in
>
> It'll be faster than mysql, too ;)
No, don't do this. This breaks recipient validation in the same way that
@from_domain@to_domain
in an indexed map does, except it's more complicated.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
ation of an email that's ever sent
or stored.
> (Encoded message size should be about 30% larger than the original,
> so if we want to allow attachments of max size e.g. 30MB, then we
> should set a limit of about 40MB?)
Yes.
--
Magnus Bäck
mag...@dsek.lth.se
.html
http://www.postfix.org/TUNING_README.html
--
Magnus Bäck
mag...@dsek.lth.se
x27;d say your problem is
that qmgr is requiring too much resources (of some kind), or at least
that's what you think is the problem. Let us help you address that
problem and figure out the root cause. This is done by answering our
questions.
Please do not top-post.
--
Magnus Bäck
mag...@dsek.lth.se
ilbox_maps`
return the mailbox path of the user in question?
Please do not top-post.
--
Magnus Bäck
mag...@dsek.lth.se
sign Postfix daemons periodically commit suicide and, when
restarted, have no option but to read the configuration files.
--
Magnus Bäck
mag...@dsek.lth.se
ins should list recipient address
domains, not MX hostnames or similar. Presumably you're only
interested in getting email for u...@example.com, in which case
you should only list example.com.
--
Magnus Bäck
mag...@dsek.lth.se
On Sunday, August 22, 2010 at 17:26 CEST,
Stan Hoeppner wrote:
> Magnus Bäck put forth on 8/22/2010 10:04 AM:
>
> > A regexp match will cause the reject_unknown_helo_hostname
> > restriction to be evaluated. If it indeed results in a
> > rejection the mail will be
er restriction
wants to reject a message from foo.example.com it would still be
rejected.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
uthenticated will fall through to
> > permit_networks.
>
> I tried to do that but i got an 'Relay Access Denied' error message.
Then I guess you weren't authenticated after all, or there is no
permit_sasl_authenticated prior to reject_unauth_destination in
smtpd_recipie
ending the messages but to fewer people. You have
a social problem, not a technical one.
--
Magnus Bäck
mag...@dsek.lth.se
server that serves this list)
> and that would be a bad thing.
No. While you can configure Postfix to always require SASL
authentication, with the configuration above authentication
is only required for relay access which is exactly what you want.
http://www.postfix.org/SASL_README.html#server_sasl
--
Magnus Bäck
mag...@dsek.lth.se
t; 250-ETRN
> 250-AUTH LOGIN PLAIN CRAM-MD5
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
This looks better; this server can authenticate clients via the LOGIN,
PLAIN, and CRAM-MD5 mechanisms. Did you try to authenticate with an SMTP
client?
> server side.
>
> is it bad to have some clients initiate the Starttls ?
Pardon? If it's bad to use TLS via STARTTLS? No.
--
Magnus Bäck
mag...@dsek.lth.se
ector
Don't know if the transport name needs to be followed by a colon,
but that's at least what transport(5) suggests. So:
example.com connector:
[...]
--
Magnus Bäck
mag...@dsek.lth.se
u're after). Never mind client-side SASL for now.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
On Friday, July 30, 2010 at 18:21 CEST,
Jerry wrote:
> On Fri, 30 Jul 2010 17:50:16 +0200
> Magnus Bäck articulated:
>
> > Please post at least full "postconf -n" output, or even better
> > saslfinger output (Google it).
>
> http://ftp.wl0.org/SOURC
_tls = yes
Please post at least full "postconf -n" output, or even better
saslfinger output (Google it).
This thread was started by responding to an old message in another
thread. Don't do that. Start new threads by posting a new message
to the postfix-users address.
--
Magnus Bäck
mag...@dsek.lth.se
On Tuesday, July 13, 2010 at 10:44 CEST,
"Körner, Uwe" wrote:
> Am 13.07.2010 um 10:32 schrieb Magnus Bäck:
>
> > How does messages from the SMS gateway enter your Postfix system? If
> > they can enter via a different SMTP listener (different IP address
> &
dress
and/or port) you can set up an additional cleanup(8) service that uses
other body_checks expressions.
--
Magnus Bäck
mag...@dsek.lth.se
; http://pastebin.de/8224
Why is the production system talking about permit_sasl_authenticated
in the recipient restrictions when there is no mention of it in
smtpd_recipient_restrictions? Are you by any chance setting
smtpd_recipient_restrictions in the production system's master.cf,
overriding what you've got in main.cf?
--
Magnus Bäck
mag...@dsek.lth.se
a for Postfix. Personally, I prefer MySQL so it is not
> something that I would be interested in.
No, a Postfix LDAP schema doesn't make sense. Postfix works with any
reasonably designed schema. LDAP schemas should match the information
model and not the tools used to access the information.
--
Magnus Bäck
mag...@dsek.lth.se
verbose logs unless asked to do so. Postfix
debugging *very* rarely requires verbose logs, so most of the times
they just add noise.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
licited email
>
> Easy fix - we always escape the @ character with a black slash, like
> ret\@, on several servers where we use regular expressions in postfix
> header_checks.
No, this doesn't fix the OP's problem. The @ character is not a regular
expression meta character and does not require escaping.
Please do not top-post.
--
Magnus Bäck
mag...@dsek.lth.se
se do not hack your own autoresponder. Plenty of good people have
already done that job. It's pretty difficult to get right.
--
Magnus Bäck
mag...@dsek.lth.se
lays the message to the host specified in transport_maps as
> accepting mail for that TLD.
No, indexed maps must have a right-hand side but when used with
relay_recipient_maps its contents happens to be ignored.
$ echo foo > table
$ postmap hash:table
postmap: warning: table, line 1: exp
is only limited by memory and the maximum
number of open files.
--
Magnus Bäck
mag...@dsek.lth.se
' 'direct access to smpt host' type of evals
> ?
>
> or is this something I need to in amavisd/spamassasin ?
There is no configuration in Postfix to affect the operation of external
antispam tools. If you want them to treat certain messages differently
you should look into their configuration.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
own users.
> if it's OK, where do I add his IP ? do I add it in mynetworks ?
Yes.
--
Magnus Bäck
mag...@dsek.lth.se
quot; in the subject and it didn't get
> bad header. Can it be his mail-client thats the problem?
> I'm not really sure what Non-encoded 8-bit means.
8-bit characters in headers must be encoded according to RFC2047, which
hasn't been done here.
--
Magnus Bäck
mag...@dsek.lth.se
essage-Id header is already present,
and Postfix always adds its own queue id in a Received header.
What problem are you trying to solve?
--
Magnus Bäck
mag...@dsek.lth.se
0.0.1...
Connected to localhost.
Escape character is '^]'.
220 elwood.jpl.local ESMTP Postfix
POST foo
221 2.7.0 Error: I can break rules, too. Goodbye.
Connection closed by foreign host.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
will does
> not exist. thanks for help
[...]
> Dec 2 00:01:42 relay postfix/virtual[10589]: 445FC7FB2: to=,
> relay=virtual, delay=0.27, delays=0.23/0.01/0/0.03, dsn=5.1.1,
> status=bounced (unknown user: "us...@stnet.it")
Turn of verbose logging and post "postc
ecause this is
Python, right? You still haven't given us any context or background.
Common escape sequences like \n are recognized by Python, so your \n
should be translated to the actual \n character (ASCII 10). Depending
on the context, this may or may not be the right thing to do.
Anyway, please take your question to an appropriate forum.
--
Magnus Bäck
mag...@dsek.lth.se
sing the default delivery agent for that on
> system account? A delivery agent that looks inside /etc/passwd and
> /etc/aliases files?
Until you show us logs we can only guess. Throw in full "postconf -n"
output while you're at it.
--
Magnus Bäck
mag...@dsek.lth.se
a way, to save one mail only one time?
This is a FAQ. You need to disable address rewriting either before or
after the filter. See FILTER_README, keyword receive_override_options.
--
Magnus Bäck
mag...@dsek.lth.se
ox
> bac...@bcc.invalid Maildir/
bac...@bcc.invalid != l...@domain.de@bcc.invalid
You need to make sure the table returns the desired mailbox path for ALL
input strings.
@bcc.invalid Maildir/
--
Magnus Bäck
mag...@dsek.lth.se
ou need to use either
sender_bcc_maps or recipient_bcc_maps and send the messages to a filter
or similar that applies the second domain restriction and only passes
a subset of the messages. If the bcc'd messages are being delivered
locally you should be able to use a delivery agent like procmail to
do
ounced (unknown user:
> "l...@domain.de@bcc.invalid")
How have you configured virtual_mailbox_maps? Apparently the table(s)
listed in that parameter doesn't return a mailbox path when fed with
l...@domain.de@bcc.invalid as input string.
--
Magnus Bäck
mag...@dsek.lth.se
ient_restrictions applies only server to server
> connections.
What's "server to server" supposed to mean? smtpd_recipient_restrictions
is fine here.
--
Magnus Bäck
mag...@dsek.lth.se
CT
No, this is wrong. As per the documentation, partial lookup keys aren't
used with regexp/pcre maps, only the full recipient address.
/@example\.com$/ OK
/./ REJECT
But you could just as well list "reject" in smtpd_xxx_restrictions, after
the check_recipient_access restriction.
--
Magnus Bäck
mag...@dsek.lth.se
On Mon, November 16, 2009 10:58 am, Jaroslaw Grzabel said:
> Is there any way to configure postfix to create separate log file for
> every domain it keeps ?
No. Postfix needs to start logging before it even knows to which domain a
log message pertains.
--
Magnus Bäck
mag...@dsek.lth.se
On Wed, November 11, 2009 7:29 am, Ali Majdzadeh said:
> Is it possible to have both PLAIN and CRAM-MD5 authentication
> mechanisms using SASL?
Yes.
--
Magnus Bäck
mag...@dsek.lth.se
emailaddress 'sen...@myhostname.com' is
> sending email to my postfix and I need to validate him.
What does "validate the sender" mean? Check that the sender address, if
it's one of your own domains, is a valid recipient address? Only allow a
select number of sender addresses? Please be more complete.
You do know that sender addresses are easily spoofed?
[...]
--
Magnus Bäck
mag...@dsek.lth.se
n later. It's still showing up in the HOLD queue with a different
> MSGID.
Stop requeueing the message. The whole point of "postsuper -H" is to
release the message without requeueing it.
Do not top-post. Place your response below the quoted text.
--
Magnus Bäck
mag...@dsek.lth.se
e stored mailbox paths are relative,
put whatever directory they're relative to in virtual_mailbox_base.
--
Magnus Bäck
mag...@dsek.lth.se
of domain), use content_filter.
Per-domain content filtering requires transport table mappings, which
require multiple Postfix instances if Postfix also should take care of
the final delivery (i.e. you have Postfix -> filter -> Postfix).
[...]
--
Magnus Bäck
mag...@dsek.lth.se
ause of race conditions you should be able to use
the same command while Postfix is running.
--
Magnus Bäck
mag...@dsek.lth.se
e bad address to a good
one, then requeue the message.
To rewrite envelope recipient addresses only, use virtual rewriting.
To rewrite header addresses, use canonical rewriting.
--
Magnus Bäck
mag...@dsek.lth.se
old message when you
really wanted to create a new thread. Please post an entirely new
message to postfix-us...@postfix.org.
Please also note that top-posting is frowned upon here. Place your
response BELOW what you're quoting (and trim the quotes accordingly).
--
Magnus Bäck
mag...@dsek.lth.se
To affect only messages submitted by your clients, define
two cleanup(8) services (one with these header checks and one without)
and use separate SMTP listener for your SASL clients (which you might
have already).
http://www.postfix.org/postconf.5.html#cleanup_service_name
--
Magnus Bäck
mag...@dsek.lth.se
I send email with the command "sendmail -v u...@example.com"
> the mail _does_ make it into u...@example.com's maildir using
> virtual(8), but the /root/smsnotif isn't even called (the logfile isn't
> created).
What do the logs say?
Hint: Does the vmail user have access to the /root directory?
--
Magnus Bäck
mag...@dsek.lth.se
n the
Postfix parent_domain_matches_subdomains configuration setting.
Otherwise, specify .domain.tld (note the initial dot)
in order to match subdomains.
--
Magnus Bäck
mag...@dsek.lth.se
xyz.company.com is Google Apps Email
>
> Could you show me an example for Address Rewriting ?
Have you looked at ADDRESS_REWRITING_README? There are several examples
there.
--
Magnus Bäck
mag...@dsek.lth.se
you. See TABLE SEARCH ORDER
and ADDRESS EXTENSION in virtual(5).
--
Magnus Bäck
mag...@dsek.lth.se
ddress
(or add an additional recipient address) in a local domain. Then,
process messages to that address via aliases(5) or a .forward file.
--
Magnus Bäck
mag...@dsek.lth.se
ld be blocked:
>
> .domain1.com REJECT
> .domain2.com REJECT
This syntax requires that smtpd_access_maps IS NOT listed in
parent_domain_matches_subdomains. If you stick to the default
value, drop the initial dot in .example.com to match example.com
and all subdomains.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
r subscribed to the list)
while still having the header recipient address equal to
postfix-us...@postfix.org.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
i change in transport_maps, virtual_aliasing?
Do you want to change the header addresses or just the envelope? In the
former case use canonical rewriting, and in the latter case use virtual
rewriting. See ADDRESS_REWRIIING_README.
You probably don't need to use the transport table, but it depends
y.us probably had a
temporary problem. It works fine now.
$ dig +short mx donotreply.us
10 mailfw3.dd24.net.
10 mailfw2.dd24.net.
If the domain really doesn't exist (i.e. the lookup returns NXDOMAIN)
Postfix will bounce the message immediately.
Please do not top-post.
--
Magnus Bäck
mag...@dsek.lth.se
s_maps IS NOT listed in
parent_domain_matches_subdomains.
cn matches subdomains if and only if smtpd_access_maps IS listed in
parent_domain_matches_subdomains.
--
Magnus Bäck
mag...@dsek.lth.se
mysql you can pass in user, domain, and/or u...@domain but
> what about IP. I don't see that as an option in the man page, so I
> assume the answer is no.
You can use a MySQL lookup table in any place where Postfix uses lookup
tables.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
le of weeks. In short, the above won't work. You need to split each
recipient in two, either using virtual_alias_maps or recipient_bcc_maps.
--
Magnus Bäck
mag...@dsek.lth.se
nder address? Your log snippet doesn't show
how the message enters Postfix in the first place, so it's hard to give
any further advice.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
On Thursday, August 27, 2009 at 16:52 CEST,
gianluca...@interfree.it wrote:
> I would like to restrict some users to send email and some users to
> send mail only to a specific recipient.
http://www.postfix.org/RESTRICTION_CLASS_README.html
--
Magnus Bäck
mag...@dsek.lth.se
ever is necessary to make queries of example.com
and .example.com produce the results you're looking for. Postfix more
or less allows arbitrary queries, so you can store the data
in any way you want and just construct a suitable query.
--
Magnus Bäck
mag...@dsek.lth.se
is the primary. This did not help. What is
> the trick?
The transport table isn't used for recipient address validation. Remove
the wildcard entry. You must list all of the domain's valid addresses in
the virtual mailbox table.
--
Magnus Bäck
mag...@dsek.lth.se
these domains internally.
Postfix can't do that. Use the delivery agent to filter out undesired
messages before they hit the mailbox.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
tely sent to postmaster ; it does not deliver to
> someb...@example.com; this happens only for Bcc.
> fetchmail is used to fetch mail
> fetchmail config is below:
We can't guess what happens -- you must show logs.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
e rule is actived too.
>
> And this isn't a match exactly.
No, so you need to craft a more precise expression. The look of the
Received: header you want to remove is very well-known, so it should
be quite easy to craft a suitable expression.
--
Magnus Bäck
mag...@dsek.lth.se
d that it just doesn't introduce complexity and make the system
more fragile.
--
Magnus Bäck
mag...@dsek.lth.se
neric rewriting to rewrite it back
to example.com.
This is a FAQ, so you will find additional information in the list
archives.
--
Magnus Bäck
mag...@dsek.lth.se
en I try to
> telnet to port 25 from my home machine on a DSL connection or through
> a webmail interface on a different system (tried Me.com and Hotmail),
> I get relay access denied after the RCPT TO command.
Post logs and "postconf -n" output.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
ix -q "karpatik.cn" hash:/etc/mail/access
> REJECT
> ~# postmap -c /etc/postfix -q "mail.karpatik.cn" hash:/etc/mail/access
> ~#
> Why subdomain does not matched?
postmap(1) only does "raw" lookups. It won't do subdomain matches. It
doesn't even k
ecret
query = SELECT member FROM distribution_lists WHERE name = '%s'
Please do not top-post.
--
Magnus Bäck
mag...@dsek.lth.se
On Wednesday, August 05, 2009 at 12:37 CEST,
Yeray Gutiérrez Cedrés wrote:
> On Wed, Aug 5, 2009 at 10:18 AM, Magnus Bäck wrote:
>
> > Yes, but Postfix must know which domains are virtual mailbox
> > domains, i.e. which domains should be passed off to virtual(8).
> &
is severely
affected by high-latency lookups. It's therefore highly preferable to
have mydestination and the xxx_domains parameters list "simple" lookup
tables like hash, btree, cdb, pcre etc that always have a quick response
time.
Please do not top-post.
--
Magnus Bäck
mag...@dsek.lth.se
his domain in relay_domains or does this work
> without it being there?
On the contrary -- a domain listed in virtual_mailbox_domains MUST NOT
be listed in relay_domains.
--
Magnus Bäck
mag...@dsek.lth.se
t; nc 10.1.1.101 2003
Irrelevant (for now at least). The OP's current problem is that Postfix
is not able to connect to its own lmtp(8) service, not that lmtp(8) is
unable to connect to Cyrus.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
> status: 4.3.0 reason: mail transport unavailable
This indicates that there is no lmtp service in master.cf that Postfix
can connect to.
[...]
> This is what I have in master.cf:
> lmtp inet n - n - - lmtp
Where did you get this line from? It shou
$myhostname
No, don't change this. If you want to hide that it's Postfix answering
the door (futile since an SMTP server can easily be identified as
Postfix anyway), just remove that part. Keep "ESMTP".
A general comment is that you restate the default value of
several par
s that all mail
> is 'archived' twice.
Disable address rewriting either before or after the content
filter. Right now recipient_bcc_maps is applied twice. Use
receive_override_options.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
example.com obviously being the domain you're moving. Do not list
the domain in virtual_mailbox_domains, virtual_alias_domains, or
mydestination.
--
Magnus Bäck
mag...@dsek.lth.se
ish to change the
envelope recipient addresses, but in this case you want to change
the routing and leave the message envelope and contents intact.
--
Magnus Bäck
mag...@dsek.lth.se
cot
configuration affects Postfix's behaviour.
http://www.postfix.org/postconf.5.html#smtpd_tls_auth_only
--
Magnus Bäck
mag...@dsek.lth.se
's
someone mixing it up with the more common "return path", so you can
assume they're synonyms.
--
Magnus Bäck
mag...@dsek.lth.se
On Wednesday, July 29, 2009 at 22:38 CEST,
Eduardo Júnior wrote:
> On Wed, Jul 29, 2009 at 5:19 PM, Magnus Bäck wrote:
[...]
> > The receive_override_options setting is enough. Multiple cleanup
> > daemons were necessary before receive_override_options was introduced.
mtp instance already say that?
The receive_override_options setting is enough. Multiple cleanup
daemons were necessary before receive_override_options was introduced.
--
Magnus Bäck
mag...@dsek.lth.se
look Express 6 :
[...]
No such line in this log snippet, so Outlook Express does not
authenticate and thus permit_sasl_authenticated won't have any effect.
Please do not top-post.
--
Magnus Bäck
mag...@dsek.lth.se
y server reject the messages?
--
Magnus Bäck
mag...@dsek.lth.se
roblem if permit_sasl_authenticated is listed before
reject_rbl_client.
> I don't understand why because permit_sasl_authenticated is always the
> second line !!!
How do you know the authentication succeeds? The logs will clearly state
when clients authenticate. Show the logs when a message is rejected
On Monday, July 27, 2009 at 18:05 CEST,
Pablo Yaggi wrote:
> On Monday 27 July 2009 12:46:04 pm Magnus Bäck wrote:
> > On Monday, July 27, 2009 at 16:37 CEST,
> > Pablo Yaggi wrote:
> >
> > > taking a deep look into your example, I notice
> &g
t_pop_before_smtp, reject
--
Magnus Bäck
mag...@dsek.lth.se
gt; reject
So, this permits clients in mynetworks and clients in the
POP-before-SMTP database, and rejects the rest. That wasn't
what you wanted. Follow my example EXACTLY.
Please do not top-post.
--
Magnus Bäck
mag...@dsek.lth.se
/postfix/transport
>
> 2) in /etc/postfix/transport:
> localhost local:
>
> 3) in /etc/postfix/aliases
> test: |/usr/local/bin/test
>
> Then adding a virtual alias from t...@my.domain to t...@localhost
No need for a transport table entry if the domain is lis
alhost.$mydomain
/etc/postfix/aliases:
test: |/usr/local/bin/test
/etc/postfix/virtual_aliases:
t...@example.com t...@localhost
--
Magnus Bäck
mag...@dsek.lth.se
r
smtpd_xxx_restrictions if you want. You probably want to implement a
stricter regexp to avoid collateral damage. Stricter expressions have
been posted here in the past. Finally, this assumes that your Postfix
has PCRE support. If not, replace `pcre' with `regexp'.
--
Magnus Bäck
mag...@dsek.lth.se
On Monday, July 27, 2009 at 00:49 CEST,
Pablo Yaggi wrote:
> On Sunday 26 July 2009 07:19:39 pm Magnus Bäck wrote:
>
> > I suggest you use SASL instead of POP-before-SMTP and use the
> > smtpd_sender_login_maps feature.
>
> But I'm running a mass vir
sbl_sender sbl-xbl.spamhaus.org,
> reject_rhsbl_sender bl.spamcop.net,
> reject_rhsbl_sender list.dsbl.org,
> permit_auth_destination,
> reject
The two last ones serve no purpose.
--
Magnus Bäck
mag...@dsek.lth.se
part? Anything non empty
> means the user is local? The user ID? Something else?
Any non-empty string will do.
--
Magnus Bäck
mag...@dsek.lth.se
l that maps to some person that's
appointed responsible for the list.
all: ramesh, john
owner-all: postmaster
Or, use a virtual alias instead of a local alias.
Please do not top-post.
--
Magnus Bäck
mag...@dsek.lth.se
1 - 100 of 291 matches
Mail list logo
