Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error
*Problem solved * It turns out that in *smtpd_client_restrictions =* I was missing the *permit_sasl_authenticated sentence* Thanks for everything -- View this message in context: http://postfix.1071664.n5.nabble.com/NOQUEUE-reject-451-4-3-5-Server-configuration-error-tp89530p89536.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error
I put the result of postconf -n I will put it back, I will also place the most detailed result of the postfix log * Postfix LOG:* Mar 18 21:03:27 server postfix/smtpd[28381]: warning: unknown[DD.D.D.DD]: SASL LOGIN authentication failed: AAA Mar 18 21:03:27 server postfix/smtpd[26211]: warning: unknown smtpd restriction: "combined.rbl.msrbl.net" *Mar 18 21:03:27 server postfix/smtpd[26211]: NOQUEUE: reject: RCPT from unknown[DDD.D.DDD.DDD]: 451 4.3.5 Server configuration error; from=to=<...@a.com> proto=ESMTP helo=<[DD.D.D.DD]>* Mar 18 21:03:27 server postfix/smtpd[28381]: lost connection after AUTH from unknown[DD.D.D.DD] Mar 18 21:03:27 server postfix/smtpd[28381]: disconnect from unknown[DD.D.D.DD] Mar 18 21:03:28 server postfix/cleanup[30157]: C1077620DF6: message-id=<20170319010328.c1077620...@a.com> *Postconf - N: * alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases allow_percent_hack = no bounce_queue_lifetime = 30m broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 default_destination_concurrency_limit = 776 default_destination_recipient_limit = 776 default_process_limit = 776 delay_warning_time = 2h fast_flush_purge_time = 30m fast_flush_refresh_time = 15m home_mailbox = Maildir/ html_directory = no mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_backoff_time = 1000s maximal_queue_lifetime = 2h message_size_limit = 0 minimal_backoff_time = 300s mydestination = /etc/postfix/mydestination mydomain = .AAA mynetworks = 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix qmgr_message_active_limit = 4 qmgr_message_recipient_limit = 4 readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc relay_domains = $mydestination, bonofull.com, maillion.net, unityfull.com sample_directory = /usr/share/doc/postfix-2.3.3/samples sender_bcc_maps = hash:/etc/postfix/bcc sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_connection_cache_on_demand = no smtp_destination_concurrency_limit = 400 smtp_mx_session_limit = 776 smtp_use_tls = yes smtpd_banner = $mydomain smtpd_client_connection_count_limit = 400 smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces permit_tls_all_clientcerts reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client psbl.surriel.com reject_rhsbl_client bl.spamcop.net combined.rbl.msrbl.net reject_rbl_client reject_rhsbl_client reject_rbl_client reject_rhsbl_client bl.spamcannibal.org smtpd_peername_lookup = no smtpd_recipient_limit = 776 smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_inet_interfaces check_relay_domains reject_sender_login_mismatch smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_exceptions_networks = !DDD.DD.DD.D, DDD.DDD.D.D/DD smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders smtpd_tls_CAfile = /home/maillion/ssl.ca smtpd_tls_cert_file = /home//ssl.cert smtpd_tls_key_file = /home//ssl.key smtpd_tls_security_level = may unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual Please, help me -- View this message in context: http://postfix.1071664.n5.nabble.com/NOQUEUE-reject-451-4-3-5-Server-configuration-error-tp89530p89535.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error
lestraw: > Hi postfix familiy, > > I'm using thunderbird as a email client, and when sending an email is giving > me the following error on /var/log/maillog: > > Mar 18 19:54:39 server postfix/smtpd[21712]: NOQUEUE: reject: RCPT from > unknown[DDD.D.DDD.DDD]: 451 4.3.5 Server configuration error; > from=to=<...@a.com> proto=ESMTP > helo=<[DD.D.D.DD]> That text is sent to the remote client, and therefore it has no configuration details. Instead, Postfix logs internal details BEFORE replying to the client. Wietse
Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error
Hi postfix familiy, I'm using thunderbird as a email client, and when sending an email is giving me the following error on /var/log/maillog: Mar 18 19:54:39 server postfix/smtpd[21712]: NOQUEUE: reject: RCPT from unknown[DDD.D.DDD.DDD]: 451 4.3.5 Server configuration error; from=to=<...@a.com> proto=ESMTP helo=<[DD.D.D.DD]> Postconf - n shows the following: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases allow_percent_hack = no bounce_queue_lifetime = 30m broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 default_destination_concurrency_limit = 776 default_destination_recipient_limit = 776 default_process_limit = 776 delay_warning_time = 2h fast_flush_purge_time = 30m fast_flush_refresh_time = 15m home_mailbox = Maildir/ html_directory = no mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_backoff_time = 1000s maximal_queue_lifetime = 2h message_size_limit = 0 minimal_backoff_time = 300s mydestination = /etc/postfix/mydestination mydomain = .AAA mynetworks = 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix qmgr_message_active_limit = 4 qmgr_message_recipient_limit = 4 readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc relay_domains = $mydestination, bonofull.com, maillion.net, unityfull.com sample_directory = /usr/share/doc/postfix-2.3.3/samples sender_bcc_maps = hash:/etc/postfix/bcc sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_connection_cache_on_demand = no smtp_destination_concurrency_limit = 400 smtp_mx_session_limit = 776 smtp_use_tls = yes smtpd_banner = $mydomain smtpd_client_connection_count_limit = 400 smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces permit_tls_all_clientcerts reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client psbl.surriel.com reject_rhsbl_client bl.spamcop.net combined.rbl.msrbl.net reject_rbl_client reject_rhsbl_client reject_rbl_client reject_rhsbl_client bl.spamcannibal.org smtpd_peername_lookup = no smtpd_recipient_limit = 776 smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_inet_interfaces check_relay_domains reject_sender_login_mismatch smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_exceptions_networks = !DDD.DD.DD.D, DDD.DDD.D.D/DD smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders smtpd_tls_CAfile = /home/maillion/ssl.ca smtpd_tls_cert_file = /home//ssl.cert smtpd_tls_key_file = /home//ssl.key smtpd_tls_security_level = may unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual *What is wrong with this configuration?* -- View this message in context: http://postfix.1071664.n5.nabble.com/NOQUEUE-reject-451-4-3-5-Server-configuration-error-tp89530p89533.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: NOQUEUE: reject: ... 451 4.3.5 Server configuration error
lestraw: > Hello Postfix Familty, > > I have configured it according to the postfix manuals a Postfix SASL e-mail > server with Dovecot. And I'm having the following error, when I'm going to > send an email from a client > > *451 4.3.5 Server configuration error * > > Postfix version 2.6.6 + Dovecot Version 2.0.9 > > > ### ~> Postfix main.cf CENTOS6_X64 > command_directory = /usr/sbin > daemon_directory = /usr/libexec/postfix > > mydomain = domain.example > myorigin = $mydomain > unknown_local_recipient_reject_code = 550 > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > home_mailbox = Maildir/ > smtpd_banner = $mydomain > debug_peer_level = 2 > debugger_command = >PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin >xxgdb $daemon_directory/$process_name $process_id & sleep 5 > sendmail_path = /usr/sbin/sendmail.postfix > newaliases_path = /usr/bin/newaliases.postfix > mailq_path = /usr/bin/mailq.postfix > setgid_group = postdrop > html_directory = no > manpage_directory = /usr/share/man > sample_directory = /usr/share/doc/postfix-2.3.3/samples > readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES > > #sasl autentication start > smtpd_sasl_type = dovecot > smtpd_sasl_path = private/auth > smtpd_sasl_authenticated_header = yes > smtpd_sasl_auth_enable = yes > smtpd_sasl_security_options = noanonymous > smtpd_sasl_tls_security_options = $smtpd_sasl_security_options > smtpd_sasl_local_domain = $myhostname > broken_sasl_auth_clients = yes > relay_domains = $mydestination, second.example, domain.example > smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders > smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated > permit_inet_interfaces check_relay_domains reject_sender_login_mismatch > #sasl autentication end > > delay_warning_time = 2h > fast_flush_refresh_time = 15m > fast_flush_purge_time = 30m > smtpd_recipient_limit = 776 > bounce_queue_lifetime = 30m > maximal_queue_lifetime = 2h > mailbox_size_limit = 0 > message_size_limit = 0 > smtp_connection_cache_on_demand = no > smtpd_peername_lookup = no > default_process_limit = 776 > qmgr_message_active_limit = 4 > qmgr_message_recipient_limit = 4 > default_destination_concurrency_limit = 776 > default_destination_recipient_limit = 776 > smtp_mx_session_limit = 776 > smtpd_client_connection_count_limit = 400 > smtp_destination_concurrency_limit = 400 > maximal_backoff_time = 1000s > minimal_backoff_time = 300s > virtual_alias_maps = hash:/etc/postfix/virtual > sender_bcc_maps = hash:/etc/postfix/bcc > mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME > mydestination = /etc/postfix/mydestination > allow_percent_hack = no > recipient_bcc_maps = hash:/etc/postfix/recipient_bcc > > # TLS parameters start > smtpd_tls_key_file = /home/maillion/ssl.key > smtpd_tls_CAfile = /home/maillion/ssl.ca > smtpd_tls_cert_file = /home/maillion/ssl.cert > smtp_use_tls = yes > smtpd_tls_security_level = may > # TLS parameters end > > smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces > permit_tls_all_clientcerts reject_rbl_client reject_rbl_client > reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client > reject_rbl_client psbl.surriel.com reject_rhsbl_client bl.spamcop.net > combined.rbl.msrbl.net reject_rbl_client reject_rhsbl_client > reject_rbl_client reject_rhsbl_client bl.spamcannibal.org > mynetworks = 127.0.0.0/8 > > > * > There is any error?* > > Please help me!! TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Thank you for using Postfix.
Re: How to setup a no-answer email properly
Dirk St?cker: > On Sat, 18 Mar 2017, Richard Damon wrote: > > >> - On your side, don't reject RCPT TO for the no-reply address. > >> > >> - On your side, add a telepathic policy service that can distinguish > >> between RCPT TO to verify an address, and RCPT to deliver mail. > >> > >> smtpd_recipient_restrictions = > >> > >> reject_unauth_destination > >> check_policy_service unix:/some/where/telepathic-service > >> check_recipient_access inline:{ > >> { t...@email.tld = reject this address does not receive email } > >> } > >> > >> Wietse > >> > > Couldn't you do something where you accept at the RCPT TO, and then reject > > at > > End of Data having it just reject everything as spam? Rejecting mail for a do-not-reply address at DATA or end-of-data? That might work, but keep in mind that this rejects mail for all recipients of the message, not just the do-not-reply address. Wietse
NOQUEUE: reject: ... 451 4.3.5 Server configuration error
Hello Postfix Familty, I have configured it according to the postfix manuals a Postfix SASL e-mail server with Dovecot. And I'm having the following error, when I'm going to send an email from a client *451 4.3.5 Server configuration error * Postfix version 2.6.6 + Dovecot Version 2.0.9 ### ~> Postfix main.cf CENTOS6_X64 command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mydomain = domain.example myorigin = $mydomain unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases home_mailbox = Maildir/ smtpd_banner = $mydomain debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.3.3/samples readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES #sasl autentication start smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_authenticated_header = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes relay_domains = $mydestination, second.example, domain.example smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_inet_interfaces check_relay_domains reject_sender_login_mismatch #sasl autentication end delay_warning_time = 2h fast_flush_refresh_time = 15m fast_flush_purge_time = 30m smtpd_recipient_limit = 776 bounce_queue_lifetime = 30m maximal_queue_lifetime = 2h mailbox_size_limit = 0 message_size_limit = 0 smtp_connection_cache_on_demand = no smtpd_peername_lookup = no default_process_limit = 776 qmgr_message_active_limit = 4 qmgr_message_recipient_limit = 4 default_destination_concurrency_limit = 776 default_destination_recipient_limit = 776 smtp_mx_session_limit = 776 smtpd_client_connection_count_limit = 400 smtp_destination_concurrency_limit = 400 maximal_backoff_time = 1000s minimal_backoff_time = 300s virtual_alias_maps = hash:/etc/postfix/virtual sender_bcc_maps = hash:/etc/postfix/bcc mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mydestination = /etc/postfix/mydestination allow_percent_hack = no recipient_bcc_maps = hash:/etc/postfix/recipient_bcc # TLS parameters start smtpd_tls_key_file = /home/maillion/ssl.key smtpd_tls_CAfile = /home/maillion/ssl.ca smtpd_tls_cert_file = /home/maillion/ssl.cert smtp_use_tls = yes smtpd_tls_security_level = may # TLS parameters end smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces permit_tls_all_clientcerts reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client reject_rbl_client psbl.surriel.com reject_rhsbl_client bl.spamcop.net combined.rbl.msrbl.net reject_rbl_client reject_rhsbl_client reject_rbl_client reject_rhsbl_client bl.spamcannibal.org mynetworks = 127.0.0.0/8 * There is any error?* Please help me!! -- View this message in context: http://postfix.1071664.n5.nabble.com/NOQUEUE-reject-451-4-3-5-Server-configuration-error-tp89530.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: How to setup a no-answer email properly
On Sat, 18 Mar 2017, Richard Damon wrote: - On your side, don't reject RCPT TO for the no-reply address. - On your side, add a telepathic policy service that can distinguish between RCPT TO to verify an address, and RCPT to deliver mail. smtpd_recipient_restrictions = reject_unauth_destination check_policy_service unix:/some/where/telepathic-service check_recipient_access inline:{ { t...@email.tld = reject this address does not receive email } } Wietse Couldn't you do something where you accept at the RCPT TO, and then reject at End of Data having it just reject everything as spam? http://www.postfix.org/SMTPD_PROXY_README.html When its even possible to check spam without generating a bounce message, why do I need telepathy to reject a mail for a known situation in a later stage of mail delivery? It is a bit of overkill to write a filter for that. I hoped there would be an easier way. Could it work to "Configure the Postfix SMTP pass-through proxy feature" with the after filter SMTP server being directly the target (i.e. omitting the filter) and putting the recipient reject on this one instead of the initial connect? Ciao -- http://www.dstoecker.eu/ (PGP key available)
Re: [SPAM?] Re: How to setup a no-answer email properly
On 3/18/17 11:39 AM, Wietse Venema wrote: Dirk St?cker:: host mail.remotemail.tld[X.X.X.X] said: 550-Verification failed for 550-Called: Y.Y.Y.Y 550-Sent: RCPT TO: 550-Response: 554 5.7.1 : Recipient address rejected: THis trac does not have an e-mail input functionality. 550 Sender verify failed (in reply to RCPT TO command) Options: - On your side, don't reject RCPT TO for the no-reply address. - On your side, add a telepathic policy service that can distinguish between RCPT TO to verify an address, and RCPT to deliver mail. smtpd_recipient_restrictions = reject_unauth_destination check_policy_service unix:/some/where/telepathic-service check_recipient_access inline:{ { t...@email.tld = reject this address does not receive email } } Wietse Couldn't you do something where you accept at the RCPT TO, and then reject at End of Data having it just reject everything as spam? -- Richard Damon
Re: How to setup a no-answer email properly
Dirk St?cker: >: host mail.remotemail.tld[X.X.X.X] said: > 550-Verification failed for 550-Called: > Y.Y.Y.Y 550-Sent: RCPT TO: > 550-Response: 554 5.7.1 : Recipient address > rejected: THis trac does not have an e-mail input functionality. 550 > Sender > verify failed (in reply to RCPT TO command) Options: - On your side, don't reject RCPT TO for the no-reply address. - On your side, add a telepathic policy service that can distinguish between RCPT TO to verify an address, and RCPT to deliver mail. smtpd_recipient_restrictions = reject_unauth_destination check_policy_service unix:/some/where/telepathic-service check_recipient_access inline:{ { t...@email.tld = reject this address does not receive email } } Wietse
Re: How to setup a no-answer email properly
On Sat, 18 Mar 2017, Wietse Venema wrote: I'm operating a bug tracker which sends out emails to participants notifying of ticket changes. For new submitters it often happened, that they simply did reply by mail which wont work with this instance. Now I changed our setup a bit In postfix main.cf: smtpd_recipient_restrictions = ...check_recipient_access hash:/etc/postfix/recipient_access... and recipient_access: t...@mail.tld reject This trac does not have an e-mail input functionality. This works like a charm, but then today something new did pop up. Sender verify. It seems there are mail servers outside which connect back to the original server and check for errors: 550-Verification failed for550-Previous (cached) callout verification failure 550 Sender verify failed (in reply to RCPT TO command) This prevents to notify them completely, as their servers wont accept any mail from the ticket system. Turning off that feature I'd need to manually inform mail senders again which I want to prevent. Is there any solution to satisfy the "no-reply" mail address feature and these sender verifiers. They don't actually send a mail, so maybe my reject can come a bit later in the mail receiving process? Whitelist the address up-stream: reject_unauth_destination check_recipient_access inline:{t...@mail.tld=permit} reject_unverified_recipient or the equivalent idiom for a non-Postfix system that makes the callout. You mean on the receivers side? I don't have control over their systems. I can change only the sending server. Maybe I've been unclear? The error message is an excerpt from the local postfix for an email I sent - Here's the full text: : host mail.remotemail.tld[X.X.X.X] said: 550-Verification failed for 550-Called: Y.Y.Y.Y 550-Sent: RCPT TO: 550-Response: 554 5.7.1 : Recipient address rejected: THis trac does not have an e-mail input functionality. 550 Sender verify failed (in reply to RCPT TO command) or in a second mail : host mail.remotemail.org[X.X.X.X] said: 550-Verification failed for 550-Previous (cached) callout verification failure 550 Sender verify failed (in reply to RCPT TO command) I got two rejects, because I did not properly handle mail rejects for this address (all the others had an owner-xxx, except this one :-(. That should be fixed now. Ciao -- http://www.dstoecker.eu/ (PGP key available)
Re: How to setup a no-answer email properly
Dirk St?cker: > Hello, > > I'm operating a bug tracker which sends out emails to participants > notifying of ticket changes. For new submitters it often happened, that > they simply did reply by mail which wont work with this instance. > > Now I changed our setup a bit > > In postfix main.cf: > smtpd_recipient_restrictions = ...check_recipient_access > hash:/etc/postfix/recipient_access... > > and > recipient_access: > t...@mail.tld reject This trac does not have an e-mail input functionality. > > This works like a charm, but then today something new did pop up. Sender > verify. It seems there are mail servers outside which connect back to the > original server and check for errors: > > 550-Verification failed for550-Previous > (cached) callout verification failure 550 Sender verify failed (in reply > to > RCPT TO command) > > This prevents to notify them completely, as their servers wont accept any > mail from the ticket system. Turning off that feature I'd need to manually > inform mail senders again which I want to prevent. > > Is there any solution to satisfy the "no-reply" mail address feature and > these sender verifiers. They don't actually send a mail, so maybe my > reject can come a bit later in the mail receiving process? Whitelist the address up-stream: reject_unauth_destination check_recipient_access inline:{t...@mail.tld=permit} reject_unverified_recipient or the equivalent idiom for a non-Postfix system that makes the callout. Wietse
How to setup a no-answer email properly
Hello, I'm operating a bug tracker which sends out emails to participants notifying of ticket changes. For new submitters it often happened, that they simply did reply by mail which wont work with this instance. Now I changed our setup a bit In postfix main.cf: smtpd_recipient_restrictions = ...check_recipient_access hash:/etc/postfix/recipient_access... and recipient_access: t...@mail.tld reject This trac does not have an e-mail input functionality. This works like a charm, but then today something new did pop up. Sender verify. It seems there are mail servers outside which connect back to the original server and check for errors: 550-Verification failed for550-Previous (cached) callout verification failure 550 Sender verify failed (in reply to RCPT TO command) This prevents to notify them completely, as their servers wont accept any mail from the ticket system. Turning off that feature I'd need to manually inform mail senders again which I want to prevent. Is there any solution to satisfy the "no-reply" mail address feature and these sender verifiers. They don't actually send a mail, so maybe my reject can come a bit later in the mail receiving process? Ciao -- http://www.dstoecker.eu/ (PGP key available)
Re: policyd-spf and temperrors
On March 18, 2017 6:13:15 AM EDT, Alex JOSTwrote: >Am 17.03.2017 um 22:38 schrieb James B. Byrne: >> The host system runs under CentOS-6. Other than Postfix itself all >> the packages on this system are either from CentOS or EPEL. Python >> was last updated in September 2016. pypolicd-spf was last updated >> January 2017. These problems only evidenced themselves very >recently: > >> Moving to the most recent version of pypolicyd-spf requires upgrading >> python. Since the YUM package manager on CentOS-6 requires python >2.6 >> this is a non-starter. > >AFAIK Red Hat provides a newer version of python via Software >Collections. That should make it easy to run both versions side by >side. The new version needs python3, FYI. Scott K
Re: Monitoring Postfix Mail queue with SNMP
Geert Stappers: > On Fri, Mar 17, 2017 at 01:25:45PM -0400, Viktor Dukhovni wrote: > > > On Mar 17, 2017, at 1:06 PM, Sean Son> > > wrote: > > > > > > Hello all > > > > > > We would like to monitor Postfix mail queues using SMNP so we > > > can receive alerts whenever the mail queue reaches a certain > > > threshold. What OID and MIB would we have to use to be able to > > > monitor Postfix mail queues? > > > > I don't recall a specific MIB that covers mail queues, however > > I recommend against monitoring the queue's message count, too > > many false alarms from spikes in traffic. What is more useful > > to monitor is average time from queue entry to queue exit, and > > also average age in the active queue. > > > > See QSHAPE_README and also monitor the "c+d" delay sum from > > the "delays=a/b/c/d" log entries (de-duping for multi-recipient > > deliveries of a single message). At prior employer, we computed > > a slowly exponentially decaying moving average of the "c+d" times > > as indicators of current congestion, and queue age as indicators > > of "stuck" messages. > > > > Just counting messages is not terribly useful IMHO. > > > > Is the delay information available in /var/spool/postfix/public/showq ? Viktor is talking about files that are no longer in the queue. There is a fundamental difference between queue (current state) and logging (history). Wietse
Re: gmail servers on blacklists?
On 2017-03-17 22:47, David Mehler wrote: Hello, Thank you. Hi Please reply to the list I have postwhite running, not sure if it's updating? Do you run postwhite and if so do you have an update procedure so you always have the updated postwhite? I use it but doing updates manually. Doing it automatically is on a todo list ;) Thanks. Dave. On 3/17/17, Christian Kivalowrote: On 2017-03-17 22:12, David Mehler wrote: Hello, I'm starting to see blocks on my messages to my mail server. For some reason postscreen is not letting any gmail servers send mail, it's blocking them. Has anyone got an idea or have you seen this? You could use postwhite https://github.com/stevejenkins/postwhite to whitelist gmail. The map is created by postwhite from gmails spf records. -- Christian Kivalo -- Christian Kivalo
Re: policyd-spf and temperrors
Am 17.03.2017 um 22:38 schrieb James B. Byrne: The host system runs under CentOS-6. Other than Postfix itself all the packages on this system are either from CentOS or EPEL. Python was last updated in September 2016. pypolicd-spf was last updated January 2017. These problems only evidenced themselves very recently: Moving to the most recent version of pypolicyd-spf requires upgrading python. Since the YUM package manager on CentOS-6 requires python 2.6 this is a non-starter. AFAIK Red Hat provides a newer version of python via Software Collections. That should make it easy to run both versions side by side. -- Alex JOST
Re: Monitoring Postfix Mail queue with SNMP
On Fri, Mar 17, 2017 at 01:25:45PM -0400, Viktor Dukhovni wrote: > > On Mar 17, 2017, at 1:06 PM, Sean Son> > wrote: > > > > Hello all > > > > We would like to monitor Postfix mail queues using SMNP so we > > can receive alerts whenever the mail queue reaches a certain > > threshold. What OID and MIB would we have to use to be able to > > monitor Postfix mail queues? > > I don't recall a specific MIB that covers mail queues, however > I recommend against monitoring the queue's message count, too > many false alarms from spikes in traffic. What is more useful > to monitor is average time from queue entry to queue exit, and > also average age in the active queue. > > See QSHAPE_README and also monitor the "c+d" delay sum from > the "delays=a/b/c/d" log entries (de-duping for multi-recipient > deliveries of a single message). At prior employer, we computed > a slowly exponentially decaying moving average of the "c+d" times > as indicators of current congestion, and queue age as indicators > of "stuck" messages. > > Just counting messages is not terribly useful IMHO. > Is the delay information available in /var/spool/postfix/public/showq ? So could the info be used by https://github.com/kumina/postfix_exporter ? Groeten Geert Stappers -- Leven en laten leven