Filtering Outgoing mail - Was: [OT - Renaming Attachments]
On Tue, 3 Feb 2015 17:06:14 +1300 Jeremy Bowen jer...@smartpoint.co.nz wrote: From here it looks like I need to initially add the following lines to master.cf: filterunix - n n - 10 pipe flags=Rq user=filter null_sender= argv=/usr/local/bin/myscript -f ${sender} -- ${recipient} I've knocked up a quick-and-dirty solution in the interim but I would like to improve on this. I've added the above filter section and replaced the previous content filter with -o content_filter=filter:dummy to my submission service in master.cf Outgoing mail is now being processed by my shell script and email is being sent OK. However, in implementing this, I've lost the DK signing ability and I'm also concerned at scalability performance as alluded to in the FILTER_README. Also, ALL outgoing email is processed by my script whether it needs to be or not. I would really value some recommendations on how to improve this. Thanks.
OT - Renaming Attachments
This one is a bit off-topic however I'm hoping that someone has come across something similar and can point me in the right direction. I would like to try to intercept certain outgoing emails which have an attachment matching a particular set of criteria and then, on-the-fly, rename the attachment (or extract, rename and re-attach it). Maybe via a content filter - amavis or procmail ??? These emails have a MIME Content-Type: application/pdf; header but the filename does not have a .pdf extension, which confuses the bulk of Windows email clients. I vaguely remember doing something similar with tnef/winmail.dat files over a decade ago but I can't find any details now (and I may be completely off base). Thanks in advance.
Re: OT - Renaming Attachments
On Mon, 02 Feb 2015 14:42:47 -0600 Noel Jones njo...@megan.vbhcs.org wrote: On 2/2/2015 2:28 PM, Jeremy Bowen wrote: I would like to try to intercept certain outgoing emails which have an attachment matching a particular set of criteria and then, on-the-fly, rename the attachment (or extract, rename and re-attach it). Maybe via a content filter - amavis or procmail ??? The 'altermime' filter is often recommended for this. Amavisd-new has some hooks for using altermime built in. Be aware that altermime does not seem to be an active project, the last program update was several years ago. Alternately, there are numerous perl MIME modules available that can be cobbled together if you can do some programming. Thanks for that. I've just tried altermime but it appears that it only operates on the message header and not the MIME headers in the body. I played around modifying altermime to scan the body too but I think I'm getting into the thar be dragons territory with that approach. I think I can do what I need to accomplish more accurately efficiently with sed and procmail. I'm just not quite sure how I would go about configuring postfix to make this operate on outgoing mail. Any advice ?
Re: OT - Renaming Attachments
On Tue, 3 Feb 2015 11:21:17 +1300 Jeremy Bowen jer...@smartpoint.co.nz wrote: I think I can do what I need to accomplish more accurately efficiently with sed and procmail. I'm just not quite sure how I would go about configuring postfix to make this operate on outgoing mail. Any advice ? OK, I've started with the FILTER_README and, using the Simple Content Filter example, have come up with a simple shell script which modifies the message the way I need it. I've tested this with: % /usr/local/bin/myscript -f sender -- recipient... message-file From here it looks like I need to initially add the following lines to master.cf: filterunix - n n - 10 pipe flags=Rq user=filter null_sender= argv=/usr/local/bin/myscript -f ${sender} -- ${recipient} This filter should pick up email from the submission service. What do I need to do from here ? (I already have a -o content_filter=dksign:[127.0.0.1]:10027 in the submission definition handling signing of outgoing email. ) Also, it appears that this approach may not be ideal as I don't think I can restrict things to only apply this on mail with a certain Subject: header. Am I on the right track here ? Thanks again.
Virtual Domain Hosting integrated with GNU Mailman
First up, please see the output from postconf -n appended below. I have just had to quickly rebuild a failed server and get it back into production. I have got basic functionality up and running but I've had to reconstruct the configuration as backups were incomplete (yeah I know!) It is now mostly working but there are some problems with my virtual domain config. For example: I am hosting the domains alpha.co.zz bravo.co.zz on myhost.sierra.co.zz (not the real names) I have the following email accounts: al...@alpha.co.zz b...@bravo.co.zz s...@sierra.co.zz I also have a Mailman mailing list - myl...@mailman.co.zz I have Mailman setup to create /var/lib/mailman/data/virtual-mailman which is included in virtual_alias_maps There are various Unix user accounts on the server also. It is supposed to be configured as per Non-Postfix mailbox store: separate domains, non-UNIX accounts from the VIRTUAL_README documentation but I had some issues with Mailman integration which I think resulted from virtual_mailbox_maps so it is not precisely as described. In my /etc/postfix/virtual file I have: s...@sierra.co.zzsam al...@alpha.co.zzalice b...@bravo.co.zzrobert Local email delivery is handled by LMTP via Cyrus-Imapd using mailbox_transport and virtual_transport. Email to b...@bravo.co.zz is delivered to the robert mailbox in /var/spool/imap/b/user/robert Email to s...@sierra.co.zz is delivered to the sam mailbox in /var/spool/imap/s/user/sam etc. The problem is that email addressed to s...@alpha.co.zz is also delivered to Sam's mailbox. Similarly al...@bravo.co.zz is delivered to Alice's mailbox regardless of the domain part. The Mailman config is working OK in that I can create new mailing lists, add subscribers etc. and mail sent to the address gets processed correctly. However mail sent to myl...@sierra.co.zz is also processed by Mailman. Currently there are no collisions in the name part of the email address but this is obviously not what I ultimately want. I've put this configuration together in a bit of a rush and the server is currently processing mail. There are no obvious error messages in the log. I'm sure that in the stress of getting things back online I'm missing something simple, possibly related to virtual_mailbox_maps, but I'm not sure what to set here so that Mailman updates things automatically. Could you please take a look at my settings and suggest where to look. Thanks in advance. [/etc/postfix]# /usr/sbin/postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = $myhostname, localhost inet_protocols = all local_destination_concurrency_limit = 5 local_destination_recipient_limit = 300 mail_owner = postfix mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks_style = host myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES recipient_delimiter = + sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_cert_file = /etc/postfix/ssl/newcert.pem smtp_tls_key_file = /etc/postfix/ssl/newkey.pem smtp_tls_note_starttls_offer = yes smtp_tls_security_level = may smtpd_helo_restrictions = permit_mynetworks,reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,permit smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_pipelining, permit_sasl_authenticated,reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient,reject_unknown_sender_domain, reject_unknown_recipient_domain,reject_unverified_recipient, check_sender_access hash:/etc/postfix/sender_access,reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net,permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_mynetworks,reject_non_fqdn_sender, reject_rhsbl_sender dsn.rfc-ignorant.org,permit smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/ssl/newcert.pem smtpd_tls_key_file = /etc/postfix/ssl/newkey.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom
Attachment decoder (slightly O/T)
Just a quick request for advice on filtering incoming email. About 12+ years ago on a system which has long since retired, I remember having a problem with WINMAIL.DAT attachments in emails. The solution used some combination of tools which, from memory, included things like tnefclean and mmencode. It would process email on the way into the server and sanitize it before delivering to the recipient's inbox. Some broken email clients can make a mess of attaching certain files which other clients then cannot open. I was thinking of doing something similar to the above (re-encode mime attachments) now but I'm not sure what the best way of handling this is. Any advice appreciated. Thanks.
Simple mailing list
Hi all I have a virtual alias which currently forwards to a list of email addresses however this is getting unwieldy. (This is one address amongst a bunch of other virtual aliases on multiple virtual domains). virtual_alias_maps = hash:/etc/postfix/virtual eg. /etc/postfix/virtual contains: mylist@mydomain address1, address2, address3 etc... I would like to setup a REALLY simple mailing list and don't want to go down the mailman route. Ideally I would like to supply a simple text file containing a list of email addresses which I could reference somehow. This text file could be edited by someone with limited skill, either on the server, or uploaded by FTP/scp, and used by Postfix. Is this even possible or am I going about this the wrong way ? Thanks in advance. J
Virtual Domains
Hi All I'm probably missing something really obvious but I can't see what I'm doing wrong. I have a server which I wish to use to host both my primary domain (eg. example.com) and several virtual domains (virtual1.com, virtual2.com etc.). I'm running Postfix v2.3.3 on CentOS 5 (This is the latest packaged version available with CentOS) [Note: I've substituted the actual domain names with examples.] First up, here's the output of postconf -n == alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 default_destination_concurrency_limit = 20 header_checks = regexp:/etc/postfix/header_checks html_directory = no inet_interfaces = all local_destination_concurrency_limit = 2 local_recipient_maps = proxy:unix:passwd.byname $alias_maps mail_owner = postfix mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain myhostname = phantom.example.com mynetworks = 127.0.0.0/8 mynetworks_style = host myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES relayhost = sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550 virtual_alias_domains = virtual1.com virtual2.com virtual_alias_maps = hash:/etc/postfix/virtual = my /etc/postfix/virtual file looks like this: @example.com jeremy j...@virtual1.com jane @virtual1.com fred @virtual2.com bill (Yes, these are catch-all recipes) My problem is that email sent to some...@virtual1.com is delivered to jer...@example.com as per the following log entry: Oct 12 10:04:33 phantom postfix/lmtp[9669]: 909161086FC: to=jer...@example.com, orig_to=f...@virtual1.com, relay=phantom.example.com[/var/lib/imap/socket/lmtp], delay=30, delays=30/0.04/0.11/0.33, dsn=2.1.5, status=sent (250 2.1.5 Ok) I think I'm probably wrong in specifying @example.com in the /etc/postfix/virtual file but I'm not sure where I should define the valid recipients for example.com. Should I not specify $mydomain in $mydestination and include all valid addresses in the virtual file or is it something more basic I'm missing. All help greatly appreciated. Regards Jeremy
Re: Virtual Domains
On 10/11/2010, Victor Duchovni victor.ducho...@morganstanley.com wrote: Avoid confusing yourself with localpart-only addresses on the RHS of address lookup tables. Given your myorigin setting, Make that: @example.com jer...@example.com j...@virtual1.com j...@example.com @virtual1.com f...@example.com @virtual2.com b...@example.com I have changed /etc/postfix/virtual and done a postmap on it and reloaded postfix. I now have something like @example.com jer...@example.com @virtual1.com j...@example.com b...@virtual.com b...@example.com j...@example.com j...@example.com etc. By now you probably figure out the issue. Virtual mappings are recursive, Doh! Yeah, that was it. I've previously been running with virtual mailboxes but this setup is using UNIX system accounts (hence the simple RHS) which confused me. (and catch-alls are a bad idea, but in any case) so jane, fred and bill match the first rule. You could add identity mappings: j...@example.comj...@example.com f...@example.comf...@example.com b...@example.comb...@example.com This is critical or you could stop shooting yourself in the foot with catch-all aliases! :-) Yeah, that could work :-) Thanks for the advice.
Problem with recipient verification
Hi I'm running Postfix v2.5.6 which I compiled myself from unmodified sources. (postconf -d appended below) I have a small server handling 5 domains and I'm having trouble with one of my virtual domains wrt recipient verification. Mail to 4 of the domains behaves correctly and is either accepted if the email address exists or is rejected with a 550 Mailbox unknown. The other domain (just added) attempts to connect to my ISP (relayhost) and rejects with a: 450 4.1.1 bo...@aaa.co.nz: Recipient address rejected: unverified address: connect to A.net.nz[XXX.XX.242.10]:24: Connection refused (see /var/log/mail excerpt below) Fair enough that this is being refused, but why is postfix probing my relayhost ? It should be verifying the address locally like it does with all the other domains. I've read the ADDRESS VERIFICATION README file but I cannot figure out why this one domain is behaving differently to all the others. Each domain is listed identically in my /etc/postfix/vdomains file on a line by itself. (I've also tried with hash:/etc/postfix/vdomains and adding an OK to the end and postmap'ing the vdomains file + reload, to no effect.) I'm running with Cyrus IMAP and using essentially the: Non-Postfix mailbox store: separate domains, non-UNIX accounts configuration from the VIRTUAL README. Any assistance would be appreciated. Thanks = /var/log/mail=== Nov 15 21:33:31 aeryn postfix/cleanup[1566]: 67AFAD0621: message- id=20091115083331.67afad0...@aeryn.aaa.aa Nov 15 21:33:31 aeryn postfix/qmgr[1425]: 67AFAD0621: from=double-bou...@aaa.aa, size=266, nrcpt=1 (queue active) Nov 15 21:33:31 aeryn postfix/lmtp[1568]: 67AFAD0621: to=mdxad...@aaa.aa, orig_to=aa...@aaa.co.nz, relay=aeryn.AAA.AA[/var/lib/imap/socket/lmtp], del ay=0.3, delays=0.01/0.04/0.22/0.04, dsn=2.1.5, status=deliverable (250 2.1.5 ok) Nov 15 21:33:31 aeryn postfix/qmgr[1425]: 67AFAD0621: removed Nov 15 21:33:31 aeryn postfix/smtpd[1543]: NOQUEUE: reject: RCPT from unknown[DDD.DDD.157.227]: 450 4.1.1 aa...@aa.co.nz: Recipient address rejected: unverified address: connect to myisp.net.nz[DDD.DD.242.10]:24: Connection refused; from=t...@aaa.aaa to=aa...@aa.co.nz proto=SMTP helo=.co.nz Nov 15 21:33:48 aeryn postfix/master[1110]: terminating on signal 15 =postconf -n= address_verify_map = btree:/var/lib/postfix/verify alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10028 daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no disable_vrfy_command = yes header_checks = regexp:/etc/postfix/header_checks html_directory = no local_destination_concurrency_limit = 5 local_destination_recipient_limit = 300 local_recipient_maps = mail_owner = postfix mail_spool_directory = /var/mail
Re: Problem with recipient verification
Eero Volotinen wrote: Jeremy Bowen wrote: Hi I'm running Postfix v2.5.6 which I compiled myself from unmodified sources. (postconf -d appended below) I have a small server handling 5 domains and I'm having trouble with one of my virtual domains wrt recipient verification. Why you even use address verification, if all users are on local machine? Sorry, I forgot to mention that one domain is used for a few mailing lists handled by a mailman installation running on a separate server. This is handled by an entry in the transport file.
Re: Problem with recipient verification
Barney Desmond wrote: 2009/11/15 Jeremy Bowen jer...@smartpoint.co.nz: I'm running Postfix v2.5.6 which I compiled myself from unmodified sources. (postconf -d appended below) Anyway, you need to post the output of `postconf -n` (settings that are non-default) - read the help, it tells you that -d shows the defaults, which are useless for diagnosis. I'm not sure where people get this from... Actually the output I posted was from postconf -n. The -d was a typo. Sorry for the confusion. Sorry, I forgot to mention that one domain is used for a few mailing lists handled by a mailman installation running on a separate server. This is handled by an entry in the transport file. That sounds like that domain is a candidate for classification as a relay_domain. Apologies if this has been mentioned before, but is that how you've got it configured? If you don't change too many settings, you generally already get recipient verification for designated local domains. That part of the system isn't the problem and is working perfectly well. (Yes, it is a relay, handled in the transport file) I have a prolem with the new domain I added to the server and it is this new domain which is doing verification probes to my ISP.
Re: Problem with recipient verification
I have a prolem with the new domain I added to the server and it is this new domain which is doing verification probes to my ISP. So, you need to add that domain to mydestination= parameter? It's added to my vdomains file as per: virtual_mailbox_domains = /etc/postfix/vdomains (And Yes, I've done all the relevant postmap and posfix reload commands)
Re: Problem with recipient verification
On 11/15/2009, (Wietse Venema) wie...@porcupine.org wrote: If you specify /etc/postfix/vdomains then postmap is not required, and some parts of Postfix never find out that the file has changed until postfix reload. postmap is required with, for example, hash:/etc/postfix/vdomains instead of /etc/postfix/vdomains. Thanks. Yes, I know this. I'm not a newbie. I was just trying to pre-empt a bunch of replies telling me I needed to remap/reload. I detailed this in my original post. What is the logic behind where the verification probe is sent ? 4 out of 5 domains (all configured identically as far as I can tell) operate correctly and the probe seems to be handled locally. The other domain passes the verification probe to my upstream (relayhost). For the domain handling my mailing lists (relay[] entry in transport) verification probes are sent correctly to the mailman server.
Re: Problem with recipient verification
On 11/15/2009, Eero Volotinen eero.voloti...@iki.fi wrote: virtual_mailbox_domains ($virtual_mailbox_maps) Postfix is final destination for the specified list of domains; mail is delivered via the $vir- tual_transport mail delivery transport. That domain is delivered via smtp, not via: No. I think I've confused you with the different domains. 1) Mailing list domain is a relay domain. Behaves correctly. External verify 2) Problem domain. Virtual domain. Locally handled. Verify via upstream. 3) Other domains. Virtual domains. Locally handled. Verify local. virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp The problem domain is (should be) handled by lmtp. Other identically configured domains are handled by lmtp and appear to be doing verification correctly. There is something different about one domain which causes it to send verification upstream.
Re: Problem with recipient verification
On 11/15/2009, Jeremy Bowen jer...@smartpoint.co.nz wrote: On 11/15/2009, (Wietse Venema) wie...@porcupine.org wrote: You configured one domain in a different manner than the four domains. To convince yourself, you could add a sixth domain (such as example.com) and see how Postfix tries to handle it. OK, Just added example.com to /etc/postfix/vdomains. [snip] I really cannot explain what is going on here. No actually I can. I am an idiot. Found the issue after grep'ing my /etc/postfix directory and diff'ing the example.com and problem domain occurrences. Previously this domain was hosted on another server. I still had an old entry in my transport file which was forwarding it. Doh! Thanks for all the pointers.
Re: Problem with recipient verification
On 11/15/2009, (Wietse Venema) wie...@porcupine.org wrote: You configured one domain in a different manner than the four domains. To convince yourself, you could add a sixth domain (such as example.com) and see how Postfix tries to handle it. OK, Just added example.com to /etc/postfix/vdomains. Added t...@example.com jeremy to /etc/postfix/virtual and t...@example.com OK to /etc/postfix/vmailbox Ran postmap virtual, postmap vmailbox, postfix reload Tested a message to t...@example.com Accepted OK and delivered to my mailbox. Tested a message to bo...@example.com got a: 550 5.1.1 bo...@example.com: Recipient address rejected: undeliverable address: in the SMTP conversation and a ...[/var/lib/imap/socket/lmtp] said: 550-Mailbox unknown in my /var/log/mail This seems to work as expected. I really cannot explain what is going on here.