Re: Transport: Multiple routes to internal domain

[Andreas Berton]

On Tue, 7 Feb 2012, Lorens Kockum wrote:


On Tue, Feb 07, 2012 at 11:42:37AM +1100, Greg Wilson wrote:

I use this
technique, DNS round robin to evenly spread rdp connections to our
terminal servers. My understanding is that a device does a DNS lookup and
the server hands out each different IP address sequentially. Each device
uses (caches) the first IP address it recieves until it's rebooted.


That might be true for rdp connections to your terminal servers,
but (luckily!) it's a bit more complicated.

The DNS server sends a reply containing all the IP
addresses. The order varies. If the code asking the question
only wants one address, then it takes only one, and the next
time it asks the question it might get another answer.  Postfix,
however, understands that there are multiple addresses and
tries them all, one after the other in a random order until
one replies or until it has tried them all and decides to wait
before trying again. After waiting Postfix will make another DNS
lookup.

The response to that lookup may be cached since the previous
lookup, but the cache is valid only until the record's time to
live (TTL) expires. The TTL is set in the DNS server. It can
be anything from zero ("do not cache") to a week or more. A
common default value is 24 hours. Of course, in the case of
a long-lived TCP connection you may have the impression that
the IP address is used until the device is restarted, and you
might even be correct (for an RDP client running on Windows, for
example), but that is not the case when sending mails.


Is it possible to setup multiple transport records wth different
costs to a domain? This may be a solution.


You can do unequal load balancing by creating multiple records
with the same IP.  That could work using /etc/hosts, you'd have
to test.

You can do priorities (first try X and if it doesn't work try
Y then Z) by using different-priority MX records. This needs
access to your DNS server, and cannot be done with /etc/hosts.

Hope this helps.




As an alternative, it guess it would suffice to put an MX with lower 
priority in your dns to the backup server, so if mastern in your cluster 
is down postfix would then try next one. But what Loren wrote before 
creating loadbalancing with round-robin is probably what you want.

selecting outbound IP

[Joe Wong]

Hello,

 Say my MTA has multiple IP addresses on it. Is there a way to
configure Postfix (outbound) to use IP 1 when matching condition A and
IP2 if matching condition B and IP3 and none of the conditions are
matched?

Thanks,

- joe

Re: selecting outbound IP

[Reindl Harald]

Am 07.02.2012 09:53, schrieb Joe Wong:
> Hello,
> 
>  Say my MTA has multiple IP addresses on it. Is there a way to
> configure Postfix (outbound) to use IP 1 when matching condition A and
> IP2 if matching condition B and IP3 and none of the conditions are
> matched?

you can define "smtp_bind_address" for each outgoing process
defined in "master.cf"

cat /etc/postfix/master.cf | grep smtp_bind
smtpunix  -   -   n   -  50   smtp -o 
smtp_bind_address=10.0.0.6 -o max_idle=300 -o
max_use=500
relay   unix  -   -   n   -   -   smtp -o 
smtp_bind_address=10.0.0.6 -o max_idle=300 -o
max_use=500 -o smtp_fallback_relay=



signature.asc
Description: OpenPGP digital signature

Re: selecting outbound IP

[Wietse Venema]

Reindl Harald:
> Am 07.02.2012 09:53, schrieb Joe Wong:
> > Hello,
> > 
> >  Say my MTA has multiple IP addresses on it. Is there a way to
> > configure Postfix (outbound) to use IP 1 when matching condition A and
> > IP2 if matching condition B and IP3 and none of the conditions are
> > matched?
> 
> you can define "smtp_bind_address" for each outgoing process
> defined in "master.cf"
> 
> cat /etc/postfix/master.cf | grep smtp_bind
> smtpunix  -   -   n   -  50   smtp -o 
> smtp_bind_address=10.0.0.6 -o max_idle=300 -o
> max_use=500
> relay   unix  -   -   n   -   -   smtp -o 
> smtp_bind_address=10.0.0.6 -o max_idle=300 -o
> max_use=500 -o smtp_fallback_relay=

If you do this on a firewall, then be sure to read the Postfix
manpage for smtp_bind_address and inet_interfaces, to avoid
some common pitfalls with routing.

http://www.postfix.org/postconf.5.html#smtp_bind_address
http://www.postfix.org/postconf.5.html#inet_interfaces

Wietse

Disallow user to send external mails

[Denis Witt]

Hi,

I wonder if there is an easy solution to disallow a specific sender 
(From-Header) to send e-mails to non $mydestination addresses.


Thanks in advance for any hint.

--
Best regards,
Denis Witt

Re: Disallow user to send external mails

[Nikolaos Milas]

On 7/2/2012 2:47 μμ, Denis Witt wrote:


Hi,

I wonder if there is an easy solution to disallow a specific sender 
(From-Header) to send e-mails to non $mydestination addresses.


Thanks in advance for any hint.



Check smtpd_sender_restrictions and/or smtpd_client_restrictions, as 
well as restriction classes:

http://www.postfix.org/SMTPD_ACCESS_README.html
http://www.postfix.org/RESTRICTION_CLASS_README.html

Re: Transport: Multiple routes to internal domain

[/dev/rob0]

On Tue, Feb 07, 2012 at 04:32:14PM +1100, Greg Wilson wrote:
> I've been testing Postifx for some solutions...
> 
> One attempt was to make 2 entries with the same host name
> in /etc/hosts
> 
> e.g
> 10.222.100.1 exchange.mydomain.local exchange
> 10.333.200.2 exchange.mydomain.local exchange

IPv5? I haven't seen many of those quads>255. :)

> Then changed the transport map to
> 
> mydomain.local smtp:[exchange.mydomain.local]
> 
> My info is that the square brackets stop Postifix doing mx
> record lookups.

And instead, do a DNS "A" lookup. To use hosts(5) resolution
specify smtp_host_lookup to include "native":
http://www.postfix.org/postconf.5.html#smtp_host_lookup

> This didn't work and I don't know why. It works fine with
> an IP address in the square brackets and the Linux box can
> resolve exchange.mydoamin.local to an IP.

By default smtp_host_lookup is "dns" only.

> Any suggestions?

Also, please don't top-post your replies. Your MUA badly mangled
quoting in the rest of the thread so I didn't bother to try to fix 
that. Thanks.
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: Transport: Multiple routes to internal domain

[Wietse Venema]

Greg Wilson:
> One attempt
> was to make 2 entries with the same host name in /etc/hosts
> 
> e.g
> 10.222.100.1 exchange.mydomain.local exchange
> 10.333.200.2
> exchange.mydomain.local exchange
> 
> Then changed the transport map
> to
> 
> mydomain.local smtp:[exchange.mydomain.local]
> 
> My
> info is that the square brackets stop Postifix doing mx record lookups.
> 
> 
> This didn't work and I don't know why. It works fine with an

That 's because LINUX does not support multiple /etc/hosts records
per name.

Use a better OS, use DNS, or use my smtp_fallback_relay solution.

Wietse

Reject mail sent from SMTP commands

[Rachid Abdelkhalak]

Hello Postfix users,

It is possible to tell to postfix to stop accept sending mails from SMTP 
commands executed from a telnet server 25 ?


Even if the mails are sent from or to relayed domain !!

Thank you

RE: Transport: Multiple routes to internal domain

[James Day]

-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of Wietse Venema
Sent: 07 February 2012 13:33
To: Greg Wilson
Cc: Postfix users
Subject: Re: Transport: Multiple routes to internal domain

Greg Wilson:
> One attempt
> was to make 2 entries with the same host name in /etc/hosts
> 
> e.g
> 10.222.100.1 exchange.mydomain.local exchange
> 10.333.200.2
> exchange.mydomain.local exchange
> 
> Then changed the transport map
> to
> 
> mydomain.local smtp:[exchange.mydomain.local]
> 
> My
> info is that the square brackets stop Postifix doing mx record lookups.
> 
> 
> This didn't work and I don't know why. It works fine with an

>That 's because LINUX does not support multiple /etc/hosts records per name.

>Use a better OS, use DNS, or use my smtp_fallback_relay solution.

Wietse

Hi Wietse,

When you say a better OS, I'd be interested to know what your preference is.

Kind regards,

James Day
(IT Engineer)

Re: Reject mail sent from SMTP commands

[Ralf Hildebrandt]

* Rachid Abdelkhalak :
> 
> Hello Postfix users,
> 
> It is possible to tell to postfix to stop accept sending mails from
> SMTP commands executed from a telnet server 25 ?

Yes, simply comment out the "smtp ... smtpd" line in master.cf and
restart postfix.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: Disallow user to send external mails

[/dev/rob0]

On Tue, Feb 07, 2012 at 02:57:08PM +0200, Nikolaos Milas wrote:
> On 7/2/2012 2:47 μμ, Denis Witt wrote:
> >
> >I wonder if there is an easy solution to disallow a specific 
> >sender (From-Header) to send e-mails to non $mydestination 
> >addresses.
> >
> >Thanks in advance for any hint.

While Nikolaos' links below are indeed the probable best answer, 
another important clue is this: you must understand that headers 
don't control mail routing. The restrictions below are applied 
against the envelope addresses.

> Check smtpd_sender_restrictions and/or smtpd_client_restrictions,
> as well as restriction classes:
> http://www.postfix.org/SMTPD_ACCESS_README.html
> http://www.postfix.org/RESTRICTION_CLASS_README.html
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: Reject mail sent from SMTP commands

[/dev/rob0]

On Tue, Feb 07, 2012 at 01:38:19PM +, Rachid Abdelkhalak wrote:
> It is possible to tell to postfix to stop accept sending mails
> from SMTP commands executed from a telnet server 25 ?
> 
> Even if the mails are sent from or to relayed domain !!

What is the goal? If the goal is merely to distinguish between 
regular mailer software and someone sitting at a terminal using 
telnet(1) as a client, this is not possible. It is also silly to 
think you will gain anything from making that distinction.

There was a recent thread on this list about this: January or 
December.
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: Reject mail sent from SMTP commands

[Noel Jones]

On 2/7/2012 7:38 AM, Rachid Abdelkhalak wrote:
> 
> Hello Postfix users,
> 
> It is possible to tell to postfix to stop accept sending mails from
> SMTP commands executed from a telnet server 25 ?

No, it's not possible[1], and not desirable.

But I really would like to know why you ask.  Did you read some
article that suggested this?  Did some security audit flag this as a
vulnerability?




[1] careful packet timing analysis (outside of postfix) might allow
you to "guess" that a session is hand-typed, but blocking that gains
you nothing since there are many command line tools that would
easily fool such analysis.



  -- Noel Jones

Re: Reject mail sent from SMTP commands

[/dev/rob0]

On Tue, Feb 07, 2012 at 07:53:11AM -0600, I wrote:
> On Tue, Feb 07, 2012 at 01:38:19PM +, Rachid Abdelkhalak
> wrote:
> > It is possible to tell to postfix to stop accept sending
> > mails from SMTP commands executed from a telnet server 25 ?
> > 
> > Even if the mails are sent from or to relayed domain !!
> 
> What is the goal? If the goal is merely to distinguish between
> regular mailer software and someone sitting at a terminal using
> telnet(1) as a client, this is not possible. It is also silly
> to think you will gain anything from making that distinction.
> 
> There was a recent thread on this list about this: January or
> December.

In case you were not on the list then, here is the reference:

Subject: Disable sending mails via telnet
From: Leslie León Sinclair 
To: postfix-users@postfix.org
Date: Tue, 10 Jan 2012 16:45:25 -0500
Message-Id: <1326231925.7884.33.camel@SID>
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: selecting outbound IP

[Joe Wong]

Thanks for the reference. How could this be used with some condition?
I am looking for binding sender domain A with IP 1 and domain B go
through IP 2, go to IP3 otherwise.

- Joe

On Tue, Feb 7, 2012 at 8:00 PM, Wietse Venema  wrote:
> Reindl Harald:
>> Am 07.02.2012 09:53, schrieb Joe Wong:
>> > Hello,
>> >
>> >  Say my MTA has multiple IP addresses on it. Is there a way to
>> > configure Postfix (outbound) to use IP 1 when matching condition A and
>> > IP2 if matching condition B and IP3 and none of the conditions are
>> > matched?
>>
>> you can define "smtp_bind_address" for each outgoing process
>> defined in "master.cf"
>>
>> cat /etc/postfix/master.cf | grep smtp_bind
>> smtp            unix  -       -       n       -      50       smtp -o 
>> smtp_bind_address=10.0.0.6 -o max_idle=300 -o
>> max_use=500
>> relay           unix  -       -       n       -       -       smtp -o 
>> smtp_bind_address=10.0.0.6 -o max_idle=300 -o
>> max_use=500 -o smtp_fallback_relay=
>
> If you do this on a firewall, then be sure to read the Postfix
> manpage for smtp_bind_address and inet_interfaces, to avoid
> some common pitfalls with routing.
>
> http://www.postfix.org/postconf.5.html#smtp_bind_address
> http://www.postfix.org/postconf.5.html#inet_interfaces
>
>        Wietse

Re: Transport: Multiple routes to internal domain

[Jose Ildefonso Camargo Tolosa]

On Tue, Feb 7, 2012 at 9:03 AM, Wietse Venema  wrote:
> Greg Wilson:
>> One attempt
>> was to make 2 entries with the same host name in /etc/hosts
>>
>> e.g
>> 10.222.100.1 exchange.mydomain.local exchange
>> 10.333.200.2
>> exchange.mydomain.local exchange
>>
>> Then changed the transport map
>> to
>>
>> mydomain.local smtp:[exchange.mydomain.local]
>>
>> My
>> info is that the square brackets stop Postifix doing mx record lookups.
>>
>>
>> This didn't work and I don't know why. It works fine with an
>
> That 's because LINUX does not support multiple /etc/hosts records
> per name.
>
> Use a better OS, use DNS, or use my smtp_fallback_relay solution.
>
>        Wietse

Eh, Linux *does* support that, from man host.conf  (/etc/host.conf):

   multi  Valid values are on and off.  If set to on, the resolv+
library will return all valid addresses for a host that  appears  in
the  /etc/hosts  file, instead of only the first.  This is off by
default, as it may cause a substantial performance loss at sites with
large hosts files.

Re: selecting outbound IP

[Reindl Harald]

http://www.postfix.org/MULTI_INSTANCE_README.html
but never used because no need

"smtp_bind_address" is here only in use to make sure
that outgoing mail is using the ip matching SPF

Am 07.02.2012 15:19, schrieb Joe Wong:
> Thanks for the reference. How could this be used with some condition?
> I am looking for binding sender domain A with IP 1 and domain B go
> through IP 2, go to IP3 otherwise.
> 
> - Joe
> 
> On Tue, Feb 7, 2012 at 8:00 PM, Wietse Venema  wrote:
>> Reindl Harald:
>>> Am 07.02.2012 09:53, schrieb Joe Wong:
 Hello,

  Say my MTA has multiple IP addresses on it. Is there a way to
 configure Postfix (outbound) to use IP 1 when matching condition A and
 IP2 if matching condition B and IP3 and none of the conditions are
 matched?
>>>
>>> you can define "smtp_bind_address" for each outgoing process
>>> defined in "master.cf"
>>>
>>> cat /etc/postfix/master.cf | grep smtp_bind
>>> smtpunix  -   -   n   -  50   smtp -o 
>>> smtp_bind_address=10.0.0.6 -o max_idle=300 -o
>>> max_use=500
>>> relay   unix  -   -   n   -   -   smtp -o 
>>> smtp_bind_address=10.0.0.6 -o max_idle=300 -o
>>> max_use=500 -o smtp_fallback_relay=
>>
>> If you do this on a firewall, then be sure to read the Postfix
>> manpage for smtp_bind_address and inet_interfaces, to avoid
>> some common pitfalls with routing.
>>
>> http://www.postfix.org/postconf.5.html#smtp_bind_address
>> http://www.postfix.org/postconf.5.html#inet_interfaces
>>
>>Wietse

-- 

Mit besten Grüßen, Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / software-development / cms-solutions
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/

http://www.thelounge.net/signature.asc.what.htm



signature.asc
Description: OpenPGP digital signature

Re: Disallow user to send external mails

[Denis Witt]

Hi Nikolaos,

thanks a lot.

--
Best regards,
Denis Witt

Re: selecting outbound IP

[Joe Wong]

Thanks Reindl.

On Tue, Feb 7, 2012 at 10:33 PM, Reindl Harald  wrote:
> http://www.postfix.org/MULTI_INSTANCE_README.html
> but never used because no need
>
> "smtp_bind_address" is here only in use to make sure
> that outgoing mail is using the ip matching SPF
>
> Am 07.02.2012 15:19, schrieb Joe Wong:
>> Thanks for the reference. How could this be used with some condition?
>> I am looking for binding sender domain A with IP 1 and domain B go
>> through IP 2, go to IP3 otherwise.
>>
>> - Joe
>>
>> On Tue, Feb 7, 2012 at 8:00 PM, Wietse Venema  wrote:
>>> Reindl Harald:
 Am 07.02.2012 09:53, schrieb Joe Wong:
> Hello,
>
>  Say my MTA has multiple IP addresses on it. Is there a way to
> configure Postfix (outbound) to use IP 1 when matching condition A and
> IP2 if matching condition B and IP3 and none of the conditions are
> matched?

 you can define "smtp_bind_address" for each outgoing process
 defined in "master.cf"

 cat /etc/postfix/master.cf | grep smtp_bind
 smtp            unix  -       -       n       -      50       smtp -o 
 smtp_bind_address=10.0.0.6 -o max_idle=300 -o
 max_use=500
 relay           unix  -       -       n       -       -       smtp -o 
 smtp_bind_address=10.0.0.6 -o max_idle=300 -o
 max_use=500 -o smtp_fallback_relay=
>>>
>>> If you do this on a firewall, then be sure to read the Postfix
>>> manpage for smtp_bind_address and inet_interfaces, to avoid
>>> some common pitfalls with routing.
>>>
>>> http://www.postfix.org/postconf.5.html#smtp_bind_address
>>> http://www.postfix.org/postconf.5.html#inet_interfaces
>>>
>>>        Wietse
>
> --
>
> Mit besten Grüßen, Reindl Harald
> the lounge interactive design GmbH
> A-1060 Vienna, Hofmühlgasse 17
> CTO / software-development / cms-solutions
> p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
> icq: 154546673, http://www.thelounge.net/
>
> http://www.thelounge.net/signature.asc.what.htm
>

Re: [thelounge] thank you for postfix!

[Stoyan Stoyanov]

I want to join to the 'THANK YOU' campaign too.
Postfix is the best MTA ever!!!



On Feb 5, 2012, at 4:42 AM, Reindl Harald wrote:


Dear Venema

i would like to thank you for postfix, the best MTA in my opinion
i am happy and think you can't hear this often enough for provide
such a great software for free!

not only for the app, especially for the way of your development  
making

even major-upgrades easy without any config-changes in complex setups
over years and i am on board since 2006

it is really impressive to see this in setups like below without touch
anything as replace tarball and rebuild the RPM before execute some
autotests, see it working like a charme and global deployment

what a wonderful world could this be if any update would run so  
smooth

postfix-2.9.0-2.fc15.20120205.rh.x86_64
___

disclaimer:

yes, the reject codes are well thought because a spamfirewall in front
and normally no unauthenticated message is delivered directly to the  
MTA

___

myhostname  = hostname
smtpd_banner= $myhostname  
ESMTP

smtp_helo_name  = $myhostname
inet_protocols  = ipv4
inet_interfaces = all

mydomain= ourdomain
myorigin= our-admin-domain

double_bounce_sender= double- 
bounce@ourdomain
address_verify_sender   =  
postmaster@ourdomain

unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code= 550
unknown_hostname_reject_code= 501
unknown_address_reject_code = 550
bounce_template_file= /etc/postfix/ 
bounce.cf

fast_flush_domains  =

mailbox_size_limit  = 0
recipient_delimiter = +
broken_sasl_auth_clients= yes
anvil_rate_time_unit= 1800s

smtpd_client_connection_rate_limit  = 50
smtpd_sasl_auth_enable  = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_proxy_options = speed_adjust
smtpd_reject_footer = as customer  
please use smtp-authentication

smtpd_helo_required = yes
smtpd_discard_ehlo_keywords = silent- 
discard, etrn, dsn, vrfy

smtpd_recipient_limit   = 500
disable_vrfy_command= yes

smtp_sasl_auth_enable   = yes
smtp_sender_dependent_authentication= yes
smtp_sasl_security_options  = noanonymous

proxy_read_maps = proxy:mysql:/etc/postfix/mysql-mynetworks.cf
proxy:mysql:/etc/postfix/mysql-mydestination.cf
proxy:mysql:/etc/postfix/mysql-recipients.cf
proxy:mysql:/etc/postfix/mysql-rewritedomains.cf
proxy:mysql:/etc/postfix/mysql-rewritesenders.cf
proxy:mysql:/etc/postfix/mysql-transport.cf
proxy:mysql:/etc/postfix/mysql-sender_relay_hosts.cf
proxy:mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf
proxy:mysql:/etc/postfix/mysql-aliases.cf
proxy:mysql:/etc/postfix/mysql-senderaccess.cf
proxy:mysql:/etc/postfix/mysql-spamfilter.cf
proxy:mysql:/etc/postfix/mysql-forwarders.cf

smtpd_helo_restrictions = permit_mynetworks
permit_sasl_authenticated
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
reject_unknown_helo_hostname

smtpd_recipient_restrictions = permit_mynetworks
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unlisted_sender
reject_authenticated_sender_login_mismatch
permit_sasl_authenticated
reject_unauth_destination
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_invalid_hostname
reject_unknown_reverse_client_hostname
reject_unauth_pipelining
reject_rbl_client dnsbl-1.uceprotect.net
check_policy_service unix:/var/spool/postfix/postgrey/socket
check_recipient_access proxy:mysql:/etc/postfix/mysql-spamfilter.cf

barracuda_smtpd_recipient_restrictions  =  
permit_mynetworks, reject
mynetworks  = 127.0.0.0/8,  
proxy:mysql:/etc/postfix/mysql-mynetworks.cf
mydestination   = proxy:mysql:/ 
etc/postfix/mysql-mydestination.cf
local_recipient_maps= proxy:mysql:/ 
etc/postfix/mysql-recipients.cf
recipient_canonical_maps= proxy:mysql:/ 
etc/postfix/mysql-rewritedomains.cf
sender_canonical_maps   = proxy:mysql:/ 
etc/postfix/mysql-rewritesenders.cf
transport_maps 

Installing Postfix and Dovecot on CentOS6

[Andre Lopes]

Hi all,

I have installed and configured Postfix and Dovecot in CentOS6, I have
followed this tutorials:

Postfix, http://www.server-world.info/en/note?os=CentOS_6&p=mail&f=1
Dovecot, http://www.server-world.info/en/note?os=CentOS_6&p=mail&f=2

Dovecot is running, I can send an e-mail to an user and receive them
in Thunderbird Client but I can't connect to Postfix...

Postfix is up:
[code]
[root@localhost andrelopes]# /sbin/service postfix status
master (pid  1888) is running...
[/code]

But I can't telnet to port 25
[code]
[root@localhost andrelopes]# telnet 192.168.59.246 25
Trying 192.168.59.246...
telnet: connect to address 192.168.59.246: Connection refused
[/code]

[code]
[root@localhost andrelopes]# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
[/code]

What can I do to try to solve this? Please give me a clue.

Best Regards,

Re: Installing Postfix and Dovecot on CentOS6

[Nick Bright]

On 2/7/2012 1:58 PM, Andre Lopes wrote:

Hi all,

I have installed and configured Postfix and Dovecot in CentOS6, I have
followed this tutorials:

Postfix, http://www.server-world.info/en/note?os=CentOS_6&p=mail&f=1
Dovecot, http://www.server-world.info/en/note?os=CentOS_6&p=mail&f=2


What can I do to try to solve this? Please give me a clue.

Best Regards,



The default configuration of Postfix on CentOS6 specifies to only listen 
on localhost. Make sure that you've set inet_interfaces to 
"inet_interfaces = all" to ensure that postfix listens on all IP addresses.


Alternatively, refer to 
http://www.postfix.org/postconf.5.html#inet_interfaces for more specific 
parameter documentation.


Also make sure that you've allowed port 25 in your firewall. If you're 
using the default CentOS iptables firewall, add:


-A INPUT -m state --state NEW -m tcp -p tcp --dport smtp -j ACCEPT

with the other similar looking lines, then do "service iptables restart" 
to apply the changes.


 - Nick Bright



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Installing Postfix and Dovecot on CentOS6

[Andre Lopes]

Thank you for the reply.

I have configured my IPTABLES in several ways but I can't telnet to
eth0, here is my iptables rules:

[code]
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-I INPUT -d 192.168.0.0 -p tcp --dport 143 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[/code]

The result is always the same:

[code]
[root@localhost andrelopes]# ifconfig
eth0  Link encap:Ethernet  HWaddr 00:0C:29:6B:43:E2
  inet addr:192.168.59.246  Bcast:192.168.59.255  Mask:255.255.255.0
  inet6 addr: fe80::20c:29ff:fe6b:43e2/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:13694 errors:0 dropped:0 overruns:0 frame:0
  TX packets:8659 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:9188890 (8.7 MiB)  TX bytes:979323 (956.3 KiB)
...
[root@localhost andrelopes]# telnet 192.168.59.246 25
Trying 192.168.59.246...
telnet: connect to address 192.168.59.246: Connection refused
[/code]

By the way, I'm testing this on a VMWare Virtual Machine

Any clues on why iptables is not accepting the rule on port 25?


Best Regards,


On Tue, Feb 7, 2012 at 8:04 PM, Nick Bright  wrote:
> On 2/7/2012 1:58 PM, Andre Lopes wrote:
>>
>> Hi all,
>>
>> I have installed and configured Postfix and Dovecot in CentOS6, I have
>> followed this tutorials:
>>
>> Postfix, http://www.server-world.info/en/note?os=CentOS_6&p=mail&f=1
>> Dovecot, http://www.server-world.info/en/note?os=CentOS_6&p=mail&f=2
>>
>>
>> What can I do to try to solve this? Please give me a clue.
>>
>> Best Regards,
>>
>
> The default configuration of Postfix on CentOS6 specifies to only listen on
> localhost. Make sure that you've set inet_interfaces to "inet_interfaces =
> all" to ensure that postfix listens on all IP addresses.
>
> Alternatively, refer to
> http://www.postfix.org/postconf.5.html#inet_interfaces for more specific
> parameter documentation.
>
> Also make sure that you've allowed port 25 in your firewall. If you're using
> the default CentOS iptables firewall, add:
>
> -A INPUT -m state --state NEW -m tcp -p tcp --dport smtp -j ACCEPT
>
> with the other similar looking lines, then do "service iptables restart" to
> apply the changes.
>
>  - Nick Bright
>

RE: Installing Postfix and Dovecot on CentOS6

[Dudi Goldenberg]

>[root@localhost andrelopes]# ifconfig
>eth0  Link encap:Ethernet  HWaddr 00:0C:29:6B:43:E2
>  inet addr:192.168.59.246  Bcast:192.168.59.255  Mask:255.255.255.0
>  inet6 addr: fe80::20c:29ff:fe6b:43e2/64 Scope:Link
>  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>  RX packets:13694 errors:0 dropped:0 overruns:0 frame:0
>  TX packets:8659 errors:0 dropped:0 overruns:0 carrier:0
>  collisions:0 txqueuelen:1000
>  RX bytes:9188890 (8.7 MiB)  TX bytes:979323 (956.3 KiB)

What is the output of 'ifconfig lo' ?

Your ifconfig above does not show lo running.

D.

Re: Installing Postfix and Dovecot on CentOS6

[Andre Lopes]

Hi Dudi,

Thanks for the reply. It shoes "lo", but I have hide it in the e-mail.
Some clues on what can I test to see what is blocking the port 25?

Best Regards,

On Tue, Feb 7, 2012 at 8:41 PM, Dudi Goldenberg  wrote:
>>[root@localhost andrelopes]# ifconfig
>>eth0      Link encap:Ethernet  HWaddr 00:0C:29:6B:43:E2
>>          inet addr:192.168.59.246  Bcast:192.168.59.255  Mask:255.255.255.0
>>          inet6 addr: fe80::20c:29ff:fe6b:43e2/64 Scope:Link
>>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>          RX packets:13694 errors:0 dropped:0 overruns:0 frame:0
>>          TX packets:8659 errors:0 dropped:0 overruns:0 carrier:0
>>          collisions:0 txqueuelen:1000
>>          RX bytes:9188890 (8.7 MiB)  TX bytes:979323 (956.3 KiB)
>
> What is the output of 'ifconfig lo' ?
>
> Your ifconfig above does not show lo running.
>
> D.
>

RE: Installing Postfix and Dovecot on CentOS6

[Dudi Goldenberg]

Hi Andre,

>Hi Dudi,
>
>Thanks for the reply. It shoes "lo", but I have hide it in the e-mail.
>Some clues on what can I test to see what is blocking the port 25?

Did you try 'netstat -napt' to verify that the machine is indeed listening on 
port 25?

If not - then the logs are your next place to look for errors.

Regards,

D.

Re: Installing Postfix and Dovecot on CentOS6

[Andre Lopes]

Thanks for the reply,

Here is my netstat,

[code]
[root@localhost ~]# netstat -napt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address   Foreign Address
 Stat
  e   PID/Program name
tcp0  0 0.0.0.0:110 0.0.0.0:*
 LIST
  EN  2017/dovecot
tcp0  0 0.0.0.0:143 0.0.0.0:*
 LIST
  EN  2017/dovecot
tcp0  0 0.0.0.0:111 0.0.0.0:*
 LIST
  EN  1275/rpcbind
tcp0  0 0.0.0.0:51506   0.0.0.0:*
 LIST
  EN  1293/rpc.statd
tcp0  0 0.0.0.0:22  0.0.0.0:*
 LIST
  EN  1476/sshd
tcp0  0 127.0.0.1:250.0.0.0:*
 LIST
  EN  24048/master
tcp0  0 0.0.0.0:993 0.0.0.0:*
 LIST
  EN  2017/dovecot
tcp0  0 0.0.0.0:995 0.0.0.0:*
 LIST
  EN  2017/dovecot
tcp0  0 192.168.59.246:143  192.168.59.1:57141
 ESTA
  BLISHED /imap
tcp0  0 192.168.59.246:22   192.168.59.1:55746
 ESTA
  BLISHED 1698/0
tcp0  0 192.168.59.246:143  192.168.59.1:57128
 ESTA
  BLISHED 2217/imap
tcp0  0 192.168.59.246:22   192.168.59.1:59458
 ESTA
  BLISHED 24797/1
tcp0  0 192.168.59.246:143  192.168.59.1:57083
 ESTA
  BLISHED 2206/imap
tcp0  0 :::111  :::*
 LIST
  EN  1275/rpcbind
tcp0  0 :::22   :::*
 LIST
  EN  1476/sshd
tcp0  0 :::42239:::*
 LIST
  EN  1293/rpc.statd
[/code]

The 192.168.59.246 is not listen on port 25. How can I listen on port
25 with 192.168.59.246?

Best Regards,

On Tue, Feb 7, 2012 at 8:51 PM, Dudi Goldenberg  wrote:
> Hi Andre,
>
>>Hi Dudi,
>>
>>Thanks for the reply. It shoes "lo", but I have hide it in the e-mail.
>>Some clues on what can I test to see what is blocking the port 25?
>
> Did you try 'netstat -napt' to verify that the machine is indeed listening on 
> port 25?
>
> If not - then the logs are your next place to look for errors.
>
> Regards,
>
> D.
>

RE: Installing Postfix and Dovecot on CentOS6

[Dudi Goldenberg]

Hi Andre,

>The 192.168.59.246 is not listen on port 25. How can I listen on port
>25 with 192.168.59.246?

Look for inet_interfaces in main.cf and set it to 'inet_interfaces = all', make 
sure that you search all of main.cf and verify that you only have one 
inet_interfaces line there.

Another test would be to telnet localhost 25 which should work.

Regards,

D.

Re: Installing Postfix and Dovecot on CentOS6

[Andre Lopes]

Thanks for the reply Dudi,

It sovle the connection problem to the port 25, but I'm not able to
send e-mails, here is the error:

[code]
Feb  7 21:13:31 localhost postfix/smtpd[25108]: connect from
unknown[192.168.59.1]
Feb  7 21:13:31 localhost postfix/smtpd[25108]: warning: SASL: Connect
to private/auth failed: Permission denied
Feb  7 21:13:31 localhost postfix/smtpd[25108]: fatal: no SASL
authentication mechanisms
Feb  7 21:13:32 localhost postfix/master[25091]: warning: process
/usr/libexec/postfix/smtpd pid 25108 exit status 1
Feb  7 21:13:32 localhost postfix/master[25091]: warning:
/usr/libexec/postfix/smtpd: bad command startup -- throttling
[/code]

Any clues on what I'm missing?

Best Regards


On Tue, Feb 7, 2012 at 9:10 PM, Dudi Goldenberg  wrote:
> Hi Andre,
>
>>The 192.168.59.246 is not listen on port 25. How can I listen on port
>>25 with 192.168.59.246?
>
> Look for inet_interfaces in main.cf and set it to 'inet_interfaces = all', 
> make sure that you search all of main.cf and verify that you only have one 
> inet_interfaces line there.
>
> Another test would be to telnet localhost 25 which should work.
>
> Regards,
>
> D.

Re: Installing Postfix and Dovecot on CentOS6

[Reindl Harald]

your dovecot configuration is wrong
"private/auth failed: Permission denied" states it clearly

# configure backend for postfix sasl-auth
service auth {
  unix_listener /var/spool/postfix/private/auth {
  mode = 0660
  user = postfix
  group= postfix
 }
}


Am 07.02.2012 22:20, schrieb Andre Lopes:
> Thanks for the reply Dudi,
> 
> It sovle the connection problem to the port 25, but I'm not able to
> send e-mails, here is the error:
> 
> [code]
> Feb  7 21:13:31 localhost postfix/smtpd[25108]: connect from
> unknown[192.168.59.1]
> Feb  7 21:13:31 localhost postfix/smtpd[25108]: warning: SASL: Connect
> to private/auth failed: Permission denied
> Feb  7 21:13:31 localhost postfix/smtpd[25108]: fatal: no SASL
> authentication mechanisms
> Feb  7 21:13:32 localhost postfix/master[25091]: warning: process
> /usr/libexec/postfix/smtpd pid 25108 exit status 1
> Feb  7 21:13:32 localhost postfix/master[25091]: warning:
> /usr/libexec/postfix/smtpd: bad command startup -- throttling
> [/code]
> 
> Any clues on what I'm missing?
> 
> Best Regards
> 
> 
> On Tue, Feb 7, 2012 at 9:10 PM, Dudi Goldenberg  wrote:
>> Hi Andre,
>>
>>> The 192.168.59.246 is not listen on port 25. How can I listen on port
>>> 25 with 192.168.59.246?
>>
>> Look for inet_interfaces in main.cf and set it to 'inet_interfaces = all', 
>> make sure that you search all of main.cf and verify that you only have one 
>> inet_interfaces line there.
>>
>> Another test would be to telnet localhost 25 which should work.
>>
>> Regards,
>>
>> D.

-- 

Mit besten Grüßen, Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / software-development / cms-solutions
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/

http://www.thelounge.net/signature.asc.what.htm



signature.asc
Description: OpenPGP digital signature

RE: Installing Postfix and Dovecot on CentOS6

[Dudi Goldenberg]

Hi Andre,

>Feb  7 21:13:31 localhost postfix/smtpd[25108]: connect from 
>unknown[192.168.59.1]
>Feb  7 21:13:31 localhost postfix/smtpd[25108]: warning: SASL: Connect to 
>private/auth failed: Permission denied
>Feb  7 21:13:31 localhost postfix/smtpd[25108]: fatal: no SASL authentication 
>mechanisms
>Feb  7 21:13:32 localhost postfix/master[25091]: warning: process 
>/usr/libexec/postfix/smtpd pid 25108 exit status 1
>Feb  7 21:13:32 localhost postfix/master[25091]: warning: 
>/usr/libexec/postfix/smtpd: bad command startup -- throttling

First, try to send with no authentication, if you have mynetworks set up 
correctly, you should be able to send from the same subnet.

If this works, then you need to read on setting up sasl and integrating sasl 
into postfix.

Regards,

D.

Re: Installing Postfix and Dovecot on CentOS6

[Andre Lopes]

Hi all,

Thanks for the replies,

I'm using this tutorial for sasl configuration,
http://www.server-world.info/en/note?os=CentOS_6&p=mail&f=2

There is something wrong here? Better... there is something missing here?

Best Regards,



On Tue, Feb 7, 2012 at 9:30 PM, Dudi Goldenberg  wrote:
> Hi Andre,
>
>>Feb  7 21:13:31 localhost postfix/smtpd[25108]: connect from 
>>unknown[192.168.59.1]
>>Feb  7 21:13:31 localhost postfix/smtpd[25108]: warning: SASL: Connect to 
>>private/auth failed: Permission denied
>>Feb  7 21:13:31 localhost postfix/smtpd[25108]: fatal: no SASL authentication 
>>mechanisms
>>Feb  7 21:13:32 localhost postfix/master[25091]: warning: process 
>>/usr/libexec/postfix/smtpd pid 25108 exit status 1
>>Feb  7 21:13:32 localhost postfix/master[25091]: warning: 
>>/usr/libexec/postfix/smtpd: bad command startup -- throttling
>
> First, try to send with no authentication, if you have mynetworks set up 
> correctly, you should be able to send from the same subnet.
>
> If this works, then you need to read on setting up sasl and integrating sasl 
> into postfix.
>
> Regards,
>
> D.

RE: Installing Postfix and Dovecot on CentOS6

[Dudi Goldenberg]

Hi Andre,

>I'm using this tutorial for sasl configuration,
>http://www.server-world.info/en/note?os=CentOS_6&p=mail&f=2
>
>There is something wrong here? Better... there is something missing here?

I have no idea, and I do not intend to check, there are too many howtos out 
there.

Did you try Reindl's advice and mine from the previous replies?

Regards,

D.

Re: Installing Postfix and Dovecot on CentOS6

[Reindl Harald]

Am 07.02.2012 22:43, schrieb Andre Lopes:
> Hi all,
> 
> Thanks for the replies,
> 
> I'm using this tutorial for sasl configuration,
> http://www.server-world.info/en/note?os=CentOS_6&p=mail&f=2
> 
> There is something wrong here? Better... there is something missing here?
> Best Regards

do not take a ready hwoto and try making this 1:1 like it
and most important - read the logs you post, try google
after them and read how other solved the same and what
comments they made, this helps to understand the big picture

try to learn how the things are working, what services are running
in a mail-system, how they work together and do this step by step

if not you will be lost sooner or later, at least if the first
real problem in production happens



signature.asc
Description: OpenPGP digital signature

Postfix installation problem...

[Mr fix]

We have created an rpm by applying custom patch to Postfix 2.8.7, after the 
installation "postfix check" gives the following error.

postfix: fatal: /usr/libexec/postfix/postfix-script: No such file or directory

After reading i'm coming to conclusion that it might be a permissions issue, 
haven't seen any differences when cross checked between older system vs this 
one.

TIA.
Kumar

Re: Postfix installation problem...

[Wietse Venema]

Mr fix:
> We have created an rpm by applying custom patch to Postfix 2.8.7,
> after the installation "postfix check" gives the following error.
>
> postfix: fatal: /usr/libexec/postfix/postfix-script: No such file or directory

The postfix command runs with super-user privileges. If it can't
execute postfix-script because of the above error, then:

- Either the file does not exist,

- Or the #!/path/to/program on the first line of the file specifies
a non-existent patname,

- Or you need to fix the SELINUX or APPARMOR etc.  "security"
configuration.

Wietse

keeping local copy of mail

[Lorenzo Bernardi]

Dear list,

  sorry if this is a newbie question but I didn't find the answer by 
myself and googling a lot.


the background:
I'm migrating from an old postfix server (2.3.8-2+etch1) to a zimbra 
server. I have configured zimbra to be the mail server of the SAME 
domain of the postfix server but keeping the MX field to the postfix 
server. Using imapsync I can transfert mail from postfix to zimbra and 
for the last step I plan to stop the postfix server, do the last 
imapsync before setting the zimbra server as the MX for the domain and 
cross finger that it will work.


the things I'd like to do
During my tests I have used transport maps and relay_recipient_maps to 
transfert postfix address to zimbra address and it worked well but I 
couldn't figure out how to keep a copy on the postfix server.
But I thought it would be nice to keep a copy of the incoming mails on 
the postfix server since it works quite well and I'm not sure that I 
have well configured zimbra. And I definitely don't want to loose mails !!


the questions:
1) is there a way in my case to keep a local copy on postfix (for me my 
problem come from the fact that on both server emails are the same).
2) if my comprehension of the process is correct all the mail sent by 
zimbra to a local address won't search the MX field for the domain and 
will be probably put directly in the mailboxes and if I can keep a local 
copy on the postfix server  it will only be for those coming from the 
outside world. Is it correct?
3) How will the aliases be handled in that case? If i have a list on the 
postfix server like l...@lpn.cnrs.fr will it be forwarded as is on the 
zimbra server of it will be first expanded into email address on the 
postfix server before being forwarded to the zimbra server?
4) If i cannot keep a local copy do I have a chance that stopping 
postfix, doing imapsync, and changing MX will be a working solution? I 
guess this is unanswearable question given the too little information 
but maybe someone is doing the same right now and have some experience 
to share.



some more info:
in the postfix main.cf I have

transport_maps = hash:/etc/postfix/transport
relay_recipient_maps=hash:/etc/postfix/relay_recipients


/etc/postfix/transport
lorenzo.berna...@lpn.cnrs.fr  relay:[zimbra.lpn.cnrs.fr]

and

/etc/postfix/relay_recipients
lorenzo.berna...@lpn.cnrs.fr   OK

sorry for the long post and I hope the answer is not RTFM otherwise I 
should buy a new brain (or change job ;) )


sincerely

L.

Re: Transport: Multiple routes to internal domain

[Greg Wilson]

Lorens,

Thank you for the detailed reply. I'm interested to
hear that some of the DNS smarts reside in postfix itself.

As I
had no luck with multiple records in the /etc/hosts file, I've gone to the
DNS option and setup multiple A records for exchange.xxx.local, using that
name in the Postfix's transport file. I can now see that mail is coming in
via our backup MS Exchange server, which is fine.

As long as
Postfix is smart enough to send email to the other IP address for this
record if one of the Exchange servers is down, all is well.

Thanks again,

Greg.

> On Tue, Feb 07, 2012 at
11:42:37AM +1100, Greg Wilson wrote:
>> I use this
>> technique, DNS round robin to evenly spread rdp connections to
our
>> terminal servers. My understanding is that a device does
a DNS lookup
>> and
>> the server hands out each
different IP address sequentially. Each device
>> uses (caches)
the first IP address it recieves until it's rebooted.
> 
>
That might be true for rdp connections to your terminal servers,
>
but (luckily!) it's a bit more complicated.
> 
> The DNS
server sends a reply containing all the IP
> addresses. The order
varies. If the code asking the question
> only wants one address,
then it takes only one, and the next
> time it asks the question
it might get another answer.  Postfix,
> however, understands that
there are multiple addresses and
> tries them all, one after the
other in a random order until
> one replies or until it has tried
them all and decides to wait
> before trying again. After waiting
Postfix will make another DNS
> lookup.
> 
> The
response to that lookup may be cached since the previous
> lookup,
but the cache is valid only until the record's time to
> live
(TTL) expires. The TTL is set in the DNS server. It can
> be
anything from zero ("do not cache") to a week or more. A
> common default value is 24 hours. Of course, in the case of
> a long-lived TCP connection you may have the impression that
> the IP address is used until the device is restarted, and you
> might even be correct (for an RDP client running on Windows, for
> example), but that is not the case when sending mails.
>

>> Is it possible to setup multiple transport records wth
different
>> costs to a domain? This may be a solution.
> 
> You can do unequal load balancing by creating multiple
records
> with the same IP.  That could work using /etc/hosts,
you'd have
> to test.
> 
> You can do priorities
(first try X and if it doesn't work try
> Y then Z) by using
different-priority MX records. This needs
> access to your DNS
server, and cannot be done with /etc/hosts.
> 
> Hope this
helps.
>

Avoiding "Domain not found" errors

[N. Yaakov Ziskind]

A particular mailer, slightly broken, cannot send mail to a postfix
(2.7.0) box:

Feb 5 08:51:16 pizza postfix/smtpd[30453]: NOQUEUE: reject: RCPT from 
chocolate .egps.com[38.119.130.7]: 450 4.1.8 
: Sender address rejected: i
Domain not found; from= 
to= proto=ESMTP helo=

Where the sample@domain.example is a valid address on the local machine.

What's the easiest to let this mail through? I tried adding the domain
to /var/spool/postfix/etc/hosts, and it didn't help.

Thanks!
 

Re: Avoiding "Domain not found" errors

[DN Singh]

The setting can be changed in the parameter "smtpd_sender_restrictions"
reject_unknown_sender_domain, if it is necessary.

Postfix looks up the the domain, and if it does not find any info, it
rejects the mail.
Anyways, the domain in the mail is indeed non-existent.

On Wed, Feb 8, 2012 at 9:45 AM, N. Yaakov Ziskind  wrote:

> A particular mailer, slightly broken, cannot send mail to a postfix
> (2.7.0) box:
>
> Feb 5 08:51:16 pizza postfix/smtpd[30453]: NOQUEUE: reject: RCPT from
> chocolate .egps.com[38.119.130.7]: 450 4.1.8
> : Sender address rejected: i
> Domain not found; from=
> to= proto=ESMTP helo=
>
> Where the sample@domain.example is a valid address on the local machine.
>
> What's the easiest to let this mail through? I tried adding the domain
> to /var/spool/postfix/etc/hosts, and it didn't help.
>
> Thanks!
>
>

Re: Avoiding "Domain not found" errors

[N. Yaakov Ziskind]

DN Singh wrote (on Wed, Feb 08, 2012 at 10:50:50AM +0530):
> The setting can be changed in the parameter "smtpd_sender_restrictions"
> reject_unknown_sender_domain, if it is necessary.

That would let in *all* mail from nonexistent domains, which I was
hoping to avoid.

> Postfix looks up the the domain, and if it does not find any info, it
> rejects the mail.
> Anyways, the domain in the mail is indeed non-existent.

But it's a subdomain of a valid domain, and it's a useful email ..
What's the easiest way to let this email from this one sender through?

> On Wed, Feb 8, 2012 at 9:45 AM, N. Yaakov Ziskind  wrote:
> 
> > A particular mailer, slightly broken, cannot send mail to a postfix
> > (2.7.0) box:
> >
> > Feb 5 08:51:16 pizza postfix/smtpd[30453]: NOQUEUE: reject: RCPT from
> > chocolate .egps.com[38.119.130.7]: 450 4.1.8
> > : Sender address rejected: i
> > Domain not found; from=
> > to= proto=ESMTP helo=
> >
> > Where the sample@domain.example is a valid address on the local machine.
> >
> > What's the easiest to let this mail through? I tried adding the domain
> > to /var/spool/postfix/etc/hosts, and it didn't help.
> >
> > Thanks!