Re: Pflogsumm Status

[Joe]

Jim Seymour wrote:

Hi All,


I'm working on a new release even now.  More information to
follow in a day or two.


That is great news - looking forward to your next release. It's a useful 
tool indeed.


Joe

Re: Greylist server recommendations?

[joe]

On 03/22/2010 02:23 AM, Matias wrote:

Hi,

I want to move away from postgrey to a sql based greylist service, so 
that I can access the greylist database from more than one server.


I've been reading about sqlgrey, gps, gld, etc...



I've used postgrey and sqlgrey, but for the past few years I've been 
happily using policyd-1.8x,  which is written in c, is small and 
efficient, uses a mysql backend, and not only does greylisting, but also 
quotas, whitelisting and blacklisting based on various criteria.


I use policyd on my home mail server, on mail servers at several small 
businesses, and at my fortune 100 employer, where 4 postfix servers are 
pointed to the policy server.


Needless to say, I'm happy with it.

Joe

Re: distribution issues with Postfix

[Joe]

Phil Howard wrote:
>
> No.  Clearly not the case.  Ubuntu is an example which interferes with
> Postfix.  I'm trying to determine if others are more or less so.  I
> suspect at least some surely must be less so.
>   

No FUD please. I've deployed smtp servers running hpux, solaris,
slackware, redhat, fedora, SuSE, debian, ubuntu and others - as someone
just pointed out, having some knowledge of the platform you're running
postfix on is rather important.

I currently run a number of production mail servers on ubuntu LTS and
have never seen any of the problems you're struggling with.

Joe

Re: distribution issues with Postfix

[Joe]

Phil Howard wrote:
> On Wed, Jul 7, 2010 at 15:11, Joe  wrote:
>
>   
>> I currently run a number of production mail servers on ubuntu LTS and
>> have never seen any of the problems you're struggling with.
>> 
>
> Are you using the packaged version of Postfix, or the source you
> compile yourself?
>   

I almost never install tarballs, but prefer to take the time to find or
make a deb package if at all possible, because of the manageability
added by the packaging system.

The stock postfix package included with ubuntu has worked well for me,
no surprises, no problems, either with the postfix 2.5.1 package that
came with ubuntu 8.04, or the postfix 2.7.0 package that came with
ubuntu 10.04.

It shouldn't be too much trouble to build a package of say 2.7.0 from
10.04, for installation in a 8.04 system. There are also repositories
with ready-to-install, newer versions  of postfix, if you need  them.

BTW it's best to use one of the currently supported LTS server versions
which I mentioned above, rather than a release like 9.10.

Joe

Re: distribution issues with Postfix

[Joe]

Phil Howard wrote:
> I wanted to get input on it.  I'm still on the fence about making that
> change at work.  The kind of input I was hoping was something that
> indicated general ease of setup from an administrative perspective.
> If the feedback with Ubuntu is that it works fine, then I'd consider
> staying on it and bug the Ubuntu people about why it's goofy for some
> people (yeah, yeah, maybe I did something wrong on it ... twice, now).
>  And maybe people are having good success compiling from source on
> Ubuntu (so they are on the latest version of Postfix).  But that is a
> more general problem I and others have had with Ubuntu, with no
> solutions ... I only mentioned it before to make it understood why I
> was looking for other ways.
>   
I hear what you're saying - but IMHO the main thing is being comfortable
with, and knowledgeable enough of whatever distro you're using.

I support SLES servers at $BIG_CO; I'm comfortable with SLES, and I make
rpms of the latest and greatest postfix to replace the outdated versions
they tend to ship. I can tell you that postfix runs beautifully on SLES.

In my own shop, and for my consulting, I work with ubuntu server for the
most part. I'm comfortable with ubuntu, and I make deb packages of the
latest and greatest postfix. Again, I can tell you that postfix runs
beautifully on ubuntu server.

Just try pick a distro you know and are comfortable with, and go with
it. Regardless, postfix is postfix.

Joe

Re: Better spam filter for postfix

[joe]

On 07/15/2010 12:29 PM, Steve wrote:

Or GROSS (the only greylisting application that I know working with a bloom 
filter (http://en.wikipedia.org/wiki/Bloom_filter)).

http://code.google.com/p/gross/
   


Thanks for the link, what I see there is very interesting - I'll check 
this out...


Joe

Re: Postfix rejecting mail when plenty of space

[Joe]

Noel David Torres Taño wrote:
> Hello all:
>
> I have /var/mail mounted separately and plenty of space. But when / get short 
> on space I saw things like this:
>
> Sep  7 18:37:24 tochox postfix/smtpd[25798]: connect from (somewhere)
> Sep  7 18:37:24 tochox postfix/smtpd[25798]: NOQUEUE: reject: MAIL from 
> (somewhere): 452 4.3.1 Insufficient system storage; proto=ESMTP 
> helo=(somewhere)
> Sep  7 18:37:24 tochox postfix/smtpd[25798]: warning: not enough free space 
> in 
> mail queue: 999424 bytes < 1.5*message size limit
> Sep  7 18:37:24 tochox postfix/cleanup[25803]: A6E7A11E55: message-
> id=<20100907173724.a6e7a11...@rolamasao.org>
> Sep  7 18:37:24 tochox postfix/smtpd[25798]: disconnect from (somewhere)
> Sep  7 18:37:24 tochox postfix/qmgr[10427]: A6E7A11E55: from= bou...@rolamasao.org>, size=1140, nrcpt=1 (queue active)
> Sep  7 18:37:24 tochox postfix/local[25804]: A6E7A11E55: 
> to=, orig_to=, relay=local, delay=0.06, 
> delays=0.03/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
> Sep  7 18:37:24 tochox postfix/qmgr[10427]: A6E7A11E55: removed
>
>
> Why did postfix detected the shortage in space in / (which includes /var but 
> not /var/mail) as a problem?
>   

Where is /var/spool/postfix?

Joe

Re: Problem with Mail not Reaching its Destination

[joe]

 This is a question of basic familiarity with your operating system. If 
you would be so kind as to tell us what release of what operating system 
you're running, someone will be able to tell you off the top of their 
head how to find the logs.


Jo

On 09/25/2010 11:09 AM, Shane Dittmar wrote:

I noted this at the bottom of my message, but I've spent multiple
hours attempting to find said log with no results.

On 9/25/10, Ralf Hildebrandt  wrote:

* Shane Dittmar:


When I came back to try things, I found out that none of the mail I
sent to these addresses was being delivered. Originally, the error was
that the address could not be found in the virtual users table, but I
fixed this by adding to the mydestination parameter.

Please show  the exact error messages from your log!

--
Ralf Hildebrandt
   Geschäftsbereich IT | Abteilung Netzwerk
   Charité - Universitätsmedizin Berlin
   Campus Benjamin Franklin
   Hindenburgdamm 30 | D-12203 Berlin
   Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
   ralf.hildebra...@charite.de | http://www.charite.de

Re: Postfix, POP/IMAP server, virtual users, web administration - what do you use?

[Joe]

Eero Volotinen wrote:
> 2010/9/28 David Touzeau :
>   
>> The best interface that did not break your settings is "webmin"
>> 
>
> Really? Bad memories from past ..
>
> When I was involved in small isp business, patched version of
> postfixadmin did the tricks..
>   

Hmm, webmin has worked very well for me. Particularly where you have
multiple sys admins, some of them experienced and some of them not so
experienced. Personally, I like to use postconf and vi to manage postfix
configuration, but when I share duties with someone who's not
comfortable in a unix command line environment, I make sure they have
webmin access. Webmin doesn't interfere with my manual edits, and my
manual edits don't interfere with webmin.

Webmin is useful not only for postfix, but also for ip tables, dns, dhcp
and other facilities.

Joe

Re: Installation Error _RESOLVED

[joe]

 No worries -

Rebooting will indeed run through the items rc.conf, but in general you 
can run any of those commands at any time. You can change the host name 
with the "hostname" command and it takes effect immediately. Restart 
syslog as well if you want the new host name to appear in the log files.


Joe

On 10/03/2010 01:11 AM, Eugene V. Boontseff wrote:

On 03.10.2010 03:06, jason hirsh wrote:
the change to the rc.conf doesn't apparently take effect until you 
reboot.. there might be another way but i am a bit of a newbie

man hostname

On Oct 2, 2010, at 4:42 PM, joe wrote:


You rebooted to change the hostname???

Joe

On 10/02/2010 01:13 PM, jason hirsh wrote:


On Oct 2, 2010, at 3:56 PM, Ralf Hildebrandt wrote:


* jason hirsh :
I am doing an installation on a new FreeBSD 8.1 box   and it fail 
with



postfix: warning: valid_hostname: invalid character 32(decimal):
my.domain-server.com


remove the trailing or leading space
from "my.domain-server.com " or " my.domain-server.com"


I missed that

edit and corrected rc.conf
reboot and installation went fine

thanks for you quick response



--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de

Re: reverse the polarity of the neutron flow

[Joe]

On 10/12/2010 12:42 PM, The Doctor wrote:

Doctor Who saying in the 1970s.

What do I need to reverse.

Tried another MTA and got reports that people were not getting e-mail.

All right switch back.

Forgot that the 'sendmail' was not the correct one.

No problem, just use the postfix sendmail.

Hmm!! No mail is getting delievered.

What did I forget?


Gosh, it could be just about anything. How about some log entries, and 
postconf output, per the troubleshooting guidelines?


Joe

Re: Up and coming

[Joe]

On 10/18/2010 08:35 AM, Wietse Venema wrote:

The Doctor:

What are the improvements for postfix 2.7.2 and postfix 2.8 ?

That is covered by the RELEASE_NOTES and HISTORY files,
available individually from Postfix download mirror sites.

Wietse


The thing that particularly interests me is postscreen. I look forward 
to it's inclusion in a stable release.


Joe

Re: A question about myorigin, myhostname, etc.

[Joe]

On 11/17/2010 02:30 PM, Chris G wrote:

On Wed, Nov 17, 2010 at 02:04:57PM -0500, Victor Duchovni wrote:

I would expect that dnsmasq is documented, and the documentation should
cover sufficient detail to help you avoid this illegal RRset combination.
You should only bother the "gurus/maintainers" if the documentation
is incomplete or observed behaviour deviates from the documentation.


Yes, of course, OK.  But I have a virtually default dnsmasq
installation so I can't glean much from the documentation as I haven't
really configured anything away from default.  It's a quiet list!  :-)



Pardon my pointing out the obvious, but these sort of teething problems 
can be mitigated by utilizing bind views. It's not an uncommon situation 
for servers to be natted, and you're not the first person to be caught 
off guard by the difference between the local/private IP of a server and 
it's public/natted IP. In the old days we used to employ "split dns" - 
one set of servers for the outside world, another for internal use - but 
since bind v9 was introduced some years ago, the views feature allows a 
single server to provide the functionality of split dns. I even use dns 
views on my home dns servers.


Just a thought - assuming that usage of dnsmasq etc is not carved in stone.

Joe

Re: multiple Postfix instances pre-2.6

[Joe]

On 11/29/2010 02:39 PM, Stirling, Scott wrote:

http://www.postfix.org/MULTI_INSTANCE_README.html

My client has Postfix 2.3.3. Must I update to 2.6+ to run multiple
instances side-by-side? Could I manually create an instance by, e.g.,
creating an /etc/postfix-foo with main.cf and master.cf, and configure
them to use different files and directories? Updating the postfix
version might be a good idea for other reasons, but it would increase
the scope of the issue a bit.


2.3.3 is pretty stale - sounds like rhel5/centos.

FWIW we use Simon Mudd's postfix 2.7.x rpms on our centos servers, with 
good results.


Joe

Re: Spam Backscatter

[Joe]

We've implemented an RBL for bounces using the data from 
http://www.backscatterer.org/ -


It has virtually eliminated backscatter spam from entering our servers. 
We have about 15k internal users and somewhere around 2 million emails 
in and out daily, and being a very lightweight solution it has not been 
a bottleneck at all. You might want to give it a try.


Joe

On 02/01/2011 03:39 PM, Simon wrote:


We are using postfix with debian lenny...


We are receiving what appears to be backscatter from spam that is 
using a valid address in the Return Path. I have included an example 
of the header info from one of the spam messages below. The “From” and 
“To” addresses just seem to be random and are not related to us in any 
way. Does anyone know to block this sort of backscatter?



Original message headers:

Return-Path: <mailto:s...@newmedia.net.nz>*[ourdomain.actual.domain]**>
Received: from 195-191-72-102.optolan.net.ua 
<http://195-191-72-102.optolan.net.ua> (unknown [195.191.72.102])
by smtp-0.counselschambers.com.au 
<http://smtp-0.counselschambers.com.au> (Postfix) with ESMTP id 
1D400396B7E
for <mailto:so...@tenthfloor.org>>; Wed,  2 Feb 2011 08:28:43 +1100 (EST)

From: no-reply...@job.com <mailto:no-reply...@job.com>
To: mailto:so...@tenthfloor.org>>
Subject: Position opening in your area
MIME-Version: 1.0
Importance: High
Content-Type: text/html
Message-ID: <20110201212844.1d400396...@smtp-0.counselschambers.com.au 
<mailto:20110201212844.1d400396...@smtp-0.counselschambers.com.au>>

Date: Wed, 2 Feb 2011 08:28:43 +1100

Thanks

Simon

Re: Order of restrictions

[Joe]

On 02/02/2011 10:28 AM, Steve Jenkins wrote:

After watching the recent thread about filtering restrictions, it's
got me curious as to whether mine are optimal. I've recently added
support for backscatterer checking in my restrictions, and I moved
Stan's fqrdns.pcre check higher in my list per his suggestion in an
earlier thread. Mine now look like:




smtpd_recipient_restrictions =


...

 check_sender_access hash:/etc/postfix/check_backscatterer,


I think your backscatterer setup may not work  - the stanza below is the 
only place it's used on our servers:


smtpd_data_restrictions =
...
check_sender_access btree:/etc/postfix/backscatterer,
reject_unauth_pipelining


Joe

Re: Order of restrictions

[Joe]

On 02/02/2011 12:05 PM, Joe wrote:

On 02/02/2011 10:28 AM, Steve Jenkins wrote:

After watching the recent thread about filtering restrictions, it's
got me curious as to whether mine are optimal. I've recently added
support for backscatterer checking in my restrictions, and I moved
Stan's fqrdns.pcre check higher in my list per his suggestion in an
earlier thread. Mine now look like:




smtpd_recipient_restrictions =


...

 check_sender_access hash:/etc/postfix/check_backscatterer,


I think your backscatterer setup may not work  - the stanza below is 
the only place it's used on our servers:


smtpd_data_restrictions =
...
check_sender_access btree:/etc/postfix/backscatterer,
reject_unauth_pipelining



Just as a sanity check, the contents of /etc/postfix/backscatterer:

<>reject_rbl_client ips.backscatterer.org
postmasterreject_rbl_client ips.backscatterer.org


Joe

Re: Delivering Mail with priority based on domain

[Joe]

On 02/03/2011 11:24 AM, James R. Marcus wrote:

Hi,
I have been reading about prioritizing mail in Postfix on this list.  It seems 
that the answer is,  there is a shared queue and mail is not prioritized.  I 
want to make sure that I fully understand if this applies to my situation.

All of our servers that send mail go through our Postfix gateways. I don't want 
to manage our exchange server as a relay.

I find that when we send out a lot of email and there is mail queued, internal 
mail is delayed.  I'm assuming the short term solution to this is:

postqueue -s domain.com

Is there another way to prioritize internal mail delivery based on domain?



Postfix-2.3.3-2.1.el5_2 running on CentOS 5.5 x64




One huge improvement you can make is to specify the "relay" transport 
for incoming mail. That will create a separate queue from the outgoing 
mail which is using the "smtp" transport, and will greatly lesses the 
impact of a large outgoing queue on incoming mail. You can expand upon 
this theme as appropriate.


BTW there are postfix-2.7 and 2.8 rpms available for Centos -  2.3.3 is 
ancient and lacking in all of the useful features added since 2003 or 
so, you'd be doing yourself a big favor to bring your postfix up to date.


Joe

Re: Delivering Mail with priority based on domain

[Joe]

On 02/03/2011 03:51 PM, Jeroen Geilman wrote:

On 2/3/11 8:31 PM, Joe wrote:

On 02/03/2011 11:24 AM, James R. Marcus wrote:

Hi,
I have been reading about prioritizing mail in Postfix on this 
list.  It seems that the answer is,  there is a shared queue and 
mail is not prioritized.  I want to make sure that I fully 
understand if this applies to my situation.


All of our servers that send mail go through our Postfix gateways. I 
don't want to manage our exchange server as a relay.


I find that when we send out a lot of email and there is mail 
queued, internal mail is delayed.  I'm assuming the short term 
solution to this is:


postqueue -s domain.com

Is there another way to prioritize internal mail delivery based on 
domain?




Postfix-2.3.3-2.1.el5_2 running on CentOS 5.5 x64




One huge improvement you can make is to specify the "relay" transport 
for incoming mail.



To achieve what ?


To minimize the impact of large outbound queue on incoming message 
delivery latency.




That will create a separate queue from the outgoing mail which is 
using the "smtp" transport, 


There is one queue.



I might not have used the best term "queue" but the concept is still 
correct. the queue manager implements fairness between transports, so if 
incoming and outgoing mail are on two different transports it will help 
a lot. Our incoming messages used to be delayed quite a bit when the 
outbound queue grew to the tens of thousands. When we assigned incoming 
messages to the "relay" transport, distinct from the default "smtp" 
transport used for outgoing messages, we stopped seeing any problems 
with inbound message delays even with huge numbers of queued outgoing 
messages.


There are certainly cases for multiple postfix instances, but I wouldn't 
assume that this scenario necessarily calls for such a measure. I'd try 
the separate transport first, and see how it works. You may not have to 
do anything else. You can always add multiple instances later if that's 
really what you want to do.


There are other parameters I would look at, before running multiple 
instances -


maximal_queue_lifetime, maximal_backoff_time, the process limits in 
master.cf are all worth looking at.



Joe

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

[Joe]

On 02/04/2011 10:42 AM, Steve Jenkins wrote:


Still, I am (well, WAS) disappointed that Postfix 2.3.3 is what
installs on CentOS 5.5 by default. But Postfix 2.8 wasn't that hard to
compile. :)



I always try to work with the package management system to keep things 
sane and manageable if possible. postfix-2.7 and 2.8 rpms and srpms are 
available for centos from several sources. It's pretty easy to replace 
the ancient postfix package with a fairly up to date one, and it's one 
of the first things I'd do after a centos or rhel install.


I see that rhel 6 comes with postfix-2.6.6 which is better, but still a 
bit conservative. Not all of the rhel/centos packages are out of date, 
but they do seem quite sluggish about making any MTA changes.


FWIW debian/ubuntu seem to be much more current on the versions of 
postfix they ship, but even then it's not a bad idea to install a more 
recent package than what they ship with.


Joe

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

[Joe]

On 02/04/2011 03:13 PM, mouss wrote:

Le 04/02/2011 20:42, Joe a écrit :

I always try to work with the package management system to keep things
sane and manageable if possible. postfix-2.7 and 2.8 rpms and srpms are
available for centos from several sources. It's pretty easy to replace
the ancient postfix package with a fairly up to date one, and it's one
of the first things I'd do after a centos or rhel install.

I see that rhel 6 comes with postfix-2.6.6 which is better, but still a
bit conservative. Not all of the rhel/centos packages are out of date,
but they do seem quite sluggish about making any MTA changes.

FWIW debian/ubuntu seem to be much more current on the versions of
postfix they ship, but even then it's not a bad idea to install a more
recent package than what they ship with.

Joe

guys, we at the bsd balcony find it funny to see linuxers fighting each
other with "my distro is better" and "I can compile faster than you",
and more funnily "I was born to destroy bill gates empire".


I'm at a loss as to where you think you're seeing a fight. I merely 
mentioned options for upgrading postix packages on various linux 
distros. I've used all the above mentioned distros and more. I have not 
indicated a preference for one over the other, I consider them all useful.


Joe

Re: temporary errors for DNS

[Joe]

Keld Jørn Simonsen wrote:

On Mon, Jul 13, 2009 at 06:19:40PM -0400, Rod Dorman wrote:
  

On Monday, July 13, 2009, 17:49:10, Keld Jørn Simonsen wrote:


  ...
Are there distros that are known to have a postfix package that is set
up correctly wrt chroot?
  

OpenBSD



Well, I confine myself to Linux, as I am doing some kernel work, and
other system work there, so I was wondering if there were any Linux distros,
and preferaably rpm based, which does correct packaging of a chrooted
postfix?
  


I use suse (rpm based) and ubuntu (deb based) and they both work nicely 
out of the box as chrooted postfix servers.


Joe

Re: postfix strip ??? (highbit chars)

[Joe]

Benny Pedersen wrote:
> On Thu, July 23, 2009 01:07, Sahil Tandon wrote:
>
>   
>> % postconf message_strip_charters
>> postconf: warning: message_strip_charters: unknown parameter
>> 
>
> be more helpfull then critize my spellings
>   

Don't shoot the messenger - he pointed out, in good faith, an obvious
problem.

If you're overfly defensive people may be reluctant to help you.

Joe

Re: Spamassassin

[Joe]

Carl A jeptha wrote:
> When setting up Postfix with Amavis, ClamAV and spamassassin, should
> one see spamassassin working (I am using a Ubuntu server)

This might be better asked on an amavisd forum -

But having said that, the spamassassin classes are actually called
directly by amavis, so you won't see any spamassassin processes running.

Joe

Re: What causes the "message file too big" error?

[Joe]

Seth Mattinen wrote:
> LuKreme wrote:
>   
>> On Jul 30, 2009, at 12:42 PM, Seth Mattinen wrote:
>> 
>>> The exact byte count of the message+headers is 100793284
>>>   
>> Seriously? 96MB emails?  I hope that's internal only.
>>
>> 
>
> Nope, not internal. Why does that matter?
>   

Probably because most domains have a size limit far below that figure.
You might allow messages of that size to be sent, but they will most
often be rejected by the receiving end.

Joe

Re: Looking for opinions on FreeBSD OS for Postfix

[Joe]

Kurt Buff wrote:


I am biased, but I've long preferred FreeBSD to any flavor of Linux
for ease of administration - FreeBSD simply makes more sense to me
than any Linux I've ever touched. Others will differ, but that's my
preference.
  


I prefer linux, and currently use suse and ubuntu, which have been 
trouble-free for me. Having said that, I do agree that FreeBSD is a 
solid, dependable, scalable OS for any server task, and I'd have no 
qualms about running postfix on it.


Joe

Re: Postfix DKIM

[Joe]

Mark Johnson wrote:

All,

I wonder which DKIM should I use for Postfix? Any suggestion?

I found this:
http://dkimproxy.sourceforge.net
  
I've been using dkim-milter - it's a sendmail milter but works fine with 
postfix -


http://sourceforge.net/projects/dkim-milter/

Joe

Re: OT: need some advice as to distro

[Joe]

John Peach wrote:
> On Tue, 01 Dec 2009 16:30:36 +0200
> Eero Volotinen  wrote:
>
>   
>>> Centos 5.4 - while it looks like a good choice, there has been some
>>> political infighting going on recently which makes us a little
>>> nervous about its future. In addition we have found that a number
>>> of the core packages we wish to use are out of date (postfix,
>>> dovecot, amavisd-new among them).
>>>   
>> Centos 5.x is my selection. You can also use packages from epel and 
>> dag's rpm repositories.
>> 
>
> It suffers from Red Hat's liking for sendmail. The postfix package is
> aeons old. I would go with Ubuntu (probably 9.04 which is a long-term
> support version).
>   

Since we're talking linux distros

I've used redhat, fedora, suse/sles, slackware and others and while they
all have their strong points I prefer debian or ubuntu LTS for server
deployments if at all possible. Package management is a snap, everything
just works.

BTW ubuntu 8.04 is the most recent LTS release, 10.04 next spring will
be the next.

Joe

Re: OT: need some advice as to distro

[Joe]

Stan Hoeppner wrote:
> Half your argument is based on Debian features.  
Which are also, therefore, ubuntu features.

> Why not just use Debian
> then, instead of Ubuntu?  
Because enterprise support is available for ubuntu, and also, if someone
is familiar with ubuntu desktop already it makes sense for them to
deploy ubuntu server if servers are needed.

> Especially for a headless server?  

What difference does it make if the server is headless? How would that
be an advantage for debian?

> I've been a
> Debian (non-GUI) user for almost 10 years.  I've never touched Ubuntu,
> or any other distro.  Debian has always come through for my server
> needs, so I've never considered anything else.  Convince me why I should
> switch my Postfix server environment from Debian to Ubuntu.  I'm curious
> to see how compelling your argument is.
>   

If you're happy with debian then there's no point - but let's turn the
question around: Convince me why I should switch from ubuntu to debian.
Let's see what arguments you have.

Joe

Re: OT: need some advice as to distro

[Joe]

Udo Rader wrote:
> Brian Mathis wrote:
>> On Tue, Dec 1, 2009 at 4:15 PM, Joe  wrote:
>>> Stan Hoeppner wrote:
>>>> I've been a
>>>> Debian (non-GUI) user for almost 10 years.  I've never touched Ubuntu,
>>>> or any other distro.  Debian has always come through for my server
>>>> needs, so I've never considered anything else.  Convince me why I
>>>> should
>>>> switch my Postfix server environment from Debian to Ubuntu.  I'm
>>>> curious
>>>> to see how compelling your argument is.
>>>>
>>> If you're happy with debian then there's no point - but let's turn the
>>> question around: Convince me why I should switch from ubuntu to debian.
>>> Let's see what arguments you have.
>>>
>>> Joe
>>
>> How about you both realize that neither of you has enough information
>> to make an objective decision, and that any kind of "arguments" you
>> can come up with has more to do with what you're familiar with than
>> anything else, and continuing the discussion along these lines only
>> amounts to a holy war and nothing else.
>>
>> As for the original question, it all comes down to what you are
>> comfortable with.  The 2 main runners here are CentOS and Ubuntu.
>> I've heard good things about Ubuntu but haven't tried it much.
>
> with all due respect - would you please keep this very off topic noise
> from this usually very informative and helpful mailing list?

Agreed, it wandered too far OT... end of thread, follow-ups to PM.

Joe

Re: Should Anyone Be Able To Send Telnet Email

[Joe]

Carlos Williams wrote:
> On Fri, Dec 4, 2009 at 2:22 PM, Matt Hayes  wrote:
>   
>> The question is, are you trying to 'relay' through the server or sending
>> to a domain that the server hosts?
>>
>> -Matt
>> 
>
> I don't know how to answer this. The Postfix server is on the same
> network as the clients connecting to it. The clients simply connect to
> the server on the same subnet / domain. It just seems that anyone can
> log in as anybody and send mail on their behalf. This appears bad to
> me...
>   

This is nothing new - and using a manual telnet connection is rather
awkward and time consuming; there is nothing in the telnet approach that
can't be done more quickly and easily with any decent mail client.

Forged senders are quite commonplace, and when coming from the internet
they are rather easily detected. Even if they are inside, you have their
IP address in the postfix logs.

I doubt that the crowd who routinely forge the sender address do so
using manual telnet - they simply use a mail client/script/tool to make
their jobs easier. Telnet is a red herring, it's not the real issue
here. The question is, how paranoid do you need to be, and how far are
you willing to go to lock things down?

Joe

Re: postfix performance

[Joe]

On 03/23/2011 03:06 PM, Jeroen van Aart wrote:
I am curious if postfix would be able to send out 30 emails in one 
hour, to different recipients of course. Taking into account 
http://www.postfix.org/TUNING_README.html and other such performance 
tuning guides. This would only happen once a week or so. The important 
part is the need to send them all in one hour, more or less.


This would be on a debian server with about 64 to 92 GB of memory, 8 
or 16 CPUs and a really fast internet connection.


Considering 30 per hour equates to about 83 emails per second and 
given a reasonably fast server (over specced since I doubt CPU and RAM 
would be the bottleneck here) I would think one server could handle this.


Suffice it to say these emails are sent to a list of COI emails. I 
hate spam.




We've found that postfix can always send out smtp messages at a rate 
hundreds, if not thousands of times faster than remote domains wish to 
accept it. Postfix will not be the bottleneck here, I think.


Joe

Re: postfix performance

[Joe]

On 03/23/2011 04:49 PM, Steve Jenkins wrote:

On Wed, Mar 23, 2011 at 3:22 PM, Victor Duchovni
  wrote:

All of this is overkill, but a local DNS resolver is a requirement.

With high volume outbound mail, any advantage to having a local DNS
resolver on the same machine as Postfix? We've got one that's provided
by our colo provider, but it's not on the same subnet.


IMNSHO it's standard practice to run a dns server on the MX host. If you 
don't want a full blown bind server, at least run some sort of caching 
dns server; the difference in the lookup times has a big impact when 
you're sending messages at a high rate.


Joe

Re: postfix performance

[Joe]

On 03/23/2011 05:22 PM, Steve Jenkins wrote:

On Wed, Mar 23, 2011 at 5:09 PM, Joe  wrote:

IMNSHO it's standard practice to run a dns server on the MX host. If you
don't want a full blown bind server, at least run some sort of caching dns
server; the difference in the lookup times has a big impact when you're
sending messages at a high rate.

Thx, Joe. Any advantage IYNSHO to running a full blown bind server as
opposed to something simpler like dnsmasq or nsd (or anything else
you're recommend)?


Steve,

There are no advantages I can think of unless you're also running a dns 
server for other hosts. Either one should be fine for the name 
resolution needs of postfix. Since I'm familiar with bind I tend to just 
go with it that whether we need a simple caching dns server or a full 
blown multi-view view authoritative dns server. It works pretty well out 
of the box on modern releases of unix-like OSes.


Joe

Re: Postfix STARTTLS bug on SLES11 SP1 still unfixed ?

[Joe]

On 04/15/2011 01:58 AM, Alexander Grüner wrote:

> The right forum is a SuSE support forum.

Ok, I will go there.




The postfix shipped in SLES is usually a bit stale anyway. I typically 
grab a postfix source rpm from suse factory and rebuild it on SLES.


Here are some newish packages including source rpms you can rebuild.

http://software.opensuse.org/search?q=postfix&baseproject=SUSE%3ASLE-11&lang=en&exclude_debug=true

Joe

Re: Disabling SSLv2 does not work as expected

[Joe]

On 09/02/2011 02:41 PM, Stan Hoeppner wrote:


Red Hat is a commercial distro.  They will always do things 
differently, things that seem strange and sometimes simply stupid to 
the rest of us.  Which is one of the many reasons I don't use a 
commercial distro.  Red Hat cherry picks patches from up and down the 
kernel source tree and backports them, all the way from 2.6.30 to 3.1 
rc1.  Many such kernel patches are contributed by RH.  I don't know if 
they do this with applications, but it stands to reason that they 
would, given what they do with the kernel.


Anyone I know who uses RHEL or Centos soon turns to the well known 3rd 
party repos which offer handy items like postfix-2.8 rpms. The point is, 
for any major linux distro, there are a number of easy-peasy ways to run 
a very up-to-date version of postfix.


Joe

Re: canonical.db: Inappropriate file type or format

[Joe]

On 11/11/2011 11:30 AM, Bernard T. Higonnet wrote:

Hello,

Here is the system:

freebsd2.higonnet.net 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 
02:41:51 UTC 2011 
r...@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64


I have just built postfix from source

Nov 11 20:12:41 freebsd2 postfix/master[64285]: reload -- version 
2.8.7, configuration /usr/local/etc/postfix
Nov 11 20:13:08 freebsd2 postfix/qmgr[64852]: warning: problem talking 
to service rewrite: Operation timed out
Nov 11 20:13:14 freebsd2 postfix/cleanup[64928]: fatal: open database 
/usr/local/etc/postfix/canonical.db: Inappropriate file type or format




The main.cf file has been copied without change so far from a working 
version 2.7.1 running under FreeBSD 8.1


The canonical.db file has been produced by using postmap hash: using 
the same canonical file as the aforementioned working older version. 
postconf -m says hash is possible.



As unusal I must be doing something dumb and simple; I only wish I 
knew what it is...


TIA
Bernard Higonnet
PS I believe all the other db files are also bad


It would be interesting to see the results of the following commands:

file /usr/local/etc/postfix/canonical.db
postconf canonical_maps
postconf default_database_type

Joe

sender_dependent_default_transport_maps

[Joe]

Hello list -

We have some fairly involved routing requirements, and have been using a 
script that creates a transport table from a number of source files. 
It's been working well for some years, but now we have a need for 
sender-dependent transport rules. We periodically creates the 
sender_dependent_default_transport_maps, which appeared to work 
perfectly, but then we discovered that the transport table overrides 
sender-dependent transport - exactly as documented.


We have a requirement for sender-dependent transport rules that override 
everything else. I thought of setting up another postfix instance just 
to handle the sender-dependent transport before handing it off to either 
the current smtp server or one of the designated transports, but it 
seems like overkill. Is there any other way to make 
sender_dependent_default_transport_maps take priority over the transport 
table?


Thanks for your input -

Joe

Re: sender_dependent_default_transport_maps

[Joe]

On 05/07/2012 08:15 PM, Viktor Dukhovni wrote:

On Mon, May 07, 2012 at 10:04:21PM -0500, Noel Jones wrote:


We have some fairly involved routing requirements, and have been
using a script that creates a transport table from a number of
source files. It's been working well for some years, but now we have
a need for sender-dependent transport rules. We periodically creates
the sender_dependent_default_transport_maps, which appeared to work
perfectly, but then we discovered that the transport table overrides
sender-dependent transport - exactly as documented.

We have a requirement for sender-dependent transport rules that
override everything else. I thought of setting up another postfix
instance just to handle the sender-dependent transport before
handing it off to either the current smtp server or one of the
designated transports, but it seems like overkill. Is there any
other way to make sender_dependent_default_transport_maps take
priority over the transport table?

The transport priority order is not configurable.

I suppose you could use a check_sender_access map that returns
FILTER transport:nexthop for the target senders.  Note this solution
is only useful with mail submitted via SMTP and is incompatible with
an after-queue content_filter (unless you do some master.cf gyrations).

It also breaks mail routing on any real MTA that needs to route
different recipients to different destinations. The only real
use-case for sender-dependent routing is on shared laptops and
home machines where all of a user's initially submitted mail
is relayed via that user's ISP, but then one just empties
out the transport table and voila, the default transport wins.

My advice to the OP would be to separate the sender-dependent
traffic onto a separate MTA that does no (normal) recipient
dependent routing.


Thanks for the sage advice - After some consideration and a bit of 
testing I think we finally have a reason for going to a multi-instance 
postfix configuration. It's either that, or spin up a new server to 
handle sender-dependent transport, and our support organization charges 
by the server, so postmulti seems to be the best option.


Joe

Re: Postfix make install. Do not support mysql and pcre

[Joe]

Install the missing dev packages - mysql-devel, pcre-devel etc which 
will provide the missing headers.


On 07/10/2012 10:36 AM, Feel Zhou wrote:

Thanks for Brian's answer*
*
1   I add the missed,such as
[root@mail postfix-2.9.3]# make -f Makefile.init makefiles 
CCARGS="-DHAS_MYSQL -I/usr/local/mysql/include" 
AUXLIBS="-L/usr/local/mysql/lib  -lmysqlclient"

and still have the problem, sorry about long log


[root@mail postfix-2.9.3]# make
set -e; for i in src/util src/global src/dns src/tls src/xsasl 
src/milter src/master src/postfix src/fsstone src/smtpstone 
src/sendmail src/error src/pickup src/cleanup src/smtpd src/local 
src/trivial-rewrite src/qmgr src/oqmgr src/smtp src/bounce src/pipe 
src/showq src/postalias src/postcat src/postconf src/postdrop 
src/postkick src/postlock src/postlog src/postmap src/postqueue 
src/postsuper src/qmqpd src/spawn src/flush src/verify src/virtual 
src/proxymap src/anvil src/scache src/discard src/tlsmgr src/postmulti 
src/postscreen src/dnsblog src/tlsproxy; do \
 (set -e; echo "[$i]"; cd $i; make 'CC=gcc 
-Wmissing-prototypes -Wformat -DHAS_MYSQL -I/usr/local/mysql/include' 
update MAKELEVEL=) || exit 1; \

done
[src/util]
for i in argv.h attr.h attr_clnt.h auto_clnt.h base64_code.h binhash.h 
chroot_uid.h cidr_match.h clean_env.h connect.h ctable.h dict.h 
dict_cdb.h dict_cidr.h dict_db.h dict_dbm.h dict_env.h dict_ht.h 
dict_ni.h dict_nis.h dict_nisplus.h dict_pcre.h dict_regexp.h 
dict_sdbm.h dict_static.h dict_tcp.h dict_unix.h dir_forest.h events.h 
exec_command.h find_inet.h fsspace.h fullname.h get_domainname.h 
get_hostname.h hex_code.h hex_quote.h host_port.h htable.h 
inet_addr_host.h inet_addr_list.h inet_addr_local.h inet_proto.h 
iostuff.h line_wrap.h listen.h lstat_as.h mac_expand.h mac_parse.h 
make_dirs.h mask_addr.h match_list.h msg.h msg_output.h msg_syslog.h 
msg_vstream.h mvect.h myaddrinfo.h myflock.h mymalloc.h myrand.h 
name_code.h name_mask.h netstring.h nvtable.h open_as.h open_lock.h 
percentm.h posix_signals.h readlline.h ring.h safe.h safe_open.h 
sane_accept.h sane_connect.h sane_fsops.h sane_socketpair.h 
sane_time.h scan_dir.h set_eugid.h set_ugid.h sigdelay.h sock_addr.h 
spawn_command.h split_at.h stat_as.h stringops.h sys_defs.h 
timed_connect.h timed_wait.h trigger.h username.h valid_hostname.h 
vbuf.h vbuf_print.h vstream.h vstring.h vstring_vstream.h watchdog.h 
format_tv.h load_file.h killme_after.h edit_file.h dict_cache.h 
dict_thash.h ip_match.h nbbio.h base32_code.h dict_fail.h warn_stat.h; \

do \
  cmp -s $i ../../include/$i 2>/dev/null || cp $i ../../include; \
done
cd ../../include; chmod 644 argv.h attr.h attr_clnt.h auto_clnt.h 
base64_code.h binhash.h chroot_uid.h cidr_match.h clean_env.h 
connect.h ctable.h dict.h dict_cdb.h dict_cidr.h dict_db.h dict_dbm.h 
dict_env.h dict_ht.h dict_ni.h dict_nis.h dict_nisplus.h dict_pcre.h 
dict_regexp.h dict_sdbm.h dict_static.h dict_tcp.h dict_unix.h 
dir_forest.h events.h exec_command.h find_inet.h fsspace.h fullname.h 
get_domainname.h get_hostname.h hex_code.h hex_quote.h host_port.h 
htable.h inet_addr_host.h inet_addr_list.h inet_addr_local.h 
inet_proto.h iostuff.h line_wrap.h listen.h lstat_as.h mac_expand.h 
mac_parse.h make_dirs.h mask_addr.h match_list.h msg.h msg_output.h 
msg_syslog.h msg_vstream.h mvect.h myaddrinfo.h myflock.h mymalloc.h 
myrand.h name_code.h name_mask.h netstring.h nvtable.h open_as.h 
open_lock.h percentm.h posix_signals.h readlline.h ring.h safe.h 
safe_open.h sane_accept.h sane_connect.h sane_fsops.h 
sane_socketpair.h sane_time.h scan_dir.h set_eugid.h set_ugid.h 
sigdelay.h sock_addr.h spawn_command.h split_at.h stat_as.h 
stringops.h sys_defs.h timed_connect.h timed_wait.h trigger.h 
username.h valid_hostname.h vbuf.h vbuf_print.h vstream.h vstring.h 
vstring_vstream.h watchdog.h format_tv.h load_file.h killme_after.h 
edit_file.h dict_cache.h dict_thash.h ip_match.h nbbio.h base32_code.h 
dict_fail.h warn_stat.h

[src/global]
gcc -Wmissing-prototypes -Wformat -DHAS_MYSQL 
-I/usr/local/mysql/include -g -O -I. -I../../include -DLINUX2 -c 
dict_mysql.c

dict_mysql.c:169:19: error: mysql.h: No such file or directory
dict_mysql.c:199: error: expected specifier-qualifier-list before ‘MYSQL’
dict_mysql.c:245: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or 
‘__attribute__’ before ‘*’ token

dict_mysql.c: In function ‘dict_mysql_lookup’:
dict_mysql.c:290: error: ‘MYSQL_RES’ undeclared (first use in this 
function)

dict_mysql.c:290: error: (Each undeclared identifier is reported only once
dict_mysql.c:290: error: for each function it appears in.)
dict_mysql.c:290: error: ‘query_res’ undeclared (first use in this 
function)
dict_mysql.c:291: error: ‘MYSQL_ROW’ undeclared (first use in this 
function)

dict_mysql.c:291: error: expected ‘;’ before ‘row’
dict_mysql.c:369: error: ‘row’ undeclared (first use in this function)
dict_mysql.c: In function ‘dict_mysql_check_stat’:
dict_mysql.c:392: error: ‘HOST’

Re: Bulk Mailing Performance

[Joe]

On 06/12/2013 12:17 PM, fletch wrote:

The postfix performance claims made via this thread are far-fetched to say
the least.  Most postfix users will only see outbound throughput in the
range of ~250,000/hour per instance in a production setting.  Yet, people on
here are claiming 10 million/hour?  I guess that would be possible if a
sender were to run, say, 40 postfix instances which would be a complete
management nightmare of course.

Obviously, vendors like Port25 (company behind PowerMTA) and GreenArrow
would not be able to make any sales if the benefits of commercial software
products v. open source were not substantial.



In our experience, postfix can blast out messages at rates which are 
orders of magnitude faster than the other end is willing to receive it. 
The "substantial benefits" you speak of are mainly along the lines of 
easier management tools and integration of same with various other email 
related components in one convenient interface.


Joe

Re: Mail server, what else?

[Joe]

On 07/13/2013 02:35 PM, Peter wrote:

On 07/13/2013 11:15 AM, J Gao wrote:
http://vault.centos.org/6.4/os/Source/SPackages/postfix-2.6.6-2.2.el6_1.src.rpm 



And patched with quota patch.


That's brilliant, now you can't get support for it anywhere.

You don't need to patch postfix to get quotas, dovecot 2 has a policy 
daemon that plugs right into postfix for that now.


Seriously, go to Dovecot and get a newer version of postfix.  It is 
well worth it just to get postscreen support (which requires version 
2.8 or higher), and you really don't need to be patching it.


Fairly current postfix packages for RHEL are available from several 
sources - we've been using postfix 2.8.8 on RHEL 6 here.


Joe

Re: Monitoring

[Joe]

+1 for mailgraph and queuegraph!

Joe

On 07/17/2013 05:23 AM, José Luís Faria wrote:

I'm using

http://mailgraph.schweikert.ch/


Em 17-07-2013 13:14, Roman Gelfand escreveu:

Is there open source web based postfix server monitoring software?

I am looking to see if there is something to monitor queue size, etc...

Thanks in advance

Re: gmail relay and certificates on Fedora 10

[Joe Sloan]

What values does postconf show for the following parameters?

smtp_tls_CAfile
smtpd_tls_CAfile

?

Joe

sean darcy wrote:

sean darcy wrote:

J Sloan wrote:

Sounds like fedora's missing a ca-bundle.crt...

Joe

sean darcy wrote:

I followed the instructions on
http://www.wormly.com/blog/2008/11/05/relay-gmail-google-smtp-postfix/
to create your own certificate to use with google.

main.cf:
..
## this to use certificate I created:
##  www.wormly.com/blog/2008/11/05/relay-gmail-google-smtp-postfix/
relayhost = [smtp.gmail.com]:587
smtp_connection_cache_destinations = smtp.gmail.com
relay_destination_concurrency_limit = 1
default_destination_concurrency_limit = 5
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtp_tls_scert_verifydepth = 5
smtp_tls_key_file=/etc/postfix/postfixclient.key
smtp_tls_cert_file=/etc/postfix/postfixclient.pem
smtp_tls_enforce_peername = no
smtpd_tls_req_ccert =no
smtpd_tls_ask_ccert = yes
soft_bounce = yes

I get this  error:

Feb  4 17:01:52 asterisk postfix/smtp[17447]: certificate verification
failed fo
r smtp.gmail.com[74.125.47.111]:587: untrusted issuer /C=ZA/ST=Western
Cape/L=Ca
pe Town/O=Thawte Consulting cc/OU=Certification Services
Division/CN=Thawte Prem
ium Server CA/emailaddress=premium-ser...@thawte.com

The error message is weird since it refers to thawte.com.

/etc/postfix/postfixclient.pem:

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=us, ST=new york, O=n/a, OU=section,
CN=seandarcy/emailaddress=seanda...@gmail.com
Validity
Not Before: Feb  4 21:40:25 2009 GMT
Not After : Feb  4 21:40:25 2010 GMT
Subject: C=us, ST=new york, O=n/a, OU=section,
CN=seandarcy/emailaddress=seanda...@gmail.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
...

So I should be the issuer. Or is referring to the issuer of its
certificate?

In any event, anyone else have this working?

sean






I can get the thawte cert, but what do I do with it?

sean


In fact the thawte certificate is already in Fedora 10 
/etc/pki/tls/cert.pem:


.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte 
Consulting cc, OU=Certification Services Division, CN=Thawte Premium 
Server

CA/emailaddress=premium-ser...@thawte.com
Validity
Not Before: Aug  1 00:00:00 1996 GMT
Not After : Dec 31 23:59:59 2020 GMT
Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte 
Consulting cc, OU=Certification Services Division, CN=Thawte Premium 
Server

 CA/emailaddress=premium-ser...@thawte.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):


Any suggestions appreciated.

sean

ACL for outbound email

[Joe Benson]

Does anyone know how to configure Postfix to only allow outgoing email 
to a set list of email addresses? I would like to have anything going 
out to an unlisted address to go to a local mailbox.


Thanks
Joe

Re: relay_based_on_MX

[Joe Postfix]

Can you explain how this feature could be enabled?
One of our the services we offer our customers allows them to create as many
domains as they like (on various DNS's), and we have a catchall mailbox that
grabs any emails sent to those domains.

Of course you are correct most of the content on there is spam (at times,
over %90), but certain campaigns will have our customers sifting through
those mountains of spam for accountability purposes, etc.

On Mon, Feb 18, 2008 at 3:34 PM, Wietse Venema  wrote:

> Joe Postfix:
> > Does anyone know if postfix supports a feature equivalent to
> > relay_based_on_MX in sendmail?
>
> Yes.
>
> However such features must not be used because they accept mail
> for non-existent recipients, and therefore 1) they fill the Postfix
> queue with non-deliverable MAILER-DAEMON messages, and 2) the
> MAILER-DAEMON messages that can be delivered will bother innocent
> people about mail that they did not send.
>
>Wietse
>

Re: Newbie configuration/installation question

[Joe Sloan]

I would try testing just smtp delivery and make sure that is working, 
before adding the extra layer of complexity. Right now it's not clear 
whether the message is being rejected by postfix, or postfix is 
misconfigured, or rails is misconfigured.


A peek at the relevant sections, if any, in /var/log/mail.log would be 
helpful -


Joe

Tashfeen Ekram wrote:
I installed it with apt-get install postfix and then choose "Internet Site" during the configuration. 
i have configured rails to use smtp.

config.action_mailer.smtp_settings = {
  :address=> 'localhost',
  :port   => 25,
  :domain => 'www.example.com',
}

here is the trace i get:

Timeout::Error (execution expired):
  /usr/lib/ruby/1.8/timeout.rb:60:in `open'
  /usr/lib/ruby/1.8/net/smtp.rb:551:in `do_start'
  /usr/lib/ruby/1.8/net/smtp.rb:551:in `do_start'
  /usr/lib/ruby/1.8/net/smtp.rb:525:in `start'
  app/controllers/user/dashboard_controller.rb:13:in `index'

Rendered rescues/_trace (82.7ms)
Rendered rescues/_request_and_response (0.7ms)
Rendering rescues/layout (internal_server_error)




- Original Message 
From: J Sloan 
To: postfix-users@postfix.org
Sent: Monday, April 13, 2009 5:45:40 PM
Subject: Re: Newbie configuration/installation question

Tashfeen Ekram wrote:
  

I have installed Postfix on Ubuntu to use to only send emails for my
rails application. My rails application is not able to connect to it.
Could this be because sendmail is listeneing at port 20?
also, what configuration would suit me best if I only want to send
emails ant not receive. This is onyl for testing purposes on my own
laptop.




Just to eliminate a lot of guesswork: when you say you "installed
postfix" did you do something like "apt-get install postfix" or click on
postfix to install via synaptic, or did you download a tarball from the
internet and build it yourself?

How is rails configured to send the mail - with the sendmail command, or
via an smtp connection to the local host?

Joe



  

  

Re: Postfix Setup

[Joe Sloan]

Jonathan McMahon wrote:
I'm 100% completely new to Postfix, somewhat new to *nix. 


My general feedback:

1. I find Postfix to be somewhat difficult, and the "google search" documentation for my specific setup is fragmented and incomplete at best. I did expect this given the number of possible system permutations. 


2. I'm convinced that the postfix.org information is complete and accurate, but 
it is nearly indecipherable for the truly new user.

3. I realized that the best solution was to sign up for this mailing list and 
politely ask for some help, while at the same time educating myself as much as 
possible via books/internet resources.
  



It's probably not realistic to expect a mailing list, geared to 
answering specific questions, to provide remedial lessons or exhaustive 
step by step instructions. When you get to the point where you have some 
specific questions, the folks here are more than willing to provide answers.


So, the best advice I can give you for now is to obtain and read "The 
Book of Postfix" by Ralph Hildebrandt et al, published by  no starch 
press and available at amazon.com and other outlets.


Joe

LDAP BCC Rules

[Joe Postfix]

Hi, we're trying to setup our Postfix relays to BCC emails to/from specific
users (members of an LDAP group - A/D actually) to a mailbox that logs their
correspondence. I wasnt able to find any mention of this in the online
documentation anywhere - does anyone know of a way to implement something
like this?

We have this setup currently so that the backend M$ Exchange does this for
us, but would love to offload this functionality from there.

Thanks

Re: LDAP BCC Rules

[Joe Postfix]

Thanks!
BTW this link for LDAP lookups works better for me:
http://www.postfix.org/LDAP_README.html#config


On Fri, Jan 15, 2010 at 3:53 PM, Wietse Venema  wrote:

> Joe Postfix:
> > Hi, we're trying to setup our Postfix relays to BCC emails to/from
> specific
> > users (members of an LDAP group - A/D actually) to a mailbox that logs
> their
> > correspondence. I wasnt able to find any mention of this in the online
> > documentation anywhere - does anyone know of a way to implement something
> > like this?
>
> Adding recipients:
> http://www.postfix.org/postconf.5.html#always_bcc
> http://www.postfix.org/postconf.5.html#sender_bcc_maps
> http://www.postfix.org/postconf.5.html#recipient_bcc_maps
> http://www.postfix.org/postconf.5.html#virtual_alias_maps
>
> LDAP lookups:
> http://www.postfix.org/ldap_table.html
>
>Wietse
>
> > We have this setup currently so that the backend M$ Exchange does this
> for
> > us, but would love to offload this functionality from there.
> >
> > Thanks
>
>

a separate instance for handle bounce only

[Joe Wong]

Hello,

  I am looking for a way to configure a 2nd postfix instance for
handle mail bounce only. Is it possible?

- Joe

a separate instance for handle bounce only

[Joe Wong]

Hello,

I am looking for a way to configure a 2nd postfix instance for handle
mail bounce only. Is it possible?

- Joe

Re: a separate instance for handle bounce only

[Joe Wong]

Yes, on the same machine.

The reason I want to do this is I have sender_dependent_relay_host map
defined, it didn't work with null email sender "<>".  I want to
forward all by bounce to another host for some processing first, so
have the idea of creating this 'bounce' postfix instance. Any thought?

- Joe


On Sun, Jul 11, 2010 at 9:56 PM, Ralf Hildebrandt
 wrote:
> * Joe Wong :
>> Hello,
>>
>>   I am looking for a way to configure a 2nd postfix instance for
>> handle mail bounce only. Is it possible?
>
> 2nd instance on the same machine?
>
> --
> Ralf Hildebrandt
>  Geschäftsbereich IT | Abteilung Netzwerk
>  Charité - Universitätsmedizin Berlin
>  Campus Benjamin Franklin
>  Hindenburgdamm 30 | D-12203 Berlin
>  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
>  ralf.hildebra...@charite.de | http://www.charite.de
>
>

Re: a separate instance for handle bounce only

[Joe Wong]

typo in my last email, it has nothing to do with the
sender_dependent_relay_host_map..


On Sun, Jul 11, 2010 at 10:00 PM, Joe Wong  wrote:
> Yes, on the same machine.
>
> The reason I want to do this is I have sender_dependent_relay_host map
> defined, it didn't work with null email sender "<>".  I want to
> forward all by bounce to another host for some processing first, so
> have the idea of creating this 'bounce' postfix instance. Any thought?
>
> - Joe
>
>
> On Sun, Jul 11, 2010 at 9:56 PM, Ralf Hildebrandt
>  wrote:
>> * Joe Wong :
>>> Hello,
>>>
>>>   I am looking for a way to configure a 2nd postfix instance for
>>> handle mail bounce only. Is it possible?
>>
>> 2nd instance on the same machine?
>>
>> --
>> Ralf Hildebrandt
>>  Geschäftsbereich IT | Abteilung Netzwerk
>>  Charité - Universitätsmedizin Berlin
>>  Campus Benjamin Franklin
>>  Hindenburgdamm 30 | D-12203 Berlin
>>  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
>>  ralf.hildebra...@charite.de | http://www.charite.de
>>
>>
>

Re: a separate instance for handle bounce only

[Joe Wong]

but I want to preserve "<>" as envelope sender for bounce message, doable?

On Sun, Jul 11, 2010 at 10:06 PM, Ralf Hildebrandt
 wrote:
> * Joe Wong :
>> Yes, on the same machine.
>>
>> The reason I want to do this is I have sender_dependent_relay_host map
>> defined, it didn't work with null email sender "<>".  I want to
>> forward all by bounce to another host for some processing first, so
>> have the idea of creating this 'bounce' postfix instance. Any thought?
>
> Simply set the envelope sender to a domain/hostname which ends up on
> the other host.
>
> That's it.
>
> --
> Ralf Hildebrandt
>  Geschäftsbereich IT | Abteilung Netzwerk
>  Charité - Universitätsmedizin Berlin
>  Campus Benjamin Franklin
>  Hindenburgdamm 30 | D-12203 Berlin
>  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
>  ralf.hildebra...@charite.de | http://www.charite.de
>
>

what is the quickest way to bounce all message in the defer queue?

[Joe Wong]

Hello,

For some good reason, I want to have a way to bounce all message in deferred
queue. Is there a command(s) to do so?

many thanks,

- joe

restrict user from sending / receiving email to / from allowed domains only

[Joe Wong]

I am looking to into configure postfix with the captioned feature, does
anyone has a pointer for me to follow?

many thanks,

- joe

Re: restrict user from sending / receiving email to / from allowed domains only

[Joe Wong]

Hi Noel,

 Thanks for the info. According to the doc, it only works if the mail is
submitted via SMTP, does it have similar option if the mail is injected to
the queue by sendmail interface?

- Joe


On Thu, Aug 5, 2010 at 11:06 PM, Noel Jones  wrote:

> On 8/5/2010 5:10 AM, Joe Wong wrote:
>
>> I am looking to into configure postfix with the captioned
>> feature, does anyone has a pointer for me to follow?
>>
>> many thanks,
>>
>> - joe
>>
>>
> Here's the basic outline.  Adjust for your purposes.
> http://www.postfix.org/RESTRICTION_CLASS_README.html#external
>
>
>  -- Noel Jones
>

Re: restrict user from sending / receiving email to / from allowed domains only

[Joe Wong]

there is reason I can't change the message submission via SMTP. In this
case, do you have any suggestion? I am thinking of using Milter, does it
work with sendmail interface?

- Joe


On Mon, Aug 9, 2010 at 11:01 PM, Noel Jones  wrote:

> On Thu, Aug 5, 2010 at 11:06 PM, Noel Jones
>> mailto:njo...@megan.vbhcs.org>> wrote:
>>
>>On 8/5/2010 5:10 AM, Joe Wong wrote:
>>
>>I am looking to into configure postfix with the captioned
>>feature, does anyone has a pointer for me to follow?
>>
>>many thanks,
>>
>>- joe
>>
>>
>>Here's the basic outline.  Adjust for your purposes.
>>http://www.postfix.org/RESTRICTION_CLASS_README.html#external
>>
>>
>>  -- Noel Jones
>>
>>
>>
>
> On 8/9/2010 9:34 AM, Joe Wong wrote:
> > Hi Noel,
> >
> >   Thanks for the info. According to the doc, it only works if
> > the mail is submitted via SMTP, does it have similar option if
> > the mail is injected to the queue by sendmail interface?
> >
> > - Joe
> >
> >
>
>
> Postfix smtpd_*_restrictions are only effective for mail submitted via
> SMTP.
>
> Adjust your application to submit via SMTP.
>
>  -- Noel Jones
>

is there a way to tell postfix not to perform reverse lookup on the received header?

[Joe Wong]

Hello,


Postfix write the Received header like this:


Received: from HELO.HOSTNAME (*HOSTNAME_OF_CONNECTING_IP* [CONNECTING_IP])
 by HOSTNAME_OF_POSTFIX (Postfix) with SMTP id 0ABBCCDDEE
 for >; Wed,  1 Nov 2010
00:00:00 + (GMT)

is there a way to tell postfix not to write the HOSTNAME_OF_CONNECTING_IP,
or disable the reverse DNS lookup so that is always 'unknown' ?

Best regards,

- Joe

Re: is there a way to tell postfix not to perform reverse lookup on the received header?

[Joe Wong]

Thanks Viktor. I miss this one when reading the man page.. :)


On Fri, Nov 5, 2010 at 12:42 AM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:

> On Fri, Nov 05, 2010 at 12:25:21AM +0800, Joe Wong wrote:
>
> > is there a way to tell postfix not to write the
> HOSTNAME_OF_CONNECTING_IP,
> > or disable the reverse DNS lookup so that is always 'unknown' ?
>
> http://www.postfix.org/postconf.5.html#smtpd_peername_lookup
>
> --
>Viktor.
>

do not bounce a message if it contain certain header in the message

[Joe Wong]

Hello,

 I would like to know if there is possible to configure postfix not to
bounce a message if it contain certain header in the message? I tried adding
-o header_checks option to the bounce process in master.cf, does not seems
picking up my header check pcre config.

Regards,

- joe

Re: do not bounce a message if it contain certain header in the message

[Joe Wong]

Hi if that header only presents in the original message but no the BOUNCE
message itself, should be ok? But in this case I am checking that header in
the BOUNCE MESSAGE mail body?

- Joe


On Thu, Jan 20, 2011 at 4:59 PM, Ralf Hildebrandt <
ralf.hildebra...@charite.de> wrote:

> * Joe Wong :
> > Hello,
> >
> >  I would like to know if there is possible to configure postfix not to
> > bounce a message if it contain certain header in the message? I tried
> adding
> > -o header_checks option to the bounce process in master.cf, does not
> seems
> > picking up my header check pcre config.
>
> You'd have to subject the bounces to the internal filtering:
> internal_mail_filter_classes
>
> BUT: In that case the BOUNCE MESSAGE will be subject to filtering -
> meaning it's not clear if the header is in the original mail OR in the
> attached mail (in the bounce).
>
> So I'd say it's not possible.
>
> --
> Ralf Hildebrandt
>  Geschäftsbereich IT | Abteilung Netzwerk
>  Charité - Universitätsmedizin Berlin
>  Campus Benjamin Franklin
>  Hindenburgdamm 30 | D-12203 Berlin
>  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
>  ralf.hildebra...@charite.de | http://www.charite.de
>
>

Re: do not bounce a message if it contain certain header in the message

[Joe Wong]

shortly, I don't want to bounce the message if it was tagged as spam by
SpamAssassian. So, I was looking for a way not to bounce if X-SPAM-Flag: yes
in found in the message. any thought?

thanks,

- Joe


On Thu, Jan 20, 2011 at 8:33 PM, /dev/rob0  wrote:

> On Thu, Jan 20, 2011 at 04:50:30PM +0800, Joe Wong wrote:
> > I would like to know if there is possible to configure postfix not
> > to bounce a message if it contain certain header in the message? I
> > tried adding -o header_checks option to the bounce process in
> > master.cf, does not seems picking up my header check pcre config.
>
> Perhaps if you told us the real-world problem you're trying to solve,
> you could get suggestions on better ways to do it.
>
> header_checks is not a valid option for the bounce(8) daemon, so no,
> that will not work.
> --
>Offlist mail to this address is discarded unless
>"/dev/rob0" or "not-spam" is in Subject: header
>

Re: Best combinations

[Joe Sloan]

The Doctor wrote:

What is the best internediary for

postfix
ClamAV
Spamassassin
tnef and
Blacklisting phishers

  


I like maia mailguard - http://maiamailguard.com/maia/wiki

It's based on amavisd-new, spamassassin, clamav, apache and mysql. We 
use maia for 15k users at a large company near Los Angeles, along with 
postfix rbls, sanity checks and policyd.


Joe

Re: Best combinations

[Joe Sloan]

The Doctor wrote:

On Sun, Jun 21, 2009 at 01:53:29PM -0700, Joe Sloan wrote:
  

The Doctor wrote:


What is the best internediary for

postfix
ClamAV
Spamassassin
tnef and
Blacklisting phishers

  
  

I like maia mailguard - http://maiamailguard.com/maia/wiki

It's based on amavisd-new, spamassassin, clamav, apache and mysql. We use 
maia for 15k users at a large company near Los Angeles, along with postfix 
rbls, sanity checks and policyd.


Joe




That you.  I should say RDBMS independent.
  


While it's not totally RDBMS independent - for instance I don't think ms 
sql is supported - it is possible to run mailguard on other DBs. I know 
of some mailguard sites running on PostgreSQL.


Joe

Re: Postfix Logfile

[Joe Sloan]

Schwalbe, Oliver wrote:

Hi there,
 
 
i have a little problem to change time of logswitch for the 
postfix-logfile mail in /var/log/.
the logswitch yet is every day at 11:00 am. The switch should take 
place at midnight. 
i can't find any parameter in main.cf or master.cf


This is not a function of postfix, but of the OS - what OS are you 
running exactly?


Joe

Re: No 220 to some addresses

[Joe Sloan]

Jeff Stampes wrote:

I just run a small server, mainly as a hobby, which I also use to provide
email service for my immediate family members.  I have it all working
fine, except for one odd problem.

While I'm able to read my email globally, I find from my inlaws house I
cannot send any email.  All I've found so far is I never receive a 220
message from the server:

 $ telnet tigger.net 25
 Trying 198.59.16.20...
 Connected to tigger.net.
 Escape character is '^]'.
 Connection closed by foreign host.

This isn't an issue from any other location I've tried over several years.
 I tried disabling iptables on the server, and the problem persists,
suggesting I might be able to rule that out as part of the problem.

Thoughts on where I should start?
  


postconf -n from each of the hosts involved would be helpful if available.

Given the behavior shown in your sample telnet session, and fact that I 
can connect to the same host immediately with no problem (as shown 
below) it would seem that the remote smtp server is rejecting your IP, 
since the connection is closed by the other end before you can even say 
ehlo.


j...@matisyahu:~$ telnet tigger.net 25
Trying 198.59.16.20...
Connected to tigger.net.
Escape character is '^]'.
220 mail.tigger.net ESMTP Postfix
quit
221 Bye
Connection closed by foreign host.
j...@matisyahu:~$

Joe

sender dependent transport map

[Joe Wong]

Hello,

  I found that if the mail relay defined in sender dependent transport map
is temporary unreachable during first mail delivery attempt, the 2nd mail
delivery is using relayhost setting defined in main.cf. Is this expected?

- Joe

Re: sender dependent transport map

[Joe Wong]

Hi Jeroen,

 Sorry, I meant this setting

sender_dependent_relayhost_maps

when the delivery failed in the first attempt, the mail is sent through the
host defined

relayhos

in main.cf

in the second time.

- Joe

On Sat, May 28, 2011 at 5:50 PM, Jeroen Geilman  wrote:

>  On 05/28/2011 11:45 AM, Joe Wong wrote:
>
> Hello,
>
>   I found that if the mail relay defined in sender dependent transport map
>
>
> That doesn't exist; do you mean sender_dependent_default_transport_maps, or
> sender_dependent_relayhost_maps ?
> They behave differently.
>
>
>  is temporary unreachable during first mail delivery attempt, the 2nd mail
> delivery is using relayhost setting defined in main.cf. Is this expected?
>
> You say "transport" but refer to a relayhost. Which is it ?
>
> Provide configuration and relevant logs as requested in
> http://www.postfix.org/DEBUG_README.html#mail
>
> --
> J.
>
>

reject email sending to certain MX

[Joe Wong]

Hello,

 is it possible to configure postfix not to send email with recipient
domains to certain MX host?

- Joe

Re: reject email sending to certain MX

[Joe Wong]

Hi,

  I tried, it works but not the way I would like to implement. Say sender
sent a email to 3 recipients, one of them hit the rule. What I want is
sender will not get any bounce but the offending recipient will simply
dropped, while the other 2 will still get the email. Is this possible?

- Joe

On Thu, Dec 15, 2011 at 9:37 PM, Noel Jones  wrote:

> On 12/15/2011 5:44 AM, Joe Wong wrote:
> > Hello,
> >
> >  is it possible to configure postfix not to send email with
> > recipient domains to certain MX host?
> >
> > - Joe
> >
>
>
> http://www.postfix.org/postconf.5.html#check_recipient_mx_access
>
>
>
>

selecting outbound IP

[Joe Wong]

Hello,

 Say my MTA has multiple IP addresses on it. Is there a way to
configure Postfix (outbound) to use IP 1 when matching condition A and
IP2 if matching condition B and IP3 and none of the conditions are
matched?

Thanks,

- joe

Re: selecting outbound IP

[Joe Wong]

Thanks for the reference. How could this be used with some condition?
I am looking for binding sender domain A with IP 1 and domain B go
through IP 2, go to IP3 otherwise.

- Joe

On Tue, Feb 7, 2012 at 8:00 PM, Wietse Venema  wrote:
> Reindl Harald:
>> Am 07.02.2012 09:53, schrieb Joe Wong:
>> > Hello,
>> >
>> >  Say my MTA has multiple IP addresses on it. Is there a way to
>> > configure Postfix (outbound) to use IP 1 when matching condition A and
>> > IP2 if matching condition B and IP3 and none of the conditions are
>> > matched?
>>
>> you can define "smtp_bind_address" for each outgoing process
>> defined in "master.cf"
>>
>> cat /etc/postfix/master.cf | grep smtp_bind
>> smtp            unix  -       -       n       -      50       smtp -o 
>> smtp_bind_address=10.0.0.6 -o max_idle=300 -o
>> max_use=500
>> relay           unix  -       -       n       -       -       smtp -o 
>> smtp_bind_address=10.0.0.6 -o max_idle=300 -o
>> max_use=500 -o smtp_fallback_relay=
>
> If you do this on a firewall, then be sure to read the Postfix
> manpage for smtp_bind_address and inet_interfaces, to avoid
> some common pitfalls with routing.
>
> http://www.postfix.org/postconf.5.html#smtp_bind_address
> http://www.postfix.org/postconf.5.html#inet_interfaces
>
>        Wietse

Re: selecting outbound IP

[Joe Wong]

Thanks Reindl.

On Tue, Feb 7, 2012 at 10:33 PM, Reindl Harald  wrote:
> http://www.postfix.org/MULTI_INSTANCE_README.html
> but never used because no need
>
> "smtp_bind_address" is here only in use to make sure
> that outgoing mail is using the ip matching SPF
>
> Am 07.02.2012 15:19, schrieb Joe Wong:
>> Thanks for the reference. How could this be used with some condition?
>> I am looking for binding sender domain A with IP 1 and domain B go
>> through IP 2, go to IP3 otherwise.
>>
>> - Joe
>>
>> On Tue, Feb 7, 2012 at 8:00 PM, Wietse Venema  wrote:
>>> Reindl Harald:
>>>> Am 07.02.2012 09:53, schrieb Joe Wong:
>>>>> Hello,
>>>>>
>>>>>  Say my MTA has multiple IP addresses on it. Is there a way to
>>>>> configure Postfix (outbound) to use IP 1 when matching condition A and
>>>>> IP2 if matching condition B and IP3 and none of the conditions are
>>>>> matched?
>>>>
>>>> you can define "smtp_bind_address" for each outgoing process
>>>> defined in "master.cf"
>>>>
>>>> cat /etc/postfix/master.cf | grep smtp_bind
>>>> smtp            unix  -       -       n       -      50       smtp -o 
>>>> smtp_bind_address=10.0.0.6 -o max_idle=300 -o
>>>> max_use=500
>>>> relay           unix  -       -       n       -       -       smtp -o 
>>>> smtp_bind_address=10.0.0.6 -o max_idle=300 -o
>>>> max_use=500 -o smtp_fallback_relay=
>>>
>>> If you do this on a firewall, then be sure to read the Postfix
>>> manpage for smtp_bind_address and inet_interfaces, to avoid
>>> some common pitfalls with routing.
>>>
>>> http://www.postfix.org/postconf.5.html#smtp_bind_address
>>> http://www.postfix.org/postconf.5.html#inet_interfaces
>>>
>>>        Wietse
>
> --
>
> Mit besten Grüßen, Reindl Harald
> the lounge interactive design GmbH
> A-1060 Vienna, Hofmühlgasse 17
> CTO / software-development / cms-solutions
> p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
> icq: 154546673, http://www.thelounge.net/
>
> http://www.thelounge.net/signature.asc.what.htm
>

Re: selecting outbound IP

[Joe Wong]

I read the details of the multiple instance support but it's not clear
to me how I can use it to achieve my goal. Do anyone have similar
setup and share your configuration here?

Many Thanks,

- Joe


On Tue, Feb 7, 2012 at 11:01 PM, Joe Wong  wrote:
> Thanks Reindl.
>
> On Tue, Feb 7, 2012 at 10:33 PM, Reindl Harald  wrote:
>> http://www.postfix.org/MULTI_INSTANCE_README.html
>> but never used because no need
>>
>> "smtp_bind_address" is here only in use to make sure
>> that outgoing mail is using the ip matching SPF
>>
>> Am 07.02.2012 15:19, schrieb Joe Wong:
>>> Thanks for the reference. How could this be used with some condition?
>>> I am looking for binding sender domain A with IP 1 and domain B go
>>> through IP 2, go to IP3 otherwise.
>>>
>>> - Joe
>>>
>>> On Tue, Feb 7, 2012 at 8:00 PM, Wietse Venema  wrote:
>>>> Reindl Harald:
>>>>> Am 07.02.2012 09:53, schrieb Joe Wong:
>>>>>> Hello,
>>>>>>
>>>>>>  Say my MTA has multiple IP addresses on it. Is there a way to
>>>>>> configure Postfix (outbound) to use IP 1 when matching condition A and
>>>>>> IP2 if matching condition B and IP3 and none of the conditions are
>>>>>> matched?
>>>>>
>>>>> you can define "smtp_bind_address" for each outgoing process
>>>>> defined in "master.cf"
>>>>>
>>>>> cat /etc/postfix/master.cf | grep smtp_bind
>>>>> smtp            unix  -       -       n       -      50       smtp -o 
>>>>> smtp_bind_address=10.0.0.6 -o max_idle=300 -o
>>>>> max_use=500
>>>>> relay           unix  -       -       n       -       -       smtp -o 
>>>>> smtp_bind_address=10.0.0.6 -o max_idle=300 -o
>>>>> max_use=500 -o smtp_fallback_relay=
>>>>
>>>> If you do this on a firewall, then be sure to read the Postfix
>>>> manpage for smtp_bind_address and inet_interfaces, to avoid
>>>> some common pitfalls with routing.
>>>>
>>>> http://www.postfix.org/postconf.5.html#smtp_bind_address
>>>> http://www.postfix.org/postconf.5.html#inet_interfaces
>>>>
>>>>        Wietse
>>
>> --
>>
>> Mit besten Grüßen, Reindl Harald
>> the lounge interactive design GmbH
>> A-1060 Vienna, Hofmühlgasse 17
>> CTO / software-development / cms-solutions
>> p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
>> icq: 154546673, http://www.thelounge.net/
>>
>> http://www.thelounge.net/signature.asc.what.htm
>>

Re: selecting outbound IP

[Joe Wong]

Hello Andy,

 Sorry I should state the details initially. I am hosting multiple domains say

joe.com
jay.net
some other domains

I would like to route email sent from user in joe.com through IP
address 1, user in jay.net via IP address 2, the rest go through IP
address 3.

after looking into the multiple instance support, I am not sure how
this will work with my setup. Appreciated your opinion here.

Best regards,

- Joe


On Thu, Feb 9, 2012 at 1:43 AM, Andrew Beverley  wrote:
> On Wed, 2012-02-08 at 16:46 +0800, Joe Wong wrote:
>> I read the details of the multiple instance support but it's not clear
>> to me how I can use it to achieve my goal. Do anyone have similar
>> setup and share your configuration here?
>
> Please don't top post.
>
> You'll have to give some more details as to what "condition A" and
> "condition B" are that define which outgoing IP address should be used.
>
> Andy
>
>

Re: selecting outbound IP

[Joe Wong]

Hello Noel,

The IP I mentioned was not the remote IP, but the IP address in the
oubound MTA machine.

- Joe


On Thu, Feb 9, 2012 at 10:27 AM, Noel Jones  wrote:
> On 2/8/2012 7:21 PM, Joe Wong wrote:
>> Hello Andy,
>>
>>  Sorry I should state the details initially. I am hosting multiple domains 
>> say
>>
>> joe.com
>> jay.net
>> some other domains
>>
>> I would like to route email sent from user in joe.com through IP
>> address 1, user in jay.net via IP address 2, the rest go through IP
>> address 3.
>
>
> The sender_dependent_default_transport_maps feature is intended
> exactly for this.  See:
> http://www.postfix.org/postconf.5.html#sender_dependent_default_transport_maps
> and the mail list archives.
>
>
>
>
>  -- Noel Jones

Re: selecting outbound IP

[Joe Wong]

On Thu, Feb 9, 2012 at 11:41 AM, Noel Jones  wrote:
> On 2/8/2012 9:24 PM, Joe Wong wrote:
>> Hello Noel,
>>
>> The IP I mentioned was not the remote IP, but the IP address in the
>> oubound MTA machine.
>>
>> - Joe
>
>
> [please don't top post]
>
> Indeed.  Use sender_dependent_default_transport_maps to select a
> transport defined in master.cf that is bound to a specific IP with
> "... -o smtp_bind_address=0.1.2.3"
>
> a brief example (you can find other examples in the archives):
>
>
> # master.cf
> #(these are copies of the smtp...smtp default transport)
> out_joe      unix  -       -       n       -       -       smtp
>   -o smtp_bind_address=192.0.1.10
>
> out_bob      unix  -       -       n       -       -       smtp
>   -o smtp_bind_address=192.0.1.20
>
>
> # main.cf
> sender_dependent_default_transport_maps =
>   hash:/etc/postfix/sender_transport
>
>
> # sender_transport
> @joe.example.com   out_joe:
> @bob.example.com   out_bob:
>
>
>
>
>
>  -- Noel Jones

Thanks Noel. That means it does not need the multiple instance support at all.

And sorry for the top-post :)

- Joe

Re: SMTP Authentication

[Joe Wong]

Sent from my iPad

On 26 Mar, 2012, at 4:29, Patrick Ben Koetter  wrote:

> * KingT :
>> I have just read SMTP Authentication and known have much type of it. Such as
>> mail Submission, Extended SMTP,  SASL.
>> 
>> And I want to setup an SMTP AUTH on my mail server. Which type I should
>> choose to implement ?
> 
> If you plan to use Dovecot, use Dovecot SASL to configure Submission on
> Postfix.
> 
> If you don't plan to use Dovecot, use Cyrus SASL to configure Submission on
> Postfix.
> 
> p@rick
> 
> -- 
> All technical questions asked privately will be automatically answered on the
> list and archived for public access unless privacy is explicitely required and
> justified.
> 
> saslfinger (debugging SMTP AUTH):
> 

how to tell postfix not to bounce when A: host not found?

[Joe Wong]

Is there a config to tell posfix , to retry a email under A: host not found
condition?

May 23 15:59:22 mysmtp postfix/smtp[7507]: 92B8BCC3DE: to=<
t...@nosuchdomain.com>, relay=none, delay=0.01, delays=0.01/0/0/0,
dsn=5.4.4, status=bounced (Host or domain name not found. Name service
error for name=nosuchdomain.com type=A: Host not found)

- Joe

Re: how to tell postfix not to bounce when A: host not found?

[Joe Wong]

On Fri, May 24, 2013 at 12:53 AM, Jan P. Kessler wrote:

> Am 23.05.2013 18:24, schrieb Joe Wong:
> > Is there a config to tell posfix , to retry a email under A: host not
> > found condition?
> >
> > May 23 15:59:22 mysmtp postfix/smtp[7507]: 92B8BCC3DE:
> > to=mailto:t...@nosuchdomain.com>>,
> > relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.4, status=bounced
> > (Host or domain name not found. Name service error for
> > name=nosuchdomain.com <http://nosuchdomain.com> type=A: Host
> > not found)
> >
> > - Joe
>
> Afaik this is the default behaviour. Postfix retries until
> queue_lifetime is exceeded.
>
> Are you experiencing something else? Can you show the logs, when the
> mail with queueid "92B8BCC3DE" got into the system?
>


It bounced right after the first attempt.

Re: how to tell postfix not to bounce when A: host not found?

[Joe Wong]

On Fri, May 24, 2013 at 1:03 AM, Joe Wong  wrote:

>
>
> On Fri, May 24, 2013 at 12:53 AM, Jan P. Kessler 
> wrote:
>
>> Am 23.05.2013 18:24, schrieb Joe Wong:
>> > Is there a config to tell posfix , to retry a email under A: host not
>> > found condition?
>> >
>> > May 23 15:59:22 mysmtp postfix/smtp[7507]: 92B8BCC3DE:
>> > to=mailto:t...@nosuchdomain.com>>,
>> > relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.4, status=bounced
>> > (Host or domain name not found. Name service error for
>> > name=nosuchdomain.com <http://nosuchdomain.com> type=A: Host
>> > not found)
>> >
>> > - Joe
>>
>> Afaik this is the default behaviour. Postfix retries until
>> queue_lifetime is exceeded.
>>
>> Are you experiencing something else? Can you show the logs, when the
>> mail with queueid "92B8BCC3DE" got into the system?
>>
>
>
> It bounced right after the first attempt.
>


and:

maximal_queue_lifetime = 5d
bounce_queue_lifetime = 5d

Re: how to tell postfix not to bounce when A: host not found?

[Joe Wong]

Sent from my iPad

On 24 May, 2013, at 1:27, wie...@porcupine.org (Wietse Venema) wrote:

> Joe Wong:
>>> Afaik this is the default behaviour. Postfix retries until
>>> queue_lifetime is exceeded.
>>> 
>>> Are you experiencing something else? Can you show the logs, when the
>>> mail with queueid "92B8BCC3DE" got into the system?
>> 
>> It bounced right after the first attempt.
> 
> That is what should happen.  The DNS server replied that the
> destination does not exist.
> 
> Postfix will retry when the DNS server is unavailable.
> 
> This of course, assumes that the DNS server is working properly.
> If it replies with DOES NOT EXIST for other errors then all bets
> are off.
> 
> You can kludge around this with soft_bounce=yes but that creates
> other problems, such as people never finding out that their
> mail is stuck in the queue.
> 
>Wietse 

Thx Wietse. 

Virtual domains not working for some domain names

[Joe Rhodes]

Postfixers:


I’m currently running Postfix 2.10.2 on CentOS 6.5 64 bit.  I have postfix 
configured to do shared virtual domains.  From my config files:

mydestination = /etc/postfix/localhosts

and in /etc/postfix/localhosts I have:

localhost
cgdgoalies.com
webmail.cgdgoalies.com
completeathletics.ca
chdcentre.com


I have also tried this with the  following configuration:

myhostname = webmail.cgdgoalies.com
mydomain = cgdgoalies.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, 
chdcentre.com, completeathletics.ca




I can receive mail for u...@cgdgoalies.com and u...@chdcentre.com just fine.  
They obviously go to the same mailbox, which is exactly what I want. 

The problem I’m having is that I cannot receive mail for 
u...@completeathletics.ca.  There is no message of any sort in the log file 
that an attempt is even made.  On the sending mail server, I get the following 
log entry:

Apr 30 20:10:43 mail postfix/smtp[29397]: 929AD33E0C76: 
to=, relay=mail.cgdgoalies.com[206.188.198.69]:25, 
delay=1.4, delays=0.32/0.06/0.96/0.06, dsn=5.0.0, status=bounced (host 
mail.cgdgoalies.com[206.188.198.69] said: 503 you must authenticate first 
(#5.5.1) (in reply to MAIL FROM command))



And then the account that I’ve sent the message from gets the bounced messages.

I must be missing something, because it seems like this should be really 
simple.  Any thoughts?

Thanks in advance for any pointers!

-Joe Rhodes



smime.p7s
Description: S/MIME cryptographic signature

Re: Virtual domains not working for some domain names

[Joe Rhodes]

Thank you.  

I feel like such an idiot!  Let’s not talk about how many hours this one has 
eluded me.


On Apr 30, 2014, at 8:43 PM, Sahil Tandon  wrote:

> On Wed, 2014-04-30 at 20:29:50 -0400, Joe Rhodes wrote:
>> I can receive mail for u...@cgdgoalies.com and u...@chdcentre.com just
>> fine.  They obviously go to the same mailbox, which is exactly what I
>> want. 
>> 
>> The problem I’m having is that I cannot receive mail for
>> u...@completeathletics.ca.  There is no message of any sort in the log
>> file that an attempt is even made.  On the sending mail server, I get
>> the following log entry:
>> 
>> Apr 30 20:10:43 mail postfix/smtp[29397]: 929AD33E0C76:
>> to=,
>> relay=mail.cgdgoalies.com[206.188.198.69]:25, delay=1.4,
>> delays=0.32/0.06/0.96/0.06, dsn=5.0.0, status=bounced (host
>> mail.cgdgoalies.com[206.188.198.69] said: 503 you must authenticate
>> first (#5.5.1) (in reply to MAIL FROM command))
> 
> The server 206.188.198.69 is not running Postfix. 
> 
>> I must be missing something, because it seems like this should be
>> really simple.  Any thoughts?
> 
>  % dig +short MX cgdgoalies.com chdcentre.com completeathletics.ca
>  5 webmail.cgdgoalies.com.
>  10 webmail.cgdgoalies.com.
>  10 mail.cgdgoalies.com.
> 
> If you want mail for completeathletics.ca to go to your Postfix server,
> update the MX entry.
> 
> -- 
> Sahil Tandon




smime.p7s
Description: S/MIME cryptographic signature

initial 220 greeting delay from hosts with no RDNS

[Joe Shamblin]

Hello,

I am experiencing an issue where hosts that do not have reverse DNS see an 
extended delay (45-60 seconds for ssl or non-ssl connections) before they get 
the initial 220 greeting. Hosts that do have properly registered entries get in 
immediately. I have downloaded the source, and the programs that perform the 
lookups gethostbyaddr, etc... all seem to return quickly enough. DNS on the 
machine is also snappy and returns the lack of RDNS quickly. Setting 
smtpd_peername_lookup to no solves the issue, but has other ramifications. The 
server in question is running postfix 2.9.6-1 on ubuntu 12.04. A different 
server with the same configuration does not seem to have the issue. Setting the 
debug_peer for the hosts show the same thing for the hosts that experience a 
delay versus those that do not, basically a bunch of match_hostaddr and 
match_hostname calls. Once the initial delay is out of the way, everything 
proceeds as normal. 

Here is the postconf -n output, any suggestions?

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 52428800
milter_default_action = accept
milter_protocol = 2
mydestination = /etc/postfix/local-host-names duke.cs.duke.edu cs.duke.edu
myhostname = duke.cs.duke.edu
mynetworks = /etc/postfix/local-host-names 152.3.140.177 152.3.140.0/23 
152.3.144.0/23 152.3.136.0/23 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = cs.duke.edu
non_smtpd_milters = inet:localhost:8891
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (feed me)
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_rbl_client r.mail-abuse.com, warn_if_reject reject_unauth_pipelining, 
permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, 
reject_invalid_helo_hostname, permit
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = check_recipient_access 
hash:/etc/postfix/expired, permit_mynetworks, permit_sasl_authenticated, 
reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, 
reject_unknown_recipient_domain, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, 
check_recipient_access hash:/etc/postfix/access, reject_unknown_sender_domain, 
permit
smtpd_tls_CAfile = /etc/ssl/cacert.pem
smtpd_tls_cert_file = /etc/ssl/server.crt
smtpd_tls_key_file = /etc/ssl/server.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_random_source = dev:/dev/urandom

Thanks,

Joe
--
Joe Shamblinw...@cs.duke.edu
Senior IT Analyst   Department of Computer Science
(919) 660-6582  Duke University



smime.p7s
Description: S/MIME cryptographic signature

Re: initial 220 greeting delay from hosts with no RDNS

[Joe Shamblin]

On May 27, 2014, at 2:38 PM, Wietse Venema  wrote:

> Joe Shamblin:
>> I am experiencing an issue where hosts that do not have reverse
>> DNS see an extended delay (45-60 seconds for ssl or non-ssl
>> connections) before they get the initial 220 greeting. Hosts that
>> do have properly registered entries get in immediately. I have
>> downloaded the source, and the programs that perform the lookups
>> gethostbyaddr, etc... all seem to return quickly enough. DNS on
>> the machine is also snappy and returns the lack of RDNS quickly.
>> Setting smtpd_peername_lookup to no solves the issue, but has other
>> ramifications. The server in question is running postfix 2.9.6-1
>> on ubuntu 12.04. A different server with the same configuration
>> does not seem to have the issue. Setting the debug_peer for the
>> hosts show the same thing for the hosts that experience a delay
>> versus those that do not, basically a bunch of match_hostaddr and
>> match_hostname calls. Once the initial delay is out of the way,
>> everything proceeds as normal.
> 
> Please TURN OFF chroot in master.cf.
> 
> The master.cf entry should look like this:
> 
> smtp  inet  n   -   n   -   -   smtpd
> 
> Then do "postfix reload".
> 
> More information: http://www.postfix.org/DEBUG_README.html#no_chroot

Yes that did the trick, thanks very much. Though it seems to break sasl 
authentication without making other changes. 

I had seen that in the documentation, and as the all caps imply should have 
payed closer attention, but I did verify that the chroot environment seemed 
correct as well. As I mentioned I have two hosts running basically the same 
configuration (except the local hostnames), and one seems to work fine and the 
other not. I assume that the chrooted environment is slightly preferred due to 
security. Is there an expedient way to track down where the problem might be 
with the chrooted environment, or a likely candidate from the information in 
the first post?

Thanks again!

Joe
--
Joe Shamblinw...@cs.duke.edu
Senior IT Analyst   Department of Computer Science
(919) 660-6582  Duke University



smime.p7s
Description: S/MIME cryptographic signature

Re: How to block offering SASL auth to clients based on RBL

[Joe Laffey]

On Sun, 8 Jun 2014, Kai Krakow wrote:


Noel Jones  schrieb:


But I want to (automatically) block the suspicious networks and not first
block all then whitelist the known-good.



Not sure I completely understand the issue, but is this something where 
you could use fail2ban to monitor your logs in real time and autoban via 
iptables any ip that had failed logins? You could whitelist your own ip 
range so they never get bannned regardless.



--
Joe Laffey
The Stable
Visual Effects
http://TheStable.tv/?e34523M/

Re: How to block offering SASL auth to clients based on RBL

[Joe Laffey]

On Sun, 8 Jun 2014, li...@rhsoft.net wrote:




Am 08.06.2014 17:18, schrieb Joe Laffey:

On Sun, 8 Jun 2014, Kai Krakow wrote:


Noel Jones  schrieb:

But I want to (automatically) block the suspicious networks and not first
block all then whitelist the known-good.


Not sure I completely understand the issue, but is this something where you 
could use fail2ban to monitor your logs
in real time and autoban via iptables any ip that had failed logins? You could 
whitelist your own ip range so they
never get bannned regardless.


the idea of using a RBL is that you can setup your own honeypot
like i did last weekend, feed your own RBL and most likely get
only real bad bots and *before* they ever touch your machine

our honeypot ist using free public IP's and listens on every
common port writing every connecting IP into a RBL

within a week 4 client IP's and 15%-20% don't expire
after the configured 7 days because they come alaways back

you can assume no customer ever will touch the honeypot



Could you possibly set up a honeypot that feeds its logs via syslogging to 
your main server... then use fail2ban to ban ips from that log as well? 
You could even used separate regexes that matched only logs from the 
honeypot and have a much greater ban time on those.


I do see the speed advantage to an RBL, and we used to run one that was 
mainly manually set up (using djbdns's rbl). I have just fallen in love 
with the auto operation of tools like fail2ban.


Either way, the honeypot is a good idea to catch some known spammers. 
Though are we talking about spammers trying to guess SASL passwords, or 
ones that already have account credentials, or open relays?


Note that I believe fail2ban could be setup with custom regexps to be used 
as a rate limiting tool for sending mail with valid credentials. Perhaps 
not the best solution for that, as it completely blocks the ip, but it 
would be automatic.



--
Joe Laffey
The Stable
Visual Effects
http://TheStable.tv/?e34525M/

Re: How to block offering SASL auth to clients based on RBL

[Joe Laffey]

On Sun, 8 Jun 2014, li...@rhsoft.net wrote:


but why setup fail2ban at all if you have no sshd on standard ports
and already a hyperfast "rbldnsd" running which scales over more than
one server without touch any configuration

frankly you can even use your RBL with web application firewalls
http://blog.modsecurity.org/2010/09/advanced-topic-of-the-week-real-time-blacklist-lookups.html



Interesting...

Certainly much more scalable if you need that level of flexibility.

I would still use fail2ban or similar on sshd on non-standrd ports. 
However, I hardly ever get hits on the non-standard sshd ports I have been 
using for well over 15 years. But this is a topic for another mailing 
list.




--
Joe Laffey
The Stable
Visual Effects
http://TheStable.tv/?e34526M/

Re: check_client_access with MySQL lookup

[Joe Sloan]

Wietse Venema wrote:

 If you want to control access with MySQL, try http://www.policy.org/


I think Wietse meant http://www.policyd.org/

Joe

Re: [ANN] iRedMail-0.3: Open Source Mail Server Solution

[Joe Sloan]

Zhang Huangbin wrote:
> Hi, all.
>
> I'd like to introduce this open source email server solution here,
> hope it can help people who need mail server solution.
>
> * Multi-platform Support
>* OS: RHEL/CentOS

It's kind of strange that you call it "mutl-platform" when it's redhat only.

What about debian?
what about ubuntu?
what about suse?

This doesn't even cover the main linux distros. What about freebsd,
darwin or solaris?

Joe

Re: Best anti-spam

[Joe Sloan]

Jim Balo wrote:
> Hi,
>  
> I am currently using Postfix w/ Amavis-new, Pyzor, DCC and Clam. 
> I have trained the Bayesian Classifier with over 2,000 ham and 2,000
> spam, but I am still getting quite a bit of spam. 
>  
> I am about to install a new mail server and I wonder if there is
> something better than SpamAssassin that works well with Postfix?
> The whole combination of Amavis, Pyzor, DCC, etc. seems a bit
> complex and it also uses quite a bit of system resources.
>  
> I saw someone recommend policy-weightd, but that is no longer
> developed since February 2008.  I also came across ASSP, but I do
> not know much about it yet.
>  
> Could someone recommend a really good open source or affordable
> commercial anti-spam solution?
>  
> Thanks,
> JB
>  
> Ps. Maybe it is just that I need to tweak SpamAssassin better?
> Some good links on this would be helpful as well.
>  
>
>

We're using a spamassassin based solution called maia mailguard, along
with policyd v1 and clamav, to manage our spam. The policyd component
does greylisting and other policy measures, while mailguard provides a
web-based spam management interface. We also supplement spamassassin and
clamav with some extra rule sets which enhance effectiveness.

We've looked at some commercial solutions which cost $100k and more,
with no clear cut advantage over our free software based solution.

Links:

http://www.maiamailguard.com/
http://www.policyd.org

Joe

Re: Which FileSystem do you use on your postfix server?

[Joe Sloan]

Ralf Hildebrandt wrote:
> * Simone Felici <[EMAIL PROTECTED]>:
>   
>> Hi Postfix-Users!
>>
>> I know, there is enough written on the net and on the mailinglist too, but 
>> have found only old results, maybe the meanwhile something is different, 
>> also I would ask you...
>> Which filesystem do you use on your mailserver?
>> I'm going to migrate a mailserver with EXT3 (and qmail) to a new postfix 
>> mailserver (virtual domains on mysql, ...).
>> I would create the system on EXT3 (RHES) and the following partitions on 
>> rieserfs:
>> 
>
> I would never use reiserfs for anything except our disposable Squid
> Cache. Stay with ext3, it works.

But ext3 does have problems - 

All our production boxes are 100% reiserfs, and have been for some
years, based on performance testing. They have been rock solid, and most
of them have 800 day uptimes at this point. I did some performance
comparisons a few months ago and reiser still has a large lead over
ext3. As reiser has always been the default filesystem on suse
enterprise linux, it stands to reason that it has been well vetted.

Of course, the legal woes of the reiserfs creator have put the future of
the filesystem in doubt. The future seems to be btrfs. ext4 might be a
good stepping stone along the way, when it's ready, but if I had to pick
a filesystem to deploy today, it would be reiserfs - xfs could get some
consideration as well, but we just really don't want the performance hit 
that comes with ext3.

Joe

Re: Which FileSystem do you use on your postfix server?

[Joe Sloan]

Victor Duchovni wrote:
> On Thu, Oct 30, 2008 at 03:53:30PM +0100, Simone Felici wrote:
>
>   
>>> I've also hear people who have had nightmares with ext3...
>>>
>>> No filesystem is perfect.
>>>   
>> No filesystem is perfect, that's certainty so.
>> 
>
> Sure, no filesystem exhibits *optimal* performance under all work-loads,
> but in terms of data integrity, I expect and demand *perfection*. Perhaps
> no Linux filesystem is mature/stable enough to meet this standard,
> but do not accept less than perfect data integrity from your filesystem:
>
> - Barring memory corruption, or I/O bus errors, ... the filesystem
>   is always recoverable at boot time and no files changes committed
>   with fsync() are lost.
>
> - Boot time recovery rolls incomplete operations forward or back
> as appropriate, and brings the filesystem into a consistent state.
>
> Past reports of ReiserFS on this list indicate that it falls short
> of reasonable (i.e. perfect) data integrity expectations.
>   

Disk hardware failures, early kernel bugs, vendor issues, all could be
reasons for such reports. I did see some reiserfs problems some years
ago under redhat, but that was an old 2.4 kernel, redhat didn't
officially support reiserfs, and it's no longer relevant IMHO.

I will say this much: reiserfs, as shipped in suse enterprise linux, on
a 2.6 kernel, has performed flawlessly in our data center, running with
lots of disk I/O on a 24/7 basis. We have had power outages, but have 
never lost a single bit on reiserfs

Joe

postfix 3.0.0 errors out with a read-only config directory

[Joe M]

Hello,

The post-install script always fails when the /etc/postfix (config
directory) is read-only.

* Starting postfix  ...
* ERROR: postfix failed to start

mail.log has these false entries:

Mar 31 00:06:07 master postfix/postfix-script[11540]: fatal: unable to
create missing queue directories
Mar 31 00:06:07 master postfix/postfix-script[11541]: fatal: Postfix
integrity check failed!

The queue directories already exist. The message is shown when
post-install fails.

Any thoughts, please?

I am also attaching my local working version of post-install.

Thanks
Joe
--- post-install.original   2015-03-31 00:30:39.624259019 -0400
+++ post-install2015-03-31 00:37:40.369394797 -0400
@@ -206,9 +206,9 @@

 
PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc:/usr/contrib/bin:/usr/gnu/bin:/usr/ucb:/usr/bsd
 SHELL=/bin/sh
-IFS="
-"
-BACKUP_IFS="$IFS"
+# IFS="
+# "
+# BACKUP_IFS="$IFS"
 debug=:
 #debug=echo
 MOST_PARAMETERS="command_directory daemon_directory data_directory
@@ -430,144 +430,144 @@

 # Confine side effects from mail_version unexpansion within a subshell.

-(case "$mail_version" in
-"") mail_version="`$POSTCONF -dhx mail_version`" || exit 1
-esac
-
-for name in $MOST_PARAMETERS
-do
-eval junk=\$$name
-case "$junk" in
-*"$mail_version"*)
-   case "$pattern" in
-   "") pattern=`echo "$mail_version" | sed 's/\././g'` || exit 1
-   esac
-   val=`echo "$junk" | sed "s/$pattern"'$/${mail_version}/g'` || exit 1
-   eval ${name}='"$val"'
-esac
-done
-
-override=
-for name in $MOST_PARAMETERS
-do
-eval test \"\$$name\" = \"`$POSTCONF -c $config_directory -h $name`\" || {
-   override=1
-   break
-}
-done
-
-test -n "$override" && {
-$POSTCONF -c $config_directory -e \
-   "daemon_directory = $daemon_directory" \
-   "command_directory = $command_directory" \
-   "queue_directory = $queue_directory" \
-   "data_directory = $data_directory" \
-   "mail_owner = $mail_owner" \
-   "setgid_group = $setgid_group" \
-   "sendmail_path = $sendmail_path" \
-   "mailq_path = $mailq_path" \
-   "newaliases_path = $newaliases_path" \
-   "html_directory = $html_directory" \
-   "manpage_directory = $manpage_directory" \
-   "sample_directory = $sample_directory" \
-   "readme_directory = $readme_directory" \
-   "shlib_directory = $shlib_directory" \
-   "meta_directory = $meta_directory" \
-|| exit 1
-} || exit 0) || exit 1
+# (case "$mail_version" in
+# "") mail_version="`$POSTCONF -dhx mail_version`" || exit 1
+# esac
+
+# for name in $MOST_PARAMETERS
+# do
+# eval junk=\$$name
+# case "$junk" in
+# *"$mail_version"*)
+#   case "$pattern" in
+#   "") pattern=`echo "$mail_version" | sed 's/\././g'` || exit 1
+#   esac
+#   val=`echo "$junk" | sed "s/$pattern"'$/${mail_version}/g'` || exit 1
+#   eval ${name}='"$val"'
+# esac
+# done
+
+# override=
+# for name in $MOST_PARAMETERS
+# do
+# eval test \"\$$name\" = \"`$POSTCONF -c $config_directory -h $name`\" || 
{
+#   override=1
+#   break
+# }
+# done
+
+# test -n "$override" && {
+# $POSTCONF -c $config_directory -e \
+#   "daemon_directory = $daemon_directory" \
+#   "command_directory = $command_directory" \
+#   "queue_directory = $queue_directory" \
+#   "data_directory = $data_directory" \
+#   "mail_owner = $mail_owner" \
+#   "setgid_group = $setgid_group" \
+#   "sendmail_path = $sendmail_path" \
+#   "mailq_path = $mailq_path" \
+#   "newaliases_path = $newaliases_path" \
+#   "html_directory = $html_directory" \
+#   "manpage_directory = $manpage_directory" \
+#   "sample_directory = $sample_directory" \
+#   "readme_directory = $readme_directory" \
+#   "shlib_directory = $shlib_directory" \
+#   "meta_directory = $meta_directory" \
+# || exit 1
+# } || exit 0) || exit 1

 # Use file/directory status information in $meta_directory/postfix-files.

 test -n "$create" && {
 postfix_files_d=$meta_directory/postfix-files.d
 for postfix_file in $meta_directory/postfix-files \

Re: postfix 3.0.0 errors out with a read-only config directory

[Joe M]

Hello Wietse,

Thanks for the quick response.

> > The post-install script always fails when the /etc/postfix (config
> > directory) is read-only.
>
> I'll have to try that. Misleading error messages are
> undesirable.

Thanks.

> > I am also attaching my local working version of post-install.
>
> Looks like you're preventing it from updating main.cf.
> This was fixed days ago with postfix-3.1-20150329.
>
> Can you try the post-install file from that distribution?
> It should work with postfix-3.0.0.

Just tested with the post-install from
ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-3.1-20150330.tar.gz

I had to comment out these 3 lines to get it to work.

With this change to lines 209-211, the script works fine.
+# IFS="
+# "
+# BACKUP_IFS="$IFS"

It looks like the sub-shell processing for writing back to main.cf is
working now.

Thanks again,
Joe


signature.asc
Description: Digital signature

Re: postfix 3.0.0 errors out with a read-only config directory

[Joe M]

Hello Viktor,

> > I had to comment out these 3 lines to get it to work.
> >
> > With this change to lines 209-211, the script works fine.
> > +# IFS="
> > +# "
> > +# BACKUP_IFS="$IFS"
>
> Did you per-chance lose the "" in
>
> IFS=""
>
> [
>   That is:
>   IFS="
>   "
> ]
>

Thanks, That is exactly what happened. My editor settings remove
trailing spaces or tabs. The post-install from
3.1-20150330 worked fine without any issues.

Thanks again,
Joe


signature.asc
Description: Digital signature

LMTP and virtual users confusion

[Joe Buck]

Hi fair folks. After years of using OS X servers I'm back on FreeBSD and
well... owls have sure aged since then.

So I'm trying to do a virtual domain+virtual users setup with Dovecot where
I'd have several virtual domains and several users. Each user is supposed to
be authenticated via the simple username both for SMTP and IMAP, not a full
email address and each will have several email aliases on different domains.
Pretty simple so far. However, I've set up the virtual_transport to be lmtp
and that transport relays the entire recipient's email address to Dovecot.

main.cf:

virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = aqq.is
virtual_mailbox_maps = hash:/usr/local/etc/postfix/virtualmailboxes

virtualmailboxes:
t...@aqq.is testmail
te...@aqq.istestmail

And in the mail log:

dovecot: lmtp(20405): Connect from local
dovecot: auth-worker(20407): passwd(t...@aqq.is): unknown user

I would expect Postfix to accept mail both for test and test2 and tell
Dovecot via LMTP to deliver the mail to the user named testmail. But I
cannot do that because Postfix doesn't relay "testmail" to Dovecot for user
lookup.

All other options that I've tried either make Postfix try to write to
mailboxes by itself or make Dovecot indiscriminate and accept every incoming
message, creating folders with different email addresses.

So the question is, what am I doing wrong there? Is the configuration that I
have in my mind even possible?
And suppose if it's possible, second question is how do I make SMTP
authentication work in such a scenario?



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html