Re: lost connection while sending end of data -- message may be sent more than once

2011-03-04 Thread Stanisław Findeisen 
On 2011-02-24 13:09, Wietse Venema wrote:
> Stanisław Findeisen:
>> Hi
>>
>> I am getting such errors in the log:
>>
>> Feb 24 10:03:21 * postfix/smtp[9203]: C2EFF1823C1: lost connection with
>> ASPMX.L.GOOGLE.COM[74.125.43.27] while sending end of data -- message
>> may be sent more than once
>>
>> This happens many times a day with various servers --- not just
>> google.com. Otherwise everything works fine.
>>
>> What do you think the problem is?
> 
> Don't speculate, measure. Look at packet traces with tcpdump,
> and see at what point the connection breaks.
> 
> - Does the problem only happen with connections that use TCP window
> scaling? If so, you have a borked firewall that mis-implements TCP.
> 
> - Does the problem go away with small messages? If so, you have a
> broken IP path MTU problem.
> 
> And so on, there are many reasons why TCP can break.
> 
>   Wietse

Thank you, Wietse. Indeed the problem was with too big (1500) IPv4
packets going out. It is not clear yet why is the MTU calculation broken.

Some hop must really be broken there, because there is DF flag set on
outgoing IPv4 packets and we're not getting any ICMP Fragmentation
Needed back (we're just getting nothing).

Anyway this doesn't seem to be Postfix related.

-- 
Eisenbits - proven software solutions: http://www.eisenbits.com/
OpenPGP: DFD9 0146 3794 9CF6 17EA  D63F DBF5 8AA8 3B31 FE8A



signature.asc
Description: OpenPGP digital signature

Little bug (and resolution) in "postfix-install"

2011-03-04 Thread Matthieu Ambrosy 
Hello all,

if you specify a non default "config_directory" variable when using
"postfix-install" script, you'll have this error :
"postfix: fatal: open /etc/postfix/main.cf: No such file or directory"

To solve it, in the last line of "postfix-install", replace :
"bin/postfix post-install $post_install_options || exit 1"
by
"bin/postfix -c $CONFIG_DIRECTORY post-install $post_install_options || exit
1"

Regards,
Matthieu.

How to require smtp authentication and disallow not local sender?

2011-03-04 Thread theqavor 

Is there any way to require smtp authentication and disallow not local
sender?
System parameters: CentOS 5.5, Postfix 2.3.3, Dovecot.

Thanks in advance.

-- 
View this message in context: 
http://old.nabble.com/How-to-require-smtp-authentication-and-disallow-not-local-sender--tp31050624p31050624.html
Sent from the Postfix mailing list archive at Nabble.com.

strange problem when I create users

2011-03-04 Thread deconya 
Hi guys

Im viewing how to repair a problem using a postfix platform with openldap
and dovecot. This is the problem:

-When I create a new user inside openldap with mail account appears
correctly inside ldap but when I access first time appears inside
/var/spool/dovecot/ the folder of account bad. Not appears the name of uid,
appears the name of user mail, for ex:

drwx--   5 exemple Domain Users  4,0K 2011-03-04 13:28
exemple
drwx--   9 exemple Domain Users  4,0K 2011-03-04 13:29
exemple.usermail


Log filteered:

Mar  4 13:28:21 mailserver deliver(exemple): Loading modules from directory:
/usr/lib/dovecot/modules/lda
Mar  4 13:28:21 mailserver deliver(exemple): Module loaded:
/usr/lib/dovecot/modules/lda/lib10_quota_plugin.so
Mar  4 13:28:21 mailserver dovecot: auth(default): master in:
USER^I1^Iunesco^Iservice=deliver
Mar  4 13:28:21 mailserver dovecot: auth(default): prefetch(
exem...@mydomain.com): passdb didn't return userdb entries, trying the next
userdb
Mar  4 13:28:21 mailserver dovecot: auth(default): passwd(
exem...@mydomain.com): lookup
Mar  4 13:28:21 mailserver dovecot: auth(default): passwd(
exem...@mydomain.com): unknown user
Mar  4 13:28:21 mailserver dovecot: auth(default): ldap(exem...@mydomain.com):
user search: base=ou=Users, dc=ldap, dc=es scope=subtree
filter=(&(objectClass=posixAccount)(|(mail=exem...@mydomain.com)(uid=
exem...@mydomain.com)(uid=exemple)))
fields=homeDirectory,uidNumber,gidNumber,mailQuota
Mar  4 13:28:21 mailserver deliver(exemple): auth input: home=/home/exemple
Mar  4 13:28:21 mailserver deliver(exemple): auth input: uid=10017
Mar  4 13:28:21 mailserver deliver(exemple): auth input: gid=513
Mar  4 13:28:21 mailserver deliver(exemple): Home dir not found:
/home/exemple
Mar  4 13:28:21 mailserver deliver(exemple): Quota root: name=User quota
backend=maildir args=
Mar  4 13:28:21 mailserver deliver(exemple): Quota rule: root=User quota
mailbox=* bytes=52428800 messages=0
Mar  4 13:28:21 mailserver deliver(exemple): Quota rule: root=User quota
mailbox=Trash ignored
Mar  4 13:28:21 mailserver deliver(exemple): maildir:
data=/var/spool/dovecot/exemple/
Mar  4 13:28:21 mailserver deliver(exemple): maildir++:
root=/var/spool/dovecot/exemple, index=, control=,
inbox=/var/spool/dovecot/exemple
Mar  4 13:28:21 mailserver dovecot: auth(default): ldap(exem...@mydomain.com):
result: homeDirectory(home)=/home/exemple uidNumber(uid)=10017
gidNumber(gid)=513
Mar  4 13:28:21 mailserver dovecot: auth(default): master out: USER^I1^
iune...@mydomain.com^Ihome=/home/exemple^Iuid=10017^Igid=513
Mar  4 13:28:21 mailserver deliver(exemple):
msgid=<1299241700.26848.1.camel@infolinux>: saved mail to INBOX
Mar  4 13:28:21 mailserver postfix/pipe[29996]: 6191E26F95B: to=<
exem...@mydomain.com>, orig_to=,
relay=dovecot, delay=0.09, delays=0.03/0/0/0.06, dsn=2.0.0, status=sent
(delivered via dovecot service)
Mar  4 13:28:26 mailserver dovecot: auth-worker(default): pam(
exemplem...@mydomain.com,10.0.0.4): lookup service=dovecot
Mar  4 13:28:26 mailserver dovecot: auth-worker(default): pam(
exemplem...@mydomain.com,10.0.0.4): #1/1 style=1 msg=Password:
Mar  4 13:28:28 mailserver dovecot: auth-worker(default): pam(
exemplem...@mydomain.com,10.0.0.4): pam_authenticate() failed:
Authentication failure (password mismatch?)
Mar  4 13:28:28 mailserver dovecot: auth(default): ldap(
exemplem...@mydomain.com,10.0.0.4): bind search: base=ou=Users, dc=ldap,
dc=es filter=(&(objectClass=posixAccount)(|(mail=exemplem...@mydomain.com
)(uid=exemplem...@mydomain.com)))
Mar  4 13:28:28 mailserver dovecot: auth(default): auth(
exemplem...@mydomain.com,10.0.0.4): username changed
exemplem...@mydomain.com -> exemple
Mar  4 13:28:28 mailserver dovecot: auth(default): ldap(exemple,10.0.0.4):
result: homeDirectory(userdb_home)=/home/exemple uid(user)=exemple
uidNumber(userdb_uid)=10017 gidNumber(userdb_gid)=513
Mar  4 13:28:28 mailserver dovecot: auth(default): client out:
OK^I1^Iuser=exemple
Mar  4 13:28:28 mailserver dovecot: auth(default):
prefetch(exemple,10.0.0.4): success
Mar  4 13:28:28 mailserver dovecot: auth(default): master out: USER^I411619^
iunescochair.l...@mydomain.com^Ihome=/home/exemple^Iuid=10017^Igid=513
Mar  4 13:28:28 mailserver dovecot: imap-login: Login: user=,
method=PLAIN, rip=10.0.0.4, lip=10.0.0.5
Mar  4 13:28:28 mailserver dovecot: IMAP(exemplem...@mydomain.com): Loading
modules from directory: /usr/lib/dovecot/modules/imap
Mar  4 13:28:28 mailserver dovecot: IMAP(exemplem...@mydomain.com): Module
loaded: /usr/lib/dovecot/modules/imap/lib10_quota_plugin.so
Mar  4 13:28:28 mailserver dovecot: IMAP(exemplem...@mydomain.com): Module
loaded: /usr/lib/dovecot/modules/imap/lib11_imap_quota_plugin.so
Mar  4 13:28:28 mailserver dovecot: IMAP(exemplem...@mydomain.com):
Effective uid=10017, gid=513, home=/home/exemple
Mar  4 13:28:28 mailserver dovecot: IMAP(exemplem...@mydomain.com): Quota
root: name=User quota backend=maildir args=
Mar  4 13:28:28 mailserver

Kernel Oops

2011-03-04 Thread Denis Shulyaka 
Hi list!

I'm trying to run postfix on my OpenWrt system. I have successfully
compiled it and now I can send mails, but when I try to receive a
mail, smtpd crashes and I can see this in the system log:

Mar  4 14:46:29 shulyaka mail.info postfix/smtpd[18020]: connect from
mail-bw0-f52.google.com[209.85.214.52]
Mar  4 14:46:29 shulyaka kern.alert kernel: CPU 0 Unable to handle
kernel paging request at virtual address 0050, epc == 800fbdb4, ra
== 800fbdf8
Mar  4 14:46:29 shulyaka mail.warn postfix/master[16781]: warning:
process /usr/libexec/postfix/smtpd pid 18020 killed by signal 11
Mar  4 14:46:29 shulyaka mail.warn postfix/master[16781]: warning:
/usr/libexec/postfix/smtpd: bad command startup -- throttling
Mar  4 14:46:29 shulyaka kern.warn kernel: Oops[#23]:
Mar  4 14:46:29 shulyaka kern.warn kernel: Cpu 0
Mar  4 14:46:29 shulyaka kern.warn kernel: $ 0   :  0001
820b3280 8012c43c
Mar  4 14:46:29 shulyaka kern.warn kernel: $ 4   :  810c7e60
 
Mar  4 14:46:29 shulyaka kern.warn kernel: $ 8   : 0018 800643f8
802f fff4
Mar  4 14:46:29 shulyaka kern.warn kernel: $12   : f000 0001
0400 0043c994
Mar  4 14:46:29 shulyaka kern.warn kernel: $16   : 810c7e60 83577580
0003 7fcf9ec8
Mar  4 14:46:29 shulyaka kern.warn kernel: $20   : 0003 00409740
0046eaf0 004560a0
Mar  4 14:46:29 shulyaka kern.warn kernel: $24   : 0070 
Mar  4 14:46:29 shulyaka kern.warn kernel: $28   : 810c6000 810c7df0
0047 800fbdf8
Mar  4 14:46:29 shulyaka kern.warn kernel: Hi: 03b8
Mar  4 14:46:29 shulyaka kern.warn kernel: Lo: 0001e74d
Mar  4 14:46:29 shulyaka kern.warn kernel: epc   : 800fbdb4 0x800fbdb4
Mar  4 14:46:29 shulyaka kern.warn kernel: Tainted: G  D
Mar  4 14:46:29 shulyaka kern.warn kernel: ra: 800fbdf8 0x800fbdf8
Mar  4 14:46:29 shulyaka kern.warn kernel: Status: 1000fc03KERNEL EXL IE
Mar  4 14:46:29 shulyaka kern.warn kernel: Cause : 0088
Mar  4 14:46:29 shulyaka kern.warn kernel: BadVA : 0050
Mar  4 14:46:29 shulyaka kern.warn kernel: PrId  : 00019374 (MIPS 24Kc)
Mar  4 14:46:29 shulyaka kern.warn kernel: [truncated] Modules linked
in: ums_usbat ums_sddr55 ums_sddr09 ums_karma ums_jumpshot ums_isd200
ums_freecom sch_red sch_sfq ums_datafab sch_hfsc ums_cypress cls_fw
ums_alauda sch_ingress act_mirred act_connmark em_u32 ledtrig_u
Mar  4 14:46:29 shulyaka kern.warn kernel: Process smtpd (pid: 18020,
threadinfo=810c6000, task=82c49dc0, tls=2b7cb2f0)
Mar  4 14:46:29 shulyaka kern.warn kernel: Stack : 82016dc0 0001
83b35480 83577580  810c7e60 83577580 800fbdf8
Mar  4 14:46:29 shulyaka kern.warn kernel: 80a5e000 800e4544
7fcf9ec8 800e36f8  810c7ed0 810c7e60 800fbe48
Mar  4 14:46:29 shulyaka kern.warn kernel:  80a5e000
80a5e000 800e4928 80c48300 810c7ed8 00453af8 800fbfb4
Mar  4 14:46:29 shulyaka kern.warn kernel: 83b35480 83577580
0001 82016dc0    
Mar  4 14:46:29 shulyaka kern.warn kernel:  
     
Mar  4 14:46:29 shulyaka kern.warn kernel: ...
Mar  4 14:46:29 shulyaka kern.warn kernel: Call Trace:[<800fbdf8>] 0x800fbdf8
Mar  4 14:46:29 shulyaka kern.warn kernel: [<800e4544>] 0x800e4544
Mar  4 14:46:29 shulyaka kern.warn kernel: [<800e36f8>] 0x800e36f8
Mar  4 14:46:29 shulyaka kern.warn kernel: [<800fbe48>] 0x800fbe48
Mar  4 14:46:29 shulyaka kern.warn kernel: [<800e4928>] 0x800e4928
Mar  4 14:46:29 shulyaka kern.warn kernel: [<800fbfb4>] 0x800fbfb4
Mar  4 14:46:29 shulyaka kern.warn kernel: [<800fc0dc>] 0x800fc0dc
Mar  4 14:46:29 shulyaka kern.warn kernel: [<8009d0c8>] 0x8009d0c8
Mar  4 14:46:29 shulyaka kern.warn kernel: [<800d9c84>] 0x800d9c84
Mar  4 14:46:29 shulyaka kern.warn kernel: [<80081744>] 0x80081744
Mar  4 14:46:29 shulyaka kern.warn kernel: [<80062544>] 0x80062544
Mar  4 14:46:29 shulyaka kern.warn kernel: Code: afb10018  afb00014
afbf001c <8c820050> 00808821  00a08021  8c420024  8c43002c  10600012

This happens every time I receive a mail.
I also tried to telnet to the smtp port and found out that postfix
correctly responds to HELO and crashes right after I send MAIL
command.

Besides that, the whole system is very stable, so I don't believe it
is a hardware fault.

Postfix version 2.8.0
# uname -r
2.6.37.1
# uname -m
mips
# free
  total used free   shared  buffers
  Mem:6204048348136920 5916
 Swap:   5242840   524284
Total:   58632448348   537976

Best regards,
Denis Shulyaka

Re: Kernel Oops

2011-03-04 Thread Ralf Hildebrandt 
* Denis Shulyaka :
> Hi list!
> 
> I'm trying to run postfix on my OpenWrt system. I have successfully
> compiled it and now I can send mails, but when I try to receive a
> mail, smtpd crashes and I can see this in the system log:
> 
> Mar  4 14:46:29 shulyaka mail.info postfix/smtpd[18020]: connect from 
> mail-bw0-f52.google.com[209.85.214.52]
> Mar  4 14:46:29 shulyaka kern.alert kernel: CPU 0 Unable to handle kernel 
> paging request at virtual address 0050, epc == 800fbdb4, ra == 800fbdf8
> Mar  4 14:46:29 shulyaka mail.warn postfix/master[16781]: warning: process 
> /usr/libexec/postfix/smtpd pid 18020 killed by signal 11
> Mar  4 14:46:29 shulyaka mail.warn postfix/master[16781]: warning: 
> /usr/libexec/postfix/smtpd: bad command startup -- throttling

Sounds like you run out of memory.
But let's see what the others say...

> # free
>   total used free   shared  buffers
>   Mem:6204048348136920 5916
>  Swap:   5242840   524284
> Total:   58632448348   537976
> 
> Best regards,
> Denis Shulyaka

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: How to require smtp authentication and disallow not local sender?

2011-03-04 Thread Nikolaos Milas 
You mean you want to allow (SASL) authenticated clients (wherever they 
are) and allow them only to send from their true ("local") mail address?


For example, if your hosted domain is example.com and the user's mail 
address is us...@example.com, you want the user to (SASL) authenticate 
as userx and then be able to send only from the mail address 
us...@example.com?


Or what?

You should clarify.

Nick


On 4/3/2011 2:21 μμ, theqavor wrote:

Is there any way to require smtp authentication and disallow not local
sender?
System parameters: CentOS 5.5, Postfix 2.3.3, Dovecot.

Thanks in advance.





smime.p7s
Description: S/MIME Cryptographic Signature

Re: Kernel Oops

2011-03-04 Thread john 

What hardware are running openwrt on?

Re: Kernel Oops

2011-03-04 Thread Ralf Hildebrandt 
* john :
> What hardware are running openwrt on?
Sounds like a MIPS based OpenWRT system, e.g. a WRT54g (am I correct?)

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: Kernel Oops

2011-03-04 Thread john 

On 04/03/2011 8:58 AM, Denis Shulyaka wrote:

Hi John,

It's D-Link DIR-825 router, CPU Atheros AR7161@680MHz (mips)

2011/3/4 john:

What hardware are running openwrt on?

I think that you are being a little ambitious, that box has 8M flash and 
64M RAM.


"All that is necessary for the triumph of evil is that good men do nothing." 
(Edmund Burke)

Re: posfix rejected from google server

2011-03-04 Thread kapetr 
Hello.

first I have to say: the problem with home/dynamic IP ranges,
business accounts, ... and therefore the need of using relay of my
ISP in my case I have well understand and I do it so.

What I'm interesting for is still the:

> http://cbl.abuseat.org/lookup.cgi?ip=85.71.234.108+&.submit=Lookup
>
> says -as you wrote:
> IP Address 85.71.234.108 is listed in the CBL. It appears to be
> infected with a spam sending trojan or proxy.
> It was last detected at 2011-03-01 07:00 GMT (+/- 30 minutes),

So the question is, how I get into such list and why am I recognized
as " infected with a spam sending trojan or proxy" and not just
"disabled while dynamic IP range".


I have first time used Postfix (after install) at  2011-03-01 06:00
GMT

And at  2011-03-01 06:44 GMT I have try send test e-mail to my
, which was rejected back.

So my conclusion is, that my only "crime" was this action: attempt
of send mail to Goggle SMTP server from homeIP address. The Google
server probably immediately have send report of that to
cbl.abuseat.org, which has it rated as I would be "infected with a
spam sending trojan or proxy", which is not accurate - NOT correct. 

Maybe cbl.abuseat.org simple things, that if someone try to send
emails from MTA on homeIP, then it must be spamer or infected system
?!

On spamhaus.org I am in PBL (which is correct - dynamic range) and
unfortunately also in XBL, just while I am listed by the CBL at
abuseat.org - as discussed above.

My logs are OK. No spams. No one is abusing my system. I'm 99.99%
sure :)


Thanks to all

--kapetr

Re: Little bug (and resolution) in "postfix-install"

2011-03-04 Thread Wietse Venema 
Matthieu Ambrosy:
> Hello all,
> 
> if you specify a non default "config_directory" variable when using
> "postfix-install" script, you'll have this error :
> "postfix: fatal: open /etc/postfix/main.cf: No such file or directory"

This is not supported. It breaks local submission via /usr/sbin/sendmail,
among other things.

The supported options are:

1) Install Postfix first with default config directory, then
install a secondary instance with non-default config directory.
See MULTI_INSTANCE_README.html.

2) Build Postfix with DEF_CONFIG_DIR override. See INSTALL file.

Wietse

> To solve it, in the last line of "postfix-install", replace :
> "bin/postfix post-install $post_install_options || exit 1"
> by
> "bin/postfix -c $CONFIG_DIRECTORY post-install $post_install_options || exit
> 1"
> 
> Regards,
> Matthieu.

Re: Kernel Oops

2011-03-04 Thread john 
I think you should listen to the advise you were given on the OpenWRT 
developers forum by Philip.



"All that is necessary for the triumph of evil is that good men do 
nothing." (Edmund Burke)

Re: Little bug (and resolution) in "postfix-install"

2011-03-04 Thread Matthieu Ambrosy 
Yeah, sendmail doesnt work anymore with other main.cf location, I noticed
that so I have removed the "config_directory" variable.
Thanks for the "DEF_CONFIG_DIR" tip.

Regards,
Matthieu.

2011/3/4 Wietse Venema 

> Matthieu Ambrosy:
> > Hello all,
> >
> > if you specify a non default "config_directory" variable when using
> > "postfix-install" script, you'll have this error :
> > "postfix: fatal: open /etc/postfix/main.cf: No such file or directory"
>
> This is not supported. It breaks local submission via /usr/sbin/sendmail,
> among other things.
>
> The supported options are:
>
> 1) Install Postfix first with default config directory, then
> install a secondary instance with non-default config directory.
> See MULTI_INSTANCE_README.html.
>
> 2) Build Postfix with DEF_CONFIG_DIR override. See INSTALL file.
>
>Wietse
>
> > To solve it, in the last line of "postfix-install", replace :
> > "bin/postfix post-install $post_install_options || exit 1"
> > by
> > "bin/postfix -c $CONFIG_DIRECTORY post-install $post_install_options ||
> exit
> > 1"
> >
> > Regards,
> > Matthieu.
>
>

Re: Kernel Oops

2011-03-04 Thread Denis Shulyaka 
Hi Ralf,

Thanks for the response.
I think 13 Mb should be well enough for receiving a message, and I
also expect some different error message if it is a memory allocation
problem.

2011/3/4 Ralf Hildebrandt :
> Sounds like you run out of memory.
> But let's see what the others say...
>
>> # free
>>               total         used         free       shared      buffers
>>   Mem:        62040        48348        13692            0         5916
>>  Swap:       524284            0       524284
>> Total:       586324        48348       537976

Re: Postfix und SSL client problem.

2011-03-04 Thread kapetr 
Victor Duchovni  wrote:

>Note, however, that stunnel will not by default verify peer
>certificates, so
>>additional configuration is required for that. Only stunnel's
>verification
>>level 3, where the remote peer certificate is locally installed in
>a
>>local CAfile referenced in the stunnel.conf file actually verifies
>that
>>you are reaching the right peer server.
>
>Stunnel has no support for peername verification via trusted
>CAs. Stunnel's verification level 2 just lulls unsuspecting users
>into
>>a false sense of security. It just verifies the certificate trust
>chain
>>(essentially pointless), but not the peername. I tried to convince
>the
>>author of stunnel that verification level 2 is broken, and should
>be
>>modified, ... he was not interested.
>
>- --
>Viktor.

Thank you for warning!
I will try to learn more about it.

At the moment am I  satisfied with fact, that the communication with
ISPs server is encrypted.  So my with SALS LOGIN/PLAIN send
name/passwd are +- safe.
Maybe I should at least use IP (not name) of my ISPs server in
stunnel conf, or add his name to my protected /etc/hosts.

--kapetr

Re: Kernel Oops

2011-03-04 Thread Wietse Venema 
Denis Shulyaka:
> Hi Ralf,
> 
> Thanks for the response.
> I think 13 Mb should be well enough for receiving a message, and I
> also expect some different error message if it is a memory allocation
> problem.

Postfix asks the kernel for memory. If the kernel oopses and crashes
Postfix, then that can't be fixed by changing Postfix.

Wietse

Re: Kernel Oops

2011-03-04 Thread Denis Shulyaka 
Hi Wietse,

How much memory does smtpd need to receive a message, approximately?
Can I tweak this value somehow?


2011/3/4 Wietse Venema :
> Denis Shulyaka:
>> Hi Ralf,
>>
>> Thanks for the response.
>> I think 13 Mb should be well enough for receiving a message, and I
>> also expect some different error message if it is a memory allocation
>> problem.
>
> Postfix asks the kernel for memory. If the kernel oopses and crashes
> Postfix, then that can't be fixed by changing Postfix.
>
>        Wietse
>
>

Re: strange problem when I create users

2011-03-04 Thread Noel Jones 

On 3/4/2011 6:41 AM, deconya wrote:

Hi guys

Im viewing how to repair a problem using a postfix platform
with openldap and dovecot. This is the problem:

-When I create a new user inside openldap with mail account
appears correctly inside ldap but when I access first time
appears inside /var/spool/dovecot/ the folder of account bad.
Not appears the name of uid, appears the name of user mail,
for ex:

drwx--   5 exemple Domain Users  4,0K
2011-03-04 13:28 exemple
drwx--   9 exemple Domain Users  4,0K
2011-03-04 13:29 exemple.usermail



Sounds as if you're having a dovecot configuration problem. 
Best to ask on the dovecot users list.




  -- Noel Jones





Log filteered:

Mar  4 13:28:21 mailserver deliver(exemple): Loading modules
from directory: /usr/lib/dovecot/modules/lda
Mar  4 13:28:21 mailserver deliver(exemple): Module loaded:
/usr/lib/dovecot/modules/lda/lib10_quota_plugin.so
Mar  4 13:28:21 mailserver dovecot: auth(default): master in:
USER^I1^Iunesco^Iservice=deliver
Mar  4 13:28:21 mailserver dovecot: auth(default):
prefetch(exem...@mydomain.com ):
passdb didn't return userdb entries, trying the next userdb
Mar  4 13:28:21 mailserver dovecot: auth(default):
passwd(exem...@mydomain.com ): lookup
Mar  4 13:28:21 mailserver dovecot: auth(default):
passwd(exem...@mydomain.com ):
unknown user
Mar  4 13:28:21 mailserver dovecot: auth(default):
ldap(exem...@mydomain.com ): user
search: base=ou=Users, dc=ldap, dc=es scope=subtree
filter=(&(objectClass=posixAccount)(|(mail=exem...@mydomain.com 
)(uid=exem...@mydomain.com
)(uid=exemple)))
fields=homeDirectory,uidNumber,gidNumber,mailQuota
Mar  4 13:28:21 mailserver deliver(exemple): auth input:
home=/home/exemple
Mar  4 13:28:21 mailserver deliver(exemple): auth input: uid=10017
Mar  4 13:28:21 mailserver deliver(exemple): auth input: gid=513
Mar  4 13:28:21 mailserver deliver(exemple): Home dir not
found: /home/exemple
Mar  4 13:28:21 mailserver deliver(exemple): Quota root:
name=User quota backend=maildir args=
Mar  4 13:28:21 mailserver deliver(exemple): Quota rule:
root=User quota mailbox=* bytes=52428800 messages=0
Mar  4 13:28:21 mailserver deliver(exemple): Quota rule:
root=User quota mailbox=Trash ignored
Mar  4 13:28:21 mailserver deliver(exemple): maildir:
data=/var/spool/dovecot/exemple/
Mar  4 13:28:21 mailserver deliver(exemple): maildir++:
root=/var/spool/dovecot/exemple, index=, control=,
inbox=/var/spool/dovecot/exemple
Mar  4 13:28:21 mailserver dovecot: auth(default):
ldap(exem...@mydomain.com ):
result: homeDirectory(home)=/home/exemple uidNumber(uid)=10017
gidNumber(gid)=513
Mar  4 13:28:21 mailserver dovecot: auth(default): master out:
USER^I1^iune...@mydomain.com
^Ihome=/home/exemple^Iuid=10017^Igid=513
Mar  4 13:28:21 mailserver deliver(exemple):
msgid=<1299241700.26848.1.camel@infolinux>: saved mail to INBOX
Mar  4 13:28:21 mailserver postfix/pipe[29996]: 6191E26F95B:
to=mailto:exem...@mydomain.com>>,
orig_to=mailto:exemplem...@admi.mydomain.com>>, relay=dovecot,
delay=0.09, delays=0.03/0/0/0.06, dsn=2.0.0, status=sent
(delivered via dovecot service)
Mar  4 13:28:26 mailserver dovecot: auth-worker(default):
pam(exemplem...@mydomain.com
,10.0.0.4): lookup
service=dovecot
Mar  4 13:28:26 mailserver dovecot: auth-worker(default):
pam(exemplem...@mydomain.com
,10.0.0.4): #1/1 style=1
msg=Password:
Mar  4 13:28:28 mailserver dovecot: auth-worker(default):
pam(exemplem...@mydomain.com
,10.0.0.4):
pam_authenticate() failed: Authentication failure (password
mismatch?)
Mar  4 13:28:28 mailserver dovecot: auth(default):
ldap(exemplem...@mydomain.com
,10.0.0.4): bind search:
base=ou=Users, dc=ldap, dc=es
filter=(&(objectClass=posixAccount)(|(mail=exemplem...@mydomain.com
)(uid=exemplem...@mydomain.com 
)))
Mar  4 13:28:28 mailserver dovecot: auth(default):
auth(exemplem...@mydomain.com
,10.0.0.4): username changed
exemplem...@mydomain.com  ->
exemple
Mar  4 13:28:28 mailserver dovecot: auth(default):
ldap(exemple,10.0.0.4): result:
homeDirectory(userdb_home)=/home/exemple uid(user)=exemple
uidNumber(userdb_uid)=10017 gidNumber(userdb_gid)=513
Mar  4 13:28:28 mailserver dovecot: auth(default): client out:
OK^I1^Iuser=exemple
Mar  4 13:28:28 mailserver dovecot: auth(default):
prefetch(exemple,10.0.0.4): success
Mar  4 13:28:28 mailserver dovecot: auth(default): master out:
USER^I411619^iunescochair.l...@mydomain.com
^Ihome=/home/exemple^Iuid=10017^Igid=513
Mar  4 13:28:28 mai

Re: Kernel Oops

2011-03-04 Thread Denis Shulyaka 
Hi John,

I don't agree with Philip, but the only way to prove my point is to
make it running.
I will need to see it myself to believe that 64M RAM + swap is not enough.

2011/3/4 john :
> I think you should listen to the advise you were given on the OpenWRT
> developers forum by Philip.

configuring server how multiple relayhost

2011-03-04 Thread deconya 
Hi guys

Im looking in my postfix mail server to configure a relayhost filtering by
domain. Actually has different subdomains sub1.domain.com
sub2.domain.comand a unique relayhost putted appointing to the
Antispam IP server. I need
to configure a subdomain test.mydomain.com appointing to other relayhost.
It's possible to made this?

my main.cf is:

myhostname = mailserver
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mydomain.com, test.mydomain.com, localhost
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 10.0.0.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
relayhost = 10.0.0.20

How I can especify different relayhost filtering by domain?

Thanks And Best Regards

Re: Kernel Oops

2011-03-04 Thread Noel Jones 

On 3/4/2011 9:13 AM, Denis Shulyaka wrote:

Hi John,

I don't agree with Philip, but the only way to prove my point is to
make it running.
I will need to see it myself to believe that 64M RAM + swap is not enough.


Things to try:

Don't use any lookup tables.

comment out all unused entries in master.cf.

set in main.cf:
default_process_limit = 1


Even still, I doubt it will work.


  -- Noel Jones

Re: Kernel Oops

2011-03-04 Thread Wietse Venema 
Wietse:
> > Postfix asks the kernel for memory. If the kernel oopses and crashes
> > Postfix, then that can't be fixed by changing Postfix.

Denis Shulyaka:
> How much memory does smtpd need to receive a message, approximately?
> Can I tweak this value somehow?

First, you can't run Postfix on a kernel that oopses and sends
signal 11 when Postfix asks for memory. It should report the 
memory shortage to Postfix instead.

The amount of memory depends on libc, and on what else you linked
into Postfix: OpenSSL, PCRE, LDAP, and so on quickly add up to the
memory footprint.

The biggest tweak is reducing default_process_limit by a factor 10
or more. Other tweaks are reducing qmgr_message_active_limit and
qmgr_message_recipient_limit by a factor 10 or more.

Wietse

Re: Kernel Oops

2011-03-04 Thread Denis Shulyaka 
Hi Noel, Wietse,

Thanks! I will try to do this and will update you with the result.

Best regards,
Denis Shulyaka

Re: How to require smtp authentication and disallow not local sender?

2011-03-04 Thread theqavor 

Thank you for reply.

I want, that from Postfix only authenticated users can send mail, and only
from those addresses, which belongs them.
For example, if we have user A, who has aliases AA, AAA, A_A,  then before
sending a message user A must pass authentication, after user can send
message only from addresses. a...@example.com, a...@example.com, 
a...@example.com,
a...@example.com.

-- 
View this message in context: 
http://old.nabble.com/How-to-require-smtp-authentication-and-disallow-not-local-sender--tp31050624p31068833.html
Sent from the Postfix mailing list archive at Nabble.com.

Re: Kernel Oops

2011-03-04 Thread Wietse Venema 
Wietse Venema:
> The biggest tweak is reducing default_process_limit by a factor 10
> or more. Other tweaks are reducing qmgr_message_active_limit and
> qmgr_message_recipient_limit by a factor 10 or more.

And don't use Berkeley DB. Use CDB instead.

Wietse

Re: Kernel Oops

2011-03-04 Thread Steve Jenkins 
On Fri, Mar 4, 2011 at 8:01 AM, Denis Shulyaka  wrote:
> Thanks! I will try to do this and will update you with the result.

When I read Denis' first post I thought "WHAT? Postfix on a WRT54G? He's crazy!"

But now I'm rooting for you, Denis! I hope you get it working! :)

SteveJ

Re: Postfix und SSL client problem.

2011-03-04 Thread Victor Duchovni 
On Fri, Mar 04, 2011 at 03:41:09PM +0100, kapetr wrote:

> At the moment am I  satisfied with fact, that the communication with
> ISPs server is encrypted.  So my with SALS LOGIN/PLAIN send
> name/passwd are +- safe.

There is no such thing as "safe", rather "safe" is always relative to
a set of threats that are mitigated. Encryption is not synonymous with
security. Rather, encryption yields confidentiality protection against
a passive wiretap.

So your username/password are safe from interception by an attacker who
passively captures packets. Your username/password are not safe from
a man-in-the-middle attack, thwarting that requires authentication as
well as encryption. With stunnel that means "verify = 3" and a local
copy of the SMTP server certificate.

The peer certificate copy is IIRC only used for its "subject DN",
so if the peer certificate is renewed, without changing any of
the DN components, it will still match provided the trust chain
verifies. Basically, stunnel only supports authentication via a cert in
the CAfile whose DN exactly matches the peer DN. You can even generate a
cert such a self-signed certificate yourself and throw away the private
key. Provided the subject DN matches the peer's subject DN you're set.

-- 
Viktor.

Re: posfix rejected from google server

2011-03-04 Thread /dev/rob0 
On Fri, Mar 04, 2011 at 03:29:08PM +0100, kapetr wrote:
> first I have to say: the problem with home/dynamic IP ranges,
> business accounts, ... and therefore the need of using relay of
> my ISP in my case I have well understand and I do it so.
> 
> What I'm interesting for is still the:
> 
> > http://cbl.abuseat.org/lookup.cgi?ip=85.71.234.108+&.submit=Lookup
> >
> > says -as you wrote:
> > IP Address 85.71.234.108 is listed in the CBL. It appears to be
> > infected with a spam sending trojan or proxy.
> > It was last detected at 2011-03-01 07:00 GMT (+/- 30 minutes),
> 
> So the question is, how I get into such list and why am I 
> recognized as " infected with a spam sending trojan or proxy"
> and not just "disabled while dynamic IP range".

Did you read the rest of that page, and these links?
http://cbl.abuseat.org/nat.html
http://cbl.abuseat.org/advanced.html

> I have first time used Postfix (after install) at  2011-03-01 06:00
> GMT
> 
> And at  2011-03-01 06:44 GMT I have try send test e-mail to my
> , which was rejected back.
> 
> So my conclusion is, that my only "crime" was this action: attempt
> of send mail to Goggle SMTP server from homeIP address. The Google
> server probably immediately have send report of that to
> cbl.abuseat.org, which has it rated as I would be "infected with a
> spam sending trojan or proxy", which is not accurate - NOT correct. 

I doubt your conclusion. IIUC CBL detects spam based on content and 
ONLY when it hits a spamtrap address; that is, an address which has 
never been used for legitimate mail and was harvested by spammers.

I further highly doubt any link between Gmail and CBL exists.

> Maybe cbl.abuseat.org simple things, that if someone try to send
> emails from MTA on homeIP, then it must be spamer or infected system
> ?!
> 
> On spamhaus.org I am in PBL (which is correct - dynamic range) and
> unfortunately also in XBL, just while I am listed by the CBL at
> abuseat.org - as discussed above.
> 
> My logs are OK. No spams. No one is abusing my system. I'm 99.99%
> sure :)

Block and log all outbound accesses to port 25 in your firewall. Oh 
wait ... the links above tell you that. You need to go through those 
before posting again. As the advanced.html page says, it can be very 
difficult to identify the source of the spam.

Also it's not really on topic here. If you'll indulge a shameless 
self-promotion, this would be quite on topic on this list, which I
co-manage:
http://spammers.dontlike.us/
We do have a CBL representative who subscribes and sometimes posts.
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: How to require smtp authentication and disallow not local sender?

2011-03-04 Thread Nikolaos Milas 

You can:

# Define address ownerships:
smtpd_sender_login_maps = hash:/etc/postfix/mailloginmap
# Reject the request if ownership is not observed
smtpd_sender_restrictions = reject_sender_login_mismatch

# /etc/postfix/mailloginmap:
a...@example.com A
a...@example.com A
a...@example.com A
a...@example.com A
...

You need to define ownerships for all aliases/mail-addresses.

And you may want to read this too: 
http://www.mail-archive.com/postfix-users@postfix.org/msg32442.html

and: http://www.postfix.org/postconf.5.html

Nick


On 4/3/2011 6:04 μμ, theqavor wrote:

Thank you for reply.

I want, that from Postfix only authenticated users can send mail, and only
from those addresses, which belongs them.
For example, if we have user A, who has aliases AA, AAA, A_A,  then before
sending a message user A must pass authentication, after user can send
message only from addresses. a...@example.com, a...@example.com, 
a...@example.com,
a...@example.com.





smime.p7s
Description: S/MIME Cryptographic Signature

Re: Kernel Oops

2011-03-04 Thread Stan Hoeppner 
Ralf Hildebrandt put forth on 3/4/2011 6:53 AM:
> * Denis Shulyaka :
>> Hi list!
>>
>> I'm trying to run postfix on my OpenWrt system. I have successfully
>> compiled it and now I can send mails, but when I try to receive a
>> mail, smtpd crashes and I can see this in the system log:
>>
>> Mar  4 14:46:29 shulyaka mail.info postfix/smtpd[18020]: connect from 
>> mail-bw0-f52.google.com[209.85.214.52]
>> Mar  4 14:46:29 shulyaka kern.alert kernel: CPU 0 Unable to handle kernel 
>> paging request at virtual address 0050, epc == 800fbdb4, ra == 800fbdf8
>> Mar  4 14:46:29 shulyaka mail.warn postfix/master[16781]: warning: process 
>> /usr/libexec/postfix/smtpd pid 18020 killed by signal 11
>> Mar  4 14:46:29 shulyaka mail.warn postfix/master[16781]: warning: 
>> /usr/libexec/postfix/smtpd: bad command startup -- throttling
> 
> Sounds like you run out of memory.
> But let's see what the others say...

AFAIK OOM will throw a different error.  More than likely his problem is
a MIPS kernel compile issue or a problem with his RAM.  Googling "Unable
to handle kernel paging request" turns up some interesting results, this
one on the first page likely being the most relevant, though 6 years old.

http://www.linux-mips.org/archives/linux-mips/2004-10/msg00314.html

The OP needs to follow the troubleshooting procedure in the above
thread, and if he can't solve it alone, take it up on lkml.

-- 
Stan

Re: Kernel Oops

2011-03-04 Thread Wietse Venema 
Steve Jenkins:
> On Fri, Mar 4, 2011 at 8:01 AM, Denis Shulyaka  wrote:
> > Thanks! I will try to do this and will update you with the result.
> 
> When I read Denis' first post I thought "WHAT? Postfix on a WRT54G? He's 
> crazy!"
> 
> But now I'm rooting for you, Denis! I hope you get it working! :)

+1. It's fun to find out how small Postfix can get.

Postfix has been running since late 1998 on a 64MB box, 24/7.  I
replaced the few parts that break, and blow out the dust once a
year or so.  Good hardware does not die.

Wietse

Re: Kernel Oops

2011-03-04 Thread Daniel Bromberg 

On 3/4/2011 2:01 PM, Wietse Venema wrote:

Steve Jenkins:

On Fri, Mar 4, 2011 at 8:01 AM, Denis Shulyaka  wrote:

Thanks! I will try to do this and will update you with the result.

When I read Denis' first post I thought "WHAT? Postfix on a WRT54G? He's crazy!"

But now I'm rooting for you, Denis! I hope you get it working! :)

+1. It's fun to find out how small Postfix can get.

Postfix has been running since late 1998 on a 64MB box, 24/7.  I
replaced the few parts that break, and blow out the dust once a
year or so.  Good hardware does not die.

Wietse
A cheers from this corner as well. A light  just went on. Did not even 
realize until now the referent was an old fashioned, jailbroken blue-box 
Linksys router. Talk about consolidation! "Oh, that's your home router? 
-- No, corporate mailhub." Please, post a detailed blog and link to it 
when you're done!


-Daniel

Re: Kernel Oops

2011-03-04 Thread Denis Shulyaka 
Hi Daniel,

Actually it's D-Link DIR 825 with attached USB hard drive, and it's
white and stylish!

2011/3/4 Daniel Bromberg :
> On 3/4/2011 2:01 PM, Wietse Venema wrote:
>>
>> Steve Jenkins:
>>>
>>> On Fri, Mar 4, 2011 at 8:01 AM, Denis Shulyaka
>>>  wrote:

 Thanks! I will try to do this and will update you with the result.
>>>
>>> When I read Denis' first post I thought "WHAT? Postfix on a WRT54G? He's
>>> crazy!"
>>>
>>> But now I'm rooting for you, Denis! I hope you get it working! :)
>>
>> +1. It's fun to find out how small Postfix can get.
>>
>> Postfix has been running since late 1998 on a 64MB box, 24/7.  I
>> replaced the few parts that break, and blow out the dust once a
>> year or so.  Good hardware does not die.
>>
>>        Wietse
>
> A cheers from this corner as well. A light  just went on. Did not even
> realize until now the referent was an old fashioned, jailbroken blue-box
> Linksys router. Talk about consolidation! "Oh, that's your home router? --
> No, corporate mailhub." Please, post a detailed blog and link to it when
> you're done!
>
> -Daniel
>
>

pcre map: matched text exceeds buffer limit

2011-03-04 Thread Gábor Lénárt 
Hi,

I've tried to utilize google a bit to find some similar problems, but I had
no success, so I am trying here now.

I have some (quite old ... I know) MTAs running postfix:

2.5.4 on Solaris 10 (sparc)
2.5.1 on Ubuntu Linux 8.04.4 LTS (32 bit x86)
2.5.4 on Solaris 9 (sparc)

Most of the time, no problems for days, or even for months. However
sometimes the sender gets response

451 4.3.0 Error: queue file write error

Note that it happens very rarely, but then it's permanent for that given
mail. But it seems no other mail transaction is affected even not from the
same sender MTA. Since it's about one mail in millions, I could ignore the
problem, but it's very annoying that I don't know the answer :)
Also it seems all of our MTAs does the same for that given mail, even they
are using different versions, hardwares and OSes, the problem is exactly
about the very same mail (at least I guess, since the sender/recipient is
the same)

Based on the time of the problem I've searched the logs. I've found this:

Mar  4 19:37:03 z postfix/cleanup[16524]: fatal: pcre map
/etc/postfix/header_checks.pcre, line 20: matched text exceeds buffer limit
Mar  4 19:37:04 z postfix/master[15374]: warning: process
/usr/lib/postfix/cleanup pid 16524 exit status 1

These two lines always appears in the log in case the problem.
The mentioned line of header_checks.pcre:

/^Subject: .*[0-9][0-9].*(OFF|0FF|ALL).* Pfizer/ REJECT Stop spamming us!

The corresponding directive in main.cf which instructs postfix to use
that pcre map to check headers:

header_checks = pcre:/etc/postfix/header_checks.pcre

Have someone a clue what can be the problem? I can try newer postfix of
course, but I am also interested what can cause this, also the next time
when I am allowed to do major modification in the system (like software
upgrade: postfix) is still two weeks away at least.

Thanks a lot in advance,

- Gábor

Re: pcre map: matched text exceeds buffer limit

2011-03-04 Thread Victor Duchovni 
On Fri, Mar 04, 2011 at 08:42:35PM +0100, G?bor L?n?rt wrote:

> These two lines always appears in the log in case the problem.
> The mentioned line of header_checks.pcre:
> 
> /^Subject: .*[0-9][0-9].*(OFF|0FF|ALL).* Pfizer/ REJECT Stop spamming us!

Try:

# All Subject rules go between this "if" and the final /^/ OK
# above the "endif".
#
if /^Subject:/
/[0-9][0-9].*?(?:OFF|0FF|ALL).*? Pfizer/ REJECT Stop spamming us!
# ... remaining subject rules ...
/^/ OK
endif

The most substantive improvement is the change from (OFF|0FF|ALL) to
(?:OFF|0FF|ALL) which should suppress generation of match substrings.
The rest is just hygiene that may improve performance.

-- 
Viktor.

Re: pcre map: matched text exceeds buffer limit

2011-03-04 Thread Stan Hoeppner 
Gábor Lénárt put forth on 3/4/2011 1:42 PM:

> Based on the time of the problem I've searched the logs. I've found this:
> 
> Mar  4 19:37:03 z postfix/cleanup[16524]: fatal: pcre map
> /etc/postfix/header_checks.pcre, line 20: matched text exceeds buffer limit
> Mar  4 19:37:04 z postfix/master[15374]: warning: process
> /usr/lib/postfix/cleanup pid 16524 exit status 1
> 
> These two lines always appears in the log in case the problem.
> The mentioned line of header_checks.pcre:
> 
> /^Subject: .*[0-9][0-9].*(OFF|0FF|ALL).* Pfizer/ REJECT Stop spamming us!

That regex is a problem, I think.  Your use of '.*' three times is
likely the cause of exceeding the buffer limit, as it appears that once
'Pfizer' gets matched, the entire line gets matched, if I'm reading it
correctly.  Try something more basic like this, though it will be
relatively FP prone depending on your user base:

/^Subject: .*Pfizer.*/ REJECT Stop spamming us

However, something like 99%++ of pill spam comes from botnets, so you
could stop most of this type of junk simply using appropriate dnsbls,
and using rDNS checks against the client host.  This PCRE file does a
really nice job with the latter:

http://www.hardwarefreak.com/fqrdns.pcre

Instructions are in the top of the file.  It contains over 1600 regexes
matching mostly residential/dynamic netblocks worldwide.  It's fast and
effective.  Used in conjunction with the Spamhaus ZEN dnsbl you should
be able to stop 99%++ of bot spam.

Using selective greylisting with Postgrey will kill pretty much all bot
spam, but with the downside of delivery delays and resource consumption.
 Upgrading to Postfix 2.8 and configuring postscreen will stop most, if
not all, bot spam, as well, and without the downsides of greylisting.

-- 
Stan

Re: Kernel Oops

2011-03-04 Thread lst_hoe02 

Zitat von Wietse Venema :


Steve Jenkins:

On Fri, Mar 4, 2011 at 8:01 AM, Denis Shulyaka  wrote:
> Thanks! I will try to do this and will update you with the result.

When I read Denis' first post I thought "WHAT? Postfix on a WRT54G?  
He's crazy!"


But now I'm rooting for you, Denis! I hope you get it working! :)


+1. It's fun to find out how small Postfix can get.

Postfix has been running since late 1998 on a 64MB box, 24/7.  I
replaced the few parts that break, and blow out the dust once a
year or so.  Good hardware does not die.

Wietse


You must have solid caps, don't you?

BTW, is there any "how-to" for getting the least possible memory  
footprint for Postfix. As learned some points are
- reduce either the global default process limit or the relevant  
process limits in master.cf
- use a small footprint lookup table like cdb and the least possible  
count of tables

- don't use regex/pcre maps
- reduce active limit for qmgr

any other knobs/screws to adjust?

Many Thanks

Andreas






smime.p7s
Description: S/MIME Cryptographic Signature

Re: Kernel Oops

2011-03-04 Thread Victor Duchovni 
On Fri, Mar 04, 2011 at 10:33:30PM +0100, lst_ho...@kwsoft.de wrote:

> BTW, is there any "how-to" for getting the least possible memory footprint 
> for Postfix. As learned some points are
>
> - reduce either the global default process limit or the relevant process 
> limits in master.cf
> - use a small footprint lookup table like cdb and the least possible count 
> of tables
> - don't use regex/pcre maps

Nothing wrong with small regexp/pcre maps.

> - reduce active limit for qmgr
>
> any other knobs/screws to adjust?

Use postscreen, to reduce demand for connections to the real SMTP service.
Potentially compile-in fewer features (TLS, SASL, LDAP, ...), but Berkeley
DB is still needed for dynamic databases (e.g. postscreen dynamic whitelist),
just don't use read-only Berkeley DB tables, use CDB for that.

-- 
Viktor.

Re: Kernel Oops

2011-03-04 Thread Stan Hoeppner 
lst_ho...@kwsoft.de put forth on 3/4/2011 3:33 PM:
> Zitat von Wietse Venema :

>> Postfix has been running since late 1998 on a 64MB box, 24/7.  I
>> replaced the few parts that break, and blow out the dust once a
>> year or so.  Good hardware does not die.
>>
>> Wietse
> 
> You must have solid caps, don't you?

While film capacitors do have lifespan issues compared to solid
capacitors, they can last 10-20 years if operating at a relatively low
temperature, i.e. sufficient case cooling w/ system in a temp controlled
environment.  One of my personal servers contains an 11 year old Abit
BP6 dual Celery mobo:
http://www.hardwarefreak.com/web/server_pics/gallery/

A couple of caps are mildly bulging but the system is rock solid, even
under burnp6 load on each CPU for 10+ minutes.

-- 
Stan

Re: Kernel Oops

2011-03-04 Thread Stan Hoeppner 
lst_ho...@kwsoft.de put forth on 3/4/2011 3:33 PM:

> BTW, is there any "how-to" for getting the least possible memory
> footprint for Postfix.

> - don't use regex/pcre maps

This isn't necessarily true, is it?  In some cases I would think it's
dramatically reversed in favor of PCRE tables (unless the Postfix PCRE
processing code overhead eats up a massive amount of memory).  For
example, with the following single PCRE I can block a few million,
literally, residential hosts in the Centurylink (formerly Embarq)
consumer broadband aDSL network:

/^.*\.(dyn|dhcp)\.embarqhsd\.net$/  REJECT Please use ISP relay

To do this with a CIDR would take at least 100 entries to cover all the
subnets, probably many many more, due to the way they assign blocks by
state, and rDNS by customer type, with (dyn|dhcp|sta) all existing
within each of the top level parents.

To do this with a hash table would require multiple hundreds of entries
as you'd be limited to using /24s.

-- 
Stan

Mails in database.

2011-03-04 Thread Rafał Radecki 
Hi all.

Is it possible to store not only user info but also e-mails in a database
such as MySQL or PostgreSQL?
If yes can you share your experience?

Re: Mails in database.

2011-03-04 Thread Jeroen Geilman 

On 03/05/2011 02:39 AM, Rafał Radecki wrote:

Hi all.

Is it possible to store not only user info but also e-mails in a 
database such as MySQL or PostgreSQL?

If yes can you share your experience?


There are database mailstores, yes.
www.dbmail.org is one such mailstore-plus-IMAP-server.

postfix merely delivers mail there, it is not involved in storing mail 
in databases.


--
J.

Re: Mails in database.

2011-03-04 Thread Ralf W. 
Hello, I think you can use maildb, but I have no experience on how to use it.
 The problem with troubleshooting is that trouble shoots back. 
-  Ralf Wiegand 1999