Re: starttls connection to LDAP server for postmap

2015-08-14 Thread Michael Ströder 
Frederic Van Espen wrote:
> When receiving a mail we lookup in ldap where the mail needs to go.
> This works fine for a simple unsecured ldap connection, but when I try to 
> enable
> start_tls I consistently receive this error when receiving a mail:
> warning: dict_ldap_set_tls_options: Unable to allocate new TLS context
> -1: Can't contact LDAP server

Likely the server cert cannot be validated.

> However, it does seem to work fine when I manually run it with
> postmap on the commandline. In that case I can see the connection to
> the LDAP server
> being set up with wireshark and the switching to STARTTLS. It seems
> only the postfix process itself cannot connect. I tried the same thing
> while using the postfix user to make sure it's not a permission issue
> but postmap also works fine in that case.

Wild guess:
You might need to add your CA cert...

> tls_ca_cert_file = /etc/postfix/escaux-ict-ca.pem

...to the chroot directory.

Ciao, Michael.



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Checking Logs for outgoing mail

2015-08-14 Thread Jaco Lesch 
Have a look at mailgrep.pl, you can find the latest version at the 
following URL:

http://taz.net.au/postfix/

Regards


On 12/08/2015 12:35, @lbutlr wrote:

I need to search the logs for outgoing mail that is coming from specific users, 
but I’m having a hard time with this since the to and from are logged on 
separate lines in the log

Does anyone have a grep solution that would show all the outbound emails in the 
30 days of logs for a specific user?



--
---
Jaco Lesch
SAIX HLS
Email: ja...@saix.net

Re: starttls connection to LDAP server for postmap

2015-08-14 Thread Frederic Van Espen 
Hello Michael,

> Wild guess:
> You might need to add your CA cert...
>
>> tls_ca_cert_file = /etc/postfix/escaux-ict-ca.pem
>
> ...to the chroot directory.

Good guess! I was not aware that the standard debian postfix install
used a chroot in /var/spool/postfix/

Thanks a bunch!

Cheers,

Frederic

postfix mail routing from VMs

2015-08-14 Thread Coert 
Hello all,

I have a setup with about 10 FreeBSD and Linux VMs. (all running postfix)

One of the VMs is the primary mail host.
All the other VMs I configured to use the primary as relayhost
And I aliased root in /etc/aliases on all VMs to an address on the primary.

So far all the mail routing is working correctly, except that the from
addresses are: r...@fully.qualified.name.of.vm
So any bounces or replies from the primary mail server cannot be
delivered, because the VMs dont accept mail from 'outside'.

Can I change the from address on each VM to something like:
rootVMname@myworking.domain? so that the domain name stays the same?
If so, where do I change this?

Or should I create a domain on the primary mail server for each VMs
fully.qualified.name.of.vm and alias those to the same address they
currently send to?


Kind regards,
Coert

Re: postfix mail routing from VMs

2015-08-14 Thread DTNX Postmaster 
On 14 Aug 2015, at 11:22, Coert  wrote:

> Hello all,
> 
> I have a setup with about 10 FreeBSD and Linux VMs. (all running postfix)
> 
> One of the VMs is the primary mail host.
> All the other VMs I configured to use the primary as relayhost
> And I aliased root in /etc/aliases on all VMs to an address on the primary.
> 
> So far all the mail routing is working correctly, except that the from
> addresses are: r...@fully.qualified.name.of.vm
> So any bounces or replies from the primary mail server cannot be
> delivered, because the VMs dont accept mail from 'outside'.
> 
> Can I change the from address on each VM to something like:
> rootVMname@myworking.domain? so that the domain name stays the same?
> If so, where do I change this?
> 
> Or should I create a domain on the primary mail server for each VMs
> fully.qualified.name.of.vm and alias those to the same address they
> currently send to?

What we do for this is the following, set in 'main.cf';

smtp_generic_maps = static:account+hostn...@example.com

This maps all local addresses to a single account on the relay host; 
'account' is the actual mailbox, 'hostname' the hostname of the VM that 
sends the message, and 'example.com' a local domain on the destination 
server.

You only need one account this way, while still able to sort messages 
based on the VM they originate from, and all bounces, replies etc. will 
be sent to 'account', on the destination server, instead of returning 
to a box that does not accept SMTP connections.

Works very well for 'null clients'; SMTP clients that only ever send 
mail, have no local mailboxes, and so on.

Mvg,
Joni

SOLVED Re: postfix mail routing from VMs

2015-08-14 Thread Coert 

On 2015-08-14 12:13, DTNX Postmaster wrote:

On 14 Aug 2015, at 11:22, Coert  wrote:


Hello all,

I have a setup with about 10 FreeBSD and Linux VMs. (all running 
postfix)


One of the VMs is the primary mail host.
All the other VMs I configured to use the primary as relayhost
And I aliased root in /etc/aliases on all VMs to an address on the 
primary.


So far all the mail routing is working correctly, except that the from
addresses are: r...@fully.qualified.name.of.vm
So any bounces or replies from the primary mail server cannot be
delivered, because the VMs dont accept mail from 'outside'.

Can I change the from address on each VM to something like:
rootVMname@myworking.domain? so that the domain name stays the same?
If so, where do I change this?

Or should I create a domain on the primary mail server for each VMs
fully.qualified.name.of.vm and alias those to the same address they
currently send to?


What we do for this is the following, set in 'main.cf';

smtp_generic_maps = static:account+hostn...@example.com

This maps all local addresses to a single account on the relay host;
'account' is the actual mailbox, 'hostname' the hostname of the VM that
sends the message, and 'example.com' a local domain on the destination
server.

You only need one account this way, while still able to sort messages
based on the VM they originate from, and all bounces, replies etc. will
be sent to 'account', on the destination server, instead of returning
to a box that does not accept SMTP connections.

Works very well for 'null clients'; SMTP clients that only ever send
mail, have no local mailboxes, and so on.

Mvg,
Joni

Thanks Joni!

This solved my problem.

Kind regards, Coert

ldap virtual split domain and forwarding.

2015-08-14 Thread L . P . H . van Belle 
Hai, 
 
Im new to the list, so tell me if im do-ing something wrong..  
in advance, .. sorry for my english, and sorry for the long explanation.. 
better to much than to little imo. 

Im having the following setup. 
 
Debian Jessie 8.1 with packages, running a zarafa mail server samba 4 AD 
domain, 
I have amost all info i want in the AD, but im having problems with some e-mail 
aliases and forwarding of these. 

packages of postfix used:
ii  postfix 2.11.3-1amd64
High-performance mail transport agent
ii  postfix-ldap2.11.3-1amd64
LDAP map support for Postfix
ii  postfix-mysql   2.11.3-1amd64
MySQL map support for Postfix
ii  postfix-pcre2.11.3-1amd64
PCRE map support for Postfix

 
This is the part im having problems with:  ( i'll explain more below the 
configuration ) 
(master.cf) 

 
alias_maps  = hash:/etc/aliases,
  
regexp:/etc/postfix/asp-redirect.regexp,
  
ldap://etc/postfix/zarafa-ads-local-aliases.cf,
alias_database  = hash:/etc/aliases
transport_maps  = 
ldap:/etc/postfix/zarafa-ads-zpublic-transport.cf,
virtual_transport   = lmtp:127.0.0.1:2003
virtual_mailbox_domains = domain.tld, internal.domain.tld
virtual_mailbox_maps= ldap:/etc/postfix/zarafa-ads-users.cf
 

# Active Directory has the possibility to create distribution groups which can 
be used as email distribution list in ZCP.
# To use integrate Postfix with distribution groups, Postfix 2.4 or higher is 
required.
#
virtual_alias_maps  = ldap:/etc/postfix/zarafa-ads-users.cf,
  
ldap:/etc/postfix/zarafa-ads-groups.cf,
  
ldap:/etc/postfix/zarafa-ads-zpublic-aliases.cf,
  
ldap://etc/postfix/zarafa-ads-local-redirects.cf 
  
ldap://etc/postfix/zarafa-ads-general-aliases.cf


 
So, im running zarafa 7.2 as mail server and samba 4 AD as domain for email 
adres lookups 
The zarafa server and email adresses and email aliasses and groups and public 
folder works fine. 
I need these settings for zarafa :  
virtual_transport  = lmtp:127.0.0.1:2003
virtual_mailbox_domains= domain.tld, internal.domain.tld
virtual_mailbox_maps   = ldap:/etc/postfix/zarafa-ads-users.cf
virtual_alias_maps = ldap:/etc/postfix/zarafa-ads-users.cf,
 ldap:/etc/postfix/zarafa-ads-groups.cf,
 ldap:/etc/postfix/zarafa-ads-zpublic-aliases.cf,

with a delivery to public folders, with a setup like this example. 
http://www.leckerbeef.de/zarafa-deliver-mail-to-public-folder-the-postfix-way/ 
as sad this all works fine, i can email to all users/groups/public folder email 
adresses. 

Now based on that im creating a "contact" and 
I use the displayName and description fiels to set my adresses for postfix. 

for the ldap -aliases files i use this filter. 
scope = sub
query_filter = (&(objectClass=contact)(displayName=%s))
result_attribute = displayName 

for the ldap -redirects files i use this filter. 
scope = sub
query_filter = (&(objectClass=contact)(displayName=%s))
result_attribute = description


for this one in the alias_maps : 
ldap://etc/postfix/zarafa-ads-local-aliases.cf 
i have here for example user: root with forward adres to an email adres in my 
public folders of zarafa, and a user e-mail adres. 
postmap -q root ldap://etc/postfix/zarafa-ads-local-aliases.cf  gives back root 
, which is correct in this case. 
postmap -q root ldap://etc/postfix/zarafa-ads-local-redirects.cf gives back :  
personalad...@domain.tld,publicfolderad...@domain.tld 

this works and is used for messages send to "root" from the server. ( and 
mailing to r...@domain.tld does NOT works and should not work ) 

here in this, i also have my ab...@domain.tld postmas...@domain.tld 
webmas...@domain.tld e-mail adresses. 
i can use this ldap file on all my servers, with this setup. and this is in a 
separated OU in the AD.  (OU=local-aliases) 
I can send to them and these are also delivered where i want. 


Now my problem(s)..  
1) what i want is email to : someadres0132...@domain.tld, forward to 
someadre...@domain.tld, forward to someadre...@offsite.domain.tld 

alias_map  has : regexp:/etc/postfix/asp-redirect.regexp and contains lines 
like 
/^someadres01/someadre...@domain.tld  
Here i catch all email adresses like someadres011...@domain.tld 

postmap -q someadres0142...@domain.

Re: Checking Logs for outgoing mail

2015-08-14 Thread @lbutlr 

> On Aug 13, 2015, at 5:39 PM, Viktor Dukhovni  
> wrote:
> 
> On Wed, Aug 12, 2015 at 04:35:59AM -0600, @lbutlr wrote:
> 
>> I need to search the logs for outgoing mail that is coming from specific
>> users, but I'm having a hard time with this since the to and from are
>> logged on separate lines in the log
>> 
>> Does anyone have a grep solution that would show all the outbound emails
>> in the 30 days of logs for a specific user?
> 
>   # gunzip -fc $(ls -rt /var/log/maillog*) |
>   perl collate |
>   perl -ne '
>   BEGIN  { $/ = "\n\n"; $match = shift; }
>   print if m{\Q$match\E}io;
>   ' \
>   ": from=”

Thank you, that worked perfectly (well, once I changed the command to bzcat, of 
course :)

I even made it into a bash function:

function mailgrep {
   bzcat $(ls -rt /var/log/maillog*) | perl /usr/local/bin/collate | perl -ne ' 
   BEGIN  { $/ = "\n\n"; $match = shift; } 
   print if m{\Q$match\E}io; 
   ' \
   ": from=<$*" | grep -v backup  | grep "to=<“


-- 
You start a conversation you can't even finish it
You're talkin' a lot, but you're not sayin' anything
When I have nothing to say, my lips are sealed
Say something once, why say it again?

[solved] When ist virtual used and when not?

2015-08-14 Thread Robert Dahlem 
Hi,

that was a tough nut. SUSE (in SLES 11 SP3) decided it is wise to act
contrary to the documentation. They inject mail from Amavis to Postfix
through a master.cf entry containing (among others):

receive_override_options=no_address_mappings

although the documentation states "This is typically specified BEFORE an
external content filter."

So when Amavis sends mail to postmas...@mydomain.info then
/etc/postfix/virtual gets ignored (as configured).

My workaround is to send mail from Amavis as rdahlem@internal.domain.

I will open a case with SUSE and ask them to move no_address_mappings to
the master.cf entry sending the mail to amavis.

Kind regards,
Robert


On 30.07.2015 16:21, Robert Dahlem wrote:

> Hi,
> 
> I would like to divert mail for postmas...@mydomain.info from the usual
> Exchange server to my account on some other internal server:
> 
> # postconf | grep "^mydomain"
> mydomain = mydomain.info
> 
> /etc/postfix/virtual:
> -
> postmasterrdahlem@internal.domain
> 
> /etc/postfix/transport:
> ---
> internal.domain   smtp:[someserver.mydomain.info]
> .internal.domain  smtp:[someserver.mydomain.info]
> mydomain.info smtp:[exchange.mydomain.info]
> .mydomain.infosmtp:[exchange.mydomain.info]
> 
> For mail from external sources that works:
> 
> postfix/smtpd[12040]: BFC6AA6606:
>   client=unknown[212.227.15.19]
> postfix/cleanup[12045]: BFC6AA6606:
>   message-id=<55ba23cf.6000...@gmx.net>
> postfix/qmgr[29471]: BFC6AA6606:
>   from=, size=2044, nrcpt=1 (queue active)
> postfix/smtp[12046]: BFC6AA6606:
>   to=,
>   orig_to=,
>   relay=127.0.0.1[127.0.0.1]:10024, delay=3.7,
>   delays=3.2/0/0.01/0.51, dsn=2.0.0, status=sent
>   (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025):
>   250 2.0.0 Ok: queued as 4ECCDA661A)
> postfix/qmgr[29471]: BFC6AA6606: removed
> 
> Mail gets sent to Amavis after being re-addressed. Then:
> 
> postfix/smtpd[12058]: 4ECCDA661A:
>   client=localhost[127.0.0.1],
>   orig_queue_id=BFC6AA6606, orig_client=unknown[212.227.15.19]
> postfix/cleanup[12045]: 4ECCDA661A:
>   message-id=<55ba23cf.6000...@gmx.net>
> postfix/qmgr[29471]: 4ECCDA661A:
>   from=, size=2697, nrcpt=1 (queue active)
> postfix/smtp[12059]: 4ECCDA661A:
>   to=,
>   relay=someserver.mydomain.info[10.4.5.6]:25,
>   delay=0.11, delays=0.03/0.01/0.01/0.07, dsn=2.0.0, status=sent
>   (250 2.0.0 t6UDGwQb007363 Message accepted for delivery)
> postfix/qmgr[29471]: 4ECCDA661A: removed
> 
> But in the case of mail originating from Amavis for
> postmas...@mydomain.info that does not work:
> 
> postfix/smtpd[22114]: BD772A661A:
>   client=localhost[127.0.0.1]
> postfix/cleanup[22101]: BD772A661A:
>   message-id=
> postfix/qmgr[4567]: BD772A661A:
>   from=,
>   size=2591, nrcpt=1 (queue active)
> postfix/smtp[22115]: BD772A661A:
>   to=,
>   relay=exchange.mydomain.info[10.1.2.3]:25,
>   delay=5.2, delays=0.07/0.01/0.08/5.1, dsn=5.1.1,
>   status=bounced (host exchange.mydomain.info[10.1.2.3] said:
>   550 5.1.1 User unknown (in reply to RCPT TO command))
> postfix/bounce[22117]: BD772A661A:
>   sender non-delivery notification: E897EA675D
> postfix/qmgr[4567]: BD772A661A: removed
> 
> Why is /etc/postfix/virtual ignored in the second case and what should I
> do about that?
> 
> Kind regards,
> Robert
> 

-- 
Mit freundlichen Grüßen / Best regards
__
Robert Dahlem
System & Network Services

Fidelity Information Services KORDOBA GmbH
Königsberger Straße 29 • 60487 Frankfurt
Tel.: +49 69 13829-2180
Fax.: +49 69 13829-5-2180



Fidelity Information Services KORDOBA GmbH • Barthstr. 18 • 80339 München
Registergericht: München, HRB 153784; Geschäftsführer: Bernard Green

_
The information contained in this message is proprietary and/or confidential. 
If you are not the intended recipient, please: (i) delete the message and all 
copies; (ii) do not disclose, distribute or use the message in any manner; and 
(iii) notify the sender immediately. In addition, please be aware that any 
message addressed to our domain is subject to archiving and review by persons 
other than the intended recipient. Thank you.

Re: Postfix multi instance for incoiming and outgoing mail

2015-08-14 Thread NFXDD 
Somethings else as well. Is an in-out multi instance solution like this a
good solution for an i7-3770 CPU @ 3.40GHz, 8 cores + 16gb RAM + 250ssd
system like this?



--
View this message in context: 
http://postfix.1071664.n5.nabble.com/Postfix-multi-instance-for-incoiming-and-outgoing-mail-tp78661p78674.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Postfix multi instance for incoiming and outgoing mail

2015-08-14 Thread NFXDD 
Hi there. Noob here 

I have been trying to give postfix multi instance a go for the past week.
With this came to the conclusion that going with a multi instance solution
where one instance for incoming mail and another for outgoing seems to be
good performance wise especially for a mass mailing setup. But if i'm wrong
feel free to tell me so.

Now, I have the default instance and I have another instance (postfix-out)
but I am just not getting what I should change exactly for both instances to
make it work as intended. Where default instance should receive all incoming
mail and postfix-out should do all the sending.

Details about my setup:
This setup has Webmin/Virtualmin installed.
I have one network interface with the main IP (xx.x.x.80) hostname:
host1.example.com and ns: ns1.example.com. This is the one I want to receive
on.
Then I have a subnet of IPs of which the one IP (xx.xx.xxx.xx3) is used for
all virtual hosts (Virtualmin) and also my ns2 (ns2.example.com) This is the
one I want to send from.

My default postfix main.cf


Then it's master.cf 


My postfix-out instance main.cf


postfix-out instance master.cf



I know that this could perhaps take a lot of explaining and I apologize for
that, but it's just I don't know what to try anymore and would really
appreciate some help on this.



--
View this message in context: 
http://postfix.1071664.n5.nabble.com/Postfix-multi-instance-for-incoiming-and-outgoing-mail-tp78676.html
Sent from the Postfix Users mailing list archive at Nabble.com.