Re: Transport maps for a specfic user attached to a virtual domain
Le 08/10/2010 21:30, Victor Duchovni a écrit : On Fri, Oct 08, 2010 at 05:38:21PM +0200, Olivier BONHOMME wrote: I am writing here because I have an issue trying to use transport_maps with a domain which is declared as VIRTUAL. You fail to distinguish between virtual_alias_domains and virtual_mailbox_domains. Which is it? Sorry : it is virtual_mailbox_domain. Now i would want this step : Redirect a specific account f...@domain.com from the MDA to another SMTP server but this account is not declared on the MDA. You can rewrite an account in a final (local, or virtual mailbox) domain to another domain via virtual_alias_maps. Postfix will then accept mail for the domain, and forward to the alternate mailbox. So I have to create a dummy account to do that in order for the virtual agent to accept the mail to be delivered ? But in that case, can I declare a transport map in order to tell another smtp transport for this account in order to avoid a local delivery ? I wonder if it was possible to do this with the transport maps feature or not. I tried to declare a transport_maps with "f...@domain.com smtp:" but postfix rejected me the mail telling me this account is not a virtual mailbox (which seems to be logical). The main objective is to redirect a specific address which is a mailing list addres to the mailing list server without using a subdomain. To retain the address of the mailbox use "smtp_generic_maps" to undo the rewrite, as described in an earlier thread today about LDAP on MX hosts. I am going to look at this setting. Regards, Olivier BONHOMME
Question to Wietse
Hi, sorry to use the list to contact you, but I tried to send you a mail off the list and it is not deliverable (yet): mailq -Queue ID- --Size-- Arrival Time -Sender/Recipient--- 5191D520B4 6013 Sat Oct 9 09:54:10 c...@roessner-network-solutions.com (host spike.porcupine.org[168.100.189.2] said: 450 4.1.7 : Sender address rejected: unverified address: host mx0.roessner-net.de[78.46.253.227] said: 450 4.3.2 Service currently unavailable (in reply to RCPT TO command) (in reply to RCPT TO command)) wie...@porcupine.org I had spoken with Patrick and it would be nice, if I could write you directly. By the way: My server also sometime makes these: 450 4.3.2 Service currently unavailable What causes postscreen to raise such temp failures? Best wishes Christian N.B.: Your IPv6 is refusing the connection as well ;-) --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com
Re: Postfix not create Maildir
On 2010-10-08 6:11 PM, Márcio Luciano Donada wrote: > I am configuring a server to read a basic ldap, everything is working > wonders, but to deliver the e-mail, postfix is not creating the maildir > of the user, delivering only a mailbox file, but note that the > configuration that follows below, I have the directive home_mailbox = > Maildir/. Mine is defined like: home_mailbox = .maildir/ -- Best regards, Charles
Re: Postfix not create Maildir
Le 09/10/2010 00:11, Márcio Luciano Donada a écrit : I am configuring a server to read a basic ldap, everything is working wonders, but to deliver the e-mail, postfix is not creating the maildir of the user, delivering only a mailbox file, but note that the configuration that follows below, I have the directive home_mailbox = Maildir/. I'm using version 2.6 on FreeBSD 8.2 for that user (assuming you are using virtual mailboxes), check the value returned by the map: # postmap -q someu...@example.com ldap:mailboxmaps if it doesn't have a trailing slash, it will be an mbox. body_checks = pcre:/usr/local/etc/postfix/maps/body_checks body_checks_size_limit = 51200 broken_sasl_auth_clients = yes command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 default_destination_concurrency_limit = 20 default_process_limit = 100 header_checks = pcre:/usr/local/etc/postfix/maps/header_checks home_mailbox = Maildir/ html_directory = /usr/local/share/doc/postfix local_destination_concurrency_limit = 2 local_recipient_maps = $virtual_mailbox_maps local_transport = virtual mail_owner = postfix mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man message_size_limit = 10485760 mydestination = $myhostname, localhost.$mydomain, mx.$mydomain, $mydomain mydomain = domain.com.br myhostname = bt.domain.com.br mynetworks = 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix recipient_delimiter = + sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_banner = $myhostname ESMTP smtpd_data_restrictions = reject_unauth_pipelining smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_invalid_hostname,permit_sasl_authenticated, permit_mynetworks, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client zen.spamhaus.org, reject_unauth_destination,permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = check_client_access hash:/usr/local/etc/postfix/maps/sender_access, check_sender_access hash:/usr/local/etc/postfix/monitoramento/acl_sender, permit_sasl_authenticated, check_sender_access hash:/usr/local/etc/postfix/maps/sender, reject_sender_login_mismatch, reject_unlisted_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_destination,warn_if_reject, permit smtpd_tls_CAfile = /usr/local/etc/postfix/certificado/cacert.pem smtpd_tls_cert_file = /usr/local/etc/postfix/certificado/smtpd.crt smtpd_tls_key_file = /usr/local/etc/postfix/certificado/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_gid_maps = static:1002 virtual_mailbox_base = /home/vmail virtual_mailbox_limit = 1 virtual_mailbox_limit_inbox = yes virtual_mailbox_limit_maps = ldap:mailquota virtual_mailbox_limit_override = yes virtual_mailbox_maps = ldap:mailboxmaps virtual_maildir_extended = yes virtual_maildir_limit_message = Aviso de Quota Excedida! virtual_overquota_bounce = yes virtual_uid_maps = static:1002
Re: Question to Wietse
Christian Roessner: > What causes postscreen to raise such temp failures? http://www.postfix.org/POSTSCREEN_README.html#after_220 Wietse
Re: Postfix not create Maildir
Em 9/10/2010 09:43, mouss escreveu: > Le 09/10/2010 00:11, Márcio Luciano Donada a écrit : >> I am configuring a server to read a basic ldap, everything is working >> wonders, but to deliver the e-mail, postfix is not creating the maildir >> of the user, delivering only a mailbox file, but note that the >> configuration that follows below, I have the directive home_mailbox = >> Maildir/. I'm using version 2.6 on FreeBSD 8.2 > > for that user (assuming you are using virtual mailboxes), check the > value returned by the map: > # postmap -q someu...@example.com ldap:mailboxmaps > mx# postmap -q mdon...@domain.com.br ldap:/usr/local/etc/postfix/ldap/ldap-mailbox-user.cf mdonada As far as I understand it, the postfix is able to locate the user, but in time to deliver the mail it is not creating the Maildir, (all your directory structure), which I believe he should do, regardless of MDA. Mouss Thanks for listening. -- Márcio Luciano Donada Aurora Alimentos - Cooperativa Central Oeste Catarinense Departamento de T.I.
Re: Postfix not create Maildir
Le 09/10/2010 15:54, Márcio Luciano Donada a écrit : Em 9/10/2010 09:43, mouss escreveu: Le 09/10/2010 00:11, Márcio Luciano Donada a écrit : I am configuring a server to read a basic ldap, everything is working wonders, but to deliver the e-mail, postfix is not creating the maildir of the user, delivering only a mailbox file, but note that the configuration that follows below, I have the directive home_mailbox = Maildir/. I'm using version 2.6 on FreeBSD 8.2 for that user (assuming you are using virtual mailboxes), check the value returned by the map: # postmap -q someu...@example.com ldap:mailboxmaps mx# postmap -q mdon...@domain.com.br ldap:/usr/local/etc/postfix/ldap/ldap-mailbox-user.cf mdonada you need to add a trailing slash. the query should return "mdonada/" (with a slash at the end), otherwise, postfix will consider that you want mbox, not maildir. As far as I understand it, the postfix is able to locate the user, but in time to deliver the mail it is not creating the Maildir, (all your directory structure), which I believe he should do, regardless of MDA. Mouss Thanks for listening.
Re: Transport maps for a specfic user attached to a virtual domain
Le 09/10/2010 13:32, Olivier BONHOMME a écrit : Le 08/10/2010 21:30, Victor Duchovni a écrit : On Fri, Oct 08, 2010 at 05:38:21PM +0200, Olivier BONHOMME wrote: I am writing here because I have an issue trying to use transport_maps with a domain which is declared as VIRTUAL. You fail to distinguish between virtual_alias_domains and virtual_mailbox_domains. Which is it? Sorry : it is virtual_mailbox_domain. Now i would want this step : Redirect a specific account f...@domain.com from the MDA to another SMTP server but this account is not declared on the MDA. You can rewrite an account in a final (local, or virtual mailbox) domain to another domain via virtual_alias_maps. Postfix will then accept mail for the domain, and forward to the alternate mailbox. So I have to create a dummy account to do that in order for the virtual agent to accept the mail to be delivered ? virtual_alias_maps is enough. chose for yuorself: [without per user transports] use a virtual_alias like j...@example.com j...@host9.example.com (and either an explicit transport entry to route mail for host9.example.com to the correct host, or rely on DNS). Then use smtp_generic_maps to rewrite the address back to its original form (remove the "host9." part). [with per user transports] use a virtual alias like j...@example.comj...@example.com and a transport entry like j...@example.com relay:[10.1.2.3] But in that case, can I declare a transport map in order to tell another smtp transport for this account in order to avoid a local delivery ? Oui, as far as the transport entry applies to the adress after all virtual aliases are resolved. [snip]
Re: Postfix and mixed setup
Le 07/10/2010 16:47, Basti a écrit : Hello List, I want to rebuild my complete postfix setup, because requirements have changed for it... By now the server is just relaying to servers behind it, and all users get checked by reject_unverified_recipients, and then routet to the backend servers by a transport entry in mysql. The Domains are in a mysql db, with following settings in postfix: relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains.cf transport_maps = proxy:mysql:/etc/postfix/mysql-transport.cf The database schema: (id, domain, transport) But now I need a setup where I can mix the following requirements: - Relay for domains with unknown user list, with reject_unverified_recipients and per domain backend server transport. - Relay for domains with fixed user list, and one backend server transport. - Relay for domains with fixed user list, but each address can have an alternative transport (usera@ -> servera, userb@, serverb). eMails to non existing addresses should be rejected (unknown user). Here is how to restate your needs so that you can solve them: Req1) you want relay domains of two types: - domains with a list of valid recipients => This is the usual case. list the users in relay_recipient_maps - domains for which you use reject_unverified_recipients => For these: 1) use virtual_alias_maps so that all addresses are valid (j...@example.org => j...@example.org) 2) use something like smtpd_sender_restrictions = check_recipient_access proxy:mysql:/etc/postfix/domainstoverify.cf to do the above, you can simply add a "verify" column to your domain table. Req2) you want both per domain and per user transports This is a standard postfix functionality. you need nothing special. you seem to already have per domain transports (the "transport" column you talked about). so you can simply create a per-user transports table. An alternative to per user transports is virtual_alias_maps, possibly combined with smtp_generic_maps. virtual_alias_maps would do: j...@example.com => j...@server1.example.com and smtp_generic_maps would do the opposite. (- Per Domain amavis feed to another 127.0.0.1:10xxx for policy banks in pre-queue setup) With pre-queue (proxy_filter), that's not possible in postfix. do that in amavisd instead. With post-queue (content_filter), the problem is one message will go to one filter, even if it has multiple recipients. so FILTER per recipient is fragile. if you really want that, then you need to split before and after filter smtpd's into 2 instances (run postfix twice), in which case you can use transport_maps (with this, a message to multiple recipients can be split and passed to different filters). but you really should do that in amavisd instead. But I really don´t have an idea how this could be made easily by using a database setup. Maybe I just need some buzzwords for another google research :-)
some watchdog timeout
Hi all, On my internal mail gateway, I've found in the log some "watchdog timeout". These last days, it's about one or two a day, sometimes none: Oct 7 11:55:50 ru postfix-mailgw/smtp[96909]: fatal: watchdog timeout Oct 7 11:55:51 ru postfix-mailgw/master[1167]: warning: process /usr/local/libexec/postfix/smtp pid 96909 exit status 1 Oct 7 21:21:23 ru postfix-mailgw/smtp[76389]: fatal: watchdog timeout Oct 7 21:21:24 ru postfix-mailgw/master[1167]: warning: process /usr/local/libexec/postfix/smtp pid 76389 exit status 1 Oct 5 05:32:02 ru postfix-mailgw/smtp[30650]: fatal: watchdog timeout Oct 5 05:32:03 ru postfix-mailgw/master[1167]: warning: process /usr/local/libexec/postfix/smtp pid 30650 exit status 1 It seems the smtp process does its job, then is not used for few hours, then dies: (grep of PID number 64390 in mail logs) Oct 8 05:47:05 ru postfix-mailgw/smtp[64390]: connect to 192.168.0.179[192.168.0.179]:25: Operation timed out Oct 8 05:47:05 ru postfix-mailgw/smtp[64390]: 9962B17146A: to=, orig_to=, relay=none, delay=182748, delays=182718/0.01/30/0, dsn=4.4.1, status=deferred (connect to 192.168.0.179[192.168.0.179]:25: Operation timed out) Oct 8 05:47:21 ru postfix-mailgw/smtp[64390]: 46DFE1714D6: to=, orig_to=, relay=192.168.0.76[192.168.0.76]:25, delay=3.3, delays=0.11/0/3/0.19, dsn=5.0.0, status=bounced (host 192.168.0.76[192.168.0.76] said: 552 Requested mail action aborted: exceeded storage allocation (in reply to RCPT TO command)) Oct 8 05:47:57 ru postfix-mailgw/smtp[64390]: A594C1714D6: to=, orig_to=, relay=192.168.0.76[192.168.0.76]:25, delay=3.2, delays=0.11/0/3/0.05, dsn=2.0.0, status=sent (250 OK) Oct 8 05:48:44 ru postfix-mailgw/smtp[64390]: 296AE1714D6: to=, orig_to=, relay=192.168.0.76[192.168.0.76]:25, delay=0.14, delays=0.11/0/0/0.03, dsn=5.0.0, status=bounced (host 192.168.0.76[192.168.0.76] said: 552 Requested mail action aborted: exceeded storage allocation (in reply to RCPT TO command)) Oct 8 05:49:18 ru postfix-mailgw/smtp[64390]: 22C8B1714D3: to=, orig_to=, relay=192.168.0.76[192.168.0.76]:25, delay=1, delays=0.11/0/0/0.92, dsn=2.0.0, status=sent (250 OK) ../.. Oct 8 05:57:11 ru postfix-mailgw/smtp[64390]: 5B6791714D9: to=, orig_to=, relay=192.168.0.76[192.168.0.76]:25, delay=14, delays=0.02/0/0/14, dsn=2.0.0, status=sent (250 OK) Oct 8 05:57:11 ru postfix-mailgw/smtp[64390]: 5B6791714D9: to=, orig_to=, relay=192.168.0.76[192.168.0.76]:25, delay=14, delays=0.02/0/0/14, dsn=2.0.0, status=sent (250 OK) Oct 8 05:57:11 ru postfix-mailgw/smtp[64390]: 5B6791714D9: to=, orig_to=, relay=192.168.0.76[192.168.0.76]:25, delay=14, delays=0.02/0/0/14, dsn=2.0.0, status=sent (250 OK) Oct 8 05:57:11 ru postfix-mailgw/smtp[64390]: 5B6791714D9: to=, orig_to=, relay=192.168.0.76[192.168.0.76]:25, delay=14, delays=0.02/0/0/14, dsn=2.0.0, status=sent (250 OK) Oct 8 10:57:25 ru postfix-mailgw/smtp[64390]: fatal: watchdog timeout Oct 8 10:57:26 ru postfix-mailgw/master[1167]: warning: process /usr/local/libexec/postfix/smtp pid 64390 exit status 1 postfix-mailgw is a part of my postfix multi setup, and it's main role is to rewrite addresses for emails received from the two other postfix instances, and to deliver those emails to the final destination. Any idea about where I should start looking? Patrick PRONIEWSKI -- Administrateur Système - SENTIER - Université Lumière Lyon 2 smime.p7s Description: S/MIME cryptographic signature
Re: Postfix and mixed setup
Am 09.10.2010 18:54, schrieb mouss: Le 07/10/2010 16:47, Basti a écrit : Hello List, I want to rebuild my complete postfix setup, because requirements have changed for it... By now the server is just relaying to servers behind it, and all users get checked by reject_unverified_recipients, and then routet to the backend servers by a transport entry in mysql. The Domains are in a mysql db, with following settings in postfix: relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains.cf transport_maps = proxy:mysql:/etc/postfix/mysql-transport.cf The database schema: (id, domain, transport) But now I need a setup where I can mix the following requirements: - Relay for domains with unknown user list, with reject_unverified_recipients and per domain backend server transport. - Relay for domains with fixed user list, and one backend server transport. - Relay for domains with fixed user list, but each address can have an alternative transport (usera@ -> servera, userb@, serverb). eMails to non existing addresses should be rejected (unknown user). Here is how to restate your needs so that you can solve them: Req1) you want relay domains of two types: - domains with a list of valid recipients => This is the usual case. list the users in relay_recipient_maps - domains for which you use reject_unverified_recipients => For these: 1) use virtual_alias_maps so that all addresses are valid (j...@example.org => j...@example.org) 2) use something like smtpd_sender_restrictions = check_recipient_access proxy:mysql:/etc/postfix/domainstoverify.cf to do the above, you can simply add a "verify" column to your domain table. Req2) you want both per domain and per user transports This is a standard postfix functionality. you need nothing special. you seem to already have per domain transports (the "transport" column you talked about). so you can simply create a per-user transports table. An alternative to per user transports is virtual_alias_maps, possibly combined with smtp_generic_maps. virtual_alias_maps would do: j...@example.com => j...@server1.example.com and smtp_generic_maps would do the opposite. (- Per Domain amavis feed to another 127.0.0.1:10xxx for policy banks in pre-queue setup) With pre-queue (proxy_filter), that's not possible in postfix. do that in amavisd instead. With post-queue (content_filter), the problem is one message will go to one filter, even if it has multiple recipients. so FILTER per recipient is fragile. if you really want that, then you need to split before and after filter smtpd's into 2 instances (run postfix twice), in which case you can use transport_maps (with this, a message to multiple recipients can be split and passed to different filters). but you really should do that in amavisd instead. Thanks for your reply, made things a bit clearer for me :) I will try to set this up like you wrote! Best regards, Bastian
Re: Deliver to non-local users from domain.
Yes i already have that kind of setup up and running. The problem that i am describing is when the exchange and the postfix server both have the same domain, i.e. domain.com. The mx record will point to the exchange and they will forward all mail that doesn't match a local recipient to us. What i want to achieve is the same - i.e. not to have to create each mail user + transport mapping for him. I know zimbra does this ( http://wiki.zimbra.com/index.php?title=Split_Domain ), but as far as i can see they define transport for the domain + transport for each user + a catch-all that does @domain.com -> @domain.com. On Fri, Oct 8, 2010 at 5:06 AM, Nikolai K. Bochev < n.boc...@grandstarco.com > wrote: Hello list, I have one domain , with several users in it. Most of them , will be migrated to a exchange server, which will later be the mx record for that domain. The exchange server will redirect emails for users not in his database to the postfix/cyrus server i run. The problem is, when someone tries to send an email from postfix/cyrus user to a user on the same domain that is hosted on the exchange. I know i can create local boxes, and setup up transport maps for each of those boxes. What i am wondering is - is there any way that i can tell postfix to relay mail for a domain he owns if no local user exists ? http://www.postfix.org/VIRTUAL_README.html#virtual_alias We have a similar set-up. If you have an internal domain (Active Directory) that is different than your external domain, in the virtual file on your Postfix machine, on the left column put the user's external email address, and on the right put what Exchange recognizes as their FQDN internal address. For example: u...@example.com u...@exchange.example.local This assumes Exchange is part of the Active Directory domain example.local, and you have an MX and A record for it on your internal DNS server. -- Nikolai K. Bochev System Administrator
Re: Postfix not create Maildir
On 10/9/2010 10:36 AM, mouss wrote:
Le 09/10/2010 15:54, Márcio Luciano Donada a écrit :
Em 9/10/2010 09:43, mouss escreveu:
Le 09/10/2010 00:11, Márcio Luciano Donada a écrit :
I am configuring a server to read a basic ldap, everything is working
wonders, but to deliver the e-mail, postfix is not creating the
maildir
of the user, delivering only a mailbox file, but note that the
configuration that follows below, I have the directive home_mailbox =
Maildir/. I'm using version 2.6 on FreeBSD 8.2
for that user (assuming you are using virtual mailboxes), check the
value returned by the map:
# postmap -q someu...@example.com ldap:mailboxmaps
mx# postmap -q mdon...@domain.com.br
ldap:/usr/local/etc/postfix/ldap/ldap-mailbox-user.cf
mdonada
you need to add a trailing slash. the query should return "mdonada/"
(with a slash at the end), otherwise, postfix will consider that you
want mbox, not maildir.
As far as I understand it, the postfix is able to locate the user, but
in time to deliver the mail it is not creating the Maildir, (all your
directory structure), which I believe he should do, regardless of MDA.
Mouss Thanks for listening.
WHOA, slow down everyone! NO folders have to exist BUT, in master.cf of
postfix, you must NOT have the "-n" option, which specifically tells
dovecot's LDA to not create the directories.
Here is the config from my master.cf which utilizes all possible
features of dovecot:
dovecot unix- n n - - pipe
flags=DRhu user=mail:mail argv=/usr/libexec/dovecot/deliver -f
${sender} -d ${us...@${nexthop} -m ${extension}
a lot of config examples include a "-n" before the "-m ${extension}",
including the dovecot wiki! This should NOT be the default as usually
people want folders automatically created.
Good Luck,
Jerrale G.
SC Senior Admin
Re: some watchdog timeout
Patrick Proniewski: [ Charset ISO-8859-1 unsupported, converting... ] > Hi all, > > On my internal mail gateway, I've found in the log some "watchdog timeout". > These last days, it's about one or two a day, sometimes none: > > Oct 7 11:55:50 ru postfix-mailgw/smtp[96909]: fatal: watchdog timeout > Oct 7 11:55:51 ru postfix-mailgw/master[1167]: warning: process > /usr/local/libexec/postfix/smtp pid 96909 exit status 1 > Oct 7 21:21:23 ru postfix-mailgw/smtp[76389]: fatal: watchdog timeout > Oct 7 21:21:24 ru postfix-mailgw/master[1167]: warning: process > /usr/local/libexec/postfix/smtp pid 76389 exit status 1 > Oct 5 05:32:02 ru postfix-mailgw/smtp[30650]: fatal: watchdog timeout > Oct 5 05:32:03 ru postfix-mailgw/master[1167]: warning: process > /usr/local/libexec/postfix/smtp pid 30650 exit status 1 > > It seems the smtp process does its job, then is not used for few hours, then > dies: Postfix daemons terminate voluntarily when they receive no request for $max_idle seconds. The watchdog timer is a safety mechanism; it terminates a process when it appears to hang. The $max_idle timer uses select(2), poll(2), epoll(3) or /dev/poll depending on the operating system type and version. Failure of this timer is usually a symptom of virtualization bugs. The watchdog timer uses alarm(3). Wietse
