Re: reverse dns fails with multiple domains

[Stan Hoeppner]

mouss put forth on 3/6/2010 6:03 PM:
> Stan Hoeppner a écrit :
>> [snip]
>> A web server with a single IP address hosting 378 vitural domains.  Should
>> it have 379 PTRs?  One for the host itself and one for each virtual domain?
>>  Of course not.
>>
>> A mail server with a single IP address hosting 378 mail domains?  Should it
>> have 379 PTRs?  One for the host itself and one for each virtual MX domain?
>>  Of course not.  In this case, the DNS infrastructure isn't smart enough to
>> return matching records even though they do exist, so why bother?
> 
> Stan, you're confused. What is "asked" for is:

I'm not confused at all mouss.  I was mocking Greg with an absurd example of
what he espouses here:

Greg A. Woods put forth on 3/6/2010 2:58 PM:

> For every hostname pointing at an IP address, there should be a
> corresponding PTR for that address pointing back at the hostname.

My example exactly matches what he says.  What he says is incorrect.  I was
drawing attention to his absurd suggestion with an example of absurdity.

-- 
Stan

Re: Out: 452 Insufficient system storage

[donovan]

On Mar 3, 2010, at 5:24 PM, Wietse Venema wrote:


donovan jeffrey j:

Mar  3 09:49:59 mx1 postfix/smtp[1054]: name_mask: resource
Mar  3 09:49:59 mx1 postfix/smtp[1054]: name_mask: software
Mar  3 09:49:59 mx1 postfix/qmgr[603]: 0529299C4604: removed
Mar  3 09:49:59 mx1 postfix/smtp[1054]: < 127.0.0.1[127.0.0.1]: 220
[127.0.0.1] ESMTP amavisd-new service ready


You need to instrument the smtpd process after the content filter,

Wietse



This turned out to be an Autowhitelist growing out of control in  /var/ 
clamav/.spamassassin


68816850944 Mar  6 16:39 auto-whitelist

I suspect something is up with this heap.
-j

Re: reverse dns fails with multiple domains

[mouss]

Stan Hoeppner a écrit :
> [snip]
> A web server with a single IP address hosting 378 vitural domains.  Should
> it have 379 PTRs?  One for the host itself and one for each virtual domain?
>  Of course not.
> 
> A mail server with a single IP address hosting 378 mail domains?  Should it
> have 379 PTRs?  One for the host itself and one for each virtual MX domain?
>  Of course not.  In this case, the DNS infrastructure isn't smart enough to
> return matching records even though they do exist, so why bother?

Stan, you're confused. What is "asked" for is:

- if an IP is used to send mail, then it should have at least one PTR
(preferably only one)
- _any_ PTR returned for this IP should resolve back to the IP (the
_nay_ is because no server is going to spend hours trying to resolve
3000 PTRs...).

This has nothing to do with virtual hosts and the like. As you can
guess, imlil.netoyen.net is hosting many domains. but the IP has only
one PTR and that PTR resolves back to that IP. (and the box has multiple
IPs too, which correspond to various hostnames...).

When you run a "server" (something that listens to requests), you don't
care about reverse DNS. so www.example.com only needs to resolve (that's
what the browser does). nobody is going to resolve the IP back to a name
(that would be stupid).

When you run a "client" (something that initiates a TCP connection...),
you'd better have "FCrDNS" (IP -> name ->IP returns original IP).

well, all this may go away with IPv6. but as of IPv4, it is common
practice... (I don't know if this is still the case, but gandi.net won't
allow you to query their whois if you have that "wrong").


> [snip]

Re: reverse dns fails with multiple domains

[mouss]

Stan Hoeppner a écrit :
> mouss put forth on 3/6/2010 3:01 PM:
> 
>> so OP not only has a "generic" name, but it doesn't resolve back to the
>> IP. If he can get his ISP to fix his reverse (preferably using a custom
>> reverse), then maybe things will get better.
> 
> I assume this is difficult if not impossible, given it appears residential,

Any ISP should configure PTRs for their IPv4 space. but I guess you are
talking about the other part (custom rdns). Some ISPs provide custom
reverse for free (ex: free.fr). others provide it for a fee (may or may
not be ok for OP).

but in any case, anyone can tell the ISP that not setting up reverse DNS
for IPv4 space is dumb.

> so I recommended fixing what he could, the HELO name.  And yes, many sites
> will block that PTR string at client name lookup as well as HELO lookup, but
> I think the probability is higher with HELO.
> 

Agreed.

Re: reverse dns fails with multiple domains

[mouss]

John WInther a écrit :
> running smtp test on soapnut.dk
> 
> 
> smtp:188.183.91.18 smtp
> 
> 220 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk ESMTP Postfix
> 
> 
> Not an open relay.
> 0 seconds - Good on Connection time
> 0.702 seconds - Good on Transaction time
> OK - 188.183.91.18 resolves to
> 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk
> OK - Reverse DNS matches SMTP Banner
> 
> 
> when I change nyhostname in postfix to soapnut.dk :
> 
> 220 soapnut.dk ESMTP Postfix
> 
> 
> Not an open relay.
> 0 seconds - Good on Connection time
> 0.733 seconds - Good on Transaction time
> OK - 188.183.91.18 resolves to
> Warning - Reverse DNS does not match SMTP Banner
> 

This is a bogus test. forget about people who do random tests. The site
developer doesn't understand what need to match...

see my previous mail for your reverse dns issue. but this has nothing to
do with your banner (or with anything that you could fix in main.cf or
any postfix confg file). Only your ISP can help.


> Do I set myhostname in postfix to
> 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk or to soapnut.dk ?

as said before, the latter is better. you may get a little more chances
to get your mail out.

PS. As Rob said, please do not top post. put your answers after the text
you reply to.

Re: reverse dns fails with multiple domains

[Daniel V. Reinhardt]

- Original Message 

> From: John WInther 
> To: postfix-users@postfix.org
> Sent: Sat, March 6, 2010 11:13:17 PM
> Subject: Re: reverse dns fails with multiple domains
> 
> running smtp test on soapnut.dk
> 
> 
> smtp:188.183.91.18 smtp
> 
> 220 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk ESMTP Postfix
> 
> 
> Not an open relay.
> 0 seconds - Good on Connection time
> 0.702 seconds - Good on Transaction time
> OK - 188.183.91.18 resolves to
> 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk
> OK - Reverse DNS matches SMTP Banner
> 
> 
> when I change nyhostname in postfix to soapnut.dk :
> 
> 220 soapnut.dk ESMTP Postfix
> 
> 
> Not an open relay.
> 0 seconds - Good on Connection time
> 0.733 seconds - Good on Transaction time
> OK - 188.183.91.18 resolves to
> Warning - Reverse DNS does not match SMTP Banner
> 
> Do I set myhostname in postfix to 
> 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk or to soapnut.dk ?
> 

Here is mine:

 Not an open 
relay.
 0 seconds - 
Good on Connection time
 0.234 
seconds - Good on Transaction time
 OK - 
173.73.4.107 resolves to 
 Warning - 
Reverse DNS does not match SMTP Banner

I have no issues with sending email to anyone.

Daniel Reinhardt
Website: www.cryptodan.com
Email: 
crypto...@yahoo.com


  

Re: reverse dns fails with multiple domains

[John WInther]

running smtp test on soapnut.dk


smtp:188.183.91.18 smtp

220 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk ESMTP Postfix


Not an open relay.
0 seconds - Good on Connection time
0.702 seconds - Good on Transaction time
OK - 188.183.91.18 resolves to
0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk
OK - Reverse DNS matches SMTP Banner


when I change nyhostname in postfix to soapnut.dk :

220 soapnut.dk ESMTP Postfix


Not an open relay.
0 seconds - Good on Connection time
0.733 seconds - Good on Transaction time
OK - 188.183.91.18 resolves to
Warning - Reverse DNS does not match SMTP Banner

Do I set myhostname in postfix to 
0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk or to soapnut.dk ?



- Original Message - 
From: "John WInther" 

To: 
Sent: Saturday, March 06, 2010 11:18 PM
Subject: Re: reverse dns fails with multiple domains


My primary concern is that some mailservers deny sending mail to my 
domains

if the reverse dns lookup fails. If I set myhostname to one of my public
domains, the reply string from HELO is ok, but the reverse dns lookup 
fails,

If not possible to satisfy both issues what is best configuration?.

- Original Message - 
From: "mouss" 

To: 
Sent: Saturday, March 06, 2010 10:01 PM
Subject: Re: reverse dns fails with multiple domains



Stan Hoeppner a écrit :

John WInther put forth on 3/6/2010 12:57 PM:

Thanks for info, I am aware of  the manual and I have previus tryed to
change the myhostname to soapnut.dk, I still got the reverse dns error.
I gave me an idear to reverse resolve the ip address registred in mx,
and the reply from that test was the dns name of my internet access.
0xbcb75b12.cpe.ge-1-1-0-1112.customer.tele.dk, when i put that in as
myhostname the reverse dns lookup reply with success.


RFC does not dictate that your forward and reverse dns names match.  It 
does
dictate that a domain name must be valid.  Anything ending in .local is 
not

valid.

I'd suggest against using

0xbcb75b12.cpe.ge-1-1-0-1112.customer.tele.dk

as your Postfix HELO name.  Use a hostname based on one of your mail 
domains
instead.  Some sites will block SMTP servers that HELO with such a 
generic

hostname as that above.


true. better use soapnut.dk in myhostname. Although I doubt this will
help a lot:

- "some" sites will block if the PTR is generic... too many zombies out
there...

- OP's reverse DNS is borked:
$ host 188.183.91.18
18.91.183.188.in-addr.arpa domain name pointer
0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk.
$ host 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk.
Host 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk. not found:
3(NXDOMAIN)

so OP not only has a "generic" name, but it doesn't resolve back to the
IP. If he can get his ISP to fix his reverse (preferably using a custom
reverse), then maybe things will get better.

Re: reverse dns fails with multiple domains

[/dev/rob0]

Top-posting fixed. Please don't top-post here, thanks.

> - Original Message - From: "mouss" 
>> so OP not only has a "generic" name, but it doesn't resolve back 
>> to the IP. If he can get his ISP to fix his reverse (preferably 
>> using a custom reverse), then maybe things will get better.

On Sat, Mar 06, 2010 at 11:18:32PM +0100, John WInther wrote:
> My primary concern is that some mailservers deny sending mail to my 
> domains if the reverse dns lookup fails. If I set myhostname to one 
> of my public domains, the reply string from HELO is ok, but the 
> reverse dns lookup fails, If not possible to satisfy both issues 
> what is best configuration?.

Of course it's possible, just as Mouss said. Have the ISP set your
custom reverse name (PTR) for your IP address. Use that name, 
whatever it was that you decide on, as $myhostname in Postfix.

If the ISP can't/won't do that, you can't run a serious MTA there. 
Use a relayhost or shop around for other options. Hobbyists might 
find a VPS hosting service like Linode.com to be more affordable than 
business-class Internet service.
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: reverse dns fails with multiple domains

[Stan Hoeppner]

John WInther put forth on 3/6/2010 4:18 PM:
> My primary concern is that some mailservers deny sending mail to my domains
> if the reverse dns lookup fails. If I set myhostname to one of my public
> domains, the reply string from HELO is ok, but the reverse dns lookup
> fails,
> If not possible to satisfy both issues what is best configuration?.

I still don't understand what reverse dns failure you're talking about.
Please paste the failure info page or link from mx toolbox so we understand
exactly what you're talking about.

-- 
Stan

Re: reverse dns fails with multiple domains

[John WInther]

My primary concern is that some mailservers deny sending mail to my domains
if the reverse dns lookup fails. If I set myhostname to one of my public
domains, the reply string from HELO is ok, but the reverse dns lookup fails,
If not possible to satisfy both issues what is best configuration?.

- Original Message - 
From: "mouss" 

To: 
Sent: Saturday, March 06, 2010 10:01 PM
Subject: Re: reverse dns fails with multiple domains



Stan Hoeppner a écrit :

John WInther put forth on 3/6/2010 12:57 PM:

Thanks for info, I am aware of  the manual and I have previus tryed to
change the myhostname to soapnut.dk, I still got the reverse dns error.
I gave me an idear to reverse resolve the ip address registred in mx,
and the reply from that test was the dns name of my internet access.
0xbcb75b12.cpe.ge-1-1-0-1112.customer.tele.dk, when i put that in as
myhostname the reverse dns lookup reply with success.


RFC does not dictate that your forward and reverse dns names match.  It 
does
dictate that a domain name must be valid.  Anything ending in .local is 
not

valid.

I'd suggest against using

0xbcb75b12.cpe.ge-1-1-0-1112.customer.tele.dk

as your Postfix HELO name.  Use a hostname based on one of your mail 
domains
instead.  Some sites will block SMTP servers that HELO with such a 
generic

hostname as that above.


true. better use soapnut.dk in myhostname. Although I doubt this will
help a lot:

- "some" sites will block if the PTR is generic... too many zombies out
there...

- OP's reverse DNS is borked:
$ host 188.183.91.18
18.91.183.188.in-addr.arpa domain name pointer
0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk.
$ host 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk.
Host 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk. not found:
3(NXDOMAIN)

so OP not only has a "generic" name, but it doesn't resolve back to the
IP. If he can get his ISP to fix his reverse (preferably using a custom
reverse), then maybe things will get better.

Re: reverse dns fails with multiple domains

[Stan Hoeppner]

mouss put forth on 3/6/2010 3:01 PM:

> so OP not only has a "generic" name, but it doesn't resolve back to the
> IP. If he can get his ISP to fix his reverse (preferably using a custom
> reverse), then maybe things will get better.

I assume this is difficult if not impossible, given it appears residential,
so I recommended fixing what he could, the HELO name.  And yes, many sites
will block that PTR string at client name lookup as well as HELO lookup, but
I think the probability is higher with HELO.

-- 
Stan

Re: reverse dns fails with multiple domains

[Stan Hoeppner]

Greg A. Woods put forth on 3/6/2010 2:58 PM:
> At Sat, 06 Mar 2010 14:42:13 -0600, Stan Hoeppner  
> wrote:
> Subject: Re: reverse dns fails with multiple domains
>>
>> RFC does not dictate that your forward and reverse dns names match.
> 
> Common sense and common decency do though -- since if the forward and
> reverse names are not all orthogonal then the DNS lies, either by
> omission, or outright.

Apparently you've missed past discussions here showing some examples of why
this can be neither practical or desirable in some situations.

> For every hostname pointing at an IP address, there should be a
> corresponding PTR for that address pointing back at the hostname.

When you say hostname, are you talking A record?  Are you talking all IPs in
general, or only MX hosts, or SMTP sending hosts?  Does a web server ever
need a PTR?  Do any web browsers ever look up a host via PTR?  No.  So why
should a web server have a PTR?

> There's no real excuse for mis-matched forward and reverse DNS.  If
> you're going to show your reverse DNS to the world, then do it right.

A web server with a single IP address hosting 378 vitural domains.  Should
it have 379 PTRs?  One for the host itself and one for each virtual domain?
 Of course not.

A mail server with a single IP address hosting 378 mail domains?  Should it
have 379 PTRs?  One for the host itself and one for each virtual MX domain?
 Of course not.  In this case, the DNS infrastructure isn't smart enough to
return matching records even though they do exist, so why bother?

You're living in a "perfect" world where everything has a 1:1 relationship
in DNS.  In the real world, this isn't the case, and probably never will be.

I argued your position for years until I was blue in the face.  You know
what it gained me?  A blue face.  Nothing else.

BTW, please keep list correspondence on list.  I don't see any reason why
your reply needed to be off list.

-- 
Stan

Re: virtual domains

[mouss]

motty cruz a écrit :
> Thanks Daniel, 
> Actually postfix was not part of vmail group. I added to the vmail group
> My configuration seem to be all wrong, I can't get postfix to deliver mail
> to /var/mail/${USER}
> /var/mail/(all virtual users)
> 

do not use /var/mail/. create another directory, say /var/vmail/ with
appropriate ownership and permissions. Leave /var/mail as it is. (yes,
it is possible to use /var/mail, but that will only cause trouble in a
few situations...).


> Any suggestions? Are really appreciated. 
> Thanks for all your help, it is appreciated, as I have read tons of howtos
> and have not been successful and in achieving this goal. 
> 

Re: reverse dns fails with multiple domains

[mouss]

Stan Hoeppner a écrit :
> John WInther put forth on 3/6/2010 12:57 PM:
>> Thanks for info, I am aware of  the manual and I have previus tryed to
>> change the myhostname to soapnut.dk, I still got the reverse dns error.
>> I gave me an idear to reverse resolve the ip address registred in mx,
>> and the reply from that test was the dns name of my internet access.
>> 0xbcb75b12.cpe.ge-1-1-0-1112.customer.tele.dk, when i put that in as
>> myhostname the reverse dns lookup reply with success.
> 
> RFC does not dictate that your forward and reverse dns names match.  It does
> dictate that a domain name must be valid.  Anything ending in .local is not
> valid.
> 
> I'd suggest against using
> 
> 0xbcb75b12.cpe.ge-1-1-0-1112.customer.tele.dk
> 
> as your Postfix HELO name.  Use a hostname based on one of your mail domains
> instead.  Some sites will block SMTP servers that HELO with such a generic
> hostname as that above.

true. better use soapnut.dk in myhostname. Although I doubt this will
help a lot:

- "some" sites will block if the PTR is generic... too many zombies out
there...

- OP's reverse DNS is borked:
$ host 188.183.91.18
18.91.183.188.in-addr.arpa domain name pointer
0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk.
$ host 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk.
Host 0xbcb75b12.cpe.ge-1-1-0-1112.hcnqu2.customer.tele.dk. not found:
3(NXDOMAIN)

so OP not only has a "generic" name, but it doesn't resolve back to the
IP. If he can get his ISP to fix his reverse (preferably using a custom
reverse), then maybe things will get better.

Re: reverse dns fails with multiple domains

[Stan Hoeppner]

John WInther put forth on 3/6/2010 12:57 PM:
> Thanks for info, I am aware of  the manual and I have previus tryed to
> change the myhostname to soapnut.dk, I still got the reverse dns error.
> I gave me an idear to reverse resolve the ip address registred in mx,
> and the reply from that test was the dns name of my internet access.
> 0xbcb75b12.cpe.ge-1-1-0-1112.customer.tele.dk, when i put that in as
> myhostname the reverse dns lookup reply with success.

RFC does not dictate that your forward and reverse dns names match.  It does
dictate that a domain name must be valid.  Anything ending in .local is not
valid.

I'd suggest against using

0xbcb75b12.cpe.ge-1-1-0-1112.customer.tele.dk

as your Postfix HELO name.  Use a hostname based on one of your mail domains
instead.  Some sites will block SMTP servers that HELO with such a generic
hostname as that above.

-- 
Stan

Re: reverse dns fails with multiple domains

[John WInther]

Thanks for info, I am aware of  the manual and I have previus tryed to 
change the myhostname to soapnut.dk, I still got the reverse dns error.
I gave me an idear to reverse resolve the ip address registred in mx, and 
the reply from that test was the dns name of my internet access. 
0xbcb75b12.cpe.ge-1-1-0-1112.customer.tele.dk, when i put that in as 
myhostname the reverse dns lookup reply with success.

Thanks

- Original Message - 
From: "Wietse Venema" 

To: "Postfix users" 
Sent: Saturday, March 06, 2010 1:33 PM
Subject: Re: reverse dns fails with multiple domains



John WInther:

Hi

I host 6 mail domains. When I validate my mx configuration online
with mxtoolbox.com, I got a fail with reverse dns lookup, my
localhostname of the server is bsd5.homedom.local, and that is
the domain reverse dns tested, ofcourse it fails hense it is not
a public domain, but a local domain.
How do I config postfix to reply with correct banner acording to
the public domain tested, 1 of 6 public domain names, and not the
localhost name


The "mail server" name is set with the main.cf myhostname parameter.

I suggest that you also read the following:
http://www.postfix.org/BASIC_CONFIGURATION_README.html

Wietse 

Re: Transport table gone ?

[Noel Jones]

On 3/6/2010 8:29 AM, Xavier HUMBERT wrote:

Hello, I make rather heavy use of transport_maps as explained in
  and in the
transport(5) section of the man pages.

Today I upgraded my dozen of servers to Postix 2.7 under FreeBSD 7.3,
and got the waring below :


 Note: the following files or directories still exist but are
 no longer part of Postfix:

  /usr/local/etc/postfix/transport


Nevertheless, I carefully read the 2.7 Release announcment, there's no
mention of such a suppression.

Does it mean that I *must* use another routing mechanism ?

Thanks,



That's just a note that the sample file is no longer supplied 
by postfix.


You're still free to use that name, or any other valid 
filename, for your local transport table.


  -- Noel Jones

Transport table gone ?

[Xavier HUMBERT]

Hello, I make rather heavy use of transport_maps as explained in
 and in the
transport(5) section of the man pages.

Today I upgraded my dozen of servers to Postix 2.7 under FreeBSD 7.3,
and got the waring below :

> Note: the following files or directories still exist but are
> no longer part of Postfix:
> 
>  /usr/local/etc/postfix/transport

Nevertheless, I carefully read the 2.7 Release announcment, there's no
mention of such a suppression.

Does it mean that I *must* use another routing mechanism ?

Thanks,

-- 
Xavier

Re: reverse dns fails with multiple domains

[Wietse Venema]

John WInther:
> Hi
> 
> I host 6 mail domains. When I validate my mx configuration online
> with mxtoolbox.com, I got a fail with reverse dns lookup, my
> localhostname of the server is bsd5.homedom.local, and that is
> the domain reverse dns tested, ofcourse it fails hense it is not
> a public domain, but a local domain.
> How do I config postfix to reply with correct banner acording to
> the public domain tested, 1 of 6 public domain names, and not the
> localhost name

The "mail server" name is set with the main.cf myhostname parameter.

I suggest that you also read the following:
http://www.postfix.org/BASIC_CONFIGURATION_README.html

Wietse

Re: SMTP AUTH not subjected to unnecessary check?

[mouss]

Voytek Eymont a écrit :
> On Fri, March 5, 2010 11:29 am, mouss wrote:
>> Voytek Eymont a écrit :
> 
>> there is no evidence in your config that auth'ed mail gets a different
>> ticket than other mail.
>>
>> the recommended way is to enable "submission" (port 587) and configure
>> clients to use this port. This will be more and more common, and if you
>> get here in a few years, this will be the only recommendation, because
>> there is no point to complicate things when you can do it simply...
> 
> Mouss,
> 
> but I enabled 'submission' and use port 587 for SMTP AUTH, and, am I
> missing something?
> 
> from master.cf
> ..
> submission inet n   -   n   -   -   smtpd
>  -o smtpd_tls_security_levels=encrypt -o smtpd_sasl_auth_enable=yes
> ..
> 
> 
> 
> 

you need something like
-o content_filter=smtp-amavis:[127.0.0.1]:10586

_after_ you have configured amavis to listen on port 10586 and
configured it to skip spam filtering on this port. This part is specific
to amavisd-new. you need to look at its docs. you can also try Gary's page:
http://www200.pair.com/mecham/spam/bypassing.html

Re: retry with ssmtp if smtp delivery fails

[Roel van Meer]

Wietse Venema writes:


The submission service (port 587) requires authentication. The
ssmtp service (port 465) requires a protocol that has been deprecated
for years, and that is not even implemented in the Postfix SMTP
client.

So that kills off the STANDARD mail ports.


Ah, that's clear. Thank you.

That is true, yes. I know it can be done this way, but what I am looking 
for is a generic solution that tries delivery on port 25 first, and on port 
n next. The goal is to prevent the requirement of configuring each client 
separately.


That is a mistake. 


You can't simply assume that all your customers will accept mail
on some NON-STANDARD port number. This requires prior arrangements,
plus a transport map entry.


Well, we can make those arrangements, because we're the ones 
maintaining their servers.


I'll use the transport map.

Thanks for your answers,

roel

reverse dns fails with multiple domains

[John WInther]

Hi

I host 6 mail domains. When I validate my mx configuration online with 
mxtoolbox.com, I got a fail with reverse dns lookup, my localhostname of the 
server is bsd5.homedom.local, and that is the domain reverse dns tested, 
ofcourse it fails hense it is not a public domain, but a local domain.
How do I config postfix to reply with correct banner acording to the public 
domain tested, 1 of 6 public domain names, and not the localhost name

Rgds John


Malling Ayurveda Produkter
www.soapnut.dk

Re: SMTP AUTH not subjected to unnecessary check?

[Magnus Bäck]

On Friday, March 05, 2010 at 00:16 CET,
 Voytek Eymont  wrote:

> I have Postfix with SMTP AUTH with self issued certificate, it all
> works well (as long as I don't touch it..)

SMTP authentication has nothing to do with self-signed certificates.

> I have now "allowed" some users to use SMTP AUTH, but, some of their
> mail then gets evaluated as 'spam' by amavisd/spamassasin scores,
> amongst these, 'dynamic ip' type scores
> 
> am I correctly exempting SMTP AUTH users from unnecessary anti-spam
> evals such as 'dynamic ip' 'direct access to smpt host' type of evals
> ?
> 
> or is this something I need to in amavisd/spamassasin ?

There is no configuration in Postfix to affect the operation of external
antispam tools. If you want them to treat certain messages differently
you should look into their configuration.

[...]

-- 
Magnus Bäck
mag...@dsek.lth.se

Re: allowing a fix ip dsl user access to smtp ?

[Magnus Bäck]

On Friday, March 05, 2010 at 13:59 CET,
 Voytek Eymont  wrote:

> I have a user on fixed IP adsl,
> is that a bad idea to add his IP to my Postfix server to allow him
> smtp use ?

No, not if the IP is fixed and you trust the people behind that address
as much as you trust your own users.

> if it's OK, where do I add his IP ? do I add it in mynetworks ?

Yes.

-- 
Magnus Bäck
mag...@dsek.lth.se