Re: Amavisd-new to qpsmtpd
David Beveridge wrote: On Tuesday, Matt Sergeant wrote On 28 Nov 2005, at 18:03, David Beveridge wrote: No, the external postfix process opens up a real time connection to qpsmtpd. So when you are talking to port 25 (postfix) it is proxying it through to qpsmtpd, Kind of like how http requests are proxied through squid. That is why 550 errors from qpsmtpd end up back at the original sender. I'm confused by what this gains you though. Why not just qpsmtpd-postfix? SMTP AUTH STARTTLS MySQL based Client/Sender/Recipient Access Rules Sender/Recipient Address Verification dave qpsmtpd's plugins are not able to operate to their full potential, for example check_earlytalker is not functioning in your system, is it? I guess blacklisting plugins and header checks could be done without handling the connection, but not protocol checks--MAIL before RCPT, check_earlytalker, things like that. qpsmtpd has smtp auth, starttls. By sender/recipient address verification, you may mean several things. auth did sender verification, and then if you want to check later on to see if the sender is the same as auth sender i.e. login name, we can discuss that(just discussed that a few days ago. I have a simple plugin to prevent sharing of login names--login must be sender address). You may mean de-aliasing and forwarding and cc/bcc/wiretap, which would be accomplished by a lookup of the recipient and then depending on the lookup maybe change the recipient either in rcpt or queue hook plugin. Then wouldn't any remaining access rules be enforced by using postfix AFTER qpsmtpd, or do you mean user prefs for content filtering, as well as access rules? If you mean custom user prefs, you might have some hacking to do in a plugin. -Bob
Re: Amavisd-new to qpsmtpd
On 28 Nov 2005, at 18:03, David Beveridge wrote: No, the external postfix process opens up a real time connection to qpsmtpd. So when you are talking to port 25 (postfix) it is proxying it through to qpsmtpd, Kind of like how http requests are proxied through squid. That is why 550 errors from qpsmtpd end up back at the original sender. I'm confused by what this gains you though. Why not just qpsmtpd-postfix?
Re: Amavisd-new to qpsmtpd
My preference would be qpsmtpd-postfix - how do I lookup and validate the receipients from mysql using qpsmtpd (using the postfix virtual tables we have a domain table, an alias table, and a mailbox table)? -Max -- Max Clark max [at] clarksys.com http://www.clarksys.com Matt Sergeant wrote: On 28 Nov 2005, at 18:03, David Beveridge wrote: No, the external postfix process opens up a real time connection to qpsmtpd. So when you are talking to port 25 (postfix) it is proxying it through to qpsmtpd, Kind of like how http requests are proxied through squid. That is why 550 errors from qpsmtpd end up back at the original sender. I'm confused by what this gains you though. Why not just qpsmtpd-postfix?
Re: Amavisd-new to qpsmtpd
Max Clark wrote: My preference would be qpsmtpd-postfix - how do I lookup and validate the receipients from mysql using qpsmtpd (using the postfix virtual tables we have a domain table, an alias table, and a mailbox table)? Take a look at the plugins/auth/auth_vpopmail_sql for an example of querying an external database (in that case it is for AUTH purposes, but you can see how to query the database from within qpsmtpd). It should be very straightforward to create a check_postfix plugin which validates all RCPT addresses vs. the postfix tables. In another way to do it, for my network, I have a single user database in MySQL (for vpopmail, but postfix is very similar). Then I have two MX boxes with no local users installed, and I chose to use finger to query the central database (rather than querying MySQL directly from the remote boxes). I chose finger because it is a very lightweight query and I can specify exactly what I consider a valid address. I'd be happy to send you that code, which just does a SQL query (actually three) using the C interface to MySQL. HTH John
RE: Amavisd-new to qpsmtpd
On Tuesday, Matt Sergeant wrote On 28 Nov 2005, at 18:03, David Beveridge wrote: No, the external postfix process opens up a real time connection to qpsmtpd. So when you are talking to port 25 (postfix) it is proxying it through to qpsmtpd, Kind of like how http requests are proxied through squid. That is why 550 errors from qpsmtpd end up back at the original sender. I'm confused by what this gains you though. Why not just qpsmtpd-postfix? SMTP AUTH STARTTLS MySQL based Client/Sender/Recipient Access Rules Sender/Recipient Address Verification dave
RE: Amavisd-new to qpsmtpd
John Peacock wrote: Max Clark wrote: My preference would be qpsmtpd-postfix - how do I lookup and validate the receipients from mysql using qpsmtpd (using the postfix virtual tables we have a domain table, an alias table, and a mailbox table)? Take a look at the plugins/auth/auth_vpopmail_sql for an example of querying an external database (in that case it is for AUTH purposes, but you can see how to query the database from within qpsmtpd). It should be very straightforward to create a check_postfix plugin which validates all RCPT addresses vs. the postfix tables. Unnecessary, if you use Postfix - qpsmtpd - postfix Don't need to develop anything, it already works. In another way to do it, for my network, I have a single user database in MySQL (for vpopmail, but postfix is very similar). Then I have two MX boxes with no local users installed, and I chose to use finger to query the central database (rather than querying MySQL directly from the remote boxes). I chose finger because it is a very lightweight query and I can specify exactly what I consider a valid address. I'd be happy to send you that code, which just does a SQL query (actually three) using the C interface to MySQL. Just like the postfix address verification feature in Postfix - qpsmtpd - postfix Don't need to develop anything, it already works.
RE: Amavisd-new to qpsmtpd
Max Clark wrote on Tuesday, 29 November 2005 4:29 AM Hi all! Please excuse the long post - I wanted to add some background to explain my position better. A seemingly long time ago I ran qpsmtpd in front of my qmail servers (actually I have a couple still running old 0.10 code out there). For various configuration needs we moved from qmail to postfix, and hence at the time a postfix - amavisd-new - postfix environment. I have a running config that does Postfix - qpsmtpd - postfix And it gives the best of both worlds, since qpsmtpd is run in postfix proxy smtpd mode. Indeed we even reject virus infected emails with a 550 error using this setup. [..] If you want to know more about how to integrate postfix with qpsmtpd in this way, I can dig out my master.cf and main.cf fragments. For you. dave
Re: Amavisd-new to qpsmtpd
David, Wouldn't that get me to the same situation I am trying to avoid where the external postfix process is accepting and queueing more email than the qpsmtpd process can handle? How do you deal with this? Thanks, Max -- Max Clark max [at] clarksys.com http://www.clarksys.com David Beveridge wrote: Max Clark wrote on Tuesday, 29 November 2005 4:29 AM Hi all! Please excuse the long post - I wanted to add some background to explain my position better. A seemingly long time ago I ran qpsmtpd in front of my qmail servers (actually I have a couple still running old 0.10 code out there). For various configuration needs we moved from qmail to postfix, and hence at the time a postfix - amavisd-new - postfix environment. I have a running config that does Postfix - qpsmtpd - postfix And it gives the best of both worlds, since qpsmtpd is run in postfix proxy smtpd mode. Indeed we even reject virus infected emails with a 550 error using this setup. [..] If you want to know more about how to integrate postfix with qpsmtpd in this way, I can dig out my master.cf and main.cf fragments. For you. dave
RE: Amavisd-new to qpsmtpd
No, the external postfix process opens up a real time connection to qpsmtpd. So when you are talking to port 25 (postfix) it is proxying it through to qpsmtpd, Kind of like how http requests are proxied through squid. That is why 550 errors from qpsmtpd end up back at the original sender. dave -Original Message- From: Max Clark [mailto:[EMAIL PROTECTED] Sent: Tuesday, 29 November 2005 8:42 AM To: David Beveridge Cc: Subject: Re: Amavisd-new to qpsmtpd David, Wouldn't that get me to the same situation I am trying to avoid where the external postfix process is accepting and queueing more email than the qpsmtpd process can handle? How do you deal with this? Thanks, Max [...]
RE: Amavisd-new to qpsmtpd
Perhaps if postfix runs out of qpsmtpd children it must have to issue a 450 to the sending MTA. I havn't see it do this though. I'd have to take a closer look at the config. I'll try and dig it out now. dave -Original Message- From: Max Clark [mailto:[EMAIL PROTECTED] Sent: Tuesday, 29 November 2005 8:42 AM To: David Beveridge Cc: qpsmtpd@perl.org Subject: Re: Amavisd-new to qpsmtpd David, Wouldn't that get me to the same situation I am trying to avoid where the external postfix process is accepting and queueing more email than the qpsmtpd process can handle? How do you deal with this? Thanks, Max