Re: Postscreen questions

[/dev/rob0]

On Saturday 19 November 2011 23:30:21 Alex wrote:
> I have two postfix-v2.8.5 hosts for one domain and have configured
> postscreen on both of them using 'ignore' for all options while I
> experiment. I have a few questions that I hoped someone could help
> me to answer:
> 
> - Do I still need the reject_rbl_client commands in
> smtpd_recipient_restrictions?

They don't hurt at all, and might help. If, for example, while under 
high load, the query from dnsblog(8) times out -- by the time it gets 
to smtpd_recipient_restrictions, the result might be available.

If they were okay before postscreen, keep them.

> - Is PREGREET always a sign of a zombie connection or misconfigured
> client, or is it possible for properly configured clients to also
> speak before their turn?

It's safe. The only drawback is the pain of delaying mail.

> - Is something like this pregreet enough to reject the client and
> blacklist them?
>   Nov 19 23:45:06 mail02 postfix/postscreen[12487]: PREGREET 16
> after 0.36 from [113.177.86.240]:1974: HELO localhost\r\n

Pregreet traffic and "HELO localhost" are each very strong spam signs. 
In fact I believe that CBL (which is part of Zen) lists "HELO 
localhost" clients.

> - I don't fully understand the "MX Policy test" section of the
> HOWTO. How do I configure postscreen to listen on both the primary
> and backup MX addresses? Is this referring to create a virtual
> interface for the backup MX on the actual primary server? So there
> would be two IPs for the backup MX host?

You bind another IP address on the interface of the default route. 
This is not a "virtual interface", this is merely another IP address 
bound on the same host. "dig slackbuilds.org. mx", this is mine. .211 
is the primary, .214 secondary. .214 is excepted from 
postscreen_whitelist_interfaces. See 
postconf.5.html#postscreen_whitelist_interfaces for syntax.

Offer void where taxed or prohibited, or behind some weird NAT router, 
or if not using Postfix 2.9.

> - Is this the sign of a problem or does this error occur normally?
>   Nov 19 23:46:08 mail02 postfix/master[5814]: warning: process
> /usr/libexec/postfix/postscreen pid 12487 exit status 1

That is a problem, and you need to see what postscreen itself said 
upon exit. This is why separate logfiles by priority is often 
confusing. You need to see mail.* logging for this event.

> - I believe something I did during testing was rejecting valid
> mail. I enabled pipelining and bare_newline, but both were only
> ever set to 'ignore':
> 
>   postscreen_pipelining_enable = yes
>   postscreen_pipelining_action = ignore
>   postscreen_bare_newline_enable = yes
>   postscreen_bare_newline_action = ignore
> 
> Could one of these options have caused this error below? If not,
> any idea how this could have happened? Will clients resend, or
> have I lost mail here and the sender notified?
> 
> Nov 20 00:02:55 mail02 postfix/postscreen[20334]: NOQUEUE: reject:
> RCPT from [93.74.115.187]:64752: 450 4.3.2 Service currently
> unavailable; from=,
> to=, proto=SMTP,
> helo=

This is normal and expected. Reread POSTSCREEN_README.html#after_220  
namely, the "Important note" and following text.
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Postscreen questions

[Alex]

Hi,

I have two postfix-v2.8.5 hosts for one domain and have configured
postscreen on both of them using 'ignore' for all options while I
experiment. I have a few questions that I hoped someone could help me
to answer:

- Do I still need the reject_rbl_client commands in
smtpd_recipient_restrictions?

- Is PREGREET always a sign of a zombie connection or misconfigured
client, or is it possible for properly configured clients to also
speak before their turn?

- Is something like this pregreet enough to reject the client and
blacklist them?
  Nov 19 23:45:06 mail02 postfix/postscreen[12487]: PREGREET 16 after
0.36 from [113.177.86.240]:1974: HELO localhost\r\n

- I don't fully understand the "MX Policy test" section of the HOWTO.
How do I configure postscreen to listen on both the primary and backup
MX addresses? Is this referring to create a virtual interface for the
backup MX on the actual primary server? So there would be two IPs for
the backup MX host?

- Is this the sign of a problem or does this error occur normally?
  Nov 19 23:46:08 mail02 postfix/master[5814]: warning: process
/usr/libexec/postfix/postscreen pid 12487 exit status 1

- I believe something I did during testing was rejecting valid mail. I
enabled pipelining and bare_newline, but both were only ever set to
'ignore':

  postscreen_pipelining_enable = yes
  postscreen_pipelining_action = ignore
  postscreen_bare_newline_enable = yes
  postscreen_bare_newline_action = ignore

Could one of these options have caused this error below? If not, any
idea how this could have happened? Will clients resend, or have I lost
mail here and the sender notified?

Nov 20 00:02:55 mail02 postfix/postscreen[20334]: NOQUEUE: reject:
RCPT from [93.74.115.187]:64752: 450 4.3.2 Service currently
unavailable; from=, to=,
proto=SMTP, helo=

Thanks so much.
Best,
Alex

Re: Block Mails from .info top level domain

[Stan Hoeppner]

On 11/19/2011 8:30 PM, Chaminda Indrajith wrote:
> Dear ALL,
> Is there a way of blocking mails from a top level domain? I have serious
> trouble with .info top level domain. Spamers send bulk mails from
> changing domain names under .info (Example: fakedomain1.info
> fakedomain2.info etc.)
> I tried to block it from sender restrictions, but it is not effective.

Using the EUSRR (everything under smtpd_recipient_restrictions) style of
main.cf, this will meet your needs.  I've been using it for a long time
with good results (but with a much longer list of TLDs than I included
here).


smtpd_recipient_restrictions =
 permit_mynetworks
 reject_unauth_destination
 ...
 check_reverse_client_hostname_access pcre:/etc/postfix/tld.pcre
 check_helo_access pcre:/etc/postfix/tld.pcre
 ...


/etc/postfix/tld.pcre

# reject mail from the following TLDs

/^.*?(cn|info|kr|my|ng|)$/i 550 We do not accept mail from .$1 domains



-- 
Stan

Re: How to set Postfix to send bounces to i...@mydomain.com

[Jeroen Geilman]

On 2011-11-20 03:06, peng...@sepserver.net wrote:

I have three email servers in my zone:

mx1.emailsrvr.compriority10
mx2.emailsrvr.compriority20
pinkie.mydomain.compriority80<--- PostFix

I want all the Non Delivery Reports from pinkie.mydomain.com to go to
i...@mydomain.com which is a mail account that exists on mx1.emailsrvr.com.
Does anyone know how to do that?


As defined in RFC 5321 section 4.4, "Trace Information": 
http://tools.ietf.org/html/rfc5321#section-4.4


When the delivery SMTP server makes the "final delivery" of a 
message, it inserts a return-path line at the beginning of the mail data.

This use of return-path is required; mail systems MUST support it.
The return-path line preserves the information in the path> from the MAIL command.

<...>
* It is possible for the mailbox in the return path to be different 
from the actual sender's mailbox, for example, if error responses are to 
be delivered to a special error handling mailbox rather than to the 
message sender. *


Hence, you can set Return-Path: to your DSN return address when 
delivering the message.


However, you do not want to do that unless you know exactly why, which 
you don't.



--
J.

Re: Block Mails from .info top level domain

[Reindl Harald]

Am 20.11.2011 03:44, schrieb Chaminda Indrajith:
> Actually, I have used reject_unknown_sender_domain in main.cf.
> 
> On Sun, 20 Nov 2011 08:10:40 +0530
>  "Chaminda Indrajith"  wrote:
>> Harald...
>> Sometimes... we can find the registered domains under .info
>>
>> On Sun, 20 Nov 2011 03:33:45 +0100
>>  Reindl Harald  wrote:
>>>
>>>
>>> Am 20.11.2011 03:30, schrieb Chaminda Indrajith:
 Dear ALL,
 Is there a way of blocking mails from a top level domain? I have serious 
 trouble with .info top level domain.
 Spamers send bulk mails from changing domain names under .info (Example: 
 fakedomain1.info fakedomain2.info etc.)
 I tried to block it from sender restrictions, but it is not effective.
>>>
>>> if these are really fake-domains "reject_unknown_sender_domain" would
>>> be a better friend than blocking a whole TLD

what means actually?
before or after my reply?

and PLEASE do NOT top-post because it is unacepptable for each other out there
to read a thread where questions and ansers are in a random order, it is ok
after a answer in top of the question but NOT if you get a answer below



signature.asc
Description: OpenPGP digital signature

Re: Block Mails from .info top level domain

[Chaminda Indrajith]

Actually, I have used reject_unknown_sender_domain in main.cf.

On Sun, 20 Nov 2011 08:10:40 +0530
 "Chaminda Indrajith"  wrote:

Harald...
Sometimes... we can find the registered domains under .info

On Sun, 20 Nov 2011 03:33:45 +0100
 Reindl Harald  wrote:



Am 20.11.2011 03:30, schrieb Chaminda Indrajith:

Dear ALL,
Is there a way of blocking mails from a top level domain? I have 
serious trouble with .info top level domain.
Spamers send bulk mails from changing domain names under .info 
(Example: fakedomain1.info fakedomain2.info etc.)
I tried to block it from sender restrictions, but it is not 
effective.


if these are really fake-domains "reject_unknown_sender_domain" 
would

be a better friend than blocking a whole TLD

Re: Block Mails from .info top level domain

[Reindl Harald]

Am 20.11.2011 03:40, schrieb Chaminda Indrajith:
> Harald...
> Sometimes... we can find the registered domains under .info
> 
> On Sun, 20 Nov 2011 03:33:45 +0100
>  Reindl Harald  wrote:
>>
>>
>> Am 20.11.2011 03:30, schrieb Chaminda Indrajith:
>>> Dear ALL,
>>> Is there a way of blocking mails from a top level domain? I have serious 
>>> trouble with .info top level domain.
>>> Spamers send bulk mails from changing domain names under .info (Example: 
>>> fakedomain1.info fakedomain2.info etc.)
>>> I tried to block it from sender restrictions, but it is not effective.
>>
>> if these are really fake-domains "reject_unknown_sender_domain" would
>> be a better friend than blocking a whole TLD

please do not top-post if you got a reply below yours!

yes, sometimes, but sometimes you got regular mails from domains in .info

using TKIM, SPF, Blacklists, Spam-Filters or whatever would be a better
advise than blocking a TLD because some idiots out there - what are
you doing if they switch to .com/.org?



signature.asc
Description: OpenPGP digital signature

Re: Block Mails from .info top level domain

[Chaminda Indrajith]

Harald...
Sometimes... we can find the registered domains under .info

On Sun, 20 Nov 2011 03:33:45 +0100
 Reindl Harald  wrote:



Am 20.11.2011 03:30, schrieb Chaminda Indrajith:

Dear ALL,
Is there a way of blocking mails from a top level domain? I have 
serious trouble with .info top level domain.
Spamers send bulk mails from changing domain names under .info 
(Example: fakedomain1.info fakedomain2.info etc.)
I tried to block it from sender restrictions, but it is not 
effective.


if these are really fake-domains "reject_unknown_sender_domain" 
would

be a better friend than blocking a whole TLD

Re: Block Mails from .info top level domain

[Reindl Harald]

Am 20.11.2011 03:30, schrieb Chaminda Indrajith:
> Dear ALL,
> Is there a way of blocking mails from a top level domain? I have serious 
> trouble with .info top level domain.
> Spamers send bulk mails from changing domain names under .info (Example: 
> fakedomain1.info fakedomain2.info etc.)
> I tried to block it from sender restrictions, but it is not effective.

if these are really fake-domains "reject_unknown_sender_domain" would
be a better friend than blocking a whole TLD




signature.asc
Description: OpenPGP digital signature

Block Mails from .info top level domain

[Chaminda Indrajith]

Dear ALL,
Is there a way of blocking mails from a top level domain? I have 
serious trouble with .info top level domain. Spamers send bulk mails 
from changing domain names under .info (Example: fakedomain1.info 
fakedomain2.info etc.)

I tried to block it from sender restrictions, but it is not effective.

Thanks
Indrajith

Re: rambo

[Reindl Harald]

Am 20.11.2011 02:58, schrieb peng...@sepserver.net:
> On Sat, 19 Nov 2011 05:12:06 +0100, Reindl Harald 
>> that your mail is at mx1.emailsrvr.com and what happened
>> there with it you can find in the log of this machine
>>
>> BTW: "rambo" is a useless thread-subject!
> 
> Thanks for the correct answer! 

that is why mailing-lists are existing :-)

> By the way I'll do a much better job with
> my subject lines but can you guys lighten up and have some fun? Don't y'all
> think that rambo is a funny subject line? Computers should be fun!

if you search help and want that busy people read your messages
fun is not useful - 10 out of 1000 will delete such a message
in these days even if they could help you

the most important part of a e-mail is the subject
if it looks like spam or not interesting the mail may be ignored





signature.asc
Description: OpenPGP digital signature

How to set Postfix to send bounces to i...@mydomain.com

[penguin]

I have three email servers in my zone:

mx1.emailsrvr.compriority10
mx2.emailsrvr.compriority20
pinkie.mydomain.compriority80 <--- PostFix

I want all the Non Delivery Reports from pinkie.mydomain.com to go to
i...@mydomain.com which is a mail account that exists on mx1.emailsrvr.com.
Does anyone know how to do that?

Re: rambo

[penguin]

On Sat, 19 Nov 2011 05:12:06 +0100, Reindl Harald 
wrote:
> Am 19.11.2011 02:05, schrieb peng...@sepserver.net:
>> What do I make out of this?
>> 
>> Nov 19 00:07:39 pinkie postfix/smtp[8661]: ABEB11855B:
>> to=, relay=mx1.emailsrvr.com[72.4.117.21]:25,
>> delay=75, delays=75/0.01/0.25/0.24
> 
> that your mail is at mx1.emailsrvr.com and what happened
> there with it you can find in the log of this machine
> 
> BTW: "rambo" is a useless thread-subject!

Thanks for the correct answer! By the way I'll do a much better job with
my subject lines but can you guys lighten up and have some fun? Don't y'all
think that rambo is a funny subject line? Computers should be fun!

Re: bin/postconf: fatal: open /usr/local/etc/postfix/master.cf: No such file or directory

[Wietse Venema]

Sahil Tandon:
> On Sat, 2011-11-19 at 18:08:34 -0500, Wietse Venema wrote:
> 
> > Sahil Tandon:
> > > When trying to install snapshot 2018, I get a fatal postconf error
> > > if master.cf does not exist in the $config_directory.  There is no
> > > problem if main.cf is missing from $config_directory; bin/postconf only
> > > seems to complain (at install stage, when called by the postfix-install
> > > script) if master.cf is not found.  This is new to me, and could very
> > > well be idiosyncratic to my installation procedure. But before I
> > > troubleshoot further on my end, I wonder if anyone else can generally
> > > reproduce this?
> > 
> > This is easy enough to fix.
> 
> [ .. ]
> 
> Indeed.  Thanks!

I'll roll it out as 2019.

Wietse

Re: bin/postconf: fatal: open /usr/local/etc/postfix/master.cf: No such file or directory

[Sahil Tandon]

On Sat, 2011-11-19 at 18:08:34 -0500, Wietse Venema wrote:

> Sahil Tandon:
> > When trying to install snapshot 2018, I get a fatal postconf error
> > if master.cf does not exist in the $config_directory.  There is no
> > problem if main.cf is missing from $config_directory; bin/postconf only
> > seems to complain (at install stage, when called by the postfix-install
> > script) if master.cf is not found.  This is new to me, and could very
> > well be idiosyncratic to my installation procedure. But before I
> > troubleshoot further on my end, I wonder if anyone else can generally
> > reproduce this?
> 
> This is easy enough to fix.

[ .. ]

Indeed.  Thanks!

-- 
Sahil Tandon

Re: bin/postconf: fatal: open /usr/local/etc/postfix/master.cf: No such file or directory

[Wietse Venema]

Sahil Tandon:
> When trying to install snapshot 2018, I get a fatal postconf error
> if master.cf does not exist in the $config_directory.  There is no
> problem if main.cf is missing from $config_directory; bin/postconf only
> seems to complain (at install stage, when called by the postfix-install
> script) if master.cf is not found.  This is new to me, and could very
> well be idiosyncratic to my installation procedure. But before I
> troubleshoot further on my end, I wonder if anyone else can generally
> reproduce this?

This is easy enough to fix.

Wietse

*** /var/tmp/postfix-2.9-2018/postfix-install   Thu Jun 23 12:20:21 2011
--- ./postfix-install   Sat Nov 19 18:06:05 2011
***
*** 363,369 
  
  : ${install_root=/}
  : ${tempdir=`pwd`}
! : ${config_directory=`bin/postconf -h -d config_directory`}
  
  # Find out the location of installed configuration files.
  
--- 363,369 
  
  : ${install_root=/}
  : ${tempdir=`pwd`}
! : ${config_directory=`bin/postconf -c conf -h -d config_directory`}
  
  # Find out the location of installed configuration files.
  
***
*** 446,452 
  case "$junk" in
  "") eval unset $name;;
  esac
! eval : \${$name=\`bin/postconf -d -h $name\`} || exit 1
  done
  
  # Override settings manually.
--- 446,452 
  case "$junk" in
  "") eval unset $name;;
  esac
! eval : \${$name=\`bin/postconf -c conf -d -h $name\`} || exit 1
  done
  
  # Override settings manually.

bin/postconf: fatal: open /usr/local/etc/postfix/master.cf: No such file or directory

[Sahil Tandon]

When trying to install snapshot 2018, I get a fatal postconf error
if master.cf does not exist in the $config_directory.  There is no
problem if main.cf is missing from $config_directory; bin/postconf only
seems to complain (at install stage, when called by the postfix-install
script) if master.cf is not found.  This is new to me, and could very
well be idiosyncratic to my installation procedure. But before I
troubleshoot further on my end, I wonder if anyone else can generally
reproduce this?

-- 
Sahil Tandon

Re: rambo

[John Hudak]

Yes,
"Giving your post a "good" subject
line would be a desirable concept though"

Yes, exactly. One would think that 'common sense' would win out over
ignorance or stupidity.  I would even settle for a modicom of logic...

I figure it this way, if someone can't take the time to make a reasonable
posting, I can't take the time to read or even answer the question.  As in
this case, I opt not to answer.
It is ashame there has to be posting guidelines/forum etiquette in the
first place...politness and common sense should have been instilled at an
early age.
Then again, ignorant ppl would think guidelines don't apply to them.
Also, ever notice how ppl cannot compose a well formed question?  It is
maddening.

Time to jettison internet 1 and start internet 2 where certain credentials
need to be verified to participate.
-John


On Sat, Nov 19, 2011 at 7:33 AM, Jerry  wrote:

> On Sat, 19 Nov 2011 10:38:20 +0100
> Patrick Ben Koetter articulated:
>
> > * Tõnu Samuel :
> > > On Sat, 2011-11-19 at 00:23 +, peng...@sepserver.net wrote:
> > > > Pasted at the bottom of my message is my telnet session. Where is
> > > > my mail? It is not in /var/mail nor is it in /root/Mail. It was
> > > > supposed to have been delivered yet I do not see it. Is this
> > > > maybe because I am using courier?
> > >
> > > Completely on different topic. Just this message subject was
> > > something made me half way to press "Junk" button on mail client.
> > >
> > > I know this caused already flamewars 10 years ago but I think would
> > > be good to tune this list to use list name in subject like most
> > > lists do. This reduces change of being falsely identified as spam
> > > and reported to spamcop.
> >
> > Modifying the subject (and adding a footer) tends to break DKIM
> > signatures.
>
> There are many varied thoughts on how to deliver "list mail".
> Personally, I would like to see "List-Id:" used in the mail headers;
> however, all of that is really OT. Giving your post a "good" subject
> line would be a desirable concept though.
>
> --
> Jerry ✌
> postfix-u...@seibercom.net
> _
> TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
> TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
>
>

Re: mail defered on local network

[Tim Dunphy]

thank you again Wietse. It's an honor to hear from the creator of postfix. This 
problem is now solved and I have learned a lesson about how to deal with this 
situation.

best!
tim

- Original Message -
From: "Tim Dunphy" 
To: "Postfix users" 
Sent: Friday, November 18, 2011 10:26:24 AM
Subject: Re: mail defered on local network

Thank you Wietse,

 I appreciate your reply. Here's what I've found.
 
 From the problem host:

 [monitor03:myuser:~]$telnet alt4.gmail-smtp-in.l.google.com
Trying 74.125.39.26...
telnet: connect to address 74.125.39.26: Connection refused

 From the EC2 instance:

 [root@puppet ~]# telnet alt4.gmail-smtp-in.l.google.com 25
Trying 74.125.43.27...
Connected to alt4.gmail-smtp-in.l.google.com (74.125.43.27).
Escape character is '^]'.
220 mx.google.com ESMTP uh9si876412bkb.108
HELO puppet
250 mx.google.com at your service


 So I think I understand your point that this is not a matter of correcting a 
configuration error in postfix, but rather it seems that port 25 outbound is 
blocked on this network.


Thanks,
TIm




- Original Message -
From: "Wietse Venema" 
To: "Postfix users" 
Sent: Friday, November 18, 2011 8:33:29 AM
Subject: Re: mail defered on local network

Tim Dunphy:
>   [monitor03:root:/etc/postfix]#telnet localhost 25
...
>   [root@cloud postfix]# telnet localhost 25

The problem is with DELIVERING mail not receiving it.

Therefore, try to telnet to the DESTINATION, not the Postfix MTA.

Wietse

Re: postfix, dovecot, and virtual quotas

[Benny Pedersen]

On Thu, 17 Nov 2011 13:45:14 -0500, David Mehler wrote:


I've got a postfix system serving virtual mailbox domains. It's using
Dovecot as an LDA, and I'm wanting to hook in quotas. My thinking is
that I have to do this in the LDA, but I'm curious about the
virtual_mailbox_limit parameter in main.cf? Is it used for quota or
size limits when using dovecot as an LDA?


http://wiki.dovecot.org/Quota/Dict
http://www.kutukupret.com/2011/07/14/postfix-dynamic-overquota-user-map-script-using-bash-and-inotifywait/

bash is not needed when dovecot do it

Re: Strange transport problem

[Noel Jones]

On 11/19/2011 10:03 AM, Anne Wilson wrote:

> What I want to achieve - any mail addressed to x...@lydgate.lan is put onto 
> my 
> IMAP server's mail spool for the person concerned.  

All domains listed in mydestination are delivered on the local machine.
http://www.postfix.org/BASIC_CONFIGURATION_README.html#mydestination

So according to your stated goals, use:
mydestination = lydgate.lan


> Any mail other than 
> addressed to x...@lydgate.lan should go to mailhost.zen.co.uk.

To deliver everything else to your ISPs mail relay, put that in the
relayhost parameter
relayhost = [mailhost.zen.co.uk]
http://www.postfix.org/BASIC_CONFIGURATION_README.html#relayhost

You likely don't need transport_maps because it's for exceptions to
the above delivery rules.

> In view of this, what should $myorigin and $mydestination be?

http://www.postfix.org/BASIC_CONFIGURATION_README.html#myorigin
myorigin = lydgate.lan



All your questions are answered here:
http://www.postfix.org/documentation.html

If you're not familiar with general email principals you may need to
review the various README files several times before they start to
make sense.  But they will.




  -- Noel Jones

Re: Strange transport problem

[Anne Wilson]

On Saturday 19 November 2011 14:57:44 Anne Wilson wrote:
> On Saturday 19 November 2011 04:21:21 Anne Wilson wrote:
> > On Saturday 19 November 2011 08:51:16 Stefan wrote:
> > > On Fri, Nov 18, 2011 at 3:37 PM, Anne Wilson
> > > 
> > >  wrote:
> > > > My home LAN has a strange problem.  We use postfix on my IMAP
> 
> I doubt it is really strange, but at this point there is still not
> enough information.
> 
> > > > server to separate local mail from external mail.  The
> > > > transport hash is based on:
> > > > 
> > > > lydgate.net local:
> > > > .lydgate.netlocal:
> See postconf.5.html#parent_domain_matches_subdomains :: the pattern
> with the preceding dot is not going to be sought from this map.

It's clear that I am misunderstanding something.  However, removing those 
lines makes no difference, which is why I put them back.  However, I see no 
reason for them any more, so I've removed them again.

> Furthermore, with this domain in mydestination, the transport_maps
> listing is redundant.

Yet it clearly is working in the I can send a message to a...@lydgate.lan and 
it goes directly into my mail spool - the result I wanted.  If the transport 
map isn't doing that, what is?

> 
> > > > lydgate.lan local:
> > > > .lydgate.lanlocal:
> > > > *   smtp:[mailhost.zen.co.uk]
> 
> This entry is functionally equivalent to "relayhost".
> 
That sounds reasonable, since I don't run my own smtp but use my ISP's.

> > > > .*  smtp:[mailhost.zen.co.uk]
> 
> This pattern would never be sought under any circumstances.
> 
Ah yes - I remember now that I removed that some time past.  I obviously used 
an older backup that returned it.  I'll take it out.

> > > > I also host a small mailing list on Zen's servers, using the
> > > > email address creativestitch...@lydgate.org.
> > > > 
> > > > I receive the mail for the list, and also the owner messages,
> > > > but I cannot write to the list, except by using webmail.  The
> > > > problem appears to be that postfix thinks it is LAN traffic,
> > > > and can't find a user called creativestitching.
> 
> http://www.postfix.org/STANDARD_CONFIGURATION_README.html#some_local
> 
> > > > I assume that I have somehow triggered a catch-all, due to a
> > > > misunderstanding, so can someone please explain
> > > > 
> > > > a) Why is creativestitching mail thought to be local?
> 
> Is lydgate.org in mydestination? It's not in the mydestination you
> showed us below. We'd have to see *actual* logs, not a summary.
> 
OK - can we try some definitions to see where I have misunderstood?

What I want to achieve - any mail addressed to x...@lydgate.lan is put onto my 
IMAP server's mail spool for the person concerned.  Any mail other than 
addressed to x...@lydgate.lan should go to mailhost.zen.co.uk.

My laptops and desktops all are named something.lydgate.lan.  They are set to 
send all mail to 192.168.0.xx - the IMAP server, the one I am trying to re-
configure.

My external mail goes to my account on zen, some...@lydgate.org.  Lydgate.net 
is owned by me, but currently unused, so irrelevant to this problem.

In view of this, what should $myorigin and $mydestination be?


> > > > b) How can I correct it?
> 
> Ditto, unknown.
> 
> > > > c) Is there documentation that would explain this in more
> > > > detail?
> 
> http://www.postfix.org/BASIC_CONFIGURATION_README.html
> 
I try, I try, but man pages often only make sense *after* you have thoroughly 
understood the basics.  The man who helped me set up the original died last 
year, so I no longer can ask questions of him.

> > > We don't know your network topology; are "home LAN" and "my IMAP
> > > server" on the same network?
> > 
> > Sorry - obvious to me, but not to you :-)  Yes, they are on the
> > same network. Other background information that may be relevant is
> > that originally the LAN was called lydgate.net.  This is a second
> > domain that I have owned for some time, but not originally when I
> > set up the LAN.  At that time I didn't know that .net was a
> > possible tld.  When I changed from CentOS 5 to CentOS 6, being a
> > clean install, I decided that I ought to change the name to
> > lydgate.lan.  I did have some problems at first, and tweaked
> > main.cf to get things working again.  I assume that I have
> > introduced a problem that wasn't obvious until I needed to post to
> > creativestitching.
> > 
> > > Someone will likely spot something if you provide, minimally, the
> > > output of postconf -n and relevant log output.
> > 
> > It's so long since I had problems with postfix that I had forgotten
> > that. Output:
> > 
> > alias_database = hash:/etc/aliases
> > alias_maps = hash:/etc/aliases
> > command_directory = /usr/sbin
> > config_directory = /etc/postfix
> > daemon_directory = /usr/libexec/postfix
> > data_directory = /var/lib/postfix
> > debug_peer_level = 2
> > home_mailbox = Maildir/
> > html_directory = no
> > inet_interfaces = localhost
> > inet_protocols = all
> > mail_owner = postfix

Re: Strange transport problem

[/dev/rob0]

On Saturday 19 November 2011 04:21:21 Anne Wilson wrote:
> On Saturday 19 November 2011 08:51:16 Stefan wrote:
> > On Fri, Nov 18, 2011 at 3:37 PM, Anne Wilson
> >  wrote:
> > > My home LAN has a strange problem.  We use postfix on my IMAP

I doubt it is really strange, but at this point there is still not 
enough information.

> > > server to separate local mail from external mail.  The
> > > transport hash is based on:
> > > 
> > > lydgate.net local:
> > > .lydgate.netlocal:

See postconf.5.html#parent_domain_matches_subdomains :: the pattern 
with the preceding dot is not going to be sought from this map. 
Furthermore, with this domain in mydestination, the transport_maps 
listing is redundant.

> > > lydgate.lan local:
> > > .lydgate.lanlocal:
> > > *   smtp:[mailhost.zen.co.uk]

This entry is functionally equivalent to "relayhost".

> > > .*  smtp:[mailhost.zen.co.uk]

This pattern would never be sought under any circumstances.

> > > I also host a small mailing list on Zen's servers, using the
> > > email address creativestitch...@lydgate.org.
> > > 
> > > I receive the mail for the list, and also the owner messages,
> > > but I cannot write to the list, except by using webmail.  The
> > > problem appears to be that postfix thinks it is LAN traffic,
> > > and can't find a user called creativestitching.

http://www.postfix.org/STANDARD_CONFIGURATION_README.html#some_local

> > > I assume that I have somehow triggered a catch-all, due to a
> > > misunderstanding, so can someone please explain
> > > 
> > > a) Why is creativestitching mail thought to be local?

Is lydgate.org in mydestination? It's not in the mydestination you 
showed us below. We'd have to see *actual* logs, not a summary.

> > > b) How can I correct it?

Ditto, unknown.

> > > c) Is there documentation that would explain this in more
> > > detail?

http://www.postfix.org/BASIC_CONFIGURATION_README.html

> > We don't know your network topology; are "home LAN" and "my IMAP
> > server" on the same network?
> 
> Sorry - obvious to me, but not to you :-)  Yes, they are on the
> same network. Other background information that may be relevant is
> that originally the LAN was called lydgate.net.  This is a second
> domain that I have owned for some time, but not originally when I
> set up the LAN.  At that time I didn't know that .net was a
> possible tld.  When I changed from CentOS 5 to CentOS 6, being a
> clean install, I decided that I ought to change the name to
> lydgate.lan.  I did have some problems at first, and tweaked
> main.cf to get things working again.  I assume that I have
> introduced a problem that wasn't obvious until I needed to post to
> creativestitching.
> 
> > Someone will likely spot something if you provide, minimally, the
> > output of postconf -n and relevant log output.
> 
> It's so long since I had problems with postfix that I had forgotten
> that. Output:
> 
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> home_mailbox = Maildir/
> html_directory = no
> inet_interfaces = localhost
> inet_protocols = all
> mail_owner = postfix
> mail_spool_directory = /var/spool/mail
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> masquerade_domains = $mydomain
> mydestination = $myhostname, localhost.$mydomain, $mydomain,
> lydgate.lan
> mydomain = lydgate.net

.net != .org of course. This shows lydgate.net in mydestination, but 
not lydgate.org.

> myhostname = tosh.lydgate.net
> mynetworks = 192.168.0.0/28, 127.0.0.0/8
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.7.3/README_FILES
> relayhost = [192.168.0.40]
> sample_directory = /usr/share/doc/postfix-2.7.3/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> unknown_local_recipient_reject_code = 550

And here we see that my dissertation on transport_maps above was not 
relevant, because you have not set that. A typo in main.cf, or did you 
just assume that /etc/postfix/transport had a special meaning? With no 
transport_maps set, your aforementioned hash is ignored, and relayhost 
is used. postconf.5.html#transport_maps

> > http://www.postfix.org/DEBUG_README.html#mail

-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: aliases

[Claudio Kuenzler]

You've launched the command 'newaliases' (or equivalent) after you edited
/etc/aliases, did you?

On Sat, Nov 19, 2011 at 7:19 AM, Patrick Ben Koetter 
wrote:

> * peng...@sepserver.net :
> > I have in my /etc/aliases the text "postmaster: root". I sent an email to
> > postmas...@mydomain.com. I checked the log files of the server but do
> not
> > see any indication of any email being received. Would there be a log of
> > mail reveived in mail.log? I checked /root/Mail and the directory is
> > empty.
> > I checked /var/mail/ which is also empty. Where could my mail have gone?
>
> Help us help you. Provide DEBUG information as requested by
> http://www.postfix.org/DEBUG_README.html#mail.
>
> Besides: Something's wrong with your DKIM signer:
>
> Authentication-Results: mail.state-of-mind.de (amavisd-new);
> dkim=softfail (invalid, public key: not available) header.i=@sepserver.net
>
> p@rick
>
> --
> All technical questions asked privately will be automatically answered on
> the
> list and archived for public access unless privacy is explicitely required
> and
> justified.
>
> saslfinger (debugging SMTP AUTH):
> 
>

Re: rambo

[Jerry]

On Sat, 19 Nov 2011 10:38:20 +0100
Patrick Ben Koetter articulated:

> * Tõnu Samuel :
> > On Sat, 2011-11-19 at 00:23 +, peng...@sepserver.net wrote:
> > > Pasted at the bottom of my message is my telnet session. Where is
> > > my mail? It is not in /var/mail nor is it in /root/Mail. It was
> > > supposed to have been delivered yet I do not see it. Is this
> > > maybe because I am using courier?
> > 
> > Completely on different topic. Just this message subject was
> > something made me half way to press "Junk" button on mail client.
> > 
> > I know this caused already flamewars 10 years ago but I think would
> > be good to tune this list to use list name in subject like most
> > lists do. This reduces change of being falsely identified as spam
> > and reported to spamcop.
> 
> Modifying the subject (and adding a footer) tends to break DKIM
> signatures.

There are many varied thoughts on how to deliver "list mail".
Personally, I would like to see "List-Id:" used in the mail headers;
however, all of that is really OT. Giving your post a "good" subject
line would be a desirable concept though.

-- 
Jerry ✌
postfix-u...@seibercom.net
_
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Re: Rewriting question

[Claudio Kuenzler]

I'd be strongly against the removal of these parameters. In an installation
I once had to make I was absolutely dependent on the sender_canonical_maps
due to a one-way rewrite:

Quote from documentation:
Example: you want to rewrite the SENDER address "user@ugly.domain" to
"user@pretty.domain", while still being able to send mail to the RECIPIENT
address "user@ugly.domain".

smtp_generic_maps didn't work in that particular case because this setting
rewrites the e-mail address for ANY remote host, in my example this was the
local Exchange server. So the rewritten addresses were logically not
accepted by the Exchange server.
For special cases like this the sender_canonical_maps is the perfect
solution.


On Fri, Nov 18, 2011 at 6:01 PM, Viktor Dukhovni  wrote:

> On Fri, Nov 18, 2011 at 08:30:37AM +0100, Claudio Kuenzler wrote:
>
> > Victor, take a look at my e-mail sent 3 days ago in the same thread. I
> > already mentioned the smtp_generic_maps there (order before canonical).
>
> Regardless of past thread history, advice to use wildcard canonical
> mappings on internet-facing Postfix servers is still bad.
>
> Likewise, one should avoid sender_canonical_maps and
> recipient_canonical_maps. If it were not an incompatible change,
> I'd suggest we should remove these parameters from Postfix.
>
> --
>Viktor.
>

Re: Strange transport problem

[Anne Wilson]

On Saturday 19 November 2011 10:20:16 Anne Wilson wrote:
> service postfix status
> postfix.service - LSB: start and stop postfix
>   Loaded: loaded (/etc/rc.d/init.d/postfix)
>   Active: active (running) since Mon, 14 Nov 2011 13:44:11 +;
> 4  days ago
>  Process: 1202 ExecStart=/etc/rc.d/init.d/postfix start
> (code=exited,  status=0/SUCCESS)
>   CGroup: name=systemd:/system/postfix.service
>   ├ 1290 /usr/libexec/postfix/master
>   ├ 1296 qmgr -l -t fifo -u
>   └ 7298 pickup -l -t fifo -u

Sorry, that was on the local machine.  This from the server:

service postfix status
master (pid  21297) is running...

Anne

Re: Strange transport problem

[Anne Wilson]

On Saturday 19 November 2011 08:51:16 you wrote:
> On Fri, Nov 18, 2011 at 3:37 PM, Anne Wilson  
wrote:
> > My home LAN has a strange problem.  We use postfix on my IMAP server to
> > separate local mail from external mail.  The transport hash is based on:
> > 
> > lydgate.net local:
> > .lydgate.netlocal:
> > lydgate.lan local:
> > .lydgate.lanlocal:
> > *   smtp:[mailhost.zen.co.uk]
> > .*  smtp:[mailhost.zen.co.uk]
> > 
> > I also host a small mailing list on Zen's servers, using the email
> > address creativestitch...@lydgate.org.
> > 
> > I receive the mail for the list, and also the owner messages, but I
> > cannot write to the list, except by using webmail.  The problem appears
> > to be that postfix thinks it is LAN traffic, and can't find a user
> > called creativestitching.
> > 
> > I assume that I have somehow triggered a catch-all, due to a mis-
> > understanding, so can someone please explain
> > 
> > a) Why is creativestitching mail thought to be local?
> > 
> > b) How can I correct it?
> > 
> > c) Is there documentation that would explain this in more detail?
> 
> We don't know your network topology; are "home LAN" and "my IMAP
> server" on the same network?
> 
Sorry - obvious to me, but not to you :-)  Yes, they are on the same network.  
Other background information that may be relevant is that originally the LAN 
was called lydgate.net.  This is a second domain that I have owned for some 
time, but not originally when I set up the LAN.  At that time I didn't know 
that .net was a possible tld.  When I changed from CentOS 5 to CentOS 6, being 
a clean install, I decided that I ought to change the name to lydgate.lan.  I 
did have some problems at first, and tweaked main.cf to get things working 
again.  I assume that I have introduced a problem that wasn't obvious until I 
needed to post to creativestitching.

> Someone will likely spot something if you provide, minimally, the
> output of postconf -n and relevant log output.
> 
It's so long since I had problems with postfix that I had forgotten that.  
Output:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = localhost
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
masquerade_domains = $mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain, lydgate.lan
mydomain = lydgate.net
myhostname = tosh.lydgate.net
mynetworks = 192.168.0.0/28, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.7.3/README_FILES
relayhost = [192.168.0.40]
sample_directory = /usr/share/doc/postfix-2.7.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550

> http://www.postfix.org/DEBUG_README.html#mail
> 
Thanks

Anne

Re: Strange transport problem

[Anne Wilson]

On Saturday 19 November 2011 08:51:16 you wrote:
>  and relevant log output.

After I sent the other info I realised I hadn't done this part.  Shock! 
/var/log/maillog has no entry since last Monday.  Looking back to Logwatch 
covering Monday, I see

- Postfix Begin  

9   Miscellaneous warnings 
 
1.841M  Bytes accepted 1,930,000
1.841M  Bytes delivered1,930,000
    
 
  200   Accepted  93.46%
   14   Rejected   6.54%
    
  214   Total100.00%
    
 
   14   Reject unknown user  100.00%
    
   14   Total Rejects100.00%
    
 
  160   Connections made  
5   Connections lost  
  160   Disconnections
  202   Removed from queue
  140   Delivered 
   61   Sent via SMTP 
1   Forwarded 
2   Resent
 
3   Postfix start 
3   Postfix stop  
1   Postfix waiting to terminate 
 
 
 -- Postfix End - 

I assume that the 14 rejects are my attempts to get creativestitching's 
message out, as also is the restarting of postfix, but what about that "waiting 
to terminate"?  I don't recall seeing that before.

service postfix status
postfix.service - LSB: start and stop postfix
  Loaded: loaded (/etc/rc.d/init.d/postfix)
  Active: active (running) since Mon, 14 Nov 2011 13:44:11 +; 4 
days ago
 Process: 1202 ExecStart=/etc/rc.d/init.d/postfix start (code=exited, 
status=0/SUCCESS)
  CGroup: name=systemd:/system/postfix.service
  ├ 1290 /usr/libexec/postfix/master
  ├ 1296 qmgr -l -t fifo -u
  └ 7298 pickup -l -t fifo -u

Anne

Re: rambo

[Patrick Ben Koetter]

* Tõnu Samuel :
> On Sat, 2011-11-19 at 00:23 +, peng...@sepserver.net wrote:
> > Pasted at the bottom of my message is my telnet session. Where is my mail?
> > It is not in /var/mail nor is it in /root/Mail. It was supposed to have
> > been delivered yet I do not see it. Is this maybe because I am using
> > courier?
> 
> Completely on different topic. Just this message subject was something
> made me half way to press "Junk" button on mail client.
> 
> I know this caused already flamewars 10 years ago but I think would be
> good to tune this list to use list name in subject like most lists do.
> This reduces change of being falsely identified as spam and reported to
> spamcop.

Modifying the subject (and adding a footer) tends to break DKIM signatures.

p@rick

-- 
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):

Re: rambo

[Tõnu Samuel]

On Sat, 2011-11-19 at 00:23 +, peng...@sepserver.net wrote:
> Pasted at the bottom of my message is my telnet session. Where is my mail?
> It is not in /var/mail nor is it in /root/Mail. It was supposed to have
> been delivered yet I do not see it. Is this maybe because I am using
> courier?

Completely on different topic. Just this message subject was something
made me half way to press "Junk" button on mail client.

I know this caused already flamewars 10 years ago but I think would be
good to tune this list to use list name in subject like most lists do.
This reduces change of being falsely identified as spam and reported to
spamcop.

Just opinion.

  Tõnu

Re: Strange transport problem

[Stefan Caunter]

On Fri, Nov 18, 2011 at 3:37 PM, Anne Wilson  wrote:
> My home LAN has a strange problem.  We use postfix on my IMAP server to
> separate local mail from external mail.  The transport hash is based on:
>
> lydgate.net     local:
> .lydgate.net    local:
> lydgate.lan     local:
> .lydgate.lan    local:
> *       smtp:[mailhost.zen.co.uk]
> .*      smtp:[mailhost.zen.co.uk]
>
> I also host a small mailing list on Zen's servers, using the email address
> creativestitch...@lydgate.org.
>
> I receive the mail for the list, and also the owner messages, but I cannot
> write to the list, except by using webmail.  The problem appears to be that
> postfix thinks it is LAN traffic, and can't find a user called 
> creativestitching.
>
> I assume that I have somehow triggered a catch-all, due to a mis-
> understanding, so can someone please explain
>
> a) Why is creativestitching mail thought to be local?
>
> b) How can I correct it?
>
> c) Is there documentation that would explain this in more detail?

We don't know your network topology; are "home LAN" and "my IMAP
server" on the same network?

Someone will likely spot something if you provide, minimally, the
output of postconf -n and relevant log output.

http://www.postfix.org/DEBUG_README.html#mail

Stefan