Re: from: rhd...@gmail.com

[Evan Platt]

rhdyes, Your account has been comprmised. Change your password ASAP. TO all
others, do not click that link.



On Mon, Aug 25, 2014 at 1:36 PM, rhd...@gmail.com  wrote:

>  Hello postfix
>
> http://mijnmoestetuin.nl/method.php?bawba3101vucrdq
>
>
>
> rhd...@gmail.com
>

Re: test only. do not read.

[Evan Platt]

Crud. I read it. Does that initiate armageddon? :)


On Tue, Dec 11, 2012 at 8:21 AM, Bruno Costacurta wrote:

> test only.
> --
> Linux Counter # 353844
> https://linuxcounter.net/user/**353844.html
>
>

Re: need help for controlling authenticated realy

[Evan Platt]

On Sat, Apr 23, 2011 at 7:17 PM, Daniel Bromberg  wrote:

> Can you stop sending to postfix-us...@cloud9.net? It's messing up my filter
> and will probably mess up lots of other automated filters as well. Use
> postfix-users@postfix.org.

Sorry - I did a reply all to the e-mail. You should be filtering on
another header :)

> As far as controlling the situation you describe, I'm a bit mystified that
> common sense damage control techniques are not being used, such as
> immediately changing all passwords to something difficult and random, then
> notifying your clients that have a legitimate relationship with you. If
> legit clients get a failure they'll call/e-mail your help infrastructure.
>
> Also, is this a shared password for multiple clients? Definitely a big
> weakness if so.

I'll let the OP answer that question :)

Re: need help for controlling authenticated realy

[Evan Platt]

Enforce a better password policy - our work password policy is minimum
8 characters, and 3 out of the 4 of the following:
Upper Case
Lower case
Number
Special Character - any shift + top row number) - ie !@#$%^&*(

By this policy hellowhowareyou wouldn't work because it only has lower
case letters. Neither would Hellowhoware you since it only has 2 of
the 4. But Hellohowareyou4 would.

Or IP based authentication maybe?

On Sat, Apr 23, 2011 at 6:45 PM, Rajesh Kumar Mallah
 wrote:
> Hi,
>
> We allow relaying of email via our server to our clients using authentication.
> The problem is that some miscreants have got hold of our clients password
> and are using our email server to send SPAM after successfully authenticating.
>
> Please tell how to control this situation.
>
> I was thinking in lines of enforcing policies on even authenticated smtp 
> clients
> that are pumping SPAM . Eg restrict clients not to send more than 10 emails
> per minute , etc.
>
> Any help would be greatly appreciated.
>
> Regds
> Mallah.
>

Re: windows avast - postfix 421 error

[Evan Platt]

On 12/22/2010 12:50 PM, mouss wrote:


The real role of the AV here is to block smtp except to the submission 
server. but that's only for "residential" users who don't have a 
firewall to do that. even for such users, a host firewall (Comodo is 
free) is a better tool at that.


but not sure OP can ask his users to disable smtp scanning on their 
hosts.


I'm confused here - the Avast is at the end users computer, right?

Pretty simple. If the user enables Avast mail scanning, and mail can't 
be sent, then they disable Avast e-mail scanning and it works, tell the 
user to disable e-mail scanning.


Back when I worked at an ISP, we must have told that to users a dozen 
times a week.

Re: windows avast - postfix 421 error

[Evan Platt]

Have the users disable outbound e-mail scanning.

I mean, if the file is on their hard drive, it's already been scanned
for virii. To scan it again is silly.

On 12/22/2010 12:04 PM, Joseph Conrad wrote:

Sorry, I failed to put postconf -n output in my first post...

Server:
Centos-5.5
postfix-2.3.3-2.1.centos.mysql_pgsql

See server log below.


Client:
MS Windows XP 2002 sp3
avast-5.0.545

behind a NAT router 66.6.120.250

with avast mail scanner on:

C:\telnet smtp 25
421

Connection to host lost
C:\

with avast mail scanner off I get the normal:

C:\telnet smtp 25
Trying 66.36.120.9...
Connected to smtp.rockymountains.net (66.36.120.9).
Escape character is '^]'.
220 smtp.rockymountains.net ESMTP Postfix


[smtp log]# tail -f maillog | grep 66.36.120.250
Dec 22 11:15:36 smtp postfix/smtpd[8084]: connect from
mcw-office.rockymountains.net[66.36.120.250]
Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_hostaddr: 66.36.120.250 ~?
66.36.112.0/20
Dec 22 11:15:36 smtp postfix/smtpd[8084]:>
mcw-office.rockymountains.net[66.36.120.250]: 220 smtp.rockymountains.net
ESMTP Postfix
Dec 22 11:15:36 smtp postfix/smtpd[8084]:<
mcw-office.rockymountains.net[66.36.120.250]: EHLO Kitten
Dec 22 11:15:36 smtp postfix/smtpd[8084]:>
mcw-office.rockymountains.net[66.36.120.250]: 250-smtp.rockymountains.net
Dec 22 11:15:36 smtp postfix/smtpd[8084]:>
mcw-office.rockymountains.net[66.36.120.250]: 250-PIPELINING
Dec 22 11:15:36 smtp postfix/smtpd[8084]:>
mcw-office.rockymountains.net[66.36.120.250]: 250-SIZE 1024
Dec 22 11:15:36 smtp postfix/smtpd[8084]:>
mcw-office.rockymountains.net[66.36.120.250]: 250-VRFY
Dec 22 11:15:36 smtp postfix/smtpd[8084]:>
mcw-office.rockymountains.net[66.36.120.250]: 250-ETRN
Dec 22 11:15:36 smtp postfix/smtpd[8084]:>
mcw-office.rockymountains.net[66.36.120.250]: 250-AUTH PLAIN
Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_list_match: 66.36.120.250:
no match
Dec 22 11:15:36 smtp postfix/smtpd[8084]:>
mcw-office.rockymountains.net[66.36.120.250]: 250-AUTH=PLAIN
Dec 22 11:15:36 smtp postfix/smtpd[8084]:>
mcw-office.rockymountains.net[66.36.120.250]: 250-ENHANCEDSTATUSCODES
Dec 22 11:15:36 smtp postfix/smtpd[8084]:>
mcw-office.rockymountains.net[66.36.120.250]: 250-8BITMIME
Dec 22 11:15:36 smtp postfix/smtpd[8084]:>
mcw-office.rockymountains.net[66.36.120.250]: 250 DSN
Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_hostaddr: 66.36.120.250 ~?
66.36.112.0/20
Dec 22 11:15:36 smtp postfix/smtpd[8084]: lost connection after EHLO from
mcw-office.rockymountains.net[66.36.120.250]
Dec 22 11:15:36 smtp postfix/smtpd[8084]: disconnect from
mcw-office.rockymountains.net[66.36.120.250]

[smtp log]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
debug_peer_list = 66.36.120.250, 66.36.120.1, 66.36.120.13
html_directory = no
in_flow_delay = 1s
inet_interfaces = localhost, 66.36.120.9, 66.36.120.12
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 66.36.112.0/20, 65.183.79.0/24, 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual_domain
virtual_alias_maps = hash:/etc/postfix/virtual


I didn't send the EHLO command or anything of the other commands, I only
did the "telnet smtp 25" command at the command prompt.  Apparently avast
sends those commands.

I have used postfix for many years as the main server for a small town ISP
(about 2000 email accounts) and had to replace an old server with this
newer one.  Many of my customers use avast/windows and can't send.

Any ideas what avast does to trigger the (I assume) concurrency limit?

Or better yet, what I can do to get it to stop?

Maybe point me to a thread?

My apologies in advance, if in my searches I somehow missed the thread
that has already dealt with this.

Joseph Conrad
Mountain Computer Wizards, Inc.
Buena Vista, Colorado



   

Re: amount of mail

[Evan Platt]

On 05/30/2010 01:59 PM, Leonel Florin Selles wrote:

can someone give me an example of how to restrict the amount of mail that
a user could send.
   



AFAIK  you can't with Postfix directly. You'd need something like policyd
http://www.policyd.org/tiki-index.php?page=ModuleFeatures

procmail hitting sometimes but not others?

[Evan Platt]

I know it's overkill, but I run my own postfix  (2.6.2) on my server at 
home. My domain, my mail. Just me.


Just switched to IMAP, and figured I'd also like to sync filtering 
rules, so best way I could see was use procmail.


So far, sometimes so good. But every once in a while, a message 'slips' 
past the procmail and into my mailbox.
I've attached postconf -n below, and I've put the filter, header, and 
verbose procmail output at

http://www.espphotography.com/proc.txt .

Any obvious reason it isn't hitting? I could gather a few more times 
it's not hitting - it seems to be literally hit or miss. Same rule, 
sometimes it hits sometimes it doesn't.


Thanks. :)

Evan


# postconf -n
alias_maps = hash:/etc/postfix/aliases
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 10
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 10
mydomain = espphotography.com
myhostname = espphotography.com
mynetworks = 168.100.189.0/28, 
127.0.0.0/8,192.168.1.0/28,206.176.229.254,216.200.134.0/24,192.168.1.0/24,99.11.230.251

mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost = [smtp.comcast.net]:587
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtpd_client_event_limit_exceptions = static:everyone
smtpd_sasl_path = smtpd
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
smtpd_tls_cert_file = /System/Library/OpenSSL/certs/smtpd.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550

Re: Local Mails not working

[Evan Platt]

On 12/11/2009 12:16 PM, Daniel V. Reinhardt wrote:
> Actually the tone in his email was very negative, condescending, and 
> not very constructive.  It contained an overtone of being hoiler then
> thou, and you are stupid I know it all approach.  /dev/rob0, failed
> to address the user on a tech support level.  The method and approach
> by which /dev/rob0 used would have gotten him fired in my place of
> work.  I got this same level of abuse from the Apache list when I
> asked my question about disabling IPv6 in my apache build. The 
> likelihood of me asking for help on that list is very slim.  I expect
> a person in a position to provide technical support to come down to
> the level of the person asking for help, and not the other way
> around.  All technical support people should know this, and not offer
> anymore then that.  The overall tone in the email needs to be 
> addressed, and the tone was very insulting.
> 
> I side with Alexander here.

This is a user to user mailing list. (Granted, there may be developers
on here, but a good deal of help comes from users to users). So all this
talk about "The posters tone needs to be addressed" and "If the poster
did this at my place of employment, he'd be fired." is sort of silly.

Think of it as if you walked into your local bar and asked the people in
the bar your question. You may not always get the right answer, and you
may not like the way an answer is given. But are you then going to go up
to the bartender and complain how someone answered? Probably not :)

Re: Strange fix? Can't send mail externally but can send locally using Outlook 2003

[Evan Platt]

On Thu, 3 Dec 2009 08:34:14 -0800, you wrote:


>This is a multi-part message in MIME format.
>
>--=_NextPart_000_0042_01CA73F3.65840B00
>Content-Type: text/plain;
>   charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>



>Folks,
>
>We have a user who can't send mail externally but can send mail locally (to
>people within our domain) when using Outlook 2003.  But with Thunderbird the
>user can send & receive both externally & internally from the same machine.
>Naturally if they use any other machine they can send/receive externally
>using Outlook 2003.   So it's just this one machine and it's Outlook 2003
>that has the issue.  
>
> 
>
>I know it must be a configuration issue but all the settings are correct.  I
>have tried reinstalling Outllook 2003 even cleaning up the registry before
>re-install.  I am pretty confident I haven't missed anything to check but
>you never know.  Has anyone else ever come across a similar issue?
>
> 
>
>I realise this isn't a PostFix issue, or at least I suspect it isn't, but
>you folks must deal with client side e-mail issues as well as mail server
>issues so thought I'd poll the list to get some input.  I doubt there is
>anything unique about our set-up.  We have a barracuda spam filter in place
>and mail clients are set to use port 587 to send mail using our mail server.
>
>
> 
>
>Linux mail.xx.com 2.6.27.25-78.2.56.fc9.i686 #1 SMP Thu Jun 18 12:47:50
>EDT 2009 i686 i686 i386 GNU/Linux
>
>Postfix is mail_version = 2.5.1
>
> 
>
>Again if this isn't something I should ask the list please let me know and
>accept my apologies for the oversight on my part.

Please don't post in HTML.

And without logs, or at the very least an error message, anything
would be at best a guess. May want to ask in an Exchange group as yes,
this has nothing to do with postfix.

Re: What Is Causing This Failure

[Evan Platt]

On Tue, 1 Dec 2009 16:13:02 +0100, you wrote:

># telnet 198.186.193.20 25
>Trying 198.186.193.20...
>Connected to 198.186.193.20.
>Escape character is '^]'.
>220 share.docforge.org ESMTP Postfix

D'oh... Forgot which machine I was connected to.I tried it on the one
that has port 25 blocked by the ISP. :)

My bad, sorry :)

Re: What Is Causing This Failure

[Evan Platt]

On Tue, 1 Dec 2009 10:03:21 -0500, you wrote:

>I am getting a report from someone on my network that they are getting
>delivery failures when attempting to send an email from my Postfix
>server to the remote mail server. I see  the message stuck on my
>Postfix servers queue:
>
>CB87E778055 1337 Mon Nov 30 08:59:15  tprem...@iamghost.com
>   (connect to a.mx.premore.net[198.186.193.20]: No route to host)
> b...@premore.net
>
>I am guessing that this is a problem with the remote mail server
>'a.mx.premore.net' since my server is sending and receiving email just
>fine to every other destination. I then decided to do a MX lookup for
>this domain "premore.net" & see if there is anything wrong:
>
>;; QUESTION SECTION:
>;premore.net.  IN  MX
>
>;; ANSWER SECTION:
>premore.net.   3093IN  MX  0 a.mx.premore.net.
>
>;; ADDITIONAL SECTION:
>a.mx.premore.net.  3093IN  A   198.186.193.20
>
>However my mail server wont send to this destination address and I
>have no idea why. Can someone tell me how I can better examine this
>situation to understand where the fault lies.
>
>Thank you!

Unless I'm misreading and misunderstanding your logs

# telnet 198.186.193.20 25
Trying 198.186.193.20...
telnet: connect to address 198.186.193.20: Operation timed out
telnet: Unable to connect to remote host

The mail server on that IP isn't answering.

Re: If you wanna have some fun...

[Evan Platt]

At 12:53 PM 11/14/2009, you wrote:

http://www.SPAM.SPAM.host.sk/BWpzYBwiK2.html


As if the .sk isn't enough warning, don't bother clicking on the link.

Someoene's either spamming, or got their computer infested. 

Re: Rewrite destination domain

[Evan Platt]

Not a 'postfix' answer, but what mail client does 
he use? Is it one (or two or 3) e-mail addresses?


Maybe make a addres book entry for the mistyped 
address to go to the real address?


At 11:34 AM 9/16/2009, you wrote:

I have a user who is constantly mistyping a specific domain that he
sends mail to on a regular basis. This has been going on for a couple
of years, and every time he complains to be about messages not being
delivered, or 'being eaten' or something. He is convinced, every time,
that my server is doing something wrong.

Every time I peruse the logs, find his typo, and sent him log lines.
This works for a few days, or weeks, maybe. Then the cycle repeats.
He's old, and essentially untrainable.

I'm tired of it, and being related to him, I can't fire him.

So, I am wondering if I can do something in postfix to rewrite the
domain in question (at least the typo is consistent).

So, given example.com and given that he emails 
multiple addresses at example.com  and given 
that he typos it as exapmle.com and given that exapmle.com

1) exists 2) doesn't accept mail connections 3) is not a domain that
anyone has ever intentionally tried to send mail to — given all  that,
is there something I can do in postfix to simply rewrite exapmle\.com$
to example.com?

Something in smtpd_recipient_restrictions, I'm guessing?

Re: Postfix DKIM

[Evan Platt]

At 03:11 PM 9/9/2009, you wrote:

Mark Johnson  writes:

> All,
>
> I wonder which DKIM should I use for Postfix? Any suggestion?

Please read first RFCs. Then you'll realize why we use DKIM.


That totally wasn't the question the OP was asking.. :)

Re: How to add more than one recipient on the notice recipient

[Evan Platt]

At 12:55 PM 9/8/2009, you wrote:

All,

How can I add more one recipient? I want both webmaster and 
postmaster can receive error email.

The default setting:
bounce_notice_recipient = postmaster
delay_notice_recipient = postmaster
error_notice_recipient = postmaster

I know Sendmail can just add next to it = postmaster, webmaster, but 
I have no ideal on the Postfix.

Can anyone help?


I haven't tried, but one of the below should work:

postmaster, webmaster, or create an alias of say bouncerecipient to 
be postmaster and webmaster...

Re: attachment manipulations

[Evan Platt]

At 10:58 AM 9/1/2009, you wrote:

Hi guys

I hope some of you can help in this work around I need to do. My 
internet conection is a very slow one, and most of the email clients 
are on dialup, so I need to enforce limits to the message size. I'm 
thinking in those email that arrive with big attachments, some of 
them are high res pics, or .pps so I'm thinking how can I get the 
email, extract the attachments, make resolution lower of the images 
to decrease size (using GD maybe), and rebuild the original message 
with the modified images. In case of .pps I can compress them. That 
way I can make smaller the dialup times. Have some of you some ideas 
about how can I do that? Maybe a filter? I apreciate any colaboration.


I'm pretty sure I saw you ask this a few weeks ago with no response, 
so likely no one has an answer, but IMHO messing with attachments is 
a bad idea. I sure wouldn't like to have images changed on me. So 
then if I become the 'exception' - the person who WANTS to see the 
images at whatever resolution they come to me at, I'm SOL?


Maybe a better idea - and this is still something postfix can't 
(AFAIK) do by itself - strip the attachments and put them onto a 
seperate folder. Perhaps that's a better solution - remove the 
attachments from the message, and put them on a FTP folder a user can 
access. But then you better be ready to start supporting FTP, and 
walking customers through downloading a FTP program, setting it up, etc.


Maybe install webmail? And then if people can log into webmail if 
they have a large attachment? 

Re: postfix performance

[Evan Platt]

At 10:30 AM 8/17/2009, you wrote:

All,

What do I need to do in order to have better performance on Postfix.
I have Centos5 with postfix installed. The mail server is only as a 
relay mail server and has nothing else.


I just make the test and the performance was not good. Outgoing 1K 
email was around 568 seconds.


Any insight is appreciated.


Although this will likely be out of my area of being able to help 
you, someone else here probably can, but you'll want to post relevent 
logs and postconf -n output.


But 568 secoonds, my guess is there's something configured MAJORLY wrong.

10 minutes? DNS lookup failure? 

RE: Hash file oddity

[Evan Platt]

At 12:00 PM 7/31/2009, you wrote:

I guess one could, but then you can't tell where one began and the 
other ended ;)


At least they finally added the ability to select "Plain Text" as an 
option when sending the emails from OWA.


There should be a append thing (or prepend?) to add a > bracket to 
quoted text... Been a while since I used OWA. 

RE: Hash file oddity

[Evan Platt]

At 11:50 AM 7/31/2009, you wrote:


PS: Sorry for top posting.  OWA doesn't have a good way to do it.


Can't you just hit the down arrow or the page down key? :) 

Re: Directory Harvest

[Evan Platt]

At 03:59 PM 7/29/2009, you wrote:

It looks like somebody is trying to figure out my internal users as
evidenced by log excerpts below.  Is there something I could do to, if
not prevent this, reduce it?


If  you're seeing a lot of attempts, I say just block them in your firewall...

# whois 93.85.224.123

OrgName:RIPE Network Coordination Centre
OrgID:  RIPE
Address:P.O. Box 10096
City:   Amsterdam
StateProv:
PostalCode: 1001EB
Country:NL

ReferralServer: whois://whois.ripe.net:43

NetRange:   93.0.0.0 - 93.255.255.255
CIDR:   93.0.0.0/8 

postfix and ldap alias users

[Evan Platt]

Thanks all for the previous help getting postfix up and running with 
ldap / tls.. Finally after I don't even know how many build attempts, 
,it's up and running :)


My setup is all mail is delivered from a mail host to my postfix from 
another server.  They do ldap lookups which is working fine. I'd like 
to though just use the ldap also for the postfix delivery - right now 
I have both /etc/postfix/aliases and the ldap. So when I add an 
alias, I add it both places.


All mail is delivered to one mailbox, pretty much all aliases.

In my LDAP, I have my 'account' with the entries under the mail 
attribute (ali...@espphotography.com ali...@espphotography.com, etc)..


A lookup of say testtest:

postmap -q testt...@espphotography.com ldap:/etc/postfix/ldap-aliases.cf
returns everything - a big long string of all the aliases I have.

A test e-mail is rejected:

Jul  9 12:25:57 www postfix/smtpd[1507]: connect from example.com[1.2.3.4]
Jul  9 12:25:58 www postfix/smtpd[1507]: AF0E22DD758: 
client=example.com[1.2.3.4]
Jul  9 12:25:59 www postfix/cleanup[1510]: AF0E22DD758: 
message-id=<4a564420.8090...@example.com>
Jul  9 12:25:59 www postfix/qmgr[1334]: AF0E22DD758: 
from=, size=2351, nrcpt=1 (queue active)
Jul  9 12:25:59 www postfix/local[1511]: AF0E22DD758: 
to=, relay=local, delay=0.49, 
delays=0.44/0.02/0/0.03, dsn=5.1.1, status=bounced (unknown user: "testtest")
Jul  9 12:25:59 www postfix/cleanup[1510]: 127492DD75A: 
message-id=<20090709192559.127492dd...@espphotography.com>
Jul  9 12:25:59 www postfix/qmgr[1334]: 127492DD75A: from=<>, 
size=4191, nrcpt=1 (queue active)
Jul  9 12:25:59 www postfix/bounce[1512]: AF0E22DD758: sender 
non-delivery notification: 127492DD75A

Jul  9 12:25:59 www postfix/qmgr[1334]: AF0E22DD758: removed
Jul  9 12:26:00 www postfix/smtp[1513]: 127492DD75A: 
to=, relay=smtp.comcast.net[76.96.62.117]:587, 
delay=1.5, delays=0.01/0.03/0.66/0.78, dsn=2.0.0, status=sent (250 
2.0.0 DvTE1c0073FUpeY3evTEZS mail accepted for delivery)


My mail host does a ldap lookup prior to delivery, so ldap is 
working, but postfix doesn't like it...


Any suggestions as to what I'm missing or what's wrong? Info below... 
Thanks again. :)


# cat /etc/postfix/ldap-aliases.cf
server_host = 127.0.0.1
server_port = 389
search_base = uid=eplatt, dc=espphotography, dc=com
query_filter = mail=%s
result_attribute = mail
version = 3
bind = no


# postconf -n
alias_maps = hash:/etc/postfix/aliases, ldap:/etc/postfix/ldap-aliases.cf
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 1000
mydomain = espphotography.com
myhostname = espphotography.com
mynetworks = 168.100.189.0/28, 
127.0.0.0/8,192.168.1.0/28,206.176.229.254,216.200.134.0/24,192.168.1.0/24

mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost = [smtp.comcast.net]:587
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options =
smtpd_client_event_limit_exceptions = static:everyone
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
smtpd_tls_cert_file = /System/Library/OpenSSL/certs/smtpd.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550

Re: OT: ethics

[Evan Platt]

At 12:37 PM 7/1/2009, you wrote:
Wietse says something like "Spam is war -- RFCs don't apply." OK, 
but how about nmap ethics?


I've started hitting spam IPs and their nets with nmap to find out 
who they are and maybe a little of what they're up to (and using the 
info to decide if the net belongs in my packet filter). What's the 
opinion of the list? Is this OK, or just plain rude?


I'm no attorney, but sounds like a grey area...

http://www.securityfocus.com/news/126 

Re: A few postfix issues - LDAP / anvil and sasl?

[Evan Platt]

At 12:02 PM 6/30/2009, you wrote:


You are using header files from SASL 2.1.22 or later, which
define SASL_PATH_TYPE_CONFIG, but libraries from a version
of SASL that does not have "sasl_set_path()".


That's way above my head - is there an easy way to fix that?


Change the order of "-L/sw/lib" to put it ahead of "-lsasl2".


Am I misunderstanding? It is already? (I'm assuming you mean 
/usr/lib? I don't have a /sw/lib, there's the /usr/lib/ but that is 
before -lsasl2?


make -f Makefile.init makefiles CCARGS='-DUSE_SASL_AUTH 
-I/sw/include/sasl -DUSE_TLS -I/usr/include/openssl -DUSE_CYRUS_SASL 
-I/usr/local/lib/sasl2 -DHAS_SSL -I/usr/local/ssl/include/openssl' 
AUXLIBS='-L/usr/lib -lldap -L/usr/lib -llber -L/usr/lib -lsasl2 -lssl' 

Re: A few postfix issues - LDAP / anvil and sasl?

[Evan Platt]

At 06:34 PM 6/22/2009, you wrote:


Googling around, a few suggestions seem to be
make -f Makefile.init makefiles CCARGS='-DUSE_SASL_AUTH 
-I/sw/include/sasl -DUSE_TLS -I/usr/include/openssl -DUSE_CYRUS_SASL 
-I/usr/local/lib/sasl2 -DHAS_SSL -I/usr/local/ssl/include/openssl' 
AUXLIBS='-L/usr/lib -lldap -L/usr/lib -llber -L/usr/lib -lsasl2 -lssl'


I tried this, and the last few lines of make are:

FO -DNO_KQUEUE -DHAS_PCRE -I/sw/include -g -O -I. -I../../include 
-DMACOSX -c smtpd_resolve.c
cc -DUSE_SASL_AUTH -I/sw/include/sasl -DUSE_TLS 
-I/usr/include/openssl -DUSE_CYRUS_SASL -I/usr/local/lib/sasl2 
-DHAS_SSL -I/usr/local/ssl/include/openssl -DBIND_8_COMPAT 
-DNO_NETINFO -DNO_KQUEUE -DHAS_PCRE -I/sw/include -g -O -I. 
-I../../include -DMACOSX -o smtpd smtpd.o smtpd_token.o 
smtpd_check.o smtpd_chat.o smtpd_state.o smtpd_peer.o 
smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o smtpd_xforward.o 
smtpd_dsn_fix.o smtpd_milter.o smtpd_resolve.o ../../lib/libmaster.a 
../../lib/libtls.a ../../lib/libdns.a ../../lib/libxsasl.a 
../../lib/libmilter.a ../../lib/libglobal.a ../../lib/libutil.a 
-L/usr/lib -lldap -L/usr/lib -llber -L/usr/lib -lsasl2 -lssl 
-L/sw/lib -lpcre -flat_namespace

/usr/libexec/gcc/powerpc-apple-darwin8/4.0.1/ld: Undefined symbols:
_sasl_set_path

Am I on the right path? Any suggestions?


Just following up (or bumping if you will) my old thread.. Still 
running postfix without tls, LDAP or cyrus sasl...


# postconf -m
btree
cidr
environ
hash
pcre
proxy
regexp
static
tcp
unix

Regarding the above make command I tried.. it looks like I have the 
wrong path specified at one point? Does that sound right? If so, what 
file is Postfix looking for at each argument, and I can make sure the 
directory is correct? Or am I troubleshooting this wrong...


Thanks.

Evan 

Re: Need a resolution to a weird error

[Evan Platt]

At 08:54 PM 6/23/2009, you wrote:

Looks as if postifx will not send to mailbox
which has close to 50M in the mailbox.

Can this be overriden?


http://www.postfix.org/postconf.5.html

mailbox_size_limit (default: 5120)

The maximal size of any local(8) 
individual mailbox or maildir file, or zero (no limit). In fact, this 
limits the size of any file that is written to upon local delivery, 
including files written by external commands that are executed by the 
local(8) delivery agent.


This limit must not be smaller than the message size limit.

Or am I misunderstanding ? 

Re: A few postfix issues - LDAP / anvil and sasl?

[Evan Platt]

Googling around, a few suggestions seem to be
make -f Makefile.init makefiles CCARGS='-DUSE_SASL_AUTH -I/sw/include/sasl 
-DUSE_TLS -I/usr/include/openssl -DUSE_CYRUS_SASL -I/usr/local/lib/sasl2 
-DHAS_SSL -I/usr/local/ssl/include/openssl' AUXLIBS='-L/usr/lib -lldap 
-L/usr/lib -llber -L/usr/lib -lsasl2 -lssl'

I tried this, and the last few lines of make are:

FO -DNO_KQUEUE -DHAS_PCRE -I/sw/include -g -O -I. -I../../include -DMACOSX -c 
smtpd_resolve.c
cc -DUSE_SASL_AUTH -I/sw/include/sasl -DUSE_TLS -I/usr/include/openssl 
-DUSE_CYRUS_SASL -I/usr/local/lib/sasl2 -DHAS_SSL 
-I/usr/local/ssl/include/openssl -DBIND_8_COMPAT -DNO_NETINFO -DNO_KQUEUE 
-DHAS_PCRE -I/sw/include -g -O -I. -I../../include -DMACOSX -o smtpd smtpd.o 
smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o smtpd_peer.o 
smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o smtpd_xforward.o 
smtpd_dsn_fix.o smtpd_milter.o smtpd_resolve.o ../../lib/libmaster.a 
../../lib/libtls.a ../../lib/libdns.a ../../lib/libxsasl.a 
../../lib/libmilter.a ../../lib/libglobal.a ../../lib/libutil.a -L/usr/lib 
-lldap -L/usr/lib -llber -L/usr/lib -lsasl2 -lssl -L/sw/lib -lpcre 
-flat_namespace
/usr/libexec/gcc/powerpc-apple-darwin8/4.0.1/ld: Undefined symbols:
_sasl_set_path

Am I on the right path? Any suggestions?

Thanks. :)



  

Re: A few postfix issues - LDAP / anvil and sasl?

[Evan Platt]

- Original Message 

From: Wietse Venema 
To: Evan Platt 
Cc: postfix-users@postfix.org
Sent: Monday, June 22, 2009 9:12:36 AM
Subject: Re: A few postfix issues - LDAP / anvil and sasl?

>You installed Postfix, and then you copied the old master.cf/main.cf
>files over the new files.

>To fix the old configuration files:

># postfix upgrade-configuration

d'oh! Yes, I missed that.. Just ran it.. That's solved (so far) the postfix 
errors, 

I ran it, didn't see any errors on output, and don't see anything obviously 
changed in main.cf or master.cf... I do still see 

Jun 22 09:53:22 www postfix/smtpd[12728]: warning: smtpd_sasl_auth_enable is 
true, but SASL support is not compiled in
Jun 22 09:53:22 www postfix/smtpd[12728]: warning: TLS has been selected, but 
TLS support is not compiled in

So I'm unable to use port 587 to my relayhost... Is there something else I'm 
missing?

Thanks again.

Evan

Is there a way to completely disable anvil?



  

Re: A few postfix issues - LDAP / anvil and sasl?

[Evan Platt]

- Original Message 

From: Barney Desmond 
To: postfix-users@postfix.org
Sent: Monday, June 22, 2009 8:22:45 AM
Subject: Re: A few postfix issues - LDAP / anvil and sasl?


>Are you literally seeing dollars and curly-braces in the logs? If
>that's obfuscation then it's very unclear. Someone else may have
>suggestions/corrections for your `make` line, but does ldap now appear
>in the output of `postconf -m`?

Yes, and yes. That's the exact copy and paste from my mail log.

>I only know enough about anvil to say that you probably don't want, or
>need, to touch it. Why did you disable anvil? It performs connection
>rate-limiting to prevent runaway situations. "It makes too much noise
>in the mail log" isn't a good excuse. Also, I don't see any
>anvil=(yes|no) directive, what makes you think it exists?
>http://www.postfix.org/postconf.5.html#anvil

A WHILE back, I had a problem where anvil would pop up, and I googled the entry 
I received at the time, and the link was "If you don't use anvil, disable it in 
main.cf with anvil = (something)...

No, I really don't need / want anvil. My mail is sent to me from my primary MX. 
My firewall is configured to only allow mail traffic from a few IP's. So... 
really, no need for anvil. :)


>I'm no good with LDAP, but I'd suggest trying some manual queries
>against the table, without postfix. Something like this to see if the
>results look "sane":

>postmap -q examp...@espphotography.com ldap:/etc/postfix/ldap-aliases.cf

I tried a few, they all return nothing..

>alias_maps is generally for local delivery, which should mean the
>lookup key is just a name, not a full email address. Does that match
>what you have stored in LDAP?

D'oh. No, I'll change them.

>Usually one posts the "broken" postconf-n output, but we know what you
>mean (assuming you haven't changed anything else except putting in
>LDAP).

Well, I really CAN if you want - however it breaks postfix (all mail is 
rejected), so I'd rather not. :)



  

Re: A few postfix issues - LDAP / anvil and sasl?

[Evan Platt]

I should add - this is a OS/X 10.4 box if that makes a difference (workstation).



- Original Message 
From: Evan Platt 
To: postfix-users@postfix.org
Sent: Sunday, June 21, 2009 6:38:24 PM
Subject: A few postfix issues - LDAP / anvil and sasl?


My setup is I get my mail from a relay host - they perform A/V and anti spam. 
So if I can set up a ldap server, they can query for valid domains.

I've recompiled postfix with ldap support (I hope!), but it doesn't appear 
postfix is using the aliases in my ldap.

My setup is I have one mailbox on my server (eplatt) and all valid mail goes to 
it. So my aliases consists of
example1:eplatt
example2:eplatt
webmaster:eplatt 

etc.

Everything was working until (murphys law) I reinstalled to enable ldap 
support. I reinstalled with:

make -f Makefile.init makefiles 'PREFIX=/etc/postfix ' 'CCARGS=-DUSE_TLS 
-I/sw/include/sasl -DUSE_SASL_AUTH -DUSE_CYRUS_SASL ' 'AUXLIBS=-L/opt/local/lib 
-lsasl2 -lssl -lcrypto' 'CCARGS='-I/usr/local/include -DHAS_LDAP' 
AUXLIBS='-L/usr/local/lib -lldap -L/usr/local/lib -llber'

I'm seeing in the mail.log:
Jun 21 11:47:48 www ${multi_instance_name: 
postfix}${multi_instance_name?$multi_instance_name}/master[7111]: reload -- 
version 2.6.2, configuration /etc/postfix

Second, I've disabled anvil in master.cf, but I still see:

Jun 21 11:48:27 www postfix/smtpd[7132]: warning: connect to private/anvil: 
Connection refused
Jun 21 11:48:27 www postfix/smtpd[7132]: warning: problem talking to server 
private/anvil: Connection refused

I recall (but can't find it on google) adding anvil=no in main.cf?

I've included my postconf -n at the end, but can anyone help and advise what 
I'm doing wrong?

I have

uid=eplatt,dc=espphotography,dc=com
and names of mail, value of examp...@espphotography.com, 
examp...@espphotography.com , etc.

with
alias_maps = ldap:/etc/postfix/ldap-aliases.cf
ldap-aliases.cf:
server_host = localhost
search_base = dc=espphotography, dc=com

all mail is rejected:

Jun 20 12:43:37 www postfix/smtpd[1703]: NOQUEUE: reject: RCPT from 
unknown[192.168.1.4]: 550 5.1.1 : Recipient 
address rejected: User unknown in local recipient table; 
from= to= proto=ESMTP 
helo=

Below is my postconf.n. Anything I'm missing , please let me know.

Thanks!

# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 1000
mydomain = espphotography.com
myhostname = espphotography.com
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost = [smtp.comcast.net]:587
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = 
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, 
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
smtpd_tls_cert_file = /System/Library/OpenSSL/certs/smtpd.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550


  

A few postfix issues - LDAP / anvil and sasl?

[Evan Platt]

My setup is I get my mail from a relay host - they perform A/V and anti spam. 
So if I can set up a ldap server, they can query for valid domains.

I've recompiled postfix with ldap support (I hope!), but it doesn't appear 
postfix is using the aliases in my ldap.

My setup is I have one mailbox on my server (eplatt) and all valid mail goes to 
it. So my aliases consists of
example1:eplatt
example2:eplatt
webmaster:eplatt 

etc.

Everything was working until (murphys law) I reinstalled to enable ldap 
support. I reinstalled with:

make -f Makefile.init makefiles 'PREFIX=/etc/postfix ' 'CCARGS=-DUSE_TLS 
-I/sw/include/sasl -DUSE_SASL_AUTH -DUSE_CYRUS_SASL ' 'AUXLIBS=-L/opt/local/lib 
-lsasl2 -lssl -lcrypto' 'CCARGS='-I/usr/local/include -DHAS_LDAP' 
AUXLIBS='-L/usr/local/lib -lldap -L/usr/local/lib -llber'

I'm seeing in the mail.log:
Jun 21 11:47:48 www ${multi_instance_name: 
postfix}${multi_instance_name?$multi_instance_name}/master[7111]: reload -- 
version 2.6.2, configuration /etc/postfix

Second, I've disabled anvil in master.cf, but I still see:

Jun 21 11:48:27 www postfix/smtpd[7132]: warning: connect to private/anvil: 
Connection refused
Jun 21 11:48:27 www postfix/smtpd[7132]: warning: problem talking to server 
private/anvil: Connection refused

I recall (but can't find it on google) adding anvil=no in main.cf?

I've included my postconf -n at the end, but can anyone help and advise what 
I'm doing wrong?

I have

uid=eplatt,dc=espphotography,dc=com
and names of mail, value of examp...@espphotography.com, 
examp...@espphotography.com , etc.

with
alias_maps = ldap:/etc/postfix/ldap-aliases.cf
ldap-aliases.cf:
server_host = localhost
search_base = dc=espphotography, dc=com

all mail is rejected:

Jun 20 12:43:37 www postfix/smtpd[1703]: NOQUEUE: reject: RCPT from 
unknown[192.168.1.4]: 550 5.1.1 : Recipient 
address rejected: User unknown in local recipient table; 
from= to= proto=ESMTP 
helo=

Below is my postconf.n. Anything I'm missing , please let me know.

Thanks!

# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 1000
mydomain = espphotography.com
myhostname = espphotography.com
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost = [smtp.comcast.net]:587
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = 
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, 
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
smtpd_tls_cert_file = /System/Library/OpenSSL/certs/smtpd.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550


  

Re: hostnames are not resolving

[Evan Platt]

At 11:03 AM 5/28/2009, you wrote:

Hi there,

I am finding log entries with all the connections from 
"unknown"  why isnt the  inverse hostname places in the postfix log?



May 28 11:01:58 enabled postfix/smtpd[14960]: connect from 
unknown[88.252.82.203]


No reverse DNS for that IP address.


# nslookup 88.252.82.203
Server: 127.0.0.1
Address:127.0.0.1#53

** server can't find 203.82.252.88.in-addr.arpa.: NXDOMAIN

Re: Looking for a little (offlist?) help with ldap integration

[Evan Platt]

At 12:44 PM 4/16/2009, you wrote:

No... as long as they support plus addressing, you give them your main
address - joesm...@example.com - then they will accept anything
addressed to joesmith+anyth...@example.com, and reject everything else.


That's still back at square one.. I often see my addresses sold, and 
since every address is 'accepted', people never get the 'hint' that 
an address is no longer valid.


So if I sign up for ABCInc, and use evan+abcinc, then see it's been 
sold and gets spammed, if they actually rejected it, the theory is 
since it would be rejected, people would get the hint it's not valid.



You said you only had one real address and everything else was aliased
to it. Of course, you'd have to give them the CURRENT list of aliases in
use, but just don't create any more aliases. Then you'd only have to
send them an update when you encounter a service that doesn't let you
use a plussed address (rare, but it happens), in which case you'd have
to create another regular alias.


Well, the problem is I do. Maybe it's OCD, but I like to track where 
my address is used and obtained from, hence LDAP :) 

Re: Looking for a little (offlist?) help with ldap integration

[Evan Platt]

At 12:22 PM 4/16/2009, you wrote:

On 4/16/2009 3:11 PM, Evan Platt wrote:
> My mail provider says they can query an LDAP database, but can't offer
> much assistance to me in setting it up.
>
> Baiscally now I use /etc/posfix/aliases, but that's obviously useless
> for LDAP.

Surprising - they can't do recipient verification (doesn't require LDAP,
just relies on an honest answer from your server)?


I can ask... I don't think so since when I've brought this up in the 
past, the response is 'get an ldap server dude!'



In that case, what I'd do is use plus-addressing instead of making up
fullblown aliases on the fly.


So - if my username is joesmith, use say joesmith+abcincorporated @ 
mydomain . com?


Well, the problem still is I'd rather have them reject the e-mail 
rather then accept then deliver..



Your anti-spam service provider should have the ability to simply define
a list of valid users via flat file if nothing else


Well, the problem is whenever I sign up for a list or make a 
purchase, I create a new one, so I'd be sending them a list pretty 
often, hence the idea of LDAP.



(if they can't, I'd switch providers), so just make sure they 
support plus addressing, and

give them your one (or however many) valid emails and be done with it..


Well, the price for them is right - free :) But the problem is 
dynamics. I don't want to have to bug them every time I add or remove 
an address... :)


Evan 

Looking for a little (offlist?) help with ldap integration

[Evan Platt]

I know this is somewhat offtopic, but hopefully someone here can / is 
willing to help me out a little... :)


I run a mail server for me, myself, and I. I create aliases as needed 
to 'tag' where an address goes - ie if I sign up for ABC Corp, I 
might give them abccorp@ my domain.


My mail server is set up that for my domain, my primary MX is a 
anti-spam antivirus server. Mail is scanned, then delivered to my 
postfix. As such, mail will ONLY come from a few IP's.


(I guess the above isn't quite related to this, but just some background).

Because of this, every mail is accepted - mail to sadnfkjsdnfkasd @ 
mydomain is accepted as long as it's not deemed spam.


My mail provider says they can query an LDAP database, but can't 
offer much assistance to me in setting it up.


Baiscally now I use /etc/posfix/aliases, but that's obviously useless 
for LDAP.


My aliases consists of aliases redirected to one account (I really 
only have one mail account, every alias directs to that).


So I'm looking for a little help with the easiest way to convert this 
aliases to use for LDAP. I've read quite a few help pages, but not 
sure if I'm finding the right one or what the right way to do this 
is. This is on a OS/X client box, and I have webmin and ldapadmin 
(Windows GUI interface to ldap server)..


I've provided my postconf -n output below.. Apppreciate any help! Thanks!

Evan


# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 0
mydomain = espphotography.com
mydomain_fallback = localhost
myhostname = espphotography.com
mynetworks = 192.168.1.0/24,216.200.134.247
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost = [smtp.comcast.net]:587
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
smtpd_tls_cert_file = /System/Library/OpenSSL/certs/smtpd.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550

Re: Special Characters in Address

[Evan Platt]

At 03:54 PM 3/23/2009, you wrote:

Hello all,
I'm having an issue that I believe is coming from Postfix. I am 
sending mail to an address which contains special characters. Those 
characters aid me in routing the mail but unfortunately it seems to 
be rejected before being relayed. The format is as follows, a block 
of text followed by an "=" followed by more text and a number, 
followed by a "|" and then numbers @ the 
domain.com ie: 
"text=option1|123456...@address.com".

When sending from Gmail for instance I get the following error:

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the 
recipient domain. We recommend contacting the other email provider 
for further information about the cause of this error. The error 
that the other server returned was: 501 501 5.1.3 Bad recipient 
address syntax (state 14).


Also, I am seeing the following error in Postfix:

'501 5.1.3 Bad recipient address syntax'

Any suggestions or assistance would be greatly appreciated.
Thanks



I'm certainly no Postfix expert, pretty straightforward install... 
but I tried setting up an account, and it worked fine - So, likely 
anyone who can help you will need / want

postconf -n
entries from mail log showing the reject

Not sure what else... But here's my mail log showing the mail accepted.

Mar 23 16:01:03 www postfix/qmgr[11482]: 3FE281DA4E8: 
from=, size=2313, nrcpt=1 (queue active)
Mar 23 16:01:03 www postfix/local[13208]: 3FE281DA4E8: 
to=, 
orig_to=, relay=local, 
delay=0, status=sent (delivered to mailbox)

Mar 23 16:01:03 www postfix/qmgr[11482]: 3FE281DA4E8: removed


I use one main mailbox and /etc/postfix/aliases ...

Evan 

Re: Content Filters - Body Matching

[Evan Platt]

At 01:38 PM 3/9/2009, you wrote:

Hello,
I have a restriction that mandates only certain types of email to be 
allowed outbound. If an email does not match a pattern, they want 
that email BCCed to another account. Reading the documentation, I 
see that body_checks isn't a good way to filter multiple lines and 
that I should use something like Spamassassin (version 3.2.4). I 
have that installed and working with Postfix (version 2.2.10).


The issue is how can I guarantee that only email fitting a certain 
pattern will go through and others won't? Has anyone had a setup 
similar to this, and is Spamassassin the best filter for this kind of setup?


Spamassassin won't work as Spamassassin cannot 'stop' mails. SA only 
assigns scores. What you do with a message SA flagged (or rather 
scored) as Spam or not spam is up to you.

Re: to/orig_to control

[Evan Platt]

At 04:07 PM 3/4/2009, you wrote:

when you have "to=, orig_to=" in
the maillog file, that translation is handled by /etc/postfix/virtual,
isn't it?

If j...@example.com is not in /etc/postfix/virtual, where else could
this be controlled?

I did grep -ir jo...@example.com /etc/postfix/ and got 0 hits, so it's
not in virtual or virtual.db. I also went ahead and did grep -ir 
john \...@example.com /etc/ and still got 0 hits.  other virtual addresses in
example.com show up in both /etc/postfix/virtual and /etc/postfix/ 
virtual.db and yet mail to 'john' is getting translated and delivered.



Could be in aliases too, but that should show (assuming your aliases 
is in /etc/postfix) with a grep ... 

Re: Messages Are Refused

[Evan Platt]

At 07:03 AM 3/4/2009, Carlos Williams wrote:

Thanks for that info. Can someone also comment on this? I asked a
friend via email and this was his response to the same issue:

**

"I used nslookup to verify the address your queue is showing, and it
does correspond to je.jfcom.mil. But a request for the mail-exchangers
for jfcom.mil does not indicate that this host should be receiving
mail. The mail-exchangers for that domain are:

smtp01.jfcom.mil
smtp02.jfcom.mil

So this problem resolves into a new one: how did your Postfix come up
with the name je.jfcom.mil to send messages to? Did the user
explicitly specify that host as a target? Or did Postfix get bad info
from its DNS lookup of MX records? Or did something else happen to
misdirect these messages? Only a good look at the mail headers for the
offending messages will tell you that. When a message finally expires
and is sent back to its originator (or to the postmaster), you will
need to examine the headers to see at what stage of forwarding a host
made the choice to use the wrong mail exchanger. Then further work
will be needed to figure out why."

**

My question is how did he find smtp01.jfcom.mil? And more important,
why then is my Postfix server trying to send to a different smtp
address?



Unless I'm misreading it, there's no mx record for je.jfcom.mil , and 
nothing's answering on je.jfcom.mil port 25.



# dig mx je.jfcom.mil

; <<>> DiG 9.3.5-P2 <<>> mx je.jfcom.mil
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55041
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;je.jfcom.mil.  IN  MX

;; AUTHORITY SECTION:
je.jfcom.mil.   3600IN  SOA ns1.je.jfcom.mil. 
root.ns1.je.jfcom.mil. 2009021100 1800 900 86400 3600


;; Query time: 114 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Mar  4 09:23:19 2009
;; MSG SIZE  rcvd: 75

Re: Email delivered to wrong person.

[Evan Platt]

At 02:39 PM 1/29/2009, you wrote:

Hello

I just got this postfix server going a few days ago.  I have one 
person receiving some
emails that are not address to him.  Yes they are spam and I am 
running spamassassin.
But looking at the headers it should not be delivered to the one 
person at all.  Here is

an example header.


Unless I'm missing something, he was BCC'd. Common tactic of spammers.

I e-mail some...@example.com , bcc you, you'd see To:some...@example.com .. 

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Evan Platt]

At 10:37 PM 1/28/2009, you wrote:

What's with you guys on this list who have the answers yet are just 
handing out clues one by one and making me guess about the answer 
over the course of several email exchanges?  Fortunately, there are 
some guys on this list that don't engage in those psychological 
games and I have greatly benefited from their help and I do appreciate it!


I for one believe in the "Lead a horse to water" phrase

Even though Aaron was somewhat blunt and to the point, I have to 
almost agree. I count almost 30 messages from you today alone, a 
majority of which would have been solved by some reading of the documentation. 

Re: looking to pay for problem solving on minor Postfix issue

[Evan Platt]

While I'll probably get flamed for this... 
There are probably tons of people who'd jump at the chance for this - 
easy money. I'm one of them - I love easy money. If I knew enough 
postfix, I'd jump on this. But as it is, I know just enough to be dangerous.


Your best bet is to - excuse the expression - RTFM, follow along with 
it, and ask questions as they come up.


Sure, you could pay someone to set it up and configure it for you, 
but when something breaks, which WILL happen, you'll then likely have 
to pay someone to fix it, whereas if YOU set it up, if YOU RTFM'd, if 
YOU configured it, you'd be more likely to know how to fix any 
potential problems that creep up.


And, as others have pointed out, you don't yet have a working 
firewall, or at least the know how on creating one. That should be 
step one  Then worry about postfix.


Just my .02...



PS: A lot of people block posts from Nabble. You may want to consider 
joining the group directly.



At 10:19 AM 1/28/2009, MountainX wrote:


If you are a Postfix expert, I am willing to pay for your help (via email,
chat, etc.) to resolve several minor problems I'm having with Postfix
(you've probably some of them seen on this list). I can pay via PayPal. (I
know how consulting relationships work. I'm serious. I have paid for
consulting like this many times before on various open source projects over
the last year or more.)

Who has some time available now?

Re: turn off bounce messages?

[Evan Platt]

At 12:28 PM 1/16/2009, you wrote:

>  Would it make it harder for those sending spam?
I was wondering if it would make it harder if spammers got nothing.


How many spammers do you think use a valid return address?

Spammers likely 'get nothing' now

Re: Cannot connect to smtp server

[Evan Platt]

At 09:20 PM 1/8/2009, you wrote:


From the laptop, what happens when you
telnet smtp.gmail.com 25


My bad, this should be
telnet smtp.gmail.com 587 

Re: Cannot connect to smtp server

[Evan Platt]

Please send your replies to the list, not to me.

At 09:58 PM 1/8/2009, you wrote:

>
>>  From the laptop, what happens when you
>> telnet smtp.gmail.com 25
>
>  telnet smtp.gmail.com 25
> Trying 66.249.93.109...
> Trying 66.249.93.111...
> telnet: Unable to connect to remote host: Connection refused
>
> But gmail does not only use port 25. It uses port 465 (with ssl) and
> 587 (with tls) as well.
>
> I can telnet to port 465.
>
> telnet smtp.gmail.com 465
> Trying 66.249.93.111...
> Connected to gmail-smtp-msa.l.google.com.
> Escape character is '^]'.
>

It occurred to me when I wrote the above that my postfix was using
port 587. I have now changed the transport and sasl_passwd files to
point them to port 465. The log now has the following.

Jan  9 05:52:53 panahar postfix/smtp[8128]: 683BC11B785: conversation
with smtp.gmail.com[66.249.93.109] timed out while receiving the
initial server greeting
Jan  9 05:53:53 panahar postfix/smtp[8157]: 37F8711B773: conversation
with smtp.gmail.com[66.249.93.111] timed out while receiving the
initial server greeting

Any ideas?

Vikas

Re: Cannot connect to smtp server

[Evan Platt]

At 09:26 PM 1/8/2009, you wrote:


Quite the contrary -- they SHOULD be there in order to suppress
MX lookups of the relayhost name. See the documentation.



Huh. Yer right.

Never had that in my main.cf - never had a problem either. I added it 
and reloaded.


Thanks for the edumacation :)

Re: Cannot connect to smtp server

[Evan Platt]

At 08:56 PM 1/8/2009, you wrote:

i have recently shifted to a different place.


Uhhh do you mean a new internet provider? Or something else?

I had a functioning postfix setup on my laptop but it is not working 
in this new place.


I'm confused. Why are you running postfix on a laptop?


I use gmail's smtp server to send e-mail.


Why not use the SMTP server provided by your ISP?


Please note the following.

1. Internet works fine.
2. Evolution can send e-mail using the same smtp server account
3. I cannot ping any address on the internet.


Sounds like a ISP issue..


When I send the mail, it just stays in the queue. The results of
mailq, tail /var/log/mail.log, and postconf -n are pasting below for
reference.


From the laptop, what happens when you
telnet smtp.gmail.com 25



I shall be grateful if someone could help sort this out.




relayhost = [smtp.gmail.com]


Do you have the brackets in the main.cf? Not sure if that will cause 
a problem or not.

Re: escape characters when inserting into a table

[Evan Platt]

Am I missing what this has to do with postfix, or is it just me?

At 09:56 AM 1/7/2009, you wrote:

Hi All,

My apologies if I sent the wrong question but I need your help.

I am using perl + postgres in an app am writing. However I am 
failing to find a function to escape characters just like you use 
addslashes in php.


Do I have to use a regex expression to do that or there is a function to use.

Thanks in advance.

Re: Allowing return email

[Evan Platt]

Why not do this in your MTA? Maybe a procmail recipe, etc?


At 09:41 AM 1/3/2009, you wrote:

Greetings:

I'm running several spam-filtering tools including Postgrey, 
SpamAssassin, etc.  I would like to make replying to mail I have sent easier.

How can I automatically white-list addresses to whom I have sent email?
Thanks,
Chris

Re: postfix + procmail autoresponder

[Evan Platt]

Do you REALLY need to?

How many OOO replies are then going to be sent to every mailing list 
you're on? To every piece of spam sent to you? etc etc.


OOO Replies aren't really necessary anymore, are they?

Christian Desrochers wrote:

Hi all,

My office will be closed for the Christmas holidays and I would like 
to set up an mail autoresponder that will send back a notice to the 
sender for every mail sent at @our_domain.com .


What I really want is to reply to sender saying we are closed and will 
be back on Jan 5th. More, I want the received email to be delivered to 
the final recipient, so this one can follow up when he or she is back.


I found a website giving a procmail receipe that sounds good. I am 
just wondering if I have to add anything else to it, so the mail is 
delivered to the final user? Do you guys know an other way to set up a 
mail autoresponder, using postfix? Here is the website:

http://www.knowplace.org/pages/howtos/autoresponder_with_procmail_howto.php

Thanks in advance,

Chris

Query my postfix aliases file as a LDAP server?

[Evan Platt]

My primary MX record for my domain is an anti-spam server. This server 
then delivers to my mail server (so basically my postfix and firewall 
only allow smtp connections from a few IP's).


However the problem is the anti-spam server essentially allows anything 
at my domain - [EMAIL PROTECTED], etc. I maintain a list of allowed 
aliases in postfix - /etc/postfix/aliases. My anti-spam server can query 
an ldap server, and then reject at SMTP time, any invalid e-mail 
addresses. So basically, is there a way for postfix to act as a LDAPS 
server and allow a outside server query to check if a alias is valid?


Hope this makes sense...  I'm running Postfix 2.1.5 - I can obviously 
provide my postconf -n, but not sure that's needed..


Thanks. :)

Evan

OT: When Out Of Office Replies go bad

[Evan Platt]

Thought most people here would get a kick out of this :)

Evan

http://news.bbc.co.uk/2/hi/uk_news/wales/7702913.stm

When officials asked for the Welsh translation of a road sign, they 
thought the reply was what they needed.


Unfortunately, the e-mail response to Swansea council said in Welsh: "I 
am not in the office at the moment. Send any work to be translated".


So that was what went up under the English version which barred lorries 
from a road near a supermarket.


"When they're proofing signs, they should really use someone who speaks 
Welsh," said journalist Dylan Iorwerth.