Re: What's wrong with my postfixclient.key?

[sean darcy]

Victor Duchovni wrote:

On Mon, Sep 14, 2009 at 09:11:43PM -0400, sean darcy wrote:

This is way simpler than any of the howto's for gmail relay access. Or the 
TLS_README.


It's weird how everyone make this so complicated.


Which part of TLS_README led you astray? In the section on client certificates:

http://www.postfix.org/TLS_README.html#client_cert_key

the first paragraph, reads:

Do not configure Postfix SMTP client certificates unless you must present
client TLS certificates to one or more servers. Client certificates are
not usually needed, and can cause problems in configurations that work
well without them. The recommended setting is to let the defaults stand:

smtp_tls_cert_file =
smtp_tls_dcert_file =
smtp_tls_key_file =
smtp_tls_dkey_file =
# Postfix >= 2.6
smtp_tls_eccert_file =
smtp_tls_eckey_file =

The best way to use the default settings is to comment out the above
parameters in main.cf if present.

I thought this would serve the intended goal of helping people to avoid
unnecessary SMTP client certificates.



I was lead astray by various howto's on how to setup the google relay. 
All the ones I saw included setting up the client TLS certificates. 
Therefore I assumed they must be presented. Not so.


sean

How to receive email on my postfix server

[Arora, Sumit]

I have some doubt in receiving email.

What I understand I just need one domain name associated with my server ip 
address, 
and I need to enter this domain in postfix configuration. That's it.

I don't need to send emails from this server.

I guess that is all I need, can anybody confirm it?

Thanks,
Sumit Arora

Re: How to receive email on my postfix server

[Patrick Ben Koetter]

* Arora, Sumit :
> I have some doubt in receiving email.

Postfix is a SMTP server. It transports (read: sends) messages.
If you want to receive messages you need an IMAP or POP server such as
Dovecot, Courier, Cyrus IMAP or ...

p...@rick



> 
> What I understand I just need one domain name associated with my server ip 
> address, 
> and I need to enter this domain in postfix configuration. That's it.
> 
> I don't need to send emails from this server.
> 
> I guess that is all I need, can anybody confirm it?
> 
> Thanks,
> Sumit Arora

-- 
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):

RE: How to receive email on my postfix server

[Arora, Sumit]

What I understand Postfix is a smtp server, it will also receive emails.
What I need is, postfix to receive emails and my component will process those 
emails, i don't need to receive emails from my postfix server.

-Sumit

-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of Patrick Ben Koetter
Sent: Thursday, September 17, 2009 2:18 PM
To: postfix-users@postfix.org
Subject: Re: How to receive email on my postfix server

* Arora, Sumit :
> I have some doubt in receiving email.

Postfix is a SMTP server. It transports (read: sends) messages.
If you want to receive messages you need an IMAP or POP server such as
Dovecot, Courier, Cyrus IMAP or ...

p...@rick



> 
> What I understand I just need one domain name associated with my server ip 
> address, 
> and I need to enter this domain in postfix configuration. That's it.
> 
> I don't need to send emails from this server.
> 
> I guess that is all I need, can anybody confirm it?
> 
> Thanks,
> Sumit Arora

-- 
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):

Re: How to receive email on my postfix server

[Patrick Ben Koetter]

* Arora, Sumit :
> What I understand Postfix is a smtp server, it will also receive emails.

correct.

> What I need is, postfix to receive emails and my component will process
> those emails, i don't need to receive emails from my postfix server.

Postfix can do that for you.

Postfix basically runs out of the box. It will impersonate as your hosts
hostname unless you configure it differently and accept messages for users
that have an account on your server and will put them into
/var/mail/ unless you specify something else.

You could, for example, create an alias in (usually) /etc/aliases and pipe the
incoming message to a script. You could also write your own little SMTP server
and have Postfix send incoming messages to your server and it does whatever
you instruct it to do with the message.

You might need to configure the inet_interfaces parameter, since some OS
vendors set it to listen on localhost only.

But before I go on...

Tell us what the setup you need is and send us output from "postconf -n" and
we will be able to help you a lot better than now.

p...@rick


> 
> -Sumit
> 
> -Original Message-
> From: owner-postfix-us...@postfix.org 
> [mailto:owner-postfix-us...@postfix.org] On Behalf Of Patrick Ben Koetter
> Sent: Thursday, September 17, 2009 2:18 PM
> To: postfix-users@postfix.org
> Subject: Re: How to receive email on my postfix server
> 
> * Arora, Sumit :
> > I have some doubt in receiving email.
> 
> Postfix is a SMTP server. It transports (read: sends) messages.
> If you want to receive messages you need an IMAP or POP server such as
> Dovecot, Courier, Cyrus IMAP or ...
> 
> p...@rick
> 
> 
> 
> > 
> > What I understand I just need one domain name associated with my server ip 
> > address, 
> > and I need to enter this domain in postfix configuration. That's it.
> > 
> > I don't need to send emails from this server.
> > 
> > I guess that is all I need, can anybody confirm it?
> > 
> > Thanks,
> > Sumit Arora
> 
> -- 
> All technical questions asked privately will be automatically answered on the
> list and archived for public access unless privacy is explicitely required and
> justified.
> 
> saslfinger (debugging SMTP AUTH):
> 

-- 
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):

virtual_mailbox_base Question

[John Dubchak]

Hi,

I have a functioning postfix-2.6.5 upgraded installation running.  The
current setup has 

virtual_mailbox_base=/var/spool/virutal_mailboxes

and uses postgres to return the remaining portion of the delivery path
(eg. /domain/username/) to append to virtual_mailbox_base to create the
correct delivery path - or so I assume.

I read the documentation that said the default value for
virtual_mailbox_base is blank if it is not present.  I wanted to create
a more flexible system and decided to change the query in
virtual_mailbox_maps to return the fully derived mail delivery path and
remove virtual_mailbox_base altogether, however, given that
configuration change, mail does not get delivered.  So I believe I am
wrong in thinking that those are the only 2 things that need to change
in order to fully derive that delivery path.

What else am I missing?

Thanks for any clarity you can provide,
John

#> postconf -n
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
canonical_maps = pgsql:/etc/postfix/sql/pgsql-canonical-maps.cf
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_domains = $mydomain
message_size_limit = 1024
mydestination = $myhostname
mydomain = eliteswa.com
myhostname = mail.eliteswa.com
mynetworks = 192.168.0.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,   reject_non_fqdn_recipient,
reject_non_fqdn_sender,   reject_unauth_destination,
reject_unknown_sender_domain,   reject_rbl_client
zen.spamhaus.org
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/sender_access_map
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/eliteswa-cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/eliteswa-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = pgsql:/etc/postfix/sql/pgsql-virtual-alias-maps.cf
virtual_gid_maps = pgsql:/etc/postfix/sql/pgsql-virtual-gid-maps.cf
virtual_mailbox_base = /var/spool/virtual_mailboxes
virtual_mailbox_domains =
pgsql:/etc/postfix/sql/pgsql-virtual-mailbox-domains.cf
virtual_mailbox_maps =
pgsql:/etc/postfix/sql/pgsql-virtual-mailbox-recipients.cf
virtual_uid_maps = pgsql:/etc/postfix/sql/pgsql-virtual-uid-maps.cf

RE: How to receive email on my postfix server

[Arora, Sumit]

Thanks a lot Patrick.

Here are my requirements:
- I have to setup my own SMTP server to receive emails (I chose 
postfix, sm body referred me)
- Then I have to pass the email body and attachments to a component to 
process it.
- My postfix server should be able to receive all emails sent to my 
domain name e.g. anyth...@mydomain.com
- It is preferred that there should not be any time gap between I 
receive email and process them, so probably I cannot have any other small smtp  
server to fetch emails from my postfix server.
- By security perspective, my postfix server should be able to do 
anti-spoofing and stop junk emails.
- There is no requirement of sending email from my postfix server. 

Here is the output of "postconf -n"

[r...@sarora postfix]# postconf -n
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = 16.150.18.223, $myhostname, localhost
local_recipient_maps = 
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = sarora.com
myhostname = sarora.com
mynetworks_style = subnet
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
proxy_interfaces = 16.212.0.103:8080
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550


Many Thanks,
Sumit Arora

-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of Patrick Ben Koetter
Sent: Thursday, September 17, 2009 2:50 PM
To: postfix-users@postfix.org
Subject: Re: How to receive email on my postfix server

* Arora, Sumit :
> What I understand Postfix is a smtp server, it will also receive emails.

correct.

> What I need is, postfix to receive emails and my component will process
> those emails, i don't need to receive emails from my postfix server.

Postfix can do that for you.

Postfix basically runs out of the box. It will impersonate as your hosts
hostname unless you configure it differently and accept messages for users
that have an account on your server and will put them into
/var/mail/ unless you specify something else.

You could, for example, create an alias in (usually) /etc/aliases and pipe the
incoming message to a script. You could also write your own little SMTP server
and have Postfix send incoming messages to your server and it does whatever
you instruct it to do with the message.

You might need to configure the inet_interfaces parameter, since some OS
vendors set it to listen on localhost only.

But before I go on...

Tell us what the setup you need is and send us output from "postconf -n" and
we will be able to help you a lot better than now.

p...@rick


> 
> -Sumit
> 
> -Original Message-
> From: owner-postfix-us...@postfix.org 
> [mailto:owner-postfix-us...@postfix.org] On Behalf Of Patrick Ben Koetter
> Sent: Thursday, September 17, 2009 2:18 PM
> To: postfix-users@postfix.org
> Subject: Re: How to receive email on my postfix server
> 
> * Arora, Sumit :
> > I have some doubt in receiving email.
> 
> Postfix is a SMTP server. It transports (read: sends) messages.
> If you want to receive messages you need an IMAP or POP server such as
> Dovecot, Courier, Cyrus IMAP or ...
> 
> p...@rick
> 
> 
> 
> > 
> > What I understand I just need one domain name associated with my server ip 
> > address, 
> > and I need to enter this domain in postfix configuration. That's it.
> > 
> > I don't need to send emails from this server.
> > 
> > I guess that is all I need, can anybody confirm it?
> > 
> > Thanks,
> > Sumit Arora
> 
> -- 
> All technical questions asked privately will be automatically answered on the
> list and archived for public access unless privacy is explicitely required and
> justified.
> 
> saslfinger (debugging SMTP AUTH):
> 

-- 
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):

execvp /usr/local/lib/postfix-policyd-spf-perl: No such file or directory

[Dirk H. Schulz]

Hi folks,

I am running postfix mail gateways on several UNIXes, and they have the 
same or similar configurations.


On my NetBSD gateway I get lots of these errors in the mail log:
spawn[18506]: fatal: spawn_comand: execvp 
/usr/local/lib/postfix-policyd-spf-perl: No such file or directory

This is the entry in master.cf:
policy  unix  -   n   n   -   0   
spawn
 
user=nobody 
argv=/usr/local/lib/postfix-policyd-spf-perl   
 

and this is the entry in main.cf:
check_policy_service 
unix:private/policy   
 
If I /*copy*/ the path from the error message above and do an ls -l on 
it, it works, so the file is there:

bash-4.0# ls -l /usr/local/lib/postfix-policyd-spf-perl
-rwxr-xr-x  1 root  wheel  11526 Aug 21 17:19 
/usr/local/lib/postfix-policyd-spf-perl
The rights on the file and the path are the same or similar as those on 
the gateways where that works. I am simply stuck where to look at - any 
hint or help is appreciated.


Dirk

Re: execvp /usr/local/lib/postfix-policyd-spf-perl: No such file or directory

[Wietse Venema]

Dirk H. Schulz:
> Hi folks,
> 
> I am running postfix mail gateways on several UNIXes, and they have the 
> same or similar configurations.
> 
> On my NetBSD gateway I get lots of these errors in the mail log:
> > spawn[18506]: fatal: spawn_comand: execvp 
> > /usr/local/lib/postfix-policyd-spf-perl: No such file or directory

You have a bad pathname in the first line of the script file,
or you have edit the file with a non-ASCII editor.

Wietse

RE: From Altered After Mail Accepted

[wiskbroom]

On Tue, 15 Sep 2009 16:05:42 +0100, Mark Goodge 
> wrote:
>> wiskbr...@hotmail.com wrote:
>>>
>>>
>>> I am seeing a few spams coming through with a from address (seen on my
>>> postfix logs) that does not match the "From" address shown on my users
>>> Outlook. In fact my users are seeing a "From" address as their own,
>>> something that my postfix server currently does not allow using
>>> mynetworks and permitting this using smtpd_recipient_restrictions.
>>
>> Does it possibly have a From line that looks like this:
>>
>> From: "real.addr...@yourcompany.tld" 
>>
>> Postfix will (correctly) consider the address in angle brackets as the
>> actual address, but Outlook (and many other mail clients) will hide that
>> and display the part in quotes, as it will interpret that as the
>> sender's name.
>
> Postfix will not consider the address in the FROM header. It will look at
> the address in the MAIL FROM address in the smtp stage. These addresses can
> be different.
>>
>> Mark

How can I tell then what the envelope looks like?  The logs are not showing 
anything unusual.  Here they are:

None of the inbound spam emails  contain anything at all like (From: 
"real.addr...@yourcompany.tld"),  all of them contain (from=), although the 
emails are sent to numerous recipients, so just one "from:" per smtp session.

Oddly enough, the connecting/offending site also triggered this message in my 
postfix logs:

Sep 11 23:59:54 smtp-gw postfix/anvil[17292]: [ID 197553 mail.info] statistics: 
max connection rate 2/60s for (smtp:192.168.123.1) at Sep 11 23:55:53
Sep 11 23:59:54 smtp-gw postfix/anvil[17292]: [ID 197553 mail.info] statistics: 
max connection count 2 for (smtp:192.168.123.1) at Sep 11 23:55:53
Sep 11 23:59:54 smtp-gw postfix/anvil[17292]: [ID 197553 mail.info] statistics: 
max cache size 8 at Sep 11 23:56:23

Here is an example of just one of my MANY logs for a session which has resulted 
in my receiving inbound spam having a "From" address somehow appearing as it 
were coming from me. As I've said earlier, I restrict inbound email with a from 
address of my own domains by IP, and the site s that are able to sneak in are 
not from those IP's.

Sep 11 23:55:55 smtp-gw postfix/smtpd[18200]: [ID 197553 mail.info] 
A4AD334F038: client=unknown[192.168.123.1]
Sep 11 23:56:06 smtp-gw postfix/cleanup[19988]: [ID 197553 mail.info] 
A4AD334F038: message-id=
Sep 11 23:56:06 smtp-gw postfix/qmgr[17278]: [ID 197553 mail.info] A4AD334F038: 
from=, size=2321, nrcpt=10 (queue active)
Sep 11 23:56:06 smtp-gw postfix/smtp[19065]: [ID 197553 mail.info] A4AD334F038: 
to=, relay=127.0.0.1[127.0.0.1]:10025, delay=11, delays=11/0/0/0.24, dsn=2.0.0, 
status=sent (250 OK, sent 4AB1B356_21275_170598_1 9C3E834F03A)
Sep 11 23:56:06 smtp-gw postfix/smtp[19065]: [ID 197553 mail.info] A4AD334F038: 
to=, relay=127.0.0.1[127.0.0.1]:10025, delay=11, delays=11/0/0/0.24, dsn=2.0.0, 
status=sent (250 OK, sent 4AB1B356_21275_170598_1 9C3E834F03A)
Sep 11 23:56:06 smtp-gw postfix/smtp[19065]: [ID 197553 mail.info] A4AD334F038: 
to=, relay=127.0.0.1[127.0.0.1]:10025, delay=11, delays=11/0/0/0.24, dsn=2.0.0, 
status=sent (250 OK, sent 4AB1B356_21275_170598_1 9C3E834F03A)
Sep 11 23:56:06 smtp-gw postfix/smtp[19065]: [ID 197553 mail.info] A4AD334F038: 
to=, relay=127.0.0.1[127.0.0.1]:10025, delay=11, delays=11/0/0/0.24, dsn=2.0.0, 
status=sent (250 OK, sent 4AB1B356_21275_170598_1 9C3E834F03A)
Sep 11 23:56:06 smtp-gw postfix/smtp[19065]: [ID 197553 mail.info] A4AD334F038: 
to=, relay=127.0.0.1[127.0.0.1]:10025, delay=11, delays=11/0/0/0.24, dsn=2.0.0, 
status=sent (250 OK, sent 4AB1B356_21275_170598_1 9C3E834F03A)
Sep 11 23:56:06 smtp-gw postfix/smtp[19065]: [ID 197553 mail.info] A4AD334F038: 
to=, relay=127.0.0.1[127.0.0.1]:10025, delay=11, delays=11/0/0/0.24, dsn=2.0.0, 
status=sent (250 OK, sent 4AB1B356_21275_170598_1 9C3E834F03A)
Sep 11 23:56:06 smtp-gw postfix/smtp[19065]: [ID 197553 mail.info] A4AD334F038: 
to=, relay=127.0.0.1[127.0.0.1]:10025, delay=11, delays=11/0/0/0.24, dsn=2.0.0, 
status=sent (250 OK, sent 4AB1B356_21275_170598_1 9C3E834F03A)
Sep 11 23:56:06 smtp-gw postfix/smtp[19065]: [ID 197553 mail.info] A4AD334F038: 
to=, relay=127.0.0.1[127.0.0.1]:10025, delay=11, delays=11/0/0/0.24, dsn=2.0.0, 
status=sent (250 OK, sent 4AB1B356_21275_170598_1 9C3E834F03A)
Sep 11 23:56:06 smtp-gw postfix/smtp[19065]: [ID 197553 mail.info] A4AD334F038: 
to=, relay=127.0.0.1[127.0.0.1]:10025, delay=11, delays=11/0/0/0.24, dsn=2.0.0, 
status=sent (250 OK, sent 4AB1B356_21275_170598_1 9C3E834F03A)
Sep 11 23:56:06 smtp-gw postfix/smtp[19065]: [ID 197553 mail.info] A4AD334F038: 
to=, relay=127.0.0.1[127.0.0.1]:10025, delay=11, delays=11/0/0/0.24, dsn=2.0.0, 
status=sent (250 OK, sent 4AB1B356_21275_170598_1 9C3E834F03A)
Sep 11 23:56:06 smtp-gw postfix/qmgr[17278]: [ID 197553 mail.info] A4AD334F038: 
removed

Can anyone please help?  I am getting killed by this new spam.

Thanks,

.vp

Re: execvp /usr/local/lib/postfix-policyd-spf-perl: No such file or directory

[Dirk H. Schulz]

Hi Wietse,

Wietse Venema schrieb:

Dirk H. Schulz:
  

Hi folks,

I am running postfix mail gateways on several UNIXes, and they have the 
same or similar configurations.


On my NetBSD gateway I get lots of these errors in the mail log:

spawn[18506]: fatal: spawn_comand: execvp 
/usr/local/lib/postfix-policyd-spf-perl: No such file or directory
  


You have a bad pathname in the first line of the script file,
  

You are right. I had to adjust the perl path.

Thanks a lot!

Dirk

Re: From Altered After Mail Accepted

[Noel Jones]

On 9/17/2009 9:04 AM, wiskbr...@hotmail.com wrote:


How can I tell then what the envelope looks like?


Postfix logs the envelope address.
Examine the logs for this message; postfix logs it as from 
 but the From: is my address.



The logs are not showing anything unusual.  Here they are:

None of the inbound spam emails  contain anything at all like (From: 
"real.addr...@yourcompany.tld"),  all of them contain (from=), although the emails are 
sent to numerous recipients, so just one "from:" per smtp session.

Oddly enough, the connecting/offending site also triggered this message in my 
postfix logs:

Sep 11 23:59:54 smtp-gw postfix/anvil[17292]: [ID 197553 mail.info] statistics: 
max connection rate 2/60s for (smtp:192.168.123.1) at Sep 11 23:55:53
Sep 11 23:59:54 smtp-gw postfix/anvil[17292]: [ID 197553 mail.info] statistics: 
max connection count 2 for (smtp:192.168.123.1) at Sep 11 23:55:53
Sep 11 23:59:54 smtp-gw postfix/anvil[17292]: [ID 197553 mail.info] statistics: 
max cache size 8 at Sep 11 23:56:23


Is this 192.168.123.1 the actual IP address in the logs, or 
have you altered it?




Here is an example of just one of my MANY logs for a session which has resulted in my 
receiving inbound spam having a "From" address somehow appearing as it were 
coming from me. As I've said earlier, I restrict inbound email with a from address of my 
own domains by IP, and the site s that are able to sneak in are not from those IP's.

Sep 11 23:55:55 smtp-gw postfix/smtpd[18200]: [ID 197553 mail.info] 
A4AD334F038: client=unknown[192.168.123.1]
Sep 11 23:56:06 smtp-gw postfix/cleanup[19988]: [ID 197553 mail.info] 
A4AD334F038: message-id=
Sep 11 23:56:06 smtp-gw postfix/qmgr[17278]: [ID 197553 mail.info] A4AD334F038: 
from=, size=2321, nrcpt=10 (queue active)


Is that the real client IP?
Are the message-id= and from= really logged as empty, or did 
you alter them?




Can anyone please help?  I am getting killed by this new spam.


Don't confuse the envelope sender as logged by Postfix with 
the From: header displayed by your mail client.



  -- Noel Jones

Re: (more) slow transport not working

[AndrewLong]

Wietse Venema wrote:
> 
> You forgot the transport table configuration. Without this,
> Postfix will never use the "slow" transport.
> 
>   Wietse
> 

/etc/postfix/transport::
yahoo.com   slow:

followed by postmap hash:/etc/postfix/transport

I'm sorry, I should have included that this step was also done
and that transport.db exists.

- Andrew
-- 
View this message in context: 
http://www.nabble.com/%28more%29-slow-transport-not-working-tp25471227p25492006.html
Sent from the Postfix mailing list archive at Nabble.com.

Re: (more) slow transport not working

[/dev/rob0]

On Thursday 17 September 2009 12:11:22 AndrewLong wrote:
> Wietse Venema wrote:
> > You forgot the transport table configuration. Without this,
> > Postfix will never use the "slow" transport.

> /etc/postfix/transport::
> yahoo.com   slow:
>
> followed by postmap hash:/etc/postfix/transport
>
> I'm sorry, I should have included that this step was also done
> and that transport.db exists.

Next step: "postconf transport_maps". By default transport_maps is
not set.
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: (more) slow transport not working

[fursink]

On Thu, Sep 17, 2009 at 1:17 PM, /dev/rob0  wrote:
> On Thursday 17 September 2009 12:11:22 AndrewLong wrote:
>> Wietse Venema wrote:
>> > You forgot the transport table configuration. Without this,
>> > Postfix will never use the "slow" transport.
>
>> /etc/postfix/transport::
>> yahoo.com       slow:
>>
>> followed by postmap hash:/etc/postfix/transport
>>
>> I'm sorry, I should have included that this step was also done
>> and that transport.db exists.
>
> Next step: "postconf transport_maps". By default transport_maps is
> not set.
> --
>    Offlist mail to this address is discarded unless
>    "/dev/rob0" or "not-spam" is in Subject: header
>

# postconf transport_maps
transport_maps = hash:/etc/postfix/transport

reloaded many times during debug...

Sep 17 13:25:55 tmail postfix/smtp[27618]: EBC6F87D49:
to=, relay=e.mx.mail.yahoo.com[216.39.53.1]:25,
delay=3.7, delays=0.02/0/0.64/3, dsn=2.0.0, status=sent (250 ok
dirdel)
Sep 17 13:25:55 tmail postfix/qmgr[27609]: EBC6F87D49: removed

still no indication slow transport is working.

- Andrew

Re: (more) slow transport not working

[Victor Duchovni]

On Thu, Sep 17, 2009 at 01:27:45PM -0400, fursink wrote:

> Sep 17 13:25:55 tmail postfix/smtp[27618]: EBC6F87D49:
> to=, relay=e.mx.mail.yahoo.com[216.39.53.1]:25,
> delay=3.7, delays=0.02/0/0.64/3, dsn=2.0.0, status=sent (250 ok
> dirdel)
> Sep 17 13:25:55 tmail postfix/qmgr[27609]: EBC6F87D49: removed
> 
> still no indication slow transport is working.

Postfix 2.3 does not support the rate_delay feature, this is new with
2.5 and works correctly as of 2.5.6.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

RE: From Altered After Mail Accepted

[wiskbroom]

> On 9/17/2009 9:04 AM, wiskbr...@hotmail.com wrote:
>
>> How can I tell then what the envelope looks like?
>
> Postfix logs the envelope address.
> Examine the logs for this message; postfix logs it as from
>  but the From: is my address.
>
>> The logs are not showing anything unusual. Here they are:
>>
>> None of the inbound spam emails contain anything at all like (From: 
>> "real.addr...@yourcompany.tld"), all of them contain (from=), although the 
>> emails are sent to numerous recipients, so just one "from:" per smtp session.
>>
>> Oddly enough, the connecting/offending site also triggered this message in 
>> my postfix logs:
>>
>> Sep 11 23:59:54 smtp-gw postfix/anvil[17292]: [ID 197553 mail.info] 
>> statistics: max connection rate 2/60s for (smtp:192.168.123.1) at Sep 11 
>> 23:55:53
>> Sep 11 23:59:54 smtp-gw postfix/anvil[17292]: [ID 197553 mail.info] 
>> statistics: max connection count 2 for (smtp:192.168.123.1) at Sep 11 
>> 23:55:53
>> Sep 11 23:59:54 smtp-gw postfix/anvil[17292]: [ID 197553 mail.info] 
>> statistics: max cache size 8 at Sep 11 23:56:23
>
> Is this 192.168.123.1 the actual IP address in the logs, or
> have you altered it?

It's been altered, the original was an IP address from Russia which I've since 
blocked, but have since received identical emails from other IP addresses, from 
other countries too. 

>> Here is an example of just one of my MANY logs for a session which has 
>> resulted in my receiving inbound spam having a "From" address somehow 
>> appearing as it were coming from me. As I've said earlier, I restrict 
>> inbound email with a from address of my own domains by IP, and the site s 
>> that are able to sneak in are not from those IP's.

>>
>> Sep 11 23:55:55 smtp-gw postfix/smtpd[18200]: [ID 197553 mail.info] 
>> A4AD334F038: client=unknown[192.168.123.1]

>> Sep 11 23:56:06 smtp-gw postfix/cleanup[19988]: [ID 197553 mail.info] 
>> A4AD334F038: message-id=
>> Sep 11 23:56:06 smtp-gw postfix/qmgr[17278]: [ID 197553 mail.info] 
>> A4AD334F038: from=, size=2321, nrcpt=10 (queue active)
>
> Is that the real client IP?

Same as above, the client in this case is the offenders IP "public" IP address.


> Are the message-id= and from= really logged as empty, or did
> you alter them?

Ugh!  I guess I did alter it, well not really, just did a poor copy/paste...
The right one read something like this:

Sep 16 23:56:06 smtp-gw postfix/cleanup[19988]: [ID 197553 mail.info] 
A4AD334F038: message-id=

>
>
>> Can anyone please help? I am getting killed by this new spam.
>
> Don't confuse the envelope sender as logged by Postfix with
> the From: header displayed by your mail client.

Thanks.  Is their a way to ensure that these are the same?  How can I ensure 
that the From: header displayed by my mail clients are not allowed inbound with 
the same domains as those I host?  


Kindest regards,

.vp

Re: (more) slow transport not working

[fursink]

On Thu, Sep 17, 2009 at 1:48 PM, Victor Duchovni
 wrote:
> On Thu, Sep 17, 2009 at 01:27:45PM -0400, fursink wrote:
>
>> Sep 17 13:25:55 tmail postfix/smtp[27618]: EBC6F87D49:
>> to=, relay=e.mx.mail.yahoo.com[216.39.53.1]:25,
>> delay=3.7, delays=0.02/0/0.64/3, dsn=2.0.0, status=sent (250 ok
>> dirdel)
>> Sep 17 13:25:55 tmail postfix/qmgr[27609]: EBC6F87D49: removed
>>
>> still no indication slow transport is working.
>
> Postfix 2.3 does not support the rate_delay feature, this is new with
> 2.5 and works correctly as of 2.5.6.
>
> --
>        Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> 
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>

Would the fact that this is 2.3.3... prevent the transport from working at all?
I would think the transport should still function even without
rate-delay, though
I will now look into building an upgrade if that's what it takes.

related - if slow transport is working, will the log show
"postfix/postfix-slow" rather than "postfix/smtp"?

- Andrew

Re: (more) slow transport not working

[Victor Duchovni]

On Thu, Sep 17, 2009 at 01:59:25PM -0400, fursink wrote:

> Would the fact that this is 2.3.3... prevent the transport from working
> at all?

No, and in fact the transport is almost certainly used, but "-o
syslog_name" does not work as expected in 2.3.3. Rather, the syslog_name
is inherited from the master(8) daemon, and cannot be customized on a
per-service basis.

> I would think the transport should still function even without
> rate-delay, though

It does.

> I will now look into building an upgrade if that's what it takes.
> 
> related - if slow transport is working, will the log show
> "postfix/postfix-slow" rather than "postfix/smtp"?

No.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: (more) slow transport not working

[fursink]

On Thu, Sep 17, 2009 at 2:02 PM, Victor Duchovni
 wrote:
> On Thu, Sep 17, 2009 at 01:59:25PM -0400, fursink wrote:
>
>> Would the fact that this is 2.3.3... prevent the transport from working
>> at all?
>
> No, and in fact the transport is almost certainly used, but "-o
> syslog_name" does not work as expected in 2.3.3. Rather, the syslog_name
> is inherited from the master(8) daemon, and cannot be customized on a
> per-service basis.
>
>> I would think the transport should still function even without
>> rate-delay, though
>
> It does.
>
>> I will now look into building an upgrade if that's what it takes.
>>
>> related - if slow transport is working, will the log show
>> "postfix/postfix-slow" rather than "postfix/smtp"?
>
> No.
>
> --
>        Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> 
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>

Than what is the preferred method to verify that a transport is being used
for the domain it configured for...

- Andrew

Re: (more) slow transport not working

[Victor Duchovni]

On Thu, Sep 17, 2009 at 02:06:19PM -0400, fursink wrote:

> >> related - if slow transport is working, will the log show
> >> "postfix/postfix-slow" rather than "postfix/smtp"?
> >
> > No.
>
> Than what is the preferred method to verify that a transport is being used
> for the domain it configured for...

Generally, you don't need to verify this. If the transport table is defined
it is used as advertised. If you absolutely must check:

- Send mail to two users that should map to separate transports.

- Quickly (< 100 seconds on idle machines) check the process table,
looking at the "-n" field of the various "smtp" delivery agents.

For example, as mail is delivered on my servers via the "relay" transport,
I see in the process table:

postfix  32645 14325  0 14:05 ?00:00:00 smtp -n relay -t unix -u ...

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: (more) slow transport not working

[fursink]

>> Than what is the preferred method to verify that a transport is being used
>> for the domain it configured for...
>
> Generally, you don't need to verify this. If the transport table is defined
> it is used as advertised. If you absolutely must check:
>
>    - Send mail to two users that should map to separate transports.
>
>    - Quickly (< 100 seconds on idle machines) check the process table,
>    looking at the "-n" field of the various "smtp" delivery agents.
>
> For example, as mail is delivered on my servers via the "relay" transport,
> I see in the process table:
>
>    postfix  32645 14325  0 14:05 ?        00:00:00 smtp -n relay -t unix -u 
> ...
>
> --
>        Viktor.
>...

Then I have to ask, what effect does the "-o syslog_name=postfix-slow"
have in master.cf?
I read an old (2006) thread indicating the override does not work, is
that still true?

- Andrew

Re: (more) slow transport not working

[Victor Duchovni]

On Thu, Sep 17, 2009 at 02:20:19PM -0400, fursink wrote:

> Then I have to ask, what effect does the "-o syslog_name=postfix-slow"
> have in master.cf?
> I read an old (2006) thread indicating the override does not work, is
> that still true?

It works with Postfix ~2.5 and later.

When "bottom-posting", you must also trim irrelevant context above and
below what you are responding to. This includes my signature...

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: (more) slow transport not working

[Wietse Venema]

AndrewLong:
> 
> 
> 
> Wietse Venema wrote:
> > 
> > You forgot the transport table configuration. Without this,
> > Postfix will never use the "slow" transport.
> > 
> > Wietse
> > 
> 
> /etc/postfix/transport::
> yahoo.com   slow:
> 
> followed by postmap hash:/etc/postfix/transport
> 
> I'm sorry, I should have included that this step was also done
> and that transport.db exists.

You forgot:

/etc/postfix/main.cf:
   transport_maps = hash:/etc/postfix/transport

Wietse

Re: (more) slow transport not working

[/dev/rob0]

On Thursday 17 September 2009 13:02:20 Victor Duchovni wrote:
> On Thu, Sep 17, 2009 at 01:59:25PM -0400, fursink wrote:
> > Would the fact that this is 2.3.3... prevent the transport
> > from working at all?
>
> No, and in fact the transport is almost certainly used, but "-o
> syslog_name" does not work as expected in 2.3.3. Rather, the
> syslog_name is inherited from the master(8) daemon, and cannot
> be customized on a per-service basis.

There is no note at postconf.5.html#syslog_name regarding the
changed behavior in later versions. Should there be such a note?
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: virtual_mailbox_base Question

[Victor Duchovni]

On Thu, Sep 17, 2009 at 05:52:23AM -0500, John Dubchak wrote:

> Hi,
> 
> I have a functioning postfix-2.6.5 upgraded installation running.  The
> current setup has 
> 
> virtual_mailbox_base=/var/spool/virutal_mailboxes
> 
> and uses postgres to return the remaining portion of the delivery path
> (eg. /domain/username/) to append to virtual_mailbox_base to create the
> correct delivery path - or so I assume.
> 
> I read the documentation that said the default value for
> virtual_mailbox_base is blank if it is not present.  I wanted to create
> a more flexible system and decided to change the query in
> virtual_mailbox_maps to return the fully derived mail delivery path and
> remove virtual_mailbox_base altogether, however, given that
> configuration change, mail does not get delivered.  So I believe I am
> wrong in thinking that those are the only 2 things that need to change
> in order to fully derive that delivery path.

http://www.postfix.org/postconf.5.html#virtual_mailbox_base

While the default is empty, you MUST set a non-empty value to use the
virtual(8) delivery agent.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: From Altered After Mail Accepted

[Noel Jones]

On 9/17/2009 12:55 PM, wiskbr...@hotmail.com wrote:

Don't confuse the envelope sender as logged by Postfix with
the From: header displayed by your mail client.


Thanks.  Is their a way to ensure that these are the same?  How can I ensure 
that the From: header displayed by my mail clients are not allowed inbound with 
the same domains as those I host?



Use SpamAssassin or similar content inspection.
It's not unusual for legit mail to have different envelope 
sender and From: header - email lists rely on this.


And mail with a From: header in your domain is not in itself a 
sure indicator of spam.  That's why deeper inspection such as 
SpamAssassin is useful.



Another issue is that sometimes mail arrives with a broken 
From: header.  Under certain conditions postfix will add 
@yourdomain to these broken headers.  This can cause confusion 
for your users.

One thing that I've found useful to to set in postfix main.cf
remote_header_rewrite_domain = domain.invalid
so that mail with broken From: headers are clearly labeled as 
such.  For more info on this, see:

http://www.postfix.org/ADDRESS_REWRITING_README.html#william


  -- Noel Jones

Re: (more) slow transport not working

[Victor Duchovni]

On Thu, Sep 17, 2009 at 01:33:01PM -0500, /dev/rob0 wrote:

> On Thursday 17 September 2009 13:02:20 Victor Duchovni wrote:
> > On Thu, Sep 17, 2009 at 01:59:25PM -0400, fursink wrote:
> > > Would the fact that this is 2.3.3... prevent the transport
> > > from working at all?
> >
> > No, and in fact the transport is almost certainly used, but "-o
> > syslog_name" does not work as expected in 2.3.3. Rather, the
> > syslog_name is inherited from the master(8) daemon, and cannot
> > be customized on a per-service basis.
> 
> There is no note at postconf.5.html#syslog_name regarding the
> changed behavior in later versions. Should there be such a note?

The postconf(5) descriptions, generally apply to main.cf behaviour.
Anomalies with "-o" in obsolete releases, are not necessarily a
compelling reason to update the docs, but if someone volunteers a
well-crafted sentence inside a patch, perhaps Wietse will add it to
"proto/postconf.proto".

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: (more) slow transport not working

[Wietse Venema]

/dev/rob0:
> On Thursday 17 September 2009 13:02:20 Victor Duchovni wrote:
> > On Thu, Sep 17, 2009 at 01:59:25PM -0400, fursink wrote:
> > > Would the fact that this is 2.3.3... prevent the transport
> > > from working at all?
> >
> > No, and in fact the transport is almost certainly used, but "-o
> > syslog_name" does not work as expected in 2.3.3. Rather, the
> > syslog_name is inherited from the master(8) daemon, and cannot
> > be customized on a per-service basis.
> 
> There is no note at postconf.5.html#syslog_name regarding the
> changed behavior in later versions. Should there be such a note?

You mean. all bugfixes get listed in postconf(5)?

Wietse

RPMs for later builds

[fursink]

Does anyone maintain a repo for CentOS/RHE packages for some of the
later builds? On Cent 5.3 we're still looking at postfix 3.3, and I
now see there are some fair advantages to an upgrade. I don't really
want to muddle through creating a spec file if someone has been down
this road.

- Andrew

Re: virtual_mailbox_base Question

[John Dubchak]

On Thu, 2009-09-17 at 14:36 -0400, Victor Duchovni wrote:
> On Thu, Sep 17, 2009 at 05:52:23AM -0500, John Dubchak wrote:
> 
> > Hi,
> > 
> > I have a functioning postfix-2.6.5 upgraded installation running.  The
> > current setup has 
> > 
> > virtual_mailbox_base=/var/spool/virutal_mailboxes
> > 
> > and uses postgres to return the remaining portion of the delivery path
> > (eg. /domain/username/) to append to virtual_mailbox_base to create the
> > correct delivery path - or so I assume.
> > 
> > I read the documentation that said the default value for
> > virtual_mailbox_base is blank if it is not present.  I wanted to create
> > a more flexible system and decided to change the query in
> > virtual_mailbox_maps to return the fully derived mail delivery path and
> > remove virtual_mailbox_base altogether, however, given that
> > configuration change, mail does not get delivered.  So I believe I am
> > wrong in thinking that those are the only 2 things that need to change
> > in order to fully derive that delivery path.
> 
> http://www.postfix.org/postconf.5.html#virtual_mailbox_base
> 
> While the default is empty, you MUST set a non-empty value to use the
> virtual(8) delivery agent.
> 

Hi Victor,

Thanks for your response.

In my virtual_mailbox_maps, I am using the results of the query from a
postgresql database.  I was hoping I'd be able to have the query return
the full path of the mailbox directory and remove the
virtual_mailbox_base from my main.cf file.

However, making that change, mail was not being delivered at all.

So, I believe I am using correctly, or is that not the case?

Thanks,
John

Re: (more) slow transport not working

[/dev/rob0]

On Thursday 17 September 2009 13:40:56 Wietse Venema wrote:
> /dev/rob0:
> > On Thursday 17 September 2009 13:02:20 Victor Duchovni wrote:
> > > On Thu, Sep 17, 2009 at 01:59:25PM -0400, fursink wrote:
> > > > Would the fact that this is 2.3.3... prevent the transport
> > > > from working at all?
> > >
> > > No, and in fact the transport is almost certainly used, but "-o
> > > syslog_name" does not work as expected in 2.3.3. Rather, the
> > > syslog_name is inherited from the master(8) daemon, and cannot
> > > be customized on a per-service basis.
> >
> > There is no note at postconf.5.html#syslog_name regarding the
> > changed behavior in later versions. Should there be such a note?
>
> You mean. all bugfixes get listed in postconf(5)?

I was asking; I didn't know it was a bug originally. :) I thought it
was formerly a master(8)-only setting, whereas now, it can be set
per-daemon with -o.
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: RPMs for later builds

[/dev/rob0]

On Thursday 17 September 2009 14:14:36 fursink wrote:
> Does anyone maintain a repo for CentOS/RHE packages for some of the
> later builds? On Cent 5.3 we're still looking at postfix 3.3, and I
> now see there are some fair advantages to an upgrade. I don't really
> want to muddle through creating a spec file if someone has been down
> this road.

This comes up on the list regularly, most recently: yesterday! See
the thread with "Subject: 2.6 RPM".
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: (more) slow transport not working

[Victor Duchovni]

On Thu, Sep 17, 2009 at 02:19:02PM -0500, /dev/rob0 wrote:

> I was asking; I didn't know it was a bug originally. :) I thought it
> was formerly a master(8)-only setting, whereas now, it can be set
> per-daemon with -o.

The daemons processed the option too late for it to actually change the
log tag. This was a "user-interface" bug.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: virtual_mailbox_base Question

[Victor Duchovni]

On Thu, Sep 17, 2009 at 02:18:04PM -0500, John Dubchak wrote:

> > > I read the documentation that said the default value for
> > > virtual_mailbox_base is blank if it is not present.  I wanted to create
> > > a more flexible system and decided to change the query in
> > > virtual_mailbox_maps to return the fully derived mail delivery path and
> > > remove virtual_mailbox_base altogether, however, given that
> > > configuration change, mail does not get delivered.  So I believe I am
> > > wrong in thinking that those are the only 2 things that need to change
> > > in order to fully derive that delivery path.
> > 
> > http://www.postfix.org/postconf.5.html#virtual_mailbox_base
> > 
> > While the default is empty, you MUST set a non-empty value to use the
> > virtual(8) delivery agent.
> > 
> 
> Hi Victor,
> 
> Thanks for your response.
> 
> In my virtual_mailbox_maps, I am using the results of the query from a
> postgresql database.  I was hoping I'd be able to have the query return
> the full path of the mailbox directory and remove the
> virtual_mailbox_base from my main.cf file.
> 
> However, making that change, mail was not being delivered at all.
> 
> So, I believe I am using correctly, or is that not the case?

If you want to reduce security, set the parameter to "/" as documented.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: RPMs for later builds

[fursink]

> Simon Mudd is the man who makes these RPMs.  We mirror his site.  You can get 
> the RPMs here:
> ftp://mirror.newnanutilities.org/pub/postfix-rpm/official/2.6/

That's great, I'd been googl(dir)ected to Simon's site, could not
locate recent releases without your help...

Re: virtual_mailbox_base Question

[John Dubchak]

On Thu, 2009-09-17 at 15:24 -0400, Victor Duchovni wrote:
> 
> If you want to reduce security, set the parameter to "/" as documented.
> 

That's not my goal, so it's not a change I'm willing to introduce.
Also, I wasn't aware that I'd be reducing security by doing that, so
thanks for pointing that out to me.

John

Re: virtual_mailbox_base Question

[Victor Duchovni]

On Thu, Sep 17, 2009 at 02:37:14PM -0500, John Dubchak wrote:

> On Thu, 2009-09-17 at 15:24 -0400, Victor Duchovni wrote:
> > 
> > If you want to reduce security, set the parameter to "/" as documented.
> 
> That's not my goal, so it's not a change I'm willing to introduce.
> Also, I wasn't aware that I'd be reducing security by doing that, so
> thanks for pointing that out to me.

Allowing the database to specify arbitrary mailbox paths reduces security.
Setting an explicit sub-tree of the filesystem for mailbox locations is
safer. If you want absolute paths in the database table, you want the
reduced security. Otherwise, trim-off a common prefix, and specify only
the relative path in the table.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

RE: From Altered After Mail Accepted

[wiskbroom]

> On 9/17/2009 12:55 PM, wiskbr...@hotmail.com wrote:
>>> Don't confuse the envelope sender as logged by Postfix with
>>> the From: header displayed by your mail client.
>>
>> Thanks. Is their a way to ensure that these are the same? How can I ensure 
>> that the From: header displayed by my mail clients are not allowed inbound 
>> with the same domains as those I host?
>>
>
> Use SpamAssassin or similar content inspection.
> It's not unusual for legit mail to have different envelope
> sender and From: header - email lists rely on this.
>
> And mail with a From: header in your domain is not in itself a
> sure indicator of spam. That's why deeper inspection such as
> SpamAssassin is useful.

Yeah, I've got that running too, quite odd that this spammer somehow bypassed 
it...

> Another issue is that sometimes mail arrives with a broken
> From: header. Under certain conditions postfix will add
> @yourdomain to these broken headers. This can cause confusion
> for your users.
> One thing that I've found useful to to set in postfix main.cf
> remote_header_rewrite_domain = domain.invalid
> so that mail with broken From: headers are clearly labeled as
> such. For more info on this, see:
> http://www.postfix.org/ADDRESS_REWRITING_README.html#william

Awesome!  Thanks Noel, I'll give that a try.

.vp

Re: Postfix mail headers for locally sent mail (sendmail command)

[mouss]

Steve Fatula a écrit :
>> If you do not want to process local mail via SpamAssassin then don't
>> send locally submitted mail to SpamAssassin.
> 
> Precisely, and the question was how to recognize locally submitted mail vs 
> other mail given that we had to process on delivery via procmail, and, each 
> user can have different Spamassassin settings, etc. Now I know how. 
> 
> For those still responding - please, the issue was resolved.
> 
> 
>   


for mail submitted via the sendmail command

pickup ...
-o content_filter=


for mail submitted via the submission service:

submission ...
-o content_filter=${submission_filter}
-o smtpd_client_restrictions=${submission_client_restrictions}
...

where the above variables are defined in main.cf


the point is: use the "origin", not headers.

Re: How to receive email on my postfix server

[Ansgar Wiechers]

On 2009-09-17 Arora, Sumit wrote:
> Here are my requirements:
> - I have to setup my own SMTP server to receive emails (I chose
>   postfix, sm body referred me)
> - Then I have to pass the email body and attachments to a component to
>   process it.
> - My postfix server should be able to receive all emails sent to my
>   domain name e.g. anyth...@mydomain.com
> - It is preferred that there should not be any time gap between I
>   receive email and process them, so probably I cannot have any other
>   small smtp server to fetch emails from my postfix server.

Sounds like a job for procmail, IMO.

Install procmail and add the following line to your main.cf:

mailbox_command = procmail -a "$EXTENSION"

Create a file .procmailrc with the following content in your $HOME
(assuming your mailbox format is mbox):

8<
MAILDIR=$HOME/Mail  # Make sure the directory exists!
DEFAULT=$MAILDIR/inbox
LOCKFILE=$HOME/.lockmail

# Remove the following two lines when everything is working as expected,
# lest the log will grow VERY BIG VERY FAST.
LOGFILE=$HOME/procmail.log
VERBOSE=on

:0 fhw
| formail -I "" -s YOUR_PROGRAM
>8

This will deliver all your incoming mail to your local mailbox while
feeding the mailbodies to your program.

> - By security perspective, my postfix server should be able to do
>   anti-spoofing and stop junk emails.

http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

> Here is the output of "postconf -n"
[...]
> inet_interfaces = 16.150.18.223, $myhostname, localhost

inet_interfaces = 16.150.18.223, 127.0.0.1

Regards
Ansgar Wiechers
-- 
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky