Re: Catch-all alias not working correctly

2010-03-27 Thread Wietse Venema 
Da-Huntha:
> Oops, I forgot to mention the problem: All mail goes to the catch-all
> address, so even mail destined for m...@domain.com.

As documented, virtual alias expansion is recursive.

> > # /etc/postfix/virtual
> > m...@domain.com me
> > @domain.com spam
> > @domain2.com spam

To stop the recursion, use the same email address on the
right-hand side as the left hand side:

m...@domain.com m...@domain.com

Wietse

Re: Can Receive jpeg but can`t send

2010-03-27 Thread Wietse Venema 
Rafael Andrade:
> Hello Members,
> 
> I would like to know if there is a method so I can have the following 
> configuration on my MTA:
> 
> The user foobar can receive attached jpeg files, but cannot send 
> attached jpegs.  I need this because some employees must receive some 
> files in a specific extension, but cannot send files in that same 
> extension.

What is the error message?

Wietse

AW: whitelist for smtp_recipient_restrictions

2010-03-27 Thread Schwalbe, Oliver 
 
 
Hello Mr. Hildebrandt,
 
thanks for the good advice.
I try this.
 
O. Schwalbe



Von: owner-postfix-us...@postfix.org im Auftrag von Ralf Hildebrandt
Gesendet: Sa 27.03.2010 00:12
An: postfix-users@postfix.org
Betreff: Re: whitelist for smtp_recipient_restrictions



* Schwalbe, Oliver :
>
> Hallo Herr Hildebrandt,
>
> Danke für die schnelle Rückantwort.
> uceprotect.net habe ich als erste Maßnahme schon deaktiviert, würde aber ganz 
> gerne wieder darauf
> zurückkommen.
> Ich bräuchte aber noch genauere Informationen, wo ich IP ok hinterlegen muß.
> Muß ich dafür eine eigene Datei anlegen und darauf verweisen?

Yes, like I wrote in my answer:
--->check_client_access hash:/etc/postfix/whitelist

echo "IP OK" > /etc/postfix/whitelist
postmap /etc/postfix/whitelist

--
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de  
   


<>

Re: Spam from the same domain

2010-03-27 Thread Sahil Tandon 
On Fri, 26 Mar 2010, Mark Goodge wrote:

> On 26/03/2010 20:54, listadecorreo wrote:
> >
> >in the last month I revived a lot of spam from user_non_ex...@mydomain
> >to user_ex...@mydomain. can I block all received externals mails
> >from my domain to my domain...
> 
> It's very easy to block mails from fake_u...@domain to
> real_u...@domain. Just turn on sender address verification for your
> own domains. 

An easier way to block spam from f...@example.org is to use
reject_unlisted_sender.  See postconf(5).

http://www.postfix.org/postconf.5.html#reject_unlisted_sender
http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_sender

-- 
Sahil Tandon

Re: Spam from the same domain

2010-03-27 Thread mouss 
listadecorreo a écrit :
> 
> Hello
> 
> in the last month I revived a lot of spam from user_non_ex...@mydomain
> to user_ex...@mydomain. can I block all received externals mails
> from my domain to my domain...
> I use postfix with amavis (spamassassin/clamav)
> 


- to block mail from user_not_ex...@yourdomain, simply use
reject_unlisted_sender
in your smtpd restrictions, or even more simply, set
smtpd_reject_unlisted_sender = yes
The latter applies to all mail.

- to block mail from user_ex...@yourdomain if it comes from external
clients and is not authenticated, then simply use

smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_sender_access hash:/etc/postfix/access_sender
...

== access_sender
example.com REJECT not allowed without authentication
.example.comREJECT not allowed without authentication
...

This will reject all mail from j...@example.com or j...@sub.example.com
unless it comes from mynetworks or the user was authenticated.

note this applies to envelope addresses (MAIL FROM), not to headers
(From: or Reply-To:).

If you are about headers, first try zen as suggested before. for the
spam that slips, tune spamassassin.

Re: Postfix redirection after aliase resolution

2010-03-27 Thread mouss 
Bob Sauvage a écrit :
> Hi people !
> 
> 
> I have a postfix server and I want to redirect my mails to another
> server (Spam filter) after the aliase resolution. Because this spam
> filter can only filter 100 adresses.
> 
> 
> When the other server has completed its work, it sends this mail to my
> Postfix server (on another SMTP process and another port of course).
> 
> And finally the mails will be delivered.
> 
> 
> Is this possible ?


yes. configure filtering "as usual", but put the
-o receive_override_options=no_address_mappings
in the "after the filter" smtpd listener, not in the "before the filter"
as is usually done.

More generally, this option should be set in all smtpd listeners in a
chain, except in the one where you want address rewrite. (you don't want
rewrite twice, because it may cause duplicate delivery).

Re: Difference between default_destination_recipient_limit and smtpd_recipient_limit

2010-03-27 Thread mouss 
Marcos Lorenzo de Santiago a écrit :
> El vie, 26-03-2010 a las 12:06 +0100, Wietse Venema escribió:
>> Marcos Lorenzo de Santiago:
>> > I had configured default_destination_recipient_limit to 1500 and I
>> > couldn't send an email destined to 1100 recipients. It was when I
>> > modified this two options when I got it working:
>> > 
>> > smtpd_recipient_overshoot_limit
>> > smtpd_recipient_limit
>> > 
>> > I rtfm but I just can't see why it wasn't working, because
>> > default_destination_recipient_limit seems to be the default value for
>> > every postfix service.
>> > 
>> > ... or maybe I am just missing something.
>>
>> Indeed. You missed the instructions for reporting a problem
>> on this mailing list. They were sent to you in the mailing
>> list welcome message.
> 
> externo2:~# postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> config_directory = /etc/postfix
> default_destination_recipient_limit = 2
> inet_interfaces = all
> mailbox_size_limit = 0
> message_size_limit = 52428800
> mydestination = externo2.ayto-getafe.org, localhost.ayto-getafe.org,
> localhost
> myhostname = externo2.ayto-getafe.org
> mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 10.0.0.0/8
> 172.16.0.0/12 192.168.0.0/16
> myorigin = /etc/mailname
> readme_directory = no
> recipient_delimiter = +
> relay_domains = $mydestination, ayto-getafe.org
> relayhost =
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_recipient_limit = 2
> smtpd_recipient_overshoot_limit = 2
> smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,
> reject_unknown_sender_domain, check_sender_access
> hash:/etc/postfix/sender_access
> smtpd_tls_cert_file = /etc/ssl/certs/mailer.ayto-getafe.org_cert.pem
> smtpd_tls_key_file = /etc/ssl/private/mailer.ayto-getafe.org_key.pem
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
> transport_maps = hash:/etc/postfix/transport
> 
> 
> I have no logs to show, sorry. But my question remains as simple as before:
> Could anyone please point me to some document (RFC or so) where that
> options and its use are more thoroughly explained than in postfix's manual?
> 
> Sorry for missing info and thank you very much for your time.
> 

without logs and/or transcripts, we have no idea what blocks your mail.
It is possible that mail was blocked by some piece (anti-virus,
firewall, router, mail relay, ...) other than postfix.

As for the parameters, smtpd_* apply to the smtpd server, which
_receives_ mail, while default_destination_recipient_limit applies to
mail that postfix _delivers_ (via smtp, lmtp, virtual and pipe).

Re: Difference between default_destination_recipient_limit and smtpd_recipient_limit

2010-03-27 Thread Wietse Venema 
Marcos Lorenzo de Santiago:
> El vie, 26-03-2010 a las 12:06 +0100, Wietse Venema escribi?:
> 
> > Marcos Lorenzo de Santiago:
> > > I had configured default_destination_recipient_limit to 1500 and I
> > > couldn't send an email destined to 1100 recipients. It was when I
> > > modified this two options when I got it working:
> > > 
> > > smtpd_recipient_overshoot_limit
> > > smtpd_recipient_limit
> > > 
> > > I rtfm but I just can't see why it wasn't working, because
> > > default_destination_recipient_limit seems to be the default value for
> > > every postfix service.
> > > 
> > > ... or maybe I am just missing something.
> > 
> > Indeed. You missed the instructions for reporting a problem
> > on this mailing list. They were sent to you in the mailing
> > list welcome message.
> 
> 
> externo2:~# postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
...
> 
> I have no logs to show, sorry.

Then could you at least tell us **what is the error message**

Wietse

Re: Spam from the same domain

2010-03-27 Thread listadecorreo 

mouss wrote:

listadecorreo a écrit :
  

Hello

in the last month I revived a lot of spam from user_non_ex...@mydomain
to user_ex...@mydomain. can I block all received externals mails
from my domain to my domain...
I use postfix with amavis (spamassassin/clamav)





- to block mail from user_not_ex...@yourdomain, simply use
reject_unlisted_sender
in your smtpd restrictions, or even more simply, set
smtpd_reject_unlisted_sender = yes
The latter applies to all mail.

- to block mail from user_ex...@yourdomain if it comes from external
clients and is not authenticated, then simply use

smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_sender_access hash:/etc/postfix/access_sender
...

== access_sender
example.com REJECT not allowed without authentication
.example.comREJECT not allowed without authentication
...

This will reject all mail from j...@example.com or j...@sub.example.com
unless it comes from mynetworks or the user was authenticated.

note this applies to envelope addresses (MAIL FROM), not to headers
(From: or Reply-To:).

If you are about headers, first try zen as suggested before. for the
spam that slips, tune spamassassin.


  
thanks, is perfect 


Recuerdos Pep

Re: Postfix LDAP "Temporary lookup failure"

2010-03-27 Thread Wietse Venema 
Victor Duchovni:
> On Fri, Mar 26, 2010 at 04:54:00PM -0400, Wietse Venema wrote:
> 
> > > Don't pass non-ASCII user names to your LDAP table.
> > 
> > Hmm. If the Postfix LDAP driver handles only non-ASCII query keys
> > then we should have a smarter response from the mail system.
> 
> Agreed. By the time I read your message, I had already implemented this
> idea. Arguably, something similar should be done for MySQL and PgSQL,
> since even with the databases willing to convert local encodings to
> UTF-8, the data Postfix sends into the query is not known to be in the
> local character-set, and so all such queries are dubious.

Currently, sites that send valid UTF-8 in MAIL/RCPT commands can
make meaningful LDAP queries in Postfix.  Lots of MTAs are 8-bit
clean internally, so this can actually work today.

Do we want to remove this ability from Postfix, or should we add
a valid_utf_8() routine in anticipation of a future standardization
of UTF8SMTP?

Wietse