subject
Hello ! Maildrop can routing your email with many regex and criteria. http://www.courier-mta.org/maildrop/ Regards, On Thu, 28 Jan 2010 07:32:04 -0600, Noel Jones wrote: On 1/28/2010 5:32 AM, Nick Lunt wrote: Hi all, postfix-2.3.3-2.1.el5_2 If the subject does not match match /*.ABC.*/ and the recipient is f...@example.com I want this email to be discarded. This is not for spam detection it's simply an organisational requirement. Does anyone have a method to achieve this ? Many thanks Nick. This requires a content_filter or milter that can compare both the subject and the envelope recipient. Probably SpamAssassin with some custom rules would be the easiest (or maybe regexp-milter if it can compare multiple items -- don't know, I don't use it). -- Noel Jones
Re: Milter by domain
Noel Jones wrote: On 1/28/2010 1:46 AM, Jonathan Cutting wrote: I guess some sort of domain:port_number mapping would suffice. Is this possible using milters or might it be easier to use a custom script? A single milter that handles all domains is what you need. Or maybe a master milter that can connect to multiple secondary milters based on the recipient. Or easiest would be to use MX records to send mail for each domain to its own postfix instance. Another reason to do it this way (multiple MXs and multiple instances of postfix) is that a single message can be sent to many recipients in different domains hosted by your mailserver. --
Re: postfix to BorderWare MXtreme Mail Firewall SMTP server delivery fails?
On 1/28/2010 1:17 AM, Eero Volotinen wrote: Hi All, Very intresting problem from my postfix server to BorderWare MXtreme Mail Firewall SMTP 1) In some rare case remote smtp server replies: said: 451 Error: internal error 512 (in reply to end of DATA command)) I think this is bug on BorderWare MXtreme Mail Firewall SMTP server?, but how to debug the cause of this? How to take packet trace from this message that fails? First, is there any logging or other diagnostic information available from the BorderWare device? That's probably the best source of information on what the problem is. You should try to get a packet trace of a failed message. I expect it will show a completely normal SMTP session where the remote side responds 451 Err... and then disconnects, but it's prudent to verify that. http://www.postfix.org/DEBUG_README.html#sniffer If the BroderWare box is yours, you need to contact their tech support. This doesn't sound like a postfix problem. -- Noel Jones
Re: postfix to BorderWare MXtreme Mail Firewall SMTP server delivery fails?
2010/1/28 Noel Jones njo...@megan.vbhcs.org: On 1/28/2010 1:17 AM, Eero Volotinen wrote: Hi All, Very intresting problem from my postfix server to BorderWare MXtreme Mail Firewall SMTP 1) In some rare case remote smtp server replies: said: 451 Error: internal error 512 (in reply to end of DATA command)) I think this is bug on BorderWare MXtreme Mail Firewall SMTP server?, but how to debug the cause of this? How to take packet trace from this message that fails? First, is there any logging or other diagnostic information available from the BorderWare device? That's probably the best source of information on what the problem is. You should try to get a packet trace of a failed message. I expect it will show a completely normal SMTP session where the remote side responds 451 Err... and then disconnects, but it's prudent to verify that. http://www.postfix.org/DEBUG_README.html#sniffer If the BroderWare box is yours, you need to contact their tech support. This doesn't sound like a postfix problem. Well, Borderware box is not mine, but looks like it's running buggy software .. -- Eero
Warning message for mail either delivered in local or relayed to another server
Hello, I have a question about a warning message I regularly get in the log : do not list domain mydomain1 in BOTH virtual_mailbox_domains and relay_domains My configuration : transport_maps = ldap:/etc/postfix/mail_routing relay_domains = mydomain1 virtual_mailbox_domains = mydomain1 I do understand why I get this warning message but my situation is particular. I do a mail routing based on a LDAP attribute which I get with transport_maps and a ldap lookup table. Mail for the users with mail adress @mydomain1 could either be delivered in local or be relayed to another mail server. That is why I declare mydomain1 both in virtual_mailbox_domains and relay_domains Do you have a better solution in order to not see this warning message again? Thanks, Henri # dpkg -l | grep postfix ii postfix2.3.8-2+b1 A high- performance mail transport agent
Re: Milter by domain
Noel Jones: On 1/28/2010 1:46 AM, Jonathan Cutting wrote: Hello fellow Postfix users, I am attempting to configure a postfix server for multiple domains, which will use a milter to send an email to a mailarchiving store (mailarchiva). What I would like to do is: Match the originating domain in outbound mail using a hash table or sql lookup and use a specific milter depending on domain Match the to: address in incoming mail to similarly choose a milter based on domain Not possible. Postfix must connect to the milter before it knows the recipient. I can confirm this. Milters expect to see the complete SMTP session. Switching milters in the middle of a session wasn't really anticipated in the Milter architecture. In fact, the Sendmail Milter library will return an error if SMTP protocol elements arrive out of order. Wietse
multiple hostnames
Is it possible to have multiple host names on one postfix server? I have three domains and they all have different ip addresses but when mail comes though the server it always displays the hostname of the box. Does that makes sense? #hostname mail.server1.com mail.server1.com - 111.111.111.001 mail.server2.com - 111.111.111.002 mail.server3.com - 111.111.111.003 mail comes for mail.server3.com but in the msg header it says mail.server1.com thanks!
Re: ATRN reloaded
On Thu, Jan 28, 2010 at 03:48:26AM -0600, adrian ilarion ciobanu wrote: queue, and served by dedicated servers as in: http://www.plonk.de/sw/odmr/ odmr is mail relaying. if one chooses this solution then one probably No, because with ODMR one cannot relay until some unspecified future time when the destination system chooses to poll you. With normal relaying, one expects and largely gets real-time forwarding, and thus low congestion. What you describe sounds like day-by-day mail relaying, practically for me there's no ODMR mail, just mail waiting to be relayed. Maybe I'm wrong and ODMR must be seen as delivery or something else since it must be hooked up everywhere in the process, it seems. The only difference is how the relaying process is finalized. Normal smtp, etrn or atrn. So i think The Postfix deferred and active queues have practical size limits. High volumes of ODMR mail can push you into poor performance regimes, because the active and deferred queues are gummed up with mail to unreachable destinations. Delivering ODMR mail to an envelope preserving store, separtes the ODMR and non-ODMR recipients of a message, with the ODMR mail not needlessly cycling in and out of the deferred and active queues. Thats one point I can't agree with for having the atrn totally decoupled from postfix queue and related configurations. I think you are mistaken. The benefit of getting such mail out of the queue, and the advantages of being able to process the backlog synchronously outside normal queue-manager scheduling, outweigh the disadvantage of a dedicated ODMR service IMHO. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: ATRN reloaded
adrian ilarion ciobanu: Should ODMR support be in the primary MTA queue? Or should mail for ODMR destinations be batched up onto disk out of the MTA's queue, and served by dedicated servers as in: http://www.plonk.de/sw/odmr/ odmr is mail relaying. if one chooses this solution then one probably wants to do the same thing for any type of relaying. Nope, ETRN/ATRN mail stays queued on the server until the end-site retrieves it. By definition, the mail queue contains significant amounts of mail on a routine basis. This drags down the over-all MTA performance. This is unlike the front-end/back-end MTA setup where mail flows immediately, or the primaryMX/secondaryMX setup that is meant for the rare case that the primaryMX is unavailable. Here, the mail queue does not contain significant amounts of mail on a routine basis. When i was thinking exporting more functionality via a library - `that can be made in a very spartan way, e.g. smtpd.c: EXT_SMTPD_LIB int etrn_cmd(...) user_compiletime_config.h: #define EXPORT_SMTPD_LIB 1 build_exports.h #ifndef EXPORT_SMTPD_LIB #define EXT_SMTPD_LIB static #endif Sorry, when a piece of code can be called from multiple programs, that requires a precise library API definition (a contract) that specifies the interfaces of all the exposed functions including their data structures, and relevant pre and post conditions. Such a document does not exist, therefore this approach is off the table. Instead, smtpd(8) should be changed such that it calls into a library module that handles all the communication with atrnd(8) where the bulk of the new code will be implemented. This approach has proven itself over 10 years of Postfix development. Many features (flush, scache, anvil, verify, etc.) are implemented not by modifying existing code. Instead, they are implemented by implementing a new server (here, atrnd(8)) and an client library (here, atrn_client) with a well-defined interface. Via this client library, existing Postfix code (here smtpd(8)) talks to the new service. I have already mentioned these ground rules before. I am not opposed to implementing ATRN, but there has been zero evidence that doing so would actually be worth the maintenance cost (let alone the diminshingly small subset of sites that would require multiple domains on a single SASL account). Wietse
Re: Warning message for mail either delivered in local or relayed to another server
Henri: Hello, I have a question about a warning message I regularly get in the log : do not list domain mydomain1 in BOTH virtual_mailbox_domains and relay_domains My configuration : transport_maps = ldap:/etc/postfix/mail_routing relay_domains = mydomain1 virtual_mailbox_domains = mydomain1 I do understand why I get this warning message but my situation is particular. I do a mail routing based on a LDAP attribute which I get with transport_maps and a ldap lookup table. Mail for the users with mail adress @mydomain1 could either be delivered in local or be relayed to another mail server. That is why I declare mydomain1 both in virtual_mailbox_domains and relay_domains Do you have a better solution in order to not see this warning message again? Don't do this. Postfix MUST know where to look so that it can reject mail for non-existent recipients. Instead, list mydomain1 in virtual_mailbox_domains, and list the valid recipients in either virtual_mailbox_maps (for final delivery), or virtual_alias_maps (for mailboxes on other servers). Wietse
how to build a (enterprise) postfix system
Hello List, we are planing to set up a new E-Mail (Cluster) system with postfix. Our goal is that this is all ldap based and that our customers can manage their own: - E-Mail Addresses - Passwords - Black/White lists - Spamasassin reports - Autoreply/vacatation - Filter rules - etc.. Ldap is the choise because we need it for other systems too. Since postfix supports ldap out of the box this is not such a big problem. The tricky part is the autoresponder and filter rules. I could use mimedefang along with postfix to cover this, but i would like to know your opinion first. Maybe there is already such a projekt out there? It would also be okay to spend some money on it. Ok, so basically I/we want a (enterprise) postfix system that covers all those features so that a customer can manage their own e-mail business (all based on ldap). I am thankful for any thoughts or hints. Cheers, Mario
Taking over a mail queue from another node
If in a mail cluster, with multiple machines having access to a shared storage device (SAN, iSCSI) which is presented to the host as a normal block device (e.g. /dev/sda, hosting a normal ext3 filesystem), one of the mail nodes fails, what are the necessary Postfix steps to take over the queue on another host? I _think_ it is sufficient to provide the same configuration files as on the node which failed, execute postsuper -s until the queue file names stop changing (which shouldn't happen at all, because it is the same physical filesystem) and then start up Postfix (of course, IP addresses and other resources need to be migrated as well, but that's not Postfix specific stuff) - or at least that's what worked for me. What would happen to mails which weren't completely received when the original node crashed? Can I prevent qmgr from trying to deliver those? Do I have to? Stefan
Re: Taking over a mail queue from another node
On Thu, Jan 28, 2010 at 06:13:33PM +0100, Stefan Foerster wrote: If in a mail cluster, with multiple machines having access to a shared storage device (SAN, iSCSI) which is presented to the host as a normal block device (e.g. /dev/sda, hosting a normal ext3 filesystem), one of the mail nodes fails, what are the necessary Postfix steps to take over the queue on another host? I _think_ it is sufficient to provide the same configuration files as on the node which failed, If path names for the queue, data and configuration directory are different, you may need to adjust these in the config files. execute postsuper -s until the queue file names stop changing (which shouldn't happen at all, because it is the same physical filesystem) Only needed when restoring from backups, copying queue files, ... Not needed when mounting a filesystem. What would happen to mails which weren't completely received when the original node crashed? Can I prevent qmgr from trying to deliver those? Nothing needs to be done. Do I have to? No. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: Taking over a mail queue from another node
* Victor Duchovni victor.ducho...@morganstanley.com: On Thu, Jan 28, 2010 at 06:13:33PM +0100, Stefan Foerster wrote: If in a mail cluster, with multiple machines having access to a shared storage device (SAN, iSCSI) which is presented to the host as a normal block device (e.g. /dev/sda, hosting a normal ext3 filesystem), one of the mail nodes fails, what are the necessary Postfix steps to take over the queue on another host? I _think_ it is sufficient to provide the same configuration files as on the node which failed, If path names for the queue, data and configuration directory are different, you may need to adjust these in the config files. Well, that's kind of obvious :-) execute postsuper -s until the queue file names stop changing (which shouldn't happen at all, because it is the same physical filesystem) Only needed when restoring from backups, copying queue files, ... Not needed when mounting a filesystem. I think the manpage for postsuper recommends executing it at least once before starting up Postfix. Can it do any harm in this specific scenario? What would happen to mails which weren't completely received when the original node crashed? Can I prevent qmgr from trying to deliver those? Nothing needs to be done. This one was giving me a headache. Good to know, thank you. One last thing: If the clocks are perfectly synchronized and the takeover didn't happen immediately but e.g. after 60 minutes (virtualized system, dynamic resource/node allocation), it could happen that the deferred queue holds a large number of messages which are due for a delivery retry. Or, to quote QSHAPE_README: , | When a host with lots of deferred mail is down for some time, it is | possible for the entire deferred queue to reach its retry time | simultaneously. This can lead to a very full active queue once the | host comes back up. The phenomenon can repeat approximately every | maximal_backoff_time seconds if the messages are again deferred after | a brief burst of congestion. ` If the node doesn't have to process any new incoming mail, will qmgr be able to handle six digit deferred queues? Stefan
Re: Milter by domain
Thanks to everyone who responded on this. I've never tried running multiple postfix instances on the same machine but it would certainly solve the problem very neatly indeed. I have a spam/av server ahead of the postfix machine so I can specify the port and IP address without too much trouble based on recipient, I'm not clear on how else I'd choose the correct instance but will investigate. Thanks again Jon On 28/01/10 13:37, Noel Jones wrote: On 1/28/2010 1:46 AM, Jonathan Cutting wrote: Hello fellow Postfix users, I am attempting to configure a postfix server for multiple domains, which will use a milter to send an email to a mailarchiving store (mailarchiva). What I would like to do is: Match the originating domain in outbound mail using a hash table or sql lookup and use a specific milter depending on domain Match the to: address in incoming mail to similarly choose a milter based on domain Not possible. Postfix must connect to the milter before it knows the recipient. The reason is that I should like each company(domain) to have its own mailarchiving store containing only their own emails, and I would like to run multiple instances of the mailarchiving software on another server distinguished from each other by port number. I guess some sort of domain:port_number mapping would suffice. Is this possible using milters or might it be easier to use a custom script? A single milter that handles all domains is what you need. Or maybe a master milter that can connect to multiple secondary milters based on the recipient. Or easiest would be to use MX records to send mail for each domain to its own postfix instance. -- Noel Jones
Re: how to build a (enterprise) postfix system
2010/1/28 ml ml mliebher...@googlemail.com: Hello List, we are planing to set up a new E-Mail (Cluster) system with postfix. Our goal is that this is all ldap based and that our customers can manage their own: - E-Mail Addresses - Passwords - Black/White lists - Spamasassin reports - Autoreply/vacatation - Filter rules - etc.. Ldap is the choise because we need it for other systems too. Since postfix supports ldap out of the box this is not such a big problem. The tricky part is the autoresponder and filter rules. I could use mimedefang along with postfix to cover this, but i would like to know your opinion first. Maybe there is already such a projekt out there? It would also be okay to spend some money on it. You need to look at sieve filtering? Dovecot supports it and also some other imap servers. -- Eero
Re: Taking over a mail queue from another node
On Thu, Jan 28, 2010 at 06:39:34PM +0100, Stefan Foerster wrote: Only needed when restoring from backups, copying queue files, ... Not needed when mounting a filesystem. I think the manpage for postsuper recommends executing it at least once before starting up Postfix. Can it do any harm in this specific scenario? Not necessary unless you've disturbed the queue files. postfix start already runs it once. One last thing: If the clocks are perfectly synchronized and the takeover didn't happen immediately but e.g. after 60 minutes (virtualized system, dynamic resource/node allocation), it could happen that the deferred queue holds a large number of messages which are due for a delivery retry. Or, to quote QSHAPE_README: , | When a host with lots of deferred mail is down for some time, it is | possible for the entire deferred queue to reach its retry time | simultaneously. This can lead to a very full active queue once the | host comes back up. The phenomenon can repeat approximately every | maximal_backoff_time seconds if the messages are again deferred after | a brief burst of congestion. ` If the node doesn't have to process any new incoming mail, will qmgr be able to handle six digit deferred queues? So long as you just drain this queue, and don't take in any new mail, the large deferred queue size is harmless. I'd recommend turning off smtpd until the queue drains, and to let uncongested peer MX hosts handle fresh mail. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: how to build a (enterprise) postfix system
ml ml wrote: Hello List, we are planing to set up a new E-Mail (Cluster) system with postfix. Our goal is that this is all ldap based and that our customers can manage their own: - E-Mail Addresses - Passwords - Black/White lists - Spamasassin reports - Autoreply/vacatation - Filter rules - etc.. Ldap is the choise because we need it for other systems too. Since postfix supports ldap out of the box this is not such a big problem. The tricky part is the autoresponder and filter rules. I could use mimedefang along with postfix to cover this, but i would like to know your opinion first. Maybe there is already such a projekt out there? It would also be okay to spend some money on it. I use Dovecot LDA Deliver in postfix which manage sieve and so server side filtering, the users uses horde webmail with ingo module to crearte his own rules, white and blacklists and also vacation, it works fine so far. Ok, so basically I/we want a (enterprise) postfix system that covers all those features so that a customer can manage their own e-mail business (all based on ldap). I am thankful for any thoughts or hints. Cheers, Mario signature.asc Description: OpenPGP digital signature
virtual_alias_maps mysql
Hi, mail_version = 2.6.1 I using virtual_alias_maps with mysql for storage. Working fine. Does anyone have a suggestion on how to update a timestamp field in the mysql table when postfix finds a virtual_alias_maps match? I'm looking for a way to measure alias usage and cull unused aliases. Thank you, Bradley Giesbrecht
Re: virtual_alias_maps mysql
Hi, I using virtual_alias_maps with mysql for storage. Working fine. Does anyone have a suggestion on how to update a timestamp field in the mysql table when postfix finds a virtual_alias_maps match? I'm looking for a way to measure alias usage and cull unused aliases. Have you considered a stored procedure? HTH Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: virtual_alias_maps mysql
On 1/28/2010 3:35 PM, Serge Fonville wrote: Hi, I using virtual_alias_maps with mysql for storage. Working fine. Does anyone have a suggestion on how to update a timestamp field in the mysql table when postfix finds a virtual_alias_maps match? I'm looking for a way to measure alias usage and cull unused aliases. Have you considered a stored procedure? Stored procedures do not work in Postfix without code changes because the |CLIENT_MULTI_RESULTS connect flag, for MySQL API, is not turned on. |
Re: allowing outside users access to mailman lists
--- In postfix-us...@yahoogroups.com, Wietse Venema wie...@... wrote: Jeff Weinberger: I changed main.cf so the only relay_domains entry is: relay_domains=lists.mylistserver.com You need to verify this with the command postconf -n It's no good posting unverified cut-and-paste to the mailing list. Wietse So you want me to post the entire `postconf -n` again? copying and pasting the one relevant line and stating clearly that I verified it exactly that way doesn't suffice? How do you suggest I verify my cut-and-paste? I'll be happy to do so, if it will help us move beyond log discussions and to the issue at handthat said: I executed `postconf -n | grep relay_domains` and the result was: relay_domains=lists.mylistserver.com I made no other changes other than to relay_domains as suggested. I am hoping that someone can please help with the authenticated user issue and either help me determine why this happens or explain why my interpretation of this is wrong? The crux of this issue is there To recap: Authenticated (SASL) senders can send successfully, outside users can't. My interpretation is the problem lies in there. as that is the only thing that makes any difference at all. I need help figuring out what would cause that, or an explanation of why my interpretation is wrong. I would appreciate some help on this, if anyone has any ideas.
Re: Taking over a mail queue from another node
* Victor Duchovni victor.ducho...@morganstanley.com: On Thu, Jan 28, 2010 at 06:39:34PM +0100, Stefan Foerster wrote: If the node doesn't have to process any new incoming mail, will qmgr be able to handle six digit deferred queues? So long as you just drain this queue, and don't take in any new mail, the large deferred queue size is harmless. I'd recommend turning off smtpd until the queue drains, and to let uncongested peer MX hosts handle fresh mail. Already did that (a clustering framework is a wonderful thing to automate such processes!). Fortunately, those are not MX hosts. Thanks for your insightful comments. Stefan
Re: virtual_alias_maps mysql
I using virtual_alias_maps with mysql for storage. Working fine. Does anyone have a suggestion on how to update a timestamp field in the mysql table when postfix finds a virtual_alias_maps match? I'm looking for a way to measure alias usage and cull unused aliases. Have you considered a stored procedure? Stored procedures do not work in Postfix without code changes because the |CLIENT_MULTI_RESULTS connect flag, for MySQL API, is not turned on. From the manual: http://dev.mysql.com/doc/refman/5.0/en/mysql-real-connect.html CLIENT_MULTI_RESULTS Tell the server that the client can handle multiple result sets from multiple-statement executions or stored procedures. This flag is automatically enabled if CLIENT_MULTI_STATEMENTS is enabled. See the note following this table for more information about this flag. If your program uses CALL statements to execute stored procedures, the CLIENT_MULTI_RESULTS flag must be enabled. Not sure if I understand this right then, but to me this reads that if you use SELECT to get results from a stored procedure your fine Correct me if I'm wrong HTH Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Add Header
I'm trying to add ONE custom string to the header using the following but the first one adds it multiple times and the second doesn't work at all. Thanks for your help! header_checks = regexp:/etc/postfix/header_checks WORKS BUT ADDS IT MULTIPLE TIMES: /^/ PREPEND MyString DOES NOT WORK: /^DomainKey-Signature:$/ PREPEND MyString
Re: Add Header
* AMP Admin ad...@ampprod.com: I'm trying to add ONE custom string to the header using the following but the first one adds it multiple times and the second doesn't work at all. Thanks for your help! header_checks = regexp:/etc/postfix/header_checks WORKS BUT ADDS IT MULTIPLE TIMES: /^/ PREPEND MyString DOES NOT WORK: /^DomainKey-Signature:$/ PREPEND MyString /^From:/ PREPEND MyString Please note: When prepending text before a message header line, the prepended text must begin with a valid message header label. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Add Header
* AMP Admin ad...@ampprod.com: WORKS BUT ADDS IT MULTIPLE TIMES: /^/ PREPEND MyString This matches EVERY header line DOES NOT WORK: /^DomainKey-Signature:$/ PREPEND MyString This matches a header line like: DomainKey-Signature: (with NOTHING after the :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: allowing outside users access to mailman lists
Jeff Weinberger: Jeff Weinberger: I changed main.cf so the only relay_domains entry is: relay_domains=lists.mylistserver.com You need to verify this with the command postconf -n It's no good posting unverified cut-and-paste to the mailing list. Wietse So you want me to post the entire `postconf -n` again? copying and pasting I was trying to help, but posting tidbits out of their context makes support difficult. Wietse
Re: virtual_alias_maps mysql
On 1/28/2010 4:12 PM, Serge Fonville wrote: I using virtual_alias_maps with mysql for storage. Working fine. Does anyone have a suggestion on how to update a timestamp field in the mysql table when postfix finds a virtual_alias_maps match? I'm looking for a way to measure alias usage and cull unused aliases. Have you considered a stored procedure? Stored procedures do not work in Postfix without code changes because the |CLIENT_MULTI_RESULTS connect flag, for MySQL API, is not turned on. From the manual: http://dev.mysql.com/doc/refman/5.0/en/mysql-real-connect.html CLIENT_MULTI_RESULTS [...] If your program uses CALL statements to execute stored procedures, the CLIENT_MULTI_RESULTS flag must be enabled. Reread this ^^^.
RE: Add Header
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Ralf Hildebrandt Sent: Thursday, January 28, 2010 3:18 PM To: postfix-users@postfix.org Subject: Re: Add Header * AMP Admin ad...@ampprod.com: I'm trying to add ONE custom string to the header using the following but the first one adds it multiple times and the second doesn't work at all. Thanks for your help! header_checks = regexp:/etc/postfix/header_checks WORKS BUT ADDS IT MULTIPLE TIMES: /^/ PREPEND MyString DOES NOT WORK: /^DomainKey-Signature:$/ PREPEND MyString /^From:/ PREPEND MyString Please note: When prepending text before a message header line, the prepended text must begin with a valid message header label. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de what would a valid message header label be? I was going to use Message-ID: but then I read the following: Message headers added by the cleanup(8) daemon itself are excluded from inspection. Examples of such message headers are From:, To:, Message-ID:, Date:.
Re: how to build a (enterprise) postfix system
Take a look here : http://www.artica.fr Message initial De: Eero Volotinen eero.voloti...@iki.fi À: ml ml mliebher...@googlemail.com Cc: postfix-users@postfix.org Sujet: Re: how to build a (enterprise) postfix system Date: Thu, 28 Jan 2010 19:50:16 +0200 2010/1/28 ml ml mliebher...@googlemail.com: Hello List, we are planing to set up a new E-Mail (Cluster) system with postfix. Our goal is that this is all ldap based and that our customers can manage their own: - E-Mail Addresses - Passwords - Black/White lists - Spamasassin reports - Autoreply/vacatation - Filter rules - etc.. Ldap is the choise because we need it for other systems too. Since postfix supports ldap out of the box this is not such a big problem. The tricky part is the autoresponder and filter rules. I could use mimedefang along with postfix to cover this, but i would like to know your opinion first. Maybe there is already such a projekt out there? It would also be okay to spend some money on it. You need to look at sieve filtering? Dovecot supports it and also some other imap servers. -- Eero
Re: allowing outside users access to mailman lists
On Thu, Jan 28, 2010 at 1:36 PM, Wietse Venema wie...@porcupine.org wrote: Jeff Weinberger: Jeff Weinberger: I changed main.cf so the only relay_domains entry is: relay_domains=lists.mylistserver.com You need to verify this with the command postconf -n It's no good posting unverified cut-and-paste to the mailing list. Wietse So you want me to post the entire `postconf -n` again? copying and pasting I was trying to help, but posting tidbits out of their context makes support difficult. Wietse I get that - but I'm not sure what would help. I posted my entire `postconf -n` then I posted the result of `postconf -n | grep relay_domains` (as that's the only change I've been making - especially to be sure that no other change could possibly affect this). If there's something else that will help or a different way you want me to post information to help you understand it better, I'm glad to - just tell me what will help and I'll post it here. You've made it clear I'm posting the wrong thing - but I don't know what the right thing is
Re: allowing outside users access to mailman lists
Jeff Weinberger put forth on 1/28/2010 4:18 PM: You've made it clear I'm posting the wrong thing - but I don't know what the right thing is Sorry to but in Wietse. Jeff, paste all of postconf -n output and obfuscate any sensitive information in it such as hostnames or IP addresses that you don't want made public here. Wietse may not know what the right thing is until he sees all of postconf -n. There are interdependencies between various settings and often problems can't be identified without seeing the big picture. If you read the list welcome message and posting instructions you'd see that postconf -n output is a standard requirement here for receiving help. You are not being asked to provide anything beyond what everyone else is asked to provide. If you want assistance, we need to see the data. It's that's simple. Cooperate and everything will work out fine, you'll have a solution. Best regards. -- Stan
Re: allowing outside users access to mailman lists
On Thu, Jan 28, 2010 at 2:38 PM, Stan Hoeppner s...@hardwarefreak.com wrote: Jeff Weinberger put forth on 1/28/2010 4:18 PM: You've made it clear I'm posting the wrong thing - but I don't know what the right thing is Sorry to but in Wietse. Jeff, paste all of postconf -n output and obfuscate any sensitive information in it such as hostnames or IP addresses that you don't want made public here. Wietse may not know what the right thing is until he sees all of postconf -n. There are interdependencies between various settings and often problems can't be identified without seeing the big picture. If you read the list welcome message and posting instructions you'd see that postconf -n output is a standard requirement here for receiving help. You are not being asked to provide anything beyond what everyone else is asked to provide. If you want assistance, we need to see the data. It's that's simple. Cooperate and everything will work out fine, you'll have a solution. Best regards. -- Stan Stan - I can't speak for Wietse, but thanks for butting in. I posted it in the original message, and only changed the one item on the presumption that when diagnosing an issue, making other, non-controlled changes just confuses things. That said, here's the latest, still not working, `postconf -n` complete output, If it got lost somewhere, Im running Postfix 2.6.5 on Mac OS/X (client) 10.5.8 Again, if there is anything else I can post that will help, please let me know and I will be glad to do so. -`postconf -n` output alias_database = mysql:/etc/postfix/mysql_alias_maps.cf alias_maps = mysql:/etc/postfix/mysql_alias_maps.cf broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 default_verp_delimiters = += disable_vrfy_command = yes header_checks = pcre:/etc/postfix/header_checks.pcre html_directory = /etc/postfix/html inet_interfaces = all local_recipient_maps = luser_relay = ot...@jeffweinberger.com mail_owner = _postfix mailbox_size_limit = 0 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 0 mydestination = mysql:/etc/postfix/mysql_mydestination_maps.cf mydomain = jweinberger.homeip.net myhostname = jweinberger.homeip.net mynetworks = 127.0.0.0/8, !10.0.1.1, !10.0.1.210, 10.0.1.0/28 newaliases_path = /usr/bin/newaliases queue_directory = /private/var/spool/postfix readme_directory = /usr/share/doc/postfix recipient_delimiter = + relay_domains = lists.mylistserver.com relay_recipient_maps = relayhost = outbound.mailhop.org sample_directory = /usr/share/doc/postfix/examples sender_canonical_maps = mysql:/etc/postfix/mysql_sender_canonical_maps.cf sendmail_path = /usr/sbin/sendmail setgid_group = _postdrop smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = smtp_tls_CAfile = /etc/postfix/certs/demoCA/cacert.pem smtp_tls_cert_file = /etc/postfix/certs/postfix-cert.pem smtp_tls_key_file = /etc/postfix/certs/postfix-key.pem smtp_tls_loglevel = 1 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache smtp_use_tls = yes smtpd_data_restrictions = reject_unauth_pipelining smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_helo_required = yes smtpd_recipient_restrictions = check_recipient_access mysql:/etc/postfix/mysql_check_recipient_access_maps.cf, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, check_policy_service inet:127.0.0.1:2501, permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_security_options = noanonymous smtpd_sender_login_maps = mysql:/etc/postfix/mysql_smtpd_sender_login_maps.cf smtpd_sender_restrictions = check_sender_access pcre:/etc/postfix/smtpd_sender_restrictions.pcre smtpd_tls_CAfile = /etc/postfix/certs/demoCA/cacert.pem smtpd_tls_cert_file = /etc/postfix/certs/postfix-cert.pem smtpd_tls_key_file = /etc/postfix/certs/postfix-key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = mysql:/etc/postfix/mysql_peraddress_transport_maps.cf, mysql:/etc/postfix/mysql_virtual_transport_maps.cf unknown_local_recipient_reject_code = 550 verp_delimiter_filter = -=+ virtual_alias_domains = mysql:/etc/postfix/mysql_virtual_alias_domains.cf virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:102 virtual_mailbox_base = /usr/local/virtual/ virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 0 virtual_mailbox_maps =
relay help
I have been using postfix for about two + years but something that was
just out of my understanding at the time was setting up relaying.
Right now I just sent from my mail client (thunderbird) but I would
like to be able to send back through postfix to keep a record of all
sent mails.
Im getting this error:
postfix/smtp[18963]:
499E1B1B64: to=wadesm...@gmail.com,
relay=72.167.82.80[72.167.82.80]:465,
delay=7822,
delays=7522/0.06/300/0,
dsn=4.4.2,
status=deferred (lost connection with 72.167.82.80[72.167.82.80] while
receiving the initial server greeting)
sm...@smart-laptop:~$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = /usr/lib/dovecot/deliver -c
/etc/dovecot/dovecot-postfix.conf -n -m ${EXTENSION}
mailbox_size_limit = 0
mydestination = wadesmart.com, localhost.localdomain, localhost, wadesmart
mydomain = wadesmart.com
myhostname = wadesmart.com
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = $mydomain
readme_directory = no
recipient_delimiter = +
relay_domains = $mydomain
relayhost = 72.167.82.80:465
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unauth_pipelining,
permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = wadesmart.com
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
sm...@smart-laptop:~$
--
---
Registered Linux User: #480675
Linux since June 2005
Re: relay help
On 1/28/2010 4:57 PM, Wade Smart wrote: I have been using postfix for about two + years but something that was just out of my understanding at the time was setting up relaying. Right now I just sent from my mail client (thunderbird) but I would like to be able to send back through postfix to keep a record of all sent mails. Im getting this error: postfix/smtp[18963]: 499E1B1B64: to=wadesm...@gmail.com, relay=72.167.82.80[72.167.82.80]:465, delay=7822, delays=7522/0.06/300/0, dsn=4.4.2, status=deferred (lost connection with 72.167.82.80[72.167.82.80] while receiving the initial server greeting) sm...@smart-laptop:~$ postconf -n ... relayhost = 72.167.82.80:465 (side note, the IP should be enclosed in brackets, relayhost = [72.167.82.80]:port but that's probably unrelated to this problem.) Using port 465 implies that the client is expecting wrapper-mode TLS. This mode is deprecated for email use and not directly supported by postfix. The vast majority of mail relays also support using the standard submission interface at port 587, which is the strongly preferred port. If it's an antique mail relay that doesn't support the submission port, a workaround for client side wrapper mode is described here: http://www.postfix.org/TLS_README.html#client_smtps -- Noel Jones
Re: allowing outside users access to mailman lists
On 1/28/2010 4:46 PM, Jeff Weinberger wrote: virtual_alias_domains = mysql:/etc/postfix/mysql_virtual_alias_domains.cf does lists.mylistserver.com match the above lookup? postmap -q lists.mylistserver.com mysql:...
Re: allowing outside users access to mailman lists
On Thu, Jan 28, 2010 at 3:16 PM, Noel Jones njo...@megan.vbhcs.org wrote: On 1/28/2010 4:46 PM, Jeff Weinberger wrote: virtual_alias_domains = mysql:/etc/postfix/mysql_virtual_alias_domains.cf does lists.mylistserver.com match the above lookup? postmap -q lists.mylistserver.com mysql:... No. `postmap -q lists.mylistserver.com mysql:/etc/postfix/mysql_virtual_alias_domains.cf` returns nothing (empty). However, `postmap -q lists.mylistserver.com mysql:/etc/postfix/mysql_relay_domain_maps.cf returns OK (a constant value, as recommended). I was hopeful that you had identified something here...so I did test to be sure.
Re: allowing outside users access to mailman lists
On 1/28/2010 5:36 PM, Jeff Weinberger wrote: On Thu, Jan 28, 2010 at 3:16 PM, Noel Jonesnjo...@megan.vbhcs.org wrote: On 1/28/2010 4:46 PM, Jeff Weinberger wrote: virtual_alias_domains = mysql:/etc/postfix/mysql_virtual_alias_domains.cf does lists.mylistserver.com match the above lookup? postmap -q lists.mylistserver.com mysql:... No. `postmap -q lists.mylistserver.com mysql:/etc/postfix/mysql_virtual_alias_domains.cf` returns nothing (empty). However, `postmap -q lists.mylistserver.com mysql:/etc/postfix/mysql_relay_domain_maps.cf returns OK (a constant value, as recommended). I was hopeful that you had identified something here...so I did test to be sure. So enable debug output on smtpd (or add a test client to debug_peer_list) and show us the UNALTERED results of a failed transaction. http://www.postfix.org/DEBUG_README.html#debug_peer
RE: Add Header
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Ralf Hildebrandt Sent: Thursday, January 28, 2010 3:22 PM To: postfix-users@postfix.org Subject: Re: Add Header * AMP Admin ad...@ampprod.com: WORKS BUT ADDS IT MULTIPLE TIMES: /^/ PREPEND MyString This matches EVERY header line DOES NOT WORK: /^DomainKey-Signature:$/ PREPEND MyString This matches a header line like: DomainKey-Signature: (with NOTHING after the :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de just in case anyone comes across this I got it sorted with the following: /^Subject: .*/ PREPEND MyString
Re: Add Header
On Thu, Jan 28, 2010 at 05:41:03PM -0600, AMP Admin wrote: just in case anyone comes across this I got it sorted with the following: /^Subject: .*/ PREPEND MyString This is still wrong. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: allowing outside users access to mailman lists
On Thu, Jan 28, 2010 at 3:39 PM, Noel Jones njo...@megan.vbhcs.org wrote: On 1/28/2010 5:36 PM, Jeff Weinberger wrote: On Thu, Jan 28, 2010 at 3:16 PM, Noel Jonesnjo...@megan.vbhcs.org wrote: On 1/28/2010 4:46 PM, Jeff Weinberger wrote: virtual_alias_domains = mysql:/etc/postfix/mysql_virtual_alias_domains.cf does lists.mylistserver.com match the above lookup? postmap -q lists.mylistserver.com mysql:... No. `postmap -q lists.mylistserver.com mysql:/etc/postfix/mysql_virtual_alias_domains.cf` returns nothing (empty). However, `postmap -q lists.mylistserver.com mysql:/etc/postfix/mysql_relay_domain_maps.cf returns OK (a constant value, as recommended). I was hopeful that you had identified something here...so I did test to be sure. So enable debug output on smtpd (or add a test client to debug_peer_list) and show us the UNALTERED results of a failed transaction. http://www.postfix.org/DEBUG_README.html#debug_peer OK, I see what this will do - thanks for the suggestion. I'll post the complete log here (naturally, anything sensitive masked, but otherwise unaltered).
RE: main.cf - paramter name format
Otto Hirr:
In answer to my question, and so others don't have to
trudge thru the source to find it...
The 'parameter name' may be and non-space, non-equals (i.e. =)
string of characters.
The fine details are not documented, because I didn't want to promise
that Postfix will forever support names with ^AESC^ZCR in them,
nor did I want to add code that artificially restricts the input.
There are a few other characters that limit parameter names
when they are used in macro substitution (this uses the '$', '{}'
and '()', and also limits what the name in $name can be.)
I suppose that for most people, the examples in Postfix documentation
are a sufficient guideline. Being able to spell weird names does not
mean that you have to use weird names.
Wietse
Understand. My concern was related to use of
postfix/postmulti/mailman - where postfix has a
primary/all-other-instance naming scheme and i
wanted to attempt to have a standardize method...
then saw that it may result in a - (dash) in a
parameter name, which had concerned me...
I was not interested in anything strange.
Just like hostnames (per your previous post)
should not have underscore (but use dash),
but then typical parameters (e.g. variables)
can't have dashes but can have underscores...
..Otto
Re: Milter by domain
Hi, In 4b61930c.8060...@megan.vbhcs.org Re: Milter by domain on Thu, 28 Jan 2010 07:37:16 -0600, Noel Jones njo...@megan.vbhcs.org wrote: Or maybe a master milter that can connect to multiple secondary milters based on the recipient. It's milter manager: http://milter-manager.sourceforge.net/ milter manager can select secondary milters based on the recipient. (It can stop needless secondary milters based on the recipient.) Thanks, -- kou
RE: Postfix as a filtering/relay box
Start here: http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall http://www.postfix.org/CONTENT_INSPECTION_README.html http://www.postfix.org/SMTPD_PROXY_README.html http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions http://www.postfix.org/DATABASE_README.html http://www.postfix.org/LDAP_README.html http://www.postfix.org/transport.5.html and i would also suggest considering the nice multi-instance docs too: http://www.postfix.org/postmulti.1.html http://www.postfix.org/postfix-wrapper.5.html http://www.postfix.org/MULTI_INSTANCE_README.html makes things conceptually very simple, and then you can either merge instances, or split an instance(s) off to some other box(s)... May provide an easy, step by step, method to replace your old system, and each, doing a simple function, may be easier to debug... just like small, concise program functions are easier to grok than some massive main() with goto's. :) ..Otto
[SASL]: Recipient address rejected: Access denied while SASL/TLS are really enabled
Dear I don't understand why but i think that Postfix did want to send the authentication request in the SMTP protocol. In this case , the client (thunderbird) cannot send authentication parameters trough Internet. When executing saslfinger, there is not information in the -- mechanisms on localhost -- i think that perhaps this is the problem. How can i resolve this situation ? it's like a ghost inside the server ??? Many thanks Output debug log Jan 23 15:09:23 mx1 postfix/smtpd[25192]: START Sender address RESTRICTIONS Jan 23 15:09:23 mx1 postfix/smtpd[25192]: generic_checks: name=permit_sasl_authenticated Jan 23 15:09:23 mx1 postfix/smtpd[25192]: generic_checks: name=permit_sasl_authenticated status=0 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: generic_checks: name=permit_mynetworks Jan 23 15:09:23 mx1 postfix/smtpd[25192]: permit_mynetworks: 129.168.201-77.rev.gaoland.net 77.201.168.129 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostname: 129.168.201-77.rev.gaoland.net ~? 127.0.0.0/8 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostaddr: 77.201.168.129 ~? 127.0.0.0/8 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostname: 129.168.201-77.rev.gaoland.net ~? [:::127.0.0.0]/104 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostaddr: 77.201.168.129 ~? [:::127.0.0.0]/104 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostname: 129.168.201-77.rev.gaoland.net ~? [::1]/128 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostaddr: 77.201.168.129 ~? [::1]/128 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostname: 129.168.201-77.rev.gaoland.net ~? 91.121.48.19 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostaddr: 77.201.168.129 ~? 91.121.48.19 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_list_match: 129.168.201-77.rev.gaoland.net: no match Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_list_match: 77.201.168.129: no match Jan 23 15:09:23 mx1 postfix/smtpd[25192]: generic_checks: name=permit_mynetworks status=0 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: END Sender address RESTRICTIONS Jan 23 15:09:23 mx1 postfix/smtpd[25192]: START Recipient address RESTRICTIONS Jan 23 15:09:23 mx1 postfix/smtpd[25192]: generic_checks: name=permit_sasl_authenticated Jan 23 15:09:23 mx1 postfix/smtpd[25192]: generic_checks: name=permit_sasl_authenticated status=0 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: generic_checks: name=permit_mynetworks Jan 23 15:09:23 mx1 postfix/smtpd[25192]: permit_mynetworks: 129.168.201-77.rev.gaoland.net 77.201.168.129 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostname: 129.168.201-77.rev.gaoland.net ~? 127.0.0.0/8 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostaddr: 77.201.168.129 ~? 127.0.0.0/8 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostname: 129.168.201-77.rev.gaoland.net ~? [:::127.0.0.0]/104 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostaddr: 77.201.168.129 ~? [:::127.0.0.0]/104 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostname: 129.168.201-77.rev.gaoland.net ~? [::1]/128 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostaddr: 77.201.168.129 ~? [::1]/128 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostname: 129.168.201-77.rev.gaoland.net ~? 91.121.48.19 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_hostaddr: 77.201.168.129 ~? 91.121.48.19 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_list_match: 129.168.201-77.rev.gaoland.net: no match Jan 23 15:09:23 mx1 postfix/smtpd[25192]: match_list_match: 77.201.168.129: no match Jan 23 15:09:23 mx1 postfix/smtpd[25192]: generic_checks: name=permit_mynetworks status=0 Jan 23 15:09:23 mx1 postfix/smtpd[25192]: generic_checks: name=reject Jan 23 15:09:23 mx1 postfix/smtpd[25192]: NOQUEUE: reject: RCPT from 129.168.201-77.rev.gaoland.net[77.201.168.129]: 554 5.7.1 da...@xxx.eu: Recipient address rejected: Access denied; from=dtouz...@xxx.org to=da...@xxx.eu proto=ESMTP helo=[192.168.1.20] Jan 23 15:09:23 mx1 postfix/smtpd[25192]: generic_checks: name=reject status=2 Output of saslfinger, you can see there is no -- mechanisms on localhost -- saslfinger - postfix Cyrus sasl configuration samedi 23 janvier 2010, 15:04:40 (UTC+0100) version: 1.0.4 mode: server-side SMTP AUTH -- basics -- Postfix: 2.5.5 System: Debian GNU/Linux 5.0 \n \l -- smtpd is linked to -- libsasl2.so.2 = /usr/lib/libsasl2.so.2 (0xb7d7c000) -- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/ssl/certs/postfix/ca.csr smtpd_tls_ask_ccert = no smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/postfix/ca.crt smtpd_tls_key_file = /etc/ssl/certs/postfix/ca.key smtpd_tls_received_header = yes smtpd_tls_req_ccert = no smtpd_tls_security_level = none smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_cache smtpd_use_tls = yes -- content of
Re: [SASL]: Recipient address rejected: Access denied while SASL/TLS are really enabled
* David Touzeau da...@touzeau.eu:
Dear
I don't understand why but i think that Postfix did want to send the
authentication request in the SMTP protocol.
In this case , the client (thunderbird) cannot send authentication
parameters trough Internet.
When executing saslfinger, there is not information in the -- mechanisms
on localhost -- i think that perhaps this is the problem.
How can i resolve this situation ? it's like a ghost inside the
server ???
Many thanks
Output of saslfinger, you can see there is no -- mechanisms on localhost
Erhmm... install them then?
$ sudo aptitude install libsasl2-modules sasl2-bin
Then use testsaslauthd to verify authentication works without Postfix. If it
works turn to Postfix and try again.
p...@rick
--
saslfinger - postfix Cyrus sasl configuration samedi 23 janvier 2010,
15:04:40 (UTC+0100)
version: 1.0.4
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.5.5
System: Debian GNU/Linux 5.0 \n \l
-- smtpd is linked to --
libsasl2.so.2 = /usr/lib/libsasl2.so.2 (0xb7d7c000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/ssl/certs/postfix/ca.csr
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/postfix/ca.crt
smtpd_tls_key_file = /etc/ssl/certs/postfix/ca.key
smtpd_tls_received_header = yes
smtpd_tls_req_ccert = no
smtpd_tls_security_level = none
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_cache
smtpd_use_tls = yes
-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
log_level: 5
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
log_level: 5
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
log_level: 5
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd -v
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
scan unix - - n - 10 smtp
maildrop unix - n n - - pipe
retry unix - - n - - error
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=mail:mail argv=/etc/mailman/postfix-to-mailman.py
${nexthop} ${mailbox}
artica-whitelistunix - n n - - pipe
flags=F user=mail argv=/usr/share/artica-postfix/bin/artica-whitelist
-a ${nexthop} -s ${sender} --white
artica-blacklistunix - n n - - pipe
flags=F user=mail argv=/usr/share/artica-postfix/bin/artica-whitelist
-a ${nexthop} -s ${sender} --black
artica-reportwblunix - n n - - pipe
flags=F user=mail argv=/usr/share/artica-postfix/bin/artica-whitelist
-a ${nexthop} -s ${sender} --report
artica-reportquarunix - n n - - pipe
flags=F user=mail argv=/usr/share/artica-postfix/bin/artica-whitelist
-a ${nexthop} -s ${sender} --quarantines
artica-filterunix - n n - 20 pipe
flags=FOh user=www-data
argv=/usr/share/artica-postfix/exec.artica-filter.php -f ${sender} --
-s ${sender} -r ${recipient} -c ${client_address}
-- mechanisms on localhost --
-- end of saslfinger output --
--
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.
saslfinger (debugging SMTP AUTH):
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
RE: Add Header
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Victor Duchovni Sent: Thursday, January 28, 2010 5:51 PM To: postfix-users@postfix.org Subject: Re: Add Header On Thu, Jan 28, 2010 at 05:41:03PM -0600, AMP Admin wrote: just in case anyone comes across this I got it sorted with the following: /^Subject: .*/ PREPEND MyString This is still wrong. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note. Well I guess I don't qualify for the job in your sig lol What would the correct way be?
smtpd processes congregating at the pub
Based on purely visual non-scientific observation (top), it seems my smtpd processes on my MX hang around much longer in (Debian) 2.5.5 than they did in (Debian) 2.3.8. In 2.3.8 Master seemed to build them and tear them down very quickly after the transaction was complete. An smtpd process' lifespan was usually 10 seconds or less on my 2.3.8. In 2.5.5 smtpd's seem to hang around for up to 30 secs to a minute. Local shows very speedy delivery. Is this long smtpd process lifespan normal for 2.5.5 or did I do something screwy/wrong in my config? relay=local, delay=2.2, delays=2.2/0/0/0.01, dsn=2.0.0, status=sent relay=local, delay=0.32, delays=0.29/0.02/0/0, dsn=2.0.0, status=sent relay=local, delay=0.77, delays=0.75/0.03/0/0, dsn=2.0.0, status=sent relay=local, delay=0.26, delays=0.25/0/0/0.01, dsn=2.0.0, status=sent relay=local, delay=0.64, delays=0.62/0.03/0/0, dsn=2.0.0, status=sent relay=local, delay=0.26, delays=0.25/0/0/0, dsn=2.0.0, status=sent -- Stan
Re: smtpd processes congregating at the pub
Stan Hoeppner put forth on 1/29/2010 12:27 AM: Based on purely visual non-scientific observation (top), it seems my smtpd processes on my MX hang around much longer in (Debian) 2.5.5 than they did in (Debian) 2.3.8. In 2.3.8 Master seemed to build them and tear them down very quickly after the transaction was complete. An smtpd process' lifespan was usually 10 seconds or less on my 2.3.8. In 2.5.5 smtpd's seem to hang around for up to 30 secs to a minute. Local shows very speedy delivery. Is this long smtpd process lifespan normal for 2.5.5 or did I do something screwy/wrong in my config? relay=local, delay=2.2, delays=2.2/0/0/0.01, dsn=2.0.0, status=sent relay=local, delay=0.32, delays=0.29/0.02/0/0, dsn=2.0.0, status=sent relay=local, delay=0.77, delays=0.75/0.03/0/0, dsn=2.0.0, status=sent relay=local, delay=0.26, delays=0.25/0/0/0.01, dsn=2.0.0, status=sent relay=local, delay=0.64, delays=0.62/0.03/0/0, dsn=2.0.0, status=sent relay=local, delay=0.26, delays=0.25/0/0/0, dsn=2.0.0, status=sent I think I found it: max_idle = x The default is 100 on my system. I changed it to 10 and that seems to have had an effect. Did this setting exist in 2.3.8? I didn't see a version note next to max_idle in my 2.5.5 man smtpd. If so, was the default something insanely low like 1, or 0? Like I said, smtpd's seemed to come and go in a hurry on 2.3.8. -- Stan
Re: virtual_alias_maps mysql
On Thu, Jan 28, 2010 at 10:40 PM, Brian Evans - Postfix List grkni...@scent-team.com wrote: On 1/28/2010 4:12 PM, Serge Fonville wrote: I using virtual_alias_maps with mysql for storage. Working fine. Does anyone have a suggestion on how to update a timestamp field in the mysql table when postfix finds a virtual_alias_maps match? I'm looking for a way to measure alias usage and cull unused aliases. Have you considered a stored procedure? Stored procedures do not work in Postfix without code changes because the |CLIENT_MULTI_RESULTS connect flag, for MySQL API, is not turned on. From the manual: http://dev.mysql.com/doc/refman/5.0/en/mysql-real-connect.html CLIENT_MULTI_RESULTS [...] If your program uses CALL statements to execute stored procedures, the CLIENT_MULTI_RESULTS flag must be enabled. Reread this ^^^. If you use a SELECT query, does it use CALL? -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: Add Header
* Victor Duchovni victor.ducho...@morganstanley.com: On Thu, Jan 28, 2010 at 05:41:03PM -0600, AMP Admin wrote: just in case anyone comes across this I got it sorted with the following: /^Subject: .*/ PREPEND MyString This is still wrong. Because it doesn't contain a header label? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
