Re: New to PF, IO bound query

[mouss]

Eddie b wrote:

Hello, Well firstly, I hope my postfix experience is going to better than
the pathetic ancient mailing list server that took 3 attempts with gmail in
subscriber confirmations...

Anyways... I am looking at replacing our outdated Qmail/ Vpopmail system,
I've read the docs and it seems simple enough using MySQL, and it appears
using dovecots LDA is preferred method,  great, we use noth right now, the
question I have is, we have some virtual domains with up to 90K users, now
vpopmail cleverly splits them into no more than 100 users or domains per
directory, creating  countless/sub/dirs/of/domansuser/accounts etc etc (I
hope you get my drift) it is blindingly fast, as there is next to no IO
impact, however nothing I've read about postfix leeds me to believe, it can
split these up, like
/var/spool/vmail/domain/part-name/another-part-name/etc/etc/user   to keep
the IO efficient, as you can imagine the IO issues we will have if you throw
90K into one single directory, we are intending to do this via mysql input,
and then moving the mail over (no problems with that,we've done it before
with vpopmail to vpopmail)...

So hoping someone else here has dealt with this many users under a domain
and can shed some light..short of writting more perl scripts to count dirs
and then increase and create another sub of a sub and so on, we are tryin g
to keep this as mess-free and painless as possible :)



Start by playing with postfix on a test machine, until you get confortable.

then configure postfix for your virtual setup:
http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox

once you have it working and delivering to where you want, you can 
configure it to deliver with dovecot LDA. see

http://www.postfix.org/VIRTUAL_README.html#in_virtual_other

this requires a working dovecot of course. so check dovecot wiki and ask 
on dovecot mailing list if you have dovecot issues.



Postfix is friendly, but you need to read the documentation
http://www.postfix.org/documentation.html
In particular,
http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
http://www.postfix.org/VIRTUAL_README.html

For troubleshooting, see
http://www.postfix.org/DEBUG_README.html
In particular, if you want to ask here, check
http://www.postfix.org/DEBUG_README.html#mail

Re: Daemon To Execute Commands

[mouss]

Alan Hicks wrote:

On Sat, 30 Aug 2008 00:57:51 +0200
"Marcel Grandemange" <[EMAIL PROTECTED]> wrote:


Im looking for a programme that can run in daemon mode and watch one
of my mbox male files.


male??? :)



The idea I have is I would like to have the ability to send a email
to one of my addresses and have it execute commands based on email
content.

I would essentially like to execute commands via e-mail messages.


There's no need for a daemon here.  Procmail should be able to do
anything you need.  The e-mail can be piped to an external program or
shell script as soon as it arrives.



yes, procmail, maildrop, ... etc.

Re: Reject Based On Senders Email Address

[Magnus Bäck]

On Friday, August 29, 2008 at 20:13 CEST,
 [EMAIL PROTECTED] wrote:

> Thank you, but the lest time I tried using check_sender_access I ran
> into trouble.

How so?

> Would it be possible to force domain verification on a per domain
> basis, where the domain I want verified would be contained in a map?
> (otherwise proceed as it does now).

What do you mean by "domain verification"?

Please stop top-posting.

-- 
Magnus Bäck
[EMAIL PROTECTED]

Re: Reject Based On Senders Email Address

[Magnus Bäck]

On Friday, August 29, 2008 at 20:15 CEST,
 [EMAIL PROTECTED] wrote:

> > Do not start new topics by replying to old messages in old and
> > unrelated threads. Do use the "compose new message" feature of
> > your MUA.
> 
> By the way, how did you catch this?

Decent MUAs display the threads as trees instead of just showing all
messages in a linear list. Your message showed up in the middle of
someone else's tree.

-- 
Magnus Bäck
[EMAIL PROTECTED]

[OT] Replacing Postfix servers

[Stefan Jakobs]

Hello list,

In the moment our mailtraffic is handled by four mailgateways which are 
reachable through one round-robin dns-mx record. Each gateway runs postfix, 
amavisd, spamassassin and clamav. The four gateways handle 2.8 millions 
connections a day.
My employee likes to replace the gateways with some new machines, but we are 
not sure how we should organise the new servers. That's why I'm asking here, 
I hope to profit from your experiences.

I can think of the following cases:
1) Run 2 servers with postfix only, which passing the message to 2 to 4 
servers which run amavisd, spamassassin, clamav. 
Advantage: Easy to extend to handle more load, no problem with loadbalancing 
the postfix servers
Disadvantage: overkill, you need 6 server to process the same max. load as in 
the present setup with 4 servers.

2) Run 2 servers with postfix, amavisd, spamassassin, clamav and 2 servers 
with only amavisd, spamassassin and clamav. Postfix will pass the messages to 
one of the four amavisd servers.
Advantage: no problem with loadbalancing the postfix servers, best usage of 
resources (I guess)
Disadvantage: hard to loadbalancing the amavisd server/processes. 

3) Keep the actual server organisation: 4 servers with postfix, amavisd, 
spamassassin, clamav.
Advantage: Known configuration, easy to extend
Disadvantage: problem with loadbalancing

I like to hear some comments, especially if someone know other possibilities 
to organize the servers and has maybe also some experiences to tell.

Thanks for your patience with these offtopic topic (and my bad English).

Greetings
Stefan


pgpScNfuihGeW.pgp
Description: PGP signature

Re: [OT] Replacing Postfix servers

[Per Jessen]

Stefan Jakobs wrote:

> 3) Keep the actual server organisation: 4 servers with postfix,
> amavisd, spamassassin, clamav.
> Advantage: Known configuration, easy to extend
> Disadvantage: problem with loadbalancing

This is the option I would choose.  What is the load-balancing problems
you're having?  That many clients do not respect the round-robining? 


/Per Jessen, Zürich

Question about log messages and connection caching

[Per Jessen]

I'm using postfix 2.5.4.

When I read the following in the log:

postfix1/smtp[18518]: 4AD0517085: to=<[EMAIL PROTECTED]>,
relay=myserver[myipaddr]:25, conn_use=4, delay=7.8,
delays=7.6/0/0.03/0.08, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
F3241EDAA)

I tend to think that _one_ email has been delivered.  However, given
conn_use is 4, it must have been four emails instead of just one?  
My problem here is - there is only one recipient and only one 250 OK +
queueid (from the receiving postfix).  
I'm assuming it could well have been multiple recipients, and certainly
there should have been four 250 OK responses? 
Or am I just completely and utterly confused? 


/Per Jessen, Zürich

Re: Question about log messages and connection caching

[Ralf Hildebrandt]

* Per Jessen <[EMAIL PROTECTED]>:
> I'm using postfix 2.5.4.
> 
> When I read the following in the log:
> 
> postfix1/smtp[18518]: 4AD0517085: to=<[EMAIL PROTECTED]>,
> relay=myserver[myipaddr]:25, conn_use=4, delay=7.8,
> delays=7.6/0/0.03/0.08, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
> F3241EDAA)
> 
> I tend to think that _one_ email has been delivered.  However, given
> conn_use is 4, it must have been four emails instead of just one?  

Yes, three in the past and one just now.

fgrep "postfix1/smtp[18518]" /var/log/mail.log
(to see the others)

-- 
Ralf Hildebrandt ([EMAIL PROTECTED])  [EMAIL PROTECTED]
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de  I'm looking for a job
What is this "XP pro"? Does this make "XP" unprofessional?

Re: Question about log messages and connection caching

[Per Jessen]

Ralf Hildebrandt wrote:

> * Per Jessen <[EMAIL PROTECTED]>:
>> I'm using postfix 2.5.4.
>> 
>> When I read the following in the log:
>> 
>> postfix1/smtp[18518]: 4AD0517085: to=<[EMAIL PROTECTED]>,
>> relay=myserver[myipaddr]:25, conn_use=4, delay=7.8,
>> delays=7.6/0/0.03/0.08, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued
>> as F3241EDAA)
>> 
>> I tend to think that _one_ email has been delivered.  However, given
>> conn_use is 4, it must have been four emails instead of just one?
> 
> Yes, three in the past and one just now.
> 
> fgrep "postfix1/smtp[18518]" /var/log/mail.log
> (to see the others)

Thanks - I had been looking for something like that too, but I had
expected to see the conn_use number increase sequentially.  What I see
is:

Aug 30 10:49:24 postfix1/smtp[18518]: 
Aug 30 10:49:52 postfix1/smtp[18518]: 
Aug 30 10:49:53 postfix1/smtp[18518]: conn_use=2,
Aug 30 10:49:54 postfix1/smtp[18518]: conn_use=4,
Aug 30 10:49:55 postfix1/smtp[18518]: conn_use=6,
Aug 30 10:49:56 postfix1/smtp[18518]: conn_use=8,
Aug 30 10:49:56 postfix1/smtp[18518]: conn_use=10,
Aug 30 10:50:57 postfix1/smtp[18518]: 
Aug 30 10:52:08 postfix1/smtp[18518]: 
Aug 30 10:52:23 postfix1/smtp[18518]: conn_use=2,
Aug 30 10:53:18 postfix1/smtp[18518]: 
Aug 30 10:54:52 postfix1/smtp[18518]: 
Aug 30 10:56:05 postfix1/smtp[18518]: 
Aug 30 10:56:16 postfix1/smtp[18518]: 
Aug 30 10:56:29 postfix1/smtp[18518]: 
Aug 30 10:56:36 postfix1/smtp[18518]: 
Aug 30 10:56:41 postfix1/smtp[18518]: conn_use=2,
Aug 30 10:56:44 postfix1/smtp[18518]: conn_use=4,

The last line is from the first one I quoted (above).
I guess conn_use is only listed when > 1, but I seem to missing the
uneven numbers? 


/Per Jessen, Zürich

Re: Creating a dummy filter

[Stefan Palme]

On Fri, 2008-08-29 at 09:39 -1000, Camron W. Fox wrote:
> Noel Jones wrote:
> > Camron W. Fox wrote:
> >> Alle,
> >>
> >> We would like to filter all internal email so that it bypasses 
> >> SpamAssassin. We have set up per_client_filters using:
> >>
> >> smtpd_client_restrictions =
> >> check_client_access cidr:/etc/postfix/per_client_filter
> >>
> >> == per_client_filter:
> >> 0.0.0.0/0FILTER spamassassin:
> >> 10.0.0.0/8FILTER dummy:
> >> ...
> >>
> > 
> > Note that order matters in a cidr: table.  First match wins; everything 
> > matches 0.0.0.0/0.  Put the catchall last, more specific entries earlier.
> > http://www.postfix.org/cidr_table.5.html
> > 
> >> The spamassasin filter works fine, but how do we create a dummy 
> >> filter that just does a bypass of all the internal emails?
> >>
> > 
> > Why send them through a filter at all if you don't want them filtered?  
> > Use DUNNO as the table result.
> > 
> > 10.0.0.0/8  DUNNO
> > 0.0.0.0/0  FILTER...
> > 
> Noel,
> 
>   So this will accomplish what we want?
> 
> 10.0.0.0/0DUNNO
> 0.0.0.0/0 FILTER  spamassassin:


Maybe not exactly. We have a similar setup. The problem here is,
that mails handed out to spamassassin (in our case its amavisd-new)
is reinjected by amavisd-new to postfix via localhost:10025. All
mails bypassing amavisd-new must be "manually" reinjected to port
10025 to accomplish address rewriting etc. (all the stuff that is
done AFTER content filtering).

So your setup would look like this:

10.0.0.0/0 FILTER smtp:[127.0.0.1]:10025
0.0.0.0/0  FILTER spamassassin:

Regards
-stefan-

Re: Question about log messages and connection caching

[Ralf Hildebrandt]

* Per Jessen <[EMAIL PROTECTED]>:

> Aug 30 10:49:24 postfix1/smtp[18518]: 
> Aug 30 10:49:52 postfix1/smtp[18518]: 
> Aug 30 10:49:53 postfix1/smtp[18518]: conn_use=2,
> Aug 30 10:49:54 postfix1/smtp[18518]: conn_use=4,
> Aug 30 10:49:55 postfix1/smtp[18518]: conn_use=6,
> Aug 30 10:49:56 postfix1/smtp[18518]: conn_use=8,
> Aug 30 10:49:56 postfix1/smtp[18518]: conn_use=10,
> Aug 30 10:50:57 postfix1/smtp[18518]: 
> Aug 30 10:52:08 postfix1/smtp[18518]: 
> Aug 30 10:52:23 postfix1/smtp[18518]: conn_use=2,
> Aug 30 10:53:18 postfix1/smtp[18518]: 
> Aug 30 10:54:52 postfix1/smtp[18518]: 
> Aug 30 10:56:05 postfix1/smtp[18518]: 
> Aug 30 10:56:16 postfix1/smtp[18518]: 
> Aug 30 10:56:29 postfix1/smtp[18518]: 
> Aug 30 10:56:36 postfix1/smtp[18518]: 
> Aug 30 10:56:41 postfix1/smtp[18518]: conn_use=2,
> Aug 30 10:56:44 postfix1/smtp[18518]: conn_use=4,
> 
> The last line is from the first one I quoted (above).
> I guess conn_use is only listed when > 1, 

Yes.

> but I seem to missing the uneven numbers? 

Odd, it works here:

# fgrep "postfix/smtp[12851]" /var/log/mail.log| awk '{print $9}'
delay=0.74,
conn_use=2,
conn_use=3,
delay=0.18,
conn_use=4,
conn_use=5,

-- 
Ralf Hildebrandt ([EMAIL PROTECTED])  [EMAIL PROTECTED]
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de  I'm looking for a job
Murphy's Law is recursive.  
Washing your car to make it rain doesn't work. 

Re: Question about log messages and connection caching

[Per Jessen]

Ralf Hildebrandt wrote:

> Odd, it works here:
> 
> # fgrep "postfix/smtp[12851]" /var/log/mail.log| awk '{print $9}'
> delay=0.74,
> conn_use=2,
> conn_use=3,
> delay=0.18,
> conn_use=4,
> conn_use=5,

I've got more:

fgrep "postfix1/smtp[29938]" /var/log/mail | awk '{print
$1" "$2" "$3" "$9}'

Aug 30 15:05:49 delay=2.1,
Aug 30 15:06:12 delay=1.1,
Aug 30 15:06:17 delay=3,
Aug 30 15:06:19 conn_use=2,
Aug 30 15:06:20 conn_use=3,
Aug 30 15:06:22 conn_use=2,
Aug 30 15:06:23 conn_use=3,
Aug 30 15:06:24 conn_use=7,
Aug 30 15:06:46 delay=1.6,
Aug 30 15:06:52 delay=3,
Aug 30 15:08:05 delay=3.1,
Aug 30 15:08:21 delay=3.9,
Aug 30 15:08:29 conn_use=2,


Whilst on the subject of connection caching, I assume postfix will (have
to) do a RSET between each reuse of a connection?  (just a sanity check
on my part). 


/Per Jessen, Zürich

Re: Question about log messages and connection caching

[Wietse Venema]

When Postfix reuses an SMTP connection, it may actually be reused
in a different SMTP client process. This maximizes reuse and
minimizes the time that a connection sits idle.

This is different from Sendmail or Exim, where a connection can be
reused only in the process that creates that connection.

Postfix doesn't log the "name" of a connection, so you can't how
it changes hands with connection reuse (this would require logging
the local TCP port number of reusable connections).

> Whilst on the subject of connection caching, I assume postfix will (have
> to) do a RSET between each reuse of a connection?  (just a sanity check
> on my part). 

Of course. See http://www.postfix.org/CONNECTION_CACHE_README.html

Wietse

Re: Question about log messages and connection caching

[Per Jessen]

Wietse Venema wrote:

> When Postfix reuses an SMTP connection, it may actually be reused
> in a different SMTP client process. This maximizes reuse and
> minimizes the time that a connection sits idle.
> 
> This is different from Sendmail or Exim, where a connection can be
> reused only in the process that creates that connection.
> 
> Postfix doesn't log the "name" of a connection, so you can't how
> it changes hands with connection reuse (this would require logging
> the local TCP port number of reusable connections).

All of which I think means that the type of tracking Ralf and I tried to
do won't work.  


/Per Jessen, Zürich

Re: Question about log messages and connection caching

[Wietse Venema]

Per Jessen:
> Wietse Venema wrote:
> 
> > When Postfix reuses an SMTP connection, it may actually be reused
> > in a different SMTP client process. This maximizes reuse and
> > minimizes the time that a connection sits idle.
> > 
> > This is different from Sendmail or Exim, where a connection can be
> > reused only in the process that creates that connection.
> > 
> > Postfix doesn't log the "name" of a connection, so you can't how
> > it changes hands with connection reuse (this would require logging
> > the local TCP port number of reusable connections).
> 
> All of which I think means that the type of tracking Ralf and I tried to
> do won't work.  

You can sort-of reconstruct this, by looking for records
that list the same remote SMTP server:

conn_use=n relay=x.x.x[y.y.y.y]
conn_use=n+1 relay=x.x.x[y.y.y.y]
conn_use=n+2 relay=x.x.x[y.y.y.y]

But for real detective work you need the local TCP port number.
Every reused connection uses the same remote port (25) and the same
local one (local port numbers get reused too, but that tends to
have a longer cycle).

Wietse

Re: Fixing a SASL AUTH Problem

[Graham Leggett]

Rich Shepard wrote:


  I just ran testsaslauthd for my wife's account from the server:

[EMAIL PROTECTED] ~]# testsaslauthd -u pamela -p 
0: OK "Success."


You're testing this while running as root - you need to test this 
running as the system user that ultimately will be used to run postfix.


Regards,
Graham
--


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Question about log messages and connection caching

[Per Jessen]

Wietse Venema wrote:

>> Whilst on the subject of connection caching, I assume postfix will
>> (have
>> to) do a RSET between each reuse of a connection?  (just a sanity
>> check on my part).
> 
> Of course. See http://www.postfix.org/CONNECTION_CACHE_README.html
> 
> Wietse

One more question then - by default the smtp client uses caching - do I
need to explicitly enable caching for differently named transports that
also use the smtp client?  I.e. if I had a transport named 'klop', do I
need klop_connection_cache_on_demand = yes ?


/Per Jessen, Zürich

Re: New to PF, IO bound query

[mouss]

Eddie b wrote:

[snip]
I know I can configure it the way I want writing perl scripts to split off,
using say the first and then second chars of users login name using
postfix's internal virtual, but using dovecot gives me greater flexibility


dovecot LDA is useful if you want to use its sieve features.


which I'd like to use ( most of the howto's also recommend using dovecots
LDA,, but all searches on that point to only  /blah/domain/login , which
brings me back to my 90K in one directory problem.



you talked about mysql, no?

select concat('/var/Mail/', %d, '/' , substring(%u, 1, 1), '/', 
substring(%u, '1', '2'), '/', %u, '/maildir/');

This will set the mailbox of [EMAIL PROTECTED] to
/var/Mail/example.com/f/fo/foobar/maildir/

you can use this query directly, or create a view to use it. You can 
also trade storage for performance by storing the value in a table at 
insert time. you can do this with a mysql trigger if you prefer mysql 
code, or you can do it with an external script.





This is why I postred here, hoping a mail admin with this many users in one
domain and using dovecot has found away to break this up, or perhaps none of
then have and have had to rely on postfix's virtual LDA instead, or would
comment on what they found works best.

Ed

Re: Creating a dummy filter

[mouss]

Stefan Palme wrote:

On Fri, 2008-08-29 at 09:39 -1000, Camron W. Fox wrote:

Noel Jones wrote:

Camron W. Fox wrote:

Alle,

We would like to filter all internal email so that it bypasses 
SpamAssassin. We have set up per_client_filters using:


smtpd_client_restrictions =
check_client_access cidr:/etc/postfix/per_client_filter

== per_client_filter:
0.0.0.0/0FILTER spamassassin:
10.0.0.0/8FILTER dummy:
...

Note that order matters in a cidr: table.  First match wins; everything 
matches 0.0.0.0/0.  Put the catchall last, more specific entries earlier.

http://www.postfix.org/cidr_table.5.html

The spamassasin filter works fine, but how do we create a dummy 
filter that just does a bypass of all the internal emails?


Why send them through a filter at all if you don't want them filtered?  
Use DUNNO as the table result.


10.0.0.0/8  DUNNO
0.0.0.0/0  FILTER...


Noel,

So this will accomplish what we want?

10.0.0.0/0  DUNNO
0.0.0.0/0   FILTER  spamassassin:



Maybe not exactly. We have a similar setup. The problem here is,
that mails handed out to spamassassin (in our case its amavisd-new)
is reinjected by amavisd-new to postfix via localhost:10025. All
mails bypassing amavisd-new must be "manually" reinjected to port
10025 to accomplish address rewriting etc. (all the stuff that is
done AFTER content filtering).



my guess is that he reinjects mail with the sendmail command, which is 
unfiltered (-o content_filter= under the pickup service). If so, DUNNO 
is what he wants.



So your setup would look like this:

10.0.0.0/0 FILTER smtp:[127.0.0.1]:10025


Note that this is also needed if rewrite is disabled before the filter.


0.0.0.0/0  FILTER spamassassin:


I wouldn't call this "spamassassin". for one, amavisd-new has other 
functionalities. and it may be confused for a script that runs SA (spamc 
 or whatever) when talking with other people (such as when talking here).

Re: Reject Based On Senders Email Address

[mouss]

Magnus Bäck wrote:

On Friday, August 29, 2008 at 20:15 CEST,
 [EMAIL PROTECTED] wrote:


Do not start new topics by replying to old messages in old and
unrelated threads. Do use the "compose new message" feature of
your MUA.

By the way, how did you catch this?


Decent MUAs display the threads as trees instead of just showing all
messages in a linear list. Your message showed up in the middle of
someone else's tree.



and the MUAs know because the message contains

In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
 <[EMAIL PROTECTED]>

Re: newbie postfix user

[mouss]

gishaust wrote:

hi everyone,

I have been working on putting postfix email server on unbuntu 8.04 
server and after a very steep learn curve think I am ready to go online. 
But I don't know if it is secure so below is what i have done. I need to 
know if I have missed anything. So does anyone have  anything I really 
need to look out for.


I have created a virtual email server with the following programs
ubuntu server, dovecot, mysql backend,Postfix , 
Apache,  PHP,  
Postfixadmin,   Squirrelmail, 
 Amavisd-new, 
 Spamassassin. 





I don't see clamav. And as Sahild said, all this stuff needs to be 
secured. make sure to read about internet security. (start by 
configuring iptables to only allow access to ports that need to be open, 
and only for the addresses that need to access them).




my main.cf looks like this,

myhostname = mta


no, use an fqdn hostname. set it manually:
myhostname = mta.rbc.com


alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mta.rbc.com, mta, localhost.localdomain, localhost


remove "mta" from this list.


relayhost =


This is the default. remove it.



mynetworks = 127.0.0.0/8, 192.168.1.2/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

# Virtual Mailbox Domain Settings

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_limit = 5120
virtual_minimum_uid = 5000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_transport = dovecot

# Additional for quota support

virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = 
mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the your maildir has overdrawn 
your diskspace quota, please free up some of spaces of your mailbox try 
again.

virtual_overquota_bounce = yes


$ postconf virtual_mailbox_limit_maps
postconf: warning: virtual_mailbox_limit_maps: unknown parameter

The VDA patch is not supported. use at your own risks.




dovecot_destination_recipient_limit = 1
content_filter = smtp-amavis:[127.0.0.1]:10024

Re: Question about log messages and connection caching

[Wietse Venema]

Per Jessen:
[ Charset UTF-8 unsupported, converting... ]
> Wietse Venema wrote:
> 
> >> Whilst on the subject of connection caching, I assume postfix will
> >> (have
> >> to) do a RSET between each reuse of a connection?  (just a sanity
> >> check on my part).
> > 
> > Of course. See http://www.postfix.org/CONNECTION_CACHE_README.html
> > 
> > Wietse
> 
> One more question then - by default the smtp client uses caching - do I
> need to explicitly enable caching for differently named transports that
> also use the smtp client?  I.e. if I had a transport named 'klop', do I
> need klop_connection_cache_on_demand = yes ?

All parameters are documented.

The queue manager provides "there is more mail" hints regardless
of the transport name.

All delivery agents except smtp/lmtp ignore these hints, regardless
of the transport name.

Wietse

Redundant postfix MX's

[Matthew Crowe]

Hi,

Running 2 servers, different locations geographically.  I'd like to have 
them both store emails for a domain locally, and transfer them between 
each other.  The virtual_alias_maps/domains are stored in a mysql db 
thats already being replicated.  Mainly I just need a configuration that 
if email comes into server 1, it gets stored locally, and send off to 
server 2, then stored locally on server 2.


I have thought about running rsync and just keeping the Mailbox 
directories sync'd, but then there's a time delay.


Configuration on the 2 servers are pretty much identical.  I just want 
email to be stored both places for complete redundancy.


Any ideas?

Thanks.

Re: Redundant postfix MX's

[Wietse Venema]

Matthew Crowe:
[ Charset ISO-8859-1 unsupported, converting... ]
> Hi,
> 
> Running 2 servers, different locations geographically.  I'd like to have 
> them both store emails for a domain locally, and transfer them between 
> each other.  The virtual_alias_maps/domains are stored in a mysql db 
> thats already being replicated.  Mainly I just need a configuration that 
> if email comes into server 1, it gets stored locally, and send off to 
> server 2, then stored locally on server 2.
> 
> I have thought about running rsync and just keeping the Mailbox 
> directories sync'd, but then there's a time delay.

Not only that, there is a consistency problem. When a user deletes
mail it re-appears after rsync has run.

> Configuration on the 2 servers are pretty much identical.  I just want 
> email to be stored both places for complete redundancy.
> 
> Any ideas?

/etc/postfix/main.cf
virtual_alias_maps = hash:/etc/postfix/virtual

/etc/postfix/virtual:
[EMAIL PROTECTED]   [EMAIL PROTECTED], [EMAIL PROTECTED]

Translation into LDAP/SQL is up to the reader.

Wietse

quarantine utility ?

[Pierre Malard]

Hi,

I have a postfix+amavisd-new+spamassassin+clamav mail server which is  
configured to store virus mail on a quarantine folder as standard  
configuration. Ok, it's a good way but I have just a few questions  
about quarantine strategy :


How end-users can manage their quaratined message without login on our  
mail server ?
All my search show private solutions (PuerMessage, ...) Is their a  
free open source solution? I'm working on a poor research institute  
and we are looking open source solution we can manage free.


What is the utility of quarantine strategy if only administrators can  
see them ? A better way should be erasing them.


My apologies for my poor english speaking. I'm a just a froggy men.


   |\  _,,,---,,_
   /,`.-'`'-.  ;-;;,_
  |,4-  ) )-,_. ,\ (  `'-'
 '---''(_/--'  `-'\_)

M Pierre Malard
Frouzet
34380 SAINT MARTIN DE LONDRES
France

tel: +33 677 56 26 51

Re: quarantine utility ?

[mouss]

Pierre Malard wrote:

Hi,

I have a postfix+amavisd-new+spamassassin+clamav mail server which is 
configured to store virus mail on a quarantine folder as standard 
configuration. Ok, it's a good way but I have just a few questions about 
quarantine strategy :


How end-users can manage their quaratined message without login on our 
mail server ?


The amavisd mailing-list is a better place.
https://lists.sourceforge.net/lists/listinfo/amavis-user

you can take a look at
http://www.ijs.si/software/amavisd/#contrib
in particular MailZu and Maia Mailguard.

All my search show private solutions (PuerMessage, ...) Is their a free 
open source solution? I'm working on a poor research institute and we 
are looking open source solution we can manage free.


What is the utility of quarantine strategy if only administrators can 
see them ? A better way should be erasing them.




people can develop tools to manage the quarantine. I personally don't 
use the quanrantine for spam. spam is delivered to a Junk folder 
accessible via imap or webmail (sometimes with pop by creating a 
specific account).



My apologies for my poor english speaking. I'm a just a froggy men.



pas d'insulte, s'il te plait :)



   |\  _,,,---,,_
   /,`.-'`'-.  ;-;;,_
  |,4-  ) )-,_. ,\ (  `'-'
 '---''(_/--'  `-'\_)

M Pierre Malard
Frouzet
34380 SAINT MARTIN DE LONDRES
France

tel: +33 677 56 26 51

Re: Fixing a SASL AUTH Problem

[Rich Shepard]

On Sat, 30 Aug 2008, Graham Leggett wrote:


You're testing this while running as root - you need to test this running
as the system user that ultimately will be used to run postfix.


Graham, Wietse, Noel, mouss:

  I turned off SASL authorization and returned to the status we had for
years. Since the only affected user is my wife, and she works on only the
local network, my trying to learn where cyrus-sasl was misconfigured was not
worth everyone's time.

  If I was running the MTA for more than the two users here it would make
sense, but I'm not doing that. Perhaps one day when I have more time and
want to learn where I erred I'll try again in a more systematic way.

Thank you all for your time and patience,

Rich

Re: [OT] Replacing Postfix servers

[Sahil Tandon]

Stefan Jakobs <[EMAIL PROTECTED]> wrote:

> 3) Keep the actual server organisation: 4 servers with postfix, 
> amavisd, spamassassin, clamav.
> Advantage: Known configuration, easy to extend
> Disadvantage: problem with loadbalancing

Would you describe the problem you're having with load balancing?  We've 
had luck balancing load at the firewall (using the round-robin feature in 
OpenBSD PF) instead of with multiple A records for a MX hostname (your 
current setup).

-- 
Sahil Tandon <[EMAIL PROTECTED]>

Safe to delete old emails in defer directory?

[Francisco Reyes]

I have searched the web for the difference between defer and deferred 
without any luck.


I have several machines with different versions of postfix that have old 
emails in the defer directory. Are those old emails safe to delete? One 
machine has files in that directory over a year old and the others have 
emails that are 6+ month old. 

Re: New to PF, IO bound query

[Eddie b]

On Sun, Aug 31, 2008 at 2:48 AM, mouss <[EMAIL PROTECTED]> wrote:

>
> dovecot LDA is useful if you want to use its sieve features.
>

Yes we are hoping to , so we can move spam to a junk folder for them and so
on.


>
>
> select concat('/var/Mail/', %d, '/' , substring(%u, 1, 1), '/',
>substring(%u, '1', '2'), '/', %u, '/maildir/');
>
>
It doesnt help with dovecot though, as DC's LDA processes what and where and
only understands maildir:/some/path/domain/user (AFAIK) so your above
example would work with postfix's internal virtual but not (AFAIK) with DC.

 Ed

Re: Safe to delete old emails in defer directory?

[Wietse Venema]

Francisco Reyes:
> I have searched the web for the difference between defer and deferred 
> without any luck.

When everything fails, read the documentation.

If you type "defer" into the search window at http://www.postfix.org/,
the defer directory is explained in the first paragraph of the
first hit. It's used for delivery status logfiles.

In Postfix documentation, "deferred queue" is linked everywhere to
http://www.postfix.org/QSHAPE_README.html#deferred_queue.

Wietse

> I have several machines with different versions of postfix that have old 
> emails in the defer directory. Are those old emails safe to delete? One 
> machine has files in that directory over a year old and the others have 
> emails that are 6+ month old. 
> 
> 

Re: New to PF, IO bound query

[mouss]

Eddie b wrote:

On Sun, Aug 31, 2008 at 2:48 AM, mouss <[EMAIL PROTECTED]> wrote:


dovecot LDA is useful if you want to use its sieve features.



Yes we are hoping to , so we can move spam to a junk folder for them and so
on.




select concat('/var/Mail/', %d, '/' , substring(%u, 1, 1), '/',
   substring(%u, '1', '2'), '/', %u, '/maildir/');



It doesnt help with dovecot though, as DC's LDA processes what and where and
only understands maildir:/some/path/domain/user (AFAIK) so your above
example would work with postfix's internal virtual but not (AFAIK) with DC.




come on. that was an example. dovecot wants a string and mysql can 
generate a string. concat('maildir:...', ...).

Re: postfix-policyd-spf

[mouss]

LuKreme wrote:

On 21-Aug-2008, at 11:26, mouss wrote:


Erm... at least that was in postfix22, not sure if it's in 2.5.x



That's the third-party spf patch.  It's still available in the ports.


I don't see it. must be an old ports tree?
# cd /usr/ports/mail/postfix; make config

Options for postfix 2.5.1_2,1


As I said, that was 2.2 where I saw it.


And why are you using that?