Re: Mail certificate

[Nick Warr]

Tolga ha scritto:

Hello,

It seems I (not knowingly) created a certificate for use, and now it 
expired. How do I renew it? Below is my postconf -n, if it helps:


alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = ozses.net, kunduz.org, localhost.net, localhost
myhostname = ozses.net
mynetworks = 127.0.0.0/8 192.168.0.0/16 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks,   
permit_sasl_authenticated,   reject_unauth_destination,   
reject_unknown_reverse_client_hostname,   
reject_unauth_pipelining,   reject_non_fqdn_recipient,   
reject_rbl_client zen.spamhaus.org

smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

Regards,

~mto


http://www.google.com/search?q=self+signed+certificate

Re: Mail certificate

[Tolga]

Nick Warr yazmış:

Tolga ha scritto:

Hello,

It seems I (not knowingly) created a certificate for use, and now it 
expired. How do I renew it? Below is my postconf -n, if it helps:


alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = ozses.net, kunduz.org, localhost.net, localhost
myhostname = ozses.net
mynetworks = 127.0.0.0/8 192.168.0.0/16 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks,   
permit_sasl_authenticated,   reject_unauth_destination,   
reject_unknown_reverse_client_hostname,   
reject_unauth_pipelining,   reject_non_fqdn_recipient,   
reject_rbl_client zen.spamhaus.org

smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

Regards,

~mto


http://www.google.com/search?q=self+signed+certificate
I have been reading 
https://help.ubuntu.com/8.04/serverguide/C/postfix.html and I applied 
some parts and skipped some (as I don't have SASL anywhere mentioned in 
main.cf), and I restarted postfix but I still get the warning that my 
certificate expired when connecting with mutt.


My postconf -n now:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = ozses.net, kunduz.org, localhost.net, localhost
myhostname = ozses.net
mynetworks = 127.0.0.0/8 192.168.0.0/16 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks,   
permit_sasl_authenticated,   reject_unauth_destination,   
reject_unknown_reverse_client_hostname,   
reject_unauth_pipelining,   reject_non_fqdn_recipient,   
reject_rbl_client zen.spamhaus.org

smtpd_tls_cert_file = /etc/ssl/certs/cacert.pem
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

Regards,

~mto


--
The time is right to make new friends.

[Fwd: Re: Mail certificate]

[Tolga]

 Orijinal Mesaj 
Konu:   Re: Mail certificate
Tarih:  Thu, 22 Jan 2009 11:08:52 +0200
Kimden: Tolga 
Kime:   Nick Warr 
CC: postfix-users@postfix.org
Tercihler:  <49781c25.9000...@ozses.net> <497828de.5030...@mobilia.it>



Nick Warr yazmış:

Tolga ha scritto:

Hello,

It seems I (not knowingly) created a certificate for use, and now it 
expired. How do I renew it? Below is my postconf -n, if it helps:


alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = ozses.net, kunduz.org, localhost.net, localhost
myhostname = ozses.net
mynetworks = 127.0.0.0/8 192.168.0.0/16 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks,   
permit_sasl_authenticated,   reject_unauth_destination,   
reject_unknown_reverse_client_hostname,   
reject_unauth_pipelining,   reject_non_fqdn_recipient,   
reject_rbl_client zen.spamhaus.org

smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

Regards,

~mto


http://www.google.com/search?q=self+signed+certificate
I have been reading 
https://help.ubuntu.com/8.04/serverguide/C/postfix.html and I applied 
some parts and skipped some (as I don't have SASL anywhere mentioned in 
main.cf), and I restarted postfix but I still get the warning that my 
certificate expired when connecting with mutt.


My postconf -n now:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = ozses.net, kunduz.org, localhost.net, localhost
myhostname = ozses.net
mynetworks = 127.0.0.0/8 192.168.0.0/16 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks,   
permit_sasl_authenticated,   reject_unauth_destination,   
reject_unknown_reverse_client_hostname,   
reject_unauth_pipelining,   reject_non_fqdn_recipient,   
reject_rbl_client zen.spamhaus.org

smtpd_tls_cert_file = /etc/ssl/certs/cacert.pem
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

Regards,

~mto


--
The time is right to make new friends.

My bad, there was a typo. I corrected it and I restarted Postfix and I still 
get the error.


--
Knock, knock!
Who's there?
Sam and Janet.
Sam and Janet who?
Sam and Janet Evening...

Re: Mail certificate

[Geert Hendrickx]

On Thu, Jan 22, 2009 at 11:08:52AM +0200, Tolga wrote:
>> http://www.google.com/search?q=self+signed+certificate
> I have been reading
> https://help.ubuntu.com/8.04/serverguide/C/postfix.html and I applied
> some parts and skipped some (as I don't have SASL anywhere mentioned in
> main.cf), and I restarted postfix but I still get the warning that my
> certificate expired when connecting with mutt.


Normally mutt doesn't connect to postfix via smtp, it uses the command-
line sendmail interface to send mail (except when specifically compiled
and configured to use SMTP submission).  Perhaps you are talking about
pop3 or imap, and your pop/imap server's certificate has expired?

Geert

Re: [Fwd: Re: Mail certificate]

[Nick Warr]

Tolga ha scritto:



http://www.google.com/search?q=self+signed+certificate
I have been reading 
https://help.ubuntu.com/8.04/serverguide/C/postfix.html and I applied 
some parts and skipped some (as I don't have SASL anywhere mentioned 
in main.cf), and I restarted postfix but I still get the warning that 
my certificate expired when connecting with mutt.


My postconf -n now:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = ozses.net, kunduz.org, localhost.net, localhost
myhostname = ozses.net
mynetworks = 127.0.0.0/8 192.168.0.0/16 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks,   
permit_sasl_authenticated,   reject_unauth_destination,   
reject_unknown_reverse_client_hostname,   
reject_unauth_pipelining,   reject_non_fqdn_recipient,   
reject_rbl_client zen.spamhaus.org

smtpd_tls_cert_file = /etc/ssl/certs/cacert.pem
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

Regards,

~mto



The cacert.pem is not the same thing as the smtpd.crt

re-read the Ubuntu page again.

smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem

Re: Mail certificate

[Tolga]

Geert Hendrickx yazmış:

On Thu, Jan 22, 2009 at 11:08:52AM +0200, Tolga wrote:
  

http://www.google.com/search?q=self+signed+certificate
  

I have been reading
https://help.ubuntu.com/8.04/serverguide/C/postfix.html and I applied
some parts and skipped some (as I don't have SASL anywhere mentioned in
main.cf), and I restarted postfix but I still get the warning that my
certificate expired when connecting with mutt.




Normally mutt doesn't connect to postfix via smtp, it uses the command-
line sendmail interface to send mail (except when specifically compiled
and configured to use SMTP submission).  Perhaps you are talking about
pop3 or imap, and your pop/imap server's certificate has expired?

Geert

  

Could that be? In this case, how do I find out which certificate expired?

~mto

--
Q:  How many IBM 370's does it take to execute a job?
A:  Four, three to hold it down, and one to rip its head off.

Re: overriding/modifying smtp error codes from other MTAs

[ram]

On Wed, 2009-01-21 at 18:36 +0100, Gábor Lénárt wrote:
> Hei,
> 
> I have a got a stupid problem. We have some customers saying they can't and
> don't want to reconfigure their mail servers even if Planet-X hits Earth and
> that would help to avoid it :) And their MTAs always responds with:
> 
> 450 : Recipient address rejected: User
>unknown in local recipient table (in reply to RCPT TO command))
> 

Same problem here.  I workaround to bounce these messages immediately 


I just created another postfix instance with 
maximal_queue_lifetime=1m
bounce_queue_lifetime = 1m


Then move them all with a 4 line script 


---
QIDS=`mailq -C /etc/postfix  | perl -lne 'BEGIN { $/="\n\n" ;} /^(\S+).*unknown 
in local recipient table/s && print $1' ` 
for i in $QIDS;do
find /var/spool/postfix/deferred/ -name $i -exec mv -vf {} 
/var/spool/postfix2nd/incoming/ \;
done
--



Both spool dirs must be on the same partition .. 

Re: example.com problem?

[Wietse Venema]

Norm Mackey:
> The situation reached the point where the mail queue could not even 
> be listed completely with postqueue without postqueue failing, and 

What was the failure? I suppose that after $daemon_timeout seconds
(1800s default) the daemon that lists the queue is terminated for
safety reasons. If there were other errors then I would like to
know.

If you don't want to deliver example.com, a transport map with

example.com discard:

will do the job (Postfix 2.2 or later), as will an access map rule.

Wietse

Re: Create Custom Mail Queue

[Wietse Venema]

Jacky Chan:
> If slow_destination_rate_delay = 5s and slow_destination_concurrency_limit =
> 2, and with slow_destination_recipient_limit > 1, how does
> slow_destination_rate_delay and slow_destination_concurrency_limit affect
> each other if there are 10 mails send to the same doamin?

xxx_rate_delay does not depend on concurrency or process limit.
As documented it inserts a fixed delay between email deliveries.
I,e, one delivery, delay, one delivery, delay.

Wietse

Problem DNS-resolving single helo-hostnames

[Schilling, Timo]

Hello to everybody,

while we use the option "reject_unknown_helo_hostname" we noticed, that
single hostnames will be rejected without contacting the dns-servers.
After some debugging of the source code we got to this line:

226 _res.options &= ~saved_options;

where the flag "RES_DEFNAMES" will be negated and so no
domain-information will be added to the hostname.

We would like to know why "saved_options" is negated here. Shouldn't it
only be a logical AND?

Is there any option to control "RES_DEFNAMES" from the configuration-file?

In my opinion it is only useful to negate saved_options if
"reject_unknown_helo_hostname" covers the option
"reject_non_fqdn_helo_hostname". Am I correct?

Great Regards,
Timo Schilling

Re: overriding/modifying smtp error codes from other MTAs

[Mark Goodge]

ram wrote:

On Wed, 2009-01-21 at 18:36 +0100, Gábor Lénárt wrote:

Hei,

I have a got a stupid problem. We have some customers saying they can't and
don't want to reconfigure their mail servers even if Planet-X hits Earth and
that would help to avoid it :) And their MTAs always responds with:

450 : Recipient address rejected: User
   unknown in local recipient table (in reply to RCPT TO command))



Same problem here.  


What utterly braindead MTA gives a 450 response as standard when the 
user is unknown anyway? I know that forcing all responses to be 4xx 
instead of 5xx temporarily while working on the system is a Good Thing, 
as it means you don't lose mail if you break the configs in any way :-) 
But having 450 as the standard response to a permanently undeliverable 
message is just stupid.


Mark

Re: example.com problem?

[Daniel V. Reinhardt]

- Original Message 
> From: Norm Mackey 
> To: postfix-users@postfix.org
> Sent: Thursday, January 22, 2009 4:12:21 AM
> Subject: example.com problem?
> 
> I had been under the impression that I should tell users to use the 
> domain "example.com" (or example.org) as default settings in software
> being tested and developed, in order that the software not generate
> email which would be a problem for our own or other domains' SMTP
> servers.

> > Jan 19 04:55:07 relay postfix/qmgr[27203]: warning: mail for
> example.com is using up 6001 of 6016 active queue entries 
> > Jan 19 04:55:07 relay postfix/qmgr[27203]: warning: you may need a
> separate master.cf transport for example.com
>
> 
> Start of the connection timeouts slightly later in /var/log/mail/info:
> > Jan 18 15:20:17 relay postfix/smtp[24790]: connect to
> example.com[208.77.188.166]: Connection timed out (port 25)
> > Jan 18 15:20:17 relay postfix/smtp[24790]: 345F82544D7:
> to=, relay=none, delay=30, status=deferred (connect
> to example.com[208.77.188.166]: Connection timed out)
> > Jan 18 15:20:18 relay postfix/smtp[24791]: connect to
> example.com[208.77.188.166]: Connection timed out (port 25)
> > Jan 18 15:20:18 relay postfix/smtp[24791]: 0ECEE2544D8:
> to=, relay=none, delay=30, status=deferred
> (connect to example.com[208.77.188.166]: Connection timed out)
> 
>

Use a domain that doesn't exist or create your own DNS name like local.you.

http://network-tools.com/default.asp?prog=network&host=example.com



  

Re: overriding/modifying smtp error codes from other MTAs

[Mark Goodge]

Gábor Lénárt wrote:

On Wed, Jan 21, 2009 at 12:38:28PM -0600, Noel Jones wrote:
[...]
Also sounds as if you don't have a valid recipient list for these 
customers.  Not OK.  Your queue is likely filled with lots of 
undeliverable mail to unknown recipients, and undeliverable bounces to 
bogus senders, plus you're sending out backscatter to innocent parties.  
This will get you blacklisted.


The solution is two steps.

First, if you can't get a valid recipient list you can use address 
verification so that you don't accept mail to bogus users in the first 
place.  This is really important.

http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient


Thanks, I'm using address verification at some places but not here, because
of the really difficult situation in this case, I haven't mentioned some
overcomplexities yet :( But you're right, of course that's the long term
goal. However I was also curious that there's any possibility in postfix to
do anything I wanted, even if it's not the right solution. Well at least I
have more reasons to clean up things here.


Using address verification will help you here anyway, as it will solve 
your particular problem of mails building up in the queue on your 
servers. Instead, they'll build up in the queue on the sending servers, 
as yours will pass on the 450 code and cause your server to defer 
acceptance from the sender. That may be a problem for them, but it isn't 
a problem for you (and, if the mails are coming from a variety of 
different sources, isn't going to be a significant problem for any 
single server). And, in the process, you've also stopped yourself being 
a backscatter source, which is good.


That doesn't, of course, solve your client's problem of your system 
repeatedly retrying, as yours will retry the verification every time the 
sender retries to send to your machine. But, unless that alone is 
putting your machine under significant load, that isn't really your 
problem - it's theirs, and if they can't fix their faulty configuration 
then they're just going to have to live with it.


There is a general principle here that, when dealing with misconfigured 
servers either upstream or downstream from your own, your priority 
should be to eliminate or minimise any problems that their errors are 
causing to you. It's not your task to reconfigure your server so as to 
provide them with a workaround to their own errors. The only exception 
to this is when they are explicitly paying you to fix their problem for 
them, in which case you do need to find whatever solution is possible. 
But you're still limited by what is possible and what will not cause 
secondary issues for yourself or your other clients. Sometimes, you just 
have to say "no".


Mark

Postfix can not bind to address (IP)

[Mike Pogue]

Hi!

I have this server with 4 IPs, from x.x.x.10 to from x.x.x.14.

My main domain, example.com is bind to x.x.x.10 address (x.x.x.10 has
a PTR record too)

For some reason postfix (smtp server) is picking up the last IP
x.x.x.14 for outgoing mail instead of x.x.x.10. This is a problem
because I want to implement SPF and it fails.

I tried to set:
smtp_bind_address = x.x.x.10
inet_interfaces = x.x.x.10, 127.0.0.1

And I get the error:
fatal: parameter inet_interfaces: no local interface found for x.x.x.10

Any help and suggestion are highly appreciated.

thanks,
Mike

Re: overriding/modifying smtp error codes from other MTAs

[Charles Marcus]

On 1/22/2009, ram (r...@netcore.co.in) wrote:
> I have a got a stupid problem. We have some customers saying they 
> can't and don't want to reconfigure their mail servers even if
> Planet-X hits Earth and that would help to avoid it :) And their MTAs
> always responds with:

If they are that brain dead/irresponsible, I would simply provide
references to the appropriate RFCs, and inform them that if they had not
remedied the problem within 72 hours, their contract would be terminated.

There is no excuse for such idiocy.

-- 

Best regards,

Charles

More than one host in relayhost = ...?

[Thomas Ackermann]

Hello,
normally, you can say "relayhost = domain" and postfix searches the MX 
record for that domain in DNS to get the list of relayhosts.


For domains where no MX record is configured into the DNS, i would need 
to use more than one relayhost ...


Is that possible?

The configuration seems not to allow a syntax with more than one entry:

http://www.postfix.org/postconf.5.html#relayhost

In the case of SMTP, specify a domain name, hostname, hostname:port, 
[hostname]:port, [hostaddress] or [hostaddress]:port. The form 
[hostname] turns off MX lookups.



Or CAN more than one entry be used?

Re: More than one host in relayhost = ...?

[Thomas Ackermann]

Maybe i should better explain the reasons behind this question:

We have some domains, where the mail-relay is mapped to several 
IP-Adresses (and servers) over an DNS entry.


That is, we have ONE mailrelay that can be configured as relayhost.
So far, so good.

BUT, we also have systems without DNS - they rely on entries in /etc/hosts

I can map the mail-relays hostname only to one IP with /etc/hosts and 
therefor, any redundancy is lost.


For such cases, it would be great if such a loadbalancing could be done 
directly with multiple relayhost entries in main.cf


Any other idea?

Re: Postfix can not bind to address (IP)

[Wietse Venema]

Mike Pogue:
> fatal: parameter inet_interfaces: no local interface found for x.x.x.10

Postfix cannot bind to the interface address because that address
has not been configured on the machine in question.

You can specify only IP addresses that show up with "ifconfig -a".

Postfix does NOT implement network address translation.

Wietse

How to reject mispelled recipient domain

[Eddy Beliveau]

Hi!

We are using Postfix 2.5.4 with success. Thanks  ;-)

My question is:

We have many students who send emails to mispelled domains, as:
hotmmail.com, hotmial.com, hotmail.cm ...

I know that I can try to find all individual combinations
and write them in some reject file to be used in check_recipient_access

Is there some way to define a rule based on phonetic
or another solution which detect mispelled words ?

Many of those mispelled domains also gives:
(Host or domain name not found. Name service error for name=htomail.com 
type=MX: Host not found, try again)

x...@htomail.com

I also try to reject them at that level but they are still going in my 
deferred queue


smtpd_recipient_restrictions =
   reject_non_fqdn_recipient
   reject_unknown_recipient_domain
   permit_mynetworks
   permit_sasl_authenticated
   reject

smtpd_sender_restrictions =
   permit_mynetworks
   reject_non_fqdn_sender
   reject_invalid_hostname
   reject_unauth_pipelining
   reject_unknown_sender_domain
   reject_unlisted_sender

Thanks,
Eddy
--

Eddy Beliveau
HEC Montreal
Montreal (Quebec)
Canada

Re: More than one host in relayhost = ...?

[Wietse Venema]

Thomas Ackermann:
> I can map the mail-relays hostname only to one IP with /etc/hosts and 
> therefor, any redundancy is lost.

That is a bug in your operating system.

As a workaround, use smtp_fallback_relay.

I have used multiple IP addresses per name in /etc/hosts for as
long as I can remember, and that is about 21 years now.

$ grep test /etc/hosts
168.100.189.3   test.porcupine.org
168.100.189.4   test.porcupine.org
$ ./getaddrinfo test.porcupine.org
Hostname:   test.porcupine.org
Addresses:  168.100.189.3 168.100.189.4 
$ host test.porcupine.org
Host test.porcupine.org not found: 3(NXDOMAIN)

(using the getaddrinfo program that is bundled with Postfix
source code distributions).

Wietse

Re: How to reject mispelled recipient domain

[Thomas Ackermann]

Eddy Beliveau schrieb:

I know that I can try to find all individual combinations
and write them in some reject file to be used in check_recipient_access

Is there some way to define a rule based on phonetic
or another solution which detect mispelled words ?


I would recommend against that idea :)

You never realy if one of that mispelled domains come into life suddenly ...

Also, the user never learns about his mistake ...

IMHO, that is just a bit too much of control and automatisation.

Re: How to reject mispelled recipient domain

[Ralf Hildebrandt]

* Eddy Beliveau :
> Hi!
>
> We are using Postfix 2.5.4 with success. Thanks  ;-)
>
> My question is:
>
> We have many students who send emails to mispelled domains, as:
> hotmmail.com, hotmial.com, hotmail.cm ...
>
> I know that I can try to find all individual combinations
> and write them in some reject file to be used in check_recipient_access
>
> Is there some way to define a rule based on phonetic
> or another solution which detect mispelled words ?

These are not phonetic misspelling, but "slippery keyboard"
misspellings.

But I do like the idea -- given a list of frequently used domains,
estimate the probably misspellings and create a transport_maps entry
from those...

-- 
Ralf Hildebrandt (ralf.hildebra...@charite.de)  snick...@charite.de
Postfix - Einrichtung, Betrieb und Wartung   Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
It used to be said [...] that AIX looks like one space alien
discovered Unix, and described it to another different space alien who
then implemented AIX. But their universal translators were broken and
they'd had to gesture a lot. 

Re: Slow down in delivery

[jeff donovan]

On Jan 21, 2009, at 1:44 PM, Victor Duchovni wrote:


On Wed, Jan 21, 2009 at 01:04:07PM -0500, jeff donovan wrote:



On Jan 21, 2009, at 12:13 PM, Victor Duchovni wrote:


On Wed, Jan 21, 2009 at 10:41:00AM -0500, jeff donovan wrote:


I read the performance tuning http://www.postfix.org/TUNING_README.html

osx doesn't have qshape.


The "qshape" program is a small Perl script. Just download it
and run (as root).


great,..
what flags should I set >?
what should I look for
qshape.pl [ -s ] [ -p ] [ -m  ] [ -l ]
[ -b  ] [ -t  ] [ -w  ]
[ -c  ] [  ... ]


Typically no flags are required:

   http://www.postfix.org/QSHAPE_README.html#qshape

just name the queues (default just incoming/active) you want to  
examine.

Add the "deferred" queue if the problem is lots of deferred mail.



qshape worked great

I found a couple account names that had issues, and they were  
receiving many messages that would bog down the queue.
I made the error of flushing the queue too many times. sending those  
offenders right back inline. ( tick tick tick,more mail would  
arrive. )


i rebuilt those accounts, and blammo. mail shot through just fine.  
everything working normal.


thanks for your help
-j

Re: More than one host in relayhost = ...?

[Thomas Ackermann]

Wietse Venema schrieb:

That is a bug in your operating system.
  


That made me test all of them :)
I used several runs of "ping" against the hostname after including it 
with two entries into /etc/hosts

Cannot use "getaddrinfo" ...

Solaris 8 and 9:
Only uses the first IP in /etc/hosts (with "hosts: files" in 
/etc/nsswitch.conf)

Buggy, as you say.

AIX (AIX  3 5 00C9FC9A4C00):
Only uses the first IP in /etc/hosts (with "hosts = local" in 
/etc/netsvc.conf)

Buggy, as you say.

Linux (SuSE 9.3 and SuSE 10.3):
Only uses the first IP in /etc/hosts (with "hosts: files" in 
/etc/nsswitch.conf)

Buggy, as you say.

Which OS is not buggy then?!?


When DNS is enabled, those ping-Tests work perfectly fine for all OS.
But, as i said we don´t have DNS everywhere :-(


Also, it seems that "smtp_fallback_relay" is only available for newer 
versions - a short test on some hosts gave the following:


postconf smtp_fallback_relay
postconf: warning: smtp_fallback_relay: unknown parameter

Mostly, we seem to run "mail_version = 2.0.16"
Sad thing, but productive ...


It seems, we will not have redundant mail-relays on our DMZ servers.
:-(

Cannot have everything :)


Thanx for the information!

Re: Create Custom Mail Queue

[Ed W]

Ralf Hildebrandt wrote:
> * Jacky Chan :
>   
>> Dear all,
>>
>> Can I create custom mail queue in /var/spool/postfix to hold the mails for
>> specific detinsation and schedule to deliver one by one for period of time,
>> let's say 2 mins.
>> 
>
> That's not needed. Create a custom transport for the destination.
> Then use
> _destination_rate_delay = 120s
>
>   

How quickly is the first email delivered?  After zero seconds or after
120 seconds?

Is it possible to create a queue which delays all emails sent including
the first one?  The uses for this are slim, but I have a case where I
need to wait half a min before sending an email and right now this
causes a bit of wriggle doing it in the application - would be nice if
postfix would delay all emails delivered in a certain way for 30 seconds
before sending them?

Possible?

Ed

Re: How to reject mispelled recipient domain

[Ed W]

Ralf Hildebrandt wrote:
> * Eddy Beliveau :
>   
>> Hi!
>>
>> We are using Postfix 2.5.4 with success. Thanks  ;-)
>>
>> My question is:
>>
>> We have many students who send emails to mispelled domains, as:
>> hotmmail.com, hotmial.com, hotmail.cm ...
>>
>> I know that I can try to find all individual combinations
>> and write them in some reject file to be used in check_recipient_access
>>
>> Is there some way to define a rule based on phonetic
>> or another solution which detect mispelled words ?
>> 
>
> These are not phonetic misspelling, but "slippery keyboard"
> misspellings.
>
> But I do like the idea -- given a list of frequently used domains,
> estimate the probably misspellings and create a transport_maps entry
> from those...
>
>   

Yes, if someone takes the time to come up with some common ones then
please share

The problem is that so many scammers seem to buy these mis-spellings and
hold them with no MX record set and so the poor user who mistypes
effectively see's their message sit in the postfix queue for 5 days (or
whatever your timeout is set to) and then 5 days later gets a notice
about an email they probably forgot they wrote by then...

Instant rejection would be helpful for some mis-smellings (I already
have a small transport map which maps to "ERROR: probably you mistyped
that email address?")

Ed

Re: Nigerian 419 spam

[Steve]

 Original-Nachricht 
> Datum: Thu, 22 Jan 2009 17:28:07 +0200
> Von: bharathan kailath 
> An: postfix users list 
> Betreff: Nigerian 419 spam

> hi
> how can i take some measures to stop this so called Nigerian 419 spam
> ;i've
> got two postfix relays with amavisd; but still i get some emails like
> Nigerian 419 spam
> 
> help appreciated**
>
Do you want to stop them or is tagging them good enough for you?
For stopping them I would suggest you to look at stuff which blocks mail before 
getting them (aka RBL, various Postfix policy tools, SPF, DKIM, etc) and for 
tagging I would suggest you look at the many available anti-spam tools (aka 
DSPAM, SpamAssassin, ASSP, etc)


// Steve
-- 
Pt! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: 
http://www.gmx.net/de/go/multimessenger

Nigerian 419 spam

[bharathan kailath]

hi
how can i take some measures to stop this so called Nigerian 419 spam ;i've
got two postfix relays with amavisd; but still i get some emails like
Nigerian 419 spam

help appreciated**

Re: Nigerian 419 spam

[jeff donovan]

On Jan 22, 2009, at 10:28 AM, bharathan kailath wrote:


hi
how can i take some measures to stop this so called Nigerian 419  
spam ;i've got two postfix relays with amavisd; but still i get some  
emails like Nigerian 419 spam


help appreciated


smtpd_client_restrictions = permit_mynetworks, check_client_access  
hash:/etc/postfix/access, hash:/etc/postfix/smtpdreject   
reject_rbl_client	zen.spamhaus.org

Re: More than one host in relayhost = ...?

[Brian Evans - Postfix List]

Thomas Ackermann wrote:
> Wietse Venema schrieb:
>> That is a bug in your operating system.
>>   
>
> That made me test all of them :)
> I used several runs of "ping" against the hostname after including it
> with two entries into /etc/hosts
> Cannot use "getaddrinfo" ...

getaddrinfo is a test program who's source is included with Postfix
source package.
This gives you a view of what Postfix sees vs other network utils which
may have their own method.

>
>
> Also, it seems that "smtp_fallback_relay" is only available for newer
> versions - a short test on some hosts gave the following:
>
> postconf smtp_fallback_relay
> postconf: warning: smtp_fallback_relay: unknown parameter
>
> Mostly, we seem to run "mail_version = 2.0.16"
> Sad thing, but productive ...
>

2.0.x is quite old. An upgrade to at least 2.3, or better 2.5, will add
many good features and give the best support.

Brian

Re: transport_maps preferences

[Noel Jones]

On Thu, Jan 22, 2009 at 10:46:09AM +0530, ram wrote:
> 
> On Wed, 2009-01-21 at 12:56 -0600, Noel Jones wrote:
> > ram wrote:
> That was just an example. In real life I dont have the exact same key 
> but I have matches in both 

Don't put matches in both files.

> > Search order is documented in the transport(5) man page.  When 
> > multiple tables are present, each table is searched in the 
> > order specified.  The first match stops the search.  Since 
> > your regexp matches the first user+extens...@domain search, no 
> > further searches will be performed.
> > 
> But the hash file matches the domain,  why wouldnt that take precedence
> over the hash table 

Unable to parse that... 
The first search is user+extens...@domain.  The regexp table matches that.
No further searches are done.

> > Also note your expression is somewhat broken, but that's not 
> > the whole problem.  Maybe you're trying to match subdomains?
> > /\.netcore\.co\.in$/ :[192.168.2.226]
> 
> I need to escape the dots.

and anchor the end.  The basic problem is that you have matches in
both files.  A more-specific expression will fix that.

Maybe if you explain what problem you are trying to solve 
someone will have a helpful suggestion.

-- 
Noel Jones

Re: Create Custom Mail Queue

[Wietse Venema]

Ed W:
> Ralf Hildebrandt wrote:
> > * Jacky Chan :
> >   
> >> Dear all,
> >>
> >> Can I create custom mail queue in /var/spool/postfix to hold the mails for
> >> specific detinsation and schedule to deliver one by one for period of time,
> >> let's say 2 mins.
> >> 
> >
> > That's not needed. Create a custom transport for the destination.
> > Then use
> > _destination_rate_delay = 120s
> >
> >   
> 
> How quickly is the first email delivered?  After zero seconds or after
> 120 seconds?

Let's assume that you specify:

/etc/postfix/main.cf:
default_transport = smtp
relay_transport = smtp
smtp_destination_rate_delay = 120s

With this, Postfix inserts 120s between deliveries over the smtp
transport. There will not be two messages back to back.

In other words, your "first" message will not be sent if something
was sent in the last 120 seconds over the smtp transport.

Wietse

Re: More than one host in relayhost = ...?

[Wietse Venema]

Thomas Ackermann:
> Wietse Venema schrieb:
> > That is a bug in your operating system.
> >   
> 
> That made me test all of them :)
...
> Solaris 8 and 9:
> AIX (AIX  3 5 00C9FC9A4C00):
> Linux (SuSE 9.3 and SuSE 10.3):
...

> Which OS is not buggy then?!?

SunOS 3 (hey I said 21 years ago :-), maybe SunOS 4, FreeBSD 1-6.

> When DNS is enabled, those ping-Tests work perfectly fine for all OS.
> But, as i said we don?t have DNS everywhere :-(

Postfix has to make some minimal environmental assumptions, such
as network connectivity, electrical power, and cooled sodas for
the sysadmin.

> Also, it seems that "smtp_fallback_relay" is only available for newer 
> versions - a short test on some hosts gave the following:

It's called fallback_relay with earlier releases.

Wietse

Re: Problem DNS-resolving single helo-hostnames

[Victor Duchovni]

On Thu, Jan 22, 2009 at 12:57:30PM +0100, Schilling, Timo wrote:

> Hello to everybody,
> 
> while we use the option "reject_unknown_helo_hostname" we noticed, that
> single hostnames will be rejected without contacting the dns-servers.
> After some debugging of the source code we got to this line:
> 
> 226 _res.options &= ~saved_options;
> 
> where the flag "RES_DEFNAMES" will be negated and so no
> domain-information will be added to the hostname.

The hostname is used with the HELO command in SMTP is required to be
the full hostname of the client not a leading prefix. If the hostname
is really just a single label as in:

ai. 14388   IN  A   209.59.119.34
ai. 14388   IN  MX  10 mail.offshore.ai.

Then it can use "HELO ai" and will pass the "reject_unknown_helo_hostname"
test.

Whether TLDs as hosts or mail domains are a good idea, is not a discussion
I want to repeat here, too badly bruised from the one just dying down
on another list.

Summary: FWIW, I believe that ICANN's gTLD expansion is a terrible,
perhaps even irresponsible idea, and the changes in RFC 5321 to support
 email addresses is not well thought out. I hope such
addresses never come into serious use.

The folks arguing stridently against me also think ICANNs policy is a
bad idea, but believe that "progress" in this direction is inevitable,
and that it is OK to implement unreliable behaviour provided it is right
"most of the time", and so want to see  work when the TLD
is known to exist, and to be treated as a local partial name otherwise.

This "have your cake and eat it" requirement has no reliable
implementation that does the right thing when DNS lookups tempfail. It
also has no sensible implementation in disconnected environments, ...

The above is just for the record. I *really* don't want to start a
discussion of the merits here. Time will tell whether Postfix needs
to adapt to a world with mail-enabled TLD domains and/or hosts.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Create Custom Mail Queue

[Ed W]

> Let's assume that you specify:
>
> /etc/postfix/main.cf:
> default_transport = smtp
> relay_transport = smtp
> smtp_destination_rate_delay = 120s
>
> With this, Postfix inserts 120s between deliveries over the smtp
> transport. There will not be two messages back to back.
>
> In other words, your "first" message will not be sent if something
> was sent in the last 120 seconds over the smtp transport.
>   

Hmm, my specific use case is that our web app intermittently creates new
email users in a database.  We then send an email to the new user to
trigger their maildirs to be created.  For various reasons getting that
gap correct is problematic in the frontend application and so it would
be quite useful to simply have a separate postfix queue wait 30 seconds
before dealing with each message (which obviously may be separated by
much longer intervals than 30 seconds).

>From what you say I think we need to keep implementing this delay in the
application

Thanks

Ed

syntax for multiple addresses in transport

[Cory Coager]

What is the syntax for specifying multiple addresses in transport for 
smtp?  Something like:


example.com  smtp:[gateway1.example.com] smtp:[gateway2.example.com]





The information contained in this communication is intended
only for the use of the recipient(s) named above. It may
contain information that is privileged or confidential, and
may be protected by State and/or Federal Regulations. If
the reader of this message is not the intended recipient,
you are hereby notified that any dissemination,
distribution, or copying of this communication, or any of
its contents, is strictly prohibited. If you have received
this communication in error, please return it to the sender
immediately and delete the original message and any copy
of it from your computer system. If you have any questions
concerning this message, please contact the sender.

Re: Postfix can not bind to address (IP)

[Wietse Venema]

Mike Pogue:
> You're right, the ip set on smtp_bind_address was wrong. Updated this
> and restarted postfix.
> 
> Got an error related to clamsmptpd, that tries to connect to x.x.x.x10
> instead of localhost (127.0.0.1)
> ~~~
> www clamsmtpd: 102C71: SERVER: couldn't connect to: x.x.x.10:10026:
> Transport endpoint is not connected
> ~~~
> 
> But the main question remains: how to configure postfix so the
> outgoing IP is x.x.x.10 and not a random one (x.x.x.13 or x.x.x.14)?

I repeat, Postfix is not a network address translator. 

If with smtp_bind_address == X, the machine sends out with
source-address != X, then you need to look in your network
configuration.

Wietse

Re: syntax for multiple addresses in transport

[Wietse Venema]

Cory Coager:
> What is the syntax for specifying multiple addresses in transport for 
> smtp?  Something like:
> 
> example.com  smtp:[gateway1.example.com] smtp:[gateway2.example.com]

The syntax is fully documented in the transport(5) manual page.

You can safely conclude that functionality does not exist
unless it is documented.

Wietse

Re: syntax for multiple addresses in transport

[Victor Duchovni]

On Thu, Jan 22, 2009 at 12:26:54PM -0500, Cory Coager wrote:

> What is the syntax for specifying multiple addresses in transport for smtp? 
>  Something like:
>
> example.com  smtp:[gateway1.example.com] smtp:[gateway2.example.com]

No, there is no multi-nexthop syntax in the transport table. However, with
SMTP, you are free to use names that resolve to multiple IP addresses,
or names (without []) that have multiple MX records.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: syntax for multiple addresses in transport

[Cory Coager]

Victor Duchovni said the following on 01/22/2009 12:31 PM:

On Thu, Jan 22, 2009 at 12:26:54PM -0500, Cory Coager wrote:

  
What is the syntax for specifying multiple addresses in transport for smtp? 
 Something like:


example.com  smtp:[gateway1.example.com] smtp:[gateway2.example.com]



No, there is no multi-nexthop syntax in the transport table. However, with
SMTP, you are free to use names that resolve to multiple IP addresses,
or names (without []) that have multiple MX records.

  
Is there another way of adding multiple addresses for transport of a 
domain?  Round robin DNS would work I guess but not as good as a 
failover.  If one of the addresses in the DNS is down the transport is 
going to get delayed for that MX and the mailq is going to build up.





The information contained in this communication is intended
only for the use of the recipient(s) named above. It may
contain information that is privileged or confidential, and
may be protected by State and/or Federal Regulations. If
the reader of this message is not the intended recipient,
you are hereby notified that any dissemination,
distribution, or copying of this communication, or any of
its contents, is strictly prohibited. If you have received
this communication in error, please return it to the sender
immediately and delete the original message and any copy
of it from your computer system. If you have any questions
concerning this message, please contact the sender.

Re: syntax for multiple addresses in transport

[Noel Jones]

Cory Coager wrote:

Victor Duchovni said the following on 01/22/2009 12:31 PM:

On Thu, Jan 22, 2009 at 12:26:54PM -0500, Cory Coager wrote:

  
What is the syntax for specifying multiple addresses in transport for smtp? 
 Something like:


example.com  smtp:[gateway1.example.com] smtp:[gateway2.example.com]



No, there is no multi-nexthop syntax in the transport table. However, with
SMTP, you are free to use names that resolve to multiple IP addresses,
or names (without []) that have multiple MX records.

  
Is there another way of adding multiple addresses for transport of a 
domain?  Round robin DNS would work I guess but not as good as a 
failover.  If one of the addresses in the DNS is down the transport is 
going to get delayed for that MX and the mailq is going to build up.


Why would an address in DNS being down be any different from 
an address specified in a config file being down?


Anyway, if you don't want to put special entries in DNS you 
can add entries to your hosts file to simulate multiple A records.


--
Noel Jones

Re: syntax for multiple addresses in transport

[Cory Coager]

Noel Jones said the following on 01/22/2009 03:20 PM:
Is there another way of adding multiple addresses for transport of a 
domain?  Round robin DNS would work I guess but not as good as a 
failover.  If one of the addresses in the DNS is down the transport 
is going to get delayed for that MX and the mailq is going to build up.


Why would an address in DNS being down be any different from an 
address specified in a config file being down?


Anyway, if you don't want to put special entries in DNS you can add 
entries to your hosts file to simulate multiple A records.



I guess you are right, failover would try the primary and wait for a
timeout before attempting the failover address.

I was just looking into the hosts file but it doesn't seem like postfix
refers to it as I'm getting bounce messages:
Host or domain name not found. Name service error for
name=smtptest.localhost type=A: Host not found





The information contained in this communication is intended
only for the use of the recipient(s) named above. It may
contain information that is privileged or confidential, and
may be protected by State and/or Federal Regulations. If
the reader of this message is not the intended recipient,
you are hereby notified that any dissemination,
distribution, or copying of this communication, or any of
its contents, is strictly prohibited. If you have received
this communication in error, please return it to the sender
immediately and delete the original message and any copy
of it from your computer system. If you have any questions
concerning this message, please contact the sender.

Re: syntax for multiple addresses in transport

[Victor Duchovni]

On Thu, Jan 22, 2009 at 02:20:33PM -0600, Noel Jones wrote:

>> Is there another way of adding multiple addresses for transport of a 
>> domain?  Round robin DNS would work I guess but not as good as a failover. 
>>  If one of the addresses in the DNS is down the transport is going to get 
>> delayed for that MX and the mailq is going to build up.
>
> Why would an address in DNS being down be any different from an address 
> specified in a config file being down?

It would not. Postfix handles multipe IP addresses and/or MX hosts
robustly. If multiple servers are equally good destinations for a message
use either a logical DNS name with multiple IPs or equal weight MX hosts.
If one server is better than all the rest, use non-equal weight MX records.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: syntax for multiple addresses in transport

[Wietse Venema]

Cory Coager:
> Noel Jones said the following on 01/22/2009 03:20 PM:
> >> Is there another way of adding multiple addresses for transport of a 
> >> domain?  Round robin DNS would work I guess but not as good as a 
> >> failover.  If one of the addresses in the DNS is down the transport 
> >> is going to get delayed for that MX and the mailq is going to build up.
> >
> > Why would an address in DNS being down be any different from an 
> > address specified in a config file being down?
> >
> > Anyway, if you don't want to put special entries in DNS you can add 
> > entries to your hosts file to simulate multiple A records.
> >
> I guess you are right, failover would try the primary and wait for a
> timeout before attempting the failover address.
> 
> I was just looking into the hosts file but it doesn't seem like postfix
> refers to it as I'm getting bounce messages:
> Host or domain name not found. Name service error for
> name=smtptest.localhost type=A: Host not found

You need to enable hosts file lookup:

smtp_host_lookup = dns, hosts

Wietse

Postfix mail queue

[Martin Spinassi]

Hi list!

I've been using postfix since a few weeks. I always used qmail before
for mail servers, and I'm really impressed by postfix but there is
something that I really miss...

I use to use "qmHandle -m'MAIL_ID'" to see some mails that looks strange
or not normal, but can't figure out if there is something similar in
postfix or have to search it at the posfix path by myself.
Google can't answer (yes it can, but I'm probably asking it wrong) if
there is some kind of qmHandle for postfix.

Is there something to read a specific mail using the id that appears at
posqueue -p? What do you use for that task?


Thanks!


Cheers

Martín

Re: Postfix mail queue

[Noel Jones]

Martin Spinassi wrote:

Hi list!

I've been using postfix since a few weeks. I always used qmail before
for mail servers, and I'm really impressed by postfix but there is
something that I really miss...

I use to use "qmHandle -m'MAIL_ID'" to see some mails that looks strange
or not normal, but can't figure out if there is something similar in
postfix or have to search it at the posfix path by myself.
Google can't answer (yes it can, but I'm probably asking it wrong) if
there is some kind of qmHandle for postfix.

Is there something to read a specific mail using the id that appears at
posqueue -p? What do you use for that task?


Thanks!


Cheers

Martín



I use
postcat -q QUEUEID | less


http://www.postfix.org/postcat.1.html

--
Noel Jones

Re: Postfix can not bind to address (IP)

[Mike Pogue]

Thanks for helping me with this - you're right!

On Thu, Jan 22, 2009 at 7:44 PM, Wietse Venema  wrote:
> Mike Pogue:
>> You're right, the ip set on smtp_bind_address was wrong. Updated this
>> and restarted postfix.
>>
>> Got an error related to clamsmptpd, that tries to connect to x.x.x.x10
>> instead of localhost (127.0.0.1)
>> ~~~
>> www clamsmtpd: 102C71: SERVER: couldn't connect to: x.x.x.10:10026:
>> Transport endpoint is not connected
>> ~~~
>>
>> But the main question remains: how to configure postfix so the
>> outgoing IP is x.x.x.10 and not a random one (x.x.x.13 or x.x.x.14)?
>
> I repeat, Postfix is not a network address translator.
>
> If with smtp_bind_address == X, the machine sends out with
> source-address != X, then you need to look in your network
> configuration.
>
>Wietse
>

Re: Postfix mail queue

[Reinaldo de Carvalho]

On Thu, Jan 22, 2009 at 6:16 PM, Noel Jones  wrote:
> Martin Spinassi wrote:
>>
>> Is there something to read a specific mail using the id that appears at
>> posqueue -p? What do you use for that task?
>>
>> Martín
>
> I use
> postcat -q QUEUEID | less
>
> http://www.postfix.org/postcat.1.html
>
> --
> Noel Jones

I use Korreio. :D

http://sourceforge.net/project/screenshots.php?group_id=206408&ssid=95520

Ps: i'd like postfix support for bounce by command. :)

-- 
Reinaldo de Carvalho
http://korreio.sf.net (Now available in English)
http://python-cyrus.sf.net

Re: syntax for multiple addresses in transport

[Matt Rude]

Wietse Venema wrote:
> Cory Coager:
>> Noel Jones said the following on 01/22/2009 03:20 PM:
 Is there another way of adding multiple addresses for transport of a 
 domain?  Round robin DNS would work I guess but not as good as a 
 failover.  If one of the addresses in the DNS is down the transport 
 is going to get delayed for that MX and the mailq is going to build up.
>>> Why would an address in DNS being down be any different from an 
>>> address specified in a config file being down?
>>>
>>> Anyway, if you don't want to put special entries in DNS you can add 
>>> entries to your hosts file to simulate multiple A records.
>>>
>> I guess you are right, failover would try the primary and wait for a
>> timeout before attempting the failover address.
>>
>> I was just looking into the hosts file but it doesn't seem like postfix
>> refers to it as I'm getting bounce messages:
>> Host or domain name not found. Name service error for
>> name=smtptest.localhost type=A: Host not found
> 
> You need to enable hosts file lookup:
> 
> smtp_host_lookup = dns, hosts
> 
>   Wietse

Wouldn't it be:

smtp_host_lookup = dns, native

http://www.postfix.org/postconf.5.html#smtp_host_lookup

-Matt



signature.asc
Description: OpenPGP digital signature

Re: Postfix mail queue

[kemas]

Reinaldo de Carvalho wrote:

On Thu, Jan 22, 2009 at 6:16 PM, Noel Jones  wrote:
  

Martin Spinassi wrote:


Is there something to read a specific mail using the id that appears at
posqueue -p? What do you use for that task?

Martín
  

I use
postcat -q QUEUEID | less

http://www.postfix.org/postcat.1.html

--
Noel Jones



I use Korreio. :D

http://sourceforge.net/project/screenshots.php?group_id=206408&ssid=95520

Ps: i'd like postfix support for bounce by command. :)

  

does it have english version ?

Re: How to reject mispelled recipient domain

[Sahil Tandon]

On Thu, 22 Jan 2009, Ed W wrote:

> The problem is that so many scammers seem to buy these mis-spellings and
> hold them with no MX record set and so the poor user who mistypes
> effectively see's their message sit in the postfix queue for 5 days (or
> whatever your timeout is set to) and then 5 days later gets a notice
> about an email they probably forgot they wrote by then...

The sender would receive a notification (that the message is still in the
queue) if you set delay_warning_time to some non-zero value, i.e. 2h.  
See: http://www.postfix.org/postconf.5.html#delay_warning_time

-- 
Sahil Tandon 

Re: How to reject mispelled recipient domain

[christopher andrews]

I was reading this subject and I was wondering, if you thought about what
would happen if you compile a list of misspelled domains and denied
them instantly and the user mint to send it to one of those domains. I'm
saying this because what you may think is misspelled domain maybe a real
domain that user is sending a e-mail to. There are lot domains out there are
taken, so many people use domains that are spelled close to the one that was
taken.

On Thu, Jan 22, 2009 at 11:38 PM, Sahil Tandon  wrote:

> On Thu, 22 Jan 2009, Ed W wrote:
> > The problem is that so many scammers seem to buy these mis-spellings and
> > hold them with no MX record set and so the poor user who mistypes
> > effectively see's their message sit in the postfix queue for 5 days (or
> > whatever your timeout is set to) and then 5 days later gets a notice
> > about an email they probably forgot they wrote by then...
>
> The sender would receive a notification (that the message is still in the
> queue) if you set delay_warning_time to some non-zero value, i.e. 2h.
> See: http://www.postfix.org/postconf.5.html#delay_warning_time
>
> --
> Sahil Tandon 
>

Re: syntax for multiple addresses in transport

[Victor Duchovni]

On Thu, Jan 22, 2009 at 10:08:11PM -0600, Matt Rude wrote:

> > You need to enable hosts file lookup:
> > 
> > smtp_host_lookup = dns, hosts
> > 
> > Wietse
> 
> Wouldn't it be:
> 
> smtp_host_lookup = dns, native
> 
> http://www.postfix.org/postconf.5.html#smtp_host_lookup

Yes.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

relay config

[bharathan kailath]

the following is my main.cf
===
relay_recipient_maps =hash:/etc/postfix/relay_recipients
mime_header_checks = pcre:/etc/postfix/mime_header_checks
disable_dns_lookups = no
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = yes
disable_vrfy_command=yes
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
permit_mynetworks
reject_unauth_destination
check_recipient_access hash:/etc/postfix/roleaccount_exceptions
reject_non_fqdn_hostname
reject_invalid_hostname
check_client_access cidr:/etc/postfix/spam_cidr
check_helo_access pcre:/etc/postfix/helo_checks
reject_rbl_client  zen.spamhaus.org
reject_rhsbl_sender dsn.rfc-ignorant.org
permit

smtpd_data_restrictions =
reject_multi_recipient_bounce
reject_unauth_pipelining
permit


is there anything missed out in the above!
appreciate ur advices
thanks

Blocking account from sending (Still not working)

[Bill Loy]

After adding the lines 
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/restricted_senders

smtpd_restriction_classes = local_only
local_only = 
check_recipient_access hash:/etc/postfix/local_domains, reject

to the file /etc/postfix/main.cf: the server sill not allow anyone to send, but 
when I remove the smtpd like the servers allows sending

Any ideas?

Re: relay config

[Victor Duchovni]

On Fri, Jan 23, 2009 at 08:52:27AM +0200, bharathan kailath wrote:

> the following is my main.cf
> ===
> relay_recipient_maps =hash:/etc/postfix/relay_recipients
> mime_header_checks = pcre:/etc/postfix/mime_header_checks
> disable_dns_lookups = no
> mailbox_command =
> mailbox_transport =
> strict_8bitmime = no
> disable_mime_output_conversion = no
> smtpd_sender_restrictions = hash:/etc/postfix/access
> smtpd_client_restrictions =
> smtpd_helo_required = yes
> disable_vrfy_command=yes
> smtpd_helo_restrictions =
> strict_rfc821_envelopes = no
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient
> reject_non_fqdn_sender
> reject_unknown_sender_domain
> reject_unknown_recipient_domain
> permit_mynetworks
> reject_unauth_destination
> check_recipient_access hash:/etc/postfix/roleaccount_exceptions
> reject_non_fqdn_hostname
> reject_invalid_hostname
> check_client_access cidr:/etc/postfix/spam_cidr
> check_helo_access pcre:/etc/postfix/helo_checks
> reject_rbl_client  zen.spamhaus.org
> reject_rhsbl_sender dsn.rfc-ignorant.org
> permit
> 
> smtpd_data_restrictions =
> reject_multi_recipient_bounce
> reject_unauth_pipelining
> permit

Looks fine, just a few extraneous, but harmless, default settings that
could be dropped. You may find "dsn.rfc-ignorant.org" too aggressive for
outright rejection of mail.

In what sense is this a "relay config"? It will only accept mail for
 or  and deliver it locally...

http://www.postfix.org/BASIC_CONFIGURATION_README.html

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.