Specifying pflogsumm Reporting Period
Recently I upgraded to postfix-2.7.1. Something changed in the pflogsumm reporting system because now each day's report appears to accumulate for the entire week before resetting. It used to report for only the previous day's maillog, which is why the local file, /etc/cron.daily/1pflogsumm, runs before logrotate does. I've looked unsuccessfully for the change but have not seen it. /etc/cron.daily/1pflogsumm remains the same as before the upgrade. This file does not specify '-yesterday', but it never has. Please suggest where I should look for the reporting period specification so I can change it from weekly to daily. Rich
Re: E-mail more than 889 characters in line 1 DKIM Authentication Error
vfx9as: > 2010/11/21 Wietse Venema : > > vfx9as: > >> In 980 characters or more lines as it will split 1 postfix, and long > >> lines to fill in > >> Line characters sent so I do not think 980 RFC violation. > > > > Please read RFC 5322 Section 2.2.3. Long Header Fields > > "Body" problem > No headers In that case, please consider reading up on the quoted-printable (or base64) encoding: RFC 2045, RFC 2046, and related material. If you want to maximize the chances of email delivery, then you need to send lines less than an 80-column punchcard wide. If you insist on staying just a few bytes under the protocol limit, then you are inviting trouble. I agree that such trouble should not exist, but that is the world we have today. Wietse
Re: Specifying pflogsumm Reporting Period
Rich Shepard put forth on 11/21/2010 9:56 AM: > Recently I upgraded to postfix-2.7.1. Something changed in the pflogsumm > reporting system because now each day's report appears to accumulate for > the > entire week before resetting. It used to report for only the previous day's > maillog, which is why the local file, /etc/cron.daily/1pflogsumm, runs > before logrotate does. > > I've looked unsuccessfully for the change but have not seen it. > /etc/cron.daily/1pflogsumm remains the same as before the upgrade. This > file > does not specify '-yesterday', but it never has. > > Please suggest where I should look for the reporting period specification > so I can change it from weekly to daily. ~$ pflogsumm.pl -d yesterday /var/log/mail.log Should be that simple. Unless you're more concerned with figuring out why it broke than you are with fixing the described problem. Also note that Postfix has zero to do with pflogsumm. The former simply logs entries via the syslog deamon. The latter parses the resulting syslog mail log file. Something else on your system apparently changed around the same time frame you upgraded to 2.7. -- Stan
Mysql queries being performed for domains not in virtual_alias_domains
Hi, I have noticed that my Postfix (version 2.3.8) is performing a virtual_alias_maps mysql database query for every email that it is processing, even if the domain is not listed in virtual_alias_domains. So for example, I have andybev.com in virtual_alias_domains and a database query set up for virtual_alias_maps. When I send an email *from* the server to an external email address, then that recipient (eg joeblo...@hotmail.com) gets looked up in the virtual_alias_maps database query first before it is delivered. Is this normal? This doesn't seem right, so I am thinking that there is something wrong with my configuration (all of the thousands of outbound emails are causing database lookups). Thanks, Andy
Re: Mysql queries being performed for domains not in virtual_alias_domains
On 11/21/2010 4:40 PM, Andrew Beverley wrote: Hi, I have noticed that my Postfix (version 2.3.8) is performing a virtual_alias_maps mysql database query for every email that it is processing, even if the domain is not listed in virtual_alias_domains. So for example, I have andybev.com in virtual_alias_domains and a database query set up for virtual_alias_maps. When I send an email *from* the server to an external email address, then that recipient (eg joeblo...@hotmail.com) gets looked up in the virtual_alias_maps database query first before it is delivered. Is this normal? This doesn't seem right, so I am thinking that there is something wrong with my configuration (all of the thousands of outbound emails are causing database lookups). Thanks, Andy You have outgoing mail being processed by smtpd where it is suppose to be processed by smtp. I would tell you how you did this but you didnt include your postconf -n Jerrale G. SC Senior Admin
Re: Mysql queries being performed for domains not in virtual_alias_domains
On Sun, Nov 21, 2010 at 04:50:21PM -0500, Jerrale G wrote: > On 11/21/2010 4:40 PM, Andrew Beverley wrote: >> Hi, >> >> I have noticed that my Postfix (version 2.3.8) is performing a >> virtual_alias_maps mysql database query for every email that it is >> processing, even if the domain is not listed in virtual_alias_domains. This is correct behaviour. The rewriting performed by virtual(5) is documented and intended to apply to *all* addresses. If you have an SQL or LDAP table that stores data for only a specific set of domains, you can use the "domain = ..." attribute of LDAP, or SQL tables to specify which domains the table applies to, and queries for unrelated domains will be skipped. Note, that the above applies also to "bare" domain queries, so tables with "domain =" constraints cannot be used to store the list of virtual_alias_domains, virtual_mailbox_domains, ... Not a problem, since after hardcoding the candidate domains in the table definition, there is really no point in using a database at all, just list the domains in main.cf. -e Viktor.
Require TLS and authentication with Postfix + Dovecot
Hi,
I've setup a Postfix server to handle SMTP for a few domains on my
local network. I don't want to rely on clients to "do the right thing"
and trust them to enable encryption and authentication on their own.
So, I'd like to disable all plain text logins that are not encrypted,
and disable anonymous SMTP for obvious security reasons.
Dovecot is handling IMAP. I've successfully configured Dovecot to
require encryption for all requests. I've also setup Postfix as best I
can tell to do what I want. However, it still allows me to send email
without authentication, as well as with authentication but using a
plaintext login. I have fully read the SASL README file, as well as
the relevant parts of the postconf man page.
It is noteworthy that I am using Dovecot to perform the authentication
("smtpd_sasl_type = dovecot"). Dovecot is looking up credentials from
a database. I am unable to find documentation on how much
configuration Postfix inherits from Dovecot when used in this manner.
I am also using "permit_mynetworks" in the
smtpd_recipient_restrictions setting, but mynetworks currently is only
set to localhost, and removing permit_mynetworks does not resolve the
problem.
I am using Postfix 2.5.5-1.1 on Debian Lenny.
Here are the pertinent settings from main.cf:
# TLS
smtpd_tls_cert_file = ...
smtpd_tls_key_file = ...
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_auth_only = yes
# SASL
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
# Restrictions
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_delay_reject = yes
smtpd_client_restricitons = permit_sasl_authenticated, reject
Is this the correct configuration for my desired setup? Could this be
somehow related to the version of Postfix I'm using?
Thanks in advance.
Chris
Re: Require TLS and authentication with Postfix + Dovecot
On Sun, Nov 21, 2010 at 9:41 PM, chris guirl wrote: > Hi, > > I've setup a Postfix server to handle SMTP for a few domains on my > local network. I don't want to rely on clients to "do the right thing" > and trust them to enable encryption and authentication on their own. > So, I'd like to disable all plain text logins that are not encrypted, > and disable anonymous SMTP for obvious security reasons. . . > I am using Postfix 2.5.5-1.1 on Debian Lenny. > > Here are the pertinent settings from main.cf: On this list you will be asked for output of "postconf -n" and not what you think is relevant. > # TLS > smtpd_use_tls = yes This is deprecated in favor of "smtpd_tls_security_level" for your version of postfix. http://www.postfix.org/TLS_README.html Plus " smtpd_use_tls=yes" is the not the right config to use even with older version.
Re: E-mail more than 889 characters in line 1 DKIM Authentication Error
(10/11/22 01:33), Wietse Venema wrote: > vfx9as: >> 2010/11/21 Wietse Venema : >>> vfx9as: In 980 characters or more lines as it will split 1 postfix, and long lines to fill in Line characters sent so I do not think 980 RFC violation. >>> >>> Please read RFC 5322 Section 2.2.3. Long Header Fields >> >> "Body" problem >> No headers > > In that case, please consider reading up on the quoted-printable > (or base64) encoding: RFC 2045, RFC 2046, and related material. > > If you want to maximize the chances of email delivery, then you > need to send lines less than an 80-column punchcard wide. > > If you insist on staying just a few bytes under the protocol limit, > then you are inviting trouble. I agree that such trouble should not > exist, but that is the world we have today. > > Wietse The increase in the number of characters is not. (10/11/20 22:41), vfx9as wrote: > E-mail more than 889 characters on line 1 DKIM authentication error in > trouble > > sendmail8.14.4 does not matter. > > It is expected over the milter-mail after entering, > I think the idea of being sent from the line and then split in the process. > > E-mail and entered, after the signing process (line breaks), so being sent > I think the idea will always fail authentication. > The problem is the order of processing sendmail Line splitting & CR Handling -> milter # Authentication Success postfixmilter -> Line splitting & CR Handling # Authentication failure
Re: How to replace underscores in hostnames to a valid character?
On Saturday 20 November 2010 02:40:26 mouss wrote: > Le 18/11/2010 10:15, Ralf Hildebrandt a écrit : > > * J. Roeleveld: > >> Hi All, > >> > >> I've been having issues where emails are being rejected by Cyrus because > >> the "From" address contains an underscore in the domain name. > > > > Envelope or header? > > > >> Example address: u...@lists_example.org > >> > >> What I am looking for is a way to parse email addresses and replace all > >> underscores to dashes, eg. the following: > >> > >> u...@lists_example.org -> u...@lists-example.org > > > > sender_canonical_maps regexp:/etc/postfix/cyrus_sucks > > > > with /etc/postfix/cyrus_sucks containing something like: > > > > /^(.*)_(.*)$/ $1-$2 > > that's too something and not enough > - it will rewrite john_...@example.com. > > - it won't fix j...@lis_ts_exa_mp_le_com > > /(.*)_([^@)*/ $1-$2 > helps a little, but not much. There is only 1 email address causing issues, eg. am only rewriting that specific one. > better reject the address and let the sender fix his ratware... That is the default behaviour, unfortunately, I am using fetchmail to get the emails out of a mailbox elsewhere and injecting that into postfix. If postfix rejects the email, it tries to send the bounce out via the relay smtp-server (which rejects the address) and I end up with error messages on my side. At least this way, I can still see the list-messages from this individual. I don't have a guaranteed fixed IP-address which is a requirement for having the MX-records point to my server directly. -- Joost
