Re: Timeout delivering via LMTP
On 12/06/12 18:12, Viktor Dukhovni wrote: On Tue, Jun 12, 2012 at 12:32:24PM +0200, Angel L. Mateo wrote: In the smtp logs I have: Jun 12 11:41:18 xenon13 postfix/lmtp[4248]: 4433E5D5A0: to=myu...@um.es, relay=pop.um.es[155.54.212.106]:24, delay=31, delays=0.41/0.06/0/30, dsn=4.4.0, status=deferred (host pop.um.es[155.54.212.106] said: 451 4.4.0 Remote server not answering (timeout while waiting for reply to DATA reply) (in reply to end of DATA command)) This is NOT a Postfix timeout, read the log message carefully: Jun 12 11:41:18 xenon13 postfix/lmtp[4248]: 4433E5D5A0: to=myu...@um.es, relay=pop.um.es[155.54.212.106]:24, delay=31, delays=0.41/0.06/0/30, dsn=4.4.0, status=deferred (host pop.um.es[155.54.212.106] said: -=== 451 4.4.0 Remote server not answering (timeout while waiting for reply to DATA reply) (in reply to end of DATA command)) The unwanted 30s timeout is clearly in the proxy. Ooops... You're right. Sorry... and thank you. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 868887590 Fax: 86337
How to handle local mail when throttling?
I have setup a throttling postfix based on http://flurdy.com/docs/postfix/ and http://tech.groups.yahoo.com/group/postfix-users/message/271370 . In the virtual domains tables I have: localhost, localhost.localdomain and my.domain.com . transport: hotmail.com hotmailratelimit: yahoo.com yahooratelimit: main.cf: (I was suggested to post the postconf -n output instead) alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix default_destination_rate_delay = 15s delay_warning_time = 4h disable_vrfy_command = yes inet_interfaces = all mailbox_command = mailbox_size_limit = 0 maximal_backoff_time = 8000s maximal_queue_lifetime = 3d minimal_backoff_time = 1000s mydestination = myhostname = my.domain.com mynetworks = 1.2.3.4/32 myorigin = my.domain.com readme_directory = no recipient_delimiter = + relay_domains = relayhost = smtp_helo_timeout = 60s smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org smtpd_delay_reject = yes smtpd_hard_error_limit = 12 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_recipient_limit = 16 smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit smtpd_data_restrictions = reject_unauth_pipelining smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit smtpd_soft_error_limit = 3 smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 450 virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/spool/mail/virtual virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf virtual_uid_maps = static:5000 master.cf: (Removed comments) = smtp inet n - - - - smtpd hotmailratelimit unix - - - - 1 smtp -o smtp_fallback_relay= -o syslog_name=slow_queue -o smtp_helo_timeout=3 -o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1 yahooratelimit unix - - - - 1 smtp -o smtp_fallback_relay= -o syslog_name=slow_queue -o smtp_helo_timeout=3 -o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1 relayratelimit unix - - - - 1 smtp -o smtp_fallback_relay= -o syslog_name=slow_queue -o smtp_helo_timeout=3 -o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1 pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp -o smtp_fallback_relay= showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} I don't want to throttle the email that goes for my own domain (my.domain.com). Previously I had the transport as: hotmail.com hotmailratelimit: yahoo.com yahooratelimit: my.domain.com relayratelimit: (added relayratelimit line) but then I had the warning: warning: do not list domain in BOTH virtual_mailbox_domains and relay_domains and when I sent an email to my.domain.com from
Question respecting relay_domains and transport map on mail hub
In our configuration the final delivery mail server is not listed in the MX records for the various domains that we host. Instead the highest priority MX hosts relay directly to the common final delivery host using transport maps and disabling MX lookups: example.com relay:[delivery.domain.tld] .example.com relay:[delivery.domain.tld] example2.com relay:[delivery.domain.tld] .example2.com relay:[delivery.domain.tld] The public MX hosts are the same for all of the domains that we host as is the final delivery host. Experimentation seems to indicate that a relays_domain map that contains example.com is redundant in this situation but, given my inexperience with Postfix, I would like to have this inference confirmed or denied by someone who knows for sure. Given the requirement for the transport map on the MX hosts does the relay_domains value need to be set at all? -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Re: Question respecting relay_domains and transport map on mail hub
James B. Byrne: Given the requirement for the transport map on the MX hosts does the relay_domains value need to be set at all? If the destination is not on the machine itself, the destination should be listed in relay_domains. transport_maps is not a substitute for relay_domains (think, for example, of sites that have special configuration for hotmail etc.; such sites do not automaticaly relay everyone elses mail to hotmail). There are some useful hints and tips in the firewall/gateway example in STANDARD_CONFIGURATION_README.html Wietse
Re: Question respecting relay_domains and transport map on mail hub
On Wed, June 13, 2012 12:23, Wietse Venema wrote: James B. Byrne: Given the requirement for the transport map on the MX hosts does the relay_domains value need to be set at all? If the destination is not on the machine itself, the destination should be listed in relay_domains. Thank you for the clarification. I understand from reading the documentation all that relays_domains contains is a list of those domains for which Postfix will accept mail and either deliver or forward. My confusion arises from our requirement to use transport maps to effect forwarding to a specific host without using MX data. transport_maps is not a substitute for relay_domains I will retain the relay_domains list as you advise. However, it appears that transport map configuration nonetheless works for domains without an entry in the relays_domains list, thus my inquiry. Is this simply happenstance? Is there some exception or failure condition that may occur if a domain listed in the transport map as using the relay transport does not also have an entry in the relay_domains list? There are some useful hints and tips in the firewall/gateway example in STANDARD_CONFIGURATION_README.html I have gone through this reference (among many others) repeatedly this past few weeks. I fear I presently lack the experience to relate much of what I read there to what actually is going on. I have managed to get the new setup working insofar as I can tell. Now I am going over everything I have done in an attempt to understand which bits were necessary and which were not. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Re: Question respecting relay_domains and transport map on mail hub
James B. Byrne: On Wed, June 13, 2012 12:23, Wietse Venema wrote: James B. Byrne: Given the requirement for the transport map on the MX hosts does the relay_domains value need to be set at all? If the destination is not on the machine itself, the destination should be listed in relay_domains. Thank you for the clarification. I understand from reading the documentation all that relays_domains contains is a list of those domains for which Postfix will accept mail and either deliver or forward. My confusion arises from our requirement to use transport Please do not confuse RECEIVE controls with DELIVERY controls. transport_maps determines how to DELIVER a domain. relay_domains determines what domains to RECEIVE for forwarding, Wietse
Re: Question respecting relay_domains and transport map on mail hub
On Wed, June 13, 2012 13:40, Wietse Venema wrote: Please do not confuse RECEIVE controls with DELIVERY controls. transport_maps determines how to DELIVER a domain. relay_domains determines what domains to RECEIVE for forwarding, Thank you. I now understand why my test passed when it should not have. It originated from the mail hub so the receiving element was not exercised at all. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Re: How to handle local mail when throttling?
On 6/13/2012 4:34 AM, Adrian Gibanel wrote: I have setup a throttling postfix based on http://flurdy.com/docs/postfix/ and http://tech.groups.yahoo.com/group/postfix-users/message/271370 . In the virtual domains tables I have: localhost, localhost.localdomain and my.domain.com . transport: hotmail.com hotmailratelimit: yahoo.com yahooratelimit: main.cf: (I was suggested to post the postconf -n output instead) alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix default_destination_rate_delay = 15s You've set the default delay to 15s for all deliveries. Don't do that. rather use: hotmailratelimit_destination_rate_delay = 15s yahooratelimit_destination_rate_delay = 15s http://www.postfix.org/postconf.5.html#default_destination_rate_delay and see the slow transport examples under http://www.postfix.org/QSHAPE_README.html#backlog delay_warning_time = 4h disable_vrfy_command = yes inet_interfaces = all mailbox_command = mailbox_size_limit = 0 maximal_backoff_time = 8000s maximal_queue_lifetime = 3d minimal_backoff_time = 1000s The default minimal backoff is now 300s, which is probably a better choice. smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org It's customary to proceed the RBL checks with permit_mynetworks, permit_sasl_authenticated so you don't reject legit clients. and blackholes.easynet.nl has not been operational for several years. Review all your RBLs periodically. smtpd_recipient_limit = 16 Artificially limiting the number of recipients per connection just makes your server work harder. smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit smtpd_data_restrictions = reject_unauth_pipelining smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit smtpd_soft_error_limit = 3 smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 450 This should be 550 unless you're having some problem. virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/spool/mail/virtual virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf virtual_uid_maps = static:5000 master.cf: (Removed comments) = smtp inet n - - - - smtpd hotmailratelimit unix - - - - 1 smtp -o smtp_fallback_relay= -o syslog_name=slow_queue -o smtp_helo_timeout=3 -o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1 It seems counterproductive to set the session limit and mx address limit to 1. These should be left at the defaults. yahooratelimit unix - - - - 1 smtp -o smtp_fallback_relay= -o syslog_name=slow_queue -o smtp_helo_timeout=3 -o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1 It seems counterproductive to set the session limit and mx address limit to 1. These should be left at the defaults. relayratelimit unix - - - - 1 smtp -o smtp_fallback_relay= -o syslog_name=slow_queue -o smtp_helo_timeout=3 -o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1 It seems counterproductive to set the session limit and mx address limit to 1. These should be left at the defaults. I don't want to throttle the email that goes for my own domain (my.domain.com). Removing the default_destination_rate_delay will fix that. -- Noel Jones
address_verify_map
Can a SQL database be used for the recipient verification storage? -- Daniel
Re: address_verify_map
Daniel L. Miller: Can a SQL database be used for the recipient verification storage? Not unless someone has implemented Postfix support for SQL updates. Wietse
setting aliases properly
Greetings it has been a long time since I've done this, and could use some guidance. I have one domain ( example.com ) and 7 systems. mx1.example.com Av1.example.com relay1.example.com relay2.exmple.com imap/pop1 imap/pop2 imap/pop3 each understand their own /etc/aliases file. if I send a message to someal...@machine.example.com it works fine. when i try to send to aliasn...@example.com, all the machines kick it to the MX server ( which has a transportmap for example.com ) and I get a loop. aliasname: lukeskywal...@host.example.com can i specify aliasn...@example.com: lukeskywal...@host.example.com right now my MX server is only working when i specify the host name in the message. if there is something I should set in main.cf ? snip mydestination = $myhostname, localhost.$mydomain, localhost, example.com, $mydomain mydomain = example.com mydomain_fallback = localhost myhostname = mx1.example.com mynetworks = 127.0.0.0/8 mynetworks_style = host myorigin = $myhostname /snip -j
Re: setting aliases properly
On Jun 13, 2012, at 9:39 PM, jeffrey j donovan wrote: Greetings it has been a long time since I've done this, and could use some guidance. I have one domain ( example.com ) and 7 systems. mx1.example.com Av1.example.com relay1.example.com relay2.exmple.com imap/pop1 imap/pop2 imap/pop3 each understand their own /etc/aliases file. if I send a message to someal...@machine.example.com it works fine. when i try to send to aliasn...@example.com, all the machines kick it to the MX server ( which has a transportmap for example.com ) and I get a loop. aliasname:lukeskywal...@host.example.com can i specify aliasn...@example.com:lukeskywal...@host.example.com right now my MX server is only working when i specify the host name in the message. if there is something I should set in main.cf ? snip mydestination = $myhostname, localhost.$mydomain, localhost, example.com, $mydomain mydomain = example.com mydomain_fallback = localhost myhostname = mx1.example.com mynetworks = 127.0.0.0/8 mynetworks_style = host myorigin = $myhostname /snip -j answering my own question; is this what i need to change ? http://www.postfix.org/postconf.5.html myorigin (default: $myhostname) The domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. The default, $myhostname, is adequate for small sites. If you run a domain with multiple machines, you should (1) change this to $mydomain and (2) set up a domain-wide alias database that aliases each user to user@that.users.mailhost. Example: myorigin = $mydomain okay part (2) of that answer set up a domain-wide alias database that aliases each user to user@that.users.mailhost how do i do that properly ? -j