Limit no of messages per relayhost
Hi all. I have an postfix installation configured to use my ISP's server as relayhost. I don't want to put too much load on it (and get blacklisted) so I'd like to limit the number of messages sent per minute. I found previous posts on how to do that per destination domain - but how about the relayhost? Thanks -JK
Re: Limit no of messages per relayhost
On Sat, January 31, 2009 3:01 pm, Wietse Venema wrote: > Jack Knowlton: >> Hi all. >> I have an postfix installation configured to use my ISP's server as >> relayhost. >> I don't want to put too much load on it (and get blacklisted) so I'd >> like >> to limit the number of messages sent per minute. >> I found previous posts on how to do that per destination domain - but >> how >> about the relayhost? > > Postfix is short-sighted. It thinks only one step ahead. The > relayhost *IS* the destination, for the purposes of connection > scheduling. > > Wietse > Ok. I configured *_destination_concurrency_limit but I was looking for something time-defined, like messages per minute. Is it possible to achieve? -JK
Edit message in active queue and re-submit
Hi all. Every day I have a bunch of messages stuck in the active queue because of address typos made by the sender. Some of them I just let exprire and go back to the user, but others could be so easily fixed (eg "hotmal.com" instead of "hotmail.com") that I would like to do that myself. Is there any way that I can edit the recipient address and re-submit the message to postfix so it can be re-processed with the correct domain? Thanks -JK
Transport map
Hi all. Is it possible to have a transport map with a regular expression? What I want is to use an external relay server for all the emails to be delivered on Yahoo domains (eg, yahoo.com, yahoo.co.uk, yahoo.es, ecc). If it is possible, how can I implement this? Thanks. -JK
Selective smtpd_sender_restrictions
Hi all. I currently have this smtpd_sender_restrictions setup on a mail server hosting several domains: smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/usr/local/etc/postfix/sender_checks, check_sender_access hash:/usr/local/etc/postfix/origin_checks, reject_unknown_sender_domain, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client dnsbl.njabl.org, reject_rhsbl_sender dsn.rfc-ignorant.org, permit It seems that the users on one of the domains receive a lot of mail from internal/restricted addresses (eg "ms1.local" or "something.lan") which of course are rejected by reject_unknown_sender_domain. Is it possible to disable that restriction for one particular domain only and keep it enforced for all the other mail? Thanks. -JK
Sender based relay server
Hi all. Our internal postfix server relays all outbound mail thru an external host. How can I set it to use a different relay server when the email comes from a specified domain? Eg. j...@domain1.com -> xxx.xxx.xxx.xxx (default), m...@domain2.com -> yyy.yyy.yyy.yyy Thanks. -JK
Re: Sender based relay server
On Sat, January 9, 2010 5:34 pm, Stan Hoeppner wrote: > Jack Knowlton put forth on 1/9/2010 9:57 AM: >> Hi all. >> Our internal postfix server relays all outbound mail thru an external >> host. >> How can I set it to use a different relay server when the email comes >> from >> a specified domain? Eg. j...@domain1.com -> xxx.xxx.xxx.xxx (default), >> m...@domain2.com -> yyy.yyy.yyy.yyy > > This might help ya: > > sender_dependent_relayhost_maps (default: empty) > > A sender-dependent override for the global relayhost parameter > setting. The > tables are searched by the envelope sender address and @domain. A lookup > result > of DUNNO terminates the search without overriding the global relayhost > parameter > setting (Postfix 2.6 and later). This information is overruled with > relay_transport, sender_dependent_default_transport_maps, > default_transport and > with the transport(5) table. > > For safety reasons, this feature does not allow $number substitutions > in > regular expression maps. > > This feature is available in Postfix 2.3 and later. > Thank you. I figured out how to make a per-domain relay, but what is the format for having the message directly delivered? I tried both "smtp:" and ":smtp" but none seemed to work.. -JK
Re: Sender based relay server
On Mon, January 11, 2010 5:04 pm, David Koski wrote: > On Monday 11 January 2010, Jack Knowlton wrote: >> Thank you. >> I figured out how to make a per-domain relay, but what is the format for >> having the message directly delivered? I tried both "smtp:" and ":smtp" >> but none seemed to work.. > > Is transport (man transport) what you are looking for? > > David Koski > da...@kosmosisland.com > > > I believe so, yet I could not find any example to match what I need. When the relay map is set as @domain2.com smtp: @domain3.com [yyy.yyy.yyy.yyy]:25 And I send a message from u...@domain2.com, I get this: Jan 11 17:53:47 dsrv3 postfix/smtp[7561]: C8890252DCE: to=, relay=none, delay=0.13, delays=0.03/0.07/0.02/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=smtp type=: Host not found) -JK
Maildir creation
Hi all.
I have a Postfix virtual users setup based on mysql tables. Messages are
stored in Maildir format.
I am aware that creating a virtual alias @domain1.com -> u...@domain2.com
will make Postfix accept emails for any username and deliver them to
u...@domain2.com.
Is it possible to do the same thing with users? I would like Postfix to
accept mail for any recipient of that particular domain and create the
matching Maildir once the first message has been received.
Thanks,
-JK
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
data_directory = /var/lib/postfix
fast_flush_domains = vp44.net
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
maximal_queue_lifetime = 14d
message_size_limit = 0
mynetworks = 127.0.0.0/8, 10.0.0.0/16, 172.16.0.0/24
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc_map
recipient_delimiter = +
relayhost = [172.16.0.30]:587
sender_bcc_maps = hash:/etc/postfix/sender_bcc_map
sender_dependent_relayhost_maps = hash:/etc/postfix/relay_map
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 150
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_client_access cidr:/etc/postfix/cidr_checks,
check_client_access regexp:/etc/postfix/client_access_checks,
permit
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
check_recipient_access regexp:/etc/postfix/accounts_regex,
check_recipient_access hash:/etc/postfix/accounts, check_client_access
cidr:/etc/postfix/postfix-dnswl-permit, reject_rbl_client
bl.spamcop.net,reject_rbl_client dyna.spamrats.com,
reject_rbl_client noptr.spamrats.com, reject_rbl_client
spam.spamrats.com,reject_rbl_client zen.spamhaus.org, permit
smtpd_reject_unlisted_sender = yes
smtpd_restriction_classes = nodnsfilter
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_check.cf
smtpd_sender_restrictions = check_recipient_access
hash:/etc/postfix/classes, reject_authenticated_sender_login_mismatch,
check_sender_access hash:/etc/postfix/origin_access_checks,
permit_mynetworks, permit_sasl_authenticated,
reject_unknown_sender_domain, reject_non_fqdn_sender, reject_rbl_client
dul.dnsbl.sorbs.net, reject_rbl_client dnsbl.njabl.org,
reject_rhsbl_sender dsn.rfc-ignorant.org, check_policy_service
inet:127.0.0.1:2501,permit
smtpd_timeout = 60
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
tls_random_exchange_name = ${data_directory}/prng_exch
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transport.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf
mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_uid_maps = static:5000
Re: Maildir creation
On Mon, March 1, 2010 11:34 pm, Wietse Venema wrote: > Jack Knowlton: >> I would like Postfix to >> accept mail for any recipient of that particular domain and create the matching Maildir once the first message has been received. >> Thanks, > This is possible but I don't think it is a good idea to auto-create maildirs for users whose name starts with "../../", shell special characters, and so on. For these reasons Postfix will not allow > regular expression maps to be used for this purpose. > Wietse Hi Wietse, Thank you for the response. I am working on a disposable e-mail addressing service thus need to accept mail for any username. The message files will be read by the WWW daemon on a drive that shadow copies the primary Postifx Maildirs. I can manually work out a list of "forbidden" destination usernames that will be rejected. Parsing one by one the message files to match against "X-Original-To" header is not an option performance-wise. If possible I would still like to implement the automatic maildir creation process. Thanks, JK
Maildir ownership/permission flags
Hi all, I have a Postfix virtual users setup based on mysql tables. Messages are stored in Maildir format. Maildirs are owned by "vmail:vmail" . I want another user to be able to read those Maildir files so I added him to the "vmail" group. Unfortunately Postfix seems to create the directory structure with permissions 700 when I actually need 740 (group readable) dsrv:~# ls -alh /var/mail/virtual/domain.com/ drwx--S--- 5 vmail vmail 120 2010-03-02 07:52 kvf2igxx Thanks. -JK
Spam to sender_bcc_maps
Hi all. Somehow spammers got hold of a couple addresses in my sender_bcc_maps and are sending mail directly to those. How can I restrict the source of messages to those addresses to localhost only? Thanks, -JK
cidr table on mysql database
Hi all. Is it possible to store a CIDR access table on a mysql database? It would be very useful so I could have a centralized list to serve all MXs' instead of rsync'ing files each time. Thanks, JK
Remove Received: headers
Hi all. We have a local postfix server that relays to another postfix server via VPN and I would like to remove the "Received:" headers so that only the last one is included in the email message. How do I proceed to do that? Do I need to set up altermime? Thanks -JK
Log question
Hi all. Today, while sending an email, I monitored postfix's log. The message was going thru postfix and then relayed to the recipient's MX: Jun 8 13:03:21 dsrv postfix/smtpd[13477]: AADDD17B812: client=whatever[xx.xx.xx.xx], sasl_method=LOGIN, sasl_username=u...@mydomain.com Jun 8 13:03:22 dsrv postfix/qmgr[3139]: AADDD17B812: from=, size=1395, nrcpt=1 (queue active) Jun 8 13:03:24 dsrv postfix/qmgr[3139]: 4CF1A17D17C: from=, size=1838, nrcpt=2 (queue active) Jun 8 13:03:24 dsrv amavis[26650]: (26650-04) Passed CLEAN, [xx.xx.xx.xx] [xx.xx.xx.xx] -> , Message-ID: <005f01c9e828$5f41bf50$1dc53d...@com>, mail_id: OXs5BXQ6GyU0, Hits: -4.012, size: 1395, queued_as: 4CF1A17D17C, 1939 ms Jun 8 13:03:30 dsrv postfix/smtp[27317]: 4CF1A17D17C: to=, relay=172.16.0.10[172.16.0.10]:25, delay=6.5, delays=0.05/0.06/5.7/0.72, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 0F353B81E) Until here, everything was kosher. Amavis processed the message and postfix correctly applied the "sender_bcc_maps" setting. What I don't really get, is what happened next: Jun 8 13:04:14 dsrv postfix/smtpd[13477]: connect from polluce.unimo.it[155.185.1.151] Jun 8 13:04:17 dsrv postfix/smtpd[13477]: EFF8117B812: client=polluce.unimo.it[155.185.1.151] Jun 8 13:04:17 dsrv postfix/smtpd[13477]: disconnect from polluce.unimo.it[155.185.1.151] Jun 8 13:04:23 dsrv postfix/smtp[27318]: 4CF1A17D17C: to=, relay=polluce.unimo.it[155.185.1.151]:25, delay=59, delays=0.05/0.07/49/9.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7EDDA26494) Jun 8 13:04:23 dsrv postfix/qmgr[3139]: 4CF1A17D17C: removed I understand the message was succesfully delivered to the recipient's server, but where the heck did EFF8117B812 come from? And where did it go, since there are no further traces in the logs of that queue id? -JK
Return-Path filtering
Hi all. I'm looking to filter emails that have a specific return-path address. As far as I understand, the rule's going to be in header_checks..but can I REJECT or only DISCARD the message? Also, what should the regex look like? I tried a quick fix yesterday but it doesn't seem to be working: #/^Return-Path: / REJECT TI SPAM discarded. /^Return-Path: / DISCARD TI SPAM discarded. Thanks! -JK
Re: Return-Path filtering
On Fri, January 20, 2012 11:15 am, Ralf Hildebrandt wrote: > * Jack Knowlton : >> Hi all. >> I'm looking to filter emails that have a specific return-path address. > Use check_sender_access > Ok, but will it work even though From:<> != Return-Path:<> ? Also, I was under the impression that to filter based on header contents the only solution is header_checks.. -JK
Re: Return-Path filtering
On Fri, January 20, 2012 11:24 am, Ralf Hildebrandt wrote: > * Jack Knowlton : >> On Fri, January 20, 2012 11:15 am, Ralf Hildebrandt wrote: >> > * Jack Knowlton : >> >> Hi all. >> >> I'm looking to filter emails that have a specific return-path >> address. >> > Use check_sender_access >> > >> >> Ok, but will it work even though From:<> != Return-Path:<> ? > > Return-Path: is added by the local delivery agent ONLY, thus > header_checks won't work > Got it now. My bad :) -JK
check_recipient_access in MySQL
Hi guys. I'm looking into implementing a check_recipient_access as a table inside a MySQL database. It's basically a list of users that have been banned from the system and for whom I don't want a simple 550 user unknown bounce. Currently the list is a flat file hash map: u...@domain.com REJECT This particular user has been banned. us...@domain.com REJECT This particular user has been banned. First of all, what should be the table structure? Are "REJECT" and "This particular user has been banned." two separate fields? Secondly, what should query performed by postfix look like? Thanks! -JK
Re: check_recipient_access in MySQL
On Wed, February 15, 2012 5:37 pm, /dev/rob0 wrote: > On Wed, Feb 15, 2012 at 03:50:00PM +0100, Jack Knowlton wrote: >> I'm looking into implementing a check_recipient_access as a table >> inside a MySQL database. It's basically a list of users that have >> been banned from the system and for whom I don't want a simple 550 >> user unknown bounce. Currently the list is a flat file hash map: >> >> u...@domain.com REJECT This particular user has been banned. >> us...@domain.com REJECT This particular user has been banned. >> >> First of all, what should be the table structure? Are "REJECT" and >> "This particular user has been banned." two separate fields? > > You might wish to review these: > http://www.postfix.org/SMTPD_ACCESS_README.html > http://www.postfix.org/access.5.html > > The first word is the access(5) action, and the rest of it is the > reject message given to the client. > >> Secondly, what should query performed by postfix look like? > > Obviously depends on your schema and RDBMS. Here's mine for sqlite: > > query = SELECT > CASE WHEN A1.active!=0 AND A1.rclass IS NOT NULL > THEN substr((100 + A1.rclass), 2, 2) > ELSE substr((100 + D1.rclass), 2, 2) > END > FROM "Address" AS A1 > JOIN "Domain" AS D1 ON A1.domain=D1.id > WHERE A1.localpart IS '%u' AND D1.name IS '%d' > result_format = RC%s > > Returns RCxx where xx is a two-digit number, and where RCxx has been > defined in main.cf and also listed in smtpd_restriction_classes. The > Address and Domain tables each have a column "rclass" containing an > integer in the range 0-99. > > You can greatly simplify this by listing the whole address and the > entire actual restriction as columns in your table. See > mysql_table(5) for Postfix-specific hints, and talk to the MySQL > people for support of their software. Thanks! Do you think this could work CREATE TABLE IF NOT EXISTS `recipient_access` ( `id` int(4) NOT NULL AUTO_INCREMENT, `insdate` timestamp NULL DEFAULT CURRENT_TIMESTAMP, `address` varchar(64) NOT NULL, `action` text NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; with this query: dbname = postfix hosts = 10.0.1.54 query = SELECT action FROM recipient_access WHERE address='%s' ? -JK
Re: check_recipient_access in MySQL
On Wed, February 15, 2012 6:08 pm, Brian Evans - Postfix List wrote: > On 2/15/2012 11:57 AM, Jack Knowlton wrote: >> On Wed, February 15, 2012 5:37 pm, /dev/rob0 wrote: >>> On Wed, Feb 15, 2012 at 03:50:00PM +0100, Jack Knowlton wrote: >>>> I'm looking into implementing a check_recipient_access as a table >>>> inside a MySQL database. It's basically a list of users that have >>>> been banned from the system and for whom I don't want a simple 550 >>>> user unknown bounce. Currently the list is a flat file hash map: >>>> >>>> u...@domain.com REJECT This particular user has been banned. >>>> us...@domain.com REJECT This particular user has been banned. >>>> >>>> First of all, what should be the table structure? Are "REJECT" and >>>> "This particular user has been banned." two separate fields? >>> You might wish to review these: >>> http://www.postfix.org/SMTPD_ACCESS_README.html >>> http://www.postfix.org/access.5.html >>> >>> The first word is the access(5) action, and the rest of it is the >>> reject message given to the client. >>> >>>> Secondly, what should query performed by postfix look like? >>> Obviously depends on your schema and RDBMS. Here's mine for sqlite: >>> >>> query = SELECT >>> CASE WHEN A1.active!=0 AND A1.rclass IS NOT NULL >>> THEN substr((100 + A1.rclass), 2, 2) >>> ELSE substr((100 + D1.rclass), 2, 2) >>> END >>> FROM "Address" AS A1 >>> JOIN "Domain" AS D1 ON A1.domain=D1.id >>> WHERE A1.localpart IS '%u' AND D1.name IS '%d' >>> result_format = RC%s >>> >>> Returns RCxx where xx is a two-digit number, and where RCxx has been >>> defined in main.cf and also listed in smtpd_restriction_classes. The >>> Address and Domain tables each have a column "rclass" containing an >>> integer in the range 0-99. >>> >>> You can greatly simplify this by listing the whole address and the >>> entire actual restriction as columns in your table. See >>> mysql_table(5) for Postfix-specific hints, and talk to the MySQL >>> people for support of their software. >> >> Thanks! >> >> Do you think this could work > > Yes it can work as long as the FIRST word of `action` is a valid > access(5) return value. > > It is recommended to test with 'postmap -q value > mysql:/path/to/tabledef' before implementing. > > Also, consider using proxy:mysql:/path/to/tabledef in production to > consolidate connections and not overload your database. > http://www.postfix.org/proxymap.8.html > Very much obliged, it works great! Same thing can be done for check_sender_access, right? And what about storing a CIDR table into a database - is it possible? -JK
Adding custom header
Hi guys. My mailserver uses a relayhost which basically only signs messages with DKIM and delivers them. I would like to add a custom header, something like "X-Abuse: if spam/uce email ab...@mydomain.com". How should I go about, without postfix adding the header twice (before and after dkimfilter-out)? Thanks. -JK
Re: Adding custom header
On Wed, February 22, 2012 1:20 am, Wietse Venema wrote: > Jack Knowlton: >> Hi guys. >> My mailserver uses a relayhost which basically only signs messages with >> DKIM and delivers them. >> I would like to add a custom header, something like "X-Abuse: if >> spam/uce >> email ab...@mydomain.com". >> How should I go about, without postfix adding the header twice (before >> and >> after dkimfilter-out)? > > See the discussion of receive_override_options in the FILTER_README > documentation (http://www.postfix.org/FILTER_README.html). > > Wietse > Thanks. It does seem to work :) Now I would like to add another header, right under the X-Abuse. How can I perform that? I tried with the same regex based on /^Subject: .*/, but it doesn't seem to be adding both.. -JK
