Re: address_verify_map and lmdb database
--On Thursday, January 15, 2015 4:43 PM -0500 Wietse Venema wrote: Quanah Gibson-Mount: Hi, I see on <http://www.postfix.org/ADDRESS_VERIFICATION_README.html>, it recommends using a btree database for the address verify map. For example: # Default setting for Postfix 2.7 and later. # Note 1: Be sure to read the "Caching" section below! # Note 2: Avoid hash files here. Use btree instead. address_verify_map = btree:/var/lib/postfix/verify However, with the introduction of lmdb, I would assume it is at least an equally qualified replacement. Due to the hostile licensing changes to BDB, I no longer link any software to it. I'd like to confirm that LMDB is a suitable replacement for btree (and request a doc update if that is correct). LMDB support was completed at the end of the Postfix 2.11 development cycle. No new show-stopper problems have surfaced in the first year of deployment. In my experience, LMDB's COW approach presents a higher write load than Berkeley DB due to Postfix's tiny updates, but that became a non-issue after I switched my server to SSD drives. Both ADDRESS_VERIFY_README and POSTSCREEN_README show side-by-side examples of shared (lmdb) and non-shared (btree) caches. The text that you refer to is concerned with other features. It would not make sense to pollute those examples with side-by-side examples of Berkeley DB and LMDB or whatever, but it is no problem to add "or lmdb" to the text "avoid hash, use btree instead". Perfect, thanks! --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration
Re: address_verify_map and lmdb database
Quanah Gibson-Mount: > Hi, > > I see on <http://www.postfix.org/ADDRESS_VERIFICATION_README.html>, it > recommends using a btree database for the address verify map. For example: > > > # Default setting for Postfix 2.7 and later. > # Note 1: Be sure to read the "Caching" section below! > # Note 2: Avoid hash files here. Use btree instead. > address_verify_map = btree:/var/lib/postfix/verify > > However, with the introduction of lmdb, I would assume it is at least an > equally qualified replacement. Due to the hostile licensing changes to BDB, > I no longer link any software to it. I'd like to confirm that LMDB is a > suitable replacement for btree (and request a doc update if that is > correct). LMDB support was completed at the end of the Postfix 2.11 development cycle. No new show-stopper problems have surfaced in the first year of deployment. In my experience, LMDB's COW approach presents a higher write load than Berkeley DB due to Postfix's tiny updates, but that became a non-issue after I switched my server to SSD drives. Both ADDRESS_VERIFY_README and POSTSCREEN_README show side-by-side examples of shared (lmdb) and non-shared (btree) caches. The text that you refer to is concerned with other features. It would not make sense to pollute those examples with side-by-side examples of Berkeley DB and LMDB or whatever, but it is no problem to add "or lmdb" to the text "avoid hash, use btree instead". Wietse
address_verify_map and lmdb database
Hi, I see on <http://www.postfix.org/ADDRESS_VERIFICATION_README.html>, it recommends using a btree database for the address verify map. For example: # Default setting for Postfix 2.7 and later. # Note 1: Be sure to read the "Caching" section below! # Note 2: Avoid hash files here. Use btree instead. address_verify_map = btree:/var/lib/postfix/verify However, with the introduction of lmdb, I would assume it is at least an equally qualified replacement. Due to the hostile licensing changes to BDB, I no longer link any software to it. I'd like to confirm that LMDB is a suitable replacement for btree (and request a doc update if that is correct). Thanks! --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration
Re: address_verify_map
Per Jessen wrote: > Stefan Jakobs wrote: > >> Daniel L. Miller: >>> Can a SQL database be used for the recipient verification storage? >> >> The following link has a patch which enables Postfix to write to a >> MySQL Database. With that you can keep your verify db in a MySQL >> database. Use at your own risk. >> >> > https://api.opensuse.org/public/source/home:rusjako/postfix/postfix-mysql- >> write-support.patch?rev=4f09d0df08b2763b6196cb24478b3e94& >> >> Regards >> Stefan > > Hi Stefan > > I presume the table has to be created beforehand - do you have a > template? Ah, found it already, should have been a little more persistent with google: http://www.mentby.com/stefan-76/verify-db-with-mysql.html -- Per Jessen, Zürich (19.8°C)
Re: address_verify_map
Stefan Jakobs wrote: > Daniel L. Miller: >> Can a SQL database be used for the recipient verification storage? > > The following link has a patch which enables Postfix to write to a > MySQL Database. With that you can keep your verify db in a MySQL > database. Use at your own risk. > > https://api.opensuse.org/public/source/home:rusjako/postfix/postfix-mysql- > write-support.patch?rev=4f09d0df08b2763b6196cb24478b3e94& > > Regards > Stefan Hi Stefan I presume the table has to be created beforehand - do you have a template? thanks, Per -- Per Jessen, Zürich (19.8°C)
Re: address_verify_map
Daniel L. Miller: > Can a SQL database be used for the recipient verification storage? The following link has a patch which enables Postfix to write to a MySQL Database. With that you can keep your verify db in a MySQL database. Use at your own risk. https://api.opensuse.org/public/source/home:rusjako/postfix/postfix-mysql- write-support.patch?rev=4f09d0df08b2763b6196cb24478b3e94& Regards Stefan
Re: address_verify_map
Daniel L. Miller: > Can a SQL database be used for the recipient verification storage? Not unless someone has implemented Postfix support for SQL updates. Wietse
address_verify_map
Can a SQL database be used for the recipient verification storage? -- Daniel
Re: address_verify_map and relay_domains
Martijn de Munnik wrote: > On Wed, 2009-08-19 at 09:10 -0400, Brian Evans - Postfix List wrote: > >> Martijn de Munnik wrote: >> >>> Hi list, >>> >>> How can I enable the address_verify_map only for the relay_domains? >>> >>> >> To answer the query: >> Replace reject_unverified_recipient with "check_recipient_access >> hash:/path/to/file" >> >> /path/to/file: >> slagenlandwonen.nl reject_unverified_recipient >> wfcommunicatie.nl reject_unverified_recipient >> > > All the domains where this should be applied to are listed in > relay_domains. Can I apply the reject_unverified_recipient rule to those > domains without a separate file? I want a single place to manage the > relay_domains. > > It is possible to use the same map as relay_domains itself. This is because relay_domains just checks to see if the lookup key exists and ignores the result. http://www.postfix.org/postconf.5.html#relay_domains It is discouraged to reuse maps as you must know what it is really doing and not over use 1 map for everything. In this case, it would do little harm. However you *must* limit the use to just those 2 parameters.
Re: address_verify_map and relay_domains
On Wed, 2009-08-19 at 09:10 -0400, Brian Evans - Postfix List wrote: > Martijn de Munnik wrote: > > Hi list, > > > > How can I enable the address_verify_map only for the relay_domains? > > > To answer the query: > Replace reject_unverified_recipient with "check_recipient_access > hash:/path/to/file" > > /path/to/file: > slagenlandwonen.nl reject_unverified_recipient > wfcommunicatie.nl reject_unverified_recipient All the domains where this should be applied to are listed in relay_domains. Can I apply the reject_unverified_recipient rule to those domains without a separate file? I want a single place to manage the relay_domains.
Re: address_verify_map and relay_domains
On Wed, 2009-08-19 at 09:10 -0400, Brian Evans - Postfix List wrote: > Martijn de Munnik wrote: > > Hi list, > > > > How can I enable the address_verify_map only for the relay_domains? > > > > postconf -n > > > > smtpd_client_restrictions = reject_rbl_client virbl.dnsbl.bit.nl > > > > This is rather redundant since you also specify it in recipient > restrictions and delay reject is yes. > Best to remove this line to avoid confusion and limit DNS queries to > destinations you control. Thank you for the tip! > > > smtpd_recipient_restrictions = permit_mynetworks, > > permit_sasl_authenticated, reject_non_fqdn_recipient, > > reject_non_fqdn_sender, reject_unknown_sender_domain, > > reject_unverified_recipient, reject_unauth_destination, > > reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, > > reject_rbl_client virbl.dnsbl.bit.nl check_policy_service > > inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:1002 > > To answer the query: > Replace reject_unverified_recipient with "check_recipient_access > hash:/path/to/file" > > /path/to/file: > slagenlandwonen.nl reject_unverified_recipient > wfcommunicatie.nl reject_unverified_recipient > #add rest after > #Note: add periods before each in another entry if you want to cover > sub-domains as well > #Current default behavior will allow them without the period, but may > change in the future > #or if you change parent_domain_matches_subdomains setting > Okay! Met vriendelijke groet, Martijn de Munnik -- YoungGuns Kasteleinenkampweg 7b 5222 AX 's-Hertogenbosch T. 073 623 56 40 F. 073 623 56 39 www.youngguns.nl KvK 18076568
Re: address_verify_map and relay_domains
Martijn de Munnik wrote: > Hi list, > > How can I enable the address_verify_map only for the relay_domains? > > postconf -n > > smtpd_client_restrictions = reject_rbl_client virbl.dnsbl.bit.nl > This is rather redundant since you also specify it in recipient restrictions and delay reject is yes. Best to remove this line to avoid confusion and limit DNS queries to destinations you control. > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_non_fqdn_recipient, > reject_non_fqdn_sender, reject_unknown_sender_domain, > reject_unverified_recipient, reject_unauth_destination, > reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, > reject_rbl_client virbl.dnsbl.bit.nl check_policy_service > inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:1002 To answer the query: Replace reject_unverified_recipient with "check_recipient_access hash:/path/to/file" /path/to/file: slagenlandwonen.nl reject_unverified_recipient wfcommunicatie.nl reject_unverified_recipient #add rest after #Note: add periods before each in another entry if you want to cover sub-domains as well #Current default behavior will allow them without the period, but may change in the future #or if you change parent_domain_matches_subdomains setting
address_verify_map and relay_domains
Hi list, We are using address_verify_map to cache and limit the number of checks on remote smtp servers. This is done because we act as a spam/virus filter for some domains that have there own mail server. Now it seems the address_verify_map is also used for local domains. One of our clients created a mail address after a mail was send to that mail address. So that mail was rejected, but after the mail address was created mail is still being rejected. I suspect this is because of the address_verify_map (I don't know how to check the btree file?). How can I enable the address_verify_map only for the relay_domains? postconf -n address_verify_map = btree:${data_directory}/verify alias_maps = hash:/opt/csw/etc/postfix/aliases body_checks = regexp:/opt/csw/etc/postfix/maps/body_checks broken_sasl_auth_clients = yes command_directory = /opt/csw/sbin config_directory = /etc/postfix content_filter = amavisfeed:localhost:10024 daemon_directory = /opt/csw/libexec/postfix data_directory = /opt/csw/var/lib/postfix default_database_type = hash delay_warning_time = 4h disable_vrfy_command = yes header_checks = regexp:/opt/csw/etc/postfix/maps/header_checks home_mailbox = Maildir/ html_directory = /opt/csw/share/doc/postfix/html inet_interfaces = all mailbox_command = /opt/csw/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 mailq_path = /opt/csw/bin/mailq manpage_directory = /opt/csw/share/man maximal_backoff_time = 8000s maximal_queue_lifetime = 7d message_size_limit = 20971520 mime_header_checks = regexp:/opt/csw/etc/postfix/maps/mime_header_checks minimal_backoff_time = 1000s mydestination = $myhostname, localhost.$mydomain myhostname = stevie.youngguns.nl mynetworks_style = host myorigin = $myhostname newaliases_path = /opt/csw/bin/newaliases readme_directory = /opt/csw/share/doc/postfix/README_FILES receive_override_options = no_address_mappings recipient_delimiter = + relay_domains = slagenlandwonen.nl, wfcommunicatie.nl, gooischebrink.com, interjute.nl, melamo.nl, fair-play.nl, loopbaankamer.nl, ospl.nl, ospl.de, printcontrol.nl, dankers-schilderwerken.nl, promonta.nl, interim-denbosch.nl relayhost = sample_directory = /opt/csw/share/doc/postfix/samples sendmail_path = /opt/csw/sbin/sendmail smtp_bind_address = 213.207.90.2 smtp_helo_timeout = 60s smtp_send_xforward_command = yes smtp_skip_quit_response = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP smtpd_client_connection_count_limit = 10 smtpd_client_restrictions = reject_rbl_client virbl.dnsbl.bit.nl smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = yes smtpd_hard_error_limit = 12 smtpd_helo_required = yes smtpd_recipient_limit = 100 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unverified_recipient, reject_unauth_destination, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_rbl_client virbl.dnsbl.bit.nl check_policy_service inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:10023 smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_soft_error_limit = 3 smtpd_tls_cert_file = /home/yghosting/ssl/secure-youngguns-nl.pem smtpd_tls_key_file = /home/yghosting/ssl/secure-youngguns-nl.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom transport_maps = hash:/opt/csw/etc/postfix/transport unknown_address_reject_code = 550 unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 virtual_alias_maps = hash:/opt/csw/etc/postfix/virtual