smtpd_client_restrictions break connection immediately after connect

2008-10-14 Thread ram 
On one of my servers I have put in main.cf

smtpd_client_restrictions = permit_mynetworks,reject
Because I want only my internal servers to use this machine as a relay. 


This works as expected , but when connections come from outside
mynetworks the Error comes only after "RCPT TO:" 

Can I just not give an error AND close the connection immediately after
connect rather than wait for RCPT TO:




Thanks
Ram

Re: multiple outgoing interfaces?

2008-10-14 Thread Янченко Игорь 
Tomasz Chmielewski пишет:
> mouss schrieb:
>> Tomasz Chmielewski wrote:
> 
>>> Basically, if Postfix can specify the source IP address, that should
>>> be fine for me... provided that it can make some decisions here
>>> (i.e., which outgoing interface to choose, depending on From: or
>>> Received: etc).
>>>
>>
>>
>> since you have one network card, you have one outgoing interface.
>> Choosing among one thing would be strange outside of maths ;-p
> 
> Now I see I didn't pick the thread's title very well ;)
> (should be: "multiple outgoing IP addresses").
> 
> 
master.cf:

...

127.0.0.1:10025 inet n  -   n   -   -   smtpd
-o cleanup_service_name=example-cleanup
-o myhostname=example-smtp.example.org
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=
-o smtpd_end_of_data_restrictions=

example-smtp   unix  -  -n- - smtp
-o smtp_bind_address=ip.add.re.ss
-o myhostname=example-smtp.example.org
example-rewrite unix -  -n- - trivial-rewrite
-o default_transport=example-smtp:
example-qmgr   fifo  n   -   n300   1 qmgr
-o rewrite_service_name=example-rewrite
example-cleanup unix n   -   n- 0 cleanup
-o queue_service_name=example-qmgr

and write rule to filter (this another question)

PS sorry for my english

-- 
С Уважением, Янченко Игорь
email: mailto:[EMAIL PROTECTED]
jabber: xmpp://[EMAIL PROTECTED]
SKIF ISP
IGR0-UANIC

Re: smtpd_client_restrictions break connection immediately after connect

2008-10-14 Thread Nikita Kipriyanov 

ram пишет:

On one of my servers I have put in main.cf

smtpd_client_restrictions = permit_mynetworks,reject
Because I want only my internal servers to use this machine as a relay. 



This works as expected , but when connections come from outside
mynetworks the Error comes only after "RCPT TO:" 


Can I just not give an error AND close the connection immediately after
connect rather than wait for RCPT TO:


  

Yes, you can. See http://www.postfix.org/postconf.5.html#smtpd_delay_reject
It is on by default, so postfix delays reject until RCPT TO; if you turn
off that parameter, it will reject immediatly. But, not all mail
software understand that early reject properly, so be warned.

Nikita

Re: smtpd_client_restrictions break connection immediately after connect

2008-10-14 Thread Nikita Kipriyanov 

http://www.postfix.org/postconf.5.html#smtpd_delay_reject

more to say, even better is to block external connections with firewall

Re[2]: SMTP and SASL/TLS problem

2008-10-14 Thread Алексей Доморадов 
>  postfix/smtpd[11997]: warning: SASL authentication problem: unable to open
> Berkeley db /etc/sasldb2: No such file or directory
> 
> 
> It's the last line that confuses me, it shouldn't be looking in /etc/sasldb2
> at all, it should be looking in the database
> 
> here is my /etc/postfix/sasl/smtpd.conf
> 
> pwcheck_method: auxprop
> auxprop_plugin: sql
> mech_list: login cram-md5 digest-md5
> sql_engine: mysql
> sql_hostnames: localhost
> sql_user: [[mail username]]
> sql_passwd: [[sql passwd]]
> sql_database: maildb
> sql_select: select clear from users where id='[EMAIL PROTECTED]' and enabled 
> = 1
> 

Move smtpd.conf from /etc/postfix/sasl/ to /usr/lib/sasl2. Restart postfix and 
try again

Also read this http://www.postfix.org/postconf.5.html#smtpd_sasl_path

Re: Postfix Virtual

2008-10-14 Thread Daniel V. Reinhardt 
I prefer top posting then posting at the bottom so you have to scroll
to find any sort of help message there is.  Not to mention it all
clutters the messages, and the help or assistance is hidden in the
convoluted mess of bottom posting.

Oh yeah you need to fix your reply to:  iti s going to postfix.com which 
doesn't exist.

 Daniel Reinhardt
Website: www.cryptodan.com
Email: [EMAIL PROTECTED]
Junior Network Security Engineer



- Original Message 
From: Gerard <[EMAIL PROTECTED]>
To: postfix-users@postfix.org
Sent: Monday, October 13, 2008 8:05:59 PM
Subject: Re: Postfix Virtual

On Mon, 13 Oct 2008 15:19:46 -0400
sgsweb <[EMAIL PROTECTED]> wrote:

>Are you really trying to be this anal or were you born that way?  What 
>part of my response did you not understand?  I tried to be as specific 
>as I can with the response.  What did you not understand?  Were you 
>offended (or confused) by the two different colors?  Please explain.
>
>sgs.
>
>mouss said the following on 10/13/2008 12:52 PM:
>> sgsweb a écrit :
>>  
>>> Thanks for the reply.  Please see the answers to the questions below
>>> starting with
>>>
>>
>> Do you want help or do you want to impress us with bold blue?

I believe, what he means is that your use of HTML is unacceptable.
Personally, I find your personal character attacks and use of 'top
posting' to be equally unacceptable. 

-- 
Gerard
[EMAIL PROTECTED]

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Also, the Scots are said to have invented golf.  Then they had
to invent Scotch whiskey to take away the pain and frustration.

Re: Newbie needs help with virtual domain e-mail... mail not getting to /home/vmail

2008-10-14 Thread Brian Evans - Postfix List 
Keith Palmer Jr. wrote:
>  * Postfix newbie alert *
>
> I'm trying to set it up so that I can have e-mail addresses that are not
> tied to my FreeBSD system accounts. I'd like to have it pull the list of
> recipients/domains from plain text files, and then I'll set up Dovecot to
> retrieve mail via POP3/IMAP. The mailboxes should be stored in Maildir
> format.
>
> Right now, I can telnet in and send an e-mail using MAIL FROM, RCPT TO,
> DATA, but I don't know where that e-mail ends up. Nothing ever shows up in
> /home/vmail (i.e. no directories are created, and no e-mails get dumped
> there that I can see).
>
>  What am I doing wrong?
>   

See comments below.

>  Thanks in advance!
>
>   - Keith
>
>
>
>
> So, I have a /usr/local/etc/postfix/vmaps which looks like this (and I
> used postmap /usr/local/etc/postfix/vmaps to build a vmaps.db file out of
> it):
> 
> [EMAIL PROTECTED]   domain1.com/info/
> [EMAIL PROTECTED]   domain2.com/keith/
> 
>   

Please use example.(com|net|org) to replace domains.

> I have a directory named /home/vmail user/group vmail 5000:5000. I have
> not created any directories in this folder, I don't know if I need to or
> not... I saw something somewhere about using makemaildir.dovecot, but I
> don't have that script/binary on my FreeBSD system anywhere.
>
> I have a /usr/local/etc/postfix/vhosts file which looks like:
> 
> domain1.com
> domain2.com
> 
>
>
> I can telnet to port 25 and send an e-mail. I don't know where that e-mail
> goes. If I run postqueue -p it shows nothing in the queue. If I run mailq,
> I can see the e-mails but I can't tell what it's doing with them (and I
> don't really know anything about the mailq command).
>
>
>
> Here's my main.cf file:
>   

We prefer 'postconf -n' because it catches things like typos.
Logs?
What is the output of 'ls -lnd /home/vmail'?

Please read (as mentioned in the welcome message)
http://www.postfix.org/DEBUG_README.html#mail

If the postconf -n does not show mydestination, please show 'postconf
mydestination' as well.

Brian

problems adding 2nd instance.

2008-10-14 Thread Stefan Sczekalla 

Hi,

my host is an Openbsd 4.2, Postfix 2.5.5 installed from source.

I'm runnig postfix not chrooted

Following various instructions I copied the /etc/posfix dirs, added a
new Spool-Path with dirs,
edited the new main.cf acooring to the new domain the instance is
responsible for, added the alternate_config_directories entry.

When starting the second instance "postfix -c /etc/posfix2 start"
maillog logs:

Oct 14 15:30:45 OpenBSD42 postfix/master[11315]: fatal: open lock file
/var/lib/postfix/master.lock: unable to set exclusive lock: Resource
temporarily unavailable

any ideas ?

Kind regards,

Stefan

Re: problems adding 2nd instance.

2008-10-14 Thread Brian Evans - Postfix List 
Stefan Sczekalla wrote:
> Hi,
>
> my host is an Openbsd 4.2, Postfix 2.5.5 installed from source.
>
> I'm runnig postfix not chrooted
>
> Following various instructions I copied the /etc/posfix dirs, added a
> new Spool-Path with dirs,
> edited the new main.cf acooring to the new domain the instance is
> responsible for, added the alternate_config_directories entry.
>   

Is adding a domain the only reason for a second instance? Couldn't use a
virtual mailbox or virtual alias domain?

> When starting the second instance "postfix -c /etc/posfix2 start"
> maillog logs:
>
> Oct 14 15:30:45 OpenBSD42 postfix/master[11315]: fatal: open lock file
> /var/lib/postfix/master.lock: unable to set exclusive lock: Resource
> temporarily unavailable
>   

Postfix 2.5 added the data_directory parameter.
(http://www.postfix.org/postconf.5.html#data_directory)
This refers to the /var/lib/postfix in many installs.

Brian

Re: SMTP and SASL/TLS problem

2008-10-14 Thread Issac Kelly 
Here is my saslfinger output

#saslfinger -c
saslfinger - postfix Cyrus sasl configuration Tue Oct 14 06:22:13 PDT 2008
version: 1.0.2
mode: client-side SMTP AUTH

-- basics --
Postfix: 2.5.1
System: Ubuntu 8.04 \n \l

-- smtp is linked to --
   libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00843000)

-- active SMTP AUTH and TLS parameters for smtp --
smtp_tls_note_starttls_offer = yes


-- listing of /usr/lib/sasl2 --
total 796
drwxr-xr-x  2 root root  4096 2008-10-14 06:06 .
drwxr-xr-x 55 root root 12288 2008-05-04 09:48 ..
-rw-r--r--  1 root root 13568 2008-04-09 14:50 libanonymous.a
-rw-r--r--  1 root root   862 2008-04-09 14:49 libanonymous.la
-rw-r--r--  1 root root 12984 2008-04-09 14:50 libanonymous.so
-rw-r--r--  1 root root 12984 2008-04-09 14:50 libanonymous.so.2
-rw-r--r--  1 root root 12984 2008-04-09 14:50 libanonymous.so.2.0.22
-rw-r--r--  1 root root 15834 2008-04-09 14:50 libcrammd5.a
-rw-r--r--  1 root root   848 2008-04-09 14:49 libcrammd5.la
-rw-r--r--  1 root root 15320 2008-04-09 14:50 libcrammd5.so
-rw-r--r--  1 root root 15320 2008-04-09 14:50 libcrammd5.so.2
-rw-r--r--  1 root root 15320 2008-04-09 14:50 libcrammd5.so.2.0.22
-rw-r--r--  1 root root 46332 2008-04-09 14:50 libdigestmd5.a
-rw-r--r--  1 root root   871 2008-04-09 14:49 libdigestmd5.la
-rw-r--r--  1 root root 43020 2008-04-09 14:50 libdigestmd5.so
-rw-r--r--  1 root root 43020 2008-04-09 14:50 libdigestmd5.so.2
-rw-r--r--  1 root root 43020 2008-04-09 14:50 libdigestmd5.so.2.0.22
-rw-r--r--  1 root root 13574 2008-04-09 14:50 liblogin.a
-rw-r--r--  1 root root   842 2008-04-09 14:49 liblogin.la
-rw-r--r--  1 root root 13268 2008-04-09 14:50 liblogin.so
-rw-r--r--  1 root root 13268 2008-04-09 14:50 liblogin.so.2
-rw-r--r--  1 root root 13268 2008-04-09 14:50 liblogin.so.2.0.22
-rw-r--r--  1 root root 30016 2008-04-09 14:50 libntlm.a
-rw-r--r--  1 root root   836 2008-04-09 14:49 libntlm.la
-rw-r--r--  1 root root 29236 2008-04-09 14:50 libntlm.so
-rw-r--r--  1 root root 29236 2008-04-09 14:50 libntlm.so.2
-rw-r--r--  1 root root 29236 2008-04-09 14:50 libntlm.so.2.0.22
-rw-r--r--  1 root root 13798 2008-04-09 14:50 libplain.a
-rw-r--r--  1 root root   842 2008-04-09 14:49 libplain.la
-rw-r--r--  1 root root 13396 2008-04-09 14:50 libplain.so
-rw-r--r--  1 root root 13396 2008-04-09 14:50 libplain.so.2
-rw-r--r--  1 root root 13396 2008-04-09 14:50 libplain.so.2.0.22
-rw-r--r--  1 root root 22126 2008-04-09 14:50 libsasldb.a
-rw-r--r--  1 root root   873 2008-04-09 14:49 libsasldb.la
-rw-r--r--  1 root root 18080 2008-04-09 14:50 libsasldb.so
-rw-r--r--  1 root root 18080 2008-04-09 14:50 libsasldb.so.2
-rw-r--r--  1 root root 18080 2008-04-09 14:50 libsasldb.so.2.0.22
-rw-r--r--  1 root root 23696 2008-04-09 14:50 libsql.a
-rw-r--r--  1 root root   971 2008-04-09 14:49 libsql.la
-rw-r--r--  1 root root 23140 2008-04-09 14:50 libsql.so
-rw-r--r--  1 root root 23140 2008-04-09 14:50 libsql.so.2
-rw-r--r--  1 root root 23140 2008-04-09 14:50 libsql.so.2.0.22
-rw-r--r--  1 root root   258 2008-10-14 06:07 smtpd.conf


Cannot find the smtp_sasl_password_maps parameter in main.cf.
Client-side SMTP AUTH cannot work without this parameter!

# saslfinger -s
#-- basics --
Postfix: 2.5.1
System: Ubuntu 8.04 \n \l

-- smtpd is linked to --
   libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x005fc000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/postfix.cert
smtpd_tls_key_file = /etc/postfix/postfix.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = no


-- listing of /usr/lib/sasl2 --
total 796
drwxr-xr-x  2 root root  4096 2008-10-14 06:06 .
drwxr-xr-x 55 root root 12288 2008-05-04 09:48 ..
-rw-r--r--  1 root root 13568 2008-04-09 14:50 libanonymous.a
-rw-r--r--  1 root root   862 2008-04-09 14:49 libanonymous.la
-rw-r--r--  1 root root 12984 2008-04-09 14:50 libanonymous.so
-rw-r--r--  1 root root 12984 2008-04-09 14:50 libanonymous.so.2
-rw-r--r--  1 root root 12984 2008-04-09 14:50 libanonymous.so.2.0.22
-rw-r--r--  1 root root 15834 2008-04-09 14:50 libcrammd5.a
-rw-r--r--  1 root root   848 2008-04-09 14:49 libcrammd5.la
-rw-r--r--  1 root root 15320 2008-04-09 14:50 libcrammd5.so
-rw-r--r--  1 root root 15320 2008-04-09 14:50 libcrammd5.so.2
-rw-r--r--  1 root root 15320 2008-04-09 14:50 libcrammd5.so.2.0.22
-rw-r--r--  1 root root 46332 2008-04-09 14:50 libdigestmd5.a
-rw-r--r--  1 root root   871 2008-04-09 14:49 libdigestmd5.la
-rw-r--r--  1 root root 43020 2008-04-09 14:50 libdigestmd5.so
-rw-r--r--  1 root root 43020 2008-04-09 14:50 libdigestmd5.so.2
-rw-r--r--  1 root root 43020 2008-04-09 14:50 libdigestmd5.so.2.0.22
-rw-r--r--  1 root root 13574 20

Re: problems adding 2nd instance.

2008-10-14 Thread mouss 
Stefan Sczekalla a écrit :
> Hi,
> 
> my host is an Openbsd 4.2, Postfix 2.5.5 installed from source.
> 
> I'm runnig postfix not chrooted
> 
> Following various instructions I copied the /etc/posfix dirs, added a
> new Spool-Path with dirs,
> edited the new main.cf acooring to the new domain the instance is
> responsible for, added the alternate_config_directories entry.
> 
> When starting the second instance "postfix -c /etc/posfix2 start"
> maillog logs:
> 
> Oct 14 15:30:45 OpenBSD42 postfix/master[11315]: fatal: open lock file
> /var/lib/postfix/master.lock: unable to set exclusive lock: Resource
> temporarily unavailable
> 
> any ideas ?

you also need a specific data_directory. so create a new dir and specify
it in the main.cf of the new instance.


PS. Note that the "tradition" for BSD systems is to use /var/db instead
of /var/lib.

Re: Newbie needs help with virtual domain e-mail... mail not getting to /home/vmail

2008-10-14 Thread Nikita Kipriyanov 

Keith Palmer Jr. wrote:

> I have a directory named /home/vmail user/group vmail 5000:5000. I have
> not created any directories in this folder, I don't know if I need to or
> not... I saw something somewhere about using makemaildir.dovecot, but I
> don't have that script/binary on my FreeBSD system anywhere.

http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox said:

Note: mail delivery happens with the recipient's UID/GID privileges 
specified with virtual_uid_maps and virtual_gid_maps.
Postfix 2.0 and earlier will not create mailDIRs in world-writable 
parent directories; you must create them in advance before you can use 
them. Postfix may be able to create mailBOX files by itself, depending 
on parent directory write permissions, but it is safer to create mailBOX 
files ahead of time.


So, try to create empty Maildirs, with UID:GID set to 5000:5000; notice 
that Dovecot probally shoud run with same uid and gid to access mail.


I began my virtual hosting setup with similar configuration, and the 
main difference was that I've created Maildirs in advance; all worked 
for me.


> I have a /usr/local/etc/postfix/vhosts file which looks like:
> 
> domain1.com
> domain2.com
> 
Even if return value of hash table isn't used by Postfix, it still has 
to be specified (anything will do). So your domain file should look like:



domain1.comOK
domain2.comOK


> I can telnet to port 25 and send an e-mail. I don't know where that 
e-mail
> goes. If I run postqueue -p it shows nothing in the queue. If I run 
mailq,

> I can see the e-mails but I can't tell what it's doing with them (and I
> don't really know anything about the mailq command).
>
And what is said in the log file? What says 'postqueue -p'?

> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
This way aliasing will work only for local domains; for virtual domains 
use virtual_alias_maps (even for virtual_mailbox_domains)


> home_mailbox = Maildir/

home_mailbox also needed only for local domains - is used by 'local' 
delivery agent, when users are clearly tied with unix accounts (user's 
mail will be delivered to ~/$home_mailbox)

Re: SMTP and SASL/TLS problem

2008-10-14 Thread Issac Kelly 
Ok, I'm getting closer

in /var/log/auth.log
Oct 14 07:12:07 postfix/smtpd[15456]: sql auxprop plugin using mysql engine
Oct 14 07:18:01 postfix/smtpd[15469]: sql plugin trying to open db
'maildb ' on host 'localhost'
Oct 14 07:18:01 postfix/smtpd[15469]: sql plugin could not connect to
host localhost
Oct 14 07:18:01 postfix/smtpd[15469]: sql plugin couldn't connect to any host
Oct 14 07:19:41 saslauthd[15368]: server_exit : master exited: 15368
Oct 14 07:19:41 saslauthd[15580]: detach_tty  : master pid is: 15580
Oct 14 07:19:41 saslauthd[15580]: ipc_init: listening on
socket: /var/spool/postfix/var/run/saslauthd/mux  #at this point, i
changed /etc/postfix/sasl/smtp.conf sql_host to 127.0.0.1 to check if
it worked
Oct 14 07:19:57 postfix/smtpd[15663]: sql auxprop plugin using mysql engine
Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin Parse the username [EMAIL 
PROTECTED]
Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin try and connect to a host
Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin trying to open db
'maildb ' on host '127.0.0.1'
Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin could not connect to
host 127.0.0.1
Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin couldn't connect to any host


/var/log/mysql/mysql is silent however (and set to log queries)

 $ telnet mail.host.com. 25
Trying 75.101.148.70...
Connected to mail.host.com.
Escape character is '^]'.
220 Servee SMTP ESMTP
EHLO test
250-hostname
250-PIPELINING
250-SIZE 1024
250-ETRN
250-STARTTLS
250-AUTH DIGEST-MD5 LOGIN CRAM-MD5 PLAIN
250-AUTH=DIGEST-MD5 LOGIN CRAM-MD5 PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain dGVzdDJAdGhyZWVmb3VuGC5jb20AcGFzc3dvcmQ=
535 5.7.8 Error: authentication failed: bad protocol / cancel

(the above is a hash of a test account)

So, I'm guessing that sasl can't connect to mysql because of the
chroot or something? I don't know how I would check that, and I could
be completely off.

That would be strange, considering that postfix knows how to connect
to mysql, and is getting through just fine to deliver mail.

Thanks much for the help thus far.

On Tue, Oct 14, 2008 at 10:08 AM, mouss <[EMAIL PROTECTED]> wrote:
> Issac Kelly a écrit :
>> Here is my saslfinger output
>>
>> #saslfinger -c
>> saslfinger - postfix Cyrus sasl configuration Tue Oct 14 06:22:13 PDT 2008
>> version: 1.0.2
>> mode: client-side SMTP AUTH
>>
>> -- basics --
>> Postfix: 2.5.1
>> System: Ubuntu 8.04 \n \l
>>
>> -- smtp is linked to --
>>libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00843000)
>>
>> -- active SMTP AUTH and TLS parameters for smtp --
>> smtp_tls_note_starttls_offer = yes
>>
>>
>> -- listing of /usr/lib/sasl2 --
>> total 796
>> drwxr-xr-x  2 root root  4096 2008-10-14 06:06 .
>> drwxr-xr-x 55 root root 12288 2008-05-04 09:48 ..
>> -rw-r--r--  1 root root 13568 2008-04-09 14:50 libanonymous.a
>> -rw-r--r--  1 root root   862 2008-04-09 14:49 libanonymous.la
>> -rw-r--r--  1 root root 12984 2008-04-09 14:50 libanonymous.so
>> -rw-r--r--  1 root root 12984 2008-04-09 14:50 libanonymous.so.2
>> -rw-r--r--  1 root root 12984 2008-04-09 14:50 libanonymous.so.2.0.22
>> -rw-r--r--  1 root root 15834 2008-04-09 14:50 libcrammd5.a
>> -rw-r--r--  1 root root   848 2008-04-09 14:49 libcrammd5.la
>> -rw-r--r--  1 root root 15320 2008-04-09 14:50 libcrammd5.so
>> -rw-r--r--  1 root root 15320 2008-04-09 14:50 libcrammd5.so.2
>> -rw-r--r--  1 root root 15320 2008-04-09 14:50 libcrammd5.so.2.0.22
>> -rw-r--r--  1 root root 46332 2008-04-09 14:50 libdigestmd5.a
>> -rw-r--r--  1 root root   871 2008-04-09 14:49 libdigestmd5.la
>> -rw-r--r--  1 root root 43020 2008-04-09 14:50 libdigestmd5.so
>> -rw-r--r--  1 root root 43020 2008-04-09 14:50 libdigestmd5.so.2
>> -rw-r--r--  1 root root 43020 2008-04-09 14:50 libdigestmd5.so.2.0.22
>> -rw-r--r--  1 root root 13574 2008-04-09 14:50 liblogin.a
>> -rw-r--r--  1 root root   842 2008-04-09 14:49 liblogin.la
>> -rw-r--r--  1 root root 13268 2008-04-09 14:50 liblogin.so
>> -rw-r--r--  1 root root 13268 2008-04-09 14:50 liblogin.so.2
>> -rw-r--r--  1 root root 13268 2008-04-09 14:50 liblogin.so.2.0.22
>> -rw-r--r--  1 root root 30016 2008-04-09 14:50 libntlm.a
>> -rw-r--r--  1 root root   836 2008-04-09 14:49 libntlm.la
>> -rw-r--r--  1 root root 29236 2008-04-09 14:50 libntlm.so
>> -rw-r--r--  1 root root 29236 2008-04-09 14:50 libntlm.so.2
>> -rw-r--r--  1 root root 29236 2008-04-09 14:50 libntlm.so.2.0.22
>> -rw-r--r--  1 root root 13798 2008-04-09 14:50 libplain.a
>> -rw-r--r--  1 root root   842 2008-04-09 14:49 libplain.la
>> -rw-r--r--  1 root root 13396 2008-04-09 14:50 libplain.so
>> -rw-r--r--  1 root root 13396 2008-04-09 14:50 libplain.so.2
>> -rw-r--r--  1 root root 13396 2008-04-09 14:50 libplain.so.2.0.22
>> -rw-r--r--  1 root root 22126 2008-04-09 14:50 libsasldb.a
>> -rw-r--r--  1 root root   873 2008-04-09 14:49 libsasldb.la
>> -rw-r--r--  1 root root 18080 2008-04-09 14:50 libsasldb.so
>> -rw-r--r--  1 root root 18080 2008-04-09 14:50 libsasldb.so.

Re: multiple outgoing interfaces?

2008-10-14 Thread Victor Duchovni 
On Tue, Oct 14, 2008 at 10:39:58AM +0300, ?? ?? wrote:

> 127.0.0.1:10025 inet n  -   n   -   -   smtpd
> -o cleanup_service_name=example-cleanup
> -o myhostname=example-smtp.example.org
> -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o smtpd_data_restrictions=
> -o smtpd_end_of_data_restrictions=
> 
> example-smtp   unix  -  -n- - smtp
> -o smtp_bind_address=ip.add.re.ss
> -o myhostname=example-smtp.example.org
> example-rewrite unix -  -n- - trivial-rewrite
> -o default_transport=example-smtp:
> example-qmgr   fifo  n   -   n300   1 qmgr
> -o rewrite_service_name=example-rewrite
> example-cleanup unix n   -   n- 0 cleanup
> -o queue_service_name=example-qmgr
> 

This won't work, trivial rewrite routing requests come from the queue
manager, there is only one queue manager.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

RE: problems adding 2nd instance.

2008-10-14 Thread Stefan Sczekalla 
Hello Brian, 

>> Following various instructions I copied the /etc/posfix dirs, added a

>> new Spool-Path with dirs, edited the new main.cf acooring to the new 
>> domain the instance is responsible for, added the 
>> alternate_config_directories entry.
>>   

> Is adding a domain the only reason for a second instance? Couldn't use
a virtual mailbox or virtual alias domain?

Well - The problem is that I have several "official" domains and for the
sake of order when sending mail - the IP-Address used for sending should
match the MX-record.

When I'm not mittaken, the only way for having a certain IP address used
while sending from a certain mail-domain is to use multiple instances of
postfix. 

>> When starting the second instance "postfix -c /etc/posfix2 start"
>> maillog logs:
>>
>> Oct 14 15:30:45 OpenBSD42 postfix/master[11315]: fatal: open lock
file
>> /var/lib/postfix/master.lock: unable to set exclusive lock: Resource 
>> temporarily unavailable
>>   

> Postfix 2.5 added the data_directory parameter.
> (http://www.postfix.org/postconf.5.html#data_directory)
> This refers to the /var/lib/postfix in many installs.

I stumbled across "data_directory" but it was not realy clear if an can
just modify that paramter for the 2nd .. or 3rd instance pointing to a
different data directory ... 

> Brian

Kind regards,

Stefan

Re: smtpd_client_restrictions break connection immediately after connect

2008-10-14 Thread Nikita Kipriyanov 

Victor Duchovni пишет:

Consider setting a null-mx record for the system's
host name:

ahost.example.com   IN MX 0 .

  
As I understand things, it simply forces a 'fallback to A record', like 
when there is no MX records...


Can you please explain, why this is needed?

Newbie needs help with virtual domain e-mail... mail not getting to /home/vmail

2008-10-14 Thread Keith Palmer Jr. 

 * Postfix newbie alert *

I'm trying to set it up so that I can have e-mail addresses that are not
tied to my FreeBSD system accounts. I'd like to have it pull the list of
recipients/domains from plain text files, and then I'll set up Dovecot to
retrieve mail via POP3/IMAP. The mailboxes should be stored in Maildir
format.

Right now, I can telnet in and send an e-mail using MAIL FROM, RCPT TO,
DATA, but I don't know where that e-mail ends up. Nothing ever shows up in
/home/vmail (i.e. no directories are created, and no e-mails get dumped
there that I can see).

 What am I doing wrong?

 Thanks in advance!

  - Keith




So, I have a /usr/local/etc/postfix/vmaps which looks like this (and I
used postmap /usr/local/etc/postfix/vmaps to build a vmaps.db file out of
it):

[EMAIL PROTECTED]   domain1.com/info/
[EMAIL PROTECTED]   domain2.com/keith/


I have a directory named /home/vmail user/group vmail 5000:5000. I have
not created any directories in this folder, I don't know if I need to or
not... I saw something somewhere about using makemaildir.dovecot, but I
don't have that script/binary on my FreeBSD system anywhere.

I have a /usr/local/etc/postfix/vhosts file which looks like:

domain1.com
domain2.com



I can telnet to port 25 and send an e-mail. I don't know where that e-mail
goes. If I run postqueue -p it shows nothing in the queue. If I run mailq,
I can see the e-mails but I can't tell what it's doing with them (and I
don't really know anything about the mailq command).



Here's my main.cf file:

queue_directory = /var/spool/postfix

command_directory = /usr/local/sbin

daemon_directory = /usr/local/libexec/postfix

data_directory = /var/db/postfix

mail_owner = postfix

unknown_local_recipient_reject_code = 550

mynetworks_style = host

in_flow_delay = 2

# ADDRESS REWRITING
#
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting including
# username->Firstname.Lastname mapping.

# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
#
# The VIRTUAL_README document gives information about the many forms
# of domain hosting that Postfix supports.
virtual_mailbox_domains = /usr/local/etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

recipient_delimiter = +

home_mailbox = Maildir/


smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

debug_peer_level = 2

debugger_command =
 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
 ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/local/sbin/sendmail

newaliases_path = /usr/local/bin/newaliases

mailq_path = /usr/local/bin/mailq

setgid_group = maildrop

html_directory = no

manpage_directory = /usr/local/man

sample_directory = /usr/local/etc/postfix

readme_directory = no





-- 
- Keith Palmer
   [EMAIL PROTECTED]
   (860) 634-1602

Re: problems adding 2nd instance.

2008-10-14 Thread mouss 
Stefan Sczekalla a écrit :
> Hello Brian, 
> 
>>> Following various instructions I copied the /etc/posfix dirs, added a
> 
>>> new Spool-Path with dirs, edited the new main.cf acooring to the new 
>>> domain the instance is responsible for, added the 
>>> alternate_config_directories entry.
>>>   
> 
>> Is adding a domain the only reason for a second instance? Couldn't use
> a virtual mailbox or virtual alias domain?
> 
> Well - The problem is that I have several "official" domains and for the
> sake of order when sending mail - the IP-Address used for sending should
> match the MX-record.

why? There is no relationship between sending and receiving mail.

maybe you want HELO to match the sender domain? but even that isn't
mandatory.

Of course, if you want to have different instances for different
domains, that's ok. but it comes at a price!


> 
> When I'm not mittaken, the only way for having a certain IP address used
> while sending from a certain mail-domain is to use multiple instances of
> postfix. 
> 
>>> When starting the second instance "postfix -c /etc/posfix2 start"
>>> maillog logs:
>>>
>>> Oct 14 15:30:45 OpenBSD42 postfix/master[11315]: fatal: open lock
> file
>>> /var/lib/postfix/master.lock: unable to set exclusive lock: Resource 
>>> temporarily unavailable
>>>   
> 
>> Postfix 2.5 added the data_directory parameter.
>> (http://www.postfix.org/postconf.5.html#data_directory)
>> This refers to the /var/lib/postfix in many installs.
> 
> I stumbled across "data_directory" but it was not realy clear if an can
> just modify that paramter for the 2nd .. or 3rd instance pointing to a
> different data directory ... 
> 


yes, set one for each instance.

Re: SMTP and SASL/TLS problem

2008-10-14 Thread Issac Kelly 
Yes, I can connect manually (mysql command line) and via TCP/IP to localhost.
Postfix uses mysql to get the usernames and mailboxes to deliver mail.
IMAP uses the same database (and UN and PW) to verify (Courier-IMAP,
and Courier-IMAP-SSL via authdaemon)
There is no record of anything in the MySQL logs when I try to connect
via SASL, but in the auth logs, it says

postfix/smtpd[17310]: sql auxprop plugin using mysql engine


On Tue, Oct 14, 2008 at 12:45 PM, mouss <[EMAIL PROTECTED]> wrote:
> Issac Kelly a écrit :
>> Ok, I'm getting closer
>>
>> in /var/log/auth.log
>> Oct 14 07:12:07 postfix/smtpd[15456]: sql auxprop plugin using mysql engine
>> Oct 14 07:18:01 postfix/smtpd[15469]: sql plugin trying to open db
>> 'maildb ' on host 'localhost'
>> Oct 14 07:18:01 postfix/smtpd[15469]: sql plugin could not connect to
>> host localhost
>> Oct 14 07:18:01 postfix/smtpd[15469]: sql plugin couldn't connect to any host
>> Oct 14 07:19:41 saslauthd[15368]: server_exit : master exited: 15368
>> Oct 14 07:19:41 saslauthd[15580]: detach_tty  : master pid is: 15580
>> Oct 14 07:19:41 saslauthd[15580]: ipc_init: listening on
>> socket: /var/spool/postfix/var/run/saslauthd/mux  #at this point, i
>> changed /etc/postfix/sasl/smtp.conf sql_host to 127.0.0.1 to check if
>> it worked
>
> yes. use 127.0.0.1.
>
>> Oct 14 07:19:57 postfix/smtpd[15663]: sql auxprop plugin using mysql engine
>> Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin Parse the username [EMAIL 
>> PROTECTED]
>> Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin try and connect to a host
>> Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin trying to open db
>> 'maildb ' on host '127.0.0.1'
>> Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin could not connect to
>> host 127.0.0.1
>> Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin couldn't connect to any host
>>
>
> I guess you can connect manually to mysql (on the same host), right?
> Then make sure it's not apparmor preventing postfix from accessing
> mysql. Also recheck the mysql login:password in smtpd.conf.
>
>>
>> /var/log/mysql/mysql is silent however (and set to log queries)
>>
>
> did you enable logging in my.cnf? should be something like
>
> log= /var/log/mysql/mysql.log
>
> (disable it once everything works, as it is not very good for
> performances, nor for disk space if it gets a lot of queries).
>
>
>>  [snip]
>>
>
>



-- 
---
Issac Kelly
servee.com
issackelly.com
--

Re: SMTP and SASL/TLS problem

2008-10-14 Thread mouss 
Issac Kelly a écrit :
> Yes, I can connect manually (mysql command line) and via TCP/IP to localhost.
> Postfix uses mysql to get the usernames and mailboxes to deliver mail.
> IMAP uses the same database (and UN and PW) to verify (Courier-IMAP,
> and Courier-IMAP-SSL via authdaemon)
> There is no record of anything in the MySQL logs when I try to connect
> via SASL, 


but do you see mysql logs for other queries? such as when you do queries
manually. if not, then you need restart mysql (after enabling logging).


PS. Please do not top post. put your replies after the text your reply to.

> [snip]

Re: SMTP and SASL/TLS problem

2008-10-14 Thread Issac Kelly 
On Tue, Oct 14, 2008 at 1:26 PM, mouss <[EMAIL PROTECTED]> wrote:
> Issac Kelly a écrit :
>> Yes, I can connect manually (mysql command line) and via TCP/IP to localhost.
>> Postfix uses mysql to get the usernames and mailboxes to deliver mail.
>> IMAP uses the same database (and UN and PW) to verify (Courier-IMAP,
>> and Courier-IMAP-SSL via authdaemon)
>> There is no record of anything in the MySQL logs when I try to connect
>> via SASL,
>
>
> but do you see mysql logs for other queries? such as when you do queries
> manually. if not, then you need restart mysql (after enabling logging).
>

Yes, all other queries are logged.

>
> PS. Please do not top post. put your replies after the text your reply to.
>
>> [snip]
>



-- 
---
Issac Kelly
servee.com
issackelly.com
--

Re: SMTP and SASL/TLS problem

2008-10-14 Thread Issac Kelly 
On Tue, Oct 14, 2008 at 1:29 PM, Issac Kelly <[EMAIL PROTECTED]> wrote:
> On Tue, Oct 14, 2008 at 1:26 PM, mouss <[EMAIL PROTECTED]> wrote:
>> Issac Kelly a écrit :
>>> Yes, I can connect manually (mysql command line) and via TCP/IP to 
>>> localhost.
>>> Postfix uses mysql to get the usernames and mailboxes to deliver mail.
>>> IMAP uses the same database (and UN and PW) to verify (Courier-IMAP,
>>> and Courier-IMAP-SSL via authdaemon)
>>> There is no record of anything in the MySQL logs when I try to connect
>>> via SASL,
>>
>>
>> but do you see mysql logs for other queries? such as when you do queries
>> manually. if not, then you need restart mysql (after enabling logging).
>>
>
> Yes, all other queries are logged.
>
>>
>> PS. Please do not top post. put your replies after the text your reply to.
>>
>>> [snip]
>>

As a continuation, I am willing to pay for a solution.
http://charleston.craigslist.org/cpg/878965203.html

Re: SMTP and SASL/TLS problem

2008-10-14 Thread mouss 
Issac Kelly a écrit :
> Here is my saslfinger output
> 
> #saslfinger -c
> saslfinger - postfix Cyrus sasl configuration Tue Oct 14 06:22:13 PDT 2008
> version: 1.0.2
> mode: client-side SMTP AUTH
> 
> -- basics --
> Postfix: 2.5.1
> System: Ubuntu 8.04 \n \l
> 
> -- smtp is linked to --
>libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00843000)
> 
> -- active SMTP AUTH and TLS parameters for smtp --
> smtp_tls_note_starttls_offer = yes
> 
> 
> -- listing of /usr/lib/sasl2 --
> total 796
> drwxr-xr-x  2 root root  4096 2008-10-14 06:06 .
> drwxr-xr-x 55 root root 12288 2008-05-04 09:48 ..
> -rw-r--r--  1 root root 13568 2008-04-09 14:50 libanonymous.a
> -rw-r--r--  1 root root   862 2008-04-09 14:49 libanonymous.la
> -rw-r--r--  1 root root 12984 2008-04-09 14:50 libanonymous.so
> -rw-r--r--  1 root root 12984 2008-04-09 14:50 libanonymous.so.2
> -rw-r--r--  1 root root 12984 2008-04-09 14:50 libanonymous.so.2.0.22
> -rw-r--r--  1 root root 15834 2008-04-09 14:50 libcrammd5.a
> -rw-r--r--  1 root root   848 2008-04-09 14:49 libcrammd5.la
> -rw-r--r--  1 root root 15320 2008-04-09 14:50 libcrammd5.so
> -rw-r--r--  1 root root 15320 2008-04-09 14:50 libcrammd5.so.2
> -rw-r--r--  1 root root 15320 2008-04-09 14:50 libcrammd5.so.2.0.22
> -rw-r--r--  1 root root 46332 2008-04-09 14:50 libdigestmd5.a
> -rw-r--r--  1 root root   871 2008-04-09 14:49 libdigestmd5.la
> -rw-r--r--  1 root root 43020 2008-04-09 14:50 libdigestmd5.so
> -rw-r--r--  1 root root 43020 2008-04-09 14:50 libdigestmd5.so.2
> -rw-r--r--  1 root root 43020 2008-04-09 14:50 libdigestmd5.so.2.0.22
> -rw-r--r--  1 root root 13574 2008-04-09 14:50 liblogin.a
> -rw-r--r--  1 root root   842 2008-04-09 14:49 liblogin.la
> -rw-r--r--  1 root root 13268 2008-04-09 14:50 liblogin.so
> -rw-r--r--  1 root root 13268 2008-04-09 14:50 liblogin.so.2
> -rw-r--r--  1 root root 13268 2008-04-09 14:50 liblogin.so.2.0.22
> -rw-r--r--  1 root root 30016 2008-04-09 14:50 libntlm.a
> -rw-r--r--  1 root root   836 2008-04-09 14:49 libntlm.la
> -rw-r--r--  1 root root 29236 2008-04-09 14:50 libntlm.so
> -rw-r--r--  1 root root 29236 2008-04-09 14:50 libntlm.so.2
> -rw-r--r--  1 root root 29236 2008-04-09 14:50 libntlm.so.2.0.22
> -rw-r--r--  1 root root 13798 2008-04-09 14:50 libplain.a
> -rw-r--r--  1 root root   842 2008-04-09 14:49 libplain.la
> -rw-r--r--  1 root root 13396 2008-04-09 14:50 libplain.so
> -rw-r--r--  1 root root 13396 2008-04-09 14:50 libplain.so.2
> -rw-r--r--  1 root root 13396 2008-04-09 14:50 libplain.so.2.0.22
> -rw-r--r--  1 root root 22126 2008-04-09 14:50 libsasldb.a
> -rw-r--r--  1 root root   873 2008-04-09 14:49 libsasldb.la
> -rw-r--r--  1 root root 18080 2008-04-09 14:50 libsasldb.so
> -rw-r--r--  1 root root 18080 2008-04-09 14:50 libsasldb.so.2
> -rw-r--r--  1 root root 18080 2008-04-09 14:50 libsasldb.so.2.0.22
> -rw-r--r--  1 root root 23696 2008-04-09 14:50 libsql.a
> -rw-r--r--  1 root root   971 2008-04-09 14:49 libsql.la
> -rw-r--r--  1 root root 23140 2008-04-09 14:50 libsql.so
> -rw-r--r--  1 root root 23140 2008-04-09 14:50 libsql.so.2
> -rw-r--r--  1 root root 23140 2008-04-09 14:50 libsql.so.2.0.22
> -rw-r--r--  1 root root   258 2008-10-14 06:07 smtpd.conf
> 
> 
> Cannot find the smtp_sasl_password_maps parameter in main.cf.
> Client-side SMTP AUTH cannot work without this parameter!
> 
> # saslfinger -s
> #-- basics --
> Postfix: 2.5.1
> System: Ubuntu 8.04 \n \l
> 
> -- smtpd is linked to --
>libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x005fc000)
> 
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain =

This the default, so remove it.


> smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2

This is your problem. The default is "smtpd" which is ok. remove the line.

[snip]
> 
> 
> 
> -- content of /usr/lib/sasl2/smtpd.conf --

debian (thus ubuntu) uses the other file (below).

> 
> -- content of /etc/postfix/sasl/smtpd.conf --
> pwcheck_method: auxprop
> auxprop_plugin: sql
> mech_list: plain login cram-md5 digest-md5
> sql_engine: mysql
> sql_hostnames: localhost
> sql_user: --- replaced ---
> sql_passwd: --- replaced ---
> sql_database: maildb
> sql_select: select clear from users where id='[EMAIL PROTECTED]' and enabled 
> = 1

looks ok. you can add
log_level: 7
if you want more logs (they should appear in your /var/log/auth.log)

> [snip] 
>

Re: Postfix automatic startup script for Mac OSX 10.4

2008-10-14 Thread Jim Wright 

On Oct 13, 2008, at 5:01 AM, Rupert Reid wrote:

I am trying to setup postfix so that it will start automatically at  
startup. I placed the following script "postfix" in a text file  
"postfix" and saved it to Library/Startupitems/Postfix.  As you  
probably guessed it did not work.  I would be grateful for some  
detailed instructions on how I can get postfix to start automatically.


Sounds like you are missing the StartupParameters.plist file if you  
have only created the one file.  Here are the two files I'm using:


StartupParameters.plist :


{
  Description   = "Postfix mail server";
  Provides  = ("SMTP");
  Requires  = ("Resolver", "policyd");
  Uses  = ("Network Time", "NFS");
  Preference= "None";
  Messages =
  {
start = "Starting Postfix";
stop  = "Stopping Postfix";
restart  = "Reloading Postfix Configuration";
  };
}


postfix:


#!/bin/sh

. /etc/rc.common

StartService ()
{
if [ "${MAILSERVER:=-NO-}" = "-YES-" ]; then
ConsoleMessage "Starting mail services"
/usr/sbin/postfix start
elif [ "${MAILSERVER:=-NO-}" = "-AUTOMATIC-" ]; then
/usr/sbin/postfix-watch
fi
}

StopService ()
{
ConsoleMessage "Stopping Postfix mail services"
/usr/sbin/postfix stop
killall -1 postfix-watch 2> /dev/null
}

RestartService ()
{
if [ "${MAILSERVER:=-NO-}" = "-YES-" ]; then
ConsoleMessage "Reloading Postfix configuration"
/usr/sbin/postfix reload
else
StopService
fi
}

RunService "$1"


Files and the enclosing folder should be owned by root, privs should  
be 755 for the files and their enclosing folder.

RE: Finally blocking some spam

2008-10-14 Thread Joey 

> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Nikita Kipriyanov
> Sent: Tuesday, October 14, 2008 1:32 AM
> To: postfix-users@postfix.org
> Subject: Re: Finally blocking some spam
> 
> Joey wrote:
> > I agree, however who has these lists.  The only place I have found is
the
> > http://www.okean.com I keep referring to.
> > I have asked on the list before if anyone else has similar resource with
no
> > luck.
> > I have also searched the web without resolve.
> >
> Have you tried a whois service? Just find spammer's IP and ask about
> that IP inf the IANA whois service... They will usually reply with ISP's
> subnet mask, and also give administrative contacts to that ISP (owners
> of  IP space). You can contact owners and tell them about spam from
> their subnet, they block it often; if they refuse to do anything, your
> can block this subnet - not the whole country, but only the subnet,
> where spammers are live and where ISP doesn't care that it gives a
> service to spammers.
> 
> By the way, I never heard about okean.com, but I think that whois
> service, which is principally maintained by the people who assign IP
> space to ISPs, is much more adequate source for queryng about assigned
> IP spaces ;)

Nikita,

I have done what you are saying MANY MANY times, but it is a huge manual
process that only puts a scratch in getting results.
Believe me I have looked in the log file for how many times an address
connects, then how many times it fails from those connections and then
lookup what country they are from until finally adding them to a blacklist
per say.

Imagine with a 6GB monthly maillog how long this process can take, it's just
too time consuming.

Re: Finally blocking some spam

2008-10-14 Thread Nikita Kipriyanov 

Joey пишет:

Imagine with a 6GB monthly maillog how long this process can take, it's just
too time consuming.

  

No, I cant imagine 6Gb, only 2Gb ;)
[machine that I administer] mail # ls -l postfix.*
-rw-r- 1 root adm16258536 Окт 14 23:31 postfix.log
-rw-r- 1 root root 1923487124 Сен  1 00:07 postfix.log.Aug2008
-rw-r- 1 root root 2030278881 Авг  1 00:07 postfix.log.Jul2008
-rw-r- 1 root root  645916581 Окт  1 00:06 postfix.log.Sep2008

Re: smtpd_client_restrictions break connection immediately after connect

2008-10-14 Thread Victor Duchovni 
On Tue, Oct 14, 2008 at 07:43:07PM +0400, Nikita Kipriyanov wrote:

> Victor Duchovni ??:
> >Consider setting a null-mx record for the system's
> >host name:
> >
> > ahost.example.com   IN MX 0 .
> >
> >  
> As I understand things, it simply forces a 'fallback to A record', like 
> when there is no MX records...

When MX records exist, no A records are used. The "." value may not
work reliably on all systems, you could use "localhost." or 
"localhost.example.com.", ...

The idea is to preclude all plausible traffic to your host from legitimate
MTAs that use DNS to locate mail servers for a domain. If you have a real
MX server for the host's name, use that instead.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Sender Bcc Maps

2008-10-14 Thread Ranjith Kumar 
Hi,

I want to forward outgoing mails of particular user to another
account. I searched on the internet and found that it is possible
using  sender_bcc_maps command.

What is the procedure to use this command.

Thanks
Ranjith

Re: smtpd_client_restrictions break connection immediately after connect

2008-10-14 Thread Victor Duchovni 
On Tue, Oct 14, 2008 at 12:13:39PM +0400, Nikita Kipriyanov wrote:

> Yes, you can. See http://www.postfix.org/postconf.5.html#smtpd_delay_reject
> It is on by default, so postfix delays reject until RCPT TO; if you turn
> off that parameter, it will reject immediatly. But, not all mail
> software understand that early reject properly, so be warned.

If the host is an MX host for any domains, don't reject at connect time,
otherwise, go ahead. Consider setting a null-mx record for the system's
host name:

ahost.example.com   IN MX 0 .

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: SMTP and SASL/TLS problem

2008-10-14 Thread mouss 
Issac Kelly a écrit :
> Ok, I'm getting closer
> 
> in /var/log/auth.log
> Oct 14 07:12:07 postfix/smtpd[15456]: sql auxprop plugin using mysql engine
> Oct 14 07:18:01 postfix/smtpd[15469]: sql plugin trying to open db
> 'maildb ' on host 'localhost'
> Oct 14 07:18:01 postfix/smtpd[15469]: sql plugin could not connect to
> host localhost
> Oct 14 07:18:01 postfix/smtpd[15469]: sql plugin couldn't connect to any host
> Oct 14 07:19:41 saslauthd[15368]: server_exit : master exited: 15368
> Oct 14 07:19:41 saslauthd[15580]: detach_tty  : master pid is: 15580
> Oct 14 07:19:41 saslauthd[15580]: ipc_init: listening on
> socket: /var/spool/postfix/var/run/saslauthd/mux  #at this point, i
> changed /etc/postfix/sasl/smtp.conf sql_host to 127.0.0.1 to check if
> it worked

yes. use 127.0.0.1.

> Oct 14 07:19:57 postfix/smtpd[15663]: sql auxprop plugin using mysql engine
> Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin Parse the username [EMAIL 
> PROTECTED]
> Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin try and connect to a host
> Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin trying to open db
> 'maildb ' on host '127.0.0.1'
> Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin could not connect to
> host 127.0.0.1
> Oct 14 07:20:00 postfix/smtpd[15663]: sql plugin couldn't connect to any host
> 

I guess you can connect manually to mysql (on the same host), right?
Then make sure it's not apparmor preventing postfix from accessing
mysql. Also recheck the mysql login:password in smtpd.conf.

> 
> /var/log/mysql/mysql is silent however (and set to log queries)
> 

did you enable logging in my.cnf? should be something like

log= /var/log/mysql/mysql.log

(disable it once everything works, as it is not very good for
performances, nor for disk space if it gets a lot of queries).


>  [snip]
>

Re: Sender Bcc Maps

2008-10-14 Thread Barney Desmond 
Ranjith Kumar wrote:
> I want to forward outgoing mails of particular user to another
> account. I searched on the internet and found that it is possible
> using  sender_bcc_maps command.
> 
> What is the procedure to use this command.

The documentation indicates it functions much like any other table-based
lookup.
http://www.postfix.org/postconf.5.html#sender_bcc_maps

`postconf -m` will show you what table types you can use, hash is
probably the most common. Create the table, run postmap to generate the
table file, add the configuration to main.cf, reload postfix.



signature.asc
Description: OpenPGP digital signature

Interesting tumgreyspf/postfix/gmail problem

2008-10-14 Thread Rick Zeman 
Just discovered that gmail is now retrying greylisted email from not
only multiple servers, but from multiple servers located within
different subnets...which totally breaks breaks tumgreyspf greylisting
implementation.  I kind of like it cuz it uses the filesystem to store
its data.  However, there's no way to whitelist every one of their
smtp servers.

This leaves is with 4 options:

a)  do nothing and hope it's a crapshoot that gmail will retry from
the same smtp server within a reasonable timeframe (if at all!)  Not a
good option.
b)  turn off greylisting entirely.  (It still stops a lot of
spam...just not as much as before.  Not a good option)
c)  switch to another greylisting implementation  (uses a
database...not the preferred option)
d)  have postfix bypass that policy service if the sender's smtp
connection/envelope sender (vs the from)  is from gmail.   I have no
idea how to do that--if possible--hence this request to the list.  Is
that possible?

Thanks!

postconf -n
address_verify_negative_cache = yes
address_verify_negative_expire_time = 1d
address_verify_positive_refresh_time = 2d
address_verify_sender = <>
alias_maps = hash:/etc/aliases
biff = no
body_checks = regexp:/etc/postfix/body_checks
bounce_template_file = /etc/postfix/bounce.cf
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 4h
disable_dns_lookups = no
disable_vrfy_command = yes
html_directory = /usr/share/doc/packages/postfix/html
local_recipient_maps =
local_transport = error:local mail delivery is disabled
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 2568
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination =
myhostname = mail.melwood.org
mynetworks = 127.0.0.0/8 192.168.1.0/24
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relay_domains = melwood.com, melwood.org, melwoodgardencenter.com
relay_recipient_maps =
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_tls_CAfile = /etc/postfix/certs/cacert.pem
smtp_tls_cert_file = /etc/postfix/certs/postfix_public_cert.pem
smtp_tls_key_file = /etc/postfix/certs/postfix_private_key.pem
smtp_tls_loglevel = 0
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_banner = mail.melwood.org ESMTP - All use subject to Melwood's
Internet Use Policy.
smtpd_client_restrictions = permit_mynetworks   reject_rbl_client
zen.spamhaus.orgreject_rbl_client list.dsbl.org reject_rbl_client
combined.njabl.orgpermit
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 3s
smtpd_hard_error_limit = 4
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks
reject_invalid_hostnamecheck_helo_access
hash:/etc/postfix/helo_access  permit
smtpd_recipient_restrictions = permit_mynetworks
reject_unauth_destinationreject_unverified_recipient
check_recipient_access hash:/etc/postfix/always_allowed
check_recipient_access hash:/etc/postfix/not_accepted
check_policy_service unix:private/tumgreyspf
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem
smtpd_tls_cert_file = /etc/postfix/certs/postfix_public_cert.pem
smtpd_tls_key_file = /etc/postfix/certs/postfix_private_key.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
soft_bounce = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550

Re: SMTP and SASL/TLS problem

2008-10-14 Thread mouss 
Issac Kelly a écrit :
> I have some more details now:
> 
> postfix/smtpd[11997]: warning: (outside host): SASL PLAIN authentication
> failed: authentication failure
> postfix/smtpd[11997]: > (outside host): 535 5.7.8 Error: authentication
> failed: authentication failure
> postfix/smtpd[11997]: watchdog_pat: 0x9ab5680
>  postfix/smtpd[11997]: < (outside host): AUTH LOGIN
> postfix/smtpd[11997]: xsasl_cyrus_server_first: sasl_method LOGIN
> postfix/smtpd[11997]: xsasl_cyrus_server_auth_response: uncoded server
> challenge: Username:
> postfix/smtpd[11997]: > (outside host): 334 [[SOME ENCRYPTEDVAL]]
>  postfix/smtpd[11997]: < (outside host): [[OTHER ENCRYPTED VAL]]
>  postfix/smtpd[11997]: xsasl_cyrus_server_next: decoded response:
> ([EMAIL PROTECTED] )
>  postfix/smtpd[11997]: xsasl_cyrus_server_auth_response: uncoded server
> challenge: Password:
> postfix/smtpd[11997]: > (outside host): 334 [[encrypted val]]
> postfix/smtpd[11997]: < (outside host): [[encrypted val]]
> postfix/smtpd[11997]: xsasl_cyrus_server_next: decoded response: [[plain
> text password]]
>  postfix/smtpd[11997]: warning: SASL authentication problem: unable to
> open Berkeley db /etc/sasldb2: No such file or directory
> 
> 
> It's the last line that confuses me, it shouldn't be looking in
> /etc/sasldb2 at all, it should be looking in the database
> 
> here is my /etc/postfix/sasl/smtpd.conf
> 

the location of smtpd.conf is system dependent. you'll need to make sure
your system uses /etc/postfix/sasl (Debian style). Otherwise, you'll
need to find the right path.

> pwcheck_method: auxprop
> auxprop_plugin: sql
> mech_list: login cram-md5 digest-md5

no "plain"?

> sql_engine: mysql
> sql_hostnames: localhost
> sql_user: [[mail username]]
> sql_passwd: [[sql passwd]]
> sql_database: maildb
> sql_select: select clear from users where id='[EMAIL PROTECTED]' and enabled 
> = 1
> 
> So, SASL and TLS are still not working, either of them.  I don't have a
> real idea what's going on.
> 


show the output of saslfinger. If you don't have it, you can get it from:
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/

Re: Interesting tumgreyspf/postfix/gmail problem

2008-10-14 Thread mouss 
Rick Zeman a écrit :
> Just discovered that gmail is now retrying greylisted email from not
> only multiple servers, but from multiple servers located within
> different subnets...which totally breaks breaks tumgreyspf greylisting
> implementation.  I kind of like it cuz it uses the filesystem to store
> its data.  However, there's no way to whitelist every one of their
> smtp servers.
> 
> This leaves is with 4 options:
> 
> a)  do nothing and hope it's a crapshoot that gmail will retry from
> the same smtp server within a reasonable timeframe (if at all!)  Not a
> good option.
> b)  turn off greylisting entirely.  (It still stops a lot of
> spam...just not as much as before.  Not a good option)
> c)  switch to another greylisting implementation  (uses a
> database...not the preferred option)
> d)  have postfix bypass that policy service if the sender's smtp
> connection/envelope sender (vs the from)  is from gmail.   I have no
> idea how to do that--if possible--hence this request to the list.  Is
> that possible?
> 


download dnswl (from dnswl.org) and use it before greylisting and before
rbl checks.

Re: saslfinger output, was Re: postfix hangs when SASL enabled

2008-10-14 Thread Travis 
On Sat, Oct 11, 2008 at 03:36:01PM +0400, Nikita Kipriyanov wrote:
> Travis wrote:
> There are wrong permissions on saslauthd socket. From 
> http://www.postfix.org/SASL_README.html :
> 
> IMPORTANT: saslauthd usually establishes a UNIX domain socket in 
> /var/run/saslauthd and waits for authentication requests. The Postfix 
> SMTP server must have read+execute permission to this directory or 
> authentication attempts will fail.

That fixed it.

I of course never set up the chrooted environment, the defaults for
Debian Linux 4.0 are wrong.

chmod a+rX /var/spool/postfix/var{,/run,/run/saslauthd} fixed it.

-- 
Crypto ergo sum.  http://www.subspacefield.org/~travis/
Truth does not fear scrutiny or competition, only lies do.
If you are a spammer, please email [EMAIL PROTECTED] to get blacklisted.

Re: Interesting tumgreyspf/postfix/gmail problem

2008-10-14 Thread Henrik K 
On Tue, Oct 14, 2008 at 05:32:56PM -0400, Rick Zeman wrote:
> Just discovered that gmail is now retrying greylisted email from not
> only multiple servers, but from multiple servers located within
> different subnets...which totally breaks breaks tumgreyspf greylisting
> implementation.  I kind of like it cuz it uses the filesystem to store
> its data.  However, there's no way to whitelist every one of their
> smtp servers.

Of course there is, add client table before policy server:

.google.com OK

And as already said, you can also use dnswl also, which contains IPs.