Re: Timeout delivering via LMTP
On 12/06/12 18:12, Viktor Dukhovni wrote: On Tue, Jun 12, 2012 at 12:32:24PM +0200, Angel L. Mateo wrote: In the smtp logs I have: Jun 12 11:41:18 xenon13 postfix/lmtp[4248]: 4433E5D5A0: to=myu...@um.es, relay=pop.um.es[155.54.212.106]:24, delay=31, delays=0.41/0.06/0/30, dsn=4.4.0, status=deferred (host pop.um.es[155.54.212.106] said: 451 4.4.0 Remote server not answering (timeout while waiting for reply to DATA reply) (in reply to end of DATA command)) This is NOT a Postfix timeout, read the log message carefully: Jun 12 11:41:18 xenon13 postfix/lmtp[4248]: 4433E5D5A0: to=myu...@um.es, relay=pop.um.es[155.54.212.106]:24, delay=31, delays=0.41/0.06/0/30, dsn=4.4.0, status=deferred (host pop.um.es[155.54.212.106] said: -=== 451 4.4.0 Remote server not answering (timeout while waiting for reply to DATA reply) (in reply to end of DATA command)) The unwanted 30s timeout is clearly in the proxy. Ooops... You're right. Sorry... and thank you. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 868887590 Fax: 86337
How to handle local mail when throttling?
I have setup a throttling postfix based on http://flurdy.com/docs/postfix/ and
http://tech.groups.yahoo.com/group/postfix-users/message/271370 .
In the virtual domains tables I have: localhost, localhost.localdomain and
my.domain.com .
transport:
hotmail.com hotmailratelimit:
yahoo.com yahooratelimit:
main.cf: (I was suggested to post the postconf -n output instead)
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
default_destination_rate_delay = 15s
delay_warning_time = 4h
disable_vrfy_command = yes
inet_interfaces = all
mailbox_command =
mailbox_size_limit = 0
maximal_backoff_time = 8000s
maximal_queue_lifetime = 3d
minimal_backoff_time = 1000s
mydestination =
myhostname = my.domain.com
mynetworks = 1.2.3.4/32
myorigin = my.domain.com
readme_directory = no
recipient_delimiter = +
relay_domains =
relayhost =
smtp_helo_timeout = 60s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject
reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, permit smtpd_data_restrictions =
reject_unauth_pipelining
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject
reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining,
permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = static:5000
master.cf: (Removed comments)
=
smtp inet n - - - - smtpd
hotmailratelimit unix - - - - 1 smtp
-o smtp_fallback_relay= -o syslog_name=slow_queue -o smtp_helo_timeout=3
-o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1
yahooratelimit unix - - - - 1 smtp
-o smtp_fallback_relay= -o syslog_name=slow_queue -o smtp_helo_timeout=3
-o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1
relayratelimit unix - - - - 1 smtp
-o smtp_fallback_relay= -o syslog_name=slow_queue -o smtp_helo_timeout=3
-o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
I don't want to throttle the email that goes for my own domain (my.domain.com).
Previously I had the transport as:
hotmail.com hotmailratelimit:
yahoo.com yahooratelimit:
my.domain.com relayratelimit:
(added relayratelimit line) but then I had the warning: warning: do not list
domain in BOTH virtual_mailbox_domains and relay_domains and when I sent an
email to my.domain.com from
Question respecting relay_domains and transport map on mail hub
In our configuration the final delivery mail server is not listed in the MX records for the various domains that we host. Instead the highest priority MX hosts relay directly to the common final delivery host using transport maps and disabling MX lookups: example.com relay:[delivery.domain.tld] .example.com relay:[delivery.domain.tld] example2.com relay:[delivery.domain.tld] .example2.com relay:[delivery.domain.tld] The public MX hosts are the same for all of the domains that we host as is the final delivery host. Experimentation seems to indicate that a relays_domain map that contains example.com is redundant in this situation but, given my inexperience with Postfix, I would like to have this inference confirmed or denied by someone who knows for sure. Given the requirement for the transport map on the MX hosts does the relay_domains value need to be set at all? -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Re: Question respecting relay_domains and transport map on mail hub
James B. Byrne: Given the requirement for the transport map on the MX hosts does the relay_domains value need to be set at all? If the destination is not on the machine itself, the destination should be listed in relay_domains. transport_maps is not a substitute for relay_domains (think, for example, of sites that have special configuration for hotmail etc.; such sites do not automaticaly relay everyone elses mail to hotmail). There are some useful hints and tips in the firewall/gateway example in STANDARD_CONFIGURATION_README.html Wietse
Re: Question respecting relay_domains and transport map on mail hub
On Wed, June 13, 2012 12:23, Wietse Venema wrote: James B. Byrne: Given the requirement for the transport map on the MX hosts does the relay_domains value need to be set at all? If the destination is not on the machine itself, the destination should be listed in relay_domains. Thank you for the clarification. I understand from reading the documentation all that relays_domains contains is a list of those domains for which Postfix will accept mail and either deliver or forward. My confusion arises from our requirement to use transport maps to effect forwarding to a specific host without using MX data. transport_maps is not a substitute for relay_domains I will retain the relay_domains list as you advise. However, it appears that transport map configuration nonetheless works for domains without an entry in the relays_domains list, thus my inquiry. Is this simply happenstance? Is there some exception or failure condition that may occur if a domain listed in the transport map as using the relay transport does not also have an entry in the relay_domains list? There are some useful hints and tips in the firewall/gateway example in STANDARD_CONFIGURATION_README.html I have gone through this reference (among many others) repeatedly this past few weeks. I fear I presently lack the experience to relate much of what I read there to what actually is going on. I have managed to get the new setup working insofar as I can tell. Now I am going over everything I have done in an attempt to understand which bits were necessary and which were not. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Re: Question respecting relay_domains and transport map on mail hub
James B. Byrne: On Wed, June 13, 2012 12:23, Wietse Venema wrote: James B. Byrne: Given the requirement for the transport map on the MX hosts does the relay_domains value need to be set at all? If the destination is not on the machine itself, the destination should be listed in relay_domains. Thank you for the clarification. I understand from reading the documentation all that relays_domains contains is a list of those domains for which Postfix will accept mail and either deliver or forward. My confusion arises from our requirement to use transport Please do not confuse RECEIVE controls with DELIVERY controls. transport_maps determines how to DELIVER a domain. relay_domains determines what domains to RECEIVE for forwarding, Wietse
Re: Question respecting relay_domains and transport map on mail hub
On Wed, June 13, 2012 13:40, Wietse Venema wrote: Please do not confuse RECEIVE controls with DELIVERY controls. transport_maps determines how to DELIVER a domain. relay_domains determines what domains to RECEIVE for forwarding, Thank you. I now understand why my test passed when it should not have. It originated from the mail hub so the receiving element was not exercised at all. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Re: How to handle local mail when throttling?
On 6/13/2012 4:34 AM, Adrian Gibanel wrote:
I have setup a throttling postfix based on
http://flurdy.com/docs/postfix/ and
http://tech.groups.yahoo.com/group/postfix-users/message/271370 .
In the virtual domains tables I have: localhost,
localhost.localdomain and my.domain.com .
transport:
hotmail.com hotmailratelimit:
yahoo.com yahooratelimit:
main.cf: (I was suggested to post the postconf -n output instead)
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
default_destination_rate_delay = 15s
You've set the default delay to 15s for all deliveries. Don't do that.
rather use:
hotmailratelimit_destination_rate_delay = 15s
yahooratelimit_destination_rate_delay = 15s
http://www.postfix.org/postconf.5.html#default_destination_rate_delay
and see the slow transport examples under
http://www.postfix.org/QSHAPE_README.html#backlog
delay_warning_time = 4h
disable_vrfy_command = yes
inet_interfaces = all
mailbox_command =
mailbox_size_limit = 0
maximal_backoff_time = 8000s
maximal_queue_lifetime = 3d
minimal_backoff_time = 1000s
The default minimal backoff is now 300s, which is probably a better
choice.
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl, reject_rbl_client
dnsbl.njabl.org
It's customary to proceed the RBL checks with permit_mynetworks,
permit_sasl_authenticated so you don't reject legit clients.
and blackholes.easynet.nl has not been operational for several
years. Review all your RBLs periodically.
smtpd_recipient_limit = 16
Artificially limiting the number of recipients per connection just
makes your server work harder.
smtpd_recipient_restrictions = reject_unauth_pipelining,
permit_mynetworks, reject_non_fqdn_recipient,
reject_unknown_recipient_domain, reject_unauth_destination, permit
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
This should be 550 unless you're having some problem.
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = static:5000
master.cf: (Removed comments)
=
smtp inet n - - - - smtpd
hotmailratelimit unix - - - - 1 smtp
-o smtp_fallback_relay= -o syslog_name=slow_queue -o
smtp_helo_timeout=3
-o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1
It seems counterproductive to set the session limit and mx address
limit to 1. These should be left at the defaults.
yahooratelimit unix - - - - 1 smtp
-o smtp_fallback_relay= -o syslog_name=slow_queue -o
smtp_helo_timeout=3
-o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1
It seems counterproductive to set the session limit and mx address
limit to 1. These should be left at the defaults.
relayratelimit unix - - - - 1 smtp
-o smtp_fallback_relay= -o syslog_name=slow_queue -o
smtp_helo_timeout=3
-o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1
It seems counterproductive to set the session limit and mx address
limit to 1. These should be left at the defaults.
I don't want to throttle the email that goes for my own domain
(my.domain.com).
Removing the default_destination_rate_delay will fix that.
-- Noel Jones
address_verify_map
Can a SQL database be used for the recipient verification storage? -- Daniel
Re: address_verify_map
Daniel L. Miller: Can a SQL database be used for the recipient verification storage? Not unless someone has implemented Postfix support for SQL updates. Wietse
setting aliases properly
Greetings it has been a long time since I've done this, and could use some guidance. I have one domain ( example.com ) and 7 systems. mx1.example.com Av1.example.com relay1.example.com relay2.exmple.com imap/pop1 imap/pop2 imap/pop3 each understand their own /etc/aliases file. if I send a message to someal...@machine.example.com it works fine. when i try to send to aliasn...@example.com, all the machines kick it to the MX server ( which has a transportmap for example.com ) and I get a loop. aliasname: lukeskywal...@host.example.com can i specify aliasn...@example.com: lukeskywal...@host.example.com right now my MX server is only working when i specify the host name in the message. if there is something I should set in main.cf ? snip mydestination = $myhostname, localhost.$mydomain, localhost, example.com, $mydomain mydomain = example.com mydomain_fallback = localhost myhostname = mx1.example.com mynetworks = 127.0.0.0/8 mynetworks_style = host myorigin = $myhostname /snip -j
Re: setting aliases properly
On Jun 13, 2012, at 9:39 PM, jeffrey j donovan wrote: Greetings it has been a long time since I've done this, and could use some guidance. I have one domain ( example.com ) and 7 systems. mx1.example.com Av1.example.com relay1.example.com relay2.exmple.com imap/pop1 imap/pop2 imap/pop3 each understand their own /etc/aliases file. if I send a message to someal...@machine.example.com it works fine. when i try to send to aliasn...@example.com, all the machines kick it to the MX server ( which has a transportmap for example.com ) and I get a loop. aliasname:lukeskywal...@host.example.com can i specify aliasn...@example.com:lukeskywal...@host.example.com right now my MX server is only working when i specify the host name in the message. if there is something I should set in main.cf ? snip mydestination = $myhostname, localhost.$mydomain, localhost, example.com, $mydomain mydomain = example.com mydomain_fallback = localhost myhostname = mx1.example.com mynetworks = 127.0.0.0/8 mynetworks_style = host myorigin = $myhostname /snip -j answering my own question; is this what i need to change ? http://www.postfix.org/postconf.5.html myorigin (default: $myhostname) The domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. The default, $myhostname, is adequate for small sites. If you run a domain with multiple machines, you should (1) change this to $mydomain and (2) set up a domain-wide alias database that aliases each user to user@that.users.mailhost. Example: myorigin = $mydomain okay part (2) of that answer set up a domain-wide alias database that aliases each user to user@that.users.mailhost how do i do that properly ? -j
