Problem with relaying to Exchange server.

[Rafał Radecki]

Hi all. I am trying to configure postfix to relay all mails send from
localhost (postfix 2.7.1-1, Ubuntu 10.10) to LAN Exchange server which then
sends out to the Internet.
- main.cf:
*mydestination =
relayhost = [10.0.1.222]:25
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
default_transport = error
relay_transport = error
local_transport = error
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = *

I use mutt to send e-mail and get in /var/log/mail.log:
*Mar 18 11:47:27 myway postfix/pickup[7621]: B980C140E1D: uid=1000 from=<
xxx@xxx.com>
Mar 18 11:47:27 myway postfix/cleanup[7637]: B980C140E1D:
message-id=<20110318104727.GA7624@myway>
Mar 18 11:47:27 myway postfix/qmgr[7622]: B980C140E1D: from=,
size=473, nrcpt=1 (queue active)
Mar 18 11:47:27 myway postfix/error[7639]: B980C140E1D: to=,
relay=none, delay=0.19, delays=0.12/0/0/0.06, dsn=5.0.0, status=bounced
([10.0.1.222]:25)
Mar 18 11:47:27 myway postfix/cleanup[7637]: D9558140E1F:
message-id=<20110318104727.d9558140...@myway.xxx.local>
Mar 18 11:47:27 myway postfix/bounce[7640]: B980C140E1D: sender non-delivery
notification: D9558140E1F
Mar 18 11:47:27 myway postfix/qmgr[7622]: D9558140E1F: from=<>, size=2256,
nrcpt=1 (queue active)
Mar 18 11:47:27 myway postfix/qmgr[7622]: B980C140E1D: removed
Mar 18 11:47:28 myway postfix/error[7639]: D9558140E1F: to=,
relay=none, delay=0.11, delays=0.06/0/0/0.06, dsn=5.0.0, status=bounced
([10.0.1.222]:25)
Mar 18 11:47:28 myway postfix/qmgr[7622]: D9558140E1F: removed*

When I use telnet on port 25 on 10.0.1.222 than using HELO, MAIL FROM and
RCPT TO I can send e-mail without a password.

Is there something missing or wrong in my configuration?

Re: Problem with relaying to Exchange server.

[Reindl Harald]

* please do not send html mails to the list
* what is "myhostname" in your "main.cf", this is the EHLO from postfix
* has your hostname a valid a-record/ptr
* why does exchange give such a useless answer?

a useable mailserver gives a answer like this "status=bounced (host 
relayserver[relay-ip]
said: 550 5.1.1 : Recipient address rejected: User unknown in virtual 
alias table
(in reply to RCPT TO command))"

meaning: would the other host not be a misconfigured exchange you would see a
reason why the message is bounced (invalid rcpt, invalid helo, missing ptr for
sending server..), you stripped every useful information, your postfix semmes
not to have a valid hostname configured.

Am 18.03.2011 11:53, schrieb Rafał Radecki:
> Hi all. I am trying to configure postfix to relay all mails send from 
> localhost (postfix 2.7.1-1, Ubuntu 10.10) to
> LAN Exchange server which then sends out to the Internet.
> - main.cf :
> /mydestination =
> relayhost = [10.0.1.222]:25
> mynetworks = 127.0.0.0/8 
> mailbox_size_limit = 0
> recipient_delimiter = +
> inet_interfaces = loopback-only
> default_transport = error
> relay_transport = error
> local_transport = error
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_sasl_security_options = /
> 
> I use mutt to send e-mail and get in /var/log/mail.log:
> /Mar 18 11:47:27 myway postfix/pickup[7621]: B980C140E1D: uid=1000 
> from=mailto:xxx@xxx.com>>
> Mar 18 11:47:27 myway postfix/cleanup[7637]: B980C140E1D: 
> message-id=<20110318104727.GA7624@myway>
> Mar 18 11:47:27 myway postfix/qmgr[7622]: B980C140E1D: from= >, size=473,
> nrcpt=1 (queue active)
> Mar 18 11:47:27 myway postfix/error[7639]: B980C140E1D: to= >,
> relay=none, delay=0.19, delays=0.12/0/0/0.06, dsn=5.0.0, status=bounced 
> ([10.0.1.222]:25)
> Mar 18 11:47:27 myway postfix/cleanup[7637]: D9558140E1F: 
> message-id=<20110318104727.d9558140...@myway.xxx.local>
> Mar 18 11:47:27 myway postfix/bounce[7640]: B980C140E1D: sender non-delivery 
> notification: D9558140E1F
> Mar 18 11:47:27 myway postfix/qmgr[7622]: D9558140E1F: from=<>, size=2256, 
> nrcpt=1 (queue active)
> Mar 18 11:47:27 myway postfix/qmgr[7622]: B980C140E1D: removed
> Mar 18 11:47:28 myway postfix/error[7639]: D9558140E1F: to= >, relay=none,
> delay=0.11, delays=0.06/0/0/0.06, dsn=5.0.0, status=bounced ([10.0.1.222]:25)
> Mar 18 11:47:28 myway postfix/qmgr[7622]: D9558140E1F: removed/
> 
> When I use telnet on port 25 on 10.0.1.222 than using HELO, MAIL FROM and 
> RCPT TO I can send e-mail without a password.
> Is there something missing or wrong in my configuration?



signature.asc
Description: OpenPGP digital signature

Re: Delivery rate drops soon after restart

[Wietse Venema]

Ram:
> >> Ram:
> >>> I have a postfix (2.7)  server where as soon as I restart the mails are
> >>> moved rapidly from incoming queue to active
> >>>
> >>> But soon ( after 5 minutes )  the queue manager is left behind  .. the
> >>> incoming queue keeps increasing 10k+  but active queue has hardly 10-15
> >>> mails
> > How many recipients in those 10-15 messages? What is the queue manager
> > doing (strace, truss, ktrace, ...)? I've seen cases (potential C-library
> > or kernel issue) in which trivial-rewrite does not see a new request
> > from the queue-manager until the queue-manager exits and only then does
> > trivial-rewrite notice the queue-manager's lookup request. Report any
> > warnings, or fatal messages logged by trivial-rewrite or qmgr.
> >
> Is there a known kernel issue .. I am using a centos.plus  kernel on 64 
> bit.
> ( rpm kernel-2.6.18-194.32.1.el5.centos.plus )

Perhaps you missed this:

Report any warnings, or fatal messages logged by trivial-rewrite or qmgr.

Victor and I are not telepathic.

Wietse

Re: Problem with relaying to Exchange server.

[Wietse Venema]

Rafa? Radecki:
> default_transport = error
> relay_transport = error
> local_transport = error

Why are you surprised that mail is returned as undeliverable?

Wietse

Re: The future of SMTP ?

[Alain Spineux]

On Sun, Mar 13, 2011 at 4:52 PM,   wrote:

> This is not a problem of SMTP but from the idea to design a system where
> everyone is able to send a message to some other participant if the
> "address" is known.


I thing SPAM is more a political problem than a technical one !

A lot of smart technical solutions exist for a long time now but SPAM
remains a problem.
If all the main mail service providers like Google and Hotmail would
choose a technical solution against SPAM and rejected mail from
servers not following these rules,
I thing SPAM would be reduced to the minimum. These rules must also
require the commitment of all mail actor, from the individual to the
big companies and ISP.

My favorite solution combine RBL and SPF pointers. Not RBL of IP
addresses as usual but thanks to SPF we could black list domain names.
If rejecting mail from SPF unaware domain was the rule, any SPAM could
be easily attributed to a domain name and its company owner.
Repeated SPAM flood would damage the corporate image of the company
and incapable IT managers would be replaced by capable ones.
RBL and SPF are now common, reliable and easy to use. Lot of of mail
actor are already using them.

Maybe we could start at our humble level to warn every senders about
their SPF unaware domain name. Open source should provide such
software,
and RBL providers handle domain names instead of IP addresses.

Regards

-- 
Alain Spineux                   |  aspineux gmail com
Monitor your iT & Backups |  http://www.magikmon.com
Free Backup front-end       | http://www.magikmon.com/mksbackup
Your email 100% available |  http://www.emailgency.com

Re: The future of SMTP ?

[Reindl Harald]

Am 18.03.2011 12:18, schrieb Alain Spineux:

> and RBL providers handle domain names instead of IP addresses.

what sense should this make?

the domain / rcpt / from does mean NOTHING
the connecting ip can not be faked as long the
protocol needs any tcp answer



signature.asc
Description: OpenPGP digital signature

Re: Problem with relaying to Exchange server.

[Jerry]

On Fri, 18 Mar 2011 12:05:33 +0100
Reindl Harald  articulated:

> Am 18.03.2011 11:53, schrieb Rafał Radecki:
> > Hi all. I am trying to configure postfix to relay all mails send
> > from localhost (postfix 2.7.1-1, Ubuntu 10.10) to LAN Exchange
> > server which then sends out to the Internet.
> > - main.cf :
> > /mydestination =
> > relayhost = [10.0.1.222]:25
> > mynetworks = 127.0.0.0/8 
> > mailbox_size_limit = 0
> > recipient_delimiter = +
> > inet_interfaces = loopback-only
> > default_transport = error
> > relay_transport = error
> > local_transport = error
> > smtp_sasl_auth_enable = yes
> > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> > smtp_sasl_security_options = /
> > 
> > I use mutt to send e-mail and get in /var/log/mail.log:
> > /Mar 18 11:47:27 myway postfix/pickup[7621]: B980C140E1D: uid=1000
> > from=mailto:xxx@xxx.com>> Mar 18 11:47:27
> > myway postfix/cleanup[7637]: B980C140E1D:
> > message-id=<20110318104727.GA7624@myway> Mar 18 11:47:27 myway
> > postfix/qmgr[7622]: B980C140E1D: from= > >, size=473, nrcpt=1 (queue active) Mar 18
> > 11:47:27 myway postfix/error[7639]: B980C140E1D:
> > to=mailto:rxxx@xxx.com>>, relay=none,
> > delay=0.19, delays=0.12/0/0/0.06, dsn=5.0.0, status=bounced
> > ([10.0.1.222]:25) Mar 18 11:47:27 myway postfix/cleanup[7637]:
> > D9558140E1F:
> > message-id=<20110318104727.d9558140...@myway.xxx.local> Mar 18
> > 11:47:27 myway postfix/bounce[7640]: B980C140E1D: sender
> > non-delivery notification: D9558140E1F Mar 18 11:47:27 myway
> > postfix/qmgr[7622]: D9558140E1F: from=<>, size=2256, nrcpt=1 (queue
> > active) Mar 18 11:47:27 myway postfix/qmgr[7622]: B980C140E1D:
> > removed Mar 18 11:47:28 myway postfix/error[7639]: D9558140E1F:
> > to=mailto:xxx@xxx.com>>, relay=none,
> > delay=0.11, delays=0.06/0/0/0.06, dsn=5.0.0, status=bounced
> > ([10.0.1.222]:25) Mar 18 11:47:28 myway postfix/qmgr[7622]:
> > D9558140E1F: removed/
> > 
> > When I use telnet on port 25 on 10.0.1.222 than using HELO, MAIL
> > FROM and RCPT TO I can send e-mail without a password. Is there
> > something missing or wrong in my configuration?

> * please do not send html mails to the list
> * what is "myhostname" in your "main.cf", this is the EHLO from
> postfix
> * has your hostname a valid a-record/ptr
> * why does exchange give such a useless answer?
> 
> a useable mailserver gives a answer like this "status=bounced (host
> relayserver[relay-ip] said: 550 5.1.1 : Recipient address
> rejected: User unknown in virtual alias table (in reply to RCPT TO
> command))"
> 
> meaning: would the other host not be a misconfigured exchange you
> would see a reason why the message is bounced (invalid rcpt, invalid
> helo, missing ptr for sending server..), you stripped every useful
> information, your postfix semmes not to have a valid hostname
> configured.

Reindl, while giving posting instructions to the OP, you failed to
list "Top Posting", a technique that you also fail to avail yourself of.

You might also have told the OP to follow the instructions available
at: . specifically:

Reporting problems to postfix-users@postfix.org

The people who participate on postfix-users@postfix.org are very
helpful, especially if YOU provide them with sufficient information.
Remember, these volunteers are willing to help, but their time is
limited.

When reporting a problem, be sure to include the following information.

A summary of the problem. Please do not just send some logging without
explanation of what YOU believe is wrong.

Complete error messages. Please use cut-and-paste, or use attachments,
instead of reciting information from memory.

Postfix logging. See the text at the top of the DEBUG_README document
to find out where logging is stored. Please do not frustrate the
helpers by word wrapping the logging. If the logging is more than a few
kbytes of text, consider posting an URL on a web or ftp site.

Output from "postconf -n". Please do not send your main.cf file, or
500+ lines of postconf output.

Better, provide output from the postfinger tool. This can be found at
http://ftp.wl0.org/SOURCES/postfinger. 
If the problem is SASL related, consider including the output from the
saslfinger tool. This can be found at
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/.


-- 
Jerry ✌
postfix-u...@seibercom.net
_
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Re: Problem with relaying to Exchange server.

[Rafał Radecki]

2011/3/18 Reindl Harald 

> * please do not send html mails to the list
>
Ok.

> * what is "myhostname" in your "main.cf", this is the EHLO from postfix
>
 Not relevant in this situation, when using telnet I can use whatever helo I
want (tested).

> * has your hostname a valid a-record/ptr
>
As I see it (based on telnet session) Echange is not veryfing DNS for
connecting hosts. Host which I am using doesn't have a valid record.

> * why does exchange give such a useless answer?
>
> a useable mailserver gives a answer like this "status=bounced (host
> relayserver[relay-ip]
> said: 550 5.1.1 : Recipient address rejected: User unknown in virtual
> alias table
> (in reply to RCPT TO command))"
>
> meaning: would the other host not be a misconfigured exchange you would see
> a
> reason why the message is bounced (invalid rcpt, invalid helo, missing ptr
> for
> sending server..), you stripped every useful information, your postfix
> semmes
> not to have a valid hostname configured.
>
I am not the person responsible fo configuration of the Exchange server.

>
> Am 18.03.2011 11:53, schrieb Rafał Radecki:
> > Hi all. I am trying to configure postfix to relay all mails send from
> localhost (postfix 2.7.1-1, Ubuntu 10.10) to
> > LAN Exchange server which then sends out to the Internet.
> > - main.cf :
> > /mydestination =
> > relayhost = [10.0.1.222]:25
> > mynetworks = 127.0.0.0/8 
> > mailbox_size_limit = 0
> > recipient_delimiter = +
> > inet_interfaces = loopback-only
> > default_transport = error
> > relay_transport = error
> > local_transport = error
> > smtp_sasl_auth_enable = yes
> > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> > smtp_sasl_security_options = /
> >
> > I use mutt to send e-mail and get in /var/log/mail.log:
> > /Mar 18 11:47:27 myway postfix/pickup[7621]: B980C140E1D: uid=1000 from=<
> xxx@xxx.com >
> > Mar 18 11:47:27 myway postfix/cleanup[7637]: B980C140E1D:
> message-id=<20110318104727.GA7624@myway>
> > Mar 18 11:47:27 myway postfix/qmgr[7622]: B980C140E1D: from=<
> xxx@xxx.com >, size=473,
> > nrcpt=1 (queue active)
>
According to  http://www.postfix.org/OVERVIEW.html I think that I sholud not
get below message here.

> > Mar 18 11:47:27 myway postfix/error[7639]: B980C140E1D: to=<
> rxxx@xxx.com >,
> > relay=none, delay=0.19, delays=0.12/0/0/0.06, dsn=5.0.0, status=bounced
> ([10.0.1.222]:25)
>
Doesn't relay=none mean that postfix is not relaying to a server relayhost =
[10.0.1.222]:25 ?

> > Mar 18 11:47:27 myway postfix/cleanup[7637]: D9558140E1F:
> message-id=<20110318104727.d9558140...@myway.xxx.local>
> > Mar 18 11:47:27 myway postfix/bounce[7640]: B980C140E1D: sender
> non-delivery notification: D9558140E1F
> > Mar 18 11:47:27 myway postfix/qmgr[7622]: D9558140E1F: from=<>,
> size=2256, nrcpt=1 (queue active)
> > Mar 18 11:47:27 myway postfix/qmgr[7622]: B980C140E1D: removed
> > Mar 18 11:47:28 myway postfix/error[7639]: D9558140E1F: to=<
> xxx@xxx.com >, relay=none,
> > delay=0.11, delays=0.06/0/0/0.06, dsn=5.0.0, status=bounced
> ([10.0.1.222]:25)
> > Mar 18 11:47:28 myway postfix/qmgr[7622]: D9558140E1F: removed/
> >
> > When I use telnet on port 25 on 10.0.1.222 than using HELO, MAIL FROM and
> RCPT TO I can send e-mail without a password.
> > Is there something missing or wrong in my configuration?
>
>

Re: Problem with relaying to Exchange server.

[Reindl Harald]

Am 18.03.2011 12:34, schrieb Jerry:
> Reindl, while giving posting instructions to the OP, you failed to
> list "Top Posting", a technique that you also fail to avail yourself of

if will never understand what is so cool scrolling down hundret miles
to find the latest message of a thread you follow a longer time instead
get the new information first

it gets really funny if somebody has  a large signature and written only
two lines since you have to search after anail, but anyways if you love
it.



signature.asc
Description: OpenPGP digital signature

Re: The future of SMTP ?

[Alain Spineux]

On Fri, Mar 18, 2011 at 12:22 PM, Reindl Harald  wrote:
>
>
> Am 18.03.2011 12:18, schrieb Alain Spineux:
>
>> and RBL providers handle domain names instead of IP addresses.
>
> what sense should this make?
>
> the domain / rcpt / from does mean NOTHING

SPF can be used on domains of the SMTP  and header 
fields and be linked to the IP address this way.

> the connecting ip can not be faked as long the
> protocol needs any tcp answer


The main idea of my post is the "politcal" solution more than my
"technical" proposition.
The new rules must be carefully choose by a SMTP guru committee that
agree to use them for their own SMTP.


-- 
Alain Spineux                   |  aspineux gmail com
Monitor your iT & Backups |  http://www.magikmon.com
Free Backup front-end       | http://www.magikmon.com/mksbackup
Your email 100% available |  http://www.emailgency.com

Re: Problem with relaying to Exchange server.

[Reindl Harald]

Am 18.03.2011 12:47, schrieb Rafał Radecki:
> 2011/3/18 Reindl Harald  >
> 
>  * please do not send html mails to the list
> Ok.

and you answered with html

i will never understand why somebody is formatting plain text as html
because it is useless overhead and after the third reply / quotation
the mails are looking like after a bomb-attack if this crap
is not cleaned as i usually do and did with this reply

>  * what is "myhostname" in your "main.cf ", this is the EHLO 
> from postfix
>  Not relevant in this situation, when using telnet I can use whatever helo I 
> want (tested).

do you want to configure your MTA the right way or does it not
matter for you and litte luck is enough?

this is one of the basic configurations

> * has your hostname a valid a-record/ptr
> 
> As I see it (based on telnet session) Echange is not veryfing DNS for 
> connecting hosts. 
> Host which I am using doesn't have a valid record.

even if this is not the problem now, every host needs a valid dns-configuration
or a better network-admin and yes you should make a clean setup of your MTA 
because
if in the future somebody makes a clean config on the target-server 
(HELO-check, dns-check..)
you will fail

>  * why does exchange give such a useless answer?
> I am not the person responsible fo configuration of the Exchange server

i did not see this lines

> default_transport = error
> relay_transport = error
> local_transport = error

sorry, but what did you expect with this lines and why
you are setting them if you not understand what they do?

exchange is not involved because you misconfigured your postfix, maybe postfix 
should
fail to start with a big message "somebody forced me to die" :-)

> relayhost = [10.0.1.222]:25

why this way instead simply the ip-address as long standard-ports
are used and why in the world a ip-address which works only
as long nobody is replacing the exchange server and give him a new ip

dns was invented a long time ago



signature.asc
Description: OpenPGP digital signature

Re: The future of SMTP ?

[Reindl Harald]

Am 18.03.2011 12:54, schrieb Alain Spineux:
> On Fri, Mar 18, 2011 at 12:22 PM, Reindl Harald  
> wrote:
>>
>>
>> Am 18.03.2011 12:18, schrieb Alain Spineux:
>>
>>> and RBL providers handle domain names instead of IP addresses.
>>
>> what sense should this make?
>>
>> the domain / rcpt / from does mean NOTHING
> 
> SPF can be used on domains of the SMTP  and header 
> fields and be linked to the IP address this way.

they can not, they are
spf and rbl are different shoes and both exists since years



signature.asc
Description: OpenPGP digital signature

Re: Problem with relaying to Exchange server.

[Rafał Radecki]

The problem was with relay_transport ;)

Thank you!

W dniu 18 marca 2011 12:18 użytkownik Wietse Venema
napisał:

> Rafa? Radecki:
> > default_transport = error
> > relay_transport = error
> > local_transport = error
>
> Why are you surprised that mail is returned as undeliverable?
>
>Wietse
>

Re: Problem with relaying to Exchange server.

[Rafał Radecki]

W dniu 18 marca 2011 13:04 użytkownik Reindl Harald
 napisał:
>
> Am 18.03.2011 12:47, schrieb Rafał Radecki:
> > 2011/3/18 Reindl Harald  > >
> >
> >  * please do not send html mails to the list
> > Ok.
>
> and you answered with html
>
> i will never understand why somebody is formatting plain text as html
> because it is useless overhead and after the third reply / quotation
> the mails are looking like after a bomb-attack if this crap
> is not cleaned as i usually do and did with this reply
>
> >  * what is "myhostname" in your "main.cf ", this is the 
> > EHLO from postfix
> >  Not relevant in this situation, when using telnet I can use whatever helo 
> > I want (tested).
>
> do you want to configure your MTA the right way or does it not
> matter for you and litte luck is enough?
>
> this is one of the basic configurations

For a simple relaying from my desktop ehlo is not needed to be
configured properly if the server does really nothing with it.
>
> > * has your hostname a valid a-record/ptr
> >
> > As I see it (based on telnet session) Echange is not veryfing DNS for 
> > connecting hosts.
> > Host which I am using doesn't have a valid record.
>
> even if this is not the problem now, every host needs a valid 
> dns-configuration
> or a better network-admin and yes you should make a clean setup of your MTA 
> because
> if in the future somebody makes a clean config on the target-server 
> (HELO-check, dns-check..)
> you will fail
>
This is true but and I would enforce using DNS here but I cannot.
> >  * why does exchange give such a useless answer?
> > I am not the person responsible fo configuration of the Exchange server
>
> i did not see this lines
>
> > default_transport = error
> > relay_transport = error
> > local_transport = error
>
Obviously you didn't see those perfectly visible lines which a postfix
guru (which I am not) should see (as Vietse did).
> sorry, but what did you expect with this lines and why
> you are setting them if you not understand what they do?
>
> exchange is not involved because you misconfigured your postfix, maybe 
> postfix should
> fail to start with a big message "somebody forced me to die" :-)
>
Please do not post pointless comments. I asked for help not for this.
> > relayhost = [10.0.1.222]:25
>
> why this way instead simply the ip-address as long standard-ports
> are used and why in the world a ip-address which works only
> as long nobody is replacing the exchange server and give him a new ip
>
> dns was invented a long time ago
>
I am aware of that, simply in my company DNS isn't used properly and I
can't change it.

Regards,
Rafal.

Re: Problem with relaying to Exchange server.

[Wietse Venema]

Reindl Harald:
> Am 18.03.2011 12:34, schrieb Jerry:
> > Reindl, while giving posting instructions to the OP, you failed to
> > list "Top Posting", a technique that you also fail to avail yourself of
> 
> if will never understand what is so cool scrolling down hundret miles
> to find the latest message of a thread you follow a longer time instead

There is no need to include the entire previous message.  This is
a mailing list, after all. People already have the complete copy
of the entire thread.  If the reply and replied-to text don't fit
on the screen then reader's time is wasted.

Google for: "I'm sorry I wrote such a long letter. I did not have
the time to write a short one."

Wietse

Re: The future of SMTP ?

[Alain Spineux]

On Fri, Mar 18, 2011 at 1:13 PM, Reindl Harald  wrote:
>
> Am 18.03.2011 12:54, schrieb Alain Spineux:
>> On Fri, Mar 18, 2011 at 12:22 PM, Reindl Harald  
>> wrote:
>>>
>>>
>>> Am 18.03.2011 12:18, schrieb Alain Spineux:
>>>
 and RBL providers handle domain names instead of IP addresses.
>>>
>>> what sense should this make?
>>>
>>> the domain / rcpt / from does mean NOTHING
>>
>> SPF can be used on domains of the SMTP  and header 
>> fields and be linked to the IP address this way.
>
> they can not,

Why ?

When a RBL provider get SPAM from a valid SPF enable domain, he log
the domain instead of the IP address.

And when you get an email, if it is not from a SPF enable  domain you
drop it, else you SPF check both domain
of SMTP  and header  field with the RBL and reject
if it does't match the SPF pointer.

To handle mailing list properly, for example this mailing list, the
RBL should allow mail from 168.100.1.3 and
sender=owner-postfix-us...@postfix.org
to fake the FROM: header to show the real mail sender. Any mailing
list owner should then register their lists near each RBL owner. And
mail server
administrator allow (or not) this class of SMTP server.


> they are
> spf and rbl are different shoes and both exists since years

Don't know about shoes ! maybe my poor english.

Regards

>
>



-- 
Alain Spineux                   |  aspineux gmail com
Monitor your iT & Backups |  http://www.magikmon.com
Free Backup front-end       | http://www.magikmon.com/mksbackup
Your email 100% available |  http://www.emailgency.com

Re: The future of SMTP ?

[Charles Marcus]

On 2011-03-18 9:41 AM, Alain Spineux wrote:
> And when you get an email, if it is not from a SPF enable  domain you
> drop it,

If you do that you drop a lot of legitimate mail...

-- 

Best regards,

Charles

Re: The future of SMTP ?

[Alain Spineux]

On Fri, Mar 18, 2011 at 3:15 PM, Charles Marcus
 wrote:
> On 2011-03-18 9:41 AM, Alain Spineux wrote:
>> And when you get an email, if it is not from a SPF enable  domain you
>> drop it,
>
> If you do that you drop a lot of legitimate mail...

Not if everyone comply with these new rules (my proposal or any others).
SPAM have already a cost and legitimate mails are already "lost" every days.
This time it would be dropped until IT admin configure SPF pointer and
secure their own LAN
to avoid to be black listed.

During a fixed transition period, mail could be gently returned to
sender with a warning about their SPF configuration.

>
> --
>
> Best regards,
>
> Charles
>



-- 
Alain Spineux                   |  aspineux gmail com
Monitor your iT & Backups |  http://www.magikmon.com
Free Backup front-end       | http://www.magikmon.com/mksbackup
Your email 100% available |  http://www.emailgency.com

Re: The future of SMTP ?

[Wietse Venema]

Alain Spineux:
> On Fri, Mar 18, 2011 at 3:15 PM, Charles Marcus
>  wrote:
> > On 2011-03-18 9:41 AM, Alain Spineux wrote:
> >> And when you get an email, if it is not from a SPF enable ?domain you
> >> drop it,
> >
> > If you do that you drop a lot of legitimate mail...
> 
> Not if everyone comply with these new rules (my proposal or any others).

Lets stop this here. Anyone who proposes a final solution to the spam
problem is first required to Google for FUSSP and READ ALL THE RESULTS.

Then, they are required to take it to a spam mailing list. This list
is about Postfix, not abut stopping spam.

Wietse

Upgrading Postfix and invalid/obseleted config values.

[Simon Brereton]

After a few years, I'm upgrading my server and this necessitates a reinstall.

I'm using the .deb packages (it's Debian Squeeze).

In my old main.cf I found these lines which don't appear to be currently valid.


768 virtual_mailbox_limit_maps = mysql:/etc/postfix/Mail-Quota.cf
769 virtual_mailbox_limit_inbox = no
770 virtual_maildir_extended = yes
771 virtual_create_maildirsize = yes
772 virtual_mailbox_limit_override = yes
773 virtual_overquota_bounce = yes


I spent some time to read www.postfix.org/postconf.5.html but was unable to 
find suitable replacements (I had a similar problem with 
smtpd_tls_security_level = may which I already fixed.

Can someone point me somewhere?

Thanks.

Re: Upgrading Postfix and invalid/obseleted config values.

[Wietse Venema]

Simon Brereton:
> 768 virtual_mailbox_limit_maps = mysql:/etc/postfix/Mail-Quota.cf
> 769 virtual_mailbox_limit_inbox = no
> 770 virtual_maildir_extended = yes
> 771 virtual_create_maildirsize = yes
> 772 virtual_mailbox_limit_override = yes
> 773 virtual_overquota_bounce = yes

This is not part of Postfix. It is a third-party quota patch that
some distributors include. For support, ask the distributor.

Wietse

Windows Live problems

[Mark Moellering]

I am new to postfix.  I have it set it up with dovecot on a unix box : 
postfix 2.8 on freebsd 8.1


While it tests fine under Thunderbird (and kde-mail), I currently can't 
send mail via Windows Live, although I can receive it.


I have been looking at the log files.  This is the error I am seeing:

Mar 18 11:50:53 mail postfix/smtpd[8376]: NOQUEUE: reject: RCPT from 
c-10-0-0-0.hsd1.mi.comcast.net[10-0-0-0]: 554 5.7.1 : 
Relay access denied; from= to= 
proto=ESMTP helo=


I have verified that it is in the middle of a connection.  The error is 
between
Mar 18 11:50:53 mail postfix/smtpd[8376]: Anonymous TLS connection 
established ... (snip) And

Mar 18 11:50:53 mail postfix/smtpd[8376]: disconnect from ... (snip)

I am not quite sure how to go from here.  Has anyone else had this 
problem?  I am guessing it may be a bug in the windows software but I 
don't relish the thought of saying we can't support Windows Live Mail.


Thank you so much in advance.

Mark Moellering
class creator .com
m...@classcreator.com


These are my recipient restrictions:

smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unauth_destination,
check_recipient_access 
hash:/usr/local/etc/postfix/accounts_accepted,

reject_multi_recipient_bounce,
reject_rhsbl_sender zen.spamhaus.org,
reject_rhsbl_sender bl.spamcop.net,
reject_unverified_sender,
permit

RE: Upgrading Postfix and invalid/obseleted config values.

[Simon Brereton]

> -Original Message-
> From: Wietse Venema [mailto:wie...@porcupine.org]
> Subject: Re: Upgrading Postfix and invalid/obseleted config values.
> 
> Simon Brereton:
> > 768 virtual_mailbox_limit_maps = mysql:/etc/postfix/Mail-Quota.cf
> > 769 virtual_mailbox_limit_inbox = no
> > 770 virtual_maildir_extended = yes
> > 771 virtual_create_maildirsize = yes
> > 772 virtual_mailbox_limit_override = yes
> > 773 virtual_overquota_bounce = yes
> 
> This is not part of Postfix. It is a third-party quota patch that
> some distributors include. For support, ask the distributor.

Thank you for knowing my system better than I do (did I mention it's a few 
years) since I did the initial install.  I suspect part of the reason I haven't 
done an upgrade recently is because of the LOE involved in applying the patch 
you mention..


Looking at http://www.postfix.org/addon.html I see a few options for adding 
quotas for virtual users.  Would you like to express an opinion on which one 
easiest to install/use/not worry about when upgrading?  Would anyone else like 
to express an opinion?

If - as I suspect - your default opinion is that it's not postfix's task to 
manage disk quotas what is the recommended approach for this?

Thanks.

Re: Windows Live problems

[Randy Ramsdell]

Mark Moellering wrote:
I am new to postfix.  I have it set it up with dovecot on a unix box : 
postfix 2.8 on freebsd 8.1


While it tests fine under Thunderbird (and kde-mail), I currently can't 
send mail via Windows Live, although I can receive it.


I have been looking at the log files.  This is the error I am seeing:

Mar 18 11:50:53 mail postfix/smtpd[8376]: NOQUEUE: reject: RCPT from 
c-10-0-0-0.hsd1.mi.comcast.net[10-0-0-0]: 554 5.7.1 : 
Relay access denied; from= to= 
proto=ESMTP helo=




m...@msen.com

Re: Upgrading Postfix and invalid/obseleted config values.

[Wietse Venema]

Simon Brereton:
> > > 768 virtual_mailbox_limit_maps = mysql:/etc/postfix/Mail-Quota.cf
> > > 769 virtual_mailbox_limit_inbox = no
> > > 770 virtual_maildir_extended = yes
> > > 771 virtual_create_maildirsize = yes
> > > 772 virtual_mailbox_limit_override = yes
> > > 773 virtual_overquota_bounce = yes
> > 
> > This is not part of Postfix. It is a third-party quota patch that
> > some distributors include. For support, ask the distributor.
> 
> Thank you for knowing my system better than I do (did I mention
> it's a few years) since I did the initial install.  I suspect part
> of the reason I haven't done an upgrade recently is because of
> the LOE involved in applying the patch you mention..

I, too, hate replacing programs that work.

> If - as I suspect - your default opinion is that it's not postfix's
> task to manage disk quotas what is the recommended approach for
> this?

Dovecot has quotas built-in and other features such as per-user
filters that Postfix will not provide. It also plays nice with
Postfix to authenticate SMTP clients with SASL. Dovecot, hooked up
to Postfix with LMTP would be a good combination.

Wietse

Re: Windows Live problems

[Matt Hayes]

On 3/18/2011 12:23 PM, Mark Moellering wrote:
> I am new to postfix.  I have it set it up with dovecot on a unix box :
> postfix 2.8 on freebsd 8.1
> 
> While it tests fine under Thunderbird (and kde-mail), I currently can't
> send mail via Windows Live, although I can receive it.
> 
> I have been looking at the log files.  This is the error I am seeing:
> 
> Mar 18 11:50:53 mail postfix/smtpd[8376]: NOQUEUE: reject: RCPT from
> c-10-0-0-0.hsd1.mi.comcast.net[10-0-0-0]: 554 5.7.1 :
> Relay access denied; from= to=
> proto=ESMTP helo=
> 
> I have verified that it is in the middle of a connection.  The error is
> between
> Mar 18 11:50:53 mail postfix/smtpd[8376]: Anonymous TLS connection
> established ... (snip) And
> Mar 18 11:50:53 mail postfix/smtpd[8376]: disconnect from ... (snip)
> 
> I am not quite sure how to go from here.  Has anyone else had this
> problem?  I am guessing it may be a bug in the windows software but I
> don't relish the thought of saying we can't support Windows Live Mail.
> 
> Thank you so much in advance.
> 
> Mark Moellering
> class creator .com
> m...@classcreator.com
> 
> 
> These are my recipient restrictions:
> 
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_non_fqdn_sender,
> reject_unauth_destination,
> check_recipient_access
> hash:/usr/local/etc/postfix/accounts_accepted,
> reject_multi_recipient_bounce,
> reject_rhsbl_sender zen.spamhaus.org,
> reject_rhsbl_sender bl.spamcop.net,
> reject_unverified_sender,
> permit
> 
> 
> 

Mark,

If you are setting this mail server up so that clients are allowed to
relay through it, I suggest looking at:

http://www.postfix.org/SASL_README.html and see the commented example
for submission in the master.cf

-Matt

Re: Windows Live problems

[Mark Moellering]

On 18-Mar-11 12:39 PM, Randy Ramsdell wrote:

Mark Moellering wrote:
I am new to postfix.  I have it set it up with dovecot on a unix box 
: postfix 2.8 on freebsd 8.1


While it tests fine under Thunderbird (and kde-mail), I currently 
can't send mail via Windows Live, although I can receive it.


I have been looking at the log files.  This is the error I am seeing:

Mar 18 11:50:53 mail postfix/smtpd[8376]: NOQUEUE: reject: RCPT from 
c-10-0-0-0.hsd1.mi.comcast.net[10-0-0-0]: 554 5.7.1 : 
Relay access denied; from= to= 
proto=ESMTP helo=




m...@msen.com


Err.  You appear to have sent me a blank message as a reply.  Was it 
an accidental send or am I just not getting it.



Mark Moellering

Re: Upgrading Postfix and invalid/obseleted config values.

[Fernando Maior]

>
> Dovecot has quotas built-in and other features such as per-user
> filters that Postfix will not provide. It also plays nice with
> Postfix to authenticate SMTP clients with SASL. Dovecot, hooked up
> to Postfix with LMTP would be a good combination.
>
>Wietse
>

Well, users usually interacts with IMAP/POP servers thru their mail
client programs. So, it makes sense that Dovecot takes care of the
quotas, instead of Postfix.

Also, Wietse's suggestion of Dovecot & Postfix with LMTP is just
the default I use for new or renewed installations.

Fernando Maior

Re: Windows Live problems

[Fernando Maior]

Mark,

Would you kindly post to the list the output for "postconf -n" ?

Fernando Maior

Re: Windows Live problems - Resolved

[Mark Moellering]

Everyone,

Thank you for your help.  I found the culprit.  I was missing the line:

auth_mechanisms = plain login

in my dovecot.conf file.  Everything works now.  Thank you so much for all your 
help,
especially Matt Hayes for making me realize that dovecot and not postfix was 
handling the authorization.

Thanks again,

Mark Moellering

RE: Upgrading Postfix and invalid/obseleted config values.

[Simon Brereton]

> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of Wietse Venema
> Sent: Friday, March 18, 2011 1:15 PM
> To: Postfix users
> Subject: Re: Upgrading Postfix and invalid/obseleted config values.
>
> Simon Brereton:
> > > > 768 virtual_mailbox_limit_maps = mysql:/etc/postfix/Mail-
> Quota.cf
> > > > 769 virtual_mailbox_limit_inbox = no 770
> virtual_maildir_extended
> > > > = yes
> > > > 771 virtual_create_maildirsize = yes
> > > > 772 virtual_mailbox_limit_override = yes
> > > > 773 virtual_overquota_bounce = yes
> > >
> > > This is not part of Postfix. It is a third-party quota patch that
> > > some distributors include. For support, ask the distributor.
> >
> > Thank you for knowing my system better than I do (did I mention
> it's a
> > few years) since I did the initial install.  I suspect part of the
> > reason I haven't done an upgrade recently is because of the LOE
> > involved in applying the patch you mention..
> 
> I, too, hate replacing programs that work.

Aye - but it's old and I'm worried about hardware failure and I never 
documented the original install so I'd be screwed if it failed or my old Debian 
install got hacked..  sigh

> > If - as I suspect - your default opinion is that it's not postfix's
> > task to manage disk quotas what is the recommended approach for
> this?
> 
> Dovecot has quotas built-in and other features such as per-user
> filters that Postfix will not provide. It also plays nice with
> Postfix to authenticate SMTP clients with SASL. Dovecot, hooked up to
> Postfix with LMTP would be a good combination.

For now I'm wedded to Courier.  I don't have that many users, I'll just write a 
script to tell me the size of the maildirs and warn me if a limit is being 
reached.

Thanks for your help as always.

Re: Windows Live problems - Resolved

[Matt Hayes]

On 3/18/2011 2:39 PM, Mark Moellering wrote:
> Everyone,
> 
> Thank you for your help.  I found the culprit.  I was missing the line:
> 
> auth_mechanisms = plain login
> 
> in my dovecot.conf file.  Everything works now.  Thank you so much for
> all your help,
> especially Matt Hayes for making me realize that dovecot and not postfix
> was handling the authorization.
> 
> Thanks again,
> 
> Mark Moellering
> 
> 
> 


Mark, I'm glad to see you got it resolved.

-Matt

Re: Upgrading Postfix and invalid/obseleted config values.

[Daniel Bromberg]

On 3/18/2011 2:45 PM, Simon Brereton wrote:

[snip]

This is not part of Postfix. It is a third-party quota patch that
some distributors include. For support, ask the distributor.

Thank you for knowing my system better than I do (did I mention

it's a

few years) since I did the initial install.  I suspect part of the
reason I haven't done an upgrade recently is because of the LOE
involved in applying the patch you mention..

I, too, hate replacing programs that work.

Aye - but it's old and I'm worried about hardware failure and I never 
documented the original install so I'd be screwed if it failed or my old Debian 
install got hacked..  sigh


If - as I suspect - your default opinion is that it's not postfix's
task to manage disk quotas what is the recommended approach for

this?

Dovecot has quotas built-in and other features such as per-user
filters that Postfix will not provide. It also plays nice with
Postfix to authenticate SMTP clients with SASL. Dovecot, hooked up to
Postfix with LMTP would be a good combination.

For now I'm wedded to Courier.  I don't have that many users, I'll just write a 
script to tell me the size of the maildirs and warn me if a limit is being 
reached.

Thanks for your help as always.


Just being a googlebot again, but does this help? 
http://www.courier-mta.org/imap/README.maildirquota.html
Using the Maildir++ extended Maildir format: 
http://en.wikipedia.org/wiki/Maildir#Maildir.2B.2B


-Daniel

RE: Upgrading Postfix and invalid/obseleted config values.

[Simon Brereton]

> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of Daniel Bromberg
> Subject: Re: Upgrading Postfix and invalid/obseleted config values.
> 
> On 3/18/2011 2:45 PM, Simon Brereton wrote:
> >> [snip]
>  This is not part of Postfix. It is a third-party quota patch
> that
>  some distributors include. For support, ask the distributor.
> >>> Thank you for knowing my system better than I do (did I mention
> >> it's a
> >>> few years) since I did the initial install.  I suspect part of
> the
> >>> reason I haven't done an upgrade recently is because of the LOE
> >>> involved in applying the patch you mention..
> >> I, too, hate replacing programs that work.
> > Aye - but it's old and I'm worried about hardware failure and I
> never
> > documented the original install so I'd be screwed if it failed or
> my
> > old Debian install got hacked..  sigh
> >
> >>> If - as I suspect - your default opinion is that it's not
> postfix's
> >>> task to manage disk quotas what is the recommended approach for
> >> this?
> >>
> >> Dovecot has quotas built-in and other features such as per-user
> >> filters that Postfix will not provide. It also plays nice with
> >> Postfix to authenticate SMTP clients with SASL. Dovecot, hooked up
> to
> >> Postfix with LMTP would be a good combination.
> > For now I'm wedded to Courier.  I don't have that many users, I'll
> just write a script to tell me the size of the maildirs and warn me
> if a limit is being reached.
> >
> > Thanks for your help as always.
> 
> Just being a googlebot again, but does this help?
> http://www.courier-mta.org/imap/README.maildirquota.html
> Using the Maildir++ extended Maildir format:
> http://en.wikipedia.org/wiki/Maildir#Maildir.2B.2B
  
Daniel

All thoughts are appreciated.  I'll investigate further, but I think my 
original issue was this warning (without wanting to drag Courier into the 
Postfix list)..

If you would like to have a quota on your maildir mailboxes, the best 
solution is to always use filesystem-based quotas: per-user usage quotas that 
is enforced by the operating system.

This is the best solution when the default Maildir is located in each 
account's home directory. This solution will NOT work if Maildirs are stored 
elsewhere, or if you have a large virtual domain setup where a single userid is 
used to hold many individual Maildirs, one for each virtual user.

I have a virtual domain set up and one UID for delivering mail.  I suppose this 
might be hacked to work but would require more skill than I have.  Since I 
assume Postfix won't respect the quota extension the issue remains a) how to 
get the MTA to stop delivering mail to the maildir and b) how to warn the user 
that they are close to over quota and will lose mail.

(It may make the blood of some on this list run cold, but I would never 
configure a Postfix installation of mine to send DNSs back to the sender 
telling them their precious mail could not be delivered).  At best it would 
have to be silently dropped as it would have already gone through the 
content-filter (amavisd) and therefore envelope-sender could no longer be 
trusted.

Now, if the quota could be checked (perhaps when doing the mysql lookup on 
valide users) before the sending agent disconnects - that would be truly 
marvellous.

1st post new to postfix and fixing a server crash!

[lance raymond]

What a way to welcome myself to the group!  But with that, the mailserver
crashed (HD fail) and the backups from last night were in tact.  Problem is
the old os was a RH9 (I know) system, built from source, etc.  The new box
is staged (CentOS5), postfix installed via YUM and the config was then
compared. They were using virtual domains/users, so that part of the config
was moved and looks like this;

disable_mime_output_conversion = yes
strict_mime_encoding_domain = yes
maildrop_destination_recipient_limit = 1
vacation_destination_recipient_limit = 1
virtual_mailbox_domains = cdb:/etc/postfix/virtdomains
virtual_mailbox_base = /mail
virtual_mailbox_maps = cdb:/etc/postfix/virtmailboxes
virtual_uid_maps = static:508
virtual_gid_maps = static:508
virtual_minimal_uid = 100
virtual_alias_maps = cdb:/etc/postfix/virtaliases
virtual_transport = maildrop
transport_maps = cdb:/etc/postfix/virttrans
smtpd_recipient_restrictions = permit_mynetworks check_client_access
cdb:/etc/postfix/popb4smtp check_relay_domains
#smtpd_client_restrictions = permit_mynetworks, check_client_access
cdb:/etc/postfix/popb4smtp, reject_rbl_client replays.ordb.org,
reject_rbl_client bl.spamcop.net
smtpd_client_restrictions = permit_mynetworks, check_client_access
cdb:/etc/postfix/popb4smtp

Now in the /etc/postfix folder, those virtdomain/virtusers files were put
there, the mynetworks IPs, etc. are all set. A start on postfix and no
errors.  They use some PHP webmail front end, debugging up and a test login
(forced fail since I don't have a valid user/pass) I saw this in the apache
log;
grep: /etc/dtpasswd: No such file or directory

[Fri Mar 18 13:01:36 2011] [error] [client 1.1.1.1] PHP Warning:
 fsockopen() [function.fsockopen]: unable
to connect to localhost:143 (Connection refused) in /var/www/html/
webmail.simpedia.com/functions/imap_general.php on line 172, referer:
http://webmail.siahou.net/src/login.php
grep: /etc/dtpasswd: No such file or directory

I don't have that /etc/dpasswd file anywhere, but seeing 143 (IMAP)
refusing, I installed dovecot via YUM since I know he's an IMAP server and
rehitting the page, login, still got the dpasswd file, but the 143 refused
is now gone.  On extracting the backups, I do see a userdb file which I can
cat and looks like my user info;  example;
*supp...@domain.com systempw=fwsNTHmHTI1t.|uid=509|mail=/mail/
domain.com/support|home=/home/maildrop|gid=509*

Now I need to have the following;
1. The server back where the users can login and get their mail.
2. Know how to add / delete users (not sure if the userdb is a backup, etc.
since the config says to use the cdb file)
3. Testing.  Comparing to mysql, can I connect locally via command line,
test login, etc.?

Once I have 2 working, I can use a 3rd party client, but as of now, I don't
even know if new mail is being recieved, etc. as paths like
/mail/mail.domain doesn't exist.

Since this is my 1st post, I may be leaving out something, feel free to let
me know what (how to get it) and I will provide.

Thanks to all for reading and bearing with a new user.

Re: Upgrading Postfix and invalid/obseleted config values.

[Wietse Venema]

If you don't mind a short delay between "reaching quota" and
"stopping mail", then you could run a cron job that maintains an
smtpd access map for users that reach the limit. This way, you
don't have to send non-delivery status notifications and you also
don't have to discard any email.

Basic procedure:

Parse du(1) output, create a temporary table and rename it into
place when the job completes without error.

Wietse

RE: Upgrading Postfix and invalid/obseleted config values.

[Simon Brereton]

> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of Wietse Venema
> Subject: Re: Upgrading Postfix and invalid/obseleted config values.
> 
> If you don't mind a short delay between "reaching quota" and
> "stopping mail", then you could run a cron job that maintains an
> smtpd access map for users that reach the limit. This way, you don't
> have to send non-delivery status notifications and you also don't
> have to discard any email.
> 
> Basic procedure:
> 
> Parse du(1) output, create a temporary table and rename it into place
> when the job completes without error.

Thanks.  I alluded to a thought along these lines earlier.  I don't mind the 
delay at all.  I'll probably wait until it's all rebuilt and see what I can 
come up with.  I'll post back at that time in case anyone finds the solution 
useful.

Thanks again - I owed this list a lot last time and nothing's changed.

Re: 1st post new to postfix and fixing a server crash!

[Steve Jenkins]

On Mar 18, 2011, at 2:50 PM, lance raymond  wrote:

> What a way to welcome myself to the group!  But with that, the mailserver 
> crashed (HD fail) and the backups from last night were in tact.  Problem is 
> the old os was a RH9 (I know) system, built from source, etc.  The new box is 
> staged (CentOS5), postfix installed via YUM and the config was then compared. 
> They were using virtual domains/users, so that part of the config was moved 
> and looks like this;
> 
> disable_mime_output_conversion = yes
> strict_mime_encoding_domain = yes
> maildrop_destination_recipient_limit = 1
> vacation_destination_recipient_limit = 1
> virtual_mailbox_domains = cdb:/etc/postfix/virtdomains
> virtual_mailbox_base = /mail
> virtual_mailbox_maps = cdb:/etc/postfix/virtmailboxes
> virtual_uid_maps = static:508
> virtual_gid_maps = static:508
> virtual_minimal_uid = 100
> virtual_alias_maps = cdb:/etc/postfix/virtaliases
> virtual_transport = maildrop
> transport_maps = cdb:/etc/postfix/virttrans
> smtpd_recipient_restrictions = permit_mynetworks check_client_access 
> cdb:/etc/postfix/popb4smtp check_relay_domains
> #smtpd_client_restrictions = permit_mynetworks, check_client_access 
> cdb:/etc/postfix/popb4smtp, reject_rbl_client replays.ordb.org, 
> reject_rbl_client bl.spamcop.net
> smtpd_client_restrictions = permit_mynetworks, check_client_access 
> cdb:/etc/postfix/popb4smtp
> 
> Now in the /etc/postfix folder, those virtdomain/virtusers files were put 
> there, the mynetworks IPs, etc. are all set. A start on postfix and no 
> errors.  They use some PHP webmail front end, debugging up and a test login 
> (forced fail since I don't have a valid user/pass) I saw this in the apache 
> log;
> grep: /etc/dtpasswd: No such file or directory
> 
> [Fri Mar 18 13:01:36 2011] [error] [client 1.1.1.1] PHP Warning:  fsockopen() 
> [function.fsockopen]: unable to connect to 
> localhost:143 (Connection refused) in 
> /var/www/html/webmail.simpedia.com/functions/imap_general.php on line 172, 
> referer: http://webmail.siahou.net/src/login.php
> grep: /etc/dtpasswd: No such file or directory
> 
> I don't have that /etc/dpasswd file anywhere, but seeing 143 (IMAP) refusing, 
> I installed dovecot via YUM since I know he's an IMAP server and rehitting 
> the page, login, still got the dpasswd file, but the 143 refused is now gone. 
>  On extracting the backups, I do see a userdb file which I can cat and looks 
> like my user info;  example;
> supp...@domain.com
> systempw=fwsNTHmHTI1t.|uid=509|mail=/mail/domain.com/support|home=/home/maildrop|gid=509
>  
> Now I need to have the following;
> 1. The server back where the users can login and get their mail.
> 2. Know how to add / delete users (not sure if the userdb is a backup, etc. 
> since the config says to use the cdb file)
> 3. Testing.  Comparing to mysql, can I connect locally via command line, test 
> login, etc.?
> 
> Once I have 2 working, I can use a 3rd party client, but as of now, I don't 
> even know if new mail is being recieved, etc. as paths like /mail/mail.domain 
> doesn't exist.
> 
> Since this is my 1st post, I may be leaving out something, feel free to let 
> me know what (how to get it) and I will provide.
> 
> Thanks to all for reading and bearing with a new user.

Before you get too far into config, may I suggest that you upgrade to Postfix 
2.8? The version from the CentOS repos is woefully outdated.

Postfix 2.8 for CentOS 5 instructions here:

http://stevejenkins.com/blog/2011/01/building-postfix-2-8-on-rhel5-centos-5-from-source/

SteveJ

Re: 1st post new to postfix and fixing a server crash!

[Sahil Tandon]

On Fri, 2011-03-18 at 16:50:08 -0400, lance raymond wrote:

> What a way to welcome myself to the group!  But with that, the mailserver
> crashed (HD fail) and the backups from last night were in tact.  Problem is
> the old os was a RH9 (I know) system, built from source, etc.  The new box
> is staged (CentOS5), postfix installed via YUM and the config was then
> compared. They were using virtual domains/users, so that part of the config
> was moved and looks like this;

[ .. ]

> They use some PHP webmail front end, debugging up and a test login
> (forced fail since I don't have a valid user/pass) I saw this in the
> apache log; grep: /etc/dtpasswd: No such file or directory
> 
> [Fri Mar 18 13:01:36 2011] [error] [client 1.1.1.1] PHP Warning:
> fsockopen() [function.fsockopen]:
> unable to connect to localhost:143 (Connection refused) in
> /var/www/html/ webmail.simpedia.com/functions/imap_general.php on line
> 172, referer: http://webmail.siahou.net/src/login.php grep:
> /etc/dtpasswd: No such file or directory

[ .. ]

Your anecdotes and log excerpts do not show a Postfix problem.  Port 143
is for IMAP, not SMTP.

-- 
Sahil Tandon 

Re: 1st post new to postfix and fixing a server crash!

[lance raymond]

Your right on the error, but the other part of the thread was about postfix
virtual users, etc which also needed answering.
On Mar 18, 2011 7:39 PM, "Sahil Tandon"  wrote:
> On Fri, 2011-03-18 at 16:50:08 -0400, lance raymond wrote:
>
>> What a way to welcome myself to the group! But with that, the mailserver
>> crashed (HD fail) and the backups from last night were in tact. Problem
is
>> the old os was a RH9 (I know) system, built from source, etc. The new box
>> is staged (CentOS5), postfix installed via YUM and the config was then
>> compared. They were using virtual domains/users, so that part of the
config
>> was moved and looks like this;
>
> [ .. ]
>
>> They use some PHP webmail front end, debugging up and a test login
>> (forced fail since I don't have a valid user/pass) I saw this in the
>> apache log; grep: /etc/dtpasswd: No such file or directory
>>
>> [Fri Mar 18 13:01:36 2011] [error] [client 1.1.1.1] PHP Warning:
>> fsockopen() [function.fsockopen]:
>> unable to connect to localhost:143 (Connection refused) in
>> /var/www/html/ webmail.simpedia.com/functions/imap_general.php on line
>> 172, referer: http://webmail.siahou.net/src/login.php grep:
>> /etc/dtpasswd: No such file or directory
>
> [ .. ]
>
> Your anecdotes and log excerpts do not show a Postfix problem. Port 143
> is for IMAP, not SMTP.
>
> --
> Sahil Tandon 

Re: Upgrading Postfix and invalid/obseleted config values.

[Peter]

On 19/03/11 09:49, Simon Brereton wrote:

From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
us...@postfix.org] On Behalf Of Daniel Bromberg



Just being a googlebot again, but does this help?
http://www.courier-mta.org/imap/README.maildirquota.html
Using the Maildir++ extended Maildir format:
http://en.wikipedia.org/wiki/Maildir#Maildir.2B.2B


All thoughts are appreciated.  I'll investigate further, but I think
my original issue was this warning (without wanting to drag Courier
into the Postfix list)..

If you would like to have a quota on your maildir mailboxes, the best
solution is to always use filesystem-based quotas: per-user usage
quotas that is enforced by the operating system.

This is the best solution when the default Maildir is located in each
account's home directory. This solution will NOT work if Maildirs are
stored elsewhere, or if you have a large virtual domain setup where a
single userid is used to hold many individual Maildirs, one for each
virtual user.

I have a virtual domain set up and one UID for delivering mail.  I
suppose this might be hacked to work but would require more skill
than I have.  Since I assume Postfix won't respect the quota
extension the issue remains a) how to get the MTA to stop delivering
mail to the maildir and b) how to warn the user that they are close
to over quota and will lose mail.

(It may make the blood of some on this list run cold, but I would
never configure a Postfix installation of mine to send DNSs back to
the sender telling them their precious mail could not be delivered).
At best it would have to be silently dropped as it would have already
gone through the content-filter (amavisd) and therefore
envelope-sender could no longer be trusted.

Now, if the quota could be checked (perhaps when doing the mysql
lookup on valide users) before the sending agent disconnects - that
would be truly marvellous.


I think you misunderstand that warning.  My read on it is that it is 
telling you that disk based quotas are better than Maildir quotas, but 
there are cases where disk based quotas won't work (such as yours).  In 
your case use Maildir quotas which should work fine and which are 
explained beyond that paragraph.



Peter
(new to posting here, but have been following the list for a while now).

Re: 1st post new to postfix and fixing a server crash!

[Sahil Tandon]

On Fri, 2011-03-18 at 20:06:35 -0400, lance raymond wrote:

> Your right on the error, but the other part of the thread was about
> postfix virtual users, etc which also needed answering.

Please do not top-post. I cannot see any discussion of a Postfix
problem on your system. User management, accessing mailboxes, et
cetera, happen elsewhere. If you believe Postfix is malfunctioning,
please provide evidence.

Review the following document before posting your follow-up:

 http://www.postfix.org/DEBUG_README.html#mail

-- 
Sahil Tandon