Re: Postfix and Postgrey Part II
http://blog.minibofh.org/?p=45 -- I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain.
Wildcard certificate warning
Hi all, I've configured a TLS/SSL smtpd in a box as follows: # postconf -n | grep -i tls smtpd_tls_cert_file = /usr/local/home/example.com.crt smtpd_tls_key_file = /usr/local/home/example.com.key smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:/usr/local/etc/postfix/smtpd_cache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom The cert is a wildcard certificate for *.example.com. When the MUA (tested in Microsoft Outlook and Mazilla Thunderbird) tries to send email using this box, it show a warning about the cert. It happens when it try connection using STARTTLS (port 25) and also TLS/SSL (port 465). ¿Why? The box is named mai.example.com, so I understand a wildcard certificate (*.example.com) should be enough. -- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. Bene Gesserit Litany Against Fear.
Wildcard certificate warning
Hi all, I've configured a TLS/SSL smtpd in a box as follows: # postconf -n | grep -i tls smtpd_tls_cert_file = /usr/local/home/example.com.crt smtpd_tls_key_file = /usr/local/home/example.com.key smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:/usr/local/etc/postfix/smtpd_cache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom The cert is a wildcard certificate for *.example.com. When the MUA (tested in Microsoft Outlook and Mazilla Thunderbird) tries to send email using this box, it show a warning about the cert. It happens when it try connection using STARTTLS (port 25) and also TLS/SSL (port 465). ¿Why? The box is named mai.example.com, so I understand a wildcard certificate (*.example.com) should be enough. -- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. Bene Gesserit Litany Against Fear.
Selective alias depending on FROM?
Hi all, I've a PHP script which is executed by 'www-data' (the httpd user) local user in Debian GNU/Linux box. I use this smtpd box as massive mailing remainder to all of our costumers. Because of that I need to know the costumers haven't could be contacted, so I want to redirect these bounces to dedicated mailbox. That's easy: www:failed_deliv...@domain.com in aliases and rebuild the aliases. But the problem is local user 'www-data' executes a lof of scripts using smtpd and I don't want to redirecto all the bounces to mailbox failed_deliv...@domain.com. ¿Is there any way to establish some pattern disctintion? For example, let's to suppose that my massive mails are always generated with FROM: warni...@domain.com: ¿Can I set up www: failed_deliv...@domain.com in alias when _ONLY_ the FROM is warni...@domain.com? Thanks in advance.
Re: Selective alias depending on FROM?
On 04/07/2010 10:43 AM, Levente Birta wrote: I think it is easier to config the return path when you send the mails. Yes, it's easy to insert a mail header as ReturnPath when you build the warning mail using PHP, but I read in RFC2821: When the delivery SMTP server makes the final delivery of a message, it inserts a return-path line at the beginning of the mail data. This use of return-path is required; mail systems MUST support it. The return-path line preserves the information in the reverse- path from the MAIL command. Here, final delivery means the message has left the SMTP environment. Normally, this would mean it had been delivered to the destination user or an associated mail drop, but in some cases it may be further processed and transmitted by another mail system. I don't see cleary that it means the ReturnPath header is intended for what I'm looking for. Maybe I'm wrong, of course.
Re: load balancing among mail servers
Use your favorite load-balance app. You have several options in BSD or GNU/Linux flavors. Personally I use with total success LVS+heartbeat to load-balance 3 Posfifix (only to send) with 70k account behind. ;)
virtual(8) with content_filter ¿?
Hi all, In my master.cf I have: smtp inet n - n - - smtpd -o content_filter=filtres So, when mailserver recieves a mail, it passes through 'filter' (is a perl-based script which control the auto-reply, quota and anti-spam). Nice here. The problem comes when I need that auto-reply works also between two accounts of same domain (controled by mailserver, of course): - account a.domain.com -- send an email - account b.domain.com -- recieves email b.domain.com has the auto-reply active and it works fine when the sender is from anywhere but .domain.com. ¿How can I do to make content_filter works also with account of same domain? I suspect the problem is I use the virtual(8) as LDA and i don't see how apply 'content_filter=' parameter here. Thanks in advance. + info: # postconf -n bounce_queue_lifetime = 2d command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix home_mailbox = Maildir/ html_directory = no mail_owner = postfix mailbox_size_limit = 102400 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man maximal_queue_lifetime = 2d message_size_limit = 25600 mydomain = .xxx myhostname = xxx.. mynetworks_style = host newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = noverificar smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = check_sender_access hash:/usr/local/etc/postfix/bloquejats unknown_local_recipient_reject_code = 550 virtual_gid_maps = static:6 virtual_mailbox_base = /home/postfix virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 102400 virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 100 virtual_transport = virtual virtual_uid_maps = static:125 -- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. Bene Gesserit Litany Against Fear.
Re: virtual(8) with content_filter ??
On 02/01/2010 01:14 PM, Wietse Venema wrote: Jordi Espasa Clofent: Hi all, In my master.cf I have: smtp inet n - n - - smtpd -o content_filter=filtres All mail that arrives via smtpd is filtered, even if it is sent between local users, or users in the same domain. If some mail is not filtered, then it did not arrive via smtpd. Thanks for response Wietse. I suspect that I'm missing something essential. - 4...@dadprod01.mcario.com - the sender - 9...@dadprod01.mcario.com - the receipt with auto-reply enabled maillog shows: [...] Feb 1 13:24:36 dadprod01 postfix/smtpd[21930]: connect from 62.Red-217-126-43.staticIP.rima-tde.net[xxx.xxx.xxx.xxx] Feb 1 13:24:37 dadprod01 postfix/smtpd[21930]: 9EFB0DA8F4: client=62.Red-217-126-43.staticIP.rima-tde.net[xxx.xxx.xxx.xxx], sasl_method=CRAM-MD5, sasl_username=a...@noverificar Feb 1 13:24:37 dadprod01 postfix/cleanup[21934]: 9EFB0DA8F4: message-id=4b66c804.2050...@dadprod01.mcario.com Feb 1 13:24:37 dadprod01 postfix/qmgr[7392]: 9EFB0DA8F4: from=4...@dadprod01.mcario.com, size=656, nrcpt=1 (queue active) Feb 1 13:24:37 dadprod01 postfix/smtpd[21930]: disconnect from 62.Red-217-126-43.staticIP.rima-tde.net[xxx.xxx.xxx.xxx] Feb 1 13:24:38 dadprod01 filtres.pl[21937]: from=4...@dadprod01.mcario.com to=9...@dadprod01.mcario.com antispam=smtp antivirus=smtp autoreply=smtp delays=0/0/0 Feb 1 13:24:38 dadprod01 postfix/smtpd[21939]: connect from localhost..[127.0.0.1] Feb 1 13:24:38 dadprod01 postfix/smtpd[21939]: 0852CDA8F5: client=localhost..[127.0.0.1] Feb 1 13:24:38 dadprod01 postfix/cleanup[21934]: 0852CDA8F5: message-id=4b66c804.2050...@dadprod01.mcario.com Feb 1 13:24:38 dadprod01 postfix/qmgr[7392]: 0852CDA8F5: from=4...@dadprod01.mcario.com, size=840, nrcpt=1 (queue active) Feb 1 13:24:38 dadprod01 postfix/smtpd[21939]: disconnect from localhost..[127.0.0.1] Feb 1 13:24:38 dadprod01 postfix/pipe[21936]: 9EFB0DA8F4: to=9...@dadprod01.mcario.com, relay=filtres, delay=0.61, delays=0.27/0.01/0/0.32, dsn=2.0.0, status=sent (delivered via filtres service) Feb 1 13:24:38 dadprod01 postfix/qmgr[7392]: 9EFB0DA8F4: removed Feb 1 13:24:38 dadprod01 postfix/virtual[21940]: 0852CDA8F5: to=9...@dadprod01.mcario.com, relay=virtual, delay=0.13, delays=0.11/0.02/0/0.01, dsn=2.0.0, status=sent (delivered to maildir) Feb 1 13:24:38 dadprod01 postfix/qmgr[7392]: 0852CDA8F5: removed (...) ¿? -- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. Bene Gesserit Litany Against Fear.
Re: virtual(8) with content_filter ??
If the content filter does not produce auto-replies between users in the same domain, then that is a bug in the content filter. Completey clear now. Thanks for aclaration. -- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. Bene Gesserit Litany Against Fear.
Re: OT: need some advice as to distro
Always is the same: the best option is the best for you needs. So, the best could be any distro that you feel comfortable with. Obviously there're out there some distros which are server-oriented (CentOS, Debian) or desktop-oriented and so on, but really it doesn't matter. Choose your favorite one and do your job. The main important thing it's not the underlaying SO, it's to understand and master the smptd (Postfix) and popd/imapd (Dovecot). Personally I prefer BSD systems. -- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. Bene Gesserit Litany Against Fear.
Re: Don't filter the users
You can tell the users that the submission port gets a better level of service than port 25, because they share that port with spammers. As you pointed out in your original email, they would be subject to less filtering, and therefore there would be less delay, less false positives, and so on. I agree. That's the best option and it's a good solution in technical and commercial terms. -- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. Bene Gesserit Litany Against Fear.
Don't filter the users
Hi all, I've a Postfix working with Perl-based filter. All works fine, but I don't want filter the legitimate users (who are authenticated using SASL) when they want to do massive mailing using their e-mail client (ThunderBird, Outlook... and so on). I can do it easily hacking the actual Perl filers code, but I wonder if it is possible at Postfix level. Imagine that: * if the smtpd connection is not SASL auth match, pass through the filter * if the smtpd connection _is_ SASL auth match (so, I consider it a legitimate user connection), not pass through the filter ¿Can I do it? ¿How? -- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. Bene Gesserit Litany Against Fear.
Re: Don't filter the users\
That is easy. Have your users connect to the submission port, and let everyone else connnect to the smtp port. Then, specify =o content_filter=whatever for the smtp port and not for the submission port. Yes Wietse, I've considered this simple and clean option, but we're a hosting company and the costumers are to lazy to understand and accept an approach like this. If you are taking in all mail on port 25 then you are making mail handling more complicated than it needs to be. I agree... but ¿is there no more alternatives? Maybe if I want all mail on port 25, I have to hack the Perl filter code and working on this level, not in Postfix level. -- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. Bene Gesserit Litany Against Fear.
Re: Looking for opinions on FreeBSD OS for Postfix
* Guy wyldf...@gmail.com: I'm considering FreeBSD as an alternative, but I was wondering what people think of FreeBSD as a platform for Postfix. It's obviously not as easy to maintain as Ubuntu, but it does have a reputation for stability. Any thoughts, recommendations or experiences would be appreciated. 85.000 aprox. mail account here (spanish web-hosting company) using: * 25 FreeBSD 7.x as reception-only mailservers (3500 accounts per server aprox) * 3 FreeBSD 6.x as sending-only mailserver Works like a charm. Postfix+FreeBSD it's an amazing combination. Some considerations: * Branch 7.x it's more superior than 6.x in networking performance. * UFS2 it's good, but sometimes it's a bottleneck (especially if your're using a sof-RAID as gmirror(8). It's a good thing to tune FS. -- Thanks, Jordi Espasa Clofent
Re: nobody is going to write a new MTA
mouss escribió: the OpenBSD guys take this a bit too aggressively. on the other hand, this approach has resulted in good software (the so-called OpenBSD pf is a good example, although the story was special). Well, I would say 'coherently instead of 'aggressively' +info: http://www.openbsd.org/policy.html http://www.openbsd.org/faq/faq1.html#HowAbout And yes, the history behind PF origin is curious at least. -- Thanks, Jordi Espasa Clofent
No filters for authenticated users
Hi all, I want to the authenticated users (who are authenticated using SASL2 and SQL backend) don't pass to several filters detailed in master.cf file; on the other hand, I want to still using the same filter for all the remain world. My first thought has been to create another smtpd daemon in master.cf which uses other port, and not put any filter on it. ¿Another approach to this issue? -- Thanks, Jordi Espasa Clofent
More questions about anvil(8)
Hello list, I'm very close to finish the configuration of anvil(8) on my Postfix servers according my needs. One more question (related to http://marc.info/?l=postfix-usersm=122538095412823w=2.) here. When anvil(8) rejects a message because of it has exceeded the restrictions (smtpd_client_connection_rate_limit or smtpd_client_recipient_rate_limit in my case) ¿how can I know _when_ the SMTP sender will try to deliver the rejected message again? I can ask it in another way ¿how many time the anvil(8) rejects the offender SMTP deliveries? I can see in SMTP-sender logs that it try to deliver again an again, but SMTP-reciever (with anvil(8), of course) rejects it. -- Thanks, Jordi Espasa Clofent
smtpd_client_recipient_rate_limit
Hi all, My server has the next anvil(8) config: smtpd_client_connection_rate_limit = 100 smtpd_client_recipient_rate_limit = 20 It works fine, and when I test it from another SMTP (sending a mail to 30 recipients) the logs shows cleary: Oct 30 15:55:00 mail09 postfix/smtpd[11279]: warning: Recipient address rate limit exceeded: 21 from opengea.org[85.48.253.234] for service smtp Oct 30 15:55:00 mail09 postfix/smtpd[11279]: warning: Recipient address rate limit exceeded: 22 from opengea.org[85.48.253.234] for service smtp Oct 30 15:55:00 mail09 postfix/smtpd[11279]: warning: Recipient address rate limit exceeded: 23 from opengea.org[85.48.253.234] for service smtp Oct 30 15:55:00 mail09 postfix/smtpd[11279]: warning: Recipient address rate limit exceeded: 24 from opengea.org[85.48.253.234] for service smtp Oct 30 15:55:00 mail09 postfix/smtpd[11279]: warning: Recipient address rate limit exceeded: 25 from opengea.org[85.48.253.234] for service smtp Oct 30 15:55:00 mail09 postfix/smtpd[11279]: warning: Recipient address rate limit exceeded: 26 from opengea.org[85.48.253.234] for service smtp Oct 30 15:55:00 mail09 postfix/smtpd[11279]: warning: Recipient address rate limit exceeded: 27 from opengea.org[85.48.253.234] for service smtp Oct 30 15:55:00 mail09 postfix/smtpd[11279]: warning: Recipient address rate limit exceeded: 28 from opengea.org[85.48.253.234] for service smtp Oct 30 15:55:00 mail09 postfix/smtpd[11279]: warning: Recipient address rate limit exceeded: 29 from opengea.org[85.48.253.234] for service smtp Oct 30 15:55:00 mail09 postfix/smtpd[11279]: warning: Recipient address rate limit exceeded: 30 from opengea.org[85.48.253.234] for service I see maillog and mailboxes and I sww that the test mail has been delivered to the first 20 recipients according the anvil(8) config. But ¿what happens with the 10 last ones? ¿The sender MTA re-send the complete mail (with 30 recipients again) or the non-delivered mail part (with the 10 last ones)? ¿The sender MTA send any notification to the sender account? -- Thanks, Jordi Espasa Clofent
anvil(8) and RBLs
Hi all, I use RBLs as you can see: smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client list.dsbl.org Moreover, I use anvil(8) with smtpd_client_connection_rate_limit = 100 smtpd_client_recipient_rate_limit = 20 My question is: ¿Does work anvil(8) _before_ or _after_ the RBLs restrictions? Consider the next scenario: SMTP client sends to your Postfix a message which * is included in some RBLs which you use * overtake the number of recipient establish by $smtpd_client_recipient_rate_limit ¿Who will rejected the mail, RBLs restriction or anvil(8) restriction -- Thanks, Jordi Espasa Clofent