Re: check_sender_access and pattern matching
On 12/30/2015 7:45 PM, Alex wrote: > > The docs say reject_unlisted_recipient rejects mail when the recipient > is not listed in the list of valid recipients for its domain class. I > assume this means an IP listed in mynetworks or an entry from the > check_recipient_access list? > > The part I don't understand is, the reject_unlisted_recipient is > before the users/IPs are listed. How does it know which users/IPs are > permissible when it comes so far up in the processing list? reject_unlisted_recipient is not related to the sender or client IP. When you specify reject_unlisted_recipient, postfix checks to see if postfix controls that domain, and if it does, if the recipient address exists. Nonexistent recipients are rejected. More details in http://www.postfix.org/ADDRESS_CLASS_README.html Other restrictions control what senders or client IPs are acceptable. -- Noel Jones
Re: ldap validate
On 12/30/2015 11:22 AM, Gomes, Rich wrote: > I have a couple of question about LDAP verification. > > I followed this guide as I am using AD as LDAP source: > > http://blog.yenlo.com/nl/using-postfix-ldap-search-against-active-directory > > > This works perfectly until I am sending mail to the postfix server, then it > accepts the mail and passes with no verification. > To clarify, this is the step that works perfectly: > > postmap -vq johnpaulvanhelvo...@domain.nl ldap:/etc/postfix/ldap-aliases.cf > > But not when I am sending to postfix (appserver > postfixrelay > nextsmtphop) > > What needs to be done to validate them during the SMTP transaction? Make sure your query returns nothing with a non-existent address. The correct settings for address validation depend on the address class of the recipient domain. http://www.postfix.org/ADDRESS_CLASS_README.html users in local domains defined in $mydestination are listed in local_recipient_maps users in domains defined in $relay_domains are listed in relay_recipient_maps users in domains defined in $virtual_alias_domains are listed in $virtual_alias_maps users in domains defined in $virtual_mailbox_domains are listed in $virtual_mailbox_maps Additionally, wildcard rewrites in virtual_alias_maps or *canonical_maps will disable address validation. Don't use wildcard rewrites. -- Noel Jones
Re: ldap validate
On 12/30/2015 11:56 AM, Gomes, Rich wrote: > Thanks, not using address rewrites > > I am not sure which question you are answering when you listed the following: > > users in local domains defined in $mydestination are listed in > local_recipient_maps > users in domains defined in $relay_domains are listed in relay_recipient_maps > users in domains defined in $virtual_alias_domains are listed in > $virtual_alias_maps > users in domains defined in $virtual_mailbox_domains are listed in > $virtual_mailbox_maps > > > So what address class is the domain you're trying to validate users? Where is the domain defined in postfix? -- Noel Jones
ldap validate
I have a couple of question about LDAP verification. I followed this guide as I am using AD as LDAP source: http://blog.yenlo.com/nl/using-postfix-ldap-search-against-active-directory This works perfectly until I am sending mail to the postfix server, then it accepts the mail and passes with no verification. To clarify, this is the step that works perfectly: postmap -vq johnpaulvanhelvo...@domain.nl ldap:/etc/postfix/ldap-aliases.cf But not when I am sending to postfix (appserver > postfixrelay > nextsmtphop) What needs to be done to validate them during the SMTP transaction? Also, what if I have multiple SMTP domains within the same AD domain? Can that be contained on this one line? # Directory settings domain = domain.nl,domain2.nl,domain3.nl,etc... Thanks, Rich
RE: ldap validate
Thanks, not using address rewrites I am not sure which question you are answering when you listed the following: users in local domains defined in $mydestination are listed in local_recipient_maps users in domains defined in $relay_domains are listed in relay_recipient_maps users in domains defined in $virtual_alias_domains are listed in $virtual_alias_maps users in domains defined in $virtual_mailbox_domains are listed in $virtual_mailbox_maps -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Noel Jones Sent: Wednesday, December 30, 2015 12:53 PM To: postfix-users@postfix.org Subject: Re: ldap validate On 12/30/2015 11:22 AM, Gomes, Rich wrote: > I have a couple of question about LDAP verification. > > I followed this guide as I am using AD as LDAP source: > > http://blog.yenlo.com/nl/using-postfix-ldap-search-against-active-dire > ctory > > > This works perfectly until I am sending mail to the postfix server, then it > accepts the mail and passes with no verification. > To clarify, this is the step that works perfectly: > > postmap -vq johnpaulvanhelvo...@domain.nl > ldap:/etc/postfix/ldap-aliases.cf > > But not when I am sending to postfix (appserver > postfixrelay > > nextsmtphop) > > What needs to be done to validate them during the SMTP transaction? Make sure your query returns nothing with a non-existent address. The correct settings for address validation depend on the address class of the recipient domain. http://www.postfix.org/ADDRESS_CLASS_README.html users in local domains defined in $mydestination are listed in local_recipient_maps users in domains defined in $relay_domains are listed in relay_recipient_maps users in domains defined in $virtual_alias_domains are listed in $virtual_alias_maps users in domains defined in $virtual_mailbox_domains are listed in $virtual_mailbox_maps Additionally, wildcard rewrites in virtual_alias_maps or *canonical_maps will disable address validation. Don't use wildcard rewrites. -- Noel Jones
RE: ldap validate
My postfix install is quite vanilla. Other than inet_interfaces, and the ldap config, I change the following: Mydomain Myorigin Relayhost -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Noel Jones Sent: Wednesday, December 30, 2015 1:28 PM To: postfix-users@postfix.org Subject: Re: ldap validate On 12/30/2015 11:56 AM, Gomes, Rich wrote: > Thanks, not using address rewrites > > I am not sure which question you are answering when you listed the following: > > users in local domains defined in $mydestination are listed in > local_recipient_maps users in domains defined in $relay_domains are > listed in relay_recipient_maps users in domains defined in > $virtual_alias_domains are listed in $virtual_alias_maps users in > domains defined in $virtual_mailbox_domains are listed in > $virtual_mailbox_maps > > > So what address class is the domain you're trying to validate users? Where is the domain defined in postfix? -- Noel Jones
Which Postfix Book do you recommend?
Hey guys, i want to learn more about Postfix and mail servers in general. This is more out of curiosity and personal interest, i am not a postmaster or anything. :) I purchased the Book of Postfix a while ago and read through a few chapters. I am sure most of it is still valid but on the other hand, postfix evolved and afaik the (english) book never got an update. There are other german postfix books which seem to be a more or less translation of the Book of postfix but covering more recent postfix topics. (especially the postfix + dovecot part is interesting) I am talking about: http://www.postfixbuch.de/ http://www.postfix-buch.com/ Are these books exactly the same? Am i right to assume that the german books are a little bit more up2date? Thank you for answering. Dennis
Re: ldap validate
On 12/30/2015 12:35 PM, Gomes, Rich wrote: > My postfix install is quite vanilla. > Other than inet_interfaces, and the ldap config, I change the following: > > Mydomain > Myorigin > Relayhost > > Carefully study the following, especially the parts about "valid addresses." http://www.postfix.org/ADDRESS_CLASS_README.html If you need more help, please see: http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones
Re: Which Postfix Book do you recommend?
Am 30.12.2015 um 23:54 schrieb Dennis Steinkamp: > Thank you for your reply. > My postfix "needs" are pretty vague at this time. > > Lets just say my goal for now is, to configure a postfix server for a > single (test) domain with SMTP-AUTH and Dovecot > so that ultimately, i can send and receive e-mails from my MUA. > (Thunderbird in my case) > I tend to learn new things best when i start from a simple and total > minimalistic setup and adjust the configuration step-by-step from there. > That approach is pretty much what the book of postfix does but it > doesn`t cover dovecot. (SASL section is about Cyrus not Dovecot for > example) > Of course there are many guides and howtos floating around the web but > they don`t help me to understand how things work together. > I looking for a book that helps me to accomplish what i described > earlier in a "step-by-step" fashion. > > I would appreciate any recommendations you guys can give. > > Thank you > > Dennis this is a mostly complete complex setup https://www.exratione.com/2014/05/a-mailserver-on-ubuntu-1404-postfix-dovecot-mysql/ you might try google dovecot postfix ubuntu to find masses of step by step instructions also http://wiki2.dovecot.org/HowTo should help and for sure the well done postfix doku > > > Am 30.12.2015 um 23:02 schrieb Robert Schetterer: >> Am 30.12.2015 um 21:47 schrieb Dennis Steinkamp: >>> Hey guys, >>> >>> i want to learn more about Postfix and mail servers in general. >>> This is more out of curiosity and personal interest, i am not a >>> postmaster or anything. :) >>> >>> I purchased the Book of Postfix a while ago and read through a few >>> chapters. >>> I am sure most of it is still valid but on the other hand, postfix >>> evolved and afaik the (english) book never got an update. >>> >>> There are other german postfix books which seem to be a more or less >>> translation of the Book of postfix but covering more recent postfix >>> topics. >>> (especially the postfix + dovecot part is interesting) >>> >>> I am talking about: >>> http://www.postfixbuch.de/ >> Peer Heinlein >> >>> http://www.postfix-buch.com/ >> Ralf Hildebrandt, Patrick Ben Koetter >> >> https://sys4.de/de/sys4/ >> >>> Are these books exactly the same? >> No, written by different germans >> >>> Am i right to assume that the german books are a little bit more >>> up2date? >> Most up2date might be >> >> http://www.dovecot-buch.de/ >> >> see >> >> Peer Heinlein pre x-mas notice >> >> https://www.mail-archive.com/dovecot@dovecot.org/msg64398.html >> >> >> >> But i dont know if it covers your needs >> >>> Thank you for answering. >>> >>> Dennis >> Printed books in general can t be up2date these days >> as both projects postfix and dovecot are very active >> but they can teach basics >> >> >> Best Regards >> MfG Robert Schetterer >> > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Which Postfix Book do you recommend?
Thank you for your reply. My postfix "needs" are pretty vague at this time. Lets just say my goal for now is, to configure a postfix server for a single (test) domain with SMTP-AUTH and Dovecot so that ultimately, i can send and receive e-mails from my MUA. (Thunderbird in my case) I tend to learn new things best when i start from a simple and total minimalistic setup and adjust the configuration step-by-step from there. That approach is pretty much what the book of postfix does but it doesn`t cover dovecot. (SASL section is about Cyrus not Dovecot for example) Of course there are many guides and howtos floating around the web but they don`t help me to understand how things work together. I looking for a book that helps me to accomplish what i described earlier in a "step-by-step" fashion. I would appreciate any recommendations you guys can give. Thank you Dennis Am 30.12.2015 um 23:02 schrieb Robert Schetterer: Am 30.12.2015 um 21:47 schrieb Dennis Steinkamp: Hey guys, i want to learn more about Postfix and mail servers in general. This is more out of curiosity and personal interest, i am not a postmaster or anything. :) I purchased the Book of Postfix a while ago and read through a few chapters. I am sure most of it is still valid but on the other hand, postfix evolved and afaik the (english) book never got an update. There are other german postfix books which seem to be a more or less translation of the Book of postfix but covering more recent postfix topics. (especially the postfix + dovecot part is interesting) I am talking about: http://www.postfixbuch.de/ Peer Heinlein http://www.postfix-buch.com/ Ralf Hildebrandt, Patrick Ben Koetter https://sys4.de/de/sys4/ Are these books exactly the same? No, written by different germans Am i right to assume that the german books are a little bit more up2date? Most up2date might be http://www.dovecot-buch.de/ see Peer Heinlein pre x-mas notice https://www.mail-archive.com/dovecot@dovecot.org/msg64398.html But i dont know if it covers your needs Thank you for answering. Dennis Printed books in general can t be up2date these days as both projects postfix and dovecot are very active but they can teach basics Best Regards MfG Robert Schetterer
Re: Which Postfix Book do you recommend?
Am 30.12.2015 um 21:47 schrieb Dennis Steinkamp: > Hey guys, > > i want to learn more about Postfix and mail servers in general. > This is more out of curiosity and personal interest, i am not a > postmaster or anything. :) > > I purchased the Book of Postfix a while ago and read through a few > chapters. > I am sure most of it is still valid but on the other hand, postfix > evolved and afaik the (english) book never got an update. > > There are other german postfix books which seem to be a more or less > translation of the Book of postfix but covering more recent postfix topics. > (especially the postfix + dovecot part is interesting) > > I am talking about: > http://www.postfixbuch.de/ Peer Heinlein > http://www.postfix-buch.com/ Ralf Hildebrandt, Patrick Ben Koetter https://sys4.de/de/sys4/ > > Are these books exactly the same? No, written by different germans > Am i right to assume that the german books are a little bit more up2date? Most up2date might be http://www.dovecot-buch.de/ see Peer Heinlein pre x-mas notice https://www.mail-archive.com/dovecot@dovecot.org/msg64398.html But i dont know if it covers your needs > > Thank you for answering. > > Dennis Printed books in general can t be up2date these days as both projects postfix and dovecot are very active but they can teach basics Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: check_sender_access and pattern matching
Hi, I hoped I could ask another question. Below is my smtpd_recipient_restrictions as we were discussing earlier this week: On Sun, Dec 27, 2015 at 9:37 PM, Bill Colewrote: > On 27 Dec 2015, at 20:22, Alex wrote: > [...] > smtpd_recipient_restrictions = > reject_non_fqdn_recipient, > reject_non_fqdn_sender, > reject_unlisted_recipient, > reject_unknown_recipient_domain, > permit_mynetworks, > reject_unauth_destination, > reject_unknown_sender_domain, > reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net, > reject_rhsbl_sender mykey.dbl.dq.spamhaus.net, > reject_rhsbl_helo mykey.dbl.dq.spamhaus.net > check_helo_access pcre:/etc/postfix/helo_checks.pcre, > check_helo_access hash:/etc/postfix/helo_checks, > reject_non_fqdn_helo_hostname, > reject_invalid_helo_hostname, > check_policy_service inet:127.0.0.1:2501, > check_recipient_access pcre:/etc/postfix/relay_recips_access, > permit The docs say reject_unlisted_recipient rejects mail when the recipient is not listed in the list of valid recipients for its domain class. I assume this means an IP listed in mynetworks or an entry from the check_recipient_access list? The part I don't understand is, the reject_unlisted_recipient is before the users/IPs are listed. How does it know which users/IPs are permissible when it comes so far up in the processing list? Thanks, Alex
Re: check_sender_access and pattern matching
On 30 Dec 2015, at 20:45, Alex wrote: Hi, I hoped I could ask another question. Well, you can ask... Below is my smtpd_recipient_restrictions as we were discussing earlier this week: On Sun, Dec 27, 2015 at 9:37 PM, Bill Colewrote: On 27 Dec 2015, at 20:22, Alex wrote: [...] smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unlisted_recipient, [...] The docs say reject_unlisted_recipient rejects mail when the recipient is not listed in the list of valid recipients for its domain class. I think you need to read the docs more carefully. Start at http://www.postfix.org/postconf.5.html#reject_unlisted_recipient, follow the reference in that section and follow the references from there as well. It may also help to read http://www.postfix.org/ADDRESS_CLASS_README.html. Maybe skim over them less swiftly? I'm having a hard time responding to the specifics in the rest of your message because it seems that you've missed some critical concepts, so the ensuing queries don't really make much sense.