Connection timeout when trying to send email to gmail address
iqb...@improvise:~$ echo this is a test | mailx -s email vad...@gmail.com
iqb...@improvise:~$ tail -f /var/log/mail.info
Dec 18 23:01:16 improvise nullmailer[4322]: Rescanning queue.
Dec 18 23:02:48 improvise postfix/master[5024]: daemon started --
version 2.5.5, configuration /etc/postfix
Dec 18 23:04:26 improvise postfix/pickup[5025]: CB66F10E395: uid=1000
from=
Dec 18 23:04:26 improvise postfix/cleanup[5236]: CB66F10E395:
message-id=<20081219040426.cb66f10e...@improvise.lan>
Dec 18 23:04:26 improvise postfix/qmgr[5027]: CB66F10E395:
from=, size=348, nrcpt=1 (queue active)
Dec 18 23:04:56 improvise postfix/smtp[5238]: connect to
gmail-smtp-in.l.google.com[74.125.47.27]:25: Connection timed out
Dec 18 23:05:26 improvise postfix/smtp[5238]: connect to
alt1.gmail-smtp-in.l.google.com[209.85.133.27]:25: Connection timed
out
Dec 18 23:05:56 improvise postfix/smtp[5238]: connect to
alt2.gmail-smtp-in.l.google.com[209.85.135.27]:25: Connection timed
out
Dec 18 23:06:26 improvise postfix/smtp[5238]: connect to
alt1.gmail-smtp-in.l.google.com[209.85.133.114]:25: Connection timed
out
Dec 18 23:06:56 improvise postfix/smtp[5238]: connect to
alt2.gmail-smtp-in.l.google.com[209.85.135.114]:25: Connection timed
out
Dec 18 23:06:56 improvise postfix/smtp[5238]: CB66F10E395:
to=, relay=none, delay=150, delays=0.04/0.01/150/0,
dsn=4.4.1, status=deferred (connect to
alt2.gmail-smtp-in.l.google.com[209.85.135.114]:25: Connection timed
out)
Here is the config, I picked Internet Site during postfix pkg
installation on ubuntu
iqb...@improvise:~$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = improvise.lan, localhost.lan, , localhost
myhostname = improvise.lan
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: Connection timeout when trying to send email to gmail address
On Fri, Dec 19, 2008 at 12:04 AM, Sahil Tandon wrote: > Asif Iqbal wrote: > >> iqb...@improvise:~$ echo this is a test | mailx -s email vad...@gmail.com >> iqb...@improvise:~$ tail -f /var/log/mail.info >> Dec 18 23:01:16 improvise nullmailer[4322]: Rescanning queue. >> Dec 18 23:02:48 improvise postfix/master[5024]: daemon started -- >> version 2.5.5, configuration /etc/postfix >> Dec 18 23:04:26 improvise postfix/pickup[5025]: CB66F10E395: uid=1000 >> from= >> Dec 18 23:04:26 improvise postfix/cleanup[5236]: CB66F10E395: >> message-id=<20081219040426.cb66f10e...@improvise.lan> >> Dec 18 23:04:26 improvise postfix/qmgr[5027]: CB66F10E395: >> from=, size=348, nrcpt=1 (queue active) >> Dec 18 23:04:56 improvise postfix/smtp[5238]: connect to >> gmail-smtp-in.l.google.com[74.125.47.27]:25: Connection timed out >> Dec 18 23:05:26 improvise postfix/smtp[5238]: connect to >> alt1.gmail-smtp-in.l.google.com[209.85.133.27]:25: Connection timed >> out >> Dec 18 23:05:56 improvise postfix/smtp[5238]: connect to >> alt2.gmail-smtp-in.l.google.com[209.85.135.27]:25: Connection timed > > It appears your ISP blocks outgoing connections on port 25 to IPs other > than its own MX. Can you telnet to those gmail MXs? You should see > something like: You are right I cannot talk to any domain's MX. My ISP is cox and I cannot even talk to their two MXs on port 25. I guess I could do a nmap to find what port they are using for MX. They might require some authentication. I have no idea what my login is to my cox account. > > % telnet 209.85.133.27 25 > Trying 209.85.133.27... > Connected to an-in-f27.google.com. > Escape character is '^]'. > 220 mx.google.com ESMTP d38si5830405and.43 > > Also see: > http://www.postfix.org/postconf.5.html#relayhost Relay Host would probably be my only option. However using postfix relay with gmail seems to be a *lot* of work > > -- > Sahil Tandon > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: Connection timeout when trying to send email to gmail address
On Fri, Dec 19, 2008 at 6:05 AM, Sahil Tandon wrote: > Asif Iqbal wrote: > >> You are right I cannot talk to any domain's MX. My ISP is cox and I cannot >> even talk to their two MXs on port 25. I guess I could do a nmap to find >> what port they are using for MX. They might require some authentication. >> I have no idea what my login is to my cox account. > > Neither smtp.east.cox.net nor smtp.west.cox.net work for you? Perhaps > the mx.*.cox.net servers are for incoming *only*. But I am just > speculating -- best to verify this with your ISP. I will try again when I get to work. > >> > Also see: >> > http://www.postfix.org/postconf.5.html#relayhost >> >> Relay Host would probably be my only option. However using postfix relay with >> gmail seems to be a *lot* of work > > It is not a lot of work at all; what gave you the assumption that it is? This url suggests so. http://prantran.blogspot.com/2007/01/getting-postfix-to-work-on-ubuntu-with.html I could skip the signing part and just a .pem file. But seems like I will also need a Thawte certificate. Well it is doable but not a snap like install nullmailer and stunnel and just create a fake circitificate and talk to gmail on port 465. :-) I will try the gmail as relayhost > > -- > Sahil Tandon > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: Connection timeout when trying to send email to gmail address
On Fri, Dec 19, 2008 at 12:46 PM, Wietse Venema wrote: > Asif Iqbal: >> I could skip the signing part and just a .pem file. But seems like I >> will also need a Thawte certificate. > > You need no certificate to SEND mail. I am trying to use gmail as my relayhost. I cannot just send mail to gmail without a relay host, my ISP does not handle it right, as shown in my original email > > Wietse > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: Connection timeout when trying to send email to gmail address
On Fri, Dec 19, 2008 at 12:54 PM, Sahil Tandon wrote: > On Dec 19, 2008, at 10:59 AM, "Asif Iqbal" wrote: > >> On Fri, Dec 19, 2008 at 6:05 AM, Sahil Tandon wrote: >>> >>> Asif Iqbal wrote: >>> >>>> You are right I cannot talk to any domain's MX. My ISP is cox and I >>>> cannot >>>> even talk to their two MXs on port 25. I guess I could do a nmap to find >>>> what port they are using for MX. They might require some authentication. >>>> I have no idea what my login is to my cox account. >>> >>> Neither smtp.east.cox.net nor smtp.west.cox.net work for you? Perhaps >>> the mx.*.cox.net servers are for incoming *only*. But I am just >>> speculating -- best to verify this with your ISP. >> >> I will try again when I get to work. >> >>> >>>>> Also see: >>>>> http://www.postfix.org/postconf.5.html#relayhost >>>> >>>> Relay Host would probably be my only option. However using postfix relay >>>> with >>>> gmail seems to be a *lot* of work >>> >>> It is not a lot of work at all; what gave you the assumption that it is? >> >> This url suggests so. >> >> http://prantran.blogspot.com/2007/01/getting-postfix-to-work-on-ubuntu-with.html >> >> I could skip the signing part and just a .pem file. But seems like I >> will also need a Thawte certificate. >> >> Well it is doable but not a snap like install nullmailer and stunnel >> and just create a fake circitificate >> and talk to gmail on port 465. :-) >>> > > No need to jump through such hoops. You do not need certs or .pem files to > relay through gmail. Search the archives of this mailing list for examples, No cert needed to relay through gmail? Let me dig in the mailing list. I guess that is what Wietse Venema meant in his reply. Sorry if I misunderstood > and discard that tutorial! > > -- > Sahil Tandon > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: Connection timeout when trying to send email to gmail address
On Fri, Dec 19, 2008 at 1:15 PM, Victor Duchovni wrote: > On Fri, Dec 19, 2008 at 01:06:21PM -0500, Asif Iqbal wrote: > >> On Fri, Dec 19, 2008 at 12:46 PM, Wietse Venema wrote: >> > Asif Iqbal: >> >> I could skip the signing part and just a .pem file. But seems like I >> >> will also need a Thawte certificate. >> > >> > You need no certificate to SEND mail. >> >> I am trying to use gmail as my relayhost. I cannot just send mail to >> gmail without a relay host, my ISP does not handle it right, as shown >> in my original email > > Why so much effort to make a SOHO linux box relay email to gmail? Why > does it need to be an MTA at all? You may guess that a frequent Postfix > contributor I would run Postfix on the machines at home, but I don't run > an MTA at all. I use an IMAP client to read mail, and the mail reader > (Thunderbird and Mail.app) submits SMTP to externally operated servers. No > at-home SMTP servers. > > If you know what you are doing, and have advanced configuration > requirements that mandate a local MTA, by all means run Postfix at home. > I know what I am doing. I want my server to send me alert to my pager (my pager has a email address) or some other address that I choose When my server wants to send email my ISP gets on the way. For details read my original email I can achieve that same using nullmailer and stunnel. But I like to achieve the same thing with postfix. So only constructive and to the point feedback is appreciated just like the author of postfix is doing here. Thanks > In this case, I suspect that at least one of the above two conditions I am not just a user who just want to read email. For that I have gmail. > is not met, and the OP is better off using professionally operatd MTAs. Useless advise really. > > -- >Viktor. > > Disclaimer: off-list followups get on-list replies or get ignored. > Please do not ignore the "Reply-To" header. > > To unsubscribe from the postfix-users list, visit > http://www.postfix.org/lists.html or click the link below: > <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> > > If my response solves your problem, the best way to thank me is to not > send an "it worked, thanks" follow-up. If you must respond, please put > "It worked, thanks" in the "Subject" so I can delete these quickly. > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: Connection timeout when trying to send email to gmail address
On Fri, Dec 19, 2008 at 2:08 PM, Victor Duchovni wrote: > On Fri, Dec 19, 2008 at 01:52:11PM -0500, Asif Iqbal wrote: > >> >> Useless advise really. > > The pointer to SOHO_README.html was provided upstream. This contains > references to all the information you need to configure a home MTA if > that is indeed the right answer to your question. I will go look for that readme file. But I don't want to receive email from outside. It will queue and deliver locally or remotely. > > I'd also look for an HTTP interface to the pager. If that exists, just > use that. curl(1) is pretty good at filling in "forms" and can deal > with login forms, cookies, https, ... I am good there. Thanks > > -- >Viktor. > > Disclaimer: off-list followups get on-list replies or get ignored. > Please do not ignore the "Reply-To" header. > > To unsubscribe from the postfix-users list, visit > http://www.postfix.org/lists.html or click the link below: > <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> > > If my response solves your problem, the best way to thank me is to not > send an "it worked, thanks" follow-up. If you must respond, please put > "It worked, thanks" in the "Subject" so I can delete these quickly. > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: Connection timeout when trying to send email to gmail address
On Fri, Dec 19, 2008 at 1:16 PM, Wietse Venema wrote: > Asif Iqbal: >> On Fri, Dec 19, 2008 at 12:46 PM, Wietse Venema wrote: >> > Asif Iqbal: >> >> I could skip the signing part and just a .pem file. But seems like I >> >> will also need a Thawte certificate. >> > >> > You need no certificate to SEND mail. >> >> I am trying to use gmail as my relayhost. I cannot just send mail to >> gmail without a relay host, my ISP does not handle it right, as shown >> in my original email > > You need SSL to send mail through gmail. How do I test the SSL ? I go this with openssl iqb...@ghar:~$ openssl s_client -connect smtp.gmail.com:587 CONNECTED(0003) 23864:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:583: > > You need NO SSL certificate to send mail through gmail. > >Wietse > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: Connection timeout when trying to send email to gmail address
On Fri, Dec 19, 2008 at 4:41 PM, Victor Duchovni wrote: > On Fri, Dec 19, 2008 at 04:32:55PM -0500, Asif Iqbal wrote: > >> How do I test the SSL ? >> >> I go this with openssl >> >> iqb...@ghar:~$ openssl s_client -connect smtp.gmail.com:587 > > You forgot "-starttls smtp". But gmail's SSL works, you don't really Just for the sake of some troubleshooting tips really. I tried with -starttls smtp (iqbala)@scrub:~$ openssl s_client -starttls smtp -connect smtp.gmail.com:587 CONNECTED(0004) 14859:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../../../../common/openssl/ssl/s23_clnt.c:567: (iqbala)@scrub:~$ openssl s_client -connect smtp.gmail.com:587 CONNECTED(0004) 14862:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../../../../common/openssl/ssl/s23_clnt.c:567: (iqbala)@scrub:~$ openssl s_client -connect smtp.gmail.com:587 -starttls smtp CONNECTED(0004) 14863:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../../../../common/openssl/ssl/s23_clnt.c:567: And same result > need to test it. Just set: > >smtp_tls_security_level = encrypt Thanks, I will put that in > > unless you want to check gmail's cert (prevent MITM), in which case > you'll to set CAfile or CApath and have the right root CA certs there... > That'll be the Thawte root CA based on the below (no the cert below is > not the root CA cert, it is Gmail's cert): > > [ Sorry, smtp-finger(1) is not available to the public yet. Perhaps in 2.7 ] > > smtp-finger: Connected to smtp.gmail.com[74.125.45.111]:587 > smtp-finger: < 220 mx.google.com ESMTP 33sm11443776yxr.12 > smtp-finger: > EHLO amnesiac.ms.com > smtp-finger: < 250-mx.google.com at your service, [192.0.2.1] > smtp-finger: < 250-SIZE 35651584 > smtp-finger: < 250-8BITMIME > smtp-finger: < 250-STARTTLS > smtp-finger: < 250 ENHANCEDSTATUSCODES > smtp-finger: > STARTTLS > smtp-finger: < 220 2.0.0 Ready to start TLS > smtp-finger: smtp.gmail.com[74.125.45.111]:587 Matched CommonName > smtp.gmail.com > smtp-finger: smtp.gmail.com[74.125.45.111]:587: Matched > subject_CN=smtp.gmail.com, issuer_CN=Thawte Premium Server CA > smtp-finger: smtp.gmail.com[74.125.45.111]:587 sha1 fingerprint > 5E:F7:E8:CE:1A:BE:D8:94:F2:77:45:5D:ED:38:46:4F:5D:D1:97:61 > smtp-finger: Verified TLS connection established to > smtp.gmail.com[74.125.45.111]:587: TLSv1 with cipher RC4-MD5 (128/128 bits) > --- > Certificate chain > 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com > i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification > Services Division/CN=Thawte Premium Server > CA/emailaddress=premium-ser...@thawte.com > -BEGIN CERTIFICATE- > MIIDYzCCAsygAwIBAgIQUR2EgGT4+hGKEhCgLMX2sjANBgkqhkiG9w0BAQUFADCB > zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ > Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE > CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh > d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl > cnZlckB0aGF3dGUuY29tMB4XDTA3MDczMDAwMDAwMFoXDTEwMDcyOTIzNTk1OVow > aDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v > dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxFzAVBgNVBAMTDnNtdHAu > Z21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD+RiG+G3Mo9Q9C > tcwDjpp6dJGifjiR5M2DbEbrsIOlth80nk5A7xstKCUfKobHkf/G9Y/DO24JP5yT > s3hWep05ybyiCmOzGL5K0zy3jIq0vOWy+4pLv2GsDjYi9mQBhobAAx3z38tTrTL+ > WF4p0/Kl014+wnukIpj4MdF35rIkgQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsG > AQUFBwMBBggrBgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRo > YXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgEFBQcBAQQm > MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/ > BAIwADANBgkqhkiG9w0BAQUFAAOBgQBeNYOZwMVQ7bd6b4sueAkgm57Cyv2p1Xv1 > 52e8bLnWqd03mWgn/+TQtrwbE1E6pVuQaZJY33ILpt8IfzwVf2TGQI+M5yazZ2fC > xwArHo20iAss3MLQR8tDXWfBoH2Lk9BBsEKDRP4hp83yfpZgdY3pinHTCbqHpsiS > v97epiiFBA== > -END CERTIFICATE- > > -- >Viktor. > > Disclaimer: off-list followups get on-list replies or get ignored. > Please do not ignore the "Reply-To" header. > > To unsubscribe from the postfix-users list, visit > http://www.postfix.org/lists.html or click the link below: > <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> > > If my response solves your problem, the best way to thank me is to not > send an "it worked, thanks" follow-up. If you must respond, please put > "It worked, thanks" in the "Subject" so I can delete these quickly. > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: Connection timeout when trying to send email to gmail address
On Fri, Dec 19, 2008 at 6:06 PM, Noel Jones wrote: > Asif Iqbal wrote: >> >> On Fri, Dec 19, 2008 at 4:41 PM, Victor Duchovni >> wrote: >>> >>> On Fri, Dec 19, 2008 at 04:32:55PM -0500, Asif Iqbal wrote: >>> >>>> How do I test the SSL ? >>>> >>>> I go this with openssl >>>> >>>> iqb...@ghar:~$ openssl s_client -connect smtp.gmail.com:587 >>> >>> You forgot "-starttls smtp". But gmail's SSL works, you don't really >> >> Just for the sake of some troubleshooting tips really. I tried with >> -starttls smtp >> >> (iqbala)@scrub:~$ openssl s_client -starttls smtp -connect >> smtp.gmail.com:587 >> CONNECTED(0004) >> 14859:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >> protocol:../../../../common/openssl/ssl/s23_clnt.c:567: >> (iqbala)@scrub:~$ openssl s_client -connect smtp.gmail.com:587 >> CONNECTED(0004) >> 14862:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >> protocol:../../../../common/openssl/ssl/s23_clnt.c:567: >> (iqbala)@scrub:~$ openssl s_client -connect smtp.gmail.com:587 -starttls >> smtp >> CONNECTED(0004) >> 14863:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >> protocol:../../../../common/openssl/ssl/s23_clnt.c:567: >> >> And same result > > I can cut-n-paste the command you show above and it works here. Either your > OpenSSL is broken or something (firewall, proxy, ...) is interfering with > the TCP stream. You are correct. However it is working just fine from my home computer with is behind my ISP iqb...@improvise:~$ openssl s_client -starttls smtp -connect smtp.gmail.com:587 CONNECTED(0003) depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailaddress=premium-ser...@thawte.com --- Server certificate -BEGIN CERTIFICATE- MIIDYzCCAsygAwIBAgIQUR2EgGT4+hGKEhCgLMX2sjANBgkqhkiG9w0BAQUFADCB zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl cnZlckB0aGF3dGUuY29tMB4XDTA3MDczMDAwMDAwMFoXDTEwMDcyOTIzNTk1OVow aDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxFzAVBgNVBAMTDnNtdHAu Z21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD+RiG+G3Mo9Q9C tcwDjpp6dJGifjiR5M2DbEbrsIOlth80nk5A7xstKCUfKobHkf/G9Y/DO24JP5yT s3hWep05ybyiCmOzGL5K0zy3jIq0vOWy+4pLv2GsDjYi9mQBhobAAx3z38tTrTL+ WF4p0/Kl014+wnukIpj4MdF35rIkgQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsG AQUFBwMBBggrBgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRo YXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgEFBQcBAQQm MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/ BAIwADANBgkqhkiG9w0BAQUFAAOBgQBeNYOZwMVQ7bd6b4sueAkgm57Cyv2p1Xv1 52e8bLnWqd03mWgn/+TQtrwbE1E6pVuQaZJY33ILpt8IfzwVf2TGQI+M5yazZ2fC xwArHo20iAss3MLQR8tDXWfBoH2Lk9BBsEKDRP4hp83yfpZgdY3pinHTCbqHpsiS v97epiiFBA== -END CERTIFICATE- subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailaddress=premium-ser...@thawte.com --- No client certificate CA names sent --- SSL handshake has read 1213 bytes and written 335 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: RC4-MD5 Session-ID: 2A295B08B3AAD9DD80DA03269DBA81FD10965C6B0569FC15FA4F3CE2C95BE3C4 Session-ID-ctx: Master-Key: C3BB17B35A63703F03F8CA773FA8876678B3DEA1F58C381E1703B00681B15EE6058E46DA97E958A8DE7D4235CC5A503E Key-Arg : None Start Time: 1229729743 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- 250 ENHANCEDSTATUSCODES Sweet!! > > What if you > telnet smtp.gmail.com 587 > and type EHLO somename > > From here: > $ # telnet smtp.gmail.com 587 > Trying 66.249.93.111... > Connected to gmail-smtp-msa.l.google.com. > Escape character is '^]'. > 220 mx.google.co
Re: Connection timeout when trying to send email to gmail address
On Fri, Dec 19, 2008 at 6:06 PM, Noel Jones wrote: > Asif Iqbal wrote: >> >> On Fri, Dec 19, 2008 at 4:41 PM, Victor Duchovni >> wrote: >>> >>> On Fri, Dec 19, 2008 at 04:32:55PM -0500, Asif Iqbal wrote: >>> >>>> How do I test the SSL ? >>>> >>>> I go this with openssl >>>> >>>> iqb...@ghar:~$ openssl s_client -connect smtp.gmail.com:587 >>> >>> You forgot "-starttls smtp". But gmail's SSL works, you don't really >> >> Just for the sake of some troubleshooting tips really. I tried with >> -starttls smtp >> >> (iqbala)@scrub:~$ openssl s_client -starttls smtp -connect >> smtp.gmail.com:587 >> CONNECTED(0004) >> 14859:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >> protocol:../../../../common/openssl/ssl/s23_clnt.c:567: >> (iqbala)@scrub:~$ openssl s_client -connect smtp.gmail.com:587 >> CONNECTED(0004) >> 14862:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >> protocol:../../../../common/openssl/ssl/s23_clnt.c:567: >> (iqbala)@scrub:~$ openssl s_client -connect smtp.gmail.com:587 -starttls >> smtp >> CONNECTED(0004) >> 14863:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown >> protocol:../../../../common/openssl/ssl/s23_clnt.c:567: >> >> And same result > > I can cut-n-paste the command you show above and it works here. Either your > OpenSSL is broken or something (firewall, proxy, ...) is interfering with > the TCP stream. > > What if you > telnet smtp.gmail.com 587 > and type EHLO somename this works too from my home computer behind my ISP. awesome! iqb...@improvise:~$ telnet smtp.gmail.com 587 Trying 209.85.163.109... Connected to gmail-smtp-msa.l.google.com. Escape character is '^]'. 220 mx.google.com ESMTP v26sm3809002ele.4 ehlo myhost 250-mx.google.com at your service, [68.98.177.71] 250-SIZE 35651584 250-8BITMIME 250-STARTTLS 250 ENHANCEDSTATUSCODES starttls 220 2.0.0 Ready to start TLS > > From here: > $ # telnet smtp.gmail.com 587 > Trying 66.249.93.111... > Connected to gmail-smtp-msa.l.google.com. > Escape character is '^]'. > 220 mx.google.com ESMTP i30sm4121152ugd.30 > ehlo testing > 250-mx.google.com at your service, [65.83.58.34] > 250-SIZE 35651584 > 250-8BITMIME > 250-STARTTLS > 250 ENHANCEDSTATUSCODES > starttls > 220 2.0.0 Ready to start TLS > > (after this nothing will work since you aren't speaking TLS - they will > disconnect after several seconds.) > > Maybe a broken firewall is eating the EHLO command or STARTTLS. > > > -- > Noel Jones > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: Connection timeout when trying to send email to gmail address
On Fri, Dec 19, 2008 at 5:32 PM, Wietse Venema wrote:
> Asif Iqbal:
>> > need to test it. Just set:
>> >
>> >smtp_tls_security_level = encrypt
>>
>> Thanks, I will put that in
>
> Just checked here that Postfix can talk SSL with [smtp.gmail.com]:587
> just fine. But you need to set up client-side SASL authentication.
I did but still failing to relay through gmail
Dec 20 14:24:32 improvise postfix/qmgr[19372]: 4238710E3AA:
from=, size=444, nrcpt=1 (queue active)
Dec 20 14:24:32 improvise postfix/smtp[19431]: 4238710E3AA:
to=, relay=smtp.gmail.com[209.85.163.109]:587,
delay=0.31, delays=0.03/0.08/0.16/0.04, dsn=5.7.0, status=bounced
(host smtp.gmail.com[209.85.163.109] said: 530 5.7.0 Must issue a
STARTTLS command first. h27sm3099851elf.16 (in reply to MAIL FROM
command))
Here are my configs
iqb...@improvise:~$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = loopback-only
inet_protocols = ipv4
mailbox_size_limit = 0
mydestination = improvise.lan, localhost.lan, , localhost
myhostname = improvise.lan
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = [smtp.gmail.com]:submission
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
iqb...@improvise:~$ cat /etc/postfix/sasl_passwd
[smtp.gmail.com]:submission vadud3:mygmailpassword
I followed this
http://www.postfix.org/SASL_README.html#client_sasl
>
>Wietse
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: Connection timeout when trying to send email to gmail address
On Sat, Dec 20, 2008 at 7:51 PM, Sahil Tandon wrote:
> Asif Iqbal wrote:
>
>> I did but still failing to relay through gmail
>>
>> Dec 20 14:24:32 improvise postfix/qmgr[19372]: 4238710E3AA:
>> from=, size=444, nrcpt=1 (queue active)
>> Dec 20 14:24:32 improvise postfix/smtp[19431]: 4238710E3AA:
>> to=, relay=smtp.gmail.com[209.85.163.109]:587,
>> delay=0.31, delays=0.03/0.08/0.16/0.04, dsn=5.7.0, status=bounced
>> (host smtp.gmail.com[209.85.163.109] said: 530 5.7.0 Must issue a
>> STARTTLS command first. h27sm3099851elf.16 (in reply to MAIL FROM
>> command))
>>
>> Here are my configs
>>
>> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
>> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
>
> These two are unnecessary; delete them.
>
>> smtpd_tls_security_level = encrypt
>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>> smtpd_use_tls = yes
>
> smtpd != smtp. You need the latter.
still failing.
Dec 20 21:25:19 improvise postfix/pickup[6719]: 9E9F510E7DF: uid=1000
from=
Dec 20 21:25:19 improvise postfix/cleanup[7155]: 9E9F510E7DF:
message-id=<20081221022519.9e9f510e...@improvise.lan>
Dec 20 21:25:19 improvise postfix/qmgr[6721]: 9E9F510E7DF:
from=, size=443, nrcpt=1 (queue active)
Dec 20 21:25:19 improvise postfix/smtp[7157]: certificate verification
failed for smtp.gmail.com[74.125.45.111]:587: untrusted issuer
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailaddress=premium-ser...@thawte.com
Dec 20 21:25:19 improvise postfix/smtp[7157]: warning: SASL
authentication failure: No worthy mechs found
Dec 20 21:25:19 improvise postfix/smtp[7157]: 9E9F510E7DF: SASL
authentication failed; cannot authenticate to server
smtp.gmail.com[74.125.45.111]: no mechanism available
Dec 20 21:25:20 improvise postfix/smtp[7157]: certificate verification
failed for smtp.gmail.com[74.125.45.109]:587: untrusted issuer
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailaddress=premium-ser...@thawte.com
Dec 20 21:25:20 improvise postfix/smtp[7157]: warning: SASL
authentication failure: No worthy mechs found
Dec 20 21:25:20 improvise postfix/smtp[7157]: 9E9F510E7DF:
to=, relay=smtp.gmail.com[74.125.45.109]:587,
delay=0.68, delays=0.04/0.02/0.63/0, dsn=4.7.0, status=deferred (SASL
authentication failed; cannot authenticate to server
smtp.gmail.com[74.125.45.109]: no mechanism available)
So I tried the openssl test and looks like I need a real certificate?!
iqb...@improvise:~$ openssl s_client -starttls smtp -connect smtp.gmail.com:587
CONNECTED(0003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailaddress=premium-ser...@thawte.com
---
Server certificate
-BEGIN CERTIFICATE-
MIIDYzCCAsygAwIBAgIQUR2EgGT4+hGKEhCgLMX2sjANBgkqhkiG9w0BAQUFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tMB4XDTA3MDczMDAwMDAwMFoXDTEwMDcyOTIzNTk1OVow
aDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v
dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxFzAVBgNVBAMTDnNtdHAu
Z21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD+RiG+G3Mo9Q9C
tcwDjpp6dJGifjiR5M2DbEbrsIOlth80nk5A7xstKCUfKobHkf/G9Y/DO24JP5yT
s3hWep05ybyiCmOzGL5K0zy3jIq0vOWy+4pLv2GsDjYi9mQBhobAAx3z38tTrTL+
WF4p0/Kl014+wnukIpj4MdF35rIkgQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRo
YXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgEFBQcBAQQm
MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/
BAIwADANBgkqhkiG9w0BAQUFAAOBgQBeNYOZwMVQ7bd6b4sueAkgm57Cyv2p1Xv1
52e8bLnWqd03mWgn/+TQtrwbE1E6pVuQaZJY33ILpt8IfzwVf2TGQI+M5yazZ2fC
xwArHo20iAss3MLQR8tDXWfBoH2Lk9BBsEKDRP4hp83yfpZgdY3pinHTCbqHpsiS
v97epiiFBA==
-END CERTIFICATE-
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailaddress=premium-ser
Re: Connection timeout when trying to send email to gmail address
On Sat, Dec 20, 2008 at 9:41 PM, Wietse Venema wrote:
> Asif Iqbal:
>> Dec 20 21:25:20 improvise postfix/smtp[7157]: warning: SASL
>> authentication failure: No worthy mechs found
>
> This means that the SASL (NOT: SSL) mechanisms are not properly
> configured.
>
>> So I tried the openssl test and looks like I need a real certificate?!
>
> No, you need to fix the SASL (NOT: SSL) details.
>
> Output from:
>
> postconf -n |grep sasl
>
> Very likely you need to set
>
> /etc/postfix/main.cf:
>smtp_sasl_tls_security_options = noanonymous
That was it and it is working now. Wow! Thanks!!
Dec 20 21:58:08 improvise postfix/pickup[7939]: C429F10E3B0: uid=1000
from=
Dec 20 21:58:08 improvise postfix/cleanup[7951]: C429F10E3B0:
message-id=<20081221025808.c429f10e...@improvise.lan>
Dec 20 21:58:08 improvise postfix/qmgr[7941]: C429F10E3B0:
from=, size=445, nrcpt=1 (queue active)
Dec 20 21:58:09 improvise postfix/smtp[7986]: certificate verification
failed for smtp.gmail.com[209.85.163.109]:587: untrusted issuer
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailaddress=premium-ser...@thawte.com
Dec 20 21:58:10 improvise postfix/smtp[7986]: C429F10E3B0:
to=, relay=smtp.gmail.com[209.85.163.109]:587,
delay=1.9, delays=0.04/0/0.95/0.96, dsn=2.0.0, status=sent (250 2.0.0
OK 1229828290 t26sm7000666ele.17)
Dec 20 21:58:10 improvise postfix/qmgr[7941]: C429F10E3B0: removed
Here is my working postfix main.conf
iqb...@improvise:~$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = loopback-only
inet_protocols = ipv4
mailbox_size_limit = 0
mydestination = improvise.lan, localhost.lan, , localhost
myhostname = improvise.lan
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = [smtp.gmail.com]:submission
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
I wonder if I make the config file even smaller. I am just using it to
send mail to local and remote addresses
using gmail as relayhost. I don't want to receive any email from
outside. I like to listen to port 25 only on loopback
interface
Thanks again.
I am little confused with SASL and TLS. I guess I have to hit the wikipedia ;-)
>
> (the default is to disallow plaintext login mechanisms).
>
>Wietse
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: howto setup outgoing port to 587 ?
On Sun, Dec 21, 2008 at 7:02 PM, sean darcy wrote:
> I've have an asterisk voip server that receives faxes and converts them to
> pdf. What I then want to do is email the pdf's to my two mailboxes - one on
> 1and1.com, the other on gmail.
>
> My ISP, ATT blocks port 25. I think if I just send the email to port 587 (
> which is how I've configured Thunderbird ) this should work.
>
> I'm using Fedora 9, which come with sendmail as the default MTA. I've spent
> a lot of time avoiding learning how to use or configure an MTA. Looking at
> the sendmail docs, it's clear postfix is a _lot_ easier to configure. So,
> I'm switching.
>
> But I still haven't figured out how to just set the outgoing port to 587.
easy.
Just make sure you have it configured main.cf like something similar to this
relayhost = [smtp.gmail.com]:submission
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
And your sasl_passwd like this
[smtp.gmail.com]:submission gmailusername:gmailpassword
Then run `postmap /etc/postfix/sasl_passwd' followed by restarting postfix
That's it
>
> Any help appreciated.
>
> sean
>
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
localhost and smarthost
Hi All
All my email gets relayed thru gmail as it should. But how do I tell
it to send all localemails to local spool and not send it to gmail?
My laptop does not have any valid domain
My postfix configured like this
iqb...@ghar-iqbala:~$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = ghar, ghar-iqbala, localhost.localdomain, localhost
myhostname = ghar-iqbala
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
readme_directory = no
recipient_delimiter = +
relayhost = [smtp.gmail.com]:submission
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: localhost and smarthost
On Sun, Jan 4, 2009 at 6:11 AM, mouss wrote:
> Asif Iqbal a écrit :
>> Hi All
>>
>> All my email gets relayed thru gmail as it should. But how do I tell
>> it to send all localemails to local spool and not send it to gmail?
I see qmgr sends the mail to smtp and local like in this flowchart
http://www.postfix.org/OVERVIEW.html#delivering
How do I tell qmgr which one should be delivered to local and which one to smtp?
>>
>
> what kind of "localemails"? if these use a local domain, add the domain
> to mydestination. if they use an external domain, use
> virtual_alias_maps. for example:
>
> vad...@gmail.comiq...@localhost
>
>
>> My laptop does not have any valid domain
>>
>
> You could get a free one at dyndns.
>
>> My postfix configured like this
>>
>> iqb...@ghar-iqbala:~$ postconf -n
>> alias_database = hash:/etc/aliases
>> alias_maps = hash:/etc/aliases
>> append_dot_mydomain = no
>> biff = no
>> config_directory = /etc/postfix
>> inet_interfaces = all
>> mailbox_size_limit = 0
>> mydestination = ghar, ghar-iqbala, localhost.localdomain, localhost
>> myhostname = ghar-iqbala
>
> myhostname should be fqdn.
>
>> mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
>> readme_directory = no
>> recipient_delimiter = +
>> relayhost = [smtp.gmail.com]:submission
>> smtp_sasl_auth_enable = yes
>> smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
>> smtp_sasl_security_options = noanonymous
>> smtp_sasl_type = cyrus
>> smtp_tls_security_level = encrypt
>> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>> smtp_use_tls = yes
>> smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
>> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
>> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>> smtpd_use_tls = yes
>>
>>
>>
>
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: localhost and smarthost
On Sun, Jan 4, 2009 at 2:43 PM, mouss wrote: > Asif Iqbal a écrit : >> On Sun, Jan 4, 2009 at 6:11 AM, mouss wrote: >>> Asif Iqbal a écrit : >>>> Hi All >>>> >>>> All my email gets relayed thru gmail as it should. But how do I tell >>>> it to send all localemails to local spool and not send it to gmail? >> >> I see qmgr sends the mail to smtp and local like in this flowchart >> >> http://www.postfix.org/OVERVIEW.html#delivering >> >> How do I tell qmgr which one should be delivered to local and which one to >> smtp? >> > > maybe by reading what I said? or should I repeat? if so, let's go: ok have a chill pill while I answer your question > > - what do you mean by "localemails"? which mail do you want to deliver > locally? I meant mails for local domain. My laptop does not really have a valid domain name. So any mail to say iqb...@ghar-iqbala.lan or say r...@ghar-iqbala.lan should go to local Maildir instead of trying to deliver it thru my relayhost > > - if it's for specific addresses, use virtual_alias_maps as I already said. > So is that how qmgr decides what should be sent to local and what to smtp? That was a question I posted earlier in case you have not read it > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
Re: localhost and smarthost
On Sun, Jan 4, 2009 at 6:35 PM, Sahil Tandon wrote: > Asif Iqbal wrote: > >> > - what do you mean by "localemails"? which mail do you want to deliver >> > locally? >> >> I meant mails for local domain. My laptop does not really have a valid >> domain name. >> So any mail to say iqb...@ghar-iqbala.lan or say r...@ghar-iqbala.lan >> should go to >> local Maildir instead of trying to deliver it thru my relayhost > > Postfix will not go to gmail (which is your relayhost) to deliver mail > if that mail is addressed to a *local* domain. You need to include > 'ghar-iqbala.lan' in the mydestination parameter in main.cf. Mouss uh huh! that was it. If the domain name is defined in `mydestination' it is considered local mail. That is exactly what I was looking for. Thanks a lot! > already gave you this clue. > > For more information: > http://www.postfix.org/postconf.5.html#mydestination > http://www.postfix.org/STANDARD_CONFIGURATION_README.html > http://www.postfix.org/ADDRESS_CLASS_README.html > > -- > Sahil Tandon > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
postfix architectural diagram
Is there a nice diagram of these flow charts http://www.postfix.org/OVERVIEW.html I was looking for something like one with qmail http://qmail.jms1.net/qmail-system.pdf I am planning to migrate from qmail to postfix slowly. -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
migrate from qmail to postfix
Hi All I am planning to migrate from qmail to postfix. Currently our qmail uses QMAILQUEUE, qmail-scanner, clamd, spamassassin, rbldnsd, greylite, qmail-pop, qmail-ldap, virtuals and ezmlm. (I hope I did not miss anything) I found few suggestions from the following articles http://www.irbs.net/internet/postfix/0207/1241.html [yr 2002] http://www.irbs.net/internet/postfix/0401/1049.html [yr 2004] http://johnleach.co.uk/documents/qmail-to-postfix/index.html [yr 2006] They are pretty old. Is there any new feature(s) relevant to qmail to postfix migration, that are not covered above and, were introduced in newer postifx? Also, if you followed any of those threads, is there some gotcha that might be missing in there? I am guessing I need to install postfix as the front-end, will be installed on a separate new box. Then use the qmail, currently running on the existing system, as the back-end. Hoping that will ease the migration, however not exactly sure how to do it, quite yet :-). (I have to go back read those threads/articles again.) Then eventually expire qmail. Not quite sure how to do that either, but I think have to do some MX tricks on that. Anyways, I am looking for comments/suggestions. Thanks -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: migrate from qmail to postfix
On Sat, Jul 3, 2010 at 7:38 PM, Asif Iqbal wrote: > Hi All > > I am planning to migrate from qmail to postfix. > > Currently our qmail uses QMAILQUEUE, qmail-scanner, clamd, > spamassassin, rbldnsd, greylite, qmail-pop, qmail-ldap, virtuals and > ezmlm. > (I hope I did not miss anything) I am pretty sure dovecot is the popular method of pop3 and will be recommended tool to replace qmail-pop Also I probably will need to use `recipient_delimiter = - ' for as one of the key steps to make dot-qmail work same Again, I have not used postfix as a SMTP server and looking for all the goodies that you can suggest :-). I used postfix only as client for my ubuntu laptop and used gmail account to smtp through. (kind a off-topic) > > I found few suggestions from the following articles > > http://www.irbs.net/internet/postfix/0207/1241.html [yr 2002] > http://www.irbs.net/internet/postfix/0401/1049.html [yr 2004] > http://johnleach.co.uk/documents/qmail-to-postfix/index.html [yr 2006] > > They are pretty old. > > Is there any new feature(s) relevant to qmail to postfix migration, > that are not covered above and, were > introduced in newer postifx? > > Also, if you followed any of those threads, is there some gotcha that > might be missing in there? > > I am guessing I need to install postfix as the front-end, will be > installed on a separate new box. > Then use the qmail, currently running on the existing system, as the back-end. > Hoping that will ease the migration, however not exactly sure how to > do it, quite yet :-). > (I have to go back read those threads/articles again.) > Then eventually expire qmail. Not quite sure how to do that either, > but I think have to do some > MX tricks on that. > > Anyways, I am looking for comments/suggestions. > > Thanks > > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: migrate from qmail to postfix
On Sun, Jul 4, 2010 at 5:50 AM, Jeroen Geilman wrote: > On 07/04/2010 01:38 AM, Asif Iqbal wrote: > > Hi All > > I am planning to migrate from qmail to postfix. > > Currently our qmail uses QMAILQUEUE, qmail-scanner, clamd, > spamassassin, rbldnsd, greylite, qmail-pop, qmail-ldap, virtuals and > ezmlm. > (I hope I did not miss anything) > > I found few suggestions from the following articles > > http://www.irbs.net/internet/postfix/0207/1241.html [yr 2002] > http://www.irbs.net/internet/postfix/0401/1049.html [yr 2004] > http://johnleach.co.uk/documents/qmail-to-postfix/index.html [yr 2006] > > They are pretty old. > > > > It seems you managed to miss the postfix documentation. > http://www.postfix.org/documentation.html Well, I was actually looking for specific document(s) that discusses qmail to postfix migration. Also, looking for something that covers the dot-qmail, seems like the hardest part to migrate over. > > It's so odd that people insist on NOT using the actual documentation. > > Is there any new feature(s) relevant to qmail to postfix migration, > that are not covered above and, were > introduced in newer postifx? > > > > I would not recommend following old, or unsupported, documentation. > Always use the latest official documentation, it includes the versions > something was introduced at. > > Also, if you followed any of those threads, is there some gotcha that > might be missing in there? > > > They're probably flagrantly wrong in about a dozen places. They always are. > > I am guessing I need to install postfix as the front-end, will be > installed on a separate new box. > Then use the qmail, currently running on the existing system, as the > back-end. > Hoping that will ease the migration, however not exactly sure how to > do it, quite yet :-). > > > I would suggest the opposite. postfix is much more flexible than that old > crone. > However, you can do it in any way that suits you. > > (I have to go back read those threads/articles again.) > Then eventually expire qmail. Not quite sure how to do that either, > but I think have to do some > MX tricks on that. > > Anyways, I am looking for comments/suggestions. > > Thanks > > > Start with the URL Wietse gave you, it covers the basics. > > J. > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: migrate from qmail to postfix
On Mon, Jul 5, 2010 at 12:03 AM, Sahil Tandon wrote: > On Sun, 2010-07-04 at 23:55:48 -0400, Asif Iqbal wrote: > >> Well, I was actually looking for specific document(s) that discusses >> qmail to postfix migration. Also, looking for something that covers >> the dot-qmail, seems like the hardest part to migrate over. > > You were given, among other things, several pointers to relevant > sections of the Postfix documentation. At this point, you need to piece > together information from various sources and perform the transition > based on the idiosyncrasies of your email architecture. If you have > specific Postfix questions, feel free to ask here. I think the 'is > there a how-to for my exact migration situation?' line of questioning has > been exhausted. which doc covers the dot-qmail like behavior in postfix? > > -- > Sahil Tandon > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: migrate from qmail to postfix
On Mon, Jul 5, 2010 at 1:13 AM, Sahil Tandon wrote: > On Mon, 2010-07-05 at 01:05:21 -0400, Asif Iqbal wrote: > >> On Mon, Jul 5, 2010 at 12:03 AM, Sahil Tandon wrote: >> > On Sun, 2010-07-04 at 23:55:48 -0400, Asif Iqbal wrote: >> > >> >> Well, I was actually looking for specific document(s) that discusses >> >> qmail to postfix migration. Also, looking for something that covers >> >> the dot-qmail, seems like the hardest part to migrate over. >> > >> > You were given, among other things, several pointers to relevant >> > sections of the Postfix documentation. At this point, you need to piece >> > together information from various sources and perform the transition >> > based on the idiosyncrasies of your email architecture. If you have >> > specific Postfix questions, feel free to ask here. I think the 'is >> > there a how-to for my exact migration situation?' line of questioning has >> > been exhausted. >> >> which doc covers the dot-qmail like behavior in postfix? > > Read the Postfix documentation. All supported features are covered > therein; if you do not see it, it is not supported. Postfix is not a > drop-in replacement for qmail. Good luck. well, I am looking for suggestions on how people took care of the dot-qmail part when they migrated from qmail to postfix. going back to my original email, I saw some suggestions how people did just that. but bringing that up to see if those steps are relevant. > > -- > Sahil Tandon > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Convert an attachment to a link
Where do I look in postfix to introduce the following behavior. When mail arrives to the mail server, I like to convert any attachment to link if it is bigger than say 1M and add a footer in the body like below, before dropping/relaying it to the mailbox local or remote. all attachments >1M are converted to link(s) below. https://link.example.com/file1 https://link.example.com/file2 here file1/file2 would be exact name of the file like mydoc.doc any doc with spaces should be converted to `_' I like to detach the big attachments and save them to a dir. My users have web access to that dir. Then modify the body of the email by appending the links to it. -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Recipient address rejected: User unknown in local recipient table
Failing to receive mail in iqbala-sysad...@example.net Feb 23 18:40:02 mail postfix/smtpd[16962]: NOQUEUE: reject: RCPT from remote.example.net[192.168.18.193]: 550 5.1.1 : Recipient address rejected: User unknown in local recipient table; from=< r...@remote.example.net> to= proto=ESMTP helo=< remote.example.net> I am using postfix 2.6.6 on CentOS 6.7. My recipient_delimiter is `+' I just migrated from qmail to postfix. Any suggestion is appreciated. -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: Recipient address rejected: User unknown in local recipient table
On Thu, Feb 23, 2017 at 6:54 PM, Viktor Dukhovni wrote: > If you've migrated from qmail, you should probably keep "-" as your > recipient delimiter to maintain as much backwards-compatible behaviour > as possible. > > Otherwise you'll need an explicit alias for each actively used "-" > address extension. > I eventually want to change the default `+' to `-'. But I will need to find out if there is any dependency on postfix side that might break? I am using mailman which has `-' in the list name. In the meantime, If I understand you correctly, just use an alias entry like below as a quick workaround? iqbala-sysadmin: iqbala I do not have too many of those, so that would work now without breaking anything. -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
