Re: round-robin sending SMTP server ?

[Frank Bonnet]

On 03/10/2011 09:09 PM, Stan Hoeppner wrote:
> Frank Bonnet put forth on 3/10/2011 9:55 AM:
>> Hello
>>
>> Is it possible to configure postfix to use some round-robin
>> mechanisms to send emails with several SMTP servers ?
>>
>> I mean to SEND emails to the external world, not to receive.
> 
> I touched on this recently but in a different context, that being
> multiple postfix instances on one box all used as an outbound relay
> farm.  You wan to use round robin DNS for this.
> 
> What you want to accomplish is very simple.  Create a DNS CNAME entry of
> something like relay-farm.your-domain.tld and point it to something like
> tractor.your-domain.tld.  Then create an A record for each SMTP relay
> box's IP, with all of these A records having the name
> tractor.your-domain.tld.  This should enable round robin DNS.  Now,
> simply add this to main.cf:
> 
> relayhost = relay-farm.your-domain.tld
> 
> I think this is right.  If not it's darn close.
> 

Thanks a Stan gonna try this


-- 


Frank BONNET

01.45.92.66.17

Service des Moyens Informatiques Generaux

ESIEE PARIS
Cité Descartes / BP 99
93162 NOISY-LE-GRAND Cedex
http://www.esiee.fr 

Re: round-robin sending SMTP server ?

[Frank Bonnet]

On 03/11/2011 09:51 AM, Frank Bonnet wrote:
> On 03/10/2011 09:09 PM, Stan Hoeppner wrote:
>> Frank Bonnet put forth on 3/10/2011 9:55 AM:
>>> Hello
>>>
>>> Is it possible to configure postfix to use some round-robin
>>> mechanisms to send emails with several SMTP servers ?
>>>
>>> I mean to SEND emails to the external world, not to receive.
>>
>> I touched on this recently but in a different context, that being
>> multiple postfix instances on one box all used as an outbound relay
>> farm.  You wan to use round robin DNS for this.
>>
>> What you want to accomplish is very simple.  Create a DNS CNAME entry of
>> something like relay-farm.your-domain.tld and point it to something like
>> tractor.your-domain.tld.  Then create an A record for each SMTP relay
>> box's IP, with all of these A records having the name
>> tractor.your-domain.tld.  This should enable round robin DNS.  Now,
>> simply add this to main.cf:
>>
>> relayhost = relay-farm.your-domain.tld
>>
>> I think this is right.  If not it's darn close.
>>
> 
> Thanks a Stan gonna try this
> 
> 

Thanks ! it works fine :-)

Re: round-robin sending SMTP server ?

[lst_hoe02]

Zitat von Frank Bonnet :


On 03/11/2011 09:51 AM, Frank Bonnet wrote:

On 03/10/2011 09:09 PM, Stan Hoeppner wrote:

Frank Bonnet put forth on 3/10/2011 9:55 AM:

Hello

Is it possible to configure postfix to use some round-robin
mechanisms to send emails with several SMTP servers ?

I mean to SEND emails to the external world, not to receive.


I touched on this recently but in a different context, that being
multiple postfix instances on one box all used as an outbound relay
farm.  You wan to use round robin DNS for this.

What you want to accomplish is very simple.  Create a DNS CNAME entry of
something like relay-farm.your-domain.tld and point it to something like
tractor.your-domain.tld.  Then create an A record for each SMTP relay
box's IP, with all of these A records having the name
tractor.your-domain.tld.  This should enable round robin DNS.  Now,
simply add this to main.cf:

relayhost = relay-farm.your-domain.tld

I think this is right.  If not it's darn close.



Thanks a Stan gonna try this




Thanks ! it works fine :-)



Would be better with "relayhost = [relay-farm.your-domain.tld]", no?

Regards

Andreas




smime.p7s
Description: S/MIME Cryptographic Signature

Re: Message is modified after after-queue filter

[Ulrich Mierendorff]

On 09.03.2011 21:38, Murray S. Kucherawy wrote:

-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of Victor Duchovni
Sent: Tuesday, March 08, 2011 2:02 PM
To: postfix-users@postfix.org
Subject: Re: Message is modified after after-queue filter


My current work-around is to correctly format my emails in my software
before they are sent to postfix so that the messages are not modified at
all. But that is not the best solution.

Actually that *is* the best solution. Send 7-bit encoded mail with
correct line endings.

Furthermore, even if postfix could be coerced into not doing the rewrites 
you're describing, something else down the chain likely will, invalidating your 
signatures anyway.
It okay for me, that postfix does these modifications, but I would like 
if it happens BEFORE the message is passed to the filter, because the 
filter sees the original email and postfix currently modifies it after 
filtering.


-Ulrich

Re: GeoIP based rejections

[Mikael Bak]

Mark Watts wrote:
> 
> I'd like to be able to reject connections from remote IP addresses if
> they're from certain countries (or conversely only allow from certain
> countries).
> 
> What are my options for doing this in/with postfix?
> 

Perhaps not what you asked for, bur Spamassassin has a way to score
certain countries higher than others.

This can be useful if you do not want to cut off half of the world from
your mail server.

HTH,
Mikael

Re: check client ip only if mail has a particular header

[Giovanni Mancuso]

 On 10/03/2011 21:39, Stan Hoeppner wrote:
> Giovanni Mancuso put forth on 3/10/2011 11:19 AM:
>>  On 10/03/2011 15:04, Stan Hoeppner wrote:
>>> Giovanni Mancuso put forth on 3/10/2011 7:22 AM:
  Hi,
 I would configure my postfix to control if client ip is in blacklist
 only if the mail have a particolar header.
 I tried to create a header_checks table and with a FILTER i redirect all
 mails that have a particular header to localhost on port 2500
 but in this way the client ip is localhost

 Anyone have any ideas?
>>> You don't want to forward the entire mail to a policy daemon or TCP
>>> server via FILTER.  You simply want to reject it if you don't like the
>>> header contents and the IP is in a dnsbl.
>>>
>>> The closest thing I know of to this is Sahil Tandon's perl based TCP
>>> server.  It checks the domains in the from, message-id, and reply-to
>>> headers against a configurable list of domain block lists.  The default
>>> list is:
>> I saw the script, but in this way the check is done with header from,
>> message-id or reply-to that can be a fake.
>>
>> I would that the check is done on* *client_address.
> I must have misunderstood.  It sounds above as if you want to check the
> header for something, and only after some kind of match query a DNSBL
> with the client IP.  Is this not what you want?  What exactly do you
> want?  It's not clear.
>
Hi,
I try to explain with an example.
I have my postfix configured as MX record of my domain with particular
smtpd_recipents_restriction, ecc...
If my postfix receives a mail that has X-MyCustomHeader, Postfix accept
the mail and delivers it to backend.
If my Postfix receives a mail that hasn't X-MyCustomHeader, Postfix
checks if client ip is in a blacklist and reject the email if the ip is
in blacklist or accept the mail if it isn't in blacklist.

I hope to have explained it clearly.

Sorry for my bad English

Bye

Re: check client ip only if mail has a particular header

[Victor Duchovni]

On Fri, Mar 11, 2011 at 04:58:15PM +0100, Giovanni Mancuso wrote:

> I have my postfix configured as MX record of my domain with particular
> smtpd_recipents_restriction, ecc...
> If my postfix receives a mail that has X-MyCustomHeader, Postfix accept
> the mail and delivers it to backend.
> If my Postfix receives a mail that hasn't X-MyCustomHeader, Postfix
> checks if client ip is in a blacklist and reject the email if the ip is
> in blacklist or accept the mail if it isn't in blacklist.

Rejection of email can only happen before the mail is queued. Therefore,
this can only be done with a proxy-filter or milter.

http://www.postfix.org/SMTPD_PROXY_README.html
http://www.postfix.org/MILTER_README.html

While client addresses can checked via built-in mechanisms in
smtpd_end_of_data_restrictions, there is no built-in mechanism to make
these checks dependent on the message headers. Adding such a feature
would not be easy, the header checks are performed in the cleanup(8)
server, while client address checks are performed in the smtpd(8)
server, the data flow from smtpd(8) to cleanup(8) is essentially
one-way...

http://www.postfix.org/OVERVIEW.html

-- 
Viktor.

Duplicated messages

[Jason Voorhees]

Hi:

I have a Postfix 2.3.3 running on CentOS 5.5 with a local installation
of OpenLDAP. System users are mapped from my LDAP directory server
according to /etc/nsswitch.conf and /etc/ldap.conf.
I have LDAP groups what I use in postfix as a virtual alias maps like this:

virtual_alias_maps = ldap:/etc/postfix/groups.cf

and the configuration of groups.cf queries my LDAP server like this:

server_host = localhost
search_base = ou=groups,dc=mydomain,dc=com
query_filter = (&(cn=%u)(objectClass=posixGroup))
result_attribute = memberUid
result_format = %s...@mydomain.com
bind = no
version = 3

I have users that belong to one or more LDAP groups and when people
send e-mails to one of those users with Cc: to one of those groups
(that contains one of those users), the final users receive
multiplicated e-mails.

How can I avoid this? I hope someone can help me.

Thanks

Re: Duplicated messages

[Victor Duchovni]

On Fri, Mar 11, 2011 at 11:10:31AM -0500, Jason Voorhees wrote:

> I have a Postfix 2.3.3 running on CentOS 5.5 with a local installation
> of OpenLDAP.
> I have LDAP groups what I use in postfix as a virtual alias maps like this:
> 
> virtual_alias_maps = ldap:/etc/postfix/groups.cf
> 
> I have users that belong to one or more LDAP groups and when people
> send e-mails to one of those users with Cc: to one of those groups
> (that contains one of those users), the final users receive
> multiplicated e-mails.
> 
> How can I avoid this? I hope someone can help me.

http://www.postfix.org/postconf.5.html#enable_original_recipient

-- 
Viktor.

Re: check client ip only if mail has a particular header

[Giovanni Mancuso]

 On 11/03/2011 17:09, Victor Duchovni wrote:
> On Fri, Mar 11, 2011 at 04:58:15PM +0100, Giovanni Mancuso wrote:
>
>> I have my postfix configured as MX record of my domain with particular
>> smtpd_recipents_restriction, ecc...
>> If my postfix receives a mail that has X-MyCustomHeader, Postfix accept
>> the mail and delivers it to backend.
>> If my Postfix receives a mail that hasn't X-MyCustomHeader, Postfix
>> checks if client ip is in a blacklist and reject the email if the ip is
>> in blacklist or accept the mail if it isn't in blacklist.
> Rejection of email can only happen before the mail is queued. Therefore,
> this can only be done with a proxy-filter or milter.
>
> http://www.postfix.org/SMTPD_PROXY_README.html
> http://www.postfix.org/MILTER_README.html
Another questions.
If i use a MILTER, and if i have smtpd_recipient_restrictions
configured, postfix uses this restriction? I did not understand this :-(

In your opinion, to do this is better MILTER or SMTPD_PROXY?

Do you know a simple milter (write in perl or python) that i can use as
example for develop my milter?

Thanks
> While client addresses can checked via built-in mechanisms in
> smtpd_end_of_data_restrictions, there is no built-in mechanism to make
> these checks dependent on the message headers. Adding such a feature
> would not be easy, the header checks are performed in the cleanup(8)
> server, while client address checks are performed in the smtpd(8)
> server, the data flow from smtpd(8) to cleanup(8) is essentially
> one-way...
>
> http://www.postfix.org/OVERVIEW.html
>

Re: Duplicated messages

[Jason Voorhees]

On Fri, Mar 11, 2011 at 11:20 AM, Victor Duchovni
 wrote:
> On Fri, Mar 11, 2011 at 11:10:31AM -0500, Jason Voorhees wrote:
>
>> I have a Postfix 2.3.3 running on CentOS 5.5 with a local installation
>> of OpenLDAP.
>> I have LDAP groups what I use in postfix as a virtual alias maps like this:
>>
>> virtual_alias_maps = ldap:/etc/postfix/groups.cf
>>
>> I have users that belong to one or more LDAP groups and when people
>> send e-mails to one of those users with Cc: to one of those groups
>> (that contains one of those users), the final users receive
>> multiplicated e-mails.
>>
>> How can I avoid this? I hope someone can help me.
>
>    http://www.postfix.org/postconf.5.html#enable_original_recipient
>

Hi, thanks Viktor for your answer. I've already used these settings:

Setting # 1:
enable_original_recipient = no

Setting # 2:
enable_original_recipient = no
smtpd_disable_ehlo_keywords = silent-discard, dsn

But none of those solved my problem. This is my real configuration
(except domain names) of main.cf:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_size_limit = 0
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 12582912
mydestination = localhost, $mydomain, $myhostname
mydomain = mydomain.com
myhostname = $mydomain
mynetworks = 127.0.0.1, 192.168.1.0/24, 192.168.5.0/24,
192.168.6.0/24, 10.0.0.0/24
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relayhost = 192.168.1.251
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/pki/tls/certs/exim.pem
smtpd_tls_key_file = /etc/pki/tls/private/exim.pem
smtpd_tls_security_level = may
smtpd_tls_wrappermode = no
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/maps/virtual_alias_maps.hash,
ldap:/etc/postfix/maps/virtual_alias_maps.cf

This is the content  of /etc/postfix/maps/virtual_alias_maps.hash:

areng...@mydomain.com areng...@mycompany.microsoftonline.com

This is the content  of /etc/postfix/maps/virtual_alias_maps.cf:

server_host = localhost
search_base = ou=Groups,dc=mydomain,dc=com
query_filter = (&(cn=%u)(objectClass=posixGroup))
result_attribute = memberUid
result_format = %s...@mydomain.com
bind = no
version = 3

I hope it helps.

Re: Max msgs to 1 recipient - default_destination_concurrency_limit.

[Lauro Costa G. Borges]

On Thu, Mar 10, 2011 at 03:27:50PM -0300, Lauro Costa G. Borges wrote:


I'm trying to limit how many messages can be sent to a recipient.


- A specific set of recipients or as a general rule?


 A general rule.



- Per sender, or across the entire MTA?


 The entire MTA.



- Why?


 Some company systems send email when something is wrong. Some of our  
users have .forward which sends a copy of messages arriving to their  
company e-mail to an external e-mail, such as GMail. This gets out  
smtp-out server temporarily blocked on some external mail servers.




This message was sent using IMP, the Internet Messaging Program.

Re: Max msgs to 1 recipient - default_destination_concurrency_limit.

[Victor Duchovni]

On Fri, Mar 11, 2011 at 12:29:00PM -0300, Lauro Costa G. Borges wrote:

>>> I'm trying to limit how many messages can be sent to a recipient.
>>
>> - A specific set of recipients or as a general rule?
>
>  A general rule.
>
>> - Per sender, or across the entire MTA?
>
>  The entire MTA.
>
>> - Why?
>
> Some company systems send email when something is wrong. Some of our users 
> have .forward which sends a copy of messages arriving to their company 
> e-mail to an external e-mail, such as GMail. This gets out smtp-out server 
> temporarily blocked on some external mail servers.

Thanks, now it is very clear. For this we have internally developed a
policy service (running on the internal MSAs) called "flood-stopper". It
looks for streams of email from a sender to fixed set of recipients,
when the same envelope is seen repeatedly (multiple thresholds over
progressively longer times to catch both quick bursts and slow, but
steady surges) the policy service returns a "HOLD" verdict, and further
mail for the same sender + recipients is placed in the HOLD queue.

A notification is sent to the support team when a new flood is detected,
and no recent notices of the same sort have been sent. The support team
has tools to sort through the hold queue and delete floods sent by
poorly designed applications that send repeated email notices instead
of logging and sending one consolidated email alert.

So you need a policy service that detects both Achiles and Tortoise
mail floods, shunts the mail into the HOLD queue, and notifies your
team that they should at some point drain the cesspool: delete
junk, and release any false positives.

-- 
Viktor.

pass rDNS hostname and EHLO hostname to policy daemon

[Stan Hoeppner]

How would I go about passing strictly the rDNS and EHLO hostnames to a
policy daemon?  Is this possible?  If not, other suggestions?

Thanks.

-- 
Stan

xfermailbox

[Oscar Mauricio Cruz Lazo]

Hi all

Im trying to migrate all my mailbox system from one server to a new server,
i want to use xfermailbox tool but i have a world of doubts about how to use
it ? running postfix-2.4.5 plus cyrus-imapd-2.3.8-51
in both side.

Please i would tthank all info about it ...


Regards

Re: Duplicated messages

[Victor Duchovni]

On Fri, Mar 11, 2011 at 12:06:28PM -0500, Jason Voorhees wrote:

> >> How can I avoid this? I hope someone can help me.
> >
> > ? ?http://www.postfix.org/postconf.5.html#enable_original_recipient
> >
> 
> Hi, thanks Viktor for your answer. I've already used these settings:
> 
> Setting # 1:
> enable_original_recipient = no
> 
> Setting # 2:
> enable_original_recipient = no
> smtpd_disable_ehlo_keywords = silent-discard, dsn
> 

Your Postfix may be too old. From the HISTORY file:

20070520

Bugfix (problem introduced Postfix 2.3): when DSN support
was introduced it broke "agressive" recipient duplicate
elimination with "enable_original_recipient = no".  File:
cleanup/cleanup_out_recipient.c.

This postdates the release of 2.5, but the change was backported to
2.4.x, and 2.3.10. If all you have is 2.3.3, you need to upgrade.

-- 
Viktor.

Re: pass rDNS hostname and EHLO hostname to policy daemon

[Victor Duchovni]

On Fri, Mar 11, 2011 at 11:24:51AM -0600, Stan Hoeppner wrote:

> How would I go about passing strictly the rDNS and EHLO hostnames to a
> policy daemon?  Is this possible?  If not, other suggestions?

The policy protocol is described at:

http://www.postfix.org/SMTPD_POLICY_README.html#protocol

if the attributes you want are listed, they are passed, if they are not
listed, they are not passed.

-- 
Viktor.

Re: Max msgs to 1 recipient - default_destination_concurrency_limit.

[Lauro Costa G. Borges]

Citando Victor Duchovni :


On Fri, Mar 11, 2011 at 12:29:00PM -0300, Lauro Costa G. Borges wrote:


I'm trying to limit how many messages can be sent to a recipient.


- A specific set of recipients or as a general rule?


 A general rule.


- Per sender, or across the entire MTA?


 The entire MTA.


- Why?


Some company systems send email when something is wrong. Some of our users
have .forward which sends a copy of messages arriving to their company
e-mail to an external e-mail, such as GMail. This gets out smtp-out server
temporarily blocked on some external mail servers.


Thanks, now it is very clear. For this we have internally developed a
policy service (running on the internal MSAs) called "flood-stopper". It
looks for streams of email from a sender to fixed set of recipients,
when the same envelope is seen repeatedly (multiple thresholds over
progressively longer times to catch both quick bursts and slow, but
steady surges) the policy service returns a "HOLD" verdict, and further
mail for the same sender + recipients is placed in the HOLD queue.

A notification is sent to the support team when a new flood is detected,
and no recent notices of the same sort have been sent. The support team
has tools to sort through the hold queue and delete floods sent by
poorly designed applications that send repeated email notices instead
of logging and sending one consolidated email alert.

So you need a policy service that detects both Achiles and Tortoise
mail floods, shunts the mail into the HOLD queue, and notifies your
team that they should at some point drain the cesspool: delete
junk, and release any false positives.

--
Viktor.




 Thanks!
 So it's not possible to achieve similar behavior with Postfix, and  
only Postfix?





This message was sent using IMP, the Internet Messaging Program.

Re: Max msgs to 1 recipient - default_destination_concurrency_limit.

[Victor Duchovni]

On Fri, Mar 11, 2011 at 12:59:19PM -0300, Lauro Costa G. Borges wrote:

> So it's not possible to achieve similar behavior with Postfix, and only 
> Postfix?

Simple rate limits don't help, they just defer mail, but the sending
systems won't give up, so you only make the problem worse by increasing
the ultimate mail volume. You need to place mail on hold or reject it,
but rejecting based on volume is risky. There is nothing built-in that
moves high volume flows to the hold queue, this would be a good add-on
for someone to open-source, I don't whether ours is a candidate for
this, it is owned by the internal MSA support team, I "own" just the
perimeter plant.

-- 
Viktor.

Re: Duplicated messages

[Jason Voorhees]

On Fri, Mar 11, 2011 at 12:27 PM, Victor Duchovni
 wrote:
> On Fri, Mar 11, 2011 at 12:06:28PM -0500, Jason Voorhees wrote:
>
>> >> How can I avoid this? I hope someone can help me.
>> >
>> > ? ?http://www.postfix.org/postconf.5.html#enable_original_recipient
>> >
>>
>> Hi, thanks Viktor for your answer. I've already used these settings:
>>
>> Setting # 1:
>> enable_original_recipient = no
>>
>> Setting # 2:
>> enable_original_recipient = no
>> smtpd_disable_ehlo_keywords = silent-discard, dsn
>>
>
> Your Postfix may be too old. From the HISTORY file:
>
>    20070520
>
>        Bugfix (problem introduced Postfix 2.3): when DSN support
>        was introduced it broke "agressive" recipient duplicate
>        elimination with "enable_original_recipient = no".  File:
>        cleanup/cleanup_out_recipient.c.
>
> This postdates the release of 2.5, but the change was backported to
> 2.4.x, and 2.3.10. If all you have is 2.3.3, you need to upgrade.
>
> --
>        Viktor.
>

You were right! I upgraded postfix to 2.5.0 and using the same setting
previously mentioned above it solved my problem.

Thanks

Re: Duplicated messages

[Victor Duchovni]

On Fri, Mar 11, 2011 at 01:13:23PM -0500, Jason Voorhees wrote:

> > 20070520
> >
> > Bugfix (problem introduced Postfix 2.3): when DSN support
> > was introduced it broke "agressive" recipient duplicate
> > elimination with "enable_original_recipient = no". File:
> > cleanup/cleanup_out_recipient.c.
> >
> > This postdates the release of 2.5, but the change was backported to
> > 2.4.x, and 2.3.10. If all you have is 2.3.3, you need to upgrade.
> 
> You were right!

I don't make this stuff up. :-)

> I upgraded postfix to 2.5.0 and using the same setting
> previously mentioned above it solved my problem.

Why 2.5.0 and not say 2.5.12? If you are going to the trouble of updating,
at this point it should be 2.7.3 or 2.8.1.

-- 
Viktor.

Re: Duplicated messages

[Jason Voorhees]

On Fri, Mar 11, 2011 at 1:57 PM, Victor Duchovni
 wrote:
> On Fri, Mar 11, 2011 at 01:13:23PM -0500, Jason Voorhees wrote:
>
>> > 20070520
>> >
>> > Bugfix (problem introduced Postfix 2.3): when DSN support
>> > was introduced it broke "agressive" recipient duplicate
>> > elimination with "enable_original_recipient = no". File:
>> > cleanup/cleanup_out_recipient.c.
>> >
>> > This postdates the release of 2.5, but the change was backported to
>> > 2.4.x, and 2.3.10. If all you have is 2.3.3, you need to upgrade.
>>
>> You were right!
>
> I don't make this stuff up. :-)
>
>> I upgraded postfix to 2.5.0 and using the same setting
>> previously mentioned above it solved my problem.
>
> Why 2.5.0 and not say 2.5.12? If you are going to the trouble of updating,
> at this point it should be 2.7.3 or 2.8.1.
>
> --
>        Viktor.
>

I need a fast way to get an earlier Postfix so I downloaded a rpm
package from Postfix's website under "Packages and ports" section. For
CentOS it was available postfix-2.5.0 RPM package.

Re: Duplicated messages

[Victor Duchovni]

On Fri, Mar 11, 2011 at 02:54:58PM -0500, Jason Voorhees wrote:

> > Why 2.5.0 and not say 2.5.12? If you are going to the trouble of updating,
> > at this point it should be 2.7.3 or 2.8.1.
> 
> I need a fast way to get an earlier Postfix so I downloaded a rpm
> package from Postfix's website under "Packages and ports" section. For
> CentOS it was available postfix-2.5.0 RPM package.

http://ftp.wl0.org/official/2.7/RPMS-rhel5-x86_64/

-- 
Viktor.

Re: xfermailbox

[Jeroen Geilman]

On 03/11/2011 06:26 PM, Oscar Mauricio Cruz Lazo wrote:


Hi all

Im trying to migrate all my mailbox system from one server to a new 
server, i want to use xfermailbox tool but i have a world of doubts 
about how to use it ? running postfix-2.4.5 plus cyrus-imapd-2.3.8-51

in both side.

Please i would tthank all info about it ...



The documentation for xfermailbox would be the place to look.

Since it is not a postfix component, we can't help you with that.

--
J.

Re: round-robin sending SMTP server ?

[Stan Hoeppner]

lst_ho...@kwsoft.de put forth on 3/11/2011 4:03 AM:
> Zitat von Frank Bonnet :
> 
>> On 03/11/2011 09:51 AM, Frank Bonnet wrote:

>> Thanks ! it works fine :-)

You're welcome Frank.

> Would be better with "relayhost = [relay-farm.your-domain.tld]", no?

Yes, I guess so.  That'll disable MX lookups, which obviously aren't
needed in this case.  This will save a little bandwidth, but more
importantly it will eliminate any possible latency effects associated
with remote DNS servers responding slowly to the MX requests, thus
improving throughput to the farm.

I've often wondered why MX lookups aren't disabled automatically when
setting relayhost=.  I'm sure this has been answered before, I just
can't recall.  I don't see an explanation in man 5 postconf.

-- 
Stan

Re: check client ip only if mail has a particular header

[Stan Hoeppner]

Victor Duchovni put forth on 3/11/2011 10:09 AM:
> On Fri, Mar 11, 2011 at 04:58:15PM +0100, Giovanni Mancuso wrote:
> 
>> I have my postfix configured as MX record of my domain with particular
>> smtpd_recipents_restriction, ecc...
>> If my postfix receives a mail that has X-MyCustomHeader, Postfix accept
>> the mail and delivers it to backend.
>> If my Postfix receives a mail that hasn't X-MyCustomHeader, Postfix
>> checks if client ip is in a blacklist and reject the email if the ip is
>> in blacklist or accept the mail if it isn't in blacklist.
> 
> Rejection of email can only happen before the mail is queued. Therefore,
> this can only be done with a proxy-filter or milter.
> 
> http://www.postfix.org/SMTPD_PROXY_README.html
> http://www.postfix.org/MILTER_README.html
> 
> While client addresses can checked via built-in mechanisms in
> smtpd_end_of_data_restrictions, there is no built-in mechanism to make
> these checks dependent on the message headers. Adding such a feature
> would not be easy, the header checks are performed in the cleanup(8)
> server, while client address checks are performed in the smtpd(8)
> server, the data flow from smtpd(8) to cleanup(8) is essentially
> one-way...
> 
> http://www.postfix.org/OVERVIEW.html


It appears I did understand Giovanni's need correctly.  He should be
able to use Sahil's checkdbl.pl daemon with some modifications.  He'd
simply check that X-custom-header exists.  If it doesn't, he'd then
query the configured dnsbl for the client IP address, although I'm not
sure exactly how one would access the client IP from within header
checks.  I'm not a perl programmer, but this shouldn't be too difficult
for a perl guy, assuming the client IP address is available to the
daemon one way or another.  Most of the code the OP needs is already here:

http://people.freebsd.org/~sahil/scripts/checkdbl.pl.txt

-- 
Stan

Re: round-robin sending SMTP server ?

[Wietse Venema]

Stan Hoeppner:
> I've often wondered why MX lookups aren't disabled automatically when
> setting relayhost=.  

Because there is no way to turn it on! A feature that can't be
turned off is a bug.

Wietse

Re: check client ip only if mail has a particular header

[Wietse Venema]

Stan Hoeppner:
> It appears I did understand Giovanni's need correctly.  He should be
> able to use Sahil's checkdbl.pl daemon with some modifications.  He'd
> simply check that X-custom-header exists.  If it doesn't, 

header_checks can't detect missing headers.

Wietse