Re: check_sender_access and pattern matching

2015-12-30 Thread Noel Jones 
On 12/30/2015 7:45 PM, Alex wrote:
> 
> The docs say reject_unlisted_recipient rejects mail when the recipient
> is not listed in the list of valid recipients for its domain class. I
> assume this means an IP listed in mynetworks or an entry from the
> check_recipient_access list?
> 
> The part I don't understand is, the reject_unlisted_recipient is
> before the users/IPs are listed. How does it know which users/IPs are
> permissible when it comes so far up in the processing list?


reject_unlisted_recipient is not related to the sender or client IP.

When you specify reject_unlisted_recipient, postfix checks to see if
postfix controls that domain, and if it does, if the recipient
address exists. Nonexistent recipients are rejected. More details in
http://www.postfix.org/ADDRESS_CLASS_README.html

Other restrictions control what senders or client IPs are acceptable.


  -- Noel Jones

Re: ldap validate

2015-12-30 Thread Noel Jones 
On 12/30/2015 11:22 AM, Gomes, Rich wrote:
> I have a couple of question about LDAP verification.
> 
> I followed this guide as I am using AD as LDAP source:
> 
> http://blog.yenlo.com/nl/using-postfix-ldap-search-against-active-directory
> 
> 
> This works perfectly until I am sending mail to the postfix server, then it 
> accepts the mail and passes with no verification.
> To clarify, this is the step that works perfectly:
> 
> postmap -vq johnpaulvanhelvo...@domain.nl ldap:/etc/postfix/ldap-aliases.cf
> 
> But not when I am sending to postfix (appserver > postfixrelay > nextsmtphop)
> 
> What needs to be done to validate them during the SMTP transaction?

Make sure your query returns nothing with a non-existent address.

The correct settings for address validation depend on the address
class of the recipient domain.
http://www.postfix.org/ADDRESS_CLASS_README.html

users in local domains defined in $mydestination are listed in
local_recipient_maps
users in domains defined in $relay_domains are listed in
relay_recipient_maps
users in domains defined in $virtual_alias_domains are listed in
$virtual_alias_maps
users in domains defined in $virtual_mailbox_domains are listed in
$virtual_mailbox_maps

Additionally, wildcard rewrites in virtual_alias_maps or
*canonical_maps will disable address validation.  Don't use wildcard
rewrites.



  -- Noel Jones

Re: ldap validate

2015-12-30 Thread Noel Jones 
On 12/30/2015 11:56 AM, Gomes, Rich wrote:
> Thanks, not using address rewrites
> 
> I am not sure which question you are answering when you listed the following:
> 
> users in local domains defined in $mydestination are listed in 
> local_recipient_maps 
> users in domains defined in $relay_domains are listed in relay_recipient_maps 
> users in domains defined in $virtual_alias_domains are listed in 
> $virtual_alias_maps
> users in domains defined in $virtual_mailbox_domains are listed in 
> $virtual_mailbox_maps
> 
> 
> 

So what address class is the domain you're trying to validate users?
Where is the domain defined in postfix?



  -- Noel Jones

ldap validate

2015-12-30 Thread Gomes, Rich 
I have a couple of question about LDAP verification.

I followed this guide as I am using AD as LDAP source:

http://blog.yenlo.com/nl/using-postfix-ldap-search-against-active-directory


This works perfectly until I am sending mail to the postfix server, then it 
accepts the mail and passes with no verification.
To clarify, this is the step that works perfectly:

postmap -vq johnpaulvanhelvo...@domain.nl ldap:/etc/postfix/ldap-aliases.cf

But not when I am sending to postfix (appserver > postfixrelay > nextsmtphop)

What needs to be done to validate them during the SMTP transaction?

Also, what if I have multiple SMTP domains within the same AD domain?
Can that be contained on this one line?

# Directory settings
domain = domain.nl,domain2.nl,domain3.nl,etc...


Thanks,
Rich

RE: ldap validate

2015-12-30 Thread Gomes, Rich 
Thanks, not using address rewrites

I am not sure which question you are answering when you listed the following:

users in local domains defined in $mydestination are listed in 
local_recipient_maps 
users in domains defined in $relay_domains are listed in relay_recipient_maps 
users in domains defined in $virtual_alias_domains are listed in 
$virtual_alias_maps
users in domains defined in $virtual_mailbox_domains are listed in 
$virtual_mailbox_maps







-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of Noel Jones
Sent: Wednesday, December 30, 2015 12:53 PM
To: postfix-users@postfix.org
Subject: Re: ldap validate

On 12/30/2015 11:22 AM, Gomes, Rich wrote:
> I have a couple of question about LDAP verification.
> 
> I followed this guide as I am using AD as LDAP source:
> 
> http://blog.yenlo.com/nl/using-postfix-ldap-search-against-active-dire
> ctory
> 
> 
> This works perfectly until I am sending mail to the postfix server, then it 
> accepts the mail and passes with no verification.
> To clarify, this is the step that works perfectly:
> 
> postmap -vq johnpaulvanhelvo...@domain.nl 
> ldap:/etc/postfix/ldap-aliases.cf
> 
> But not when I am sending to postfix (appserver > postfixrelay > 
> nextsmtphop)
> 
> What needs to be done to validate them during the SMTP transaction?

Make sure your query returns nothing with a non-existent address.

The correct settings for address validation depend on the address class of the 
recipient domain.
http://www.postfix.org/ADDRESS_CLASS_README.html

users in local domains defined in $mydestination are listed in 
local_recipient_maps users in domains defined in $relay_domains are listed in 
relay_recipient_maps users in domains defined in $virtual_alias_domains are 
listed in $virtual_alias_maps users in domains defined in 
$virtual_mailbox_domains are listed in $virtual_mailbox_maps

Additionally, wildcard rewrites in virtual_alias_maps or *canonical_maps will 
disable address validation.  Don't use wildcard rewrites.



  -- Noel Jones

RE: ldap validate

2015-12-30 Thread Gomes, Rich 
My postfix install is quite vanilla.
Other than inet_interfaces, and the ldap config, I change the following:

Mydomain 
Myorigin
Relayhost



-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of Noel Jones
Sent: Wednesday, December 30, 2015 1:28 PM
To: postfix-users@postfix.org
Subject: Re: ldap validate

On 12/30/2015 11:56 AM, Gomes, Rich wrote:
> Thanks, not using address rewrites
> 
> I am not sure which question you are answering when you listed the following:
> 
> users in local domains defined in $mydestination are listed in 
> local_recipient_maps users in domains defined in $relay_domains are 
> listed in relay_recipient_maps users in domains defined in 
> $virtual_alias_domains are listed in $virtual_alias_maps users in 
> domains defined in $virtual_mailbox_domains are listed in 
> $virtual_mailbox_maps
> 
> 
> 

So what address class is the domain you're trying to validate users?
Where is the domain defined in postfix?



  -- Noel Jones

Which Postfix Book do you recommend?

2015-12-30 Thread Dennis Steinkamp 

Hey guys,

i want to learn more about Postfix and mail servers in general.
This is more out of curiosity and personal interest, i am not a 
postmaster or anything. :)


I purchased the Book of Postfix a while ago and read through a few chapters.
I am sure most of it is still valid but on the other hand, postfix 
evolved and afaik the (english) book never got an update.


There are other german postfix books which seem to be a more or less 
translation of the Book of postfix but covering more recent postfix topics.

(especially the postfix + dovecot part is interesting)

I am talking about:
http://www.postfixbuch.de/
http://www.postfix-buch.com/

Are these books exactly the same?
Am i right to assume that the german books are a little bit more up2date?

Thank you for answering.

Dennis

Re: ldap validate

2015-12-30 Thread Noel Jones 
On 12/30/2015 12:35 PM, Gomes, Rich wrote:
> My postfix install is quite vanilla.
> Other than inet_interfaces, and the ldap config, I change the following:
> 
> Mydomain 
> Myorigin
> Relayhost
> 
> 

Carefully study the following, especially the parts about "valid
addresses."
http://www.postfix.org/ADDRESS_CLASS_README.html


If you need more help, please see:
http://www.postfix.org/DEBUG_README.html#mail




  -- Noel Jones

Re: Which Postfix Book do you recommend?

2015-12-30 Thread Robert Schetterer 
Am 30.12.2015 um 23:54 schrieb Dennis Steinkamp:
> Thank you for your reply.
> My postfix "needs" are pretty vague at this time.
> 
> Lets just say my goal for now is, to configure a postfix server for a
> single (test) domain with SMTP-AUTH and Dovecot
> so that ultimately, i can send and receive e-mails from my MUA.
> (Thunderbird in my case)
> I tend to learn new things best when i start from a simple and total
> minimalistic setup and adjust the configuration step-by-step from there.
> That approach is pretty much what the book of postfix does but it
> doesn`t cover dovecot. (SASL section is about Cyrus not Dovecot for
> example)
> Of course there are many guides and howtos floating around the web but
> they don`t help me to understand how things work together.
> I looking for a book that helps me to accomplish what i described
> earlier in a "step-by-step" fashion.
> 
> I would appreciate any recommendations you guys can give.
> 
> Thank you
> 
> Dennis


this is a mostly complete complex setup

https://www.exratione.com/2014/05/a-mailserver-on-ubuntu-1404-postfix-dovecot-mysql/

you might try google

dovecot postfix ubuntu

to find masses of step by step instructions

also

http://wiki2.dovecot.org/HowTo

should help and for sure the well done postfix doku

> 
> 
> Am 30.12.2015 um 23:02 schrieb Robert Schetterer:
>> Am 30.12.2015 um 21:47 schrieb Dennis Steinkamp:
>>> Hey guys,
>>>
>>> i want to learn more about Postfix and mail servers in general.
>>> This is more out of curiosity and personal interest, i am not a
>>> postmaster or anything. :)
>>>
>>> I purchased the Book of Postfix a while ago and read through a few
>>> chapters.
>>> I am sure most of it is still valid but on the other hand, postfix
>>> evolved and afaik the (english) book never got an update.
>>>
>>> There are other german postfix books which seem to be a more or less
>>> translation of the Book of postfix but covering more recent postfix
>>> topics.
>>> (especially the postfix + dovecot part is interesting)
>>>
>>> I am talking about:
>>> http://www.postfixbuch.de/
>> Peer Heinlein
>>
>>> http://www.postfix-buch.com/
>> Ralf Hildebrandt, Patrick Ben Koetter
>>
>> https://sys4.de/de/sys4/
>>
>>> Are these books exactly the same?
>> No, written by different germans
>>
>>> Am i right to assume that the german books are a little bit more
>>> up2date?
>> Most up2date might be
>>
>> http://www.dovecot-buch.de/
>>
>> see
>>
>> Peer Heinlein pre x-mas notice
>>
>> https://www.mail-archive.com/dovecot@dovecot.org/msg64398.html
>>
>>
>>
>> But i dont know if it covers your needs
>>
>>> Thank you for answering.
>>>
>>> Dennis
>> Printed books in general can t be up2date these days
>> as both projects postfix and dovecot are very active
>> but they can teach basics
>>
>>
>> Best Regards
>> MfG Robert Schetterer
>>
> 



Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: Which Postfix Book do you recommend?

2015-12-30 Thread Dennis Steinkamp 

Thank you for your reply.
My postfix "needs" are pretty vague at this time.

Lets just say my goal for now is, to configure a postfix server for a 
single (test) domain with SMTP-AUTH and Dovecot
so that ultimately, i can send and receive e-mails from my MUA. 
(Thunderbird in my case)
I tend to learn new things best when i start from a simple and total 
minimalistic setup and adjust the configuration step-by-step from there.
That approach is pretty much what the book of postfix does but it 
doesn`t cover dovecot. (SASL section is about Cyrus not Dovecot for example)
Of course there are many guides and howtos floating around the web but 
they don`t help me to understand how things work together.
I looking for a book that helps me to accomplish what i described 
earlier in a "step-by-step" fashion.


I would appreciate any recommendations you guys can give.

Thank you

Dennis


Am 30.12.2015 um 23:02 schrieb Robert Schetterer:

Am 30.12.2015 um 21:47 schrieb Dennis Steinkamp:

Hey guys,

i want to learn more about Postfix and mail servers in general.
This is more out of curiosity and personal interest, i am not a
postmaster or anything. :)

I purchased the Book of Postfix a while ago and read through a few
chapters.
I am sure most of it is still valid but on the other hand, postfix
evolved and afaik the (english) book never got an update.

There are other german postfix books which seem to be a more or less
translation of the Book of postfix but covering more recent postfix topics.
(especially the postfix + dovecot part is interesting)

I am talking about:
http://www.postfixbuch.de/

Peer Heinlein


http://www.postfix-buch.com/

Ralf Hildebrandt, Patrick Ben Koetter

https://sys4.de/de/sys4/


Are these books exactly the same?

No, written by different germans


Am i right to assume that the german books are a little bit more up2date?

Most up2date might be

http://www.dovecot-buch.de/

see

Peer Heinlein pre x-mas notice

https://www.mail-archive.com/dovecot@dovecot.org/msg64398.html



But i dont know if it covers your needs


Thank you for answering.

Dennis

Printed books in general can t be up2date these days
as both projects postfix and dovecot are very active
but they can teach basics


Best Regards
MfG Robert Schetterer

Re: Which Postfix Book do you recommend?

2015-12-30 Thread Robert Schetterer 
Am 30.12.2015 um 21:47 schrieb Dennis Steinkamp:
> Hey guys,
> 
> i want to learn more about Postfix and mail servers in general.
> This is more out of curiosity and personal interest, i am not a
> postmaster or anything. :)
> 
> I purchased the Book of Postfix a while ago and read through a few
> chapters.
> I am sure most of it is still valid but on the other hand, postfix
> evolved and afaik the (english) book never got an update.
> 
> There are other german postfix books which seem to be a more or less
> translation of the Book of postfix but covering more recent postfix topics.
> (especially the postfix + dovecot part is interesting)
> 
> I am talking about:

> http://www.postfixbuch.de/

Peer Heinlein

> http://www.postfix-buch.com/

Ralf Hildebrandt, Patrick Ben Koetter

https://sys4.de/de/sys4/

> 
> Are these books exactly the same?

No, written by different germans

> Am i right to assume that the german books are a little bit more up2date?

Most up2date might be

http://www.dovecot-buch.de/

see

Peer Heinlein pre x-mas notice

https://www.mail-archive.com/dovecot@dovecot.org/msg64398.html



But i dont know if it covers your needs

> 
> Thank you for answering.
> 
> Dennis

Printed books in general can t be up2date these days
as both projects postfix and dovecot are very active
but they can teach basics


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: check_sender_access and pattern matching

2015-12-30 Thread Alex 
Hi,

I hoped I could ask another question. Below is my
smtpd_recipient_restrictions as we were discussing earlier this week:

On Sun, Dec 27, 2015 at 9:37 PM, Bill Cole
 wrote:
> On 27 Dec 2015, at 20:22, Alex wrote:
> [...]
> smtpd_recipient_restrictions =
>   reject_non_fqdn_recipient,
>   reject_non_fqdn_sender,
>   reject_unlisted_recipient,
>   reject_unknown_recipient_domain,
>   permit_mynetworks,
>   reject_unauth_destination,
>   reject_unknown_sender_domain,
>   reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net,
>   reject_rhsbl_sender mykey.dbl.dq.spamhaus.net,
>   reject_rhsbl_helo mykey.dbl.dq.spamhaus.net
>   check_helo_access pcre:/etc/postfix/helo_checks.pcre,
>   check_helo_access hash:/etc/postfix/helo_checks,
>   reject_non_fqdn_helo_hostname,
>   reject_invalid_helo_hostname,
>   check_policy_service inet:127.0.0.1:2501,
>   check_recipient_access pcre:/etc/postfix/relay_recips_access,
>   permit

The docs say reject_unlisted_recipient rejects mail when the recipient
is not listed in the list of valid recipients for its domain class. I
assume this means an IP listed in mynetworks or an entry from the
check_recipient_access list?

The part I don't understand is, the reject_unlisted_recipient is
before the users/IPs are listed. How does it know which users/IPs are
permissible when it comes so far up in the processing list?

Thanks,
Alex

Re: check_sender_access and pattern matching

2015-12-30 Thread Bill Cole 

On 30 Dec 2015, at 20:45, Alex wrote:


Hi,

I hoped I could ask another question.


Well, you can ask...



Below is my
smtpd_recipient_restrictions as we were discussing earlier this week:

On Sun, Dec 27, 2015 at 9:37 PM, Bill Cole
 wrote:

On 27 Dec 2015, at 20:22, Alex wrote:
[...]
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unlisted_recipient,

[...]


The docs say reject_unlisted_recipient rejects mail when the recipient
is not listed in the list of valid recipients for its domain class.


I think you need to read the docs more carefully. Start at 
http://www.postfix.org/postconf.5.html#reject_unlisted_recipient, follow 
the reference in that section and follow the references from there as 
well. It may also help to read 
http://www.postfix.org/ADDRESS_CLASS_README.html. Maybe skim over them 
less swiftly?


I'm having a hard time responding to the specifics in the rest of your 
message because it seems that you've missed some critical concepts, so 
the ensuing queries don't really make much sense.