Re: How do you manage the ‘hold’ queue?

2021-01-27 Thread David Bürgin 
Thanks everybody – I’ve decided that for me personally handling this is
too much work, and I’ve disabled this particular milter.

(There is an open issue in the OpenDMARC project that I have upvoted:
https://github.com/trusteddomainproject/OpenDMARC/issues/77)

throttling outgoing (queue) smtp

2021-01-27 Thread combro2k combro2k 
Hi there,

I've been looking for some days for a solution I need to create for a
customer.
What we want to achieve is throttling the delivery of mails in the queue.
Right now we are using 'default_destination_rate_delay = 1s' which allows
us to send approx. 3600 to each destination maximum in 1 hour timeframe.
But we want to be more specific like 5000 mails globally,or 16000 globally,
whatever we want to do.
I've looked into PolicyD to achieve this, but I am stuck at the
implementation of it at the queue system of Postfix;
Right now I can only see it work with the smtpd_recipient_restrictions and
smtpd_end_of_data_restrictions configuration option but not with the queue
service.
Am I missing something or I am overthinking it?

Kind regards,
Martijn

Re: How do you manage the ‘hold’ queue?

2021-01-27 Thread Dominic Raferd 

On 27/01/2021 13:47, David Bürgin wrote:

Thanks everybody – I’ve decided that for me personally handling this is
too much work, and I’ve disabled this particular milter.

(There is an open issue in the OpenDMARC project that I have upvoted:
https://github.com/trusteddomainproject/OpenDMARC/issues/77)


Re that issue, my workaround can be easily modified to allow emails that 
fail DMARC testing but have p=quarantine to pass through automatically 
to original recipient, while retaining ones with p=reject.


FWIW my experience is that about 70% of DMARC failures proceed from 
fakes, the rest are genuine but misconfigured.

Re: throttling outgoing (queue) smtp

2021-01-27 Thread Noel Jones 



On 1/27/2021 8:02 AM, combro2k combro2k wrote:

Hi there,

I've been looking for some days for a solution I need to create for 
a customer.
What we want to achieve is throttling the delivery of mails in the 
queue.
Right now we are using 'default_destination_rate_delay = 1s' which 
allows us to send approx. 3600 to each destination maximum in 1 hour 
timeframe.
But we want to be more specific like 5000 mails globally,or 16000 
globally, whatever we want to do.
I've looked into PolicyD to achieve this, but I am stuck at the 
implementation of it at the queue system of Postfix;
Right now I can only see it work with the 
smtpd_recipient_restrictions and smtpd_end_of_data_restrictions 
configuration option but not with the queue service.

Am I missing something or I am overthinking it?

Kind regards,
Martijn



The rate delay increments in full seconds, so that's the granularity 
available.


If you need some setting between "full rate" and "one second delay" 
you might have better luck with the traffic shaping features on your 
firewall. You would need to estimate average message size, then 
limit the bandwidth to the desired number of messages.


I suppose you could create a monster with the main postfix feeding 
several postfix relays, each set with their own rate delay; but that 
seems overly complex.




  -- Noel Jones

rewrite to value of reply-to

2021-01-27 Thread Andy Smith 
Hi there! 

  I wonder if someone would be able to help configure a rewrite? I need
to rewrite an address (known/fixed, is the localaddress of the user
sending the email) to be the same as the existing "Reply-To" address
from the message. Ie in Exim I can use the variable "$reply_address". If
anyone knows how I can achieve this that would be really helpful! 

thanks in advance! Andy.

Re: throttling outgoing (queue) smtp

2021-01-27 Thread Wietse Venema 
combro2k combro2k:
> Hi there,
> 
> I've been looking for some days for a solution I need to create for a
> customer.
> What we want to achieve is throttling the delivery of mails in the queue.
> Right now we are using 'default_destination_rate_delay = 1s' which allows
> us to send approx. 3600 to each destination maximum in 1 hour timeframe.
> But we want to be more specific like 5000 mails globally,or 16000 globally,
> whatever we want to do.
> I've looked into PolicyD to achieve this, but I am stuck at the
> implementation of it at the queue system of Postfix;
> Right now I can only see it work with the smtpd_recipient_restrictions and
> smtpd_end_of_data_restrictions configuration option but not with the queue
> service.
> Am I missing something or I am overthinking it?

You can implement sub-second rate delays with parallel deliveries.
Below is an example from an last-year's email.

Wietse

In /etc/postfix/master.cf:

smtp1  unix  -   -   n   -   -   smtp
smtp2  unix  -   -   n   -   -   smtp
...
smtpN  unix  -   -   n   -   -   smtp

In /etc/postfix/main.cf:

smtp1_destination_rate_delay = 1
smtp2_destination_rate_delay = 1
...
smtpN_destination_rate_delay = 1

transport_maps = 
inline:{
{ $myhostname = $local_transport }
{ localhost = $local_transport }
{ localhost.$mydomain = $local_transport }
# Other domains that don't deliver over SMTP...
}
randmap:{ smtp1:, smtp2:, ..., smtpN: }

This syntax requires Postfix 3.0 or later.

Re: rewrite to value of reply-to

2021-01-27 Thread Viktor Dukhovni 
On Wed, Jan 27, 2021 at 06:12:35PM +0100, Andy Smith wrote:

> I need to rewrite an address (known/fixed, is the localaddress of the
> user sending the email)

I am having trouble parsing this.  Email messages have:

- An envelope-sender, specified via the SMTP "MAIL FROM:" command
  prior to and separately from the message headers and content.
  For local submission via sendmail(1) this is specified via the
  '-f ' option.

- The originator fields described in 

https://tools.ietf.org/html/rfc5322#section-3.6.2

- And for resent messages:

https://tools.ietf.org/html/rfc5322#section-3.6.6

Can you more precise in your description, perhaps with a hypothetical
example specifying precisely the form of the input message envelope
and headers and the desired output values of the same.

> to be the same as the existing "Reply-To" address from the message.

Messages are not required to have "Reply-To", are you looking to modify
other message headers conditional on "Reply-To" being present?

> Ie in Exim I can use the variable "$reply_address". If anyone knows
> how I can achieve this that would be really helpful! 


http://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html#SECTexpvar

$reply_address

When a message is being processed, this variable contains
the contents of the Reply-To: header line if one exists and
it is not empty, or otherwise the contents of the From:
header line. Apart from the removal of leading white space,
the value is not processed in any way.  In particular, no
RFC 2047 decoding or character code translation takes place.

There is no equivalent feature built-in to Postfix.  If you want to
modify a message based on the value of the "Reply-To:" or else "From:"
address of a message, you'd need a content_filter or milter.

Postfix header rewriting happens one address at a time, with the
original value of the particular address as the sole input from
the message in question, this is then used to look up replacements
in any configured tables.

-- 
Viktor.

Re: rewrite to value of reply-to

2021-01-27 Thread Andy Smith 

On 27-01-2021 18:48, Viktor Dukhovni wrote:



Can you more precise in your description, perhaps with a hypothetical
example specifying precisely the form of the input message envelope
and headers and the desired output values of the same.


to be the same as the existing "Reply-To" address from the message.


Messages are not required to have "Reply-To", are you looking to modify
other message headers conditional on "Reply-To" being present?


In my case it is safe to assume that all mail from this user (www user) 
will always have "Reply-To" as they are generated by the program Request 
Tracker which always includes this header. If it were an issue I guess 
before the rewrite I could add a reply-to header if it doesn't already 
exist? So in a typical message header we might have:


From: "WWW" 
Reply-To: a.sm...@ldex.co.uk

And I want to rewrite w...@ldex.co.uk with a.sm...@ldex.co.uk. The 
reply-to value is variable, the from field is static.




There is no equivalent feature built-in to Postfix.  If you want to
modify a message based on the value of the "Reply-To:" or else "From:"
address of a message, you'd need a content_filter or milter.


If we assume that reply-to exists does that make this easier?


thanks for your reply! Andy.

Re: rewrite to value of reply-to

2021-01-27 Thread Viktor Dukhovni 
On Wed, Jan 27, 2021 at 07:05:37PM +0100, Andy Smith wrote:

> In my case it is safe to assume that all mail from this user (www user) 
> will always have "Reply-To" as they are generated by the program Request 
> Tracker which always includes this header. If it were an issue I guess 
> before the rewrite I could add a reply-to header if it doesn't already 
> exist? So in a typical message header we might have:
> 
> From: "WWW" 
> Reply-To: a.sm...@ldex.co.uk
> 
> And I want to rewrite w...@ldex.co.uk with a.sm...@ldex.co.uk. The 
> reply-to value is variable, the from field is static.

Does the MTA in question handle email exclusively from this user and
nobody else?

> > There is no equivalent feature built-in to Postfix.  If you want to
> > modify a message based on the value of the "Reply-To:" or else "From:"
> > address of a message, you'd need a content_filter or milter.
> 
> If we assume that reply-to exists does that make this easier?

If absolutely every single message is guaranteed to have a "Reply-To:"
that can safely replace "From:", then you could in theory forcibly
remove "From:" from every message, and upon encountering "Reply-To:"
generate a new matching "From:" (via header_checks defined for the
cleanup(8) instance configured for pickup(8)).

However, I very much doubt that your MTA is sufficiently dedicated to
just mail from this one user.  If you had a multi-instance configuration
with a dedication null-client instance for just "www" (perhaps PHP or
whatever can be configured to run "sendmail -C /etc/postfix-www ..."
instead of "sendmail ..."), then perhaps this would be an option.

If the Postfix instance also handles mail from any other source,
then Postfix built-in header rewriting cannot do what you ask,
and you need a milter or content_filter.  Amavis, for example,
has sufficient hooks for this.

-- 
Viktor.

mail loops back to me with multi-instance config

2021-01-27 Thread Alex 
Hi,
Some time ago I configured postfix to be multi-instance and now I'm
realizing some mail being generated locally by new crontab entries are
bouncing because apparently the main postfix instance doesn't know
where to send these emails (at least that's my guess).

Jan 27 14:21:02 xavier postfix/pickup[1247182]: B84BF4F69D: uid=1000
from=
Jan 27 14:21:02 xavier postfix/cleanup[1289165]: B84BF4F69D:
message-id=<20210127192102.b84bf4f...@xavier.example.com>
Jan 27 14:21:02 xavier postfix/qmgr[1247183]: B84BF4F69D:
from=, size=1010, nrcpt=1 (queue active)
Jan 27 14:21:02 xavier postfix/smtp[1289167]: B84BF4F69D:
to=, orig_to=, relay=none, delay=0.55,
delays=0.51/0.02/0.03/0, dsn=5.4.6, status=bounced (mail for
example.com loops back to myself)
Jan 27 14:21:02 xavier postfix/cleanup[1289165]: C7F6165F6C:
message-id=<20210127192102.c7f6165...@xavier.example.com>
Jan 27 14:21:02 xavier postfix/qmgr[1247183]: C7F6165F6C: from=<>,
size=3125, nrcpt=1 (queue active)
Jan 27 14:21:02 xavier postfix/bounce[1289168]: B84BF4F69D: sender
non-delivery notification: C7F6165F6C
Jan 27 14:21:02 xavier postfix/qmgr[1247183]: B84BF4F69D: removed
Jan 27 14:21:02 xavier postfix/smtp[1289167]: C7F6165F6C:
to=, relay=none, delay=0, delays=0/0/0/0,
dsn=5.4.6, status=bounced (mail for example.com loops back to myself)

I'm not sure what information to provide to help troubleshoot this
without having to send the entire config, so hopefully the info below
is useful. The MX record for this domain should be using the
postfix-117 instance on this host for mail destined for my example.com
domain:

# postmulti -l
-   -   y /etc/postfix
postfix-out mta y /etc/postfix-out
postfix-117 mta y /etc/postfix-117
postfix-114 mta y /etc/postfix-114
postfix-116 mta y /etc/postfix-116

I've set up the null-client instance as per the multi-instance readme.
However, mail for this example.com domain is relayed on to a remote
system from a transport entry in the postfix-out instance.

The other MX record for this domain is on another host.

# postconf -c /etc/postfix -n|grep ^my
mydestination =
mydomain = example.com
myhostname = xavier.example.com
myorigin = $mydomain

# postconf -c /etc/postfix-117 -n|grep ^my
mydestination =
mynetworks = 127.0.0.0/8 23.227.110.186

relay_domains in the postfix-117 instance is configured for my
example.com domain. There are no transports or virtual domains or
relay_domains configured in the main instance for this domain (or any
domain).

Thanks,
Alex

Re: rewrite to value of reply-to

2021-01-27 Thread Wietse Venema 
Viktor Dukhovni:
> On Wed, Jan 27, 2021 at 07:05:37PM +0100, Andy Smith wrote:
> 
> > In my case it is safe to assume that all mail from this user (www user) 
> > will always have "Reply-To" as they are generated by the program Request 
> > Tracker which always includes this header. If it were an issue I guess 
> > before the rewrite I could add a reply-to header if it doesn't already 
> > exist? So in a typical message header we might have:
> > 
> > From: "WWW" 
> > Reply-To: a.sm...@ldex.co.uk
> > 
> > And I want to rewrite w...@ldex.co.uk with a.sm...@ldex.co.uk. The 
> > reply-to value is variable, the from field is static.
> 
> Does the MTA in question handle email exclusively from this user and
> nobody else?

And what about the envelope sender address, used in the SMTP MAIL
FROM comnmand? People often overlook that, so they are still sending
email as w...@example.com.

Wietse

Re: rewrite to value of reply-to

2021-01-27 Thread Andy Smith 

On 27-01-2021 20:48, Viktor Dukhovni wrote:


If absolutely every single message is guaranteed to have a "Reply-To:"
that can safely replace "From:", then you could in theory forcibly
remove "From:" from every message, and upon encountering "Reply-To:"
generate a new matching "From:" (via header_checks defined for the
cleanup(8) instance configured for pickup(8)).

However, I very much doubt that your MTA is sufficiently dedicated to
just mail from this one user.  If you had a multi-instance 
configuration

with a dedication null-client instance for just "www" (perhaps PHP or
whatever can be configured to run "sendmail -C /etc/postfix-www ..."
instead of "sendmail ..."), then perhaps this would be an option.

If the Postfix instance also handles mail from any other source,
then Postfix built-in header rewriting cannot do what you ask,
and you need a milter or content_filter.  Amavis, for example,
has sufficient hooks for this.


Ok, thanks for the info Viktor. Yes it really is just sending from www, 
well apart from system level messages from root@ etc (mail is relayed to 
the actual mail server). As this rewrite is not natively possible with 
Postfix, and it's something I have previously found a solution for with 
Exim I think that provides me a way to do this. I can have Exim listen 
on a non standard port, have postfix relay everything there and do the 
rewrite in Exim. Not exactly a beautiful solution but if it works, and 
just done a test it does seem to work as expected.


The reason I'm not just using Exim is due to some issue/bug I'm 
experiencing with that.


thanks again, Andy.

Re: mail loops back to me with multi-instance config

2021-01-27 Thread Viktor Dukhovni 
On Wed, Jan 27, 2021 at 03:01:43PM -0500, Alex wrote:

> Some time ago I configured postfix to be multi-instance and now I'm
> realizing some mail being generated locally by new crontab entries are
> bouncing because apparently the main postfix instance doesn't know
> where to send these emails (at least that's my guess).

No, that's not the issue.  Rather, the issue is that the null client and
smarthost (mta) instances have the same hostname, and you're forwarding
to the smart on port 25.

> Jan 27 14:21:02 xavier postfix/pickup[1247182]: B84BF4F69D: uid=1000 
> from=

I assume this is the default null-client local-submission instance.

> Jan 27 14:21:02 xavier postfix/cleanup[1289165]: B84BF4F69D:
> message-id=<20210127192102.b84bf4f...@xavier.example.com>
> Jan 27 14:21:02 xavier postfix/qmgr[1247183]: B84BF4F69D:
> from=, size=1010, nrcpt=1 (queue active)
> Jan 27 14:21:02 xavier postfix/smtp[1289167]: B84BF4F69D:
> to=, orig_to=, relay=none, delay=0.55,
> delays=0.51/0.02/0.03/0, dsn=5.4.6, status=bounced (mail for
> example.com loops back to myself)

It is apparently configured with the same myhostname as the smarthost
(mta) instance, which runs into loop detection issues.  The simplest
solution is to not forward to port 25.  Configure the smarthost instance
to accept mail from the null client on some other port and use that.

> I'm not sure what information to provide to help troubleshoot this
> without having to send the entire config, so hopefully the info below
> is useful. The MX record for this domain should be using the
> postfix-117 instance on this host for mail destined for my example.com
> domain:
> 
> # postmulti -l
> -   -   y /etc/postfix
> postfix-out mta y /etc/postfix-out
> postfix-117 mta y /etc/postfix-117
> postfix-114 mta y /etc/postfix-114
> postfix-116 mta y /etc/postfix-116
> 
> I've set up the null-client instance as per the multi-instance readme.
> However, mail for this example.com domain is relayed on to a remote
> system from a transport entry in the postfix-out instance.

The error appears to be in the null-client instance, not the (mta)
instance.  Configure the null client's relayhost to a destination port
other than 25.  Have the (mta) instance accept email from the null
client there.  This can be a loopback SMTP service (like a content
filter but with no filtering).

This is needed when the "mailhub" is on the same machine as the
null client.

-- 
Viktor.

spamassassin & bayes

2021-01-27 Thread Daniel Armando Rodriguez 
Hi

Suddenly I'm facing tons of this messages

... bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_*
R/W: lock failed: File exists

A 'solution' found on the web says disable bayes, reload SA, delete such
files and enable bayes again.

Increased values in

default_process_limit

smtpd_recipient_limit

qmgr_message_active_limit
qmgr_message_recipient_limit

Add

disable_dns_lookups = yes

However messages got delivered only if I disable bayes, after a while


___
Daniel A. Rodriguez
Departamento de Tecnología para la Gestión
Escuela Provincial de Educación Técnica N° 1
Posadas - Misiones - Argentina
(0376) 443-8578
www.epet1.edu.ar

Re: rewrite to value of reply-to

2021-01-27 Thread Wietse Venema 
Andy Smith:
> On 27-01-2021 20:48, Viktor Dukhovni wrote:
> 
> > If absolutely every single message is guaranteed to have a "Reply-To:"
> > that can safely replace "From:", then you could in theory forcibly
> > remove "From:" from every message, and upon encountering "Reply-To:"
> > generate a new matching "From:" (via header_checks defined for the
> > cleanup(8) instance configured for pickup(8)).
> > 
> > However, I very much doubt that your MTA is sufficiently dedicated to
> > just mail from this one user.  If you had a multi-instance 
> > configuration
> > with a dedication null-client instance for just "www" (perhaps PHP or
> > whatever can be configured to run "sendmail -C /etc/postfix-www ..."
> > instead of "sendmail ..."), then perhaps this would be an option.

It's simple enough to replace all instances of w...@example.com with
something else:

/etc/postfix/main.cf:
canonical_maps = 
inline:{
{ w...@example.com = other@address }
}

That will also take care of headers, and MAIL FROM commands in SMTP.

Wietse

> > If the Postfix instance also handles mail from any other source,
> > then Postfix built-in header rewriting cannot do what you ask,
> > and you need a milter or content_filter.  Amavis, for example,
> > has sufficient hooks for this.
> 
> Ok, thanks for the info Viktor. Yes it really is just sending from www, 
> well apart from system level messages from root@ etc (mail is relayed to 
> the actual mail server). As this rewrite is not natively possible with 
> Postfix, and it's something I have previously found a solution for with 
> Exim I think that provides me a way to do this. I can have Exim listen 
> on a non standard port, have postfix relay everything there and do the 
> rewrite in Exim. Not exactly a beautiful solution but if it works, and 
> just done a test it does seem to work as expected.
> 
> The reason I'm not just using Exim is due to some issue/bug I'm 
> experiencing with that.
> 
> thanks again, Andy.
>

Re: spamassassin & bayes

2021-01-27 Thread Richard 



> Date: Wednesday, January 27, 2021 19:17:48 -0300
> From: Daniel Armando Rodriguez 
>
> Hi
> 
> Suddenly I'm facing tons of this messages
> 
> ... bayes: cannot open bayes databases
> /home/spamd/.spamassassin/bayes_* R/W: lock failed: File exists
> 
> A 'solution' found on the web says disable bayes, reload SA, delete
> such files and enable bayes again.
> 
> Increased values in
> 
> default_process_limit
> 
> smtpd_recipient_limit
> 
> qmgr_message_active_limit
> qmgr_message_recipient_limit
> 
> Add
> 
> disable_dns_lookups = yes
> 
> However messages got delivered only if I disable bayes, after a
> while
> 

This issue has been a discussion thread on the spamassassin mailing
list of late. You may want to look at that mailing list's archive:

  

to see if that helps. You may also want to take your question there
where it's more relevant (not that people on this list can't help
too).

Re: rewrite to value of reply-to

2021-01-27 Thread Viktor Dukhovni 
On Wed, Jan 27, 2021 at 05:30:25PM -0500, Wietse Venema wrote:

> It's simple enough to replace all instances of w...@example.com with
> something else:
> 
> /etc/postfix/main.cf:
> canonical_maps = 
>   inline:{
>   { w...@example.com = other@address }
>   }
> 
> That will also take care of headers, and MAIL FROM commands in SMTP.

Indeed, though I usually avoid falling in that trap, perhaps I failed in
this case to consider whether the user is asking the right question.

If the problem value of the "From:" header is fixed, it can certainly be
replaced with a better (static) value.  If however the requirement is to
replace it with some dynamic value of the "Reply-To" that varies from
message to message, then canonical_maps would not suffice.

-- 
Viktor.

Re: rewrite to value of reply-to

2021-01-27 Thread Andy Smith 

On 28-01-2021 00:14, Viktor Dukhovni wrote:


On Wed, Jan 27, 2021 at 05:30:25PM -0500, Wietse Venema wrote:




Indeed, though I usually avoid falling in that trap, perhaps I failed 
in

this case to consider whether the user is asking the right question.

If the problem value of the "From:" header is fixed, it can certainly 
be
replaced with a better (static) value.  If however the requirement is 
to

replace it with some dynamic value of the "Reply-To" that varies from
message to message, then canonical_maps would not suffice.


Correct, its a dynamic value. It can only be known by reading the 
reply-to value from the headers of the same message.

Problems with .cf files for LDAP

2021-01-27 Thread Michael Agbaglo 
Hi!

Since there is high traffic on this mailing list I am not sure whether
this problem has been discussed already.

I'm having trouble constructing the .cf files for LDAP.

While the test using postmap was successful, the test with sendmail
fails. The debug show that for some reason '%s' is holding just the
domain. Why is that?

M.

--
# cat /etc/postfix/ldap/virtual-mailbox-maps.cf
debuglevel = 7

bind = yes
bind_dn = uid=nobody,ou=people,dc=example,dc=de
bind_pw = guessme
version = 3

server_host = broccoli.example.net
search_base = dc=example,dc=de
query_filter = (&(objectClass=nsOrgPerson)(mail=%s))
result_attribute = mail



# postconf -n | grep virtual-mailbox
virtual_mailbox_maps = ldap:/etc/postfix/ldap/virtual-mailbox-maps.cf

--

postmap -q al...@example.net
ldap:/etc/postfix/ldap/virtual-mailbox-maps.cf; echo $?
al...@example.net
0


Jan 28 00:23:41 broccoli postfix/postmap[29422]: dict_ldap_debug:
put_filter: "(&(objectClass=nsOrgPerson)(mail=al...@example.net))"
Jan 28 00:23:41 broccoli postfix/postmap[29422]: dict_ldap_debug:
put_filter: AND
Jan 28 00:23:41 broccoli postfix/postmap[29422]: dict_ldap_debug:
put_filter_list "(objectClass=nsOrgPerson)(mail=al...@example.net)"
Jan 28 00:23:41 broccoli postfix/postmap[29422]: dict_ldap_debug:
put_filter: "(objectClass=nsOrgPerson)"
Jan 28 00:23:41 broccoli postfix/postmap[29422]: dict_ldap_debug:
put_filter: simple
Jan 28 00:23:41 broccoli postfix/postmap[29422]: dict_ldap_debug:
put_simple_filter: "objectClass=nsOrgPerson"
Jan 28 00:23:41 broccoli postfix/postmap[29422]: dict_ldap_debug:
put_filter: "(mail=al...@example.net)"
Jan 28 00:23:41 broccoli postfix/postmap[29422]: dict_ldap_debug:
put_filter: simple
Jan 28 00:23:41 broccoli postfix/postmap[29422]: dict_ldap_debug:
put_simple_filter: "mail=al...@example.net"
Jan 28 00:23:41 broccoli postfix/postmap[29422]: dict_ldap_debug:
ldap_build_search_req ATTRS: mail
Jan 28 00:23:41 broccoli postfix/postmap[29422]: dict_ldap_debug:
ldap_send_initial_request

--

sendmail al...@example.net < /tmp/gtube.txt


Jan 28 00:31:06 broccoli postfix/trivial-rewrite[29459]:
dict_ldap_debug: ldap_search_ext
Jan 28 00:31:06 broccoli postfix/trivial-rewrite[29459]:
dict_ldap_debug: put_filter:
"(&(objectClass=nsOrgPerson)(mail=broccoli.example.net))"
Jan 28 00:31:06 broccoli postfix/trivial-rewrite[29459]:
dict_ldap_debug: put_filter: AND
Jan 28 00:31:06 broccoli postfix/trivial-rewrite[29459]:
dict_ldap_debug: put_filter_list
"(objectClass=nsOrgPerson)(mail=broccoli.example.net)"
Jan 28 00:31:06 broccoli postfix/trivial-rewrite[29459]:
dict_ldap_debug: put_filter: "(objectClass=nsOrgPerson)"
Jan 28 00:31:06 broccoli postfix/trivial-rewrite[29459]:
dict_ldap_debug: put_filter: simple
Jan 28 00:31:06 broccoli postfix/trivial-rewrite[29459]:
dict_ldap_debug: put_simple_filter: "objectClass=nsOrgPerson"
Jan 28 00:31:06 broccoli postfix/trivial-rewrite[29459]:
dict_ldap_debug: put_filter: "(mail=broccoli.example.net)"
Jan 28 00:31:06 broccoli postfix/trivial-rewrite[29459]:
dict_ldap_debug: put_filter: simple
Jan 28 00:31:06 broccoli postfix/trivial-rewrite[29459]:
dict_ldap_debug: put_simple_filter: "mail=broccoli.example.net"
Jan 28 00:31:06 broccoli postfix/trivial-rewrite[29459]:
dict_ldap_debug: ldap_build_search_req ATTRS: mail

Re: spamassassin & bayes

2021-01-27 Thread Andy Smith 

On 27-01-2021 23:26, Patrick Proniewski wrote:


Hi,

I've switched to REDIS for bayesian storage in Spamassassin more than 4 
years ago, and I've never looked back: very good performances and no 
problem with files (like locking for a start).

I wrote about it at the time, unfortunately it's in French ;)
https://www.patpro.net/blog/index.php/2016/05/09/2956-augmenter-la-performance-du-filtrage-bayesien-de-spamassassin/

pat
 www.epet1.edu.ar


Likewise, switched to MySQL for bayes database years ago and not had any 
issues with that either...

Re: rewrite to value of reply-to

2021-01-27 Thread Viktor Dukhovni 
> On Jan 27, 2021, at 9:40 PM, Andy Smith  wrote:
> 
> Correct, its a dynamic value. It can only be known by reading the reply-to 
> value from the headers of the same message.

One way to do this entirely in Postfix is to:

1. Delete the evil "From:" header that matches the "www" user
   on input via header_checks.
2. In the same input cleanup(8) instance PREPEND an "X-Reply-From"
   header that is a copy of the "Reply-To" header (when present).
3. Use sender_dependent_default_transport to send mail from "www"
   to a custom smtp(8) delivery transport (new master.cf entry).

In the custom smtp transport:

4. Use smtp_header_checks to rewrite "X-Reply-From:" to "From:"

In the regular smtp transport:

5. Use the smtp_header_checks "IGNORE" action to drop the
   "X-Reply-From:" header.

The only thing this does not do is modify the envelope sender
address to match the value in the header.  Doing that goes
outside any built-in Postfix features that come to mind...

-- 
Viktor.

Re: Problems with .cf files for LDAP

2021-01-27 Thread Viktor Dukhovni 
On Thu, Jan 28, 2021 at 12:45:30AM +0100, Michael Agbaglo wrote:

> While the test using postmap was successful, the test with sendmail
> fails. The debug show that for some reason '%s' is holding just the
> domain. Why is that?

$ postconf -d virtual_mailbox_domains
virtual_mailbox_domains = $virtual_mailbox_maps

Set "virtual_mailbox_domains" explicitly if you want to specify these
in some other way.

> # postconf -n | grep virtual-mailbox
> virtual_mailbox_maps = ldap:/etc/postfix/ldap/virtual-mailbox-maps.cf

Best practice is generally "proxy:ldap:" rather than "ldap:".

> postmap -q al...@example.net
> ldap:/etc/postfix/ldap/virtual-mailbox-maps.cf; echo $?
> al...@example.net

The result of "virtual_mailbox_maps" is typically a mailbox path, if
virtual delivery is to be via the Postfix built-in virtual(8) delivery
agent.  If you're using LMTP or dovecot-lda, ... then the RHS is of
course irrelevant, and returning the original address as-is is fine.

-- 
Viktor.

Re: spamassassin & bayes

2021-01-27 Thread Patrick Proniewski 
Hi,

I've switched to REDIS for bayesian storage in Spamassassin more than 4 years 
ago, and I've never looked back: very good performances and no problem with 
files (like locking for a start).
I wrote about it at the time, unfortunately it's in French ;)
https://www.patpro.net/blog/index.php/2016/05/09/2956-augmenter-la-performance-du-filtrage-bayesien-de-spamassassin/

pat

> On 27 Jan 2021, at 23:17, Daniel Armando Rodriguez  
> wrote:
> 
> Hi
> 
> Suddenly I'm facing tons of this messages
> 
> ... bayes: cannot open bayes databases /home/spamd/.spamassassin/bayes_* R/W: 
> lock failed: File exists
> 
> A 'solution' found on the web says disable bayes, reload SA, delete such 
> files and enable bayes again.
> 
> Increased values in
> 
> default_process_limit
> 
> smtpd_recipient_limit
> 
> qmgr_message_active_limit
> qmgr_message_recipient_limit
> 
> Add
> 
> disable_dns_lookups = yes
> 
> However messages got delivered only if I disable bayes, after a while
> 
> 
> ___
> Daniel A. Rodriguez
> Departamento de Tecnología para la Gestión
> Escuela Provincial de Educación Técnica N° 1
> Posadas - Misiones - Argentina
> (0376) 443-8578
> www.epet1.edu.ar

Re: rewrite to value of reply-to

2021-01-27 Thread Wietse Venema 
Andy Smith:
> On 28-01-2021 00:14, Viktor Dukhovni wrote:
> 
> > On Wed, Jan 27, 2021 at 05:30:25PM -0500, Wietse Venema wrote:
> 
> > 
> > Indeed, though I usually avoid falling in that trap, perhaps I failed 
> > in
> > this case to consider whether the user is asking the right question.
> > 
> > If the problem value of the "From:" header is fixed, it can certainly 
> > be
> > replaced with a better (static) value.  If however the requirement is 
> > to
> > replace it with some dynamic value of the "Reply-To" that varies from
> > message to message, then canonical_maps would not suffice.
> 
> Correct, its a dynamic value. It can only be known by reading the 
> reply-to value from the headers of the same message.

Postfix can do that with a Milter.  Milters can be implemented in
many languages including scripted languages such as Perl and Python.

Search the web for "python milter" and so on. It's better than
building a scripting language into the mail server like some MTA
does.

I prefer to keep Postfix focused on MTA stuff, and to use plugins
for things like pulling the header.from and envelope.from address
from a header.

Wietse

Re: rewrite to value of reply-to

2021-01-27 Thread Wietse Venema 
Viktor Dukhovni:
> > On Jan 27, 2021, at 9:40 PM, Andy Smith  wrote:
> > 
> > Correct, its a dynamic value. It can only be known by reading the reply-to 
> > value from the headers of the same message.
> 
> One way to do this entirely in Postfix is to:
> 
> 1. Delete the evil "From:" header that matches the "www" user
>on input via header_checks.
> 2. In the same input cleanup(8) instance PREPEND an "X-Reply-From"
>header that is a copy of the "Reply-To" header (when present).
> 3. Use sender_dependent_default_transport to send mail from "www"
>to a custom smtp(8) delivery transport (new master.cf entry).
> 
> In the custom smtp transport:
> 
> 4. Use smtp_header_checks to rewrite "X-Reply-From:" to "From:"
> 
> In the regular smtp transport:
> 
> 5. Use the smtp_header_checks "IGNORE" action to drop the
>"X-Reply-From:" header.
> 
> The only thing this does not do is modify the envelope sender
> address to match the value in the header.  Doing that goes
> outside any built-in Postfix features that come to mind...

And fiding MAIL FROM is what they need to do most...

Wietse