Re: Love the docs

2015-05-07 Thread Mark Goodge 

On 07/05/2015 02:58, Wietse Venema wrote:

Chris Stankevitz:

http://www.postfix.org/STANDARD_CONFIGURATION_README.html

To whoever dreamed up the "configuration commands with line number
followed by a translation": thank you


I'm sure I must have gotten the idea from the days that computer
systems filled a room, they were hard to use, and therefore they
came with extensive documentation. Sometimes this was called the
grey wall, or whatever was the color of the manufacturer.


I remember those days. I also remember the sense of panic associated 
with an unforeseen and unscheduled incident which required the 
documentation to be consulted :-)


Mark
--
http://www.markgoodge.uk

Send copy of incoming email to old mail server

2015-05-07 Thread Kashif Ali Bukhari 
Hi list fellows

I am in a process to move my email server from Microsoft offiice365 to postfix.
postifx is all setup and working like charm , but now i want all
incoming emails which delivered to postfix inbox should send a copy to
Microsoft office 365 mailbox.

this will help me to trancer my users from old server to new server.
if some one login to old server he//she would be able to see his
emails on old server too.

please guide me about postfix mail delivery as above requirment .

-- 
K.B

odd behaviour and a [I think] a fix

2015-05-07 Thread zep 
sorry, I normally lurk on a list for a while before I start posting to
get the feel, but if I don't send this soon, I'll forget all about it an
it'll be lost to the ether forever.

I have a VM and have been working on figuring out why postfix [via
centos 6] wasn't working the way I wanted, I'd get odd results like this:

[root@orca postfix]# postfix stop
postfix/postfix-script: stopping the Postfix mail system
/usr/libexec/postfix/postfix-script: line 153: kill:
ELF>@@8,�: arguments must be process or job IDs
/usr/libexec/postfix/postfix-script: line 153: kill: X�s2��:
arguments must be process or job IDs
/usr/libexec/postfix/postfix-script: line 153: kill: �t2�:
arguments must be process or job IDs
/usr/libexec/postfix/postfix-script: line 153: kill: : arguments
must be process or job IDs
/usr/libexec/postfix/postfix-script: line 153: kill: 
��2�0��2�@��2��@�}8�pP@8�:
arguments must be process or job IDs
/usr/libexec/postfix/postfix-script: line 153: kill: 
P@�8�`P�8�p`�8�@@���8�p��8����8���8��:
arguments must be process or job IDs
/usr/libexec/postfix/postfix-script: line 153: kill:
�8�����8�: arguments must be process or job IDs
/usr/libexec/postfix/postfix-script: line 153: kill: 
���8�@@0�8�@�8�PP�`�8�P��:
arguments must be process or job IDs
postfix/postfix-script: waiting for the Postfix mail system to terminate
postfix/postfix-script: waiting for the Postfix mail system to terminate
postfix/postfix-script: waiting for the Postfix mail system to terminate
postfix/postfix-script: waiting for the Postfix mail system to terminate
^C

I started digging into the script to figure out what is doing what/where

[root@orca postfix]# vi /usr/libexec/postfix/postfix-script
[root@orca postfix]# cd /var/
[root@orca var]# find . -name "master.pid"
./spool/postfix/pid/master.pid
[root@orca var]# file spool/postfix/pid/master.pid

it seems the master.pid file was corrupted by some other process,
overwriting with a core file

spool/postfix/pid/master.pid: ELF 64-bit LSB core file x86-64,
version 1 (SYSV), SVR4-style, from '/usr/sbin/abrtd'
[root@orca var]# rm spool/postfix/pid/master.pid
rm: remove regular file `spool/postfix/pid/master.pid'? y
[root@orca var]# ls spool/postfix/pid/
unix.cleanup  unix.defer  unix.local  unix.retry  unix.smtp
[root@orca var]# postfix stop
postfix/postfix-script: fatal: the Postfix mail system is not running
[root@orca var]# postfix start
postfix/postfix-script: starting the Postfix mail system
[root@orca var]# postfix status
postfix/postfix-script: the Postfix mail system is running: PID: 19579
[root@orca var]# ps auxww | grep pos

removed and everything ended up working fine.   it seems that there
isn't any validation being done for the contents of the pid file and it
isn't being removed if things go awry (or exit status checked, a few
places where things could be done differently).   if I make such
changes/updates, is there a place I can submit my checks to be included
in the next version/patch of postfix?   baring that, is there someone
else who'd like to make such changes?I may have hit a very odd edge
case that may well never, ever happen to anyone again, but it still
seems like a reasonable set of changes to make (at least to me).


I believe this VM got into this state due to some upgrade problems I
experienced.  specifically I think I had 2 different processes/instances
of the VM attempting to run at the same time due to the way I autostart
VMs, the way the hypervisor software doesn't really deal with locking
and partially complete upgrade to the hypervisor software.

possibly relevant version info
[root@orca var]# cat /etc/redhat-release
CentOS release 6.6 (Final)
[root@orca var]# rpm -q postfix
postfix-2.6.6-6.el6_5.x86_64


thanks

-- 
public gpg key id: AE60F64C

Re: Send copy of incoming email to old mail server

2015-05-07 Thread Tobi 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I would suggest you to have a look into the doc

http://www.postfix.org/ADDRESS_REWRITING_README.html#receiving

in our case eigther alias or auto bcc should solve the problem



Am 07.05.2015 um 12:56 schrieb Kashif Ali Bukhari:
> Hi list fellows
> 
> I am in a process to move my email server from Microsoft offiice365
> to postfix. postifx is all setup and working like charm , but now i
> want all incoming emails which delivered to postfix inbox should
> send a copy to Microsoft office 365 mailbox.
> 
> this will help me to trancer my users from old server to new
> server. if some one login to old server he//she would be able to
> see his emails on old server too.
> 
> please guide me about postfix mail delivery as above requirment .
> 

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJVS3esAAoJEDUc5iWoaKTkXLkP/iaCnaoHYaVa34GcZR3whQ5W
CJvCbMnjG+ZXlCKbfRI0AIIFF3IAUBJanRhuG6Dh/43YSzpoLUIrINrh4L7O2Dxh
4Rz3RYgGKqxqtoCBBIW+9J8pCh9xdxLRvkxlA0a1eVZvJke97oePpCtmpoi6XrID
bT1nq2zLUTXZwZfSH6qn2/xuE9rI9ap8mHPWRLGKTYhAI1H4K0wEDzhDp0azUfUJ
U/f3nvUg3D5R7ByJOnkCfolEjpZp7Jrx0zbMr0/xDnhng5fdNMXG62AuqDzjs0Qu
KMsf+shg6VC4iXg2A3jhCFkHQuflr9lo5ILYiYAsB7dFHp9UXEdWh9+aIjphwSxt
sGVj59SHgaIKB0+8dxmfLIn4cPKWj1Qbyr68XW98nVTK2I4qZeKJXSPwlxAj1puW
2ePEVU2+kJqpG/JUoAdifTyGKiD9aIeVDm0hx2COdtR6E3Tiw2NUEkyvcwxL8G34
YuR/D2abqs1DXmp07I8s6OLncZIQkOThd3gdDTkVS5rSetPVO9B29yKL3Z34W7mn
mvYGRBdS/UoQhw1BQYdMV2L/sTMG0AxxN7vf1qjgKwl38UqZwO55QLv1XqCeX3Bb
2Ku5ThpC1NS8f1C2iLonHQIuRQkGAE+og7aQ08elF/zuwrkOI6eDt+3Aa2Ge2MK0
N8Pj4LszZ8oq2gHddBni
=ibW7
-END PGP SIGNATURE-

Re: odd behaviour and a [I think] a fix

2015-05-07 Thread Wietse Venema 
zep:
> [..]   it seems that there
> isn't any validation being done for the contents of the pid file and it
> isn't being removed if things go awry (or exit status checked, a few
> places where things could be done differently).   if I make such
> changes/updates, is there a place I can submit my checks to be included
> in the next version/patch of postfix?   baring that, is there someone
> else who'd like to make such changes?I may have hit a very odd edge
> case that may well never, ever happen to anyone again, but it still
> seems like a reasonable set of changes to make (at least to me).

You can post improvements to the mailing list. BTW the master.pid
file is writable only by root. If you want to make Postfix robust 
against file system corruption of all root-only writable files,
then you have a lot of work ahead.

Wietse

Re: postfix stats

2015-05-07 Thread Alex Regan 

Hi,


I've been using pflogsumm but it's old and doesn't know about
postscreen. I'd like to see how many connections are being refused by
postscreen. What do you like? logwatch? awstats? other?



http://logreporters.sourceforge.net/

I believe logwatch now includes recent copies of these two, but I like
to run them standalone anyway.


This one is also very good, and a new version was just made available:

http://sendmailanalyzer.darold.net/

I'm sure Gilles would love to hear that you're using it and is receptive 
to making specific improvements.


Regards,
Alex

Re: Send copy of incoming email to old mail server

2015-05-07 Thread Viktor Dukhovni 
On Thu, May 07, 2015 at 03:56:18PM +0500, Kashif Ali Bukhari wrote:

> I am in the process of moving my email server from Microsoft Office365
> to Postfix.  Postfix is setup and working like charm, but now I want all
> incoming emails delivered to a Postfix recipient to also send a copy to
> a Microsoft Office365 mailbox.

This is done by either of two mechanisms:

http://www.postfix.org/postconf.5.html#virtual_alias_maps
http://www.postfix.org/postconf.5.html#recipient_bcc_maps

You need a suitable lookup table that maps each recipient's valid
email addresses to the correspoding Office365 address and, in the
case of virtual aliases, also the appropriate "local" mailbox
address.

This means that each user needs an email address that Office365
delivers (exclusively) to the user's mailbox, and another email
address that Postfix delivers exclusively to the user's mailbox.
Either, but not both can be the primary address of the user.

However, you'll probably run into loads of pain around SPF records,
since Microsoft will reject mail you forward as forgeries, because
they come from addresses not marked as permitted by the sender
domain's SPF records.

You'll need to make sure that Microsoft whitelists your Postfix
server for delivery of SPF-violating messages to recipients in
your hosted domain.  This is critical, and is the main problem
you have to deal with.

The difference between virtual_alias_maps and recipient_bcc_maps
is explained in further detail in:

http://www.postfix.org/ADDRESS_REWRITING_README.html
http://www.postfix.org/virtual.5.html

Short version:

virtual(5) mapping is recursive, (and in fact applies to
he output of recipient_bcc_maps).

recipient_bcc_maps is not recursive, and when possible
suppresses bounces to the sender when delivery fails.

-- 
Viktor.

Re: Send copy of incoming email to old mail server

2015-05-07 Thread Robert Schetterer 
Am 07.05.2015 um 12:56 schrieb Kashif Ali Bukhari:
> Hi list fellows
> 
> I am in a process to move my email server from Microsoft offiice365 to 
> postfix.
> postifx is all setup and working like charm , but now i want all
> incoming emails which delivered to postfix inbox should send a copy to
> Microsoft office 365 mailbox.
> 
> this will help me to trancer my users from old server to new server.
> if some one login to old server he//she would be able to see his
> emails on old server too.
> 
> please guide me about postfix mail delivery as above requirment .
> 

if ve written a blog which might help, but does not exact match
what you want , but it should help with mail routing  basics

https://sys4.de/de/blog/2015/05/04/postfix-gateway-virtual-bcc-multiplicator/

additional read docs from victors advice !!!

Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

SQL table lookup

2015-05-07 Thread Rod K 

I'm trying to implement

check_client_restrictions =
check_client_access pgsql:/path/to/local_blacklist-sql.cf,
...

Previously I had the same information in a cidr:
check_client_access cidr:/path/to/local_blacklist.cidr,

When I check with postmap
postmap -q 1.2.3.4 pgsql:/path/to/local_blacklist-sql.cf
or
postmap -q 1.2.3.4 cidr:/path/to/local_blacklist.cidr

Postmap returns correct responses to any query (i.e. REJECT or DUNNO)

local_blacklist-sql.cf query is a call to a function that returns one 
row with one field containing only 'REJECT' or 'DUNNO' and it is 
currently recording queries so I know smtpd is calling the function, 
however it does not reject those clients that i'm returning REJECT for.


Any ideas?

Re: postfix stats

2015-05-07 Thread Mike. 


On 5/7/2015 at 11:09 AM Alex Regan wrote:

|Hi,
|
|>> I've been using pflogsumm but it's old and doesn't know about
|>> postscreen. I'd like to see how many connections are being
refused by
|>> postscreen. What do you like? logwatch? awstats? other?
|>>
|>
|> http://logreporters.sourceforge.net/
|>
|> I believe logwatch now includes recent copies of these two, but I
like
|> to run them standalone anyway.
|
|This one is also very good, and a new version was just made
available:
|
|http://sendmailanalyzer.darold.net/
|
|I'm sure Gilles would love to hear that you're using it and is
receptive 
|to making specific improvements.
 =

Another maillog scanner, but just for postscreen info:

  https://archive.mgm51.com/sources/pslogscan.html

albeit, with a fairly simplified output.

Re: SQL table lookup

2015-05-07 Thread Wietse Venema 
Rod K:
> I'm trying to implement
> 
> check_client_restrictions =
>  check_client_access pgsql:/path/to/local_blacklist-sql.cf,

Note that this also makes queries with client name parent domains
and network prefixes (see the section "HOST NAME/ADDRESS PATTERNS"
in the access(5) manpage).

> 
> When I check with postmap
>  postmap -q 1.2.3.4 pgsql:/path/to/local_blacklist-sql.cf
> or
>  postmap -q 1.2.3.4 cidr:/path/to/local_blacklist.cidr

Note that this does not make queries with client name parent domains
and network prefixes, just the queries that you specify.

Wietse

Re: SQL table lookup

2015-05-07 Thread Rod K 

On 5/7/2015 1:48 PM, Wietse Venema wrote:

Rod K:

I'm trying to implement

check_client_restrictions =
  check_client_access pgsql:/path/to/local_blacklist-sql.cf,

Note that this also makes queries with client name parent domains
and network prefixes (see the section "HOST NAME/ADDRESS PATTERNS"
in the access(5) manpage).

I'm aware.  When the query term is NOT a valid dotted quad it returns 
DUNNO, even for hostnames.


Search order:
domain.tld
.domain.tld

net.work.addr.ess
net.work.addr
...

"

 *DUNNO*   Pretend that the lookup key was not found. This prevents Postfix
  from  trying  substrings  of the lookup key (such as a subdomain
  name, or a network address subnetwork).
"

This to me means the first lookup would check domain.tld (receive DUNNO so skip 
.domain.tld), then lookup net.work.addr.ess which will return DUNNO or REJECT 
(no further lookups)

I am handling matching for subnets internally so there is no need for further 
network address lookups.

Am I misunderstanding?  Is the initial DUNNO for domain.tld preventing 
net.work.addr.ess queries?

Re: SQL table lookup

2015-05-07 Thread Wietse Venema 
Rod K:
>   *DUNNO*   Pretend that the lookup key was not found. This prevents Postfix
>from  trying  substrings  of the lookup key (such as a 
> subdomain
>name, or a network address subnetwork).
> "
> 
> This to me means the first lookup would check domain.tld (receive DUNNO so 
> skip .domain.tld), then lookup net.work.addr.ess which will return DUNNO or 
> REJECT (no further lookups)
> 
> I am handling matching for subnets internally so there is no need for further 
> network address lookups.
> 
> Am I misunderstanding?  Is the initial DUNNO for domain.tld preventing 
> net.work.addr.ess queries?

DUNNO means something was found, don't look further. You want to
return "not found" instead.

Wietse
> 
> 
> 
> 
> 
>

Re: SQL table lookup

2015-05-07 Thread Rod K 

On 5/7/2015 3:01 PM, Wietse Venema wrote:

Rod K:

   *DUNNO*   Pretend that the lookup key was not found. This prevents Postfix
from  trying  substrings  of the lookup key (such as a subdomain
name, or a network address subnetwork).
"

This to me means the first lookup would check domain.tld (receive DUNNO so skip 
.domain.tld), then lookup net.work.addr.ess which will return DUNNO or REJECT 
(no further lookups)

I am handling matching for subnets internally so there is no need for further 
network address lookups.

Am I misunderstanding?  Is the initial DUNNO for domain.tld preventing 
net.work.addr.ess queries?

DUNNO means something was found, don't look further. You want to
return "not found" instead.

Wietse

In access.5 "not found" is not a listed response.   Is that a literal 
"NOT FOUND" or, in the case of an SQL query, an empty string or null, or 
0 rows?

Re: SQL table lookup

2015-05-07 Thread Wietse Venema 
Wietse:
> DUNNO means something was found, don't look further. You want to
> return "not found" instead.

Rod K:
> In access.5 "not found" is not a listed response.   Is that a literal 
> "NOT FOUND" or, in the case of an SQL query, an empty string or null, or 
> 0 rows?

Returning NOT FOUND means: return no result, Not: return an empty
result or some other result.

Wietse

Re: Send copy of incoming email to old mail server

2015-05-07 Thread Kashif Ali Bukhari 
i have u...@example.com created onpostfix. (mx entry is
mail.example.com and old mx entry was
example-com.mail.eo.outlook.com).

all email successfully delivered to u...@example.com's local mailbox.

now i want email for u...@example.com should be delivered to local
mailbox and a copy sent u...@example.com at
example-com.mail.eo.outlook.com , (remember mx recored
example-com.mail.eo.outlook.com is removed from example.com) so that
if user login to microsoft365 he wont miss email.

thanks

KB



On Thu, May 7, 2015 at 9:26 PM, Robert Schetterer  wrote:
> Am 07.05.2015 um 12:56 schrieb Kashif Ali Bukhari:
>> Hi list fellows
>>
>> I am in a process to move my email server from Microsoft offiice365 to 
>> postfix.
>> postifx is all setup and working like charm , but now i want all
>> incoming emails which delivered to postfix inbox should send a copy to
>> Microsoft office 365 mailbox.
>>
>> this will help me to trancer my users from old server to new server.
>> if some one login to old server he//she would be able to see his
>> emails on old server too.
>>
>> please guide me about postfix mail delivery as above requirment .
>>
>
> if ve written a blog which might help, but does not exact match
> what you want , but it should help with mail routing  basics
>
> https://sys4.de/de/blog/2015/05/04/postfix-gateway-virtual-bcc-multiplicator/
>
> additional read docs from victors advice !!!
>
> Best Regards
> MfG Robert Schetterer
>
> --
> [*] sys4 AG
>
> http://sys4.de, +49 (89) 30 90 46 64
> Franziskanerstraße 15, 81669 München
>
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer
> Aufsichtsratsvorsitzender: Florian Kirstein



-- 
Syed Kashif Ali Bukhari
+92-345-820
http://www.sysadminsline.com
http://www.kashifbukhari.com

Re: Send copy of incoming email to old mail server

2015-05-07 Thread Viktor Dukhovni 
On Fri, May 08, 2015 at 12:52:40AM +0500, Kashif Ali Bukhari wrote:

> I have u...@example.com created onpostfix. (MX entry is
> mail.example.com and the old mx entry was
> example-com.mail.eo.outlook.com).

OK.

> All email successfully delivered to u...@example.com's local mailbox.

OK.

> Now I want email for u...@example.com should be delivered to local
> mailbox and a copy sent u...@example.com via
> example-com.mail.eo.outlook.com , (remember MX recored
> example-com.mail.eo.outlook.com is removed from example.com) so that
> if user login to microsoft365 he wont miss email.

Can you arrange for Microsoft to disable SPF checks on mail you
want to forward to the user's Office365 hosted mailbox?

If you can't negotiate that with them there's no point considering
how to implement the Postfix side unless you want to jump through
hoops with SRS (too complicated for mortals I think).

If you can negotiate that, then we'd need to change the local
delivery address for each user, and route the original address
to example-com.mail.eo.outlook.com.

virtual:
# Replace user@localhost with whatever alternative mailbox
# name works for local delivery.
#
u...@example.comu...@example.com, user@localhost

transport:
example.com smtp:[example-com.mail.eo.outlook.com]

There are other ways of doing this, but they're more complex.
Nothing is workable if Microsoft will apply SPF anti-spam
filters to mail you forward.

-- 
Viktor.

Re: postfix stats

2015-05-07 Thread Benning, Markus 

Hello,

it takes input from STDIN. I'll update the examples.

If there is demand i'll push an release to cpan/git.

I created an fatpacked (includes the files from lib/) version of 
saftsumm and pushed it to:


https://markusbenning.de/tmp/saftsumm

I also added an --man option which outputs the manpage.

 Markus


Am 2015-05-05 11:43, schrieb Birta Levente:

On 01/05/2015 17:45, Benning, Markus wrote:

Hi,

if you are willed to test my pflogsumm fork and to provide some sample 
loglines

i'll implement postscreen statistics.

You can find the project at Github:

https://github.com/benningm/saftpresse

I modularized the pflogsumm code into seperate plugins:

https://github.com/benningm/saftpresse/tree/master/lib/Log/Saftpresse/Plugin 
Also Input and Outputs.


There are 2 commands. The command saftpresse will be a new interface 
to the code which

is configurable by configuration file. It is still work in progress.

The command saftsumm tries to resemble the pflogsumm commandline 
interface.
Additional features already in it are TLS and GeoIP statistics, and 
different outputs.

Currently pflogsumm, HTML, JSON and perl Dump.

My goal for saftpresse is to use it also for structured logging and to 
implement

more than just postfix logging.



Can you provide more information how to install?

The following command do nothing:
#./saftsumm -d yesterday /var/log/maillog


What I do on Centos 6.6:
put the lib/Log to /usr/share/perl5/

The test.pl says:
Parameter module is not defined for Input FileTail! at
/usr/share/perl5/Log/Saftpresse/Slurp.pm line 62.

Thanks,


--
Markus Benning, https://markusbenning.de/

Re: postfix stats

2015-05-07 Thread Benning, Markus 

Am 2015-05-01 17:43, schrieb Patrick Ben Koetter:

You can find the project at Github:

https://github.com/benningm/saftpresse


ACK. Good tool. We use it a lot.


Good to know.

Beside the classic pflogsumm interface my goal for the project is to be 
able

to output log data to ElasticSearch and counters to graphit.

That would enable live pflogsum, interactive and in color ;-)

 Markus
--
Markus Benning, https://markusbenning.de/