Mail looping with transport maps and virtual alias maps
I have a few requirements which seem to be opposed to each other, as what I'm currently doing is causing a mail loop and bounce. Here's what I'm trying to accomplish: 1) This server is a standalone server sending outgoing mail, it is not receiving anything other than locally posted messages 2) Messages need to come from "mydomain.com" (myorigin = $mydomain) 3) Messages sent to local 'root' account must be forwarded to a different account @mydomain.com 4) Delivery to all but a few domains is not allowed, and must be discarded For #2 I'm using the already mentioned myorigin = $mydomain. This works as expected, but $mydomain is not listed in mydestination, so for #3 I am using the method mentioned here: http://www.postfix.org/STANDARD_CONFIGURATION_README.html#some_local (virtual_alias_maps) to deliver the root mail locally, and allowing the rest to go off to our main mail server. For #4, I am using transport_maps (which was suggested in this thread http://archives.neohapsis.com/archives/postfix/2008-07/0875.html), and my transport file contains the following: mydomain.comsmtp *.mydomain.comsmtp * discard The problem I am seeing is that when I send a message to root using the local command "mail root", the domain gets added (as expected), then the virtual alias changes the to address to r...@localhost.mydomain.com, but then it is bounced because of looping. I've reached the edge of my current postfix knowledge, and would appreciate any input or suggestions. Relevant information: Server is running CentOS 5.2 Linux rpm -q postfix: postfix-2.3.3-2.1.el5_2 - postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 html_directory = no inet_interfaces = localhost mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual /etc/aliases root:ad...@mydomain.com /etc/postfix/transport: mydomain.comsmtp *.mydomain.comsmtp * discard /etc/postfix/virtual: rootr...@localhost maillog: postfix/pickup[5241]: AAB102019B: uid=0 from= postfix/pickup[5241]: AAB102019B: uid=0 from= postfix/cleanup[5248]: AAB102019B: message-id=<20090211213405.aab1020...@server.mydomain.com> postfix/cleanup[5248]: AAB102019B: message-id=<20090211213405.aab1020...@server.mydomain.com> postfix/qmgr[5242]: AAB102019B: from=, size=307, nrcpt=1 (queue active) postfix/qmgr[5242]: AAB102019B: from=, size=307, nrcpt=1 (queue active) postfix/smtp[5250]: AAB102019B: to=, orig_to=, relay=none, delay=0.09, delays=0.01/0/0.07/0, dsn=5.4.6, status=bounced (mail for localhost.mydomain.com loops back to myself) postfix/cleanup[5248]: BF9BF2019C: message-id=<20090211213405.bf9bf20...@server.mydomain.com> postfix/bounce[5251]: AAB102019B: sender non-delivery notification: BF9BF2019C postfix/qmgr[5242]: BF9BF2019C: from=<>, size=2174, nrcpt=1 (queue active) postfix/qmgr[5242]: AAB102019B: removed postfix/smtp[5250]: AAB102019B: to=, orig_to=, relay=none, delay=0.09, delays=0.01/0/0.07/0, dsn=5.4.6, status=bounced (mail for localhost.mydomain.com loops back to myself) postfix/cleanup[5248]: BF9BF2019C: message-id=<20090211213405.bf9bf20...@server.mydomain.com> postfix/bounce[5251]: AAB102019B: sender non-delivery notification: BF9BF2019C postfix/qmgr[5242]: BF9BF2019C: from=<>, size=2174, nrcpt=1 (queue active) postfix/qmgr[5242]: AAB102019B: removed postfix/smtp[5250]: BF9BF2019C: to=, orig_to=, relay=none, delay=0, delays=0/0/0/0, dsn=5.4.6, status=bounced (mail for localhost.mydomain.com loops back to myself) postfix/qmgr[5242]: BF9BF2019C: removed postfix/smtp[5250]: BF9BF2019C: to=, orig_to=, relay=none, delay=0, delays=0/0/0/0, dsn=5.4.6, status=bounced (mail for localhost.mydomain.com loops back to myself) postfix/qmgr[5242]: BF9BF2019C: removed PS. Please forgive that I have changed the server name and domain.
Re: Emptying SPAM account
On Wed, Oct 14, 2009 at 4:31 PM, Dan Schaefer wrote: > Bob Cohen wrote: >> >> I have set up SpamAssissin with an account to collect rejected emails. Is >> there a way to periodically empty the mail queue for that account with a >> cron job or some other such method that does not require human intervention > > What is the purpose to collect the rejected mail if you are going to have an > automated process to delete them? > > -- > Dan Schaefer That's pretty obvious... to maintain a cache in case anyone is looking for a message in the past X number of days, and then assume that if no one missed it in X days, delete it. As for the original question, it sounds like you need to be looking at things that interact with the mailstore, not queues. Once the message is delivered, postfix does not handle it anymore. You also have some terminology mixed up, as what you are calling a "mail queue" is not what postfix calls a mail queue. You just happen to be using a mailbox as a mail "queue", which is not the same as a postfix mail queue. As far as software to actually do that, I'm not sure. Maybe if you have mail setup through IMAP you could use sieve. Not sure if procmail could do it. You're probably looking at a custom script.
Re: Configuring Two Postfix mail servers behind HA Proxy load balancer.
On Fri, Nov 27, 2009 at 2:51 AM, Manoj Burande wrote: > Hello All, > > I am trying to setup a Postfix Mail Server on Fedora10. I am trying > to learn the basic process of setting up and manage a Postfix Mail > Server. Also trying to build a High-Available Postfix Mail Server > set. I have already configured HA Proxy load balancer servers. I just > wanted to place my two postfix mail server behind it. > > Is there ANYBODY help me to accomplish the same. Or please provide me > online stuff to set up mail servers behind load balancer. > > -- > Manoj M. Burande, > Artificial Machines Pvt Ltd, > System Administrator. I'm sure others can help with the HA setup, but I must say that you should not be building a server (especially an HA one!) based on any Fedora distro. Fedora is Redhat's testbed where they use very beta software and is also mainly targeted for dekstop users. It is absolutely inappropriate for a server setup. Please look at CentOS for a server-grade Linux distro that is Redhat-based and suitable for running a server on.
Re: OT: need some advice as to distro
On Tue, Dec 1, 2009 at 9:39 AM, John Peach wrote: > On Tue, 01 Dec 2009 16:30:36 +0200 > Eero Volotinen wrote: >> > Centos 5.4 - while it looks like a good choice, there has been some >> > political infighting going on recently which makes us a little >> > nervous about its future. In addition we have found that a number >> > of the core packages we wish to use are out of date (postfix, >> > dovecot, amavisd-new among them). >> >> Centos 5.x is my selection. You can also use packages from epel and >> dag's rpm repositories. > > It suffers from Red Hat's liking for sendmail. The postfix package is > aeons old. I would go with Ubuntu (probably 9.04 which is a long-term > support version). > > -- > John > The age of a package only matters if you absolutely need a feature that's included in the newer version. All of the security fix are backported. If you do really need the newer versions, you can get RPMs from third party repositories.
Re: OT: need some advice as to distro
On Tue, Dec 1, 2009 at 4:15 PM, Joe wrote: > Stan Hoeppner wrote: >> I've been a >> Debian (non-GUI) user for almost 10 years. I've never touched Ubuntu, >> or any other distro. Debian has always come through for my server >> needs, so I've never considered anything else. Convince me why I should >> switch my Postfix server environment from Debian to Ubuntu. I'm curious >> to see how compelling your argument is. >> > > If you're happy with debian then there's no point - but let's turn the > question around: Convince me why I should switch from ubuntu to debian. > Let's see what arguments you have. > > Joe How about you both realize that neither of you has enough information to make an objective decision, and that any kind of "arguments" you can come up with has more to do with what you're familiar with than anything else, and continuing the discussion along these lines only amounts to a holy war and nothing else. As for the original question, it all comes down to what you are comfortable with. The 2 main runners here are CentOS and Ubuntu. I've heard good things about Ubuntu but haven't tried it much. I use CentOS for all of my servers, and the main reason is that it's based on Redhat, and Redhat is the main Linux distro that all the big companies support. I'm not saying that they don't also support other distros, just that Redhat is usually first on the list. The yum package manager works quite well, and the days are long gone when there were dependency issues with rpms. I have very strong feelings against installing things from source, unless they are first built into a package. You want to be spending your time running the server and doing other things, not patting yourself on the back because you compiled all of your own packages.
Re: Email service providers
On Wed, Dec 30, 2009 at 1:43 PM, Port Able wrote: > I am currently consulting for a small retailer. They have been using an > online email service provider for the past few years to blast personalized > emails to their customers (opt-in, and 100-200 thousand emails at a time). > They have asked me to see if we can install an email server in house to > accomplish the same thing and eliminate the monthly costs. I am fairly > familiar with Linux/Unix and with databases (mysql and postgresql). I have > not done anything with Sendmail or Postfix but feel comfortable following > the documentation. I have also ordered the two books that I could find on > Postfix. > > My questions are: has anyone used Postfix for this purpose? Do the online > ESP's develop their own email servers? Do any of them use Sendmail, Postfix > or qmail? > > Thanks in advance for any information or links. I've not used mailmain or ezmlm for this purpose, but so called "mailing list software" that's available as open source is often meant to be used for having discussions with numerous people through email. Using systems like that as a bulk mailer is generally a really bad idea and requires a lot of intricate configuration to ensure no one can reply to the whole list, etc... To accomplish this in my company, I setup postfix as the mail relay server, and use GroupMail 5 (http://www.group-mail.com/asp/common/default.asp) [1] as the sending client. Groupmail manages the lists and provides a nice "Windows" front-end for whoever is doing the sending. GroupMail isn't free, but we've been using the Personal Edition and it has enough features to meet our needs. One of the biggest issues you're going to run into is that your IPs might get labeled as a spammer, even though this is opt-in. Dealing with that can be a big headache and is generally what you pay the monthly fee for. Sending legitimate bulk email is not a simple matter of hitting "Send" -- you also need to deal with the multiple issues that come up when doing it. This is the value that the other company brings to the table. [1] I have no affiliation with GroupMail 5.
Re: Convert "_" to "+" on inbound addresses
On Sat, Jan 16, 2010 at 11:06 AM, Charles Boling
wrote:
> I've been a postfix user for nearly 10 years, but in many ways I'm still
> quite the newbie. That's the problem with Postfix being such a solid
> MTA: I don't mess with it much. :-)
>
> For a good chunk of that time, I have wrestled on and off with this
> problem off and on, playing with it for a bit, giving up, then returning
> to it a year or two later. After all this time, I've finally gotten
> smart enough to specifically ask for help!
>
> I love "+" addressing, the ability to append ad-hoc suffixes to an email
> address (like the one used to post to this list). The problem is, a lot
> of web sites don't. They tend to take the lazy route to preventing SQL
> injection attacks, and reject any address with a "+" in it.
>
> To address that issue, I would like to be able to use another character
> ("_" or ".") that is commonly accepted as part of email addresses, instead.
>
> When an email comes into Postfix (v2.2 currently), I would like it to
> search for, e.g. "_" in the recipient address, and replace it with "+".
> This, of course, needs to happen before it does recipient checking.
> The validated message is eventually passed on to the MDA (Cyrus, in my
> case) with the "+" in it.
>
> How might be the best way to accomplish this?
>
You might want to look at the recipient_delimiter configuration
directive, which you can use to change the delimiter. It doesn't
search and replace like what you are specifically looking for, but it
might solve your problem.
Re: Should I update Postfix?
On Tue, Mar 23, 2010 at 1:50 PM, Kaleb Hosie wrote: > I am running CentOS 5.4 and the latest version of Postfix it has on the > repository is version 2.3.3. After looking at the Postfix site I found out > that that version is no longer updated. > > Is it worth downloading the source code for the latest stable version and > manually compile and install it? Or is it worth sticking with the version the > repository has? Thanks > > Kaleb If you need a feature in the newer versions, then you'll have to upgrade somehow. You should always try to find a source for RPMs instead of building from source. However, if you do not need new features and are just worried about security fixes, please read http://www.redhat.com/security/updates/backporting/?sc_cid=3093 which explains how Redhat (and CentOS) handle security fixes. In short, they backport all security fixes into the version that is installed in a supported CentOS version. In other words, there is no need to upgrade unless you need features. This is how all packages work in an Enterprise-level OS like RHEL/CentOS.
Minor bug in web site documentation
On the page http://www.postfix.org/SMTPD_ACCESS_README.html this statement is made beneath the examples: ...the last example above allows mail from local networks but otherwise... It should say: ...the first example above allows mail from local networks but otherwise... That's a change from "last" to "first"
policy server and smtpd_recipient_restrictions on a relay
I'm running a relay server for my internal network, and trying to construct a smtpd_recipient_restrictions list that will accomplish the following: - if the client is in mynetworks - and it passes a check_policy_service test - then allow the message - otherwise, reject the message However, with the following setting: smtpd_recipient_restrictions = permit_mynetworks, check_policy_service unix:private/mypolicy, reject_unauth_destination it seems that the permit_mynetworks finds the allowed client, returns a "permit", and the check does not progress any further. It works as expected if I remove permit_mynetworks, but I was hoping to filter out IP addresses before calling the policy script, which seems more efficient. Is there a way to accomplish what I am looking to do? PS. I'm also a bit concerned with the warnings about: specify check_policy_service AFTER reject_unauth_destination or else your system can become an open relay. but if I put the policy check after reject_unauth_destination, the policy never gets called. --- postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = 192.168.1.0/24 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_mynetworks, check_policy_service unix:private/mypolicy, reject_unauth_destination unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual
Implication of policy_time_limit
What is the effect of the policy_time_limit parameter on an smtpd policy process? In the readme I see the mentions that the default 100 sec is "too short for a policy daemon that may run for as long as an SMTP client is connected to an SMTP server process". What does that mean and what are the implications? My guess is that after 100s, the subprocess will be killed if it's in use or not, and then what happens to the connecting client? Also, if a new client connects and the subprocess has shut down, will smtpd start a new subprocess, or does that need to wait until a new smtpd starts up? P.S. The SMTPD_POLICY_README.html file says the default is 1000 seconds, but the spawn(8) page says 100 seconds.
Re: Daily outbound message counts?
Look into log analysis tools like pflogsumm. On Sun, Jun 28, 2009 at 4:27 PM, Ville Walveranta wrote: > I would like to have a daily report of the total number of email > messages sent out through a Postfix installation (all users, all > domains combined). What would be the easiest way to "increment a > counter" every time a mail goes out? > > I would mostly use the daily count as an alarm of possible abuse, i.e. > to let me know if a user is pushing out, for example, thousands of > messages per day which could be in violation of the data center's mass > mail policy. > > Thanks, > > Ville >
Re: OT: ethics
In general this is a bad idea and you should stop doing it immediately. In the best case it would be seen by the other side as an attack on them from you. In the worst case they might retaliate even more against you with some other kind of attack. Considering that over 80% of spam is now sent by botnets (http://arstechnica.com/security/news/2009/06/report-botnets-send-over-80-of-all-spam-in-june.ars), you'd be scanning infected machines and not learning anything about anyone other than a home user's ISP, and risking that ISP from reporting YOU as an attacker to your ISP. The best thing you could do (and even this will have marginal success) is to report the IP to the ISP that owns the address you received the spam from. They might be able to take that system offline. Otherwise, just block the suckers and move on. You probably have better things to do with your time. On Wed, Jul 1, 2009 at 3:37 PM, ghe wrote: > Wietse says something like "Spam is war -- RFCs don't apply." OK, but how > about nmap ethics? > > I've started hitting spam IPs and their nets with nmap to find out who they > are and maybe a little of what they're up to (and using the info to decide > if the net belongs in my packet filter). What's the opinion of the list? Is > this OK, or just plain rude? > > -- > Glenn English > g...@slsware.com > >
