Re: postscreen being exhausted?
* Wietse Venema : > I removed the warning for services with "process limit = 1" in the > 2.7-nonprod release series, when I added the postscreen daemon. I installed the non - non-prod-version and kept the master.cf entries :( -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: 450 temp error when 550 perm error is possible
* Martijn de Munnik : > Hi all, > > Sometimes our mail server is 'under attack' and we get a lot of these > entries in our log file: > > Aug 17 11:08:19 stevie.youngguns.nl postfix/smtpd[14890]: [ID 197553 > mail.info] NOQUEUE: reject: RCPT from unknown[212.22.199.165]: 450 4.1.8 > : Sender address rejected: Domain not found; > from= to= > proto=ESMTP helo= > > Normally we reject about 15 msgs/min but when such an attack happens it > peaks to about 700 msgs/min. The error is returned to the sending mail > (spam) server is 450 domain not found. Because a domain lookup could > also be a temporary failure this is a temporary error returned. > > The 450 error triggers the spammer to retry sending the mail. Do you have a caching DNS server? > The to address is an unknown user on my system so postfix could return a > 550 error. How can I do this? Reorder the checks > relay_domains = $mydestination, slagenlandwonen.nl, wfcommunicatie.nl, > gooischebrink.com, interjute.nl, melamo.nl, fair-play.nl, loopbaankamer.nl, > ospl.nl, ospl.de, printcontrol.nl, dankers-schilderwerken.nl, promonta.nl, > interim-denbosch.nl mydestination, is not a relay domain! > smtpd_client_restrictions = reject_rbl_client dnsbl.njabl.org,permit Does this one still work? > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, reject_non_fqdn_recipient, reject_non_fqdn_hostname, > reject_non_fqdn_sender, reject_unauth_destination, > reject_unlisted_recipient, reject_unknown_recipient_domain, > reject_unverified_recipient, reject_invalid_hostname, reject_rbl_client > virbl.dnsbl.bit.nl, check_policy_service inet:127.0.0.1:12525, > check_policy_service inet:127.0.0.1:10023, permit Your problem is that you distributed the checks all ocver smtpd_sender_restrictions, smtpd_recipient_restrictions and smtpd_client_restrictions > smtpd_sender_restrictions = permit_mynetworks, > reject_unknown_sender_domain, permit -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: 450 temp error when 550 perm error is possible
* Martijn de Munnik : > > Do you have a caching DNS server? > > Yes, but still things can go wrong and I don't want a failing DNS lookup > to be fatal. Postfix always returns a 4xx in case of such failures > As far as I know it does. But I see it is also included in > xbl.spamhaus.org. Rather use zen.spamhaus.org > Mmm, I think I need to read the manual to really understand where all > those rejects/permits belong. I'd put them all into smtpd_recipient_restrictions #:) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: 450 temp error when 550 perm error is possible
* Martijn de Munnik : > > I'd put them all into smtpd_recipient_restrictions #:) > > http://www.postfix.org/SMTPD_ACCESS_README.html#danger Doesn't apply for your restrictions -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: 450 temp error when 550 perm error is possible
* Martijn de Munnik : > > I'd put them all into smtpd_recipient_restrictions #:) > > I did some updates in my main.cf. I've attached the updated file. I kept > the restrictions with the different smtpd_*_restrictions, I find it a > little easier to understand. Thus your initial question :) (pardon my irony) > smtpd_client_restrictions = reject_rbl_client virbl.dnsbl.bit.nl > smtpd_helo_restrictions = permit_mynetworks, > reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, reject_non_fqdn_recipient, > reject_unverified_recipient, reject_unauth_destination, > check_policy_service inet:127.0.0.1:12525, check_policy_service > inet:127.0.0.1:10023, permit > smtpd_sender_restrictions = permit_mynetworks,reject_non_fqdn_sender, > reject_unknown_sender_domain, permit Can be merged into: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unverified_recipient, reject_unauth_destination, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_rbl_client virbl.dnsbl.bit.nl check_policy_service inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:10023 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postfix mail queue hits a certain limit, needs restart of postfix (not aware of other choices, or root cause)
* Richard Wurman : > I support a couple postfix servers that do a high volume of sending > mail (not "direct marketing" :) for billing, invoicing and account > update confirmations). On one machine, when the mailq is over 5000, > things seem to get "stuck" where I need to restart postfix. If I > don't, mail will pile up in the queue. Restarting just exacerbates things, since the whole queue needs to be re-scanned. > The current hack is to page my phone, then I ssh and restart it. > Eventually I'll just cron it but it's annoying to figure out the root > cause. Postfix version is 2.2.7. Any clues will be much appreciated, > thanks. More analysis. What is actually happening? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: sending large number of emails
* Hilel New : > I am looking for reading material about sending bulk mail. Tips and > tricks, things to avoid, etc. Can you recommend one? Use a MLM (like Mailman) Use VERP Read http://blog.summation.net/2008/06/email-deliverability-is-crucial-to-achieve-consumer-internet-virality.html -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: real-world issues with smtpd_tls_ask_ccert?
* Florin Andrei : > I'm setting up SASL with TLS for remote clients. As an additional > security measure, I would like the server to ask the email clients to > present their client certificates. According to the docs, this is > accomplished with: > > smtpd_tls_ask_ccert = yes > > But there are some ominous warnings about broken MTAs which may have > problems when delivering to Postfix if this option is used. If I > understand correctly, the broken delivery should only occur when > those MTAs attempt to do TLS to Postfix. So, this should not be a > problem for all the regular, unencrypted email I receive normally, is > that right? Yes. > Also, after enabling this option, I connected to Postfix with a > TLS-enabled email client with all the certificates installed. I saw > this line in the logs: > > Aug 20 22:49:01 server postfix/smtpd[7724]: connect from > unknown[XXX.YYY.ZZZ.KKK] > Aug 20 22:49:02 server postfix/smtpd[7724]: setting up TLS connection > from unknown[XXX.YYY.ZZZ.KKK] > Aug 20 22:49:02 server postfix/smtpd[7724]: Anonymous TLS connection > established from unknown[XXX.YYY.ZZZ.KKK]: TLSv1 with cipher > AES128-SHA (128/128 bits) > > Why does it say "Anonymous TLS connection"? Because the TLS certificate is not signed by a trusted CA. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Country IP block list
* Security Admin (NetSec) : > Could someone provide links to sites where IP addresses are grouped by > country? I use (the free) geoip database for that. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: DNSBL/RBL-Blacklist
* Schwalbe, Oliver : > reject_rbl_client > zen.spamhouse.org, <-- new Row inserted reject_rbl_client zen.spamhaus.org > <<< 554 5.7.1 Service unavailable; Client host [64.12.206.41] blocked using > zen.spamhouse.org; This is not the DNSBL you're looking for. Read man, READ! I like the StarWars phrasing :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: DNSBL/RBL-Blacklist
* Ralf Hildebrandt : > * Schwalbe, Oliver : > > > reject_rbl_client > > zen.spamhouse.org, <-- new Row inserted > > reject_rbl_client zen.spamhaus.org > > > <<< 554 5.7.1 Service unavailable; Client host [64.12.206.41] blocked using > > zen.spamhouse.org; This is not the DNSBL you're looking for. > > Read man, READ! http://www.spamhouse.org/ says: SPAMHOUSE.ORG is not a DNSbl! Queries to SPAMHOUSE.ORG will ALWAYS return a positive lookup. This means that if you use it, you will refuse *all* of your incoming email. Please use one of Spamhaus.org's excellent DNSbls, or better yet, buy a Spamhaus datafeed! Please visit SPAMHAUS.ORG's technical page for information on using their excellent DNSbl. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Mail Box
* Roman Gelfand : > Can somebody recommend a mail box server software that would be worthy > of postfix? Dovecot > Also, if anyone knows of a cool web client. Horde Squirrelmail roundcube -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Reverse DNS fails with "cannot find your hostname" when forward IP is wrong
* Michael Monnerie : > I just found a good logging example with the nfs server: > rpc.mountd: Fake hostname ipmi-p4u.zmi.at for 212.69.162.206 - forward > lookup doesn't exist > That statement makes it clear, and would be a nice message for postfix > also. Didn't Wietse write that code? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Bounce on the auto fwd mail.
* eric sato : > Hope someone can help. > > *when receiving ... > Aug 28 05:39:13 174 postfix/pickup[9638]: E5547F4BE1: uid=650 > from= > Aug 28 05:39:13 174 postfix/cleanup[13001]: E5547F4BE1: > message-id=<002a01ca27c3$5347f090$f9d7d1...@com> > Aug 28 05:39:13 174 postfix/local[13006]: 35E49F4B9B: > to=, > orig_to=, relay=local, delay=32, > delays=0.27/0.01/0/32, dsn=2.0.0, status=sent (delivered to command: > /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME) > > *doing the forward ... > Aug 28 05:39:13 174 postfix/qmgr[9639]: 35E49F4B9B: removed > Aug 28 05:39:13 174 postfix/qmgr[9639]: E5547F4BE1: > from=, size=3941, nrcpt=1 (queue > active) > Aug 28 05:39:20 174 postfix/smtp[13024]: E5547F4BE1: > to=, > relay=cuda2.time.net.my[203.121.65.119]:25, delay=6.9, > delays=0.05/0.01/6.6/0.31, dsn=5.0.0, status=bounced (host > cuda2.time.net.my[203.121.65.119] said: 504 Need Fully Qualified > Address (in reply to MAIL FROM command)) test.jeffreyklei...@localdomain is not a Fully Qualified Address -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Helo command rejected: Domain not found
Which Postfix restriction generates: "Helo command rejected: Domain not found"? >From the log on albatross.python.org: Aug 21 15:07:07 albatross postfix/smtpd[15378]: NOQUEUE: reject_warning: RCPT from qmta09.emeryville.ca.mail.comcast.net[76.96.30.96]: 554 5.0.0 : Helo command rejected: Domain not found; from= to= proto=ESMTP helo= Aug 21 15:19:42 albatross postfix/smtpd[11319]: NOQUEUE: reject_warning: RCPT from cat.lrt.ru[91.192.244.67]: 554 5.0.0 : Helo command rejected: Domain not found; from= to= proto=ESMTP helo= The only warn_if_reject in main.cf are: # fgrep warn_if main.cf warn_if_reject check_helo_ns_access cidr:/etc/postfix/nsbl.cidr.msg.outboundindex, warn_if_reject check_helo_ns_access cdb:/etc/postfix/nsbl.hosts.msg.outboundindex warn_if_reject check_sender_ns_access cidr:/etc/postfix/nsbl.cidr.msg.outboundindex, warn_if_reject check_sender_ns_access cdb:/etc/postfix/nsbl.hosts.msg.outboundindex, # fgrep -i domain /etc/postfix/nsbl.cidr.msg.outboundindex /etc/postfix/nsbl.hosts.msg.outboundindex (no match, just to prove there's no LHS of "Domain not found" But according to # host QMTA09.emeryville.ca.mail.comcast.net QMTA09.emeryville.ca.mail.comcast.net has address 76.96.30.96 # host cat.lrt.ru cat.lrt.ru has address 91.192.244.67 the hostnames even resolve. But: a) Why would check_helo_ns_access result in a "Helo command rejected: Domain not found" error? I usually use reject_unknown_helo_hostname for that, but: # postconf |grep unknown_helo_hostname unknown_helo_hostname_tempfail_action = $reject_tempfail_action b) for a domain that does exist (ok, admittedly, NOW, it could have been differently 8 days ago) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Helo command rejected: Domain not found
* Ralf Hildebrandt : > Which Postfix restriction generates: "Helo command rejected: Domain not > found"? > > From the log on albatross.python.org: > > Aug 21 15:07:07 albatross postfix/smtpd[15378]: NOQUEUE: reject_warning: RCPT > from qmta09.emeryville.ca.mail.comcast.net[76.96.30.96]: 554 5.0.0 > : Helo command rejected: Domain > not found; from= to= > proto=ESMTP helo= BTW, this log entry in itself proves that the DNS name must resolved back and forth, because otherwise postfix would have logged "unknown[76.96.30.96]" instead of qmta09.emeryville.ca.mail.comcast.net[76.96.30.96] -- which was also the HELO hostname! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Helo command rejected: Domain not found
* Ralf Hildebrandt : > BTW, this log entry in itself proves that the DNS name must resolved > back and forth, because otherwise postfix would have logged > "unknown[76.96.30.96]" instead of > qmta09.emeryville.ca.mail.comcast.net[76.96.30.96] > -- which was also the HELO hostname! mail_version = 2.7-20090807-nonprod -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Helo command rejected: Domain not found
* Ralf Hildebrandt : > * Ralf Hildebrandt : > > > BTW, this log entry in itself proves that the DNS name must resolved > > back and forth, because otherwise postfix would have logged > > "unknown[76.96.30.96]" instead of > > qmta09.emeryville.ca.mail.comcast.net[76.96.30.96] > > -- which was also the HELO hostname! > > mail_version = 2.7-20090807-nonprod Hm, my "problem" (?) is probably related to the 20090807 change: Workaround: NS record lookups for certain domains always fail, while other queries for those domains always succeed (and even return replies with NS records as additional information). -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: legal intercept to file.
* Brent Clark : > Hiya > > I got this requirement from my client to keep a copy of ALL emails that gets > sent and received (legal intercept). Im thinking this can be done at SMTP > time. > > My question is, would anyone know how and where, at SMTP time, not using > 'always_bcc', store the email to file. always_bcc_maps -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Custom 550 error message
* Richard Smits : > Hello, > > I was wondering, is it possible to change the default error message > with a 550 or 450 ? > > It is now : #5.5.0 smtp;550 : Recipient address > rejected: User unknown in virtual alias table > > Can this be changed ? Which part of it? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Custom 550 error message
* Richard Smits : > Hello, > > After the "rejected" so the "User unknown in virtual alias table" > part. Or the entire message. Also O.K. show_user_unknown_table_name = no -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Custom 550 error message
* Richard Smits : > Let me explain why I ask this, > > We want to include a message in the error message , like : > > #5.5.0 smtp;550 : Recipient address > > rejected: Please see http://telephonebook.domain.com for email info > > Is this possible ? By editing the sourcecode, yes -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Logging mystery
* Jozsef Kadlecsik : > According to the postfix log, the client did not send any email > successfully at that time and there's no reference to the queue ids again. > However, from the policy daemon log, there was 46 messages processed. Well, speaking SMTP is not something only postfix can do. Maybe some application was abused to send mail using SMTP directly to the host that throttled the onslaught. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: smtp restriction class
* Muhammed Sameer : > Hello, > > In my postfix configuration I want to apply an smtp restriction class if the > domainname of the sender and the recipient is different > for example in my main.cf i am using > You need a policy server for that -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: match_list_match: host in my subnet: no match
* Paul Beard : > All I really want is to allow clients on my local subnet to be able > to send mail from within that subnet using only the resources of that > subnet, no relays, just trusted users. The idea would be that even > outside the building, users could send mail through this network by > authenticating as local users. But something has changed somewhere. > Not sure if a version of something changed and a feature was removed > but now postfix tells me this: > > Sep 5 10:25:50 shuttle postfix/smtpd[35059]: match_list_match: > erewhon.example.org: no match > Sep 5 10:25:50 shuttle postfix/smtpd[35059]: match_list_match: > 192.168.2.9: no match > Sep 5 10:25:50 shuttle postfix/smtpd[35059]: match_list_match: > erewhon.example.org: no match > Sep 5 10:25:50 shuttle postfix/smtpd[35059]: match_list_match: > 192.168.2.9: no match > > which I don't understand. If I have permitted 192.168.2.0/24 and that > system is on that network (it's a wireless AP running as a gateway) > why is it unmatched? Because you forgot permit_mynetworks: > smtpd_recipient_restrictions = permit_sasl_authenticated, reject -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: match_list_match: host in my subnet: no match
* Paul Beard : > > On Sep 6, 2009, at 2:31 AM, Ralf Hildebrandt wrote: > > >Because you forgot permit_mynetworks: > > > >>smtpd_recipient_restrictions = permit_sasl_authenticated, reject > > > > > Like this? > > smtpd_recipient_restrictions = permit_mynetworks, > reject_unauth_destination Yep. That should rather be: > > On Sep 5, 2009, at 11:20 PM, /dev/rob0 wrote: > smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination reject then -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de signature.asc Description: Digital signature
python framework for a policy daemon?
Is there a ready to use python framework for a policy daemon? I have a nice idea for a policy daemon :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: NDR status written to headers rather than body?
* Paul Cockings : > Hi List - > > I send a mail to d...@gdshgf.ggg via my postfix server > I get a an NDR back with the a 550 Host or domain name not found (in > the body) > - That works like normal > > Now I'd like to alter things; > > When I get an NDR I'd like to parse the header only to find who the > message was oringally sent to and why it failed. > > I currently have X-Original-To: which works for the who, but not why > I'd like to be add a custom header in the NDR to say > > x-mycustomheader: d...@gdshgf.ggg = 550 Host or domain name not found > > then I can parse the header for this key/pair, store (probably in a > MySQL table) the who and why. I can dump the body (i don't need to > waste resources reading the body) > > Hope this makes sense, kind regards Nope. Simply use VERP. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: NDR status written to headers rather than body?
* Paul Cockings : > That seems like a much better idea - Thanks! A bit of code sends mail to $...@$2: /usr/sbin/sendmail -N failure,success -f sender+$1...@charite.de $...@$2 < To: $...@$2 Errors-To: sender+$1...@charite.de Return-Receipt-To: sender+$1...@charite.de Disposition-Notification-To: sender+$1...@charite.de Read-Receipt-To: sender+$1...@charite.de Registered-Mail-Reply-Requested-By: sender+$1...@charite.de Return-Receipt-Requested: sender+$1...@charite.de X-Confirm-Reading-To: sender+$1...@charite.de Subject: Test $...@$2 some text EOF -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: NDR status written to headers rather than body?
* Ralf Hildebrandt : > * Paul Cockings : > > > That seems like a much better idea - Thanks! > > A bit of code sends mail to $...@$2: > > /usr/sbin/sendmail -N failure,success -f sender+$1...@charite.de $...@$2 < From: sender > To: $...@$2 > Errors-To: sender+$1...@charite.de > Return-Receipt-To: sender+$1...@charite.de > Disposition-Notification-To: sender+$1...@charite.de > Read-Receipt-To: sender+$1...@charite.de > Registered-Mail-Reply-Requested-By: sender+$1...@charite.de > Return-Receipt-Requested: sender+$1...@charite.de > X-Confirm-Reading-To: sender+$1...@charite.de > Subject: Test $...@$2 You might want to remove Read-Receipt-To:, X-Confirm-Reading-To:, X-Confirm-Reading-To: :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
[OT] krb5 authorization and special characters
I'm aware of http://tools.ietf.org/html/draft-ietf-krb-wg-kerberos-set-passwd-06 which addresses usernames & passwords with special characters (which we germans have plenty of). Is this still a draft or has an RFC replaced it in the meantime? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Simple mailing list for virtual domain
* Thomas Pfaff : > Hi. > > I'm trying to get mail sent to l...@foo.com forward mail to > a list of addresses set in /etc/postfix/virtual, like so: > >l...@foo.com f...@domain1.com, b...@domain2.com > > but I'm getting a 550 Host unknown when I try to mail this > address. Obviously I'm an idiot and I need some assistance. Please show the log entry. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Simple mailing list for virtual domain
* Thomas Pfaff : > Sep 30 11:53:40 gw postfix/qmgr[25164]: 079B412A5D1: removed > > On Wed, 30 Sep 2009 11:50:35 +0200 > Ralf Hildebrandt wrote: > > > * Thomas Pfaff : > > > Hi. > > > > > > I'm trying to get mail sent to l...@foo.com forward mail to > > > a list of addresses set in /etc/postfix/virtual, like so: > > > > > >l...@foo.com f...@domain1.com, b...@domain2.com > > > > > > but I'm getting a 550 Host unknown when I try to mail this > > > address. Obviously I'm an idiot and I need some assistance. > > > > Please show the log entry. > > > > Sep 30 11:53:39 gw postfix/pickup[5354]: E75CF12A588: uid=1000 from= > Sep 30 11:53:39 gw postfix/cleanup[25482]: E75CF12A588: > message-id=<20090930095339.e75cf12a...@smtp1.tp76.info> > Sep 30 11:53:39 gw postfix/qmgr[25164]: E75CF12A588: from=, > size=313, nrcpt=1 (queue active) > Sep 30 11:53:40 gw postfix/error[4952]: E75CF12A588: to=, > relay=none, delay=0.1, delays=0.03/0.03/0/0.04, dsn=5.0.0, status=bounced > (User unknown in virtual alias table) > Sep 30 11:53:40 gw postfix/cleanup[25482]: 079B412A5D1: > message-id=<20090930095340.079b412a...@smtp1.tp76.info> > Sep 30 11:53:40 gw postfix/bounce[29316]: E75CF12A588: sender non-delivery > notification: 079B412A5D1 > Sep 30 11:53:40 gw postfix/qmgr[25164]: 079B412A5D1: from=<>, size=2030, > nrcpt=1 (queue active) > Sep 30 11:53:40 gw postfix/qmgr[25164]: E75CF12A588: removed > Sep 30 11:53:40 gw postfix/local[20571]: 079B412A5D1: to=, > relay=local, delay=0.13, delays=0/0.01/0/0.11, dsn=2.0.0, status=sent > (delivered to command: maildrop) So where's the "550 Host unknown"? I just see "User unknown in virtual alias table"! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Simple mailing list for virtual domain
* Thomas Pfaff : > $ postconf -n > command_directory = /usr/local/sbin > config_directory = /etc/postfix > daemon_directory = /usr/local/libexec/postfix > data_directory = /var/postfix > debug_peer_level = 2 > header_checks = regexp:/etc/postfix/header_checks > home_mailbox = Maildir/ > html_directory = /usr/local/share/doc/postfix/html > inet_protocols = all > mail_owner = _postfix > mailq_path = /usr/local/sbin/mailq > manpage_directory = /usr/local/man > masquerade_domains = tp76.info > message_size_limit = 1024 > mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain > myhostname = smtp1.tp76.info > myorigin = $mydomain > newaliases_path = /usr/local/sbin/newaliases > queue_directory = /var/spool/postfix > readme_directory = /usr/local/share/doc/postfix/readme > sample_directory = /etc/postfix > sendmail_path = /usr/local/sbin/sendmail > setgid_group = _postdrop > unknown_local_recipient_reject_code = 550 > virtual_alias_domains = foo.com > > $ head -n 1 /etc/postfix/virtual > l...@foo.com u...@domain1.com, u...@domain2.com /etc/postfix/virtual is not being used in you "postconf -n" output. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postfix outgoing mail delay
* Mark Johnson : > All, > > Each time the application server fetch email to relay postfix smtp server > outgoing will delay few seconds on each task. > Here is the example: > First task sent 300 mails took 4 mins, then the 2nd task outgoing mails took > 4 mins and 2 seconds, and the 3rd task, the outgoing mail took 4 mins and 4 > seconds to finish. > The application server schedule fetch mail every 5 mins. > I have no ideals why this happen. Any suggestion? Without log? No. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
sender_canonical_maps vs. smtpd_proxy_filter
I tried using sender_canonical_maps to rewrite sender adresses in envelope & header. I have amavisd-new setup as a smtpd_proxy_filter. I was able to get rewriting to work for the headers by using: local_header_rewrite_clients = static:all But that's a bit broad, so I tried: local_header_rewrite_clients = 141.42.206.36 to allow rewriting from my mailbox server only. But that simply wouldn't work: Sep 30 17:00:54 mail-ausfall postfix/cleanup[15363]: 995B73DD09: warning: header Subject: Test mit fake adresse from postamt.charite.de[141.42.206.36]; from= to= proto=ESMTP helo= -- it would rewrite the envelope, but not the header. mail_version = 2.7-20090828-nonprod -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Specifying 'check_sender_access' during 'smtpd_recipient_restrictions' filters recipient as well?
* URCentral Support (GMail) : > Hello list, > > This might be working as intended, but since it seemed a tad odd and I > couldn't find any conclusive documentation that explained it, I > figured I'd work up the courage and ask. I moved 'check_sender_access' > from the 'smtpd_sender_restrictions' to the > 'smtpd_recipient_restrictions' stage, and ran a test; > > Out: 220 nenya.dtnx.net ESMTP > In: EHLO arturia.xs4all.nl > Out: 250-nenya.dtnx.net > Out: 250-PIPELINING > Out: 250-SIZE 35651584 > Out: 250-ETRN > Out: 250-ENHANCEDSTATUSCODES > Out: 250-8BITMIME > Out: 250 DSN > In: MAIL FROM: > Out: 250 2.1.0 Ok > In: RCPT TO: > Out: 550 5.7.1 : Recipient address rejected: You > are not a known MX for 'configcast.com'. > In: QUIT > Out: 221 2.0.0 Bye > > The rejection is from the hash database specified for > 'check_sender_access', which has a line for every domain this server > is responsible for, since all mail from those domains originates from > our own servers; > > configcast.com REJECT You are not a known MX for > 'configcast.com'. > > Since there is a seperate 'check_recipient_access' as well, I was > expecting 'check_sender_access' to work for 'MAIL FROM' only, but the > above example suggests it is consulted during the recipient stage as > well, if specified there. > > Is this by design, working as intended? Or am I missing something somewhere? Where's the main.cf snippet? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Fall back when dovecot SASL is unavailable?
* Hagen Fürstenau : > Hi, > > I'm using dovecot for SASL authentication: > > smtpd_sasl_auth_enable = yes > smtpd_recipient_restrictions = > permit_mynetworks > permit_sasl_authenticated > reject_unauth_destination > smtpd_sasl_type = dovecot > smtpd_sasl_path = private/auth-client > > Now if for whatever reason dovecot is not running, smtpd will also > refuse to work, complaining "fatal: no SASL authentication mechanisms". Indeed! > I would much prefer it to fall back to "smtpd_sasl_auth_enable = no" in > that case, so that mail for local recipients can still be received. Is > this possible? It's the one problem we're having here as well: When updating dovecot, postfix won't work due to that... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: content_filter for outbound messages
* Darvin Denmian : > Hello, > > Currently I'm using "content_filter" to filter inbound messages. How? > Now I need to know if is possible to do something like content_filter > for outbound messages. Every outbound message was inbound once, no? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: snowshoe spammers at zen
* ghe : > I see that spamhaus is adding a 127.0.0.3 IP response for snowshoe > spammers. Will postfix block these? That depends of how you configured postfix! > Just how does postfix process zen responses? That depends of how you configured postfix! How did you configure postfix? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: snowshoe spammers at zen
* Ralf Hildebrandt : > How did you configure postfix? To shorten the riddle: reject_rbl_client zen.spamhaus.org uses the snowshoes automatically, reject_rbl_client zen.spamhaus.org=127.0.0.1 etc. doesn't. But people using above syntax usually know what they're doing (since they're picking specific lists from the aggregate zone!) and wouldn't ask. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Using Postfix WARN Action Properly
* Rich Shepard : >The Postfix book tells me that using the WARN option on a restriction > (such as in the /etc/postfix/header_checks file) logs the warning while > delivering the message. However, there is apparently no marking of the > message so it's clearly identified as one that tripped that warning. Usually you can identify the message using sender, recipient and/or message-id: Oct 6 22:59:28 mail postfix/cleanup[2703]: 75B5C1C360A: warning: header Subject: AARON LORDSON ON A TALENT SHOW !! from server009.hostspectrum.com[64.92.105.16]; from= to= proto=ESMTP helo= using the QueueID I can retrieve the message-id: Oct 6 22:59:28 mail postfix/cleanup[2703]: 75B5C1C360A: message-id=<201f6b9c8267c0517c1cd88b1fb52...@lordsons-macbook-pro.local> >I want to examine delivered messages that contain > "Content-Transfer-Encoding: base64" in the header. Basically that would be all messages... > Adding that string to the header_checks file with a WARN option does > not explicitly identify those messages. > >Use of the warn action is not giving me the results I want. How should I > be doing this? Alternatively, if I use the HOLD option instead, where are > those messages held until I can examine them? What exactly is it that you want to do. In real life almost ALL mails are base64 encoded... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de signature.asc Description: Digital signature
Re: sender_canonical_maps vs. smtpd_proxy_filter
* Victor Duchovni : > This parameter is clearly documented to have the syntax of a restriction > class. (It has "check_address_map" as the implicit restriction for bare > tables). Didn't know that. It works now. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Postfix snapshot 20091008 with postscreen
* Stan Hoeppner : > Does postscreen run one process per connection, allowing balanced > scheduling across cpus/cores, or is it just one process handling all > connections? If only one process, do you see possible benefit to > pinning its affinity to a single cpu/core in a high traffic > multi-cpu/core MX, and excluding all other processes from that cpu/core? I don't find postscreen to be CPU intensive, so what's the point? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Not receive mail error
* Mark Johnson :
> All,
> We have an application server to generate mail and use postfix as relay
> mail server for outgoing mail. We ran the test and postfix did catch
> the error
> However, it didn't report back to application server.
Please show complete logs for 47E79249AA4 and 5813B249AA6
> We used sendmail as relay mail server and it did report back to application
> server.
How?
> Any suggestion is appreciated?
> Here is the mail log:
Incomplete!
> Oct 9 10:17:34 smtpmailer postfix/smtp[27126]: 47E79249AA4:
> to=, relay=none, delay=20, delays=0.07/0/20/0,
> dsn=4.4.3, status=deferred (Host or domain name not found. Name service
> error for name=varsitygold.com type=MX: Host not found, try again)
> Oct 9 10:17:34 smtpmailer postfix/smtp[27128]: 5813B249AA6:
> to=, relay=none, delay=20, delays=0.07/0.01/20/0,
> dsn=4.4.3, status=deferred (Host or domain name not found. Name service
> error for name=varsitygold.com type=MX: Host not found, try again)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
- End forwarded message -
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: Not receive mail error
* Ralf Hildebrandt : > > Oct 9 10:17:34 smtpmailer postfix/smtp[27126]: 47E79249AA4: > > to=, relay=none, delay=20, delays=0.07/0/20/0, > > dsn=4.4.3, status=deferred (Host or domain name not found. Name service > > error for name=varsitygold.com type=MX: Host not found, try again) This is a TEMPORARY error. Postfix will retry for maximal_queue_lifetime, and if the temporary error persists, it will return the mail to the sender after maximal_queue_lifetime. $ host -t mx varsitygold.com ;; connection timed out; no servers could be reached -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Outgoing Mail Moderation
* Manish Kathuria : > Is there any content filtering mechanism available using which the outgoing > mails from all the users or selective users are held in a queue, and are > released only after they are examined and approved by the administrator or a > designated person ? Use a combination of HOLD in header_checks or access maps and the pfqueue program -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Using unix domain socket to send mail?
* Srdan Dukic : > Hi, > > I have a program which currently uses the '/usr/sbin/sendmail' command to > send mail through postfix, but am looking for a replacement for this command > as it is slow. Use direct SMTP to port 25, localhost -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: invalid sender - domain but no username
* Iseli, Erich : > From ""@domain.com Tue Oct 13 13:53:47 2009 envelope sender > Return-Path: <""@domain.com> envelope sender > From:Name header from > I then had a look at the messages kept in /var/spool/postfix/hold with > postcat and I couldn't believe my eyes: actually postfix must be > mangling something since the "from"-address is absolutely correct! You haven't understood the difference between header and envelope sender. > sender: @domain.com wrong envelope sender > From:Name > ^^^ header Solution: Specifiy a correct envelope sender. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Postfix Sender Verify
* Postflick : > > Hi > > We're recently enabled Postfix Sender Verify on our mail filtering gateway. > > This has worked quite well, however Postfix keeps calling back to > mailservers using a non-fully qualified address, e.g. from=. Because you configured it that way? address_verify_sender # postconf -d address_verify_sender address_verify_sender = $double_bounce_sender # postconf -d double_bounce_sender double_bounce_sender = double-bounce So I don't see postmaster here. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Postfix Sender Verify
* Postflick :
>
> Hi Ralf
>
> Where would these parameters be configured.
It'Äs hard to tell, it depends on other settings!
> I have not told it to use postmaster, however, using postconf, it does
> return that as the address;
>
> u...@spam {uk} [11:56:26] /etc/postfix: postconf -d address_verify_sender
> address_verify_sender = postmaster
-d displays the default - always!
please show postconf -n output.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: Postfix Sender Verify
* Chris Imrie : > Hi Ralf > > Here's the output from 'postconf -n', we have the Sender Verify disabled > currently while we get the address_verify_sender configured. > > address_verify_map = btree:/etc/postfix/verified_senders > address_verify_negative_cache = no > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > append_at_myorigin = no ^ there's your problem > inet_interfaces = all default > local_recipient_maps = sure? > mydestination = $myhostname, localhost.$mydomain, $mydomain > mydomain = domain.co.uk > myhostname = spam.domain.co.uk > relay_domains = domain.co.uk That makes no sense. Is domain.co.uk relay_domain or mydestination? Decide! The solution is: address_verify_sender = postmas...@domain.co.uk -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Accept null HELO/EHLO
* ram : > A lotus notes server of our clients in hugely misconfigured to send just > a empty HELO. And we are supposed to relay mails for this client. > > I know getting the lotus admin to set his MTA is the right thing , but > we for now I want to accept the null HELO > > how do I do this ? I already have smtpd_helo_required = no Find out what rejects it now. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Postfix Sender Verify
* Mark Goodge : > I agree. Sender verification has its uses, but it is *not* suitable > for use as an anti-spam tool on inbound email. At least one major > webmail provider is known to blacklist hosts that employ it > excessively. So use it selectively only. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: How Can I Wipe Out Emails From Specific Sender
* Gary Smith : > smtpd_recipient_restrictions = >hash:/etc/postfix/custom/access, >permit_mynetworks, >reject_unknown_sender_domain, >reject_rbl_client zen.spamhaus.org, >reject_rbl_client bl.spamcop.net, >reject_rbl_client rhsbl.ahbl.org, >reject_rbl_client dnsbl-1.uceprotect.net, >check_policy_service inet:10.80.65.26:5847, >reject_unauth_pipelining, >reject_unauth_destination, >reject_invalid_hostname > > > [r...@hsoakmta03l02 postfix]# cat custom/access > mousekey.soulard...@gmail.com REJECT "Stop spamming our users" > eric.soul...@bell.net REJECT "Stop spamming our users" > ... But this checks the recipient, not the sender. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: bug? virtual_alias_maps, virtual_mailbox_maps locan non local sender differenceu
* Ключников А.С. : > * Wietse Venema [2009-10-22 06:40:01 -0400]: > > > al...@ulgsm.ru: > > > Oct 22 13:03:34 skuns postfix/cleanup[46220]: warning: table > > > "mysql:/usr/local/etc/postfix/aliases.mysql": empty lookup result for: > > > "al...@ulgsm.ru" -- ignored > > > > Fix that. > It is not problem. > al...@ulgsm.ru not exists in mysql:/usr/local/etc/postfix/aliases.mysql It exists: it returns an empty result. Fix that. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: smtpd_restrictions sanity check
* Alex : > reject_maps_rbl, That's deprecated, for years. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Adding spam attack IP's to DNSRBL providers
* Sharma, Ashish : > Hello, > I have a Postfix e-mail receiving server setup. > I have applied the following setting in my Postfix main.cf file: > smtpd_recipient_restrictions = > reject_unauth_destination, > reject_rbl_client sbl-xbl.spamhaus.org, You may want to use zen.spamhaus.org > reject_rbl_client bl.spamcop.net > permit > for checking the mails with DNSRBL providers. > Since Postfix has custom built RBL check, I want to know if a certain IP > address is continuously attacking with spam on my e-mail server, then how can > I get it added with the following DNSRBL provider list: > > 1. Spamcop > 2. Spamhaus Check their websites. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: reject based on attachment
* Stan Hoeppner : > Anyone have a filter they'd like to share that rejects mail at smtp > based on known malicious attachment file types? Of course .) mime_header_checks: /name=\"(.*)\.(386|bat|chm|cpl|cmd|com|do|exe|hta|jse|lnk|msi|ole)\"$/ REJECT Unwanted attachment/Unerwuenschter Anhang $1.$2 -- http://webmail.charite.de/doku/faq/#3 /name=\"(.*)\.(pif|reg|rm|scr|shb|shm|shs|sys|vbe|vbs|vxd|xl|xsl)\"$/ REJECT Unwanted attachment/Unerwuenschter Anhang $1.$2 -- http://webmail.charite.de/doku/faq/#3 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: reject based on attachment
* Stan Hoeppner : > Thanks Ralf. Is smtpd_recipient_restrictions the appropriate place to > put mime_header_checks, like this? No. > smtpd_recipient_restrictions = It's just: mime_header_checks = pcre:/etc/postfix/mime_header_checks > BTW, I can't tell--are these regexp or pcre format? I usually use PCRE -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: DB files across machines
* Gaby Vanhegan : > Is there a portable way to share postmapped file across machines? Yes: 1) share the text files, then use a Makefile to convert them on the target systems 2) Use compatible BerkeleyDB versions 3) Don't use BerkeleyDB, use CDB -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: DB files across machines
* Gaby Vanhegan : > I was under the impression that there was a performance penalty using > CDB with Postfix? A negative penalty, yes -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: DB files across machines
* Gaby Vanhegan : > I guess I was just misleading myself with respect to CDB and > performance: > > http://www.postfix.org/CDB_README.html I've been using it for years, no problems... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: differences between _check options
* Luis Daniel Lucio Quiroz : > Hi all, > > I wonder if anyone has a link of could explain in detail differences on may > chackin between all *_check options. Mainly header_check, header_mime_check > & > body_check. I'm getting confussing header_Checks = check the headers body_checks = check the body (everything that's NOT a header!) mime_header_checks = check the MIME headers (which specify the MIME structure of the mail) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: DB files across machines
* Ansgar Wiechers : > > My setup currently copies the plain text versions and creates a flag > > file. A cron job then looks for the flag file and postmaps the files if > > needed. > > Use incron instead of cron. Yes, it's a bit tricky to get right, but once it works... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: differences between _check options
* Victor Duchovni : > On Thu, Nov 12, 2009 at 09:09:22PM +0100, Ralf Hildebrandt wrote: > > > mime_header_checks = check the MIME headers (which specify the MIME > > structure of the mail) > > Primary headers = headers of the top-level message > Nested headers = headers of a nested message/rfc822 part Like for example header in bounces -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: advice on source route
* Peter Sørensen : > Hi, > > We use postfix in front of our local email servers where 80% is based on > exchange. We have around > 25000 users/distlist/emaillist > > We would like to implement a system where all email addresses are known and > which server will handle it. > Because this is a heterogeneous environment the system should contain all > valid email addresses and the > name of destination server for this. I can't use AD for this. I can't use > transport maps to do this. I use virtual_alias_maps for that ralf.hildebra...@charite.de --> loginn...@mailboxserver.charite.de -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: 4KB of disk space burning on a single email
* Arora, Sumit : > You are right Joost, 4KB will be the block size... > But my question is who is taking this disk space, because email is deleted > already. How EXACTLY is the email being deleted ? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: 4KB of disk space burning on a single email
* J. Roeleveld : > The log-entries you sent me are nowhere near 4KB in size. > How do you check that the "maillog" increases by 4KB per message? My guess is the mails are marked as deleted. Nothing more. They never get deleted, thus the space never gets free. Furthermore it's OT! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: pcre:table & client_restrictions
* Eugene V. Boontseff :
> Dear colleagues,
>
> kindly looking for your assistence in the following matter.
> To cut off the spamers, I intended to use pcre:table.
WOuldn't it be easier to use an RBL instead?
> smtpd_client_restrictions =
>check_client_access pcre:/usr/local/etc/postfix/exper,
> ...
>
>
> eug...@mail [/usr/local/etc/postfix]# cat exper
> /(.*(\d{1,3})[\.-](\d{1,3})[\.-](\d{1,3})[\.-](\d{1,3}).*\[.*(?:\3\.\2|\2\.\3.*).*\].*)/
>
>
> 554 5.7.1 Dynamic sender $1, please, use SMTP server of
> your provider
> /pppoe/ REJECT pppoe# It's for debugging
>
>
> eug...@mail [/usr/local/etc/postfix]# postmap -fq
> " 554 5.7.1 Dynamic sender
> SMTP server of your provider
>
> so the postmap shows that the first line is working
Nope. Postfix hands down the IP and it hands down the hostname IF the
hostname resolves back and forth.
> eug...@home [/home/eugene]> telnet some.mail.host 25
> Trying aa.bbb.ccc.dd...
> Connected to some.mail.host.
> Escape character is '^]'.
> 554 5.7.1 :
> Client host rejected: pppoe
>
> the debuging rule is working instead the of first one.
>
> Why does the postfix ignore the first rule?
I'd think the regexp is wrong
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: pcre:table & client_restrictions
* Eugene V. Boontseff : > >>eug...@mail [/usr/local/etc/postfix]# postmap -fq > >>" >I'd think the regexp is wrong > Why this regexp is "wrong" for postfix, but isn't wrong for postmap? postfix matches the HOSTNAME: ppp92-100-127-177.pppoe.avangarddsl.ru and/or the IP 92.100.127.177 not http://www.charite.de
Re: always_bcc
* Paweł Burzyński : > how can i make copy custiom user mail > because always_bcc = make copy all mails i need custiom copy of mail postconf |grep bcc -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: always_bcc
* Paweł Burzyński : > > postconf |grep bcc > > > I anderstand that command always_bcc and this work properly > but i need solution for custiom copy of my users mail > always_bcc copy all mails from server but i need select custiom > users What is the output of "postconf |grep bcc" -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: sender check
* Marco Giardini : > > smtpd_recipient_restrictions = > > permit_mynetworks permit_sasl_authenticated reject > > > > Wietse > > i do use: > smtpd_recipient_restrictions = > permit_mynetworks > permit_sasl_authenticated > reject_unauth_destination > > but it seems from the log that spammer still send me and to other > local users spam mails. > Humm...strange Not strange. Look at the difference in the two configs. The solution is right there. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Postfix Deployment
* Roman Gelfand : > Is it preferable that machine running postfix should have publlic > address as opposed NATed address? That depends on what you want to use it for > It appears that as postfix handing control to various plugins, the > source address of the message is 127.0.0.1. Is there a configuration > in postfix that would ignore the localhost and show original source ip > address? That depends on which software you using. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Postfix Deployment
* Roman Gelfand : > On Fri, Nov 27, 2009 at 3:00 AM, Ralf Hildebrandt > wrote: > > * Roman Gelfand : > > > >> Is it preferable that machine running postfix should have publlic > >> address as opposed NATed address? > > > > That depends on what you want to use it for > > >I want to use it to filter spam and to send ham to internal network. Then it of course needs a publich IP addresses > >> It appears that as postfix handing control to various plugins, the > >> source address of the message is 127.0.0.1. Is there a configuration > >> in postfix that would ignore the localhost and show original source ip > >> address? > > > > That depends on which software you using. > > > I would like to use sid-milter and opendkim-milter. I don't know these, I'm using amavisd-new for DKIM... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: What Is Causing This Failure
* Carlos Williams : > I am getting a report from someone on my network that they are getting > delivery failures when attempting to send an email from my Postfix > server to the remote mail server. I see the message stuck on my > Postfix servers queue: > > CB87E778055 1337 Mon Nov 30 08:59:15 tprem...@iamghost.com >(connect to a.mx.premore.net[198.186.193.20]: No route to host) > b...@premore.net Works OK. What does tracroute 198.186.193.20 return? # traceroute 198.186.193.20 traceroute to 198.186.193.20 (198.186.193.20), 30 hops max, 60 byte packets ... snip ... 4 zr-pot1-te0-0-0-3.x-win.dfn.de (188.1.144.30) 5.288 ms 5.290 ms 5.281 ms 5 cr02.frf02.pccwbtn.net (80.81.192.50) 18.030 ms 18.027 ms 18.132 ms 6 carpathia.ge12-1.br02.ash01.pccwbtn.net (63.218.94.166) 109.111 ms 106.313 ms 106.528 ms 7 xe-3-3.e4.iad1.cirn.net (209.222.130.29) 105.968 ms 106.036 ms 106.044 ms 8 66.117.37.180 (66.117.37.180) 101.005 ms 100.773 ms 101.520 ms 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 dns5.docforge.org (198.186.193.20) 4.241 ms 1.685 ms 0.271 ms > I am guessing that this is a problem with the remote mail server > 'a.mx.premore.net' since my server is sending and receiving email just > fine to every other destination. I then decided to do a MX lookup for > this domain "premore.net" & see if there is anything wrong: > > ;; QUESTION SECTION: > ;premore.net. IN MX > > ;; ANSWER SECTION: > premore.net. 3093IN MX 0 a.mx.premore.net. > > ;; ADDITIONAL SECTION: > a.mx.premore.net. 3093IN A 198.186.193.20 > > However my mail server wont send to this destination address and I > have no idea why. Can someone tell me how I can better examine this > situation to understand where the fault lies. > > Thank you! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: What Is Causing This Failure
* Evan Platt : > Unless I'm misreading and misunderstanding your logs > > # telnet 198.186.193.20 25 > Trying 198.186.193.20... > telnet: connect to address 198.186.193.20: Operation timed out > telnet: Unable to connect to remote host > > The mail server on that IP isn't answering. # telnet 198.186.193.20 25 Trying 198.186.193.20... Connected to 198.186.193.20. Escape character is '^]'. 220 share.docforge.org ESMTP Postfix -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: What Is Causing This Failure
* Carlos Williams : > > 25 dns5.docforge.org (198.186.193.20) 4.241 ms 1.685 ms 0.271 ms > > I am unable to connect via Telnet so it appears to be a network / ISP issue. > > car...@tunafish:~$ telnet 198.186.193.20 25 > Trying 198.186.193.20... > telnet: Unable to connect to remote host: No route to host What is the output of traceroute 198.186.193.20 ? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Mysterious error
* Luciano Mannucci : > Dec 3 14:21:51 baobab postfix/smtpd[15814]: warning: unknown smtpd > restriction: "`" Some (map) lookup returns "`" -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Bounce at SMTPD level
* Thomas Bolioli : > http://forum.qmailrocks.org/archive/index.php/t-1623.html The document describes rejection of unknown recipients. The document is misnomed, since no bouncing takes place but a simple rejection. > I found the above link when looking for a how to for configuring > postfix to bounce email BEFORE the initial MTA transaction is > complete. I can't seem to find one for postfix. Postfix does that by default. > I want a sending MTAs to get a 550 error if spamc/spamd determine a > mail is spammy so non spam senders get some sort of feedback that their > message has been tossed and not delivered. For obvious reasons you > can't do this as a bounce to the From: or Reply-To: header emails so it > has to happen during the initial MTA transaction. Can someone point me > to a how to for this? Thanks, Tom Run amavisd-new as smtpd_proxy_server -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Bounce at SMTPD level
* Marty Anstey : > I don't think you can pass messages directly to spamc/spamd in a > before-queue scenario. Yes, that's because it doesn't speak SMTP -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Local Mails not working
* Alexander : > Mr Rob0, > I really take exception to your insulting language. Which insulting language? He simply told you to send plain text mail and even answered your question. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Bounce at SMTPD level
* Thomas Bolioli : > This is an interesting. You are saying run amavisd as an MTA in > between postfix and the sending MTA to reject the spammy/virus > messages inbound and then send off to postfix everything else for > delivery. What happens to non deliverables? They will make it through > the first transaction. Or does amavisd reference postfix's > configuration at all? Postfix doesn't accept mail to non-existing recipients by default. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: OT: Postfix & ClamAV integration
* JORGE CARMINATI : > Hi all! I'm trying to integrate Postfix (chrooted) with ClamAV and am > looking for some information about this. It seems that the old > fashioned style of configuring Postfix + amavisd-new now days is not > recommended (performance) Says who? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: OT: Postfix & ClamAV integration
* JORGE CARMINATI : > Here's an example: > http://slaptijack.com/system-administration/postfix-23-and-clamav-milter/ > > Last line says "If the mail server was heavily loaded, you should see a > significant decrease in load.". Anyway I don't know who's the writer. Neither do I. Virus scanning takes the least amount of time here. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Trouble with clamav-milter
And a side note: It doesn't matter how well (or not) clamav-milter performs if you can't get it running... But you'll probably get it running, fear not. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Random Source Parameter Error
* Dennis Putnam : > I'm trying to set up TLS on Postfix 2.5.5 and 'tlsmgr' keeps getting a fatal > error on this statement: > > tls_random_source = dev:/dev/urandom Which error exactly? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Code burn-in: postscreen/verify cache cleanup
* Wietse Venema : > You may want to give a heads-up to the maintainer as I am just > about to release this code as a regular experimental release. > Cache cleanup will definitely be part of the Postfix 2.7 stable > release, so they will have to deal with it in a month or so anyway. I'm running the unpatched version here; it seems to work > Dec 29 04:20:17 spike postfix/postscreen[44900]: cache > /var/lib/postfix/ps_cache.db full cleanup: retained=134 dropped=19 entries > Dec 29 06:19:33 spike postfix/verify[46072]: cache /var/lib/postfix/verify.db > full cleanup: retained=1726 dropped=28 entries The initial cleanup: Dec 29 10:16:35 mail postfix/postscreen[12078]: cache /var/lib/postfix/ps_cache.db full cleanup: retained=8460 dropped=274056 entries Dec 29 10:17:13 mail postfix/verify[12105]: cache /var/lib/postfix/verify.db full cleanup: retained=109892 dropped=648105 entries -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Transport sintax for 2 backend servers of the same domain
* Luis Conrado Andrade : > > Hi, > > I have this situation > > 2 postfix accting as a relay for domain.com and 2 internal exchange > servers as mailbox server. I have MX records pointing to both postfix > servers, so if one is down the message is sent to the other. I want to > do the same for internal servers, so I would like to now if it´s > possible to set primary and backup internal servers on the transport > configuration file Setup an MX interally :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Transport sintax for 2 backend servers of the same domain
* Ralf Hildebrandt : > * Luis Conrado Andrade : > > > > Hi, > > > > I have this situation > > > > 2 postfix accting as a relay for domain.com and 2 internal exchange > > servers as mailbox server. I have MX records pointing to both postfix > > servers, so if one is down the message is sent to the other. I want to > > do the same for internal servers, so I would like to now if it´s > > possible to set primary and backup internal servers on the transport > > configuration file > > Setup an MX interally :) MX record... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Broken web link
* Jerry : > On this URL: http://www.postfix.com/DEBUG_README.html, this link: > http://ftp.wl0.org/SOURCES/postfinger results in this error message: > > Forbidden > > You don't have permission to access /SOURCES/postfinger on this server. > Apache/2.2.11 (Ubuntu) DAV/2 SVN/1.5.4 PHP/5.2.6-3ubuntu4.4 with > Suhosin-Patch mod_python/3.3.1 Python/2.6.2 Server at ftp.wl0.org Port > 80 > > I don't know who to report this to since there is no 'contact' or > 'webmaster' address on the page. I fixed it. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
smtpd crashes
Today I found: Dec 31 20:05:54 mail-ausfall kernel: [876822.781710] smtpd[27410] general protection ip:80813d8 sp:bf9c2d68 error:0 in smtpd[8048000+53000] Jan 1 21:22:23 mail-ausfall kernel: [967812.555067] smtpd[1590] general protection ip:80813d8 sp:bfbebe28 error:0 in smtpd[8048000+53000] Jan 2 04:36:23 mail-ausfall kernel: [993852.201068] smtpd[5253] general protection ip:80813d8 sp:bfd2aa38 error:0 in smtpd[8048000+53000] but these are not backed by any "error" or "fatal" entries in the log; instead I found these: Jan 1 20:19:41 mail-ausfall postfix/verify[26329]: fatal: close database /var/lib/postfix/verify.db: No such file or directory Jan 1 21:52:04 mail-ausfall postfix/verify[31780]: fatal: close database /var/lib/postfix/verify.db: No such file or directory Jan 2 04:09:40 mail-ausfall postfix/verify[2919]: fatal: close database /var/lib/postfix/verify.db: No such file or directory Jan 2 04:42:40 mail-ausfall postfix/verify[4901]: fatal: close database /var/lib/postfix/verify.db: No such file or directory Jan 2 10:17:55 mail-ausfall postfix/postscreen[17151]: fatal: close database /var/lib/postfix/ps_cache.db: No such file or directory Which also baffle me, since: # ls -l /var/lib/postfix/verify.db -rw-r--r-- 1 postfix postfix 20844544 2. Jan 10:28 /var/lib/postfix/verify.db # ls -l /var/lib/postfix/ps_cache.db -rw--- 1 postfix postfix 6131712 2. Jan 10:24 /var/lib/postfix/ps_cache.db I updated to postfix-2.7-20100101 these minutes; maybe something changes. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: smtpd crashes
* Ralf Hildebrandt : > I updated to postfix-2.7-20100101 these minutes; maybe something > changes. postfix-2.7-20091228-nonprod was the old version that caused all the logentries. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: smtpd crashes
* Wietse Venema : > Introduced 20091227, fixed 20091230 (dangling pointer in event manager). Yes, I'm not seeing those in 20100101 > Sometimes non-production software has a defect. That's why I'm reporting them... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Berkeley DB warnings (was: smtpd crashes)
* Wietse Venema : > >Jan 1 20:19:41 mail-ausfall postfix/verify[26329]: fatal: close database > >/var/lib/postfix/verify.db: No such file or directory > > Does not reproduce on Ubuntu 9.10-server with the default Berkeley DB 4.7. > > Can you check if this warning (and the warning for postscreen) goes > away when automatic cache cleanup is turned off? > > address_verify_cache_cleanup_interval = 0 > postscreen_cache_cleanup_interval = 0 It never occured BEFORE the automatic cache cleanup was introduced. > This can't be the same bug as discussed last month with "close > database after fork", because verify(8) does not fork. Also, Postfix > does not close the same database twice (I wipe the database handle > after close to prevent that from happening). > > The warning is harmless because Postfix flushes database buffers > with each postscreen/verify database update. With synchronous > database updates it would make no sense if the database failed to > report update errors immediately and delayed those error reports > until the database is closed. My system used 4.7.25-8, now I've switched to 4.8.24-1 (debian version numbers). Let's see what happens. If I'm still getting the errors, I'll turn off the automatic cache cleanup -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: 3000 recipients
* richard lucassen : > Hello list, > > I want to send once a week a simple mail to a list of 3000 recipients. I > can set smtpd_recipient_limit and smtpd_recipient_overshoot_limit to > higher limits, but is there a better way to handle this? Use an MLM -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: header_checks problem
* Christopher Adams : > Hello, > > I previously posted this thread, but changed midstream and was given > guidance as to the proper way to post. So, I am starting again. > > Summary: I would like to ban an address/domain from posting to my system. I > am using header_checks to do that. Why? Wouldn't check_sender_access be more appropriate? > /^From: testm...@library.state.or.us / REJECT > > Log from maillog on swiki.osl.state.or.us: > > Jan 4 11:36:13 swiki postfix/qmgr[19204]: EB79ADB4B6E: from=< > testm...@library.state.or.us>, size=791, nrcpt=1 (queue active) That's the envelope, not the header > From: testm...@library.state.or.us There's no " " behind "testm...@library.state.or.us" > Output of postconf -n : it lists no header_checks > Can someone help with this? Thank you. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: header_checks problem
* Christopher Adams : > After previously posting a thread about header_checks, someone suggested > using check_sender_access, I tried it and posted a follow up and was > admonished for changing direction. I specifically asked how to proceed and > was told to go back to my original thread, which was header_checks. OK, but you forgot to actually ADD header_Checks to your main.cf :) > header_checks = regexp:/etc/postfix/header_checks ah! > I don't understand what you mean by this: > > > From: testm...@library.state.or.us > There's no " " behind "testm...@library.state.or.us" I mean what I wrote. Look at your header_checks pattern. It has a " " at the end. The header it's supposed to match does not. As a consequence, it doesn't match. > > > /^From: testm...@library.state.or.us / REJECT ^space Look at the space after testm...@library.state.or.us Remove it. A nice twist for analysis is this: /^From:/ WARN /^From: testm...@library.state.or.us/ REJECT That way you can see how postfix percieves the headers. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postdrop?
* Port Able : > Hi, > > What is the proper command that a client can use to send an email using > Postfix? sendmail -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
