Virtual User/Domain --- Mail is not delivered

[Goutam Baul]

Dear List,

I am trying to configure postfix so that it works with virtual users and
serves for two domains. The users are having separate name spaces and the
details are kept in LDAP. The domains are rpg.in [defined in mydestination]
and cpl.in [defined in virtual_mailbox_domains]. The mail delivery for
rpg.in is having no problem. If I send a mail to cpl.in user then the
maillog file reports that the mail has been delivered to maildir but the
specific folder is not having the mail. The mail queue is also empty.

The command  postmap -q bo...@cpl.in ldap:/etc/postfix/maps.ldap   reports

/home/vmail/cpl.in/bonhi/Maildir/

The log file with verbosity for virtual increased is enclosed as it is a bit
long.

The postconf -n reports

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_destination_recipient_limit = 200
default_privs = vmail
default_process_limit = 105
disable_vrfy_command = yes
fallback_transport = virtual
home_mailbox = Maildir/
inet_interfaces = all
ipc_timeout = 5000s
local_transport = maildrop
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 25728640
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
rpgnet.com
mydomain = rpg.in
myhostname = mail.rpg.in
mynetworks = 127.0.0.0/8, 10.50.0.0/16
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
rbl_reply_maps = hash:/etc/postfix/imss_rbl_reply
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = check_sender_access
hash:/etc/postfix/rbl_sender_exception,reject_rbl_client
ASNQWAVAPX7S683TZDZFBFUVXP56QLC.r.mail-abuse.com,reject_rbl_client
ASNQWAVAPX7S683TZDZFBFUVXP56QLC.q.mail-abuse.com
smtpd_helo_required = yes
smtpd_recipient_limit = 250
smtpd_recipient_restrictions = permit_mynetworks,
permit_auth_destination, permit_sasl_authenticated, reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_mynetworks,
reject_unknown_sender_domain,permit_sasl_authenticated
smtpd_tls_auth_only = no
soft_bounce = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = ldap:forward
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = cpl.in
virtual_mailbox_maps = ldap:/etc/postfix/maps.ldap
virtual_minimum_uid = 5000
virtual_uid_maps = static:5000


 Can anybody help please? I am unable to find any clue to it.

With regards,

Goutam


maillog
Description: Binary data

Re: Virtual User/Domain --- Mail is not delivered

[Magnus Bäck]

On Wed, January 28, 2009 9:02 am, Goutam Baul said:

> I am trying to configure postfix so that it works with virtual users and
> serves for two domains. The users are having separate name spaces and the
> details are kept in LDAP. The domains are rpg.in [defined in
> mydestination]
> and cpl.in [defined in virtual_mailbox_domains]. The mail delivery for
> rpg.in is having no problem. If I send a mail to cpl.in user then the
> maillog file reports that the mail has been delivered to maildir but the
> specific folder is not having the mail. The mail queue is also empty.
>
> The command  postmap -q bo...@cpl.in ldap:/etc/postfix/maps.ldap   reports
>
> /home/vmail/cpl.in/bonhi/Maildir/

Yes, but because of

   virtual_mailbox_base = /home/vmail

the final mailbox path will be
/home/vmail//home/vmail/cpl.in/bonhi/Maildir/ (see the log file). Either
adjust virtual_mailbox_base or the contents of your LDAP directory.

[...]

-- 
Magnus Bäck
mag...@dsek.lth.se

RE: Virtual User/Domain --- Mail is not delivered

[Goutam Baul]

Magnus Bäck wrote:

>Yes, but because of

  > virtual_mailbox_base = /home/vmail

>the final mailbox path will be
>/home/vmail//home/vmail/cpl.in/bonhi/Maildir/ (see the log file). Either
>adjust virtual_mailbox_base or the contents of your LDAP directory.
Thanks for pointing out the silly mistake. I have changed the
virtual_mailbox_base entry to / and now the mail is getting delivered. But I
am finding another issue here. For the domain rpg.in, the mail is getting
delivered using maildrop and for cpl.in the mail is getting delivered using
virtual. I want that for both the cases the mail gets delivered using
maildrop. How do I configure that? I tried by changing the
fallback_transport entry in main.cf. It was virtual and I have changed it
with maildrop. But still the mail is getting delivered using virtual as I
can see from the maillog
For cpl.in
Jan 28 14:42:22 mail postfix/qmgr[1002]: D95D717E17: from=,
size=269, nrcpt=1 (queue active)
Jan 28 14:42:22 mail postfix/virtual[1014]: D95D717E17: to=,
relay=virtual, delay=0, status=sent (delivered to maildir)
Jan 28 14:42:22 mail postfix/qmgr[1002]: D95D717E17: removed
For rpg.in
Jan 28 14:46:33 mail postfix/cleanup[1110]: DB58817E17:
message-id=<20090128091633.db58817...@mail.rpg.in>
Jan 28 14:46:33 mail postfix/qmgr[1002]: DB58817E17: from=,
size=269, nrcpt=1 (queue active)
Jan 28 14:46:33 mail postfix/pipe[1112]: DB58817E17: to=,
relay=maildrop, delay=0, status=sent (rpg.in)
Jan 28 14:46:33 mail postfix/qmgr[1002]: DB58817E17: removed
As I am planning to use the quota feature of maildrop, I need to get the
delivery using maildrop. Kindly give me some indication.

With regards,
Goutam

SMTP sessions

[Rocco Scappatura]

Hello.

I have a mail gateway system that consists of several
Postfix+MySQL+Amavisd-new machines behind a load balancer.

I have defined a balancing policy based on number of SMTP sessions that
every server has to manage.

But, even if the session is perfectly balanced, I see that the average
latency of a message in Postfix queues is too high on some machines and
quite zero on other.

And the same happens for CPU's load.

What I infer is that every session can be used to devilver/send
different email messages (other then every message as inerently a
different size).

It is right my argument or Im wrong in something? If yes, has Postfix
the control of the number of message that could be manage by each SMTP
session?

Thanks,

rocsca

Splitting recieve/transmit processes

[Mark Watts]

I have a requirement to split a postfix relay installation across two servers.

One server will be responsible for receiving incoming SMTP email, and 
queueuing it on disk.

A 3rd party piece of software will be responsible for moving the queued mail 
to the second server. (Additional processing on the mail will happen here).

The second server will be responsible for picking up the queue and continuing 
the SMTP relaying process.

This system will not be connected to the Internet, and is designed to be used 
in a controlled environment.


Does anyone have any advice on configuring postfix in such a way?


Mark.

-- 
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Applied Technologies
GPG Key: http://www.linux-corner.info/mwatts.gpg


signature.asc
Description: This is a digitally signed message part.

Re: Splitting recieve/transmit processes

[Wietse Venema]

Mark Watts:
> I have a requirement to split a postfix relay installation across two servers.
> 
> One server will be responsible for receiving incoming SMTP email, and 
> queueuing it on disk.
> 
> A 3rd party piece of software will be responsible for moving the queued mail 
> to the second server. (Additional processing on the mail will happen here).

Postfix has two "queue export" mechanisms: smtp(8) and pipe(8).
Direct queue file access by non-Postfix software is unsupported.

Wietse

> The second server will be responsible for picking up the queue and continuing 
> the SMTP relaying process.
> 
> This system will not be connected to the Internet, and is designed to be used 
> in a controlled environment.
> 
> 
> Does anyone have any advice on configuring postfix in such a way?
> 
> 
> Mark.
> 
> -- 
> Mark Watts BSc RHCE MBCS
> Senior Systems Engineer
> QinetiQ Applied Technologies
> GPG Key: http://www.linux-corner.info/mwatts.gpg
-- End of PGP section, PGP failed!

Re: Splitting recieve/transmit processes

[Mark Watts]

On Wednesday 28 January 2009 13:10:52 Wietse Venema wrote:
> Mark Watts:
> > I have a requirement to split a postfix relay installation across two
> > servers.
> >
> > One server will be responsible for receiving incoming SMTP email, and
> > queueuing it on disk.
> >
> > A 3rd party piece of software will be responsible for moving the queued
> > mail to the second server. (Additional processing on the mail will happen
> > here).
>
> Postfix has two "queue export" mechanisms: smtp(8) and pipe(8).
> Direct queue file access by non-Postfix software is unsupported.

Assuming no modification of the queue files is necessary, is duplication 
of /var/spool/postfix/queue/ to another machine possible?
The remote machine will never recieve email (due to the closed environment).

I understand that the use of "postsuper" may deal with the naming/inode 
issue - is this correct?

Mark.

-- 
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Applied Technologies
GPG Key: http://www.linux-corner.info/mwatts.gpg


signature.asc
Description: This is a digitally signed message part.

Re: Splitting recieve/transmit processes

[Wietse Venema]

Mark Watts:
> On Wednesday 28 January 2009 13:10:52 Wietse Venema wrote:
> > Mark Watts:
> > > I have a requirement to split a postfix relay installation across two
> > > servers.
> > >
> > > One server will be responsible for receiving incoming SMTP email, and
> > > queueuing it on disk.
> > >
> > > A 3rd party piece of software will be responsible for moving the queued
> > > mail to the second server. (Additional processing on the mail will happen
> > > here).
> >
> > Postfix has two "queue export" mechanisms: smtp(8) and pipe(8).
> > Direct queue file access by non-Postfix software is unsupported.
> 
> Assuming no modification of the queue files is necessary, is duplication 
> of /var/spool/postfix/queue/ to another machine possible?
> The remote machine will never recieve email (due to the closed environment).

If you don't care about things being reliable, then sure do whatever.

- Reading incomplete mail from the queue.
- Deleting the wrong message because Postfix reuses the file name.
- Breaking delivery status notifications with one-way replication.

None of these issues need to exist when you use the proper export
mechanisms. For example, you could set up UUCP where the inside
host polls the outside host. You could use BSMTP (see example in
master.cf) as a way to export mail in a safe way.

> I understand that the use of "postsuper" may deal with the naming/inode 
> issue - is this correct?

That is the least of your problems.

Wietse

Postfix overquota filter

[Eduardo Costa]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi everyone,

I have install postfix-2.5.5+ldap+vilrtualdomains. I want to have quotas
for each virtual user, and when the quota is exceeded for a user
continue to receive emails for that user from a list of emails or domain
that I can set. Anyone can help me?

Best regards

- --

 Eduardo Costa

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmAb9MACgkQJa9ae5wA30qx5gCeIhSw7BS+SGK/5cJzo+V9pXCj
zD4An0FpF0uWh6ZRmJcUFTaXiFRHw2sL
=Aw/Y
-END PGP SIGNATURE-

How to allow roaming mail client to send mails via its mail server

[Stephen Liu]

Hi folks


OS- Debian Etch
Xen
postfix
courier
perdition
perdition-mysql
MySQL
Single public IP


Dom0 - Debian Etch workstation
Server-1, domU1 for routing with perdition and perdition-mysql
installed
Server-2, domU2, mail server for domain-A
Server-3, domU3, mail server for domain-B
etc.


This is server virtualization for testing.  The whole system is working
nicely.  Mails of domain-A are delivered to Server-2, mails of domain-B
delivered to Server-3, etc.  Roaming clients can login their servers to
download mails.  But they can't send mails via their server.


Please advise how to configure perdition allowing roaming mail clients
to send mails via their server.  OR I have to use another solution? 
TIA


B.R
Stephen L

Send instant messages to your online friends http://uk.messenger.yahoo.com 

XCLIENT question

[Artem Bokhan]

>XCLIENT NAME ADDR PROTO HELO REVERSE_NAME

Do NAME and REVERSE_NAME from XCLIENT agree with this description from 
smtpd_peer.c ?


/* .IP name
/*  The verified client hostname. This name is represented by
/*  the string "unknown" when 1) the address->name lookup failed,
/*  2) the name->address mapping fails, or 3) the name->address
/*  does not produce the client IP address.

/* .IP reverse_name
/*  The unverified client hostname as found with address->name
/*  lookup; it is not verified for consistency with the client
/*  IP address result from name->address lookup.

Re: How to allow roaming mail client to send mails via its mail server

[Brian Evans - Postfix List]

Stephen Liu wrote:
> Hi folks
>
> Dom0 - Debian Etch workstation
> Server-1, domU1 for routing with perdition and perdition-mysql
> installed
> Server-2, domU2, mail server for domain-A
> Server-3, domU3, mail server for domain-B
> etc.
>
>
> This is server virtualization for testing.  The whole system is working
> nicely.  Mails of domain-A are delivered to Server-2, mails of domain-B
> delivered to Server-3, etc.  Roaming clients can login their servers to
> download mails.  But they can't send mails via their server.
>
>
> Please advise how to configure perdition allowing roaming mail clients
> to send mails via their server.  OR I have to use another solution? 
> TIA
>
>   

Welcome to the list.
First, please keep questions to Postfix and not (insert your favorite
IMAP/POP3 server here).
Second, please refer to the list's welcome message: TO REPORT A PROBLEM
SEE http://www.postfix.org/DEBUG_README.html#mail

We need to know things like 'postconf -n' to see if SASL is enabled.

Brian

Re: Virtual User/Domain --- Mail is not delivered

[Brian Evans - Postfix List]

Goutam Baul wrote:
> Magnus Bäck wrote:
>
>   
>> Yes, but because of
>> 
>
>   > virtual_mailbox_base = /home/vmail
>
>   
>> the final mailbox path will be
>> /home/vmail//home/vmail/cpl.in/bonhi/Maildir/ (see the log file). Either
>> adjust virtual_mailbox_base or the contents of your LDAP directory.
>> 
> Thanks for pointing out the silly mistake. I have changed the
> virtual_mailbox_base entry to / and now the mail is getting delivered. But I
> am finding another issue here. For the domain rpg.in, the mail is getting
> delivered using maildrop and for cpl.in the mail is getting delivered using
> virtual. I want that for both the cases the mail gets delivered using
> maildrop. How do I configure that? I tried by changing the
>   

The default virtual_transport is virtual.
Be aware that settings like virtual_mailbox_base, virtual_(u|g)id_maps,
and virtual_minimum_uid are for the virtual(8) delivery agent only.
Also, virutal_mailbox_maps will serve as a verification engine only. No
result is actually used when the delivery agent is not virtual(8).

Referencing http://www.postfix.org/MAILDROP_README.html#direct , it
seems as if you should have all domains listed in
virtual_mailbox_domains if all users are truly virtual.
Do not list a domain in more than one address class.

Suggest the following: (season to taste)

virtual_transport = maildrop
virtual_mailbox_domains = rpgnet.com, $mydomain, cpl.in

Brian

> fallback_transport entry in main.cf. It was virtual and I have changed it
> with maildrop. But still the mail is getting delivered using virtual as I
> can see from the maillog
> For cpl.in
> Jan 28 14:42:22 mail postfix/qmgr[1002]: D95D717E17: from=,
> size=269, nrcpt=1 (queue active)
> Jan 28 14:42:22 mail postfix/virtual[1014]: D95D717E17: to=,
> relay=virtual, delay=0, status=sent (delivered to maildir)
> Jan 28 14:42:22 mail postfix/qmgr[1002]: D95D717E17: removed
> For rpg.in
> Jan 28 14:46:33 mail postfix/cleanup[1110]: DB58817E17:
> message-id=<20090128091633.db58817...@mail.rpg.in>
> Jan 28 14:46:33 mail postfix/qmgr[1002]: DB58817E17: from=,
> size=269, nrcpt=1 (queue active)
> Jan 28 14:46:33 mail postfix/pipe[1112]: DB58817E17: to=,
> relay=maildrop, delay=0, status=sent (rpg.in)
> Jan 28 14:46:33 mail postfix/qmgr[1002]: DB58817E17: removed
> As I am planning to use the quota feature of maildrop, I need to get the
> delivery using maildrop. Kindly give me some indication.
>
> With regards,
> Goutam
>
>
>
>   

myorigin = $mydomain, but where is mydomain defined?

[MountainX]

I was reading the SOHO doc and decied that setting "myorigin = $mydomain"
might address my needs. (I was just guessing, because it isn't clear to me
exactly what this setting does.) After making the change, I have the problem
where my postfix logs show emails addressed like this:
from= 
and if that is obfuscated, it is:
from=
There is no domain name. Obviously, I must not have defined mydomain. How
and where do I do this? Thanks.

FYI, I did this before posting my question:
http://www.google.com/search?q=postfix+define+mydomain
but I'm not finding the answer yet...


-
http://davestechshop.net blog 
-- 
View this message in context: 
http://www.nabble.com/myorigin-%3D-%24mydomain%2C-but-where-is-mydomain-defined--tp21709008p21709008.html
Sent from the Postfix mailing list archive at Nabble.com.

Re: myorigin = $mydomain, but where is mydomain defined?

[Brian Evans - Postfix List]

MountainX wrote:
> I was reading the SOHO doc and decied that setting "myorigin = $mydomain"
> might address my needs. (I was just guessing, because it isn't clear to me
> exactly what this setting does.) After making the change, I have the problem
> where my postfix logs show emails addressed like this:
> from= 
> and if that is obfuscated, it is:
> from=
> There is no domain name. Obviously, I must not have defined mydomain. How
> and where do I do this? Thanks.
>
> FYI, I did this before posting my question:
> http://www.google.com/search?q=postfix+define+mydomain
> but I'm not finding the answer yet...
>   
The official documentation is often the best source.

http://www.postfix.org/postconf.5.html#mydomain

Brian

Re: SMTP sessions

[Victor Duchovni]

On Wed, Jan 28, 2009 at 12:39:01PM +0100, Rocco Scappatura wrote:

> I have a mail gateway system that consists of several
> Postfix+MySQL+Amavisd-new machines behind a load balancer.
> 
> I have defined a balancing policy based on number of SMTP sessions that
> every server has to manage.

New connections are given to the server with the fewest connections?

> But, even if the session is perfectly balanced, I see that the average
> latency of a message in Postfix queues is too high on some machines and
> quite zero on other.

Are the same servers overloaded over a long period of time? And lightly
loaded servers remain lightly loaded?

What is the critical resource? Disk I/O? CPU? Output concurrency?

> What I infer is that every session can be used to devilver/send
> different email messages (other then every message as inerently a
> different size).
> 
> It is right my argument or Im wrong in something? If yes, has Postfix
> the control of the number of message that could be manage by each SMTP
> session?

Take a look at "qshape", is there a lot of deferred mail on some systems
and not others? Are you doing recipient validation, or accepting and
bouncing a lot of mail?

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: XCLIENT question

[Wietse Venema]

Artem Bokhan:
>  >XCLIENT NAME ADDR PROTO HELO REVERSE_NAME
> 
> Do NAME and REVERSE_NAME from XCLIENT agree with this description from 
> smtpd_peer.c ?

NAME agrees with the XCLIENT documentation - it is meant to be
something that other MTAs can implement too so it must not depend
on Postfix implementation details.

REVERSE_NAME never got documented. That should be fixed. It's
a PTR record value.

Wietse

> /* .IP name
> /*  The verified client hostname. This name is represented by
> /*  the string "unknown" when 1) the address->name lookup failed,
> /*  2) the name->address mapping fails, or 3) the name->address
> /*  does not produce the client IP address.
> 
> /* .IP reverse_name
> /*  The unverified client hostname as found with address->name
> /*  lookup; it is not verified for consistency with the client
> /*  IP address result from name->address lookup.
> 
> 
> 

sasl_passwd.db permissions?

[MountainX]

I did chmod 600 on sasl_passwd. Do I need to do the same to sasl_passwd.db?
Thanks

-
http://davestechshop.net blog 
-- 
View this message in context: 
http://www.nabble.com/sasl_passwd.db-permissions--tp21709460p21709460.html
Sent from the Postfix mailing list archive at Nabble.com.

Re: Header/body checks question, problem.

[Jim Seymour]

wie...@porcupine.org (Wietse Venema) wrote:
> 
> KLaM Postmaster:
> > Among the stuff being rejected is the output of pflogsumm, I run a daily
> > a report and email it to postmaster. I was not getting the reports so I
> 
> See http://www.postfix.org/http://www.postfix.org/BUILTIN_FILTER_README.html
> section "Preventing daily mail status reports from being blocked".

Yeah, or pflogsumm's own FAQ, which has had an entry for this for
about forever.

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at .

Re: myorigin = $mydomain, but where is mydomain defined?

[MountainX]

Brian Evans - Postfix List wrote:
> 
> MountainX wrote:
>> I was reading the SOHO doc and decied that setting "myorigin = $mydomain"
>> might address my needs. (I was just guessing, because it isn't clear to
>> me
>> exactly what this setting does.) After making the change, I have the
>> problem
>> where my postfix logs show emails addressed like this:
>> from= 
>> and if that is obfuscated, it is:
>> from=
>> There is no domain name. Obviously, I must not have defined mydomain. How
>> and where do I do this? Thanks.
>>
>> FYI, I did this before posting my question:
>> http://www.google.com/search?q=postfix+define+mydomain
>> but I'm not finding the answer yet...
>>   
> The official documentation is often the best source.
> 
> http://www.postfix.org/postconf.5.html#mydomain
> 
> Brian
> 
> 

Thank you. Now I realize I have a config that may not be right.
I have mydomain = example.com
and myhostname = example.com

and in generic, I have:
@localhostme-at-example.com

Are those settings all OK?

-
http://davestechshop.net blog 
-- 
View this message in context: 
http://www.nabble.com/myorigin-%3D-%24mydomain%2C-but-where-is-mydomain-defined--tp21709008p21709582.html
Sent from the Postfix mailing list archive at Nabble.com.

New Pflogsumm Maintainer Needed

[Jim Seymour]

Hi All,

I'm simplifiying my life.  Amonst other things, that means I'm dropping
my business class DSL circuit and all of my involvement in projects,
documentation, anti-spam efforts, etc.

If somebody *qualified* wants to officially take over maintenance of
Pflogsumm, please speak up.

"Qualified" means at least as knowledgable as I about Perl (not
too-difficult a hurdle) and not the type to bloat a utility beyond all
reason by bowing to every piddling little feature request everybody
asks for in a bid to retain the popularity of your project.

If somebody has a recommentation for another individual, that, too, is
welcome.

I hope those of you that have used it have found pflogsumm useful, and
I'll take this opportunity to again thank the various contributors,
over the years.

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at .

smtpd_tls_session_cache_database - correct config?

[MountainX]

which of these lines is more correct? I'm guessing the 2nd line is better.

smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
or
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

same question here:
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


If it makes a difference, I'm on Ubuntu 8.04. Thanks.

-
http://davestechshop.net blog 
-- 
View this message in context: 
http://www.nabble.com/smtpd_tls_session_cache_database---correct-config--tp21709779p21709779.html
Sent from the Postfix mailing list archive at Nabble.com.

Re: sasl_passwd.db permissions?

[Patrick Ben Koetter]

* MountainX :
> 
> I did chmod 600 on sasl_passwd. Do I need to do the same to sasl_passwd.db?
> Thanks

Delete sasl_passwd.db and recreate it using the postmap command. The postmap
command honours permissions.

p...@rick




> 
> -
> http://davestechshop.net blog 
> -- 
> View this message in context: 
> http://www.nabble.com/sasl_passwd.db-permissions--tp21709460p21709460.html
> Sent from the Postfix mailing list archive at Nabble.com.
> 

-- 
The Book of Postfix

saslfinger (debugging SMTP AUTH):

Re: myorigin = $mydomain, but where is mydomain defined?

[Brian Evans - Postfix List]

MountainX wrote:
>
> Brian Evans - Postfix List wrote:
>   
>> MountainX wrote:
>> 
>>> I was reading the SOHO doc and decied that setting "myorigin = $mydomain"
>>> might address my needs. (I was just guessing, because it isn't clear to
>>> me
>>> exactly what this setting does.) After making the change, I have the
>>> problem
>>> where my postfix logs show emails addressed like this:
>>> from= 
>>> and if that is obfuscated, it is:
>>> from=
>>> There is no domain name. Obviously, I must not have defined mydomain. How
>>> and where do I do this? Thanks.
>>>
>>> FYI, I did this before posting my question:
>>> http://www.google.com/search?q=postfix+define+mydomain
>>> but I'm not finding the answer yet...
>>>   
>>>   
>> The official documentation is often the best source.
>>
>> http://www.postfix.org/postconf.5.html#mydomain
>>
>> Brian
>>
>>
>> 
>
> Thank you. Now I realize I have a config that may not be right.
> I have mydomain = example.com
> and myhostname = example.com
>
>   

In  your case, you should have something like:
mydomain = example.com
myhostname = mail.example.com

myhostname must be the fully qualified name.

Brian

Re: smtpd_tls_session_cache_database - correct config?

[Victor Duchovni]

On Wed, Jan 28, 2009 at 08:55:43AM -0800, MountainX wrote:

> 
> which of these lines is more correct? I'm guessing the 2nd line is better.
> 
> smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
> or
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> 
> same question here:
> smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> 
> 
> If it makes a difference, I'm on Ubuntu 8.04. Thanks.

The second, for sufficiently recent versions of Postfix.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: smtpd_tls_session_cache_database - correct config?

[MountainX]

MountainX wrote:
> 
> which of these lines is more correct? I'm guessing the 2nd line is better.
> 
> smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
> or
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> 
> same question here:
> smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> 
> 
> If it makes a difference, I'm on Ubuntu 8.04. Thanks.
> 

Thank you. I made the change. Do I need to delete any old cache contents? If
so, how? 

-
http://davestechshop.net blog 
-- 
View this message in context: 
http://www.nabble.com/smtpd_tls_session_cache_database---correct-config--tp21709779p21709938.html
Sent from the Postfix mailing list archive at Nabble.com.

Re: smtpd_tls_session_cache_database - correct config?

[Brian Evans - Postfix List]

MountainX wrote:
> which of these lines is more correct? I'm guessing the 2nd line is better.
>
> smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
> or
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>
> same question here:
> smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>
>
> If it makes a difference, I'm on Ubuntu 8.04. Thanks.
>   
Please list Postfix version instead of distribution.

This is relevant in this case because data_directory was introduced with
Postfix 2.5.
Several items are required to use data_directory like the cache
databases mentioned above in 2.5+\
Postfix will complain in the logs if it is incorrect.

Brian

Re: myorigin = $mydomain, but where is mydomain defined?

[MountainX]

Brian Evans - Postfix List wrote:
> 
> MountainX wrote:
>>
>> Brian Evans - Postfix List wrote:
>>   
>>> MountainX wrote:
>>> 
 I was reading the SOHO doc and decied that setting "myorigin =
 $mydomain"
 might address my needs. (I was just guessing, because it isn't clear to
 me
 exactly what this setting does.) After making the change, I have the
 problem
 where my postfix logs show emails addressed like this:
 from= 
 and if that is obfuscated, it is:
 from=
 There is no domain name. Obviously, I must not have defined mydomain.
 How
 and where do I do this? Thanks.

 FYI, I did this before posting my question:
 http://www.google.com/search?q=postfix+define+mydomain
 but I'm not finding the answer yet...
   
   
>>> The official documentation is often the best source.
>>>
>>> http://www.postfix.org/postconf.5.html#mydomain
>>>
>>> Brian
>>>
>>>
>>> 
>>
>> Thank you. Now I realize I have a config that may not be right.
>> I have mydomain = example.com
>> and myhostname = example.com
>>
>>   
> 
> In  your case, you should have something like:
> mydomain = example.com
> myhostname = mail.example.com
> 
> myhostname must be the fully qualified name.
> 
> Brian
> 
> 

But would it be correct to leave it as it?
One reason is that my spam settings (which I copied/pasted into postfix
config) are so tight that basic functionality fails if I am using two or
more domains (example.com and xyz.example.com). And I kind of like it like
this. I just want it simple and I want it secure. And since I don't
understand the spam settings, I want to leave them as they are, which means
they only work when I use only a single domain (example.com with no
hostname).

BTW, mail.example.com is defined in DNS as a CNAME record pointing to
ghs.google.com, so I don't want to use that anyway.

I have the option to use xyz.example.com, but there is no A record defined
for xyz.example.com nor do I want there to be one. (xyz means anything)

I simply want everything in the email headers to always show up as
example.com not nnn.example.com. 
My entire domain really consists of a single server hosting a blog.

Thanks for your continued assistance.

-
http://davestechshop.net blog 
-- 
View this message in context: 
http://www.nabble.com/myorigin-%3D-%24mydomain%2C-but-where-is-mydomain-defined--tp21709008p21710351.html
Sent from the Postfix mailing list archive at Nabble.com.

Re: smtp relay and smtp verification

[Noel Jones]

David Koski wrote:

On Tuesday 27 January 2009, Sahil Tandon wrote:

450 4.1.1 : Recipient address rejected:
undeliverable address: host cuda2.myrelayhost.com[65.183.202.16] said:
550 Blocked (in reply to RCPT TO command)

Careful when munging!  You forgot to obfuscate xx.xxx.xxx.xx. :-)


Is it not permitted to use recipient verification through a relay server?

So cuda2.cascadenetworks.com does not believe e...@mytestdomain.com is a
valid recipient.


That seems to be the case when doing recipient verification.  But without it 
accepts the email to e...@mytestdomain.com happily.




Wild guess of the day is that the barracuda doesn't like the 
sender address used with the verification probes.


Use the address_verify_sender parameter to control the sender 
address postfix uses.  If you have postfix earlier than 2.5, 
set the following in your main.cf:

address_verify_sender = $double_bounce_sender
Or try some other valid user name until you find something the 
barracuda likes.

http://www.postfix.org/postconf.5.html#address_verify_sender

If that just doesn't work, you may need to direct your address 
probes directly at the mail server behind the barracuda. See 
the following to control routing of address probes:

http://www.postfix.org/ADDRESS_VERIFICATION_README.html#probe_routing

Note that rejecting the null sender address is a very poor 
anti-spam choice. Some sites also reject mail from 
"postmas...@..." which is not much better.

http://rfc-ignorant.org/policy-dsn.php

--
Noel Jones

Re: myorigin = $mydomain, but where is mydomain defined?

[MountainX]

Brian Evans - Postfix List wrote:
> 
> MountainX wrote:
>>
>> Brian Evans - Postfix List wrote:
>>   
>>> MountainX wrote:
>>> 
 I was reading the SOHO doc and decied that setting "myorigin =
 $mydomain"
 might address my needs. (I was just guessing, because it isn't clear to
 me
 exactly what this setting does.) After making the change, I have the
 problem
 where my postfix logs show emails addressed like this:
 from= 
 and if that is obfuscated, it is:
 from=
 There is no domain name. Obviously, I must not have defined mydomain.
 How
 and where do I do this? Thanks.

 FYI, I did this before posting my question:
 http://www.google.com/search?q=postfix+define+mydomain
 but I'm not finding the answer yet...
   
   
>>> The official documentation is often the best source.
>>>
>>> http://www.postfix.org/postconf.5.html#mydomain
>>>
>>> Brian
>>>
>>>
>>> 
>>
>> Thank you. Now I realize I have a config that may not be right.
>> I have mydomain = example.com
>> and myhostname = example.com
>>
>>   
> 
> In  your case, you should have something like:
> mydomain = example.com
> myhostname = mail.example.com
> 
> myhostname must be the fully qualified name.
> 
> Brian
> 
> 

Is this error related to the above changes? I did not change my
spam/security settings at all.

Jan 28 12:48:43 ubuntu postfix/smtp[25852]: D2331D: to=,
relay=none, delay=13, delays=13/0.1/0/0, dsn=5.4.4, status=bounced (Host or
domain name not found. Name service error for name=localhost type=: Host
not found)

Any idea how I can resolve this? thanks.

-
http://davestechshop.net blog 
-- 
View this message in context: 
http://www.nabble.com/myorigin-%3D-%24mydomain%2C-but-where-is-mydomain-defined--tp21709008p21711039.html
Sent from the Postfix mailing list archive at Nabble.com.

Re: sasl_passwd.db permissions?

[swilting]

hi all

I also like the problem and I do not know how to create the
database
sasl2.db

all the best

thank for your feedback
Le mercredi 28 janvier 2009 à 17:57 +0100, Patrick Ben Koetter a écrit :
> * MountainX :
> > 
> > I did chmod 600 on sasl_passwd. Do I need to do the same to sasl_passwd.db?
> > Thanks
> 
> Delete sasl_passwd.db and recreate it using the postmap command. The postmap
> command honours permissions.
> 
> p...@rick
> 
> 
> 
> 
> > 
> > -
> > http://davestechshop.net blog 
> > -- 
> > View this message in context: 
> > http://www.nabble.com/sasl_passwd.db-permissions--tp21709460p21709460.html
> > Sent from the Postfix mailing list archive at Nabble.com.
> > 
> 

looking to pay for problem solving on minor Postfix issue

[MountainX]

If you are a Postfix expert, I am willing to pay for your help (via email,
chat, etc.) to resolve several minor problems I'm having with Postfix
(you've probably some of them seen on this list). I can pay via PayPal. (I
know how consulting relationships work. I'm serious. I have paid for
consulting like this many times before on various open source projects over
the last year or more.) 

Who has some time available now?

-
http://davestechshop.net blog 
-- 
View this message in context: 
http://www.nabble.com/looking-to-pay-for-problem-solving-on-minor-Postfix-issue-tp21711590p21711590.html
Sent from the Postfix mailing list archive at Nabble.com.

Re: XCLIENT question

[Bokhan Artem]

So how postfix interprets NAME and REVERSE_NAME?
I want to understand, how not to break, for example, "reject_unknown_client_hostname" and 
"reject_unknown_reverse_client_hostname" behavior, when passing names via XCLIENT but not 
via postfix resolver.

Wietse Venema пишет:

Artem Bokhan:

 >XCLIENT NAME ADDR PROTO HELO REVERSE_NAME

Do NAME and REVERSE_NAME from XCLIENT agree with this description from 
smtpd_peer.c ?


NAME agrees with the XCLIENT documentation - it is meant to be
something that other MTAs can implement too so it must not depend
on Postfix implementation details.

REVERSE_NAME never got documented. That should be fixed. It's
a PTR record value.

Wietse


/* .IP name
/*  The verified client hostname. This name is represented by
/*  the string "unknown" when 1) the address->name lookup failed,
/*  2) the name->address mapping fails, or 3) the name->address
/*  does not produce the client IP address.

/* .IP reverse_name
/*  The unverified client hostname as found with address->name
/*  lookup; it is not verified for consistency with the client
/*  IP address result from name->address lookup.

Re: looking to pay for problem solving on minor Postfix issue

[Evan Platt]

While I'll probably get flamed for this... 
There are probably tons of people who'd jump at the chance for this - 
easy money. I'm one of them - I love easy money. If I knew enough 
postfix, I'd jump on this. But as it is, I know just enough to be dangerous.


Your best bet is to - excuse the expression - RTFM, follow along with 
it, and ask questions as they come up.


Sure, you could pay someone to set it up and configure it for you, 
but when something breaks, which WILL happen, you'll then likely have 
to pay someone to fix it, whereas if YOU set it up, if YOU RTFM'd, if 
YOU configured it, you'd be more likely to know how to fix any 
potential problems that creep up.


And, as others have pointed out, you don't yet have a working 
firewall, or at least the know how on creating one. That should be 
step one  Then worry about postfix.


Just my .02...



PS: A lot of people block posts from Nabble. You may want to consider 
joining the group directly.



At 10:19 AM 1/28/2009, MountainX wrote:


If you are a Postfix expert, I am willing to pay for your help (via email,
chat, etc.) to resolve several minor problems I'm having with Postfix
(you've probably some of them seen on this list). I can pay via PayPal. (I
know how consulting relationships work. I'm serious. I have paid for
consulting like this many times before on various open source projects over
the last year or more.)

Who has some time available now?

Duplicate messages

[Gabriel Hahmann]

Hi all,

I'm recently having a big issue with postfix.

I have an alias that includes all users from my organization, there is no
loop here, i'm sure.

When somebody sends an email to that alias, all users from my organization
keep receiving this message 10, 20, 30, 40 times, 40 times the same message
that was sended only once.

Here is my configuration:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body-checks.regexp
broken_sasl_auth_clients = yes
command_time_limit = 4h
config_directory = /etc/postfix
debug_peer_level = 2
defer_transports =
header_checks = regexp:/etc/postfix/header-checks.regexp
inet_interfaces = all
inet_protocols = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 5
message_size_limit = 500
mydestination = $myhostname, $mydomain, localh...@$mydomain
mydomain = example.com.br
myhostname = smtp-gw.example.com.br
mynetworks = 127.0.0.0/8,192.168.0.0/24
myorigin = /etc/mailname
recipient_delimiter = +
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks
,permit_sasl_authenticated,check_client_access
hash:/etc/postfix/helo-whitelist,check_helo_access
regexp:/etc/postfix/helo-invalid.regexp
,reject_invalid_hostname,reject_non_fqdn_hostname
,reject_unknown_hostname
smtpd_recipient_restrictions = permit_mynetworks
,permit_sasl_authenticated,check_client_access
hash:/etc/postfix/helo-whitelist,reject_unauth_destination
,check_sender_access hash:/etc/postfix/sender-blacklist
,reject_unauth_pipelining,check_policy_service
unix:private/policy,check_policy_service inet:127.0.0.1:6
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes

I'm running ubuntu 8.04 (Upgraded from 7.04 -> 7.10) with postfix version
2.5.1-2ubuntu1.2.

Any help will be really appreciated.

Thanks in advance.

[]'s
Gabriel.

Re: looking to pay for problem solving on minor Postfix issue

[Dave]

On Wed, Jan 28, 2009 at 1:30 PM, Evan Platt  wrote:

> While I'll probably get flamed for this... 
> There are probably tons of people who'd jump at the chance for this - easy
> money. I'm one of them - I love easy money. If I knew enough postfix, I'd
> jump on this. But as it is, I know just enough to be dangerous.
>
> Your best bet is to - excuse the expression - RTFM, follow along with it,
> and ask questions as they come up.
>
> Sure, you could pay someone to set it up and configure it for you, but when
> something breaks, which WILL happen, you'll then likely have to pay someone
> to fix it, whereas if YOU set it up, if YOU RTFM'd, if YOU configured it,
> you'd be more likely to know how to fix any potential problems that creep
> up.
>
> And, as others have pointed out, you don't yet have a working firewall, or
> at least the know how on creating one. That should be step one  Then worry
> about postfix.
>
> Just my .02...
>
> 
>
> PS: A lot of people block posts from Nabble. You may want to consider
> joining the group directly.
>
>
> Thanks for the tip. I'll reply via direct email now.

I appreciate your advice, but I am at the point where I need expert help
because I am going backwards (email that was working is not working now).
I'll pay for some help with setting up a firewall too. I just wanna get this
done efficiently (and quickly). Thanks.

Re: XCLIENT question

[Wietse Venema]

Bokhan Artem:
> So how postfix interprets NAME and REVERSE_NAME?
> I want to understand, how not to break, for example, 
> "reject_unknown_client_hostname" and "reject_unknown_reverse_client_hostname" 
> behavior, when passing names via XCLIENT but not via postfix resolver.
> 
> Wietse Venema ?:
> > Artem Bokhan:
> >>  >XCLIENT NAME ADDR PROTO HELO REVERSE_NAME
> >>
> >> Do NAME and REVERSE_NAME from XCLIENT agree with this description from 
> >> smtpd_peer.c ?
> > 
> > NAME agrees with the XCLIENT documentation - it is meant to be
> > something that other MTAs can implement too so it must not depend
> > on Postfix implementation details.
> > 
> > REVERSE_NAME never got documented. That should be fixed. It's
> > a PTR record value.
> > 
> > Wietse
> > 
> >> /* .IP name
> >> /*  The verified client hostname. This name is represented by
> >> /*  the string "unknown" when 1) the address->name lookup failed,
> >> /*  2) the name->address mapping fails, or 3) the name->address
> >> /*  does not produce the client IP address.
> >>
> >> /* .IP reverse_name
> >> /*  The unverified client hostname as found with address->name
> >> /*  lookup; it is not verified for consistency with the client
> >> /*  IP address result from name->address lookup.
> >>
> >>
> >>
> > 
> 
> 
> 


These things should be defined by XCLIENT_README not by reading
source code.

Wietse

postqueue -p output

[Dennis]

Hey guys,

I am writing a simple python parser for the "postqueue -p" output.  In
the man page, it states the below for the "-p" switch:
  The queue  ID  string is followed by an optional status
  character:

  *  The message is in the active queue, i.e. the
 message is selected for delivery.

  !  The  message  is  in the hold queue, i.e. no
 further delivery attempt will be made  until
 the mail is taken off hold.

However, I do not have access to a postfix instance that has enough
load to produce * or ! when I just run the command by hand, and google
did not produce any relevant examples.  So, does the * or !
immediately follow the ID, like "A628ABBDB0*", or does it have white
space after the ID, like "A628ABBDB0 *"?

Thanks,
Dennis

Re: sasl_passwd.db permissions?

[Patrick Ben Koetter]

John,

* swilting :
> 
> I also like the problem and I do not know how to create the database
> sasl2.db all the best

your problem is probably not a Postfix problem, but a SASL problem.

The saslpasswd2 command usually takes care of sasl2.db.

p...@rick

-- 
The Book of Postfix

saslfinger (debugging SMTP AUTH):

Re: looking to pay for problem solving on minor Postfix issue

[Dave (DavesTechShop.net)]

Thanks everyone. I found my expert.

I appreciate the kind offers of assistance. Consider the opportunity filled
now.


On Wed, Jan 28, 2009 at 1:19 PM, MountainX  wrote:

>
> If you are a Postfix expert, I am willing to pay for your help (via email,
> chat, etc.) to resolve several minor problems I'm having with Postfix
> (you've probably some of them seen on this list). I can pay via PayPal. (I
> know how consulting relationships work. I'm serious. I have paid for
> consulting like this many times before on various open source projects over
> the last year or more.)
>
> Who has some time available now?
>
> -
> http://davestechshop.net blog
> --
> View this message in context:
> http://www.nabble.com/looking-to-pay-for-problem-solving-on-minor-Postfix-issue-tp21711590p21711590.html
> Sent from the Postfix mailing list archive at Nabble.com.
>
>

Re: postqueue -p output

[Noel Jones]

Dennis wrote:

Hey guys,

I am writing a simple python parser for the "postqueue -p" output.  In
the man page, it states the below for the "-p" switch:
  The queue  ID  string is followed by an optional status
  character:

  *  The message is in the active queue, i.e. the
 message is selected for delivery.

  !  The  message  is  in the hold queue, i.e. no
 further delivery attempt will be made  until
 the mail is taken off hold.

However, I do not have access to a postfix instance that has enough
load to produce * or ! when I just run the command by hand, and google
did not produce any relevant examples.  So, does the * or !
immediately follow the ID, like "A628ABBDB0*", or does it have white
space after the ID, like "A628ABBDB0 *"?

Thanks,
Dennis



No white space.


--
Noel Jones

Re: Duplicate messages

[J.P. Trosclair]

Gabriel Hahmann wrote:

When somebody sends an email to that alias, all users from my organization
keep receiving this message 10, 20, 30, 40 times, 40 times the same message
that was sended only once.


Relevant log entries and a copy of the alias would also help while 
trying to figure out what's wrong. Most answers are a shot in the dark 
without them.

Re: Backscatter with forged return-path

[mouss]

Paweł Leśniak a écrit :
> mouss pisze:
>>
>> reject_unknown_helo_hostname would indeed be too aggressive. but you
>> could use restriction classes and only call it if the sender is null
>> (<>).
>>
>> or you could run aggressive checks if the client has a "generic" reverse
>> dns. or in this particular case, simply reject *.rev.dynxnet.com with a
>> check_client_access:
>> rev.dynxnet.comREJECT blah blah
>> .rev.dynxnet.comREJECT blah blah
>>   
> 
> If I'll have any trouble with reject_unknown_helo_hostname sitewide I'll
> change it according to information above.

using reject_unknown_helo_hostname site wide is risky. problems will
happen when you will stop watching! (at least, this was my experience
although it was a few years ago).

if you still want to use it, you can:
- use DNSWL so that whitelisted clients are never blocked/deferred
- you can also have a local whitelist
- have a log parser that looks for 4xx because of unresolved helo, do
some checks, and possibly whitelist the client so that it is accepted at
the next retry.

of course, this assumes a 4xx code (this is the default).

> For now I'll have some time to think over BATV (full-blown or "poorman"
> versions) - each simplified solution has some disadvantages which on
> first sight are not good at my site (ex. changing submission port means
> to me reconfiguration of over 100 standalone PCs...).
> 

yes. that said, enable the submission service and start "migrating".
This is the recommended way.

note that if users access the server from mynetworks, you can use a NAT
redirection to divert traffic to the submission port. This can help
during the "migration".

it is possible to implement the message-id rewrite while using a single
port (25), by passing traffic to another smtpd using the FILTER
statement, but this may be too much for the job...

Re: smtp relay and smtp verification

[David Koski]

On Tuesday 27 January 2009, Sahil Tandon wrote:
> On Tue, 27 Jan 2009, David Koski wrote:



> > Is it not permitted to use recipient verification through a relay server?
>
> So cuda2.examplerelay.com does not believe e...@mytestdomain.com is a
> valid recipient.

Is it not possible to do recipient verification to an MX relay that is not  
the final destination?  It is not working in my test case.

Regards,
David Koski
da...@kosmosisland.com

Re: myorigin = $mydomain, but where is mydomain defined?

[Thomas]

MountainX wrote:


You need to set mydomain yourself!
Othwise, mydomain defaults to the string "localdomain":

postconf -d mydomain
mydomain = localdomain


Just set mydomain correctly and then use "myorigin = $mydomain":

mydomain = my-own-domain.com
myorigin = $mydomain


Nothing more needed :)

Re: I am confused about my system's email addresses - need some help getting them to conform to my wishes

[mouss]

Dave a écrit :
> 
> 
> On Tue, Jan 27, 2009 at 11:10 PM, Sahil Tandon  > wrote:
> 
> On Tue, 27 Jan 2009, Dave wrote:
> 
> > Hopefully I have improved my question-asking now. :)
> 
> You are confusing the role of the SMTP server and the IMAP
> client/server.
> Several of your "problems" have little to do with Postfix.
> 
> 
> IMAP is not involved unless the gmail webclient is using IMAP and I
> don't know it. As far as I know, I have only Postfix and the gmail
> webclient.
> Can you tell me where my confusion is? Thank you.
>  

it's because you talked about the "sent" folder. This folder is used by
an imap client (or a webmail client) when _you_ send mail, but postfix
is not involved here.


> 
> 
> 
> > Here's the first example of email addressing that I want to
> fix/modify.
> >
> > subject: DenyHosts Report
> > from: nobody-at-localhost
> > to: root-at-localhost
> >
> > I want this to be from me-at-example.com
>  (or root-at-example.com
> ) to
> > me-at-example.com .
> > The message does not appear in my sent mail folder at example.com
>  (but I
> > want it to).
> 
> Because you are not 'nobody', the message will not appear in your sent
> folder.  In any case, the functionality of saving a copy of sent
> messages in
> some folder is not a Postfix issue.  
> 
> 
> OK, so I have to make sure all messages are from me-at-example.com
>  in order for them to appear in the sent-mail
> folder of that account.

No, they will not. as said above, the Sent folder is "populated" by
imap/web mail clients when _you_ send mail (_you_ != denyhosts, cron,
... etc).

> Any idea how I can do that? 
> 

Re: smtp relay and smtp verification

[Noel Jones]

David Koski wrote:

On Tuesday 27 January 2009, Sahil Tandon wrote:

On Tue, 27 Jan 2009, David Koski wrote:





Is it not permitted to use recipient verification through a relay server?

So cuda2.examplerelay.com does not believe e...@mytestdomain.com is a
valid recipient.


Is it not possible to do recipient verification to an MX relay that is not  
the final destination?  It is not working in my test case.




Yes, it is possible, but the MX relay must respond correctly 
to the RCPT TO command; ie. reject invalid recipients, accept 
valid recipients.


--
Noel Jones

Re: Proper location of permit_mynetworks for mailman

[mouss]

Todd A. Jacobs a écrit :
> On Mon, Jan 26, 2009 at 10:15:44PM +0100, mouss wrote:
> 
>> This is useless. at this stage, the domain is yours (other domains have
>> been rejected by the anti-relay control: reject_unauth_destination).
> 
> Nevertheless, if I don't put permit_mynetworks in both
> smtpd_client_restrictions and smtpd_recipient_restrictions, email sent
> to a mailman list address on the local server will be rejected because
> it's considered an unauthorized relay when:
> 
> Jan 27 14:21:39 penguin postfix/smtpd[32089]: NOQUEUE: reject: RCPT from 
> localhost.localdomain[127.0.0.1]: 554 5.7.1 : Relay 
> access denied; from= 
> to= proto=ESMTP helo=
> 
> So, if I don't permit_mynetworks explicitly, mail sent to the mailman list
> address is received, but can't be sent on to the list participants. I get
> "relay access denied" when mailman attempts to resend the mail.
> 

I insist;-p removing the _trailing_ permit_mynetworks from
smtpd_client_restrictions will change nothing. so you must have another
problem.

but it is recommended to put permit_mynetworks at the beginning.

smtpd_client_restrictions =
permit_mynetworks
reject_rbl_client zen.spamhaus.org
check_client_access hash:/etc/postfix/domain_access

>> consider putting all your checks under smtpd_recipient_restrictions.
> 
> Or not. From http://www.postfix.org/SMTPD_ACCESS_README.html:
> 
> Some people recommend placing ALL the access restrictions in the
> smtpd_recipient_restrictions list. Unfortunately, this can result in
> too permissive access.
> 

This doesn't mean it is bad. this only means that care is needed. In
your setup, you query zen.spamhaus.org even in the case of a relay
attempt, invalid helo, ... this is not "optimal" (it unecessarily loads
your network and the dnsbl servers).

if you want to split your restrictoins, you need to duplicate your
whitelists (permit_mynetworks in your case): you need to put them before
other checks.

Here is a possible rewrite of your restrictions. as I don't know what's
in domain_access, I didn't move it to smtpd_recipient_restrictions.

smtpd_client_restrictions =
permit_mynetworks
check_client_access hash:/etc/postfix/domain_access

smtpd_helo_restrictions =
smtpd_sender_restrictions =

smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
check_recipient_access hash:/etc/postfix/recipient_access
check_sender_access hash:/etc/postfix/sender_access
reject_unknown_sender_domain
check_sender_mx_access hash:/etc/postfix/sender_mx_access
reject_rbl_client zen.spamhaus.org
check_policy_service inet:127.0.0.1:6

smtpd_data_restrictions = reject_unauth_pipelining

PS reject_unknown_helo_hostname is generally "unsafe". you may need to
watch your logs.

> I posted the relevant sections of my configuration, but I'll put the
> output of postconf here to avoid argument:
> 

yes, 'postconf -n' is the preferred method for reporting main.cf config
(main.cf may contain duplicate definitions, or you may have a typo, ...
etc).

> $ sudo postconf -n
> [snip]
> smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org  
> check_client_access hash:/etc/postfix/domain_access permit_mynetworks
> smtpd_data_restrictions = reject_unauth_pipelining
> smtpd_delay_reject = yes
> smtpd_error_sleep_time = 5
> smtpd_helo_required = yes
> smtpd_helo_restrictions = reject_invalid_helo_hostname  
> reject_non_fqdn_helo_hostname   reject_unknown_helo_hostname
> smtpd_recipient_restrictions = permit_mynetworks
> reject_unauth_destination   reject_unknown_recipient_domain 
> check_recipient_mx_access hash:/etc/postfix/recipient_mx_access
> check_recipient_access hash:/etc/postfix/recipient_access   
> check_policy_service inet:127.0.0.1:6
> smtpd_sender_restrictions = check_sender_mx_access 
> hash:/etc/postfix/sender_mx_access   check_sender_access 
> hash:/etc/postfix/sender_access reject_unknown_sender_domain
> smtpd_soft_error_limit = 2
> 
> My educated guess is that it has something to do with
> reject_unauth_destination in the smtpd_recipient_restrictions, but I'm
> not sure how that is being evaluated in this particular context.
> 

the rejection log is indeed caused by reject_unauth_destination. but in
your smtpd_restrictions, this check comes after permit_mynetworks. here
are some possibilities to check:

- you have a reject_unauth_destination in domain_access
- you override mynetworks or smtpd_*_restrictions in master.cf
- mailman is using another smtpd, which has its own configuration.
master.cf should tell.
- the postfix you can configure is not the running one. you can check
this one by adding a check that return a WARN.

PS. if you use a content_filter, you don't want to re-filter list 

Re: myorigin = $mydomain, but where is mydomain defined?

[mouss]

MountainX a écrit :
> Brian Evans - Postfix List wrote:
>>[snip]
>> In  your case, you should have something like:
>> mydomain = example.com
>> myhostname = mail.example.com
>>
>> myhostname must be the fully qualified name.

example.com is fully qualified.

It is ok for him to use this as long as it example.com can be resolved
(in DNS) and as long as he always defines mydomain explicitely.

>> Brian
>>
>>
> 
> But would it be correct to leave it as it?
> One reason is that my spam settings (which I copied/pasted into postfix
> config) are so tight that basic functionality fails if I am using two or
> more domains (example.com and xyz.example.com). And I kind of like it like
> this. I just want it simple and I want it secure. And since I don't
> understand the spam settings, I want to leave them as they are, which means
> they only work when I use only a single domain (example.com with no
> hostname).
> 

myhostname is not used for your spam settings.

> BTW, mail.example.com is defined in DNS as a CNAME record pointing to
> ghs.google.com, so I don't want to use that anyway.
> 

then use another name. add a "joe.example.com" in DNS that resolves to
the server IP (if there are multiple IPs, use the IP used for sending
mail to the internet) and use it.

> I have the option to use xyz.example.com, but there is no A record defined
> for xyz.example.com nor do I want there to be one. (xyz means anything)
> 
> I simply want everything in the email headers to always show up as
> example.com not nnn.example.com. 

why?

> My entire domain really consists of a single server hosting a blog.
> 

most "legitimate" sites have hostnames with more than two labels. by
using a two labels hostname, you look different and get exposed to more
checks:

- in one config, I used to require the heloname to reslve if it is
"short" (two labels in general).

- A lot of snowshoe spammers use "2 labels" hostnames (rustgarden.com,
deviltreez.com, blizzardheart.com, auberginefizz.com, ...). some people
may confuse you with one of these.

Re: sasl_passwd.db permissions?

[mouss]

Patrick Ben Koetter a écrit :
> * MountainX :
>> I did chmod 600 on sasl_passwd. Do I need to do the same to sasl_passwd.db?
>> Thanks
> 
> Delete sasl_passwd.db and recreate it using the postmap command. The postmap
> command honours permissions.
> 

and to avoid having to deal with single file permissions, put
"sensitive" files in a specific directory, and chmod that directory.

Re: smtpd_tls_session_cache_database - correct config?

[mouss]

MountainX a écrit :
> 
> 
> MountainX wrote:
>> which of these lines is more correct? I'm guessing the 2nd line is better.
>>
>> smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
>> or
>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>>
>> same question here:
>> smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
>> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>>
>>
>> If it makes a difference, I'm on Ubuntu 8.04. Thanks.
>>
> 
> Thank you. I made the change. Do I need to delete any old cache contents? If
> so, how? 

use rm.

> 
> -
> http://davestechshop.net blog 

Re: Splitting recieve/transmit processes

[Jim Wright]

On Jan 28, 2009, at 6:55 AM, Mark Watts wrote:

I have a requirement to split a postfix relay installation across  
two servers.


It may be easier to explain the actual requirements, I doubt that the  
above statement is the ACTUAL requirement.

Re: myorigin = $mydomain, but where is mydomain defined?

[Thomas]

And NO, you do not need a myhostname entry!

Re: Backscatter with forged return-path

[Paweł Leśniak]

mouss pisze:

Paweł Leśniak a écrit :
  

mouss pisze:


reject_unknown_helo_hostname would indeed be too aggressive. but you
could use restriction classes and only call it if the sender is null
(<>).

or you could run aggressive checks if the client has a "generic" reverse
dns. or in this particular case, simply reject *.rev.dynxnet.com with a
check_client_access:
rev.dynxnet.comREJECT blah blah
.rev.dynxnet.comREJECT blah blah
  
  

If I'll have any trouble with reject_unknown_helo_hostname sitewide I'll
change it according to information above.



using reject_unknown_helo_hostname site wide is risky. problems will
happen when you will stop watching! (at least, this was my experience
although it was a few years ago).

if you still want to use it, you can:
- use DNSWL so that whitelisted clients are never blocked/deferred
- you can also have a local whitelist
- have a log parser that looks for 4xx because of unresolved helo, do
some checks, and possibly whitelist the client so that it is accepted at
the next retry.

of course, this assumes a 4xx code (this is the default).

  
OK, I was happy really too fast. Unfortunately after 24h we've started 
receiving backscatter from

well configured (in terms of DNS/RevDNS entries) servers.
The only fast solution right now I can see (and actually I started 
pointing higher) is URIBL_*_SURBL in
spamassassin. As all backscatters (which we are getting now) have those 
bad URLs, these tests

are doing their job quite well. I know this is ugly solution, but it works.
I've turned off reject_unknown_helo_hostname, as it's not doing what I 
hoped it will, while keeping

two other reject_unkown_*_hostname.
During first 24h I've found 3 IPs getting blocked (which I'd like to get 
mail from, even when they have configs
even worse than mine). The worst is I also have ~500 IPs which I can't 
tell from logs (sender, recipient, ip, helo)

whether I want those messages or not.


yes. that said, enable the submission service and start "migrating".
This is the recommended way.

note that if users access the server from mynetworks, you can use a NAT
redirection to divert traffic to the submission port. This can help
during the "migration".
  
Users are not in mynetworks (they have to authenticate). But I can set 
up redirection for traffic from my internal network.


Thanks again for helping


Pawel Lesniak

Re: Backscatter with forged return-path

[Darren Pilgrim]

Paweł Leśniak wrote:
The worst is I also have ~500 IPs which I can't 
tell from logs (sender, recipient, ip, helo)

whether I want those messages or not.


They will filter themselves for you.  Legitimate MTAs will retry dozens 
to hundreds of times in 24 hours; however, zombies will only a try few 
times--most only once or twice.  If you run daily reports on your logs, 
the worst case is a 1-day delivery delay for a very small amount of 
legitimate email.

Re: Backscatter with forged return-path

[mouss]

Darren Pilgrim a écrit :
> Paweł Leśniak wrote:
>> The worst is I also have ~500 IPs which I can't tell from logs
>> (sender, recipient, ip, helo)
>> whether I want those messages or not.
> 
> They will filter themselves for you.  Legitimate MTAs will retry dozens
> to hundreds of times in 24 hours; however, zombies will only a try few
> times--most only once or twice.  If you run daily reports on your logs,
> the worst case is a 1-day delivery delay for a very small amount of
> legitimate email.


but if they still have a helo resolution dns, they will ultimately
bounce after 4/5 days, which is worst than a straight reject.

smtp_*_restrictions and syntax access-files

[Thomas]

Hello,
the command "postconf smtpd_client_restrictions 
smtpd_sender_restrictions" shows the following:


smtpd_client_restrictions = reject_invalid_hostname check_client_access 
hash:/etc/postfix/client_access
smtpd_sender_restrictions = reject_unknown_address check_sender_access 
hash:/etc/postfix/sender_access


The files have this content:

/etc/postfix/client_access:
 REJECT

/etc/postfix/sender_access:
 REJECT

The sender_access file get´s honored!

But if i try to send a mail to an address listed in client_access, it 
get happily queued and delivered :-(


I suspect that i used the wrong restriction, the wrong hash/... thing or 
whatever ...


Could you give a hint in the right direction?


But the client

Re: smtp_*_restrictions and syntax access-files

[James Berwick]

Thomas wrote:
smtpd_client_restrictions = reject_invalid_hostname 
check_client_access hash:/etc/postfix/client_access


/etc/postfix/client_access:
 REJECT

But if i try to send a mail to an address listed in client_access, it 
get happily queued and delivered :-(


I suspect that i used the wrong restriction, the wrong hash/... thing 
or whatever ...


Could you give a hint in the right direction?

Hi Thomas,

From the documentation:
check_client_access type:table
   Search the specified access database for the client hostname, parent 
domains, client IP address, or networks obtained by stripping least 
significant octets. See the access(5) manual page for details.


You'd want your client_access file to list hostnames and IPs to 
permit/reject, email addresses won't be queried for.

Name service error for name=localhost type=AAAA: Host not found

[Dave (DavesTechShop.net)]

I've been searching on Google again. For example:

http://www.google.com/search?num=100&q=%22Name+service+error+for+name%3Dlocalhost+type%3D%3A+Host+not+found%22&btnG=Search

I am not finding any solution. Here is my error:

Jan 28 19:18:23 ubuntu postfix/smtp[27317]: 13n20: to=,
relay=none, delay=8, delays=7.9/0.01/0/0, dsn=5.4.4, status=bounced (Host or
domain name not found. Name service error for name=localhost type=: Host
not found)

If I send to just root, it is delivered perfectly. But to r...@localhost, I
get this error. And the problem is that I have services on my machine that
use the "@localhost" type of email addressing. I'd rather not change those
settings because my goal is to just get all the notifications that any thing
running on my server might want to send to me.

Re: smtp_*_restrictions and syntax access-files

[Thomas]

Thomas wrote:
But if i try to send a mail to an address listed in client_access, it 
get happily queued and delivered :-(


I suspect that i used the wrong restriction, the wrong hash/... thing 
or whatever ...


Could you give a hint in the right direction?


Found it:

smtpd_recipient_restrictions = permit_mynetworks 
reject_unknown_recipient_domain permit_sasl_authenticated 
reject_unauth_destination check_recipient_access 
hash:/etc/postfix/recipient_access


It should be "recipient", not "client" ...

:)

Re: Name service error for name=localhost type=AAAA: Host not found

[Darren Pilgrim]

Dave (DavesTechShop.net) wrote:
Jan 28 19:18:23 ubuntu postfix/smtp[27317]: 13n20: 
to=, relay=none, delay=8, delays=7.9/0.01/0/0, 
dsn=5.4.4, status=bounced (Host or domain name not found. Name service 
error for name=localhost type=: Host not found)


You probably need "::1 localhost" in /etc/hosts.

Re: smtp_*_restrictions and syntax access-files

[ghe]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

James Berwick wrote:
> Thomas wrote:
>> smtpd_client_restrictions = reject_invalid_hostname
>> check_client_access hash:/etc/postfix/client_access
>>
>> /etc/postfix/client_access:
>>  REJECT
>>
>> But if i try to send a mail to an address listed in client_access, it
>> get happily queued and delivered :-(
>>
>> I suspect that i used the wrong restriction, the wrong hash/... thing
>> or whatever ...
>>
>> Could you give a hint in the right direction?
> Hi Thomas,
> 
> From the documentation:
> check_client_access type:table
>Search the specified access database for the client hostname, parent
> domains, client IP address, or networks obtained by stripping least
> significant octets. See the access(5) manual page for details.
> 
> You'd want your client_access file to list hostnames and IPs to
> permit/reject, email addresses won't be queried for.


And the client in 'check_client_access' is the host postfix is receiving
from; not the one it's sending to...


- --
Glenn English
g...@slsware.com

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmA+e8ACgkQ04yQfZbbTLbN+gCeKQBe0RBOQc+H9gCFiJGvS9u/
fKsAn1SpeptVaX8ehHh+7vKtOOX5EpmN
=XdKQ
-END PGP SIGNATURE-

Re: Name service error for name=localhost type=AAAA: Host not found

[Dave]

On Wed, Jan 28, 2009 at 7:31 PM, Darren Pilgrim wrote:

> Dave (DavesTechShop.net) wrote:
>
>> Jan 28 19:18:23 ubuntu postfix/smtp[27317]: 13n20: to=,
>> relay=none, delay=8, delays=7.9/0.01/0/0, dsn=5.4.4, status=bounced (Host or
>> domain name not found. Name service error for name=localhost type=: Host
>> not found)
>>
>
> You probably need "::1  localhost" in /etc/hosts.


Here is what I have:

127.0.0.1   localhost localhost.example.com host.localhost
xxx.xxx.xxx.xxxexample.comHost

What should I try changing?

Thanks.

Re: Name service error for name=localhost type=AAAA: Host not found

[Wietse Venema]

Darren Pilgrim:
> Dave (DavesTechShop.net) wrote:
> > Jan 28 19:18:23 ubuntu postfix/smtp[27317]: 13n20: 
> > to=, relay=none, delay=8, delays=7.9/0.01/0/0, 
> > dsn=5.4.4, status=bounced (Host or domain name not found. Name service 
> > error for name=localhost type=: Host not found)
> 
> You probably need "::1localhost" in /etc/hosts.

127.0.0.1 will probably do as well.

Wietse

Re: Name service error for name=localhost type=AAAA: Host not found

[Jorey Bump]

Dave (DavesTechShop.net) wrote, at 01/28/2009 07:26 PM:

> I am not finding any solution. Here is my error:
> 
> Jan 28 19:18:23 ubuntu postfix/smtp[27317]: 13n20:
> to=, relay=none, delay=8, delays=7.9/0.01/0/0,
> dsn=5.4.4, status=bounced (Host or domain name not found. Name service
> error for name=localhost type=: Host not found)
> 
> If I send to just root, it is delivered perfectly. But to
> r...@localhost, I get this error. And the problem is that I have
> services on my machine that use the "@localhost" type of email
> addressing. I'd rather not change those settings because my goal is to
> just get all the notifications that any thing running on my server might
> want to send to me.

Check the output of:

 postconf inet_protocols

If you don't need IPv6 support, set it to:

 inet_protocols = ipv4

in main.cf. That's the default, but maybe Ubuntu (or someone) has
changed it.

Re: Name service error for name=localhost type=AAAA: Host not found

[Wietse Venema]

Dave:
> On Wed, Jan 28, 2009 at 7:31 PM, Darren Pilgrim wrote:
> 
> > Dave (DavesTechShop.net) wrote:
> >
> >> Jan 28 19:18:23 ubuntu postfix/smtp[27317]: 13n20: to=,
> >> relay=none, delay=8, delays=7.9/0.01/0/0, dsn=5.4.4, status=bounced (Host 
> >> or
> >> domain name not found. Name service error for name=localhost type=: 
> >> Host
> >> not found)
> >>
> >
> > You probably need "::1  localhost" in /etc/hosts.
> 
> 
> Here is what I have:
> 
> 127.0.0.1   localhost localhost.example.com host.localhost
> xxx.xxx.xxx.xxxexample.comHost
> 
> What should I try changing?

Change main.cf so that the SMTP client looks in /etc/hosts.

smtp_host_lookup = dns, native

http://www.postfix.org/postconf.5.html#smtp_host_lookup

Wietse

Re: Name service error for name=localhost type=AAAA: Host not found

[Darren Pilgrim]

Dave wrote:

On Wed, Jan 28, 2009 at 7:31 PM, Darren Pilgrim wrote:

Dave (DavesTechShop.net) wrote:

Jan 28 19:18:23 ubuntu postfix/smtp[27317]: 13n20: to=,
relay=none, delay=8, delays=7.9/0.01/0/0, dsn=5.4.4, status=bounced (Host or
domain name not found. Name service error for name=localhost type=: Host
not found)


You probably need "::1  localhost" in /etc/hosts.


Here is what I have:

127.0.0.1   localhost localhost.example.com host.localhost

[here]

xxx.xxx.xxx.xxxexample.comHost

What should I try changing?


Add the following where indicated above:

::1 localhost localhost.example.com host.localhost

Re: Name service error for name=localhost type=AAAA: Host not found

[Dave]

On Wed, Jan 28, 2009 at 7:55 PM, Wietse Venema  wrote:

> Dave:
> > On Wed, Jan 28, 2009 at 7:31 PM, Darren Pilgrim  >wrote:
> >
> > > Dave (DavesTechShop.net) wrote:
> > >
> > >> Jan 28 19:18:23 ubuntu postfix/smtp[27317]: 13n20:
> to=,
> > >> relay=none, delay=8, delays=7.9/0.01/0/0, dsn=5.4.4, status=bounced
> (Host or
> > >> domain name not found. Name service error for name=localhost
> type=: Host
> > >> not found)
> > >>
>

SOLVED (I think):
in main.cf I had made these changes:

#2009.01.27 commented out this line today:
#mydestination = /etc/postfix/local-host-names
#receiving mail for nobody now (I hope)
mydestination =

I had to undo that and now I can send emails addressed to u...@localhost.

I put it back to just mydestination = localhost

Have I lost any security? My intention was that this server would never
receive any emails. I only want it to send. Not sure why the above affects
my ability to send mail to u...@localhost. Does this make sense?

Have I resolved it in the correct way?

Thanks.

Re: smtp_*_restrictions and syntax access-files

[Thomas]

ghe wrote:

James Berwick wrote:
  

From the documentation:
check_client_access type:table
   Search the specified access database for the client hostname, parent
domains, client IP address, or networks obtained by stripping least
significant octets. See the access(5) manual page for details.

You'd want your client_access file to list hostnames and IPs to
permit/reject, email addresses won't be queried for.




And the client in 'check_client_access' is the host postfix is receiving
from; not the one it's sending to...

  


Thanx a bunch!

Could you give some advice on my current postfix setup?

Currently i use the following:

smtpd_client_restrictions = reject_invalid_hostname check_client_access 
hash:/etc/postfix/client_access
So, reject_invalid_hostname will check for the server we are receiving 
mail from.

Is that OK, or would be change this?
Better change or add other things?

I ask about smtpd_sender_restrictions and smtpd_recipient_restrictions 
in later mails ...

Aliases question - can I alias a user name to a name that is not a local user account?

[Dave]

With my setup, Postfix send an email from my local user account ("user") as
u...@example.com. Example.com is a Google apps domain.
I would like the email to go out as another name: anewn...@example.com.
(where "anewname" matches my gmail user account name).

My gmail user account and my linux user name are not the same, but I want to
create an alias so that, for email purposes, they are the same.

How would I make this change? Thanks.

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Dave (DavesTechShop.net)]

On Wed, Jan 28, 2009 at 8:22 PM, Dave  wrote:

> With my setup, Postfix send an email from my local user account ("user") as
> u...@example.com. Example.com is a Google apps domain.
> I would like the email to go out as another name: anewn...@example.com.
> (where "anewname" matches my gmail user account name).
>
> My gmail user account and my linux user name are not the same, but I want
> to create an alias so that, for email purposes, they are the same.
>
> How would I make this change? Thanks.
>

SOLVED (partly)
I used generic and made a line that said:
realusernamenamesameasgmailaccount

The email address is indeed what I want now (
namesameasgmailacco...@example.com), but the name info associated with the
email still has the original full name of the user account. Would like to
change that too for consistency. Not sure how.

Re: smtp_*_restrictions and syntax access-files

[Victor Duchovni]

On Thu, Jan 29, 2009 at 01:09:08AM +0100, Thomas wrote:

> hash:/etc/postfix/client_access
> smtpd_sender_restrictions = reject_unknown_address check_sender_access 
> hash:/etc/postfix/sender_access

Don't make stuff up. Keep it simple, and use only what you have
understood after reading the corresponding documentation.

If you do that, you will notice that there is no documentation for
"reject_unknown_address", hence you should not use it (there is
no such restriction, if that is not clear by now).

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Dave (DavesTechShop.net)]

On Wed, Jan 28, 2009 at 8:32 PM, Dave (DavesTechShop.net) <
d...@davestechshop.net> wrote:

>
>
> On Wed, Jan 28, 2009 at 8:22 PM, Dave  wrote:
>
>> With my setup, Postfix send an email from my local user account ("user")
>> as u...@example.com. Example.com is a Google apps domain.
>> I would like the email to go out as another name: anewn...@example.com.
>> (where "anewname" matches my gmail user account name).
>>
>> My gmail user account and my linux user name are not the same, but I want
>> to create an alias so that, for email purposes, they are the same.
>>
>> How would I make this change? Thanks.
>>
>
> SOLVED (partly)
> I used generic and made a line that said:
> realusernamenamesameasgmailaccount
>
> The email address is indeed what I want now (
> namesameasgmailacco...@example.com), but the name info associated with the
> email still has the original full name of the user account. Would like to
> change that too for consistency. Not sure how.
>

Can I use wildcards in generic? Something like this?
*universalname

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Aaron Wolfe]

On Wed, Jan 28, 2009 at 8:36 PM, Dave (DavesTechShop.net)
 wrote:
>
>
> On Wed, Jan 28, 2009 at 8:32 PM, Dave (DavesTechShop.net)
>  wrote:
>>
>>
>> On Wed, Jan 28, 2009 at 8:22 PM, Dave  wrote:
>>>
>>> With my setup, Postfix send an email from my local user account ("user")
>>> as u...@example.com. Example.com is a Google apps domain.
>>> I would like the email to go out as another name: anewn...@example.com.
>>> (where "anewname" matches my gmail user account name).
>>>
>>> My gmail user account and my linux user name are not the same, but I want
>>> to create an alias so that, for email purposes, they are the same.
>>>
>>> How would I make this change? Thanks.
>>
>> SOLVED (partly)
>> I used generic and made a line that said:
>> realusernamenamesameasgmailaccount
>>
>> The email address is indeed what I want now
>> (namesameasgmailacco...@example.com), but the name info associated with the
>> email still has the original full name of the user account. Would like to
>> change that too for consistency. Not sure how.
>
> Can I use wildcards in generic? Something like this?
> *universalname
>
>

When you post to this list, you are taking up the time of many experts
(and some amateurs like myself :).  Please treat this resource with
the respect that it deserves.  These same experts have taken the time
to create excellent documentation.  Please respect them and their time
by consulting it before asking for more from them.

Re: I am confused about my system's email addresses - need some help getting them to conform to my wishes

[Stroller]

On 28 Jan 2009, at 20:32, mouss wrote:

...
OK, so I have to make sure all messages are from me-at-example.com
 in order for them to appear in the sent- 
mail

folder of that account.


No, they will not. as said above, the Sent folder is "populated" by
imap/web mail clients when _you_ send mail (_you_ != denyhosts, cron,
... etc).


This is probably a little OT, but just to clarify, I think the GMail  
webmail service places messages the messages in the sent box, if it  
receives mail to you with your own sent address.


IE: `cat foo.txt | sendmail -f b...@gmail.com b...@gmail.com` will  
appear in the sent items folder of Bob's Gmail account.


Stroller.

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Dave]

On Wed, Jan 28, 2009 at 8:44 PM, Aaron Wolfe  wrote:

> On Wed, Jan 28, 2009 at 8:36 PM, Dave (DavesTechShop.net)
>  wrote:
> >
> >
> > On Wed, Jan 28, 2009 at 8:32 PM, Dave (DavesTechShop.net)
> >  wrote:
> >>
> >>
> >> On Wed, Jan 28, 2009 at 8:22 PM, Dave  wrote:
> >>>
> >>> With my setup, Postfix send an email from my local user account
> ("user")
> >>> as u...@example.com. Example.com is a Google apps domain.
> >>> I would like the email to go out as another name: anewn...@example.com
> .
> >>> (where "anewname" matches my gmail user account name).
> >>>
> >>> My gmail user account and my linux user name are not the same, but I
> want
> >>> to create an alias so that, for email purposes, they are the same.
> >>>
> >>> How would I make this change? Thanks.
> >>
> >> SOLVED (partly)
> >> I used generic and made a line that said:
> >> realusernamenamesameasgmailaccount
> >>
> >> The email address is indeed what I want now
> >> (namesameasgmailacco...@example.com), but the name info associated with
> the
> >> email still has the original full name of the user account. Would like
> to
> >> change that too for consistency. Not sure how.
> >
> > Can I use wildcards in generic? Something like this?
> > *universalname
> >
> >
>
> When you post to this list, you are taking up the time of many experts
> (and some amateurs like myself :).  Please treat this resource with
> the respect that it deserves.  These same experts have taken the time
> to create excellent documentation.  Please respect them and their time
> by consulting it before asking for more from them.


I have consulted a bunch of documentation for several hours. I am being
respectful. I'm working hard on this. I'm searching the docs and google.
When I can't find answers there, I ask here.

I still do not have an answer to this question. if you have it, how about
being a gentleman and sharing it or pointing me to the right place. Thanks.

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Aaron Wolfe]

On Wed, Jan 28, 2009 at 8:47 PM, Dave  wrote:
>
>
> On Wed, Jan 28, 2009 at 8:44 PM, Aaron Wolfe  wrote:
>>
>> On Wed, Jan 28, 2009 at 8:36 PM, Dave (DavesTechShop.net)
>>  wrote:
>> >
>> >
>> > On Wed, Jan 28, 2009 at 8:32 PM, Dave (DavesTechShop.net)
>> >  wrote:
>> >>
>> >>
>> >> On Wed, Jan 28, 2009 at 8:22 PM, Dave  wrote:
>> >>>
>> >>> With my setup, Postfix send an email from my local user account
>> >>> ("user")
>> >>> as u...@example.com. Example.com is a Google apps domain.
>> >>> I would like the email to go out as another name:
>> >>> anewn...@example.com.
>> >>> (where "anewname" matches my gmail user account name).
>> >>>
>> >>> My gmail user account and my linux user name are not the same, but I
>> >>> want
>> >>> to create an alias so that, for email purposes, they are the same.
>> >>>
>> >>> How would I make this change? Thanks.
>> >>
>> >> SOLVED (partly)
>> >> I used generic and made a line that said:
>> >> realusernamenamesameasgmailaccount
>> >>
>> >> The email address is indeed what I want now
>> >> (namesameasgmailacco...@example.com), but the name info associated with
>> >> the
>> >> email still has the original full name of the user account. Would like
>> >> to
>> >> change that too for consistency. Not sure how.
>> >
>> > Can I use wildcards in generic? Something like this?
>> > *universalname
>> >
>> >
>>
>> When you post to this list, you are taking up the time of many experts
>> (and some amateurs like myself :).  Please treat this resource with
>> the respect that it deserves.  These same experts have taken the time
>> to create excellent documentation.  Please respect them and their time
>> by consulting it before asking for more from them.
>
> I have consulted a bunch of documentation for several hours. I am being
> respectful. I'm working hard on this. I'm searching the docs and google.
> When I can't find answers there, I ask here.
>
> I still do not have an answer to this question. if you have it, how about
> being a gentleman and sharing it or pointing me to the right place. Thanks.
>
>
>

Please quote the part of the postfix documentation that you need
clarification on.  I will do my best to help.

Re: I am confused about my system's email addresses - need some help getting them to conform to my wishes

[Dave]

On Wed, Jan 28, 2009 at 8:46 PM, Stroller wrote:

>
> On 28 Jan 2009, at 20:32, mouss wrote:
>
>> ...
>>> OK, so I have to make sure all messages are from me-at-example.com
>>>  in order for them to appear in the sent-mail
>>> folder of that account.
>>>
>>
>> No, they will not. as said above, the Sent folder is "populated" by
>> imap/web mail clients when _you_ send mail (_you_ != denyhosts, cron,
>> ... etc).
>>
>
> This is probably a little OT, but just to clarify, I think the GMail
> webmail service places messages the messages in the sent box, if it receives
> mail to you with your own sent address.
>
> IE: `cat foo.txt | sendmail -f b...@gmail.com b...@gmail.com` will appear in
> the sent items folder of Bob's Gmail account.
>
> Stroller.
>

I can confirm this now that I figured out how to use generic to replace
linux-user-acco...@example.com with my-gmail-acco...@user.com.

The emails do indeed show up in the sent-mail folder where I wanted to see
them. I just figured this out about 20 minutes ago.

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Victor Duchovni]

On Wed, Jan 28, 2009 at 08:47:28PM -0500, Dave wrote:

> > When you post to this list, you are taking up the time of many experts
> > (and some amateurs like myself :).  Please treat this resource with
> > the respect that it deserves.  These same experts have taken the time
> > to create excellent documentation.  Please respect them and their time
> > by consulting it before asking for more from them.
> 
> 
> I have consulted a bunch of documentation for several hours. I am being
> respectful. I'm working hard on this. I'm searching the docs and google.
> When I can't find answers there, I ask here.

Google is full of noise. Try:

http://www.postfix.org/documentation.html
http://www.postfix.org/ADDRESS_REWRITING_README.html
http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
http://www.postfix.org/generic.5.html
http://www.postfix.org/DATABASE_README.html#types
http://www.postfix.org/pcre_table.5.html
http://www.postfix.org/regexp_table.5.html

> I still do not have an answer to this question. if you have it, how about
> being a gentleman and sharing it or pointing me to the right place. Thanks.

The specific answer is in generic(5). While you can construct a table
that rewrites all addresses to a fixed value, that would be a mistake.
Consider what will happen to recipient addresses.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Dave]

On Wed, Jan 28, 2009 at 8:56 PM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:

> On Wed, Jan 28, 2009 at 08:47:28PM -0500, Dave wrote:
>
> > > When you post to this list, you are taking up the time of many experts
> > > (and some amateurs like myself :).  Please treat this resource with
> > > the respect that it deserves.  These same experts have taken the time
> > > to create excellent documentation.  Please respect them and their time
> > > by consulting it before asking for more from them.
> >
> >
> > I have consulted a bunch of documentation for several hours. I am being
> > respectful. I'm working hard on this. I'm searching the docs and google.
> > When I can't find answers there, I ask here.
>
> Google is full of noise. Try:
>
>http://www.postfix.org/documentation.html
>http://www.postfix.org/ADDRESS_REWRITING_README.html
>http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
>http://www.postfix.org/generic.5.html
>http://www.postfix.org/DATABASE_README.html#types
>http://www.postfix.org/pcre_table.5.html
>http://www.postfix.org/regexp_table.5.html
>
> > I still do not have an answer to this question. if you have it, how about
> > being a gentleman and sharing it or pointing me to the right place.
> Thanks.
>
> The specific answer is in generic(5). While you can construct a table
> that rewrites all addresses to a fixed value, that would be a mistake.
> Consider what will happen to recipient addresses.



Thank you Viktor. I have been spending a lot of time reading many of those
docs. I almost have this section memorized. (And the guy who accused me of
not reading the docs... well I hope he feels embarrassed).
http://www.postfix.org/ADDRESS_REWRITING_README.html#generic

The problem is that it only shows "@localdomain.local"
as an example of a wildcard.

I need to handle just "username" not "usern...@localhost"

So how would I do that?

would any of these work?
@my-new-addr...@example.com
@my-new-address


BTW, I am not sure what you mean by "Consider what will happen to recipient
addresses." What will happen? And which recipient addresses would be the
problem? I don't expect to receive any mail at this postfix server. I just
want to send system messages to my gmail account.

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Victor Duchovni]

On Wed, Jan 28, 2009 at 09:04:48PM -0500, Dave wrote:

> > Google is full of noise. Try:
> >
> >http://www.postfix.org/documentation.html
> >http://www.postfix.org/ADDRESS_REWRITING_README.html
> >http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
> >http://www.postfix.org/generic.5.html
> >http://www.postfix.org/DATABASE_README.html#types
> >http://www.postfix.org/pcre_table.5.html
> >http://www.postfix.org/regexp_table.5.html
> >
> > > I still do not have an answer to this question. if you have it, how about
> > > being a gentleman and sharing it or pointing me to the right place.
> > Thanks.
> >
> > The specific answer is in generic(5). While you can construct a table
> > that rewrites all addresses to a fixed value, that would be a mistake.
> > Consider what will happen to recipient addresses.
> 
> http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
> 
> The problem is that it only shows "@localdomain.local"
> as an example of a wildcard.

The generic(5) document lists all the lookup keys used with a given
address. You need a table that returns the desired value given one
of those lookup keys. Postfix has lots of different table types
you can use.

> would any of these work?
> @my-new-addr...@example.com
> @my-new-address

The list of LHS lookup keys is documented in generic(5). "@" is not
among them.

> BTW, I am not sure what you mean by "Consider what will happen to recipient
> addresses." What will happen? And which recipient addresses would be the
> problem? I don't expect to receive any mail at this postfix server. I just
> want to send system messages to my gmail account.

All recipient addresses will also match any global wildcard, so you'll
never be able to address any email to someone other then the single
wildcard rewrite recipient. If that works for you, go for it.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Dave]

On Wed, Jan 28, 2009 at 9:18 PM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:

> On Wed, Jan 28, 2009 at 09:04:48PM -0500, Dave wrote:
>
> > > Google is full of noise. Try:
> > >
> > >http://www.postfix.org/documentation.html
> > >http://www.postfix.org/ADDRESS_REWRITING_README.html
> > >http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
> > >http://www.postfix.org/generic.5.html
> > >http://www.postfix.org/DATABASE_README.html#types
> > >http://www.postfix.org/pcre_table.5.html
> > >http://www.postfix.org/regexp_table.5.html
> > >
> > > > I still do not have an answer to this question. if you have it, how
> about
> > > > being a gentleman and sharing it or pointing me to the right place.
> > > Thanks.
> > >
> > > The specific answer is in generic(5). While you can construct a table
> > > that rewrites all addresses to a fixed value, that would be a mistake.
> > > Consider what will happen to recipient addresses.
> >
> > http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
> >
> > The problem is that it only shows "@localdomain.local"
> > as an example of a wildcard.
>
> The generic(5) document lists all the lookup keys used with a given
> address.


That was a fairly difficult document for me to understand, but it is
starting to make sense.
But if my answer is in there, I still don't see it.



> You need a table that returns the desired value given one
> of those lookup keys. Postfix has lots of different table types
> you can use.
>
> > would any of these work?
> > @my-new-addr...@example.com
> > @my-new-address
>
> The list of LHS lookup keys is documented in generic(5). "@" is not
> among them.


I noticed that, but I wasn't immediately able to figure out that the items
shown were a comprehensive list rather than selected examples.



>
>
> > BTW, I am not sure what you mean by "Consider what will happen to
> recipient
> > addresses." What will happen? And which recipient addresses would be the
> > problem? I don't expect to receive any mail at this postfix server. I
> just
> > want to send system messages to my gmail account.
>
> All recipient addresses will also match any global wildcard, so you'll
> never be able to address any email to someone other then the single
> wildcard rewrite recipient. If that works for you, go for it.


That is exactly the result I was hoping to achieve. But I'm still not sure
HOW to do it. So, how do I do it?

Re: smtpd_tls_session_cache_database - correct config?

[Dave]

On Wed, Jan 28, 2009 at 4:01 PM, mouss  wrote:

> MountainX a écrit :
> >
> >
> > MountainX wrote:
> >> which of these lines is more correct? I'm guessing the 2nd line is
> better.
> >>
> >> smtpd_tls_session_cache_database =
> btree:/var/run/smtpd_tls_session_cache
> >> or
> >> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> >>
> >> same question here:
> >> smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
> >> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> >>
> >>
> >> If it makes a difference, I'm on Ubuntu 8.04. Thanks.
> >>
> >
> > Thank you. I made the change. Do I need to delete any old cache contents?
> If
> > so, how?
>
> use rm.
>
>
The cache file previously listed (/var/run/smtpd_tls_session_cache) is not
present. I didn't delete it. Maybe postfix did?

BTW, an answer as simple as "use rm" is helpful because (I'm told) there are
certain files that should not be deleted (even if not being used anymore).
So knowing I can just delete an old cache file or directory helps me.
Thanks.

Re: smtp_*_restrictions and syntax access-files

[Thomas]

Victor Duchovni wrote:

If you do that, you will notice that there is no documentation for
"reject_unknown_address", hence you should not use it (there is
no such restriction, if that is not clear by now).
  


Uh.
Thanx!

I changed to the following:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

Or would you add reject_unknown_sender_domain? It is already used in 
"smptp_recipient_restrictions:



smtpd_recipient_restrictions = permit_mynetworks 
reject_unknown_recipient_domain permit_sasl_authenticated 
reject_unauth_destination check_recipient_access 
pcre:/etc/postfix/recipient_access


OK, so far?
Add something? Remove something?


The client line looks like this:

smtpd_client_restrictions = reject_invalid_helo_hostname 
check_client_access hash:/etc/postfix/client_access


OK, so far?
Add something? Remove "reject_invalid_helo_hostname"?

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Aaron Wolfe]

On Wed, Jan 28, 2009 at 9:25 PM, Dave  wrote:
>
>
> On Wed, Jan 28, 2009 at 9:18 PM, Victor Duchovni
>  wrote:
>>
>> On Wed, Jan 28, 2009 at 09:04:48PM -0500, Dave wrote:
>>
>> > > Google is full of noise. Try:
>> > >
>> > >http://www.postfix.org/documentation.html
>> > >http://www.postfix.org/ADDRESS_REWRITING_README.html
>> > >http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
>> > >http://www.postfix.org/generic.5.html
>> > >http://www.postfix.org/DATABASE_README.html#types
>> > >http://www.postfix.org/pcre_table.5.html
>> > >http://www.postfix.org/regexp_table.5.html
>> > >
>> > > > I still do not have an answer to this question. if you have it, how
>> > > > about
>> > > > being a gentleman and sharing it or pointing me to the right place.
>> > > Thanks.
>> > >
>> > > The specific answer is in generic(5). While you can construct a table
>> > > that rewrites all addresses to a fixed value, that would be a mistake.
>> > > Consider what will happen to recipient addresses.
>> >
>> > http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
>> >
>> > The problem is that it only shows "@localdomain.local"
>> > as an example of a wildcard.
>>
>> The generic(5) document lists all the lookup keys used with a given
>> address.
>
> That was a fairly difficult document for me to understand, but it is
> starting to make sense.
> But if my answer is in there, I still don't see it.
>

>From http://www.postfix.org/ADDRESS_REWRITING_README.html

"Postfix typically uses lookup tables with fixed strings to map one
address to one or multiple addresses, and typically uses regular
expressions to map multiple addresses to one or multiple addresses."

So in other words, if you want to match multiple addresses, then
regular expressions might be handy...

The postfix docs for regex tables are here:
http://www.postfix.org/regexp_table.5.html

I'll quote the interesting parts:

"TABLE FORMAT
   The general form of a Postfix regular expression table is:

   /pattern/flags result
  When pattern matches the input string, use the cor-
  responding result value."

"TABLE SEARCH ORDER
   Patterns are applied in the order as specified in the  ta-
   ble,  until  a  pattern  is  found  that matches the input
   string.

   Each pattern  is  applied  to  the  entire  input  string.
   Depending  on  the  application,  that string is an entire
   client hostname, an entire client IP address, or an entire
   mail  address.   Thus,  no parent domain or parent network
   search is done, and u...@domain  mail  addresses  are  not
   broken  up  into  their user and domain constituent parts,
   nor is user+foo broken up into user and foo."

You won't find much about creating regex patterns in the postfix docs,
since that's not really a postfix thing.  Here's a guide that should
help you create a regex to match whatever you'd like:

http://ysomeya.hp.infoseek.co.jp/eng-quick_regex.html

>
>>
>> You need a table that returns the desired value given one
>> of those lookup keys. Postfix has lots of different table types
>> you can use.
>>
>> > would any of these work?
>> > @my-new-addr...@example.com
>> > @my-new-address
>>
>> The list of LHS lookup keys is documented in generic(5). "@" is not
>> among them.
>
> I noticed that, but I wasn't immediately able to figure out that the items
> shown were a comprehensive list rather than selected examples.
>
>
>>
>>
>> > BTW, I am not sure what you mean by "Consider what will happen to
>> > recipient
>> > addresses." What will happen? And which recipient addresses would be the
>> > problem? I don't expect to receive any mail at this postfix server. I
>> > just
>> > want to send system messages to my gmail account.
>>
>> All recipient addresses will also match any global wildcard, so you'll
>> never be able to address any email to someone other then the single
>> wildcard rewrite recipient. If that works for you, go for it.
>
> That is exactly the result I was hoping to achieve. But I'm still not sure
> HOW to do it. So, how do I do it?
>

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Dave]

On Wed, Jan 28, 2009 at 10:30 PM, Aaron Wolfe  wrote:

> On Wed, Jan 28, 2009 at 9:25 PM, Dave  wrote:
> >
> >
> > On Wed, Jan 28, 2009 at 9:18 PM, Victor Duchovni
> >  wrote:
> >>
> >> On Wed, Jan 28, 2009 at 09:04:48PM -0500, Dave wrote:
> >>
> >> > > Google is full of noise. Try:
> >> > >
> >> > >http://www.postfix.org/documentation.html
> >> > >http://www.postfix.org/ADDRESS_REWRITING_README.html
> >> > >http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
> >> > >http://www.postfix.org/generic.5.html
> >> > >http://www.postfix.org/DATABASE_README.html#types
> >> > >http://www.postfix.org/pcre_table.5.html
> >> > >http://www.postfix.org/regexp_table.5.html
> >> > >
> >> > > > I still do not have an answer to this question. if you have it,
> how
> >> > > > about
> >> > > > being a gentleman and sharing it or pointing me to the right
> place.
> >> > > Thanks.
> >> > >
> >> > > The specific answer is in generic(5). While you can construct a
> table
> >> > > that rewrites all addresses to a fixed value, that would be a
> mistake.
> >> > > Consider what will happen to recipient addresses.
> >> >
> >> > http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
> >> >
> >> > The problem is that it only shows "@localdomain.local"
> >> > as an example of a wildcard.
> >>
> >> The generic(5) document lists all the lookup keys used with a given
> >> address.
> >
> > That was a fairly difficult document for me to understand, but it is
> > starting to make sense.
> > But if my answer is in there, I still don't see it.
> >
>
> From http://www.postfix.org/ADDRESS_REWRITING_README.html
>
> "Postfix typically uses lookup tables with fixed strings to map one
> address to one or multiple addresses, and typically uses regular
> expressions to map multiple addresses to one or multiple addresses."
>
> So in other words, if you want to match multiple addresses, then
> regular expressions might be handy...
>
> The postfix docs for regex tables are here:
> http://www.postfix.org/regexp_table.5.html
>
> I'll quote the interesting parts:
>
> "TABLE FORMAT
>   The general form of a Postfix regular expression table is:
>
>   /pattern/flags result
>  When pattern matches the input string, use the cor-
>  responding result value."
>
> "TABLE SEARCH ORDER
>   Patterns are applied in the order as specified in the  ta-
>   ble,  until  a  pattern  is  found  that matches the input
>   string.
>
>   Each pattern  is  applied  to  the  entire  input  string.
>   Depending  on  the  application,  that string is an entire
>   client hostname, an entire client IP address, or an entire
>   mail  address.   Thus,  no parent domain or parent network
>   search is done, and u...@domain  mail  addresses  are  not
>   broken  up  into  their user and domain constituent parts,
>   nor is user+foo broken up into user and foo."
>
> You won't find much about creating regex patterns in the postfix docs,
> since that's not really a postfix thing.  Here's a guide that should
> help you create a regex to match whatever you'd like:
>
> http://ysomeya.hp.infoseek.co.jp/eng-quick_regex.html
>
>
Well, the regex part should be easy. I think it is just ".*"
But the docs seem to imply that the result cannot be an email address. But
as far as I can tell, the doc doesn't define what the result can or cannot
be.
I would want the table entry would be:
.*   m...@example.com

Then I could use the regex like I'm using generic now.

Assuming that would work, would I create the regex table just like the
generic table, with an entry in main.cf and then run postmap on the text
file?

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Aaron Wolfe]

On Wed, Jan 28, 2009 at 10:39 PM, Dave  wrote:
>
>
> On Wed, Jan 28, 2009 at 10:30 PM, Aaron Wolfe  wrote:
>>
>> On Wed, Jan 28, 2009 at 9:25 PM, Dave  wrote:
>> >
>> >
>> > On Wed, Jan 28, 2009 at 9:18 PM, Victor Duchovni
>> >  wrote:
>> >>
>> >> On Wed, Jan 28, 2009 at 09:04:48PM -0500, Dave wrote:
>> >>
>> >> > > Google is full of noise. Try:
>> >> > >
>> >> > >http://www.postfix.org/documentation.html
>> >> > >http://www.postfix.org/ADDRESS_REWRITING_README.html
>> >> > >http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
>> >> > >http://www.postfix.org/generic.5.html
>> >> > >http://www.postfix.org/DATABASE_README.html#types
>> >> > >http://www.postfix.org/pcre_table.5.html
>> >> > >http://www.postfix.org/regexp_table.5.html
>> >> > >
>> >> > > > I still do not have an answer to this question. if you have it,
>> >> > > > how
>> >> > > > about
>> >> > > > being a gentleman and sharing it or pointing me to the right
>> >> > > > place.
>> >> > > Thanks.
>> >> > >
>> >> > > The specific answer is in generic(5). While you can construct a
>> >> > > table
>> >> > > that rewrites all addresses to a fixed value, that would be a
>> >> > > mistake.
>> >> > > Consider what will happen to recipient addresses.
>> >> >
>> >> > http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
>> >> >
>> >> > The problem is that it only shows "@localdomain.local"
>> >> > as an example of a wildcard.
>> >>
>> >> The generic(5) document lists all the lookup keys used with a given
>> >> address.
>> >
>> > That was a fairly difficult document for me to understand, but it is
>> > starting to make sense.
>> > But if my answer is in there, I still don't see it.
>> >
>>
>> From http://www.postfix.org/ADDRESS_REWRITING_README.html
>>
>> "Postfix typically uses lookup tables with fixed strings to map one
>> address to one or multiple addresses, and typically uses regular
>> expressions to map multiple addresses to one or multiple addresses."
>>
>> So in other words, if you want to match multiple addresses, then
>> regular expressions might be handy...
>>
>> The postfix docs for regex tables are here:
>> http://www.postfix.org/regexp_table.5.html
>>
>> I'll quote the interesting parts:
>>
>> "TABLE FORMAT
>>   The general form of a Postfix regular expression table is:
>>
>>   /pattern/flags result
>>  When pattern matches the input string, use the cor-
>>  responding result value."
>>
>> "TABLE SEARCH ORDER
>>   Patterns are applied in the order as specified in the  ta-
>>   ble,  until  a  pattern  is  found  that matches the input
>>   string.
>>
>>   Each pattern  is  applied  to  the  entire  input  string.
>>   Depending  on  the  application,  that string is an entire
>>   client hostname, an entire client IP address, or an entire
>>   mail  address.   Thus,  no parent domain or parent network
>>   search is done, and u...@domain  mail  addresses  are  not
>>   broken  up  into  their user and domain constituent parts,
>>   nor is user+foo broken up into user and foo."
>>
>> You won't find much about creating regex patterns in the postfix docs,
>> since that's not really a postfix thing.  Here's a guide that should
>> help you create a regex to match whatever you'd like:
>>
>> http://ysomeya.hp.infoseek.co.jp/eng-quick_regex.html
>>
>
> Well, the regex part should be easy. I think it is just ".*"
> But the docs seem to imply that the result cannot be an email address. But

Where do you see this?

>From http://www.postfix.org/canonical.5.html

"REGULAR EXPRESSION TABLES
   This  section  describes how the table lookups change when
   the table is given in the form of regular expressions. For
   a  description  of regular expression lookup table syntax,
   see regexp_table(5) or pcre_table(5).

   Each pattern is a regular expression that  is  applied  to
   the entire address being looked up. Thus, u...@domain mail
   addresses are not broken up into their  user  and  @domain
   constituent parts, nor is user+foo broken up into user and
   foo.

   Patterns are applied in the order as specified in the  ta-
   ble,  until  a  pattern  is  found that matches the search
   string.

   Results are the same as with indexed  file  lookups,  with
   the  additional feature that parenthesized substrings from
   the pattern can be interpolated as $1, $2 and so on."


> as far as I can tell, the doc doesn't define what the result can or cannot
> be.

see above

> I would want the table entry would be:
> .*   m...@example.com
>
> Then I could use the regex like I'm using generic now.
>
> Assuming that would work, would I create the regex table just like the
> generic table, with an entry in main.cf and then run postmap on the text
> file?

pretty much.  examples are in the docs.

Message Count on an IP

[Jacky Chan]

Hi all,

May I know in Postfix, how can I retrieve the messages count on an IP over
defined period of time?
Because I want to implement the policy control over that IP, to control,
let's say can only send mail 100 emails over 3600 seconds. And as I searched
this mailling list, some users suggest policyd, but a database is needed,
may I know any Postfix itself can do it or not? or just third party software
does?

Thx.

Best regards,
Jacky
-- 
View this message in context: 
http://www.nabble.com/Message-Count-on-an-IP-tp21720576p21720576.html
Sent from the Postfix mailing list archive at Nabble.com.

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Rod Whitworth]

--Original Message Text---
From: Dave
Date: Wed, 28 Jan 2009 22:39:53 -0500
==
On Wed, Jan 28, 2009 at 10:30 PM, Aaron Wolfe 
wrote:

On Wed, Jan 28, 2009 at 9:25 PM, Dave  wrote:
>
>
> On Wed, Jan 28, 2009 at 9:18 PM, Victor Duchovni
>  wrote:
>>
>> On Wed, Jan 28, 2009 at 09:04:48PM -0500, Dave wrote:
>>
>> > > Google is full of noise. Try:
>> > >
>> > >http://www.postfix.org/documentation.html
>> > >http://www.postfix.org/ADDRESS_REWRITING_README.html
>> > >http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
>> > >http://www.postfix.org/generic.5.html
>> > >http://www.postfix.org/DATABASE_README.html#types
>> > >http://www.postfix.org/pcre_table.5.html
>> > >http://www.postfix.org/regexp_table.5.html
>> > >
>> > > > I still do not have an answer to this question. if you have it, how
>> > > > about
>> > > > being a gentleman and sharing it or pointing me to the right place.
>> > > Thanks.
>> > >
>> > > The specific answer is in generic(5). While you can construct a table
>> > > that rewrites all addresses to a fixed value, that would be a mistake.
>> > > Consider what will happen to recipient addresses.
>> >
>> > http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
>> >
>> > The problem is that it only shows "@localdomain.local"
>> > as an example of a wildcard.
>>
>> The generic(5) document lists all the lookup keys used with a given
>> address.
>
> That was a fairly difficult document for me to understand, but it is
> starting to make sense.
> But if my answer is in there, I still don't see it.
>



>From http://www.postfix.org/ADDRESS_REWRITING_README.html

"Postfix typically uses lookup tables with fixed strings to map one
address to one or multiple addresses, and typically uses regular
expressions to map multiple addresses to one or multiple addresses."

So in other words, if you want to match multiple addresses, then
regular expressions might be handy...

The postfix docs for regex tables are here:
http://www.postfix.org/regexp_table.5.html


I'll quote the interesting parts:

"TABLE FORMAT
  The general form of a Postfix regular expression table is:

  /pattern/flags result
 When pattern matches the input string, use the cor-
 responding result value."

"TABLE SEARCH ORDER
  Patterns are applied in the order as specified in the  ta-
  ble,  until  a  pattern  is  found  that matches the input
  string.

  Each pattern  is  applied  to  the  entire  input  string.
  Depending  on  the  application,  that string is an entire
  client hostname, an entire client IP address, or an entire
  mail  address.   Thus,  no parent domain or parent network
  search is done, and u...@domain  mail  addresses  are  not
  broken  up  into  their user and domain constituent parts,
  nor is user+foo broken up into user and foo."

You won't find much about creating regex patterns in the postfix docs,
since that's not really a postfix thing.  Here's a guide that should
help you create a regex to match whatever you'd like:

http://ysomeya.hp.infoseek.co.jp/eng-quick_regex.html

Well, the regex part should be easy. I think it is just ".*"
But the docs seem to imply that the result cannot be an email address.
But as far as I can tell, the doc doesn't define what the result can or
cannot be.
I would want the table entry would be:
.*   m...@example.com

Then I could use the regex like I'm using generic now.

Assuming that would work, would I create the regex table just like the
generic table, with an entry in main.cf and then run postmap on the
text file? 

==
Dave,
the above text from = down to the other  ===  bit is pretty
much what you sent to the list.

Can you see how hard it might be for somebody, other than you and Aaron
Wolfe, to work out who said what apart from the lines quoted by >
marks?

You should notice that nearly 100% of messages quoting one or more
writers use one or more > marks to preceded each line.

If it is not easy to figure out what you have added to the other
material added by just the last poster, then most of us just won't
bother.

With loads of Q&A going on between you and the list my brain hurts.





*** NOTE *** Please DO NOT CC me. I  subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
/earth: write failed, file system is full
cp: /earth/creatures: No space left on device

Re: Message Count on an IP

[Sahil Tandon]

On Wed, 28 Jan 2009, Jacky Chan wrote:

> May I know in Postfix, how can I retrieve the messages count on an IP over
> defined period of time?
> Because I want to implement the policy control over that IP, to control,
> let's say can only send mail 100 emails over 3600 seconds. And as I searched
> this mailling list, some users suggest policyd, but a database is needed,
> may I know any Postfix itself can do it or not? or just third party software
> does?

policyd is third-party software.  You need a policy server.

-- 
Sahil Tandon 

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Victor Duchovni]

On Wed, Jan 28, 2009 at 10:39:53PM -0500, Dave wrote:

> I would want the table entry would be:
> .*   m...@example.com

Ignoring regexp table syntax problems for the moment, this is a very
degenerate regexp table, the input is completely ignored, and a fixed
output is produced. Postfix has a *much* simpler table type for this case,
listed in http://www.postfix.org/DATABASE_README.html#types.

All mail leaving a system so configured will have the envelope sender
equal to the envelope recipient and equal to all addresses listed in
The From/Sender/To/Cc headers. This makes for a very degenerate MTA,
but if that's OK, it should work.

relayhost = gmail.com
smtp_generic_maps = :

with the output of the map in question completely independent of
the input.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

strange aliasing problem

[Dave]

This problem only happens when I send email to r...@localhost.

The email is re-addressed to d...@myolddomain.net, as so:

to=, orig_to=

There is no entry in aliases, generic, virtual nor anywhere else I can find
that still has a reference to myolddomain.net.

Furthermore, if I address the email to root (not r...@localhost) this
problematic aliasing does not happen.

What could be responsible for this strange aliasing behavior?

Here is the log:

Jan 29 00:27:20 ubuntu postfix/pickup[28515]: 35807123E5: uid=1000 from=
Jan 29 00:27:20 ubuntu postfix/cleanup[28518]: 35807123E5: message-id=<
20090129052720.nn...@example.com>
Jan 29 00:27:20 ubuntu postfix/qmgr[28514]: 35807123E5: from=,
size=308, nrcpt=1 (queue active)
Jan 29 00:27:20 ubuntu postfix/cleanup[28518]: 3A67A1231F: message-id=<
20090129052720.nnn...@example.com>
Jan 29 00:27:20 ubuntu postfix/qmgr[28514]: 3A67A1231F: from=,
size=434, nrcpt=1 (queue active)
Jan 29 00:27:20 ubuntu postfix/local[28520]: 35807123E5: to=,
relay=local, delay=4.1, delays=4/0.01/0/0.08, dsn=2.0.0, status=sent
(forwarded as 3A67A1231F)
Jan 29 00:27:20 ubuntu postfix/qmgr[28514]: 35807123E5: removed
Jan 29 00:27:21 ubuntu postfix/smtp[28521]: 3A67A1231F: to=<
d...@myolddomain.net>, orig_to=,
relay=aspmx.l.google.com[209.85.133.114]:25,
delay=1, delays=0.08/0.04/0.43/0.49, dsn=2.0.0, status=sent (250 2.0.0 OK
1233206841 b7si28689843ana.19)
Jan 29 00:27:21 ubuntu postfix/qmgr[28514]: 3A67A1231F: removed

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Dave]

On Thu, Jan 29, 2009 at 12:34 AM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:

> On Wed, Jan 28, 2009 at 10:39:53PM -0500, Dave wrote:
>
> > I would want the table entry would be:
> > .*   m...@example.com
>
> Ignoring regexp table syntax problems for the moment, this is a very
> degenerate regexp table, the input is completely ignored, and a fixed
> output is produced. Postfix has a *much* simpler table type for this case,
> listed in http://www.postfix.org/DATABASE_README.html#types.
>
> All mail leaving a system so configured will have the envelope sender
> equal to the envelope recipient and equal to all addresses listed in
> The From/Sender/To/Cc headers. This makes for a very degenerate MTA,
> but if that's OK, it should work.
>
>relayhost = gmail.com
>smtp_generic_maps = :
>
> with the output of the map in question completely independent of
> the input.
>
>
Yes, that is great for my purposes. Perfect! (I am already using
smtp_generic_maps.)

My  current definition in main.cf is the typical one:

smtp_generic_maps = hash:/etc/postfix/generic

The question is what goes into the file generic? I asked before if I could
use something like this:
   m...@example.com

I understood the answer was no, and that regex was the alternative. I prefer
your suggestion. So how do I accomplish this task using generic?

What is the right wildcard? (The docs have not answered that question for
me.)

Re: strange aliasing problem

[Dave]

On Thu, Jan 29, 2009 at 12:38 AM, Dave  wrote:

> This problem only happens when I send email to r...@localhost.
>
> The email is re-addressed to d...@myolddomain.net, as so:
>
> to=, orig_to=
>
> There is no entry in aliases, generic, virtual nor anywhere else I can find
> that still has a reference to myolddomain.net.
>
> Furthermore, if I address the email to root (not r...@localhost) this
> problematic aliasing does not happen.
>
> What could be responsible for this strange aliasing behavior?
>
> Here is the log:
>
> Jan 29 00:27:20 ubuntu postfix/pickup[28515]: 35807123E5: uid=1000
> from=
> Jan 29 00:27:20 ubuntu postfix/cleanup[28518]: 35807123E5: message-id=<
> 20090129052720.nn...@example.com>
> Jan 29 00:27:20 ubuntu postfix/qmgr[28514]: 35807123E5: from=<
> m...@example.com>, size=308, nrcpt=1 (queue active)
> Jan 29 00:27:20 ubuntu postfix/cleanup[28518]: 3A67A1231F: message-id=<
> 20090129052720.nnn...@example.com>
> Jan 29 00:27:20 ubuntu postfix/qmgr[28514]: 3A67A1231F: from=<
> m...@example.com>, size=434, nrcpt=1 (queue active)
> Jan 29 00:27:20 ubuntu postfix/local[28520]: 35807123E5: to=,
> relay=local, delay=4.1, delays=4/0.01/0/0.08, dsn=2.0.0, status=sent
> (forwarded as 3A67A1231F)
> Jan 29 00:27:20 ubuntu postfix/qmgr[28514]: 35807123E5: removed
> Jan 29 00:27:21 ubuntu postfix/smtp[28521]: 3A67A1231F: to=<
> d...@myolddomain.net>, orig_to=, 
> relay=aspmx.l.google.com[209.85.133.114]:25,
> delay=1, delays=0.08/0.04/0.43/0.49, dsn=2.0.0, status=sent (250 2.0.0 OK
> 1233206841 b7si28689843ana.19)
> Jan 29 00:27:21 ubuntu postfix/qmgr[28514]: 3A67A1231F: removed
>


Solved. I discovered that my installation had two aliases databases. One was
in /etc/ and the other was in /etc/postfix/. Main.cf was pointing to only
one of them (in /etc/), but in some strange way the aliases database in
/etc/postfix was influencing Postfix's behavior. Is that by design?

I got rid of one aliases file/database, ran newaliases and the problem is
solved.

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Victor Duchovni]

On Thu, Jan 29, 2009 at 12:48:14AM -0500, Dave wrote:

> > Ignoring regexp table syntax problems for the moment, this is a very
> > degenerate regexp table, the input is completely ignored, and a fixed
> > output is produced. Postfix has a *much* simpler table type for this case,
> > listed in http://www.postfix.org/DATABASE_README.html#types.
> >
> >smtp_generic_maps = :
> >
> > with the output of the map in question completely independent of
> > the input.
>
> Yes, that is great for my purposes. Perfect! (I am already using
> smtp_generic_maps.)
> 
> My  current definition in main.cf is the typical one:
> 
> smtp_generic_maps = hash:/etc/postfix/generic
> 
> The question is what goes into the file generic? I asked before if I could
> use something like this:
>m...@example.com

No, not what goes in the file, but what maptype to use. The "hash"
map type can not produce a fixed output for all possible inputs.

> I understood the answer was no, and that regex was the alternative. I prefer
> your suggestion. So how do I accomplish this task using generic?

No not "using generic", rather using a table that returns a fixed output
regardless of the input. The list of supported tables is still in the
same place, and looking through it top to bottom will quickly expose
the right table type for the job.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: strange aliasing problem

[Aaron Wolfe]

On Thu, Jan 29, 2009 at 1:04 AM, Dave  wrote:
>
>
> On Thu, Jan 29, 2009 at 12:38 AM, Dave  wrote:
>>
>> This problem only happens when I send email to r...@localhost.
>>
>> The email is re-addressed to d...@myolddomain.net, as so:
>>
>> to=, orig_to=
>>
>> There is no entry in aliases, generic, virtual nor anywhere else I can
>> find that still has a reference to myolddomain.net.
>>
>> Furthermore, if I address the email to root (not r...@localhost) this
>> problematic aliasing does not happen.
>>
>> What could be responsible for this strange aliasing behavior?
>>
>> Here is the log:
>>
>> Jan 29 00:27:20 ubuntu postfix/pickup[28515]: 35807123E5: uid=1000
>> from=
>> Jan 29 00:27:20 ubuntu postfix/cleanup[28518]: 35807123E5:
>> message-id=<20090129052720.nn...@example.com>
>> Jan 29 00:27:20 ubuntu postfix/qmgr[28514]: 35807123E5:
>> from=, size=308, nrcpt=1 (queue active)
>> Jan 29 00:27:20 ubuntu postfix/cleanup[28518]: 3A67A1231F:
>> message-id=<20090129052720.nnn...@example.com>
>> Jan 29 00:27:20 ubuntu postfix/qmgr[28514]: 3A67A1231F:
>> from=, size=434, nrcpt=1 (queue active)
>> Jan 29 00:27:20 ubuntu postfix/local[28520]: 35807123E5:
>> to=, relay=local, delay=4.1, delays=4/0.01/0/0.08,
>> dsn=2.0.0, status=sent (forwarded as 3A67A1231F)
>> Jan 29 00:27:20 ubuntu postfix/qmgr[28514]: 35807123E5: removed
>> Jan 29 00:27:21 ubuntu postfix/smtp[28521]: 3A67A1231F:
>> to=, orig_to=,
>> relay=aspmx.l.google.com[209.85.133.114]:25, delay=1,
>> delays=0.08/0.04/0.43/0.49, dsn=2.0.0, status=sent (250 2.0.0 OK 1233206841
>> b7si28689843ana.19)
>> Jan 29 00:27:21 ubuntu postfix/qmgr[28514]: 3A67A1231F: removed
>
>
> Solved. I discovered that my installation had two aliases databases. One was
> in /etc/ and the other was in /etc/postfix/. Main.cf was pointing to only
> one of them (in /etc/), but in some strange way the aliases database in
> /etc/postfix was influencing Postfix's behavior. Is that by design?
>
> I got rid of one aliases file/database, ran newaliases and the problem is
> solved.
>

That's twice tonight that you've posted a question to the list and
then solved it yourself a few minutes later.
It's good that you are learning how to help yourself, but please show
us the courtesy of spending these few extra needed minutes learning
*before* posting a question here.

Re: strange aliasing problem

[Dave]

On Thu, Jan 29, 2009 at 1:21 AM, Aaron Wolfe  wrote:

> On Thu, Jan 29, 2009 at 1:04 AM, Dave  wrote:
> >
> >
> > On Thu, Jan 29, 2009 at 12:38 AM, Dave  wrote:
> >>
> >
> > Solved. I discovered that my installation had two aliases databases. One
> was
> > in /etc/ and the other was in /etc/postfix/. Main.cf was pointing to only
> > one of them (in /etc/), but in some strange way the aliases database in
> > /etc/postfix was influencing Postfix's behavior. Is that by design?
> >
> > I got rid of one aliases file/database, ran newaliases and the problem is
> > solved.
> >
>
> That's twice tonight that you've posted a question to the list and
> then solved it yourself a few minutes later.
> It's good that you are learning how to help yourself, but please show
> us the courtesy of spending these few extra needed minutes learning
> *before* posting a question here.
>

That was not a few minutes. It was more like another half hour (26 minutes)
of hard work on top of an hour or more of getting nowhere previously. This
is evidence of the fact that I'm working really hard on these issues. I've
been at it all day.

For some reason you are trying to tell me how to behave. And you are judging
me without any basis for doing so. This says more about you than it does
about me.

I was being courteous to the people who might read this list by posting my
solution.

I don't think I'll be reading any more emails from you. (Do the same to me
if you wish. I won't miss your emails.)

Re: smtp_*_restrictions and syntax access-files

[Victor Duchovni]

On Thu, Jan 29, 2009 at 03:35:11AM +0100, Thomas wrote:

>
> Or would you add reject_unknown_sender_domain? It is already used in 
> "smptp_recipient_restrictions:
>
>
> smtpd_recipient_restrictions = permit_mynetworks 
> reject_unknown_recipient_domain permit_sasl_authenticated 
> reject_unauth_destination check_recipient_access 
> pcre:/etc/postfix/recipient_access
>
> OK, so far?
> Add something? Remove something?

I mentioned that I think you should only use restrictions you
understand. You are asking me to recommend that you use restrictions
you don't understand to achieve objectives you have not described.

I can't honestly recommend anything other than start with the
default:

smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_data_restrictions =

and add one primitive at a time, provided:

- You understand what you are adding and why.

- You test each evolutionary step to confirm that your understanding
  is correct.

For sufficiently small sites, with a DNS cache not forwarded via the ISP,
it is often enough to add zen.spamhaus.org RBL checks. More sophisticated
checks can be added only as needed and as your experience grows.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Aliases question - can I alias a user name to a name that is not a local user account?

[Dave]

On Thu, Jan 29, 2009 at 1:17 AM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:

> On Thu, Jan 29, 2009 at 12:48:14AM -0500, Dave wrote:
>
> > > Ignoring regexp table syntax problems for the moment, this is a very
> > > degenerate regexp table, the input is completely ignored, and a fixed
> > > output is produced. Postfix has a *much* simpler table type for this
> case,
> > > listed in http://www.postfix.org/DATABASE_README.html#types.
> > >
> > >smtp_generic_maps = :
> > >
> > > with the output of the map in question completely independent of
> > > the input.
> >
> > Yes, that is great for my purposes. Perfect! (I am already using
> > smtp_generic_maps.)
> >
> > My  current definition in main.cf is the typical one:
> >
> > smtp_generic_maps = hash:/etc/postfix/generic
> >
> > The question is what goes into the file generic? I asked before if I
> could
> > use something like this:
> >m...@example.com
>
> No, not what goes in the file, but what maptype to use. The "hash"
> map type can not produce a fixed output for all possible inputs.
>
> > I understood the answer was no, and that regex was the alternative. I
> prefer
> > your suggestion. So how do I accomplish this task using generic?
>
> No not "using generic", rather using a table that returns a fixed output
> regardless of the input. The list of supported tables is still in the
> same place, and looking through it top to bottom will quickly expose
> the right table type for the job.
>

OK, let me guess... is it a static table? (I am guessing and I suppose I'll
have to spend an hour testing by trial and error to find out because you
choose not to give me a direct answer.)

What's with you guys on this list who have the answers yet are just handing
out clues one by one and making me guess about the answer over the course of
several email exchanges?  Fortunately, there are some guys on this list that
don't engage in those psychological games and I have greatly benefited from
their help and I do appreciate it!

RE: Virtual User/Domain --- Mail is not delivered

[Goutam Baul]

Brian wrote:
>The default virtual_transport is virtual.
... ...
>Referencing http://www.postfix.org/MAILDROP_README.html#direct , it
>seems as if you should have all domains listed in
>virtual_mailbox_domains if all users are truly virtual.

Thanks for the clue. I have inserted the line
virtual_transport = maildrop
and this has solved the problem. But I have not changed anything in the
virtual_mailbox_domains parameter and it is having only cpl.in. Do you see
any issues if I keep it like this?
Though out of the scope of this list as per my understanding, may I request
you to kindly give me some pointer regarding how do I configure courier
IMAP/POP/Authlib so that they work with the scenario where there are
multiple domains hosted on the same machine.

With regards,
Goutam