Re: Avoiding "Domain not found" errors
Am 08.02.2012 07:06, schrieb N. Yaakov Ziskind: > DN Singh wrote (on Wed, Feb 08, 2012 at 10:50:50AM +0530): >> The setting can be changed in the parameter "smtpd_sender_restrictions" >> reject_unknown_sender_domain, if it is necessary. > > That would let in *all* mail from nonexistent domains, which I was > hoping to avoid. so what do you want? let them in or reject them >> Postfix looks up the the domain, and if it does not find any info, it >> rejects the mail. >> Anyways, the domain in the mail is indeed non-existent. > > But it's a subdomain of a valid domain, and it's a useful email .. > What's the easiest way to let this email from this one sender through? fix the dns of the sending domain postfix is not interested in the "main-domain" as most software is not you can simply no decide what is the main domain "yourdomain.at" "yourdomain.co.at" with your logic you would let in all from ".co.at"? have fun with that! signature.asc Description: OpenPGP digital signature
Re: selecting outbound IP
I read the details of the multiple instance support but it's not clear to me how I can use it to achieve my goal. Do anyone have similar setup and share your configuration here? Many Thanks, - Joe On Tue, Feb 7, 2012 at 11:01 PM, Joe Wong wrote: > Thanks Reindl. > > On Tue, Feb 7, 2012 at 10:33 PM, Reindl Harald wrote: >> http://www.postfix.org/MULTI_INSTANCE_README.html >> but never used because no need >> >> "smtp_bind_address" is here only in use to make sure >> that outgoing mail is using the ip matching SPF >> >> Am 07.02.2012 15:19, schrieb Joe Wong: >>> Thanks for the reference. How could this be used with some condition? >>> I am looking for binding sender domain A with IP 1 and domain B go >>> through IP 2, go to IP3 otherwise. >>> >>> - Joe >>> >>> On Tue, Feb 7, 2012 at 8:00 PM, Wietse Venema wrote: Reindl Harald: > Am 07.02.2012 09:53, schrieb Joe Wong: >> Hello, >> >> Say my MTA has multiple IP addresses on it. Is there a way to >> configure Postfix (outbound) to use IP 1 when matching condition A and >> IP2 if matching condition B and IP3 and none of the conditions are >> matched? > > you can define "smtp_bind_address" for each outgoing process > defined in "master.cf" > > cat /etc/postfix/master.cf | grep smtp_bind > smtp unix - - n - 50 smtp -o > smtp_bind_address=10.0.0.6 -o max_idle=300 -o > max_use=500 > relay unix - - n - - smtp -o > smtp_bind_address=10.0.0.6 -o max_idle=300 -o > max_use=500 -o smtp_fallback_relay= If you do this on a firewall, then be sure to read the Postfix manpage for smtp_bind_address and inet_interfaces, to avoid some common pitfalls with routing. http://www.postfix.org/postconf.5.html#smtp_bind_address http://www.postfix.org/postconf.5.html#inet_interfaces Wietse >> >> -- >> >> Mit besten Grüßen, Reindl Harald >> the lounge interactive design GmbH >> A-1060 Vienna, Hofmühlgasse 17 >> CTO / software-development / cms-solutions >> p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40 >> icq: 154546673, http://www.thelounge.net/ >> >> http://www.thelounge.net/signature.asc.what.htm >>
Database import of user-submitted mail
Hello list, my apologies in advance for the almost OT question. I need to setup a mail server that does a particular thing: it receives mail (from user SMTP submission, not as final destination) and, instead of relay, "does something" that ends up in having the mail (body + headers + attachments) in a mysql table. The ideal thing would be some mta that keeps the mail spool directly on a database backend; knowing that this is generally unwanted because of performance and reliability issues (and thus, rightfully, never implemented, specially in Postfix), I'm trying to figure out a way to get the same result. Note: strict realtime is NOT a requirement (I'm allowed to do some sort of processing between mail arriving and its insertion in the database). After a couple of days of brainstorming, I came to a conclusion that relies on Postfix and on some coding: using the after-queue filtering capabilities of Postfix, I would first dump the mail (flat file) in a directory (with a slightly modified version of this bash script: http://www.postfix.org/FILTER_README.html#simple_filter); then, using a cronjob scheduled every, let's say, 5 minutes, invoke some (php? ruby? perl?) script that does the batch import task "out of band" and removes the dump file. I think that this "decouple" thing should give robustness to the whole process, providing small and single-task scripts for dump and import phases; it should be the "unix way" of doing things right :) How would you accomplish the task? Can you think of some better solution? Please correct me if I'm wrong in something. Thank you! Fabio
Re: Installing Postfix and Dovecot on CentOS6
Hi all, Thanks for the help. I've discovered that I was missing some details in SELinux (Using CentOS6) [code] wget linuxmail.info/files/rhel6/postfixdovecotsasl.te checkmodule -M -m -o postfixdovecotsasl.mod postfixdovecotsasl.te semodule_package -o postfixdovecotsasl.pp -m postfixdovecotsasl.mod semodule -i postfixdovecotsasl.pp [/code] Now it is working. Thanks for all the help. Best Regards, On Tue, Feb 7, 2012 at 9:50 PM, Reindl Harald wrote: > > > Am 07.02.2012 22:43, schrieb Andre Lopes: >> Hi all, >> >> Thanks for the replies, >> >> I'm using this tutorial for sasl configuration, >> http://www.server-world.info/en/note?os=CentOS_6&p=mail&f=2 >> >> There is something wrong here? Better... there is something missing here? >> Best Regards > > do not take a ready hwoto and try making this 1:1 like it > and most important - read the logs you post, try google > after them and read how other solved the same and what > comments they made, this helps to understand the big picture > > try to learn how the things are working, what services are running > in a mail-system, how they work together and do this step by step > > if not you will be lost sooner or later, at least if the first > real problem in production happens >
Re: Database import of user-submitted mail
On 08/02/2012 10:19, Fabio Sangiovanni wrote: > it receives mail (from user SMTP submission, not as final destination) and, > instead of relay, "does something" that ends up in having the mail (body + > headers + attachments) in a mysql table You can write a custom 'deliver' that copies your emails into a different storage (es. mysql), or use dbmail. -- Simone Caruso IT Consultant +39 349 65 90 805
Re: Avoiding "Domain not found" errors
On Wed, Feb 08, 2012 at 01:06:44AM -0500, N. Yaakov Ziskind wrote: > DN Singh wrote (on Wed, Feb 08, 2012 at 10:50:50AM +0530): > > The setting can be changed in the parameter > > "smtpd_sender_restrictions" reject_unknown_sender_domain, > > if it is necessary. > > That would let in *all* mail from nonexistent domains, which > I was hoping to avoid. > > > Postfix looks up the the domain, and if it does not find > > any info, it rejects the mail. > > Anyways, the domain in the mail is indeed non-existent. > > But it's a subdomain of a valid domain, and it's a useful > email .. What's the easiest way to let this email from this > one sender through? DN Singh was guessing about smtpd_sender_restrictions, but indeed this is a case when you would need another restriction stage. If your reject_unknown_sender_domain check was being done in smtpd_recipient_restrictions, move it to smtpd_sender_restrictions. Remove it from all other restriction stages. Precede that check with a check_client_access lookup: 38.119.130.7OK or, less safe, a check_sender_access lookup: vps.jewishwomansonlinecalendar.com OK Salt to taste, enjoy. > > On Wed, Feb 8, 2012 at 9:45 AM, N. Yaakov Ziskind > > wrote: > > > > > A particular mailer, slightly broken, cannot send mail to a > > > postfix (2.7.0) box: > > > > > > Feb 5 08:51:16 pizza postfix/smtpd[30453]: NOQUEUE: reject: > > > RCPT from chocolate.egps.com[38.119.130.7]: 450 4.1.8 > > > : Sender address > > > rejected: i Domain not found; > > > from= > > > to= proto=ESMTP > > > helo= > > > > > > Where the sample@domain.example is a valid address on the > > > local machine. > > > > > > What's the easiest to let this mail through? I tried adding > > > the domain to /var/spool/postfix/etc/hosts, and it didn't > > > help. http://www.postfix.org/SMTPD_ACCESS_README.html -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Implement SMTP Auth in a non-disruptive way?
Hallo, So far I have not implemented SMTP Auth for various reasons (on of them was the fact that I had no Postfix installed). Anyway, I would like to implement it, but since I have a relatively large base (>200K emails), I would like to do it in a non-disruptive way. I was thinking to implement something like a "bounce" message for each outgoing mail without authentication. That message will not stop the delivery of the email, but it will, simply, inform unauthenticated users about the fact that in a few days they will be forced to do so. When D-day comes, I would like to return to unauthenticated users a custom DSN, not the build-in error. Is there any way to do it? If not, is there any other way to do it? B/R P.
Re: Implement SMTP Auth in a non-disruptive way?
Am 08.02.2012 14:57, schrieb Peter Tselios: > Hallo, > > So far I have not implemented SMTP Auth for various reasons (on of them was > the fact that I had no Postfix installed). Anyway, I would like to implement > it, but since I have a relatively large base (>200K emails), I would like to > do it in a non-disruptive way. I was thinking to implement something like a > "bounce" message for each outgoing mail without authentication. That message > will not stop the delivery of the email, but it will, simply, inform > unauthenticated users about the fact that in a few days they will be forced > to do so. > When D-day comes, I would like to return to unauthenticated users a custom > DSN, not the build-in error. > > Is there any way to do it? If not, is there any other way to do it? this is not possible postfix has SASL active or not postfix rejectes a message or not and no, it makes no sense "a custom DSN, not the build-in error" because you have to reject a message that you will not accept how have this worked before? all users from machines in "mynetworks" if not you have a open relay if the machine is connected to the internet signature.asc Description: OpenPGP digital signature
Re: Database import of user-submitted mail
Hi, thank you for your reply. The point here is that I don't want to store messages that I receive as final destination, but those that, in a "normal" situation, I would act as a relay for. My scenario is the following: internet -> mta for user submission (smtp) -> sql backend The mta isn't configured to be the final destination for the messages: it's intended to accept mail (of course with authentication) and to store it in a sql backend instead of contacting remote MXs. Ideally, I would need an "SMTP to DB" converter, something more similar to a spool storage on database. Thanks again, Fabio Il giorno 08/feb/2012, alle ore 12:52, Simone Caruso ha scritto: > On 08/02/2012 10:19, Fabio Sangiovanni wrote: >> it receives mail (from user SMTP submission, not as final destination) and, >> instead of relay, "does something" that ends up in having the mail (body + >> headers + attachments) in a mysql table > > You can write a custom 'deliver' that copies your emails into a different > storage (es. mysql), or use dbmail. > > -- > Simone Caruso > IT Consultant > +39 349 65 90 805 >
Re: Implement SMTP Auth in a non-disruptive way?
On Wed, 8 Feb 2012, Peter Tselios wrote: So far I have not implemented SMTP Auth for various reasons (on of them was the fact that I had no Postfix installed). Anyway, I would like to implement it, but since I have a relatively large base (>200K emails), I would like to do it in a non-disruptive way. I was thinking to implement something like a "bounce" message for each outgoing mail without authentication. That message will not stop the delivery of the email, but it will, simply, inform unauthenticated users about the fact that in a few days they will be forced to do so. When D-day comes, I would like to return to unauthenticated users a custom DSN, not the build-in error. Is there any way to do it? If not, is there any other way to do it? I this is a good spot for the standard response of "please don't tell us what your proposed solution is, please tell us what is the problem you are trying to solve". In other words, why do you suddenly need SMTP AUTH (and I'm assuming here you want it even for clients in $mynetworks) and what is the problem you think making it required will solve? -- Larry Stone lston...@stonejongleux.com
Upgrade from 2.3.3 to 2.9
Wondering if anyone has made this leap recently, and what changes/gotchas might be pertinent?
Re: Upgrade from 2.3.3 to 2.9
Am 08.02.2012 16:20, schrieb l...@airstreamcomm.net: > Wondering if anyone has made this leap recently, and what changes/gotchas > might be pertinent? clone your configuration in a virtual machine and try it SIX major releases is a lot, even having the fact that Wietse is very careful with changes in mind the problem is that even he can not say what exactly has changed since long not supported releases and how will this possibly play with your exactyl config signature.asc Description: OpenPGP digital signature
Re: Upgrade from 2.3.3 to 2.9
On Wed, Feb 08, 2012 at 04:25:04PM +0100, Reindl Harald wrote: > SIX major releases is a lot, even having the fact > that Wietse is very careful with changes in mind > > the problem is that even he can not say what exactly > has changed since long not supported releases and > how will this possibly play with your exactyl config Sure he can, the changes are documented in the RELEASE_NOTES files, which are includes with the Postfix source code. The OP should read RELEASE_NOTES-2.{4,5,6,7,8} and the RELEASE_NOTES for 2.9. -- Viktor.
Re: Database import of user-submitted mail
On 08/02/2012 15:16, Fabio Sangiovanni wrote: > but those that, in a "normal" situation, I would act as a relay for. You can redirect them to 'your daemon' with 'relayhost' or with a specific transport map. -- Simone Caruso IT Consultant +39 349 65 90 805
Re: Upgrade from 2.3.3 to 2.9
Am 08.02.2012 16:32, schrieb Viktor Dukhovni: > On Wed, Feb 08, 2012 at 04:25:04PM +0100, Reindl Harald wrote: > >> SIX major releases is a lot, even having the fact >> that Wietse is very careful with changes in mind >> >> the problem is that even he can not say what exactly >> has changed since long not supported releases and >> how will this possibly play with your exactyl config > > Sure he can, the changes are documented in the RELEASE_NOTES files, > which are includes with the Postfix source code. The OP should read > RELEASE_NOTES-2.{4,5,6,7,8} and the RELEASE_NOTES for 2.9. sure, theoretically possible, but depending on the combination of used options and how they are used maybe a little difficult to find out which change my apply to it or which side-effects are possible or not thats why i would clone this thing to a virtual machine, upgrade and make some little tests signature.asc Description: OpenPGP digital signature
Re: Upgrade from 2.3.3 to 2.9
On Wed, 8 Feb 2012 15:32:55 +, Viktor Dukhovni wrote: > On Wed, Feb 08, 2012 at 04:25:04PM +0100, Reindl Harald wrote: > >> SIX major releases is a lot, even having the fact >> that Wietse is very careful with changes in mind >> >> the problem is that even he can not say what exactly >> has changed since long not supported releases and >> how will this possibly play with your exactyl config > > Sure he can, the changes are documented in the RELEASE_NOTES files, > which are includes with the Postfix source code. The OP should read > RELEASE_NOTES-2.{4,5,6,7,8} and the RELEASE_NOTES for 2.9. Which I have. At this point we have a cluster of outbound servers, so I plan to build a new server from scratch and bring it into the cluster after some testing, then phase out the other servers with clones of the new machine.
Re: Postfix installation problem...
Thanks a ton for the reply. I have compared the working version(2.4.6) box vs this one 2.8.7 here are the results. 1. postfix-script files exist at same locations. [root@box-1 /]# find / -name postfix-script /etc/postfix.one/postfix-script /etc/postfix.two/postfix-script [root@box-2 /]# find / -name postfix-script /etc/postfix.one/postfix-script /etc/postfix.two/postfix-script 2. Doing this as root so i think its safe to conclude this may not be a permissions issue, am i ok ??? 3. SELINUX is disabled. 4. Verified the postfix-script file first line, it is #!/bin/sh. 5. Verified for "whereis postfix", does this makes any difference ? Box1 [root@box-1 ~]# whereis postfix postfix: /usr/sbin/postfix /usr/sbin/postfix.one /usr/sbin/postfix.two /etc/postfix /etc/postfix.one /etc/postfix.two /usr/libexec/postfix Box2 [root@box-2 /]# whereis postfix postfix: /usr/sbin/postfix.two /usr/sbin/postfix /usr/sbin/postfix.one /etc/postfix.two /etc/postfix /etc/postfix.one /usr/libexec/postfix Thanks, Kumar From: Wietse Venema To: Postfix users Sent: Tuesday, February 7, 2012 7:32 PM Subject: Re: Postfix installation problem... Mr fix: > We have created an rpm by applying custom patch to Postfix 2.8.7, > after the installation "postfix check" gives the following error. > > postfix: fatal: /usr/libexec/postfix/postfix-script: No such file or directory The postfix command runs with super-user privileges. If it can't execute postfix-script because of the above error, then: - Either the file does not exist, - Or the #!/path/to/program on the first line of the file specifies a non-existent patname, - Or you need to fix the SELINUX or APPARMOR etc. "security" configuration. Wietse
Re: Upgrade from 2.3.3 to 2.9
The closest jump we are trying to now is from 2.4 to 2.8, but still in installation phase. :) - Original Message - From: "l...@airstreamcomm.net" To: postfix-users@postfix.org Cc: Sent: Wednesday, February 8, 2012 10:10 AM Subject: Re: Upgrade from 2.3.3 to 2.9 On Wed, 8 Feb 2012 15:32:55 +, Viktor Dukhovni wrote: > On Wed, Feb 08, 2012 at 04:25:04PM +0100, Reindl Harald wrote: > >> SIX major releases is a lot, even having the fact >> that Wietse is very careful with changes in mind >> >> the problem is that even he can not say what exactly >> has changed since long not supported releases and >> how will this possibly play with your exactyl config > > Sure he can, the changes are documented in the RELEASE_NOTES files, > which are includes with the Postfix source code. The OP should read > RELEASE_NOTES-2.{4,5,6,7,8} and the RELEASE_NOTES for 2.9. Which I have. At this point we have a cluster of outbound servers, so I plan to build a new server from scratch and bring it into the cluster after some testing, then phase out the other servers with clones of the new machine.
Re: Postfix installation problem...
On Wed, Feb 08, 2012 at 08:47:27AM -0800, Mr fix wrote: > I have compared the working version(2.4.6) box vs this one 2.8.7 > here are the results. > > 1. postfix-script files exist at same locations. > > [root@box-1 /]# find / -name postfix-script > /etc/postfix.one/postfix-script > /etc/postfix.two/postfix-script There's your problem. The postfix-script, postfix-files and related files are as of Postfix 2.6 expected to be in /usr/libexec/postfix (really $daemon_directory). Your Postfix installation is broken. -- Viktor.
Re: Disallow user to send external mails
On 07.02.2012 13:57, Nikolaos Milas wrote: I wonder if there is an easy solution to disallow a specific sender (From-Header) to send e-mails to non $mydestination addresses. Check smtpd_sender_restrictions and/or smtpd_client_restrictions, as well as restriction classes: http://www.postfix.org/SMTPD_ACCESS_README.html http://www.postfix.org/RESTRICTION_CLASS_README.html Hi again, it seems that restriction classes, etc. are working fine if mail is send by SMTP, not by local processes (sendmail, etc.). Is this correct or do I miss something? -- Best regards, Denis Witt
Re: Postfix installation problem...
Just tried that brute force and worked.your reference validates the issue. These things generally happen when we jump 4 versions in one shot, thank you very much for pitching in. We have multiple instances running so as per older way they distributed postfix-files, -script -install in different places, now, i have to see how the multiple instances functionality changed since 2.4. Thanks, Kumar - Original Message - From: Viktor Dukhovni To: postfix-users@postfix.org Cc: Sent: Wednesday, February 8, 2012 10:52 AM Subject: Re: Postfix installation problem... On Wed, Feb 08, 2012 at 08:47:27AM -0800, Mr fix wrote: > I have compared the working version(2.4.6) box vs this one 2.8.7 > here are the results. > > 1. postfix-script files exist at same locations. > > [root@box-1 /]# find / -name postfix-script > /etc/postfix.one/postfix-script > /etc/postfix.two/postfix-script There's your problem. The postfix-script, postfix-files and related files are as of Postfix 2.6 expected to be in /usr/libexec/postfix (really $daemon_directory). Your Postfix installation is broken. -- Viktor.
Re: Upgrade from 2.3.3 to 2.9
As vikor dukhovni mentioned in other thread, here is one thing you can keep in mind. The postfix-script, postfix-files and related files are as of Postfix 2.6 expected to be in /usr/libexec/postfix (really $daemon_directory). Thanks, Kumar - Original Message - From: "l...@airstreamcomm.net" To: postfix-users@postfix.org Cc: Sent: Wednesday, February 8, 2012 10:10 AM Subject: Re: Upgrade from 2.3.3 to 2.9 On Wed, 8 Feb 2012 15:32:55 +, Viktor Dukhovni wrote: > On Wed, Feb 08, 2012 at 04:25:04PM +0100, Reindl Harald wrote: > >> SIX major releases is a lot, even having the fact >> that Wietse is very careful with changes in mind >> >> the problem is that even he can not say what exactly >> has changed since long not supported releases and >> how will this possibly play with your exactyl config > > Sure he can, the changes are documented in the RELEASE_NOTES files, > which are includes with the Postfix source code. The OP should read > RELEASE_NOTES-2.{4,5,6,7,8} and the RELEASE_NOTES for 2.9. Which I have. At this point we have a cluster of outbound servers, so I plan to build a new server from scratch and bring it into the cluster after some testing, then phase out the other servers with clones of the new machine.
Re: Postfix installation problem...
Mr fix: > > Thanks a ton for the reply. > > I have compared the working version(2.4.6) box vs this one 2.8.7 > here are the results. > > 1. postfix-script files exist at same locations. > > [root@box-1 /]# find / -name postfix-script > /etc/postfix.one/postfix-script > /etc/postfix.two/postfix-script Postfix 2.6 and later use /usr/libexec/postfix/postfix-script, You may have noticed that pathname in the error message. Wietse
Copy outgoing messages
Hello. I'm configuring my own domain with Postfix, I have set up as this: user1 - personal mail ( 3 email addresses via aliases ) user2 - mail lists user3 - spam catch for spamassassin learn purposes user4 - a copy of user1 in /etc/postfix/aliases , so all mail received in user1 periodically is stored and archived, just for backup purposes if a crash happens, one script package and store this file periodically. I would like do a copy of the outgoing mail from user1, from all my 3 email addresses. always_bcc option I believe will not copy this, and is too much mail for store, I want save all outgoing mail from user1 only And, if there is other better option than create an "user4" for backup purposes I will be interessed to hear. Thanks Josep
Re: Postfix installation problem...
On 2/8/2012 12:07 PM, Mr fix wrote: > Just tried that brute force and worked.your reference validates the issue. > > These things generally happen when we jump 4 versions in one shot, thank you > very much for pitching in. > > We have multiple instances running so as per older way they distributed > postfix-files, -script -install in different places, now, i have to see how > the multiple instances functionality changed since 2.4. You will probably be interested in http://www.postfix.org/MULTI_INSTANCE_README.html which was offered beginning with Postfix 2.6.
Re: Disallow user to send external mails
On Wed, Feb 08, 2012 at 06:06:24PM +0100, Denis Witt wrote: > On 07.02.2012 13:57, Nikolaos Milas wrote: > > >>I wonder if there is an easy solution to disallow a > >>specific sender (From-Header) to send e-mails to non > >>$mydestination addresses. > > >Check smtpd_sender_restrictions and/or > >smtpd_client_restrictions, as well as restriction classes: > >http://www.postfix.org/SMTPD_ACCESS_README.html > >http://www.postfix.org/RESTRICTION_CLASS_README.html > > it seems that restriction classes, etc. are working fine > if mail is send by SMTP, not by local processes (sendmail, > etc.). Is this correct or do I miss something? Correct. smtpd_* settings only apply to smtpd(8); sendmail(1) has no feature to limit source and destination addresses. Your only choices there would be to use authorized_submit_users to block access to sendmail, or to write some kind of software to sit in front of sendmail and check your access rules. http://www.postfix.org/postconf.5.html#authorized_submit_users http://www.postfix.org/sendmail.1.html -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Re: selecting outbound IP
On Wed, 2012-02-08 at 16:46 +0800, Joe Wong wrote: > I read the details of the multiple instance support but it's not clear > to me how I can use it to achieve my goal. Do anyone have similar > setup and share your configuration here? Please don't top post. You'll have to give some more details as to what "condition A" and "condition B" are that define which outgoing IP address should be used. Andy
How to install SPF Framework in Postfix
Hi all, I have configured a Postfix e-mail server but all emails sent to Hotmail.com go to the trash... the first question is... configuring SPF should solve that? If yes, what is the best way of configuring SPF in Postfix + Dovecot? Some clues? Best Regards,
Re: How to install SPF Framework in Postfix
Am 09.02.2012 01:15, schrieb Andre Lopes: > Hi all, > > I have configured a Postfix e-mail server but all emails sent to > Hotmail.com go to the trash... the first question is... configuring > SPF should solve that? SHOULD LOGS how should anybody gues what can solve this if nobody is knwoing the "this"? however, if another server is blocking mails from you and you want a better reputation with SPF this has NOTHING to do with postfix - SPF is simply a dns-record in your sending domain signature.asc Description: OpenPGP digital signature
Re: How to install SPF Framework in Postfix
Andre Lopes: > If yes, what is the best way of configuring SPF in Postfix + Dovecot? > Some clues? See: http://www.openspf.net/Implementations Implementations that use the Sendmail Milter protocol may also work with Postfix. Wietse
Re: How to install SPF Framework in Postfix
Hi all, Thanks for the reply's. Maybe I have not explained well my problem. I have configured a new e-mail server for a new domain, but the problem with Hotmail is old in other websites that I have configured, the e-mails sent go directly to the trash. Anyone have ever had the same problem with Hotmail? What can be done to workaround this problem? I have googled a solution for Postfix and SPF, this is my best option (http://www.webstershome.co.uk/content/postfix-whitelisting-and-spf-filtering) or should I go with Perl SPF implementation? Please give me some clues, Best Regards, On Thu, Feb 9, 2012 at 12:33 AM, Reindl Harald wrote: > > > Am 09.02.2012 01:15, schrieb Andre Lopes: >> Hi all, >> >> I have configured a Postfix e-mail server but all emails sent to >> Hotmail.com go to the trash... the first question is... configuring >> SPF should solve that? > > SHOULD LOGS > > how should anybody gues what can solve this if > nobody is knwoing the "this"? > > however, if another server is blocking mails from you and > you want a better reputation with SPF this has NOTHING to do > with postfix - SPF is simply a dns-record in your sending > domain >
Re: How to install SPF Framework in Postfix
On 2/8/2012 6:42 PM, Andre Lopes wrote: > Hi all, > > Thanks for the reply's. > > Maybe I have not explained well my problem. I have configured a new > e-mail server for a new domain, but the problem with Hotmail is old in > other websites that I have configured, the e-mails sent go directly to > the trash. Anyone have ever had the same problem with Hotmail? What > can be done to workaround this problem? > > I have googled a solution for Postfix and SPF, this is my best option > (http://www.webstershome.co.uk/content/postfix-whitelisting-and-spf-filtering) > or should I go with Perl SPF implementation? > > Please give me some clues, > > Best Regards, The solutions you've been reading are about checking SPF on incoming mail. To set SPF on outgoing mail, you add SPF records to your DNS server -- no changes to postfix required. http://www.openspf.net/SPF_Record_Syntax To check SPF on incoming mail, see: http://www.openspf.net/Implementations#mta-extensions and look at the postfix policy services. I would expect most of the Sendmail SPF milters to work with postfix also. Most of these are likely available as packages for your OS. It also might be helpful to set DKIM on your outgoing mail. See http://www.opendkim.org/ Packages should also available for this. -- Noel Jones
Re: How to install SPF Framework in Postfix
you are not willing to understand that if some other server is trahsing mails you sent and you are speaking of SPF that there is nothing to configure in YOUR MAILSERVER SPF is a DNS record you define in your nameserver the other server may look if you defined one and verify it there is no single pojnt where you have to touch your mailserver or messages you send for SPF [harry@srv-rhsoft:~]$ dig SPF thelounge.net @ns1.thelounge.net ;; QUESTION SECTION: ;thelounge.net. IN SPF ;; ANSWER SECTION: thelounge.net. 86400 IN SPF "v=spf1 ip4:91.118.73.15 ip4:91.118.73.20 ip4:91.118.73.17 ip4:91.118.73.6 ip4:91.118.73.32 ip4:91.118.73.38 ip4:91.118.73.30 ip4:91.118.73.1 ip4:89.207.144.27 -all" Am 09.02.2012 01:42, schrieb Andre Lopes: > Maybe I have not explained well my problem. I have configured a new > e-mail server for a new domain, but the problem with Hotmail is old in > other websites that I have configured, the e-mails sent go directly to > the trash. Anyone have ever had the same problem with Hotmail? What > can be done to workaround this problem? > > I have googled a solution for Postfix and SPF, this is my best option > (http://www.webstershome.co.uk/content/postfix-whitelisting-and-spf-filtering) > or should I go with Perl SPF implementation? > > On Thu, Feb 9, 2012 at 12:33 AM, Reindl Harald wrote: >> >> >> Am 09.02.2012 01:15, schrieb Andre Lopes: >>> Hi all, >>> >>> I have configured a Postfix e-mail server but all emails sent to >>> Hotmail.com go to the trash... the first question is... configuring >>> SPF should solve that? >> >> SHOULD LOGS >> >> how should anybody gues what can solve this if >> nobody is knwoing the "this"? >> >> however, if another server is blocking mails from you and >> you want a better reputation with SPF this has NOTHING to do >> with postfix - SPF is simply a dns-record in your sending >> domain >> -- Mit besten Grüßen, Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofmühlgasse 17 CTO / software-development / cms-solutions p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40 icq: 154546673, http://www.thelounge.net/ http://www.thelounge.net/signature.asc.what.htm signature.asc Description: OpenPGP digital signature
Linux filesystem advice for email use
Hi, I'd like to know if anyone here has any thoughts or opinions about the best linux filesystem to use for an email system. There will be some small amount of website data on the system (including webmail to read the emails), although I could move that to another partition if need be. Anyone use ext4? Btrfs? Something else? Is ext3 fine even in high volume email servers? Anyone use any non-default values for block size or journaling type? Thank you
Re: selecting outbound IP
Hello Andy, Sorry I should state the details initially. I am hosting multiple domains say joe.com jay.net some other domains I would like to route email sent from user in joe.com through IP address 1, user in jay.net via IP address 2, the rest go through IP address 3. after looking into the multiple instance support, I am not sure how this will work with my setup. Appreciated your opinion here. Best regards, - Joe On Thu, Feb 9, 2012 at 1:43 AM, Andrew Beverley wrote: > On Wed, 2012-02-08 at 16:46 +0800, Joe Wong wrote: >> I read the details of the multiple instance support but it's not clear >> to me how I can use it to achieve my goal. Do anyone have similar >> setup and share your configuration here? > > Please don't top post. > > You'll have to give some more details as to what "condition A" and > "condition B" are that define which outgoing IP address should be used. > > Andy > >
Postfix training
Looking for suggestions on classes or consulting with an educational aspect for advanced postfix administration in and around the upper Midwest US (we are open to any classes in Hawaii :). By the way, big thanks to the people that use this list for providing a better support structure than any closed source product I've worked with could have offered. It says a lot about the power of open source.
Re: Linux filesystem advice for email use
On 8 Feb 2012, at 20:19, Ori Bani wrote: Hi, I'd like to know if anyone here has any thoughts or opinions about the best linux filesystem to use for an email system. There will be some small amount of website data on the system (including webmail to read the emails), although I could move that to another partition if need be. Anyone use ext4? Btrfs? Something else? Is ext3 fine even in high volume email servers? Anyone use any non-default values for block size or journaling type? There could be different answers depending on your overall architecture and usage patterns. A high delivery rate is a different thing than a high user access rate, and high message count volume is a different thing than high byte volume. It sounds like your user message store is on the same system as your Postfix queues, and those may have differing needs, depending on what kind of volume you have going through Postfix, what message store server (IMAP/POP/webmail) you use and how it is configured, what clients your users predominantly use, and so on. I would stay away from btrfs until it is much more mature. As a general rule (very general) mail systems stress allocation and metadata efficiency more than sustained data flow, so you'd want to avoid options like the older versions of XFS.
Re: selecting outbound IP
On 2/8/2012 7:21 PM, Joe Wong wrote: > Hello Andy, > > Sorry I should state the details initially. I am hosting multiple domains say > > joe.com > jay.net > some other domains > > I would like to route email sent from user in joe.com through IP > address 1, user in jay.net via IP address 2, the rest go through IP > address 3. The sender_dependent_default_transport_maps feature is intended exactly for this. See: http://www.postfix.org/postconf.5.html#sender_dependent_default_transport_maps and the mail list archives. -- Noel Jones
Re: Linux filesystem advice for email use
On Wed, 8 Feb 2012 17:19:05 -0800, Ori Bani wrote: > Hi, > > I'd like to know if anyone here has any thoughts or opinions about the > best linux filesystem to use for an email system. There will be some > small amount of website data on the system (including webmail to read > the emails), although I could move that to another partition if need > be. > > Anyone use ext4? Btrfs? Something else? Is ext3 fine even in high > volume email servers? Anyone use any non-default values for block size > or journaling type? > > Thank you Ori, We are currently testing XFS 3.1.1 on Centos 6.2. We got the knack for XFS after watching this video where an XFS dev speaks to the new features and other interesting aspects of filesystem development: http://www.youtube.com/watch?feature=player_embedded&v=FegjLbCnoBw Namely the way they reduce metadata bandwidth was a huge improvement for me. In our environment we have 2.5 TB of maildir structured files, and moving it to XFS (from ext3) has been like night and day. We had a script that created all the user's home directories on the new filesystem in this format '/mail/a/n/andy/Maildir/blah', for 65000 user accounts. It completed in about five minutes, which ext3 had taken upwards of two hours to do in the past. Big difference. We then started moving the mail over to the new file system using 4 parallel rsyncs it took about 2 hours to move the mail to the new file system, which was fairly quick. So far everything seems a bit snappier when loading mail into a client, or into webmail. The mail servers are running low load average, and the IOPS have decreased by about a fifth from the ext3. Now if you're looking at doing something a bit more extravagent you should look at GlusterFS, a distributed file system that can write synchronously mirrored copies of files to multiple storage nodes, and exports it's file system using NFS as well as an improved client provided by Gluster that has better file locking. You can use XFS/EXT4/BTRFS/etc. underneath GlusterFS as your core storage, and the GlusterFS runs on top of the multiple nodes, distributing files over the cluster making a highly performant and highly avialiable storage backend. We have done quite a bit of testing with this, and there are certainly some gotchas to be aware of when storage nodes fail, but it's well documented. Overall it's a great tool if you are looking at doing high demand file serving and could benefit from a clustered file system.
Re: selecting outbound IP
Hello Noel, The IP I mentioned was not the remote IP, but the IP address in the oubound MTA machine. - Joe On Thu, Feb 9, 2012 at 10:27 AM, Noel Jones wrote: > On 2/8/2012 7:21 PM, Joe Wong wrote: >> Hello Andy, >> >> Sorry I should state the details initially. I am hosting multiple domains >> say >> >> joe.com >> jay.net >> some other domains >> >> I would like to route email sent from user in joe.com through IP >> address 1, user in jay.net via IP address 2, the rest go through IP >> address 3. > > > The sender_dependent_default_transport_maps feature is intended > exactly for this. See: > http://www.postfix.org/postconf.5.html#sender_dependent_default_transport_maps > and the mail list archives. > > > > > -- Noel Jones
Re: selecting outbound IP
On 2/8/2012 9:24 PM, Joe Wong wrote: > Hello Noel, > > The IP I mentioned was not the remote IP, but the IP address in the > oubound MTA machine. > > - Joe [please don't top post] Indeed. Use sender_dependent_default_transport_maps to select a transport defined in master.cf that is bound to a specific IP with "... -o smtp_bind_address=0.1.2.3" a brief example (you can find other examples in the archives): # master.cf #(these are copies of the smtp...smtp default transport) out_joe unix - - n - - smtp -o smtp_bind_address=192.0.1.10 out_bob unix - - n - - smtp -o smtp_bind_address=192.0.1.20 # main.cf sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport # sender_transport @joe.example.com out_joe: @bob.example.com out_bob: -- Noel Jones
Re: Implement SMTP Auth in a non-disruptive way?
Greetings, Reindi, search through postfix docs for that: + permit_sasl_authenticated + permit_mynetworks (play with the mynetworks definition, so, initially you allow all mail from your local network, and when *all* of your users moved to new authenticated schema, you just removed local network from here) That one is not so important, but I have found it really useful in my environment: + reject_authenticated_sender_login_mismatch (this is an interesting one, that you can later replace with: reject_sender_login_mismatch ... now, I use LDAP with all of this). I am a little in a hurry now, but if you read the docs you may get the idea. I hope this helps, Ildefonso Camargo.
Re: Implement SMTP Auth in a non-disruptive way?
Am 09.02.2012 04:49, schrieb Jose Ildefonso Camargo Tolosa: > Greetings, > > Reindi, search through postfix docs for that: > > + permit_sasl_authenticated > + permit_mynetworks (play with the mynetworks definition, so, > initially you allow all mail from your local network, and when *all* > of your users moved to new authenticated schema, you just removed > local network from here) > > That one is not so important, but I have found it really useful in my > environment: > > + reject_authenticated_sender_login_mismatch (this is an interesting > one, that you can later replace with: reject_sender_login_mismatch ... > now, I use LDAP with all of this). > > I am a little in a hurry now, but if you read the docs you may get the idea. > I hope this helps first it was not me having a problem with SMTP Auth second all of this doe snot help in the strange wishes of the OP which are making no sense at all, below quoted again please do not read only the subject! ___- this is what i meant with "making no sense at all" "I would like to do it in a non-disruptive way. I was thinking to implement something like a "bounce" message for each outgoing mail without authentication. That message will not stop the delivery of the email, but it will, simply, inform unauthenticated users about the fact that in a few days they will be forced to do so. When D-day comes, I would like to return to unauthenticated users a custom DSN, not the build-in error." signature.asc Description: OpenPGP digital signature
Re: selecting outbound IP
On Thu, Feb 9, 2012 at 11:41 AM, Noel Jones wrote: > On 2/8/2012 9:24 PM, Joe Wong wrote: >> Hello Noel, >> >> The IP I mentioned was not the remote IP, but the IP address in the >> oubound MTA machine. >> >> - Joe > > > [please don't top post] > > Indeed. Use sender_dependent_default_transport_maps to select a > transport defined in master.cf that is bound to a specific IP with > "... -o smtp_bind_address=0.1.2.3" > > a brief example (you can find other examples in the archives): > > > # master.cf > #(these are copies of the smtp...smtp default transport) > out_joe unix - - n - - smtp > -o smtp_bind_address=192.0.1.10 > > out_bob unix - - n - - smtp > -o smtp_bind_address=192.0.1.20 > > > # main.cf > sender_dependent_default_transport_maps = > hash:/etc/postfix/sender_transport > > > # sender_transport > @joe.example.com out_joe: > @bob.example.com out_bob: > > > > > > -- Noel Jones Thanks Noel. That means it does not need the multiple instance support at all. And sorry for the top-post :) - Joe
Σχετ: Implement SMTP Auth in a non-disruptive way?
Well, There are a number of reasons. Like for example, stopping emails from non-existed users, or stopping email bombing from "zombie" PCs. The majority of emails in the queues of my MTA is backscatter and one of the ways to reduce it is SMTP Auth. More important thought is the need to enable access to the MTA from other networks too, so, I need the SMTP AUTH. - Αρχικό μήνυμα - Απο: Larry Stone Προς: Peter Tselios Κοιν.: Postfix Users Στάλθηκε: 4:32 μ.μ. Τετάρτη, 8 Φεβρουαρίου 2012 Θεμα: Re: Implement SMTP Auth in a non-disruptive way? On Wed, 8 Feb 2012, Peter Tselios wrote: > So far I have not implemented SMTP Auth for various reasons (on of them was > the fact that I had no Postfix installed). Anyway, I would like to implement > it, but since I have a relatively large base (>200K emails), I would like to > do it in a non-disruptive way. I was thinking to implement something like a > "bounce" message for each outgoing mail without authentication. That message > will not stop the delivery of the email, but it will, simply, inform > unauthenticated users about the fact that in a few days they will be forced > to do so. When D-day comes, I would like to return to unauthenticated users > a custom DSN, not the build-in error. > > Is there any way to do it? If not, is there any other way to do it? I this is a good spot for the standard response of "please don't tell us what your proposed solution is, please tell us what is the problem you are trying to solve". In other words, why do you suddenly need SMTP AUTH (and I'm assuming here you want it even for clients in $mynetworks) and what is the problem you think making it required will solve? -- Larry Stone lston...@stonejongleux.com
Σχετ: Implement SMTP Auth in a non-disruptive way?
Well, I believe you meaning: reject_unauthenticated_sender_login_mismatch. I tried that on my test env, but I did not add the permit_sasl_authenticated and I had issues. Now, it's better, thanks! I still need the "DSN" style message back for those users and I hope to have some ideas. - Αρχικό μήνυμα - Απο: Jose Ildefonso Camargo Tolosa Προς: Postfix Users Κοιν.: Στάλθηκε: 5:49 π.μ. Πέμπτη, 9 Φεβρουαρίου 2012 Θεμα: Re: Implement SMTP Auth in a non-disruptive way? Greetings, Reindi, search through postfix docs for that: + permit_sasl_authenticated + permit_mynetworks (play with the mynetworks definition, so, initially you allow all mail from your local network, and when *all* of your users moved to new authenticated schema, you just removed local network from here) That one is not so important, but I have found it really useful in my environment: + reject_authenticated_sender_login_mismatch (this is an interesting one, that you can later replace with: reject_sender_login_mismatch ... now, I use LDAP with all of this). I am a little in a hurry now, but if you read the docs you may get the idea. I hope this helps, Ildefonso Camargo.
rfc822 regex
I am trying to validate email ids of subscribers coming to my site Is there a standard regular expression for email id syntax that confirms to rfc822. I want to avoid junk entries from entering my database. Postfix already checks this syntax in RCPT-TO , but is this regex available already Thanks Ram