Re: HOLDing certain recipients during migration
On Mon, 2013-02-11 at 19:56:23 +0100, Miha Valencic wrote: > Just want to double check if I am planning this correctly. We're migrating > users from one system to another, and want to HOLD incoming messages for > certain recipients during migration. For that purpose, we'll create a file > with users listed: > > /hold-users: > us...@domain.com HOLD > us...@domain.com HOLD > ... The HOLD action affects all recipients; you can be more specific by using the retry service. See the following thread: http://article.gmane.org/gmane.mail.postfix.user/197989 -- Sahil Tandon
Re: SASL question
Curtis Maurand wrote:
> Patrick Ben Koetter wrote:
> >> However, nothing in my configuration says to open the sasldb file
> >> anywhere as the auth machanism is set to imap, but postfix seems
> >> intent on opening this file anyway.
> >
> > Cyrus SASL opens sasldb as fallback when all other attempts to do
> > AUTH have failed. That in turn says your current setup is
> > non-functional. Which docs did you follow? What's your current
> > setup?
>
> My currwnt setup has the imap connecting to a remote server on a private
> network. The imap server is dbmail 2.2.17.
>
> Postfix is a member of the sasl group. There is an sasldb2 file
> just in case.
I am not sure it is your desire to use the sasldb2 file. But if it is
then on Debian it needs to be made available in the chroot which on
Debian is usually located at /var/spool/postfix/etc. For me it meant
the easiest thing to do was to modify the /etc/init.d/postfix script
to make sure it was copied into the chroot when it was started.
I added etc/sasldb2 to this next section.
FILES="etc/sasldb2 etc/localtime etc/services etc/resolv.conf etc/hosts \
etc/nsswitch.conf etc/nss_mdns.config"
for file in $FILES; do
[ -d ${file%/*} ] || mkdir -p ${file%/*}
if [ -f /${file} ]; then rm -f ${file} && cp -p /${file} ${file}; fi
# if [ -f ${file} ]; then chmod a+rX ${file}; fi
done
And I also removed that line that is commented out so that the
original permissions are preserved. That causes permissions to be
preserved from the /etc file into the chroot area when the file is
copied into it. Otherwise the file would be available to everyone.
Using the original permissions on all of the files is okay.
Again, that is only if you are intending to use the sasldb2 file. It
is a nice simple fallback. But most schemes use other access control
methods.
Bob
Re: Postscreen: bad command startup -- throttling issues
> >> I increased the debugging output in master.cf using "-D -v". > > > > I did not ask you to do that. postscreen logs the error message > > and you just need to learn where to find it. Adding more logging > > just makes the information harder to find. > > > > Start with /etc/syslog.conf and examine EVERY FILE listed there. > server:/var/log # grep mail /etc/rsyslog.conf I asked you to examine EVERY FILE listed there. Apparently, you don't understand plain English. Maybe someone else has more patience. I am done with this thread. Wietse
Re: Restrict some users to local recipients only?
Hi Dominik, I believe envelope senders is what he's wanting, though SASL authenticated users could probably work, too. Patrick On Tue, Feb 12, 2013 at 4:31 PM, Dominik George wrote: > Hi Patrick, > > > I have a customer who would like to configure the Postfix server he uses > > such that certain users can only send to local users. I'm wondering if > > there are any built-in facilities for restricting which delivery agents > can > > be used by particular users? (Or some other clever way of achieving the > > same end result.) I realize security measures would also need to be taken > > to lock down the machine from which the mail is being sent, but that's > not > > my problem ;) > > Does "users" for you mean > > a) clients > b) envelope senders > c) SASL authenticated users? > > -nik > > -- > * mirabilos is handling my post-1990 smartphone * > Aaah, it vibrates! Wherefore art thou, demonic device?? > > PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 >
Re: Postscreen: bad command startup -- throttling issues
On Feb 13, 2013, at 3:14 PM, Wietse Venema wrote:
> LDB:
You show only WARNING messages.
postscreen logs an ERROR mesage before exiting with status 1.
Are you using a syslog configuration that logs ERRORS and WARNINGS
to different files?
Wietse
>>>
>>> My /var/log/mail.err file is empty. I am not seeing any other postscreen
>>> messages in any of the mail or mail.{info,err,warn} logs.
>>
>> I increased the debugging output in master.cf using "-D -v".
>
> I did not ask you to do that. postscreen logs the error message
> and you just need to learn where to find it. Adding more logging
> just makes the information harder to find.
>
> Start with /etc/syslog.conf and examine EVERY FILE listed there.
>
>Wietse
I agree and I understood. Although, here is the impetus behind my change to
produce more verbose logs.
Postfix is seemingly logging to the correct facility:
server:/var/log # postconf -d | grep syslog
syslog_facility = mail
syslog_name =
${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name}
Syslog is seemingly configured properly, as well:
server:/var/log # grep mail /etc/rsyslog.conf
# email-messages
mail.* -/var/log/mail
mail.info -/var/log/mail.info
mail.warning-/var/log/mail.warn
mail.err/var/log/mail.err
*.*;mail.none;news.none -/var/log/messages
But yet, /var/log/mail.err, remains empty.
Once again, I am refraining from changing much of the defaults in Postfix or
within the OS.
Thank you,
LDB
Re: Postscreen: bad command startup -- throttling issues
LDB:
> >> You show only WARNING messages.
> >>
> >> postscreen logs an ERROR mesage before exiting with status 1.
> >>
> >> Are you using a syslog configuration that logs ERRORS and WARNINGS
> >> to different files?
> >>
> >>Wietse
> >
> > My /var/log/mail.err file is empty. I am not seeing any other postscreen
> > messages in any of the mail or mail.{info,err,warn} logs.
>
> I increased the debugging output in master.cf using "-D -v".
I did not ask you to do that. postscreen logs the error message
and you just need to learn where to find it. Adding more logging
just makes the information harder to find.
Start with /etc/syslog.conf and examine EVERY FILE listed there.
Wietse
Re: Postscreen: bad command startup -- throttling issues
On 2/13/13 8:24 AM, LDB wrote:
>
>
> On Feb 12, 2013, at 5:05 PM, Wietse Venema wrote:
>
>> LDB:
>>> On 02/12/2013 08:35 AM, Wietse Venema wrote:
egrep '(warning|error|fatal|panic):' /some/log/file | more
>>>
>>> Thank you for the response. I apologize for the delay.
>>>
>>> The log entries you requested are as follows and since then the postfix
>>> service
>>> has been restarted many times:
>>
>> You show only WARNING messages.
>>
>> postscreen logs an ERROR mesage before exiting with status 1.
>>
>> Are you using a syslog configuration that logs ERRORS and WARNINGS
>> to different files?
>>
>>Wietse
>
> My /var/log/mail.err file is empty. I am not seeing any other postscreen
> messages in any of the mail or mail.{info,err,warn} logs.
>
> Thanks,
>
> LDB
>
I increased the debugging output in master.cf using "-D -v".
eb 13 21:23:14 server postfix/postfix-script[364]: stopping the Postfix
mail system
Feb 13 21:23:14 server postfix/master[29847]: terminating on signal 15
Feb 13 21:23:14 server postfix/postfix-script[451]: starting the Postfix
mail system
Feb 13 21:23:14 server postfix/master[452]: daemon started -- version
2.8.11, configuration /etc/postfix
Feb 13 21:23:46 server postfix/postscreen[476]: dict_lookup:
syslog_facility = (notfound)
Feb 13 21:23:46 server postfix/postscreen[476]: mac_parse: mail
Feb 13 21:23:46 server postfix/postscreen[476]: dict_eval: const mail
Feb 13 21:23:46 server postfix/postscreen[476]: dict_update:
syslog_facility = mail
Feb 13 21:23:46 server postfix/postscreen[476]: dict_lookup:
inet_protocols = ipv4
Feb 13 21:23:46 server postfix/postscreen[476]: mac_parse: ipv4
Feb 13 21:23:46 server postfix/postscreen[476]: dict_eval: const ipv4
Feb 13 21:23:46 server postfix/postscreen[476]: dict_lookup:
multi_instance_directories = (notfound)
Feb 13 21:23:46 server postfix/postscreen[476]: mac_parse:
Feb 13 21:23:46 server postfix/postscreen[476]: dict_eval: const
Feb 13 21:23:46 server postfix/postscreen[476]: dict_update:
multi_instance_directories =
Feb 13 21:23:46 server postfix/postscreen[476]: dict_lookup:
multi_instance_group = (notfound)
Feb 13 21:23:46 server postfix/postscreen[476]: mac_parse:
Feb 13 21:23:46 server postfix/postscreen[476]: dict_eval: const
Feb 13 21:23:46 server postfix/postscreen[476]: dict_update:
multi_instance_group =
Feb 13 21:23:46 server postfix/postscreen[476]: dict_lookup:
multi_instance_name = (notfound)
Feb 13 21:23:46 server postfix/postscreen[476]: mac_parse:
Feb 13 21:23:46 server postfix/postscreen[476]: dict_eval: const
Feb 13 21:23:46 server postfix/postscreen[476]: dict_update:
multi_instance_name =
Feb 13 21:23:46 server postfix/postscreen[476]: name_mask: ipv4
Feb 13 21:23:46 server postfix/postscreen[476]: dict_lookup: myhostname
= (notfound)
Feb 13 21:23:46 server postfix/postscreen[476]: dict_lookup: mydomain =
example.net
Feb 13 21:23:46 server postfix/postscreen[476]: mac_parse: example.net
Feb 13 21:23:46 server postfix/postscreen[476]: dict_eval: const
example.net
Feb 13 21:23:46 server postfix/postscreen[476]: mac_parse: key.example.net
Feb 13 21:23:46 server postfix/postscreen[476]: dict_eval: const
key.example.net
Feb 13 21:23:46 server postfix/postscreen[476]: dict_update: myhostname
= key.example.net
Feb 13 21:23:46 server postfix/postscreen[476]: dict_lookup: mydomain =
example.net
Feb 13 21:23:46 server postfix/postscreen[476]: mac_parse: example.net
Feb 13 21:23:46 server postfix/postscreen[476]: dict_eval: const
example.net
Feb 13 21:23:46 server postfix/postscreen[476]: dict_lookup: mail_name =
(notfound)
Feb 13 21:23:46 server postfix/postscreen[476]: mac_parse: Postfix
Feb 13 21:23:46 server postfix/postscreen[476]: dict_eval: const Postfix
Feb 13 21:23:46 server postfix/postscreen[476]: dict_update: mail_name =
Postfix
Feb 13 21:23:46 server postfix/postscreen[476]: dict_lookup: syslog_name
= (notfound)
Feb 13 21:23:46 server postfix/postscreen[476]: mac_parse:
${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name}
Feb 13 21:23:46 server postfix/postscreen[476]: dict_lookup:
multi_instance_name =
Feb 13 21:23:46 server postfix/postscreen[476]: mac_parse: postfix
Feb 13 21:23:46 server postfix/postscreen[476]: dict_lookup:
multi_instance_name =
Feb 13 21:23:46 server postfix/postscreen[476]: dict_eval: expand
${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name} ->
postfix
Feb 13 21:23:46 server postfix/postscreen[476]: dict_update: syslog_name
= postfix
Feb 13 21:23:46 server postfix/postscreen[476]: dict_lookup: mail_owner
= postfix
Feb 13 21:23:46 server postfix/postscreen[476]: mac_parse: postfix
Feb 13 21:23:46 server postfix/postscreen[476]: dict_eval: const postfix
Feb 13 21:23:46 server postfix/postscreen[476]: dict_lookup:
setgid_group = maildrop
Feb 13 21:23:46 server postfix/postscreen[476]: mac_parse: maildrop
Feb 13 21:23:46 server postfix/postscreen[476]: dict_eval: const maildrop
Feb 13 21:23:46 server postfix/postscreen[476]: dic
Re: Gmail as Relayhost
On 2/13/2013 8:45 AM, Mikael Bak wrote: > On 02/13/2013 03:24 PM, Noel Jones wrote: > [snip] >> >> - If you only have a handful of addresses, you can sign up for a >> free google apps account with your own domain name. That will allow >> you to relay through google. You are not required to use google as >> your MX; you can continue to use your own server. If you have too >> many for the free service, you might consider paying. >> > [snip] > > Too late for that! > > "Starting on December 6, 2012, Google will no longer offer new accounts > for the free edition of Google Apps." > > http://support.google.com/a/bin/answer.py?hl=en&answer=2855120 > > Doh!
Re: Gmail as Relayhost
On 02/13/2013 03:24 PM, Noel Jones wrote: [snip] > > - If you only have a handful of addresses, you can sign up for a > free google apps account with your own domain name. That will allow > you to relay through google. You are not required to use google as > your MX; you can continue to use your own server. If you have too > many for the free service, you might consider paying. > [snip] Too late for that! "Starting on December 6, 2012, Google will no longer offer new accounts for the free edition of Google Apps." http://support.google.com/a/bin/answer.py?hl=en&answer=2855120
Re: Gmail as Relayhost
On 2/13/2013 6:14 AM, Dominique wrote: > Hi, > > I am looking at using gmail as a relayhost in our current server > setup ubuntu12.04/postfix/cyrus instead of using the ISP relayhost. > > I have it working, but the outgoing email address is replaced by the > gmail address (from the authentication info) - things that did not > happen when using the ISP. Yes, they do that. > > How can I fix that ? A few choices... - Don't use a relayhost, deliver mail directly. This requires you have a static IP address with proper FCrDNS entries, which will require cooperation from your ISP and may cost some extra, depending on your current service agreement. - If you only have a handful of addresses, you can sign up for a free google apps account with your own domain name. That will allow you to relay through google. You are not required to use google as your MX; you can continue to use your own server. If you have too many for the free service, you might consider paying. - Use some third-party relayhost service, such as dyndns. This will not be free, but shouldn't cost very much. If you have more than a couple dozen email addresses, this will be cheaper than a google apps account. -- Noel Jones
Re: Gmail as Relayhost
On 13/02/2013 13:19, Reindl Harald wrote: Am 13.02.2013 13:14, schrieb Dominique: I am looking at using gmail as a relayhost in our current server setup ubuntu12.04/postfix/cyrus instead of using the ISP relayhost. I have it working, but the outgoing email address is replaced by the gmail address (from the authentication info) - things that did not happen when using the ISP How can I fix that? no - this is the decision of gmail which is right think about stupid people using a sender with a domain which has SPF records and gmail as realy and gmail would lose reputation because they are not in the SPF list one principle in e-mail is NEVER allow sender addresses for which you would not receive incoming mail, the one with the wrong config in fact is the ISP allowing blibdly any sender-domain Thanks for the info. I'll look at alternatives. Dominique
Re: Gmail as Relayhost
On 13/02/2013 13:32, Mikael Bak wrote: On 02/13/2013 01:14 PM, Dominique wrote: Hi, I am looking at using gmail as a relayhost in our current server setup ubuntu12.04/postfix/cyrus instead of using the ISP relayhost. Is you ISP relayhost service bad? It bounces mail randomly, mostly hotmail hence not reliable. I have it working, but the outgoing email address is replaced by the gmail address (from the authentication info) - things that did not happen when using the ISP. How can I fix that ? I'm not sure it's possible. I think you need to use gmail.com as from email addresses in order to use their SMTP. From another answer it does not seem possible. Solution: use your ISP relayhost or buy the service from someone else. I'll look into that option. Thanks, Dominique Mikael
Re: Postscreen: bad command startup -- throttling issues
On Feb 12, 2013, at 5:05 PM, Wietse Venema wrote:
> LDB:
>> On 02/12/2013 08:35 AM, Wietse Venema wrote:
>>> egrep '(warning|error|fatal|panic):' /some/log/file | more
>>
>> Thank you for the response. I apologize for the delay.
>>
>> The log entries you requested are as follows and since then the postfix
>> service
>> has been restarted many times:
>
> You show only WARNING messages.
>
> postscreen logs an ERROR mesage before exiting with status 1.
>
> Are you using a syslog configuration that logs ERRORS and WARNINGS
> to different files?
>
>Wietse
My /var/log/mail.err file is empty. I am not seeing any other postscreen
messages in any of the mail or mail.{info,err,warn} logs.
Thanks,
LDB
Re: Gmail as Relayhost
On 02/13/2013 01:14 PM, Dominique wrote: > Hi, > > I am looking at using gmail as a relayhost in our current server setup > ubuntu12.04/postfix/cyrus instead of using the ISP relayhost. > Is you ISP relayhost service bad? > I have it working, but the outgoing email address is replaced by the > gmail address (from the authentication info) - things that did not > happen when using the ISP. > > How can I fix that ? > I'm not sure it's possible. I think you need to use gmail.com as from email addresses in order to use their SMTP. Solution: use your ISP relayhost or buy the service from someone else. > Thanks, > > Dominique > > Mikael
Re: Gmail as Relayhost
Am 13.02.2013 13:14, schrieb Dominique: > I am looking at using gmail as a relayhost in our current server setup > ubuntu12.04/postfix/cyrus instead of using > the ISP relayhost. > > I have it working, but the outgoing email address is replaced by the gmail > address (from the authentication info) - > things that did not happen when using the ISP > > How can I fix that? no - this is the decision of gmail which is right think about stupid people using a sender with a domain which has SPF records and gmail as realy and gmail would lose reputation because they are not in the SPF list one principle in e-mail is NEVER allow sender addresses for which you would not receive incoming mail, the one with the wrong config in fact is the ISP allowing blibdly any sender-domain signature.asc Description: OpenPGP digital signature
Gmail as Relayhost
Hi, I am looking at using gmail as a relayhost in our current server setup ubuntu12.04/postfix/cyrus instead of using the ISP relayhost. I have it working, but the outgoing email address is replaced by the gmail address (from the authentication info) - things that did not happen when using the ISP. How can I fix that ? Thanks, Dominique
Re: TLS Library Problem? Postfix 2.9.6
On Tue, Feb 12, 2013 at 04:51:33PM +, Viktor Dukhovni wrote: > Do you know how you accidentally ended-up with a 512-bit RSA key? > [ Did you use the snake-oil key-pair included with the O/S? ] No. The snake-oil key-pair is 1024 bit rsa in gentoo. -- Eray Aslan
