[pfx] Re: Postfix in kubernetes - short status update

[Nico Schottelius via Postfix-users]

Wietse Venema via Postfix-users  writes:
> Consider using LMDB or CDB instead. 
>
> - CDB is optimized for tables that don't change.
>
> - LMDB was proposed 10 yeara ago as a replacement for Berkeley DB,
>   because of a licensing issue.

Thanks, using lmdb works like charm.

The main reason I tried btree was
that it is referenced in the documentation. Would it potentially make
sense to replace the btree / hash examples in the documentation with
lmdb by default?

BR,

Nico


-- 
Sustainable and modern Infrastructures by ungleich.ch
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Postfix in kubernetes - short status update

[Nico Schottelius via Postfix-users]

Hello Viktor,

Viktor Dukhovni via Postfix-users  writes:

> On Sat, Oct 26, 2024 at 12:06:12AM +0900, Nico Schottelius via Postfix-users 
> wrote:
>
>> The maps/hashes that make a lot of sense on VMs/servers for avoiding
>> reloading postfix, do not make much sense in the k8s/container context.
>
> Restarts are much more disruptive that reloads, because the entire
> active queue moves back to the incoming queue, client connections are
> closed abruptly, ...  It is not clear why k8s makes that a non-issue.

First of all, I fully agree with you in regards to reload vs. restart
being disruptive, if we are considering a single system.

In the k8s context the behaviour of one instance does not really
change. However often you would deploy a multitude of instances and
combine them in what k8s calls a "Service", basically a primitive load
balancer.

Let's say you are running 2 postfix instance per service. One restarts,
one still accepts smtp connections. No disruption at all. k8s also has a
concept of "being healthy" and "having started", so you can wait for a
specific instance to return to health before returing traffic to it.

>> Instead of reparsing something, a container can be fully restarted.
>
> But this is not a good way to routinely update some tables in a running
> Postix.

Might be very true, but see it more as "postfix clusters" as the
default.

>> The above postfix runs with TLS enabled with receiving certificates from
>> the cert manager. Automatic restart on certificate change is not yet
>> implemented.
>
> Postfix does not need to be reloaded or restarted when certificates
> change, the processes that use the certificate files are ephemeral, age
> out, and their replacements will read the latest certificate files.

Ohh, that is good to know. So as long as a couple of weeks before
expiration (think letsencrypt) the certs are renewed, it is virtually
guaranteed to work all the time?

That's nice!

> If
> you're using SNI, with an indexed DB backend, then of course (as with
> other tables), you'll need to rebuild those, again does not require
> either a reload or restart.

Pretty cool, thanks for the heads up!

BR,

Nico


-- 
Sustainable and modern Infrastructures by ungleich.ch


signature.asc
Description: PGP signature
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Choose transport based on multiple conditions

[Wietse Venema via Postfix-users]

Birta Levente via Postfix-users:
> Hello
> 
> I have the following situation:
> default_transport=smtp
> -need to send to domain1 through smtpa, except if the sender is 
> from_special then send through smtpb
> 
> 
> smtp.smtp
>  -o smtp_bind_address=ip1
> smtpa . smtp
>  -o smtp_bind_address=ip1
>  -o ..
> smtpb . smtp
>  -o smtp_bind_address=ip2
> -o 
> 
> How can I achive this?

/etc/postfix/main.cf:
# Limitation: this setting is overruled with FILTER and transport_maps.
sender_dependent_default_transport_maps = inline:{
{ u...@example.com = smtpb } }

If you have many such users, use a cdb:, hash:, btree: or lmdb: file.

Avoid SQL/LDAP here, because the lookup happens in the critical
path of the Postfix scheduler.

Wietse

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: User unknown in local recipient table (in reply to RCPT TO command)

[Bill Cole via Postfix-users]

On 2024-10-28 at 14:08:03 UTC-0400 (Mon, 28 Oct 2024 18:08:03 +)
Ken Gillett via Postfix-users 
is rumored to have said:


ps -ax | grep master
  349 ??10:57.09 master -c /Library/Server/Mail/Config/postfix

and I am running the Server versions of postconf and postmap, but 
which version of master is being run?


Assuming that you haven't restarted master, run this:

lsof -p 349  #(Or the PID of the current master process)

It will show you which files the process has open, the 2nd of which 
(after the working directory) should be the file that was executed to 
launch the process.


You can also get a clue from `which postconf` which will show you which 
postconf  you're running. e.g. on a Mac using the MacPorts build:


$ which postconf
/opt/local/sbin/postconf

The path for the macOS system install is /usr/sbin/postconf, MacOS 
Server install is 
/Applications/Server.app/Contents/ServerRoot/usr/sbin/postconf.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com 
addresses)

Not Currently Available For Hire
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Choose transport based on multiple conditions

[Birta Levente via Postfix-users]

On 28/10/2024 21:46, Wietse Venema via Postfix-users wrote:

Birta Levente via Postfix-users:

Hello

I have the following situation:
default_transport=smtp
-need to send to domain1 through smtpa, except if the sender is
from_special then send through smtpb


smtp.smtp
  -o smtp_bind_address=ip1
smtpa . smtp
  -o smtp_bind_address=ip1
  -o ..
smtpb . smtp
  -o smtp_bind_address=ip2
-o 

How can I achive this?

/etc/postfix/main.cf:
 # Limitation: this setting is overruled with FILTER and transport_maps.
 sender_dependent_default_transport_maps = inline:{
 { u...@example.com = smtpb } }


Indeed, my problem is this limitation.

I forgot to mention that I have transport map:

/domain1/    smtpa:


My problem is that I have to slow down the sending rate to domain1, but 
in the same time I need to segregate (send out on different IP address) 
based on sender address.


So, as I understand this is possible only with multi-instance?

Thanks

Levi




If you have many such users, use a cdb:, hash:, btree: or lmdb: file.

Avoid SQL/LDAP here, because the lookup happens in the critical
path of the Postfix scheduler.

Wietse

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Choose transport based on multiple conditions

[Benny Pedersen via Postfix-users]

Birta Levente via Postfix-users skrev den 2024-10-28 21:42:


So, as I understand this is possible only with multi-instance?


i have all my custommers domains pr domain sender ip, no multi-instance 
need for this yet


if you need more help its esential showing logs, opfuscate is ok, just 
mention where






___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: User unknown in local recipient table (in reply to RCPT TO command)

[Peter via Postfix-users]

On 29/10/24 05:52, Ken Gillett via Postfix-users wrote:
>>> mail_version = 2.5.5
>>
>> That's certainly not recent. :-(

The server versions of Postfix are from 2018, whereas the std. install 
is 2020.


You're off by a decade, 2.5.5 was released in 2008 and the final 2.5 
release was in February 2012.  This isn't the only time MacOS has 
carried an ancient version of some software and I highly recommend that 
you use a much newer version.  Even if/when you install on a new mac 
there is a high probability that it won't come with an updated postfix.



Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] OT: k8s network presentation

[Nico Schottelius via Postfix-users]

Hello postfix users,

I know I am probably not the most conventional guy moving postfix into
IPv6 only kubernetes stacks, but there are good reasons for it.

To explain a bit the background of all this "nonsense", I wanted to
point to a presentation I will be giving in the RIPE IPv6 working group
on 31st of October, 0900 UTC+1 [0].

While that talk is about routing in k8s, I will touch many points that
are equally related to running postfix and other "traditional" services
(such as routing daemons!) in k8s.

I wanted to announce this to give a bit of background and also
motivation why running postfix in a k8s environment is an
interesting thing to do.

BR,

Nico

[0] https://ripe89.ripe.net/programme/meeting-plan/ipv6-wg/

-- 
Sustainable and modern Infrastructures by ungleich.ch


signature.asc
Description: PGP signature
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: User unknown in local recipient table (in reply to RCPT TO command)

[Wietse Venema via Postfix-users]

Ken Gillett via Postfix-users:
> Thank you for your words of wisdom Wietse. ??> 
> I rather thought you understood how 'silly' it would be to run a find command 
> for postconf as I had already clearly explained (at least 3 times ?? I knew 
> where both versions were located and always ensured I was running the correct 
> one. Apologies if I wasn't clear enough for you. ??> 
> In any case, to please you I did run it and er, it confirmed what I have been 
> saying. 2 postconfs, each in the location I said they were.
> 
> I have now established which master is running and unless postfix reads 
> configuration from a main.cf other than what it has been told to use when 
> executed, I am running the MacOSX Server install of postfix which uses 
> /Library/Server/Mail/Config/postfix/main.cf. End of.
> 
> However, postfix is still exhibiting errant behaviour:-
> 
>   user@mydomain works
> 
>   user@myhostname fails
> 
> Help with troubleshooting this issue is much appreciated.

Use the right postconf command to verify that the configuration of the
running master matches the settings that you poresented in the
first postihg and that I verified on my own machine.

If that configuration is what is running, then any difference in
behavior is due to something that you or Apple did, snf for which
I cannot be held responsible..

> Is there perhaps a postfix utility to which you can pass an address
> and have it spit out exactly how it is dealt with? So it would

There is a way to make the Postfix SMTP daemon more chatty in the
logfile, but that works only if you can update and verify the right
configuration files. Which you haven't, going by your reports sofar.

/path/to/postconf debug_peer_list=ip-of-telnet-client
/path/to/postconf debug_peer_level=2
/path/to/postfix reload

where ip-of-telnet-client is the IP address of the client
that you use to send the commands with telnet.

> e.g. reveal what it thinks is the domain, what it thinks is the
> user to be validated. Is there anything like that? Currently all
> I know is that one doesn't work, without any indication of what
> is being done internally and hence resulting in the failure. Is
> there anything really useful like that?

The debug logging will show the working of the guts, but it will
take someone like Viktor or me to make sense of the gibberish.

Wietse

> Otherwise I'll just have to put this down to postfix failure in a Mac Server 
> and wait until I can start with a clean install on a *nix replacement server.
> 
> 
> Ken  G i l l e t t
> 
> _/_/_/_/_/_/_/_/
> 
> 
> 
> > On Mon 28 Oct 2024, at 19:00, Wietse Venema via Postfix-users 
> >  wrote:
> > 
> > Ken Gillett via Postfix-users:
> >> Does 'postconf daemon_directory' simply return info from the
> >> main.cf, or does it query the running process to get exactly what
> >> is being used?
> > 
> > Don't be silly. By design, the postconf command uses the same
> > main.cf file as the master daemon.
> > 
> > If you have more than one Postfix installation, then you need to find the
> > postconf command that "belongs" to the same installation as the
> > running master daemon.
> > 
> > Again for the third time.
> > 
> > As root, execute the command:
> > 
> > find / -name postconf
> > 
> >> Which still leaves the question of why emails to user@myhostname are 
> >> rejected. 
> > 
> > You are looking at the wrong configuration with the wrong postconf command.
> > 
> > Over and out.
> > 
> > Wietse
> > ___
> > Postfix-users mailing list -- postfix-users@postfix.org
> > To unsubscribe send an email to postfix-users-le...@postfix.org
> 
> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
> 
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Choose transport based on multiple conditions

[Viktor Dukhovni via Postfix-users]

On Mon, Oct 28, 2024 at 06:17:56PM -0400, Wietse Venema via Postfix-users wrote:

> > My problem is that I have to slow down the sending rate to domain1, but 
> > in the same time I need to segregate (send out on different IP address) 
> > based on sender address.
> > 
> > So, as I understand this is possible only with multi-instance?
> 
> main.cf:
> # Limitation: this setting is overruled with FILTER om access map
> # or header/body_checks.
> smtpd_sender_restrictions = inline:{
>   { u...@example.com = FILTER smtpb: } }
> 
> A less hackey solution would require a transport policy service,
> kind of like check_policy_service for the scheduler.

Or multiple instances with sender_dependent routing in the front-end
instance sometimes bypassing the default back-end instance which ignores
sender addresses and routes by recipient.

This avoids problems if "u...@example.com" happens to send mail to a
local address, that should not be sent via "smtpb".

Postfix sensibly prioritises choosing transports by recipient rather
than sender when explicit non-default routing is available.  The OP's
case of carving out very special exceptions does not have a simple
solution.

What's "missing" is a way to say that an explicit transport selected
for a recipient is still in some sense a lower priority "default"
transport that a sender-dependent transport might override.  This
would include custom delivery channels to remote destinations used
only for traffic shaping, but not deliveries to local or relay
recipients.

One way to do this would be designate additional transports as
being essentially secondary "default" transports.

default_transport = smtp
secondary_default_transports = smtpa

in which case sender_dependent_default_transport would override "smtp"
and "smtpa", but not "relay", "local", or "virtual", ...

-- 
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: alternative to one.com ?

[Viktor Dukhovni via Postfix-users]

On Sat, Oct 26, 2024 at 08:31:39PM +0200, Benny Pedersen via Postfix-users 
wrote:

> i like to stop using one.com for servial ressons, first that do not support
> rfc 7505, why ?

You mean, I guess, as a DNS provider?  If so most users want email for
their domains, and those that don't probably don't know about 7505.
And one.com do a good job of hosting email for their customer domains,
and even provide DNSSEC/DANE support.  So missing support for publishing
RFC 7505 NULL MX records is a minor nit, but I'll mention it to them,
perhaps it'll go on the list.

Are they your registrar, DNS operator, or both?

> and sending bills to dns admins when one.com users is not domain owner,
> hmm :)

If you're talking about bills for DNS service, as opposed to domain
registration, then perhaps the DNS admin is the right customer contact?

> so is there better places to support registrar payments, and do fully
> support dnssec

A lot depends on what services you're looking for.  Do you want just
DNS, web hosting, email hosting, or perhaps, if you're looking for RFC
7505 support, you're looking for registration? and DNS? for non-email
domains?

> thats all i really need, i still miss gratisdns.dk with did a great
> job while i was there

The gratis DNS service was moribund on autopilot, not surprising for
a free service.  Lots of legacy needed to be cleaned up, still some
512-bit RSA DNSSEC keys left over last time I looked.

-- 
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: User unknown in local recipient table (in reply to RCPT TO command)

[Ken Gillett via Postfix-users]

> On Mon 28 Oct 2024, at 03:26, Viktor Dukhovni via Postfix-users 
>  wrote:
> 
> On Sun, Oct 27, 2024 at 12:55:17PM +, Ken Gillett via Postfix-users wrote:
> 
>> …
> 
> And what is in your alias table, please report the output of:
> 
>$ id ken

uid=xxx(ken) gid=yy(staff)
…

There's more, groups etc, but probably not relevant. It does find my account 
though which I guess is the important thing.

>$ postconf mail_version append_dot_mydomain \
>alias_maps alias_database local_recipient_maps mydomain myhostname 
> myorigin mydestination

mail_version = 2.5.5
append_dot_mydomain = no
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mydomain = home
myhostname = MacServe.home
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain


>$ postmap -fq - unix:passwd.byname hash:/etc/aliases <<'EOF'
>k...@macserve.home
>k...@home.home
>ken@home
>ken
>EOF

ken@homeken::xxx:yy:Ken Gillett:/Users/ken:/bin/bash
ken ken::xxx:yy:Ken Gillett:/Users/ken:/bin/bash

I'm thinking that k...@macserve.home should have been found?

Should it not simply be looking for anything before the @?


Ken  G i l l e t t

_/_/_/_/_/_/_/_/



___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: User unknown in local recipient table (in reply to RCPT TO command)

[Ken Gillett via Postfix-users]

Yes, MacOSX Server was never great, progressively got worse then they dumped 
it, but such a server ends up with 2 versions of postifix installed. The more 
standard one (/etc/postfix, /usr/libexec/postfix,/usr/sbin/) and the 'special' 
MacOSX Server versions in the above directories prepended by 
/Applications/Server.app/Contents/ServerRoot.

I have tried to stick to the Server versions, but I now see I am running the 
std. master, with the daemon_directory and config_directory set to the Server 
versions. So I think it is a little mixed and I should probably try and move it 
all to the std. install and try and ignore all the Server special versions. 
That has long been my intention, but I just didn't want to do it yet. However 
the mail loop that was flooding the network required action and that has now 
ceased. So no longer such a priority.


Ken  G i l l e t t

_/_/_/_/_/_/_/_/



> On Sun 27 Oct 2024, at 23:39, Wietse Venema via Postfix-users 
>  wrote:
> 
> Ken Gillett via Postfix-users:
>> Still beating my head against the wall here.
>> 
>> I changed mydomain from 'home' to 'hoome'. Postconf showed the
>> change, but I suspect postconf just reads the configuration files
>> rather than reports what postfix itself has gleaned from those
>> files.
>> 
>> Anyway, I reloaded postfix and tried to send mail to ken@home which
>> still worked perfectly, while ken@hoome failed:-
>> 
>> Host or domain name not found. Name service error
>>for name=MacServe.hoome type=: Host not found
>> 
>> So as far as I can tell from that, postfix is NOT using what is
>> in main.cf - at least not this changed value.
> 
> All programs that are part of Postfix use the same configuration.
> MacOS is 'special'. Maybe their main.cf is derived from a different
> source of truth, and you need to edit that instead of main.cf.
> 
> Either wasy, you're staring at the wrong file. Viktor uses a Mac
> so he may know a bit more.
> 
>   Wietse
> ___
> Postfix-users mailing list -- postfix-users@postfix.org 
> 
> To unsubscribe send an email to postfix-users-le...@postfix.org 
> 
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Web api for sending email

[Peter Ajamian via Postfix-users]

On 28/10/24 20:02, Wesley wrote:
That VM provider Crunchbits blocks all traffic to external ports of 25, 
587, 465, 2525 etc. under this case how the customer can access my 
mailserver via SMTP for submissions?


Postfix can listen on literally *any* port, so long as it's the same 
port the client is trying to send to.  Just pick a port that they 
*don't* block and use that.



Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Web api for sending email

[Peter via Postfix-users]

On 28/10/24 20:07, Peter Ajamian via Postfix-users wrote:

On 28/10/24 20:02, Wesley wrote:
That VM provider Crunchbits blocks all traffic to external ports of 
25, 587, 465, 2525 etc. under this case how the customer can access my 
mailserver via SMTP for submissions?


Postfix can listen on literally *any* port, so long as it's the same 
port the client is trying to send to.  Just pick a port that they 
*don't* block and use that.


Also, from https://crunchbits.com/vds


Do you open e-mail ports?
Due to abuse, mail ports are blocked by default. We may open them on a 
per-customer basis upon request.


So I would recommend that your customer ask them to unblock 465 or 587, 
but barring that just use a different port.



Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Web api for sending email

[patpro--- via Postfix-users]

Hi,

Depending on your client / server interaction, you might be able to setup an 
ssh tunnel or a wireguard vpn between client and server, then use localhost:587 
for submission, bypassing Crunchbits' firewall.

I see no other reliable way to do it (other than changing providers).

pat


October 28, 2024 8:02 AM, "Wesley via Postfix-users" 
 wrote:

> That VM provider Crunchbits blocks all traffic to external ports of 25, 587, 
> 465, 2525 etc. under
> this case how the customer can access my mailserver via SMTP for submissions?
> 
> Thanks again.
> 
> On 2024-10-28 14:39, Peter via Postfix-users wrote:
> 
>> On 28/10/24 15:37, Wesley via Postfix-users wrote:
>>> Do you know any project which provides HTTP api integrated with >> postfix 
>>> for sending email ? I
>>> ask this is because one of my customers >> has been using the VPS which has 
>>> all outgoing smtp
>>> ports/traffic >> blocked.
>> 
>> You really shouldn't be using the smtp port for submission anyways. > Your 
>> VPS provider should not
>> be blocking ports 587 (submission) or 465 > (submissions) and both are 
>> appropriate for this.
>> If they somehow are blocking those ports just pick a different one and > 
>> have postfix listen on
>> that for submission.
>> Note: port 25 (smtp) should really be used for MX communication only > and 
>> not for relaying mail to
>> a submission server.
>>> Peter
>> ___
>> Postfix-users mailing list -- postfix-users@postfix.org
>> To unsubscribe send an email to postfix-users-le...@postfix.org
> 
> -- https://wespeng.pages.dev
> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: User unknown in local recipient table (in reply to RCPT TO command)

[Wietse Venema via Postfix-users]

Ken Gillett via Postfix-users:
> Does 'postconf daemon_directory' simply return info from the
> main.cf, or does it query the running process to get exactly what
> is being used?

Don't be silly. By design, the postconf command uses the same
main.cf file as the master daemon.

If you have more than one Postfix installation, then you need to find the
postconf command that "belongs" to the same installation as the
running master daemon.

Again for the third time.

As root, execute the command:

find / -name postconf

> Which still leaves the question of why emails to user@myhostname are 
> rejected. 

You are looking at the wrong configuration with the wrong postconf command.

Over and out.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: User unknown in local recipient table (in reply to RCPT TO command)

[Wietse Venema via Postfix-users]

Ken Gillett via Postfix-users:
> The server versions of Postfix are from 2018, whereas the std.
> install is 2020. I know it is supposed to be using the Server
> main.cf, but not yet figured out how to determine the actual file
> that was executed. Can postconf return the path to the executed
> master?

The command "postconf daemon_directory" will return the directory
that contains the Postfix master and other deamon programs.

However, if your system has MORE THAN ONE Postfix installed, then
you need to run the postconf program that matches the running
master daemon.

Run this command as root:

find / -name postconf

> If a new M4 Mini is launched this week, that will be the route to
> release a spare (older) Mini on which to install debian or FreeBSD.
> Not yet sure which, but I can finally dispense with MacOSX Server
> altogether.

Either should work fine as a longer-term solution.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: User unknown in local recipient table (in reply to RCPT TO command)

[Ken Gillett via Postfix-users]

Yes, the login account shortname is simply 'ken'.

Case makes no difference and shouldn't. Anyway I've tried it all every which 
way, so e.g. ken@Home, ken@HoMe etc all work fine. Any address using any case 
variation of myhostname does not.

BTW, hostname returns MacServe.home

I am no longer sure which actual master is running. The launchdaemon.plist 
shows it as:-

Program
/usr/libexec/postfix/master

However I now see that is the std. config for MacOS, and is set to watch for 
mail, start up and process the mail and then quit after 60s. Obviously it is 
not intended as a permanently running server process, so I don't think that is 
what Server actually runs, but so far I've failed to discover how Server starts 
its processes. That LaunchDaemon plist is probably disabled, but I find 
launchctl a PIA to deal with and I can't seem to make it tell me what is 
enabled and what is not.

The server versions of Postfix are from 2018, whereas the std. install is 2020. 
I know it is supposed to be using the Server main.cf, but not yet figured out 
how to determine the actual file that was executed. Can postconf return the 
path to the executed master?

If a new M4 Mini is launched this week, that will be the route to release a 
spare (older) Mini on which to install debian or FreeBSD. Not yet sure which, 
but I can finally dispense with MacOSX Server altogether.


Ken  G i l l e t t

_/_/_/_/_/_/_/_/



> On Mon 28 Oct 2024, at 11:58, Viktor Dukhovni via Postfix-users 
>  wrote:
> 
> On Mon, Oct 28, 2024 at 10:29:20AM +, Ken Gillett wrote:
> 
>>> And what is in your alias table, please report the output of:
>>> 
>>>   $ id ken
>> 
>> uid=xxx(ken) gid=yy(staff)
> 
> So the bare username is a login account.
> 
>>>   $ postconf mail_version append_dot_mydomain \
>>>   alias_maps alias_database local_recipient_maps mydomain myhostname 
>>> myorigin mydestination
>> 
>> mail_version = 2.5.5
> 
> That's certainly not recent. :-(
> 
>> append_dot_mydomain = no
>> alias_maps = hash:/etc/aliases
>> alias_database = hash:/etc/aliases
>> local_recipient_maps = proxy:unix:passwd.byname $alias_maps
>> mydomain = home
>> myhostname = MacServe.home
> 
> Try again, with (lower-case):
> 
>myhostname = macserve.home
> 
> -- 
>Viktor.
> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: User unknown in local recipient table (in reply to RCPT TO command)

[Ken Gillett via Postfix-users]

Does 'postconf daemon_directory' simply return info from the main.cf, or does 
it query the running process to get exactly what is being used?

Yes, on MacOSX Server there are 2 entirely independent installations. The 
standard Mac one plus the Server one. I know where they both are, but I cannot 
find out which master has been executed. It's either in:-

/usr/libexec/postfix/

or

/Applications/Server.app/Contents/ServerRoot/usr/libexec/postfix/

It IS configured to use the Server version of main.cf 

ps -ax | grep master
  349 ??10:57.09 master -c /Library/Server/Mail/Config/postfix

and I am running the Server versions of postconf and postmap, but which version 
of master is being run?

I am now thinking it is the Server version of master that is running, but I 
cannot confirm that as I don't know how Server starts its processes. It cannot 
be using the LaunchDaemon I've found as that is set to quit after 60 seconds. 
Since I don't know how it is started, I can't be sure which master is running.

I've determined that the Server version is 2.5.5 and the Mac std. version is 
3.2.2, but that doesn't help me confirm which master is running.

--later--

I've found how Server starts its processes. In the Server's directory tree 
there's a ServerRoot/LaunchDaemons/ with a couple of plists. One is same idea 
as std. Mac install, set to quit after 60s, but the other is set to run 
permanently like for a Server, so I think that is what is actually running and 
that is the Server version of master.

So I don't think anything is mixed. Everything is the Server version of postfix 
- albeit a bit old.

Which still leaves the question of why emails to user@myhostname are rejected. 
☹️ 



Ken  G i l l e t t

_/_/_/_/_/_/_/_/



> On Mon 28 Oct 2024, at 17:07, Wietse Venema via Postfix-users 
>  wrote:
> 
> The command "" will return the directory
> that contains the Postfix master and other deamon programs.
> 
> However, if your system has MORE THAN ONE Postfix installed, then
> you need to run the postconf program that matches the running
> master daemon.

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: User unknown in local recipient table (in reply to RCPT TO command)

[Eugene R via Postfix-users]

Hello

ps -axww

is supposed to show the full command line

On 28.10.2024 21:08, Ken Gillett via Postfix-users wrote:
Does 'postconf daemon_directory' simply return info from the main.cf, 
or does it query the running process to get exactly what is being used?


Yes, on MacOSX Server there are 2 entirely independent installations. 
The standard Mac one plus the Server one. I know where they both are, 
but I cannot find out which master has been executed. It's either in:-


/usr/libexec/postfix/

or

/Applications/Server.app/Contents/ServerRoot/usr/libexec/postfix/

It IS configured to use the Server version of main.cf

ps -ax | grep master
  349 ??        10:57.09 master -c /Library/Server/Mail/Config/postfix

and I am running the Server versions of postconf and postmap, but 
which version of master is being run?
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: User unknown in local recipient table (in reply to RCPT TO command)

[Bill Cole via Postfix-users]

On 2024-10-28 at 06:01:29 UTC-0400 (Mon, 28 Oct 2024 10:01:29 +)
Ken Gillett via Postfix-users 
is rumored to have said:

I have tried to stick to the Server versions, but I now see I am 
running the std. master, with the daemon_directory and 
config_directory set to the Server versions.


That is almost certain to cause trouble.
Beyond the configuration tangle, the MacOS X Server version of Postfix 
has to be quite outdated at this point. The recent security issues have 
been rather arcane and limited (e.g. SMTP smuggling) but it would be 
wise to run something more current.


So I think it is a little mixed and I should probably try and move it 
all to the std. install and try and ignore all the Server special 
versions.


One way to do that relatively painlessly on a Mac is to use MacPorts. 
They have builds of current open source packages for systems going back 
to Tiger (!) and they keep Postfix and related mail tools current and 
functional.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com 
addresses)

Not Currently Available For Hire
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: User unknown in local recipient table (in reply to RCPT TO command)

[Viktor Dukhovni via Postfix-users]

On Mon, Oct 28, 2024 at 10:29:20AM +, Ken Gillett wrote:

> > And what is in your alias table, please report the output of:
> > 
> >$ id ken
> 
> uid=xxx(ken) gid=yy(staff)

So the bare username is a login account.

> >$ postconf mail_version append_dot_mydomain \
> >alias_maps alias_database local_recipient_maps mydomain myhostname 
> > myorigin mydestination
> 
> mail_version = 2.5.5

That's certainly not recent. :-(

> append_dot_mydomain = no
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> local_recipient_maps = proxy:unix:passwd.byname $alias_maps
> mydomain = home
> myhostname = MacServe.home

Try again, with (lower-case):

myhostname = macserve.home

-- 
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Web api for sending email

[Peter via Postfix-users]

On 28/10/24 22:43, Wesley via Postfix-users wrote:
He had requested to the provider but got no luck. they rejected his 
requests. :)
As a solution I may consider open another port for him rather than the 
default 465/587 for submissions.


Unreasonable, imo that they won't open the ports, but allowing an 
alternative port for him to use is a reasonable solution.  I would 
recommend setting wrappermode for the port because it means that an 
implicit TLS session will be established right away and it should be 
impossible for the host to detect that it's being used for email via 
packet inspection, all they will see is an encrypted connection.


You can easily accomplish this by copying the submissions (or smtps) 
section in your master.cf file and then changing the service name 
(submissions or smtps) to the new port number for the copy.  You're 
customer would set their smtp client to connect to this port and use SSL 
or TLS (but not STARTTLS) for the connection.


Don't forget to poke a hole in your server's firewall for the new port.

Another note that you're not alone here.  I've seen other 
relayhost/smarthost/submission services set up alternative ports on 
their service for the very same reason.



Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: User unknown in local recipient table (in reply to RCPT TO command)

[Ken Gillett via Postfix-users]

I've been testing from my MacPro to the Mini Server (MacServe), but here's some 
further findings:-

So far I've been sending test messages from the MacPro's command-line and as 
I've said:-

user@mydomain works

user@myhostname fails

The my* references are the Server's postfix config parameters (i.e. 'home' and 
'MacServe.home' respectively) and 'user' is any user with a login account on 
that server (MacServe).

If I try sending to the same addresses but using Mail.app, I get the exact same 
results.

Using either method I am unable to test to 'user' as Mail.app won't allow a To 
without an @ (you might remember what I think about that) and on the 
command-line it is simply sent to the local user as they exist on the Server 
and this MacPro.

If I use MacServe's command-line:-

user@mydomain fails with a "loops back to me" error

user@myhostname or just user is not seen by postfix, seemingly handled 
by the unix mail service and in both cases the message is delivered to that 
user's account which can be viewed with command-line 'mail' but doesn't get to 
dovecot, the IMAP service.

What I would like to achieve is that all hosts on the LAN (including MacServe) 
can send a message via command-line 'mail' or an email client app to 
user@myhostname or user@mydomain (again, server's postfix references) which 
ends up in MacServe's dovecot to be accessed by an IMAP client. And…

Command-line 'mail' on any host will also deliver messages To 'user' to that 
local user on that machine.

Currently that mostly works, except when addressed to user@myhostname. When 
sent using MacServe's command-line 'mail', it is snatched up by the unix mail 
system and delivered direct to that account's mailbox, same as for mail 
addressed to 'user' and when sent from any other host on the LAN, it is 
rejected by MacServe.

I'm thinking ahead to new postfix install NOT in MacOS. However, would be great 
if I could fix any of that now,



Ken  G i l l e t t

_/_/_/_/_/_/_/_/



> On Mon 28 Oct 2024, at 03:26, Viktor Dukhovni via Postfix-users 
>  wrote:
> 
> Are the tests performed from the same machine or from anotehr machine on
> the same LAN?

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Choose transport based on multiple conditions

[Benny Pedersen via Postfix-users]

Birta Levente via Postfix-users skrev den 2024-10-28 20:32:

Hello

I have the following situation:
default_transport=smtp
-need to send to domain1 through smtpa, except if the sender is 
from_special then send through smtpb



smtp.smtp
    -o smtp_bind_address=ip1
smtpa . smtp
    -o smtp_bind_address=ip1
    -o ..
smtpb . smtp
    -o smtp_bind_address=ip2
-o 

How can I achive this?


this is what ?

sender_dependent_default_transport_maps =
hash:/etc/postfix/sender_dependent_default_transport_maps

# cat sender_dependent_default_transport_maps

ab...@example.com smtpa:
ab...@example.net smtpb:

whas this the question ?
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Choose transport based on multiple conditions

[Birta Levente via Postfix-users]

Hello

I have the following situation:
default_transport=smtp
-need to send to domain1 through smtpa, except if the sender is 
from_special then send through smtpb



smtp.smtp
    -o smtp_bind_address=ip1
smtpa . smtp
    -o smtp_bind_address=ip1
    -o ..
smtpb . smtp
    -o smtp_bind_address=ip2
-o 

How can I achive this?
Thanks
Levi






___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: User unknown in local recipient table (in reply to RCPT TO command)

[Ken Gillett via Postfix-users]

Thank you for your words of wisdom Wietse. 😉

I rather thought you understood how 'silly' it would be to run a find command 
for postconf as I had already clearly explained (at least 3 times 🙂) I knew 
where both versions were located and always ensured I was running the correct 
one. Apologies if I wasn't clear enough for you. 😉

In any case, to please you I did run it and er, it confirmed what I have been 
saying. 2 postconfs, each in the location I said they were.

I have now established which master is running and unless postfix reads 
configuration from a main.cf other than what it has been told to use when 
executed, I am running the MacOSX Server install of postfix which uses 
/Library/Server/Mail/Config/postfix/main.cf. End of.

However, postfix is still exhibiting errant behaviour:-

user@mydomain works

user@myhostname fails

Help with troubleshooting this issue is much appreciated.

Is there perhaps a postfix utility to which you can pass an address and have it 
spit out exactly how it is dealt with? So it would e.g. reveal what it thinks 
is the domain, what it thinks is the user to be validated. Is there anything 
like that? Currently all I know is that one doesn't work, without any 
indication of what is being done internally and hence resulting in the failure. 
Is there anything really useful like that? 

Otherwise I'll just have to put this down to postfix failure in a Mac Server 
and wait until I can start with a clean install on a *nix replacement server.


Ken  G i l l e t t

_/_/_/_/_/_/_/_/



> On Mon 28 Oct 2024, at 19:00, Wietse Venema via Postfix-users 
>  wrote:
> 
> Ken Gillett via Postfix-users:
>> Does 'postconf daemon_directory' simply return info from the
>> main.cf, or does it query the running process to get exactly what
>> is being used?
> 
> Don't be silly. By design, the postconf command uses the same
> main.cf file as the master daemon.
> 
> If you have more than one Postfix installation, then you need to find the
> postconf command that "belongs" to the same installation as the
> running master daemon.
> 
> Again for the third time.
> 
> As root, execute the command:
> 
> find / -name postconf
> 
>> Which still leaves the question of why emails to user@myhostname are 
>> rejected. 
> 
> You are looking at the wrong configuration with the wrong postconf command.
> 
> Over and out.
> 
>   Wietse
> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Choose transport based on multiple conditions

[Wietse Venema via Postfix-users]

Birta Levente via Postfix-users:
> >> How can I achive this?
> > /etc/postfix/main.cf:
> >  # Limitation: this setting is overruled with FILTER and transport_maps.
> >  sender_dependent_default_transport_maps = inline:{
> >  { u...@example.com = smtpb } }
> 
> Indeed, my problem is this limitation.
> 
> I forgot to mention that I have transport map:
> 
> /domain1/??? smtpa:
> 
> 
> My problem is that I have to slow down the sending rate to domain1, but 
> in the same time I need to segregate (send out on different IP address) 
> based on sender address.
> 
> So, as I understand this is possible only with multi-instance?

main.cf:
# Limitation: this setting is overruled with FILTER om access map
# or header/body_checks.
smtpd_sender_restrictions = inline:{
{ u...@example.com = FILTER smtpb: } }

A less hackey solution would require a transport policy service,
kind of like check_policy_service for the scheduler.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: alternative to one.com ?

[Benny Pedersen via Postfix-users]

Viktor Dukhovni via Postfix-users skrev den 2024-10-28 08:31:
On Sat, Oct 26, 2024 at 08:31:39PM +0200, Benny Pedersen via 
Postfix-users wrote:


i like to stop using one.com for servial ressons, first that do not 
support

rfc 7505, why ?


You mean, I guess, as a DNS provider?


one.com is only registrar and dns provider, all else is not hosted 
one.com



If so most users want email for
their domains, and those that don't probably don't know about 7505.


if one.com did sell mail and webpage seperately it would change imho, 
but yes most people dont know details that much for there domains



And one.com do a good job of hosting email for their customer domains,


good it still not using them for email at all


and even provide DNSSEC/DANE support.


this part is ok


So missing support for publishing
RFC 7505 NULL MX records is a minor nit, but I'll mention it to them,
perhaps it'll go on the list.


if the host does not need to support one more domain in mx, i see no 
point in not telling this domain wants mail, when i had no nullMX there 
was way more spam delivery trys from random ips, so rfc 7505 is helpfull 
for reducing spam, way better then v=spf1 -all is



Are they your registrar, DNS operator, or both?


both for junc.eu, just not for all my custommer domains

and sending bills to dns admins when one.com users is not domain 
owner,

hmm :)


If you're talking about bills for DNS service, as opposed to domain
registration, then perhaps the DNS admin is the right customer contact?


yes the contacts for billing is just me, where i have one single login 
for all, including custommers, this worked very well on gratisdns.dk, 
since domain owners still payed there own registra renews, one.com have 
all billing to me, how could thay make that mistake from migrade 
gratisdns custommers over :(



so is there better places to support registrar payments, and do fully
support dnssec


A lot depends on what services you're looking for.  Do you want just
DNS, web hosting, email hosting, or perhaps, if you're looking for RFC
7505 support, you're looking for registration? and DNS? for non-email
domains?


linode.com miss dnssec, and registrar, then if this was possible with 
linode it would not need for me to use any other service providers, when 
i started using linode thay had not rfc 7505, but i asked for this, and 
it was implented in 14 days, i call this way better service then other 
say it not supported, incl one.com


i will test this here https://www.cloudflare.com/products/registrar/ 
with a spare domain setup, if it is what i need then i will move to 
them, and possible talk with one.com and linode if thay can make it 
better



thats all i really need, i still miss gratisdns.dk with did a great
job while i was there


The gratis DNS service was moribund on autopilot, not surprising for
a free service.  Lots of legacy needed to be cleaned up, still some
512-bit RSA DNSSEC keys left over last time I looked.


ah, i talke many times with Peter about FreeBSD installed from 2 paer of 
1440 kb install disks to freebsd 4.9 was my real first mailserver 
running on adsl with 512/128 kb land lines, many things have changed 
since

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org