Re: Splitting email.
On 03.10.14, 16:21, Wietse Venema wrote: giacomo: I would like to split this email on the relative folder of the target user of domain. The internal mail server use postfix. The server work fine with virtual user sending e receiving mail internally. It's possible this operation? Is there any program or procedure to use with postfix to do this? You should be able to do this with a fetchmail-like program that looks at the Postfix X-Original-To address header. DO NOT USE the To: address header for this purpose. Doing so will result in delivery loops with mailing list articles. For example, this reply message does not have your address in the To: header; and you would be sending it back to postfix-users@postfix.org. That would cause you to lose your mailing list membership. I've one problem, the messages are without X-Original-To header. ... Received: from isp.mailserver.com ([xxx.x.x.x]) by localhost (isp.mailserver.com [xxx.x.x.x]) (amavisd-new, port 10024) with ESMTP id 7FO08wsiMVCK for catch...@realdomain.com; Fri, 3 Oct 2014 18:05:00 +0200 (CEST) As you see above, the ISP expands virtual aliases before their content filter. I suspect that this is why they lose the original recipient. Received: from mail.somedomain.com (mail.somedomain.com [yyy.yyy.yyy.yy]) by isp.mailserver.com (Postfix) with ESMTP id F09FD4AC55F for us...@realdomain.com; Fri, 3 Oct 2014 18:04:57 +0200 (CEST) I don't understand how the conversion from catch...@realdomain.com to us...@realdomain.com is done. The catch...@realdomain.com receive all mail for @realdomain.com. For now I use an internal mail server (HMailServer) that reads and split each messages into the respective mailboxes. I would do the same thing with postfix. Regardless, the Postfix Received: header does not show the recipient with multi-recipient mail. So it is not a good indicator of who the email was addressed to. From: News n...@somedomain.com To: us...@realdomain.com As mentioned, the To: header must not be used - it does not work for BCC recipients. For example, this email reply does not have you in the To: header. If you were to deliver this email based on the To: header then you would be sending it right back to the postfix-users mailing list. Wietse -- Isaia Luciano -- Le informazioni contenute nella presente e-mail e nei documenti/files eventualmente allegati sono confidenziali. Essi sono riservati esclusivamente al destinatario della stessa. La loro eventuale comunicazione, diffusione o, comunque, rivelazione a terzi, nonche' la copiatura e/o conservazione e' vietata. Se avete ricevuto questa e-mail per errore, Vi preghiamo cortesemente di informare immediatamente il mittente della stessa e di distruggerla o, comunque, cancellarla dal Vostro sistema. This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error), please notify the sender immediately and destroy this e-mail. Any unauthorised communication, diffusion, disclosure and copy of the material in this e-mail is strictly forbidden. --
Re: Splitting email.
On 04.10.14, 07:15, Wietse Venema wrote: giacomo: I've one problem, the messages are without X-Original-To header. ... Received: from isp.mailserver.com ([xxx.x.x.x]) by localhost (isp.mailserver.com [xxx.x.x.x]) (amavisd-new, port 10024) with ESMTP id 7FO08wsiMVCK for catch...@realdomain.com; Fri, 3 Oct 2014 18:05:00 +0200 (CEST) As you see above, the ISP expands virtual aliases before their content filter. I suspect that this is why they lose the original recipient. Received: from mail.somedomain.com (mail.somedomain.com [yyy.yyy.yyy.yy]) by isp.mailserver.com (Postfix) with ESMTP id F09FD4AC55F for us...@realdomain.com; Fri, 3 Oct 2014 18:04:57 +0200 (CEST) I don't understand how the conversion from catch...@realdomain.com to us...@realdomain.com is done. The catch...@realdomain.com receive all mail for @realdomain.com. For now I use an internal mail server (HMailServer) that reads and split each messages into the respective mailboxes. For the last time, I repeat my question. What information is used to convert catch...@realdomain.com into us...@realdomain.com? Excuse me, Wietse. The Zimbra server collects the domain's messages. How do the internal server (HMailServer) to divide messages received from external mail server (Zimbra) with this header I don't have idea. I check the log of HMailServer and post the result. Thanks As mentioned, the To: header must not be used - it does not work for BCC recipients. For example, this email reply does not have you in the To: header. If you were to deliver this email based on the To: header then you would be sending it right back to the postfix-users mailing list. Wietse -- Isaia Luciano Debian Linux user -- /home/giacomo/Documenti/192934.png -- Le informazioni contenute nella presente e-mail e nei documenti/files eventualmente allegati sono confidenziali. Essi sono riservati esclusivamente al destinatario della stessa. La loro eventuale comunicazione, diffusione o, comunque, rivelazione a terzi, nonche' la copiatura e/o conservazione e' vietata. Se avete ricevuto questa e-mail per errore, Vi preghiamo cortesemente di informare immediatamente il mittente della stessa e di distruggerla o, comunque, cancellarla dal Vostro sistema. This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error), please notify the sender immediately and destroy this e-mail. Any unauthorised communication, diffusion, disclosure and copy of the material in this e-mail is strictly forbidden. --
Re: Splitting email.
On 04.10.14, 16:58, Viktor Dukhovni wrote: On Sat, Oct 04, 2014 at 11:25:46AM +0200, giacomo wrote: The catch...@realdomain.com receive all mail for @realdomain.com. For now I use an internal mail server (HMailServer) that reads and split each messages into the respective mailboxes. I would do the same thing with postfix. Your upstream server does not support multi-drop mailboxes. It loses critical recipient information, by not recording the original *envelope* recipient routed to the catchall mailbox. What you want is NOT POSSIBLE without changes in upstream mail handling. -- Viktor. Hello Viktor, I was hoping for another solution. I send a message at the provider to can make the change on the Zimbra server. Thanks. -- Luciano -- Le informazioni contenute nella presente e-mail e nei documenti/files eventualmente allegati sono confidenziali. Essi sono riservati esclusivamente al destinatario della stessa. La loro eventuale comunicazione, diffusione o, comunque, rivelazione a terzi, nonche' la copiatura e/o conservazione e' vietata. Se avete ricevuto questa e-mail per errore, Vi preghiamo cortesemente di informare immediatamente il mittente della stessa e di distruggerla o, comunque, cancellarla dal Vostro sistema. This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error), please notify the sender immediately and destroy this e-mail. Any unauthorised communication, diffusion, disclosure and copy of the material in this e-mail is strictly forbidden. --
Re: Splitting email.
On 04.10.14, 09:30, Wietse Venema wrote: giacomo: Received: from mail.somedomain.com (mail.somedomain.com [yyy.yyy.yyy.yy]) by isp.mailserver.com (Postfix) with ESMTP id F09FD4AC55F for us...@realdomain.com; Fri, 3 Oct 2014 18:04:57 +0200 (CEST) I don't understand how the conversion from catch...@realdomain.com to us...@realdomain.com is done. The catch...@realdomain.com receive all mail for @realdomain.com. For now I use an internal mail server (HMailServer) that reads and split each messages into the respective mailboxes. For the last time, I repeat my question. What information is used to convert catch...@realdomain.com into us...@realdomain.com? Excuse me, Wietse. The Zimbra server collects the domain's messages. How do the internal server (HMailServer) to divide messages received from external mail server (Zimbra) with this header I don't have idea. I check the log of HMailServer and post the result. I suspect it looks at the To: header. You may be able to achive similar results with fetchmail and similar tools but it is broken by design: it mis-handles BCC recipients and it would send this reply back to the postfix-users mailing list. Wietse Hello Wietse, Yes, the HMailserver seems that using this solution. At least so it seems from the logs. Thanks. -- Luciano -- Le informazioni contenute nella presente e-mail e nei documenti/files eventualmente allegati sono confidenziali. Essi sono riservati esclusivamente al destinatario della stessa. La loro eventuale comunicazione, diffusione o, comunque, rivelazione a terzi, nonche' la copiatura e/o conservazione e' vietata. Se avete ricevuto questa e-mail per errore, Vi preghiamo cortesemente di informare immediatamente il mittente della stessa e di distruggerla o, comunque, cancellarla dal Vostro sistema. This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error), please notify the sender immediately and destroy this e-mail. Any unauthorised communication, diffusion, disclosure and copy of the material in this e-mail is strictly forbidden. --
Re: Splitting email.
On 01.10.14, 15:29, Wietse Venema wrote: giacomo: On 30.09.14, 16:26, Wietse Venema wrote: giacomo: Hello at all, I would like to split email from an external mail server (from my ISP) to an internal mail server. The ISP receive all mail of the domain in one mail address (the server use zimbra with postfix). Does this mean that us...@example.com, us...@example.com, etc., are delivered to the same ISP mailbox, and you want to deliver it to separate mailboxes on your server? (Replace example.com with your real domain name). Not exactly. The ISP mailbox catch all users of real domain name in a unique mail box (example chatch...@realdomain.com). I want to deliver it on a internal server to separate mailboxes. Is possible this action? I see no difference with my description above. Multiple recipients are delivered to the same ISP mailbox, and you want to deliver that email elsewhere to separate mailboxes. I suggest that you look at my solution below. Wietse I would like to split this email on the relative folder of the target user of domain. The internal mail server use postfix. The server work fine with virtual user sending e receiving mail internally. It's possible this operation? Is there any program or procedure to use with postfix to do this? You should be able to do this with a fetchmail-like program that looks at the Postfix X-Original-To address header. DO NOT USE the To: address header for this purpose. Doing so will result in delivery loops with mailing list articles. For example, this reply message does not have your address in the To: header; and you would be sending it back to postfix-users@postfix.org. That would cause you to lose your mailing list membership. I've one problem, the messages are without X-Original-To header. The header of the ISP mail server is this (is not inserted any IP address or email address): Return-Path: fromsome...@somedomain.com Received: from xxx.xxx.xxx.xx (LHLO isp.mailserver.com) (xxx.xxx.xxx.xx) by isp.mailserver.com with LMTP; Fri, 3 Oct 2014 18:05:04 +0200 (CEST) Received: from localhost (localhost [xxx.x.x.x]) by isp.mailserver.com (Postfix) with ESMTP id BD1BC4AC5C8 for catch...@realdomain.com; Fri, 3 Oct 2014 18:05:04 +0200 (CEST) X-Virus-Scanned: amavisd-new at isp.mailserver.com X-Spam-Flag: NO X-Spam-Score: -2.566 X-Spam-Level: X-Spam-Status: No, score=-2.566 tagged_above=-10 required=10 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from isp.mailserver.com ([xxx.x.x.x]) by localhost (isp.mailserver.com [xxx.x.x.x]) (amavisd-new, port 10024) with ESMTP id 7FO08wsiMVCK for catch...@realdomain.com; Fri, 3 Oct 2014 18:05:00 +0200 (CEST) Received: from mail.somedomain.com (mail.somedomain.com [yyy.yyy.yyy.yy]) by isp.mailserver.com (Postfix) with ESMTP id F09FD4AC55F for us...@realdomain.com; Fri, 3 Oct 2014 18:04:57 +0200 (CEST) Received: from paperino01.pippo.pluto.somedomain.com (paperino01.pippo.pluto.somedomain.com [10.81.93.92]) by mail.somedomain.com (Postfix) with ESMTP id D6DDCA11D7 for us...@realdomain.com; Fri, 3 Oct 2014 18:04:57 +0200 (CEST) MIME-Version: 1.0 Date: Fri, 03 Oct 2014 18:04:57 +0200 X-Priority: 3 (Normal) Subject: Your holiday is here. Reply-To: News n...@somedomain.com From: News n...@somedomain.com To: us...@realdomain.com X-TokenInfo-CID: 1009 X-TokenInfo-UID: 117909776 Message-ID: 20141003180457.-631422...@somedomain.com Where isp.mailserver.com is the name of mail server of the ISP, us...@realdomain.com is the recipient, catch...@realdomain.com is the mail collector of ISP. How to spit with this headers? Thanks. -- Luciano -- Le informazioni contenute nella presente e-mail e nei documenti/files eventualmente allegati sono confidenziali. Essi sono riservati esclusivamente al destinatario della stessa. La loro eventuale comunicazione, diffusione o, comunque, rivelazione a terzi, nonche' la copiatura e/o conservazione e' vietata. Se avete ricevuto questa e-mail per errore, Vi preghiamo cortesemente di informare immediatamente il mittente della stessa e di distruggerla o, comunque, cancellarla dal Vostro sistema. This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error), please notify the sender immediately and destroy this e-mail. Any unauthorised communication, diffusion, disclosure and copy of the material in this e-mail is strictly forbidden. -- Wietse Thanks -- Luciano -- Le informazioni contenute nella presente e-mail e nei
Re: Splitting email.
On 30.09.14, 16:26, Wietse Venema wrote: giacomo: Hello at all, I would like to split email from an external mail server (from my ISP) to an internal mail server. The ISP receive all mail of the domain in one mail address (the server use zimbra with postfix). Does this mean that us...@example.com, us...@example.com, etc., are delivered to the same ISP mailbox, and you want to deliver it to separate mailboxes on your server? (Replace example.com with your real domain name). Not exactly. The ISP mailbox catch all users of real domain name in a unique mail box (example chatch...@realdomain.com). I want to deliver it on a internal server to separate mailboxes. Is possible this action? I would like to split this email on the relative folder of the target user of domain. The internal mail server use postfix. The server work fine with virtual user sending e receiving mail internally. It's possible this operation? Is there any program or procedure to use with postfix to do this? You should be able to do this with a fetchmail-like program that looks at the Postfix X-Original-To address header. DO NOT USE the To: address header for this purpose. Doing so will result in delivery loops with mailing list articles. For example, this reply message does not have your address in the To: header; and you would be sending it back to postfix-users@postfix.org. That would cause you to lose your mailing list membership. Wietse Thanks -- Luciano -- Le informazioni contenute nella presente e-mail e nei documenti/files eventualmente allegati sono confidenziali. Essi sono riservati esclusivamente al destinatario della stessa. La loro eventuale comunicazione, diffusione o, comunque, rivelazione a terzi, nonche' la copiatura e/o conservazione e' vietata. Se avete ricevuto questa e-mail per errore, Vi preghiamo cortesemente di informare immediatamente il mittente della stessa e di distruggerla o, comunque, cancellarla dal Vostro sistema. This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error), please notify the sender immediately and destroy this e-mail. Any unauthorised communication, diffusion, disclosure and copy of the material in this e-mail is strictly forbidden. --
Splitting email.
Hello at all, I would like to split email from an external mail server (from my ISP) to an internal mail server. The ISP receive all mail of the domain in one mail address (the server use zimbra with postfix). I would like to split this email on the relative folder of the target user of domain. The internal mail server use postfix. The server work fine with virtual user sending e receiving mail internally. It's possible this operation? Is there any program or procedure to use with postfix to do this? Thanks. -- Luciano -- Le informazioni contenute nella presente e-mail e nei documenti/files eventualmente allegati sono confidenziali. Essi sono riservati esclusivamente al destinatario della stessa. La loro eventuale comunicazione, diffusione o, comunque, rivelazione a terzi, nonche' la copiatura e/o conservazione e' vietata. Se avete ricevuto questa e-mail per errore, Vi preghiamo cortesemente di informare immediatamente il mittente della stessa e di distruggerla o, comunque, cancellarla dal Vostro sistema. This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error), please notify the sender immediately and destroy this e-mail. Any unauthorised communication, diffusion, disclosure and copy of the material in this e-mail is strictly forbidden. --
Re: Postfix and SASL auth on OpenBSD 5.5 [SOLVED]
Hello Viktor, After a lot of test I downgrade my SO from OpenBSD 5.5 to OpenBSD 5.4. The authentication work correctly. Thanks. Luciano. -- Le informazioni contenute nella presente e-mail e nei documenti/files eventualmente allegati sono confidenziali. Essi sono riservati esclusivamente al destinatario della stessa. La loro eventuale comunicazione, diffusione o, comunque, rivelazione a terzi, nonche' la copiatura e/o conservazione e' vietata. Se avete ricevuto questa e-mail per errore, Vi preghiamo cortesemente di informare immediatamente il mittente della stessa e di distruggerla o, comunque, cancellarla dal Vostro sistema. This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error), please notify the sender immediately and destroy this e-mail. Any unauthorised communication, diffusion, disclosure and copy of the material in this e-mail is strictly forbidden. -- On 13.09.14, 21:43, giacomo wrote: Hello Viktor, On 10.09.14, 22:59, Viktor Dukhovni wrote: On Wed, Sep 10, 2014 at 10:46:43PM +0200, giacomo wrote: So you're using Cyrus SASL, but not showing any details of the SASL configuration, available plugins, ... The configuration of SASL is in /usr/local/lib/sasl2/smtpd.conf pwcheck_method: saslauthd mech_list: PLAIN LOGIN #authdaemond_path: /var/sasl2/socket authdaemond_path: /var/run/courier-auth/socket log_level: 7 The documentation for authdaemond_path says: Path to Courier-IMAP authdaemond's unix socket. Only applicable when pwcheck_method is set to authdaemond. So your smtpd.conf can't work as configured. Ok, I try to change this configuration. I will say if it works. Is the authdaemond_path correctly specified? Yes it's specified in /etc/rc.d/courier-authdaemond Does the postfix user have permission to access the socket? /var/run/courier-auth/pid root wheel Is smtpd(8) chrooted? No. My master.cf # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - n - - smtpd AUTH PLAIN AGQubGlzYWlhQGdydXBwb2lzaWwuY29tAGxpc2FpYQ== 535 5.7.8 Error: authentication failed: generic failure Avoid posting AUTH PLAIN and AUTH LOGIN command arguments, they contain reversibly (base64) encoded passwords. I don't understand this. Please specificy what it mean. It means that you should not send the data after AUTH PLAIN to a public mailing list. It can be easily decoded to recover your no longer secret password. For example: $ echo AGQubGlzYWlhQGdydXBwb2lzaWwuY29tAGxpc2FpYQ== | openssl base64 -A -d | cat -etv ^@d.lis...@gruppoisil.com^@lisaia -- Viktor. Ok. This is a sample example, to test. I not will send you the real password. :) Thanks. -- Isaia Luciano
Re: Postfix and SASL auth on OpenBSD 5.5.
Hello Viktor, On 10.09.14, 22:59, Viktor Dukhovni wrote: On Wed, Sep 10, 2014 at 10:46:43PM +0200, giacomo wrote: So you're using Cyrus SASL, but not showing any details of the SASL configuration, available plugins, ... The configuration of SASL is in /usr/local/lib/sasl2/smtpd.conf pwcheck_method: saslauthd mech_list: PLAIN LOGIN #authdaemond_path: /var/sasl2/socket authdaemond_path: /var/run/courier-auth/socket log_level: 7 The documentation for authdaemond_path says: Path to Courier-IMAP authdaemond's unix socket. Only applicable when pwcheck_method is set to authdaemond. So your smtpd.conf can't work as configured. Ok, I try to change this configuration. I will say if it works. Is the authdaemond_path correctly specified? Yes it's specified in /etc/rc.d/courier-authdaemond Does the postfix user have permission to access the socket? /var/run/courier-auth/pid root wheel Is smtpd(8) chrooted? No. My master.cf # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - n - - smtpd AUTH PLAIN AGQubGlzYWlhQGdydXBwb2lzaWwuY29tAGxpc2FpYQ== 535 5.7.8 Error: authentication failed: generic failure Avoid posting AUTH PLAIN and AUTH LOGIN command arguments, they contain reversibly (base64) encoded passwords. I don't understand this. Please specificy what it mean. It means that you should not send the data after AUTH PLAIN to a public mailing list. It can be easily decoded to recover your no longer secret password. For example: $ echo AGQubGlzYWlhQGdydXBwb2lzaWwuY29tAGxpc2FpYQ== | openssl base64 -A -d | cat -etv ^@d.lis...@gruppoisil.com^@lisaia -- Viktor. Ok. This is a sample example, to test. I not will send you the real password. :) Thanks. -- Isaia Luciano
Re: Postfix and SASL auth on OpenBSD 5.5.
Thank you for your reply. On 08.09.14, 21:11, Viktor Dukhovni wrote: On Mon, Sep 08, 2014 at 10:47:02PM +0200, giacomo wrote: I send you the configuration of Postfix. Change the password for this account: Username: d.lis...@gruppoisil.com Compromised Password: lisaia This acconut is only for try the server mail. smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_security_options = So you're using Cyrus SASL, but not showing any details of the SASL configuration, available plugins, ... The configuration of SASL is in \usr\local\lib\sasl2\smtpd.conf pwcheck_method: saslauthd mech_list: PLAIN LOGIN #authdaemond_path: /var/sasl2/socket authdaemond_path: /var/run/courier-auth/socket log_level: 7 220 mail2.domain.com ESMTP Postfix ehlo tin.it 250-mail2.domain.com 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH PLAIN AGQubGlzYWlhQGdydXBwb2lzaWwuY29tAGxpc2FpYQ== 535 5.7.8 Error: authentication failed: generic failure Avoid posting AUTH PLAIN and AUTH LOGIN command arguments, they contain reversibly (base64) encoded passwords. I don't understand this. Please specificy what it mean. Jul 5 23:11:19 mail2 postfix/smtpd[3717]: warning: SASL authentication failure: could not verify password Jul 5 23:11:19 mail2 postfix/smtpd[3717]: warning: SASL authentication failure: Password verification failed Jul 5 23:11:19 mail2 postfix/smtpd[3717]: warning: unknown[192.168.1.248]: SASL PLAIN authentication failed: generic failure Cyrus SASL was not happy. -- Viktor. -- Luciano
Re: Postfix and SASL auth on OpenBSD 5.5.
Hi,
I send you the configuration of Postfix.
$ postconf -nf
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id sleep 5
header_checks = pcre:/etc/postfix/header_checks
html_directory = /usr/local/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mail_owner = _postfix
mailq_path = /usr/local/sbin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = domain.com
myhostname = mail2.domain.com
mynetworks = 127.0.0.0/8, 192.168.1.0/24, 192.168.3.0/24
myorigin = $myhostname
newaliases_path = /usr/local/sbin/newaliases
qdeliver_destination_concurrency_limit = 1
qdeliver_destination_recipient_limit = 1
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix/readme
relay_domains = $mydestination
sample_directory = /etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = _postdrop
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_milters = unix:/var/spool/postfix/var/run/milter-spamd/spamd.sock
unix:/var/spool/postfix/var/run/milter-clamav/clamav.sock
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination, reject_unauth_pipelining,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_invalid_hostname, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_unauth_destination, reject_rbl_client
bl.spamcop.net, reject_rbl_client zombie.dnsbl.sorbs.net, reject_rbl_client
list.dsbl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client
sbl-xbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl,
reject_rbl_client combined.njabl.org, reject_rbl_client dul.dnsbl.sorbs.net,
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options =
smtpd_tls_CAfile = /etc/ssl/ca.crt
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_key_file = /etc/postfix/ssl/private/server.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailboxes.cf
virtual_minimum_uid = 2000
virtual_transport = qdeliver
virtual_uid_maps = static:2000
$ postconf -Mf
smtp inet n - n - - smtpd
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup unix n - - 60 1 pickup
cleanupunix n - - - 0 cleanup
qmgr unix n - - 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewriteunix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discardunix - - - - - discard
local unix - n n - - local
virtualunix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
qdeliver unix - n n - - pipe flags=uh
user=vmail argv=/usr/local/bin/deliverquota -c -w 90
/var/mail/vhosts/${domain}/${user}
The mail system is based on virtual users on OpenBSD.
Thanks.
--
Isaia Luciano
On 07.09.14, 14:42, giacomo wrote:
Hello everyone.
I
Postfix and SASL auth on OpenBSD 5.5.
Hello everyone. I recently created a mail server based on Postfix with MySQL and SASL authentication and TLS. I have problems to use authentication SASL. The errors are: telnet 192.168.1.242 25 Trying 192.168.1.242... Connected to 192.168.1.242. Escape character is '^]'. 220 mail2.domain.com ESMTP Postfix ehlo tin.it 250-mail2.domain.com 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH PLAIN AGQubGlzYWlhQGdydXBwb2lzaWwuY29tAGxpc2FpYQ== 535 5.7.8 Error: authentication failed: generic failure /var/maillog Jul 5 23:11:19 mail2 postfix/smtpd[3717]: warning: SASL authentication failure: could not verify password Jul 5 23:11:19 mail2 postfix/smtpd[3717]: warning: SASL authentication failure: Password verification failed Jul 5 23:11:19 mail2 postfix/smtpd[3717]: warning: unknown[192.168.1.248]: SASL PLAIN authentication failed: generic failure /var/maillog Jul 5 23:11:19 mail2 postfix/smtpd[3717]: warning: SASL authentication failure: could not verify password Jul 5 23:11:19 mail2 postfix/smtpd[3717]: warning: SASL authentication failure: Password verification failed Jul 5 23:11:19 mail2 postfix/smtpd[3717]: warning: unknown[192.168.1.248]: SASL PLAIN authentication failed: generic failure System OpenBSD v. 5.5 Packages: courier-authlib-0.65.0p2 courier-authlib-mysql-0.65.0p5 courier-imap-4.13p0 courier-pop3-4.13p0 cyrus-sasl-2.1.26p10-mysql mysql-client-5.1.73v0 mysql-server-5.1.73v0 Port: postfix-2.12.20140109-sasl2-mysql (compilated to enable SASL e MySQL) In the old version of OpenBSD it seam to work. Any suggestions? Thanks. -- Isaia Luciano Debian Linux user -- /home/giacomo/Documenti/192934.png -- Le informazioni contenute nella presente e-mail e nei documenti/files eventualmente allegati sono confidenziali. Essi sono riservati esclusivamente al destinatario della stessa. La loro eventuale comunicazione, diffusione o, comunque, rivelazione a terzi, nonche' la copiatura e/o conservazione e' vietata. Se avete ricevuto questa e-mail per errore, Vi preghiamo cortesemente di informare immediatamente il mittente della stessa e di distruggerla o, comunque, cancellarla dal Vostro sistema. This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error), please notify the sender immediately and destroy this e-mail. Any unauthorised communication, diffusion, disclosure and copy of the material in this e-mail is strictly forbidden. --
Content filtering messages from sasl authenticated users
Hello everyone on the list, as subject, how can I pass through a content filter only the messages arriving from sasl authenticated users ? Thank you, Giacomo.
Re: Content filtering messages from sasl authenticated users
Il 02/10/2012 14.35, Ralf Hildebrandt ha scritto: Hello everyone on the list, as subject, how can I pass through a content filter only the messages arriving from sasl authenticated users ? Hard option: Use a policy daemon to return FILTER foobar:dummy if the user has authenticated (sasl_username attribut is non-empty) Thanks a lot, I did it, with postfwd. Giacomo.
