mail list

2011-09-02 Thread Amira Othman 
Hi all 

I want send mail to all users I have on my mail server I tried aliases but I
failed to send mail any one can help me?

 

Regards


Amira Othman

Server Administrator

  www.cairosource.com

 



6 EL Nil EL Abyad, Mohandiseen 

Cairo, Egypt

Direct: +2 02 3303 7175
Mobile:   +2 012 220 4165

 

The information transmitted is intended solely for the individual or entity
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of or
taking action in reliance upon this information by persons or entities other
than the intended recipient is prohibited. If you have received this email
in error please contact the sender and delete the material from any
computer.

 

 

<>

postfix+mailman - User unknown in virtual mailbox table

2011-09-02 Thread J. Bakshi 
Dear list,

This is an operational mail server supporting multidomain and based
on postfix+dovecot+mysql.  The virtual domain related config at main.cf
is as below

[]
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases

#
## virtual domain setting
#
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = 
mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
virtual_uid_maps = static:5000
[]
``

I have installed mailman here and to support virtual domain also have
the following at /usr/lib/mailman/Mailman/mm_cfg.py


[]
DEFAULT_URL_PATTERN = 'http://%s/mailman/'

DEFAULT_EMAIL_HOST = 'list.mydomain.com'
DEFAULT_URL_HOST = 'list.mydomain.com'
MTA = 'Postfix'
POSTFIX_ALIAS_CMD = '/usr/sbin/postalias'
POSTFIX_MAP_CMD = '/usr/sbin/postmap'
DELIVERY_MODULE = 'SMTPDirect'
SMTPPORT = '25'
add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
POSTFIX_STYLE_VIRTUAL_DOMAINS = ['list.infoservices.in']
IMAGE_LOGOS = '/mailmanicons/'
[]

and the master.cf has following

[]
mailman   unix  -   n   n   -   -   pipe
  flags=FR user=list argv=/etc/mailman/postfix-to-mailman.py
${nexthop} ${user}
[]

after reloading postfix and mailman I have created a list and also
copy paste the suggested aliases at /etc/aliases and executed "newalias"
command.

If I send a request to listname-requ...@list.mydomain.com I get an error from
postfix as 

` ` ` ` 
 Recipient address rejected: User unknown in virtual mailbox table
` ` ` `

Do I need to create all such an account required by mailman? 

I am confused.. any clue is very much welcome.
TIA

mail list

2011-09-02 Thread Amira Othman 
Hi all 

I want send mail to all users I have on my mail server I tried aliases but I
failed to send mail. I am using virtual domains and i want to send to
virtual users any one can help me?

 

Regards


Amira Othman

Server Administrator

  www.cairosource.com

 



6 EL Nil EL Abyad, Mohandiseen 

Cairo, Egypt

Direct: +2 02 3303 7175
Mobile:   +2 012 220 4165

 

The information transmitted is intended solely for the individual or entity
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of or
taking action in reliance upon this information by persons or entities other
than the intended recipient is prohibited. If you have received this email
in error please contact the sender and delete the material from any
computer.

 

 

<>

Re: postfix+mailman - User unknown in virtual mailbox table

2011-09-02 Thread Wietse Venema 
J. Bakshi:
>  Recipient address rejected: User unknown in virtual mailbox table

You have the domain name in virtual_mailbox_domains.  Postfix expects
that you have the recipients in virtual_mailbox_maps.

> []
> alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases

You have the addresses the local(8) aliases. Postfix uses those
only for domains listed in mydestination.

This is documented in http://www.postfix.org/ADDRESS_CLASS_README.html
and http://www.postfix.org/VIRTUAL_README.html

I suggest that you take someone's mailman instructions and follow
those exactly, instead of trying to make up your own recipe.

Wietse

RE: mail list

2011-09-02 Thread Driessen 
On Behalf Of Amira Othman
> 
> Hi all
> 
> I want send mail to all users I have on my mail server I tried aliases but
> I failed to send mail. I am using virtual domains and i want to send to
> virtual users any one can help me?
> 
> 

Please send your mails not as html to this list.

Show us your errors in the mail.log.


Mit freundlichen Grüßen

Drießen

-- 
Software & Computer
Uwe Drießen
Lembergstraße 33
67824 Feilbingert
Tel.: +49 06708 / 660045   Fax: +49 06708 / 661397

Re: postfix+mailman - User unknown in virtual mailbox table

2011-09-02 Thread J. Bakshi 
On Fri, 2 Sep 2011 07:58:52 -0400 (EDT)
Wietse Venema  wrote:

> J. Bakshi:
> >  Recipient address rejected: User unknown in virtual mailbox table
> 
> You have the domain name in virtual_mailbox_domains.  Postfix expects
> that you have the recipients in virtual_mailbox_maps.
> 
> > []
> > alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
> 
> You have the addresses the local(8) aliases. Postfix uses those
> only for domains listed in mydestination.
^^^

You have given me a clue here !!!  I have added the list domain at
mydestination and now no problem to send the mail. Though a new error
now

```
Command died with status 2:
"/usr/lib/mailman/mail/mailman request typo3". Command output: Failure to
exec script. WANTED gid 67, GOT gid 65533.
```

gid 67 is mailman group where 65533 is nobody. Don't know why it is
getting nobody...

Re: postfix+mailman - User unknown in virtual mailbox table

2011-09-02 Thread Wietse Venema 
J. Bakshi:
> On Fri, 2 Sep 2011 07:58:52 -0400 (EDT)
> Wietse Venema  wrote:
> 
> > J. Bakshi:
> > >  Recipient address rejected: User unknown in virtual mailbox table
> > 
> > You have the domain name in virtual_mailbox_domains.  Postfix expects
> > that you have the recipients in virtual_mailbox_maps.
> > 
> > > []
> > > alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
> > 
> > You have the addresses the local(8) aliases. Postfix uses those
> > only for domains listed in mydestination.
> ^^^
> 
> You have given me a clue here !!!  I have added the list domain at
> mydestination and now no problem to send the mail. Though a new error
> now
> 
> ```
> Command died with status 2:
> "/usr/lib/mailman/mail/mailman request typo3". Command output: Failure to
> exec script. WANTED gid 67, GOT gid 65533.
> ```
> 
> gid 67 is mailman group where 65533 is nobody. Don't know why it is
> getting nobody...

You failed to set the ownership of /var/lib/mailman/data/aliases
and /var/lib/mailman/data/aliases.db. 

I suppose this would be mentioned in the mailman instructions.

Wietse

Re: postfix+mailman - User unknown in virtual mailbox table

2011-09-02 Thread J. Bakshi 
On Fri, 2 Sep 2011 08:47:25 -0400 (EDT)
Wietse Venema  wrote:

> J. Bakshi:
> > On Fri, 2 Sep 2011 07:58:52 -0400 (EDT)
> > Wietse Venema  wrote:
> > 
> > > J. Bakshi:
> > > >  Recipient address rejected: User unknown in virtual mailbox table
> > > 
> > > You have the domain name in virtual_mailbox_domains.  Postfix expects
> > > that you have the recipients in virtual_mailbox_maps.
> > > 
> > > > []
> > > > alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
> > > 
> > > You have the addresses the local(8) aliases. Postfix uses those
> > > only for domains listed in mydestination.
> > ^^^
> > 
> > You have given me a clue here !!!  I have added the list domain at
> > mydestination and now no problem to send the mail. Though a new error
> > now
> > 
> > ```
> > Command died with status 2:
> > "/usr/lib/mailman/mail/mailman request typo3". Command output: Failure 
> > to
> > exec script. WANTED gid 67, GOT gid 65533.
> > ```
> > 
> > gid 67 is mailman group where 65533 is nobody. Don't know why it is
> > getting nobody...
> 
> You failed to set the ownership of /var/lib/mailman/data/aliases
> and /var/lib/mailman/data/aliases.db. 
> 
> I suppose this would be mentioned in the mailman instructions.
> 
>   Wietse

I have not found any such instruction in suse mailman manual.
Checked the ownership and found they are set to mailman group
already

-rw-rw-r-- 1 mailman mailman 12288 Sep  2 11:07 /var/lib/mailman/data/aliases.db

-rw-rw 1 root mailman 1865 Sep  2 11:07 /var/lib/mailman/data/aliases

Re: postfix+mailman - User unknown in virtual mailbox table

2011-09-02 Thread Wietse Venema 
J. Bakshi:
> > > Command died with status 2:
> > > "/usr/lib/mailman/mail/mailman request typo3". Command output: 
> > > Failure to
> > > exec script. WANTED gid 67, GOT gid 65533.
> > > ```
> > > 
> > > gid 67 is mailman group where 65533 is nobody. Don't know why it is
> > > getting nobody...
> > 
> > You failed to set the ownership of /var/lib/mailman/data/aliases
> > and /var/lib/mailman/data/aliases.db. 
> > 
> > I suppose this would be mentioned in the mailman instructions.
> > 
> > Wietse
> 
> I have not found any such instruction in suse mailman manual.
> Checked the ownership and found they are set to mailman group
> already
> 
> -rw-rw-r-- 1 mailman mailman 12288 Sep  2 11:07 
> /var/lib/mailman/data/aliases.db
> 
> -rw-rw 1 root mailman 1865 Sep  2 11:07 /var/lib/mailman/data/aliases

You must set the OWNER to mailman, not the GROUP.

Then, Postfix will is use the mailman group ID in the PASSWORD file.
Postfix will not use the mailman group ID in the GROUP file.

Wietse

Re: postfix+mailman - User unknown in virtual mailbox table

2011-09-02 Thread J. Bakshi 
On Fri, 2 Sep 2011 09:22:44 -0400 (EDT)
Wietse Venema  wrote:

> J. Bakshi:
> > > > Command died with status 2:
> > > > "/usr/lib/mailman/mail/mailman request typo3". Command output: 
> > > > Failure to
> > > > exec script. WANTED gid 67, GOT gid 65533.
> > > > ```
> > > > 
> > > > gid 67 is mailman group where 65533 is nobody. Don't know why it is
> > > > getting nobody...
> > > 
> > > You failed to set the ownership of /var/lib/mailman/data/aliases
> > > and /var/lib/mailman/data/aliases.db. 
> > > 
> > > I suppose this would be mentioned in the mailman instructions.
> > > 
> > >   Wietse
> > 
> > I have not found any such instruction in suse mailman manual.
> > Checked the ownership and found they are set to mailman group
> > already
> > 
> > -rw-rw-r-- 1 mailman mailman 12288 Sep  2 11:07 
> > /var/lib/mailman/data/aliases.db
> > 
> > -rw-rw 1 root mailman 1865 Sep  2 11:07 /var/lib/mailman/data/aliases
> 
> You must set the OWNER to mailman, not the GROUP.
> 
> Then, Postfix will is use the mailman group ID in the PASSWORD file.
> Postfix will not use the mailman group ID in the GROUP file.
> 
>   Wietse

OK, now I have the following

-rw-rw 1 mailman root 1865 Sep  2 11:07 /var/lib/mailman/data/aliases

but still the same error :-(  Also tried with mailman:mailman but no luck..

Restarted both postfix and mailman, obviously..

Re: postfix+mailman - User unknown in virtual mailbox table

2011-09-02 Thread Wietse Venema 
J. Bakshi:
> On Fri, 2 Sep 2011 09:22:44 -0400 (EDT)
> Wietse Venema  wrote:
> 
> > J. Bakshi:
> > > > > Command died with status 2:
> > > > > "/usr/lib/mailman/mail/mailman request typo3". Command output: 
> > > > > Failure to
> > > > > exec script. WANTED gid 67, GOT gid 65533.
> > > > > ```
> > > > > 
> > > > > gid 67 is mailman group where 65533 is nobody. Don't know why it is
> > > > > getting nobody...
> > > > 
> > > > You failed to set the ownership of /var/lib/mailman/data/aliases
> > > > and /var/lib/mailman/data/aliases.db. 
> > > > 
> > > > I suppose this would be mentioned in the mailman instructions.
> > > > 
> > > > Wietse
> > > 
> > > I have not found any such instruction in suse mailman manual.
> > > Checked the ownership and found they are set to mailman group
> > > already
> > > 
> > > -rw-rw-r-- 1 mailman mailman 12288 Sep  2 11:07 
> > > /var/lib/mailman/data/aliases.db
> > > 
> > > -rw-rw 1 root mailman 1865 Sep  2 11:07 /var/lib/mailman/data/aliases
> > 
> > You must set the OWNER to mailman, not the GROUP.
> > 
> > Then, Postfix will is use the mailman group ID in the PASSWORD file.
> > Postfix will not use the mailman group ID in the GROUP file.
> > 
> > Wietse
> 
> OK, now I have the following
> 
> -rw-rw 1 mailman root 1865 Sep  2 11:07 /var/lib/mailman/data/aliases
> 
> but still the same error :-(  Also tried with mailman:mailman but no luck..

I told you to set the ownership of TWO FILES.

Since you are following SUSE instructions, I suggest that you ask
them for help instead.

Wietse

Re: postfix+mailman - User unknown in virtual mailbox table

2011-09-02 Thread Reindl Harald 


Am 02.09.2011 15:22, schrieb Wietse Venema:
>> I have not found any such instruction in suse mailman manual.
>> Checked the ownership and found they are set to mailman group
>> already
>>
>> -rw-rw-r-- 1 mailman mailman 12288 Sep  2 11:07 
>> /var/lib/mailman/data/aliases.db
>>
>> -rw-rw 1 root mailman 1865 Sep  2 11:07 /var/lib/mailman/data/aliases
> 
> You must set the OWNER to mailman, not the GROUP.
> 
> Then, Postfix will is use the mailman group ID in the PASSWORD file.
> Postfix will not use the mailman group ID in the GROUP file

you did not notice that "/var/lib/mailman/data/aliases.db" is the relevant file
and has the owner "mailman", "/var/lib/mailman/data/aliases" is the unhashed




signature.asc
Description: OpenPGP digital signature

Re: postfix+mailman - User unknown in virtual mailbox table

2011-09-02 Thread J. Bakshi 
On Fri, 2 Sep 2011 09:45:53 -0400 (EDT)
Wietse Venema  wrote:

> J. Bakshi:
> > On Fri, 2 Sep 2011 09:22:44 -0400 (EDT)
> > Wietse Venema  wrote:
> > 
> > > J. Bakshi:
> > > > > > Command died with status 2:
> > > > > > "/usr/lib/mailman/mail/mailman request typo3". Command output: 
> > > > > > Failure to
> > > > > > exec script. WANTED gid 67, GOT gid 65533.
> > > > > > ```
> > > > > > 
> > > > > > gid 67 is mailman group where 65533 is nobody. Don't know why it is
> > > > > > getting nobody...
> > > > > 
> > > > > You failed to set the ownership of /var/lib/mailman/data/aliases
> > > > > and /var/lib/mailman/data/aliases.db. 
> > > > > 
> > > > > I suppose this would be mentioned in the mailman instructions.
> > > > > 
> > > > >   Wietse
> > > > 
> > > > I have not found any such instruction in suse mailman manual.
> > > > Checked the ownership and found they are set to mailman group
> > > > already
> > > > 
> > > > -rw-rw-r-- 1 mailman mailman 12288 Sep  2 11:07 
> > > > /var/lib/mailman/data/aliases.db
> > > > 
> > > > -rw-rw 1 root mailman 1865 Sep  2 11:07 
> > > > /var/lib/mailman/data/aliases
> > > 
> > > You must set the OWNER to mailman, not the GROUP.
> > > 
> > > Then, Postfix will is use the mailman group ID in the PASSWORD file.
> > > Postfix will not use the mailman group ID in the GROUP file.
> > > 
> > >   Wietse
> > 
> > OK, now I have the following
> > 
> > -rw-rw 1 mailman root 1865 Sep  2 11:07 /var/lib/mailman/data/aliases
> > 
> > but still the same error :-(  Also tried with mailman:mailman but no luck..
> 
> I told you to set the ownership of TWO FILES.
> 
> Since you are following SUSE instructions, I suggest that you ask
> them for help instead.
> 
>   Wietse

The other one i.e.

/var/lib/mailman/data/aliases.db

already have mailman as owner...

Re: postfix+mailman - User unknown in virtual mailbox table

2011-09-02 Thread J. Bakshi 
On Fri, 02 Sep 2011 15:54:51 +0200
Reindl Harald  wrote:

> 
> 
> Am 02.09.2011 15:22, schrieb Wietse Venema:
> >> I have not found any such instruction in suse mailman manual.
> >> Checked the ownership and found they are set to mailman group
> >> already
> >>
> >> -rw-rw-r-- 1 mailman mailman 12288 Sep  2 11:07 
> >> /var/lib/mailman/data/aliases.db
> >>
> >> -rw-rw 1 root mailman 1865 Sep  2 11:07 /var/lib/mailman/data/aliases
> > 
> > You must set the OWNER to mailman, not the GROUP.
> > 
> > Then, Postfix will is use the mailman group ID in the PASSWORD file.
> > Postfix will not use the mailman group ID in the GROUP file
> 
> you did not notice that "/var/lib/mailman/data/aliases.db" is the relevant 
> file
> and has the owner "mailman", "/var/lib/mailman/data/aliases" is the unhashed
> 
> 
That file too have the owner as mailman

-rw-rw-r-- 1 mailman mailman 12288 Sep  2 11:07 /var/lib/mailman/data/aliases.db

Re: postfix+mailman - User unknown in virtual mailbox table

2011-09-02 Thread Reindl Harald 


Am 02.09.2011 16:00, schrieb J. Bakshi:
> On Fri, 02 Sep 2011 15:54:51 +0200
> Reindl Harald  wrote:
> 
>>
>> Am 02.09.2011 15:22, schrieb Wietse Venema:
 I have not found any such instruction in suse mailman manual.
 Checked the ownership and found they are set to mailman group
 already

 -rw-rw-r-- 1 mailman mailman 12288 Sep  2 11:07 
 /var/lib/mailman/data/aliases.db

 -rw-rw 1 root mailman 1865 Sep  2 11:07 /var/lib/mailman/data/aliases
>>>
>>> You must set the OWNER to mailman, not the GROUP.
>>>
>>> Then, Postfix will is use the mailman group ID in the PASSWORD file.
>>> Postfix will not use the mailman group ID in the GROUP file
>>
>> you did not notice that "/var/lib/mailman/data/aliases.db" is the relevant 
>> file
>> and has the owner "mailman", "/var/lib/mailman/data/aliases" is the unhashed
>>
>>
> That file too have the owner as mailman
> 
> -rw-rw-r-- 1 mailman mailman 12288 Sep  2 11:07 
> /var/lib/mailman/data/aliases.db

i know and that is why i answered Wietse and not to you



signature.asc
Description: OpenPGP digital signature

mail list

2011-09-02 Thread Amira Othman 
 

Hi all 

I want send mail to all users I have on my mail server I tried aliases but I
failed to send mail. I am using virtual domains and i want to send to
virtual users any one can help me?

 

First when I didn't add mail box in my virtual mail box file I got

relay=virtual, delay=0.55, delays=0.47/0.04/0/0.03, dsn=5.1.1,
status=bounced (unknown user: "t...@myserver.com"

then when I added mail box for the list I have mail delivered to mail box
not to mail list members although I added them in /etc/aliases 

 

 

Regards

Re: mail list

2011-09-02 Thread Jerry 
On Fri, 2 Sep 2011 17:25:12 +0200
Amira Othman articulated:

> I want send mail to all users I have on my mail server I tried
> aliases but I failed to send mail. I am using virtual domains and i
> want to send to virtual users any one can help me?
> 
> First when I didn't add mail box in my virtual mail box file I got
> 
> relay=virtual, delay=0.55, delays=0.47/0.04/0/0.03, dsn=5.1.1,
> status=bounced (unknown user: "t...@myserver.com"
> 
> then when I added mail box for the list I have mail delivered to mail
> box not to mail list members although I added them in /etc/aliases 

First, lost the HTML posting format. Plain ASCII is preferred.

Second, start here: 

"Reporting problems to postfix-users@postfix.org"

Output from "postconf -n". Please do not send your main.cf file, or
500+ lines of postconf output.

Better, provide output from the postfinger tool. This can be found at
http://ftp.wl0.org/SOURCES/postfinger.

If the problem is SASL related, consider including the output from the
saslfinger tool. This can be found at
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/.

-- 
Jerry ✌
postfix-u...@seibercom.net
_
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

RE: mail list

2011-09-02 Thread Amira Othman 
Output of postconf  -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
disable_dns_lookups = yes
disable_vrfy_command = yes
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
local_recipient_maps = proxy:unix:passwd.byname, 
$alias_maps,$virtual_mailbox_maps
local_transport = local
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = localhost
mydomain = myserver.com
myhostname = mail.mysever.com
mynetworks = 192.168.56.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
relay_domains =
setgid_group = postdrop
smtp_host_lookup = native
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated 
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:501
virtual_mailbox_base = /home/vmail/
virtual_mailbox_domains = myserver.com,tech-vm.com
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 500
virtual_transport = virtual
virtual_uid_maps = static:501

-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of Jerry
Sent: Friday, September 02, 2011 5:44 PM
To: postfix-users@postfix.org
Subject: Re: mail list

On Fri, 2 Sep 2011 17:25:12 +0200
Amira Othman articulated:

> I want send mail to all users I have on my mail server I tried
> aliases but I failed to send mail. I am using virtual domains and i
> want to send to virtual users any one can help me?
> 
> First when I didn't add mail box in my virtual mail box file I got
> 
> relay=virtual, delay=0.55, delays=0.47/0.04/0/0.03, dsn=5.1.1,
> status=bounced (unknown user: "t...@myserver.com"
> 
> then when I added mail box for the list I have mail delivered to mail
> box not to mail list members although I added them in /etc/aliases 

First, lost the HTML posting format. Plain ASCII is preferred.

Second, start here: 

"Reporting problems to postfix-users@postfix.org"

Output from "postconf -n". Please do not send your main.cf file, or
500+ lines of postconf output.

Better, provide output from the postfinger tool. This can be found at
http://ftp.wl0.org/SOURCES/postfinger.

If the problem is SASL related, consider including the output from the
saslfinger tool. This can be found at
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/.

-- 
Jerry ✌
postfix-u...@seibercom.net
_
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Re: mail list

2011-09-02 Thread Brian Evans - Postfix List 
On 9/2/2011 11:53 AM, Amira Othman wrote:
> Output of postconf  -n
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
[cut]
> mydestination = localhost
[cut]
> relay_domains =
[cut]
> virtual_alias_maps = hash:/etc/postfix/virtual
> virtual_gid_maps = static:501
> virtual_mailbox_base = /home/vmail/
> virtual_mailbox_domains = myserver.com,tech-vm.com
> virtual_mailbox_maps = hash:/etc/postfix/vmailbox

alias_maps affects locations in mydestination when delivered by local(8)
virtual_alias_maps is global and affects virtual and local users.

Do NOT put them in alias_maps for virtual users instead use your current
virtual alias map.
Or, add an additional map for ease of administration.
Please remember, virtual alias maps are recursive.

Brian

> -Original Message-
> From: owner-postfix-us...@postfix.org 
> [mailto:owner-postfix-us...@postfix.org] On Behalf Of Jerry
> Sent: Friday, September 02, 2011 5:44 PM
> To: postfix-users@postfix.org
> Subject: Re: mail list
>
> On Fri, 2 Sep 2011 17:25:12 +0200
> Amira Othman articulated:
>
>> I want send mail to all users I have on my mail server I tried
>> aliases but I failed to send mail. I am using virtual domains and i
>> want to send to virtual users any one can help me?
>>
>> First when I didn't add mail box in my virtual mail box file I got
>>
>> relay=virtual, delay=0.55, delays=0.47/0.04/0/0.03, dsn=5.1.1,
>> status=bounced (unknown user: "t...@myserver.com"
>>
>> then when I added mail box for the list I have mail delivered to mail
>> box not to mail list members although I added them in /etc/aliases 
>

Disabling SSLv2 does not work as expected

2011-09-02 Thread Michael B Allen 
Hello,

I am using postfix 2.3 on CentOS and I would like to disable SSLv2. If
I do the following:

smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium, high

but despite the fact that this configuration has been posted and
reposted about the WWW, it does not actually work. I can still
negotiate SSLv2:

$ openssl s_client -connect .xxx.xxx:25 -starttls smtp -ssl2

If I add smtpd_tls_security_level = encrypt it then works but then
plaintext clients cannot connect and it is very unfortunate to find
that real customers still use agents that create plaintext
connections.

Of course I know what someone is going to say: Why disable SSLv2 if
clients can connect using plaintext? The reason is because of
something called PCI DSS which is a security standard for the credit
card processing industry. If you want to process credit card numbers
on your server without being extra liable for exposing them to bad
guys, you have to pass PCI compliance and the vulnerability companies
that scan servers for compliance mindlessly flag anything that does
SSLv2 as bad (it is mindless because of course they cannot flag
accepting plaintext connections as bad because then the server could
not accept a significant amount of email and if customers cannot pass
their vulnerability scan they wiill not purchase their service).

So, is there any way to disable SSLv2 without requiring encryption?

Mike

Re: Disabling SSLv2 does not work as expected

2011-09-02 Thread Brian Evans - Postfix List 
On 9/2/2011 12:28 PM, Michael B Allen wrote:
> Hello,
>
> I am using postfix 2.3 on CentOS and I would like to disable SSLv2. If
> I do the following:
>
> smtpd_tls_mandatory_protocols = SSLv3, TLSv1
> smtpd_tls_mandatory_ciphers = medium, high
>
> but despite the fact that this configuration has been posted and
> reposted about the WWW, it does not actually work. I can still
> negotiate SSLv2:
>
> $ openssl s_client -connect .xxx.xxx:25 -starttls smtp -ssl2
>
> If I add smtpd_tls_security_level = encrypt it then works but then
> plaintext clients cannot connect and it is very unfortunate to find
> that real customers still use agents that create plaintext
> connections.
>
Please read the documentation:
http://www.postfix.org/postconf.5.html#smtpd_tls_protocols  -- this one
is for opportunistic i.e. "may" and requires Postfix 2.6 or later.
http://www.postfix.org/postconf.5.html#smtpd_mandatory_tls_protocols --
this one is for mandatory i.e. "encrypt"

Brian

Re: Disabling SSLv2 does not work as expected

2011-09-02 Thread Wietse Venema 
Michael B Allen:
> Hello,
> 
> I am using postfix 2.3 on CentOS and I would like to disable SSLv2. If
> I do the following:
> 
> smtpd_tls_mandatory_protocols = SSLv3, TLSv1
> smtpd_tls_mandatory_ciphers = medium, high

This is for mandatory TLS. 

> If I add smtpd_tls_security_level = encrypt it then works but then

You are using opportunistic TLS instead of mandatory TLS. As
documented, that is controlled with smtpd_tls_protocols/ciphers.

Wietse

Re: Disabling SSLv2 does not work as expected

2011-09-02 Thread Michael B Allen 
On Fri, Sep 2, 2011 at 12:41 PM, Wietse Venema  wrote:
> Michael B Allen:
>> Hello,
>>
>> I am using postfix 2.3 on CentOS and I would like to disable SSLv2. If
>> I do the following:
>>
>> smtpd_tls_mandatory_protocols = SSLv3, TLSv1
>> smtpd_tls_mandatory_ciphers = medium, high
>
> This is for mandatory TLS.
>
>> If I add smtpd_tls_security_level = encrypt it then works but then
>
> You are using opportunistic TLS instead of mandatory TLS. As
> documented, that is controlled with smtpd_tls_protocols/ciphers.

Hi Wietse,

But it seems the smtpd_tls_protocols/ciphers directives are specific to 2.6?

Is there any way to disable SSLv2 in postfix 2.3?

I have to stick to the CentOS package so that I get updates.

Mike

Re: Disabling SSLv2 does not work as expected

2011-09-02 Thread Brian Evans - Postfix List 
On 9/2/2011 1:25 PM, Michael B Allen wrote:
> Hi Wietse,
>
> But it seems the smtpd_tls_protocols/ciphers directives are specific to 2.6?
>
> Is there any way to disable SSLv2 in postfix 2.3?
>
> I have to stick to the CentOS package so that I get updates.

There are alternative packages to the CentOS 5 version.
They have been discussed many times on this list.

Alternatively, if you must stay with pure CentOS, version 6 includes
Postfix 2.6.6 (http://distrowatch.com/table.php?distribution=centos).

Version 2.3.x (and 2.4.x) has expired in support for development updates.

If you need a new feature, there are few choices except to move forward.

Brian

Re: Disabling SSLv2 does not work as expected

2011-09-02 Thread Wietse Venema 
Michael B Allen:
> On Fri, Sep 2, 2011 at 12:41 PM, Wietse Venema  wrote:
> > Michael B Allen:
> >> Hello,
> >>
> >> I am using postfix 2.3 on CentOS and I would like to disable SSLv2. If
> >> I do the following:
> >>
> >> smtpd_tls_mandatory_protocols = SSLv3, TLSv1
> >> smtpd_tls_mandatory_ciphers = medium, high
> >
> > This is for mandatory TLS.
> >
> >> If I add smtpd_tls_security_level = encrypt it then works but then
> >
> > You are using opportunistic TLS instead of mandatory TLS. As
> > documented, that is controlled with smtpd_tls_protocols/ciphers.
> 
> Hi Wietse,
> 
> But it seems the smtpd_tls_protocols/ciphers directives are specific to 2.6?
> 
> Is there any way to disable SSLv2 in postfix 2.3?

If you use opportunistic TLS then you are willing to accept plaintext,
i.e. no security. Under those conditions, it does not matter what
cipher or crypto protocol the client uses.

BTW, Postfix 2.3 was developed in 2005, released in 2006, and support
was terminated in 2009.

Wietse

Re: Disabling SSLv2 does not work as expected

2011-09-02 Thread Michael B Allen 
On Fri, Sep 2, 2011 at 1:51 PM, Wietse Venema  wrote:
> Michael B Allen:
>> On Fri, Sep 2, 2011 at 12:41 PM, Wietse Venema  wrote:
>> > Michael B Allen:
>> >> Hello,
>> >>
>> >> I am using postfix 2.3 on CentOS and I would like to disable SSLv2. If
>> >> I do the following:
>> >>
>> >> smtpd_tls_mandatory_protocols = SSLv3, TLSv1
>> >> smtpd_tls_mandatory_ciphers = medium, high
>> >
>> > This is for mandatory TLS.
>> >
>> >> If I add smtpd_tls_security_level = encrypt it then works but then
>> >
>> > You are using opportunistic TLS instead of mandatory TLS. As
>> > documented, that is controlled with smtpd_tls_protocols/ciphers.
>>
>> Hi Wietse,
>>
>> But it seems the smtpd_tls_protocols/ciphers directives are specific to 2.6?
>>
>> Is there any way to disable SSLv2 in postfix 2.3?
>
> If you use opportunistic TLS then you are willing to accept plaintext,
> i.e. no security. Under those conditions, it does not matter what
> cipher or crypto protocol the client uses.

Hi Wietse,

My objectives are not driven by or based on logic. They are based on
the requirements of a consortium of credit card companies and banks.

I will look at alternative packages for CentOS. Or maybe I will have
to move to CentOS 6.

> BTW, Postfix 2.3 was developed in 2005, released in 2006, and support
> was terminated in 2009.

This is off-topic but you may know that CentOS (which is RedHat
repackaged without the branding) backports all fixes. Meaning an issue
identified in 2.6 would be addressed as a patch in their 2.3 package
(if necessary). So they do not solely rely on upstream support. They
are going for stability and longevity. That is why I use CentOS /
RedHat and I suspect that is why you continue to get this question on
the list. Unlike most Linux distributions, they continue to update
packages for 4 years or so because that is about how long it takes for
hardware to become obsolete or breakdown. Some very popular
distributions like Ubuntu and Fedora almost always stop updating after
only a year or so. This is one reason why I believe that Linux is not
going to gain market share over other operating systems.

Mike

Re: header_checks and ldap aliases

2011-09-02 Thread Selcuk Yazar 
Thanks it works! with protected_destinations and insider settings

selçuk

On Thu, Sep 1, 2011 at 7:36 PM, Noel Jones  wrote:

> On 9/1/2011 9:53 AM, Selcuk Yazar wrote:
> > Hi,
> >
> > We have ldap aliases. in main.cf 
> > virtual_alias_maps : ldap:aliases, ldap:accountsmap setting.
> >
> > i want to create a control for these aliases that sent mail only
> > internal with using header_checks. but header_checks restriction
> > doesn't wok with above settings.
>
>
>
> header_checks are the wrong tool for the job.  To protect a mail
> alias, see this example:
> http://www.postfix.org/RESTRICTION_CLASS_README.html#internal
>
>
>
>  -- Noel Jones
>



-- 
Selçuk YAZAR
http://www.selcukyazar.blogspot.com

Re: Disabling SSLv2 does not work as expected

2011-09-02 Thread Wietse Venema 
Michael B Allen:
> > BTW, Postfix 2.3 was developed in 2005, released in 2006, and support
> > was terminated in 2009.
> 
> This is off-topic but you may know that CentOS (which is RedHat
> repackaged without the branding) backports all fixes. Meaning an issue
> identified in 2.6 would be addressed as a patch in their 2.3 package
> (if necessary). So they do not solely rely on upstream support. They
> are going for stability and longevity. That is why I use CentOS /
> RedHat and I suspect that is why you continue to get this question on
> the list. Unlike most Linux distributions, they continue to update
> packages for 4 years or so because that is about how long it takes for
> hardware to become obsolete or breakdown. Some very popular
> distributions like Ubuntu and Fedora almost always stop updating after
> only a year or so. This is one reason why I believe that Linux is not
> going to gain market share over other operating systems.

I already provide routine updates for four stable Postfix releases,
so there really is no need to fall behind so much like RedHat does.

Wietse

questions regarding postfix-migration

2011-09-02 Thread lupin5th 
Hello, List!

OK, I´m trying to migrate from a (really very, very) old mailserver to a
new one, and besides the fact that the old one has options that do not
even exist anymore, at all, the new setup ist a bit different from the
current one.
so if anyone could look over this, and tell me if anything is horribly
wrong, i´d really appreciate it. Because, of cause, this is a live
system, with no backup worth mentioning and it´s just about 550 user,
and this is my first try at something of that scale =) (also, the old
server is something i ...inherited, so to speak, of cause without a docu..)

ok, the plan goes like:
two servers, one called cleany from here on, the other maily.
cleany is the one who gets the mails from the internet, cleans them via
greylists, checks if the recipient adress exists, etc and then sends
them to maily.
at maily, postfix only takes mails that come from cleany and delivers
them to the mailboxes. maily is the target for any action coming from
the clients, be it reading via IMAP or sending mail.
Any mails that are written, postfix checks if the recipient is another
of its clients, and if not, then it sends the mail to cleany.
cleany then checks, if everything is ok with this mail and throws it
into the internet.

I poked through some of the howtos and docus, and it seemed a good idea
to use multiple instances of postfix on cleany, while maily seems
peaceful enough to keep it normal. to this is what i came up with,
please tell me if something is wrong or if i left out something that´s
supposed to be there =)
also, there were some options i´m really unsure about, those are
commented out, together with the question.

 I) on cleany:
1) the default-instance of postfix is supposed to only deliver locally
generated mail to itself:
myhostname = cleany
mydestination = localhost.localdomain, localhost, cleany, cleany.mydomain.org
relayhost =
mynetworks = 127.0.0.1
mynetworks_style = host
recipient_delimiter = +
inet_interfaces = loopback-only
default_transport = error: Local delivery only!
multi_instance_wrapper = ${command_directory}/postmulti -p --
multi_instance_enable = yes
multi_instance_directories = /etc/postfix-out, /etc/postfix-in

2) postfix-out should accept only mails from maily, check if they are ok
and send them off into the internet:
mydomain = mydomain.org
myorigin = $mydomain
mydestination = 
mydestination = nothing, because the mydestination parameter specifies
# what domains this machine will deliver locally, instead of forwarding
# to another machine, and it should deliver everything into the internet
mynetworks = 127.0.0.0/8 maily.mydomain.org (or it´s ip? whats better?)
relay_domains = all 
# (because it should relay/send to anywhere in the internet?
relayhost = 
#empty, because it´s the sender already..
proxy_interfaces = gatewayIP
# is this needed for sending or receiving or both?
myhostname = cleany.mydomain.org 
inet_interfaces = cleanysIP, 127.0.0.1 (or all? *confused*)
content_filter = smtp:cleanyIP:10024 or smtp:127.0.0.1:1024 ? 
# does it matter?
# mime_header_checks, header_checks and body_checks will
# be copied from the old server, same as smtpd_tls_key_file,
# ..cert_file und ..CAfile. Do the have to be in all instances on
# all servers?
message_size_limit = 2048
strict_rfc821_envelopes = no
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks
reject_unverified_recipient,
permit


3) postfix-in should receive mails from the internet, clean it and send
the valid mails to maily:
mydomain = mydomain.org
myorigin = $mydomain
mydestination = 
# empty, because it should relay everything to maily?
mynetworks = 127.0.0.0/8
relay_domains = $mydomain 
relayhost = maily.mydomain.org (or it´s IP? same diff?)
proxy_interfaces = gatewayIP (again: needed?)
myhostname = cleany.mydomain.org
inet_interfaces = cleanysIP, 127.0.0.1
# or should i leave it at "all"?
virtual_alias_maps = 
# should be ok, if everything received and cleaned gets relayed to maily?
virtual_alias_domains = 
content_filter = smtp:cleanysIP:10024 or smtp:127.0.0.1:10024 ?
# again: is there a difference?
# again copy body_checks, header_checks and mime_header_checks 
# from the old server, same question for the tls-key/cert/CA
message_size_limit = 2048
strict_rfc821_envelopes = no
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus.org
reject_rbl_client ix.dnsbl.manitu.net
reject_rbl_client bl.spamcop.net
reject_rbl_client dnsbl.njabl.org
reject_rbl_client inputs.relays.osirusoft.com
reject_rbl_client dialups.relays.osirusoft.com
reject_rbl_client spews.relays.osirusoft.com

Re: Disabling SSLv2 does not work as expected

2011-09-02 Thread Stan Hoeppner 

On 9/2/2011 3:49 PM, Wietse Venema wrote:

Michael B Allen:

BTW, Postfix 2.3 was developed in 2005, released in 2006, and support
was terminated in 2009.


This is off-topic but you may know that CentOS (which is RedHat
repackaged without the branding) backports all fixes. Meaning an issue
identified in 2.6 would be addressed as a patch in their 2.3 package
(if necessary). So they do not solely rely on upstream support. They
are going for stability and longevity. That is why I use CentOS /
RedHat and I suspect that is why you continue to get this question on
the list. Unlike most Linux distributions, they continue to update
packages for 4 years or so because that is about how long it takes for
hardware to become obsolete or breakdown. Some very popular
distributions like Ubuntu and Fedora almost always stop updating after
only a year or so. This is one reason why I believe that Linux is not
going to gain market share over other operating systems.


I already provide routine updates for four stable Postfix releases,
so there really is no need to fall behind so much like RedHat does.


Red Hat is a commercial distro.  They will always do things differently, 
things that seem strange and sometimes simply stupid to the rest of us. 
 Which is one of the many reasons I don't use a commercial distro.  Red 
Hat cherry picks patches from up and down the kernel source tree and 
backports them, all the way from 2.6.30 to 3.1 rc1.  Many such kernel 
patches are contributed by RH.  I don't know if they do this with 
applications, but it stands to reason that they would, given what they 
do with the kernel.


--
Stan

Re: Disabling SSLv2 does not work as expected

2011-09-02 Thread Joe 

On 09/02/2011 02:41 PM, Stan Hoeppner wrote:


Red Hat is a commercial distro.  They will always do things 
differently, things that seem strange and sometimes simply stupid to 
the rest of us.  Which is one of the many reasons I don't use a 
commercial distro.  Red Hat cherry picks patches from up and down the 
kernel source tree and backports them, all the way from 2.6.30 to 3.1 
rc1.  Many such kernel patches are contributed by RH.  I don't know if 
they do this with applications, but it stands to reason that they 
would, given what they do with the kernel.


Anyone I know who uses RHEL or Centos soon turns to the well known 3rd 
party repos which offer handy items like postfix-2.8 rpms. The point is, 
for any major linux distro, there are a number of easy-peasy ways to run 
a very up-to-date version of postfix.


Joe

Mail server in each office, i.e. Distributed Domain

2011-09-02 Thread Daniel Mare 
We have Head Office and Small Office.

In Head Office, we have Mac OS X 10.6.7 Mail server (i.e. postfix).  For people 
in Head Office, traffic to and from the mail server is over the fast LAN - no 
problems.

In Small Office, we have two employees, let's call them Snail and Shoe.

Currently Snail and Shoe use the mail server in Head Office.  When Snail emails 
Shoe, the message travels all the way to Head Office saturing the slow link 
upstream.  Shoe then downloads the email from Head Office, which then saturates 
the slow link downstream.

If Snail and Shoe are on the same LAN in the small office, there shouldn't be 
any reason for the message to travel all the way back to head office, so my 
question is:

How do I set up a local email server in Small Office using the same email 
domain?

If Snail sends an email to Shoe, it would go to a local email server in Small 
Office.  The local email server in Small Office would then check if Shoe is 
located in Small Office, if not, it would pass the message on the Head Office, 
but in this case, seeing that Shoe is in the local Small Office, the local mail 
server would then keep the message in Small Office.  Shoe will then download it 
from Small Office's local mail server, saving the slow link from saturation.

How do I do set up the servers this way?

Re: Disabling SSLv2 does not work as expected

2011-09-02 Thread Noel Jones 
On 9/2/2011 2:17 PM, Michael B Allen wrote:
> My objectives are not driven by or based on logic. They are based on
> the requirements of a consortium of credit card companies and banks.

Do they require you to offer STARTTLS on port 25?  ISTR that they
don't; I think they only require that if TLS is offered, SSLv2 is
not.  If that's true, just disable opportunistic STARTTLS.

If you have eg. clients that require TLS for submission, enable port
587/submission (and/or legacy 465/smtps) and use mandatory
encryption on that port.


  -- Noel Jones

Re: Mail server in each office, i.e. Distributed Domain

2011-09-02 Thread Daniel Mare 
Hi Geert, it's an engineering office and people constantly email big drawings, 
e.g. 20Mb to each other.  Sure email is not a file transfer protocol, but 
customers email in these drawings and staff would then forward these emails on 
to each other - separating attachments out and ftp'ing them would slow down the 
workflow.

There must be a way to set up distributed domains in postfix?  I know it is 
possible in MS Exchange.  Kerio Connect can also do this 
(http://www.kerio.co.uk/blog/distributed-domain-bringing-offices-together).

If possible, though, I would like to do this with postfix - it's open source 
and free so preferable to previously mentioned paid products.

I am surprised there's so little information available on this topic.  Someone 
must know how to set this up?


On 03/09/2011, at 11:55 , Geert Mak wrote:

> On 03.09.2011, at 02:40, Daniel Mare  wrote:
> 
>> saving the slow link from saturation.
> 
> I am surprised that there still exist connections so slow that to justify 
> administration like this :)

Re: Mail server in each office, i.e. Distributed Domain

2011-09-02 Thread Mihira Fernando 


On Saturday 03 September 2011 6:10:54 am Daniel Mare wrote:
> We have Head Office and Small Office.
>
> In Head Office, we have Mac OS X 10.6.7 Mail server (i.e. postfix).  For
> people in Head Office, traffic to and from the mail server is over the fast
> LAN - no problems.
>
> In Small Office, we have two employees, let's call them Snail and Shoe.
>
> Currently Snail and Shoe use the mail server in Head Office.  When Snail
> emails Shoe, the message travels all the way to Head Office saturing the
> slow link upstream.  Shoe then downloads the email from Head Office, which
> then saturates the slow link downstream.
>
> If Snail and Shoe are on the same LAN in the small office, there shouldn't
> be any reason for the message to travel all the way back to head office, so
> my question is:
>
> How do I set up a local email server in Small Office using the same email
> domain?
>
> If Snail sends an email to Shoe, it would go to a local email server in
> Small Office.  The local email server in Small Office would then check if
> Shoe is located in Small Office, if not, it would pass the message on the
> Head Office, but in this case, seeing that Shoe is in the local Small
> Office, the local mail server would then keep the message in Small Office. 
> Shoe will then download it from Small Office's local mail server, saving
> the slow link from saturation.
>
> How do I do set up the servers this way?

Use sub domains with aliases created for the branch office accounts in the 
main domain.
You'll need transport maps set for each branch office subdomain as well.