Re: address_verify_map and lmdb database
--On Thursday, January 15, 2015 4:43 PM -0500 Wietse Venema wrote: Quanah Gibson-Mount: Hi, I see on <http://www.postfix.org/ADDRESS_VERIFICATION_README.html>, it recommends using a btree database for the address verify map. For example: # Default setting for Postfix 2.7 and later. # Note 1: Be sure to read the "Caching" section below! # Note 2: Avoid hash files here. Use btree instead. address_verify_map = btree:/var/lib/postfix/verify However, with the introduction of lmdb, I would assume it is at least an equally qualified replacement. Due to the hostile licensing changes to BDB, I no longer link any software to it. I'd like to confirm that LMDB is a suitable replacement for btree (and request a doc update if that is correct). LMDB support was completed at the end of the Postfix 2.11 development cycle. No new show-stopper problems have surfaced in the first year of deployment. In my experience, LMDB's COW approach presents a higher write load than Berkeley DB due to Postfix's tiny updates, but that became a non-issue after I switched my server to SSD drives. Both ADDRESS_VERIFY_README and POSTSCREEN_README show side-by-side examples of shared (lmdb) and non-shared (btree) caches. The text that you refer to is concerned with other features. It would not make sense to pollute those examples with side-by-side examples of Berkeley DB and LMDB or whatever, but it is no problem to add "or lmdb" to the text "avoid hash, use btree instead". Perfect, thanks! --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration
Re: address_verify_map and lmdb database
Quanah Gibson-Mount: > Hi, > > I see on <http://www.postfix.org/ADDRESS_VERIFICATION_README.html>, it > recommends using a btree database for the address verify map. For example: > > > # Default setting for Postfix 2.7 and later. > # Note 1: Be sure to read the "Caching" section below! > # Note 2: Avoid hash files here. Use btree instead. > address_verify_map = btree:/var/lib/postfix/verify > > However, with the introduction of lmdb, I would assume it is at least an > equally qualified replacement. Due to the hostile licensing changes to BDB, > I no longer link any software to it. I'd like to confirm that LMDB is a > suitable replacement for btree (and request a doc update if that is > correct). LMDB support was completed at the end of the Postfix 2.11 development cycle. No new show-stopper problems have surfaced in the first year of deployment. In my experience, LMDB's COW approach presents a higher write load than Berkeley DB due to Postfix's tiny updates, but that became a non-issue after I switched my server to SSD drives. Both ADDRESS_VERIFY_README and POSTSCREEN_README show side-by-side examples of shared (lmdb) and non-shared (btree) caches. The text that you refer to is concerned with other features. It would not make sense to pollute those examples with side-by-side examples of Berkeley DB and LMDB or whatever, but it is no problem to add "or lmdb" to the text "avoid hash, use btree instead". Wietse
address_verify_map and lmdb database
Hi, I see on <http://www.postfix.org/ADDRESS_VERIFICATION_README.html>, it recommends using a btree database for the address verify map. For example: # Default setting for Postfix 2.7 and later. # Note 1: Be sure to read the "Caching" section below! # Note 2: Avoid hash files here. Use btree instead. address_verify_map = btree:/var/lib/postfix/verify However, with the introduction of lmdb, I would assume it is at least an equally qualified replacement. Due to the hostile licensing changes to BDB, I no longer link any software to it. I'd like to confirm that LMDB is a suitable replacement for btree (and request a doc update if that is correct). Thanks! --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration
Re: address_verify_map
Per Jessen wrote: > Stefan Jakobs wrote: > >> Daniel L. Miller: >>> Can a SQL database be used for the recipient verification storage? >> >> The following link has a patch which enables Postfix to write to a >> MySQL Database. With that you can keep your verify db in a MySQL >> database. Use at your own risk. >> >> > https://api.opensuse.org/public/source/home:rusjako/postfix/postfix-mysql- >> write-support.patch?rev=4f09d0df08b2763b6196cb24478b3e94& >> >> Regards >> Stefan > > Hi Stefan > > I presume the table has to be created beforehand - do you have a > template? Ah, found it already, should have been a little more persistent with google: http://www.mentby.com/stefan-76/verify-db-with-mysql.html -- Per Jessen, Zürich (19.8°C)
Re: address_verify_map
Stefan Jakobs wrote: > Daniel L. Miller: >> Can a SQL database be used for the recipient verification storage? > > The following link has a patch which enables Postfix to write to a > MySQL Database. With that you can keep your verify db in a MySQL > database. Use at your own risk. > > https://api.opensuse.org/public/source/home:rusjako/postfix/postfix-mysql- > write-support.patch?rev=4f09d0df08b2763b6196cb24478b3e94& > > Regards > Stefan Hi Stefan I presume the table has to be created beforehand - do you have a template? thanks, Per -- Per Jessen, Zürich (19.8°C)
Re: address_verify_map
Daniel L. Miller: > Can a SQL database be used for the recipient verification storage? The following link has a patch which enables Postfix to write to a MySQL Database. With that you can keep your verify db in a MySQL database. Use at your own risk. https://api.opensuse.org/public/source/home:rusjako/postfix/postfix-mysql- write-support.patch?rev=4f09d0df08b2763b6196cb24478b3e94& Regards Stefan
Re: address_verify_map
Daniel L. Miller: > Can a SQL database be used for the recipient verification storage? Not unless someone has implemented Postfix support for SQL updates. Wietse
address_verify_map
Can a SQL database be used for the recipient verification storage? -- Daniel
Re: address_verify_map and relay_domains
Martijn de Munnik wrote: > On Wed, 2009-08-19 at 09:10 -0400, Brian Evans - Postfix List wrote: > >> Martijn de Munnik wrote: >> >>> Hi list, >>> >>> How can I enable the address_verify_map only for the relay_domains? >>> >>> >> To answer the query: >> Replace reject_unverified_recipient with "check_recipient_access >> hash:/path/to/file" >> >> /path/to/file: >> slagenlandwonen.nl reject_unverified_recipient >> wfcommunicatie.nl reject_unverified_recipient >> > > All the domains where this should be applied to are listed in > relay_domains. Can I apply the reject_unverified_recipient rule to those > domains without a separate file? I want a single place to manage the > relay_domains. > > It is possible to use the same map as relay_domains itself. This is because relay_domains just checks to see if the lookup key exists and ignores the result. http://www.postfix.org/postconf.5.html#relay_domains It is discouraged to reuse maps as you must know what it is really doing and not over use 1 map for everything. In this case, it would do little harm. However you *must* limit the use to just those 2 parameters.
Re: address_verify_map and relay_domains
On Wed, 2009-08-19 at 09:10 -0400, Brian Evans - Postfix List wrote: > Martijn de Munnik wrote: > > Hi list, > > > > How can I enable the address_verify_map only for the relay_domains? > > > To answer the query: > Replace reject_unverified_recipient with "check_recipient_access > hash:/path/to/file" > > /path/to/file: > slagenlandwonen.nl reject_unverified_recipient > wfcommunicatie.nl reject_unverified_recipient All the domains where this should be applied to are listed in relay_domains. Can I apply the reject_unverified_recipient rule to those domains without a separate file? I want a single place to manage the relay_domains.
Re: address_verify_map and relay_domains
On Wed, 2009-08-19 at 09:10 -0400, Brian Evans - Postfix List wrote: > Martijn de Munnik wrote: > > Hi list, > > > > How can I enable the address_verify_map only for the relay_domains? > > > > postconf -n > > > > smtpd_client_restrictions = reject_rbl_client virbl.dnsbl.bit.nl > > > > This is rather redundant since you also specify it in recipient > restrictions and delay reject is yes. > Best to remove this line to avoid confusion and limit DNS queries to > destinations you control. Thank you for the tip! > > > smtpd_recipient_restrictions = permit_mynetworks, > > permit_sasl_authenticated, reject_non_fqdn_recipient, > > reject_non_fqdn_sender, reject_unknown_sender_domain, > > reject_unverified_recipient, reject_unauth_destination, > > reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, > > reject_rbl_client virbl.dnsbl.bit.nl check_policy_service > > inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:1002 > > To answer the query: > Replace reject_unverified_recipient with "check_recipient_access > hash:/path/to/file" > > /path/to/file: > slagenlandwonen.nl reject_unverified_recipient > wfcommunicatie.nl reject_unverified_recipient > #add rest after > #Note: add periods before each in another entry if you want to cover > sub-domains as well > #Current default behavior will allow them without the period, but may > change in the future > #or if you change parent_domain_matches_subdomains setting > Okay! Met vriendelijke groet, Martijn de Munnik -- YoungGuns Kasteleinenkampweg 7b 5222 AX 's-Hertogenbosch T. 073 623 56 40 F. 073 623 56 39 www.youngguns.nl KvK 18076568
Re: address_verify_map and relay_domains
Martijn de Munnik wrote: > Hi list, > > How can I enable the address_verify_map only for the relay_domains? > > postconf -n > > smtpd_client_restrictions = reject_rbl_client virbl.dnsbl.bit.nl > This is rather redundant since you also specify it in recipient restrictions and delay reject is yes. Best to remove this line to avoid confusion and limit DNS queries to destinations you control. > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_non_fqdn_recipient, > reject_non_fqdn_sender, reject_unknown_sender_domain, > reject_unverified_recipient, reject_unauth_destination, > reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, > reject_rbl_client virbl.dnsbl.bit.nl check_policy_service > inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:1002 To answer the query: Replace reject_unverified_recipient with "check_recipient_access hash:/path/to/file" /path/to/file: slagenlandwonen.nl reject_unverified_recipient wfcommunicatie.nl reject_unverified_recipient #add rest after #Note: add periods before each in another entry if you want to cover sub-domains as well #Current default behavior will allow them without the period, but may change in the future #or if you change parent_domain_matches_subdomains setting
address_verify_map and relay_domains
Hi list,
We are using address_verify_map to cache and limit the number of checks
on remote smtp servers. This is done because we act as a spam/virus
filter for some domains that have there own mail server. Now it seems
the address_verify_map is also used for local domains.
One of our clients created a mail address after a mail was send to that
mail address. So that mail was rejected, but after the mail address was
created mail is still being rejected. I suspect this is because of the
address_verify_map (I don't know how to check the btree file?).
How can I enable the address_verify_map only for the relay_domains?
postconf -n
address_verify_map = btree:${data_directory}/verify
alias_maps = hash:/opt/csw/etc/postfix/aliases
body_checks = regexp:/opt/csw/etc/postfix/maps/body_checks
broken_sasl_auth_clients = yes
command_directory = /opt/csw/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:localhost:10024
daemon_directory = /opt/csw/libexec/postfix
data_directory = /opt/csw/var/lib/postfix
default_database_type = hash
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = regexp:/opt/csw/etc/postfix/maps/header_checks
home_mailbox = Maildir/
html_directory = /opt/csw/share/doc/postfix/html
inet_interfaces = all
mailbox_command = /opt/csw/bin/procmail-wrapper -o -a $DOMAIN -d
$LOGNAME
mailbox_size_limit = 0
mailq_path = /opt/csw/bin/mailq
manpage_directory = /opt/csw/share/man
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
message_size_limit = 20971520
mime_header_checks = regexp:/opt/csw/etc/postfix/maps/mime_header_checks
minimal_backoff_time = 1000s
mydestination = $myhostname, localhost.$mydomain
myhostname = stevie.youngguns.nl
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /opt/csw/bin/newaliases
readme_directory = /opt/csw/share/doc/postfix/README_FILES
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = slagenlandwonen.nl, wfcommunicatie.nl,
gooischebrink.com, interjute.nl, melamo.nl, fair-play.nl,
loopbaankamer.nl, ospl.nl, ospl.de, printcontrol.nl,
dankers-schilderwerken.nl, promonta.nl, interim-denbosch.nl
relayhost =
sample_directory = /opt/csw/share/doc/postfix/samples
sendmail_path = /opt/csw/sbin/sendmail
smtp_bind_address = 213.207.90.2
smtp_helo_timeout = 60s
smtp_send_xforward_command = yes
smtp_skip_quit_response = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_client_connection_count_limit = 10
smtpd_client_restrictions = reject_rbl_client virbl.dnsbl.bit.nl
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_recipient,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_unverified_recipient, reject_unauth_destination,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
reject_rbl_client virbl.dnsbl.bit.nl check_policy_service
inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /home/yghosting/ssl/secure-youngguns-nl.pem
smtpd_tls_key_file = /home/yghosting/ssl/secure-youngguns-nl.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/opt/csw/etc/postfix/transport
unknown_address_reject_code = 550
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/opt/csw/etc/postfix/virtual
