Re: Relay acces denied with permit_tls_clientcerts
On Mon, 2009-09-28 at 07:31 -0500, Noel Jones wrote: > On 9/28/2009 7:19 AM, Stefan Selbitschka wrote: > > > > Hi, > > i recently tried to install a postfix server with TLS and client > > authentication required. Testing the installation with Thunderbird > > looked good: server certificate show, client certificate requested and > > postfix log shows TLS OK but finaly I got the message 5.7.1 Relay > > access denied. > > > > > > postconf -n > > = > > smtpd_client_restrictions = permit_tls_clientcerts, permit_mynetworks, > > reject_unauth_destination > > This needs to be smtpd_recipient_restrictions. > >-- Noel Jones works perfect thanks noel!
Re: content_filter and relay_domains/transport_maps
On Fri, 25 Sep 2009 08:46:01 -0400 (EDT), wie...@porcupine.org (Wietse Venema) wrote: > Martijn de Munnik: >> >> On Fri, 2009-09-25 at 07:38 -0400, Wietse Venema wrote: >> > Martijn de Munnik: >> > > Hi, >> > > >> > > It seems that e-mails which are relayed to other servers (using >> > > relay_domains and transport_maps) don't go through content_filter. >> > > How >> > > can I make sure that all mails go through the content_filter? >> > >> > You need to implement one of the models described in FILTER_README. >> > on-line as http://www.postfix.org/FILTER_README.html >> > >> > Be sure to check all the details. >> >> I read the document but still I don't understand why mails which are >> relayed don't go through the content filter? > > You must check ALL the details. Print it on paper. Use a red pen. I only had a yellow marker, I hope that'll do :) > Mark each configuration detail that you have checked against your > configuration. > >> From the doc: >> The "content_filter" line causes Postfix to add one content filter >> request record to each incoming mail message... > > Right. Now read the OTHER text too. Look for stuff in master.cf > that overrides main.cf entries. Mmm, I tried real hard to understand what you mean. I already have receive_override_options = no_address_mappings in main.cf. So only thing I could think of is I need to add -o transport_maps= to the smtp, pickup and submission line in master.cf?
Re: smtp client and aliased addresses
On Tue, 2009-09-29 at 00:58 -0300, Postfix User wrote: > I'm having an issue getting the smtp client to bind to an aliased IP > address. > > mail_version = 2.5.7 > > I've tried to no avail to have the smtp client use a aliased IP to > deliver mail but it insists on using the address of the interface the > aliased address is assigned to. > > # ifconfig eth2 && ifconfig eth2:1 > > eth2 Link encap:Ethernet HWaddr 00:15:17:6f:e6:1e > inet addr:142.22.75.146 Bcast:142.22.75.151 Mask:255.255.255.248 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:38366130 errors:0 dropped:0 overruns:0 frame:0 > TX packets:32267506 errors:0 dropped:0 overruns:0 carrier:0 > collisions:535231 txqueuelen:100 > RX bytes:10481726082 (9.7 GiB) TX bytes:33812562876 (31.4 GiB) > Base address:0xece0 Memory:fc7e-fc80 > > eth2:1Link encap:Ethernet HWaddr 00:15:17:6f:e6:1e > inet addr:142.22.75.147 Bcast:142.22.75.151 Mask:255.255.255.248 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Base address:0xece0 Memory:fc7e-fc80 > > > I've tried the following in main.cf ... > > smtp_bind_address = 142.22.75.147 > > I've also tried the following in master.cf ... > > smtp unix - - n - - smtp >-o smtp_bind_address=142.22.75.147 > > Reading a correlation between smtp_bind_address and inet_interfaces in > the docs I've also tried the following in main.cf ... > > inet_interfaces = $myhostname, localhost > > With the later netstat shows master binding to the aliased address > 142.22.75.147 and 127.0.0.1 and the smtpd server receives mail fine on > the aliased address however the smtp client persists in using > 142.22.75.146 to deliver mail to other hosts. > How can you say that ? The way of checking is send a mail to any other server. And check the full headers for the ip used. Dont use netstat. The smtp connection will not last too long for your inspection. > tcp0 0 127.0.0.1:250.0.0.0:* LISTEN > 27605/master > tcp0 0 142.22.75.147:250.0.0.0:* LISTEN > 27605/master > > No this is not smtp client , this indicates smtpd listening for incoming messages. Dont confuse smtpd with smtp > What am I missing? I dont think there is anything. You are probably already meeting your requirement > > Thanks > -- >
Re: Content_filter - Too Many Hops
mic...@casa.co.cu: > Hello > > I'm trying to integrate bogofilter with postfix, I followed the steps in > the documentation for installation and configuration: Except that you also use MailScanner, which interferes with Postfix content filtering. Wietse
Stomp logging for postfix - patch
Hi,
I have couple of postfix servers whose logs I need to parse and store
in a database for generating reports. I have tried parsing individual
logs but it was taking too much time for parsing. Also with the number
of types of logs postfix is generating, parser would break every now
and then when postfix logs an entry with say, malformed email id.
I finally ditched the parsing part and coded up a patch to send the
log entries to a stomp server. I ideally would like to pass around
perfectly valid json entries as logs, but right now I just separate
the entries with \233 (some thing I do not expect to appear in a log)
and I have a program to get the log entries from RabbitMQ split them
and push them to DB.
Some of the advantages here are that there is no parsing, Just split
using delimiter and I get a neat key value pair. Also every log has a
type field with which I can directly switch.
The patch is uploaded at http://pastebin.ca/1584108.The
patch is far from perfect, but I have it running it in a moderately
loaded box for some time.
Postfix has a logging class but I have decided to put a different
function partially because that was the easy way out, and partially
because stomp logging should augment the existing logging than change
it's destination. I am also having difficulty in understanding the
build process. consequently the build process is convoluted.
C stomp library is built up on apache apr library. So (in debian)
dependencies are : libapr1, libapr1-dev libaprutil1, libaprutil1-dev
and libdb-4.6-dev. I am building postfix on a 64bit machine, so a
patch for adding -D_LARGEFILE64_SOURCE to makefile is necessary (for
use by APR).
--- /dev/null
+++ b/largefile64.patch
@@ -0,0 +1,13 @@
+diff --git a/makedefs b/makedefs
+index cfba0e9..4860358 100644
+--- a/makedefs
b/makedefs
+@@ -450,7 +450,7 @@ case "$CCARGS" in
+ *-DNO_PCRE*) ;;
+ *) pcre_cflags=`(pcre-config --cflags) 2>/dev/null` &&
+ pcre_libs=`(pcre-config --libs) 2>/dev/null` && {
+- CCARGS="$CCARGS -DHAS_PCRE $pcre_cflags"
++ CCARGS="$CCARGS -DHAS_PCRE $pcre_cflags
-D_LARGEFILE64_SOURCE"
+ AUXLIBS="$AUXLIBS $pcre_libs"
+ }
+ ;;
I am sure there must be some way to get the build flag automatically,
but I am unable to figure that out. So till then this is ugly hack #1
After executing make at this point, the build process stops after some
time and here I need to do another magic.
Copy src/global/mail_params.h to include/ and execute the make again
and the build completes successfully. I have no idea what happens
during the build and how to "properly" modify the build scripts for a
flawless build, but my steps works :)
The patch adds 3 entries in config files
stomp_port = 61613
queue = postfix
amq_server = ravanan
queue is the message queue in RabbitMQ (or ActiveMQ) and amq_server is
the ip of the RabbitMQ server.
This is my first jab at postfix source and I only consider the patch a
place to start some discussion. It would be great if some one could go
through/test the code and also suggest fixes to the build problems. I
believe having postfix log to a stomp server using json would be a
great feature for people running multiple postfix serves and need to
analyze the data in a central location.
with warm regards,
raj
Re: smtp client and aliased addresses
On Tue, 2009-09-29 at 14:28 +0530, ram wrote: > On Tue, 2009-09-29 at 00:58 -0300, Postfix User wrote: > > I'm having an issue getting the smtp client to bind to an aliased IP > > address. > > > > mail_version = 2.5.7 > > > > I've tried to no avail to have the smtp client use a aliased IP to > > deliver mail but it insists on using the address of the interface the > > aliased address is assigned to. > > > > # ifconfig eth2 && ifconfig eth2:1 > > > > eth2 Link encap:Ethernet HWaddr 00:15:17:6f:e6:1e > > inet addr:142.22.75.146 Bcast:142.22.75.151 Mask:255.255.255.248 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:38366130 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:32267506 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:535231 txqueuelen:100 > > RX bytes:10481726082 (9.7 GiB) TX bytes:33812562876 (31.4 GiB) > > Base address:0xece0 Memory:fc7e-fc80 > > > > eth2:1Link encap:Ethernet HWaddr 00:15:17:6f:e6:1e > > inet addr:142.22.75.147 Bcast:142.22.75.151 Mask:255.255.255.248 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > Base address:0xece0 Memory:fc7e-fc80 > > > > > > I've tried the following in main.cf ... > > > > smtp_bind_address = 142.22.75.147 > > > > I've also tried the following in master.cf ... > > > > smtp unix - - n - - smtp > >-o smtp_bind_address=142.22.75.147 > > > > Reading a correlation between smtp_bind_address and inet_interfaces in > > the docs I've also tried the following in main.cf ... > > > > inet_interfaces = $myhostname, localhost > > > > With the later netstat shows master binding to the aliased address > > 142.22.75.147 and 127.0.0.1 and the smtpd server receives mail fine on > > the aliased address however the smtp client persists in using > > 142.22.75.146 to deliver mail to other hosts. > > > How can you say that ? The way of checking is send a mail to any other > server. And check the full headers for the ip used. Dont use netstat. > The smtp connection will not last too long for your inspection. > Indeed, I've confirmed it by checking both headers and logs. Sorry about that, I thought that a little too obvious to mention. > > > tcp0 0 127.0.0.1:250.0.0.0:* LISTEN > >27605/master > > tcp0 0 142.22.75.147:250.0.0.0:* LISTEN > >27605/master > > > > > No this is not smtp client , this indicates smtpd listening for incoming > messages. Dont confuse smtpd with smtp > I'm aware of that and it was mentioned, I showed the netstat output to show that postfix was using inet_interfaces as expected. FWIW I also tried this with just the aliased IP address. > > What am I missing? > > I dont think there is anything. You are probably already meeting your > requirement > As I've confirmed that it's not, any other suggestions? Thanks --
Re: Content_filter - Too Many Hops
Wietse Venema escribió: mic...@casa.co.cu: Hello I'm trying to integrate bogofilter with postfix, I followed the steps in the documentation for installation and configuration: Except that you also use MailScanner, which interferes with Postfix content filtering. Wietse Hi Wietse Thank you for responding so quickly. As commented in my previous message, in my transport table for each domain declared on my network server to which I give you my email so that it reaches its final destination, when I apply the filter ignores the table, never comes out. You tell me that MailScanner is responsible for all this? What can I do here? I can not remove it, as do the virus check each message to reach me?? What can I do? mailserver.home.com local home.comvirtual:[192.168.25.8] home.cu dovecot:[192.168.25.8] -- Webmail, servicio de correo electronico Casa de las Americas - La Habana, Cuba.
Re: Content_filter - Too Many Hops
On Tue, 29 Sep 2009 07:08:04 -0400 mic...@casa.co.cu wrote: > Wietse Venema escribió: > > > mic...@casa.co.cu: > >> Hello > >> > >> I'm trying to integrate bogofilter with postfix, I followed the > >> steps in the documentation for installation and configuration: > > > > Except that you also use MailScanner, which interferes with > > Postfix content filtering. > > > > Wietse > > > > Hi Wietse > > Thank you for responding so quickly. > > As commented in my previous message, in my transport table for each > domain declared on my network server to which I give you my email so > that it reaches its final destination, when I apply the filter > ignores the table, never comes out. > > You tell me that MailScanner is responsible for all this? > > What can I do here? > > I can not remove it, as do the virus check each message to reach me?? > > What can I do? > > mailserver.home.com local > home.comvirtual:[192.168.25.8] > home.cu dovecot:[192.168.25.8] Of course you can remove it. There are many, and IMHO, far superior programs for handing what you require. You could search the Postfix site for suggestions. Give 'amavisd-new' a look. -- Gerard postfix.u...@yahoo.com TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html As I thought, no better from this side. -- Eeyore
Re: Content_filter - Too Many Hops
mic...@casa.co.cu: > Wietse Venema escribi?: > > > mic...@casa.co.cu: > >> Hello > >> > >> I'm trying to integrate bogofilter with postfix, I followed the steps in > >> the documentation for installation and configuration: > > > > Except that you also use MailScanner, which interferes with > > Postfix content filtering. > > > > Wietse > > > > Hi Wietse > > Thank you for responding so quickly. > > As commented in my previous message, in my transport table for each > domain declared on my network server to which I give you my email so > that it reaches its final destination, when I apply the filter ignores > the table, never comes out. > > You tell me that MailScanner is responsible for all this? I support Postfix. If the Postfix content filter mis-behaves WITHOUT MailScanner, then I will fix it. Wietse > What can I do here? > > I can not remove it, as do the virus check each message to reach me?? > > What can I do? > > mailserver.home.com local > home.comvirtual:[192.168.25.8] > home.cu dovecot:[192.168.25.8] > > > > > -- > Webmail, servicio de correo electronico > Casa de las Americas - La Habana, Cuba. > > >
Re: Stomp logging for postfix - patch
On Tue, Sep 29, 2009 at 7:49 AM, Rajkumar S wrote: > Hi, > > I have couple of postfix servers whose logs I need to parse and store > in a database for generating reports. I have tried parsing individual > logs but it was taking too much time for parsing. Also with the number > of types of logs postfix is generating, parser would break every now > and then when postfix logs an entry with say, malformed email id. > I'am working in a (python) framework to parse in real-time any log format and store in a database, it's base in plugins that repsent a class. A new plugin is a class with a method "insert", very easy make anything. I working in postfix plugin but iptables plugin seems OK. http://groups.google.com/group/post-la/attach/aa63b7c30a0bfc91/processLog-2009092701.tar.gz?part=2 -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net "Don't try to adapt the software to the way you work, but rather yourself to the way the software works" (myself)
Re: smtp client and aliased addresses
On Tue, 29 Sep 2009 07:57:54 -0300 Postfix User wrote: > > On Tue, 2009-09-29 at 14:28 +0530, ram wrote: > > On Tue, 2009-09-29 at 00:58 -0300, Postfix User wrote: > > > I'm having an issue getting the smtp client to bind to an aliased > > > IP address. > > > > > > mail_version = 2.5.7 > > > > > > I've tried to no avail to have the smtp client use a aliased IP to > > > deliver mail but it insists on using the address of the interface > > > the aliased address is assigned to. > > > [snip] > > As I've confirmed that it's not, any other suggestions? Postfix does not decide which interface to use for sending mail. That is handled by your routing tables. -- John
Getting email multiple times in content filter
Hi All, I'm using smtp content filter, I'm getting same email multiple times on my smtp content filter. Can anyone tell me how to limit postfix to send email to content filter. Thanks, Sumit Arora
Re: Getting email multiple times in content filter
Arora, Sumit wrote: Hi All, I’m using smtp content filter, I’m getting same email multiple times on my smtp content filter. Can anyone tell me how to limit postfix to send email to content filter. Thanks, Sumit Arora Try reading through this? http://www.postfix.org/pipe.8.html
Re: smtp client and aliased addresses
On Tue, 2009-09-29 at 07:51 -0400, John Peach wrote: > On Tue, 29 Sep 2009 07:57:54 -0300 > Postfix User wrote: > [snip] > > > > As I've confirmed that it's not, any other suggestions? > > Postfix does not decide which interface to use for sending mail. That > is handled by your routing tables. What's the intended use of smtp_bind_address for then?
Re: Content_filter - Too Many Hops
On 9/29/2009 6:08 AM, mic...@casa.co.cu wrote: Wietse Venema escribió: mic...@casa.co.cu: Hello I'm trying to integrate bogofilter with postfix, I followed the steps in the documentation for installation and configuration: Except that you also use MailScanner, which interferes with Postfix content filtering. You tell me that MailScanner is responsible for all this? From your original message: Sep 28 17:36:14 mailserver sendmail[12738]: n8SLaEwa012738: from=mic...@casa.co.cu, size=936, class=0, nrcpts=1, msgid=<1254174126.25419.108.ca...@michel.home.com>, relay=fil...@localhost So the main problem is that you need to uninstall or disable sendmail. That's what is causing the loop. But MailScanner uses a non-standard and unsupported interface to postfix, and is likely to cause other problems when combined with a standard content_filter, such as processing mail multiple times and other strange problems. If you really want to use MailScanner, you shouldn't use any other content filters or milters, and don't expect to get any support for postfix + MailScanner on this list. But a better solution is to drop MailScanner and use something with a standard, supported interface to postfix. -- Noel Jones
Re: Content_filter - Too Many Hops
Wietse Venema escribió: mic...@casa.co.cu: Wietse Venema escribi?: > mic...@casa.co.cu: >> Hello >> >> I'm trying to integrate bogofilter with postfix, I followed the steps in >> the documentation for installation and configuration: > > Except that you also use MailScanner, which interferes with > Postfix content filtering. > >Wietse > Hi Wietse Thank you for responding so quickly. As commented in my previous message, in my transport table for each domain declared on my network server to which I give you my email so that it reaches its final destination, when I apply the filter ignores the table, never comes out. You tell me that MailScanner is responsible for all this? I support Postfix. If the Postfix content filter mis-behaves WITHOUT MailScanner, then I will fix it. Wietse What can I do here? I can not remove it, as do the virus check each message to reach me?? What can I do? mailserver.home.com local home.comvirtual:[192.168.25.8] home.cu dovecot:[192.168.25.8] I will make a test , without the mailscanner and feedback to you so with amavis you can think the loops problem disappear? -- Webmail, servicio de correo electronico Casa de las Americas - La Habana, Cuba.
Re: Content_filter - Too Many Hops
On Monday 28 September 2009 22:33:08 mic...@casa.co.cu wrote: > I'm trying to integrate bogofilter with postfix, I followed the > steps in the documentation for installation and configuration: Bogofilter documentation, probably. Questions regarding that might belong on a list specific to that project. > I'm using CentOS 5.3 with postfix-2.3.3-2.1, my users are virtuals, > they are in the active directory in windows. That's a complex setup. First things first, you need to learn how to manage your OS. RHEL is extensively documented. Next, consider simpler alternatives. You're going to have a lot of frustration as you try to understand what you have already done. It does not need to be so complicated. > When I send a message, my server must deliver the message to an > external server, said earlier in the table of transport, > following testing of the filter in the master.cf file the > messages stop being delivered to the external server and the > message fall into a cycle. I think I understand all that. What I don't understand is WHY you thought this was a good idea. :) > I created the user under which the filter will work, given > execution permissions to the script and the owner of it. > > The question is because the script is used to deliver these > messages sendmail, postfix why not? And this would be a CentOS/RHEL question. If you're going to have Postfix as your MTA, get the sendmail.org MTA out of the way. > This is my config in master.cf file: snip > Sep 28 17:36:13 mailserver postfix/smtpd[12730]: connect from > michel.home.com[192.168.25.20] Home.com is a real Internet domain. You should use a domain name that would never appear on the Internet, for internal naming. I use subdomains of my real domain, which I control, and also a made-up TLD, .vpn. > Sep 28 17:36:13 mailserver postfix/smtpd[12730]: 911B5E03B5: > client=michel.home.com[192.168.25.20] > > Sep 28 17:36:13 mailserver postfix/cleanup[12733]: 911B5E03B5: hold: > header Received: from [192.168.25.20] (michel.home.com > [192.168.25.20])??by mailserver.home.com (Postfix) with ESMTP id > 911B5E03B5??for ; Mon, 28 Sep 2009 17:36:13 -0400 (CDT) > from michel.home.com[192.168.25.20]; from= > to= proto=ESMTP helo=<[192.168.25.20]> > > Sep 28 17:36:13 mailserver postfix/cleanup[12733]: 911B5E03B5: > message-id=<1254174126.25419.108.ca...@michel.home.com> > > Sep 28 17:36:13 mailserver postfix/smtpd[12730]: disconnect from > michel.home.com[192.168.25.20] > > Sep 28 17:36:14 mailserver MailScanner[26203]: New Batch: Scanning 1 > messages, 1176 bytes > > Sep 28 17:36:14 mailserver MailScanner[26203]: Spam Checks: Starting > > Sep 28 17:36:14 mailserver MailScanner[26203]: Virus and Content > Scanning: Starting > > Sep 28 17:36:14 mailserver MailScanner[26203]: Requeue: 911B5E03B5.B54EA > to 60CA9E03C0 > > Sep 28 17:36:14 mailserver MailScanner[26203]: Uninfected: Delivered 1 > messages Mailscanner, as you know, is not recommended for Postfix, and will not be supported on this list. But in this case it does not seem to be the cause of the mail loop. > Sep 28 17:36:14 mailserver postfix/qmgr[12728]: 60CA9E03C0: > from=, size=856, nrcpt=1 (queue active) Here's the post-Mailscanner message. > Sep 28 17:36:14 mailserver sendmail[12738]: n8SLaEwa012738: > Authentication-Warning: mailserver.home.com: filter set sender to > mic...@casa.co.cu using -f > > Sep 28 17:36:14 mailserver sendmail[12738]: n8SLaEwa012738: > from=mic...@casa.co.cu, size=936, class=0, nrcpts=1, > msgid=<1254174126.25419.108.ca...@michel.home.com>, > relay=fil...@localhost Oops. That's not Postfix. Postfix logs all say "postfix" in them. > Sep 28 17:36:14 mailserver postfix/smtpd[12730]: connect from > localhost.localdomain[127.0.0.1] And yet it submits mail back to Postfix. > Sep 28 17:36:14 mailserver postfix/smtpd[12730]: C059CE03B5: > client=localhost.localdomain[127.0.0.1] > > Sep 28 17:36:14 mailserver postfix/cleanup[12733]: C059CE03B5: hold: > header Received: from mailserver.home.com (localhost.localdomain > [127.0.0.1])??by mailserver.home.com (Postfix) with ESMTP id > C059CE03B5??for ; Mon, 28 Sep 2009 17:36:14 -0400 (CDT > from localhost.localdomain[127.0.0.1]; from= > to= proto=ESMTP helo= There's your loop. Best advice to proceed, spend some time getting to know how to work with/in your OS. Mail administration is challenging for experienced system administrators! Your problem here is that you're not an experienced system administrator, so it's going to be much more difficult for you. Next, look at more sane and clean methods of spam control. Simple HELO checks (specifically reject_non_fqdn_helo_hostname and reject_invalid_helo_hostname) and Spamhaus Zen will get rid of the vast majority of the spam. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
block common typo'ed recipient domain
On an outbound only SMTP service, what is the recommended way to reject mail sent to a particular domain? There is a domain people often typo, and it has no MX record, so it rots for some time before people learn it won't deliver. I'd rather that be a reject code so they immediately fix the typo in their mail client. --Donald
Re: smtp client and aliased addresses
On Tue, 2009-09-29 at 07:57 -0300, Postfix User wrote: > On Tue, 2009-09-29 at 14:28 +0530, ram wrote: > > On Tue, 2009-09-29 at 00:58 -0300, Postfix User wrote: > > > I'm having an issue getting the smtp client to bind to an aliased IP > > > address. > > > > > > mail_version = 2.5.7 > > > > > > I've tried to no avail to have the smtp client use a aliased IP to > > > deliver mail but it insists on using the address of the interface the > > > aliased address is assigned to. > > > > > > # ifconfig eth2 && ifconfig eth2:1 > > > > > > eth2 Link encap:Ethernet HWaddr 00:15:17:6f:e6:1e > > > inet addr:142.22.75.146 Bcast:142.22.75.151 > > > Mask:255.255.255.248 > > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > RX packets:38366130 errors:0 dropped:0 overruns:0 frame:0 > > > TX packets:32267506 errors:0 dropped:0 overruns:0 carrier:0 > > > collisions:535231 txqueuelen:100 > > > RX bytes:10481726082 (9.7 GiB) TX bytes:33812562876 (31.4 GiB) > > > Base address:0xece0 Memory:fc7e-fc80 > > > > > > eth2:1Link encap:Ethernet HWaddr 00:15:17:6f:e6:1e > > > inet addr:142.22.75.147 Bcast:142.22.75.151 > > > Mask:255.255.255.248 > > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > Base address:0xece0 Memory:fc7e-fc80 > > > > > > > > > I've tried the following in main.cf ... > > > > > > smtp_bind_address = 142.22.75.147 > > > > > > I've also tried the following in master.cf ... > > > > > > smtp unix - - n - - smtp > > >-o smtp_bind_address=142.22.75.147 > > > > > > Reading a correlation between smtp_bind_address and inet_interfaces in > > > the docs I've also tried the following in main.cf ... > > > > > > inet_interfaces = $myhostname, localhost > > > > > > With the later netstat shows master binding to the aliased address > > > 142.22.75.147 and 127.0.0.1 and the smtpd server receives mail fine on > > > the aliased address however the smtp client persists in using > > > 142.22.75.146 to deliver mail to other hosts. > > > > > How can you say that ? The way of checking is send a mail to any other > > server. And check the full headers for the ip used. Dont use netstat. > > The smtp connection will not last too long for your inspection. > > > > Indeed, I've confirmed it by checking both headers and logs. Sorry about > that, I thought that a little too obvious to mention. > > > > > > tcp0 0 127.0.0.1:250.0.0.0:* > > > LISTEN 27605/master > > > tcp0 0 142.22.75.147:250.0.0.0:* > > > LISTEN 27605/master > > > > > > > > No this is not smtp client , this indicates smtpd listening for incoming > > messages. Dont confuse smtpd with smtp > > > > I'm aware of that and it was mentioned, I showed the netstat output to > show that postfix was using inet_interfaces as expected. FWIW I also > tried this with just the aliased IP address. > > > > What am I missing? > > > > I dont think there is anything. You are probably already meeting your > > requirement > > > > As I've confirmed that it's not, any other suggestions? > smtp bind works fine. Trace the mail in the logs. Probably enable verbose logging for smtp Did you see any error line that says could not bind to > > Thanks > -- > > >
Re: block common typo'ed recipient domain
On Sep 29, 2009, at 9:32 AM, D G Teed wrote: On an outbound only SMTP service, what is the recommended way to reject mail sent to a particular domain? There is a domain people often typo, and it has no MX record, so it rots for some time before people learn it won't deliver. I'd rather that be a reject code so they immediately fix the typo in their mail client. $transport_maps to direct mail for typo'd domain to the error transport. -- Sahil Tandon
Re: smtp client and aliased addresses
On Tue, 2009-09-29 at 19:10 +0530, ram wrote: > On Tue, 2009-09-29 at 07:57 -0300, Postfix User wrote: > > On Tue, 2009-09-29 at 14:28 +0530, ram wrote: > > > On Tue, 2009-09-29 at 00:58 -0300, Postfix User wrote: > > > > I'm having an issue getting the smtp client to bind to an aliased IP > > > > address. > > > > > > > > > > What am I missing? > > > > > > I dont think there is anything. You are probably already meeting your > > > requirement > > > > > > > As I've confirmed that it's not, any other suggestions? > > > smtp bind works fine. > Trace the mail in the logs. Probably enable verbose logging for smtp > Did you see any error line that says could not bind to First thing I did was an egrep '(warning|error|fatal|panic):' on the mail logs, nothing relevant seen. I'll try turning on verbose logging and look for clues. I've since implemented an iptables SNAT rule as a temporary workaround as I really needed this working this morning. I doubt this will interfere with the verbose logging output. What exactly is it I should be looking for? --
Re: block common typo'ed recipient domain
On Tue, Sep 29, 2009 at 10:44 AM, Sahil Tandon wrote: > On Sep 29, 2009, at 9:32 AM, D G Teed wrote: > >> On an outbound only SMTP service, what >> is the recommended way to reject mail sent >> to a particular domain? There is a domain people often >> typo, and it has no MX record, so it rots for some time >> before people learn it won't deliver. I'd rather that >> be a reject code so they immediately fix the typo >> in their mail client. > > $transport_maps to direct mail for typo'd domain to the error transport. > Cool. Thanks. I had been messing with recipient configuration variables with no luck. In my transports file I added a line similar to: exampel.com error: Use example.com NOT exampel.com and this catches the problem as people click their Send buttons. Thanks again... --Donald
Re: block common typo'ed recipient domain
On Tuesday 29 September 2009 08:32:45 D G Teed wrote: > On an outbound only SMTP service, what > is the recommended way to reject mail sent > to a particular domain? There is a domain people often > typo, and it has no MX record, so it rots for some time > before people learn it won't deliver. I'd rather that > be a reject code so they immediately fix the typo > in their mail client. reject_unknown_recipient_domain rejects many (but not all) typo domains. At least it will work for the one you described. If you decide to block some typo domains which are real, try a check_recipient_access lookup: bad.example.comREJECT did you mean good.example.com? -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
Re: Content_filter - Too Many Hops
On Tue, 2009-09-29 at 07:41 -0500, /dev/rob0 wrote: > On Monday 28 September 2009 22:33:08 mic...@casa.co.cu wrote: > > I'm trying to integrate bogofilter with postfix, I followed the > > steps in the documentation for installation and configuration: > > Bogofilter documentation, probably. Questions regarding that might > belong on a list specific to that project. > > > I'm using CentOS 5.3 with postfix-2.3.3-2.1, my users are virtuals, > > they are in the active directory in windows. > > That's a complex setup. First things first, you need to learn how to > manage your OS. RHEL is extensively documented. Next, consider > simpler alternatives. You're going to have a lot of frustration as > you try to understand what you have already done. It does not need to > be so complicated. > > > When I send a message, my server must deliver the message to an > > external server, said earlier in the table of transport, > > following testing of the filter in the master.cf file the > > messages stop being delivered to the external server and the > > message fall into a cycle. > > I think I understand all that. What I don't understand is WHY you > thought this was a good idea. :) > > > I created the user under which the filter will work, given > > execution permissions to the script and the owner of it. > > > > The question is because the script is used to deliver these > > messages sendmail, postfix why not? > > And this would be a CentOS/RHEL question. If you're going to have > Postfix as your MTA, get the sendmail.org MTA out of the way. > > > This is my config in master.cf file: > snip > > > Sep 28 17:36:13 mailserver postfix/smtpd[12730]: connect from > > michel.home.com[192.168.25.20] > > Home.com is a real Internet domain. You should use a domain name that > would never appear on the Internet, for internal naming. I use > subdomains of my real domain, which I control, and also a made-up > TLD, .vpn. > > > Sep 28 17:36:13 mailserver postfix/smtpd[12730]: 911B5E03B5: > > client=michel.home.com[192.168.25.20] > > > > Sep 28 17:36:13 mailserver postfix/cleanup[12733]: 911B5E03B5: hold: > > header Received: from [192.168.25.20] (michel.home.com > > [192.168.25.20])??by mailserver.home.com (Postfix) with ESMTP id > > 911B5E03B5??for ; Mon, 28 Sep 2009 17:36:13 -0400 (CDT) > > from michel.home.com[192.168.25.20]; from= > > to= proto=ESMTP helo=<[192.168.25.20]> > > > > Sep 28 17:36:13 mailserver postfix/cleanup[12733]: 911B5E03B5: > > message-id=<1254174126.25419.108.ca...@michel.home.com> > > > > Sep 28 17:36:13 mailserver postfix/smtpd[12730]: disconnect from > > michel.home.com[192.168.25.20] > > > > Sep 28 17:36:14 mailserver MailScanner[26203]: New Batch: Scanning 1 > > messages, 1176 bytes > > > > Sep 28 17:36:14 mailserver MailScanner[26203]: Spam Checks: Starting > > > > Sep 28 17:36:14 mailserver MailScanner[26203]: Virus and Content > > Scanning: Starting > > > > Sep 28 17:36:14 mailserver MailScanner[26203]: Requeue: 911B5E03B5.B54EA > > to 60CA9E03C0 > > > > Sep 28 17:36:14 mailserver MailScanner[26203]: Uninfected: Delivered 1 > > messages > > Mailscanner, as you know, is not recommended for Postfix, and will > not be supported on this list. But in this case it does not seem to > be the cause of the mail loop. > > > Sep 28 17:36:14 mailserver postfix/qmgr[12728]: 60CA9E03C0: > > from=, size=856, nrcpt=1 (queue active) > > Here's the post-Mailscanner message. > > > Sep 28 17:36:14 mailserver sendmail[12738]: n8SLaEwa012738: > > Authentication-Warning: mailserver.home.com: filter set sender to > > mic...@casa.co.cu using -f > > > > Sep 28 17:36:14 mailserver sendmail[12738]: n8SLaEwa012738: > > from=mic...@casa.co.cu, size=936, class=0, nrcpts=1, > > msgid=<1254174126.25419.108.ca...@michel.home.com>, > > relay=fil...@localhost > > Oops. That's not Postfix. Postfix logs all say "postfix" in them. > > > Sep 28 17:36:14 mailserver postfix/smtpd[12730]: connect from > > localhost.localdomain[127.0.0.1] > > And yet it submits mail back to Postfix. > > > Sep 28 17:36:14 mailserver postfix/smtpd[12730]: C059CE03B5: > > client=localhost.localdomain[127.0.0.1] > > > > Sep 28 17:36:14 mailserver postfix/cleanup[12733]: C059CE03B5: hold: > > header Received: from mailserver.home.com (localhost.localdomain > > [127.0.0.1])??by mailserver.home.com (Postfix) with ESMTP id > > C059CE03B5??for ; Mon, 28 Sep 2009 17:36:14 -0400 (CDT > > from localhost.localdomain[127.0.0.1]; from= > > to= proto=ESMTP helo= > > There's your loop. > > Best advice to proceed, spend some time getting to know how to work > with/in your OS. Mail administration is challenging for experienced > system administrators! Your problem here is that you're not an > experienced system administrator, so it's going to be much more > difficult for you. > > Next, look at more sane and clean methods of spam control. Simple > HELO checks (specifically reject_non_fqdn_helo_hostname and > reject_invalid_helo_hostname) and Spamhaus Zen will get
RE: Failover from one remote SMTP server to another
This, along with doing the same to the relayhost value seems to have done the trick. I still have a few other issues to clear up, but at least it is now attempting to failover to the other SMTP server. Thanks loads to everyone that chipped in with help. That it ended up being something so simple is a trifle embarrassing. I spent something like two or three days trying to solve this before coming to you guys! Regards, Mark Baxter Mark Baxter OnDemand Administrator, Visma Proceedo AB Switchboard : +46 8 522 930 30 - Direct : +46 8 522 930 60 - Mobile : +46 73 978 92 60 - Fax : +46 8 58 88 48 29 -Original Message- From: Charles Marcus [mailto:cmar...@media-brokers.com] Sent: den 28 september 2009 17:35 To: Mark Baxter Cc: postfix-users@postfix.org Subject: Re: Failover from one remote SMTP server to another On 9/28/2009, Mark Baxter (mark.bax...@visma.com) wrote: > smtp_fallback_relay = smtp.3g.com I'm not sure if it would cause your problem, but I have square brackets around mine, so try: smtp_fallback_relay = [smtp.3g.com] -- Best regards, Charles
Re: smtp client and aliased addresses
2009/9/30 Postfix User : > I've since implemented an iptables SNAT rule as a temporary workaround > as I really needed this working this morning. I doubt this will > interfere with the verbose logging output. What exactly is it I should > be looking for? Can you show us some proof that it's not working? Eg. send mail via that machine and show the headers that appear on the receiving end. If you really want to use iptables, I'd use it for logging first. Just some trivial rules. iptables -I OUTPUT -s 142.22.75.146 -p tcp --dport smtp -m state --state NEW iptables -I OUTPUT -s 142.22.75.147 -p tcp --dport smtp -m state --state NEW Send some mail and check your packet counters with `iptables -L OUTPUT -vn` I don't doubt that you're seeing some sort of problem, but we need more evidence to believe there's actually something broken/wrong with postfix. I wouldn't bother turning on verbose logging just yet; I'm not sure it'll show the source address, and it's a lot of information to wade through (and noone here will read through it unless they're sure there's a problem that needs it).
Re: smtp client and aliased addresses
On Wed, 30 Sep 2009 01:03:36 +1000 Barney Desmond wrote: > 2009/9/30 Postfix User : > > > I've since implemented an iptables SNAT rule as a temporary > > workaround as I really needed this working this morning. I doubt > > this will interfere with the verbose logging output. What exactly > > is it I should be looking for? > > Can you show us some proof that it's not working? Eg. send mail via > that machine and show the headers that appear on the receiving end. > > If you really want to use iptables, I'd use it for logging first. Just > some trivial rules. > > iptables -I OUTPUT -s 142.22.75.146 -p tcp --dport smtp -m state > --state NEW iptables -I OUTPUT -s 142.22.75.147 -p tcp --dport smtp > -m state --state NEW > > Send some mail and check your packet counters with `iptables -L > OUTPUT -vn` > > I don't doubt that you're seeing some sort of problem, but we need > more evidence to believe there's actually something broken/wrong with > postfix. I wouldn't bother turning on verbose logging just yet; I'm > not sure it'll show the source address, and it's a lot of information > to wade through (and noone here will read through it unless they're > sure there's a problem that needs it). Why would you think there's a problem? Postfix does not determine what interface is used for outbound email. The OS routing tables do that, so iptables will do what he wants. -- John
Postfix Mail Queue Monitor
In case anyone is interested, I've attached a working Postfix Mail Queue
Monitor for nagios - It's working for me as is, but if anyone has any
suggested modifications I'd be glad to look at them.
Thanks,
Scott Miller
#! /usr/bin/perl -w
# Copyright (c) 2002 Oregon State University - Network Engineering
# All rights reserved.
#
# $Id: check_postfix_mailq,v 1.2 2004/11/18 21:01:58 kveton Exp $
# $Source: /data/cvsroot/eng/nagios/check_postfix_mailq,v $
# This is a Nagios monitoring plugin that will check the status of
# the Postfix mailq on the local machine. It is best used with
# something like NRPE for remote access.
BEGIN {
if ($0 =~ m/^(.*?)[\/\\]([^\/\\]+)$/) {
$PROGNAME = $2;
}
}
require 5.004;
use POSIX;
use strict;
use Getopt::Long;
use vars qw($opt_V $opt_h $opt_v $verbose $PROGNAME $opt_w $opt_c $opt_t
$status $state $msg $msg_q);
use lib "/usr/local/nagios/libexec" ;
use utils qw(%ERRORS &print_revision &usage &support);
use Data::Dumper;
# function prototypes
sub print_help ();
sub print_usage ($);
sub help ();
sub version ();
sub get_version ();
# paranoia central
delete @ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
$PROGNAME = "check_mailq";
Getopt::Long::Configure('bundling', 'no_ignore_case');
GetOptions
("V|version"=> \&version,
"h|help" => \&help,
"w|warning=s" => \$opt_w,
"c|critical=s" => \$opt_c);
# set the defaults for warn
($opt_w) || ($opt_w = shift) || ($opt_w = 2000);
my $warning = $1 if ($opt_w =~ /([0-9]+)/);
# set the defaults for critical
($opt_c) || ($opt_c = shift) || ($opt_c = 5000);
my $critical = $1 if ($opt_c =~ /([0-9]+)/);
# for the final processing of the output
my $state = 'UNKNOWN';
my $answer = 'Could not initialize tests.';
# Just in case of problems, let's not hang NetSaint
$SIG{'ALRM'} = sub {
print ("ERROR: No response from postfix mailq (alarm)\n");
exit $ERRORS{"UNKNOWN"};
};
alarm(30);
# let's get to it
my $result = `/usr/sbin/postqueue -p`;
if ( $result =~ /-- (\d+) Kbytes in (\d+) Request[s]*\./ ) {
if ( $2 > $critical ) {
$state = 'CRITICAL';
}
elsif ( $2 > $warning ) {
$state = 'WARNING';
}
else {
$state = 'OK';
}
$answer = "Postfix mailq has $2 messages queued for a total of $1
Kbytes.";
}
elsif ( $result =~ /Mail queue is empty/ ) {
$state = 'OK';
$answer = 'Mail queue is empty';
}
else {
$state = 'CRITICAL';
$answer = "Could not connect to local mailq. Postfix may be down.";
}
if ( $state eq 'CRITICAL' or $state eq 'WARNING' or $state eq 'UNKNOWN' ) {
print "$state: $answer\n";
}
else {
print "OK: $answer\n";
}
exit $ERRORS{$state};
#
3
3
# Standard Netsaint Support Functions
sub print_usage ($) {
my ($error) = @_;
print "Usage: $PROGNAME [--help|h] [-w ] [-c ]\n";
if ( $error ) {
print "$error\n";
exit $ERRORS{'UNKNOWN'};
}
}
sub get_version () {
return '$ Revision: 1.0.0 $';
}
sub print_help () {
my $version = get_version();
print "\nCopyright (c) 2002 Oregon State University -- $PROGNAME,
$version\n";
print_usage('');
my $usage = qq{
-w Warning service page threshold.
-c Critical service page threshold.
-h This message.
};
print $usage;
}
sub version () {
print_revision($PROGNAME, get_version() );
exit $ERRORS{'OK'};
}
sub help () {
print_help();
exit $ERRORS{'OK'};
}
#
#
# SAMPLE SERVICE CHECK COMMANDS
#
# These are some example service check commands. They may or may not work on
# your system, as they must be modified for your plugins. See the HTML
# documentation on the plugins for examples of how to configure command
definitions.
#
# NOTE: The following 'check_local_...' functions are designed to monitor
#various metrics on the host that Nagios is running on (i.e. this one).
# 'check_postfix_mailq' command definition
define command{
command_namecheck_postfix_mailq
command_line$USER1$/check_postfix_mailq -w $ARG1$ -c $ARG2$ -p
$ARG3$
}# Define a service to check mailq on postfix mail server
# warning of > 50
# critical if > 100
define service{
use local-service ; Name of service
template to use
host_name localhost
service_description Postfix Mail Queue
check_command
Re: Postfix Mail Queue Monitor
2009/9/30 Scott Miller : > In case anyone is interested, I've attached a working Postfix Mail Queue > Monitor for nagios - It's working for me as is, but if anyone has any > suggested modifications I'd be glad to look at them. We do something like this where I work, a mailqueue-size check for nagios via NRPE. There was some discussion a little while ago finding the queue size; the long and the short is that invoking postqueue is bad (it's painfully slow). If you're interested, dig up the thread in your favourite archives and have a read, the subject is/was "Recommended way to (quickly) get total mail queue size?", around 2009-07-08. I'm in the process of improving our own systems, which will move to using Victor's suggested perl script. In some ad-hoc testing, I reckon it's easily 1-2 orders of magnitude faster than postqueue when there's a fair amount of mail queued up. P.S. Apologies if I'm wrong about the script using postqueue, but I didn't read every single line, just had a skim to appease my suspicions.
Re: smtp client and aliased addresses
> 2009/9/30 Postfix User : > > > I've since implemented an iptables SNAT rule as a temporary workaround > > as I really needed this working this morning. I doubt this will > > interfere with the verbose logging output. What exactly is it I should > > be looking for? > > Can you show us some proof that it's not working? Eg. send mail via > that machine and show the headers that appear on the receiving end. > > If you really want to use iptables, I'd use it for logging first. Just > some trivial rules. > > iptables -I OUTPUT -s 142.22.75.146 -p tcp --dport smtp -m state --state NEW > iptables -I OUTPUT -s 142.22.75.147 -p tcp --dport smtp -m state --state NEW > Bingo, good thinking Barney. I removed my SNAT rule and sent a couple of emails and this shed some light on it as the second rule was the only one to increment so postfix was working as expected yet email headers and logs on the receiving MTA showed delivery using 142.22.75.146 so I dropped the firewall sent another email and the results were as expected on the receiving end, ie 142.22.75.147 was used. Wadding through the firewall rules I spotted the culprit rule. The rules are not my handy work and they certainly need peer review as looking deeper I see a few others I had to cock an eye at. Anyhow, *perceived* problem solved, thank you very much for the help guys and sorry for wasting everyones time. --
Persistent host database
Running postfix 2.1.5, FC3 Postfix seems to act as if it has a persistence host database, if smtp0 is trying to send mail to emerald, and emerald goes down, mail to emerald is queued on smtp0. But if emerald comes right back up, smtp0 continues to queue mail to emerald for a while rather than trying again. Am I right? If so, how do I turn this off? Thanks is advance, Homer Homer Wilson Smith The Paths of LoversArt Matrix - Lightlink (607) 277-0959 KC2ITFCrossInternet Access, Ithaca NY ho...@lightlink.comIn the Line of Dutyhttp://www.lightlink.com
Re: Persistent host database
Am I right? If so, how do I turn this off? No. see the: http://www.postfix.com/QSHAPE_README.html#deferred_queue -- Eero
Re: Persistent host database
On 9/29/2009 1:25 PM, Homer Wilson Smith wrote: Running postfix 2.1.5, FC3 Very old postfix version. No longer maintained or supported. NB. documentation or notes referred to below are intended for newer postfix, and may not 100% apply to your version. Postfix seems to act as if it has a persistence host database, if smtp0 is trying to send mail to emerald, and emerald goes down, mail to emerald is queued on smtp0. But if emerald comes right back up, smtp0 continues to queue mail to emerald for a while rather than trying again. Am I right? If so, how do I turn this off? Sort of. Please see: http://www.postfix.org/TUNING_README.html#hammer and http://www.postfix.org/QSHAPE_README.html -- Noel Jones
Re: Content_filter - Too Many Hops
Michel Bulgado put forth on 9/29/2009 9:22 AM: > I have implemented in my external mail servers several mechanisms to > stop spammers, I am using postgrey + policy-weight and blacklists such > as Spamhaus (Zen) in addition > smtpd_helo_restrictions. with this slows down the spam, but I keep > getting spam messages. is therefore wish to implement bogofilter. > > No offense, maybe not as genius as it is you, or have that much > experience you have. but I am interested in improving and maintaining my > system with the knowledge I possess Given your situation, may I humbly suggest you also join the spam-l mailing list: http://spam-l.com/mailman/listinfo/spam-l Collective spam fighting experience there going back to pre-1996. There are many Postfix users there, some who x-over to this list, including mouss, /dev/rob0, and myself (apologies to others I missed). Specifically, you may receive better attention there as to blocking the "spams that are still getting through". Adding to the choir, removing sendmail is the first step to solving your immediate problem. -- Stan
newbie confused about authentication
hi, I figured out, by accident, that although I hoped I was using /etc/postfix/sasl_passwd.db as my authentication store, I wasn't. I'm using regular login stuff, a la PAM. So anyone in my /etc/passwd file can send authenticated email. What I'd like to do is change that so you can only send authenticated email if you're in /etc/postfix/sasl_passwd.db. My email server is smail. So this: [r...@smail ~]# more /etc/postfix/sasl_passwd smail.arlut.utexas.edu user1:clearpass followed by this: postmap hash:/etc/postfix/sasl_passwd should set up user1 to be authenticated by the password clearpass when sending email through the host smail. Right? The groovy part of /etc/postfix/main.cf: #--- smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination smtpd_client_restrictions = permit_sasl_authenticated, reject smtpd_sasl_authenticated_header = yes broken_sasl_auth_clients = yes cyrus_sasl_config_path = /usr/lib64/sasl2 smtp_sasl_type = cyrus smtpd_sasl_type = cyrus smtpd_sasl_local_domain = $myhostname #--- Now, is the stuff I need to change in the part above? Or is it in saslauthd's smtpd.conf? more /usr/lib64/sasl2/smtpd.conf pwcheck_method: saslauthd log_level: 5 mech_list: PLAIN LOGIN CRAM-MD5 What I'm really after: I want to control (in a way I understand) which users get to send authenticated email. I know how to disable passwords for users in /etc/passwd, /etc/shadow, but I don't want root sending authenticated email. Yet I also don't want to disable root's password. Is there something I don't know? I thought I couldn't prevent root authentication for email and still let root log in. So, I thought /etc/postfix/sasl_passwd would be the ticket. List the users there and that's that. Well, I find that I've been testing using a user not in sasl_passwd. The tests have worked. So I'm clearly going against /etc/passwd. But I thought saslauthd did not support cram-md5 and digest-md5, and I want to use md5 to encrypt the passwords. Or at least allow it. Thus, I had to have PLAIN LOGIN in smtpd.conf. I surmise that mech_list: PLAIN LOGIN is turning on loggin in through /etc/passwd. Clearly, I'm a noob. j. -- Jay Scott 512-835-3553g...@arlut.utexas.edu Head of Sun Support, Sr. Operating Systems Specialist Applied Research Labs, Computer Science Div. S224 University of Texas at Austin
Re: Postfix Mail Queue Monitor
>2009/9/30 Scott Miller : >> In case anyone is interested, I've attached a working Postfix Mail Queue >> Monitor for nagios - It's working for me as is, but if anyone has any >> suggested modifications I'd be glad to look at them. > >We do something like this where I work, a mailqueue-size check for >nagios via NRPE. There was some discussion a little while ago finding >the queue size; the long and the short is that invoking postqueue is >bad (it's painfully slow). > >If you're interested, dig up the thread in your favourite archives and >have a read, the subject is/was "Recommended way to (quickly) get >total mail queue size?", around 2009-07-08. > >I'm in the process of improving our own systems, which will move to >using Victor's suggested perl script. In some ad-hoc testing, I reckon >it's easily 1-2 orders of magnitude faster than postqueue when there's >a fair amount of mail queued up. > >P.S. Apologies if I'm wrong about the script using postqueue, but I >didn't read every single line, just had a skim to appease my >suspicions. here's mine, very fast with "find": #!/bin/sh for Q in incoming active deferred hold ; do SIZE="`find /mail/spool/postfix/$Q -maxdepth 5 -type f | wc -l | tr -d ' ' `" dd if=/dev/zero bs=1 count=$SIZE of=/var/db/postfix/q_size_$Q done exit 0 then I have monit monitor the filesizes of those 4 files. Len
Re: Strange lack of SMTP rejections
d.h...@yournetplus.com wrote: > Quoting mouss : > >> Russell Jones wrote: >>> Actually that's all the logs show when sending to a non-existent address >>> that resides on the same physical server, but I got it figured it. >>> >>> Believe it or not, it was actually my AVG antivirus. It turns out that >>> when scanning outgoing mail, by default AVG will use its own "Auto SMTP >>> server". For some reason it was preventing my client from receiving the >>> errors. When disabling this "auto smtp server", the popups regarding >>> invalid user is received properly by Thunderbird and Windows Mail. >>> >>> Go figure. >> >> yeah >> >> just to "enrich the knowledge base", what Av was this? > > AVG (http://www.avg.com). It was mentioned. > yeah. me silly. I was about to buy glasses. fortunately, I realised that I should buy a brain instead :)
Re: Getting email multiple times in content filter
Arora, Sumit wrote: > Hi All, > > > > I’m using smtp content filter, I’m getting same email multiple times on > my smtp content filter. > disable address rewrite before or after the filter. This is explained in the FILTER README. look for -o receive_override_options=no_address_mappings > > > Can anyone tell me how to limit postfix to send email to content filter. > > > > Thanks, > > Sumit Arora >
How should I create an email account?
Dear my friends I am still a newbie in postfix. I have installed the postgres and cyrus and they run properly: " sussy:/boot/grub # rcpostfix status Checking for service Postfix: running sussy:/boot/grub # rccyrus status Checking for service IMAP/POP3 (cyrus-imapd): running sussy:/boot/grub # ". I've checked my firewall and lookslike TCP Portnumber 25 and 110 are open already: " [ri...@mandreev ~]$ nmap -PN mygoogle.com Starting Nmap 4.76 ( http://nmap.org ) at 2009-09-30 03:37 WIT Interesting ports on 202-127-97-122.triplegate.net.id (202.127.97.122): Not shown: 987 filtered ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 110/tcp open pop3 143/tcp open imap 389/tcp open ldap 3306/tcp open mysql 5432/tcp open postgresql 5989/tcp open unknown ". Now, I want to create the email account but I still don't understand what is actually the email account in postfix? Is it a user account? How can I create that? How is the syntax of command? Please tell me. Thank you very much in advance.
Re: How should I create an email account?
On 2009-09-30 Ricky Tompu Breaky wrote: > I am still a newbie in postfix. I have installed the postgres and > cyrus and they run properly: [...] > Now, I want to create the email account but I still don't understand > what is actually the email account in postfix? Is it a user account? It can be. It can also be a virtual mailbox (see [1]). > How can I create that? How is the syntax of command? Frankly, if you don't even know how to create a user account, you shouldn't be running a server. Period. Get some basic documentation on whatever operating system you're running, and read that thoroughly before proceeding any further. Sorry if I sound harsh here, but we already have enough bots on the Internet as it is. There's no need for any further contribution. [1] http://www.postfix.org/VIRTUAL_README.html Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
Re: How should I create an email account?
On Wed, 30 Sep 2009 02:02:43 +0200 Ansgar Wiechers wrote: > On 2009-09-30 Ricky Tompu Breaky wrote: > > I am still a newbie in postfix. I have installed the postgres and > > cyrus and they run properly: > [...] > > Now, I want to create the email account but I still don't understand > > what is actually the email account in postfix? Is it a user account? > > It can be. It can also be a virtual mailbox (see [1]). > > > How can I create that? How is the syntax of command? > > Frankly, if you don't even know how to create a user account, you > shouldn't be running a server. Period. > > Get some basic documentation on whatever operating system you're > running, and read that thoroughly before proceeding any further. > > Sorry if I sound harsh here, but we already have enough bots on the > Internet as it is. There's no need for any further contribution. > > [1] http://www.postfix.org/VIRTUAL_README.html > > Regards > Ansgar Wiechers === RB>Hi Ansgar, of course I know user account of Linux. I've created with RB>"useradd" but what I am asking is: "HowTo creating the email account RB>on Postfix"? RB>I come up with a question to anybody wants to answer friendly but RB>now synistic.
Re: How should I create an email account?
On Tuesday 29 September 2009 19:29:23 Ricky Tompu Breaky wrote: > On Wed, 30 Sep 2009 02:02:43 +0200 > Ansgar Wiechers wrote: > > On 2009-09-30 Ricky Tompu Breaky wrote: > > > I am still a newbie in postfix. I have installed the postgres > > > and cyrus and they run properly: > > > > [...] > > > > > Now, I want to create the email account but I still don't > > > understand what is actually the email account in postfix? Is > > > it a user account? > > > > It can be. It can also be a virtual mailbox (see [1]). > > > > > How can I create that? How is the syntax of command? > > > > Frankly, if you don't even know how to create a user account, > > you shouldn't be running a server. Period. > > > > Get some basic documentation on whatever operating system you're > > running, and read that thoroughly before proceeding any further. > > > > Sorry if I sound harsh here, but we already have enough bots on > > the Internet as it is. There's no need for any further > > contribution. > > > > [1] http://www.postfix.org/VIRTUAL_README.html > RB>Hi Ansgar, of course I know user account of Linux. I've created > with "useradd" but what I am asking is: "HowTo creating the email > account on Postfix"? Please reread the reply you were given. While I understand that you didn't like the tone of it, Ansgar did give you as much on-topic information as is possible. You got a pointer to the keywords you should find in the VIRTUAL_README, along with a Web link thereto. I will echo Ansgar's sentiments as well. I regret the harshness of tone, but I don't know how you could get very far not knowing the answer to your question. If you didn't set it up with user accounts, how could you have tested Cyrus IMAP? You said it was working. What does that mean? If you do manage to come up with a real Postfix question in the future, please see this before posting again: http://www.postfix.org/DEBUG_README.html#mail That way, you can give the list a smart question and hope for an informed answer. BTW, VIRTUAL_README.html#local_vs_database has another important bit of advice, which will help you understand the difference between Postfix issues and PostgreSQL issues. > RB>I come up with a question to anybody wants to answer friendly > but now synistic. Parse error at unknown token: synistic. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
Re: How should I create an email account?
On Sep 29, 2009, at 5:29 PM, Ricky Tompu Breaky wrote: RB>Hi Ansgar, of course I know user account of Linux. I've created with RB>"useradd" but what I am asking is: "HowTo creating the email account RB>on Postfix"? Not to pile on here but a user acct is a mail acct at the simplest level. You're overthinking it if you think there is something different about postfix vs any other email system. I don't think anyone on this list is deliberately hostile or bad- tempered but this kind of question is far too basic to expect anything more than a brusque RTFM. -- If this was a real .signature it would be more interesting.
pipe command line arg: sender - original_recipient?
Hi,
I realize that all docs/man pages suggest that the sender command line
argument/macro as described in pipe(8) does not resolve to multiple
addresses (as opposed to ${recipient}, for example).
However, it isn't noted that it actually can never be multiple addresses, so
I'd just like confirmation that in fact, the ${sender} command line argument
could only ever be a single email address (for obvious reasons of parsing,
argument processing, etc.).
One other quick note (somewhat unrelated):
http://www.postfix.org/pipe.8.html
${original_recipient} is present and differentiated from
${recipient}...
The latest version of postfix on CentOS (as determined by yum upgrade):
# postconf mail_version
mail_version = 2.3.3
... has apparently no notion of ${original_recipient}. Just curious as if
this is actually deprecated, or if CentOS' version is lagging.
Thanks much,
H
Re: Content_filter - Too Many Hops
Hello again
I've been tested per second eliminating the MailScanner checks and
guess, the problems persist then the problem is not in the MailScanner
as we thought.
I can send the logs after doing the test and the script that comes
with the example of bogofilter.
#!/bin/sh
FILTER=/usr/bin/bogofilter
FILTER_DIR=/var/spool/filter
# WARNING! The -i is crucial, else you may see
# messages truncated at the first period that is alone on a line
# (which can happen with several kinds of messages, particularly
# quoted-printable)
# -G is ignored before Postfix 2.3 and tells it that the message
# does not originate on the local system (Gateway submission),
# so Postfix avoids some of the local expansions that can leave
# misleading traces in headers, such as local address
# canonicalizations.
POSTFIX="/usr/sbin/sendmail -G -i"
export BOGOFILTER_DIR=/home/filter
# Exit codes from
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
cd $FILTER_DIR || \
{ echo $FILTER_DIR does not exist; exit $EX_TEMPFAIL; }
# Clean up when done or when aborting.
trap "rm -f msg.$$ ; exit $EX_TEMPFAIL" 0 1 2 3 15
# bogofilter -e returns: 0 for OK, nonzero for error
rm -f msg.$$ || exit $EX_TEMPFAIL
$FILTER -p -u -e > msg.$$ || exit $EX_TEMPFAIL
exec Sep 29 23:27:53 mailserver postfix/smtpd[29032]: connect from
spider.home.com[192.
168.25.254]
Sep 29 23:27:53 mailserver postfix/smtpd[29032]: C1345E03AE:
client=spider.home.com[192.168.25.254]
Sep 29 23:27:53 mailserver postfix/cleanup[29035]: C1345E03AE:
message-id=<200909292
33141.fjhnyly7v54oo...@webmail2.home.com>
Sep 29 23:27:53 mailserver postfix/smtpd[29032]: disconnect from
spider.casa.co.cu[1
92.168.25.254]
Sep 29 23:27:53 mailserver postfix/qmgr[29023]: C1345E03AE:
from=
, size=874, nrcpt=1 (queue active)
Sep 29 23:27:53 mailserver sendmail[29037]: n8U3RrLh029037:
Authentication-Warning:
mailserver.home.com: filter set sender to mic...@casa.co.cu using -f
Sep 29 23:27:53 mailserver sendmail[29037]: n8U3RrLh029037:
from=mic...@casa.co.cu,
size=950, class=0, nrcpts=1,
msgid=<20090929233141.fjhnyly7v54oo...@webmail2.home.com>,
relay=fil...@localhost
Sep 29 23:27:53 mailserver postfix/smtpd[29032]: connect from
localhost.localdomain[
127.0.0.1]
Sep 29 23:27:53 mailserver postfix/smtpd[29032]: F2E09E03B2:
client=localhost.locald
omain[127.0.0.1]
Sep 29 23:27:54 mailserver dovecot: IMAP(mic...@casa.co.cu):
Disconnected: Logged ou t
bytes=727/698
Sep 29 23:27:54 mailserver postfix/cleanup[29035]: F2E09E03B2:
message-id=<200909292
33141.fjhnyly7v54oo...@webmail2.home.com>
Sep 29 23:27:54 mailserver sendmail[29037]: n8U3RrLh029037:
to=p...@gmail.com,
ctladdr=mic...@casa.co.cu (509/509), delay=00:00:01, xdelay=00:00:01,
mailer=rel ay, pri=30950,
relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued a
s F2E09E03B2)
Sep 29 23:27:54 mailserver postfix/qmgr[29023]: F2E09E03B2:
from=
, size=1399, nrcpt=1 (queue active)
Sep 29 23:27:54 mailserver postfix/smtpd[29032]: disconnect from
localhost.localdoma
in[127.0.0.1]
Sep 29 23:27:54 mailserver postfix/pipe[29036]: C1345E03AE:
to= ,
relay=filter, delay=0.3, delays=0.03/0.01/0/0.26, dsn=2.0.0,
status=sent (deli vered
via filter service)
Sep 29 23:27:54 mailserver postfix/qmgr[29023]: C1345E03AE: removed
Sep 29 23:27:54 mailserver sendmail[29042]: n8U3RsYj029042:
Authentication-Warning:
mailserver.home.com: filter set sender to mic...@casa.co.cu using -f
Sep 29 23:27:54 mailserver sendmail[29042]: n8U3RsYj029042:
from=mic...@casa.co.cu,
size=1398, class=0, nrcpts=1,
msgid=<20090929233141.fjhnyly7v54oo...@webmail2.home.com>,
relay=fil...@localhost
Sep 29 23:27:54 mailserver postfix/smtpd[29032]: connect from
localhost.localdomain[
127.0.0.1]
Sep 29 23:27:54 mailserver postfix/smtpd[29032]: 26AEDE03AE:
client=localhost.locald
omain[127.0.0.1]
Sep 29 23:27:54 mailserver postfix/cleanup[29035]: 26AEDE03AE:
message-id=<200909292
33141.fjhnyly7v54oo...@webmail2.home.com>
Content_filter - Too Many Hops
mic...@casa.co.cu put forth on 9/29/2009 11:05 PM: > Hello again > > I've been tested per second eliminating the MailScanner checks and > guess, the problems persist then the problem is not in the MailScanner > as we thought. You were told, by multiple people, that the problem was sendmail, not mailscanner. One poster even pointed out with absolute clarity the lines in one of your provided log snippets that showed sendmail to be the problem You still haven't uninstalled the Sendmail package. Why? -- Stan
