Mail to wildcard MX records doesn't work from Yahoo Mail, but fine from other addresses

[Bob Eastbrook]

I use wildcard MX records for mail, and a wildcard CNAME for web
traffic.  For example:

 *.example.com = MX record for mail.example.com
 *.example.com = CNAME myapp.appspot.com

Email to b...@foo.example.com gets delivered to mail.example.com, and
web traffic to http://foo.example.com goes to myapp.appspot.com.  I
use instructions from Wietse from a post I made on Dec 31, 2009:
http://www.pubbs.net/200912/postfix/75444-virtual-domains-for-wildcard-mx-records.html.

This works for all mailers I've found except for Yahoo Mail.  Mail
sent from Yahoo is rejected with:

 :
 [ip.number.of.mailserver] does not like recipient.
 Remote host said: 554 5.7.1 : Relay access denied
 Giving up on [ip.number.of.mailserver].

At first glance, it appears that Yahoo Mail ignores the wildcard MX
record and tries delivering to the CNAME.  This is puzzling because my
mail server also handles *.example.org in the same fashion as
*.example.com, and example.org addresses work fine from Yahoo.  Note
that my mailserver is mail.example.com, not mail.example.org.

Here's what I have for mydestination:

 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

I run postfix 2.3.3 on CentOS 5.4.

Any ideas?

Bob

[OT] Quoting RFC in HTML?

[Stan Hoeppner]

"Thou shalt not quote RFC whilst composing in HTML or RTF!"

I think that's chiseled on a stone tablet somewhere.  If not it should have
been.

-- 
Stan


Mike Abbott put forth on 4/12/2010 8:56 AM:
>>> + if (in_stream == NULL) {
>>> +/* must fail the entire transaction */
>>> +chat_reset(state, var_smtpd_hist_thrsh);
>>> +mail_reset(state);
>>> +rcpt_reset(state);
>>> +return -1;
>>> + }
>>
>> Why no response to the client?
> 
> The function imap_open() responds to the client before it returns NULL.
> in_stream = imap_open(state, url);
> 
>>> + case SMTP_ERR_EOF:
>>> +smtpd_chat_reply(state, "554 4.6.6 EOF from IMAP server");
>>> +vstream_longjmp(state->client, SMTP_ERR_QUIET);
>>> +break;
>>
>> Why is the DSN code 4.X.X when the SMTP reply code is 5XX? Is this a
>> permanent or a transient error code?
> 
> It is a transient failure.  The reasoning for these particular codes was
> as follows.  RFC 4468 section 3.2 states "If the URL fetch fails, the
> server will fail the entire transaction."  RFC 5321 section 4.2.2 uses
> code 554 for "Transaction failed."  And the table in RFC 5248 section
> 2.4 implies that a 4.6.6 is valid with a 554.  If this interpretation of
> the RFCs is incorrect, please propose corrected response codes.
> 
> 
> The remainder of your feedback speaks to style and to weaknesses in the
> implementation that I pointed out in the cover letter to the code
> contribution.  That cover letter also said:
> 
> Feel free to [...] restructure or rewrite the code as desired,
> as long as you preserve our copyright.  We understand that our
> implementation choices may differ from yours; if you see a better way to
> achieve the same goal please do adopt the better way.

Re: Patch: support BURL

[Stan Hoeppner]

Steve put forth on 4/12/2010 10:56 AM:

> AFAIK Outlook often saves the messages in a local Sent folder if you use 
> Outlook as a pure IMAP client. On the IMAP server nothing gets saved.
> 
> But you are right. All the other clients that I know save the message on the 
> server or at least are able to save the message on the server. I never 
> managed to do that with Outlook without fancy macros/rules.

In Thunderbird this is user configurable, though I believe the default for
IMAP "accounts" is to create a "Sent" folder on the server and save them there.

In fact, TB is so flexible here that one could have a dozen IMAP accounts
configured, and could save all sent item copies for all accounts in the
"kermit-the-frog" folder in just one of the accounts, or could dedicate one
account to nothing but the "kermit-the-frog" sent items folder.  Or this
folder could be a local folder.  Lots of flexibility here in TB.

-- 
Stan

Re: Mail to wildcard MX records doesn't work from Yahoo Mail, but fine from other addresses

[Simon Waters]

On Tuesday 13 April 2010 08:16:47 Bob Eastbrook wrote:
>

Your post appears mangled beyond hope of direct assistance.

> Remote host said: 554 5.7.1 : Relay access denied

This implies that your server rejected it. So where is the log from your 
server?

The DNS config you give appears to be a case "CNAME and other" which is a 
violation of RFC1034. So fix your DNS and see if things work correctly.

 Simon

Re: Mail to wildcard MX records doesn't work from Yahoo Mail, but fine from other addresses

[Bob Eastbrook]

On Tue, Apr 13, 2010 at 1:01 AM, Simon Waters  wrote:
>
> Your post appears mangled beyond hope of direct assistance.


Are you saying that the message was improperly formatted?


>> Remote host said: 554 5.7.1 : Relay access denied
>
> This implies that your server rejected it. So where is the log from your
> server?


NOQUEUE: reject: RCPT from
web81307.mail.mud.yahoo.com[68.142.199.123]: 554 5.7.1
: Relay access denied;
from= to= proto=SMTP
helo=


> The DNS config you give appears to be a case "CNAME and other" which is a
> violation of RFC1034. So fix your DNS and see if things work correctly.

Thanks for the pointer.  I'll have to read up on this.  I remain
puzzled as to why the exact same DNS settings for example.org work
just fine on mail.example.com.  I suspect that if I had
mail.example.org, then the server wouldn't work with Yahoo Mail
addressed to b...@foo.example.org but would work with
b...@foo.example.com.

Bob

Re: All my email are 5 minutes delayed

[Alexis Ducastel]

2010/4/12 mouss 

> Alexis Ducastel a écrit :
> > Hello,
> >
> > I've postfix width dkim-filter installed. Each mail sent from sendmail ,
> > or coming from internet before to be forwarded are delayed of 5 min.
> > Not 4'30, not 5'10 ... but exactly 5 min ! according to received
> > headers, it seems like postfix keep it 5 min after dkim doing signature.
> >
> > I searched in postconf |grep everything that contains 300 seconds (5min)
> > but nothing relevant in my opinion.
> >
> > In facts, this postfix is only used for aliases , coupled with a MySQL.
> >
> > Does anybody knows where is the problem please ?
> >
> > Thanks a lot.
> >
> > Alexis Ducastel
> > =
> > Here is my complete main.cf  if it could help :
>
> Please show
> - output of 'postconf -n', not main.cf.
> - contents of master.cf.
> - headers that show the 5 min delay
> and if possible,
> - relevant logs
>
> feel free to hide private infos, but do so coherently.
>
>
> > [snip]
>
>
Sorry for partial informations, i didn't notice that a problem report is
like a bug report.

anyway ...
Problem solved ! One of my friend has found a misconfiguration.

as i posted in my main.cf there was : smtp_tls_cert_file =
$config_directory/ssl/smtpd.pem

The key file was used as a certification file in SSL transactions.
Intra-communications between postfix and dkim were going down after 5 min of
start_tls try, then going stmp without tls successfuly.

Here is a part of log that expose symptoms :


Apr 12 17:44:48 bart postfix/pickup[4611]: DF572688179: uid=33 from=<
bou...@guilde-asgard.fr>
Apr 12 17:44:48 bart postfix/cleanup[4718]: DF572688179:
message-id=<20100412154448.df572688...@bart.localdomain>
Apr 12 17:44:48 bart postfix/qmgr[9932]: DF572688179: from=<
bou...@guilde-asgard.fr>, size=635, nrcpt=1 (queue active)
Apr 12 17:44:48 bart dkimproxy.out[509]: connect from 127.0.0.1
Apr 12 17:44:48 bart postfix/smtpd[4721]: connect from
localhost.localdomain[127.0.0.1]
Apr 12 *17:44:48* bart postfix/smtp[4720]: discarding EHLO keywords:
8BITMIME
Apr 12 *17:49:48* bart postfix/smtpd[4721]: SSL_accept error from
localhost.localdomain[127.0.0.1]: -1
Apr 12 17:49:48 bart postfix/smtpd[4721]: lost connection after STARTTLS
from localhost.localdomain[127.0.0.1]
Apr 12 17:49:48 bart postfix/smtpd[4721]: disconnect from
localhost.localdomain[127.0.0.1]
Apr 12 17:49:48 bart postfix/smtp[4720]: SSL_connect error to
127.0.0.1[127.0.0.1]:10027: -1
Apr 12 17:49:48 bart postfix/smtp[4720]: DF572688179: Cannot start TLS:
handshake failure
Apr 12 17:49:48 bart dkimproxy.out[511]: connect from 127.0.0.1
Apr 12 17:49:48 bart postfix/smtpd[4721]: connect from
localhost.localdomain[127.0.0.1]
Apr 12 17:49:48 bart postfix/smtp[4720]: discarding EHLO keywords: 8BITMIME
Apr 12 17:49:48 bart postfix/smtp[4720]: Host offered STARTTLS: [127.0.0.1]
Apr 12 17:49:48 bart postfix/smtpd[4721]: EC31D688024:
client=localhost.localdomain[127.0.0.1]
Apr 12 17:49:49 bart dkimproxy.out[511]: DKIM signing - signed;
message-id=<20100412154448.df572688...@bart.localdomain>, signer=<
bou...@guilde-asgard.fr>, from=
Apr 12 17:49:49 bart postfix/cleanup[4729]: EC31D688024:
message-id=<20100412154448.df572688...@bart.localdomain>


Generating an auto-certified certificate and provide it in main.cf is able
to solve problem.

Now delivery is immediate for me.

Thanks for your help.

Alexis Ducastel

Re: All email forward a copy to testing server

[Patric Falinder]

Wietse Venema skrev 2010-03-29 15:00:

Patric Falinder:

/etc/postfix/recipient_bcc:
/@sub\.domain\.com/
/^(.*)@sub\.domain\.com$/ $...@new.sub.domain.com


Wietse Venema skrev 2010-03-29 14:47:

That first line has no result value.


Patric Falinder:

What should I set the result value to?
I got this example from the mailinglist so I didn't make it up my self.


I suppose that someone told you to do this:

if /@sub\.domain\.com/
...stuff...
endif

and then you mis-understood the first line.

If the ...stuff... is only one line, then the if/endif are not
needed.

I think I'm going to change the regexp and pcre table implementations
and disallow rules without result. No other Postfix table allows
that.

Wietse

ah yes I mis-understood it so I changed it as Ansgar said:

/^(.*)@sub\.domain\.com$/ $...@new.domain.com

I don't get any errors anymore but I doesn't seem like it want to 
deliver to new.sub.domain.com, it only send the mail to sub.domain.com.
Is there a possibility that my content-filter (Maia Mailguard) is 
changing something?
Because I can see that both pat...@new.sub.domain.com and 
pat...@sub.domain.com get sent to the content-filter but only 
pat...@sub.domain.com comes out from there.


Can I do this "re-write" after the content-filter? So my server receives 
a mail, send it to my content-filter, my content-filter sends it back to 
postfix and then it will "make a copy" as described in recipient_bcc?


Thanks,
Patric

Re: Mail to wildcard MX records doesn't work from Yahoo Mail, but fine from other addresses

[Simon Waters]

On Tuesday 13 April 2010 10:16:49 Bob Eastbrook wrote:
> On Tue, Apr 13, 2010 at 1:01 AM, Simon Waters  wrote:
> > Your post appears mangled beyond hope of direct assistance.
>
> Are you saying that the message was improperly formatted?

No I'm saying I don't think you aren't administering "example.com" 
or "example.org".

I've exchanged email the person who use to administer them now and then, and 
he doesn't need my help with DNS configuration issues - well not very 
often ;)

But generally best not to obfuscate here, especially on issues relating to 
DNS.

Re: Mail to wildcard MX records doesn't work from Yahoo Mail, but fine from other addresses

[Tom Hendrikx]

Bob Eastbrook wrote:

> NOQUEUE: reject: RCPT from
> web81307.mail.mud.yahoo.com[68.142.199.123]: 554 5.7.1
> : Relay access denied;
> from= to= proto=SMTP
> helo=
> 

This says that the yahoo user tries to send mail addressed to
b...@myapp.appspot.com, not to b...@example.org.

Your mail server is not configured to accept mail for that domain (but
DNS records point to it), so either:
- do not send mail to *...@myapp.appspot.com
- add myapp.appspot.com to $mydestination

Regards,
Tom

log analyzing: is target host attempting to verify sender

[Voytek Eymont]

I just see a number of these entries:

Apr 13 20:45:37 postfix/smtp[31121]: D1F8DB4491F: to=,
relay=mail4.barnet.com.au[202.83.178.125]:25, delay=54911,
delays=54902/0.04/5.4/3.9, dsn=4.1.7, status=deferred (host
mail4.barnet.com.au[202.83.178.125] said: 450 4.1.7 :
Sender address rejected: unverified address: host
bilby.sbt.net.au[116.197.145.51] said: 550 5.1.1 :
Recipient address rejected: User unknown in virtual mailbox table (in
reply to RCPT TO command) (in reply to RCPT TO command))


mx for the 'd...@domain.com.au' domain is
100 mail5.barnet.com.au 202.83.178.78
200 mail4.barnet.com.au 202.83.178.125

am I correct that:

the form email has apa...@sbt.net.au as sender;
barnet.com.au attempted to verify 'apa...@sbt.net.au' on bilby.sbt.net.au;
bilby replied 'user unknown', which then caused barnet to reject the email?

is form mail that has such a 'system address' like 'apache@', with such
mailbox not present 'at fault', or is the remote server 'too strict' in
attempting to verify such a sender email ?



-- 
Voytek

Re: All email forward a copy to testing server

[Patric Falinder]

Patric Falinder skrev 2010-04-13 11:41:

Wietse Venema skrev 2010-03-29 15:00:

Patric Falinder:

/etc/postfix/recipient_bcc:
/@sub\.domain\.com/
/^(.*)@sub\.domain\.com$/ $...@new.sub.domain.com


Wietse Venema skrev 2010-03-29 14:47:

That first line has no result value.


Patric Falinder:

What should I set the result value to?
I got this example from the mailinglist so I didn't make it up my self.


I suppose that someone told you to do this:

if /@sub\.domain\.com/
...stuff...
endif

and then you mis-understood the first line.

If the ...stuff... is only one line, then the if/endif are not
needed.

I think I'm going to change the regexp and pcre table implementations
and disallow rules without result. No other Postfix table allows
that.

Wietse

ah yes I mis-understood it so I changed it as Ansgar said:

/^(.*)@sub\.domain\.com$/ $...@new.domain.com

I don't get any errors anymore but I doesn't seem like it want to
deliver to new.sub.domain.com, it only send the mail to sub.domain.com.
Is there a possibility that my content-filter (Maia Mailguard) is
changing something?
Because I can see that both pat...@new.sub.domain.com and
pat...@sub.domain.com get sent to the content-filter but only
pat...@sub.domain.com comes out from there.

Can I do this "re-write" after the content-filter? So my server receives
a mail, send it to my content-filter, my content-filter sends it back to
postfix and then it will "make a copy" as described in recipient_bcc?

Thanks,
Patric
I looked in to it a little more and it looks like Maia re-writes the 
new.sub.domain.com to sub.domain.com.

I get:

/usr/sbin/amavisd-new[22834]: (22834-04) Checking: [62.127.194.20] 
 -> 
,


When I guess it should be:

/usr/sbin/amavisd-new[22834]: (22834-04) Checking: [62.127.194.20] 
 -> 
,


Maybe this is more of a Maia problem so I will ask there if no one here 
knows whats wrong.


Thanks for the help though!
-Patric

Re: All email forward a copy to testing server

[Mark Martinec]

Patric,

> I looked in to it a little more and it looks like Maia re-writes the
> new.sub.domain.com to sub.domain.com.
> I get:
> 
> /usr/sbin/amavisd-new[22834]: (22834-04) Checking: [62.127.194.20]
>  ->
> ,
> 
> When I guess it should be:
> 
> /usr/sbin/amavisd-new[22834]: (22834-04) Checking: [62.127.194.20]
>  ->
> ,
> 
> Maybe this is more of a Maia problem so I will ask there if no one here
> knows whats wrong.

I very much doubt it is the Maia doing a rewrite.
More likely your smtp_generic mapping or masquerading.
Keep in mind that a post-queue content filtered message
goes through Postfix twice.

  Mark

lost connection with yahoo servers

[Voytek Eymont]

I seem to be having problems delivering emails to yahoo, how can I
troubleshoot this ?

mailq:
...
777DAB446E8  7709303 Fri Apr  9 12:15:32  a...@googlemail.com
(lost connection with e.mx.mail.yahoo.com[67.195.168.230] while sending
end of data -- message may be sent more than once)
 l...@yahoo.com.au
 m...@yahoo.com
 y...@yahoo.com
...
--
log:
...
Apr 13 19:24:01 postfix/smtp[24377]: 777DAB446E8: to=,
relay=c.mx.mail.yahoo.com[206.190.54.127]:25, delay=371309,
delays=370795/0.37/210/304, dsn=4.4.2, status=deferred (lost connection
with c.mx.mail.yahoo.com[206.190.54.127] while sending end of data --
message may be sent more than once)

Apr 13 19:24:08 postfix/smtp[24378]: 777DAB446E8: to=,
relay=b.mx.mail.yahoo.com[74.6.136.65]:25, delay=371316,
delays=370795/0.38/328/193, dsn=4.4.2, status=deferred (lost connection
with b.mx.mail.yahoo.com[74.6.136.65] while sending end of data -- message
may be sent more than once)

Apr 13 20:35:27 postfix/qmgr[3973]: 777DAB446E8:
from=, size=7709303, nrcpt=13 (queue active)

Apr 13 20:39:37 postfix/smtp[30451]: 777DAB446E8: lost connection with
g.mx.mail.yahoo.com[98.137.54.238] while sending end of data -- message
may be sent more than once

Apr 13 20:40:49 postfix/smtp[30450]: 777DAB446E8: lost connection with
c.mx.mail.yahoo.com[206.190.54.127] while sending end of data -- message
may be sent more than once

Apr 13 20:43:37 postfix/smtp[30451]: 777DAB446E8: to=,
relay=f.mx.mail.yahoo.com[98.137.54.237]:25, delay=376085,
delays=375595/0.05/251/240, dsn=4.4.2, status=deferred (lost connection
with f.mx.mail.yahoo.com[98.137.54.237] while sending end of data --
message may be sent more than once)

Apr 13 20:46:32 postfix/smtp[30450]: 777DAB446E8: to=,
relay=e.mx.mail.yahoo.com[67.195.168.230]:25, delay=376260,
delays=375595/0.03/323/342, dsn=4.4.2, status=deferred (lost connection
with e.mx.mail.yahoo.com[67.195.168.230] while sending end of data --
message may be sent more than once)

Apr 13 20:46:32 postfix/smtp[30450]: 777DAB446E8: to=,
relay=e.mx.mail.yahoo.com[67.195.168.230]:25, delay=376260,
delays=375595/0.03/323/342, dsn=4.4.2, status=deferred (lost connection
with e.mx.mail.yahoo.com[67.195.168.230] while sending end of data --
message may be sent more than once)


-- 
Voytek

Re: lost connection with yahoo servers

[Olivier MJ Crepin-Leblond]

Le 13/04/2010 14:28, Voytek Eymont a écrit :
> I seem to be having problems delivering emails to yahoo, how can I
> troubleshoot this ?
>
> mailq:
> ...
> 777DAB446E8  7709303 Fri Apr  9 12:15:32  a...@googlemail.com
> (lost connection with e.mx.mail.yahoo.com[67.195.168.230] while sending
> end of data -- message may be sent more than once)
>  l...@yahoo.com.au
>  m...@yahoo.com
>  y...@yahoo.com
> ...
>   

We've got the same problem for large messages sent to Yahoo. (including
yahoo.fr, yahoo.co.uk etc.)
I don't think that it's a Postfix problem at all because only Yahoo
causes this, so it much more likely to be a Yahoo problem.
Kind regards,

Olivier

-- 
Olivier MJ Crépin-Leblond, PhD
http://www.gih.com/ocl.html

Re: log analyzing: is target host attempting to verify sender

[lst_hoe02]

Zitat von Voytek Eymont :


I just see a number of these entries:

Apr 13 20:45:37 postfix/smtp[31121]: D1F8DB4491F: to=,
relay=mail4.barnet.com.au[202.83.178.125]:25, delay=54911,
delays=54902/0.04/5.4/3.9, dsn=4.1.7, status=deferred (host
mail4.barnet.com.au[202.83.178.125] said: 450 4.1.7 :
Sender address rejected: unverified address: host
bilby.sbt.net.au[116.197.145.51] said: 550 5.1.1 :
Recipient address rejected: User unknown in virtual mailbox table (in
reply to RCPT TO command) (in reply to RCPT TO command))


mx for the 'd...@domain.com.au' domain is
100 mail5.barnet.com.au 202.83.178.78
200 mail4.barnet.com.au 202.83.178.125

am I correct that:

the form email has apa...@sbt.net.au as sender;
barnet.com.au attempted to verify 'apa...@sbt.net.au' on bilby.sbt.net.au;
bilby replied 'user unknown', which then caused barnet to reject the email?

is form mail that has such a 'system address' like 'apache@', with such
mailbox not present 'at fault', or is the remote server 'too strict' in
attempting to verify such a sender email ?


Sending mail with a invalid envelope from address is not a option  
(anymore). Everyone how cares about reliable delivery must use a valid  
mail-from, anything other is crap and will be treated as such.


Regards

Andreas



smime.p7s
Description: S/MIME Signatur

backscatter spam

[motty.cruz]

Hello, I seemed to be losing the fight against backscatter email, one of our
users is getting tons of backscatter spam a day. I'm using postfix
Mail_version 2.7.0 + amavisd (Spamassassin) on FreeBSD machine. Please help!


 

 

# cat header_checks 

/^Content-Type: multipart\/report; report-type=delivery-status\;/  REJECT no
third-party DSNs

/^Content-Type: message\/delivery-status; / REJECT no third-party DSNs

#

 

Also in /etc/mail/spamassassin/local.cf

# fighting backscatter spam

whitelist_bounce_relays mail.domain.com

 

postconf -n

# postconf -n

alias_database = hash:/usr/local/etc/postfix/aliases

alternate_config_directories = /usr/local/etc/postfix-out

anvil_rate_time_unit = 20s

biff = no

command_directory = /usr/local/sbin

config_directory = /usr/local/etc/postfix

content_filter = smtp-amavis:[127.0.0.1]:10024

daemon_directory = /usr/local/libexec/postfix

data_directory = /var/db/postfix

debug_peer_level = 2

header_checks = regexp:/usr/local/etc/postfix/header_checks

html_directory = no

in_flow_delay = 1s

local_recipient_maps = hash:/usr/local/etc/postfix/userdb,
hash:/usr/local/etc/postfix/uservirt

mail_owner = postfix

mailq_path = /usr/local/bin/mailq

manpage_directory = /usr/local/man

message_size_limit = 5

mydestination = domin1.com, domin2.com, domin3.com, domin4.com, domin8.com

myhostname = localhost.domain.com

mynetworks = 127.0.0.0/8, 

myorigin = domain1.com

newaliases_path = /usr/local/bin/newaliases

queue_directory = /var/spool/postfix

readme_directory = no

sample_directory = /usr/local/etc/postfix

sendmail_path = /usr/local/sbin/sendmail

setgid_group = maildrop

smtpd_banner = localhost.domain1.com

smtpd_error_sleep_time = 0

unknown_local_recipient_reject_code = 550

 

Here is copy of the spam

From: postmas...@kema.cz [ 
mailto:postmas...@kema.cz]

Sent: Monday, April 05, 2010 5:18 PM

To: Apple Up-To-Date

Subject: DELIVERY FAILURE: User itoutmbox.jaring.mydewidlahajai
(itoutmbox.jaring.mydewidlaha...@kema.cz) not listed in Domino Directory

 

Your message

 

  Subject: 727.900 Apple App-Store Notice

 

was not delivered to:

 

  itoutmbox.jaring.mydewidlaha...@kema.cz

 

because:

 

  User itoutmbox.jaring.mydewidlahajai
(itoutmbox.jaring.mydewidlaha...@kema.cz) not listed in Domino Directory

 

Second spam 

From: Mail Delivery Subsystem [ 
mailto:mailer-dae...@googlemail.com]

Sent: Tuesday, April 13, 2010 4:54 AM

To: u...@domain.com

Subject: Delivery Status Notification (Failure)

 

Delivery to the following recipient failed permanently:

 

 ti...@flewid.de

 

Technical details of permanent failure: 

Internal Message-ID collision

 

- Original message -

 

Received: by 10.142.196.7 with SMTP id t7mr2417975wff.151.1271159616338;

Tue, 13 Apr 2010 04:53:36 -0700 (PDT)

Return-Path: 

Received: from localhost ([210.112.121.12])

by mx.google.com with SMTP id 14si5418385pzk.68.2010.04.13.04.53.31;

Tue, 13 Apr 2010 04:53:35 -0700 (PDT)

Received-SPF: neutral (google.com: 210.112.121.12 is neither permitted nor
denied by best guess record for domain of u...@domain.com)
client-ip=210.112.121.12;

Authentication-Results: mx.google.com; spf=neutral (google.com:

210.112.121.12 is neither permitted nor denied by best guess record for
domain of u...@domain.com) smtp.mail=u...@domain.com

Date: Tue, 13 Apr 2010 20:50:10 +0300

From: "Apple Up-To-Date" 

To: 

Message-ID: <11686.9434705946255272...@store.apple.com>

Subject: 95-577 Apple App-Store Notify

MIME-Version: 1.0

Content-Type: text/html; charset=us-ascii

Content-Transfer-Encoding: 7bit

 

 

 

Re: Mail to wildcard MX records doesn't work from Yahoo Mail, but fine from other addresses

[Noel Jones]

On 4/13/2010 2:16 AM, Bob Eastbrook wrote:

I use wildcard MX records for mail, and a wildcard CNAME for web
traffic.  For example:

  *.example.com = MX record for mail.example.com
  *.example.com = CNAME myapp.appspot.com


MX records must not point to a CNAME.



Email to b...@foo.example.com gets delivered to mail.example.com, and
web traffic to http://foo.example.com goes to myapp.appspot.com.  I
use instructions from Wietse from a post I made on Dec 31, 2009:
http://www.pubbs.net/200912/postfix/75444-virtual-domains-for-wildcard-mx-records.html.

This works for all mailers I've found except for Yahoo Mail.  Mail
sent from Yahoo is rejected with:

  :
  [ip.number.of.mailserver] does not like recipient.
  Remote host said: 554 5.7.1: Relay access denied
  Giving up on [ip.number.of.mailserver].


Original RFC822 said that mail to a CNAME should be rewritten 
to the canonical name.  Later RFC's relaxed that, but some 
mailers still behave that way.


Don't use a CNAME for email.  That will fix the problem.

  -- Noel Jones

Re: backscatter spam

[Simon Waters]

On Tuesday 13 April 2010 16:32:03 motty.cruz wrote:
> Hello, I seemed to be losing the fight against backscatter email, one of
> our users is getting tons of backscatter spam a day. I'm using postfix
> Mail_version 2.7.0 + amavisd (Spamassassin) on FreeBSD machine. Please
> help!

Did you try this yet? 

http://www.postfix.org/BACKSCATTER_README.html#real

Re: Mail to wildcard MX records doesn't work from Yahoo Mail, but fine from other addresses

[Victor Duchovni]

On Tue, Apr 13, 2010 at 12:16:47AM -0700, Bob Eastbrook wrote:

> I use wildcard MX records for mail, and a wildcard CNAME for web
> traffic.  For example:
> 
>  *.example.com = MX record for mail.example.com
>  *.example.com = CNAME myapp.appspot.com

This is invalid. No DNS domain can resolve to a CNAME and to other data.
A CNAME is a pointer to data held elsewhere, and makes the domain in
question unable to hold any other record type.

Any decent DNS configuration validation tool should pick this up. The
correct solution is:

*.example.com.  IN CNAME myapp.appspot.com.
myapp.appspot.com.  IN MX 0 mail.example.com.

If you don't control the DNS for myapp.appspot.com, you are out of luck!

-- 
Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment.  If you are interested, please drop me a note.

Re: Sending bounce notifications to postmaster

[Stephen Carville]

FWIW, it looks like the copies of non-delivery notifications go to
bounce_notice_recipient  but the messages with the SMTP transactions
go to error_notice_recipient.  By setting these to different addresses
I can separate the non-delivery notices from the error messages.

-- 
Stephen Carville

Re: Sending bounce notifications to postmaster

[Wietse Venema]

Stephen Carville:
> FWIW, it looks like the copies of non-delivery notifications go to
> bounce_notice_recipient  but the messages with the SMTP transactions
> go to error_notice_recipient.  By setting these to different addresses
> I can separate the non-delivery notices from the error messages.

Hmm. The postconf(5) documentation defines error_notice_recipient
and bounce_notice_recipient, but there is no clear specification
of when a specific errors is reported.

Right now, the Postfix SMTP server reports a "bounce" error when

- The content is rejected by header/body checks or smtpd_proxy_filter.
- The message hop-count exceeds some limit (mail loop error).
- User unknown in xxx table (long ago, caused by typing errors).

The Postfix SMTP server reports most access checks as a "policy" error.

As to why these choices were made, they were not written down, and they
were made 10 or more years ago.

Wietse

Re: Sending bounce notifications to postmaster

[Victor Duchovni]

On Tue, Apr 13, 2010 at 02:23:06PM -0400, Wietse Venema wrote:

> Stephen Carville:
> > FWIW, it looks like the copies of non-delivery notifications go to
> > bounce_notice_recipient  but the messages with the SMTP transactions
> > go to error_notice_recipient.  By setting these to different addresses
> > I can separate the non-delivery notices from the error messages.
> 
> Hmm. The postconf(5) documentation defines error_notice_recipient
> and bounce_notice_recipient, but there is no clear specification
> of when a specific errors is reported.
> 
> Right now, the Postfix SMTP server reports a "bounce" error when
> 
> - The content is rejected by header/body checks or smtpd_proxy_filter.
> - The message hop-count exceeds some limit (mail loop error).
> - User unknown in xxx table (long ago, caused by typing errors).
> 
> The Postfix SMTP server reports most access checks as a "policy" error.
> 
> As to why these choices were made, they were not written down, and they
> were made 10 or more years ago.

I would argue that perhaps the 3 cases above should all be "policy"
errors too. Largely because "bounce" notifications really should be
about mail already in the queue, and these don't seem to fit...

-- 
Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment.  If you are interested, please drop me a note.

Re: Sending bounce notifications to postmaster

[Wietse Venema]

Victor Duchovni:
> On Tue, Apr 13, 2010 at 02:23:06PM -0400, Wietse Venema wrote:
> 
> > Stephen Carville:
> > > FWIW, it looks like the copies of non-delivery notifications go to
> > > bounce_notice_recipient  but the messages with the SMTP transactions
> > > go to error_notice_recipient.  By setting these to different addresses
> > > I can separate the non-delivery notices from the error messages.
> > 
> > Hmm. The postconf(5) documentation defines error_notice_recipient
> > and bounce_notice_recipient, but there is no clear specification
> > of when a specific errors is reported.
> > 
> > Right now, the Postfix SMTP server reports a "bounce" error when
> > 
> > - The content is rejected by header/body checks or smtpd_proxy_filter.
> > - The message hop-count exceeds some limit (mail loop error).
> > - User unknown in xxx table (long ago, caused by typing errors).
> > 
> > The Postfix SMTP server reports most access checks as a "policy" error.
> > 
> > As to why these choices were made, they were not written down, and they
> > were made 10 or more years ago.
> 
> I would argue that perhaps the 3 cases above should all be "policy"
> errors too. Largely because "bounce" notifications really should be
> about mail already in the queue, and these don't seem to fit...

It is hard to imagine, but the initial settings (user unknown and
bad hopcount) made sense when losing mail was a bigger concern than
receiving spam. Email reached its peak reliability before 2000.

Wietse

catch-all not working with postfix dovecot lda

[fakessh]

hello all
hello list
hello much many people
hello wieste

the catch-all does not seem to work. 
I, however, a proper definition of it in /etc/postfix/virtual

postconf -n
[r...@r13151 ~]# postconf -n
alias_maps = hash:/etc/aliases
body_checks = regexp:/etc/postfix/body_checks.cf
bounce_notice_recipient = postmaster
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = dksign:[127.0.0.1]:10028
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
double_bounce_sender = no
header_checks = regexp:/etc/postfix/header_checks.cf
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix-2.5.1-documentation/html
in_flow_delay = 10
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maps_rbl_domains = bl.spamcop.net
mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
mydestination = $myhostname, localhost.$mydomain,
localhost,$mydomain,fakessh.eu,renelacroute.fr,nicolaspichot.fr
mydomain = fakessh.eu
mynetworks = 127.0.0.0/8 ,87.98.186.232
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
queue_run_delay = 2000s
readme_directory = /usr/share/doc/postfix-2.5.1-documentation/readme
recipient_delimiter = +
relay_domains = 
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_loglevel = 3
smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_restrictions =
permit_mynetworks,reject_unknown_reverse_client_hostname,reject_unauth_pipelining,
reject_non_fqdn_recipient ,  permit
smtpd_milters = inet:[127.0.0.1]:10040
smtpd_recipient_restrictions = permit_mynetworks  permit_inet_interfaces
permit_sasl_authenticated  reject_unverified_recipient
reject_non_fqdn_sender reject_non_fqdn_recipient
reject_unknown_sender_domain reject_unknown_recipient_domain
reject_unknown_reverse_client_hostname reject_unauth_destination
reject_unauth_pipelining reject_rbl_client zen.spamhaus.org
reject_sender_login_mismatch check_policy_service unix:postgrey/socket
check_sender_access hash:/etc/postfix/check_backscatterer
check_sender_access hash:/etc/postfix/check_spamcannibal
check_policy_service unix:private/spfpolicy reject_rbl_client
bl.spamcop.net reject_rhsbl_sender  dbl.spamhaus.org  reject_rbl_client
cbl.abuseat.org  reject_rbl_client b.barracudacentral.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/tls/cert.csr.p12
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/newcerts/01.pem
smtpd_tls_key_file = /etc/pki/tls/private/r13151.ovh.net.key
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_domains = fakessh.eu renelacroute.fr nicolaspichot.fr
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = dovecot

Re: catch-all not working with postfix dovecot lda

[Noel Jones]

On 4/13/2010 3:34 PM, fakessh wrote:

hello all
hello list
hello much many people
hello wieste

the catch-all does not seem to work.


Doesn't work in what way?  Show logs of what happens vs. what 
you expect to happen.



I, however, a proper definition of it in /etc/postfix/virtual


Please show the contents of that file.


  -- Noel Jones




postconf -n
[r...@r13151 ~]# postconf -n
alias_maps = hash:/etc/aliases
body_checks = regexp:/etc/postfix/body_checks.cf
bounce_notice_recipient = postmaster
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = dksign:[127.0.0.1]:10028
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
double_bounce_sender = no
header_checks = regexp:/etc/postfix/header_checks.cf
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix-2.5.1-documentation/html
in_flow_delay = 10
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maps_rbl_domains = bl.spamcop.net
mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
mydestination = $myhostname, localhost.$mydomain,
localhost,$mydomain,fakessh.eu,renelacroute.fr,nicolaspichot.fr
mydomain = fakessh.eu
mynetworks = 127.0.0.0/8 ,87.98.186.232
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
queue_run_delay = 2000s
readme_directory = /usr/share/doc/postfix-2.5.1-documentation/readme
recipient_delimiter = +
relay_domains =
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_loglevel = 3
smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_restrictions =
permit_mynetworks,reject_unknown_reverse_client_hostname,reject_unauth_pipelining,
reject_non_fqdn_recipient ,  permit
smtpd_milters = inet:[127.0.0.1]:10040
smtpd_recipient_restrictions = permit_mynetworks  permit_inet_interfaces
permit_sasl_authenticated  reject_unverified_recipient
reject_non_fqdn_sender reject_non_fqdn_recipient
reject_unknown_sender_domain reject_unknown_recipient_domain
reject_unknown_reverse_client_hostname reject_unauth_destination
reject_unauth_pipelining reject_rbl_client zen.spamhaus.org
reject_sender_login_mismatch check_policy_service unix:postgrey/socket
check_sender_access hash:/etc/postfix/check_backscatterer
check_sender_access hash:/etc/postfix/check_spamcannibal
check_policy_service unix:private/spfpolicy reject_rbl_client
bl.spamcop.net reject_rhsbl_sender  dbl.spamhaus.org  reject_rbl_client
cbl.abuseat.org  reject_rbl_client b.barracudacentral.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/tls/cert.csr.p12
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/newcerts/01.pem
smtpd_tls_key_file = /etc/pki/tls/private/r13151.ovh.net.key
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_domains = fakessh.eu renelacroute.fr nicolaspichot.fr
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = dovecot

Re: catch-all not working with postfix dovecot lda

[fakessh]

On Tue, 13 Apr 2010 16:02:01 -0500, Noel Jones 
wrote:
> On 4/13/2010 3:34 PM, fakessh wrote:
>> hello all
>> hello list
>> hello much many people
>> hello wieste
>>
>> the catch-all does not seem to work.
> 
> Doesn't work in what way?  Show logs of what happens vs. what 
> you expect to happen.


Apr 13 23:29:51 r13151 dovecot: imap-login: Login: user=,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
Apr 13 23:29:51 r13151 dovecot: IMAP(fakessh): Disconnected: Logged out
bytes=8/331
Apr 13 23:29:51 r13151 dovecot: imap-login: Login: user=,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
Apr 13 23:29:52 r13151 dovecot: IMAP(fakessh): Disconnected: Logged out
bytes=329/5780
Apr 13 23:31:35 r13151 postfix/smtpd[5501]: connect from
web24304.mail.ird.yahoo.com[87.248.114.201]
Apr 13 23:31:35 r13151 postfix/trivial-rewrite[5504]: warning: do not list
domain fakessh.eu in BOTH mydestination and virtual_alias_domains
Apr 13 23:31:35 r13151 postfix/smtpd[5501]: NOQUEUE: reject: RCPT from
web24304.mail.ird.yahoo.com[87.248.114.201]: 450 4.1.1 :
Recipient address rejected: undeliverable address: unknown user: "catch";
from= to= proto=SMTP
helo=
Apr 13 23:31:35 r13151 postfix/smtpd[5501]: disconnect from
web24304.mail.ird.yahoo.com[87.248.114.201]

> 
>> I, however, a proper definition of it in /etc/postfix/virtual
> 
> Please show the contents of that file.
> 

fake...@fakessh.eu fakessh
se...@fakessh.eu   serge
webm...@fakessh.eu webmail
renelacro...@renelacroute.fr renelacroute
postmas...@renelacroute.fr   renelacroute
nicolaspic...@nicolaspichot.frnicolaspichot
postmas...@nicolaspichot.fr   nicolaspichot
ab...@fakessh.eu  root
ab...@renelacroute.fr root
ab...@nicolaspichot.frroot
@fakessh  root
@renelacroute.fr  root
@nicolaspichot.fr root
postmas...@fakessh.eu root


> 
>-- Noel Jones
> 
> 
>>
>> postconf -n
>> [r...@r13151 ~]# postconf -n
>> alias_maps = hash:/etc/aliases
>> body_checks = regexp:/etc/postfix/body_checks.cf
>> bounce_notice_recipient = postmaster
>> broken_sasl_auth_clients = yes
>> command_directory = /usr/sbin
>> config_directory = /etc/postfix
>> content_filter = dksign:[127.0.0.1]:10028
>> daemon_directory = /usr/libexec/postfix
>> data_directory = /var/lib/postfix
>> debug_peer_level = 2
>> default_privs = nobody
>> double_bounce_sender = no
>> header_checks = regexp:/etc/postfix/header_checks.cf
>> home_mailbox = Maildir/
>> html_directory = /usr/share/doc/postfix-2.5.1-documentation/html
>> in_flow_delay = 10
>> inet_interfaces = all
>> mail_owner = postfix
>> mail_spool_directory = /var/spool/mail
>> mailbox_command = /usr/libexec/dovecot/deliver
>> mailq_path = /usr/bin/mailq.postfix
>> manpage_directory = /usr/share/man
>> maps_rbl_domains = bl.spamcop.net
>> mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
>> mydestination = $myhostname, localhost.$mydomain,
>> localhost,$mydomain,fakessh.eu,renelacroute.fr,nicolaspichot.fr
>> mydomain = fakessh.eu
>> mynetworks = 127.0.0.0/8 ,87.98.186.232
>> myorigin = $mydomain
>> newaliases_path = /usr/bin/newaliases.postfix
>> queue_directory = /var/spool/postfix
>> queue_run_delay = 2000s
>> readme_directory = /usr/share/doc/postfix-2.5.1-documentation/readme
>> recipient_delimiter = +
>> relay_domains =
>> sample_directory = /usr/share/doc/postfix-2.3.3/samples
>> sendmail_path = /usr/sbin/sendmail.postfix
>> setgid_group = postdrop
>> smtp_sasl_security_options = noanonymous
>> smtp_sasl_tls_security_options = noanonymous
>> smtp_sender_dependent_authentication = yes
>> smtp_tls_loglevel = 3
>> smtp_tls_session_cache_database =
>> btree:/var/lib/postfix/smtp_tls_session_cache
>> smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
>> smtpd_client_restrictions =
>>
permit_mynetworks,reject_unknown_reverse_client_hostname,reject_unauth_pipelining,
>> reject_non_fqdn_recipient ,  permit
>> smtpd_milters = inet:[127.0.0.1]:10040
>> smtpd_recipient_restrictions = permit_mynetworks 
permit_inet_interfaces
>> permit_sasl_authenticated  reject_unverified_recipient
>> reject_non_fqdn_sender reject_non_fqdn_recipient
>> reject_unknown_sender_domain reject_unknown_recipient_domain
>> reject_unknown_reverse_client_hostname reject_unauth_destination
>> reject_unauth_pipelining reject_rbl_client zen.spamhaus.org
>> reject_sender_login_mismatch check_policy_service unix:postgrey/socket
>> check_sender_access hash:/etc/postfix/check_backscatterer
>> check_sender_access hash:/etc/postfix/check_spamcannibal
>> check_policy_service unix:private/spfpolicy reject_rbl_client
>> bl.spamcop.net reject_rhsbl_sender  dbl.spamhaus.org  reject_rbl_client
>> cbl.abuseat.org  reject_rbl_client b.barracudacentral.org
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_authenticated_header = yes
>> smtpd_sasl_local_domain = $myhostname
>> smtpd_sasl_path = pr

Re: catch-all not working with postfix dovecot lda

[Egberto Monteiro]

Apr 13 23:31:35 r13151 postfix/trivial-rewrite[5504]: warning: do not list
domain fakessh.eu in *BOTH *mydestination and virtual_alias_domains



fakessh wrote:

On Tue, 13 Apr 2010 16:02:01 -0500, Noel Jones 
wrote:
  

On 4/13/2010 3:34 PM, fakessh wrote:


hello all
hello list
hello much many people
hello wieste

the catch-all does not seem to work.
  
Doesn't work in what way?  Show logs of what happens vs. what 
you expect to happen.




Apr 13 23:29:51 r13151 dovecot: imap-login: Login: user=,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
Apr 13 23:29:51 r13151 dovecot: IMAP(fakessh): Disconnected: Logged out
bytes=8/331
Apr 13 23:29:51 r13151 dovecot: imap-login: Login: user=,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
Apr 13 23:29:52 r13151 dovecot: IMAP(fakessh): Disconnected: Logged out
bytes=329/5780
Apr 13 23:31:35 r13151 postfix/smtpd[5501]: connect from
web24304.mail.ird.yahoo.com[87.248.114.201]
Apr 13 23:31:35 r13151 postfix/trivial-rewrite[5504]: warning: do not list
domain fakessh.eu in BOTH mydestination and virtual_alias_domains
Apr 13 23:31:35 r13151 postfix/smtpd[5501]: NOQUEUE: reject: RCPT from
web24304.mail.ird.yahoo.com[87.248.114.201]: 450 4.1.1 :
Recipient address rejected: undeliverable address: unknown user: "catch";
from= to= proto=SMTP
helo=
Apr 13 23:31:35 r13151 postfix/smtpd[5501]: disconnect from
web24304.mail.ird.yahoo.com[87.248.114.201]

  

I, however, a proper definition of it in /etc/postfix/virtual
  

Please show the contents of that file.




fake...@fakessh.eu fakessh
se...@fakessh.eu   serge
webm...@fakessh.eu webmail
renelacro...@renelacroute.fr renelacroute
postmas...@renelacroute.fr   renelacroute
nicolaspic...@nicolaspichot.frnicolaspichot
postmas...@nicolaspichot.fr   nicolaspichot
ab...@fakessh.eu  root
ab...@renelacroute.fr root
ab...@nicolaspichot.frroot
@fakessh  root
@renelacroute.fr  root
@nicolaspichot.fr root
postmas...@fakessh.eu root


  

   -- Noel Jones




postconf -n
[r...@r13151 ~]# postconf -n
alias_maps = hash:/etc/aliases
body_checks = regexp:/etc/postfix/body_checks.cf
bounce_notice_recipient = postmaster
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = dksign:[127.0.0.1]:10028
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
double_bounce_sender = no
header_checks = regexp:/etc/postfix/header_checks.cf
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix-2.5.1-documentation/html
in_flow_delay = 10
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maps_rbl_domains = bl.spamcop.net
mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
mydestination = $myhostname, localhost.$mydomain,
localhost,$mydomain,fakessh.eu,renelacroute.fr,nicolaspichot.fr
mydomain = fakessh.eu
mynetworks = 127.0.0.0/8 ,87.98.186.232
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
queue_run_delay = 2000s
readme_directory = /usr/share/doc/postfix-2.5.1-documentation/readme
recipient_delimiter = +
relay_domains =
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_loglevel = 3
smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_restrictions =

  

permit_mynetworks,reject_unknown_reverse_client_hostname,reject_unauth_pipelining,
  

reject_non_fqdn_recipient ,  permit
smtpd_milters = inet:[127.0.0.1]:10040
smtpd_recipient_restrictions = permit_mynetworks 
  

permit_inet_interfaces
  

permit_sasl_authenticated  reject_unverified_recipient
reject_non_fqdn_sender reject_non_fqdn_recipient
reject_unknown_sender_domain reject_unknown_recipient_domain
reject_unknown_reverse_client_hostname reject_unauth_destination
reject_unauth_pipelining reject_rbl_client zen.spamhaus.org
reject_sender_login_mismatch check_policy_service unix:postgrey/socket
check_sender_access hash:/etc/postfix/check_backscatterer
check_sender_access hash:/etc/postfix/check_spamcannibal
check_policy_service unix:private/spfpolicy reject_rbl_client
bl.spamcop.net reject_rhsbl_sender  dbl.spamhaus.org  reject_rbl_client
cbl.abuseat.org  reject_rbl_client b.barracudacentral.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
sm

Re: catch-all not working with postfix dovecot lda

[fakessh]

On Tue, 13 Apr 2010 18:38:28 -0300, Egberto Monteiro
 wrote:
> Apr 13 23:31:35 r13151 postfix/trivial-rewrite[5504]: warning: do not
list
> domain fakessh.eu in *BOTH *mydestination and virtual_alias_domains
> 
> 
> 

this error I do not know how to correct
my mail server work correctly with that error


> fakessh wrote:
>> On Tue, 13 Apr 2010 16:02:01 -0500, Noel Jones 
>> wrote:
>>   
>>> On 4/13/2010 3:34 PM, fakessh wrote:
>>> 
 hello all
 hello list
 hello much many people
 hello wieste

 the catch-all does not seem to work.
   
>>> Doesn't work in what way?  Show logs of what happens vs. what 
>>> you expect to happen.
>>> 
>>
>>
>> Apr 13 23:29:51 r13151 dovecot: imap-login: Login: user=,
>> method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
>> Apr 13 23:29:51 r13151 dovecot: IMAP(fakessh): Disconnected: Logged out
>> bytes=8/331
>> Apr 13 23:29:51 r13151 dovecot: imap-login: Login: user=,
>> method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
>> Apr 13 23:29:52 r13151 dovecot: IMAP(fakessh): Disconnected: Logged out
>> bytes=329/5780
>> Apr 13 23:31:35 r13151 postfix/smtpd[5501]: connect from
>> web24304.mail.ird.yahoo.com[87.248.114.201]
>> Apr 13 23:31:35 r13151 postfix/trivial-rewrite[5504]: warning: do not
>> list
>> domain fakessh.eu in BOTH mydestination and virtual_alias_domains
>> Apr 13 23:31:35 r13151 postfix/smtpd[5501]: NOQUEUE: reject: RCPT from
>> web24304.mail.ird.yahoo.com[87.248.114.201]: 450 4.1.1
>> :
>> Recipient address rejected: undeliverable address: unknown user:
"catch";
>> from= to= proto=SMTP
>> helo=
>> Apr 13 23:31:35 r13151 postfix/smtpd[5501]: disconnect from
>> web24304.mail.ird.yahoo.com[87.248.114.201]
>>
>>   
 I, however, a proper definition of it in /etc/postfix/virtual
   
>>> Please show the contents of that file.
>>>
>>> 
>>
>> fake...@fakessh.eu fakessh
>> se...@fakessh.eu   serge
>> webm...@fakessh.eu webmail
>> renelacro...@renelacroute.fr renelacroute
>> postmas...@renelacroute.fr   renelacroute
>> nicolaspic...@nicolaspichot.frnicolaspichot
>> postmas...@nicolaspichot.fr   nicolaspichot
>> ab...@fakessh.eu  root
>> ab...@renelacroute.fr root
>> ab...@nicolaspichot.frroot
>> @fakessh  root
>> @renelacroute.fr  root
>> @nicolaspichot.fr root
>> postmas...@fakessh.eu root
>>
>>
>>   
>>>-- Noel Jones
>>>
>>>
>>> 
 postconf -n
 [r...@r13151 ~]# postconf -n
 alias_maps = hash:/etc/aliases
 body_checks = regexp:/etc/postfix/body_checks.cf
 bounce_notice_recipient = postmaster
 broken_sasl_auth_clients = yes
 command_directory = /usr/sbin
 config_directory = /etc/postfix
 content_filter = dksign:[127.0.0.1]:10028
 daemon_directory = /usr/libexec/postfix
 data_directory = /var/lib/postfix
 debug_peer_level = 2
 default_privs = nobody
 double_bounce_sender = no
 header_checks = regexp:/etc/postfix/header_checks.cf
 home_mailbox = Maildir/
 html_directory = /usr/share/doc/postfix-2.5.1-documentation/html
 in_flow_delay = 10
 inet_interfaces = all
 mail_owner = postfix
 mail_spool_directory = /var/spool/mail
 mailbox_command = /usr/libexec/dovecot/deliver
 mailq_path = /usr/bin/mailq.postfix
 manpage_directory = /usr/share/man
 maps_rbl_domains = bl.spamcop.net
 mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
 mydestination = $myhostname, localhost.$mydomain,
 localhost,$mydomain,fakessh.eu,renelacroute.fr,nicolaspichot.fr
 mydomain = fakessh.eu
 mynetworks = 127.0.0.0/8 ,87.98.186.232
 myorigin = $mydomain
 newaliases_path = /usr/bin/newaliases.postfix
 queue_directory = /var/spool/postfix
 queue_run_delay = 2000s
 readme_directory = /usr/share/doc/postfix-2.5.1-documentation/readme
 recipient_delimiter = +
 relay_domains =
 sample_directory = /usr/share/doc/postfix-2.3.3/samples
 sendmail_path = /usr/sbin/sendmail.postfix
 setgid_group = postdrop
 smtp_sasl_security_options = noanonymous
 smtp_sasl_tls_security_options = noanonymous
 smtp_sender_dependent_authentication = yes
 smtp_tls_loglevel = 3
 smtp_tls_session_cache_database =
 btree:/var/lib/postfix/smtp_tls_session_cache
 smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
 smtpd_client_restrictions =

   
>>
permit_mynetworks,reject_unknown_reverse_client_hostname,reject_unauth_pipelining,
>>   
 reject_non_fqdn_recipient ,  permit
 smtpd_milters = inet:[127.0.0.1]:10040
 smtpd_recipient_restrictions = permit_mynetworks 
   
>> permit_inet_interfaces
>>   
 permit_sasl_authenticated  reject_unverified_recipient
 reject_non_fqdn_sender reject_non_fqdn_recipient
 reject_unknown_sender_domain reject_u

RE: catch-all not working with postfix dovecot lda

[Terry Gilsenan]

From: owner-postfix-us...@postfix.org [owner-postfix-us...@postfix.org] On 
Behalf Of fakessh [fake...@fakessh.eu]
Sent: Wednesday, 14 April 2010 7:43 AM
To: Egberto Monteiro
Cc: Postfix users
Subject: Re: catch-all not working with postfix dovecot lda

On Tue, 13 Apr 2010 18:38:28 -0300, Egberto Monteiro
 wrote:
> Apr 13 23:31:35 r13151 postfix/trivial-rewrite[5504]: warning: do not
list
> domain fakessh.eu in *BOTH *mydestination and virtual_alias_domains
>
>
>

this error I do not know how to correct
my mail server work correctly with that error

Hello,

First, remove $mydomain, "fakessh.eu", "renelacroute.fr", and 
"nicolaspichot.fr" from this line..:

mydestination = $myhostname, 
localhost.$mydomain,localhost,$mydomain,fakessh.eu,renelacroute.fr,nicolaspichot.fr

so it becomes..:

mydestination = $myhostname, localhost.$mydomain,localhost

Second, fix the format of the virtual file.

I suggest like this..:

#===[Start Virtual File]===

fakessh.eufakessh.eu domain added..: MM-DD-YY
fake...@fakessh.eu fakessh
se...@fakessh.euserge
webm...@fakessh.eu   webmail
ab...@fakessh.eu   root
postmas...@fakessh.eu   root
@fakesshroot

renelacroute.fr  renelacroute.fr domain added..: 
MM-DD-YY
renelacro...@renelacroute.frrenelacroute
postmas...@renelacroute.fr  renelacroute
ab...@renelacroute.fr  root
@renelacroute.fr   root

nicolaspichot.fr  nicolaspichot.fr domain added..: 
MM-DD-YY
nicolaspic...@nicolaspichot.fr   nicolaspichot
postmas...@nicolaspichot.fr  nicolaspichot
ab...@nicolaspichot.fr  root
@nicolaspichot.fr   root

#===[End]===

Then postmap virtual

then reload postfix.

Regards,
T


> fakessh wrote:
>> On Tue, 13 Apr 2010 16:02:01 -0500, Noel Jones 
>> wrote:
>>
>>> On 4/13/2010 3:34 PM, fakessh wrote:
>>>
 hello all
 hello list
 hello much many people
 hello wieste

 the catch-all does not seem to work.

>>> Doesn't work in what way?  Show logs of what happens vs. what
>>> you expect to happen.
>>>
>>
>>
>> Apr 13 23:29:51 r13151 dovecot: imap-login: Login: user=,
>> method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
>> Apr 13 23:29:51 r13151 dovecot: IMAP(fakessh): Disconnected: Logged out
>> bytes=8/331
>> Apr 13 23:29:51 r13151 dovecot: imap-login: Login: user=,
>> method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
>> Apr 13 23:29:52 r13151 dovecot: IMAP(fakessh): Disconnected: Logged out
>> bytes=329/5780
>> Apr 13 23:31:35 r13151 postfix/smtpd[5501]: connect from
>> web24304.mail.ird.yahoo.com[87.248.114.201]
>> Apr 13 23:31:35 r13151 postfix/trivial-rewrite[5504]: warning: do not
>> list
>> domain fakessh.eu in BOTH mydestination and virtual_alias_domains
>> Apr 13 23:31:35 r13151 postfix/smtpd[5501]: NOQUEUE: reject: RCPT from
>> web24304.mail.ird.yahoo.com[87.248.114.201]: 450 4.1.1
>> :
>> Recipient address rejected: undeliverable address: unknown user:
"catch";
>> from= to= proto=SMTP
>> helo=
>> Apr 13 23:31:35 r13151 postfix/smtpd[5501]: disconnect from
>> web24304.mail.ird.yahoo.com[87.248.114.201]
>>
>>
 I, however, a proper definition of it in /etc/postfix/virtual

>>> Please show the contents of that file.
>>>
>>>
>>
>> fake...@fakessh.eu fakessh
>> se...@fakessh.eu   serge
>> webm...@fakessh.eu webmail
>> renelacro...@renelacroute.fr renelacroute
>> postmas...@renelacroute.fr   renelacroute
>> nicolaspic...@nicolaspichot.frnicolaspichot
>> postmas...@nicolaspichot.fr   nicolaspichot
>> ab...@fakessh.eu  root
>> ab...@renelacroute.fr root
>> ab...@nicolaspichot.frroot
>> @fakessh  root
>> @renelacroute.fr  root
>> @nicolaspichot.fr root
>> postmas...@fakessh.eu root
>>
>>
>>
>>>-- Noel Jones
>>>
>>>
>>>
 postconf -n
 [r...@r13151 ~]# postconf -n
 alias_maps = hash:/etc/aliases
 body_checks = regexp:/etc/postfix/body_checks.cf
 bounce_notice_recipient = postmaster
 broken_sasl_auth_clients = yes
 command_directory = /usr/sbin
 config_directory = /etc/postfix
 content_filter = dksign:[127.0.0.1]:10028
 daemon_directory = /usr/libexec/postfix
 data_directory = /var/lib/postfix
 debug_peer_level = 2
 default_privs = nobody
 double_bounce_sender = no
 header_checks = regexp:/etc/postfix/header_checks.cf
 home_mailbox = Maildir/
 html_directory = /usr/share/doc/postfix-2.5.1-documentation/html
 in_flow_delay = 10
 inet_interfaces = all
 mail_owner = postfix
 mail_spool_directory = /var/spool/mail
 mailbox_command = /usr/libexec/dovecot/deliver
 mailq_path = /usr/bin/mailq.postfix
 manpage_directory = /usr/share/man
 maps_rbl_domains = bl.spamcop.net
 mime_

Re: Cyrus-IMAPD, Postfix, LDAP, spamc and aliases

[mouss]

t...@nerd.fi a écrit :
> Hello!
> 
> I'm building an fresh multidomain environment with Debian Lenny. I've
> installed and configured postfix, spamc and cyrus-imapd and things are
> running almost smoothly.
> 
> I can send email everywhere just fine via SMTPS, including my own host.
> Since I'm on a testing stage I haven't tried to actually use that as an MX
> for any host, so for now I'm stuck at local delivery for incoming mail.
> 
> Currently I have only one user, let's call him Jack Doe, and user account
> is stored to LDAP. I've manually created the account and folders for cyrus
> and I can login and use the service just fine via IMAP. Now when I try to
> send mail to jack@myhost.foo it's delivered just fine via local
> SMTP(S) and things work as they should.
> 
> The problem now is that Jack has fw aliases, let's say j...@myhost.foo and
> sa...@myhost.foo. These addresses doesn't work and I'm not sure if this is
> an postfix or an cyrus -problem. Postfix recognizes the alias and tries to
> deliver it via LMTP, just the same way than it does with 'actual' address.
> However since there's no mailbox for 'j...@myhost.foo' cyrus LMTP fails:
> cyrus/lmtpunix[12084]: verify_user(myhost.foo!user.jack) failed: Mailbox
> does not exist
> cyrus/lmtpunix[12084]: telling master 1
> 
> Now, based on what I understand, postfix should expand aliases (from the
> LDAP) and deliver the mail with 'actual' address, instead of aliased one.
> I have these on my conf:
> alias_maps = ldap:/etc/postfix/ldap-alias.cf
> virtual_alias_maps = ldap:/etc/postfix/ldap-alias.cf
> 
> And, again as far as I can understand, aliases itself seem to work. It's
> the transport which doesn't work as it should. On master.cf I have this:
> cyrus unix - n n - - pipe flags= user=cyrus argv=/usr/sbin/cyrdeliver -r
> ${sender} -m ${extension} ${recipient}
> 
> I've tried to search solution via google and pretty much every other way I
> can imagine, but couldn't find any solution. The closest thing I found was
> that some other have had this same problem, but most of the solutions were
> "Works for me", which isn't really helpful on my case.
> 
> Hopefully someone can help me out here, thanks in advance.
> 

you can start by following the list welcome message. if you missed it,
it says to tell us more about your configuration. in particular, show
your 'postconf -n' output. and in your case, show also your master.cf.

do never say "this does that and that does this". show what things do
instead. With all due respect, we don't trust you judgement. Unjustified
claims are useless. so please try to convince us. tell us what happens.
don't tell us what you think.

Re: Mail to wildcard MX records doesn't work from Yahoo Mail, but fine from other addresses

[mouss]

Bob Eastbrook a écrit :
> I use wildcard MX records for mail, and a wildcard CNAME for web
> traffic.  For example:
> 
>  *.example.com = MX record for mail.example.com
>  *.example.com = CNAME myapp.appspot.com
> 

so you say that *.example.com is an alias (CNAME record), yet you want
to give it attributes (MX record)? or more precisely, you say that
*.example.com _IS_ myapp.appspot.com _BUT_ at the same time, it is not
because it has a different MX...

anyway, don't use CNAME for any domain that receives email.




> [snip]

Re: log analyzing: is target host attempting to verify sender

[mouss]

Voytek Eymont a écrit :
> I just see a number of these entries:
> 
> Apr 13 20:45:37 postfix/smtp[31121]: D1F8DB4491F: to=,
> relay=mail4.barnet.com.au[202.83.178.125]:25, delay=54911,
> delays=54902/0.04/5.4/3.9, dsn=4.1.7, status=deferred (host
> mail4.barnet.com.au[202.83.178.125] said: 450 4.1.7 :
> Sender address rejected: unverified address: host
> bilby.sbt.net.au[116.197.145.51] said: 550 5.1.1 :
> Recipient address rejected: User unknown in virtual mailbox table (in
> reply to RCPT TO command) (in reply to RCPT TO command))
> 
> 
> mx for the 'd...@domain.com.au' domain is
> 100   mail5.barnet.com.au 202.83.178.78
> 200   mail4.barnet.com.au 202.83.178.125
> 
> am I correct that:
> 
> the form email has apa...@sbt.net.au as sender;
> barnet.com.au attempted to verify 'apa...@sbt.net.au' on bilby.sbt.net.au;
> bilby replied 'user unknown', which then caused barnet to reject the email?
> 
> is form mail that has such a 'system address' like 'apache@', with such
> mailbox not present 'at fault', or is the remote server 'too strict' in
> attempting to verify such a sender email ?
> 
> 

so you're generating invalid mail and yet you're asking whether the
other side is wrong in rejecting it?

Re: lost connection with yahoo servers

[mouss]

Voytek Eymont a écrit :
> I seem to be having problems delivering emails to yahoo, how can I
> troubleshoot this ?
> 
> mailq:
> ...
> 777DAB446E8  7709303 Fri Apr  9 12:15:32  a...@googlemail.com
> (lost connection with e.mx.mail.yahoo.com[67.195.168.230] while sending
> end of data -- message may be sent more than once)
>  l...@yahoo.com.au
>  m...@yahoo.com
>  y...@yahoo.com
> ...
> --
> log:
> ...
> Apr 13 19:24:01 postfix/smtp[24377]: 777DAB446E8: to=,
> relay=c.mx.mail.yahoo.com[206.190.54.127]:25, delay=371309,
> delays=370795/0.37/210/304, dsn=4.4.2, status=deferred (lost connection
> with c.mx.mail.yahoo.com[206.190.54.127] while sending end of data --
> message may be sent more than once)
> 
> Apr 13 19:24:08 postfix/smtp[24378]: 777DAB446E8: to=,
> relay=b.mx.mail.yahoo.com[74.6.136.65]:25, delay=371316,
> delays=370795/0.38/328/193, dsn=4.4.2, status=deferred (lost connection
> with b.mx.mail.yahoo.com[74.6.136.65] while sending end of data -- message
> may be sent more than once)
> 
> Apr 13 20:35:27 postfix/qmgr[3973]: 777DAB446E8:
> from=, size=7709303, nrcpt=13 (queue active)

so you're sending mail to yahoo with a google sender address? you must
be very optimistic...

anyway, sending mail to yahoo, hotmail, ... is not easy. you may need to
pay...

> [snip]

Re: catch-all not working with postfix dovecot lda

[mouss]

fakessh a écrit :
> On Tue, 13 Apr 2010 18:38:28 -0300, Egberto Monteiro
>  wrote:
>> Apr 13 23:31:35 r13151 postfix/trivial-rewrite[5504]: warning: do not
> list
>> domain fakessh.eu in *BOTH *mydestination and virtual_alias_domains
>>
>>
>>
> 
> this error I do not know how to correct
> my mail server work correctly with that error
> 

the warning really means what it says!

you have

mydestination = $myhostname, localhost.$mydomain,
localhost,$mydomain,fakessh.eu,renelacroute.fr,nicolaspichot.fr

virtual_alias_domains = fakessh.eu renelacroute.fr nicolaspichot.fr

so fakessh.eu is in mydestination and in virtual_alias_domains. and the
warning says it should not.

consider reading the docs about address classes. a domain should only
belong to _one_ class.

> (snip]

Re: Cyrus-IMAPD, Postfix, LDAP, spamc and aliases

[take]

mouss wrote:
> do never say "this does that and that does this". show what things do
> instead. With all due respect, we don't trust you judgement. Unjustified
> claims are useless. so please try to convince us. tell us what happens.
> don't tell us what you think.

I'm sorry. I got the welcome mail but didn't read the link as I
obviously should have done.

The problem however got resolved and it was an pure example of PEBKAC.
I've had made too many changes with too many hours awake and things got
f*'d. Some sleep and fresh thinking sorted that out quite easily and now
I can move on.

Sorry again for my incorrect behaviour, next time I promise to read
guidelines before writing anything. I should've known better, but
obviously I didn't.

Thank you for your reply anyways.

-- 
Take

relay_recipient_maps question

[Gary Smith]

Currently we are using mysql plugin for this and are switching over to static 
files (or files generated on a schedule from the database).  Anyway, looking at 
the docs, it says that the entry need only been found in the file to be 
accepted, otherwise it will be rejected.  

"Postfix needs to know only if a lookup string is found or not, but it does not 
use the result from table lookup. 

If this parameter is non-empty, then the Postfix SMTP server will reject mail 
to unknown relay users. This feature is off by default. "

So, do I need just this format:

j...@domain.tld

I know some time ago someone had mentioned for the hash lookup table to work 
correctly it needed a key pair so I would think:

j...@domain.tld j...@domain.tld

Which is the proper way to do this.  I know I did this a long time ago but 
memories fad.

My intent is to rsync the source file to the postfix box, compare it to the 
local and if different replace local and then run postmap on the file, on a 5 
minute schedule basis.

Gary-

RE: Avoiding "User unknown in recipient table" during reload

[Gary Smith]

> The script just does:
> 
> * Copy in new relay_recipients file
> * postmap relay_recipients
> * postfix reload
> 
> Is there a better way to do this?  Should I stop postfix completely during
> this time?  Will putting the queue on hold avoid this problem, or do I need
> to stop Postfix completely from responding?
> 

Brian, 

I know this is a late follow up, but I am doing the same thing, or getting 
ready to.  Here is my general plan, with some questions.

I will have two db files for each type (transport1, transport2, 
relay_recipient_map1, relay_recipients_map2, etc).

The process will be similar to this:

*   Get the latest file as temp
*   Compare it to the last.type, same, then stop and go onto the next file
*   Which file do I need to update, 1 or 2.  If 1 was last, then do 2, 
otherwise do 1.  The file with the source size of 0 bytes with the candidate, 
if neither, default to 1.
*   Copy the temp file to the file I need to update
*   postmap the file I need to update
*   rename the file I need to update to last.type
*   any errors, stop, send email, go onto next file
*   zero the other file (not the db)
*   postmap the other file
*   repeat for each type I need to sync
*   wash, rinse, repeat every x minutes, assuming x might be 5

The general idea behind to files is that one will always have the full list, 
and the other will be the changing list.  I want to clear the second file (the 
one that wasn't updated) when the one that was is finished as I don't want to 
traverse the databases twice (except for that short amount of time when it is 
creating the db).

I was thinking about using postmap on the temp file and then doing the copy, 
but it's the same effect (as per the safe suggestions).  If the file is being 
copied, then you can run into the momentary slice of time when the contents of 
the original file are null (though it's a much smaller amount of time).

My questions:

*   Is this overkill?
*   Besides sometimes traversing the same hash twice, is there any other 
perceived issues with this ideology?
*   Or is the safe copy the best route?

Re: relay_recipient_maps question

[Stan Hoeppner]

Gary Smith put forth on 4/13/2010 7:07 PM:
> Currently we are using mysql plugin for this and are switching over to static 
> files (or files generated on a schedule from the database).  Anyway, looking 
> at the docs, it says that the entry need only been found in the file to be 
> accepted, otherwise it will be rejected.  
> 
> "Postfix needs to know only if a lookup string is found or not, but it does 
> not use the result from table lookup. 
> 
> If this parameter is non-empty, then the Postfix SMTP server will reject mail 
> to unknown relay users. This feature is off by default. "
> 
> So, do I need just this format:
> 
> j...@domain.tld
> 
> I know some time ago someone had mentioned for the hash lookup table to work 
> correctly it needed a key pair so I would think:
> 
> j...@domain.tld j...@domain.tld
> 
> Which is the proper way to do this.  I know I did this a long time ago but 
> memories fad.
> 
> My intent is to rsync the source file to the postfix box, compare it to the 
> local and if different replace local and then run postmap on the file, on a 5 
> minute schedule basis.
> 
> Gary-

All you need in the table is one fully qualified email address per line and
that's it.  When email arrives, Postfix checks the RCPT TO: address against
/etc/postfix/relay_recipients and if a match is found Postfix then relays
the message to the host specified in transport_maps as accepting mail for
that TLD.

-- 
Stan

Re: errors from postfix

[John Schmitt]

I want to thank you and Viktor for replying.

On Thu, Apr 08, 2010 at 07:18:38PM -0400, Wietse Venema wrote:
> John Schmitt:
[...]
> > Transcript of session follows.
> > 
> >  Out: 220 mymachine.mydomain.net ESMTP Postfix
> >  In:  HELO mymachine
> >  Out: 250 mymachine.mydomain.net
> >  In:  MAIL FROM:<>
> >  Out: 250 2.1.0 Ok
> >  In:  RCPT TO:<"???B?\" >
> >  Out: 501 5.1.3 Bad recipient address syntax
[...]

A few lines like this: 

Message-ID: <760857006668.qgjlcbdx...@ms49.hinet.net>
From: "B\" 
To: lili928...@yahoo.com.tw

are in the headers of an email message sitting in my yahoo inbox.  Is the last 
quotation mark escaped?   Is the message deliberately engineered in order to 
fool mailers?  As you saw, I'm fairly naive about these things.

John

Re: relay_recipient_maps question

[Magnus Bäck]

On Wed, April 14, 2010 5:01 am, Stan Hoeppner said:

> Gary Smith put forth on 4/13/2010 7:07 PM:

[...]

> > I know some time ago someone had mentioned for the hash lookup table
> > to work correctly it needed a key pair so I would think:
> >
> > j...@domain.tld j...@domain.tld
> >
> > Which is the proper way to do this.  I know I did this a long time
> > ago but memories fad.
> >
> > My intent is to rsync the source file to the postfix box, compare it
> > to the local and if different replace local and then run postmap on
> > the file, on a 5 minute schedule basis.
>
> All you need in the table is one fully qualified email address per line
> and that's it.  When email arrives, Postfix checks the RCPT TO: address
> against /etc/postfix/relay_recipients and if a match is found Postfix
> then relays the message to the host specified in transport_maps as
> accepting mail for that TLD.

No, indexed maps must have a right-hand side but when used with
relay_recipient_maps its contents happens to be ignored.

$ echo foo > table
$ postmap hash:table
postmap: warning: table, line 1: expected format: key whitespace value
$ postmap -q foo hash:table
$ echo $?
1

-- 
Magnus Bäck
mag...@dsek.lth.se