Re: Bad command startup on DNS lookup error for auth socket

2022-09-19 Thread Stefan Foerster
* Matus UHLAR - fantomas : On 18.09.22 14:00, Stefan Foerster wrote: [...] postfix/submission/smtpd[156]: warning: SASL: Connect to Dovecot auth socket 'inet:dovecot:12345' failed: Address not available this looks like "dovecot" host is not resolvable. Yes, that's exactly wh

Re: Bad command startup on DNS lookup error for auth socket

2022-09-19 Thread Stefan Foerster
* Wietse Venema : postfix/submission/smtpd[156]: fatal: no SASL authentication mechanisms The server needs to announce the SASL mechanisms in the EHLO response. If it cannot reply to EHLO, then I don't see what good it does if we make this a non-fatal error. Ah, right. I hadn't remembered

Bad command startup on DNS lookup error for auth socket

2022-09-18 Thread Stefan Foerster
Hello world, in a containerized setup I noticed a bad command startup if the AUTH socket is not available (i.e. the container is down): $ postconf smtpd_sasl_path smtpd_sasl_path = inet:dovecot:12345 #v+ postfix/submission/smtpd[156]: connect from client.example.com[:xxx:xx:::3]

Re: attempt to open lmdb:postscreen_cache with both "open" lock and "access" lock

2022-03-21 Thread Stefan Foerster
* Wietse Venema : Stefan Foerster: Mar 17 13:24:40 servername postfix/proxymap[166]: panic: dict_open: attempt to open lmdb:/var/lib/postfix/postscreen_cache with both "open" lock and "access" lock ... postscreen_cache_map = proxy:lmdb:$data_directory/postscreen

Re: attempt to open lmdb:postscreen_cache with both "open" lock and "access" lock

2022-03-17 Thread Stefan Foerster
Hello Wietse, * Wietse Venema : Stefan F?rster: Mar 17 13:24:40 servername postfix/proxymap[166]: panic: dict_open: attempt to open lmdb:/var/lib/postfix/postscreen_cache with both "open" lock and "access" lock Please do not open the postscreen cache through the proxymap daemon. It cannot

Re: Input requested: append_dot_mydomain default change

2014-09-24 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: - Some distributions already ship with append_dot_mydomain = no. This is an opportunity to eliminate the inconsistency. This will probably break mail setups that used to rely on unqualified names in a way that's hard to diagnose, especially if there is a

Re: do *NOT* send the GTUBE in mails

2014-09-21 Thread Stefan Foerster
* li...@rhsoft.net li...@rhsoft.net: http://marc.info/?l=postfix-usersm=141128851606167w=2 what do people imagine happens if they send the GTUB per mail? it will be rejcted and may lead up in accout suspend for the innocent RCPT - don#t do that, call it by name - period You could define a

Re: Correct cert handling when hosting multiple domains?

2014-09-09 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Viktor Dukhovni: Which works just fine with a single certificate, because TLS in SMTP in generally unauthenticated. If all the various domains share the same MX hostnames, many implementations that log speculative authentication results (no actual

Using Postfix for teaching

2014-07-15 Thread Stefan Foerster
Hello world, every summer, I'm volunteering to give a programming class at a local university. The goal is to teach CS students about real world code, i.e. making them aware of things like resource managament (prevent runaway fork(2) calls) under heavy load or the need for good documentation.

Opportunistic TLS vs. plain

2014-06-21 Thread Stefan Foerster
Hello world, our current situation is as follows: 1. Public MX, very low incoming volume, smtpd_tls_security_level = may 2. Senders aren't known beforehand, i.e. no previous business relationship. 3. Senders' IT usually doesn't support DANE. 4. Incoming mail is considered highly(!) valuable to

Re: Opportunistic TLS vs. plain

2014-06-21 Thread Stefan Foerster
* li...@rhsoft.net li...@rhsoft.net: Am 21.06.2014 13:11, schrieb Stefan Foerster: Could someone share experience with or point me to some kind of best practices regarding opportunistic TLS, or explain the reasoning for banning weak ciphers/protocols on a public MX? (again, not talking

Re: lost connection with ]server] while receiving the initial server greeting

2014-05-04 Thread Stefan Foerster
nk11p00mm-mx006.me.com.smtp: Flags [S], seq 3314275386, win 1400, options [mss 1460,nop,wscale 6,sackOK,TS val 170874802 ecr 0], length 0 E...e@.@..r.d.:...x... [...] I then did a capture of a telnet session to the same server on port 25: reading from file

Re: Multiple outgoing smtp servers

2013-11-08 Thread Stefan Foerster
* Viktor Dukhovni postfix-us...@dukhovni.org: On Thu, Nov 07, 2013 at 08:58:47PM -0600, Stan Hoeppner wrote: This would require too much complex code for what is a simple Postfix operation. Your example is poor man's round robin. That's the best Postfix can do without serious code

Re: email address (u...@domain.tld) as username?

2013-10-02 Thread Stefan Foerster
* Viktor Dukhovni postfix-us...@dukhovni.org: On Sat, Sep 28, 2013 at 12:47:22PM +0200, Peer Heinlein wrote: Use dovecot with a simple passwd-file-setup in /etc/dovecot/userdb and a simple relay-domains setup in Postfix and you'll be ready after half an hour. Generally, with dovecot

Re: duplicate email issue with list

2013-09-26 Thread Stefan Foerster
* Quanah Gibson-Mount qua...@zimbra.com: One of our customers has an interesting setup where they did the following: a) Created 50 users b) Added a secondary address for the 50 users to an external server with 50 users (So any email sent to user@server also gets copied to user@server2).

Re: Verification of DANE TLSA MX equivalent RRs

2013-09-20 Thread Stefan Foerster
* Viktor Dukhovni postfix-us...@dukhovni.org: On Thu, Sep 19, 2013 at 10:44:27AM +0200, Stefan Foerster wrote: * Viktor Dukhovni postfix-us...@dukhovni.org: You should be looking at the SMTP draft, not the OPS draft. [...] Would that be draft-ietf-dane-smtp-01? Because this one, too

Re: Verification of DANE TLSA MX equivalent RRs

2013-09-20 Thread Stefan Foerster
* Viktor Dukhovni postfix-us...@dukhovni.org: On Fri, Sep 20, 2013 at 11:47:35AM +0200, Stefan Foerster wrote: - make sure the submission server at mail.example.com has certificates for mail.example.com as well as example.com, with example.com being the certificate that's displayed when

Re: Verification of DANE TLSA MX equivalent RRs

2013-09-19 Thread Stefan Foerster
* Viktor Dukhovni postfix-us...@dukhovni.org: On Wed, Sep 18, 2013 at 03:27:14PM +0200, Stefan Foerster wrote: And while we are at it, one more question, slightly unrelated: draft-dukhovni-dane-ops-01 does not mention MSAs. Is it commonly expected that user agents will not support TLSA RRs

Verification of DANE TLSA MX equivalent RRs

2013-09-18 Thread Stefan Foerster
Hello world, I'm not sure it this is the right place to ask, so if it's not, feel free to tell me. I configured DANE TLSA RRs for incertum.net, port 25 a few days ago, but until now, the only test I could perform was bootstrapping a recent Postfix snapshot and the latest OpenSSL and send myself

Re: Verification of DANE TLSA MX equivalent RRs

2013-09-18 Thread Stefan Foerster
* Viktor Dukhovni postfix-us...@dukhovni.org: I ran posttls-finger from my laptop, and got: [...] So you're all set. Thanks for taking the time to do this, I appreciate it. I noticed that posttls-finger is not part of any upstream source I could find, leading me to github - is that

Re: Relaying email to exchange

2013-02-14 Thread Stefan Foerster
* Kevin Blackwell akblack...@gmail.com: I have 2 mx records. The primary is Exchanges edge server that has it's own internal spam filtering. The secondary is poxtfix server relaying mail to the edge server as a backup mx record. Are you saying the postfix server should be behind the Exchange

Re: Large hash access lists - performance impact?

2013-02-12 Thread Stefan Foerster
Hello Noel, * Noel Jones njo...@megan.vbhcs.org: On 2/10/2013 4:37 AM, Stefan Foerster wrote: does anyone have experience with very large (about 2k entries) hash tables? Hash tables scale very well to hundreds of thousands of entries; 2k entries on an Atom processor with 1G ram won't

Large hash access lists - performance impact?

2013-02-10 Thread Stefan Foerster
Hello world, does anyone have experience with very large (about 2k entries) hash tables? I'll have to implement a check_recipient_access rule within smtpd_recipient_restrictions - it will be only temporary, three days at most, but I'm still worried about the possible performance impact. OS

Greylisting and lost messages - in 2012 (was: tlsproxy appears to be greylisting - is this normal behaviour?)

2012-09-19 Thread Stefan Foerster
* Chris Horry zer...@wibble.co.uk: On 9/18/2012 16:36, Ralf Hildebrandt wrote: [postscreen after-220 tests] Those tests are useful, nonetheless :) Definitely, my only problem is that I've seen greylisting cause legitimate (admittedly due to poorly configured mail servers) mail to get lost.

Re: Bulk Mailing Performance

2012-09-02 Thread Stefan Foerster
* Sam Jones sam_jone...@btinternet.com: I guess what I'm querying in a way is some of the sales blurb from people like PowerMTA GreenArrow and the remarks they make about open source solutions like Postfix etc. This one in particular: Open source Mail Transfer Agents (MTAs) often max out

Continued support for postcat/postqueue?

2012-03-27 Thread Stefan Foerster
Hello world, we are currently in the process of writing some internal documentation for our Postfix mail servers (currently 2.8.9, soon to be 2.9.1). We would like to include a few hints on debugging, and aside from logs and other stuff (like DEBUG_README), we'd mention postcat and postqueue

could not find any active network interfaces (no IPv6)

2012-01-20 Thread Stefan Foerster
While testing something completely different, I noticed that a newly installed test machine didn't send any mail: Jan 20 11:45:27 vhrstest postfix/pickup[9992]: fatal: could not find any active network interfaces Jan 20 11:45:27 vhrstest postfix/master[12458]: warning: process

Re: could not find any active network interfaces (no IPv6)

2012-01-20 Thread Stefan Foerster
* Stefan Foerster cite+postfix-us...@incertum.net: While testing something completely different, I noticed that a newly installed test machine didn't send any mail: Jan 20 11:45:27 vhrstest postfix/pickup[9992]: fatal: could not find any active network interfaces Jan 20 11:45:27 vhrstest

Re: return mails received when receiving server implements delay

2011-06-25 Thread Stefan Foerster
* Eric Smith e...@fruitcom.com: Here are the logs when mailing the postfix list server; Jun 23 13:30:20 pepper postfix/qmgr[1447]: 500C1290144: from=majordomo-ow...@cloud9.net, size=10278, nrcpt=1 (queue active) Jun 23 13:30:20 pepper postfix/local[4655]: 500C1290144: to=e...@fruitcom.com,

Re: Postfix TCP connection fails

2011-06-19 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: We have een reports on this mailing list that some routers or firewalls mis-handle TCP features such as window scaling and ECN. Of course it is possible that the problem is not with your nearest router, but elsewhere in the network. Any workaround?

Re: Ubuntu/Debian Postfix 2.8.x repository

2011-02-07 Thread Stefan Foerster
* Mark Alan va...@e-healthexpert.org: On Sun, 6 Feb 2011 22:22:52 +0100, Patrick Ben Koetter p...@state-of-mind.de wrote: If there are significant differences that are not Debian related Stefan certainly has had reasons to add them. That's certainly a way to view things and I respect

Re: Ubuntu/Debian Postfix 2.8.x repository

2011-02-07 Thread Stefan Foerster
* Robert Schetterer rob...@schetterer.org: whatever, i use this debs they are up and running, in ubuntu lucid You should not use these packages on Ubuntu - they lack some of the necessary triggers like e.g. ufw. Cheers Stefan

Re: Ubuntu/Debian Postfix 2.8.x repository [SOLVED]

2011-02-07 Thread Stefan Foerster
* Mark Alan va...@e-healthexpert.org: On Mon, 7 Feb 2011 17:49:38 +0100, Stefan Foerster Apparently you did so just to cope with the novice user that does not know how to use MySQL with Postfix chrooted services. Believe me, nothing is more annyoing than seeing other people suffering from

Re: Default eecdh support in 2.9?

2011-01-16 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Victor Duchovni: I've been running with smtpd_tls_eecdh_grade = strong with Postfix 2.7 for a while now. No problems to report. Approximately 24,000 EECDH sessions a week. Of these approximately 75% use AECDH-AES256-SHA, and ~25% use

Re: smtpd_sender_login_maps, recipient_delimiter

2010-07-19 Thread Stefan Foerster
* Victor Duchovni victor.ducho...@morganstanley.com: On Sun, Jul 18, 2010 at 12:14:17PM +0200, Stefan Foerster wrote: Given: A dedicated Postfix instance, configured to accept mails from SASL authenticated users. It seems that unlike access(5) maps, the lookup for smtpd_sender_login_maps

smtpd_sender_login_maps, recipient_delimiter

2010-07-18 Thread Stefan Foerster
Given: A dedicated Postfix instance, configured to accept mails from SASL authenticated users. It seems that unlike access(5) maps, the lookup for smtpd_sender_login_maps for addresses which contain $recipient_delimiter is not tried at all without the extension: # postmulti -i postfix-sasl -x

Re: smtpd_sender_login_maps, recipient_delimiter

2010-07-18 Thread Stefan Foerster
* Stefan Foerster cite+postfix-us...@incertum.net: # postmulti -i postfix-sasl -x postconf recipient_delimiter smtpd_sender_login_maps recipient_delimiter = + smtpd_sender_login_maps = proxy:pgsql:${maps_dir}/sasl-maps.pgsql Damn. While editing, I accidentally deleted the .restricted

Re: Priority Management in postfix

2010-06-30 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Avinash Pawar // Viva: I want to give priority to each outbound email and as per priority email will be sent. There is no priority support in Postfix. Postfix uses a shared queue by design. Instead of making Postfix more complex, you could use

Re: address verification, smtpd_mumble_error_limit, smtpd_client_event_limit_exceptions

2010-06-21 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Stefan Foerster: What happens after gate has tried to validate more than $smtpd_soft_error_limit invalid recipients? Will it be slowed down? Is it possible to exclude gate from that artificial slowdown on hub using smtpd_client_event_limit_exceptions

Re: address verification, smtpd_mumble_error_limit, smtpd_client_event_limit_exceptions

2010-06-21 Thread Stefan Foerster
* Stefan Foerster cite+postfix-us...@incertum.net: It would still be nice to know whether smtpd_client_event_limit_exceptions will prevent the additional delays. NVM. This code in smtpd_chat.c, within smtpd_chat_reply, is executed without making any reference

Re: address verification, smtpd_mumble_error_limit, smtpd_client_event_limit_exceptions

2010-06-21 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Stefan Foerster: * Wietse Venema wie...@porcupine.org: Tarpit delays by the hub will slow down the dictionary attack. Is that a problem? It can delay legitimate mail with yet unverified recipients, but that's pretty much what one would suspect

proxymap(8), number of connections, detecting altered tables

2010-06-20 Thread Stefan Foerster
Two questions regarding proxymap: 1. Is a single proxymap(8) process able to handle multiple lookup tables? I.e., taking the example from the manpage, modifying it to mysql = proxy:mysql:/etc/postfix/ virtual_alias_maps =${mysql}virtual_alias_maps.cf virtual_alias_domains =

proxymap(8), number of connections, detecting altered tables

2010-06-20 Thread Stefan Foerster
Two questions regarding proxymap: 1. Is a single proxymap(8) process able to handle multiple lookup tables? I.e., taking the example from the manpage, modifying it to mysql = proxy:mysql:/etc/postfix/ virtual_alias_maps =${mysql}virtual_alias_maps.cf virtual_alias_domains =

Re: proxymap(8), number of connections, detecting altered tables

2010-06-20 Thread Stefan Foerster
* Stan Hoeppner s...@hardwarefreak.com: Stefan Foerster put forth on 6/20/2010 5:16 AM: and furthermore assuming a limit of 40 proxymap(8) processes defined in master.cf, will this result in 40 or 80 connections to the database? I have no idea on this one. The whole point of proxymap

Re: proxymap(8), number of connections, detecting altered tables

2010-06-20 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Stefan Foerster: Two questions regarding proxymap: 1. Is a single proxymap(8) process able to handle multiple lookup tables? I.e., taking the example from the manpage, modifying it to mysql = proxy:mysql:/etc/postfix/ virtual_alias_maps

address verification, smtpd_mumble_error_limit, smtpd_client_event_limit_exceptions

2010-06-20 Thread Stefan Foerster
This is - again - not a problem report but a mere theoretical question. Given two Postfix servers, one (called gate) accepting connections from the internet, with example.com in $relay_domains and address verification enabled forwarding mails for verified recipients to the second server (called

Re: dealing with Yahoo slowness

2010-06-19 Thread Stefan Foerster
* Florin Andrei flo...@andrei.myip.org: Looking at the Postfix queue graphs in Munin, one thing I noticed is that when the scheduled emails go out (it's not a continuous trickle, it's in batches, that's just how the software works), a fraction, maybe 25%, go into the active queue right away,

authorized_submit_users, system password file

2010-06-19 Thread Stefan Foerster
The documentation for authorized_submit_users states: ,[ postconf(5) ] | Otherwise, the real UID of the process is looked up in the system | password file, and access is granted only if the corresponding login | name is on the access list. ` Does that literally refer to the password

Re: postcat, multi-instance setup

2010-06-19 Thread Stefan Foerster
* Victor Duchovni victor.ducho...@morganstanley.com: On Thu, Jun 10, 2010 at 06:28:15AM +0200, Stefan Foerster wrote: $ postmulti -i postfix-out -x mailq This is correct. -Queue ID- --Size-- Arrival Time -Sender/Recipient--- 1BCBD1DF86 2622 Mon Jun 7 03:02:34

postcat, multi-instance setup

2010-06-09 Thread Stefan Foerster
I'm most likely doing it wrong: $ postmulti -i postfix-out -x mailq -Queue ID- --Size-- Arrival Time -Sender/Recipient--- 1BCBD1DF86 2622 Mon Jun 7 03:02:34 boskop-svn-bounces+trac=trac.incertum@lists.incertum.net (connect to trac.incertum.net[85.214.20.182]:25:

Re: postcat, multi-instance setup

2010-06-09 Thread Stefan Foerster
* Stefan Foerster cite+postfix-us...@incertum.net: I'm most likely doing it wrong: $ postmulti -i postfix-out -x mailq -Queue ID- --Size-- Arrival Time -Sender/Recipient--- 1BCBD1DF86 2622 Mon Jun 7 03:02:34 boskop-svn-bounces+trac=trac.incertum@lists.incertum.net

Re: looking for an SMTP testing tool

2010-05-18 Thread Stefan Foerster
* Phil Howard ttip...@gmail.com: I'm looking for an SMTP testing tool I can use to do tests of configuration changes to Postfix. To do the proper tests I need to carry out the actual SMTP protocol from this program (as opposed to just putting mail in the queue), with TLS, STARTTLS, and

defer: removed spurious QUEUEID log

2010-04-15 Thread Stefan Foerster
This morning, I got a warning in my logs that I have never seen before: postfix-hub/cleanup[27115]: warning: defer: removed spurious 1E0DE10003 log It was followed by what seemed the normal delivery of a single mail: postfix-hub/smtpd[27112]: 1E0DE10003:

Re: defer: removed spurious QUEUEID log

2010-04-15 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Stefan Foerster: It was followed by what seemed the normal delivery of a single mail: postfix-hub/smtpd[27112]: 1E0DE10003: client=edge.kvm.incertum.net[192.168.122.13] Right, this is a new message that has claimed the name 1E0DE10003, Postfix

Re: defer: removed spurious QUEUEID log

2010-04-15 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Normally the queue manager deletes a defer logfile when it brings a message into the active queue, and the bounce daemon deletes the defer logfile after sending a mail too old bounce message. If the defer file still exists without the message file, some

Re: Postfix LDAP Temporary lookup failure

2010-03-28 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Currently, sites that send valid UTF-8 in MAIL/RCPT commands can make meaningful LDAP queries in Postfix. Lots of MTAs are 8-bit clean internally, so this can actually work today. Do we want to remove this ability from Postfix, or should we add a

Re: No STARTTLS in EHLO Response

2010-03-22 Thread Stefan Foerster
* Carlos Mennens carlosw...@gmail.com: I noticed that I am no longer able to send email via Postfix with STARTTLS enabled on my server. I have not changed anything on my Postfix server over the weekend. I only changed my Firewall appliance but everything appears to be in order. I don't

lmtp: panic: mystrdup: null pointer argument

2010-03-22 Thread Stefan Foerster
This morning, I upgraded from 2.8-20100213 to 2.8-20100306 and enabled IPv6 I have always used the lmtp(8) client to feed messages to amavisd-new (well, those that picked up by pickup(8), anyways): pickupfifo n - - 60 1 pickup -o

Re: lmtp: panic: mystrdup: null pointer argument

2010-03-22 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Stefan Foerster: See DEBUG_README for instructions to attach a non-interactive debugger. The only change in the SMTP client is the smtp_address_preference and lmtp_address_preference parameters, which were tested only for SMTP. Unfortunately, even after

Re: lmtp: panic: mystrdup: null pointer argument

2010-03-22 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Ralf Hildebrandt: [ Charset UTF-8 unsupported, converting... ] * Wietse Venema wie...@porcupine.org: See DEBUG_README for instructions to attach a non-interactive debugger. The only change in the SMTP client is the smtp_address_preference and

Re: Counting clients in smtpd_client_recipient_rate_limit with XFORWARD

2010-03-20 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Patrick Ben Koetter: When a message reenters from an instance that uses XFORWARD, for example amavis, will Postfix count the IP used twice and, for example, add that to smtpd_client_recipient_rate_limit? Rate limits apply to the real client IP

Re: RBL whitelist?

2010-03-17 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Erik Logtenberg: Wietse, is there a reason why you would not want a permit_rbl_client feature in postfix? If not, then I would like to hereby suggest this feature request. If you would approve the feature request but don't have the time and/or other

Re: Feature request: configurable dnsbl scores in postscreen

2010-03-14 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: I created postscreen because it is becoming too expensive to spend one server process per zombie connection. Instead, one postscreen process manages up to thousands of inbound connections simultaneously, and drops the majority of them before they can

Feature request: configurable dnsbl scores in postscreen

2010-03-11 Thread Stefan Foerster
Now, feature request is actually not the right word - it's more an idea, and probably somebody just needs to tell me it's a bad one. With the postscreen_dnsbl_sites setting, each site administrator can configure a list of DNS blacklists that new SMTP connections will be checked against (excluding

postfix-users memes (was: A problem related to smtpd_recipient_restrictions)

2010-02-23 Thread Stefan Foerster
* Noel Jones njo...@megan.vbhcs.org: Perhaps surprisingly, postfix smtpd_*_restrictions only apply to mail submitted via smtp. Someone should actually start collecting all those frequently used sayings - and perhaps translate them. I remember having asked a not-so-clever question here once,

Re: location of filter

2010-02-16 Thread Stefan Foerster
* Jon L Miller jlmil...@mmtnetworks.com.au: Is it standard practice to have the filter: permit_my _networks at the top of a listing? Also having the filter permit at the bottom what is the reason and the difference between the two filters. If, by filters you are referring to

Re: postfix 2.7 release date

2010-02-08 Thread Stefan Foerster
* DUBOURG Kevin ke...@dubourg.info: No, the stable candidate is 2.6. On debian repository 2.5.5-1.1 ... Snif ... I've been maintaining backports for Debian/stable since the stress dep. server personality patch was first published. Right now, my personal repository at

Re: postfix 2.7 release date

2010-02-08 Thread Stefan Foerster
Hallo Wietse, * Wietse Venema wie...@porcupine.org: Robert Schetterer: Hi Wietse, is their any fixed release date for version 2.7 ? There is a release candidate for testing. The TLS caches won't get automatic cleanups in the initial 2.7 release(s)? Stefan

Re: postfix 2.7 release date

2010-02-08 Thread Stefan Foerster
* Stefan Foerster cite+postfix-us...@incertum.net: * Wietse Venema wie...@porcupine.org: Robert Schetterer: Hi Wietse, is their any fixed release date for version 2.7 ? There is a release candidate for testing. The TLS caches won't get automatic cleanups in the initial 2.7

Re: postfix 2.7 release date

2010-02-08 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Stefan Foerster: The TLS caches won't get automatic cleanups in the initial 2.7 release(s)? TLS caches have always had automatic cache cleanup. In fact, the verify and postscreen daemons use a library module that contains a generalized version

Taking over a mail queue from another node

2010-01-28 Thread Stefan Foerster
If in a mail cluster, with multiple machines having access to a shared storage device (SAN, iSCSI) which is presented to the host as a normal block device (e.g. /dev/sda, hosting a normal ext3 filesystem), one of the mail nodes fails, what are the necessary Postfix steps to take over the queue on

Re: Taking over a mail queue from another node

2010-01-28 Thread Stefan Foerster
* Victor Duchovni victor.ducho...@morganstanley.com: On Thu, Jan 28, 2010 at 06:13:33PM +0100, Stefan Foerster wrote: If in a mail cluster, with multiple machines having access to a shared storage device (SAN, iSCSI) which is presented to the host as a normal block device (e.g. /dev/sda

Re: Taking over a mail queue from another node

2010-01-28 Thread Stefan Foerster
* Victor Duchovni victor.ducho...@morganstanley.com: On Thu, Jan 28, 2010 at 06:39:34PM +0100, Stefan Foerster wrote: If the node doesn't have to process any new incoming mail, will qmgr be able to handle six digit deferred queues? So long as you just drain this queue, and don't take

Re: Putting $data_directory on a RAM filesystem

2010-01-24 Thread Stefan Foerster
* Victor Duchovni victor.ducho...@morganstanley.com: On Sat, Jan 23, 2010 at 06:08:40PM +0100, Stefan Foerster wrote: In case of severe server overload, with postscreen(8) complaining about lookup and update times around 400ms almost every mail, is it (reasonably) safe as a last desperate

Putting $data_directory on a RAM filesystem

2010-01-23 Thread Stefan Foerster
In case of severe server overload, with postscreen(8) complaining about lookup and update times around 400ms almost every mail, is it (reasonably) safe as a last desperate measure to put $data_directory, or at least the file referenced by $postscreen_cache_map, on a ramdisk (e.g. tmpfs with

Re: Postfix sender reputation support in snapshot 20100117

2010-01-17 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: This is implemented by specifying FILTER actions with empty next-hop destinations in access maps or header/body_checks, and by configuring in master.cf one Postfix SMTP client for each SMTP source IP address, where each client has its own -o myhostname and

Re: Limitations of smtpd_proxy_filter

2010-01-11 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Stefan Foerster: One of the greatest improvements in the 2.7 tree is the ability to defer transmission of received messages to a SMTP proxy until the message receiption completes (smtpd_proxy_options = speed_adjust). Can you be more specific about

Re: Does Postfix cache resolv.conf?

2010-01-10 Thread Stefan Foerster
* Dr. Lars Hanke l...@lhanke.de: I had a quite strange issue. About a week ago my bind9 broke down and I could not get it running again on the same machine. So moved it to another machine and changed the /etc/resolv.conf of my machines to try both IP. Apparently everything worked fine.

Re: Limitations of smtpd_proxy_filter

2010-01-10 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: For STATISTICAL load balancing you can get by with multiple IP addresses per proxy filter host name. However this requires new The main difference I see here is that delivery to a content_filter will try more than one server, giving us not only

Re: master.cf - integrating Postfix with DKIM proxy

2010-01-03 Thread Stefan Foerster
* Michael p...@nettrust.co.nz: In reference to the following page: http://dkimproxy.sourceforge.net/postfix-outbound-howto.html it includes the following: submission inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=yes

Re: master.cf - integrating Postfix with DKIM proxy

2010-01-03 Thread Stefan Foerster
* Stefan Foerster cite+postfix-us...@incertum.net: I _think_ (and I'm really not 100% sure if this would work) another possibility would be to use a feature introduced with Postfix 2.7, namely sender_dependent_default_transport_maps. You could define a transport which passes all mail

Re: Code burn-in: postscreen/verify cache cleanup

2009-12-30 Thread Stefan Foerster
As a side note: * Stefan F??rster cite+postfix-us...@incertum.net: I took care of that problem - permanently. I understand that an UTF-8 encoded realname might pose serious problems to some MUAs and I don't want to cause any, erm, inconveniences. Stefan

Re: Code burn-in: postscreen/verify cache cleanup

2009-12-30 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Systems that run close to the capacity limit probably should not expire caches but simply rotate them. I already have a version of Postfix that allows you to turn off cache cleanup. I deployed 20091230-nonprod before I went to town this evening and until

postscreen: refresh of stored entries?

2009-12-30 Thread Stefan Foerster
from /var/log/mail.log: Dec 31 01:49:47 nemea postfix/postscreen[2994]: PASS OLD 168.100.1.4 # postmap -q 168.100.1.4 btree:/var/lib/postfix/ps_cache 1262188493 # date --date Dec 31 01:49:47 +%s 1262220587 # echo $(((1262220587-1262188493)/3600)) 8 If a client that has passed postscreen in the

Re: 3 hour delay

2009-12-19 Thread Stefan Foerster
* Jon August jonaug...@gmail.com: I've been running Postfix/MySQL/Courier for months with no problems. Suddenly in the last day or so, mail has been taking around 3 hours to process. I don't have a clue where to start looking. When I do a qshape, I see this: Taking a look at the output of

Re: 3 hour delay

2009-12-19 Thread Stefan Foerster
* Stefan Foerster cite+postfix-us...@incertum.net: As mentioned in the documentation, the above is a union of the active and deferred queues. D**n. active and incoming queues. Stefan

Re: ps_dict_put: /var/lib/postfix/ps_cache.db update took X ms

2009-12-15 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: Stefan Foerster: Is it 100ms? I got exactly 882 messages like postscreen[5486]: warning: ps_dict_put: /var/lib/postfix/ps_cache.db update took 108 ms with values ranging from 101 to 147 within the last 24 hours on a moderately busy system

Re: Conditional Sender Address rewrite (based on Receivers Address)

2009-12-14 Thread Stefan Foerster
* Tobias tobs...@brain-force.ch: I have two email adresses: a...@domain.tld and b...@domain.tld Only a...@domain.tld is registred with several mailinglists. But the user b...@domain.tld is the one I want to use. Try subscribing twice and disable mail delivery for one account. All Mailman based

postscreen: getpeername: Transport endpoint is not connected

2009-12-13 Thread Stefan Foerster
After a few years of Postfix, one usually knows all warnings and errors it reports. With the addition of postscreen(8), there appeared two new warnings that I don't know yet: postscreen[8790]: warning: getpeername: Transport endpoint is not connected postscreen[8790]: warning: write

Re: postscreen: getpeername: Transport endpoint is not connected

2009-12-13 Thread Stefan Foerster
* Sahil Tandon sa...@tandon.net: On Sun, 13 Dec 2009, Stefan Foerster wrote: postscreen[8790]: warning: getpeername: Transport endpoint is not connected postscreen[8790]: warning: write unknown_address:unknown_port: Connection reset by peer I think these messages in your log correlate

Re: PATCH: smtpd_proxy logging

2009-12-06 Thread Stefan Foerster
* Wietse Venema wie...@porcupine.org: On Fri, Dec 04, 2009 at 08:54:01PM +0100, Stefan Foerster wrote: Now, about logging - I'd be really grateful if the existing logging functionality could be extended in a way so that the pre-queue content filter's response is logged. I know