Re: Timing information for postmaster mails generated by notify_classes

[Wietse Venema]

Ralf Hildebrandt:
[ Charset UTF-8 unsupported, converting... ]
> Right now the postmaster mails generated by notify_classes do not
> contain any timing information (except for the date of the
> notification mail sent). If theses mails had timing information (see
> example below), timeout problems could be diagnosed much easier:
> 
> Mar 28 08:30:00  Out: 220 octree.de ESMTP Postfix
> Mar 28 08:30:00  In:  EHLO mailout07.t-online.de
> Mar 28 08:30:00  Out: 250-octree.de
> Mar 28 08:30:00  Out: 250-PIPELINING
> Mar 28 08:30:00  Out: 250-SIZE 10240
> Mar 28 08:30:00  Out: 250-VRFY
> Mar 28 08:30:00  Out: 250-ETRN
> Mar 28 08:30:00  Out: 250-AUTH PLAIN
> Mar 28 08:30:00  Out: 250-AUTH=PLAIN
> Mar 28 08:30:00  Out: 250-ENHANCEDSTATUSCODES
> Mar 28 08:30:00  Out: 250-8BITMIME
> Mar 28 08:30:00  Out: 250 DSN
> Mar 28 08:30:00  In:  MAIL FROM: SIZE=112002
> Mar 28 08:30:00  Out: 250 2.1.0 Ok
> Mar 28 08:30:00  In:  RCPT TO:
> Mar 28 08:30:00  Out: 250 2.1.5 Ok

This is logged with the client and queue ID:

MMM dd hh:mm:ss myname postfix/smtpd[xxx]: QUEUEID: client=yyy

> Mar 28 08:30:00  In:  DATA
> Mar 28 08:30:00  Out: 354 End data with .
> Mar 28 08:35:00  Out: 451 4.3.0 Error: queue file write error

This is logged (with the real problem description) in the maillog
file, where you will have to look anyway to find out what is amiss.

Wietse

> 
> -- 
> Ralf Hildebrandt
>   Gesch?ftsbereich IT | Abteilung Netzwerk
>   Charit? - Universit?tsmedizin Berlin
>   Campus Benjamin Franklin
>   Hindenburgdamm 30 | D-12203 Berlin
>   Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
>   ralf.hildebra...@charite.de | http://www.charite.de
>   
> 
> 

minor typo in Postfix's change log

[Lima Union]

Hi, while looking in the change log for some info about an issue I'm
having[1] I found a simple typo in the date specified as shown here:

20200102

Workaround: don't report bogus Berkeley DB close errors as
fatal errors. All operations before close are already error
checked, so the data is known to be safe.  File: util/dict_db.c.

Didn't know to how to report this in another way (without 'spamming' the ML).
Regards.

[1] postfix/verify[3209]: close database
/var/lib/postfix/verify_cache.db: No such file or directory

Re: postfix for dummies (me) probably a general error in config of smtp

[Charles Marcus]

On 2011-03-25 5:27 PM, Walt Shekrota wrote:
> smtpd_sasl_type = dovecot

dovecot's sasl implementation doesn't support CLIENT side SASL auth,
only server side.

If you need client side SASL AUTH capability, use Cyrus-SASL...

-- 

Best regards,

Charles

Re: postfix for dummies (me) probably a general error in config of smtp

[Reindl Harald]

Am 28.03.2011 18:01, schrieb Charles Marcus:
> On 2011-03-25 5:27 PM, Walt Shekrota wrote:
>> smtpd_sasl_type = dovecot
> 
> dovecot's sasl implementation doesn't support CLIENT side SASL auth,
> only server side.
> 
> If you need client side SASL AUTH capability, use Cyrus-SASL...

to specify exactly:

"smtpd_sasl_type": smtpd = receive mails, smtp = send mails
it is enough to install the following packages as example for fedora
and configure for which hosts which username/password has to be used
and postfix will do this, you do not need smptd_sasl for this

cyrus-sasl-plain-2.1.23-11.fc13.x86_64
cyrus-sasl-2.1.23-11.fc13.x86_64
cyrus-sasl-md5-2.1.23-11.fc13.x86_64
cyrus-sasl-ntlm-2.1.23-11.fc13.x86_64
cyrus-sasl-lib-2.1.23-11.fc13.x86_64

Below a configuration of an internal-relay-hosts which DOES NOT accept
SASL-Authentications (only connections from few ip's) and manage over
what hosts some messages has to be relayed and what auth the realyhost
need to send messages authenticated for domains with SPF for
which we provide services too and will not connect directly to the rcpt


smtp_sasl_auth_enable= yes
smtp_sasl_password_maps  = hash:/etc/postfix/smtp_relayhost_auth
smtp_sasl_security_options   = noanonymous
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps  = hash:/etc/postfix/sender_relayhost

[root@thx1138:~]$ cat /etc/postfix/smtp_relayhost_auth
# After changes: "postmap /etc/postfix/smtp_relayhost_auth"
mai...@domain.tld username:password

[root@thx1138:~]$ cat /etc/postfix/sender_relayhost
# After changes: "postmap /etc/postfix/sender_relayhost"
mai...@domain.tld [relayhost.domain.tld]




signature.asc
Description: OpenPGP digital signature

Re: postfix for dummies (me) probably a general error in config of smtp

[Victor Duchovni]

On Mon, Mar 28, 2011 at 12:01:18PM -0400, Charles Marcus wrote:

> On 2011-03-25 5:27 PM, Walt Shekrota wrote:
> > smtpd_sasl_type = dovecot
> 
> dovecot's sasl implementation doesn't support CLIENT side SASL auth,
> only server side.
> 
> If you need client side SASL AUTH capability, use Cyrus-SASL...

The NetBSD (current) Postfix now has an alternative (not Cyrus)
client-side SASL implementation: "saslc".

$ uname -sr 
NetBSD 5.99.48
$ /usr/sbin/postconf -a
dovecot
$ /usr/sbin/postconf -A
saslc

$ ldd /usr/libexec/postfix/smtp
/usr/libexec/postfix/smtp:
-lssl.8 => /usr/lib/libssl.so.8
-lcrypto.6 => /usr/lib/libcrypto.so.6
-lcrypt.1 => /lib/libcrypt.so.1
-lc.12 => /usr/lib/libc.so.12
-lsaslc.0 => /usr/lib/libsaslc.so.0
-lgssapi.9 => /usr/lib/libgssapi.so.9
-lkrb5.24 => /usr/lib/libkrb5.so.24
-lhx509.4 => /usr/lib/libhx509.so.4
-lasn1.8 => /usr/lib/libasn1.so.8
-lcom_err.6 => /usr/lib/libcom_err.so.6
-lroken.14 => /usr/lib/libroken.so.14
-lutil.7 => /usr/lib/libutil.so.7
-lheimntlm.3 => /usr/lib/libheimntlm.so.3
-lldap.4 => /usr/lib/libldap.so.4
-llber.3 => /usr/lib/liblber.so.3

-- 
Viktor.

Re: postfix for dummies (me) probably a general error in config of smtp

[Charles Marcus]

On 2011-03-28 12:12 PM, Reindl Harald wrote:
> Am 28.03.2011 18:01, schrieb Charles Marcus:
>> On 2011-03-25 5:27 PM, Walt Shekrota wrote:
>>> smtpd_sasl_type = dovecot

>> dovecot's sasl implementation doesn't support CLIENT side SASL auth,
>> only server side.
>> If you need client side SASL AUTH capability, use Cyrus-SASL...

> to specify exactly:
> 
> "smtpd_sasl_type": smtpd = receive mails, smtp = send mails

Interesting - I never even noticed you can specify a different type for
each, so I thought the one setting was for both... guess I should have
checked postconf -d output before posting...

But at least now I do know - thanks for pointing that out...

-- 

Best regards,

Charles

Re: postfix for dummies (me) probably a general error in config of smtp

[Reindl Harald]

Am 28.03.2011 18:30, schrieb Charles Marcus:

>> to specify exactly:
>>
>> "smtpd_sasl_type": smtpd = receive mails, smtp = send mails
> 
> Interesting - I never even noticed you can specify a different type for
> each, so I thought the one setting was for both... guess I should have
> checked postconf -d output before posting...
> 
> But at least now I do know - thanks for pointing that out...

no problem :-)

even after running a well designed mailsystem since 2009 where i thought
"this is perfect and can all do we ever want and need" i have learned
so many things the last few months, email is really a big terrain

-- 

Mit besten Grüßen, Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / software-development / cms-solutions
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/



signature.asc
Description: OpenPGP digital signature

RE: Making my own pipe..

[Simon Brereton]

> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of Jeroen Geilman
> Sent: Saturday, March 26, 2011 2:34 PM
> To: postfix-users@postfix.org
> Subject: Re: Making my own pipe..
> 
> On 03/25/2011 12:02 AM, Simon Brereton wrote:
> > Hi
> >
> > I'm still trying to get Postfix to use deliverquota to deliver the
> mails to my Maildirs.
> >
> > The only thing I could find on the net was a comment from Magnus
> http://www.irbs.net/internet/postfix/0412/1673.html that I had to
> make my own pipe.
> >
> > So this is my attempt:
> >
> > deliverquota  unix  -   n   n   -   -   pipe
> > flags=DRhu user=vmail argv=/usr/bin/deliverquota
> $domain/$recipient
> >
> > One concern - vmail is not a user on my system (and since I copied
> this from the maildrop pipe, I'm now wondering how mail is delivered
> at all.
> >
> 
> Not via maildrop, since the user does not exist.
> The first message postfix tries to deliver to the maildrop transport
> will crash it with a fatal error.
> 
> For basic information on how (local) mail is delivered, read
> http://www.postfix.org/OVERVIEW.html#delivering

I agree with your diagnosis :)  I'm just now confused as to what *is* 
delivering mail.  I'll try to figure that out.
 
> > My first question is, is $domain/$recipient the way to deliver a
> Maildir structure that is always domain.tld/user where user is the
> portion before the @ - this is the way I've understood man pipe, but
> I'd like to be sure.
> > Do I need it to be unpriv or not?
> >
> 
> The choice of mailstore is unrelated to any other postfix
> configuration options; it's just a choice.
> If you want mail to be stored in /var/mail/domain.tld/username then
> the above will accomplish that.
> 
> I'm unsure what you mean by "unpriv" - postfix does not execute
> setuid root programs, so in that sense, everything is unprivileged.

Thanks for the validation.  As for the unpriv - I was just going off the table 
headers in master.cf


> > My second question is what happens when deliverquota refuses to
> deliver the mail because the Maildir is over quota?  Does postfix try
> to deliver a DNS?
> >
> >
> 
> That depends on the status deliverquota returns to postfix.
> If it's a temporary error, the message will be deferred and retried
> later.
> If it's a permanent error, the message will be rejected and postfix
> will
> generate a DSN back to the originator.

Okay - either will be great so long as the permanent error is something about 
over quota.  Or can be customised as such.  Thanks for the pointers.

Re: minor typo in Postfix's change log

[Jeroen Geilman]

On 03/28/2011 02:59 PM, Lima Union wrote:

[1] postfix/verify[3209]: close database
/var/lib/postfix/verify_cache.db: No such file or directory
   


Are you USING sender or recipient verification ?

If so, does the verify daemon run chrooted ?


--
J.

Postfix problem across the LAN

[Anne Wilson]

Back in 2006 this list helped me set up Postfix on my server box in such a way 
that it separated local (LAN) mail from external mail, and it has worked well 
ever since.  On my local boxes and laptops I set up transport in a very 
similar way, sending external mail to my ISP's smtp server, and sending LAN 
mail to my mail server box, where it was delivered to users' Inboxes.

Now I want to extend that.  Specifically I want to be able to run Logwatch on 
this laptop, for instance, and have the report go to the server box, and here 
I came unstuck.  I have tried everything I can think of, but feel that I'm now 
thrashing about.  My last effort was to set Transport to send everything to 
192.168.0.40.  When I ran Logwatch, this is what happened:

The original message was received at Mon, 28 Mar 2011 14:17:49 +0100
from tosh [127.0.0.1]

   - The following addresses had permanent fatal errors -
a...@lydgate.org
(reason: 550 Host unknown)
(expanded from: )

   - Transcript of session follows -
550 5.1.2 a...@lydgate.org... Host unknown (Name server: 192.168.0.40: host 
not found)

Can you please help me find and fix the problem?

Thanks

Anne
-- 
New to KDE Software? - get help from http://userbase.kde.org


signature.asc
Description: This is a digitally signed message part.

Re: minor typo in Postfix's change log

[Wietse Venema]

Jeroen Geilman:
> On 03/28/2011 02:59 PM, Lima Union wrote:
> > [1] postfix/verify[3209]: close database
> > /var/lib/postfix/verify_cache.db: No such file or directory
> 
> Are you USING sender or recipient verification ?

The same bogus error may be reported with the tlsmgr(8) session
cache and with the postscreen(8) whitelist cache. Apparently it
happens in programs that use the first/next iterator; Postfix
uses that for cache cleanup.

Wietse

postfix can't open local recipient file .db extension

[motty.cruz]

Hello, 

I'm running Postfix on FreeBSD 8.2. Postfix complaints about this line in my
configuration 
local_recipient_database = hash:/usr/local/etc/postfix/userdb,
hash:/usr/local/etc/postfix/uservirt

The error:
postfix/smtpd[1476]: fatal: open database /usr/local/etc/postfix/userdb.db:
Invalid argument

my Configuration:
alias_database = hash:/usr/local/etc/postfix/aliases
smtpd_sender_restrictions = reject_unknown_sender_domain,
reject_non_fqdn_sender,
permit_mynetworks
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_client_restrictions = hash:/usr/local/etc/postfix/access
smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_hostname,
reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
unknown_local_recipient_reject_code = 550
strict_rfc821_envolopes = yes
myorigin = domain.tls
myhostname = machine1.domain.tls
mydestination = domain1.tls, domain21.tls
mynetworks = 127.0.0.0/8, 
biff = no
smtpd_banner = machine1.domain.tls
message_size_limit = 5000
anvil_rate_time_unit = 2s
smtpd_error_sleep_time=0
local_recipient_maps = hash:/usr/local/etc/postfix/userdb,
hash:/usr/local/etc/postfix/uservirt
content_filter=smtp-amavis:[127.0.0.1]:10024
alternate_config_directories = /usr/local/etc/postfix-out

Any suggestions are welc ome. 
Thanks, 
-motty

Postfix 2.8.2 for Solaris

[İhsan Doğan]

Hello,

I've updated the Postfix packages for Solaris 10 to 2.8.2.

Features:
- Native SysV Solaris package
- Build with Sun Studio 12.1
- Linked against the native LDAP libraries
- No dependencies against 3rd party packages
- SMF support
- Sparse zone safe
- Jumpstart safe

More details and upgrade instructions are available on:
http://ihsan.dogan.ch/postfix/

For Sparc:
http://ihsan.dogan.ch/postfix/downloads/CNDpostfix-2.8.2,REV=110328-SunOS5.10-sparc.pkg.bz2

For x86:
http://ihsan.dogan.ch/postfix/downloads/CNDpostfix-2.8.2,REV=110328-SunOS5.10-i386.pkg.bz2

-- 
ih...@dogan.chhttp://blog.dogan.ch/

Re: Postfix problem across the LAN

[Jeroen Geilman]

On 03/28/2011 07:47 PM, Anne Wilson wrote:

Back in 2006 this list helped me set up Postfix on my server box in such a way
that it separated local (LAN) mail from external mail, and it has worked well
ever since.  On my local boxes and laptops I set up transport in a very
similar way, sending external mail to my ISP's smtp server, and sending LAN
mail to my mail server box, where it was delivered to users' Inboxes.

Now I want to extend that.  Specifically I want to be able to run Logwatch on
this laptop, for instance, and have the report go to the server box, and here
I came unstuck.  I have tried everything I can think of, but feel that I'm now
thrashing about.  My last effort was to set Transport to send everything to
192.168.0.40.  When I ran Logwatch, this is what happened:

The original message was received at Mon, 28 Mar 2011 14:17:49 +0100
from tosh [127.0.0.1]

- The following addresses had permanent fatal errors -
a...@lydgate.org
 (reason: 550 Host unknown)
 (expanded from:)

- Transcript of session follows -
550 5.1.2 a...@lydgate.org... Host unknown (Name server: 192.168.0.40: host
not found)
   


This will be caused by not wrapping a literal IP address inside []:

relayhost = [192.168.0.40]


Can you please help me find and fix the problem?
   

I doubt this is your real - or only - problem.

Include postconf -n and relevant logs for more constructive help.


--
J.

Re: postfix can't open local recipient file .db extension

[Jeroen Geilman]

On 03/28/2011 09:01 PM, motty.cruz wrote:


Hello,

I'm running Postfix on FreeBSD 8.2. Postfix complaints about this line 
in my configuration


local_recipient_database = hash:/usr/local/etc/postfix/userdb, 
hash:/usr/local/etc/postfix/uservirt




ITYM local_recipient_MAPS.


The error:

postfix/smtpd[1476]: fatal: open database 
/usr/local/etc/postfix/userdb.db: Invalid argument




Did you run postmap(8) on it ?

local_recipient_maps = hash:/usr/local/etc/postfix/userdb, 
hash:/usr/local/etc/postfix/uservirt




This one is correct; all you're missing is

$ postmap /usr/local/etc/postfix/userdb

(and also uservirt, if you forgot that)

--
J.

Re: minor typo in Postfix's change log

[John]

On 3/28/2011 8:59 AM, Lima Union wrote:

Hi, while looking in the change log for some info about an issue I'm
having[1] I found a simple typo in the date specified as shown here:

20200102

Workaround: don't report bogus Berkeley DB close errors as
fatal errors. All operations before close are already error
checked, so the data is known to be safe.  File: util/dict_db.c.

Didn't know to how to report this in another way (without 'spamming' the ML).
Regards.

[1] postfix/verify[3209]: close database
/var/lib/postfix/verify_cache.db: No such file or directory

I don't think that is the problem, "20200102" as a date seems a off?

--
"All that is necessary for the triumph of evil is that good men do nothing." 
(Edmund Burke)

Re: postfix can't open local recipient file .db extension

[Jeroen Geilman]

On 03/28/2011 10:30 PM, motty.cruz wrote:


Hello Jeroen,

I appreciate your support very much.

In my main.cf file I had

local_recipient_database = hash:/usr/local/etc/postfix/userdb, 
hash:/usr/local/etc/postfix/uservirt


That line above does not give me any errors

but you're right it does not work, because I get the following in my logs:

NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 
: Recipient address rejected: User unknown in local 
recipient table; from= 
to=proto=SMTP helo=




That would be because the above is not a valid postfix configuration 
setting, as I already explained.



But if I change the line above to:

local_recipient_maps = hash:/usr/local/etc/postfix/userdb, 
hash:/usr/local/etc/postfix/uservirt


that when I get the error:

fatal: open database /usr/local/etc/postfix/userdb.db: Invalid argument

I do not think is permission problems,

-rw-r--r--   1 root  wheel  1232896 Mar 28 11:13 userdb.db



1.2 MEGAbytes ? Really ?
I am curious what exactly the postmap command was.


-rw-r--r--   1 root  wheel16384 Mar 28 11:13 uservirt.db

Thank you very much for your help,



Please, reply to the LIST, and don't TOP-POST.
2 very simple rules to make everybody's life easier.



-motty

*From:* Jeroen Geilman [mailto:jer...@adaptr.nl]
*Sent:* Monday, March 28, 2011 1:19 PM
*To:* motty.cruz
*Subject:* Re: postfix can't open local recipient file .db extension

On 03/28/2011 10:03 PM, motty.cruz wrote:

Thanks for your prompt reply.

Yes I did run

Postmap /usr/local/etc/postfix/userdb & uservirt


That is hardly a valid command.

Again, you need to be sure which setting you actually changed - is it 
local_recipient_database or local_recipient_maps ?


Assigning a value to an unknown parameter will not throw an error, but 
it won't work, either.



I'm not sure what could be the issue

# postconf -m

btree

cdb

cidr

environ

hash

internal

nis

pcre

proxy

regexp

static

tcp

texthash

unix

it support hash,

any suggestions?

Thanks,

-motty

*From:* owner-postfix-us...@postfix.org 
 
[mailto:owner-postfix-us...@postfix.org] *On Behalf Of *Jeroen Geilman

*Sent:* Monday, March 28, 2011 12:40 PM
*To:* postfix-users@postfix.org 
*Subject:* Re: postfix can't open local recipient file .db extension

On 03/28/2011 09:01 PM, motty.cruz wrote:

Hello,

I'm running Postfix on FreeBSD 8.2. Postfix complaints about this line 
in my configuration


local_recipient_database = hash:/usr/local/etc/postfix/userdb, 
hash:/usr/local/etc/postfix/uservirt



ITYM local_recipient_MAPS.



The error:

postfix/smtpd[1476]: fatal: open database 
/usr/local/etc/postfix/userdb.db: Invalid argument



Did you run postmap(8) on it ?



local_recipient_maps = hash:/usr/local/etc/postfix/userdb, 
hash:/usr/local/etc/postfix/uservirt



This one is correct; all you're missing is

$ postmap /usr/local/etc/postfix/userdb

(and also uservirt, if you forgot that)



--
J.


No virus found in this message.
Checked by AVG - www.avg.com 
Version: 10.0.1204 / Virus Database: 1498/3535 - Release Date: 03/28/11




--
J.


No virus found in this message.
Checked by AVG - www.avg.com 
Version: 10.0.1204 / Virus Database: 1498/3535 - Release Date: 03/28/11




--
J.