question about migration user from ldap t mysql

2020-10-12 Thread natan 
Hi
I have all users in openldap. In openldap I have password crypt+base64

after decoding base64 :
{CRYPT}$1$AvMW4io/$DDq..

In postfix auth via saslauthd:

cat /etc/saslauthd.conf

ldap_auth_method: custom
ldap_filter:
(&(objectClass=qMailUser)(|(mail=%u%R)(mailAlternateAddress=%u%R)))


cat /etc/sasl2/smtpd.conf

pwcheck_method: saslauthd
saslauthd_path: /run/saslauthd/mux
mech_list: plain login
log_level: 1
...

all works fine

I must migrate all from openldap to mysql 1:1 ant I have a questions:

What I must use "type auth" in mysqldb if i have use this same rekord in
"password" ?

i thinking:
|user    |
password   |
|exam...@domain.com | {CRYPT}$1$AvMW4io/$DDq    |

maby:
|user    |
password   |
|exam...@domain.com | $1$AvMW4io/$DDq      |

or other ?

I cannot change password - I must moved all from openldap to mysql

--

I'm a beginner and want to setup Postfix on CentOS.

2020-10-12 Thread Jason Long 
Hello,
I installed Postfix on CentOS and my "main.cf" file is as below:

myhostname = mail.my-example.com
mydomain = my-example.com
myorigin = $mydomain
## Uncomment and Set inet_interfaces to all ##
inet_interfaces = all
## Change to all ##
inet_protocols = all
## Comment ##
##- Uncomment ##
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
## Uncomment and add IP range ##
mynetworks = 127.0.0.0/8, My Public IP
## Uncomment ##
home_mailbox = Maildir/
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/mail.crt
smtpd_tls_key_file = /etc/postfix/mail.key
smtpd_tls_security_level = may
mynetworks_style = subnet
queue_directory = /var/spool/postfix



When I want to send an email to Yahoo! then it show me below error:

# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
ehlo localhost
220 mail.my-example.net.com ESMTP Postfix
250-mail.my-example.net.com
250-PIPELINING
250-SIZE 1024
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:
250 2.1.0 Ok
rcpt to:
554 5.7.1 : Relay access denied


I searched and find a solution as below:

"smtpd_recipient_restrictions = permit_sasl_authenticated"
  
But when I added it to main.cf then I can't do anything:

# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
ehlo localhost


How can I solve it?

Thank you.

Re: I'm a beginner and want to setup Postfix on CentOS.

2020-10-12 Thread IL Ka 
> mynetworks = 127.0.0.0/8, My Public IP
> Trying ::1...
It could be that you are using IPv6 to connect while "mynetworks" is IPv4
address.
Try "telnet 127.0.0.1 25"

On Mon, Oct 12, 2020 at 3:25 PM Jason Long  wrote:

> Hello,
> I installed Postfix on CentOS and my "main.cf" file is as below:
>
> myhostname = mail.my-example.com
> mydomain = my-example.com
> myorigin = $mydomain
> ## Uncomment and Set inet_interfaces to all ##
> inet_interfaces = all
> ## Change to all ##
> inet_protocols = all
> ## Comment ##
> ##- Uncomment ##
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> ## Uncomment and add IP range ##
> mynetworks = 127.0.0.0/8, My Public IP
> ## Uncomment ##
> home_mailbox = Maildir/
> smtpd_use_tls = yes
> smtpd_tls_cert_file = /etc/postfix/mail.crt
> smtpd_tls_key_file = /etc/postfix/mail.key
> smtpd_tls_security_level = may
> mynetworks_style = subnet
> queue_directory = /var/spool/postfix
>
>
>
> When I want to send an email to Yahoo! then it show me below error:
>
> # telnet localhost 25
> Trying ::1...
> Connected to localhost.
> Escape character is '^]'.
> ehlo localhost
> 220 mail.my-example.net.com ESMTP Postfix
> 250-mail.my-example.net.com
> 250-PIPELINING
> 250-SIZE 1024
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> mail from:
> 250 2.1.0 Ok
> rcpt to:
> 554 5.7.1 : Relay access denied
>
>
> I searched and find a solution as below:
>
> "smtpd_recipient_restrictions = permit_sasl_authenticated"
>
> But when I added it to main.cf then I can't do anything:
>
> # telnet localhost 25
> Trying ::1...
> Connected to localhost.
> Escape character is '^]'.
> ehlo localhost
>
>
> How can I solve it?
>
> Thank you.
>

Re: I'm a beginner and want to setup Postfix on CentOS.

2020-10-12 Thread Jason Long 
Thank you for your reply.
How can I sure I'm using IPv4 or IPv6?






On Monday, October 12, 2020, 06:18:10 PM GMT+3:30, IL Ka 
 wrote: 





> mynetworks = 127.0.0.0/8, My Public IP
> Trying ::1...
It could be that you are using IPv6 to connect while "mynetworks" is IPv4 
address.
Try "telnet 127.0.0.1 25"


On Mon, Oct 12, 2020 at 3:25 PM Jason Long  wrote:
> Hello,
> I installed Postfix on CentOS and my "main.cf" file is as below:
> 
> myhostname = mail.my-example.com
> mydomain = my-example.com
> myorigin = $mydomain
> ## Uncomment and Set inet_interfaces to all ##
> inet_interfaces = all
> ## Change to all ##
> inet_protocols = all
> ## Comment ##
> ##- Uncomment ##
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> ## Uncomment and add IP range ##
> mynetworks = 127.0.0.0/8, My Public IP
> ## Uncomment ##
> home_mailbox = Maildir/
> smtpd_use_tls = yes
> smtpd_tls_cert_file = /etc/postfix/mail.crt
> smtpd_tls_key_file = /etc/postfix/mail.key
> smtpd_tls_security_level = may
> mynetworks_style = subnet
> queue_directory = /var/spool/postfix
> 
> 
> 
> When I want to send an email to Yahoo! then it show me below error:
> 
> # telnet localhost 25
> Trying ::1...
> Connected to localhost.
> Escape character is '^]'.
> ehlo localhost
> 220 mail.my-example.net.com ESMTP Postfix
> 250-mail.my-example.net.com
> 250-PIPELINING
> 250-SIZE 1024
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> mail from:
> 250 2.1.0 Ok
> rcpt to:
> 554 5.7.1 : Relay access denied
> 
> 
> I searched and find a solution as below:
> 
> "smtpd_recipient_restrictions = permit_sasl_authenticated"
>   
> But when I added it to main.cf then I can't do anything:
> 
> # telnet localhost 25
> Trying ::1...
> Connected to localhost.
> Escape character is '^]'.
> ehlo localhost
> 
> 
> How can I solve it?
> 
> Thank you.
>

Re: I'm a beginner and want to setup Postfix on CentOS.

2020-10-12 Thread Remco Rijnders 
On Mon, Oct 12, 2020 at 02:54:55PM +, Jason wrote in 
<1093127483.422330.1602514495...@mail.yahoo.com>:

Thank you for your reply.
How can I sure I'm using IPv4 or IPv6?


You have both on your system. When you telnetted to localhost, it used ipv6 (see
the "Trying ::1..." part). You do not have that listed in your mynetworks
section. Try adding "[::1]/128" to your mynetworks setting and try again.

Re: I'm a beginner and want to setup Postfix on CentOS.

2020-10-12 Thread IL Ka 
" ::1"  is a local address for IPv6
"127.[something]" is a local address of IPv4.
https://en.wikipedia.org/wiki/Localhost

My guess is that you didn't include IPv6 address to the list of
"mynetworks", so Postfix can't "trust" it, because
"smtpd_relay_restrictions" is default to: "permit_mynetworks,
permit_sasl_authenticated, defer_unauth_destination", which means it only
relays emails either from "mynetworks" or authenticated users.

"localhost" is resolved to the IPv6 address on CentOS. You can
explicitly disable IPv6:
https://www.tecmint.com/disable-ipv6-in-centos-8/

Or use IPv4 address explicitly: "telnet 127.0.0.1 25".

I'd stay with the latter case.



On Mon, Oct 12, 2020 at 5:55 PM Jason Long  wrote:

> Thank you for your reply.
> How can I sure I'm using IPv4 or IPv6?
>
>
> On Monday, October 12, 2020, 06:18:10 PM GMT+3:30, IL Ka <
> kazakevichi...@gmail.com> wrote:
>
> > mynetworks = 127.0.0.0/8, My Public IP
> > Trying ::1...
> It could be that you are using IPv6 to connect while "mynetworks" is IPv4
> address.
> Try "telnet 127.0.0.1 25"
>

Sender field mangled in milter

2020-10-12 Thread Ryan Beethe 
Hi,

I noticed that the address rewriting that postfix is doing seems to
rewriting invalid mailboxes as valid ones.

I noticed this while writing an automated test around a milter I have
which does a few privacy-alias-friendly things, like allowing you to
send messages with a From field that matches an alias you own (but
preventing you from sending a From field that does not match any owned
aliases), or re-writing the envelope-from in the case that your MUA
didn't bother to match your envelope-from to your From field.

What I noticed is that this invalid mailbox:

Sender: A <1...@splintermail.com

Is being sent to my milter as:

"A <1"@splintermail.com

The first form was invalid, but the second form is valid, which seems
like undesired behavior.  Even if you were going to guess at the correct
address from the first form, the second form is a pretty poor guess.

Is there a way to disable this rewriting, or to better detect invalid
addresses so as to not rewrite them as valid addresses?

Ryan

Re: I'm a beginner and want to setup Postfix on CentOS.

2020-10-12 Thread Jason Long 
# ifconfig

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:80230 errors:0 dropped:0 overruns:0 frame:0
          TX packets:80230 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:13792298 (13.1 MiB)  TX bytes:13792298 (13.1 MiB)



You right. 

# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.example.net ESMTP Postfix
ehlo 127.0.0.1
250-mail.example.net
250-PIPELINING
250-SIZE 1024
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


Which lines of configuration must be change?





On Monday, October 12, 2020, 06:38:42 PM GMT+3:30, IL Ka 
 wrote: 





" ::1"  is a local address for IPv6
"127.[something]" is a local address of IPv4.
https://en.wikipedia.org/wiki/Localhost

My guess is that you didn't include IPv6 address to the list of "mynetworks", 
so Postfix can't "trust" it, because
"smtpd_relay_restrictions" is default to: "permit_mynetworks, 
permit_sasl_authenticated, defer_unauth_destination", which means it only 
relays emails either from "mynetworks" or authenticated users.

"localhost" is resolved to the IPv6 address on CentOS. You can explicitly 
disable IPv6:
https://www.tecmint.com/disable-ipv6-in-centos-8/

Or use IPv4 address explicitly: "telnet 127.0.0.1 25".

I'd stay with the latter case.



On Mon, Oct 12, 2020 at 5:55 PM Jason Long  wrote:
> Thank you for your reply.
> How can I sure I'm using IPv4 or IPv6?
> 
> 
> On Monday, October 12, 2020, 06:18:10 PM GMT+3:30, IL Ka 
>  wrote: 
> 
>> mynetworks = 127.0.0.0/8, My Public IP
>> Trying ::1...
> It could be that you are using IPv6 to connect while "mynetworks" is IPv4 
> address.
> Try "telnet 127.0.0.1 25"
>

Re: question about migration user from ldap t mysql

2020-10-12 Thread John Fawcett 
On 12/10/2020 13:02, natan wrote:
> Hi
> I have all users in openldap. In openldap I have password crypt+base64
>
> after decoding base64 :
> {CRYPT}$1$AvMW4io/$DDq..
>
> In postfix auth via saslauthd:
>
> cat /etc/saslauthd.conf
> 
> ldap_auth_method: custom
> ldap_filter:
> (&(objectClass=qMailUser)(|(mail=%u%R)(mailAlternateAddress=%u%R)))
> 
>
> cat /etc/sasl2/smtpd.conf
> 
> pwcheck_method: saslauthd
> saslauthd_path: /run/saslauthd/mux
> mech_list: plain login
> log_level: 1
> ...
>
> all works fine
>
> I must migrate all from openldap to mysql 1:1 ant I have a questions:
>
> What I must use "type auth" in mysqldb if i have use this same rekord in
> "password" ?
>
> i thinking:
> |user    |
> password   |
> |exam...@domain.com | {CRYPT}$1$AvMW4io/$DDq    |
>
> maby:
> |user    |
> password   |
> |exam...@domain.com | $1$AvMW4io/$DDq      |
>
> or other ?
>
> I cannot change password - I must moved all from openldap to mysql
>
> --
>
Natan

If you want to continue using saslauthd you will need further
configuration to point it at mysql (for example pam_mysql) which has
it's own set of configuration parameters for indicating the password
format. I can't tell you whether in that case you need to prefix the
passwords with the encryption type, but I guess not since there's a
parameter for selecting it.

You could also evaluate replacing saslauthd, which is an extra daemon
that needs to be running and use the auxprop sasl method with sql
plugin. In this case you'll need to put the encryption mechanism prefix,
for example {MD5-CRYPT}$1$AvMW4io/$DDq if those are indeed MD5 crypts as
I suspect.

John

Re: question about migration user from ldap t mysql

2020-10-12 Thread natan 
Hi
Thanks for replay John - maybe better is change saslauthd to dovecot-auth ?



Wysłano z mojego Mi MIX 2John Fawcett  12 paź 2020 17:41 napisał(a):On 12/10/2020 13:02, natan wrote:
> Hi
> I have all users in openldap. In openldap I have password crypt+base64
>
> after decoding base64 :
> {CRYPT}$1$AvMW4io/$DDq..
>
> In postfix auth via saslauthd:
>
> cat /etc/saslauthd.conf
> 
> ldap_auth_method: custom
> ldap_filter:
> (&(objectClass=qMailUser)(|(mail=%u%R)(mailAlternateAddress=%u%R)))
> 
>
> cat /etc/sasl2/smtpd.conf
> 
> pwcheck_method: saslauthd
> saslauthd_path: /run/saslauthd/mux
> mech_list: plain login
> log_level: 1
> ...
>
> all works fine
>
> I must migrate all from openldap to mysql 1:1 ant I have a questions:
>
> What I must use "type auth" in mysqldb if i have use this same rekord in
> "password" ?
>
> i thinking:
> |user    |
> password   |
> |exam...@domain.com | {CRYPT}$1$AvMW4io/$DDq    |
>
> maby:
> |user    |
> password   |
> |exam...@domain.com | $1$AvMW4io/$DDq      |
>
> or other ?
>
> I cannot change password - I must moved all from openldap to mysql
>
> --
>
Natan

If you want to continue using saslauthd you will need further
configuration to point it at mysql (for example pam_mysql) which has
it's own set of configuration parameters for indicating the password
format. I can't tell you whether in that case you need to prefix the
passwords with the encryption type, but I guess not since there's a
parameter for selecting it.

You could also evaluate replacing saslauthd, which is an extra daemon
that needs to be running and use the auxprop sasl method with sql
plugin. In this case you'll need to put the encryption mechanism prefix,
for example {MD5-CRYPT}$1$AvMW4io/$DDq if those are indeed MD5 crypts as
I suspect.

John

Re: question about migration user from ldap t mysql

2020-10-12 Thread John Fawcett 
On 12/10/2020 18:07, natan wrote:
> Hi
> Thanks for replay John - maybe better is change saslauthd to
> dovecot-auth ?
>
>
For authenticating against dovecot you can use the saslauthd to
authenticate against an imap server - can't say much about that as I've
never used it. Or you can have postfix authenticate against dovecot via
dovecot sasl. That has some advantages in reducing the amount of library
code brought in through cyrus sasl, so long as you don't have to use
cyrus sasl anyway for smtp client authentication to remote servers.

John

Re: I'm a beginner and want to setup Postfix on CentOS.

2020-10-12 Thread Jason Long 
I disabled IPv6 in CentOS but connect with localhost not affected.

Sent from Yahoo Mail on Android 
 
  On Mon, Oct 12, 2020 at 6:48 PM, Jason Long wrote:   # 
ifconfig

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:80230 errors:0 dropped:0 overruns:0 frame:0
          TX packets:80230 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:13792298 (13.1 MiB)  TX bytes:13792298 (13.1 MiB)



You right. 

# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.example.net ESMTP Postfix
ehlo 127.0.0.1
250-mail.example.net
250-PIPELINING
250-SIZE 1024
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


Which lines of configuration must be change?





On Monday, October 12, 2020, 06:38:42 PM GMT+3:30, IL Ka 
 wrote: 





" ::1"  is a local address for IPv6
"127.[something]" is a local address of IPv4.
https://en.wikipedia.org/wiki/Localhost

My guess is that you didn't include IPv6 address to the list of "mynetworks", 
so Postfix can't "trust" it, because
"smtpd_relay_restrictions" is default to: "permit_mynetworks, 
permit_sasl_authenticated, defer_unauth_destination", which means it only 
relays emails either from "mynetworks" or authenticated users.

"localhost" is resolved to the IPv6 address on CentOS. You can explicitly 
disable IPv6:
https://www.tecmint.com/disable-ipv6-in-centos-8/

Or use IPv4 address explicitly: "telnet 127.0.0.1 25".

I'd stay with the latter case.



On Mon, Oct 12, 2020 at 5:55 PM Jason Long  wrote:
> Thank you for your reply.
> How can I sure I'm using IPv4 or IPv6?
> 
> 
> On Monday, October 12, 2020, 06:18:10 PM GMT+3:30, IL Ka 
>  wrote: 
> 
>> mynetworks = 127.0.0.0/8, My Public IP
>> Trying ::1...
> It could be that you are using IPv6 to connect while "mynetworks" is IPv4 
> address.
> Try "telnet 127.0.0.1 25"
>

Re: Sender field mangled in milter

2020-10-12 Thread Wietse Venema 
Ryan Beethe:
> Hi,
> 
> I noticed that the address rewriting that postfix is doing seems to
> rewriting invalid mailboxes as valid ones.
> 
> I noticed this while writing an automated test around a milter I have
> which does a few privacy-alias-friendly things, like allowing you to
> send messages with a From field that matches an alias you own (but
> preventing you from sending a From field that does not match any owned
> aliases), or re-writing the envelope-from in the case that your MUA
> didn't bother to match your envelope-from to your From field.
> 
> What I noticed is that this invalid mailbox:
> 
> Sender: A <1...@splintermail.com
> 
> Is being sent to my milter as:
> 
> "A <1"@splintermail.com
> 
> The first form was invalid, but the second form is valid, which seems
> like undesired behavior.  Even if you were going to guess at the correct
> address from the first form, the second form is a pretty poor guess.
> 
> Is there a way to disable this rewriting, or to better detect invalid
> addresses so as to not rewrite them as valid addresses?

No. Postfix delivers correctly formatted email correctly, implementing
specified behavior in RFC documents. The behavior witn incorrect input
is undefined.

Postfix can block SOME malformed inputs with "strict_rfc821_envelopes=yes".
Example:

SMTP:

220 wzv.porcupine.org ESMTP Postfix
mail from:
501 5.1.7 Bad sender address syntax

Logging:

Oct 12 13:01:49 wzv postfix/smtpd[551830]: warning: Illegal
address syntax from localhost[127.0.0.1] in MAIL command: 
>

This will not block all possible bad inputs. The behavior witn
incorrect input is undefined.

Wietse

Why emails sending to Spam?

2020-10-12 Thread Jason Long 
Hello,Why I sending email from my server to Yahoo! Or Gmail, then it sent to 
Spam and not Inbox folder? I checked my server IP by 
"https://mxtoolbox.com/blacklists.aspx"; and everything is OK.
Thank you.

Re: I'm a beginner and want to setup Postfix on CentOS.

2020-10-12 Thread Jason Long 
Thank you.I edited both "/etc/hosts" and "/etc/sysconfig/network" files and put 
my domain name there.What is my server problem?

Sent from Yahoo Mail on Android 
 
  On Mon, Oct 12, 2020 at 8:24 PM, Ron Wheeler 
wrote:localhost is a name that Centos resolves. 
 
 https://www.liquidweb.com/kb/what-is-localhost
 
 https://forums.centos.org/viewtopic.php?t=47101 discusses how it gets 
interpreted/set.
 
 lo and ifconfig does not enter into the discussion.
 
 
 
 On 2020-10-12 12:44 p.m., Jason Long wrote:
  
 
 I disabled IPv6 in CentOS but connect with localhost not affected.
 
 Sent from Yahoo Mail on Android 
 
  On Mon, Oct 12, 2020 at 6:48 PM, Jason Long  wrote:   # 
ifconfig
 
 lo        Link encap:Local Loopback  
           inet addr:127.0.0.1  Mask:255.0.0.0
           inet6 addr: ::1/128 Scope:Host
           UP LOOPBACK RUNNING  MTU:65536  Metric:1
           RX packets:80230 errors:0 dropped:0 overruns:0 frame:0
           TX packets:80230 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0 
           RX bytes:13792298 (13.1 MiB)  TX bytes:13792298 (13.1 MiB)
 
 
 
 You right. 
 
 # telnet 127.0.0.1 25
 Trying 127.0.0.1...
 Connected to 127.0.0.1.
 Escape character is '^]'.
 220 mail.example.net ESMTP Postfix
 ehlo 127.0.0.1
 250-mail.example.net
 250-PIPELINING
 250-SIZE 1024
 250-VRFY
 250-ETRN
 250-STARTTLS
 250-ENHANCEDSTATUSCODES
 250-8BITMIME
 250 DSN
 
 
 Which lines of configuration must be change?
 
 
 
 
 
 On Monday, October 12, 2020, 06:38:42 PM GMT+3:30, IL Ka 
 wrote: 
 
 
 
 
 
 " ::1"  is a local address for IPv6
 "127.[something]" is a local address of IPv4.
 https://en.wikipedia.org/wiki/Localhost
 
 My guess is that you didn't include IPv6 address to the list of "mynetworks", 
so Postfix can't "trust" it, because
 "smtpd_relay_restrictions" is default to: "permit_mynetworks, 
permit_sasl_authenticated, defer_unauth_destination", which means it only 
relays emails either from "mynetworks" or authenticated users.
 
 "localhost" is resolved to the IPv6 address on CentOS. You can explicitly 
disable IPv6:
 https://www.tecmint.com/disable-ipv6-in-centos-8/
 
 Or use IPv4 address explicitly: "telnet 127.0.0.1 25".
 
 I'd stay with the latter case.
 
 
 
 On Mon, Oct 12, 2020 at 5:55 PM Jason Long  wrote:
 > Thank you for your reply.
 > How can I sure I'm using IPv4 or IPv6?
 > 
 > 
 > On Monday, October 12, 2020, 06:18:10 PM GMT+3:30, IL Ka 
 >  wrote: 
 > 
 >> mynetworks = 127.0.0.0/8, My Public IP
 >> Trying ::1...
 > It could be that you are using IPv6 to connect while "mynetworks" is IPv4 
 > address.
 > Try "telnet 127.0.0.1 25"
 >   
 
 -- 
Ron Wheeler
Artifact Software
438-345-3369
rwhee...@artifact-software.com

Re: Why emails sending to Spam?

2020-10-12 Thread Ahsan Khan 
You need to check more than than blacklist check. Here are the things i
would start to begin with.

1. SPF
2. DKIM records
3. DMARC records
4. IP Warmup
5. Check the scores at mail-tester.com.
6. Domain reputation
7. Reverse DNS records
8. Opt ins.

Regards
Ahsan




On Mon, Oct 12, 2020 at 11:37 PM Jason Long  wrote:

> Hello,
> Why I sending email from my server to Yahoo! Or Gmail, then it sent to
> Spam and not Inbox folder? I checked my server IP by "
> https://mxtoolbox.com/blacklists.aspx"; and everything is OK.
>
> Thank you.
>

Re: Why emails sending to Spam?

2020-10-12 Thread Scott A. Wozny 
That's a wildly open question.  Your first step is to look at the headers of a 
message you've sent on the received end.  Most anti-spam filters leave 
artifacts in the headers and my guess is that will lead you to something you 
can change about your mail server to make your messages look less "spammy".

Remember that it's not in the mail providers interest to file legit messages 
under spam, so if you're not an actual spammer you should be able to find a way 
to people's inboxes.  There are also about a zillion articles on how to not be 
caught by spam filters.  Just google.

HTH,

Scott


From: owner-postfix-us...@postfix.org  on 
behalf of Jason Long 
Sent: October 12, 2020 2:07 PM
To: postfix-users@postfix.org 
Subject: Why emails sending to Spam?

Hello,
Why I sending email from my server to Yahoo! Or Gmail, then it sent to Spam and 
not Inbox folder? I checked my server IP by 
"https://mxtoolbox.com/blacklists.aspx"; and everything is OK.

Thank you.

Re: Why emails sending to Spam?

2020-10-12 Thread Jaroslaw Rafa 
Dnia 12.10.2020 o godz. 18:07:12 Jason Long pisze:
> Hello,Why I sending email from my server to Yahoo! Or Gmail, then it sent
> to Spam and not Inbox folder?  I checked my server IP by
> "https://mxtoolbox.com/blacklists.aspx"; and everything is OK.
> Thank you.

Because their algorithms often do this for mail coming from small, unknown
mail servers.

For Gmail, take a look at these guidelines:
https://support.google.com/mail/answer/81126?hl=en . At the end there's a
link to "sender troubleshooter" which finally gets you to a form where you
should paste the headers of an email received on Gmail account that was
incorrectly classified as spam. Filling out this form can help, although
Google does not guarantee this.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

Re: I'm a beginner and want to setup Postfix on CentOS.

2020-10-12 Thread Ron Wheeler 

localhost is a name that Centos resolves.

https://www.liquidweb.com/kb/what-is-localhost

https://forums.centos.org/viewtopic.php?t=47101 discusses how it gets 
interpreted/set.


lo and ifconfig does not enter into the discussion.



On 2020-10-12 12:44 p.m., Jason Long wrote:

I disabled IPv6 in CentOS but connect with localhost not affected.

Sent from Yahoo Mail on Android 



On Mon, Oct 12, 2020 at 6:48 PM, Jason Long
 wrote:
# ifconfig

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:80230 errors:0 dropped:0 overruns:0 frame:0
          TX packets:80230 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:13792298 (13.1 MiB)  TX bytes:13792298 (13.1 MiB)



You right.

# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.example.net ESMTP Postfix
ehlo 127.0.0.1
250-mail.example.net
250-PIPELINING
250-SIZE 1024
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


Which lines of configuration must be change?





On Monday, October 12, 2020, 06:38:42 PM GMT+3:30, IL Ka
mailto:kazakevichi...@gmail.com>> wrote:





" ::1"  is a local address for IPv6
"127.[something]" is a local address of IPv4.
https://en.wikipedia.org/wiki/Localhost

My guess is that you didn't include IPv6 address to the list of
"mynetworks", so Postfix can't "trust" it, because
"smtpd_relay_restrictions" is default to: "permit_mynetworks,
permit_sasl_authenticated, defer_unauth_destination", which means
it only relays emails either from "mynetworks" or authenticated users.

"localhost" is resolved to the IPv6 address on CentOS. You can
explicitly disable IPv6:
https://www.tecmint.com/disable-ipv6-in-centos-8/

Or use IPv4 address explicitly: "telnet 127.0.0.1 25".

I'd stay with the latter case.



On Mon, Oct 12, 2020 at 5:55 PM Jason Long mailto:hack3r...@yahoo.com>> wrote:
> Thank you for your reply.
> How can I sure I'm using IPv4 or IPv6?
>
>
> On Monday, October 12, 2020, 06:18:10 PM GMT+3:30, IL Ka
mailto:kazakevichi...@gmail.com>> wrote:
>
>> mynetworks = 127.0.0.0/8, My Public IP
>> Trying ::1...
> It could be that you are using IPv6 to connect while
"mynetworks" is IPv4 address.
> Try "telnet 127.0.0.1 25"
>



--
Ron Wheeler
Artifact Software
438-345-3369
rwhee...@artifact-software.com

PostFix not working after update

2020-10-12 Thread Paul Lauzon 
I am trying to troubleshoot after an update using apt-get update/upgrade I
did a few days ago on Debian 9 (now 10).   PostFix does not seem to work
anymore. I tried many things: rebooting, restarting postfix, upgrading
debian from 9 to 10.  But it is still not working as before.

I confirmed that the master.cf and main.cf were not changed by the
installer.  Is there a troubleshooting guide somewhere?

Here is some info I got:

# service postfix status
   ? postfix.service - Postfix Mail Transport Agent
  Loaded: loaded (/lib/systemd/system/postfix.service; disabled; vendor
preset: enabled)
  Active: active (exited) since Fri 2020-10-09 05:26:54 PDT; 6min ago
 Process: 3059 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 3059 (code=exited, status=0/SUCCESS)

   Oct 09 05:26:54 ...: Starting Postfix Mail Transport Agent...
   Oct 09 05:26:54 ...: Started Postfix Mail Transport Agent.

# postfix -v check
   postfix: name_mask: all
   postfix: inet_addr_local: configured 5 IPv4 addresses
   postfix: inet_addr_local: configured 2 IPv6 addresses
   postfix: Postfix is running with backwards-compatible default settings
   postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
   postfix: To disable backwards compatibility use "postconf
compatibility_level=2" and "postfix reload"
   postfix/postfix-script: warning: symlink leaves directory:
/etc/postfix/./makedefs.out
   postfix/postfix-script: warning:
/var/spool/postfix/etc/ssl/certs/ca-certificates.crt and
/etc/ssl/certs/ca-certificates.crt differ
   postfix/postfix-script: warning:
/var/spool/postfix/lib/i386-linux-gnu/libnss_systemd.so.2 and
/lib/i386-linux-gnu/libnss_systemd.so.2 differ

I looked at the log and saw similar warnings as above:
   Oct  9 05:35:00 ...: name_mask: all
   Oct  9 05:35:00 ...: inet_addr_local: configured 5 IPv4 addresses
   Oct  9 05:35:00 ...: inet_addr_local: configured 2 IPv6 addresses
   Oct  9 05:35:00 ...: Postfix is running with backwards-compatible
default settings
   Oct  9 05:35:00 ...: See http://www.postfix.org/COMPATIBILITY_README.html
for details
   Oct  9 05:35:00 ...: To disable backwards compatibility use "postconf
compatibility_level=2" and "postfix reload"
   Oct  9 05:35:04 ...: warning: symlink leaves directory:
/etc/postfix/./makedefs.out
   Oct  9 05:35:04 ...: warning:
/var/spool/postfix/etc/ssl/certs/ca-certificates.crt and
/etc/ssl/certs/ca-certificates.crt differ
   Oct  9 05:35:05 ...: warning:
/var/spool/postfix/lib/i386-linux-gnu/libnss_systemd.so.2 and
/lib/i386-linux-gnu/libnss_systemd.so.2 differ
   Oct  9 05:35:05 ...: postfix/postqueue[...]: warning: Mail system is
down -- accessing queue directly


I looked at the postfix compatibility web page but I am not sure what
options make it go into compatibility mode.  Also the above are warnings so
I am guessing this would not prevent postfix from running.  Or maybe
warnings are considered unacceptable?

I also tried this:
  apt-get install --reinstall postfix

Do I really need to do these?
   postconf compatibility_level=2
   postfix reload

Re: PostFix not working after update

2020-10-12 Thread Noel Jones 



On 10/12/2020 3:59 PM, Paul Lauzon wrote:
I am trying to troubleshoot after an update using apt-get 
update/upgrade I did a few days ago on Debian 9 (now 10).   PostFix 
does not seem to work anymore. I tried many things: rebooting, 
restarting postfix, upgrading debian from 9 to 10.  But it is still 
not working as before.


I confirmed that the master.cf  and main.cf 
 were not changed by the installer.  Is there a 
troubleshooting guide somewhere?




General debugging info here:
http://www.postfix.org/DEBUG_README.html

In particular, see what postfix logs when you run "postfix start"

Do NOT enable verbose logging. Everything you need is very likely in 
the normal logging.



  -- Noel Jones

Re: PostFix not working after update

2020-10-12 Thread Bob Proulx 
Paul Lauzon wrote:
> PostFix does not seem to work anymore.

There are an infinite number of ways for something to fail but only
exactly one correct way for it to work.

In addition to the other comments I see this:

> # service postfix status
>? postfix.service - Postfix Mail Transport Agent
>   Loaded: loaded (/lib/systemd/system/postfix.service; disabled; vendor 
> preset: enabled)

Why is it disabled?  Is that the problem?  That it is not running?  Try 
enabling it.
Since you are running systemd the systemd way to enable it is:

systemctl enable postfix.service

>Oct  9 05:35:00 ...: Postfix is running with backwards-compatible default 
> settings
>Oct  9 05:35:00 ...: See http://www.postfix.org/COMPATIBILITY_README.html 
> for details
>Oct  9 05:35:00 ...: To disable backwards compatibility use "postconf 
> compatibility_level=2" and "postfix reload"

The above might be a notification of a change but it is not going to
be "the problem" you are chasing down.  I see you updated it with the
following but I would have recommended to ignore it for the moment.

> Do I really need to do these?
>postconf compatibility_level=2
>postfix reload

Before doing this I would have asked what was the state of field 5 in
the master.cf file.  If it is 'y' or 'n' then the above will not
change anything.  But if it is '-' then note that the default changed
from "no" previously to "yes" now in the newer version.  Running the
above switches to using the new "yes" default instead of the previous
"no" default.

# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
smtp   inet  n   -   y   -   -   smtpd

>Oct  9 05:35:04 ...: warning: symlink leaves directory: 
> /etc/postfix/./makedefs.out
>Oct  9 05:35:04 ...: warning: 
> /var/spool/postfix/etc/ssl/certs/ca-certificates.crt and 
> /etc/ssl/certs/ca-certificates.crt differ
>Oct  9 05:35:05 ...: warning: 
> /var/spool/postfix/lib/i386-linux-gnu/libnss_systemd.so.2 and 
> /lib/i386-linux-gnu/libnss_systemd.so.2 differ
>Oct  9 05:35:05 ...: postfix/postqueue[...]: warning: Mail system is down 
> -- accessing queue directly

The theory goes that in Debian when the init script starts it runs a
helper script /usr/lib/postfix/configure-instance.sh which will update
all files that are needed for running inside the chroot.  If those
files are out of sync then that is an indication that the init did not
run that script and therefore did not run correctly.  Since you are
running systemd (Lasciate ogne speranza, voi ch'intrate.) then the
start process would be something like this.

systemctl is-enabled postfix.service
systemctl enable postfix.service
systemctl start postfix.service
systemctl status postfix.service

Note that in the systemd architecture systemctl isn't the process that
does the starting.  It simply sends a message to the running systemd.
Therefore it never reports on the status of any action.  One must
always remember to follow any action with a status request in order to
know the success or failure of the previous action.

Bob

Re: use postfix over ssh

2020-10-12 Thread Ranjan Maitra 
My apologies: were there any suggestions regarding what i should do?

Thanks,
Ranjan

On Sat, 10 Oct 2020 20:07:33 -0500 Ranjan Maitra  wrote:

> Hi Viktor,
>
> Thanks for your response!
>
> On Sat, 10 Oct 2020 19:31:09 -0400 Viktor Dukhovni 
>  wrote:
>
> > On Sat, Oct 10, 2020 at 04:04:30PM -0500, Ranjan Maitra wrote:
> >
> > > I have postfix running on both my home and office machines. I am able
> > > to send e-mail from my office machine (that uses my employer's
> > > mailhub, etc), but not from my home machine when using my office
> > > e-mail address as the sender's address. However, I am able to connect
> > > via ssh+vpn with 2FA to my office machine. My question is: can I set
> > > my home machine's postfix up such that I can send e-mail through the
> > > ssh tunnel to my office machine (sorry for my non-technical
> > > description). How do I do this, if possible?
> >
> > Your question is not sufficiently detailed/precise for an answer to
> > be possible.  You need to provide more details about the SSH VPN.
>
> I am not sure I know all the answers to your questions, so some suggestions 
> on how to figure these out would be very helpful (I am on Fedora 32 linux).
>
> > - Does it allow port forwarding?  Or just terminal and perhaps
> >   X11 sessions?
>
> I believe that is allows at least some port forwarding, but I do not know 
> what all it does. My ssh is to a non-standard port, however.
>
> > - What ports if any can you forward?
> > - Any other relevant details...
>
> How do I figure this out?
>
> cat /etc/services | grep ssh
>
> ssh 22/tcp  # The Secure Shell (SSH) 
> Protocol
> ssh 22/udp  # The Secure Shell (SSH) 
> Protocol
> x11-ssh-offset  6010/tcp# SSH X11 forwarding offset
> ssh 22/sctp # SSH
> sshell  614/tcp # SSLshell
> sshell  614/udp #   SSLshell
> netconf-ssh 830/tcp # NETCONF over SSH
> netconf-ssh 830/udp # NETCONF over SSH
> sdo-ssh 3897/tcp# Simple Distributed Objects over SSH
> sdo-ssh 3897/udp# Simple Distributed Objects over SSH
> netconf-ch-ssh  4334/tcp# NETCONF Call Home (SSH)
> snmpssh 5161/tcp# SNMP over SSH Transport Model
> snmpssh-trap5162/tcp# SNMP Notification over SSH 
> Transport Model
> tl1-ssh 6252/tcp# TL1 over SSH
> tl1-ssh 6252/udp# TL1 over SSH
> ssh-mgmt17235/tcp   # SSH Tectia Manager
> ssh-mgmt17235/udp   # SSH Tectia Manager
>
>
> > Also:
> >
> > - Do you ever send email to office recipients from your non-office
> >   email address?  How do you want these to be routed?
>
> I use postfix only for my office e-mail address so I do not believe this to 
> be an issue.
>
> >
> > - If you do use your office address as a sender address, but a
> >   message is not deliverable, how should the bounce be routed?
>
> I don't know if this is the answer, but I guess that the bounce should be 
> routed back to my office e-mail address?
>
> I am happy to provide more information.
>
> Many thanks again and best wishes,
> Ranjan
>
> >
> > --
> > Viktor.
> >
> --
> Important Notice: This mailbox is ignored: e-mails are set to be deleted on 
> receipt. Please respond to the mailing list if appropriate. For those needing 
> to send personal or professional e-mail, please use appropriate addresses.
>
--
Important Notice: This mailbox is ignored: e-mails are set to be deleted on 
receipt. Please respond to the mailing list if appropriate. For those needing 
to send personal or professional e-mail, please use appropriate addresses.

Re: use postfix over ssh

2020-10-12 Thread Viktor Dukhovni 
On Mon, Oct 12, 2020 at 08:09:45PM -0500, Ranjan Maitra wrote:

> My apologies: were there any suggestions regarding what i should do?

Find out more about the VPN.  Nobody on this list can do that.  Does it
support port forwarding (learn that means), and will it allow forwarding
of the internal SMTP server's IP:port to your client machine.  Your
IT staff should be able to help you with that.

> > > Your question is not sufficiently detailed/precise for an answer to
> > > be possible.  You need to provide more details about the SSH VPN.
> >
> > I am not sure I know all the answers to your questions, so some suggestions 
> > on how to figure these out would be very helpful (I am on Fedora 32 linux).
> >
> > > - Does it allow port forwarding?  Or just terminal and perhaps
> > >   X11 sessions?
> >
> > I believe that is allows at least some port forwarding, but I do not know 
> > what all it does. My ssh is to a non-standard port, however.
> >
> > > - What ports if any can you forward?
> > > - Any other relevant details...
> >
> > How do I figure this out?
> >
> > cat /etc/services | grep ssh

This is not relevant.

> > > Also:
> > >
> > > - Do you ever send email to office recipients from your non-office
> > >   email address?  How do you want these to be routed?
> >
> > I use postfix only for my office e-mail address so I do not believe this to 
> > be an issue.
> >
> > >
> > > - If you do use your office address as a sender address, but a
> > >   message is not deliverable, how should the bounce be routed?
> >
> > I don't know if this is the answer, but I guess that the bounce should be 
> > routed back to my office e-mail address?

In that case all you need to do is set relayhost to the
forwarded SSH port:

relayhost = [127.0.0.1]:

but that requires your SSH VPN to support port forwarding from the
remote network to your machine, which it may restrict for security
reasons.  You'd then need to run "ssh" with the relevant port
forwarded:

localport=12345 # Forwarded SMTP service
relayhost=smtp.example.com
login=yourloginname
sshvpnport=22 # Perhaps different in your case
ssh -Nn -o "ExitOnForwardFailure yes" -l $login -p $vpnport \
-L"$localport:$relayhost:25" sshvpn.example.com

-- 
Viktor.

Re: use postfix over ssh

2020-10-12 Thread Ranjan Maitra 
On Mon, 12 Oct 2020 21:19:38 -0400 Viktor Dukhovni  
wrote:

> On Mon, Oct 12, 2020 at 08:09:45PM -0500, Ranjan Maitra wrote:
>
> > My apologies: were there any suggestions regarding what i should do?
>
> Find out more about the VPN.  Nobody on this list can do that.  Does it
> support port forwarding (learn that means), and will it allow forwarding
> of the internal SMTP server's IP:port to your client machine.

Thank you very much, the SMTP port of the host is the standard 25. Is there a 
commandline way to quickly find out if the port is allowed to be forwarded? 
Otherwise, of course, I will wait for my IT staff to respond.

> In that case all you need to do is set relayhost to the
> forwarded SSH port:
>
> relayhost = [127.0.0.1]:
>
> but that requires your SSH VPN to support port forwarding from the
> remote network to your machine, which it may restrict for security
> reasons.  You'd then need to run "ssh" with the relevant port
> forwarded:
>
> localport=12345 # Forwarded SMTP service
> relayhost=smtp.example.com
> login=yourloginname
> sshvpnport=22 # Perhaps different in your case
> ssh -Nn -o "ExitOnForwardFailure yes" -l $login -p $vpnport \
> -L"$localport:$relayhost:25" sshvpn.example.com
>
> --

I know my ssh port. The localport, I guess, is for my home machine. Where do I 
get it from? Also, where do I put the above?

I appreciate that I have not provided the most complete information for you to 
help, and so I thank you for making the time and the effort.

Many thanks again, and best wishes,
Ranjan