Redirect all bounces to a particular id

[Ram]

Can I configure my postfix server to send all bounces to a single 
mailbox , instead of the sender of the mail

Now my postfix has moved from mailman server

[J. Bakshi]

Hello list,

I have come here with hesitation as I don't know exactly where should I ask 
this question.
Hope to have some enlightenment from you.

I have running mailman and postfix on the same server. I had to add the 
following into main.cf to
integrate mailman into postfix

`
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
recipient_delimiter = +
mailman_destination_recipient_limit = 1
```

and the mm_cfg.py is as below


`
DEFAULT_URL_PATTERN = 'http://%s/mailman/'
DEFAULT_EMAIL_HOST = 'list.mydomain.com'
DEFAULT_URL_HOST = 'list.mydomain.com'
MTA = 'Postfix'
POSTFIX_ALIAS_CMD = '/usr/sbin/postalias'
POSTFIX_MAP_CMD = '/usr/sbin/postmap'
DELIVERY_MODULE = 'SMTPDirect'
SMTPHOST = 'localhost'
SMTPPORT = '25'
add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
POSTFIX_STYLE_VIRTUAL_DOMAINS = ['list.x.com']
IMAGE_LOGOS = '/mailmanicons/'
```

Now the mailserver has been moved to a different server. How can I inform 
mailman about my physically
moved postfix ? Should I just add the email domain (which this server once had) 
at the relay_domain section of the postfix
running on this very server?

Any idea/clue is very much welcome.

Thanks

Re: Aliases on local submissions only

[Jeroen Geilman]

On 01/02/2012 02:00 AM, Philip Prindeville wrote:

I have a 'border' postfix MTA that doesn't host any mailboxes, indeed it 
doesn't even know what the valid usernames are for the domain.

It merely serves to check messages for viruses, and block DoS attacks.

As such, I need it to perform aliasing *only* on messages generated locally by 
system services, such as 'cron'.

How do I configure that? I.e. that if a message is submitted locally by a 
service such as 'cron' or 'logwatch', it should be aliased to an internal 
mailbox name on an Intranet server...

Thanks,

-Philip

There are several approaches.

Local processes use sendmail(1) to submit mail.
This is partly outside the normal flow of SMTP mail, as diagrammed here: 
http://www.postfix.org/OVERVIEW.html#receiving


The pickup(8) service allows you to specify a content_filter, which you 
could use to inject this mail into a separate smtpd(8) listener with 
different restrictions than the main port 25 listener, one of those 
being to allow aliasing to external recipients.


You could also set receive_override_options on the pickup(8) service 
directly, and disable them on the normal smtpd(8) listener.


http://www.postfix.org/pickup.8.html
http://www.postfix.org/postconf.5.html#content_filter
http://www.postfix.org/FILTER_README.html
http://www.postfix.org/postconf.5.html#receive_override_options

--
J.

Re: Redirect all bounces to a particular id

[Charles Marcus]

On 2012-01-02 7:17 AM, Ram  wrote:

Can I configure my postfix server to send all bounces to a single
mailbox , instead of the sender of the mail


In 99.9% of cases, doing this would be a very bad idea.

As you were advised in the welcome message you received when signing up 
for this list, please describe *the problem you are trying to solve* 
(not your preconceived 'solution'), along with full logs of sample 
problem transaction, as well as output of postconf -n.


--

Best regards,

Charles

Re: Redirect all bounces to a particular id

[Jeroen Geilman]

On 01/02/2012 01:17 PM, Ram wrote:
Can I configure my postfix server to send all bounces to a single 
mailbox , instead of the sender of the mail




No.


--
J.

Re: Whitelists

[Stan Hoeppner]

On 1/1/2012 11:19 PM, Roman Gelfand wrote:
> I am using the following directive for filtering.  The mail goes
> through 2 grey listing filters, bl lookup using policy_daemon, dkim,
> spf, dspam, etc...  I don't want to start adding  a whitelist entry to
> every filter.
> 
> smtpd_recipient_restrictions =
>permit_mynetworks,
>reject_unauth_destination,
 check_sender_access hash:/etc/postfix/whitelist
>check_recipient_access pcre:/etc/postfix/dspam_check_aliases,
>check_sender_access pcre:/etc/postfix/dspam_check_aliases,
>check_policy_service inet:127.0.0.1:2501,
>check_policy_service inet:127.0.0.1:5525,
>reject_unlisted_recipient,
>check_policy_service inet:127.0.0.1:12525

/etc/postfix/whitelist
example.com permit_auth_destination
u...@example2.com   permit_auth_destination

After creating or modifying /etc/postfix/whitelist do

$ postmap whitelist

See:  man 5 access

-- 
Stan

postfix-2.9-20111230-nonprod build problem

[Ralf Hildebrandt]

Today I wanted to give postfix-2.9-20111230-nonprod a spin, but got
this:

...
gcc -Wmissing-prototypes -Wformat -Wl,--as-needed  -DUSE_TLS -DHAS_PCRE 
-DHAS_CDB -DHAS_LDAP -DSNAPSHOT -DNONPROD -g -O -I. -DLINUX3 -c dict.c
dict.c:377:9: warning: no previous prototype for 'dict_error' 
[-Wmissing-prototypes]
gcc -Wmissing-prototypes -Wformat -Wl,--as-needed  -DUSE_TLS -DHAS_PCRE 
-DHAS_CDB -DHAS_LDAP -DSNAPSHOT -DNONPROD -g -O -I. -DLINUX3 -c dict_alloc.c
gcc -Wmissing-prototypes -Wformat -Wl,--as-needed  -DUSE_TLS -DHAS_PCRE 
-DHAS_CDB -DHAS_LDAP -DSNAPSHOT -DNONPROD -g -O -I. -DLINUX3 -c dict_cdb.c
dict_cdb.c: In function 'dict_cdbq_lookup':
dict_cdb.c:106:5: error: 'dict_errno' undeclared (first use in this function)
dict_cdb.c:106:5: note: each undeclared identifier is reported only once for 
each function it appears in
make: *** [dict_cdb.o] Error 1
make: *** [update] Error 1
set -e; for i in src/util src/global src/dns src/tls src/xsasl src/milter 
src/master src/postfix src/fsstone src/smtpstone
src/sendmail src/error src/pickup src/cleanup src/smtpd src/local 
src/trivial-rewrite src/qmgr src/oqmgr src/smtp src/bounce src/pipe
src/showq src/postalias src/postcat src/postconf src/postdrop src/postkick 
src/postlock src/postlog src/postmap src/postqueue
src/postsuper src/qmqpd src/spawn src/flush src/verify src/virtual src/proxymap 
src/anvil src/scache src/discard src/tlsmgr src/postmulti
src/postscreen src/dnsblog src/tlsproxy; do \
 (set -e; echo "[$i]"; cd $i; make 'CC=gcc -Wmissing-prototypes -Wformat 
-Wl,--as-needed  -DUSE_TLS -DHAS_PCRE -DHAS_CDB -DHAS_LDAP -DSNAPSHOT 
-DNONPROD' update MAKELEVEL=) || exit 1; \
done
[src/util]
gcc -Wmissing-prototypes -Wformat -Wl,--as-needed  -DUSE_TLS
-DHAS_PCRE -DHAS_CDB -DHAS_LDAP -DSNAPSHOT -DNONPROD -g -O -I.
-DLINUX3 -c dict_cdb.c
dict_cdb.c: In function 'dict_cdbq_lookup':
dict_cdb.c:106:5: error: 'dict_errno' undeclared (first use in this function)
dict_cdb.c:106:5: note: each undeclared identifier is reported only once for 
each function it appears in
make: *** [dict_cdb.o] Error 1
make: *** [update] Error 1


I'm using this to build (postfix-2.9-20111222 builds ok and so did 
postfix-2.9-20111230):

make tidy
 CCARGS="-Wl,--as-needed -DUSE_TLS -DHAS_PCRE -DHAS_CDB -DHAS_LDAP" \
AUXLIBS="-Wl,--as-needed -lssl -lcrypto -lpcre -lcdb -lldap -llber" \
make makefiles && make

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: Now my postfix has moved from mailman server

[Larry Stone]

On Jan 2, 2012, at 2:29 AM, J. Bakshi wrote:

> Hello list,
> 
> I have come here with hesitation as I don't know exactly where should I ask 
> this question.
> Hope to have some enlightenment from you.
> …

> Now the mailserver has been moved to a different server. How can I inform 
> mailman about my physically
> moved postfix ? Should I just add the email domain (which this server once 
> had) at the relay_domain section of the postfix
> running on this very server?
> 


This would best be asked on the Mailman User's mailing list. Go to 
 for information and to 
subscribe.

-- 
Larry Stone
lston...@stonejongleux.com
http://www.stonejongleux.com/

Re: postfix-2.9-20111230-nonprod build problem

[Wietse Venema]

Ralf Hildebrandt:
> dict_cdb.c: In function 'dict_cdbq_lookup':
> dict_cdb.c:106:5: error: 'dict_errno' undeclared (first use in this function)
> dict_cdb.c:106:5: note: each undeclared identifier is reported only once for 
> each function it appears in

s/dict_errno/dict->error/

Wietse

Re: postfix-2.9-20111230-nonprod build problem

[Ralf Hildebrandt]

* Wietse Venema :
> Ralf Hildebrandt:
> > dict_cdb.c: In function 'dict_cdbq_lookup':
> > dict_cdb.c:106:5: error: 'dict_errno' undeclared (first use in this 
> > function)
> > dict_cdb.c:106:5: note: each undeclared identifier is reported only once 
> > for each function it appears in
> 
> s/dict_errno/dict->error/

That worked. dict_cdb.c and dict_db.c were affected.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de


signature.asc
Description: Digital signature

Re: Redirect all bounces to a particular id

[Otthon Yahoo]

Hello,

You can put this lines on main.cf

notify_classes = resource, software, bounce
bounce_notice_recipient = bou...@yourdomain.com



Cheers,


Otthon Coelho


At 12:59 02/01/2012, Charles Marcus wrote:

On 2012-01-02 7:17 AM, Ram  wrote:

Can I configure my postfix server to send all bounces to a single
mailbox , instead of the sender of the mail


In 99.9% of cases, doing this would be a very bad idea.

As you were advised in the welcome message you received when signing 
up for this list, please describe *the problem you are trying to 
solve* (not your preconceived 'solution'), along with full logs of 
sample problem transaction, as well as output of postconf -n.


--

Best regards,

Charles

Re: Redirect all bounces to a particular id

[Duane Hill]

On Monday, January 02, 2012 at 16:39:47 UTC, otthoncoe...@yahoo.com.br 
confabulated:

> Hello,

> You can put this lines on main.cf

> notify_classes = resource, software, bounce
> bounce_notice_recipient = bou...@yourdomain.com

The  bounce_notice_recipient  would  receive  a  copy  of  the message
headers   of   a   message  bounce  from  Postfix. The original sender
would as well.

> At 12:59 02/01/2012, Charles Marcus wrote:
>>On 2012-01-02 7:17 AM, Ram  wrote:
>>>Can I configure my postfix server to send all bounces to a single
>>>mailbox , instead of the sender of the mail
>>
>>In 99.9% of cases, doing this would be a very bad idea.
>>
>>As you were advised in the welcome message you received when signing 
>>up for this list, please describe *the problem you are trying to 
>>solve* (not your preconceived 'solution'), along with full logs of 
>>sample problem transaction, as well as output of postconf -n.

Re: Redirect all bounces to a particular id

[/dev/rob0]

On Monday 02 January 2012 10:39:47 Otthon Yahoo wrote:
> You can put this lines on main.cf
> 
> notify_classes = resource, software, bounce
> bounce_notice_recipient = bou...@yourdomain.com

Wrong, that is not what the OP asked. A bounce *notice* is not the 
bounce itself.

> At 12:59 02/01/2012, Charles Marcus wrote:
> >On 2012-01-02 7:17 AM, Ram  wrote:
> >>Can I configure my postfix server to send all bounces to a single
> >>mailbox , instead of the sender of the mail
> >
> >In 99.9% of cases, doing this would be a very bad idea.
> >
> >As you were advised in the welcome message you received when
> >signing up for this list, please describe *the problem you are
> >trying to solve* (not your preconceived 'solution'), along with

My guess here is that the problem includes a failure to understand 
distinctions between the envelope sender, which in all cases would 
receive the bounce, and the From: header.

A bulk sender needs the envelope sender to be a bounce-handling 
address. Typically they might use a different address in the From: 
header, which their subscribers (or victims, as the case may be) see 
in their MUA.

> >full logs of sample problem transaction, as well as output of
> >postconf -n.
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: Whitelists

[/dev/rob0]

On Monday 02 January 2012 09:26:18 Stan Hoeppner wrote:
> On 1/1/2012 11:19 PM, Roman Gelfand wrote:
> > I am using the following directive for filtering.  The mail goes
> > through 2 grey listing filters, bl lookup using policy_daemon,
> > dkim, spf, dspam, etc...  I don't want to start adding  a
> > whitelist entry to every filter.

Roman mentioned "filters", so naturally I thought he was referring to 
content filtering. Bypassing restrictions is done as Stan showed.

> > smtpd_recipient_restrictions =
> > 
> >permit_mynetworks,
> >reject_unauth_destination,
> 
>  check_sender_access hash:/etc/postfix/whitelist

My only additional suggestion would be that the filename should 
reflect a bit more of how it is used, i.e., "sender_whitelist".

> >check_recipient_access pcre:/etc/postfix/dspam_check_aliases,
> >check_sender_access pcre:/etc/postfix/dspam_check_aliases,
> >check_policy_service inet:127.0.0.1:2501,
> >check_policy_service inet:127.0.0.1:5525,
> >reject_unlisted_recipient,
> >check_policy_service inet:127.0.0.1:12525
> 
> /etc/postfix/whitelist
> example.com   permit_auth_destination
> u...@example2.com permit_auth_destination
> 
> After creating or modifying /etc/postfix/whitelist do
> 
> $ postmap whitelist
> 
> See:  man 5 access

-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: Aliases on local submissions only

[Philip Prindeville]

On 1/2/12 7:08 AM, Jeroen Geilman wrote:
> On 01/02/2012 02:00 AM, Philip Prindeville wrote:
>> I have a 'border' postfix MTA that doesn't host any mailboxes, indeed it 
>> doesn't even know what the valid usernames are for the domain.
>>
>> It merely serves to check messages for viruses, and block DoS attacks.
>>
>> As such, I need it to perform aliasing *only* on messages generated locally 
>> by system services, such as 'cron'.
>>
>> How do I configure that? I.e. that if a message is submitted locally by a 
>> service such as 'cron' or 'logwatch', it should be aliased to an internal 
>> mailbox name on an Intranet server...
>>
>> Thanks,
>>
>> -Philip
> There are several approaches.
> 
> Local processes use sendmail(1) to submit mail.
> This is partly outside the normal flow of SMTP mail, as diagrammed here: 
> http://www.postfix.org/OVERVIEW.html#receiving
> 
> The pickup(8) service allows you to specify a content_filter, which you 
> could use to inject this mail into a separate smtpd(8) listener with 
> different restrictions than the main port 25 listener, one of those 
> being to allow aliasing to external recipients.
> 
> You could also set receive_override_options on the pickup(8) service 
> directly, and disable them on the normal smtpd(8) listener.
> 
> http://www.postfix.org/pickup.8.html
> http://www.postfix.org/postconf.5.html#content_filter
> http://www.postfix.org/FILTER_README.html
> http://www.postfix.org/postconf.5.html#receive_override_options
> 

So I can have:

echo "receive_override_options = no_address_mappings" >> /etc/postfix/main.cf

but then in master.cf have:

pickup ...
   -o receive_override_options=

is that correct?

-Philip

Re: Aliases on local submissions only

[Lorens Kockum]

On Sun, Jan 01, 2012 at 06:00:46PM -0700, Philip Prindeville wrote:
> I have a 'border' postfix MTA that doesn't host any mailboxes, indeed it 
> doesn't even know what the valid usernames are for the domain.
> 
> It merely serves to check messages for viruses, and block DoS attacks.
> 
> As such, I need it to perform aliasing *only* on messages generated locally 
> by system services, such as 'cron'.

Wouldn't the easiest way be to configure the box with a specific
local domain? If its local domain is "antivirus.example.com",
then it won't do alias expansion for anything else. Should the
box have your main domain as a local domain it it doesn't even
know the valid usernames for the domain?

HTH

Re: sender delivery status notification not working

[pritam raote]

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 AAA-AAD..com ESMTP Postfix
ehlo localhost
250-AAA-AAD..com
250-PIPELINING
250-SIZE 31457280
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250 8BITMIME
quit
221 2.0.0 Bye

Server does not show DSN capabilities i.e 250-DSN  how to enable that ?

* postconf output
--snip-
smtp_discard_ehlo_keyword_address_maps =
smtp_discard_ehlo_keywords =
--snip-

* The smtp server-client response.
* On the server on which DSN does not work
---
0[b2b140]: SMTP Send: MAIL FROM: SIZE=390

0[b2b140]: SMTP entering state: 0
0[b2b140]: SMTP Response: 250 2.1.0 Ok
0[b2b140]: SMTP entering state: 5
0[b2b140]: SMTP Send: RCPT TO:
---

* On another server where it works
---
0[a2b140]: SMTP Send: MAIL FROM: RET=FULL ENVID=<
4f02a9cd.4060...@directi.com> SIZE=391

0[a2b140]: SMTP entering state: 0
0[a2b140]: SMTP Response: 250 2.1.0 Ok
0[a2b140]: SMTP entering state: 5
0[a2b140]: SMTP Send: RCPT TO:
NOTIFY=SUCCESS,FAILURE,DELAY ORCPT=rfc822;mailhostingser...@gmail.com
---

TIA,

On Fri, Dec 30, 2011 at 8:50 PM, Wietse Venema  wrote:

> pritam raote:
> > Hello,
> >
> > * DSN(sender delivery status notification) does not work on my box
> running
> > postfix.
> > * the version of postfix on the non working box is postfix-2.8.7-1
>
> DSN works only if:
>
> 1 - The POSTFIX SMTP server sends the DSN announcement to the REMOTE
>SMTP client.
>
> 2 - The REMOTE SMTP client (Thunderbird) requests DSN support.
>
> To find out if (1) and (2) happen, you need to report the SMTP
> commands and replies between the POSTFIX SMTP server and the REMOTE
> SMTP client (Thunderbird). You can anonymize the email address.
>
> http://www.postfix.org/DEBUG_README.html#mail
>
>Wietse
>

Re: sender delivery status notification not working

[pritam raote]

* Pls ignore this figured it out. It was disabled.

Thanks


telnet localhost 25
> Trying 127.0.0.1...
> Connected to localhost.localdomain (127.0.0.1).
> Escape character is '^]'.
> 220 AAA-AAD..com ESMTP Postfix
> ehlo localhost
> 250-AAA-AAD..com
> 250-PIPELINING
> 250-SIZE 31457280
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-AUTH LOGIN PLAIN
> 250-AUTH=LOGIN PLAIN
> 250-ENHANCEDSTATUSCODES
> 250 8BITMIME
> quit
> 221 2.0.0 Bye
>
> Server does not show DSN capabilities i.e 250-DSN  how to enable that ?
>
> * postconf output
> --snip-
> smtp_discard_ehlo_keyword_address_maps =
> smtp_discard_ehlo_keywords =
> --snip-
>
> * The smtp server-client response.
> * On the server on which DSN does not work
> ---
> 0[b2b140]: SMTP Send: MAIL FROM: SIZE=390
>
> 0[b2b140]: SMTP entering state: 0
> 0[b2b140]: SMTP Response: 250 2.1.0 Ok
> 0[b2b140]: SMTP entering state: 5
> 0[b2b140]: SMTP Send: RCPT TO:
> ---
>
> * On another server where it works
> ---
> 0[a2b140]: SMTP Send: MAIL FROM: RET=FULL ENVID=<
> 4f02a9cd.4060...@directi.com> SIZE=391
>
> 0[a2b140]: SMTP entering state: 0
> 0[a2b140]: SMTP Response: 250 2.1.0 Ok
> 0[a2b140]: SMTP entering state: 5
> 0[a2b140]: SMTP Send: RCPT TO:
> NOTIFY=SUCCESS,FAILURE,DELAY ORCPT=rfc822;mailhostingser...@gmail.com
> ---
>
> TIA,
>
>
> On Fri, Dec 30, 2011 at 8:50 PM, Wietse Venema wrote:
>
>> pritam raote:
>> > Hello,
>> >
>> > * DSN(sender delivery status notification) does not work on my box
>> running
>> > postfix.
>> > * the version of postfix on the non working box is postfix-2.8.7-1
>>
>> DSN works only if:
>>
>> 1 - The POSTFIX SMTP server sends the DSN announcement to the REMOTE
>>SMTP client.
>>
>> 2 - The REMOTE SMTP client (Thunderbird) requests DSN support.
>>
>> To find out if (1) and (2) happen, you need to report the SMTP
>> commands and replies between the POSTFIX SMTP server and the REMOTE
>> SMTP client (Thunderbird). You can anonymize the email address.
>>
>> http://www.postfix.org/DEBUG_README.html#mail
>>
>>Wietse
>>
>
>
>
>
>
>
>
>
>
>