Re: PostgreSQL virtual_mailbox_domain lookups fail, but virtual_alias_maps work just fine, help?
Thanks. Switching the query to the default '%s' and making sure I didn't have 'result_format' set fixed it. The postmap query works. Is the fact that %d won't work in this context documented anywhere? I didn't see anything in http://www.postfix.org/pgsql_table.5.html or any of the other docs I was reading. - David On 8/8/20 7:48 PM, Viktor Dukhovni wrote: On Sat, Aug 08, 2020 at 06:42:16PM -0700, David Reagan wrote: By key you mean use 'raygun.zat' instead of 'k...@raygun.zat'? The former is the lookup key that Postfix asks the lookup table to find. Also, if you look at the query, I use '%d'. So, unless I'm misunderstanding the docs, postfix will replace that with 'raygun.zat' even if it gets 'k...@raygun.zat'. That's your mistake. You can ONLY use %d with tables whose lookup keys are email addresses (localpart@domain). When the lookup key is already just the domain, the %d expansion will not find any domain, and will skip the lookup. You're confused about the layering. The table driver interprets %d, but the virtual_mailbox_domains feature uses domain-only keys.
Re: PostgreSQL virtual_mailbox_domain lookups fail, but virtual_alias_maps work just fine, help?
David Reagan: > Thanks. Switching the query to the default '%s' and making sure I didn't > have 'result_format' set fixed it. The postmap query works. > > Is the fact that %d won't work in this context documented anywhere? I > didn't see anything in http://www.postfix.org/pgsql_table.5.html or any > of the other docs I was reading. The query is a domain NOT AN EMAIL ADDRESS: http://www.postfix.org/postconf.5.html#virtual_mailbox_domains Quote: This parameter expects the same syntax as the mydestination configuration parameter. The %d requires AN EMAIL ADDRESS: http://www.postfix.org/pgsql_table.5.html Quote: When the input key is an address of the form user@domain, %d is replaced by the SQL quoted domain part of the address. Otherwise, the query is suppressed and returns no results. wietse > - David > > On 8/8/20 7:48 PM, Viktor Dukhovni wrote: > > On Sat, Aug 08, 2020 at 06:42:16PM -0700, David Reagan wrote: > > > >> By key you mean use 'raygun.zat' instead of 'k...@raygun.zat'? > > The former is the lookup key that Postfix asks the lookup table to find. > > > >> Also, if you look at the query, I use '%d'. So, unless I'm > >> misunderstanding the docs, postfix will replace that with 'raygun.zat' > >> even if it gets 'k...@raygun.zat'. > > That's your mistake. You can ONLY use %d with tables whose lookup keys > > are email addresses (localpart@domain). When the lookup key is already > > just the domain, the %d expansion will not find any domain, and will > > skip the lookup. > > > > You're confused about the layering. The table driver interprets %d, > > but the virtual_mailbox_domains feature uses domain-only keys. > > >
Raw postfix newbie here...
Hello. I am migrating from an ancient version of sendmail to a new machine using postfix on CentOS 7, and am having problems with what I thought would be the simplest of things - I've already started over multiple times (thank heavens for default config file backups!) but even walking one step at a time I keep stumbling. Doesn't help that there is frequently conflicting advice available from web searches. (Dovecot, on the other hand, seems to be working just peachie including STARTTLS using a Let's Encrypt certificate, so there's that.) So I am asking if painfully newbie-ish questions regarding migrating from sendmail to postfix are permitted here. Been running linux a while, but sendmail was always a bit of a mystery, and postfix is brand-spankin'-new to me. Charlie Summers
Re: Raw postfix newbie here...
On Sun, Aug 09, 2020 at 02:07:30PM -0400, cfs_post...@insec.lofcom.com wrote: > So I am asking if painfully newbie-ish questions regarding migrating > from sendmail to postfix are permitted here. Been running linux a > while, but sendmail was always a bit of a mystery, and postfix is > brand-spankin'-new to me. Of course ask away, but a few things to keep in mind: - As much as possible ask one question at a time. - Make the question clear, and concise, but at the same time be sure to make clear on your actual motivating requirements, in preference to intermediate obstacles you might have run into with a particular attempt to make things work. - As much as possible post verbatim logs and configurations details, rather than attempt to describe them indirectly in words. See: http://www.postfix.org/DEBUG_README.html and (avoiding HTML formatting) post "postconf -nf" and "postconf -Mf" output (the latter if master.cf is pertinent). - See also: http://www.postfix.org/BASIC_CONFIGURATION_README.html http://www.postfix.org/STANDARD_CONFIGURATION_README.html -- Viktor.
Checking from-addresses on outbound mail
For mail sent via submission it's possible to prevent a forged mail-from, by using options on the submission service in master.cf. It's also possible to prevent a forged header-from, by using a submission-specific cleanup service, as in the BUILTIN_FILTER_README. But these don't work for mail originating locally via the sendmail command. What does work for that? Thanks -- Nick
Re: Checking from-addresses on outbound mail
On 2020-08-09 Nick wrote: > For mail sent via submission it's possible to prevent a forged > mail-from, by using options on the submission service in master.cf. > > It's also possible to prevent a forged header-from, by using a > submission-specific cleanup service, as in the BUILTIN_FILTER_README. > > But these don't work for mail originating locally via the sendmail > command. What does work for that? Nothing. The sendmail command submits mail via pickup, i.e. puts it as a file into a particular directory from which the pickup daemon then reads the file. The usual filters don't apply to that. What you can do is disable pickup entirely so that even local users are required to submit mail via SMTP (on localhost). Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
Re: Postfix is no longer forwarding root mail after I changed the forwarding address
PopeRigby wrote: > I have Postfix setup to automatically forward any mail that goes to root to > an > external address. I just recently changed my email main email address from a > Tutanota one to a Mailbox.org one. I went into /etc/aliases and switched out > my addresses there, so now it looks like this: > ... > > root: poperi...@mailbox.org > > After I did this, I forgot that I had to reload Postfix, so it was still > sending mail to my Tutanota account. When I remembered, I did "sudo service > postfix restart". Now mail isn't being forwarded to either addresses. Since aliases changes would not take effect until newaliases is run then the restart causing problems would be due to other postfix configuration change other than aliases. Running newaliases will update the aliases database but I suspect whatever problem to continue since it would have been due to this other configuration anyway. The answer is almost certainly in the mail logs. What do they say? Look in /var/log/maillog and /var/log/messages files. Potentially use journalctl to dump out the systemd logs. Look with 'mailq' to see what is still in the queue. Bob
Re: Raw postfix newbie here...
My sincere thanks for the reply. Viktor Dukhovni wrote .. > - As much as possible ask one question at a time. Yeah, my general philosophy is to break large problems down to component parts and fix those one-at-a-time; that generally makes the large problem eventually disappear. > and (avoiding HTML formatting) post "postconf -nf" and "postconf > -Mf" output (the latter if master.cf is pertinent). One question; this will absolutely expose real domains, machine names, and such. I wouldn't normally do that on a web forum, and might on a mailing list, except for all of the web archives this list feeds. Is there *any* future downside to exposing that real-world information? Or is this common practice here and I am being paranoid? > http://www.postfix.org/BASIC_CONFIGURATION_README.html > http://www.postfix.org/STANDARD_CONFIGURATION_README.html I had skimmed these, and know I need to scan them properly (on the list for tomorrow morning), but they tend to make the assumption that one is setting up a fresh new mail server. I am migrating an old production machine with many domains and rather large external files (virtusertable, access, etc.) controlling various mailing list servers and other mail requirements that all need to move to the new postfix install before I can switch the MX records to it. I would have thought there would be many web pages dealing with the migration from sendmail to postfix, but I basically found ONE so far ( http://www.nmmm.nu/postfix.htm ) that details using various pre-existing sendmail config files in postfix, and I suspect that one is out-of-date enough to be causing (or at least not solving) my first "simple" problem. If I missed anywhere on the web where moving from sendmail to postfix while using (or modifying) existing external files is discussed in detail, pointers would be appreciated - might save me from making a bunch of embarrassing newbie posts here... Charlie
Re: Raw postfix newbie here...
On Sun, Aug 09, 2020 at 06:44:55PM -0400, cfs_post...@insec.lofcom.com wrote: > > and (avoiding HTML formatting) post "postconf -nf" and "postconf > > -Mf" output (the latter if master.cf is pertinent). > >One question; this will absolutely expose real domains, machine >names, and such. I wouldn't normally do that on a web forum, and >might on a mailing list, except for all of the web archives this >list feeds. Is there *any* future downside to exposing that >real-world information? Or is this common practice here and I am >being paranoid? When not material (i.e. not resolving a problem with a particular domain), you can choose to consitently lightly obfuscate domain names and email addresses, in a consistent manner, a=>a, b=>b, ... However, with issues pertaining to DNS, TLS, ... it is often a good to name a problem server that others can connect to and see whether they expand on your observations. > > http://www.postfix.org/BASIC_CONFIGURATION_README.html > > http://www.postfix.org/STANDARD_CONFIGURATION_README.html > >I had skimmed these, and know I need to scan them properly (on the >list for tomorrow morning), but they tend to make the assumption >that one is setting up a fresh new mail server. Well that's one take, but another is that they illustrate fragments of more complex use-cases in a simplified context. The reader is then expected to put the pieces of the puzzle together. For a deper exposition of concepts, you could either of the two books (O'Reilly or No Starch). >I would have thought there would be many web pages dealing with the >migration from sendmail to postfix, but I basically found ONE so >far ( http://www.nmmm.nu/postfix.htm ) that details using various >pre-existing sendmail config files in postfix, and I suspect that >one is out-of-date enough to be causing (or at least not solving) >my first "simple" problem. Postfix has a strong backwards-compatibility record. Good guides tend remain valid for decades. The main difference from Sendmail is some fine details of the behaviour of local delivery with respect to recursive aliases, ... My advice is to: - Run not walk away from using the legacy /etc/aliases file. Use it ONLY for: - Mail to managed lists with an owner-alias - Mail to pipes - Mail to :include:/some/file lists. - Otherwise, move all address-to-address rewriting to virtual(5). Once you do that, you'll avoid almost all the minor compatibility glitches. Take time to understand Postfix address classes, and VIRTUAL_README. -- Viktor.
Re: Raw postfix newbie here...
> On Aug 9, 2020, at 8:09 PM, Viktor Dukhovni > wrote: > > - Mail to managed lists with an owner-alias >- Mail to pipes >- Mail to :include:/some/file lists. this can be put into the transports table and you can skip the /etc/aliases altogether.
Re: Raw postfix newbie here...
On Sun, Aug 09, 2020 at 08:19:50PM -0400, Curtis Maurand wrote: > > On Aug 9, 2020, at 8:09 PM, Viktor Dukhovni > > wrote: > > > > - Mail to managed lists with an owner-alias > >- Mail to pipes > >- Mail to :include:/some/file lists. > > this can be put into the transports table and you can skip the /etc/aliases > altogether. Yes, to varying degrees, but /etc/aliases is not entirely superfluous, just best avoided when all you're doing is rewriting one email address to another email *address*, with Postfix, that task is best handled in virtual(5). -- Viktor.
Re: Raw postfix newbie here...
On 09/08/2020 18:29, Viktor Dukhovni wrote: > Yes, to varying degrees, but /etc/aliases is not entirely superfluous, > just best avoided when all you're doing is rewriting one email address > to another email *address*, with Postfix, that task is best handled in > virtual(5). Can you please elaborate on why this is the case, or point me to the relevant documentation? Is it a matter of tooling, robustness, performance, or something else? Thank you. Cheers, Dan
Re: Raw postfix newbie here...
Viktor Dukhovni wrote .. > When not material (i.e. not resolving a problem with a particular > domain), you can choose to consitently lightly obfuscate domain names > and email addresses, in a consistent manner, a=>a, b=>b, ... Would require a lot of search & replace. Whattheheck, it isn't like the bad guys aren't all over the new machine already *anyway.* (Although I still might change user account names. Don't want to make it *too* easy for 'em. ;) > For a deper exposition of concepts, you could either of the two books > (O'Reilly or No Starch). Right now the goal is to just get it running. "Deeper exposition" will need to wait. I am keeping a log, though, so maybe I can write something up for the next schlub who needs to do this. > - Run not walk away from using the legacy /etc/aliases file. > Use it ONLY for: I'm good there, I think. The /etc/aliases file is tiny, basically the default sending system accounts to root; even the mailman list aliases were removed many years ago and moved to virtusertable along with the SmartList lists (yeah, I know, but it's hellish fast). That file, however, is 60k+ (1600+ lines, although a sizable amount is remmed crap I need to rip out anyway). But before you point to that as the root of all problems, right now in postfix I have a ONE-LINE virtusertable hashed, and THAT ONE LINE has me dead-stopped in my tracks and coming here asking if it's ok to post because @$mydomain gets grafted onto the unix account name it's pointing to causing a fail. So there's that... (Sorry, I'll type up the issue properly including postconf output and logs someone tomorrow after I get all the reading done.) Charlie
Re: Raw postfix newbie here...
Curtis Maurand skrev den 2020-08-10 02:19: On Aug 9, 2020, at 8:09 PM, Viktor Dukhovni wrote: - Mail to managed lists with an owner-alias - Mail to pipes - Mail to :include:/some/file lists. this can be put into the transports table and you can skip the /etc/aliases altogether. mailman can manage its own virtual(5) alias maps in postfix, so not needing newaliases updates in shell
Re: Raw postfix newbie here...
Daniele Nicolodi skrev den 2020-08-10 02:41: Can you please elaborate on why this is the case, or point me to the relevant documentation? Is it a matter of tooling, robustness, performance, or something else? /etc/aliases is designed only for system users, not virtual users, there is imho no diffrent performance in them
