date:20181106

Re: what does these log lines mean?

2018-11-06 Thread Poliman - Serwis

Thank you for answer. I attach .txt file with output of postconf -n.

2018-11-06 8:05 GMT+01:00 B. Reino :

> On Tue, 6 Nov 2018, Poliman - Serwis wrote:
>
> Sorry for http markup, I got knowledge for the future. Thank you for brief
>> answer. Does each email is filtered by amavisd or only some kind of
>> suspicious?
>>
>
> You're the only one who can answer that question. Did you configure such
> filtering?
>
> You could post your $(postconf -n)
>
> Cheers.
>
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*
root@s1:~# postconf -n
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
content_filter = amavis:[127.0.0.1]:10024
dovecot_destination_recipient_limit = 1
greylisting = check_policy_service inet:127.0.0.1:10023
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
message_size_limit = 0
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = s1.poliman.net, localhost, localhost.localdomain
myhostname = s1.poliman.net
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = /etc/mailname
nested_header_checks = regexp:/etc/postfix/nested_header_checks
owner_request_special = no
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps 
$virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps 
$virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps 
$sender_canonical_maps $recipient_canonical_maps $relocated_maps 
$transport_maps $mynetworks $smtpd_sender_login_maps
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost =
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtp_bind_address = 54.38.202.128
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_message_rate_limit = 100
smtpd_client_restrictions = check_client_access 
mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, 
check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, 
reject_non_fqdn_hostname, reject_invalid_helo_hostname, 
reject_unknown_helo_hostname, check_helo_access 
regexp:/etc/postfix/blacklist_helo
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_unauth_destination, check_client_access inline:{91.218.208.22=ok}, 
reject_rbl_client zen.spamhaus.org, check_recipient_access 
mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access 
mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated 
defer_unauth_destination
smtpd_restriction_classes = greylisting
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = 
proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
smtpd_sender_restrictions = check_sender_access 
regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, 
permit_sasl_authenticated, check_sender_access 
mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access 
regexp:/etc/postfix/tag_as_foreign.re
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_preempt_cipherlist = yes
transport_maps = hash:/var/lib/mailman/data/transport-mailman, 
proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, 
proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, 
proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf

Re: what does these log lines mean?

2018-11-06 Thread B. Reino


On Tue, 6 Nov 2018, Poliman - Serwis wrote:


Thank you for answer. I attach .txt file with output of postconf -n.


Your original message showed amavis filtering on ports 10024 and 10026.
Your postfix configuration shows only amavis on port 10024.

I think your logs don't come from the postfix with the configuration you
posted.

In any case, what do you need to know?
Have YOU configured the postfix server, or are you trying to understand 
why something happens (your log lines) on a server which you DO NOT 
administer?


I don't think anybody here has time for puzzles.

Re: what does these log lines mean?

2018-11-06 Thread Poliman - Serwis

Both are from one server. I am not cheating. Now I am confused, it's really
strange that these logs are diff. Your earlier message was enough for me.

2018-11-06 12:48 GMT+01:00 B. Reino :

> On Tue, 6 Nov 2018, Poliman - Serwis wrote:
>
> Thank you for answer. I attach .txt file with output of postconf -n.
>>
>
> Your original message showed amavis filtering on ports 10024 and 10026.
> Your postfix configuration shows only amavis on port 10024.
>
> I think your logs don't come from the postfix with the configuration you
> posted.
>
> In any case, what do you need to know?
> Have YOU configured the postfix server, or are you trying to understand
> why something happens (your log lines) on a server which you DO NOT
> administer?
>
> I don't think anybody here has time for puzzles.
>
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*

Re: postfix relay aunthentication error

2018-11-06 Thread workid

Its sorted, i needed to allow the postfix server as a relay in Exchange 2016



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html

Strange issue

2018-11-06 Thread Simba

Mail service is working except for delivery to a single host, which is
reporting a strange error:

postfix/smtp[13722]: 629D7A7DF9: to=,
relay=none, delay=1099, delays=1097/0/1.5/0, dsn=4.4.3, status=deferred
(Host or domain name not found. Name service error for
name=mx4.kpbsd.k12.ak.us type=A: Host not found, try again)

root:# host kpbsd.k12.ak.us
kpbsd.k12.ak.us has address 74.123.240.28
kpbsd.k12.ak.us mail is handled by 30 mx3.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 20 mail-gw.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 40 mx4.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 10 mx1.kpbsd.k12.ak.us.

root:# host mx4.kpbsd.k12.ak.us
mx4.kpbsd.k12.ak.us has address 74.123.240.23

Any help is appreciated!

-- 
Simba Lion - https://tailpuff.net
https://keybase.io/simbalion

"Why is a raven like a writing desk?"
<>

Re: Strange issue

2018-11-06 Thread Wietse Venema

Simba:
> Mail service is working except for delivery to a single host, which is
> reporting a strange error:
> 
> postfix/smtp[13722]: 629D7A7DF9: to=,
> relay=none, delay=1099, delays=1097/0/1.5/0, dsn=4.4.3, status=deferred
> (Host or domain name not found. Name service error for
> name=mx4.kpbsd.k12.ak.us type=A: Host not found, try again)

Some DNS server replied to the MX request, with a list of
servers that include mx4.kpbsd.k12.ak.us.

> root:# host kpbsd.k12.ak.us
> kpbsd.k12.ak.us has address 74.123.240.28
> kpbsd.k12.ak.us mail is handled by 30 mx3.kpbsd.k12.ak.us.
> kpbsd.k12.ak.us mail is handled by 20 mail-gw.kpbsd.k12.ak.us.
> kpbsd.k12.ak.us mail is handled by 40 mx4.kpbsd.k12.ak.us.
> kpbsd.k12.ak.us mail is handled by 10 mx1.kpbsd.k12.ak.us.

Some DNS server replied to the MX request, with a list of
servers that does not include mx4.kpbsd.k12.ak.us.

> root:# host mx4.kpbsd.k12.ak.us
> mx4.kpbsd.k12.ak.us has address 74.123.240.23
> 
> Any help is appreciated!

$ host -t ns kpbsd.k12.ak.us
kpbsd.k12.ak.us name server ns1.acsalaska.net.
kpbsd.k12.ak.us name server xdns.kpbsd.k12.ak.us.
kpbsd.k12.ak.us name server ns2.acsalaska.net.
$ host -t mx kpbsd.k12.ak.us ns1.acsalaska.net.
Using domain server:
Name: ns1.acsalaska.net.
Address: 204.17.139.1#53
Aliases: 

kpbsd.k12.ak.us mail is handled by 40 mx4.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 30 mx3.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 20 mail-gw.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 10 mx1.kpbsd.k12.ak.us.
$ host -t mx kpbsd.k12.ak.us ns2.acsalaska.net.
Using domain server:
Name: ns2.acsalaska.net.
Address: 209.112.128.1#53
Aliases: 

kpbsd.k12.ak.us mail is handled by 30 mx3.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 10 mx1.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 20 mail-gw.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 40 mx4.kpbsd.k12.ak.us.

Wietse

RE: Strange issue

2018-11-06 Thread Kevin Miller

I didn't see the errors Wietse did, but when I ran your domain through the 
report at www.dnsstuff.com it noted this (among a few other minor things):
  transitioning domain of kpbsd.k12.ak.us does not designate 74.123.240.23 as 
permitted sender | softfail | 74.123.240.23

Need to update your SPF record...

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357


-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of Wietse Venema
Sent: Tuesday, November 06, 2018 8:05 AM
To: Simba
Cc: postfix-users@postfix.org
Subject: Re: Strange issue

Simba:
> Mail service is working except for delivery to a single host, which is
> reporting a strange error:
> 
> postfix/smtp[13722]: 629D7A7DF9: to=,
> relay=none, delay=1099, delays=1097/0/1.5/0, dsn=4.4.3, status=deferred
> (Host or domain name not found. Name service error for
> name=mx4.kpbsd.k12.ak.us type=A: Host not found, try again)

Some DNS server replied to the MX request, with a list of
servers that include mx4.kpbsd.k12.ak.us.

> root:# host kpbsd.k12.ak.us
> kpbsd.k12.ak.us has address 74.123.240.28
> kpbsd.k12.ak.us mail is handled by 30 mx3.kpbsd.k12.ak.us.
> kpbsd.k12.ak.us mail is handled by 20 mail-gw.kpbsd.k12.ak.us.
> kpbsd.k12.ak.us mail is handled by 40 mx4.kpbsd.k12.ak.us.
> kpbsd.k12.ak.us mail is handled by 10 mx1.kpbsd.k12.ak.us.

Some DNS server replied to the MX request, with a list of
servers that does not include mx4.kpbsd.k12.ak.us.

> root:# host mx4.kpbsd.k12.ak.us
> mx4.kpbsd.k12.ak.us has address 74.123.240.23
> 
> Any help is appreciated!

$ host -t ns kpbsd.k12.ak.us
kpbsd.k12.ak.us name server ns1.acsalaska.net.
kpbsd.k12.ak.us name server xdns.kpbsd.k12.ak.us.
kpbsd.k12.ak.us name server ns2.acsalaska.net.
$ host -t mx kpbsd.k12.ak.us ns1.acsalaska.net.
Using domain server:
Name: ns1.acsalaska.net.
Address: 204.17.139.1#53
Aliases: 

kpbsd.k12.ak.us mail is handled by 40 mx4.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 30 mx3.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 20 mail-gw.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 10 mx1.kpbsd.k12.ak.us.
$ host -t mx kpbsd.k12.ak.us ns2.acsalaska.net.
Using domain server:
Name: ns2.acsalaska.net.
Address: 209.112.128.1#53
Aliases: 

kpbsd.k12.ak.us mail is handled by 30 mx3.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 10 mx1.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 20 mail-gw.kpbsd.k12.ak.us.
kpbsd.k12.ak.us mail is handled by 40 mx4.kpbsd.k12.ak.us.

Wietse

Re: Strange issue

2018-11-06 Thread Wietse Venema

Wietse Venema:
> Simba:
> > Mail service is working except for delivery to a single host, which is
> > reporting a strange error:
> > 
> > postfix/smtp[13722]: 629D7A7DF9: to=,
> > relay=none, delay=1099, delays=1097/0/1.5/0, dsn=4.4.3, status=deferred
> > (Host or domain name not found. Name service error for
> > name=mx4.kpbsd.k12.ak.us type=A: Host not found, try again)
> 
> Some DNS server replied to the MX request, with a list of
> servers that include mx4.kpbsd.k12.ak.us.
> 
> > root:# host kpbsd.k12.ak.us
> > kpbsd.k12.ak.us has address 74.123.240.28
> > kpbsd.k12.ak.us mail is handled by 30 mx3.kpbsd.k12.ak.us.
> > kpbsd.k12.ak.us mail is handled by 20 mail-gw.kpbsd.k12.ak.us.
> > kpbsd.k12.ak.us mail is handled by 40 mx4.kpbsd.k12.ak.us.
> > kpbsd.k12.ak.us mail is handled by 10 mx1.kpbsd.k12.ak.us.
> 
> Some DNS server replied to the MX request, with a list of
> servers that does not include mx4.kpbsd.k12.ak.us.

Sorry, I missed that it was listed in the response.

> > root:# host mx4.kpbsd.k12.ak.us
> > mx4.kpbsd.k12.ak.us has address 74.123.240.23
> > 
> > Any help is appreciated!
> 
> $ host -t ns kpbsd.k12.ak.us
> kpbsd.k12.ak.us name server ns1.acsalaska.net.
> kpbsd.k12.ak.us name server xdns.kpbsd.k12.ak.us.
> kpbsd.k12.ak.us name server ns2.acsalaska.net.

$ host mx4.kpbsd.k12.ak.us xdns.kpbsd.k12.ak.us.
Using domain server:
Name: xdns.kpbsd.k12.ak.us.
Address: 74.123.240.3#53
Aliases: 

mx4.kpbsd.k12.ak.us has address 74.123.240.23

This took a several seconds to respond to my
query from NY state. Not sure what is going on.

Wietse

RE: Strange issue

2018-11-06 Thread Kevin Miller

Doing a couple of quick "digs" on the MX records, I noticed that in the 
"ADDITIONAL SECTION" that the ACS servers report more hosts than the 
kpbsd.k12.ak.us entry.  Do you have access to that DNS server?  I suspect the 
SOA may be a bit off from the others.  I presume that one of the three is your 
"master" and the other two are slaves?  I'd make sure they're all in sync and 
all name servers are listed in the SOA.  Also, ask ACS tech support to add glue 
records for your servers.  That could explain some of the latency.

Run the report at 
https://www.dnsstuff.com/tools#dnsReport|type=domain&&value=kpbsd.k12.ak.us and 
fix the things it notes.

mkm@mis-mkm-lnx:~$ dig  MX kpbsd.k12.ak.us @xdns.kpbsd.k12.ak.us

; <<>> DiG 9.10.3-P4-Debian <<>> MX kpbsd.k12.ak.us @xdns.kpbsd.k12.ak.us
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41461
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 3, ADDITIONAL: 6
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;kpbsd.k12.ak.us.   IN  MX

;; ANSWER SECTION:
kpbsd.k12.ak.us.300 IN  MX  10 mx1.kpbsd.k12.ak.us.
kpbsd.k12.ak.us.300 IN  MX  20 mail-gw.kpbsd.k12.ak.us.
kpbsd.k12.ak.us.300 IN  MX  40 mx4.kpbsd.k12.ak.us.
kpbsd.k12.ak.us.300 IN  MX  30 mx3.kpbsd.k12.ak.us.

;; AUTHORITY SECTION:
kpbsd.k12.ak.us.300 IN  NS  ns1.acsalaska.net.
kpbsd.k12.ak.us.300 IN  NS  xdns.kpbsd.k12.ak.us.
kpbsd.k12.ak.us.300 IN  NS  ns2.acsalaska.net.

;; ADDITIONAL SECTION:
mx1.kpbsd.k12.ak.us.300 IN  A   74.123.240.23
mail-gw.kpbsd.k12.ak.us. 300IN  A   74.123.240.22
mx3.kpbsd.k12.ak.us.300 IN  A   74.123.240.23
mx4.kpbsd.k12.ak.us.300 IN  A   74.123.240.23
xdns.kpbsd.k12.ak.us.   300 IN  A   74.123.240.3

;; Query time: 20 msec
;; SERVER: 74.123.240.3#53(74.123.240.3)
;; WHEN: Tue Nov 06 09:24:49 AKST 2018
;; MSG SIZE  rcvd: 276

mkm@mis-mkm-lnx:~$ 
mkm@mis-mkm-lnx:~$ 
mkm@mis-mkm-lnx:~$ dig  MX kpbsd.k12.ak.us @ns2.acsalaska.neT

; <<>> DiG 9.10.3-P4-Debian <<>> MX kpbsd.k12.ak.us @ns2.acsalaska.neT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55133
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 3, ADDITIONAL: 8
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;kpbsd.k12.ak.us.   IN  MX

;; ANSWER SECTION:
kpbsd.k12.ak.us.300 IN  MX  20 mail-gw.kpbsd.k12.ak.us.
kpbsd.k12.ak.us.300 IN  MX  40 mx4.kpbsd.k12.ak.us.
kpbsd.k12.ak.us.300 IN  MX  30 mx3.kpbsd.k12.ak.us.
kpbsd.k12.ak.us.300 IN  MX  10 mx1.kpbsd.k12.ak.us.

;; AUTHORITY SECTION:
kpbsd.k12.ak.us.300 IN  NS  ns1.acsalaska.net.
kpbsd.k12.ak.us.300 IN  NS  xdns.kpbsd.k12.ak.us.
kpbsd.k12.ak.us.300 IN  NS  ns2.acsalaska.net.

;; ADDITIONAL SECTION:
mx1.kpbsd.k12.ak.us.300 IN  A   74.123.240.23
mail-gw.kpbsd.k12.ak.us. 300IN  A   74.123.240.22
mx3.kpbsd.k12.ak.us.300 IN  A   74.123.240.23
mx4.kpbsd.k12.ak.us.300 IN  A   74.123.240.23
ns1.acsalaska.net.  600 IN  A   204.17.139.1
ns2.acsalaska.net.  600 IN  A   209.112.128.1
xdns.kpbsd.k12.ak.us.   300 IN  A   74.123.240.3

;; Query time: 118 msec
;; SERVER: 209.112.128.1#53(209.112.128.1)
;; WHEN: Tue Nov 06 09:25:00 AKST 2018
;; MSG SIZE  rcvd: 308


...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357


-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of Wietse Venema
Sent: Tuesday, November 06, 2018 8:53 AM
To: Postfix users
Subject: Re: Strange issue

Wietse Venema:
> Simba:
> > Mail service is working except for delivery to a single host, which is
> > reporting a strange error:
> > 
> > postfix/smtp[13722]: 629D7A7DF9: to=,
> > relay=none, delay=1099, delays=1097/0/1.5/0, dsn=4.4.3, status=deferred
> > (Host or domain name not found. Name service error for
> > name=mx4.kpbsd.k12.ak.us type=A: Host not found, try again)
> 
> Some DNS server replied to the MX request, with a list of
> servers that include mx4.kpbsd.k12.ak.us.
> 
> > root:# host kpbsd.k12.ak.us
> > kpbsd.k12.ak.us has address 74.123.240.28
> > kpbsd.k12.ak.us mail is handled by 30 mx3.kpbsd.k12.ak.us.
> > kpbsd.k12.ak.us mail is handled by 20 mail-gw.kpbsd.k12.ak.us.
> > kpbsd.k12.ak.us mail is handled by 40 mx4.kpbsd.k12.ak.us.
> > kpbsd.k12.ak.us mail is handled by 10 mx1.kpbsd

Re: Strange issue

2018-11-06 Thread Viktor Dukhovni

> On Nov 6, 2018, at 10:37 AM, Simba  wrote:
> 
> postfix/smtp[13722]: 629D7A7DF9: to=,
> relay=none, delay=1099, delays=1097/0/1.5/0, dsn=4.4.3, status=deferred
> (Host or domain name not found. Name service error for
> name=mx4.kpbsd.k12.ak.us type=A: Host not found, try again)

There is no evidence of systemic DNS issues with that domain:

   http://dnsviz.net/d/kpbsd.k12.ak.us/dnssec/

This looks like an issue at the OP's local resolver.  Perhaps
flushing the cache will help.  This assumes there's no dedicated
transport for this domain, with its master.cf entry specifying
chroot, while other domains use a non-chroot transport.

-- 
Viktor.

Re: RFC 5321 address quoting for policy delegation protocol

2018-11-06 Thread Stephan Bosch


Hi Wietse,


Op 06/11/2018 om 00:36 schreef Wietse Venema:

Stephan Bosch:

Hi,

Is there a reason why Postfix omits quoting the localpart (when that
would normally be necessary according to RFC 5321) of sender and
recipient addresses passed to a policy delegation service (in this case
Dovecot quota-status)?

What you see is the unquoted form which is what Postfix uses
everywhere internally. Using the RFC 532X syntax would make it
way too easy to circumvent address-based features.

In the previous year time I have converted most table lookups to
use canonical quoted form first, then try the unquoted form if it
is different, for backwards compatibility safety.

In the policy protocol there is no way to use multiple forms,
so changing from unquoted to quopted forms would have to be a
compatibility-breaking change.


OK, good to know. I'll adjust Dovecot accordingly then.

Do you have some special rules to parse this reliably? The strategy I am 
currently testing splits the address on the last '@' and rejects the 
result when the obtained localpart and domain cannot be used to compose 
a valid (quoted) RFC5321 address.


Regards,

Stephan.

Re: sender_dependent_relayhost_maps with different credentials for same relayhost

2018-11-06 Thread Stefan Bauer

Thank you!

Am Montag, 5. November 2018 schrieb Wietse Venema :
> Stefan Bauer:
>> Hi,
>>
>> i have:
>> sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_maps
>> smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
>>
>> more /etc/postfix/relayhost_maps
>> @mydomain.de[smtp.1und1.de]:587
>> @my2domain.de [smtp.1und1.de]:587
>>
>> more /etc/postfix/smtp_auth
>> [smtp.1und1.de]:587mydomain:mydomainpass
>>
>> How can i specify different credentials for same relayhost?
>
> smtp_sender_dependent_authentication = yes
>
> This will first index smtp_sasl_password_maps with the sender
> address, then the host, then the next-hop domain (whatever that
> happens to be).
>
> Wietse
>
>> mails from my2domain.de should be relayed through 1und1 but with its own
>> credentials.
>>
>> Thank you.
>>
>> Stefan
>

Re: RFC 5321 address quoting for policy delegation protocol

2018-11-06 Thread Wietse Venema

Stephan Bosch:
> Hi Wietse,
> 
> 
> Op 06/11/2018 om 00:36 schreef Wietse Venema:
> > Stephan Bosch:
> >> Hi,
> >>
> >> Is there a reason why Postfix omits quoting the localpart (when that
> >> would normally be necessary according to RFC 5321) of sender and
> >> recipient addresses passed to a policy delegation service (in this case
> >> Dovecot quota-status)?
> > What you see is the unquoted form which is what Postfix uses
> > everywhere internally. Using the RFC 532X syntax would make it
> > way too easy to circumvent address-based features.
> >
> > In the previous year time I have converted most table lookups to
> > use canonical quoted form first, then try the unquoted form if it
> > is different, for backwards compatibility safety.
> >
> > In the policy protocol there is no way to use multiple forms,
> > so changing from unquoted to quopted forms would have to be a
> > compatibility-breaking change.
> 
> OK, good to know. I'll adjust Dovecot accordingly then.
> 
> Do you have some special rules to parse this reliably? The strategy I am 
> currently testing splits the address on the last '@' and rejects the 
> result when the obtained localpart and domain cannot be used to compose 
> a valid (quoted) RFC5321 address.

Postfix does not support domain-less addresses, so the right-most
@ indicates the end of the localpart. For quoting a localpart,
Postfix uses RFC 821 or 822 syntax: if a localpart must be quoted,
it double-quotes the entire localpart, and it prepends a backslash
to controls and to backslash itself.

Wietse

Re: what does these log lines mean?

Re: what does these log lines mean?

Re: what does these log lines mean?

Re: postfix relay aunthentication error

Strange issue

Re: Strange issue

RE: Strange issue

Re: Strange issue

RE: Strange issue

Re: Strange issue

Re: RFC 5321 address quoting for policy delegation protocol

Re: sender_dependent_relayhost_maps with different credentials for same relayhost

Re: RFC 5321 address quoting for policy delegation protocol

13 matches

Site Navigation

Mail list logo

Footer information