Re: Need to accept emails for two domains

[Reindl Harald]

Am 23.03.2012 08:08, schrieb Anirudha Patil:
> Hello,
> 
> I'm supporting two domains. i have configured postfix to receive emails from 
> internet for one domain and then
> transfer these emails using the transport mapping to the exchange server.
> 
> Now i also intend to add the new domain too to receive email on the same 
> postfix instance, without creating any
> additional instance or virtual domains.
> 
> There are no local accounts, i would receive the email on customer behalf and 
> then send them to their inhouse exchange.
> Do i need to add the additional domain in mydestination or mention it in 
> relay_domains ?


surely, postfix needs to know that he is responsible for this domains, the
transport is not enough because it may be used for mail-routing and things
like "error: i told you often enough that this domain does not exist" too




signature.asc
Description: OpenPGP digital signature

Re: Need to accept emails for two domains

[Anirudha Patil]

so i need to add the domains in relay_domains and make the necessary
entries of email-address in relay_recipient_maps for those domains ?

With Regards
Anirudha Patil
mobile no: 9221306620
email-id: anirudha.pa...@hotmail.com


On Fri, Mar 23, 2012 at 1:13 PM, Reindl Harald wrote:

>
>
> Am 23.03.2012 08:08, schrieb Anirudha Patil:
> > Hello,
> >
> > I'm supporting two domains. i have configured postfix to receive emails
> from internet for one domain and then
> > transfer these emails using the transport mapping to the exchange server.
> >
> > Now i also intend to add the new domain too to receive email on the same
> postfix instance, without creating any
> > additional instance or virtual domains.
> >
> > There are no local accounts, i would receive the email on customer
> behalf and then send them to their inhouse exchange.
> > Do i need to add the additional domain in mydestination or mention it in
> relay_domains ?
>
>
> surely, postfix needs to know that he is responsible for this domains, the
> transport is not enough because it may be used for mail-routing and things
> like "error: i told you often enough that this domain does not exist" too
>
>
>

To find Return-Path from postfix queue

[Anirudha Patil]

Hello,

Is there any way, in which we could see  Return-Path  for a mail in postfix
queue via any command or referring to any file.

Using *postcat -q * one can see the From address, sender:, but no
Return-Path

Also when is the  Return-Path  added into the postfix ?

I was referring to one article (
http://www.linuxquestions.org/questions/linux-server-73/postfix-change-return-path-and-writing-own-script-for-master-cf-657934/)
which states that "The Return-Path is added by Postfix's cleanup agent just
before final delivery." Is it true ?



With Regards
Anirudha Patil
mobile no: 9221306620
email-id: anirudha.pa...@hotmail.com

Re: To find Return-Path from postfix queue

[Reindl Harald]

Am 23.03.2012 09:25, schrieb Anirudha Patil:
> Hello,
> 
> Is there any way, in which we could see  Return-Path  for a mail in postfix 
> queue via any command or referring to
> any file.
> 
> Using *postcat -q * one can see the From address, sender:, but no  
> Return-Path 

the MTA is not interested in the From/To-Headers
it woks always with envelopes



signature.asc
Description: OpenPGP digital signature

Re: To find Return-Path from postfix queue

[Anirudha Patil]

Thank you

Yes, i do know that, but i wanted to know if we can see the return-path for
a mail ?

Also any thoughts on if the "Return-Path" is added by postfix in header or
its the same as the envelope sender.

With Regards
Anirudha Patil
mobile no: 9221306620
email-id: anirudha.pa...@hotmail.com


On Fri, Mar 23, 2012 at 1:58 PM, Reindl Harald wrote:

>
>
> Am 23.03.2012 09:25, schrieb Anirudha Patil:
> > Hello,
> >
> > Is there any way, in which we could see  Return-Path  for a mail in
> postfix queue via any command or referring to
> > any file.
> >
> > Using *postcat -q * one can see the From address, sender:, but
> no  Return-Path
>
> the MTA is not interested in the From/To-Headers
> it woks always with envelopes
>
>

Fwd: To find Return-Path from postfix queue

[Reindl Harald]

AND DO NOT REPLY MULTIPLE TIMES TO PREVENT
OFFLIST- ANSWERS LIKE MINE BY REPLY TO
THE WRONG DUPLICATE

 Original-Nachricht 
Betreff: Re: To find Return-Path from postfix queue
Datum: Fri, 23 Mar 2012 09:39:59 +0100
Von: Reindl Harald 
Organisation: the lounge interactive design
An: Anirudha Patil 

DO NOT reply with top-post after get a answer below!

Am 23.03.2012 09:33, schrieb Anirudha Patil:
> With Regards
> Anirudha Patil
> mobile no: 9221306620
> email-id: anirudha.pa...@hotmail.com 
> 
> 
> On Fri, Mar 23, 2012 at 1:58 PM, Reindl Harald  > wrote:
> Am 23.03.2012 09 :25, schrieb Anirudha Patil:
> > Hello,
> >
> > Is there any way, in which we could see  Return-Path  for a mail in 
> postfix queue via any command or referring to
> > any file.
> >
> > Using *postcat -q * one can see the From address, sender:, but 
> no  Return-Path
> 
> the MTA is not interested in the From/To-Headers
> it woks always with envelopes
> 

> Yes, i do know that, but i wanted to know if we can see the return-path for a 
> mail ?
> Also any thoughts on if the "Return-Path" is added by postfix in header or 
> its the
> same as the envelope sender

what in "works always with envelopes" is unclear?
http://en.wikipedia.org/wiki/Variable_envelope_return_path
> It works by using a different return path (also called "envelope sender")






-- 

Mit besten Grüßen, Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / software-development / cms-solutions
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/

http://www.thelounge.net/signature.asc.what.htm



signature.asc
Description: OpenPGP digital signature

Re: To find Return-Path from postfix queue

[Wolfgang Zeikat]

In an older episode, on 2012-03-23 09:33, Anirudha Patil wrote:

Also any thoughts on if the "Return-Path" is added by postfix in header 
or its the same as the envelope sender.


The envelope sender is written into the mail as "Return-Path" by the 
MDAs (Mail Delivery Agents) when the mail is finally delivered.


So yes, they are the same, but the "Return-Path" is only a reflection of 
the envelope sender.


Hope this helps.

wolfgang

Re: To find Return-Path from postfix queue

[Wolfgang Zeikat]

In an older episode, on 2012-03-23 09:57, Wolfgang Zeikat wrote:
The envelope sender is written into the mail as "Return-Path" by the 
MDAs (Mail Delivery Agents) when the mail is finally delivered.


So yes, they are the same, but the "Return-Path" is only a reflection of 
the envelope sender.


See
http://en.wikipedia.org/wiki/Return-Path

Re: To find Return-Path from postfix queue

[Wietse Venema]

Anirudha Patil:
> Hello,
> 
> Is there any way, in which we could see  Return-Path  for a mail in postfix
> queue via any command or referring to any file.

Use the mailq command. This shows the envelope sender (and 
still to be delivered recipients).

Wietse

Re: To find Return-Path from postfix queue

[Nikolaos Milas]

On 23/3/2012 10:33 πμ, Anirudha Patil wrote:

Also any thoughts on if the "Return-Path" is added by postfix in 
header or its the same as the envelope sender.


See also:

http://tech.groups.yahoo.com/group/postfix-users/message/283690

Nick

Re: Building basic relay server

[Alex]

Hi,

>> I am trying to build a relay server using postfix-2.8.7 on fedora16
>> for one domain and a few sub-domains. This server should only accept
>> mail from two specific public-facing postfix servers that accept mail
>> for these domains, process the mail with amavisd/spamassassin, then
>> forward the resulting mail to this relay server.
>>
>> Once the mail has been received by this relay server, it should
>> forward it into the internal Exchange server for the end-users.
>>
>> Do I just define a few transport maps for this? Currently I have this:
>>
>> mailrelay.example.com         local:
>> example.com                          smtp:mail.example.com
>> dom1.example.com              smtp:smtp.dom1.example.com
>> .dom1.example.com             smtp:smtp.dom1.example.com
>>
>> Since this server isn't reachable by any hosts other than the two that
>> are trusted, there aren't any local users, and no real decisions need
>> to be made, is there really anything else necessary to do this?
>
> What prevents you from simply relaying the mail from the first two
> Postfix hosts directly to the Exchange server, instead of installing
> this unnecessary intermediate relay?  It would be a much simpler
> solution, and cheaper, in hardware, power, cooling, management, etc.
>
> What is your design goal here?  As stated, all you're doing is literally
> adding a temporary queue between the 2 Postfix and Exchange
> servers--mail comes in, mail goes out.  I fail to see the benefit of
> such a setup.

Yes, the overhead could be avoided. I think the decision was made
because the systems are 3000 miles from each other and when the
systems were created more than ten years ago it was thought it would
be better to separate the services.

Thanks Stan,
Alex

Re: Need to accept emails for two domains

[Eliezer Croitoru]

On 23/03/2012 09:59, Anirudha Patil wrote:

so i need to add the domains in relay_domains and make the necessary
entries of email-address in relay_recipient_maps for those domains ?

you sure need to add to the relay_domains but i would recommend you to 
use the relay_recipient_maps only if you do have the full list of 
users\accounts on exchange and you have a api\interface for the client 
to add more of the clients into this database... else you will have 
problem to relay mails.

With Regards
Anirudha Patil
mobile no: 9221306620
email-id: anirudha.pa...@hotmail.com 


On Fri, Mar 23, 2012 at 1:13 PM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote:



Am 23.03.2012 08 :08, schrieb Anirudha Patil:
 > Hello,
 >
 > I'm supporting two domains. i have configured postfix to receive
emails from internet for one domain and then
 > transfer these emails using the transport mapping to the exchange
server.
 >
 > Now i also intend to add the new domain too to receive email on
the same postfix instance, without creating any
 > additional instance or virtual domains.
 >
 > There are no local accounts, i would receive the email on
customer behalf and then send them to their inhouse exchange.
 > Do i need to add the additional domain in mydestination or
mention it in relay_domains ?


surely, postfix needs to know that he is responsible for this
domains, the
transport is not enough because it may be used for mail-routing and
things
like "error: i told you often enough that this domain does not
exist" too






--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer  ngtech.co.il

RE: Need to accept emails for two domains

[motty.cruz]

please read  
http://www.postfix.org/VIRTUAL_README.html
 
in main.cf 
mydestination = domain1.com, domain2.com, domain3.com
mynetworks = 127.0.0.0/8, .xxx..xxx/24
 
I have two instances of Postfix running on the same machine one recives
email and hand it over to Amavisd on port 10024 onced Amavisd finished
scanned for viruses in gives to 2nd Postfix on port 10025. 2nd Postfix than
forwaded clean email to Exchanged server. 
 
  _  

From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Anirudha Patil
Sent: Friday, March 23, 2012 1:00 AM
To: Reindl Harald
Cc: postfix-users@postfix.org
Subject: Re: Need to accept emails for two domains


so i need to add the domains in relay_domains and make the necessary entries
of email-address in relay_recipient_maps for those domains ?

With Regards
Anirudha Patil
mobile no: 9221306620
email-id: anirudha.pa...@hotmail.com



On Fri, Mar 23, 2012 at 1:13 PM, Reindl Harald 
wrote:




Am 23.03.2012 08  :08, schrieb Anirudha Patil:

> Hello,
>
> I'm supporting two domains. i have configured postfix to receive emails
from internet for one domain and then
> transfer these emails using the transport mapping to the exchange server.
>
> Now i also intend to add the new domain too to receive email on the same
postfix instance, without creating any
> additional instance or virtual domains.
>
> There are no local accounts, i would receive the email on customer behalf
and then send them to their inhouse exchange.
> Do i need to add the additional domain in mydestination or mention it in
relay_domains ?



surely, postfix needs to know that he is responsible for this domains, the
transport is not enough because it may be used for mail-routing and things
like "error: i told you often enough that this domain does not exist" too





  _  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1913 / Virus Database: 2114/4887 - Release Date: 03/22/12

Problem delivering through one barracuda gateway from postfix

[francis picabia]

We have a difficulty delivering to a site running a barracuda appliance.
I can email them from a gmail account, or via a telnet session,
but not via postfix on our SMTP gateway. I've contacted the remote
site from my gmail to discuss it but no progress so far.

I have the default pix conf settings and we are running postfix 2.8.6

In the logs we see it times out.

Mar 21 15:01:30 thabit postfix-internal/smtpd[9296]: 6E7211F44DD:
client=localhost[127.0.0.1]
Mar 21 15:01:30 thabit postfix-internal/cleanup[9274]: 6E7211F44DD:
message-id=
Mar 21 15:01:30 thabit postfix-internal/qmgr[28954]: 6E7211F44DD:
from=, size=6449, nrcpt=1 (queue active)
Mar 21 15:01:30 thabit postfix-internal/lmtp[9288]: 2A0561F44EE:
to=, relay=127.0.0.1[127.0.0.1]:10026,
delay=189085, delays=189084/0.03/0.01/0.3, dsn=2.0.0, status=sent (250
2.0.0 Ok, id=09101-06, from MTA([127.0.0.1]:10027): 250 2.0.0 Ok:
queued as 6E7211F44DD)
Mar 21 15:01:30 thabit postfix-internal/smtp[9198]: 6E7211F44DD:
enabling PIX workarounds: disable_esmtp delay_dotcrlf for
barracuda1.theirdomain.ca[24.224.X.Y]:25
Mar 21 15:11:30 thabit postfix-internal/smtp[9198]: 6E7211F44DD:
conversation with barracuda1.theirdomain.ca[24.224.X.Y] timed out
while sending end of data -- message may be sent more than once

I saw an older article about delivering to a barracuda gateway and
tried the solution with

smtp_discard_ehlo_keyword_address_maps =
hash:/etc/postfix-internal/smtp_discard_ehlo

and that file containing:

24.224.X.Y  pipelining

This setting made no difference in the result and error.

I wonder if the pix settings are not the right fit for this case?

Is there a method to not use the pix workarounds for a single destination?

Re: Need to accept emails for two domains

[Eliezer Croitoru]

On 23/03/2012 16:25, motty.cruz wrote:

please read http://www.postfix.org/VIRTUAL_README.html
in main.cf
mydestination = domain1.com, domain2.com, domain3.com
mynetworks = 127.0.0.0/8, .xxx..xxx/24
I have two instances of Postfix running on the same machine one recives
email and hand it over to Amavisd on port 10024 onced Amavisd finished
scanned for viruses in gives to 2nd Postfix on port 10025. 2nd Postfix
than forwaded clean email to Exchanged server.


it's a relay server not virtual or what ever.




*From:* owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] *On Behalf Of *Anirudha Patil
*Sent:* Friday, March 23, 2012 1:00 AM
*To:* Reindl Harald
*Cc:* postfix-users@postfix.org
*Subject:* Re: Need to accept emails for two domains

so i need to add the domains in relay_domains and make the necessary
entries of email-address in relay_recipient_maps for those domains ?

With Regards
Anirudha Patil
mobile no: 9221306620
email-id: anirudha.pa...@hotmail.com 


On Fri, Mar 23, 2012 at 1:13 PM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote:



Am 23.03.2012 08 :08, schrieb Anirudha Patil:
 > Hello,
 >
 > I'm supporting two domains. i have configured postfix to receive
emails from internet for one domain and then
 > transfer these emails using the transport mapping to the exchange
server.
 >
 > Now i also intend to add the new domain too to receive email on
the same postfix instance, without creating any
 > additional instance or virtual domains.
 >
 > There are no local accounts, i would receive the email on
customer behalf and then send them to their inhouse exchange.
 > Do i need to add the additional domain in mydestination or
mention it in relay_domains ?


surely, postfix needs to know that he is responsible for this
domains, the
transport is not enough because it may be used for mail-routing and
things
like "error: i told you often enough that this domain does not
exist" too





No virus found in this message.
Checked by AVG - www.avg.com 
Version: 2012.0.1913 / Virus Database: 2114/4887 - Release Date: 03/22/12




--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer  ngtech.co.il

Re: Problem delivering through one barracuda gateway from postfix

[francis picabia]

On Fri, Mar 23, 2012 at 11:33 AM, francis picabia  wrote:
> We have a difficulty delivering to a site running a barracuda appliance.
> I can email them from a gmail account, or via a telnet session,
> but not via postfix on our SMTP gateway. I've contacted the remote
> site from my gmail to discuss it but no progress so far.
>
> I have the default pix conf settings and we are running postfix 2.8.6
>
> In the logs we see it times out.
>
> Mar 21 15:01:30 thabit postfix-internal/smtpd[9296]: 6E7211F44DD:
> client=localhost[127.0.0.1]
> Mar 21 15:01:30 thabit postfix-internal/cleanup[9274]: 6E7211F44DD:
> message-id=
> Mar 21 15:01:30 thabit postfix-internal/qmgr[28954]: 6E7211F44DD:
> from=, size=6449, nrcpt=1 (queue active)
> Mar 21 15:01:30 thabit postfix-internal/lmtp[9288]: 2A0561F44EE:
> to=, relay=127.0.0.1[127.0.0.1]:10026,
> delay=189085, delays=189084/0.03/0.01/0.3, dsn=2.0.0, status=sent (250
> 2.0.0 Ok, id=09101-06, from MTA([127.0.0.1]:10027): 250 2.0.0 Ok:
> queued as 6E7211F44DD)
> Mar 21 15:01:30 thabit postfix-internal/smtp[9198]: 6E7211F44DD:
> enabling PIX workarounds: disable_esmtp delay_dotcrlf for
> barracuda1.theirdomain.ca[24.224.X.Y]:25
> Mar 21 15:11:30 thabit postfix-internal/smtp[9198]: 6E7211F44DD:
> conversation with barracuda1.theirdomain.ca[24.224.X.Y] timed out
> while sending end of data -- message may be sent more than once
>
> I saw an older article about delivering to a barracuda gateway and
> tried the solution with
>
> smtp_discard_ehlo_keyword_address_maps =
> hash:/etc/postfix-internal/smtp_discard_ehlo
>
> and that file containing:
>
> 24.224.X.Y      pipelining
>
> This setting made no difference in the result and error.
>
> I wonder if the pix settings are not the right fit for this case?
>
> Is there a method to not use the pix workarounds for a single destination?

I read another old thread about Cisco firewalls associated with the
pix workaround.

When I telnet to the remote site, the response shows:

220 

Is this a sign of the Cisco firewall or could it be something else masked?

Should I look at suppressing dkim headers?

Re: Problem delivering through one barracuda gateway from postfix

[Giles Coochey]

On 23/03/2012 15:37, francis picabia wrote:

On Fri, Mar 23, 2012 at 11:33 AM, francis picabia  wrote:

We have a difficulty delivering to a site running a barracuda appliance.
I can email them from a gmail account, or via a telnet session,
but not via postfix on our SMTP gateway. I've contacted the remote
site from my gmail to discuss it but no progress so far.

I have the default pix conf settings and we are running postfix 2.8.6

In the logs we see it times out.

Mar 21 15:01:30 thabit postfix-internal/smtpd[9296]: 6E7211F44DD:
client=localhost[127.0.0.1]
Mar 21 15:01:30 thabit postfix-internal/cleanup[9274]: 6E7211F44DD:
message-id=
Mar 21 15:01:30 thabit postfix-internal/qmgr[28954]: 6E7211F44DD:
from=, size=6449, nrcpt=1 (queue active)
Mar 21 15:01:30 thabit postfix-internal/lmtp[9288]: 2A0561F44EE:
to=, relay=127.0.0.1[127.0.0.1]:10026,
delay=189085, delays=189084/0.03/0.01/0.3, dsn=2.0.0, status=sent (250
2.0.0 Ok, id=09101-06, from MTA([127.0.0.1]:10027): 250 2.0.0 Ok:
queued as 6E7211F44DD)
Mar 21 15:01:30 thabit postfix-internal/smtp[9198]: 6E7211F44DD:
enabling PIX workarounds: disable_esmtp delay_dotcrlf for
barracuda1.theirdomain.ca[24.224.X.Y]:25
Mar 21 15:11:30 thabit postfix-internal/smtp[9198]: 6E7211F44DD:
conversation with barracuda1.theirdomain.ca[24.224.X.Y] timed out
while sending end of data -- message may be sent more than once

I saw an older article about delivering to a barracuda gateway and
tried the solution with

smtp_discard_ehlo_keyword_address_maps =
hash:/etc/postfix-internal/smtp_discard_ehlo

and that file containing:

24.224.X.Y  pipelining

This setting made no difference in the result and error.

I wonder if the pix settings are not the right fit for this case?

Is there a method to not use the pix workarounds for a single destination?

I read another old thread about Cisco firewalls associated with the
pix workaround.

When I telnet to the remote site, the response shows:

220 

Is this a sign of the Cisco firewall or could it be something else masked?

Should I look at suppressing dkim headers?


It is a sign of the PIX firewall removing data.

To disable:

1. Logon to firewall command line
2. type enable
3. enter enable password or secret
4. type configure terminal
5. use 'no fixup protocol smtp 25' to disable SMTP protocol mangling
6. type 'write memory' to save config to device
7. restart or reload the PIX firewall

--
Best Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
UK Mobile: +44 7983 877 438
Business Email: giles.cooc...@netsecspec.co.uk
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey




smime.p7s
Description: S/MIME Cryptographic Signature

Re: Problem delivering through one barracuda gateway from postfix

[francis picabia]

On Fri, Mar 23, 2012 at 12:43 PM, Giles Coochey  wrote:
> On 23/03/2012 15:37, francis picabia wrote:
>>
>> On Fri, Mar 23, 2012 at 11:33 AM, francis picabia
>>  wrote:
>>>
>>> We have a difficulty delivering to a site running a barracuda appliance.
>>> I can email them from a gmail account, or via a telnet session,
>>> but not via postfix on our SMTP gateway. I've contacted the remote
>>> site from my gmail to discuss it but no progress so far.
>>>
>>> I have the default pix conf settings and we are running postfix 2.8.6
>>>
>>> In the logs we see it times out.
>>>
>>> Mar 21 15:01:30 thabit postfix-internal/smtpd[9296]: 6E7211F44DD:
>>> client=localhost[127.0.0.1]
>>> Mar 21 15:01:30 thabit postfix-internal/cleanup[9274]: 6E7211F44DD:
>>> message-id=
>>> Mar 21 15:01:30 thabit postfix-internal/qmgr[28954]: 6E7211F44DD:
>>> from=, size=6449, nrcpt=1 (queue active)
>>> Mar 21 15:01:30 thabit postfix-internal/lmtp[9288]: 2A0561F44EE:
>>> to=, relay=127.0.0.1[127.0.0.1]:10026,
>>> delay=189085, delays=189084/0.03/0.01/0.3, dsn=2.0.0, status=sent (250
>>> 2.0.0 Ok, id=09101-06, from MTA([127.0.0.1]:10027): 250 2.0.0 Ok:
>>> queued as 6E7211F44DD)
>>> Mar 21 15:01:30 thabit postfix-internal/smtp[9198]: 6E7211F44DD:
>>> enabling PIX workarounds: disable_esmtp delay_dotcrlf for
>>> barracuda1.theirdomain.ca[24.224.X.Y]:25
>>> Mar 21 15:11:30 thabit postfix-internal/smtp[9198]: 6E7211F44DD:
>>> conversation with barracuda1.theirdomain.ca[24.224.X.Y] timed out
>>> while sending end of data -- message may be sent more than once
>>>
>>> I saw an older article about delivering to a barracuda gateway and
>>> tried the solution with
>>>
>>> smtp_discard_ehlo_keyword_address_maps =
>>> hash:/etc/postfix-internal/smtp_discard_ehlo
>>>
>>> and that file containing:
>>>
>>> 24.224.X.Y      pipelining
>>>
>>> This setting made no difference in the result and error.
>>>
>>> I wonder if the pix settings are not the right fit for this case?
>>>
>>> Is there a method to not use the pix workarounds for a single
>>> destination?
>>
>> I read another old thread about Cisco firewalls associated with the
>> pix workaround.
>>
>> When I telnet to the remote site, the response shows:
>>
>> 220 
>>
>> Is this a sign of the Cisco firewall or could it be something else masked?
>>
>> Should I look at suppressing dkim headers?
>>
> It is a sign of the PIX firewall removing data.
>
> To disable:
>
> 1. Logon to firewall command line
> 2. type enable
> 3. enter enable password or secret
> 4. type configure terminal
> 5. use 'no fixup protocol smtp 25' to disable SMTP protocol mangling
> 6. type 'write memory' to save config to device
> 7. restart or reload the PIX firewall


Thanks, but this issue is on the remote site.  Given they can receive
email from gmail and other sites, I'm not sure I can convince
them to make these changes on their firewall.  There must
be another solution so that I'm sending email to them
they can digest.

Re: Problem delivering through one barracuda gateway from postfix

[John Peach]

On Fri, 23 Mar 2012 13:19:14 -0300
francis picabia  wrote:

> On Fri, Mar 23, 2012 at 12:43 PM, Giles Coochey 
> wrote:
> > On 23/03/2012 15:37, francis picabia wrote:
> >>
> >> On Fri, Mar 23, 2012 at 11:33 AM, francis
> >> picabia wrote:
> >>>
> >>> We have a difficulty delivering to a site running a barracuda
> >>> appliance. I can email them from a gmail account, or via a telnet
> >>> session, but not via postfix on our SMTP gateway. I've contacted
> >>> the remote site from my gmail to discuss it but no progress so
> >>> far.
> >>>
> >>> I have the default pix conf settings and we are running postfix
> >>> 2.8.6
> >>>
> >>> In the logs we see it times out.
> >>>
> >>> Mar 21 15:01:30 thabit postfix-internal/smtpd[9296]: 6E7211F44DD:
> >>> client=localhost[127.0.0.1]
> >>> Mar 21 15:01:30 thabit postfix-internal/cleanup[9274]:
> >>> 6E7211F44DD: message-id=
> >>> Mar 21 15:01:30 thabit postfix-internal/qmgr[28954]: 6E7211F44DD:
> >>> from=, size=6449, nrcpt=1 (queue active)
> >>> Mar 21 15:01:30 thabit postfix-internal/lmtp[9288]: 2A0561F44EE:
> >>> to=, relay=127.0.0.1[127.0.0.1]:10026,
> >>> delay=189085, delays=189084/0.03/0.01/0.3, dsn=2.0.0, status=sent
> >>> (250 2.0.0 Ok, id=09101-06, from MTA([127.0.0.1]:10027): 250
> >>> 2.0.0 Ok: queued as 6E7211F44DD)
> >>> Mar 21 15:01:30 thabit postfix-internal/smtp[9198]: 6E7211F44DD:
> >>> enabling PIX workarounds: disable_esmtp delay_dotcrlf for
> >>> barracuda1.theirdomain.ca[24.224.X.Y]:25
> >>> Mar 21 15:11:30 thabit postfix-internal/smtp[9198]: 6E7211F44DD:
> >>> conversation with barracuda1.theirdomain.ca[24.224.X.Y] timed out
> >>> while sending end of data -- message may be sent more than once
> >>>
> >>> I saw an older article about delivering to a barracuda gateway and
> >>> tried the solution with
> >>>
> >>> smtp_discard_ehlo_keyword_address_maps =
> >>> hash:/etc/postfix-internal/smtp_discard_ehlo
> >>>
> >>> and that file containing:
> >>>
> >>> 24.224.X.Y      pipelining
> >>>
> >>> This setting made no difference in the result and error.
> >>>
> >>> I wonder if the pix settings are not the right fit for this case?
> >>>
> >>> Is there a method to not use the pix workarounds for a single
> >>> destination?
> >>
> >> I read another old thread about Cisco firewalls associated with the
> >> pix workaround.
> >>
> >> When I telnet to the remote site, the response shows:
> >>
> >> 220 
> >>
> >> Is this a sign of the Cisco firewall or could it be something else
> >> masked?
> >>
> >> Should I look at suppressing dkim headers?
> >>
> > It is a sign of the PIX firewall removing data.
> >
> > To disable:
> >
> > 1. Logon to firewall command line
> > 2. type enable
> > 3. enter enable password or secret
> > 4. type configure terminal
> > 5. use 'no fixup protocol smtp 25' to disable SMTP protocol mangling
> > 6. type 'write memory' to save config to device
> > 7. restart or reload the PIX firewall
> 
> 
> Thanks, but this issue is on the remote site.  Given they can receive
> email from gmail and other sites, I'm not sure I can convince
> them to make these changes on their firewall.  There must
> be another solution so that I'm sending email to them
> they can digest.

http://blog.arschkrebs.de/blog/working-around-broken-cisco-pix-or-asa-installations/

Re: Problem delivering through one barracuda gateway from postfix

[Ralf Hildebrandt]

* francis picabia :

> I read another old thread about Cisco firewalls associated with the
> pix workaround.
> 
> When I telnet to the remote site, the response shows:
> 
> 220 
> 

PIX/ASA

> Should I look at suppressing dkim headers?

Well worth a try. It's easily implemented :)

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: Problem delivering through one barracuda gateway from postfix

[Ralf Hildebrandt]

* John Peach :

> http://blog.arschkrebs.de/blog/working-around-broken-cisco-pix-or-asa-installations/

Indeed. I apologize for the shitty formatting :(((

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: debug output and (r)syslog

[Matthias Leopold]

Am 2012-03-22 17:43, schrieb Wietse Venema:

Matthias Leopold:
[ Charset ISO-8859-1 unsupported, converting... ]

Am 2012-03-21 18:52, schrieb Wietse Venema:

Matthias Leopold:

hi,

how do i selectively log debug messages (eg from smtpd -v) with (r)sylog?


By turning it off. Debug logging should never be turned on as a
matter of routine. It has a major impact on performance.  Postfix
has no performance guarantees with debug logging turned on.

Wietse


thx

i know i should not enable debugging as a matter of routine, i wasnt
planning to do so. i want to make sure that - if i have to enable
debugging fo a certain amount of time - these messages dont show up on a
particular log server, which depends on having exactly the same log
format all the time. maybe my whole idea for this log setup is wrong?


Postfix verbose logging has the same priority (LOG_INFO) and facility
(LOG_MAIL) as routine logging. Otherwise, people would leave debug
logging turned on and throw it away in (r)syslogd, which again is
not a supported configuration as far as performance is concerned.

Wietse


ok, i understand. thx for explaining

matthias

Multiple MySQL SELECT with domain part.

[Василий Логачев]

Hi there.
I have postfix version 2.9.1 compiled with MySQL support and configured 
to check sender/recipient pairs.

Here is configuration:

Mostly significant part of /etc/postfix/main.cf:

# classes to check senders/recipients
#
permitted_senders_mail2fax = check_sender_access
  mysql:/etc/postfix/permitted_senders_mail2fax.cf,
  reject

smtpd_restriction_classes = permitted_senders_mail2fax

smtpd_recipient_restrictions = check_recipient_access
  hash:/etc/postfix/protected_recipients,
  reject


# cat /etc/postfix/protected_recipients
mail2...@recipient.domain.tld  permitted_senders_mail2fax

# cat /etc/postfix/permitted_senders_mail2fax.cf
hosts = 127.0.0.1
user = mysqluser
password = mysqlpassword
dbname = faxcenter
table = users
select_field = 'OK' AS result
where_field = email
additional_conditions = OR email2='%s'

I need to check 2 fields (email and email2) for permitted sender's 
email, therefore i have

additional_conditions = OR email2='%s'

All works fine, but...
When sender is permitted (found in table), i see only 1 SQL-request in 
MySQL's logfile:

120323 19:18:29  5428 Connect   mysqluser@localhost on hostname
 5428 Query SELECT 'OK' AS result FROM users WHERE 
email='goodsen...@domain1.tld' OR email2='goodsen...@doamin1.tld'


But when sender is not found in table, i see multiple queries in the 
logfile:

120323 19:12:17  5423 Connect   mysqluser@localhost on hostname
 5423 Query SELECT 'OK' AS result FROM users WHERE 
email='badsen...@domain2.tld' OR email2='badsen...@domain2.tld'
 5423 Query SELECT 'OK' AS result FROM users WHERE 
email='domain2.tld' OR email2='domain2.tld'
 5423 Query SELECT 'OK' AS result FROM users WHERE 
email='tld' OR email2='tld'
 5423 Query SELECT 'OK' AS result FROM users WHERE 
email='badsender@' OR email2='badsender@'

120323 19:13:17  5423 Quit

I want to understand what for these 4 queries with local/domain parts?
And how to avoid this. Only one SELECT request with full e-mail address 
is quiet enough.

Re: Multiple MySQL SELECT with domain part.

[/dev/rob0]

On Sat, Mar 24, 2012 at 01:21:57AM +0400, Василий Логачев wrote:
> I have postfix version 2.9.1 compiled with MySQL support and
> configured to check sender/recipient pairs.
> Here is configuration:
> 
> Mostly significant part of /etc/postfix/main.cf:
> 
> # classes to check senders/recipients
> #
> permitted_senders_mail2fax = check_sender_access
>   mysql:/etc/postfix/permitted_senders_mail2fax.cf,
>   reject
> 
> smtpd_restriction_classes = permitted_senders_mail2fax
> 
> smtpd_recipient_restrictions = check_recipient_access
>   hash:/etc/postfix/protected_recipients,
>   reject
> 
> 
> # cat /etc/postfix/protected_recipients
> mail2...@recipient.domain.tld  permitted_senders_mail2fax
> 
> # cat /etc/postfix/permitted_senders_mail2fax.cf
> hosts = 127.0.0.1
> user = mysqluser
> password = mysqlpassword
> dbname = faxcenter
> table = users
> select_field = 'OK' AS result
> where_field = email
> additional_conditions = OR email2='%s'

This is the obsolete query syntax that was replaced in Postfix 2.2, 
Feature 20050209. Why are you using the deprecated syntax? The "new" 
syntax (if you consider 2005 "new") is straightforward and clean.
"query=..." and write the query in SQL.

> I need to check 2 fields (email and email2) for permitted sender's
> email, therefore i have
> additional_conditions = OR email2='%s'
> 
> All works fine, but...
> When sender is permitted (found in table), i see only 1 SQL-request
> in MySQL's logfile:
> 120323 19:18:29  5428 Connect   mysqluser@localhost on hostname
>  5428 Query SELECT 'OK' AS result FROM users
> WHERE email='goodsen...@domain1.tld' OR
> email2='goodsen...@doamin1.tld'
> 
> But when sender is not found in table, i see multiple queries in the
> logfile:
> 120323 19:12:17  5423 Connect   mysqluser@localhost on hostname
>  5423 Query SELECT 'OK' AS result FROM users
> WHERE email='badsen...@domain2.tld' OR email2='badsen...@domain2.tld'
>  5423 Query SELECT 'OK' AS result FROM users
> WHERE email='domain2.tld' OR email2='domain2.tld'
>  5423 Query SELECT 'OK' AS result FROM users
> WHERE email='tld' OR email2='tld'
>  5423 Query SELECT 'OK' AS result FROM users
> WHERE email='badsender@' OR email2='badsender@'
> 120323 19:13:17  5423 Quit
> 
> I want to understand what for these 4 queries with local/domain 
> parts? And how to avoid this. Only one SELECT request with full 
> e-mail address is quiet enough.

This is documented in the access(5) manual. You can limit queries 
performed by using %u and %d to match local-parts and domain-parts 
respectively.

http://www.postfix.org/mysql_table.5.html
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: Need to accept emails for two domains

[Anirudha Patil]

On Mar 23, 2012 7:53 PM, "Eliezer Croitoru"  wrote:
>
> On 23/03/2012 09:59, Anirudha Patil wrote:
>>
>> so i need to add the domains in relay_domains and make the necessary
>> entries of email-address in relay_recipient_maps for those domains ?
>>
> you sure need to add to the relay_domains but i would recommend you to
use the relay_recipient_maps only if you do have the full list of
users\accounts on exchange and you have a api\interface for the client to
add more of the clients into this database... else you will have problem to
relay mails.
>>
>> With Regards
>> Anirudha Patil
>> mobile no: 9221306620
>> email-id: anirudha.pa...@hotmail.com 
>>
>>
>>
>> On Fri, Mar 23, 2012 at 1:13 PM, Reindl Harald > > wrote:
>>
>>
>>
>>Am 23.03.2012 08 :08, schrieb Anirudha Patil:
>>
>> > Hello,
>> >
>> > I'm supporting two domains. i have configured postfix to receive
>>emails from internet for one domain and then
>> > transfer these emails using the transport mapping to the exchange
>>server.
>> >
>> > Now i also intend to add the new domain too to receive email on
>>the same postfix instance, without creating any
>> > additional instance or virtual domains.
>> >
>> > There are no local accounts, i would receive the email on
>>customer behalf and then send them to their inhouse exchange.
>> > Do i need to add the additional domain in mydestination or
>>mention it in relay_domains ?
>>
>>
>>surely, postfix needs to know that he is responsible for this
>>domains, the
>>transport is not enough because it may be used for mail-routing and
>>things
>>like "error: i told you often enough that this domain does not
>>exist" too
>>
>>
>>
>
>
> --
> Eliezer Croitoru
> https://www1.ngtech.co.il
> IT consulting for Nonprofit organizations
> eliezer  ngtech.co.il

Thank you Elizer, I was thinking about the same idea. As for any update in
database I have shell script to allow read write access to the map file
purely responsibility on customer

Thanks again to all those who shared their thoughts