Bounces for the relocated?

[Ville Walveranta]

I've been experimenting with relocated_maps as well as user-specific entries
in transport_maps. They work, but they also terminate the SMTP conversation
with the defined message. In my configuration the sender would never see
that message because the mail is received by the external spam filtering
service, then forwarded to the local server which serves as the final
destination for the domains.

So I'm wondering if it would be possible to accept the mail, blackhole it,
and send a bounce-message to the sender with a "User unknown" message.
User-specific blackholing seems to be easy to implement, but how about the
"user unknown" bounce message? I'd like to be able to "actively notify"
(with a bounce) the sender about non-existence of some old accounts.

Thanks for the insights!

Ville

Re: Spam

[mouss]

ma...@satnetcom.com a écrit :
> Hi mouss,
> thank you for advise.
> but i will not use  :
> reject_invalid_helo_hostname
>  reject_non_fqdn_helo_hostname
> 
> because a lot of our clients customer or their friend was rejected
> because of their mail server not passed invalid helo hostname and non fqdn.
> 


reject_non_fqdn_helo_hostname may indeed block mail from misconfigured
systems.

I have never heard of reject_invalid_helo_hostname blocking legitimate
systems.

Re: Bounces for the relocated?

[Barney Desmond]

Ville Walveranta wrote:
> So I'm wondering if it would be possible to accept the mail, blackhole it,
> and send a bounce-message to the sender with a "User unknown" message.
> User-specific blackholing seems to be easy to implement, but how about the
> "user unknown" bounce message? I'd like to be able to "actively notify"
> (with a bounce) the sender about non-existence of some old accounts.

It sounds like you just want an autoresponder, something like procmail
and/or vacation will probably do what you want. You'll still have to
explicitly accept mail for those users and deal with it. Note that this
is *not* "bouncing", that's the last thing you want, as it can easily
cause backscatter. Similarly, you should be very careful with any such
autoresponder that you setup for this.



signature.asc
Description: OpenPGP digital signature

last message repeated 3 times

[gianlucabrt]

Hi

Why in my maillog i see sometime "last message repeated 3 times"?

Another problem that i see in maillog when i open outlook is:

imap-login: Login: user=, method=PLAIN, rip=:::., lip=:::
Dec 13 01:17:17 mail dovecot: IMAP(user): Disconnected in IDLE


Any Ideas???

Vuoi essere presente online? Vuoi dare voce alla tua attivita`? Acquista un dominio su domini.interfree.it.A partire da 18,59 euro

Re: last message repeated 3 times

[PauAmma]

On Sat, 13 Dec 2008, gianluca...@interfree.it wrote:


Hi Why in my maillog i see sometime "last message repeated 3 times"?


Because the message just above that line was repeated 3 times within a 
short time, with no other syslogged message in-between. See man 8 syslogd, 
or the equivalent for your OS and or syslog replacement.



Another problem that i see in maillog when i open outlook is: imap-login:
Login: user=, method=PLAIN, rip=:::., lip=:::
Dec 13 01:17:17 mail dovecot: IMAP(user): Disconnected in IDLE Any
Ideas???


Looks like a dovecot or outlook problem, not a postfix problem.

Re: last message repeated 3 times

[mouss]

gianluca...@interfree.it a écrit :
> Hi Why in my maillog i see sometime "last message repeated 3 times"?

when syslog receives the same message N times, it shows this instead of
writing the message N times. if the "last message" is a postfix message,
 you may show it here. otherwise, it's not a postfix related issue.

> Another problem that i see in maillog when i open outlook is:
> imap-login: Login: user=, method=PLAIN, rip=:::.,
> lip=::: Dec 13 01:17:17 mail dovecot: IMAP(user):
> Disconnected in IDLE Any Ideas???


This is a dovecot log. there's an outlook-idle workaround, but this may
be unrelated. ask on the dovecot list but
- search before
- if you ask, provide enough infos on your config and on the problem

Re: fight spam problem: sender equal to receiver

[Roland Plüss]

The problem is that it doesn't seem to work neither the way mentioned in
the threads nor adding the dns bypass... I've got again 20 of those same
spam shit in my inbox today. It's going on my nerves. Is there no way to
stop this?

Jan P. Kessler wrote:
> Roland Plüss schrieb:
>> I'll try mapping zen.spamhaus.org to 127.0.0.2 in my /etc/hosts. This
>> should not require a DNS lookup and hopefully it works then. Let's see
>>   
>
> You must not do this if you want to use zen.spamhaus.org. Please
> follow the given advices and read something about how dnsbls work. A
> good point to start might be http://www.spamhaus.org/dnsbl_function.html
>
>

-- 
Yours sincerely
Plüss Roland

Leader and Head Programmer
- Game: Epsylon ( http://epsylon.rptd.ch/ ,
http://www.moddb.com/games/4057/epsylon )
- Game Engine: Drag(en)gine ( http://dragengine.rptd.ch ,
http://www.moddb.com/engines/9/dragengine )
- Normal Map Generator: DENormGen ( http://epsylon.rptd.ch/denormgen.php )



signature.asc
Description: OpenPGP digital signature

Re: Bounces for the relocated?

[Sahil Tandon]

Ville Walveranta wrote:

> I've been experimenting with relocated_maps as well as user-specific entries
> in transport_maps. They work, but they also terminate the SMTP conversation
> with the defined message. In my configuration the sender would never see
> that message because the mail is received by the external spam filtering
> service, then forwarded to the local server which serves as the final
> destination for the domains.
> 
> So I'm wondering if it would be possible to accept the mail, blackhole it,
> and send a bounce-message to the sender with a "User unknown" message.

No, this is backscatter.  Do not accept mail that you intend to bounce.
Relocated maps should be setup on the MX that sits on the border; not
an internal mail server.

-- 
Sahil Tandon 

Regexp aliases

[Nikita Kipriyanov]

We run a mail server with virtual domains (mainly there are mailbox 
domains).


For a certain things same aliases needed in the each and every virtual 
domain in the system. For example, all these domains maintained by same 
people, so it is good thing to have each domain's postmaster mapped to 
the same internal distribution list. There are also other common aliases.


To simplify things, I added a regexp table 
(/etc/postfix/virtual_alias_maps-special):


/^postmaster@/ postmaster

This table is referenced in the main.cf this way:
virtual_alias_maps = regexp:/etc/postfix/virtual_alias_maps-special 
mysql:/etc/postfix/virtual_alias_maps.cf


There is no address rewriting, masqerading and other things that change 
destination or source address. We're using only local aliases and 
virtual aliases. There is also no per-recipient transports and 
relayhost, any mail is delivered directly to recipient's MX servers.


The local alias table redirects postmaster's mail further.

Of course, this catches all mail for each domain's postmaster. But, now 
I'm not able to send any mail to any external postmaster 
(postmas...@some.domain, some.domain isn't a virtual, relay or canonical 
domain) with this server. If I try to send mail, for example, to 
postmas...@postfix.org, it's getting catched and delivered to my 
postmaster list.
Still, if I try to deliver mail to postmas...@postfix.org through this 
server from external systems without SMTP authentication, it rejects 
with "Relay access denied".


Why Postfix behaves like this? How to catch only 'incoming' mail, and to 
send it away it if recipiend domain isn't listed in the virtual, local, 
and relay domain tables?

Re: fight spam problem: sender equal to receiver

[mouss]

Roland Plüss a écrit :
> The problem is that it doesn't seem to work neither the way mentioned in
> the threads nor adding the dns bypass... I've got again 20 of those same
> spam shit in my inbox today. It's going on my nerves. Is there no way to
> stop this?
> 

There is no "dns bypass". I did not tell you to edit /etc/hosts. I told
you to run the following command:

host 2.0.0.127.zen.spamhaus.org

in short, connect to your postfix server and in the terminal, type the
line above, hit "ENTER" and see what the system tells you. "host" is
similar to "nslookup". Am I clear now?


Also, post the output of
postconf -n
Last time you showed it, you did not have zen in your config.

Re: connect to transport mysql: No such file or directory - please help?

[jweinbergerhj]

--- In post...@yahoogroups.com, Brian Evans - Postfix List  wrote:
>
> jweinbergerhj wrote:
> >>
> >> mysql is a map type not a transport.
> >> It cannot be set in relay_transport.
> >> http://www.postfix.org/postconf.5.html#relay_transport
> >>
> >> Brian
> >>
> >>
> >
> > Brian, thanks!
> >
> > This does seem so obvious...but there are a few docs out there that show 
> > transport
maps
> > (and I use the transport_maps directive with a mysql table as you see)
> >
> > I assume the same applies to virtual_transport?
> >
>
> transport_maps accepts map definitions.
> mumble_transport accepts transport definitions that exist in master.cf.
>
> > and that both are over-ridden by my transport_maps directive?
> >
>
> This is correct. transport_maps are global and take precedence over
> defaults.
>
> Brian
>

Brian - Thank you again!!

I"m not completely sure what you mean by:

> transport_maps accepts map definitions.
> mumble_transport accepts transport definitions that exist in master.cf.

My understanding is that transport_maps is a table of the form:

domain.tldtransport:nexthop

that tells postfix to send mail for domain.tld (or whatever is specified there) 
using a
transport called 'transport' which is defined in master.cf - it works for me 
that way

I don't know what mumble_transport is...I looked for that parameter and could 
not find it.
It's not listed in ttp://www.postfix.org/postconf.5.html - can you explain what 
you mean
by "accepts transport definitions that exist in master.cf" and/or point me to 
some
reference material on mumble_transport?

Thank you!!

Re: Regexp aliases

[Sahil Tandon]

Nikita Kipriyanov wrote:

> We run a mail server with virtual domains (mainly there are mailbox  
> domains).
>
> For a certain things same aliases needed in the each and every virtual  
> domain in the system. For example, all these domains maintained by same  
> people, so it is good thing to have each domain's postmaster mapped to  
> the same internal distribution list. There are also other common aliases.
>
> To simplify things, I added a regexp table  
> (/etc/postfix/virtual_alias_maps-special):
>
> /^postmaster@/ postmaster
>
> This table is referenced in the main.cf this way:
> virtual_alias_maps = regexp:/etc/postfix/virtual_alias_maps-special  
> mysql:/etc/postfix/virtual_alias_maps.cf
>
> There is no address rewriting, masqerading and other things that change  
> destination or source address. We're using only local aliases and  
> virtual aliases. There is also no per-recipient transports and  
> relayhost, any mail is delivered directly to recipient's MX servers.
>
> The local alias table redirects postmaster's mail further.
>
> Of course, this catches all mail for each domain's postmaster. But, now  
> I'm not able to send any mail to any external postmaster  
> (postmas...@some.domain, some.domain isn't a virtual, relay or canonical  
> domain) with this server. If I try to send mail, for example, to  
> postmas...@postfix.org, it's getting catched and delivered to my  
> postmaster list.
> Still, if I try to deliver mail to postmas...@postfix.org through this  
> server from external systems without SMTP authentication, it rejects  
> with "Relay access denied".

Good, this means your server is not an open relay.

> Why Postfix behaves like this? How to catch only 'incoming' mail, and to  
> send it away it if recipiend domain isn't listed in the virtual, local,  
> and relay domain tables?

Because, as documented, virtual(5) mapping can be applied to non-local
addresses.  Your problem is somewhat of a FAQ; search the archives for
proposed workarounds.

-- 
Sahil Tandon 

Re: Regexp aliases

[mouss]

Nikita Kipriyanov a écrit :
> We run a mail server with virtual domains (mainly there are mailbox
> domains).
> 
> For a certain things same aliases needed in the each and every virtual
> domain in the system. For example, all these domains maintained by same
> people, so it is good thing to have each domain's postmaster mapped to
> the same internal distribution list. There are also other common aliases.
> 
> To simplify things, I added a regexp table
> (/etc/postfix/virtual_alias_maps-special):
> 
> /^postmaster@/ postmaster
> 
> This table is referenced in the main.cf this way:
> virtual_alias_maps = regexp:/etc/postfix/virtual_alias_maps-special
> mysql:/etc/postfix/virtual_alias_maps.cf
> 
> There is no address rewriting, masqerading and other things that change
> destination or source address. We're using only local aliases and
> virtual aliases. There is also no per-recipient transports and
> relayhost, any mail is delivered directly to recipient's MX servers.
> 
> The local alias table redirects postmaster's mail further.
> 
> Of course, this catches all mail for each domain's postmaster. But, now
> I'm not able to send any mail to any external postmaster
> (postmas...@some.domain, some.domain isn't a virtual, relay or canonical
> domain) with this server. If I try to send mail, for example, to
> postmas...@postfix.org, it's getting catched and delivered to my
> postmaster list.


virtual_alias_maps apply to _all_ domains. you should only setup these
aliases for your own domains. since you are using mysql, let mysql do it
for you:

virtual_alias_maps =
mysql:/etc/postfix/virtual_alias_maps.cf
mysql:/etc/postfix/standard_aliases.cf

and in the latter, use something like:

query = select 'postmas...@example.com'
from YourDomainTable
where
'%u' = 'postmaster'
AND
'%d' = domain

(Note: the query only returns a result if the domain part is listed in
your domains table).

now, once you do this, you could build a table for the "standard"
aliases instead of hardcoding 'postmaster'...

> Still, if I try to deliver mail to postmas...@postfix.org through this
> server from external systems without SMTP authentication, it rejects
> with "Relay access denied".
> 

relay access control and delivery (including alias expansion) are two
different things.

> Why Postfix behaves like this? How to catch only 'incoming' mail, and to
> send it away it if recipiend domain isn't listed in the virtual, local,
> and relay domain tables?

all mail is "incoming" when it is received and becomes "outgoing" when
it is forwarded. an MTA is not a mail user agent.

note that you can't simply separate reception and submission
functionalities (by using different instances or different
smtpd+cleanup... etc), because even an "inbound only" MTA needs to reach
the sender in some cases (bounce, DSN, ...).

Re: Bounces for the relocated?

[Ville Walveranta]

On Sat, Dec 13, 2008 at 10:24 AM, Sahil Tandon  wrote:

> No, this is backscatter.  Do not accept mail that you intend to bounce.
> Relocated maps should be setup on the MX that sits on the border; not
> an internal mail server.
>

Unfortunately I don't control the MX that initially accepts the mails
(beyond accepting/rejecting an email for a specific address).

I'll look into procmail and/or vacation, but sounds like this might not be a
good idea to begin with. I can see how spammers could target those addresses
with fake sender envelopes.. although they could not include their message
if the response was canned, and did not include the subject or an excerpt of
the message they sent.

Ville

Re: Bounces for the relocated?

[Charles Marcus]

On 12/13/2008, Ville Walveranta (walvera...@gmail.com) wrote:
> Unfortunately I don't control the MX that initially accepts the mails
> (beyond accepting/rejecting an email for a specific address).

There are really very, very few situations where you should NOT reject
all mail destined for invalid recipients...

-- 

Best regards,

Charles

Re: fight spam problem: sender equal to receiver

[Noel Jones]

Roland Plüss wrote:

The problem is that it doesn't seem to work neither the way mentioned in
the threads nor adding the dns bypass... I've got again 20 of those same
spam shit in my inbox today. It's going on my nerves. Is there no way to
stop this?


Please do not top post.  Put your answers below the text you 
refer to.  and watch your language.


If you need help, show your "postconf -n" output and postfix 
logging of the message you want to block.


If you want to show the contents of the spam, upload it to 
pastebin.com and include the link in your post here.



Roland Plüss schrieb:

I'll try mapping zen.spamhaus.org to 127.0.0.2 in my /etc/hosts. This
should not require a DNS lookup and hopefully it works then. Let's see


No, don't add this to your hosts file.  Add a restriction to 
your postfix main.cf.  Show your "postconf -n" output if you 
need help knowing what to put where.



--
Noel Jones

SMTP Authentication Question

[Payne]

Guys,

I am a bit slow on this, I got a client that won't let me change the way 
mail working, but they want me to set up SMTP Authentication. How can I 
do it so it work without cyrus or dovecot. I question what is the very 
simple way of doing. Everything I have seen from goolge to 
howtoforge.com wants me to install like imap.


Thanks,

Chuck

PS. Links to how too are very welcomed.

Re: SMTP Authentication Question

[Noel Jones]

Payne wrote:

Guys,

I am a bit slow on this, I got a client that won't let me change the way 
mail working, but they want me to set up SMTP Authentication. How can I 
do it so it work without cyrus or dovecot.


That's kind of like telling someone to take the train to Hawaii...

You can't.  Postfix requires an external "helper" program to 
do SMTP AUTH.  Currently, dovecot and cyrus are the supported 
helper applications.


If you have a recent postfix built with default settings, you 
should be able to install dovecot with minimal changes to 
postfix.  Typing

postconf -a
will tell you what, if any, SMTP AUTH programs your postfix 
was built with.


--
Noel Jones

Re: SMTP Authentication Question

[Victor Duchovni]

On Sat, Dec 13, 2008 at 04:40:08PM -0500, Payne wrote:

> I am a bit slow on this, I got a client that won't let me change the way 
> mail working, but they want me to set up SMTP Authentication.

What does "change the way mail working" mean?

> How can I 
> do it so it work without cyrus or dovecot.

You don't need a Cyrus or Dovecot IMAP server. Mail storage does not
need to change. Don't confuse Cyrus SASL with Cyrus IMAP.

Likewise, don't confuse the dovecot authentication service with Dovecot
IMAP. You don't have to make use of the IMAP mailboxes in order to make
use of dovecot auth. But, you likely to have to install the dovecot
IMAP software and leave most of it dormant.

> I question what is the very 
> simple way of doing. Everything I have seen from goolge to 
> howtoforge.com wants me to install like imap.

Cyrus SASL is a bunch of shared libraries and config files, no need for
an IMAP server.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: connect to transport mysql: No such file or directory - please help?

[Barney Desmond]

jweinbergerhj wrote:
> I"m not completely sure what you mean by: 
> 
>> transport_maps accepts map definitions.
>> mumble_transport accepts transport definitions that exist in master.cf.
> 
> My understanding is that transport_maps is a table of the form:
> 
> domain.tldtransport:nexthop
> 
> that tells postfix to send mail for domain.tld (or whatever is specified 
> there) using a 
> transport called 'transport' which is defined in master.cf - it works for me 
> that way
> 
> I don't know what mumble_transport is...I looked for that parameter and could 
> not find it. 
> It's not listed in ttp://www.postfix.org/postconf.5.html - can you explain 
> what you mean 
> by "accepts transport definitions that exist in master.cf" and/or point me to 
> some 
> reference material on mumble_transport?


"mumble" is a metasyntactic variable that people tend to use on this
list, like "foo" or "example". "mumble" can take different specific
values depending on the context, however, it's never made-up.

You're dealing with address classes here:
http://www.postfix.org/ADDRESS_CLASS_README.html

Depending on your other settings, mail will get delivered to the next
hop as one of: local, relay, virtual, or default. There are
corresponding values for local_transport, relay_transport,
virtual_transport and default_transport.

You said originally that you want mailman domains to be treated as relay
domains. That means they're going to be delivered by whatever the
defined relay_transport is, *unless* overridden by the transport_maps table.

relay_transport *has* to be defined in master.cf, one of the "names" in
the first column.



signature.asc
Description: OpenPGP digital signature

Re: Postfix does not dot the i's when client sends gibberish

[klondike]

When I first wrote began this thread I did it thinking that knowing this
issue, could be helpful.

I didn't expect it to end as a flame war neither did I knew how complex
could be to solve the issue. But it was my first thread on this list,
and probably last. Anyway, its not due to the fact this issue doesn't go
unresolved, I'd like to thank Victor for sending the patch, but for how
bad the thing has been taken.

I hope that if we met in the future you try to be a bit less sarcastic
with those who
come trying to help, because if I find another thing like that you can
be sure that I won't report it, as I have seen how suggestions are
welcome here.

klondike
Developer of Kontinuidad Jabata



signature.asc
Description: OpenPGP digital signature

Re: Postfix does not dot the i's when client sends gibberish

[Wietse Venema]

klondike:
> When I first wrote began this thread I did it thinking that knowing this
> issue, could be helpful.
> 
> I didn't expect it to end as a flame war neither did I knew how complex
> could be to solve the issue. But it was my first thread on this list,
> and probably last. Anyway, its not due to the fact this issue doesn't go
> unresolved, I'd like to thank Victor for sending the patch, but for how
> bad the thing has been taken.

I think it is possible to make useful contributions. Next time you
come bursting into a mailing list, perhaps you can pick a better
theme than hair-splitting a system's responses to bugus requests.

Wietse

Re: Postfix does not dot the i's when client sends gibberish

[Victor Duchovni]

On Sun, Dec 14, 2008 at 05:14:26AM +0100, klondike wrote:

> When I first wrote began this thread I did it thinking that knowing this
> issue, could be helpful.

If your first post contains the word "bug" in the subject line, expect
to meet resistance. A bit of humility: ask a question, rather than assert
a problem, will typically lead to better results.

Also trying to insist that essentially pedantic nits are significant
issues is counter-productive. The less pressure is exerted to force
the issue, the more likely a fix is to be quietly adopted at some
convenient moment with no fuss. If you make a fuss, we conclude the
issue is really not worth the trouble, and may decide to never fix it,
because one has to draw the line somewhere, and here I is hard to justify
risking inadvertant breakage to fix a non-problem.

Yes, contributions are welcome, but not every conceivable "improvement"
is a meaningful contribution.

We take pride in Postfix being extremely robust, and do not take kindly
to intruders shouting "bug", because usually the intruder is wrong or
the issue is insignificant.

On the other hand, significant issues are resolved very rapidly, there
is no "bug database", bugs are not allowed to fester.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Regexp aliases

[Nikita Kipriyanov]

mouss пишет:

aliases for your own domains. since you are using mysql, let mysql do it
for you:

virtual_alias_maps =
mysql:/etc/postfix/virtual_alias_maps.cf
mysql:/etc/postfix/standard_aliases.cf

and in the latter, use something like:

query = select 'postmas...@example.com'
from YourDomainTable
where
'%u' = 'postmaster'
AND
'%d' = domain

(Note: the query only returns a result if the domain part is listed in
your domains table).

now, once you do this, you could build a table for the "standard"
aliases instead of hardcoding 'postmaster'...
  

Thank you! Continuing idea, there is generic way to make such aliases:

select concat(`common_aliases`.`alias`,'@localhost') from 
`common_aliases`,`domains` where '%u'=`common_aliases`.`email` and 
'%d'=`domains`.`name`;


and have the table `common_aliases` which says to where alias that email 
address (and both tables are indexed by query field). This matters only 
when there are lots of common aliases, else your way is better.


So, I've got an idea.