Postfix version.

[Manoj Burande]

Hello Noel,

  As I checked with "http://www.postfix.org/announcements.html"; I
found the following current stable version of postfix mail server.
But I do not find any RPM for the same.

# August 28, 2009: Stable release Postfix 2.6.5.

  Currently I am using postfix version as resulted with # postconf
mail_version command. So can you please tell me is it ok to use this
version on my production servers?

[r...@ns ~]# postconf mail_version
mail_version = 2.5.6

-- 
Manoj M. Burande,
Artificial Machines Pvt Ltd,
System Administrator.

Re: Postfix version.

[Noel Jones]

On 11/12/2009 11:56 PM, Manoj Burande wrote:

Hello Noel,

   As I checked with "http://www.postfix.org/announcements.html"; I
found the following current stable version of postfix mail server.
But I do not find any RPM for the same.

# August 28, 2009: Stable release Postfix 2.6.5.

   Currently I am using postfix version as resulted with # postconf
mail_version command. So can you please tell me is it ok to use this
version on my production servers?

[r...@ns ~]# postconf mail_version
mail_version = 2.5.6



Pretty much any postfix version from 2.3.0 thru the current 
snapshot will be reasonably safe and stable in a production 
environment.


Newer versions will have bug fixes and new features that may 
or may not affect you.  Bugs in postfix tend to be small 
annoyances rather than major issues.  New features are only 
useful if they fix some problem you have.


Check the online HISTORY and RELEASE_NOTES to see what's been 
changed.


  -- Noel Jones

Postfix version 2.6.0 available

[Wietse Venema]

Postfix stable release 2.6.0 is available. After Postfix was declared
"complete" with version 2.3, the focus has moved towards improving
the code/documentation, and updating it for changing environments.

- Multi-instance support introduces a new postmulti(1) command to
  create/add/remove/etc. additional Postfix instances. The familiar
  "postfix start" etc.  commands now automatically start multiple
  Postfix instances.  The good news: nothing changes when you use
  only one Postfix instance. See MULTI_INSTANCE_README for details.

- Multi-instance support required that some files be moved from
  the non-shared $config_directory to the shared $daemon_directory.
  The affected files are postfix-script, postfix-files and post-install.

- TLS (SSL) support was updated for elliptic curve encryption. This
  requires OpenSSL version 0.9.9 or later. The SMTP client no longer
  uses the SSLv2 protocol by default. See TLS_README for details.

- The Milter client now supports all Sendmail 8.14 Milter requests,
  including requests for rejected recipient addresses, and requests
  to replace the envelope sender address. See MILTER_README for
  details.

- Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To:
  headers to email messages with "remote" origins (these are origins
  that don't match $local_header_rewrite_clients). Adding such
  headers breaks DKIM signatures that explicitly cover non-present
  headers.  For compatibility with existing logfile processing
  software, Postfix will log ``message-id=<>'' for email messages
  that have no Message-Id header.

- Stress-adaptive behavior is now enabled by default. This allows
  the Postfix SMTP server to temporarily reduce time limits and
  error-count limits under conditions of overload, such as a malware
  attack or backscatter flood. See STRESS_README for details.

No functionality has been removed, but it is a good idea to review
the RELEASE_NOTES file for the usual minor incompatibilities or
limitations.

You can find Postfix version 2.6.0 at the mirrors listed at
http://www.postfix.org/

The same code is also available as Postfix snapshot 2.7-20090511.
Updated versions of Postfix version 2.5, 2.4 and perhaps 2.3 will
be released with the same fixes that were already included with
Postfix versions 2.6 and 2.7.

Wietse

smtpd_relay postfix version 2.6

[Dejan Doder]

Hi group ,
how can I authenticate to this version of postfix
postfix-2.6.6-2.2 to send mail on port 587?

BR
DEjan

Re: Postfix version 2.6.0 available

[Reinaldo de Carvalho]

On Tue, May 12, 2009 at 10:17 AM, Wietse Venema  wrote:
>
> - Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To:
>  headers to email messages with "remote" origins (these are origins
>  that don't match $local_header_rewrite_clients). Adding such
>  headers breaks DKIM signatures that explicitly cover non-present
>  headers.  For compatibility with existing logfile processing
>  software, Postfix will log ``message-id=<>'' for email messages
>  that have no Message-Id header.
>

Hi Wietse,

first, thank you for Postfix! ;)

last, the item above is a option? always_add_missing_headers=yes
ignore $local_header_rewrite_clients value? I read updated
postconf.5.html but this is not clear to me.

-- 
Reinaldo de Carvalho
http://korreio.sf.net
http://python-cyrus.sf.net

Re: Postfix version 2.6.0 available

[Pascal Maes]

Le 12-mai-09 à 15:17, Wietse Venema a écrit :


Postfix stable release 2.6.0 is available. After Postfix was declared
"complete" with version 2.3, the focus has moved towards improving
the code/documentation, and updating it for changing environments.




Hello,

We have installed the new version of postfix and we see the following  
situation :


# tail -f /var/log/mail.log | grep 10025
May 13 09:18:13 smtp-1 postfix/smtpd[26441]: warning: proxy  
127.0.0.1:10025 rejected "MAIL FROM:  
SIZE=8598 AUTH=<>": "555 5.5.4 Unsupported option: AUTH=<>"
May 13 09:35:03 smtp-1 postfix/smtpd[26202]: warning: proxy  
127.0.0.1:10025 rejected "MAIL FROM:  
SIZE=31674 AUTH=": "555 5.5.4 Unsupported  
option: AUTH="
May 13 09:36:22 smtp-1 postfix/smtpd[28401]: warning: proxy  
127.0.0.1:10025 rejected "MAIL FROM:  
SIZE=4120 AUTH=": "555 5.5.4 Unsupported  
option: AUTH="
May 13 09:36:23 smtp-1 postfix/smtpd[26200]: warning: proxy  
127.0.0.1:10025 rejected "MAIL FROM: SIZE=3395  
AUTH=<>": "555 5.5.4 Unsupported option: AUTH=<>"



Clamsmtpd is listening on the port 10025.


smtp  inet  n   -   n   -   300   smtpd
  -o stress=yes
  -o smtpd_proxy_filter=127.0.0.1:10025
  -o receive_override_options=no_address_mappings
#
submission inet n   -   n   -   -   smtpd
  -o smtpd_etrn_restrictions=reject
  -o smtpd_use_tls=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_starttls_timeout=300s
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_proxy_filter=127.0.0.1:10025
  -o receive_override_options=no_address_mappings
#
smtps inet  n   -   n   -   -   smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_use_tls=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_proxy_filter=127.0.0.1:10025
  -o receive_override_options=no_address_mappings



We did not notice this kind of behaviour with the 2.5.6 version of  
Postfix.


What's wrong ?
--
Pascal

Re: Postfix version 2.6.0 available

[Sahil Tandon]

On Wed, 13 May 2009, Pascal Maes wrote:

> Le 12-mai-09 à 15:17, Wietse Venema a écrit :
>
>> Postfix stable release 2.6.0 is available. After Postfix was declared
>> "complete" with version 2.3, the focus has moved towards improving
>> the code/documentation, and updating it for changing environments.
>
> We have installed the new version of postfix and we see the following  
> situation :
>
> # tail -f /var/log/mail.log | grep 10025
> May 13 09:18:13 smtp-1 postfix/smtpd[26441]: warning: proxy  
> 127.0.0.1:10025 rejected "MAIL FROM:  
> SIZE=8598 AUTH=<>": "555 5.5.4 Unsupported option: AUTH=<>"

Could that be another instance of Postfix running on port 10025?  It does not
advertise AUTH capability (i.e. SASL is not enabled), is given "AUTH=<>" by
the client on the MAIL FROM line, and appropriately responds with 555.

-- 
Sahil Tandon 

Re: Postfix version 2.6.0 available

[Victor Duchovni]

On Wed, May 13, 2009 at 06:59:09PM -0400, Sahil Tandon wrote:

> > We have installed the new version of postfix and we see the following  
> > situation :
> >
> > # tail -f /var/log/mail.log | grep 10025
> > May 13 09:18:13 smtp-1 postfix/smtpd[26441]: warning: proxy  
> > 127.0.0.1:10025 rejected "MAIL FROM:  
> > SIZE=8598 AUTH=<>": "555 5.5.4 Unsupported option: AUTH=<>"
> 
> Could that be another instance of Postfix running on port 10025?  It does not
> advertise AUTH capability (i.e. SASL is not enabled), is given "AUTH=<>" by
> the client on the MAIL FROM line, and appropriately responds with 555.

Proxy filters are required to be transparent, and to support all the
ESMTP features of the front-end Postfix. Good proxies ignore unsupported
ESMTP extensions and pass them through verbatim. If the proxy wants to
understand and selectively reject ESMTP extensions is not transparent.

If your proxy is not transparent, it can only be used as a post-queue
content-filter, and cannot be used a pre-queue proxy filter.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Postfix version 2.6.0 available

[Ihsan Dogan]

Am 12.5.2009 15:17 Uhr, Wietse Venema schrieb:

> Postfix stable release 2.6.0 is available. After Postfix was declared
> "complete" with version 2.3, the focus has moved towards improving
> the code/documentation, and updating it for changing environments.

I've updated the Solaris packages to 2.6.0 and they are available here:
http://ihsan.dogan.ch/postfix/



Ihsan

-- 
ih...@dogan.ch  http://blog.dogan.ch/

Re: smtpd_relay postfix version 2.6

[Viktor Dukhovni]

On Fri, Jul 05, 2013 at 10:18:35PM +0200, Dejan Doder wrote:

> how can I authenticate to this version of postfix
> postfix-2.6.6-2.2 to send mail on port 587?

http://www.postfix.org/SASL_README.html

-- 
Viktor.

always_add_missing_headers (was: Postfix version 2.6.0 available)

[Wietse Venema]

Reinaldo de Carvalho:
> On Tue, May 12, 2009 at 10:17 AM, Wietse Venema  wrote:
> >
> > - Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To:
> > ?headers to email messages with "remote" origins (these are origins
> > ?that don't match $local_header_rewrite_clients). Adding such
> > ?headers breaks DKIM signatures that explicitly cover non-present
> > ?headers. ?For compatibility with existing logfile processing
> > ?software, Postfix will log ``message-id=<>'' for email messages
> > ?that have no Message-Id header.
> >
> 
> Hi Wietse,
> 
> first, thank you for Postfix! ;)
> 
> last, the item above is a option? always_add_missing_headers=yes
> ignore $local_header_rewrite_clients value? I read updated
> postconf.5.html but this is not clear to me.

Specify "always_add_missing_headers=yes" to always add (Resent-)
From:, Date:, Message-ID: or To: headers when these are not present.

Wietse

postfix version 2.10-20120902 relay issue

[Naval saini]

I want to configure Haproxy for load balanceing of outgoing mails . for this
configuration of haproxy and postfix  i have googled various artical since
last month finally i got some information from Haproxy mailling list.
To balance postfix i am using ..
HA-Proxy version 1.5-dev11 2012/06/04
postfix mail_version = 2.10-20120902

 In /etc/main.cf
postscreen_upstream_proxy_protocol = haproxy
smtpd_upstream_proxy_protocol = haproxy

In /etc/haproxy.cfg

global
maxconn 4096 # Total Max Connections. This is dependent on
ulimit
nbproc  4
log 127.0.0.1 local4
defaults
modetcp
#   timeout connect 20s
#timeout client 20s
#timeout server 22s
frontend smtp_proxy 0.0.0.0:10021
mode tcp
log global
option tcplog
default_backend bk_postfix
backend bk_postfix
mode tcp
log global
option tcplog
balance roundrobin
#source 0.0.0.0 usesrc clientip
server postfix 127.0.0.1:25 send-proxy
server r23.mtp.org 74.117.56.x:25 send-proxy
server r17.mtp.org 199.71.212.x:25 send-proxy
both service haproxy and postfix running
but when i relay mails from my php application and from load balancer to
another smtp (which also have postfix 2.10) this shows error 
"  status=deferred (host r23.mtp.org[74.117.x.x] refused to talk to me: 421
4.3.2 No system resources)
 
and i am testing this all on vps server with centos 5.8 
Is this configuration error or system resource related error.?
please help me thank you in advance




--
View this message in context: 
http://postfix.1071664.n5.nabble.com/postfix-version-2-10-20120902-relay-issue-tp50315.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Policy protocol size attribute and postfix version

[Rob Tanner]

Hi,

This is sort of a two part question.  I am running Postfix version 2.2.10
from RedHat.  It¹s current for Enterprise Linux 4.  Since vendors often use
their own numbering schemes, I don¹t know what Postfix version it really is
in terms of the numbering at postfix.org.   Can anyone tell me?

Second issue.  I¹m going to implement a policy engine and so I¹m logging the
data sent to a snippet of code that¹s simply sending back an ³OK².  What I¹m
noticing is that the size attribute usually has a zero value but sometimes
has a non-zero value.  My read of the documentation says that unless I¹m
running a version of Postfix earlier than v2.2 (postfix.org numbering) it
should always be non-zero.

Can anyone enlighten me on this?

Thanks,
Rob



--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville Oregon
503-883-2558

Re: postfix version 2.10-20120902 relay issue

[Wietse Venema]

Naval saini:
> another smtp (which also have postfix 2.10) this shows error 
> "  status=deferred (host r23.mtp.org[74.117.x.x] refused to talk to me: 421
> 4.3.2 No system resources)

Look for warnings in the mail logfile of r23.mtp.org[74.117.x.x].

Wietse

Re: postfix version 2.10-20120902 relay issue

[Naval saini]

this are the log of r23.mtp.org
/var/log/maillog

Sep  5 13:35:32 s1 postfix/smtpd[13312]: connect from unknown[199.83.x.x]
Sep  5 13:35:32 s1 postfix/smtpd[13312]: lost connection after CONNECT from
unknown[199.83.x.x]
Sep  5 13:35:32 s1 postfix/smtpd[13312]: disconnect from unknown[199.83.x.x]
Sep  5 13:35:32 s1 postfix/smtpd[12286]: warning: 199.83.x.x: hostname
unassigned.psychz.net verification failed: Name or service not known
Sep  5 13:35:32 s1 postfix/smtpd[12286]: connect from unknown[199.83.x.x]
Sep  5 13:35:32 s1 postfix/smtpd[12286]: lost connection after CONNECT from
unknown[199.83.x.x]


On Thu, Sep 6, 2012 at 7:11 PM, Wietse Venema [via Postfix] <
ml-node+s1071664n50316...@n5.nabble.com> wrote:

> Naval saini:
> > another smtp (which also have postfix 2.10) this shows error
> > "  status=deferred (host r23.mtp.org[74.117.x.x] refused to talk to me:
> 421
> > 4.3.2 No system resources)
>
> Look for warnings in the mail logfile of r23.mtp.org[74.117.x.x].
>
> Wietse
>
>
> --
>  If you reply to this email, your message will be added to the discussion
> below:
>
> http://postfix.1071664.n5.nabble.com/postfix-version-2-10-20120902-relay-issue-tp50315p50316.html
>  To unsubscribe from postfix version 2.10-20120902 relay issue, click 
> here<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=50315&code=c2FpbmluYXZhbDU4QGdtYWlsLmNvbXw1MDMxNXwyODE4NTg0MTY=>
> .
> NAML<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>




--
View this message in context: 
http://postfix.1071664.n5.nabble.com/postfix-version-2-10-20120902-relay-issue-tp50315p50322.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: postfix version 2.10-20120902 relay issue

[Wietse Venema]

Naval saini:
> "  status=deferred (host r23.mtp.org[74.117.x.x] refused to talk to me:
> 421 4.3.2 No system resources)

Note: the above is a POSTSCREEN error reply. There is no other
program in Postfix 2.10 that responds with that text.

Naval saini:
> Sep  5 13:35:32 s1 postfix/smtpd[13312]: connect from unknown[199.83.x.x]
> Sep  5 13:35:32 s1 postfix/smtpd[13312]: lost connection after CONNECT from
> unknown[199.83.x.x]
> Sep  5 13:35:32 s1 postfix/smtpd[13312]: disconnect from unknown[199.83.x.x]
> Sep  5 13:35:32 s1 postfix/smtpd[12286]: warning: 199.83.x.x: hostname
> unassigned.psychz.net verification failed: Name or service not known
> Sep  5 13:35:32 s1 postfix/smtpd[12286]: connect from unknown[199.83.x.x]
> Sep  5 13:35:32 s1 postfix/smtpd[12286]: lost connection after CONNECT from
> unknown[199.83.x.x]

That is not POSTSCREEN logging.

I you want to be helped, provide the logfile record including the
TIME STAMP and the POSTFIX PROGRAM NAME for both sides of the same
connection.

Wietse

Re: postfix version 2.10-20120902 relay issue

[Naval saini]

d[13312]: connect from
> unknown[199.83.x.x]
> > Sep  5 13:35:32 s1 postfix/smtpd[13312]: lost connection after CONNECT
> from
> > unknown[199.83.x.x]
> > Sep  5 13:35:32 s1 postfix/smtpd[13312]: disconnect from
> unknown[199.83.x.x]
> > Sep  5 13:35:32 s1 postfix/smtpd[12286]: warning: 199.83.x.x: hostname
> > unassigned.psychz.net verification failed: Name or service not known
> > Sep  5 13:35:32 s1 postfix/smtpd[12286]: connect from
> unknown[199.83.x.x]
> > Sep  5 13:35:32 s1 postfix/smtpd[12286]: lost connection after CONNECT
> from
> > unknown[199.83.x.x]
>
> That is not POSTSCREEN logging.
>
> I you want to be helped, provide the logfile record including the
> TIME STAMP and the POSTFIX PROGRAM NAME for both sides of the same
> connection.
>
> Wietse
>
>
> ------
>  If you reply to this email, your message will be added to the discussion
> below:
>
> http://postfix.1071664.n5.nabble.com/postfix-version-2-10-20120902-relay-issue-tp50315p50326.html
>  To unsubscribe from postfix version 2.10-20120902 relay issue, click 
> here<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=50315&code=c2FpbmluYXZhbDU4QGdtYWlsLmNvbXw1MDMxNXwyODE4NTg0MTY=>
> .
> NAML<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>




--
View this message in context: 
http://postfix.1071664.n5.nabble.com/postfix-version-2-10-20120902-relay-issue-tp50315p50329.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: postfix version 2.10-20120902 relay issue

[Wietse Venema]

Naval saini:
> Sep  6 16:37:48 r22 postfix/postscreen[3992]: warning: haproxy read: time
> limit exceeded
> Sep  6 16:46:51 r22 postfix/postscreen[5233]: warning: haproxy read: time
> limit exceeded
> Sep  6 16:50:49 r22 postfix/postscreen[5448]: warning: haproxy read: time
> limit exceeded
> Sep  6 17:02:18 r22 postfix/postscreen[5791]: warning: haproxy read: time
> limit exceeded

Your load balancer does not send connection information within the
time limit (the default, "postscreen_upstream_proxy_timeout = 5s"
should be sufficient).

Perhaps the load balancer uses a different protocol than HAPROXY.

You can use "tcpdump -s 0 -w /file/name" to record a failed session
and see what protocol the load balancer actually uses.

Wietse

Re: postfix version 2.10-20120902 relay issue

[Willy Tarreau]

Hi Wietse,

On Thu, Sep 06, 2012 at 02:33:55PM -0400, Wietse Venema wrote:
> Naval saini:
> > Sep  6 16:37:48 r22 postfix/postscreen[3992]: warning: haproxy read: time
> > limit exceeded
> > Sep  6 16:46:51 r22 postfix/postscreen[5233]: warning: haproxy read: time
> > limit exceeded
> > Sep  6 16:50:49 r22 postfix/postscreen[5448]: warning: haproxy read: time
> > limit exceeded
> > Sep  6 17:02:18 r22 postfix/postscreen[5791]: warning: haproxy read: time
> > limit exceeded
> 
> Your load balancer does not send connection information within the
> time limit (the default, "postscreen_upstream_proxy_timeout = 5s"
> should be sufficient).
> 
> Perhaps the load balancer uses a different protocol than HAPROXY.
> 
> You can use "tcpdump -s 0 -w /file/name" to record a failed session
> and see what protocol the load balancer actually uses.

That's something totally possible. Naval seems to be using latest haproxy
development snapshot. I think it would help if problem reports on the
postfix ML were done with "more reliable" haproxy code than latest devel
snapshot, and vice-versa.

My non-reg tests have shown that the PROXY protocol in this version seems
to work for me but this does not mean there is no bug. A tcpdump trace is
clearly needed.

Naval, if your trace shows there is no PROXY protocol in the connection,
please try again with 1.5-dev11 and bring the issue back on the haproxy ML.

Regards,
Willy

Re: postfix version 2.10-20120902 relay issue

[Naval saini]

I have did
tcpdump -s0 -w file.cap this shows

tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to
cooked socket
tcpdump: listening on venet0, link-type LINUX_SLL (Linux cooked), capture
size 65535 bytes
191 packets captured
192 packets received by filter
0 packets dropped by kernel

when i capture for port 25 this shows

 tcpdump -ni venet0 -s0 -w file.cap port 25
tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to
cooked socket
tcpdump: listening on venet0, link-type LINUX_SLL (Linux cooked), capture
size 65535 bytes
0 packets captured
1 packets received by filter
0 packets dropped by kernel

and regarding to smtp trafic when i connect my load balancer from my php
application this shows
"* 421 4.3.2 No system resources"*
this problem start when i upgrade postfix from  2.3 to 2.10.
in older version of postfix this load balancer server was sending mails
successfully .
due to this relay error how can i put smtp load on load balancer.


On Fri, Sep 7, 2012 at 12:43 PM, Willy Tarreau  wrote:

> Hi,
>
> On Fri, Sep 07, 2012 at 12:40:38PM +0530, Naval saini wrote:
> >  tcpdump -i venet0 -e host 199.83.x.x
> > tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back
> to
> > cooked socket
> > tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> > listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 96
> > bytes
> > 11:07:38.787889 Out ethertype IPv4 (0x0800), length 252: r22.mtp.org.ssh
> >
> > 117.203.6.14.58397: P 836101525:836101721(196) ack 2820479482 win 17424
> (...)
>
> You need to put this into a file (-s0 -w file.cap) otherwise this is not
> exploitable at all. Also there is no smtp traffic here at all. I suggest
> you limit the capture to port 25 :
>
>tcpdump -ni veth0 -s0 -w file.cap port 25
>
> Regards,
> Willy
>
>




--
View this message in context: 
http://postfix.1071664.n5.nabble.com/postfix-version-2-10-20120902-relay-issue-tp50315p50347.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: postfix version 2.10-20120902 relay issue

[Wietse Venema]

Naval saini:
> and regarding to smtp trafic when i connect my load balancer from my php
> application this shows
> "* 421 4.3.2 No system resources"*

You have haproxy turned on in postscreen, but your load
balancer is not sending the haproxy protocol.

Where is the tcpdump output file?

Wietse

Re: postfix version 2.10-20120902 relay issue

[Naval saini]

When mails are submited from application these parameter commented in
main.cf file
#postscreen_upstream_proxy_protocol = haproxy
#postscreen_upstream_proxy_timeout = 1s
#smtpd_upstream_proxy_protocol = haproxy

server relaying mails and and tcpdump shows

tcpdump -s0 -w file.cap
tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to
cooked socket
tcpdump: listening on venet0, link-type LINUX_SLL (Linux cooked), capture
size 65535 bytes
294 packets captured
296 packets received by filter
0 packets dropped by kernel

 tcpdump -ni venet0 -s0 -w file.cap port 25
tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to
cooked socket
tcpdump: listening on venet0, link-type LINUX_SLL (Linux cooked), capture
size 65535 bytes
323 packets captured
324 packets received by filter
0 packets dropped by kernel


When mails are submited from application these parameter are not commented
in main.cf file
postscreen_upstream_proxy_protocol = haproxy
postscreen_upstream_proxy_timeout = 1s
smtpd_upstream_proxy_protocol = haproxy

server stops relaying of  mails and and tcpdump shows
tcpdump -s0 -w file.cap
tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to
cooked socket
tcpdump: listening on venet0, link-type LINUX_SLL (Linux cooked), capture
size 65535 bytes
41 packets captured
43 packets received by filter
0 packets dropped by kernel



tcpdump -ni venet0 -s0 -w file.cap port 25
tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to
cooked socket
tcpdump: listening on venet0, link-type LINUX_SLL (Linux cooked), capture
size 65535 bytes
40 packets captured
41 packets received by filter
0 packets dropped by kernel
 now tell me where the problem and logs of load balancer are
/var/log/mailllog
Sep  7 17:12:14 r22 postfix/smtp[7362]: 47A8B1F54156: to=<
bournbo...@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.64.26]:25,
delay=1.9, delays=0.4/0/0.21/1.3, dsn=2.0.0, status=sent (250 2.0.0 OK
1347023531 b10si6583182oee.33)
Sep  7 17:12:14 r22 postfix/qmgr[6035]: 47A8B1F54156: removed
Sep  7 17:12:14 r22 postfix/cleanup[7175]: 154991F54154: message-id=<
a68a1d0a9b810e18fb79787cd9e20...@test.25smtp.com>
Sep  7 17:12:14 r22 postfix/postfix-script[7386]: stopping the Postfix mail
system
Sep  7 17:12:14 r22 postfix/master[6034]: terminating on signal 15
Sep  7 17:12:30 r22 postfix/postfix-script[7461]: starting the Postfix mail
system
Sep  7 17:12:30 r22 postfix/master[7463]: daemon started -- version
2.10-20120902, configuration /etc/postfix
Sep  7 17:12:30 r22 postfix/qmgr[7464]: 1F2FF1F54153: from=<
bou...@test.25smtp.com>, size=7874, nrcpt=1 (queue active)
Sep  7 17:12:31 r22 postfix/smtp[7468]: 1F2FF1F54153: to=,
relay=gmail-smtp-in.l.google.com[173.194.64.26]:25, delay=25,
delays=24/0.01/0.21/0.58, dsn=2.0.0, status=sent (250 2.0.0 OK 1347023548
b10si6586615oee.28)
Sep  7 17:12:31 r22 postfix/qmgr[7464]: 1F2FF1F54153: removed
Sep  7 17:12:31 r22 postfix/postscreen[7469]: warning: haproxy read: time
limit exceeded
Sep  7 17:13:02 r22 last message repeated 15 times
~

log of node server
/var/log/maillog

Sep  7 16:31:40 r23 postfix/master[1783]: terminating on signal 15
Sep  7 16:31:40 r23 postfix/postfix-script[2019]: starting the Postfix mail
system
Sep  7 16:31:41 r23 postfix/master[2021]: daemon started -- version
2.10-20120902, configuration /etc/postfix
Sep  7 16:55:14 r23 postfix/postfix-script[5465]: stopping the Postfix mail
system
Sep  7 16:55:14 r23 postfix/master[2021]: terminating on signal 15
Sep  7 16:55:15 r23 postfix/postfix-script[5539]: starting the Postfix mail
system
Sep  7 16:55:15 r23 postfix/master[5541]: daemon started -- version
2.10-20120902, configuration /etc/postfix



On Fri, Sep 7, 2012 at 4:02 PM, Wietse Venema [via Postfix] <
ml-node+s1071664n50354...@n5.nabble.com> wrote:

> Naval saini:
> > and regarding to smtp trafic when i connect my load balancer from my php
> > application this shows
> > "* 421 4.3.2 No system resources"*
>
> You have haproxy turned on in postscreen, but your load
> balancer is not sending the haproxy protocol.
>
> Where is the tcpdump output file?
>
> Wietse
>
>
> --
>  If you reply to this email, your message will be added to the discussion
> below:
>
> http://postfix.1071664.n5.nabble.com/postfix-version-2-10-20120902-relay-issue-tp50315p50354.html
>  To unsubscribe from postfix version 2.10-20120902 relay issue, click 
> here<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=50315&code=c2FpbmluYXZhbDU4QGdtYWlsLmNvbXw1MDMxNXwyODE4NTg0MTY=>
> .
> NAML<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.templa

Re: postfix version 2.10-20120902 relay issue

[Wietse Venema]

Naval saini:
> When mails are submited from application these parameter are not commented
> in main.cf file
> postscreen_upstream_proxy_protocol = haproxy
> postscreen_upstream_proxy_timeout = 1s
> smtpd_upstream_proxy_protocol = haproxy
> 
> server stops relaying of  mails 

Your first mistake is to use postscreen to submit mail from
an application.

postscreen is a ZOMBIE DETECTOR.

Wietse

Re: postfix version 2.10-20120902 relay issue

[Naval saini]

Than please tell me how can i balance load of outgoing mails using haproxy
and what postfix program i should use to receive mails from php application
and balancing load using haproxy backhand servers.
Does relayhost parameter play any role in haproxy like it plays in DNS load
balancing.
please help me.

On Fri, Sep 7, 2012 at 8:29 PM, Wietse Venema  wrote:

> Naval saini:
> > When mails are submited from application these parameter are not
> commented
> > in main.cf file
> > postscreen_upstream_proxy_protocol = haproxy
> > postscreen_upstream_proxy_timeout = 1s
> > smtpd_upstream_proxy_protocol = haproxy
> >
> > server stops relaying of  mails
>
> Your first mistake is to use postscreen to submit mail from
> an application.
>
> postscreen is a ZOMBIE DETECTOR.
>
> Wietse
>

Re: postfix version 2.10-20120902 relay issue

[Wietse Venema]

Wietse:
> Your first mistake is to use postscreen to submit mail from
> an application.

Naval saini:
> Than please tell me how can i balance load of outgoing mails using haproxy
> and what postfix program i should use to receive mails from php application
> and balancing load using haproxy backhand servers.

Turn off postscreen. 
http://www.postfix.org/POSTSCREEN_README.html#turnoff

Turn on smtpd_upstream_proxy_protocol. 
http://www.postfix.org/postconf.5.html#smtpd_upstream_proxy_protocol

> Does relayhost parameter play any role in haproxy like it plays in DNS load
> balancing.

Your problem is RECEIVING mail. relayhost is for SENDING mail.
http://www.postfix.org/BASIC_CONFIGURATION_README.html

Wietse

Re: postfix version 2.10-20120902 relay issue

[Naval saini]

*As you told now i have turned off postscreen and using *
smtpd_upstream_proxy_protocol = haproxy
smtpd_upstream_proxy_timeout = 5s
 in my /etc/postfix/main.cf file


*
and in /etc/postfix/master.cf*
smtpinetn   -   n   -   -   smtpd -o
smtpd_sasl_auth_enable=yes
*
and my /etc/haproxy.cfg file looks like*

global
maxconn 4096 # Total Max Connections. This is dependent on
ulimit
daemon
nbproc  4 # Number of processing cores. Dual Dual-core Opteron
is 4 cores for example.
log 127.0.0.1 local4
defaults
modetcp
clitimeout  4s
srvtimeout  4s

frontend smtp_proxy 0.0.0.0:10021
mode tcp
log global
option tcplog
default_backend bk_postfix
backend bk_postfix
mode tcp
log global
option tcplog
contimeout 3000
srvtimeout 3000
balance roundrobin  # here i am testing things only one node
server r23.mtp.org 74.117.x.x:25 send-proxy


And Now i am submiting mails from another mail server on load balancer
using sasl authentication but now it not receiving mails
and When i submit mails to load balancer* /var/log/maillog showing *

Sep  8 13:09:47 r22 postfix/smtpd[3170]: connect from unknown[unknown]
Sep  8 13:09:47 r22 postfix/smtpd[3170]: disconnect from unknown[unknown]
Sep  8 13:09:53 r22 postfix/smtpd[3170]: warning: haproxy read: timeout error
Sep  8 13:09:53 r22 postfix/smtpd[3170]: connect from unknown[unknown]
Sep  8 13:09:53 r22 postfix/smtpd[3170]: disconnect from unknown[unknown]
Sep  8 13:09:58 r22 postfix/smtpd[3170]: warning: haproxy read: timeout error
Sep  8 13:09:58 r22 postfix/smtpd[3170]: connect from unknown[unknown]
Sep  8 13:09:58 r22 postfix/smtpd[3170]: disconnect from unknown[unknown]
Sep  8 13:10:04 r22 postfix/smtpd[3170]: warning: haproxy read: timeout error

now please tell me where i am doing mistake ..?




On Fri, Sep 7, 2012 at 10:12 PM, Wietse Venema  wrote:

> Wietse:
> > Your first mistake is to use postscreen to submit mail from
> > an application.
>
> Naval saini:
> > Than please tell me how can i balance load of outgoing mails using
> haproxy
> > and what postfix program i should use to receive mails from php
> application
> > and balancing load using haproxy backhand servers.
>
> Turn off postscreen.
> http://www.postfix.org/POSTSCREEN_README.html#turnoff
>
> Turn on smtpd_upstream_proxy_protocol.
> http://www.postfix.org/postconf.5.html#smtpd_upstream_proxy_protocol
>
> > Does relayhost parameter play any role in haproxy like it plays in DNS
> load
> > balancing.
>
> Your problem is RECEIVING mail. relayhost is for SENDING mail.
> http://www.postfix.org/BASIC_CONFIGURATION_README.html
>
> Wietse
>

Re: postfix version 2.10-20120902 relay issue

[Wietse Venema]

Naval saini:
> Sep  8 13:09:47 r22 postfix/smtpd[3170]: connect from unknown[unknown]
> Sep  8 13:09:47 r22 postfix/smtpd[3170]: disconnect from unknown[unknown]
> Sep  8 13:09:53 r22 postfix/smtpd[3170]: warning: haproxy read: timeout error
> Sep  8 13:09:53 r22 postfix/smtpd[3170]: connect from unknown[unknown]
> Sep  8 13:09:53 r22 postfix/smtpd[3170]: disconnect from unknown[unknown]
> Sep  8 13:09:58 r22 postfix/smtpd[3170]: warning: haproxy read: timeout error
> Sep  8 13:09:58 r22 postfix/smtpd[3170]: connect from unknown[unknown]
> Sep  8 13:09:58 r22 postfix/smtpd[3170]: disconnect from unknown[unknown]
> Sep  8 13:10:04 r22 postfix/smtpd[3170]: warning: haproxy read: timeout error
> 
> now please tell me where i am doing mistake ..?

Capture a session with:

tcpdump -s 0 -w OUTPUTFILE port 25

Make THAT OUTPUTFILE available so that Willy and I can have a look.

Then we can make progress.

Wietse

Re: postfix version 2.10-20120902 relay issue

[Naval saini]

*this the output of dump file tcpdump -s 0 -w file.cap port 25*
tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to
cooked socket
tcpdump: listening on venet0, link-type LINUX_SLL (Linux cooked), capture
size 65535 bytes
260 packets captured
261 packets received by filter
0 packets dropped by kernel

what i am thinking regarding this problem
If you check haproxy listening on port 10021
*frontend smtp_proxy 0.0.0.0:10021*
 according to me this means haproxy will accept client request on port
10021 and will respond by* backend bk_postfix* servers which are listed i
have checked the* log of bakend servers *looks like

warning: hostname unassigned.psychz.net does not resolve to address
199.83.95.70: Name or service not known
Sep  8 17:00:59 r23 postfix/smtpd[30403]: connect from unknown[199.83.95.70]
Sep  8 17:00:59 r23 postfix/smtpd[30403]: lost connection after
CONNECT from unknown[199.83.95.70]
Sep  8 17:00:59 r23 postfix/smtpd[30403]: disconnect from unknown[199.83.95.70]
Sep  8 17:00:59 r23 postfix/smtpd[30403]: warning: hostname
unassigned.psychz.net does not resolve to address 199.83.95.70: Name
or service not known
Sep  8 17:00:59 r23 postfix/smtpd[30403]: connect from unknown[199.83.95.70]
Sep  8 17:00:59 r23 postfix/smtpd[30403]: lost connection after
CONNECT from unknown[199.83.95.70]
Sep  8 17:00:59 r23 postfix/smtpd[30403]: disconnect from unknown[199.83.95.70]
Sep  8 17:00:59 r23 postfix/smtpd[30403]: warning: hostname
unassigned.psychz.net does not resolve to address 199.83.95.70: Name
or service not known
Sep  8 17:00:59 r23 postfix/smtpd[30403]: connect from unknown[199.83.95.70]
Sep  8 17:00:59 r23 postfix/smtpd[30403]: lost connection after
CONNECT from unknown[199.83.95.70]
Sep  8 17:00:59 r23 postfix/smtpd[30403]: disconnect from unknown[199.83.95.70]

means haproxy sending proxy on bakend server.
But it not accepting mails.
And the reason for this according to me (not sure but) we are sending mails
to postfix on port 25 while haproxy listening on port 10021 how it will
accept mails.
is this correct. if this is the issue than please tell me on which port i
have to bind frontend and on which i have to bind postfix. ?


On Sat, Sep 8, 2012 at 6:13 PM, Wietse Venema  wrote:

> Naval saini:
> > Sep  8 13:09:47 r22 postfix/smtpd[3170]: connect from unknown[unknown]
> > Sep  8 13:09:47 r22 postfix/smtpd[3170]: disconnect from unknown[unknown]
> > Sep  8 13:09:53 r22 postfix/smtpd[3170]: warning: haproxy read: timeout
> error
> > Sep  8 13:09:53 r22 postfix/smtpd[3170]: connect from unknown[unknown]
> > Sep  8 13:09:53 r22 postfix/smtpd[3170]: disconnect from unknown[unknown]
> > Sep  8 13:09:58 r22 postfix/smtpd[3170]: warning: haproxy read: timeout
> error
> > Sep  8 13:09:58 r22 postfix/smtpd[3170]: connect from unknown[unknown]
> > Sep  8 13:09:58 r22 postfix/smtpd[3170]: disconnect from unknown[unknown]
> > Sep  8 13:10:04 r22 postfix/smtpd[3170]: warning: haproxy read: timeout
> error
> >
> > now please tell me where i am doing mistake ..?
>
> Capture a session with:
>
> tcpdump -s 0 -w OUTPUTFILE port 25
>
> Make THAT OUTPUTFILE available so that Willy and I can have a look.
>
> Then we can make progress.
>
> Wietse
>

Re: postfix version 2.10-20120902 relay issue

[Wietse Venema]

Naval saini:
> *this the output of dump file tcpdump -s 0 -w file.cap port 25*
> tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to
> cooked socket
> tcpdump: listening on venet0, link-type LINUX_SLL (Linux cooked), capture
> size 65535 bytes

I asked for the OUTPUTFILE CONTENT of this command:

tcpdump -s 0 -w OUTPUTFILE port 25

In your case, the file.cap CONTENT file.cap, not the error messages.

Wietse

Re: postfix version 2.10-20120902 relay issue

[Naval saini]

wietse
 This is the tcpdump output file i am sending u please find the attachment.

On Sat, Sep 8, 2012 at 7:10 PM, Wietse Venema [via Postfix] <
ml-node+s1071664n50405...@n5.nabble.com> wrote:

> Naval saini:
> > *this the output of dump file tcpdump -s 0 -w file.cap port 25*
> > tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back
> to
> > cooked socket
> > tcpdump: listening on venet0, link-type LINUX_SLL (Linux cooked),
> capture
> > size 65535 bytes
>
> I asked for the OUTPUTFILE CONTENT of this command:
>
> tcpdump -s 0 -w OUTPUTFILE port 25
>
> In your case, the file.cap CONTENT file.cap, not the error messages.
>
> Wietse
>
>
> --
>  If you reply to this email, your message will be added to the discussion
> below:
>
> http://postfix.1071664.n5.nabble.com/postfix-version-2-10-20120902-relay-issue-tp50315p50405.html
>  To unsubscribe from postfix version 2.10-20120902 relay issue, click 
> here<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=50315&code=c2FpbmluYXZhbDU4QGdtYWlsLmNvbXw1MDMxNXwyODE4NTg0MTY=>
> .
> NAML<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>




--
View this message in context: 
http://postfix.1071664.n5.nabble.com/postfix-version-2-10-20120902-relay-issue-tp50315p50409.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: postfix version 2.10-20120902 relay issue

[Reindl Harald]

Am 08.09.2012 19:43, schrieb Naval saini:
> wietse
> This is the tcpdump output file i am sending u please find the attachment

there is NO attachment

upload large files to whatever service and post links
and please get rid of your top-posting



signature.asc
Description: OpenPGP digital signature

Old linux / postfix version - how add DKIM ?

[Edouard Guigné]

Hello,

My mail server is intalled in a old deprecated linux version (debian 
5.0) with postfix 2.5.5


I did not installed this linux box, only managing it. I plan to change 
this server with an other solution (e.g. Zimbra), but this is not the 
today priority.


I succeed to configure SPF records for this mail server.

I would like configure DKIM, with OpenDKIM from sources... I will not 
use package manager on this linux box, because it is deprecated.

I would like compile / install OpenDKIM from source.

Maybe someone could tell me it is possible according to my debian 
version and postfix version ?



Best Regards,

Ed

Re: Policy protocol size attribute and postfix version

[Wietse Venema]

Rob Tanner:
> Hi,
> 
> This is sort of a two part question.  I am running Postfix version 2.2.10
> from RedHat.  It?s current for Enterprise Linux 4.  Since vendors often use
> their own numbering schemes, I don?t know what Postfix version it really is
> in terms of the numbering at postfix.org.   Can anyone tell me?
> 
> Second issue.  I?m going to implement a policy engine and so I?m logging the
> data sent to a snippet of code that?s simply sending back an ?OK?.  What I?m
> noticing is that the size attribute usually has a zero value but sometimes
> has a non-zero value.  My read of the documentation says that unless I?m
> running a version of Postfix earlier than v2.2 (postfix.org numbering) it
> should always be non-zero.
> 
> Can anyone enlighten me on this?

The size attribute shows the number that the client sent with the
SMTP MAIL FROM command:

    MAIL FROM: SIZE=12345

As of some Postfix version, smtpd_end_of_data_restrictions shows
the actual size of the message after it is received.

I don't keep track of the modifications by vendors. I only hear
when modifications break something in Postfix.

Wietse

Re: Policy protocol size attribute and postfix version

[Ralf Hildebrandt]

* Rob Tanner :
> Hi,
> 
> This is sort of a two part question.  I am running Postfix version 2.2.10
> from RedHat.  It¹s current for Enterprise Linux 4.  Since vendors often use
> their own numbering schemes, I don¹t know what Postfix version it really is
> in terms of the numbering at postfix.org.   Can anyone tell me?

postconf -d |grep version

-- 
Ralf Hildebrandt
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.computerbeschimpfung.de
If we can dispel the delusion that learning about computers should be
an activity of fiddling with array indexes and worrying whether X is
an integer or a real number, we can begin to focus on programming as a
source of ideas.

Re: Old linux / postfix version - how add DKIM ?

[Wietse Venema]

Edouard Guign?:
> Hello,
> 
> My mail server is intalled in a old deprecated linux version (debian 
> 5.0) with postfix 2.5.5
> 
> I did not installed this linux box, only managing it. I plan to change 
> this server with an other solution (e.g. Zimbra), but this is not the 
> today priority.
> 
> I succeed to configure SPF records for this mail server.
> 
> I would like configure DKIM, with OpenDKIM from sources... I will not 
> use package manager on this linux box, because it is deprecated.
> I would like compile / install OpenDKIM from source.
> 
> Maybe someone could tell me it is possible according to my debian 
> version and postfix version ?

Postfix 2.3 and later has a Milter protocol client. You will need to find
a libmilter implementation that works with some version of OpenDKIM
and with Postfix's Milter client.

Wietse

Re: Old linux / postfix version - how add DKIM ?

[Matus UHLAR - fantomas]

On 21.02.19 10:36, Edouard Guigné wrote:
My mail server is intalled in a old deprecated linux version (debian 
5.0) with postfix 2.5.5


oh...  debian 7.0 is not supported for (nearly) a year, 6.0 for three years,
5.0 for seven years (debian didn't havee LTS before 6.0)
I wonder it hasn't been compromised yet.

I did not installed this linux box, only managing it. I plan to change 
this server with an other solution (e.g. Zimbra), but this is not the 
today priority.


I succeed to configure SPF records for this mail server.

I would like configure DKIM, with OpenDKIM from sources... I will not 
use package manager on this linux box, because it is deprecated.

I would like compile / install OpenDKIM from source.


I would consider installing dkim-filter from archive.debian.org
via apt-get, changing whatever mirror you use to archive.debian.org

another possibility would be backporting - compiling from source package,
opendkim 2.0 was in squeeze.

maybe the squeeze version is compilable, maybe it's even installable without
upgrading half of the system.

Maybe someone could tell me it is possible according to my debian 
version and postfix version ?


you must try and see.  Current opendkim versions may require newer
libraries, newer postfix etc.

However, this is not a postfix issue.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept.

Re: Old linux / postfix version - how add DKIM ?

[Robert Schetterer]

Am 21.02.19 um 17:03 schrieb Matus UHLAR - fantomas:

On 21.02.19 10:36, Edouard Guigné wrote:
My mail server is intalled in a old deprecated linux version (debian 
5.0) with postfix 2.5.5


oh...  debian 7.0 is not supported for (nearly) a year, 6.0 for three 
years,

5.0 for seven years (debian didn't havee LTS before 6.0)
I wonder it hasn't been compromised yet.

I did not installed this linux box, only managing it. I plan to change 
this server with an other solution (e.g. Zimbra), but this is not the 
today priority.


I succeed to configure SPF records for this mail server.

I would like configure DKIM, with OpenDKIM from sources... I will not 
use package manager on this linux box, because it is deprecated.

I would like compile / install OpenDKIM from source.


I would consider installing dkim-filter from archive.debian.org
via apt-get, changing whatever mirror you use to archive.debian.org

another possibility would be backporting - compiling from source package,
opendkim 2.0 was in squeeze.

maybe the squeeze version is compilable, maybe it's even installable 
without

upgrading half of the system.

Maybe someone could tell me it is possible according to my debian 
version and postfix version ?


you must try and see.  Current opendkim versions may require newer
libraries, newer postfix etc.

However, this is not a postfix issue.



another solution
http://dkimproxy.sourceforge.net/
http://dkimproxy.sourceforge.net/postfix-outbound-howto.html

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Installing Postfix version that is newer than offered in the Debian repository.

[Mick]

Hi Postfix users,

I would like to try and install a later version of Postfix (and 
postfix-mysql) than the Debian stable (Jessie) repository currently 
offers (2.11.3-1). I've looked at building Postfix 3.1 from source, but 
I'm finding it hard to follow the instructions. This is wholly down to 
*my* lack of understanding regarding the building process and 
dependences I would need to build in for my system and no reflection on 
the author.


As an alternative to building from source, I am also considering the 
easier option of installing version 3.0.4-5 from the Debian testing 
source (Stretch) using a pinned source list.  This leaves me with a 
question on dependencies.  Should I install postfix dependencies from 
the Debian Stretch source list which may upset Jessie's stability, or 
instead download them from Jessie which may cause Postfix problems ?


If I were to attempt to build 3.1, would it be better to first install 
2.11 and get that up an running? I ask as there may be less dependencies 
to build into 3.1, and certainly less to configure if the main.cf and 
master.cf already exist.


To sum up, I don't know which way to go, though I'm thinking 3.1 would 
be the best route long term. Any suggestions welcomed.



Best wishes,
Mick.

Re: Installing Postfix version that is newer than offered in the Debian repository.

[Scott Kitterman]

On Saturday, March 26, 2016 05:44:45 PM Mick wrote:
> Hi Postfix users,
> 
> I would like to try and install a later version of Postfix (and
> postfix-mysql) than the Debian stable (Jessie) repository currently
> offers (2.11.3-1). I've looked at building Postfix 3.1 from source, but
> I'm finding it hard to follow the instructions. This is wholly down to
> *my* lack of understanding regarding the building process and
> dependences I would need to build in for my system and no reflection on
> the author.
> 
> As an alternative to building from source, I am also considering the
> easier option of installing version 3.0.4-5 from the Debian testing
> source (Stretch) using a pinned source list.  This leaves me with a
> question on dependencies.  Should I install postfix dependencies from
> the Debian Stretch source list which may upset Jessie's stability, or
> instead download them from Jessie which may cause Postfix problems ?
> 
> If I were to attempt to build 3.1, would it be better to first install
> 2.11 and get that up an running? I ask as there may be less dependencies
> to build into 3.1, and certainly less to configure if the main.cf and
> master.cf already exist.
> 
> To sum up, I don't know which way to go, though I'm thinking 3.1 would
> be the best route long term. Any suggestions welcomed.

We are close to uploading Postfix 3.1 to Debian Unstable, which means it should 
be in Testing (Stretch) soonish.  There are a number of historical differences 
between the upstream and Debian approach to packaging postfix that are 
substantially narrowed starting in Postfix 3.0.  We're still working on 
adapting the Debian packaging and I expect 3.1 to have less difference in this 
regard.

I would not recommend updating a Debianized Postfix 2.11.3 to an upstream built 
from source Postfix 3.0/3.1.  If you want to go the route of building from 
source, I would remove the Debianized version first.

If you choose to go the route of adding Stretch to your sources.list with 
appropriate pinning, the dependencies should only be pulled in from Stretch if 
they are not present in sufficient version in Jessie.  Do pay close attention 
at 
what is being upgraded and decide for yourself if it is too much to be 
comfortable with (for example if the package pulls in a new libc6 version that 
would be a sign to be concerned in my opinion).

Another alternative would be to rebuild the Debian  Postifx 3.0 packaging 
specifically for Jessie.  If you don't know how to do this, 
http://www.debian.org/doc/manuals/packaging-tutorial/packaging-tutorial has 
some good advice (don't panic about the size of the document, you'll only need 
to deal with a small part of it).  This would likely eliminate the need to 
upgrade dependencies.

If it were me, I'd to the last option.

For further information on working with the Debianized packaging, I would 
suggest contacting a Debian specific support resource as it's not particularly 
on topic here.

Scott K

Re: Installing Postfix version that is newer than offered in the Debian repository.

[Mick]

On 26/03/2016 18:54, Scott Kitterman wrote:

On Saturday, March 26, 2016 05:44:45 PM Mick wrote:

Hi Postfix users,

I would like to try and install a later version of Postfix (and
postfix-mysql) than the Debian stable (Jessie) repository currently
offers (2.11.3-1). I've looked at building Postfix 3.1 from source, but
I'm finding it hard to follow the instructions. This is wholly down to
*my* lack of understanding regarding the building process and
dependences I would need to build in for my system and no reflection on
the author.

As an alternative to building from source, I am also considering the
easier option of installing version 3.0.4-5 from the Debian testing
source (Stretch) using a pinned source list.  This leaves me with a
question on dependencies.  Should I install postfix dependencies from
the Debian Stretch source list which may upset Jessie's stability, or
instead download them from Jessie which may cause Postfix problems ?

If I were to attempt to build 3.1, would it be better to first install
2.11 and get that up an running? I ask as there may be less dependencies
to build into 3.1, and certainly less to configure if the main.cf and
master.cf already exist.

To sum up, I don't know which way to go, though I'm thinking 3.1 would
be the best route long term. Any suggestions welcomed.

We are close to uploading Postfix 3.1 to Debian Unstable, which means it should
be in Testing (Stretch) soonish.  There are a number of historical differences
between the upstream and Debian approach to packaging postfix that are
substantially narrowed starting in Postfix 3.0.  We're still working on
adapting the Debian packaging and I expect 3.1 to have less difference in this
regard.

I would not recommend updating a Debianized Postfix 2.11.3 to an upstream built
from source Postfix 3.0/3.1.  If you want to go the route of building from
source, I would remove the Debianized version first.

If you choose to go the route of adding Stretch to your sources.list with
appropriate pinning, the dependencies should only be pulled in from Stretch if
they are not present in sufficient version in Jessie.  Do pay close attention at
what is being upgraded and decide for yourself if it is too much to be
comfortable with (for example if the package pulls in a new libc6 version that
would be a sign to be concerned in my opinion).

Another alternative would be to rebuild the Debian  Postifx 3.0 packaging
specifically for Jessie.  If you don't know how to do this,
http://www.debian.org/doc/manuals/packaging-tutorial/packaging-tutorial has
some good advice (don't panic about the size of the document, you'll only need
to deal with a small part of it).  This would likely eliminate the need to
upgrade dependencies.

If it were me, I'd to the last option.

For further information on working with the Debianized packaging, I would
suggest contacting a Debian specific support resource as it's not particularly
on topic here.

Scott K



Hi Scott,

I will follow your advice and have a go at your suggestion of rebuilding 
the Debian Postfix 3.0 packaging for Jessie from Stretch source code. 
This has veered OT as you mentioned, so I won't say any more except that 
I apologise to the others here for making noise and  thank you Scott 
much for you help and idea.


Mick.