Re: invalid hostname in helo
On Jul 23, 2015, at 10:26 AM, Sascha Hüdepohl wrote: > So my question is: Are there any reasonable reasons to have an invalid > helo hostname or should i relax my settings? That all depends on the value of “reasonable” you have. To my mind, no, there is not. There are MANY mail servers that will reject their mail. That said, I see some surprisingly large companies that still don’t understand email at all, so… -- Realizing the importance of the case, my men are rounding up twice the usual number of suspects.
Re: OS accounts/users with @
Andrzej A. Filip: > wie...@porcupine.org (Wietse Venema) wrote: > [...] > > In any case, using UNIX system account names with @ is a mistake, > > and I will not put in a great deal of effort to make that easy. > > IMHO it does make sense at big system shared by a few+ "loosely coupled" > organizations or in server group sharing common authentication system. Do those users really require shell access on your server? I would allow only UNIX shell accounts via PAM, and look up the remainder with the Postfix LDAP client. I forgot to mention one thing is you use virtual(8) as outlined in my reply with aliases to local(8). If you have a virtual_alias_maps entry for r...@example.com -> root@localhost, then you don't need to list r...@example.com in virtual_mailbox/uid/gid_maps. Ditto for other standard accounts. ietse
Re: OS accounts/users with @
wie...@porcupine.org (Wietse Venema) wrote: [...] > In any case, using UNIX system account names with @ is a mistake, > and I will not put in a great deal of effort to make that easy. IMHO it does make sense at big system shared by a few+ "loosely coupled" organizations or in server group sharing common authentication system.
Re: check_policy_service not working - need a 4eye method or..
Istvan Prosinger: > Hello everyone, > > I have this im main.cf (I'ts actually an attempt to implement > cluebringer/policyd) > > smtpd_recipient_restrictions = check_policy_service > inet:127.0.0.1:10031, > permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination > > For some reason Postfix is ignoring the 1st row (the > check_policy_service one) - there's no trace in policyd log that postfix > even tried to contact it, while it works fine when I telnet to it. Well maybe policyd is lying. Wietse
Re: OS accounts/users with @
Andrzej A. Filip: > wie...@porcupine.org (Wietse Venema) wrote: > > Andrzej A. Filip: > >> Is it possible to make postfix handle OS usernames with @ in them? > >> How to do it? > > > > Use virtual(8) instead of local(8). > > Should I expect some problems selecting virtual mailer for deliveries to > j...@example.net via transport table? No, that would not work. The problem is: how does the SMTP daemon know that the recipient address is valid? This requires that: if the domain name matches then the recipient is listed in == === mydestinationlocal_recipient_maps as username no domain virtual_alias_domainsvirtual_alias_maps as username with domain virtual_mailbox_domains virtual_mailbox_maps as username with domain (use fixed-width font to view the above). One way out is to list domain(s) in virtual_mailbox_domains and recipients in virtual_mailbox_maps, then use virtual_alias_maps to direct some system accounts to the local(8) delivery agent if desirable: r...@example.com root@localhost In any case, using UNIX system account names with @ is a mistake, and I will not put in a great deal of effort to make that easy. Wietse
check_policy_service not working - need a 4eye method or..
Hello everyone, I have this im main.cf (I'ts actually an attempt to implement cluebringer/policyd) smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination For some reason Postfix is ignoring the 1st row (the check_policy_service one) - there's no trace in policyd log that postfix even tried to contact it, while it works fine when I telnet to it. I must be missing something simple but colorful :) Any help would be appitiated... [root@top log]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases allow_percent_hack = no broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = ipv4 mail_owner = postfix mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, top.tesspot.com myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES sample_directory = /usr/share/doc/postfix-2.10.1/samples sender_bcc_maps = hash:/etc/postfix/bcc sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem smtpd_tls_key_file = /etc/postfix/postfix.key.pem smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_use_tls = yes unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual [root@top log]# netstat -tanp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 127.0.0.1:10031 0.0.0.0:* LISTEN 16959/perl ...
Re: OS accounts/users with @
wie...@porcupine.org (Wietse Venema) wrote: > Andrzej A. Filip: >> Is it possible to make postfix handle OS usernames with @ in them? >> How to do it? > > Use virtual(8) instead of local(8). Should I expect some problems selecting virtual mailer for deliveries to j...@example.net via transport table? [I would add entries in virtual uid table and virtual mailbox table] [ http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox ]
When ist virtual used and when not?
Hi, I would like to divert mail for postmas...@mydomain.info from the usual Exchange server to my account on some other internal server: # postconf | grep "^mydomain" mydomain = mydomain.info /etc/postfix/virtual: - postmaster rdahlem@internal.domain /etc/postfix/transport: --- internal.domain smtp:[someserver.mydomain.info] .internal.domainsmtp:[someserver.mydomain.info] mydomain.info smtp:[exchange.mydomain.info] .mydomain.info smtp:[exchange.mydomain.info] For mail from external sources that works: postfix/smtpd[12040]: BFC6AA6606: client=unknown[212.227.15.19] postfix/cleanup[12045]: BFC6AA6606: message-id=<55ba23cf.6000...@gmx.net> postfix/qmgr[29471]: BFC6AA6606: from=, size=2044, nrcpt=1 (queue active) postfix/smtp[12046]: BFC6AA6606: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=3.7, delays=3.2/0/0.01/0.51, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4ECCDA661A) postfix/qmgr[29471]: BFC6AA6606: removed Mail gets sent to Amavis after being re-addressed. Then: postfix/smtpd[12058]: 4ECCDA661A: client=localhost[127.0.0.1], orig_queue_id=BFC6AA6606, orig_client=unknown[212.227.15.19] postfix/cleanup[12045]: 4ECCDA661A: message-id=<55ba23cf.6000...@gmx.net> postfix/qmgr[29471]: 4ECCDA661A: from=, size=2697, nrcpt=1 (queue active) postfix/smtp[12059]: 4ECCDA661A: to=, relay=someserver.mydomain.info[10.4.5.6]:25, delay=0.11, delays=0.03/0.01/0.01/0.07, dsn=2.0.0, status=sent (250 2.0.0 t6UDGwQb007363 Message accepted for delivery) postfix/qmgr[29471]: 4ECCDA661A: removed But in the case of mail originating from Amavis for postmas...@mydomain.info that does not work: postfix/smtpd[22114]: BD772A661A: client=localhost[127.0.0.1] postfix/cleanup[22101]: BD772A661A: message-id= postfix/qmgr[4567]: BD772A661A: from=, size=2591, nrcpt=1 (queue active) postfix/smtp[22115]: BD772A661A: to=, relay=exchange.mydomain.info[10.1.2.3]:25, delay=5.2, delays=0.07/0.01/0.08/5.1, dsn=5.1.1, status=bounced (host exchange.mydomain.info[10.1.2.3] said: 550 5.1.1 User unknown (in reply to RCPT TO command)) postfix/bounce[22117]: BD772A661A: sender non-delivery notification: E897EA675D postfix/qmgr[4567]: BD772A661A: removed Why is /etc/postfix/virtual ignored in the second case and what should I do about that? Kind regards, Robert
Re: RR Duplicate entry
Yuppers, that was it! It was doing my head in. Cheers very much! On Thu, Jul 30, 2015, at 03:54 PM, wilfried.es...@essignetz.de wrote: > Hi Peter, > > > retry with "grep -i name.surna...@domain.com". > > > Willi > > > Am 30.07.2015 um 15:44 schrieb Peter: > > Hi guys, > > > > I have stumbled upon this warning today while wanting to remove > > duplicates from /etc/postfix/relay_recipients: > > > > [root@mx ~]# postmap /etc/postfix/relay_recipients > > postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry: > > "name.surna...@domain.com" > > postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry: > > "name.surna...@domain.com" > > postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry: > > "name.surna...@domain.com" > > postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry: > > "name.surna...@domain.com" > > ... > > > > I have got 10 of such entries. > > > > Now: > > > > [root@mx ]# cat /etc/postfix/relay_recipients | grep > > name.surna...@domain.com > > name.surna...@domain.com OK > > > > so tehre is only 1 entry. Why does postfix think the value is > > duplicated? > > > > P. > > > >
Re: RR Duplicate entry
Hi Peter, retry with "grep -i name.surna...@domain.com". Willi Am 30.07.2015 um 15:44 schrieb Peter: > Hi guys, > > I have stumbled upon this warning today while wanting to remove > duplicates from /etc/postfix/relay_recipients: > > [root@mx ~]# postmap /etc/postfix/relay_recipients > postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry: > "name.surna...@domain.com" > postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry: > "name.surna...@domain.com" > postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry: > "name.surna...@domain.com" > postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry: > "name.surna...@domain.com" > ... > > I have got 10 of such entries. > > Now: > > [root@mx ]# cat /etc/postfix/relay_recipients | grep > name.surna...@domain.com > name.surna...@domain.com OK > > so tehre is only 1 entry. Why does postfix think the value is > duplicated? > > P. >
RR Duplicate entry
Hi guys, I have stumbled upon this warning today while wanting to remove duplicates from /etc/postfix/relay_recipients: [root@mx ~]# postmap /etc/postfix/relay_recipients postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry: "name.surna...@domain.com" postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry: "name.surna...@domain.com" postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry: "name.surna...@domain.com" postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry: "name.surna...@domain.com" ... I have got 10 of such entries. Now: [root@mx ]# cat /etc/postfix/relay_recipients | grep name.surna...@domain.com name.surna...@domain.com OK so tehre is only 1 entry. Why does postfix think the value is duplicated? P.
