Re: changing relayhost based on sender

[Fernando Maior]

Hi Michael,

Did you try to unset the default relayhost and then
setup sender_dependent_relayhost_maps
for the domains and users that should have a relayhost AND no setup maps for
the domains
and users that should not have a relayhost?

Also, may be there is another way to accomplish what you want... What about
to talk about
what is the final effect you are trying to get using those relayhost
techniques you are asking
about?

Best regards,
---
Fernando Maciel Souto Maior
Projetos e Soluções de Tecnologia
LPIC/1(31908), LinuxCounter(391325)



On Thu, Aug 4, 2011 at 2:38 AM, Michael Barrett  wrote:

> Hi, I'm searching for a way to effectively unset relayhost whenever an
> email goes through my postfix 2.7.0 server with a from address coming from
> either a specific email address, or from a specific domain or any email
> address from one of its subdomains.
>
> sender_dependent_relayhost_maps seems like the right place to go with this,
> but I don't see a way to use a blank relayhost entry for the given email
> address.
>
> Basically I imagine it like this:
>
> # in main.cf
> relayhost = smtp.example.com
> sender_dependent_relayhost_maps = hash:/etc/postfix/sender_maps
>
> # in sender_maps
> b...@woohoo.com 
> .foo.com
> foo.com 
>
>
> Let me know if I'm looking at this in the totally wrong way - thanks a ton!
>
> --
> Michael Barrett
> lok...@gmail.com
>
>
>
>
>

changing relayhost based on sender

[Michael Barrett]

Hi, I'm searching for a way to effectively unset relayhost whenever an email 
goes through my postfix 2.7.0 server with a from address coming from either a 
specific email address, or from a specific domain or any email address from one 
of its subdomains.

sender_dependent_relayhost_maps seems like the right place to go with this, but 
I don't see a way to use a blank relayhost entry for the given email address.

Basically I imagine it like this:

# in main.cf
relayhost = smtp.example.com
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_maps

# in sender_maps
b...@woohoo.com 
.foo.com
foo.com 


Let me know if I'm looking at this in the totally wrong way - thanks a ton!

--
Michael Barrett
lok...@gmail.com

Re: patch proposal

[Hari Hendaryanto]

On 8/3/2011 9:23 PM, Wietse Venema wrote:

I have another scenario

tcp:host:port
tcp:/path/name

Sorry, tcp:/path/name is bad user interface design. Everywhere else
in Postfix, one has to specify the socket TYPE before the socket
NAME (with BC compatibility for programs such as the SMTP client
or TCP map that were desigined initially for TCP sockets only).
that's fine with me, on my first. patch i'm using "usock" as dict type, 
since "unix" already
used for unix user/group lookup table. but it has been said that there 
was namespace
issue with that design. well, i guest i have to look for another third 
party work arround  :)





The reason why i wanted this feature is, by using unix domain socket i
can protect my backend server from interference on multiuser environment.
while tcp server is adequate for my single administrator/user
environment server.

And I have to consider the longer-term issue of keeping the system
usable as it evolves. This means I will fight to keep the use
interface clean.
This is very understandable to me :) .  i just want to connect to unix 
domain socket with

with a similar protocol as tcp_table. thanks a lot for attention Wietse.


Wietse




Powered By http://www.3g-net.net

Re: Accepting email regardless of address

[Noel Jones]

On 8/3/2011 11:05 AM, Jirka Bourek wrote:
> Noel Jones wrote:
>>
>> Seems to me if you're getting a "relay access denied" then the
>> @testing.domain is working, and you have some other rule that's
>> rejecting the mail. Or maybe you somehow removed "testing.domain"
>> from relay_domains.
>>
>> Sorry, I don't debug SQL.  I suggest you get it working with flat
>> files first, then duplicate the setup with your SQL.
> 
> With flat files it works as expected - when I add "testing.domain"
> into relay_domains and "@testing.domain OK" into
> relay_recipient_maps hash file, Postfix accepts the mail and
> forwards it.
> 
>>
>>
>>>
>>> I was expecting Postfix to send some query with "@testing.domain"
>>> (which would hint me what should I add into DB), but no such query
>>> in PostgreSQL log.
>>>
>>> Any ideas?
>>
>> Maybe your query is broken.
>>
> 
> That's not what I meant. Le me explain:
> 
> Let's say I use hash file for relay_recipient_maps, and send e-mail
> to recipient@testing.domain. According to Postfix log, it tries to
> find "recipient@testing.domain" in the hash file. It doesn't find
> the record, so in the next step it tries to find "@testing.domain";
> that's there in the form "@testing.domain OK", so Postfix accepts
> the mail.

Good.  That's how it should work.


> 
> When I switch to pgsql, Postfix tries to find
> "recipient@testing.domain" in DB. Again, it finds nothing, but this
> time the other step - attempt to find @testing.domain somehow - is
> skipped and Postfix returns error right away.
> 
> So while it's possible that my query is broken, I was assuming that
> Postfix will try it regardless.

Nothing in the postfix docs support your claim -- postfix
relay_recipient_maps behaves the same regardless of the data source.
 I think your query is broken.

Sorry, I can't help further with debugging your query.  Consider
starting a new thread and including your queries, logs, and postconf -n.



  -- Noel Jones

Re: Accepting email regardless of address

[Jirka Bourek]

Noel Jones wrote:


Seems to me if you're getting a "relay access denied" then the
@testing.domain is working, and you have some other rule that's
rejecting the mail. Or maybe you somehow removed "testing.domain"
from relay_domains.

Sorry, I don't debug SQL.  I suggest you get it working with flat
files first, then duplicate the setup with your SQL.


With flat files it works as expected - when I add "testing.domain" into 
relay_domains and "@testing.domain OK" into relay_recipient_maps hash 
file, Postfix accepts the mail and forwards it.







I was expecting Postfix to send some query with "@testing.domain"
(which would hint me what should I add into DB), but no such query
in PostgreSQL log.

Any ideas?


Maybe your query is broken.



That's not what I meant. Le me explain:

Let's say I use hash file for relay_recipient_maps, and send e-mail to 
recipient@testing.domain. According to Postfix log, it tries to find 
"recipient@testing.domain" in the hash file. It doesn't find the record, 
so in the next step it tries to find "@testing.domain"; that's there in 
the form "@testing.domain OK", so Postfix accepts the mail.


When I switch to pgsql, Postfix tries to find "recipient@testing.domain" 
in DB. Again, it finds nothing, but this time the other step - attempt 
to find @testing.domain somehow - is skipped and Postfix returns error 
right away.


So while it's possible that my query is broken, I was assuming that 
Postfix will try it regardless.

Re: misunderstanding with dovecot

[Andrea Ganduglia]

On Wed, Aug 3, 2011 at 12:19 PM, Stan Hoeppner  wrote:
> On 8/3/2011 2:56 AM, Andrea Ganduglia wrote:
>
>> If I set
>>
>> virtual_transport = dovecot
>>
>> outbound emails are always deferred.
>
> I gave you the correct fix for this a few days ago: 587 submission.

I will try in few days. Thanks again!

Re: misunderstanding with dovecot

[Andrea Ganduglia]

On Wed, Aug 3, 2011 at 4:01 PM, Benny Pedersen  wrote:
> On Wed, 3 Aug 2011 09:56:35 +0200, Andrea Ganduglia wrote:
>>
>> On Mon, Aug 1, 2011 at 5:53 AM, Benny Pedersen  wrote:
>>>
>>> On Fri, 29 Jul 2011 23:34:54 +0200, Andrea Ganduglia wrote:
>>>
 transport_maps = mysql:/etc/postfix/mysql_virtual_transport.cf
 maildrop_destination_recipient_limit = 1
 virtual_transport = virtual
>>>
>>> doh :-)
[..]
>> If I set
>>
>> virtual_transport = dovecot
>> outbound emails are always deferred. In any case this line is wrong
>
> no its not, show postfix logs

U can read my log in my first post.
-Andrea

Re: misunderstanding with dovecot

[Stan Hoeppner]

On 8/3/2011 9:04 AM, Benny Pedersen wrote:
> On Wed, 03 Aug 2011 05:19:10 -0500, Stan Hoeppner wrote:
>> On 8/3/2011 2:56 AM, Andrea Ganduglia wrote:
>>
>>> If I set
>>>
>>> virtual_transport = dovecot
>>>
>>> outbound emails are always deferred.
>>
>> I gave you the correct fix for this a few days ago: 587 submission.
> 
> and note that outbound mails is not handled by dovecot

Benny, you're not helping this thread.  Please butt out.  Viktor and I
have this one covered.  You're merely confusing/distracting the OP.

-- 
Stan

Re: Accepting email regardless of address

[Noel Jones]

On 8/3/2011 6:59 AM, Jirka Bourek wrote:
> 
> and I get "Recipient address rejected: User unknown in relay
> recipient table". Adding "@testing.domain" into table domains leads
> to "Relay access denied"

Seems to me if you're getting a "relay access denied" then the
@testing.domain is working, and you have some other rule that's
rejecting the mail. Or maybe you somehow removed "testing.domain"
from relay_domains.

Sorry, I don't debug SQL.  I suggest you get it working with flat
files first, then duplicate the setup with your SQL.


> 
> I was expecting Postfix to send some query with "@testing.domain"
> (which would hint me what should I add into DB), but no such query
> in PostgreSQL log.
> 
> Any ideas?

Maybe your query is broken.


If you need more help, please see:
http://www.postfix.org/documentation.html
http://www.postfix.org/DEBUG_README.html#mail



  -- Noel Jones

Re: patch proposal

[Wietse Venema]

Hari Hendaryanto:
[ Charset ISO-8859-1 unsupported, converting... ]
> On 8/2/2011 2:29 AM, Wietse Venema wrote:
> > Hari Hendaryanto:
> >> Hello,
> >>
> >> I've created a patch that mimicked tcp_table. however, the table lookups
> >> are directed to a unix domain socket instead of tcp servers.
> >> Actually, the patch itself is a modification of the source code of
> >> tcp_table.
> >>
> >> Map names have the form usock:/path/to/socket
> >>
> >> If i'm not on the right path, can i request similiar feature.? (it would
> >> be great to have both tcp|unix-domain-socket_table)
> >> tcp_table is great, its simple protocol allows us to talk to various
> >> applications.
> >>
> > This really sounds like a name space design issue, since the
> > map-specific protocol does not change.
> >
> >  foo:tcp:host:port
> >  foo:unix:/pathname
> >  foo:tls:tcp:host:port
> >
> > This needs further thought.
> >
> > Wietse
> >
> >
> >
> I have another scenario
> 
> tcp:host:port
> tcp:/path/name

Sorry, tcp:/path/name is bad user interface design. Everywhere else
in Postfix, one has to specify the socket TYPE before the socket
NAME (with BC compatibility for programs such as the SMTP client
or TCP map that were desigined initially for TCP sockets only).

> The reason why i wanted this feature is, by using unix domain socket i 
> can protect my backend server from interference on multiuser environment.
> while tcp server is adequate for my single administrator/user 
> environment server.

And I have to consider the longer-term issue of keeping the system
usable as it evolves. This means I will fight to keep the use
interface clean.

Wietse

Re: postscreen unable to log spamhaus URL

[Wietse Venema]

Jeetu:
[ Charset ISO-8859-1 unsupported, converting... ]
> On 02/08/11 8:02 PM, Wietse Venema wrote:
> > If in doubt, read the fine documentation. As documented, postsceen
> > currently does not have any controls to format the DNSBL reply
> > (other than aliasing the DNSBL domain name).
> 
> Fine Wietse, i found a workaround for this
> i added the foll.
> $cat /etc/postfix/dnsbl_reply
> # Secret DNSBL nameName in postscreen(8) replies
> spamhaus.myoffice.com zen.spamhaus.org; 
> http://www.spamhaus.org/query/bl?ip=${client_addr}
> 
> But in logs I'm getting
> Aug  3 11:13:16 inbound-in-1 postfix/postscreen[30561]: NOQUEUE: reject: 
> RCPT from [x.x.x.x]:3279: 550 5.7.1 Service unavailable; client 
> [x.x.x.x] blocked using zen.spamhaus.org; 
> http://www.spamhaus.org/query/bl?ip=${client_addr}; 
> from=, to=, proto=ESMTP, 
> helo=
> 
> now the ${client_addr} is not getting substituted  for original client 
> address.

R T F M. Postfix behaves as documented.

Wietse

> is there any other way to display client address by postscreen?
> 
> Also i wanted to know if add postscreen_dnsbl_sites then do i need to 
> reject_rbl_client in smtpd_recipient_restrictions ?
> 
> -- 
> -Jeetu
> 
> 

Re: misunderstanding with dovecot

[Benny Pedersen]

On Wed, 03 Aug 2011 05:19:10 -0500, Stan Hoeppner wrote:

On 8/3/2011 2:56 AM, Andrea Ganduglia wrote:


If I set

virtual_transport = dovecot

outbound emails are always deferred.


I gave you the correct fix for this a few days ago: 587 submission.


and note that outbound mails is not handled by dovecot

Re: misunderstanding with dovecot

[Benny Pedersen]

On Wed, 3 Aug 2011 09:56:35 +0200, Andrea Ganduglia wrote:

On Mon, Aug 1, 2011 at 5:53 AM, Benny Pedersen  wrote:

On Fri, 29 Jul 2011 23:34:54 +0200, Andrea Ganduglia wrote:


transport_maps = mysql:/etc/postfix/mysql_virtual_transport.cf
maildrop_destination_recipient_limit = 1
virtual_transport = virtual


doh :-)

virtual is postfix that do not do sieve, it must be dovecot and be 
added to

master.cf as such

http://wiki.dovecot.org/LDA/Postfix

are you running more then one lda ?, eg courier-imap and dovecot ?, 
this can

be pratical under migrations, then your config is ok


If I set

virtual_transport = dovecot
outbound emails are always deferred. In any case this line is wrong


no its not, show postfix logs


(I'm really sorry, it's a cut&paste error)


then virtual_domain_* is not correct to what domain/mailbox dovecot 
will accept, postfix/dovecot must agree



maildrop_destination_recipient_limit = 1
dovecot_destination_recipient_limit = 1


super you spotted this

RE: Postfix , aliases : send messages failed

[Baptiste Bauer]

-Message d'origine-
De : Benny Pedersen [mailto:m...@junc.org] 
Envoyé : mercredi 3 août 2011 15:54
À : postfix-users@postfix.org
Objet : RE: Postfix , aliases : send messages failed

On Wed, 3 Aug 2011 11:29:34 +0200, Baptiste Bauer wrote:
>> the problem lies with the relayhost and must be fixed by the 
>> postmaster of
> the relayhost.
>
> Ok you give me the certitude that the problem must be fixed by the 
> provider.
> The mail are blocked on the relayhost. ( according my logs )

can you use the relayhost with smtp auth ?, if so do this with postfix

> Thank you for your help.

so its solved ?


No  
My provider is proposing a solution, to open my mail server ...and directly 
receive mail on the phone via "pop.mydomain.com" ..etc

Actually they tell me to forward mail coming a foreign domain ( ex: gmail) , 
modify the "sender field to someth...@mydomain.fr" 
So hide the true sender ! 

But I don't know if it is really makeable.

RE: Postfix , aliases : send messages failed

[Benny Pedersen]

On Wed, 3 Aug 2011 11:29:34 +0200, Baptiste Bauer wrote:
the problem lies with the relayhost and must be fixed by the 
postmaster of

the relayhost.

Ok you give me the certitude that the problem must be fixed by the 
provider.

The mail are blocked on the relayhost. ( according my logs )


can you use the relayhost with smtp auth ?, if so do this with postfix


Thank you for your help.


so its solved ?

Re: Accepting email regardless of address

[Jirka Bourek]

Noel Jones wrote:

On 8/2/2011 9:31 AM, Jason Gauthier wrote:

Greetings,

Due to a new business requirement, I need to make a change with postfix that I 
am not certain how to handle.
First, I use postfix as a relay only system.  It does not do local delivery.  
Once it does it's tasks it passes the email to a backend email system.
On the frontend, postfix handles several domains, and will bounce unknown email 
by using relay_recipients:
relay_recipient_maps = hash:/etc/postfix/relay_recipients

relay_recipients is populated from backend from legitimate email addresses.  
These makes the postfix system a nice 'bouncer' for unknowns :)

Now, my requirements have changes.  I have acquired a domain, we'll call it 
xyz.com.   I don't host it, and never have.  Therefore, I do not know what 
email addresses are valid.  I would like to capture *any* email address sent to 
xyz.com and accept it, and deliver it somehow.

I'm not sure how to accomplish this task yet, and looking for ideas.  One 
inchoate idea I have, is translating all the email address to 'xyz.com' to an 
existing, valid, email address.



[We use the term "reject" rather than "bounce".  Reject means your
server never accepts the undeliverable mail, which is good.  Bounce
means you accept the mail and then return it to the (frequently
forged) sender address, which is bad.  Bouncing undeliverable mail
will clog up your mail server with undeliverable messages and will
eventually get you blacklisted.]



First, to accept mail for that domain add the new domain to
relay_domains.
# main.cf
relay_domains =
... exiting domains ...
xyz.example


Since you don't have a list of valid recipients for that domain, add
a wildcard for that domain to relay_recipient_maps and use recipient
address verification.
http://www.postfix.org/postconf.5.html#relay_recipient_maps
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient

# relay_recipient
... existing entries ...
@xyz.example   OK


# main.cf
smtpd_recipient_restrictions =
   permit_mynetworks
# permit_sasl_authenticated
   reject_unauth_destination
   check_recipient_access hash:/etc/postfix/verify_xyz
   ... other existing stuff ...

# verify_xyz
xyz.example  reject_unverified_recipient



Finally, to direct the accepted mail to the proper server, use a
transport_maps entry
http://www.postfix.org/postconf.5.html#transport_maps
http://www.postfix.org/transport.5.html

# main.cf
transport_maps = hash:/etc/postfix/transport

# transport
xyz.example  relay:[ip.add.re.ss]



   -- Noel Jones


If I may hijack the thread... is there a way to achieve this 
functionality with data stored in database (pgsql)?


I came up with following Postfix configuration:

smtpd_recipient_restrictions =
  reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  check_recipient_access hash:/etc/postfix/restrictions/recipients,
  permit_mynetworks,
  reject_unauth_destination,
  permit

relay_domains = pgsql:/etc/postfix/pgsql/vdomains.cf
relay_recipient_maps = pgsql:/etc/postfix/pgsql/vmailbox.cf
transport_maps = pgsql:/etc/postfix/pgsql/relays.cf

vdomains.cf:
SELECT 1 FROM mailroot.domains WHERE domain='%s'

vmailbox.cf:
query = SELECT home FROM mailroot.mailboxes JOIN
   mailroot.domains ON mailboxes.domains_id = domains.id
   WHERE mailboxes.enabled = true AND domains.enabled = true
   AND username = '%u' and domain = '%d'

relays.cf:
query = SELECT storage_path FROM mailroot.storages
   WHERE id = (SELECT storage_id FROM mailroot.domains
 WHERE domain = '%d' and enabled = true)

This works for domains for whose I have list of mailboxes. However I'm 
unable to figure out a way to add "@testing.domain" into 
relay_recipient_maps. When I add "testing.domain" into domains table, 
Postfix sends only these queries:


SELECT 1 FROM mailroot.domains WHERE domain='testing.domain'
SELECT storage_path FROM mailroot.storages
  WHERE id = (SELECT storage_id FROM mailroot.domains
WHERE domain = 'testing.domain' and enabled = true)
SELECT home FROM mailroot.mailboxes JOIN
  mailroot.domains ON mailboxes.domains_id = domains.id
  WHERE mailboxes.enabled = true AND domains.enabled = true
  AND username = 'nonexistent' and domain = 'testing.domain'

and I get "Recipient address rejected: User unknown in relay recipient 
table". Adding "@testing.domain" into table domains leads to "Relay 
access denied"


I was expecting Postfix to send some query with "@testing.domain" (which 
would hint me what should I add into DB), but no such query in 
PostgreSQL log.


Any ideas?

Re: postscreen unable to log spamhaus URL

[Noel Jones]

On 8/3/2011 12:49 AM, Jeetu wrote:
> On 02/08/11 8:02 PM, Wietse Venema wrote:
>> If in doubt, read the fine documentation. As documented, postsceen
>> currently does not have any controls to format the DNSBL reply
>> (other than aliasing the DNSBL domain name).
> 
> Fine Wietse, i found a workaround for this
> i added the foll.
> $cat /etc/postfix/dnsbl_reply
> # Secret DNSBL nameName in postscreen(8) replies
> spamhaus.myoffice.com zen.spamhaus.org;
> http://www.spamhaus.org/query/bl?ip=${client_addr}
> 
> But in logs I'm getting
> Aug  3 11:13:16 inbound-in-1 postfix/postscreen[30561]: NOQUEUE:
> reject: RCPT from [x.x.x.x]:3279: 550 5.7.1 Service unavailable;
> client [x.x.x.x] blocked using zen.spamhaus.org;
> http://www.spamhaus.org/query/bl?ip=${client_addr};
> from=, to=, proto=ESMTP,
> helo=
> 
> now the ${client_addr} is not getting substituted  for original
> client address.

Correct.
http://www.postfix.org/postconf.5.html#postscreen_dnsbl_reply_map
does not support macro expansion.

> is there any other way to display client address by postscreen?

You can use
http://www.postfix.org/postconf.5.html#postscreen_reject_footer
to send additional data to the client.  However, the footer isn't
logged.

I use this:
postscreen_reject_footer = $smtpd_reject_footer
smtpd_reject_footer = Contact postmas...@example.org for assistance.
 Include this data: servertime=($localtime)
client=([$client_address]:$client_port) server=($server_name)


> 
> Also i wanted to know if add postscreen_dnsbl_sites then do i need
> to reject_rbl_client in smtpd_recipient_restrictions ?
> 

Your choice.  The caching behavior of dnsbl is a little different in
smtpd vs. postscreen -- in particular, postscreen will
auto-whitelist sites that pass dnsbl tests for $postscreen_dnsbl_ttl.
http://www.postfix.org/postconf.5.html#postscreen_dnsbl_ttl



  -- Noel Jones

Re: misunderstanding with dovecot

[Stan Hoeppner]

On 8/3/2011 2:56 AM, Andrea Ganduglia wrote:

> If I set
> 
> virtual_transport = dovecot
> 
> outbound emails are always deferred.

I gave you the correct fix for this a few days ago: 587 submission.

-- 
Stan

RE: Postfix , aliases : send messages failed

[Baptiste Bauer]

> the problem lies with the relayhost and must be fixed by the postmaster of
the relayhost.

Ok you give me the certitude that the problem must be fixed by the provider.

The mail are blocked on the relayhost. ( according my logs )

Thank you for your help.

Re: Postfix , aliases : send messages failed

[Ansgar Wiechers]

On 2011-08-03 Baptiste Bauer wrote:
> De : Ansgar Wiechers [mailto:li...@planetcobalt.net] Envoyé : mercredi 
>> Sorry, but this isn't clear at all. Please rephrase, because I have no 
>> idea what you're asking here.
> 
> I draw something, it could be easy to explain : 
> http://img827.imageshack.us/img827/5074/shemax.jpg
> 
> you must know my relay is close. 
> And my Boss forbids me to open it !

Umm... I would certainly hope so. You probably won't get any help from
anyone on this list for configuring an open relay. We're getting enough
spam as it is, thank you.

> So,
> Is it possible for a mail from foreigner@otherland to be forward  : 
> 
> nam...@domaine.com --> Alias @world

The sender address (From:) isn't relevant for relaying. The recipient
address (To:) is.

So, at which point does the message delivery fail? Please show a full
transaction from the point where a mail from 
enters your Postfix to the point where the delivery fails. Try to grep a
specific queue-ID from your mail.log. Example with the queue-ID from the
log-line you posted earlier:

  grep 87CA012C922 /var/log/mail.log

If the delivery fails because your relayhost refuses to relay the
message, then - like I said before - the problem lies with the relayhost
and must be fixed by the postmaster of the relayhost.

Regards
Ansgar Wiechers
-- 
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky

RE: Postfix , aliases : send messages failed

[Baptiste Bauer]

>De : Ansgar Wiechers [mailto:li...@planetcobalt.net] Envoyé : mercredi 
>3 août 2011 10:08 À : postfix-users@postfix.org Objet : Re: Postfix , 
>aliases : send messages failed

>Sorry, but this isn't clear at all. Please rephrase, because I have no 
>idea what you're asking here.

>Regards
>Ansgar Wiechers


I draw something, it could be easy to explain : 
http://img827.imageshack.us/img827/5074/shemax.jpg

you must know my relay is close. 
And my Boss forbids me to open it !
So,
Is it possible for a mail from foreigner@otherland to be forward  : 

nam...@domaine.com --> Alias @world


I hope you understand know ^^

Re: Postfix , aliases : send messages failed

[Ansgar Wiechers]

On 2011-08-03 Baptiste Bauer wrote:
> On 2011-08-03 Baptiste Bauer wrote:
>> I phoned yesterday my provider, it propose me a relay with necessary
>> opening port.
>> But securities system problems could exist , what is the critical
>> level ?
>
> To be clear :
>
> It is IMPOSSIBLE to  "transport", "forward" , "alias" a mail from an
> unknow domain  to an outdoordomain ( like @blackberry),
>
> WITH
>
> A closed Relay?
> No hint ? no ticks ?

Sorry, but this isn't clear at all. Please rephrase, because I have no
idea what you're asking here.

Regards
Ansgar Wiechers
-- 
"Abstractions save us time working, but they don't save us time
learning."
--Joel Spolsky

Re: postscreen: unknown command: OK

[Ralf Hildebrandt]

* Jeetu :
> On 03/08/11 12:48 AM, Ralf Hildebrandt wrote:
> >>$head /etc/postfix/whitelisted_clients
> >>>  x.x.x.x  OK
> >>>  x.x.x.x  OK
> >permit, not OK.
> 
> ok. i wanted to know if i add access_list in postscreen, 
> then do i need it in smtpd_recipient_restrictions or i can just remove
> it from there ?

I don't understand the question. What you add in
/etc/postfix/whitelisted_clients is valid for POSTSCREEN only. If your
smtpd_recipient_restrictions should (for whatever reason) block the
SAME IP you also need to whitelist there as well!

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: misunderstanding with dovecot

[Andrea Ganduglia]

On Mon, Aug 1, 2011 at 5:53 AM, Benny Pedersen  wrote:
> On Fri, 29 Jul 2011 23:34:54 +0200, Andrea Ganduglia wrote:
>
>> transport_maps = mysql:/etc/postfix/mysql_virtual_transport.cf
>> maildrop_destination_recipient_limit = 1
>> virtual_transport = virtual
>
> doh :-)
>
> virtual is postfix that do not do sieve, it must be dovecot and be added to
> master.cf as such
>
> http://wiki.dovecot.org/LDA/Postfix
>
> are you running more then one lda ?, eg courier-imap and dovecot ?, this can
> be pratical under migrations, then your config is ok

If I set

virtual_transport = dovecot

outbound emails are always deferred. In any case this line is wrong
(I'm really sorry, it's a cut&paste error)

maildrop_destination_recipient_limit = 1

this line is

dovecot_destination_recipient_limit = 1

-Andrea

Re: misunderstanding with dovecot

[Andrea Ganduglia]

On Sun, Jul 31, 2011 at 11:08 PM, Victor Duchovni
 wrote:
> On Sat, Jul 30, 2011 at 12:20:40PM +0200, Andrea Ganduglia wrote:
>
>>  Without transport_maps it doesn't works. If I set virtual_transport =
>>  dovecot log returns relay=none
>> >>>
>> >>> The "virtual_transport" setting only applies to domains that are listed
>> >>> in virtual_mailbox_domains. If adding the domain to the transport table
>> >>> works, while setting virtual_transport does not, clearly the domain
>> >>> is not listed in virtual_mailbox_domains.
>>
>> I hope so! I logged my queries:
>>
>>  84 Query     SELECT domain FROM domain WHERE domain='example.com' and
>> backupmx = '0' and active = '1'
>>  85 Query     SELECT "dovecot" AS transport FROM mailbox WHERE domain
>> = 'example.com' LIMIT 1
>>
>> If I run those from cmd line they work. :-/
>
> The words "they work" communicate no information at all. We know the
> domain is not a virtual mailbox domain. Now find out why.
>
> What does
>
>        postmap -q the-domain-in-question mysql:the-table-config.cf
>
> return? Does the domain also match any of the other address classes?

I'm sorry, I think I don't understand this question. I'll try...

# postmap -q example.com
mysql:/etc/postfix/mysql_virtual_domains_maps.cf
example.com

?

With  I meant: those queries return expected result.

Re: patch proposal

[Hari Hendaryanto]

On 8/2/2011 2:29 AM, Wietse Venema wrote:

Hari Hendaryanto:

Hello,

I've created a patch that mimicked tcp_table. however, the table lookups
are directed to a unix domain socket instead of tcp servers.
Actually, the patch itself is a modification of the source code of
tcp_table.

Map names have the form usock:/path/to/socket

If i'm not on the right path, can i request similiar feature.? (it would
be great to have both tcp|unix-domain-socket_table)
tcp_table is great, its simple protocol allows us to talk to various
applications.


This really sounds like a name space design issue, since the
map-specific protocol does not change.

 foo:tcp:host:port
 foo:unix:/pathname
 foo:tls:tcp:host:port

This needs further thought.

Wietse




I have another scenario

tcp:host:port
tcp:/path/name

The reason why i wanted this feature is, by using unix domain socket i 
can protect my backend server from interference on multiuser environment.
while tcp server is adequate for my single administrator/user 
environment server.


TIA


Powered By http://www.3g-net.net
diff -Nur postfix-2.8.4.orig/src/util/dict_tcp.c 
postfix-2.8.4/src/util/dict_tcp.c
--- postfix-2.8.4.orig/src/util/dict_tcp.c  2011-08-03 09:08:47.004900911 
+0700
+++ postfix-2.8.4/src/util/dict_tcp.c   2011-08-03 09:05:20.022106313 +0700
@@ -117,15 +117,22 @@
 static int dict_tcp_connect(DICT_TCP *dict_tcp)
 {
 int fd;
+char   *cp;
 
 /*
  * Connect to the server. Enforce a time limit on all operations so that
  * we do not get stuck.
  */
-if ((fd = inet_connect(dict_tcp->dict.name, NON_BLOCKING, DICT_TCP_TMOUT)) 
< 0) {
-   msg_warn("connect to TCP map %s: %m", dict_tcp->dict.name);
-   return (-1);
+if ((cp = strchr(dict_tcp->dict.name, ':')) != 0)
+fd = inet_connect(dict_tcp->dict.name, NON_BLOCKING, DICT_TCP_TMOUT);
+else if ((cp = strchr(dict_tcp->dict.name, '/')) != 0)
+fd = unix_connect(dict_tcp->dict.name, NON_BLOCKING, DICT_TCP_TMOUT);
+
+if (fd < 0) {
+msg_warn("connect to TCP map %s: %m", dict_tcp->dict.name);
+return (-1);
 }
+
 dict_tcp->fp = vstream_fdopen(fd, O_RDWR);
 vstream_control(dict_tcp->fp,
VSTREAM_CTL_TIMEOUT, DICT_TCP_TMOUT,