Re: migration question
Terry Barnum wrote: After becoming frustrated with our current (non-postfix/dovecot) mailserver's IMAP performance, I setup postfix+dovecot+mysql on a MacPro running Snow Leopard (10.6.2) using MacPorts and an unused domain. After getting it working and playing with it a bit I now have what is likely a very-wet-behind-the-ears newbie question: When it's time to swap servers, is there a preferred recipe to move to new hardware while using the same domain? I googled and checked the FAQ and archives but didn't have a whole lot of luck. I think it would be something like: - configure new postfix/dovecot server to be in correct domain (conf files, certificates) - setup users and passwords on new postfix/dovecot server - use imapsync to pull all email from old server to new postfix/dovecot server I think that there's an important step here that I always use when I'm doing a mail migration. It could really go anywhere above the 'wait for a Friday night' step, really. Reduce the TTL on the domain to something quite small, ie: 5 minutes. The point of this is that you'll get an idea rather quickly of whether or not it works and, if it doesn't, you'll be able to change it back without a portion of the users experiencing long downtimes because of DNS records pointing to the wrong server. - wait for a Friday night - swap DNS to point to new postfix/dovecot server - turn off smtp on the old server - use imapsync again to pull any new email from old server to new postfix server - turn off old server Is this a reasonable approach? Thanks, -Terry Terry Barnum digital OutPost San Diego, CA http://www.dop.com 800/464-6434 -- Adrian Overbury
Re: [LDAP] group of 'memberaddr' gives email's group as well
As I understand it, special_result_attribute is expected to be a DN type, since it then uses the results of that to look up the DNs referenced, trying to find result_attribute under them. It wouldn't be valid to have rfc822member listen in special_result_attribute. Adrian Thomas wrote: Re, # cat /etc/postfix/groups.cf server_host = ldap.domain.com version = 3 search_base = ou=groups,ou=mail,dc=domain,dc=com query_filter = ((objectClass=qmailGroup)(|(mail=%s)(mailAlternateAddress=%s))) result_attribute = rfc822member special_result_attribute = dnmember leaf_result_attribute = mail A solution would be to put rfc822member as a special result attribute. special_result_attribute = dnmember, rfc822member But I don't know if it's /clean/ do to that. BTW, I'm using postfix 2.5.5 (Debian Lenny) Cheers, Thomas
Proxying a policy service
Has anyone ever written a proxy server for policy services? I have a policy server (grossd, one of the best greylisting engines I've ever used) that, if it goes down, causes my Postfix servers to temp fail everything with 'Server configuration problem'. This is a real problem for me. I'd like to proxy the service so that, if it goes down, the proxy responds with DUNNO and the message continues to be checked against the next item in the chain. Does anyone know of anything pre-made that can achieve this, or am I going to have to write it myself? Adrian
DNSWL
Does anyone here make use of the DNS Whitelist? If so, what's your experience with it? Do you find it helpful in speeding up the delivery of legitimate mail, or does it just increase the amount of spam you receive? Also, do you find it more useful to use it as part of a spamassassin check, or as part of the SMTP transaction? I'm interested in any info you can provide. Adrian
Send stdout from command down a pipe
Is it possible, if I specify a mailbox_command in my main.cf, to pipe any output that produces on stdout to somewhere else? Like, say, to another command? What I'm trying to do is have procmail write its log output to stdout, then pipe that into logger so I have it end up in syslog in a format that I can easily filter down to find the output for a specific message being processed. Right now we use procmail as the delivery agent for a mid-to-large environment, and the logging is not centralised, so this is an exercise in centralising the logging for all the nodes in our mail cluster, and have it logged in a way that gives me a moderately unique (unique for long enough, that is) identifier that I can use to trace the output for a specific message. Unless, of course, anyone here knows a better way to do what I'm trying to achieve. I can't be the only one who's ever looked at a procmail log file, and seen that the fact that it logs with no message identifier and no date/timestamp for each log file means the log can be next to useless during busy periods. Our servers, for example, deliver maybe 15,000 pieces of mail a day, and everything is jumbled together with no real clue about which lines apply to which messages. If anyone's got any ideas, I'd love to hear them. Adrian
Tarpit on condition
I know that tarpitting in Postfix is looked down upon in some circles, but I've got a security measure I want t implement on my Postfix servers that I've been authorised to do *only* if I can make Postfix tarpit that session, not simply terminate it. I want to do sender_login_mismastch checking, and have that go on to a tarpit instead of rejecting out of hand. I don't know how this might be possible, or even if it is, but if I can do it at all I'd quite like to. I can already assemble the lists of who is allowed to send as what address out of our LDAP database on the fly (an unexpected advantage of the custom LDAP schema we created for our mail service, it turns out). I just need to find out if it's possible to make Postfix behave as I want it to. Adrian