Re: long (non-repeating) queue ID support

[Wietse Venema]

Victor Duchovni:
> On Sun, Mar 20, 2011 at 03:57:45PM -0400, Wietse Venema wrote:
> 
> > Below is the manpage entry for long queue ID support. Let me know
> > if there's anything missing. 
> 
> With the first few characters of the new long queue-id encoding the
> epoch-seconds time and not the micro-seconds time, it seems to me that
> the current scheme for "hashing" the "deferred" and "defer" (and perhaps
> other) sub-queues needs adjustment.
> 
> Also, just switching the position of the microseconds and epoch seconds
> in the new long queue-id is perhaps not quite enough, the first character
> of the new microseconds has only 8 possible values (0-7), previously
> the range was 16 values (more effective hashing).
> 
> Use of base 32 encoding, would give a much better result, since 32^4 is
> 10^20 or just over a million, so the microseconds can be encoded just
> as efficiently in base 32 as in base 51, but the distribution of the
> first character is much more uniform (32 possible values).
> 
> So my proposed update for the long queue id is:
> 
> - 4 octets of base 32 encoded tv_usec
> - 6+ octets of base 51 encoded tv_sec epoch time
> - one non base 51 octet separator
> - inode number in base 52.

Better: use reverse microseconds + reverse seconds (i.e.  LSB
first, base 52 encoded).  Then we can have 52 possible values per
character for queue hashing.  With two levels of hashing we get
10x fewer files per directory compared to old queue file names.

We'll also need some postcat command option to decode such
information for forensic/trouble shooting purposes.

Wietse

Re: long (non-repeating) queue ID support

[Wietse Venema]

Wietse Venema:
> Victor Duchovni:
> > On Sun, Mar 20, 2011 at 03:57:45PM -0400, Wietse Venema wrote:
> > 
> > > Below is the manpage entry for long queue ID support. Let me know
> > > if there's anything missing. 
> > 
> > With the first few characters of the new long queue-id encoding the
> > epoch-seconds time and not the micro-seconds time, it seems to me that
> > the current scheme for "hashing" the "deferred" and "defer" (and perhaps
> > other) sub-queues needs adjustment.
> > 
> > Also, just switching the position of the microseconds and epoch seconds
> > in the new long queue-id is perhaps not quite enough, the first character
> > of the new microseconds has only 8 possible values (0-7), previously
> > the range was 16 values (more effective hashing).
> > 
> > Use of base 32 encoding, would give a much better result, since 32^4 is
> > 10^20 or just over a million, so the microseconds can be encoded just
> > as efficiently in base 32 as in base 51, but the distribution of the
> > first character is much more uniform (32 possible values).
> > 
> > So my proposed update for the long queue id is:
> > 
> > - 4 octets of base 32 encoded tv_usec
> > - 6+ octets of base 51 encoded tv_sec epoch time
> > - one non base 51 octet separator
> > - inode number in base 52.
> 
> Better: use reverse microseconds + reverse seconds (i.e.  LSB
> first, base 52 encoded).  Then we can have 52 possible values per
> character for queue hashing.  With two levels of hashing we get
> 10x fewer files per directory compared to old queue file names.

In fact, the existing base 52/51 ID is optimal when we use the last
characters (the LSB end) for directory hashing. This is a near-trivial
code change, and it spreads the queue evenly over 52 subdirectories.

> We'll also need some postcat command option to decode such
> information for forensic/trouble shooting purposes.

Meaning, given a queue ID of 3PtcSh3sXLzHQDd, present it as date
+ microseconds + inode number if is a well-formed long Postfix
queue ID (3PtcSh = Mar 21 08:50:12 2011).

Wietse

RE: Upgrading Postfix and invalid/obseleted config values.

[Simon Brereton]

> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of Peter
> Subject: Re: Upgrading Postfix and invalid/obseleted config values.

> > If you would like to have a quota on your maildir mailboxes, the
> best
> > solution is to always use filesystem-based quotas: per-user usage
> > quotas that is enforced by the operating system.
> >
> > This is the best solution when the default Maildir is located in
> each
> > account's home directory. This solution will NOT work if Maildirs
> are
> > stored elsewhere, or if you have a large virtual domain setup where
> a
> > single userid is used to hold many individual Maildirs, one for
> each
> > virtual user.

> > Now, if the quota could be checked (perhaps when doing the mysql
> > lookup on valide users) before the sending agent disconnects - that
> > would be truly marvellous.
> 
> I think you misunderstand that warning.  My read on it is that it is
> telling you that disk based quotas are better than Maildir quotas,
> but there are cases where disk based quotas won't work (such as
> yours).  In your case use Maildir quotas which should work fine and
> which are explained beyond that paragraph.

Peter

Thanks for your interpretation - I looked again and I think you're right.  My 
problem is still relative incompetence.  This would work if I can configure 
Postfix to use deliverquota.  Sadly, the courier website only details how to 
make qmail work, google has a ton of unanswered requests on how to make postfix 
work in the courier mailing list and only 1 in the postfix mailing list:

http://www.irbs.net/internet/postfix/0412/1673.html

An option that appears to be neither quick or simple or easier than just 
patching postfix with the patch I currently have..

A quick look at my master.cf says postfix is using maildrop already..

maildrop  unix  -   n   n   -   -   pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}


sadly, it doesn't exist on the server though:

donald:~# dpkg --search /usr/bin/maildrop
dpkg: /usr/bin/maildrop not found.


Is there some (easy) way to configure Postfix to use deliverquota to deliver 
the mails?  Notwithstanding the fact that this would still be done after the 
sending system was already disconnected?

Cheers

Simon

public NIC not answering - connection refused

[lance raymond]

I am close to having this production server in place and working, running on
CentOS 5 patch updated (thanks Steve).  I have mysql working nicely with
dovecot, and can send mail using both squirrelmail and roundcube but all
outsite mail in is refused.  An outside port scan shows 25 as closed, and a
netstat internal shows;

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address   Foreign Address
State   PID/Program name
tcp0  0 0.0.0.0:33060.0.0.0:*
LISTEN  18627/mysqld
tcp0  0 127.0.0.1:250.0.0.0:*
LISTEN  2080/master
tcp0  0 :::993  :::*
LISTEN  5001/dovecot
tcp0  0 :::995  :::*
LISTEN  5001/dovecot
tcp0  0 :::110  :::*
LISTEN  5001/dovecot
tcp0  0 :::143  :::*
LISTEN  5001/dovecot
tcp0  0 :::80   :::*
LISTEN  4401/httpd
tcp0  0 :::22   :::*
LISTEN  2128/sshd

When I telnet localhost 25 I get the postfix connect, outside I am refused.
Firewall is disabled, so it seems to be a postfix issue, although looking
above, it seems (I am not sure though) that the 0.0.0.0:* should mean anyone
right?  Reading on what interfaces it listens on, the main.cf does have;
intet_interfaces = all which is the only thing I have found so far.

Also, running;
*ls -l /proc/2080 | grep exe
lrwxrwxrwx 1 root root 0 Mar 21 05:49 exe -> /usr/libexec/postfix/master
*
So am I looking at a server blocking 25, or is it postfix only listening on
the localhost?  Thanks.

Re: public NIC not answering - connection refused

[Matt Hayes]

On 3/21/2011 9:25 AM, lance raymond wrote:
> I am close to having this production server in place and working,
> running on CentOS 5 patch updated (thanks Steve).  I have mysql working
> nicely with dovecot, and can send mail using both squirrelmail and
> roundcube but all outsite mail in is refused.  An outside port scan
> shows 25 as closed, and a netstat internal shows;
> 
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address   Foreign
> Address State   PID/Program name  
> tcp0  0 0.0.0.0:3306    
> 0.0.0.0:*   LISTEN  18627/mysqld   
> tcp0  0 127.0.0.1:25    
> 0.0.0.0:*   LISTEN  2080/master
> tcp0  0 :::993 
> :::*LISTEN  5001/dovecot   
> tcp0  0 :::995 
> :::*LISTEN  5001/dovecot   
> tcp0  0 :::110 
> :::*LISTEN  5001/dovecot   
> tcp0  0 :::143 
> :::*LISTEN  5001/dovecot   
> tcp0  0 :::80  
> :::*LISTEN  4401/httpd 
> tcp0  0 :::22  
> :::*LISTEN  2128/sshd  
> 
> When I telnet localhost 25 I get the postfix connect, outside I am
> refused.  Firewall is disabled, so it seems to be a postfix issue,
> although looking above, it seems (I am not sure though) that the
> 0.0.0.0:* should mean anyone right?  Reading on what interfaces it
> listens on, the main.cf  does have;
> intet_interfaces = all which is the only thing I have found so far.
> 
> Also, running;
> /ls -l /proc/2080 | grep exe
> lrwxrwxrwx 1 root root 0 Mar 21 05:49 exe -> /usr/libexec/postfix/master
> /
> So am I looking at a server blocking 25, or is it postfix only listening
> on the localhost?  Thanks.


Possibly firewall? SELinux?  Something upstream blocking it inbound?

-Matt

Re: public NIC not answering - connection refused

[Reindl Harald]

what do you expect if postfix is configured to listen
only on loopback device?

tcp 0 0 127.0.0.1:25 0.0.0.0:*  LISTEN  2080/master



signature.asc
Description: OpenPGP digital signature

public NIC not answering - connection refused

[lance raymond]

@John - thanks.  Will post that output below.
@Matt - SElinux disabled, iptables stopped, so I don't think that is the
case.

Original post did have;
" intet_interfaces = all which is the only thing I have found so far. "  so
I am not sure if something was omitted, or incorrect.

@John, here is the output;
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = localhost
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf
virtual_gid_maps = static:505
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf
virtual_uid_maps = static:505

So is there anything obvious that I have incorrect?  I thought maybe the
mynetworks, but I believe that is for mail relaying.  I am under some time
issues which is why I am posting this which others may seem a basic how-to,
but I am reading in parallel, testing, etc. so I do apologize for maybe a
basic question.

But thanks.

@John - thanks.  Will post that output below.
@Matt - SElinux disabled, iptables stopped, so I don't think that is the
case.
@Reindi - What do I expect?  Help from the user forum.  I did post in the
original post;
" intet_interfaces = all which is the only thing I have found so far. " so
if you noticed that was incorrect or you need to explicitly say what
interfaces, I would have thought something like "to make it listen on other
ports, make sure you have this or that added!"

@John, here is the output;
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = localhost
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf
virtual_gid_maps = static:505
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf
virtual_uid_maps = static:505

So is there anything obvious that I have incorrect?  I thought maybe the
mynetworks, but I believe that is for mail relaying.  I am under some time
issues which is why I am posting this which others may seem a basic how-to,
but I am reading in parallel, testing, etc. so I do apologize for maybe a
basic question.

But thanks.

On Mon, Mar 21, 2011 at 9:30 AM, Reindl Harald wrote:

> what do you expect if postfix is configured to listen
> only on loopback device?
>
> tcp 0 0 127.0.0.1:25 0.0.0.0:*  LISTEN  2080/master
>
>

Re: public NIC not answering - connection refused

[Andreas]

Zitat von Matt Hayes :


On 3/21/2011 9:25 AM, lance raymond wrote:

I am close to having this production server in place and working,
running on CentOS 5 patch updated (thanks Steve).  I have mysql working
nicely with dovecot, and can send mail using both squirrelmail and
roundcube but all outsite mail in is refused.  An outside port scan
shows 25 as closed, and a netstat internal shows;

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address   Foreign
Address State   PID/Program name
tcp0  0 0.0.0.0:3306 
0.0.0.0:*   LISTEN  18627/mysqld
tcp0  0 127.0.0.1:25 
0.0.0.0:*   LISTEN  2080/master


Your bind-address is 127.0.0.1 aka. "localhost". Have a look in  
main.cf for the setting inet_interfaces, it should be "all" not  
"localhost".


Regards

Andreas

Re: public NIC not answering - connection refused

[Matt Hayes]

On 3/21/2011 9:41 AM, lance raymond wrote:
> @John - thanks.  Will post that output below.
> @Matt - SElinux disabled, iptables stopped, so I don't think that is the
> case.
> 
> Original post did have;
> "intet_interfaces = all which is the only thing I have found so far. " 
> so I am not sure if something was omitted, or incorrect.
> 
> @John, here is the output;
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> home_mailbox = Maildir/
> html_directory = no
> inet_interfaces = localhost
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> mydestination = $myhostname, localhost.$mydomain, localhost
> mynetworks = 127.0.0.0/8 
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
> sample_directory = /usr/share/doc/postfix-2.3.3/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_type = dovecot
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf
> 
> virtual_gid_maps = static:505
> virtual_mailbox_base = /home/vmail
> virtual_mailbox_domains = mysql:/etc/postfix/mysql-domains.cf
> 
> virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf
> 
> virtual_uid_maps = static:505
> 
> So is there anything obvious that I have incorrect?  I thought maybe the
> mynetworks, but I believe that is for mail relaying.  I am under some
> time issues which is why I am posting this which others may seem a basic
> how-to, but I am reading in parallel, testing, etc. so I do apologize
> for maybe a basic question.
> 
> But thanks.
> 
> @John - thanks.  Will post that output below.
> @Matt - SElinux disabled, iptables stopped, so I don't think that is the
> case.
> @Reindi - What do I expect?  Help from the user forum.  I did post in
> the original post;
> "intet_interfaces = all which is the only thing I have found so far. "
> so if you noticed that was incorrect or you need to explicitly say what
> interfaces, I would have thought something like "to make it listen on
> other ports, make sure you have this or that added!"
> 
> @John, here is the output;
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> home_mailbox = Maildir/
> html_directory = no
> inet_interfaces = localhost
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> mydestination = $myhostname, localhost.$mydomain, localhost
> mynetworks = 127.0.0.0/8 
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
> sample_directory = /usr/share/doc/postfix-2.3.3/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_type = dovecot
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf
> 
> virtual_gid_maps = static:505
> virtual_mailbox_base = /home/vmail
> virtual_mailbox_domains = mysql:/etc/postfix/mysql-domains.cf
> 
> virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf
> 
> virtual_uid_maps = static:505
> 
> So is there anything obvious that I have incorrect?  I thought maybe the
> mynetworks, but I believe that is for mail relaying.  I am under some
> time issues which is why I am posting this which others may seem a basic
> how-to, but I am reading in parallel, testing, etc. so I do apologize
> for maybe a basic question.
> 
> But thanks.
> 
> On Mon, Mar 21, 2011 at 9:30 AM, Reindl Harald  > wrote:
> 
> what do you expect if postfix is configured to listen
> only on loopback device?
> 
> tcp 0 0 127.0.0.1:25  0.0.0.0:*  LISTEN
>  2080/master
> 
> 
> 


Yeah the others are correct.. you have inet_interfaces set to
localhost.. Change that to all then stop and start postfix.. should fix
your issue.

-Matt

Re: public NIC not answering - connection refused

[邓卫华]

  

can you post your ip information of interface? 

please run
"ipconfig -a" 

On Mon, 21 Mar 2011 09:41:16 -0400, lance raymond wrote:


> @John - thanks. Will post that output below.
> @Matt - SElinux
disabled, iptables stopped, so I don't think that is the case.
> 
>
Original post did have;
> " intet_interfaces = all which is the only
thing I have found so far. " so I am not sure if something was omitted,
or incorrect.
> 
> @John, here is the output;
> alias_database =
hash:/etc/aliases
> alias_maps = hash:/etc/aliases
>
broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
>
config_directory = /etc/postfix
> daemon_directory =
/usr/libexec/postfix
> debug_peer_level = 2
> home_mailbox = Maildir/
>
html_directory = no
> inet_interfaces = localhost
> mail_owner =
postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory =
/usr/share/man
> mydestination = $myhostname, localhost.$mydomain,
localhost
> mynetworks = 127.0.0.0/8 [2]
> newaliases_path =
/usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
>
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
>
sample_directory = /usr/share/doc/postfix-2.3.3/samples
> sendmail_path
= /usr/sbin/sendmail.postfix
> setgid_group = postdrop
>
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
>
smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
>
smtpd_sasl_type = dovecot
> unknown_local_recipient_reject_code = 550
>
virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf [3]
>
virtual_gid_maps = static:505
> virtual_mailbox_base = /home/vmail
>
virtual_mailbox_domains = mysql:/etc/postfix/mysql-domains.cf [4]
>
virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf [5]
>
virtual_uid_maps = static:505
> 
> So is there anything obvious that I
have incorrect? I thought maybe the mynetworks, but I believe that is
for mail relaying. I am under some time issues which is why I am posting
this which others may seem a basic how-to, but I am reading in parallel,
testing, etc. so I do apologize for maybe a basic question.
> 
> But
thanks. 
> 
> @John - thanks. Will post that output below.
> @Matt -
SElinux disabled, iptables stopped, so I don't think that is the case.
>
@Reindi - What do I expect? Help from the user forum. I did post in the
original post;
> " intet_interfaces = all which is the only thing I have
found so far. " so if you noticed that was incorrect or you need to
explicitly say what interfaces, I would have thought something like "to
make it listen on other ports, make sure you have this or that added!"
>

> @John, here is the output;
> alias_database = hash:/etc/aliases
>
alias_maps = hash:/etc/aliases
> broken_sasl_auth_clients = yes
>
command_directory = /usr/sbin
> config_directory = /etc/postfix
>
daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
>
home_mailbox = Maildir/
> html_directory = no
> inet_interfaces =
localhost
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
>
manpage_directory = /usr/share/man
> mydestination = $myhostname,
localhost.$mydomain, localhost
> mynetworks = 127.0.0.0/8 [6]
>
newaliases_path = /usr/bin/newaliases.postfix
> queue_directory =
/var/spool/postfix
> readme_directory =
/usr/share/doc/postfix-2.3.3/README_FILES
> sample_directory =
/usr/share/doc/postfix-2.3.3/samples
> sendmail_path =
/usr/sbin/sendmail.postfix
> setgid_group = postdrop
>
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
>
smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
>
smtpd_sasl_type = dovecot
> unknown_local_recipient_reject_code = 550
>
virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf [7]
>
virtual_gid_maps = static:505
> virtual_mailbox_base = /home/vmail
>
virtual_mailbox_domains = mysql:/etc/postfix/mysql-domains.cf [8]
>
virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf [9]
>
virtual_uid_maps = static:505
> 
> So is there anything obvious that I
have incorrect? I thought maybe the mynetworks, but I believe that is
for mail relaying. I am under some time issues which is why I am posting
this which others may seem a basic how-to, but I am reading in parallel,
testing, etc. so I do apologize for maybe a basic question.
> 
> But
thanks.
> 
> On Mon, Mar 21, 2011 at 9:30 AM, Reindl Harald wrote:
> 
>>
what do you expect if postfix is configured to listen
>> only on
loopback device?
>> 
>> tcp 0 0 127.0.0.1:25 [1] 0.0.0.0:* LISTEN
2080/master

-- 
Best Cheer (XiaMen) Stone Works CO.,LTP.
Phone:
0592-7221600
  

Links:
--
[1] http://127.0.0.1:25
[2]
http://127.0.0.0/8
[3] http://mysql-aliases.cf/
[4]
http://mysql-domains.cf/
[5] http://mysql-users.cf/
[6]
http://127.0.0.0/8
[7] http://mysql-aliases.cf
[8]
http://mysql-domains.cf
[9] http://mysql-users.cf
[10]
mailto:h.rei...@thelounge.net

Re: public NIC not answering - connection refused

[lance raymond]

*sigh* hate the obvious.   But doing a grep inet_inerfaces on the
main.cffile, there was my all, then a bit lower, a inet_interfaces =
localhost so
it was getting overwritten.

A restart, outside telnet connect worked fine.

Man, I do apologize to the group for starting off with such a noob mistake,
but glad to be part of a nice active group.  Looking forward to better and
more intelligent questions promise!

~ Lr

On Mon, Mar 21, 2011 at 9:49 AM, John Peach  wrote:

> On Mon, 21 Mar 2011 09:41:16 -0400
> lance raymond  wrote:
>
> > @John - thanks.  Will post that output below.
> > @Matt - SElinux disabled, iptables stopped, so I don't think that is
> > the case.
> >
> > Original post did have;
> > " intet_interfaces = all which is the only thing I have found so far.
>
> that should be inet-interfaces = all
>
> > "  so I am not sure if something was omitted, or incorrect.
> [snip]
>
> --
> John
>

Re: public NIC not answering - connection refused

[Charles Marcus]

On 2011-03-21 9:53 AM, lance raymond wrote:
> *sigh* hate the obvious.   But doing a grep inet_inerfaces on the
> main.cf  file, there was my all, then a bit lower, a
> inet_interfaces = localhost so it was getting overwritten.

This is why you don't grep the main.cf, you always go by (feel free to
grep it if you like) the output of postconf -n...

-- 

Best regards,

Charles

Re: public NIC not answering - connection refused

[邓卫华]

  

yes,agree with matt 

inet_interfaces = localhost 

On Mon, 21 Mar
2011 09:45:29 -0400, Matt Hayes wrote: 

> On 3/21/2011 9:41 AM, lance
raymond wrote:
>> @John - thanks. Will post that output below. @Matt -
SElinux disabled, iptables stopped, so I don't think that is the case.
Original post did have; "intet_interfaces = all which is the only thing
I have found so far. " so I am not sure if something was omitted, or
incorrect. @John, here is the output; alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes
command_directory = /usr/sbin config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix debug_peer_level = 2
home_mailbox = Maildir/ html_directory = no inet_interfaces = localhost
mail_owner = postfix mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man mydestination = $myhostname,
localhost.$mydomain, localhost mynetworks = 127.0.0.0/8 newaliases_path
= /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path =
/usr/sbin/sendmail.postfix setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf
virtual_gid_maps = static:505 virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf
virtual_uid_maps = static:505 So is there anything obvious that I have
incorrect? I thought maybe the mynetworks, but I believe that is for
mail relaying. I am under some time issues which is why I am posting
this which others may seem a basic how-to, but I am reading in parallel,
testing, etc. so I do apologize for maybe a basic question. But thanks.
@John - thanks. Will post that output below. @Matt - SElinux disabled,
iptables stopped, so I don't think that is the case. @Reindi - What do I
expect? Help from the user forum. I did post in the original post;
"intet_interfaces = all which is the only thing I have found so far. "
so if you noticed that was incorrect or you need to explicitly say what
interfaces, I would have thought something like "to make it listen on
other ports, make sure you have this or that added!" @John, here is the
output; alias_database = hash:/etc/aliases alias_maps =
hash:/etc/aliases broken_sasl_auth_clients = yes command_directory =
/usr/sbin config_directory = /etc/postfix daemon_directory =
/usr/libexec/postfix debug_peer_level = 2 home_mailbox = Maildir/
html_directory = no inet_interfaces = localhost mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost mynetworks =
127.0.0.0/8 newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix readme_directory =
/usr/share/doc/postfix-2.3.3/README_FILES sample_directory =
/usr/share/doc/postfix-2.3.3/samples sendmail_path =
/usr/sbin/sendmail.postfix setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf
virtual_gid_maps = static:505 virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf
virtual_uid_maps = static:505 So is there anything obvious that I have
incorrect? I thought maybe the mynetworks, but I believe that is for
mail relaying. I am under some time issues which is why I am posting
this which others may seem a basic how-to, but I am reading in parallel,
testing, etc. so I do apologize for maybe a basic question. But thanks.
On Mon, Mar 21, 2011 at 9:30 AM, Reindl Harald > wrote: what do you
expect if postfix is configured to listen only on loopback device? tcp 0
0 127.0.0.1:25 0.0.0.0:* LISTEN 2080/master
>> 
>> -- 
>> Best Cheer
(XiaMen) Stone Works CO.,LTP.
>> Phone: 0592-7221600
> Yeah the others
are correct.. you have inet_interfaces set to localhost.. Change that to
all then stop and start postfix.. should fix your issue. -Matt



Links:
--
[1] http://mysql-aliases.cf/
[2]
http://mysql-domains.cf/
[3] http://mysql-users.cf/
[4]
http://mysql-aliases.cf
[5] http://mysql-domains.cf
[6]
http://mysql-users.cf
[7] mailto:h.rei...@thelounge.net

"Redirecting" all, but two, domains.

[Jan Johansson]

I've been playing around with this for a bit, but I cannot find a 
smooth'n'easy way to do it...

Basically we have a server that is primarily a testing environment for a couple 
of web based applications.
These applications send mail. (Big surprise)
These applications have a config switch which definies "Live" or "test". If set 
to "test" it should not generate any confirmation mails to customers and such.

Well, a small bug meant that it DID send out a few dozen mails to "live 
customers", which was not really ideal.

So, now I wonder if it would be possible to set postfix up to handle mail to 
two specific domains in a "normal way" and if mails are sent to any other 
domains, they should be redirected to a specific address. (To let our devs know 
that "Hey, you broke something again".

So, what IS the smooth'n'easy way to do this?

Domain/User path vs. user@domain in mailroot

[lance raymond]

ok next question (a little more intelligent I would hope).  I am now looking
at my working mail and as some test mail comes in for some users, the path
is the following;

/home/vmail/u...@domain.com for each.  The problem is both it's not easy as
more and more users get running as well as roundcube is not working (more of
a config thing) I would think, but the old server that crashed had
/home/vmail/domain/username.

I am looking at the postconf -n (nice command) and the only thing I notice
from this to the old one that crashed and is now barely alive is under the
sasl section and not sure as reading a bit on this didn't shed light on it;
The original box shows;
*smtpd_sasl_local_domain = $mydomain*
the new one didn't have that entry at all.

So I do figure it's a postfix config as he is the mailserver delivery guy,
but the other thing is the original has the virtual_mailbox_domains =
hardcoded with the domains, the new one has virtual_mailbox_domains =
mysql:/etc/postfix/mysql-domains.cf which just queries them out (better).
So I probably gave 2 much non essential info, for something so simple, but
that's the qeustion.  How do you tell postfix to put the users mail in the
/home/vmail/domain/user folder, NOT /home/vmail/u...@domain.com folder.

Thanks again for the patience and understanding down this new road.

Re: long (non-repeating) queue ID support

[Wietse Venema]

Victor Duchovni:
> On Sun, Mar 20, 2011 at 03:57:45PM -0400, Wietse Venema wrote:
> 
> > Below is the manpage entry for long queue ID support. Let me know
> > if there's anything missing. 
> 
> With the first few characters of the new long queue-id encoding the
> epoch-seconds time and not the micro-seconds time, it seems to me that
> the current scheme for "hashing" the "deferred" and "defer" (and perhaps
> other) sub-queues needs adjustment.

That is a very good point. Rather than overhauling the name scheme
or using three different encodings for seconds, microseconds and
inode number, I made a tiny change in the hash_queue_names algorithm.

With long queue file names it now takes the (full time in seconds
+ three least significant characters from time in microseconds),
then uses the last characters for hashing, so that:

3Ptdbd0p9qz1PFjk becomes q/9/3Ptdbd0p9qz1PFjk

(here, 3Ptdbd = time in seconds, p9q = three LSB from microseconds).

This way we can have meaningful hashing over more than three levels,
with fewer files per directory because we have base 52 instead of
base 16.

I initially used the last characters from the whole file name (the
inode number portion) but I was concerned that some systems may
have unexpected structure in their inode numbers causing the hashing
to become uneven (perhaps when some file system uses fake inode
numbers that are really cookies of some kind). It also would not
look pretty with dedicated queue file systems where inode numbers
can be really small.

Wietse

Re: long (non-repeating) queue ID support

[Victor Duchovni]

On Mon, Mar 21, 2011 at 07:15:44AM -0400, Wietse Venema wrote:

> > So my proposed update for the long queue id is:
> > 
> > - 4 octets of base 32 encoded tv_usec
> > - 6+ octets of base 51 encoded tv_sec epoch time
> > - one non base 51 octet separator
> > - inode number in base 52.
> 
> Better: use reverse microseconds + reverse seconds (i.e.  LSB
> first, base 52 encoded).  Then we can have 52 possible values per
> character for queue hashing.  With two levels of hashing we get
> 10x fewer files per directory compared to old queue file names.

I am not sure that reversing the "us" value is better. With the "us" in
big-endian format, the output directory is "locally constant" in time,
so when a burst of mail arrives it is not overly scattered in multiple
directories, while overall, the deferred queue is still split evenly.

Also, with a little-endian base 52 queue-id, and hash depth of "2",
we have 2704 directories to search, while big-endian 32 x 32 takes us
to 977 directories as compared to 245 directories for big-endian base 16.

> We'll also need some postcat command option to decode such
> information for forensic/trouble shooting purposes.

That may be useful.

-- 
Viktor.

Re: "Redirecting" all, but two, domains.

[Victor Duchovni]

On Mon, Mar 21, 2011 at 03:04:15PM +, Jan Johansson wrote:

> I've been playing around with this for a bit, but I cannot find a 
> smooth'n'easy way to do it...
> 
> Basically we have a server that is primarily a testing environment for a 
> couple of web based applications.
> These applications send mail. (Big surprise)
> These applications have a config switch which definies "Live" or "test". If 
> set to "test" it should not generate any confirmation mails to customers and 
> such.
> 
> Well, a small bug meant that it DID send out a few dozen mails to "live 
> customers", which was not really ideal.
> 
> So, now I wonder if it would be possible to set postfix up to handle mail to 
> two specific domains in a "normal way" and if mails are sent to any other 
> domains, they should be redirected to a specific address. (To let our devs 
> know that "Hey, you broke something again".
> 

main.cf:
relay_domains = example.com
relay_transport = relay:[mail.example.com]
default_transport = smtp:[127.0.0.1]:10035
smtpd_restriction_classes = redirect_all

retable = pcre:${config_directory}/
redirect_all = check_client_access ${retable}redirect_all.re

redirect_all.re:
/^/ REDIRECT b...@example.com

master.cf
127.0.0.1:10035 inet n  -   n   -   -   smtpd
-o smtpd_data_restrictions=redirect_all

-- 
Viktor.

Re: long (non-repeating) queue ID support

[Wietse Venema]

Victor Duchovni:
> On Mon, Mar 21, 2011 at 07:15:44AM -0400, Wietse Venema wrote:
> 
> > > So my proposed update for the long queue id is:
> > > 
> > > - 4 octets of base 32 encoded tv_usec
> > > - 6+ octets of base 51 encoded tv_sec epoch time
> > > - one non base 51 octet separator
> > > - inode number in base 52.
> > 
> > Better: use reverse microseconds + reverse seconds (i.e.  LSB
> > first, base 52 encoded).  Then we can have 52 possible values per
> > character for queue hashing.  With two levels of hashing we get
> > 10x fewer files per directory compared to old queue file names.
> 
> I am not sure that reversing the "us" value is better. With the "us" in
> big-endian format, the output directory is "locally constant" in time,
> so when a burst of mail arrives it is not overly scattered in multiple
> directories, while overall, the deferred queue is still split evenly.

I thought of that. This is not a problem with today's default
configuration where the high-traffic queues (i.e. incoming, active)
are not hashed.

Do you expect that there will be configurations that do hash their
high-traffic queues?

> Also, with a little-endian base 52 queue-id, and hash depth of "2",
> we have 2704 directories to search, while big-endian 32 x 32 takes us
> to 977 directories as compared to 245 directories for big-endian base 16.

Base 52 requires fewer levels of hashing than smaller bases, and
52 with depth 3 or more seems to make little sense. So that is a
limitation in usability.

I could just forget about lexicographical hashing and simply hash
the hexadecimal representation of the microseconds (extracted from
the queue file name and converted from base 52).  With this there
would be no change in file distribution compared to Postfix 2.8.

Wietse

Re: long (non-repeating) queue ID support

[Victor Duchovni]

On Mon, Mar 21, 2011 at 01:29:15PM -0400, Wietse Venema wrote:

> I thought of that. This is not a problem with today's default
> configuration where the high-traffic queues (i.e. incoming, active)
> are not hashed.
> 
> Do you expect that there will be configurations that do hash their
> high-traffic queues?

Scattering of queue files in the active queue is largely cost-less,
it is rarely walked. The queue manager knows where all the files are.
Essentially all "active" queue access is "random access". The active
queue should perhaps be hashed by default, this costs little and
can help with large active queues.

For the incoming queue, the queue-manager "walks" the queue pulling in
the first file found (modulo a few incomplete files) and after re-start
some files time-stamped into the future. So the queue manager is better
off with an unhashed incoming queue, which also improves fairness, with
traditional sequential directories. Of course cleanup adding files to
a long incoming queue may be slowed down, this is perhaps not entirely a
bad thing.

When directories are btrees, files sort by name, and the "locally
constant" hash directory + lexically monotone increasing queue ids lead
to better "fairness" if "incoming" is hashed, but perhaps hashing of
"incoming" should be discouraged. If so, perhaps we don't need to optimize
for "locally constant" sub-directories.

> > Also, with a little-endian base 52 queue-id, and hash depth of "2",
> > we have 2704 directories to search, while big-endian 32 x 32 takes us
> > to 977 directories as compared to 245 directories for big-endian base 16.
> 
> Base 52 requires fewer levels of hashing than smaller bases, and
> 52 with depth 3 or more seems to make little sense. So that is a
> limitation in usability.
> 
> I could just forget about lexicographical hashing and simply hash
> the hexadecimal representation of the microseconds (extracted from
> the queue file name and converted from base 52).  With this there
> would be no change in file distribution compared to Postfix 2.8.

This is an interesting idea, also, no new sub-directories in existing
queues. Is it worth the effort though? The code gets complex when there
is a mixture of 2.8 and 2.9 style files in the queue.

-- 
Viktor.

Re: long (non-repeating) queue ID support

[Wietse Venema]

Victor Duchovni:
> > > Also, with a little-endian base 52 queue-id, and hash depth of "2",
> > > we have 2704 directories to search, while big-endian 32 x 32 takes us
> > > to 977 directories as compared to 245 directories for big-endian base 16.
> > 
> > Base 52 requires fewer levels of hashing than smaller bases, and
> > 52 with depth 3 or more seems to make little sense. So that is a
> > limitation in usability.
> > 
> > I could just forget about lexicographical hashing and simply hash
> > the hexadecimal representation of the microseconds (extracted from
> > the queue file name and converted from base 52).  With this there
> > would be no change in file distribution compared to Postfix 2.8.
> 
> This is an interesting idea, also, no new sub-directories in existing
> queues. Is it worth the effort though? The code gets complex when there
> is a mixture of 2.8 and 2.9 style files in the queue.

It's really trivial code, given that most of the work was already
encapsulated in macros. We're dealing with trivially short strings,
so CPU performance is not a concern either.

I prefer the compactness of base52, but I don't like its behavior
with lexical queue hashing. I'm checking the code as discussed
above.

Looks like it will be more text explaining things in the docs than
actual code.

Wietse

Re: Domain/User path vs. user@domain in mailroot

[Jeroen Geilman]

On 03/21/2011 04:11 PM, lance raymond wrote:
ok next question (a little more intelligent I would hope).  I am now 
looking at my working mail and as some test mail comes in for some 
users, the path is the following;


/home/vmail/u...@domain.com  for each.  The 
problem is both it's not easy as more and more users get running as 
well as roundcube is not working (more of a config thing) I would 
think, but the old server that crashed had /home/vmail/domain/username.


I am looking at the postconf -n (nice command) and the only thing I 
notice from this to the old one that crashed and is now barely alive 
is under the sasl section and not sure as reading a bit on this didn't 
shed light on it;

The original box shows;
/smtpd_sasl_local_domain = $mydomain/
the new one didn't have that entry at all.

So I do figure it's a postfix config as he is the mailserver delivery 
guy, but the other thing is the original has the 
virtual_mailbox_domains = hardcoded with the domains, the new one has 
virtual_mailbox_domains = mysql:/etc/postfix/mysql-domains.cf 
 which just queries them out (better).  So I 
probably gave 2 much non essential info, for something so simple, but 
that's the qeustion.  How do you tell postfix to put the users mail in 
the /home/vmail/domain/user folder, NOT /home/vmail/u...@domain.com 
 folder.


Virtual mailbox locations are controlled by - surprise - the 
virtual_mailbox_maps parameter.
Each result is appended to virtual_mailbox_base, if defined, to yield a 
filename or directory location.



--
J.

Postfix 2.8.2 stable release available

[Wietse Venema]

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.8.2.html]

Postfix stable release 2.8.2 is available. This release has minor
fixes that are already in the experimental (2.9) release.

- Bugfix: postscreen DNSBL scoring error.  When a client disconnected
  and then reconnected before all DNSBL results for the earlier
  session arrived, DNSBL results for the earlier session would be
  added to the score for the later session. This is very unlikely
  to have affected any legitimate mail.

- Workaround: the SMTP client did not support mail to [ipv6:ipv6addr].

- Portability: FreeBSD closefrom() was back-ported to FreeBSD 7,
  breaking FreeBSD 7.x support retroactively.

- Portability: the SUN compiler had trouble with a pointer expression
  of the form ``("text1" "text2") + constant'' so we don't try to
  be so clever.

You can find Postfix version 2.8.2 at the mirrors listed at
http://www.postfix.org/

Wietse

Re: Postfix 2.8.2 stable release available

[Dennis Clarke]

> [An on-line version of this announcement will be available at
> http://www.postfix.org/announcements/postfix-2.8.2.html]
>
> Postfix stable release 2.8.2 is available. This release has minor
> fixes that are already in the experimental (2.9) release.
>
> - Bugfix: postscreen DNSBL scoring error.  When a client disconnected
>   and then reconnected before all DNSBL results for the earlier
>   session arrived, DNSBL results for the earlier session would be
>   added to the score for the later session. This is very unlikely
>   to have affected any legitimate mail.
>
> - Workaround: the SMTP client did not support mail to [ipv6:ipv6addr].
>
> - Portability: FreeBSD closefrom() was back-ported to FreeBSD 7,
>   breaking FreeBSD 7.x support retroactively.
>
> - Portability: the SUN compiler had trouble with a pointer expression
>   of the form ``("text1" "text2") + constant'' so we don't try to
>   be so clever.

Thank you for that last bit. I'll let you know what I get for a result.


-- 
Dennis Clarke
dcla...@opensolaris.ca  <- Email related to the open source Solaris
dcla...@blastwave.org   <- Email related to open source for Solaris

Re: Postfix 2.8.1 for Solaris

[İhsan Doğan]

Hello Victor & Wietse,

Am 07.03.2011 19:48, schrieb Victor Duchovni:

Thanks for reviewing my package.

>> You must:
>>
>> - Execute "postfix upgrade-configuration" after installing postfix.
>>
>> - Respect pathname and mail_owner etc. settings in existing main.cf files.
> 
> This is done:
> 
> \$BASEDIR/usr/sbin/chroot \$BASEDIR /usr/sbin/postfix set-permissions 
> upgrade-configuration \
>  setgid_group=$setgid_group mail_owner=$mail_owner

Respecting the mail_owner with a package is difficult. Directories in
/var/spool/postfix are deployed with the package and the the package
manager would complain during an upgrade, if the owner or permission
have changed.

> Largely the package looks good, the only nit I found is that all files
> in /etc/postfix are considered site-specific volatile, which is mostly
> harmless for now, but the assumption is unwarranted.

What would be the recommended way to deal with the configuration files
located in /etc/postfix?



Ihsan

-- 
ih...@dogan.chhttp://blog.dogan.ch/

Re: long (non-repeating) queue ID support

[Wietse Venema]

Wietse Venema:
> > > I could just forget about lexicographical hashing and simply hash
> > > the hexadecimal representation of the microseconds (extracted from
> > > the queue file name and converted from base 52).  With this there
> > > would be no change in file distribution compared to Postfix 2.8.
> > 
> > This is an interesting idea, also, no new sub-directories in existing
> > queues. Is it worth the effort though? The code gets complex when there
> > is a mixture of 2.8 and 2.9 style files in the queue.
> 
> It's really trivial code, given that most of the work was already
> encapsulated in macros. We're dealing with trivially short strings,
> so CPU performance is not a concern either.

Implemented as postfix-20110321. The code change is only a few
lines, less than the documentation change.

Wietse

20110321

Performance: with long queue file names, queue hashing now
produces the same result as with short names. Postfix uses
the hexadecimal representation of the file creation time
in microseconds, instead of the beginning of the file name
which changes once every year or so, a problem that was
reported by Victor Duchovni. The base 16 encoding gives
finer control over the number of directories than possible
with base 52 encoding.  Files: global/mail_queue.[hc]. This
change requires "postfix reload".

Re: Domain/User path vs. user@domain in mailroot

[lance raymond]

I just love surprises  :)   But back to the question, sorry I didn't put the
full conf report, but both the old and new do have the virtual_mailbox_maps,
but the problem is there are multiple domains, and on the old the path is as
I said;
/home/vmail/domain1/user.  Using me as the example, the old would be;

/home/vmail/domain1/lance/Maildir/ (new/cur/ ...)
/home/vmail/domain2/lance/Maildir/ (new/cur/ ...)

with the new server it's simply;
/home/vmail/lance@domain1/Maildir/lance@domain1/Maildir (new/cur)

I hope that makes it a bit more clearer, but looking at the old conf and
seeing how it uses a mysql query, the old server has similar queries (table
names are diff now), but did notice a slight difference, notice the 2;

*old.*
user = root
password = pass
dbname = mail
table = users
select_field =
CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
where_field = email
*
new.*
hosts = localhost
user = postfix
password = pass
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = and active = '1'
result_format = %sMaildir/

No harm in trying so I am going to play a bit with the new and see what I
find, but if things don't work ... be prepared for more surprises!   Tnx
again 

On Mon, Mar 21, 2011 at 4:15 PM, Jeroen Geilman  wrote:

>  On 03/21/2011 04:11 PM, lance raymond wrote:
>
> ok next question (a little more intelligent I would hope).  I am now
> looking at my working mail and as some test mail comes in for some users,
> the path is the following;
>
> /home/vmail/u...@domain.com for each.  The problem is both it's not easy
> as more and more users get running as well as roundcube is not working (more
> of a config thing) I would think, but the old server that crashed had
> /home/vmail/domain/username.
>
> I am looking at the postconf -n (nice command) and the only thing I notice
> from this to the old one that crashed and is now barely alive is under the
> sasl section and not sure as reading a bit on this didn't shed light on it;
> The original box shows;
> *smtpd_sasl_local_domain = $mydomain*
> the new one didn't have that entry at all.
>
> So I do figure it's a postfix config as he is the mailserver delivery guy,
> but the other thing is the original has the virtual_mailbox_domains =
> hardcoded with the domains, the new one has virtual_mailbox_domains =
> mysql:/etc/postfix/mysql-domains.cf which just queries them out (better).
> So I probably gave 2 much non essential info, for something so simple, but
> that's the qeustion.  How do you tell postfix to put the users mail in the
> /home/vmail/domain/user folder, NOT /home/vmail/u...@domain.com folder.
>
>
> Virtual mailbox locations are controlled by - surprise - the
> virtual_mailbox_maps parameter.
> Each result is appended to virtual_mailbox_base, if defined, to yield a
> filename or directory location.
>
>
> --
> J.
>
>

Re: Domain/User path vs. user@domain in mailroot

[lance raymond]

*sigh* nevermind, after having some coffee and waking my lazy a.. up I
realized that it was querying out path from the DB not dynamically!  I used
postfix.admin so going to see if it was something in the setup that did it,
but there is only a few users so far, so I will make the changes via mysql
command line.

Better than a surprise, just a dumba.. behind the keyboard 2nt~

Thanks again...

On Mon, Mar 21, 2011 at 9:40 PM, lance raymond wrote:

> I just love surprises  :)   But back to the question, sorry I didn't put
> the full conf report, but both the old and new do have the
> virtual_mailbox_maps, but the problem is there are multiple domains, and on
> the old the path is as I said;
> /home/vmail/domain1/user.  Using me as the example, the old would be;
>
> /home/vmail/domain1/lance/Maildir/ (new/cur/ ...)
> /home/vmail/domain2/lance/Maildir/ (new/cur/ ...)
>
> with the new server it's simply;
> /home/vmail/lance@domain1/Maildir/lance@domain1/Maildir (new/cur)
>
> I hope that makes it a bit more clearer, but looking at the old conf and
> seeing how it uses a mysql query, the old server has similar queries (table
> names are diff now), but did notice a slight difference, notice the 2;
>
> *old.*
> user = root
> password = pass
> dbname = mail
> table = users
> select_field =
> CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
> where_field = email
> *
> new.*
> hosts = localhost
> user = postfix
> password = pass
> dbname = postfix
> table = mailbox
> select_field = maildir
> where_field = username
> additional_conditions = and active = '1'
> result_format = %sMaildir/
>
> No harm in trying so I am going to play a bit with the new and see what I
> find, but if things don't work ... be prepared for more surprises!   Tnx
> again 
>
> On Mon, Mar 21, 2011 at 4:15 PM, Jeroen Geilman  wrote:
>
>>  On 03/21/2011 04:11 PM, lance raymond wrote:
>>
>> ok next question (a little more intelligent I would hope).  I am now
>> looking at my working mail and as some test mail comes in for some users,
>> the path is the following;
>>
>> /home/vmail/u...@domain.com for each.  The problem is both it's not easy
>> as more and more users get running as well as roundcube is not working (more
>> of a config thing) I would think, but the old server that crashed had
>> /home/vmail/domain/username.
>>
>> I am looking at the postconf -n (nice command) and the only thing I notice
>> from this to the old one that crashed and is now barely alive is under the
>> sasl section and not sure as reading a bit on this didn't shed light on it;
>> The original box shows;
>> *smtpd_sasl_local_domain = $mydomain*
>> the new one didn't have that entry at all.
>>
>> So I do figure it's a postfix config as he is the mailserver delivery guy,
>> but the other thing is the original has the virtual_mailbox_domains =
>> hardcoded with the domains, the new one has virtual_mailbox_domains =
>> mysql:/etc/postfix/mysql-domains.cf which just queries them out
>> (better).  So I probably gave 2 much non essential info, for something so
>> simple, but that's the qeustion.  How do you tell postfix to put the users
>> mail in the /home/vmail/domain/user folder, NOT /home/vmail/
>> u...@domain.com folder.
>>
>>
>> Virtual mailbox locations are controlled by - surprise - the
>> virtual_mailbox_maps parameter.
>> Each result is appended to virtual_mailbox_base, if defined, to yield a
>> filename or directory location.
>>
>>
>> --
>> J.
>>
>>
>

attachments being logged

[brian]

I'm occasionally seeing file attachments being logged, like so:

postfix/smtpd[14027]: read from B8F5EDA8 [B8F5F9BD] (1420 bytes => -1 
(0x))
postfix/smtpd[14027]: read from B8F5EDA8 [B8F5F9BD] (1420 bytes => 1420 
(0x58C))
postfix/smtpd[14027]:  33 13 c9 09 3f ef 6f 99|0b a8 67 8c 6c 05 de 
9d  3...?.o. ..g.l...

etc.

In master.cf, I have:

smtp  inet  n   -   -   -   -   smtpd
-o content_filter=spamassassin

...

spamassassin unix - n   n   -   -   pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}

So, I think it may be spamassassin that's responsible. Or could it be 
something I've done wrong in master.cf? I don't want/need to see these 
filling up the logs.

Getting abused by backscatter spam

[Simon]

Hi There,

We are using postfix on debian lenny. Everything is mysql backed and
we are using amavisd-new (spamassassin with daily updates from
saupdates.openprotect.com and updates.spamassassin.org & clam-av),
postfix-policy greylisting and postfix-policyd-spf-python. All updates
applied.

But we are still getting hammered by backscatter spam (like the below)
and are hoping to get the lists input with where to head in terms of
getting this sorted... it seems like everything we look at just does
not quite suit our setup.

Many thanks in advance

Simon

Received: from psmtp.com ([64.18.3.158]) by mosesafonso.com with Microsoft
 SMTPSVC(6.0.3790.3959); Sun, 20 Mar 2011 14:18:35 -0400
Received: from source ([93.85.177.92]) by exprod8mx291.postini.com
([64.18.7.13]) with SMTP;
Sun, 20 Mar 2011 14:18:34 EDT
Received: from  93.85.177.92 (account 0-0-0-0-cbouys...@microapp.com
HELO syccjjv.pqhsfgogqp.com)
by  (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 932104756 for sbow...@mosesafonso.com; Sun, 20 Mar
2011 20:18:34 +0200
To: 
Subject: Re: CV
From: 
MIME-Version: 1.0
Importance: High
Content-Type: text/html
X-pstn-neptune: 1/1/1.00/86
X-pstn-levels: (S: 0.00445/92.75607 CV:99.9000 FC:95.5390 LC:95.5390
R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
Message-ID: <2322245927972554085239078162...@psmtp.com>
Return-Path: {user}@{clientdomain}.com
X-OriginalArrivalTime: 20 Mar 2011 18:18:35.0168 (UTC)
FILETIME=[39EDB200:01CBE72B]
Date: Sun, 20 Mar 2011 14:18:35 -0400

Our setup:

We have 2 x inbound mail servers (mail-in1 & mail-in2, which are
identical in setup and do simple load balancing) that do the above,
once filtered the mail is sent to a dbmail cluster. Out clients are
all over the place, connecting via the internet to our dbmail service
(e.g. not a lan). We then have two separate outgoing mail servers,
mail-out1 and mail-out2. mail-out1 is used by our client base who
connect with authenticated SMTP, mail-out2 backs up our other servers
(such as web servers etc) to allow them to send email.

# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
inet_interfaces = all
mailbox_size_limit = 0
maximal_backoff_time = 2000
message_size_limit = 52428800
mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
minimal_backoff_time = 500
mydestination = mysql:/etc/postfix/mysql-transport.cf
myhostname = mail-in1.{ourdomain}.net
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
queue_run_delay = 500
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_rbl_client zen.spamhaus.org,
check_client_access pcre:/etc/postfix/fqrdns.pcre,
#check_sender_access hash:/etc/postfix/check_backscatterer,
check_policy_service unix:private/policyd-spf,
check_policy_service inet:127.0.0.1:10031,
permit
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = mysql:/etc/postfix/mysql-transport.cf
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf

SV: "Redirecting" all, but two, domains.

[Jan Johansson]

>main.cf:
>   relay_domains = example.com
>   relay_transport = relay:[mail.example.com]
>   default_transport = smtp:[127.0.0.1]:10035
>   smtpd_restriction_classes = redirect_all
>
>   retable = pcre:${config_directory}/
>   redirect_all = check_client_access ${retable}redirect_all.re
>
>redirect_all.re:
>   /^/ REDIRECT b...@example.com
>
>master.cf
>   127.0.0.1:10035 inet n  -   n   -   -   smtpd
>   -o smtpd_data_restrictions=redirect_all
>

I think I follow this... But what if the two relay domains were to have 
different MX'es?

Thank you.

Re: SV: "Redirecting" all, but two, domains.

[Victor Duchovni]

On Tue, Mar 22, 2011 at 04:48:03AM +, Jan Johansson wrote:

> >main.cf:
> > relay_domains = example.com
> > relay_transport = relay:[mail.example.com]
> > default_transport = smtp:[127.0.0.1]:10035
> > smtpd_restriction_classes = redirect_all
> >
> > retable = pcre:${config_directory}/
> > redirect_all = check_client_access ${retable}redirect_all.re
> >
> >redirect_all.re:
> > /^/ REDIRECT b...@example.com
> >
> >master.cf
> > 127.0.0.1:10035 inet n  -   n   -   -   smtpd
> > -o smtpd_data_restrictions=redirect_all
> >
> 
> I think I follow this... But what if the two relay domains were to have 
> different MX'es?

This is easy.

How does Postfix decide the nexthop for a given domain? What controls
do you have?

-- 
Viktor.