Re: Modifying body content before delivering

[Ansgar Wiechers]

On 2010-05-20 Jeroen Geilman wrote:
> On 05/19/2010 10:30 PM, Alex wrote:
>> Is it possible to strip the entire HTML content and pass only the
>> text? Perhaps the right way to say it would be to pass only the MIME
>> text and strip everything else?
>
> I found this fantastic little util called "mailtextbody" - it does
> just  that: strips off all non-text parts and leaves a clean,
> text-only message.

Sounds interesting, but how does it handle html-only mails (i.e. mails
with no text/plain MIME part) or mails that are declared text/plain, but
contain HTML nonetheless?

Regards
Ansgar Wiechers
-- 
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky

Re: Postfix, SASL and LDAPDB

[Julien Vehent]

On Wed, 19 May 2010 19:35:06 -0400, Victor Duchovni
 wrote:
> 
> Why did you change "cyrus" to "postfix"? Does this "postfix"
> user have the same rights as "cyrus" to do proxy authentication?
> 

Indeed, it does.


# ldapwhoami -Y DIGEST-MD5 -U postfix -H ldap://localhost -R
linuxwall.info -X u:julien
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: u:julien
SASL SSF: 128
SASL data security layer installed.
dn:cn=julien vehent,ou=people,dc=linuxwall,dc=info


> 
> Is your SMTP server chrooted? Have you configured a non-default
> Cyrus plugin search path?
> 

Nope. It's a completely out of the (debian) box cyrus/slapd/postfix
installation.

I described openldap and cyrus configurations here:

http://wiki.linuxwall.info/doku.php/en:ressources:dossiers:openldap:openldap_debian

http://wiki.linuxwall.info/doku.php/en:ressources:dossiers:cyrus:imapd


> 
> Well, the SMTP server may be chrooted, or may be looking outside
> /usr/lib/sasl2.

In which case, I don't think I would be seeing any connection to the LDAP
directory, since sasl wouldn't be able to find the ldapdb driver. Right ?



Thanks,
Julien

Re: Postfix, SASL and LDAPDB

[Julien Vehent]

On Thu, 20 May 2010 06:52:17 +0200, Patrick Ben Koetter
 wrote:
> 
> Different to Cyrus IMAP, Postfix does not pass config vars to libsasl
> during
> startup from its own config file, but lets libsasl read the
configuration
> from
> an external file i.e. smtpd.conf. As a result of that you don't need
(read:
> must not) prepend parameters with e.g. "sasl_".
> 
> This configuration in smtpd.conf is syntactically correct:
> 
> pwcheck_method: auxprop
> auxprop_plugin: ldapdb
> mech_list: DIGEST-MD5 PLAIN LOGIN
> ldapdb_uri: ldap://localhost
> ldapdb_id: postfix
> ldapdb_pw: f4oi6u87j687qzer613bv867zq43o
> ldapdb_mech: DIGEST-MD5
> 
> p...@rick
> 
> 
> 

OK. That's useful information.

I can confirm that '/etc/postfix/sasl/smtpd.conf' is read and used by the
sasl library, because when I change the ldapdb_uri to something like
'ldapdb_uri: ldap://localhost:1024', postfix still tries to authenticate
but slapd doesn't receive any connection.

I tried again with user cyrus instead of postfix, but I still have this in
'/var/log/auth.log'


May 20 11:45:48 samchiel postfix/smtpd[30561]: No worthy mechs found


I attached the logs of cyrus-imap user login, just to prove that it's
working in this configuration.


So, from my limited knowledge, It's narrowed down to this: why can't smtpd
find any worthy mechanism when trying to authenticate to LDAP using the
SASL library ?




Thanks for your help,
Julien
# nc localhost 143

* OK samchiel Cyrus IMAP4 v2.2.13-Debian-2.2.13-19 server ready
. login julien xxx
. OK User logged in
. logout
* BYE LOGOUT received
. OK Completed


# tail /var/log/mail.info

May 20 11:38:10 samchiel cyrus/imap[30478]: login: localhost [127.0.0.1] julien 
plaintext User logged in


# tail /var/log/auth.log

May 20 11:38:10 samchiel cyrus/imap[30478]: DIGEST-MD5 client step 2
May 20 11:38:10 samchiel cyrus/imap[30478]: DIGEST-MD5 client step 2
May 20 11:38:10 samchiel cyrus/imap[30478]: DIGEST-MD5 client step 3


# grep "11:38:10" /var/log/slapd.log |grep conn

May 20 11:38:10 samchiel slapd[1431]: conn=53 fd=17 ACCEPT from 
IP=127.0.0.1:50793 (IP=127.0.0.1:389)
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=0 BIND dn="" method=163
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=0 RESULT tag=97 err=14 
text=SASL(0): successful result:
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 BIND dn="" method=163
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 BIND authcid="cyrus" 
authzid="cyrus"
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 BIND dn="cn=cyrus 
administrator,ou=infrastructure,dc=linuxwall,dc=info" mech=DI
GEST-MD5 sasl_ssf=128 ssf=128
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 RESULT tag=97 err=0 text=
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 PROXYAUTHZ dn="cn=julien 
vehent,ou=people,dc=linuxwall,dc=info"
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 EXT 
oid=1.3.6.1.4.1.4203.1.11.3
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 WHOAMI
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 RESULT oid= err=0 text=
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 PROXYAUTHZ dn="cn=julien 
vehent,ou=people,dc=linuxwall,dc=info"
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 SRCH base="cn=julien 
vehent,ou=people,dc=linuxwall,dc=info" scope=0 deref=0 fil
ter="(objectClass=*)"
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 SRCH attr=userPassword 
cmusaslsecretPLAIN
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 SEARCH RESULT tag=101 err=0 
nentries=1 text=
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=4 UNBIND
May 20 11:38:10 samchiel slapd[1431]: conn=53 fd=17 closed

[patch] build failure against db-5.0

[Eray Aslan]

Berkeley DB 5.0 is out and provides an SQlite-compatible interface.
Having an alternative to SQLite is considered a good thing and there is
some interest in bringing db-5.0 into mainstream use.

Postfix fails to build against Berkeley-DB-5.0.21:
[...]
gcc -Wmissing-prototypes -Wformat -DHAS_PCRE -DSNAPSHOT -g -O -I.
-DLINUX2 -c dict_db.c
dict_db.c:685:2: error: #error "Unsupported Berkeley DB version"
make: *** [dict_db.o] Error 1

The following patch seems to work for me:

diff --git a/src/util/dict_db.c b/src/util/dict_db.c
index e4b301d..1decd62 100644
--- a/src/util/dict_db.c
+++ b/src/util/dict_db.c
@@ -675,7 +675,7 @@ static DICT *dict_db_open(const char *class, const char 
*path, int open_flags,
msg_fatal("set DB cache size %d: %m", dict_db_cache_size);
 if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0)
msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM);
-#if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0)
+#if (DB_VERSION_MAJOR == 5) || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0)
 if ((errno = db->open(db, 0, db_path, 0, type, db_flags, 0644)) != 0)
msg_fatal("open database %s: %m", db_path);
 #elif (DB_VERSION_MAJOR == 3 || DB_VERSION_MAJOR == 4)

-- 
Eray

Re: Using -o smtpd_end_of_data_restrictions=check_policy_service unix:private/policy not working in master.cf bugfix?

[Harakiri]

--- On Wed, 5/19/10, Michael Tokarev  wrote:

> From: Michael Tokarev 
> Subject: Re: Using -o 
> > postfix complains about an invalid syntax (probably
> due the space between policy server and
> unix:private/policy)
> 
> Try using a comma instead of a space there:
> 
>  -o
> smtpd_end_of_data_restrictions=check_policy_service,unix:private/policy
> 
> it works due to the way config parser is implemented, it's
> ugly, but
> it works ;)

Great thank you, still looks like this bug should be fixed in later versions.



  

Re: translating just the domain name (for all users in the domain)

[Phil Howard]

On Wed, May 19, 2010 at 17:46, Noel Jones  wrote:

> Sounds as if you need to generate static files with a script.  Don't worry
> about the number of entries; hash: tables scale well to hundreds of thousand
> entries, or use cdb: files for fast performance up to millions of entries.
> (cdb: works great for smaller files too.)
>

Sure does.

Over on the Dovecot side of things, I have the passdb/userdb files split out
by domain name.  This allows me to manage restricted access.  That means I
can permit a less-technical administrator to access only certain domains.
If they cause a problem, or some other problem happens when they are
updating, there is less exposure to failure (and less work the update
regression tests I could add to that have to do).

So it looks like I'll need to regenerate the virtual_alias_map file every
time even users are updated (much more frequent then how often domains are
updated), and run the mail system tests more often.  I can, of course,
generate them from those Dovecot passdb files.

Re: virtual_transport not delivering

[Mike A. Leonetti]

So if I put "virtual_mailbox_domains = domain.com" mail will be
delivered using the virtual_transport I guess. But when it's doing the
alias it always adds "domain.com" at the end. How does it know to do that?

Mike A. Leonetti
As warm as green tea

On 05/19/10 23:51, Noel Jones wrote:
> On 5/19/2010 10:27 PM, Mike A. Leonetti wrote:
>   
>> I'm trying to have messages delivered via the $virtual_transport but it
>> keeps being delivered by the mailbox_command. The $virtual_alias_maps
>> should have all of the e-mail addresses for the system, but when the
>> actual e-mail addresses get resolved they look like this:
>> barbara-userdomain@domain.com where userdomain.com is the tenant
>> domain on the server and userdomain.com is accepted by $mydesination below.
>> 
> Domains to be delivered by the virtual transport should be
> listed as virtual_mailbox_domains and not listed in mydestination.
> http://www.postfix.org/BASIC_CONFIGURATION_README.html
> http://www.postfix.org/VIRTUAL_README.html
>
> Alternately, you can use a transport_maps entry to direct a
> specific user to a specific transport.
> http://www.postfix.org/transport.5.html
>
>
>   
>> I'm usually really not good at explaining things so if there is anything
>> I can make more clear please let me know. Below is my main.cf.
>>
>> 
> If you need more help, please see:
> http://www.postfix.org/DEBUG_README.html#mail
>
>
>   -- Noel Jones
>   

stumped: postfix silently won't start

[Len Conrad]

FreeBSD 7.0-RELEASE

mail_version = 2.8-20100323

postfix start

or

/usr/local/etc/rc.d/postfix start

followed immediately by

postfix stop

gives

postfix/postfix-script: fatal: the Postfix mail system is not running

ps auxw| egrep master

... nothing.

rc.conf.local  has postfix_enable="YES"

I've edit postscript-script, adding "-v -v":

start)   
 
$daemon_directory/master -t 2>/dev/null || {
$FATAL the Postfix mail system is already running
exit 1
}
if [ -f $queue_directory/quick-start ]
then
rm -f $queue_directory/quick-start
else
$daemon_directory/postfix-script check-fatal || {
$FATAL Postfix integrity check failed!   
exit 1
}
# Foreground this so it can be stopped. All inodes are cached.
$daemon_directory/postfix-script check-warn
fi
$INFO starting the Postfix mail system
$daemon_directory/master -v -v &
;;

the tail of maillog shows:

May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: dict_eval: const  
May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: dict_update: 
master_service_disable = 
May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: dict_lookup: 
default_process_limit = (notfound)
May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: dict_update: 
default_process_limit = 100
May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: mac_parse: 60s
May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: dict_eval: const  60s
May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: dict_lookup: 
service_throttle_time = (notfound)
May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: dict_update: 
service_throttle_time = 60s
May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: dict_lookup: 
service_throttle_time = 60s
May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: mac_parse: 60s
May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: dict_eval: const  60s
May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: name_mask: ipv4
May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: set_eugid: euid 125 
egid 125
May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: setugid: uid 0 gid 0

 no errors in system messages file, no errors in maillog, no errors in 
dmesg system buffer.

I've thrown in 3 different main.cf from other postfix boxes, which should have 
thrown lots of errors in maillog, no change, no errors, no master ever.

I've totally cleaned out postfix and all config files, and did new make in dir 
postfix-current.

Leaving the virgin, unconfigged, distributed main.cf and editing postfix-script 
just to add -v -v. same results.  

Len

Re: Using -o smtpd_end_of_data_restrictions=check_policy_service unix:private/policy not working in master.cf bugfix?

[Noel Jones]

On 5/20/2010 5:32 AM, Harakiri wrote:



--- On Wed, 5/19/10, Michael Tokarev  wrote:


From: Michael Tokarev
Subject: Re: Using -o

postfix complains about an invalid syntax (probably

due the space between policy server and
unix:private/policy)

Try using a comma instead of a space there:

  -o
smtpd_end_of_data_restrictions=check_policy_service,unix:private/policy

it works due to the way config parser is implemented, it's
ugly, but
it works ;)


Great thank you, still looks like this bug should be fixed in later versions.



This is not a bug; it's documented behavior.  Changing this 
behavior would require a major rewrite of the config parser 
and likely require other existing documented behavior to 
change in incompatible ways -- such as a completely new config 
syntax.


  -- Noel Jones

Re: virtual_transport not delivering

[Noel Jones]

On 5/20/2010 8:32 AM, Mike A. Leonetti wrote:
> So if I put "virtual_mailbox_domains = domain.com" mail will be
> delivered using the virtual_transport I guess. But when it's doing the
> alias it always adds "domain.com" at the end. How does it know to do that?

Please don't top-post.

Bare user names will have "@$myorigin" appended to them.
Better to always use fully-qualified results in your table to
prevent surprises.

  -- Noel Jones

Re: virtual_transport not delivering

[Mike A. Leonetti]

On 05/20/10 12:40, Noel Jones wrote:
> On 5/20/2010 8:32 AM, Mike A. Leonetti wrote:
>   
>> So if I put "virtual_mailbox_domains = domain.com" mail will be
>> delivered using the virtual_transport I guess. But when it's doing the
>> alias it always adds "domain.com" at the end. How does it know to do that?
>> 
> Please don't top-post.
>
> Bare user names will have "@$myorigin" appended to them.
> Better to always use fully-qualified results in your table to
> prevent surprises.
>
>   -- Noel Jones
>   
Thank you.

Re: Postfix, SASL and LDAPDB [solved]

[Julien Vehent]

Like most of the time, I discover that I've been too hasty to answer !

Postfix IS chrooted on Debian by default. At least, smtpd is. And by
removing the chroot in master.conf, I can now see that DIGEST-MD5 is
negociated with Slapd. (it still doesn't work though...)

-
May 20 18:32:13 samchiel postfix/smtpd[1342]: DIGEST-MD5 client step 2
May 20 18:32:13 samchiel postfix/smtpd[1342]: DIGEST-MD5 client step 2
May 20 18:32:13 samchiel postfix/smtpd[1342]: DIGEST-MD5 client step 3
-

Now, all i need to do is to figure out how to work with both the chroot
and the sasl library on debian... any hint is welcome.


Sorry guys, and thanks for the help.

Re: Using -o smtpd_end_of_data_restrictions=check_policy_service unix:private/policy not working in master.cf bugfix?

[d . hill]

Quoting Harakiri :




--- On Wed, 5/19/10, Michael Tokarev  wrote:


From: Michael Tokarev 
Subject: Re: Using -o
> postfix complains about an invalid syntax (probably
due the space between policy server and
unix:private/policy)

Try using a comma instead of a space there:

 -o
smtpd_end_of_data_restrictions=check_policy_service,unix:private/policy

it works due to the way config parser is implemented, it's
ugly, but
it works ;)


Great thank you, still looks like this bug should be fixed in later versions.


From the man page for master.cf (http://www.postfix.org/master.5.html):

 ...
 NOTE 1: do not specify whitespace around the
 "=".   In  parameter  values,  either  avoid
 whitespace altogether, use commas instead of
 spaces,   or  consider  overrides  like  "-o
 name=$override_parameter"with $over-
 ride_parameter set in main.cf.
 ...

In other words, you could define this somewhere in main.cf:

...
$my_policy = check_policy_service unix:private/policy
...

Then in master.cf:

...
-o smtpd_end_of_data_restrictions=$my_policy
...

Re: stumped: postfix silently won't start

[Wietse Venema]

Len Conrad:
> FreeBSD 7.0-RELEASE
> 
> mail_version = 2.8-20100323
> 
> postfix start
> 
> or
> 
> /usr/local/etc/rc.d/postfix start
> 
> followed immediately by
> 
> postfix stop
> 
> gives
> 
> postfix/postfix-script: fatal: the Postfix mail system is not running
> 
> ps auxw| egrep master
> 
> ... nothing.

So, what has changed?

Wietse

Postfix binaries pointed to /opt/lib

[Patrick Baker]

Hello,

I'm attempting to build postfix for a boxed NAS solution that uses a ramdisk
for the underlying OS.  When I build postfix the libraries are found due to
my build specification below.  However, once the binary is built and
executed there are library errors because the binary is not looking in
/opt/lib.  Is there a way to statically point the postfix binaries built to
/opt/lib so that its not required to make a change to the ld.so.conf?  Its
interesting to point out that on this system the ld.so.conf is overwritten
at each boot due to the ramdisk.

make makefiles CCARGS="-I/opt/include/openssl -I/opt/include
-I/opt/include/sasl \
-DUSE_TLS \
-DHAS_DB \
-DHAS_PCRE \
-DUSE_SASL_AUTH \
-DUSE_CYRUS_SASL" \
AUXLIBS="-L/opt/lib -R/opt/lib -lssl -lcrypto -ldb -lpcre -lsasl2 -L/lib
-lpthread"

With regards,

Patrick

Re: stumped: postfix silently won't start

[Len Conrad]

-- Original Message --
From: Wietse Venema 
Reply-To: Postfix users 
Date:  Thu, 20 May 2010 13:08:31 -0400 (EDT)

>Len Conrad:
>> FreeBSD 7.0-RELEASE
>> 
>> mail_version = 2.8-20100323
>> 
>> postfix start
>> 
>> or
>> 
>> /usr/local/etc/rc.d/postfix start
>> 
>> followed immediately by
>> 
>> postfix stop
>> 
>> gives
>> 
>> postfix/postfix-script: fatal: the Postfix mail system is not running
>> 
>> ps auxw| egrep master
>> 
>> ... nothing.
>
>So, what has changed?
>
>   Wietse

/change/ DUNNO

I found that pf, packet filter was activated in rc.conf.local, but no rules in 
place. deactivated it.

the machine had over 1 year uptime (it's our syslog server), but I rebooted 
anyway.

no change.  Master refuses quietly to stay resident.

master's last maillog words are still:

 postfix/master[2137]: setugid: uid 0 gid 0

and then silence.

Len

Re: Postfix binaries pointed to /opt/lib

[Patrick Baker]

I was able to fix this.  It would appear that the rpath was not being picked
up for some reason in the AUXLIBS via the -R flag.  I was able to overcome
this by setting the environment variable LD_RUN_PATH=/opt/lib

On Thu, May 20, 2010 at 2:25 PM, Patrick Baker wrote:

> Hello,
>
> I'm attempting to build postfix for a boxed NAS solution that uses a
> ramdisk for the underlying OS.  When I build postfix the libraries are found
> due to my build specification below.  However, once the binary is built and
> executed there are library errors because the binary is not looking in
> /opt/lib.  Is there a way to statically point the postfix binaries built to
> /opt/lib so that its not required to make a change to the ld.so.conf?  Its
> interesting to point out that on this system the ld.so.conf is overwritten
> at each boot due to the ramdisk.
>
> make makefiles CCARGS="-I/opt/include/openssl -I/opt/include
> -I/opt/include/sasl \
> -DUSE_TLS \
> -DHAS_DB \
> -DHAS_PCRE \
> -DUSE_SASL_AUTH \
> -DUSE_CYRUS_SASL" \
> AUXLIBS="-L/opt/lib -R/opt/lib -lssl -lcrypto -ldb -lpcre -lsasl2 -L/lib
> -lpthread"
>
> With regards,
>
> Patrick
>

Re: stumped: postfix silently won't start

[Wietse Venema]

Len Conrad:
> >> postfix/postfix-script: fatal: the Postfix mail system is not running
> >> 
> >> ps auxw| egrep master
> >> 
> >> ... nothing.
> >
> >So, what has changed?
> >
> > Wietse
> 
> /change/ DUNNO
> 
> I found that pf, packet filter was activated in rc.conf.local, but no rules 
> in place. deactivated it.
> 
> the machine had over 1 year uptime (it's our syslog server), but I rebooted 
> anyway.
> 
> no change.  Master refuses quietly to stay resident.
> 
> master's last maillog words are still:
> 
>  postfix/master[2137]: setugid: uid 0 gid 0
> 
> and then silence.

Try running the master under ktrace:

ktrace /some/where/master -d
kdump

My speculation is that some library (or the master executable)
got corrupted.

Wietse

Re: stumped: postfix silently won't start

[Len Conrad]

-- Original Message --
From: "Len Conrad" 
Reply-To: 
Date:  Thu, 20 May 2010 20:35:40 +0200

>-- Original Message --
>From: Wietse Venema 
>Reply-To: Postfix users 
>Date:  Thu, 20 May 2010 13:08:31 -0400 (EDT)
>
>>Len Conrad:
>>> FreeBSD 7.0-RELEASE
>>> 
>>> mail_version = 2.8-20100323
>>> 
>>> postfix start
>>> 
>>> or
>>> 
>>> /usr/local/etc/rc.d/postfix start
>>> 
>>> followed immediately by
>>> 
>>> postfix stop
>>> 
>>> gives
>>> 
>>> postfix/postfix-script: fatal: the Postfix mail system is not running
>>> 
>>> ps auxw| egrep master
>>> 
>>> ... nothing.
>>
>>So, what has changed?
>>
>>  Wietse
>
>/change/ DUNNO
>
>I found that pf, packet filter was activated in rc.conf.local, but no rules in 
>place. deactivated it.
>
>the machine had over 1 year uptime (it's our syslog server), but I rebooted 
>anyway.
>
>no change.  Master refuses quietly to stay resident.
>
>master's last maillog words are still:
>
> postfix/master[2137]: setugid: uid 0 gid 0
>
>and then silence.
>
>Len

=

I inserted truss in postfix-script before master.  Here's the last few lines of 
truss output:

close(486)   ERR#9 'Bad file descriptor'
close(487)   ERR#9 'Bad file descriptor'
close(488)   ERR#9 'Bad file descriptor'
close(489)   ERR#9 'Bad file descriptor'
close(490)   ERR#9 'Bad file descriptor'
close(491)   ERR#9 'Bad file descriptor'
close(492)   ERR#9 'Bad file descriptor'
close(493)   ERR#9 'Bad file descriptor'
close(494)   ERR#9 'Bad file descriptor'
close(495)   ERR#9 'Bad file descriptor'
close(496)   ERR#9 'Bad file descriptor'
close(497)   ERR#9 'Bad file descriptor'
close(498)   ERR#9 'Bad file descriptor'
close(499)   ERR#9 'Bad file descriptor'
geteuid(0xa,0x805da9a,0xbfbfe9a8,0x8056cbf,0x28202048,0x28202048) = 0 (0x0)
getuid(0xa,0x805da9a,0xbfbfe9a8,0x8056cbf,0x28202048,0x28202048) = 0 (0x0)
issetugid(0xa,0x805da9a,0xbfbfe9a8,0x8056cbf,0x28202048,0x28202048) = 0 (0x0)
getgid(0xa,0x805da9a,0xbfbfe9a8,0x8056cbf,0x28202048,0x28202048) = 0 (0x0)
getegid(0xa,0x805da9a,0xbfbfe9a8,0x8056cbf,0x28202048,0x28202048) = 0 (0x0)
geteuid(0x0,0x1,0xbfbfe9c8,0x805593d,0x28203048,0x805ef98) = 0 (0x0)
getuid(0x0,0x1,0xbfbfe9c8,0x805593d,0x28203048,0x805ef98) = 0 (0x0)
issetugid(0x0,0x1,0xbfbfe9c8,0x805593d,0x28203048,0x805ef98) = 0 (0x0)
getgid(0x0,0x1,0xbfbfe9c8,0x805593d,0x28203048,0x805ef98) = 0 (0x0)
getegid(0x0,0x1,0xbfbfe9c8,0x805593d,0x28203048,0x805ef98) = 0 (0x0)
access("/etc/localtime",4)   = 0 (0x0)
open("/etc/localtime",O_RDONLY,00)   = 3 (0x3)
fstat(3,{mode=-r--r--r-- ,inode=188781,size=1279,blksize=4096}) = 0 (0x0)
read(3,"TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,7944) = 1279 (0x4ff)
close(3) = 0 (0x0)
socket(PF_LOCAL,SOCK_DGRAM,0)= 3 (0x3)
fcntl(3,F_SETFD,FD_CLOEXEC)  = 0 (0x0)
connect(3,{ AF_UNIX "/var/run/logpriv" },106)= 0 (0x0)
getuid(0x80559a0,0x1,0x10,0xbfbfeb1c,0xbfbfeb24,0x281beda0) = 0 (0x0)
geteuid(0x4,0xbfbfea4c,0xbfbfea08,0x8049eec,0x80559a0,0x1) = 0 (0x0)
getuid(0x4,0xbfbfea4c,0xbfbfea08,0x8049eec,0x80559a0,0x1) = 0 (0x0)
issetugid(0x4,0xbfbfea4c,0xbfbfea08,0x8049eec,0x80559a0,0x1) = 0 (0x0)
getgid(0x4,0xbfbfea4c,0xbfbfea08,0x8049eec,0x80559a0,0x1) = 0 (0x0)
getegid(0x4,0xbfbfea4c,0xbfbfea08,0x8049eec,0x80559a0,0x1) = 0 (0x0)
close(0) = 0 (0x0)
open("/dev/null",O_RDWR,00)  = 0 (0x0)
close(1) = 0 (0x0)
open("/dev/null",O_RDWR,00)  = 1 (0x1)
close(2) = 0 (0x0)
open("/dev/null",O_RDWR,00)  = 2 (0x2)
setsid(0x805c71d,0x2,0x0,0xbfbfeb1c,0xbfbfeb24,0x281beda0) ERR#1 'Operation not 
permitted'
getsid(0x0,0x2,0x0,0xbfbfeb1c,0xbfbfeb24,0x281beda0) = 798 (0x31e)
getpid(0x0,0x2,0x0,0xbfbfeb1c,0xbfbfeb24,0x281beda0) = 18366 (0x47be)
gettimeofday({1274384341.299480},0x0)= 0 (0x0)
getpid(0x28201068,0x281c3e20,0xbfbfe8c2,0x0,0x0,0xbfbfdc7e) = 18366 (0x47be)
sendto(3,"<18>May 20 14:39:01 postfix/mast"...,117,0x0,NULL,0x0) = 117 (0x75)
nanosleep({1.0}) = 0 (0x0)
process exit, rval = 1

Len

Re: stumped: postfix silently won't start

[Len Conrad]

-- Original Message --
From: Wietse Venema 
Reply-To: Postfix users 
Date:  Thu, 20 May 2010 15:34:27 -0400 (EDT)

>Len Conrad:
>> >> postfix/postfix-script: fatal: the Postfix mail system is not running
>> >> 
>> >> ps auxw| egrep master
>> >> 
>> >> ... nothing.
>> >
>> >So, what has changed?
>> >
>> >Wietse
>> 
>> /change/ DUNNO
>> 
>> I found that pf, packet filter was activated in rc.conf.local, but no rules 
>> in place. deactivated it.
>> 
>> the machine had over 1 year uptime (it's our syslog server), but I rebooted 
>> anyway.
>> 
>> no change.  Master refuses quietly to stay resident.
>> 
>> master's last maillog words are still:
>> 
>>  postfix/master[2137]: setugid: uid 0 gid 0
>> 
>> and then silence.
>
>Try running the master under ktrace:
>
>ktrace /some/where/master -d
>kdump
>
>My speculation is that some library (or the master executable)
>got corrupted.

=

the end of kdump :

18781 master   CALL  setuid(0)
 18781 master   RET   setuid 0
 18781 master   CALL  gettimeofday(0xbfbfde78,0)
 18781 master   RET   gettimeofday 0
 18781 master   CALL  getpid
 18781 master   RET   getpid 18781/0x495d
 18781 master   CALL  sendto(0x3,0xbfbfdebe,0x81,0,0,0)
 18781 master   GIO   fd 3 wrote 129 bytes
   "<18>May 20 14:51:40 postfix/master[18781]: fatal: open lock file 
/var/db/postfix/master.lock: cannot open file: Permission denied"
 18781 master   RET   sendto 129/0x81
 18781 master   CALL  nanosleep(0xbfbfebc8,0xbfbfebc0)
 18781 master   RET   nanosleep 0
 18781 master   CALL  exit(0x1)

Just to get something going, I've chmod -R 777 /var/db/postfix, but no change.

Len

recieving mail for same domain from diferrent locations

[Katzir, Igal]

Hello to u all mail experts,



We are running postfix mail servers in several locations around the world: 2 in 
CA US, 2 in TX US, 2 in London, 1 in Paris & 2 in Sydney Australia.

In each production environment the servers sits 'behind' a vip for high 
availability.

The main purpose of these mail servers is to relay outbound mail from our 
application servers to the Customers.

Now we have a new requirement; we need also to accept mail for domain 
example.hp.com , we will create a mailbox for some application instance which 
connects to the mail server in pop3 to retrieve the mail.

This is a totally new game where I have some concerns:

-  How to build a high availability solution where if one server fails 
the other one can also present the mailboxes which sits on a storage connected 
via nfs.

-  How to know where to route each message on the globe? ; From the 
best of my knowledge there are two basic solutions of this:

o   Either create a sub domain for each location : lon.example.hp.com, 
syd.example.hp.com etc... the drawback is that I need to maintain all these 
mail servers which accept mail with virus detection etc...

o   Other solution maybe to have one cluster which accept all mail for 
example.hp.com and route it via our internal vpn to the correct pop3account 
mailbox according to some transport map on the central receiving mail server.

Has anyone run this kind of environments and get an experienced answer what 
would be easier maintain?



Thanks,

Igal Katzir



Infrastructure Engineer

Phone:+972-3-5397090

Mobile:+972-54-5597086



cid:image005.jpg@01CAD72D.F7FC7CE0

<>

Re: stumped: postfix silently won't start

[Wietse Venema]

Len Conrad:
> setsid(0x805c71d,0x2,0x0,0xbfbfeb1c,0xbfbfeb24,0x281beda0) ERR#1 'Operation 
> not permitted'
> getsid(0x0,0x2,0x0,0xbfbfeb1c,0xbfbfeb24,0x281beda0) = 798 (0x31e)
> getpid(0x0,0x2,0x0,0xbfbfeb1c,0xbfbfeb24,0x281beda0) = 18366 (0x47be)
> gettimeofday({1274384341.299480},0x0)= 0 (0x0)
> getpid(0x28201068,0x281c3e20,0xbfbfe8c2,0x0,0x0,0xbfbfdc7e) = 18366 (0x47be)
> sendto(3,"<18>May 20 14:39:01 postfix/mast"...,117,0x0,NULL,0x0) = 117 (0x75)

In that case, you will have an error message in the syslog file
that starts with "May 20 14:39:01 postfix/master..." and that
explains why it terminates.

Wietse

Re: stumped: postfix silently won't start

[Wietse Venema]

Len Conrad:
> the end of kdump :
> 
> 18781 master   CALL  setuid(0)
>  18781 master   RET   setuid 0
>  18781 master   CALL  gettimeofday(0xbfbfde78,0)
>  18781 master   RET   gettimeofday 0
>  18781 master   CALL  getpid
>  18781 master   RET   getpid 18781/0x495d
>  18781 master   CALL  sendto(0x3,0xbfbfdebe,0x81,0,0,0)
>  18781 master   GIO   fd 3 wrote 129 bytes
>"<18>May 20 14:51:40 postfix/master[18781]: fatal: open lock file 
> /var/db/postfix/master.lock: cannot open file: Permission denied"
>  18781 master   RET   sendto 129/0x81
>  18781 master   CALL  nanosleep(0xbfbfebc8,0xbfbfebc0)
>  18781 master   RET   nanosleep 0
>  18781 master   CALL  exit(0x1)

In that case, you have an error message in the syslog file.

> Just to get something going, I've chmod -R 777 /var/db/postfix, but no change.

Of course not. The directory can be accessible ONLY if the PARENT
directories are accessible.

Wietse

Re: stumped: postfix silently won't start

[Len Conrad]

-- Original Message --
From: Wietse Venema 
Date:  Thu, 20 May 2010 17:35:46 -0400 (EDT)

>Len Conrad:
>> setsid(0x805c71d,0x2,0x0,0xbfbfeb1c,0xbfbfeb24,0x281beda0) ERR#1 'Operation 
>> not permitted'
>> getsid(0x0,0x2,0x0,0xbfbfeb1c,0xbfbfeb24,0x281beda0) = 798 (0x31e)
>> getpid(0x0,0x2,0x0,0xbfbfeb1c,0xbfbfeb24,0x281beda0) = 18366 (0x47be)
>> gettimeofday({1274384341.299480},0x0)= 0 (0x0)
>> getpid(0x28201068,0x281c3e20,0xbfbfe8c2,0x0,0x0,0xbfbfdc7e) = 18366 (0x47be)
>> sendto(3,"<18>May 20 14:39:01 postfix/mast"...,117,0x0,NULL,0x0) = 117 (0x75)
>
>In that case, you will have an error message in the syslog file
>that starts with "May 20 14:39:01 postfix/master..." and that
>explains why it terminates.

=

found it:

/var/log/console.log:May 20 14:39:01 s...@sl1.hctc.net postfix/master[18366]: 
fatal: unable to set session and process group ID: Operation not permitted

Len

Re: [patch] build failure against db-5.0

[Victor Duchovni]

On Thu, May 20, 2010 at 01:29:49PM +0300, Eray Aslan wrote:

> Berkeley DB 5.0 is out and provides an SQlite-compatible interface.
> Having an alternative to SQLite is considered a good thing and there is
> some interest in bringing db-5.0 into mainstream use.

Is this the default Berkeley-DB version for your system platform? If
not, you should generally avoid the temptation to use a non-default
Berkeley-DB.

> dict_db.c:685:2: error: #error "Unsupported Berkeley DB version"

Yes, the list of supported (major) versions is manually maintained.

> --- a/src/util/dict_db.c
> +++ b/src/util/dict_db.c
> -#if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0)
> +#if (DB_VERSION_MAJOR == 5) || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 
> 0)

Have you read the release-notes? What are the incompatibilities with 4.x
(if any)?

-- 
Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment.  If you are interested, please drop me a note.

Re: [PATCH] Re: OpenSSL 0.9.8 <-> 1.0.0 CApath (in)compatibility

[Victor Duchovni]

On Thu, May 20, 2010 at 09:45:41AM +0200, Matthias Andree wrote:

>> The only race condition is when a trusted root is deleted which has the
>> same hash as a trusted root that stays, and the "hash.0" link needs to go
>> while the "hash.1" link stays. [...] This is substantially safer than
>> the crude "delete all links, then make new links" approach of c_rehash.
>
> Even if, let's extend the c_rehash tool because that's much less of a
> hassle and can later be included upstream if desired.

The patch you posted looks reasonable. In my case, the
backwards-compatible CApath, is only needed briefly, while I am installing
the new Postfix that links with 1.0.0. After that, I don't need the old
links, since the CApath in question is used by exactly one application.

I also wanted non-disruptive CApath updates...

-- 
Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment.  If you are interested, please drop me a note.

quota and postfix virtual users

[gbotero]

hi everyone im confuse with that i have postifx 2.5.1 from rpm with vda
and mysql and dovecot virtual domains and everything is working fine but my
question is in dovecot i need to put the quota_rules for the postfix???
mean when i put quota_rule in dovecot this appear in roundcube but
calculate is wrong or i dont need to modify dovecot?? sorry for my english
im from south of colombia, good luck and bye bye

Re: [patch] build failure against db-5.0

[Eray Aslan]

On 05/21/2010 01:33 AM, Victor Duchovni wrote:
> On Thu, May 20, 2010 at 01:29:49PM +0300, Eray Aslan wrote:
> Is this the default Berkeley-DB version for your system platform?

No

> If
> not, you should generally avoid the temptation to use a non-default
> Berkeley-DB.

I maintain some packages for Gentoo Linux.  This came up while testing
application compatibility with Berkeley DB 5.0.

>> --- a/src/util/dict_db.c
>> +++ b/src/util/dict_db.c
>> -#if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0)
>> +#if (DB_VERSION_MAJOR == 5) || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 
>> 0)
> 
> Have you read the release-notes? What are the incompatibilities with 4.x
> (if any)?

I've seen nothing major so far.

http://www.oracle.com/technology/documentation/berkeley-db/db/installation/changelog_5_0.html
http://www.oracle.com/technology/documentation/berkeley-db/db/installation/upgrade_11gr2_toc.html

-- 
Eray