Re: Question regarding smtpd DNS resolution
On Feb 5, 2018, at 05:26, Allen Coates wrote: Is this a reliable bad-host detector? On 05.02.18 12:20, LuKreme wrote: It is a very good indicator of spam. It is also an indicator of a misconfigured mail server (in the case of spammers, intentionally so). I would say "ignored" rather than "intentionally". Many admins either do not know, or do not care (in case of spammers), since it's time consuming (when you have less than /24). Anyone kitting this error on your postfix is going to be unable to send mail to the majority of mail servers. it's quite funny when they blame others for rejecting mail from servers without fcrdns. OT: I'd love an option to split these kinds of errors into a separate log file. I keep maillogs for a long time, but this Gary age I'd love to dump after a day or two). yeah, filtering logs to different files is outta postfix scope :) use syslog-ng... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool.
Re: mail.log - verify_cache.db: No such file or directory
Maurizio Caloro: > Hello > > Last week I had problems with my mail server but now everything > has settled again. I have in my logs now the following error > message that I do not understand. As I've seen, this has > already been discussed a few times. > > Please, how do I tackle this or how can I solve this!? > > > [Mail.log] > Feb 5 14:26:13 mail postfix/verify[17058]: close database > /var/lib/postfix/verify_cache.db: No such file or directory (possible > Berkeley DB bug) > > > Postfix Version - mail_version = 2.11.3 > > -rw-r--r-- 1 postfix postfix 8192 Feb 5 14:24 > /var/lib/postfix/verify_cache.db > > The file still exist, but my Mail.log seems that this arnt here. BERKELEY DB returns the "No such file or directory" error. So ask there, please. Wietse
Designing a proper postfix/dovecot LMTP/LDAP layout
I want to replace old Sendmail server with new with Postfix. And although I have read some documentation and howtos, I'm still disoriented in the vast array of possibilities in Postfix itself and its interaction with other pieces. Here is what I have: - mailserver will be the target for two domains (old surviving and current new) - users, their aliases and mail groups are in remote LDAP DB with schema /objects/values as: USERS: dn: cn=username, ou=rank, o=myorg cn: username objectClass: Person gidNumber: uNNN uidNumber: gNNN userPassword: (somehow hashed, only bind verification) homeDirectory: /Home/$rank/$username mailActive: 0/1 mail: user1@NewDomain mail: user2@OldDomain(not all users have old address] uid: username groupMembership: group DN (can be multiple times for different groups) For users in objectClass = Person applies: - cn == uid, but user1, user2 and username are not necessarily the same - users have uidNumber and gidNumber, but are almost unusable, because start from 100 (thus overlapping with system accounts ID) - homeDirectory has no meaning for mailserver machine itself - there will be only an administrator account. - absent or zero mailActive item cause mail rejecting Users can have a mail alias with LDAP in form: -- dn: cn=alias, ou=Alias, o=myorg objectClass: aliasObject cn: alias aliasedObjectName: user object DN and finally there can be mail groups defined as: dn: cn=groupname, ou=Groups, o=myorg cn: groupname mailActive: 0/1 (meaning same as for users) objectClass: groupOfNames member: user DN And my idea is: - postfix MTA (v3.2.4) with some milters (milters not essential) - dovecot (v2.3.0) IMAP server and LMTP deliver (with Sieve) - postfix, dovecot, user's mail folders on one machine (Centos 7 Linux) What will be the most appropriate layout for this scenario? I have a number of unclear areas what is best: - local users or virtual users? (I think best will be when all mail directory tree will be owned by one user account (vmail in lot howtos), but it's really best?) - mail folders should be in form '/someTopDir/$username/.mail/' ? (because isn't possible have domain part, as the user can have two mail addresses in different domains) - which transport to choose (whether one from something as local_transport = lmtp:unix:/var/run/dovecot/dovecot-lmtp virtual_transport = lmtp:unix:/var/run/dovecot/dovecot-lmtp mailbox_transport = lmtp:unix:/var/run/dovecot/dovecot-lmtp or something else? - which maps are needed and how to define them? - eventually how to configure dovecot LMTP deliver? Any recommendations or instructions are highly appreciated. Thanks, Franta
Re: Postfix upgrade breaks emails accounts from Mac OS X
> On Feb 6, 2018, at 1:26 AM, Olivier wrote: > >> TLS is set up just fine. What's failing is SASL. Perhaps there are >> different authentication settings on port 587 than on 25, and remaking >> the email account has the effect of switching the submission port? >> >> Other factors to consider: >> >> http://www.postfix.org/postconf.5.html#smtpd_sasl_local_domain >> http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options > > Both are left to the default (empty) on the old and new server. If recreating the account on the client side resolves the issue, and successful authentication is PLAIN, but what was failing before the account reset was also PLAIN, then the only conclusion is that the client settings were wrong. Whether the incorrect setting was the username, the password, the port, ... hard to say. What is clear is that there's no Postfix issue, since merely recreating the login on the MUA end is sufficient. Good luck. -- -- Viktor.
Re: Postfix upgrade breaks emails accounts from Mac OS X
Viktor Dukhovni writes: >> On Feb 6, 2018, at 1:26 AM, Olivier wrote: >> >>> TLS is set up just fine. What's failing is SASL. Perhaps there are >>> different authentication settings on port 587 than on 25, and remaking >>> the email account has the effect of switching the submission port? >>> >>> Other factors to consider: >>> >>> http://www.postfix.org/postconf.5.html#smtpd_sasl_local_domain >>> http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options >> >> Both are left to the default (empty) on the old and new server. > > If recreating the account on the client side resolves the issue, and > successful authentication is PLAIN, but what was failing before the > account reset was also PLAIN, then the only conclusion is that the > client settings were wrong. Whether the incorrect setting was the > username, the password, the port, ... hard to say. What is clear > is that there's no Postfix issue, since merely recreating the login > on the MUA end is sufficient. Thank you for the help. The problem was not postfix but a combination of cyrus-sasl and ldap: a user LDAP encrty needs an objectClass of shadowAccount to be working, not all my users had it (especially the older ones). Combined to that the fact that when doing the test internally, the autnetication could be bypassed by postfix if it did not succeed, so I was reading false results. I apologize for the noise. Olivier --
