Re: About steps to setup virtual mailbox domain class

2008-10-10 Thread mouss 
Stephen Liu a écrit :
> What I can't figure out is;
>
>
> User 'satimis' was created when I built Debian Etch.  It has folder
> created on /home/satimis
>   

I thought you were after virtual mailbox domains. what do unix users
have to do with this?
> # ls -ld /home/satimis/
> drwxr-xr-x 2 satimis satimis 4096 2008-10-09 17:02 /home/satimis/
>
>
> satimis can't receive mails, all mails to [EMAIL PROTECTED] rejected
> because it is not on vmail group.
>   
>

If you want a single uid:gid to own the mail store, use
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
(the 5000 values are the vmail uid and gid).

This is shown in the workaround.org howto. did you read it? and did you
read and understand
http://www.postfix.org/VIRTUAL_README.html

> [snip]
>
> [snip]
> Oct 10 05:03:24 xen6 postfix/smtpd[1447]: NOQUEUE: reject: RCPT from
> ti-out-0910.google.com[209.85.142.184]: 550 5.1.1
> <[EMAIL PROTECTED]>: Recipient address rejected: User unknown in
> virtual mailbox table; from=<[EMAIL PROTECTED]>
>   

[EMAIL PROTECTED] is not found in virtual_mailbox_maps. you can use postmap -q 
to test your maps. for example:

# postmap -q [EMAIL PROTECTED] mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf

This should return the mailbox location for [EMAIL PROTECTED]


> [snip]
>
> I doubt whether I'm allowed to run;
>
> # useradd -g vmail -u 5001 satimis -d /home/vmail/satimis -m
>
> Because user 'satimis' already exiting.  Please help.  TIA
>   
it looks like you're confusing local (unix) and virtual delivery. reread
the docs carefully.

Re: how to specify any/catch_all domain/email in HASH access map?

2008-10-10 Thread mouss 
[EMAIL PROTECTED] a écrit :
> How to implement logic like below in one HASH map?
> pcre:/etc/postfix/maps/check_client:
>   /mail\.ru/  DUNNO
>   
I guess you mean
/mail\.ru$/   DUNNO
otherwise, the expression matches mail.ruby.org and other stuff...

>   /yandex\.ru/  DUNNO
>   

same as above.
>   /.*/ goto_check_class
>   
/./   goto_check_class
is shorter


Back to your question. no, you can't. there is no "default" in hash maps.

Re: Attachments with email from command line?

2008-10-10 Thread chas 
> Victor Duchovni a écrit :
>> On Thu, Oct 09, 2008 at 03:45:04PM -0400, James wrote:
>>
>>
>>> http://www.unix.com/how-do-i-send-email/
>>>
>>
>> I would download mpack(1)/munpack(1) from CMU. The code is old and
>> one needs to remove a couple of spurious declarations of malloc() on
>> some systems.
>>
>> With mpack it is easy to send MIME encoded attachments. To adjust the
>> From line post-process output of "mpack -o" to create a suitable
>> From: header.
>>
>>
>
> or use Perl.
>
> use MIME::Lite;
>
> my $msg = MIME::Lite->new(
> From=> '[EMAIL PROTECTED]',
> To  => '[EMAIL PROTECTED]',
> Cc  => '[EMAIL PROTECTED], [EMAIL PROTECTED]',
> Subject => 'blah blah',
> Type=> 'multipart/mixed'
> );
>
> $msg->attach(
> Type => 'TEXT',
> Data => "blah blah blah blah"
> );
>
> $msg->attach(
> Type => '|application/vnd.ms-excel|',
> Path => '/path/to/foo.xls',
> Filename => 'foo.xls',
> Disposition => 'attachment'
> );
>
> $msg->send;
>

Thanks to everyone who replied for all the useful suggestions. I'm going
to read the links posted and possibly try the Perl suggestion first.

thanks again,
Chas.

Re: Attachments with email from command line?

2008-10-10 Thread Jan P. Kessler 

What about simply using uuencode?

( echo "Text" ; uuencode origname.gz attname.gz ) \
| mailx -s "subject" -r "[EMAIL PROTECTED]" [EMAIL PROTECTED]

Re: Test mysql virtual_mailbox_maps?

2008-10-10 Thread Charles Marcus 
On 10/10/2008 8:21 AM, Ralf Hildebrandt wrote:
>> Is there a simple way to test the returned value of a mysql based
>> virtual mailbox map from the command line using the postconf command or
>> something similar?

> man postmap (option -q)

I'm blind... thanks Ralf...

-- 

Best regards,

Charles

Re: Receiving mail from non-RFC821 compliant addresses (numeric ip)

2008-10-10 Thread Wietse Venema 
Erno Palonheimo:
> Hello,
> 
> I'm configuring Postfix for use with our intranet mail server. Some of 
> our computers have service processors with SMTP alert sending 
> capability. Said service processors aren't very configurable, all i can 
> do is setting SMTP server IP and email address for alerts. The problem 
> here is that these servers use MAIL FROM:<[EMAIL PROTECTED]> when 
> sending mail. Postfix doesn't accept this and following appears in log:
> 
> Oct 10 14:46:56 intra-mail postfix/smtpd[26338]: [ID 947731 
> mail.warning] warning: Illegal address syntax from unknown[1.2.3.4] in 
> MAIL command: <[EMAIL PROTECTED]>
> 
> I have the strict_rfc821_envelopes set to 'no' but that doesn't help. 
> What could I do to allow these mails be received?

With Postfox 2.3 and later:

/etc/postfix/main.cf: resolve_numeric_domain=yes

This means that external hackers can attack inside machines.

1) Send mail to your Postfix box with an internal sender domain as
   IP address: [EMAIL PROTECTED], [EMAIL PROTECTED], and so on.

2) Cause the mail to bounce (for example with a Delivered-To header).

3) Postfix now sends the bounce to the specified IP address.

Regular expressions can't stop all attacks without false positives
or false negatives (RFC822 syntax is recursive, whereas regular
expressions are not). The best you can do is to disallow any external
mail that has a sender address with a substring that matches 
your inside ip addresses.

In PCRE notation:

/\b127\.\d+\.\d+\.\d+\b/ reject
/\b192\.168\.\d+\.\d+\b/ reject

Wietse

Re: Using proxy: for mysql maps

2008-10-10 Thread Wietse Venema 
Charles Marcus:
[ Charset ISO-8859-1 unsupported, converting... ]
> Hi,
> 
> Currently my virtual_mailbox_maps are being accessed by:
> 
> virtual_mailbox_domains = mysql:/etc/postfix/mysql_vmd.cf
> virtual_mailbox_maps = mysql:/etc/postfix/mysql_vmm.cf
> 
> It has been said here many times that it is better to use proxy:mysql:
> instead, but I'm confused about implementation...
> 
> Is it simply a matter of adding the proxy: prefix to the map location?

Yes. I thought that the examples are sufficient. But if you are
more comfortable with more formal Backus-Naur syntax then I suppose
could provide that too.

> Or do I need to do something else (in main.cf or master.cf) to set up
> the proxy service?
>
> Reading http://www.postfix.org/proxymap.8.html doesn't really say what
> is needed to be done to actually *implement* this or switch an existing
> system to using it, other than simply adding the proxy: prefix...

proxymap.8.html mentions the relevant configuration parameters.
For a more complete description click on the parameter name.

Wietse

Re: Attachments with email from command line?

2008-10-10 Thread Mike M 
On 10/9/2008 at 3:40 PM [EMAIL PROTECTED] wrote:

|Hello,
|  I'm currently sending 2 daily emails to my group at work using crontab
|and the '/usr/lib/sendmail' command on a server running postfix 2.5.1.
|Is there any way to add an attachment, in this case a excel spreadsheet?
|I've had people tell me to use mutt but I'm having trouble changing the
|'from' header in mutt. I would like to use the sendmail command (through
|postfix) if possible.
 =

Here's how I do it...

http://mmj.dk/biabam/

Re: About steps to setup virtual mailbox domain class

2008-10-10 Thread Stephen Liu 

--- mouss <[EMAIL PROTECTED]> wrote:

> Stephen Liu a écrit :
> > What I can't figure out is;
> >
> >
> > User 'satimis' was created when I built Debian Etch.  It has folder
> > created on /home/satimis
> >   
> 
> I thought you were after virtual mailbox domains. what do unix users
> have to do with this?
> > # ls -ld /home/satimis/
> > drwxr-xr-x 2 satimis satimis 4096 2008-10-09 17:02 /home/satimis/
> >
> >
> > satimis can't receive mails, all mails to [EMAIL PROTECTED]
> rejected
> > because it is not on vmail group.


Hi Mouss,


I followed this howto;
http://linux.justinhartman.com/Postfix_and_Courier_Installation_using_MySQL


to build this Mail Server.  After completion mails can be sent via
telnet and can be received by satimis, the only user of this box
created while installing/configuring Debian Etch.  The Mail Server is
running as domU (guest) on a Xen Machine with Debian Etch as Host OS,
dom0.  Mails sent to [EMAIL PROTECTED] were received on
/var/mail/satimis, which file was created automatically on the arrival
of the first mail.


On next day after booting the Xen Machine and starting the Mail Server
it was found that mails still can be sent via telnet.  But mails to
[EMAIL PROTECTED] were totally rejected.  I still can resolve how
this would happen.  I didn't touch the Mail Server after booting.


# tail /var/log/mail.log
Oct  9 14:24:02 xen6 postfix/smtpd[1415]: cannot load RSA certificate
and key data
Oct  9 14:24:02 xen6 postfix/smtpd[1415]: connect from
ti-out-0910.google.com[209.85.142.186]
Oct  9 14:24:02 xen6 postfix/trivial-rewrite[1419]: warning: do not
list domain satimis.com in BOTH mydestination and vi
rtual_mailbox_domains
Oct  9 14:24:02 xen6 postfix/smtpd[1415]: NOQUEUE: reject: RCPT from
ti-out-0910.google.com[209.85.142.186]: 550 5.1.1 <
[EMAIL PROTECTED]>: Recipient address rejected: User unknown in
local recipient table; from=<[EMAIL PROTECTED]> to
=<[EMAIL PROTECTED]> proto=ESMTP helo=
Oct  9 14:24:02 xen6 postfix/smtpd[1415]: disconnect from
ti-out-0910.google.com[209.85.142.186]
Oct  9 14:25:51 xen6 postfix/smtp[1326]: 9EB723D80C: conversation with
f.mx.mail.yahoo.com[209.191.88.247] timed out whi le receiving the
initial server greeting
Oct  9 14:25:52 xen6 postfix/smtp[1326]: 9EB723D80C: host
g.mx.mail.yahoo.com[209.191.88.239] refused to talk to me: 421  Message
from (220.232.213.178) temporarily deferred - 4.16.50. Please refer to
http://help.yahoo.com/help/us/mail/defer /defer-06.html
Oct  9 14:25:52 xen6 postfix/smtp[1326]: 9EB723D80C: host
f.mx.mail.yahoo.com[68.142.202.247] refused to talk to me: 421  Message
from (220.232.213.178) temporarily deferred - 4.16.50. Please refer to
http://help.yahoo.com/help/us/mail/defer /defer-06.html
Oct  9 14:25:57 xen6 postfix/smtp[1326]: 9EB723D80C:
to=<[EMAIL PROTECTED]>, relay=b.mx.mail.yahoo.com[66.196.97.250]:25 ,
delay=5257, delays=4947/0.07/309/0.92, dsn=2.0.0, status=sent (250 ok
dirdel)
Oct  9 14:25:57 xen6 postfix/qmgr[1321]: 9EB723D80C: removed


After removed "satimis.com" on the line of mydestination of main.cf and
ran following command;

# cd /etc/postfix
# openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes
-keyout smtpd.key -keyform PEM -days 365 -x509


Restarted postfix.  Problem was partially solved.  "cannot load RSA
certificate and key data" disappeared.


Sent a mail to [EMAIL PROTECTED] on Gmail.  The mail was rejected
immediately.


# tail /var/log/mail.log
Oct  9 15:05:58 xen6 postfix/qmgr[1636]: B94273D80C: removed
Oct  9 15:06:27 xen6 postfix/smtpd[1637]: disconnect from
ti-out-0910.google.com[209.85.142.184]
Oct  9 15:09:47 xen6 postfix/anvil[1640]: statistics: max connection
rate 1/60s for (smtp:209.85.142.184) at Oct  9 15:05:57
Oct  9 15:09:47 xen6 postfix/anvil[1640]: statistics: max connection
count 1 for (smtp:209.85.142.184) at Oct  9 15:05:57
Oct  9 15:09:47 xen6 postfix/anvil[1640]: statistics: max cache size 1
at Oct  9 15:05:57
Oct  9 15:12:21 xen6 postfix/master[1630]: terminating on signal 15
Oct  9 15:12:21 xen6 postfix/master[1737]: daemon started -- version
2.3.8, configuration /etc/postfix
Oct  9 15:13:41 xen6 postfix/smtpd[1744]: connect from
ti-out-0910.google.com[209.85.142.190]
Oct  9 15:13:41 xen6 postfix/smtpd[1744]: NOQUEUE: reject: RCPT from
ti-out-0910.google.com[209.85.142.190]: 550 5.1.1
<[EMAIL PROTECTED]>: Recipient address rejected: User unknown in
virtual mailbox table; from=<[EMAIL PROTECTED]>
to=<[EMAIL PROTECTED]> proto=ESMTP helo=
Oct  9 15:13:41 xen6 postfix/smtpd[1744]: disconnect from
ti-out-0910.google.com[209.85.142.190]


I don't know how to fix the problem.  Advice would be much appreciated.
 TIA

 
> If you want a single uid:gid to own the mail store, use
> virtual_uid_maps = static:5000
> virtual_gid_maps = static:5000
> (the 5000 values are the vmail uid and gid).
> 
> This is shown in the workaround.org howto. did you read it? and did
> you
> read and understand
> http://www.postfix.org/VIRTUAL_README.html


Whether you meant thi

Using proxy: for mysql maps

2008-10-10 Thread Charles Marcus 
Hi,

Currently my virtual_mailbox_maps are being accessed by:

virtual_mailbox_domains = mysql:/etc/postfix/mysql_vmd.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_vmm.cf

It has been said here many times that it is better to use proxy:mysql:
instead, but I'm confused about implementation...

Is it simply a matter of adding the proxy: prefix to the map location?
Or do I need to do something else (in main.cf or master.cf) to set up
the proxy service?

Reading http://www.postfix.org/proxymap.8.html doesn't really say what
is needed to be done to actually *implement* this or switch an existing
system to using it, other than simply adding the proxy: prefix...

Thanks,

-- 

Best regards,

Charles

Re: problem with mailx ending in "."

2008-10-10 Thread Victor Duchovni 
On Fri, Oct 10, 2008 at 11:45:58AM +0200, Angel L. Mateo wrote:

> 
> <"whatever."@mydomain.com>: User unknown in virtual alias table

Virtual alias lookup keys are in "external" (RFC2822) form. The addresses
you chose (and should consider "unchoosing" if at all possible) require
quotes around the localpart to make them RFC2822 compliant. So your
virtual alias table needs to store addresses in this form.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: multiple outgoing interfaces?

2008-10-10 Thread Victor Duchovni 
On Fri, Oct 10, 2008 at 11:32:21AM +0200, Rainer Frey (Inxmail GmbH) wrote:

> On Wednesday 08 October 2008 00:52:15 Victor Duchovni wrote:
> > It is possible to cause the outgoing transport to depend solely on the
> > incoming IP in some special cases, but this is not something I am inclined
> > to recommend to anyone. So I would prefer to pretend it is generally not
> > possible, rather than present a complex and fragile design to solve an
> > aesthetic "problem" with a narrowly applicable hack.
> 
> I'm looking for the same thing right now. Would you mind to present your idea 
> anyway, so I could see if it might be applicable in my setup?

Noel Jones outlined the key elements in an earlier post in this thread. This
approach is not recommended (it is not "wrong", just unwise IMHO).

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: About steps to setup virtual mailbox domain class

2008-10-10 Thread Charles Marcus 
On 10/10/2008, Stephen Liu ([EMAIL PROTECTED]) wrote:
> # postmap -q [EMAIL PROTECTED]
> /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
> postmap: fatal: open database
> /etc/postfix/mysql-virtual_mailbox_limit_maps.cf.db: No such file or
> directory

Fix this...

If mysql-virtual_mailbox_limit_maps.cf is the actual name of the file, then:

/etc/postfix/mysql-virtual_mailbox_limit_maps.cf

should be

/etc/postfix/mysql:mysql-virtual_mailbox_limit_maps.cf

or

/etc/postfix/proxy:mysql:mysql-virtual_mailbox_limit_maps.cf

Otherwise, postconf -n output?

-- 

Best regards,

Charles

Re: multiple outgoing interfaces?

2008-10-10 Thread Rainer Frey (Inxmail GmbH) 
On Wednesday 08 October 2008 00:52:10 Noel Jones wrote:
> Wietse Venema wrote:
> > The SMTP client's source IP address is controlled with smtp_bind_address,
> > otherwise it is inherited from inet_interfaces (when this specifies
> > one non-localhost IP address).
> >
> > However, making the IP address dependent on the sender domain is
> > not yet implemented. This it requires a sender-dependent transport
> > map.
> >
> > Wietse
>
> Will the FILTER action accept an empty nexthop?

It seems it does not (at least not correctly). If the nexthop is empty, it 
seems to assume the local host (which of course leads to "mail loops to 
myself" if the recipient domain is not handled by postfix). We tried to 
achieve exactly what the OP wants, and came to this result today. It does 
work if one specifies the nexthop (which is not possible, obviously, for 
random recipients).

> If so, maybe OP can use a check_sender_access table that
> returns eg. "FILTER smtp-23:" with a corresponding smtp-23
> transport defined in master.cf (with -o
> smtp_bind_address=x.x.x.23).
>
> NB. this will probably blow up if the recipient is local.

Any other possibilities?


-- 
Software Developer

--

Inxmail GmbH
Wentzingerstr. 21, 79106 Freiburg, Germany
Tel: +49 761 296979-0, Fax: -9
[EMAIL PROTECTED], www.inxmail.de

Handelsregister Freiburg, HRB 5870
Ust.-ID: DE198371679
Geschäftsleitung: Martin Bucher, Peter Ziras 

--

Inxmail Professional kostenlos testen:
http://www.inxmail.de/jetzt-testen

Tipps und Tricks für E-Mail-Marketers:
http://www.inxmail.de/newsletter

problem with mailx ending in "."

2008-10-10 Thread Angel L. Mateo 
Hello,

We have created mail accounts ending in "." for a bug in our mail
creation process and we are having problems with these accounts.

Our configuration is below:

* We have a relay server. This server acts as our incoming mail server
and is also the one that our users have as their smtp server.

* For our local accounts relay server delivers mail to other server,
which is the one where our users has their mailbox.

* Our user's accounts are in a ldap server (openldap).

In the relay server we have a relay_recipient_maps to check that
incoming mail are for valid emails. In the mailbox server we have users
configured by a virtual_alias_maps. The configuration for both maps are
the same.

The problem we have is that when we get an email directed to a mail of
the kind ".@", it goes through all the servers, but
when the final server tries to deliver it in the mailbox, it fails with
a user unknown error, although it first accepts it, that is, in the
"rcpt to" it accepts the email (it is expected to reject it if the user
is unkown), but fails trying to deliver it, originating a bounce error
email. The error has the form:

<"whatever."@mydomain.com>: User unknown in virtual alias table

Any idea?

-- 
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información   _o)
y las Comunicaciones Aplicadas (ATICA)  / \\
http://www.um.es/atica_(___V
Tfo: 968367590
Fax: 968398337

Re: About steps to setup virtual mailbox domain class

2008-10-10 Thread Brian Evans - Postfix List 
Charles Marcus wrote:
> On 10/10/2008, Stephen Liu ([EMAIL PROTECTED]) wrote:
>   
>> # postmap -q [EMAIL PROTECTED]
>> /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
>> postmap: fatal: open database
>> /etc/postfix/mysql-virtual_mailbox_limit_maps.cf.db: No such file or
>> directory
>> 
>
> Fix this...
>
> If mysql-virtual_mailbox_limit_maps.cf is the actual name of the file, then:
>
> /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
>
> should be
>
> /etc/postfix/mysql:mysql-virtual_mailbox_limit_maps.cf
>
> or
>
> /etc/postfix/proxy:mysql:mysql-virtual_mailbox_limit_maps.cf
>
> Otherwise, postconf -n output?
>
>   
No.. it should be 'postmap -q 
mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'

It goes type:table, not path/type:table.

Brian

Re: About steps to setup virtual mailbox domain class

2008-10-10 Thread Charles Marcus 
On 10/10/2008 9:19 AM, Brian Evans - Postfix List wrote:
> No.. it should be 'postmap -q 
> mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'
> 
> It goes type:table, not path/type:table.

Right, sorry for the noise...

-- 

Best regards,

Charles

Re: About steps to setup virtual mailbox domain class

2008-10-10 Thread Stephen Liu 

--- Charles Marcus <[EMAIL PROTECTED]> wrote:

> On 10/10/2008, Stephen Liu ([EMAIL PROTECTED]) wrote:
> > # postmap -q [EMAIL PROTECTED]
> > /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
> > postmap: fatal: open database
> > /etc/postfix/mysql-virtual_mailbox_limit_maps.cf.db: No such file
> or
> > directory
> 
> Fix this...
> 
> If mysql-virtual_mailbox_limit_maps.cf is the actual name of the
> file, then:
> 
> /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
> 
> should be
> 
> /etc/postfix/mysql:mysql-virtual_mailbox_limit_maps.cf
> 
> or
> 
> /etc/postfix/proxy:mysql:mysql-virtual_mailbox_limit_maps.cf
> 
> Otherwise, postconf -n output?
> 


Hi Charles


# postmap -q [EMAIL PROTECTED]
/etc/postfix/mysql:mysql-virtual_mailbox_limit_maps.cf
postmap: fatal: dict_open: unsupported dictionary type:
/etc/postfix/mysql:  Is the postfix-/etc/postfix/mysql package
installed?


# apt-cache policy postfix-mysql
postfix-mysql:
  Installed: 2.3.8-2+etch1
  Candidate: (none)
  Package pin: (not found)
  Version table:
 *** 2.3.8-2+etch1 1001
500 http://security.debian.org stable/updates/main Packages
100 /var/lib/dpkg/status
 2.3.8-2+b1 1001
500 http://ftp.au.debian.org etch/main Packages


# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = xen6.satimis.com, localhost, localhost.localdomain
myhostname = xen6.satimis.com
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_session_cache_database =
btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_create_maildirsize = yes
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_limit_maps =
proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_maildir_limit_message = "The user you are trying to reach is
over quota."
virtual_overquota_bounce = yes


B.R.
Stephen L


Send instant messages to your online friends http://uk.messenger.yahoo.com

Re: Using proxy: for mysql maps

2008-10-10 Thread Charles Marcus 
On 10/10/2008, Wietse Venema ([EMAIL PROTECTED]) wrote:
>> Is it simply a matter of adding the proxy: prefix to the map
>> location?

> Yes. I thought that the examples are sufficient. But if you are more
> comfortable with more formal Backus-Naur syntax then I suppose could
> provide that too.

No, no... I was just making sure that I wasn't overlooking something...
burned myself many times by using poor docs that make lots of assumptions...

That said, postfix docs are generally some of the best I've used (thanks
for that!) - its my eyes/brain that are my biggest problem...

-- 

Best regards,

Charles

Re: Attachments with email from command line?

2008-10-10 Thread Victor Duchovni 
On Fri, Oct 10, 2008 at 02:25:58PM +0200, Jan P. Kessler wrote:

> 
> What about simply using uuencode?
> 
> ( echo "Text" ; uuencode origname.gz attname.gz ) \
> | mailx -s "subject" -r "[EMAIL PROTECTED]" [EMAIL PROTECTED]

uuencode is obsolete. MIME has been around since the mid-late 90's. New
applications should not use uuencode.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: About steps to setup virtual mailbox domain class

2008-10-10 Thread Stephen Liu 

--- Brian Evans - Postfix List <[EMAIL PROTECTED]> wrote:

> Charles Marcus wrote:
> > On 10/10/2008, Stephen Liu ([EMAIL PROTECTED]) wrote:
> >   
> >> # postmap -q [EMAIL PROTECTED]
> >> /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
> >> postmap: fatal: open database
> >> /etc/postfix/mysql-virtual_mailbox_limit_maps.cf.db: No such file
> or
> >> directory
> >> 
> >
> > Fix this...
> >
> > If mysql-virtual_mailbox_limit_maps.cf is the actual name of the
> file, then:
> >
> > /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
> >
> > should be
> >
> > /etc/postfix/mysql:mysql-virtual_mailbox_limit_maps.cf
> >
> > or
> >
> > /etc/postfix/proxy:mysql:mysql-virtual_mailbox_limit_maps.cf
> >
> > Otherwise, postconf -n output?
> >
> >   
> No.. it should be 'postmap -q 
> mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'
> 
> It goes type:table, not path/type:table.


Hi Brian

# postmap -q [EMAIL PROTECTED]
mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf

No output


B.R.
Stephen L



Send instant messages to your online friends http://uk.messenger.yahoo.com

Re: My first config - unable to telnet to port 25, virtual.db missing

2008-10-10 Thread Paul Cocker 
> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of mouss
> Sent: 08 October 2008 16:10
> Cc: postfix-users@postfix.org
> Subject: Re: [SPAM?] Re: My first config - unable to telnet 
> to port 25, virtual.db missing
> Importance: Low
> 
> Paul Cocker wrote:
> > But isn't recipient maps purely checking the destination address to 
> > see if it's valid? If so, why does it matter when you check the 
> > validity so long as you do before it reaches its final 
> destination for 
> > that domain and is bounced?
> 
> 
> if your secondary accepts a message to an invalid recipient, 
> what do you think will happen at the end of the journey? your 
> primary will reject your secondary and your secondary will 
> generate a bounce. and how do we call this? backscatter.
> 
> it's as simple as this: if one of your servers doesn't reject 
> a mail, you'll have to do something with that mail. if you 
> discard it, you break email reliability (people do mistype 
> addresses sometimes). if you bounce it, you will annoy the 
> rest of us (because you can't prove the sender isn't forged).
> 

Thanks for all your help, it has been most enlightening.



TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), 
TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897), TNT 
Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post 
Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary 
and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd 
(02556692). All companies are registered in England and Wales; registered 
address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, 
SL7 1HY.

Re: Attachments with email from command line?

2008-10-10 Thread Jan P. Kessler 
Victor Duchovni schrieb:
> On Fri, Oct 10, 2008 at 02:25:58PM +0200, Jan P. Kessler wrote:
>
>   
>> What about simply using uuencode?
>>
>> ( echo "Text" ; uuencode origname.gz attname.gz ) \
>> | mailx -s "subject" -r "[EMAIL PROTECTED]" [EMAIL PROTECTED]
>> 
>
> uuencode is obsolete. MIME has been around since the mid-late 90's. New
> applications should not use uuencode.
>   

additionally i was not able to find it anywhere except on our old
solaris boxes.

sorry for the noise,
  jan (awakened from the middle ages)

Re: multiple outgoing interfaces?

2008-10-10 Thread Wietse Venema 
Rainer Frey (Inxmail GmbH):
> On Wednesday 08 October 2008 00:52:10 Noel Jones wrote:
> > Wietse Venema wrote:
> > > The SMTP client's source IP address is controlled with smtp_bind_address,
> > > otherwise it is inherited from inet_interfaces (when this specifies
> > > one non-localhost IP address).
> > >
> > > However, making the IP address dependent on the sender domain is
> > > not yet implemented. This it requires a sender-dependent transport
> > > map.
> > >
> > >   Wietse
> >
> > Will the FILTER action accept an empty nexthop?
> 
> It seems it does not (at least not correctly).  If the nexthop is empty, it 
> seems to assume the local host (which of course leads to "mail loops to 
> myself" if the recipient domain is not handled by postfix).

This is incorrect.

Postfix will complain about a mail loop REGARDLESS of the nexthop
information unless you "filter" the mail to a non-SMTP TCP port,
or unless you change the smtp_helo_name on the smtp delivery agent.

Wietse

Re: About steps to setup virtual mailbox domain class

2008-10-10 Thread Brian Evans - Postfix List 
Stephen Liu wrote:
> --- Brian Evans - Postfix List <[EMAIL PROTECTED]> wrote:
>
>   
>> Charles Marcus wrote:
>> 
>>> On 10/10/2008, Stephen Liu ([EMAIL PROTECTED]) wrote:
>>>   
>>>   
 # postmap -q [EMAIL PROTECTED]
 /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
 postmap: fatal: open database
 /etc/postfix/mysql-virtual_mailbox_limit_maps.cf.db: No such file
 
>> or
>> 
 directory
 
 
>>> Fix this...
>>>
>>> If mysql-virtual_mailbox_limit_maps.cf is the actual name of the
>>>   
>> file, then:
>> 
>>> /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
>>>
>>> should be
>>>
>>> /etc/postfix/mysql:mysql-virtual_mailbox_limit_maps.cf
>>>
>>> or
>>>
>>> /etc/postfix/proxy:mysql:mysql-virtual_mailbox_limit_maps.cf
>>>
>>> Otherwise, postconf -n output?
>>>
>>>   
>>>   
>> No.. it should be 'postmap -q 
>> mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'
>>
>> It goes type:table, not path/type:table.
>> 
>
>
> Hi Brian
>
> # postmap -q [EMAIL PROTECTED]
> mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
>
> No output
>   

No output means "not found"

In the case of virtual_mailbox_maps, it will reject the recipient.

Since this "satimis" is a local user, you can simply put the entry:
(using your posted postconf -n)
[EMAIL PROTECTED] [EMAIL PROTECTED]

into your virutal_alias_maps. This causes local(8) to kick in and
deliver the message because xen6.satimis.com is in mydestination.

Brian

Refused Message from RCPT TO

2008-10-10 Thread Carlos Williams 
I am seeing in my logs several of the following:

-Queue ID- --Size-- Arrival Time -Sender/Recipient---
9D3DB1FA461C  1046060 Fri Oct 10 09:37:27  [EMAIL PROTECTED]
(host mx2.east.saic.com[198.151.13.25] said: 452 Deferred - [X.X.X.X]
(in reply to RCPT TO command))
 [EMAIL PROTECTED]

Above the [X.X.X.X] is my public IP address for my Postfix server. My
question is this being caused due to a poor Postfix configuration in
main.cf or is this an issue based on how the client connecting to my
Postfix server is composing the message headers?

I am assuming that the machine / client initiating the message is
improperly using the mail servers IP and this is what the receiving
host is rejecting, no?

Re: Refused Message from RCPT TO

2008-10-10 Thread Brian Evans - Postfix List 
Carlos Williams wrote:
> I am seeing in my logs several of the following:
>
> -Queue ID- --Size-- Arrival Time -Sender/Recipient---
> 9D3DB1FA461C  1046060 Fri Oct 10 09:37:27  [EMAIL PROTECTED]
> (host mx2.east.saic.com[198.151.13.25] said: 452 Deferred - [X.X.X.X]
> (in reply to RCPT TO command))
>  [EMAIL PROTECTED]
>
> Above the [X.X.X.X] is my public IP address for my Postfix server. My
> question is this being caused due to a poor Postfix configuration in
> main.cf or is this an issue based on how the client connecting to my
> Postfix server is composing the message headers?
>
> I am assuming that the machine / client initiating the message is
> improperly using the mail servers IP and this is what the receiving
> host is rejecting, no?
>   

A 452 response is generally a temporary error and will be retried.

Is the recipient yours or a remote?
This can be some form of greylisting or other not in your control issue
if remote.

Brian

Re: Refused Message from RCPT TO

2008-10-10 Thread Carlos Williams 
On Fri, Oct 10, 2008 at 10:16 AM, Brian Evans - Postfix List
<[EMAIL PROTECTED]> wrote:
> A 452 response is generally a temporary error and will be retried.
>
> Is the recipient yours or a remote?
> This can be some form of greylisting or other not in your control issue
> if remote.

Thanks Brian & Mark for your quick response!

The recipient is a remote destination. It is being initiated from a
relayed domain for my email server to a remote mail server /
destiniation. I will watch and see if it does eventually go through.

If I no longer see the entry listed in postqueue -p, how do I know if
the message was sent successfully of just failed and cleaned from the
queue by the queue manager?

Re: Refused Message from RCPT TO

2008-10-10 Thread Brian Evans - Postfix List 
Carlos Williams wrote:
> On Fri, Oct 10, 2008 at 10:16 AM, Brian Evans - Postfix List
> <[EMAIL PROTECTED]> wrote:
>   
>> A 452 response is generally a temporary error and will be retried.
>>
>> Is the recipient yours or a remote?
>> This can be some form of greylisting or other not in your control issue
>> if remote.
>> 
>
> Thanks Brian & Mark for your quick response!
>
> The recipient is a remote destination. It is being initiated from a
> relayed domain for my email server to a remote mail server /
> destiniation. I will watch and see if it does eventually go through.
>
> If I no longer see the entry listed in postqueue -p, how do I know if
> the message was sent successfully of just failed and cleaned from the
> queue by the queue manager?
>   
Simply grep out the Queue ID from your log.
The status parameter will tell you if it was sent, bounced, or delayed
again.

Brian

Receiving mail from non-RFC821 compliant addresses (numeric ip)

2008-10-10 Thread Erno Palonheimo 

Hello,

I'm configuring Postfix for use with our intranet mail server. Some of 
our computers have service processors with SMTP alert sending 
capability. Said service processors aren't very configurable, all i can 
do is setting SMTP server IP and email address for alerts. The problem 
here is that these servers use MAIL FROM:<[EMAIL PROTECTED]> when 
sending mail. Postfix doesn't accept this and following appears in log:


Oct 10 14:46:56 intra-mail postfix/smtpd[26338]: [ID 947731 
mail.warning] warning: Illegal address syntax from unknown[1.2.3.4] in 
MAIL command: <[EMAIL PROTECTED]>


I have the strict_rfc821_envelopes set to 'no' but that doesn't help. 
What could I do to allow these mails be received?


--
Erno Palonheimo +358503475171

Test mysql virtual_mailbox_maps?

2008-10-10 Thread Charles Marcus 
Hello,

Googling didn't reveal the answer (I probably didn't hit the right terms)...

Is there a simple way to test the returned value of a mysql based
virtual mailbox map from the command line using the postconf command or
something similar?

-- 

Best regards,

Charles

Re: Using proxy: for mysql maps

2008-10-10 Thread Victor Duchovni 
On Fri, Oct 10, 2008 at 09:28:48AM -0400, Charles Marcus wrote:

> On 10/10/2008, Wietse Venema ([EMAIL PROTECTED]) wrote:
> >> Is it simply a matter of adding the proxy: prefix to the map
> >> location?
> 
> > Yes. I thought that the examples are sufficient. But if you are more
> > comfortable with more formal Backus-Naur syntax then I suppose could
> > provide that too.
> 
> No, no... I was just making sure that I wasn't overlooking something...
> burned myself many times by using poor docs that make lots of assumptions...
> 
> That said, postfix docs are generally some of the best I've used (thanks
> for that!) - its my eyes/brain that are my biggest problem...

If the table you want to proxy is not listed in one of the standard
mumble_maps parameters listed $proxy_read_maps, you need to add it to
the list. Sadly main.cf syntax does not support a "foo += bar" syntax
to append elements to the default values of parameters, so you need
to replicate the default value of $proxy_read_maps and then add your
table.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Refused Message from RCPT TO

2008-10-10 Thread Carlos Williams 
On Fri, Oct 10, 2008 at 10:33 AM, Brian Evans - Postfix List
<[EMAIL PROTECTED]> wrote:
> Simply grep out the Queue ID from your log.
> The status parameter will tell you if it was sent, bounced, or delayed
> again.

Thanks - so basically this is not specifically something my Postfix
server is doing wrong or occurring due to config, correct?

Re: About steps to setup virtual mailbox domain class

2008-10-10 Thread mouss 
Stephen Liu a écrit :
>
> # postmap -q [EMAIL PROTECTED]
> mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
>
> No output
>   


so [EMAIL PROTECTED] does not exist.

you need to populate your mysql database. this is beyond the scopre of
this mailing list.

Re: Refused Message from RCPT TO

2008-10-10 Thread Mark Watts 

On Friday 10 October 2008 15:39:32 Carlos Williams wrote:
> On Fri, Oct 10, 2008 at 10:33 AM, Brian Evans - Postfix List
>
> <[EMAIL PROTECTED]> wrote:
> > Simply grep out the Queue ID from your log.
> > The status parameter will tell you if it was sent, bounced, or delayed
> > again.
>
> Thanks - so basically this is not specifically something my Postfix
> server is doing wrong or occurring due to config, correct?

Nothing you are directly in control of, no.

Mark.

-- 
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Applied Technologies
GPG Key: http://www.linux-corner.info/mwatts.gpg


signature.asc
Description: This is a digitally signed message part.

Re: Test mysql virtual_mailbox_maps?

2008-10-10 Thread Ralf Hildebrandt 
* Charles Marcus <[EMAIL PROTECTED]>:
> Hello,
> 
> Googling didn't reveal the answer (I probably didn't hit the right terms)...
> 
> Is there a simple way to test the returned value of a mysql based
> virtual mailbox map from the command line using the postconf command or
> something similar?

man postmap (option -q)

-- 
Ralf Hildebrandt ([EMAIL PROTECTED])  [EMAIL PROTECTED]
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de  I'm looking for a job
The only way to convince some people that HTML is about content, not
style is with a 2x4.

Re: Receiving mail from non-RFC821 compliant addresses (numeric ip)

2008-10-10 Thread mouss 
Erno Palonheimo a écrit :
> Hello,
>
> I'm configuring Postfix for use with our intranet mail server. Some of
> our computers have service processors with SMTP alert sending
> capability. Said service processors aren't very configurable, all i
> can do is setting SMTP server IP and email address for alerts. The
> problem here is that these servers use MAIL FROM:<[EMAIL PROTECTED]>
> when sending mail. Postfix doesn't accept this and following appears
> in log:
>
> Oct 10 14:46:56 intra-mail postfix/smtpd[26338]: [ID 947731
> mail.warning] warning: Illegal address syntax from unknown[1.2.3.4] in
> MAIL command: <[EMAIL PROTECTED]>
>
> I have the strict_rfc821_envelopes set to 'no' but that doesn't help.
> What could I do to allow these mails be received?
>

- complain to your vendor
- use an intermediary (proxy|script|whatever) to convert the adress to a
valid one.

Re: Refused Message from RCPT TO

2008-10-10 Thread Tomasz Chmielewski 

Mark Watts schrieb:

On Friday 10 October 2008 15:39:32 Carlos Williams wrote:

On Fri, Oct 10, 2008 at 10:33 AM, Brian Evans - Postfix List

<[EMAIL PROTECTED]> wrote:

Simply grep out the Queue ID from your log.
The status parameter will tell you if it was sent, bounced, or delayed
again.

Thanks - so basically this is not specifically something my Postfix
server is doing wrong or occurring due to config, correct?


Nothing you are directly in control of, no.


Unless he's trying to send dozens of emails/second to the remote SMTP 
server, which doesn't like such behaviour.



--
Tomasz Chmielewski
http://wpkg.org

Re: Receiving mail from non-RFC821 compliant addresses (numeric ip)

2008-10-10 Thread Victor Duchovni 
On Fri, Oct 10, 2008 at 04:47:09PM +0200, mouss wrote:

> > Oct 10 14:46:56 intra-mail postfix/smtpd[26338]: [ID 947731
> > mail.warning] warning: Illegal address syntax from unknown[1.2.3.4] in
> > MAIL command: <[EMAIL PROTECTED]>
> 
> - complain to your vendor
> - use an intermediary (proxy|script|whatever) to convert the adress to a
> valid one.

The valid address forms are:

- [EMAIL PROTECTED] ( [EMAIL PROTECTED] )
- [EMAIL PROTECTED] ( [EMAIL PROTECTED] )

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Receiving mail from non-RFC821 compliant addresses (numeric ip)

2008-10-10 Thread mouss 
Victor Duchovni a écrit :
> On Fri, Oct 10, 2008 at 04:47:09PM +0200, mouss wrote:
>
>   
>>> Oct 10 14:46:56 intra-mail postfix/smtpd[26338]: [ID 947731
>>> mail.warning] warning: Illegal address syntax from unknown[1.2.3.4] in
>>> MAIL command: <[EMAIL PROTECTED]>
>>>   
>> - complain to your vendor
>> - use an intermediary (proxy|script|whatever) to convert the adress to a
>> valid one.
>> 
>
> The valid address forms are:
>
>   - [EMAIL PROTECTED] ( [EMAIL PROTECTED] )
>   - [EMAIL PROTECTED] ( [EMAIL PROTECTED] )
>
>   

and, just for completeness,
- <>  (only as sender)
-   (only as recipient). now debatable...

Re: multiple outgoing interfaces?

2008-10-10 Thread Rainer Frey (Inxmail GmbH) 
On Wednesday 08 October 2008 00:52:15 Victor Duchovni wrote:
> It is possible to cause the outgoing transport to depend solely on the
> incoming IP in some special cases, but this is not something I am inclined
> to recommend to anyone. So I would prefer to pretend it is generally not
> possible, rather than present a complex and fragile design to solve an
> aesthetic "problem" with a narrowly applicable hack.

I'm looking for the same thing right now. Would you mind to present your idea 
anyway, so I could see if it might be applicable in my setup?

Regards,
Rainer
-- 
Inxmail GmbH
[EMAIL PROTECTED], www.inxmail.de

Handelsregister Freiburg, HRB 5870
Ust.-ID: DE198371679
Geschäftsleitung: Martin Bucher, Peter Ziras

Re: Refused Message from RCPT TO

2008-10-10 Thread mouss 
Carlos Williams a écrit :
> I am seeing in my logs several of the following:
>   

so why don't you show these logs?
> -Queue ID- --Size-- Arrival Time -Sender/Recipient---
> 9D3DB1FA461C  1046060 Fri Oct 10 09:37:27  [EMAIL PROTECTED]
> (host mx2.east.saic.com[198.151.13.25] said: 452 Deferred - [X.X.X.X]
> (in reply to RCPT TO command))
>  [EMAIL PROTECTED]
>   

this is not a log.
> Above the [X.X.X.X] is my public IP address for my Postfix server. My
> question is this being caused due to a poor Postfix configuration in
> main.cf or is this an issue based on how the client connecting to my
> Postfix server is composing the message headers?
>   

the remote server defers your transaction. it doesn't say why. The
problem may be on the remote side (too aggressive) or on yours. we can't
tell. and since you hide your infos, we can't give you an external
viewpoint.

> I am assuming that the machine / client initiating the message is
> improperly using the mail servers IP and this is what the receiving
> host is rejecting, no?
>   

we don't assume anything because we don't have enough infos.

Re: Refused Message from RCPT TO

2008-10-10 Thread Mark Watts 

On Friday 10 October 2008 14:56:42 Carlos Williams wrote:
> I am seeing in my logs several of the following:
>
> -Queue ID- --Size-- Arrival Time -Sender/Recipient---
> 9D3DB1FA461C  1046060 Fri Oct 10 09:37:27  [EMAIL PROTECTED]
> (host mx2.east.saic.com[198.151.13.25] said: 452 Deferred - [X.X.X.X]
> (in reply to RCPT TO command))
>  [EMAIL PROTECTED]
>
> Above the [X.X.X.X] is my public IP address for my Postfix server. My
> question is this being caused due to a poor Postfix configuration in
> main.cf or is this an issue based on how the client connecting to my
> Postfix server is composing the message headers?
>
> I am assuming that the machine / client initiating the message is
> improperly using the mail servers IP and this is what the receiving
> host is rejecting, no?

Probably greylisting. The messaage will probably get through on the next 
attempt.

Mark.

-- 
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Applied Technologies
GPG Key: http://www.linux-corner.info/mwatts.gpg


signature.asc
Description: This is a digitally signed message part.

cannot find reverse hostname for ip with enormous result

2008-10-10 Thread Aaron Wolfe 
Hello,

We use reject_unknown_client to fail messages from hosts with no rDNS.
 We have a situation with the host 216.163.249.229, which give the
following results:


NOQUEUE: reject: RCPT from unknown[216.163.249.229]: 450 4.7.1 Client
host rejected: cannot find your reverse hostname, [216.163.249.229];

There actually is reverse DNS for this address... 239 PTR records!
using 'host' returns them all, with a warning:

;; Truncated, retrying in TCP mode.
 .. and then all the results

So I guess the result is so large that UDP cannot contain it, and
within postfix the TCP method either isn't being tried or isn't
working.  Is this a problem with my resolver or something I can fix in
postfix?  The lookup does work on this machine using 'host' with the
above error.

-Aaron

Re: cannot find reverse hostname for ip with enormous result

2008-10-10 Thread Wietse Venema 
Aaron Wolfe:
> Hello,
> 
> We use reject_unknown_client to fail messages from hosts with no rDNS.
>  We have a situation with the host 216.163.249.229, which give the
> following results:
> 
> 
> NOQUEUE: reject: RCPT from unknown[216.163.249.229]: 450 4.7.1 Client
> host rejected: cannot find your reverse hostname, [216.163.249.229];
> 
> There actually is reverse DNS for this address... 239 PTR records!

Postfix uses the SYSTEM LIBRARY function getnameinfo(). If it does
not handle 239 replies, I suggest that you complain to your vendor.

Wietse

Re:[solved] Disabling global content_filter with an empty filter specified with an access table

2008-10-10 Thread Diego Liziero 
Both methods worked fine.

I would like to thank all of you for pointing me to the right direction.

I'm repeating here what I did with your suggestions just in case it
might be useful to someone else.
Feel free to correct me if I'm stating something wrong.

Here is the background info.

To use a post-queue content filter postfix has the global content_filter option.
To override this global option the access table FILTER action can be used.
Unfortunately it can only trigger another filter action, but not
disable the global filter.

What I was looking for:

I needed a way to disable the content filter for the null sender
(mailer-daemon) of a misbehaving smtpd server.

Here are the 2 ways that have been promptly suggested in this list.

- 1 - The First (and cleanest) way

for all mails coming from the broken smtpd ip, if the sender is empty,
don't use the filter (actually this is done using the return transport
that the filter uses to send mail back to postfix as it were a filter
itself).

main.cf:

smtpd_restriction_classes = avoid_filter

avoid_filter = check_sender_access
hash:/etc/postfix/hash/accept_mailer_daemon_from_broken_smtpd

smtpd_sender_restrictions = check_client_access
hash:/etc/postfix/hash/ip_broken_smtpd

where ip_broken_smtpd:
# ip smtpd
172.16.1.1 avoid_filter

and accept_mailer_daemon_from_broken_smtpd:
# <> is the empty sender
# relay:[127.0.0.1]:10026 is the return transport from the filter back
to postfix
<> FILTER relay:[127.0.0.1]:10026

That is, for the empty sender, email goes straight back to postfix
without using the global content filter.

Then, in master.cf, where is defined the return transport from the
filter, the smtp_sender_restrictions must be disabled to avoid loops:
# content filter loop back smtpd
localhost:10026 inet n - n - 20 smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_proxy_filter=
-o content_filter=
-o local_recipient_maps=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions= # <--
-o smtpd_enforce_tls=no

- 2 - The second way

the global content_filter option is disabled, and enabled in an access
table for everyone except for the empty sender of the smtpd ip.

in main.cf:
# disable global content filter
content_filter =

smtpd_restriction_classes = skip_mailer_daemon

skip_mailer_daemon = check_sender_access
hash:/etc/postfix/hash/dunno_mailer_daemon

smtpd_sender_restrictions =
  check_client_access  pcre:/etc/postfix/pcre/antivirus

dunno_mailer_daemon:
<> DUNNO

filter:
/172\.16\.1\.1$/   skip_mailer_daemon
/./ FILTER filtername:localhost:10025

that is if mail is coming from the broken smtpd ip and the sender is
empty, do nothing, otherwise use the filter.

To avoid loops the usual line must be added to the return transport of
the filter:
-o smtpd_sender_restrictions=

One last note.
When an access table FILTER is triggered, the filter name is logged,
so there is an extra line in the logs for each mail that triggers an
access table filter. So logs are more verbose in the second case.

Regards,
Diego.

Re: cannot find reverse hostname for ip with enormous result

2008-10-10 Thread mouss 
Aaron Wolfe a écrit :
> Hello,
>
> We use reject_unknown_client to fail messages from hosts with no rDNS.
>  We have a situation with the host 216.163.249.229, which give the
> following results:
>
>
> NOQUEUE: reject: RCPT from unknown[216.163.249.229]: 450 4.7.1 Client
> host rejected: cannot find your reverse hostname, [216.163.249.229];
>
> There actually is reverse DNS for this address... 239 PTR records!
>   

and some of these do not resolve.
$ host ms.metaproposreq.com
Host ms.metaproposreq.com not found: 3(NXDOMAIN)
$ host ms.methyattnotices.com
Host ms.methyattnotices.com not found: 3(NXDOMAIN)
...

so if one of these is returned as the first PTR, the forward lookup
won't return the original address, thus "unknown".


That's one reason why multiple PTRs are bad. They only create problems.


> using 'host' returns them all, with a warning:
>
> ;; Truncated, retrying in TCP mode.
>  .. and then all the results
>
> So I guess the result is so large that UDP cannot contain it, and
> within postfix the TCP method either isn't being tried or isn't
> working.  Is this a problem with my resolver or something I can fix in
> postfix?  The lookup does work on this machine using 'host' with the
> above error.
>

Re: [solved] Disabling global content_filter with an empty filter specified with an access table

2008-10-10 Thread Brian Evans - Postfix List 
Diego Liziero wrote:
> Both methods worked fine.
>
> I would like to thank all of you for pointing me to the right direction.
>   
...
> Then, in master.cf, where is defined the return transport from the
> filter, the smtp_sender_restrictions must be disabled to avoid loops:
> # content filter loop back smtpd
> localhost:10026 inet n - n - 20 smtpd
> -o smtpd_authorized_xforward_hosts=127.0.0.0/8
> -o smtpd_proxy_filter=
> -o content_filter=
> -o local_recipient_maps=
> -o smtpd_client_restrictions=
> -o smtpd_sender_restrictions= # <--
>   

In-line comments are not supported in main.cf or master.cf.  Recommend
removing # <-- if you really do have it there.

Other than that, great!

Brian

Re: [solved] Disabling global content_filter with an empty filter specified with an access table

2008-10-10 Thread Diego Liziero 
On Fri, Oct 10, 2008 at 9:27 PM, Brian Evans - Postfix List
<[EMAIL PROTECTED]> wrote:
> Diego Liziero wrote:
>> # content filter loop back smtpd
>> localhost:10026 inet n - n - 20 smtpd
>> -o smtpd_authorized_xforward_hosts=127.0.0.0/8
>> -o smtpd_proxy_filter=
>> -o content_filter=
>> -o local_recipient_maps=
>> -o smtpd_client_restrictions=
>> -o smtpd_sender_restrictions= # <--
>>
>
> In-line comments are not supported in main.cf or master.cf.  Recommend
> removing # <-- if you really do have it there.

Really? I always had this doubt, but I was almost confident that they
were supported.

Fortunately I don't have it in my config.



> Diego Liziero wrote:
>> smtpd_sender_restrictions =
>>  check_client_access  pcre:/etc/postfix/pcre/antivirus

well I renamed "antivirus" into "filter" without changing the previous line.
both of them are referring to the same file.

>> filter:
>> /172\.16\.1\.1$/   skip_mailer_daemon
>> /./ FILTER filtername:localhost:10025

Re: [solved] Disabling global content_filter with an empty filter specified with an access table

2008-10-10 Thread mouss 
Diego Liziero a écrit :
> On Fri, Oct 10, 2008 at 9:27 PM, Brian Evans - Postfix List
> <[EMAIL PROTECTED]> wrote:
>   
>> Diego Liziero wrote:
>> 
>>> # content filter loop back smtpd
>>> localhost:10026 inet n - n - 20 smtpd
>>> -o smtpd_authorized_xforward_hosts=127.0.0.0/8
>>> -o smtpd_proxy_filter=
>>> -o content_filter=
>>> -o local_recipient_maps=
>>> -o smtpd_client_restrictions=
>>> -o smtpd_sender_restrictions= # <--
>>>
>>>   
>> In-line comments are not supported in main.cf or master.cf.  Recommend
>> removing # <-- if you really do have it there.
>> 
>
> Really? I always had this doubt, but I was almost confident that they
> were supported.
>   

they are not. comments should go on their own lines (this applies to
both main.cf and master.cf).


# blah blah
-o smtpd_client_restrictions=
...

also, no spaces in options in master.cf. If you need spaces, define a
custom var in main.cf and use it:

-o foooption=${foobar}


and in main.cf:
foobar =
# first value
value 1
# second value
value 2




> Fortunately I don't have it in my config.
>

Re: saslfinger output, was Re: postfix hangs when SASL enabled

2008-10-10 Thread Travis 
On Tue, Oct 07, 2008 at 11:32:50PM +0200, mouss wrote:
> Travis wrote:
> >[snip]
> >-- basics --
> >Postfix: 2.3.8
> >System: Debian GNU/Linux 4.0 \n \l
> >[snip]
> >
> >-- listing of /usr/lib/sasl2 --
> >total 116
> >drwxr-xr-x  2 root root  4096 Oct  7 22:47 .
> >drwxr-xr-x 60 root root 20480 Sep 28 02:03 ..
> >-rw-r--r--  1 root root 21726 Dec 13  2006 libsasldb.a
> >-rw-r--r--  1 root root   856 Dec 13  2006 libsasldb.la
> >-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so
> >-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so.2
> >-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so.2.0.22
> >-rw-rw  1 root root49 Oct  7 22:47 smtpd.conf
> 
> 
> # apt-get install libsasl2-modules
> 
> >[snip]

Closer... now Thunderbird prompts for my password over and over, but I've
set it properly.
-- 
Crypto ergo sum.  http://www.subspacefield.org/~travis/
Truth does not fear scrutiny or competition, only lies do.
If you are a spammer, please email [EMAIL PROTECTED] to get blacklisted.

Does sendmail command see ldap accouns?

2008-10-10 Thread Jason Voorhees 
Hi friends:

I have Postfix 2.3.3 integraded with OpenLDAP to store my user accounts
and aliases.
I can send/receive emails without problems but when I try to send a
email using sendmail to a alias like this:

$ echo Test | sendmail -f [EMAIL PROTECTED] [EMAIL PROTECTED]

I get an error related to non-existent mailbox in Cyrus IMAP Server. But
 if I send emails trough SMTP protocol using a MUA o from any other SMTP
server then there are no problems dealing with LDAP aliases.

[EMAIL PROTECTED] is declared as an alias in my LDAP server.
I have the following settings:

mydestination = localhost, $mydomain, $myhostname, localhost.$mydomain
virtual_alias_maps = ldap:/etc/postfix/virtual_alias_maps.cf,
ldap:/etc/postfix/virtual_groups_alias_maps.cf
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,
$virtual_alias_maps

Is it normal the sendmail command doesn't read alias/users stores in an
external backend like LDAP or MySQL?

Thanks, bytes!

Re: saslfinger output, was Re: postfix hangs when SASL enabled

2008-10-10 Thread Travis 
On Fri, Oct 10, 2008 at 03:43:09PM -0500, Travis wrote:
> Closer... now Thunderbird prompts for my password over and over, but I've
> set it properly.

What's the meaning of:

Oct 10 22:40:55 lexus postfix/smtpd[13983]: warning: SASL authentication 
failure: cannot connect to saslauthd server: Permission denied

-- 
Crypto ergo sum.  http://www.subspacefield.org/~travis/
Truth does not fear scrutiny or competition, only lies do.
If you are a spammer, please email [EMAIL PROTECTED] to get blacklisted.

Re: cannot find reverse hostname for ip with enormous result

2008-10-10 Thread Ralf Hildebrandt 
* Aaron Wolfe <[EMAIL PROTECTED]>:
> Hello,
> 
> We use reject_unknown_client to fail messages from hosts with no rDNS.

That's wrong.
reject_unknown_reverse_client_hostname
is what you want instead.

-- 
Ralf Hildebrandt ([EMAIL PROTECTED])  [EMAIL PROTECTED]
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de  I'm looking for a job
If at first you don't succeed, destroy all evidence that you tried.

Re: Does sendmail command see ldap accouns?

2008-10-10 Thread Sahil Tandon 
Jason Voorhees <[EMAIL PROTECTED]> wrote:

> Hi friends:
> 
> I have Postfix 2.3.3 integraded with OpenLDAP to store my user accounts
> and aliases.
> I can send/receive emails without problems but when I try to send a
> email using sendmail to a alias like this:
> 
> $ echo Test | sendmail -f [EMAIL PROTECTED] [EMAIL PROTECTED]
> 
> I get an error related to non-existent mailbox in Cyrus IMAP Server. But
>  if I send emails trough SMTP protocol using a MUA o from any other SMTP
> server then there are no problems dealing with LDAP aliases.
> 
> [EMAIL PROTECTED] is declared as an alias in my LDAP server.
> I have the following settings:
> 
> mydestination = localhost, $mydomain, $myhostname, localhost.$mydomain
> virtual_alias_maps = ldap:/etc/postfix/virtual_alias_maps.cf,
> ldap:/etc/postfix/virtual_groups_alias_maps.cf
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,
> $virtual_alias_maps

Don't post snippets of your main.cf; as advised in DEBUG_README, please
post output of 'postconf -n'.  Also, what does the pickup service look
like in your master.cf?

-- 
Sahil Tandon <[EMAIL PROTECTED]>

Re: cannot find reverse hostname for ip with enormous result

2008-10-10 Thread Aaron Wolfe 
On Fri, Oct 10, 2008 at 5:52 PM, Ralf Hildebrandt
<[EMAIL PROTECTED]> wrote:
> * Aaron Wolfe <[EMAIL PROTECTED]>:
>> Hello,
>>
>> We use reject_unknown_client to fail messages from hosts with no rDNS.
>
> That's wrong.
> reject_unknown_reverse_client_hostname
> is what you want instead.
>

It depends on what version of postfix you use, see
http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname

-Aaron

> --
> Ralf Hildebrandt ([EMAIL PROTECTED])  [EMAIL PROTECTED]
> Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
> http://www.arschkrebs.de  I'm looking for a job
> If at first you don't succeed, destroy all evidence that you tried.
>

Re: cannot find reverse hostname for ip with enormous result

2008-10-10 Thread Ralf Hildebrandt 
* Aaron Wolfe <[EMAIL PROTECTED]>:
> On Fri, Oct 10, 2008 at 5:52 PM, Ralf Hildebrandt
> <[EMAIL PROTECTED]> wrote:
> > * Aaron Wolfe <[EMAIL PROTECTED]>:
> >> Hello,
> >>
> >> We use reject_unknown_client to fail messages from hosts with no rDNS.
> >
> > That's wrong.
> > reject_unknown_reverse_client_hostname
> > is what you want instead.
> >
> 
> It depends on what version of postfix you use, see
> http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname

Read what I wrote.
reject_unknown_reverse_client_hostname != reject_unknown_client_hostname

-- 
Ralf Hildebrandt ([EMAIL PROTECTED])  [EMAIL PROTECTED]
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de  I'm looking for a job
"One smaller motivation which, in part, stems from altruism is
Microsoft-bashing."- Vinod Valloppillil (Microsoft)

Re: cannot find reverse hostname for ip with enormous result

2008-10-10 Thread Leonardo Rodrigues Magalhães 



Aaron Wolfe escreveu:

NOQUEUE: reject: RCPT from unknown[216.163.249.229]: 450 4.7.1 Client
host rejected: cannot find your reverse hostname, [216.163.249.229];

There actually is reverse DNS for this address... 239 PTR records!
using 'host' returns them all, with a warning:

  


   Aaron contacted me in PVT because i had the same problem some months 
ago. Here's what i sent directly to his email, as a reply of the message 
he sent me:


Aaron:

I have this same issue now, on a different platform (debian) and a
host with 240 ptr records.
Did you ever find a resolution to this issue with getnameinfo?



My answer:



 yes  it was a glibc bug, not postfix one. Postfix was doing the right
thing, but glibc wasnt.

  the glibc team patched glibc for that bug. If you're using a pretty new
recent distro, the patch should be already applied in your package. If not,
you'll probably have to recompile glibc to get rid of this problem.

  bugzilla for the fedora team, the distro i used
https://bugzilla.redhat.com/show_bug.cgi?id=428067

  and then the same bug for the glibc team
  where the problem was acknowledged and fixed
http://sources.redhat.com/bugzilla/show_bug.cgi?id=5790









--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
[EMAIL PROTECTED]
My SPAMTRAP, do not email it

Re: cannot find reverse hostname for ip with enormous result

2008-10-10 Thread Aaron Wolfe 
On Fri, Oct 10, 2008 at 7:19 PM, Ralf Hildebrandt
<[EMAIL PROTECTED]> wrote:
> * Aaron Wolfe <[EMAIL PROTECTED]>:
>> On Fri, Oct 10, 2008 at 5:52 PM, Ralf Hildebrandt
>> <[EMAIL PROTECTED]> wrote:
>> > * Aaron Wolfe <[EMAIL PROTECTED]>:
>> >> Hello,
>> >>
>> >> We use reject_unknown_client to fail messages from hosts with no rDNS.
>> >
>> > That's wrong.
>> > reject_unknown_reverse_client_hostname
>> > is what you want instead.
>> >
>>
>> It depends on what version of postfix you use, see
>> http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
>
> Read what I wrote.
> reject_unknown_reverse_client_hostname != reject_unknown_client_hostname

No one said they were equivalent, but they are both unavailable in
version of Postfix prior to 2.3, please see the link I posted before.

>
> --
> Ralf Hildebrandt ([EMAIL PROTECTED])  [EMAIL PROTECTED]
> Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
> http://www.arschkrebs.de  I'm looking for a job
> "One smaller motivation which, in part, stems from altruism is
> Microsoft-bashing."- Vinod Valloppillil (Microsoft)
>

Re: cannot find reverse hostname for ip with enormous result

2008-10-10 Thread Aaron Wolfe 
On Fri, Oct 10, 2008 at 7:20 PM, Leonardo Rodrigues Magalhães
<[EMAIL PROTECTED]> wrote:
>
>
> Aaron Wolfe escreveu:
>>
>> NOQUEUE: reject: RCPT from unknown[216.163.249.229]: 450 4.7.1 Client
>> host rejected: cannot find your reverse hostname, [216.163.249.229];
>>
>> There actually is reverse DNS for this address... 239 PTR records!
>> using 'host' returns them all, with a warning:
>>
>>
>
>   Aaron contacted me in PVT because i had the same problem some months ago.
> Here's what i sent directly to his email, as a reply of the message he sent
> me:
>
> Aaron:
>
> I have this same issue now, on a different platform (debian) and a
> host with 240 ptr records.
> Did you ever find a resolution to this issue with getnameinfo?
>
>
>
> My answer:
>
>>
>>  yes  it was a glibc bug, not postfix one. Postfix was doing the right
>> thing, but glibc wasnt.
>>
>>  the glibc team patched glibc for that bug. If you're using a pretty new
>> recent distro, the patch should be already applied in your package. If
>> not,
>> you'll probably have to recompile glibc to get rid of this problem.
>>
>>  bugzilla for the fedora team, the distro i used
>> https://bugzilla.redhat.com/show_bug.cgi?id=428067
>>
>>  and then the same bug for the glibc team
>>  where the problem was acknowledged and fixed
>> http://sources.redhat.com/bugzilla/show_bug.cgi?id=5790
>>
>>
>
>

Thanks for your private reply and post.  I was going to post your
discoveries here too, but in this case I believe the problem is not
glibc (I have version 2.7-10, I believe the bug was in v2.3.6).  The
particular host not only has 200+ PTR records, but many of them are
invalid as pointed out by mouss.  So this seems to be normal behavior
actually, postfix is given an unresolvable result and behaves as
expected.  Thanks for all the help guys!


>
>
>
>
> --
>
>
>Atenciosamente / Sincerily,
>Leonardo Rodrigues
>Solutti Tecnologia
>http://www.solutti.com.br
>
>Minha armadilha de SPAM, NÃO mandem email
>[EMAIL PROTECTED]
>My SPAMTRAP, do not email it
>
>
>
>
>

Re: Attachments with email from command line?

2008-10-10 Thread Postfix User 

On Fri, 2008-10-10 at 08:42 +0200, mouss wrote:
> Uwe Dippel a écrit :
> > mouss wrote:
> >
> >> or use Perl.
> >>
> >> use MIME::Lite;
> >>
> >> my $msg = MIME::Lite->new(
> >> From=> '[EMAIL PROTECTED]',
> >> To  => '[EMAIL PROTECTED]',
> >> Cc  => '[EMAIL PROTECTED], [EMAIL PROTECTED]',
> >> Subject => 'blah blah',
> >> Type=> 'multipart/mixed'
> >> );
> >>
> >> $msg->attach(
> >> Type => 'TEXT',
> >> Data => "blah blah blah blah"
> >> );
> >>
> >> $msg->attach(
> >> Type => '|application/vnd.ms-excel|',
> >> Path => '/path/to/foo.xls',
> >> Filename => 'foo.xls',
> >> Disposition => 'attachment'
> >> );
> >>
> >> $msg->send;
> >>
> >>
> >
> > Thanks,
> >
> > you were faster than me, I was already starting to devise some in
> > shell script.
> >
> > Aside of hacks, I *think* that it might make sense to have a
> > non-hacked solution. As system administrators, we, at least I, send
> > quite a number of items with mail (cronjobs).
> > Therefore, IMHVHO, a tool distributed with *nix or *fix (wrapping
> > around mail) might be useful?
> >
> 
> There are already: mutt, mpack, metamail, ...
> 
> 
> (That said, perl and perl modules are available as packages on many
> systems :)
> 
> 

or just bash and coreutils, http://linuxnet.ca/postfix/attachment

--

timeout after DATA in maillog; is this IP path MTU discovery issue from FAQ?

2008-10-10 Thread Sahil Tandon 
This afternoon a user complained about missing email and mentioned that
the sender "is not getting a bounce".  In the logs I see several
iterations of:

Oct 10 09:51:42 aegis postfix/smtpd[52803]: timeout after DATA (256605 bytes) 
from relay.airtiger.com[63.170.171.120]
Oct 10 10:09:56 aegis postfix/smtpd[53022]: timeout after DATA (3240605 bytes) 
from relay.airtiger.com[63.170.171.120]
Oct 10 11:09:36 aegis postfix/smtpd[53463]: timeout after DATA (2998025 bytes) 
from relay.airtiger.com[63.170.171.120]

The sending server is re-trying every hour and the sending user will
probably get a bounce once the other MTA gives up.  I just want to
make sure there isn't anything I can do on my end to help this mail
through?  Based on archives, I tried the mtr tool suggested by Wietse:

HOST: aegis.hamla.org Loss%   Snt   Last   Avg  Best  Wrst StDev
  1. bfw02.m5hosting.com   0.0%102.4   1.8   0.5   3.7   1.1
  2. br02.sdtc.m5hosting.net   0.0%102.5  55.4   2.3 528.5 166.2
  3. ais-ar01.sdtc.m5hosting.net   0.0%100.8  16.6   0.5 118.7  36.9
  4. owb.br03.g5-1.americanis.net  0.0%104.7   4.7   4.6   4.9   0.1
  5. 207.43.189.2090.0%10   69.0  35.3   4.7 101.0  40.4
  6. sl-crs2-ana-0-13-3-0.sprintl  0.0%105.7   5.5   5.3   5.8   0.1
  7. sl-crs2-ana-0-8-0-0.sprintli  0.0%105.3   5.4   5.3   5.5   0.1
  8. sl-gw9-ana-4-0-0.sprintlink.  0.0%10  218.1  26.8   5.3 218.1  67.2
  9. sl-airti-5-0.sprintlink.net   0.0%10   13.4  13.5  12.9  14.8   0.5
 10. ???  100.0100.0   0.0   0.0   0.0   0.0

So, 100% loss is obviously an issue, but am I out of luck besides
contacting the [EMAIL PROTECTED]

postconf -n:

allow_percent_hack = no
biff = no
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
defer_transports = hold
delay_warning_time = 2h
disable_vrfy_command = yes
header_checks = regexp:/usr/local/etc/postfix/header_checks.regexp
home_mailbox = Maildir/
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mailq_path = /usr/local/bin/mailq
message_size_limit = 2048
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
rbl_reply_maps = hash:/usr/local/etc/postfix/rbl_reply_maps
receive_override_options = no_address_mappings
recipient_delimiter = +
relocated_maps = hash:/usr/local/etc/postfix/relocated
sendmail_path = /usr/local/sbin/sendmail
show_user_unknown_table_name = no
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_recipient_restrictions =
 reject_unlisted_sender
 reject_non_fqdn_sender
 reject_non_fqdn_recipient
 reject_unknown_recipient_domain
 reject_unlisted_recipient
 permit_mynetworks
 permit_sasl_authenticated
 reject_unauth_destination 
 reject_unknown_sender_domain
 check_recipient_access hash:/usr/local/etc/postfix/roleaccount_exceptions
 reject_invalid_helo_hostname
 check_client_access hash:/usr/local/etc/postfix/SA_bypass
 check_sender_access hash:/usr/local/etc/postfix/sender_checks
 check_helo_access pcre:/usr/local/etc/postfix/helo_checks
 check_client_access hash:/usr/local/etc/postfix/client_restrictions
 reject_rbl_client zen.spamhaus.org=127.0.0.10
 reject_rbl_client zen.spamhaus.org=127.0.0.11
 reject_rbl_client zen.spamhaus.org
 check_sender_access pcre:/usr/local/etc/postfix/sender_backscatterer.pcre
 check_policy_service inet:[127.0.0.1]:10040
 check_client_access pcre:/usr/local/etc/postfix/forced_greylist
smtpd_restriction_classes = greylist check_backscatter
smtpd_sasl_path = private/auth
smtpd_tls_CAfile = /usr/local/openssl/certs/tls.pem
smtpd_tls_cert_file = /usr/local/openssl/certs/tls.pem
smtpd_tls_key_file = /usr/local/openssl/private/tls.pem
smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_scache
transport_maps = hash:/usr/local/etc/postfix/transport
virtual_alias_domains = tandon.net
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual_aliases
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = example0.org example1.com example2.com 
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000

-- 
Sahil Tandon <[EMAIL PROTECTED]>

Re: Does sendmail command see ldap accouns?

2008-10-10 Thread Victor Duchovni 
On Fri, Oct 10, 2008 at 04:17:50PM -0500, Jason Voorhees wrote:

> Is it normal the sendmail command doesn't read alias/users stores in an
> external backend like LDAP or MySQL?

No, both SMTP submission and local submission via sendmail(1) place a
message in the Postfix queue via the cleanup service. Alias processing
happens the same way in both cases, since nothing in Postfix later
depends on how the message came in with the following (non-default)
exceptions:

- content_filter settings may be depend on how a message arrives

- "receive_override_options" may be set to disable rewriting in
some smtpd(8) or pickup instances as described in FILTER_README.

If alias processing is observed to be incomplete for local submission,
either you are not using the Postfix sendmail(1) interface (you've
posted no logs, so we can't tell) or you have receive_override_options
or content_filters settings or a combination of the two that get in the
way.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: timeout after DATA in maillog; is this IP path MTU discovery issue from FAQ?

2008-10-10 Thread Victor Duchovni 
On Sat, Oct 11, 2008 at 12:04:22AM -0400, Sahil Tandon wrote:

> This afternoon a user complained about missing email and mentioned that
> the sender "is not getting a bounce".  In the logs I see several
> iterations of:
> 
> Oct 10 09:51:42 aegis postfix/smtpd[52803]: timeout after DATA (256605 bytes) 
> from relay.airtiger.com[63.170.171.120]
> Oct 10 10:09:56 aegis postfix/smtpd[53022]: timeout after DATA (3240605 
> bytes) from relay.airtiger.com[63.170.171.120]
> Oct 10 11:09:36 aegis postfix/smtpd[53463]: timeout after DATA (2998025 
> bytes) from relay.airtiger.com[63.170.171.120]

With so much DATA sent, it seems unlikely that this is an MTU issue. Perhaps
the remote server gives up after a fixed amount of time? Perhaps there is
an issue with SMTP "transparency", or a TLS implementation bug? You need
to tcpdump the session (full packet capture) and see what happens just before
the connection is lost...

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.