Re: Using postfix w/ mimedefang's Unix socket
Philip Prindeville: Dec 2 20:32:54 localhost postfix/smtpd[9440]: warning: connect to Milter service unix:/var/spool/MIMEDefang/mimedefang.sock: Permission denied Does the error go away if you turn off SeLinux? Wietse
Re: Using postfix w/ mimedefang's Unix socket
Philip Prindeville: I'm just wondering why the socket can't be opened before the set_ugid() drops the additional groups. smtpd(8) does not use set_ugid(), and it does not drop auxiliary group. Wietse
Re: Low Budget Backups
Jim Seymour: On Fri, 2 Dec 2011 21:52:54 -0800 (PST) email builder emailbuilde...@yahoo.com wrote: [snip] As know one seems to have any other ideas, looks like it has to be some rsynch variant using whatever cheap remote storage I can find. Seems kind of OT for this list, but since nobody else seems to object... Two questions: Does it need to be remote, and why just the mail spool? Why not the entire machine? I'm currently backing up my machine at home to a WD My Passport USB drive, doing a monthly full and nightly differential, using a script that employs rsync. Each backup set looks like a full backup. Works like a champ. I'm going to use the same script on the new mailserver I'm building at work. I have two drives, which I swap once-a-month. The out-of-service drive goes in the safe. At work I'll probably do three or four, with at least one in the bank safety deposit vault. With the home domain, I use rsync for daily backups, and whole system dump to USB drive for (PGP-encrypted) off-site backup. Wietse
Re: Dead Destination configuration
I guess Mark does have some experience with TS01 defers of Yahoo. Can anyone confirm for upto how long does Yahoo accept the mails, after we stop it for 4 hours. I mean is it worth stopping delivery for 4 hours, and gathering those mails? If so, I could on the path Wietse is suggesting, of tailing the maillog, and making suitable changes. Guys, hasn't anyone faced these issues from Yahoo, or Rediff or Hotmail?? If yes, please give your suggestions, share your experience about how you went about those issues. On Fri, Dec 2, 2011 at 8:27 PM, Wietse Venema wie...@porcupine.org wrote: Mark Goodge: I've seen no evidence that this interpretation is correct. On what basis do you assert that this is Yahoo's policy? Experience, mostly. I've found that ceasing retry attempts for four hours, then restarting, typically results in the queue clearing as fast as you can send the emails without any further errors being generated. This could be automated outside of Postfix by tailing the maillog file and updating the defer_transports setting (see Victor's post). It requires a postfix reload command to restart the queue manager. Wietse
Re: Dead Destination configuration
Also, Yahoo atleast wants us to follow some policy, Rediff/Hotmail won't let us know what to do when sending mails... They just like to defer mails. For maximum 5k mails daily to each destination, I see 40-50k deferred attempts in the logs. Precious time and connections are lost in such attempts. Is it only me facing such issues, are there other people facing these?? On Sat, Dec 3, 2011 at 9:13 PM, DN Singh dnsingh@gmail.com wrote: I guess Mark does have some experience with TS01 defers of Yahoo. Can anyone confirm for upto how long does Yahoo accept the mails, after we stop it for 4 hours. I mean is it worth stopping delivery for 4 hours, and gathering those mails? If so, I could on the path Wietse is suggesting, of tailing the maillog, and making suitable changes. Guys, hasn't anyone faced these issues from Yahoo, or Rediff or Hotmail?? If yes, please give your suggestions, share your experience about how you went about those issues. On Fri, Dec 2, 2011 at 8:27 PM, Wietse Venema wie...@porcupine.orgwrote: Mark Goodge: I've seen no evidence that this interpretation is correct. On what basis do you assert that this is Yahoo's policy? Experience, mostly. I've found that ceasing retry attempts for four hours, then restarting, typically results in the queue clearing as fast as you can send the emails without any further errors being generated. This could be automated outside of Postfix by tailing the maillog file and updating the defer_transports setting (see Victor's post). It requires a postfix reload command to restart the queue manager. Wietse
Re: Dead Destination configuration
Am 03.12.2011 16:43, schrieb DN Singh: I guess Mark does have some experience with TS01 defers of Yahoo. Can anyone confirm for upto how long does Yahoo accept the mails, after we stop it for 4 hours. I mean is it worth stopping delivery for 4 hours, and gathering those mails? If so, I could on the path Wietse is suggesting, of tailing the maillog, and making suitable changes. Guys, hasn't anyone faced these issues from Yahoo, or Rediff or Hotmail?? If yes, please give your suggestions, share your experience about how you went about those issues. On Fri, Dec 2, 2011 at 8:27 PM, Wietse Venema wie...@porcupine.org mailto:wie...@porcupine.org wrote: Mark Goodge: I've seen no evidence that this interpretation is correct. On what basis do you assert that this is Yahoo's policy? Experience, mostly. I've found that ceasing retry attempts for four hours, then restarting, typically results in the queue clearing as fast as you can send the emails without any further errors being generated. This could be automated outside of Postfix by tailing the maillog file and updating the defer_transports setting (see Victor's post). It requires a postfix reload command to restart the queue manager. Wietse i use dkim and spf and a slow transport, and use whitelist features by big mailers if exist. i also noticed that sometimes it takes a few days if you use a brand new ip to deliver out until good reputation for this ip is accepted, thats all and it works, no need for further specials ( until general recommends for setting matching ptr records etc ) but in the past yahoo had unknown problems anyway, so i keep monitoring this, but it always went away after some time, so watching logs is daily work, but sometimes there is less you can do to fast deliver out we also send mass mails without problems this way but you always have to have an eye on it -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: Dead Destination configuration
On Friday 02 December 2011 08:23:53 Mark Goodge wrote: To be more specific, Yahoo's code TS01 doesn't mean You are sending us too much email and we want you to slow down. It means We think you might be a spammer, so we are setting you a simple test of whether you can follow instructions. If you pass the test, then when you restart sending then you'll be able to get everything through - it won't be rate-limited by Yahoo. I don't know what their TS01 means, but I do know that it does not mean what they say it does. I have seen it on my small site before, where I am reasonably certain that we could have caused no user complaints. At the time it was a participatory mailing list much like this one, with seven Y! subscribers. I did nothing and the mail eventually was delivered. Nowadays (after having been listed at DNSWL.org awhile, which might have helped) our Yahoo mail is delivered along with all the rest of it. If the OP's site is cranking out enough bulk mail such as to create a logjam and eventual bounces, that site needs to sign up for feedback loops, as suggested upthread. Legitimate bulk mail sending is a big chore. Consider that ESPs actually earn their money. Sometimes doing things in-house is more expensive than outsourcing. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: Low Budget Backups
Sent from my Blackberry On Dec 3, 2011 9:59 AM, Wietse Venema wie...@porcupine.org wrote: Jim Seymour: On Fri, 2 Dec 2011 21:52:54 -0800 (PST) email builder emailbuilde...@yahoo.com wrote: [snip] As know one seems to have any other ideas, looks like it has to be some rsynch variant using whatever cheap remote storage I can find. Seems kind of OT for this list, but since nobody else seems to object... Two questions: Does it need to be remote, and why just the mail spool? Why not the entire machine? I'm currently backing up my machine at home to a WD My Passport USB drive, doing a monthly full and nightly differential, using a script that employs rsync. Each backup set looks like a full backup. Works like a champ. I'm going to use the same script on the new mailserver I'm building at work. I have two drives, which I swap once-a-month. The out-of-service drive goes in the safe. At work I'll probably do three or four, with at least one in the bank safety deposit vault. With the home domain, I use rsync for daily backups, and whole system dump to USB drive for (PGP-encrypted) off-site backup. Wietse I myself use a dockstar running openwrt and a 2TB WD drive as linux/unix and time machine backup.
Rewriting FROM, TO and CC
Hello, I would like to rewrite FROM and CC headers. There is an application that connects to a postfix smtp server and it sends an e-mail like this: FROM: user1@domain TO: user2@domain;user3@domain And that e-mail is relayed to another e-mail server. I would like the relayed e-mail to be something like: FROM: genericuser@domain TO: user2@domain;user3@domain CC: user1@domain Changing the FROM field is an easy task, but I don't know how to add user1@domain as a CC (It is a must to be CC, BCC is not an option) Thank you very much. Regards.
Re: Rewriting FROM, TO and CC
Am 03.12.2011 20:24, schrieb Ignacio: Hello, I would like to rewrite FROM and CC headers. There is an application that connects to a postfix smtp server and it sends an e-mail like this: FROM: user1@domain TO: user2@domain;user3@domain And that e-mail is relayed to another e-mail server. I would like the relayed e-mail to be something like: FROM: genericuser@domain TO: user2@domain;user3@domain CC: user1@domain Changing the FROM field is an easy task, but I don't know how to add user1@domain as a CC (It is a must to be CC, BCC is not an option) fix the application! a MTA is not supposed to manipulate messages in any way signature.asc Description: OpenPGP digital signature
Re: Rewriting FROM, TO and CC
Thank you very much Reindl. Do you know any application to achieve that? I don't have any clue right now. On Sat, Dec 3, 2011 at 8:30 PM, Reindl Harald h.rei...@thelounge.netwrote: Am 03.12.2011 20:24, schrieb Ignacio: Hello, I would like to rewrite FROM and CC headers. There is an application that connects to a postfix smtp server and it sends an e-mail like this: FROM: user1@domain TO: user2@domain;user3@domain And that e-mail is relayed to another e-mail server. I would like the relayed e-mail to be something like: FROM: genericuser@domain TO: user2@domain;user3@domain CC: user1@domain Changing the FROM field is an easy task, but I don't know how to add user1@domain as a CC (It is a must to be CC, BCC is not an option) fix the application! a MTA is not supposed to manipulate messages in any way
Re: Rewriting FROM, TO and CC
There is an application that connects to a postfix smtp server and it sends an e-mail like this this application has to be fixed CC/FROM are simply HEADERS postfix is not interested in headers and please do NOT top-post if the reply was bottom because this thread is simply unreadable, independent if i answer top or bottom Am 03.12.2011 21:20, schrieb Ignacio: Thank you very much Reindl. Do you know any application to achieve that? I don't have any clue right now. On Sat, Dec 3, 2011 at 8:30 PM, Reindl Harald h.rei...@thelounge.net mailto:h.rei...@thelounge.net wrote: Am 03.12.2011 20:24, schrieb Ignacio: Hello, I would like to rewrite FROM and CC headers. There is an application that connects to a postfix smtp server and it sends an e-mail like this: FROM: user1@domain TO: user2@domain;user3@domain And that e-mail is relayed to another e-mail server. I would like the relayed e-mail to be something like: FROM: genericuser@domain TO: user2@domain;user3@domain CC: user1@domain Changing the FROM field is an easy task, but I don't know how to add user1@domain as a CC (It is a must to be CC, BCC is not an option) fix the application! a MTA is not supposed to manipulate messages in any way -- Mit besten Grüßen, Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofmühlgasse 17 CTO / software-development / cms-solutions p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40 icq: 154546673, http://www.thelounge.net/ http://www.thelounge.net/signature.asc.what.htm signature.asc Description: OpenPGP digital signature
Re: Using postfix w/ mimedefang's Unix socket
On 12/3/11 7:15 AM, Wietse Venema wrote: Philip Prindeville: Dec 2 20:32:54 localhost postfix/smtpd[9440]: warning: connect to Milter service unix:/var/spool/MIMEDefang/mimedefang.sock: Permission denied Does the error go away if you turn off SeLinux? Wietse Could have sworn this SElinux issue was fixed a couple of years ago... it either regressed or the patch never made it downstream from Fedora to Centos. It goes away if I patch Mimedefang to fchmod() the UNIX socket to 0660, and put the postfix in the defang group, and add the following policy: module postfix 1.0; require { type postfix_smtpd_t; type spamd_var_run_t; class dir search; } #= postfix_smtpd_t == allow postfix_smtpd_t spamd_var_run_t:dir search; Bugs (with fixes) have been filed against both issues. -Philip
Re: Rewriting FROM, TO and CC
On Saturday 03 December 2011 13:24:30 Ignacio wrote: I would like to rewrite FROM and CC headers. There is an application that connects to a postfix smtp server and it sends an e-mail like this: FROM: user1@domain TO: user2@domain;user3@domain And that e-mail is relayed to another e-mail server. I would like the relayed e-mail to be something like: FROM: genericuser@domain TO: user2@domain;user3@domain CC: user1@domain Changing the FROM field is an easy task, but I don't know how to add user1@domain as a CC (It is a must to be CC, BCC is not an option) What you are asking is relatively easy, using header_checks(5). You match the To: or From: or other header as added by the broken mail application, then PREPEND Cc: user1@domain. However, what you are asking, and what you probably want, are not the same thing. Adding a Cc: header does not add a recipient. To do that you would have to do something else, such as: always_bcc, (recipient| sender)_bcc_maps, or virtual_alias_maps. We don't know enough about the problem to advise you further. Well, the best advice was already given: fix the application. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: Low Budget Backups
As know one seems to have any other ideas, looks like it has to be some rsynch variant using whatever cheap remote storage I can find. Seems kind of OT for this list, but since nobody else seems to object... Two questions: Does it need to be remote, and why just the mail spool? Why not the entire machine? I'm currently backing up my machine at home to a WD My Passport USB drive, doing a monthly full and nightly differential, using a script that employs rsync. Each backup set looks like a full backup. Works like a champ. I'm going to use the same script on the new mailserver I'm building at work. I have two drives, which I swap once-a-month. The out-of-service drive goes in the safe. At work I'll probably do three or four, with at least one in the bank safety deposit vault. OK, rsync it is. Can you restore a system crash with a simple rsync backed set of duplicate files? And yes, sorry to the list about the OT topic Applies much appreciated.
Re: Low Budget Backups
I'm currently backing up my machine at home to a WD My Passport USB drive, doing a monthly full and nightly differential, using a script that employs rsync. Each backup set looks like a full backup. Works like a champ. I'm going to use the same script on the new mailserver I'm building at work. I have two drives, which I swap once-a-month. The out-of-service drive goes in the safe. At work I'll probably do three or four, with at least one in the bank safety deposit vault. With the home domain, I use rsync for daily backups, and whole system dump to USB drive for (PGP-encrypted) off-site backup. I myself use a dockstar running openwrt and a 2TB WD drive as linux/unix and time machine backup. Cool, never heard of Dockstar before. Thanks for the hint. Does using Openwrt with it help you use its network features without having to pay their subscription and route all your access through their servers?