Multiple entries transport maps

[Jacopo Cappelli]

Hi, can i have multiple entries on transport maps of same domain?
Example:

/etc/postfix/transport
example.com  smtp:[1.1.1.1]
example.com  smtp:[2.2.2.2]
example.com  smtp:[3.3.3.3]


If one server go down i want to send with other mail server.
It's possible?



Thanks,
Jacopo

-- 
Linux, Windows Xp ed MS-DOS
(anche conosciuti come il Bello, il Brutto ed il Cattivo).
-- Matt Welsh

Re: Multiple entries transport maps

[Ralf Hildebrandt]

* Jacopo Cappelli :
> Hi, can i have multiple entries on transport maps of same domain?
> Example:
> 
> /etc/postfix/transport
> example.com  smtp:[1.1.1.1]
> example.com  smtp:[2.2.2.2]
> example.com  smtp:[3.3.3.3]

No.
 
> If one server go down i want to send with other mail server.
> It's possible?

Use MX records.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

need postfix-to-mailman.py for opensuse 11.4

[J. Bakshi]

Hello,

This is a opensuse 11.4 box with postfix installed and functional.
I have installed mailman also and need to configure with postfix.
postfix-to-mailman.py is required to call it from main.cf but it
is not shipped with the mailman !!! 

I have reconfirmed by "rpm -qal mailman | grep .py | grep postfix"
No luck ...
How can I get a suitable postfix-to-mailman.py ?
The mailman version installed here is mailman-2.1.14-4.7.1.x86_64

TIA

Re: need postfix-to-mailman.py for opensuse 11.4

[Duken Marga]

get it at http://www.gurulabs.com/downloads/postfix-to-mailman-2.1.py


On Fri, Aug 26, 2011 at 5:52 PM, J. Bakshi  wrote:
> Hello,
>
> This is a opensuse 11.4 box with postfix installed and functional.
> I have installed mailman also and need to configure with postfix.
> postfix-to-mailman.py is required to call it from main.cf but it
> is not shipped with the mailman !!!
>
> I have reconfirmed by "rpm -qal mailman | grep .py | grep postfix"
> No luck ...
> How can I get a suitable postfix-to-mailman.py ?
> The mailman version installed here is mailman-2.1.14-4.7.1.x86_64
>
> TIA
>



-- 
Duken Marga

Re: need postfix-to-mailman.py for opensuse 11.4

[J. Bakshi]

Thanks a lot
Hope this will work with the mailman version installed here.


On Fri, 26 Aug 2011 18:03:41 +0700
Duken Marga  wrote:

> get it at http://www.gurulabs.com/downloads/postfix-to-mailman-2.1.py
> 
> 
> On Fri, Aug 26, 2011 at 5:52 PM, J. Bakshi  wrote:
> > Hello,
> >
> > This is a opensuse 11.4 box with postfix installed and functional.
> > I have installed mailman also and need to configure with postfix.
> > postfix-to-mailman.py is required to call it from main.cf but it
> > is not shipped with the mailman !!!
> >
> > I have reconfirmed by "rpm -qal mailman | grep .py | grep postfix"
> > No luck ...
> > How can I get a suitable postfix-to-mailman.py ?
> > The mailman version installed here is mailman-2.1.14-4.7.1.x86_64
> >
> > TIA
> >
> 
> 
> 

Webmin as an admin tool?

[John]

I do not want to start a flam war, but what are the thoughts on using 
webmin as a tool to administer postfix (+ dovecot, but that is outside 
this group).

TIA
John Allen

--
"All that is necessary for the triumph of evil is that good men do nothing." 
(Edmund Burke)

Re: Webmin as an admin tool?

[Reindl Harald]

Am 26.08.2011 19:28, schrieb John:
> I do not want to start a flam war, but what are the thoughts on using webmin
> as a tool to administer postfix (+dovecot, but that is outside this group)

missing knowledges, inwilling to learn and the naive hope a GUI
which is hiding complex things behind some beautiful windows
will be an anlterantive to learn how things are working



signature.asc
Description: OpenPGP digital signature

Re: Webmin as an admin tool?

[Wietse Venema]

John:
> I do not want to start a flam war, but what are the thoughts on using 
> webmin as a tool to administer postfix (+ dovecot, but that is outside 
> this group).

The following is not specific to GUIs, but applies to any program
that automatically parses and updates configuration.  Be careful
about making changes by hand - the tool (GUI or otherwise) may not
understand everything.

Wietse

Per IP per domain restriction

[Munroe Sollog]

In an attempt to work around existing infrastructure, I am trying to restrict, 
by sender domain, what mail is accepted from certain IPs.  My thought at the 
moment is the lookup would look something like:

ip.add.re.ssdomain1.com, domain2.com

And if a connection is started from ip.add.re.ss with a sender of 
u...@domain3.com the message gets rejected.  Is there a way to do this in 
postfix?  I checked out Policydv2 as I thought this might fall under its 
purview, but after reading its configuration and documentation, I don't think 
it supports this out of the box.  Thanks.


Munroe Sollog
Digirati Consulting
sol...@digiraticonsulting.com
(610) 332-7234 x805

Re: Webmin as an admin tool?

[John]

My initial thought was to save my existing config, then use webmin to 
build a config and compare the two. if they are miles apart then drop 
the idea.
Part of my reasoning here is that I am getting old and I need to farm 
out some of my work, most of the people that I have been asked to look 
at are not CLI literate and are not particularly keen on becoming so.

TTYL
John Allen

John:

I do not want to start a flam war, but what are the thoughts on using
webmin as a tool to administer postfix (+ dovecot, but that is outside
this group).

The following is not specific to GUIs, but applies to any program
that automatically parses and updates configuration.  Be careful
about making changes by hand - the tool (GUI or otherwise) may not
understand everything.

Wietse



--
"All that is necessary for the triumph of evil is that good men do nothing." 
(Edmund Burke)

Re: Webmin as an admin tool?

[Glenn English]

On Aug 26, 2011, at 11:28 AM, John wrote:

> what are the thoughts on using webmin as a tool to administer postfix

Webmin saved my life when I started (about 10 years ago) to put a computer on 
the Internet. I used it not only as a tool to admin stuff, but as a tool to 
understand the configuration(s). I still use it for some things, but have 
tended toward the wonderful admin tool, vi :-)

I've sometimes noticed holes in it, but for the basic things I was doing back 
then, it was fine.

-- 
Glenn English

Re: Webmin as an admin tool?

[Steffan A. Cline]

John,

I use Virtualmin to handle my configs and it works extremely well and have
had no issues. A couple clicks and everything is all done for you.
Manually configuring all these things that Virtualmin does for you would
take far longer. Of course, if it's a single user/domain situation,
Virtualmin could be overkill.

Stan helped me to get the spam prevention in place and I've had
maintenance free operation for quite some time now complaint free from my
users.


Thanks

Steffan

---
T E L  6 0 2 . 7 9 3 . 0 0 1 4 | F A X  6 0 2 . 9 7 1 . 1 6 9 4
Steffan A. Cline  
stef...@execuchoice.net Phoenix, Az
http://www.ExecuChoice.net  USA
AIM: SteffanC Skype : steffancline
GOOGLE : steffan.cl...@gmail.comMSN : stef...@hldns.com
YAHOO  : Steffan_Cline  ICQ : 57234309
---





On 8/26/11 10:28 AM, "John"  wrote:

>I do not want to start a flam war, but what are the thoughts on using
>webmin as a tool to administer postfix (+ dovecot, but that is outside
>this group).
>TIA
>John Allen
>
>-- 
>"All that is necessary for the triumph of evil is that good men do
>nothing." (Edmund Burke)

Re: postscreen stats

[/dev/rob0]

On Tuesday 23 August 2011 14:25:32 Wietse Venema wrote:
> Stan Hoeppner:
> > On 8/23/2011 9:10 AM, Kov?cs J?nos wrote:
> > > Thanks Ralf! It's amazing how much spam the pregreet test and a
> > > good RBL can catch. Do you have any data on how many spam
> > > emails survived postscreen?
> > 
> > Overall, Postscreen is no better nor worse at stopping spam than
> > what we've all been doing via SMTPD for many years.  It simply
> > decreases the number of SMTPD processes required to do so, hence
> > decreasing server load and allowing more processing of
> > legitimate mail.
> > 
> > Postscreen is no magic bullet, it's overall "catch rate" being
> > little different than setups without Postscreen.
> 
> Agreed. Postscreen's main goal is to reduce mail server load, so
> that you can postpone that forklift upgrade.
> 
> Postscreen also stops a few percent of spambots that popular DNSBLs
> miss, but at this time, that is only a minor benefit.

I'm going to disagree, slightly, with Stan and Wietse. The DNSBL 
scoring feature was formerly only available via a policy service, and 
it seems to have improved my spam blocking somewhat. I have aggressive 
DNSBLs, which I'd never trust for reject_rbl_client, set with low 
scores.

Granted, my pre-postscreen spam blocking was pretty good. I'm sure 
we're only looking at a fraction of a percent here. Every little bit 
helps.
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: Webmin as an admin tool?

[Robert Schetterer]

Am 26.08.2011 19:56, schrieb Reindl Harald:
> 
> 
> Am 26.08.2011 19:28, schrieb John:
>> I do not want to start a flam war, but what are the thoughts on using webmin
>> as a tool to administer postfix (+dovecot, but that is outside this group)
> 
> missing knowledges, inwilling to learn and the naive hope a GUI
> which is hiding complex things behind some beautiful windows
> will be an anlterantive to learn how things are working
> 

i use it on relay setups , for editing
i.e relay users,domains tables for windows guys
who dont know ssh etc
i wouldnt recommend it as general tool, but in parts it can be very
helpfull, you may use a seperate webmin user and restrict/hide editing
parameter settings etc
-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: Webmin as an admin tool?

[/dev/rob0]

[ Please do not top-post your replies. Top-posting fixed. ]

On Friday 26 August 2011 13:18:54 John wrote:
> > Wietse:
> > John:
> >> I do not want to start a flam war, but what are the thoughts on
> >> using webmin as a tool to administer postfix (+ dovecot, but
> >> that is outside this group).
> > 
> > The following is not specific to GUIs, but applies to any program
> > that automatically parses and updates configuration.  Be careful
> > about making changes by hand - the tool (GUI or otherwise) may
> > not understand everything.
> > 
> My initial thought was to save my existing config, then use webmin
> to build a config and compare the two. if they are miles apart
> then drop the idea.

Oh, no, I would never consider something like that to be able to 
generate a MTA configuration from scratch. It can only be as good as 
the coder who wrote it, and do note, that individual is a programmer, 
not a sysadmin. Those who are proficient at both are rare.

The best sort of admin GUI I have seen is Samba's SWAT. It presents a 
basic interface with common settings, and can optionally show all 
smb.conf(5) settings. If uncommon settings are added to the smb.conf 
file, those will show up in the basic interface. Most important about 
SWAT are the complete hyperlinks to the smb.conf documentation. Syntax 
help and examples are right at your fingertips.

Something of that nature could rather easily be developed for Postfix, 
since we already have excellent and complete HTML documentation (look 
up anything_you_need in your own postconf.5.html#anything_you_need : 
every possible setting has its own anchor in the document.) But AFAIK 
no one has done this yet.

> Part of my reasoning here is that I am getting old and I need to
> farm out some of my work, most of the people that I have been
> asked to look at are not CLI literate and are not particularly
> keen on becoming so. TTYL

Webmin, such as it is, is probably fine for simple tasks you might 
wish to delegate to non-technical people, such as user and alias 
management. A person who does not understand a Unix CLI probably also 
does not understand email, and for that person to be tinkering with 
Postfix settings is a bad idea.
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: Per IP per domain restriction

[Wietse Venema]

Munroe Sollog:
> In an attempt to work around existing infrastructure, I am trying
> to restrict, by sender domain, what mail is accepted from certain
> IPs.  My thought at the moment is the lookup would look something
> like:
> 
> ip.add.re.ss  domain1.com, domain2.com

This, of course, works only for a small number of domains that you
are intimately familiar with. 

If this were implemented with Postfux built-ins it would involve
recursive access maps, which Postfix does not support, but there
is a workaround called restriction_classes that could do the job
but it gets ugly quickly as the example below illustrates.

If you control the sender domains, using SPF would be simpler.

Wietse

Docs: http://www.postfix.org/RESTRICTION_CLASS_README.html

Untested example:

/etc/postfix/main.cf:
restriction_classes = require_domain1_ip require_domain2_ip ...
require_domain1_ip = 
check_client_access hash:/etc/postfix/domain1_ip_access
require_domain2_ip = 
check_client_access cidr:/etc/postfix/domain2_ip_access.cidr

smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_access

/etc/postfix/sender_access:
domain1.com require_domain1_ip
domain2.com require_domain2_ip

/etc/postfix/domain1_ip_access
1.2.3.4 OK
1.2.3.5 OK

/etc/postfix/domain2_ip_access.cidr
4.3.2.0/24 OK

Again, totally untested.

Re: Per IP per domain restriction

[Wietse Venema]

One update: I forgot to add reject actions. They are included below.

Wietse

> In an attempt to work around existing infrastructure, I am trying
> to restrict, by sender domain, what mail is accepted from certain
> IPs.  My thought at the moment is the lookup would look something
> like:
> 
> ip.add.re.ss  domain1.com, domain2.com

This, of course, works only for a small number of domains that you
are intimately familiar with. 

If this were implemented with Postfux built-ins it would involve
recursive access maps, which Postfix does not support, but there
is a workaround called restriction_classes that could do the job.
It gets ugly quickly as the example below illustrates.

If you control the sender domains, using SPF would be simpler.

Wietse

Docs: http://www.postfix.org/RESTRICTION_CLASS_README.html

Untested example:

/etc/postfix/main.cf:
restriction_classes = require_domain1_ip require_domain2_ip ...
require_domain1_ip = 
check_client_access hash:/etc/postfix/domain1_ip_access reject
require_domain2_ip = 
check_client_access cidr:/etc/postfix/domain2_ip_access.cidr reject

smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_access

/etc/postfix/sender_access:
domain1.com require_domain1_ip
domain2.com require_domain2_ip

/etc/postfix/domain1_ip_access
1.2.3.4 OK
1.2.3.5 OK

/etc/postfix/domain2_ip_access.cidr
4.3.2.0/24 OK

Again, totally untested.

Relay transport works, then stops

[lance raymond]

I have an iRedMail setup working which I will be replacing, but the long and
short are the following;

main domain and a few others are hosted at googles enterprise.  They don't
play nice with relaying, etc. for a few things so I have an amazon s3
instance running the iRedAdmin so I added the domains there for our
application server (coldfusion) to use to send mail out (contact us, forgot
password), etc.The problem was those accounts werent there, and a simple
relay didn't work, etc. so long story short, speaking with the group, they
helped me to use the transport maps.  The problem was if the website sent to
supp...@domain.com, it HAD to be local to authenticate, but then kept the
mail local (which it's doing again).

My transport file looks like this; (one example)
members...@domain.com smtp:[ASPMX.L.GOOGLE.COM]:25

When postfix was started and happy, an example looked like this;

pwsdata postfix/smtp[840]: A0FAD7E22C: to=, relay=
ASPMX.L.GOOGLE.COM[74.125.113.27]:25, delay=1.5, delays=0.07/0.01/0.14/1.3,
dsn=2.0.0, status=sent (250 2.0.0 OK 1313600883 s8si3016648vdh.46)

I got a call saying mail hasn't been recieved to support or membership which
is odd, and when I look I see the following;

12:20:30 pwsdata postfix/pipe[31348]: E57127E232: to=,
relay=dovecot, delay=0.27, delays=0.17/0.01/0/0.1, dsn=2.0.0, status=sent
(delivered via dovecot service)


So I am not sure if I should persue this, or fix the other of the 2.  I
setup a local server with a public IP, setup a new MX record and a new
subdomain to test but when I sent from him I got;

host mail-mx1-prod-v.cc.nd.edu[129.74.250.243] said: 451 4.1.8 Possibly
forged hostname for ip


I really want to use the 2nd server option and move to that, so how hard is
it to simply fix that option and change my app servers to use him?  Since
it's a clean ubuntu postfix install, I dont have the iredadmin stuff, etc.
 From the reading on that error, it looks like the rdns is looking saying
it's failing, but I can't send from @domain.com since it's hosted at google.
  So thoughts, options on either are appreciated as I continue reading on
this chaotic Friday!

Re: Relay transport works, then stops

[Tom Hendrikx]

On 26/08/11 22:16, lance raymond wrote:
> 
> My transport file looks like this; (one example)
> members...@domain.com 
> smtp:[ASPMX.L.GOOGLE.COM ]:25
> 
> When postfix was started and happy, an example looked like this;
> 
> pwsdata postfix/smtp[840]: A0FAD7E22C: to= >, relay=ASPMX.L.GOOGLE.COM
> [74.125.113.27]:25, delay=1.5,
> delays=0.07/0.01/0.14/1.3, dsn=2.0.0, status=sent (250 2.0.0 OK
> 1313600883 s8si3016648vdh.46)
> 
> I got a call saying mail hasn't been recieved to support or membership
> which is odd, and when I look I see the following;
> 
> 12:20:30 pwsdata postfix/pipe[31348]: E57127E232:
> to=mailto:members...@domain.com>>,
> relay=dovecot, delay=0.27, delays=0.17/0.01/0/0.1, dsn=2.0.0,
> status=sent (delivered via dovecot service)
> 

The message that goes to the google transport enters postfix via smtp,
the failing one via pipe (i.e. sendmail(1) command line util on the host).

My crystal ball says that your transport map is only applied to smtp
traffic, but since you forgot to include postconf -n, we can only guess.

ow, and please lose the html mail.

--
Tom

Disregard previous request. Changed focus and looking at deferred / forged issue

[lance raymond]

Sorry for the previous, I don't wish to make things complicated, so focusing
on my in-house server.  I have moved my application server to use this
server and I see mail is going out, to the main google, yahoo, etc. but get
one deferred on an .edu server.  The error is "host
mail-mx1-prod-v.cc.nd.edu[129.74.250.243] said: 451 4.1.8 Possibly forged
hostname for myIP (in reply to RCPT TO command)

Now, the problem is simply that 'ourdomain.com' is hosted at google and we
cant relay though him.  Our application sends mail from noem...@mydomain.com.
 Now I guess there doing a comparison to the mx on mydomain.com which points
to google then where the mail came from.  So the easy question is am I
correct?  Next, can I setup my inhouse postfix to send mail from
mydomain.com or will I have issues later (this could be just the 1st).

If not, I guess my other option is looking for all the places mail get's
sent and change the name to like noem...@sub.mydomain.com and then use that.

So now the question is easier, am I correct with #1 (if so I am wondering
how others that use google are getting around it).

Thanks

Fwd: Disregard previous request. Changed focus and looking at deferred / forged issue

[lance raymond]

My conf (thanks Tom) and using gmail, HTML is the default, so just
changed .. thanks.

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = watchdogs.mydomain.com, localhost.mydomain.com, localhost
myhostname = notices.mydomain.com
mynetworks = 127.0.0.0/8 publiciprange/26 192.168.2.0/24
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes


-- Forwarded message --
From: lance raymond 
Date: Fri, Aug 26, 2011 at 4:53 PM
Subject: Disregard previous request. Changed focus and looking at
deferred / forged issue
To: postfix users 


Sorry for the previous, I don't wish to make things complicated, so
focusing on my in-house server.  I have moved my application server to
use this server and I see mail is going out, to the main google,
yahoo, etc. but get one deferred on an .edu server.  The error is
"host mail-mx1-prod-v.cc.nd.edu[129.74.250.243] said: 451 4.1.8
Possibly forged hostname for myIP (in reply to RCPT TO command)
Now, the problem is simply that 'ourdomain.com' is hosted at google
and we cant relay though him.  Our application sends mail from
noem...@mydomain.com.  Now I guess there doing a comparison to the mx
on mydomain.com which points to google then where the mail came from.
So the easy question is am I correct?  Next, can I setup my inhouse
postfix to send mail from mydomain.com or will I have issues later
(this could be just the 1st).
If not, I guess my other option is looking for all the places mail
get's sent and change the name to like noem...@sub.mydomain.com and
then use that.
So now the question is easier, am I correct with #1 (if so I am
wondering how others that use google are getting around it).
Thanks

Re: Disregard previous request. Changed focus and looking at deferred / forged issue

[Richard Damon]

On 8/26/11 4:53 PM, lance raymond wrote:
Sorry for the previous, I don't wish to make things complicated, so 
focusing on my in-house server.  I have moved my application server to 
use this server and I see mail is going out, to the main google, 
yahoo, etc. but get one deferred on an .edu server.  The error is 
"host mail-mx1-prod-v.cc.nd.edu 
[129.74.250.243] said: 451 4.1.8 
Possibly forged hostname for myIP (in reply to RCPT TO command)


Now, the problem is simply that 'ourdomain.com ' 
is hosted at google and we cant relay though him.  Our application 
sends mail from noem...@mydomain.com . 
 Now I guess there doing a comparison to the mx on mydomain.com 
 which points to google then where the mail came 
from.  So the easy question is am I correct?  Next, can I setup my 
inhouse postfix to send mail from mydomain.com  
or will I have issues later (this could be just the 1st).


If not, I guess my other option is looking for all the places mail 
get's sent and change the name to like noem...@sub.mydomain.com 
 and then use that.


So now the question is easier, am I correct with #1 (if so I am 
wondering how others that use google are getting around it).


Thanks
cc.nd.edu probably isn't comparing the domain in the email address to 
the mx for the domain, as that frequently doesn't match. What they are 
probably checking is the domain name your SMTP server is advertising 
compared to the rDNS domain for its IP address.


There is no reason to change your email *addresses* to be "from" a 
subdomain. What is important is that if your mail server says it name is 
mailer.example.com, that a rDNS lookup of its IP should evaluate to 
mailer.example,com, and it should be reachable at the IP that is gotten 
from a DNS lookup mailer.example.com.


--
Richard Damon

Re: Disregard previous request. Changed focus and looking at deferred / forged issue

[Noel Jones]

On 8/26/2011 3:53 PM, lance raymond wrote:
> Sorry for the previous, I don't wish to make things complicated, so
> focusing on my in-house server.  I have moved my application server
> to use this server and I see mail is going out, to the main google,
> yahoo, etc. but get one deferred on an .edu server.  The error is
> "host mail-mx1-prod-v.cc.nd.edu
> [129.74.250.243] said: 451 4.1.8
> Possibly forged hostname for myIP (in reply to RCPT TO command)

Does the mail eventually go through?  If yes, then end.

The error mentions "hostname for IP".  This suggests a dns mismatch
somewhere.  Share your actual domain name and server IP to get
suggestions.

Maybe your HELO name (main.cf: smtp_helo_name, default $myhostname)
doesn't have an A record pointing back to your server.

Or maybe your IP has a "generic" hostname.  Or no hostname at all.

> 
> Now, the problem is simply that 'ourdomain.com
> ' is hosted at google and we cant relay though
> him.  

Should be able to if you set up client auth
http://www.postfix.org/SASL_README.html#client_sasl


> Our application sends mail from noem...@mydomain.com
> .  


> Now I guess there doing a comparison
> to the mx on mydomain.com  which points to
> google then where the mail came from.  So the easy question is am I
> correct?  

Probably incorrect.

You should contact postmaster at nd.edu and find out why they defer
your mail.

Or post the unaltered "postconf -n" and log entries so we can
examine your dns records.


> Next, can I setup my inhouse postfix to send mail from
> mydomain.com  or will I have issues later (this
> could be just the 1st).

Yes, possible to do this without issues.  Proper DNS entries
(including spf records including google + your local host) are a big
step towards getting this resolved.

> 
> If not, I guess my other option is looking for all the places mail
> get's sent and change the name to like noem...@sub.mydomain.com
>  and then use that.

Not likely to change this particular problem.



  -- Noel Jones

Re: Webmin as an admin tool?

[Miles Fidelman]

Robert Schetterer wrote:

Am 26.08.2011 19:56, schrieb Reindl Harald:


Am 26.08.2011 19:28, schrieb John:

I do not want to start a flam war, but what are the thoughts on using webmin
as a tool to administer postfix (+dovecot, but that is outside this group)

missing knowledges, inwilling to learn and the naive hope a GUI
which is hiding complex things behind some beautiful windows
will be an anlterantive to learn how things are working


i use it on relay setups , for editing
i.e relay users,domains tables for windows guys
who dont know ssh etc
i wouldnt recommend it as general tool, but in parts it can be very
helpfull, you may use a seperate webmin user and restrict/hide editing
parameter settings etc


I use it for managing bind files - it's simply easier and less prone to 
errors than navigating through text files full of DNS records.


--
In theory, there is no difference between theory and practice.
In  practice, there is.    Yogi Berra

Re: Webmin as an admin tool?

[Reindl Harald]

Am 27.08.2011 00:43, schrieb Miles Fidelman:
> Robert Schetterer wrote:
>> Am 26.08.2011 19:56, schrieb Reindl Harald:
>>>
>>> Am 26.08.2011 19:28, schrieb John:
 I do not want to start a flam war, but what are the thoughts on using 
 webmin
 as a tool to administer postfix (+dovecot, but that is outside this group)
>>> missing knowledges, inwilling to learn and the naive hope a GUI
>>> which is hiding complex things behind some beautiful windows
>>> will be an anlterantive to learn how things are working
>>>
>> i use it on relay setups , for editing
>> i.e relay users,domains tables for windows guys
>> who dont know ssh etc
>> i wouldnt recommend it as general tool, but in parts it can be very
>> helpfull, you may use a seperate webmin user and restrict/hide editing
>> parameter settings etc
> 
> I use it for managing bind files - it's simply easier and less prone to 
> errors 
> than navigating through text files full of DNS records

on the other hand it took my one night to get a own named-backend for mysql
generating the "bind-files" in a text-field and the servers are checking
via cron if there are changes, two years later it took 2 hours to get this
thing optimized for generate a translation LAN/WAN in a second text-field to
provide public dns and LAN-DNS for some hundret domains via a unique backend

additionally a-records in the backend undrstand servernames without domain
and while writing the "zone-file" it will be replaced with the ip, nice for
manage MX/A-Record while never have a IP more than once

this are the differences between any generic gui crap where you never know
what happens if you start needing extended options nor is your config
readable most of the times or unneeded complex

well, the mailserver backend took much longer but here you have also options
for "company-hacks" in the webinterface and you can add tables/translations
and automatisms exactly how you need them

generic webuis always support only a subset of options and if your needs
are changing you get a hughe problem eating all the time you thought saved



signature.asc
Description: OpenPGP digital signature

Re: Disregard previous request. Changed focus and looking at deferred / forged issue

[lance raymond]

Ah, thank you both for great replies.  Since I hadn't used an in-house
server in a while sure enough a host IP revealed an old domain name
that wasn't even used in a long long time.

I am hosting the DNS locally as well so updated the rDNS zone file,
updated serial and now will wait for propagation and watch ...

Report back and thanks!

On Fri, Aug 26, 2011 at 5:35 PM, Noel Jones  wrote:
> On 8/26/2011 3:53 PM, lance raymond wrote:
>> Sorry for the previous, I don't wish to make things complicated, so
>> focusing on my in-house server.  I have moved my application server
>> to use this server and I see mail is going out, to the main google,
>> yahoo, etc. but get one deferred on an .edu server.  The error is
>> "host mail-mx1-prod-v.cc.nd.edu
>> [129.74.250.243] said: 451 4.1.8
>> Possibly forged hostname for myIP (in reply to RCPT TO command)
>
> Does the mail eventually go through?  If yes, then end.
>
> The error mentions "hostname for IP".  This suggests a dns mismatch
> somewhere.  Share your actual domain name and server IP to get
> suggestions.
>
> Maybe your HELO name (main.cf: smtp_helo_name, default $myhostname)
> doesn't have an A record pointing back to your server.
>
> Or maybe your IP has a "generic" hostname.  Or no hostname at all.
>
>>
>> Now, the problem is simply that 'ourdomain.com
>> ' is hosted at google and we cant relay though
>> him.
>
> Should be able to if you set up client auth
> http://www.postfix.org/SASL_README.html#client_sasl
>
>
>> Our application sends mail from noem...@mydomain.com
>> .
>
>
>> Now I guess there doing a comparison
>> to the mx on mydomain.com  which points to
>> google then where the mail came from.  So the easy question is am I
>> correct?
>
> Probably incorrect.
>
> You should contact postmaster at nd.edu and find out why they defer
> your mail.
>
> Or post the unaltered "postconf -n" and log entries so we can
> examine your dns records.
>
>
>> Next, can I setup my inhouse postfix to send mail from
>> mydomain.com  or will I have issues later (this
>> could be just the 1st).
>
> Yes, possible to do this without issues.  Proper DNS entries
> (including spf records including google + your local host) are a big
> step towards getting this resolved.
>
>>
>> If not, I guess my other option is looking for all the places mail
>> get's sent and change the name to like noem...@sub.mydomain.com
>>  and then use that.
>
> Not likely to change this particular problem.
>
>
>
>  -- Noel Jones
>