Re: majordomo + postifx + virtual domains + mysql... close

[postmas...@quantum-radio.net]

Found the sticky problem. There was a commented out line in “mydestination” 
that continued to a second line, and that second line was not commented out.

like this… 

#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, www.$mydomain

Fixed, and now on to the next step

thanks for the pointers everyone. Most helpful.
Robert



> On 6 Jul 2016, at 18:04, Norton Allen  wrote:
> 
> On 7/6/2016 11:10 AM, postmas...@quantum-radio.net 
>  wrote:
>> @Norton Allen
>> 
>> Thanks for that info. I thought it would do it. And, I was happy to hear 
>> that someone else has actually got it working :-)
>> 
>> I have this now in main.cf
>> 
>> alias_maps=
>>  hash:/etc/aliases
>> alias_database=
>>  hash:/etc/aliases
>> 
>> All I have in the aliases file now is the majordomo aliases and pipe.
>> 
>> majordomo:   "| /usr/local/majordomo-1.94.5/wrapper majordomo"
>> owner-majordomo:  
>> postmas...@quantum-radio.net 
>> 
>> majordomo-=owner:owner-majordomo
>> #lists
>> 
>> 
>> Nothing active in master.cf and nothing else related active in main.cf
>> 
>> A test mesage 
>> echo ‘lists’ | mail owner-majordomo simply bounces right back - ignoring the 
>> aliases file. as does to just majordomo 
>> 
>> 
>> 
>> < 
>> owner-majord...@zeus.quantum-radio.net
>>  > (expanded from 
>> ):
>>mail for zeus.quantum-radio.net  loops 
>> back to myself
>> Reporting-MTA: dns; zeus.quantum-radio.net 
>> X-Postfix-Queue-ID: 3A8C837F885F
>> X-Postfix-Sender: rfc822; rob...@zeus.quantum-radio.net 
>> 
>> Arrival-Date: Wed,  6 Jul 2016 16:04:28 +0100 (BST)
>> 
>> 
>> So really - Short of putting the postconf - n output up, Which is very long 
>> - I’m stumped. 
>> 
>> The aliases file is being ignored it seems. still.
>> Thanks though, 
>> cheers
>> Robert
>> 
>> 
> 
> It looks like you need to properly configure myhostname and/or mydestination 
> in main.cf. Postfix does not recognize that it is supposed to handle mail for 
> both quantum-radio.net and zeus.quantum-radio.net using the local transport.
> 
> Also you don't mention how postmas...@quantum-radio.net 
>  is aliased.
> 

Re: reject_unverified_recipient and destination not available

[/dev/rob0]

On Thu, Jul 07, 2016 at 12:14:19PM +0200, Chris wrote:
> what happens, if reject_unverified_recipient is enabled, but the 
> server of the relay domain isn't available?

The name of the restriction contains the answer.  The recipient 
address cannot be verified, so the mail is rejected.  See:

http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient

and carefully go through the related settings.

> I think the mail should be accepted, at least if the destination 
> address is cached.

If cached, yes.  Another good link, linked from said README:

http://www.postfix.org/verify.8.html

Look at the address_verify_*_time settings which control how long 
addresses are cached.

> What happens if it is not already known?

See above.  That is what you asked it to do, by using a 
reject_unverified_recipient restriction.

In the real world this should not be much of a problem, because most 
valid recipients will be receiving mail within the cache period.  If 
it is a problem, get and maintain a local relay_recipient_maps 
listing all valid recipients.

http://www.postfix.org/ADDRESS_CLASS_README.html#relay_domain_class
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: majordomo + postifx + virtual domains + mysql...

[postmas...@quantum-radio.net]

Getting closer.

Now at least using the command line,

echo 'lists' | mail majordomo

I get this. It is actually looking to deliver it to the command line. =
But not yet...

Jul  7 08:48:21 zeus postfix/pickup[95164]: 2AF4137FD740: uid=3D501 =
from=3D
Jul  7 08:48:21 zeus postfix/cleanup[96311]: 2AF4137FD740: =
message-id=3D<20160707074821.2af4137fd...@zeus.quantum-radio.net 
 =
>>
Jul  7 08:48:21 zeus postfix/qmgr[95165]: 2AF4137FD740: =
from=3Dmailto:rob...@zeus.quantum-radio.net> =
>>, 
size=3D368, nrcpt=3D1 (queue =
active)
Jul  7 08:48:21 zeus postfix/sendmail[96315]: fatal: =
majordomo-ow...@quantum-radio.net  =
>(5049): No recipient addresses =
found in message header
Jul  7 08:48:21 zeus postfix/local[96313]: 2AF4137FD740: =
to=3Dmailto:majord...@zeus.quantum-radio.net> =
>>, relay=3Dlocal, delay=3D0.47, =
delays=3D0.22/0.02/0/0.23, dsn=3D2.0.0, status=3Dsent (delivered to =
command:  /usr/local/majordomo-1.94.5/wrapper majordomo)
Jul  7 08:48:21 zeus postfix/qmgr[95165]: 2AF4137FD740: removed



There is a FATAL in there. No recipient in message header=E2=80=A6 but =
there is - majordomo, because it actually tries to deliver it.

anyway, from the Mail app

I get this

The server response was: mailto:majord...@quantum-radio.net> =
>>: 
Recipient address rejected: User =
unknown in virtual mailbox table

So, close, but no cigar ..




I don=E2=80=99t know if this is any help =E2=80=A6 but here it is.

postconf -n (postfix version 3.0.1)

alias_database =3D hash:/etc/aliases
alias_maps =3D hash:/etc/aliases
biff =3D no
broken_sasl_auth_clients =3D yes
command_directory =3D /usr/local/sbin
compatibility_level =3D 2
content_filter =3D smtp-amavis:[127.0.0.1]:10024
daemon_directory =3D /usr/local/libexec/postfix
data_directory =3D /var/lib/postfix
debug_peer_level =3D 2
debugger_command =3D PATH=3D/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin =
xxgdb $daemon_directory/$process_name $process_id & sleep 5
default_rbl_reply =3D $rbl_code Service unavailable; $rbl_class =
[$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} - see =
http://$rbl_domain  >.
disable_vrfy_command =3D yes
dovecot_destination_recipient_limit =3D 1
home_mailbox =3D Mail/Dovecot/
html_directory =3D /usr/share/doc/postfix/html
inet_interfaces =3D all
inet_protocols =3D ipv4
lmtp_tls_ciphers =3D $smtpd_tls_ciphers
lmtp_tls_mandatory_ciphers =3D $smtpd_tls_mandatory_ciphers
mail_owner =3D _postfix
mailbox_size_limit =3D 0
mailq_path =3D /usr/local/bin/mailq
manpage_directory =3D /usr/share/man
maps_rbl_reject_code =3D 521
message_size_limit =3D 0
meta_directory =3D /usr/local/etc/postfix
milter_default_action =3D tempfail
mydestination =3D $myhostname
mydomain =3D quantum-radio.net  
>
myhostname =3D zeus.quantum-radio.net  
>
mynetworks_style =3D host
newaliases_path =3D /usr/local/bin/newaliases
non_smtpd_milters =3D inet:127.0.0.1:8891
postscreen_access_list =3D permit_mynetworks, =
cidr:/usr/local/etc/postfix/postscreen_access.cidr, =
cidr:/usr/local/etc/postfix/postscreen_spf_whitelist.cidr reject
postscreen_bare_newline_action =3D enforce
postscreen_bare_newline_enable =3D yes
postscreen_bare_newline_ttl =3D 30d
postscreen_blacklist_action =3D drop
postscreen_cache_cleanup_interval =3D 12h
postscreen_cache_map =3D btree:$data_directory/postscreen_cache
postscreen_cache_retention_time =3D 7d
postscreen_client_connection_count_limit =3D =
$smtpd_client_connection_count_limit
postscreen_command_count_limit =3D 20
postscreen_command_filter =3D
postscreen_command_time_limit =3D ${stress?10}${stress:300}s
postscreen_disable_vrfy_command =3D $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps =3D =
$smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords =3D $smtpd_discard_ehlo_keywords
postscreen_dnsbl_action =3D enforce
postscreen_dnsbl_reply_map =3D =
texthash:/usr/local/etc/postfix/dnsbl_reply
postscreen_dnsbl_sites =3D zen.spamhaus.org  =
>*3, bl.mailspike.net 
 =
>*2, b.barracudacentral.org 
 =

Re: majordomo + postifx + virtual domains + mysql...

[/dev/rob0]

On Thu, Jul 07, 2016 at 12:30:33PM +0100, postmas...@quantum-radio.net wrote:
> Getting closer.

But not understanding some basics.

> Now at least using the command line,
> 
> echo 'lists' | mail majordomo

See "man mail" to learn how to use your mailx(1) client.  Or, better 
yet, as below, just stick with a different client for now.  "mail" is 
about the worst possible choice for testing.  (Funny, too, that it 
seems to be every beginner's first choice as well!)

Also note that "majordomo" is not a complete email address.  Use a 
complete address, localpart@domainpart.

> I get this. It is actually looking to deliver it to the command line. =
> But not yet...
> 
> Jul  7 08:48:21 zeus postfix/pickup[95164]: 2AF4137FD740: uid=3D501 =

Turn on "enable_long_queue_ids = yes"

Please turn OFF the stupid HTML markup in your mail client.

> There is a FATAL in there. No recipient in message header=E2=80=A6 but =
> there is - majordomo, because it actually tries to deliver it.
> 
> anyway, from the Mail app
> 
> I get this
> 
> The server response was: : Recipient 
> address rejected: User unknown in virtual mailbox table

This means the DOMAINPART (quantum-radio.net) was found in 
virtual_mailbox_domains, but the full address was NOT found in 
virtual_mailbox_maps.

> So, close, but no cigar ..

You need to use local(8) delivery to run a command, such as a 
listserver.

There are two common ways to do that:
1. List the domain in mydestination
2. List the address in virtual_alias_maps pointing to an address
   in mydestination

Another means of running a command would be with a pipe(8) 
transport(5).  I don't recommend that, but I mention it to be 
complete.  For a listserver, it's likely to be best to use a 
subdomain for lists and have that in mydestination.  I've never 
configured the Major, but I am familiar with Mailman, and this 
makes it very easy in Postfix.

Note that your problem at this point has *nothing* to do with 
majordomo.  Switching to Mailman would not change anything.

> I don=E2=80=99t know if this is any help =E2=80=A6 but here it is.

You should be able to tell us why you set those settings and what 
they mean.  And you probably need to remove quite a lot of them.

> postconf -n (postfix version 3.0.1)

> myhostname =3D zeus.quantum-radio.net
> mynetworks_style =3D host

myorigin is not set.  That's what controls how Postfix deals with 
unqualified localparts when used as email addresses.

It was hard to read and way too long, so I didn't go over your 
"postconf -n" in detail.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: majordomo + postifx + virtual domains + mysql...

[Norton Allen]

On 7/7/2016 8:16 AM, /dev/rob0 wrote:

Note that your problem at this point has*nothing*  to do with
majordomo.  Switching to Mailman would not change anything.
I second this. I run both Mailman and Majordomo (on separate servers) 
and the Postfix configuration is almost identical.

SASL with/without TLS in logs

[Marek Salwerowicz]

Hi list,


I am performing a migration from a legacy mail server to a new one. I am 
afraid that due to "backward compatibility" I have to leave SASL 
authentication available over an unencrypted channel.


However, I would like to find sooner or later clients that don't use 
STARTTLS befoe authentication.


How can I configure postfix to see differences in logs?

For now every authentication attempt looks the same:

client=moj.server[::1], sasl_method=LOGIN, 
sasl_username=moj.u...@mojadomena.pl


Thanks in advance!

Cheers,

Marek

Re: SASL with/without TLS in logs

[Marek Salwerowicz]

W dniu 2016-07-07 o 15:55, Marek Salwerowicz pisze:

Hi list,


I am performing a migration from a legacy mail server to a new one. I 
am afraid that due to "backward compatibility" I have to leave SASL 
authentication available over an unencrypted channel.


However, I would like to find sooner or later clients that don't use 
STARTTLS befoe authentication.


How can I configure postfix to see differences in logs?

For now every authentication attempt looks the same:

client=moj.server[::1], sasl_method=LOGIN, 
sasl_username=moj.u...@mojadomena.pl


forgot to mention:

I am running Postfix 2.10 under CentOS 7



Thanks in advance!

Cheers,

Marek

Re: DNS IP <-> domain <-> IP2 unblocking

[Noel Jones]

On 7/6/2016 6:55 PM, Homer Wilson Smith wrote:
> On Fri, 3 Jun 2016, Noel Jones wrote:

>> For the other possible combinations of bad DNS setup, you'll need to
>> use a policy service.
> 
>  OK, can you point me to RTFM for this?
> 


Documentation:
http://www.postfix.org/SMTPD_POLICY_README.html

Some policy servers
http://www.postfix.org/addon.html#policy



  -- Noel Jones

Re: SASL with/without TLS in logs

[Wietse Venema]

Marek Salwerowicz:
> However, I would like to find sooner or later clients that don't use 
> STARTTLS befoe authentication.
>
> How can I configure postfix to see differences in logs?

Assuming that no sane client sends AUTH *before* sending STARTTLS,
all you need is to set "smtpd_tls_loglevel=1" in main.cf (and do
"postfix reload") to log the completion of the STARTTLS handhake.

Wietse

Re: SASL with/without TLS in logs

[Marek Salwerowicz]

W dniu 2016-07-07 o 19:04, Wietse Venema pisze:

Marek Salwerowicz:

However, I would like to find sooner or later clients that don't use
STARTTLS befoe authentication.

How can I configure postfix to see differences in logs?

Assuming that no sane client sends AUTH *before* sending STARTTLS,
all you need is to set "smtpd_tls_loglevel=1" in main.cf (and do
"postfix reload") to log the completion of the STARTTLS handhake.


Thanks a lot !

Marek



Wietse