Re: Postfix configuration optimization?
On Jun 8, 2012, at 02:58, john wrote: Are there any tools that would help in optimizing/tweaking the Postfix configuration? I have found that reading (and understanding) the Postfix documentation is one of the best tools available, followed by trusting the defaults, and reading the logs. Compare the output of 'postconf -d' (defaults) with the output of 'postconf -n', which will list whatever you explicitly specified in your 'main.cf'. Review the differences, and understand why you are overriding the default. And before making changes, remember that one possible outcome of optimizing/tweaking a working Postfix is a not-working Postfix ;-) HTH, Jona
Re: Protocol error sending mail to Exim 4.77 system
With regard to http://www.mail-archive.com/postfix-users@postfix.org/msg44135.html I am on the Exim end of this problem, or at least some of the servers I use are, and I'm having trouble convincing the admins for these Exim servers that it is a problem they need to fix. In an attempt to do this convincing, I spun up an Ubuntu 12.04 instance on Amazon EC2, and installed postfix and mailutils to it, set the debugging config for the serverm and did a test. But, I'm having trouble seeing what exactly postfix thinks the problem is, perhaps somebody more familiar with Postfix (or SMTP in general) can shed some light on this for me, here's the debug with a few redactions to protect the guilty... Jun 8 07:10:03 ip-10-160-125-11 postfix/pickup[4728]: A821B22FF7: uid=1000 from=ubuntu Jun 8 07:10:03 ip-10-160-125-11 postfix/cleanup[4733]: A821B22FF7: message-id=20120608071003.a821b22...@ip-10-160-125-11.us-west-1.compute.internal Jun 8 07:10:03 ip-10-160-125-11 postfix/qmgr[4729]: A821B22FF7: from=ubu...@ec2-50-18-91-139.us-west-1.compute.amazonaws.com, size=436, nrcpt=1 (queue active) Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: smtp_stream_setup: maxtime=300 enable_deadline=0 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: 220-xxx.elinuxservers.com ESMTP Exim 4.77 #2 Fri, 08 Jun 2012 00:10:03 -0700 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: 220-We do not authorize the use of this system to transport unsolicited, Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: 220 and/or bulk e-mail. Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: EHLO ip-10-160-125-11.us-west-1.compute.internal Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: 250-xxx.elinuxservers.com Hello ip-10-160-125-11.us-west-1.compute.internal [50.18.91.139] Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: 250-SIZE 52428800 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: 250-PIPELINING Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: 250-AUTH PLAIN LOGIN Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: 250-STARTTLS Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: 250 HELP Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: server features: 0x101d size 52428800 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: Using ESMTP PIPELINING, TCP send buffer size is 24040, PIPELINING buffer size is 4096 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: smtp_stream_setup: maxtime=300 enable_deadline=0 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: MAIL FROM:ubu...@ec2-50-18-91-139.us-west-1.compute.amazonaws.com Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: RCPT TO:ja...@example.com Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: DATA Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: smtp_stream_setup: maxtime=300 enable_deadline=0 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: 250 OK Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: smtp_stream_setup: maxtime=300 enable_deadline=0 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: 250 OK Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: smtp_stream_setup: maxtime=120 enable_deadline=0 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: 250 OK Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: connect to subsystem private/bounce Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: send attr nrequest = 0 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: send attr flags = 0 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: send attr queue_id = A821B22FF7 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: send attr original_recipient = ja...@example.com Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: send attr recipient = ja...@example.com Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: send attr offset = 670 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: send attr dsn_orig_rcpt = Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: send attr notify_flags = 0 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: send attr status = 5.5.0 Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: send attr diag_type = smtp Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: send attr diag_text = 250 OK Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: send attr mta_type = dns Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: send attr mta_mname = example.com
Re: Make smtpd/Postscreen compatible with load balancers
Hi Wietse, [ just subscribed to the list, I realized that our past conversation was dropped since I was not subscribed, never mind ] On Thu, Jun 07, 2012 at 08:16:53PM -0400, Wietse Venema wrote: Willy Tarreau: Regardless of command format details, if the proxy prepends a command to the client's SMTP stream, then postscreen must use unbuffered I/O to read that command. If buffering were turned on, the buffering layer could read past the proxy'sCRLF and eat up part of the client input kind-of like CVE-2011-0411. Precisely on this point there is an easier way, it consists in using recv(MSG_PEEK). The big advantage is that you don't need to store the temporary bytes you've read since they remain in the kernel's buffers. So it more or less looks like this : len = recv(fd, trash, sizeof(trash), MSG_PEEK); if (len == -1 errno == EAGAIN) return; lf = memchr(trash, '\n', len); if (lf == NULL) { if (len trash) /* Huh?? */ return; /* else abort the connection */ } In an event-driven program such as postscreen, this code breaks when the proxy line arrives as multiple fragments. If the program does not drain proxy line fragments from the kernel buffer, then the socket remains readable and the program will go into a read-notification loop until the entire line is received. Indeed this is totally true. I would say that given the short size of the message the risk of this occurring is barely 0 explaining whit this has probably never hit anybody, but it would be sufficient that someone implements the protocol using a series of write(fd, buf++, 1) and you'd be spinning (even worse if it dies in the middle). I've seen implementations doing recv(MSG_PEEK) and reject connections from incomplete messages (again, almost zero risk but YMMV). In haproxy, I'm using the input buffer associated to the fd, so I don't have this problem. I'm basically doing a recv() on the buffer. I think it is equivalent to the VSTREAM you're using. In postscreen you don't want to do this since you don't want to consume any possible incoming data (btw you probably drop the connection if you get any data at this point). That said, if you have a buffer associated to the connection, then you can perform the first MSG_PEEK to check the pending data size and then a real recv() to only consume up to the end of line. But then doing so indeed invalidates the following suggestion. This implies that the following suggestion is not valid for an event-driven program such as postscreen: On the one hand, if it is as trivial to make smtpd parse the PROXY line as it was for postscreen, it can solve the problem by having postscreen not consume the first line, which makes sense in that postscreen remains the first layer analyser which doesn't mangle data on the connection. Either you need to update the protocol spec (require non-fragmented proxy lines) I have mixed opinions on this. On the one hand, we can't really impose lower layers segmentation behaviour, so from a layering perspective, it is not correct. On the other hand, the use cases for the protocol are very specific. We're the very first segment over the connection so we are always allowed to send at least one MSS. Nobody should sanely use this proxy line on connections with an MSS lower than the 116 bytes a max line may be for long IPv6 addresses and ports. So indeed, I'm tempted to follow your suggestion, it will ease processing for everyone and ensure that nobody tries sending fragmented lines. We'd rely on a sane lower layer and declare other cases out of scope. or provide a code example that doesn't go into a read-notification loop when the proxy line arrives as multiple fragments. With a buffer this problem does not happen, but it's the first case I'm facing this need with fd passing, which makes me scratch my head a lot. I really like the way you're plugging postscreen in front of smtpd, and I'd like to ensure we don't make it complex to keep this nice model. That's why I think that adding a sane requirement in the spec should be the most adequate solution. If in the mean time you get a smarter idea, do not hesitate to share it :-) I'll keep thinking about it a bit before updating it. I think I will also propose some generic code in the spec for both sides. Best regards, Willy
Re: Protocol error sending mail to Exim 4.77 system
Replying to myself, Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: DATA Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: 250 OK I believe that this is the problem, the correct response from the busted server should have been 354, but for some reason it's dropped a 250. Am I right? I can confirm that if the PIPELINING feature is ignored by postfix, then everything is fine.
virtual_alias_maps ignored when used dovecot-lda?
Hello, i use virtual user and virtual domains in postfix with mysql. to existing users the mails will be delivered. but when i create a alias (postfixadmin), the mail is bounced. Jun 8 10:50:40 mail dovecot: auth-worker: sql(postmas...@zbfxxx.de): Unknown user Jun 8 10:50:40 mail postfix/pipe[20056]: 12BE02F17F: to=postmas...@zbfxxx.de, relay=dovecot, delay=0.14, delays=0.13/0/0/0.01, dsn=5.1.1, status=bounced (user unknown) i grepped my mail.log # tail -fn120 /var/log/mail.log | grep -i dict_proxy_open Jun 8 10:54:47 mail postfix/smtpd[20067]: dict_proxy_open: connect to map=unix:passwd.byname status=0 server_flags=fixed Jun 8 10:54:47 mail postfix/smtpd[20067]: dict_proxy_open: connect to map=mysql:/etc/postfix/lookups/mysql/mysql_virtual_alias_maps.cf status=0 server_flags=fixed Jun 8 10:54:47 mail postfix/smtpd[20067]: dict_proxy_open: connect to map=mysql:/etc/postfix/lookups/mysql/mysql_virtual_alias_domain_maps.cf status=0 server_flags=fixed Jun 8 10:54:47 mail postfix/smtpd[20067]: dict_proxy_open: connect to map=mysql:/etc/postfix/lookups/mysql/mysql_virtual_alias_domain_catchall_maps.cf status=0 server_flags=fixed Jun 8 10:54:47 mail postfix/smtpd[20067]: dict_proxy_open: connect to map=mysql:/etc/postfix/lookups/mysql/mysql_virtual_mailbox_maps.cf status=0 server_flags=fixed Jun 8 10:54:47 mail postfix/smtpd[20067]: dict_proxy_open: connect to map=mysql:/etc/postfix/lookups/mysql/mysql_virtual_alias_domain_mailbox_maps.cf status=0 server_flags=fixed the alias is defnitly in the mysql db and shows to existing destination mail address. is this postfix related oder caused by dovecot? anyone here knows the problem and has a solution? many thaks from shiny hamburg, 7ter stock, überseehaus marko
Re: virtual_alias_maps ignored when used dovecot-lda?
* Marko Weber we...@zackbummfertig.de: Hello, i use virtual user and virtual domains in postfix with mysql. to existing users the mails will be delivered. but when i create a alias (postfixadmin), the mail is bounced. Jun 8 10:50:40 mail dovecot: auth-worker: sql(postmas...@zbfxxx.de): Unknown user Jun 8 10:50:40 mail postfix/pipe[20056]: 12BE02F17F: to=postmas...@zbfxxx.de, relay=dovecot, delay=0.14, delays=0.13/0/0/0.01, dsn=5.1.1, status=bounced (user unknown) Dovecot is rejecting the mail, not postfix. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
ADDRESS MASQUEREADING POSTFIX
share [fb] share [tw] This is header of mail that i have received from mailchimp: Return-Path: bounce-mc.us2_6034522.1358370-achal.tomar58=gmail@mail76.us2.mcsv.net Received: from mail76.us2.mcsv.net (mail76.us2.mcsv.net. [173.231.139.76]) by mx.google.com with ESMTP id er6si2501863qab.62.2012.06.03.05.09.29; Sun, 03 Jun 2012 05:09:29 -0700 (PDT) My query is how they add the received from header to the Return-Path dyanamically,i also want to implement the same in my mail server,i have tried address masquereading in postfix but it was not of much help may be i am misssing something. My mail server has postfix as an MTA and i have centOs 5 as an OS -- View this message in context: http://old.nabble.com/ADDRESS-MASQUEREADING-POSTFIX-tp33980124p33980124.html Sent from the Postfix mailing list archive at Nabble.com.
Defer a specific recipient?
A bit of a strange request, but is there a simple way to have Postfix continually defer mail to a specific recipient, say mail to 'defer.t...@domain.tld' ? I know with header checks I can do magic like rejecting mail with 5xx errors, but looking through http://www.postfix.org/header_checks.5.html I don't see a 'defer' option, but I'm probably putting the cart in front of the horse with my logic - so I'm open to ideas as I'm clutching at straws a bit.
Re: Defer a specific recipient?
On Fri, 2012-06-08 at 11:26 +0100, Sam Jones wrote: A bit of a strange request, but is there a simple way to have Postfix continually defer mail to a specific recipient, say mail to 'defer.t...@domain.tld' ? I know with header checks I can do magic like rejecting mail with 5xx errors, but looking through http://www.postfix.org/header_checks.5.html I don't see a 'defer' option, but I'm probably putting the cart in front of the horse with my logic - so I'm open to ideas as I'm clutching at straws a bit. Ignore me, I found it in check_recipient_access. I'm having a bad and inattentive day.
Re: ADDRESS MASQUEREADING POSTFIX
achal tomar: My query is how they add the received from header to the Return-Path dyanamically,i also want to implement the same in my mail server,i have Return-Path is defined in RFC 5321 and RFC 5322. This is the envelope sender address (MAIL FROM in SMTP). Wietse
RE: question concerning content filter and receive_override_options=no_address_mappings
Peter S?rensen: Hi I have a policy server restricting access to specific lists. If a user is accepted the policy server return OK status to postfix. The members on the list are found through virtual alias and gets expanded. I would like to put a content filter after this , that will grab the orig_to address to do further handling on this mail. I can't manage to make this work before the allias expanding. I have following in master.cf: mailstamp unix - n n - - pipe -o receive_override_options=no_address_mappings flags=Rq user=mail argv=/usr/local/lib/postfix/mailstamp.pl -f $sender -- $recipient receive_override_options is not a documented pipe(8) feature, and therefore it is not implemented. I suggest using an SMTP-based content filter setup, and use receive_override_options which is a documented smtpd(8) feature. Wietse I have now changed the filter to be a SMTP based content filter using a framework smtpprox written in perl. I have added the following to master.cf: smtpprox unix- - n - 25 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings 127.0.0.1:10026 inet n- n - 200 smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings -o local_header_rewrite_clients= and in main.cf added: content_filter = smtpprox:[127.0.0.1]:10025 The smtpprox is started listening on 127.0.0.1:10025 and forwards to 127.0.0.1:10026 Still this is not working as I would expect it to. The mail is passed through the content filter OK but I would like to avoid alias expanding in this stage. So what am I missing or doing wrong ? Peter
Re: Protocol error sending mail to Exim 4.77 system
James: Replying to myself, Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: DATA Jun 8 07:10:03 ip-10-160-125-11 postfix/smtp[4735]: example.com[72.34.48.xxx]:25: 250 OK I believe that this is the problem, the correct response from the busted server should have been 354, but for some reason it's dropped a 250. Am I right? You're incorrect. With PIPELINING turned on, the first reply after the client DATA command is the server's response for the client MAIL FROM command. client: MAIL FROM:sender client: RCPT TO:recipient client: DATA server: reply for MAIL FROM server: reply for RCPT TO server: reply for DATA ===THIS IS THE DATA REPLY I can confirm that if the PIPELINING feature is ignored by postfix, then everything is fine. Sure, not for the reason that you cite above. Wietse
Re: Make smtpd/Postscreen compatible with load balancers
Willy Tarreau: Either you need to update the protocol spec (require non-fragmented proxy lines) I have mixed opinions on this. On the one hand, we can't really impose lower layers segmentation behaviour, so from a layering perspective, it is not correct. On the other hand, the use cases for the protocol are very specific. We're the very first segment over the connection so we are always allowed to send at least one MSS. Nobody should sanely use this proxy line on connections with an MSS lower than the 116 bytes a max line may be for long IPv6 addresses and ports. So indeed, I'm tempted to follow your suggestion, it will ease processing for everyone and ensure that nobody tries sending fragmented lines. We'd rely on a sane lower layer and declare other cases out of scope. It is quite usual that the first deployments of a protocol expose some unexpected pain points. Here, a minor protocol tweak (no proxy line fragmentation) makes it possible to use MSG_PEEK lookahead without going into a busy-wait loop. Fragmentation makes no difference for a postscreen implementation that reads the proxy line one character at a time until it reads CRLF, before it hands off the file descriptor to a real SMTP server. Wietse
Re: Protocol error sending mail to Exim 4.77 system
On 08/06/12 23:15, Wietse Venema wrote: You're incorrect. With PIPELINING turned on, the first reply after the client DATA command is the server's response for the client MAIL FROM command. client: MAIL FROM:sender client: RCPT TO:recipient client: DATA server: reply for MAIL FROM server: reply for RCPT TO server: reply for DATA ===THIS IS THE DATA REPLY Sorry I had clipped the log poorly to reduce the quote - but the reply to DATA is the 3rd reply, right, and that is 250 OK, which is unexpected, better summary of the log... 220-.elinuxservers.com ESMTP Exim 4.77 #2 Fri, 08 Jun 2012 00:10:03 -0700 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. EHLO ip-10-160-125-11.us-west-1.compute.internal 250-.elinuxservers.com Hello ip-10-160-125-11.us-west-1.compute.internal [50.18.91.139] 250-SIZE 52428800 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP Using ESMTP PIPELINING, TCP send buffer size is 24040, PIPELINING buffer size is 4096 MAIL FROM:ubu...@ec2-50-18-91-139.us-west-1.compute.amazonaws.com RCPT TO:ja...@example.com DATA === Third Command 250 OK 250 OK 250 OK === Third Response **
Re: ADDRESS MASQUEREADING POSTFIX
Achal tomar: Thanks for telling me about the RFC,but i want to know what configuration changes i have to do in postfix to achieve my goal. As per the RFC, Postfix prepends Return-Path: only when it performs final delivery. Wietse
Re: Protocol error sending mail to Exim 4.77 system
James: On 08/06/12 23:15, Wietse Venema wrote: You're incorrect. With PIPELINING turned on, the first reply after the client DATA command is the server's response for the client MAIL FROM command. client: MAIL FROM:sender client: RCPT TO:recipient client: DATA server: reply for MAIL FROM server: reply for RCPT TO server: reply for DATA ===THIS IS THE DATA REPLY Sorry I had clipped the log poorly to reduce the quote - but the reply to DATA is the 3rd reply, right, and that is 250 OK, which is unexpected, better summary of the log... This was discussed in my reply three weeks ago. Wietse Subject: Re: Protocol error sending mail to Exim 4.77 system In-Reply-To: 20120515193137.gc17...@aart.rice.edu To: k...@rice.edu k...@rice.edu Date: Tue, 15 May 2012 15:45:22 -0400 (EDT) From: Wietse Venema wie...@porcupine.org cc: Postfix users postfix-users@postfix.org X-Mailer: ELM [version 2.4ME+ PL124d (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-ID: 3vstlq2bt6zk...@spike.porcupine.org Sender: owner-postfix-us...@postfix.org Precedence: bulk List-Post: mailto:postfix-users@postfix.org List-Help: http://www.postfix.org/lists.html List-Unsubscribe: mailto:majord...@postfix.org List-Subscribe: mailto:majord...@postfix.org Status: RO k...@rice.edu: On Tue, May 15, 2012 at 03:08:45PM -0400, Wietse Venema wrote: k...@rice.edu: Dear Postfix users, I am having mail bounce from a Exim 4.77 system with the following error: x...@citykitchencatering.com: Protocol error: host citykitchencatering.com[74.50.1.185] said: 250 Accepted (in reply to DATA command) Does this affect all mail or just some? It affects all Email sent to the system. This only started today and mail to the same system and addresses worked yesterday. That server is busted. Maybe they installed a security firewall that mis-implements SMTP PIPELINING. Evidence: 1 May 15 15:29:18 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: 220-roland.lunarservers.com ESMTP Exim 4.77 #2 Tue, 15 May 2012 12:29:18 -0700 2 May 15 15:29:18 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: 220-We do not authorize the use of this system to transport unsolicited, 3 May 15 15:29:18 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: 220 and/or bulk e-mail. 4 May 15 15:29:18 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: EHLO spike.porcupine.org 5 May 15 15:29:19 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: 250-roland.lunarservers.com Hello spike.porcupine.org [168.100.189.2] 6 May 15 15:29:19 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: 250-SIZE 52428800 7 May 15 15:29:19 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: 250-PIPELINING 8 May 15 15:29:19 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: 250-AUTH PLAIN LOGIN 9 May 15 15:29:19 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: 250-STARTTLS 10 May 15 15:29:19 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: 250 HELP 11 May 15 15:29:19 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: MAIL FROM:wie...@porcupine.org 12 May 15 15:29:19 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: RCPT TO:postmas...@citykitchencatering.com 13 May 15 15:29:19 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: RSET 14 May 15 15:29:19 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: QUIT 15 May 15 15:29:19 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: 250 OK 16 May 15 15:29:19 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: 250 OK 17 May 15 15:29:19 spike postfix/smtp[37016]: citykitchencatering.com[74.50.1.185]:25: 550 No Such User Here Line 15: the server replies with 250 OK; by the rules of SMTP, this is the reply to MAIL FROM. Line 16: the server replies with 250 OK; by the rules of SMTP, this is the reply to RCPT TO. Line 17: the server replies with 550 No Such User Here. Clearly the server has gotten out-of-sync with the client. You can dumb down Postfix with /etc/postfix/main.cf: smtp_discard_ehlo_keyword_address_maps = hash:/etc/postfix/busted-servers /etc/postfix/busted-servers: 74.50.1.185 pipelining Do postmap /etc/postfix/busted-servers and postfix reload. Wietse
Re: ADDRESS MASQUEREADING POSTFIX
Wietse Venema wrote: Achal tomar: Thanks for telling me about the RFC,but i want to know what configuration changes i have to do in postfix to achieve my goal. As per the RFC, Postfix prepends Return-Path: only when it performs final delivery. Wietse ok so how can i change he return path address dynamically for each user when he/she sends a mail,so that he return path includes his/her user ID and also the to: header information,i want to do this in postfix and i am using centOS 5 as an OS. -- View this message in context: http://old.nabble.com/ADDRESS-MASQUEREADING-POSTFIX-tp33980124p33981019.html Sent from the Postfix mailing list archive at Nabble.com.
Re: Protocol error sending mail to Exim 4.77 system
On 08/06/12 23:41, Wietse Venema wrote: This was discussed in my reply three weeks ago. [...] Maybe they installed a security firewall that mis-implements SMTP PIPELINING. Yes I see now that this is the same issue. To add some data points, for future googlers if nothing else. In this thread: http://tech.groups.yahoo.com/group/postfix-users/message/286239 Curtis writes that Lunarpages (which was previously mentioned in this thread, as lunarservers.com) and Bluehost show this problem and that he started seeing it in May. And I am seeing this with a third provider. Again, very recent development. All three of these providers use cPanel/WHM, as far as I know, that's all they have in common. It would not be surprising to me if this is a problem brought in by a roll out of a new cPanel/WHM version. If it is, a lot of people are going to be experiencing this over time. The trouble is, that the failure isn't obvious, and that it seems that postfix is more affected than other senders (perhaps other senders do not use PIPELINING unless there are multiple RCPT's or something). Obviously, the task for fixing the problem lies with those who caused it (be it cPanel/WHM, some flunky firewall, or a ham fisted admin) and not with postfix who i, but perhaps this will help people to find that point of responsibility.
Re: ADDRESS MASQUEREADING POSTFIX
On 6/8/2012 7:47 AM, Achal tomar wrote: ok so how can i change he return path dynamically for each user when he/she sends a mail,so that he return path includes his/her user ID and also the to: header information,i want to do this in postfix and i am using centOS 5 as an OS. This is called VERP and is created by the sending application NOT by Postfix. http://en.wikipedia.org/wiki/Variable_envelope_return_path I use this in my company when sending out messages for bounce processing.
Re: ADDRESS MASQUEREADING POSTFIX
Achal tomar: Thanks for telling me about the RFC,but i want to know what configuration changes i have to do in postfix to achieve my goal. Wietse Venema: As per the RFC, Postfix prepends Return-Path: only when it performs final delivery. Achal tomar: ok so how can i change he return path address dynamically for each user when he/she sends a mail,so that he return path includes his/her user ID and also You specify the envelope address when submitting mail. For example with the PHP mail() function you specify the envelope sender with the additional parameters. mail('recei...@example.com', 'the subject', 'the message', null, '-fsen...@example.com'); http://us2.php.net/manual/en/function.mail.php Wietse
Re: Postfix mail file permissions
Den 2012-06-07 12:56, Nicolae Ghimbovschi skrev: Yeah, I see that. The file permissions are hardcoded. That is why I tried to change Postfix's code. where is the patch ? mailq | grep mailaddr postcat -q queueid | less what more do you need ?
Re: Postfix mail file permissions
where is the patch ? The patch used on postfix 2.0.19 is very simple: mail_stream.c - || fchmod(vstream_fileno(info-stream), 0700 | info-mode) + || fchmod(vstream_fileno(info-stream), 0770 | info-mode) mailq | grep mailaddr postcat -q queueid | less The message processing is done programmatically. No external processes. On Fri, Jun 8, 2012 at 4:49 PM, Benny Pedersen m...@junc.org wrote: Den 2012-06-07 12:56, Nicolae Ghimbovschi skrev: Yeah, I see that. The file permissions are hardcoded. That is why I tried to change Postfix's code. where is the patch ? mailq | grep mailaddr postcat -q queueid | less what more do you need ?
ipv6 not binding/listening correctly
Greetings, In honor of IPv6 launch day I had figured I would get my mail server IPv6-capable, but I've run into some trouble. I'm running Postfix 2.9.3 on a RHEL/CentOS 5-like Linux system but smtpd is only listening for IPv4 connections. main.cf specifies listening everywhere: inet_interfaces = all inet_protocols = all But netstat shows it is only listening on IPv4: tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1691/master If I explicitly enumerate each IP in inet_interfaces, I get a host not found error: mail.crit18: Jun 8 14:16:12 mx1 postfix[1593]: fatal: config variable inet_interfaces: host not found: fd30:d1b:589a:1::10a8 It doesn't look like the problem is a lack of IPv6 support compiled in. If I had to guess I'd say it's that my kernel is somewhat old -- 2.6.21.7. I can't change the kernel version right now because it's a rather old Xen system and newer kernels are not compatible. IPv6 connectivity to other services on the same system is fine, e.g. dovecot. My backup mailserver is Fedora 15 with a 3.x kernel and there postfix is listening on both protocols as expected, although that system does not have an IPv6 address. Any ideas? Full configuration here just in case: http://partiallystapled.com/~gxti/trash/2012/06/main.cf.txt http://partiallystapled.com/~gxti/trash/2012/06/master.cf.txt Thanks, -- m. tharp
Re: Postfix configuration optimization?
Den 2012-06-08 02:58, john skrev: Are there any tools that would help in optimizing/tweaking the Postfix configuration? start with a empty main.cf is my best :=) since this inhirit optimized defaults, while it keeps dynamic change in the host autoupdate in other words, just add lines to main.cf for config you really need changed haveing mynetworks in main.cf is one of the worst if your network does not contain more then one wan ip
Re: Postfix configuration optimization?
Am 08.06.2012 16:49, schrieb Benny Pedersen: haveing mynetworks in main.cf is one of the worst if your network does not contain more then one wan ip depends we are using it on all machines running postfix to specify exactly that LAN ip-addresses from server machines which are allowed to relay and bypass any filter signature.asc Description: OpenPGP digital signature
Re: ipv6 not binding/listening correctly
Michael Tharp: Greetings, In honor of IPv6 launch day I had figured I would get my mail server IPv6-capable, but I've run into some trouble. I'm running Postfix 2.9.3 on a RHEL/CentOS 5-like Linux system but smtpd is only listening for IPv4 connections. main.cf specifies listening everywhere: inet_interfaces = all inet_protocols = all Please show postconf -n output instead of main.cf. mail.crit18: Jun 8 14:16:12 mx1 postfix[1593]: fatal: config variable inet_interfaces: host not found: fd30:d1b:589a:1::10a8 It doesn't look like the problem is a lack of IPv6 support compiled in. What is the evidence for that claim? http://partiallystapled.com/~gxti/trash/2012/06/main.cf.txt 404 file not found. Wietse
Re: ipv6 not binding/listening correctly
On 06/08/2012 11:03 AM, Wietse Venema wrote: inet_interfaces = all inet_protocols = all Please show postconf -n output instead of main.cf. Good idea, this is from postconf -n: inet_interfaces = all inet_protocols = ipv4 Curious. If I strace it it doesn't seem to make any socket() calls but that may just be something about how postconf works. I will try stracing postfix itself. It doesn't look like the problem is a lack of IPv6 support compiled in. What is the evidence for that claim? There are no errors parsing other IPv6 addresses in main.cf, specifically the mynetworks setting. Also, after my previous email I compiled the inet_addr_local tool mentioned in the IPV6_README using the same build server/process that built postfix, and it does indeed report all of the IPv6 addresses on the system: [root@mx1 ~]# /usr/libexec/postfix/inet_addr_local /usr/libexec/postfix/inet_addr_local: name_mask: all /usr/libexec/postfix/inet_addr_local: inet_addr_local: configured 4 IPv4 addresses /usr/libexec/postfix/inet_addr_local: inet_addr_local: configured 5 IPv6 addresses 127.0.0.1/255.0.0.0 72.37.225.168/255.255.255.0 10.0.0.168/255.255.255.192 172.24.1.168/255.255.255.0 ::1/::::::: 2001:4978:f:839a::10a8/::::: fe80::216:3eff:febf:4ffd%eth0/::::: fd30:d1b:589a:1::10a8/::::: fe80::216:3eff:fecb:5370%eth1/::::: http://partiallystapled.com/~gxti/trash/2012/06/main.cf.txt 404 file not found. According to my access logs, someone retrieved main.cf instead of main.cf.txt. I named it the latter so that when browsed to it displays in the browser instead of attempting to download it. Thanks for looking. -- m. tharp
Re: ipv6 not binding/listening correctly
On 06/08/2012 11:45 AM, Victoriano Giralt wrote: El 08/06/12 17:40, Michael Tharp escribió: Good idea, this is from postconf -n: inet_interfaces = all inet_protocols = ipv4 +^ Does this tell you anything? Well, I had initially assumed that postfix was seeing my all or ipv4, ipv6 but deciding I didn't have IPv6 and turning it back off. But it's much more obvious than that, there was a stray inet_protocols = ipv4 in the middle of main.cf that I swear I grepped for but obviously didn't find. Sorry for the noise.
Re: Postfix Question
Thank you for answer my question Hotmail email server is just for example. Maybe so many email server that not in the china have these problems. The question is, in China, the government have special firewall “ great firewall of china”, It make me can not reach the mail server who do not put the mail server in china Sometimes, the mail server in foreign country always reject Chinese ip address, even ip address subnet, maybe my ip address just in the ip address subnet SO, I have mail server in China, also have another mail server in USA. If the mail server in China can’t send mail (just like reject ip or defer), I want to use the mail server in USA to send it I don’t want mail server in China bounce (reject or defer), If it happen, give these mail to the mail server in USA. Still can’t send email, then bounce. Can you tell me how to setting the mail server in China? Thanks a lot 2012/6/7 Feel Zhou feelz...@gmail.com I don’t want mail server in China bounce (reject or defer), If it happen, give these mail to the mail server in USA. Still can’t send email, then bounce. Can you help me how to setting the mail server in China? Thanks a lot 2012/6/7 Feel Zhou feelz...@gmail.com Thank you for answer my question hotmail email server is just for example. Maybe so many email server that not in the china have this problems. The question is in China, the government have special firewall “ great firewall of china”, It make me can’t reach the mail server who do not put the mail server in china Sometimes, the mail server in foreign country always reject Chinese ip address, even ip address segment, maybe my ip address just in the ip address segment SO, I have mail server in China, also have another mail server in USA. If the mail server in China can’t send mail (just like reject or defer), I want to use the mail server in USA TOM 2012/6/7 DTNX Postmaster postmas...@dtnx.net On Jun 7, 2012, at 08:09, Feel Zhou wrote: My purpose is : Use ServerA, try it best, send email to hotmail, if working, very good, if not (such as reject, defer ), then give the email to ServerB. Do not use ServerB all the time. Do not resend mail that was rejected via another server, fix the reason it gets rejected in the first place. Check the DNS configuration, server logs and the like on 'ServerA', and find out why mail is being deferred or rejected by Hotmail. Have you looked at the information available on the Postfix website? There's a lot of information available there, like; http://www.postfix.org/documentation.html http://www.postfix.org/docs.html http://www.postfix.org/non-english.html HTH, Jona
Re: ipv6 not binding/listening correctly
Den 2012-06-08 17:50, Michael Tharp skrev: Sorry for the noise. make it like sendmail.m4 ?,here m4 using postconf -e configline, it works for sendmail, why not for postfix ?, good weekend
Automatic delivery cyrus-imap subfolders
I am new to Postfix and I am having trouble getting a feature that I have working on our existing Sendmail delivery system to function on the new Postfix delivery system. Basically, I want all incoming email that does not have a + extension such as localu...@example.com to deliver to /var/spool/imap/l/user/localuser/delivery instead of just /var/spool/imap/l/user/localuser. On the other hand, anything that has a + address portion still gets delivered directly to that subtree. For example localuser+contract.q201...@example.com delivers to /var/spool/imap/l/user/localuser/contract/q201110. This works for our local and our virtual domains. Since the number of actual users is quite small we use local system accounts (passwd) for authentication. The cyrus-imap configuration files cyrus.conf and imapd.conf on the new Postfix server are in all respects identical to those on the present Sendmail delivery server. It took me a very long time to get this to work in Sendmail and it is so long ago that I cannot remember much of the process. However, our existing Sendmail virtusertable looks like this: localu...@example.com localuser.delivery realname.localu...@example.com localu...@example.com deepn...@example.com deepuser.contract.other On the Postfix system the virtual domain example.com is listed in the virtual_domains file and the map is built with postmap. example.com - .example.com - I have experimented with regexp mappings for virtual aliases but these have all been removed. For the moment we are just using the virtual alias map. The contents of /etc/postfix/virtual are: tes...@example.com bylmbx003 tes...@example.com bylmbx003.delivery tes...@example.com bylmbx003+delivery The relevant settings in /etc/postfix/main.cf are: soft_bounce = yes mydestination = $myhostname, localhost.$mydomain, hash:/etc/postfix/local_domains unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/postfix/aliases.main alias_database = hash:/etc/postfix/aliases.main recipient_delimiter = + mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp transport_maps = hash:/etc/postfix/transport virtual_alias_domains = hash:/etc/postfix/virtual_domains virtual_alias_maps= regexp:/etc/postfix/virtual_aliases_regexp, hash:/etc/postfix/virtual The results of sendmail -bv are: *** test1@ This is the mail system at host inet17.hamilton.harte-lyne.ca. Enclosed is the mail delivery report that you requested. The mail system bylmbx...@inet17.hamilton.harte-lyne.ca (expanded from test1@xxx): delivery via inet17.hamilton.harte-lyne.ca[/var/lib/imap/socket/lmtp]: 250 2.1.5 ok * test2@ This is the mail system at host inet17.hamilton.harte-lyne.ca. Enclosed is the mail delivery report that you requested. The mail system bylmbx003.deliv...@inet17.hamilton.harte-lyne.ca (expanded from test2@xxx): delivery via inet17.hamilton.harte-lyne.ca[/var/lib/imap/socket/lmtp]: 250 2.1.5 ok However, the mail ends up in b/user/bylmbx003 and not b/usr/bylmbx003/delivery * test3@ This is the mail system at host inet17.hamilton.harte-lyne.ca. Enclosed is the mail delivery report that you requested. The mail system bylmbx003+deliv...@inet17.hamilton.harte-lyne.ca (expanded from test3@xxx): delivery via inet17.hamilton.harte-lyne.ca[/var/lib/imap/socket/lmtp]: 250 2.1.5 ok This also ends up in the imap INBOX and not in the subfolder. test1+delivery@ This is the mail system at host inet17.hamilton.harte-lyne.ca. Enclosed is the mail delivery report that you requested. The mail system bylmbx003+deliv...@inet17.hamilton.harte-lyne.ca (expanded from test1+delivery@xxx): delivery via inet17.hamilton.harte-lyne.ca[/var/lib/imap/socket/lmtp]: 250 2.1.5 ok This does not arrive in the delivery folder either Evidently, my first difficulty is getting Postfix and Cyrus-imap to agree on the + delivery semantics. However, I have exhausted my own resources in pursuit of a solution. As far as I can tell I have configured Postfix to deliver extended addresses properly and I have made no changes to the cyrus-imapd configuration as they exist on the Sendmail server, where the extended mailbox addresses work as I expect. In fact, these files were copied over from there and compared to the clean distribution copies before replacing those. If another pair of eyes sees anything I am doing that is wrong I would appreciate being told what it is. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Re: ipv6 not binding/listening correctly
Michael Tharp: inet_protocols = all Wietse: Please show postconf -n output instead of main.cf. Michael Tharp: inet_protocols = ipv4 This is what Postfix uses. To edit main.cf, use postconf -e 'inet_protocols = all' Wietse
Adding subdomains (DNS problem)
Hi! I'm trying to configure an additional subdomain for the domain I use for e-mails, but I'm having some trouble with it, 99.9% due to DNS. Each time I try to send an e-mail outside my network I get the following error: myaddr...@gmail.com: host devels.es[78.138.97.64] said: 550-Verification failed forn...@subdomain.devels.es 550-The mail server could not deliver mail ton...@subdomain.devels.es. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 550 Sender verify failed (in reply to RCPT TO command) Suppose my domain is devels.es and I want to enable subdomain.devels.es to use devels.es as relay. I added the following records: subdomain.devels.es. IN A 85.155.102.33 subdomain.devels.es. IN MX 0 mail.devels.es mail.devels.es is the server where Postfix is running. Is there anything I'm missing? Thanks in advance! Nicolás
Re: Adding subdomains (DNS problem)
Nicolás schrieb: myaddr...@gmail.com: host devels.es[78.138.97.64] said: 550-Verification failed forn...@subdomain.devels.es 550-The mail server could not deliver mail ton...@subdomain.devels.es. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 550 Sender verify failed Is there anything I'm missing? Does postfix know that is is responsible for subdomain.devels.es? Regards Patrick
Re: Adding subdomains (DNS problem)
Am 08.06.2012 20:19, schrieb Patrick Westenberg: Nicolás schrieb: myaddr...@gmail.com: host devels.es[78.138.97.64] said: 550-Verification failed forn...@subdomain.devels.es 550-The mail server could not deliver mail ton...@subdomain.devels.es. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 550 Sender verify failed Is there anything I'm missing? Does postfix know that is is responsible for subdomain.devels.es? to make it clear: on postfix side you have to handle a subdomain like any other domain in your configuration signature.asc Description: OpenPGP digital signature
Re: Adding subdomains (DNS problem)
El 08/06/2012 19:22, Reindl Harald escribió: Am 08.06.2012 20:19, schrieb Patrick Westenberg: Nicolás schrieb: myaddr...@gmail.com: host devels.es[78.138.97.64] said: 550-Verification failed forn...@subdomain.devels.es 550-The mail server could not deliver mail ton...@subdomain.devels.es. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 550 Sender verify failed Is there anything I'm missing? Does postfix know that is is responsible for subdomain.devels.es? to make it clear: on postfix side you have to handle a subdomain like any other domain in your configuration Sorry, I replied to your private mail, ignore that The content was: virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf And that MySQL table contains an entry for subdomain.devels.es Is that what you meant? Thank you! Nicolás
Re: ipv6 not binding/listening correctly
--On Friday, June 08, 2012 2:07 PM -0400 Wietse Venema wie...@porcupine.org wrote: Michael Tharp: inet_protocols = all Wietse: Please show postconf -n output instead of main.cf. Michael Tharp: inet_protocols = ipv4 This is what Postfix uses. To edit main.cf, use postconf -e 'inet_protocols = all' Wietse Just to note, we've been using Postfix in ipv4, both, and ipv6 only testing internally while preparing Zimbra for full range support of scenarios other than just IPv4, and it has been working without issue. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. Zimbra :: the leader in open source messaging and collaboration
Re: Adding subdomains (DNS problem)
Nicolás schrieb: myaddr...@gmail.com: host devels.es[78.138.97.64] said: 550-Verification ... subdomain.devels.es. IN MX 0 mail.devels.es The response comes from devels.es with 78.138.97.64 but your MX-Records points to mail.devels.es with 85.155.102.33. Have you changed the records lately? In this case your problem could be caused by outdated cached records. Regards Patrick
Re: Adding subdomains (DNS problem)
El 08/06/2012 19:40, Patrick Westenberg escribió: Nicolás schrieb: myaddr...@gmail.com: host devels.es[78.138.97.64] said: 550-Verification ... subdomain.devels.es. IN MX 0 mail.devels.es The response comes from devels.es with 78.138.97.64 but your MX-Records points to mail.devels.es with 85.155.102.33. Have you changed the records lately? In this case your problem could be caused by outdated cached records. Regards Patrick Yes, this is because the server running Postfix is at my home but the domain points to the registrar's IP (I tried to convince them to let me change that but they didn't want, I don't know why...). Now it works! It was due to an unproppagated DNS record, sometimes I'm a bit impatient... :-) Thanks for your help! Nicolás
[SOLVED] Automatic delivery cyrus-imap subfolders
This problem has nothing to do with Postfix. I apologize for taking your time. Nonetheless I am posting the solution here in case someone else runs into this. As this is a new server host the appropriate access control list had not been set on the direct delivery mailboxes for each user. For the PLUS+ addressing mechanism to work with Cyrus-imap the acl _p_ for the user id _anyone_ is required on each folder in the directory tree containing the target mailbox. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Re: Postfix mail file permissions
On 06/08/2012 04:08 PM, Nicolae Ghimbovschi wrote: where is the patch ? The patch used on postfix 2.0.19 is very simple: mail_stream.c - || fchmod(vstream_fileno(info-stream), 0700 | info-mode) + || fchmod(vstream_fileno(info-stream), 0770 | info-mode) mailq | grep mailaddr postcat -q queueid | less The message processing is done programmatically. No external processes. By definition, programmatically can include external processes. It sounds as if you want to hack postfix to conform to some ideal, instead of adapting to the way postfix works for the tooling you need. -- J.
Re: client-side authentication broken?
On 06/06/2012 01:16 PM, Toni Mueller wrote: Hi, I recently upgraded a machine from Postfix 2.8 to 2.9. The machine uses, amongst other things, a custom transport to facilitate masking outgoing email addresses and sending with SMTP-AUTH. In main.cf, this looks like follows: mtp_sasl_auth_enable = yes smtp_sender_dependent_authentication = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_security_level = encrypt smtp_sasl_security_options = noanonymous In master.cf I now have this in attempt to fix this problem: globalout unix - - - - - smtp -v -v -o smtp_generic_maps=hash:/etc/postfix/global_rewrite -o smtp_sasl_auth_enable=yes -o smtp_sender_dependent_authentication=yes -o smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd -o smtp_tls_security_level=encrypt -o smtp_sasl_security_options=noanonymous where globalout is the mail transport used for off-site mails. And it is addressed where, exactly ? If you don't *use* a transport, no mail will ever be sent to it. Did you run the configuration upgrade tool provided with postfix when upgrading major versions, as the documentation states you should do ? $ postfix upgrade-configuration I'm betting you did not edit/check main.cf after upgrading, thus losing your transport mapping. $ postconf transport_maps -- J.