Re: Vanishing Mail

[Wietse Venema]

Viktor Dukhovni:
> On Mon, Oct 19, 2015 at 12:03:52AM -0400, Homer Wilson Smith wrote:
> 
> > Here are the complete logs for 2 failures and 1 success.
> 
> Absence of evidence is not ironclad evidence of absence.  Just
> because there's no logging of a complete delivery, does not mean
> that no delivery took place.  All we know is that no delivery seems
> to be recorded in the logs.
> 
> > Every hour on the hour aliases are upgraded and newaliases run.  When
> > this happens logs show a whole mess of smtp and smtpd's recording that the
> > hash table has changed and that the process is restarting.
> 
> The restarts are Perfectly normal, this happens after a client has
> disconnected, and before any new connection is accepted.  It has
> no impact on mail delivery.

To investigate, send mail periodically from a cron job to a local
account, look in the mailbox for actual deliveries, and then compare
with the mail logfile for missing records.

Wietse

multiple IPs and postscreen

[Eric Abrahamsen]

Hi,

I've gotten postfix working with multiple IPs/domains/ssl certs, and so
far so good. I used the accepted answer at this link as a template:

http://serverfault.com/questions/650057/postfix-multiple-ip-smtp-banner

It works fine, until I try to add postscreen into the mix.

So the setup is, in master.cf, first a clause for the local server:

127.0.0.1:smtp inet  n-n   --   smtpd
  -o syslog_name=postfix-localhost
  -o smtp_helo_name=localhost
  -o smtp_bind_address=127.0.0.1
  -o myhostname=localhost

(I'm not actually sure if that's necessary.)

Then, for each of my two IP addresses, a block of services like so:

# for the domain blue.com

50.56.xxx.xxx:submission inet n - n - - smtpd
  -o smtpd_tls_key_file=/etc/ssl/private/blue.key
  -o smtpd_tls_cert_file=/etc/ssl/private/blue.pem

50.56.xxx.xxx:smtpd pass  - - n - - smtpd
  -o smtpd_tls_key_file=/etc/ssl/private/blue.key
  -o smtpd_tls_cert_file=/etc/ssl/private/blue.pem

50.56.xxx.xxx:smtp inet  n - n - - smtpd
  -o smtpd_tls_key_file=/etc/ssl/private/blue.key
  -o smtpd_tls_cert_file=/etc/ssl/private/blue.pem
  -o syslog_name=blue.com
  -o smtp_helo_name=mail.blue.com
  -o smtp_bind_address=50.56.xxx.xxx
  -o myhostname=mail.blue.com

blue-out  unix - - n - - smtp
   -o smtp_bind_address=50.56.xxx.xxx
   -o smtp_helo_name=mail.blue.com
   -o syslog_name=blue.com

There's another like that for red.com.

Then in sender_dependent_default_transport_maps =
hash:/etc/postfix/sender_transports

sender_transports:
@blue.com   blue-out:
@red.comred-out:

This works great until I turn on postscreen:

50.56.xxx.xxx:smtp inet  n - n - 1 postscreen

Now, I send myself an email, and in the logs see:

blue.com/postscreen[6578]: warning: cannot connect to service
private/smtpd: Connection refused

I really don't know where to go from here. I guess I suspect something
to do with chroot'ing, which I don't really understand, but I don't know
how to fix it.

Any pointers much appreciated!

Thanks,
Eric

Re: Vanishing Mail

[Noel Jones]

On 10/18/2015 11:03 PM, Homer Wilson Smith wrote:
> Every hour on the hour aliases are upgraded and newaliases run. 
> When this happens logs show a whole mess of smtp and smtpd's
> recording that the
> hash table has changed and that the process is restarting.  I
> thought this


There is a remote possibility that a hash: table rebuild race with
incoming mail could cause a message to be returned as undeliverable.
 Normally postfix logs all returned mail, but your logging seems
incomplete.

Please see
http://www.postfix.org/DATABASE_README.html#safe_db

Note: while this potential problem is documented and real,
speculation that this is what happened to your missing message is an
unproven wild guess.  Additional evidence might be found in your log
in the form of a bounce message delivered by your postfix to the
sender of the mail in question, or evidence of returned mail might
be found on the originating server.



  -- Noel Jones

Re: multiple IPs and postscreen

[Noel Jones]

On 10/19/2015 8:15 AM, Eric Abrahamsen wrote:
> Hi,
> 
> I've gotten postfix working with multiple IPs/domains/ssl certs, and so
> far so good. I used the accepted answer at this link as a template:
> 
> http://serverfault.com/questions/650057/postfix-multiple-ip-smtp-banner
> 
> It works fine, until I try to add postscreen into the mix.


Save yourself headaches and use multiple postfix instances instead.
http://www.postfix.org/MULTI_INSTANCE_README.html

While it may be possible to get postscreen to support multiple
domains inside a single postfix instance, it's very ugly, with
complex master.cf gyrations.  If you want to give it a shot anyway,
start with looking at the master.cf and postscreen documentation,
and the smtpd_service_name parameter.


  -- Noel Jones

Re: multiple IPs and postscreen

[Benny Pedersen]

Eric Abrahamsen skrev den 2015-10-19 15:15:


So the setup is, in master.cf, first a clause for the local server:

127.0.0.1:smtp inet  n-n   --   smtpd
  -o syslog_name=postfix-localhost
  -o smtp_helo_name=localhost
  -o smtp_bind_address=127.0.0.1
  -o myhostname=localhost


smtp_* does not being in use for smtpd_* binds :=)

remove smtp_helo_name and smtp_bind_address


50.56.xxx.xxx:submission inet n - n - - smtpd
  -o smtpd_tls_key_file=/etc/ssl/private/blue.key
  -o smtpd_tls_cert_file=/etc/ssl/private/blue.pem


suggest myhostname and syslog_name here aswell

copy that to multiple ips and its imho done

Re: multiple IPs and postscreen

[A. Schulze]

Eric Abrahamsen:


It works fine, until I try to add postscreen into the mix.

you did not post a complete config. but you may check your master.cf:

master.cf without postscreen:
smtp  inet  n - n - - smtpd

master.cf with postscreen:
smtp  inet  n - n - 1 postscreen
smtpd pass  - - n - - smtpd

Andreas

Re: multiple IPs and postscreen

[Wietse Venema]

A. Schulze:
> 
> Eric Abrahamsen:
> 
> > It works fine, until I try to add postscreen into the mix.
> you did not post a complete config. but you may check your master.cf:
> 
> master.cf without postscreen:
>  smtp  inet  n - n - - smtpd
> 
> master.cf with postscreen:
>  smtp  inet  n - n - 1 postscreen
>  smtpd pass  - - n - - smtpd

And with different services on different IP addresses:

master.cf with postscreen:
 1.2.3.5:smtp  inet  n - n - 1 postscreen -o 
smtpd_service_name=smtpd_1.2.3.5
 smtpd_1.2.3.5 pass  - - n - - smtpd

Ditto for the service on 1.2.3.4.

Wietse

This maybe off topic, but could somebody tell me what i am doing wrong?

[John Allen]

We want to send alerts to our admin staff from some of our remote 
servers. All the servers are Debian based and supply, smtp, imaps, file 
sharing (webdav), calendar and address book capabilities.


To send the alerts we have tried email and sms messaging. eMail works 
but can be slow depending upon the number and quailiy of hops needed to 
get from the server to the admin.


We had thought of of simply using a cell phone modem for each server. 
However cellular service at some of the locations is unreliable (too far 
north). To get round this we are thinking of using the email to SMS 
services offered by our telcos. We think SMS might be "faster" and more 
reliable as all network traffic passes through out telcos/ISPs centres 
fairly soon after leaving us.


So, why doesn't this work

echo "message text \r" | /usr/bin/mail -s "Server xxx - Alert" -r 
r...@example.com 4165551...@txt.bell.ca


If I run the above I get a test message with the subject and sender 
correct, but the message arrives with "this message was sent with 
attachments which were lost".


If I send same data using a thunderbird, outlook ... it works perfectly.

Looking in the various logs I cannot see any difference between the two 
message. Postfix seems to behave in exactly the same way all cases.


Help!
JohnA

Re: This maybe off topic, but could somebody tell me what i am doing wrong?

[John Allen]

That should say echo -e "message text \r" | 
Sorry about that

Re: multiple IPs and postscreen

[Eric Abrahamsen]

wie...@porcupine.org (Wietse Venema) writes:

> A. Schulze:
>> 
>> Eric Abrahamsen:
>> 
>> > It works fine, until I try to add postscreen into the mix.
>> you did not post a complete config. but you may check your master.cf:
>> 
>> master.cf without postscreen:
>>  smtp  inet  n - n - - smtpd
>> 
>> master.cf with postscreen:
>>  smtp  inet  n - n - 1 postscreen
>>  smtpd pass  - - n - - smtpd
>
> And with different services on different IP addresses:
>
> master.cf with postscreen:
>  1.2.3.5:smtp  inet  n - n - 1 postscreen -o 
> smtpd_service_name=smtpd_1.2.3.5
>  smtpd_1.2.3.5 pass  - - n - - smtpd
>
> Ditto for the service on 1.2.3.4.
>
>   Wietse

Awesome! That worked like a charm. Noel had me worried for a second
there, but it looks like most of the necessary gyrations I'd already
gone through -- that last step with smtpd_service_name was very simple.

Thanks to Benny also for the cleanups and pointers, I was fishing a bit
for help like that.

Thanks again to all,
Eric

Re: This maybe off topic, but could somebody tell me what i am doing wrong?

[Christian Kivalo]

Am 20. Oktober 2015 02:58:43 MESZ, schrieb John Allen :
>That should say echo -e "message text \r" | 
>Sorry about that

I'd recommend you install the package heirloom-mailx, it's much more flexible 
in what you can do with it.

Regards
Christian