Re: mailman issue
On 04/05/2014 10:38 PM, Curtis Maurand wrote:
> Ron Guerin wrote:
>>
>> In mm_cfg.py I have this to generate the aliases:
>> MTA='Postfix'
>>
>> In main.cf I use the aliases under:
>> alias_maps hash:/var/lib/mailman/data/aliases
>>
>> In in my master.cf for the mailman transport, I have ${user} where you
>> have ${mailbox} , don't know if that's got anything to do with it.
>>
>> If you want to use the autogenerated aliases, at this point, you're
>> going to need to generate them yourself first. This for me would look
>> like:
>> /usr/lib/mailman/bin/genaliases
>>
>> And of course, don't forget to restart Mailman if you change mm_cfg.py
>> (before running genaliases) and HUP Postfix if you change that.
>
> my setup is a bit different. I'm using dbmail and I have to add the
> aliases to the aliases table, there. I can do that, but was trying to
> avoid it. I was told about and I had an alternate configuration working
> where alias maintenance was completely unnecessary. It had to do with
> setting up the mailman_to_postfix.py script and transport_maps. I wish I
> could find the backups of my original configuration. It's driving me
> crazy. I missed a detail, but I can't remember exactly what it is. very
> annoying.
Why do the Mailman aliases need to be in dbmail? I use MySQL, but
there's absolutely no need for these to be in the database. If you
allow Mailman to autogenerate them, there is no alias maintenance. Just
set it up like you see above. Add, to the alias_maps in main.cf, rather
than replacing whatever you're doing with dbmail.
Aside, some Googling says "I'm doing it wrong" using both, and that
there's really no reason why anyone should be using
postfix-to-mailman.py. Take that under consideration along with what I
said about dbmail not needing to know about Mailman's aliases. Let
Mailman manage Mailman's aliases. They've got nothing to do with
anything else except Postfix.
- Ron
Re: mailman issue
Ron Guerin wrote:
>
> In mm_cfg.py I have this to generate the aliases:
> MTA='Postfix'
>
> In main.cf I use the aliases under:
> alias_maps hash:/var/lib/mailman/data/aliases
>
> In in my master.cf for the mailman transport, I have ${user} where you
> have ${mailbox} , don't know if that's got anything to do with it.
>
> If you want to use the autogenerated aliases, at this point, you're
> going to need to generate them yourself first. This for me would look
> like:
> /usr/lib/mailman/bin/genaliases
>
> And of course, don't forget to restart Mailman if you change mm_cfg.py
> (before running genaliases) and HUP Postfix if you change that.
my setup is a bit different. I'm using dbmail and I have to add the
aliases to the aliases table, there. I can do that, but was trying to
avoid it. I was told about and I had an alternate configuration working
where alias maintenance was completely unnecessary. It had to do with
setting up the mailman_to_postfix.py script and transport_maps. I wish I
could find the backups of my original configuration. It's driving me
crazy. I missed a detail, but I can't remember exactly what it is. very
annoying.
Re: mailman issue
On 04/05/2014 06:40 PM, Curtis Maurand wrote:
> Sahil Tandon wrote:
>> On Fri, 2014-04-04 at 14:55:49 -0400, Curtis Maurand wrote:
>>
>>> I'm getting local user unknown errors when I try to send email to the
>>> list., but as far as I know, I shouldn't need local aliases with this
>>> configuration that anything destined for lists.delrc.org should go to
>>> mailman and that's that. I know that I'm missing a detail somewhere.
>>> I had all of this working prior to this, but I had a server meltdown
>>> the other day and my configs were blown away with it and for whatever
>>> reason, I can't find any backups. :-(
>>
>> Typically, you have to update the alias_maps definition, so that Postfix
>> is made aware of valid Mailman addresses. In your follow-up, include the
>> output of 'postconf -n' rather than snippets from main.cf. See:
>>
>>
>> http://www.gnu.org/software/mailman/mailman-install/postfix-integration.html
>> http://www.postfix.org/postconf.5.html#alias_maps
>>
> I'll remember to do that. However, i was told of a way to configure it in
> such a way that using transport maps all you had to do was to create the
> list and there would be no alias management.
In the end, with the transport method, which I use, along with
postfix-to-mailman.py, you're still better off using aliases. (I don't
remember the reason why, possibly bounce/spam related) These can be
auto-generated by Mailman though.
In mm_cfg.py I have this to generate the aliases:
MTA='Postfix'
In main.cf I use the aliases under:
alias_maps hash:/var/lib/mailman/data/aliases
In in my master.cf for the mailman transport, I have ${user} where you
have ${mailbox} , don't know if that's got anything to do with it.
If you want to use the autogenerated aliases, at this point, you're
going to need to generate them yourself first. This for me would look like:
/usr/lib/mailman/bin/genaliases
And of course, don't forget to restart Mailman if you change mm_cfg.py
(before running genaliases) and HUP Postfix if you change that.
- Ron
Re: mailman issue
Sahil Tandon wrote: > On Fri, 2014-04-04 at 14:55:49 -0400, Curtis Maurand wrote: > >> I'm getting local user unknown errors when I try to send email to the >> list., but as far as I know, I shouldn't need local aliases with this >> configuration that anything destined for lists.delrc.org should go to >> mailman and that's that. I know that I'm missing a detail somewhere. >> I had all of this working prior to this, but I had a server meltdown >> the other day and my configs were blown away with it and for whatever >> reason, I can't find any backups. :-( > > Typically, you have to update the alias_maps definition, so that Postfix > is made aware of valid Mailman addresses. In your follow-up, include the > output of 'postconf -n' rather than snippets from main.cf. See: > > http://www.gnu.org/software/mailman/mailman-install/postfix-integration.html > http://www.postfix.org/postconf.5.html#alias_maps > I'll remember to do that. However, i was told of a way to configure it in such a way that using transport maps all you had to do was to create the list and there would be no alias management. --Curtis
Re: Two domains names under the same IP: how to handle this issue ?
I should have added (see in-line) Miles Fidelman wrote: /dev/rob0 wrote: On Sat, Apr 05, 2014 at 11:01:54AM -0400, Miles Fidelman wrote: Which leads to several obvious questions: - how does postfix use PTR records (e.g., which header lines are matched, at what points in the processing chain, ...)? A client connects to smtpd. The PTR for the client IP address is looked up. The PTR value (that is, a hostname, such as "x.example.com.") is also looked up. If an A record matching the client IP address is returned, smtpd logs the connection as coming from "x.example.com[client.ip.add.ress]". Then if mail is eventually accepted, the Received header is constructed similarly: Received: from (x.example.com[client.ip.add.ress]) Well... it's a little more complicated than that: - there's the initial TCP connection - where there are only IP addresses and port numbers involved - there's the HELO command - HELO name is given - then there's the MAIL command - where you have the sender email address (which may be a different domain from the HELO domain) And a bunch of other things are logged (depending on logging configuration), including: - envelope from: and to: - from: and to: addresses from the message body - alias translations (e.g., an "originally-to: header) And that's before looking at cases where mail is dropped into the queue via other means than a TCP connection (e.g., by a list manager, UUCP). If this verification process fails, such as when no PTR exists for the address (see reject_unknown_reverse_client_hostname) or when the PTR value lookup fails (nxdomain, servfail, timeout) or returns a different IP address (see reject_unknown_client_hostname), smtpd logs the connection as coming from "unknown[client.ip.add.ress]". "Which header lines are matched"? I have no idea what you mean. Well, let's start with: - HELO name - MAIL FROM: - From: Since this is a postfix list - specifically, does postfix do any matching beyond the IP address in the TCP connection, and the PTR from the HELO name? Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra
Re: Two domains names under the same IP: how to handle this issue ?
/dev/rob0 wrote: On Sat, Apr 05, 2014 at 11:01:54AM -0400, Miles Fidelman wrote: Which leads to several obvious questions: - how does postfix use PTR records (e.g., which header lines are matched, at what points in the processing chain, ...)? A client connects to smtpd. The PTR for the client IP address is looked up. The PTR value (that is, a hostname, such as "x.example.com.") is also looked up. If an A record matching the client IP address is returned, smtpd logs the connection as coming from "x.example.com[client.ip.add.ress]". Then if mail is eventually accepted, the Received header is constructed similarly: Received: from (x.example.com[client.ip.add.ress]) Well... it's a little more complicated than that: - there's the initial TCP connection - where there are only IP addresses and port numbers involved - there's the HELO command - HELO name is given - then there's the MAIL command - where you have the sender email address (which may be a different domain from the HELO domain) And a bunch of other things are logged (depending on logging configuration), including: - envelope from: and to: - from: and to: addresses from the message body - alias translations (e.g., an "originally-to: header) If this verification process fails, such as when no PTR exists for the address (see reject_unknown_reverse_client_hostname) or when the PTR value lookup fails (nxdomain, servfail, timeout) or returns a different IP address (see reject_unknown_client_hostname), smtpd logs the connection as coming from "unknown[client.ip.add.ress]". "Which header lines are matched"? I have no idea what you mean. Well, let's start with: - HELO name - MAIL FROM: - From: Since this is a postfix list - specifically, does postfix do any matching beyond the IP address in the TCP connection, and the PTR from the HELO name? Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra
Re: Two domains names under the same IP: how to handle this issue ?
Am 05.04.2014 19:34, schrieb Miles Fidelman: > li...@rhsoft.net wrote: >> >> Am 05.04.2014 17:01, schrieb Miles Fidelman: >>> It strikes me that I haven't seen a general answer to the original question >>> how to set up PTR records when one is serving more than one domain under >>> the same IP address. >> don't setup PTR records and A records for a mailsever >> setup *one* PTR record, *one* A record and *one* HELO-name >> >> just use a generic hostname like "mail.yourcompany.tld" and >> use that as MX records for as many domains you are hosting >> on that mailserver >> >> that: >> >> a) works >> b) is consistent >> c) don't bring you in trouble if it comes to TLS >> d) keeps things simple >> >> proven by hosting some hundret domains for a decade on one hostname > > True. And that's pretty much what I've ended up doing. > > One minor nit, though: when one is hosting email for clients, the generic > hostname needs to be something innocuous > (for example, when you use godaddy's mail services, all the mail goes out > from .secureserver.net) well, "mail.yourcompany.tld" should be innocuous enough and if someone asks why you find easily a dozen large mail providers to point here "because they are doing the same and it just works" we had also "mail.customer1.tld", "mail.customer2.tld"... until i stepped in and stopped that because here and there someone forgot the MX or the A-record or both and now instead of fighting with that the mailbackend set's the MX to always he same generic name at that time TLS was no topic because the old Apple based mail server did not support it at all - after i built the new mail systems with encryption i was glad to clean that up long enough before and keep things as simple as possible _ general rule for administration: if you have 5 ways to achieve the same result chose the simplest one until you find no good reason not to do so - in the best case choose a lot of simple implementations you understand and can explain if somebody wakes you in the middle of the night, stick them together to a big picture if sooner or later one of the pieces will fail you will be thanful if you can fix that or even replace it with a better implementation not known at the first start without touching the other pieces at all that's why postfix has different processes for different tasks and works for decades while not care about storage, sieve, responders and what not because they all can be intergated however someone needs
Re: mailman issue
On Fri, 2014-04-04 at 14:55:49 -0400, Curtis Maurand wrote: > I'm getting local user unknown errors when I try to send email to the > list., but as far as I know, I shouldn't need local aliases with this > configuration that anything destined for lists.delrc.org should go to > mailman and that's that. I know that I'm missing a detail somewhere. > I had all of this working prior to this, but I had a server meltdown > the other day and my configs were blown away with it and for whatever > reason, I can't find any backups. :-( Typically, you have to update the alias_maps definition, so that Postfix is made aware of valid Mailman addresses. In your follow-up, include the output of 'postconf -n' rather than snippets from main.cf. See: http://www.gnu.org/software/mailman/mailman-install/postfix-integration.html http://www.postfix.org/postconf.5.html#alias_maps -- Sahil Tandon
Re: Two domains names under the same IP: how to handle this issue ?
li...@rhsoft.net wrote: Am 05.04.2014 17:01, schrieb Miles Fidelman: It strikes me that I haven't seen a general answer to the original question how to set up PTR records when one is serving more than one domain under the same IP address. don't setup PTR records and A records for a mailsever setup *one* PTR record, *one* A record and *one* HELO-name just use a generic hostname like "mail.yourcompany.tld" and use that as MX records for as many domains you are hosting on that mailserver that: a) works b) is consistent c) don't bring you in trouble if it comes to TLS d) keeps things simple proven by hosting some hundret domains for a decade on one hostname True. And that's pretty much what I've ended up doing. One minor nit, though: when one is hosting email for clients, the generic hostname needs to be something innocuous (for example, when you use godaddy's mail services, all the mail goes out from .secureserver.net). -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra
Re: Two domains names under the same IP: how to handle this issue ?
On Sat, Apr 05, 2014 at 06:23:05PM +0200, li...@rhsoft.net wrote: > Am 05.04.2014 18:06, schrieb /dev/rob0: > > One other comment to this thread: please, PLEASE, get rid of > > nslookup. It is broken, bug-ridden garbage that will not be > > fixed. Nobody in A.D. 2014 should be recommending it. The > > proper tool for DNS troubleshooting is dig(1) > > agreed, but until now i found no way to do the PTR request > with dig or was not interested that much to dig docs instead > just type or find it absurd that "dig PTR 8.8.8.8" don't work "dig -x 8.8.8.8" is what you're after. :) The -x says "reverse the dotted elements, append '.in-addr.arpa.' and set QTYPE to PTR." Unlike most dig command line elements, order matters: the "-x" must come immediately before the IP address being queried. Note that it's not smart. ANY string of dotted elements will be handled in this way, not just an IPv4 address. Agreed that nslookup has a lower learning curve, and some folks prefer its interactive mode. To me that's not worth the risk of getting wrong/misleading data. > [harry@srv-rhsoft:~]$ nslookup 8.8.8.8 > Server: 127.0.0.1 > Address:127.0.0.1#53 > > Non-authoritative answer: > > 8.8.8.8.in-addr.arpaname = google-public-dns-a.google.com. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Re: Two domains names under the same IP: how to handle this issue ?
Am 05.04.2014 18:06, schrieb /dev/rob0: > One other comment to this thread: please, PLEASE, get rid of > nslookup. It is broken, bug-ridden garbage that will not be fixed. > Nobody in A.D. 2014 should be recommending it. The proper tool for > DNS troubleshooting is dig(1) agreed, but until now i found no way to do the PTR request with dig or was not interested that much to dig docs instead just type or find it absurd that "dig PTR 8.8.8.8" don't work [harry@srv-rhsoft:~]$ nslookup 8.8.8.8 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: 8.8.8.8.in-addr.arpaname = google-public-dns-a.google.com. Authoritative answers can be found from: 8.8.8.in-addr.arpa nameserver = ns3.google.com. 8.8.8.in-addr.arpa nameserver = ns4.google.com. 8.8.8.in-addr.arpa nameserver = ns2.google.com. 8.8.8.in-addr.arpa nameserver = ns1.google.com. ns1.google.com internet address = 216.239.32.10 ns4.google.com internet address = 216.239.38.10 ns3.google.com internet address = 216.239.36.10 ns2.google.com internet address = 216.239.34.10
Re: Two domains names under the same IP: how to handle this issue ?
On Sat, Apr 05, 2014 at 11:01:54AM -0400, Miles Fidelman wrote: > Which leads to several obvious questions: > - how does postfix use PTR records (e.g., which header lines > are matched, at what points in the processing chain, ...)? A client connects to smtpd. The PTR for the client IP address is looked up. The PTR value (that is, a hostname, such as "x.example.com.") is also looked up. If an A record matching the client IP address is returned, smtpd logs the connection as coming from "x.example.com[client.ip.add.ress]". Then if mail is eventually accepted, the Received header is constructed similarly: Received: from (x.example.com[client.ip.add.ress]) If this verification process fails, such as when no PTR exists for the address (see reject_unknown_reverse_client_hostname) or when the PTR value lookup fails (nxdomain, servfail, timeout) or returns a different IP address (see reject_unknown_client_hostname), smtpd logs the connection as coming from "unknown[client.ip.add.ress]". "Which header lines are matched"? I have no idea what you mean. "At what points in the processing chain"? This is all done by smtpd for any new client connection. > - how does it react to the absence of a PTR record? By default, only by logging as per above. Otherwise, according to whatever restrictions you have chosen to enforce. > - how does it react to mismatches (and in which headers)? A PTR/A mismatch is "unknown". Again, no idea what you are asking about headers. > - how much of this is configurable? Restrictions are configurable. See the ones listed under postconf.5.html#smtpd_client_restrictions . Logging is not configurable. > Yes, a lot of this is buried in the documentation - and I'm going > off to look - but the real question is: are there any lessons > learned and/or best practices to be applied to the general case > of serving multiple domains from the same IP address? Pick ONE name to be the canonical name of the machine. Set that as your PTR value for the IP address, and make sure that the name resolves to that address. Set that name as $myhostname. Forget the quest for the "perfect headers": it's not worth the trouble, and nobody cares anyway. Addendum: One other comment to this thread: please, PLEASE, get rid of nslookup. It is broken, bug-ridden garbage that will not be fixed. Nobody in A.D. 2014 should be recommending it. The proper tool for DNS troubleshooting is dig(1). -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Re: Two domains names under the same IP: how to handle this issue ?
-Original Message- From: Miles Fidelman The original poster's question caught my attention - the RFCs suggest that there should be only one PTR record per IP address -- which begs the question of what do when one is serving multiple domains behind that You set up the other domains so that the DNS has the "main" name as MX and the server sends mail even for the other domains using the server real name. In addition, setting up things like SPF and DKIM records for all the domains and making the "main" MX the authorised sender for them helps with validation. -Reko
Re: Two domains names under the same IP: how to handle this issue ?
Am 05.04.2014 17:01, schrieb Miles Fidelman: > It strikes me that I haven't seen a general answer to the original question > how to set up PTR records when one is serving more than one domain under > the same IP address. don't setup PTR records and A records for a mailsever setup *one* PTR record, *one* A record and *one* HELO-name just use a generic hostname like "mail.yourcompany.tld" and use that as MX records for as many domains you are hosting on that mailserver that: a) works b) is consistent c) don't bring you in trouble if it comes to TLS d) keeps things simple proven by hosting some hundret domains for a decade on one hostname
Re: Two domains names under the same IP: how to handle this issue ?
Am 05.04.2014 15:38, schrieb Germain: > Thank you for the accurate details ! > > When I issue the command: > > nslookup mx1.adtlas.com NSPRI.ADTLAS.COM > > I receive that, and it seems to me correct: > > Server: NSPRI.ADTLAS.COM > Address:88.191.117.125#53 > > Name: mx1.adtlas.com > Address: 88.191.117.125 > > As I wrote in my previous reply, my FQDN is mx1.adtlas.com and I think the > "mail" prefix is not mandatory ! > I may use what I want, right ? yes, doing so consistent everywhere > But my problem was due the missing "smtp_helo_name = mx1.adtlas.com", so > I've added it in the main.cf file before to restart POSTFIX :-) no, you did not get that far because your PTR needs to be "mx1.adtlas.com" too [harry@srv-rhsoft:~]$ nslookup 88.191.117.125 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: 125.117.191.88.in-addr.arpa name = adtlas.com > Unfortunately I will hire nobody right now: I'm a 62-year old Swiss retiree > which has done painfully its two innovative Web sites by learning alone by > himself all pieces of the puzzle to set them up and to keep them running: > PERL, JavaScript, HTML, etc. > > But sometimes I've to go on forums like this one to discuss with experts as > you, which I thank a lot for their appreciated help... and their patience > too :-) no problem - only please be very careful in case of a mailserver, that brings great responsiblity and in case of misconfigurations playing open relay and spread spam or malware it affects anybody out there!
Re: Two domains names under the same IP: how to handle this issue ?
It strikes me that I haven't seen a general answer to the original question - how to set up PTR records when one is serving more than one domain under the same IP address. This is of particular interest to me in that I currently do this as well. What I'm doing now, seems to be working, but it's a matter of accident, not design (small cluster, originally set up to support company email and web servers for a few consulting clients, now also hosting a variety of email lists -- the web servers all have their own IP addresses, but the email domains share a common postfix installation -- the postfix configuration and dns records have just been adjusted over time). It's all working, nothing is getting blocked, but I'm not sure why. The original poster's question caught my attention - the RFCs suggest that there should be only one PTR record per IP address -- which begs the question of what do when one is serving multiple domains behind that IP (be they virtual web servers or mail servers). And I can't seem to find any established best practices (in RFC form or less formally) - just a lot of anecdotal stories. One thing that I've gathered is that how various programs - notably SMTP servers and anti-spam packages - make use of PTR records, and how they behave in the their absence, or in the case of mismatches, is idiosyncratic. Which leads to several obvious questions: - how does postfix use PTR records (e.g., which header lines are matched, at what points in the processing chain, ...)? - how does it react to the absence of a PTR record? - how does it react to mismatches (and in which headers)? - how much of this is configurable? Yes, a lot of this is buried in the documentation - and I'm going off to look - but the real question is: are there any lessons learned and/or best practices to be applied to the general case of serving multiple domains from the same IP address? Inquiring minds want to know! Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra
Re: Two domains names under the same IP: how to handle this issue ?
Thank you for the accurate details ! When I issue the command: nslookup mx1.adtlas.com NSPRI.ADTLAS.COM I receive that, and it seems to me correct: Server: NSPRI.ADTLAS.COM Address:88.191.117.125#53 Name: mx1.adtlas.com Address: 88.191.117.125 As I wrote in my previous reply, my FQDN is mx1.adtlas.com and I think the "mail" prefix is not mandatory ! I may use what I want, right ? But my problem was due the missing "smtp_helo_name = mx1.adtlas.com", so I've added it in the main.cf file before to restart POSTFIX :-) Unfortunately I will hire nobody right now: I'm a 62-year old Swiss retiree which has done painfully its two innovative Web sites by learning alone by himself all pieces of the puzzle to set them up and to keep them running: PERL, JavaScript, HTML, etc. But sometimes I've to go on forums like this one to discuss with experts as you, which I thank a lot for their appreciated help... and their patience too :-) -- View this message in context: http://postfix.1071664.n5.nabble.com/Two-domains-names-under-the-same-IP-how-to-handle-this-issue-tp66655p66681.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: Two domains names under the same IP: how to handle this issue ?
Am 05.04.2014 14:15, schrieb Germain: > Thank you for your appreciated remarks ! > > I apologize for masking at first my data, but a lot of people are doing the > same at first with a generic question. yes, and if you each time trying to help somebody need to go trough several mails for get the real pocture. > As you have seen, I've then provided on my own my full parameters when it > was necessary... > > Please don't hurt too much dumb people asking for help: I'm for sure NOT a > POSTFIX or BIND guru and on Internet you will find many times confusing, if > not conflicting, informations about parameters for those servers... > > For me, and again excuse me, the terms "hostname", "domain" and "machine" > can be sometimes confusing when they relate to parametersi to be used in > configuration files for POSTFIX and BIND. no, they are really clear and to be honest if you have a problem to understand that terms you should hire somebody who does because that is a prerequisite for maintain a network facing machine * domain: example.com * FQDN: mail.example.com * hostname: mail (in that case) > Confusion occurs too with the "mx1.adtlas.com" and "mail.adtlas.com" > parameters... > > Last but notleast, my machine name is "sd-20384". what machine name is "sd-20384" and how does it matter? you may fight corrently with DNS-TTL, means even if you changed the PTR it may take up to 24 or 48 hours to get changed in dns caches all over the world, on the other hand there is still no A record for "mail.adtlas.com" asking your primary nameserver - so change that! final goal you should achieve: 125.117.191.88.in-addr.arpa name = mail.adtlas.com mail.adtlas.com = 88.191.117.125 main.cf -> smtp_helo_name -> mail.adtlas.com that is what the world is interested in because these are the public records and "smtp_helo_name" is the greeting your server makes to the destination which should be a) FQDN b) a exsting hostname c) relsove to a IP which should resolve back __ currently: [harry@srv-rhsoft:~]$ nslookup 88.191.117.125 8.8.8.8 Server: 8.8.8.8 Address:8.8.8.8#53 Non-authoritative answer: 125.117.191.88.in-addr.arpa name = adtlas.com. Name Server : NSPRI.ADTLAS.COM Name Server : NSSEC.ONLINE.NET Registrar Name : Namebay [harry@srv-rhsoft:~]$ nslookup mail.adtlas.com NSPRI.ADTLAS.COM Server: NSPRI.ADTLAS.COM Address:88.191.117.125#53 ** server can't find mail.adtlas.com.test.rh: REFUSED > I've the same "ethical problem" as this one: > https://forum.linode.com/viewtopic.php?t=7888 > > And I would like simply to be able to send mail with my PERL programs, using > the MIME::Lite CPAN module, with "webcont...@vehicall.com" or > "webcont...@adtlas.com" or "mic...@mouse.com" as sender without being > flagged as spam... that is independent from what is producing the messages, if you struggle with a wrong basic setup with your DNS records and hostname configurations you should not setup a MTA
Re: Two domains names under the same IP: how to handle this issue ?
Thank you for your appreciated remarks ! I apologize for masking at first my data, but a lot of people are doing the same at first with a generic question. As you have seen, I've then provided on my own my full parameters when it was necessary... Please don't hurt too much dumb people asking for help: I'm for sure NOT a POSTFIX or BIND guru and on Internet you will find many times confusing, if not conflicting, informations about parameters for those servers... For me, and again excuse me, the terms "hostname", "domain" and "machine" can be sometimes confusing when they relate to parametersi to be used in configuration files for POSTFIX and BIND. Confusion occurs too with the "mx1.adtlas.com" and "mail.adtlas.com" parameters... Last but notleast, my machine name is "sd-20384". I've the same "ethical problem" as this one: https://forum.linode.com/viewtopic.php?t=7888 And I would like simply to be able to send mail with my PERL programs, using the MIME::Lite CPAN module, with "webcont...@vehicall.com" or "webcont...@adtlas.com" or "mic...@mouse.com" as sender without being flagged as spam... If you are patient like me :-) I can provide my configuration files too ! -- View this message in context: http://postfix.1071664.n5.nabble.com/Two-domains-names-under-the-same-IP-how-to-handle-this-issue-tp66655p66679.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: SMTP client rate delay
Anders Melchiorsen: > Hello. > > We have some trouble delivering mail to a particular destination. After > something like five deliveries in a few seconds, our IP packets are > dropped for one hour. If you are a legitimate mail sender, make arrangements with the receiving ISP. > I have tried to add a rate delay, but it does not help. This provider > several of these domains at the same time. Immediately, we hit the > threshold and get locked out. Rate delay is a PER-DOMAIN (not: ISP) feature. If multiple domains are hosted on the same ISP, lists those domains in a transport map and specify the ISP as right-hand-side destination. Wietse
Re: Two domains names under the same IP: how to handle this issue ?
Hello! > On 5 Apr 2014, at 11:32, Germain wrote: > > How may I define two reverse, one for each domain, pointing to my single IP > ? Is it legal ? Is it possible ? > > Maybe I'm totally wrong... We just set one record, or none. You just get problems with more than one as I think most of time only one is assumed, or an arbitrary limit is placed. So stuff gets rejected randomly :/ So yeh don't do it. > On 5 Apr 2014, at 11:26, "li...@rhsoft.net" wrote: > > frankly, it makes me angry if people > * don't quote what they are replying to > * don't read informations someone provides them I agree and please don't take this the wrong way. I'm not trying to hit back or anything and I feel it can be constructive for all. It would be nice if you could: * when quoting, include name/address/date of *who* is quoted to help quickly find original message and also know who is quoted * sign off a name or set a from name It might just be me and I apologise if it is but for me at least it makes the mailing list experience a whole lot better. Regards, Jason
Re: SMTP client rate delay
Am 05.04.2014 13:02, schrieb Anders Melchiorsen: > Den 05/04/14 12.32, li...@rhsoft.net skrev: >> >> Am 05.04.2014 10:47, schrieb Anders Melchiorsen: >>> We have some trouble delivering mail to a particular destination. After >>> something >>> like five deliveries in a few seconds, our IP packets are dropped for one >>> hour. >> you can't work around every broken server out there > > Indeed, but this is our second largest ISP, so: sounds horrible (DROP packages in such a position) > * we have a lot of users there > * those users are complaining to us about the missing mails > * getting in touch with a real postmaster is hard (having him change things > will probably be even harder) > > So we hope to find a stopgap technically if you are large enough that you hit again and again that laughly limits you have only the option to spread your outgoing mails over several ip-addresses the better option is: if that is legit mail the RCPT wnats to have try to find enough senders which most likely know the RCPT in peson and ask him to complain at the ISP - since this is the customer of the ISP itself that would be a different position _ if your total mailcount is not too big you may consider settings like below which results in have 1 second delay for each message to the same destination, but you need to claclulate if that is doable at all! smtp_destination_recipient_limit = 15 smtp_initial_destination_concurrency = 2 smtp_destination_concurrency_limit= 2 smtp_destination_concurrency_failed_cohort_limit = 10 smtp_destination_rate_delay = 1 smtp_connection_cache_time_limit = 3
Re: SMTP client rate delay
Den 05/04/14 12.32, li...@rhsoft.net skrev: Am 05.04.2014 10:47, schrieb Anders Melchiorsen: We have some trouble delivering mail to a particular destination. After something like five deliveries in a few seconds, our IP packets are dropped for one hour. you can't work around every broken server out there Indeed, but this is our second largest ISP, so: * we have a lot of users there * those users are complaining to us about the missing mails * getting in touch with a real postmaster is hard (having him change things will probably be even harder) So we hope to find a stopgap. Cheers, Anders.
Re: Two domains names under the same IP: how to handle this issue ?
Am 05.04.2014 12:32, schrieb Germain:
> Many thanks for your answer, but now I'l lost...
> I rent one dedicated server at Online.net with two domains ("vehicall.com"
> and "adtlas.com" at Namebay) and my provider's console allows me to manage
> the reverse DNS.
why don't you just say that from the very begin?
> Actually I've since a while "adtlas.com." defined for "88.191.117.125" as
> reverse.
and that is why you should not mask infos if you seek for help
with the info above all would have been clear while honestly
you should understand the error message and what a FQDN is
your original post contained: "The FQDN is not seen in proper SMTP FQDN format:
It lacks the part" and "adtlas.com." is not a FQDN - so if you even
have a admin-backend ofr that why don#t you just enter "mail.adtlas.com." and
the same for the A-record and "smtp_helo_name"
[harry@srv-rhsoft:~]$ nslookup 88.191.117.125
Server: 127.0.0.1
Address:127.0.0.1#53
Non-authoritative answer:
125.117.191.88.in-addr.arpa name = adtlas.com.
Authoritative answers can be found from:
117.191.88.in-addr.arpa nameserver = nsa.online.net.
117.191.88.in-addr.arpa nameserver = nsb.online.net.
nsb.online.net internet address = 195.154.228.250
nsa.online.net internet address = 88.191.253.53
> How may I define two reverse, one for each domain, pointing
> to my single IP ? Is it legal ? Is it possible ?
>
> Maybe I'm totally wrong...
don't do that, you machine needs on A-record and one maching
PTR with a matching HELO-hostname which both does not depend
on any domain it is hosting for email
if you have more than one records it's up to the client
which one he is using and that may lead to problems
Re: Two domains names under the same IP: how to handle this issue ?
Many thanks for your answer, but now I'l lost...
I rent one dedicated server at Online.net with two domains ("vehicall.com"
and "adtlas.com" at Namebay) and my provider's console allows me to manage
the reverse DNS.
Actually I've since a while "adtlas.com." defined for "88.191.117.125" as
reverse.
How may I define two reverse, one for each domain, pointing to my single IP
? Is it legal ? Is it possible ?
Maybe I'm totally wrong...
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Two-domains-names-under-the-same-IP-how-to-handle-this-issue-tp66655p66671.html
Sent from the Postfix Users mailing list archive at Nabble.com.
Re: SMTP client rate delay
Am 05.04.2014 10:47, schrieb Anders Melchiorsen: > We have some trouble delivering mail to a particular destination. After > something > like five deliveries in a few seconds, our IP packets are dropped for one > hour. if that is true forget it to seeek for workariunds on your site and contact the syadmin on the other side and explain him that he is a fool * he has to reject with a 4xx response if you are over rate-limits * he has at least to REJECT packets instead to DROP if he is doing that with iptables and a irresponsible rate limit * he has to reconsider the irresponsible to not say laughable limits you can't work around every broken server out there
Re: Two domains names under the same IP: how to handle this issue ?
Am 05.04.2014 08:33, schrieb Germain:
> In fact I've already in the BIND configuration of zone-one.com:
>
> "zone-one.com. A xx.xxx.xxx.xxx"
> "mx1.zone-one.com. A xx.xxx.xxx.xxx"
> "zone-one.com. MX 10 mx1.zone-one.com."
> "xx.xxx.xxx.xxx.zone-one.com. PTR zone-one.com."
what is that above?
just read this!
http://en.wikipedia.org/wiki/Reverse_DNS_lookup
sorry, but you don't have a clue how DNS works and before you starr
to implement that read below beause you are not in the position to
control your PTR - are you aware that basic understanding of DNS
and networking is a prerequisite do maintaina public mailserver?
__
zone "196.168.192.in-addr.arpa." IN {
type master;
file "zones/196.168.192.in-addr.arpa.dns";
};
__
[root@srv-rhsoft:~]$ more zones/196.168.192.in-addr.arpa.dns
$TTL 3600
@ IN SOA srv-rhsoft.rhsoft.net. admin.rhsoft.net. (
1316784994 ; Serial
1800 ; Refresh
600 ; Retry
1814400 ; Expire
900 ; Negative-TTL
);
NS srv-rhsoft.rhsoft.net.
16 PTR arrakisvm.vmware.local.
255 PTR broadcast.vmware.local
__
> Same is true for zone-two.com with exactly the same related parameters!
> Maybe it is wrong to have both of them?
why don't you ask a nameserver others also asking?
nslookup xx.xxx.xxx.xxx 8.8.8.8
why don't you just open the link below?
http://www.emailtalk.org/ptr.aspx
frankly, it makes me angry if people
* don't quote what they are replying to
* don't read informations someone provides them
if you would not strip your IP for no good reason i could even
tell you what nameservers are responsible for your PTR
what you create on your BIND don't matter until you have at least
a /24 network and a agreement with your ISP that he makes your
nameservers responsible for in-addr-arpa of that subnet and that
is not easy to achieve - been there done that, took years of asking
Re: Two domains names under the same IP: how to handle this issue ?
On 05.04.2014 08:33, Germain wrote: > "xx.xxx.xxx.xxx.zone-one.com. PTR zone-one.com." PTR records live in the in-addr.arpa zone. With a high probability this zone is hosted at your provider. Please ask them to setup the PTR records. Regards -- Robert Sander Heinlein Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030-405051-43 Fax: 030-405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin signature.asc Description: OpenPGP digital signature
SMTP client rate delay
Hello. We have some trouble delivering mail to a particular destination. After something like five deliveries in a few seconds, our IP packets are dropped for one hour. I have tried to add a rate delay, but it does not help. This provider has a lot of different domains and Postfix will start delivery to several of these domains at the same time. Immediately, we hit the threshold and get locked out. Did we miss some setting that can help in this scenario? Getting the SMTP client to sleep for some seconds after each delivery would probably do the trick. Current configuration snippets below. Thanks, Anders. /etc/postfix/transport 123mail.dk cybercity: 12mail.dk cybercity: 12move.dk cybercity: 2night.dk cybercity: # ... 80 more domains /etc/postfix/master.cf cybercity unix - - n - 1 smtp /etc/postfix/main.cf cybercity_destination_concurrency_limit=2 cybercity_destination_rate_delay=30s cybercity_destination_concurrency_failed_cohort_limit=10
