Re: Virtual users pop3d suggestions
On 9/10/2010 00:32, Nick Edwards wrote: Good day all, I apologize in advance if the moderators consider this slightly OT. We have many users moved to a MySQL database, planned for moving away from Cyrus on Sunday Oct 3, we are almost ready to go but found a problem with pop3 software we were going to use. So basically, using postifx's virtual, excluding Dovecot, what POP3 servers are people using? This will be NFS so we are going to use Maildir. We know Courier, but Googling shows a /lot/ of people say it's slow compared to other daemons, but there does not seem to be much else of a real choice? We have approximately 90 thousands DSL and 3G users, not a big company, but hardly too small either. I used to use Courier, but ended up replacing it with Dovecot. ~Seth
Re: Strange problem : email refused during the night ???
On 6/12/2010 16:03, Denis BUCHER wrote: c) More info : That's what I see in the logs approximately at the same time these errors are seen : Jun 11 04:45:21 cirrus postfix/trivial-rewrite[3636]: warning: dict_ldap_connect: Unable to bind to server ldap://localhost:389 as cn=, ou= , dc=hsolutions, dc=ch: -5 (Timed out) Jun 11 04:45:25 cirrus postfix/trivial-rewrite[3648]: warning: dict_ldap_connect: Unable to bind to server ldap://localhost:389 as cn=, ou=, dc=hsolutions, dc=ch: -5 (Timed out) Jun 11 04:45:26 cirrus postfix/smtpd[3411]: warning: dict_ldap_lookup: Search error -5: Timed out Well, according to this your LDAP server isn't working. ~Seth
Re: Say to Postfix which email need to be delivered locally based on the full email address and not just based on the local domain
On 2/2/10 10:05 AM, Noel Jones wrote: On 2/2/2010 11:11 AM, Michele Carandente wrote: Hi Noel, Thanks for the corrections... anyway this solution doen't solve the problem that I have. Sorry, that's the only solution I have to offer. UUCP? ;) ~Seth
delays=a/b/c/d in docs
Does anyone know offhand where the logging string delays=a/b/c/d is defined in the documentation? I can't seem to find it. ~Seth
Re: delays=a/b/c/d in docs
Seth Mattinen wrote: Does anyone know offhand where the logging string delays=a/b/c/d is defined in the documentation? I can't seem to find it. Nevermind, it's in RELEASE_NOTES. I would humbly suggest putting it in the DEBUG_README as well. ~Seth
Re: delays=a/b/c/d in docs
Pascal Volk wrote: On 01/06/2010 05:29 PM Seth Mattinen wrote: Does anyone know offhand where the logging string delays=a/b/c/d is defined in the documentation? I can't seem to find it. see man postconf(5): man 5 postconf | less +/^delay_logging_resolution_limit Ah, thanks. Even more useful than what I found in the release notes. It never occurred to me to look in the postconf man page. ~Seth
Re: Bounce at SMTPD level
Thomas Bolioli wrote: http://forum.qmailrocks.org/archive/index.php/t-1623.html I found the above link when looking for a how to for configuring postfix to bounce email BEFORE the initial MTA transaction is complete. I can't seem to find one for postfix. I want a sending MTAs to get a 550 error if spamc/spamd determine a mail is spammy so non spam senders get some sort of feedback that their message has been tossed and not delivered. For obvious reasons you can't do this as a bounce to the From: or Reply-To: header emails so it has to happen during the initial MTA transaction. Can someone point me to a how to for this? Thanks, Tom You probably want a before-queue filter or milter: http://www.postfix.org/SMTPD_PROXY_README.html http://www.postfix.org/MILTER_README.html ~Seth
Re: A question about Postfix and virus scanning
Jerry wrote: On Wed, 02 Dec 2009 01:33:51 -0500 Michael Katz mkn...@messagepartners.com replied: Responding to support lists is not a sales strategy, and if it was it would be the worst strategy imaginable because it doesn't work. We sell software because we have to make a living but answering on lists is more of a personality trait of mine than anything else. Regardless, the open source vs. commercial argument is largely dying because the real argument, in the US at least, is becoming Google vs. anything else. Their free offerings are ending the need for Postfix, Amavis, what I make and countless other email products - commercial, open source or otherwise. Somehow we have all become addicted to the free stuff that billionairesgive us while spurning the hard work of a few entrepreneurs trying to make a living. We are a tiny little company and I answer stuff to try to be helpful, that's it. Save the cries of evil for people that matter like Google, we are insignificant unfortunately. IMHO, Google is employing the business method know as deferred gratification. It is so transparent that I find it hard to believe that there has not been more chatter regarding its business dealings. It appears that only now have some large corporations and government entities started to take action against them. What really annoys me is that when Microsoft lowered prices on some of its retail products they were accused of using the same business tactic. When Google does essentially the same thing, barely a word is spoken. Too many users have become functionally socialist in regards to software. The difference is obvious: everyone loves to hate Microsoft and Google can do no wrong. Simple as that. ~Seth
Re: OT: need some advice as to distro
David Koski wrote: On Tuesday 01 December 2009, Stan Hoeppner wrote: BTW, don't you really mean? # apt-get purge exim # apt-get install postfix Last I tried I couldn't remove the MTA without replacement. The onliner apt-get --purge install postfix installs postfix and purges exim without complaining about not having an MTA. Correct. You have to let apt remove exim during the process of installing postfix or it'll fail because some kind of MTA is mandatory. First thing I do with any Debian install as well. ~Seth
Re: how to increase throughput of postfix to local user?
devel anaconda wrote: It disables fsync() on each incoming mail. Plus, if I mount my ext3 partition with option commit=30 or even commit=100, can it helps a bit? Have you tried a filesystem other than ext3 like Reiser or XFS? The performance of ext3 really, really sucks if you have a lot of files in one directory as a mail spool is bound to have. ~Seth
Re: how to increase throughput of postfix to local user?
Victor Duchovni wrote: On Sat, Nov 07, 2009 at 01:18:35AM -0800, Seth Mattinen wrote: Have you tried a filesystem other than ext3 like Reiser or XFS? The performance of ext3 really, really sucks if you have a lot of files in one directory as a mail spool is bound to have. This is not so in most cases. Ext3 is just fine for Postfix. The only reason I mention it is because I had a problem with ext3 performance on my Postfix systems. The array controller is a 3ware 9550SX with 256M cache+BBU. Switching to XFS helped my case. ~Seth
Re: How to override an MX value for a particular domain only?
Eric B. wrote: Is there no way to direct Postfix to a different DNS server (as opposed to the ones specified in resolve.conf) either for a particular domain, or for all domains altogether? No, that's outside of the purview of Postfix. You could probably do something with BIND views though. ~Seth
Re: SMTP-AUTH *without* SASL/PAM?
Barney Desmond wrote: 2009/10/30 Seth Mattinen se...@rollernet.us: Keith Palmer wrote: OK, thanks... but that doesn't answer my question. Is it possible to configure Postfix for SMTP-AUTH *without* using SASL/PAM? I'd like to *not run SASL at all* rather than have it do the lookups. Use the dovecot auth method. In spite of the name in the docs, no SASL is involved whatsoever. I run dovecot on a few servers with all the pop3/imap parts disabled just for auth. Uh, it *is* still SASL, unless I've misunderstood that. To clarify: there is no way to avoid using SASL. SASL is the protocol that Postfix uses to ask Someone Else for authentication. Postfix supports no other authentication mechanisms. (the fact that the only SASL backends in existence (basically) are POP/IMAP servers is what usually confuses people). If you have no particular requirements or existing configuration, installing Dovecot and using it as your SASL backend is the easiest way to go. Well sure, but my point was that Dovecot auth doesn't have the normal hassle of cyrus sasl so one shouldn't think of it as the same potential evil. ~Seth
Re: SMTP-AUTH *without* SASL/PAM?
Keith Palmer wrote: OK, thanks... but that doesn't answer my question. Is it possible to configure Postfix for SMTP-AUTH *without* using SASL/PAM? I'd like to *not run SASL at all* rather than have it do the lookups. Use the dovecot auth method. In spite of the name in the docs, no SASL is involved whatsoever. I run dovecot on a few servers with all the pop3/imap parts disabled just for auth. ~Seth
Re: How to reduce memory footpring?
Rene Bartsch wrote: On Thu, Oct 29, 2009 at 09:10:27AM +0100, lst_ho...@kwsoft.de wrote: It looks like a heap to me. Some library is allocating a lot of virtual memory. It could be via Postfix, or via an NSS module, perhaps db entries in nsswitch.conf, just to close out the Berkeley DB theme. Otherwise, run a test Postfix instance with a default configuration, and add one feature at a time, until the memory footprint jumps... The memory usage is caused by smtpd_recipient_restrictions = check_client_access cidr:/etc/postfix/dnswl/postfix-dnswl-header, check_client_access cidr:/etc/postfix/dnswl/postfix-dnswl-permit, This are whitelists downloaded from DNSWL every night. Each file is about 4 MBytes and bloats EACH smtpd-process by 10 MBytes. Is there any reason why such lists are not in shared memory? Is it normal that TLS bloats each smtpd-process by about 1 Mbyte? Yes? You're adding more stuff using TLS. Why do you call it bloat? ~Seth
Re: How should I create an email account?
Ricky Tompu Breaky wrote:
On Thu, 01 Oct 2009 20:15:52 +0300
Eero Volotinen eero.voloti...@iki.fi wrote:
Ricky Tompu Breaky kirjoitti:
On Thu, 01 Oct 2009 19:59:51 +0300
Eero Volotinen eero.voloti...@iki.fi wrote:
...
Well, default config on suse? is really messy, maybe you can take
basic config from postfix and start with it?
RBYes, you're right Eero It's from OpenSuSE11.1 MMM... Do
RByou have the sample of the 'basic config' files? Which files is
RBit? the 'main.cf'? or others also ('master.cf' etc)?
RBPlease send it/them to me if you have the 'basic config',
RBplease.
RBThank you very much in advance.
look at /usr/share/doc/postfix .
This is really rtfm issue, you can find lots of information from www
pages..
--
Eero
RBNo, I don't have that file on OpenSuSE11.1:
sussy:~ # ls /usr/share/doc/postfix
ls: cannot access /usr/share/doc/postfix: No such file or directory
sussy:~ #
RBOK, thank you very much for the information.
postconf -d will give you defaults.
~Seth
Re: Formatting of 544- ... lines in Undelivered Mail Returned to Sender
Wietse Venema wrote: Seth Mattinen: Multiline responses in SMTP are (as far as I know) not allowed. I'm sure Wietse will correct me it I'm wrong, but I can't ever recall it. They are allowed. In fact, most EHLO server responses are multi-line. Ah yes, silly me. I've seen multiline EHLO, but I didn't know that extended to other command responses. ~Seth
Re: Formatting of 544- ... lines in Undelivered Mail Returned to Sender
Multiline responses in SMTP are (as far as I know) not allowed. I'm sure Wietse will correct me it I'm wrong, but I can't ever recall it. ~Seth
Re: feature request: deliver to compressed files on Maildir boxes
mouss wrote: Leonardo Rodrigues a écrit : http://wiki.dovecot.org/Plugins/Zlib I don't wanna sound negative, but - since dovecot solves the problem... - this can also be handled at fielsystem level - every time I hear zlib, someting like vulnerability hits my ears. so if I can vote, I'd say no to zlib integration. this applies to dovecot too. unfortunately, it seems that Timo is too open, which makes the with security in mind of dovecot debatable at least. is it time to move back to courier? Well, it *is* a plugin, just don't enable it and you're zlib free. I'll agree with you on the too open part though. ~Seth
Re: latest postfix vs. postfix 2.3 package?
Dave wrote: Hello, I'm running postfix 2.3 via rpm package. This is on a centos box. I know that there are later versions out, and am wondering if there's a feature add-ons page, not just a changelog, something very detailed version to version, that goes in to detail? I'm trying to decide if i should do an upgrade. Thanks. Read the release notes. ~Seth
Re: What causes the message file too big error?
LuKreme wrote: On Jul 30, 2009, at 12:42 PM, Seth Mattinen wrote: The exact byte count of the message+headers is 100793284 Seriously? 96MB emails? I hope that's internal only. Nope, not internal. Why does that matter? I only noticed this one because the idiot mail server (or user) on the other end was interpreting 5xx as be a woodpecker and keep trying. ~Seth
Re: Directory Harvest
Roman Gelfand wrote: Should I block 1 address or subnet? I'd start with just the IP, personally. ~Seth
Re: Catchall account and lots of spam in a short period
Martijn de Munnik wrote: Losing catchall seems to be the best solution but some of my customers want to create an emailaddress for every website the register on. m...@desjors.nl pay...@desjors.nl deb...@desjors.nl etc. Then they use their mail client to filter the messages and put them in folders. Off course they can create aliases on the admin panel but customers are lazy ;) Then get used to the spam. You can't stop it if you accept every garbage recipient spammers can come up with. As you've seen, accepting everything results in a lot of crap. ~Seth
Re: Spamassassin
Carl A jeptha wrote: When setting up Postfix with Amavis, ClamAV and spamassassin, should one see spamassassin working (I am using a Ubuntu server) True? ~Seth
Re: postfix strip ??? (highbit chars)
Benny Pedersen wrote: On Thu, July 23, 2009 01:00, Noel Jones wrote: Did you run postfix reload? yes Do you have postfix 2.3 or later? 2.5.7 Show evidence. postconf -n output, contents of your message, etc. do i really have to :/ If you ask for help and can't figure it out on your own, be prepared to give up information to help solve the problem you might consider secret. Or don't ask for help. ~Seth
Re: Forwarding Hosted Domain Mail to GMail
Ryan O'Toole wrote: Sure, sure. I realize Google is Google and Postfix is Postfix. My purpose in mailing to this list is questioning whether there are additional steps I need to take when configuring my postfix server so that my mail won't be blacklisted. I'm reading a little on reverse DNS right now and it doesn't look like I have it set up, so perhaps that's the issue. Just thought I'd check with the postfix wizards out there who have more experience configuring postfix servers than I do ;-) Not really. Dropping a message to the floor after saying 250 OK is a horrible, horrible thing to do. This may be helpful: https://mail.google.com/support/bin/answer.py?answer=81126 ~Seth
Transport map lookup failures are fatal?
I apologize in advance if I'm being horribly dense, but I'm seeing something that doesn't feel right. In the event that a transport map lookup fails with a host not found error, Postfix is bouncing the message rather than treating it as a temporary error. For my test, I have the transport map: 50lightyears.com smtp:[badrecord.mattinen.org]:1234 Where badrecord.mattinen.org intentionally does not exist. So I send a test message and I see this in the logs: postfix/smtp[5361]: 773FA3E442: to=t...@50lightyears.com, relay=none, delay=0.25, delays=0.21/0.04/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=badrecord.mattinen.org type=A: Host not found) So, my question is, why is that fatal instead of temporary? Shouldn't it be temporary? Observed on 2.5.5 and 2.4.5. ~Seth
Re: Transport map lookup failures are fatal?
Victor Duchovni wrote: On Thu, Apr 16, 2009 at 06:47:58PM -0700, Seth Mattinen wrote: I apologize in advance if I'm being horribly dense, but I'm seeing something that doesn't feel right. In the event that a transport map lookup fails with a host not found error, Postfix is bouncing the message rather than treating it as a temporary error. The transport map lookup did not fail. For my test, I have the transport map: 50lightyears.com smtp:[badrecord.mattinen.org]:1234 Where badrecord.mattinen.org intentionally does not exist. So I send a test message and I see this in the logs: postfix/smtp[5361]: 773FA3E442: to=t...@50lightyears.com, relay=none, delay=0.25, delays=0.21/0.04/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=badrecord.mattinen.org type=A: Host not found) The destination nexthop does not exist, this is not a transient condition. In my example yes (I just needed a way to force the behavior, that's not a real application), but in the issue I'm attempting to resolve the error was: Host or domain name not found. Name service error for name=mail.x.net type=A: Host found but no data record of requested type I assume - but haven't confirmed yet - this was caused by a Dynamic DNS hostname in the transport. I assume the provider withdrew the A record until the updated IP was available but during this time Postfix bounced anything heading for that transport. So, my question is, why is that fatal instead of temporary? Shouldn't it be temporary? Observed on 2.5.5 and 2.4.5. It should not be temporary. All lookups succeed and establish that the destination is non-existent. Postfix correctly bounces the message. If you really want sub-optimal behaviour and a queue full of junk, try: smtp_defer_if_no_mx_address_found = yes So am I correct in assuming that any lookup failure (aside from DNS timed out) at the transport map stage will result in a fatal condition? ~Seth
Re: Transport map lookup failures are fatal?
Victor Duchovni wrote: So, my question is, why is that fatal instead of temporary? Shouldn't it be temporary? Observed on 2.5.5 and 2.4.5. It should not be temporary. All lookups succeed and establish that the destination is non-existent. Postfix correctly bounces the message. If you really want sub-optimal behaviour and a queue full of junk, try: smtp_defer_if_no_mx_address_found = yes Just tested that; doesn't work when MX lookups are disabled in the transport with []. In hindsight, I should have realized that the lookup was fine, it was returning NXDOMAIN and rightly seeing that as a successful does not exist result. Of course, now the challenge is how to deal with transient NXDOMAIN responses. I'll have find out how that hostname is being updated if it is indeed dynamic DNS. ~Seth
