'aliasing' one domain to another?

2014-07-31 Thread lists 
I have Postfix 2.11.0 with virtual domains in mysql/postfixadmin, all
working well, as per setup below

user of the mydom.tld.au has also registered mydom.tld (to prevent
cybersquating)

sometimes they make mistakes and attempt to send emails to
a_u...@mydom.tld RATHER THAN (correct email) a_u...@mydom.tld.au

what is correct way/correct terminology to 'alias' (?) mydom.tld to
mydom.tld.au ?

with the aim so that any_existing_valid_addr...@mydom.tld.au but addressed
in error without '.au' will get delivered properly?

# postconf -n | grep virtual
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps
$mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps
$relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps
$sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps
$transport_maps $virtual_alias_domains $virtual_alias_maps
$virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf,
proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf,
proxy:mysql:/etc/postfix/mysql/catchall_maps.cf,
proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000

Re: Postfix consultancy to tune performance

2014-07-31 Thread Andrew Beverley 
On Thu, 2014-07-31 at 01:56 +, Viktor Dukhovni wrote:
> On Thu, Jul 31, 2014 at 12:07:18AM +0100, Andrew Beverley wrote:
> > On Wed, 2014-07-30 at 22:43 +, Viktor Dukhovni wrote:
> > > Connection re-use does not prevent concurrency, you'd need a pool
> > > of connections or parallel submission processes pulling messages
> > > from the application queue.  Concurrency is more important than
> > > connection re-use.
> > 
> > Ah, okay. Is default_process_limit the correct setting to be looking at
> > here? I have it set to the default of 100. The maxproc of the smtp unix
> > service in master.cf is set to the default.
> 
> You've suddenly switched topics from message injection, for which
> the default limits are more than ample to global process limits,
> which for an MTA that mostly sends control delivery concurrency.

Sorry, I misunderstood. When you say I'd need "a pool of connections or
parallel submission processes pulling messages from the application
queue", you mean within the actual application sending the emails to
Postfix? If so, the server is serving lots of different email lists, and
there are 10 threads which pick up and deliver email for the lists.
Therefore, I anticipate that each thread will deliver serially, but that
there could be 10 threads doing so in parallel.

> Did you mean to switch topics?

Erm, no... that is a good demonstration of why I was looking for a
consultant ;-)

That said, I am keen to understand, so I appreciate your help.

> Delivery concurrency is a much more complex topic, a lot depends on
> your hardware and network, as well who you send mail to and how much
> they push back...

Ditto.

> > I notice that maxproc of some other services in master.cf is set to 1 or
> > 0, rather than the default of 100 (eg pickup: 1, cleanup: 0, qmgr: 1).
> > Is this normal?
> 
> Essential.  Leave the limits that are 0 or 1 set to 0 or 1.  Other
> limits are tunable.

Okay, thanks,

Andy

Re: 'aliasing' one domain to another?

2014-07-31 Thread Charles Marcus 

On 7/31/2014 5:59 AM, li...@sbt.net.au  wrote:

I have Postfix 2.11.0 with virtual domains in mysql/postfixadmin, all
working well, as per setup below

user of the mydom.tld.au has also registered mydom.tld (to prevent
cybersquating)

sometimes they make mistakes and attempt to send emails to
a_u...@mydom.tld RATHER THAN (correct email) a_u...@mydom.tld.au

what is correct way/correct terminology to 'alias' (?) mydom.tld to
mydom.tld.au ?


You have to have a 1-1 mapping for each valid user.

Postfixadmin (sql based administrative tool for managing email user 
accounts for postfix) supports domain aliases out of the box (does the 
1-1 user mapping with SQL magic)...

Re: 'aliasing' one domain to another?

2014-07-31 Thread lists 
On Thu, July 31, 2014 8:55 pm, Charles Marcus wrote:

> You have to have a 1-1 mapping for each valid user.
>
>
> Postfixadmin (sql based administrative tool for managing email user
> accounts for postfix) supports domain aliases out of the box (does the 1-1
> user mapping with SQL magic)...

Charles,

thanks !

so I simply duplicate and point MX record at the mail host, and, jump to

https://mailhost/postfixadmin/create-alias-domain.php?target_domain=mydom.com

Mirror addresses of one of your domains to another.
Alias Domain:   The domain that mails come in for.
Target Domain:  The domain where mails should go

(I've used it in the past, wanted to make sure that's the 'correct' way to
go, thanks again)

Re: 'aliasing' one domain to another?

2014-07-31 Thread Charles Marcus 

On 7/31/2014 7:21 AM, li...@sbt.net.au  wrote:

On Thu, July 31, 2014 8:55 pm, Charles Marcus wrote:


You have to have a 1-1 mapping for each valid user.


Postfixadmin (sql based administrative tool for managing email user
accounts for postfix) supports domain aliases out of the box (does the 1-1
user mapping with SQL magic)...

Charles,

thanks !

so I simply duplicate and point MX record at the mail host, and, jump to

https://mailhost/postfixadmin/create-alias-domain.php?target_domain=mydom.com

Mirror addresses of one of your domains to another.
Alias Domain:   The domain that mails come in for.
Target Domain:  The domain where mails should go

(I've used it in the past, wanted to make sure that's the 'correct' way to
go, thanks again)


I actually have never needed to use the feature (just aware that it is 
there), but yes, that looks correct to me...

maildir quota "support"

2014-07-31 Thread Pol Hallen 
Hi all, I've configured postfix with virtual mailboxes.

I looking for a quota support with notify quota to customers.

Is there a script or something like it to solve my issue?

thanks

Pol

Re: maildir quota "support"

2014-07-31 Thread Leonardo Rodrigues 

On 31/07/14 09:59, Pol Hallen wrote:

Hi all, I've configured postfix with virtual mailboxes.

I looking for a quota support with notify quota to customers.

Is there a script or something like it to solve my issue?




quota control for virtual maildir accounts can be acchieved using:

http://vda.sourceforge.net/

using that, however, there's no easy way of having the quota 
notification to 'almost full' account. I acchieved that using dovecot as 
my delivery agent. I already used dovecot as pop3/imap4 daemon, so with 
a few changes i got it working as my delivery agent as well. And with 
dovecot being the delivery agent, those notifications can be easily 
configured:


http://wiki2.dovecot.org/Quota/Configuration#Quota_warnings




--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it

Re: maildir quota "support"

2014-07-31 Thread Pol Hallen 
Hi Leonardo, thanks for your help!

If can be useful I've found this perl script:

http://www.serveradminblog.com/2010/08/postfix-quota-notification-email-script/

regards

Pol

Re: Postfix consultancy to tune performance

2014-07-31 Thread Viktor Dukhovni 
On Thu, Jul 31, 2014 at 11:55:06AM +0100, Andrew Beverley wrote:

> > You've suddenly switched topics from message injection, for which
> > the default limits are more than ample to global process limits,
> > which for an MTA that mostly sends control delivery concurrency.
> 
> Sorry, I misunderstood. When you say I'd need "a pool of connections or
> parallel submission processes pulling messages from the application
> queue", you mean within the actual application sending the emails to
> Postfix?

Yes.  And the pool is modestly sized.  Around 10 parallel streams,
sometimes a bit less, sometimes a bit more, depending on the systems
in question.

> If so, the server is serving lots of different email lists, and
> there are 10 threads which pick up and deliver email for the lists.
> Therefore, I anticipate that each thread will deliver serially, but that
> there could be 10 threads doing so in parallel.

That sounds about right.

-- 
VIktor.

postfix conf change with new version

2014-07-31 Thread Stéphane MERLE 

Hi,

I am not sure if this is my fault or not, so please accept my apology 
before hand just in case ;)


I am setting up a new server with postfix using ubuntu 14.04 LTS so 
using postfix : mail_version = 2.11.0


I duplicate the conf from my old version ubuntu 12.04LTS with postfix 
version 2.7 and now I get this error while reloading :


/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
laposte_tr_initial_concurrency=1
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
hotmail_tr_initial_concurrency=1
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
laposte_tr_destination_concurrency_limit=1
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
orange_tr_initial_concurrency=1
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
laposte_tr_destination_rate_delay=1s
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
laposte_tr_destination_concurrency_failed_cohort_limit=50

...

what have I done wrong ?

I did set the transports ...
# cat transport
yahoo.com   yahoo_tr:
hotmail.com hotmail_tr:
hotmail.fr  hotmail_tr:
orange.fr   orange_tr:
wanadoo.fr  orange_tr:
wanadoo.com orange_tr:

# postmap /etc/postfix/transport

Stéphane

Re: postfix conf change with new version

2014-07-31 Thread li...@rhsoft.net 


Am 31.07.2014 um 16:52 schrieb Stéphane MERLE:
> I am not sure if this is my fault or not, so please accept my apology before 
> hand just in case ;)
> I am setting up a new server with postfix using ubuntu 14.04 LTS so using 
> postfix : mail_version = 2.11.0
> I duplicate the conf from my old version ubuntu 12.04LTS with postfix version 
> 2.7 and now I get this error while
> reloading :
> 
> /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
> hotmail_tr_initial_concurrency=1
> 
> what have I done wrong ?
> 
> I did set the transports ...
> # cat transport
> hotmail.fr  hotmail_tr:

and where they are in "master.cf"

most likely your configuration was all the time incomplete and
never worked as you thought but newer postfix is nicer and
tells you that

Re: postfix conf change with new version

2014-07-31 Thread Stéphane MERLE 


Le 31/07/2014 16:59, li...@rhsoft.net a écrit :


Am 31.07.2014 um 16:52 schrieb Stéphane MERLE:

I am not sure if this is my fault or not, so please accept my apology before 
hand just in case ;)
I am setting up a new server with postfix using ubuntu 14.04 LTS so using 
postfix : mail_version = 2.11.0
I duplicate the conf from my old version ubuntu 12.04LTS with postfix version 
2.7 and now I get this error while
reloading :

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
hotmail_tr_initial_concurrency=1

what have I done wrong ?

I did set the transports ...
# cat transport
hotmail.fr  hotmail_tr:

and where they are in "master.cf"

most likely your configuration was all the time incomplete and
never worked as you thought but newer postfix is nicer and
tells you that


I got those lines in master :

yahoo_tr  unix  -   -   n   -   20  smtp
-o smtp_bind_address=external.ip.of.the.server
hotmail_tr unix -   -   n   -   20  smtp
-o smtp_bind_address=external.ip.of.the.server
orange_tr unix -   -   n   -   20  smtp
-o smtp_bind_address=external.ip.of.the.server

I think I don't need the -o part but anyway, I left the same conf ... to 
avoid mistakes ...


I am missing laposte in the transport and master file, which I will add 
right now but still ... the error occur with the other ones ...


Stéphane

Re: postfix conf change with new version

2014-07-31 Thread Wietse Venema 
St?phane MERLE:
> Le 31/07/2014 16:59, li...@rhsoft.net a ?crit :
> >
> > Am 31.07.2014 um 16:52 schrieb St?phane MERLE:
> >> I am not sure if this is my fault or not, so please accept my apology 
> >> before hand just in case ;)
> >> I am setting up a new server with postfix using ubuntu 14.04 LTS so using 
> >> postfix : mail_version = 2.11.0
> >> I duplicate the conf from my old version ubuntu 12.04LTS with postfix 
> >> version 2.7 and now I get this error while
> >> reloading :
> >>
> >> /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
> >> hotmail_tr_initial_concurrency=1
> >>
> >> what have I done wrong ?

The correct name is xxx_initial_DESTINATION_concurrency.

Wietse

Re: Individual smtpd_tls_ask_ccert?

2014-07-31 Thread Noel Jones 
On 7/30/2014 11:43 PM, Patrick Ben Koetter wrote:
> 
> We have a few customers who must ensure that some parties use encrypted
> transport when send messages to them. I'm looking for a mechanism to enforce
> that on the default MX channel. It seems easier than spending hours telling
> their operators how to configure their MTA to route messages to a dedicated
> IP/port.
> 

You can do that much already.

# somewhere in main.cf
  check_sender_access hash:/path/to/tls_required

# tls_required
example.com   reject_plaintext_session

The real problem is this doesn't/can't enforce the From: header,
which is the only thing the end-user will eventually see.  Verifying
the client can't fix that.


  -- Noel Jones

Re: Individual smtpd_tls_ask_ccert?

2014-07-31 Thread Viktor Dukhovni 
On Thu, Jul 31, 2014 at 10:49:14AM -0500, Noel Jones wrote:

> You can do that much already.
> 
> # somewhere in main.cf
>   check_sender_access hash:/path/to/tls_required
> 
> # tls_required
> example.com   reject_plaintext_session

This is unwise, because it breaks forwarding.  If someone from
example.com sends mail to user@alumni.example that happens to
forward to user@acme.example (the receiving system), the mail
will be rejected.

SMTP is hop-by-hop, but envelope sender addresses are (mostly)
end-to-end.  The impedance mismatch makes it unwise to apply
hop-by-hop policy to end-to-end properties.

> The real problem is this doesn't/can't enforce the From: header,
> which is the only thing the end-user will eventually see.  Verifying
> the client can't fix that.

Is Patrick in fact talking about message authentication ala DKIM?
Or is he thinking more along the lines of SASL where some sending
systems "authenticate" to some receiving systems and as a result
are able to reach restricted mailing lists, relay mail outbound, ...

In the latter scenario, using ccert fingerprints is not always
convenient, and we had DANE client TLSA RRs, one could use the
client domain (HELO name) in ACLs instead of volatile ccert digests.

-- 
Viktor.

Re: postfix conf change with new version

2014-07-31 Thread Stéphane MERLE 


Le 31/07/2014 17:19, Wietse Venema a écrit :

St?phane MERLE:

Le 31/07/2014 16:59, li...@rhsoft.net a ?crit :

Am 31.07.2014 um 16:52 schrieb St?phane MERLE:

I am not sure if this is my fault or not, so please accept my apology before 
hand just in case ;)
I am setting up a new server with postfix using ubuntu 14.04 LTS so using 
postfix : mail_version = 2.11.0
I duplicate the conf from my old version ubuntu 12.04LTS with postfix version 
2.7 and now I get this error while
reloading :

/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
hotmail_tr_initial_concurrency=1

what have I done wrong ?

The correct name is xxx_initial_DESTINATION_concurrency.


pfff I knew that was my fault ... again 
thanks wietse 

Stéphane



Wietse

How to fetch From address from header via Postfix head_check?

2014-07-31 Thread Xie, Wei 
Greetings,

In Postfix header_check,  I would like to know how to fetch "From address" from 
header via Postfix head_check.  The rule "/^From: (.*) / PREPEND Resent-From: 
test...@yahoo.com " seems not working.

But the following two rules are working.

# TEST 1
/^subject:/ PREPEND Resent-From: test...@yahoo.com
# TEST 2
/^To: (.*)/ PREPEND Resent-From: test...@yahoo.com
/^To: (.*)/ PREPEND Resent-From: $1

Can somebody help?

Thanks,

Carl

Re: How to fetch From address from header via Postfix head_check?

2014-07-31 Thread Noel Jones 
On 7/31/2014 2:15 PM, Xie, Wei wrote:
> Greetings,
> 
>  
> 
> In Postfix header_check,  I would like to know how to fetch “From
> address” from header via Postfix head_check.  The rule “/^From: (.*)
> / PREPEND Resent-From: test...@yahoo.com “ seems not working.
> 
>  

yuck...  horrible abuse of the Resent-From header.

Does your test mail actually have a From: header?

Does your header_checks file have other From: rules above this?
Only one header_checks rule will fire for a particular header.


But this is a really bad idea. Resent-From should NOT be added by
the MTA.



> 
> But the following two rules are working.
> 
>  
> 
> # TEST 1
> 
> /^subject:/ PREPEND Resent-From: test...@yahoo.com
> 
> # TEST 2
> 
> /^To: (.*)/ PREPEND Resent-From: test...@yahoo.com
> 
> 
> /^To: (.*)/ PREPEND Resent-From: $1
> 
>  
> 
> Can somebody help?
> 
>  
> 
> Thanks,
> 
>  
> 
> Carl
>

Re: How to fetch From address from header via Postfix head_check?

2014-07-31 Thread Viktor Dukhovni 
On Thu, Jul 31, 2014 at 07:15:03PM +, Xie, Wei wrote:

> In Postfix header_check,  I would like to know how to fetch "From
> address" from header via Postfix head_check.  The rule "/^From:
> (.*) / PREPEND Resent-From: test...@yahoo.com " seems not working.

Actually you would not like to this.  Because setting "Resent-From:"
to duplicate the "From:" address is silly.  I thought you wanted
"Resent-From:" to record the receiving address whose mail forwarded,
not the message author.  The envelope recipient often does not
appear in message headers at all.

You're barking up the wrong tree I'm afraid.  What you want is
best done in a delivery agent with:

_destination_recipient_limit = 1

to ensure that the message being modified is routed to exactly one
recipient.  At that point you can inject various headers that record
the recipient address prior to forwarding.  Avoiding "Resent-From"
if you're paying attention.

-- 
Viktor.

Postfix 2.12 logging update

2014-07-31 Thread Wietse Venema 
This idea was discussed a few weeks ago on the mailing list. Today
I had some time to implement it because a train was delayed. Below
is text from the postfix-2.12-20140801 RELEASE_NOTES file.

Wietse

The Postfix SMTP server now logs at the end of a session how many
times an SMTP command was successfully invoked, followed by the
total number of invocations if it is different.

This logging will often be enough to diagnose a problem without
verbose logging or network sniffer.

  Normal session, no TLS:
disconnect from name[addr] ehlo=1 mail=1 rcpt=1 data=1 quit=1

  Normal session. with TLS:
disconnect from name[addr] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1

  All recipients rejected, no ESMTP command pipelining:
disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 quit=1

  All recipients rejected, with ESMTP command pipelining:
disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1

  Password guessing bot, hangs up without QUIT:
disconnect from name[addr] ehlo=1 auth=0/1

  Mis-configured client trying to use TLS wrappermode on port 587:
disconnect from name[addr] unknown=0/1

Logfile analyzers can trigger on the presence of "/". It indicates
that Postfix rejected at least one command.