slow down deferred destination

[Birta Levente]

Hi all

How can I slow down deliveries to specified domain after temporary deferred?

I have a list for marketing purposes and 2/3 part of subscribed users is 
on yahoo.


To yahoo, deliveries go through slow transport:

slow_destination_recipient_limit=10
slow_destination_concurrency_limit=1
slow_destination_rate_delay=4s
slow_destination_concurrency_failed_cohort_limit=100

When a mail fire to the list yahoo accepts first 100-200 mails, then 
defer, because the unusual traffic.
Somehow need to slow down deliveries to this domain and after some time 
(say 30 minutes) try again.
I tried to play with queue_run_delay, minimal/maximal_backoff_time, but 
as far as I can see is not applicable to specified transport, just globally.


So, apart from globally set of queue_run_delay, 
minimal/maximal_backoff_time and another postfix instance is there 
another solution?


Thanks
Levi






smime.p7s
Description: S/MIME Cryptographic Signature

Re: slow down deferred destination

[James Griffin]

* Birta Levente  [2013-01-29 10:18:15 +0200]:

> Hi all
> 
> How can I slow down deliveries to specified domain after temporary deferred?
> 
> I have a list for marketing purposes and 2/3 part of subscribed
> users is on yahoo.

This was discussed recently on the list, perhaps have a look at some of the 
responses given to the person whom asked about this before.

Re: slow down deferred destination

[Titanus Eramius]

Tue, 29 Jan 2013 08:30:05 + skrev James Griffin
:

> * Birta Levente  [2013-01-29 10:18:15 +0200]:
> 
> > Hi all
> > 
> > How can I slow down deliveries to specified domain after temporary
> > deferred?
> > 
> > I have a list for marketing purposes and 2/3 part of subscribed
> > users is on yahoo.
> 
> This was discussed recently on the list, perhaps have a look at some
> of the responses given to the person whom asked about this before.

It's this one
http://postfix.1071664.n5.nabble.com/Balancing-destination-concurrency-rate-delay-td54147.html

Re: slow down deferred destination

[Birta Levente]

On 29/01/2013 10:49, Titanus Eramius wrote:

Tue, 29 Jan 2013 08:30:05 + skrev James Griffin
:


* Birta Levente  [2013-01-29 10:18:15 +0200]:


Hi all

How can I slow down deliveries to specified domain after temporary
deferred?

I have a list for marketing purposes and 2/3 part of subscribed
users is on yahoo.


This was discussed recently on the list, perhaps have a look at some
of the responses given to the person whom asked about this before.


It's this one
http://postfix.1071664.n5.nabble.com/Balancing-destination-concurrency-rate-delay-td54147.html



Yes, read it at that time, but my question is somehow different.

And over months I have solution too, but I look for a more elegant solution.
With properly set of queue_run_delay, minimal/maximal_backoff_time it's 
work well, but affect other domains.
I think multiple instances resolve the problem, but ... I'm a little bit 
lazy with this :)


thanks
Levi




smime.p7s
Description: S/MIME Cryptographic Signature

postfix stopped relaying after client changed IP address

[M. Fioretti]

Greetings,

my home computer (CLIENT) has postfix configured to relay all outgoing
email to my actual email SERVER, that is running on a VPS. The current
outputs of postconf -n for both boxes are below.

For reasons not really relevant here, a while ago I had configured the
SERVER to only relay for 2 IP addresses: the one of another VPS I manage,
and the one of my home computer. Everything worked fine until this
morning, when there was a blackout at home. When the ADSL modem restarted,
it got a different IP address from the provider, 2.39.122.159 . This was
not unexpected, it's a known fact with that provider. So, after the
blackout, I logged into the SERVER, updated the IP address of my home
computer in main.cf and restarted postfix. This "strategy" has worked
without problems after other blackouts and changes of IP address at home.
This morning, it didn't. Every email I try to send from the CLIENT is now
ejected by the SERVER as follows:

Jan 29 05:38:22 vps728 postfix/smtpd[13107]: connect from
net-2-39-122-159.cust.dsl.vodafone.it[2.39.122.159]
Jan 29 05:38:22 vps728 postfix/smtpd[13107]: NOQUEUE: reject: RCPT from
net-2-39-122-159.cust.dsl.vodafone.it[2.39.122.159]: 554
: Recipient address rejected: Access denied;
from= to= proto=ESMTP
helo=
Jan 29 05:38:22 vps728 postfix/smtpd[13107]: disconnect from
net-2-39-122-159.cust.dsl.vodafone.it[2.39.122.159]


which looks like postfix on the SERVER was not aware that now 2.39.122.159
IS in mynetworks. Why? Any help to figure out what is happening is
welcome. I mean, until literally one minute before the blackout at home I
was merrily sending email from home, with the very same configuration you
see below, just the then current IP address of my home modem in the SERVER
main.cf. Why shouldn't it work with a different address and a postfix
restart?

TIA,
Marco

###

postconf -n on the SERVER:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix-2.4.3-documentation/html
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost
mydomain = $myhostname
myhostname = a.mx.nexaima.net
mynetworks = 127.0.0.0/8, 212.48.186.219, 2.39.122.59
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.4.3-documentation/readme
relay_domains =
relayhost =
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain,   
permit_mynetworks,   
permit_sasl_authenticated, 
reject_unauth_destination,   
check_helo_access hash:/etc/postfix/reject_own_helo
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/myssl/mycert.pem
smtpd_tls_key_file = /etc/myssl/mycert.pem
smtpd_tls_loglevel = 1
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/mymaps/valias.map
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/mymail_storage
virtual_mailbox_domains = /etc/postfix/mymaps/vhosts.map
virtual_mailbox_maps = hash:/etc/postfix/mymaps/vmailboxes.map
virtual_transport = procmail
virtual_uid_maps = static:5000

###
postconf -n on the CLIENT:

alias_maps = hash:/etc/aliases
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb
$daemon_directory/$process_name $process_id & sleep 5
default_privs = nobody
default_transport = smtp
defer_transports = smtp
disable_dns_lookups = yes
disable_mime_output_conversion = no
html_directory = /usr/share/doc/packages/postfix/html
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = digifreedom.net
masquerade_exceptions = root
message_size_limit = 1024
myde

Re: tls for virtual mailbox domains?

[DTNX Postmaster]

On Jan 29, 2013, at 08:43, Markus Grunwald  wrote:

> is it possible to use multiple certificates for my virtual mail domains?
> 
> I have configured my "main" mailbox as the-grue.de. For this
> domain, I can use  smtpd_tls_cert_file and smtpd_tls_key_file and tls
> works just fine :) But I don't see a possibility to add certificates
> for  the virtual mailbox domains like e.g. maennerchor-kirchseeon.de.
> 
> Is it possible to add certificates/tls for the virtual domains?

Your mail server has one (1) main identity; its own hostname.

I would advise you to get a certificate for that one hostname, for 
example 'mail.the-grue.de', and then have your customers use that in 
their MUA as the host to send and retrieve mail.

This is the simplest of setups, without any hassle long-term.

A possible alternative is to use a so-called 'multi-domain' 
certificate, which allows for a single certificate with several domains 
on it that you need to prove control over.

Individual certificates require multiple instances, if I am not 
mistaken. Check the mailinglist archives, I am quite sure this has been 
asked before.

Cya,
Jona

Re: postfix stopped relaying after client changed IP address

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/29/2013 11:43 AM, M. Fioretti wrote:
> 
> which looks like postfix on the SERVER was not aware that now 
> 2.39.122.159 IS in mynetworks. Why? Any help to figure out what is 
> happening is


> mynetworks = 127.0.0.0/8, 212.48.186.219, 2.39.122.59

It isn't in mynetworks. Fix the typo.

- - --
Tom
- -BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRB7BwAAoJEJPfMZ19VO/12u4QAJda6Mx4GgO/c5Z9Cf4PaAxa
oQGyiHO3Xo1esw4TAZADw91lPgdf1s65k+diYgxQydg8SGNITQEholFcuYTkdZqa
RPZzABkSYRds34+EAShR5+gknoKo5P8aprTQQv/Zs9XX9E/P6cxMfmuz6dnRKRTx
jIM28iESie3qVl+vOV8pl/aZhG5pIs3lvaylbKng3lkHe+SBFWhblY33RTE1AkNl
7mBRRVL9PoC+HKUfqsZpFbmqD3r8vF+k+OVDVZN1BzCj6SacLNLJwyZto88BZh5Z
9Sz0fY6LaKjdfTfJwCBsVUpd4SL6JYO8HO65vG3H6QYa94zvEI0k7VLD5XHQ/rXa
pUa9O5sK3jyY63X/2Pb1DYw06ER5SQCffF31VcCsSl7BPvXUlyyn1QJ6UGK+ffgI
MgMhtygjuHUrQCW3hCJVEPyf61fJTM89ayFHdUrU4IYWYv5LB8QX2Ni32foc1QEh
1IqP9C+hTmjasEzjsJjfrlpEYhehj0Io9IS4N86wMmsSdVCVLFWuX2qWDhWQLTG8
BGKiWWcFmH08++ZsuttNb3BL18g1asR5Dxzx02UPl+QOwwY0DYA8/eAzDGCWkywS
/ZFKwGcPvOGfP3bsPUUAIICa2vw8szSTaRoelQhkkbsT4L9LtlYrcJyx0f/iCPfb
zdQPtoP2jFtF+heQXOT/
=NdW9
- -END PGP SIGNATURE-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRB7CSAAoJEJPfMZ19VO/1fEkP/j3UA+qYzuQfedkBflcqpDEm
u0s9d4DCSIB5+OOFQxkNCGUt3K44Q3FgVfop1s6R3EFhDvWTtcP9BRVujMClI3hw
H+fHnBX42vuVvlw0WDIkzL/6jRIHT2HhfDjZ734nebNHJKYrXr5Lh1YoGGmJ9ewR
fZjv3u6JUzZHNrW+bC089Qb6t8r9DjSGPrDw/wy4B7fmyLkausJ32ys9kpT4xFok
r2tuGP0nSB5VP3f+lWdeMlESW2AZwHLFd/7lMxt/DWK43FRY8O/vn9Pbbej1STp1
7Qk9QzZW/Q3poEy74sUpGvh19AjqhhqaQrNNlz16Ecum2EBy5IVmgOg2Bbqx6XPM
qVMD9h0dzj8jBJzE5r8wIhpj2LkifuJ0e5UJztcBSGltnv7jgBXP4vTc4BV/j5Cw
sZZlurrJ7bx07G4f5nTU2lk3F2+vYDwRpQUc4tqISCHmiU2Ay7WhaIV8jIe4MFMp
IinSXt/bFpd4wxITIajbn2F9+3tHCu9bUelACuYiK8unf47zG7Q6jqDOTG9MQ4P0
kb2zcnn92aXAReX7MS8oigJGaIHb313UktbnffPsBnwfPUO8Ayrh6uoHkzXnbGOK
Z0L9TlEqhCW/87BqcminqTcZRHI/uoDOST213cXZ3RwcQ/rPOLzOr84tE7onP7pE
YR3J1SQg0XLCYZJPd56f
=Msvh
-END PGP SIGNATURE-

Re: postfix stopped relaying after client changed IP address

[Mark Goodge]

On 29/01/2013 10:43, M. Fioretti wrote:


which looks like postfix on the SERVER was not aware that now 2.39.122.159
IS in mynetworks. Why?

mynetworks = 127.0.0.0/8, 212.48.186.219, 2.39.122.59


2.39.122.159 <--- does not match --^

Mark
--
http://mark.goodge.co.uk

Re: postfix stopped relaying after client changed IP address

[M. Fioretti]

On Tue, January 29, 2013 11:43 am, M. Fioretti wrote:
> Greetings,
>
> my home computer (CLIENT) has postfix configured to relay all outgoing
> email to my actual email SERVER, that is running on a VPS. The current
> outputs of postconf -n for both boxes are below.
>
> For reasons not really relevant here, a while ago I had configured the
> SERVER to only relay for 2 IP addresses: the one of another VPS I manage,
> and the one of my home computer. Everything worked fine until this
> morning, when there was a blackout at home. When the ADSL modem restarted,
> it got a different IP address from the provider, 2.39.122.159 . This was
> not unexpected, it's a known fact with that provider. So, after the
> blackout, I logged into the SERVER, updated the IP address of my home
> computer in main.cf and restarted postfix. This "strategy" has worked
> without problems after other blackouts and changes of IP address at home.
> This morning, it didn't. Every email I try to send from the CLIENT is now
> ejected by the SERVER as follows:
>
> Jan 29 05:38:22 vps728 postfix/smtpd[13107]: connect from
> net-2-39-122-159.cust.dsl.vodafone.it[2.39.122.159]
> Jan 29 05:38:22 vps728 postfix/smtpd[13107]: NOQUEUE: reject: RCPT from
> net-2-39-122-159.cust.dsl.vodafone.it[2.39.122.159]: 554
> : Recipient address rejected: Access denied;
> from= to= proto=ESMTP
> helo=
> Jan 29 05:38:22 vps728 postfix/smtpd[13107]: disconnect from
> net-2-39-122-159.cust.dsl.vodafone.it[2.39.122.159]

I have no idea if it is relevant and what it may mean, but I have found
out just now that:

1) the control panel of my modem says my public IP address is 2.39.122.159
2) which is the same address that postfix in the server sees, cfr the log
above
3) but if I ask http://www.whatismyip.com/ what my current public IP
address is, I get a _different_ value 108.162.231.39

more and more puzzled...

Re: postfix stopped relaying after client changed IP address

[Bjørn Ruberg]

On 01/29/2013 12:14 PM, M. Fioretti wrote:

I have no idea if it is relevant and what it may mean, but I have found
out just now that:

1) the control panel of my modem says my public IP address is 2.39.122.159
2) which is the same address that postfix in the server sees, cfr the log
above
3) but if I ask http://www.whatismyip.com/ what my current public IP
address is, I get a _different_ value 108.162.231.39

more and more puzzled...


That's probably a (transparent?) HTTP proxy.

Since SMTP != HTTP, you should trust your modem in this case. 
Particularly since your Postfix relay seems to agree with your modem.


--
Bjørn

SOLVED (of course): postfix stopped relaying after client changed IP address

[M. Fioretti]

there are times when a refreshing, if a bit embarrassing "shock" from
others is the only way out of a problem.

I can't remember how many times I DID check that string I had typed to be
sure there were no typos before posting for help, but of course, it was
159, not 59, sorry.

Thanks!
of course, any comment on this is still welcome, as well as on any
weakness in my server postconf -n output.

Marco

> 1) the control panel of my modem says my public IP address is 2.39.122.159
> 2) which is the same address that postfix in the server sees, cfr the log
> above
> 3) but if I ask http://www.whatismyip.com/ what my current public IP
> address is, I get a _different_ value 108.162.231.39

Re: tls for virtual mailbox domains?

[Wietse Venema]

Markus Grunwald:
> Hello,
> 
> is it possible to use multiple certificates for my virtual mail domains?
> 
> I have configured my "main" mailbox as the-grue.de. For this
> domain, I can use  smtpd_tls_cert_file and smtpd_tls_key_file and tls
> works just fine :) But I don't see a possibility to add certificates
> for  the virtual mailbox domains like e.g. maennerchor-kirchseeon.de.
> 
> Is it possible to add certificates/tls for the virtual domains?

There is an RFC for this (SNI) but code has not yet been written
for Postfix.

Wietse

Re: tls for virtual mailbox domains?

[Jerry]

On Tue, 29 Jan 2013 07:27:01 -0500 (EST)
Wietse Venema articulated:

> > Is it possible to add certificates/tls for the virtual domains?  
> 
> There is an RFC for this (SNI) but code has not yet been written
> for Postfix.

I did not realize that there was an RFC for this. This might be a nice
project for the next development version of Postfix after the current
one is released as STABLE, although I wonder how many users actually
have a real need for the feature.

-- 
Jerry ✌
postfix-u...@seibercom.net
_
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Re: tls for virtual mailbox domains?

[Reindl Harald]

Am 29.01.2013 13:55, schrieb Jerry:
> On Tue, 29 Jan 2013 07:27:01 -0500 (EST)
> Wietse Venema articulated:
> 
>>> Is it possible to add certificates/tls for the virtual domains?  
>>
>> There is an RFC for this (SNI) but code has not yet been written
>> for Postfix.
> 
> I did not realize that there was an RFC for this. This might be a nice
> project for the next development version of Postfix after the current
> one is released as STABLE, although I wonder how many users actually
> have a real need for the feature.

what benefit do you have from SNI?
the mailserver is the same

on a webserver this is a totally different topic because
you have different content for each hostname / vhosrt



signature.asc
Description: OpenPGP digital signature

bcc syntax

[jeffrey j donovan]

Greetings
I am archiving mail using always_bcc = archive1. Is there a regex or a way that 
I can add an address to " not_always_bcc " 

lets say the archive1 typically recieves bcc's from relay. Sometimes messages 
from the archive are retrieved and sent to an administrator via email , using 
the same relays which in turn " always_bcc ". 
Can I  edit the relay's to not always bcc when mail is from host x.y.z ?

thanks for any assistance

-j

Re: tls for virtual mailbox domains?

[Viktor Dukhovni]

On Tue, Jan 29, 2013 at 08:43:31AM +0100, Markus Grunwald wrote:

> is it possible to use multiple certificates for my virtual mail domains?

http://archives.neohapsis.com/archives/postfix/2013-01/0174.html

For Postfix 2.11 (2.10 is almost out the door, so it is too late for
this year) I've layed the groundwork for an RFC 6698 (DANE TLSA)
implementation, and expect that the RFC will be fully supported by
the time 2.11 is released early in 2014.

https://tools.ietf.org/html/rfc6698

Assuming DNSSEC is adopted widely (and perhaps DANE is a real
incentive) this will make key management for SMTP substantially
more scalable, and perhaps some day the majority of SMTP servers
will have verifiable TLS certs verified by a public key fingerprint
in DNS. As easy as:

$ openssl x509 -in /usr/pkg/etc/mail-cert.pem -pubkey -noout |
openssl pkey -pubin -outform DER |
openssl dgst -sha256
(stdin)= 89ef5b500559318251538fb1da0bd309d38bd021eb0311a3227be7b331b05bac

DNS:

_25._tcp.smtp.example.com. IN TLSA (
3 1 1 89ef5b500559318251538fb1da0bd309
  d38bd021eb0311a3227be7b331b05bac )

(plus appropriate RRSIG records). And you get CA-free certificates
that (once other MTAs implement DANE) everyone can verify.

-- 
Viktor.

Re: bcc syntax

[Wietse Venema]

jeffrey j donovan:
> Greetings
> I am archiving mail using always_bcc = archive1. Is there a regex
> or a way that I can add an address to " not_always_bcc "

For conditional BCC, use sender_bcc_maps or recipient_bcc_maps.

Wietse

Re: bcc syntax

[jeffrey j donovan]

On Jan 29, 2013, at 9:43 AM, Wietse Venema  wrote:

> For conditional BCC, use sender_bcc_maps or recipient_bcc_maps.
> 
>   Wietse

Thanks for the reply,

So if i want to avoid bcc from specific host/ u...@domain.tld I need to create 
a bcc_map for those that I do want copied and not use always_bcc.
-j

Re: bcc syntax

[Wietse Venema]

jeffrey j donovan:
> 
> On Jan 29, 2013, at 9:43 AM, Wietse Venema  wrote:
> 
> > For conditional BCC, use sender_bcc_maps or recipient_bcc_maps.
> 
> Thanks for the reply,
> 
> So if i want to avoid bcc from specific host/ u...@domain.tld I
> need to create a bcc_map for those that I do want copied and not
> use always_bcc.

Let the computer do the work for you.

/etc/postfix/main.cf:
   sender_bcc_maps = pcre:/etc/postfix/sender_bcc.pcre

/etc/postfix/sender_bcc.pcre:
if !/^archive-sender@archive-host\.example\.com$/
/./ archive-recipi...@archive-host.example.com
endif

That should bcc all mail except mail from
archive-sen...@archive-host.example.com and mail with the null
sender address (i.e. delivery status notifications).

Wietse

Postscreen status script

[Mike.]

I implemented the postscreen capability on a small MTA I run for
friends and family.  Once I got postscreen configuration producing the
results I wanted, I soon tired of watching the detailed maillog to see
how postscreen was operating.  So I wrote a quick shell script to
summarize the log file and give me an overview of how well postscreen
is working.

I offer the script to anyone who would like to use it.   One company I
worked for would not allow open source software into the company unless
there was an explicit license on the software, so I put the BSD license
on the script.  

You can download the script from here:
 http://archive.mgm51.com/sources/pslogscan.html


Here is the sample output that pslogscan.sh produces:

Scanning /var/log/maillog

 All "incoming" log records:   5789
   All "status=sent"  log records: 1873
   All "status=deferred"  log records: 10
 rejected: 3906  (67%)
   
   PASS NEW log records:  390
   PASS OLD log records:  1762
   
   WHITELISTED log records:  109
   BLACKLISTED log records:  0
   
   Protocol errors:
  HANGUP log records:  2980
PREGREET log records:  187
BARE NEWLINE log records:  1
  COMMAND TIME LIMIT log records:  8
  COMMAND PIPELINING log records:  1
   
   DNS black lists log records:
zen.spamhaus.org:  3174
 dnsbl.sorbs.net:  1338
  b.barracudacentral.org:  2759
   
   DNSBL blocked log records: 2410
  DNSBL rank 3:  493
  DNSBL rank 4:  0
  DNSBL rank 5:  0
  DNSBL rank 6:  938
  DNSBL rank 7:  0
  DNSBL rank 8:  0
  DNSBL rank 9+: 979
   
   DNSBL blocks by domain: 
  example.com: 393
  example.biz: 69
  example.net: 1699
 example.info: 108
 

Re: fatal: no SASL authentication mechanisms

[FigureoTV SFM]

On Sun, Jan 27, 2013 at 12:05 PM, Erwan David  wrote:
> Le 27/01/2013 16:14, FigureoTV SFM a écrit :
>
>> Hello.
>>
>> I'm a postfix newbie and experiencing a lot of problems trying to get
>> to run smoothly as it was on my previous server.
>>
>> I don't know what's causing these errors:
>>
>> Jan 27 15:07:40 hawk084 postfix/smtpd[13897]: connect from
>> unknown[190.80.213.58]
>> Jan 27 15:07:40 hawk084 postfix/smtpd[13897]: warning: SASL: Connect
>> to private/auth failed: Connection refused
>
> First error is here, following ones are consequences.
>
>> I'm not using any password authentication method and got that fatal error.
>>
>> I can't receive or send mail.
>>
>> What am I doing wrong?
>
>
> You configured postfix to use SASL, through a socket that it cannot open.
> You should review your SASL configuration.
>

I still can't solve this problem. I don't know why is SASL is being
used and I'm not doing any authentication.

Re: Postscreen status script

[Brian Evans]

On 1/29/2013 1:07 PM, Mike. wrote:

I implemented the postscreen capability on a small MTA I run for
friends and family.  Once I got postscreen configuration producing the
results I wanted, I soon tired of watching the detailed maillog to see
how postscreen was operating.  So I wrote a quick shell script to
summarize the log file and give me an overview of how well postscreen
is working.

I offer the script to anyone who would like to use it.   One company I
worked for would not allow open source software into the company unless
there was an explicit license on the software, so I put the BSD license
on the script.

You can download the script from here:
  http://archive.mgm51.com/sources/pslogscan.html


Fails without modification on my Gentoo mailserver:
Scanning /var/log/maillog
mktemp: too few X's in template ‘mailqscan’

All "incoming" log records: 10121
./pslogscan.sh: line 51: ${TmpFile}: ambiguous redirect

Changing mailqscan to mailqscan.XXX works.

Brian

Re: fatal: no SASL authentication mechanisms

[Noel Jones]

On 1/29/2013 12:13 PM, FigureoTV SFM wrote:
> On Sun, Jan 27, 2013 at 12:05 PM, Erwan David  wrote:
>> Le 27/01/2013 16:14, FigureoTV SFM a écrit :
>>
>>> Hello.
>>>
>>> I'm a postfix newbie and experiencing a lot of problems trying to get
>>> to run smoothly as it was on my previous server.
>>>
>>> I don't know what's causing these errors:
>>>
>>> Jan 27 15:07:40 hawk084 postfix/smtpd[13897]: connect from
>>> unknown[190.80.213.58]
>>> Jan 27 15:07:40 hawk084 postfix/smtpd[13897]: warning: SASL: Connect
>>> to private/auth failed: Connection refused
>>
>> First error is here, following ones are consequences.
>>
>>> I'm not using any password authentication method and got that fatal error.
>>>
>>> I can't receive or send mail.
>>>
>>> What am I doing wrong?
>>
>>
>> You configured postfix to use SASL, through a socket that it cannot open.
>> You should review your SASL configuration.
>>
> 
> I still can't solve this problem. I don't know why is SASL is being
> used and I'm not doing any authentication.
> 


Postfix is using SASL because you told it to.
http://www.postfix.org/postconf.5.html#smtpd_sasl_auth_enable

Maybe you can turn it off with the commands

postconf -e smtpd_sasl_auth_enable=no
postfix reload

Re: Postscreen status script

[Mike.]

On 1/29/2013 at 1:14 PM Brian Evans wrote:

|On 1/29/2013 1:07 PM, Mike. wrote:
|> I implemented the postscreen capability on a small MTA I run for
|> friends and family.  Once I got postscreen configuration producing
the
|> results I wanted, I soon tired of watching the detailed maillog to
see
|> how postscreen was operating.  So I wrote a quick shell script to
|> summarize the log file and give me an overview of how well
postscreen
|> is working.
|>
|> I offer the script to anyone who would like to use it.   One company
I
|> worked for would not allow open source software into the company
unless
|> there was an explicit license on the software, so I put the BSD
license
|> on the script.
|>
|> You can download the script from here:
|>   http://archive.mgm51.com/sources/pslogscan.html
|>
|Fails without modification on my Gentoo mailserver:
|Scanning /var/log/maillog
|mktemp: too few X's in template ‘mailqscan’
|
|All "incoming" log records: 10121
|./pslogscan.sh: line 51: ${TmpFile}: ambiguous redirect
|
|Changing mailqscan to mailqscan.XXX works.
|
|Brian

 =


Thanks for the feedback.

I only run FreeBSD, so I figure there may be some minor issues like the
one you mention when running on other OS's.

Re: Postscreen status script

[Brian Evans]

On 1/29/2013 1:29 PM, Mike. wrote:


On 1/29/2013 at 1:14 PM Brian Evans wrote:

|On 1/29/2013 1:07 PM, Mike. wrote:
|> I implemented the postscreen capability on a small MTA I run for
|> friends and family.  Once I got postscreen configuration producing
the
|> results I wanted, I soon tired of watching the detailed maillog to
see
|> how postscreen was operating.  So I wrote a quick shell script to
|> summarize the log file and give me an overview of how well
postscreen
|> is working.
|>
|> I offer the script to anyone who would like to use it.   One company
I
|> worked for would not allow open source software into the company
unless
|> there was an explicit license on the software, so I put the BSD
license
|> on the script.
|>
|> You can download the script from here:
|>   http://archive.mgm51.com/sources/pslogscan.html
|>
|Fails without modification on my Gentoo mailserver:
|Scanning /var/log/maillog
|mktemp: too few X's in template ‘mailqscan’
|
|All "incoming" log records: 10121
|./pslogscan.sh: line 51: ${TmpFile}: ambiguous redirect
|
|Changing mailqscan to mailqscan.XXX works.
|
|Brian

  =


Thanks for the feedback.

I only run FreeBSD, so I figure there may be some minor issues like the
one you mention when running on other OS's.



Also, your expressions don't count real postscreen numbers for connects 
and rejects.

Take into account the following lines.

Jan 28 12:47:57 mx1 postfix/error[19363]: 3Yvy410c1Mz8GKk: 
to=, relay=none, delay=2332, delays=2331/1.2/0/0.07, 
dsn=4.7.0, status=deferred (delivery temporarily suspended: host 
mta7.am0.yahoodns.net[66.94.238.147] refused to talk to me: 421 4.7.0 
[TS01] Messages from xx.xx.xx.xx temporarily deferred due to user 
complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Jan 28 12:48:26 mx1 postfix/smtp[19336]: 3Yvy4D6lG7z8GL8: 
to=, relay=none, delay=2350, 
delays=2319/0.05/31/0, dsn=4.4.1, status=deferred (connect to 
yahoo.com.com[216.239.120.187]:25: Connection timed out)


Because of that, I have skewed numbers:
All "incoming" log records: 10187
All "status=sent" log records: 7506
All "status=deferred" log records: 3302
rejected: -621 (-6%)

It is not a simple math of "A minus B minus C" to find out how much 
postscreen is rejecting in its current state.


Brian

Re: Postscreen status script

[Mike.]

On 1/29/2013 at 1:43 PM Brian Evans wrote:

|On 1/29/2013 1:29 PM, Mike. wrote:
|>
|> On 1/29/2013 at 1:14 PM Brian Evans wrote:
|>
|> |On 1/29/2013 1:07 PM, Mike. wrote:
|> |> I implemented the postscreen capability on a small MTA I run for
|> |> friends and family.  Once I got postscreen configuration
producing
|> the
|> |> results I wanted, I soon tired of watching the detailed maillog
to
|> see
|> |> how postscreen was operating.  So I wrote a quick shell script to
|> |> summarize the log file and give me an overview of how well
|> postscreen
|> |> is working.
|> |>
|> |> I offer the script to anyone who would like to use it.   One
company
|> I
|> |> worked for would not allow open source software into the company
|> unless
|> |> there was an explicit license on the software, so I put the BSD
|> license
|> |> on the script.
|> |>
|> |> You can download the script from here:
|> |>   http://archive.mgm51.com/sources/pslogscan.html
|> |>
|> |Fails without modification on my Gentoo mailserver:
|> |Scanning /var/log/maillog
|> |mktemp: too few X's in template ‘mailqscan’
|> |
|> |All "incoming" log records: 10121
|> |./pslogscan.sh: line 51: ${TmpFile}: ambiguous redirect
|> |
|> |Changing mailqscan to mailqscan.XXX works.
|> |
|> |Brian
|>
|>   =
|>
|>
|> Thanks for the feedback.
|>
|> I only run FreeBSD, so I figure there may be some minor issues like
the
|> one you mention when running on other OS's.
|>
|>
|>
|Also, your expressions don't count real postscreen numbers for
connects
|and rejects.
|Take into account the following lines.
|
|Jan 28 12:47:57 mx1 postfix/error[19363]: 3Yvy410c1Mz8GKk:
|to=, relay=none, delay=2332,
delays=2331/1.2/0/0.07,
|dsn=4.7.0, status=deferred (delivery temporarily suspended: host
|mta7.am0.yahoodns.net[66.94.238.147] refused to talk to me: 421 4.7.0
|[TS01] Messages from xx.xx.xx.xx temporarily deferred due to user
|complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
|Jan 28 12:48:26 mx1 postfix/smtp[19336]: 3Yvy4D6lG7z8GL8:
|to=, relay=none, delay=2350,
|delays=2319/0.05/31/0, dsn=4.4.1, status=deferred (connect to
|yahoo.com.com[216.239.120.187]:25: Connection timed out)
|
|Because of that, I have skewed numbers:
|All "incoming" log records: 10187
|All "status=sent" log records: 7506
|All "status=deferred" log records: 3302
|rejected: -621 (-6%)
|
|It is not a simple math of "A minus B minus C" to find out how much
|postscreen is rejecting in its current state.
|
|Brian

 =

Yup.

When there are a lot of deferrals, then things get complicated,
requiring one to following individual messages through the process to
eliminate multiple deferrals, etc., e.g., a single message "incoming"
can get deferred many times leading to the numbers you cite.

I wanted to keep things simple, so I made some compromises on the
accuracy.  I've been flipping back and forth between keeping the count
of deferrals in there, or taking it out.  Perhaps I should report the
deferrals, but not count them in the expression   hmmm...

Re: Postscreen status script

[Brian Evans]

On 1/29/2013 1:43 PM, Brian Evans wrote:

Because of that, I have skewed numbers:
All "incoming" log records: 10187
All "status=sent" log records: 7506
All "status=deferred" log records: 3302
rejected: -621 (-6%)

It is not a simple math of "A minus B minus C" to find out how much 
postscreen is rejecting in its current state.


Furthermore, the script assumes that connect to sent ratio is (1:1).
This is almost never the case with multi-recipient mail or clients that 
can send more than one message in a single transaction.


Brian

Re: Postscreen status script

[Mike.]

On 1/29/2013 at 2:01 PM Brian Evans wrote:

|On 1/29/2013 1:43 PM, Brian Evans wrote:
|> Because of that, I have skewed numbers:
|> All "incoming" log records: 10187
|> All "status=sent" log records: 7506
|> All "status=deferred" log records: 3302
|> rejected: -621 (-6%)
|>
|> It is not a simple math of "A minus B minus C" to find out how much 
|> postscreen is rejecting in its current state.
|
|Furthermore, the script assumes that connect to sent ratio is (1:1).
|This is almost never the case with multi-recipient mail or clients
that 
|can send more than one message in a single transaction.
|
|Brian

 =

Version 1.1, now uploaded to 

 http://archive.mgm51.com/sources/pslogscan.html

has removed the deferrals from the rejected calculation.


Multi-recipients handling would involve some very detailed processing,
which is beyond the stated goal of this script.  

I use the script to watch day-to-day trends, not for detailed analysis.
  In that capacity, it works fine for me.  YMMV

Thanks again for your feedback.

Re: Postscreen status script

[lconrad]

On Tuesday 29/01/2013 at 1:37 pm, Mike.  wrote:



On 1/29/2013 at 2:01 PM Brian Evans wrote:

|On 1/29/2013 1:43 PM, Brian Evans wrote:
|> Because of that, I have skewed numbers:
|> All "incoming" log records: 10187
|> All "status=sent" log records: 7506
|> All "status=deferred" log records: 3302
|> rejected: -621 (-6%)
|>
|> It is not a simple math of "A minus B minus C" to find out how much
|> postscreen is rejecting in its current state.
|
|Furthermore, the script assumes that connect to sent ratio is (1:1).
|This is almost never the case with multi-recipient mail or clients
that
|can send more than one message in a single transaction.
|
|Brian

=

Version 1.1, now uploaded to

http://archive.mgm51.com/sources/pslogscan.html

has removed the deferrals from the rejected calculation.


Multi-recipients handling would involve some very detailed processing,
which is beyond the stated goal of this script.

I use the script to watch day-to-day trends, not for detailed 
analysis.

   In that capacity, it works fine for me.  YMMV

Thanks again for your feedback.






I suggest you simplify and use only postscreen log lines.

"sent" and "deferred" are not postscreen actions.

and "sent" double counts when postfix sends to content filter  AND 
sends to next hop, in a relay-only gateway.


"incoming" should be "SMTP connections"

you should automatically detect RBL servers rather than looking for 
defined, eg sorbs, RBL server, which I don't use


awk '/dnsblog/{print $11}' /var/log/maillog | sort -f | uniq -ic
290700 b.barracudacentral.org
209424 zen.spamhaus.org


good work


I think I'll write my own in python  :)


Len

Re: Postscreen status script

[Mike.]

On 1/29/2013 at 2:06 PM lcon...@go2france.com wrote:

|On Tuesday 29/01/2013 at 1:37 pm, Mike.  wrote:
|>
|I suggest you simplify and use only postscreen log lines.
|
|"sent" and "deferred" are not postscreen actions.
|
|and "sent" double counts when postfix sends to content filter  AND 
|sends to next hop, in a relay-only gateway.
|
|"incoming" should be "SMTP connections"
|
|you should automatically detect RBL servers rather than looking for 
|defined, eg sorbs, RBL server, which I don't use
|
|awk '/dnsblog/{print $11}' /var/log/maillog | sort -f | uniq -ic
|290700 b.barracudacentral.org
|209424 zen.spamhaus.org
|
|
|good work
|
|
|I think I'll write my own in python  :)
|
|
|Len
 =

Yes, after pondering the helpful pointers that Brian gave me, I have
started to think about using only the Postscreen log lines, that way I
can avoid the multiplication of messages due to multi-recipient
messages and other messes, such as the double count you note.  I backed
myself into a corner when I tried to track the flow of messages without
tracking the details thereof.

I'll leave the auto-detect to those who are more adventurous in that
area than I.  :)

"incoming" currently also includes "pickup".  But that may be removed
when I go to postscreen-only log messages.


If I sparked an idea for someone else, all the better.

Thanks for the comment.

Re: bcc syntax

[jeffrey j donovan]

On Jan 29, 2013, at 10:49 AM, Wietse Venema  wrote:

> Let the computer do the work for you.
> 
> /etc/postfix/main.cf:
>   sender_bcc_maps = pcre:/etc/postfix/sender_bcc.pcre
> 
> /etc/postfix/sender_bcc.pcre:
>if !/^archive-sender@archive-host\.example\.com$/
>/./ archive-recipi...@archive-host.example.com
>endif
> 
> That should bcc all mail except mail from
> archive-sen...@archive-host.example.com and mail with the null
> sender address (i.e. delivery status notifications).
> 
>   Wietse

Phew, thanks I was hopping I could use a regex like that, perfect.

-j

Re: Postscreen status script

[Eliezer Croitoru]

On 1/29/2013 8:07 PM, Mike. wrote:


I implemented the postscreen capability on a small MTA I run for
friends and family.  Once I got postscreen configuration producing the
results I wanted, I soon tired of watching the detailed maillog to see
how postscreen was operating.  So I wrote a quick shell script to
summarize the log file and give me an overview of how well postscreen
is working.

I offer the script to anyone who would like to use it.   One company I
worked for would not allow open source software into the company unless
there was an explicit license on the software, so I put the BSD license
on the script.

You can download the script from here:
  http://archive.mgm51.com/sources/pslogscan.html


Thanks Mike.

The concept is really good but I must say it's a script for very small 
logs but in a system that the logs are in sizes of more then 100MB I 
assume your script will be very slow.


How are you in other scripting languages?
I have been working with Ruby\Perl\Python\Bash and for me Ruby is the 
most intuitive and seems like capable of doing this task easily.


Regards,
--
Eliezer

RE: Send mail to hotmail

[King™]

:( No ways resolve this problem ? or accept when sendmail to Hotmail into Spam.

Help Me if YOUs did...


-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of peter evans
Sent: Tuesday, January 29, 2013 3:45 PM
To: postfix-users@postfix.org
Subject: Re: Send mail to hotmail

On Jan/28.20:30:32, Michael J Wise wrote:
> > No one outside of Microsoft …
> Strike that.
> Nobody outside of HotMail.
> You should choose to trust me on this…. :)

And he is spot on too, having worked with HotMail several years ago,
and any NDA has long since expired, find out why you are in their 
spam bucket will be quite tough even if you do know people there...

My money is on casino spam ^^;

P