..::Maildir question::..
Hi Everyone. I have a question. We have a postfix server, it works great. All the users on that postfix are added without home directory, we need to change the mbox default to maildir in order to have dovecot working with IMAP. We just changed the home_mailbox = Mailbox command to home_mailbox = Maildir/. The problem is that postfix is trying to use the home directory of those users to store the mail directory. The question is: Is there some way to change the mail directory of every user to /var/spool/mail/user/ ?? If so how can we do that? Thanks for your help and have a great day. Regards. Alfonso.
Re: ..::Maildir question::..
I'm sorry you are right, I totally forgot that information. Here it is: [root@mail postfix]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 disable_vrfy_command = yes html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = 524288000 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man masquerade_domains = mydomain.com message_size_limit = 5242880 mydestination = $myhostname, localhost.$mydomain, localhost mydomain = mydomain.com myhostname = mydomain.com mynetworks = 127.0.0.0/8, 10.1.8.27/32, 10.1.8.23/32, 172.16.18.101/32 myorigin = ibossmonitor.com newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_generic_maps = hash:/etc/postfix/generic smtp_host_lookup = native,dns smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_banner = $myhostname Microsoft ESMTP MAIL Service ready (decoy :) ) smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = inet:127.0.0.1:12345 smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_login_maps = pcre:/etc/postfix/sender_login.pcre smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,check_client_access hash:/etc/postfix/client_access smtpd_tls_CAfile = /etc/postfix/cert/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/cert/smtpd.crt smtpd_tls_key_file = /etc/postfix/cert/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 Thanks. On 5/18/12 10:35 AM, Ralf Hildebrandt wrote: * Alfonso Alejandro Reyes Jimenezare...@ibossmonitor.com: Hi Everyone. I have a question. We have a postfix server, it works great. All the users on that postfix are added without home directory, we need to change the mbox default to maildir in order to have dovecot working with IMAP. We just changed the home_mailbox = Mailbox command to home_mailbox = Maildir/. The problem is that postfix is trying to use the home directory of those users to store the mail directory. The question is: Is there some way to change the mail directory of every user to /var/spool/mail/user/ ?? If so how can we do that? Sure, but since you forgot to post postconf -n output it's hard to know how you configured things!
Re: ..::Maildir question::..
Thanks and Sorry for the top posting. here's the log you requested: May 18 10:10:11 mail postfix/local[3912]: 3CB3E819F: to=are...@mydomain.com, relay=local, delay=0.08, delays=0.04/0/0/0.04, dsn=5.2.0, status=bounced (cannot update mailbox /home/areyes/Mailbox for user areyes. unable to create lock file /home/areyes/Mailbox.lock: No such file or directory) It cant create the lock file because there's no /home/areyes. Here's the master.cf [root@mail postfix]# cat master.cf # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: man 5 master). # # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - n - - smtpd #submission inet n - n - - smtpd # -o smtpd_enforce_tls=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #628 inet n - n - - qmqpd pickupfifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgrunix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounceunix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verifyunix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix--n-1scache # # # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # The Cyrus deliver program has changed incompatibly, multiple times. # old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmailunix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient Thanks for your help. Regards. Alfonso. On 5/18/12 12:01 PM, mouss wrote: Le 18/05/2012 18:11, Alfonso Alejandro Reyes Jimenez a écrit : I'm sorry you are right, I totally forgot that information. Please do not top post. google for top posting if this isn't clear. keep reading. [snip] mail_spool_directory = /var/spool/mail
Re: ..::Maildir question::..
# # # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # The Cyrus deliver program has changed incompatibly, multiple times. # old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmailunix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient I'm sorry for the confusion. Regards. Alfonso. On 5/18/12 12:01 PM, mouss wrote: Le 18/05/2012 18:11, Alfonso Alejandro Reyes Jimenez a écrit : I'm sorry you are right, I totally forgot that information. Please do not top post. google for top posting if this isn't clear. keep reading. [snip] mail_spool_directory = /var/spool/mail according to this, mail should be delivered in /var/spool/mail/user, which is not what you see to have. please post logs that show email being delivered. also, post your master.cf to see if it overrides your main.cf configuration. note that if you are delivering your mail using dovecot LDA, then you will need to configure dovecot lda, not postfix. mailbox_size_limit = 524288000 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man masquerade_domains = mydomain.com message_size_limit = 5242880 mydestination = $myhostname, localhost.$mydomain, localhost mydomain = mydomain.com myhostname = mydomain.com mynetworks = 127.0.0.0/8, 10.1.8.27/32, 10.1.8.23/32, 172.16.18.101/32 myorigin = ibossmonitor.com newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_generic_maps = hash:/etc/postfix/generic smtp_host_lookup = native,dns smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_banner = $myhostname Microsoft ESMTP MAIL Service ready (decoy :) ) smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = inet:127.0.0.1:12345 smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_login_maps = pcre:/etc/postfix/sender_login.pcre smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,check_client_access hash:/etc/postfix/client_access smtpd_tls_CAfile = /etc/postfix/cert/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/cert/smtpd.crt smtpd_tls_key_file = /etc/postfix/cert/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 Thanks. On 5/18/12 10:35 AM, Ralf Hildebrandt wrote: * Alfonso Alejandro Reyes Jimenezare...@ibossmonitor.com: Hi Everyone. I have a question. We have a postfix server, it works great. All the users on that postfix are added without home directory, we need to change the mbox default to maildir in order to have dovecot working with IMAP. We just changed the home_mailbox = Mailbox command to home_mailbox = Maildir/. The problem is that postfix is trying to use the home directory of those users to store the mail directory. The question is: Is there some way to change the mail directory of every user to /var/spool/mail/user/ ?? If so how can we do that? Sure, but since you forgot to post postconf -n output it's hard to know how you configured things!
Re: ..::Maildir question::..
thanks, the configuration is now as you suggest. But I'm having the same issue: May 18 14:45:27 mail postfix/local[5656]: warning: maildir access problem for UID/GID=505/505: create maildir file /home/test/Maildir/tmp/1337370327.P5656.mail.mydomain.com: Permission denied May 18 14:45:27 mail postfix/local[5656]: warning: perhaps you need to create the maildirs in advance May 18 14:45:27 mail postfix/local[5656]: 1C10811D5D: to=t...@mydomain.com, orig_to=r...@mydomian.com, relay=local, delay=0.26, delays=0.05/0/0/0.21, dsn=5.2.0, status=bounced (maildir delivery failed: create maildir file /home/test/Maildir/tmp/1337370327.P5656.mail.mydomain.com: Permission denied) May 18 14:45:27 mail postfix/qmgr[5650]: 1C10811D5D: removed I added the line: mail_spool_directory = /var/spool/mail/ and creates as you suggest the directorys: drwxr-xr-x 2 test root 4096 May 18 14:43 test But it seems to keep looking for the home directory, what am I doing wrong?? :( Regards. Alfonso. On 5/18/12 1:06 PM, mouss wrote: Le 18/05/2012 19:25, Alfonso Alejandro Reyes Jimenez a écrit : Mouss. Here's the updated configuration, I didn't attached the correct one. ah. so you have home_mailbox = Maildir/ as http://www.postfix.org/postconf.5.html#home_mailbox says, Optional pathname of a mailbox file relative to a local(8) user's home directory. the user home directory must be exist. but that's not what you want. it seems you want something like mail_spool_directory = /var/spool/maildirs (with a trailing slash), but you must create users directories in advance: mkdir /var/spool/maildirs/joe chown joe /var/spool/maildirs/joe For more infos, see http://www.postfix.org/postconf.5.html#mail_spool_directory http://www.postfix.org/local.8.html alternatively, use dovecot LDA to deliver mail. in this case, you will only need to configure dovecot (and will help reduce the opprtunity of mismatch between postfix and dovecot configurations). http://wiki2.dovecot.org/LDA/Postfix [root@mail postfix]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 disable_vrfy_command = yes home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = 524288000 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man masquerade_domains = mydomain.com message_size_limit = 5242880 mydestination = $myhostname, localhost.$mydomain, localhost mydomain = mydomain.com myhostname = mydomain.com mynetworks = 127.0.0.0/8, 10.1.8.27/32, 10.1.8.23/32, 172.16.18.101/32 myorigin = ibossmonitor.com newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_generic_maps = hash:/etc/postfix/generic smtp_host_lookup = native,dns smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_banner = $myhostname Microsoft ESMTP MAIL Service ready smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = inet:127.0.0.1:12345 smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_login_maps = pcre:/etc/postfix/sender_login.pcre smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,check_client_access hash:/etc/postfix/client_access smtpd_tls_CAfile = /etc/postfix/cert/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/cert/smtpd.crt smtpd_tls_key_file = /etc/postfix/cert/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 We are just using dovecot to get those emails, the delivery is made directly to postfix. Thats why we would like to us maildir on postfix, to make easier the configuration on dovecot. Here's the master.cf configuration: [root@mail postfix]# cat master.cf # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: man 5 master). # # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - n - - smtpd #submission inet n - n - - smtpd # -o smtpd_enforce_tls
Re: Mail stuck (Connection Timed-Out)
Hi it seems to be a layer 3 issue, according to the description I will check any firewall or router at the perimeters end. Have you checked that? Have you tried tcpdump to check if those packets are leaving the box? Thats just a thought, I hope it helps. Regards. Saludos Ing. Alfonso Alejandro Reyes Jimenez Coordinador de Seguridad - SASI E-mail: aare...@scitum.com.mx Telefono: 91507489 Movil: (044) 55 85 81 04 62 De: Gonzo Fernandez [mailto:go...@usaepay.com] Enviado: Monday, January 30, 2012 06:46 PM Para: postfix users postfix-users@postfix.org Asunto: Re: Mail stuck (Connection Timed-Out) Thank you Noel. Our server sends out copies of email confirmations to our clients and if the client decides to make a large order they end up pushing our volume up and we end up getting blocked by their mail server. I seem to be getting connection timed out on a lot of the hosts. I even try to telnet to ip and port 25 but it keeps timing out. I used grep to search in /var/log/maillog and I got this. Any ideas? [root@mx-server ~]# cat /var/log/maillog | grep B0847E8491 Jan 30 08:44:38 mx-server postfix/cleanup[24478]: B0847E8491: message-id=20120130164438.B0847E8491@mxser...@example.com Jan 30 08:44:38 mx-server postfix/qmgr[16186]: B0847E8491: from=, size=3456, nrcpt=1 (queue active) Jan 30 08:44:38 mx-server postfix/bounce[24473]: 2604BE84D6: sender non-delivery notification: B0847E8491 Jan 30 08:45:01 mx-server postfix/smtp[24278]: B0847E8491: to=m...@example.com, relay=none, delay=23, delays=0.03/0/23/0, dsn=4.4.1, status=deferred (connect to example.com[1.2.3.4]: Connection timed out) Jan 30 09:08:09 mx-server postfix/qmgr[16186]: B0847E8491: from=, size=3456, nrcpt=1 (queue active) Jan 30 09:08:32 mx-server postfix/smtp[24522]: B0847E8491: to=m...@example.com, relay=none, delay=1434, delays=1411/0/23/0, dsn=4.4.1, status=deferred (connect to example.com[1.2.3.4]: Connection timed out) Jan 30 09:41:31 mx-server postfix/qmgr[16186]: B0847E8491: from=, size=3456, nrcpt=1 (queue active) Jan 30 09:41:52 mx-server postfix/smtp[24793]: B0847E8491: to=m...@example.com, relay=none, delay=3434, delays=3412/0.1/21/0, dsn=4.4.1, status=deferred (connect to example.com[1.2.3.4]: Connection timed out) Jan 30 10:48:09 mx-server postfix/qmgr[16186]: B0847E8491: from=, size=3456, nrcpt=1 (queue active) Jan 30 10:48:15 mx-server postfix/smtp[25097]: B0847E8491: to=m...@example.com, relay=none, delay=7417, delays=7411/0.06/5.9/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=example.com type=A: Host not found, try again) Jan 30 12:11:30 mx-server postfix/qmgr[16186]: B0847E8491: from=, size=3456, nrcpt=1 (queue active) Jan 30 12:11:53 mx-server postfix/smtp[25539]: B0847E8491: to=m...@example.com, relay=none, delay=12435, delays=12411/0.05/23/0, dsn=4.4.1, status=deferred (connect to example.com[1.2.3.4]: Connection timed out) Jan 30 13:22:45 mx-server postfix/qmgr[26236]: B0847E8491: from=, size=3456, nrcpt=1 (queue active) Jan 30 13:23:12 mx-server postfix/smtp[26261]: B0847E8491: to=m...@example.com, relay=none, delay=16713, delays=16687/0.56/26/0, dsn=4.4.1, status=deferred (connect to example.com[1.2.3.4]: Connection timed out) Jan 30 13:53:27 mx-server postfix/qmgr[26443]: B0847E8491: from=, size=3456, nrcpt=1 (queue active) Jan 30 13:53:55 mx-server postfix/smtp[26593]: B0847E8491: to=m...@example.com, relay=none, delay=18556, delays=18529/6.5/21/0, dsn=4.4.1, status=deferred (connect to example.com[1.2.3.4]: Connection timed out) Jan 30 15:14:54 mx-server postfix/qmgr[27600]: B0847E8491: from=, size=3456, nrcpt=1 (queue active) Jan 30 15:15:21 mx-server postfix/smtp[27790]: B0847E8491: to=m...@example.com, relay=none, delay=23443, delays=23416/5.9/21/0, dsn=4.4.1, status=deferred (connect to example.com[1.2.3.4]: Connection timed out) [root@mx-server ~]# telnet 1.2.3.4 25 Trying 1.2.3.4... telnet: connect to address 1.2.3.4: Connection timed out telnet: Unable to connect to remote host: Connection timed out Gonzo Fernandez On Jan 30, 2012, at 3:36 PM, Noel Jones wrote: On 1/30/2012 5:07 PM, Gonzo Fernandez wrote: Hi All, My relay servers have mail being received but unable to send. When I type mailq I see: Delivery temporarily suspended….Connection timed out. I also noticed this line: Tarpitting active for [1.2.3.4) I restarted postfix, flushed mailq and still everything is stuck. Now the mail is building up and I don't know what else to do. I'm still continuing to work on it but I figure I might as well ask the postfix team members. Can anyone help me figure this thing out please
Re: Need help setting up Postfix
Check dyndns it helps with mx records, its not free but is the cheapest solution that I know. Its about 1 usd or something like that. Then you set up you domain which is a subdomain of their own (yourdomain.dyndns.com or something) and it changes everytime your ip does. You just need to install a client. I hope this helps. Happy holidays. Saludos Ing. Alfonso Alejandro Reyes Jimenez Coordinador de Seguridad - SASI E-mail: aare...@scitum.com.mx Telefono: 91507489 Movil: (044) 55 85 81 04 62 De: . [mailto:pe...@aleksandrsolzhenitsyn.net] Enviado: Friday, December 23, 2011 10:24 PM Para: postfix-users@postfix.org postfix-users@postfix.org Asunto: Re: Need help setting up Postfix On 12/23/2011 11:22 PM, Mauricio Tavares wrote: On Fri, Dec 23, 2011 at 10:43 PM, . pe...@aleksandrsolzhenitsyn.net mailto:pe...@aleksandrsolzhenitsyn.net wrote: I'm very new at mail server stuff and not too technical in experiencebut can follow well written instructions. The first difficulty I had after installation of Postfix was about the Static IP address problem. My IP address isn't static and I don't want to pay for one either. Can Dynamic IP addresses be used with Postfix? NoIP.com mentions some sort of stuff about it. It's all about mx records. Your certs resolve to fqdn. What does that mean? Can I get and send mail using a dynamic IP address and my own domain name? MX Record stuff- how do I configure it for a dynamic IP address. Some companies can make your mx record follow the ip. So how do I configure it? Any ideas?
Re: Need help setting up Postfix
As far as I know and may be Im wrong the mail server looks for the mx record, if it doesnt find one it looks for the A record. You just need to enable the dyndns pro (its the cheap one). You may try with just the A record dont pay anything just set it up and test it, you have nothing to loose right? Saludos Ing. Alfonso Alejandro Reyes Jimenez Coordinador de Seguridad - SASI E-mail: aare...@scitum.com.mx Telefono: 91507489 Movil: (044) 55 85 81 04 62 De: . [mailto:pe...@aleksandrsolzhenitsyn.net] Enviado: Friday, December 23, 2011 10:34 PM Para: postfix-users@postfix.org postfix-users@postfix.org Asunto: Re: Need help setting up Postfix On 12/23/2011 11:28 PM, Alfonso Alejandro Reyes Jimenez wrote: Check dyndns it helps with mx records, its not free but is the cheapest solution that I know. Its about 1 usd or something like that. The only one I saw was $30 Then you set up you domain which is a subdomain of their own (yourdomain.dyndns.com or something) and it changes everytime your ip does. You just need to install a client. I hope this helps. Happy holidays. Saludos Ing. Alfonso Alejandro Reyes Jimenez Coordinador de Seguridad - SASI E-mail: aare...@scitum.com.mx Telefono: 91507489 Movil: (044) 55 85 81 04 62 De: . [mailto:pe...@aleksandrsolzhenitsyn.net] Enviado: Friday, December 23, 2011 10:24 PM Para: postfix-users@postfix.org postfix-users@postfix.org mailto:postfix-users@postfix.org Asunto: Re: Need help setting up Postfix On 12/23/2011 11:22 PM, Mauricio Tavares wrote: On Fri, Dec 23, 2011 at 10:43 PM, . pe...@aleksandrsolzhenitsyn.net mailto:pe...@aleksandrsolzhenitsyn.net wrote: I'm very new at mail server stuff and not too technical in experiencebut can follow well written instructions. The first difficulty I had after installation of Postfix was about the Static IP address problem. My IP address isn't static and I don't want to pay for one either. Can Dynamic IP addresses be used with Postfix? NoIP.com mentions some sort of stuff about it. It's all about mx records. Your certs resolve to fqdn. What does that mean? Can I get and send mail using a dynamic IP address and my own domain name? MX Record stuff- how do I configure it for a dynamic IP address. Some companies can make your mx record follow the ip. So how do I configure it? Any ideas?
Re: Possibility to store all incoming mail (pre-content_filter)
What about tcpdump capture?, then you can reasemble te tcp stream and see whats going on. You can save the capture to a file, then with wireshark you can reasemble the tcpstream looking to those emails like in postfix. You can capture traffic before your mta gets it. Regards. Saludos Ing. Alfonso Alejandro Reyes Jimenez Coordinador de Seguridad - SASI E-mail: aare...@scitum.com.mx Telefono: 91507489 Movil: (044) 55 85 81 04 62 - Mensaje original - De: Michael Weissenbacher [mailto:m...@dermichi.com] Enviado: Thursday, December 15, 2011 11:14 AM Para: Postfix users postfix-users@postfix.org Asunto: Re: Possibility to store all incoming mail (pre-content_filter) Original Message Subject: Re: Possibility to store all incoming mail (pre-content_filter) From: Mark Goodge m...@good-stuff.co.uk To: postfix-users@postfix.org Date: Thu Dec 15 2011 18:04:06 GMT+0100 (CET) On 15/12/2011 16:58, Michael Weissenbacher wrote: schrieb Mark Goodge: On 15/12/2011 16:24, Michael Weissenbacher wrote: Hi! You can do this with recpients_bcc_maps Well, as far as i know this just adds a bcc address to the message and as a result the mail would still pass through amavis and through the smarthost before leaving the system, thus it would get altered (and destroyed if i hit the bug). Set up a user on the local system, and bcc to that. That way it won't go out through the smarthost. Hm, but this still won't bypass amavis which i call with content_filter = smtp-amavis:[127.0.0.1]:10024 It's unlikely that amavis is your problem. And if it is, you can diagnose that simply by turning amavis off temporarily to see if that makes the problem go away. Yeah, unlikely but possible. In fact the mail passes through 2 filters before being returned to postfix: postfix:25 - amavis:10024 - apache-james:10025 - postfix:10026 - smarthost All i can tell is that some mails (like 1 out of 2) get corrupted in the process and end up being unusable. I cannot disable amavis completely as spam hell would break lose. I cannot disable apache-james because it contains some custom filters. The most likely culprit here is apache-james because it contains some custom code. But if i disable it i cannot tell which mails would have triggered the bug and which ones didn't. That's why i want to store mails at postfix:25 before they get altered. cheers, Michael
RE: CISCO breaks DKIM on their ASA/PIX (again)
As far as I know it just limit the commands that you can send to the mail server, you just have to be sure if you are using ESMTP or SMTP. Here's the link explaining how it works. All the customers of our company uses that inspect, the common issue is with proofpoint. Every other MTA is accepted without issues. Just a thought. This is the TAC's point of view. the inspect SMTP could drop those emails that carry unsupported commands such as ATRN, ONEX, VERB, CHUNKING You may verify this if you run captures on the outside and inside interface of the ASA. “” The inspect esmtp command includes the functionality previously provided by the fixup smtp command, and provides additional support for some extended SMTP commands. Extended SMTP application inspection adds support for these extended SMTP commands, including AUTH, EHLO, ETRN, HELP, SAML, SEND, SOML, STARTLS, and VRFY. Along with the support for seven RFC 821 commands (DATA, HELO, MAIL, NOOP, QUIT, RCPT, RSET), the adaptive security appliance supports a total of fifteen SMTP commands. Other extended SMTP commands, such as ATRN, ONEX, VERB, CHUNKING, and private extensions and are not supported. Unsupported commands are translated into Xs, which are rejected by the internal server. This results in a message such as 500 Command unknown: 'XXX'. Incomplete commands are discarded. “” Here is the documentation that talks about it http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/i2.html#wp1742723 Saludos. Ing. Alfonso Alejandro Reyes Jiménez Coordinador de Seguridad - SASI E-mail: aare...@scitum.com.mx Telefono: 91 50 74 89 Movil: (044) 55 85 81 04 62 -Mensaje original- De: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] En nombre de Jeroen Geilman Enviado el: viernes, 09 de diciembre de 2011 01:02 p.m. Para: postfix-users@postfix.org Asunto: Re: CISCO breaks DKIM on their ASA/PIX (again) On 2011-12-09 19:57, Ralf Hildebrandt wrote: * Jeroen Geilmanjer...@adaptr.nl: On 2011-12-08 09:53, Ralf Hildebrandt wrote: Over the last few days I discussed SMTP delivery problems with a czech site which was using Postfix and a CISCO ASA with smtp protocol fixup enabled. smtp fixup is evil and should have died out years ago. No shit, sherlock :) I am in no way implying that you did anything wrong! It's just that I cringe every time I see this enabled and when I ask after it the answer is usually a variant on oh it's a security option offered by a Cisco firewall, of course we enable it! Why not? Cisco themselves are mostly to blame for this by not disabling it by default - unless they do so by now, I haven't kept up... -- J.
..::Troubleshooting Advice::..
Hi list. We are going to work with an old postfix (I mean old because this postfix was installed and administered by another person), It works with LDAP. I don't have any experience working with LDAP authentication. I was wondering if you can give me some advices for troubleshooting, any advice will be appreciated. Thanks in advance. Regards. Alfonso.
RE: ..::Troubleshooting Advice::..
Thanks, Actually there's no problem right now I'm just looking for some advices about the troubleshooting. Something like any other users thinks could be a good start. Thanks for the links I will check them out. Alfonso. -Mensaje original- De: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] En nombre de Sahil Tandon Enviado el: miércoles, 08 de junio de 2011 07:46 p.m. Para: postfix-users@postfix.org Asunto: Re: ..::Troubleshooting Advice::.. On Wed, 2011-06-08 at 19:40:13 -0500, Alfonso Alejandro Reyes Jimenez wrote: We are going to work with an old postfix (I mean old because this postfix was installed and administered by another person), It works with LDAP. I don't have any experience working with LDAP authentication. I was wondering if you can give me some advices for troubleshooting, any advice will be appreciated. Your question is too general to be answered with specificity. Please describe an *actual* problem. Before responding, carefully consult the DEBUG_README, a document to which you were introduced upon joining this mailing list: http://www.postfix.org/DEBUG_README.html#mail For general information about LDAP support in Postfix: http://www.postfix.org/LDAP_README.html http://www.postfix.org/ldap_table.5.html -- Sahil Tandon sa...@freebsd.org
RE: ..::Troubleshooting Advice::..
Great advice thanks, I will follow your recommendations. Regards. Alfonso. -Mensaje original- De: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] En nombre de Noel Jones Enviado el: miércoles, 08 de junio de 2011 08:36 p.m. Para: postfix-users@postfix.org Asunto: Re: ..::Troubleshooting Advice::.. On 6/8/2011 7:55 PM, Alfonso Alejandro Reyes Jimenez wrote: Thanks, Actually there's no problem right now I'm just looking for some advices about the troubleshooting. Something like any other users thinks could be a good start. Thanks for the links I will check them out. Alfonso. If your question is more how can I prepare for future possible problems? my advice would be: - become familiar with postfix in general. The official documentation should be trusted before any outside sources. http://www.postfix.org/documentation.html - become familiar with reading the postfix logs. Most of the log entries are self-explanatory; search the postfix-users list archives or ask here if there's something you don't understand. Knowing what normal logs look like will help isolating a problem later. http://www.postfix.org/DEBUG_README.html#logging - become familiar with your systems config. In particular, postconf will display all postfix's current settings (the vast majority of which should be at their default value), and postconf -n will display setting explicitly set in your main.cf. Find out what the settings you're using are supposed to do. http://www.postfix.org/postconf.1.html http://www.postfix.org/postconf.5.html - become familiar with LDAP. That's really outside the scope of postfix, but since your system is using it, you should have some idea of how it's supposed to work. - If you're a book person, The Book of Postfix by Ralf Hildebrandt and Patrick Koetter is excellent, although it's getting a little dated (an unavoidable problem of books covering evolving software). http://www.postfix-book.com or your favorite bookstore. -- Noel Jones
..::Smtp Attacks::..
Hi everyone. I'm sending this email because I'm looking for a reference regarding smtp attacks, this is because I'm working to create some smtp signatures for the snort solution. It's not directly with snort, I'm willing to contribute with the bleeding snort proyect. I can't find any information regarding the smtp attacks only the relay test and that kind of stuff. The question is: Is there any book related with smtp attacks, exploits or any other type of attack related with the smtp protocol? I will highly appreciated any recomendation, this signatures will help us everyone. Thanks in advance. Alfonso.
RE: info about a Sendmail configuration
I just checked and here's the solution. http://www.linuxquestions.org/questions/linux-networking-3/need-sendmail-guru-149821/#post778024 It was a google's answer. :) good luck. ALFONSO. -Mensaje original- De: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] En nombre de Stefano Villa Enviado el: miércoles, 02 de marzo de 2011 01:42 p.m. Para: postfix users Asunto: info about a Sendmail configuration Hi to all! Sorry for my question about Sendmail and not Postfix.. but I'm in trouble! Here the question. I've a Red Hat server (hostA.domain1.dom) that should send mail trough an Exchange server (hostB.domain2.dom) to a destination address. The Exchange rejects the message because it does not recognize my domain (*.domain1.dom) What should I do in the sendmail.cf to permit the change of from field from *.domain1.dom to *.domain2.dom? p.s.: I cannot modify the Exchange configuration to add domain1.dom to known domains.. Thanks in advance! -- Stefano Villa
RE: mysql GPL/postfix IPL incompatibility
Don't be surprised if the ask this list, They have never helped me with my postfix issues. Saludos. Ing. Alfonso Alejandro Reyes Jiménez Analista del sector Gobierno E-mail: aare...@scitum.com.mx Telefono: 91 50 74 00 ext. 7489 Movil: (044) 55 52 98 34 82 -Mensaje original- De: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] En nombre de Quanah Gibson-Mount Enviado el: lunes, 28 de febrero de 2011 04:57 p.m. Para: mouss+nob...@netoyen.net; postfix-users@postfix.org Asunto: Re: mysql GPL/postfix IPL incompatibility --On Monday, February 28, 2011 11:53 PM +0100 mouss mo...@ml.netoyen.net wrote: Certainly allowing postfix to be linked against the MySQL libraries without engendering a license violation is a significant positive. Postfix is highly used among various linux distributions (Debian, Ubuntu, SuSE, RedHat all come to mind), but with the exception of Redhat, none of them link postfix against the MySQL libraries by default. could you get any info on how RH are solving the problem (if there is a problem)? I can't believe they could get this wrong. I'm rather curious about that myself. I have a contact at RH I intend to ask that very question of. ;) --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. Zimbra :: the leader in open source messaging and collaboration
RE: ..::Spoofing Issues::..
Thanks for your help, right now we use sasl auth and Works very good. If the setup for example a gmail account and the change the gmail address for some user on the postfix domain, postfix delivers that email. I don't want to accept emails from our domain in our server if they don't belong to my networks or they are authenticated. For example if you setup you outlook to send an email from u...@domain.com using gmail as smtp relay, I want my postfix to drop that email because it is coming from other smtp server. I hope this example helps. Saludos. Ing. Alfonso Alejandro Reyes Jiménez Analista del sector Gobierno E-mail: aare...@scitum.com.mx mailto:aare...@scitum.com.mx Telefono: 91 50 74 00 ext. 7489 Movil: (044) 55 52 98 34 82 La información contenida en el presente correo es confidencial y para uso exclusivo de la persona o institución a que se refiere. Si usted no es el receptor deliberado es ilegal cualquier distribución, divulgación, reproducción, completa o parcial, aprovechamiento, uso o cualquier otra acción relativa a ella. Por favor notifique al emisor e inmediatamente bórrela de forma permanente de cualquier computadora en la que resida y en caso de existir, destruya cualquier copia impresa. De: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] En nombre de mouss Enviado el: lunes, 04 de octubre de 2010 03:48 p.m. Para: postfix-users@postfix.org Asunto: Re: ..::Spoofing Issues::.. Le 04/10/2010 21:37, Alfonso Alejandro Reyes Jimenez a écrit : Hi, everyone. I have an issue with some users that are spoofing our mail server, rightnow we can restrict the spoofing on the same server. But if they use another smtp server pretending that they are on our domain the can send those emails. That's a FEATURE in smtp... I use to work with websense which can be configured to get only mails from the users and ip address that belong to the domain, is there some way to tell postfix that he owns the domain mycompany.com and it reject everything that pretend to be the same domain? Or any other idea to prevent the outside spoofing? you can certainly do smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destinaion check_sender_access hash:/etc/postfix/access_sender == access_sender: mydomain.exampleREJECT blah blah .mydomain.exampleREJECT blah blah image001.jpg