OpenLDAP version with Postfix?

What is the best OpenLDAP version to use with Postfix at the moment? I'm mainly wondering whether OpenLDAP 2.4 has any significant problem issues with Postfix? As always, thanks for any insights! Ville

Authenticating aginst ActiveDirectory?

There is very little on the topic on the web and on the Postfix Users archives. The little I find seems to imply it's very difficult to extract password information from AD (say, to sync to OpenLDAP). Since the last thread about this topic in this group is from last year, I'm asking whether a solu

Re: Authenticating aginst ActiveDirectory?

On Thu, Nov 13, 2008 at 10:32 PM, MacShane, Tracy <[EMAIL PROTECTED]> wrote: > I'm sorry, why do you need to sync passwords to relay mail to your > Exchange servers? To do relay recipient validation, you just need to do > a simple LDAP lookup to the AD to verify valid email addresses. Since > you o

OpenLDAP version with Postfix?

(copying the list; this went initially out to tôba only) I'm not aware of any any problems — I'm thinking that there probably would not be any, but various packages have "prerequisites" or "support" for 2.3 or 2.2. That is not to say, of course, that they wouldn't work with the latest version, and

Re: Body checks and warning log

This is probably a too complex solution but I mention it anyway. In late July there was a discussion here about rewriting the subject line. I'm using an external spam filtering service (Katharion), and if I choose spams to be delivered (rather than quarantined), they're tagged with "**SPAM**" in fr

Virtual canonical domains?

The exciting quest to Postfix continues... Tonight's question is about virtual canonical domains (the term is obviously coined by me since there are no Google hits with it before this post gets indexed ;). I have currently (for clarity's sake while I'm learning the system) defined virtual_mailbox_

Re: Virtual canonical domains?

On Sun, Nov 16, 2008 at 1:11 AM, mouss <[EMAIL PROTECTED]> wrote: > in theory, you could use wildcard virtual_alias_maps: > @alternatename.example @primary.example > > unfortunately, this makes all addresses [EMAIL PROTECTED] valid during > the smtp transaction, and this will cause a bounce if the

Re: Virtual canonical domains?

On Mon, Nov 17, 2008 at 1:28 AM, mouss <[EMAIL PROTECTED]> wrote: >> straightforward to store in SQL. Someplace I've seen a warning against >> mixing LDAP and SQL — may have been in the "Book of Postfix", but > I don't remember any such warning, and I don't see what problem this > would cause eve

Re: Virtual canonical domains?

On Mon, Nov 17, 2008 at 1:04 AM, Darren Pilgrim <[EMAIL PROTECTED]> wrote: > Use a pcre map to return the local part @someotherdomain.com: > > /^(.+)@fourthdomain\.com$/ [EMAIL PROTECTED] Where would you put that pcre map? I tried few different patterns in check_recipient_access in smtpd_recipient

Re: Virtual canonical domains?

ACL Policy Daemon for Postfix might do the trick without me having to write the policy daemon myself. It provides numerous ACL methodsand Regex ACLs . Ville

Re: Virtual canonical domains?

On Tue, Nov 18, 2008 at 11:43 AM, Darren Pilgrim <[EMAIL PROTECTED]> wrote: /^(info|sales|test1)@fourthdomain\.com$/ [EMAIL PROTECTED] I'm not having luck with that. I put... [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] /^(user1|user2)@fourthdomain\.com$/

Re: Virtual canonical domains?

On Tue, Nov 18, 2008 at 12:25 PM, Darren Pilgrim <[EMAIL PROTECTED]> wrote: > You have different lookup types in the same table. The pcre line goes in a > second lookup table (i.e., virtual_alias_maps.pcre) added to > virtual_alias_maps: > > virtual_alias_maps = >hash:${config_directory}/t

Re: Virtual canonical domains?

On Tue, Nov 18, 2008 at 1:25 PM, mouss <[EMAIL PROTECTED]> wrote: > after some time, a script will save more... > > # cat alias-target.users > user1 > user2 > ... > # cat myscript > #!/bin/sh > grep -v "^#" alias-target.users | while read _user; do > echo "[EMAIL PROTECTED] [EMAIL PROTECTED]" > d

Preventing local forwarding for some local domains

The question may sound odd, but here's what I'm trying to do: There are number of virtual domains defined on the local server that is the final destination for these domains. Yet the MX record in the DNS for these domains points to the mail exchangers of an external spam filtering service which in

Re: forwarding mail to another MX on same domain

On Fri, Nov 21, 2008 at 1:31 PM, Wietse Venema <[EMAIL PROTECTED]> wrote: > A transport maps entry like this: > >[EMAIL PROTECTED]smtp:ms-exch.example.com > > Should do the job. Interesting. I think this may answer the question I posted last night about "Preventing local forwarding for

Re: forwarding mail to another MX on same domain

On Fri, Nov 21, 2008 at 1:31 PM, Wietse Venema <[EMAIL PROTECTED]> wrote: > A transport maps entry like this: > >[EMAIL PROTECTED]smtp:ms-exch.example.com It also seems to be possible to redirect an entire domain to another smtp server.. @example.comsmtp:ms-exch.example.co

Limiting header_checks by domain or interface

Is it possible to limit header_checks either by recipient domain or by listening interface? I'd like to remove certain headers, but only from specific domains. Ville

Re: forwarding mail to another MX on same domain

On Fri, Nov 21, 2008 at 11:18 PM, Victor Duchovni <[EMAIL PROTECTED]> wrote: > Wrong syntax. In the transport table, domains don't start with > an "@". Ok, I corrected it (although it seemed to work with an "@", too). Ville

Re: forwarding mail to another MX on same domain

On Fri, Nov 21, 2008 at 11:41 PM, Victor Duchovni <[EMAIL PROTECTED]> wrote: > Your observations were in error.. You're correct. I hadn't refreshed the system after I made the change. Ville

Re: forwarding mail to another MX on same domain

I'll continue here since Krosrow's issue has been resolved (so I'm not really hijacking the thread). I now have the following defined in mailbox_transport_maps: [EMAIL PROTECTED]smtp:mx.myexternaldomain.com Yet when I attempt to send mail to the local system at [EMAIL PROTECTED] I ge

Re: forwarding mail to another MX on same domain

I just realized that this would not resolve the issue because the remote MX would just redeliver it to the local server which is the final destination of the domain. I'm probably better off with a simple alias domain forward. So while it's not worth considering how to tweak my specific configurati

Use of permit_inet_interfaces?

I now have smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces check_client_access hash:$config_directory/tables/smtpd_client_access reject smtpd_client_restrictions_katharion = permit_mynetworks permit_sasl_authenticated ch

Re: forwarding mail to another MX on same domain

Couple of messages earlier in this thread I posted the following pcre smtpd_recipient_access table: # reject domains that are served by Katharion # on the generic smtpd interface /(@virtualdomain1\.com| @virtualdomain2\.com| @virtualdomain3\.com| @virtualdomain4\.com| @virtualdomain5\.com)$/

Re: Preventing local forwarding for some local domains

I have been looking into this issue over last several days, and the discussion about "forwarding mail to another MX on same domain" shed some light on this. However, I don't have this still working the way I would like so I rephrase as I now have a clearer picture of what I'm trying to accomplish:

Re: forwarding mail to another MX on same domain

On Sun, Nov 23, 2008 at 3:35 AM, mouss <[EMAIL PROTECTED]> wrote: > As Henrik says, you can break them with /x. Got it to work after realizing a blank space is needed in front of the continuation lines... > Note that in this example, pcre is too much. a hash (or cdb) will do fine: > > virtualdoma

Re: Preventing local forwarding for some local domains

Thanks Victor.. I'll give that a try. With my first attempt I managed to create a loop of some kind, but after re-reading your description I think I know what caused it. One thing I wanted to clarify is the transport map definition. Does the domain name that comes after "smtp:" need to be the exter

Re: Preventing local forwarding for some local domains

Thanks Victor and Barney. I got this correctly configured tonight (the loop issue was resolved); works perfectly now! Ville

Re: preventing backscatter with virtual_alias_maps

On Mon, Nov 24, 2008 at 11:47 AM, D G Teed <[EMAIL PROTECTED]> wrote: > When I can't understand the developer's notes, I usually emulate > something that works from useful examples. As a relatively recent newcomer to Postfix (I've been running qmail since 2002 and Postfix since last year) I agree

Re: Intercepting messages in queue

I have in master.cf: #client for sending emails to smtpprox scan unix - - n - 10 smtp -o smtp_send_xforward_command=yes -o disable_mime_output_conversion=yes -o smtp_generic_maps= #return interface for the mail filtered through smtpprox localhost:10026

Local & remote delivery?

Hello everybody, In virtual_mailbox_maps I can define: someu...@somelocaldomain.com somelocaldomain.com/someuser/ or, in virtual_alias_maps I can set: someu...@somelocaldomain.com anotheracco...@someplaceelse.com But how do I combine these so that mail received by som

Re: Local & remote delivery?

Nevermind... this was sufficiently answered in a recent discussion "Alias and mailbox under one e-mail address". Either this kind of questions repeat frequently enough, or it's an interesting co-incidence that the same issues I'm tackling with are often discussed on the list just around the same t

Re: Local & remote delivery?

To continue on this issue... I was able to get the functionality I was looking for by first creating an alias with multiple recipients on the local domain, then using that alias in recipient_bcc_maps to send a copy of a message delivered to a local mailbox to multiple external recipients (as recipi

Re: Local & remote delivery?

Thanks, Sahil! That is certainly simpler and seems to work well. Ville

Re: Postfix does not dot the i's when client sends gibberish

On Fri, Dec 12, 2008 at 9:12 AM, Wietse Venema wrote: > Moreover, Postfix was written before RFC2821. Declaring error > replies buggy after the rules change is not useful. > But if the rules do change, would you not alter Postfix accordingly? (I don't mean this instance specifically as this appe

Re: Canonical Rewriting

Somewhat unrelated, but perhaps worth mentioning: For couple of years I've used RegexBuddy (http://www.regexbuddy.com) to facilitate / speed up creation of regular expressions for various uses (it supports many regexp flavors). The program makes writing of regexps fun, and is a great help especial

Re: Canonical Rewriting

On Fri, Dec 12, 2008 at 2:16 PM, J Sloan wrote: > Weird, no linux version? oh well, useless to me. > Well, there's always Wine... Ville

Bounces for the relocated?

I've been experimenting with relocated_maps as well as user-specific entries in transport_maps. They work, but they also terminate the SMTP conversation with the defined message. In my configuration the sender would never see that message because the mail is received by the external spam filtering

Re: Bounces for the relocated?

On Sat, Dec 13, 2008 at 10:24 AM, Sahil Tandon wrote: > No, this is backscatter. Do not accept mail that you intend to bounce. > Relocated maps should be setup on the MX that sits on the border; not > an internal mail server. > Unfortunately I don't control the MX that initially accepts the mai

header_checks vs. content_filter?

A quick question: If I have.. content_filter = scan:[127.0.0.1]:10025 in main.cf (plus the corresponding 'scan' entry in master.cf), and.. 192.168.1.97:25 inet n - n - - smtpd -o smtpd_client_restrictions=${smtpd_client_restrictions_spamfilter} -o smtpd_recipient_

Re: header_checks vs. content_filter?

On Mon, Dec 15, 2008 at 2:36 AM, mouss wrote: > Once mail is passed to a content filter, postfix no more sees it! so > it's header_checks before. Excellent! I was hoping it would be that way so that I can be sure a particular header no longer exists when the content filter receives the content.

Selective outbound relaying II

Hello everybody, I'm revisiting this issue after a break - about a year - and now I'm trying to get to the bottom of this. I found a thread from five years back (http://bit.ly/bIFigX) that discusses a similar issue, but my situation is somewhat different. I'm attempting to create a configuration

Re: Selective outbound relaying II

"sender_dependent_relayhost_maps" may be what I'm looking for..

Re: Selective outbound relaying II

sender_dependent_relayhost_maps works except that the other settings affecting the relay aren't conditionalized by the defined relayhost maps. In this case the relayhost for the externally relayed "business" domains requires TLS and authentication while the relay for the local domain (being the lo

Re: Selective outbound relaying II

On Thu, Jul 8, 2010 at 9:17 PM, Stan Hoeppner wrote: > Something tells me you'll answer your own question before we get a chance to. > ;) ;-) I think I've now hit a wall with a singular configuration. I'll proceed with setting up a second instance unless someone has a clever idea how to accompl

Re: Selective outbound relaying II

On Thu, Jul 8, 2010 at 10:54 PM, Victor Duchovni wrote: > TLS security levels are configurable per nexthop destination > as documented.  SASL logins are also specified via the table of > per-destination user:password pairs. It is not clear what's missing. I'll read more. The only thing that may b

Re: Selective outbound relaying II

Resolved! Another concurrent thread "SASL Authentication per recipient domain" gave additional clues. I ended up using a PCRE map for sender_dependent_relayhost_maps (domain names changed to protect the innocent and to better illustrate what was done): main.cf: smtp_sasl_auth_enable = yes

Unknown mail transport error (injection only)

Hello all, I'm finally implementing into production the systems for which I got excellent advise from this list last fall (or was it last summer?). However, I have one issue I haven't been able to figure out: How do I restrict mail reception only to certain accounts from external sources? The syst

Re: restrict external host

Or, if you want to have one "regular" interface and one "restricted" (to receive email only from the primary relay), you could use the following: In master.cf: #standard port 25 smtp inet n - n - - smtpd #restricted interface to receive email only from specif

Re: Unknown mail transport error (injection only)

Thanks for that information! It pointed me to the right direction. Yes, I was using "accounts" and "addresses" interchangeably because I wanted to be able to control both. In other words, there are both actual accounts (virtual and UNIX) and addresses (aliases) that either need to be accessible pub

Re: Unknown mail transport error (injection only)

Oops.. just noticed that the Subject of this thread isn't very descriptive for what I was asking. I was tackling an error condition and was going to ask about it, but then resolved it. Apparently I edited the draft without editing the subject. It should've read "How to restrict mail reception of so

Tip: Restricting mail reception using a remote service's SPF records

Here's an idea.. maybe it's useful for someone, so I post it here. I'm setting up a local mail server to cache remote service's mail for faster access on the LAN. The remote server has an up-to-date SPF record that is updated whenever the sending IP ranges change. I want to limit unauthenticated m

Re: Tip: Restricting mail reception using a remote service's SPF records

Thanks, I'll look into that; it'll simplify it a bit. Anything that is parsed from text output is obviously not super solid but for this application it'll suffice. The MX for the business domains in question is an external service that takes care of spam filtering, address consolidation, etc. The

Re: Tip: Restricting mail reception using a remote service's SPF records

Here's the completed script (the IP/CIDR extract worked perfectly -- thanks Barney!): --- #!/bin/sh ORIGINAL=/usr/local/etc/postfix/tables/client_access_maps.cidr NEW=/tmp/postfix_clients.tmp dig +short senderdomain.net TXT | grep 'v=spf1' | egrep -o 'ip4:[0-9./]+' | sed 's/^ip4://' | sed 's/$/

Re: Tip: Restricting mail reception using a remote service's SPF records

Perfect! Thanks all!!

Re: Tip: Restricting mail reception using a remote service's SPF records

On Fri, Jun 26, 2009 at 5:17 PM, mouss wrote: > so you would block mail from me? Yes, in fact, the local "cache" mail server would refuse mail from everyone but the servers mentioned in the external service's SPF record hence creating sort of an unprotected, IP-based "tunnel" between the external

Send to relay?

Is it possible for Postfix to relay mail through another SMTP server? In other words: [sender client] -LAN-> [Postfix SMTP] -slow-> [some other SMTP] -> [recipient's SMTP] -> [recipient's client] .. where "Postfix SMTP" would relay via "some other SMTP" all outbound email it accepts to queue? Th

Re: Send to relay?

I suppose I could use transport_maps to map all addresses to a specific MX (which would really be the relay). Ah, and few Google searches produced these: http://tinyurl.com/ypb3tc http://tinyurl.com/qmkph8 http://tinyurl.com/o2mzkx Apparently what I'm looking for is an outbound proxy. Ville

Re: Send to relay?

On Sat, Jun 27, 2009 at 6:36 AM, Barney Desmond wrote: > What you describe sounds exactly like a relayhost, no? > A pretty common requirement. > http://www.postfix.org/postconf.5.html#relayhost Yes, relayhost it is! It was easy to set up! Postfix rocks! :-) Ville

Re: Send to relay?

Note to other setting this up for the first time: make sure you have the Cyrus SASL2 library compiled in! It took me a while to figure out why SASL AUTH wasn't working. Ville

Daily outbound message counts?

I would like to have a daily report of the total number of email messages sent out through a Postfix installation (all users, all domains combined). What would be the easiest way to "increment a counter" every time a mail goes out? I would mostly use the daily count as an alarm of possible abuse,

Re: Daily outbound message counts?

On Sun, Jun 28, 2009 at 4:09 PM, Brian Mathis wrote: > Look into log analysis tools like pflogsumm. Exactly what I was looking for. Thank you! Ville

Discarding an address via transport_maps?

I need to set up a nullroute address which is accepted without any kind of warning, and then silently discarded. I have it working using check_recipient_maps as: nullro...@somedomain.net discard blackholed ("nullroute" is set up as an alias on $mydomain in aliases so that it's accepted) Ho

Re: Discarding an address via transport_maps?

Never mind.. I figured it out: in main.cf: transport_maps = hash:$config_directory/tables/smtp_transport_maps smtpd_recipient_restrictions = ... check_recipient_access hash:$config_directory/tables/smtpd_allow_nullroute ... tables/smtpd_allow_nullroute: nullro...@mydomai

Re: Discarding an address via transport_maps?

On Tue, Jun 30, 2009 at 2:49 PM, Victor Duchovni wrote: >> smtpd_recipient_restrictions = >>         ... >>         check_recipient_access >>hash:$config_directory/tables/smtpd_allow_nullroute > Only necessary if you have later restrictions that can block > mail to this recipient.

sender_dependent_relayhost_maps and nullroute

I'd like to use sender_dependent_relayhost_maps to relay some domains via a remote server while sending mail for others from the local server. However, I also use transport_maps to create a nullroute address (see http://marc.info/?l=postfix-users&m=124639143215455&w=2 for an earlier conversation),

Rewriting Subject line, adding an X-header?

I'm setting up Postfix 2.5.1, Dovecot 1.1.1 on FreeBSD 7 and will be using an external (commercial) spam filtering service that forwards the emails to my Postfix/Dovecot mailserver. I have the option to either keep the spam at the external service, or forward them to the local system. I'm thinking

Re: Rewriting Subject line, adding an X-header?

Thanks for the responses! I printed out bunch of Postfix READMEs to read while waiting for my wife and daughter were shopping, and while reading "Before-Queue" and "After-Queue" content filtering README files I was pretty sure that I'd find in my mailbox recommendations to use the content filters.

Re: Header check and script

I've been looking for the last day (on and off :-) at Todd Bennett's smtpprox (see http://bent.latency.net/smtpprox/ ). It would likely do what you're looking to do with minimal modifications. My goal is to look for the Subject of the arriving messages (all arriving messages will be filtered throu

Re: Header check and script

On Sun, Jul 27, 2008 at 11:13 AM, mouss <[EMAIL PROTECTED]> wrote: > you should have posted this to the other thread: >"Rewriting Subject line, adding an X-header?" > (always think of the archives). Indeed. There seems to be a lot of good stuff in the archives! > note that just because yo

Re: Rewriting Subject line, adding an X-header?

- Delivered-To: [EMAIL PROTECTED] X-Spam: yes < this was added From: Some User <[EMAIL PROTECTED]> To: Ville Walveranta <[EMAIL PROTECTED]> Subject: This is spam! < "**SPAM**" was removed Date: Mon, 28 Jul 2008 09:58:26 + (UTC) -- I

Re: Rewriting Subject line, adding an X-header?

Here's the completed code that includes the "blank line check" -- the body is neither scanned for "Subject: **SPAM**" (saves time and prevents false positives) nor is the substitution string run against the body (so that any occurrences of "Subject: **SPAM**" are not touched in the body). If someo

Re: Rewriting Subject line, adding an X-header?

On Mon, Jul 28, 2008 at 3:08 PM, mouss <[EMAIL PROTECTED]> wrote: > you're removing the blank line. always be careful with "last". No, the first pass was just to collect information (i.e. whether the "**SPAM**" exists on the Subject line). It didn't remove the blank line in the end of the header.

Re: Rewriting Subject line, adding an X-header?

On Mon, Jul 28, 2008 at 4:55 PM, Robert Spencer <[EMAIL PROTECTED]> wrote: > Can't they add "X-Spam: yes"? For a paid service they're offering you > remarkably little options. I'm requesting that change as it would positively identify the spam messages. They generally seem to buffer the spam on th

Re: Rewriting Subject line, adding an X-header?

On Mon, Jul 28, 2008 at 7:30 PM, Robert Spencer <[EMAIL PROTECTED]> wrote: > Your "less technical" users are right, it takes less time to look in a > spam folder than it is to open a browser window and navigate to the > web interface. I would have found it irritating in a very short time > and some

Re: Accep email onl from specific IP address(es)?

I have a similar setup in the works (the external spam filtering hasn't been engaged yet, so I haven't tested this). I'm thinking smtpd_client_restrictions would do the job, like so (the excerpts are from main.cf): smtpd_client_restrictions = permit_mynetworks permit_sasl_authenti

LDAP admin, schema for Postfix (and Dovecot)?

I continue setup (after a short pause) of a Postfix-Dovecot mail system. The last major component that I'm configuring (and understanding with some difficulty :-) is LDAP. I have two questions: those of you who use LDAP as a back-end, what tools do you use to manage the entries, and what schema do

Re: LDAP admin, schema for Postfix (and Dovecot)?

Thanks for the tips; I'll take a look at Nimel schema for a starting point (I'm currently using the one that came with Phamm, and I'm not yet sure how it'll measure up). I also wasn't aware of Apache Directory Studio; I'll give it a whirl. Though I think LDAP Administrator's templates will likely

Limiting an interface to a specific domains and client IPs

Hello everybody! My "Qmail to Postfix transition project" has been on ice for couple of months due to other priorities, but now I need to finish it. One of the things I'm working on is to see if I could limit an interface to specific domains and to accept unauthenticated connections only from spec

Re: Limiting an interface to a specific domains and client IPs

On Sat, Nov 8, 2008 at 3:29 AM, mouss <[EMAIL PROTECTED]> wrote: > You can create multiple smtpd's in master.cf (but comment out the "default" > one or use inte_interfaces to limit it) > > 192.168.1.1 ... smtpd >-o smtpd_client_restrictions=${smtpd1_client_restrictions} >-o sm

Re: Limiting an interface to a specific domains and client IPs

On Sat, Nov 8, 2008 at 6:19 PM, Wietse Venema <[EMAIL PROTECTED]> wrote: > Postfix uses the names that YOU specify. It does not > magically rename things. >From the MASTER(5): " The service name is specified as host:port, " denoting the host and port on which new con- " nections should be acce

Re: Limiting an interface to a specific domains and client IPs

Many thanks! That should get me going. The interfaces are apparently numbered ("smtpd1", "smtpd2") in main.cf in the order they appeared in master.cf while the "smtpd" remains the default (unless disabled). If I disable the default in master.cf, does the first interface-specific smtpd become "smtp

Re: Limiting an interface to a specific domains and client IPs

Now I got it! I had the feeling I was somehow thinking of this in reverse. Today I had the time to sit down and figure this out, and I was right – I had been thinking that the name itself (e.g. "smtpd2") would need to be defined first so that parameters could be assigned to them in main.cf (how els