Re: Advice Needed / .NET Postfix Control
Hi, From your mail it seems you desire a backend that can handle all that, you should be able to setup postfix to retrieve its users from AD. HTH Kind regards/met vriendelijke groet, Serge Fonville http://www.sergefonville.nl Convince Microsoft! They need to add TRUNCATE PARTITION in SQL Server https://connect.microsoft.com/SQLServer/feedback/details/417926/truncate-partition-of-partitioned-table 2013/5/21 Greg Deward greg.dew...@gmail.com NEWBIE WARNING: I have never used Postfix and am not a Linux guru. Please be gentile. Is there an existing .NET library (DLL, etc.) for controlling Postfix? If not, is there an existing API for applications that are NOT running on the same server as Postfix? More specifically, I have a need for creating users, deleting users, changing passwords, and the like. I have been tasked with implementing an Ubuntu mail server and tying it into our custom ERP application (written in ASP.NET MVC and running on Windows). The goal is to be able to dynamically create user accounts, leverage them for a period of time, and then shut them down when a project is finished. Thank you, in advance, for any assistance you may provide. - G. Deward
Re: Advice Needed / .NET Postfix Control
Ah, ok. Well you can run OpenLDAP (for example) as a backend in the same way you could use AD. Postfix can use multiple backends depending on your needs. What requirements do you have? Kind regards/met vriendelijke groet, Serge Fonville http://www.sergefonville.nl Convince Microsoft! They need to add TRUNCATE PARTITION in SQL Server https://connect.microsoft.com/SQLServer/feedback/details/417926/truncate-partition-of-partitioned-table 2013/5/21 Greg Deward greg.dew...@gmail.com Sorry... should have specified... cannot integrate with AD or the Microsoft environment. This needs to remain entirely stand-alone. This means our member base will be stored in the application's database and we will need to call out to Postfix to manually perform account provisioning and the like. - G. Deward On May 21, 2013, at 2:18 PM, Serge Fonville serge.fonvi...@gmail.com wrote: Hi, From your mail it seems you desire a backend that can handle all that, you should be able to setup postfix to retrieve its users from AD. HTH Kind regards/met vriendelijke groet, Serge Fonville http://www.sergefonville.nl Convince Microsoft! They need to add TRUNCATE PARTITION in SQL Server https://connect.microsoft.com/SQLServer/feedback/details/417926/truncate-partition-of-partitioned-table 2013/5/21 Greg Deward greg.dew...@gmail.com NEWBIE WARNING: I have never used Postfix and am not a Linux guru. Please be gentile. Is there an existing .NET library (DLL, etc.) for controlling Postfix? If not, is there an existing API for applications that are NOT running on the same server as Postfix? More specifically, I have a need for creating users, deleting users, changing passwords, and the like. I have been tasked with implementing an Ubuntu mail server and tying it into our custom ERP application (written in ASP.NET http://asp.net/ MVC and running on Windows). The goal is to be able to dynamically create user accounts, leverage them for a period of time, and then shut them down when a project is finished. Thank you, in advance, for any assistance you may provide. - G. Deward
Re: Advice Needed / .NET Postfix Control
A few challenges then I suspect. Postfix does SMTP, you need a different service for IMAP It is likely easier (to maintain) a full solution (i.e. zarafa, zimbra) instead of a combination of services (postfix/dovecot) The point you make about low maintenance complicates things especially since there are multiple components that make up a solution. HTH Kind regards/met vriendelijke groet, Serge Fonville http://www.sergefonville.nl Convince Microsoft! They need to add TRUNCATE PARTITION in SQL Server https://connect.microsoft.com/SQLServer/feedback/details/417926/truncate-partition-of-partitioned-table 2013/5/21 Greg Deward greg.dew...@gmail.com In our conversations, the overall goal was to have a stand-alone mail server running Ubuntu and whatever mail packages are installed in [as close to default as possible] configuration. The server should remain isolated and not be connected to any other box or resource. We would call into it programmatically for all administrative functions. Since we are a Microsoft shop, there is an overwhelming concern (read fear) that we will be less qualified to maintain the platform as we add other services to the mix... in essence, we need to keep the overall mail platform as simplistic as possible to increase the chance that our folks can maintain it with ease. Unless an LDAP server was an absolute requirement for Postfix we could not look at it. And, more than likely, if it was a requirement, we would probably look to a different product. Early on in this project we were given a requirement to allow our members the ability to receive messages from our server via IMAP. Someone assumed writing an IMAP server service would be simple and that we would have the cycles to do so. Over time we have discouraged this and tried to find another IMAP service that will be able to marshal and deliver our messages to the client. This was unsuccessful. Postfix, and a simple server like Ubuntu, seems like the easiest method for dropping in a box that can receive messages and allow a standard email client to pull them down. Ultimately, it would be great to find an IMAP Server Service to negotiate the client calls act as a proxy to our application. Until then, Postfix appears to be the path we are on. I hope this helps. - G. Deward On May 21, 2013, at 2:32 PM, Serge Fonville serge.fonvi...@gmail.com wrote: Ah, ok. Well you can run OpenLDAP (for example) as a backend in the same way you could use AD. Postfix can use multiple backends depending on your needs. What requirements do you have? Kind regards/met vriendelijke groet, Serge Fonville http://www.sergefonville.nl Convince Microsoft! They need to add TRUNCATE PARTITION in SQL Server https://connect.microsoft.com/SQLServer/feedback/details/417926/truncate-partition-of-partitioned-table 2013/5/21 Greg Deward greg.dew...@gmail.com Sorry... should have specified... cannot integrate with AD or the Microsoft environment. This needs to remain entirely stand-alone. This means our member base will be stored in the application's database and we will need to call out to Postfix to manually perform account provisioning and the like. - G. Deward On May 21, 2013, at 2:18 PM, Serge Fonville serge.fonvi...@gmail.com wrote: Hi, From your mail it seems you desire a backend that can handle all that, you should be able to setup postfix to retrieve its users from AD. HTH Kind regards/met vriendelijke groet, Serge Fonville http://www.sergefonville.nl Convince Microsoft! They need to add TRUNCATE PARTITION in SQL Server https://connect.microsoft.com/SQLServer/feedback/details/417926/truncate-partition-of-partitioned-table 2013/5/21 Greg Deward greg.dew...@gmail.com NEWBIE WARNING: I have never used Postfix and am not a Linux guru. Please be gentile. Is there an existing .NET library (DLL, etc.) for controlling Postfix? If not, is there an existing API for applications that are NOT running on the same server as Postfix? More specifically, I have a need for creating users, deleting users, changing passwords, and the like. I have been tasked with implementing an Ubuntu mail server and tying it into our custom ERP application (written in ASP.NET http://asp.net/ MVC and running on Windows). The goal is to be able to dynamically create user accounts, leverage them for a period of time, and then shut them down when a project is finished. Thank you, in advance, for any assistance you may provide. - G. Deward
Re: Mail archiving user to store mail on maildir and not at DB
Hi Janantha, I have configured a mail system on Zarafa (collaboration platform). In that mails are stored on the mysql db. What i want to do is to use always_bcc and send all sent/recieved mail on postfix to a particular user but the mail to be stored on maildir format. Is this possible to do? I tried virtualmailbox maps but it didnt work. Zarafa has documentation on how to use maildir format instead of MySQL to store mails. Please see the Zarafa wiki and Server manual for the required information. You still need MySQL since Zarafa also supports features not provided through postfix. Since this is a feature more related to Zarafa than to postfix. It is likely better to ask this question on the Zarafa forums. If they refer you to this mailinglist, please add a link to the thread and also add the required information as per the welcome message HTH Kind regards/met vriendelijke groet, Serge Fonville http://www.sergefonville.nl Convince Google!! They need to add GAL support on Android (star to agree) http://code.google.com/p/android/issues/detail?id=4602
Re: asterisks in smtp banner
Thanks for the reply How do I assure that the normal text is displayed instead of the asterisks? Well, ask the administrator of network to disable cisco smtp fixup? Turn off the SMTP protocol fixup in the Pix. I also found that as a solution. Unfortunately there is no pix in between. Only an ASA. I also found it might be related to inspect on ASAs, but again this is not enabled. http://www.binarywar.com/2009/11/cisco-pixasa-causes-smtp-banner-corruption/ Note that other end might also use cisco asa or pix before mailserver. Yes, I thought of that right after I clicked send. Thanks all Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: virtual_alias_maps mysql
On Fri, Jan 29, 2010 at 9:19 AM, Bradley Giesbrecht bradley.giesbre...@gmail.com wrote: On Jan 28, 2010, at 12:35 PM, Serge Fonville wrote: Hi, I using virtual_alias_maps with mysql for storage. Working fine. Does anyone have a suggestion on how to update a timestamp field in the mysql table when postfix finds a virtual_alias_maps match? I'm looking for a way to measure alias usage and cull unused aliases. Have you considered a stored procedure? I have but was hoping for something simpler like I do with dovecot deliver where you create a script that calls deliver after you do what you want for logging and then name your script in something like deliver_exec = script. Might be wrong with the names but thats more or less what takes place. I'd prefer to keep as much of this type of thing in the config files. It seems to be easier to quickly see what's up when there is a problem. I'll try the stored procedure if nothing more attractive turns up. Well, possibly you could edit your transport to use a script and pass all the relevant variables to it, it can then also do an insert on your database. -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: virtual_alias_maps mysql
On Fri, Jan 29, 2010 at 2:51 PM, Brian Evans - Postfix List grkni...@scent-team.com wrote: On 1/29/2010 2:41 AM, Serge Fonville wrote: On Thu, Jan 28, 2010 at 10:40 PM, Brian Evans - Postfix List grkni...@scent-team.com wrote: On 1/28/2010 4:12 PM, Serge Fonville wrote: I using virtual_alias_maps with mysql for storage. Working fine. Does anyone have a suggestion on how to update a timestamp field in the mysql table when postfix finds a virtual_alias_maps match? I'm looking for a way to measure alias usage and cull unused aliases. Have you considered a stored procedure? If you use a SELECT query, does it use CALL? This would be a stored function, not a procedure, to be called from a SELECT. A stored function *must* return a single result and cannot output a result set. This does not seem it would work for the OP because the query would always match from the Postfix point of view. Stored procedures in MySQL must be invoked by CALL. Hmmm... Makes sense. A stored function then would solve it? Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: virtual_alias_maps mysql
Hi, I using virtual_alias_maps with mysql for storage. Working fine. Does anyone have a suggestion on how to update a timestamp field in the mysql table when postfix finds a virtual_alias_maps match? I'm looking for a way to measure alias usage and cull unused aliases. Have you considered a stored procedure? HTH Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: virtual_alias_maps mysql
I using virtual_alias_maps with mysql for storage. Working fine. Does anyone have a suggestion on how to update a timestamp field in the mysql table when postfix finds a virtual_alias_maps match? I'm looking for a way to measure alias usage and cull unused aliases. Have you considered a stored procedure? Stored procedures do not work in Postfix without code changes because the |CLIENT_MULTI_RESULTS connect flag, for MySQL API, is not turned on. From the manual: http://dev.mysql.com/doc/refman/5.0/en/mysql-real-connect.html CLIENT_MULTI_RESULTS Tell the server that the client can handle multiple result sets from multiple-statement executions or stored procedures. This flag is automatically enabled if CLIENT_MULTI_STATEMENTS is enabled. See the note following this table for more information about this flag. If your program uses CALL statements to execute stored procedures, the CLIENT_MULTI_RESULTS flag must be enabled. Not sure if I understand this right then, but to me this reads that if you use SELECT to get results from a stored procedure your fine Correct me if I'm wrong HTH Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: virtual_alias_maps mysql
On Thu, Jan 28, 2010 at 10:40 PM, Brian Evans - Postfix List grkni...@scent-team.com wrote: On 1/28/2010 4:12 PM, Serge Fonville wrote: I using virtual_alias_maps with mysql for storage. Working fine. Does anyone have a suggestion on how to update a timestamp field in the mysql table when postfix finds a virtual_alias_maps match? I'm looking for a way to measure alias usage and cull unused aliases. Have you considered a stored procedure? Stored procedures do not work in Postfix without code changes because the |CLIENT_MULTI_RESULTS connect flag, for MySQL API, is not turned on. From the manual: http://dev.mysql.com/doc/refman/5.0/en/mysql-real-connect.html CLIENT_MULTI_RESULTS [...] If your program uses CALL statements to execute stored procedures, the CLIENT_MULTI_RESULTS flag must be enabled. Reread this ^^^. If you use a SELECT query, does it use CALL? -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: How to ensure that either FROM or TO is local
Thx for the reply. While it was intended, no doubt, to be very wrong, it failed. Lacking a valid CIDR expression, that only matches the single IPv4 address of 0.0.0.0, which, having special meaning in networking, is unroutable. A setting of equivalent functionality is mynetworks =. The OP would be well advised to review the BASIC_CONFIGURATION_README, listing in $mynetworks the client networks which should be allowed to relay. I read all the postfix docs I could find... If the OP does not wish to allow any to relay on the basis of IP address unless using a local sender, as the $SUBJECT suggests, the solution is pretty simple. main.cf : mynetworks = real.IP.add.ress/CIDR[, ...] smtpd_recipient_restrictions = reject_unlisted_sender, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination[, ...] This did not seem to work as expected. don't know if using smtpd_reject_unlisted_sender would prevent anything going wrong here, but this is likely to make you an open relay. If the wrong thing had been done correctly ;) I think this would have worked too, that is, if I understood the OP's goal correctly. I'm using a virtual transport for all my mail. With local mail I meant all mail that goes through this transport. To verify the 'local' users I use LDAP. It contains all my users and their email addresses. So basically, what my 'ideal' configuration would offer If someone from a none private IP (or localhost) tries to send a mail it is required to have a recipient that is part of the service that offers the virtual transport (this way internal people can send to each other and to people outside the interna; environment. When someone from a public IP tries to send a mail it is required that the sender is an unkown address and the recipient is known. This (I believe) can be resolved by using either two instances. or some sort of policy daemon. What I currently don't know is how I would go about and resolve this. I hope I have clarified any euhh... unclarities Thanks a lot! Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: How to ensure that either FROM or TO is local
I *think* the short, correct answer is to use a policy server: http://www.postfix.org/SMTPD_POLICY_README.html I will look into those then I read into http://www.postfix.org/SMTPD_POLICY_README.html, but I do not see how I can use this to solve my problem. Perhaps I am missing something... Any help is greatly appreciated Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: How to ensure that either FROM or TO is local
Wietse, Thx for the reply The policy server can reject mail from a remote network with a local sender address. Isn't that what you want? As an added bonus, it can also reject mail from a local network with a remote sender address. This can help to stop outbound spam from zombie-infested PCs. Yes exactly. I read into the page again and it seems to be suitable for my purpose. Unfortunately it also seems to mean I have to write my own policy server.. At least I have a starting point from now on. Thanks a lot for the help! Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: How to ensure that either FROM or TO is local
Postfix, by default, only queues mail that is destined for that system
(mydestination or virtual settings), included in mynetworks, or listed
in relay_domains
This only changes if *you* tell Postfix not to. The config below does
not show any such weakness.
Hmmm, so basically there is no way to enforce that mail sent through
the mail server will always be either from or to one of my domains :-(
Would it be possible to use sender verification to match negatively?
That way I could run two instances of postfix and have one check
sender and the other recipient
If it comes from the internal interface at lease sender should be local
if it comes from the external interface at least recipient should be local
Not sure if this is possible, but it would definitely solve it, at least I
think
I believe I have the solution.
Unfortunately no way to implement it :-(
When I add the following to main.cf, this should perform the check, so
only people I know are allowed to send through postfix and they can
send anywhere. This should also prevent anyone to send mail from an
address that isn't one of mine.
smtpd_reject_unlisted_recipient = no
smtpd_reject_unlisted_sender = yes
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_sender_restrictions =
Unfortunately, it does not work.
The output of postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination =
myhostname = server01.fonville-it.nl
mynetworks = 0.0.0.0
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_mailbox_domains = mail.fonville-it.nl, fonville-it.nl
virtual_mailbox_maps = ldap:/etc/postfix/ldap-mailbox-maps.cf
virtual_transport = zarafa
What have I done wrong?
Regards,
Serge Fonville
--
http://www.sergefonville.nl
Convince Google!!
They need to support Adsense over SSL
https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528
http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
How to ensure that either FROM or TO is local
Hi,
I'm trying to install a postfix server and everything seemed to work ok.
Until I tried to mail from a remote domain to a remote domain, but
from 'telnet localhost 25'
I understand (suspect) this works because 127.0.0.0/8 is in mynetworks.
How do I ensure that my mail server can only send mails either to or
from mydomains?
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_transport = zarafa
mydestination = mydomainformail.org, mailserver.mydomainformail.org
mydomain = mydomainformail.org
myhostname = mailserver.mydomainformail.org
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = Infracom Mail Server
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf
Thanks in advance.
Regards,
Serge Fonville
--
http://www.sergefonville.nl
Convince Google!!
They need to support Adsense over SSL
https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528
http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: How to ensure that either FROM or TO is local
Thx for the reply. postconf -n smtpd_banner = Infracom Mail Server Don't change this unless you have a really good reason. Some functionality can be lost by those connecting to you and the current line breaks the SMTP standard. Ok, thx I'll revert this to the default then ;-) There are open relay test websites you can verify this at. The mail server isn't public currently, but thx for the reminder :-) Postfix, by default, only queues mail that is destined for that system (mydestination or virtual settings), included in mynetworks, or listed in relay_domains This only changes if *you* tell Postfix not to. The config below does not show any such weakness. Hmmm, so basically there is no way to enforce that mail sent through the mail server will always be either from or to one of my domains :-( Not really what I was hoping for, but thx for clarifying this Brian! Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: How to ensure that either FROM or TO is local
I was wondering... smtpd_banner = Infracom Mail Server Don't change this unless you have a really good reason. Some functionality can be lost by those connecting to you and the current line breaks the SMTP standard. Ok, thx I'll revert this to the default then ;-) There are open relay test websites you can verify this at. The mail server isn't public currently, but thx for the reminder :-) Postfix, by default, only queues mail that is destined for that system (mydestination or virtual settings), included in mynetworks, or listed in relay_domains This only changes if *you* tell Postfix not to. The config below does not show any such weakness. Hmmm, so basically there is no way to enforce that mail sent through the mail server will always be either from or to one of my domains :-( Would it be possible to use sender verification to match negatively? That way I could run two instances of postfix and have one check sender and the other recipient If it comes from the internal interface at lease sender should be local if it comes from the external interface at least recipient should be local Not sure if this is possible, but it would definitely solve it, at least I think Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: Get username of local user from recipient address
Hi, Michal Kurka: Because I have not got any answer, I tried trace an internal communication between postfix'es processes via UNIX-sockets. I discovered that trivial-rewrite only specifies transport or does a canonicalizing. Process verify right tell that recipient address is alias to a concrete username. If recipient is aliased to more users, all usernames is announced. Now I'm trying use verify for my business. If simply execute verify, it ends with error message in Log fatal: service verify requires a process limit of 1. Sorry, you are playing with Postfix-internal interfaces. Use of these by non-Postfix programs is UNSUPPORTED meaning that it can break even after minor Postfix release changes. I aware of this. But do I have any other option? Unfortunately I haven't got any suggestion from anybody :-( Can't you just use virtual alias maps based on an external service for this purpose? For example in case of mysql you can create a stored procedure that 'logs' when the resultset is empty HTH Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923hl=en
Re: is my server an open relay?
Well, To determine you are an opne relay, there are a couple of things you can do Google for open relay check From a remote site send an email from another domain to another domain through your mail server Check your settings agains the manual HTH Regards, Serge Fonville On Thu, Aug 20, 2009 at 2:54 PM, Israel Garciaigalva...@gmail.com wrote: My scenario: I have a lot of postfix servers, each one, use to sent mail directly to internet, so It's difficult to monitor them. What I want? Put all postfix's of my servers to send all their external mail to an smarthost server in my network. I mean, the smarthost must receive ONLY mail from my servers and relay them mail to internet. Remember I have a lot of different servers and domains so I don't know how to configure this smarthost becasuse in some way it's becoming an open relay. My question: How can I setup a secure smarthost to my network that receive mail ONLY from my servers and relay all mail directly to Internet? Include some configuration if possible. regards, Israel.
Re: is my server an open relay?
My bad, I misunderstood the question, skimmed to the msg to fast ;-) Sorry 'bout that As mentioned read the section on mynetworks Regards, Serge Fonville On Thu, Aug 20, 2009 at 3:23 PM, Israel Garciaigalva...@gmail.com wrote: Serge, I mean I'm an open relay to my servers, becasue any user from any server can send mail putting any sender..I'm looking a way to block that... regards, Israel. On Thu, Aug 20, 2009 at 8:02 AM, Serge Fonvilleserge.fonvi...@gmail.com wrote: Well, To determine you are an opne relay, there are a couple of things you can do Google for open relay check From a remote site send an email from another domain to another domain through your mail server Check your settings agains the manual HTH Regards, Serge Fonville On Thu, Aug 20, 2009 at 2:54 PM, Israel Garciaigalva...@gmail.com wrote: My scenario: I have a lot of postfix servers, each one, use to sent mail directly to internet, so It's difficult to monitor them. What I want? Put all postfix's of my servers to send all their external mail to an smarthost server in my network. I mean, the smarthost must receive ONLY mail from my servers and relay them mail to internet. Remember I have a lot of different servers and domains so I don't know how to configure this smarthost becasuse in some way it's becoming an open relay. My question: How can I setup a secure smarthost to my network that receive mail ONLY from my servers and relay all mail directly to Internet? Include some configuration if possible. regards, Israel. -- Regards; Israel Garcia
Re: Exchange -- Postfix
www.postfix.org www.google.com On Tue, Aug 4, 2009 at 11:53 AM, Paweł Ch.pch0...@gmail.com wrote: Hello, I want to _change_ MsExchange to Postfix in my corporation. I have 150 users in my network. They work in Outlook 2003. We are using Active Directory to authentification. Could you tell me what is the consequencies of making that change. Especialy I would like to know: 1. Is Postfix cooperate with Active Directory or eDirectory? Anybody use Postfix with AD or eDirectory? 2. I know that communication between Exchange and Outlook is with MAPI protocol. Does Postfix use the MAPI protocol? 3. If 2 is no, Is Postfix POP or IMAP server? I would like to use POP or IMAP protocol instead MAPI. 4. Is this possible that Postfix has a Outlook calendar feature and other Outlook like feature. 5. Does Postfix support TLS, SSL? 6. Does Postfix support acces via http to mail box? Thanks pch0317
Re: Blocking Hotmail
What would be the appropriate command to simply reject this domain? I'd google for: postfix block domains The first result I would get is: http://www.linuxquestions.org/questions/linux-server-73/how-to-block-domains-postfix-684924/ HTH Regards, Serge Fonville
Re: Blocking Hotmail
You're welcome! Well, Google is your friend Probably more than any other non-human resource And very often it is faster as well In my experience, mailing lists, are more of a 'last resort' If you want a postfix forum, I'd say, start one Just my 2ct Regards, Serge Fonville On Thu, Jul 30, 2009 at 4:50 PM, Rodman Frowertrod...@shellport.com wrote: Thanks! I did a search on the Postfix main site for block but didn't get any results. I wish there was a message board on the Postfix main site instead of JUST the mailing list. Would making find things that are asked a lot quite easier. Some of the mailing list archives don't have search functions... Rodman - Original Message - From: Serge Fonville serge.fonvi...@gmail.com To: postfix postfix-users@postfix.org Sent: Thursday, July 30, 2009 9:37 AM Subject: Re: Blocking Hotmail What would be the appropriate command to simply reject this domain? I'd google for: postfix block domains The first result I would get is: http://www.linuxquestions.org/questions/linux-server-73/how-to-block-domains-postfix-684924/ HTH Regards, Serge Fonville
Re: Need Outbound Only
Hi, I would like to configure postfix to send whatever is in its queue to whatever is setup as smarthost, but *NOT* listen for incoming mail; this particular server is not a mail relay and I do not want to allow it to be an open relay. Start by looking here: http://groups.google.com/group/mailing.postfix.users/browse_thread/thread/7852b397d05ebb20/011bd8c4cfc7bc1b?lnk=raot HTH Regards, Serge Fonville
Need Outbound Only
Thanks Serge, my needs are different. What I've done so far was the following: myhostname = nonrelayhost.example.com mynetworks = 127.0.0.0/8, 192.168.100.10/32 # Or, this? # mynetworks = 127.0.0.0/8, $myhostname If you just want to block incoming mails from outside your network use a block or reject rule with iptables and either specify the wan interface or a subnet exclusion/inclusion HTH
Re: Need Outbound Only
To turn off incoming mail completely, comment out the smtp ... smtpd service in master.cf. Wouldn't that completely disable smtp then?
Re: Need Outbound Only
* Serge Fonville serge.fonvi...@gmail.com: To turn off incoming mail completely, comment out the smtp ... smtpd service in master.cf. Wouldn't that completely disable smtp then? Incoming, yes. Perhaps I misunderstood then, but when would a mail be send then if it can't listen to SMTP requests? To me, sending a mail goes like this Client makes connection to smtp server Client talks smtp to server Server determines whom the mail is for Server sends (or stores) the mail to wherever it is supposed to When there is no SMTP server, how would a (local) client send a mail through it? Perhaps the OP can clarify a bit more, because an MTA without SMTP seems kinda useless to me...
Re: lost connection after MAIL
Have you tried sending mail through telnet? That way you can determine if it is in your script or in your postfix config. Could you post your configuration and the perl script? Is there any relevant logging? HTH Regards, Serge Fonville On Thu, Jul 2, 2009 at 10:23 AM, Shane Ardeenshaneard...@gmail.com wrote: Hi I recently installed and configured postfix as my dev mail server. It's been working well but when I tried to send mail by a perl script I kept getting lost connection after MAIL as a result of smtp_get: EOF. The same perl script sends mail to my production server which is hosted by my ISP and there's no problem at all. Here's my mail.log extract: Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: resolve_clnt: `' - `mym...@mydomain.com' - transp=`maildrop' host=`mydomain.com' rcpt=`mym...@mydomain.com' flags= class=virtual Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: ctable_locate: install entry key mym...@mydomain.com Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: extract_addr: in: mym...@mydomain.com, result: mym...@mydomain.com Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: fsspace: .: block size 4096, blocks free 1953241 Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: smtpd_check_queue: blocks 4096 avail 1953241 min_free 0 msg_size_limit 0 Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: ...xx[xx.xx.xxx.xxx]: 250 2.1.0 Ok Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: watchdog_pat: 0xb8a16808 Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: vstream_fflush_some: fd 14 flush 14 Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: smtp_get: EOF Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: match_hostname: ...xx ~? 127.0.0.0/8 Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: match_hostaddr: xx.xx.xxx.xxx ~? 127.0.0.0/8 Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: match_list_match: ...xx: no match Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: match_list_match: xx.xx.xxx.xxx: no match Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: send attr request = disconnect Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: send attr ident = smtp:xx.xx.xxx.xxx Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: vstream_fflush_some: fd 15 flush 45 Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: vstream_buf_get_ready: fd 15 got 10 Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: private/anvil: wanted attribute: status Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: input attribute name: status Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: input attribute value: 0 Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: private/anvil: wanted attribute: (list terminator) Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: input attribute name: (end) Jul 1 14:52:41 dev-mail32 postfix/smtpd[20378]: lost connection after MAIL from ...xx[xx.xx.xxx.xxx] Thanks for any help Shane
Transparent mail filter
Hi, I am in the process of setting up a t goog_1238418073789ransparent goog_1238418073789mail filterhttp://www.linuxquestions.org/questions/linux-server-73/transparent-mail-filter-distribution-714608/#post3488536 . Postfix seems the best I could find for this. I already have the following 'idea' about how it should be NAT router 172.16.0.254 Existing MS Exchange Server 172.16.0.2 In between I intend to place a transparent host (through a bridged interface) that redirects all traffic destined for 172.16.0.2 on port 25 to a local postfix instance. The postfix instance relays the mail to the exchange server after processed by Spamassasin. The source and destination domains are unkown. This seems to mean a couple of things I think (after reading the docs) mynetworks should be 0.0.0.0/0 (which seems really odd to me) I am not sure what I need to set relaydomains to, since these are unkown... relayhost should be 172.16.0.2 Any help is greatly appreciated Thanks a lot. Regards, Serge Fonville
Re: Transparent mail filter
Please don't post HTML to the list. Sorry about the HTML. Postfix is not a transparent proxy and can not be made to behave like one. Postfix can be used as an MX gateway in front of exchange, here's a general If you want a transparent proxy, you might look at ASSP. Thanks for the answer, I will look into that then Regards, Serge Fonville
