RE: Putting all outgoing mail on hold?
Hi, I have read somewhere that if you put "/^Received:/ HOLD" in header checks; then all the message will be in queue and will be waiting for delivery. In such case after getting all the message hold, you can use postsuper -H [-H queue_id (un-hold)] to deliver selected messages. Thanks/regards, Vishal Agarwal -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Noel Jones Sent: Sunday, March 18, 2012 5:13 AM To: postfix-users@postfix.org Subject: Re: Putting all outgoing mail on hold? On 3/17/2012 9:48 AM, Jesper Dybdal wrote: > Is there a simple way to put all outgoing mail (i.e., everything that > would normally be processed by the default "smtp" instance) into the > HOLD queue? > > The reason I would like to do that is that the IP address on which I run > my little server is about to change, and I would like outgoing mail to > be held until I am sure that the new address has a proper reverse DNS > and is not in any problematic DNSBLs. I could also just block outgoing > port 25 with a firewall rule, but using HOLD will give me better > control: I can then release individual mails if I want to. You can use a check_recipient_access map that puts everything non-local on hold. This needs to be the first rule in one of the smtpd_*_restrictions sections so that all SMTP mail will be subjected to it. And, as a guideline, you don't want rules of this sort in smtpd_recipient_restrictions due to the danger of a typo mistake making you an open relay. Note that smtpd restrictions don't apply to mail submitted via the sendmail(1) command line interface -- such as users with a login shell, system/cron mail, sometimes webmail. It would probably be prudent to do the firewall block until you see where mail is going. Also note that HOLD is a message-level restriction. If a message has both local and non-local recipients, all will be put on HOLD. # main.cf smtpd_sender_restrictions = check_recipient_access = regexp:/etc/postfix/hold_outgoing.regexp # hold_outgoing.regexp /example\.com$/ DUNNO skip my domain /^/ HOLD outgoing delivery suspended -- Noel Jones
Re: Putting all outgoing mail on hold?
Jesper Dybdal: > Is there a simple way to put all outgoing mail (i.e., everything that > would normally be processed by the default "smtp" instance) into the > HOLD queue? # postconf -e 'default_transport = retry:waiting for remote server upgrade' Wietse
Re: Putting all outgoing mail on hold?
On 3/17/2012 9:48 AM, Jesper Dybdal wrote: > Is there a simple way to put all outgoing mail (i.e., everything that > would normally be processed by the default "smtp" instance) into the > HOLD queue? > > The reason I would like to do that is that the IP address on which I run > my little server is about to change, and I would like outgoing mail to > be held until I am sure that the new address has a proper reverse DNS > and is not in any problematic DNSBLs. I could also just block outgoing > port 25 with a firewall rule, but using HOLD will give me better > control: I can then release individual mails if I want to. You can use a check_recipient_access map that puts everything non-local on hold. This needs to be the first rule in one of the smtpd_*_restrictions sections so that all SMTP mail will be subjected to it. And, as a guideline, you don't want rules of this sort in smtpd_recipient_restrictions due to the danger of a typo mistake making you an open relay. Note that smtpd restrictions don't apply to mail submitted via the sendmail(1) command line interface -- such as users with a login shell, system/cron mail, sometimes webmail. It would probably be prudent to do the firewall block until you see where mail is going. Also note that HOLD is a message-level restriction. If a message has both local and non-local recipients, all will be put on HOLD. # main.cf smtpd_sender_restrictions = check_recipient_access = regexp:/etc/postfix/hold_outgoing.regexp # hold_outgoing.regexp /example\.com$/ DUNNO skip my domain /^/ HOLD outgoing delivery suspended -- Noel Jones
Re: Redundant cleanup mail to one user with different extensions
On Sat, 2012-03-17 at 16:00:26 +0200, Pavel Gulchouck wrote: > On Sat, Mar 17, 2012 at 09:19:15AM -0400, Sahil Tandon writes: > > On Sat, 2012-03-17 at 13:48:17 +0200, Pavel Gulchouck wrote: > > >> I use recipient_delimiter feature and procmail processing local > >> delivery. Messages for me+sms goes to sms, for me+xmpp - to jabber > >> etc. > >> > >> But if I want to receive a message both to xmpp and sms, I have a > >> problem, because cleanup decides that me+xmpp and me+sms is the > >> same user, and leaves only one copy of the message. > > > Do you have logs of this occurring? > > Additional info: this happens when destination is alias which expands > to list of addresses contain user+ext1 and user+ext2. Rather than providing tidbits of information, would you share the output of 'postconf -n' and other relevant information as described in DEBUG_README? > In my test, /etc/aliases contains: > gul-test: gul+1, gul+2 > > Here's mail.log of sending mail to gul-test: > > Mar 17 13:50:00 mon postfix/pickup[31038]: 35847F90660: uid=1013 from= > Mar 17 13:50:00 mon postfix/cleanup[11341]: 35847F90660: > message-id=<20120317135000.35847f90...@gul.kiev.ua> > Mar 17 13:50:00 mon postfix/qmgr[7754]: 35847F90660: from=, > size=327, nrcpt=1 (queue active) > Mar 17 13:50:01 mon postfix/local[11413]: 35847F90660: > to=, orig_to=, relay=local, delay=1, > delays=0/0/0/1, dsn=2.0.0, status=sent (delivered to command: procmail -a > "$EXTENSION") > Mar 17 13:50:01 mon postfix/qmgr[7754]: 35847F90660: removed FWIW, I cannot reproduce this, though I do not hand mail off to procmail: Mar 17 10:40:35 mx1 postfix/local[67468]: 2FD108A05B: to=, orig_to=, relay=local, delay=0.47, delays=0.46/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir) Mar 17 10:40:35 mx1 postfix/local[67468]: 2FD108A05B: to=, orig_to=, relay=local, delay=0.47, delays=0.46/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir) -- Sahil Tandon
Putting all outgoing mail on hold?
Is there a simple way to put all outgoing mail (i.e., everything that would normally be processed by the default "smtp" instance) into the HOLD queue? The reason I would like to do that is that the IP address on which I run my little server is about to change, and I would like outgoing mail to be held until I am sure that the new address has a proper reverse DNS and is not in any problematic DNSBLs. I could also just block outgoing port 25 with a firewall rule, but using HOLD will give me better control: I can then release individual mails if I want to. -- Jesper Dybdal, Denmark. http://www.dybdal.dk (in Danish).
Re: Building Postfix RHEL RPMs with custom LDAP packages
On 16/3/2012 11:21 πμ, Nikolaos Milas wrote: I'll test this hypothesis anyway, but it's good to know others' experience on such matters. So, I've upgraded on a test server with a vanilla postfix (standard settings, as installed on CentOS 5, i.e. ) which had been upgraded in the past to 2.8.2 using local compilation (and "make upgrade") and now to 2.9.1 using my self-built RPMs (which are in test state): --- # ls -la total 15752 drwxr-xr-x 2 root root 4096 Mar 15 13:19 . drwxr-xr-x 5 root root 4096 Mar 15 13:18 .. -rw-r--r-- 1 root root 5855022 Mar 15 13:17 postfix-2.9.1-1.pcre.sasl2.dovecot.nmilas.rhel5.x86_64.rpm -rw-r--r-- 1 root root 10233248 Mar 15 13:17 postfix-debuginfo-2.9.1-1.pcre.sasl2.dovecot.nmilas.rhel5.x86_64.rpm # # rpm -Uvh *.rpm Preparing...### [100%] 1:postfixwarning: /etc/postfix/aliases created as /etc/postfix/aliases.rpmnew warning: /etc/postfix/bounce.cf.default saved as /etc/postfix/bounce.cf.default.rpmsave warning: /etc/postfix/main.cf created as /etc/postfix/main.cf.rpmnew warning: /etc/postfix/makedefs.out saved as /etc/postfix/makedefs.out.rpmsave warning: /etc/postfix/master.cf created as /etc/postfix/master.cf.rpmnew warning: /usr/libexec/postfix/post-install saved as /usr/libexec/postfix/post-install.rpmorig ### [ 50%] /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= chown: cannot access `/usr/share/doc/postfix-2.3.3/README_FILES/MEMCACHE_README': No such file or directory /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= 2:postfix-debuginfo ### [100%] postconf: warning: /etc/postfix/master.cf: unused parameter: fallback_relay= --- From the above, I concluded that I should comment-out / delete in master.cf the respective line (marked with a *): --- relay unix - - n - - smtp # * -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -
Re: check_sender_access - allowed actions
On Sat, Mar 17, 2012 at 08:58:16AM -0400, Charles Marcus wrote:
> After modifying my config to work the way I want it to after the
> switch from webroot to postini,
I have a "funny" Postini story to tell. Recently I made inquiry
about features of the service, and in the web form I carefully and
deliberately unchecked the "spam me" boxes. I wanted my question
answered ONLY.
The question was partially (not fully) answered, and of course, I
continue to get marketing mail on the tagged address I used. A
spammer running an anti-spam service, how nice.
> I'd like a sanity check on my modified restrictions to make sure
> I didn't make some glaring mistake that is going to bite me
> (full postconf -n at the end of this message)...
>
> Here are my current restrictions (with comments to explain the
> purpose and contents of the maps, all still under
> smtpd_recipient_restrictions):
>
> smtpd_recipient_restrictions =
>
> # these two maps only have REJECTs, no OKs allowed
>check_recipient_access ${hash}/moved-employees,
>check_recipient_access ${hash}/x-employees,
Fine until someone slips up and puts an OK in there. Why wouldn't
this work elsewhere, e.g., smtpd_sender_restrictions? I think it
would.
>permit_sasl_authenticated,
>
> # this map only has PERMIT_AUTH_DESTINATIONs for a few ancient client
> # devices that don't support SMTP_AUTH, and a final OK for localhost
> # (127.0.0.1) at the end
>check_client_access ${cidr}/allowed_clients_local.cidr,
Fundamentally the same as permit_mynetworks, which you have later.
> # this map is to prevent messages from/to one of our domains but has
> # some DUNNOs for a few exceptions, and a final REJECT, no OKs allowed
>check_sender_access ${hash}/nospoof,
Again, fine until the slip-up occurs. I'm not sure how the DUNNO
results are supposed to act.
> # this map only has REJECTs to block external access to internal only
> # mail list addresses
>check_recipient_access ${hash}/blocked_recipients,
>
> # this map only has PERMIT for postini's network and a final REJECT
> # telling other clients to use our MX
>check_client_access ${cidr}/allowed_clients_external.cidr,
Why can't Postini work with permit_auth_destination? I'd certainly
not trust them to relay, ahem. :)
>permit_mynetworks,
>reject_unauth_destination,
(And why can't the allowed_clients_external.cidr check go here?)
> # this map only has DISCARDs or REJECTs
>check_sender_access ${hash}/blocked_senders,
>
> My main question is, would it make more sense to move all of the
> check_mumble restrictions that come *before*
> reject_unauth_destination into their appropriate
> smtpd_mumble_restrictions class?
I don't see why they wouldn't work somewhere else, such as
smtpd_sender_restrictions. And you'd only need one such class, not
separate stages for each of these.
> And if I did this, would I then have to change
> smtpd_delay_reject to no?
Definitely not. That's rarely a good idea. In fact I am having
trouble imagining where it might be a good idea. I did it before,
implementing a greet pause, and it caused pain.
In effect with smtpd_delay_reject=yes, there is no difference among
smtpd_mumble_restrictions for "client", "helo", and "sender" values
of "mumble". Pick one other stage and offload the chance for
disasterous errors thereto.
> myhost : Fri Mar 16, 12:41:11 : ~
> # postconf -n
snip
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Re: Redundant cleanup mail to one user with different extensions
On Sat, Mar 17, 2012 at 09:19:15AM -0400, Sahil Tandon writes: > On Sat, 2012-03-17 at 13:48:17 +0200, Pavel Gulchouck wrote: >> I use recipient_delimiter feature and procmail processing local delivery. >> Messages for me+sms goes to sms, for me+xmpp - to jabber etc. >> >> But if I want to receive a message both to xmpp and sms, I have a problem, >> because cleanup decides that me+xmpp and me+sms is the same user, and >> leaves only one copy of the message. > Do you have logs of this occurring? Additional info: this happens when destination is alias which expands to list of addresses contain user+ext1 and user+ext2. In my test, /etc/aliases contains: gul-test: gul+1, gul+2 Here's mail.log of sending mail to gul-test: Mar 17 13:50:00 mon postfix/pickup[31038]: 35847F90660: uid=1013 from= Mar 17 13:50:00 mon postfix/cleanup[11341]: 35847F90660: message-id=<20120317135000.35847f90...@gul.kiev.ua> Mar 17 13:50:00 mon postfix/qmgr[7754]: 35847F90660: from=, size=327, nrcpt=1 (queue active) Mar 17 13:50:01 mon postfix/local[11413]: 35847F90660: to=, orig_to=, relay=local, delay=1, delays=0/0/0/1, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION") Mar 17 13:50:01 mon postfix/qmgr[7754]: 35847F90660: removed -- Pavel
Re: Redundant cleanup mail to one user with different extensions
On Sat, 2012-03-17 at 13:48:17 +0200, Pavel Gulchouck wrote: > I use recipient_delimiter feature and procmail processing local delivery. > Messages for me+sms goes to sms, for me+xmpp - to jabber etc. > > But if I want to receive a message both to xmpp and sms, I have a problem, > because cleanup decides that me+xmpp and me+sms is the same user, and > leaves only one copy of the message. Do you have logs of this occurring? -- Sahil Tandon
check_sender_access - allowed actions
Hello all,
After modifying my config to work the way I want it to after the switch
from webroot to postini, I'd like a sanity check on my modified
restrictions to make sure I didn't make some glaring mistake that is
going to bite me (full postconf -n at the end of this message)...
Here are my current restrictions (with comments to explain the purpose
and contents of the maps, all still under smtpd_recipient_restrictions):
smtpd_recipient_restrictions =
# these two maps only have REJECTs, no OKs allowed
check_recipient_access ${hash}/moved-employees,
check_recipient_access ${hash}/x-employees,
permit_sasl_authenticated,
# this map only has PERMIT_AUTH_DESTINATIONs for a few ancient client
# devices that don't support SMTP_AUTH, and a final OK for localhost
# (127.0.0.1) at the end
check_client_access ${cidr}/allowed_clients_local.cidr,
# this map is to prevent messages from/to one of our domains but has
# some DUNNOs for a few exceptions, and a final REJECT, no OKs allowed
check_sender_access ${hash}/nospoof,
# this map only has REJECTs to block external access to internal only
# mail list addresses
check_recipient_access ${hash}/blocked_recipients,
# this map only has PERMIT for postini's network and a final REJECT
# telling other clients to use our MX
check_client_access ${cidr}/allowed_clients_external.cidr,
permit_mynetworks,
reject_unauth_destination,
# this map only has DISCARDs or REJECTs
check_sender_access ${hash}/blocked_senders,
My main question is, would it make more sense to move all of the
check_mumble restrictions that come *before* reject_unauth_destination
into their appropriate smtpd_mumble_restrictions class? And if I did
this, would I then have to change smtpd_delay_reject to no?
Thanks,
Charles
myhost : Fri Mar 16, 12:41:11 : ~
# postconf -n
alias_maps = hash:/etc/mail/aliases, hash:/var/lib/mailman/data/aliases
anvil_rate_time_unit = 360s
anvil_status_update_time = 3600s
bounce_queue_lifetime = 18h
bounce_size_limit = 1
bounce_template_file = /etc/postfix/bounce.cf
broken_sasl_auth_clients = yes
cidr = cidr:${maps_dir}/cidr
config_directory = /etc/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 15m
hash = hash:${maps_dir}/hash
home_mailbox = .maildir/
inet_protocols = ipv4
maps_dir = /etc/postfix/maps
maximal_queue_lifetime = 1d
message_size_limit = 3072
mydomain = media-brokers.com
myhostname = smtp.media-brokers.com
mynetworks = 127.0.0.0/8 192.168.1.4
mysql = proxy:mysql:${maps_dir}/mysql
parent_domain_matches_subdomains =
recipient_delimiter = +
relay_domains =
relayhost = [outbounds6.obsmtp.com]
sender_bcc_maps = ${hash}/sender_bcc
smtp_fallback_relay = [smtp.comcast.net]
smtpd_hard_error_limit = 3
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = check_recipient_access
${hash}/moved-employees, check_recipient_access ${hash}/x-employees,
permit_sasl_authenticated, check_client_access
${cidr}/allowed_clients_local.cidr, check_sender_access ${hash}/nospoof,
check_recipient_access ${hash}/blocked_recipients, check_client_access
${cidr}/allowed_clients_external.cidr, permit_mynetworks,
reject_unauth_destination, check_sender_access ${hash}/blocked_senders,
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/mbiCerts/smtp_crt.pem
smtpd_tls_key_file = /etc/ssl/mbiCerts/smtp_key.pem
smtpd_tls_security_level = may
transport_maps = ${hash}/transport
vacation_destination_recipient_limit = 1
virtual_alias_maps = ${mysql}/vam.cf,
hash:/var/lib/mailman/data/virtual-mailman
virtual_gid_maps = static:207
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = ${mysql}/vmd.cf
virtual_mailbox_maps = ${mysql}/vmm.cf
virtual_minimum_uid = 207
virtual_uid_maps = static:207
myhost : Fri Mar 16, 12:41:19 : ~
#
--
Best regards,
Charles
Re: problem with locks
PSTM: > /usr/libexec/postfix/smtpd: bad command startup -- throttling > Mar 16 21:33:52 vs2706 postfix/smtpd[20259]: fatal: select lock: > Cannot allocate memory > Mar 16 21:34:34 vs2706 postfix/tlsmgr[29292]: fatal: cannot lock PRNG > exchange file /var/lib/postfix/prng_exch: Cannot allocate memory > > Mar 16 21:34:53 vs2706 postfix/tlsmgr[24036]: fatal: cannot lock PRNG > > exchange file /var/lib/postfix/prng_exch: Cannot allocate memory Postfix need to lock a file. Your kernel says "Cannot allocate memory". Fix your kernel, or configure fewer Postfix processes (try: default_process_limit = 10). Wietse
Redundant cleanup mail to one user with different extensions
Hi. I use recipient_delimiter feature and procmail processing local delivery. Messages for me+sms goes to sms, for me+xmpp - to jabber etc. But if I want to receive a message both to xmpp and sms, I have a problem, because cleanup decides that me+xmpp and me+sms is the same user, and leaves only one copy of the message. Another example: I have xmpp gate, and mail to xmpp+user redirects to sendxmpp for user@mydomain. And I cannot send one message to multiple xmpp users. How can I avoid this limitation? -- Pavel
problem with locks
Hello, I have a problem when postfix is running: Mar 16 21:32:52 vs2706 postfix/master[8710]: warning: process /usr/libexec/postfix/smtpd pid 16241 exit status 1 Mar 16 21:32:52 vs2706 postfix/master[8710]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling Mar 16 21:33:52 vs2706 postfix/smtpd[20259]: fatal: select lock: Cannot allocate memory Mar 16 21:33:53 vs2706 postfix/master[8710]: warning: process /usr/libexec/postfix/smtpd pid 20259 exit status 1 Mar 16 21:33:53 vs2706 postfix/master[8710]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling Mar 16 21:34:34 vs2706 postfix/tlsmgr[29292]: fatal: cannot lock PRNG exchange file /var/lib/postfix/prng_exch: Cannot allocate memory Mar 16 21:34:35 vs2706 postfix/master[8710]: warning: process /usr/libexec/postfix/tlsmgr pid 29292 exit status 1 Mar 16 21:34:53 vs2706 postfix/tlsmgr[24036]: fatal: cannot lock PRNG exchange file /var/lib/postfix/prng_exch: Cannot allocate memory Seems that eats too much locks, or could be a problems with hostmaster (is a VPS). Anyone knows how to investigate the problem? Or workaround,...
