Re[3]: Try delivery to backup MX if smtp greeting fail - SOLVED
Dne 17.11.2014 v 19:43 Michal Kurka napsal(a): > Dne 17.11.2014 v 19:05 Noel Jones napsal(a): > > > http://www.postfix.org/postconf.5.html#smtp_mx_address_limit > > http://www.postfix.org/postconf.5.html#smtp_mx_session_limit > > Thanks for tips. For "smtp_mx_address_limit" I use default value "5", so > it isn't helpful. But "smtp_mx_session_limit" has default value "2". I > will try raise it. It's a little different. I read documentation again. Correctly is really "smtp_mx_address_limit". I use: smtp_mx_address_limit = 20 Now Postfix try delivery to all MX. Solved. Thanks! Respectfully -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
Re[2]: Try delivery to backup MX if smtp greeting fail
Dne 17.11.2014 v 18:51 Wietse Venema napsal(a): > Michal Kurka: > > transport_maps = hash:/etc/postfix/transport > > Do you have transport map entries for destination.cz? No. - :~ # cat /etc/postfix/transport relay1.cz smtp:[other.time.cz] relay2.cz smtp:[other.time.cz] - Dne 17.11.2014 v 19:05 Noel Jones napsal(a): > http://www.postfix.org/postconf.5.html#smtp_mx_address_limit > http://www.postfix.org/postconf.5.html#smtp_mx_session_limit Thanks for tips. For "smtp_mx_address_limit" I use default value "5", so it isn't helpful. But "smtp_mx_session_limit" has default value "2". I will try raise it. -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
Try delivery to backup MX if smtp greeting fail
Hello.
I send mails to badly (but apparently RFC compliant) destination.
MX of destination are:
-
:~ # host -t mx destination.cz
destination.cz mail is handled by 10 cax.destination.cz.
destination.cz mail is handled by 20 cbx.destination.cz.
destination.cz mail is handled by 30 ccx.destination.cz.
destination.cz mail is handled by 40 cdx.destination.cz.
-
Hosts have IPs:
-
:~ # host cax.destination.cz.
cax.destination.cz has address 1.2.3.4
cax.destination.cz has address 5.6.7.8
:~ # host cbx.destination.cz.
cbx.destination.cz has address 11.22.33.44
cbx.destination.cz has address 55.66.77.88
-- etc. -
After connect to 1.2.3.4, SMTP server reply "421 Service temporarily not
available" (before HELO/EHLO) and immediately close connection. But
Postfix don't try 5.6.7.8 or 11.22.33.44 or 55.66.77.88 and the mail stay
in a queue as deferred. Next delivery attempt (after about 20 minutes) is
again to 1.2.3.4.
I think Postfix should try delivery to 5.6.7.8 etc. according to
"http://www.postfix.org/postconf.5.html#smtp_skip_4xx_greeting";. Why not?
=
My configuration:
Debian 7
Postfix 2.9.6
:~ # postconf -n
address_verify_map = btree:${data_directory}/verify.btree
address_verify_negative_expire_time = 10m
address_verify_negative_refresh_time = 1m
address_verify_poll_delay = 6s
address_verify_positive_expire_time = 10d
address_verify_positive_refresh_time = 7d
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 1m
anvil_status_update_time = 1h
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
delay_warning_time = 24h
dovecot_destination_recipient_limit = 1
inet_protocols = ipv4
mailbox_size_limit = 1073741824
message_size_limit = 20971520
mydestination = $myhostname
myhostname = my.time.cz
mynetworks = 127.0.0.0/8, 7.9.1.9
r_urban = check_sender_access hash:/etc/postfix/urban_send
relay_domains = relay1.cz relay2.cz
relayhost =
smtp_helo_name = $myhostname
smtp_tls_security_level = may
smtpd_client_connection_rate_limit = 3000
smtpd_client_event_limit_exceptions =
smtpd_client_message_rate_limit = 3000
smtpd_client_recipient_rate_limit = 6000
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/access_send_cz, check_client_access
cidr:/etc/postfix/access_client_whtlst, check_recipient_access
hash:/etc/postfix/access_rcpt, reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org, reject_rbl_client xbl.spamhaus.org
smtpd_hard_error_limit = 3
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination, reject_unknown_recipient_domain,
reject_unlisted_recipient, reject_unverified_recipient
smtpd_restriction_classes = r_urban
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sender_restrictions = reject_unknown_sender_domain, check_sender_access
hash:/etc/postfix/access_send, check_client_access
cidr:/etc/postfix/access_client_whtlst, check_recipient_access
hash:/etc/postfix/access_rcpt, reject_unverified_sender
smtpd_soft_error_limit = 1
smtpd_tls_cert_file = /etc/postfix/server.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
transport_maps = hash:/etc/postfix/transport
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_mailbox_domains = /etc/postfix/virtual_domains
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_transport = dovecot
=
Thank you for your response in advance
--
Michal Kurka - Mysak
sluzby spojene s operacnim systemem Linux
Re[2]: Disable check sender address syntax
Dne 1.11.2012 v 09:37 Claus Assmann napsal(a): > >address. It always send MAIL FROM: <@168.1.150> > > Which also has a command syntax error: space after colon is invalid. Yes. Fortunately Postfix this tolerates. Dne 1.11.2012 v 16:48 Viktor Dukhovni napsal(a): > > But is some solution for Postfix version <2.7 (and >2.1), if upgrade > > isn't possible? > > Upgrades are always *possible*. You just need to be sufficiently > motivated. Which is more pain, rejecting the mail, or doing the > upgrade? It's true. But sometimes this stance isn't good. Dne 1.11.2012 v 17:57 Reindl Harald napsal(a): > > But is some solution for Postfix version <2.7 (and >2.1), if upgrade > > isn't possible? > > why should a upgrade not be possible? If server has older system, then upgrade means either reinstall whole server or compile new version Postfix and hope no earlier glibc needed - both variants expensive for me. > > Bad mail client is encapsulated in a proprietary application. > > make a bug-report at the company who is responsible > for this useless crap with silly defaults and lack > of configuration Yes, of course bug-report was created before one year. Author of application is too big company and I too small company. Official answer is - with Gmail no problem. I like Postfix more than Gmail ;-) -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
Re: Disable check sender address syntax
Dne 1.11.2012 v 15:56 Viktor Dukhovni napsal(a): > > I need accept incoming mails with invalid envelope sender address. But > > Postfix reject these mails: > > > > MAIL FROM: <@168.1.150> > > 501 5.1.7 Bad sender address syntax > > http://www.postfix.org/postconf.5.html#smtpd_command_filter Yes, nice solution, thanks for a link! But is some solution for Postfix version <2.7 (and >2.1), if upgrade isn't possible? Dne 1.11.2012 v 17:01 Reindl Harald napsal(a): > >> add [] around hostname > >> > >> sillyexample@[127.0.0.1] > > > > Unfortunately I cannot set up that mail client which sending this ugly > > address. It always send MAIL FROM: <@168.1.150> > > why not? are you not the admin of this client? Bad mail client is encapsulated in a proprietary application. Dne 1.11.2012 v 17:32 Benny Pedersen napsal(a): > > Unfortunately I cannot set up that mail client which sending this ugly > > address. It always send MAIL FROM: <@168.1.150> > > and telnet 168.1.150 25 works ? > have you invented ipv3 for mobilephones ? :) Yes, author of mail client had a sense of humor :-) > it should be possible to make it contain valid sender address Yes, should be. But it isn't :-( -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
Re: Disable check sender address syntax
Dne 1.11.2012 v 16:18 Benny Pedersen napsal(a): > Michal Kurka skrev den 01-11-2012 16:05: > > Hello. > >I need accept incoming mails with invalid envelope sender address. But > > Postfix reject these mails: > > > > MAIL FROM: <@168.1.150> > > 501 5.1.7 Bad sender address syntax > > add [] around hostname > > sillyexample@[127.0.0.1] Unfortunately I cannot set up that mail client which sending this ugly address. It always send MAIL FROM: <@168.1.150> -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
Disable check sender address syntax
Hello. I need accept incoming mails with invalid envelope sender address. But Postfix reject these mails: MAIL FROM: <@168.1.150> 501 5.1.7 Bad sender address syntax I used "sender_canonical_maps" with record @168.1.150 u...@domain.tld but this isn't enough. (In old version Postfix (2.1.5) it was enough.) How can I solve this now? With regards -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
Re: Virtual transport local delivery without bounce
Dne 21.9.2012 v 06:55 Wietse Venema napsal(a): > > I'm viewing "http://www.postfix.org/OVERVIEW.html#delivering";. The > > local(8) and virtual(8) are at the same level. Why local(8) return > > SMTP-error and virtual(8) generate bounce mail? > > ALL Postfix delivery agents generate a bounce message upon permanent > delivery error. No exceptions. But if mail is receiving by smtpd(8) for local delivering (e.g. because domain recipient address is in "mydestination") and is used local transport local(8) and local user not exists, then return SMTP-error to SMTP-client, no bounce mail generated. > > So how to solve it? There is "address_verify_virtual_transport". May > > be use external program for "address_verify_virtual_transport" returning > > error if mail is not deliverable. Anyone have experience with this? > However address verification cannot report errors that can only be > discovered by actually delivering mail (mailbox file permission > error, command in .forward file does not exist, etc.). It's good > for "user unknown" or "host unknown" errors. Oh, yes, cannot report errors. How do I a test of my script for local delivering whether mail is deliverabled? I can use "check_policy_service" in "smtpd_*_restrictions". But I need use it at the moment when it's determined that mail is for a local delivering (no relay etc.). -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
Re: Virtual transport local delivery without bounce
Dne 19.9.2012 v 19:37 Viktor Dukhovni napsal(a):
> On Wed, Sep 19, 2012 at 07:46:06PM +0200, Michal Kurka wrote:
>
> > Hello.
> >
> > I use virtual_transport and my own script for local delivery:
> >
> > main.cf:
> > virtual_mailbox_maps = hash:/etc/postfix/vmailbox
> > virtual_transport = locdel
> >
> > master.cf:
> > locdel unix - n n - - pipe
> > flags=DRXhu user=vmail:vmail
> > argv=/usr/local/bin/MailDelivery.sh ${sender} ${recipient}
>
> If this script is delivering mail to per-user mailboxes, it generally
> cannot do so atomically when the same message arrives for multiple
> users. Therefore it is generally necessary to set the recipient limit
> for this transport to 1.
>
> locdel_destination_recipient_limit = 1
Yes, I know about it, I've had it set.
> > If a mail is arriving from smtpd(8) for local delivery via "locdel" and
> > "MailDelivery.sh" return error, then mail remains in local queue (if
> > temporary error) or generate bounce mail.
> > I need to return SMTP-error to sender server without put in local
> > queue as well as local(8). Is it possible?
>
> No. Postfix delivery is asynchronous.
> http://www.postfix.org/OVERVIEW.html
I'm viewing "http://www.postfix.org/OVERVIEW.html#delivering";. The
local(8) and virtual(8) are at the same level. Why local(8) return
SMTP-error and virtual(8) generate bounce mail?
I tried turn on debug (with debug_peer_level and debug_peer_list). I added
"reject_unverified_recipient" to "smtpd_recipient_restrictions". I see in
maillog that verify(8) tests deliverability using only lookup in
"/etc/postfix/vmailbox", no test execute locdel-transport. This is
logical, because executing a final delivery program causes a delivery
process.
So how to solve it? There is "address_verify_virtual_transport". May
be use external program for "address_verify_virtual_transport" returning
error if mail is not deliverable. Anyone have experience with this?
--
Michal Kurka - Mysak
sluzby spojene s operacnim systemem Linux
Virtual transport local delivery without bounce
Hello.
I use virtual_transport and my own script for local delivery:
main.cf:
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_transport = locdel
master.cf:
locdel unix - n n - - pipe
flags=DRXhu user=vmail:vmail
argv=/usr/local/bin/MailDelivery.sh ${sender} ${recipient}
If a mail is arriving from smtpd(8) for local delivery via "locdel" and
"MailDelivery.sh" return error, then mail remains in local queue (if
temporary error) or generate bounce mail.
I need to return SMTP-error to sender server without put in local
queue as well as local(8). Is it possible?
With regards
--
Michal Kurka - Mysak
sluzby spojene s operacnim systemem Linux
Re: Get username of local user from recipient address
Dne 29.12.2009 v 10:17 Serge Fonville napsal(a): > Can't you just use virtual alias maps based on an external service for > this purpose? > For example in case of mysql you can create a stored procedure that > 'logs' when the resultset is empty Yes, this is a good idea. But I need a solution independent on used address mapping system on specific server. I administrate many MTA-serveres and on some isn't posible use MySQL or other external service. -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
Re: Get username of local user from recipient address
Dne 28.12.2009 v 17:49 Wietse Venema napsal(a): > Michal Kurka: > > > Because I have not got any answer, I tried trace an internal communication > > between postfix'es processes via UNIX-sockets. I discovered that > > "trivial-rewrite" only specifies transport or does a canonicalizing. > > Process "verify" right tell that recipient address is alias to a > > concrete username. If recipient is aliased to more users, all usernames > > is announced. > > Now I'm trying use "verify" for my business. If simply execute > > "verify", it ends with error message in Log "fatal: service verify > > requires a process limit of 1". > > Sorry, you are playing with Postfix-internal interfaces. Use of > these by non-Postfix programs is UNSUPPORTED meaning that it can > break even after minor Postfix release changes. I aware of this. But do I have any other option? Unfortunately I haven't got any suggestion from anybody :-( -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
Re: Get username of local user from recipient address
Dne 9.12.2009 v 09:45 Michal Kurka napsal(a): > Dne 6.12.2009 v 10:41 Michal Kurka napsal(a): > > > I need resolve whether incoming mail for the recipient accept or defer > > or reject according to some rule of local username(s) (of course, if the > > recipient corresponds to local username), before SMTP-command DATA. > > My idea is create own policy service. But I don't known how get > > username of local user (or list of users) for recipient address. > > I think, I can use internal Postfix's programs "trivial-rewrite" or > "verify". But there are no detail documentation for external usage. Maybe > somewhere exists documentation for developers, I don't known. > Prior to I will begin study source code of Postfix and experiment with > Postfix's programs via UNIX-sockets, I shall be happy to any information. Because I have not got any answer, I tried trace an internal communication between postfix'es processes via UNIX-sockets. I discovered that "trivial-rewrite" only specifies transport or does a canonicalizing. Process "verify" right tell that recipient address is alias to a concrete username. If recipient is aliased to more users, all usernames is announced. Now I'm trying use "verify" for my business. If simply execute "verify", it ends with error message in Log "fatal: service verify requires a process limit of 1". -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
Re: deferring mail for some time for quota exceeded users
Dne 12.12.2009 v 15:03 prasanna napsal(a): > i have installed postfix 2.6.5, it is working fine. I am using > dovecot IMAP server, where i have limited user mailbox size to 5MB. Whenever > user quota is exceeded, Postfix sends failure bounce template mail to the > sender immediately indicating Disk Quota exceeded message. But i want the > mail to be stored or queued, so that the mail can be delivered to user either > by increasing the his quota for time being or user itself deleting some mails > in his inbox so that the new queued mail is delivered to him. Can anyone > suggest how to do this. Yes, I would like it also. I'm afraiding, there is no configuraion option (for 'main.cf') for set of behaviour of "mailbox_size_limit". I think about to create own policy daemon for a solution of local users limits and settings. But I don't known how get local username from recipient address yet (see http://archives.neohapsis.com/archives/postfix/2009-12/0191.html). -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
Re: sane filesystem quotas with maildir
Dne 18.12.2009 v 10:46 Wietse Venema napsal(a): > > As there is no exit code to tell postfix that delivery failed due to > > quota issues, is there any other way to insert a hook which checks and > > rejects on a per-user basis after we know the size of the message, and > > can tell postfix to return a 5.2.2 DSN? > > With the pipe-to-command/exit-status protocol, the only way to > flag an hard error is by exiting with a status that reports a > hard error, or by sending something to stdout that begins with > a 5.2.2 status code. I think, if command from 'pipe' exit with error, then a mail remains in mail queue on local MTA. So there is no chance send 4xx or 5xx SMTP-code to sender MTA, because SMTP-communication with him is closed already. -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
Re: deleting attachments
Dne 14.12.2009 v 09:16 Lucian @ lastdot.org napsal(a): > I need to delete all attachments from emails at server level. I'm > using stock postfix in Centos 5 (v 2.3.3). > I found renattach (http://www.pc-tools.net/unix/renattach/), but this > software seems to have been discontinued and the author does not > recommend it anymore. > Can you recommend another method of deleting attachments? I use: postfix content_filter -> my shell-script -> ripmime -> postfix-sendmail Programm 'ripmime' split mail into files - one file is one MIME-part (plain text body, attachments files,...). But for only delete attachments maybe there is exists more elegant and simpler method (programm) than with 'ripmime'. -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
Re: Get username of local user from recipient address
Dne 6.12.2009 v 10:41 Michal Kurka napsal(a): > I need resolve whether incoming mail for the recipient accept or defer > or reject according to some rule of local username(s) (of course, if the > recipient corresponds to local username), before SMTP-command DATA. > My idea is create own policy service. But I don't known how get > username of local user (or list of users) for recipient address. I think, I can use internal Postfix's programs "trivial-rewrite" or "verify". But there are no detail documentation for external usage. Maybe somewhere exists documentation for developers, I don't known. Prior to I will begin study source code of Postfix and experiment with Postfix's programs via UNIX-sockets, I shall be happy to any information. With regards -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
Get username of local user from recipient address
Hello. I need resolve whether incoming mail for the recipient accept or defer or reject according to some rule of local username(s) (of course, if the recipient corresponds to local username), before SMTP-command DATA. My idea is create own policy service. But I don't known how get username of local user (or list of users) for recipient address. For replies in advance thanks -- Michal Kurka - Mysak sluzby spojene s operacnim systemem Linux
