getting loops on multi-instance configuration

[Gerardo Herzig]

Hi all. Im getting a loop in my postfix-multi configuration, and cant
see what is wrong. I try to follow the README [1] as close as i could.

Here is a sample of /var/log/mail after a email is received:
Mar  4 18:43:28 vmailmulti postfix-in/smtpd[28733]: connect from
mail.fmed.uba.ar[157.92.152.1]
Mar  4 18:43:28 vmailmulti postfix-in/smtpd[28733]: 4DD09D81D1:
client=mail.fmed.uba.ar[157.92.152.1]
Mar  4 18:43:28 vmailmulti postfix-in/cleanup[28735]: 4DD09D81D1:
message-id=4b902860.6060...@fmed.uba.ar
Mar  4 18:43:28 vmailmulti postfix-in/qmgr[28731]: 4DD09D81D1:
from=gher...@fmed.uba.ar, size=726, nrcpt=1 (ueue active)
Mar  4 18:43:28 vmailmulti postfix-in/smtpd[28733]: disconnect from
mail.fmed.uba.ar[157.92.152.1]
Mar  4 18:43:32 vmailmulti postfix-out/smtpd[28737]: connect from
localhost[127.0.0.1]
Mar  4 18:43:32 vmailmulti postfix-out/smtpd[28737]: 9EFA2D81D2:
client=mail.fmed.uba.ar[157.92.152.1]
Mar  4 18:43:32 vmailmulti postfix-out/cleanup[28739]: 9EFA2D81D2:
message-id=4b902860.6060...@fmed.uba.ar
Mar  4 18:43:32 vmailmulti postfix-out/smtpd[28737]: disconnect from
localhost[127.0.0.1]
Mar  4 18:43:32 vmailmulti postfix-out/qmgr[28668]: 9EFA2D81D2:
from=gher...@fmed.uba.ar, size=1398, nrcpt=1(queue active)
Mar  4 18:43:32 vmailmulti postfix-in/smtpd[28733]: connect from
unknown[157.92.152.62]
Mar  4 18:43:32 vmailmulti postfix-in/smtpd[28733]: AA33AD81D3:
client=unknown[157.92.152.62]
Mar  4 18:43:32 vmailmulti postfix-in/cleanup[28735]: AA33AD81D3:
message-id=4b902860.6060...@fmed.uba.ar
Mar  4 18:43:32 vmailmulti amavis[28480]: (28480-04) Passed SPAMMY,
[157.92.152.1] [157.92.152.105] gher...@fed.uba.ar -
gher...@vmail.fmed.uba.ar, Message-ID: 4b902860.6060...@fmed.uba.ar,
mail_id: x6Po8fRtlSTq, its: 6.333, size: 726, queued_as: 9EFA2D81D2, 4351 ms
Mar  4 18:43:32 vmailmulti postfix-in/smtp[28736]: 4DD09D81D1:
to=gher...@vmail.fmed.uba.ar, relay=127.0.0.1127.0.0.1]:10025,
delay=4.4, delays=0.03/0.01/0/4.4, dsn=2.0.0, status=sent (250 2.0.0 Ok,
id=28480-04, from MA([127.0.0.1]:10026): 250 2.0.0 Ok: queued as 9EFA2D81D2)
Mar  4 18:43:32 vmailmulti postfix-in/qmgr[28731]: 4DD09D81D1: removed
Mar  4 18:43:32 vmailmulti postfix-in/smtpd[28733]: disconnect from
unknown[157.92.152.62]
Mar  4 18:43:32 vmailmulti postfix-in/qmgr[28731]: AA33AD81D3:
from=gher...@fmed.uba.ar, size=1599, nrcpt=1 queue active)
Mar  4 18:43:32 vmailmulti postfix-out/smtp[28740]: 9EFA2D81D2:
to=gher...@vmail.fmed.uba.ar,
relay=vmail.fmd.uba.ar[157.92.152.62]:25, delay=0.08,
delays=0.04/0.01/0/0.02, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued s
AA33AD81D3)
Mar  4 18:43:32 vmailmulti postfix-out/qmgr[28668]: 9EFA2D81D2: removed
Mar  4 18:43:36 vmailmulti postfix-out/smtpd[28737]: connect from
localhost[127.0.0.1]
Mar  4 18:43:36 vmailmulti postfix-out/smtpd[28737]: B8EEED81D1:
client=unknown[157.92.152.62]
Mar  4 18:43:36 vmailmulti postfix-out/cleanup[28739]: B8EEED81D1:
message-id=4b902860.6060...@fmed.uba.ar
Mar  4 18:43:36 vmailmulti postfix-out/smtpd[28737]: disconnect from
localhost[127.0.0.1]
Mar  4 18:43:36 vmailmulti postfix-out/qmgr[28668]: B8EEED81D1:
from=gher...@fmed.uba.ar, size=2097, nrcpt=1(queue active

So, the email comes to postfix-in, it send trough amavis, and later a
new (repeated) mail appear. It never goes to the central hub. Eventualy,
i get

Mar  4 18:48:17 vmailmulti postfix-out/smtp[28770]: 80A9AD814C:
to=gher...@vmail.fmed.uba.ar,
relay=vmail.fmed.uba.ar[157.92.152.62]:25, delay=385,
delays=385/0.01/0.01/0.02, dsn=4.4.0, status=deferred (host
vmail.fmed.uba.ar[157.92.152.62] said: 454 4.4.0 Error: too many hops
(in reply to end of DATA command))


Here is my config files:
/etc/postfix-in/main.cf
soft_bounce = yes
queue_directory = /var/spool/postfix-in
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix-in
mail_owner = postfix
inet_interfaces = all
mydestination =
local_recipient_maps =
unknown_local_recipient_reject_code = 550
alias_maps =
alias_database =


debug_peer_level = 2
debugger_command =
 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
 ddd $daemon_directory/$process_name $process_id  sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix-doc/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix-doc/samples
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
master_service_disable =
authorized_submit_users = root
multi_instance_group = mta
multi_instance_name = postfix-in
local_transport = error:5.1.1 Mailbox unavaiable
local_header_rewrite_clients =
default_transport = smtp:[127.0.0.1]:10025
relay_transport = $default_transport
virtual_transport = $default_transport
smtp_send_xforward_command = yes
smtp_destination_recipient_limit = 1000
smtp_data_done_timeout = 1200s
smtpd_client_port_logging = no
multi_instance_enable = yes

confused about MULTI_INSTANCE readme

[Gerardo Herzig]

Hi all, im reading the docs about setting postifx with multiples
instances [1]. At the Setting up the null-client Postfix instance
part, there is a sample main.cf which will be a local-submission null
client: file, with this:
.
.
# Send everything to the internal mailhub
#
relayhost = [mailhub.example.com]
.
.
Later in the doc, it mentions The default Postfix
instance[...]responsible for local mail submission

So, the questions:
- That mailhub.example.com should be the name of The default Postfix
instance?

- Should the null-client Postfix instance be a
member of the multi-instance group, with its own conf directory?

Thanks!
Gerardo






[1] http://www.postfix.org/MULTI_INSTANCE_README.html

Re: Any way to avoid message duplication after mailing list expansion?

[Gerardo Herzig]

Gianni Sandigliano wrote:
 
 Is there any way to avoid message duplication after mailing list expansion?
 
 
 A quick example:
 
 
 A message is sent:to: al...@mycompany.com
 
 cc: theb...@mycompany.com
 
 Because theboss is included in Alist (and the sender does not know
 it...) two copies of the message are delivered to theboss.
 
 The desired feature would be:
 1) avoid delivering to an address in bcc: list when the same address is
 already listed in cc: or to:
 2) avoid delivering to an address in cc: list when the same address is
 already listed in to:
 
 Is this possible in postfix? Could someone point me in the right direction?
 
 Tnks,
 Gianni
 
 
I think duplicated mail detection should be done at mta-level. If you
are using procmail, there is a simple recipe to do it

:0 Wh: msgid.lock
| formail -D 8192 msgid.cache

HTH
Gerardo

Re: python framework for a policy daemon?

[Gerardo Herzig]

Ralf Hildebrandt wrote:
 Is there a ready to use python framework for a policy daemon?
 I have a nice idea for a policy daemon :)
 
Well, googling around 'python postfix policy' gives me some, but looks
like only do a 'spf' test.

http://sourceforge.net/projects/p-ppolicyserver/
http://www.openspf.org/Software
http://www.tummy.com/Community/software/tumgreyspf/

Anyway, i will love to colaborate with you, if you like.

Cheers.
Gerardo

just one account of my domain that is not getting any email

[Gerardo Herzig]

Well. This is weird. One of my co-workers is not getting any mail, not
even internal ones. The logs shows that the email is delivered without
any problems:

this happens when i (gherzig) send an email to my body (mmanoni). Both
in the same domain.



pampa:/home/mmanoni/Maildir # grep CBCAC39C2F2 /var/log/mail
Aug  7 15:36:11 pampa postfix/smtpd[31089]: CBCAC39C2F2:
client=mailbis[157.92.155.58], sasl_method=PLAIN,
sasl_username=gher...@mail.fmed.uba.ar

Aug  7 15:36:11 pampa postfix/cleanup[27050]: CBCAC39C2F2:
message-id=4a7c3f4d.4000...@fmed.uba.ar

Aug  7 15:36:11 pampa postfix/qmgr[18184]: CBCAC39C2F2:
from=gher...@fmed.uba.ar, size=502, nrcpt=1 (queue active)

Aug  7 15:36:11 pampa postfix/local[29893]: CBCAC39C2F2:
to=mman...@fmed.uba.ar, relay=local, delay=0, status=sent (delivered
to command: IFS=' '  exec /usr/bin/procmail || exit 75 #mmanoni)

Aug  7 15:36:11 pampa postfix/qmgr[18184]: CBCAC39C2F2: removed



See? Looks like the email is going thereBut the email is not
reaching his home dir.

-Procmail logs shows nothing at all (even putting VERBOSE=on).
-Permissions on the dirs looks good.
-Any other account is working OK.



I just dont have any clue of where starting to look at...
This is postfix 2.2.1 running on Suse Linux 9.3

Any ideas?
Gerardo

Re: Tip: Restricting mail reception using a remote service's SPF records

[Gerardo Herzig]

Ville Walveranta wrote:
 Here's the completed script (the IP/CIDR extract worked perfectly --
 thanks Barney!):
 
 ---
 #!/bin/sh
 
 ORIGINAL=/usr/local/etc/postfix/tables/client_access_maps.cidr
 NEW=/tmp/postfix_clients.tmp
 
 dig +short senderdomain.net TXT | grep 'v=spf1' | egrep -o
 'ip4:[0-9./]+' | sed 's/^ip4://' | sed 's/$/  OK/'  $NEW
 
 ORIGINAL_CK=`cksum $ORIGINAL | awk '{print $1}'`
 NEW_CK=`cksum $NEW | awk '{print $1}'`
 
 if [ -s $NEW ] ; then
   if [ $ORIGINAL_CK != $NEW_CK ] ; then
 cp -f $NEW $ORIGINAL
 postfix reload  /dev/null
   fi
 fi
 
 rm $NEW
 
 exit 0
 ---
 
 It works except that the Postfix refresh message
 (postfix/postfix-script: refreshing the Postfix mail system) is
 displayed despite of the attempt to redirect it to /dev/null?  Any
 idea how I could hide it?
 
 Ville
 
 
Try
postfix reload 2/dev/null instead

Gerardo

Re: Spam attacks

[Gerardo Herzig]

Dave Johnson wrote:
 Hi all
 
 Is there anyway of stopping the from j...@foo.com to j...@foo.com spam
 attacks?
 
 Regards
 
  
 
Well. If you are delivering via procmail, you can have a procmail rule
like this one (untested, and posibly larger than a experienced procmail
user will do, but should work):

SHELL=/bin/bash
__TO=`formail -z -x 'To:'`
__FROM=`formail -z -x 'From:'`

:0fw
* __TO ?? __FROM
| formail -I X-From-And-To-Are-The-Same: Yes

## This will forward the mail, with a X-header that you can chase via a
spamassasin rule. I will prefer this way instead of just droping the
mail, cause, as many has told you, will probably block legitimate mail.

HTH
Gerardo

Re: Spam attacks

[Gerardo Herzig]

Paweł Leśniak wrote:
 W dniu 2009-03-03 17:46, Noel Jones pisze:
 Some people reject their own domain from outside, unauthenticated
 clients, but this will certainly reject some amount of legit mail.
 
 Could you write a little bit how is it possible to reject legit mail by
 rejecting unauthenticated clients when all users do use SASL
 authentication or are in my_networks?
 
 
 Pawel Lesniak
 
 
 
Well, some ppl can configure to use their @myhost email, via, lets say
@yahoo smtp. This is a legit mail that will be rejected.

throtling / queue management system

[Gerardo Herzig]

Hi all. Im want something for throtling msgs, say if user X sends more
than 10 emails/minute, then requeue next msgs from user X with some
lower priority. Policyd is not bad, but it rejects emails when the limit
is reached.

Anyone knows an application like this? Will involve hacking/patching
postfix code?

Thanks!
Gerardo

spammers using my mailserver trough webmai

[Gerardo Herzig]

Hi all. Im facing a ugly situation. Some spammer is using the webmail to
 send spam. The thing is, hes using an actual account/password (from my
server)to authenticate agains the webmail, and then sending mail from
UK LOTTO [EMAIL PROTECTED]...crap!!

Since i have
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination

This dude is authenticated, so...what can i do? Cant i restrict or check
the address which is sending and forbidde those which are not of my domain?

Thanks!
Gerardo

Re: spammers using my mailserver trough webmai

[Gerardo Herzig]

Victor Duchovni wrote:
 On Thu, Dec 11, 2008 at 02:32:52PM -0300, Gerardo Herzig wrote:
 
 Hi all. Im facing a ugly situation. Some spammer is using the webmail to
  send spam. The thing is, hes using an actual account/password (from my
 server)to authenticate agains the webmail, and then sending mail from
 UK LOTTO i...@uklotto.com...crap!!

 Since i have
 smtpd_recipient_restrictions = permit_sasl_authenticated,
 permit_mynetworks, reject_unauth_destination

 This dude is authenticated, so...what can i do? Cant i restrict or check
 the address which is sending and forbidde those which are not of my domain?
 
 Change the password for the compromised account. Or do you offer free
 sign-up?
 

Well, yes, that an option. But seems like a partial solution. About the
postfix configuration: There is anything i can do to avoid an account
@uklotto (or whatever is not my domain) send mail trough my server? Crap
i feel not :(

Thanks for the suggestion.
Gerardo

Re: spammers using my mailserver trough webmai

[Gerardo Herzig]

Terry Carmen wrote:
 
 Hi all. Im facing a ugly situation. Some spammer is using the
 webmail to
  send spam. The thing is, hes using an actual account/password
 (from my
 server)to authenticate agains the webmail, and then sending mail from
 UK LOTTO i...@uklotto.com...crap!
 
 I'd also recommend switching to a webmail package that doesn't allow the
 user to specify the from address. If this guy did it, I'm sure his
 friends will follow soon.
 
 Squirrelmail works nicely.
 
 Terry
 
 
Oh, actually im using squirrelmail. Im going to see what i have to do
with it now.

Thanks!
Gerardo

Re: spammers using my mailserver trough webmai

[Gerardo Herzig]

mouss wrote:
 Gerardo Herzig a écrit :
 Victor Duchovni wrote:
 On Thu, Dec 11, 2008 at 02:32:52PM -0300, Gerardo Herzig wrote:

 Hi all. Im facing a ugly situation. Some spammer is using the webmail to
  send spam. The thing is, hes using an actual account/password (from my
 server)to authenticate agains the webmail, and then sending mail from
 UK LOTTO i...@uklotto.com...crap!!

 Since i have
 smtpd_recipient_restrictions = permit_sasl_authenticated,
 permit_mynetworks, reject_unauth_destination

 This dude is authenticated, so...what can i do? Cant i restrict or check
 the address which is sending and forbidde those which are not of my domain?
 Change the password for the compromised account. Or do you offer free
 sign-up?

 Well, yes, that an option. But seems like a partial solution. About the
 postfix configuration: There is anything i can do to avoid an account
 @uklotto (or whatever is not my domain) send mail trough my server? Crap
 i feel not :(

 
 smtpd_sender_restrictions =
   check_sender_access hash:/etc/postfix/mysenders
   reject_unauth_destination
   ...
 
 
 == mysenders:
 example.com   OK
 
 Note that this works for the envelope sender, not the From: or reply-To:
 headers.
 
 
Oh, that sounds good to me!
Thanks mouss!

Gerardo

filtering outgoing emails

[Gerardo Herzig]

Hi all. Im looking a way to check outgoing mail for viruses.
Im reading http://www.postfix.org/SMTPD_PROXY_README.html, and looks
like what im looking for. Im at the right path?

I hope so.

This is for a 2000 email accounts server, 20 listing mails (some of
those with 15000 users), so cant be shure if it fits into heavy or
low traffic ^^

Comments and recomendations will be appreciated.

Gerardo