Re: AAAA requests on IPv6-disconnected system: bug of feature?

2017-05-04 Thread Scott Kitterman 
On Thursday, May 04, 2017 12:56:05 PM Wietse Venema wrote:
> Marat Khalili:
> > > Postfix from me installs with IPv6 turned off. Complain with your
> > > distributor if they change that.
> > 
> > Indeed default inet_protocols value in my distribution is "all", both in
> > configuration created by install script and when corresponding line is
> > commented out. Do you mean, it is not supposed to be this way?
> 
> I am not talking about the default.
> 
> I am talking about "Postfix from me INSTALLS with ipv6 turned off".

Since this is about Postfix as shipped by Ubuntu and as packaged by Debian, 
the bug tracker for one of those distributions is the appropriate place for 
this discussion, not here.  Apologies for not noticing which distro this was 
about sooner.

Scott K

Re: AAAA requests on IPv6-disconnected system: bug of feature?

2017-05-04 Thread Wietse Venema 
Marat Khalili:
> > Postfix from me installs with IPv6 turned off. Complain with your
> > distributor if they change that.
> 
> Indeed default inet_protocols value in my distribution is "all", both in 
> configuration created by install script and when corresponding line is 
> commented out. Do you mean, it is not supposed to be this way?

I am not talking about the default. 

I am talking about "Postfix from me INSTALLS with ipv6 turned off".

Wietse

Re: AAAA requests on IPv6-disconnected system: bug of feature?

2017-05-04 Thread Viktor Dukhovni 
On Thu, May 04, 2017 at 05:18:55PM +0300, Marat Khalili wrote:

> > Postfix from me installs with IPv6 turned off. Complain with your
> > distributor if they change that.
> 
> Indeed default inet_protocols value in my distribution is "all", both in
> configuration created by install script and when corresponding line is
> commented out. Do you mean, it is not supposed to be this way?

The compiled in default is "all", but the prototype "main.cf" file included
with Postfix sources has "ipv4".

$ postconf -d inet_protocols
inet_protocols = all

$ grep inet_protocols conf/main.cf
inet_protocols = ipv4

On Thu, May 04, 2017 at 05:17:01PM +0300, Marat Khalili wrote:

> > To disable outbound IPv6 in Postfix set "inet_protocols = ipv4".  If you set
> > "inet_protocols" to some other value, then Postfix will do nexthop IPv6 
> > lookups.
>
> What will happen in my current setup if  response suddenly becomes
> non-empty? Will it fail to send the message?

Since IPv6 connections can't/won't complete, all messages will of
course be sent via IPv4.  With the address family not enabled in the
kernel, IPv6 failure will be fast (likely the socket(PF_INET6, ...)
system call will fail) and the only effect is a bit more logging in
some cases and the time it takes to do the  lookups.

-- 
Viktor.

Re: AAAA requests on IPv6-disconnected system: bug of feature?

2017-05-04 Thread Marat Khalili 

Postfix from me installs with IPv6 turned off. Complain with your
distributor if they change that.


Indeed default inet_protocols value in my distribution is "all", both in 
configuration created by install script and when corresponding line is 
commented out. Do you mean, it is not supposed to be this way?



--

With Best Regards,
Marat Khalili

Re: AAAA requests on IPv6-disconnected system: bug of feature?

2017-05-04 Thread Marat Khalili 

To disable outbound IPv6 in Postfix set "inet_protocols = ipv4".  If you set
"inet_protocols" to some other value, then Postfix will do nexthop IPv6 lookups.
What will happen in my current setup if  response suddenly becomes 
non-empty? Will it fail to send the message?


--

With Best Regards,
Marat Khalili

Re: AAAA requests on IPv6-disconnected system: bug of feature?

2017-05-04 Thread Viktor Dukhovni 

> On May 4, 2017, at 4:05 AM, Marat Khalili  wrote:
> 
> Postfix is installed as forwarder to a fixed relay in a system with
> no IPv6 addresses (disabled system-wide by net.ipv6.conf.*.disable_ipv6
> lines in sysctl). Still, for each message it separately requests both
> A and  records of the relay from DNS, as I verified by tcpdump.
> Is it a bug or feature?

To disable outbound IPv6 in Postfix set "inet_protocols = ipv4".  If you set
"inet_protocols" to some other value, then Postfix will do nexthop IPv6 lookups.

> (Yes I know I can explicitly disable IPv6 in postfix configuration too, but 
> that's not the point.)

Actually, that is the point.  If IPv6 lookups are enabled, then they are 
performed.

> My investigation actually started with the following lines in mail.log, which 
> may or may not be related:
> 
>> May  4 07:52:16 postfix postfix/scache[1518]: statistics: domain lookup 
>> hits=0 miss=3 success=0%
> 
> (3 messages were sent in this interval; there are always 0 hits and 0% 
> success rate.)

This is unrelated to the IPv6 question.

-- 
Viktor.

Re: AAAA requests on IPv6-disconnected system: bug of feature?

2017-05-04 Thread Wietse Venema 
Marat Khalili:
> Postfix is installed as forwarder to a fixed relay in a system with no 
> IPv6 addresses (disabled system-wide by net.ipv6.conf.*.disable_ipv6 
> lines in sysctl). Still, for each message it separately requests both A 
> and  records of the relay from DNS, as I verified by tcpdump. Is it 
> a bug or feature? (Yes I know I can explicitly disable IPv6 in postfix 
> configuration too, but that's not the point.)

Postfix from me installs with IPv6 turned off. Complain with your
distributor if they change that.

Wietse

> My investigation actually started with the following lines in mail.log, 
> which may or may not be related:
> 
> > May  4 07:52:16 postfix postfix/scache[1518]: statistics: domain 
> > lookup hits=0 miss=3 success=0%
> 
> (3 messages were sent in this interval; there are always 0 hits and 0% 
> success rate.)
> 
> I'm using Postfix 3.1.0-3 under Ubuntu 16.04. Relay is secure.emailsrvr.com.
> 
> --
> 
> With Best Regards,
> Marat Khalili
>

Re: transport_maps

2017-05-04 Thread Viktor Dukhovni 

> On May 4, 2017, at 8:31 AM, volodymyr.lytvyne...@ukrsotsbank.com wrote:
> 
> transport_maps = pipemap:{
>   inline:{unicredit.ua=x, ukrsotsbank.com=x},
>   randmap:{smtp:[mx1.ukrsotsbank.com], smtp:[mx2.ukrsotsbank.com]}
>}
> 
> How can I add another domain to the another randmap destinations ?

The transport_maps parameter takes a list of tables, so you could append
another pipemap to the list that handles the additional domain that uses
a different list of smtp nexthop values.  However, I think this is a fairly
clumsy way of doing MX load-balancing.  Instead I would:

  * Run a local DNS resolver on the MTA listening for requests on the loopback
address (127.0.0.1) and configured with an local data for the
"localhost" TLD (https://tools.ietf.org/html/rfc2606#section-2)

  * Configure /etc/resolv.conf to use only the local (127.0.0.1) resolver.

  * Configure the resolver (BIND syntax) to serve:

unicredit.ua.localhost. IN MX 0 mx1.ukrsotsbank.com.
unicredit.ua.localhost. IN MX 0 mx2.ukrsotsbank.com.
;
ukrsotsbank.com.localhost. IN MX 0 mx1.ukrsotsbank.com.
ukrsotsbank.com.localhost. IN MX 0 mx2.ukrsotsbank.com.
;
# More domains with arbitrary custom MX hosts

  * Configure a regular file-based transport table as follows:

  transport:
# RHS values without [] around an smtp nexthop do MX lookups
unicredit.uasmtp:unicredit.ua.localhost
ukrsotsbank.com smtp:ukrsotsbank.com.localhost
...

Don't forget to postmap the table after it changes and set:

main.cf:
indexed = ${default_database_type}:${config_directory}/
transport_maps = ${indexed}transport

-- 
Viktor.

transport_maps

2017-05-04 Thread volodymyr.lytvyne...@ukrsotsbank.com 
Hi.  I have next transport_maps in main.cf:
/etc/postfix/main.cf:
transport_maps = pipemap:{
inline:{unicredit.ua=x, ukrsotsbank.com=x},
randmap:{smtp:[mx1.ukrsotsbank.com], smtp:[mx2.ukrsotsbank.com]}
}

How can I add another domain to the another randmap destinations ?


Best regards,
Vladimir Litvinenko

SSO Delivery Technical Support Specialist "IT Innovations Ukraine" Ltd.

AAAA requests on IPv6-disconnected system: bug of feature?

2017-05-04 Thread Marat Khalili 
Postfix is installed as forwarder to a fixed relay in a system with no 
IPv6 addresses (disabled system-wide by net.ipv6.conf.*.disable_ipv6 
lines in sysctl). Still, for each message it separately requests both A 
and  records of the relay from DNS, as I verified by tcpdump. Is it 
a bug or feature? (Yes I know I can explicitly disable IPv6 in postfix 
configuration too, but that's not the point.)


My investigation actually started with the following lines in mail.log, 
which may or may not be related:


May  4 07:52:16 postfix postfix/scache[1518]: statistics: domain 
lookup hits=0 miss=3 success=0%


(3 messages were sent in this interval; there are always 0 hits and 0% 
success rate.)


I'm using Postfix 3.1.0-3 under Ubuntu 16.04. Relay is secure.emailsrvr.com.

--

With Best Regards,
Marat Khalili

Re: Different LMTP configuration for different clients

2017-05-04 Thread Angel L. Mateo 

El 03/05/17 a las 16:40, Wietse Venema escribió:

Angel L. Mateo:

Hello,

I have a postfix mail relay server for my domain. This mail server
delivered mail to my imap server via LMTP.

Now I want that all mail received from a client to the same imap
server, but with a different LMTP configuration. That is because this
client is a massive mailer and I want to deliver its mail with low
concurrency (I don't mind getting higher delays).

Is this possible without deploying a new postfix server?


Yes, with a transport map that resolves the recipient to an LMTP
service with a different (master.cf) name, for example slow_lmtp,
plus a main.cf setting for slow_lmtp_destination_concurrency_limit.

	My problem is that I can't classify by recipient. I should do it by 
client IP. Is this possible in a transport map?


--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 86337

Re: Different LMTP configuration for different clients

2017-05-04 Thread Angel L. Mateo 

El 03/05/17 a las 16:44, Viktor Dukhovni escribió:



On May 3, 2017, at 7:56 AM, Angel L. Mateo  wrote:

I have a postfix mail relay server for my domain. This mail server 
delivered mail to my imap server via LMTP.

Now I want that all mail received from a client to the same imap 
server, but with a different LMTP configuration. That is because this client is 
a massive mailer and I want to deliver its mail with low concurrency (I don't 
mind getting higher delays).

Is this possible without deploying a new postfix server?


The answer depends on information you have not provided.

* How is this client distinguished from other clients?


By IP


* How big (message count) are the mail "bursts" from this sender?


Thousand of mails (10k-30k), all directed to my own domain.


* At what rate are messages arriving during a "burst"?


	I don't know. The only limitation we have in the postfix receiving 
these mails are:


smtpd_client_connection_count_limit = 5
smtpd_client_connection_rate_limit = 100
smtpd_client_message_rate_limit = 500
smtpd_recipient_limit = 150

	My problem is not in the postfix side, but delivering to the IMAP 
server. Because these bursts are of messages directed all of them to my 
domain, when I receive one I have problems delivering them to the imap 
server via LMTP.



* How many such bursts a day?


Depends, but it is not rare days with 2 or 3 bursts


When you slow down mail delivery below the burst arrival rate, a backlog
develops somewhere along the pipeline.  Depending on the size of the bursts,
the choice of the right place to buffer the bursts may change.



--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 86337