Re: SMTP hangs when MySQL is down

[Sebastian Wiesinger]

* Sahil Tandon  [2011-12-05 03:24]:
> > I'm using Postfix with MySQL via proxy:mysql maps. The documentation
> > states that mails should get deferred if no mysql server is reachable.
> > 
> > However when I shut down MySQL, SMTP transaction freeze after I enter
> > the "MAIL FROM:<...>" statement.
> > 
> > Any ideas how I can change that? There seems to be no timeout, I left
> > the SMTP dialog open for a few minutes at least.
> 
> Do not use SQL in virtual_mailbox_domains[1]; instead, set the latter to
> a regular list.  Then, even when MySQL is down, Postfix will defer mail
> with 4.3.0 instead of appearing to freeze.

Hi Sahil,

that's not really an option for me, I need these lists in MySQL. It
seems I have to live with it and make MySQL as stable as possible.

> [1] Actually, you should avoid using SQL or LDAP for any tables used by
> the trivial-rewrite(8) daemon.  For context, see:

Thanks for the context but I'm still not clear on why there is no way
for postfix to delay every incoming mail when that happens. Is it
because local mail (injected by sendmail interface) would probably get
lost?

Could you explain this in a bit more detail?

Thank You & Regards

Sebastian

-- 
New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant

Re: SMTP hangs when MySQL is down

[Reindl Harald]

Am 05.12.2011 10:42, schrieb Sebastian Wiesinger:
>> Do not use SQL in virtual_mailbox_domains[1]; instead, set the latter to
>> a regular list.  Then, even when MySQL is down, Postfix will defer mail
>> with 4.3.0 instead of appearing to freeze.
> 
> Hi Sahil,
> 
> that's not really an option for me, I need these lists in MySQL. It
> seems I have to live with it and make MySQL as stable as possible.

there is no need not use mysql for any postfix configuration
since 2009 ALL or mailservices are mysql-backed inclduing mail-storage and
there are much more options used than on most other mailservers out there

as said, use replication and the slave as fallback for postfix

[root@mail:~]$ cat /etc/postfix/mysql-transport.cf
user = dbmailro
password = **
dbname   = dbmail
hosts= unix:/var/lib/mysql/mysql.sock inet:10.0.0.120:3307
query= select transport from dbma_transports where mydestination='%s' or 
mydestination='%d' order by transport
desc limit 1;
__

normally mysql is rock stable and never down

rebuild mysql-packages at your own the remove the idiotic restarts
on update which most distributions do, stop mailservices before restart
mysqld and start them after that
__

finally work with scripts to maintain services
this way i do a "dbmail-stop-all.sh; reboot" and change the
Before/After of systemd to make sure all services are started
in the right order - thats why i throwed away the mysql-package
from Fedora 15 and make my own things

[root@mail:~]$ cat /scripts/dbmail-stop-all.sh
#!/bin/bash
/sbin/service crond stop
/sbin/service postfix stop
/sbin/service dovecot stop
/sbin/service dbmail-imapd stop
/sbin/service dbmail-lmtpd stop
/sbin/service dbmail-pop3d stop
/sbin/service dbmail-timsieved stop
/sbin/service mysqld stop

[root@mail:~]$ cat /scripts/dbmail-start-all.sh
#!/bin/bash
/sbin/service mysqld start
/sbin/service dbmail-lmtpd start
/sbin/service dovecot start
/sbin/service postfix start
/sbin/service dbmail-imapd start
/sbin/service dbmail-pop3d start
/sbin/service dbmail-timsieved start
/sbin/service crond start



signature.asc
Description: OpenPGP digital signature

Re: Dead Destination configuration

[DN Singh]

SPF, DKIM, FBL everything being followed, but still no more than 3-4k
delivery to hotmail/rediff. Any ideas group?? Can these destinations be
classified as dead, when they start deferring?

On Sat, Dec 3, 2011 at 10:59 PM, /dev/rob0  wrote:

> On Friday 02 December 2011 08:23:53 Mark Goodge wrote:
> > To be more specific, Yahoo's code TS01 doesn't mean "You are
> > sending us too much email and we want you to slow down". It means
> > "We think you might be a spammer, so we are setting you a simple
> > test of whether you can follow instructions". If you pass the
> > test, then when you restart sending then you'll be able to get
> > everything through - it won't be rate-limited by Yahoo.
>
> I don't know what their TS01 means, but I do know that it does not
> mean what they say it does. I have seen it on my small site before,
> where I am reasonably certain that we could have caused no user
> complaints.
>
> At the time it was a participatory mailing list much like this one,
> with seven Y! subscribers. I did nothing and the mail eventually was
> delivered. Nowadays (after having been listed at DNSWL.org awhile,
> which might have helped) our Yahoo mail is delivered along with all
> the rest of it.
>
> If the OP's site is cranking out enough bulk mail such as to create a
> logjam and eventual bounces, that site needs to sign up for feedback
> loops, as suggested upthread. Legitimate bulk mail sending is a big
> chore. Consider that ESPs actually earn their money. Sometimes doing
> things in-house is more expensive than outsourcing.
> --
>Offlist mail to this address is discarded unless
>"/dev/rob0" or "not-spam" is in Subject: header
>

Re: Dead Destination configuration

[Robert Schetterer]

Am 05.12.2011 12:12, schrieb DN Singh:
> SPF, DKIM, FBL everything being followed, but still no more than 3-4k
> delivery to hotmail/rediff. Any ideas group?? Can these destinations be
> classified as dead, when they start deferring? 

sorry ,they arent "dead" at all, even if they dont take mail from you
at once , guess they limit mail by ip, look if you find
any how to at them avoiding this
you can ever try deliver out by another ip
or spread deliver out over more ips in general

> 
> On Sat, Dec 3, 2011 at 10:59 PM, /dev/rob0  > wrote:
> 
> On Friday 02 December 2011 08:23:53 Mark Goodge wrote:
> > To be more specific, Yahoo's code TS01 doesn't mean "You are
> > sending us too much email and we want you to slow down". It means
> > "We think you might be a spammer, so we are setting you a simple
> > test of whether you can follow instructions". If you pass the
> > test, then when you restart sending then you'll be able to get
> > everything through - it won't be rate-limited by Yahoo.
> 
> I don't know what their TS01 means, but I do know that it does not
> mean what they say it does. I have seen it on my small site before,
> where I am reasonably certain that we could have caused no user
> complaints.
> 
> At the time it was a participatory mailing list much like this one,
> with seven Y! subscribers. I did nothing and the mail eventually was
> delivered. Nowadays (after having been listed at DNSWL.org awhile,
> which might have helped) our Yahoo mail is delivered along with all
> the rest of it.
> 
> If the OP's site is cranking out enough bulk mail such as to create a
> logjam and eventual bounces, that site needs to sign up for feedback
> loops, as suggested upthread. Legitimate bulk mail sending is a big
> chore. Consider that ESPs actually earn their money. Sometimes doing
> things in-house is more expensive than outsourcing.
> --
>Offlist mail to this address is discarded unless
>"/dev/rob0" or "not-spam" is in Subject: header
> 
> 


-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: Low Budget Backups

[Nikolaos Milas]

On 2/12/2011 8:02 πμ, email builder wrote:


No other people have systems for doing this?


Perhaps a bit late in this thread, but we are using Mondo Archive (on 
CentOS 5.7) and it works great; quite flexible and with easy and 
effective restore.


Check: http://www.mondorescue.org/

A short intro: http://www.pclinuxos.com/forum/index.php?topic=59705.0;wap2

We do all sorts of backups, partial and full-system, using it (through 
simple cron jobs).


Good luck!
Nick

Re: Low Budget Backups

[Mauricio Tavares]

On Sat, Dec 3, 2011 at 10:18 PM, email builder  wrote:
>>> > I'm currently backing up my machine at home to a WD "My Passport" USB
>
>>> > drive, doing a monthly full and nightly differential, using a script
>>> > that employs rsync.  Each backup set looks like a full backup.  Works
>>> > like a champ.  I'm going to use the same script on the new mailserver
>>> > I'm building at work.
>>> >
>>> > I have two drives, which I swap once-a-month.  The out-of-service
>>> > drive goes in the safe.  At work I'll probably do three or four, with
>>> > at least one in the bank safety deposit vault.
>>>
>>> With the home domain, I use rsync for daily backups, and "whole
>>> system" dump to USB drive for (PGP-encrypted) off-site backup.
>>>
>>I myself use a dockstar running openwrt and a 2TB WD drive as linux/unix
>>and time machine backup.
>
> Cool, never heard of Dockstar before.  Thanks for the hint.  Does using 
> Openwrt
> with it help you use its network features without having to pay their 
> subscription
> and route all your access through their servers?
>
  dockstar is a plug computer on the same lines as the pogoplug,
guruplug, sheevaplug, etc. I bought three of them when they used to be
$25 a pop, but that was a while ago. The pogoplug with wifi is around
$50 at the usual places and can run openwrt... or even debian if you
are willing to use an usb drive to put it in. So what I did on it in
principle will work for all of them. I replaced the factory OS
firmware with openwrt so now it is a standalone setup that cares
nothing about their online service.

Something like that should suffice to be a local backup. If you want,
you can have it do some incremental backup to its local HD (hourly
until filling the HD and then deleting the oldest? It is really up to
you) and then to a remote location (amazon, a backup server you
created and put in an undisclosed location once a day or thereabouts
using some bandwidth throttling. Think this way: it has an entire day
to do the remote backup dance.

Honestly, even with disk level encryption the dockstar is not breaking a sweat.

Power consumption is 10W max for my backup setup. This matters a lot to me.

Re: Rewriting FROM, TO and CC

[Ignacio]

On Sun, Dec 4, 2011 at 9:15 PM, /dev/rob0  wrote:

> Please stop top-posting your replies. Thank you.
>
 I am sorry about that.

>
> On Sunday 04 December 2011 01:04:44 Ignacio wrote:
> > Fixing the application is not possible since we don't own
> > source code and owner company doesn't want to change it.
> > On the application we are just be able to set a smtp server.
>
> A good example of why not to trust proprietary software for your
> important tasks.
>
> > English is not my first language so I probably haven't explain
> > the problem very well. I will do my best right now.
>
> This is not a language barrier; this is a ... protocol barrier. It
> seems that you do not understand mail and SMTP very well. Your OP
> sounded as if the headers needed to change for some reason. Since we
> now know that envelope senders and recipients are what matters, it's
> time to move beyond.
>
> Unfortunately elsewhere in the thread you indicated that your example
> sender and recipients are not static. In this post I am again
> answering what you said, not what you might have meant.
>
I have used header_checks to add a CC field containing original sender
address. This way when there is a reply to e-mail, original sender will
receive the reply also.

>
> > The application connects to a smtp server and sent an e-mail as:
> > SENDER: user1@domain
> > TO: user2@domain;user3@domain
> >
> > From this smtp server we would like to relay e-mail to Corporate
> > Exchange server.This server needs authentication to relay e-mail.
> > Since user1 password changes every week, we would like to set a
> > generic user whose password will not change. Therefore, sender
> > must be changed to genericuser@domain.
>
> For the rewriting:
> http://www.postfix.org/ADDRESS_REWRITING_README.html#canonical
> http://www.postfix.org/postconf.5.html#sender_canonical_maps
> http://www.postfix.org/canonical.5.html
>
> For the authentication:
> http://www.postfix.org/SASL_README.html#client_sasl
> http://www.postfix.org/postconf.5.html#smtp_sasl_password_maps
>
I used generic config file to change original sender.


>
> > Also it is needed that
> > original sender (user1@domain) became a recipient of e-mail in
> > Corporate Exchange server ( I thought this could be achieved by
> > setting CC field in the e-mail, but it seems I was wrong).
>
> http://www.postfix.org/postconf.5.html#sender_bcc_maps
> containing:
> genericuser@domain  user1@domain
>
> > Is postfix able to do this? If not, is there any other app to do
> > that?
>
> This is only going to work if the sender is always the same, but
> perhaps you can come up with a mapping which will meet your needs. If
> not, you might be stuck with going back to the software vendor and
> demanding value for your money already spent. (Good luck with that!
> They already have your money!)
>
I just did some quick tests in a test environment and it seems to work
properly with different senders. BCC map is being applied before rewriting
sender address so with a mapping like
user1@domain user1@domain
user2@domain user2@domain
...
I got a BCC sent to original sender.


>
> > Thank you very much. I hope to have explained better myself.
>
> There was no mention in this post about the senders and recipients
> changing; you consistently used the same four example addresses. So we
> could only assume the problem only involved those addresses.
> --
>Offlist mail to this address is discarded unless
>"/dev/rob0" or "not-spam" is in Subject: header
>

Thank you very much for your help. It was very useful to get a working
solution to solve my problem. Now I only have to set it up in production
environment. Hope it will work as well as it did in tests! :)

Mailing List with Postfix

[Goutam Baul]

Dear List,

We are planning to implement a mailing solution using Postfix et el. The
total number of users of this system is likely to be around 8000. We would
need to send frequently mails to all the users and also sometimes to some of
the users based on some user attributes. We would request you to kindly
suggest a preferred path forward. Do we use the alias feature of postfix for
the job? Or should we implement some Mailing List manager? If the later is
better, any suggestion on the List Managers?

With regards,

Goutam

Re: Dead Destination configuration

[DN Singh]

The problem is that I am unable to find any hard limit of acceptance of
mails to these destinations. I have even tried creating slow transports for
them, but they still seem to drop connections after DATA command or RCPT
command.

"lost connection with mx.rediffmail.rediff.akadns.net[119.252.147.10] while
sending DATA command)"

This happens suddenly after some mails get delivered, and after it happens,
most of the mails in my active queue get transferred to deferred queue.
This increases the backlog of mails.

On Mon, Dec 5, 2011 at 4:54 PM, Robert Schetterer wrote:

> Am 05.12.2011 12:12, schrieb DN Singh:
> > SPF, DKIM, FBL everything being followed, but still no more than 3-4k
> > delivery to hotmail/rediff. Any ideas group?? Can these destinations be
> > classified as dead, when they start deferring?
>
> sorry ,they arent "dead" at all, even if they dont take mail from you
> at once , guess they limit mail by ip, look if you find
> any how to at them avoiding this
> you can ever try deliver out by another ip
> or spread deliver out over more ips in general
>
> >
> > On Sat, Dec 3, 2011 at 10:59 PM, /dev/rob0  > > wrote:
> >
> > On Friday 02 December 2011 08:23:53 Mark Goodge wrote:
> > > To be more specific, Yahoo's code TS01 doesn't mean "You are
> > > sending us too much email and we want you to slow down". It means
> > > "We think you might be a spammer, so we are setting you a simple
> > > test of whether you can follow instructions". If you pass the
> > > test, then when you restart sending then you'll be able to get
> > > everything through - it won't be rate-limited by Yahoo.
> >
> > I don't know what their TS01 means, but I do know that it does not
> > mean what they say it does. I have seen it on my small site before,
> > where I am reasonably certain that we could have caused no user
> > complaints.
> >
> > At the time it was a participatory mailing list much like this one,
> > with seven Y! subscribers. I did nothing and the mail eventually was
> > delivered. Nowadays (after having been listed at DNSWL.org awhile,
> > which might have helped) our Yahoo mail is delivered along with all
> > the rest of it.
> >
> > If the OP's site is cranking out enough bulk mail such as to create a
> > logjam and eventual bounces, that site needs to sign up for feedback
> > loops, as suggested upthread. Legitimate bulk mail sending is a big
> > chore. Consider that ESPs actually earn their money. Sometimes doing
> > things in-house is more expensive than outsourcing.
> > --
> >Offlist mail to this address is discarded unless
> >"/dev/rob0" or "not-spam" is in Subject: header
> >
> >
>
>
> --
> Best Regards
>
> MfG Robert Schetterer
>
> Germany/Munich/Bavaria
>

Re: Mailing List with Postfix

[Leslie León Sinclair]

Mailman[list manager], could do perfectly, the job. You should create a 
separated lists for the users, and his options as you pointed, Mailman 
has a strong/easy-to-understand&use backend.


HTH, Goutam.

Best regards.

--
/***
*Leslie León Sinclair
*Administrador de Redes
*Facultad de Ingenieria Electrica, CUJAE.
*Calle 114 #11901 e/ Ciclovía y Rotonda
*Marianao 19390, Ciudad de la Habana, Cuba
*Tel: (53 7) 266-3321
*Miembro de GUTL ->   
http://www.ecured.cu/index.php/Grupo_de_Usuarios_de_Tecnolog%C3%ADas_Libres_GUTL
*Another happy Slackware&   Debian GNU/Linux user
*Proud GNU/Linux User #445535 ->   http://counter.li.org/
*Katana yanai, otoko nanda.
/


Participe en Universidad 2012, del 13 al 17 de febrero de 2012.
Habana, Cuba: http://www.congresouniversidad.cu
Consulte la enciclopedia colaborativa cubana. http://www.ecured.cu

Participe en el Segundo Congreso Medio Ambiente Construido y 
Desarrollo Sustentable (MACDES 2011) del 6 al 9 de diciembre de 2011, 
Hotel Nacional, Habana, Cuba: http://macdes.cujae.edu.cu

Re: Dead Destination configuration

[Wietse Venema]

DN Singh:
> The problem is that I am unable to find any hard limit of acceptance of
> mails to these destinations. I have even tried creating slow transports for
> them, but they still seem to drop connections after DATA command or RCPT
> command.
> 
> "lost connection with mx.rediffmail.rediff.akadns.net[119.252.147.10] while
> sending DATA command)"
> 
> This happens suddenly after some mails get delivered, and after it happens,
> most of the mails in my active queue get transferred to deferred queue.
> This increases the backlog of mails.

Their limit is (surprise!) the point after which they begin dropping
your connections.

Wietse

Re: OT: Yahoo spam load (was: Dead Destination configuration)

[Lima Union]

On Fri, Dec 2, 2011 at 5:15 PM, Steve Fatula  wrote:
> From: Wietse Venema 
> To: postfix-users@postfix.org
> Sent: Friday, December 2, 2011 8:42 AM
> Subject: OT: Yahoo spam load (was: Dead Destination configuration)
>
> To get some idea of Yahoo spam load (and keyword trends) see
> http://visualize.yahoo.com/ and click the green buttons.
>
>
>
> I wish there was a chart for spam sent FROM yahoo. 99% of our spam comes
> from yahoo (that gets through postscreen).
>
> Steve

I'm having the same problem here, a lot of spam comming from YAHOO mail system.
I didn't know about sanesecurity, I'll give it a try, looks very interesting.
LU

Re: Dead Destination configuration

[DN Singh]

Yes, I tried to figure it out that way, but the numbers aren't constant.
Which is I was experimenting on the delays, and then ended up on this
topic...

On Mon, Dec 5, 2011 at 6:47 PM, Wietse Venema  wrote:

> DN Singh:
> > The problem is that I am unable to find any hard limit of acceptance of
> > mails to these destinations. I have even tried creating slow transports
> for
> > them, but they still seem to drop connections after DATA command or RCPT
> > command.
> >
> > "lost connection with mx.rediffmail.rediff.akadns.net[119.252.147.10]
> while
> > sending DATA command)"
> >
> > This happens suddenly after some mails get delivered, and after it
> happens,
> > most of the mails in my active queue get transferred to deferred queue.
> > This increases the backlog of mails.
>
> Their limit is (surprise!) the point after which they begin dropping
> your connections.
>
>Wietse
>

How to create separate mail filter and smtp communication for each recipient?

[Sharma, Ashish]

Hi,

I have a mail receiving postfix server with my custom email filter and a custom 
content filter.

The entire system was made for the case of receiving emails meant for single 
recipients only on the same mail domain, mails directed for multiple recipients 
for the receiving email domain were rejected.

Now because of requirement changes it's required to support multiple recipients 
too.

So in view of above facts, is there a way I can set postfix to create separate 
mail filter and smtp communication for each recipient?

Thanks
Ashish

Re: How to create separate mail filter and smtp communication for each recipient?

[Wietse Venema]

Sharma, Ashish:
> Hi,
> 
> I have a mail receiving postfix server with my custom email filter
> and a custom content filter.
>
> The entire system was made for the case of receiving emails meant
> for single recipients only on the same mail domain, mails directed
> for multiple recipients for the receiving email domain were rejected.
>
> Now because of requirement changes it's required to support multiple
> recipients too.
>
> So in view of above facts, is there a way I can set postfix to
> create separate mail filter and smtp communication for each
> recipient?

a) You use before-queue filters.  Use a content filter that supports
different per-recipient policies. There is no Postfix support for
different before-queue filters for multi-recipient mail.

b) You use after-queue filters. Instead of using content_filter
within a single Postfix instance, use multiple Postfix instances,
and use transport_maps to select the per-recipient filter between
the two instances.

The before/after queue terminology is defined in
http://www.postfix.org/CONTENT_INSPECTION_README.html

For Postfix multiple instance management see
http://www.postfix.org/MULTI_INSTANCE_README.html

Wietse

hide private ip in header

[Ramesh]

Hi List,


I
would like know to steps required to hide private ip address in postfix,
when we sent email, full header at recipient end shows client private
ip address and also shows public ip address of firewall instead of
public ip address of mail server. i have cross checked iptables nating
rules which are correct.

appreciate suggestion to resolve the issue even i have tried with 
domain_masqurade not successful


Thanks and Regards,
Ramesh  

Non-encoded 8bit data in header?

[Pierre Girard]

Hello,
I set up a small ubuntu 10.04 machine with postfix on it and it
seems to be working fine. However on the destination server there's this
message in the headers

X-Amavis-Alert: BAD HEADER, Non-encoded 8-bit data (char C3 hex): Subject:
test \303\251tudiants\n

Is it incorrect for postfix to send unencoded UTF characters in the
header or is it an amavis problem?
The mail is delivered but I'm wondering if there's something to be fixed
or not.

Thanks for your help.

Re: Non-encoded 8bit data in header?

[Ralf Hildebrandt]

* Pierre Girard :
> Hello,
> I set up a small ubuntu 10.04 machine with postfix on it and it
> seems to be working fine. However on the destination server there's this
> message in the headers
> 
> X-Amavis-Alert: BAD HEADER, Non-encoded 8-bit data (char C3 hex): Subject:
> test \303\251tudiants\n

Well, so don't send unencoded stuff in the headers.

> Is it incorrect for postfix to send unencoded UTF characters in the
> header or is it an amavis problem?

It's a problem of the sedning application, postfix is merely the
messenger

> The mail is delivered but I'm wondering if there's something to be fixed
> or not.

Headers need to be encoded.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: Rewriting FROM, TO and CC

[/dev/rob0]

On Monday 05 December 2011 06:11:27 Ignacio wrote:
> On Sun, Dec 4, 2011 at 9:15 PM, /dev/rob0  wrote:
> > Your OP sounded as if the headers needed to change for some
> > reason. Since we now know that envelope senders and recipients
> > are what matters, it's time to move beyond.
> > 
> > Unfortunately elsewhere in the thread you indicated that your
> > example sender and recipients are not static. In this post I am
> > again answering what you said, not what you might have meant.
> 
> I have used header_checks to add a CC field containing original
> sender address. This way when there is a reply to e-mail, original
> sender will receive the reply also.

Again, that only changes the content of the mail; it does not add a 
recipient. But if you need that, fine.

> > > The application connects to a smtp server and sent an e-mail
> > > as: SENDER: user1@domain
> > > TO: user2@domain;user3@domain
> > > 
> > > From this smtp server we would like to relay e-mail to
> > > Corporate Exchange server.This server needs authentication to
> > > relay e-mail. Since user1 password changes every week, we
> > > would like to set a generic user whose password will not
> > > change. Therefore, sender must be changed to
> > > genericuser@domain.
> > 
> > For the rewriting:
> > http://www.postfix.org/ADDRESS_REWRITING_README.html#canonical
> > http://www.postfix.org/postconf.5.html#sender_canonical_maps
> > http://www.postfix.org/canonical.5.html

> I used generic config file to change original sender.

The reason why I recommended canonical(5) over generic(5) was the 
former's ability to restrict rewriting to only sender addresses. 
Knowing that you needed to send a copy to the original sender, I 
didn't think smtp_generic_maps would work. Won't that also rewrite 
that address in the RCPT TO command and your new Cc: header?

Disclaimer: I should say that I've never had to use either feature, 
therefore my understanding might be a bit off.

> > > Also it is needed that
> > > original sender (user1@domain) became a recipient of e-mail in
> > > Corporate Exchange server ( I thought this could be achieved by
> > > setting CC field in the e-mail, but it seems I was wrong).
> > 
> > http://www.postfix.org/postconf.5.html#sender_bcc_maps
> > containing:
> > genericuser@domain  user1@domain

> I just did some quick tests in a test environment and it seems to
> work properly with different senders. BCC map is being applied
> before rewriting sender address so with a mapping like
> user1@domain user1@domain
> user2@domain user2@domain
> ...
> I got a BCC sent to original sender.

I'm pretty sure that with canonical maps, the rewriting takes place 
before the sender_bcc_maps. (But see disclaimer above.)

> Thank you very much for your help. It was very useful to get a
> working solution to solve my problem. Now I only have to set it up
> in production environment. Hope it will work as well as it did in
> tests! :)

If it does what you need, good deal! I'm glad it helped you, but 
honestly, a bit sorry that I/we indirectly helped support broken 
proprietary software. We do the work, they get the money, sigh.
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: hide private ip in header

[Noel Jones]

On 12/5/2011 9:40 AM, Ramesh wrote:
> 
> Hi List,
> 
> 
> I would like know to steps required to hide private ip address in
> postfix, when we sent email, full header at recipient end shows
> client private ip address and also shows public ip address of
> firewall instead of public ip address of mail server. i have cross
> checked iptables nating rules which are correct.
> 
> appreciate suggestion to resolve the issue even i have tried with
> domain_masqurade not successful
> 
> Thanks and Regards,
> Ramesh 
>  


You can remove internal IPs with an IGNORE header_checks rule.  Be
careful your rule is specific enough that you don't remove headers
from outsider's mail.  See postfix-users archives for examples.
WARNING: removing internal IPs is seldom necessary and hides
valuable debugging information.

The public IP Received: header is added by the receiving system;
that's the IP they receive the mail from.  If your mail server has
multiple addresses, smtp_bind_address can control which one is used.
http://www.postfix.org/postconf.5.html#smtp_bind_address




  -- Noel Jones

Re: hide private ip in header

[James Seymour]

On Mon, 5 Dec 2011 21:10:11 +0530 (IST)
Ramesh  wrote:

> Hi List,
> 
> I
> would like know to steps required to hide private ip address in
> postfix, ...
[snip]

Header checks with appropriate regexp and IGNORE.

> ...and also shows public ip address of firewall instead of
> public ip address of mail server.

If the mailserver is sending through the firewall, and that's what the
receiving MTA is seeing, there's nothing you can do about it other than
rearrange your public network topology.  If the mailserver and firewall
are one-in-the-same, but have different (virtual) public IP
addresses, look to this mailing list's archives for the identical
question I asked just the other day, entitled "Problem with smtp client
bind address."

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at .

Re: Non-encoded 8bit data in header?

[Wietse Venema]

Pierre Girard:
> Hello,
>  I set up a small ubuntu 10.04 machine with postfix on it and it
> seems to be working fine. However on the destination server there's this
> message in the headers
> 
> X-Amavis-Alert: BAD HEADER, Non-encoded 8-bit data (char C3 hex): Subject:
>  test \303\251tudiants\n

Your mail submission program submits non-compliant email into
Postfix. It should encode message headers that contain non-ASCII
content.

Postfix is an MTA. Its purpose it not to transform malformed email
into well-formed messages.

Wietse

Re: Non-encoded 8bit data in header?

[Pierre Girard]

Le 2011-12-05 11:14, Wietse Venema a écrit :


Your mail submission program submits non-compliant email into
Postfix. It should encode message headers that contain non-ASCII
content.


Thanks for the information.

The email is sent automatically by the autoupdate program and it's using 
mail/mailx to send it.


I'll look around and see if I can change that.

Re: Dead Destination configuration

[Jeroen Geilman]

On 2011-12-05 15:36, DN Singh wrote:
Yes, I tried to figure it out that way, but the numbers aren't constant. 


Have you considered that this is because your submission is not 100% flat ?
If you submit or retry in bursts (and when they block you for a fixed 
period of time after denying access, you WILL see clumping) then why 
expect their rejections to follow a different pattern ?


As the people with much experience and experimentation on this list 
suggest, run separate delivery routes - with separate queues - for these 
slow destinations.

All this is very well documented in the list archives.

--
J.

Re: Non-encoded 8bit data in header?

[Ralf Hildebrandt]

* Pierre Girard :

> The email is sent automatically by the autoupdate program and it's
> using mail/mailx to send it.

In that case I'd blame mail/mailx :)
Are you sure it's using those instead of just piping to sendmail?
-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: OT: Yahoo spam load (was: Dead Destination configuration)

[Steve Fatula]

From: Steve 


> To: postfix-users@postfix.org 
>Sent: Sunday, December 4, 2011 4:59 AM
>Subject: Re: OT: Yahoo spam load (was: Dead Destination configuration)
> 
>
>> >I wish there was a chart for spam sent FROM yahoo. 99% of our spam comes
>> from yahoo (that gets through postscreen).
>> 
>On my end it is hotmail. Anyway postscreen is as good as you configure and 
>use it. There is IMHO no universal valid conclusion about quality when you 
>write "that goes through postscreen".
>
>IMHO there is a reason for content filters. They are able to catch those 
>remaining messages passing such filter types like postscreen. From the 
>viewpoint of such filters (like postscreen) the mail coming from yahoo (or in 
>my case hotmail) are legitimate since they are coming from the proper sources, 
>obey EHLO/HELO delays, are often digitally signed, are in no blacklist, etc...
>
>
>You guys are reading too much into what I wrote! I was not complaining or 
>saying we could not control said yahoo spam. Was just saying that spam like 
>yahoo (and hotmail, msn, etc.) gets through postscreen, but, postscreen does a 
>great job of the other types of spam. postscreen is not the only technique we 
>use and certainly did not imply (or mean to imply) that. 

Still, my point is that yahoo needs to do a better job of not letting all that 
spam get OUT of it's system. I'd simply love to know how much does, though, 
that would be hard to calculate.

Re: OT: Yahoo spam load (was: Dead Destination configuration)

[Steve Fatula]

From: Lima Union 
>To: 
>Cc: Postfix users  
>Sent: Monday, December 5, 2011 8:02 AM
>Subject: Re: OT: Yahoo spam load (was: Dead Destination configuration)
> 
>
>
>I'm having the same problem here, a lot of spam comming from YAHOO mail system.
>I didn't know about sanesecurity, I'll give it a try, looks very interesting.
>LU
>
>We use it too and find it effective with no known false positives.

Re: SMTP hangs when MySQL is down

[Sahil Tandon]

On Mon, 2011-12-05 at 10:42:30 +0100, Sebastian Wiesinger wrote:

> * Sahil Tandon  [2011-12-05 03:24]:
> > > I'm using Postfix with MySQL via proxy:mysql maps. The documentation
> > > states that mails should get deferred if no mysql server is reachable.
> > > 
> > > However when I shut down MySQL, SMTP transaction freeze after I enter
> > > the "MAIL FROM:<...>" statement.
> > > 
> > > Any ideas how I can change that? There seems to be no timeout, I left
> > > the SMTP dialog open for a few minutes at least.
> > 
> > Do not use SQL in virtual_mailbox_domains[1]; instead, set the latter to
> > a regular list.  Then, even when MySQL is down, Postfix will defer mail
> > with 4.3.0 instead of appearing to freeze.
> 
> that's not really an option for me, I need these lists in MySQL. It
> seems I have to live with it and make MySQL as stable as possible.

Is your list of virtual mailbox domains that large or dynamic that it
must be only in SQL?  Note that you can still have virtual_mailbox_maps
reference an SQL location; it is just virtual_mailbox_domains (and
anything else that is used by trivial-rewrite(8)) that causes the
"stalling" symptoms you describe above.

> > [1] Actually, you should avoid using SQL or LDAP for any tables used by
> > the trivial-rewrite(8) daemon.  For context, see:
> 
> Thanks for the context but I'm still not clear on why there is no way
> for postfix to delay every incoming mail when that happens. Is it
> because local mail (injected by sendmail interface) would probably get
> lost?
> 
> Could you explain this in a bit more detail?

Victor explains well in the posts to which I linked in my original
reply.

-- 
Sahil Tandon

Re: SMTP hangs when MySQL is down

[Sahil Tandon]

On Mon, 2011-12-05 at 10:59:35 +0100, Reindl Harald wrote:

> Am 05.12.2011 10:42, schrieb Sebastian Wiesinger:
> >> Do not use SQL in virtual_mailbox_domains[1]; instead, set the
> >> latter to a regular list.  Then, even when MySQL is down, Postfix
> >> will defer mail with 4.3.0 instead of appearing to freeze.
> > 
> > Hi Sahil,
> > 
> > that's not really an option for me, I need these lists in MySQL. It
> > seems I have to live with it and make MySQL as stable as possible.
> 
> there is no need not use mysql for any postfix configuration since
> 2009 ALL or mailservices are mysql-backed inclduing mail-storage and
> there are much more options used than on most other mailservers out
> there

This is tangential to the topic. 

> normally mysql is rock stable and never down

That's great, but: the OP's question is explicitly about how Postfix
functions when MySQL *is* down.  The answer to that question - as noted
earlier - depends on which facet of Postfix is impacted, which in turn
depends on the parameters/tables configured to query an SQL backend.

-- 
Sahil Tandon