Re: Catch-all alias not working correctly

[Wietse Venema]

Da-Huntha:
 Oops, I forgot to mention the problem: All mail goes to the catch-all
 address, so even mail destined for m...@domain.com.

As documented, virtual alias expansion is recursive.

  # /etc/postfix/virtual
  m...@domain.com me
  @domain.com spam
  @domain2.com spam

To stop the recursion, use the same email address on the
right-hand side as the left hand side:

m...@domain.com m...@domain.com

Wietse

Re: Can Receive jpeg but can`t send

[Wietse Venema]

Rafael Andrade:
 Hello Members,
 
 I would like to know if there is a method so I can have the following 
 configuration on my MTA:
 
 The user foobar can receive attached jpeg files, but cannot send 
 attached jpegs.  I need this because some employees must receive some 
 files in a specific extension, but cannot send files in that same 
 extension.

What is the error message?

Wietse

AW: whitelist for smtp_recipient_restrictions

[Schwalbe, Oliver]

 
 
Hello Mr. Hildebrandt,
 
thanks for the good advice.
I try this.
 
O. Schwalbe



Von: owner-postfix-us...@postfix.org im Auftrag von Ralf Hildebrandt
Gesendet: Sa 27.03.2010 00:12
An: postfix-users@postfix.org
Betreff: Re: whitelist for smtp_recipient_restrictions



* Schwalbe, Oliver oliver.schwa...@schnellecke.com:

 Hallo Herr Hildebrandt,

 Danke für die schnelle Rückantwort.
 uceprotect.net habe ich als erste Maßnahme schon deaktiviert, würde aber ganz 
 gerne wieder darauf
 zurückkommen.
 Ich bräuchte aber noch genauere Informationen, wo ich IP ok hinterlegen muß.
 Muß ich dafür eine eigene Datei anlegen und darauf verweisen?

Yes, like I wrote in my answer:
---check_client_access hash:/etc/postfix/whitelist

echo IP OK  /etc/postfix/whitelist
postmap /etc/postfix/whitelist

--
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de http://www.charite.de/ 
   


winmail.dat

Re: Spam from the same domain

[Sahil Tandon]

On Fri, 26 Mar 2010, Mark Goodge wrote:

 On 26/03/2010 20:54, listadecorreo wrote:
 
 in the last month I revived a lot of spam from user_non_ex...@mydomain
 to user_ex...@mydomain. can I block all received externals mails
 from my domain to my domain...
 
 It's very easy to block mails from fake_u...@domain to
 real_u...@domain. Just turn on sender address verification for your
 own domains. 

An easier way to block spam from f...@example.org is to use
reject_unlisted_sender.  See postconf(5).

http://www.postfix.org/postconf.5.html#reject_unlisted_sender
http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_sender

-- 
Sahil Tandon sa...@tandon.net

Re: Spam from the same domain

[mouss]

listadecorreo a écrit :
 
 Hello
 
 in the last month I revived a lot of spam from user_non_ex...@mydomain
 to user_ex...@mydomain. can I block all received externals mails
 from my domain to my domain...
 I use postfix with amavis (spamassassin/clamav)
 


- to block mail from user_not_ex...@yourdomain, simply use
reject_unlisted_sender
in your smtpd restrictions, or even more simply, set
smtpd_reject_unlisted_sender = yes
The latter applies to all mail.

- to block mail from user_ex...@yourdomain if it comes from external
clients and is not authenticated, then simply use

smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_sender_access hash:/etc/postfix/access_sender
...

== access_sender
example.com REJECT not allowed without authentication
.example.comREJECT not allowed without authentication
...

This will reject all mail from j...@example.com or j...@sub.example.com
unless it comes from mynetworks or the user was authenticated.

note this applies to envelope addresses (MAIL FROM), not to headers
(From: or Reply-To:).

If you are about headers, first try zen as suggested before. for the
spam that slips, tune spamassassin.

Re: Postfix redirection after aliase resolution

[mouss]

Bob Sauvage a écrit :
 Hi people !
 
 
 I have a postfix server and I want to redirect my mails to another
 server (Spam filter) after the aliase resolution. Because this spam
 filter can only filter 100 adresses.
 
 
 When the other server has completed its work, it sends this mail to my
 Postfix server (on another SMTP process and another port of course).
 
 And finally the mails will be delivered.
 
 
 Is this possible ?


yes. configure filtering as usual, but put the
-o receive_override_options=no_address_mappings
in the after the filter smtpd listener, not in the before the filter
as is usually done.

More generally, this option should be set in all smtpd listeners in a
chain, except in the one where you want address rewrite. (you don't want
rewrite twice, because it may cause duplicate delivery).

Re: Difference between default_destination_recipient_limit and smtpd_recipient_limit

[mouss]

Marcos Lorenzo de Santiago a écrit :
 El vie, 26-03-2010 a las 12:06 +0100, Wietse Venema escribió:
 Marcos Lorenzo de Santiago:
  I had configured default_destination_recipient_limit to 1500 and I
  couldn't send an email destined to 1100 recipients. It was when I
  modified this two options when I got it working:
  
  smtpd_recipient_overshoot_limit
  smtpd_recipient_limit
  
  I rtfm but I just can't see why it wasn't working, because
  default_destination_recipient_limit seems to be the default value for
  every postfix service.
  
  ... or maybe I am just missing something.

 Indeed. You missed the instructions for reporting a problem
 on this mailing list. They were sent to you in the mailing
 list welcome message.
 
 externo2:~# postconf -n
 alias_database = hash:/etc/aliases
 alias_maps = hash:/etc/aliases
 append_dot_mydomain = no
 biff = no
 config_directory = /etc/postfix
 default_destination_recipient_limit = 2
 inet_interfaces = all
 mailbox_size_limit = 0
 message_size_limit = 52428800
 mydestination = externo2.ayto-getafe.org, localhost.ayto-getafe.org,
 localhost
 myhostname = externo2.ayto-getafe.org
 mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 10.0.0.0/8
 172.16.0.0/12 192.168.0.0/16
 myorigin = /etc/mailname
 readme_directory = no
 recipient_delimiter = +
 relay_domains = $mydestination, ayto-getafe.org
 relayhost =
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
 smtpd_recipient_limit = 2
 smtpd_recipient_overshoot_limit = 2
 smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,
 reject_unknown_sender_domain, check_sender_access
 hash:/etc/postfix/sender_access
 smtpd_tls_cert_file = /etc/ssl/certs/mailer.ayto-getafe.org_cert.pem
 smtpd_tls_key_file = /etc/ssl/private/mailer.ayto-getafe.org_key.pem
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtpd_use_tls = yes
 transport_maps = hash:/etc/postfix/transport
 
 
 I have no logs to show, sorry. But my question remains as simple as before:
 Could anyone please point me to some document (RFC or so) where that
 options and its use are more thoroughly explained than in postfix's manual?
 
 Sorry for missing info and thank you very much for your time.
 

without logs and/or transcripts, we have no idea what blocks your mail.
It is possible that mail was blocked by some piece (anti-virus,
firewall, router, mail relay, ...) other than postfix.

As for the parameters, smtpd_* apply to the smtpd server, which
_receives_ mail, while default_destination_recipient_limit applies to
mail that postfix _delivers_ (via smtp, lmtp, virtual and pipe).

Re: Difference between default_destination_recipient_limit and smtpd_recipient_limit

[Wietse Venema]

Marcos Lorenzo de Santiago:
 El vie, 26-03-2010 a las 12:06 +0100, Wietse Venema escribi?:
 
  Marcos Lorenzo de Santiago:
   I had configured default_destination_recipient_limit to 1500 and I
   couldn't send an email destined to 1100 recipients. It was when I
   modified this two options when I got it working:
   
   smtpd_recipient_overshoot_limit
   smtpd_recipient_limit
   
   I rtfm but I just can't see why it wasn't working, because
   default_destination_recipient_limit seems to be the default value for
   every postfix service.
   
   ... or maybe I am just missing something.
  
  Indeed. You missed the instructions for reporting a problem
  on this mailing list. They were sent to you in the mailing
  list welcome message.
 
 
 externo2:~# postconf -n
 alias_database = hash:/etc/aliases
 alias_maps = hash:/etc/aliases
 append_dot_mydomain = no
...
 
 I have no logs to show, sorry.

Then could you at least tell us **what is the error message**

Wietse

Re: Spam from the same domain

[listadecorreo]

mouss wrote:

listadecorreo a écrit :
  

Hello

in the last month I revived a lot of spam from user_non_ex...@mydomain
to user_ex...@mydomain. can I block all received externals mails
from my domain to my domain...
I use postfix with amavis (spamassassin/clamav)





- to block mail from user_not_ex...@yourdomain, simply use
reject_unlisted_sender
in your smtpd restrictions, or even more simply, set
smtpd_reject_unlisted_sender = yes
The latter applies to all mail.

- to block mail from user_ex...@yourdomain if it comes from external
clients and is not authenticated, then simply use

smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_sender_access hash:/etc/postfix/access_sender
...

== access_sender
example.com REJECT not allowed without authentication
.example.comREJECT not allowed without authentication
...

This will reject all mail from j...@example.com or j...@sub.example.com
unless it comes from mynetworks or the user was authenticated.

note this applies to envelope addresses (MAIL FROM), not to headers
(From: or Reply-To:).

If you are about headers, first try zen as suggested before. for the
spam that slips, tune spamassassin.


  
thanks, is perfect 


Recuerdos Pep

Re: Postfix LDAP Temporary lookup failure

[Wietse Venema]

Victor Duchovni:
 On Fri, Mar 26, 2010 at 04:54:00PM -0400, Wietse Venema wrote:
 
   Don't pass non-ASCII user names to your LDAP table.
  
  Hmm. If the Postfix LDAP driver handles only non-ASCII query keys
  then we should have a smarter response from the mail system.
 
 Agreed. By the time I read your message, I had already implemented this
 idea. Arguably, something similar should be done for MySQL and PgSQL,
 since even with the databases willing to convert local encodings to
 UTF-8, the data Postfix sends into the query is not known to be in the
 local character-set, and so all such queries are dubious.

Currently, sites that send valid UTF-8 in MAIL/RCPT commands can
make meaningful LDAP queries in Postfix.  Lots of MTAs are 8-bit
clean internally, so this can actually work today.

Do we want to remove this ability from Postfix, or should we add
a valid_utf_8() routine in anticipation of a future standardization
of UTF8SMTP?

Wietse