Re: transport map from ldap
um... I have tried both adamt...@foo.com relay:[smtp.foo.com] and relay:[smtp.foo.com] as the the output of the ldap lookup and i just get status=deferred (mail transport unavailable) error Thanks -- __ Adam Barnett Systems Engineer Double Negative 160 Great Portland Street,W1W 5QA T: 020-7268-5000 [ http://www.dneg.com/ | www.dneg.com ] __ - Original Message - | From: "Wietse Venema" | To: "Postfix users" | Sent: Thursday, 19 September, 2019 14:51:52 | Subject: Re: transport map from ldap | ab: |> |> Wow lots of my post got cut off, this is what i wrote. |> |> As you can see i am returning adamt...@foo.com relay:[smtp.foo.com] |> But the mail log is saying transport map error |> |> |> |> Hi All. |> |> I would like the transport_maps to be driven from an ldap lookuop |> but i am unsure of the format it should be returning |> |> I have the following config |> |> transport_maps = hash:/etc/postfix/transport |> ldap:/etc/postfix/ldap-transport |> and my /etc/postfix/ldap-transport.cf looks like this |> |> server_host = ldap://zimbra:389 |> server_port = 389 |> search_base = |> query_filter = |> (&(|(zimbraMailDeliveryAddress=%s)(zimbraMailAlias=%s))(zimbraMailStatus=enabled)) |> result_attribute = mail,zimbraMailAlias |> version = 3 |> result_format=%s relay:[smtp.foo.com] |> start_tls = no |> timeout = 30 |> |> This returns the output when doing a postmap vq |> adamt...@foo.com relay:[smtp.foo.com] |> but is that correct for a transport_map | | The transport(5) manpage says: | RESULT FORMAT | The lookup result is of the form transport:nexthop. The transport | field specifies a mail delivery transport such as smtp or local. The | nexthop field specifies where and how to deliver mail. | | "relay:[smtp.foo.com]" is a valid result. | | More information in the manpage! | | Wietse
Re: transport map from ldap
Hi, That is the only error Sep 19 14:59:54 foo postfix/error[103706]: 3C10828C082: to=, relay=none, delay=0.01, delays=0/0/0/0, dsn=4.3.0, status=deferred (mail transport unavailable) This is a MTA relay host Thanks -- __ Adam Barnett Systems Engineer Double Negative 160 Great Portland Street,W1W 5QA T: 020-7268-5000 [ http://www.dneg.com/ | www.dneg.com ] __ - Original Message - | From: "Matus UHLAR - fantomas" | To: "Postfix users" | Sent: Thursday, 19 September, 2019 16:00:03 | Subject: Re: transport map from ldap |>I have tried both |> |>adamt...@foo.com relay:[smtp.foo.com] |> |>and |> |>relay:[smtp.foo.com] |> |>as the the output of the ldap lookup and i just get |> |>status=deferred (mail transport unavailable) error | | any other error in logs? IS the smtp.foo.com reachable? | | -- | Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ | Warning: I wish NOT to receive e-mail advertising to this address. | Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. | Eagles may soar, but weasels don't get sucked into jet engines.
Re: transport map from ldap
There was this error as well Sep 19 14:59:47 foo postfix/qmgr[103420]: warning: connect to transport private/f...@bar.comrelay: No such file or directory -- __ Adam Barnett Systems Engineer Double Negative 160 Great Portland Street,W1W 5QA T: 020-7268-5000 [ http://www.dneg.com/ | www.dneg.com ] __ - Original Message - | From: "Wietse Venema" | To: "Postfix users" | Sent: Thursday, 19 September, 2019 16:19:41 | Subject: Re: transport map from ldap | Adam Barnett: |> Hi, |> |> That is the only error |> |> Sep 19 14:59:54 foo postfix/error[103706]: 3C10828C082: to=, |> relay=none, delay=0.01, delays=0/0/0/0, dsn=4.3.0, status=deferred (mail |> transport unavailable) |> | | There is more than this. | | Wietse | | http://www.postfix.org/DEBUG_README.html#logging | | Postfix logs all failed and successful deliveries to a logfile. | | When Postfix uses syslog logging (the default), the file is usually | called /var/log/maillog, /var/log/mail, or something similar; the | exact pathname is configured in a file called /etc/syslog.conf, | /etc/rsyslog.conf, or something similar. | | When Postfix uses its own logging system (see MAILLOG_README), the | location of the logfile is configured with the Postfix maillog_file | parameter. | | When Postfix does not receive or deliver mail, the first order of | business is to look for errors that prevent Postfix from working | properly: | | % egrep '(warning|error|fatal|panic):' /some/log/file | more Note: | the most important message is near the BEGINNING of the output. | Error messages that come later are less useful. | | The nature of each problem is indicated as follows: | | "panic" indicates a problem in the software itself that only a | programmer can fix. Postfix cannot proceed until this is fixed. | | "fatal" is the result of missing files, incorrect permissions, | incorrect configuration file settings that you can fix. Postfix | cannot proceed until this is fixed. | | "error" reports an error condition. For safety reasons, a Postfix | process will terminate when more than 13 of these happen. | | "warning" indicates a non-fatal error. These are problems that you | may not be able to fix (such as a broken DNS server elsewhere on | the network) but may also indicate local configuration errors that | could become a problem later.
Re: transport map from ldap
When i changed the LDAP response to server_host = ldap://zimbraldap:389 server_port = 389 search_base = query_filter = (&(|(zimbraMailDeliveryAddress=%s)(zimbraMailAlias=%s))(zimbraMailStatus=enabled)) result_attribute = mail,zimbraMailAlias version = 3 result_format=relay:[smtp.foo.com] start_tls = no timeout = 30 Sep 19 16:51:53 natter postfix/smtp[111518]: fatal: garbage after "]" in server description: [smtp.foo.com],relay:[smtp.foo.com],relay:[smtp.foo.com] Sep 19 16:51:54 natter postfix/qmgr[111506]: warning: private/relay socket: malformed response Sep 19 16:51:54 natter postfix/qmgr[111506]: warning: transport relay failure -- see a previous warning/fatal/panic logfile record for the problem description Sep 19 16:51:54 natter postfix/master[84677]: warning: process /usr/lib/postfix/sbin/smtp pid 111518 exit status 1 Sep 19 16:51:54 natter postfix/master[84677]: warning: /usr/lib/postfix/sbin/smtp: bad command startup -- throttling -- ______ Adam Barnett Systems Engineer Double Negative 160 Great Portland Street,W1W 5QA T: 020-7268-5000 [ http://www.dneg.com/ | www.dneg.com ] __ - Original Message - | From: "Wietse Venema" | To: "Postfix users" | Sent: Thursday, 19 September, 2019 16:32:48 | Subject: Re: transport map from ldap | Adam Barnett: |> There was this error as well |> |> Sep 19 14:59:47 foo postfix/qmgr[103420]: warning: connect to transport |> private/f...@bar.comrelay: No such file or directory |> | | Right. That was for the malformed transport result with an email | address at the beginning. | | What about the other one? | | Wietse
Re: Split Domain MTA relay access denied
This was happening when sending internal to external so how can i populate relay_recipient_maps ? -- __ Adam Barnett Systems Engineer Double Negative 160 Great Portland Street,W1W 5QA T: 020-7268-5000 [ http://www.dneg.com/ | www.dneg.com ] __ - Original Message - | From: "Wietse Venema" | To: "Postfix users" | Sent: Friday, 11 October, 2019 12:01:57 | Subject: Re: Split Domain MTA relay access denied | ab: |> Hi |> |> Added the domain to $relay_domian but they i get this error | | Good. | |> Recipient address rejected: User unknown in relay recipient table; | | Populate relay_recipient_maps, or use recipient address verification. | | http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup | http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient | | Background info: | | http://www.postfix.org/postconf.5.html#relay_recipient_maps | http://www.postfix.org/ADDRESS_CLASS_README.html | | Wietse
Re: Split Domain MTA relay access denied
ah, got it Thanks Adam -- __ Adam Barnett Systems Engineer Double Negative 160 Great Portland Street,W1W 5QA T: 020-7268-5000 [ http://www.dneg.com/ | www.dneg.com ] __ - Original Message - | From: "Wietse Venema" | To: "Postfix users" | Sent: Friday, 11 October, 2019 12:14:52 | Subject: Re: Split Domain MTA relay access denied | You have EXTERNAL domain listed in relay_domains? Don't do that. | | For relaying to arbitrary remote sites, the SMTP client should be | in a trusted network (mynetworks), or the client should authenticate | (with SASL login, or TLS cert). | | It was not clear from the anonymized description which was which. | | Wietse | | Adam Barnett: |> This was happening when sending internal to external so how can i populate |> relay_recipient_maps ? |> |> -- |> __ |> Adam Barnett |> Systems Engineer |> Double Negative |> 160 Great Portland Street,W1W 5QA |> T: 020-7268-5000 |> [ http://www.dneg.com/ | www.dneg.com ] |> __ |> |> - Original Message - |> | From: "Wietse Venema" |> | To: "Postfix users" |> | Sent: Friday, 11 October, 2019 12:01:57 |> | Subject: Re: Split Domain MTA relay access denied |> |> | ab: |> |> Hi |> |> |> |> Added the domain to $relay_domian but they i get this error |> | |> | Good. |> | |> |> Recipient address rejected: User unknown in relay recipient table; |> | |> | Populate relay_recipient_maps, or use recipient address verification. |> | |> | http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup |> | http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient |> | |> | Background info: |> | |> | http://www.postfix.org/postconf.5.html#relay_recipient_maps |> | http://www.postfix.org/ADDRESS_CLASS_README.html |> | |> |Wietse
phising attacks
Hi Postfix Peeps We seem to be getting more phishing attacks that are being clever. The address looks like it someone internal but the from address is not that person. Any suggestions postfix or otherwise to help with these Thanks Adam
Re: phising attacks
The from address will be, for example From: Jo Blogs But the return address and return path would be and different address from what Jo Blogs is I am 99% sure it is a user error, but just wondering if there was anything else to be done Thanks -- __ Adam Barnett Systems Engineer Double Negative 160 Great Portland Street,W1W 5QA T: 020-7268-5000 [ http://www.dneg.com/ | www.dneg.com ] __ - Original Message - | From: "Dominic Raferd" | To: "Postfix users" | Sent: Wednesday, 15 January, 2020 15:15:30 | Subject: Re: phising attacks | On Wed, 15 Jan 2020 at 15:09, Adam Barnett wrote: | |> Hi Postfix Peeps |> We seem to be getting more phishing attacks that are being clever. The |> address looks like it someone internal but the from address is not that |> person. |> Any suggestions postfix or otherwise to help with these |> | | When you say 'looks like it someone internal' what *exactly* do you mean?
Re: phising attacks
Thanks, i will look into it -- __ Adam Barnett Systems Engineer Double Negative 160 Great Portland Street,W1W 5QA T: 020-7268-5000 [ http://www.dneg.com/ | www.dneg.com ] __ - Original Message - | From: "Dominic Raferd" | To: "Postfix users" | Sent: Wednesday, 15 January, 2020 15:33:33 | Subject: Re: phising attacks | On Wed, 15 Jan 2020 at 15:20, Adam Barnett wrote: | |> The from address will be, for example |> |> From: Jo Blogs |> |> But the return address and return path would be and different address from |> what Jo Blogs is |> |> |> I am 99% sure it is a user error, but just wondering if there was anything |> else to be done |> __ |> |> - Original Message - |> | From: "Dominic Raferd" |> | To: "Postfix users" |> | Sent: Wednesday, 15 January, 2020 15:15:30 |> | Subject: Re: phising attacks |> |> | On Wed, 15 Jan 2020 at 15:09, Adam Barnett wrote: |> | |> |> Hi Postfix Peeps |> |> We seem to be getting more phishing attacks that are being clever. The |> |> address looks like it someone internal but the from address is not that |> |> person. |> |> Any suggestions postfix or otherwise to help with these |> |> |> | |> | When you say 'looks like it someone internal' what *exactly* do you mean? |> | | There is plenty that can be done with header_checks (based on one header at | a time) but it depends on exactly what you are seeing, and you haven't | provided a full From header. Is the email address in the From header being | faked as well as the text, or only the text? For multi-header rules (e.g. | combination of From: and Reply-To:) you need something like postfwd / | spamassassin / mimedefang(?) | | I don't see actual email addresses of our domains being faked in From | headers, but that's because we use DMARC with p=reject. But I do see the | text being faked, including inserting our names or a fake email address | (i.e. one of ours) before the real (foreign) address. I trap these.
smtp_sasl_password_maps round robbin
Hi, I have setting upa Postfix relay to send from my iterenal network certain mail to our google workspace account I have it all set up and working but i saw in the google docs there is a limit to how much mail can be sent per user per day. In smtp_sasl_password_maps could i have more then one account for the same relay so that gets picked randomly, like round robbin i.e [smtp.gmail.com]:587 f...@bar.com:bar [smtp.gmail.com]:587 f...@bar.com:bar [smtp.gmail.com]:587 f...@bar.com:bar This way i would never hit any sending limit Thanks Adam
Re: smtp_sasl_password_maps round robbin
We are migrating from our old legacy server to google. Instead of having to configure the old server ( which is a pain to update) i was going to reconfigure our linux hosts postfix to send to theis new relay that i have setup, i can then relay certain senders to the old server ( if needed) and everything else to google. This is only for internal -> gmail mail which is mainly for scripts/programs using sendmail/mail cli Thanks Adam On Wed, 4 Aug 2021 at 16:43, wrote: > > I have setting upa Postfix relay to send from my iterenal network > > certain mail to our google workspace account > > Im fairly inexperienced and curious... If you have your own email > servers why would you relay through google? Can't your email servers > just send the emails themselves? What are the issues or drawbacks > preventing that? What should i be aware of in setting up my own email > server? >
Re: smtp_sasl_password_maps round robbin
Hi, When was pipemap and inline introduced? I am getting these error messages postfix/smtp[12689]: error: unsupported dictionary type: pipemap postfix/smtp[12689]: error: unsupported dictionary type: inline postfix/smtp[12689]: fatal: open dictionary: expecting "type:name" form instead of "{" I am running postfix-2.10.1-7.el7.x86_64 and the output of postconf -m shows btree cidr environ fail hash internal ldap memcache mysql nis pcre proxy regexp socketmap static tcp texthash unix Thanks Adam On Wed, 4 Aug 2021 at 19:58, Wietse Venema wrote: > Adam Barnett: > > Hi, > > > > I have setting upa Postfix relay to send from my iterenal network certain > > mail to our google workspace account > > > > I have it all set up and working but i saw in the google docs there is a > > limit to how much mail can be sent per user per day. > > In smtp_sasl_password_maps could i have more then one account for the > same > > relay so that gets picked randomly, like round robbin > > > > i.e > > [smtp.gmail.com]:587 f...@bar.com:bar > > [smtp.gmail.com]:587 f...@bar.com:bar > > [smtp.gmail.com]:587 f...@bar.com:bar > > > > This way i would never hit any sending limit > > Yes, this is possible. But it may not work if they require > that the MAIL FROM address matches the SASL login. > > main.cf: > smtp_sasl_password_maps = pipemap:{ > inline:{ { [smtp.gmail.com]:587 = whatever } }, > randmap:{ f...@bar.com:bar, f...@bar.com:bar, ... } } } > > The pipemap, inline, and randmap pseudmaps are defined in > http://www.postfix.org/postconf.1.html > > Wietse >