Re: limit connections
On 06.11.2020 13:48, Wietse Venema wrote: Wietse > That is a configuration mistake. Postfix should not receive mail > for a deleted user. maybe you dont understand me I mean this example: : host spike.porcx.org[xxx.xxx.189.2] said: 550 5.1.1 : Recipient address rejected: User unknown (in reply to RCPT TO command) I send e-mail to user and I send to Your server And let's assume I do not accept this information and limit it, for example, by 10 per hour > >> or user have quota > There are policy plugins or other solutions to block mail for > over-quota users, depending on what mail delivery method you use. > >> - my server (Mailer-daemon) sends returns - >> and external hosting limit incomming e-mail per IP > So this is only a problem with sending MAILER-DAEMON messages? > > Please fix your Postfix configuration to not receive mail for a > deleted or over-quota user. > > Wietse
Re: postfix and MX
Hi I found a solutions about MX filter in http://rmxf.comm.pl/ On 18.09.2020 01:30, @lbutlr wrote: > On 17 Sep 2020, at 17:03, Fred Morris wrote: >> On Thu, 17 Sep 2020, Antonio Leding wrote: >>> TILT: MX records are not required for email to work — WOOT… >> Not required for SPF either. You can list the IP address(es). Of course if >> you have MX then for SPF it's simple "+mx". > This may have changed, but I doubt it. If you do not have MX records there > are definitely mail servers out there that will not send mail to you. > Exchange for one at least used to refuse to deliver mail without an MX > record. I don't know if this is still the case as I am thankfully at least 5 > years from having to deal with anyone on Exchange server. > > >
postfix and MX
Hi In e-mail incoming I need a MX restrictions - allow only domain who have add MX in DNS - I known this is not RFC friendly ... Are there any solutions ready to be imported?
Re: 2 factor authentication for postfix
On 23.07.2020 16:41, Wietse Venema wrote: > natan maciej milaszewski: >> Hi >> I am looking for a solution or some faq to running 2 factor >> authentication for Postfix3.x > To SEND mail? > > To RECEIVE mail? Only to send mail
Re: 2 factor authentication for postfix
On 23.07.2020 16:31, Phil Stracchino wrote: > On 2020-07-23 09:57, natan maciej milaszewski wrote: >> Hi >> I am looking for a solution or some faq to running 2 factor >> authentication for Postfix3.x > > U. Postfix is a mail *transfer* agent. It moves mail from > system to system and delivers it to users' mailboxes. It does not > provide a mail reading/pickup interface for users. How exactly are you > envisioning using 2FA with it? > > That easy in theory postfix + radius + 2fa (I found pam_google_authenticator)
2 factor authentication for postfix
Hi I am looking for a solution or some faq to running 2 factor authentication for Postfix3.x
Re: probably bug in postfix3-3.4
Thenx for replay: May 5 06:00:51 smtp1 postfix/smtpd[5939]: warning: Illegal address syntax from unknown[217.153.30.34] in RCPT command: <> May 5 06:00:51 smtp1 postfix/smtpd[6242]: warning: Illegal address syntax from unknown[217.153.30.34] in RCPT command: <> May 5 06:00:51 smtp1 postfix/smtpd[6240]: warning: Illegal address syntax from unknown[217.153.30.34] in RCPT command: <> May 5 06:00:51 smtp1 postfix/smtpd[5710]: warning: Illegal address syntax from unknown[217.153.30.34] in RCPT command: <> May 5 06:00:52 smtp1 postfix/submission/smtpd[6303]: warning: hostname zg-0428c-286.stretchoid.com does not resolve to address 162.243.138.183: Name or service not known May 5 06:00:52 smtp1 postfix/submission/smtpd[6319]: warning: hostname zg-0428c-286.stretchoid.com does not resolve to address 162.243.138.183: Name or service not known May 5 06:00:52 smtp1 postfix/smtps/smtpd[6194]: warning: hostname host66-188-252-69.limes.com.pl does not resolve to address 188.252.69.66: Name or service not known May 5 06:00:52 smtp1 postfix/smtpd[6240]: warning: unknown[45.143.223.91]: SASL LOGIN authentication failed: authentication failure May 5 06:00:53 smtp1 postfix/smtpd[6444]: warning: hostname net6-ip6.linkbg.com does not resolve to address 87.246.7.6: Name or service not known May 5 06:00:53 smtp1 postfix/submission/smtpd[6457]: warning: hostname zg-0428c-286.stretchoid.com does not resolve to address 162.243.138.183: Name or service not known May 5 06:00:53 smtp1 postfix/smtps/smtpd[6199]: warning: Illegal address syntax from static-81-219-84-50.devs.futuro.pl[81.219.84.50] in RCPT command: <'basia@[...].pl'> May 5 06:00:53 smtp1 postfix/smtpd[6240]: warning: unknown[89.111.132.76]: SASL LOGIN authentication failed: authentication failure May 5 06:00:53 smtp1 postfix/smtpd[6444]: warning: unknown[87.246.7.6]: SASL LOGIN authentication failed: authentication failure May 5 06:00:53 smtp1 postfix/smtps/smtpd[6197]: warning: SASL authentication failure: Password verification failed May 5 06:00:53 smtp1 postfix/smtps/smtpd[6197]: warning: 171-103-138-78.static.asianet.co.th[171.103.138.78]: SASL PLAIN authentication failed: authentication failure May 5 06:00:53 smtp1 postfix/submission/smtpd[6464]: warning: hostname zg-0428c-286.stretchoid.com does not resolve to address 162.243.138.183: Name or service not known May 5 06:00:54 smtp1 postfix/smtpd[6466]: warning: unknown[45.143.223.91]: SASL LOGIN authentication failed: authentication failure May 5 06:00:54 smtp1 postfix/smtps/smtpd[6199]: warning: Illegal address syntax from static-81-219-84-50.devs.futuro.pl[81.219.84.50] in RCPT command: <'biuro@[..].'> May 5 06:00:54 smtp1 postfix/smtps/smtpd[6471]: warning: hostname host66-188-252-69.limes.com.pl does not resolve to address 188.252.69.66: Name or service not known May 5 06:00:54 smtp1 postfix/smtps/smtpd[5897]: warning: Illegal address syntax from unknown[46.29.149.182] in RCPT command: <'anna.m@[...].pl'> May 5 06:00:54 smtp1 postfix/smtpd[6444]: warning: unknown[111.72.195.23]: SASL LOGIN authentication failed: authentication failure May 5 06:00:54 smtp1 postfix/submission/smtpd[6464]: warning: hostname zg-0428c-286.stretchoid.com does not resolve to address 162.243.138.183: Name or service not known nothing else On 05.05.2020 19:40, Wietse Venema wrote: > natan maciej milaszewski: >> Hi >> I not found any errors: > RUN THE COMMAND DESCRIBED IN http://www.postfix.org/DEBUG_README.html#logging > > $ egrep '(warning|error|fatal|panic):' /some/log/file | more > > Wietse
Re: probably bug in postfix3-3.4
Hi I not found any errors: May 5 06:00:52 smtp1 postfix/master[22162]: reload -- version 3.4.7, configuration /etc/postfix May 5 06:00:52 smtp1 postfix/cleanup[5718]: 49GQxc60ggz4D9D: message-id= May 5 06:00:52 smtp1 postfix/qmgr[5678]: 49GQxc60ggz4D9D: from=, size=67939, nrcpt=1 (queue active) May 5 06:00:52 smtp1 postfix/submission/smtpd[6305]: disconnect from unknown[10.10.44.61] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6 May 5 06:00:52 smtp1 postfix/anvil[5691]: statistics: max connection rate 81/60s for (smtp:217.153.30.34) at May 5 06:00:46 May 5 06:00:52 smtp1 postfix/anvil[5691]: statistics: max connection count 16 for (smtps:217.67.201.19) at May 5 06:00:36 May 5 06:00:52 smtp1 postfix/anvil[5691]: statistics: max cache size 159 at May 5 06:00:52 May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQwf3mj4z4D6T: from=, size=80199, nrcpt=2 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQx260b4z4D8d: from=, size=835317, nrcpt=1 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQwh3Cxjz4D7f: from=, size=80307, nrcpt=2 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQxP2LwLz4D9N: from=, size=27942, nrcpt=1 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQwf6SQPz4D6d: from=, size=80210, nrcpt=2 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQwc1Yh5z4D5p: from=, size=5213, nrcpt=1 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQwf0Ng9z4D6B: from=, size=85005, nrcpt=1 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQwh3f0Cz4D7j: from=, size=80266, nrcpt=2 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQwh43fbz4D7n: from=, size=80392, nrcpt=2 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQwg2RCvz4D6r: from=, size=80346, nrcpt=2 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQwg0FwTz4D6X: from=, size=80342, nrcpt=2 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQwg5Vtdz4D79: from=, size=80233, nrcpt=2 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQwf4CQdz4D6V: from=, size=80227, nrcpt=2 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQxK1Chqz4D92: from=, size=1289, nrcpt=1 (queue active) May 5 06:00:53 smtp1 postfix/smtpd[6444]: warning: hostname net6-ip6.linkbg.com does not resolve to address 87.246.7.6: Name or service not known May 5 06:00:53 smtp1 postfix/smtpd[6444]: connect from unknown[87.246.7.6] May 5 06:00:53 smtp1 postfix/submission/smtpd[6457]: warning: hostname zg-0428c-286.stretchoid.com does not resolve to address 162.243.138.183: Name or service not known May 5 06:00:53 smtp1 postfix/submission/smtpd[6457]: connect from unknown[162.243.138.183] May 5 06:00:53 smtp1 postfix/smtps/smtpd[6199]: warning: Illegal address syntax from static-81-219-84-50.devs.futuro.pl[81.219.84.50] in RCPT command: <'ba...@rolfarm.lub.pl'> May 5 06:00:53 smtp1 postfix/smtpd[6240]: warning: unknown[89.111.132.76]: SASL LOGIN authentication failed: authentication failure May 5 06:00:53 smtp1 postfix/smtpd[6444]: warning: unknown[87.246.7.6]: SASL LOGIN authentication failed: authentication failure When I restart postfix all works fine For test i reload again via "postfix reload" and problem exists every time after "postfix reload" new mails only added to queue active and the queue was growing If i reload via "service postfix reload" problem not exist and mailq is normal On 05.05.2020 15:16, Wietse Venema wrote: > Have a look at the error logs. > http://www.postfix.org/DEBUG_README.html#logging > > Look for obvious signs of trouble > = > > Postfix logs all failed and successful deliveries to a logfile. > > * When Postfix uses syslog logging (the default), the file is usually > called /var/log/maillog, /var/log/mail, or something similar; the > exact pathname is configured in a file called /etc/syslog.conf, > /etc/rsyslog.conf, or something similar. > > * When Postfix uses its own logging system (see MAILLOG_README), > the location of the logfile is configured with the Postfix > maillog_file parameter. > > When Postfix does not receive or deliver mail, the first order of > business is to look for errors that prevent Postfix from working > properly: > > % egrep '(warning|error|fatal|panic):' /some/log/file | more > > Note: the most important message is near the BEGINNING of the output. > Error messages that come later are less useful. > > The nature of each problem is indicated as follows: > > * "panic" indicates a problem in the software itself that only a > programmer can fix. Postfix cannot proceed until this is fixed. > > * "fatal" is the result of missing files, incorrect permissions, > incorrect configuration file settings that you can fix. Postfix > cannot proceed until this is fixed. > > * "error" reports an error condition. For safety reasons, a Postfix > process will terminate when more than 13 of these happen. > > * "warning" indicates a non-fatal error. These are
probably bug in postfix3-3.4
Hi I have a centos 7 and postfix3-3.4.7-1.gf.el7.x86_64 I reload postfix via: postfix reload May 5 06:00:52 smtp1 postfix/master[22162]: reload -- version 3.4.7, configuration /etc/postfix And new mail was only added to queue active They did not want to leave and the queue was growing May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQwf3mj4z4D6T: from=, size=80199, nrcpt=2 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQx260b4z4D8d: from=, size=835317, nrcpt=1 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQwh3Cxjz4D7f: from=, size=80307, nrcpt=2 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQxP2LwLz4D9N: from=, size=27942, nrcpt=1 (queue active) May 5 06:00:52 smtp1 postfix/qmgr[6439]: 49GQwf6SQPz4D6d: from=, size=80210, nrcpt=2 (queue active) Problem was fixed after restart postfix I tested reload ~4 times and the problem happened again For second test i relod postfix via systemd (service postfix reload) - works fine Any idea ? maby bug ? anyone can confirm ?
Re: postfix + forwadgroup + external amavis with haproxy and no_address_mappings
Hi In that configurations cannot work delimiter in main.cf exists recipient_delimiter = + On 28.04.2020 10:15, natan maciej milaszewski wrote: > Hi > I have debian 9 and postfix 3.1.14. Generally, I have distributed mail > traffic over several machines > > - separately for sent mail - here I have postfix > - separately for incoming e-mails - here I have postfix + external amavis > > > The general outline is this: > > 1) mail arrives at postfix > 2) postfix transfers it to Amavis > - it really is a local haproxy which directs to one of three amavis > > 3) mail returns from amavis on a given ip: port (which is filtered from > outside the firewall) > 4) using LMTP to dovecot cluster and then to maildirs and then to sieve > virtual_transport = lmtp: inet: 10.0.100.5: 24 > > > > > Some my restryctions > smtpd_client_restrictions = > # local map with host and network wgo must go to amavis or without amavisa > check_client_access cidr:/etc/postfix/amavis_bypass, > reject_unauth_pipelining, > permit > > /etc/postfix/amavis_bypass > > #without amavis > 86.xxx.xxx.0/24 OK > 89.xxx.xxx.0/24 Ok > 10.0.100.21/32 OK > 10.0.100.22/32 OK > 10.0.100.23/32 OK > 10.0.100.24/32 OK > 10.0.100.25/32 OK > 89.206.41.19/32 OK > #other go to amavis > 0.0.0.0/0 FILTER smtp-amavis:[127.0.0.1]:10628 > > > > master.cf: > smtp-amavis unix - - - - 80 smtp > -o smtp_data_done_timeout=6000s > -o smtp_send_xforward_command=yes > -o disable_dns_lookups=yes > > #80 cosnnections - and in my amavis I have 90 (10+overtime ) > > > #returns from amavis IP .199 > > 86.xxx.xxx.199:10027 inet n - n - - smtpd > -o smtpd_proxy_timeout=900s > -o content_filter= > -o mynetworks_style=host > -o mynetworks=10.0.100.0/24,86.xxx.xxx.199/32, > -o local_recipient_maps= > -o relay_recipient_maps= > -o strict_rfc821_envelopes=yes > -o smtp_tls_security_level=none > -o smtpd_tls_security_level=none > -o smtpd_restriction_classes= > -o smtpd_delay_reject=no > -o smtpd_client_restrictions=permit_mynetworks,reject > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_recipient_restrictions=permit_mynetworks,reject > -o smtpd_end_of_data_restrictions= > -o smtpd_error_sleep_time=0 > -o smtpd_soft_error_limit=1001 > -o smtpd_hard_error_limit=1000 > -o smtpd_client_connection_count_limit=0 > -o smtpd_client_connection_rate_limit=0 > -o > receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings > > > All works fine but sometimes my "users" use a mial forwarding In > that forwarding have (100-200 email) like > > u...@domain1.ltd ---> us...@domain1.ltd, us...@domain1.ltd, > u...@domain2.ltd, us...@domainx.ltd > > And all forward e-mail was "releback" in smtp and go to amavis. > > In amavis I get: > > Apr 16 15:11:11 amavis2 amavis[10499]: (10499-01) ESMTP > [86.xxx.xxx.155]:10628 > /var/amavis/tmp/amavis-20200416T15-10499-r3E5zU6i: -> > , > SIZE=2129 BODY=7BIT Received: from myserver.domainltd.pl > ([86.xxx.xxx.199]) by localhost (amavis2.localdomain [86.xxx.xxx.155]) > (amavisd-new, port 10628) with ESMTP; Thu, 16 Apr 2020 15:11:11 +0200 (CEST) > > > Apr 16 15:11:11 amavis2 amavis[10499]: (10499-01) spam_scan: > score=-0.198 autolearn=no autolearn_force=no > tests=[BAYES_00=-1.9,DCC_REPUT_70_89=0.1,HTML_IMAGE_RATIO_06=0.001,HTML_MESSAGE=0.001,IQ_EMAIL_KASA_2=0.5,RCVD_IN_DNSWL_NONE=-0.0001,SUBJ_ALL_CAPS=0.5,UNIVERSAL_HTMLv20160523_1=0.1,UNIVERSAL_HTMLv20160523_2=0.1,UNIVERSAL_HTMLv20160523_3=0.1,UNIVERSAL_HTMLv20160523_5=0.1,URIBL_BLOCKED=0.2] > recips=22 > Apr 16 15:11:11 amavis2 amavis[10499]: (10499-01) spam_scan: > score=-0.198 autolearn=no autolearn_force=no > tests=[BAYES_00=-1.9,DCC_REPUT_70_89=0.1,HTML_IMAGE_RATIO_06=0.001,HTML_MESSAGE=0.001,IQ_EMAIL_KASA_2=0.5,RCVD_IN_DNSWL_NONE=-0.0001,SUBJ_ALL_CAPS=0.5,UNIVERSAL_HTMLv20160523_1=0.1,UNIVERSAL_HTMLv20160523_2=0.1,UNIVERSAL_HTMLv20160523_3=0.1,UNIVERSAL_HTMLv20160523_5=0.1,URIBL_BLOCKED=0.2] > recips=4 > Apr 16 15:11:11 amavis2 amavis[10499]: (10499-01) spam_scan: > score=-0.198 autolearn=no autolearn_force=no > tests=[BAYES_00=-1.9,DCC_REPUT_70_89=0.1,HTML_IMAGE_RATIO_06=0.001,HTML_MESSAGE=0.001,IQ_EMAIL_KASA_2=0.5,RCVD_IN_DNSWL_NONE=-0.0001,SUBJ_ALL_CAPS=0.5,UNIVERSAL_HTMLv20160523_1=0.1,UNIVERSAL_HTMLv20160523_2=0.1,UNIVERSAL_HTMLv20160523_3=0.1,UNIVERSAL_HTMLv20160523_5=0.1,URIBL_BLOCKED=0.2] > recips=82 > Apr 16 15:11:11 amavis2 amavis[10499]: (10499-01) spam_scan: > score=
postfix + forwadgroup + external amavis with haproxy and no_address_mappings
Hi I have debian 9 and postfix 3.1.14. Generally, I have distributed mail traffic over several machines - separately for sent mail - here I have postfix - separately for incoming e-mails - here I have postfix + external amavis The general outline is this: 1) mail arrives at postfix 2) postfix transfers it to Amavis - it really is a local haproxy which directs to one of three amavis 3) mail returns from amavis on a given ip: port (which is filtered from outside the firewall) 4) using LMTP to dovecot cluster and then to maildirs and then to sieve virtual_transport = lmtp: inet: 10.0.100.5: 24 Some my restryctions smtpd_client_restrictions = # local map with host and network wgo must go to amavis or without amavisa check_client_access cidr:/etc/postfix/amavis_bypass, reject_unauth_pipelining, permit /etc/postfix/amavis_bypass #without amavis 86.xxx.xxx.0/24 OK 89.xxx.xxx.0/24 Ok 10.0.100.21/32 OK 10.0.100.22/32 OK 10.0.100.23/32 OK 10.0.100.24/32 OK 10.0.100.25/32 OK 89.206.41.19/32 OK #other go to amavis 0.0.0.0/0 FILTER smtp-amavis:[127.0.0.1]:10628 master.cf: smtp-amavis unix - - - - 80 smtp -o smtp_data_done_timeout=6000s -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes #80 cosnnections - and in my amavis I have 90 (10+overtime ) #returns from amavis IP .199 86.xxx.xxx.199:10027 inet n - n - - smtpd -o smtpd_proxy_timeout=900s -o content_filter= -o mynetworks_style=host -o mynetworks=10.0.100.0/24,86.xxx.xxx.199/32, -o local_recipient_maps= -o relay_recipient_maps= -o strict_rfc821_envelopes=yes -o smtp_tls_security_level=none -o smtpd_tls_security_level=none -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings All works fine but sometimes my "users" use a mial forwarding In that forwarding have (100-200 email) like u...@domain1.ltd ---> us...@domain1.ltd, us...@domain1.ltd, u...@domain2.ltd, us...@domainx.ltd And all forward e-mail was "releback" in smtp and go to amavis. In amavis I get: Apr 16 15:11:11 amavis2 amavis[10499]: (10499-01) ESMTP [86.xxx.xxx.155]:10628 /var/amavis/tmp/amavis-20200416T15-10499-r3E5zU6i: -> , SIZE=2129 BODY=7BIT Received: from myserver.domainltd.pl ([86.xxx.xxx.199]) by localhost (amavis2.localdomain [86.xxx.xxx.155]) (amavisd-new, port 10628) with ESMTP; Thu, 16 Apr 2020 15:11:11 +0200 (CEST) Apr 16 15:11:11 amavis2 amavis[10499]: (10499-01) spam_scan: score=-0.198 autolearn=no autolearn_force=no tests=[BAYES_00=-1.9,DCC_REPUT_70_89=0.1,HTML_IMAGE_RATIO_06=0.001,HTML_MESSAGE=0.001,IQ_EMAIL_KASA_2=0.5,RCVD_IN_DNSWL_NONE=-0.0001,SUBJ_ALL_CAPS=0.5,UNIVERSAL_HTMLv20160523_1=0.1,UNIVERSAL_HTMLv20160523_2=0.1,UNIVERSAL_HTMLv20160523_3=0.1,UNIVERSAL_HTMLv20160523_5=0.1,URIBL_BLOCKED=0.2] recips=22 Apr 16 15:11:11 amavis2 amavis[10499]: (10499-01) spam_scan: score=-0.198 autolearn=no autolearn_force=no tests=[BAYES_00=-1.9,DCC_REPUT_70_89=0.1,HTML_IMAGE_RATIO_06=0.001,HTML_MESSAGE=0.001,IQ_EMAIL_KASA_2=0.5,RCVD_IN_DNSWL_NONE=-0.0001,SUBJ_ALL_CAPS=0.5,UNIVERSAL_HTMLv20160523_1=0.1,UNIVERSAL_HTMLv20160523_2=0.1,UNIVERSAL_HTMLv20160523_3=0.1,UNIVERSAL_HTMLv20160523_5=0.1,URIBL_BLOCKED=0.2] recips=4 Apr 16 15:11:11 amavis2 amavis[10499]: (10499-01) spam_scan: score=-0.198 autolearn=no autolearn_force=no tests=[BAYES_00=-1.9,DCC_REPUT_70_89=0.1,HTML_IMAGE_RATIO_06=0.001,HTML_MESSAGE=0.001,IQ_EMAIL_KASA_2=0.5,RCVD_IN_DNSWL_NONE=-0.0001,SUBJ_ALL_CAPS=0.5,UNIVERSAL_HTMLv20160523_1=0.1,UNIVERSAL_HTMLv20160523_2=0.1,UNIVERSAL_HTMLv20160523_3=0.1,UNIVERSAL_HTMLv20160523_5=0.1,URIBL_BLOCKED=0.2] recips=82 Apr 16 15:11:11 amavis2 amavis[10499]: (10499-01) spam_scan: score=-0.198 autolearn=no autolearn_force=no tests=[BAYES_00=-1.9,DCC_REPUT_70_89=0.1,HTML_IMAGE_RATIO_06=0.001,HTML_MESSAGE=0.001,IQ_EMAIL_KASA_2=0.5,RCVD_IN_DNSWL_NONE=-0.0001,SUBJ_ALL_CAPS=0.5,UNIVERSAL_HTMLv20160523_1=0.1,UNIVERSAL_HTMLv20160523_2=0.1,UNIVERSAL_HTMLv20160523_3=0.1,UNIVERSAL_HTMLv20160523_5=0.1,URIBL_BLOCKED=0.2] recips=72 and searching all e-mail from forwarded e-mail list to local awl (mysql) in amavis what is stupid... sometimes i get delay=127.0.0.1[127.0.0.1]:10628, conn_use=3, delay=6773, delays=6517/5.8/0/250, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while sending end of data -- message may be sent more than once) now i change
dumbest questions about limit
Hi Sorry about probably dumbest questions. What does it really mean? 552 5.3.4 Message size exceeds fixed limit Apr 16 16:03:48 thebe4 postfix/smtpd[11692]: NOQUEUE: reject: MAIL from mail-il1-f169.google.com[209.85.166.169]: 552 5.3.4 Message size exceeds fixed limit; proto=ESMTP helo= Apr 16 16:03:48 thebe4 postfix/smtpd[11692]: too many errors after MAIL from mail-il1-f169.google.com[209.85.166.169] Apr 16 16:03:48 thebe4 postfix/smtpd[11692]: disconnect from mail-il1-f169.google.com[209.85.166.169] ehlo=2 starttls=1 mail=0/1 commands=3/4 in postfix i set message_size_limit = 2324 mailbox_size_limit = 0 postconf -n |grep "_size_limit" mailbox_size_limit = 0 message_size_limit = 2324
postfix problem with too many errors
Hi
System debian 9 and postfix 3.1.14-0+deb9u1
This is only MX server.
In external server (zabbix) i add a trigger to send e-mail to my MX (1
e-mail per min)
and add zabbix (86.xxx.xxx.xxx) to mynetworks in my MX server
Al works fine but sometimes i get in log:
Apr 16 12:38:21 thebe4 postfix/smtpd[17093]: connect from
zabbix-ext.domain.ltd[86.xxx.xxx.xxx]
Apr 16 12:38:21 thebe4 postfix/smtpd[17093]: Anonymous TLS connection
established from zabbix-ext.domain.ltd[86.xxx.xxx.xxx]: TLSv1.2 with
cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 16 12:38:21 thebe4 postfix/smtpd[17093]: too many errors after EHLO
from zabbix-ext.domain.ltd[86.xxx.xxx.xxx]
Apr 16 12:38:21 thebe4 postfix/smtpd[17093]: disconnect from
zabbix-ext.domain.ltd[86.xxx.xxx.xxx] ehlo=2 starttls=1 noop=1 commands=4
And I dont have idea
postconf |grep "_error_limit"
smtpd_hard_error_limit = ${stress?{1}:{20}}
smtpd_soft_error_limit = 10
now I add in main.cf
debug_peer_list=86.xxx.xxx.xxx
and reaload
https://paste.debian.net/1140731/
my restryctions in main.cf:
-- start --
mynetworks = 127.0.0.0/8, 86.xxx.xxx.xxx/32
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks
reject_unauth_pipelining,
reject_invalid_helo_hostname
smtpd_client_restrictions =
# ip black / whitlist
check_client_access cidr:/etc/postfix/client_checks,
- > 86.xxx.xxx.xxx OK
check_client_access cidr:/etc/postfix/amavis_bypass,
reject_unauth_pipelining,
permit
smtpd_sender_restrictions =
permit_mynetworks
check_sender_access pcre:/etc/postfix/sender_checks.pcre
reject_unknown_sender_domain
reject_unknown_reverse_client_hostname,
reject_non_fqdn_sender
reject_unknown_address,
reject_unauth_pipelining,
permit
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
# whitlista po stronie serwera
check_client_access hash:/etc/postfix/whitelista,
reject_unauth_destination,
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
reject_invalid_hostname,
reject_unknown_hostname,
reject_non_fqdn_hostname
#filtry dla testowania mx i spf
check_sender_mx_access cidr:/etc/postfix/mx_access.cidr,
check_helo_mx_access cidr:/etc/postfix/mx_access.cidr,
check_policy_service unix:private/policy-spf,
lpolicyd,
reject_unlisted_recipient,
check_client_access hash:/etc/postfix/rbl_override,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client dynamic.rbl.tld,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
permit
# Data restrictions
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
#zgodnosc z rfc
strict_rfc821_envelopes = yes
Re: postfix tuning
Hi Thanx Wietse :) i realy read logs and tested via smtp-source (as You advised) 1)smtp-source -c -m 1000 -s 1 -C 1 -f a...@domain.ltd -t a...@domain.lt inet:127.0.0.1:25 Mar 20 16:29:07 mta-mx postfix/smtp[29226]: 48kSNL0YT4z20nvD: to=, relay=127.0.0.1[127.0.0.1]:10628, conn_use=17, delay=33, delays=0.01/31/0/2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[xxx.xxx.xxx.]:10027): 250 2.0.0 Ok: queued as 48kSNz2mWXz20nRD) Mar 20 16:29:07 mta-mx postfix/lmtp[29438]: 48kSNz2mWXz20nRD: to=, relay=10.0.100.5[10.0.100.5]:24, conn_use=29, delay=0.43, delays=0/0/0/0.42, dsn=2.0.0, status=sent (250 2.0.0 6KKUF0PhdF6eAgAA5fQimA Saved) *total delay to amavis delay=33 2)smtp-source -c -m 10 -s 1 -C 1 -f a...@domain.ltd -t a...@domain.lt inet:127.0.0.1:25 Mar 20 16:35:42 mta-mx postfix/smtp[29237]: 48kSXV6K4Wz20nRF: to=, relay=127.0.0.1[127.0.0.1]:10628, delay=4.1, delays=0.01/2/0/2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[xxx.xxx.xxx.xxx]:10027): 250 2.0.0 Ok: queued as 48kSXZ6dkXz20nQt) Mar 20 16:35:43 mta-mx postfix/lmtp[29437]: 48kSXZ6dkXz20nQt: to=, relay=10.0.100.5[10.0.100.5]:24, delay=0.18, delays=0/0/0/0.18, dsn=2.0.0, status=sent (250 2.0.0 eE0COM7idF5kLgAA5fQimA Saved) *total delay to amavis delay=4.1 3) smtp-source -c -m 100 -s 1 -C 1 -f a...@domain.ltd -t a...@domain.lt inet:127.0.0.1:25 Mar 20 16:39:08 mta-mx postfix/smtp[29228]: 48kScQ50MTz20nSb: to=, relay=127.0.0.1[127.0.0.1]:10628, conn_use=2, delay=6.1, delays=0.01/4/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[xxx.xxx.xxx.xxx]:10027): 250 2.0.0 Ok: queued as 48kScX5P4Pz20nR9) Mar 20 16:39:09 mta-mxt postfix/lmtp[825]: 48kScX5P4Pz20nR9: to=, relay=10.0.100.5[10.0.100.5]:24, delay=0.52, delays=0/0.3/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 GDq0A53jdF4CPAAA5fQimA Saved) *total delay to amavis delay=6.1 127.0.0.1:10628 - is local haproxy to connect to 2 external amavis+SA in master.cf smtp-amavis unix??? -?? -?? -?? -?? 60?? smtp On 20.03.2020 15:51, Wietse Venema wrote: > natan maciej milaszewski: >> Hi >> Sorry for to trivial e-mail and stupid question.I have a dedicated >> bare-metal server. I need some tunig postfix to faster delivery (every >> time i look in qshappe -it's good) >> Amvis and dovecot is in the external server to. >> >> >> virtual_transport = lmtp:inet:10.0.100.5:24 >> >> now i change: >> lmtp_destination_concurrency_limit = 100 (default it was 20) >> default_destination_concurrency_limit = 100 (default it was 20) >> lmtp_destination_recipient_limit = 1 >> >> default_process_limit = 1200 (this machine is fast) >> >> and master.cf >> smtp-amavis unix??? -?? -?? -?? -?? 60?? smtp >> >> Is there any real soft for testing configuration performance? >> I care about a smal queue and fast delivery to lmt (local dovcot-claster >> with many dovecot nodes) > You need to measure your latencies. Fortunately, Postfix logs that > information in great detail: > >The format of the "delays=a/b/c/d" logging is as follows: > >* a = time from message arrival to last active queue entry > >* b = time from last active queue entry to connection setup > >* c = time in connection setup, including DNS, EHLO and STARTTLS > >* d = time in message transmission > > Based on this you can make a more intelligent choice than maxing > out process limits and concurrencies. > > To test performance, Posfix source code comes with smtp-source and > smtp-sink utilities. > > To build: > > Download and unpack tarball from http://www.postfix.org/download.html > $ make makefiles shared=no (don't bother with SASL, TLS and so on) > $ make > > To send 10 messages over 1 SMTP session: > > $ cd src/smtpstone > $ ./smtp-source -c -m 10 -s 1 \ > -f sen...@example.com -t recipi...@example.com \ > inet:host:port > > Review the manpage in html/smtp-source.1.html for more options. > > Wietse >
postfix tuninh
Hi Sorry for to trivial e-mail and stupid question.I have a dedicated bare-metal server. I need some tunig postfix to faster delivery (every time i look in qshappe -it's good) Amvis and dovecot is in the external server to. virtual_transport = lmtp:inet:10.0.100.5:24 now i change: lmtp_destination_concurrency_limit = 100 (default it was 20) default_destination_concurrency_limit = 100 (default it was 20) lmtp_destination_recipient_limit = 1 default_process_limit = 1200 (this machine is fast) and master.cf smtp-amavis unix - - - - 60 smtp Is there any real soft for testing configuration performance? I care about a smal queue and fast delivery to lmt (local dovcot-claster with many dovecot nodes)
Re: problem with transport
Hi Thenx for replay :) Working perfectly :) On 06.03.2020 13:07, Wietse Venema wrote: > natan maciej milaszewski: >> Hi >> Is it possible to second add header_checks after milter check ? > milter_header_checks are applied to headers that are added by a > Milter. This can be used to ignore, log, or replace header text. > > Wietse
Re: problem with transport
Hi
Is it possible to second add header_checks after milter check ?
milter_protocol = 2
milter_default_action = accept
milter_connect_macros = j {daemon_name} v {if_name} _
smtpd_milters =
unix:/run/spamass-milter/spamass-milter.sock,inet:localhost:12301
non_smtpd_milters =
unix:/run/spamass-milter/spamass-milter.sock,inet:localhost:12301
I need solutions for if find spam then hold in queue like:
/^X-Spam-Flag:.YES/ HOLD text
On 05.03.2020 12:19, Jaroslaw Rafa wrote:
> Dnia 5.03.2020 o godz. 12:06:43 natan maciej milaszewski pisze:
>> I use DKIM (added like documentations)
>>
>> In log i found double added DKIM - because the mail goes back to the
>> queue and smtpd_milters tags it again ...
>>
>> Probably I must create a returns transport with "-o smtpd_milters="
>> But I dont have idea - maby I thing wrong ...
> Instead of using spamassassin as a content filter, as in your example,
> you have to use spamass-milter, it's a Milter interface to spamassassin.
> Then you will avoid double DKIM.
Re: problem with transport
Hi Thenx for replay :) You have right I forget add a "-o smtpd_milters" in smtp smtp inet n - n - - smtpd -o content_filter=spamassassin -o smtpd_milters= But Your solution is better On 05.03.2020 12:19, Jaroslaw Rafa wrote: > Dnia 5.03.2020 o godz. 12:06:43 natan maciej milaszewski pisze: >> I use DKIM (added like documentations) >> >> In log i found double added DKIM - because the mail goes back to the >> queue and smtpd_milters tags it again ... >> >> Probably I must create a returns transport with "-o smtpd_milters=" >> But I dont have idea - maby I thing wrong ... > Instead of using spamassassin as a content filter, as in your example, > you have to use spamass-milter, it's a Milter interface to spamassassin. > Then you will avoid double DKIM.
problem with transport
Hi
Sorry about my probably stupid and easy question.
I have one server for outgoing smtp and I added a spamassassin to
filtered outgoing e-mial
This is trivial like
cut master.cf:
start -
smtp inet n - n - - smtpd -o
content_filter=spamassassin
submission inet n - - - - smtpd
-o content_filter=spamassassin
-o smtpd_milters=
-o syslog_name=postfix/submission
spamassassin unix - n n - - pipe
user=filter argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f
${sender} ${recipient}
- end
I use DKIM (added like documentations)
In log i found double added DKIM - because the mail goes back to the
queue and smtpd_milters tags it again ...
Probably I must create a returns transport with "-o smtpd_milters="
But I dont have idea - maby I thing wrong ...
works fine for 587,465 but not 25
log:
http://paste.debian.net/1133556/
I have many vdomain and I don't want to use amavis
too many errors
Hi I added zabbix to test connections - all works fine but sometimes i found in logs "too many errors after EHLO" logs: Feb 10 20:49:21 thebe4 postfix/smtpd[6609]: connect from zabbix.domain.ltd[xxx.xxx.xxx.68] Feb 10 20:49:21 thebe4 postfix/smtpd[6609]: Anonymous TLS connection established from zabbix.domain.ltd[xxx.xxx.xxx.68]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Feb 10 20:49:21 thebe4 postfix/smtpd[6609]: too many errors after EHLO from zabbix.domain.ltd[xxx.xxx.xxx.68] Feb 10 20:49:21 thebe4 postfix/smtpd[6609]: disconnect from zabbix.domain.ltd[xxx.xxx.xxx.68] ehlo=2 starttls=1 noop=1 commands=4 ip xxx.xxx.xxx.68 is add in mynetworks my restryctions about helo: smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_invalid_helo_hostname and client: smtpd_client_restrictions = # ip black / whitlist check_client_access cidr:/etc/postfix/client_checks, ---> I've added zabbix IP too reject_unauth_pipelining, permit, And I don't know why some times all works fine and sometimes i get this error in logs zabbix connect every 1 minut
