Re: mysql lookup table and utf8
For Postfix 3.2 I'll update code and documentation, such that the default option_group value becomes "client". This causes the "client" option group to be read twice instead of never (reading it once is not an option). To get backwards compatibility, specify an empty option_group value. For the stable releases I'll update their documentation with a suggestion to specify "option_group = client". An incompatible code change would be forbidden. Wietse
Re: mysql lookup table and utf8
Wietse Venema: > For Postfix 3.2 I'll update code and documentation, such that the > default option_group value becomes "client". This causes the "client" > option group to be read twice instead of never (reading it once > is not an option). To get backwards compatibility, specify an empty > option_group value. > > For the stable releases I'll update their documentation with a > suggestion to specify "option_group = client". An incompatible > code change would be forbidden. I'd appreciate it if you could do some tests with the postmap command in postfix-3.2-20160925, which I just rolled out to ftp/www.porcupine.org. Wietse
Re: mysql lookup table and utf8
On 09/25/2016 06:36 PM, Wietse Venema wrote: > Wietse Venema: >> For Postfix 3.2 I'll update code and documentation, such that the >> default option_group value becomes "client". This causes the "client" >> option group to be read twice instead of never (reading it once >> is not an option). To get backwards compatibility, specify an empty >> option_group value. >> >> For the stable releases I'll update their documentation with a >> suggestion to specify "option_group = client". An incompatible >> code change would be forbidden. > I'd appreciate it if you could do some tests with the postmap command > in postfix-3.2-20160925, which I just rolled out to ftp/www.porcupine.org. > > Wietse I've downloaded the postfix-3.2-20160925 release and done the following tests with postmap and get the desired results. 1. that the client group is read by default 2. that the client group is not read if option_group is set to blank 3. that both the client group and the specific group are read if option group is set to a non blank value With this version I have no problems receiving or sending email on the server in general. My [client] group is normally empty (when not doing the above tests). John
Re: mysql lookup table and utf8
On 09/25/2016 08:04 PM, John Fawcett wrote: >> I'll update their documentation with a >> >> suggestion to specify "option_group = client". An incompatible >> >> code change would be forbidden. > > I'd appreciate it if you could do some tests with the postmap command > > in postfix-3.2-20160925, which I just rolled out to ftp/www.porcupine.org. > > I filed a documentation bug for MySQL to help clarify for future reference. http://bugs.mysql.com/bug.php?id=83142
Re: mysql lookup table and utf8
wietse: > I'd appreciate it if you could do some tests with the postmap command > in postfix-3.2-20160925, which I just rolled out to ftp/www.porcupine.org. John Fawcett: > I've downloaded the postfix-3.2-20160925 release and done the following > tests with postmap and get the desired results. > > 1. that the client group is read by default > > 2. that the client group is not read if option_group is set to blank > > 3. that both the client group and the specific group are read if option > group is set to a non blank value Great! > With this version I have no problems receiving or sending email on the > server in general. My [client] group is normally empty (when not doing > the above tests). Thanks for checking this. Looks like we have an easy-to-use solution to address the original problem, and to get backwards compatibility in the rare cases where the change would break something. In the next I'll roll out patches for the stable releases. Wietse
How to use specific *local* IPv4 address for outbound depending on sender domain?
Hello,
I have a single postfix server servicing my company’s domain and several
customer domains. All outbound mail is first received by postfix, then sent to
the same barracuda email service to go on to it’s final destination.
I want Postfix to use a specific local IPv4 address when it connects to the
barracuda relay, depending on which domain the email is from. This will
ultimately show up in the email headers for the recipient, and I need to
separate my company from the customers.
If the mail is from mycompany.com , use local IP address (eth0) 10.50.55.16
when connecting to the barracuda service to send the mail.
All other domains (our customers), use 10.50.55.17 (eth0:1)
These local IPs ultimately NAT to different public IPv4 on different subnets
and different reverse DNS names, etc.
I have already configured postfix to listen on both IP address, and even to use
different TLS certificates for them via the master.cf and I verified this is
working. But even connecting to the second IP via SMTP, authenticating and
sending a mail, the first IP is used when connecting to the relay host, as
seen in the headers of the email.
My configuration is slightly broken right now, but I don’t know how to proceed
to accomplish what I am trying to do.
Thanks for any help,
- Kevin
my /etc/postfix/transport (I know this isn’t working .. )
mycompany.com smtp:[10.50.55.16]:587
customer1.com smtp:[10.50.55.17]:587
customer2.com smtp:[10.50.55.17]:587
postconfig -nf:
postconf: warning: /etc/postfix/main.cf: unused parameter:
sender_based_routing=yes
alias_maps =
append_dot_mydomain = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
disable_vrfy_command = yes
inet_protocols = ipv4
local_transport = error:Local Transport Disabled
mydestination = localhost.$mydomain localhost
mydomain = mailsystem.com
myhostname = mailsystem.com
mynetworks = 127.0.0.0/8
postscreen_greet_action = enforce
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_new_tls_session_rate_limit = 10
smtpd_client_restrictions = check_client_access cidr:/etc/postfix/drop.cidr
smtpd_data_restrictions = reject_multi_recipient_bounce
smtpd_delay_reject = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks check_helo_access
pcre:/etc/postfix/identitycheck.pcre reject_invalid_hostname
smtpd_recipient_restrictions = reject_non_fqdn_recipient
reject_unknown_recipient_domain permit_sasl_authenticated permit_mynetworks
reject_unauth_destination check_sender_ns_access cidr:/etc/postfix/drop.cidr
check_sender_mx_access cidr:/etc/postfix/drop.cidr reject_rbl_client
ix.dnsbl.manitu.net permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain
smtpd_tls_dh1024_param_file = ${config_directory}/certs/dh_1024.pem
smtpd_tls_dh512_param_file = ${config_directory}/certs/dh_512.pem
smtpd_tls_exclude_ciphers = EXP EDH-RSA-DES-CBC-SHA ADH-DES-CBC-SHA DES-CBC-SHA
SEED-SHA
smtpd_tls_loglevel = 2
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_session_cache
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_aliases.cf
virtual_mailbox_domains = hash:/etc/postfix/virtual_domains
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_recipients.cf
hash:/etc/postfix/transport
virtual_transport = dovecot
postconf -Mf:
dovecotunix - n n - - pipe flags=ODRhu
user=vmail:vmail argv=/usr/lib/dovecot/deliver -e -f ${sender} -d
${recipient}
10.50.55.16- unix - n n - - smtp
-o smtp_bind_address=10.50.55.16
-o smtp_bind_address6=
-o smtp_address_preference=ipv4
10.50.55.17- unix - n n - - smtp
-o smtp_bind_address=10.50.55.17
-o smtp_bind_address6=
-o smtp_address_preference=ipv4
10.50.55.16:smtp inet n - n - - smtpd
-o smtpd_tls_cert_file=/etc/ssl/certs/mail.mycompany.com-chain.crt
-o smtpd_tls_key_file=/etc/ssl/private/mail.mycompany.com.key
10.50.55.16:smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_tls_cert_file=/etc/ssl/certs/mail.mycompany.com-chain.crt
-o smtpd_tls_key_file=/etc/ssl/private/mail.mycompany.com.key
10.50.55.16:submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_restrictions=
-o smtpd_tls_cert_file=/etc/postfix/cert1.pem
-o smtpd_tls_key_file=/etc/postfix/cert1.pem
10.50.55.17:smtp inet n - n - - smtpd
-o
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.customerservers.com/fullchain.pem
-o
smtpd_tls_key
proxy protocol
i have postscreen and smtpd running on the same box as submission, and it seems i am missing something when trying to leverage proxy protocol. in my main.cf i have the lines: smtpd_upstream_proxy_protocol = haproxy ... postscreen_upstream_proxy_protocol = haproxy this seems to work, but after a while haproxy detects the services as down, and i get the below message from submission in logs: postscreen_upstream_proxy_protocol = haproxy i tried to add: -o smtpd_upstream_proxy_protocol= and -o smtpd_upstream_proxy_protocol=none to my master.cf, so submission would not try to use the proxy protocol header, but i got errors or failures in both cases. how do i configure postscreen and smtpd to use the proxy protocol, but leave submission out, since it does not seem to recognize proxy protocol. if submission does use the proxy protocol, what do i set for it?
Re: How to use specific *local* IPv4 address for outbound depending on sender domain?
Kevin Long: > > Hello, > > I have a single postfix server servicing my company?s domain and > several customer domains. All outbound mail is first received by > postfix, then sent to the same barracuda email service to go on > to it?s final destination. > > I want Postfix to use a specific local IPv4 address when it connects > to the barracuda relay, depending on which domain the email is > from. This will ultimately show up in the email headers for the > recipient, and I need to separate my company from the customers. Configure an SMTP client in master.cf: /etc/postfix/master.cf: barracuda-1.2.3.4 ... . .. .. .. .. smtp -o smtp_bind_address=1.2.3.4 barracuda-1.2.3.5 ... . .. .. .. .. smtp -o smtp_bind_address=1.2.3.5 /etc/postfix/main.cf: sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport /etc/postfix/sender_transport: example.com barracuda-1.2.3.4: example.net barracuda-1.2.3.5: This requires Postfix 2.7 or later. Not saying that postfix->barracura->internet is a good idea, though. You could instead do postfix-barracuda-postfix(*) and use the same trick to set the IP address on the internet-facing Postfix SMTP client. That is the IP address that remote receivers will use for their IP-based reputation rankings. They don't care about some IP address on your internal network behind an outbound relay. Wietse
Re: proxy protocol
Brendan Kearney: > i have postscreen and smtpd running on the same box as submission, and Running postscreen for the submission service is not recommended. It should be used for MTA-to-MTA service only. The documentation even says so, threfore don't do it. > it seems i am missing something when trying to leverage proxy protocol. > > in my main.cf i have the lines: > smtpd_upstream_proxy_protocol = haproxy > ... > postscreen_upstream_proxy_protocol = haproxy smtpd_upstream_proxy_protocol is not needed when the haproxy handshake is already done in postscreen. > this seems to work, but after a while haproxy detects the services as > down, and i get the below message from submission in logs: > postscreen_upstream_proxy_protocol = haproxy What is the error message? Have you tried to look in the Postfix logs? See http://www.postfix.org/DEBUG_README.html#logging Wietse
