Re: reinjection via unix socket
Hello Wietse, Am Thu, 14 Jul 2011 12:08:34 -0400 (EDT) Wietse Venema schrieb: > If the connection is not AF_INET or AF_INET6, Postfix pretends it > is localhost[127.0.0.1]. thanks. This helps a lot! I just had a quick scan over the docs and couldn't find this info. Thanks Lars
Re: Large ISP which use Postfix
Zitat von Stan Hoeppner : On 7/14/2011 6:58 AM, Peter Tselios wrote: Hallo, I need to prepare a presentation for my company because we plan to deploy a new mail system. I need to know the names of some medium to large ISPs that uses Postfix as their SMTP server. Do you know where I can find that information? It may be worth noting that the open source Zimbra integrated messaging suite uses Postfix as its MTA component. Some noteworthy Postfix using sites in the USA: 1. Stanford University's 4 MX hosts run Postfix http://www.stanford.edu One of the leading research universities in US Cisco Systems powers the internet and was born at Stanford: http://www.stanford.edu/group/wellspring/cisco_spotlight.html Current enrollment 19,535 Graduate students 12,595 mx2.stanford.edu. 1800IN A 171.67.219.72 mx3.stanford.edu. 1800IN A 171.67.219.73 mx4.stanford.edu. 1800IN A 171.67.219.74 mx1.stanford.edu. 1800IN A 171.67.219.71 2. NASA's 6 MX hosts run Postfix http://www.nasa.gov ndmsnpf02.ndc.nasa.gov. 600 IN A 198.117.0.122 ndjsnpf03.ndc.nasa.gov. 600 IN A 198.117.1.123 ndjsnpf01.ndc.nasa.gov. 600 IN A 198.117.1.121 ndmsnpf03.ndc.nasa.gov. 600 IN A 198.117.0.123 ndmsnpf01.ndc.nasa.gov. 600 IN A 198.117.0.121 ndjsnpf02.ndc.nasa.gov. 600 IN A 198.117.1.122 At least one of the big player in computer market is also using Postfix: goog@web:~# telnet smtp.hp.com 25 Trying 15.193.32.72... Connected to smtp.hp.com. Escape character is '^]'. 220 g6t0181.atlanta.hp.com ESMTP Postfix EHLO kwsoft.de 250-g6t0181.atlanta.hp.com 250-PIPELINING 250-SIZE 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN help 502 5.5.2 Error: command not recognized quit 221 2.0.0 Bye Connection closed by foreign host. goog@web:~# It should be obvious by now that many organisations around the world which value e-mail are using Postfix. Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: Σχετ: Large ISP which use Postfix
Peter Tselios wrote: > Do you work for them? Because, the server does not report it's name :( > > > T-Online in Hungary uses Postfix. > > $ host t-online.hu > t-online.hu has address 84.2.36.211 > t-online.hu mail is handled by 10 mx.t-online.hu. > $ telnet mx.t-online.hu 25 > Trying 84.2.44.11... > Connected to mx.t-online.hu. > Escape character is '^]'. > 220 mx04a.mail.t-online.hu ESMTP > help > 502 5.5.2 Error: command not recognized > quit > 221 2.0.0 Bye > Connection closed by foreign host. > Hi Peter, No, I don't work for them. The error message after the "help" command confirms the fact that this is postfix. Referece: http://www.mail-archive.com/postfix-users@postfix.org/msg36298.html HTH, Mikael
Keep backup of mails
Hi folks :-) This it my first post.. reading howto of postfix I understand how keep a copy of all email that forward my postfix. I've only one production server, I'd like keep copy (on this server) of all emails. carbon copy :-) How can configure postfix to keep emails? thanks! Pol PS: I use debian stable
Re: TLS yes, but no SSL connection
Le 14/07/2011 13:21, Axel Braun a écrit : > Am Donnerstag, 14. Juli 2011 schrieb Patrick Ben Koetter: > What is the problem? How can I enable SSL additionally? p@p:~$ grep smtps /etc/services ssmtp 465/tcp smtps # SMTP over SSL >>> >>> Thanks. I added the entra, restartet the network and postfix, but still >>> dont see SSL enabled >> >> You need to enable the 'smtps' service in Postfix master.cf. > > That helped, Thanks! > Axel note that Thunderbird and Apple Mail support STARTTLS. STARTTLS is the standard. so clients are encouraged to use it, so that one day we will be able to get rid of the non standard smtps (whishful thinking?).
Re: Keep backup of mails
On 15/7/2011 11:48 πμ, Pol Hallen wrote: I've only one production server, I'd like keep copy (on this server) of all emails. carbon copy :-) Use: always_bcc = mailstore@localhost See: http://www.postfix.org/postconf.5.html Nick smime.p7s Description: S/MIME Cryptographic Signature
Re: TLS yes, but no SSL connection
Am 15.07.2011 11:02, schrieb mouss: > STARTTLS is the standard. so clients are encouraged to use it, so that > one day we will be able to get rid of the non standard smtps (whishful > thinking?) what is in case of 465 non-standard? [root@srv-rhsoft:~]$ cat /etc/services | grep smtps smtps 465/tcp # SMTP over SSL (TLS) # /etc/services: # $Id: services,v 1.42 2006/02/23 13:09:23 pknirsch Exp $ # # Network services, Internet style # The latest IANA port assignments can be gotten from # http://www.iana.org/assignments/port-numbers # The Well Known Ports are those from 0 through 1023. # The Registered Ports are those from 1024 through 49151 # The Dynamic and/or Private Ports are those from 49152 through 65535 # # Each line describes one service, and is of the form: # service-name port/protocol [aliases ...] [# comment] signature.asc Description: OpenPGP digital signature
Re: TLS yes, but no SSL connection
Le 15/07/2011 11:15, Reindl Harald a écrit : > > > Am 15.07.2011 11:02, schrieb mouss: > >> STARTTLS is the standard. so clients are encouraged to use it, so that >> one day we will be able to get rid of the non standard smtps (whishful >> thinking?) > > what is in case of 465 non-standard? > > [root@srv-rhsoft:~]$ cat /etc/services | grep smtps > smtps 465/tcp # SMTP over SSL (TLS) > standards are defined in RFCs, not in /etc/services. > > # /etc/services: > # $Id: services,v 1.42 2006/02/23 13:09:23 pknirsch Exp $ > # > # Network services, Internet style > # The latest IANA port assignments can be gotten from > # http://www.iana.org/assignments/port-numbers Here, the above URL contains: urd 465/tcpURL Rendesvous Directory for SSM igmpv3lite 465/udpIGMP over UDP for SSM > # The Well Known Ports are those from 0 through 1023. > # The Registered Ports are those from 1024 through 49151 > # The Dynamic and/or Private Ports are those from 49152 through 65535 > # > # Each line describes one service, and is of the form: > # service-name port/protocol [aliases ...] [# comment] >
Re: reinjection via unix socket
Lars T?uber: > Hello Wietse, > > Am Thu, 14 Jul 2011 12:08:34 -0400 (EDT) > Wietse Venema schrieb: > > If the connection is not AF_INET or AF_INET6, Postfix pretends it > > is localhost[127.0.0.1]. > > thanks. This helps a lot! > I just had a quick scan over the docs and couldn't find this info. This is part of first-generation hard-coded behavior that still needs to be finished (in this case, the surrogate name and address will need to be configurable). Wietse
Re: Large ISP which use Postfix
On 7/14/2011 5:55 PM, Stan Hoeppner wrote: > On 7/14/2011 6:58 AM, Peter Tselios wrote: >> Hallo, >> I need to prepare a presentation for my company because we plan to >> deploy a new mail system. I need to know the names of some medium to large >> ISPs that uses Postfix as their SMTP server. Do you know where I can find >> that information? > It may be worth noting that the open source Zimbra integrated messaging > suite uses Postfix as its MTA component. > > Some noteworthy Postfix using sites in the USA: > > 1. Stanford University's 4 MX hosts run Postfix > http://www.stanford.edu > One of the leading research universities in US > Cisco Systems powers the internet and was born at Stanford: > http://www.stanford.edu/group/wellspring/cisco_spotlight.html > Current enrollment 19,535 > Graduate students 12,595 > mx2.stanford.edu. 1800IN A 171.67.219.72 > mx3.stanford.edu. 1800IN A 171.67.219.73 > mx4.stanford.edu. 1800IN A 171.67.219.74 > mx1.stanford.edu. 1800IN A 171.67.219.71 > > 2. NASA's 6 MX hosts run Postfix > http://www.nasa.gov > ndmsnpf02.ndc.nasa.gov. 600 IN A 198.117.0.122 > ndjsnpf03.ndc.nasa.gov. 600 IN A 198.117.1.123 > ndjsnpf01.ndc.nasa.gov. 600 IN A 198.117.1.121 > ndmsnpf03.ndc.nasa.gov. 600 IN A 198.117.0.123 > ndmsnpf01.ndc.nasa.gov. 600 IN A 198.117.0.121 > ndjsnpf02.ndc.nasa.gov. 600 IN A 198.117.1.122 Some additions: 3. United States Navy. The US Navy currently has ~333,000 personnel. 3 MX hosts for navy.mil all running Postfix mx13.nmci.navy.mil. 600 IN A 138.162.5.133 mx15.nmci.navy.mil. 600 IN A 138.163.129.68 mx14.nmci.navy.mil. 600 IN A 138.163.1.68 4. Embarq and CenturylTel merged to become CenturyLink. In 2008 they had a combined 2 million subscribers. Synacor provides all customer email services and uses the eCelerity MTA, which is based on Postfix. Today CenturyLink is likely the 10th largest US ISP based on subscriber count. mailrelay.embarq.synacor.com. 300 INA 208.47.184.3 5. Windstream.net, 12th largest US ISP, 1 million subscribers in 2008 mx01.windstream.net.900 IN A 162.39.147.49 6. MessageLabs. According to this press release: http://tinyurl.com/6gxbpfw MessageLabs was running eCelerity across 1300 servers in 2006 eCelerity is now a Message Systems, Inc concern embedded within their Message Central product. cluster6a.eu.messagelabs.com. 900 INA 193.109.254.3 cluster6a.eu.messagelabs.com. 900 INA 85.158.136.67 cluster6.eu.messagelabs.com. 900 IN A 85.158.136.67 cluster6a.eu.messagelabs.com. 900 INA 85.158.136.83 cluster6.eu.messagelabs.com. 900 IN A 195.245.230.51 cluster6.eu.messagelabs.com. 900 IN A 193.109.254.3 cluster6a.eu.messagelabs.com. 900 INA 195.245.230.83 cluster6.eu.messagelabs.com. 900 IN A 85.158.136.51 cluster6a.eu.messagelabs.com. 900 INA 85.158.136.51 cluster6.eu.messagelabs.com. 900 IN A 195.245.230.83 cluster6a.eu.messagelabs.com. 900 INA 195.245.231.196 cluster6.eu.messagelabs.com. 900 IN A 85.158.136.83 In this case it appears they've replaced the 500 5.5.2 unrecognized command error with with a custom message: 214 See http://www.messagelabs.com/support Some of the Synacor systems do this as well, while others have the standard Postfix return message. Viktor how much email does MessageLabs handle? I know it's big but I have no direct knowledge of their numbers. -- Stan
Re: Large ISP which use Postfix
Stan Hoeppner: > In this case it appears they've replaced the 500 5.5.2 unrecognized > command error with with a custom message: > 214 See http://www.messagelabs.com/support > Some of the Synacor systems do this as well, while others have > the standard Postfix return message. Messagelabs replies with: 502 unimplemented (#5.5.1) That looks like qmail to me. No other MTA that I know of implements enhanced status codes by putting them as (#X.Y.Z) inside free text. Wietse
vacation reply only for a list of addresses ?
Hello I' searching for ( if exists ... ) a vacation utility that respond ONLY to validated addresses ( those in a list for example ) to avoid the sending of a "real" addresses to spambots . Thanks for any infos
Re: vacation reply only for a list of addresses ?
On 07/15/2011 05:38 PM, Frank Bonnet wrote: Hello I' searching for ( if exists ... ) a vacation utility that respond ONLY to validated addresses ( those in a list for example ) to avoid the sending of a "real" addresses to spambots . Thanks for any infos Forget it ! I found the answer just after posting http://wiki.dovecot.org/LDA/Sieve#Vacation_auto-reply Sorry for the noise
Re: Large ISP which use Postfix
2011/7/14 Peter Tselios : > Hallo, > I need to prepare a presentation for my company because we plan to > deploy a new mail system. I need to know the names of some medium to large > ISPs that uses Postfix as their SMTP server. Do you know where I can find > that information? > Thanks > Peter Maybe you could try to use smtpscan[1] to guess which mail software is used on remote servers you want. HTH [1]: http://packetstormsecurity.org/search/files/?q=smtpscan
Anyone solely using SMTP Auth for outbound mail?
We are an ISP of about 60,000 customers, and in the past our systems were setup to allow networks from mynetworks (a large number of IPs) as well as a lookup table that allows users who have previously popped the server to relay mail. We recently added SMTP Auth capability, and are seriously considering moving solely to SMTP Auth for access to our outbound mail system. Our reasoning is that compromised computers on our allowed networks are free to send all the spam they want and we really don't have a good way to track what users are sending the spam. We do have outbound email filtering, so the spam doesn't leave the network. Another reason for wanting to drop mynetworks and pop before smtp is simplification of our systems. Keeping up with the IPs in mynetworks is a hassle, and the pop before smtp seems redundant when you think these customers could be authenticating with SMTP Auth. The best feature of SMTP Auth in our opinion is that it leaves an audit trail of who is sending email, in what quantity, and where they are connecting from, which allows us to track spammers more effectively. To summarize, we think SMTP Auth is the simplest and most useful way to allow people to send mail through our outbound mail system, and we are hoping to get some feedback from the community regarding this perspective. Thanks.
RE: Anyone solely using SMTP Auth for outbound mail?
> To summarize, we think SMTP Auth is the simplest and most useful way to > allow people to send mail through our outbound mail system, and we are > hoping to get some feedback from the community regarding this > perspective. Yes and No. for 99% of our client base, we use SMTP auth. We have a couple enterprise class customers that we relay for that have a very defined IP set, which we use an exception file for (as they have their own user/logins on their side). I could probably go 100% without any critical impact. We have/had some software in place that would collect stats on outgoing rates per login and throttle/disable the account if it exceeded a particular limit, which means simply disabling the SMTP AUTH for that single account. I'd recommend it myself.
limiting postfix to send mail to one domain
Hello, I want to restrict postfix to only send mail to our domain, yet to no others. In other words, I want to set it up to not send mail to any outside address and only to accounts within our domain (anyuser@our_domain_only.com). This is a test server and is not a mail server, per say. Postfix will only be send mail for users who are logged into it. (SuSE 11.4) Could someone point me to a howto for mail restrictions when sending. Many thanks, James
Re: limiting postfix to send mail to one domain
On 15/07/11 22:25, James D. Parra wrote: > Hello, > > I want to restrict postfix to only send mail to our domain, yet to no others. > In other words, I want to set it up to not send mail to any outside address > and only to accounts within our domain (anyuser@our_domain_only.com). This is > a test server and is not a mail server, per say. Postfix will only be send > mail for users who are logged into it. (SuSE 11.4) > > Could someone point me to a howto for mail restrictions when sending. > > Many thanks, > > James > Maybe have error as default transport, and a special transport (in transport map) for local domain ?
Re: limiting postfix to send mail to one domain
James D. Parra: > Hello, > > I want to restrict postfix to only send mail to our domain, yet to no others. > In other words, I want to set it up to not send mail to any outside address > and only to accounts within our domain (anyuser@our_domain_only.com). This is > a test server and is not a mail server, per say. Postfix will only be send > mail for users who are logged into it. (SuSE 11.4) > > Could someone point me to a howto for mail restrictions when sending. Something like this: /etc/postfix/main.cf: transport_maps = pcre:/etc/postfix/transport.pcre /etc/postfix/transport.pcre: /@(example\.com)$/ smtp:$1 /(.+)/ error:5.7.1 Mail to $1 is prohibited See also: http://www.postfix.org/transport.5.html http://www.postfix.org/error.8.html http://www.postfix.org/pcre_table.5.html It does not block user%elsewh...@example.com, nor does it stop elsewhere!u...@example.com. These are left as an exercise for the reader. Wietse
Re: limiting postfix to send mail to one domain
Erwan David: > On 15/07/11 22:25, James D. Parra wrote: > > Hello, > > > > I want to restrict postfix to only send mail to our domain, yet to no > > others. In other words, I want to set it up to not send mail to any outside > > address and only to accounts within our domain > > (anyuser@our_domain_only.com). This is a test server and is not a mail > > server, per say. Postfix will only be send mail for users who are logged > > into it. (SuSE 11.4) > > > > Could someone point me to a howto for mail restrictions when sending. > > > > Many thanks, > > Maybe have error as default transport, and a special transport (in > transport map) for local domain ? Yup, that would do the trick. Wietse
Re: limiting postfix to send mail to one domain
Wietse Venema: > Erwan David: > > On 15/07/11 22:25, James D. Parra wrote: > > > Hello, > > > > > > I want to restrict postfix to only send mail to our domain, yet to no > > > others. In other words, I want to set it up to not send mail to any > > > outside address and only to accounts within our domain > > > (anyuser@our_domain_only.com). This is a test server and is not a mail > > > server, per say. Postfix will only be send mail for users who are logged > > > into it. (SuSE 11.4) > > > > > > Could someone point me to a howto for mail restrictions when sending. > > > > > > Many thanks, > > > > Maybe have error as default transport, and a special transport (in > > transport map) for local domain ? > > Yup, that would do the trick. /etc/postfix/main.cf: default_transport = error:5.7.1 This destination is prohibited. transport_maps = hash:/etc/postfix/transport /etc/postfix/transport: example.com smtp: This avoids regular expressions, and also has the same limitation of not stopping user%elsewh...@example.com of elsewhere!u...@example.com. To stop that, specify: /etc/postfix/main.cf: swap_bangpath = no allow_percent_hack = no Wietse
Re: limiting postfix to send mail to one domain
Am 15.07.2011 22:25, schrieb James D. Parra: > Hello, > > I want to restrict postfix to only send mail to our domain, yet to no others. > In other words, I want to set it up to not send mail to any outside address > and only to accounts within our domain (anyuser@our_domain_only.com). This is > a test server and is not a mail server, per say. Postfix will only be send > mail for users who are logged into it. (SuSE 11.4) > > Could someone point me to a howto for mail restrictions when sending. default_transport = error:5.1.2 mail to remote domains not permitted local_transport = error:5.1.2 local transport not permitted relay_transport = error:5.1.2 relay transport not permitted virtual_transport = error:5.1.2 virtual transport not permitted this works if your domain(s) have a explicit transport entry like "dbmail-lmtp:127.0.0.1:24" or whatever matches to your MDA signature.asc Description: OpenPGP digital signature
Re: limiting postfix to send mail to one domain
> Yup, that would do the trick. /etc/postfix/main.cf: default_transport = error:5.7.1 This destination is prohibited. transport_maps = hash:/etc/postfix/transport /etc/postfix/transport: example.com smtp: This avoids regular expressions, and also has the same limitation of not stopping user%elsewh...@example.com of elsewhere!u...@example.com. To stop that, specify: /etc/postfix/main.cf: swap_bangpath = no allow_percent_hack = no Wietse That worked perfectly. Thank you Erwan & Wieste for the clear details and the amazing response time. Much obliged, James
Re: Large ISP which use Postfix
On 7/15/2011 8:46 AM, Wietse Venema wrote: > Stan Hoeppner: >> In this case it appears they've replaced the 500 5.5.2 unrecognized >> command error with with a custom message: >> 214 See http://www.messagelabs.com/support >> Some of the Synacor systems do this as well, while others have >> the standard Postfix return message. > > Messagelabs replies with: 502 unimplemented (#5.5.1) > > That looks like qmail to me. No other MTA that I know of implements > enhanced status codes by putting them as (#X.Y.Z) inside free text. Telnet'ing the first two Messagelabs MX hosts in the list I provided, entering 'help' returns: 214 See http://www.messagelabs.com/support Maybe I'm doing something wrong. -- Stan
RE: Large ISP which use Postfix
> -Original Message- > From: owner-postfix-us...@postfix.org > [mailto:owner-postfix-us...@postfix.org] On Behalf Of Frank Bonnet > Sent: Thursday, July 14, 2011 10:08 PM > To: postfix-users@postfix.org > Subject: Re: Large ISP which use Postfix > > Anyone knows what Google or Hotmail use ? I'm over 90% sure they each rolled their own.
Re: Anyone solely using SMTP Auth for outbound mail?
On 7/15/2011 3:15 PM, l...@airstreamcomm.net wrote: > To summarize, we think SMTP Auth is the simplest and most useful way to > allow people to send mail through our outbound mail system, and we are > hoping to get some feedback from the community regarding this perspective. If I understand your architecture correctly, doing this won't stop bot infected PCs from sending spam as that is almost always direct to MX. Preventing customers, at the router/firewall(s) from making direct outbound connection to remote TCP 25, and forcing them to relay through your auth server, is what stops the bot spam. For customers intentionally sending spam either newbies spamming from Outlook Express to customers with full up snowshoe servers, forcing SMTP AUTH may prove advantageous, for the reasons you stated. -- Stan
Re: Large ISP which use Postfix
On 7/15/2011 5:55 PM, Murray S. Kucherawy wrote: >> -Original Message- >> From: owner-postfix-us...@postfix.org >> [mailto:owner-postfix-us...@postfix.org] On Behalf Of Frank Bonnet >> Sent: Thursday, July 14, 2011 10:08 PM >> To: postfix-users@postfix.org >> Subject: Re: Large ISP which use Postfix >> >> Anyone knows what Google or Hotmail use ? > > I'm over 90% sure they each rolled their own. Hotmail uses Microsoft's SMTP server. Read about the conversion from BSD to Windows after Microsoft bought Hotmail: http://technet.microsoft.com/en-us/library/bb496985.aspx -- Stan
Re: Large ISP which use Postfix
On 7/15/2011 6:01 PM, Stan Hoeppner wrote: > A. Newer versions of eCelerity use a different MTA > B. They changed the code to make the help message user configurable C. Stan didn't read the return codes thoroughly enough. I believe the correct answer is C. :( -- Stan
Re: Large ISP which use Postfix
> > MessageLabs do not respond with postfix-ish error messages. I mentioned earlier that they reply with a distinct qmail-ish twang when I send an unimplemented command: 220 server-6.tower-36.messagelabs.com ESMTP foobar 502 unimplemented (#5.5.1) No other MTA that I know of implements enhanced status codes by putting them as (#X.Y.Z) within free text. Wietse
