Re: High Availability
On 7/4/2014 8:17 πμ, Patrick Ben Koetter wrote: On Linux use DRBD to replicate mail queues between a pair of machines and crm to control a second Postfix instance that will be started locally to pickup any remaining mails once the partner machine dies. Hmm, I think DRBD is only advised in cases where the net link between the replicated boxes is guaranteed and low-latency; so I guess probably this is not a working solution between different data centers as discussed here. However, I can't suggest alternatives, I am afraid... My instinct (though not always correct :-) ) tells me also that near-real-time file sync (like using lsyncd with rsync) should not be a suggested solution for queue replication. One could investigate whether Apache Helix (http://helix.apache.org/) can be a viable solution. All the best, Nick
Re: High Availability
Miles Fidelman: > > To find solutions, open your favorite search engine and try "cyrus > > mailbox replication", "dovecot meailbox replication", and so on. > > I've been wondering about this too, and it strikes me that "mailbox > replication" is only relevant to local delivery. What about replicating > the various intermediate mail queues? (My current HA setup is brute > force - a failover virtual machine, with a completely replicated file > system. But I've been looking for ways that are more granular, and that > are easier to do across two separate data centers.) Have you considered the following: - Inbound mail spends a fraction of a second in the queue. - Inbound mail spends days or weeks or more in the mailbox. - If an MTA goes down, mail flows via alternate MX hosts. - If the mailbox store goes down, then you have no mail. That's why high availability focuses on the mailbox store, not on the MTA in the middle. Wietse
Re: High Availability
Wietse Venema wrote: Miles Fidelman: To find solutions, open your favorite search engine and try "cyrus mailbox replication", "dovecot meailbox replication", and so on. I've been wondering about this too, and it strikes me that "mailbox replication" is only relevant to local delivery. What about replicating the various intermediate mail queues? (My current HA setup is brute force - a failover virtual machine, with a completely replicated file system. But I've been looking for ways that are more granular, and that are easier to do across two separate data centers.) Have you considered the following: - Inbound mail spends a fraction of a second in the queue. - Inbound mail spends days or weeks or more in the mailbox. - If an MTA goes down, mail flows via alternate MX hosts. - If the mailbox store goes down, then you have no mail. That's why high availability focuses on the mailbox store, not on the MTA in the middle. Well yes, in theory - but in practice we run a bunch of email lists, and I find that there are always cases where one or more destinations are temporarily unavailable - so there are various messages that will hang around for a while. So HA for the queues is not unreasonable to think about. Miles -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra
Re: mailman issue
On Fri, Apr 04, 2014 at 02:55:49PM -0400, Curtis Maurand wrote:
> I'm not sure if this is on topic or not. I can't tell whether
> this is mailman issue or a postfix issue.
>
> I have set up mailman.
The simple way to do Postfix and Mailman is to put your lists
subdomain[s] in $mydestination, and add your mailman aliases to
alias_maps. Then everything Just Works. Mailman maintains its own
aliases; lists can be added, changed or deleted without any MTA
configuration nor elevated privileges.
A drawback to this approach is that you can't easily have an
identical listname in more than one domain; for example if you want
"sa...@lists.example.com" and "sa...@info.example.net" on the same
Postfix/Mailman instance, this is not easy to do. (It can be done
with some virtual aliases, but these must be manually maintained
if/when changes are necessary.)
Another drawback is as noted, you really should have separate
subdomains for lists. It's possible to do it with your main domain,
e.g., example.com, in mydestination, but you must ensure that your
Mailman list manager[s] never override a real user's address by
creating a list of the same name.
[snip the Mailman part]
> the transport entry is:
>
> lists.xyonet.com mailman
> lists.delrc.orgmailman
>
> Then in the master.cf i have
> mailman unix - n n - - pipe flags=FR
> user=list argv=/etc/mailman/postfix-to-mailman.py ${nexthop} ${mailbox}
>
> main.cf
>
> mydestination = canon.xyonet.com, localhost.xyonet.com,
> localhost, mysql:/etc/postfix/mydestination.cf
Perhaps drop the mysql lookup and just add the two lists domains.
> local_recipient_maps = mysql:/etc/postfix/sql-recipients.cf
This sounds terribly complicated and subject to breakage. Leave it
default (don't set it in main.cf at all) and it works with your
Mailman aliases added to alias_maps as mentioned above.
Note that the local_recipient_maps default includes $alias_maps.
That's how recipient address validation works for mydestination
domains.
> transport_maps = mysql:/etc/postfix/transport.cf
Transport maps in mysql are rarely a good idea, even when they DO
work as desired. In this case you should not need them.
> I'm getting local user unknown errors when I try to send email to
> the list., but as far as I know, I shouldn't need local aliases
> with this configuration
As explained above, no. Of course I am only guessing that your
mysql:/etc/postfix/mydestination.cf returns something when queried
for your list domains -- you did not share logs anywhere.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Re: Mailbox structure help
Good morning Wietse, I found that this was user error and simply adding "username/" in my vmaps file worked like a charm. Additionally, I had to make sure Dovecot could access my mailboxes by explicitly setting my UID/GID to vmail/vmail in /etc/dovecot/conf.d/10-mail.conf Thank you for your continued support. Thanks, Joey -- View this message in context: http://postfix.1071664.n5.nabble.com/Mailbox-structure-help-tp66641p66731.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: High Availability
Miles Fidelman: > > Have you considered the following: > > > > - Inbound mail spends a fraction of a second in the queue. > > > > - Inbound mail spends days or weeks or more in the mailbox. > > > > - If an MTA goes down, mail flows via alternate MX hosts. > > > > - If the mailbox store goes down, then you have no mail. > > > > That's why high availability focuses on the mailbox store, > > not on the MTA in the middle. > > [talking about OUTBOUND mail which was not the subject of this thread] You change the topic of the discussion and then claim some contradiction. Wietse
Put all outgoing mail for domain in HOLD
Hi all. We have a postfix setup with recipient_bcc_maps and sender_bcc_maps enabled for each mailbox and delivering to another mta for archiving. We've maintained the same mailbox namings and added a suffix incoming "u...@company.com" bccs to "user-in@company.local" outgoing "u...@company.com" bccs to "user-out@company.local" We didn't want to create a record in the local dns so I've created a transport for the domain "company.local". Now I need to put all the main to "company.local" in the HOLD queue for manual inspection/release. How can I do that without having to edit the transport map each time? Thank you. -Chris
Re: Put all outgoing mail for domain in HOLD
Chris: > Hi all. > We have a postfix setup with recipient_bcc_maps and sender_bcc_maps enabled > for > each mailbox and delivering to another mta for archiving. > > We've maintained the same mailbox namings and added a suffix > incoming "u...@company.com" bccs to "user-in@company.local" > outgoing "u...@company.com" bccs to "user-out@company.local" > > We didn't want to create a record in the local dns so I've created > a transport for the domain "company.local". Now I need to put all > the main to "company.local" in the HOLD queue for manual > inspection/release. How can I do that without having to edit the > transport map each time? When a message is moved to the "hold" queue, none of the recipients of that message is delivered. That may not be what you want. Some archival configurations create a separate archival copy of the message, for example with a before-queue SMTP-based content filter. This has been discussed on this list several times but there is no complete working example. Wietse
Lost Connection after AUTH - Dealing with Abuse
Hello all, What is the best way of dealing with pests like this? Apr 7 12:52:40 polyphemus postfix/smtpd[24765]: lost connection after AUTH from unknown[78.188.45.153] Apr 7 12:52:41 polyphemus postfix/smtpd[9398]: lost connection after AUTH from unknown[78.188.45.153] Apr 7 12:52:42 polyphemus postfix/smtpd[11788]: lost connection after AUTH from unknown[78.188.45.153] Apr 7 12:52:42 polyphemus postfix/smtpd[1519]: lost connection after AUTH from unknown[78.188.45.153] Apr 7 12:52:42 polyphemus postfix/smtpd[25494]: lost connection after AUTH from unknown[78.188.45.153] Apr 7 12:52:42 polyphemus postfix/smtpd[8085]: lost connection after AUTH from unknown[78.188.45.153] Apr 7 12:52:43 polyphemus postfix/smtpd[17639]: lost connection after AUTH from unknown[78.188.45.153] Apr 7 12:52:43 polyphemus postfix/smtpd[20617]: lost connection after AUTH from unknown[78.188.45.153] And on and on and on for another hundred or so lines Note that I don't advertise or accept 'AUTH' on this server: 250-polyphemus.xiphosura.co.uk 250-SIZE 1024 250-ENHANCEDSTATUSCODES 250 8BITMIME AUTH 503 5.5.1 Error: authentication not enabled Should I just ignore this, or is there a way of preventing/ameliorating this abuse in Postfix? My system seems to cope with it OK, but it does rather annoy me. I'm using Postfix 2.10.1 Regards, Richard
Re: Lost Connection after AUTH - Dealing with Abuse
On 4/7/2014 8:42 AM, Richard Laysell wrote: > > Hello all, > > What is the best way of dealing with pests like this? > > Apr 7 12:52:40 polyphemus postfix/smtpd[24765]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:41 polyphemus postfix/smtpd[9398]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:42 polyphemus postfix/smtpd[11788]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:42 polyphemus postfix/smtpd[1519]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:42 polyphemus postfix/smtpd[25494]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:42 polyphemus postfix/smtpd[8085]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:43 polyphemus postfix/smtpd[17639]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:43 polyphemus postfix/smtpd[20617]: lost connection after > AUTH from unknown[78.188.45.153] > > And on and on and on for another hundred or so lines > > Note that I don't advertise or accept 'AUTH' on this server: > > 250-polyphemus.xiphosura.co.uk > 250-SIZE 1024 > 250-ENHANCEDSTATUSCODES > 250 8BITMIME > AUTH > 503 5.5.1 Error: authentication not enabled > > Should I just ignore this, or is there a way of preventing/ameliorating > this abuse in Postfix? My system seems to cope with it OK, but it > does rather annoy me. > > I'm using Postfix 2.10.1 > > Regards, > > Richard > Just ignore this attempted abuse. Since you don't offer AUTH, they can't break anything. This won't affect your performance unless there are a large number (hundreds?) of concurrent connections, and they'll probably go annoy someone else at some point. If they annoy you badly, you can use fail2ban or similar to firewall badly behaving clients, but understand that's mostly just to make you feel better and can have unintended side effects, such as unintentionally blocking a good client. -- Noel Jones
Re: Lost Connection after AUTH - Dealing with Abuse
Am 07.04.2014 15:42, schrieb Richard Laysell: > Apr 7 12:52:40 polyphemus postfix/smtpd[24765]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:41 polyphemus postfix/smtpd[9398]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:42 polyphemus postfix/smtpd[11788]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:42 polyphemus postfix/smtpd[1519]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:42 polyphemus postfix/smtpd[25494]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:42 polyphemus postfix/smtpd[8085]: lost connection after > > Should I just ignore this, or is there a way of preventing/ameliorating > this abuse in Postfix? My system seems to cope with it OK, but it > does rather annoy me you can't prevent that somebody connects to your server and the closes the connection - since the other side can't achieve anything there is no abuse and whatever you do it will result in a logline only 1 exception: block the IP on the network layer
Re: Lost Connection after AUTH - Dealing with Abuse
On Mon 07/Apr/2014 16:01:44 +0200 li...@rhsoft.net wrote: > Am 07.04.2014 15:42, schrieb Richard Laysell: >> Apr 7 12:52:42 polyphemus postfix/smtpd[1519]: lost connection after >> AUTH from unknown[78.188.45.153] >> Apr 7 12:52:42 polyphemus postfix/smtpd[25494]: lost connection after >> AUTH from unknown[78.188.45.153] >> Apr 7 12:52:42 polyphemus postfix/smtpd[8085]: lost connection after >> >> Should I just ignore this, or is there a way of preventing/ameliorating >> this abuse in Postfix? My system seems to cope with it OK, but it >> does rather annoy me > > you can't prevent that somebody connects to your server and > the closes the connection - since the other side can't achieve > anything there is no abuse The guy is most probably running a badly coded password cracker, so a notification to the Turkish abuse desk wouldn't hurt. I don't know a good way to automate that, though. Ale
Where is 'localdomain' defined?
Hello, My installation works fine. I am wanting to understand how Postfix works better so that I can extend my installation's capabilities in the future. I have Postfix: The Definitive Guide ebook that I bought and downloaded from O'Reilly and have been using it, as well as the postfix.org website. I have also used Hildebrandt's book, but left it in the US in lieu of my weightless e-book. On my system, lets say the /etc/hostname is assigned to be 'example'. This is not a FQDN, which would require $myhostname to be set as something more exact. In my main.cf, I have a line: myhostname = example.com but when I run postconf -d myhostname, I get an output that I didn't expect: myhostname = example.localdomain My question is where did the word localdomain come from and what exactly does it mean? On this machine, the domain name it hosts (example.com) happens to also be the machine hostname (example) in this case. Because of this, I'm not sure with 'example' is being returned by postconf. Anybody willing to help clarify this for me? Thanks very much, Timothy D. Legg
Re: Where is 'localdomain' defined?
Am 07.04.2014 16:34, schrieb Timothy D. Legg: > myhostname = example.com > > but when I run postconf -d myhostname, I get an output that I didn't expect: > > myhostname = example.localdomain re-read the manual postconf -d: default settings postconf -n: current active settings
Re: Where is 'localdomain' defined?
07.04.2014 16:34, Timothy D. Legg: > On my system, lets say the /etc/hostname is assigned to be 'example'. > This is not a FQDN, which would require $myhostname to be set as something > more exact. In my main.cf, I have a line: > > myhostname = example.com > > but when I run postconf -d myhostname, I get an output that I didn't expect: > > myhostname = example.localdomain > > > My question is where did the word localdomain come from and what exactly > does it mean? On this machine, the domain name it hosts (example.com) > happens to also be the machine hostname (example) in this case. Because > of this, I'm not sure with 'example' is being returned by postconf. > > Anybody willing to help clarify this for me? >From man 5 postconf: | mydomain (default: see postconf -d output) |The internet domain name of this mail system. The default is |to use $myhostname minus the first component, or "localdomain" |(Postfix 2.3 and later). together with | myhostname (default: see postconf -d output) |The internet hostname of this mail system. The default is to |use the fully-qualified domain name (FQDN) from gethostname(), |or to use the non-FQDN result from gethostname() and append |".$mydomain". seems to explain the default value of $myhostname in your case quite well. -- Regards mks
Re: High Availability
Wietse Venema wrote:
Miles Fidelman:
Have you considered the following:
- Inbound mail spends a fraction of a second in the queue.
- Inbound mail spends days or weeks or more in the mailbox.
- If an MTA goes down, mail flows via alternate MX hosts.
- If the mailbox store goes down, then you have no mail.
That's why high availability focuses on the mailbox store,
not on the MTA in the middle.
[talking about OUTBOUND mail which was not the subject of this thread]
You change the topic of the discussion and then claim some
contradiction.
Not to be argumentative or anything, but... original query was:
"Presently we have primary MX and backup MX servers, when primary goes
down mails will be queued in secondary MX, once primary restored all
messages pushed from backup MX to primary MX, messages are not lost. I
would like to know any solution sending and receiving messages from
backup MX when primary MX is down?"
Which sure looks like it includes outbound ("sending") as part of the topic.
Miles
Re: High Availability
Miles Fidelman: > Wietse Venema wrote: > > Miles Fidelman: > >>> Have you considered the following: > >>> > >>> - Inbound mail spends a fraction of a second in the queue. > >>> > >>> - Inbound mail spends days or weeks or more in the mailbox. > >>> > >>> - If an MTA goes down, mail flows via alternate MX hosts. > >>> > >>> - If the mailbox store goes down, then you have no mail. > >>> > >>> That's why high availability focuses on the mailbox store, > >>> not on the MTA in the middle. > >> [talking about OUTBOUND mail which was not the subject of this thread] > > You change the topic of the discussion and then claim some > > contradiction. > Not to be argumentative or anything, but... original query was: > "Presently we have primary MX and backup MX servers, when primary goes > down mails will be queued in secondary MX, once primary restored all > messages pushed from backup MX to primary MX, messages are not lost. I He describes the flow of email for domains that have MX records with the names of his MX hosts (when the primary MX is down, mail queues on the secondary MX, from which it's sent to the primary). In other words, he describes inbound email. Outbound mail. on the other hand, is sent to the remote MX hosts of remote destination domains. Those remote MX hosts are not the MX hosts that he is talking about. Wietse
Re: High Availability
I don't see any reason to complicate things by implementing HA solution, when you can simply have multiple MX records. On Mon, Apr 7, 2014 at 12:35 AM, Ramesh wrote: > > > Hi All, > > Presently we have primary MX and backup MX servers, when primary goes down mails will be queued in secondary MX, once primary restored all messages pushed from backup MX to primary MX, messages are not lost. I would like to know any solution sending and receiving messages from backup MX when primary MX is down? > > Appreciate suggestion, recently due to major internet service down, we are not able to check mails or send mails. > > Thanks > Ramesh
eg: Transport table not working
Hi, I have kept a transport map for the exclusive delivery of abcdmail.com but its again going along with the regular outbound mails. Please suggest. #Cat /etc/postfix/transport abcdmail.com abcd:abcdmail.com I added the below line in master.cf abcd unix - - n - - smtp Further, I didn't give any limits or delays in main.cf. Still the delieveries to this domain is going along with the outbound mails thus slowing down the outbound queue. Please help. Thanks in advance.
Re: Where is 'localdomain' defined?
Okay, I remember getting caught like this before. I thought the -d was for 'display' when it means 'defaults' I thought I was listing the current settings. I quickly read the man page, saw the word 'Print' and thought "BINGO!!! That's my parameter" > 07.04.2014 16:34, Timothy D. Legg: > >> On my system, lets say the /etc/hostname is assigned to be 'example'. >> This is not a FQDN, which would require $myhostname to be set as >> something >> more exact. In my main.cf, I have a line: >> >> myhostname = example.com >> >> but when I run postconf -d myhostname, I get an output that I didn't >> expect: >> >> myhostname = example.localdomain >> >> >> My question is where did the word localdomain come from and what exactly >> does it mean? On this machine, the domain name it hosts (example.com) >> happens to also be the machine hostname (example) in this case. Because >> of this, I'm not sure with 'example' is being returned by postconf. >> >> Anybody willing to help clarify this for me? > > From man 5 postconf: > > | mydomain (default: see postconf -d output) > |The internet domain name of this mail system. The default is > |to use $myhostname minus the first component, or "localdomain" > |(Postfix 2.3 and later). > > together with > > | myhostname (default: see postconf -d output) > |The internet hostname of this mail system. The default is to > |use the fully-qualified domain name (FQDN) from gethostname(), > |or to use the non-FQDN result from gethostname() and append > |".$mydomain". > > seems to explain the default value of $myhostname in your case quite well. > > -- > Regards > mks > > > >
Re: eg: Transport table not working
KK Patnaik: > Hi, > > I have kept a transport map for the exclusive delivery of abcdmail.com but > its again going along with the regular outbound mails. Please suggest. > > #Cat /etc/postfix/transport > > abcdmail.com abcd:abcdmail.com > > I added the below line in master.cf > > abcd unix - - n - - smtp When the above works as documented, then Postfix will deliver that mail in parallel with other deliveries. Only a statistical analysis over a longer time would reveal that some recipients are delivered via this dedicated master.cf SMTP client service. Wietse
RE: eg: Transport table not working
Thank you. What should I do to see that the deliveries to this particular domain doesn't disturb the regular outbound mails? Is relay_transport is advisable and if yes then can I just assign the same transport table to the relay_transport. -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Tuesday, April 08, 2014 12:09 AM To: Postfix users Subject: Re: eg: Transport table not working KK Patnaik: > Hi, > > I have kept a transport map for the exclusive delivery of abcdmail.com > but its again going along with the regular outbound mails. Please suggest. > > #Cat /etc/postfix/transport > > abcdmail.com abcd:abcdmail.com > > I added the below line in master.cf > > abcd unix - - n - - smtp When the above works as documented, then Postfix will deliver that mail in parallel with other deliveries. Only a statistical analysis over a longer time would reveal that some recipients are delivered via this dedicated master.cf SMTP client service. Wietse
Re: eg: Transport table not working
Wietse > When the above [transport map entry and dedicated transport] works > as documented, then Postfix will deliver that mail in parallel > with other deliveries. Only a statistical analysis over a longer > time would reveal that some recipients are delivered via this > dedicated master.cf SMTP client service. KK Patnaik: > Thank you. What should I do to see that the deliveries to this particular > domain doesn't disturb the regular outbound mails? Is relay_transport is > advisable and if yes then can I just assign the same transport table to the > relay_transport. All mail shares the same network connection, it shares the same Postfix queue manager, it shares the same Postfix mail queue and it shares the same file system, memory and CPUs. If you saturate any of those things, there that will affect the delivery performance of all other mail. This is just like road traffic. If the road to the airport is congested, then it does not matter if some vehicles have high priority and others have low priority. All vehicles will be slowed down. Wietse
