Re: Possible to configure LMTP envelope recipient without domain?

[Jeroen Geilman]

On 2011-07-27 04:43, Jack Bates wrote:

On Tue, Jul 26, 2011 at 12:33 PM, Wietse Venema  wrote:

Jack Bates:

I want Postfix to deliver messages to an LMTP server - and for better
or worse, the LMTP server accepts envelope recipients with just a
mailbox name, e.g. "RCPT TO:"

The LMTP protocol is identical to SMTP with very few differences,
and therefore it requires a complete email address.

Thank you Wietse - I know that this LMTP server is noncompliant - it
sounds like it's impossible to configure Postfix to deliver to it?

Is there anything I can try, to get Postfix to deliver to this LMTP
server? Maybe a proxy that would remove the domain from the envelope
recipient?


What kind of proxy - an SMTP proxy ?
Postfix will canonicalize the address back to fqdn form before queueing it.

If you are talking about an LMTP proxy - erm, yes, right.
Think about it.

Personally, I would just replace this broken LMTP backend with dovecot.

--
J.

limiting messages sent from command line

[Alexandre Biancalana]

Hi list,

 I need to limit the quantity of messages sent by my users from
command line (calling sendmail directly), ie: 100 messages by day per
user. Looking at the documentation I had thought of using
non_smtpd_milters and write a milter filter to do this using the uid
as the key to control the number of messages sent by each user.

 After playing a little with milter and write a initial filter,
everything works great except that I can't find the any symbol
provided by postfix containing the uid of sendmail the caller user.

Does this symbol exists ?

I appreciated any comment on this scenario. Is this a good solution ?

Best Regards,
Alexandre

Re: Possible to configure LMTP envelope recipient without domain?

[Jack Bates]

On Tue, Jul 26, 2011 at 12:33 PM, Wietse Venema  wrote:
> Jack Bates:
>> I want Postfix to deliver messages to an LMTP server - and for better
>> or worse, the LMTP server accepts envelope recipients with just a
>> mailbox name, e.g. "RCPT TO:"
>
> The LMTP protocol is identical to SMTP with very few differences,
> and therefore it requires a complete email address.

Thank you Wietse - I know that this LMTP server is noncompliant - it
sounds like it's impossible to configure Postfix to deliver to it?

Is there anything I can try, to get Postfix to deliver to this LMTP
server? Maybe a proxy that would remove the domain from the envelope
recipient?

Re: Tool(s) for locating Postfix Bottlenecks to increase performance?

[Wietse Venema]

Steve Jenkins:
> As far as parallel submissions, we're only doing three at a time
> (three SwiftMail processes sending at a time). Our in_flow_delay
> parameter is set to 0. We aren't receiving a lot of mail on this box,
> so I'm not sure that delay would even kick in if it were set to the 1s
> default. Beyond this, we're not sure how to check to see if the disk
> is being "overwhelmed with mail submissions."  Out iowait% is 0.23, so
> the CPU isn't waiting for the disk. How else can we tell if we're
> overwhelming the disk?

Because the disk is 100% busy according to whatever your system
status tool is. One symptom is that delivery rates drop when you
increase the input flow.

With good hardware and other preparation, Postfix can make hundreds
of deliveries per second, as observed first-hand by Victor.

Wietse

Re: Tool(s) for locating Postfix Bottlenecks to increase performance?

[Steve Jenkins]

On Tue, Jul 26, 2011 at 3:47 PM, /dev/rob0  wrote:
> postscreen(8) protects smtpd(8), not smtp(8). Bots are not a problem
> for the latter. You might want to take some time to review this:
>    http://www.postfix.org/OVERVIEW.html

Hi, Rob. Thanks for the quick reply. And cool - learned something
already. Thanks. That makes sense.

> http://www.postfix.org/QSHAPE_README.html
> http://www.postfix.org/TUNING_README.html#mailing_tips

QSHAPE is one tool we were already using, and the good news is that
even during a send process (one of which is going on right now), the
active queue is generally very small. Like so:

 T  5 10 20 40 80 160 320 640 1280 1280+
  TOTAL  9  9  0  0  0  0   0   0   00 0
  yahoo.com  3  3  0  0  0  0   0   0   00 0
  gmail.com  2  2  0  0  0  0   0   0   00 0
  ymail.com  2  2  0  0  0  0   0   0   00 0
   yahoo.in  1  1  0  0  0  0   0   0   00 0
hotmail.com  1  1  0  0  0  0   0   0   00 0

And here's the qshape deferred output on our fallback relay:

 T  5 10 20 40 80 160 320 640 1280 1280+
  TOTAL 25  2  2  1  3  8   6   0   00 3
 abv.bg  3  0  0  0  1  2   0   0   00 0
   www.facebook.com  3  0  0  0  0  1   0   0   00 2
  tmail.com  2  1  0  0  1  0   0   0   00 0
myemail.com  2  0  0  0  0  2   0   0   00 0
 at.net  1  0  0  0  0  0   1   0   00 0
   bebo.com  1  0  0  0  0  1   0   0   00 0
   2323.com  1  0  0  0  0  1   0   0   00 0
  umail.com  1  0  0  0  1  0   0   0   00 0
  tahoo.com  1  0  0  0  0  0   1   0   00 0
 global.net  1  0  0  0  0  0   0   0   00 1
gotmail.com  1  0  0  0  0  0   1   0   00 0
   100gmail.com  1  0  0  0  0  0   1   0   00 0
   earthlik.net  1  0  0  1  0  0   0   0   00 0
  gamerbeta.com  1  0  0  0  0  0   1   0   00 0
 123hotmail.com  1  0  0  0  0  0   1   0   00 0
 etu.unistra.fr  1  0  1  0  0  0   0   0   00 0
 suddenlink.net  1  0  0  0  0  1   0   0   00 0
msps.vic.edu.au  1  1  0  0  0  0   0   0   00 0
 landgate.wa.gov.au  1  0  1  0  0  0   0   0   00 0

We've been through the General Delivery tips section of the TUNING_README:

- Read and understand the maildrop queue, incoming queue, active queue
and deferred queue discussions in the QSHAPE_README document.
- In case of slow delivery, run the qshape tool as described in the
QSHAPE_README document.

The queue looks good and empties quickly.

- Submit multiple recipients per message instead of submitting
messages with only a few recipients.

We do this one, because each message is unique (has to have an
individual unsub link and contains the subscriber's name)

- Submit mail via SMTP instead of /usr/sbin/sendmail. You may have to
adjust the smtpd_recipient_limit parameter setting.

SwiftMail is submitting via SMTP.

- Don't overwhelm the disk with mail submissions. Optimize the mail
submission rate by tuning the number of parallel submissions and/or by
tuning the Postfix in_flow_delay parameter setting.

As far as parallel submissions, we're only doing three at a time
(three SwiftMail processes sending at a time). Our in_flow_delay
parameter is set to 0. We aren't receiving a lot of mail on this box,
so I'm not sure that delay would even kick in if it were set to the 1s
default. Beyond this, we're not sure how to check to see if the disk
is being "overwhelmed with mail submissions."  Out iowait% is 0.23, so
the CPU isn't waiting for the disk. How else can we tell if we're
overwhelming the disk?

- Run a local name server to reduce slow-down due to DNS lookups. If
you run multiple Postfix systems, point each local name server to a
shared forwarding server to reduce the number of lookups across the
upstream network link.

- We run unbound on our main mailer, and the fallback_relay points to
it, as well.

- Reduce the smtp_connect_timeout and smtp_helo_timeout values so that
Postfix does not waste lots of time connecting to non-responding
remote SMTP servers.

Our smtp_connect_timeout is 10s and our smtp_helo_timeout is 60s.

- Use a dedicated mail delivery transport for problematic
destinations, with reduced time

Re: Tool(s) for locating Postfix Bottlenecks to increase performance?

[/dev/rob0]

On Tue, Jul 26, 2011 at 03:32:50PM -0700, Steve Jenkins wrote:
> We send a moderately decent amount of legitimate mail to our
> subscribers (about 400K opt-in newsletter members) using Postfix. We
> get excellent inbox deliverability percentages, because we use the
> latest version of Postfix with settings we've arrived at with the help
> of many on this list, are on the major whitelists and feedback loops,
> etc.
> 
> Now, we want to turn our focus to delivery speed. We use a local
> resolver (Unbound), which seems to have sped things up a bit. We also
> use Postscreen, so our SMTP processes are busy sending mail, instead
> of dealing with bots.

postscreen(8) protects smtpd(8), not smtp(8). Bots are not a problem 
for the latter. You might want to take some time to review this:
http://www.postfix.org/OVERVIEW.html

> We use a fallback relay to re-attempt deliveries
> that don't go the first time from our primary server. But it still
> takes the better part of a day to send all the mails out. We'd like to
> shrink that time as much as (reasonably) possible.
> 
> I know nothing about Postfix optimization, and therefore have no idea
> where to even start. Are there any tools that anyone can recommend to
> help us track down where our limiting factors are when it comes to
> mail delivery? At this point, we don't know if it's CPU, memory, disk

http://www.postfix.org/QSHAPE_README.html
http://www.postfix.org/TUNING_README.html#mailing_tips

> access speed (which is what I suspect), or something else altogether.
> We don't even know how to measure how many messages are being
> delivered on average every second/minute/hour, etc. so that we can
> start with a baseline to measure improvements.
> 
> I'm sure many have been down this road before - care to shove a n00b
> in the right direction?
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Tool(s) for locating Postfix Bottlenecks to increase performance?

[Steve Jenkins]

We send a moderately decent amount of legitimate mail to our
subscribers (about 400K opt-in newsletter members) using Postfix. We
get excellent inbox deliverability percentages, because we use the
latest version of Postfix with settings we've arrived at with the help
of many on this list, are on the major whitelists and feedback loops,
etc.

Now, we want to turn our focus to delivery speed. We use a local
resolver (Unbound), which seems to have sped things up a bit. We also
use Postscreen, so our SMTP processes are busy sending mail, instead
of dealing with bots. We use a fallback relay to re-attempt deliveries
that don't go the first time from our primary server. But it still
takes the better part of a day to send all the mails out. We'd like to
shrink that time as much as (reasonably) possible.

I know nothing about Postfix optimization, and therefore have no idea
where to even start. Are there any tools that anyone can recommend to
help us track down where our limiting factors are when it comes to
mail delivery? At this point, we don't know if it's CPU, memory, disk
access speed (which is what I suspect), or something else altogether.
We don't even know how to measure how many messages are being
delivered on average every second/minute/hour, etc. so that we can
start with a baseline to measure improvements.

I'm sure many have been down this road before - care to shove a n00b
in the right direction?

Thanks,

SteveJ

Re: mail gets bounced when send to local bitdefender smtpd

[mouss]

Le 26/07/2011 23:07, Victor Duchovni a écrit :
> On Tue, Jul 26, 2011 at 10:24:23PM +0200, mouss wrote:
> 
> He's only running one postfix smtpd, the other host in the above log is
> bitdefender.
> The simplest would be to change the hostname of either postfix or
> bitdefender, whichever makes more sense.
>
>> is is
>> easily solved with smtp_helo_hostname...
>
> smtp_helo_name 

 indeed!
 I need to update my brainware :)
>>>
>>> No, smtp_helo_hostname doesn't help. I tested it. smtp client still
>>> checks the hostname to prevent bounces.
>>
>> this is nonsense. if you think you are right, provide evidence.
> 
> Actually, the OP is right, smtp_helo_name (not smtp_helo_hostname,
> which is not a Postfix parameter) has no impact on loop detection
> in the Postfix smtp client.
> 
> To disable loop detection use a destination nexthop that is not port 25,
> to work-around loop detection on port 25, set the "myhostname" parameter
> in the receiving Postfix SMTP server (smtpd) to a different value from
> the setting in the sending smtp(8) client.
> 

my apologies then, and thanks for the clarification.

Re: mail gets bounced when send to local bitdefender smtpd

[Victor Duchovni]

On Tue, Jul 26, 2011 at 10:24:23PM +0200, mouss wrote:

> >>> He's only running one postfix smtpd, the other host in the above log is
> >>> bitdefender.
> >>> The simplest would be to change the hostname of either postfix or
> >>> bitdefender, whichever makes more sense.
> >>>
>  is is
>  easily solved with smtp_helo_hostname...
> >>>
> >>> smtp_helo_name 
> >>
> >> indeed!
> >> I need to update my brainware :)
> >
> > No, smtp_helo_hostname doesn't help. I tested it. smtp client still
> > checks the hostname to prevent bounces.
> 
> this is nonsense. if you think you are right, provide evidence.

Actually, the OP is right, smtp_helo_name (not smtp_helo_hostname,
which is not a Postfix parameter) has no impact on loop detection
in the Postfix smtp client.

To disable loop detection use a destination nexthop that is not port 25,
to work-around loop detection on port 25, set the "myhostname" parameter
in the receiving Postfix SMTP server (smtpd) to a different value from
the setting in the sending smtp(8) client.

-- 
Viktor.

Re: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory [solved]

[mouss]

Le 26/07/2011 17:40, Claudio Prono a écrit :
> 
> 
> Il 26/07/2011 17.37, Jerry ha scritto:
>> On Tue, 26 Jul 2011 17:22:19 +0200
>> Claudio Prono articulated:
>>
>>> Il 26/07/2011 17.13, Wietse Venema ha scritto:
 Claudio Prono:
> Hello all,
>
> This problem is made me mad all today, with no solution...
 Turn off chroot. This is a magical cure for many mysteries.

 http://www.postfix.org/DEBUG_README.html#no_chroot

 If that solves the problem, complain to your distributor. They
 should not turn on chroot and make life difficult for newbies.

>>> Tnx for the reply, but my chroot is already disabled, as you can see:
>>>
>>> #
>>> ==
>>> # service type  private unpriv  chroot  wakeup  maxproc command +
>>> args #   (yes)   (yes)   (yes)   (never) (100) #
>>> ==
>>> smtp  inet  n   -   n   -   -   smtpd
>> As per the  page:
>>
>> Reporting problems to postfix-users@postfix.org
>>
>> If the problem is SASL related, consider including the output from the
>> saslfinger tool. This can be found at
>> http://postfix.state-of-mind.de/patrick.koetter/saslfinger/.
>>
> Ok, now works. Is strange but if i set the permissions of the folder
> /var/run/authdaemon.courier-imap to 777, it doesn't work, and the error
> is the last i have posted.
> If i set the permissions correctly, like this:
> 
> drwxrwx---  2 root   postfix  4096 Jul 26 17:35
> authdaemon.courier-imap
> 
> It works...
> 
> Maybe a permission check from postfix of "too many permissions" on the
> dir/socket? Dunno... but the error reported from Postfix is very strange...
> 

think about it a second: why would postfix check the permissions of a
file that is accessed by an external library (cyrus-sasl)?

find the answer elsewhere: cyrus-sasl (I doubt it), courier,
selinux/apparmor/whatever, ... etc.

Re: mail gets bounced when send to local bitdefender smtpd

[mouss]

Le 20/07/2011 07:32, Thomas Zehbe a écrit :
> Am Dienstag 19 Juli 2011, 22:20:25 schrieb mouss:
>> Le 19/07/2011 09:05, Jeroen Geilman a écrit :
>>> On 2011-07-19 00:31, mouss wrote:
 Le 18/07/2011 19:01, Jeroen Geilman a écrit :
> On 2011-07-17 20:19, mouss wrote:
>> Le 17/07/2011 12:49, Thomas Zehbe a écrit :
>>> Hello List,
>>>
>>> I have an installtion using bitdefender as a virus scanner using the
>>> content_filter option.
>>> bitdefender's smtp daemon listens on port 10025, in main.cf therefore
>>> this is defined:
>>>
>>> content_filter = smtp:[127.0.0.1]:10025
>>>
>>> In master.cf a second instance of smtpd is defined, listening on port
>>> 10026:
>>>
>>> 127.0.0.1:10026 inet  n  -  n  -  10  smtpd
>>> -o content_filter= -o smtp_send_xforward_command=yes
>>>
>>> When smtp tries to send the mail to bitdefender for scanning, this
>>> happens:
>>>
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]:<   127.0.0.1[127.0.0.1]:
>>> 220 linuxgw.myown.net ESMTP Postfix
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]: warning: host
>>> 127.0.0.1[127.0.0.1] greeted me with my own hostname linuxgw.myown.net
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]:>   127.0.0.1[127.0.0.1]:
>>> EHLO linuxgw.myown.net
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]:<   127.0.0.1[127.0.0.1]:
>>> 250-linuxgw.myown.net
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]:<   127.0.0.1[127.0.0.1]:
>>> 250-PIPELINING
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]:<   127.0.0.1[127.0.0.1]:
>>> 250-SIZE 50240
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]:<   127.0.0.1[127.0.0.1]:
>>> 250-VRFY
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]:<   127.0.0.1[127.0.0.1]:
>>> 250-ETRN
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]:<   127.0.0.1[127.0.0.1]:
>>> 250-XVERP
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]:<   127.0.0.1[127.0.0.1]:
>>> 250 8BITMIME
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]: warning: host
>>> 127.0.0.1[127.0.0.1] replied to HELO/EHLO with my own hostname
>>> linuxgw.myown.net
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]: connect to subsystem
>>> private/defer
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr nrequest = 0
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr flags = 0
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr queue_id =
>>> 2859B35121
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr
>>> original_recipient = tz@localhost
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr recipient =
>>> t...@localhost.myown.net
>>> Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr reason = mail
>>> for 127.0.0.1:10025 loops back to myself
>>>
>>> main.cf contains
>>> mydestination = $myhostname, localhost.$mydomain,$mydomain
>>>
>>> I think, the bitdefender uses a correct answer for the EHLO, there is
>>> no way (i know of) to change the 250 answer of bitdefender.
>>>
>>> After a dozen hours of research any hint would be appreciated.
>>>
>> first, is myown.net a domain of yours, or are you hijacking it? are you
>> exposing domains of others? that would be really bad...
>>
>> second. you need to setup different hostames for the various pieces of
>> servers you use. you'll have problems if one piece connects to another
>> and both think they are the same "name". with postfix, use different
>> myhostname values.
>
> I think that's only required if you're using multiple instances that
> send SMTP mail to each other - and he's running 2.0 :)
>
 no. you need different names even with a single instance. as soon as one
 piece talks to another over the network, each needs an identity.
>>>
>>> He's only running one postfix smtpd, the other host in the above log is
>>> bitdefender.
>>> The simplest would be to change the hostname of either postfix or
>>> bitdefender, whichever makes more sense.
>>>
 is is
 easily solved with smtp_helo_hostname...
>>>
>>> smtp_helo_name 
>>
>> indeed!
>> I need to update my brainware :)
> No, smtp_helo_hostname doesn't help. I tested it. smtp client still checks 
> the hostname to prevent bounces.
> 

this is nonsense. if you think you are right, provide evidence.

> But meanwhile i updated the postfix to a higher version, and as the changelog 
> tells, the problem is gone ...
> Thanks
> Thomas
> 
>>
>> Thanks for the correction.
>>
>>>
>>> And you're right, that exists in 2.0.
>>>
> Many features we expect as given will be missing in his setup, he should
> upgrade and then approach the problem fresh.
>
>
>>>
>>>
>>
>>
> 
> 

Re: Possible to configure LMTP envelope recipient without domain?

[Wietse Venema]

Jack Bates:
> I want Postfix to deliver messages to an LMTP server - and for better
> or worse, the LMTP server accepts envelope recipients with just a
> mailbox name, e.g. "RCPT TO:"

The LMTP protocol is identical to SMTP with very few differences,
and therefore it requires a complete email address.

Wietse

Possible to configure LMTP envelope recipient without domain?

[Jack Bates]

I want Postfix to deliver messages to an LMTP server - and for better
or worse, the LMTP server accepts envelope recipients with just a
mailbox name, e.g. "RCPT TO:"

Is it possible to configure Postfix to deliver to this LMTP server?
All my efforts have resulted in envelope recipients with a domain,
e.g. "RCPT TO:"

Re: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory [solved]

[Wietse Venema]

Claudio Prono:
> Ok, now works. Is strange but if i set the permissions of the folder
> /var/run/authdaemon.courier-imap to 777, it doesn't work, and the error
> is the last i have posted.
> If i set the permissions correctly, like this:
> 
> drwxrwx---  2 root   postfix  4096 Jul 26 17:35
> authdaemon.courier-imap
> 
> It works...
> 
> Maybe a permission check from postfix of "too many permissions" on the
> dir/socket? Dunno... but the error reported from Postfix is very strange...

If a postfix check fails, then it logs a warning.

Wietse

Re: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory [solved]

[Jeroen Geilman]

On 2011-07-26 17:40, Claudio Prono wrote:


Il 26/07/2011 17.37, Jerry ha scritto:

On Tue, 26 Jul 2011 17:22:19 +0200
Claudio Prono articulated:


Il 26/07/2011 17.13, Wietse Venema ha scritto:

Claudio Prono:

Hello all,

This problem is made me mad all today, with no solution...

Turn off chroot. This is a magical cure for many mysteries.

http://www.postfix.org/DEBUG_README.html#no_chroot

If that solves the problem, complain to your distributor. They
should not turn on chroot and make life difficult for newbies.


Tnx for the reply, but my chroot is already disabled, as you can see:

#
==
# service type  private unpriv  chroot  wakeup  maxproc command +
args #   (yes)   (yes)   (yes)   (never) (100) #
==
smtp  inet  n   -   n   -   -   smtpd

As per the  page:

Reporting problems to postfix-users@postfix.org

If the problem is SASL related, consider including the output from the
saslfinger tool. This can be found at
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/.


Ok, now works. Is strange but if i set the permissions of the folder
/var/run/authdaemon.courier-imap to 777, it doesn't work, and the error
is the last i have posted.



If i set the permissions correctly, like this:

drwxrwx---  2 root   postfix  4096 Jul 26 17:35
authdaemon.courier-imap

It works...

Maybe a permission check from postfix of "too many permissions" on the
dir/socket?


That would be my supposition, yes.
Connecting to something as security-sensitive as an auth provider should 
not happen over a wide-open socket.



--
J.

Re: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory [solved]

[Claudio Prono]

Il 26/07/2011 17.37, Jerry ha scritto:
> On Tue, 26 Jul 2011 17:22:19 +0200
> Claudio Prono articulated:
>
>> Il 26/07/2011 17.13, Wietse Venema ha scritto:
>>> Claudio Prono:
 Hello all,

 This problem is made me mad all today, with no solution...
>>> Turn off chroot. This is a magical cure for many mysteries.
>>>
>>> http://www.postfix.org/DEBUG_README.html#no_chroot
>>>
>>> If that solves the problem, complain to your distributor. They
>>> should not turn on chroot and make life difficult for newbies.
>>>
>> Tnx for the reply, but my chroot is already disabled, as you can see:
>>
>> #
>> ==
>> # service type  private unpriv  chroot  wakeup  maxproc command +
>> args #   (yes)   (yes)   (yes)   (never) (100) #
>> ==
>> smtp  inet  n   -   n   -   -   smtpd
> As per the  page:
>
> Reporting problems to postfix-users@postfix.org
>
> If the problem is SASL related, consider including the output from the
> saslfinger tool. This can be found at
> http://postfix.state-of-mind.de/patrick.koetter/saslfinger/.
>
Ok, now works. Is strange but if i set the permissions of the folder
/var/run/authdaemon.courier-imap to 777, it doesn't work, and the error
is the last i have posted.
If i set the permissions correctly, like this:

drwxrwx---  2 root   postfix  4096 Jul 26 17:35
authdaemon.courier-imap

It works...

Maybe a permission check from postfix of "too many permissions" on the
dir/socket? Dunno... but the error reported from Postfix is very strange...


-- 

Claudio Prono OPST
System Developer   
  Gsm: +39-349-54.33.258
@PSS Srl  Tel: +39-011-32.72.100
Via San Bernardino, 17Fax: +39-011-32.46.497
10141 Torino - ITALY  http://atpss.net/disclaimer

PGP Key - http://keys.atpss.net/c_prono.asc

Re: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory

[Jerry]

On Tue, 26 Jul 2011 17:22:19 +0200
Claudio Prono articulated:

> 
> Il 26/07/2011 17.13, Wietse Venema ha scritto:
> > Claudio Prono:
> >> Hello all,
> >>
> >> This problem is made me mad all today, with no solution...
> > Turn off chroot. This is a magical cure for many mysteries.
> >
> > http://www.postfix.org/DEBUG_README.html#no_chroot
> >
> > If that solves the problem, complain to your distributor. They
> > should not turn on chroot and make life difficult for newbies.
> >
> Tnx for the reply, but my chroot is already disabled, as you can see:
> 
> #
> ==
> # service type  private unpriv  chroot  wakeup  maxproc command +
> args #   (yes)   (yes)   (yes)   (never) (100) #
> ==
> smtp  inet  n   -   n   -   -   smtpd

As per the  page:

Reporting problems to postfix-users@postfix.org

If the problem is SASL related, consider including the output from the
saslfinger tool. This can be found at
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/.

-- 
Jerry ✌
postfix-u...@seibercom.net
_
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Re: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory

[Claudio Prono]

Il 26/07/2011 17.13, Wietse Venema ha scritto:
> Claudio Prono:
>> Hello all,
>>
>> This problem is made me mad all today, with no solution...
> Turn off chroot. This is a magical cure for many mysteries.
>
> http://www.postfix.org/DEBUG_README.html#no_chroot
>
> If that solves the problem, complain to your distributor. They
> should not turn on chroot and make life difficult for newbies.
>
Tnx for the reply, but my chroot is already disabled, as you can see:

# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
smtp  inet  n   -   n   -   -   smtpd



-- 

Claudio Prono OPST
System Developer   
  Gsm: +39-349-54.33.258
@PSS Srl  Tel: +39-011-32.72.100
Via San Bernardino, 17Fax: +39-011-32.46.497
10141 Torino - ITALY  http://atpss.net/disclaimer

PGP Key - http://keys.atpss.net/c_prono.asc

Re: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory

[Wietse Venema]

Claudio Prono:
> Hello all,
> 
> This problem is made me mad all today, with no solution...

Turn off chroot. This is a magical cure for many mysteries.

http://www.postfix.org/DEBUG_README.html#no_chroot

If that solves the problem, complain to your distributor. They
should not turn on chroot and make life difficult for newbies.

Wietse

Re: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory

[Deives Michellis]

Perhaps you are running postfix on a chroot?

On Tue, Jul 26, 2011 at 11:39 AM, Claudio Prono wrote:

> Hello all,
>
> This problem is made me mad all today, with no solution...
>
> My /etc/sasl2/smtp.conf
>
> pwcheck_method: authdaemond
> log_level: 3
> mech_list: PLAIN LOGIN
> authdaemond_path: /var/run/authdaemon.courier-imap/socket
>
> ls -la /var/run/authdaemon.courier-imap/socket
> srwxrwxrwx 1 root root 0 Jul 26 16:07
> /var/run/authdaemon.courier-imap/socket
>
> My postconf -n:
>
> biff = no
> broken_sasl_auth_clients = yes
> canonical_maps = hash:/etc/postfix/canonical
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> defer_transports =
> disable_dns_lookups = no
> disable_mime_output_conversion = no
> disable_vrfy_command = yes
> header_checks = regexp:/etc/postfix/header_checks
> html_directory = /usr/share/doc/packages/postfix/html
> inet_interfaces = all
> inet_protocols = ipv4
> local_transport = local
> mail_owner = postfix
> mail_spool_directory = /var/mail
> mailbox_command =
> mailbox_size_limit = 0
> mailbox_transport =
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> masquerade_classes = envelope_sender, header_sender, header_recipient
> masquerade_domains = cablelettra.it
> masquerade_exceptions = root
> message_size_limit = 1024
> mydestination = $mydomain
> mydomain = mail2.domain.it
> myhostname = mail2.domain.it
> mynetworks = 127.0.0.1, 10.10.10.0/24
> mynetworks_style = subnet
> myorigin = $myhostname
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/packages/postfix/README_FILES
> relay_domains = $mydestination
> relayhost = smtp.cablelettra.it
> relocated_maps = hash:/etc/postfix/relocated
> sample_directory = /usr/share/doc/packages/postfix/samples
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> sendmail_path = /usr/sbin/sendmail
> setgid_group = maildrop
> smtp_sasl_auth_enable = no
> smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
> smtp_tls_cert_file = /etc/postfix/ssl/smtpd.crt
> smtp_tls_key_file = /etc/postfix/ssl/smtpd.key
> smtp_tls_loglevel = 1
> smtp_tls_note_starttls_offer = yes
> smtp_use_tls = yes
> smtpd_banner = $myhostname ESMTP
> smtpd_client_restrictions =
> smtpd_helo_required = no
> smtpd_helo_restrictions =
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> reject_unauth_pipelining, reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> smtpd_sender_restrictions = reject_unknown_sender_domain
> smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
> smtpd_tls_CApath = /etc/postfix/ssl
> smtpd_tls_auth_only = no
> smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
> smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_use_tls = yes
> strict_8bitmime = no
> strict_rfc821_envelopes = no
> tls_random_source = dev:/dev/urandom
> transport_maps = hash:/etc/postfix/transport,
> mysql:/etc/postfix/mysql_virtual_transport_maps.cf
> unknown_local_recipient_reject_code = 550
> virtual_alias_domains = hash:/etc/postfix/virtual
> virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
> virtual_gid_maps = static:51
> virtual_mailbox_base = /var/mail/virtual
> virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
> virtual_mailbox_limit = 1524288000
> virtual_mailbox_limit_maps =
> mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
> virtual_mailbox_limit_override = yes
> virtual_mailbox_maps = $transport_maps,
> mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
> virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn
> his diskspace \  quota, please try again later.
> virtual_minimum_uid = 51
> virtual_overquota_bounce = yes
> virtual_transport = virtual
> virtual_uid_maps = static:51
>
> Seems all right, but the smtp says me:
>
> Jul 26 16:33:10 mail postfix/smtpd[16603]: warning: SASL authentication
> failure: cannot connect to Courier authdaemond: No such file or directory
> Jul 26 16:33:10 mail postfix/smtpd[16603]: warning:
> unknown[10.10.10.65]: SASL LOGIN authentication failed: generic failure
>
> Btw, the postfix is not chrooted, and there is no extra space into the
> smtp.conf (i have seen a previous post like mine with this problem.)
>
> Here is my software versions:
>
> cat /etc/SuSE-release
> openSUSE 11.2 (x86_64)
> VERSION = 11.2
>
> rpm -qa | grep postfix
> postfix-2.6.1-2.6.1.x86_64
> postfix-mysql-2.6.1-2.6.1.x86_64
>
> rpm -qa | grep courier
> courier-authlib-0.59.3-44.x86_64
> courier-imap-4.1.3-44.x86_64
> courier-authlib-mysql-0.59.3-44.x86_64
>
> rpm -qa | grep sasl
> cyrus-sasl-gssapi-2.1.23-3.1.x86_64
> cyrus-sasl-2.1.23-3.1.x86_64
> cyrus-sasl-saslauthd-2.1.23-3.1.x86_64
> cyru

warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory

[Claudio Prono]

Hello all,

This problem is made me mad all today, with no solution...

My /etc/sasl2/smtp.conf

pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/authdaemon.courier-imap/socket

ls -la /var/run/authdaemon.courier-imap/socket
srwxrwxrwx 1 root root 0 Jul 26 16:07
/var/run/authdaemon.courier-imap/socket

My postconf -n:

biff = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
disable_mime_output_conversion = no
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/packages/postfix/html
inet_interfaces = all
inet_protocols = ipv4
local_transport = local
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = cablelettra.it
masquerade_exceptions = root
message_size_limit = 1024
mydestination = $mydomain
mydomain = mail2.domain.it
myhostname = mail2.domain.it
mynetworks = 127.0.0.1, 10.10.10.0/24
mynetworks_style = subnet
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relay_domains = $mydestination
relayhost = smtp.cablelettra.it
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtp_tls_key_file = /etc/postfix/ssl/smtpd.key
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipelining, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_CApath = /etc/postfix/ssl
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_use_tls = yes
strict_8bitmime = no
strict_rfc821_envelopes = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport,
mysql:/etc/postfix/mysql_virtual_transport_maps.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:51
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 1524288000
virtual_mailbox_limit_maps =
mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps = $transport_maps,
mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn
his diskspace \  quota, please try again later.
virtual_minimum_uid = 51
virtual_overquota_bounce = yes
virtual_transport = virtual
virtual_uid_maps = static:51

Seems all right, but the smtp says me:

Jul 26 16:33:10 mail postfix/smtpd[16603]: warning: SASL authentication
failure: cannot connect to Courier authdaemond: No such file or directory
Jul 26 16:33:10 mail postfix/smtpd[16603]: warning:
unknown[10.10.10.65]: SASL LOGIN authentication failed: generic failure

Btw, the postfix is not chrooted, and there is no extra space into the
smtp.conf (i have seen a previous post like mine with this problem.)

Here is my software versions:

cat /etc/SuSE-release
openSUSE 11.2 (x86_64)
VERSION = 11.2

rpm -qa | grep postfix
postfix-2.6.1-2.6.1.x86_64
postfix-mysql-2.6.1-2.6.1.x86_64

rpm -qa | grep courier
courier-authlib-0.59.3-44.x86_64
courier-imap-4.1.3-44.x86_64
courier-authlib-mysql-0.59.3-44.x86_64

rpm -qa | grep sasl
cyrus-sasl-gssapi-2.1.23-3.1.x86_64
cyrus-sasl-2.1.23-3.1.x86_64
cyrus-sasl-saslauthd-2.1.23-3.1.x86_64
cyrus-sasl-otp-2.1.23-3.1.x86_64
cyrus-sasl-32bit-2.1.23-3.1.x86_64
cyrus-sasl-digestmd5-2.1.23-3.1.x86_64
cyrus-sasl-plain-2.1.23-3.1.x86_64
cyrus-sasl-crammd5-2.1.23-3.1.x86_64

Any Hint?

Cordially,

Claudio.




Any hint ? How i can debug this?




-- 

Clau

Re: Mainline patch request

[Wietse Venema]

Wietse:
> Sorry, syslogging 1kbyte strings is not a safe setting for world-wide
> deployment, so these patches can't go into the code base as is.

Varadi Gabor:
> Is it a good solution for You, that we put the printout-length to a variable
> to main.cf  which defaults the hardwired value, and anybody can set it
> otherwise if they want?

You are on the right track. First we need a manual page (user
interface design) for configurable logging limits. Postfix has
hard-coded limits on the amount of free text, on the length of a
host/domain name, and on other lengths of text that is written to
logfile. The result of this discussion could be one global limit
for all categories, or different limits for different categories,
or both (where the global limit becomes the default value for the
limits for different categories). It should not be more complicated.

Wietse

Re: Mainline patch request

[Varadi Gabor]

On Tue, Jul 26, 2011 at 07:09:12AM -0400, Wietse Venema wrote:
> Varadi Gabor:
> > Dear Developers!
> > 
> > We are using postfix as an MTA for a long time ago at sevaral places.
> > 
> > We would like if the attached patch(es) gets applied to the mainline so we
> > didn't need to apply it to the source and build a new .deb
> > +package every time a new version came out.
> > 
> > The purpose of the pacth is to put more information to the syslog at the
> > 'cleanup' phase of the letter. It is necessary for us because
> > +we process the syslog in a special way.
> 
> Sorry, syslogging 1kbyte strings is not a safe setting for world-wide
> deployment, so these patches can't go into the code base as is.
> 
>   Wietse

Is it a good solution for You, that we put the printout-length to a variable
to main.cf  which defaults the hardwired value, and anybody can set it
otherwise if they want?

-- 
[Varadi Gabor]

Re: Mainline patch request

[Wietse Venema]

Varadi Gabor:
> Dear Developers!
> 
> We are using postfix as an MTA for a long time ago at sevaral places.
> 
> We would like if the attached patch(es) gets applied to the mainline so we
> didn't need to apply it to the source and build a new .deb
> +package every time a new version came out.
> 
> The purpose of the pacth is to put more information to the syslog at the
> 'cleanup' phase of the letter. It is necessary for us because
> +we process the syslog in a special way.

Sorry, syslogging 1kbyte strings is not a safe setting for world-wide
deployment, so these patches can't go into the code base as is.

Wietse

Re: your mail

[Sahil Tandon]

On Tue, 2011-07-26 at 10:34:57 +0300, kibirango moses wrote:

> I configured recipient_blacklist using postfix as below in order to
> block users from replying fake emails.
> 
> But i am getting problems with my mail clients as they are unable to send 
> mail.

Show logs that relate exactly to the problem you are trying to
troubleshoot.

> smtpd_recipient_restrictions =
> check_recipient_access hash:/etc/postfix/recipient_blacklist

As noted in the DEBUG_README (a document to which you were linked upon
joining this mailing list), please do not cut&paste from main.cf;
instead, paste the output of 'postconf -n'.

-- 
Sahil Tandon 

Mainline patch request

[Varadi Gabor]

Dear Developers!

We are using postfix as an MTA for a long time ago at sevaral places.

We would like if the attached patch(es) gets applied to the mainline so we
didn't need to apply it to the source and build a new .deb
+package every time a new version came out.

The purpose of the pacth is to put more information to the syslog at the
'cleanup' phase of the letter. It is necessary for us because
+we process the syslog in a special way.

Best Regards,
Gabor VARADI

diff -ruN postfix-2.7.1.old/src/cleanup/cleanup_message.c postfix-2.7.1/src/cleanup/cleanup_message.c
--- postfix-2.7.1.old/src/cleanup/cleanup_message.c	2009-04-07 21:57:53.0 +0200
+++ postfix-2.7.1/src/cleanup/cleanup_message.c	2011-07-26 10:30:55.0 +0200
@@ -254,7 +254,7 @@
 
 if ((attr = nvtable_find(state->attr, MAIL_ATTR_LOG_ORIGIN)) == 0)
 	attr = "unknown";
-vstring_sprintf(state->temp1, "%s: %s: %s %.200s from %s;",
+vstring_sprintf(state->temp1, "%s: %s: %s %.1024s from %s;",
 		state->queue_id, action, class, content, attr);
 if (state->sender)
 	vstring_sprintf_append(state->temp1, " from=<%s>", state->sender);
@@ -463,7 +463,7 @@
 const char *map_class;
 
 if (msg_verbose)
-	msg_info("%s: '%.200s'", myname, vstring_str(header_buf));
+	msg_info("%s: '%.1024s'", myname, vstring_str(header_buf));
 
 /*
  * Crude header filtering. This stops malware that isn't sophisticated
diff -ruN postfix-2.7.1.old/src/global/header_body_checks.c postfix-2.7.1/src/global/header_body_checks.c
--- postfix-2.7.1.old/src/global/header_body_checks.c	2008-01-09 15:04:37.0 +0100
+++ postfix-2.7.1/src/global/header_body_checks.c	2011-07-26 10:31:35.0 +0200
@@ -441,10 +441,10 @@
 const HBC_TEST_CONTEXT *dp = (HBC_TEST_CONTEXT *) context;
 
 if (*text) {
-	msg_info("%s: %s: %s %.200s: %s",
+	msg_info("%s: %s: %s %.1024s: %s",
 		 dp->queueid, action, where, content, text);
 } else {
-	msg_info("%s: %s: %s %.200s",
+	msg_info("%s: %s: %s %.1024s",
 		 dp->queueid, action, where, content);
 }
 }
diff -ruN postfix-2.8.3.old/src/cleanup/cleanup_message.c postfix-2.8.3/src/cleanup/cleanup_message.c
--- postfix-2.8.3.old/src/cleanup/cleanup_message.c	2010-07-27 22:34:20.0 +0200
+++ postfix-2.8.3/src/cleanup/cleanup_message.c	2011-07-26 10:34:11.0 +0200
@@ -254,7 +254,7 @@
 
 if ((attr = nvtable_find(state->attr, MAIL_ATTR_LOG_ORIGIN)) == 0)
 	attr = "unknown";
-vstring_sprintf(state->temp1, "%s: %s: %s %.200s from %s;",
+vstring_sprintf(state->temp1, "%s: %s: %s %.1024s from %s;",
 		state->queue_id, action, class, content, attr);
 if (state->sender)
 	vstring_sprintf_append(state->temp1, " from=<%s>", state->sender);
@@ -467,7 +467,7 @@
 const char *map_class;
 
 if (msg_verbose)
-	msg_info("%s: '%.200s'", myname, vstring_str(header_buf));
+	msg_info("%s: '%.1024s'", myname, vstring_str(header_buf));
 
 /*
  * Crude header filtering. This stops malware that isn't sophisticated
diff -ruN postfix-2.8.3.old/src/global/header_body_checks.c postfix-2.8.3/src/global/header_body_checks.c
--- postfix-2.8.3.old/src/global/header_body_checks.c	2010-07-28 01:49:53.0 +0200
+++ postfix-2.8.3/src/global/header_body_checks.c	2011-07-26 10:34:29.0 +0200
@@ -445,10 +445,10 @@
 const HBC_TEST_CONTEXT *dp = (HBC_TEST_CONTEXT *) context;
 
 if (*text) {
-	msg_info("%s: %s: %s %.200s: %s",
+	msg_info("%s: %s: %s %.1024s: %s",
 		 dp->queueid, action, where, content, text);
 } else {
-	msg_info("%s: %s: %s %.200s",
+	msg_info("%s: %s: %s %.1024s",
 		 dp->queueid, action, where, content);
 }
 }

[no subject]

[kibirango moses]

Hullo Users,

I configured recipient_blacklist using postfix as below in order to
block users from replying fake emails.

But i am getting problems with my mail clients as they are unable to send mail.

smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/recipient_blacklist

#postmap /etc/postfix/recipient_blacklist
#postfix reload

recipient_blacklist:

cutomertal...@mytestdomain.comREJECT

Could anyone out there help and advice with this?