Maildir not automaticily added with virtual users
I use virtual users and virtual domains My virtual_mailbox_base = /var/mail/vhosts My virtual_mailbox_maps = hash:/etc/postfix/vmailbox home_mailbox = Maildir/ In etc/postfix/vmailbox u...@example.comexample.com/user In this case my mail is not delivered - I get a message user is dir not file When I change this into: In etc/postfix/vmailbox u...@example.comexample.com/user/ My mail is now delivered at /var/mail/vhosts/example.com/user and not to /var/mail/vhosts/example.com/user/Maildir When i want the mail delivered to /var/mail/vhosts/example.com/user/Maildir I have to change the file vmailbox to: In etc/postfix/vmailbox u...@example.comexample.com/user/Maildir/ I expected that if you choose for a kind of Mailbox, this would also be for virtual users. I expected it to work with the first option, without the / (u...@example.com example.com/user) I should think this is logical. Is this a bug ??? I want my mail delivered at /var/mail/vhosts/example.com/user/Maildir Thanks Erik
I only want to use Virtual Users - No UNIX accounts at ALL
Hai, I have a configuration and dont want to use UNIX account for receiving or sending mail. I want ONLY Virtual Users. So I did think is this possible. In my current configuration i use: mydestination = $myhostname, localhost.$mydomain, localhost mydomain = Example.com myhostname = Mail.Example.com But I think something can go wrong here because if a message uses for whatever reason u...@localhost.example.com, it is delivered to the /home/user directory And I dont see it, because i look for mail in /var/mail/vhosts/example.com/user/Maildir If possible i don't want to fill in anything with myhostname mydestination mydomain or I want to set it to a local domain. A domain what doesnot realy exists something like: mydestination = $myhostname, localhost.$mydomain, localhost mydomain = home.private myhostname = Mail.home.private But I use a relayhost relayhost = smtp.provider.nl And I dont want messages from this localdomain going to the INTERNET or to my provider, because 1) Im sending undeliverable messages 2) So i produse SPAM and email from my server will be blocked. I dont want this to happen. Thanks Erik My configuration: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 disable_vrfy_command = no home_mailbox = Maildir/ inet_interfaces = all mailbox_command = mailbox_size_limit = 0 mydestination = $myhostname, localhost.$mydomain, localhost mydomain = Example.com myhostname = Mail.Example.com mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 192.168.0.0/24 myorigin = AOpen.Example.com notify_classes = resource, software readme_directory = no recipient_delimiter = + relayhost = smtp.versatel.nl smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_path = private/auth-client smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/ssl/certs/server.crt smtpd_tls_key_file = /etc/ssl/private/server.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom virtual_alias_maps = hash:/etc/postfix/virtual virtual_gid_maps = static:5000 virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_domains = Example.com Example1.com Example2.com Example3.com virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_minimum_uid = 100 virtual_uid_maps = static:5000 Version info: OS: Linux 2.6.32-5-686 i686 Debian 6.0.2 ext4 Postfix 2.7.1-1+squeeze1
Re: Maildir not automaticily added with virtual users
On 20/07/2011 09:12, Erik - versatel wrote: I use virtual users and virtual domains My virtual_mailbox_base = /var/mail/vhosts My virtual_mailbox_maps = hash:/etc/postfix/vmailbox home_mailbox = Maildir/ In etc/postfix/vmailbox u...@example.comexample.com/user In this case my mail is not delivered - I get a message user is dir not file When I change this into: In etc/postfix/vmailbox u...@example.comexample.com/user/ My mail is now delivered at /var/mail/vhosts/example.com/user and not to /var/mail/vhosts/example.com/user/Maildir When i want the mail delivered to /var/mail/vhosts/example.com/user/Maildir I have to change the file vmailbox to: In etc/postfix/vmailbox u...@example.comexample.com/user/Maildir/ I expected that if you choose for a kind of Mailbox, this would also be for virtual users. I expected it to work with the first option, without the / (u...@example.com example.com/user) I should think this is logical. Is this a bug ??? I want my mail delivered at /var/mail/vhosts/example.com/user/Maildir Thanks Erik home_mailbox only applies with local users (ie. non virtual ones). I think you need to specify the Maildir/ prefix for each virtual user you will hande: /etc/postfix/vmailbox: u...@example.comexample.com/user/Maildir/ -- Antoine Nguyen Modoboa developer http://modoboa.org
Re: With soft_bounce set to no, we are seeing a lot of send failures that look like they should be permanent 554's being handled as temporary.
Am 20.07.2011 05:15, schrieb Michael Orlitzky: And a trickier one: * smtp_dns_resolver_options = res_defnames, in postfix = 2.8 That would be 2.8. Append the current domain name to single-component names (those that do not contain a . character). This can produce incorrect results, and is the hard-coded behavior prior to Postfix 2.8. Mind you there was a massive related bug in GNU glibc and eglibc that caused name lookups to fail without glibc ever having sent a DNS query when res_defnames was cleared for one-component names. This was reported against the upstream and at least Ubuntu and openSUSE, and it is fixed in the upstream glibc repository, but I'm not aware which Linux distros have actually gone for a stable release update. See https://bugs.launchpad.net/ubuntu/natty/+source/postfix/+bug/777855 it also has links to the upstream and SUSE reports and the upstream patch to (e)glibc.
Virtual domain aliases
Hi all, I have a Postfix/MailScanner front-end set up which works well, however I'm not sure I've configured it correctly (or in the best way)... The box uses header_checks to place all incoming messages in the hold queue (standard stuff) and transport_maps define which mail server the mail gets forwarded onto after scanning, per domain. The difficulty I'm finding is maintaining a list of 'valid users' per domain, so I can reject invalid recipients at SMTP level rather than accepting all into the queue and being a potential source of backscatter. The solution I've come up with is using virtual_alias_maps. The problem I'm finding is that I can not get it to work without having the remote domain in $mydestination too. I understand the docs suggest that you shouldn't have the remote domain in both $mydestination and $virtual_alias_domains? The configuration I have works but I don't fully understand why, and would like to know if there's a better way? Also, is there a way to enable recipient verification on a per-domain basis? This is another idea I was considering. I've included my 'postconf -n' output below Many thanks for any suggestions, Duncan Baxter alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases anvil_rate_time_unit = 60s append_dot_mydomain = no biff = no bounce_queue_lifetime = 5d config_directory = /etc/postfix default_destination_concurrency_limit = 5 delay_warning_time = 4h disable_vrfy_command = yes fast_flush_domains = header_checks = regexp:/etc/postfix/header_checks home_mailbox = Maildir/ inet_interfaces = all inet_protocols = all initial_destination_concurrency = 2 mailbox_size_limit = 0 message_size_limit = 2048 mydestination = $myhostname, /etc/postfix/relaydomains myhostname = mail.richardsavage.org.uk mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 212.87.xx.xxx/32 mynetworks_style = host myorigin = /etc/mailname postscreen_bare_newline_action = drop postscreen_bare_newline_enable = yes postscreen_dnsbl_action = drop postscreen_dnsbl_sites = bl.spamcop.net, zen.spamhaus.org, cbl.abuseat.org postscreen_dnsbl_threshold = 1 postscreen_greet_action = drop postscreen_greet_banner = postscreen_greet_wait = 3s postscreen_non_smtp_command_action = drop postscreen_non_smtp_command_enable = yes postscreen_pipelining_action = drop postscreen_pipelining_enable = yes readme_directory = no recipient_delimiter = relay_domains = relayhost = smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP smtpd_client_connection_count_limit = 2 smtpd_client_connection_rate_limit = 5 smtpd_client_event_limit_exceptions = 127.0.0.1 smtpd_client_message_rate_limit = 10 smtpd_client_recipient_rate_limit = 250 smtpd_client_restrictions = reject_unauth_pipelining, reject_unknown_client_hostname smtpd_data_restrictions = reject_multi_recipient_bounce, reject_unauth_pipelining smtpd_delay_reject = yes smtpd_etrn_restrictions = reject smtpd_hard_error_limit = 10 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_unknown_helo_hostname, reject_invalid_helo_hostname, reject_non_fqdn_hostname, reject_unauth_pipelining smtpd_recipient_limit = 100 smtpd_recipient_overshoot_limit = 1 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_reject_footer = For assistance, contact supp...@quavey.co.uk.\nPlease provide the following information in your problem report.\ntime ($localtime), client ($client_address), and server ($server_name). smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain smtpd_soft_error_limit = 2 smtpd_tls_ask_ccert = no smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes soft_bounce = no strict_rfc821_envelopes = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_client_reject_code = 450 virtual_alias_domains = yes virtual_alias_maps = hash:/etc/postfix/virtual_addresses
Re: Virtual domain aliases
I have a Postfix/MailScanner front-end set up which works well, however I'm not sure I've configured it correctly (or in the best way)... The box uses header_checks to place all incoming messages in the hold queue (standard stuff) and transport_maps define which mail server the mail gets forwarded onto after scanning, per domain. So you are relaying to other MTAs. The difficulty I'm finding is maintaining a list of 'valid users' per domain, so I can reject invalid recipients at SMTP level rather than accepting all into the queue and being a potential source of backscatter. The solution I've come up with is using virtual_alias_maps. The problem I'm finding is that I can not get it to work without having the remote domain in $mydestination too. I understand the docs suggest that you shouldn't have the remote domain in both $mydestination and $virtual_alias_domains? What about using relay_domains and relay_recipient_maps. I am using this to forward mail do an IMAP-server, but this doesn't matter. Example modified from my config: relay_domains = ${ldap}/relay_domains.cf relay_recipient_maps = pcre:${map}/roleaccount.pcre, ${ldap}/relay_recipient_maps.cf virtual_alias_maps = ${ldap}/relay_recipient_maps.cf And do not add it to mydestination please. Best wishes Christian -- Roessner-Network-Solutions Bachelor of Science Informatik 50°34.725'N, 08°40.904'O, Nahrungsberg 81, 35390 Giessen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com signature.asc Description: OpenPGP digital signature
Re: reinjection via unix socket
Hello Victor, Am Tue, 19 Jul 2011 11:37:56 -0400 Victor Duchovni victor.ducho...@morganstanley.com schrieb: On Tue, Jul 19, 2011 at 05:02:34PM +0200, Lars T??uber wrote: The unix socket can't be used by other users than root or postfix. Is there a way to configure ownership and/or permissions for the socket? No, the parent directory: $queue_directory/private, must be protected from users other than postfix (or root). I thought under Linux the filesystem permissions reflect the permissions to the unix socket. The entire path to the unix socket, including parent directories. $ ls -ld /var/spool/postfix/private/ /var/spool/postfix/public/ drwx-- 2 postfix root 4096 Jun 7 17:59 /var/spool/postfix/private/ drwx--x--- 2 postfix postdrop 4096 Jun 7 17:59 /var/spool/postfix/public/ Am I doing something wrong? To run an smtpd in a less restricted directory, you need to place the socket in a new location. You can create /var/spool/postfix/world owner postfix, mode 0755, and in master.cf use: ../world/sname unix ... instead of sname unix ... thanks for this hint. I try your approach but have connection problems. This is what I did: $ ls -ld /var/spool/postfix/dspam/ drwx-ws--T 2 postfix dspam 4096 2011-07-20 11:27 /var/spool/postfix/dspam/ $ ls -l /var/spool/postfix/dspam/ total 0 srw-rw-rw- 1 postfix dspam 0 2011-07-20 11:26 backdoor srwxrwxrwx 1 dspam dspam 0 2011-07-20 11:27 filter master.cf: ../dspam/backdoor unix n - n - 3 smtpd [...] Now it is possible to talk to the dspam filter: # sudo -u postfix /usr/bin/socat - # UNIX-CONNECT:/var/spool/postfix/dspam/filter 220 DSPAM LMTP 3.6.8 Ready quit 221 2.0.0 OK But I don't get any answer from the postfix backdoor: # sudo -u dspam /usr/bin/socat - UNIX-CONNECT:/var/spool/postfix/dspam/backdoor sdfdsds s ^C Any more things to consider? with this any user will be able to access the socket. Of course at that point, why not just use inet instead with a loopback address? I try to avoid the usage of AF_INET-sockets because of CPU and traffic overhead. Lars
Re: reinjection via unix socket
Sorry I had the automatic linebreaking activated in my mail program. The correct command line was this: # sudo -u postfix /usr/bin/socat - UNIX-CONNECT:/var/spool/postfix/dspam/filter 220 DSPAM LMTP 3.6.8 Ready quit 221 2.0.0 OK Best wishes Lars
Re: Virtual domain aliases
What about using relay_domains and relay_recipient_maps. I am using this to forward mail do an IMAP-server, but this doesn't matter. Example modified from my config: relay_domains = ${ldap}/relay_domains.cf relay_recipient_maps = pcre:${map}/roleaccount.pcre, ${ldap}/relay_recipient_maps.cf virtual_alias_maps = ${ldap}/relay_recipient_maps.cf And do not add it to mydestination please. Thanks Christian, using relay_domains and relay_recipient_maps seems to work perfectly without the need to use $mydestination. I just get a warning if I include virtual_alias_maps also, so have left it out. Many thanks for your quick response! Best wishes, Duncan.
Re: reinjection via unix socket
Hi Victor, Am Tue, 19 Jul 2011 11:37:56 -0400 Victor Duchovni victor.ducho...@morganstanley.com schrieb: On Tue, Jul 19, 2011 at 05:02:34PM +0200, Lars T??uber wrote: The unix socket can't be used by other users than root or postfix. Is there a way to configure ownership and/or permissions for the socket? No, the parent directory: $queue_directory/private, must be protected from users other than postfix (or root). I thought under Linux the filesystem permissions reflect the permissions to the unix socket. The entire path to the unix socket, including parent directories. $ ls -ld /var/spool/postfix/private/ /var/spool/postfix/public/ drwx-- 2 postfix root 4096 Jun 7 17:59 /var/spool/postfix/private/ drwx--x--- 2 postfix postdrop 4096 Jun 7 17:59 /var/spool/postfix/public/ Am I doing something wrong? To run an smtpd in a less restricted directory, you need to place the socket in a new location. You can create /var/spool/postfix/world owner postfix, mode 0755, and in master.cf use: ../world/sname unix ... instead of sname unix ... using this leads me into this error message: mail.err: [...] postfix/smtpd[29046]: fatal: open lock file pid/unix.../world/sname: cannot create file exclusively: No such file or directory I couldn't find locking options for smtpd. How can this be solved? Thanks Lars
Re: reinjection via unix socket
Lars T?uber: $ ls -ld /var/spool/postfix/private/ /var/spool/postfix/public/ drwx-- 2 postfix root 4096 Jun 7 17:59 /var/spool/postfix/private/ drwx--x--- 2 postfix postdrop 4096 Jun 7 17:59 /var/spool/postfix/public/ Am I doing something wrong? To run an smtpd in a less restricted directory, you need to place the socket in a new location. You can create /var/spool/postfix/world Surprisingly, Postfix supports only the two socket directories that it was designed for. Before I even consider adding socket directories to Postfix I would like to see the result of a competently done benchmark across multiple operating system stacks (i.e. not just linux) that shows that loopback (127.0.0.1) performance is inadequate. With competent I mean a benchmark that does not ruin the performance of loopback sockets with Nagle delays because of improper buffering. Wietse
Re: reinjection via unix socket
Hello everybody, Am Wed, 20 Jul 2011 08:43:29 -0400 (EDT) Wietse Venema wie...@porcupine.org schrieb: Lars T?uber: $ ls -ld /var/spool/postfix/private/ /var/spool/postfix/public/ drwx-- 2 postfix root 4096 Jun 7 17:59 /var/spool/postfix/private/ drwx--x--- 2 postfix postdrop 4096 Jun 7 17:59 /var/spool/postfix/public/ Am I doing something wrong? To run an smtpd in a less restricted directory, you need to place the socket in a new location. You can create /var/spool/postfix/world Surprisingly, Postfix supports only the two socket directories that it was designed for. Before I even consider adding socket directories to Postfix I would like to see the result of a competently done benchmark across multiple operating system stacks (i.e. not just linux) that shows that loopback (127.0.0.1) performance is inadequate. I made some quick and dirty tests with socat and unix sockets, tcp over loopback and tcp over local network (real IP on eth0 on same machine) and see nearly no difference between loopback and unix socket. Only between loopback and local network is something measurable on the client side. So I switch back to loopback. Thanks Lars
Re: Maildir not automaticily added with virtual users
On 2011-07-20 09:12, Erik - versatel wrote: I use virtual users and virtual domains My virtual_mailbox_base = /var/mail/vhosts My virtual_mailbox_maps = hash:/etc/postfix/vmailbox home_mailbox = Maildir/ In etc/postfix/vmailbox u...@example.comexample.com/user In this case my mail is not delivered - I get a message user is dir not file Yes. As documented, virtual_mailbox_maps is a mapping from recipient address to a *mailbox*. When I change this into: In etc/postfix/vmailbox u...@example.comexample.com/user/ My mail is now delivered at /var/mail/vhosts/example.com/user and not to /var/mail/vhosts/example.com/user/Maildir Yes. As documented, virtual_mailbox_maps is a mapping from recipient address to a *mailbox*. When i want the mail delivered to /var/mail/vhosts/example.com/user/Maildir I have to change the file vmailbox to: In etc/postfix/vmailbox u...@example.comexample.com/user/Maildir/ Yes. As documented, virtual_mailbox_maps is a mapping from recipient address to a *mailbox*. I expected that if you choose for a kind of Mailbox, this would also be for virtual users. You choose for a mailbox type by either suffixing a directory slash (which makes it a maildir) or not (which makes it an mbox). This convention holds anywhere you can configure a mailbox in postfix - including, as documented, in virtual_mailbox_maps. Whether what you configured corresponds with reality is not under postfix's control. I expected it to work with the first option, without the / (u...@example.com example.com/user) I should think this is logical. Is this a bug ??? As documented, virtual_mailbox_maps is a mapping from recipient address to a *mailbox*. I want my mail delivered at /var/mail/vhosts/example.com/user/Maildir So set that as the RHS of the mapping. What are you worried about - that your virtual_mailbox_maps file will run out of storage bits ? -- J.
Re: reinjection via unix socket
On Wed, Jul 20, 2011 at 01:49:20PM +0200, Lars T??uber wrote: using this leads me into this error message: mail.err: [...] postfix/smtpd[29046]: fatal: open lock file pid/unix.../world/sname: cannot create file exclusively: No such file or directory I couldn't find locking options for smtpd. How can this be solved? Oops, sorry, I guess that trick won't work. Loopback is really much simpler. -- Viktor.
rewriting local users to user@domain instat of user@host.domain
Hai, In my configuration as i login localy - with only a username and no domain and i send an email to myself it is rewriten to: user@host.domain Question: is it possible to rewrite this to user@domain In that case locale emails come in a mailbox i will see. Or is there an other solution to send (forward) mail from user automatically to user@domain Thanks I have been looking for this in the docs, but i could not find it. My configuration: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 disable_vrfy_command = no home_mailbox = Maildir/ inet_interfaces = all mailbox_command = mailbox_size_limit = 0 mydestination = $myhostname, localhost.$mydomain, localhost mydomain = Example.com myhostname = Mail.Example.com mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 192.168.0.0/24 myorigin = AOpen.Example.com notify_classes = resource, software readme_directory = no recipient_delimiter = + relayhost = smtp.versatel.nl smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_path = private/auth-client smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/ssl/certs/server.crt smtpd_tls_key_file = /etc/ssl/private/server.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom virtual_alias_maps = hash:/etc/postfix/virtual virtual_gid_maps = static:5000 virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_domains = Example.com Example1.com Example2.com Example3.com virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_minimum_uid = 100 virtual_uid_maps = static:5000 Version info: OS: Linux 2.6.32-5-686 i686 Debian 6.0.2 ext4 Postfix 2.7.1-1+squeeze1
Re: rewriting local users to user@domain instat of user@host.domain
On 7/20/2011 11:33 AM, Erik - versatel wrote: Hai, In my configuration as i login localy - with only a username and no domain and i send an email to myself it is rewriten to: user@host.domain Question: is it possible to rewrite this to user@domain In that case locale emails come in a mailbox i will see. Or is there an other solution to send (forward) mail from user automatically to user@domain Please see: http://www.postfix.org/ADDRESS_REWRITING_README.html and possibly: http://www.postfix.org/ADDRESS_REWRITING_README.html#masquerade -- Noel Jones
Re: rewriting local users to user@domain instat of user@host.domain
On Wed, Jul 20, 2011 at 06:33:35PM +0200, Erik - versatel wrote: In my configuration as i login localy - with only a username and no domain and i send an email to myself it is rewriten to: user@host.domain http://www.postfix.org/BASIC_CONFIGURATION_README.html#myorigin Also read the rest of the same document. -- Viktor.
Re: still having problems w/ subdomain delivery
On Tue, Jul 19, 2011 at 06:45:46PM -0500, Jay G. Scott wrote: Management wants email to user@ a non-existent machine .arlut.utexas.edu will be treated as though it had been addressed to u...@arlut.utexas.edu Regardless of the MTA, this requires at the very least a wild-card MX record, do you have that? If a wildcard MX is in place, and mail to: mana...@pointy-haired-bosses.arlut.utexas.edu needs to be delivered, the next question is whether the delivery is local (system accounts and local aliases(5)) or to a virtual mailbox, or is relayed further for delivery, or is aliased to a real address. relay_recipient_maps = regexp:/etc/postfix/pfrecipient_canonical This is used when the recipient domain is listed relay_domains: relay_domains = .arlut.utexas.edu This file looks like this for the user schumi /^schumi@.*\.arlut\.utexas\.edu$/ sch...@arlut.utexas.edu With Postfix 2.8 or later, you can solve the problem upstream: main.cf: pcre = pcre:${config_directory}/ # Last resort. Edit remote SMTP commands # smtpd_command_filter = ${pcre}smtpd_cmd.pcre smtpd_cmd.pcre: # Sweet smell of Sendmail: /^(RCPT TO:\S+@).*?\.(\Qarlut.utexas.edu\E.*)$/ ${1}${2} The above can also be be done with regexp, but I prefer PCRE, so you'll have to craft your own regexps if that's what works for you. With this, there is no mail to sub-domains of arlut, all mail appears to have been addressed correctly, but recipient validation is not defeated, despite the wild-card rewrite, since the rewrite happens upstream in the SMTP I/O routines. This of course requires that there be no real sub-domains that you want handled without truncation. -- Viktor.
Re: I only want to use Virtual Users - No UNIX accounts at ALL
use sasl authentication. On Wed, Jul 20, 2011 at 12:11 PM, Jeroen Geilman jer...@adaptr.nl wrote: On 2011-07-20 09:44, Erik - versatel wrote: Hai, I have a configuration and dont want to use UNIX account for receiving or sending mail. I want ONLY Virtual Users. So I did think is this possible. In my current configuration i use: mydestination = $myhostname, localhost.$mydomain, localhost No. For a pure-virtual setup, mydestination would be empty - or, at most, limited to localhost. Please see http://www.postfix.org/**VIRTUAL_README.html#virtual_**mailboxhttp://www.postfix.org/VIRTUAL_README.html#virtual_mailboxfor details on hosting pure virtual domains with postfix. -- J.
Re: I only want to use Virtual Users - No UNIX accounts at ALL
On 2011-07-20 21:38, Rich wrote: use sasl authentication. Apropos of what, exactly ? The OP asked about how to implement pure virtual user setups, with no system accounts receiving mail. I fail to see how SASL is involved. On Wed, Jul 20, 2011 at 12:11 PM, Jeroen Geilman jer...@adaptr.nl mailto:jer...@adaptr.nl wrote: On 2011-07-20 09:44, Erik - versatel wrote: Hai, I have a configuration and dont want to use UNIX account for receiving or sending mail. I want ONLY Virtual Users. So I did think is this possible. In my current configuration i use: mydestination = $myhostname, localhost.$mydomain, localhost No. For a pure-virtual setup, mydestination would be empty - or, at most, limited to localhost. Please see http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox for details on hosting pure virtual domains with postfix. -- J. -- J.
Σχετ: Anyone solely using SMTP Auth for outbound mail?
Well, since I plan to move into the Postfix wagon, from scratch, I want to learn more about the 587 port submission and the blockage of port 25 for that. What are the best practices on the matter? Are there any documents on that? Soren how do you implement it? P. Απο: Michael Orlitzky mich...@orlitzky.com Προς: postfix-users@postfix.org Στάλθηκε: 5:19 π.μ. Τρίτη, 19 Ιουλίου 2011 Θεμα: Re: Anyone solely using SMTP Auth for outbound mail? On 07/18/2011 06:35 PM, mouss wrote: Le 18/07/2011 19:40, Søren Schrøder a écrit : I'm doing a 1.5M accounts setup with smtp-auth (submission tcp/587 using postfix with dovecot-auth) and a plain smtp/25 for an allowed range of IP's for our fixed IP customers The backend is openldap/postfix/dovecot are you a (relatively) large ISP? if so, how did you move to the submission part? I am not asking about the tech part, but about the customer relationship part. your experience may be helpful to others. Whenever you get a support call, mention that you have a new, faster, server with more space and you're willing to upgrade them for free; all they'll have to do is change a few settings.
RE: I only want to use Virtual Users - No UNIX accounts at ALL
Hello, I have used this HOWTO in the past! It worked for me http://www.purplehat.org/?page_id=4 Thanks, -motty From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Jeroen Geilman Sent: Wednesday, July 20, 2011 1:11 PM To: postfix-users@postfix.org Subject: Re: I only want to use Virtual Users - No UNIX accounts at ALL On 2011-07-20 21:38, Rich wrote: use sasl authentication. Apropos of what, exactly ? The OP asked about how to implement pure virtual user setups, with no system accounts receiving mail. I fail to see how SASL is involved. On Wed, Jul 20, 2011 at 12:11 PM, Jeroen Geilman jer...@adaptr.nl wrote: On 2011-07-20 09:44, Erik - versatel wrote: Hai, I have a configuration and dont want to use UNIX account for receiving or sending mail. I want ONLY Virtual Users. So I did think is this possible. In my current configuration i use: mydestination = $myhostname, localhost.$mydomain, localhost No. For a pure-virtual setup, mydestination would be empty - or, at most, limited to localhost. Please see http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox for details on hosting pure virtual domains with postfix. -- J. -- J. _ No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1390 / Virus Database: 1518/3776 - Release Date: 07/20/11
Re: With soft_bounce set to no, we are seeing a lot of send failures that look like they should be permanent 554's being handled as temporary.
Michael Orlitzky: On 07/19/2011 09:39 PM, Wietse Venema wrote: I think it would be useful to maintain a list of the parameters with non-standard default values. I for one still notice and fix things like this every few months. I'd be willing to look through the main.cf documentation for settings labeled as such if it's for the greater good, but probably not just for my own benefit. A web page for 100% compliance expectations (passive) or for 100% compliance enforcement expectations (active)? Wietse I think the first, but I'm not too clear on the distinction. I want my systems to act compliant where it makes sense, and allow only as much non-compliant behavior as is necessary from other hosts. But, I was only referring to the settings that make my own machines behave incorrectly. Behave incorrectly as in taking actions that do not fully comply with some protocol. This, in contrast with a more passive form where Postfix does not fully enforce the protocol, even if doing so required adding extra code. An easy example: * resolve_dequoted_address (default: yes) Resolve a recipient address safely instead of correctly, by looking inside quotes. ... This solved an open relay problem with Postfix gateways that forward to Sendmail systems. And a trickier one: * smtp_dns_resolver_options = res_defnames, in postfix = 2.8 Append the current domain name to single-component names (those that do not contain a . character). This can produce incorrect results, and is the hard-coded behavior prior to Postfix 2.8. This is a fun one, as Matthias pointed out. Making Postfix 2.8 more correct broke the SMTP client with some Linux libc implementations. If someone has the time to sift through 600+ configuration parameters, then they are welcome. I do not have the time. Also consider that there still is a lot of Postfix behavior that still has to be made configurable, including message header templates (the From: and Received: headers in particular). Wietse
Re: Σχετ: Anyone solely using SMTP Auth for outbound mail?
On 2011-07-20 22:15, Peter Tselios wrote: Well, since I plan to move into the Postfix wagon, from scratch, I want to learn more about the 587 port submission and the blockage of port 25 for that. What are the best practices on the matter? Are there any documents on that? Soren how do you implement it? See http://www.postfix.org/SASL_README.html#server_sasl to start with. Also look at http://www.postfix.org/TLS_README.html#server_tls_auth because this seems to cause issues for many people when first setting up SASL. As for submission, the stock master.cf has a commented-out example that works as is. Blocking port 25 for submission is a different matter, but you can enforce (some of) it by adding reject_sender_login_mismatch to your smtpd_recipient_restrictions, BEFORE permit_mynetworks. This does two things: 1. it only allows SASL submission with the usernames and sender addresses specifically configured in smtpd_sender_login_maps, and 2. it specifically *prohibits* submission with any of these usernames or sender addresses from UNauthenticated connections. For reference: http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps This way, you can make it impossible for (local network) submissions over unauthenticated connections to use your configured local domain sender addresses (and you should reject any addresses not so configured, in any case). Of course, if this is the only MTA for your local domain(s), and you're willing to enforce SASL on all your users, you can simply REJECT all senders in your local domain(s) on port 25. However, that is an extreme measure and may run into issues with things like mailing lists etc. -- J.
slow transport and good use
hi folks I just find out about slow and the table /etc/postfix/transport you think it useful for normal use and what are the major providers to be added to this file all testimonials are welcome -- http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7 pgpsWc6AtxAXS.pgp Description: PGP signature
Re: slow transport and good use
On 7/20/2011 10:31 PM, m...@smtp.fakessh.eu wrote: hi folks I just find out about slow and the table /etc/postfix/transport you think it useful for normal use and what are the major providers to be added to this file all testimonials are welcome Like many of the tweaks in postfix, the slow transport recipe is probably unnecessary for a large percentage of postfix installations. Don't use it unless you have a problem. Do you have some sort of delivery problem? Please see: http://www.postfix.org/QSHAPE_README.html http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones