Re: Prevent Backscatter
Wietse Venema wrote > Wietse Venema: >> Postfix User: >> > smtpd_relay_restrictions = permit_mynetworks, >> permit_sasl_authenticated, >> > reject_unauth_destination >> >> This will be an open relay if all your SMTP mail is logged with the >> same client IP address, i.e. your SMTP mail comes from some box >> that is in mynetworks, and Postfix never sees the original SMTP >> client IP address. > > Meh, that wasn't the problem. Can you please be more specific about this problem? Do you think this will be an open relay because I removed the check_sender_access restriction? I tested this config, and it seems like it is an open relay for authenticated users, here is the result : Authenticated sender Fromlocal address To any Action OK Fromremote address To remote address Action OK ( this should be REJECT if authenticated user is not the same with the from address ) Fromremote address To local address Action OK Not authenticated sender Fromremote address To local address Action OK Fromremote address To remote address Action REJECT To fix the open relay problem for authenticated sender address, I added check_sender_access parameter, but now it is not possible to send emails from remote to local addresses, I get 554 5.7.1 : Sender address rejected: Access denied. This makes sense, because remote sender is not permit_mynetworks : in mynetworks permit_sasl_authenticated : authenticated reject_unauth_destination : rejected, but not permited either check_sender_access : in allowed senders lookup table postconf -n | grep smtpd_relay_restrictions smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_sender_access mysql:/etc/postfix/sqlconf/sender_access.cf sender_access.cf query = SELECT if(count(*) = 0, "REJECT", "OK") FROM users u WHERE u.username='%u' AND u.domain='%d' AND u.active='1'; To fix the 554 problem, I added permit_auth_destination restriction, and now it is possible to receive emails from remote senders. The open relay problem for authenticated users from remote to remote address is still there, because check_sender_access is after permit_sasl_authenticated postconf -n | grep smtpd_relay_restrictions smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit_auth_destination, check_sender_access /etc/postfix/sqlconf/sender_access.cf Authenticated sender Fromlocal address To any Action OK Fromremote address To remote address Action OK ( this should be REJECT if authenticated user is not the same with the from address ) Fromremote address To local address Action OK Not authenticated sender Fromany To local address Action OK Fromremote address To remote address Action REJECT -- View this message in context: http://postfix.1071664.n5.nabble.com/Prevent-Backscatter-tp88359p88390.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: Prevent Backscatter
Wietse Venema wrote > DO NOT specify virtual (alias or mailbox) stuff in relay_domains relay_domains is empty Wietse Venema wrote > DO NOT specify virtual (alias or mailbox) stuff in relay_recipient_maps relay_recipient_maps is empty Wietse Venema wrote > DO specify virtual alias DOMAINS in virtual_alias_DOMAINS. I set a lookup table for virtual_alias_domains. Before it didn't work, because I used $virtual_mailbox_domains, and it has different format postconf -n | grep virtual_alias_domains virtual_alias_domains = mysql:/etc/postfix/sqlconf/virtual_alias_domains.cf virtual_alias_domains.cf query = SELECT u.domain FROM users u WHERE u.username='%u' AND u.domain='%d' AND u.active='1'; -- View this message in context: http://postfix.1071664.n5.nabble.com/Prevent-Backscatter-tp88359p88391.html Sent from the Postfix Users mailing list archive at Nabble.com.
MySQL 8.0 with Postfix
This question has probably been answered somewhere before; however, I cannot find it. I am going to rebuild my FreeBSD system from the ground up. I was wondering if Postfix is compatible with the MySQL 8.0 verson release. Thanks! -- Postfix User
postfix rsyslog not logging
Hello, Suddenly after upgrade to FC25 postfix stops logging in /var/log/maillog. in /etc/rsyslog.conf is: mail.* -/var/log/maillog the dovecot reports everything in this file, postfix reports only: [root@dervish ~]# grep postfix /var/log/maillog Jan 22 15:45:25 dervish postfix[27892]: Postfix is running with backwards-compatible default settings Jan 22 15:45:25 dervish postfix[27892]: See http://www.postfix.org/COMPATIBILITY_README.html for details Jan 22 15:45:25 dervish postfix[27892]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload" Jan 22 15:45:45 dervish postfix/postfix-script[27978]: refreshing the Postfix mail system and NOTHING more. SMTP server works correctly - only logging stop working. Any clues? My configuration file are below: --System Parameters-- mail_version = 3.1.4 hostname = dervish.wsisiz.edu.pl uname = Linux dervish.wsisiz.edu.pl 4.8.15-300.fc25.x86_64 #1 SMP Thu Dec 15 23:10:23 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux --Packaging information-- looks like this postfix comes from RPM package: postfix-3.1.4-1.fc25.x86_64 --main.cf non-default parameters-- alias_maps = hash:/etc/aliases, ldap:ldapsource authorized_submit_users = !apache, static:all broken_sasl_auth_clients = yes command_time_limit = 3600s compatibility_level = 2 content_filter = smtp-amavis:[127.0.0.1]:10024 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 debug_peer_level = 9 debug_peer_list = 213.135.48.61 default_destination_concurrency_limit = 100 default_process_limit = 250 ldapsource_query_filter = (&(cn=%s)) ldapsource_result_attribute = rfc822MailMember ldapsource_search_base = ou=Aliases,dc=wsisiz,dc=edu,dc=pl ldapsource_server_host = ldaps://mythodea.wsisiz.edu.pl ldaps://oceanic.wsisiz.edu.pl ldapsource_version = 3 local_destination_concurrency_limit = 80 mailbox_command = /usr/bin/procmail -a "$EXTENSION" mailbox_size_limit = 10 mailq_path = /usr/bin/mailq.postfix mail_spool_directory = /var/spool/mail/ manpage_directory = /usr/share/man message_size_limit = 5 mydestination = $myhostname, $mydomain, pop3.$mydomain,localhost.$mydomain,gift.$mydomain,blade-runner.$mydomain,mythodea.$mydomain,unix.$mydomain,blade-runner.$mydomain,localhost,jabber.$mydomain,jabber.wit.edu.pl,oceanic.wit.edu.pl,wit.edu.pl,poczta.wsisiz.edu.pl,poczta.wit.edu.pl,info.$mydomain,localhost.$mydomain, localhost,oceanic.$mydomain,chronicles.wsisiz.edu.pl,chronicles.wit.edu.pl, mynetworks = 127.0.0.0/8 213.135.34.0/24 213.135.44.0/22 213.135.48.0/23 [2001:1a68:a::]/48 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix qmgr_message_active_limit = 5000 readme_directory = /usr/share/doc/postfix/README_FILES recipient_delimiter = + sample_directory = /usr/share/doc/postfix/samples sendmail_path = /usr/sbin/sendmail.postfix smtpd_client_connection_count_limit = 3 smtpd_client_connection_rate_limit = 3 smtpd_client_event_limit_exceptions = 127.0.0.0/8 213.135.34.0/24 213.135.44.0/22 213.135.48.0/23 [2001:1a68:a::]/48 213.222.201.98/32 smtpd_client_message_rate_limit = 3 smtpd_client_recipient_rate_limit = 21 smtpd_error_sleep_time = 15 smtpd_hard_error_limit = 2 smtpd_helo_required = yes smtpd_recipient_limit = 4000 smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, check_policy_service unix:private/policy, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access reject_unknown_client_hostname reject_rbl_client cbl.abuseat.org reject_rbl_client pbl.spamhaus.org reject_rbl_client xbl.spamhaus.org reject_rbl_client sbl.spamhaus.org reject_rbl_client bl.spamcop.net permit smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_soft_error_limit = 2 smtpd_tls_auth_only = yes smtpd_tls_CAfile = /etc/pki/tls/certs/digicert.pem smtpd_tls_cert_file = /etc/pki/tls/certs/server-mail.crt smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem smtpd_tls_key_file = /etc/pki/tls/private/server-mail.key smtpd_use_tls = yes virtual_maps = hash:/etc/postfix/virtual --master.cf-- smtp inet n - n - - smtpd submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
Re: postfix rsyslog not logging
Bart?omiej Solarz-Nies?uchowski: > Hello, > > Suddenly after upgrade to FC25 postfix stops logging in /var/log/maillog. If the problem is fixed by editing /etc/selinux/config and setting SELINUX=disabled, then you know that some SeLinux configuration is missing. SeLinux is platform-specific, not covered by Postfix support. Wietse > in /etc/rsyslog.conf is: > > mail.* -/var/log/maillog > > the dovecot reports everything in this file, > > postfix reports only: > > [root@dervish ~]# grep postfix /var/log/maillog > Jan 22 15:45:25 dervish postfix[27892]: Postfix is running with > backwards-compatible default settings > Jan 22 15:45:25 dervish postfix[27892]: See > http://www.postfix.org/COMPATIBILITY_README.html for details > Jan 22 15:45:25 dervish postfix[27892]: To disable backwards > compatibility use "postconf compatibility_level=2" and "postfix reload" > Jan 22 15:45:45 dervish postfix/postfix-script[27978]: refreshing the > Postfix mail system > > and NOTHING more. > > SMTP server works correctly - only logging stop working. > > > Any clues? > > > > My configuration file are below: > > --System Parameters-- > mail_version = 3.1.4 > hostname = dervish.wsisiz.edu.pl > uname = Linux dervish.wsisiz.edu.pl 4.8.15-300.fc25.x86_64 #1 SMP Thu > Dec 15 23:10:23 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux > > --Packaging information-- > looks like this postfix comes from RPM package: postfix-3.1.4-1.fc25.x86_64 > > --main.cf non-default parameters-- > alias_maps = hash:/etc/aliases, ldap:ldapsource > authorized_submit_users = !apache, static:all > broken_sasl_auth_clients = yes > command_time_limit = 3600s > compatibility_level = 2 > content_filter = smtp-amavis:[127.0.0.1]:10024 > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd > $daemon_directory/$process_name $process_id & sleep 5 > debug_peer_level = 9 > debug_peer_list = 213.135.48.61 > default_destination_concurrency_limit = 100 > default_process_limit = 250 > ldapsource_query_filter = (&(cn=%s)) > ldapsource_result_attribute = rfc822MailMember > ldapsource_search_base = ou=Aliases,dc=wsisiz,dc=edu,dc=pl > ldapsource_server_host = ldaps://mythodea.wsisiz.edu.pl > ldaps://oceanic.wsisiz.edu.pl > ldapsource_version = 3 > local_destination_concurrency_limit = 80 > mailbox_command = /usr/bin/procmail -a "$EXTENSION" > mailbox_size_limit = 10 > mailq_path = /usr/bin/mailq.postfix > mail_spool_directory = /var/spool/mail/ > manpage_directory = /usr/share/man > message_size_limit = 5 > mydestination = $myhostname, $mydomain, > pop3.$mydomain,localhost.$mydomain,gift.$mydomain,blade-runner.$mydomain,mythodea.$mydomain,unix.$mydomain,blade-runner.$mydomain,localhost,jabber.$mydomain,jabber.wit.edu.pl,oceanic.wit.edu.pl,wit.edu.pl,poczta.wsisiz.edu.pl,poczta.wit.edu.pl,info.$mydomain,localhost.$mydomain, > > localhost,oceanic.$mydomain,chronicles.wsisiz.edu.pl,chronicles.wit.edu.pl, > mynetworks = 127.0.0.0/8 213.135.34.0/24 213.135.44.0/22 213.135.48.0/23 > [2001:1a68:a::]/48 > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases.postfix > qmgr_message_active_limit = 5000 > readme_directory = /usr/share/doc/postfix/README_FILES > recipient_delimiter = + > sample_directory = /usr/share/doc/postfix/samples > sendmail_path = /usr/sbin/sendmail.postfix > smtpd_client_connection_count_limit = 3 > smtpd_client_connection_rate_limit = 3 > smtpd_client_event_limit_exceptions = 127.0.0.0/8 213.135.34.0/24 > 213.135.44.0/22 213.135.48.0/23 [2001:1a68:a::]/48 213.222.201.98/32 > smtpd_client_message_rate_limit = 3 > smtpd_client_recipient_rate_limit = 21 > smtpd_error_sleep_time = 15 > smtpd_hard_error_limit = 2 > smtpd_helo_required = yes > smtpd_recipient_limit = 4000 > smtpd_recipient_restrictions = reject_unknown_sender_domain, > reject_invalid_hostname, reject_non_fqdn_sender, > reject_non_fqdn_recipient, reject_unknown_recipient_domain, > reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, > check_client_access hash:/etc/postfix/client_access, > check_policy_service unix:private/policy, reject_unauth_destination, > check_sender_access hash:/etc/postfix/sender_access > reject_unknown_client_hostname reject_rbl_client cbl.abuseat.org > reject_rbl_client pbl.spamhaus.org reject_rbl_client xbl.spamhaus.org > reject_rbl_client sbl.spamhaus.org reject_rbl_client bl.spamcop.net permit > smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated > defer_unauth_destination > smtpd_sasl_auth_enable = yes > smtpd_soft_error_limit = 2 > smtpd_tls_auth_only = yes > smtpd_tls_CAfile = /etc/pki/tls/certs/digicert.pem > smtpd_tls_cert_file = /etc/pki/tls/certs/server-mail.crt > smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem > smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem > smtpd_tls_key_file = /etc/pki/tls/private/server-mail.key > smtpd_use_tls = yes > virtual_maps = hash:/etc/postfix/virtual > > --master.cf-- > smtp inet n - n
Re: postfix rsyslog not logging
W dniu 2017-01-22 o 16:49, Wietse Venema pisze: Bart?omiej Solarz-Nies?uchowski: Hello, Suddenly after upgrade to FC25 postfix stops logging in /var/log/maillog. If the problem is fixed by editing /etc/selinux/config and setting SELINUX=disabled, then you know that some SeLinux configuration is missing. SeLinux is platform-specific, not covered by Postfix support. no: there already was: SELINUX=disabled -- Bartłomiej Solarz-Niesłuchowski, Administrator WSISiZ e-mail: bartlomiej.solarz-niesluchow...@wit.edu.pl tel. 223486547, fax 223486501 JID: sol...@jabber.wit.edu.pl 01-447 Warszawa, ul. Newelska 6, pokój 404, pon.-pt. 8-16 Motto - Jak sobie pościelisz tak sie wyśpisz smime.p7s Description: Kryptograficzna sygnatura S/MIME
Re: postfix rsyslog not logging
Bart?omiej Solarz-Nies?uchowski: > W dniu 2017-01-22 o 16:49, Wietse Venema pisze: > > Bart?omiej Solarz-Nies?uchowski: > >> Hello, > >> > >> Suddenly after upgrade to FC25 postfix stops logging in /var/log/maillog. > > If the problem is fixed by editing /etc/selinux/config and setting > > SELINUX=disabled, then you know that some SeLinux configuration is > > missing. SeLinux is platform-specific, not covered by Postfix support. > no: > there already was: > SELINUX=disabled Postfix works fine with Fedora 24 rsyslogd, so I am pretty sure that Postfix isn't broken. To find out whether rsyslogd is busted, or whether systemd is causing problems, I suggest that you do tests with the postlog command as an unprivileged user. Wietse
Re: MySQL 8.0 with Postfix
On 01/22/17 10:17, Postfix User wrote: > This question has probably been answered somewhere before; however, I > cannot find it. I am going to rebuild my FreeBSD system from the ground > up. I was wondering if Postfix is compatible with the MySQL 8.0 > verson release. > > Thanks! First reaction is I don't see any reason why it wouldn't be, but MySQL 8.0 isn't GA yet. I'd wait for a stable release if I were you. -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485
Re: pop3d Login Failed
On 20/01/17 11:37, Maurizio Caloro wrote: > Please why pop3d become Login Failed for user joe? Postfix does not provide POP3 service. Please consult the pop3d community for assistance. Peter
can't get postfix to send on port 587
Hello all, I've got Postfix 3.1.3 running on FreeBSD 10.3-STABLE (last updated 1/2/17) at home, where my ISP blocks port 25, so I'm trying to go through Mailjet's SMTP relay. All the required settings as directed by Mailjet's online support are in place for sending on port 587 but Postfix is not even trying to send on port 587, as my /var/log/maillog regularly shows messages like this with every mail attempt: [...] status=deferred (delivery temporarily suspended: connect to smtp-ovhfr11.mailjet.com[5.196.43.135]:25: Operation timed out) My question: What part of my configuration is telling it not to send on port 587? Any help is appreciated. Thanks, Steve Below is a snippet of my main.cf: ** # TLS smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_key_file = /usr/local/etc/postfix/myserver.key smtpd_tls_cert_file = /usr/local/etc/postfix/server.crt smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_tls_ask_ccert= = yes # SASL smtpd_sasl_type = dovecot broken_sasl_auth_clients = yes smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination # Forward all SMTP to Mailjet relayhost = [in-v3.mailjet.com]:587 smtp_sender_dependent_authentication = yes sender_dependent_relayhost_maps = hash:/usr/local/etc/postfix/sender_relay smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl-passwords ** And here is a snippet of my master.cf: ** smtp inet n - n - - smtpd #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING #smtps inet n - n - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING
Re: can't get postfix to send on port 587
On 1/22/2017 3:47 PM, Steven Borrelli wrote: > Hello all, > > I've got Postfix 3.1.3 running on FreeBSD 10.3-STABLE (last updated > 1/2/17) at home, where my ISP blocks port 25, so I'm trying to go > through Mailjet's SMTP relay. All the required settings as directed by > Mailjet's online support are in place for sending on port 587 but > Postfix is not even trying to send on port 587, as my /var/log/maillog > regularly shows messages like this with every mail attempt: > [...] status=deferred (delivery temporarily suspended: connect to > smtp-ovhfr11.mailjet.com[5.196.43.135]:25: Operation timed out) > > My question: What part of my configuration is telling it not to send > on port 587? Any help is appreciated. > So what's in here? > sender_dependent_relayhost_maps = hash:/usr/local/etc/postfix/sender_relay -- Noel Jones > Thanks, > Steve > > > Below is a snippet of my main.cf: > ** > # TLS > smtpd_use_tls = yes > smtpd_tls_security_level = may > smtpd_tls_auth_only = yes > smtpd_tls_key_file = /usr/local/etc/postfix/myserver.key > smtpd_tls_cert_file = /usr/local/etc/postfix/server.crt > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = yes > smtpd_tls_session_cache_timeout = 3600s > tls_random_source = dev:/dev/urandom > smtpd_tls_ask_ccert= = yes > > # SASL > smtpd_sasl_type = dovecot > broken_sasl_auth_clients = yes > smtpd_sasl_path = private/auth > smtpd_sasl_auth_enable = yes > smtpd_sasl_security_options = noanonymous > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, reject_unauth_destination > smtpd_relay_restrictions = permit_sasl_authenticated, > permit_mynetworks, reject_unauth_destination > > # Forward all SMTP to Mailjet > relayhost = [in-v3.mailjet.com]:587 > smtp_sender_dependent_authentication = yes > sender_dependent_relayhost_maps = hash:/usr/local/etc/postfix/sender_relay > smtp_sasl_auth_enable = yes > smtp_sasl_security_options = noanonymous > smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl-passwords > > ** > > And here is a snippet of my master.cf: > ** > smtp inet n - n - - smtpd > #smtp inet n - n - 1 postscreen > #smtpd pass - - n - - smtpd > #dnsblog unix - - n - 0 dnsblog > #tlsproxy unix - - n - 0 tlsproxy > submission inet n - n - - smtpd > -o syslog_name=postfix/submission > -o smtpd_enforce_tls=yes > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_reject_unlisted_recipient=no > # -o smtpd_client_restrictions=$mua_client_restrictions > # -o smtpd_helo_restrictions=$mua_helo_restrictions > # -o smtpd_sender_restrictions=$mua_sender_restrictions > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject > # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject > -o milter_macro_daemon_name=ORIGINATING > #smtps inet n - n - - smtpd > # -o syslog_name=postfix/smtps > # -o smtpd_tls_wrappermode=yes > # -o smtpd_sasl_auth_enable=yes > # -o smtpd_reject_unlisted_recipient=no > # -o smtpd_client_restrictions=$mua_client_restrictions > # -o smtpd_helo_restrictions=$mua_helo_restrictions > # -o smtpd_sender_restrictions=$mua_sender_restrictions > # -o smtpd_recipient_restrictions= > # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject > # -o milter_macro_daemon_name=ORIGINATING >
Re: Prevent Backscatter
Postfix User wrote > I am trying to reject instead of sending bounce message back when email > arrives to non existing account at domains hosted by my server. Anyone having similar problem, check_recipient_access map fixed my problem postconf -n | grep smtpd_relay_restrictions smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/sqlconf/sender_access.cf sender_access.cf query = SELECT if(count(*) = 0, "REJECT 'User doesn't exist'", "OK") FROM users u WHERE u.username='%u' AND u.domain='%d' AND u.active='1'; -- View this message in context: http://postfix.1071664.n5.nabble.com/Prevent-Backscatter-tp88359p88404.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: can't get postfix to send on port 587
@domain.name in-v3.mailjet.com On Sun, Jan 22, 2017 at 3:59 PM, Noel Jones wrote: > On 1/22/2017 3:47 PM, Steven Borrelli wrote: >> Hello all, >> >> I've got Postfix 3.1.3 running on FreeBSD 10.3-STABLE (last updated >> 1/2/17) at home, where my ISP blocks port 25, so I'm trying to go >> through Mailjet's SMTP relay. All the required settings as directed by >> Mailjet's online support are in place for sending on port 587 but >> Postfix is not even trying to send on port 587, as my /var/log/maillog >> regularly shows messages like this with every mail attempt: >> [...] status=deferred (delivery temporarily suspended: connect to >> smtp-ovhfr11.mailjet.com[5.196.43.135]:25: Operation timed out) >> >> My question: What part of my configuration is telling it not to send >> on port 587? Any help is appreciated. >> > > > So what's in here? >> sender_dependent_relayhost_maps = hash:/usr/local/etc/postfix/sender_relay > > > > > -- Noel Jones > >> Thanks, >> Steve >> >> >> Below is a snippet of my main.cf: >> ** >> # TLS >> smtpd_use_tls = yes >> smtpd_tls_security_level = may >> smtpd_tls_auth_only = yes >> smtpd_tls_key_file = /usr/local/etc/postfix/myserver.key >> smtpd_tls_cert_file = /usr/local/etc/postfix/server.crt >> smtpd_tls_loglevel = 1 >> smtpd_tls_received_header = yes >> smtpd_tls_session_cache_timeout = 3600s >> tls_random_source = dev:/dev/urandom >> smtpd_tls_ask_ccert= = yes >> >> # SASL >> smtpd_sasl_type = dovecot >> broken_sasl_auth_clients = yes >> smtpd_sasl_path = private/auth >> smtpd_sasl_auth_enable = yes >> smtpd_sasl_security_options = noanonymous >> smtpd_recipient_restrictions = permit_sasl_authenticated, >> permit_mynetworks, reject_unauth_destination >> smtpd_relay_restrictions = permit_sasl_authenticated, >> permit_mynetworks, reject_unauth_destination >> >> # Forward all SMTP to Mailjet >> relayhost = [in-v3.mailjet.com]:587 >> smtp_sender_dependent_authentication = yes >> sender_dependent_relayhost_maps = hash:/usr/local/etc/postfix/sender_relay >> smtp_sasl_auth_enable = yes >> smtp_sasl_security_options = noanonymous >> smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl-passwords >> >> ** >> >> And here is a snippet of my master.cf: >> ** >> smtp inet n - n - - smtpd >> #smtp inet n - n - 1 postscreen >> #smtpd pass - - n - - smtpd >> #dnsblog unix - - n - 0 dnsblog >> #tlsproxy unix - - n - 0 tlsproxy >> submission inet n - n - - smtpd >> -o syslog_name=postfix/submission >> -o smtpd_enforce_tls=yes >> -o smtpd_tls_security_level=encrypt >> -o smtpd_sasl_auth_enable=yes >> -o smtpd_reject_unlisted_recipient=no >> # -o smtpd_client_restrictions=$mua_client_restrictions >> # -o smtpd_helo_restrictions=$mua_helo_restrictions >> # -o smtpd_sender_restrictions=$mua_sender_restrictions >> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject >> # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject >> -o milter_macro_daemon_name=ORIGINATING >> #smtps inet n - n - - smtpd >> # -o syslog_name=postfix/smtps >> # -o smtpd_tls_wrappermode=yes >> # -o smtpd_sasl_auth_enable=yes >> # -o smtpd_reject_unlisted_recipient=no >> # -o smtpd_client_restrictions=$mua_client_restrictions >> # -o smtpd_helo_restrictions=$mua_helo_restrictions >> # -o smtpd_sender_restrictions=$mua_sender_restrictions >> # -o smtpd_recipient_restrictions= >> # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject >> # -o milter_macro_daemon_name=ORIGINATING >> >
Re: can't get postfix to send on port 587
On 2017-01-22 23:29, Steven Borrelli wrote: @domain.name in-v3.mailjet.com sender_dependent_relayhost_maps is used to override your relayhost setting. Your relayhost setting [in-v3.malijet.com]:587 was overruled by in-v3.mailjet.com (port 25). Remove the sender_dependent_* settings and all your mail will be sent through your configured relayhost. On Sun, Jan 22, 2017 at 3:59 PM, Noel Jones wrote: On 1/22/2017 3:47 PM, Steven Borrelli wrote: Hello all, I've got Postfix 3.1.3 running on FreeBSD 10.3-STABLE (last updated 1/2/17) at home, where my ISP blocks port 25, so I'm trying to go through Mailjet's SMTP relay. All the required settings as directed by Mailjet's online support are in place for sending on port 587 but Postfix is not even trying to send on port 587, as my /var/log/maillog regularly shows messages like this with every mail attempt: [...] status=deferred (delivery temporarily suspended: connect to smtp-ovhfr11.mailjet.com[5.196.43.135]:25: Operation timed out) My question: What part of my configuration is telling it not to send on port 587? Any help is appreciated. So what's in here? sender_dependent_relayhost_maps = hash:/usr/local/etc/postfix/sender_relay -- Noel Jones Thanks, Steve Below is a snippet of my main.cf: ** # TLS smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_key_file = /usr/local/etc/postfix/myserver.key smtpd_tls_cert_file = /usr/local/etc/postfix/server.crt smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_tls_ask_ccert= = yes # SASL smtpd_sasl_type = dovecot broken_sasl_auth_clients = yes smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination # Forward all SMTP to Mailjet relayhost = [in-v3.mailjet.com]:587 smtp_sender_dependent_authentication = yes sender_dependent_relayhost_maps = hash:/usr/local/etc/postfix/sender_relay smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl-passwords ** And here is a snippet of my master.cf: ** smtp inet n - n - - smtpd #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING #smtps inet n - n - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING -- Christian Kivalo
Re: Prevent Backscatter
Postfix User: > Postfix User wrote > > I am trying to reject instead of sending bounce message back when email > > arrives to non existing account at domains hosted by my server. > > Anyone having similar problem, check_recipient_access map fixed my problem That is bad advice that covers up a badly-broken configuration. If anyone has a similar problem, don't set up check_recipient_access. Instead, study http://www.postfix.org/ADDRESS_CLASS_README.html and configure the valid recipient maps accordingly. Wietse
Re: postfix rsyslog not logging
Hi, on most linux distributions /dev/log is owned by systemd-journald these days. Check if your logs reach the journal: journalctl -u postfix If thats the case, check if rsyslog reads logs from journald: $ModLoad imjournal Markus On 2017-01-22 16:41, Bartłomiej Solarz-Niesłuchowski wrote: Suddenly after upgrade to FC25 postfix stops logging in /var/log/maillog. in /etc/rsyslog.conf is: mail.* -/var/log/maillog -- https://markusbenning.de/
