Re: ..:: Per user server ::..
On 1/9/14, 10:07 PM, Kirill Bychkov wrote: 10.01.2014 3:56 пользователь Alfonso Alejandro Reyes Jiménez are...@ibossmonitor.com mailto:are...@ibossmonitor.com написал: Hi Everyone. Is it posible to validate users before deliver? The thing is that we have 2 email servers (1 exchange and 1 postfix) with different users and we need to validate the users before we deliver. Different users on one domain? is this posible? is something that if that user is not on postfix, then send it to exchange or viceversa. Thanks in advance. Regards Alfonso. -- Yeap different users on the same domain. Regards.
Re: ..:: Per user server ::..
On 1/10/14, 9:18 AM, Wietse Venema wrote: Alfonso Alejandro Reyes Jim?nez: On 1/9/14, 10:07 PM, Kirill Bychkov wrote: 10.01.2014 3:56 Alfonso Alejandro Reyes Jim?nez are...@ibossmonitor.com mailto:are...@ibossmonitor.com ???: Hi Everyone. Is it posible to validate users before deliver? The thing is that we have 2 email servers (1 exchange and 1 postfix) with different users and we need to validate the users before we deliver. Different users on one domain? is this posible? is something that if that user is not on postfix, then send it to exchange or viceversa. Yeap different users on the same domain. I suppose that Postfix is between the Internet and Exchange? Then I suggest using a virtual _mailbox_ domain for all the users (including the Exchange users that will be delivered elsewhere), with a transport mapping to deliver some of those users to the Exchange server. This way Postfix would never accept mail for bad email addresses. http://www.postfix.org/postconf.5.html#virtual_mailbox_domains http://www.postfix.org/postconf.5.html#virtual_mailbox_maps http://www.postfix.org/transport.5.html http://www.postfix.org/VIRTUAL_README.html Before going into configuration details I'll wait for other responses. Wietse You are right, postfix is going to be getting al emails and then it will send them to the other destinations. Thanks for your advice, I will look at it. Regards.
Re: two routers into postfix
On 1/10/14, 9:18 AM, Andy Rowe wrote: Hello: I have a production mail / web server for a couple very low volume domains. (CentOS 6.4, apache, postfix) I have a production exchange server for another small domain. I want to set the CentOS server up to serve mail to its current clients as well as act as a gateway for content filtering for the Exchange server. I set up a lab server to test configurations and have everything working well. I've transferred the set up to the production CentOS server and everything seems to work. I have two DSL connections, each with its own router and static IP. Each router has a pinhole configured to forward traffic on port 25 to one of the two servers. While testing, I could change the IP address for the pinhole configured on the Exchange server's router to the lab server and mail traffic would flow to the lab server. It would serve mail to its own clients as well as except mail for the exchange server and relay it after filtering. Now when I try to configure the pinholes of both routers to send port 25 to the CentOS production server, mail from one router continues to flow but the other does not. When I try to telnet into the server through the one router's IP, it times out. Firewall issues and other non-postfix related trouble aside, is there any reason this shouldn't work? Inet_interface is set to all. Proxy address is set to the two static IPs Postconf --n below alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailbox_size_limit = 0 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 0 mydestination = mydomain = smila.net myhostname = mail.smila.net mynetworks = 127.0.0.0/8, 192.168.0.0/24 myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix proxy_interfaces = 74.169.65.249, 68.153.211.65 queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf relay_recipient_maps = hash:/etc/postfix/relay_recipients relayhost = 192.168.0.5:25 sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_enforce_tls = no smtp_tls_security_level = may smtp_use_tls = yes smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_rbl_client sbl-xbl.spamhaus.orgpermit smtpd_delay_reject = yes smtpd_enforce_tls = no smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining,permit smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_auth_destination, reject_unauth_destination, reject_unknown_recipient_domain,reject smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noplaintext, noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_tls_cert_file = /etc/postfix/certs/cert.pem smtpd_tls_key_file = /etc/postfix/certs/key.pem smtpd_tls_security_level = may smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_transport = dovecot virtual_uid_maps = static:5000 master.conf smtp inet n - n - 20 smtpd -o smtpd_proxy_filter=127.0.0.1:10024 -o smtpd_client_connection_count_limit=10 -o smtpd_proxy_timeout=300s -o smtpd_proxy_options=speed_adjust submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING 127.0.0.1:10025 inet n- n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions=
..:: Per user server ::..
Hi Everyone. Is it posible to validate users before deliver? The thing is that we have 2 email servers (1 exchange and 1 postfix) with different users and we need to validate the users before we deliver. is this posible? is something that if that user is not on postfix, then send it to exchange or viceversa. Thanks in advance. Regards Alfonso. --
..:: Keep HTML format ::..
Hi Everyone. Is there some way to keep the exchange format on postfix? I have a postfix that gets exchange emails, the problem is that the exchange format is removed and all of the images that the email has on the body become attachments. Is there some way to configure postfix to keep the exchange format? I'm not sending my config because there's nothing that reference the html format, just the html_directory which is about the manuals. Any ideas? Thanks in advance. Regards. Alfonso. --
Re: ..:: Keep HTML format ::..
On 9/4/13 10:00 AM, Ralf Hildebrandt wrote: * Alfonso Alejandro Reyes Jiménez are...@ibossmonitor.com: Hi Everyone. Is there some way to keep the exchange format on postfix? Postfix does not alter the body of an email in any way. I have a postfix that gets exchange emails, the problem is that the exchange format is removed and all of the images that the email has on the body become attachments. Is there some way to configure postfix to keep the exchange format? That's probably not postfix, but something else. Thanks for the response, the thing is that if you send an email on the same exchange everything looks fine, if you send an email thru the postfixs distribution list which sends to another exchange all the format is removed. If you send postfix to exchange works fine, may be is something about the mailing list. Any ideas? Regards.
Re: ..:: Keep HTML format ::..
On 9/4/13 10:04 AM, Viktor Dukhovni wrote: On Wed, Sep 04, 2013 at 05:00:02PM +0200, Ralf Hildebrandt wrote: * Alfonso Alejandro Reyes Jim?nez are...@ibossmonitor.com: Hi Everyone. Is there some way to keep the exchange format on postfix? Postfix does not alter the body of an email in any way. I have a postfix that gets exchange emails, the problem is that the exchange format is removed and all of the images that the email has on the body become attachments. Is there some way to configure postfix to keep the exchange format? That's probably not postfix, but something else. Exchange servers have settings that control how mail is transmitted to outside users. In addition such settings can be set by individual senders on a per contact basis. HTML email should go through just fine, unless the contact or global policy is to send plain-text. DO NOT configure exchange to always send Rich Text Format (aka Microsoft's proprietary winmail.dat TNEF format) by default to outside recipients, many will be unable to read such email, or may reject it on security grounds. If a particular recipient or peer domain prefers TNEF, that policy can be set for the recipient contact, or for a custom connector for the destination domain. Thanks Victor. The thing is that if you send an email on the same exchange everything looks fine, if you send an email thru the postfixs distribution list which sends to another exchange all the format is removed. If you send postfix to exchange works fine, may be is something about the mailing list. Any ideas? Regards.
Re: ..:: Keep HTML format ::..
Alfonso Alejandro Reyes Jiménez wrote: Thanks for the response, the thing is that if you send an email on the same exchange everything looks fine, if you send an email thru the postfixs distribution list which sends to another exchange all the format is removed. If you send postfix to exchange works fine, may be is something about the mailing list. Mailing lists are sometimes explicitly configured to strip images and HTML formatting, passing only the plaintext part. Ask the admin of the specific machine you're seeing this happen with. -kgd Thanks but the mailing list is on the postfix, the postfix is striping the images according to our tests. :(
Re: ..:: Keep HTML format ::.. (solved)
On 9/4/13 11:08 AM, Alfonso Alejandro Reyes Jiménez wrote: Alfonso Alejandro Reyes Jiménez wrote: Thanks for the response, the thing is that if you send an email on the same exchange everything looks fine, if you send an email thru the postfixs distribution list which sends to another exchange all the format is removed. If you send postfix to exchange works fine, may be is something about the mailing list. Mailing lists are sometimes explicitly configured to strip images and HTML formatting, passing only the plaintext part. Ask the admin of the specific machine you're seeing this happen with. -kgd Thanks but the mailing list is on the postfix, the postfix is striping the images according to our tests. :( Now it works, thanks!!
Re: ..:: Keep HTML format ::.. (solved)
On 9/4/13 12:41 PM, Mike. wrote: On 9/4/2013 at 11:32 AM Alfonso Alejandro Reyes Jiménez wrote: |On 9/4/13 11:08 AM, Alfonso Alejandro Reyes Jiménez wrote: | Alfonso Alejandro Reyes Jiménez wrote: | Thanks for the response, the thing is that if you send an email on the | same exchange everything looks fine, if you send an email thru the | postfixs distribution list which sends to another exchange all the | format is removed. If you send postfix to exchange works fine, may | be is | something about the mailing list. | Mailing lists are sometimes explicitly configured to strip images and | HTML formatting, passing only the plaintext part. | | Ask the admin of the specific machine you're seeing this happen with. | | -kgd | Thanks but the mailing list is on the postfix, the postfix is striping | the images according to our tests. :( |Now it works, thanks!! = Configuration management issues? Yeap, exchange issues :)
Re: Connection Issues
On 1/4/13 9:19 AM, Viaduct Productions wrote: Hi folks. I'm using some middleware to generate an email that's sent to Mac OSX Server's installation of postfix. The email never gets through, and I don't know why. I've had some suggestions which I will post below, but nothing seems to work. I am not authenticating, and I've tried authentication which does not work either. I don't know postfix at all, so I'm trying to see what could be the problem by posting these tidbits of feedback and logs here. Any input appreciated. I'm stumped as to why this isn't working. 192.168.1.4 is my workstation 192.168.1.7 is the server on 10.8.2 Server SMTP log from Server.app Jan 3 15:23:03 alpha.mydomain.com postfix/postscreen[4262]: DNSBL rank 2 for [188.2.165.91]:4368 Jan 3 15:23:04 alpha.mydomain.com postfix/smtpd[4213]: connect from cable-188-2-165-91.dynamic.sbb.rs[188.2.165.91] Jan 3 15:23:04 alpha.mydomain.com postfix/postscreen[4262]: CONNECT from [192.168.1.4]:63328 to [192.168.1.7]:25 Jan 3 15:23:04 alpha.mydomain.com postfix/postscreen[4262]: WHITELISTED [192.168.1.4]:63328 Jan 3 15:23:04 alpha.mydomain.com postfix/smtpd[4325]: connect from unknown[192.168.1.4] Jan 3 15:23:04 alpha.mydomain.com postfix/smtpd[4325]: disconnect from unknown[192.168.1.4] Here is a similar report: postfix/postscreen[660]: CONNECT from [192.168.1.4]:52700 to [192.168.1.7]:25 Jan 4 06:08:59 alpha.mydomain.com postfix/postscreen[660]: WHITELISTED [192.168.1.4]:52700 Jan 4 06:08:59 alpha.mydomain.com postfix/smtpd[661]: connect from unknown[192.168.1.4] Jan 4 06:08:59 alpha.mydomain.com postfix/smtpd[661]: lost connection after AUTH from unknown[192.168.1.4] Jan 4 06:08:59 alpha.mydomain.com postfix/smtpd[661]: disconnect from unknown[192.168.1.4] Jan 4 06:09:11 alpha.mydomain.com postfix/smtpd[669]: disconnect from unknown[192.168.1.4] Jan 4 06:09:19 alpha.mydomain.com postfix/postscreen[660]: CONNECT from [192.168.1.4]:52708 to [192.168.1.7]:25 Jan 4 06:09:19 alpha.mydomain.com postfix/postscreen[660]: WHITELISTED [192.168.1.4]:52708 Jan 4 06:09:19 alpha.mydomain.com postfix/smtpd[661]: connect from unknown[192.168.1.4] Jan 4 06:09:19 alpha.mydomain.com postfix/smtpd[661]: lost connection after AUTH from unknown[192.168.1.4] Jan 4 06:09:19 alpha.mydomain.com postfix/smtpd[661]: disconnect from unknown[192.168.1.4] /library/logs/mail/mailaccess.log: Jan 3 15:23:23 alpha.mydomain.com log[1532]: imap-login: ID sent: name=Mac OS X Mail, version=6.2 (1499), os=Mac OS X, os-version=10.8.2 (12C60), vendor=Apple Inc.: rip=192.168.1.4, lip=192.168.1.7 Jan 3 15:23:23 alpha.mydomain.com log[1532]: imap-login: Login: user=my_username, method=CRAM-MD5, rip=192.168.1.4, lip=192.168.1.7, mpid=1598 /var/log/system.log: Jan 3 15:23:28 alpha.mydomain.com mdworker[4331]: Unable to talk to lsboxd Jan 3 15:23:28 alpha.mydomain.com mdworker[4330]: Unable to talk to lsboxd Jan 3 15:23:28 alpha.mydomain.com sandboxd[4333] ([4331]): mdworker(4331) deny mach-lookup com.apple.ls.boxd Jan 3 15:23:28 alpha.mydomain.com sandboxd[4333] ([4330]): mdworker(4330) deny mach-lookup com.apple.ls.boxd Jan 3 15:23:28 alpha kernel[0]: Sandbox: sandboxd(4333) deny mach-lookup com.apple.coresymbolicationd Jan 3 15:24:12 alpha.mydomain.com filecoordinationd[126]: NSFileCoordinator only handles URLs that use the file: scheme. This one does not: (null) Jan 3 15:24:17 alpha.mydomain.com com.apple.SecurityServer[19]: Succeeded authorizing right 'system.privilege.admin' by client '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [108] for authorization created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [108] (2,0) Jan 3 15:24:17 alpha.mydomain.com com.apple.SecurityServer[19]: Succeeded authorizing right 'system.privilege.admin' by client '/Library/PrivilegedHelperTools/com.apple.serverd' [98] for authorization created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [108] (10,0) Jan 3 15:24:24 alpha.mydomain.com BBEdit[707]: CVCGDisplayLink::setCurrentDisplay didn't find a valid display - falling back to 60Hz Jan 3 15:24:27 --- last message repeated 1 time --- Jan 3 15:24:27 alpha.mydomain.com com.apple.SecurityServer[19]: Succeeded authorizing right 'system.privilege.admin' by client '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [108] for authorization created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [108] (2,0) Jan 3 15:24:27 alpha.mydomain.com com.apple.SecurityServer[19]: Succeeded authorizing right 'system.privilege.admin' by client '/Library/PrivilegedHelperTools/com.apple.serverd' [98] for authorization created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [108] (10,0) Jan 3 15:24:51 alpha.mydomain.com postfix/smtpd[4325]: warning: hostname
Re: Connection Issues
On 1/4/13 9:53 AM, Viaduct Productions wrote: Hi there. Actually I have a full email client on my workstation using that as an outgoing SMTP server. Only the middleware has problems. Having changed directives for better verbosity, this is what just happened, without authentication: Jan 4 10:35:40 alpha.mydomain.com postfix/postscreen[9452]: CONNECT from [192.168.1.4]:64959 to [192.168.1.7]:25 Jan 4 10:35:40 alpha.mydomain.com postfix/postscreen[9452]: WHITELISTED [192.168.1.4]:64959 Jan 4 10:38:35 alpha.mydomain.com postfix/postscreen[9452]: CONNECT from [192.168.1.4]:65176 to [192.168.1.7]:25 Jan 4 10:38:35 alpha.mydomain.com postfix/postscreen[9452]: WHITELISTED [192.168.1.4]:65176 Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: connect from unknown[192.168.1.4] Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: match_list_match: 192.168.1.4: no match Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: match_list_match: 192.168.1.4: no match Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: match_hostaddr: 192.168.1.4 ~? 127.0.0.0/8 Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: match_hostaddr: 192.168.1.4 ~? [::1]/128 Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: match_hostaddr: 192.168.1.4 ~? 192.168.1.0/24 Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 220 alpha.mydomain.com ESMTP Postfix Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: EHLO [127.0.0.1] Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: match_list_match: 192.168.1.4: no match Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 250-alpha.mydomain.com Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 250-PIPELINING Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 250-SIZE 10485760 Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 250-VRFY Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 250-ETRN Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 250-STARTTLS Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 250-ENHANCEDSTATUSCODES Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 250-8BITMIME Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 250-DSN Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 250-BINARYMIME Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 250 CHUNKING Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: STARTTLS Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 220 2.0.0 Ready to start TLS Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: QUIT Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: unknown[192.168.1.4]: 221 2.0.0 Bye Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: match_hostaddr: 192.168.1.4 ~? 127.0.0.0/8 Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: match_hostaddr: 192.168.1.4 ~? [::1]/128 Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: match_hostaddr: 192.168.1.4 ~? 192.168.1.0/24 Jan 4 10:38:35 alpha.mydomain.com postfix/smtpd[9453]: disconnect from unknown[192.168.1.4] Here is the postconf -n: biff = no command_directory = /usr/sbin config_directory = /Library/Server/Mail/Config/postfix daemon_directory = /usr/libexec/postfix data_directory = /Library/Server/Mail/Data/mta debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id sleep 5 dovecot_destination_recipient_limit = 1 html_directory = /usr/share/doc/postfix/html imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred inet_interfaces = loopback-only inet_protocols = all mail_owner = _postfix mailbox_size_limit = 0 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 10485760 mydomain_fallback = localhost mynetworks = 127.0.0.0/8, [::1]/128, 192.168.1.0/24 newaliases_path = /usr/bin/newaliases queue_directory = /Library/Server/Mail/Data/spool readme_directory = /usr/share/doc/postfix recipient_delimiter = + sample_directory = /usr/share/doc/postfix/examples sendmail_path = /usr/sbin/sendmail setgid_group = _postdrop smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit smtpd_tls_ciphers = medium smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 use_sacl_cache = yes On 2013-01-04, at 10:46 AM, Alfonso Alejandro Reyes Jiménez are...@ibossmonitor.com wrote: Hi. Have you tried sending an email using telnet
Re: ..:: Postfix authentication requered for relay ::..
On 11/13/12 12:36 PM, Jeroen Geilman wrote: On 11/13/2012 12:41 AM, Alfonso Alejandro Reyes Jiménez wrote: snipped The SASL auth is working on the smtpd server and it works fine, but when we try to send anything from the other server we don't even see the login attempt. So...what does the postfix log say on the sending side ? If an SASL connection is made, this will be logged. There's no connection at all, the log says: relay acces denied. On the other side we have the sasl working and we have authentication logs but not from that server. I think somehow it is not taking the sasl configuration. Any ideas? Thanks.
..:: Postfix authentication requered for relay ::..
Hi everyone. We have 2 postfix servers, one for every email from our company and the other inside our LAN just sending Nagios notifications. The thing is that we need to configure the SMTP authentication in the notifications server to allow relay. We don't want to put the server's IP on mynetworks because we don't really trust on it. We have all the configuration steps we found on the internet but it is not working, we cant see any authentication attempt on the server. Any help will be great. Here's the configuration of the server: [root@rt-soc ~]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = localhost inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man masquerade_domains = nagios.domain.com mydestination = $myhostname, localhost.$mydomain, localhost myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES relayhost = 172.16.18.100:25 sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_sasl_auth_enable = yes smtp_sasl_mechanism_filter = digest-md5 smtp_sasl_password_maps = hash:/etc/postfix/sasl-passwords smtp_sasl_security_options = smtpd_sasl_path = inet:172.16.18.100:12345 smtpd_sasl_type = dovecot unknown_local_recipient_reject_code = 550 Thanks in advance. Regards. Alfonso.
Re: Verify CIDR format
On 11/12/12 5:15 PM, Viktor Dukhovni wrote: On Mon, Nov 12, 2012 at 04:16:40PM -0500, Jack S wrote: I just wanted to verify the format for the CIDR file is correct: To whitelist: 94.68.240.213 OK 94.68.240.214 OK To blacklist: 94.242.222.0/20 REJECT CIDR-BLOCK SPAMMERS-94.242.222.0/20 109.95.120.0/21 REJECT CIDR-BLOCK SPAMMERS-109.95.120.0/21 Yes for whitelist or blacklist entries, but on the other hand if you want to make narrow exceptions for a broad reject rule in the same table, you may not want to make those exceptions disable other rules in other Postfix access control actions. If so: 192.0.2.1 DUNNO exception reason 192.0.2.0/24REJECT rejection reason With CIDR and regexp tables any exception must be listed *above* any reject rules. Hi, do you have the RBL lists working? We use them and the work very well and We have another blacklist using iptables, I think it reduces the impact on the server as it only checks the IP header. Just a suggestion. Regards.
Re: ..:: Postfix authentication requered for relay ::..
On 11/13/2012 12:21 AM, Alfonso Alejandro Reyes Jiménez wrote: Hi everyone. We have 2 postfix servers, one for every email from our company and the other inside our LAN just sending Nagios notifications. The thing is that we need to configure the SMTP authentication in the notifications server to allow relay. We don't want to put the server's IP on mynetworks because we don't really trust on it. We have all the configuration steps we found on the internet but it is not working, we cant see any authentication attempt on the server. Any help will be great. Here's the configuration of the server: snipped smtp_sasl_auth_enable = yes This concerns smtp(8), the smtp CLIENT. smtpd_sasl_path = inet:172.16.18.100:12345 smtpd_sasl_type = dovecot This concerns smtpd(8), the smtp SERVER. You need to enable SASL auth in the smtpd(8) SERVER. The SASL auth is working on the smtpd server and it works fine, but when we try to send anything from the other server we don't even see the login attempt. Any ideas? Thanks!!
..::Rbl not working::..
Hi everyone. I've postfix working great but I cant make the rbl works, I have the configuration but when I test the configuration it seems not to be working. I'm testing with http://www.crynwr.com/spam/ Spamhaus has that ip address listed but I'm still getting those emails. Here's the postconf -n result: [root@mail ~]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 disable_vrfy_command = yes header_checks = regexp:/etc/postfix/header_checks html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/spool/mail/ mailbox_size_limit = 524288000 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man masquerade_domains = ibossmonitor.com message_size_limit = 5242880 mydestination = $myhostname, localhost.$mydomain, localhost mydomain = domain123.com myhostname = domain123.com mynetworks = 127.0.0.0/8, 10.1.8.27/32, 10.1.8.23/32, 172.16.18.101/32, 10.1.215.26/32 myorigin = domain123.com newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_generic_maps = hash:/etc/postfix/generic smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_banner = $myhostname Microsoft ESMTP MAIL Service ready smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_rbl_client zen.spamhaus.org,reject_rhsbl_sender dsn.rfc-ignorant.org,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = inet:127.0.0.1:12345 smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_login_maps = pcre:/etc/postfix/sender_login.pcre smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,check_client_access hash:/etc/postfix/client_access smtpd_tls_CAfile = /etc/postfix/cert/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/cert/smtpd.crt smtpd_tls_key_file = /etc/postfix/cert/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 any ideas? thanks in advance for your help. Regards. Alfonso. --
Re: ..::Rbl not working::..
On 8/21/12 9:20 AM, Ralf Hildebrandt wrote: * Alfonso Alejandro Reyes Jiménezare...@ibossmonitor.com: Hi everyone. I've postfix working great but I cant make the rbl works, I have the configuration but when I test the configuration it seems not to be working. Logs? I'm testing with http://www.crynwr.com/spam/ Spamhaus has that ip address listed but I'm still getting those emails. Which IP? Logs? smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_rbl_client zen.spamhaus.org,reject_rhsbl_sender dsn.rfc-ignorant.org,reject_unauth_destination That looks ok I'm sorry I forgot that information. Logs: Aug 21 08:01:48 mail postfix/smtpd[23635]: warning: 200.77.229.165: address not listed for hostname correo2.test.com.mx Aug 21 08:03:32 mail postfix/smtpd[23635]: warning: 200.77.229.166: address not listed for hostname correo3.test.com.mx Aug 21 08:52:11 mail postfix/smtpd[23847]: warning: 200.13.34.22: address not listed for hostname correo4.test.com.mx I couldn't find more logs about. The IP that's testing my mail server is 192.203.178.107, I used the spamhaus lookup tool to confirm that the IP was listed. Aug 21 09:33:58 mail postfix/smtpd[24060]: connect from sbl.crynwr.com[192.203.178.107] Aug 21 09:33:58 mail postfix/smtpd[24060]: AB5455D5: client=sbl.crynwr.com[192.203.178.107] Aug 21 09:33:58 mail postfix/cleanup[24065]: AB5455D5: message-id=1345559...@sbl.crynwr.com Aug 21 09:33:59 mail postfix/smtpd[24060]: disconnect from sbl.crynwr.com[192.203.178.107] Aug 21 09:33:58 mail postfix/smtpd[24060]: AB5455D5: client=sbl.crynwr.com[192.203.178.107] Aug 21 09:33:58 mail postfix/cleanup[24065]: AB5455D5: message-id=1345559...@sbl.crynwr.com Aug 21 09:33:59 mail postfix/qmgr[20868]: AB5455D5: from=, size=393, nrcpt=1 (queue active) Aug 21 09:33:59 mail postfix/local[24067]: AB5455D5: to=are...@domain123.com, relay=local, delay=0.87, delays=0.48/0.01/0/0.38, dsn=2.0.0, status=sent (delivered to maildir) Aug 21 09:33:59 mail postfix/qmgr[20868]: AB5455D5: removed That email was delivered. Regards.
Re: ..::Rbl not working::..
On Tue, Aug 21, 2012 at 09:03:47AM -0500, Alfonso Alejandro Reyes Jiménez wrote: I've postfix working great but I cant make the rbl works, I have the configuration but when I test the configuration it seems not to be working. I'm testing with http://www.crynwr.com/spam/ Spamhaus has that ip address listed but I'm still getting those emails. Here's the postconf -n result: [root@mail ~]# postconf -n Irrelevant parts removed, possibly relevant lines here: mynetworks = 127.0.0.0/8, 10.1.8.27/32, 10.1.8.23/32, 172.16.18.101/32, 10.1.215.26/32 smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_rbl_client zen.spamhaus.org,reject_rhsbl_sender dsn.rfc-ignorant.org,reject_unauth_destination any ideas? thanks in advance for your help. You neglected to show the logs of the acceptance of the crynwr.com test mail. Nevertheless, I do have a WAG for you. Test your server's ability to resolve records in zen.spamhaus.org. [alfonso@mail ~]$ dig 2.0.0.127.zen.spamhaus.org. any You should see among the output: ;; ANSWER SECTION: 2.0.0.127.zen.spamhaus.org. 300 IN TXT http://www.spamhaus.org/query/bl?ip=127.0.0.2; 2.0.0.127.zen.spamhaus.org. 300 IN TXT http://www.spamhaus.org/sbl/query/SBL233; 2.0.0.127.zen.spamhaus.org. 300 IN A 127.0.0.4 2.0.0.127.zen.spamhaus.org. 300 IN A 127.0.0.10 2.0.0.127.zen.spamhaus.org. 300 IN A 127.0.0.2 If you're using a nameserver external to you, such as Google Public DNS or any ISP's resolver, there is a very good chance that Spamhaus is blocking your queries. If my guess is right, you can possibly fix it by installing and using your own local caching resolver, i.e., BIND named(8) or other implementation of DNS recursion. Offer void where taxed or restricted, or if your number of queries puts you in excess of Spamhaus maximum allowed. (In that case, see about their paid service; well worth the small expense per mailbox.) I'm sorry I forgot that information. Logs: Aug 21 08:01:48 mail postfix/smtpd[23635]: warning: 200.77.229.165: address not listed for hostname correo2.test.com.mx Aug 21 08:03:32 mail postfix/smtpd[23635]: warning: 200.77.229.166: address not listed for hostname correo3.test.com.mx Aug 21 08:52:11 mail postfix/smtpd[23847]: warning: 200.13.34.22: address not listed for hostname correo4.test.com.mx I couldn't find more logs about. The IP that's testing my mail server is 192.203.178.107, I used the spamhaus lookup tool to confirm that the IP was listed. Aug 21 09:33:58 mail postfix/smtpd[24060]: connect from sbl.crynwr.com[192.203.178.107] Aug 21 09:33:58 mail postfix/smtpd[24060]: AB5455D5: client=sbl.crynwr.com[192.203.178.107] Aug 21 09:33:58 mail postfix/cleanup[24065]: AB5455D5: message-id=1345559...@sbl.crynwr.com Aug 21 09:33:59 mail postfix/smtpd[24060]: disconnect from sbl.crynwr.com[192.203.178.107] Aug 21 09:33:58 mail postfix/smtpd[24060]: AB5455D5: client=sbl.crynwr.com[192.203.178.107] Aug 21 09:33:58 mail postfix/cleanup[24065]: AB5455D5: message-id=1345559...@sbl.crynwr.com Aug 21 09:33:59 mail postfix/qmgr[20868]: AB5455D5: from=, size=393, nrcpt=1 (queue active) Aug 21 09:33:59 mail postfix/local[24067]: AB5455D5: to=are...@domain123.com, relay=local, delay=0.87, delays=0.48/0.01/0/0.38, dsn=2.0.0, status=sent (delivered to maildir) Aug 21 09:33:59 mail postfix/qmgr[20868]: AB5455D5: removed That email was delivered. Thanks for the tip but I have bind running and it seems not to be allowed to make queries to spamhaus: [root@mail ~]# dig 2.0.0.127.zen.spamhaus.org any ; DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 2.0.0.127.zen.spamhaus.org any ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 35309 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;2.0.0.127.zen.spamhaus.org.INANY ;; AUTHORITY SECTION: zen.spamhaus.org.6INSOAneed.to.know.only. hostmaster.spamhaus.org. 1208211440 3600 600 432000 150 ;; Query time: 71 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Aug 21 09:44:12 2012 ;; MSG SIZE rcvd: 108 [root@mail ~]# Here's the DNS config part: [root@mail ~]# vi /etc/resolv.conf # Generated by NetworkManager nameserver 127.0.0.1 The BIND forwarding is made to a public dns do you think that could be the problem? Regards.
Re: ..::Rbl not working::..
On 8/21/12 9:25 AM, Brian Evans - Postfix List wrote: On 8/21/2012 10:03 AM, Alfonso Alejandro Reyes Jiménez wrote: Hi everyone. I've postfix working great but I cant make the rbl works, I have the configuration but when I test the configuration it seems not to be working. I'm testing with http://www.crynwr.com/spam/ Spamhaus has that ip address listed but I'm still getting those emails. As others have noted, you need a caching DNS resolver (named, unbound, etc) and you should use dig or host to test. smtpd_banner = $myhostname Microsoft ESMTP MAIL Service ready No benefit to change this. Lying to computers does nothing. smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_rbl_client zen.spamhaus.org,reject_rhsbl_sender dsn.rfc-ignorant.org,reject_unauth_destination I would recommend putting reject_unauth_destination before RBL checks. This will cut down the number of DNS queries which are limited amounts for the free access. Brian Thanks for the tips, we have bind running on the server forwarded to a public DNS server. We are not lying to computers we are lying to nessus and that kind of software, is part of the systems hardening but thanks for the tip. I will follow your recomendation about the reject_unauth_destination. Any other tip? Regards.
Re: ..::Rbl not working::..
On 8/21/12 9:46 AM, Ralf Hildebrandt wrote: * Alfonso Alejandro Reyes Jiménezare...@ibossmonitor.com: The IP that's testing my mail server is 192.203.178.107, I used the spamhaus lookup tool to confirm that the IP was listed. 192.203.178.107 is indeed listed. $ host 107.178.203.192.zen.spamhaus.org 107.178.203.192.zen.spamhaus.org has address 127.0.0.2 try host 107.178.203.192.zen.spamhaus.org on your box. Aug 21 09:33:58 mail postfix/smtpd[24060]: connect from sbl.crynwr.com[192.203.178.107] Aug 21 09:33:58 mail postfix/smtpd[24060]: AB5455D5: client=sbl.crynwr.com[192.203.178.107] Aug 21 09:33:58 mail postfix/cleanup[24065]: AB5455D5: message-id=1345559...@sbl.crynwr.com Aug 21 09:33:59 mail postfix/smtpd[24060]: disconnect from sbl.crynwr.com[192.203.178.107] Aug 21 09:33:58 mail postfix/smtpd[24060]: AB5455D5: client=sbl.crynwr.com[192.203.178.107] Aug 21 09:33:58 mail postfix/cleanup[24065]: AB5455D5: message-id=1345559...@sbl.crynwr.com Aug 21 09:33:59 mail postfix/qmgr[20868]: AB5455D5: from=, size=393, nrcpt=1 (queue active) Aug 21 09:33:59 mail postfix/local[24067]: AB5455D5: to=are...@domain123.com, relay=local, delay=0.87, delays=0.48/0.01/0/0.38, dsn=2.0.0, status=sent (delivered to maildir) Aug 21 09:33:59 mail postfix/qmgr[20868]: AB5455D5: removed That email was delivered. Regards. Thanks it seems to be an issue with spamhaus, here's the result: [root@mail ~]# host 107.178.203.192.zen.spamhaus.org Host 107.178.203.192.zen.spamhaus.org not found: 3(NXDOMAIN) [root@mail ~]# Any tips that can solve this issue? (I know this is not a bind list, but anyone may had the same issue) Thanks for your help. Regards.
Re: ..::Rbl not working::..
On 8/21/12 9:57 AM, Ralf Hildebrandt wrote: * Alfonso Alejandro Reyes Jiménezare...@ibossmonitor.com: Thanks it seems to be an issue with spamhaus, here's the result: [root@mail ~]# host 107.178.203.192.zen.spamhaus.org Host 107.178.203.192.zen.spamhaus.org not found: 3(NXDOMAIN) [root@mail ~]# Use a proper DNS server (like somebody on this thread already suggested) Thanks as I was telling I have one, but I think the issue is with the forwarding it's been made to a public dns server. Should I change it to a particular one? (ex spamhaus) Regards.
Re: ..::Rbl not working::..
On 8/21/12 10:06 AM, /dev/rob0 wrote: On Tue, Aug 21, 2012 at 09:45:50AM -0500, Alfonso Alejandro Reyes Jiménez wrote: Thanks for the tip but I have bind running and it seems not to be allowed to make queries to spamhaus: [root@mail ~]# dig 2.0.0.127.zen.spamhaus.org any ; DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 2.0.0.127.zen.spamhaus.org any ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 35309 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;2.0.0.127.zen.spamhaus.org.INANY ;; AUTHORITY SECTION: zen.spamhaus.org.6INSOAneed.to.know.only. hostmaster.spamhaus.org. 1208211440 3600 600 432000 150 ;; Query time: 71 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Aug 21 09:44:12 2012 ;; MSG SIZE rcvd: 108 [root@mail ~]# Here's the DNS config part: [root@mail ~]# vi /etc/resolv.conf # Generated by NetworkManager nameserver 127.0.0.1 The BIND forwarding is made to a public dns do you think that could be the problem? rob0 quoted from upthread: If you're using a nameserver external to you, such as Google Public DNS or any ISP's resolver, there is a very good chance that Spamhaus is blocking your queries. If my guess is right, you can possibly fix it by installing and using your own local caching resolver, i.e., BIND named(8) or other implementation of DNS recursion. Offer void where taxed or That was my guess. Now it seems to be confirmed. Remove the forwarders from named.conf(5), ensure that recursion is allowed at least for localhost[1], rndc reload, test again. If the test fails again, you might have to flush the cache. Another rndc(8) subcommand can do that also. We're off topic here. If you need further help with BIND, follow up on the bind-users mailing list at ISC.org. Or, see my URL below; I can fix this for a minimal fee. That did the trick thanks to everyone that tried to help me with my issue. Regards. Alfonso.
Re: ..::Rbl not working::..
On 8/21/12 11:23 AM, Benny Pedersen wrote: Den 2012-08-21 17:02, Alfonso Alejandro Reyes Jiménez skrev: Thanks as I was telling I have one, but I think the issue is with the forwarding it's been made to a public dns server. Should I change it to a particular one? (ex spamhaus) no just remove ALL forwarding ! Thanks now it's working. Regards,
Re: ..::Maildir question::..
On 5/18/12 3:02 PM, Wietse Venema wrote: Alfonso Alejandro Reyes Jimenez: thanks, the configuration is now as you suggest. But I'm having the same issue: May 18 14:45:27 mail postfix/local[5656]: warning: maildir access problem for UID/GID=505/505: create maildir file /home/test/Maildir/tmp/1337370327.P5656.mail.mydomain.com: Permission denied Remove the home_mailbox setting from main.cf if you don't want delivery under the home directory! Wietse That did the trick, thanks. Now it works!!. Thanks.
