"queue file write error" - How do I troubleshoot?

[Vidar Salberg Normann]

Hi guys,

I just got the following email from our Postfix-server:
Subject: Postfix SMTP server: errors from unknown[**]
Body:
Transcript of session follows.

 Out: 220  NO UCE ESMTP
 In:  EHLO ***
 Out: 250-***
 Out: 250-PIPELINING
 Out: 250-SIZE 65536000
 Out: 250-ETRN
 Out: 250-STARTTLS
 Out: 250-AUTH PLAIN
 Out: 250-AUTH=PLAIN
 Out: 250-ENHANCEDSTATUSCODES
 Out: 250-8BITMIME
 Out: 250 DSN
 In:  MAIL FROM: <***>
 Out: 250 2.1.0 Ok
 In:  RCPT TO: <>
 Out: 250 2.1.5 Ok
 In:  DATA
 Out: 354 End data with .
 Out: 451 4.3.0 Error: queue file write error
 In:  QUIT
 Out: 221 2.0.0 Bye


The asterisks are mine, I've just removed the IP-adresses, servernames and
email-adresses. I've had a hard time finding info about what might give this
error, any ideas?

Best regards,
Vidar

Re: "queue file write error" - How do I troubleshoot?

[Ralf Hildebrandt]

* Vidar Salberg Normann <[EMAIL PROTECTED]>:

> The asterisks are mine, I've just removed the IP-adresses, servernames and
> email-adresses. I've had a hard time finding info about what might give this
> error, any ideas?

Look at your log!

-- 
Ralf Hildebrandt ([EMAIL PROTECTED])  [EMAIL PROTECTED]
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de  I'm looking for a job
To rephrase, spam is not the answer. Spam is the question. Death is
not the answer, but pretty close to it. 

Postfix multiple recipients

[Blaise]

Hi,

I'm configuring a new mail server using Postfix + ldap. The LDAP schema 
contains two attributes for mails: mail= + maildrop=.

Everything is working well when i send a mail to a user.
In the documentation i can see that several users may have the same 
email address. Example:


User 1:
maildrop:user1
mail:user1
mail:common

User 2:
maildrop:user2
mail:user2
mail:common

If I try postmap -q common ldap:/etc/postfix/ldap-users.cf i get:
user1/Maildir,user2/Maildir

This should be OK. But when delivering a mail, it's stored in 
/home/vmail/user1/Maildir/,user/Maildir instead of being sent to both 
users.

Any idea of what i've done wrong ?

Thanks a lot !

Re: "queue file write error" - How do I troubleshoot?

[Wietse Venema]

Vidar Salberg Normann:
> The asterisks are mine, I've just removed the IP-adresses, servernames and
> email-adresses. I've had a hard time finding info about what might give this
> error, any ideas?

http://www.postfix.org/DEBUG_README.html#logging

Look for obvious signs of trouble

Postfix logs all failed and successful deliveries to a logfile. The file is
usually called /var/log/maillog or /var/log/mail; the exact pathname is defined
in the /etc/syslog.conf file.

When Postfix does not receive or deliver mail, the first order of business is
to look for errors that prevent Postfix from working properly:

% egrep '(warning|error|fatal|panic):' /some/log/file | more

Note: the most important message is near the BEGINNING of the output. Error
messages that come later are less useful.

The nature of each problem is indicated as follows:

  * "panic" indicates a problem in the software itself that only a programmer
can fix. Postfix cannot proceed until this is fixed.

  * "fatal" is the result of missing files, incorrect permissions, incorrect
configuration file settings that you can fix. Postfix cannot proceed until
this is fixed.

  * "error" reports an error condition. For safety reasons, a Postfix process
will terminate when more than 13 of these happen.

  * "warning" indicates a non-fatal error. These are problems that you may not
be able to fix (such as a broken DNS server elsewhere on the network) but
may also indicate local configuration errors that could become a problem
later.

Re: Postfix multiple recipients

[Victor Duchovni]

On Tue, Sep 09, 2008 at 11:35:31AM +0200, Blaise wrote:

> Hi,
> 
> I'm configuring a new mail server using Postfix + ldap. The LDAP schema 
> contains two attributes for mails: mail= + maildrop=.
> Everything is working well when i send a mail to a user.
> In the documentation i can see that several users may have the same 
> email address. Example:
> 
> User 1:
> maildrop:user1
> mail:user1
> mail:common
> 
> User 2:
> maildrop:user2
> mail:user2
> mail:common
> 
> If I try postmap -q common ldap:/etc/postfix/ldap-users.cf i get:
> user1/Maildir,user2/Maildir
> 
> This should be OK. But when delivering a mail, it's stored in 
> /home/vmail/user1/Maildir/,user/Maildir instead of being sent to both 
> users.
> Any idea of what i've done wrong ?

Don't confuse virtual_mailbox_maps, which locates a user's mailbox in
the file-system and must be 1-to-1 with virtual_alias_maps which maps
recipient addresses to recipient addresses and can be one to many.

Feel free to rewrite input mail addresses to multiple recipient addresses
in virtual(5) or aliases(5). Once that's done, the resulting addresses
must reach resolve to EXACTLY ONE mailbox.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Postfix multiple recipients

[Blaise Hurtlin]

hmm, oki ! Tnx a lot, it works well now !

Victor Duchovni wrote:

On Tue, Sep 09, 2008 at 11:35:31AM +0200, Blaise wrote:


Hi,

I'm configuring a new mail server using Postfix + ldap. The LDAP schema 
contains two attributes for mails: mail= + maildrop=.

Everything is working well when i send a mail to a user.
In the documentation i can see that several users may have the same 
email address. Example:


User 1:
maildrop:user1
mail:user1
mail:common

User 2:
maildrop:user2
mail:user2
mail:common

If I try postmap -q common ldap:/etc/postfix/ldap-users.cf i get:
user1/Maildir,user2/Maildir

This should be OK. But when delivering a mail, it's stored in 
/home/vmail/user1/Maildir/,user/Maildir instead of being sent to both 
users.

Any idea of what i've done wrong ?


Don't confuse virtual_mailbox_maps, which locates a user's mailbox in
the file-system and must be 1-to-1 with virtual_alias_maps which maps
recipient addresses to recipient addresses and can be one to many.

Feel free to rewrite input mail addresses to multiple recipient addresses
in virtual(5) or aliases(5). Once that's done, the resulting addresses
must reach resolve to EXACTLY ONE mailbox.

postfix accepting mail for juno.com

[Jason Noble]

I cant figure out why my postfix is accepting mail for juno.com. Its
only doing this for users on the local network trying to send to
juno.com.
I dont see juno.com in any config files, its not in mydestination.

If I run "dig mx juno.com" from the server it comes up with the correct
real-world IPs so its not a DNS problem.

I have smtpd running with the "-v" option and I still cant see why its
doing this.

Even this gets no hits:
find / -type f -name "*"|grep "juno.com"

Where else should I look?


-- 
This email was Anti Virus checked by Astaro Security Gateway. 
http://www.astaro.com

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for 
the sole use of the intended recipient(s) and may contain information that is 
confidential or proprietary to PoleZero Corp. Any unauthorized review, use, 
disclosure or distribution is prohibited. If you are not the intended 
recipient, immediately contact the sender by reply e-mail and destroy all 
copies of the original message.

Re: postfix accepting mail for juno.com

[mouss]

Jason Noble wrote:

I cant figure out why my postfix is accepting mail for juno.com. Its
only doing this for users on the local network trying to send to
juno.com.
I dont see juno.com in any config files, its not in mydestination.

If I run "dig mx juno.com" from the server it comes up with the correct
real-world IPs so its not a DNS problem.

I have smtpd running with the "-v" option and I still cant see why its
doing this.

Even this gets no hits:
find / -type f -name "*"|grep "juno.com"

Where else should I look?




- start by showing output of 'postconf -n'.
- show logs: these should show postfix accepting and delivering or 
bouncing mail.

Re: postfix accepting mail for juno.com

[Ralf Hildebrandt]

* Jason Noble <[EMAIL PROTECTED]>:
> I cant figure out why my postfix is accepting mail for juno.com. Its
> only doing this for users on the local network trying to send to
> juno.com.
> I dont see juno.com in any config files, its not in mydestination.
> 
> If I run "dig mx juno.com" from the server it comes up with the correct
> real-world IPs so its not a DNS problem.
> 
> I have smtpd running with the "-v" option and I still cant see why its
> doing this.
> 
> Even this gets no hits:
> find / -type f -name "*"|grep "juno.com"
> 
> Where else should I look?

Show some logs :)

-- 
Ralf Hildebrandt ([EMAIL PROTECTED])  [EMAIL PROTECTED]
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de  I'm looking for a job
I'm not insane, just an ISP. 
Although people may consider that to be a mark of an insane person!

Re: postfix/dovecot lda assistance

[Brian Evans - Postfix List]

Scott Sharkey wrote:
> Hi Brian,
>
> I'm editing this to make it a bit shorter.
>
> Brian Evans - Postfix List wrote:
>> Scott Sharkey wrote:
>>> Brian Evans - Postfix List wrote:
 Scott Sharkey wrote:
>
 We need your 'postconf -n' to give more hints about a correct setup.
 (with virtual_ maps explained too)
>>> see below:
>>> local_recipient_maps = $virtual_mailbox_maps,
>>> $virtual_alias_maps,$alias_maps,
>>> hash:/etc/postfix/relay_recipient_map
>
> dropped the relay_recipient map, but questions remain (see below)

You should not need the $virtual_ either.  If you want to disable
lookups in /etc/passwd, use just $alias_maps to pull in your list maps
you mentioned.
Virtual maps are checked automatically if the recipient domain is listed
as virtual_(alias|mailbox)_domains.

Beware to include things like root (or other service names that receive
mail) in one of the maps or important things like services (e.g. cron)
will not be able to notify you.
>
>>> local_transport = dovecot
>
> put this back to local for the list domains (which are the only local
> mail accounts).
>
>>> myhostname = mail.linuxunlimited.com
>>> mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
>>>
>>> relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domain_map.cf 
>> relay_domains with no relay_recipient_maps parameter? This is not the
>> best way to handle this.
>
> What is? -- I have no way to determine the actual users on the relay
> domain... I'm not actually using any relay domains, now that I've
> moved the mailman lists to local...  But theoretically, I could
> be a backup MX for someone. How do I create/manage a list of
> THEIR recipients...  I was under the impression that I would NOT,
> just accept all and deliver to them, but I can see the flaw in
> that plan...  Not planning on using this, at least not right now,
> so I may just turn it off (came with postfixadmin setup)

relay_domains is for remote systems you trust and are the MX  for.
If you do not keep a relay_recipient_maps listing, you could be a
Backscatter source.

If you cannot get a list of users, use a check_recipient_access map that
returns reject_unverified_recipient for domains that you control.
It is bad practice to set reject_unverified_recipient globally.
>>> transport_maps = proxy:mysql:/etc/postfix/mysql_transport_map.cf
>> Is this trip really necessary?
>
> Not sure... I have dovecot, local, vacation, and potentially relay
> transports, loaded via postfixadmin/mysql.  The dovecot domains are
> virtual, the mail list domains local, vacation and relay are
> special cases.  How do I set the "default" transport to dovecot?
>

The default transport is the one in main.cf for that class (local,
virtual) that the domain belongs to (mydestination, virtual_mumble_domains).
ex. virtual_transport, local_transport

A transport_maps entry is not required when you don't need to change the
default, but it only hurts if it's incorrect in the map.

Brian

Re: postfix/dovecot lda assistance

[Victor Duchovni]

On Tue, Sep 09, 2008 at 10:28:13AM -0400, Brian Evans - Postfix List wrote:

> >>> local_recipient_maps = $virtual_mailbox_maps,
> >>> $virtual_alias_maps,$alias_maps,
> >>> hash:/etc/postfix/relay_recipient_map
> >
> > dropped the relay_recipient map, but questions remain (see below)
> 
> You should not need the $virtual_ either.  If you want to disable
> lookups in /etc/passwd, use just $alias_maps to pull in your list maps
> you mentioned.
> Virtual maps are checked automatically if the recipient domain is listed
> as virtual_(alias|mailbox)_domains.

No, *canonical_maps and virtual_alias_maps are checked unconditionally.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: postfix accepting mail for juno.com

[Jason Noble]

On Tue, 2008-09-09 at 15:38 +0200, Ralf Hildebrandt wrote:
> * Jason Noble <[EMAIL PROTECTED]>:
> > I cant figure out why my postfix is accepting mail for juno.com. Its
> > only doing this for users on the local network trying to send to
> > juno.com.
> > I dont see juno.com in any config files, its not in mydestination.
> > 
> > If I run "dig mx juno.com" from the server it comes up with the correct
> > real-world IPs so its not a DNS problem.
> > 
> > I have smtpd running with the "-v" option and I still cant see why its
> > doing this.
> > 
> > Even this gets no hits:
> > find / -type f -name "*"|grep "juno.com"
> > 
> > Where else should I look?
> 
> Show some logs :)
> 
Sep  9 09:44:53 mail postfix/smtpd[18617]: > paradox.pz.local[10.0.1.253]: 250 
Ok
Sep  9 09:44:53 mail postfix/smtpd[18617]: watchdog_pat: 0x8097310
Sep  9 09:44:53 mail postfix/smtpd[18617]: < paradox.pz.local[10.0.1.253]: RCPT 
TO:<[EMAIL PROTECTED]>
Sep  9 09:44:53 mail postfix/smtpd[18617]: extract_addr: input: <[EMAIL 
PROTECTED]>
Sep  9 09:44:53 mail postfix/smtpd[18617]: smtpd_check_addr: [EMAIL PROTECTED]
Sep  9 09:44:53 mail postfix/smtpd[18617]: send attr request = rewrite
Sep  9 09:44:53 mail postfix/smtpd[18617]: send attr rule = canonicalize
Sep  9 09:44:53 mail postfix/smtpd[18617]: send attr address = [EMAIL PROTECTED]
Sep  9 09:44:53 mail postfix/smtpd[18617]: private/rewrite socket: wanted 
attribute: address
Sep  9 09:44:53 mail postfix/smtpd[18617]: input attribute name: address
Sep  9 09:44:53 mail postfix/smtpd[18617]: input attribute value: [EMAIL 
PROTECTED]
Sep  9 09:44:53 mail postfix/smtpd[18617]: private/rewrite socket: wanted 
attribute: (list terminator)
Sep  9 09:44:53 mail postfix/smtpd[18617]: input attribute name: (end)
Sep  9 09:44:53 mail postfix/smtpd[18617]: rewrite_clnt: canonicalize: [EMAIL 
PROTECTED] -> [EMAIL PROTECTED]
Sep  9 09:44:53 mail postfix/smtpd[18617]: send attr request = resolve
Sep  9 09:44:53 mail postfix/smtpd[18617]: send attr address = [EMAIL PROTECTED]
Sep  9 09:44:53 mail postfix/smtpd[18617]: private/rewrite socket: wanted 
attribute: transport
Sep  9 09:44:53 mail postfix/smtpd[18617]: input attribute name: transport
Sep  9 09:44:53 mail postfix/smtpd[18617]: input attribute value: smtp
Sep  9 09:44:53 mail postfix/smtpd[18617]: private/rewrite socket: wanted 
attribute: nexthop
Sep  9 09:44:53 mail postfix/smtpd[18617]: input attribute name: nexthop
Sep  9 09:44:53 mail postfix/smtpd[18617]: input attribute value: juno.com
Sep  9 09:44:53 mail postfix/smtpd[18617]: private/rewrite socket: wanted 
attribute: recipient
Sep  9 09:44:53 mail postfix/smtpd[18617]: input attribute name: recipient
Sep  9 09:44:53 mail postfix/smtpd[18617]: input attribute value: [EMAIL 
PROTECTED]
Sep  9 09:44:53 mail postfix/smtpd[18617]: private/rewrite socket: wanted 
attribute: flags
Sep  9 09:44:53 mail postfix/smtpd[18617]: input attribute name: flags
Sep  9 09:44:53 mail postfix/smtpd[18617]: input attribute value: 4096
Sep  9 09:44:53 mail postfix/smtpd[18617]: private/rewrite socket: wanted 
attribute: (list terminator)
Sep  9 09:44:53 mail postfix/smtpd[18617]: input attribute name: (end)
Sep  9 09:44:53 mail postfix/smtpd[18617]: resolve_clnt: [EMAIL PROTECTED]' -> 
transp=`smtp' host=`juno.com' [EMAIL PROTECTED]' flags= class=default
Sep  9 09:44:53 mail postfix/smtpd[18617]: ctable_locate: install entry key 
[EMAIL PROTECTED]
Sep  9 09:44:53 mail postfix/smtpd[18617]: extract_addr: result: [EMAIL 
PROTECTED]
Sep  9 09:44:53 mail postfix/smtpd[18617]: >>> START Recipient address 
RESTRICTIONS <<<
Sep  9 09:44:53 mail postfix/smtpd[18617]: generic_checks: 
name=permit_mynetworks
Sep  9 09:44:53 mail postfix/smtpd[18617]: permit_mynetworks: paradox.pz.local 
10.0.1.253
Sep  9 09:44:53 mail postfix/smtpd[18617]: match_hostname: paradox.pz.local ~? 
127.0.0.0/8
Sep  9 09:44:53 mail postfix/smtpd[18617]: match_hostaddr: 10.0.1.253 ~? 
127.0.0.0/8
Sep  9 09:44:53 mail postfix/smtpd[18617]: match_hostname: paradox.pz.local ~? 
10.0.0.0/8
Sep  9 09:44:53 mail postfix/smtpd[18617]: match_hostaddr: 10.0.1.253 ~? 
10.0.0.0/8
Sep  9 09:44:53 mail postfix/smtpd[18617]: generic_checks: 
name=permit_mynetworks status=1
Sep  9 09:44:53 mail postfix/smtpd[18617]: >>> CHECKING RECIPIENT MAPS <<<
Sep  9 09:44:53 mail postfix/smtpd[18617]: ctable_locate: leave existing entry 
key [EMAIL PROTECTED]
Sep  9 09:44:53 mail postfix/smtpd[18617]: maps_find: recipient_canonical_maps: 
[EMAIL PROTECTED]: not found
Sep  9 09:44:53 mail postfix/smtpd[18617]: match_string: juno.com ~? 
polezero.com
Sep  9 09:44:53 mail postfix/smtpd[18617]: match_string: juno.com ~? 
mail.polezero.com
Sep  9 09:44:53 mail postfix/smtpd[18617]: match_string: juno.com ~? 
localhost.polezero.com
Sep  9 09:44:53 mail postfix/smtpd[18617]: match_string: juno.com ~? 
otrs.pz.local
Sep  9 09:44:53 mail postfix/smtpd[18617]: match_string: juno.com ~? 
paradox.pz.local
Sep  9 09:44:53 mail postfix/smtpd[18617]: match_string: juno.com ~? 
216

Re: postfix accepting mail for juno.com

[Victor Duchovni]

On Tue, Sep 09, 2008 at 10:35:30AM -0400, Jason Noble wrote:

> Sep  9 09:44:53 mail postfix/smtpd[18617]: < paradox.pz.local[10.0.1.253]: 
> RCPT TO:<[EMAIL PROTECTED]>

> mynetworks = 127.0.0.0/8, 10.0.0.0/8

> smtpd_recipient_restrictions = permit_mynetworks, ...

Any questions?

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: postfix accepting mail for juno.com

[Brian Evans - Postfix List]

Jason Noble wrote:
> On Tue, 2008-09-09 at 15:38 +0200, Ralf Hildebrandt wrote:
>   
>> * Jason Noble <[EMAIL PROTECTED]>:
>> 
>>> I cant figure out why my postfix is accepting mail for juno.com. Its
>>> only doing this for users on the local network trying to send to
>>> juno.com.
>>> I dont see juno.com in any config files, its not in mydestination.
>>>
>>> If I run "dig mx juno.com" from the server it comes up with the correct
>>> real-world IPs so its not a DNS problem.
>>>
>>> I have smtpd running with the "-v" option and I still cant see why its
>>> doing this.
>>>
>>> Even this gets no hits:
>>> find / -type f -name "*"|grep "juno.com"
>>>
>>> Where else should I look?
>>>   
>> Show some logs :)
>>
>> 
Turn off verbose logging in smtpd.  It wont help you besides fill up
your disk space faster in day-to-day and we'll ask for it if we need it.

You are sending to juno.com not receiving:

Sep  9 09:44:57 mail amavis[25002]: (25002-01) Passed, <[EMAIL PROTECTED]> -> 
<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>, Message-ID: <[EMAIL PROTECTED]>, Hits: 
-
Sep  9 09:44:57 mail postfix/smtp[18599]: ECBF224B9E: to=<[EMAIL PROTECTED]>, 
relay=127.0.0.1[127.0.0.1], delay=4, status=sent (250 2.6.0 Ok, id=25002-01, 
from MTA: 250 Ok: queued as 6B5E427186)


The start of the transaction may give you a clue where it came from.

Brian

Re: postfix accepting mail for juno.com

[Jason Noble]

I sent this message you see in the logs, it was a test message.

If I send to [EMAIL PROTECTED] I will receive it local, because this is a
user local to this server. It should not be accepting this message, it
should send it on to the real juno.com (which probably doesnt have a
nobleja user AFAIK)

On Tue, 2008-09-09 at 10:47 -0400, Brian Evans - Postfix List wrote:
> Jason Noble wrote:
> > On Tue, 2008-09-09 at 15:38 +0200, Ralf Hildebrandt wrote:
> >   
> >> * Jason Noble <[EMAIL PROTECTED]>:
> >> 
> >>> I cant figure out why my postfix is accepting mail for juno.com. Its
> >>> only doing this for users on the local network trying to send to
> >>> juno.com.
> >>> I dont see juno.com in any config files, its not in mydestination.
> >>>
> >>> If I run "dig mx juno.com" from the server it comes up with the correct
> >>> real-world IPs so its not a DNS problem.
> >>>
> >>> I have smtpd running with the "-v" option and I still cant see why its
> >>> doing this.
> >>>
> >>> Even this gets no hits:
> >>> find / -type f -name "*"|grep "juno.com"
> >>>
> >>> Where else should I look?
> >>>   
> >> Show some logs :)
> >>
> >> 
> Turn off verbose logging in smtpd.  It wont help you besides fill up
> your disk space faster in day-to-day and we'll ask for it if we need it.
> 
> You are sending to juno.com not receiving:
> 
> Sep  9 09:44:57 mail amavis[25002]: (25002-01) Passed, <[EMAIL PROTECTED]> -> 
> <[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>, Message-ID: <[EMAIL PROTECTED]>, 
> Hits: -
> Sep  9 09:44:57 mail postfix/smtp[18599]: ECBF224B9E: to=<[EMAIL PROTECTED]>, 
> relay=127.0.0.1[127.0.0.1], delay=4, status=sent (250 2.6.0 Ok, id=25002-01, 
> from MTA: 250 Ok: queued as 6B5E427186)
> 
> 
> The start of the transaction may give you a clue where it came from.
> 
> Brian

Re: Warning postsuper

[Eduardo Júnior]

Hi,


On Mon, Sep 1, 2008 at 12:10 PM, Eduardo Júnior <[EMAIL PROTECTED]> wrote:

>
> Hi,
>
>
> On Mon, Sep 1, 2008 at 10:21 AM, Ralf Hildebrandt <
> [EMAIL PROTECTED]> wrote:
>
>> * Eduardo Júnior <[EMAIL PROTECTED]>:
>> > Hi,
>> >
>> >
>> > my e-mail queue is growing and output of command mailq keeps growing.
>> Find out why.
>
>
>
> I think the problem is the following output the log:
>
>
> *Sep  1 11:14:01 server postfix/smtpd[27522]: NOQUEUE: reject: RCPT from
> mail.sender[200.17.147.5]: 450 4.7.1
>  <[EMAIL PROTECTED]>: Recipient address rejected: Greylisted,
> see http://isg.ee.ethz.ch/tools/postgrey/help/myVirtualDomain.html;
>  from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
> helo=
> *
> But for this example, the message was not delivered immediately and was
> generated log.
> But for another sender, this message was delivered without the log.
>
> But after a few minutes, the message that triggered this message of log
> arrived!
>
>
> Read [1] is sufficent?
>
>
>>
>> > When requeue messages from a domain with:
>>
>> Why do you requeue the messages - this is not going to make things
>> faster!
>
>
>
> thanks, I thought that with this delivery was faster
> mere deception.
>
>
> [1] - http://www.postfix.org/ADDRESS_CLASS_README.html
>



The problem was in the configs of postgrey.
So, the delivery of the messages delayed.

Read about postgrey + postfix in the postfix´s documentation and ajusted the
problem.

thanks.


-- 
Eduardo Júnior
GNU/Linux user #423272

:wq

Re: postfix accepting mail for juno.com

[Ralf Hildebrandt]

* Jason Noble <[EMAIL PROTECTED]>:

> best_mx_transport = local
WTF

-- 
Ralf Hildebrandt ([EMAIL PROTECTED])  [EMAIL PROTECTED]
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de  I'm looking for a job
10 Amendments: 279 Words
Declaration of Independence: 300 Words
EU-directive about the import of candy: 25.911 Words

Re: Never deliver outbound mail for a specified domain

[Andrea Gozzi]

On Sat, 2008-09-06 at 08:27 -0400, Wietse Venema wrote:
> Andrea Gozzi:
> > Hi all.
> > Some time ago I set up a spammers' trap in the way of a fake webmail
> > service where they can register for a "free account".
> > Up until now I was just saving their details (name,current email,ip,..)
> > in a database and never sending them the "account" login information.
> > Since many of the scammers that register are emailing me back with a
> > request for such data, I thought of giving it to them, but not allowing
> > their mail to be sent. 
> > Even better, all their mail should go to a local account so that I could
> > check for "419" messages and spread the word around.
> > 
> > To be clearer: I want to set up a domain, myfreemail.com, where the
> > spammers will have their accounts. They will be able to log-in with a
> > webmail client and receive correctly any email addressed to them (unless
> > caught by SA, but that's another story).
> > What they will not be able to do, is to send mail. Any email originating
> > from the webmail for myfreemail.com will have to be diverted to
> > [EMAIL PROTECTED] without telling the sender. To him everything will
> > look like it went well and the delivery was successful.
> > 
> > My question is: can I accomplish something like that with postfix (and
> > my current virtual domain setup)?
> 
> Depending on how your webmail injects mail into Postfix, and how
> it can be distinguished from other mail:
> man 5 access (see REDIRECT action)
> man 5 header_checks (see REDIRECT action)
> 
>   Wietse


It works, thanks.
I have one further question: how do I restrict access to postfix for any
user with @myfreemail.com account only from localhost (where the webmail
is running)?

Andrea

Re: Never deliver outbound mail for a specified domain

[Wietse Venema]

Andrea Gozzi:
> > > To be clearer: I want to set up a domain, myfreemail.com, where the
> > > spammers will have their accounts. They will be able to log-in with a
> > > webmail client and receive correctly any email addressed to them (unless
> > > caught by SA, but that's another story).
> > > What they will not be able to do, is to send mail. Any email originating
> > > from the webmail for myfreemail.com will have to be diverted to
> > > [EMAIL PROTECTED] without telling the sender. To him everything will
> > > look like it went well and the delivery was successful.
> > > 
> > > My question is: can I accomplish something like that with postfix (and
> > > my current virtual domain setup)?
> > 
> > Depending on how your webmail injects mail into Postfix, and how
> > it can be distinguished from other mail:
> > man 5 access (see REDIRECT action)
> > man 5 header_checks (see REDIRECT action)
> > 
> > Wietse
> 
> 
> It works, thanks.
> I have one further question: how do I restrict access to postfix for any
> user with @myfreemail.com account only from localhost (where the webmail
> is running)?

The answer depends on how your webmail injects mail into Postfix.

Wietse

Re: Never deliver outbound mail for a specified domain

[Andrea Gozzi]

On Tue, 2008-09-09 at 13:03 -0400, Wietse Venema wrote:
> > 
> > 
> > It works, thanks.
> > I have one further question: how do I restrict access to postfix for any
> > user with @myfreemail.com account only from localhost (where the webmail
> > is running)?
> 
> The answer depends on how your webmail injects mail into Postfix.
> 
>   Wietse

Via smtpd.

Andrea


ps: just as a curiosity, would it even be possible to restrict based on
IP if injected via sendmail?

Re: postfix accepting mail for juno.com

[Jason Noble]

best_mx_transport (default: empty)

Where the Postfix SMTP client should deliver mail when it
detects a "mail loops back to myself" error condition. This
happens when the local MTA is the best SMTP mail exchanger for a
destination not listed in $mydestination, $inet_interfaces,
$proxy_interfaces, $virtual_alias_domains, or
$virtual_mailbox_domains. By default, the Postfix SMTP client
returns such mail as undeliverable.

Specify, for example, "best_mx_transport = local" to pass the
mail from the Postfix SMTP client to the local(8) delivery
agent. You can specify any message delivery "transport" or
"transport:nexthop" that is defined in the master.cf file. See
the transport(5) manual page for the syntax and meaning of
"transport" or "transport:nexthop".

However, this feature is expensive because it ties up a Postfix
SMTP client process while the local(8) delivery agent is doing
its work. It is more efficient (for Postfix) to list all hosted
domains in a table or database.


On Tue, 2008-09-09 at 18:31 +0200, Ralf Hildebrandt wrote:
> * Jason Noble <[EMAIL PROTECTED]>:
> 
> > best_mx_transport = local
> WTF
> 

Re: postfix accepting mail for juno.com

[Jason Noble]

I commented it out and tried again, it didnt make a difference.

I cant think of any reason this server would think it should deliver
messages destine for juno.com locally.

On Tue, 2008-09-09 at 18:31 +0200, Ralf Hildebrandt wrote:
> * Jason Noble <[EMAIL PROTECTED]>:
> 
> > best_mx_transport = local
> WTF
> 

Re: Never deliver outbound mail for a specified domain

[Wietse Venema]

Andrea Gozzi:
> On Tue, 2008-09-09 at 13:03 -0400, Wietse Venema wrote:
> > > 
> > > 
> > > It works, thanks.
> > > I have one further question: how do I restrict access to postfix for any
> > > user with @myfreemail.com account only from localhost (where the webmail
> > > is running)?
> > 
> > The answer depends on how your webmail injects mail into Postfix.
> > 
> > Wietse
> 
> Via smtpd.

/etc/postfix/main.cf:
smtpd_sender_restrictions = 
check_client_access hash:/etc/postfix/client_access
check_sender_access hash:/etc/postfix/sender_access

/etc/postfix/client_access:
127.0.0.1   OK

/etc/postfix/sender_access:
myfreemail.com  REJECT restricted to localhost only

But your requested policy makes no sense.

Wietse

Re: postfix accepting mail for juno.com

[Victor Duchovni]

On Tue, Sep 09, 2008 at 01:13:50PM -0400, Jason Noble wrote:

> I commented it out and tried again, it didnt make a difference.
> 
> I cant think of any reason this server would think it should deliver
> messages destine for juno.com locally.
> 

Who said "juno.com" is the reason it is delivered locally. Your log
excerpt also had a 2nd message recipient, likely that 2nd recipient
triggers a "FILTER" action...

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied

[Chris Morley]

Dear all, With CentOS 5.2 i am trying to get Postfix working on Port 125 (or 
other it can be any port) such that ASSP can forward to that MTA instance for 
relaying, however i followed the Postfix tutorial on the ASSP wiki and i get 
the following error in /var/log/maillog: localhost postfix/master[1997]: fatal: 
bind 127.0.0.1 port 125: Permission denied As per the ASSP wiki 
http://www.asspsmtp.org/wiki/Debian_Linux_install_using_Postfix i left the 
settings for Postfix as the default but changed the port number to 125 (i did 
the following 'yum install postix', then made that single port 125 change 
only). This is with standard yum install postfix, i am unsure of the user under 
which the process is running but i had assumed yum had set that up for me. The 
postfix process is starting automatically, and i configure and change the 
settings and control postfix via '/etc/init.d/postfix restart'. Again these are 
defaults that yum installed. In addition, I believe it can run on the default 
port 25 without issue (checking maillog before i ran ASSP it was shown to work 
on port 25), however it needs to be run on an alternate port as ASSP will sit 
on port 25 as mentioned... trouble is any other port and it bombs out with 
security permission denied. Any ideas what i am doing wrong? Im pulling my hair 
out on this and im sure its a silly mistake. I appreciate this may well be a 
distro issue or some security setting i havent disabled, however if I can get 
any insight or pointers on fatal bind permission denied error it would be very 
much appreciated. Please find config files below. Many thanks Chris Postfix 
master process configuration file:## Postfix master process configuration file. 
 For details on the format# of the file, see the master(5) manual page 
(command: "man 5 master").## 
==# 
service type  private unpriv  chroot  wakeup  maxproc command + args#   
(yes)   (yes)   (yes)   (never) (100)# 
==125   
 inet  n   -   n   -   -   smtpd#submission inet n  
 -   n   -   -   smtpd#  -o smtpd_enforce_tls=yes#  -o 
smtpd_sasl_auth_enable=yes#  -o 
smtpd_client_restrictions=permit_sasl_authenticated,reject#smtps inet  n
   -   n   -   -   smtpd#  -o smtpd_tls_wrappermode=yes#  -o 
smtpd_sasl_auth_enable=yes#  -o 
smtpd_client_restrictions=permit_sasl_authenticated,reject#628  inet  n 
  -   n   -   -   qmqpdpickupfifo  n   -   n   
60  1   pickupcleanup   unix  n   -   n   -   0   
cleanupqmgr  fifo  n   -   n   300 1   qmgr#qmgr 
fifo  n   -   n   300 1   oqmgrtlsmgrunix  -   -
   n   1000?   1   tlsmgrrewrite   unix  -   -   n   -  
 -   trivial-rewritebounceunix  -   -   n   -   0   
bouncedefer unix  -   -   n   -   0   bouncetrace 
unix  -   -   n   -   0   bounceverifyunix  -   -   
n   -   1   verifyflush unix  n   -   n   1000? 
  0   flushproxymap  unix  -   -   n   -   -   
proxymapsmtp  unix  -   -   n   -   -   smtp# When 
relaying mail as backup MX, disable fallback_relay to avoid MX loopsrelay 
unix  -   -   n   -   -   smtp -o fallback_relay=#   -o 
smtp_helo_timeout=5 -o smtp_connect_timeout=5showq unix  n   -   n  
 -   -   showqerror unix  -   -   n   -   - 
  errordiscard   unix  -   -   n   -   -   discardlocal 
unix  -   n   n   -   -   localvirtual   unix  -   n
   n   -   -   virtuallmtp  unix  -   -   n   - 
  -   lmtpanvil unix  -   -   n   -   1   
anvilscache   unix - - n - 1 scache## 
# 
Interfaces to non-Postfix software. Be sure to examine the manual# pages of the 
non-Postfix software to find out what options it wants.## Many of the following 
services use the Postfix pipe(8) delivery# agent.  See the pipe(8) man page for 
information about ${recipient}# and other message envelope options.# 
## 
maildrop. See the Postfix MAILDROP_README file for details.# Also specify in 
main.cf: maildrop_destination_recipient_limit=1#maildrop  unix  -   n   
n   -   -   pipe  flags=DRhu user=vmail 
argv=/usr/local/bin/maildrop -d ${recipient}## The Cyrus deliver program has 
changed incompatibly, multiple times.#old-cyrus unix  -   n   n   - 
  -   pipe  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/d

Re: localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied

[Wietse Venema]

Chris Morley:
> Dear all, With CentOS 5.2 i am trying to get Postfix working on Port 125 (
>-or other it can be any port) such that ASSP can forward to that MTA instance
>- for relaying, however i followed the Postfix tutorial on the ASSP wiki and 
>-i get the following error in /var/log/maillog: localhost postfix/master[1997
>-]: fatal: bind 127.0.0.1 port 125: Permission denied As per the ASSP wiki ht

Kill off SeLinux, AppArmor, and so on.  Postfix warranty is voided by
such "security" "improvements".

Wietse

RE: localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied

[Chris Morley]

> > Dear all, With CentOS 5.2 i am trying to get Postfix working on Port 125 (> 
> > >-or other it can be any port) such that ASSP can forward to that MTA 
> > instance> >- for relaying, however i followed the Postfix tutorial on the 
> > ASSP wiki and > >-i get the following error in /var/log/maillog: localhost 
> > postfix/master[1997> >-]: fatal: bind 127.0.0.1 port 125: Permission denied 
> > As per the ASSP wiki ht> > Kill off SeLinux, AppArmor, and so on. Postfix 
> > warranty is voided by> such "security" "improvements".> > Wietse
Yes sir thank you very much for the reply, I will do this and report back.
 
Many thanks
 
Chris 
_
Make a mini you and download it into Windows Live Messenger
http://clk.atdmt.com/UKM/go/111354029/direct/01/

Re: postfix/dovecot lda assistance

[mouss]

Scott Sharkey wrote:

Hi Brian,

I'm editing this to make it a bit shorter.

Brian Evans - Postfix List wrote:

Scott Sharkey wrote:

Brian Evans - Postfix List wrote:

Scott Sharkey wrote:



We need your 'postconf -n' to give more hints about a correct setup.
(with virtual_ maps explained too)

see below:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases


Note: in a virtual setting, these are never referenced (for domains in


Actually, these are used for the lists.xxx.com domains, which are 
mailman-domains, that I am now putting through local.  No effect on the

dovecot or virtual domains though, I agree.  And alias_maps now has
hash:/var/lib/mailman/data/aliases as well. I was hoping to avoid
that using the python-to-mailman.py script, but the flaw in
that plan is that you still have to have a map somewhere with
the valid addresses, so it seems pointless. I've gone back to
marking these as local domains.



this is ok. I personally use virtual for mailman but I do have "helper" 
local domains (mostly localhost).



local_recipient_maps = $virtual_mailbox_maps, $virtual_alias_maps,
$alias_maps, hash:/etc/postfix/relay_recipient_map


dropped the relay_recipient map, but questions remain (see below)


no, drop evertything but $alias_maps. don't mix domain classes. 
local_recipient_maps is for users in mydestination.


besides, $virtual_alias_maps is never needed in any recipient map, 
because it is always used.





local_transport = dovecot


put this back to local for the list domains (which are the only local
mail accounts).



you'll have to read about domain classes
http://www.postfix.org/ADDRESS_CLASS_README.html
once you understand this, you'll have no problem playing the games you 
like.



mailbox_size_limit = 0
mime_header_checks = pcre:/etc/postfix/mime_header_checks
mydestination = $transport_maps


This does not look right to me.  Do NOT mix virtual and mydestination.
This should list mail domains that are local to the machine.
If you do not need it, use the default.  This will pick up things like
cron jobs and pass it to dovecot.


You are correct.  I've redefined this to 'localhost', $myhostname, and a
map of the "list" domains. (select domain where domain = %s and 
transport = 'local')



myhostname = mail.linuxunlimited.com
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128

relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domain_map.cf 

relay_domains with no relay_recipient_maps parameter? This is not the
best way to handle this.


What is? -- I have no way to determine the actual users on the relay
domain... I'm not actually using any relay domains, now that I've
moved the mailman lists to local...  But theoretically, I could
be a backup MX for someone. How do I create/manage a list of
THEIR recipients...  I was under the impression that I would NOT,
just accept all and deliver to them, but I can see the flaw in
that plan...  Not planning on using this, at least not right now,
so I may just turn it off (came with postfixadmin setup)



take a look at
http://www.postfix.org/BACKSCATTER_README.html
In the past, it was ok to queue a message and then bounce it because the 
recipient does not exist. This is no more acceptable (because there is 
no way to know whether the sender is not forged).



smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unauth_pipelining,
check_policy_service inet:127.0.0.1:10031,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_non_fqdn_hostname,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client sbl.spamhaus.org,
permit

dsbl is dead and gone,  you con combine the other lists into 1..
zen.spamhaus.org incorporates cbl.abuseat.org, njabl.org, sbl and also
their pbl. (recommended and saves DNS query resources)





njabl is not included in zen. only njabl proxy list is part of xbl 
(which is included in zen).


yeah, that was copied from an old mail server, and I haven't gotten 
around to updating this part yet... one step at a time!!! 

Fixed now.  I had read about zen, but had not dug into the details yet.


transport_maps = proxy:mysql:/etc/postfix/mysql_transport_map.cf

Is this trip really necessary?


Not sure... I have dovecot, local, vacation, and potentially relay
transports, loaded via postfixadmin/mysql.  The dovecot domains are
virtual, the mail list domains local, vacation and relay are
special cases.  How do I set the "default" transport to dovecot?



you should avoid using sql for transport_maps (as well as for domains 
lists). if you really want to manage transports via a UI that uses 
mysql, you can still dump the db to a cdb (or hash if you don't want to 
install cdb).



virtual_gid_maps 

Re: localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied

[mouss]

Chris Morley wrote:

[long and winding stuff]


Please use plain text. it's very hard to read what you wrote.


you probably have an selinux problem.

a workaround is to disable selinux ('setenforce permissive'. also check 
/etc/selinux/config).


If you want selinux, ask on centos lists how to setup a working policy. 
you probably have a policy for port 25, which you can adapt to other 
ports (it's not a very good idea to use port 125. if you want a "custom" 
port, use something > 1024. the 10xxx range is common on this list).

Re: Never deliver outbound mail for a specified domain

[mouss]

Andrea Gozzi wrote:

On Tue, 2008-09-09 at 13:03 -0400, Wietse Venema wrote:


It works, thanks.
I have one further question: how do I restrict access to postfix for any
user with @myfreemail.com account only from localhost (where the webmail
is running)?

The answer depends on how your webmail injects mail into Postfix.

Wietse


Via smtpd.

Andrea


ps: just as a curiosity, would it even be possible to restrict based on
IP if injected via sendmail?



sendmail doesn't use IP. do you mean something else?

Re: Never deliver outbound mail for a specified domain

[Andrea Gozzi]

On Tue, 2008-09-09 at 22:06 +0200, mouss wrote:
> Andrea Gozzi wrote:
> > On Tue, 2008-09-09 at 13:03 -0400, Wietse Venema wrote:
> >>>
> >>> It works, thanks.
> >>> I have one further question: how do I restrict access to postfix for any
> >>> user with @myfreemail.com account only from localhost (where the webmail
> >>> is running)?
> >> The answer depends on how your webmail injects mail into Postfix.
> >>
> >>Wietse
> > 
> > Via smtpd.
> > 
> > Andrea
> > 
> > 
> > ps: just as a curiosity, would it even be possible to restrict based on
> > IP if injected via sendmail?
> > 
> 
> sendmail doesn't use IP. do you mean something else?
> 
> 

Yeah that's what I was thinking. So a restriction based on the
originating network address only makes sense if injection is smtpd.

Andrea

Saving copies of email headers

[Kenneth Kalmer]

Hi all

I've spent a couple of hours Googling the topic before posting, and couldn't
find anything really useful yet.

I need a way to save copies of email headers for later analysis, not the
entire message. Is this possible out the box, with an addon, a separate
piece of software, or would I have to roll my own?

Kind regards

-- 
Kenneth Kalmer
[EMAIL PROTECTED]
http://opensourcery.co.za

Re: Saving copies of email headers

[Victor Duchovni]

On Tue, Sep 09, 2008 at 11:11:59PM +0200, Kenneth Kalmer wrote:

> Hi all
> 
> I've spent a couple of hours Googling the topic before posting, and couldn't
> find anything really useful yet.
> 
> I need a way to save copies of email headers for later analysis, not the
> entire message. Is this possible out the box, with an addon, a separate
> piece of software, or would I have to roll my own?

An SMTP content filter can save the headers to disk as it inspecis
each message. My approach is that multiple filter processes are active
at the same time, each saves its header traces to a file named:

/some/path/.MM.DD/

headers of multiple messages are separated by blamk lines. To avoid
merging messages after a crash, each header block is preceeded by
two new-line characters.

\n
\n
header11\n
header12\n
...
header1N\n
\n
\n
header21\n
header22\n
...
header2N\n

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Race in simplest after-queue content filter?

[Karl O. Pinc]

Hello,

I've written what I thought would be about the simplest possible after
queue content filter (appended), and it's behaving in ways I don't
expect.

The goal of the filter is to remove "Sender:" headers.  FWIW, these
are added by the Gnu Mailman mailing list processor and can cause
upset in sensitive users of the MS Outlook MUA.  See:
http://wiki.list.org/display/DOC/From+field+displayed+by+Microsoft+Outlook

I'm running Debian etch (4.0) with Mailman 1:2.1.9-7 and Postfix
2.3.8-2+etch1.   It's on an old slow box with not a lot of RAM.
The awk is mawk.

The filter is a simple awk script run by postfix's spawn, exactly as
recommended in FILTER_README for post-queue content filters.  It sends
stdin to stdout, except when it encounters a Sender: header which it
ignores.  The awk output is piped to nc for delivery to postfix's
smtpd, and nc also sends smtpd's output to stdout so spawn can send it
back to the postfix smtp process feeding the filter.

Nc terminates only when the smtpd process closes the network socket,
not when it receives eof on stdin.  This allows the last bit of nc's
stdin to be flushed through whatever buffering happens on the network
side.

What should happen, and what does happen a lot, is that the smtpd side
eventually receives a QUIT, responds with a 221, and closes the
connection.  (At least I assume that's what's happening.)  However,
sometimes, ps shows that the awk process has finished, is gone and
does not show, but the nc process is still running, and waiting for
smtpd to close it's side of the network socket.  I can't determine the
conditions that will cause nc to be left running.  In all cases the
mail is successfully delivered.

Offhand I can't think of a "regular" smtp protocol exchange that shuts
down the mail sending side of the network socket and leaves the mail
receiving side wanting to talk with the sending side, although this is
what seems to be happening.  I'm guessing that the postfix smtp side
sometimes shuts down early, after sending a SMTP QUIT, leaving the
smtpd side still trying to send the 221 response.  I can't think of
why it would do that, given that postfix is essentially talking to
itself.

The tests were all done by sending mail to the Mailman list address,
so I suppose it's possible that the condition occurs only when Mailman
bounces mail to the moderator or does something else that I just
wasn't noticing.

My solution is to use -q with nc, and tell it to quit 2 seconds (the
$DELAY value in the script) after receiving eof on stdin.  This gives
the network time to flush and keeps the number of running processes
down so that the total number of concurrent filters configured in
master.cf is not reached.  (Otherwise nc will wait for smtpd to reach
it's inactivity timeout and close the connection, a much longer
interval.)

I've a couple of questions.  First, what's going on?  Why doesn't
smtpd always finish it's SMTP session and gracefully close the network
socket?  Is this somehow indicative of a problem in postfix?  Second,
and perhaps most important, is 2 seconds enough?  Too much?  What's
the right value and why?

I'm also interested in hearing any comments on the script, (or why
what it does is a terrible idea, etc.)  (I already know removing
Sender: headers violates the RFC, but it seems a relatively harmless
violation that at worst would confuse the end-user.)

I'd like to see a canonical example of a very simple after-queue
filter script included in the postfix distribution and/or
documentation.  Perhaps my script could be a starting point.

Thank you.

-
#!/bin/sh
# /usr/local/sbin/mailman-filter
#
#Copyright (C) 2008 Karl O. Pinc <[EMAIL PROTECTED]>
#
#This program is free software: you can redistribute it and/or  
modify
#it under the terms of the GNU General Public License as published  
by

#the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#GNU General Public License for more details.
#
# Get rid of Sender: headers for mailman email lists
#
# Karl O. Pinc <[EMAIL PROTECTED]>
#
# September 8, 2008
#
# Syntax: mailman-filter host port
#
# Arguments:
# host  The host to send output
# port  The port to send to
#
# Remarks:
# Outlook mungs it's displayed From info to show that mail was
# sent via the Sender: header address.  This "fixes" the problem.
# See:
#  
http://wiki.list.org/display/DOC/From+field+displayed+by+Microsoft+Outlook

#
# Invoked by a postfix header check that sends only those emails
# to us that need the Sender header removed, so we can indiscriminately
# remove the header herein.
#
# Bugs:
#  Rate limited by the nc disconnect delay and the number of concurrent
# filter processes configured in master.cf, at

Re: Saving copies of email headers

[Karl O. Pinc]

On 09/09/2008 04:11:59 PM, Kenneth Kalmer wrote:

Hi all

I've spent a couple of hours Googling the topic before posting, and
couldn't
find anything really useful yet.

I need a way to save copies of email headers for later analysis, not
the
entire message. Is this possible out the box, with an addon, a
separate
piece of software, or would I have to roll my own?


To get started try using the content filter I just posted to the list
Subject:Race in simplest after-queue content filter?
but replace the awk part with tee in the fashion of:

{ tee -a /var/tmp/headers.log ; echo ; echo } \
 | nc -q $DELAY $host $port

(Double \n added per Victor Duchovni's recommendation.)

To eliminate concurrency problems you might want to be sure
that master.cf runs only 1 of these at any one time.

Of course YMMV, my script might be terrible.  It works
for me but I hope to make it better with assistance from
this list.

In the long run you might do better than a shell script.

Karl <[EMAIL PROTECTED]>
Free Software:  "You don't pay back, you pay forward."
 -- Robert A. Heinlein

Re: Saving copies of email headers

[Wietse Venema]

Kenneth Kalmer:
> Hi all
> 
> I've spent a couple of hours Googling the topic before posting, and couldn't
> find anything really useful yet.
> 
> I need a way to save copies of email headers for later analysis, not the
> entire message. Is this possible out the box, with an addon, a separate
> piece of software, or would I have to roll my own?

The solution is built into Postfix.

Give each message a BCC recipient, and route that recipient to
an archive file whose name is dated.

/etc/postfix/main.cf:
always_bcc = [EMAIL PROTECTED]
transport_maps = hash:/etc/postfix/transport
bcc_destination_concurrency_limit = 1
bcc_destination_recipient_limit = 1

/etc/postfix/transport:
[EMAIL PROTECTED]   bcc:

/etc/postfix/master.cf:
bcc  unix  -   n   n   -   1   pipe
flags=FR user=archive argv=/some/where/save_headers

/some/where/save_headers:
#!/bin/sh

outfile=`date +%Y%m%d`
(echo ""; echo ""; sed '/^$/q) >> /some/where/$outfile

Result is a file named after the date, with headers separated 
by two empty lines.

Wietse

Re: Race in simplest after-queue content filter?

[Wietse Venema]

Karl O. Pinc:
> What should happen, and what does happen a lot, is that the smtpd side
> eventually receives a QUIT, responds with a 221, and closes the
> connection.  (At least I assume that's what's happening.)  However,
> sometimes, ps shows that the awk process has finished, is gone and
> does not show, but the nc process is still running, and waiting for
> smtpd to close it's side of the network socket.  I can't determine the
> conditions that will cause nc to be left running.  In all cases the
> mail is successfully delivered.
> 
> Offhand I can't think of a "regular" smtp protocol exchange that shuts
> down the mail sending side of the network socket and leaves the mail
> receiving side wanting to talk with the sending side, although this is
> what seems to be happening.  I'm guessing that the postfix smtp side
> sometimes shuts down early, after sending a SMTP QUIT, leaving the
> smtpd side still trying to send the 221 response.  I can't think of
> why it would do that, given that postfix is essentially talking to
> itself.

Instead of guessing, run a network sniffer that captures the
packet content.

Wietse

Relay Gateway Delivery Temporarily Suspended

[Rob Becker]

I have a postfix relay that's currently having some issues with some
spam content that we are receiving.  Every hour or so we are receiving
300 - 600 messages with in a few seconds.  A lot of the email messages
have malformed TO addresses which is causing the recipient to fail (we
are assuming) processing.  This failure on the recipient side is
keeping the postfix connection open for the max of 10 minutes, which
then gets closed by postfix.  At that time all of the messages that
were attempted to be sent are deferred and attempted later.
Example:

Sep  9 14:00:34 cudubcorrel502 postfix/qmgr[3109]: 09B3331223:
to=, relay=none, delay=1, status=deferred (delivery temporarily
suspended: conversation with 10.35.76.48[10.35.76.48] timed out while
sending end of data -- message may be sent more than once)
Sep  9 14:00:34 cudubcorrel502 postfix/qmgr[3109]: 1752E31224:
to=, relay=none, delay=0, status=deferred (delivery temporarily
suspended: conversation with 10.35.76.48[10.35.76.48] timed out while
sending end of data -- message may be sent more than once)

Would it be a good idea to limit the initial_destination_concurrency
and default_destination_concurrency_limit in hopes of sending the
emails in smaller chunks?

We have been able to narrow down the spam messages to about 10
MAIL-FROM accounts which we could easily block, but for some reason we
are unable to block them.  I have placed the emails in the
common_spam_sendersdomain which seems to be over looked.  Why is that?

Example:

common_spam_sendersdomain:
[EMAIL PROTECTED]  REJECT
[EMAIL PROTECTED]  REJECT

#
# SMTP RESTRICTIONS
#
disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions =
  warn_if_reject, reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  permit_mynetworks,
  reject_unauth_destination,
  check_sender_access hash:/etc/postfix/common_spam_senderdomains,
  reject_unknown_sender_domain,
  check_recipient_access hash:/etc/postfix/roleaccount_exceptions,
  warn_if_reject, reject_invalid_hostname,
  warn_if_reject, reject_non_fqdn_hostname,
  warn_if_reject, check_helo_access hash:/etc/postfix/helo_access,
  check_client_access hash:/etc/postfix/client_access,
  permit

smtpd_data_restrictions =
  reject_unauth_pipelining,
  permit

I have also grabbed a few of the messages that are (I think causing
the issues).  If I do a 'strings' on the email I see the following:

[EMAIL PROTECTED]
client_name=n6-19.adsl.co.ruA
client_address=82.142.185.19A.message_origin=n6-19.adsl.co.ru[82.142.185.19]A
helo_name=n6-19.adsl.co.ruA
protocol_name=SMTPO
[EMAIL PROTECTED]
[EMAIL PROTECTED]
.
[EMAIL PROTECTED]
[EMAIL PROTECTED]"[EMAIL PROTECTED]"[EMAIL PROTECTED]


I'm assuming the above line is causing the issue on the destination
server as it can't process the email address correctly.  Can postfix
block all incorrect formed addresses?


Thanks a lot.

Rob Becker

Re: Relay Gateway Delivery Temporarily Suspended

[Wietse Venema]

Rob Becker:
[ Charset ISO-8859-1 unsupported, converting... ]
> I have a postfix relay that's currently having some issues with some
> spam content that we are receiving.  Every hour or so we are receiving
> 300 - 600 messages with in a few seconds.  A lot of the email messages
> have malformed TO addresses which is causing the recipient to fail (we
> are assuming) processing.  This failure on the recipient side is
> keeping the postfix connection open for the max of 10 minutes, which
> then gets closed by postfix.  At that time all of the messages that
> were attempted to be sent are deferred and attempted later.
> Example:

What piece of technology is the receiving end, what is deciding
that a recipient is bad, what does the SENDING Postfix log when
this recipient is bad, and why is the receiving end dropping the
TCP connection without properly finishing the SMTP protocol first?

> Sep  9 14:00:34 cudubcorrel502 postfix/qmgr[3109]: 09B3331223:
> to=, relay=none, delay=1, status=deferred (delivery temporarily
> suspended: conversation with 10.35.76.48[10.35.76.48] timed out while
> sending end of data -- message may be sent more than once)
> Sep  9 14:00:34 cudubcorrel502 postfix/qmgr[3109]: 1752E31224:
> to=, relay=none, delay=0, status=deferred (delivery temporarily
> suspended: conversation with 10.35.76.48[10.35.76.48] timed out while
> sending end of data -- message may be sent more than once)
> 
> Would it be a good idea to limit the initial_destination_concurrency
> and default_destination_concurrency_limit in hopes of sending the
> emails in smaller chunks?

Why is the receiving end dropping the TCP connection without
properly finishing the SMTP dialog?

> We have been able to narrow down the spam messages to about 10
> MAIL-FROM accounts which we could easily block, but for some reason we
> are unable to block them.  I have placed the emails in the
> common_spam_sendersdomain which seems to be over looked.  Why is that?
> 
> Example:
> 
> common_spam_sendersdomain:
> [EMAIL PROTECTED]  REJECT
> [EMAIL PROTECTED]  REJECT
> 
> #
> # SMTP RESTRICTIONS
> #
> disable_vrfy_command = yes
> smtpd_helo_required = yes
> smtpd_recipient_restrictions =
>   warn_if_reject, reject_non_fqdn_sender,
>   reject_non_fqdn_recipient,
>   reject_unknown_recipient_domain,
>   permit_mynetworks,
>   reject_unauth_destination,
>   check_sender_access hash:/etc/postfix/common_spam_senderdomains,
>   reject_unknown_sender_domain,
>   check_recipient_access hash:/etc/postfix/roleaccount_exceptions,
>   warn_if_reject, reject_invalid_hostname,
>   warn_if_reject, reject_non_fqdn_hostname,
>   warn_if_reject, check_helo_access hash:/etc/postfix/helo_access,
>   check_client_access hash:/etc/postfix/client_access,
>   permit
> 
> smtpd_data_restrictions =
>   reject_unauth_pipelining,
>   permit
> 
> I have also grabbed a few of the messages that are (I think causing
> the issues).  If I do a 'strings' on the email I see the following:
> 
> [EMAIL PROTECTED]
> client_name=n6-19.adsl.co.ruA
> client_address=82.142.185.19A.message_origin=n6-19.adsl.co.ru[82.142.185.19]A
> helo_name=n6-19.adsl.co.ruA
> protocol_name=SMTPO
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> .
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]"[EMAIL PROTECTED]"[EMAIL PROTECTED]
> 
> 
> I'm assuming the above line is causing the issue on the destination
> server as it can't process the email address correctly.  Can postfix
> block all incorrect formed addresses?

The above address is correctly formatted. The fact that it apparently
confuses some down-stream software notwithstanding.

If you don't like an address see the first example in "man regexp_table".

Wietse

Proposing postfix to mgmt as an Exchange replacement

[Rob Munsch]

Hello list,

As per the subject, I am about to pitch the idea of dumping Exchange and
moving to Postfix.  From what I can observe, the Calendar and Meeting
functions are used very little if at all.  We have roaming profiles (call
center area has no fixed seating and hectic scheduling).  Biggest use people
get out of Exchange is the sorting / folders and that's nothing T-bird can't
handle.

Ideally (laugh if you like):

I want to set up Postfix on a second box and transition transparently,
importing or converting anything and everything that can be imported or
converted.  I want to tell management about how they can do everything they
currently do on Exchange (i'll let them realize it's faster and less
annoying after it happens).  I need users to log in to any machine in the
building and get the same IMAP and customization they currently have (again,
roaming profiles and Thunderbird would handle this, right?  I've not banged
my head against this kind of thing in Windows much, but now seems a good
time to learn).  I want the general user population to notice as little as
possible before, during and after the change, except for clicking
Thunderbird (or whatever might be better) instead of Exchange to read their
mail.

What are selling points i can outline for said management?  Is this even a
good idea?  Realistic goal?  Something I shouldn't attempt unless I already
know how?

Anything you can share, or resources you can throw me at, would be greatly
appreciated.

Essentially this is coming about due to a "need this dun nao!" for a new
server that, it turns out, we have no windows server license for.  Rather
than coughing up the cash for Winserver 2k8 and the associated CALs (ouch),
i'd like to point out to the Director that we can do everything we use
exchange for, fer free.  We already have the hardware (new robust server a
database is going on, linux-based).  I hate trying to sell this kind of
thing when my impulse is to wave my arms around yelling "IT'S OBVIOUS!" :)

Thanks,
Rob

Re: Proposing postfix to mgmt as an Exchange replacement

[Adam Tauno Williams]

The below isn't meant to shoot down your idea, but I'm an Open Source
groupware developer and am very familiar with the Exchange-vs-XYZ
equation.

> As per the subject, I am about to pitch the idea of dumping Exchange
> and moving to Postfix.  From what I can observe, the Calendar and
> Meeting functions are used very little if at all.  We have roaming
> profiles (call center area has no fixed seating and hectic
> scheduling).  Biggest use people get out of Exchange is the sorting /
> folders and that's nothing T-bird can't handle.

Postfix is an SMTP MTA;  it isn't an IMAP/POP server.  It can't replace
Exchange,  it isn't the same thing.  Cyrus IMAPd + Postfix can replace
the mail portion of Exchange,  but not Postfix alone.  The much more
difficult part is setting up [appropriately] the IMAP server and
clients.  Configuring Postfix is as easy as falling-off-a-log for most
sites.

> Ideally (laugh if you like):
> I want to set up Postfix on a second box and transition transparently,
> importing or converting anything and everything that can be imported
> or converted.  I want to tell management about how they can do
> everything they currently do on Exchange (i'll let them realize it's
> faster and less annoying after it happens). 

But they can't, be careful what promises you make.

>  I need users to log in to any machine in the building and get the
> same IMAP and customization they currently have (again, roaming
> profiles and Thunderbird would handle this, right?  I've not banged my
> head against this kind of thing in Windows much, but now seems a good
> time to learn).  I want the general user population to notice as
> little as possible before, during and after the change, except for
> clicking Thunderbird (or whatever might be better) instead of Exchange
> to read their mail.

Yes, Thunderbird works with roaming profiles;  albeit rather badly.
Thunderbird has no auto-configuration mechanism so every user's
account(s) need to be setup manually and it is prone to making HUGE
cache files if not setup carefully.  All-in-all it is a rather lousy
IMAP client compared to others.  Why not just stick with Outlook?  Your
likely to have a much easier time with the users if they are used to
Outlook (and you already paid for it anyway).

> What are selling points i can outline for said management?  Is this
> even a good idea?  Realistic goal?  Something I shouldn't attempt
> unless I already know how?

It is realistic to replace the mail component.  But (a) will they
tolerate using a client other than Outlook and (b) if you have even a
few user's who use calendering how loud are they going to scream when
you take it away?   If your Exchange is working how do you justify the
cost [labor] of transition?  Effort to deliver a solution that provides
less functionality is a pretty hard business case.

> Essentially this is coming about due to a "need this dun nao!" for a
> new server that, it turns out, we have no windows server license for.
> Rather than coughing up the cash for Winserver 2k8 and the associated
> CALs (ouch), i'd like to point out to the Director that we can do
> everything we use exchange for, fer free.  We already have the

Is that true? "everything we use exchange for" needs to be *very*
carefully researched.  

You can transition your license(s) from your old/existing server.

>  hardware (new robust server a database is going on, linux-based).  I
> hate trying to sell this kind of thing when my impulse is to wave my
> arms around yelling "IT'S OBVIOUS!" :)

But it isn't.
-- 
  Consonance: an Open Source .NET OpenGroupware client.
 Contact:[EMAIL PROTECTED]   http://freshmeat.net/projects/consonance/

RE: Proposing postfix to mgmt as an Exchange replacement

[Joey]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Adam Tauno Williams
> Sent: Tuesday, September 09, 2008 10:13 PM
> To: postfix-users@postfix.org
> Subject: Re: Proposing postfix to mgmt as an Exchange replacement
> 
> The below isn't meant to shoot down your idea, but I'm an Open Source
> groupware developer and am very familiar with the Exchange-vs-XYZ
> equation.
> 
> > As per the subject, I am about to pitch the idea of dumping Exchange
> > and moving to Postfix.  From what I can observe, the Calendar and
> > Meeting functions are used very little if at all.  We have roaming
> > profiles (call center area has no fixed seating and hectic
> > scheduling).  Biggest use people get out of Exchange is the sorting /
> > folders and that's nothing T-bird can't handle.
> 
> Postfix is an SMTP MTA;  it isn't an IMAP/POP server.  It can't replace
> Exchange,  it isn't the same thing.  Cyrus IMAPd + Postfix can replace
> the mail portion of Exchange,  but not Postfix alone.  The much more
> difficult part is setting up [appropriately] the IMAP server and
> clients.  Configuring Postfix is as easy as falling-off-a-log for most
> sites.
> 
> > Ideally (laugh if you like):
> > I want to set up Postfix on a second box and transition transparently,
> > importing or converting anything and everything that can be imported
> > or converted.  I want to tell management about how they can do
> > everything they currently do on Exchange (i'll let them realize it's
> > faster and less annoying after it happens).
> 
> But they can't, be careful what promises you make.
> 
> >  I need users to log in to any machine in the building and get the
> > same IMAP and customization they currently have (again, roaming
> > profiles and Thunderbird would handle this, right?  I've not banged my
> > head against this kind of thing in Windows much, but now seems a good
> > time to learn).  I want the general user population to notice as
> > little as possible before, during and after the change, except for
> > clicking Thunderbird (or whatever might be better) instead of Exchange
> > to read their mail.
> 
> Yes, Thunderbird works with roaming profiles;  albeit rather badly.
> Thunderbird has no auto-configuration mechanism so every user's
> account(s) need to be setup manually and it is prone to making HUGE
> cache files if not setup carefully.  All-in-all it is a rather lousy
> IMAP client compared to others.  Why not just stick with Outlook?  Your
> likely to have a much easier time with the users if they are used to
> Outlook (and you already paid for it anyway).
> 
> > What are selling points i can outline for said management?  Is this
> > even a good idea?  Realistic goal?  Something I shouldn't attempt
> > unless I already know how?
> 
> It is realistic to replace the mail component.  But (a) will they
> tolerate using a client other than Outlook and (b) if you have even a
> few user's who use calendering how loud are they going to scream when
> you take it away?   If your Exchange is working how do you justify the
> cost [labor] of transition?  Effort to deliver a solution that provides
> less functionality is a pretty hard business case.
> 
> > Essentially this is coming about due to a "need this dun nao!" for a
> > new server that, it turns out, we have no windows server license for.
> > Rather than coughing up the cash for Winserver 2k8 and the associated
> > CALs (ouch), i'd like to point out to the Director that we can do
> > everything we use exchange for, fer free.  We already have the
> 
> Is that true? "everything we use exchange for" needs to be *very*
> carefully researched.
> 
> You can transition your license(s) from your old/existing server.
> 
> >  hardware (new robust server a database is going on, linux-based).  I
> > hate trying to sell this kind of thing when my impulse is to wave my
> > arms around yelling "IT'S OBVIOUS!" :)
> 
> But it isn't.
> --
>   Consonance: an Open Source .NET OpenGroupware client.
>  Contact:[EMAIL PROTECTED]
> http://freshmeat.net/projects/consonance/

First I'll tell you what I do.
We have an ISP service, hosting, email, email gateway, email backup... you 
guessed it Postfix (Yes!)
HOWEVER, we have a PC/Networking Services division and we support Exchange, we 
even have an Exchange server for us ( going through a postfix gateway of course 
).

The 2 can't be compared as easily as you have, and from your perspective it's 
all about the $, which is not the only reason to switch.

I agree with Awilliams comments above.
1. More research of actual usage.
2. Who are you getting support from when your postfix doesn't work?
(Yes the list is a GREAT support, but when you need something fixed now that's 
not going to help in all situations)
There are MORE Exchange technicians than Postfix.
3. If you want you can continue to use outlook and try to make the conversion 
transparent by configuring everybody's profile by hand.
Yes that will work, ye

Re: Proposing postfix to mgmt as an Exchange replacement

[Aaron Wolfe]

On Tue, Sep 9, 2008 at 10:12 PM, Adam Tauno Williams
<[EMAIL PROTECTED]> wrote:
> The below isn't meant to shoot down your idea, but I'm an Open Source
> groupware developer and am very familiar with the Exchange-vs-XYZ
> equation.
>
>> As per the subject, I am about to pitch the idea of dumping Exchange
>> and moving to Postfix.  From what I can observe, the Calendar and
>> Meeting functions are used very little if at all.  We have roaming

"very little" is entirely different from not at all.  The
calendar/contact/etc functionality of Exchange is very powerful and
Postfix et al will not provide the same functionality (maybe with
something like $Zimbra) .  Are you sure your users don't need it, or
won't need it next month after the CEO sits next to somebody on a
plane that is real time syncing their Blackberry to their corporate
calendar, etc?


>> profiles (call center area has no fixed seating and hectic
>> scheduling).  Biggest use people get out of Exchange is the sorting /
>> folders and that's nothing T-bird can't handle.
>
> Postfix is an SMTP MTA;  it isn't an IMAP/POP server.  It can't replace
> Exchange,  it isn't the same thing.  Cyrus IMAPd + Postfix can replace
> the mail portion of Exchange,  but not Postfix alone.  The much more
> difficult part is setting up [appropriately] the IMAP server and
> clients.  Configuring Postfix is as easy as falling-off-a-log for most
> sites.
>
>> Ideally (laugh if you like):
>> I want to set up Postfix on a second box and transition transparently,
>> importing or converting anything and everything that can be imported
>> or converted.  I want to tell management about how they can do
>> everything they currently do on Exchange (i'll let them realize it's
>> faster and less annoying after it happens).
>
> But they can't, be careful what promises you make.
>

Exactly.

>>  I need users to log in to any machine in the building and get the
>> same IMAP and customization they currently have (again, roaming
>> profiles and Thunderbird would handle this, right?  I've not banged my
>> head against this kind of thing in Windows much, but now seems a good
>> time to learn).  I want the general user population to notice as
>> little as possible before, during and after the change, except for
>> clicking Thunderbird (or whatever might be better) instead of Exchange
>> to read their mail.
>
> Yes, Thunderbird works with roaming profiles;  albeit rather badly.
> Thunderbird has no auto-configuration mechanism so every user's
> account(s) need to be setup manually and it is prone to making HUGE
> cache files if not setup carefully.  All-in-all it is a rather lousy
> IMAP client compared to others.  Why not just stick with Outlook?  Your
> likely to have a much easier time with the users if they are used to
> Outlook (and you already paid for it anyway).
>

Right.. you already have an IMAP client that works well in a microsoft
environment (and specifically with roaming profiles) and is familiar
to your users.  Why add new software?

>> What are selling points i can outline for said management?  Is this
>> even a good idea?  Realistic goal?  Something I shouldn't attempt
>> unless I already know how?
>
> It is realistic to replace the mail component.  But (a) will they
> tolerate using a client other than Outlook and (b) if you have even a
> few user's who use calendering how loud are they going to scream when
> you take it away?   If your Exchange is working how do you justify the
> cost [labor] of transition?  Effort to deliver a solution that provides
> less functionality is a pretty hard business case.
>

>> Essentially this is coming about due to a "need this dun nao!" for a
>> new server that, it turns out, we have no windows server license for.
>> Rather than coughing up the cash for Winserver 2k8 and the associated
>> CALs (ouch), i'd like to point out to the Director that we can do
>> everything we use exchange for, fer free.  We already have the
>
> Is that true? "everything we use exchange for" needs to be *very*
> carefully researched.
>
> You can transition your license(s) from your old/existing server.
>

Again, right on the money.   You already have Exchange cals, how is
not using them going to save money, exactly?


>>  hardware (new robust server a database is going on, linux-based).  I
>> hate trying to sell this kind of thing when my impulse is to wave my
>> arms around yelling "IT'S OBVIOUS!" :)
>

A very tough sell.  You want to replace a working, existing system
with one that has less function in order to save money that you
already spent?  It's not obvious to me.


On the other hand, if you just want to justify having a postfix server
around, there are some easy arguments to make.
Postfix works great in front of Exchange, actually makes Exchange a
lot easier to keep running by shielding it from the nasty business on
the internet.  It increases reliabiliy of your mail system,  it
increases security by keeping your windows box safely hidden. It can
do a 

FW: Proposing postfix to mgmt as an Exchange replacement

[MacShane, Tracy]

 
> > -Original Message-
> > From: [EMAIL PROTECTED] 
> > [mailto:[EMAIL PROTECTED] On Behalf Of Adam Tauno 
> > Williams
> > Sent: Wednesday, 10 September 2008 12:13 PM
> > To: postfix-users@postfix.org
> > Subject: Re: Proposing postfix to mgmt as an Exchange replacement
> > 
> > The below isn't meant to shoot down your idea, but I'm an 
> Open Source 
> > groupware developer and am very familiar with the Exchange-vs-XYZ 
> > equation.
> > 
> > > As per the subject, I am about to pitch the idea of 
> dumping Exchange 
> > > and moving to Postfix.
> > ...
> > 
> > Is that true? "Everything we use exchange for" needs to be
> > *very* carefully researched.  
> >  
> > > I hate trying to sell this kind of thing when my impulse 
> is to wave 
> > > my arms around yelling "IT'S OBVIOUS!" :)
> > 
> > But it isn't.
> 
> I totally agree with these remarks, not least the confusion 
> between the roles that Postfix and Exchange carry out. I'd be 
> extremely surprised to find any organisation that has more 
> than 6 users on Exchange that doesn't use 
> calendaring/scheduling, just as one example. How are you 
> judging the use of that functionality organisation-wide?
> 
> Really, if you hate Exchange that much - and I actually think 
> it's fairly robust (these days) and good at doing what it 
> does (if we don't talk to much about TLS) - you need to 
> research something like Zimbra, which uses Postfix as the 
> MTA, but incorporates IMAP mailboxes and calendaring via 
> Webdav (I think).
> 
> Of course, my primary role is that of an Exchange admin, so 
> you can take my opinion FWIW.

Re: can send mail, but cannot receive (through ISP smtp)

[Alex Bernea]

On Tue, Sep 9, 2008 at 7:17 AM, Alex Bernea <[EMAIL PROTECTED]> wrote:

>
>
> On Tue, Sep 9, 2008 at 4:18 AM, Victor Duchovni <
> [EMAIL PROTECTED]> wrote:
>
>> On Tue, Sep 09, 2008 at 03:20:32AM +0300, Alex Bernea wrote:
>>
>> > Hi all,
>> >
>> > I have set up Postfix 2.5.4 with TLS, Cyrus SASL and LDAP lookups for
>> users.
>> >
>> > I tested it with openssl s_client command on ports 25, 465 and 587 and
>> > everything works (authentication and test emails). I use self signed CA
>> > certificates.
>> >
>> > I also tested sending mail on gmail, yahoo and other providers and it
>> works,
>> > but when I reply back, nothing happens: no error in the logs, no
>> > mailer-daemon back to gmail or yahoo saying something is wrong.
>> >
>> > My IP is dynamic and I have set up a dynamic DNS for my test domain,
>> > test.lexarrow.com, with A and MX records for mail.test.lexarrow.com. I
>> > checked DNS settings with dig MX and dig A commands (they turn out ok)
>> and
>> > with dnsstuff.com (everything turns out ok except the "Mail" section.
>> >
>>
>> You might want to permit port 25 through your firewall.
>>
>>$ dig +noall +ans +add -t mx test.lexarrow.com
>>test.lexarrow.com.  3570IN  MX  10
>> mail.test.lexarrow.com.
>>mail.test.lexarrow.com. 30  IN  A   79.116.195.248
>>
>>$ telnet 79.116.195.248 25
>>Trying 79.116.195.248...
>>
>>
>> --
>>Viktor.
>
>
>
> Thanks for the quick reply Viktor!
>
> I apologize for not mentioning the fact that my ISP blocks port 25. Seems
> to be both incoming and outgoing. They said it was just outgoing. I wrote
> them a mail to open the port, maybe I get lucky.
>
> Will post when I have news.
>
> Alex
>
>
>
>
>
>
>
A quick update. My ISP unblocked the smtp port, for now, just outbound. I
can send mail, without using their smtp.

Still no inbound mail. I checked with nmap both inside and outside the
network and my ISP still filters inbound traffic. I called them 3 times
already to fix the problem and they said they are working on it. I will keep
calling until they do.

Will post again when I have news

Alex

Re: can send mail, but cannot receive (through ISP smtp)

[mouss]

Alex Bernea wrote:

A quick update. My ISP unblocked the smtp port, for now, just outbound. I
can send mail, without using their smtp.

Still no inbound mail. I checked with nmap both inside and outside the
network and my ISP still filters inbound traffic. I called them 3 times
already to fix the problem and they said they are working on it. I will keep
calling until they do.




and while you are at it, ask them to give you a custom reverse DNS.

$ host 79.116.195.248
248.195.116.79.in-addr.arpa domain name pointer 
79-116-195-248.dynamic.brasov.rdsnet.ro.


with this, many sites will block you, put your mail in a junk folder or 
even discard it.