Re: SMTP Relay

[Viktor Dukhovni]

On Fri, Aug 06, 2021 at 03:05:03AM +, masstransitk...@365stops.org wrote:

> I followed your advice and now the traffic is hitting my gateway as it
> should. The problem is, now it's getting refused.
> 
> Firewall rules specify input interface in DNAT rules now. So instead of
> simply forwarding ports 587 and 465, it is also requiring that the
> public interface is the originating one. Let's call it "enp1s0".
> 
> I eagerly await your feedback.

I eagerly await the relevant log entries (and "postconf -nf" + "postconf -Mf"
outputs) posted to the list.

-- 
Viktor.

Re: Inbound/Outbound Settings on a Postfix Relay-Only

[Viktor Dukhovni]

On Thu, Aug 05, 2021 at 06:14:56PM +, White, Daniel E. (GSFC-770.0)[NICS] 
wrote:

> On my relay, I tried these settings:
> 
> local_transport = error: local mail delivery is disabled
> mail_version = 3.5.8
> relay_transport = hash:/etc/postfix/transport

The "relay_transport" parametr is not table-valued.  Its syntax
is "transport:nexthop", not "type:table".

>   .our.local.domain relay:[MDA server IP]

This goes into one of the tables named via "transport_maps", not
"relay_transport".

> smtpd_recipient_restrictions = permit_mynetworks
> relayhost = [ upstream relay ]
> 
> And when I send mail, I get "Recipient address rejected: local mail delivery 
> is disabled"
> 
> What am I missing, please ?

Logs that show the *actual unobfuscated* recipient domain that got
rejected, and the result of "postmap -q" for the purported lookup
key in the transport_maps table in question.  Post the output of:

$ postmap -q .our.local.domain $(postmap -xh transport_maps)

with ".our.local.domain" replaced by the actual unobfuscated domain.

-- 
Viktor.

Re: Reject Code Logging

[Bill Cole]

On 2021-08-05 at 14:18:03 UTC-0400 (Thu, 05 Aug 2021 14:18:03 -0400)
 
is rumored to have said:

> I noticed when mail is rejected by a milter or header check it only logs the 
> DSN number and not the error code (550).
>
> cleanup: milter-reject: END-OF-MESSAGE from 
> mail.example.com[111.222.333.444]: 5.7.1 Command rejected; 
> from= to= proto=ESMTP 
> helo=
>
> Is this intentional or should it have the full reject code "550 5.7.1"?

The only valid basic error reply code at END-OF-MESSAGE that could fit a 5.7.1 
enhanced code is 550, per RFC5321.


-- 
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Re: Reject Code Logging

[Wietse Venema]

post...@ptld.com:
> I noticed when mail is rejected by a milter or header check it only logs 
> the DSN number and not the error code (550).
> 
> cleanup: milter-reject: END-OF-MESSAGE from 
> mail.example.com[111.222.333.444]: 5.7.1 Command rejected; 
> from= to= proto=ESMTP 
> helo=
> 
> Is this intentional or should it have the full reject code "550 5.7.1"?

Intentional. The Milter handles all email, including non-SMTP
contexts (local pickup daemon, qmqpd daemon, and internally-forwarded
mesasages). The 550 status is meaningful only in an SMTP context.
The 5.7.1 on the other hand is valid in any email handling context.

Postfix encapsulates the channel-specific details in dedicated
programs. For example, SMTP status codes are handled in the SMTP
server and client; and UNIX process exit status codes in the local
and pipe delivery agents).

Wietse

Reject Code Logging

[postfix]

I noticed when mail is rejected by a milter or header check it only logs 
the DSN number and not the error code (550).


cleanup: milter-reject: END-OF-MESSAGE from 
mail.example.com[111.222.333.444]: 5.7.1 Command rejected; 
from= to= proto=ESMTP 
helo=


Is this intentional or should it have the full reject code "550 5.7.1"?

Re: Inbound/Outbound Settings on a Postfix Relay-Only

[White, Daniel E. (GSFC-770.0)[NICS]]

On my relay, I tried these settings:

local_transport = error: local mail delivery is disabled
mail_version = 3.5.8
relay_transport = hash:/etc/postfix/transport
.our.local.domain relay:[MDA server IP]
smtpd_recipient_restrictions = permit_mynetworks
relayhost = [ upstream relay ]

And when I send mail, I get "Recipient address rejected: local mail delivery is 
disabled"

What am I missing, please ?

-Original Message-
From:  on behalf of Wietse Venema 

Reply-To: Postfix users 
Date: Thursday, August 5, 2021 at 12:08
To: Postfix users 
Subject: Re: [EXTERNAL] Re: Inbound/Outbound Settings on a Postfix Relay-Only

White, Daniel E. (GSFC-770.0)[NICS]:
> This helps.
> 
> All the outgoing mail is to go through an upstream relay cluster, so I 
can set "relayhost" to that.
> 
> Incoming mail - for a single, local domain - goes to an MDA server that 
has Dovecot and Roundcube in addition to Postfix.  It sounds like I can use 
"relay_domains" and/or "relay_transport" to direct the message to the MDA 
server.
> 
> Then, it occurs to me that I can maybe use "relay_transport" for both, 
like this:
> 
> .our.local.domainsmtp:[ MDA server ]
> *smtp:[ upstream relay cluster ]
> 
> Does this sound proper or should I get my medications adjusted ?

.our.local.domainrelay:[ MDA server ]

The '*' is not needed because you can use relayhost or default_transport.

Wietse

Re: new install ignores transport file?

[Noel Jones]

On 8/5/2021 12:56 PM, Gomes, Rich wrote:




Anywhere else to look?




The logs.


  -- Noel Jones

Re: new install ignores transport file?

[Viktor Dukhovni]

On Thu, Aug 05, 2021 at 05:56:54PM +, Gomes, Rich wrote:

> I can work with the linux team to have it tested and upgraded since I do not 
> control the OS portion of the servers.
> I did postmap the transport file to no avail.
> 
> Here is the results of postfix -n:
> 
> mydestination =
> mydomain = domain.com
> myhostname = postfix.domain.com

I would typically set "$myorigin" explicitly, rather than rely on the
default "myorigin = $myhostname".

> readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
> sample_directory = /usr/share/doc/postfix-2.6.6/samples

Given you're running Postfix 2.10, best to remove these outdated
settings.

> relay_domains = $myhostname, hash:/etc/postfix/relay_domains
> relayhost = [xxx.outlook.com]:25

These domains are handed off to the relay_transport barring a
match in transport_maps.

> sender_canonical_maps = regexp:/etc/postfix/sender_canonical

I don't recommend sender_canonical_maps, best to canonicalise
all addresses in the same way, e.g. both "From:" and "Cc:"
are addresses a recipient might reply to in a "Reply-All".

> transport_maps = hash:/etc/postfix/transport

Have you tested this table with 

$ domain=
$ postmap -q "$domain" hash:/etc/postfix/transport

> Anywhere else to look?

Your logs showing delivery of mail to some domain via some transport
other than what's in transpor_maps.  Also, any stray "content_filter"
settings in master.cf.

Post the output of "postconf -Mf" and some relevant logs.

-- 
Viktor.

RE: new install ignores transport file?

[Gomes, Rich]

Thanks Noel

I can work with the linux team to have it tested and upgraded since I do not 
control the OS portion of the servers.
I did postmap the transport file to no avail.

Here is the results of postfix -n:



alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_min_user = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb 
$daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps =
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 2048
mydestination =
mydomain = domain.com
myhostname = postfix.domain.com
mynetworks = 0.0.0.0/0
newaliases_path = /usr/bin/newaliases.postfix
proxy_interfaces =
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relay_domains = $myhostname, hash:/etc/postfix/relay_domains
relayhost = [xxx.outlook.com]:25
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sender_canonical_maps = regexp:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = check_sender_access hash:/etc/postfix/sender_access 
check_client_access cidr:/etc/postfix/client_access.cidr reject
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550



Anywhere else to look?

-Original Message-
From: owner-postfix-us...@postfix.org  On 
Behalf Of Noel Jones
Sent: Thursday, August 5, 2021 1:34 PM
To: postfix-users@postfix.org
Subject: Re: new install ignores transport file?

CAUTION: This email was sent from an external sender. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.

On 8/5/2021 12:07 PM, Gomes, Rich wrote:
> Good day
>
> I have a newly built postfix server which is ignoring it's transport file and 
> is querying DNS for MX records instead.
> I have googled the issue but only come up with "how to use transport file" 
> articles.
> The /etc/postfix directory was copied from our Production relay and is 
> working as expected.
> I have verified the transport file is populated with the correct destination 
> relays, which are different from the internal MX record.
> I have updated the transport. db file using postmap and there is no change.
> I have verified the correct line to reference a transport file is in main.cf 
> and I have restarted the postfix service several times.
>
> Since everything appears to be correct, I am thinking this may be a 
> versioning difference?
>
> Here are the OS and postfix versions on the servers:
>
>
> Existing Production Server:
> Red Hat Enterprise Linux Server release 6.10 (Santiago) mail_version = 
> 2.6.6
>
>
>
> New Server:
> Red Hat Enterprise Linux Server release 7.9 (Maipo) mail_version = 
> 2.10.1
>
>
>
> Could this be a versioning issue or do I need to look somewhere else?
>
>
>
> Thanks,
> Rich
>

This is almost certainly a config issue on your part.

First, version 2.10.1 is very very old. Support for that version ended in 2016. 
The current stable release is 3.6.2. I would strongly suggest upgrading to a 
supported version. At this time, the oldest supported version is 3.3.19, but if 
you're upgrading go with the current version.

That said, there shouldn't be any show-stoppers in your postfix 2.10, but your 
support here may be limited.

If you moved your hash files, it's possible the new system has a 
newer/incompatible version. Make sure to "postmap" all your db files.

Things may be installed in different directories on the new system.
Verify directory paths referenced in postfix main.cf are correct.

Use "postconf -n" to verify the settings are what you expect, and check the log 
files for warning and errors. General debugging info here:
https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.postfix.org%2FDEBUG_README.html&data=04%7C01%7CGomes-Rich%40aramark.com%7C511efd1a0cc54c140f8e08d958373224%7Cb1519f0f2dbf4e21bf34a686ce97588a%7C0%7C0%7C637637816351528057%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=dYT8dejZ090zplbOeQXz1IH%2BbRvdvV%2B83JunmA2sRkE%3D&reserved=0

If you need more help, please see:
https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.postfix.org%2FDEBUG_README.html%23mail&data=04%7C01%7CGomes-Rich%40aramark.com%7C511efd1a0cc54c140f8e08d958373224%7Cb1519f0f2dbf4e21bf34a686ce97588a%7C0%7C0%7C637637816351528057%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=X74i%2FOL8xljzgyVV5EVlgydriN7R3zhZVyzZ%2B2V2MZM%3D&reserved=0



   -- Noel Jones

Re: new install ignores transport file?

[Noel Jones]

On 8/5/2021 12:07 PM, Gomes, Rich wrote:

Good day

I have a newly built postfix server which is ignoring it's transport file and 
is querying DNS for MX records instead.
I have googled the issue but only come up with "how to use transport file" 
articles.
The /etc/postfix directory was copied from our Production relay and is working 
as expected.
I have verified the transport file is populated with the correct destination 
relays, which are different from the internal MX record.
I have updated the transport. db file using postmap and there is no change.
I have verified the correct line to reference a transport file is in main.cf 
and I have restarted the postfix service several times.

Since everything appears to be correct, I am thinking this may be a versioning 
difference?

Here are the OS and postfix versions on the servers:


Existing Production Server:
Red Hat Enterprise Linux Server release 6.10 (Santiago)
mail_version = 2.6.6



New Server:
Red Hat Enterprise Linux Server release 7.9 (Maipo)
mail_version = 2.10.1



Could this be a versioning issue or do I need to look somewhere else?



Thanks,
Rich



This is almost certainly a config issue on your part.

First, version 2.10.1 is very very old. Support for that version 
ended in 2016. The current stable release is 3.6.2. I would strongly 
suggest upgrading to a supported version. At this time, the oldest 
supported version is 3.3.19, but if you're upgrading go with the 
current version.


That said, there shouldn't be any show-stoppers in your postfix 
2.10, but your support here may be limited.


If you moved your hash files, it's possible the new system has a 
newer/incompatible version. Make sure to "postmap" all your db files.


Things may be installed in different directories on the new system. 
Verify directory paths referenced in postfix main.cf are correct.


Use "postconf -n" to verify the settings are what you expect, and 
check the log files for warning and errors. General debugging info here:

http://www.postfix.org/DEBUG_README.html

If you need more help, please see:
http://www.postfix.org/DEBUG_README.html#mail



  -- Noel Jones

new install ignores transport file?

[Gomes, Rich]

Good day

I have a newly built postfix server which is ignoring it's transport file and 
is querying DNS for MX records instead.
I have googled the issue but only come up with "how to use transport file" 
articles.
The /etc/postfix directory was copied from our Production relay and is working 
as expected.
I have verified the transport file is populated with the correct destination 
relays, which are different from the internal MX record.
I have updated the transport. db file using postmap and there is no change.
I have verified the correct line to reference a transport file is in main.cf 
and I have restarted the postfix service several times.

Since everything appears to be correct, I am thinking this may be a versioning 
difference?

Here are the OS and postfix versions on the servers:


Existing Production Server:
Red Hat Enterprise Linux Server release 6.10 (Santiago)
mail_version = 2.6.6



New Server:
Red Hat Enterprise Linux Server release 7.9 (Maipo)
mail_version = 2.10.1



Could this be a versioning issue or do I need to look somewhere else?



Thanks,
Rich

Re: [EXTERNAL] Re: Inbound/Outbound Settings on a Postfix Relay-Only

[Wietse Venema]

White, Daniel E. (GSFC-770.0)[NICS]:
> This helps.
> 
> All the outgoing mail is to go through an upstream relay cluster, so I can 
> set "relayhost" to that.
> 
> Incoming mail - for a single, local domain - goes to an MDA server that has 
> Dovecot and Roundcube in addition to Postfix.  It sounds like I can use 
> "relay_domains" and/or "relay_transport" to direct the message to the MDA 
> server.
> 
> Then, it occurs to me that I can maybe use "relay_transport" for both, like 
> this:
> 
> .our.local.domainsmtp:[ MDA server ]
> *smtp:[ upstream relay cluster ]
> 
> Does this sound proper or should I get my medications adjusted ?

.our.local.domainrelay:[ MDA server ]

The '*' is not needed because you can use relayhost or default_transport.

Wietse

Re: DANE TLSA lookup "whitelist"

[Viktor Dukhovni]

On Thu, Aug 05, 2021 at 04:48:07PM +0200, Matteo Cazzador wrote:

> I use a local domain "*example.local*" i want to exclude it from dane 
> check because i obtain this error:
> 
> warning: DANE TLSA lookup problem: Host or domain name not found. Name 
> service error for name=_*25._tcp.example.local *type=TLSA: Host not 
> found, try again

Your resolver apparently returns AD=1 for example.local.  [Is the
domain actually signed, or is the resolver setting AD=1 for all
authoritative data?]

If the resolver behaviour is configurable, you could add a "negative
trust anchor, a.k.a. NTA) for example.local that would cause the zone to
be treated as unsigned (AD=0).  That said, I have considered, but not
yet implemented by default treating the AA (authoritative answer) bit as
equivalent to AD, and generally if a resolver is authoritative for a
domain, it will always return AA=1.

Therefore, your next choice is:

On Thu, Aug 05, 2021 at 11:00:30AM -0400, Wietse Venema wrote:

> You can specify a different policy for example.local with 
> smtp_tls_policy_maps.

On Thu, Aug 05, 2021 at 05:03:03PM +0200, Matteo Cazzador wrote:
> Thank's, something like ?
> 
> /etc/postfix/main.cf:
>  smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
> 
> /etc/postfix/tls_policy:
>  example.local none

I'd go with "may" (or "secure" if you'd prefer to use WebPKI to validate
the certificates), rather than "none".

-- 
Viktor.

Re: DANE TLSA lookup "whitelist"

[Wietse Venema]

Matteo Cazzador:
> Thank's, something like ?
> 
> /etc/postfix/main.cf:
>  smtp_tls_policy_maps  =hash:/etc/postfix/tls_policy
>  
> 
> /etc/postfix/tls_policy:
>  example.local none

Yes, none or 'may'.

Wietse

Re: DANE TLSA lookup "whitelist"

[Matteo Cazzador]

Thank's, something like ?

/etc/postfix/main.cf  :
smtp_tls_policy_maps  
  =hash  
:/etc/postfix/tls_policy



/etc/postfix/tls_policy:
example.local none

Thanks

Il 05/08/2021 17:00, Wietse Venema ha scritto:

Attenzione: Questa e` la prima volta che ricevi un'email da questo mittente.
Attenzione: Assicurati che sia qualcuno di cui ti fidi.

Matteo Cazzador:

Hi everybody,? i've this configuration active in postfix:

smtp_dns_support_level=dnssec
smtp_tls_security_level = dane

Is it possible to exclude some check for specific domain name ?

Something like whitelist domain name and lookup.

I use a local domain "*example.local*" i want to exclude it from dane
check because i obtain this error:

warning: DANE TLSA lookup problem: Host or domain name not found. Name
service error for name=_*25._tcp.example.local *type=TLSA: Host not
found, try again

You can specify a different policy for example.local with smtp_tls_policy_maps.

Wietse

--
Messaggio analizzato da Libraesva ESG.
Seguire il link qui sotto per segnalarlo come spam:
http://mailgateway-3.netlite.it/action/09E216223A.A5CC3/learn-spam
Seguire il link qui sotto per mettere in blacklist il mittente:
http://mailgateway-3.netlite.it/action/09E216223A.A5CC3/blacklist


--

Rispetta l'ambiente: se non ti è necessario,  non stampare questa mail.


Le informazioni contenute in questa e-mail e nei files eventualmente
allegati sono destinate unicamente ai destinatari della stessa
e sono da considerarsi strettamente riservate.
E' proibito copiare, salvare, utilizzare,  inoltrare a terzi e diffondere
il contenuto della presente senza il preventivo consenso, ai sensi
dell'articolo 616 c.p. e della Legge n. 196/2003.
Se avete ricevuto questo messaggio per errore siete pregati di comunicarlo
immediatamente all'indirizzo mittente, nonché di cancellarne il contenuto
senza procedere ad ulteriore o differente trattamento.


**
Ing. Matteo Cazzador
NetLite snc di Cazzador Gagliardi
Corso Vittorio Emanuele II, 188 37069
Villafranca di Verona VR
Tel 0454856656
Fax 0454856655
Email:mat...@netlite.it
Web:http://www.netlite.it
**

Re: [EXTERNAL] Re: Inbound/Outbound Settings on a Postfix Relay-Only

[White, Daniel E. (GSFC-770.0)[NICS]]

This helps.

All the outgoing mail is to go through an upstream relay cluster, so I can set 
"relayhost" to that.

Incoming mail - for a single, local domain - goes to an MDA server that has 
Dovecot and Roundcube in addition to Postfix.  It sounds like I can use 
"relay_domains" and/or "relay_transport" to direct the message to the MDA 
server.

Then, it occurs to me that I can maybe use "relay_transport" for both, like 
this:

.our.local.domainsmtp:[ MDA server ]
*smtp:[ upstream relay cluster ]

Does this sound proper or should I get my medications adjusted ?

-Original Message-
From: Wietse Venema 
Date: Thursday, August 5, 2021 at 10:40
To: Daniel White 
Cc: "postfix-users@postfix.org" 
Subject: [EXTERNAL] Re: Inbound/Outbound Settings on a Postfix Relay-Only

White, Daniel E. (GSFC-770.0)[NICS]:
> I am somewhat confused about which parameters apply to an outgoing vs an 
incoming message.
> 
> I think that 
> 
> relay_transport   mail that you're willing to forward
> relay_domains and mail that you're willing to forward
> relayhost mail that you're delivering remotely
> 
> apply to outgoing messages.

relayhost and default_transport are for deliveries to all other
domains.

relay_domains and relay_transport are for remote destinations that
list your system as primary or backup MX host.

> I think that 
> 
> virtual_transport and 
> local_transport (set to " error: local delivery disabled") 

These are typically used for local deliveries.

More in http://www.postfix.org/ADDRESS_CLASS_README.html

Wietse

Re: DANE TLSA lookup "whitelist"

[Wietse Venema]

Matteo Cazzador:
> Hi everybody,? i've this configuration active in postfix:
> 
> smtp_dns_support_level=dnssec
> smtp_tls_security_level = dane
> 
> Is it possible to exclude some check for specific domain name ?
> 
> Something like whitelist domain name and lookup.
> 
> I use a local domain "*example.local*" i want to exclude it from dane 
> check because i obtain this error:
> 
> warning: DANE TLSA lookup problem: Host or domain name not found. Name 
> service error for name=_*25._tcp.example.local *type=TLSA: Host not 
> found, try again

You can specify a different policy for example.local with smtp_tls_policy_maps.

Wietse

Re: DANE TLSA lookup "whitelist"

[Emmanuel Fusté]

Le 05/08/2021 à 16:48, Matteo Cazzador a écrit :


Hi everybody,  i've this configuration active in postfix:

smtp_dns_support_level=dnssec
smtp_tls_security_level = dane

Is it possible to exclude some check for specific domain name ?

Something like whitelist domain name and lookup.

I use a local domain "*example.local*" i want to exclude it from dane 
check because i obtain this error:


warning: DANE TLSA lookup problem: Host or domain name not found. Name 
service error for name=_*25._tcp.example.local *type=TLSA: Host not 
found, try again


thanks


That is something that should be handled at the resolver level, not at 
the postfix level.


Emmanuel.

DANE TLSA lookup "whitelist"

[Matteo Cazzador]

Hi everybody,  i've this configuration active in postfix:

smtp_dns_support_level=dnssec
smtp_tls_security_level = dane

Is it possible to exclude some check for specific domain name ?

Something like whitelist domain name and lookup.

I use a local domain "*example.local*" i want to exclude it from dane 
check because i obtain this error:


warning: DANE TLSA lookup problem: Host or domain name not found. Name 
service error for name=_*25._tcp.example.local *type=TLSA: Host not 
found, try again


thanks


--

Rispetta l'ambiente: se non ti è necessario,  non stampare questa mail.


Le informazioni contenute in questa e-mail e nei files eventualmente
allegati sono destinate unicamente ai destinatari della stessa
e sono da considerarsi strettamente riservate.
E' proibito copiare, salvare, utilizzare,  inoltrare a terzi e diffondere
il contenuto della presente senza il preventivo consenso, ai sensi
dell'articolo 616 c.p. e della Legge n. 196/2003.
Se avete ricevuto questo messaggio per errore siete pregati di comunicarlo
immediatamente all'indirizzo mittente, nonché di cancellarne il contenuto
senza procedere ad ulteriore o differente trattamento.


**
Ing. Matteo Cazzador
NetLite snc di Cazzador Gagliardi
Corso Vittorio Emanuele II, 188 37069
Villafranca di Verona VR
Tel 0454856656
Fax 0454856655
Email:mat...@netlite.it
Web:http://www.netlite.it
**

Re: Inbound/Outbound Settings on a Postfix Relay-Only

[Wietse Venema]

White, Daniel E. (GSFC-770.0)[NICS]:
> I am somewhat confused about which parameters apply to an outgoing vs an 
> incoming message.
> 
> I think that 
> 
> relay_transport   mail that you're willing to forward
> relay_domains and mail that you're willing to forward
> relayhost mail that you're delivering remotely
> 
> apply to outgoing messages.

relayhost and default_transport are for deliveries to all other
domains.

relay_domains and relay_transport are for remote destinations that
list your system as primary or backup MX host.

> I think that 
> 
> virtual_transport and 
> local_transport (set to " error: local delivery disabled") 

These are typically used for local deliveries.

More in http://www.postfix.org/ADDRESS_CLASS_README.html

Wietse

Inbound/Outbound Settings on a Postfix Relay-Only

[White, Daniel E. (GSFC-770.0)[NICS]]

I am somewhat confused about which parameters apply to an outgoing vs an 
incoming message.

I think that 

relay_transport
relay_domains and
relayhost

apply to outgoing messages.

I think that 

virtual_transport and 
local_transport (set to " error: local delivery disabled") 

apply to incoming messages.

Is this accurate ?

Re: smtp_sasl_password_maps round robbin

[Wietse Venema]

Adam Barnett:
> Hi,
> 
> When was pipemap and inline introduced?

Six years ago (with Postfix 3.0, which is already out of support
since February 2019).

Wietse

>  I am getting these error messages
> 
>  postfix/smtp[12689]: error: unsupported dictionary type: pipemap
>  postfix/smtp[12689]: error: unsupported dictionary type: inline
> postfix/smtp[12689]: fatal: open dictionary: expecting "type:name" form
> instead of "{"
> 
> I am running postfix-2.10.1-7.el7.x86_64 and the output of postconf -m
> shows
> 
> btree
> cidr
> environ
> fail
> hash
> internal
> ldap
> memcache
> mysql
> nis
> pcre
> proxy
> regexp
> socketmap
> static
> tcp
> texthash
> unix
> 
> Thanks
> Adam
> 
> 
> On Wed, 4 Aug 2021 at 19:58, Wietse Venema  wrote:
> 
> > Adam Barnett:
> > > Hi,
> > >
> > > I have setting upa Postfix relay to send from my iterenal network certain
> > > mail to our google workspace account
> > >
> > > I have it all set up and working but i saw in the google docs there is a
> > > limit to how much mail can be sent per user per day.
> > > In smtp_sasl_password_maps could i have more then one account for the
> > same
> > > relay so that gets picked randomly, like round robbin
> > >
> > > i.e
> > > [smtp.gmail.com]:587 f...@bar.com:bar
> > > [smtp.gmail.com]:587 f...@bar.com:bar
> > > [smtp.gmail.com]:587 f...@bar.com:bar
> > >
> > > This way i would never hit any sending limit
> >
> > Yes, this is possible. But it may not work if they require
> > that the MAIL FROM address matches the SASL login.
> >
> > main.cf:
> > smtp_sasl_password_maps = pipemap:{
> > inline:{ { [smtp.gmail.com]:587 = whatever } },
> > randmap:{ f...@bar.com:bar, f...@bar.com:bar, ... } } }
> >
> > The pipemap, inline, and randmap pseudmaps are defined in
> > http://www.postfix.org/postconf.1.html
> >
> > Wietse
> >

Re: smtp_sasl_password_maps round robbin

[Adam Barnett]

Hi,

When was pipemap and inline introduced?
 I am getting these error messages

 postfix/smtp[12689]: error: unsupported dictionary type: pipemap
 postfix/smtp[12689]: error: unsupported dictionary type: inline
postfix/smtp[12689]: fatal: open dictionary: expecting "type:name" form
instead of "{"

I am running postfix-2.10.1-7.el7.x86_64 and the output of postconf -m
shows

btree
cidr
environ
fail
hash
internal
ldap
memcache
mysql
nis
pcre
proxy
regexp
socketmap
static
tcp
texthash
unix

Thanks
Adam


On Wed, 4 Aug 2021 at 19:58, Wietse Venema  wrote:

> Adam Barnett:
> > Hi,
> >
> > I have setting upa Postfix relay to send from my iterenal network certain
> > mail to our google workspace account
> >
> > I have it all set up and working but i saw in the google docs there is a
> > limit to how much mail can be sent per user per day.
> > In smtp_sasl_password_maps could i have more then one account for the
> same
> > relay so that gets picked randomly, like round robbin
> >
> > i.e
> > [smtp.gmail.com]:587 f...@bar.com:bar
> > [smtp.gmail.com]:587 f...@bar.com:bar
> > [smtp.gmail.com]:587 f...@bar.com:bar
> >
> > This way i would never hit any sending limit
>
> Yes, this is possible. But it may not work if they require
> that the MAIL FROM address matches the SASL login.
>
> main.cf:
> smtp_sasl_password_maps = pipemap:{
> inline:{ { [smtp.gmail.com]:587 = whatever } },
> randmap:{ f...@bar.com:bar, f...@bar.com:bar, ... } } }
>
> The pipemap, inline, and randmap pseudmaps are defined in
> http://www.postfix.org/postconf.1.html
>
> Wietse
>

Re: "parameter inet_interfaces: no local interface found for 127.0.0.2" at reboot, but not on manual systemctl start

[Vincent Lefevre]

On 2021-07-29 09:57:39 -0400, Wietse Venema wrote:
> Vincent Lefevre:
> > No, this was the first thing I tried in order to solve the issue[*],
> > but unfortunately this didn't have any effect: it doesn't seem to work
> > with on-demand automount.
> 
> If it is always required (for Postfix) what is the advantage of using
> on-demand mounts?

It may happen that I need to detach the disk from the VM, attach
another one, etc. (this happened in the past), and mounting/unmounting
are done automatically. I expect that services that need this disk
don't start (or pause...) until the disk becomes available or I fix
things manually if this happens to be needed.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)