Re: bcc send map issue - duplication when mail sent from other host
On 2011-09-19 07:34, Michael Ribbons wrote: I have ruled out the amavis setup. What I need is a way to specify sender_bcc_maps only if the mail is sent from an authenticated user - This may be achievable by having a separate cleanup process for submission, but I don't want to use submission - The set up on the mua side should be a normal pop or imap setup with any special ports eg 587. An email client, or Mail User Agent, does not use POP or IMAP to *send* mail. I'm sure I pointed this out before. Mail clients should use submission to send email to an MSA. This goes over port 587 and must be authenticated and encrypted. There's a whole RFC about it - 4409. Since you say you want sender_bcc_maps applied only on authenticated user mail, this means you should be using submission, which mandates authentication. Applying these settings only on submission is trivial, and works in the way you already indicated. The reason you claimed it did not is obvious - you did not use submission in the client. -- J.
Re: Tony's Quick Guide to CSA
On 2011-09-19 03:40, Benny Pedersen wrote: was reading something about client smtp auth :=) http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/antiforgery/csa.html hope it will be supported in postfix Thanks Tony for make the guide That would be non-trivial to implement in postfix, and since this is the first I've heard of it, I doubt it is very prevalent. However, it sounds like an ideal job for a policy service. -- J.
Re: Problems with hash map file reloading
On 2011-09-19 19:54, Paul Enlund wrote: Hello I am having problems with the reloading of hash: map files. The text files are generated on a master server then rsync'd to the secondary MX server. There seems to be a variable delay on the secondary MX before it picks up that the .db files have changed. It appears it can take as long as 5 minutes before the .db file changes take affect on the operation of the secondary address restrictions when receiving mail. Is this time period fixed or can it be set in configuration? Explained here: http://www.postfix.org/DATABASE_README.html#detect -- J.
Re: bcc send map issue - duplication when mail sent from other host
On 2011-09-16 04:08, Michael Ribbons wrote: Hi, I am using bcc_send_maps No such option exists. You may be referring to sender_bcc_maps. so all mail sent by POP Ugh. Re-check your basics - POP is not a mail SENDING protocol. is BCC to a particular address. So all mail from @example.com is BCCd to crm_sys...@example.com This works fine. However when we send mail from our webshop, the mail gets BCC'd as well, eg mail from webs...@example.com, mail to: sa...@example.com I think this is because the first address matches the send map spec of @example.com However I don't want this behaviour - We are also using bcc_recipient_maps so everything coming in to @example.com already gets copied to crm_sys...@example.com Again, the option is called recipient_bcc_maps. And why use both for the same domain ? That sounds suspicously like a broken configuration attempt. Is there any way to tell postfix not to use bcc_send_maps for mail sent by other sendmails? Exclude it. Map formats and examples are documented clearly. http://www.postfix.org/postconf.5.html#recipient_bcc_maps http://www.postfix.org/postconf.5.html#sender_bcc_maps http://www.postfix.org/ADDRESS_REWRITING_README.html#overview -- J.
Re: Disclaimer with always_bcc and config problems
On 2011-09-13 00:42, mouss wrote: Le 13/09/2011 00:04, Jeroen Geilman a écrit : On 2011-09-12 06:21, Alex wrote: Hi, I'm trying to configure a disclaimer footer using altermime with postfix-2.7.5, amavisd-new-2.6.4. I've tried to follow the examples for creating a new filter, but the messages appear to be being reinjected at the wrong spot and are being delivered multiple times to the always_bcc recipient. I thought I could outline my current config, and someone could help me to find what I'm missing. I have about twenty virtual domains, but it would be okay to use the same disclaimer footer text for each domain. I'd also like to be sure SASL authenticated clients are permitted as well. I'm not sure this configuration will only work with my domains, and only on outbound mail. How is this controlled? By limiting the scope of the setting to one or more individual daemons. Settings in main.cf affect all instances of any particular daemon. If you need this controlled per domain, either use a recipient access map with a FILTER action to select among multiple filters, or take care of the domain in the content_filter. For 20 domains, adding 20 filters is probably not the easiest solution. Just parse the domain part in your content_filter and act appropriately. smtp inet n - n - - smtpd -o receive_override_options=no_address_mappings -o content_filter=filter:dummy I would suggest not naming an actual filter something as generic as filter - use footer instead, in this case. Also, smtP(8) does not receive mail, so this is not the correct place to apply these settings - they achieve nothing. the above is an smtpD. see end of line. the smtp at start of line is the name of the service to be found in /etc/services, ie: smtp=25. Ugh, brainfart. submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o receive_override_options=no_address_mappings -o content_filter=filter:dummy They do here, since submission is an smtpD(8) listener. It is also an smtpD, but not because it's named submission. That's not what I said. it is an smtpd as indicated by the last token in the line. again, submission simply means use the port in /etc/services that corresponds to submission. The intended recipient receives a copy of the message, but the always_bcc user receives the message multiple times. Yes; always_bcc is invoked on receiving mail. If you re-inject mail (as you must after it is passed off to a content_filter), it is received for the second time. Everything in main.cf is applied anew, including always_bcc. The re-injection listener (which should NOT be the same daemon as your normal smtpd(8) listener!) should not apply always_bcc, so set your receive_override_options there. You should also be very, very careful about bouncing mail to your always_bcc address - consider what the result is. In practical terms, the recipient in always_bcc should never bounce, or you will have problems. Aside from the nitpicking, no comments on the actual contents ? -- J.
Re: Disclaimer with always_bcc and config problems
On 2011-09-12 06:21, Alex wrote: Hi, I'm trying to configure a disclaimer footer using altermime with postfix-2.7.5, amavisd-new-2.6.4. I've tried to follow the examples for creating a new filter, but the messages appear to be being reinjected at the wrong spot and are being delivered multiple times to the always_bcc recipient. I thought I could outline my current config, and someone could help me to find what I'm missing. I have about twenty virtual domains, but it would be okay to use the same disclaimer footer text for each domain. I'd also like to be sure SASL authenticated clients are permitted as well. I'm not sure this configuration will only work with my domains, and only on outbound mail. How is this controlled? By limiting the scope of the setting to one or more individual daemons. Settings in main.cf affect all instances of any particular daemon. If you need this controlled per domain, either use a recipient access map with a FILTER action to select among multiple filters, or take care of the domain in the content_filter. For 20 domains, adding 20 filters is probably not the easiest solution. Just parse the domain part in your content_filter and act appropriately. smtp inet n - n - - smtpd -o receive_override_options=no_address_mappings -o content_filter=filter:dummy I would suggest not naming an actual filter something as generic as filter - use footer instead, in this case. Also, smtP(8) does not receive mail, so this is not the correct place to apply these settings - they achieve nothing. submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o receive_override_options=no_address_mappings -o content_filter=filter:dummy They do here, since submission is an smtpD(8) listener. The intended recipient receives a copy of the message, but the always_bcc user receives the message multiple times. Yes; always_bcc is invoked on receiving mail. If you re-inject mail (as you must after it is passed off to a content_filter), it is received for the second time. Everything in main.cf is applied anew, including always_bcc. The re-injection listener (which should NOT be the same daemon as your normal smtpd(8) listener!) should not apply always_bcc, so set your receive_override_options there. You should also be very, very careful about bouncing mail to your always_bcc address - consider what the result is. In practical terms, the recipient in always_bcc should never bounce, or you will have problems. -- J.
Re: pipe_command: execvp Permission Denied
On 2011-09-10 01:02, Kaleb Hosie wrote:
I'm attempting to setup postfix to direct incoming email to a perl script which
will in effect scan the email with SpamAssassin and scan for viruses however
when I added the configuration to my master.cf file, I'm getting an error.
The mail log reads as so:
Sep 9 18:50:22 localhost postfix/pipe[2960]: 9F2349ABB01:
to=em...@domain.com, relay=postfixfilter, delay=7441,
delays=7441/0.08/0/0.65, dsn=4.3.0, status=deferred (temporary failure. Command
output: pipe: fatal: pipe_command: execvp /etc/postfix/Filter: Permission denied )
Did you verify this in principle ?
# su -lc /etc/postfix/Filter apache
I don't understand this error because the permission on the script file is fine:
-rwxr-xr-x 1 root root 14289 Sep 9 16:32 /etc/postfix/Filter
Oh, it is a script ?
So, is it valid ? Does it execute by itself ?
I've made the following changes to my master.cf file:
smtp inet n - n - - smtpd
-o content_filter=postfixfilter:
postfixfilter unix - n n - - pipe
flags=Rq user=apache argv=/etc/postfix/Filter -s ${sender} -r ${recipient}
Any help is greatly appreciated.
Kaleb
--
J.
Re: Bouncing an undeliverable message without waiting?
On 2011-09-08 22:33, Bob Proulx wrote: I have been trying to deduce if it is possible to force a message waiting in the mail queue with temporary errors (domain name resolution failures) to bounce right now instead of waiting for the timeout. The mail queue has messages addressed to unreachable addresses. I know that if I do nothing that eventually they will expire normally and a delivery status notification will be produced back to the sender. But having investigated them in detail I know that those addresses can never be delivered. I would like them to bounce back to the sender now so that they are notified now of their undeliverability instead of waiting. The sender is a local user. Is it possible to do this such as through using the postsuper command? I know I can delete the messages. But can I cause them to bounce without waiting? I don't want to delete them but want the sender to get a normal bounce back so that they are notified normally that the addresses are undeliverable. I have been reading the man page documentation for postsuper in as much detail as I can muster and if it is in there I do not see it. But it seems like this is something that is very likely to be possible. If so I would love to be educated on how to do it. Altering the status in-queue will be difficult, so you will have to devise a trick. You can try setting maximal_queue_lifetime to 0, and forcing a queue run. This will immediately bounce any messages already in the deferred queue, and not influence new mail unduly (since one presumes not a lot of messages will have this problem over a short window of time). Remember to set it back to normal after the queues are cleared! -- J.
Re: Postfix talking smtp through stdio command?
On 2011-09-07 00:55, Matthias Andree wrote: The firewall block is deliberate. Then I suggest you talk to some people and tell them you need email access... I find it rather quaint that you would be trying to set up SMTP connectivity on a system where this has - as you say - been expressly forbidden. -- J.
Re: Setting different smtpd_sasl_security_options depending on connecting IP
On 2011-09-06 13:58, Heiko Wundram wrote: Am 06.09.2011 13:42, schrieb Noel Jones: Or use firewall rules to redirect connections from that client to a different port with different smtpd_sasl_security_options. Thanks, after an off-list reply suggesting just that I tried that out, and that works like a charm. Adding the client to mynetworks won't cut it, as I don't trust the system except for the fact that I can control the traffic between the system and the smarthost; authentication is a must so that I can trace whether the host does bad things. You can trace that regardless, since postfix logs what happens. However, only SMTP AUTH combined with smtpd_sender_login_maps and its various restrictions allow you to /control/ what happens. -- J.
Re: Mail server in each office, i.e. Distributed Domain
On 2011-09-03 02:40, Daniel Mare wrote: We have Head Office and Small Office. In Head Office, we have Mac OS X 10.6.7 Mail server (i.e. postfix). For people in Head Office, traffic to and from the mail server is over the fast LAN - no problems. In Small Office, we have two employees, let's call them Snail and Shoe. Currently Snail and Shoe use the mail server in Head Office. When Snail emails Shoe, the message travels all the way to Head Office saturing the slow link upstream. Shoe then downloads the email from Head Office, which then saturates the slow link downstream. If Snail and Shoe are on the same LAN in the small office, there shouldn't be any reason for the message to travel all the way back to head office, so my question is: How do I set up a local email server in Small Office using the same email domain? If Snail sends an email to Shoe, it would go to a local email server in Small Office. The local email server in Small Office would then check if Shoe is located in Small Office, if not, it would pass the message on the Head Office, but in this case, seeing that Shoe is in the local Small Office, the local mail server would then keep the message in Small Office. Shoe will then download it from Small Office's local mail server, saving the slow link from saturation. How do I do set up the servers this way? Install a new postfix server at the satellite location, and either give it its own mail domain (and MX record), or set up transports to those two users. In case the former is unpractical, or impossible, for instance because the second server is on an internal LAN only (think VPN), you can use transport_maps on the main mail server to deliver mail for those two users to the satellite office. The satellite mail server should be configured to accept mail for its local users, and route mail for other users back to the main server; the simplest way to do this is to alias the valid users to a separate mailbox domain, and relay the original domain back to the main server. However, even the above can be achieved in half a dozen distinct ways, and there is no single correct solution; it depends on additional requirements, such as: will the satellite system send its own external mail ? and: is there a centralized user database available for use by both systems ? More information can be found in the documentation, such as http://www.postfix.org/STANDARD_CONFIGURATION_README.html#some_local and http://www.postfix.org/ADDRESS_REWRITING_README.html -- J.
Re: send copy of incoming mail to another user
On 2011-08-30 12:36, Per Jessen wrote: Jon Miller wrote: Like to know how do I send a copy of incoming mail to another user, both the user and management requires the same mail For all mail, see 'always_bcc' - for copies of one individuals mails, aliasing? [sender|recipient]_bcc_maps For domains you control, recipient_bcc_maps is generally better since you can rewrite the address - with, for instance, a regex map - to the same recipient at an archive subdomain. Or an archive address at another domain, etc etc. -- J.
Re: .forward files
On 2011-08-23 07:53, Selcuk Yazar wrote: Hi We have installed and runned Postifx+OpenLDAP+SASL cryrus + DoveCot + SquirellMail + Jamm applciations in our mail server. Everything is going fine. in this system can we enable .forward files ? As documented here: http://www.postfix.org/local.8.html under EXTERNAL COMMAND DELIVERY, forward files can be used for all mail that is delivered to a local mailbox. This specifically excludes virtual(8) delivery. thanks in advance. -- Selçuk YAZAR http://www.selcukyazar.blogspot.com -- J.
Re: Automating regular checks that incoming outgoing mails are still working
On 2011-08-21 16:03, Roger Goh wrote: There's often problem with our postfix mail server (that runs Cyrus / Cyrus-imapd) : Which is ? I have scripts (using mutt) to send hourly mails out ( from another postfix server, I can send mails to it). I need a way / method such that if those hourly test mails were never sent out or received, I'll need to be alerted. Let me know the freeware tools method to go about doing this? Fix the real problem instead. Will procmail (to verify if mails between the 2 postfix servers arrives at the mailboxes) be needed? I don't know anything about procmail. Fix the real problem instead. Why are there problems with your mail system ? What are the problems ? Or can we write scripts that run hourly (say 10 mins after test mails were sent) that checks maillog for arrival of the test mails if they're not received, .., hmm, how do I sent an alert email to notify support if outgoing mail is not working anymore? No, you should fix the real problem. I've suffered quite a few postfix mails not being sent/received outages which have serious consequences : causes can be due to postfix Linux servers' Then some part of your mail system is broken, as mail is not lost when you configure postfix correctly. resource were exhausted, too many MAILER-DAEMON or tens of thousands of stuck mails due to invalid email address (as shown by mailq) Then your configuration is partially or wholly incorrect. You need to investigate WHY this happens, then fix the real problem. -- J.
Re: Automating regular checks that incoming outgoing mails are still working
On 2011-08-21 16:22, Roger Goh wrote: Thanks for the Perl script Wolfgang resource were exhausted, too many MAILER-DAEMON or tens of thousands of stuck mails due to invalid email address (as shown by mailq) Then your configuration is partially or wholly incorrect. Well, it's often triggered by our mail blasting team : it's time they clean up those invalid email addresses (that either had moved or mailbox full), so it's not a postfix configuration issue You think ? So you are sending mass emails and do not have proper bounce handling in place. I wonder how long it will take you to get blacklisted. -- J.
Re: Request For Port 587
On 2011-08-18 15:27, Reindl Harald wrote: Am 18.08.2011 15:23, schrieb Jeroen Geilman: On 2011-08-18 14:59, Reindl Harald wrote: 587 is AUTHENTICATED submission Says who ? have you ever seen submission as open-relay? if yes - where and why does nonone shutdown this machine? Submission can take place on a trusted local network. This does not make you an open relay. -- J.
Re: Request For Port 587
On 2011-08-18 17:39, Thomas Berger wrote: Am Donnerstag, 18. August 2011, 15:23:28 schrieb Jeroen Geilman: On 2011-08-18 14:59, Reindl Harald wrote: 587 is AUTHENTICATED submission Says who ? Port 587 is AUTHORIZED submission, NOT AUTHENTICATED. Um, no. RFC 4409, section 4.3 states that an MSA *must* require authentication on connections that are not implicitly trusted (such as a secured local network). SMTP AUTH is the preferred mechanism, but the RFC does not limit authentication to SMPT AUTH. This is now a Draft standard, meaning you'd better follow it (HTML has never progressed beyond a draft standard in the 10+ years that v4.01 is in use) This requirement is updated from RFC 2476, where it was optional, but RFC 4409 is from April 2006 (a good 5 years ago), so let's assume people have read it by now. -- J.
Re: hide Recieved 127.0.0.1 Header
On 2011-08-14 01:59, spamv...@googlemail.com wrote: Hi.. Im running postfix with amavisd-new and everything works well but when i send a email the Header looks like: Return-Path:i...@example.org Received: from ms16-1.1blu.de (ms16-1.1blu.de [89.202.0.34]) by mb8-4 (Cyrus v2.1.18-IPv6-Debian-2.1.18-1+sarge2) with LMTP; Sun, 14 Aug 2011 01:51:04 +0200 X-Sieve: CMU Sieve 2.2 Received: from [94.23.243.111] (helo=xx12345678.kimsufi.com) by ms16-1.1blu.de with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-fromi...@example.org) id 1QsNyq-0007o7-Fu for it...@example1.org; Sun, 14 Aug 2011 01:51:04 +0200 Received: from xx12345678.kimsufi.com (localhost [127.0.0.1]) by xx12345678.kimsufi.com (Postfix) with ESMTP id C7B6478C8A forit...@example1.org; Sun, 14 Aug 2011 01:51:10 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=example.org; h= content-transfer-encoding:content-type:content-type:subject :subject:mime-version:user-agent:from:from:date:date:message-id :received; s=mail; t=1313279469; x=1315093869; bh=XHWzR0foaDil4f Smh5z11RbvZRztFwNmsdD0Szz2oXg=; b=iNboU6b7MRfpRSWW9ku+fOGZhCBAvn ZkSmhZi39BV0hifCEqAM6LohN7zAKGPchu7AXPqXaH6TKVQTaqtpDoCUv3QntlWT ydGxzPeKbpTbAKvzJ/eoOl+DE1M9afjB1u5P2MYbb6gIUbRItXVa8QZzlAbDr6do Ge3m5EdkeNxUU= X-Virus-Scanned: at xx12345678.kimsufi.com Is there any knows Way to remove the Received: from xx12345678.kimsufi.com (localhost [127.0.0.1]) Header ? Is there any good reason to ? The Header is written after amavisd-new injects the signed mail back into postfix, so the header_checks does not match anymore - Why are you running amavis on OUTGOING email ? - Why don't you sign the message AFTER amavis has checked it ? -- J.
Re: Best way to not allow locally submitted email
On 2011-08-14 09:41, Steve Fatula wrote: What is the best way to disable locally submitted email (via sendmail binary, mail, etc.), BUT, still allow cron and such tools to work and be able to send local mail? Not for the same users. You can't set authorized_submit_users, as, that means cron jobs run as users won't send the mail as they don't have permission. Only if you're talking about the SAME users. This would primarily be from command line users, or, web scripts and php programs that run as the user (not www, etc., this is suexec). For web scripts, they would need to send mail via smtp, which is easy enough. So, the idea here is to force that to happen and not allow mail, sendmail, etc. to users. You're stating contradictory requirements - you cannot AND allow scripts to use sendmail to submit mail for user X, AND disallow user X to submit mail as user X. Just put your script users in authorized_submit_users, and enforce SMTP for everyone else. -- J.
Re: Best way to not allow locally submitted email
On 2011-08-14 18:35, Steve Fatula wrote: - Original Message - From: Jeroen Geilmanjer...@adaptr.nl To: postfix-users@postfix.org Cc: Sent: Sunday, August 14, 2011 5:14 AM Subject: Re: Best way to not allow locally submitted email You're stating contradictory requirements - you cannot AND allow scripts to use sendmail to submit mail for user X, AND disallow user X to submit mail as user X. Just put your script users in authorized_submit_users, and enforce SMTP for everyone else. The sendmail binary allows a user to do too many things they should not be allowed to. I can send mail FROM you for example. The restrictions on sender address that apply to authenticated email does not apply, of course, since they are not authenticated! So, perhaps the best solution is to use something like msmtp so that mail from the command line goes through normal authenticated channels, and thus, I CAN achieve my goals. Nobody says you cannot achieve your goals. I merely pointed out that you were asking contradicting things of sendmail(1). Now, I would look for a way to force everybody that is not administrator-controlled to use authenticated SMTP even from localhost, and disallow sendmail for normal users. How is that different from what you said ? -- J.
Re: Relay access denied issue
On 2011-08-12 09:00, Marco van Kammen wrote: Dear List, Very basic relaying setup. Mail coming in from specific range of servers is allowed and forwarded to their final destinations. Postfix 2.3.3 Consider upgrading; this version is no longer suported. postconf --n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550 /etc/postfix/access /etc/postfix/access.db 10.35.0.0/16OK This database is not referenced anywhere. Most servers within the 10.35.0.0/16 range are allowed just fine.. Mail from one specific ip keeps bouncing: Aug 11 14:22:33 serverX postfix/smtpd[28348]: NOQUEUE: reject: RCPT from serverX.is.local[10.35.10.34]: 554 5.7.1 exter...@domain.com: Relay access denied; from=inter...@domain.com to=exter...@domain.com proto=ESMTP helo=serverX I'm pretty sure I'm missing something very simple, but I just can't see it! To RELAY mail through postfix, one of the following must be true: - either the recipient domain appears in relay_domains, OR - the source IP(s) appear in mynetworks, OR - there is a client access map that is actually applied somewere. I don't see any of the above happening; this means the default for mynetworks is used: the IP of the postfix server, and the smallest IP range it is a member of. Since you say this concerns a known set of internal IPs, use the following: mynetworks = 127.0.0.1/8 10.35.0.0/16 and verify that: smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination http://www.postfix.org/postconf.5.html#mynetworks http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions If this server is accessible from the outside, those restrictions are NOT sufficient: http://www.postfix.org/SMTPD_ACCESS_README.html -- J.
Re: sender_bcc - patterns questions
On 2011-08-12 01:37, Troy Piggins wrote:
On Thu, Aug 11, 2011 at 10:02:21AM +1000, Troy Piggins wrote:
On Wed, Aug 10, 2011 at 09:47:37AM +0200, Jeroen Geilman wrote:
snip /
It is not a variable expansion. Use this instead:
/(user1)@mydomain.com/ $1_s...@mydomain.com
Read http://www.postfix.org/pcre_table.5.html, section Text Substitution for
details.
Note that this offers zero advantage over an exact match.
Thankyou! That works. I now have this and it seems to be working fine:
if !/^(excludeduser1|root|.+_sent)@mydomain\.com$/
/^(.+)@mydomain\.com$/ ${1}_s...@mydomain.com
endif
Perhaps I spoke too soon. This is creating duplicates. Any pointers on why?
I could see a loop problem if the if/endif condition wasn't there, but
shouldn't that prevent _sent messages going through again?
For completeness, the procmail rule I use is:
:0:
* ^X-Original-To:.*_sent@mydomain\.com
| gzip -fc9 ${HOME}/Sent_${DATE}.gz
The duplicates do not show up in the sender's normal Sent folder, but do show
up in the gzipped archive. Using my old method of manually adding/deleting
each user as they join/leave the company, and using a hash table instead of
pcre, this worked and didn't create duplicates:
us...@mydomain.com user1_s...@mydomain.com
us...@mydomain.com user2_s...@mydomain.com
us...@mydomain.com user3_s...@mydomain.com
and so on...
I can't see my error, please help.
Really, use an archive DOMAIN. This precludes any looping.
--
J.
Re: mail server on vm
On 2011-08-12 15:46, Amira Othman wrote: Hi all, I am configuring mail server on virtual machine for testing. I am using centos 5.6 and postfix-2.3.3-2.3.el5_6. I can send without problems but I cant receive mails. I dont have mx record I tried to add to hosts file but no change. If you want postfix to respect your hosts file, you need to set disable_dns_lookups = yes in main.cf. is mx record a must even if I am using for testing only?? No, an MX record is not required. You can always send mail to the FQDN of your postfix server. Is there any alternatives of using mx record locally something like hosts file Regards Amira Othman Server Administrator www.cairosource.com 6 EL Nil EL Abyad, Mohandiseen Cairo, Egypt Direct: +2 02 3303 7175 Mobile: +2 012 220 4165 The information transmitted is intended solely for the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this email in error please contact the sender and delete the material from any computer. -- J.
Re: Problem with DNS lookup when chrooted
On 2011-08-10 07:10, ricardus1867 wrote: Hi! By trying to add a second postfix instance (something seems to have went terribly wrong), I managed to screw up my postfix. Badly. Nothing would work anymore. So I tried the scorched earth approach (purge, then install). That worked more or less, except for the fact that /var/spool/postfix/etc was empty. So one of the problems (DNS lookups stopped working) persisted. I copied a couple of files inside that directory that I remembered being there (hosts, localtime, nsswitch.conf, resolv.conf, services and the ssl certs), but the error either is elsewhere or I forgot to copy a file... I tried no setting chroot to no for the smtp daemon. That fixes the problem. But how can I make DNS lookups work again without loosing the chroot? /var/spool/postfix/lib needs to contain libresolve and the various libnss-* libraries. Thanks in advance for any help! Regards ricardus -- J.
Re: building mail server on virtual machine
On 2011-08-10 15:15, Amira Othman wrote: Hi all, I need to configure postfix on virtual machine for testing purpose but I don't know how to do that as I don't have mx record .is there something to do so simulate that something like virtual mx record . MX records are not required for functioning email. The hostname of the machine must resolve, and it must be reachable on port 25. That's it. -- J.
Re: postfix with archiving and e-discovery
On 2011-08-10 16:39, Donny Brooks wrote: Hello all, I have done some research on this but cannot find an easy to implement solution that doesn't need us to send our mail to an outside company. We need an in-house email archiving and e-discovery solution that would work with our existing postfix/dovecot setup. Being a state government agency this is something we are about to need to implement. My supervisor is bent on going to exchange but I refuse to do that as we have zero problems with our postfix email setup while other agencies have entire divisions dedicated to exchange management. Take a look at the various sender_bcc_maps and recipient_bcc_maps options: http://www.postfix.org/postconf.5.html#sender_bcc_maps http://www.postfix.org/postconf.5.html#recipient_bcc_maps In particular, you can construct a PCRE or regexp map that adds an archive-specific prefix or suffix to the address, such as: recipient_bcc_maps = regexp:/etc/postfix/recipient_archive and in /etc/postfix/recipient_archive: /^([^@]+)@example\.com$/$1...@archive-domain.example.com Then proceed to deliver the archive domain to a location of your choosing (or another server altogether) Thanks in advance for any and all advice. Donny B. I don't really know what e-discovery means. -- J.
Re: integrate postfix with php
On 2011-08-08 09:28, Amira Othman wrote: Hi all I am using postfix-2.3.3-2.3.el5_6 on centos 5.6.I have configured postfix to server 2 virtual domains and now I want to integrate postfix with php to send mails to users in database using php script.is that possible in postfix? POSTFIX has standard interfaces for sending messages: sendmail(1) and SMTP. If your php script uses the standard interfaces to send mail, then POSTFIX will work with php, yes. -- J.
Re: Rejecting all mail from/to a domain
On 2011-08-08 20:29, Stephen Atkins wrote: Hello everyone. I've been searching around trying to figure this out but it just eluding me. We've been getting a ton of mail from a certain domain which is all spam. Problem is that our mail system is also generating a bounce for each try. Why are you bouncing this mail ? Is it addressed to non-existent recipients ? Then you need to REJECT them at SMTP time, look at http://www.postfix.org/SMTPD_ACCESS_README.html Right now, you are an (apparently open) source of backscatter spam; you will get blacklisted if this continues. I would like to block absolutely everything to or from this domain no matter what. smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access hash:/etc/postfix/blocklist, ... And in /etc/postfix/blocklist: bad_domainREJECT -- J.
Re: lost connection after RCPT
On 2011-08-08 23:15, l...@airstreamcomm.net wrote: We recently (within the last two weeks) started getting a very large number of logs like this: postfix/smtpd[29456]: lost connection after RCPT from cel-broadband1-ws-72.dsl.airstreamcomm.net[64.33.198.73] After doing packet traces it appears that the client is sending RST packets to our server, which doesn't make any sense? After how much time ? What is the time elapsed between CONNECT and LOST CONNECTION ? Does it always happen with that client ? If so, ask them what they're doing wrong. Here is postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases anvil_rate_time_unit = 60s bounce_queue_lifetime = 3d broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 9 default_destination_recipient_limit = 1000 default_process_limit = 1000 header_checks = regexp:/etc/postfix/header_checks html_directory = no inet_interfaces = all mail_owner = postfix mailbox_size_limit = 52224000 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_queue_lifetime = 3d message_size_limit = 52224000 mydestination = $myhostname, localhost.$mydomain, localhost myhostname = osmtp-1.airstreamcomm.net mynetworks = $config_directory/mynetworks newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc relayhost = omrcd1.parcel-airstreamcomm.net sample_directory = /usr/share/doc/postfix-2.3.3/samples sender_bcc_maps = hash:/etc/postfix/sender_bcc_jatheon sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_connect_timeout = 5m smtp_data_done_timeout = 900s smtp_data_init_timeout = 900s smtp_data_xfer_timeout = 900s smtp_helo_timeout = 900s smtp_mail_timeout = 900s smtp_tls_note_starttls_offer = yes smtpd_client_event_limit_exceptions = static:all smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access hash:/etc/postfix/restricted_recipients check_client_access hash:/etc/postfix/popimap_access, permit_sasl_authenticated,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth-client smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender,permit smtpd_timeout = 180s smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.crt smtpd_tls_key_file = /etc/pki/tls/private/postfix.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 That is wayy to much default information; default values should not be in main.cf. Run (postconf -d; postconf -d; postconf -n) | sort | uniq -u to get a cleaner list without all your distro's defaults. -- J.
Re: Multiple Domains, Mail Gateway, Two Mail Servers
On 2011-08-07 17:08, Jim Seymour wrote: Wow, over 48 hours and no solution(s) suggested? Everybody on vacation? :) Don't hijack another poster's thread. And yes, it IS the summer vacation. -- J.
Re: Domain aliasing
On 2011-08-05 16:22, Magnus Bäck wrote:
On Tuesday, August 02, 2011 at 19:25 CEST,
Jeroen Geilmanjer...@adaptr.nl wrote:
On 2011-08-02 06:30, Noel Butler wrote:
Has been a while since I've looked at this, but at present if we
need to alias a domain, eg f...@example.com to f...@example.net
we are using mysql:/etc/postfix/mysql_alias_domains.cf after
other entries in our virtual_alias_maps
and using
query = SELECT email from virtual_users where email='%s' OR email =
CONCAT('%u@', (SELECT destination from aliased_domains where
domain = '%d'))
Consider adding a regexp or PCRE map for this:
virtual_alias_maps = mysql:/etc/postfix/mysql_alias_domains.cf
regexp:/etc/postfix/domain_aliases
/etc/postfix/domain_aliases:
/^([^@]+)@from_domain$/$(1)@to_domain
It'll be faster than mysql, too ;)
No, don't do this.
I agree that he probably shouldn't do this in the first place without a
valid recipient map, but I was only correcting the mysql fiasco...
This breaks recipient validation in the same way that
@from_domain@to_domain
in an indexed map does, except it's more complicated.
Well, no, not breaks - just always passes it.
If you know why you're doing it, and will absolutely never send
backscatter because of it, it's possible to do so.
--
J.
Re: Postfix mail transport unavailable
On 2011-08-04 21:39, Geoffrey R Hardin wrote: Lots of stuff without real data. Please provide postconf -n output and relevant logs, as described in the link you were given when joining: http://www.postfix.org/DEBUG_README.html#mail -- J.
Re: Domain aliasing
On 2011-08-02 06:30, Noel Butler wrote:
Folks,
Has been a while since I've looked at this, but at present if we
need to alias a domain, eg f...@example.com to f...@example.net
we are using mysql:/etc/postfix/mysql_alias_domains.cf after
other entries in our virtual_alias_maps
and using
query = SELECT email from virtual_users where email='%s' OR email
=
CONCAT('%u@', (SELECT destination from aliased_domains where
domain = '%d'))
Consider adding a regexp or PCRE map for this:
virtual_alias_maps = mysql:/etc/postfix/mysql_alias_domains.cf
regexp:/etc/postfix/domain_aliases
/etc/postfix/domain_aliases:
/^([^@]+)@from_domain$/ $(1)@to_domain
It'll be faster than mysql, too ;)
.. which has served us well on the massive 2 domains we've need it
to ...so, my question is, is there
planned an easier, more
direct call to do it, since, IIRC, the virtual alias domains
despite its name, does not do this (or I never got it to work)
It's one feature I miss from old sendmail days which did this
easily as a simple "from_domain" "to_domain" table.
Since this blindly forwards mail to (possibly external)
destinations, it's not a very good practice, security-wise.
Hence why postfix requires you to jump through one or two hoops to
achieve it.
--
J.
Re: About 'connect from unknown[IP address]'
On 2011-08-02 21:59, Bruno Costacurta wrote: Hello, in my logs files there are messages 'connect from unknown[here an IP address]'. Can this be considered be as probable spam ? No. It merely means that the machine connecting does not have forward confirmed reverse DNS (FCrDNS) entries. This occurs with home-based mail servers (who often cannot set their own PTR record), but even with larger company mail servers, where a pool of MXes don't all have their own hostname and/or IP. And especially can Posfix blocked such connection ? Certainly. I tried to add the following : smtpd_sender_restrictions = reject_unknown_sender_domain Ýou mean *client*. smtp_client_restrictions = reject_unknown_client_hostname NOTE that this is a very heavy restriction and will cause many, many false positives. Instead, use the milder (but equally effective) smtp_client_restrictions = reject_unknown_reverse_client_hostname This will reject all clients that do not have a PTR entry for their IP. See http://www.postfix.org/postconf.5.html#smtpd_client_restrictions for the full list. -- J.
Re: misunderstanding with dovecot
On 2011-07-29 18:37, Andrea Ganduglia wrote:
Hi. I have a little issue with postfix and dovecot. Below you can find
my actual configuration, this works well if I use virtual_transport =
virtual but if I add those lines:
transport_maps = mysql:/etc/postfix/mysql_virtual_transport.cf
maildrop_destination_recipient_limit = 1
virtual_transport = dovecot
my outbound traffic try to authenticate recipients and delivery fails
Jul 27 23:01:24 boxnic postfix/pipe[27788]: 1C3B525481B4:
to=u...@example.com, relay=spamassassin, delay=0.22,
delays=0.15/0/0/0.07, dsn=2.0.0, status=sent (delivered via
spamassassin service)
Jul 27 23:01:24 boxnic dovecot: auth(default): master in:
USER#0111#011u...@example.com#011service=deliver
Jul 27 23:01:24 boxnic dovecot: auth-worker(default):
sql(u...@example.com): SELECT maildir, 1001 AS uid, 1001 AS gid FROM
mailbox WHERE username = 'u...@example.com'
Jul 27 23:01:24 boxnic dovecot: auth-worker(default):
sql(u...@example.com): Unknown user
Jul 27 23:01:24 boxnic postfix/pipe[27704]: 47DF825481B6:
to=u...@example.com, relay=dovecot, delay=0.01, delays=0/0/0/0.01,
dsn=5.1.1, status=bounced (user unknown)
in /etc/postfix/mysql_virtual_transport.cf I'm using this fake query:
SELECT dovecot AS transport;
My god, why is this so complicated ?
You're adding extra transport maps to a transport that is already the
default virtual transport, to override transport maps that are empty.
And to top it off, you're using a mysql map to return a static result.
Also, you're not using maildrop as a transport, so the above recipient
limit is never applied.
Seriously, consider unfscking this config.
If you set virtual_transport to dovecot (and I'm not saying that you
should), don't put it in a transport map.
Vice versa, if you put dovecot in a transport map, don't set it as your
virtual_transport.
When in doubt, do not hijack the default workings of postfix - it will
only cause trouble.
With dovecot inbound mail follows this route postfix - spamassassin
- dovecot - sieve - Maildir (it works!)
but outbound mail follows the same way, while I think should be
postfix - smptd - send (in any case with virtual pipe on
spamassissin!).
So apply your spam filter to the incoming connection only.
I assume you're using submission (port 587, SASL +TLS) for mail
submission - and if you're not, you should.
This leaves you free to add your content_filter to the port 25 smtpd(8)
listener.
How can I split delivery into two distinct paths for outbound and
inbound messages?
By using submission to submit outbound mail.
--master.cf--
smtp inet n - n - - smtpd
-o content_filter=spamassassin
That should be inbound only; prevent outbound users from using it by
REJECTing envelope senders in your domain(s).
maildrop unix - n n - - pipe
flags=DRhu user=postfix argv=/usr/bin/maildrop -d ${recipient}
Never used.
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f
${sender} -d ${recipient}
This is used.
--
J.
Re: misunderstanding with dovecot
On 2011-07-29 21:20, Andrea Ganduglia wrote:
On Fri, Jul 29, 2011 at 7:05 PM, Jeroen Geilmanjer...@adaptr.nl wrote:
On 2011-07-29 18:37, Andrea Ganduglia wrote:
my outbound traffic try to authenticate recipients and delivery fails
My god, why is this so complicated ?
You're adding extra transport maps to a transport that is already the
default virtual transport, to override transport maps that are empty.
I don't understand this point. The only way that Dovecot works is use
transpot_maps, if I use just virtual_transport = dovecot it doesn't
works.
Then you did something wrong.
As long as the dovecot transport knows how to handle the mail sent to
it, virtual_transport = dovecot will work fine.
And to top it off, you're using a mysql map to return a static result.
Yeah, it's hack for now. On next future, I want select transport by
domain name (like: select tranport from transports where domain =
'%d').
Then it has no place in this config.
Get simple working first, then make it more complex.
Also, you're not using maildrop as a transport, so the above recipient limit
is never applied.
Seriously, consider unfscking this config.
It's not the goal of this issue. This is an experimental and
transitional config file. My goal for now is understand how split
outbound and inbound mail and using Dovecot/Sieve for inbound mails.
I'm not using dropmail here, I opted for dovecot.
Again, it only obfuscates any real issues.
With dovecot inbound mail follows this route postfix -spamassassin
-dovecot -sieve -Maildir (it works!)
but outbound mail follows the same way, while I think should be
postfix -smptd -send (in any case with virtual pipe on
spamassissin!).
So apply your spam filter to the incoming connection only.
No. Apply dovecot to the incoming connection only.
...what ? That makes absolutely zero sense.
Dovecot is a mail store server, not a content filter.
If you apply the dovecot transport to all mail, then yes, this goes
wrong. So don't do that.
I assume you're using submission (port 587, SASL +TLS) for mail submission -
and if you're not, you should.
This leaves you free to add your content_filter to the port 25 smtpd(8)
listener.
Currently I'm not using :submission. If I do:
Jul 29 20:20:30 hostname postfix/smtp[17437]: 998E02548187:
to=u...@example.com, relay=none, delay=0.02,
delays=0.01/0/0/0, dsn=4.4.1, status=deferred (connect to
127.0.0.1[127.0.0.1]:587: Connection refused)
I have no more investigated.
Then I suggest you do so.
Submission is well documented, as is smtpd(8) SASL and TLS:
http://www.postfix.org/SASL_README.html and
http://www.postfix.org/TLS_README.html
It is one half of separating your incoming and outgoing mail streams.
How can I split delivery into two distinct paths for outbound and
inbound messages?
By using submission to submit outbound mail.
--master.cf--
smtp inet n - n - - smtpd
-o content_filter=spamassassin
That should be inbound only; prevent outbound users from using it by
REJECTing envelope senders in your domain(s).
uhm... I don't understant. How? Why?
With the appropriate restrictions, as documented here:
http://www.postfix.org/SMTPD_ACCESS_README.html
Pay particular attention to the check_sender_access restriction; if you
apply that to your domain(s), before accepting any mail, people will not
be able to use port 25 to send mail from your domain(s).
Never used.
This is used.
I know.
Jeroen, you was very nice, but I need to understand what is the right
way to make work this.
The problem is that you have not sufficiently explained what this is.
I gather you're trying to use dovecot to deliver incoming mail, and want
to avoid that on outgoing mail.
This is not difficult, as long as you don't override postfix' default
behaviour with silly transport_maps that don't work.
But without more detailed requirements it is very hard to tell you what
to do.
I post this issue through out 3 world wide
mailing list {debian,dovecot,postfix}-user in last two weeks, I read
much about talk, but no one said me where I wrong, why and how I can
fix it.
Nobody is being paid to help you, surely.
Postfix has excellent documentation; if you have questions it does not
answer, feel free to come here and ask them, and provide as much
relevant information as you can.
For reference, see the DEBUG help you also received when joining this list:
http://www.postfix.org/DEBUG_README.html#mail
--
J.
Re: Restricting sendmail
On 2011-07-29 23:00, kianoush wrote: Hello, I've searched alot in the documents, sorry if I missed anything, BUT MY QUESTION IS: I want to restrict Unix/Linux System user such as XYZ of using sendmail to certain domains: in example: xyz.com http://xyz.com xyt.com http://xyt.com ztq.com http://ztq.com and have it rejected if he tried to use other domains as sender You can use a milter: http://www.postfix.org/MILTER_README.html There is nothing native that can arbitrate locally-submitted mail (apart from disallowing certain users to use it at all). Somewhat preventing forgery, Is there any solution right now for that or sendmail (postfix) should be modified? Also is there any solution to prevent this using SASL, I tried alot of header checking, it is possible but very messy and too many checks are required, SASL is used on SMTP connections; sendmail doesn't use it. -- J.
Re: Possible to configure LMTP envelope recipient without domain?
On 2011-07-27 04:43, Jack Bates wrote: On Tue, Jul 26, 2011 at 12:33 PM, Wietse Venemawie...@porcupine.org wrote: Jack Bates: I want Postfix to deliver messages to an LMTP server - and for better or worse, the LMTP server accepts envelope recipients with just a mailbox name, e.g. RCPT TO:example The LMTP protocol is identical to SMTP with very few differences, and therefore it requires a complete email address. Thank you Wietse - I know that this LMTP server is noncompliant - it sounds like it's impossible to configure Postfix to deliver to it? Is there anything I can try, to get Postfix to deliver to this LMTP server? Maybe a proxy that would remove the domain from the envelope recipient? What kind of proxy - an SMTP proxy ? Postfix will canonicalize the address back to fqdn form before queueing it. If you are talking about an LMTP proxy - erm, yes, right. Think about it. Personally, I would just replace this broken LMTP backend with dovecot. -- J.
Re: possible compromised system
On 2011-07-27 23:10, Julian Opificius wrote: When I connect to my Postfix server using ssh from a remote location, postings show up as something like (suitably modified for security): Jul 27 15:50:35 winston postfix/smtpd[28303]: connect from localhost[127.0.0.1] Jul 27 15:50:36 winston postfix/smtpd[28303]: 57A5A220BA: client=localhost[127.0.0.1] Jul 27 15:50:36 winston postfix/cleanup[28315]: 57A5A220BA: message-id=1311799778.2531.33.camel@progbox Jul 27 15:50:36 winston postfix/qmgr[3964]: 57A5A220BA: from=jo397...@example1.com, size=517, nrcpt=1 (queue active) Jul 27 15:50:37 winston postfix/smtpd[28303]: disconnect from localhost[127.0.0.1] Jul 27 15:50:37 winston postfix/smtp[28319]: 57A5A220BA: to=j_opific...@example2.org, relay=mail.example2.org[aaa.bb.cc.ddd]:25, delay=1.7, delays=0.53/0.04/0.67/0.45, dsn=2.0.0, status=sent (250 2.0.0 Ok: qu eued as D5F07162B43) Jul 27 15:50:37 winston postfix/qmgr[3964]: 57A5A220BA: removed All that is good, works fine. The point to note is the: connect from localhost[127.0.0.1] part. Is there any other legitimate situation in which connect from localhost[127.0.0.1] is legitimate? I suspect my system is compromised (as opposed to my simply not having appropriate spam protections, etc in place). Here's an example of a connect from localhost... that I cannot justify or explain: Jul 27 15:46:54 winston postfix/smtpd[28230]: connect from localhost[127.0.0.1] Jul 27 15:46:54 winston postfix/smtpd[28230]: warning: Illegal address syntax from localhost[127.0.0.1] in MAIL command: anntaylorloft@mhttps://app.cheetahmail.com/m/mailers/mailinail.anntaylorloft.com Jul 27 15:46:55 winston postfix/smtpd[28230]: disconnect from localhost[127.0.0.1] SENDING SMTP mail to port 25 is not a privileged operation, so it could be any user on the system running any kind of malware. That said, it is most often HTTP+PHP and/or FTP accounts that are exploited to upload malicious code and run it locally; check your system and daemon logs carefully! For example, exploited apache/PHP apps often leave tracks of executed code in the apache error log (because they just don't care, and that's where stdout goes) - that might give you a hint. On the other hand, if somebody compromised the system via SSH you should audit the auth log for breakin attempts. I would strongly advise you to disconnect this system from the internet until you can verify that you're not sending out spam - or worse. I confess I'm running Suse 9.1 and Postfix 2.5.5, so I'm looking for a justification to tear the system down and rebuild from scratch (as if I needed it), but a compromised system is much more serious. Thanks, Julian. -- J.
Re: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory [solved]
On 2011-07-26 17:40, Claudio Prono wrote: Il 26/07/2011 17.37, Jerry ha scritto: On Tue, 26 Jul 2011 17:22:19 +0200 Claudio Prono articulated: Il 26/07/2011 17.13, Wietse Venema ha scritto: Claudio Prono: Hello all, This problem is made me mad all today, with no solution... Turn off chroot. This is a magical cure for many mysteries. http://www.postfix.org/DEBUG_README.html#no_chroot If that solves the problem, complain to your distributor. They should not turn on chroot and make life difficult for newbies. Tnx for the reply, but my chroot is already disabled, as you can see: # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - n - - smtpd As per thehttp://www.postfix.com/DEBUG_README.html page: Reporting problems to postfix-users@postfix.org If the problem is SASL related, consider including the output from the saslfinger tool. This can be found at http://postfix.state-of-mind.de/patrick.koetter/saslfinger/. Ok, now works. Is strange but if i set the permissions of the folder /var/run/authdaemon.courier-imap to 777, it doesn't work, and the error is the last i have posted. If i set the permissions correctly, like this: drwxrwx--- 2 root postfix 4096 Jul 26 17:35 authdaemon.courier-imap It works... Maybe a permission check from postfix of too many permissions on the dir/socket? That would be my supposition, yes. Connecting to something as security-sensitive as an auth provider should not happen over a wide-open socket. -- J.
Re: rewriting local users to user@domain instat of user@host.domain
On 2011-07-25 14:22, Erik - versatel wrote: I have read and re-read this pages and other documents but still it seems not to work I have changed a few things in my configuration: in main.cf I have changfed myorigen from myorigen=host.domain.tld into myorigen=$mydomain (mydomain=domain.tld) NOW the from is rewriten, so i have a good return address mydestination=localhost, localhost@localdomain That is not valid syntax for mydestination. local_header_rewrite_clients=static:all remote_header_domain_rewrite=domain.tld maquerade_domains=host.domain.tld domain.tld Please, PLEASE, COPY AND PASTE the output of postconf -n. Don't try to copy it by hand, this will get you nowhere with typos like this. BUT still i cant change the local TO adress from host.domain.tld to domain.tld If the above is really in main.cf, it won't - but then again, that should probably crash postfix altogether. Why i want this. (I dont want real UNIX users with mail, because the same password is used and this password is often sent over the internet.) I have no idea what you think this means. I have all virtual domains. Except for localhost, then. local users can sent a message, i want one of the virtual domains added and receive answers in the virtual mailboxes What's to say they can't ? I want mail by the system sent correctly to my virtual mailbox. Then you must alias the local root address - or whichever local address system mail goes to - to a virtual one. I'm still thinking about using cannonical for message TO ?rewrite and .forward for systemmail Neither is required; use masquerade_domains for the domain rewrite, and a local alias for the system mail. Someone a nice idea Chocolate-covered cashews. -- J.
Re: receiving yahoo mails fails every so often
On 2011-07-21 20:55, Eric Smith wrote: The problem is this yahoo and yahoo alone fails to make connections, the problem is random,most emails come through just fine, the specific failures are not repeatable. But an parker of ours uses yahoo business serves for their email, they are getting timeout bounces on 1 in 10 emails sent to us. That is the best description that I have for this issue. As for the verboseness I added this debug_peer_list = yahoo.com to main.cf. It fails with this off as well. If its a local disk race condition why only yahoo and not any other domain. If its DNS issue, why yahoo and no other domain? I had thought that its a firewall mucking the TCP packets, no avail. So I am probably missing something in either my setup or in the log file hence why its included. No, the remote SMTP server not connecting to your server is not caused by your configuration. Do a tcpdump *on the internet connection*, to see what's what. -- J.
Re: setting for one single message with multiple domains
On 2011-07-21 21:08, Victor Duchovni wrote: On Thu, Jul 21, 2011 at 03:03:53PM -0400, Zhou, Yan wrote: Hi there, I thought this is a Postfix setting. Postfix 2.3.3. Say, my postfix server manages domain1 and domain2. If I send a message to X@domain1 and Y@domain2. Right now I get two separate messages (both identical), how can I get just one single message for ALL domains? For mail others send, you can't. For mail you send, if it is important (I would suggest not), configure the same transport:nexthop for both domains: example.com smtp:example.com example.net smtp:example.net I'm sure that was meant to be: example.com smtp:example.com example.net smtp:example.COM /nitpick. I honestly don't see where this would be useful though - unless that's not his real question and he wants to use domain-segregated relayhosts, and there are better solutions for that. Adjust as necessary if the destination is not remote, making sure in all cases (including content filters) that the transport and nexthop are the same for both domains. -- J.
Re: setting for one single message with multiple domains
On 2011-07-21 21:39, Zhou, Yan wrote: -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix- us...@postfix.org] On Behalf Of Victor Duchovni Sent: Thursday, July 21, 2011 3:09 PM To: postfix-users@postfix.org Subject: Re: setting for one single message with multiple domains On Thu, Jul 21, 2011 at 03:03:53PM -0400, Zhou, Yan wrote: Hi there, I thought this is a Postfix setting. Postfix 2.3.3. Say, my postfix server manages domain1 and domain2. If I send a message to X@domain1 and Y@domain2. Right now I get two separate messages (both identical), how can I get just one single message for ALL domains? For mail others send, you can't. For mail you send, if it is important (I would suggest not), configure the same transport:nexthop for both domains: example.com smtp:example.com example.net smtp:example.net Adjust as necessary if the destination is not remote, making sure in all cases (including content filters) that the transport and nexthop are the same for both domains. -- Viktor. [Zhou, Yan] This actually used to work already, until recently I introduced mail relay. My application used to send to the remote Postfix server directly, which delivers one single message (for both recipients). Now my application is connecting to a local Postfix, which then relays to the same remote Postfix. Now this same remote Postfix is delivering two messages. I do not know why that is the case. Because the two postfix machines do not communicate that both messages should go to the same destination - you have to configure this on both machines independently. Since the first postfix apparently uses the second as relayhost, the first is already taken care of - it only has one destination. You need to configure domain-dependent transports on the second postfix instead. Yan Confidentiality Notice: The information contained in this electronic transmission is confidential and may be legally privileged. It is intended only for the addressee(s) named above. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by telephone (513) 229-5500 or by email (postmas...@medplus.com). After replying, please erase it from your computer system. -- J.
Re: setting for one single message with multiple domains
On 2011-07-21 21:47, Victor Duchovni wrote: On Thu, Jul 21, 2011 at 09:39:19PM +0200, Jeroen Geilman wrote: For mail others send, you can't. For mail you send, if it is important (I would suggest not), configure the same transport:nexthop for both domains: example.com smtp:example.com example.net smtp:example.net I'm sure that was meant to be: example.com smtp:example.com example.net smtp:example.COM Yes, of course. I honestly don't see where this would be useful though It is useful, when you want envelopes with recipient in both domains to be handled in a single transaction with the target nexthop, rather than a separate transaction for each domain (default). I understood that part, but that means you'd have to know in advance that that nexthop is prepared to handle both messages. In other words, it's a manual optimization for special cases. If there are a lot of messages to destinations like this, sure, it will save bandwidth, but it's not generic or easily generalizable. I could not make out from the OP whether he wanted to do this for ALL mail, or just for selected destination domains - my impression was the former though. -- J.
Re: setting for one single message with multiple domains
On 2011-07-21 22:23, Victor Duchovni wrote: On Thu, Jul 21, 2011 at 10:13:06PM +0200, Jeroen Geilman wrote: Now my application is connecting to a local Postfix, which then relays to the same remote Postfix. *Now this same remote Postfix is delivering two messages.* - He needs to configure domain-dependent transports on the second postfix instead. No, the first and perhaps also the second as appropriate. Bifurcation cannot be undone, but can be prevented hop-by-hop starting at the first one. Over and out. Ah - does setting a relayhost= not make that a single destination, then ? It seemed like it might handle the same way as if he had a transport map of * smtp:relayhost -- J.
Re: Maildir not automaticily added with virtual users
On 2011-07-20 09:12, Erik - versatel wrote: I use virtual users and virtual domains My virtual_mailbox_base = /var/mail/vhosts My virtual_mailbox_maps = hash:/etc/postfix/vmailbox home_mailbox = Maildir/ In etc/postfix/vmailbox u...@example.comexample.com/user In this case my mail is not delivered - I get a message user is dir not file Yes. As documented, virtual_mailbox_maps is a mapping from recipient address to a *mailbox*. When I change this into: In etc/postfix/vmailbox u...@example.comexample.com/user/ My mail is now delivered at /var/mail/vhosts/example.com/user and not to /var/mail/vhosts/example.com/user/Maildir Yes. As documented, virtual_mailbox_maps is a mapping from recipient address to a *mailbox*. When i want the mail delivered to /var/mail/vhosts/example.com/user/Maildir I have to change the file vmailbox to: In etc/postfix/vmailbox u...@example.comexample.com/user/Maildir/ Yes. As documented, virtual_mailbox_maps is a mapping from recipient address to a *mailbox*. I expected that if you choose for a kind of Mailbox, this would also be for virtual users. You choose for a mailbox type by either suffixing a directory slash (which makes it a maildir) or not (which makes it an mbox). This convention holds anywhere you can configure a mailbox in postfix - including, as documented, in virtual_mailbox_maps. Whether what you configured corresponds with reality is not under postfix's control. I expected it to work with the first option, without the / (u...@example.com example.com/user) I should think this is logical. Is this a bug ??? As documented, virtual_mailbox_maps is a mapping from recipient address to a *mailbox*. I want my mail delivered at /var/mail/vhosts/example.com/user/Maildir So set that as the RHS of the mapping. What are you worried about - that your virtual_mailbox_maps file will run out of storage bits ? -- J.
Re: I only want to use Virtual Users - No UNIX accounts at ALL
On 2011-07-20 21:38, Rich wrote: use sasl authentication. Apropos of what, exactly ? The OP asked about how to implement pure virtual user setups, with no system accounts receiving mail. I fail to see how SASL is involved. On Wed, Jul 20, 2011 at 12:11 PM, Jeroen Geilman jer...@adaptr.nl mailto:jer...@adaptr.nl wrote: On 2011-07-20 09:44, Erik - versatel wrote: Hai, I have a configuration and dont want to use UNIX account for receiving or sending mail. I want ONLY Virtual Users. So I did think is this possible. In my current configuration i use: mydestination = $myhostname, localhost.$mydomain, localhost No. For a pure-virtual setup, mydestination would be empty - or, at most, limited to localhost. Please see http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox for details on hosting pure virtual domains with postfix. -- J. -- J.
Re: Σχετ: Anyone solely using SMTP Auth for outbound mail?
On 2011-07-20 22:15, Peter Tselios wrote: Well, since I plan to move into the Postfix wagon, from scratch, I want to learn more about the 587 port submission and the blockage of port 25 for that. What are the best practices on the matter? Are there any documents on that? Soren how do you implement it? See http://www.postfix.org/SASL_README.html#server_sasl to start with. Also look at http://www.postfix.org/TLS_README.html#server_tls_auth because this seems to cause issues for many people when first setting up SASL. As for submission, the stock master.cf has a commented-out example that works as is. Blocking port 25 for submission is a different matter, but you can enforce (some of) it by adding reject_sender_login_mismatch to your smtpd_recipient_restrictions, BEFORE permit_mynetworks. This does two things: 1. it only allows SASL submission with the usernames and sender addresses specifically configured in smtpd_sender_login_maps, and 2. it specifically *prohibits* submission with any of these usernames or sender addresses from UNauthenticated connections. For reference: http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps This way, you can make it impossible for (local network) submissions over unauthenticated connections to use your configured local domain sender addresses (and you should reject any addresses not so configured, in any case). Of course, if this is the only MTA for your local domain(s), and you're willing to enforce SASL on all your users, you can simply REJECT all senders in your local domain(s) on port 25. However, that is an extreme measure and may run into issues with things like mailing lists etc. -- J.
Re: Filtering recipient against sender
On 2011-07-19 01:53, Robert Schmid wrote: On Jul 18, 2011, at 5:47 PM, mouss wrote: Le 18/07/2011 21:41, Robert Schmid a écrit : Ever since I discovered wildcard addressing in qmail (recipient delimiters in postfix) I have been using them to identify which companies and organizations sell my address. In each case, if I give my email address to foo.com, I send it myaddr-...@domain.dom. I'd like to have postfix do this checking for me since I've developed a fairly long list of blacklisted recipient addresses now. I want postfix to check the address extension against the domain root and allow or deny accordingly. you want do what exactly? given an email to joe-...@example.com if sender is from @foo.com then permit else reject You probably want a policy daemon, to have both sender and recipient available during the same query. http://www.postfix.org/SMTPD_POLICY_README.html with an sql table, you can return whatever result you want for a joe-...@exampl.com I know I could do this by writing a script (like greylist.pl) but I was wondering if anyone could identify a built-in solution amongst the many access restrictions and filters provided by postfix. Any ideas? Robert Schmid -- J.
Re: Date: header - Received instead of sent?
On 2011-07-19 00:52, mouss wrote: Le 18/07/2011 23:38, Pablo Chamorro a écrit : Could somebody please tell me if it's possible to setup Postfix in order to make the reception date is shown instead of the email-messages sent-date? The Date: header is defined by the standard as the date the message is sent. do not fight against the standard. I mean, the purpose of my inquiry, is to determine if it's possible to avoid fake or incorrect dates in received email that can cause confusion to users, chiefs and also to avoid legal issues related to the real date and time of reception of the messages. do not trust the Date, subject, body, ... etc. to fight fake dates, use spamassassin or the like. it has rules to compare Date: to Received: headers. I use a (relatively) simple regex header check to winnow out old or impossible dates; alas, it is not possible to compare two headers with header_checks. Spamassassin usually means the message has been accepted; I can understand the OP would prefer to reject it at SMTP time. -- J.
Re: mail gets bounced when send to local bitdefender smtpd
On 2011-07-19 00:31, mouss wrote: Le 18/07/2011 19:01, Jeroen Geilman a écrit : On 2011-07-17 20:19, mouss wrote: Le 17/07/2011 12:49, Thomas Zehbe a écrit : Hello List, I have an installtion using bitdefender as a virus scanner using the content_filter option. bitdefender's smtp daemon listens on port 10025, in main.cf therefore this is defined: content_filter = smtp:[127.0.0.1]:10025 In master.cf a second instance of smtpd is defined, listening on port 10026: 127.0.0.1:10026 inet n - n - 10 smtpd -o content_filter= -o smtp_send_xforward_command=yes When smtp tries to send the mail to bitdefender for scanning, this happens: Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 220 linuxgw.myown.net ESMTP Postfix Jul 17 11:42:55 linuxgw postfix/smtp[20313]: warning: host 127.0.0.1[127.0.0.1] greeted me with my own hostname linuxgw.myown.net Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: EHLO linuxgw.myown.net Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 250-linuxgw.myown.net Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 250-PIPELINING Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 250-SIZE 50240 Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 250-VRFY Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 250-ETRN Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 250-XVERP Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 250 8BITMIME Jul 17 11:42:55 linuxgw postfix/smtp[20313]: warning: host 127.0.0.1[127.0.0.1] replied to HELO/EHLO with my own hostname linuxgw.myown.net Jul 17 11:42:55 linuxgw postfix/smtp[20313]: connect to subsystem private/defer Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr nrequest = 0 Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr flags = 0 Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr queue_id = 2859B35121 Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr original_recipient = tz@localhost Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr recipient = t...@localhost.myown.net Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr reason = mail for 127.0.0.1:10025 loops back to myself main.cf contains mydestination = $myhostname, localhost.$mydomain,$mydomain I think, the bitdefender uses a correct answer for the EHLO, there is no way (i know of) to change the 250 answer of bitdefender. After a dozen hours of research any hint would be appreciated. first, is myown.net a domain of yours, or are you hijacking it? are you exposing domains of others? that would be really bad... second. you need to setup different hostames for the various pieces of servers you use. you'll have problems if one piece connects to another and both think they are the same name. with postfix, use different myhostname values. I think that's only required if you're using multiple instances that send SMTP mail to each other - and he's running 2.0 :) no. you need different names even with a single instance. as soon as one piece talks to another over the network, each needs an identity. He's only running one postfix smtpd, the other host in the above log is bitdefender. The simplest would be to change the hostname of either postfix or bitdefender, whichever makes more sense. is is easily solved with smtp_helo_hostname... smtp_helo_name /nitpick And you're right, that exists in 2.0. Many features we expect as given will be missing in his setup, he should upgrade and then approach the problem fresh. -- J.
Re: Filtering with subject and certain recipient
On 2011-07-18 13:18, Vincent Lefevre wrote: On 2011-07-18 02:30:04 -0500, Stan Hoeppner wrote: On 7/18/2011 1:29 AM, Marky Yehezkiel[SNC] wrote: I am using postfix and want to certain recipient only receive email from outside with certain subject. such as t...@mydomain.com only receive email with subject test 1 and test 2 Is it possible? If yes does anyone has done it ? and how to do that? Something like this is probably better and more easily implemented in your MDA's filter language. What MDA are you using? What if the admin wants to reject the mail if the subject is incorrect (so that the sender knows that the message was not accepted)? Doing that in the MDA is too late if one wants to avoid possible backscatter. Or am I missing something? If your receiving SMTPDs restrictions are sane, a reject from the MDA will not cause backscatter. It will cause the correct DSN to be sent to the correct sender. Anyway, if you must reject it at SMTP time, there is smtp_proxy to put $whatever in between. -- J.
Re: mail gets bounced when send to local bitdefender smtpd
On 2011-07-17 20:19, mouss wrote: Le 17/07/2011 12:49, Thomas Zehbe a écrit : Hello List, I have an installtion using bitdefender as a virus scanner using the content_filter option. bitdefender's smtp daemon listens on port 10025, in main.cf therefore this is defined: content_filter = smtp:[127.0.0.1]:10025 In master.cf a second instance of smtpd is defined, listening on port 10026: 127.0.0.1:10026 inet n - n - 10 smtpd -o content_filter= -o smtp_send_xforward_command=yes When smtp tries to send the mail to bitdefender for scanning, this happens: Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 220 linuxgw.myown.net ESMTP Postfix Jul 17 11:42:55 linuxgw postfix/smtp[20313]: warning: host 127.0.0.1[127.0.0.1] greeted me with my own hostname linuxgw.myown.net Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: EHLO linuxgw.myown.net Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 250-linuxgw.myown.net Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 250-PIPELINING Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 250-SIZE 50240 Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 250-VRFY Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 250-ETRN Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 250-XVERP Jul 17 11:42:55 linuxgw postfix/smtp[20313]: 127.0.0.1[127.0.0.1]: 250 8BITMIME Jul 17 11:42:55 linuxgw postfix/smtp[20313]: warning: host 127.0.0.1[127.0.0.1] replied to HELO/EHLO with my own hostname linuxgw.myown.net Jul 17 11:42:55 linuxgw postfix/smtp[20313]: connect to subsystem private/defer Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr nrequest = 0 Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr flags = 0 Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr queue_id = 2859B35121 Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr original_recipient = tz@localhost Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr recipient = t...@localhost.myown.net Jul 17 11:42:55 linuxgw postfix/smtp[20313]: send attr reason = mail for 127.0.0.1:10025 loops back to myself main.cf contains mydestination = $myhostname, localhost.$mydomain,$mydomain I think, the bitdefender uses a correct answer for the EHLO, there is no way (i know of) to change the 250 answer of bitdefender. After a dozen hours of research any hint would be appreciated. first, is myown.net a domain of yours, or are you hijacking it? are you exposing domains of others? that would be really bad... second. you need to setup different hostames for the various pieces of servers you use. you'll have problems if one piece connects to another and both think they are the same name. with postfix, use different myhostname values. I think that's only required if you're using multiple instances that send SMTP mail to each other - and he's running 2.0 :) Many features we expect as given will be missing in his setup, he should upgrade and then approach the problem fresh. -- J.
Re: Fwd: Postfix SMTP server: errors from 114-24-208-96.dynamic.hinet.net[114.24.208.96]
On 2011-07-14 15:13, Rytec wrote: Sorry guys, Now I got a new request and I see it is rejected by Postfix, so it means that first it is checked by dnsbl and after that passed it is checked by Postfix itself. So I should rearrange my restriction order in main.cf ? Should we know ? Perhaps you can show them. -- J.
Re: Fwd: Postfix SMTP server: errors from 114-24-208-96.dynamic.hinet.net[114.24.208.96]
On 2011-07-14 21:22, rytec wrote: oeps, something went wrong with my message, I see the mail info is not attached, see below the two different sessions: Transcript of session follows. Out: 220 mail.rytec.be ESMTP Postfix (Ubuntu) In: HELO 77.109.86.75 Out: 250 mail.rytec.be In: MAIL FROM:ertre785...@hotmail.com Out: 250 2.1.0 Ok In: RCPT TO:t...@ms67.hinet.net Out: 554 5.7.1 Service unavailable; Client host [114.44.105.43] blocked using b.barracudacentral.org Session aborted, reason: lost connection For other details, see the local mail logfile Transcript of session follows. Out: 220 mail.rytec.be ESMTP Postfix (Ubuntu) In: HELO 77.109.86.75 Out: 250 mail.rytec.be In: MAIL FROM:ertre785...@hotmail.com Out: 250 2.1.0 Ok In: RCPT TO:t...@ms67.hinet.net Out: 504 5.5.277.109.86.75: Helo command rejected: need fully-qualified hostname Session aborted, reason: lost connection For other details, see the local mail logfile WHERE are the smtpd_mumble_restrictions you asked about ? Op 14/07/2011 21:12, Jeroen Geilman schreef: Should we know ? Perhaps you can show them. -- J.
Re: Relay host auth not working
On 2011-07-12 07:12, Ron Garret wrote: On Jul 11, 2011, at 9:31 PM, Stan Hoeppner wrote: On 7/11/2011 8:12 PM, Ron Garret wrote: I'm trying to set up a relay host with authentication according to these instructions: http://anothersysadmin.wordpress.com/2009/02/06/postfix-as-relay-to-a-smtp-requiring-authentication/ but it's not working. I know my SMTP server is set up properly because I can send mail using various other clients, but postfix is apparently not even attempting to authorize. Here are the relevant lines from main.cf: No. Include the FULL output from postconf -n, or, even better, the postfinger tool. We can only guess what you're doing wrong now. -- J.
Re: strange behaviour : incoming queue
On 2011-07-12 07:49, Tom Kinghorn wrote: On 11/07/2011 15:01, Wietse Venema wrote: Rule number one: present actual evidence of the problem. In this case, present actual evidence that mail stays in the Postfix queue. Wietse Apologies It was in the queues/incoming directory So show us those mails. Man postqueue, man postcat. Include relevant logging as well, to show any delivery attempts - grep the logs for the Queue ID. # perl qshape.pl T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 8 2 1 0 0 0 0 0 05 0 vodamail.co.za 7 2 1 0 0 0 0 0 04 0 mx1.vodamail.co.za 1 0 0 0 0 0 0 0 01 0 16 messages in the incoming + active queues. I don't know where you get the 384 figure from, but it's not postfix. Run it for message distribution instead: # qshape -s incoming One message could have 100 recipients for all we know. What would cause the old files in the queues directory not to be cleared out. That situation is unlikely to occur, if ever. If they are not picked up, they were not sent either. -- J.
Re: DNS whitelilst for postscreen_access_list
On 2011-07-10 21:47, İhsan Doğan wrote: Hi, Am 10.07.2011 20:31, schrieb Wietse Venema: I would like to use dnswl.org as an access list for postscreen_access_list. Unfortunately, permit_dnswl_client can be only used for the smtpd_client_restrictions. Is there any other way to use dns based whitelist for postscreen_access_list? Use postscreen_access_list for static black/white lists. Use postscreen_dnsbl_sites for dynamic black/white lists. On the first connect, Postscreen returns a 450 and adds the client to the Postscreen cache. If the sending MTA is white listed, I'd like to avoid this delay. As documented, if the sender is whitelisted, this does not happen. As per http://www.postfix.org/postscreen.8.html, either you manually whitelist a client, in which case all postscreen tests are skipped, or you let it be whitelisted when it passes the tests. It's one or the other, you can't have both. IF these tests include the deep protocol tests, the first message will be deferred. http://www.postfix.org/POSTSCREEN_README.html#after_220 Ihsan -- J.
Re: spawn give a command time limit exceeded
On 2011-07-08 17:54, Damien Robinet wrote: Sorry for the debug, I've think (bad think) that can help for find the reason. That is for example my dunno.pl script: http://pastebin.com/cCQp1Few It's hard to understand why this perl script need more than 3600 sec... It must just reply dunno at postfix when they call the perl script ... So you either USE DUNNO as the RHS, or use a static map static:dunno. Why scripts ?
Re: spawn give a command time limit exceeded
On 2011-07-08 18:30, Damien Robinet wrote: Dear Jeroen, On the main.cf I've this two lines: grey0 = check_policy_service unix:private/dunnopl grey0 = dunno grey1 = check_policy_service inet:127.0.0.1:10023 I use it because the user can select wich greylist or not. I make a request into MySQL, if the user have enable postgrey, MySQL return grey1, if postgrey is disable mysql return grey0. If the grey0 are with no value, postfix return a warning ... I've Nobody said it should return NO value. think it's more proper if I use a script to return dunno at postfix. I don't see why. I'm not a postfix expert sorry, I've read several books, but ... read and practice are not same :) Again sorry for disturb all with this topic. Don't be so sorry all the time, there is no need. -- J.
Re: spawn give a command time limit exceeded
On 2011-07-08 20:30, Victor Duchovni wrote: On Fri, Jul 08, 2011 at 06:33:31PM +0200, Jeroen Geilman wrote: On 2011-07-08 18:30, Damien Robinet wrote: Dear Jeroen, On the main.cf I've this two lines: grey0 = check_policy_service unix:private/dunnopl grey0 = dunno No, one can use: grey0 = check_client_access static:dunno Since access(5) built-in keywords are not always valid restrictions in their own right. But this is really silly, it is far better to just not return any value for the lookup key in question, the default is dunno when the table returns nothing. I make a request into MySQL, if the user have enable postgrey, MySQL return grey1, if postgrey is disable mysql return grey0. Just don't return any result for lookup key. Didn't the OP say that that produced a warning ? We haven't seen said warning, of course - it could be that he means postfix complains when a /policy script/ produces no output. -- J.
Re: Iptables stopping smtp_bind_address from working properly
On 2011-07-08 21:06, Jeffrey Starin wrote: When I turn off the firewall (which I am loath to do) to my VPS I am able to use the command smtp_bind_address just fine. Otherwise, with firewall turned on, I am getting these time out errors in my maillog files: Jul 7 13:00:34 who postfix/smtp[40187]: connect to 127.0.0.1[127.0.0.1]: Connection timed out (port 10027) You will have to allow access from localhost to port 10027 on localhost. -- J.
Re: Iptables stopping smtp_bind_address from working properly
On 2011-07-08 22:37, Jeffrey Starin wrote: On 7/8/2011 4:21 PM, Jeroen Geilman wrote: On 2011-07-08 21:06, Jeffrey Starin wrote: When I turn off the firewall (which I am loath to do) to my VPS I am able to use the command smtp_bind_address just fine. Otherwise, with firewall turned on, I am getting these time out errors in my maillog files: Jul 7 13:00:34 who postfix/smtp[40187]: connect to 127.0.0.1[127.0.0.1]: Connection timed out (port 10027) You will have to allow access from localhost to port 10027 on localhost. -- J. The following is in there. I'm certainly no iptables expert but don't the following rules cover that? Chain INPUT (policy ACCEPT): . . . ACCEPT all -- localhost.localdomain anywhere . . . and in Chain OUTPUT (policy ACCEPT): . . . ACCEPT all -- anywhere localhost.localdomain . . . That depends entirely on what localhost.localdomain stands for. DNS names have no place in iptables rules - they slow it to a crawl, for one thing. -- J.
Re: Iptables stopping smtp_bind_address from working properly
On 2011-07-08 22:43, Jeffrey Starin wrote: On 7/8/2011 4:39 PM, Jeroen Geilman wrote: On 2011-07-08 22:37, Jeffrey Starin wrote: On 7/8/2011 4:21 PM, Jeroen Geilman wrote: On 2011-07-08 21:06, Jeffrey Starin wrote: When I turn off the firewall (which I am loath to do) to my VPS I am able to use the command smtp_bind_address just fine. Otherwise, with firewall turned on, I am getting these time out errors in my maillog files: Jul 7 13:00:34 who postfix/smtp[40187]: connect to 127.0.0.1[127.0.0.1]: Connection timed out (port 10027) You will have to allow access from localhost to port 10027 on localhost. -- J. The following is in there. I'm certainly no iptables expert but don't the following rules cover that? Chain INPUT (policy ACCEPT): . . . ACCEPT all -- localhost.localdomain anywhere . . . and in Chain OUTPUT (policy ACCEPT): . . . ACCEPT all -- anywhere localhost.localdomain . . . That depends entirely on what localhost.localdomain stands for. DNS names have no place in iptables rules - they slow it to a crawl, for one thing. -- J. more /etc/hosts: 127.0.0.1 localhost.localdomain localhost the_ip_address_listed_in_smpt_bind_address the_TLD the_host_name I would think that would work but it's not. . . You originally stated that it works when you disable iptables. This pretty much defines the parameters of the problem - it's limited to iptables. -- J.
Re: Postfix sasl with mysql and multiple servers with different tables
On 2011-07-07 01:54, Simon wrote: Hi There, We are using Postix 2.7.1-1+squeeze1 on Debian Squeeze. I have a quick question regarding sasl auth with mysql and multiple servers... Is there a way to configure postfix to get its SMTP auth data from two different mysql servers with different DB names?? E.g. db_name1 on mysql1 and dbpostfix_other on mysql2? Postfix does not directly communicate with SASL backends. Look up the configuration options for your chosen SASL provider - either dovecot or cyrus. -- J.
Re: What (implicit) option control translation user to first lastname?
On 2011-07-07 16:09, Johan Persson wrote: I have working postfix setup but there is one thing I don't quite understand where it comes from (and that bothers me) I only use one map which is a sender_canonical map to translate local user to a valid external email address. This works fine. However postfix also adds the full name (as taken from passwd) in front Nope. Follow the instructions in the address rewriting debugging example at http://www.postfix.org/ADDRESS_REWRITING_README.html#debugging -- J.
Re: Postfix Spam Filter delivering email to two imap Servers
On 2011-07-06 18:59, motty.cruz wrote: Hello All, I have a Postfix Spam Filter; I want to deliver email to two different imap servers, as portraint in my diagram below. ---Internet--Postfix-in--Amavisd--Poistfinx-out-- imap1 and Imap2 Can this be accomplish with Postfix? Currently my spam filter is delivering email to one imap server but I would like to deliver to two imap servers because we have increase users and want to balance the load between two imap servers. The solution to increased load is not to store all email twice, as this will lead to insurmountable problems sooner rather than later. Consider deleting and/or moving messages, what goes where ? Are these IMAP backends then both synced with each other too ? If not, the next time Joe Q. connects to the other server, his email is all messed up - good luck explaining THAT to the users. If they are, why not deliver to one and sync to the other in the first place? Proper solutions focus on distributing different user accounts to separate storage backends (note that IMAP server != storage server), or scaling up your IMAP solution by, for instance, separating storage from the IMAP frontend(s). Postfix should deliver each message exactly once, so that the task of distributing the mail falls squarely on the chosen mail store solution (which can be very varied, but is never postfix). -- J.
Re: two copies of every email when using always_bcc
On 2011-07-05 21:41, Stefan Guenther wrote: Hello, we have set always_bcc = postmappe@localhost to get a copy of every incoming and outgoing email. The problem now is, that we do not only get one copy of every incoming or outgoing email, but TWO. There reason for this seems to be the content filter: content_filter = smtp-amavis:[127.0.0.1]:10024 When I remove this line, I only get one copy. Can anyone explain why using a content filter creates two copies and is there a way to avoid the second copy? Because the content filter re-injects the message over SMTP. It is a new message as far as postfix is concerned. Since you set this up, one thinks this would be obvious. To prevent this from happening, specify -o receive_override_options=no_address_mappings as an argument to either: A. the main smtpd(8) listener in master.cf, or B. the smtpd(8) re-injection listener for your content filter - also in master.cf. Be advised that this disables processing of ALL address rewriting in the affected smtpd(8) daemon, so choose wisely. Either the main listener does no rewriting, and the content filter sees the original addresses as received by postfix, or the main listener rewrites as configured and the content filter sees only rewritten addresses, thus preventing spam detection on delimited addresses, for example. Thanks for any hints and suggestions, Stefan -- J.
Re: trace service failure
On 06/18/2011 10:57 AM, Vince Sabio wrote: I am running a list server that uses Postfix 2.0.18 (yes, it's a little bit creaky) as its MTA. On one of the lists, users are complaining that they are receiving repeats of one specific message from one specific person; the repeats are being sent out every 70 minutes. (Sounds like a requeue interval.) Not really. The incremental queue backoff times postfix uses means no 2 intervals are likely to be the same. When I check /var/log/maillog, I see entries like this (I've replaced the local-part of each address with LOCALUSER): Jun 18 00:24:16 ares postfix/qmgr[874]: 587564A7357: from=localu...@crs.loc.gov, size=4031, nrcpt=1 (queue active) Jun 18 00:24:16 ares postfix/local[1935]: warning: 587564A7357: trace service failure Oops. Of course, this is documented; http://www.postfix.org/trace.8.html says: *DESCRIPTION* The*bounce*(8) http://www.postfix.org/bounce.8.html daemon maintains per-message log files with delivery status information. Each log file is named after the queue file that it corresponds to, and is kept in a queue subdirectory named after the service name in the *master.cf* http://www.postfix.org/master.5.html file (either*bounce*,*defer* or*trace*). This pro- gram expects to be run from the*master*(8) http://www.postfix.org/master.8.html process manager. The*bounce*(8) http://www.postfix.org/bounce.8.html daemon processes two types of service requests: *o* Append a recipient (non-)delivery status record to a per-message log file. *o* Enqueue a delivery status notification message, with a copy of a per-message log file and of the corresponding message. When the delivery status notification message is enqueued successfully, the per-message log file is deleted. Note that DSN support was added in 2.3, so you don't have the trace option of the bounce(8) daemon. Just locate the offending queue file and kill it. Jun 18 00:24:16 ares postfix/local[1935]: 587564A7357: to=localu...@ares.hva-va.org, relay=local, delay=116238, delays=116238/0.03/0/0.05, dsn=4.3.0, status=deferred (587564A7357: trace service failed) That's all there is (every 70 minutes). The e-mail messages are identical, right down to the Message-ID header. The log entries all have the same transaction ID of 587564A7357. There is no connect from or disconnect from line associated with each new entry -- which makes it appear that the repeats are being generated by Postfix, not the MX at crs.loc.gov. While I was still thinking that these were coming from the external server, I put a rule into header_checks to block anything with crs.loc.gov on the From: line -- Draconian, but temporary. However, it didn't change anything -- lending credence to the indication that these repeats are being generated internally somehow, not arriving from the Blue Yonder. Any idea what's up? And sure, I'd be happy to upgrade Postfix ASAP if this is a known bug in 2.0.18. Else, while I realize that I really should upgrade to the current release, I'd prefer to wait until I have more time. (Postfix has been humming along flawlessly for so long, I'd damned near forgotten about it.) __ Vincent Sabiovi...@vjs.org If you choose to reply off-list, please do not reply to vi...@vjs.org; your message will get lost in the spam pile. Reply to vsabio at mac dot com. -- J.
Re: Send mail to local users only
On 06/15/2011 10:11 AM, mail...@securitylabs.it wrote:
Hello, I've a postfix 2.5.1 with system users. I need to restrict one
user to be able to send mail to local users only.
My conf:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 1d
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
inet_interfaces = all
mail_owner = postfix
mailbox_command = procmail -a $EXTENSION
mailbox_size_limit = 0
maximal_queue_lifetime = 2d
message_size_limit = 5120
mydestination = local domains list
myhostname = mail.domain.tld
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 192.168.1.0/24
myorigin = /etc/mailname
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/recipient_relayhost
Someone can point me to the right direction?
Use a restriction class:
http://www.postfix.org/RESTRICTION_CLASS_README.html
Note that this is SMTP only; it will not work with locally submitted
(sendmail) mail.
Thanks.
--
J.
Re: postfix bounce message configuration
On 06/15/2011 09:48 PM, Zhou, Yan wrote: Jeroen, Thanks, the way I see it is that the remote SMTP server rejects the message, so my local SMTP server is generating this bounce message to notify the sender. So, if I am sending a message that has invalid recipient address or the message exceeds limit, there is no way not getting these mandatory bounce messages. What I could configure is whether anyone else (such as postmaster) should be notified such bounce message, which is what notify_classes configuration for? That is in addition to notify the sender via bounce message. Is my understanding correct? That is correct. Just unset bounce_notice_recipient and no bounce notifications will be sent. I was under the impression that you wanted to prevent sending out bounces at all. This is a Very Bad Idea. Thanks, Yan Confidentiality Notice: The information contained in this electronic transmission is confidential and may be legally privileged. It is intended only for the addressee(s) named above. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by telephone (513) 229-5500 or by email (postmas...@medplus.com). After replying, please erase it from your computer system. -- J.
Re: Error Message on sending mail
On 06/14/2011 02:11 PM, kibirango moses wrote: Contents of my /var/log/maillog postfix/smtpd[7586]: localhost[127.0.0.1]: 250-AUTH PLAIN LOGIN postfix/smtpd[7586]: localhost[127.0.0.1]: 250-ENHANCEDSTATUSCODES postfix/smtpd[7586]: localhost[127.0.0.1]: 250-8BITMIME postfix/smtpd[7586]: localhost[127.0.0.1]: 250 DSN postfix/smtpd[7586]: localhost[127.0.0.1]: AUTH LOGIN postfix/smtpd[7586]: xsasl_cyrus_server_first: sasl_method LOGIN postfix/smtpd[7586]: xsasl_cyrus_server_auth_response: uncoded server challenge: Username: postfix/smtpd[7586]: localhost[127.0.0.1]: 334 VXNlcm5hbWU6 postfix/smtpd[7586]: localhost[127.0.0.1]: bWtpYmlyYW5nb0BkaWN0cy5tYWsuYWMudWc= postfix/smtpd[7586]: xsasl_cyrus_server_next: decoded response: mkibira...@xxx.xx.xx.xx postfix/smtpd[7586]: xsasl_cyrus_server_auth_response: uncoded server challenge: Password: postfix/smtpd[7586]: localhost[127.0.0.1]: 334 UGFzc3dvcmQ6 postfix/smtpd[7586]: localhost[127.0.0.1]: a2liczcxbQ== postfix/smtpd[7586]: xsasl_cyrus_server_next: decoded response: kibs71m Please, no verbose logs unless specifically requested. One hardly ever needs verbose logging, unless one suspects a bug. postfix/master[3313]: warning: process /usr/libexec/postfix/smtpd pid 7586 killed by signal 11 postfix/master[3313]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling A configuration failure causes smtpd to abort. Do i still need to configure smtp auth and what pwcheck method should i use? WE don't know if you need SMTP AUTH. When in doubt, consult the documentation: http://www.postfix.org/SASL_README.html I suggest you start with dovecot as your SASL provider, as it is very easy to set up. -- J.
Re: Messages held in queue with no warning/error
On 06/07/2011 10:42 PM, Kai Wang wrote: Hello, We have a postfix server which does forwarding messages to virtual domains. B459E38562! 118003 Tue Jun 7 10:21:49 profs-cpsc-l-boun...@mailman.ucalgary.ca us...@ucalgary.ca us...@ucalgary.ca us...@ucalgary.ca [root@forward ~]# grep B459E38562 /var/log/maillog Jun 7 10:21:49 forward postfix/smtpd[19795]: B459E38562: client=mailman.ucalgary.ca[136.159.86.149] Jun 7 10:21:49 forward postfix/cleanup[18782]: B459E38562: hold: header Received: from forward2.ucalgary.ca (forward2.ucalgary.ca [136.159.34.105])??by mhub3.UCALGARY.CA (Postfix) with ESMTP id 7A94774004??forprofs-cps...@mailman.ucalgary.ca;??Tue, 7 Jun 2011 10:21:29 from mailman.ucalgary.ca[136.159.86.149]; from=profs-cpsc-l-boun...@mailman.ucalgary.ca to=alh...@cpsc.ucalgary.ca proto=ESMTP helo=mailman.ucalgary.ca Jun 7 10:21:49 forward postfix/cleanup[18782]: B459E38562: message-id=bbbe706e2a04594d9edcd361a81c90ffc855774...@exmb01.admin.ad.ucalgary.ca You configured something that sends the message to the HOLD queue; this does not happen automatically. As requested when you joined this list, show postconf -n and it will be easily explained. -- J.
Re: postscreen_dnsbl_sites vs. reject_rbl_client
On 06/06/2011 10:45 PM, Rich Wales wrote: If I enable postscreen and specify my choice of blocklists and whitelists in postscreen_dnsbl_sites, am I correct in assuming that I might as well remove any reject_rbl_client and permit_dnswl_client clauses from my smtpd_*_restrictions, since they will now be redundant? On the interfaces and ports that postscreen(8) passes mail to, yes. If you have a dedicated submission port, this is not affected by postscreen running on port 25. Do note that the behaviour is different; you will be able to directly transplant your reject_rbl_client RBLs to postscreen, but postscreen has many more options available, such as checking for exact return values, and scoring different RBLs with separate weight values. -- J.
Re: postscreen MX Policy test and multiple listening IP addresses
On 06/05/2011 04:54 PM, kshitij mali wrote: Hello all, HI! Please: 1. DO NOT Top-post, 2. Reply to the LIST, and 3. DO NOT hijack threads for your own issues. Thanks! -- J.
Re: Postfix/Sendmail and Apache James
On 06/06/2011 01:02 AM, Marc Chamberlin wrote: Thanks Wietse for replying! From your reply, I think you are interpreting my question as asking how Apache James can use Postfix/Sendmail to process email for it. Actually, what I need is the other way around, how to configure Postfix/Sendmail to relay email to the Apache James email server without causing a conflict between the two services. If you follow the link to the webpage that I provided in my posting, it will explain what is needed to run the old Sendmail app with Apache James. Basically there are 4 things which need to be done - 1. Stop Postfix/Sendmail from running as an SMTP daemon 2. Set up Postfix's frontend Sendmail to relay email to the James server on localhost. 3. Stop Postfix's Sendmail complaining about mail apparently looping back, if necessary. 4. James requires SMTP AUTH, so mail relayed to it from Sendmail will need to follow the log in protocols. I won't need Postfix to receive and process email for local users either, just need the Sendmail API for other applications running on the servers. 1. Comment out the smtpd(8) service in master.cf. 2. Configure the domains in question as relay_domains; fill in relay_recipient_maps if they are known, or unset it if they are not. NOTE that unsetting relay_recipient_maps inherently trusts all mail submitted via sendmail(1); it's up to you if you want to risk this. 3. Show that this happens at all. 4. Set up client SASL in the smtp(8) service as documented in http://www.postfix.org/SASL_README.html#client_sasl Reload postfix. -- J.
Re: Postfix/Sendmail and Apache James
On 06/06/2011 01:11 AM, Jeroen Geilman wrote: On 06/06/2011 01:02 AM, Marc Chamberlin wrote: Thanks Wietse for replying! From your reply, I think you are interpreting my question as asking how Apache James can use Postfix/Sendmail to process email for it. Actually, what I need is the other way around, how to configure Postfix/Sendmail to relay email to the Apache James email server without causing a conflict between the two services. If you follow the link to the webpage that I provided in my posting, it will explain what is needed to run the old Sendmail app with Apache James. Basically there are 4 things which need to be done - 1. Stop Postfix/Sendmail from running as an SMTP daemon 2. Set up Postfix's frontend Sendmail to relay email to the James server on localhost. 3. Stop Postfix's Sendmail complaining about mail apparently looping back, if necessary. 4. James requires SMTP AUTH, so mail relayed to it from Sendmail will need to follow the log in protocols. I won't need Postfix to receive and process email for local users either, just need the Sendmail API for other applications running on the servers. 1. Comment out the smtpd(8) service in master.cf. 2. Configure the domains in question as relay_domains; fill in relay_recipient_maps if they are known, or unset it if they are not. NOTE that unsetting relay_recipient_maps inherently trusts all mail submitted via sendmail(1); it's up to you if you want to risk this. I forgot to mention that if you want to allow this for ALL mail, this won't work; you will have to allow all mail to relay through postfix, and set up relayhost to point to your James instance. The risk noted above will increase accordingly. 3. Show that this happens at all. 4. Set up client SASL in the smtp(8) service as documented in http://www.postfix.org/SASL_README.html#client_sasl Reload postfix. -- J.
Re: yahoo sending to me is timing out
On 06/04/2011 02:59 AM, Eric Smith wrote: Hello postfix world, I seem to be receiving all of my emails excepting some from people who have emails with yahoo email acounts.They are either taking up to 20 hours in yahoo's queue or being returned. The postfix is a spam filter (amavis/clamscan/SA) for an exchange forest of 55 users, not many, so not much of a load. I am not getting any reports from other legitimate domains sending us emails having this issue. I have tried a bunch of things found on the internet, but the errors still exist. This was not a problem on my prior filter build on postfix 2.2.10. I had generally ignored such errors as my thinking was that these were caused by poorly designed bots, that may be a mistaken assumption with this more current postfix. I am thinking that there is more controls that I might be missing. So please find below an error from a client at yahoo, examples or the errors in postfix logs and my postfix -n output. Thank you for any help or insights that you may have! Eric Client errors are like this, Sorry, we were unable to deliver your message to the following address. Message expired for domain techsoft3d.comhttp://techsoft3d.com/ And what have you configured that produces this message ? Getting these sorts of errors from yahoo on my postfix 2.8.1 server, Jun 3 17:32:02 loki postfix/smtpd[2579]: connect from nm16-vm0.bullet.mail.sp2.yahoo.com[98.139.91.210] Jun 3 17:32:02 loki postfix/smtpd[2579]: C012C640593: client=nm16-vm0.bullet.mail.sp2.yahoo.com[98.139.91.210] Jun 3 17:32:02 loki postfix/smtpd[2579]: lost connection after RCPT from nm16-vm0.bullet.mail.sp2.yahoo.com[98.139.91.210] Jun 3 17:32:02 loki postfix/smtpd[2579]: disconnect from nm16-vm0.bullet.mail.sp2.yahoo.com[98.139.91.210] tcp_windowsize = 256 Disable TCP windowing; there was a thread on this list not 3 days ago detailing how it can cause hard-to-find network issues. -- J.
Re: Postfix restricting local mail locally.
On 06/04/2011 02:50 AM, Kendrick wrote: I am trying to make it so that postfix takes specific actions when spam from my domian externally arrives. smtpd_recipient_restrictions / reject_unknown_... looked prommising but I dont see how to work it with the information given. When a new message arrives with [from: somt...@mydomain.com] [to:somt...@mydomain.com] and sender ip address does not = $mynetworks i want to send connecting pc's ip to external scripts if possible and the least reject the message. reverse dns lookup from my internal dns server would work as well. eventually I may be interested in having tls or something authenticate external users to send from mydomian but that is not a big concern right now. If need be vpn will solve that need. any suggestions are appriciated. If I missed a how-to or something I appriciate the links. I dont always figure the best key words to find these things. In main.cf: smtpd_recipient_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/my_own_domains, reject_unauth_destination and in my_own_domains: techsoft3d.com REJECT etc. Or one of the other possible actions; there are quite a few, read the man page for details: http://www.postfix.org/access.5.html -- J.
Re: how to count recipient count per user in filter
On 06/02/2011 09:57 AM, Selcuk Yazar wrote: Hi I wrote my problem before , but i want to create correct solution for smtp_destination_recipient_limit This is an smtp(8) setting; it does not apply to recipients in *received* mail. in main.cf http://main.cf we set smtp_destination_recipient_limit=50 but we have stupid users :) they ignore account quota phishing mails and they give their passwords :$ i want to control recipient count for per mail , if one user send totaly send mail for 100 or 150 or more recipient i want to stop postfix or alert me some way So you limit the amount of recipients in *received* mail, with smtpd_recipient_limit. Note that setting this too low will probably break all sorts of things. is it possible ? becouse when i looked in maillogs there are too many mail has recipient count is 50. Again, trying to combat smtpd(8) troubles with smtp(8) settings won't have any effect. -- J.
Re: configuration concept help
On 05/31/2011 01:00 AM, an...@melted-ice.co.uk wrote: Hi, I have a problem trying to work out a postfix solution. I have 2 smtp servers: Mail gateway VSgate1 for MX, Spam, Virus Mail server Postfix1 for general mail processing and storage. my aim is to achieve the following 1. receive all mail through gateway mail server VSgate1. 2. VSgate1 delivers all successful mail to postfix server Postfix1 and process internally. 3. from postfix server Postfix1 send ALL mail to VSgate1 for washing 4. VSgate1 delivers internal as per 2. 5. VSgate1 delivers external mail to internet My question is can anyone point me in the right direction to solve the traffic flow with out causing a mail loop between the 2 servers. No. You are deliberately creating a loop. Mail will forever loop between 2. and 4. above. I already can do item 1. but cannot work out the rest. Why do you need to do this ? It looks very unnecessary. Start here: http://www.postfix.org/STANDARD_CONFIGURATION_README.html -- J.
Re: Mail to self DNS
On 05/29/2011 01:50 PM, Ronald MacDonald wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, Just been having a look through my config. I've an obscure case, where I've added a domain to the alias/lookup tables but the customer has not yet changed her DNS settings. In this case, when I'm waiting for a client to update DNS, I still need to be able to get in touch with them. It looks like I've done something funny, whereby Postfix does not look up DNS MX records for domains it considers 'local'. First of all, would it be advisable to try and change/update this so that DNS is referred to for each and every email, even on local delivery and second of all, if this is the case, where would I be advised to look in config to make this alteration? Wherever this is applicable, putting a hostname or domain name inside square brackets prevents an MX lookup. mail.example.com : look up MX record for mail.example.com; if this exists, look up the A record for the MX; if this does not exist, look up the A record for mail.example.com [mail.example.com] : look up A record for mail.example.com. mydestination = mail.rmacd.com, localhost This does not cause DNS lookups, because postfix handles the domain itself, so there is no reason to do a DNS lookup. HOWEVER, relaying the mail to its destination does cause postfix to look up the destination's MX record (if any). In general, no MX lookups are done when receiving mail - except when explicitly requested via restrictions such as check_*_mx_access. Lookups for MX records are done when delivering mail; show logs where the behaviour occurs and somebody might be able to help. -- J.
Re: sender dependent transport map
On 05/28/2011 11:45 AM, Joe Wong wrote: Hello, I found that if the mail relay defined in sender dependent transport map That doesn't exist; do you mean sender_dependent_default_transport_maps, or sender_dependent_relayhost_maps ? They behave differently. is temporary unreachable during first mail delivery attempt, the 2nd mail delivery is using relayhost setting defined in main.cf http://main.cf. Is this expected? You say transport but refer to a relayhost. Which is it ? Provide configuration and relevant logs as requested in http://www.postfix.org/DEBUG_README.html#mail -- J.
Re: root-alias Problem
On 05/27/2011 02:54 PM, Peter H. Coffin wrote: On Fri, May 27, 2011 at 09:14:54AM +0200, Finzel, Heiko wrote: Hi, I'm currently having some trouble setting up an alias for the root user on several Redhat machines. Although I the alias was set using newaliases and postalias and although postmap -q is telling me the alias is ok, postfix keeps sending root mails to root@##MYORIGIN##. The following entry was added to the default entries (postmaster: root etc.) of the /etc/aliases: root: -ad...@abcd.de It was mapped with newaliases/ postalias and postfix was reloaded/restarted, then it was tested with postmap -q root hash:/etc/aliases. But if the system is now actually sending mail to root (for example cron, but also mail send via mailx), it will still go to root@##MYORIGIN## and not to the one listed in /etc/aliases. From the logs: May 26 15:15:52 # postfix/qmgr[22268]: 5B001895D: from=root@##MYORIGIN##, size=453, nrcpt=1 (queue active) May 26 15:15:52 # postfix/smtp[22736]: 5B001895D: to=root@##MYORIGIN##, orig_to=root, relay=mail. ##MYORIGIN## [###.###.###.###]:25, delay=0.28, delays=0.11/0.01/0.07/0.1, dsn=2.0.0, status=sent (250 Message accepted for delivery) I think we're missing the rest of the log. This shows the mail being accepted, but not where it's being delivered to. The alias processing happens after that. No, aliasing happens before mail is put on the queue, as is evident from the above entry (orig_to=root). The REAL issue is that mail is being sent (from the system user root) to the unqualified address of the system user root. The aliases in alias_database are applied to addresses whose domain is in $mydestination. However, the behaviour shown here is that he has append_at_myorigin set to yes, which transforms the unqualified address root to root@$myorigin. If $myorigin is NOT in $mydestination (and it is obvious that it is not) then the shown behaviour is the result. -- J.
Re: No Netflix, lost connection after CONNECT
On 05/28/2011 03:15 AM, Justin Tocci wrote: My wife is complaining that we don't get email from Netflix anymore but I'm wondering what else we're missing. Check out this smtp log: May 27 11:50:27 server postfix/smtpd[45795]: connect from mx-ecom.netflix.com[208.75.76.252] netflix connects to postfix. May 27 11:50:58 server postfix/smtpd[45795]: lost connection after CONNECT from mx-ecom.netflix.com[208.75.76.252] netflix disconnects from postfix without sending any (valid) SMTP commands. May 27 11:50:58 server postfix/smtpd[45795]: disconnect from mx-ecom.netflix.com[208.75.76.252 postfix drops the connection. guidance (Lynda.com) Please refer to the official documentation at http://www.postfix.org/documentation.html ; online guides, howtos and tutorials are often confused, confusing, or plain wrong. If anyone has any ideas I'm all ears. tcpdump(8) the connection to see what is really happening. If netflix doesn't send anything, ask *them* what is wrong. Perhaps instead of randomly turning things off is there a way to find out more about what may be going on inbetween the gaps in the log? I have the log level set to DEBUG which is the highest setting in Please don't do that; it often obscures the simpler issues if you don't know what you're looking for (or at). -- J.
Re: Join my network on LinkedIn
On 05/26/2011 11:58 PM, Reindl Harald wrote: can somebody please remove the idiots from LinkedIn from mailing-lists? s/from LinkedIn// -- J.
Re: transport not triggered
On 05/25/2011 11:22 AM, houmles wrote:
Hi all,
Iam trying to setup autoreply via transport on already running
mail server. My problem is transport isn't triggered instead all
vacation emails are going thru none transport.
main.cf:
transport_maps = mysql:/etc/postfix/mysql/transport_maps.cf
in transport table i have:
autoreply.domain.org autoreply:
postmap -q autoreply.domain.org
mysql:/etc/postfix/mysql/transport_maps.cf returns:
autoreply:
in virtual table i have:
u...@domain.org u...@domain.org@autoreply.domain.org
in master.cf
autoreply unix - n n - - pipe
flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f
${sender} -- ${recipient}
user and group vacation exist
Even though in logs i have message bounced as User unknown in virtual
alias table because mail is handled by relay=none not by autoreply.
Any help?
autoreply.domain.org MUST be in one of mydestination,
virtual_mailbox_domains, virtual_alias_domains, or relay_domains.
Other than that, show the actual logs.
Thanks
--
J.
Re: transport not triggered
On 05/25/2011 11:13 PM, houmles wrote:
I have virtual_alias_domains=$transport_maps so it should be there.
There is log:
May 25 23:43:40 prusa3 postfix/smtpd[7395]: A4B08382:
client=xxx.xxx.xxx[x.x.x.x]
May 25 23:43:40 prusa3 postfix/cleanup[7398]: A4B08382:
message-id=4ddd6c14.9030...@domain.com
May 25 23:43:40 prusa3 postfix/qmgr[7392]: A4B08382:
from=x...@domain.com, size=940, nrcpt=2 (queue active)
May 25 23:43:40 prusa3 postfix/error[7400]: A4B08382:
to=t...@domain.org@autoreply.domain.org, orig_to=t...@domain.org,
relay=none, delay=0.05, delays=0.02/0.01/0/0.02, dsn=4.0.0,
status=SOFTBOUNCE (User unknown in virtual alias table)
May 25 23:43:40 prusa3 postfix/pipe[7399]: A4B08382:
to=t...@domain.org, relay=maildrop, delay=0.05,
delays=0.02/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via
maildrop service)
If I try to set it to virtual_mailbox_domains or relay_domains problem
is same but in mydestination I received 2 mails to my mailbox, no
autoreply sent:
Log:
May 25 23:44:53 prusa3 postfix/smtpd[7594]: 0C443382:
client=xxx.xxx.xxx[x.x.x.x]
May 25 23:44:53 prusa3 postfix/cleanup[7597]: 0C443382:
message-id=4ddd6c5c.3060...@domain.com
May 25 23:44:53 prusa3 postfix/qmgr[7592]: 0C443382:
from=x...@domain.com, size=940, nrcpt=2 (queue active)
May 25 23:44:53 prusa3 postfix/pipe[7598]: 0C443382:
to=t...@domain.org, relay=maildrop, delay=0.05,
delays=0.02/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via
maildrop service)
May 25 23:44:53 prusa3 postfix/pipe[7599]: 0C443382:
to=t...@domain.org, relay=maildrop, delay=0.06,
delays=0.02/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via
maildrop service)
May 25 23:44:53 prusa3 postfix/qmgr[7592]: 0C443382: removed
On 05/25/11 22:22, Jeroen Geilman wrote:
On 05/25/2011 11:22 AM, houmles wrote:
Hi all,
Iam trying to setup autoreply via transport on already running
mail server. My problem is transport isn't triggered instead all
vacation emails are going thru none transport.
main.cf:
transport_maps = mysql:/etc/postfix/mysql/transport_maps.cf
in transport table i have:
autoreply.domain.org autoreply:
postmap -q autoreply.domain.org
mysql:/etc/postfix/mysql/transport_maps.cf returns:
autoreply:
in virtual table i have:
u...@domain.org u...@domain.org@autoreply.domain.org
in master.cf
autoreply unix - n n - - pipe
flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f
${sender} -- ${recipient}
user and group vacation exist
Even though in logs i have message bounced as User unknown in virtual
alias table because mail is handled by relay=none not by autoreply.
Any help?
autoreply.domain.org MUST be in one of mydestination,
virtual_mailbox_domains, virtual_alias_domains, or relay_domains.
Other than that, show the actual logs.
Thanks
The RHS of virtual_alias_maps must also be a valid address, or postfix
will rightfully reject it.
Consider changing the logic to use user+dom...@autoreply.domain.org.
--
J.
Re: RFC 2822 and From header field
On 05/24/2011 01:03 AM, Boris Korzun wrote: RFC 2822 says that originator header fields with the full name (of person who sent the message) in parentheses after address without angle brakets is legacy form. And postfix's sendmail sends message from user with the fullname in parentheses, Incorrect. Sendmail(1) accepts and sends RFC5322-compliant messages; it does not invent data that was not present. The From: header is either A) already present in the submitted RFC5322-compliant message, or B) provided on the sendmail(1) commandline with the -F flag, or C) taken from the NAME environment variable, or D) taken from the envelope sender provided with the -f flag if none of the above apply. http://www.postfix.org/sendmail.1.html but Sendmail (Sendmail Consortium) sends message from user by RFC implementation (the fullname is before the address with angle bracket). Can postfix developers do rewrite engine (cleanup_message.c and other) for RFC implementation? What does sendmail(1) have to do with cleanup(8) ? Postfix is an MTA, it does not rewrite mail unless you specifically tell it to. If your client submits mail with the legacy form of the From: header, fix the client. -- J.
Re: RFC 2822 and From header field
On 05/24/2011 08:44 AM, Jeroen Geilman wrote: On 05/24/2011 01:03 AM, Boris Korzun wrote: RFC 2822 says that originator header fields with the full name (of person who sent the message) in parentheses after address without angle brakets is legacy form. And postfix's sendmail sends message from user with the fullname in parentheses, Incorrect. Sendmail(1) accepts and sends RFC5322-compliant messages; it does not invent data that was not present. The From: header is either A) already present in the submitted RFC5322-compliant message, or B) provided on the sendmail(1) commandline with the -F flag, or C) taken from the NAME environment variable, or D) taken from the envelope sender provided with the -f flag if none of the above apply. http://www.postfix.org/sendmail.1.html And then formats it as Sender (full name). Sorry about that. -- J.
Re: sender_dependent_relayhost_maps question
On 05/23/2011 03:35 AM, Jeffs wrote: Hello All, Assume the following setup: Client from xyz.com logins to Many_Companies.com, accesses their email campaign software running on Many_Companies.com and sends out newsletters. A short time later a client from def.com logins to Many_Companies.com, accesses their email campaign software running on Many_Companies.com and sends out newsletters. They both access the same software just have user accounts that are different on the same server. Postfix uses sender_dependent_relayhost_maps to channel xyz.com messages to interface eth0:1 and def.com messages to the the eth0:2 interface. Those virtual interfaces are mapped to IP addresses that are registered addresses for xyc.com and def.com respectively. Here is the question: Will the received from headers in those messages reflect an origination IP address of Many_Companies.com's IP address or xyc.com and def.com IP addresses respectively? I need the setup to reflect origination emails only coming from the respective IP addresses for xyz.com and def.com, NOT Many_Companies.com's IP address. If this functionality is running on a box that has an IP that belongs to many-conmpanies.com, then that IP will be reflected in the message exchange, possibly multiple times, yes. Since SMTP is an IP protocol, it's hard to see how it could be otherwise. Thank you. -- J.
Re: Which Linux have the most recent Postfix ?
On 05/23/2011 10:50 AM, Reindl Harald wrote: Am 23.05.2011 10:25, schrieb Mihira Fernando: On 05/23/2011 12:32 PM, Robert Schetterer wrote: agree, however somebody can search by it own here http://distrowatch.com/search.php taking it one step further : http://distrowatch.com/search.php?pkg=postfixpkgver=2.8.3#pkgsearch shows : Arch Linux: current Ark Linux: dockyard Debian GNU/Linux: unstable, testing Fedora: rawhide FreeBSD: 9, 8 Gentoo Linux: unstable Lunar Linux: moonbase Mandriva Linux: cooker PLD Linux Distribution: 3.0 openSUSE: factory T2 SDE: snapshot Ubuntu: snapshot Vine Linux: VineSeed but this is now and which distro have in 4 months the newest version does nobody know and i doubt none of them without manual rebuilding and the decision what OS should never be dependent on a single-package Unless that package is the reason you run the OS. -- J.
Re: Put mails to specific users in HOLD queue
On 05/22/2011 09:06 PM, Sahil Tandon wrote: On Sun, 2011-05-22 at 17:16:52 +0200, Leon Meßner wrote: On Sun, May 22, 2011 at 04:39:22PM +0200, Pascal Volk wrote: On 05/22/2011 04:24 PM Leon Meßner wrote: Hi, i'm curious if there is a mechanism to stop postfix from delivering mail for just specific recipients. I ask because i need to migrate some users mail storage and need to umount it. It would be nice to generate no errors and just hold the mails in the queue until i release them again. /etc/postfix/main.cf: transport_maps = hash:/etc/postfix/transport /etc/postfix/transport: john@example.comretry:4.0.0 Mailbox being migrated jane@exmpale.comretry:4.0.0 Mailbox being migrated postmap /etc/postfix/transport postfix reload If i understand right, this will send 4.0.0 as smtp status code and thus force a retry on the other end. This will suffice i suppose. You misunderstand. As documented in error(8), when the service name is retry, Postfix defers all recipients in the delivery request using the next-hop information as the reason for non-delivery. That said, temporarily rejecting mail is actually the RFC-correct way to take a mail server and its mailboxes out of commission. The HOLD queue is useful when you need to act on a small number of specific messages, but in general soft-rejecting would be better, because it informs the sender as well. Of course, if he adapts his migration plan by first setting up the new mailbox destination system, a simple transport_maps entry is all that is required. -- J.
Re: sent mail statistics - lots more than expected?
On 05/23/2011 01:25 AM, Troy Piggins wrote: I've recently been keeping an eye on my mail statistics usingmailgraph http://mailgraph.schweikert.ch/ . I'm impressed by the amount of spam/rejections achieved using just postgrey and some postfix restrictions. One thing that is puzzling me is the number of sent/received msgs. eg today's stats have 108 msgs sent and 187 received. With the number of mailing lists I'm on and the number of users on thisfamily domain, that sounds about right for the received messages. But there is no way 108 messages were sent. I don't think I personally sent any other than this one. The other users on this domain would not have sent that many, maybe 10 tops. It's the same for weekly and monthly stats. The sent messages seems extremely high. Wondering if the sent for this application included the postfix rejection messages? What other messages could be included? Postfix is an MTA - mail comes in, mail goes out. Mailgraph counts all messages where the status=sent. This includes DSNs sent by postfix. If you don't believe the numbers, feel free to parse the log yourself :) Sorry if this is OT here, but figured many users here would be familiar with it? Another useful tool to gather statistics is pflogsumm; this provides more detail about what happened to messages. -- J.
Re: Custom message-id
On 05/22/2011 03:46 AM, Diego Woitasen wrote: Hi, I'm writing a report system and I want to identify the messages moving through my mail servers. I need this because I must save some headers and the first lines of the message in a database with the information from the log files. I think that the best way to relate the messages with the log lines is using the message-id but it has a problem. I can't trust in messages that arrive from the world. So what a want to do is to replace the message-id when every message arrives to our MXs and copy the original message-id to a second header. Message-id sometimes are useful to debug issues and I don't want to loose that information. Suggestions about how to do this? Read http://www.postfix.org/header_checks.5.html on how to manipulate headers. The more complex case of dual actions you want may be better solved using milters, though: http://www.postfix.org/MILTER_README.html Can you explain why you need log information ? If you don't, simply piping all mail through an external processor will be the simplest way to extract information from it. This can be achieved in various ways, using recipient_bcc_maps or an smtp proxy. Regards, Diego -- Diego Woitasen -- J.
Re: rsyslog-filter
On 05/21/2011 01:00 AM, Reindl Harald wrote: Hm? This message was sent by a program, not by a human person. Your submission to the postfix-users mailing list was rejected for the following reason: BOUNCE postfix-users@postfix.org: Admin request: /^subject:\s*help\b/i Original-Nachricht Betreff: help with rsyslog-filter Datum: Sat, 21 May 2011 00:57:23 +0200 Von: Reindl Haraldh.rei...@thelounge.net Organisation: the lounge interactive design An: Mailing-List postfixpostfix-users@postfix.org i need a little help the following line should filter spam to ivalid rcpt works fine, see first log-message, but is there any way to exclude lines that also contains too large to see them in the messagelog (2nd line)? :msg, contains, RCPT from unknown[10.0.0.20] ~ No, it matches mail from a specific local IP without fcrdns hostname. It says nothing about spam. May 21 00:47:23 mail postfix/smtpd[2005]: NOQUEUE: reject: RCPT from unknown[10.0.0.20]: 550 5.1.1inva...@example.com: Recipient address rejected: User unknown in local recipient table; from=postmas...@barracudanetworks.com to=inva...@example.com May 21 00:42:20 mail postfix/smtpd[2005]: NOQUEUE: reject: RCPT from unknown[10.0.0.20]: 552 5.7.1va...@example.com: Recipient address rejected: Message too large, recipient va...@example.com would exceed size limits at this time; from=postmas...@barracudanetworks.com to=va...@example.com -- J.
Re: rsyslog-filter
On 05/21/2011 01:47 AM, Reindl Harald wrote: Am 21.05.2011 01:32, schrieb Jeroen Geilman: On 05/21/2011 01:00 AM, Reindl Harald wrote: Hm? This message was sent by a program, not by a human person. Your submission to the postfix-users mailing list was rejected for the following reason: BOUNCE postfix-users@postfix.org: Admin request: /^subject:\s*help\b/i Original-Nachricht Betreff: help with rsyslog-filter Datum: Sat, 21 May 2011 00:57:23 +0200 Von: Reindl Haraldh.rei...@thelounge.net Organisation: the lounge interactive design An: Mailing-List postfixpostfix-users@postfix.org i need a little help the following line should filter spam to ivalid rcpt works fine, see first log-message, but is there any way to exclude lines that also contains too large to see them in the messagelog (2nd line)? :msg, contains, RCPT from unknown[10.0.0.20] ~ No, it matches mail from a specific local IP without fcrdns hostname. It says nothing about spam. It does because this is a spam-firewall-appliance with FQRDNS delivering to an explicit port without dns lookups, i search a way to filter only unknown in local recipient table with rsyslog BUT ONLY if the sender is 10.0.0.20 because it spams the log in a way you see no real problems but if have no idea if and how a logical and here is possible May 21 00:47:23 mail postfix/smtpd[2005]: NOQUEUE: reject: RCPT from unknown[10.0.0.20]: 550 5.1.1inva...@example.com: Recipient address rejected: User unknown in local recipient table; from=postmas...@barracudanetworks.com to=inva...@example.com May 21 00:42:20 mail postfix/smtpd[2005]: NOQUEUE: reject: RCPT from unknown[10.0.0.20]: 552 5.7.1va...@example.com: Recipient address rejected: Message too large, recipient va...@example.com would exceed size limits at this time; from=postmas...@barracudanetworks.com to=va...@example.com If all your incoming mail is scanned by the machine on that IP, why does it matter that it comes from that IP ? All mail comes from that IP, so there is no reason to check for it. -- J.
Re: Posftix/Dovecot deliver
On 05/19/2011 01:19 AM, Sahil Tandon wrote: On Wed, 2011-05-18 at 19:05:11 -0300, Gonzalo Rodriguez wrote: May 18 09:49:35 FOOBAR-0010 postfix/local[16584]: 8808D26125: to=gonza...@foobar.com.ar, relay=local, delay=0.92, delays=0.91/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox) Where is 'foobar.com.ar' listed in your configuration? If you must obscure hostnames/IPs, please do so consistently. bash-4.1$ host foobar.com.ar foobar.com.ar has address 190.228.29.85 foobar.com.ar mail is handled by 10 mx5.foobar.com.ar. foobar.com.ar mail is handled by 5 nolisting.foobar.com.ar. foobar.com.ar mail is handled by 10 mx1.foobar.com.ar. foobar.com.ar mail is handled by 10 mx2.foobar.com.ar. foobar.com.ar mail is handled by 10 mx3.foobar.com.ar. foobar.com.ar mail is handled by 10 mx4.foobar.com.ar. bash-4.1$ host nolisting.foobar.com.ar nolisting.foobar.com.ar has address 66.135.41.29 bash-4.1$ telnet nolisting.foobar.com.ar 25 Trying 66.135.41.29... telnet: connect to address 66.135.41.29: Connection refused bash-4.1$ telnet mx1.foobar.com.ar 25 Trying 190.228.29.30... Connected to mx1.foobar.com.ar. Escape character is '^]'. 220 jgreylist v8 It does exist, but most of the MXes listed don't respond, and the ones that do run qmail. -- J.
Re: IPv4 relayhost only to be used for non-reachable IPv6 destinations?
On 05/18/2011 08:15 PM, evilgh...@packetmail.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/18/11 13:02, Wietse Venema wrote: The Postfix documentation only describes the features that are implemented. Therefore if you can't find something then you can safely assume that it is not supported. Dr. Venema, thank you for your reply. As IPv6 adoption is increased I can certainly see a need to segregate an IPv6 relayhost and an IPv4 relayhost, especially in configurations of internal cascaded MTAs acting as egress content inspectors (which may not be IPv6 enabled due to technical or implementation reasons). Perhaps if it is deemed valuable to other Postfix users this feature could be considered for inclusion in future branches. It would be valuable to not have an IPv4 defined relayhost being enforced/utilized for IPv6 capable traffic. Consider why you have set a global relayhost; apparently, you want ALL mail delivered via this one host. I also want mail that CAN be delivered over ipv6, to be delivered over ipv6 sounds like a conflicting requirement. If this relayhost has both A and records, the useful one would be chosen when delivering ipv[46]. -- J.
