logging transport route
Hi list,
I have configured an alternate transport route for mail going to
specific destination domains. I call this transport "slowsmtp".
My problem is that I see no evidence in my logs that email sent to the
specific domains uses "slowsmtp" route for delivery.
I have defined "slowsmtp" in "/etc/postfix/master.cf" like this:
[snip]
smtp unix - - - - - smtp
slowsmtp unix - - - - - smtp
[snip]
My "/etc/postfix/transport" looks like this:
example1.com slowsmtp:
example2.com slowsmtp:
My "postconf -n" like this:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
default_destination_rate_delay = 3s
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
mailbox_size_limit = 0
mydestination = myhost.mydomain.com, localhost.mydomain.com, localhost
myhostname = myhost.mydomain.com
mynetworks = 127.0.0.0/8, cidr:/etc/postfix/network_table.cidr
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_recipient_restrictions = reject_unknown_recipient_domain,
permit_mynetworks,reject_unauth_destination,reject
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
An extract from my logs showing that "smtp" is used instead of
"slowsmtp". The line with "postfix/smtp[7913]" in it:
Mar 31 06:16:57 myhost postfix/smtpd[7934]: 1F6E8200F99:
client=smtphost1.foreigndomain.com.hu[DD.DD.DDD.DD]
Mar 31 06:16:57 myhost postfix/cleanup[7902]: 1F6E8200F99: message-id=<>
Mar 31 06:16:57 myhost postfix/qmgr[5517]: 1F6E8200F99:
from=, size=220513, nrcpt=1 (queue active)
Mar 31 06:16:58 myhost postfix/smtp[7913]: 1F6E8200F99:
to=, relay=mx.example1.com[DDD.DDD.DD.DD]:25,
delay=1.8, delays=0.07/0/0.08/1.6, dsn=2.0.0, status=sent (250 2.0.0 OK)
Mar 31 06:16:58 myhost postfix/qmgr[5517]: 1F6E8200F99: removed
Is this normal that I in this log can't see that the email took
"slowsmtp" route instead of normal "smtp"?
TIA,
Mikael
Re: local not delivry with dspam
Den 2012-04-01 21:20, ml skrev: !DSPAM:4f788f81117124017984636! I just made the changes I think the problem is solved check that !DSPAM is not in public maillists if it is then problem resists dspam_stats -H list postfix-users@postfix.org :)
Re: logging transport route
On 02/04/2012 14:31, Mikael Bak wrote:
Hi list,
I have configured an alternate transport route for mail going to
specific destination domains. I call this transport "slowsmtp".
My problem is that I see no evidence in my logs that email sent to the
specific domains uses "slowsmtp" route for delivery.
You specified the service name "slowsmtp", but it's use smtp client and
thats what generate the log entry.
I have defined "slowsmtp" in "/etc/postfix/master.cf" like this:
[snip]
smtp unix - - - - - smtp
slowsmtp unix - - - - - smtp
-o syslog_name=whatever
[snip]
My "/etc/postfix/transport" looks like this:
example1.com slowsmtp:
example2.com slowsmtp:
My "postconf -n" like this:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
default_destination_rate_delay = 3s
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
mailbox_size_limit = 0
mydestination = myhost.mydomain.com, localhost.mydomain.com, localhost
myhostname = myhost.mydomain.com
mynetworks = 127.0.0.0/8, cidr:/etc/postfix/network_table.cidr
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_recipient_restrictions = reject_unknown_recipient_domain,
permit_mynetworks,reject_unauth_destination,reject
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
An extract from my logs showing that "smtp" is used instead of
"slowsmtp". The line with "postfix/smtp[7913]" in it:
Mar 31 06:16:57 myhost postfix/smtpd[7934]: 1F6E8200F99:
client=smtphost1.foreigndomain.com.hu[DD.DD.DDD.DD]
Mar 31 06:16:57 myhost postfix/cleanup[7902]: 1F6E8200F99: message-id=<>
Mar 31 06:16:57 myhost postfix/qmgr[5517]: 1F6E8200F99:
from=, size=220513, nrcpt=1 (queue active)
Mar 31 06:16:58 myhost postfix/smtp[7913]: 1F6E8200F99:
to=, relay=mx.example1.com[DDD.DDD.DD.DD]:25,
delay=1.8, delays=0.07/0/0.08/1.6, dsn=2.0.0, status=sent (250 2.0.0 OK)
Mar 31 06:16:58 myhost postfix/qmgr[5517]: 1F6E8200F99: removed
Is this normal that I in this log can't see that the email took
"slowsmtp" route instead of normal "smtp"?
TIA,
Mikael
postfix 2.8.8.x and SPF rejecting emails from my MX servers
Good afternoon, I use SPf for spf authorized domains. When my primary MX fails, email is sent to my backup MX. When my primary get up, email that waits in the spool of my backup is rejected by my primary server because of SPF. For example http://www.openspf.org/Why?id=aukro%40info.aukro.cz&ip=77.48.63.10&receiver=gw Email is sent for some user in the tcmcentrum.cz from aukro.cz. tcmcentrum.cz is down, email is sent to backup celer.ajetaci.cz . tcmcentrum.cz got up, celer.ajetaci.cz try to deliver email from aukro.cz and it is rejected (celer.ajetaci.cz is not authorized for aukro.cz). But why, I'm just backup... What did I missed ? Thanks for your time and kicking to a right way. J.K. -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. binezA2Pm4nHy.bin Description: Veřejný PGP klíč
Routing mails based on mail size
Hi, In our setup we have mail firewall which receives all the emails from Internet. We have 4 MX's and we have pointed all the MX IP's on firewall with equal preference. We then NAT packets from mail firewall to Ironport which handles Spam Filtering and delivers mails to mail cluster for delivery. On Ironport all mails from mx1 goes to Ironport1, mx2 to Ironport 2 and so on until MX4. The problem we are facing here is that all mails come to Ironport1 as mx1 is pointed to this IP and MX is cached by global MTA's. We receive 75 mails in 10 seconds on our first Ironport whereas all other Ironports are idle. So we decided to route mails based on mail size before mails go to Ironport. Does anyone have idea of how to do mail routing based on mail size using postfix. *Regards,* *Niket Joshi* **
Re: postfix 2.8.8.x and SPF rejecting emails from my MX servers
Am 02.04.2012 14:52, schrieb Josef Karliak: > Good afternoon, > I use SPf for spf authorized domains. When my primary MX fails, email is > sent to my backup MX. When my primary > get up, email that waits in the spool of my backup is rejected by my primary > server because of SPF. For example > http://www.openspf.org/Why?id=aukro%40info.aukro.cz&ip=77.48.63.10&receiver=gw > > Email is sent for some user in the tcmcentrum.cz from aukro.cz. > tcmcentrum.cz is down, email is sent to backup > celer.ajetaci.cz . tcmcentrum.cz got up, celer.ajetaci.cz try to deliver > email from aukro.cz and it is rejected > (celer.ajetaci.cz is not authorized for aukro.cz). But why, I'm just > backup... What did I missed ? add the backup-MX to spf or mynetworks signature.asc Description: OpenPGP digital signature
Re: logging transport route
Szia Levente! On 04/02/2012 02:26 PM, Birta Levente wrote: > On 02/04/2012 14:31, Mikael Bak wrote: >> Hi list, >> >> I have configured an alternate transport route for mail going to >> specific destination domains. I call this transport "slowsmtp". >> >> My problem is that I see no evidence in my logs that email sent to the >> specific domains uses "slowsmtp" route for delivery. > > You specified the service name "slowsmtp", but it's use smtp client and > thats what generate the log entry. > >> >> I have defined "slowsmtp" in "/etc/postfix/master.cf" like this: >> >> [snip] >> smtp unix - - - - - smtp > > >> slowsmtp unix - - - - - smtp > -o syslog_name=whatever > > >> [snip] >> That was exactly what I was looking for! Thank you very much! Regards, Mikael
Re: Routing mails based on mail size
On 4/2/2012 7:53 AM, niket joshi wrote: > Hi, > > In our setup we have mail firewall which receives all the emails > from Internet. We have 4 MX's and we have pointed all the MX IP's on > firewall with equal preference. > > We then NAT packets from mail firewall to Ironport which handles > Spam Filtering and delivers mails to mail cluster for delivery. On > Ironport all mails from mx1 goes to Ironport1, mx2 to Ironport 2 and > so on until MX4. > > The problem we are facing here is that all mails come to Ironport1 > as mx1 is pointed to this IP and MX is cached by global MTA's. We > receive 75 mails in 10 seconds on our first Ironport whereas all > other Ironports are idle. Seems the solution is to change your MX records. > So we decided to route mails based on mail size before mails go to > Ironport. Does anyone have idea of how to do mail routing based on > mail size using postfix. Not natively. You might be able to cobble something together using an external policy service that returns "FILTER transport:destination" based on size. http://www.postfix.org/SMTPD_POLICY_README.html http://www.postfix.org/access.5.html -- Noel Jones
RE: Want to Install Postfix but Afraid of Breaking MySQL
> you could always just not install postfix, since installing > an entire mail server isn't at all necessary to simply send > email. i would recommend null client specific software, such > as msmtp, instead. among other things, it would likely > introduce far fewer packaging considerations. > > -ben I think we will pursue ssmtp as an option. --Eric Disclaimer - April 2, 2012 This email and any files transmitted with it are confidential and intended solely for b...@bitrate.net,postfix-users@postfix.org. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of Physicians' Managed Care or Physician Select Management. Warning: Although Physicians' Managed Care or Physician Select Management has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. This disclaimer was added by Policy Patrol: http://www.policypatrol.com/
Postfix Bounce Messages Back & How to Set a Reply to address
Hello I am relatively new to postfix (great product by the way) & am struggling with two issues. 1. Specifying a different Reply To 2. Bouncing a message back to external incoming mail I have setup postfix as a relay for our systems to send messages though which then get passed on to a central external mail server. All of the mail has to be sent as the same email address in order to be emailed using the central external server, I am doing address rewrites smtp_generic_maps to converting the internal incoming addresses to the single email address that all mail is emailed out with. However I only want to write the reply to if the message has come from certain servers Also external incoming mail is hitting the server but being rejected. This was going to our old exchange server, I would like to send a message back (assuming the headers are valid & not spam) saying the the email domain is no longer valid & they need to update their address list. Postconf –n append_at_myorigin = yes append_dot_mydomain = no biff = no config_directory = /etc/postfix mydomain = mylocaldomain mynetworks = hash:/etc/postfix/mynetworks myorigin = relay@mylocaldomain readme_directory = no relayhost = myrelayserver:123 smtp_generic_maps = regexp:/etc/postfix/generic smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) Thank you Steve
Re: Postfix Bounce Messages Back & How to Set a Reply to address
Steve Ellis: [ Charset windows-1252 unsupported, converting... ] > Hello > > I am relatively new to postfix (great product by the way) & am > struggling with two issues. > > 1. Specifying a different Reply To > 2. Bouncing a message back to external incoming mail > > I have setup postfix as a relay for our systems to send messages > though which then get passed on to a central external mail server. > All of the mail has to be sent as the same email address in order to > be emailed using the central external server, I am doing address > rewrites smtp_generic_maps to converting the internal incoming > addresses to the single email address that all mail is emailed out > with. However I only want to write the reply to if the message has > come from certain servers Are you sure you understand the difference between: - The bounce address, i.e. the RFC 5321 envelope sender address that Internet-compliant MTAs must return undeliverable mail to. and - The Reply-To: header, i.e. RFC 5322 message header that end-user mail agents may react to. If the above reads like gobbledygook, then I recommend reading up on the the documents that I have referenced above. > Also external incoming mail is hitting the server but being rejected. > This was going to our old exchange server, I would like to send a > message back (assuming the headers are valid & not spam) saying the > the email domain is no longer valid & they need to update their > address list. Don't. By sending email back, you would be harassing innocent people (most email is forged) and you would get your systems blacklisted as a backscatterer. Getting blacklisted is not good for doing email business. Instead, configure your Postfix SMTP server to reply with an appropriate 5XX reject message. If the email is spam, no-one will be hurt. In the unlikely case that the email is real, the sending MTA will inform the sender that email was not deliverable, with the 5XX reject message that you have configured. Wietse
Re: performance problems
On 4/2/2012 1:51 AM, Jeremie CEINTREY wrote: > Thank you very much for your explanations. > > I'm going to test with smtpd_client_connection_count_limit = 1 > > Three days ago I added smtpd_client_connection_rate_limit = 10, wich limit > the number of connection by a client to 10 by time unit; a time unit equal to > 60s by default. > I noticed that it works well and permit to slow down big mailers. As you > write it, when a mailing list campain was in progress, I was able to see > hundreds of mails arriving from a domain with tail -f /var/log/mail.log | > grep cleanup > > tail -f /var/log/mail.log | grep 'postfix/cleanup.*@domain_of_big_mailer > > Yet, i'm going to test with smtpd_client_connection_count_limit = 1, wich > looks like smtpd_client_connection_rate_limit and > smtpd_client_message_(rate|count)_limit parameters. smtpd_client_connection_count_limit tends to only slow down bulk mailers and not 'normal' non-bulk mailers, which is why I recommended it. smtpd_client_connection_rate_limit and smtpd_client_message_(rate|count)_limit will delay delivery from 'normal' mailers on occasion, possibly very frequently. This is a negative side effect most would want to avoid. This type of restriction should be configured only on a domain or IP subnet basis so you only affect the bulk mailers. Postfix doesn't have an inbuilt way to do so. These settings are global. Thus, if you want to use this type of rate delay you would want to use an add on policy daemon. The policy daemon method has a downside: it requires an smtpd process for each connection to be delayed, eating extra system resources. Setting smtpd_client_connection_count_limit also sets postscreen_client_connection_count_limit if you're using postfix 2.8 and postscreen. Thus the limit is enforced before connections are handed to smtpd processes, so you don't needlessly eat up additional smtpds. Thus, it's much simpler and more effective to use smtpd_client_connection_count_limit to achieve your goal, without multiple unwanted side effects. -- Stan
Re: setting up ldap auth::solved::
On Apr 1, 2012, at 9:26 PM, jeffrey j donovan wrote: > greetings > > im setting up an authenticated relay for some users. using SASL/TLSv1 dovecot > auth, pam. > for local users things work fine. but im getting myself confused on how to > incorporate ldap users hosted on a remote system. i understand i need to > create a virtual alias map for those users. > but passing the remote authentication has me chasing my tail. the user > mailboxes are not stored locally, only system users get local delivery. so I > can use transport maps once the user has authenticated. > Im using a debian system, and the docs are outdated compared to the files > installed for dovecot. ( dovecot.conf --> !include conf.d/*.conf ). > there are so many options that Im not able to follow a clear path. many > tutorials I have read start great, but then have gaps, or they are version > dependent. > > I have read that could modify PAM to use ldap for credentials. Many of the > docs I have read use cyrus for authentication. but this seems a bit off > track, or is it a viable way to allow ldap users to relay ? > > can someone point me in the right direction. Do i need to adjust, postfix to > read ldap, or dovecot, or sasluthd, or pam , or all of the above. > > tnx in advance. > > -j simpilar than I was making it out to be. i needed to compile dovecot with ldap. then the proper docs and example files became available and made sense. thanks for not flaming me :) -j
Amavis Problem
Dear All, I have a installation of Ubuntu 10.04 LTS. Here I have installed postfix/dovecot . Last week I have installed Amavis/ClamAV/spamassassin to filter spam emails. All is working fine. The only problem is that I want to forward all the spam/virus email to one email account "spam_server", so that I can check all the emails manually and send some non spam emails to their respective users. All of us are working with postfix; and may be anyone of us could have faced this problem and solved. That's why I am posting this email here. Thanks/regards, Vishal Agarwal
