On 12/10/2010 02:45 AM, mouss wrote:
Le 10/12/2010 03:43, Robert Moskowitz a écrit :
On 12/09/2010 10:31 AM, mouss wrote:
Le 09/12/2010 14:54, Robert Moskowitz a écrit :
This is a new install on Fedora 12 using the tools from:
http://wiki.amahi.org/index.php/Amahi_Mail_System
We have patched the Postfix source to add the Quota patch. It would be
REALLY nice if this was just a part of Postfix
The VDA is patch is not supported. it doesn't look like there's
anything new that would cause change...
I assumed it was not supported, or it would not still be a patch. Why is
it likely to be supported? It seems quotas are common, is there a
bettter way?
quotas are indeed common, but they pose some hard issues that aren't
easy to resolve.
- most people implement that on the delivery side. that will cause
bounces, but as far as you filter spam "enough" and you don't send too
much bounces (that is: over quota situation are not the norm in your
setup), it should be ok.
- there's a policy service
http://postfixquotareject.ramattack.net/
(I've never tried it)
other approaches exist as well. my favourite is to setup two levels of
quota. say:
- "guaranteed" quota: for example, user has up to 100 Mo
- "tolerated" quota: we can accept as much as 500 Mo for user, but
without guarantee
when a user is above his "guaranteed" quota, he is notified to purge
his mail. at say 200 Mo, he is added to an access table and his mail
is rejected. once he purges his mail, he asks to be unlisted.
When I can squeeze in the time, I will have to look more into this.
DCC looks like is is just not working. LOTS of failures to connect.
What
port does it use? Perhaps I am blocking it.
sooorry. I don't use DCC. anyway this is off topic here.
But perhaps someone else here does use it...
according to the web, dcc uses port 6277/udp. that's as much as I can
say!
Yes, I finally put a decent request into google and came up with this
answer and Cisco ACL rules. Of course I have a Juniper Netscreen...
And I also have to set the IPTABLES rule. Now I have to find out if DCC
uses IPv6 and set up v6 rules if needed; probably do that anyway.
[snip]
inet_interfaces = all
this the default. just remove the setting from your main.cf.
I need eth0 and loopback. These are the only interfaces on the box. What
is the difference between all or eth0, lo ?
"all" means all interfaces. so it will include eth0 and lo. if these
are the only interfaces on your box, just remove the setting.
Is this a paranoid defensive configuration (what if I add a second
interface that I don't want Postfix to use), or a performance issue?
hmm. What about VPN virtual interfaces.
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = klovia.htt-consult.com, localhost,
localhost.localdomain
myhostname = klovia.htt-consult.com
mynetworks = 127.0.0.0/8
good.
you don't have mydomain nor myorigin. the default values will apply.
if the defaults are ok, then it's ok. otherwise, specify explicitely.
My understanding is that the domain SQL table replaces this?
No, not mydomain and myorigin. by default:
- mydomain is derived from myhostname. in your case, it is
htt-consult.com. if this is what you want, then it's ok.
- by default, myorigin=$myhostname. This is the domain added to
addresses without a domain. so in your case, mail sent to <joe> will
be sent to <j...@klovia.htt-consult.com>. if you don't want the klovia
part, set
myorigin = $mydomain
to check default values on your system, use 'postconf -d'.
mydomain = htt-consult.com
myhostname = klovia.htt-consult.com
myorigin = $myhostname
And just about every entry in /etc/aliases is to root, and
/root/.forward points to me, so I get all this cruft :)
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $vi
rtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks
$virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.5/README_FILES
receive_override_options = no_address_mappings
recipient_delimiter = +
you don't have relay_domains. check the default. if you don't need
relay_domain. specify
relay_domains =
explicitely.
According to: http://www.postfix.org/postconf.5.html
"allow_untrusted_routing (default: no)
Forward mail with sender-specified routing (us...@%!]remote[@%!]site)
from untrusted clients to destinations matching $relay_domains.
By default, this feature is turned off. This closes a nasty open relay
loophole where a backup MX host can be tricked into forwarding junk mail
to a primary MX host which then spams it out to the world. "
this is unrelated. in the default setup, your server will accept mail
for any *.klovia.htt-consult.com domain. Some people need this setup
(compaptibility setting, so that they get mail for every unix box...),
but apparently, you don't need this. so use
relay_domains =
hmm..
relay_domains = $mydestination
mydestination = $myhostname, localhost.$mydomain, localhost
So I just ran:
postconf -e 'relay_domains ='
We will see if there are now more than what I got last night (per
logwatch report):
220 Reject relay denied 11.22%
