Deciding transports based on milter headers

Hi all, Some info before starting: a. There are two postfix instances on two different boxes. One (named Postfix-INT) has only 1 IP and the other (named Postfix-EXT) has 5 ips (to divide traffic among them by defining separate smtp services). All of the below stuff happens at postfix-INT. b For

Re: Deciding transports based on milter headers

Abhijeet Rastogi: > Hi all, > > Some info before starting: > > a. There are two postfix instances on two different boxes. One (named > Postfix-INT) has only 1 IP and the other (named Postfix-EXT) has 5 ips (to > divide traffic among them by defining separate smtp services). Please describe the p

Re: Deciding transports based on milter headers

Thanks for replying. Please see my answers inline. On Mon, Aug 19, 2013 at 4:21 PM, Wietse Venema wrote: > Abhijeet Rastogi: > > Hi all, > > > > Some info before starting: > > > > a. There are two postfix instances on two different boxes. One (named > > Postfix-INT) has only 1 IP and the other (

Re: Deciding transports based on milter headers

Also, I can't bind all IPs on the same box as I'm short of IPs in the location where Postfix-INT is located. The ip5 is located on Postfix-INT and not Postfix-EXT, rest are on Postfix-EXT. The above table also has an exception than if they're are internal mails, meaning mails from A1.com to A1.com

Re: how to see my_networks check in peer_debug, level 2 or greater?

>On Fri, Aug 16, 2013 at 04:22:50PM -0500, lcon...@go2france.com wrote: >> postconf mail_version >> mail_version = 2.3.3 >> >> >> uname -a >> Linux . 2.6.18-128.2.1.el5 #1 SMP Wed Jul 8 11:54:47 EDT 2009 >> x86_64 x86_64 x86_64 GNU/Linux >> >> got an "access denied" for an IP that is in a

upgrade to 2.10.1: pass_accept_attr: cannot receive connection attributes: Numerical result out of range

Hi, We are upgrading our postfix instances from 2.9.6 to 2.10.1. On our moderately busy (800 connections/minute) incoming mailservers I noticed that postscreen did not pass connections through to smtpd- instances for some 90 seconds. Here's the semi-automated stop and start: Aug 19 12:31:46 hos

Logging in- and outgoing TLS

Hi everybody! I need a push in the right direction. I want to record the usage and not-usage of TLS on in- and outbound SMTP Sessions. I succeeded on incoming messages, but failed for outgoing. For inbound mails, I have the following lines in master.cf: smtp inet n - - -

Re: upgrade to 2.10.1: pass_accept_attr: cannot receive connection attributes: Numerical result out of range

On Mon, Aug 19, 2013 at 01:28:45PM +0200, Leo Baltus wrote: > We are upgrading our postfix instances from 2.9.6 to 2.10.1. Have you considered reading the release notes (for Postfix 2.10)? Major changes - load-balancer support - [Incompat 20120625

Re: Logging in- and outgoing TLS

On Mon, Aug 19, 2013 at 02:01:41PM +0200, Sig Pam wrote: > I want to record the usage and not-usage of TLS on in- and outbound SMTP > Sessions. I succeeded on incoming messages, but failed for outgoing. The correct solution is to parse the logs. A log parser can re-assemble the full state of a m

Re: Deciding transports based on milter headers

Abhijeet Rastogi: > DomainPure_Traffic Suspect_Traffic > A1.com ip1ip5 > A2.com ip2ip5 > A3.com ip3ip5 > A4.com ip4ip5 In that case, use sender_dependent_default_transpor

AW: Logging in- and outgoing TLS

Thank you, Victor. I already found the script, so I'll look at this. Sig. -Ursprüngliche Nachricht- Von: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] Im Auftrag von Viktor Dukhovni On Mon, Aug 19, 2013 at 02:01:41PM +0200, Sig Pam wrote: > I want to recor

Re: how to see my_networks check in peer_debug, level 2 or greater?

Len Conrad: > smtpd_recipient_restrictions = > check_client_access hash:/etc/postfix/mta_clients_black.map, > check_client_access hash:/etc/postfix/webmail_client.class, > check_helo_access pcre:/etc/postfix/4tuple_main_unfiltered.pcre, > reject_unauth_pipelining, > reject_unknown_sender_domai

Re: Logging in- and outgoing TLS

On Mon, Aug 19, 2013 at 02:29:28PM +0200, Sig Pam wrote: > Thank you, Victor. > > I already found the script, so I'll look at this. http://www.mail-archive.com/postfix-devel@postfix.org/msg00292.html I forgot I posted it to postfix-devel, not postfix-users. The missing feature is saving state

AW: Logging in- and outgoing TLS

Again, thanks. I'll see through the code. Cheers, Sig. -Ursprüngliche Nachricht- Von: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] Im Auftrag von Viktor Dukhovni Gesendet: Montag, 19. August 2013 14:36 An: postfix-users@postfix.org Betreff: Re: Logging in-

Re: Deciding transports based on milter headers

Hi Weitsie, Shortly after I sent my first reply, I also replied with: Also, I can't bind all IPs on the same box as I'm short of IPs in the location where Postfix-INT is located. The ip5 is located on Postfix-INT and not Postfix-EXT. The above table also has an exception that if they're are inter

Re: Deciding transports based on milter headers

Abhijeet Rastogi: > Hi Weitsie, > > Shortly after I sent my first reply, I also replied with: > > Also, I can't bind all IPs on the same box as I'm short of IPs in the > location where Postfix-INT is located. The ip5 is located on > Postfix-INT and not Postfix-EXT. The above table also has an exc

Re: upgrade to 2.10.1: pass_accept_attr: cannot receive connection attributes: Numerical result out of range

Op 19/08/2013 om 12:12:49 +, schreef Viktor Dukhovni: > On Mon, Aug 19, 2013 at 01:28:45PM +0200, Leo Baltus wrote: > > > We are upgrading our postfix instances from 2.9.6 to 2.10.1. > > Have you considered reading the release notes (for Postfix 2.10)? > Well, I did. I didn't think it would

Re: upgrade to 2.10.1: pass_accept_attr: cannot receive connection attributes: Numerical result out of range

Leo Baltus: > However, I did notice that postfix exec()'s new processes using the > path to the binaries it got from > 'PATH=symlink_to_postfix/sbin postfix start' > instead of compile-time arguments DEF_COMMAND_DIR DEF_DAEMON_DIR etc. The Postfix master(8) daemon executes programs with

Postfix smarthost with authentication

Hi! I’ve currently a Exim doing smarthost work, but I want to migrate to Postfix, but I’ve some configuration problems. My Exim authenticate with my ISP mail server using a username and a password. The username is always the sender email address, and the password is always the same for all user

$daemon_directory [Re: upgrade to 2.10.1: pass_accept_attr: cannot receive connection attributes: Numerical result out of range

Op 19/08/2013 om 10:14:40 -0400, schreef Wietse Venema: > Leo Baltus: > > However, I did notice that postfix exec()'s new processes using the > > path to the binaries it got from > > 'PATH=symlink_to_postfix/sbin postfix start' > > instead of compile-time arguments DEF_COMMAND_DIR DEF_DAE

Re: Deciding transports based on milter headers

On Mon, Aug 19, 2013 at 04:42:36PM +0530, Abhijeet Rastogi wrote: > On Mon, Aug 19, 2013 at 4:21 PM, Wietse Venema > wrote: > > Abhijeet Rastogi: > > > a. There are two postfix instances on two different boxes. > > > One (named Postfix-INT) has only 1 IP and the other (named > > > Postfix-EXT) ha

Re: ldap-attribute-based routing question

On Aug 15, 2013, at 9:54 AM, Jonathan Engbrecht wrote: > Yes, I have the ability to make the required changes to our ldap. ok, so pick and open attribute and fill in either the IP or FQDN then edit your master.cf and your ldap_transport. point your transport lookup to the LDAP server with t

Re: ldap-attribute-based routing question

Im sorry, I went back and read your original post I thought this was too simple. On Aug 14, 2013, at 11:29 AM, Jonathan Engbrecht wrote: > …..snip > The attribute is not itself the name of the next transport. thats a problem. postfix will need a legit ip or hostname. you would have to do some

Issue with a customer running Symantec Messaging Gateway: .dat attachments

Greetings, I run a mail server for my company with Ubuntu 10.04 LTS and postfix 2.7.0-1ubuntu0.2 and all my users use Thunderbird ESR. We have a customer running Symantec Messaging Gateway and it converts attachments of our messages with *special chars* to "randombogusfilename.dat" (_not_ win

Re: $daemon_directory [Re: upgrade to 2.10.1: pass_accept_attr: cannot receive connection attributes: Numerical result out of range

Leo Baltus: > > > However, I did notice that postfix exec()'s new processes using the > > > path to the binaries it got from > > > 'PATH=symlink_to_postfix/sbin postfix start' > > > instead of compile-time arguments DEF_COMMAND_DIR DEF_DAEMON_DIR etc. > > > > The Postfix master(8) daemon

Re: Postfix smarthost with authentication

Tom?s Crespo: > Now, I getting this with Exim with these lines: > > cram_md5: > driver = cram_md5 > public_name = CRAM-MD5 > client_name = $sender_address > client_secret = samepasswordforeveryone > > I?ve read about sender_dependent_relayhost_maps in Postfix, but I don?t want > to manage

Postfix group lookup against Samba4 AD

Hello, I am trying to setup a postfix mailserver using a Samba4 AD server as the LDAP source and I am struggling with groups. I have created an OU called domains and then created a mailgroup called example.com in this OU, I then added added a mail attribute mailgr...@example.com to the group

OT: amavisd-new-milter rpm

Has anyone seen a recent (>= 1.5.0) RHEL 6 RPM for amavisd-new-milter or a src.rpm to work/build from? p@rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter

Re: Postfix smarthost with authentication

One correction below: > Tom?s Crespo: > > Now, I getting this with Exim with these lines: > > > > cram_md5: > > driver = cram_md5 > > public_name = CRAM-MD5 > > client_name = $sender_address > > client_secret = samepasswordforeveryone > > > > I?ve read about sender_dependent_relayhost_ma

Re: OT: amavisd-new-milter rpm

On 08/19/2013 07:29 PM, Patrick Ben Koetter wrote: Has anyone seen a recent (>= 1.5.0) RHEL 6 RPM for amavisd-new-milter or a src.rpm to work/build from? EPEL has amavisd-new 2.8.0: http://koji.fedoraproject.org/koji/buildinfo?buildID=397472 Regards, Patrick

Re: OT: amavisd-new-milter rpm

On 08/19/2013 08:07 PM, Patrick Lists wrote: On 08/19/2013 07:29 PM, Patrick Ben Koetter wrote: Has anyone seen a recent (>= 1.5.0) RHEL 6 RPM for amavisd-new-milter or a src.rpm to work/build from? EPEL has amavisd-new 2.8.0: http://koji.fedoraproject.org/koji/buildinfo?buildID=397472 Saw t

Re: Postfix group lookup against Samba4 AD

On Mon, Aug 19, 2013 at 06:25:24PM +0100, Rowland Penny wrote: > query_filter= (&(objectclass=group)(mail=%s)) > leaf_result_attribute = otherMailbox > special_result_attribute = member > I have added a couple of otherMailbox attributes to a user called > fred, one is f...@example.com, the ot

Re: Postfix group lookup against Samba4 AD

On 19/08/13 19:28, Viktor Dukhovni wrote: On Mon, Aug 19, 2013 at 06:25:24PM +0100, Rowland Penny wrote: query_filter= (&(objectclass=group)(mail=%s)) leaf_result_attribute = otherMailbox special_result_attribute = member I have added a couple of otherMailbox attributes to a user called fre

Re: Postfix group lookup against Samba4 AD

On Mon, Aug 19, 2013 at 07:51:50PM +0100, Rowland Penny wrote: > On 19/08/13 19:28, Viktor Dukhovni wrote: > > >On Mon, Aug 19, 2013 at 06:25:24PM +0100, Rowland Penny wrote: > > > >>query_filter= (&(objectclass=group)(mail=%s)) > >>leaf_result_attribute = otherMailbox > >>special_result_attri

Re: OT: amavisd-new-milter rpm

* Patrick Lists : > On 08/19/2013 08:07 PM, Patrick Lists wrote: > >On 08/19/2013 07:29 PM, Patrick Ben Koetter wrote: > >>Has anyone seen a recent (>= 1.5.0) RHEL 6 RPM for amavisd-new-milter > >>or a > >>src.rpm to work/build from? > > > >EPEL has amavisd-new 2.8.0: > >http://koji.fedoraproject.o

Re: Postfix group lookup against Samba4 AD

On 19/08/13 20:11, Viktor Dukhovni wrote: On Mon, Aug 19, 2013 at 07:51:50PM +0100, Rowland Penny wrote: On 19/08/13 19:28, Viktor Dukhovni wrote: On Mon, Aug 19, 2013 at 06:25:24PM +0100, Rowland Penny wrote: query_filter= (&(objectclass=group)(mail=%s)) leaf_result_attribute = otherMa

Re: Postfix group lookup against Samba4 AD

On Mon, Aug 19, 2013 at 10:08:18PM +0100, Rowland Penny wrote: > >There is no such thing as "the relevant email addresses", all > >addresses selected by the filter and result attributes are equally > >relevant. > > When I said "the relevant email addresses", I meant, get from the > group members

Re: Postfix group lookup against Samba4 AD

On 19/08/13 22:14, Viktor Dukhovni wrote: On Mon, Aug 19, 2013 at 10:08:18PM +0100, Rowland Penny wrote: There is no such thing as "the relevant email addresses", all addresses selected by the filter and result attributes are equally relevant. When I said "the relevant email addresses", I mean

Re: Issue with a customer running Symantec Messaging Gateway: .dat attachments

On 08/19/2013 06:24 PM, Marcio Merlone wrote: Greetings, I run a mail server for my company with Ubuntu 10.04 LTS and postfix 2.7.0-1ubuntu0.2 and all my users use Thunderbird ESR. We have a customer running Symantec Messaging Gateway and it converts attachments of our messages with *special

Re: Postfix group lookup against Samba4 AD

On Mon, Aug 19, 2013 at 10:32:27PM +0100, Rowland Penny wrote: > >If you want to return > >a particular single address for each user, you need to select a > >result attribute that contains *only* that address. > > That is what I was trying to do, do a search of a group, get its > members and retu

Re: greylisting generates error email?

On 16 Aug 2013, at 07:13 , Grant wrote: Use a dns white list with a negative score in the postscreen_dnsbl_sites, and set a negative value for postscreen_dnsbl_whitelist_threshold. Simple example: # main.cf postscreen_dnsbl_sites = zen.spamhaus.org list.dnswl.org*-1 >>>

postfix content_filter source address

Hello, I have recently done a deployment of Postfix 2.10. It seems that the behaviour of postfix has changed slightly in the way that it handles the content_filter variables in the configuration file. We are using content_filter to pass through the emails to Sophos PureMessage for UNIX like so.

Re: greylisting generates error email?

> zen is, for all practical purposes, perfect. You will not get false positives > as everyone in zen is either a confirmed spammer or in the PBL (policy block > list). That is to say, no one in zen should be connecting to your mailserver > to send mail, ever. > > >