RE: Using Postfix for buffering > 1million mails
Thanks all, I will start to put something together around your suggestions. Some of the parameters are new to me, so will take a look at these. Robin -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Viktor Dukhovni Sent: 26 June 2014 18:51 To: postfix-users@postfix.org Subject: Re: Using Postfix for buffering > 1million mails On Thu, Jun 26, 2014 at 07:24:03PM +0200, DTNX Postmaster wrote: > Might even be able to replace the standard bounce process with > something that does the hold action for you, ensuring that nothing > ever bounces back to the Exchange boxes. Would need to be investigated > though, that, in terms of practicality and reliability. Ah yes, I also had maximal_queue_lifetime = 100d bounce_queue_lifetime = 100d and soft_bounce = yes, and some sort of job that runs once a week and reports on mail that has been sitting around longer than 5 days. -- Viktor.
Postfix and Generic rDNS
Hello there, I have a quick question / request for clarification. I’ll try to be concise. My ISP has a generic rDNS. For clarity I’ll say that it is defined as follows, "Generic rDNS means that a DNS query on the IP address resolves to something like: 123-45-67-8.your.isp.com. The opposite of generic rDNS is a "unique reverse pointer" which is usually something like mail.your-domain.com." Now my postfix always warns me due to this generic rDNS of my ISP. Postfix says, "hostname verification errors in FCrDNS: Does not resolve to address 123.45.67.8123-45-67-8.my.isp.com” Any free FCrDNS online service also shows and says the same thing, that is that rDNS is not forward confirmed or PTR is generic. The IP address is static. Postfix is working OK but this warning is simply always there as I have no control over my ISP. Would appreciate any suggestions / advices / pointers on how do I fix it? Many thanks in advance! Regards, Dennis.
Re: Postfix and Generic rDNS
On 27 Jun 2014, at 10:53, Klaipedaville on Google wrote: > I have a quick question / request for clarification. I’ll try to be concise. > > My ISP has a generic rDNS. For clarity I’ll say that it is defined as > follows, "Generic rDNS means that a DNS query on the IP address resolves to > something like: 123-45-67-8.your.isp.com. The opposite of generic rDNS is a > "unique reverse pointer" which is usually something like > mail.your-domain.com." > > Now my postfix always warns me due to this generic rDNS of my ISP. > > Postfix says, "hostname verification errors in FCrDNS: > Does not resolve to address > 123.45.67.8123-45-67-8.my.isp.com” > > Any free FCrDNS online service also shows and says the same thing, that is > that rDNS is not forward confirmed or PTR is generic. The IP address is > static. > > Postfix is working OK but this warning is simply always there as I have no > control over my ISP. Would appreciate any suggestions / advices / pointers on > how do I fix it? Many thanks in advance! First off, for the best assistance, post the actual log entries for the warning, instead of a generic description. Too much information tends to get lost if people 'translate' :-) And if you do use domain names in your examples, make sure they are the actual values, or something appropriate for example use, like 'example.com'. As documented here; http://tools.ietf.org/html/rfc2606#page-2 As for a fix, check whether your ISP supports setting the reverse DNS for your IP address. This may be a feature that comes with a 'business' type account, or they may not support it at all. If it's not supported, the general advice is to send outgoing mail via the SMTP servers provided by your ISP, to avoid issues with delivery. Mvg, Joni
Re: Postfix and Generic rDNS
Am 27.06.2014 10:53, schrieb Klaipedaville on Google: > My ISP has a generic rDNS. For clarity I’ll say that it is defined as > follows, "Generic rDNS means that a DNS query > on the IP address resolves to something like: 123-45-67-8.your.isp.com. The > opposite of generic rDNS is a "unique > reverse pointer" which is usually something like mail.your-domain.com." in general bad - i tend to block such PTR's because the postmaster finds not worth to care about a clean reputation and if i face too much spam from other "*.your.isp.com", well you have to bite it if your IP is from a eastern country i don't hestitate a second and place the whole /16 subnet of your ISP on the RBL in case of spam delivery > Now my postfix always warns me due to this generic rDNS of my ISP. > > Postfix says, "hostname verification errors in FCrDNS: > Does not resolve to address > 123.45.67.8123-45-67-8.my.isp.com” PTR and A don't match > Postfix is working OK but this warning is simply always there as > I have no control over my ISP then switch to a different ISP or move your mailserver somewhere in a datacenter (rootserver, VPS)
Re: Postfix and Generic rDNS
Hello Joni, Thank you for your suggestion and quick reply. Well, my actual log entry has been posted in my first message. I only changed the actual IP address. The log is: Postfix says, "hostname verification errors in FCrDNS: Does not resolve to address 123.45.67.8123-45-67-8.my.isp.com” Now here is the exact copy-paste if it wasn’t really clear for you from the first time: ---Hostname verification errors (FCRDNS) -- Does not resolve to address 123.45.67.8123-45-67-8.my.isp.com --- The domain names were not required in my question therefore I did not use any of them such as example.com and so on so there isn’t much for you to translate . I have a "business" type account and the reverse DNS is available. In fact, It even works OK but only one way. The thing that is not working as per my log entry is the other way around, that is the FCrDNS. I’ll double-check it with my ISP one more time on that though. However, my question was if I could possibly solve it using only postfix without getting my ISP involved because as I have already said in my previous message Postfix has been working absolutely fine without any problems with delivery or anything else. I’ve been trying to fix it using check_reverse_client_hostname_access but this does not seem to solve the issue. Would highly appreciate any other / more options, comments, assistance. Many thanks! Regards, Dennis. > > >First off, for the best assistance, post the actual log entries for the >warning, instead of a generic description. Too much information tends to get >lost if people 'translate' :-) > >And if you do use domain names in your examples, make sure they are the actual >values, or something appropriate for example use, like 'example.com'. As >documented here; > >http://tools.ietf.org/html/rfc2606#page-2 > >As for a fix, check whether your ISP supports setting the reverse DNS for your >IP address. This may be a feature that comes with a 'business' type account, >or they may not support it at all. If it's not supported, the general >advice >is to send outgoing mail via the SMTP servers provided by your ISP, to avoid >issues with delivery. > >Mvg, >Joni From: DTNX Postmaster Sent: Friday, June 27, 2014 12:12 To: postfix users Subject: Re: Postfix and Generic rDNS On 27 Jun 2014, at 10:53, Klaipedaville on Google wrote: > I have a quick question / request for clarification. I’ll try to be concise. > > My ISP has a generic rDNS. For clarity I’ll say that it is defined as > follows, "Generic rDNS means that a DNS query on the IP address resolves to > something like: 123-45-67-8.your.isp.com. The opposite of generic rDNS is a > "unique reverse pointer" which is usually something like > mail.your-domain.com." > > Now my postfix always warns me due to this generic rDNS of my ISP. > > Postfix says, "hostname verification errors in FCrDNS: > Does not resolve to address > 123.45.67.8123-45-67-8.my.isp.com” > > Any free FCrDNS online service also shows and says the same thing, that is > that rDNS is not forward confirmed or PTR is generic. The IP address is > static. > > Postfix is working OK but this warning is simply always there as I have no > control over my ISP. Would appreciate any suggestions / advices / pointers on > how do I fix it? Many thanks in advance!
Re: Postfix and Generic rDNS
Am 27.06.2014 11:52, schrieb Klaipedaville on Google: > Thank you for your suggestion and quick reply. > > Well, my actual log entry has been posted in my first message. I only changed > the actual IP address. The log is: > > Postfix says, "hostname verification errors in FCrDNS: > Does not resolve to address > 123.45.67.8123-45-67-8.my.isp.com” > > Now here is the exact copy-paste if it wasn’t really clear for you from the > first time: > > ---Hostname verification errors (FCRDNS) -- > Does not resolve to address > 123.45.67.8123-45-67-8.my.isp.com > --- > > The domain names were not required in my question therefore I did not use any > of them such as > example.com and so on so there isn’t much for you to translate Smile. well, with "I only changed the actual IP address" and "isn’t much for you to translate" why don't you just leaves us in peace and solve your problem for your own - nobody can take a look on DNS relevant things if you mask the IP
Re: Postfix and Generic rDNS
Than you for your message. Well, this is all true to the fact. I agree with you almost 100%. >PTR and A don't match. They actually do because it resolves OK one way, it does not resolve the other way around FCrDNS (forward confirmed DNS) because it’s generic PTR... >then switch to a different ISP or move your mailserver >somewhere in a datacenter (rootserver, VPS) There are not too many providers to choose from where I am at. Then again if I moved to a datacenter then I would need my "first point of access" to be made through the same local two ISPs (only two of them here)... It’s a virtual server. Am 27.06.2014 10:53, schrieb Klaipedaville on Google: > My ISP has a generic rDNS. For clarity I’ll say that it is defined as > follows, "Generic rDNS means that a DNS query > on the IP address resolves to something like: 123-45-67-8.your.isp.com. The > opposite of generic rDNS is a "unique > reverse pointer" which is usually something like mail.your-domain.com." in general bad - i tend to block such PTR's because the postmaster finds not worth to care about a clean reputation and if i face too much spam from other "*.your.isp.com", well you have to bite it if your IP is from a eastern country i don't hestitate a second and place the whole /16 subnet of your ISP on the RBL in case of spam delivery > Now my postfix always warns me due to this generic rDNS of my ISP. > > Postfix says, "hostname verification errors in FCrDNS: > Does not resolve to address > 123.45.67.8123-45-67-8.my.isp.com” PTR and A don't match > Postfix is working OK but this warning is simply always there as > I have no control over my ISP then switch to a different ISP or move your mailserver somewhere in a datacenter (rootserver, VPS)
Re: Postfix and Generic rDNS
first: * don't post HTML * don't reply-all on mailing-lists Am 27.06.2014 12:15, schrieb Klaipedaville on Google: > Than you for your message. > > Well, this is all true to the fact. I agree with you almost 100%. > >>PTR and A don't match > > They actually do because it resolves OK one way, it does not resolve the > other way around FCrDNS (forward confirmed DNS) than they don't - period > because it’s generic PTR... don't matter, call your ISP names - as you can see it's possible: 85.103.178.62.in-addr.arpa. 1849 IN PTR chello062178103085.7.12.vie.surfer.at. chello062178103085.7.12.vie.surfer.at. 3600 IN A 62.178.103.85 at that is a homeinternet access and has FCrDNS frankly even my home guest-range has FCrDNS >>then switch to a different ISP or move your mailserver >>somewhere in a datacenter (rootserver, VPS) > There are _not_ too many providers to choose from where I am at. then fight with them - they control the in-addr.arpa. and they *can* set a PTR, they only don't care > Then again if I moved to a datacenter then I would > need my "first point of access" to be made through the same > local two ISPs (only two of them here)... It’s a virtual server the difference is that datacenter IP's have a sane PTR what you are talking about the whole time looks like a home-IP and will get treatet by other mailservers like that -> reject
Re: Postfix and Generic rDNS
On 27 Jun 2014, at 11:52, Klaipedaville on Google wrote: > Thank you for your suggestion and quick reply. > > Well, my actual log entry has been posted in my first message. I only changed > the actual IP address. The log is: > > Postfix says, "hostname verification errors in FCrDNS: > Does not resolve to address > 123.45.67.8123-45-67-8.my.isp.com” > > Now here is the exact copy-paste if it wasn’t really clear for you from the > first time: > > ---Hostname verification errors (FCRDNS) -- > Does not resolve to address > 123.45.67.8123-45-67-8.my.isp.com > --- > > The domain names were not required in my question therefore I did not use any > of them such as example.com and so on so there isn’t much for you to > translate . > > I have a "business" type account and the reverse DNS is available. In fact, > It even works OK but only one way. The thing that is not working as per my > log entry is the other way around, that is the FCrDNS. I’ll double-check it > with my ISP one more time on that though. > > However, my question was if I could possibly solve it using only postfix > without getting my ISP involved because as I have already said in my previous > message Postfix has been working absolutely fine without any problems with > delivery or anything else. I’ve been trying to fix it using > check_reverse_client_hostname_access but this does not seem to solve the > issue. Please do not top-post, and try to avoid HTML messages. As for what you supplied as an error message; perhaps you copied it from a bounce message, or from some online testing tool, but it is not from the Postfix logs. If you want help with Postfix, follow the instructions here; http://www.postfix.org/DEBUG_README.html Show us the problem that you are trying to solve. If you do not provide actual, real-world logs, with data that can be tested by people on this list, don't expect much more help. Mvg, Joni
Re: Postfix and Generic rDNS
On 6/27/2014 3:53 AM, Klaipedaville on Google wrote: ... > Now my postfix always warns me due to this generic rDNS of my ISP. > > Postfix says, "hostname verification errors in FCrDNS: > Does not resolve to address > 123.45.67.8123-45-67-8.my.isp.com You should only see these warnings for mismatched hosts that connect to your Postfix SMTPD server. Do you have a NAT router in front of the Postfix server? Do your logs show all inbound connections coming from only one IP, your public IP address? Do you get this warning for every connection? If so you might try setting http://www.postfix.org/postconf.5.html#proxy_interfaces If all connections are from that one IP, get a different NAT router that doesn't rewrite the source address. Cheers, Stan
Re: email sent to bad address, is it possible to change recipient
Hello
Thank you for the response... And now I know about not editing the queue
.
We did try using the virtual_aliases_maps at the start of trying to solve
the issue. However I could not figure out how to add this address [ I
tried many ways using '\' before many of the spaces and other characters...
] :
(host smtp.fantinibakery.com[10.1.10.14] said: 550 5.1.1 : Recipient address
rejected: User unknown in local recipient table (in reply to RCPT TO
command))
"CDR =${FROM_DID}"@
fantinibakery.com
Next time will try more ways of adding the address to virtual.
On Fri, Jun 27, 2014 at 12:01 AM, Noel Jones wrote:
> On 6/25/2014 5:10 PM, Robert Fantini wrote:
> > Hello
> >
> > due to a bug in some other software we have mail occasionally get
> > stuck in the queue.
> >
> > I've tried editing /var/spool/postfix/defer/1/176CD2193E to fix
> > the address, but after running 'postfix flush' , that files reverts
> > to its original recipient. I could not find another file to edit..
> > This is a centos system, version 5 I think.
> >
> > So is there a way to change the recipient?
> >
> >
> >
> > Version : 2.6.6
> > Release : 2.2.el6_1
> >
> >
> > best regards. rob
> >
> >
>
>
> Please don't ever edit the queue file directly for any reason. That
> is not supported and can give unpredictable results.
>
> To rewrite a bad recipient, use a virtual_alias_maps entry, then
> requeue the bad message with "postsuper -r QUEUEID". The domain does
> *not* need to be defined in virtual_alias_domains.
>
>
> # main.cf
> virtual_alias_maps = hash:/etc/postfix/virtual_aliases
>
> # virtual_aliases
> b...@example.com g...@example.org
>
> # postmap virtual_aliases
>
> (and if you changed main.cf)
> # postfix reload
>
> # postsuper -r QUEUEID
>
>
>
>
> -- Noel Jones
>
Re: email sent to bad address, is it possible to change recipient
Robert Fantini:
> Hello
>
> Thank you for the response... And now I know about not editing the queue
> .
>
> We did try using the virtual_aliases_maps at the start of trying to solve
> the issue. However I could not figure out how to add this address [ I
> tried many ways using '\' before many of the spaces and other characters...
> ] :
>
> (host smtp.fantinibakery.com[10.1.10.14] said: 550 5.1.1 FROM_DID}@fantinibakery.com>: Recipient address
You would need to use a regexp: or pcre: table, escape the
$, {, }, and . characters, and anchor the pattern with ^ and $
just to be safe.
/etc/postfix/main.cf:
virtual_alias_maps = pcre:/etc/postfix/virtual.pcre
/etc/postfix/virtual.pcre:
/^CDR =\$\{FROM_DID\}@fantinibakery\.com$/ u...@example.com
You can't use address with spaces in Postfix lookup tables that are
created with the postmap command, because that command always splits
on the first whitespace character (you could have gotten away with
using the postalias command instead, but I won't go there).
Wietse
Re: email sent to bad address, is it possible to change recipient
Thank you very much!
On Fri, Jun 27, 2014 at 8:20 PM, Wietse Venema wrote:
> Robert Fantini:
> > Hello
> >
> > Thank you for the response... And now I know about not editing the
> queue
> > .
> >
> > We did try using the virtual_aliases_maps at the start of trying to
> solve
> > the issue. However I could not figure out how to add this address [ I
> > tried many ways using '\' before many of the spaces and other
> characters...
> > ] :
> >
> > (host smtp.fantinibakery.com[10.1.10.14] said: 550 5.1.1 > FROM_DID}@fantinibakery.com>: Recipient address
>
> You would need to use a regexp: or pcre: table, escape the
> $, {, }, and . characters, and anchor the pattern with ^ and $
> just to be safe.
>
> /etc/postfix/main.cf:
> virtual_alias_maps = pcre:/etc/postfix/virtual.pcre
>
> /etc/postfix/virtual.pcre:
> /^CDR =\$\{FROM_DID\}@fantinibakery\.com$/ u...@example.com
>
> You can't use address with spaces in Postfix lookup tables that are
> created with the postmap command, because that command always splits
> on the first whitespace character (you could have gotten away with
> using the postalias command instead, but I won't go there).
>
> Wietse
>
Re: Postfix and Generic rDNS
On 27 Jun 2014, at 5:52, Klaipedaville on Google wrote: Hello Joni, Thank you for your suggestion and quick reply. Well, my actual log entry has been posted in my first message. I only changed the actual IP address. There is no reason to do that, which makes it impossible for us to figure out precisely what your problem is. Your problem seems to be entirely distinct from the use of "generic" rDNS records, but your obfuscation of the specific details makes that hard to state with certainty. The log is: Postfix says, "hostname verification errors in FCrDNS: Does not resolve to address 123.45.67.8123-45-67-8.my.isp.com” Now here is the exact copy-paste if it wasn’t really clear for you from the first time: ---Hostname verification errors (FCRDNS) -- Does not resolve to address 123.45.67.8123-45-67-8.my.isp.com --- Postfix generates no messages in any form like that. It does sometimes generate log entries like this: Jun 17 12:44:39 toaster postfix/smtpd[11867]: warning: hostname br16.srvmatrix.info does not resolve to address 177.11.51.78: nodename nor servname provided, or not known That was the result of some spammer using 177.11.51.78 trying to relay through my server. The same warning would have been generated if they had been trying to send mail to me. There'sa PTR record for 177.11.51.78 pointing to br16.srvmatrix.info but there's no A or CNAME record for br16.srvmatrix.info. That DNS error is common enough that it would be unsafe to have Postfix do anything more that warn about it, but the warning is good to have in the log because it illuminates why related log messages refer to the client as "unknown". It requires no effort on my part to avoid seeing such log messages when I don't want to, because I don't normally look for them. Whatever is translating the messages in your Postfix logs into messages like the one you've included is causing pointless worry. The domain names were not required in my question therefore I did not use any of them such as example.com and so on so there isn’t much for you to translate . Not so. If you had included an actual Postfix log entry, it would have been much more clear what your difficulty is. I have a "business" type account and the reverse DNS is available. In fact, It even works OK but only one way. The thing that is not working as per my log entry is the other way around, that is the FCrDNS. I’ll double-check it with my ISP one more time on that though. Here's an example of a not-so-random real case of bad DNS that might be very similar to whatever problem you are trying to solve. First a "reverse" resolution of an IP address to a name: # dig +noauth +noadd +nocmd +nostats -x 86.100.96.251 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18478 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;251.96.100.86.in-addr.arpa. INPTR ;; ANSWER SECTION: 251.96.100.86.in-addr.arpa. 31261 IN PTR 86-100-96-251.klp.balticum.lt. That's "generic" rDNS: a PTR whose value is clearly derived from the IP address. Nothing wrong with that, if the only rational alternative is no PTR at all. However, any name used as a PTR value should have forward (A or CNAME) resolution, but this generic name does not: # dig +noadd +nocmd +nostats 86-100-96-251.klp.balticum.lt. ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46734 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;86-100-96-251.klp.balticum.lt. INA ;; AUTHORITY SECTION: balticum.lt.6016 INSOA ns1.balticum.lt. hostmaster.balticum-tv.lt. 2014050801 10800 1800 604800 86400 And who runs the reverse DNS? # dig +short 96.100.86.in-addr.arpa. SOA ns1.balticum.lt. hostmaster.balticum-tv.lt. 2011021402 43200 7200 1728000 7200 The same entity that is running the forward DNS. So this isn't miscommunication between an ISP and customer, this is an ISP that is simply incompetent. They could make the generic rDNS name resolve, but they don't. Simple stupidity, and entirely outside what anyone else can fix, even the unfortunate person using 86.100.96.251. However, my question was if I could possibly solve it using only postfix without getting my ISP involved because as I have already said in my previous message Postfix has been working absolutely fine without any problems with delivery or anything else. I’ve been trying to fix it using check_reverse_client_hostname_access but this does not seem to solve the issue. Would highly appreciate any other / more options, comments, assistance. Many thanks! If the problem i
