Re: ot: policyd advise
> On Dec 16, 2017, at 10:55 AM, Voytek wrote: > > thanks. I guess on this server it was never configured as logs are full of > DUNNOs, didn't notice any other labels It depends on the plugins enabled in iRedAPD config file, you can turn on debug mode to see more details: http://www.iredmail.org/docs/debug.iredapd.html > is iRedAPD available/supported as 'stand alone' with my current postfix, , > or just as part of iredmail ? iRedAPD is a Postfix policy server, of course you can remove it if you don’t need it. We replaced Policyd/Cluebringer by iRedAPD, with extra features and improvements, i suggest you check what features/plugins it offers first before making the final decision. Plugin directory is /opt/iredapd/plugins/. For iRedMail / iRedAPD related questions/issues, it’s better move to iRedMail online support forum: http://www.iredmail.org/forum/ Zhang Huangbin, founder of iRedMail project: http://www.iredmail.org/ Time zone: GMT+8 (China/Beijing). Available on Telegram: https://t.me/iredmail
Re: ot: policyd advise
> On Dec 15, 2017, at 6:31 AM, Voytek wrote: > > Q1: in a multi line config like this, is it possibly to comment out one > line in place like so? iRedAPD works on two Postfix protocol state: RCPT, END-OF-MESSAGE. Different states have different functions. for example, greylisting plugin only works in RCPT state, but throttle plugin works on both states. If mail is rejected in RCPT state, we don’t need client to send full message and move to END-OF-MESSAGE state. > Q2: is there a way to assess from maillogs? effectiveness ? what else ? > that this deamon has ? iRedAPD logs to /var/log/iredapd/iredapd.log. If some email was rejected by iRedAPD (e.g. greylisting), Postfix will log the rejection too. > Q3: what are my options to update from policyd 1.x to (greylist, > throttling, what else should I look at ?) Policyd v1 is dead, v2 is not under active maintenance in passed 2 years (4 commits in 2017, no commit in 2016). Policyd v2 is a completely rewritten with different SQL structure, and Policyd developers didn’t offer any upgrade/migration tutorial. You’re on your own. https://wiki.policyd.org You’re free to use any policy servers which work well with Postfix, but if you use iRedMail + iRedAdmin-Pro, it’s better move to iRedAPD to get the best integration, and get support from iRedMail online support forum: https://forum.iredmail.org/ Zhang Huangbin, founder of iRedMail project: http://www.iredmail.org/ Time zone: GMT+8 (China/Beijing). Available on Telegram: https://t.me/iredmail
Re: Do you know an FOSS email system for kids?
> On Apr 15, 2017, at 10:31 PM, Dedeco Balaco Baco > wrote: > > - messages can be sent to any email account This is not a problem. > - answers must only be read after the contact is added and the supervisor > confirmed its safety Sounds like quarantining and audit. Amavisd or similar softwares supports quarantining spam/virus/bad-header/banned and also clean messages to SQL database (or file system), you need a web UI to view them and release/delete them. https://amavis.org > - or each message from strange accounts can be marked as safe without adding > the sender to the contact; process repeated for each message Not sure what this means, but sounds like some kind of whitelisting and blacklisting. Is it? > - messages from contacts are received faster, do not need to be previously > read by supervisor account Like whitelisting. Bypass the quarantine for whitelisted senders. > - a copy of all messages can be read by the supervisor account at anytime, > even after they are erased within the safe account Use BCC for simple archiving or monitoring, or archive software like Piler: http://www.mailpiler.org > Such a system (or program) is not that hard to develop. “not that hard”? No matter hard or easy, it takes time. Zhang Huangbin, founder of iRedMail project: http://www.iredmail.org/ Time zone: GMT+8 (China/Beijing). Available on Telegram: https://t.me/iredmail
Re: Policy server problem: connection timed out or connection reset by peer
> On Aug 19, 2016, at 11:56 AM, Bill Cole > wrote: > > So, is this policy server listening on port 1234 or port ? > I'll assume this is just inconsistent (and pointless) obfuscation... Just a pointless obfuscation. Sorry about this. > As Wietse noted more tersely, the only way to handle concurrent connections > is to not block your ability to accept and handle a new connection while you > wait for the completion of anything that might take time with an existing > connection. You have to hand off a new connection to a new thread or process > without reading from it or writing to it, and get back to accepting new > connections as quickly as possible. I'm not fluent in Python and haven't > worked with network server code in any language for decades, so I can't say > specifically what you need to do in your program, but I know for sure that > trying to serialize your transactions in a single threaded design is > unworkable. Got your point. I'm working on fix this programming issue. Thank you very much, Bill. :)
Re: Policy server problem: connection timed out or connection reset by peer
> On Aug 19, 2016, at 10:10 AM, Richard James Salts
> wrote:
>
> It sounds like similar behaviour to what postfix is logging, so at least you
> have a way to replicate it now. Try checking netstat -antp | grep : and
> see what state all the tcp sockets are in. If you're seeing a lot in SYN
> state it means that your python process has been too busy to process the
> information from the kernel. If you're seeing a lot in TIME_WAIT it might be
> that the rate of connections is too high and you're running out of
> 127.0.0.1:source port -> 127.0.0.1: combinations. This obviously won't
> solve the problem but will give you an idea of what's happening.
On production server, my policy server was running with original Python. After
discussions in this thread, i thought it was too slow to process those
requests, so i now run it with pypy to (hopefully) get better performance. But
unfortunately, still same issue.
When I saw lots of "Connection timed out" and "Connection reset by peer", the
output of repeat command "netstat -antp | grep : | awk '{print $6}' | sort
| uniq -c | sort -nr" are:
45 ESTABLISHED
38 SYN_SENT
12 SYN_RECV
1 LISTEN
1 FIN_WAIT2
1 CLOSE_WAIT
---
56 SYN_SENT
44 ESTABLISHED
10 SYN_RECV
5 TIME_WAIT
1 LISTEN
1 FIN_WAIT2
1 CLOSE_WAIT
48 SYN_SENT
44 ESTABLISHED
10 SYN_RECV
4 TIME_WAIT
1 LISTEN
1 FIN_WAIT2
1 CLOSE_WAIT
Re: Policy server problem: connection timed out or connection reset by peer
Dear Bill,
Thanks very much for helping.
> On Aug 19, 2016, at 4:17 AM, Bill Cole
> wrote:
>
>> What do you mean "run" the policy service? It's a python program.
>
> Which must be running in order for it to be listening for connections.
> Likely mechanisms would be via a SysV init script in /etc/init.d/ or via a
> systemd service definition.
On some old Linux distributions, it's run with a SysV init script, but on
CentOS 7 and Ubuntu 16.04, it's run via systemd.
> If your policy server is listening on 127.0.0.1:1234, you could try this:
>
> for x in {1..100} ; do nc 127.0.0.1 1234 & done
>
> That attempts to make 100 TCP connections to 127.0.0.1:1234 with 100
> different 'nc' processes, all running in the background.
>
> If your policy server is accepting the connections, running the "jobs"
> command after all of those background processes have launched should show
> them all in "Stopped(SIGTTIN)" state, meaning that they are connected and
> waiting for input.
I did this test with shell:
for i in $(seq 200); do
nc 127.0.0.1 1234 &
done
'jobs' commands show 200 "Stopped" jobs.
> If all 100 processes connect in a reasonable time, the next step would be to
> do the same test, but with input piped into all of the nc commands simulating
> what Postfix sends to a policy server.
I tested with shell commands below:
for i in $(seq 1000); do
(cat <
Re: Policy server problem: connection timed out or connection reset by peer
> On Aug 18, 2016, at 10:02 PM, Wietse Venema wrote: > > What are you using to "run" the policy service? Try using "telnet > 127.0.0.1 9998" or "nc 127.0.0.1 9998" to test it. Thanks Wietse. :) What do you mean "run" the policy service? It's a python program. > In particular, what happens when you make 100 simultaneous connections? Any idea how i can simulate 100 concurrent connections on Linux command line?
Re: Policy server problem: connection timed out or connection reset by peer
> On Aug 18, 2016, at 8:46 AM, Noel Jones wrote: > > There was an example on the link I sent earlier. > > # main.cf > 127.0.0.1:1234_time_limit = 3600 Seems this setting is not ok for me: The example in Postfix doc does have a transport (127.0.0.1:9998) defined in master.cf, but i don't have one. Is it still working? "postconf -n" reports: postconf: warning: /etc/postfix/main.cf: unused parameter: 127.0.0.1:1234_time_limit=3600s
Re: Policy server problem: connection timed out or connection reset by peer
> On Aug 18, 2016, at 8:46 AM, Noel Jones wrote: > > # main.cf > 127.0.0.1:1234_time_limit = 3600 "postfix check" reported "unused parameter: 127.0.0.0:1234_time_limit=3600s", i thought it was illegal parameter. I added this one and restarted Postfix, let's see whether or not it fixes my issue. Thank you very much, Noel. :)
Re: Policy server problem: connection timed out or connection reset by peer
> On Aug 18, 2016, at 12:17 AM, Noel Jones wrote: > > Have you defined a time limit as described in > http://www.postfix.org/SMTPD_POLICY_README.html#client_config > The default time limit of 1000s may be too short. My policy server is a inet server (check_policy_service inet:127.0.0.1:1234), not a transport defined in master.cf, how can i define the time limit for inet server? > Otherwise, show your config. "postconf -nf": http://pastebin.com/wdZZhFin "postconf -Mf": http://pastebin.com/umkB2wbk
Policy server problem: connection timed out or connection reset by peer
Dear all, I got a problem with my own Postfix policy server (written in Python). Postfix usually works fine with it, but sometimes it raised error like this: Aug 17 08:32:52 mail1 postfix/smtpd[24298]: warning: problem talking to server 127.0.0.1:1234: Connection reset by peer Aug 17 08:34:05 mail1 postfix/smtpd[24771]: warning: problem talking to server 127.0.0.1:1234: Connection timed out Then time Postfix raised these errors, my policy server is still working and properly processing requests (checked its log file). I don't know how to reproduce this issue, except wait (especially when server is busy, but randomly). Do you have any idea/hint about how i can debug this issue? either Postfix side or my policy server side, or both. Your help is greatly appreciated.
Re: No From: address in policy delegation protocol?
> On Jun 28, 2016, at 11:15 PM, Wietse Venema wrote: > > To examine SMTP-level events AND message content, use one of the > methods described in MILTER_README, SMTPD_PROXY_README, or FILTER_README. Dear Wietse, Thanks very much for showing me the direction. :) Zhang Huangbin, founder of iRedMail project: http://www.iredmail.org/ Time zone: GMT+8 (China/Beijing).
Re: No From: address in policy delegation protocol?
> On Jun 28, 2016, at 2:15 PM, Benning, Markus wrote: > > Policy service is just a table lookup. From what restriction do you call > the policy lookup? Postfix is configured to call the policy server at protocol state RCPT (smtpd_recipient_restrictions) and END-OF-MESSAGE (smtpd_end_of_data_restrictions). I understand what a policy service does, just want to know whether or not Postfix parses the submitted mail message to get 'From:' address and send it to policy server. This is not mentioned in Postfix doc: http://www.postfix.org/SMTPD_POLICY_README.html > The From: is a header instead of a smtp protocol field. > It may be only available within a header check. This makes sense. But with header check, you get one header each time, we cannot compare two headers. A content filter should work in this case, but it's not my purpose. Zhang Huangbin, founder of iRedMail project: http://www.iredmail.org/ Time zone: GMT+8 (China/Beijing).
Re: No From: address in policy delegation protocol?
> On Jun 28, 2016, at 1:46 PM, Zhang Huangbin wrote: > > I can reproduce this issue with a simple Python program: > > *) construct mail message with forge sender address. e.g. 'From: > ' > *) send email as normal/legal user "auth_u...@my-domain.com" with smtp auth. > *) while sending email, specify the sender address as > "auth_u...@my-domain.com". > *) When user received the email, his MUA shows the address in 'From:' as > sender. Here's the python code: http://pastebin.com/Jj7sBxCp
No From: address in policy delegation protocol?
Dear all, I have a simple Postfix policy server, and got a problem to reject sender login mismatch (sender != sasl_username) with Outlook 2016: user is able to specify a From: address, it would be any address you want, and the From: address is not passed to policy server. I can reproduce this issue with a simple Python program: *) construct mail message with forge sender address. e.g. 'From: ' *) send email as normal/legal user "auth_u...@my-domain.com" with smtp auth. *) while sending email, specify the sender address as "auth_u...@my-domain.com". *) When user received the email, his MUA shows the address in 'From:' as sender. In this case: - address 'fo...@forge.com' is not available in policy server - attributes 'sender=' and 'sasl_username' are 'auth_u...@my-domain.com' So the question is, does Postfix parse the submitted mail message to get 'From:' address? How can i overcome this? Thanks for helping. :)
Re: Feature request: able to search sql/ldap without extension (user+extens...@domain.com)
Dear Wietse, Thanks for your reply, and congratulations to your new job. :) > On Apr 4, 2015, at 12:19 AM, Wietse Venema wrote: > > Postfix will automatically query with > 1) the full email address, > 2) the address without extension, > 3) the domain. > ... > The 1/2/3 query order is currently hard-coded. It should be made > configurable. Any plan to implement this? iRedMail project: http://www.iredmail.org/
Feature request: able to search sql/ldap without extension (user+extens...@domain.com)
Dear Postfix developers, I posted a question about how to construct a sql/ldap query to query accounts without extension part in email address last month: http://marc.info/?t=14260881834&r=1&w=2 For example, query recipient 'user+extens...@domain.com' with LDAP filter: query_filter= (mail=%s) query_filter= (mail=%u@%d) It will always include '+extension' part in filter. The feature i'm requesting is to add one more expansion (e.g. %n) which doesn't include '+extension' part. For example: query_filter = (mail=%n@%d) It will query 'u...@domain.com' without '+extension' part. I know we can use some SQL builtin functions to construct this query filter, but it's impossible for LDAP. That's why i'm requesting this feature. Hope you can consider my request and implement it in future release. Thanks. :) iRedMail project: http://www.iredmail.org/
Re: About table search order: not to query 'user+extens...@domain.ltd'
On Thu, Mar 12, 2015 at 12:10 AM, Viktor Dukhovni wrote: >> In this case, SQL is flexible. but any solution for LDAP table? we cannot do >> this in ldap query filter. > > No. OK, thanks. BTW, any plan to support this (ignore '+extension' in table lookup)?
Re: About table search order: not to query 'user+extens...@domain.ltd'
On Thu, Mar 12, 2015 at 12:03 AM, Viktor Dukhovni wrote: > > You may well be able to do something with advanced SQL string > manipulation to short-circuit queries that contain "+". > > SELECT result > FROM table > WHERE key = '%u@%d' > AND key NOT LIKE '%%+%%' > > An SQL server may well optimize that query away when the key contains > a "+" and not do any disk I/O. In this case, SQL is flexible. but any solution for LDAP table? we cannot do this in ldap query filter. Again, thanks for your help. :)
Re: About table search order: not to query 'user+extens...@domain.ltd'
On Wed, Mar 11, 2015 at 11:46 PM, Viktor Dukhovni wrote: > > Not at present. You can only suppress lookups for bare keys which > can happen when the domain is $myorigin or matches $mydestination > by interpolating the lookup key into the query via '%u@%d' instead > of '%s'. That will filter out keys with no @domain part. Thanks Victor. :) I'm afraid that '%u' doesn't work, it still has '+extension' in query. for example: *) part of my testing ldap lookup file: query_filter= (mail=%u@%d) *) Testing with 'postmap': # postmap -v -q 'postmaster+...@mydomain.ltd' ldap:./my_ldap_file.cf ... postmap: dict_ldap_lookup: ./my_ldap_file.cf: Searching with filter (mail=postmaster+...@mydomain.ltd) ... As you can see, '%u' doesn't drop extension '+abc' in my test. Anything wrong in my testing?
About table search order: not to query 'user+extens...@domain.ltd'
Dear all, According to Postfix document, virtual(8), 'user+extens...@domain.ltd' is looked up first, then 'u...@domain.ltd'. Is it possible to skip/ignore the address extension and just query 'u...@domain.ltd'? (by the way, i want to ignore the extension in SQL/LDAP lookup.) Thanks for your time and help. :) TABLE SEARCH ORDER ... The search order is as follows. The search stops upon the first suc- cessful lookup. o When the recipient has an optional address extension the user+extens...@domain.tld address is looked up first. o The u...@domain.tld address, without address extension, is looked up next.
Typo error in web site: /postconf.5.html
Dear developers, There's a typo error in www.postfix.org/postconf.5.html: # Handle both Postfix and qmail extensions (Postfix 2.11 and later). recipient_delimiters = +- Looks like it should be 'recipient_delimiter', not 'recipient_delimiters' (ends with 's'). recipient_delimiters doesn't work at all.
Re: Why Postfix always complain "unexpected EOF" with my own tcp_table program?
On Sunday, July 28, 2013 at 8:24 PM, Wietse Venema wrote: > > 1) Use a network sniffer to see what Python actually sends. You may > assume that your program sends \n, but Postfix does not receive \n. Thanks Wietse, and John. I think this is the root cause, will try a network sniffer later. > 2) Unrelated to this bug: closing the connection after one request > is inefficient. My program closes the connection immediately.
Why Postfix always complain "unexpected EOF" with my own tcp_table program?
Dear all,
I wrote a simple daemon service in Python, it's used in Postfix transport_maps
like this:
transport_maps = tcp:127.0.0.1:1234
It always returns '200 my_transport\n' as described in Postfix manual page
tcp_table(5), but Postfix always complains "unexpected EOF" like below:
Jul 27 22:51:53 d7 postfix/trivial-rewrite[4260]: warning: read TCP map reply
from 127.0.0.1:1234: unexpected EOF (Success)
This Python daemon server uses 'asynchat' module, and return '200
my_transport\n' with 'async_chat.push()' method like this:
self.push('200 my_transport\n')
Any idea why Postfix always complain "unexpected EOF"?
Thanks for your time.
Re: Show username for "SASL LOGIN authentication failed:"?
On Sunday, June 9, 2013 at 10:09 PM, Charles Marcus wrote:
>
> Dovecot uses login_log_format_elements to determine what it logs for
> login attempts... you'll find the variables it supports here:
>
> http://wiki2.dovecot.org/Variables?highlight=%28login_log_format_elements%29
>
> Mine (which logs the username) looks like:
>
> login_log_format_elements = user=<%u> method=%m rip=%r lport=%{lport}
> mpid=%e %c session=<%{session}>
>
This works for IMAP/POP3/Managesieve services provided by Dovecot, and
logged in Dovecot log file, but it won't appear in Postfix/Dovecot log files for
SMTP service.
Zhang Huangbin
iRedMail: free, open source mail server solution for Red Hat
Enterprise Linux, CentOS, Scientific Linux, Debian, Ubuntu,
openSUSE, FreeBSD, OpenBSD. http://www.iredmail.org/
Re: Latest package for RHEL6
On Monday, October 22, 2012 at 10:56 PM, Morten Stevens wrote: > I have backported Postfix 2.9.x for my company and I am also package > maintainer for Fedora. > > Here are my latest builds for el6: > http://mstevens.fedorapeople.org/el6/postfix/ Do you enable PostgreSQL support in this package?
Re: Problem with eMail on Cloud Servers
On Thursday, August 16, 2012 at 8:53 AM, n...@kastle.org wrote: > How can I configure the new servers to use the one file format? > (I know it's less efficient - so I've been told several times) We use Postfix + Dovecot for mail server. To use Maildir format in Postfix, set home_mailbox=Maildir/ in Postfix main.cf. In Dovecot, set "mail_location = maildir:/%Lh/:INDEX=/%Lh/". If you need a quick mail server solution, take a look at www.iredmail.org instead of setup all components manually. Zhang Huangbin iRedMail: Open Source Mail Server Solution for Red Hat Enterprise Linux, CentOS, Scientific Linux, Debian, Ubuntu, Gentoo, openSUSE, FreeBSD, OpenBSD: http://www.iredmail.org/
Re: Minimal permissions on /etc/postfix
On Wednesday, July 25, 2012 at 12:09 AM, Michael Orlitzky wrote: > We store our virtual_foo_maps in, > > /etc/posfix/maps/virtual_foo_maps.pgsql > > and so the (read-only) database credentials are visible in that file. > I'd like to tighten this up if possible, but I don't want to do anything > stupid. > > If I'm not going about this all wrong, what can I do to prevent e.g. SSH > users from reading the DB credentials? Ideally, I'd also like to prevent > them from reading the rest of the maps, which contain lists of > addresses, clients, etc. Works for me with owner 'root', group 'postfix', permission 0640. Zhang Huangbin iRedMail: Open Source Mail Server Solution for Red Hat Enterprise Linux, CentOS, Scientific Linux, Debian, Ubuntu, Gentoo, openSUSE, FreeBSD, OpenBSD: http://www.iredmail.org/
Re: Postfix, POP/IMAP server, virtual users, web administration - what do you use?
On Sep 27, 2010, at 6:58 PM, Tomasz Chmielewski wrote: > What do you use with Postfix, if you have virtual users (i.e. in a SQL > database)? > > I know web-cyradm, which works pretty well with Cyrus (IMAP/POP) and Postfix > - all users, domains, aliases etc. are stored in a SQL database. However, > web-cyradm seems to be more or less abandoned now, with the last update from > 2005. > > > What other options do you use with Postfix, when it comes to "web-based" > virtual users/domain/aliases management? With IMAP/POP servers like Cyrus, > Courier, Dovecot? Another one: iRedMail + iRedAdmin. It's under active development. iRedMail: http://www.iredmail.org/ iRedAdmin: http://www.iredmail.org/admin_panel.html
Re: Integration with Active Directory
On Mar 12, 2010, at 2:59 PM, Goutam Baul wrote: > Hello Everybody, > > I am facing a scenario where the client needs a mailing solution while the > user information will be kept in a Microsoft Active Directory server. I was > trying to search for any material that talks about whether it is possible to > make postfix and courier-imap talk to Microsoft ADS. I have done > implementation with Open LDAP but not with ADS. Another work around might be > to have LDAP for the mailing solution and create an application for user > management that ensures that the LDAP and the MDS are always in sync. This > would not be an elegant one and it would be great if the mailing solution > (postfix,courier-imap,courier-authlib all in Linux] could talk to the ADS. > May I request for some pointer please? You can try Postfix + Dovecot + Windows Active Directory 2003 + Roundcube webmail. I deployed one for customer based on iRedMail, works like a charm. Postfix and Dovecot can auth user against AD directly, include normal user, mail list, and Roundcube can use AD as global LDAP address book too. :) -- Best Regards. Zhang Huangbin - Open Source Mail Server Solution for Red Hat(R) Enterprise Linux, CentOS, Debian, Ubuntu, FreeBSD: http://www.iredmail.org/
Re: how to build a (enterprise) postfix system
On Jan 29, 2010, at 6:13 AM, David Touzeau wrote: > Take a look here : > > http://www.artica.fr > > 2010/1/28 ml ml >: > > Hello List, > > > > we are planing to set up a new E-Mail (Cluster) system with postfix. > > Our goal is that this is all ldap based and that our customers can > > manage their own: > > - E-Mail Addresses > > - Passwords > > - Black/White lists > > - Spamasassin reports > > - Autoreply/vacatation > > - Filter rules > > - etc.. Also take a look here: http://code.google.com/p/iredmail/ - OpenLDAP - Postfix - Dovecot + sieve (filter rule, vacation message) - Amavisd + SpamAssassin + ClamAV - Policyd (v1.x) - Roundcube webmail (AJAX)
Re: smtpd_sender_login_maps is missing in proxy_read_maps
On Oct 14, 2009, at 4:42 AM, Wietse Venema wrote: A little background may be in order. Thanks Victor and Wietse for your detail description. In my case, smtpd_sender_login_maps only lookup username field in LDAP/ MYSQL, so i think it's safe to add it in proxy_read_maps manually. right? -- Best Regards. Zhang Huangbin - Open Source Mail Server Solution for Red Hat(R) Enterprise Linux, CentOS, Debian, Ubuntu: http://www.iredmail.org/
smtpd_sender_login_maps is missing in proxy_read_maps
Hi, all. smtpd_sender_login_maps is missing in proxy_read_maps, is it a good idea to add it by default? so that we can use proxymap(8) in smtpd_sender_login_maps (with default proxy_read_maps). -- Best Regards. Zhang Huangbin - Open Source Mail Server Solution for Red Hat(R) Enterprise Linux, CentOS, Debian, Ubuntu: http://www.iredmail.org/
Re: postfix 2.3.x vs postfix 2.6 stable
On Oct 10, 2009, at 2:55 AM, Eero Volotinen wrote: I am currently using postfix 2.3.x on RHEL for mail proxy and mailserver. Is there any good reason to update to 2.6 ? and if is, is there any good and stable rpm repositories for RHEL 5 on web ? As i know, postfix-2.3.x which shipped in RHEL/CentOS doesn't support 'receive_override_options=no_address_mappings'. You have to update to 2.3.14 or newer version. -- Best Regards. Zhang Huangbin - Open Source Mail Server Solution for Red Hat(R) Enterprise Linux, CentOS, Debian, Ubuntu: http://www.iredmail.org/
Re: Any way to avoid message duplication after mailing list expansion?
On Sep 27, 2009, at 1:33 AM, Gianni Sandigliano wrote: The desired feature would be: 1) avoid delivering to an address in bcc: list when the same address is already listed in cc: or to: 2) avoid delivering to an address in cc: list when the same address is already listed in to: You need something like 'receive_override_options = no_address_mappings' in postfix: Search 'no_address_mappings' here: http://www.postfix.org/postconf.5.html -- Best Regards. Zhang Huangbin - Open Source Mail Server Solution for Red Hat(R) Enterprise Linux, CentOS, Debian, Ubuntu: http://www.iredmail.org/
Re: SMTP Authentication for users from LDAP?
On Sep 29, 2009, at 3:55 AM, Mala Dibbs wrote: > ldap_virtual_users.cf query_filter = (&(objectclass=posixAccount)(|(mail=%s))) > ldap_senders.cf query_filter = (&(objectclass=posixAccount)(|(mail=%s))) I think ldap filter here should be '(&(objectclass=posixAccount)(mail= %s))'. The ldap users Mailboxes are stored in /home/vmail/%uid/Maildir. Is it a problem if this directory/Maildir does not exist and this user wants to send an Email. Dovecot LDA (deliver) can create maildir for new users automatic. Where can I configure postfix to use /home/vmail as homebase for user-dirs instead of /home? You can set 'virtual_mailbox_base' in postfix main.cf. PS: if you are not familiar with postfix+dovecot, you can try iRedMail open source mail server solution: http://code.google.com/p/iredmail/ Setup a full-featured mail server in less than 2 minutes. -- Best Regards. Zhang Huangbin - Open Source Mail Server Solution for Red Hat(R) Enterprise Linux, CentOS, Debian, Ubuntu: http://www.iredmail.org/
Re: python framework for a policy daemon?
On Sep 9, 2009, at 5:50 PM, Ralf Hildebrandt wrote: Is there a ready to use python framework for a policy daemon? I have a nice idea for a policy daemon :) Reference: http://www.apolicy.org/cgi-bin/moin.cgi -- Best Regards. Zhang Huangbin - Open Source Mail Server Solution for Red Hat(R) Enterprise Linux, CentOS, Debian, Ubuntu: http://www.iredmail.org/
Re: Testing/verifying a DKIM setup
On Jul 3, 2009, at 12:08 PM, KLaM Postmaster wrote: Does anybody know how I can test whether my DKIM setup, keys etc, is correct. Is there a public/open testbed. TIA JLA Send a mail to your gmail account, and find out the DKIM verifing result in the mail header. -- Best Regards. Zhang Huangbin - Open Source Mail Server Solution for Red Hat(R) Enterprise Linux, CentOS, Debian, Ubuntu: + http://code.google.com/p/iredmail/ + http://www.iredmail.org/forum/
Re: DKIM
On Jun 29, 2009, at 5:41 PM, K bharathan wrote: hi all currently i've gota smtp out postfix server and one main and several subdomains are using it to send mails out want to put a DKIM sign on all the outbound mails; understand there are MAIL-DKIM and DKIMproxy, DKIM-milters etc.. which one i can choose for this purpose do i've to add anything to dns zone infos of all these subdomains guidance appreciated Another program you can use: amavisd-new-2.6.x. Amavisd-new can sign all outgoing mails and verify incoming mails. -- Best Regards. Zhang Huangbin - Mail Server Solution for Red Hat(R) Enterprise Linux & CentOS 5.x, Debian 5.0.x, Ubuntu 8.04 & 9.04: + http://code.google.com/p/iredmail/ + http://www.iredmail.org/forum/
Re: Disabling a domain
Eduardo Júnior wrote: Hi, I have a Postfix Server 2.4.0 with virtual domains and interface postfixadmin. I want disabling a domain through postfixadmin. There's the option ACTIVE. You must query 'active' column in virtual domain lookup map. like this: query = SELECT domain FROM domain WHERE domain='%s' AND backupmx='0' AND active='1' -- Best regards. Zhang Huangbin - Open Source Mail Server Solution for RHEL, CentOS, Debian, Ubuntu: http://code.google.com/p/iredmail/ http://www.iredmail.org/forum/
Re: Performance issue about maildir path.
Wietse Venema wrote: Zhang Huangbin: Hi, all. Normally, i use 'domain.ltd/username/Maildir' as users' maildir path, if i change them to hash style, e.g. 'A0/B0/domain.ltd/C0/D0/username/Maildir', will it speed up the index operation for MDA? If we have 1 users, which maildir path style will improve performance? The performance will depend on the underlying file system. Different file systems handle large directories in different ways. To find out, you would need to do measurements. Postfix has smtp-source (and smtp-sink) tools for stress testing. Wietse Thanks Wietse & Sahil. :) -- Best regards. Zhang Huangbin - Open Source Mail Server Solution for RHEL/CentOS 5.x: http://code.google.com/p/iredmail/
Performance issue about maildir path.
Hi, all. Normally, i use 'domain.ltd/username/Maildir' as users' maildir path, if i change them to hash style, e.g. 'A0/B0/domain.ltd/C0/D0/username/Maildir', will it speed up the index operation for MDA? If we have 1 users, which maildir path style will improve performance? Thanks very much. :) -- Best regards. Zhang Huangbin - Open Source Mail Server Solution for RHEL/CentOS 5.x: http://code.google.com/p/iredmail/
Re: autoresponder for virtual users
Martin Strand wrote: Hi all. I'm looking to implement an auto-response mechanism which: - only sends responses to senders who pass SPF checks - responds from certain virtual aliases as well as certain virtual users - doesn't respond to mailing lists - finds the response message/subject through mysql - supports per-recipient charset (iso-8859-15 or utf-8) - doesn't respond several times to the same sender within a certain time period Searching the list archive and Google turned up yaa as the best alternative, but it seems to have disappeared :( http://frost.ath.cx/software/yaa/ Are there any other good options? I suppose I could write something myself, but this feels like a fairly common thing to do so I was hoping someone else had already done it. Try managesieve service and pysieved: ManageSieve: - http://wiki.dovecot.org/ManageSieve PySieved: - http://www.woozle.org/~neale/src/pysieved/ Avelsieve: Sieve Mail Filters Plugin for Squirrelmail: - http://email.uoa.gr/avelsieve/ Plugin for Roundcube WebMail: - http://alec.pl/roundcube/managesieve/ Horde WebMail support managesieve too (via Ingo). Thunderbird has plugin for managesieve too. -- Best regards. - Open Source Mail Server Solution for RHEL/CentOS 5.x: http://code.google.com/p/iredmail/
Re: [ANN] iRedMail-0.3: Open Source Mail Server Solution
Rod Dorman wrote: On Wednesday, September 24, 2008, 23:36:44, Zhang Huangbin wrote: > Joe Sloan wrote: >> ... >> It's kind of strange that you call it "mutl-platform" when it's redhat only. > ... > iRedMail was ported from OpenBSD, but it is incompatibility now. That's an odd porting philosophy. The conventional practice is to feed your diffs back to the original developers so ideally it will become multi-platform. Hi, Rod. Thanks for your reply. I'm the original developer, I spent most time to make this solution full-featured on *ONE* distro (RHEL/CentOS). When it seems to be stable, i will try to make it work on other distros, such as Debian, SuSE, OpenBSD. -- Best regards. - Open Source Mail Server Solution for RHEL/CentOS 5.x: http://code.google.com/p/iredmail/
Re: Duplicating messages
Jie Wang wrote: Hello, everyone, I need to duplicate all the email messages for one destination server and send the copies to another destination. More specifically, I need to send all the original emails to destination1.com and send all the copies to destination2.com. Both destination1.com and destination2.com have the identical user names. How do I achieve this with Postfix acting like a gateway/proxy? Thanks. Jie Wang You can use a virtual_alias_maps or bcc_maps. -- - Open Source Mail Server Solution for RHEL/CentOS 5.x: http://code.google.com/p/iredmail/
Re: [ANN] iRedMail-0.3: Open Source Mail Server Solution
Joe Sloan wrote: Zhang Huangbin wrote: Hi, all. I'd like to introduce this open source email server solution here, hope it can help people who need mail server solution. * Multi-platform Support * OS: RHEL/CentOS It's kind of strange that you call it "mutl-platform" when it's redhat only. What about debian? what about ubuntu? what about suse? This doesn't even cover the main linux distros. What about freebsd, darwin or solaris? Joe Hi, Joe. Sorry for this confused definition. I will change this in project page. Thanks very much. iRedMail was ported from OpenBSD, but it is incompatibility now. I will port it to other distros if i have enough time. -- - Open Source Mail Server Solution for RHEL/CentOS 5.x: http://code.google.com/p/iredmail/
[ANN] iRedMail-0.3: Open Source Mail Server Solution
Hi, all. I'd like to introduce this open source email server solution here, hope it can help people who need mail server solution. Project: http://code.google.com/p/iredmail/ Installation Guide: http://code.google.com/p/iredmail/wiki/Installation iRedMail is: * Mail server solution for Red Hat(R) Enterprise Linux and CentOS 5.x, support both i386 and x86_64. * A shell script set, used to install and configure all mail server related software automatically. * Open source project (GPL v2). Main Components: * Apache (2.2.3, shipped within RHEL/CentOS) * PHP (5.1.6, shipped within RHEL/CentOS) * MySQL (5.0.45, shipped within RHEL/CentOS) * OpenLDAP (2.3.27, shipped within RHEL/CentOS) * Postfix (2.3.15) * Dovecot (1.1.3) * Amavisd (2.6.1) * SpamAssassin (3.2.5, shipped within RHEL/CentOS) * ClamAV (0.94) * Policyd (1.82, +patches) * Pysieved (1.0) Features ( http://code.google.com/p/iredmail/wiki/Features ): * Fast Deployment * Deploy full-featured mail solution in less than 2 minutes. * Multi-platform Support * OS: RHEL/CentOS * Version: 5.x (5.0, 5.1, 5.2) * Arch: i386, x86_64 * Popular and standard protocols, mail user agent support * HTTP (access mailbox via web browser), HTTPS * SMTP, SMTPS, Submission * POP3, POP3S * IMAP, IMAPS * Anti-Spam & Anti-Virus * SPF (Sender Policy Framework) support. * DKIM support. * Greylist, Blacklist, Whitelist. * Blacklist HELO. * HELO Randomization Prevention (HRP). * Spamtrap. * Sender & Recipient Throttling * Recipient and Deliver Restrictions * Enable/Disable deliver. * Enable/Disable recipient; * Enable/Disable POP3; * Enable/Disable IMAP; * Web Mail: * Roundcube Web Mail (0.1.1) * SquirrelMail (1.4.15) * Horde WebMail (1.0.2) * Mail Server Management: * No limits on the number of domains or users. * Simple mail backup and monitor (per-user and per-domain). * Web based interface to manage * mailboxes, virtual domains and aliases. * MySQL database, LDAP. * Per-domain and per-user sent and recivied mail backup. * Provide mail statistics for mail server that produces daily, weekly, monthly and yearly graphs of received, sent, bounced and rejected mail. Help needed: * PostfixAdmin improvement: - Add per-user and per-domain bcc feature, etc. - Ability to edit whitelist, blacklist in policyd's database. * Roundcube plugin: - Per-user blacklist (Implemented with policyd with 'rcpt_acl' patch). -- - Open Source Mail Server Solution for RHEL/CentOS 5.x: http://code.google.com/p/iredmail/ - eBooks, Free eBooks, RapidShare Download, Free eBooks Download, Fast and Reliable: http://www.ufindbook.com/
Re: restriction class and mysql lookup
Thanks mouss. :) Use hash file as replacement now.
Re: restriction class and mysql lookup
Magnus � wrote: On Tuesday, August 19, 2008 at 04:48 CEST, Zhang Huangbin <[EMAIL PROTECTED]> wrote: [...] In my record: cut<< mysql> select username,restriction_class,restricteddomain from restrictions; +--+---+--+ | username | restriction_class | restricteddomain | +--+---+--+ | [EMAIL PROTECTED] | internal_deliver_only | b.cn | +--+---+--+ cut<< Replace mysql lookup by hash file, it works: cut<< b.cn OK cut<< So, what SQL query should i use in mysql lookup file? Use any query that returns "OK" is the lookup key is "b.cn". query = SELECT "OK" FROM restrictions WHERE restricteddomain = '%s' Thanks Magnus. :) It works. But which filed should i use to match 'username' ([EMAIL PROTECTED]) in query string? query = SELECT "OK" FROM restrictions WHERE restricteddomain='%s' AND username='???' Thanks very much.
Re: restriction class and mysql lookup
mouss wrote: so your check_recipient_access returns 'b.cn', which is not a valid action. what are you trying to do? you cannot implement checks based on multiple fields at a time, so your table design is suspicious (username and restricteddomain are independent). Thanks mouss. :) i want to restrict this user, and 'internal_deliver_only' means user '[EMAIL PROTECTED]' can *ONLY* send mail to restricteddomain (b.cn). In my record: cut<< mysql> select username,restriction_class,restricteddomain from restrictions; +--+---+--+ | username | restriction_class | restricteddomain | +--+---+--+ | [EMAIL PROTECTED] | internal_deliver_only | b.cn | +--+---+--+ cut<< Replace mysql lookup by hash file, it works: cut<< b.cn OK cut<< So, what SQL query should i use in mysql lookup file? Thanks very much. :) -- Best Regards. Zhang Huangbin - iRedMail: Mail Server Solution for Red Hat(R) Enterprise Linux & CentOS 5.x: http://iRedMail.googlecode.com/
restriction class and mysql lookup
Hi, all. I'm confused about restriction class and the mysql lookup file format. What i should use in 'query'? Thanks very much. :) MySQL table structure: cut<< +---+--+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | +---+--+--+-+-+---+ | username | varchar(255) | NO | | | | | restriction_class | varchar(255) | NO | | | | | restricteddomain | varchar(255) | NO | | | | | created | datetime | NO | | -00-00 00:00:00 | | | expired | datetime | NO | | -12-31 00:00:00 | | | modified | datetime | NO | | -00-00 00:00:00 | | +---+--+--+-+-+---+ cut<< I have this record in table 'restrictions': cut<< mysql> select username,restriction_class,restricteddomain from restrictions; +--+---+--+ | username | restriction_class | restricteddomain | +--+---+--+ | [EMAIL PROTECTED] | internal_deliver_only | b.cn | +--+---+--+ cut<< In Postfix main.cf: cut<< smtpd_restriction_classes = internal_deliver_only, internal_recipient_only internal_deliver_only = check_recipient_access mysql:/etc/postfix/internal_deliver_only.mysql, reject internal_recipient_only = check_sender_access mysql:/etc/postfix/internal_recipient_only.mysql, reject cut<< File: /etc/postfix/internal_deliver_only.mysql: cut<< user= vmail password= [EMAIL PROTECTED]&16544*4832)12715 hosts = 127.0.0.1 port= 3306 dbname = vmail query = SELECT restricteddomain FROM restrictions WHERE username='%s' AND restriction_class='internal_deliver_only' cut<< Output of 'postconf -n': << alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases allow_min_user = no broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 delay_warning_time = 4h enable_original_recipient = no header_checks = pcre:/etc/postfix/header_checks home_mailbox = Maildir/ html_directory = no inet_interfaces = all local_recipient_maps = $alias_maps $virtual_alias_maps $virtual_mailbox_maps mail_name = iRedMail mail_owner = postfix mail_version = 0.2-rc4 mailbox_command = /usr/libexec/dovecot/deliver mailbox_size_limit = 15728640 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_backoff_time = 4000s message_size_limit = 15728640 mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname, mysql:/etc/postfix/virtual_domains.mysql mydomain = r6.iredmail.org myhostname = r6.iredmail.org mynetworks = 127.0.0.0/8 myorigin = r6.iredmail.org newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.14/README_FILES receive_override_options = no_address_mappings recipient_bcc_maps = mysql:/etc/postfix/recipient_bcc_maps_domain.mysql, mysql:/etc/postfix/recipient_bcc_maps_user.mysql relay_domains = $mydestination sample_directory = /usr/share/doc/postfix-2.3.14/samples sender_bcc_maps = mysql:/etc/postfix/sender_bcc_maps_domain.mysql, mysql:/etc/postfix/sender_bcc_maps_user.mysql sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_data_restrictions = reject_unauth_pipelining smtpd_enforce_tls = no smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre smtpd_recipient_restrictions = check_sender_access mysql:/etc/postfix/sender_access.mysql, check_recipient_access mysql:/etc/postfix/sender_access.mysql, permit_mynetworks, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031 smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = yes smtpd_restriction_classes = internal_deliver_only, internal_recipient_only smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_local_domain = smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_login_maps = mysql:/etc/postfix/sender_login_maps.mysql smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, reject_sender_login_mismatch, reject_unauthentica
