date:20081121

Martin Vila a écrit :
> 
>> smtpd_recipient_restrictions = permit_mynetworks,
> reject_unauth_destina tion
>  
> Could it be this line, which as "reject_unauth_destina tion"
> or is this my email viewer of your cut/paste process?
>  
>  
> Thanks Olivier, I just tried only: smtpd_recipient_restrictions =
> permit_mynetworks
>  


no, don't blindly change settings. the setting was correct (except for
hotmail formatting ;-p).

Next time, show the output of 'postconf -n' (with '-n') not the full
postconf output.

connect on your postfix machine and use telnet to test. This will rule
out any virus scanner on your windows machine.

if the connection hangs even on the machine, then check whether you have
a problem with a milter or a proxy_filter.


PS. When you hide private infos, use 192.0.2.* for (public) IPs and
*.example.com (or the like) for domains. do not use 'x' or '*' as a
replacement character.




> and got this error:
>  
> Nov 20 20:29:13 smtprelay postfix/postfix-script: refreshing the Postfix
> mail system
> Nov 20 20:29:13 smtprelay postfix/master[3355]: reload configuration
> /etc/postfix
> Nov 20 20:29:13 smtprelay postfix/anvil[2100]: statistics: max
> connection rate 1/60s for (smtp:200.38.12.191) at Nov 20 20:25:26
> Nov 20 20:29:13 smtprelay postfix/anvil[2100]: statistics: max
> connection count 1 for (smtp:200.38.12.191) at Nov 20 20:25:26
> Nov 20 20:29:13 smtprelay postfix/anvil[2100]: statistics: max cache
> size 5 at Nov 20 20:27:39
> Nov 20 20:30:01 smtprelay postfix/smtpd[23963]: fatal: parameter
> "smtpd_recipient_restrictions": specify at least one working instance
> of: check_relay_domains, reject_unauth_destination, reject, defer or
> defer_if_permit
> Nov 20 20:30:02 smtprelay postfix/master[3355]: warning: process
> /usr/libexec/postfix/smtpd pid 23963 exit status 1
> Nov 20 20:30:02 smtprelay postfix/master[3355]: warning:
> /usr/libexec/postfix/smtpd: bad com mand startup -- throttling
> Nov 20 20:30:10 smtprelay postfix/smtpd[23964]: connect from
> unknown[10.13.0.9]
>  
> what else can I try?
>  
> Martin
> 
> 
> Discover the new Windows Vista Learn more!
>

Preventing local forwarding for some local domains

The question may sound odd, but here's what I'm trying to do:

There are number of virtual domains defined on the local server that
is the final destination for these domains. Yet the MX record in the
DNS for these domains points to the mail exchangers of an external
spam filtering service which in turn forwards clean emails to my local
server. The local server doesn't receive mail (for these domains) from
any other source, in fact the interface is limited to the IPs of the
spam filtering service's relay servers to prevent bypassing the
external spam filter.

The domains have various "distribution groups" defined, alias users
whose only function is to forward the mail to two or more users (they
don't have a mailbox of their own – they're defined in
virtual_alias_maps). If possible, I'd like the emails forwarded from
these alias accounts to loop through the MX servers listed in the
domain's DNS record (i.e. the spam filtering service's mail servers)
rather than be delivered locally. The reason for this is that I would
like to have the spam filtered only once, on the final pass (i.e.
after the forward) so that if the inbound message is trapped as spam
it would be found in each recipient's spam quarantine.

In other words..

1. Inbound mail passes through the spam filtering service unfiltered
(the "distribution group" accounts are set to not filter at the
filtering service).
2. Inbound mail – spam or not – reaches my local server, it is
received at a "distribution group" alias account and forwarded to, for
example, three real users on the same domain.
3. At this stage I'd like the local server to forward the messages to
the mail servers listed in MX records for the domain (the spam
filtering service's mail servers) rather than deliver them locally.
4. Now the forwarded copies of the message are filtered for each user
who receives it.
5. If the copies of the message are clean, they are relayed to the
local server and delivered to the users' mailboxes (if they're found
to be spam, they're quarantined at the spam filtering service).

Thanks again for the advice!

Re: emails not arriving "timeout after CONNECT", E ND-OF-MESSAGE, DATA, EHLO‏

2008-11-21 Thread Olivier MJ Crepin-Leblond

What I meant Martin was that there was a space in the "destination" word, which 
was written as "destina tion" rather than "destination".

If you make 

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

Does it work?

Olivier

-- 
Olivier MJ Crepin-Leblond, Ph.D
Global Information Highway Ltd
http://www.gih.com/ocl.html  

  - Original Message - 
  From: Martin Vila 
  To: postfix 
  Sent: Friday, November 21, 2008 2:41 AM
  Subject: RE: emails not arriving "timeout after CONNECT", END-OF-MESSAGE, 
DATA, EHLO‏




  > smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destina tion
   
  Could it be this line, which as "reject_unauth_destina tion"
  or is this my email viewer of your cut/paste process?

   
  Thanks Olivier, I just tried only: smtpd_recipient_restrictions = 
permit_mynetworks
   
  and got this error:
   
  Nov 20 20:29:13 smtprelay postfix/postfix-script: refreshing the Postfix mail 
system
  Nov 20 20:29:13 smtprelay postfix/master[3355]: reload configuration 
/etc/postfix
  Nov 20 20:29:13 smtprelay postfix/anvil[2100]: statistics: max connection 
rate 1/60s for (smtp:200.38.12.191) at Nov 20 20:25:26
  Nov 20 20:29:13 smtprelay postfix/anvil[2100]: statistics: max connection 
count 1 for (smtp:200.38.12.191) at Nov 20 20:25:26
  Nov 20 20:29:13 smtprelay postfix/anvil[2100]: statistics: max cache size 5 
at Nov 20 20:27:39
  Nov 20 20:30:01 smtprelay postfix/smtpd[23963]: fatal: parameter 
"smtpd_recipient_restrictions": specify at least one working instance of: 
check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
  Nov 20 20:30:02 smtprelay postfix/master[3355]: warning: process 
/usr/libexec/postfix/smtpd pid 23963 exit status 1
  Nov 20 20:30:02 smtprelay postfix/master[3355]: warning: 
/usr/libexec/postfix/smtpd: bad com mand startup -- throttling
  Nov 20 20:30:10 smtprelay postfix/smtpd[23964]: connect from 
unknown[10.13.0.9]


  what else can I try?

  Martin


--
  Discover the new Windows Vista Learn more!

Re: Postfix listening on 25, unable to telnet to 25 - my first config

2008-11-21 Thread Olivier MJ Crepin-Leblond

Also check SElinux if you are running this. It may prevent changes to the port 
config from taking place.
You can see entries in the logfile called /var/log/messages

Regards,

Olivier

-- 
Olivier MJ Crepin-Leblond, Ph.D
Global Information Highway Ltd
http://www.gih.com/ocl.html  

  - Original Message - 
  From: D G Teed 
  To: Paul Cocker 
  Cc: postfix users list 
  Sent: Friday, November 21, 2008 2:47 AM
  Subject: Re: Postfix listening on 25, unable to telnet to 25 - my first config




Paul Cocker schrieb:




  Definitely nothing in between, of that I'm certain.

  Are there any tools which will give me more information 

about attempts 

  to connect to a port on a remote host?

use tcpdump for that purpose

please try

$ telnet $IP_OF_SMTP_HOST 25

and show exactly, what you get



  I ran windump in the background and did a telnet to the IP, however a
  findstr on the output file contains no matches. If I do the same thing
  using the server name the only matching output in the dump is when the
  server performs a name lookup, after that there are no matching entries
  by IP or name.

  Am I doing something wrong?


  There are a few things that can make postfix listen only locally.

  One is firewall.  You say it isn't an issue.

  On the postfix machine, if it is a Unix machine, use lsof -Pni to
  verify what ports and addresses master is listening on.

  If it is only listening to 127.0.0.1 then you have a problem with
  inet_interfaces, or else the look up of the host name listed 
  in inet_interfaces.  On many Linux machines, the host
  resolution order is hosts, dns, and so a bad entry
  on /etc/hosts can sting you.

  Make sure you don't have 127.0.0.1 set up with the internet host
  name of the server in /etc/hosts.  It should be only localhost next to
  127.0.0.1   I've seen Redhat installs with this messed up.

  --Donald

RE: emails not arriving "timeout after CONNECT", END-O F-MESSAGE, DATA, EHLO‏

2008-11-21 Thread Martin Vila



Oh sorry. In the configuration file it was always set as: 
smtpd_recipient_restrictions = permit_mynetworks, 
reject_unauth_destination

About telneting from the server's shell, all the smtp commands pass fine. No 
problem with the "." ending. The error happens always only from certain domains 
on incoming email. The "." hang remembers me the old pix bug.

Thanks for all the pointers. I'm open to any advice, I've tried everything I've 
found so far.

Martin













What I meant Martin was that there was a space in 
the "destination" word, which was written as "destina tion" rather than 
"destination".
 
If you make 
 
smtpd_recipient_restrictions = permit_mynetworks, 
reject_unauth_destination
 
Does it work?
 


_
Invite your mail contacts to join your friends list with Windows Live Spaces. 
It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us

how to manage Active queue

2008-11-21 Thread Jevos, Peter

Hi

I'd like to ask you if it is possible to somehow manage active queue

For example from the qshape program I can see that there is some mails
in the active queue.

How can I examine them or delete only special mails from the active
queue

I cannot examine logs, cause it's a lot of mega's and it comes from
history.

I only need to know what happened and who was sender and recipient,
similar like a mailq report
>From the qshape I can see only sender or recipient domains


Thanks

Br

peter

Postfix and quota clarification

2008-11-21 Thread Rocco Scappatura

Hello,

I have a post-office platform based on
Postfix-2.5.2+Courier-IMAP-4.0.1-Courier-authlib-0.53+MySQL-5.0.33.

Can someone give some hint on how enable (and verify that works) quota
on mailboxes?

Thanks,

rocsca

Re: something about maillog

Jorge E. Rojas:
> hi
> 
> somebody can tell me how (if possible) have a full date (i.e. with the 
> year) in the maillog  ?

The date format is chosen by the syslog() system library function.

Wietse

4.5.3 too many recipients

2008-11-21 Thread Michael De Groote

i have a very simple postfix setup running at school.

now the principal wants to send mails to all the parents that registered
their emailaddress and signed on for a newsletter every week.
This causes him to get a 452: 4.5.3 Too many recipients.

I tried setting the default_destination_recipient_limit = 250
(instead of the standard 50) but it doenst work. I'm probably trying the
wrong parameter here, but since i left that school at the end of last year -
but they still call me for support - i don't really have  a lot of time to
spend searching for a solution on this one. Can someone point me in the
right direction here please?

greetings


Michael De Groote
ICT-coordinator Sint-Pietersschool Korbeek-Lo
ICT-support Sancta Maria Basisschool Leuven

Re: 4.5.3 too many recipients

Michael De Groote:
> i have a very simple postfix setup running at school.
> 
> now the principal wants to send mails to all the parents that registered
> their emailaddress and signed on for a newsletter every week.
> This causes him to get a 452: 4.5.3 Too many recipients.

The internet mail standard requires that an SMTP SERVER accepts no
fewer than 100 recipients per message.

> I tried setting the default_destination_recipient_limit = 250

That is for the Postfix SMTP CLIENT.

The server limit is smtpd_recipient_limit (default: 1000).

Wietse

> (instead of the standard 50) but it doenst work. I'm probably trying the
> wrong parameter here, but since i left that school at the end of last year -
> but they still call me for support - i don't really have  a lot of time to
> spend searching for a solution on this one. Can someone point me in the
> right direction here please?
> 
> greetings
> 
> 
> Michael De Groote
> ICT-coordinator Sint-Pietersschool Korbeek-Lo
> ICT-support Sancta Maria Basisschool Leuven

Re: preventing backscatter with virtual_alias_maps

On Fri, Nov 21, 2008 at 3:39 AM, mouss <[EMAIL PROTECTED]> wrote:
> if you have no domains in relay_domains, then you don't need
> relay_recipient_maps nor reject_unverified_domains.
>
> you are using a "non standard" setup in the sense that you are declaring
> the domains as virtual_alias_domains when they are relay_domains.

D G Teed:
> Perhaps "non standard" but it works best for us.

If you choose to use "what works" instead of the documented
guidelines, then you should not be surprised when things "stop
working" after migration to a different Postfix version.

Wietse

Re: preventing backscatter with virtual_alias_maps

2008-11-21 Thread D G Teed

On Fri, Nov 21, 2008 at 3:39 AM, mouss <[EMAIL PROTECTED]> wrote:

>
> if you have no domains in relay_domains, then you don't need
> relay_recipient_maps nor reject_unverified_domains.
>
> you are using a "non standard" setup in the sense that you are declaring
> the domains as virtual_alias_domains when they are relay_domains.
>

Perhaps "non standard" but it works best for us.
98% of our virtual map is mapped to one of three inbox
servers, while the other 2% want to forward their
stuff to gmail or some special service.  It seems
the most flexible way to run a mapping.
We only serve one domain as MX on this server.

if you have wildcard aliases (alias for the whole domain), then you may
> have a backscatter problem. see below.
>
>
> test with a domain for which you have a wildcard alias in one of your
> virtual_alias_maps. so if you have a line like
> @example.com@example.org
> then try sending mail (with telnet or a MUA that uses smtp) to
> [EMAIL PROTECTED]
>
>
We have no wildcards.  For every recipient there is one
mapping entry.

I think the Postfix docs should include this method as
a valid one for preventing backscatter.  So many answers
I've read say you require relay_recipient_maps to prevent
backscatter generation, while one can get the same
prevention with the right virtual mapping set up.

Thanks for the confirmation on that.

--Donald

Re: how to manage Active queue

2008-11-21 Thread Brian Evans - Postfix List

Jevos, Peter wrote:
> Hi
>
> I'd like to ask you if it is possible to somehow manage active queue
>
> For example from the qshape program I can see that there is some mails
> in the active queue.
>
> How can I examine them or delete only special mails from the active
> queue
>
> I cannot examine logs, cause it's a lot of mega's and it comes from
> history.
>
> I only need to know what happened and who was sender and recipient,
> similar like a mailq report
> From the qshape I can see only sender or recipient domains
>
>   
See:
http://www.postfix.org/postqueue.1.html
http://www.postfix.org/postcat.1.html
http://www.postfix.org/postsuper.1.html

RE: how to manage Active queue

2008-11-21 Thread Jevos, Peter

> > Hi
> >
> > I'd like to ask you if it is possible to somehow manage active queue
> >
> > For example from the qshape program I can see that there is some
> mails
> > in the active queue.
> >
> > How can I examine them or delete only special mails from the active
> > queue
> >
> > I cannot examine logs, cause it's a lot of mega's and it comes from
> > history.
> >
> > I only need to know what happened and who was sender and recipient,
> > similar like a mailq report
> > From the qshape I can see only sender or recipient domains
> >
> >
> See:
> http://www.postfix.org/postqueue.1.html
> http://www.postfix.org/postcat.1.html
> http://www.postfix.org/postsuper.1.html

Thanks for your reply 

I know about this tools but unfortunately if i use postqueue -p I'm
expecting about 150 mails in the active queue ( which should be signed
by "*" )

But the output is the same like mailq, so there's only deferred mails

How can I examine those emails in the active queue ?

Thnaks

Br

pet

Re: how to manage Active queue

2008-11-21 Thread Terry Carmen




Brian Evans - Postfix List wrote:

Jevos, Peter wrote:
  

Hi

I'd like to ask you if it is possible to somehow manage active queue

For example from the qshape program I can see that there is some mails
in the active queue.

How can I examine them or delete only special mails from the active
queue

I cannot examine logs, cause it's a lot of mega's and it comes from
history.

I only need to know what happened and who was sender and recipient,
similar like a mailq report
From the qshape I can see only sender or recipient domains

  
Although Wietse would have the definitive answer, since the active queue 
is "active" (messages currently being processed) I don't think there's 
any way to safely manipulate them.


If you want to play with the messages, mark them as HOLD, modify, ignore 
or delete them, then release them.


Terry

forwarding mail to another MX on same domain

2008-11-21 Thread Khosrow Ebrahimpour

Hi postfix-users,

We recently migrated from a Sendmail/Cyrus environment to a Postfix/Courier 
setup. Some of the users had ".forward" files that would forward their mail 
to an exchange server in our network, and this was done with a file like this 
one : 

===
@ms-exch.example.com:[EMAIL PROTECTED]
===

Since the migration, this feature doesn't work anymore. ms-exch is a virtual 
host that maps to one of three actual servers. And the so simply putting a 
rule that would forward mail to [EMAIL PROTECTED] doesn't work. 
I've looked at transport maps but I'm not sure this problem can be solved 
using them.. as per the following thread:
http://groups.google.com/group/list.postfix.users/browse_thread/thread/733c642ef2ccab35/d7cac2e02e313d36

Any help is appreciated.

Thank you,
/Khosrow

Re: preventing backscatter with virtual_alias_maps

2008-11-21 Thread D G Teed

On Fri, Nov 21, 2008 at 9:14 AM, Wietse Venema <[EMAIL PROTECTED]> wrote:

> On Fri, Nov 21, 2008 at 3:39 AM, mouss <[EMAIL PROTECTED]> wrote:
> > if you have no domains in relay_domains, then you don't need
> > relay_recipient_maps nor reject_unverified_domains.
> >
> > you are using a "non standard" setup in the sense that you are declaring
> > the domains as virtual_alias_domains when they are relay_domains.
>
> D G Teed:
> > Perhaps "non standard" but it works best for us.
>
> If you choose to use "what works" instead of the documented
> guidelines, then you should not be surprised when things "stop
> working" after migration to a different Postfix version.
>
>Wietse
>

I'd like to see an example of a set up where we could use relay_domains
and provide the flexibility of sending to any of our inbox servers
within our domain, or forwarding a particular addresses email
to an outside email address like gmail.com

I'm sorry but it just isn't adding up to me from the docs.
When I tried relay_domains and a recipient maps file on a dev
server using swaks to deliver to a non-existant address, then I
saw the undesirable bounce as a new message.

--Donald

Re: 4.5.3 too many recipients

2008-11-21 Thread Mark Goodge




Michael De Groote wrote:

i have a very simple postfix setup running at school.

now the principal wants to send mails to all the parents that 
registered their emailaddress and signed on for a newsletter every 
week. This causes him to get a 452: 4.5.3 Too many recipients.


I tried setting the default_destination_recipient_limit = 250 
(instead of the standard 50) but it doenst work. I'm probably trying 
the wrong parameter here, but since i left that school at the end of 
last year - but they still call me for support - i don't really have 
a lot of time to spend searching for a solution on this one.


This isn't a Postfix issue; it's a mailing list management issue.

You need to use proper mailing list software instead of trying to send
it as a single email with all the recipients in the Bcc line (or, worse,
in the To or Cc).

There are three main options here: Either purchase dedicated software
which runs on Windows (simplest, but comes at a cost), or install
something like Mailman or majordomo on a Linux/BSD box (free, and easy
enough if you have the necessary skills but not something for a beginner).


Can someone point me in the right direction here please?


http://www.google.com/search?q=mailing+list+software

Mark
--
http://mark.goodge.co.uk - my pointless blog
http://www.good-stuff.co.uk - my less pointless stuff

Re: forwarding mail to another MX on same domain

2008-11-21 Thread Brian Evans - Postfix List

Khosrow Ebrahimpour wrote:
> Hi postfix-users,
>
> We recently migrated from a Sendmail/Cyrus environment to a Postfix/Courier 
> setup. Some of the users had ".forward" files that would forward their mail 
> to an exchange server in our network, and this was done with a file like this 
> one : 
>
> ===
> @ms-exch.example.com:[EMAIL PROTECTED]
> ===
>
>   

.forward files are only used on delivery by local(8) and must be in
alias(5) map format
> Since the migration, this feature doesn't work anymore. ms-exch is a virtual 
> host that maps to one of three actual servers. And the so simply putting a 
> rule that would forward mail to [EMAIL PROTECTED] doesn't work. 
> I've looked at transport maps but I'm not sure this problem can be solved 
> using them.. as per the following thread:
> http://groups.google.com/group/list.postfix.users/browse_thread/thread/733c642ef2ccab35/d7cac2e02e313d36
>   

transport(5) maps, like the documentation says, can use any key listed
in the Table Search Order section, including [EMAIL PROTECTED], to route
mail.
As mouss notes in that archived post, transport maps are highly
sensitive to outages.
Database maps (ldap,*sql) are allowed but must have high availability.

I suggest fully reading http://www.postfix.org/transport.5.html

Brian

Re: preventing backscatter with virtual_alias_maps

D G Teed a écrit :
> Perhaps "non standard" but it works best for us.
> 98% of our virtual map is mapped to one of three inbox
> servers, while the other 2% want to forward their
> stuff to gmail or some special service.  It seems
> the most flexible way to run a mapping.

but it is not. actually, relay_domains is the most flexible. and if not,
then virtual_mailbox_domains is my second choice. but let me not get
into this.

> I think the Postfix docs should include this method as
> a valid one for preventing backscatter. 

did you read ADDRESS CLASS README? because it doesn't help to debate
docs improvements with people who didn't read nad understand the
available docs.

> So many answers
> I've read say you require relay_recipient_maps to prevent
> backscatter generation, while one can get the same
> prevention with the right virtual mapping set up.
> 

There are many ways to setup a mail system. there are many ways to get
it right, and there are many more ways to get it wrong. if you can get
it right, feel free to be as imaginative as you can/want. but if you are
not as confident, then follow general setup advice. if you need non-free
(audit|consulting|securing|tuning|washing your sockets|...), some of us
here will be pleased to "help" you.

> Thanks for the confirmation on that.
> 
> --Donald
>

Re: preventing backscatter with virtual_alias_maps

D G Teed a écrit :
> I'd like to see an example of a set up where we could use relay_domains
> and provide the flexibility of sending to any of our inbox servers
> within our domain, or forwarding a particular addresses email
> to an outside email address like gmail.com 
> 

it doesn't take more than:

relay_domains = hash:/etc/postfix/relay_domains
relay_recipient_maps =  hash:/etc/postfix/relay_recipients

if you want to forward, simply add entries to vritual_alias_maps.

or do you confuse virtual_alias_maps and virtual_alias_domains? These
are completely different concepts.


> I'm sorry but it just isn't adding up to me from the docs.
> When I tried relay_domains and a recipient maps file on a dev
> server using swaks to deliver to a non-existant address, then I
> saw the undesirable bounce as a new message.
> 


if it doesn't work for you, then you did it wrong.

Re: forwarding mail to another MX on same domain

Khosrow Ebrahimpour:
> Hi postfix-users,
> 
> We recently migrated from a Sendmail/Cyrus environment to a Postfix/Courier 
> setup. Some of the users had ".forward" files that would forward their mail 
> to an exchange server in our network, and this was done with a file like this 
> one : 
> 
> ===
> @ms-exch.example.com:[EMAIL PROTECTED]


This is SMTP syntax that has been deprecated forever. RFC 822
(released 1982) discourages its use and later RFCs do the same.

Postfix supports this syntax only in SMTP commands, by removing
the @ms-exch.example.com: portion. And that would not work for you,
since you have multiple servers that accept only [EMAIL PROTECTED]
not [EMAIL PROTECTED]

> Since the migration, this feature doesn't work anymore. ms-exch is a virtual 
> host that maps to one of three actual servers. And the so simply putting a 
> rule that would forward mail to [EMAIL PROTECTED] doesn't work. 
> I've looked at transport maps but I'm not sure this problem can be solved 
> using them.. as per the following thread:

A transport maps entry like this:

[EMAIL PROTECTED]   smtp:ms-exch.example.com

Should do the job.

Wietse

Re: forwarding mail to another MX on same domain

On Fri, Nov 21, 2008 at 02:31:38PM -0500, Wietse Venema wrote:

> > Since the migration, this feature doesn't work anymore. ms-exch is a 
> > virtual 
> > host that maps to one of three actual servers. And the so simply putting a 
> > rule that would forward mail to [EMAIL PROTECTED] doesn't work. 
> > I've looked at transport maps but I'm not sure this problem can be solved 
> > using them.. as per the following thread:
> 
> A transport maps entry like this:
> 
> [EMAIL PROTECTED] smtp:ms-exch.example.com
> 
> Should do the job.

But may cause a loop if the mail ultimately returns to the same
server for final delivery. The OP has to explain the situation
in more detail if that is is the case.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Access Restriction Not Working

2008-11-21 Thread Carlos Williams

In my attempt to block my Postfix email server from receiving and
sending email to gmail, yahoo, hotmail, aol, and msn email accounts, I
created the following:

vim /etc/postfix/main.cf

smtpd_sender_restrictions = hash:/etc/postfix/access
reject_unauth_destination = hash:/etc/postfix/access

Then I created the file called 'access' and added the following entry:

vim /etc/postfix/access

gmail.com REJECT

I then ran postmap against the newly created 'access' file:

postmap hash:/etc/postfix/access

Reloaded postfix mail server

mail:/etc/postfix# postfix reload
postfix/postfix-script: refreshing the Postfix mail system

The problem I have is nobody from the specific domains are able to
send email to my mail server. It rejects like it should however I am
still able to send mail to those domains from my Postfix email server.
It appears that 1/2 of the rule is working and I don't know what I did
wrong.

Anyone know?

I checked /var/log/mail.err and found nothing.

Nov 21 14:17:26 mail postfix/smtpd[5425]: NOQUEUE: reject: RCPT from
yx-out-1718.google.com[74.125.44.157]: 554 5.7.1
<[EMAIL PROTECTED]>: Sender address rejected: Access denied;
from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
helo=

Inbound = blocked
Outbound = still works

Why?

Re: Access Restriction Not Working

2008-11-21 Thread Terry Carmen


Carlos Williams wrote:

In my attempt to block my Postfix email server from receiving and
sending email to gmail, yahoo, hotmail, aol, and msn email accounts, I
created the following:

vim /etc/postfix/main.cf

smtpd_sender_restrictions = hash:/etc/postfix/access
reject_unauth_destination = hash:/etc/postfix/access
  

I don't beleive that reject_unauth_destination accepts parameters.

Terry

Re: Access Restriction Not Working

2008-11-21 Thread Brian Evans - Postfix List

Carlos Williams wrote:
> In my attempt to block my Postfix email server from receiving and
> sending email to gmail, yahoo, hotmail, aol, and msn email accounts, I
> created the following:
>
> vim /etc/postfix/main.cf
>   

We prefer 'postconf -n' for a good reason. It shows you (most times)
what Postfix is using
> smtpd_sender_restrictions = hash:/etc/postfix/access
> reject_unauth_destination = hash:/etc/postfix/access
>   

That last line does nothing except set an unknown variable.
> Then I created the file called 'access' and added the following entry:
>
> vim /etc/postfix/access
>
> gmail.com REJECT
>
> The problem I have is nobody from the specific domains are able to
> send email to my mail server. It rejects like it should however I am
> still able to send mail to those domains from my Postfix email server.
> It appears that 1/2 of the rule is working and I don't know what I did
> wrong.
>
> Anyone know?
>
> I checked /var/log/mail.err and found nothing.
>
> Nov 21 14:17:26 mail postfix/smtpd[5425]: NOQUEUE: reject: RCPT from
> yx-out-1718.google.com[74.125.44.157]: 554 5.7.1
> <[EMAIL PROTECTED]>: Sender address rejected: Access denied;
> from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
> helo=
>
> Inbound = blocked
> Outbound = still works
>
> Why?
>   

Outbound may come in several different ways, if via pickup (sendmail
command) smtpd restrictions will not help.
If it does come in via smtpd you may do:
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/access, permit_mynetworks, reject_unauth_destination
(... more checks if required)

*WARNING* do NOT list an OK in the /etc/postmap/access file or you will
be an Open Relay.

Brian

backscatter with virtual domain

2008-11-21 Thread Quanah Gibson-Mount


Hi,

First, sorry if this lacks some detail, dealing with email delivery is not 
my normal thing (I generally work more purely in code realms. :P ). 
However, I've been assigned to write a milter to deal with backscatter spam 
that can be generated by our virtual domain setup, and first I'd like to 
verify that's the correct approach, vs something that postfix can already 
do, since it has a lot of ways to deal with things like this.


Basic setup:  All of our users are stored in LDAP, and we use ldap maps 
with postfix.


[EMAIL PROTECTED] conf]$ grep ldap main.cf
sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf
virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf



The problem description I've been given is:

We need a milter that validates RCPT To: content specifically for alias 
domains.  Currently we automatically accept email for alias domains and 
then generate a bounce.  This has the potential for backscatter abuse and 
we'd like to close this hole for hosed and still be able to offer alias 
domains without adding aliases to each account. The problem with alias 
domains is we define them as a catchall domain @aliasdomain.com so it 
automatically accepts the email for that domain and then does the rewrite 
to [EMAIL PROTECTED], if that user doesn't exist it bounces.  We want the 
milter to reject at rcpt_to time instead of allowing the bounce.  My guess 
is you'll have to insert it on smtp_recipient_restrictions as opposed to 
using the normal milter rules, which normally work on queued mail.



Thanks,
Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc

Zimbra ::  the leader in open source messaging and collaboration

Re: backscatter with virtual domain

On Fri, Nov 21, 2008 at 12:06:17PM -0800, Quanah Gibson-Mount wrote:

> [EMAIL PROTECTED] conf]$ grep ldap main.cf
> sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf

Don't use sender_canonical_maps. Use either canonical_maps or
smtp_generic_maps as appropriate. Header recipients become "senders"
(really addresses to reply-to) when Reply-All is used, so you really
need to rewrite all addresses (sender and recipient) uniformly.

> virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
> virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
> virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
> virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
> transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
> 
> The problem description I've been given is:
> 
> We need a milter that validates RCPT To: content specifically for alias 
> domains.  Currently we automatically accept email for alias domains and 
> then generate a bounce.

What is an "alias domain"? Do you have wildcard aliases in the
virtual_alias_maps tables? DO NOT use these. They break recipient
validation.

> This has the potential for backscatter abuse and 
> we'd like to close this hole for hosed and still be able to offer alias 
> domains without adding aliases to each account.

Add aliases to each account.

> The problem with alias 
> domains is we define them as a catchall domain @aliasdomain.com so it 
> automatically accepts the email for that domain and then does the rewrite 
> to [EMAIL PROTECTED], if that user doesn't exist it bounces.

Add aliases to each account. Or define a set of domains that share the
same namespace a single representative domain and use:

domain = list of alias domains
query = [EMAIL PROTECTED]

> We want the 
> milter to reject at rcpt_to time instead of allowing the bounce.  My guess 
> is you'll have to insert it on smtp_recipient_restrictions as opposed to 
> using the normal milter rules, which normally work on queued mail.

Why use a complex multi-threaded milter when a much simpler policy
service will do? But, better yet, don't break recipient validation.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: forwarding mail to another MX on same domain

On Fri, Nov 21, 2008 at 1:31 PM, Wietse Venema <[EMAIL PROTECTED]> wrote:
> A transport maps entry like this:
>
>[EMAIL PROTECTED]smtp:ms-exch.example.com
>
> Should do the job.

Interesting. I think this may answer the question I posted last night
about "Preventing local forwarding for some local domains". Rather
than preventing local forwarding, I can just map the users to another
smtp server.

Ville

Re: forwarding mail to another MX on same domain

2008-11-21 Thread Khosrow Ebrahimpour

First, thanks for the response everyone.

> > A transport maps entry like this:
> >
> > [EMAIL PROTECTED]   smtp:ms-exch.example.com
> >
> > Should do the job.
>
> But may cause a loop if the mail ultimately returns to the same
> server for final delivery. The OP has to explain the situation
> in more detail if that is is the case.

I tried that solution, and it in fact caused a loop. My exact setup was the 
following:

in main.cf I had 

transport_maps=/etc/postfix/transport

and in /etc/postfix/transport I had

[EMAIL PROTECTED]   smtp:ms-exch.cmc.ec.gc.ca

the end result of this was that no mail was getting to user 
[EMAIL PROTECTED]

I think this is due to the fact that we also have ms-exch defined as the 
fallback_transport in main.cf. I will re-read 
http://www.postfix.org/transport.5.html as has been suggested. Any insight is 
definitely welcome.

cheers,
/Khosrow

Re: forwarding mail to another MX on same domain

On Fri, Nov 21, 2008 at 08:34:35PM +, Khosrow Ebrahimpour wrote:

> > > A transport maps entry like this:
> > >
> > > [EMAIL PROTECTED] smtp:ms-exch.example.com
> > >
> > > Should do the job.
> >
> > But may cause a loop if the mail ultimately returns to the same
> > server for final delivery. The OP has to explain the situation
> > in more detail if that is is the case.
> 
> I tried that solution, and it in fact caused a loop. My exact setup was the 
> following:

What sort of loop did it cause? How do you expect Postfix to differentiate
between the recipient when created via list expansion, and the same
recipient when mail returns to you after external filtering?

> in main.cf I had 
> 
>   transport_maps=/etc/postfix/transport
>   
> and in /etc/postfix/transport I had
> 
>   [EMAIL PROTECTED]   smtp:ms-exch.cmc.ec.gc.ca
> 
> the end result of this was that no mail was getting to user 
> [EMAIL PROTECTED]

Think it through, and post a flow description, showing all the steps
the mail will traverse, what the recipient addresses are at each stage,
and how you want the mail processed.

> I think this is due to the fact that we also have ms-exch defined as the 
> fallback_transport in main.cf. I will re-read 
> http://www.postfix.org/transport.5.html as has been suggested. Any insight is 
> definitely welcome.

Don't guess, design and document. Once you have a design, we can refine
the implementation strategy.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: forwarding mail to another MX on same domain

2008-11-21 Thread Khosrow Ebrahimpour

Just a correction. The solution that Wietse had suggested does work. I had 
forgotten one crucial step: re-building the lookup table. After I 
ran "postmap /etc/postfix/transport" the forwarding now works correctly.

Re: how to manage Active queue

2008-11-21 Thread Noel Jones


Jevos, Peter wrote:

Hi

I'd like to ask you if it is possible to somehow manage active queue

For example from the qshape program I can see that there is some

mails

in the active queue.

How can I examine them or delete only special mails from the active
queue

I cannot examine logs, cause it's a lot of mega's and it comes from
history.

I only need to know what happened and who was sender and recipient,
similar like a mailq report
From the qshape I can see only sender or recipient domains



See:
http://www.postfix.org/postqueue.1.html
http://www.postfix.org/postcat.1.html
http://www.postfix.org/postsuper.1.html


Thanks for your reply 


I know about this tools but unfortunately if i use postqueue -p I'm
expecting about 150 mails in the active queue ( which should be signed
by "*" )

But the output is the same like mailq, so there's only deferred mails

How can I examine those emails in the active queue ?

Thnaks

Br

pet


"postqueue -p" and "mailq" show all mail in the queue, 
including all deferred and all active.


If "postqueue -p" doesn't show anything in the active queue 
it's probably because there isn't anything in the active queue.


For general queue management, you might look at the "pfqueue" 
add-on program:

http://pfqueue.sourceforge.net/

--
Noel Jones

Re: Address Verification Header

2008-11-21 Thread Noel Jones


Jason Wohlford wrote:


On Nov 15, 2008, at 1:36 PM, Noel Jones wrote:


Jason Wohlford wrote:
Is there any way to perform an address verification on a message and 
then add a header to the message? I'd like to let postfix do address 
verification and then report the result to spamassassin. Suggestions?

Cheers,
Jason


Postfix doesn't have a mechanism to record the results of the address 
probe in the received message.


Your best alternative may be a sender verification add-on for 
SpamAssassin; google around for that.  Sometimes also called sender 
call back.


Or you could use a postfix policy service with this feature - but you 
might have to write your own or modify an existing one.



I see it is possible to set the unverified_recipient_reject_code to 250. 
Does this mean postfix will do address verification and then let the 
original message pass?


If an address probe returns a 550 status, postfix will still 
accept the mail.  If the probe fails (couldn't contact the 
sender's MX) postfix will still defer the mail with a 450 error.


My end goal is to let postfix handle the address verification, while 
another process handles the rejection. A spamassassin plugin (or another 
bit of software) could query the address_verify_map (or mail logs) and 
then act accordingly.


Comments?


DO NOT bounce mail after you've accepted it.  Any after-queue 
content_filter MUST NOT reject mail.  This causes backscatter 
and will get you blacklisted.


Seems like I've seen some milters that do address 
verification, maybe some of those integrate with SpamAssassin.



--
Noel Jones

Re: Postfix and quota clarification

Rocco Scappatura a écrit :
> Hello,
> 
> I have a post-office platform based on
> Postfix-2.5.2+Courier-IMAP-4.0.1-Courier-authlib-0.53+MySQL-5.0.33.
> 
> Can someone give some hint on how enable (and verify that works) quota
> on mailboxes?
> 

1- there is no quota support in postfix.
2- there is no safe quota support in any MTA. most quota implementations
will send a bounce, which may resultin backscatter
3- if you can queue mail, you can deliver it ;-p
4- disks don't cost too much now.
5- if your users abuse mail, destroy their heads, not ours.

Re: something about maillog

2008-11-21 Thread Juan Miscaro

2008/11/20 Victor Duchovni <[EMAIL PROTECTED]>:
> On Thu, Nov 20, 2008 at 09:32:03PM -0500, Jorge E. Rojas wrote:
>
>> hi
>>
>> somebody can tell me how (if possible) have a full date (i.e. with the
>> year) in the maillog  ?
>
> Use syslog-ng

or rsyslog

/juan

Re: Access Restriction Not Working

Carlos Williams a écrit :
> In my attempt to block my Postfix email server from receiving and
> sending email to gmail, yahoo, hotmail, aol, and msn email accounts, I
> created the following:
> 
> vim /etc/postfix/main.cf
> 
> smtpd_sender_restrictions = hash:/etc/postfix/access
> reject_unauth_destination = hash:/etc/postfix/access
> 
> Then I created the file called 'access' and added the following entry:
> 
> vim /etc/postfix/access
> 
> gmail.com REJECT
> 
> I then ran postmap against the newly created 'access' file:
> 
> postmap hash:/etc/postfix/access
> 
> Reloaded postfix mail server
> 
> mail:/etc/postfix# postfix reload
> postfix/postfix-script: refreshing the Postfix mail system
> 
> The problem I have is nobody from the specific domains are able to
> send email to my mail server. It rejects like it should however I am
> still able to send mail to those domains from my Postfix email server.
> It appears that 1/2 of the rule is working and I don't know what I did
> wrong.
> 
> Anyone know?
> 
> I checked /var/log/mail.err and found nothing.
> 
> Nov 21 14:17:26 mail postfix/smtpd[5425]: NOQUEUE: reject: RCPT from
> yx-out-1718.google.com[74.125.44.157]: 554 5.7.1
> <[EMAIL PROTECTED]>: Sender address rejected: Access denied;
> from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
> helo=
> 
> Inbound = blocked
> Outbound = still works
> 
> Why?

Please read the docs available on the postfix site. if you have a
problem with a "howto", complain to its author.

the old and obsolete

smtpd_sender_restrictions = $map

is equivalent to the new

smtpd_sender_restrictions =
check_sender_access $map

so please use the new syntax.

Re: Postfix and quota clarification

mouss:
> Rocco Scappatura a ?crit :
> > Hello,
> > 
> > I have a post-office platform based on
> > Postfix-2.5.2+Courier-IMAP-4.0.1-Courier-authlib-0.53+MySQL-5.0.33.
> > 
> > Can someone give some hint on how enable (and verify that works) quota
> > on mailboxes?
> > 
> 
> 1- there is no quota support in postfix.

However, Postfix supports access maps that can reject mail for
over-quota users, if you are willing to periodically add up all
the mail each user has.

Wietse

> 2- there is no safe quota support in any MTA. most quota implementations
> will send a bounce, which may resultin backscatter
> 3- if you can queue mail, you can deliver it ;-p
> 4- disks don't cost too much now.
> 5- if your users abuse mail, destroy their heads, not ours.
> 
>

Re: backscatter with virtual domain

2008-11-21 Thread Quanah Gibson-Mount

--On Friday, November 21, 2008 3:15 PM -0500 Victor Duchovni
<[EMAIL PROTECTED]> wrote:

On Fri, Nov 21, 2008 at 12:06:17PM -0800, Quanah Gibson-Mount wrote:

[EMAIL PROTECTED] conf]$ grep ldap main.cf
sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf

Don't use sender_canonical_maps. Use either canonical_maps or
smtp_generic_maps as appropriate. Header recipients become "senders"
(really addresses to reply-to) when Reply-All is used, so you really
need to rewrite all addresses (sender and recipient) uniformly.

Thanks, I've filed a bug to have this fixed in a later release.

virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf

The problem description I've been given is:

We need a milter that validates RCPT To: content specifically for alias
domains. Currently we automatically accept email for alias domains and
then generate a bounce.

What is an "alias domain"? Do you have wildcard aliases in the
virtual_alias_maps tables? DO NOT use these. They break recipient
validation.

Our virtual alias maps table looks at the user accounts, not domains, so I
think the answer here is no?

ldap-vam.cf has:

query_filter =
(&(|(zimbraMailDeliveryAddress=%s)(zimbraMailAlias=%s)(zimbraMailCatchAllAddress=%s))(zimbraMailStatus=enabled))
result_attribute =
zimbraMailDeliveryAddress,zimbraMailForwardingAddress,zimbraPrefMailForwardingAddress,zimbraMailCatchAllForwardingAddress

In my test server configuration, I have two domains,
freelancer.lab.zimbra.com, and tribes.lab.zimbra.com, which is aliased to
freelancer.lab.zimbra.com. As far as email goes, email to
"[EMAIL PROTECTED]" is then sent to
"[EMAIL PROTECTED]". Sending an email to a non-existent
user @tribes.lab.zimbra.com generates a bounce that that user
@freelancer.lab.zimbra.com doesn't exist.

This has the potential for backscatter abuse and
we'd like to close this hole for hosed and still be able to offer alias
domains without adding aliases to each account.

Add aliases to each account.

I've been informed that adding aliases to every account is not an option at
this time.

The problem with alias
domains is we define them as a catchall domain @aliasdomain.com so it
automatically accepts the email for that domain and then does the
rewrite to [EMAIL PROTECTED], if that user doesn't exist it bounces.

Add aliases to each account. Or define a set of domains that share the
same namespace a single representative domain and use:

domain = list of alias domains
query = [EMAIL PROTECTED]

I've been informed that this isn't a workable option, either. I think
because we host multiple domains, and those domains may all have their
unique sets of aliases. But again, this isn't my normal knowledge base.

We want the
milter to reject at rcpt_to time instead of allowing the bounce. My
guess is you'll have to insert it on smtp_recipient_restrictions as
opposed to using the normal milter rules, which normally work on queued
mail.

Why use a complex multi-threaded milter when a much simpler policy
service will do? But, better yet, don't break recipient validation.

So, I'm guessing not breaking recipient validation means adding aliases,
which I can't do, or the above bit about the domain and query, which I also
apparently can't do. I'll look into a policy service, thanks!

--Quanah

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc

Zimbra :: the leader in open source messaging and collaboration

Re: forwarding mail to another MX on same domain

On Fri, Nov 21, 2008 at 1:31 PM, Wietse Venema <[EMAIL PROTECTED]> wrote:
> A transport maps entry like this:
>
>[EMAIL PROTECTED]smtp:ms-exch.example.com

It also seems to be possible to redirect an entire domain to another
smtp server..

@example.comsmtp:ms-exch.example.com

This is good news! :-)

Ville

Re: Address Verification Header

On Fri, Nov 21, 2008 at 04:37:04PM -0600, Noel Jones wrote:

> >My end goal is to let postfix handle the address verification, while 
> >another process handles the rejection. A spamassassin plugin (or another 
> >bit of software) could query the address_verify_map (or mail logs) and 
> >then act accordingly.
> >
> >Comments?
> 
> DO NOT bounce mail after you've accepted it.  Any after-queue 
> content_filter MUST NOT reject mail.  This causes backscatter 
> and will get you blacklisted.

The Postfix address_verify_maps is not designed for concurrent access,
attempts to read it while the verify service is active (i.e. Postfix
is running) will lead to crashes. The OP must not do this.

The verify client protocol is not public, so queries from policy services
or milters to the verify service are also not supported.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: forwarding mail to another MX on same domain

On Fri, Nov 21, 2008 at 11:13:51PM -0600, Ville Walveranta wrote:

> On Fri, Nov 21, 2008 at 1:31 PM, Wietse Venema <[EMAIL PROTECTED]> wrote:
> > A transport maps entry like this:
> >
> >[EMAIL PROTECTED]smtp:ms-exch.example.com
> 
> It also seems to be possible to redirect an entire domain to another
> smtp server..
> 
> @example.comsmtp:ms-exch.example.com
> 

Wrong syntax. In the transport table, domains don't start with
an "@".

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Limiting header_checks by domain or interface

Is it possible to limit header_checks either by recipient domain or by
listening interface? I'd like to remove certain headers, but only from
specific domains.

Ville

Re: forwarding mail to another MX on same domain

On Fri, Nov 21, 2008 at 11:18 PM, Victor Duchovni
<[EMAIL PROTECTED]> wrote:
> Wrong syntax. In the transport table, domains don't start with
> an "@".

Ok, I corrected it (although it seemed to work with an "@", too).

Ville

Re: forwarding mail to another MX on same domain

On Fri, Nov 21, 2008 at 11:29:55PM -0600, Ville Walveranta wrote:

> On Fri, Nov 21, 2008 at 11:18 PM, Victor Duchovni
> <[EMAIL PROTECTED]> wrote:
> > Wrong syntax. In the transport table, domains don't start with
> > an "@".
> 
> Ok, I corrected it (although it seemed to work with an "@", too).

Your observations were in error:

http://www.postfix.org/transport.5.html

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: forwarding mail to another MX on same domain

On Fri, Nov 21, 2008 at 11:41 PM, Victor Duchovni
<[EMAIL PROTECTED]> wrote:
> Your observations were in error..

You're correct. I hadn't refreshed the system after I made the change.

Ville

Re: Address Verification Header

2008-11-21 Thread Jason Wohlford



On Nov 21, 2008, at 11:17 PM, Victor Duchovni wrote:


On Fri, Nov 21, 2008 at 04:37:04PM -0600, Noel Jones wrote:


My end goal is to let postfix handle the address verification, while
another process handles the rejection. A spamassassin plugin (or  
another
bit of software) could query the address_verify_map (or mail logs)  
and

then act accordingly.

Comments?


DO NOT bounce mail after you've accepted it.  Any after-queue
content_filter MUST NOT reject mail.  This causes backscatter
and will get you blacklisted.


The Postfix address_verify_maps is not designed for concurrent access,
attempts to read it while the verify service is active (i.e. Postfix
is running) will lead to crashes. The OP must not do this.

The verify client protocol is not public, so queries from policy  
services

or milters to the verify service are also not supported.


Understood. That's why I'm asking the list before I even attempt crazy  
feats of voodoo.


--
Jason Wohlford
<[EMAIL PROTECTED]>

Re: Address Verification Header

2008-11-21 Thread Jason Wohlford



On Nov 21, 2008, at 4:37 PM, Noel Jones wrote:


Jason Wohlford wrote:

On Nov 15, 2008, at 1:36 PM, Noel Jones wrote:

Jason Wohlford wrote:
Is there any way to perform an address verification on a message  
and then add a header to the message? I'd like to let postfix do  
address verification and then report the result to spamassassin.  
Suggestions?

Cheers,
Jason


Postfix doesn't have a mechanism to record the results of the  
address probe in the received message.


Your best alternative may be a sender verification add-on for  
SpamAssassin; google around for that.  Sometimes also called  
sender call back.


Or you could use a postfix policy service with this feature - but  
you might have to write your own or modify an existing one.
I see it is possible to set the unverified_recipient_reject_code to  
250. Does this mean postfix will do address verification and then  
let the original message pass?


If an address probe returns a 550 status, postfix will still accept  
the mail.  If the probe fails (couldn't contact the sender's MX)  
postfix will still defer the mail with a 450 error.


I'm not following. I know I've done verification before and it  
definitely rejects mail. Would you be so kind as to elaborate?



My end goal is to let postfix handle the address verification,  
while another process handles the rejection. A spamassassin plugin  
(or another bit of software) could query the address_verify_map (or  
mail logs) and then act accordingly.

Comments?


DO NOT bounce mail after you've accepted it.  Any after-queue  
content_filter MUST NOT reject mail.  This causes backscatter and  
will get you blacklisted.


Seems like I've seen some milters that do address verification,  
maybe some of those integrate with SpamAssassin.


All my stuff happens before-queue. Thanks to who ever came up with  
that. Go postfix.


--
Jason Wohlford
<[EMAIL PROTECTED]>

Re: forwarding mail to another MX on same domain