Postfix and restrictions for more than 200 remote recipients.
Hi everybody, some users from our company sends sometimes mails for about 300, 500, ... recipients. Is it possible to slow down delivering emails with this counts ? All others will've priority, emails with xxx recipients will be delivered with low priority. There could be solution with other server for this email people - so how delay delivering email with this a lot of recipients. For example - send only email for 1 recipient for 10 seconds, after 10 seconds send this mail to another recipient... Thanks for your advices. Regards J.Karliak. -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thanks. This message was sent using IMP, the Internet Messaging Program. binUfSodJ6XrP.bin Description: Veřejný PGP klíč
Re: reject_unauth_destination status=2, should be 0
Le 20/11/2010 20:55, Victor Duchovni a écrit : On Sat, Nov 20, 2010 at 07:45:41PM +0100, Ben wrote: Thank you for your help ! The recipient domain should be configured as final, but is not. I think that's the problem. I joined the information you asked to avoid line breaking. Turn off verbose logging, it is not needed, and obscures the logging that's actually useful. Nov 19 17:34:50 kappa postfix/smtpd[23554]: NOQUEUE: reject: RCPT from mail-ww0-f47.google.com[74.125.82.47]: 554 5.7.1: Relay access denied; from= to= proto=ESMTP helo= This is sufficient, the domain "test-and-test.com" is not listed in any of the final (or "relay") address classes $ postconf mydestination relay_domains virtual_alias_domains virtual_mailbox_domains virtual_alias_maps virtual_mailbox_maps smtpd_recipient_restrictions mydestination = $myhostname, localhost.$mydomain, localhost relay_domains = $mydestination Generally, you should set "relay_domains" explicitly to a non-default value (often empty) and remove "relay_domains" from parent_domain_matches_subdomains (which should be empty or just parent_domain_matches_subdomains = smtpd_access_maps ). virtual_alias_domains = $virtual_alias_maps virtual_mailbox_domains = $virtual_mailbox_maps virtual_alias_maps = $virtual_maps You should set virtual_alias_maps explicitly to whatever you have virtual_maps set to. You should set virtual_alias_domains to a list of domains explicitly listed in main.cf, unless the list is large and or changes often. Even then, you should use a separate table from virtual_alias_maps. virtual_mailbox_maps = proxy:mysql:/etc/postfix/myvirtual.cf This defines mailbox locations for individual users. $ postmap -q i...@test-and-test.com proxy:mysql:/etc/postfix/myvirtual.cf /var/mail/i/info_test-and-test.com This user has a mailbox. That does not make the *domain* final. You need to list the *domain* in virtual_mailbox_domains. Yes, you were true. The domain was not present in the virtual table. I would investigate to find why now... How can you see it's a domain related problem, instead of an email problem ? Thank you for the pointer. Regards, Ben
Re: E-mail more than 889 characters in line 1 DKIM Authentication Error
vfx9as: [ Charset ISO-8859-1 unsupported, converting... ] > (10/11/22 01:33), Wietse Venema wrote: > > vfx9as: > >> 2010/11/21 Wietse Venema : > >>> vfx9as: > In 980 characters or more lines as it will split 1 postfix, and long > lines to fill in > Line characters sent so I do not think 980 RFC violation. > >>> > >>> Please read RFC 5322 Section 2.2.3. Long Header Fields > >> > >> "Body" problem > >> No headers > > > > In that case, please consider reading up on the quoted-printable > > (or base64) encoding: RFC 2045, RFC 2046, and related material. > > > > If you want to maximize the chances of email delivery, then you > > need to send lines less than an 80-column punchcard wide. > > > > If you insist on staying just a few bytes under the protocol limit, > > then you are inviting trouble. I agree that such trouble should not > > exist, but that is the world we have today. > > > > Wietse > > The increase in the number of characters is not. The Postfix smtp_line_length_limit feature is not a mail formatting feature: it is not expected to play nice with DKIM signatures (not with the local MTA's own signature, and not with the signature from some up-stream system. Instead, purpose of the limit is to ensure that mail will not be dropped by some borked mail system or firewall. If you want to play with mail, please send well-formatted email, that's text <80 and use encapsulation as defined by RFCs. These things exist for a purpose. Wietse
Re: Postfix and restrictions for more than 200 remote recipients.
Josef Karliak: >Hi everybody, >some users from our company sends sometimes mails for about 300, > 500, ... recipients. Is it possible to slow down delivering emails > with this counts ? All others will've priority, emails with xxx > recipients will be delivered with low priority. Postfix uses preemptive scheduling, so that mail with few recipients will not be stuck behind mail with many recipients. You can find the details at http://www.postfix.org/SCHEDULER_README.html#jobs Wietse >There could be solution with other server for this email people - > so how delay delivering email with this a lot of recipients. For > example - send only email for 1 recipient for 10 seconds, after 10 > seconds send this mail to another recipient... >Thanks for your advices. >Regards >J.Karliak. > > -- > Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a > DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, > zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. > My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) > policy and check. If you've problem with sending emails to me, start > using email origin methods mentioned above. Thanks. > > > This message was sent using IMP, the Internet Messaging Program. > Content-Description: Ve_ejn_ PGP kl__ [ application/pgp-keys is not supported, skipping... ]
mynetworks or sasl auth
Hi list, I have to setup my postfix virtual mailbox configuration to permit all clients listed in mynetworks without SASL authentication , but all others (remote networks/users) to authenticate themselves with username and password. Anyone know how to do it ? Thanks in advance. signature.asc Description: Това е цифрово подписана част от писмото
Re: mynetworks or sasl auth
http://www.postfix.org/SASL_README.html suomi On 2010-11-22 16:33, b2 wrote: Hi list, I have to setup my postfix virtual mailbox configuration to permit all clients listed in mynetworks without SASL authentication , but all others (remote networks/users) to authenticate themselves with username and password. Anyone know how to do it ? Thanks in advance.
Re: mynetworks or sasl auth
10x , I find the option that i needed : smtpd_sasl_exceptions_networks = $mynetworks В 16:57 +0100 на 22.11.2010 (пн), postfix написа: > http://www.postfix.org/SASL_README.html > > suomi > > On 2010-11-22 16:33, b2 wrote: > > Hi list, > > I have to setup my postfix virtual mailbox configuration to permit all > > clients listed in mynetworks without SASL authentication , > > but all others (remote networks/users) to authenticate themselves with > > username and password. Anyone know how to do it ? > > Thanks in advance. signature.asc Description: Това е цифрово подписана част от писмото
Re: mynetworks or sasl auth
So your question is to have anyone on mynetwork to not have to authenticate and have anyone who is not on mynetwork to have to authenticate? *smtpd_sasl_exceptions_networks=$mynetworks* 2010/11/22 b2 > Hi list, > I have to setup my postfix virtual mailbox configuration to permit all > clients listed in mynetworks without SASL authentication , > but all others (remote networks/users) to authenticate themselves with > username and password. Anyone know how to do it ? > Thanks in advance. >
Re: mynetworks or sasl auth
That's right. В 11:31 -0500 на 22.11.2010 (пн), Rich написа: > So your question is to have anyone on mynetwork to not have to > authenticate and have anyone who is not on mynetwork to have to > authenticate? > smtpd_sasl_exceptions_networks=$mynetworks > > > 2010/11/22 b2 > > Hi list, > I have to setup my postfix virtual mailbox configuration to > permit all clients listed in mynetworks without SASL > authentication , > but all others (remote networks/users) to authenticate > themselves with username and password. Anyone know how to do > it ? > Thanks in advance. > > signature.asc Description: Това е цифрово подписана част от писмото
Re: Require TLS and authentication with Postfix + Dovecot
On Sun, Nov 21, 2010 at 09:41:09PM -0500, chris guirl wrote:
> I've setup a Postfix server to handle SMTP for a few domains on my
> local network. I don't want to rely on clients to "do the right thing"
> and trust them to enable encryption and authentication on their own.
> So, I'd like to disable all plain text logins that are not encrypted,
http://www.postfix.org/TLS_README.html#server_tls_auth
http://www.postfix.org/SASL_README.html#smtpd_sasl_security_options
> and disable anonymous SMTP for obvious security reasons.
It is not obvious to me which reasons you have in mind, you should be
explicit about your security goals. What threats do you want to mitigate?
You also don't specify whether your server is an MSA only, or also an
MX host.
> Dovecot is handling IMAP. I've successfully configured Dovecot to
> require encryption for all requests. I've also setup Postfix as best I
> can tell to do what I want. However, it still allows me to send email
> without authentication,
As should any MX host when the recipient domain is final or a relay domain.
> as well as with authentication but using a plaintext login.
See the document links above.
> I have fully read the SASL README file, as well as
> the relevant parts of the postconf man page.
It's all there...
> It is noteworthy that I am using Dovecot to perform the authentication
> ("smtpd_sasl_type = dovecot"). Dovecot is looking up credentials from
> a database. I am unable to find documentation on how much
> configuration Postfix inherits from Dovecot when used in this manner.
Postfix can't offer SASL mechanisms that Dovecot is not configured to
use. Other than that, you configure Postfix policy in Postfix.
> smtpd_tls_auth_only = yes
With this SASL AUTH will NOT be available without TLS.
> # SASL
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = private/auth
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous, noplaintext
> smtpd_sasl_tls_security_options = noanonymous
This looks correct.
> # Restrictions
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination
> smtpd_delay_reject = yes
> smtpd_client_restricitons = permit_sasl_authenticated, reject
If you are able to submit email without TLS or SASL auth, you are
reporting configuration settings from the wrong main.cf file, or have
substantial overrides of these parameters in master.cf.
--
Viktor.
Re: Block A Sender in Postfix
On Sat, Nov 20, 2010 at 12:35 PM, Pete wrote: > The format of my smtp_client_access file is like so : > > .dodgyhost.tld REJECT Spam sewer. > .evilspammer.tld REJECT Spam sewer. > > The format of my smtp_sender_access file is like so : > > barrelshoot.tld REJECT No thanks. > al...@example.tld OK > example.tld REJECT No thanks. > freespam.tld REJECT Go away. > interesting101@ OK Just so I'm clear as I tried to search "The Book of Postfix" for this answer and it was clearly specificed: smtp_sender_access = restrictions on what domains I can send mail to? smtp_client_access = restrictions on what domains can send mail to my Postfix server? Both client_access & sender_access appear to have the same formatting: some.domain.tld REJECT another.domain.tld REJECT Am I correct or have I missed something?
Re: Block A Sender in Postfix
On Mon, 22 Nov 2010, Carlos Mennens wrote: Both client_access & sender_access appear to have the same formatting: some.domain.tld REJECT another.domain.tld REJECT Am I correct or have I missed something? Carlos, I use a badaddr file that lists domains from whom I will not accept messages. The content looks like these: hostforreal.com 550 Rejected domain D23 nasty-mailings.com 550 Rejected domain D24 In the UCE section of /etc/postfix/main.cf I have this line: check_client_access hash:/etc/postfix/badaddr, and it kicks back messages from the listed domains. Also, I use a badip file for specific IP addresses and address blocks. HTH, Rich
Re: E-mail more than 889 characters in line 1 DKIM Authentication Error
(10/11/22 14:05), vfx9as wrote: > > > > The problem is the order of processing > > > > sendmail Line splitting & CR Handling -> milter # Authentication Success > > postfixmilter -> Line splitting & CR Handling # Authentication failure postfix, sendmail differences in behavior problems. Which Is the right process?
Re: E-mail more than 889 characters in line 1 DKIM Authentication Error
On Tue, Nov 23, 2010 at 03:06:33AM +0900, vfx9as wrote: > (10/11/22 14:05), vfx9as wrote: > > > > > > The problem is the order of processing > > > > > > sendmail Line splitting & CR Handling -> milter # Authentication > > > Success > > > postfixmilter -> Line splitting & CR Handling # Authentication > > > failure > postfix, sendmail differences in behavior problems. > Which Is the right process? Which is the right question? Postfix sensibly performs message inspection on input. Postfix only performs content downgrade (to 7bit, or to SMTP line length limits) on output, as some channels don't need the downgrade. Therefore, if you want to sign mail, you MUST hand Postfix email that does not need to be downgraded. One approach is to sign in post-queue content filters, and to force content downgrades when delivering into the content filter, so that the filter sees "normalized" email. Better yet, send email that requires no downgrading. -- Viktor.
Re: How to replace underscores in hostnames to a valid character?
Bron Gondwana wrote, On 11/18/10 8:14 AM: On Thu, Nov 18, 2010 at 06:55:14AM -0600, Noel Jones wrote: On 11/18/2010 3:12 AM, J. Roeleveld wrote: Hi All, I've been having issues where emails are being rejected by Cyrus because the "From" address contains an underscore in the domain name. ... PS. I have contacted the domain admins where these are coming from, but I'm not convinced the user is actually using their smtp-server for outbound emails. Seems like contacting a Cyrus list is a better idea. Yeah, we're on it. Seriously considering not being so strict about the domain name. There was stuff from Brad Fitzpatrick when LiveJournal allowed them a few years ago - saying pretty much everything allows underscores in web stuff. Wondering if it's worth fighting the "standards complient" fight. Yes, it is. The fact that underscores are legal in DNS labels but not in mailable domain names has proven itself as a useful tool, particularly given the logistical and political difficulties of defining new DNS record types. There are also people who use underscores in hostnames intentionally to interfere with their usefulness as spam zombies.
Re: E-mail more than 889 characters in line 1 DKIM Authentication Error
vfx9as: > (10/11/22 14:05), vfx9as wrote: > > > > > > The problem is the order of processing > > > > > > sendmail Line splitting & CR Handling -> milter # Authentication > > > Success > > > postfixmilter -> Line splitting & CR Handling # Authentication > > > failure > postfix, sendmail differences in behavior problems. > Which Is the right process? As replied in off-list email: It is not my problem that you want to send mail that is close to the protocol limit. My job is to ensure that mail will be delivered, hence the 990 character limit on output via SMTP (not on output to mailbox). If you want your DKIM signatures to survive, send mail with lines < 80. The DKIM RFC recommends sending well-formatted mail, and that is not what you are doing. Sending mail < 80 will also avoid tripping up alarms in content filters that detect mail from idiot application writers. Wietse
Re: E-mail more than 889 characters in line 1 DKIM Authentication Error
(10/11/23 03:25), Victor Duchovni wrote: > One approach is to sign in post-queue content filters, and to force > content downgrades when delivering into the content filter, so that > the filter sees "normalized" email. Better yet, send email that > requires no downgrading. > Good idea! Thank you
NOQUEUE: reject: RCPT 450 4.7.1 Recipient address rejected: Service is unavailable
(1) Some mail is getting delayed, or not delivered at all (see error log below). Not well versed in this. Any help appreciated. (postcon n attached) (2) uncertain how to rid myself of all the Anvil messages. Can I turn it off somehow if I do not require it ? Kind comments only please ;-) -- Jason Lukasiewicz Vice President Lukasiewicz Design, Inc. jayl...@lukedesign.com (212) 581-3344 POSTCON n (attached) MAIL.LOG ERROR MESSAGE Nov 22 12:59:33 mail postfix/smtpd[73566]: warning: connect to private/anvil: Connection refused Nov 22 12:59:33 mail postfix/smtpd[73566]: warning: problem talking to server private/anvil: Connection refused Nov 22 12:59:33 mail postfix/smtpd[73566]: warning: restriction `reject_invalid_helo_hostname' after `permit' is ignored Nov 22 12:59:33 mail postfix/smtpd[73566]: NOQUEUE: reject: RCPT from exprod7og102.obsmtp.com[64.18.2.157]: 450 4.7.1 : Recipient address rejected: Service is unavailable; from= to= proto=SMTP helo= Nov 22 12:59:33 mail postfix/smtpd[73566]: warning: connect to private/anvil: Connection refused Nov 22 12:59:33 mail postfix/smtpd[73566]: warning: problem talking to server private/anvil: Connection refused Nov 22 12:59:34 mail postfix/smtpd[73566]: warning: connect to private/anvil: Connection refused Nov 22 12:59:34 mail postfix/smtpd[73566]: warning: problem talking to server private/anvil: Connection refused Nov 22 12:59:34 mail postfix/smtpd[73566]: disconnect from exprod7og102.obsmtp.com[64.18.2.157] postcon -n.rtf Description: Binary data
Re: NOQUEUE: reject: RCPT 450 4.7.1 Recipient address rejected: Service is unavailable
Jason Lukasiewicz: > Nov 22 12:59:33 mail postfix/smtpd[73566]: warning: connect to > private/anvil: Connection refused > Nov 22 12:59:33 mail postfix/smtpd[73566]: warning: problem talking to > server private/anvil: Connection refused Apparently, your master.cf file is for an older version of Postfix than the version that you are running now. What did you change to Postfix before this started to happen? Wietse
Re: NOQUEUE: reject: RCPT 450 4.7.1 Recipient address rejected: Service is unavailable
I "migrated" from a Mac OS Server 10.4.11 to a Mac OS X Server 10.6. New Xserve and new software . . . . But it's likely the "migration" (auto copying all old files) that is screwing me up. What the f$#@ do I do now ? By the way, I am pretty impressed getting a response from "The Big Cheese" . . . I see you wrote the Man page on Anvil. Seriously, I know you likely have other things to do, but I am pretty amateur at this crap. Any assistance you could provide would be greaty appreciated. I may even send you fresh baked cookies ;-) -- Jason Lukasiewicz Vice President Lukasiewicz Design, Inc. jayl...@lukedesign.com on 11/22/10 1:55 PM, Wietse Venema at wie...@porcupine.org wrote: > Jason Lukasiewicz: >> Nov 22 12:59:33 mail postfix/smtpd[73566]: warning: connect to >> private/anvil: Connection refused >> Nov 22 12:59:33 mail postfix/smtpd[73566]: warning: problem talking to >> server private/anvil: Connection refused > > Apparently, your master.cf file is for an older version of Postfix > than the version that you are running now. > > What did you change to Postfix before this started to happen? > > Wietse
Re: Block A Sender in Postfix
On Mon, Nov 22, 2010 at 1:00 PM, Rich Shepard wrote: > Carlos, > > I use a badaddr file that lists domains from whom I will not accept > messages. The content looks like these: > > hostforreal.com 550 Rejected domain D23 > nasty-mailings.com 550 Rejected domain D24 I've done the same and mine looks simular: [r...@mail postfix]# cat client_access bluehornet.com REJECT Rejected Domain But my confusion with Postfix has always been where to add then map check under which specific smtpd_*_restriction(s). According to "The Book of Postfix" I am still very confused: - smtpd_client_restrictions = applies to the client's IP address or its hostname or both. - smtpd_recipient_restrictions = applies to the envelope recipient(s), the envelope sender, the HELO/EHLO argument, and client IP / hostname or both. - smtpd_sender_restrictions = This is the 1st trigger set that restricts parts of the envelope. Postfix applies to the envelope sender, the HELO/EHLO argument, and the client. So with that defined above, how am I to understand or determine where I would add my 'client_access' check in my main.cf? According to the definitions above, the 'smtpd_recipient_restirctions' looks like it runs the specific map against every aspect of the sender rather than the other two. It seems like the logical choice, no? I apologize if I'm just dumb when it comes to Postfix but I'm really putting time and effort in to trying to understand this so I wont have to annoy most with my ignorance. > In the UCE section of /etc/postfix/main.cf I have this line: > > check_client_access hash:/etc/postfix/badaddr, > > and it kicks back messages from the listed domains. > > Also, I use a badip file for specific IP addresses and address blocks. Where do you have those listed under in your main.cf? smtpd_recipient_restrictions = check_badaddrhash:/etc/postfix/badaddr ?
Re: NOQUEUE: reject: RCPT 450 4.7.1 Recipient address rejected: Service is unavailable
On Mon, Nov 22, 2010 at 02:00:45PM -0500, Jason Lukasiewicz wrote: > I "migrated" from a Mac OS Server 10.4.11 to a Mac OS X Server 10.6. > New Xserve and new software . . . . But it's likely the "migration" (auto > copying all old files) that is screwing me up. > > What the f$#@ do I do now ? root# postfix set-permissions upgrade-configuration -- Viktor.
Re: NOQUEUE: reject: RCPT 450 4.7.1 Recipient address rejected: Service is unavailable
On Mon, Nov 22, 2010 at 02:15:52PM -0500, Jason Lukasiewicz wrote: > I appreciate your response. I have tried that, and just now again . . . > > mail:~ root# postfix set-permissions upgrade-configuration > chown: /etc/postfix/makedefs.out: No such file or directory That's likely harmless. This should have upgraded your master.cf file. If Apple ships Postfix with a "postfix-files" that does not match reality, you have to seek support from them. Or did you replace their /etc/postfix, with yours, blowing away the original directory and its contents? In that case, re-install. -- Viktor.
Re: NOQUEUE: reject: RCPT 450 4.7.1 Recipient address rejected: Service is unavailable
Jason Lukasiewicz: > I "migrated" from a Mac OS Server 10.4.11 to a Mac OS X Server 10.6. > New Xserve and new software . . . . But it's likely the "migration" (auto > copying all old files) that is screwing me up. Ah. I suppose that MacOS should provide you with the proper support, or did you just copy the old config files over the new ones? > What the f$#@ do I do now ? Hopefully, the command "postfix upgrade-configuration" fixes this. I haven't closely looked at the Mac port of Postfix. Wietse
Re: NOQUEUE: reject: RCPT 450 4.7.1 Recipient address rejected: Service is unavailable
On Mon, Nov 22, 2010 at 02:34:48PM -0500, Wietse Venema wrote: > Jason Lukasiewicz: > > I "migrated" from a Mac OS Server 10.4.11 to a Mac OS X Server 10.6. > > New Xserve and new software . . . . But it's likely the "migration" (auto > > copying all old files) that is screwing me up. > > Ah. I suppose that MacOS should provide you with the proper support, > or did you just copy the old config files over the new ones? > > > What the f$#@ do I do now ? > > Hopefully, the command "postfix upgrade-configuration" fixes this. > I haven't closely looked at the Mac port of Postfix. When I run: $ uname -sr Darwin 10.4.0 i.e. MacOS X 10.6.4 and then: $ grep makedefs.out /etc/postfix/postfix-files so Apple neither ship makedefs.out, nor list it in postfix-files. The OP probably clobbered Apple's postfix-files file with an older one. -- Viktor.
Re: NOQUEUE: reject: RCPT 450 4.7.1 Recipient address rejected: Service is unavailable
On 11/22/2010 2:00 PM, Jason Lukasiewicz wrote: By the way, I am pretty impressed getting a response from "The Big Cheese" Oh Timo, where for art thou Timo? This guy needs help from the "Big Cheese". Thanks for your help developing, too, Wietse Venema. Jerrale G. SC Senior Admin
Default certificate authorities
Where does Postfix get its list of "system-supplied default certificate authority certificates" [1]? If it's an OpenSSL thing, is there some way I can make it spit the list out? [1] http://www.postfix.org/postconf.5.html#tls_append_default_CA
Strange error
Can anyone explain this error? What does it mean? Nov 22 16:10:03 delta1 postfix/sendmail[60981]: fatal: www(80): No recipient addresses found in message header Nov 22 16:31:46 delta1 postfix/sendmail[61690]: fatal: www(80): No recipient addresses found in message header Nov 22 16:44:13 delta1 postfix/sendmail[61897]: fatal: www(80): No recipient addresses found in message header Nov 22 17:10:37 delta1 postfix/sendmail[62359]: fatal: www(80): No recipient addresses found in message header Nov 22 17:15:26 delta1 postfix/sendmail[62393]: fatal: www(80): No recipient addresses found in message header Thanks! Jack Raats
Re: Default certificate authorities
On Mon, Nov 22, 2010 at 04:21:05PM -0500, Michael Orlitzky wrote: > Where does Postfix get its list of "system-supplied default certificate > authority certificates" [1]? If it's an OpenSSL thing, is there some way > I can make it spit the list out? Fine the OpenSSL command-line utility that matches the library Postfix is linked with. Then: openssl version -d For example, on a RedHat system: $ /usr/bin/openssl version -d OPENSSLDIR: "/usr/share/ssl" Then look for a cert.pem file in that directory, and a certs/ sub-directory, (which is only effective if someone runs c_rehash there). You can confirm via: $ strings -a /usr/lib/libcrypto.so | grep /usr/share OPENSSLDIR: "/usr/share/ssl" /usr/share/ssl/private /usr/share/ssl /usr/share/ssl/certs /usr/share/ssl/cert.pem -- Viktor.
Re: Strange error
On Mon, Nov 22, 2010 at 10:33:15PM +0100, Jack Raats wrote: > Can anyone explain this error? > > What does it mean? > > Nov 22 16:10:03 delta1 postfix/sendmail[60981]: fatal: www(80): No > recipient addresses found in message header The user "www" ran "sendmail -t" on a file with no "To:/Cc:/Bcc:" headers. Perhaps an empty file. Perhaps a partly failed attack on a CGI script, may be worth an audit of your web logs. -- Viktor.
