Re: delivery temporarily suspended: connect to, localhost[10.11.12.13]:25: Connection timed out

[mouss]

Admin a écrit :
> Hi there,
> 
> I am using fetchmail to pop3 mail from gmail.  But when I receive email
> I find that fetchmail is using postfix to deliver the mail to the
> corresponding internal mailbox.  postfix responds with the following
> error and best I can tell the mail never ends up in my inbox.  Looks
> like localhost is considered 10.11.12.13.  The error message,
> /etc/hosts, and postconf -n are below.
> 

it looks like you are a victim of ${yourself} + ${debian package}.

- debian package enables chroot by default
- debian package disables append_dot_mydomain
- you removed localhost from mydestination
- you used localhost in fetchmail configuration

a quick fix would be to add localhost to mydestination.

but
- you should also disable chroot (edit master.cf and set the 5th field
to 'n') until you feel ready for chrooting.
- find out why you get 10.11.12.13 for localhost. if this is returned by
your ISP DNS server, then get far away from such a server.


> 
> Here is the error message:

In general, we ignore these as well as errors showns in a mailer... etc.
  we prefer _logs_.

> [snip]
> 

Re: Getting a lot of these

[Wietse Venema]

LuKreme:
> Weitse:
> > LuKreme:
> > > Getting a lot of these:
> > >
> > > postfix/trivial-rewrite[88525]: fatal: proxy:mysql:/usr/local/etc/
> > > postfix/mysql_virtual_domains_maps.cf(0,lock|fold_fix): table lookup
> > > problem
> >
> > Log for trivial-rewrite warning: records in Postfix logs.
> >
> > Look in the MySQL logs.
> >
> Despite my.cfg having log=/var/log/mysqld.log in it, apparently  
> nothing is being logged to the logfile, only a 'logfile turned over'.

Look in the PREVIOUS logfile.

Wietse

Re: Postfix "Toaster" - replacing vpopmail

[Ignacio Garcia]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



>>> -Continued use of Courier-IMAP.  Not so much because I like it, but I
>>> don't want POP UUIDs changing or any big changes in IMAP quirks that
>>> suddenly cause users grief.  It seems like Courier+Maildrop is fairly
>>> common though, so I think I'm safe there.
> 

We recently moved from a very good, very old and unmaintained
LDAP+Postfix+Cyrus solution (ISPMan) to ISPConfig version 3
(MySQL+Postfix+Courier(+Amavisd-new)) and we are quite happy with it.
Check it at http://www.ispconfig.org

Ignacio
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpjZfEACgkQoYMx3fsuWuq8sACggt4mZFqWgiNtdgS5e4vy7D4V
pxgAn1EZPeH7IDBb9hEjzhOrTrnNzLWe
=5zCe
-END PGP SIGNATURE-

Re: Postfix "Toaster" - replacing vpopmail

[fakessh]

> (MySQL+Postfix+Courier(+Amavisd-new)) and we are quite happy with it.
> Check it at http://www.ispconfig.org

its lol ? ... trool

On Sun, 19 Jul 2009 20:29:08 +0200, Ignacio Garcia  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> 
 -Continued use of Courier-IMAP.  Not so much because I like it, but I
 don't want POP UUIDs changing or any big changes in IMAP quirks that
 suddenly cause users grief.  It seems like Courier+Maildrop is fairly
 common though, so I think I'm safe there.
>>
> 
> We recently moved from a very good, very old and unmaintained
> LDAP+Postfix+Cyrus solution (ISPMan) to ISPConfig version 3
> (MySQL+Postfix+Courier(+Amavisd-new)) and we are quite happy with it.
> Check it at http://www.ispconfig.org
> 
> Ignacio
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkpjZfEACgkQoYMx3fsuWuq8sACggt4mZFqWgiNtdgS5e4vy7D4V
> pxgAn1EZPeH7IDBb9hEjzhOrTrnNzLWe
> =5zCe
> -END PGP SIGNATURE-

Re: Postfix "Toaster" - replacing vpopmail

[Ignacio Garcia]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

fakessh escribió:
>> (MySQL+Postfix+Courier(+Amavisd-new)) and we are quite happy with it.
>> Check it at http://www.ispconfig.org
> 
> its lol ? ... trool

I don't think so. Why do you think it is? I mean, the man asks for
something that can work with courier, he uses mostly pop3 for accessing
email, it has a good admin interface, so I believe ISPConfig version 3
works great for that. If I'm mistaken, could tell me the reason for that
so I can stop recommending/using it?

Ignacio
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpje78ACgkQoYMx3fsuWuqwGgCghhOW8hcrshn4XbzmSaQrYkKy
a7MAnAqLt9zmaLnRZVB+HeYkIe3F3Pnf
=xEjG
-END PGP SIGNATURE-

Re: OT: Why are my servers strong passwords compromised

[Charles Sprickman]

On Sat, 18 Jul 2009, Damian Myerscough wrote:


Hello,

Just out of curiosity how do you let your users change their passwords?


There's a few routes, since vpopmail basically stores everything in a 
database:


-a squirrelmail plugin
-a standalone php page
-Freeside's account management page
-"passwd" on the shell server (which is hooked-in to the vpopmail db via 
pam_mysql)


Charles


2009/7/18 Charles Sprickman :

On Sat, 18 Jul 2009, ram wrote:


We run smtp services for our clients using smtp-auth. And nowadays we
also enforce a strong password (minimum alphanumeric)
But still people's passwords get compromised. Even a relatively strong
password. To save our postfix servers I have implemented rate-limits ,
and outgoing spam scanning.
[...]
How do spammers get these passwords ??


I see our users hit with phishing attempts every few months, and the pattern
seems to be that once one phishing attempt hits, there's a few more in the
same week.  Usually shortly thereafter we find at least one account that is
being abused either at the smtp or webmail level to spew spam.

Oddly enough, the "quality" of the phish does not seem to change the numbers
- the truly ridiculous ones that are written in broken english and have
quite farcical return addresses seem to work as well as the more carefully
forged ones.  Each time we block the reply address(es) and send a warning
message stating again that we "will never ask you for your password".  Yet
each time someone falls for it...

Charles



Thanks
Ram









--
Regards,
Damian Myerscough

Re: Postfix "Toaster" - replacing vpopmail

[Charles Sprickman]

On Sat, 18 Jul 2009, Charles Marcus wrote:


On 7/18/2009, Sahil Tandon (sa...@tandon.net) wrote:

Just so I understand, you don't use POP3 on the server you manage;
you have never compared POP3 performance on Dovecot vs.
$something_else, but you are commenting on the lack of performance
benefit? :)


Only because I've been on the dovecot mailing list for a long time and
seen Timo make similar comments more than once - and his opinion on the
matter is one I trust. :)

But I haven't seen this question come up in a while, which is why I
added the disclaimer...


See: http://wiki.dovecot.org/POP3Server


Yep, seems to say something similar...


Oh no, what have I started? :)

We are primarily using POP, but with more iPhone users, and a new mail 
server that actually lets me dole out more space, I think we'll likely 
push IMAP more.


I've heard good things about Dovecot, but was unaware the migration was so 
simple.  Thanks for pointing that out...


Charles


--

Best regards,

Charles

Postfix - Ubuntu - Amavis-New

[Carl A jeptha]

Hi,
Originally I had a working version of Postfix, But due to clients' 
clicking and downloading things they shouldn't our mailserver was 
getting blacklisted to often.

I proceeded to implement the Amavis-New instructions as per this this site:
https://help.ubuntu.com/community/PostfixAmavisNew
eventually I was able to set up the server today, but receive the 
following errors at bootup:


Jul 19 17:23:45 mail spamass-milter[3544]: spamass-milter 0.3.1 starting
Jul 19 17:23:45 mail postfix/smtp[3550]: fatal: unexpected command-line 
argument: 127.0.0.1:10025

When checking the mail queue I see incoming mail has the following error:

744D236FA213 
 
2009/07/19 17:25 	moni...@airnet.ca 	s...@airnet.ca 	475 bytes 	mail 
transport unavailable


requeuing it will get the email delivered

Here follows my main.cf and master.cf

MAIN.CF

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mxxx.xx.xx
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = x.xx, .xx.xx, localhost.xx.xx, localhost
mynetworks = mysql:/etc/postfix/mysql/mynetworks.cf
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +

local_recipient_maps = $alias_maps $virtual_mailbox_maps 
proxy:unix:passwd.byname
#mynetworks = mysql:/etc/postfix/mysql/mynetworks.cf
#mynetworks = /etc/postfix/mynetworks
alias_maps = hash:/etc/aliases
home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
#mailbox_command = procmail -a "$EXTENSION"
#mailbox_command = /usr/bin/maildrop
mailbox_command = /usr/bin/maildrop

smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_etrn_restrictions = reject
smtpd_data_restrictions = reject_unauth_pipelining, permit
show_user_unknown_table_name = no

#local_header_rewrite_clients = permit_mynetworks,
#   permit_sasl_authenticated, permit_tls_clientcerts,
#   check_address_map hash:/etc/postfix/pop-before-smtp

# Virtual Hosts config

# Allow Proxy config for maps:
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
 $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
 $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
 $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
 $virtual_mailbox_limit_maps $virtual_uid_maps $virtual_gid_maps


# Custom Virtual Domain configuration:
message_size_limit = 20971520
transport_maps = proxy:mysql:/etc/postfix/mysql/vdomain.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/vmailbox.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/alias.cf 
hash:/etc/mailman/aliases
virtual_uid_maps = proxy:mysql:/etc/postfix/mysql/vuid.cf
virtual_gid_maps = proxy:mysql:/etc/postfix/mysql/vgid.cf
virtual_mailbox_base = /
virtual_mailbox_limit = 209715200
virtual_mailbox_extended = yes
virtual_create_maildirsize = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql/vmlimit.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_limit_inbox = no
virtual_overquote_bounce = yes
virtual_minimum_uid = 1

# Mail Queue optimizations:
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 4h
delay_warning_time = 1h
biff = no
append_dot_mydomain = no
qmgr_message_active_limit = 500

# SASL Stuff:
smtpd_sasl_auth_enable = yes
#smtpd_sasl_local_domain = $myhostname
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
#  permit_mynetworks,
smtpd_helo_restrictions = permit_sasl_authenticated  check_helo_access 
hash:/etc/postfix/helo_access reject_non_fqdn_hostname 
reject_unknown_reverse_client_hostname permit
#  warn_if_permit permit_mynetworks
#  deleted this - reject_unknown_hostname
smtpd_sender_restrictions = permit_sasl_authenticated  permit_mynetworks  
reject_non_fqdn_sender   permit
#  reject_unverified_sender
#  reject_rhsbl_sender relays.ordb.org
#  reject_rhsbl_sender opm.blitzed.org
#  reject_rhsbl_sender dun.dnsrbl.net
#  reject_unknown_client_hostname
#  reject_rbl_client opm.blitzed.org
#  check_policy_service unix:private/policy

Re: Postfix - Ubuntu - Amavis-New

[Wietse Venema]

Carl A jeptha:
> Jul 19 17:23:45 mail postfix/smtp[3550]: fatal: unexpected command-line 
> argument: 127.0.0.1:10025

And in master.cf:

> smtp-amavis unix - - y - 2 smtp
>  -o smtp_data_done_timeout=1200
>  -o smtp_send_xforward_command=yes
>  -o disable_dns_lookups=yes
>  -o max_use=20
> 
>  127.0.0.1:10025 inet n - y - - smtpd

Remove the space from the beginning of the line with 127.0.0.1:10025.
See "man 5 master" for file syntax.

Wietse

Re: Postfix - Ubuntu - Amavis-New

[mouss]

Carl A jeptha a écrit :
> Hi,
> Originally I had a working version of Postfix, But due to clients'
> clicking and downloading things they shouldn't our mailserver was
> getting blacklisted to often.
> I proceeded to implement the Amavis-New instructions as per this this site:
> https://help.ubuntu.com/community/PostfixAmavisNew
> eventually I was able to set up the server today, but receive the
> following errors at bootup:
> 
> Jul 19 17:23:45 mail spamass-milter[3544]: spamass-milter 0.3.1 starting
> Jul 19 17:23:45 mail postfix/smtp[3550]: fatal: unexpected command-line 
> argument: 127.0.0.1:10025
> 

remove the spaces before 127.0.0.1:10025 in your master.cf.

Leading spaces mean it is a continuation line. read postconf(5) for more
on this.

> When checking the mail queue I see incoming mail has the following error:
> 

Always show _logs_ instead of queue text or bounces.

> [snip]
> 
> Here follows my main.cf and master.cf
> 
> MAIN.CF
> 

don't show main.cf. show output of 'postconf -n'.

> [snip]
> smtp-amavis unix - - y - 2 smtp
>  -o smtp_data_done_timeout=1200
>  -o smtp_send_xforward_command=yes
>  -o disable_dns_lookups=yes
>  -o max_use=20
> 
>  127.0.0.1:10025 inet n - y - - smtpd

do you see the space before 127... ?


> [snip]

Re: Postfix - Ubuntu - Amavis-New

[Carl A jeptha]

see my reply to Mouss.

But thank you for your reply also. That error caused the "mail transport 
unavailable"  error.


You have a Good Day now,


Carl A Jeptha
http://www.airnet.ca
Office Phone: 905 349-2084
Office Hours: 9:00am - 5:00pm
skype cajeptha



Wietse Venema wrote:

Carl A jeptha:
  

Jul 19 17:23:45 mail postfix/smtp[3550]: fatal: unexpected command-line 
argument: 127.0.0.1:10025



And in master.cf:

  

smtp-amavis unix - - y - 2 smtp
 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes
 -o disable_dns_lookups=yes
 -o max_use=20

 127.0.0.1:10025 inet n - y - - smtpd



Remove the space from the beginning of the line with 127.0.0.1:10025.
See "man 5 master" for file syntax.

Wietse
  

Postfix and IDENT (RFC1413)

[Byung-Hee HWANG]

Still not support?

-- 
Byung-Hee HWANG, KNU
∑ WWW: http://izb.knu.ac.kr/~bh/

"Never mind being a dance judge, do your job. Take a walk around the
neighborhood and see everything is OK."
-- Peter Clemenza, "Chapter 1", page 20

Re: Postfix and IDENT (RFC1413)

[Terry Carmen]

> Still not support?
>
>
Postfix implements the SMTP protocol. Why would you expect it to implement 
Ident?

Terry

Re: Getting a lot of these

[LuKreme]

On 19-Jul-2009, at 07:35, Wietse Venema wrote:

LuKreme:

Weitse:

LuKreme:

Getting a lot of these:

postfix/trivial-rewrite[88525]: fatal: proxy:mysql:/usr/local/etc/
postfix/mysql_virtual_domains_maps.cf(0,lock|fold_fix): table  
lookup

problem


Log for trivial-rewrite warning: records in Postfix logs.

Look in the MySQL logs.


Despite my.cfg having log=/var/log/mysqld.log in it, apparently
nothing is being logged to the logfile, only a 'logfile turned over'.


Look in the PREVIOUS logfile.


All the logfiles say only 'logfile turned over'. Evidently, mysql is  
setup to log to some bin log file with a name ending in .0#


$ file /var/db/mysql/mail-bin.02
/var/db/mysql/mail-bin.02: MySQL replication log

But as I said, I found that this was simply a password mismatch error  
for the lookup table. I will have to poke the mysql geek for some log- 
fu info. Looking at the logfile from within phpmyadmin is a large pain  
in the nether posterior.


--
From deep inside the tears that I'm forced to cry
From deep inside the pain I--I chose to hide