Re: limit connections

[Wietse Venema]

natan maciej milaszewski:
> This is what I mean by sending an e-mail to the not exists user
> Because people can make a mistake when entering a postal address in the
> mail client

Why is your Postfix server SENDING too many MAILER-DAEMON messages?

Thank you for your interest in Postfix. Although I wrote a large
part of the software, my personal email is not the point of contact
for support or questions.

- Information about Postfix is at http://www.postfix.org/

- Send questions about Postfix to postfix-users@postfix.org
To subscribe, see: http://www.postfix.org/lists.html

Wietse

Re: Understanding multi-instance transport tables

[Alex]

> > Mail appears to be completely ignoring the amavisd proxy despite
> > configuring default_transport to use 10025.
>
> The default_transport is a last-resort, it is preëmpted both by the
> transport table, and the address-class-specific transports.  It handles
> "other people's domains".  Mail for your own domains (local, virtual
> mailbox, relay, ...) uses local_transport, virtual_transport or
> relay_transport.  And all those are secondary to any transport(5)
> table you have configured.

I still don't understand the link between postfix and amavis. No mail
is delivered locally, except for system messages, so I don't need a
local_transport, right?

postfix-117:
mydestination =
local_recipient_maps =
local_transport = error:5.1.1 Mailbox unavailable
default_transport = smtp:[127.0.0.1]:10025
relay_transport = $default_transport
virtual_transport = $default_transport
transport_maps = ${indexed}transport
local_transport = error:5.1.1 Mailbox unavailable
transport_maps = ${indexed}transport
relay_domains = $mydestination, $transport_maps

/etc/postfix-117/transport:
mydomain.org  smtp-amavis:[127.0.0.1]:10025

master.cf:
smtp-amavis unix-   -   n   -   -   smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes

I'm really not sure what to do next. I've previously used
virtual_alias_maps with mydestination, but not virtual_transport. I'm
just unsure how all the pieces fit together. This is all based on
following the multi-instance doc as explicitly as possible, but I
think it leaves a lot to be desired in terms of how to produce a
functional system.

> > # mailq -C /etc/postfix-117
> > -Queue ID-  --Size-- Arrival Time -Sender/Recipient---
> > D9DE7200B23F32516 Tue Nov  3 20:34:30  mysqlstud...@gmail.com
> > (lost connection with 127.0.0.1[127.0.0.1] while receiving the initial
> > server greeting)
> >  a...@mycompany.org
>
> The downstream amavis or Postfix is not configured correctly and is
> dropping connections.   The reason is in your logs.

This also generates the following amavis error:
Nov  8 00:01:57 xavier amavis[812131]: (!)DENIED ACCESS from IP
209.216.11.117, policy bank ''

I've read that enabling smtp_bind_address=127.0.0.1 is necessary, but
that just creates a mail loop.

Re: limit connections

[Matus UHLAR - fantomas]

On 06.11.20 11:45, natan wrote:

I have a problem with one e-mail hosting and I need to slowly him

example:
That's hosting send to my users e-mail (normal e-mail, not spam,
sometimes mailing) but sometimes user not exists (because user was
deleted) or user have quota - my server (Mailer-daemon) sends returns -
and external hosting limit incomming e-mail per IP

I can limit the number of e-mails sent to them with:
onet_destination_concurrency_limit = 10
onet_destination_rate_delay = 1s

I thinking about limit incomming e-mail from thats domain or ip - and if
the limit is exceeded, they will get 4xx information about exceeding the
limit


once again:

On 06.11.20 12:08, Matus UHLAR - fantomas wrote:

So, are your sending mail to them or receiving mail from them?


who is sending mail where? Apparently you receive lots of e-mail from/to
nonexistent users, you should configure smtpd_reject_unlisted_sender
and maybe address verification
http://www.postfix.org/ADDRESS_VERIFICATION_README.html


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer

Re: Understanding multi-instance transport tables

[Viktor Dukhovni]

On Sun, Nov 08, 2020 at 12:11:16PM -0500, Alex wrote:

> > The default_transport is a last-resort, it is preëmpted both by the
> > transport table, and the address-class-specific transports.  It handles
> > "other people's domains".  Mail for your own domains (local, virtual
> > mailbox, relay, ...) uses local_transport, virtual_transport or
> > relay_transport.  And all those are secondary to any transport(5)
> > table you have configured.
> 
> I still don't understand the link between postfix and amavis.

Amavis is an SMTP server to which you can route mail for filtering.
That routing can happen via a content_filter (required in a single
instance configuration) or just making amavis the destination for all
mail in a multi-instance configuration.

Unfiltered Mail --->  Amavis SMTP ---> Filtered Mail
1-inst smtpd A  content_filter   smtpd B
2-inst Postfix A  ditto or transport Postfix B

> No mail
> is delivered locally, except for system messages, so I don't need a
> local_transport, right?
> postfix-117:
> mydestination =
> local_recipient_maps =
> local_transport = error:5.1.1 Mailbox unavailable

With "mydestination" empty, indeed you don't need to arrange
for local_transport to send mail via amavis, leaving it as
"error:" is fine.

> default_transport = smtp:[127.0.0.1]:10025
> relay_transport = $default_transport
> virtual_transport = $default_transport
> transport_maps = ${indexed}transport
> local_transport = error:5.1.1 Mailbox unavailable
> transport_maps = ${indexed}transport
> relay_domains = $mydestination, $transport_maps
>
> /etc/postfix-117/transport:
> mydomain.org  smtp-amavis:[127.0.0.1]:10025

I don't recommend overloading the transport table as $relay_domains, but
with care to not forget that you're doing it, it can work.

> master.cf:
> smtp-amavis unix-   -   n   -   -   smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes

OK, or you can just use "smtp" rather than "smtp-amavis", after all
all mail goes there, so there's no need for a custom transport with
master.cf overrides, just put the settings in main.cf and use "smtp".

> I'm really not sure what to do next. I've previously used
> virtual_alias_maps with mydestination, but not virtual_transport. I'm
> just unsure how all the pieces fit together. This is all based on
> following the multi-instance doc as explicitly as possible, but I
> think it leaves a lot to be desired in terms of how to produce a
> functional system.

I am perplexed by your struggles.  In a multi-instance system each
instance is an independent Postfix which takes mail in on some IP:port,
and delivers it to some IP:port (or at the end of the pipeline finally
to some storage location).  If there's any confusion, it is perhaps
that you're expecting more complexity than it is actually involved.

> > > -Queue ID-  --Size-- Arrival Time -Sender/Recipient---
> > > D9DE7200B23F32516 Tue Nov  3 20:34:30  mysqlstud...@gmail.com
> > > (lost connection with 127.0.0.1[127.0.0.1] while receiving the initial
> > > server greeting)
> > >  a...@mycompany.org

Well, that need that there's a problem connecting to that service,
connections are dropped without a 220 banner.  Either Amavis or
its downstream port are not up and running.  Fix that.

> > The downstream amavis or Postfix is not configured correctly and is
> > dropping connections.   The reason is in your logs.
> 
> This also generates the following amavis error:
> Nov  8 00:01:57 xavier amavis[812131]: (!)DENIED ACCESS from IP
> 209.216.11.117, policy bank ''

Well, that's certainly an obstacle.

> I've read that enabling smtp_bind_address=127.0.0.1 is necessary, but
> that just creates a mail loop.

Setting smtp_bind_address cannot create a mail loop, but it can
make delivery possible, that exposes a looping configuration.
Don't configure loops in the forwarding pipeline.

-- 
Viktor.

Postfix stable release 3.5.8 and legacy releases 3.4.18, postfix-3.3.15, 3.2.20

[Wietse Venema]

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.5.8.html]

Fixed in Postfix version 3.5.8:

  * [Postfix 3.5 and later] The Postfix SMTP client inserted
 into message headers longer than $line_length_limit
(default: 2048), causing all subsequent header content to become
message body content. Reported by Andreas Weigel.

Fixed in Postfix versions 3.5.8, 3.4.18, 3.3.15, 3.2.20:

  * [Postfix 2.8 and later] The postscreen daemon did not save a
copy of the postscreen_dnsbl_reply_map lookup result. This has
no effect when the recommended texthash: look table is used,
but it could result in stale data with other lookup tables.

  * [Postfix 2.3 and later] After deleting a recipient with a Milter,
the Postfix recipient duplicate filter was not updated; the
filter suppressed requests to add the recipient back. Reported by
Mehmet Avcioglu.

  * [Postfix 2.3 and later] Memory leak: the static: maps did not
free their casefolding buffer.

  * [Postfix 2.2 and later] With "smtpd_tls_wrappermode = yes", the
smtps service was waiting for a TLS handshake, after processing
an XCLIENT command. Reported by Aki Tuomi.

  * [Postfix 2.0 and later] The smtp_sasl_mechanism_filter
implementation ignored table lookup errors, treating them as
'not found'.

  * [Postfix alpha and later] The code that looks for Delivered-To:
headers ignored headers longer than $line_length_limit (default:
2048).

You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.

Wietse

Re: Postfix stable release 3.5.8 and legacy releases 3.4.18, postfix-3.3.15, 3.2.20

[Francesc Peñalvez]

Thanks Wietse

El 08/11/2020 a las 21:31, Wietse Venema escribió:

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.5.8.html]

Fixed in Postfix version 3.5.8:

   * [Postfix 3.5 and later] The Postfix SMTP client inserted
  into message headers longer than $line_length_limit
 (default: 2048), causing all subsequent header content to become
 message body content. Reported by Andreas Weigel.

Fixed in Postfix versions 3.5.8, 3.4.18, 3.3.15, 3.2.20:

   * [Postfix 2.8 and later] The postscreen daemon did not save a
 copy of the postscreen_dnsbl_reply_map lookup result. This has
 no effect when the recommended texthash: look table is used,
 but it could result in stale data with other lookup tables.

   * [Postfix 2.3 and later] After deleting a recipient with a Milter,
 the Postfix recipient duplicate filter was not updated; the
 filter suppressed requests to add the recipient back. Reported by
 Mehmet Avcioglu.

   * [Postfix 2.3 and later] Memory leak: the static: maps did not
 free their casefolding buffer.

   * [Postfix 2.2 and later] With "smtpd_tls_wrappermode = yes", the
 smtps service was waiting for a TLS handshake, after processing
 an XCLIENT command. Reported by Aki Tuomi.

   * [Postfix 2.0 and later] The smtp_sasl_mechanism_filter
 implementation ignored table lookup errors, treating them as
 'not found'.

   * [Postfix alpha and later] The code that looks for Delivered-To:
 headers ignored headers longer than $line_length_limit (default:
 2048).

You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.

Wietse




smime.p7s
Description: Firma criptográfica S/MIME