Re: Accept null HELO/EHLO

[Geert Hendrickx]

On Thu, Oct 22, 2009 at 01:40:56PM -0400, Victor Duchovni wrote:
> On Thu, Oct 22, 2009 at 01:34:59PM -0400, Wietse Venema wrote:
> 
> > Also, the RCPT TO command shows the address in raw form, so 
> > the same address may appear in different but equivalent forms:
> > 
> > RCPT TO:
> > RCPT TO:<"user"@"example"."com">
> 
> The second is not RFC compliant, quoted-strings are only valid in the
> local part of the address. The domain part is unquoted LDH, with IDNA
> adding support for "xn--" prefixes on some labels.
> 
> This said, I would really discourage any attempts to do domain
> replacement with regexp command editing.


You're probably right, there are too many different cases to be handled by
simple regexpes.  But a separate "rewrite olddomain to newdomain" feature
(perhaps in cleanup(8) instead) would be really nice.


Geert



-- 
Geert Hendrickx  -=-  g...@telenet.be  -=-  PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!

multiple domains - status=bounced (cannot access mailbox /var/mail/domain for user domain. cannot open file: Permission denied)

[Rupert Reid]

Hello,
I have had postfix running successfully with two domains:
- myhostname = mail.domain.es
- my destination = domain2.co.uk

I recently added another domain to mydestination with the same name  
as the main domain but with a different tld: "domain.com".
I have also mapped various user accounts to the address in /etc/ 
postfix/virtual_alias_maps e.g.

u...@domain.com u...@domain.com
us...@domain.comu...@domain.com
etc...

This is exactly as i have done for domain2.co.uk which is working fine.

When I try to send a message to any of the addreses the message is  
bounced with these errors:


	/mail.log = status=bounced (cannot access mailbox /var/mail/domain  
for user domain. cannot open file: Permission denied)


	Delivery Status Notification (Failure) = The following message to  
 was undeliverable. The reason for the problem:  
5.1.2 - Bad destination host 'DNS Hard Error looking up domain.com  
(MX):  NXDomain'


Could it be that because the domains of the main domain and the  
latest virtual domain are the same and the tld is not significant to  
distinguish them.  I kindly request your help


domain:~ rosario$ postconf -n
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost,  
$mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain,  
domain2.co.uk, domain.com

mydomain_fallback = mail.domain.es
myhostname = mail.domain.es
mynetworks = 168.100.189.0/28, 127.0.0.0/8, 12.345.678.901
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_tls_key_file =
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps


Thanks Rups

Re: X-Spam-Status: NO

[Simon Waters]

On Wednesday 21 October 2009 02:14:14 Alberto Lepe wrote:
>
> Hello, I'm creating a script to help me to enhance the spamassassin rules.
> As many of you may know already some spam mails add false X-Spam-Status
> headers to the mail like this one:
>
> X-Spam-Flag: YES

I believe AOL add the same header as spamassassin, which they use when other 
AOL users receive said email to put in spam folder unless the correspondent 
is known to recipient.

Blocking email that claimed to be spam based on these headers turned out to 
have a very high false positive rate.

I tweaked the header_check as others have described, but eventually abandoned 
fiddling with headers and just ignores the whole X-Spam-Flag as I'm not using 
spam assassin.

Re: bug? virtual_alias_maps, virtual_mailbox_maps locan non local sender difference

[Wietse Venema]

al...@ulgsm.ru:
> * Wietse Venema  [2009-10-22 09:29:51 -0400]:
>
> > al...@ulgsm.ru:
> >
> > If you want support, follow the instructions in:
> >
> > http://www.postfix.org/DEUG_README.html
> > provide "postconf -n" output for the current configuration
> > as well as sql client configuration
> >
> > http://www.postfix.org/DATABASE_README.html#preparing
> > show "postmap -q" lookup results
> Thanks.
>
> ]>postconf -n
> alias_maps = hash:/usr/local/etc/postfix/aliases
> command_directory = /usr/local/sbin
> config_directory = /usr/local/etc/postfix
> daemon_directory = /usr/local/libexec/postfix
> data_directory = /var/db/postfix
> debug_peer_level = 2
> home_mailbox = Maildir/
> html_directory = /usr/local/share/doc/postfix
> inet_interfaces = all
> mail_owner = postfix
> mailq_path = /usr/local/bin/mailq
> manpage_directory = /usr/local/man
> message_size_limit = 3500
> mydestination = $myhostname, localhost.$mydomain, localhost, gsm900.net
> mydomain = mail.ulgsm.ru
> myhostname = mail.ulgsm.ru
> mynetworks = 127.0.0.1 192.168.0.0/22 192.168.12.0/24 172.16.10.2
> mynetworks_style = subnet
> myorigin = $mydomain
> newaliases_path = /usr/local/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = /usr/local/share/doc/postfix
> receive_override_options = no_address_mappings
> sample_directory = /usr/local/etc/postfix
> sendmail_path = /usr/local/sbin/sendmail
> setgid_group = maildrop
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks,
> reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
> smtpd_recipient_restrictions = reject_unauth_pipelining, 
> permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_rec, 
> reject_unknown_recipient_domain, reject_unlisted_recipient, 
> reject_unauth_destination, check_policy_service inet:127. 10023
> smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, 
> reject_unknown_sender_domain, permit
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = mysql:/usr/local/etc/postfix/aliases.mysql
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /usr/mailhomes
> virtual_mailbox_domains = ulgsm.ru ul-gsm.ru
> virtual_mailbox_limit = 5120
> virtual_mailbox_limit_inbox = yes
> virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mailboxes.mysql
> virtual_maildir_extended = yes
> virtual_maildir_suffix = Maildir/
> virtual_uid_maps = static:5000
>
> #]>postmap -q ale...@ulgsm.ru mysql:/usr/local/etc/postfix/mailboxes.mysql
> #]>postmap -q ale...@ulgsm.ru mysql:/usr/local/etc/postfix/aliases.mysql
> akljuchni...@domino.local
>
> #]>postmap -q al...@ulgsm.ru mysql:/usr/local/etc/postfix/mailboxes.mysql
> alexs/
> #]>postmap -q al...@ulgsm.ru mysql:/usr/local/etc/postfix/aliases.mysql
>
> > Oh, and it is poor etiquette to talk about "BUG" before you have
> > eliminated all the mistakes from your configuration. The "empty
> > result" mistake may not be the only user error.
> its warring. And it helped to see postfix lookups to mysql in logs.

The warning means that there is a mistake in the configuration that
must be eliminated before I will look into a problem.

> Local mails to virtual users its not my problem. its need in rarely cases.
>
> Jast is it bag or feature of postfix?
>
> Anwer any information.

Please show what Postfix logs NOW with THIS configuration after
you made all the changes. I want to see actual data, not claims
by an eyewitness.

Wietse

Re: multiple domains - status=bounced (cannot access mailbox /var/mail/domain for user domain. cannot open file: Permission denied)

[Wietse Venema]

Rupert Reid:
>   Delivery Status Notification (Failure) = The following message to  
>  was undeliverable. The reason for the problem:  
> 5.1.2 - Bad destination host 'DNS Hard Error looking up domain.com  
> (MX):  NXDomain'

That is NOT a POSTFIX error message.

Do not shoot the messanger (Postfix) for bad news from elsewhere.

Wietse

Re: bug? virtual_alias_maps, virtual_mailbox_maps locan non local sender difference

[alexs]

* Wietse Venema  [2009-10-23 06:47:22 -0400]:

> Please show what Postfix logs NOW with THIS configuration after
> you made all the changes. I want to see actual data, not claims
> by an eyewitness.

Mail from remote server:
Oct 23 14:50:09 skuns postfix/smtpd[55651]: connect from 
hive.ulgsm.ru[93.93.136.27]
Oct 23 14:50:09 skuns postgrey[65493]: action=pass, reason=client whitelist, 
client_name=hive.ulgsm.ru, client_address=93.93.136.27, 
sender=al...@hive.ulgsm.ru, recipient=ale...@ulgsm.ru
Oct 23 14:50:09 skuns postfix/smtpd[55651]: A8EE9B843: 
client=hive.ulgsm.ru[93.93.136.27]
Oct 23 14:50:09 skuns postfix/cleanup[63674]: A8EE9B843: 
message-id=<20091023105009.a3ad656...@hive.ulgsm.ru>
Oct 23 14:50:09 skuns postfix/qmgr[52192]: A8EE9B843: 
from=, size=482, nrcpt=1 (queue active)
Oct 23 14:50:09 skuns postfix/smtpd[55651]: disconnect from 
hive.ulgsm.ru[93.93.136.27]
Oct 23 14:50:09 skuns clamsmtpd: 110BB6: accepted connection from: 127.0.0.1
Oct 23 14:50:09 skuns postfix/smtpd[64005]: connect from localhost[127.0.0.1]
Oct 23 14:50:09 skuns postfix/smtpd[64005]: C2BAFB849: 
client=localhost[127.0.0.1]
Oct 23 14:50:09 skuns postfix/cleanup[63824]: C2BAFB849: 
message-id=<20091023105009.a3ad656...@hive.ulgsm.ru>
Oct 23 14:50:09 skuns postfix/qmgr[52192]: C2BAFB849: 
from=, size=692, nrcpt=1 (queue active)
Oct 23 14:50:09 skuns clamsmtpd: 110BB6: from=al...@hive.ulgsm.ru, 
to=ale...@ulgsm.ru, status=CLEAN
Oct 23 14:50:09 skuns postfix/smtp[64004]: A8EE9B843: to=, 
relay=127.0.0.1[127.0.0.1]:10025, delay=0.22, delays=0.01/0/0.1/0.11, 
dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as C2BAFB849)
Oct 23 14:50:09 skuns postfix/qmgr[52192]: A8EE9B843: removed
Oct 23 14:50:09 skuns postfix/smtpd[64005]: disconnect from localhost[127.0.0.1]
Oct 23 14:50:09 skuns postfix/smtpd[64008]: connect from localhost[127.0.0.1]
Oct 23 14:50:09 skuns postfix/smtpd[64008]: DE6E0B8B5: 
client=localhost[127.0.0.1]
Oct 23 14:50:10 skuns spampd[60584]: processing message 
<20091023105009.a3ad656...@hive.ulgsm.ru> for  
ORCPT=rfc822;ale...@ulgsm.ru 
Oct 23 14:50:10 skuns pop3d: LOGIN, user=alexs, ip=[192.168.0.160], port=[61576]
Oct 23 14:50:10 skuns pop3d: LOGOUT, user=alexs, ip=[192.168.0.160], 
port=[61576], top=0, retr=0, rcvd=12, sent=39, time=0
Oct 23 14:50:12 skuns spampd[60584]: clean message 
<20091023105009.a3ad656...@hive.ulgsm.ru> (-0.70/5.00) from
 for  ORCPT=rfc822;ale...@ulgsm.ru in 
2.85s, 692 bytes. 
Oct 23 14:50:12 skuns postfix/cleanup[63674]: DE6E0B8B5: 
message-id=<20091023105009.a3ad656...@hive.ulgsm.ru>
Oct 23 14:50:12 skuns postfix/smtp[64007]: C2BAFB849: to=, 
orig_to=, relay=127.0.0.1[127.0.0.1]:10027, delay=3.2, 
delays=0.11/0/0/3.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as DE6E0B8B5)
Oct 23 14:50:12 skuns postfix/smtpd[64008]: disconnect from localhost[127.0.0.1]
Oct 23 14:50:12 skuns postfix/qmgr[52192]: DE6E0B8B5: 
from=, size=1078, nrcpt=1 (queue active)
Oct 23 14:50:12 skuns postfix/qmgr[52192]: C2BAFB849: removed
Oct 23 14:50:12 skuns postfix/smtp[64116]: DE6E0B8B5: to=,
relay=domino.local[192.168.0.18]:25, delay=3.1, delays=3.1/0.01/0/0, dsn=2.0.0, 
status=sent (250 Message accepted for delivery)
Oct 23 14:50:12 skuns postfix/qmgr[52192]: DE6E0B8B5: removed





From local server: command mail -s test ale...@ulgsm.ru
Oct 23 15:06:47 skuns postfix/pickup[55967]: 36DFAB849: uid=0 from= Oct 
23 15:06:47 skuns postfix/cleanup[99222]: 36DFAB849:
message-id=<20091023110647.36dfab...@mail.ulgsm.ru> Oct 23 15:06:47 skuns 
postfix/qmgr[52192]: 36DFAB849: from=, size=291, nrcpt=1 
(queue active)
Oct 23 15:06:47 skuns postfix/virtual[99428]: 36DFAB849: to=, 
relay=virtual, delay=0.05, delays=0.03/0.01/0/0.02, dsn=5.1.1, status=bounced 
(unknown user: "ale...@ulgsm.ru")
Oct 23 15:06:47 skuns postfix/cleanup[99222]: 43016B9B6: 
message-id=<20091023110647.43016b...@mail.ulgsm.ru>
Oct 23 15:06:47 skuns postfix/bounce[99429]: 36DFAB849: sender non-delivery 
notification: 43016B9B6
Oct 23 15:06:47 skuns postfix/qmgr[52192]: 43016B9B6: from=<>, size=1984, 
nrcpt=1 (queue active)
Oct 23 15:06:47 skuns postfix/qmgr[52192]: 36DFAB849: removed
Oct 23 15:06:47 skuns postfix/cleanup[99222]: 4C96CB9B8: 
message-id=<20091023110647.43016b...@mail.ulgsm.ru>
Oct 23 15:06:47 skuns postfix/local[99430]: 43016B9B6: to=, 
relay=local, delay=0.04, delays=0/0.03/0/0, dsn=2.0.0, status=sent (forwarded 
as 4C96CB9B8)





> 
>   Wietse

-- 
Email: al...@ulgsm.ru
Email/Jabber: al...@ulgsm.ru


pgpRf64eCtpDq.pgp
Description: PGP signature

Use Virtual or other to route mail into OS users mailbox based on sender domain?

[Stevie Haston]

Hi 
Is it possible within postfix to use the virtual file or otherwise to route 
mail into OS users mailbox based on sender domain.
Currently I've got in /etc/virtual
initial_recipient_1 localaccount, forward_recipient_1   
initial_recipient_2 localaccount, forward_recipient_2
I'd like to say in rough pseudocode:
If sender_domain = x.com theninitial_recipient_1 localaccount_A, 
forward_recipient_1initial_recipient_1 localaccount_A, forward_recipient_1Fi
If sender_domain = y.com theninitial_recipient_1 localaccount_B, 
forward_recipient_1initial_recipient_1 localaccount_B, forward_recipient_1Fi
Any ideas much appreciated.
ThanksStevie


  
_
Download Messenger onto your mobile for free
http://clk.atdmt.com/UKM/go/174426567/direct/01/

Re: bug? virtual_alias_maps, virtual_mailbox_maps locan non local sender difference

[Wietse Venema]

Apparently,

1) You have virtual alias mapping enabled BEFORE the content filter,
as shown by these  logfile records:

Oct 23 14:50:10 skuns spampd[60584]: processing message
<20091023105009.a3ad656...@hive.ulgsm.ru> for 
ORCPT=rfc822;ale...@ulgsm.ru
Oct 23 14:50:12 skuns postfix/smtp[64007]: C2BAFB849:
to=, orig_to=,
relay=127.0.0.1[127.0.0.1]:10027, delay=3.2, delays=0.

2) You have no virtual alias mapping for local submissions (and
you have no content filtering for local submission).

It's your choice not to filter local submissions, but you must apply
the same virtual alias mapping for all mail, whether it comes from
local submission or otherwise.

Wietse

Re: bug? virtual_alias_maps, virtual_mailbox_maps locan non local sender difference

[alexs]

* Wietse Venema  [2009-10-23 08:07:41 -0400]:

> Apparently,
> 
> 1) You have virtual alias mapping enabled BEFORE the content filter,
> as shown by these  logfile records:
> 
> Oct 23 14:50:10 skuns spampd[60584]: processing message
>   <20091023105009.a3ad656...@hive.ulgsm.ru> for 
>   ORCPT=rfc822;ale...@ulgsm.ru
> Oct 23 14:50:12 skuns postfix/smtp[64007]: C2BAFB849:
>   to=, orig_to=,
>   relay=127.0.0.1[127.0.0.1]:10027, delay=3.2, delays=0.
> 
> 2) You have no virtual alias mapping for local submissions (and
> you have no content filtering for local submission).
> 
> It's your choice not to filter local submissions, but you must apply
> the same virtual alias mapping for all mail, whether it comes from
> local submission or otherwise.


I`m edit master.conf
pickupfifo  n   -   n   60  1   pickup
  -o content_filter=clamsmtpd:127.0.0.1:10025

Local mails now thru antispam/antivirus and delivered sussefuly to virtual
user.


Same way i can put mails on smtpd, after all filters
pickupfifo  n   -   n   60  1   pickup
  -o content_filter=clamsmtpd:127.0.0.1:10028


Alias mapping work on smtp service, not on pickup?
how to apply virtual alias mapping for pickup service?



 Thanks for your patient.


> 
>   Wietse

-- 
Email: al...@ulgsm.ru
Email/Jabber: al...@ulgsm.ru

One-on-one mappings (was: Accept null HELO/EHLO)

[Wietse Venema]

Geert Hendrickx:
> On Thu, Oct 22, 2009 at 01:40:56PM -0400, Victor Duchovni wrote:
> > On Thu, Oct 22, 2009 at 01:34:59PM -0400, Wietse Venema wrote:
> > 
> > > Also, the RCPT TO command shows the address in raw form, so 
> > > the same address may appear in different but equivalent forms:
> > > 
> > > RCPT TO:
> > > RCPT TO:<"user"@"example"."com">
> > 
> > The second is not RFC compliant, quoted-strings are only valid in the
> > local part of the address. The domain part is unquoted LDH, with IDNA
> > adding support for "xn--" prefixes on some labels.
> > 
> > This said, I would really discourage any attempts to do domain
> > replacement with regexp command editing.
> 
> 
> You're probably right, there are too many different cases to be handled by
> simple regexpes.  But a separate "rewrite olddomain to newdomain" feature
> (perhaps in cleanup(8) instead) would be really nice.

To avoid becoming a backscatter source,

1) The Postfix SMTP server needs a table that matches all recipient
addresses in the old domain.

2) The Postfix SMTP server needs a table that matches all recipient
addresses in the new domain.

Both tables can be generated from the same source, either with
scripting and plain files, or, if I am not mistaken, with clever
use of *SQL or LDAP queries.

Your suggested "rewrite olddomain to newdomain" feature does not
eliminate the requirement for 1) and 2).

If you can provide 1) and 2), then you can also provide the one-on-one
mapping from u...@olddomain to u...@newdomain.

Wietse

Re: Use Virtual or other to route mail into OS users mailbox based on sender domain?

[Noel Jones]

On 10/23/2009 7:01 AM, Stevie Haston wrote:

Hi

Is it possible within postfix to use the virtual file or otherwise to
route mail into OS users mailbox based on sender domain.

Currently I've got in /etc/virtual

initial_recipient_1 localaccount, forward_recipient_1
initial_recipient_2 localaccount, forward_recipient_2

I'd like to say in rough pseudocode:

If sender_domain = x.com then
initial_recipient_1 localaccount_A, forward_recipient_1
initial_recipient_1 localaccount_A, forward_recipient_1
Fi

If sender_domain = y.com then
initial_recipient_1 localaccount_B, forward_recipient_1
initial_recipient_1 localaccount_B, forward_recipient_1
Fi

Any ideas much appreciated.



Postfix doesn't have anything quite like that built in. 
Sender options include sender_dependent_relayhost_maps or 
using the REDIRECT action in a check_sender_access map, 
neither of which will do quite what you're asking for.


You could probably use procmail during delivery to forward the 
mail based on sender.


  -- Noel Jones

re-writing email address on bounced message

[aio shin]

hi,

I have domain.com as main domain.

I have mail1.site1.com as mail server at site 1
mail2.site2.com as mail server at site2.

domain.com distribute the email via virtual_alias_maps and transport.


my main problem is when there's a bounce email, say, a user that have
already reached the quota limit...


##
This is the Postfix program at host mail1.site1.com

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to 

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The Postfix program

: maildir delivery failed: error writing
message: Disk quota exceeded



Reporting-MTA: dns; mail1.site1.com
X-Postfix-Queue-ID: E258A5B7B2
##


it will display the user email as us...@mail1.site1.com instead of
us...@domain.com


is there a way to fix it so it will not display the  @mail1.site1.com
portion and instead will display the @domain.com.?



tia.

Re: bug? virtual_alias_maps, virtual_mailbox_maps locan non local sender difference

[Wietse Venema]

al...@ulgsm.ru:
> * Wietse Venema  [2009-10-23 08:07:41 -0400]:
> 
> > Apparently,
> > 
> > 1) You have virtual alias mapping enabled BEFORE the content filter,
> > as shown by these  logfile records:
> > 
> > Oct 23 14:50:10 skuns spampd[60584]: processing message
> > <20091023105009.a3ad656...@hive.ulgsm.ru> for 
> > ORCPT=rfc822;ale...@ulgsm.ru
> > Oct 23 14:50:12 skuns postfix/smtp[64007]: C2BAFB849:
> > to=, orig_to=,
> > relay=127.0.0.1[127.0.0.1]:10027, delay=3.2, delays=0.
> > 
> > 2) You have no virtual alias mapping for local submissions (and
> > you have no content filtering for local submission).
> > 
> > It's your choice not to filter local submissions, but you must apply
> > the same virtual alias mapping for all mail, whether it comes from
> > local submission or otherwise.
> 
> 
> I`m edit master.conf
> pickupfifo  n   -   n   60  1   pickup
>   -o content_filter=clamsmtpd:127.0.0.1:10025
> 
> Local mails now thru antispam/antivirus and delivered sussefuly to virtual
> user.
> 
> 
> Same way i can put mails on smtpd, after all filters
> pickupfifo  n   -   n   60  1   pickup
>   -o content_filter=clamsmtpd:127.0.0.1:10028
> 
> 
> Alias mapping work on smtp service, not on pickup?
> how to apply virtual alias mapping for pickup service?

Virtual alias mapping is implemented by the cleanup service.

By default, smtpd and pickup both use the same cleanup service.

Perhaps you have overrides in master.cf that 

a) use different cleanup_service settings.

b) use different receive_override_options settings.

Or:

c) multiple Postfix instances with different main.cf settings.

Wietse

Alternate mail server in transport table?

[Curtis]

I run a spam filtering service where the customer points the MX records to our 
mail servers and then we forward the filtered mail on to the destination using 
the transport table, as follows:

customer.com smtp:[mailserver1.customer.com]

Today I got a request from a potential customer asking if it is possible to 
specify a secondary mail server, to be used only if their primary mail server 
is down.  I don't see a way to do this using the transport table... perhaps 
there's another way?  Anyone have any ideas for me?

Thanks,

Curtis

Re: Alternate mail server in transport table?

[Noel Jones]

On 10/23/2009 9:42 AM, Curtis wrote:

I run a spam filtering service where the customer points the MX records to our 
mail servers and then we forward the filtered mail on to the destination using 
the transport table, as follows:

customer.com smtp:[mailserver1.customer.com]

Today I got a request from a potential customer asking if it is possible to 
specify a secondary mail server, to be used only if their primary mail server 
is down.  I don't see a way to do this using the transport table... perhaps 
there's another way?  Anyone have any ideas for me?

Thanks,

Curtis



Postfix does not support multiple next-hops in the transport 
table.  That's what MX records are for.


Add local entries to your DNS something like
  customer.local  MX 10 ip.1
  customer.local  MX 20 ip.2
and use a transport entry like
customer.com smtp:customer.local
note: no "[ ]" so MX will be used!!



An alternative is to define a new transport in master.cf with 
a -o fallback_relay=[some.ip.addr.ess], but that gets messy if 
there are more than a few domains needing fallback.

# transport
customer.com  customer:[ip.1]

# master.cf
# this is a copy of the "smtp ... smtp" entry
customer ... smtp
  -o fallback_relay=[ip.2]


  -- Noel Jones

Alias with memberaddr sends mail but also bounces from Cyrus

[James Lamanna]

Hi,
I have a mail alias set up in LDAP with no local member addresses:

dn: cn=jeff,ou=warp2biz,ou=accounts,dc=mycompany,dc=com
objectClass: mailGroup
cn: jeff
mail: j...@mycompany.com
accountStatus: active
memberaddr: j...@othercompany.net

However, sending to j...@mycompany.com results in a bounce because
Cyrus thinks it is a local user:

Oct 23 05:07:28 athena cyrus/lmtpunix[8156]:
verify_user(mycompany.com!user.jeff) failed: Mailbox does not exist

But the mail is still delivered to j...@othercompany.net.

Adding a memberdn entry with other _local_ addresses does not cause
the bounce. Only an alias with a memberaddr entry and no local
mailboxes causes it to bounce.
I am using the model described in 'man ldap_table'.

virtual_alias_maps = ldap:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_maps = ldap:/etc/postfix/virtual_mbox_maps.cf

virtual_alias_maps.cf:
...
query_filter = (&(mail=%s)(accountStatus=active))
result_attribute = memberaddr
special_result_attribute = memberdn
terminal_result_attribute = maildrop
leaf_result_attribute = mail

virtual_mbox_maps.cf:
...
query_filter = (&(mail=%s)(accountStatus=active))
result_attribute = uid

Thanks.

-- James

Re: Alias with memberaddr sends mail but also bounces from Cyrus

[Victor Duchovni]

On Fri, Oct 23, 2009 at 07:59:51AM -0700, James Lamanna wrote:

> Hi,
> I have a mail alias set up in LDAP with no local member addresses:
> 
> dn: cn=jeff,ou=warp2biz,ou=accounts,dc=mycompany,dc=com
> objectClass: mailGroup
> cn: jeff
> mail: j...@mycompany.com
> accountStatus: active
> memberaddr: j...@othercompany.net
> 
> However, sending to j...@mycompany.com results in a bounce because
> Cyrus thinks it is a local user:
> 
> Oct 23 05:07:28 athena cyrus/lmtpunix[8156]:
> verify_user(mycompany.com!user.jeff) failed: Mailbox does not exist

Your transport or address class tables are wrong. Most likely your
virtual_mailbox_domains query returns a list of domains regardless of
the input key, and so remote mail is sent to the virtual_transport
in error.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Alias with memberaddr sends mail but also bounces from Cyrus

[James Lamanna]

On Fri, Oct 23, 2009 at 07:59:51AM -0700, James Lamanna wrote:

>> Hi,
>> I have a mail alias set up in LDAP with no local member addresses:
>>
>> dn: cn=jeff,ou=warp2biz,ou=accounts,dc=mycompany,dc=com
>> objectClass: mailGroup
> cn: jeff
>> mail: j...@...
>> accountStatus: active
>> memberaddr: j...@...
>>
>> However, sending to j...@... results in a bounce because
>> Cyrus thinks it is a local user:
>>
>> Oct 23 05:07:28 athena cyrus/lmtpunix[8156]:
>> verify_user(mycompany.com!user.jeff) failed: Mailbox does not exist
>
>Your transport or address class tables are wrong. Most likely your
>virtual_mailbox_domains query returns a list of domains regardless of
>the input key, and so remote mail is sent to the virtual_transport
>in error.

However, I have other aliases like the following which work fine:
dn: cn=escalate,ou=mycompany,ou=accounts,dc=mycompany,dc=com
objectClass: mailGroup
cn: escalate
mail: escal...@mycompany.com
accountStatus: active
memberdn: cn=james,ou=mycompany,ou=accounts,dc=mycompany,dc=com
memberaddr: j...@othercompany.net

For some reason presence of memberaddr by itself makes it think it is
a mailbox, even though
the group does not contain a 'uid' attribute.

-- James

Re: Alternate mail server in transport table?

[Curtis]

On Fri, Oct 23, 2009 at 8:59 AM, Noel Jones  wrote:

> On 10/23/2009 9:42 AM, Curtis wrote:
>
>> I run a spam filtering service where the customer points the MX records to
>> our mail servers and then we forward the filtered mail on to the destination
>> using the transport table, as follows:
>>
>> customer.com smtp:[mailserver1.customer.com]
>>
>> Today I got a request from a potential customer asking if it is possible
>> to specify a secondary mail server, to be used only if their primary mail
>> server is down.  I don't see a way to do this using the transport table...
>> perhaps there's another way?  Anyone have any ideas for me?
>>
>> Thanks,
>>
>> Curtis
>>
>>
> Postfix does not support multiple next-hops in the transport table.  That's
> what MX records are for.
>
> Add local entries to your DNS something like
>  customer.local  MX 10 ip.1
>  customer.local  MX 20 ip.2
> and use a transport entry like
> customer.com smtp:customer.local
> note: no "[ ]" so MX will be used!!
>

Perfect!  I don't know how long it would have taken for me to think of this
solution... it's just what I needed.

Curtis


>
>
>
> An alternative is to define a new transport in master.cf with a -o
> fallback_relay=[some.ip.addr.ess], but that gets messy if there are more
> than a few domains needing fallback.
> # transport
> customer.com  customer:[ip.1]
>
> # master.cf
> # this is a copy of the "smtp ... smtp" entry
> customer ... smtp
>  -o fallback_relay=[ip.2]
>
>
>  -- Noel Jones
>

Recursive expressions in parameter values in main.cf

[Daniel Kauffman]

Some part of postfix (possibly postmulti, I'm not sure) does not appear 
to be evaluating recursive expressions in parameter values in main.cf


Here are the symptoms I am experiencing:

When creating a new postfix instance using:

  postmulti -I postfix-instance -e create

The following is added to /etc/postfix/main.cf

  multi_instance_wrapper = ${command_directory}/postmulti -p --

Then, when starting postfix using:

  /etc/init.d/postfix start

I get the following error:

  * Starting Postfix Mail Transport Agent postfix
postfix: fatal: /postmulti: No such file or directory

When I edit /etc/postfix/main.cf as follows:

  multi_instance_wrapper = /usr/sbin/postmulti -p --

Then I am able to start postfix using:

  /etc/init.d/postfix start


A possibly related issue is that when configuring an instance of postfix 
by editing /etc/postfix-instance/main.cf as follows:


  multi_instance_name = postfix-$myhostname
  myhostname = mx.example.com

And then running:

  postmulti -l

I see a list of instances, but the instance name shows the literal 
expression "postfix-$myhostname" and not the result of evaluating the 
expression, in this case, "postfix-mx.example.com".



Any suggestions for further troubleshooting, or is this a bug?

I am working with Postfix version 2.6.5 on Ubuntu Server version 9.10 
beta with kernel version 2.6.30.



Thanks!

Daniel Kauffman

Re: Recursive expressions in parameter values in main.cf

[Wietse Venema]

Daniel Kauffman:
>multi_instance_wrapper = ${command_directory}/postmulti -p --

This is currently not supported. Ask your money back.

Wietse

Postfix 2.6.x slow

[Stan Hoeppner]

Wietse Venema put forth on 10/22/2009 8:03 PM:
> Stan Hoeppner:
>> The point I was attempting to make is that, even with todays fast disks,
>> on a heavily loaded Postfix server, a 6 fold decrease in disk throughput
>> due to an obscure bug like this would likely wreak havoc for a few
>> hours, if not days, depending on the skill and experience of the OP,
>> before the problem were found and fixed.  Ergo, we should never rule out
>> the rare/obscure/unlikely possible causes of problems that pop up.
> 
> I guess that the lesson from this is: don't install bleeding-edge
> kernels on servers that people depend on. Pretty much every OS
> distribution has a QA process that catches such anomalies before
> too many people suffer.

I wholeheartedly agree.  But I'd throw in the caveat that even stable
point releases, not just bleeding edge kernels, can come with 'hidden'
changes that break things, such as in the case I mentioned above, which
was a stable point release, well behind the bleeding Linux kernel of the
time.  Thus, I've always feared, and never used, thing like Redhat's
'up2date' or SuSE's AutoYast for updating critical components like
kernels and libc.

> I have been doing UNIX since 1985. I have learned to be careful.

I've only been using *nix since around 2000.  I tend to be very
conservative in this regard as well.  Unfortunately there is always the
potential that we might get burned as we rely so heavily on software
written and bug checked by others, and sometimes bugs don't 'surface'
until the software gets pounded on by the greater user base.

One such bug was another LSI Logic SCSI driver problem that only showed
up on Linux kernels running as VMware ESX guests.  IIRC, a SCSI 'busy'
was changed to SCSI 'wait' for no logical reason by the LSI driver team,
which didn't cause problems on real hardware.  But once Linux was
virtualized on the VMware hypervisor, it caused the Linux kernel to
remount filesystems readonly due to receiving excessive SCSI 'waits'
during fiber channel SAN transactions, thus wreaking tons of havoc.

I ran into this issue on a SLES 10 LAMP server.  Luckily I was still in
testing, not production. Took me a few days to figure it out, and I was
successful only because other end users had already gone through this
and posted on the VMware forum.  This coincided with the Linux kernel
version that initially shipped with SLES 10.  And this was supposedly a
'stable' kernel that had been thoroughly tested.  From what I heard at
the time, Ford Motor company wasn't so lucky.  They had upgraded all
their SLES9 VMware guests to SLES10 and discovered this bug in
production.  Ouch!

--
Stan