AW: AW: How to change queue id?
Using Wietse's first approach (adding a custom id to the MAIL FROM address as an extension) I have tried to output the sender's address in the same line of the mail.log as the bounce message. I believe I would need to change the global/log_adhoc.c (e.g. line 109 in 2.9.4) to do so but I cannot access the sender there. Is there a way to access the initial sender from the log_adhoc void? Maybe through the RECIPIENT object: RECIPIENT->QMGR_QUEUE->QMGR_ENTRY_LIST->QMGR_ENTRY->QMGR_MESSAGE->sender I know it sounds awefully complicated but I really need a custom id in the same line as the bounce message. Alternatively, if there is another location where I access and ouput the sender, the recipient, the status=bounced (reason) and the dsn that would also work. Any help is greatly appreciated. Best, Steffen -Ursprüngliche Nachricht- Von: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] Im Auftrag von Wietse Venema Gesendet: Donnerstag, 4. Oktober 2012 14:26 An: Postfix users Betreff: Re: AW: How to change queue id? Steffen Schebesta: > If that doesn't work though then maybe I could work around this > problem. I thought about adding the message-id to the bounce message > but that probably Postfix has lots of options to identify a returned message. 1) You can encode the unique identifier in the envelope sender address (as an address extension). This works even when mail is returned by a remote MTA. 2) Your unique Message ID is already returned in the bounce message. See RFC 3462. This may or may not work for mail that is returned by a remote MTA. 3) You can specify your own unique ENVELOPE ID via SMTP (see RFC 3461) or via the Postfix "sendmail -V" option. This ENVELOPE ID is also returned in the bounce message. See RFC 3464. This works only if all MTAs in the forward path implement RFC 3461. I suggest that you study the many RFCs and non-RFC features that Postfix already implements, before tinkering with internals. But first, as Stan mentioned, you should describe your problem, instead of your proposed solutions. There are likely better solutions that already exist. I already mentioned three of them. Wietse
Re: How to change queue id?
Am 06.10.2012 18:20, schrieb Steffen Schebesta: > Using Wietse's first approach (adding a custom id to the MAIL FROM address > as an extension) I have tried to output the sender's address in the same > line of the mail.log as the bounce message. > I believe I would need to change the global/log_adhoc.c (e.g. line 109 in > 2.9.4) to do so but I cannot access the sender there. Is there a way to > access the initial sender from the log_adhoc void? Maybe through the > RECIPIENT object: > RECIPIENT->QMGR_QUEUE->QMGR_ENTRY_LIST->QMGR_ENTRY->QMGR_MESSAGE->sender > > I know it sounds awefully complicated but I really need a custom id in the > same line as the bounce message this is NOT possible please try to understand how a QUEUE works you get ONE message with 10 RCPT some of them are local, some of them not the non-local have different destination servers some of them may not be reachable and tried later so you have on the postfix side many different log lines for the same message, and some of them may arrive 5 days later while some messages are still delivered sucessfully signature.asc Description: OpenPGP digital signature
Re: [OT] SPF - Do you use it
On Fri, 05 Oct 2012 15:50:37 +0200 Reindl Harald wrote: > forgot to mention you should use BOTH types > TXT and SPF I did not even know that a SPF record type existed in DNS. At the homepage of SPF and other places I have read, it is indicated that SPF = TXT RR in DNS, but I may have read too little on the subject to notice. > The SPF RR is functionally identical to a TXT record with SPF data. > BIND 9.4+ supports the SPF RR type, however previous versions, and > most other DNS software (as of July 2007), do not yet support the SPF > RR type. Thus, the RFC's recommendation is to always provide a TXT > based SPF RR and, if your DNS software supports the SPF RR type, > duplicate the information from the TXT version of the SPF RR in a > native SPF RR. The reason for this procedure is simply because while > the master/slave DNS may support the SPF RR, querying name servers - > such as name servers used by receiving MTAs - may not. Some, but not > all, of the examples below have been updated to reflect the use of > both record types to illustrate usage. In all cases the TXT and SPF > RRs are shown with a comment line between containing the word AND as > a reminder of the current policy recommendation. It is safe to assume > for the foreseeable future that only using a TXT version of the SPF > will always work. This is a wealth of information and highly appreciated, thank you. At the moment my service provider does not support the usage of SPF records, so for the time being I will stick to TXT, and keep an eye out for SPF RR.
Re: [OT] SPF - Do you use it
On Fri, 05 Oct 2012 17:17:49 +0200 lst_ho...@kwsoft.de wrote: > > Zitat von Reindl Harald : > > > Am 05.10.2012 16:04, schrieb lst_ho...@kwsoft.de: > >> > >> Zitat von Titanus Eramius : > >> > >>> Slightly off topic. I hope it's OK when the mail is marked as > >>> such. > >>> > >>> I was just wondering if the users of this list use SPF in any > >>> way, and if so, to what extend? > >> > >> We have considered SPF some five years ago but after second > >> thought ditched it completely: > >> > >> - It dos not really help against spam because the spam-farms also > >> can set proper SPF > > > > this point is simply wrong > > > > a spam-farm CAN NOT set a SPF that whatever ip is allowed > > to send mails with my envelope - simply because they are not > > the dns-admin of my zones > > > > > > SPF is NOT a spam-protection > > > > it is designed to prevent forged sender-addresses which in > > the worst case results in multiple auto-replies between > > completly univolved persons which may over-react and > > start blacklisting servers which are not the root-cause > > > > the real problem is that not EVERY domain has SPF records > > and that is why it doe snot help as much as it could, you > > are part of this problem because ANYBODY can send me spam > > with yur sender-address and only blacklists and bayesian > > filters prevents my server to send you auto-replies for > > such messages if i am at vacation > > This is your opinion. Mine is i don't care what sender-addresses > spam has but i care about preventing spam from reaching end users. > The most spam we see are from well connected spam-farms with their > own throw-away domains and proper SPF/DKIM set. So no, SPF/DKIM is > not useful for us in any way but certainly you are free to use it the > way you like and as long as you like. > > Regards > > Andreas > As a newcomer to both this list and Postfix in general, I did'nt realize this subject could be "touchy", and I don't hope my question has been seen as an attempt to stir the dam. I'm asking out of a real world exampel from the other day, where I was emailed by the support of a company, I had phoned and asked for some details of a product earlier on. Since the email contained some sensitive information I wanted to make sure, at the very least, that the mail actually came from one of their servers, and in the past I have checked the SPF-header of the mail. And before you say it, I know SPF in itself is not enough to verify an email, but it should be (IMHO) enough to ensure the email is not spam or something similar. All your replies have reaised a couple of questions I was hoping could be answered as well. * As far as I understand, it should then be safe to drop mails with a SPF that does not match? I know this is not a antispam policy, for that I use rules in "smtpd_recipient_restrictions". * Is there any advantage in using "v=spf1 ip4:1.2.3.4 -all" compared to "v=spf1 mx -all" or the other way around?
Re: AW: AW: How to change queue id?
Steffen Schebesta: > Using Wietse's first approach (adding a custom id to the MAIL FROM address > as an extension) I have tried to output the sender's address in the same > line of the mail.log as the bounce message. To this end, YOU specify the sender address AT MAIL SUBMISSION TIME, instead of tinkering with Postfix source which is not supported. Wietse
Re: [OT] SPF - Do you use it
Titanus Eramius: > And before you say it, I know SPF in itself is not enough to > verify an email, but it should be (IMHO) enough to ensure the email is > not spam or something similar. OK. That's enough nonsense. I am stopping this thread on punishment of removal. For questions about SPF, go to some other mailing list. Wietse
Re: AW: AW: How to change queue id?
> Am 06.10.2012 um 23:22 schrieb Wietse Venema : > > > Steffen Schebesta: > >> Using Wietse's first approach (adding a custom id to the MAIL FROM address > >> as an extension) I have tried to output the sender's address in the same > >> line of the mail.log as the bounce message. > > > > To this end, YOU specify the sender address AT MAIL SUBMISSION TIME, > > instead of tinkering with Postfix source which is not supported. Steffen Schebesta: > Sorry that I didn't make it clear. Of course I set the sender at > submission time. All I want is to output the sender now when the > bounce happens in the log together with the recipient address. This is unnecessary. And I repeat that tinkering with Postfix source code is not supported. Postfix returns a standardized bounce message with the old queue id AND the bounced recipient AND the sender-address-with-your-identier and the Message-ID and more. You don't need to parse logfiles. Wietse
Re: [OT] SPF - Do you use it
Am 06.10.2012 22:37, schrieb Titanus Eramius: > * Is there any advantage in using "v=spf1 ip4:1.2.3.4 -all" compared > to "v=spf1 mx -all" or the other way around? "v=spf1 mx -all" enforces a additional dns-request while "v=spf1 ip4:1.2.3.4 -all" does not signature.asc Description: OpenPGP digital signature
