RE: Policyd Information
Hi All, Isn't here anyone who is using Policyd server ? Rgds, Santosh From: santoshmalav...@outlook.com To: postfix-users@postfix.org Subject: Policyd Information Date: Tue, 26 Mar 2013 10:09:19 +0530 Hi All, I initially posted the following query pertaining to the policyd on their mailing list, however, i did not get any response. I have the following questions pertaining to policyd : Is there any testing utility available with policyd, to check the policy configuration ? Is there any document that explains policyd debug logging ? One more query, after confirming my subscription to the policyd mailing list, I tried sending message to the list. It bounced back, with the following message : Diagnostic-Code: smtp;554 5.7.1 Mail (id-36392-06252) appears to be unsolicited, please resend with the code yju1y5yq appended to email subject and ask to have your sender email whitelisted (the code yju1y5yq changes each 24 hours). This message says that I can send message to the list after appending the relevant code to email subject. May, I know how this feature works ? Rgds, Santosh
Re: Distributed Postfix
I have refered to split only postfix functions,but for it ,is need create coherent users system. For example if I create one user in gmail system,this user physical is stored only one central machine then is accesed through diverse distribute mechanism (same DNS),or is replicate in all machine? thanks - Original Message - From: Bill Cole To: postfix-users@postfix.org Sent: Tuesday, March 26, 2013 16:00 Subject: Re: Distributed Postfix On 26 Mar 2013, at 6:51, Gaby L wrote: > Hi > My teoretic question is how configure multiple (distributed) postfix > mail servers for one domain,which can load balance tasks? (e.g > gmail),but all servers same (unique) users list,alias,rules for one > domain? As Dr. Venema's answer implies, splitting up functions (especially non-Postfix functions) between different sets of machines is the first step, as it is easier to distribute limited subsets of work across many machines than to replicate everything on every box and keep them all coherent. A corollary of this is that you need to start by understanding what your "Postfix mail server" actually is doing. Inbound, outbound, and internal mail can be split apart between distinct Postfix configurations, while access to delivered mail (i.e. IMAP, POP, or webmail) is a non-Postfix function that is inherently the most difficult part of a "mail server" to distribute across many nodes. Because large-scale "mail servers" aren't all "large" in the same way, how one should split up and replicate functionality between machines is dependent on the details of what the whole system is doing.
Delivery to command in aliases ignored ?
Hi all, Viktor, I don't know if this has reached the list (I haven't got the replica of the mail from the list) so please excuse me for sending it again. Viktor, thank you very much for your answer. I did run the command, as you suggested, and the result was expected: # postmap -q test hash:/var/lib/mailman/data/ aliases "|/usr/lib/mailman/mail/mailman post test" This is exactly what i would like to have ... the delivery of mail intended for the t...@jesej.si to the command, as indicated by the above line. However, i've just checked once more, the same error is there if I send mail for the t...@jesej.si mailing list. It just says that test user is unknown. Indeed, I don't have a UNIX user by that name in my machine; but, as far as I was able to figure out, the aliases delivery to command should not have problems with that, especially if I set local_recipient_maps to the enpty value. Do I miss anything? Kajetan
Re: Delivery to command in aliases ignored ?
Kajetan Dolinar: > Hi all, Viktor, I don't know if this has reached the list (I haven't got > the replica of the mail from the list) so please excuse me for sending it > again. > > Viktor, thank you very much for your answer. I did run the command, as you > suggested, and the result was expected: > > # postmap -q test hash:/var/lib/mailman/data/ > aliases > "|/usr/lib/mailman/mail/mailman post test" > > This is exactly what i would like to have ... the delivery of mail intended > for the t...@jesej.si to the command, as indicated by the above line. > However, i've just checked once more, the same error is there if I send > mail for the t...@jesej.si mailing list. It just says that test user is > unknown. > > Indeed, I don't have a UNIX user by that name in my machine; but, as far as > I was able to figure out, the aliases delivery to command should not have > problems with that, especially if I set local_recipient_maps to the enpty > value. Do I miss anything? The alias_maps parameter is used ONLY for domains in mydestination. Wietse
Postfix SSL client config
Hi, I'm trying to set up a simple email relay host, with my home linux box sending to smtp.indra.com. I'm running Postfix 2.9.6-1~12.1 on Xubuntu 3.5.0.26, and I need to use SSL to talk to indra. I think SSL works on port 465 because I can use openssl to connect: openssl s_client -crlf -connect smtp.indra.com:465 AUTH LOGIN 334 VXNlcm5hbWU6 # base64 prompt for "Userid:" (send my base64 userid) 334 UGFzc3dvcmQ6 # base64 prompt for "Password:" (send my base64 password) 235 2.0.0 OK Authenticated I tried to do this in postfix, by using main.cf: relayhost = smtp.indra.com:465 smtp_sasl_auth_enable = yes smtp_sasl_mechanism_filter = login smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd sasl/passwd: [smtp.indra.com]:465 lastName:myPasswd postmap sasl/passwd service postfix restart I get in /var/log/mail.log: Mar 28 14:22:02 helix postfix/smtp[10392]: CLIENT wrappermode (port smtps/465) is unimplemented Mar 28 14:22:02 helix postfix/smtp[10392]: instead, send to (port submission/587) with STARTTLS When I change to the port from 465 to 587 in the above 2 files and restart postfix, I get in /var/log/mail.log: Mar 29 06:09:33 helix postfix/pickup[5513]: A06D318122B: uid= from= Mar 29 06:09:33 helix postfix/cleanup[5726]: A06D318122B: message-id=<20130329120933.ga5...@mathcom.com> Mar 29 06:09:33 helix postfix/qmgr[10564]: A06D318122B: from=, size=611, nrcpt=1 (queue active) Mar 29 06:09:40 helix postfix/smtp[5728]: A06D318122B: to=, relay=smtp.indra.com[209.169.0.20]:587, delay=7.2, delays=0.09/0/6.9/0.14, dsn=4.7.1, status=SOFTBOUNCE (host smtp.indra.com[209.169.0.20] said: 550 5.7.1 ... Access denied (in reply to RCPT TO command)) # postqueue -p -Queue ID- --Size-- Arrival Time -Sender/Recipient--- A06D318122B 611 Fri Mar 29 06:09:33 firstname.lastn...@mathcom.com (host smtp.indra.com[209.169.0.20] said: 550 5.7.1 ... Access denied (in reply to RCPT TO command)) lastn...@indra.com Any thoughts? Many thanks, Steve
Re: Postfix SSL client config
Am 29.03.2013 13:16, schrieb sulli...@indra.com: > I'm trying to set up a simple email relay host, with my home > linux box sending to smtp.indra.com. > I'm running Postfix 2.9.6-1~12.1 on Xubuntu 3.5.0.26, > and I need to use SSL to talk to indra. > > I think SSL works on port 465 because I can use openssl to connect yes, but not for the postfix-client as you have even quoted > Mar 28 14:22:02 helix postfix/smtp[10392]: CLIENT wrappermode (port > smtps/465) is unimplemented > Mar 28 14:22:02 helix postfix/smtp[10392]: instead, send to (port > submission/587) with STARTTLS so use port 587 instead 465 signature.asc Description: OpenPGP digital signature
Re: dictionary-attack
On Thu, Mar 28, 2013 at 11:09:58PM -0500, Stan Hoeppner wrote: > On 3/28/2013 8:03 AM, /dev/rob0 wrote: > > If postscreen DNSBLs are your only protection, what happens if > > your DNS breaks? Spam flood! Here too, Stan's PCRE list can help, > > again, at least as a HELO check (client name checks won't fire if > > DNS is gone.) > > And many people use the table for HELO checks as well for this very > reason. Spambots quite often do a PTR lookup on the local IP and > use the rDNS name in the HELO string. > > > Consider the "onion" approach, multiple layers of protection. > > When I went to postscreen I left all my old spam restrictions > > alone. On rare occasions I have seen where they are used. I should add here that the most common application of my smtpd restrictions are the RHSBL lookups and non-FQDN HELO, which postscreen cannot do. > Layered, exactly. And the cost of leaving them enabled is > miniscule. > > > All that said, I personally have not used Stan's PCRE list, but > > So much for that layered defense Rob. ;) Haha. Well, it might help some in the event of DNS slowness, but probably not much; my reject_unknown_reverse_client_hostname covers outright DNS failure. And if dnsblog misses a positive DNSBL hit in time for postscreen, it's cached and ready for smtpd. About the only spam I ever see is from relaying ratware. That's not much, but it's definitely on the rise. My next layer needs to be content filtering. Still looking to round out the corners on this square tuit I have. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Re: Postfix SSL client config
On Fri, Mar 29, 2013 at 06:16:54AM -0600, sulli...@indra.com wrote: > I'm trying to set up a simple email relay host, with my home > linux box sending to smtp.indra.com. > I'm running Postfix 2.9.6-1~12.1 on Xubuntu 3.5.0.26, > and I need to use SSL to talk to indra. > > I think SSL works on port 465 because I can use openssl to connect: > > openssl s_client -crlf -connect smtp.indra.com:465 > AUTH LOGIN > 334 VXNlcm5hbWU6 # base64 prompt for "Userid:" > (send my base64 userid) > 334 UGFzc3dvcmQ6 # base64 prompt for "Password:" > (send my base64 password) > 235 2.0.0 OK Authenticated > > I tried to do this in postfix, by using > main.cf: > relayhost = smtp.indra.com:465 This should be the bracketed form as you used below, to inhibit MX lookup of the name. Also, the smtp_sasl_password_maps entry must exactly match the relayhost; this could be the reason why you didn't authenticate. > smtp_sasl_auth_enable = yes > smtp_sasl_mechanism_filter = login > smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd > sasl/passwd: > [smtp.indra.com]:465 lastName:myPasswd Like this. > postmap sasl/passwd > service postfix restart > > I get in /var/log/mail.log: > > Mar 28 14:22:02 helix postfix/smtp[10392]: CLIENT wrappermode > (port smtps/465) is unimplemented There is a workaround using stunnel(1) which is documented in TLS_README.html#client_smtps , but you should follow this advice: > Mar 28 14:22:02 helix postfix/smtp[10392]: instead, send to (port > submission/587) with STARTTLS ... and get STARTTLS working on 587. You did not show any evidence that you tried to do that. http://www.postfix.org/TLS_README.html#client_tls > When I change to the port from 465 to 587 in the above 2 files > and restart postfix, I get in /var/log/mail.log: > > Mar 29 06:09:33 helix postfix/pickup[5513]: A06D318122B: uid= > from= > Mar 29 06:09:33 helix postfix/cleanup[5726]: A06D318122B: > message-id=<20130329120933.ga5...@mathcom.com> > Mar 29 06:09:33 helix postfix/qmgr[10564]: A06D318122B: > from=, size=611, nrcpt=1 (queue active) > Mar 29 06:09:40 helix postfix/smtp[5728]: A06D318122B: > to=, relay=smtp.indra.com[209.169.0.20]:587, > delay=7.2, delays=0.09/0/6.9/0.14, dsn=4.7.1, status=SOFTBOUNCE (host > smtp.indra.com[209.169.0.20] said: 550 5.7.1 ... > Access denied (in reply to RCPT TO command)) > > > # postqueue -p > -Queue ID- --Size-- Arrival Time -Sender/Recipient--- > A06D318122B 611 Fri Mar 29 06:09:33 firstname.lastn...@mathcom.com > (host smtp.indra.com[209.169.0.20] said: 550 5.7.1 ... > Access denied (in reply to RCPT TO command)) > lastn...@indra.com > > Any thoughts? If this isn't enough to get you going, see here before posting again: http://www.postfix.org/DEBUG_README.html#mail -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Re: Delivery to command in aliases ignored ?
On Fri, Mar 29, 2013 at 07:02:44AM -0400, Wietse Venema wrote:
> The alias_maps parameter is used ONLY for domains in mydestination.
The OP explicitly routes the address in question to the "local"
transport. However, local(8) treats a queue-file recipient
address (one resolved to local(8) via the transport switch)
in the same way it treats in the same way it treats the same
address on the right side of an alias:
somealias: t...@example.com
so indeed if example.com does not match mydestination, the address
won't be subject to alias expansion, even though it resolves to
the local transport. The solution is along the lines of:
main.cf:
indexed = ${default_database_type}:${config_directory}/
virtual_alias_maps = ${indexed}virtual
mydestination = local.invalid
myorigin = example.com
virtual:
t...@example.comtest@local.invalid
with this only addresses explicitly rewritten to "local.invalid"
are delivered via the "local" transport and subjected to alias
expansion. If you have recursive aliases in your aliases(5)
file, you need to be careful to avoid loops:
# This loops:
user: user, bccuser
# This delivers to user's local mailbox and to bccu...@example.com
user: user@local.invalid, bccuser
--
Viktor.
Re: Policyd Information
On 2013-03-29 4:42 AM, santosh malavade wrote: Hi All, Isn't here anyone who is using Policyd server ? I'm sure there are plenty, but I'm not one... however, the reason you may not have received a response is this is the postfix list, not the policyd list, which is where you should be asking this question... -- Best regards, Charles
RE: Policyd Information
santosh malavade skrev den 2013-03-29 09:42: Isn't here anyone who is using Policyd server ? policyd or postfix does not add Diagnostic-Code so provide postconf -n or show policyd.conf, else you have to ask mailhoster that adds Diagnostic-Code
