date:20100625

On Thu, Jun 24, 2010 at 06:35:04PM -0400, Wietse Venema wrote:
> Keld Simonsen:
> > For postfix proper, does postfix invoke the postfix sendmail command 
> > somewhere
> > in the process as an MTA to deliver a mail, - for aliases expansion?
> 
> The Postfix sendmail command RECEIVES mail INTO Postfix.
> The Postfix sendmail command is not used to DELIVER mail.

OK, What can you recommend to me to have postfix  do VERP
for a recipient listed in an alias file, and where this recipient 
is specified via an :include: statement?

Best regards
keld

Mail discarded

2010-06-25 Thread sasashop

Hi, from a few days much incomings mails are blocked and in log file I have 
always 'discarded, UBE':


Jun 24 13:10:23 mail postfix/qmgr[445]: CB6FD26A1AF: from=, 
size=49182, nrcpt=1 (queue active)
Jun 24 13:10:26 mail postfix/smtp[25251]: CB6FD26A1AF: 
to=, orig_to=y...@mydomain.com, 
relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=1.3/0/0.01/2.9, 
dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=23600-10)

Jun 24 13:10:26 mail postfix/qmgr[445]: CB6FD26A1AF: removed

but the domain 'email.it' (but I have this problem with much mail domains) 
isn't in blacklist and this domain is certainly 'clean'.

My doubt is for what reason these mail are blocked ?
On my mail server I have SA-3.2.5 with postfix/amavisd-new/clamav.
Thanks.

--

  Salvatore.

Re: Mail discarded

2010-06-25 Thread Ralf Hildebrandt

* sasashop :
> Hi, from a few days much incomings mails are blocked and in log file
> I have always 'discarded, UBE':
> 
> Jun 24 13:10:23 mail postfix/qmgr[445]: CB6FD26A1AF:
> from=, size=49182, nrcpt=1 (queue active)
> Jun 24 13:10:26 mail postfix/smtp[25251]: CB6FD26A1AF:
> to=, orig_to=y...@mydomain.com,
> relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=1.3/0/0.01/2.9,
> dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=23600-10)
> Jun 24 13:10:26 mail postfix/qmgr[445]: CB6FD26A1AF: removed
> 
> but the domain 'email.it' (but I have this problem with much mail
> domains) isn't in blacklist and this domain is certainly 'clean'.
> My doubt is for what reason these mail are blocked ?
> On my mail server I have SA-3.2.5 with postfix/amavisd-new/clamav.

Check the logs amavis is generating
Grep for 23600-10


-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: Mail discarded

2010-06-25 Thread sasashop


"Ralf Hildebrandt" wroted:


Check the logs amavis is generating
Grep for 23600-10


I have only log file '/var/log/mailllog' and in this log file I have, about 
"23600-10" only this:


[r...@mail ~]# grep 2360010 /var/log/maillog
Jun 24 13:10:26 mail postfix/smtp[25251]: CB6FD26A1AF: 
to=, orig_to=, 
relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=1.3/0/0.01/2.9, 
dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=23600-10)


Thanks.

--

  Salvatore.

Re: Mail discarded

2010-06-25 Thread Ralf Hildebrandt

* sasashop :
> "Ralf Hildebrandt" wroted:
> >
> >Check the logs amavis is generating
> >Grep for 23600-10
> 
> I have only log file '/var/log/mailllog' and in this log file I have,
> about "23600-10" only this:
> 
> [r...@mail ~]# grep 2360010 /var/log/maillog
> Jun 24 13:10:26 mail postfix/smtp[25251]: CB6FD26A1AF:
> to=, orig_to=,
> relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=1.3/0/0.01/2.9,
> dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=23600-10)

Well, for the future you have to ramp up the loglevel for amavisd

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: customizing received: headers

2010-06-25 Thread Wietse Venema

Keld Simonsen:
[ Charset ISO-8859-1 unsupported, converting... ]
> On Thu, Jun 24, 2010 at 06:35:04PM -0400, Wietse Venema wrote:
> > Keld Simonsen:
> > > For postfix proper, does postfix invoke the postfix sendmail command 
> > > somewhere
> > > in the process as an MTA to deliver a mail, - for aliases expansion?
> > 
> > The Postfix sendmail command RECEIVES mail INTO Postfix.
> > The Postfix sendmail command is not used to DELIVER mail.
> 
> OK, What can you recommend to me to have postfix  do VERP
> for a recipient listed in an alias file, and where this recipient 
> is specified via an :include: statement?

You invoke "sendmail -XV ..." as per the instructions from Majordomo.

Postfix VERP support works for remote and local recipients
whether they are mailboxes or aliases.

Wietse

Re: performance tuning - relay

2010-06-25 Thread Christian Purnomo

HI Stan,

Thanks for your feedback.

I did try google for about an hour before turning to this list, I also
read http://postfix.nctu.edu.tw/TUNING_README.html several times.  It
all starts making some sense after reading it a couple of times today.

This is what I have done so far which works:

Server1 (MX host)

/etc/postfix/transport:
server2.com:relayhigh:[10.0.2.73]

/etc/postfix/main.cf:
relayhigh_destination_concurrency_limit = 150

/etc/postfix/master.cf:
relayhigh unix  -   -   n   -   200 smtp
-o smtp_connect_timeout=1s
-o fallback_relay=


I tried putting the original setting back to original as your per
suggestion, the mail count in the queue was still hovering at 9800 mark
for about 15 minutes, going down at a rate of 10-15 per minute which
was unsustainable.

With the settings above, the queue is now down to 2442 within 20
minutes.   It was at 21,000 mark when I sent my first email below
(nearly 12 hours ago), so the progress has been very minimal until the
change above.  The bottleneck has now switched from Server1 queue to
Server2 queue as server2 uses maildrop for local delivery.

I would take any suggestions - the settings above are based from reading
TUNING_README.html, it's trial and error. 

CP





Subject: Re: performance tuning - relay
Date: Fri, Jun 25, 2010 at 01:53:46AM -0500
Quoting Stan Hoeppner (s...@hardwarefreak.com):

: Christian Purnomo put forth on 6/24/2010 11:33 PM:
: 
: > /etc/postfix/transport:
: > server2.com:relay:[10.0.2.73]
: > 
: > /etc/postfix/master.cf:
: > relay unix  -   -   n   -   200  smtp
: > -o smtp_helo_timeout=3s
: > -o smtp_connect_timeout=3s
: > -o disable_dns_lookups=yes
: > -o fallback_relay=
: 
: This was answered by Wietse 4 years ago on this list.  Took me ten seconds to
: find it via Google.  Read the entire thread on Neohapsis carefully and you'll
: find your answer, which is to remove all this custom stuff and go back to the
: defaults.  The first 2 of 4 above are the cause of your immediate problem, as
: they are wy too low.  The other two are just unnecessary.  And change
: max_proc back to 100.  You're probably not getting close to 100 processes
: running anyway.
: 
: http://archives.neohapsis.com/archives/postfix/2006-01/thread.html#1866
: 
: > Server 2 has the following configurations:
: > 
: > /etc/postfix/master.cf:
: > smtp  inet  n   -   -   -   200 smtpd
: 
: Change the max process limit back to 100.  If everything else is configured
: correctly, you can drain an unbelievable amount of mail with less than 100
: smtp/smtpd processes.
: 
: > Could you please tell me what I'm missing here? I would like to improve
: > the rate that Server1 can relay messages to Server2.
: 
: If I may be frank, you missed the fact that you shouldn't mess with the
: default settings unless you really know what you're doing.  Custom settings
: here would require an extreme scenario.  I don't believe your scenario is
: extreme, but rather common.  I'm not pretending to be an expert on this, or to
: create the image that _I_ know how/when to customize these settings.  I simply
: know when _not_ to.
: 
: -- 
: Stan

OT: sid-milter package

2010-06-25 Thread Jorge Andrea G Carminati

Hi all! I'm trying to implement sid-milter with Postfix 2.7, but am having some 
problems while trying to compile release 1.0 under RHEL 5.5 (x86_64) as shown 
below, any ideas? otherwise, does anyone know where can I find an rpm package 
for my distro?
Thanks in advance.

make[1]: Entering directory 
`/home/ruser/data.software/sid-milter-1.0.0/obj.Linux.2.6.18-194.3.1.el5.x86_64/sid-filter'
cc -O2 -I. -I../../libar  -I../../libmarid  -I../../sendmail   -I../../include  
-DUSE_ARLIB   -D_REENTRANT -DXP_MT   -c -o sid-filter.o sid-filter.c
cc -O2 -I. -I../../libar  -I../../libmarid  -I../../sendmail   -I../../include  
-DUSE_ARLIB   -D_REENTRANT -DXP_MT   -c -o rfc2822.o rfc2822.c
cc -O2 -I. -I../../libar  -I../../libmarid  -I../../sendmail   -I../../include  
-DUSE_ARLIB   -D_REENTRANT -DXP_MT   -c -o util.o util.c
cc -o sid-filter -lpthread  sid-filter.o rfc2822.o util.o  -lmilter  
/home/ruser/data.software/sid-milter-1.0.0/obj.Linux.2.6.18-194.3.1.el5.x86_64/libar/libar.a
 
/home/ruser/data.software/sid-milter-1.0.0/obj.Linux.2.6.18-194.3.1.el5.x86_64/libmarid/libmarid.a
 
/home/ruser/data.software/sid-milter-1.0.0/obj.Linux.2.6.18-194.3.1.el5.x86_64/libsm/libsm.a
  -ldl
sid-filter.o: In function `sid_decode_a':
sid-filter.c:(.text+0x733): undefined reference to `__dn_expand'
sid-filter.c:(.text+0x73e): undefined reference to `__dn_skipname'
sid-filter.c:(.text+0x7a0): undefined reference to `__dn_expand'
sid-filter.o: In function `sid_marid_check':
sid-filter.c:(.text+0xc6f): undefined reference to `__dn_expand'
sid-filter.c:(.text+0xc7a): undefined reference to `__dn_skipname'
sid-filter.c:(.text+0xf90): undefined reference to `__dn_expand'
sid-filter.c:(.text+0x1533): undefined reference to `__dn_expand'
sid-filter.c:(.text+0x1603): undefined reference to `__dn_expand'
sid-filter.c:(.text+0x170a): undefined reference to `__dn_expand'
/home/ruser/data.software/sid-milter-1.0.0/obj.Linux.2.6.18-194.3.1.el5.x86_64/libar/libar.a(ar.o):
 In function `ar_sendquery':
ar.c:(.text+0x15e7): undefined reference to `__res_nmkquery'
/home/ruser/data.software/sid-milter-1.0.0/obj.Linux.2.6.18-194.3.1.el5.x86_64/libar/libar.a(ar.o):
 In function `ar_dispatcher':
ar.c:(.text+0x2053): undefined reference to `__dn_skipname'
ar.c:(.text+0x207a): undefined reference to `__dn_skipname'
ar.c:(.text+0x20d3): undefined reference to `__dn_expand'
collect2: ld returned 1 exit status
make[1]: *** [sid-filter] Error 1
make[1]: Leaving directory 
`/home/ruser/data.software/sid-milter-1.0.0/obj.Linux.2.6.18-194.3.1.el5.x86_64/sid-filter'
make: *** [all] Error 2



  
"Cuidar la naturaleza es vivir mejor... hag?moslo juntos. Imprime s?lo lo 
necesario."


"La informaci?n transmitida en este mensaje est? destinada ?nicamente a la 
persona o entidad a la cual el mismo est? dirigido, y puede contener material 
confidencial, reservado o sujeto al secreto profesional. Cualquier revisi?n, 
retransmisi?n, divulgaci?n u otro uso de la misma, o la realizaci?n de 
cualquier acci?n basada en ella por personas o entidades distintas de la 
indicada, no est? permitida. Si usted ha recibido este mensaje por error, tenga 
la amabilidad de destruirlo, sin copiarlo ni divulgar su contenido. Muchas 
gracias."


The information contained in this message is directed exclusively to the person 
or entity to whom the message is addressed, and it might contain information 
that is confidential, privileged or otherwise legally exempt from disclosure. 
Any action based on it, performed by an individual or entity different from the 
one it was intended, is not allowed and its contents should not be read, 
forwarded, disclosed, or used in any other way. If you have received it by 
mistake please delete it from your system, you should also not copy the message 
nor disclose its contents to anyone. Thank you.

Re: customizing received: headers

On Fri, Jun 25, 2010 at 08:56:49AM -0400, Wietse Venema wrote:
> Keld Simonsen:
> [ Charset ISO-8859-1 unsupported, converting... ]
> > On Thu, Jun 24, 2010 at 06:35:04PM -0400, Wietse Venema wrote:
> > > Keld Simonsen:
> > > > For postfix proper, does postfix invoke the postfix sendmail command 
> > > > somewhere
> > > > in the process as an MTA to deliver a mail, - for aliases expansion?
> > > 
> > > The Postfix sendmail command RECEIVES mail INTO Postfix.
> > > The Postfix sendmail command is not used to DELIVER mail.
> > 
> > OK, What can you recommend to me to have postfix  do VERP
> > for a recipient listed in an alias file, and where this recipient 
> > is specified via an :include: statement?
> 
> You invoke "sendmail -XV ..." as per the instructions from Majordomo.
> 
> Postfix VERP support works for remote and local recipients
> whether they are mailboxes or aliases.

I am not using majordomo here, only postfix.

So should I then have a sendmail -XV included in the alias file?
I do not do that for majordomo.
Or should I so something in master.cf with the SMPT handler or some such?

Thanks for all your answers.

best regards
keld

Should I be removing first received header for client IP


  Hi, this is more of a policy type of question, but I'm not sure who
else to ask right now.

  We are a small webhosting/email hosting provider.  We offer our
clients authenticated SMTP relaying.  One of our clients is complaining
because we don't strip out the first Received header line that shows
what their company IP address is when they send from say their Outlook
client.  They are claiming that as a proper hosting provider, we
shouldn't be keeping that line in. They also think that because we leave
that in that they are having their IP put on blacklists.

  So I'm wondering if that's true, have modern email relay server
practices changed for some reason?  Am I going to run into issues
leaving it in?

  I looked around last night and found some pages talking about how to
strip that line out, but I couldn't find any pages recommending that
this is the preferred practice now or something.


-- 
Mark Krenz
IT Director
Suso Technology Services, Inc.

Re: Should I be removing first received header for client IP

2010-06-25 Thread Matt Hayes

On 6/25/2010 11:06 AM, Mark Krenz wrote:
> 
>   Hi, this is more of a policy type of question, but I'm not sure who
> else to ask right now.
> 
>   We are a small webhosting/email hosting provider.  We offer our
> clients authenticated SMTP relaying.  One of our clients is complaining
> because we don't strip out the first Received header line that shows
> what their company IP address is when they send from say their Outlook
> client.  They are claiming that as a proper hosting provider, we
> shouldn't be keeping that line in. They also think that because we leave
> that in that they are having their IP put on blacklists.
> 
>   So I'm wondering if that's true, have modern email relay server
> practices changed for some reason?  Am I going to run into issues
> leaving it in?
> 
>   I looked around last night and found some pages talking about how to
> strip that line out, but I couldn't find any pages recommending that
> this is the preferred practice now or something.
> 
> 

Mark,

As far as I know, there's no need to strip it out.  My personal server
doesn't, my work email server doesn't, etc.

Sounds to me like someone is blowing smoke, but I'll let far more
experienced folks chime in before I make too many judgement calls!

-Matt

Re: fail2ban for spamtraps

2010-06-25 Thread Phil Howard

On Thu, Jun 24, 2010 at 22:18, Peter Evans  wrote:

>        If you are bored, you can turn on a catchall, pipe that to a bit
>        bucket and see how many you get.
>        In fact, here are some results for you. (no spam filters on the work 
> box due to
>        manglement fiat "IT COULD BE A SALE!!", using spamhaus zen would 
> ruin all the
>        fun.)

I don't think I'd want to do a catchall.  That would first require
making sure every common role account is set up so as not to be in the
catchall.  But that would then make even more spam for the people
reading the role accounts.  We only have a few right now (abuse,
contact, hr, info, postmaster, and resumes) and would rather keep it
that way.

Re: performance tuning - relay

2010-06-25 Thread Victor Duchovni

On Fri, Jun 25, 2010 at 01:53:46AM -0500, Stan Hoeppner wrote:

> Christian Purnomo put forth on 6/24/2010 11:33 PM:
> 
> > /etc/postfix/transport:
> > server2.com:relay:[10.0.2.73]
> > 
> > /etc/postfix/master.cf:
> > relay unix  -   -   n   -   200  smtp
> > -o smtp_helo_timeout=3s
> > -o smtp_connect_timeout=3s
> > -o disable_dns_lookups=yes
> > -o fallback_relay=
> 
> This was answered by Wietse 4 years ago on this list.  Took me ten seconds to
> find it via Google.  Read the entire thread on Neohapsis carefully and you'll
> find your answer, which is to remove all this custom stuff and go back to the
> defaults.  The first 2 of 4 above are the cause of your immediate problem, as
> they are wy too low.  The other two are just unnecessary.  And change
> max_proc back to 100.  You're probably not getting close to 100 processes
> running anyway.

The connect timeout is actually reasonable for internal
destinations. The helo timeout is a bit light. Both are only useful
if there are multiple internal servers, which seems unlikely given the
"disable_dns_lookups=yes".  Why is that  setting there? It became obsolete
with Postfix 2.0 which was released 8 years ago.

The "fallback_relay" setting is correct, but even better is:

-o smtp_fallback_relay=

because the parameter has been renamed and the "fallback_relay" name
is a legacy alias, so is not always effective if the underlying real
variable is set in main.cf.

-- 
Viktor.

Re: Should I be removing first received header for client IP

2010-06-25 Thread Noel Jones


On 6/25/2010 10:06 AM, Mark Krenz wrote:


   Hi, this is more of a policy type of question, but I'm not sure who
else to ask right now.

   We are a small webhosting/email hosting provider.  We offer our
clients authenticated SMTP relaying.  One of our clients is complaining
because we don't strip out the first Received header line that shows
what their company IP address is when they send from say their Outlook
client.  They are claiming that as a proper hosting provider, we
shouldn't be keeping that line in. They also think that because we leave
that in that they are having their IP put on blacklists.

   So I'm wondering if that's true, have modern email relay server
practices changed for some reason?  Am I going to run into issues
leaving it in?

   I looked around last night and found some pages talking about how to
strip that line out, but I couldn't find any pages recommending that
this is the preferred practice now or something.




No, it is not common practice to strip out Received: headers, 
and is not recommended.


Some misconfigured spam filters check ALL received headers 
against RBLs, causing false rejects.  If your customer 
frequently communicates with such a host, you may need to a) 
contact the postmaster at the recipient domain and explain 
their error and when that doesn't work you may need to b) 
remove or rewrite the header somehow -- examples are in the 
list archives.


Also note that some spam filters will add points for messages 
with no prior Received: headers, so sometimes you can't win 
either way.


  -- Noel Jones

Re: Postfix helo.regexp file for stopping same to/from address

2010-06-25 Thread Kris Deugau


mouss wrote:

Victor Duchovni a écrit :

On Thu, Jun 24, 2010 at 12:20:23AM +0200, mouss wrote:


This mail is coming from postini. if you use postini, there's nothing
you can do with the envelope (and even if you do content filtering, you
shouldn't reject mail. it's too late).

Postini implement an SMTP proxy, not a store-and-forward relay,


is that always true? don't they queue mail if the destination site
responds with a 4xx?


Only if you're paying them to be a mail spool as well as filtering proxy.

-kgd

Re: [Postfix Users] Re: Should I be removing first received header for client IP

On Fri, Jun 25, 2010 at 03:28:14PM GMT, Noel Jones [njo...@megan.vbhcs.org] 
said the following:
> 
> Some misconfigured spam filters check ALL received headers 
> against RBLs, causing false rejects.  If your customer 
> frequently communicates with such a host, you may need to a) 
> contact the postmaster at the recipient domain and explain 
> their error and when that doesn't work you may need to b) 
> remove or rewrite the header somehow -- examples are in the 
> list archives.

  I've been suspecting this is the case as well. Its good to get another
opinion on this.

> Also note that some spam filters will add points for messages 
> with no prior Received: headers, so sometimes you can't win 
> either way.

  How would they know if they didn't have a Received header for the
client IP?  Or do you mean if all prior Received headers were removed,
including the relay?


-- 
Mark Krenz
IT Director
Suso Technology Services, Inc.

Re: Should I be removing first received header for client IP

2010-06-25 Thread Simon Waters

On Friday 25 June 2010 16:06:26 Mark Krenz wrote:
>  
> They also think that because we leave
> that in that they are having their IP put on blacklists.

Ask for the bounced emails or other evidence for why they believe this.

I've seen all sorts of misunderstanding from people looking at such things, so 
simply ask for the evidence including headers for anything to do with spam.

 Simon

Re: [Postfix Users] Re: Should I be removing first received header for client IP

2010-06-25 Thread Noel Jones


On 6/25/2010 11:29 AM, Mark Krenz wrote:

On Fri, Jun 25, 2010 at 03:28:14PM GMT, Noel Jones [njo...@megan.vbhcs.org] 
said the following:



Also note that some spam filters will add points for messages
with no prior Received: headers, so sometimes you can't win
either way.


   How would they know if they didn't have a Received header for the
client IP?  Or do you mean if all prior Received headers were removed,
including the relay?


Some sites don't like mail with no Received: headers, ie. 
direct-from-host mail.


Most bot spam arrives this way (or has forged Received: 
headers added).  But lots of legit mail arrives this way too, 
so it's not a reliable indicator of spam.



  -- Noel Jones

Re: Should I be removing first received header for client IP

On Fri, Jun 25, 2010 at 04:46:10PM GMT, Simon Waters [sim...@zynet.net] said 
the following:
> 
> Ask for the bounced emails or other evidence for why they believe this.
> 
> I've seen all sorts of misunderstanding from people looking at such things, 
> so 
> simply ask for the evidence including headers for anything to do with spam.
> 

  Is there a mailing list that would help me figure out how to get this
information from the user? ;-)

  Believe me, I ask repeatedly for this information all the time and its
like pulling rusty nails out of an old barn. You'd think that over the
past decade I would have gotten better at coaxing users into giving me
all the details I need up front, but its still just as hard.  So many
users are already in the blame the provider mode nowadays that you have
to disarm them first before you can get anything across.


-- 
Mark Krenz
IT Director
Suso Technology Services, Inc.

Re: customizing received: headers

2010-06-25 Thread Noel Jones


On 6/25/2010 9:40 AM, Keld Simonsen wrote:

I am not using majordomo here, only postfix.

So should I then have a sendmail -XV included in the alias file?
I do not do that for majordomo.
Or should I so something in master.cf with the SMPT handler or some such?



You submit the mail using "sendmail -XV ..."

Re: Should I be removing first received header for client IP

2010-06-25 Thread M. Fioretti

On Fri, Jun 25, 2010 17:46:10 PM +0100, Simon Waters (sim...@zynet.net) wrote:
> On Friday 25 June 2010 16:06:26 Mark Krenz wrote:
> >  
> > They also think that because we leave
> > that in that they are having their IP put on blacklists.
> 
> Ask for the bounced emails or other evidence for why they believe this.

FWIW, here's my case:

http://stop.zona-m.net/digiworld/who-cancels-your-email-warning-infostrada-and-barracuda-users

I *have* been put on a blacklist because the MTA of nexaima.net is on
a fixed IP address which AFAIK is on no blacklist, but I relay through
it from my home ADSL IP, which is a dynamic address. So I too would
like to strip the first received header, exactly for that reason.

Marco

basics for setting up postfix - is this sufficient?

2010-06-25 Thread three_jeeps

Hello:
I am looking for some pointers on how to set up postfix as a mail server.
I am running ubuntu 8.04 server. I use DynDns free web host redirects - my
domain is
foo.homeunix.com, my isp (comcast) is 24.168.22.34 (fictious address), my
ubuntu server has a
static ip address of 192.168.0.100 and behind a cable modem router.

I have configured my dynamic DNS host as a record ponted to an IP address to
map my local server IP
address to the comcast ISP address. (I run apache2 and http requests work
fine).
Question: Is this configuration sufficient to allow postscript on my server
to operate as a mail server
(when properly configured?) I assume for postfix config my FQDN is
foo.homeunix.com?
If not, what needs to be done? DynDns also has a service that sets the MX
records for my host.
Question: Do I need to configure the MX records for my host to make it email
routing work?

Question: Assuming the above is sufficient (and if necessary MX records
configured), is there a guide that
will explain how to configure postfix as an outbound only server?

Alternative approach: If I want to configure Postfix as an outbound only
server, relaying through my
gmail account, how can this be done? Is the above configuration through
DynDns sufficient? if not,
what is missing.
Thank you for your help
-J
--
View this message in context:
http://old.nabble.com/basics-for-setting-up-postfix---is-this-sufficient--tp28976882p28976882.html
Sent from the Postfix mailing list archive at Nabble.com.

Re: customizing received: headers

2010-06-25 Thread Wietse Venema

Keld Simonsen:
> On Fri, Jun 25, 2010 at 08:56:49AM -0400, Wietse Venema wrote:
> > Keld Simonsen:
> > [ Charset ISO-8859-1 unsupported, converting... ]
> > > On Thu, Jun 24, 2010 at 06:35:04PM -0400, Wietse Venema wrote:
> > > > Keld Simonsen:
> > > > > For postfix proper, does postfix invoke the postfix sendmail command 
> > > > > somewhere
> > > > > in the process as an MTA to deliver a mail, - for aliases expansion?
> > > > 
> > > > The Postfix sendmail command RECEIVES mail INTO Postfix.
> > > > The Postfix sendmail command is not used to DELIVER mail.
> > > 
> > > OK, What can you recommend to me to have postfix  do VERP
> > > for a recipient listed in an alias file, and where this recipient 
> > > is specified via an :include: statement?
> > 
> > You invoke "sendmail -XV ..." as per the instructions from Majordomo.
> > 
> > Postfix VERP support works for remote and local recipients
> > whether they are mailboxes or aliases.
> 
> I am not using majordomo here, only postfix.
> 
> So should I then have a sendmail -XV included in the alias file?
> I do not do that for majordomo.
> Or should I so something in master.cf with the SMPT handler or some such?
> 
> Thanks for all your answers.

As documented in VERP_README, use "sendmail -XV ..." to submit mail.

VERP_README does not tell you to change aliases, so don't do that.

Wietse

Re: OT: sid-milter package

Jorge Andrea G Carminati a écrit :
> Hi all! I'm trying to implement sid-milter with Postfix 2.7, but am
> having some problems while trying to compile release 1.0 under RHEL 5.5
> (x86_64) as shown below, any ideas? 

you need to cotact the author of sid-milter or a corresponding
forum/list. if you want my opinion: if it doesn't work as it is, forget
about it...



> [snip]

postfix "forgot my password" feature

2010-06-25 Thread mscag

Hi,

I have a mail server with the postfix/Squirrelmail/Dovecot combination
which I have user data on MySQL as virtual users. I have configured SM so
that users can now change their own password.

Is there any opensource solution to provide "self service password
management" which would allow me to add the "I forgot my password. Lets
reset it" feature ?

For authentication, using some random personal data or personal
question/answer combination would be enough I guess.

Any idea ?

Re: postfix "forgot my password" feature

2010-06-25 Thread Jeroen Geilman


On 06/25/2010 11:44 PM, ms...@ciu.edu.tr wrote:

Hi,

I have a mail server with the postfix/Squirrelmail/Dovecot combination
which I have user data on MySQL as virtual users. I have configured SM so
that users can now change their own password.

Is there any opensource solution to provide "self service password
management" which would allow me to add the "I forgot my password. Lets
reset it" feature ?

For authentication, using some random personal data or personal
question/answer combination would be enough I guess.

Any idea ?

   


Postfix is a mail server; it does not have passwords, nor any ability to 
change the ones it doesn't have.
Perhaps Squirrelmail can do what you want, but the passwords you're 
talking about are not related to postfix.


J.

Re: basics for setting up postfix - is this sufficient?

three_jeeps a écrit :
> Hello:
> I am looking for some pointers on how to set up postfix as a mail server.
> I am running ubuntu 8.04 server. I use DynDns free web host redirects - my
> domain is
> foo.homeunix.com, my  isp (comcast) is 24.168.22.34 (fictious address), my
> ubuntu server has a 
> static ip address of 192.168.0.100 and behind a cable modem router.

the "internal" IP (192.168) doesn't matter. does your provider
"promiss" a static external IP?

if not, imagine what happens if your IP is allocated to someonelse: your
mail will go to a bad place.

> 
> I have configured my dynamic DNS host as a record ponted to an IP address to
> map my local server IP
> address to the comcast ISP address.  (I run apache2 and http requests work
> fine).
> Question: Is this configuration sufficient to allow postscript on my serve

I guess: s/postscript/postfix...

> to operate as a mail server
> (when properly configured?)  I assume for postfix config my FQDN is
> foo.homeunix.com?
> If not, what needs to be done? DynDns also has a service that sets the MX
> records for my host.
> Question: Do I need to configure the MX records for my host to make it email
> routing work?

if you want to receive mail for example.com, then you set up an MX for
example.com. it's about mail to j...@example.com. it's not about the name
of your machine.

> 
> Question:  Assuming the above is sufficient (and if necessary MX records
> configured), is there a guide that
> will explain how to configure postfix as an outbound only server?
> 

check www.postfix.org. click on "documentation" and follow the links. in
particular:

http://www.postfix.org/STANDARD_CONFIGURATION_README.html

null client and firewall setups should help you...

> Alternative approach: If I want to configure Postfix as an outbound only
> server, relaying through my 
> gmail account, how can this be done?

that will certainly be better for "deliverability", but you need to
setup smtp SASL (client side):
http://www.postfix.org/SASL_README.html#client_sasl



> Is the above configuration through
> DynDns sufficient? if not, 
> what is missing.

dyndns can do nothing about your reverse dns. your ISP decides what your
PTR is. if it looks "suspicious", you'll have deliverability problems.
a comcast origin isn't the best thing you can have:)

so, go for the gmail approach. the good thing is that it should force
you to learn more about smtp (in particular, SASL setup), which you
won't regret.

Re: Should I be removing first received header for client IP

2010-06-25 Thread /dev/rob0

On Fri, Jun 25, 2010 at 08:53:44PM +0200, M. Fioretti wrote:
> FWIW, here's my case:
> 
> http://stop.zona-m.net/digiworld/who-cancels-your-email-warning-infostrada-and-barracuda-users
> 
> I *have* been put on a blacklist because the MTA of nexaima.net is 
> on a fixed IP address which AFAIK is on no blacklist, but I relay
> through it from my home ADSL IP, which is a dynamic address.

You are on a blacklist at home along with most of the dynamic IP 
space in the world. Barracuda was improperly using that list.

> So I too would like to strip the first received header, exactly
> for that reason.

Barracuda has fixed this bug already. They are aware that it IS a 
bug. You cannot possibly work around everybody's spamfighting bugs. 
And you will likely trigger other bugs with your changes.

It was some time back now, but I have tested with Hotmail and 
confirmed that they will silently discard mail from a non-spammy 
host, if that mail has only one Received: header.

Email is a mess. All you can do is do things right, and hope the 
other site does too. I know it doesn't feel like it, but this one 
really IS the other site's problem.
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: Multiple sites (and mail servers) for one domain

Jonathan Amiez a écrit :
> Hello everyone.
> 
> I'm trying to set up a specific mail server configuration on 3 sites.
> The first one is hosting a mailhub (with spam filter, etc.) and the 
> 2 others are agencies.
> The 2 agencies use the same domain (eg. edatis.com) for mailing.
> I'm currently working on the first agency's server.
> Accounts are stored in MySQL db replicated on the 2 sites from the hub.
> 
> So, my problem is : if I don't care about "transport" statements, all mail is 
> delivered on the local agency server, and if I do, mail is directly sent to 
> the other agency, without passing by the mailhub.
> I need all outgoing email (remote agency or internet) to pass by the hub.
> 
> I found very few inaccurate info about this setup (seems kind of unusual) so 
> I'm asking for help. The objective is also supporting an undefined number of 
> agency with this principle.
> 
> Here are my conf files :
> [snip]

by default, mail goes to the MX of the domain. you can override that
with local transport maps, but these maps only apply to you infrastructure.

if you want mail to go to joe.example.com, you need to configure an MX
record in DNS:

example.com.MX  10  joe.example.com.

(Warning: the leading dots aren't just for decoration).

an excellent DNS resource is:
http://www.zytrax.com/books/dns/

Re: Should I be removing first received header for client IP

Mark Krenz a écrit :
>   Hi, this is more of a policy type of question, but I'm not sure who
> else to ask right now.
> 
>   We are a small webhosting/email hosting provider.  We offer our
> clients authenticated SMTP relaying.  One of our clients is complaining
> because we don't strip out the first Received header line that shows
> what their company IP address is when they send from say their Outlook
> client.  They are claiming that as a proper hosting provider, we
> shouldn't be keeping that line in. They also think that because we leave
> that in that they are having their IP put on blacklists.

they are wrong.

- the RFC recommends that each gateway adds trace headers
- it is ok to strip trace headers for privacy or whatever, as long as
you take responsibility for that (and accept the consequences: for ex:
troubleshooting is hader...).
- if a remote site blocklist them because of that, then either:
 1) the remote site is wrong (bogus barracuda setup?)
 2) They do send spam.



> 
>   So I'm wondering if that's true, have modern email relay server
> practices changed for some reason?  Am I going to run into issues
> leaving it in?

If you want an argument for keeping the headers, check the smtp RFC.

or: the customer can't hide behind your walls. you provide security and
standard smtp services, not an "outbound smtp filtering service". if you
don't allow others to blocklist them (if they do somethig wrong), then
others will blocklist all of your networks, which isn't good for other
customers.


> 
>   I looked around last night and found some pages talking about how to
> strip that line out, but I couldn't find any pages recommending that
> this is the preferred practice now or something.
> 

it is ok to strip headers when you accept the consequences
(responsibility in case of complaints, diagnistics...)

if you're an ISP, then you shouldn't strip the headers. Google does
that, but google are google (and that has been debated many times <= not
here, so please don't run such a thread).

Re: OT: sid-milter package

2010-06-25 Thread fakessh

On Fri, 25 Jun 2010 23:39:18 +0200, mouss  wrote:
> Jorge Andrea G Carminati a écrit :
>> Hi all! I'm trying to implement sid-milter with Postfix 2.7, but am
>> having some problems while trying to compile release 1.0 under RHEL 5.5
>> (x86_64) as shown below, any ideas? 
> 
> you need to cotact the author of sid-milter or a corresponding
> forum/list. if you want my opinion: if it doesn't work as it is, forget
> about it...
> 
> 
> 


i recently compiled sid-milter into a rpm
without signatures
http://ns.fakessh.eu/sid-milter-1.0.0-1.el5.i386.rpm

work well on my centos 5.5

.spec is in a this post
for building the rpm
http://lists.centos.org/pipermail/centos-fr/2009-December/000378.html





>> [snip]

Re: customizing received: headers

On Fri, Jun 25, 2010 at 04:20:56PM -0400, Wietse Venema wrote:
> Keld Simonsen:
> > On Fri, Jun 25, 2010 at 08:56:49AM -0400, Wietse Venema wrote:
> > > Keld Simonsen:
> > > [ Charset ISO-8859-1 unsupported, converting... ]
> > > > On Thu, Jun 24, 2010 at 06:35:04PM -0400, Wietse Venema wrote:
> > > > > Keld Simonsen:
> > > > > > For postfix proper, does postfix invoke the postfix sendmail 
> > > > > > command somewhere
> > > > > > in the process as an MTA to deliver a mail, - for aliases expansion?
> > > > > 
> > > > > The Postfix sendmail command RECEIVES mail INTO Postfix.
> > > > > The Postfix sendmail command is not used to DELIVER mail.
> > > > 
> > > > OK, What can you recommend to me to have postfix  do VERP
> > > > for a recipient listed in an alias file, and where this recipient 
> > > > is specified via an :include: statement?
> > > 
> > > You invoke "sendmail -XV ..." as per the instructions from Majordomo.
> > > 
> > > Postfix VERP support works for remote and local recipients
> > > whether they are mailboxes or aliases.
> > 
> > I am not using majordomo here, only postfix.
> > 
> > So should I then have a sendmail -XV included in the alias file?
> > I do not do that for majordomo.
> > Or should I so something in master.cf with the SMPT handler or some such?
> > 
> > Thanks for all your answers.
> 
> As documented in VERP_README, use "sendmail -XV ..." to submit mail.
> 
> VERP_README does not tell you to change aliases, so don't do that.

I still don't get it.

My scenario is:

I - or somebody else -  submit the mail from another machine by a mail command:

mail listn...@domain.tld

This goes into postfix at my domain.tld MTA.

It gets expanded via my ailas file /etc/postfix/aliases :

listname:  :include:  /some/file/in/filesystem



I am now trying in the alias file something like


listname:  "|/user/sbin/sendmail -XV listnameinclude"
listnameinclude:  :include:  /some/file/in/filesystem

It does generate new from addresses, but not with info on the 
names in the include file.

Best regards
keld

Re: customizing received: headers

2010-06-25 Thread Jeroen Geilman


On 06/26/2010 01:01 AM, Keld Simonsen wrote:

On Fri, Jun 25, 2010 at 04:20:56PM -0400, Wietse Venema wrote:
   

Keld Simonsen:
 

On Fri, Jun 25, 2010 at 08:56:49AM -0400, Wietse Venema wrote:
   

Keld Simonsen:
[ Charset ISO-8859-1 unsupported, converting... ]
 

On Thu, Jun 24, 2010 at 06:35:04PM -0400, Wietse Venema wrote:
   

Keld Simonsen:
 

For postfix proper, does postfix invoke the postfix sendmail command somewhere
in the process as an MTA to deliver a mail, - for aliases expansion?
   

The Postfix sendmail command RECEIVES mail INTO Postfix.
The Postfix sendmail command is not used to DELIVER mail.
 

OK, What can you recommend to me to have postfix  do VERP
for a recipient listed in an alias file, and where this recipient
is specified via an :include: statement?
   

You invoke "sendmail -XV ..." as per the instructions from Majordomo.

Postfix VERP support works for remote and local recipients
whether they are mailboxes or aliases.
 

I am not using majordomo here, only postfix.

So should I then have a sendmail -XV included in the alias file?
I do not do that for majordomo.
Or should I so something in master.cf with the SMPT handler or some such?

Thanks for all your answers.
   

As documented in VERP_README, use "sendmail -XV ..." to submit mail.

VERP_README does not tell you to change aliases, so don't do that.
 

I still don't get it.

My scenario is:

I - or somebody else -  submit the mail from another machine by a mail command:

 mail listn...@domain.tld

This goes into postfix at my domain.tld MTA.

It gets expanded via my ailas file /etc/postfix/aliases :

listname:  :include:  /some/file/in/filesystem



I am now trying in the alias file something like


listname:  "|/user/sbin/sendmail -XV listnameinclude"
listnameinclude:  :include:  /some/file/in/filesystem

It does generate new from addresses, but not with info on the
names in the include file.
   


This is a weird construction.
Sendmail has to know all the addresses UPON SUBMISSION to be able to 
modify the sender.

Think about this.

You are depending on alias expansion AFTER submission.

It's not going to work.


J.

Re: performance tuning - relay

2010-06-25 Thread Stan Hoeppner

Christian Purnomo put forth on 6/25/2010 8:01 AM:

> With the settings above, the queue is now down to 2442 within 20
> minutes.   It was at 21,000 mark when I sent my first email below
> (nearly 12 hours ago), so the progress has been very minimal until the
> change above.  The bottleneck has now switched from Server1 queue to
> Server2 queue as server2 uses maildrop for local delivery.

Can you provide some more specs on server2?  IIRC you said you had a multidisk
RAID array on serv2.  What RAID level and how many disks?  What filesystem?
Are you running Courier with maildrop or the standalone maildrop with another
IMAP server?  What filtering, if any, are you doing with maildrop?  Using mbox
or maildir storage?  IIRC you previously said you're BCC'ing _everything_ into
a single mailbox (single address) on server2.  Is this correct?

And, lastly, was server2 in production for any amount of time before these
problems occurred, prompting your post, or is this a new server that you just
brought online?

-- 
Stan

Re: [Postfix Users] Re: Should I be removing first received header for client IP

On Fri, Jun 25, 2010 at 09:59:11PM GMT, /dev/rob0 [r...@gmx.co.uk] said the 
following:
> 
> Email is a mess. All you can do is do things right, and hope the 
> other site does too. I know it doesn't feel like it, but this one 
> really IS the other site's problem.

 You said it. I often tell customers that get burned by bad practices of
other companies on the net that the Internet is still a lot like the
wild west and if you want protection from the crazyness, you just have
to live in a town with a good sheriff.


-- 
Mark Krenz
IT Director
Suso Technology Services, Inc.

Re: customizing received: headers