Sizing Linux Partitions for use with Postfix
I want to create a new debian Linux based postfix system to sit in front of Exchange 2003 and act only as an SMTP gateway for starters and possibly do some filtering down the road. There seems to be less than 65,000 connections per day coming at Exchange and I'm thinking to start with one ~16 GB disk for the system. I've read bits in the list archives that /var/queue and /var/log might be advisable to live on separate partitions. Digging around more and on the list and Internet I'm left wondering how to go about carving up an appropriate disk layout or calculate how much I might be safe to allocate for 'queue' for a new (low volume?) system? Is there any wisdom anyone would be willing to share, pro's con's, etc. to help proceed? thanks!
Simplifying repetition of reject, warn or OK checks with same reasons
Hello list, When building out the various checks available to postfix, is there a mechanism for doing a REJECT, WARN or OK plus the reason, en mass, without pasting the same text a lot? For example... bad.guy01.com REJECT 550 Reason1 bad.guy02.com REJECT 550 Reason1 . . . bad.guy50.com REJECT 550 Reason1 If this is possible, can someone recommend a link to examples of what would the correct syntax looks like and is it different for hash, pcre, etc., etc.? Thanks!
Re: Howto bounce a message in queue
Noel Jones wrote: At 03:24 PM 2/7/2007, Dick Middleton wrote: Is it possible to manually "bounce" a message in the deferred queue so preempting the normal retry/timeout period? I've got a message sitting in the queue trying to connect to a non-existent server. The sooner it gets bounced back to originator the better, If these are the result of a user mis-typing a domain, add the bad domain to your transport map and requeue the message with postsuper -r QUEUEID. # transport hotmal.com error:invalid domain "hotmal.com" maybe try "hotmail.com" instead. If these are the result of bouncing undeliverable mail, you need to implement proper recipient validation so invalid recipients are rejected during SMTP. Sorry to bump such an old topic but this fits what I'm trying to learn to do on a system that focuses on sending outbound traffic using v2.5.5. I did read "man transport" and searched list archives but I just don't seem to be getting all the pieces right. . . . I have a transport file and I've postmapped it. Does an additional directive go in main.cf or master.cf and what might that look like when implemented?
Re: false return addresses
Wietse Venema wrote: James D. Parra: Hello, How can I drop external messages with a return address from our domain? Something like this will reject "local" senders from outside "mynetworks". I'm glad this question came up, I too am getting from= to= hits lately and appreciate the example. Expanding on James question: If I set one postfix box as MX for inbound and another independent computer handles my outbound, are there obvious scenarios where "local" senders outside "mynetworks" might disrupt legitimate bounces, or NDR's, or... insert featureName... which I might need to be careful of? This is assuming no traveling users would use my MX box as a relay of any sort.
Blocking with smtpd_client_restrictions
I have postfix on a debian Linux (lenny, ESXi virtual) machine handling inbound traffic for a couple domains on Microsoft Exchange 2003. I am using transport_maps and getadsmtp.pl for my recipient list which seem to work fine. The questions I have are related to smtpd_client_restrictions. smtp1:/etc/postfix# postconf -n | grep smtpd_client_restrictions smtpd_client_restrictions = check_client_access hash:/etc/postfix/access_hash, check_client_access regexp:/etc/postfix/access_regexp, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname smtp1:/etc/postfix# cat access_hash .it REJECT 554 Access denied smtp1:/etc/postfix# cat access_regexp /gaoland\.net/ My questions: 1) Are two check_client_access statements as I have in smtp_client_restrictions legal? and 2) If yes to 1, assuming I've grepped the mail.log correctly, should this have gotten past the .it block in the access_hash check? If not, what might be changed to block .it? smtp1:/etc/postfix# grep 93.34.55.54 /var/log/mail.log Jun 23 14:07:24 smtp1 postfix/smtpd[17911]: connect from 93-34-55-54.ip48.fastwebnet.it[93.34.55.54] Jun 23 14:07:25 smtp1 postfix/smtpd[17911]: 4379695C08: client=93-34-55-54.ip48.fastwebnet.it[93.34.55.54] Jun 23 14:07:25 smtp1 postfix/smtpd[17911]: 4379695C08: client=93-34-55-54.ip48.fastwebnet.it[93.34.55.54] Jun 23 14:07:26 smtp1 postfix/cleanup[17916]: 4379695C08: message-id=<8632386099.2008180...@nextnature.net> Jun 23 14:07:26 smtp1 postfix/qmgr[17407]: 4379695C08: from=, size=608, nrcpt=5 (queue active) Jun 23 14:07:26 smtp1 postfix/smtp[17917]: 4379695C08: to=, relay=x.x.x.x[x.x.x.x]:25, delay=1.2, delays=1/0/0/0.18, dsn=2.6.0, status=sent (250 2.6.0 <8632386099.2008180...@nextnature.net> Queued mail for delivery) Jun 23 14:07:26 smtp1 postfix/smtpd[17911]: disconnect from 93-34-55-54.ip48.fastwebnet.it[93.34.55.54]
Re: Blocking with smtpd_client_restrictions
Sahil Tandon wrote: Show all 'postconf -n' instead of snippets for more thorough debugging. Sorry, figured the shorthand would give enough detail without being too wordy. Here's the rest: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix disable_vrfy_command = yes inet_interfaces = all mailbox_size_limit = 0 mydestination = smtp1.myDomainOne myDomainOne myDomainTwo myhostname = smtp1.myDomainOne mynetworks = 127.0.0.0/8 x.x.x.x x.x.x.x x.x.x.x myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relay_domains = myDomainOne, myDomainTwo relay_recipient_maps = hash:/etc/postfix/exchange_recipients relayhost = show_user_unknown_table_name = no smtpd_banner = $myhostname Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready smtpd_client_restrictions = check_client_access hash:/etc/postfix/access_hash, check_client_access regexp:/etc/postfix/access_regexp, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/access_hash, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access_hash, reject_unknown_sender_domain transport_maps = hash:/etc/postfix/transport unknown_client_reject_code = 550 unknown_hostname_reject_code = 550 smtp1:/etc/postfix# cat access_hash .it REJECT 554 Access denied smtp1:/etc/postfix# cat access_regexp /gaoland\.net/ My questions: 1) Are two check_client_access statements as I have in smtp_client_restrictions legal? Yes. and 2) If yes to 1, assuming I've grepped the mail.log correctly, should this have gotten past the .it block in the access_hash check? If not, what might be changed to block .it? You're trying to block an entire TLD. See the access(5) manual, especially the section on lookups from indexed files. You might want to try "it" as a lookup key instead of ".it", given the likely inclusion of smtpd_access_maps in your configuration's parent_domain_matches_subdomains. OK, read http://www.postfix.org/access.5.html Am I correct at interpreting this to mean I need to put the desired ".tld" in, for example, my "access_regexp" as a regular expression because ".tld" is too short and won't match via an "access_hash" whereas ".domain.tld" being longer, would?
smtpd_*_restrictions
Looking for some clarification to help me understand. Are smtpd_*_restrictions processed in this order: smtpd_client_restrictions smtpd_helo_restrictions smtpd_sender_restrictions smtpd_recipient_restrictions smtpd_data_restrictions If these restriction mechanisms share a common hash file for their check, for example: /etc/postfix/main.cf ... smtpd_client_restrictions = check_client_access hash:/etc/postfix/access_hash ... ... smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access_hash ... ... /etc/postfix/access_hash ip.ad.dre.ss ok tld.com REJECT Access denied would this OK if found in smtp_client_restrictions trump REJECT if found by smtpd_sender_restrictions against tld.com and allow the message to queue?
Re: How to setup postfix to have port 25 for receive only
I can see why he would want to do that - 99% of the spam I get is from US-based cable modem- and DSL-hosted systems. My host - earthlink - recently reconfigured their routers to disallow outbound email that doesn't go through their servers, and I wish all ISPs would do that. Perhaps . . . but I've been getting relayed spam trough XO's legitimate SMTP servers for a few years now. Using the ISP doesn't exactly solve or possibly even reduce the problem.
Re: Spam Prevention
Clunk Werclick wrote: PRE DNSBL 321 NO PTR 201 SPOOFING 120 RELAY ATTEMPTS0 BLOCKED OTHER0 WHITELISTED4 BLOCKED DNSBL 287 What tools are you using to generate your counts and get your output presented this way?
Re: check_client_access with MySQL lookup
On Wed, July 30, 2008 16:33, Wietse Venema wrote: > If you want to control access with MySQL, try http://www.policy.org/ > > Wietse I believe Wietse meant http://www.policyd.org/ -- Regards, Jon
Re: Use a recipients_map for spamassassin
On Wed, August 6, 2008 15:23, Nicolas Letellier wrote: > Hello. > > I'm looking for a solution to desactivate antispam solution for a few > recipients. > > By default, spamassassin is activated for all mails, with a rule like: > smtp inet n - n - - smtpd > -o content_filter=spamassassin > > I would like to know if you have a solution to launch spamassassin > *only* if the recipient want to have an antispam solution. > > For example, to have a recipients_map with all domains to analyse with > spamassassin. > > I think a solution could be customize master.cf, but I don't have any > idea of how do this. > > Do you have some ideas? > > Thanks! > > Regards, > > -- > - Nicolas. > > Yes, use the smtpd_restriction_classes... http://www.postfix.org/RESTRICTION_CLASS_README.html -- Regards, Jon
Re: Use a recipients_map for spamassassin
On Thu, August 7, 2008 02:39, Magnus Bäck wrote: > On Thu, August 7, 2008 10:01 am, Jon said: > >> On Wed, August 6, 2008 15:23, Nicolas Letellier wrote: >> >> > I'm looking for a solution to desactivate antispam solution for a >> few >> > recipients. > > [...] > >> Yes, use the smtpd_restriction_classes... >> >> http://www.postfix.org/RESTRICTION_CLASS_README.html > > No. Per-recipient content filtering requires multiple Postfix > instances. > > -- > Magnus Bäck > [EMAIL PROTECTED] > Why? Use the restriction classes to define which FILTER to use via a pcre or regexp script. One restriction class calls one script, while the other class calls another. Each class calls a different content filter. Create two different content filters, one pipes to spamassassin, while the other does not. -- Regards, Jon
Re: Use a recipients_map for spamassassin
On Thu, August 7, 2008 12:27, Noel Jones wrote: > Jon wrote: >> On Thu, August 7, 2008 02:39, Magnus Bäck wrote: >>> On Thu, August 7, 2008 10:01 am, Jon said: >>> >>>> On Wed, August 6, 2008 15:23, Nicolas Letellier wrote: >>>> >>>>> I'm looking for a solution to desactivate antispam solution for a >>>> few >>>>> recipients. >>> [...] >>> >>>> Yes, use the smtpd_restriction_classes... >>>> >>>> http://www.postfix.org/RESTRICTION_CLASS_README.html >>> No. Per-recipient content filtering requires multiple Postfix >>> instances. >>> >>> -- >>> Magnus Bäck >>> [EMAIL PROTECTED] >>> >> >> Why? Use the restriction classes to define which FILTER to use via >> a >> pcre or regexp script. One restriction class calls one script, >> while >> the other class calls another. Each class calls a different content >> filter. Create two different content filters, one pipes to >> spamassassin, while the other does not. >> >> -- >> Regards, >> Jon >> >> > > The FILTER result is a per-message attribute, not a > per-recipient attribute, so using restriction classes will > give unpredictable results with multi-recipient messages. > > Since unpredictable results are generally considered bad, > Magnus is correct - you need multiple instances of postfix to > do per-recipient filtering. > The reason you need multiple instances is because you need to > use transport_maps to route each recipient to the correct > filter, and transport_maps is (for all practical purposes) a > global setting. > > An alternative is to use a smarter content_filter or milter > that allows per-recipient settings. > > -- > Noel Jones > I.C. Thanks for the explanation. -- Regards, Jon
concerning how to configure mail for relay
i'm apparently unable to understand how to correctly configure mail for relay in my particular use case. i need a secondary daemon which clears my content_filter and always uses a particular relayhost. here is where my master.cf currently stands: scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes -o disable_mime_output_conversion=yes -o smtp_generic_maps= secure unix - - - - - smtp -o relay_transport=smtp:[an.smtp.relay]:366 -o default_transport=smtp:[an.smtp.relay]:366 -o relayhost=[an.smtp.relay]:366 -o smtp_sasl_auth_enable=yes -o smtp_sasl_mechanism_filter=login -o smtp_sasl_password_maps=hash:/etc/postfix/sasl/passwd -o smtp_use_tls=yes -o debug_peer_list=127.0.0.1 localhost:10026 inet n - n - 16 smtpd -o content_filter= -o relay_transport=secure -o default_transport=secure -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_relay_restrictions=permit_mynetworks,reject -o smtpd_recipient_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 and in main.cf i specify content_filter=scan:localhost:10025 for external connections to hit first. so in the normal course of things, mail that passes the filter continues on but mail that does not is shuffled elsewhere to be sent onward to the relayhost. perhaps this is not even the right way to accomplish that. but. i am testing with telnet on :10026 directly to ensure the relay is always used when mail is received there, and it is not: it defaults to the regular mode of transport and looks up MX records for the recipient domain. i've tried variations of these settings to no avail. what fool thing am i doing here? thanks, -jon
pipe - setup question
I read this page http://www.postfix.org/FILTER_README.html but I am not having any luck getting my pipe set up. I want to make it so all mail destined for a particular subdomain is run through a script and then discarded. The 'all mail for a subdomain' requirement makes me think I need to use the virtual map. Can you connect the output of a virtual domain to a particular transport? I haven't had any success getting it to work. i added this line to master.cf: myfilter unix - n n - 10 pipe flags=Rq user=filter argv=/usr/bin/php /usr/local/bin/filter.php and this line to transport: in.mydomain.com myfilter: not sure what to add (if anything) to virtual. i tried this: in.mydomain.com virtual in...@in.mydomain.commyfilter: -jsd-
Re: pipe - setup question
On Wed, Feb 18, 2009 at 11:50 AM, Wietse Venema wrote: > /etc/postfix/example-recipients >o...@example.com whatever >t...@example.com whatever > > This is a relay domain setup. Virtual aliases solve a different problem. could i use a virtual alias to relay an entire domain to a single script and use the script to parse the incoming address and decide what to do? i followed your instructions but i am getting "status=bounced (unknown user: "input")" when i try to send to in...@in.mydomain.com i put "in...@in.mydomain.com" in the mydomain-recipients file and did a postmap on it. -jsd-
Re: pipe - setup question
On Wed, Feb 18, 2009 at 12:12 PM, Wietse Venema wrote: >> i followed your instructions but i am getting "status=bounced (unknown >> user: "input")" when i try to send to in...@in.mydomain.com > > You still have it configured as virtual domain. Don't do that. I don't. I even removed the virtual_alias_maps line from main.cf and restarted. $ postconf -n | grep virtual $ > USE relay_domains and relay_recipient_maps, $ postconf -n | grep relay relay_domains = in.thismoment.com relay_recipient_maps = hash:/etc/postfix/thismoment-recipients $ cat /etc/postfix/thismoment-recipients in...@in.thismoment.com whatever > NOT virtual_alias_* > NOT virtual_mailbox_* still getting this to=, relay=local, delay=0.05, delays=0.02/0.01/0/0.01, dsn=5.1.1, status=bounced (unknown user: "input") -jsd-
Re: pipe - setup question
On Wed, Feb 18, 2009 at 2:15 PM, Wietse Venema wrote: > Jon Drukman: >> still getting this >> to=, relay=local, delay=0.05, > > This mail is sent to LOCAL not PIPE. Your transport map is not working. $ cat transport in.thismoment.com parsemail: $ grep parsemail master.cf parsemail unix - n n - 10 pipe flags=Rq user=filter argv=/usr/bin/php /usr/local/bin/filter.php what am i missing?
Re: pipe - setup question
On Wed, Feb 18, 2009 at 2:30 PM, Wietse Venema wrote: >> what am i missing? > > Are the transport map lookups configured? >$ postconf -n transport_maps that was it. for some reason that option is not listed in the default main.cf on my box. thanks! -jsd-
Re: pipe - setup question
On Wed, Feb 18, 2009 at 2:34 PM, Jon Drukman wrote: > On Wed, Feb 18, 2009 at 2:30 PM, Wietse Venema wrote: >>> what am i missing? >> >> Are the transport map lookups configured? >>$ postconf -n transport_maps > > that was it. for some reason that option is not listed in the default > main.cf on my box. my next problem is that this setup works fine for local deliveries (ie: running sendmail on the same box) but it doesn't work if i try to mail to it from the outside world. successful local delivery: Feb 18 15:32:31 181379-web1 postfix/pipe[30864]: 2F4A1B782C7: to=, relay=parsemail, delay=0.1, delays=0.03/0.01/0/0.05, dsn=2.0.0, status=sent (delivered via parsemail service) unsuccessful delivery from the outside: Feb 18 15:39:41 181379-web1 postfix/smtpd[30983]: NOQUEUE: reject: RCPT from wf-out-1314.google.com[209.85.200.175]: 550 5.1.1 : Recipient address rejected: User unknown in local recipient table; from= to= proto=ESMTP helo= i have 'in...@in.thismoment.com' in my relay_recipient_maps hash.
Re: pipe - setup question
On Wed, Feb 18, 2009 at 3:49 PM, Jon Drukman wrote: > unsuccessful delivery from the outside: > Feb 18 15:39:41 181379-web1 postfix/smtpd[30983]: NOQUEUE: reject: > RCPT from wf-out-1314.google.com[209.85.200.175]: 550 5.1.1 > : Recipient address rejected: User unknown in > local recipient table; from= > to= proto=ESMTP helo= > > i have 'in...@in.thismoment.com' in my relay_recipient_maps hash. adding local_recipient_maps = and reloading fixed it.
temporary lookup failure
Hi List
A few of our clients use our postfix server for relaying. Generally, its
working really well, but several users are reporting regular "451
Temporary Lookup Failure" bounce errors. This is them sending "outgoing"
(ie non-local domains) and domains that Postfix should be relaying for,
in its other role as a fallback mx server.
We use mysql to store local mailboxes, domains, etc but these are
effectively "external" addresses. I can see anything in the logs that
tells me anything other than the 451 error.
Postfix sends the root user an email like this:
To: Postmaster
Subject: Postfix SMTP server: errors from unknown[x.x.x.x]
Transcript of session follows.
Out: 220 server3300lx.digital-ink.co.uk ESMTP Server - Relaying
Prohibited
In: HELO sendingserver.com
Out: 250 server3300lx.digital-ink.co.uk
In: NOOP
Out: 250 Ok
In: NOOP
Out: 250 Ok
In: MAIL FROM:
Out: 250 Ok
In: RCPT TO:
Out: 451 : Temporary lookup
failure
Session aborted, reason: lost connection
-
I have tried various command line tests, but never got a 451. It doesn't
appear to be consistently replicatable. Is this something to do with a
mysql select statement timing out? Can I increase the lookup timeout -
if there such a thing?
There are obviously a lot of configuration files involved here. But I
can't find anything to do with 451 errors.
This is the relavent sections (I hope!) from main.cf
main.cf
---
.
.
.
virtual_mailbox_domains =
mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:12
.
.
.
## relay section
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client pbl.spamhaus.org
permit
master.cf
-
smtp inet n - n - - smtpd
pickupfifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgrunix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounceunix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verifyunix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scacheunix - - n - 1 scache
maildrop unix - n n - - pipe
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m
${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmailunix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
smtpd.conf
--
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 5
Anyhelp gratefully appreciated.
Jon Harris
RE: temporary lookup failure
Hi Brian Everything you said makes a great deal of sense - thanks very much. I have changed the RBL settings, as you advised. Yes, the load has gone up considerably, particularly, we are seeing a massive rise of spam traffic on this box (mainly on one or two of the domains 30 domains its responsible for) However, I have tried putting "proxy:" in front of my mysql maps and it stopped it being able to receive email. Presumably, I need to enable proxymap to get proxy maps to work. This is something I don't know how to do. This is what "postconf -d | grep proxy" returns: local_recipient_maps = proxy:unix:passwd.byname $alias_maps proxy_interfaces = proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks smtpd_proxy_ehlo = $myhostname smtpd_proxy_filter = smtpd_proxy_timeout = 100s There are no lines with proxy in my main.cf, do I need to add in a "proxy_read_maps"? If so what do I set it to? Incidently, here is a copy of my "mysql_virtual_mailbox_maps.cf" I did initially have a few problems getting this working. If I use proxy:mysql: will I need to change this? user = password = hosts = localhost dbname = postfix table = mailbox #select_field = CONCAT(domain,'/',maildir) select_field = maildir where_field = username additional_conditions = and active = '1' #query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1' Regards Jon [snip]
RE: temporary lookup failure [Fixed]
viktor I tried re-editing the main.cf and its now working. Haven't seen any "Temporary Lookup Failures" since. I must have left a typo in there. Must remember to edit more carefully ;-( thanks jon -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Victor Duchovni Sent: 29 May 2009 17:17 To: postfix-users@postfix.org Subject: Re: temporary lookup failure On Sat, May 30, 2009 at 02:09:35AM +1000, Barney Desmond wrote: > 2009/5/29 Jon Harris : > > However, I have tried putting "proxy:" in front of my mysql maps and it > > stopped it being able to receive email. Presumably, I need to enable > > proxymap to get proxy maps to work. This is something I don't know how > > to do. > > Error logs? All tables used with "proxy:" need to be listed in "proxy_read_maps". The default value covers many of the built-in table-valued parameters, but it is not uncommon to need to extend this list. There is no "+=" syntax in main.cf, so extending the parameter means copying in the default value, and then the required additions. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly.
smtpd_banner question
Hi all This is probably a rank newbie question, but I've been unable to find an answer via Google or the archives, so hopefully someone here can point me in the right direction. As I understand it, smtpd_banner is used for both the banner line when someone connects to my server, and also when Postfix connects to another server to send mail. Stop me now if this is completely wrong :) The problem I have is that I've been getting rejected mail from a couple of specific recipients, saying "550 Access denied - Invalid HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)". My smtpd_banner is set to "$mylocalhost ESMTP". The localhost is the full localname+domain. I took "(Postfix)" out of the banner because I'm paranoid and don't like advertising what specific software is offering a service - is that omission now causing a problem? Now, when I change that banner to be _only_ the hostname, the remote server accepts the mail just fine - it appears to be choking on the "ESMTP" part. I verified this by telnetting into the remote server and greeting with "ehlo host.domain.com ESMTP", and it was rejected, then trying without and it was accepted. But I don't want to take ESMTP out of the banner, because I understand it's serving a useful purpose to hosts which deliver to my domain. Is this mistaken? Does it actually matter much? And my final questions are: is this mistaken config on my part? Should I be doing something differently? Assuming I have no control over the remote end which is rejecting our mail, and assuming it's a client we definitely need to communicate with, is it a big deal to drop the ESMTP from the smtpd_banner if that means mail gets through? And lastly, mainly as curiosity, is there a way to configure different banners for different purposes, such as inbound vs outbound, or on different interfaces, and so on? Thanks in advance for any help! -Jon
Re: smtpd_banner question
On 22 February 2010 11:00, Ralf Hildebrandt wrote: > * Jon Tullett : > >> As I understand it, smtpd_banner is used for both the banner line when >> someone connects to my server, > > Yes. > >> and also when Postfix connects to another server to send mail. > > No. Ahah :) I found a reference to this on a Zimbra (I think) forum, and had proceeded from that assumption. But that only confuses me more, if tinkering with smtpd_banner was successful in getting a remote mail server to accept a connection, but a totally different variable should be passed. Is it possible the remote side is establishing a connection back to my server, to verify that the sender is real, or the banners match, or something weird like that? That seems like an unlikely sort of check. >> The problem I have is that I've been getting rejected mail from a >> couple of specific recipients, saying "550 Access denied - Invalid >> HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)". > > That's something different. > postconf smtp_helo_name > postconf myhostname > returns what? Both return the same - the hostname+domain and nothing else: mail.foo.com That is the default value for smtp_helo_name, the docs tell me. >> My smtpd_banner is set to "$mylocalhost ESMTP". The localhost is the > mylocalhost??? Sorry, my mistake, screwing up the variable name. I meant $myhostname, which is set to the machine's local name+domain. -Jon
Re: smtpd_banner question
On 22 February 2010 12:11, Ralf Hildebrandt wrote: > * Jon Tullett : > >> > That's something different. >> > postconf smtp_helo_name >> > postconf myhostname >> > returns what? >> >> Both return the same - the hostname+domain and nothing else: mail.foo.com >> That is the default value for smtp_helo_name, the docs tell me. > > It would help not to munge the data, since that's what the other > server doesn't like No, you're right. But it seems happy enough now with just name+domain. The main reason I asked was to clear up my confusion about the use of smtpd_banner - thank you for pointing me straight re smtp_helo_name! -J
Proper setup of our postfix relays
Hello There! I have looked around the net for an answer to this with no luck. Our company has a pair of Postfix relays that relay mail in and out of our network. We use an outside email service for email archiving, and this requires all the mail to be sent through the service. We can not just send the mail to the open internet. So I set this up in the main.cf file. relay_domains = maildomain1 maildomain2 maildomain3 relayhost = to the DNS name of the email archiving service fallback_relay = to the second DNS name of the email archiving service In a transport file: maildomain1:[mailboxserverIP] maildomain2 :[mailboxserverIP] maildomain3 :[mailboxserverIP] Etc. Everything works fine, except when we have a problem with the mailbox server. When the mailbox server can not accept email for any reason we get mail loops on incoming mail. It seems to be something like this: 1. Email from outside goes to email archive service 2. email archive service sends it to our postfix relays 3. postfix relay tries to send it to mailbox server, but mailbox server is not available 4. postfix then sends the email back to the archive service (fallback relay?) causing a mail loop Anybody have any ideas? Thanks! jg Jon Giles Network Engineer The CDM Group220 East 42nd Street, New York, New York 10017 p: (212) 450-2912 [http://esig.sscggroup.com/The_CDM_Group.jpg] Please consider the environment before printing this e-mail. Privileged/Confidential Information may be contained in this message. Any strategies and tactics described herein or in attachments are subject to legal and regulatory approval prior to implementation. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply e-mail. Please advise immediately if you or your employer do not consent to Internet e-mail of this kind. Opinions, conclusions, and other information in this message that do not relate to the official business of The CDM Group shall be understood as neither given nor endorsed by it.
Re: Proper setup of our postfix relays
Very good. Thanks very much for the help! jg On 3/30/10 1:06 PM, "Victor Duchovni" wrote: > On Tue, Mar 30, 2010 at 12:52:28PM -0400, Jon Giles wrote: > >> So I set this up in the main.cf file. >> >> relay_domains = maildomain1 maildomain2 maildomain3 >> relayhost = to the DNS name of the email archiving service >> fallback_relay = to the second DNS name of the email archiving service > > DO NOT use fallback_relay here. Rather use internal DNS MX records, to > specify a single relayhost domain name with multiple underlying hosts. > >> In a transport file: >> >> maildomain1:[mailboxserverIP] >> maildomain2 :[mailboxserverIP] >> maildomain3 :[mailboxserverIP] >> Etc. >> >> Everything works fine, except when we have a problem with the mailbox server. >> When the mailbox server can not accept email for any reason we get mail loops >> on incoming mail. >> > > DO NOT use fallback_relay, and the problem will go away. > > If you simply cannot configure DNS, use a separate relay_transport, > with "-o smtp_fallback_relay=..." in master.cf for the dedicated > transport. Jon Giles Network Engineer The CDM Group 220 East 42nd Street, New York, New York 10017 p: (212) 450-2912 -- Please consider the environment before printing this e-mail. -- -- Privileged/Confidential Information may be contained in this message. Any strategies and tactics described herein or in attachments are subject to legal and regulatory approval prior to implementation. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply e-mail. Please advise immediately if you or your employer do not consent to Internet e-mail of this kind. Opinions, conclusions, and other information in this message that do not relate to the official business of The CDM Group shall be understood as neither given nor endorsed by it.
Re: Proper setup of our postfix relays
Victor: Thanks again for the suggestions. Having removed fallback_relay has stopped the loops, but I am still challenged in setting up the failover to the second relayhost. Unless there is something I am missing, using a local DNS server to create the failover isn't an option for me. I can't use A records to point to the relayhosts because the Ips might change over time without my knowledge. If I use cnames to relay to, I have a problem setting up cnames for additional relayhosts. It seems to work fine with A records, and if I knew for a fact that the IPs would not change I would be happy to use this config. Trying to use a * transport declaration works fine, as long as my local mailbox server is working correctly. If it goes down, however, I have the same mail loop problem. Here are the pieces of the config that might explain why I am having trouble with it. Master.cf has relay unix - - n - - smtp -o fallback_relay=secondrelayhost.relaydomain.com Main.cf has relay_transport = relay Transport has * relay: firstrelayhost.relaydomain.com Do you have any suggestions? Thanks! Jg On 3/30/10 1:06 PM, "Victor Duchovni" wrote: > On Tue, Mar 30, 2010 at 12:52:28PM -0400, Jon Giles wrote: > >> So I set this up in the main.cf file. >> >> relay_domains = maildomain1 maildomain2 maildomain3 >> relayhost = to the DNS name of the email archiving service >> fallback_relay = to the second DNS name of the email archiving service > > DO NOT use fallback_relay here. Rather use internal DNS MX records, to > specify a single relayhost domain name with multiple underlying hosts. > >> In a transport file: >> >> maildomain1:[mailboxserverIP] >> maildomain2 :[mailboxserverIP] >> maildomain3 :[mailboxserverIP] >> Etc. >> >> Everything works fine, except when we have a problem with the mailbox server. >> When the mailbox server can not accept email for any reason we get mail loops >> on incoming mail. >> > > DO NOT use fallback_relay, and the problem will go away. > > If you simply cannot configure DNS, use a separate relay_transport, > with "-o smtp_fallback_relay=..." in master.cf for the dedicated > transport. Jon Giles Network Engineer The CDM Group 220 East 42nd Street, New York, New York 10017 p: (212) 450-2912 -- Please consider the environment before printing this e-mail. -- -- Privileged/Confidential Information may be contained in this message. Any strategies and tactics described herein or in attachments are subject to legal and regulatory approval prior to implementation. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply e-mail. Please advise immediately if you or your employer do not consent to Internet e-mail of this kind. Opinions, conclusions, and other information in this message that do not relate to the official business of The CDM Group shall be understood as neither given nor endorsed by it.
Re: Proper setup of our postfix relays
Victor: Thanks for the tips. After removing fallback_relay from my main.cf the loops stopped when the mailbox server is offline, but I still need to set up the second relayhost. I don't think a local DNS server would work out for us. The relayhosts may change their IPs, and so it would be best to use DNS lookups for the two relayhosts. I tried to get a local bind instance to take two cnames for the same local relay host name, like: magma.mailout.local.INCNAME first.relayhost.com. magma.mailout.local.INCNAME second.relayhost.com. But then named complains about the second CNAME. And so I have been trying to get your other suggestion to work, but it will cause mail loops if the mailbox server is offline. Here are the config excerpts: transport: * relay:first.relayhost.com Main.cf: Removed relayhost and fallback_relay Added relay_transport = relay Master.cf: relay unix - - n - - smtp (added this --->)-o fallback_relay=second.relayhost.com I must be doing something wrong. Thanks for all the help! jg On 3/30/10 1:06 PM, "Victor Duchovni" wrote: > On Tue, Mar 30, 2010 at 12:52:28PM -0400, Jon Giles wrote: > >> So I set this up in the main.cf file. >> >> relay_domains = maildomain1 maildomain2 maildomain3 >> relayhost = to the DNS name of the email archiving service >> fallback_relay = to the second DNS name of the email archiving service > > DO NOT use fallback_relay here. Rather use internal DNS MX records, to > specify a single relayhost domain name with multiple underlying hosts. > >> In a transport file: >> >> maildomain1:[mailboxserverIP] >> maildomain2 :[mailboxserverIP] >> maildomain3 :[mailboxserverIP] >> Etc. >> >> Everything works fine, except when we have a problem with the mailbox server. >> When the mailbox server can not accept email for any reason we get mail loops >> on incoming mail. >> > > DO NOT use fallback_relay, and the problem will go away. > > If you simply cannot configure DNS, use a separate relay_transport, > with "-o smtp_fallback_relay=..." in master.cf for the dedicated > transport. Jon Giles Network Engineer The CDM Group 220 East 42nd Street, New York, New York 10017 p: (212) 450-2912 -- Please consider the environment before printing this e-mail. -- -- Privileged/Confidential Information may be contained in this message. Any strategies and tactics described herein or in attachments are subject to legal and regulatory approval prior to implementation. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply e-mail. Please advise immediately if you or your employer do not consent to Internet e-mail of this kind. Opinions, conclusions, and other information in this message that do not relate to the official business of The CDM Group shall be understood as neither given nor endorsed by it.
Re: Proper setup of our postfix relays
Sorry for missing this. I have these emails going to a special mailbox and I forgot. Sorry again, but thanks again for the help and I will try this out today! jg On 3/31/10 1:55 PM, "Victor Duchovni" wrote: > On Wed, Mar 31, 2010 at 01:28:22PM -0400, Jon Giles wrote: > >> Thanks again for the suggestions. Having removed fallback_relay has >> stopped the loops, but I am still challenged in setting up the failover to >> the second relayhost. >> >> Unless there is something I am missing, using a local DNS server to create >> the failover isn't an option for me. I can't use A records to point to the >> relayhosts because the Ips might change over time without my knowledge. > > That's why you would use MX records: > > localhost zone on MTA DNS server: > xyzzy.localhost. IN MX 0 primarymx.example.net. > xyzzy.localhost. IN MX 10 secondarymx.example.net. > > main.cf: > relayhost = xyzzy.localhost Jon Giles Network Engineer The CDM Group 220 East 42nd Street, New York, New York 10017 p: (212) 450-2912 -- Please consider the environment before printing this e-mail. -- -- Privileged/Confidential Information may be contained in this message. Any strategies and tactics described herein or in attachments are subject to legal and regulatory approval prior to implementation. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply e-mail. Please advise immediately if you or your employer do not consent to Internet e-mail of this kind. Opinions, conclusions, and other information in this message that do not relate to the official business of The CDM Group shall be understood as neither given nor endorsed by it.
Restrict alias delivery to internal users
Hi all
I've had a bit of a Google but not come up with an answer for this -
hoping someone can help me out. Apologies if I've missed something
excruciatingly obvious.
I'd like to set up group aliases ("everyone@", sort of thing) but
restrict them from external senders so that only internal users can
make use of them.
I use SASL to authenticate, so I guess ideally I'd like to be able to
reject mail sent to a specific alias if the connection isn't
authenticated, or at least reject the mail if the sender address isn't
in my domain.
Is this feasible? Thanks in advance for any help!
(Most forums seem to just suggest keeping aliases secret, but aliases
are always going to be guessable even if they aren't leaked, so I
don't think that's much of a solution!)
-Jon
Filter only unauthenticated connections
Hi all I'm hoping to configure postfix to only apply content filtering to mail that comes from unauthenticated sources, or outside sources if that's not possible. Basically, I want unauthenticated email checked for spam+viruses, but not authenticated email, because we've had the occasional problem with false positives (using spamassassin). I'm not especially worried about outbound viruses - we do use desktop AV, and a virus or worm which makes an unauthenticated SMTP connection on its own should then get filtered normally. I've found two options, please tell me if I'm barking up completely the wrong tree :) The first is described in a forum post here: http://mail-archives.apache.org/mod_mbox/spamassassin-users/200410.mbox/%3c00a201c4bef4$766b2ed0$0a00a...@splatter%3e#archives That page suggests a way to use amavis for non-SASL connections only: main.cf: content-filter = smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access regexp:/etc/postfix/amavisd.regexp amavisd.regexp: /^/ FILTER smtp-amavis:[127.0.0.1]:10024 I didn't see another reference to doing it this way, so my question is, is this a workable solution or a terribly bad idea? Will it achieve what I want, or surprise me by breaking postfix in some new and interesting way? Also: is there a more efficient way of matching everything without using a regular expression? Anyway. If that's not a workable option, I also found what appears to be an Official Postfix Way: http://www.postfix.org/FILTER_README.html#remote_only, which describes how to set up content filters for outside communications only. That looks promising as an alternative, but it's definitely above my current competency level (ie: "newbie": that section really didn't make much sense to me). If this IS the right way to go, I'll give it a shot and ask for help if I can't figure it out. Thanks! -Jon
Re: Filter only unauthenticated connections
On 17 May 2010 17:05, Noel Jones wrote: > On 5/17/2010 9:50 AM, Jon Tullett wrote: >> >> Hi all >> >> I'm hoping to configure postfix to only apply content filtering to >> mail that comes from unauthenticated sources, or outside sources if >> that's not possible. Basically, I want unauthenticated email checked >> for spam+viruses, but not authenticated email, because we've had the >> occasional problem with false positives (using spamassassin). I'm not >> especially worried about outbound viruses - we do use desktop AV, and >> a virus or worm which makes an unauthenticated SMTP connection on its >> own should then get filtered normally. >> >> I've found two options, please tell me if I'm barking up completely >> the wrong tree :) >> >> The first is described in a forum post here: >> >> http://mail-archives.apache.org/mod_mbox/spamassassin-users/200410.mbox/%3c00a201c4bef4$766b2ed0$0a00a...@splatter%3e#archives >> >> That page suggests a way to use amavis for non-SASL connections only: >> >> main.cf: >> content-filter = >> smtpd_sender_restrictions = permit_sasl_authenticated, >> check_sender_access regexp:/etc/postfix/amavisd.regexp >> >> amavisd.regexp: >> /^/ FILTER smtp-amavis:[127.0.0.1]:10024 >> >> I didn't see another reference to doing it this way, so my question >> is, is this a workable solution or a terribly bad idea? Will it >> achieve what I want, or surprise me by breaking postfix in some new >> and interesting way? > > This is a valid config and will send only unauthenticated mail to amavisd. > Authenticated mail gets a free pass. Similar setups are posted here > frequently and can be found in the amavisd-new docs. Super. Thanks Noel - much appreciated! -J
Throttling, trivial-rewrite and problem talking to service errors when using LDAP
Hello! I'm getting some throttling/trivial-rewrite/problem talking to service errors when enabling LDAP with Postfix. My virtual map seems to work using postmap: cybersec:~# postmap -q jon.kristen...@cybersec.se ldap:/etc/postfix/virtual_mailbox_maps.cf /var/mail/virtual/cybersec/csjonkri/ These are the errors I get when trying to Telnet to the box (Postfix stops responding after acknowledging the HELO command): cybersec:~# tail -f /var/log/mail.log Jul 13 14:28:52 cybersec postfix/master[2422]: warning: process /usr/lib/postfix/trivial-rewrite pid 2457 killed by signal 6 Jul 13 14:28:53 cybersec postfix/smtpd[2455]: warning: problem talking to service rewrite: Success Jul 13 14:28:53 cybersec postfix/master[2422]: warning: process /usr/lib/postfix/trivial-rewrite pid 2458 killed by signal 6 Jul 13 14:28:53 cybersec postfix/master[2422]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup -- throttling This is my configuration: cybersec:~# postconf -n alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all mailbox_size_limit = 0 mydestination = $mydomain, jonkristensen.com, $myhostname, localhost mydomain = cybersec.se myhostname = cybersec000.$mydomain mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 # + vpn myorigin = cybersec.se notify_classes = bounce, 2bounce, delay, policy, protocol, resource, software readme_directory = no recipient_delimiter = + smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) virtual_mailbox_maps = ldap:/etc/postfix/virtual_mailbox_maps.cf This is my virtual_mailbox_maps map: cybersec:~# cat /etc/postfix/virtual_mailbox_maps.cf server_host = ldap://ldap.cybersec.se search_base = dc=cybersec,dc=se start_tls = yes version = 3 # tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt # tls_cert = /etc/postfix/tls/ldap.cybersec.se.crt # tls_key = /etc/postfix/tls/ldap.cybersec.se.pem # tls_require_cert = yes query_filter = (|(mail=%s)(mailLocalAddress=%s)) result_attribute = uid result_format = /var/mail/virtual/cybersec/%s/ If I comment out the virtual_mailbox_maps line in my configuration file the errors does not appear. Thanks in advance for any help! Warm regards, Jon Kristensen
Re: Throttling, trivial-rewrite and problem talking to service errors when using LDAP
On 7/13/2010 5:42 PM, Wietse Venema wrote:
Jon Kristensen:
cybersec:~# tail -f /var/log/mail.log
Jul 13 14:28:52 cybersec postfix/master[2422]: warning: process
/usr/lib/postfix/trivial-rewrite pid 2457 killed by signal 6
You need to search your logfiles for lines with the word "panic".
Wietse
That word is not in any log file. Postfix uses
/var/log/mail.{log,info,err,warn}.
cybersec:~# cat /var/log/* | grep panic
cat: /var/log/apache2: Is a directory
cat: /var/log/apt: Is a directory
cat: /var/log/fsck: Is a directory
cat: /var/log/news: Is a directory
cat: /var/log/ntpstats: Is a directory
Do I need to enable debug or something? I'm using Debian and the
official repository...
Best,
Jon Kristensen
Re: Throttling, trivial-rewrite and problem talking to service errors when using LDAP
On 7/13/2010 6:07 PM, Victor Duchovni wrote: perhaps your LDAP is using GNUTLS (it used to exit() in the library when entropy was not available The LDAP library does indeed use GNU TLS: cybersec:~# ldd /usr/sbin/slapd | grep tls libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7526000) it used to exit() in the library when entropy was not available, perhaps it now aborts... Do I need to recompile LDAP with OpenSSL instead in order for Postfix to work, or is there some way I can make an entropy available? /dev/urandom seems to work fine. Thanks for your help! Best, Jon Kristensen
Re: Throttling, trivial-rewrite and problem talking to service errors when using LDAP
Thanks for your help. I created the /dev/urandom device file and recompiled Postfix with SSL instead of TLS and now everything works like a charm! Warm regards, Jon Kristensen
sending notification of new mail to cell phone
Hi, I've been searching everywhere for this and can't seem to find a solution. I'm runing a centos 5 server with postfix and cyrus on it and would like to send a notification email to a cell phone email address when new mail is received on a certain account. What is the best way to go about doing this? I've tried adding a new service to master.cf that runs a script, but it won't run when new mail is received. It will only run if I replace an existing service with the script (like spamassassin). -Jon
3 hour delay
Hi, I've been running Postfix/MySQL/Courier for months with no problems. Suddenly in the last day or so, mail has been taking around 3 hours to process. I don't have a clue where to start looking. When I do a qshape, I see this: T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 2094 47 53 180 160 300 585 769 00 0 a 422 13 5 36 35 54 119 160 00 0 b 199 5 6 18 20 29 58 63 00 0 c 196 4 2 14 12 31 65 68 00 0 d 125 1 3 11 16 15 38 41 00 0 e 125 7 3 2 5 20 39 49 00 0 f 87 2 6 6 7 12 26 28 00 0 g 74 2 2 4 6 7 24 29 00 0 h 58 0 1 2 7 9 20 19 00 0 i 51 0 0 4 4 8 13 22 00 0 j 47 0 1 1 0 6 12 27 00 0 k 34 0 3 1 2 9 10 9 00 0 l 32 0 2 5 0 4 12 9 00 0 m 29 1 0 2 2 9 3 12 00 0 n 29 0 0 4 0 6 7 12 00 0 o 28 0 1 3 5 6 6 7 00 0 p 26 1 1 4 2 1 8 9 00 0 q 24 1 1 3 3 3 5 8 00 0 r 22 1 1 1 1 4 6 8 00 0 s 21 0 0 4 0 2 7 8 00 0 But, I don't have a baseline. I don't know what it should look like. But, it seems backlogged. Not sure how to fix that. Any suggestions are greatly appreciated. Thanks, -Jon
Postfix Multi and Sendmail
I've set up a server that uses postmulti for multiple companies to that I can configure a milter to a different archiving solution for each, and I'd like to add the possibility to add a disclaimer. Normally I'd use altermime as a content filter that puts the mail back into the queue with the sendmail command. In the case of multiple postfix instances, I don't seem to be able to find a way to specify which queue to put the mail back into. I'd like the mail to return to the postfix instance from which it originated (I.e. if postfix-1031 handed the mail off to the content filter I'd like to be able to specify that it is put back into postfix-1031's pickup queue with sendmail). Is there a way to achieve this? Many thanks, Jonathan
RE: Postfix Multi and Sendmail
-Original message- To: postfix-users@postfix.org; From: Noel Jones Sent: Wed 13-04-2011 14:15 Subject:Re: Postfix Multi and Sendmail > On 4/13/2011 7:58 AM, Jon Cutting wrote: > > I've set up a server that uses postmulti for multiple companies to that I > > can > configure a milter to a different archiving solution for each, and I'd like > to > add the possibility to add a disclaimer. > > > > Normally I'd use altermime as a content filter that puts the mail back into > the queue with the sendmail command. In the case of multiple postfix > instances, > I don't seem to be able to find a way to specify which queue to put the mail > back into. I'd like the mail to return to the postfix instance from which it > originated (I.e. if postfix-1031 handed the mail off to the content filter > I'd > like to be able to specify that it is put back into postfix-1031's pickup > queue > with sendmail). > > > > Is there a way to achieve this? > > > > Many thanks, > > > > Jonathan > > Forward the mail via SMTP by using mini_sendmail as a > replacement for sendmail. Specify the destination port with > the mini_sendmail -pPORT option. > > http://acme.com/software/mini_sendmail/ > or in most OS packaging systems. > > >-- Noel Jones > Many thanks for the suggestion Noel. I may run into another problem if I send it back via SMTP though as my content filter is defined on the smtpd process and I may create a loop.
Major issues with a new install of Postfix
pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop
($recipient)bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipientprocmail unix - n n - - pipe flags=R
user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
-- end of postfinger output --
# postconf -mbtreecidrenvironhashldapnispcreproxyregexpsdbmstatictcpunix
postconf -n
alias_maps = hash:/etc/aliasesbiff = nocanonical_maps =
hash:/etc/postfix/canonicalcommand_directory = /usr/sbinconfig_directory =
/etc/postfixdaemon_directory = /usr/lib/postfixdebug_peer_level =
2defer_transports =disable_dns_lookups = nodisable_mime_output_conversion =
nodisable_vrfy_command = yeshome_mailbox = Maildir/html_directory =
/usr/share/doc/packages/postfix/htmlinet_interfaces = allinet_protocols =
alllocal_recipient_maps = hash:/etc/postfix/local_user_mapmail_owner =
postfixmail_spool_directory = /var/mailmailbox_command =mailbox_size_limit =
0mailbox_transport =mailq_path = /usr/bin/mailqmanpage_directory =
/usr/share/manmasquerade_classes = envelope_sender, header_sender,
header_recipientmasquerade_domains = mydomain1.com.aumasquerade_exceptions =
rootmessage_size_limit = 20024mydestination = $myhostname $mydomain
mydomain2.com.aumydomain = mydomain1.com.aumyhostname =
mail.mydomain1.com.aumynetworks = 192.168.2.0/24, 127.0.0.0/8mynetworks_style =
subnetmyorigin = $mydomainnewaliases_path = /usr/bin/newaliasesqueue_directory
= /var/spool/postfixreadme_directory =
/usr/share/doc/packages/postfix/README_FILESrelay_domains =
$mydestinationrelayhost =relocated_maps =
hash:/etc/postfix/relocatedsample_directory =
/usr/share/doc/packages/postfix/samplessender_canonical_maps =
hash:/etc/postfix/sender_canonicalsendmail_path =
/usr/sbin/sendmailsetgid_group = maildropsmtp_sasl_auth_enable = nosmtp_use_tls
= nosmtpd_client_restrictions = permit_mynetworks,
rejectsmtpd_data_restrictions = reject_unauth_pipeliningsmtpd_helo_required =
nosmtpd_helo_restrictions =smtpd_recipient_restrictions =
reject_unknown_sender_domain, permit_mynetworks, reject_unauth_destination,
permitsmtpd_sasl_auth_enable = nosmtpd_sender_restrictions =
reject_unknown_sender_domainsmtpd_use_tls = nostrict_8bitmime =
nostrict_rfc821_envelopes = notransport_maps =
hash:/etc/postfix/transportunknown_local_recipient_reject_code =
550virtual_alias_domains = mydomain2.com.auvirtual_alias_maps =
hash:/etc/postfix/virtual
Hope someone can help me with this.
The mail server sit behind a firewall on a Cisco router.
Thanks
Jon
Postfix server problems
Sorry about the last attempt... From: jonl...@hotmail.com To: jonl...@hotmail.com Subject: Date: Fri, 24 Jun 2011 21:30:00 +0800 I recently installed a postfix server and imap. Problems I'm having are as follows: 1) cannot send or receive email2) email does not show up in Outlook 2003 on a Windows XP desktop messages in log files are as follows:Jun 24 20:57:44 mmtlnx postfix/smtp[25814]: fatal: unknown service: smtp/tcpJun 24 20:57:44 mmtlnx postfix/smtp[25819]: fatal: unknown service: smtp/tcpJ Jun 24 20:57:45 mmtlnx postfix/qmgr[25383]: warning: premature end-of-input on private/smtp socket while reading input attribute nameJun 24 20:57:45 mmtlnx postfix/master[19595]: warning: process /usr/lib/postfix/smtp pid 25814 exit status 1Jun 24 20:57:45 mmtlnx postfix/master[19595]: warning: /usr/lib/postfix/smtp: bad command startup -- throttlingJun 24 20:57:45 mmtlnx postfix/qmgr[25383]: warning: private/smtp socket: malformed responseJun 24 20:57:45 mmtlnx postfix/qmgr[25383]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem descriptionJun 24 20:57:45 mmtlnx postfix/master[19595]: warning: process /usr/lib/postfix/smtp pid 25819 exit status 1Jun 24 20:57:45 mmtlnx postfix/qmgr[25383]: 0CE51FBB2: to=, relay=none, delay=5891, status=deferred (delivery temporarily suspended: unknown mail transport error) # postconf -mbtreecidrenvironhashldapnispcreproxyregexpsdbmstatictcpunix postconf -n alias_maps = hash:/etc/aliasesbiff = nocanonical_maps = hash:/etc/postfix/canonicalcommand_directory = /usr/sbinconfig_directory = /etc/postfixdaemon_directory = /usr/lib/postfixdebug_peer_level = 2defer_transports =disable_dns_lookups = nodisable_mime_output_conversion = nodisable_vrfy_command = yeshome_mailbox = Maildir/html_directory = /usr/share/doc/packages/postfix/htmlinet_interfaces = allinet_protocols = alllocal_recipient_maps = hash:/etc/postfix/local_user_mapmail_owner = postfixmail_spool_directory = /var/mailmailbox_command =mailbox_size_limit = 0mailbox_transport =mailq_path = /usr/bin/mailqmanpage_directory = /usr/share/manmasquerade_classes = envelope_sender, header_sender, header_recipientmasquerade_domains = mmtnetworks.com.aumasquerade_exceptions = rootmessage_size_limit = 20024mydestination = $myhostname $mydomain jlorenzo.com.aumydomain = mmtnetworks.com.aumyhostname = mail.mmtnetworks.com.aumynetworks = 192.168.2.0/24, 127.0.0.0/8mynetworks_style = subnetmyorigin = $mydomainnewaliases_path = /usr/bin/newaliasesqueue_directory = /var/spool/postfixreadme_directory = /usr/share/doc/packages/postfix/README_FILESrelay_domains = $mydestinationrelayhost =relocated_maps = hash:/etc/postfix/relocatedsample_directory = /usr/share/doc/packages/postfix/samplessender_canonical_maps = hash:/etc/postfix/sender_canonicalsendmail_path = /usr/sbin/sendmailsetgid_group = maildropsmtp_sasl_auth_enable = nosmtp_use_tls = nosmtpd_client_restrictions = permit_mynetworks, rejectsmtpd_data_restrictions = reject_unauth_pipeliningsmtpd_helo_required = nosmtpd_helo_restrictions =smtpd_recipient_restrictions = reject_unknown_sender_domain, permit_mynetworks, reject_unauth_destination, permitsmtpd_sasl_auth_enable = nosmtpd_sender_restrictions = reject_unknown_sender_domainsmtpd_use_tls = nostrict_8bitmime = nostrict_rfc821_envelopes = notransport_maps = hash:/etc/postfix/transportunknown_local_recipient_reject_code = 550virtual_alias_domains = jlorenzo.com.auvirtual_alias_maps = hash:/etc/postfix/virtual regards, Jon
Postfix problems
Sorry about the message, for some reason it did like like plain textI'm installing the same version I had before the crash, unfortunately the config backups does not seem to be helping. I will be upgrading this server later in the year and unfortunately I cannot install the lastest version of the OS because the newer OS (SLESv11) does not install on this server (IBM xSeries 220), the best I may be able to do is take the OS up to SP4, and I'm not too sure it will run on this server.So I would like to get everything running smoothly before I update the server OS.. no need in adding other issues on top of current issues.Jon
RE: Major issues with a new install of Postfix
It was already off.
--master.cf--smtp inet n - n - -
smtpdpickupfifo n - n 60 1 pickupcleanup
unix n - n - 0 cleanupqmgr fifo n -
n 300 1 qmgrrewrite unix - - n -
- trivial-rewritebounceunix - - n - 0
bouncedefer unix - - n - 0 bouncetrace
unix - - n - 0 bounceverifyunix - -
n - 1 verifyflush unix n - n 1000?
0 flushproxymap unix - - n - -
proxymapsmtp unix - - - - - smtprelay
unix - - n - - smtp-o
fallback_relay=showq unix n - n - -
showqerror unix - - n - - errordiscard
unix - - n - - discardlocal unix - n
n - - localvirtual unix - n n -
- virtuallmtp unix - - n - -
lmtpanvil unix - - n - 1 anvilscacheunix
- - n - 1 scachemaildrop unix - n
n - - pipe flags=DRhu user=vmail
argv=/usr/local/bin/maildrop -d ${recipient}cyrus unix - n n
- - pipe user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r
${sender} -m ${extension} ${user}uucp unix - n n -
- pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender -
$nexthop!rmail ($recipient)ifmailunix - n n - -
pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop
($recipient)bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipientprocmail unix - n n - - pipe flags=R
user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
> Subject: Re: Major issues with a new install of Postfix
> To: jonl...@hotmail.com
> Date: Fri, 24 Jun 2011 09:43:07 -0400
> CC: postfix-users@postfix.org
> From: wie...@porcupine.org
>
> Jon Miller:
> > Jun 24 00:18:23 mmtlnx postfix/smtp[7455]: fatal: unknown service: smtp/tcp
>
> Try turning off chroot operation in master.cf.
>
> A common mistake is to turn on chroot operation in the master.cf
> file without going through all the necessary steps to set up a
> chroot environment. This causes Postfix daemon processes to fail
> due to all kinds of missing files.
>
> The example below shows an SMTP server and client that are configured
> with chroot turned off:
>
> /etc/postfix/master.cf:
> # =
> # service type private unpriv chroot wakeup maxproc command
> # (yes) (yes) (yes) (never) (100)
> # =
> smtp inet n - n - - smtpd
> smtp unix - - n - - smtp
>
> Inspect master.cf for any processes that have chroot operation not
> turned off. If you find any, save a copy of the master.cf file,
> and edit the entries in question. After executing the command
> "postfix reload", see if the problem has gone away.
>
> If turning off chrooted operation made the problem go away, then
> congratulations. Leaving Postfix running in this way is adequate
> for most sites. If you prefer chrooted operation, see the Postfix
> BASIC_CONFIGURATION_README file for information about how to prepare
> Postfix for chrooted operation.
>
> See also: http://www.postfix.org/DEBUG_README.html#no_chroot
>
> Wietse
RE: Major issues with a new install of Postfix
I turned it off (wasn't aware that the "n" in the column meant it was still on), now there is no smtp listening and therefore Outlook cannot send mail out. from Outlook ClientTask 'Mail - Sending' reported error (0x80042109) : 'Outlook is unable to connect to your outgoing (SMTP) e-mail server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).' netstat -auntActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp0 0 0.0.0.0:139 0.0.0.0:* LISTENtcp0 0 192.168.2.247:427 0.0.0.0:* LISTENtcp0 0 127.0.0.1:427 0.0.0.0:* LISTENtcp0 0 0.0.0.0:110 0.0.0.0:* LISTENtcp0 0 0.0.0.0:143 0.0.0.0:* LISTENtcp0 0 0.0.0.0:111 0.0.0.0:* LISTENtcp0 0 0.0.0.0:20000.0.0.0:* LISTENtcp0 0 127.0.0.1:2544 0.0.0.0:* LISTENtcp0 0 0.0.0.0:22 0.0.0.0:* LISTENtcp0 0 0.0.0.0:631 0.0.0.0:* LISTENtcp0 0 0.0.0.0:445 0.0.0.0:* LISTENtcp0 0 192.168.2.247:143 192.168.2.2:1720ESTABLISHEDtcp1 0 127.0.0.1:52355 127.0.0.1:427 CLOSE_WAITtcp0132 192.168.2.247:22192.168.2.2:3469ESTABLISHEDtcp0 0 192.168.2.247:22192.168.2.2:4916ESTABLISHEDtcp0 0 192.168.2.247:143 192.168.2.1:59172 TIME_WAITtcp0 0 192.168.2.247:143 192.168.2.1:59173 TIME_WAITtcp0 0 192.168.2.247:143 192.168.2.1:59171 ESTABLISHEDudp0 0 192.168.2.247:137 0.0.0.0:*udp0 0 0.0.0.0:137 0.0.0.0:*udp0 0 192.168.2.247:138 0.0.0.0:*udp0 0 0.0.0.0:138 0.0.0.0:*udp0 0 255.255.255.255:427 0.0.0.0:*udp0 0 192.168.2.247:427 0.0.0.0:*udp0 0 224.0.1.22:427 0.0.0.0:*udp0 0 239.255.255.253:427 0.0.0.0:*udp0 0 0.0.0.0:111 0.0.0.0:*udp0 0 0.0.0.0:631 0.0.0.0:* > Subject: Re: Major issues with a new install of Postfix > To: jonl...@hotmail.com > Date: Fri, 24 Jun 2011 09:55:37 -0400 > CC: wie...@porcupine.org; postfix-users-dig...@cloud9.net > From: wie...@porcupine.org > > Jon Miller: > > It was already off. > > --master.cf-- > > smtp inet n - n - - smtpd > ... > > smtp unix - - - - - smtp > > CHROOT IS TURNED ON ABOVE. > > Wietse
RE: Major issues with a new install of Postfix
Ok, so port 25 is back on, Now the issue is I still cannot get e-mail to show up in OL2003 desktop client. > Subject: Re: Major issues with a new install of Postfix > To: wie...@porcupine.org > Date: Fri, 24 Jun 2011 10:10:51 -0400 > CC: jonl...@hotmail.com; postfix-users-dig...@cloud9.net > From: wie...@porcupine.org > > > smtp inet n - n - - smtpd > > The above has chroot TURNED OFF. This is GOOD. DO NOT CHANGE IT > OR YOU WILL NOT RECEIVE EMAIL. > > > smtp unix - - - - - smtp > > The above has chroot TURNED ON, This is WRONG. CHANGE THIS RULE > INSTEAD OF THE FIRST ONE. > > Wietse
postfix problems
When I see mail trying to come in I get an error such as: Jun 24 23:01:08 mmtlnx postfix/smtpd[27237]: NOQUEUE: reject: RCPT from mail.domain3.com.au[203.161.81.22]: 554 : Client host rejected: Access denied; from= to= proto=ESMTP helo= Jun 24 23:01:09 mmtlnx postfix/smtpd[27237]: disconnect from mail.domain3.com.au[203.161.81.22] I know this is a valid domain This is the output of postconf -n # postconf -n alias_maps = hash:/etc/aliases biff = no canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no disable_mime_output_conversion = no disable_vrfy_command = yes home_mailbox = Maildir/ html_directory = /usr/share/doc/packages/postfix/html inet_interfaces = all inet_protocols = all local_recipient_maps = hash:/etc/postfix/local_user_map mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = mailbox_size_limit = 0 mailbox_transport = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = mmtnetworks.com.au masquerade_exceptions = root message_size_limit = 20024 mydestination = $myhostname $mydomain jlorenzo.com.au mydomain = mmtnetworks.com.au myhostname = mail.mmtnetworks.com.au mynetworks = 192.168.2.0/24, 127.0.0.0/8 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES relay_domains = $mydestination relayhost = relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_sasl_auth_enable = no smtp_use_tls = no smtpd_client_restrictions = permit_mynetworks, reject smtpd_data_restrictions = reject_unauth_pipelining smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = reject_unknown_sender_domain, permit_mynetworks, reject_unauth_destination, permit smtpd_sasl_auth_enable = no smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_use_tls = no strict_8bitmime = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = virtual_alias_maps = hash:/etc/postfix/virtual Thanks Jon
RE: postfix problems
Hi, Stress is probably getting the best of me at the moment since I've been trying to get thi sdamn thing back on line since last week. I run two businesses and both sends and receives a lot of email on this server and of course the drives decided to crash at the peak of the season for me. So I guess I would be more stressed and not watching what I'm doing or just letting myself get confused. I understand some of the postfix commands but basically I'm not that switched on to the restrictions and I like to know more about them for stopping spammers. I just ask that you guys bear with me... A do appreciate the help... heaps. Jon > Date: Fri, 24 Jun 2011 11:22:02 -0400 > From: grkni...@scent-team.com > To: postfix-users@postfix.org > Subject: Re: postfix problems > > On 6/24/2011 11:14 AM, Jon Miller wrote: > > > > When I see mail trying to come in I get an error such as: > > > > Jun 24 23:01:08 mmtlnx postfix/smtpd[27237]: NOQUEUE: reject: RCPT > > from mail.domain3.com.au[203.161.81.22]: 554 > > : Client host rejected: Access > > denied; from= to= > > proto=ESMTP helo= > > > > Jun 24 23:01:09 mmtlnx postfix/smtpd[27237]: disconnect from > > mail.domain3.com.au[203.161.81.22] > > > > I know this is a valid domain > > > > This is the output of postconf –n > > > > # postconf -n > > > ... > > > > smtpd_client_restrictions = permit_mynetworks, reject > > > > > Your log is because of this line. > It reads: "Accept mail from 'mynetworks' otherwise reject the world." > > It seems you have little knowledge (or a lot of stress) concerning > Postfix configuration. > > Perhaps it is time to review: > http://www.postfix.org/BASIC_CONFIGURATION_README.html > http://www.postfix.org/STANDARD_CONFIGURATION_README.html
RE: postfix problems
Hi Victor, basically mmtnetworks.com.au is the main domain, jlorenzo.com.au is another domain on the same server for a different business. The 203.161.81.22 is a clients server that I use to send test mail to myself to see if it's getting thru.I've changed the line:mydestination = $myhostname $mydomain jlorenzo.com.au tomydestination = mmtnetworks.com.au jlorenzo.com.au since these are the 2 domains that mail is destine for. The sending machine (203.161.81.22) is not on the same subnet as the ipaddress listed in mynetworks, that is correct because it is not a member of this domain. This sending machine sends me e-mail all the time, its a clients system and I need to accept their emails. After making the changes I am receiving their mail to the server and its being delivered to maildir, however I'm not getting the mail to show up in the Inbox of my client. Jon > Date: Fri, 24 Jun 2011 11:23:35 -0400 > From: victor.ducho...@morganstanley.com > To: postfix-users@postfix.org > Subject: Re: postfix problems > > On Fri, Jun 24, 2011 at 11:14:31PM +0800, Jon Miller wrote: > > > When I see mail trying to come in I get an error such as: > > > > Jun 24 23:01:08 mmtlnx postfix/smtpd[27237]: NOQUEUE: reject: RCPT from > > mail.domain3.com.au[203.161.81.22]: 554 > > : Client host rejected: Access denied; > > from= to= proto=ESMTP > > helo= > > Your access rules don't allow 203.161.81.22 to send email to > jlmil...@domain1.com.au. With munged log domain names, it may be difficult > to correlate this to your configuration. > > > > mydestination = $myhostname $mydomain jlorenzo.com.au > > mydomain = mmtnetworks.com.au > > myhostname = mail.mmtnetworks.com.au > > How is this related to the domains in the log entry? > > > mynetworks = 192.168.2.0/24, 127.0.0.0/8 > > The sending machine is NOT in mynetworks. > > > relay_domains = $mydestination > > Generally, not a good idea. If you want all sub-domains of your > domain to be relay domains, do this explicitly: > > # Empty > parent_domain_matches_subdomains = > # Relay domains and sub-domain suffixes: > relay_domains = example.org, .example.com, .example.net > > > sender_canonical_maps = hash:/etc/postfix/sender_canonical > > Better to use smtp_generic_maps. > > > smtpd_client_restrictions = permit_mynetworks, reject > > This rejects all traffic from machines not listed in mynetworks, and is > the reason for the reported reject. > > > smtpd_recipient_restrictions = reject_unknown_sender_domain, > > permit_mynetworks, reject_unauth_destination, permit > > This won't help, the traffic is already rejected. > > -- > Viktor.
RE: postfix problems
Got some much sleep, which i have not done in a few days, I removed the smtpd_client_ restrictions. I had read too many different suggestions and obvious did not understand what this restriction actually does.My main goal is to prevent any attempts of spam, viruses and other nasties, until this is working. Jon > Date: Sat, 25 Jun 2011 00:24:42 +0200 > From: mo...@ml.netoyen.net > To: jonl...@hotmail.com > CC: postfix-users@postfix.org > Subject: Re: postfix problems > > Le 24/06/2011 17:43, Jon Miller a écrit : > > > > Hi, > > Stress is probably getting the best of me at the moment since I've been > > trying to get thi sdamn thing back on line since last week. > > so stop it, get some vacation, meet people, ... etc until you beat stress! > > > > I run two businesses and both sends and receives a lot of email on this > > server and of course the drives decided to crash at the peak of the season > > for me. So I guess I would be more stressed and not watching what I'm doing > > or just letting myself get confused. I understand some of the postfix > > commands but basically I'm not that switched on to the restrictions and I > > like to know more about them for stopping spammers. > > > > I just ask that you guys bear with me... > > we can't help you if you don't help. as you've been told, you have > > smtpd_client_restrictions = permit_mynetworks, reject > > why do you have this? > this results in: block mail except from mynetworks. > > > > A do appreciate the help... heaps. > > if you can get "calm", you'll get help here. if you can't, pay someone > to do that for you.
re: how to block spam
Now that I've got this back up and running, like to know how I can stop the spam from coming in, before it would be blocked I hardly ever had any spam. Regards, Jon Lorenzo jLorenzo Photography http://www.jLorenzo.com.au jlmil...@jlorenzo.com.au "... the camera is just a tool, without the eye behind it, it's just a tool." Camille Seaman Disclaimer This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. <>
send copy of incoming mail to another user
Like to know how do I send a copy of incoming mail to another user, both the user and management requires the same mail Jon L Miller MMT Networks Pty Ltd e: jlmil...@mmtnetworks.com.au p: +618 9375 6597 m: +61 412 126 166 Disclaimer This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
Inject email from web server to postfix queue
Hi List I don't know if this is possible But we have developed a website for a customer with a CRM backend, without around 72,000 subscribers. We want to update and manage the subscriber list on the webserver and generate the weekly mailshot, all these processes are running fine. Our solution was to create threads on the web server (running IIS) to generate emails to be sent by the middleware (a PHP like language). This does work fine up to around a couple of thousand emails, then it runs out of memory and the process dies. I am looking at some kind of throttle, but its not a very elegant solution. I thought if I could generate a postfix friendly file, I could create an SMB share and drop the 72,000 files into a folder that Postfix would "see" and then process. I have a "live" and very happy Postfix server, already managing the email for a couple of dozen domains. (Nothing very big, mostly 3/4 users on each). Which I don't want to risk messing up. Firstly, is the feasable? Can I create a new "webqueue" folder, drop the files in their and have postfix send them off? Can I copy a file from the mail queue as a template? Any thoughts on this appreciated. Regards Jon Harris
RE: Inject email from web server to postfix queue
Hi Mark I know this does sound odd, but the middleware uses its SQLite and its own SMTP "queue management". Apparently when the queue gets bloated, things start to go wrong. Whereas creating 72,000 files on disk wouldn't be a problem. Yes, I agree this does expose a weekness in the middleware, but we are already committed to it. Most web applications only have to email an order or a contact form, etc. So I can't really blame the developers for me trying to use it as a mailing list manager. So, my idea was to use something a little more "industrial strength" to get the messages out. I was trying to draw a few things together. I know my Postfix server works beautifully (out of 18 servers, its my most reliable) and I know I can create a SMB share on it. I wanted to create a "drop-folder". I understand from Peter Blair who also answered this thread that I should be able to write something in Perl to do this. Unfortunately, my Perl skills are pretty weak. Regards Jon Harris -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Mark Goodge Sent: 12 September 2011 15:01 To: postfix-users@postfix.org Subject: Re: Inject email from web server to postfix queue On 12/09/2011 14:37, Jon Harris wrote: > Hi List > > I don't know if this is possible > > But we have developed a website for a customer with a CRM backend, > without around 72,000 subscribers. > > We want to update and manage the subscriber list on the webserver and > generate the weekly mailshot, all these processes are running fine. > > Our solution was to create threads on the web server (running IIS) to > generate emails to be sent by the middleware (a PHP like language). > This does work fine up to around a couple of thousand emails, then it > runs out of memory and the process dies. I am looking at some kind of > throttle, but its not a very elegant solution. > > I thought if I could generate a postfix friendly file, I could create > an SMB share and drop the 72,000 files into a folder that Postfix > would "see" and then process. I may be missing something obvious here, but I don't see why a program that can't create 72,000 email messages without running out of memory will be able to create 72,000 files without failing for exactly the same reason. An email is, after all, merely a file which is written to an external process (an SMTP server, in this example example) rather than a physical location. In fact, I'm having difficulty imagining a reason why any competently written program can't send an arbitrarily large number of emails anyway - all it's doing is running round a loop repeatedly, and it doesn't matter whether it does it 72 times or 72,000 times. The real constraints are the capacity of your mail servers to handle that many emails. It sounds to me, therefore, is if what you've got is a serious flaw in your mail-generation program, and I'd be inclined to address that rather than trying to find a workaround for the problem that involves injecting mail directly into the queue. If you really can't fix the mail-generation program's sending limit (eg, because it's a third-party CMS that comes with the bug built-in), then, as has already been suggested, the simplest option is to use an intermediate program which takes files from your storage directory and then sends them out by email. That's not Postfix-specific; any program which can read a file and then write to SMTP will work with any MTA. It would be pretty trivial to code that in PHP or Perl, I'm presuming it would be equally simple in Python, Ruby, ASP or your programming language of choice. The only complex part of it is error handling to ensure that you don't send the same message twice to the same person or that you don't miss anyone out if any email fails to send. Mark -- Sent from my Babbage Difference Engine http://mark.goodge.co.uk http://www.ratemysupermarket.com
Accepting mail from specific IPs
Hi, We have a postfix machine setup as described here: http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-ubuntu-11.10 and we would like to use a third party to do our spam filtering. So, we'd like to continue using the machine for authenticated outbound mail, but we want to limit the inbound mail to the third party mail server. How do we configure postfix to do this? Outbound: -- ANY IP (authenticated) -> Postfix -> The World! (OK) Inbound: A.B.C.D -> Postfix (OK) Anything else -> Postfix (DENIED) Thank you for your help. -Jon
Re: Accepting mail from specific IPs
Reindl, Thank you very much for the help. Is there a specific line in master.cf that I should amend? Or can I just drop it in on the bottom? -Jon On Jan 18, 2012, at 11:41 AM, Reindl Harald wrote: > > > Am 18.01.2012 17:36, schrieb Jon August: >> Hi, >> >> We have a postfix machine setup as described here: >> http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-ubuntu-11.10 >> >> and we would like to use a third party to do our spam filtering. So, we'd >> like to continue using the machine for authenticated outbound mail, but we >> want to limit the inbound mail to the third party mail server. How do we >> configure postfix to do this? >> >> Outbound: >> -- >> ANY IP (authenticated) -> Postfix -> The World! (OK) >> >> Inbound: >> >> A.B.C.D -> Postfix (OK) >> Anything else -> Postfix (DENIED) >> >> Thank you for your help. > > * add the ip to "mynetworks" > * add > "smtpd_sasl_auth_enable=yes,permit_sasl_authenticated,permit_mynetworks,reject" > in master.cf >
Re: Accepting mail from specific IPs
On Jan 18, 2012, at 11:59 AM, Brian Evans - Postfix List wrote: > On 1/18/2012 11:41 AM, Reindl Harald wrote: >> >> Am 18.01.2012 17:36, schrieb Jon August: >>> Hi, >>> >>> We have a postfix machine setup as described here: >>> http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-ubuntu-11.10 >>> >>> and we would like to use a third party to do our spam filtering. So, we'd >>> like to continue using the machine for authenticated outbound mail, but we >>> want to limit the inbound mail to the third party mail server. How do we >>> configure postfix to do this? >>> >>> Outbound: >>> -- >>> ANY IP (authenticated) -> Postfix -> The World! (OK) >>> >>> Inbound: >>> >>> A.B.C.D -> Postfix (OK) >>> Anything else -> Postfix (DENIED) >>> >>> Thank you for your help. >> * add the ip to "mynetworks" >> * add >> "smtpd_sasl_auth_enable=yes,permit_sasl_authenticated,permit_mynetworks,reject" >> in master.cf >> > I don't think that "master.cf" line is valid. > > Wouldn't this be better? > > In main.cf: > mynetworks = 127.0.0.1, A.B.C.D > smtpd_sasl_auth_enable=yes > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, reject > > Brian Brian, I currently have this in main.cf: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination and it allows all inbound mail from anywhere. Is the difference between "reject" and "reject_unauth_destination" that "reject" rejects everything and "reject_unauth_destination" only rejects mail for addresses we don't handle? Thanks, -Jon
Re: Accepting mail from specific IPs
On Jan 18, 2012, at 12:17 PM, Reindl Harald wrote: > > > Am 18.01.2012 18:14, schrieb Brian Evans - Postfix List: >> On 1/18/2012 12:05 PM, Reindl Harald wrote: >>> >>> Am 18.01.2012 17:59, schrieb Brian Evans - Postfix List: >>>> On 1/18/2012 11:41 AM, Reindl Harald wrote: >>>>> Am 18.01.2012 17:36, schrieb Jon August: >>>>>> Hi, >>>>>> >>>>>> We have a postfix machine setup as described here: >>>>>> http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-ubuntu-11.10 >>>>>> >>>>>> and we would like to use a third party to do our spam filtering. So, >>>>>> we'd like to continue using the machine for authenticated outbound mail, >>>>>> but we want to limit the inbound mail to the third party mail server. >>>>>> How do we configure postfix to do this? >>>>>> >>>>>> Outbound: >>>>>> -- >>>>>> ANY IP (authenticated) -> Postfix -> The World! (OK) >>>>>> >>>>>> Inbound: >>>>>> >>>>>> A.B.C.D -> Postfix (OK) >>>>>> Anything else -> Postfix (DENIED) >>>>>> >>>>>> Thank you for your help. >>>>> * add the ip to "mynetworks" >>>>> * add >>>>> "smtpd_sasl_auth_enable=yes,permit_sasl_authenticated,permit_mynetworks,reject" >>>>> in master.cf >>>>> >>>> I don't think that "master.cf" line is valid. >>>> >>>> Wouldn't this be better? >>>> >>>> In main.cf: >>>> mynetworks = 127.0.0.1, A.B.C.D >>>> smtpd_sasl_auth_enable=yes >>>> smtpd_recipient_restrictions = permit_sasl_authenticated, >>>> permit_mynetworks, reject >>> surely it is valid >>> >>> look at my 3 lines >>> submission = port 587, restricted to authenticated users only >>> you want the same for "smtp" (port 25) AND add the ip to "mynetworks" >>> >>> and even "mynetworks" is valid in "master.cf" >>> smtpd -o mynetworks=ip.addr.you.want.whitelisted -o >>> smtpd_client_restrictions=.. >> >> That was not what was written above >>> * add >>> "smtpd_sasl_auth_enable=yes,permit_sasl_authenticated,permit_mynetworks,reject" >>> in master.cf > > that was a snippet to point in the right direction > in the assumption that someone opens "master.cf" and > is seeing the "smtpd" line > So, both solutions work? I like the idea of a private port for my filtering service. If I was to go that route, should I take my smtpd_recipient_restrictions and mynetworks lines out of main.cf? Thanks for all the help, Reindl and Brian. -Jon
mail delivery system message
I'm getting a message stating the following: This is the Postfix program at host mail.mmtnetworks.com.au. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to If you do so, please include this problem report. You can delete your own text from the attached returned message. The Postfix program : localhost: No address associated with hostname Any help will be greatly appreciated. Jon
RE: mail delivery system message
escribes a number of hostname-to-address # mappings for the TCP/IP subsystem. It is mostly # used at boot time, when no name servers are running. # On small systems, this file can be used instead of a # "named" name server. # Syntax: # # IP-Address Full-Qualified-Hostname Short-Hostname # 127.0.0.1 mmtlnx.mmtnetworks.com.au mmtlnx # special IPv6 addresses ::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts 192.168.2.247 mmtlnx.mmtnetworks.com.au mmtlnx I was installing amavis and spamassassin, it's possible I may have done something wrong. > Date: Fri, 6 Apr 2012 23:36:41 -0500 > From: njo...@megan.vbhcs.org > To: postfix-users@postfix.org > Subject: Re: mail delivery system message > > On 4/6/2012 10:07 PM, Jon Miller wrote: > > I'm getting a message stating the following: > > > > This is the Postfix program at host mail.mmtnetworks.com.au. > > I'm sorry to have to inform you that your message could not be > > delivered to one or more recipients. It's attached below. > > For further assistance, please send mail to > > If you do so, please include this problem report. You can delete > > your own text from the attached returned message. > > The Postfix program > > : localhost: No address associated with > > hostname > > > > Any help will be greatly appreciated. > > > > Jon > > > The message couldn't be delivered. Further details are available in > the system logs and configuration of the mail.mmtnetworks.com.au > mail server. > > If you're the postmaster of the mail.mmtnetworks.com.au server, > please refer to the list welcome message for the information needed > to help diagnose the problem. > > If you're not the postmaster of that server, you'll need to contact > postmas...@mail.mmtnetworks.com.au for assistance; we are unable to > help you. > > > > > -- Noel Jones
RE: mail delivery system message
3096]: EBE1D18AF6: removed Apr 8 08:09:18 mmtlnx postfix/lmtp[23178]: 2916B1D464: to=, relay=/var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp], delay=0, status=sent (250 2.1.5 Ok) Apr 8 08:09:18 mmtlnx postfix/qmgr[23096]: 2916B1D464: removed Apr 8 08:09:20 mmtlnx postfix/smtpd[23150]: disconnect from unknown[192.168.xxx.xxx] /etc/hosts # # hosts This file describes a number of hostname-to-address # mappings for the TCP/IP subsystem. It is mostly # used at boot time, when no name servers are running. # On small systems, this file can be used instead of a # "named" name server. # Syntax: # # IP-Address Full-Qualified-Hostname Short-Hostname # 127.0.0.1 mail.mmtnetworks.com.au mmtlnx # special IPv6 addresses ::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts 192.168.2.247 mmtlnx.mmtnetworks.com.au mmtlnx Regards, Jon L Miller > Date: Sat, 7 Apr 2012 11:46:45 -0500 > From: njo...@megan.vbhcs.org > To: postfix-users@postfix.org > Subject: Re: mail delivery system message > > On 4/7/2012 7:14 AM, Jon Miller wrote: > > Yes I'm the postmaster of the mail server, just trying to stop the > > amount of spamming and now it's not accepting or sending mail. > > This is the content of the master.cf file > > > Here's some ground rules to get useful answers. Read this carefully. > > Post in plain text only; no html, no fancy fonts. The markup tends > to clobber config files and logs making them hard to read. > > Post your replies below the text you're referring to. Trim > unrelated lines to keep it readable. > > Post the information requested so we can get an idea of what's going > on. We need to see "postconf -n" output, or "postfinger" output > (not included with postfix; google for it), plus postfix logs > showing the unexpected behavior. > > Do not post verbose "-v" logs unless you are specifically asked for > them. The vast majority of problems can be solved with the normal > postfix logging. > > An explanation of your problem. Just posting a bunch of logs and > config doesn't help without your explanation of what you're trying > to do and what you're trying to fix. > > Read this carefully: > http://www.postfix.org/DEBUG_README.html#mail > > Postfix has complete and accurate documentation. Answers to all > your questions can be found here: > http://www.postfix.org/documentation.html > > > > -- Noel Jones
RE: mail delivery system message
If u do not mind letting me know what I did wrong so I can fix it, I would appreciate it. Like to have the correct format in replying to this group. Thanks > Date: Sat, 7 Apr 2012 22:22:01 -0500 > From: njo...@megan.vbhcs.org > To: postfix-users@postfix.org > Subject: Re: mail delivery system message > > On 4/7/2012 8:23 PM, Jon Miller wrote: > > Thanks Noel for the information and I hope I have it right this time. > > > > No, but I'll give you half credit for trying. > > > *Postfix -n* > > content_filter = smtp-amavis:[localhost]:10024 > > change that to > content_filter = smtp-amavis:[127.0.0.1]:10024 > > > > smtpd_recipient_restrictions = reject_invalid_hostname, > > reject_non_fqdn_sender, reject_unknown_sender_domain, > > reject_unknown_recipient_domain, permit_sasl_authenticated, > > permit_mynetworks, reject_unauth_destination, > > reject_unauth_pipelining, reject_rbl_client relays.ordb.org, > > check_sender_mx_access cidr:/etc/postfix/bogus_mx, > > check_helo_access pcre:/etc/postfix/helo_checks, > > check_sender_access hash:/etc/postfix/sender_access, > > reject_rbl_client multi.uribl.com, reject_rbl_client > > dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, > > reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client > > bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, > > reject_rbl_client cbl.abuseat.org, reject_rbl_client > > ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, > > reject_rbl_client rabl.nuclearelephant.com, permit > > You should review the RBLs you're using periodically to make sure > they are active and doing what you intend. Now's a good time. > > > > > > */etc/hosts* > > 127.0.0.1 mail.mmtnetworks.com.au mmtlnx > > add "localhost" to the above line. > > > > The two changes I've suggested will likely take care of the problem > you posted about. There may be other problems that appear when you > fix this. > > > -- Noel Jones
message in etc/var/mail
I'm experiencing a problem in my mail logs that keeps showing the following message: Apr 26 11:33:41 mmtlnx postfix/qmgr[2798]: warning: connect to transport smtp-amavis: Connection refused I've gone through every file in /etc/postfix and cannot find any reference of this message, I've checked chkconfig to make sure that amavis is turned off and it was, I'm at a lost atm. Thanks jlmil...@jlorenzo.com.au "... the camera is just a tool, without the eye behind it, it's just a tool." Camille Seaman Disclaimer This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
Rejecting mail based on destination MX records
I've seen an increased number of issues with some domains that use fakemx.net to deny mail and am looking for some advice on how to best reject email for domains that only have one MX record that points to fakemx.net servers. While I question the effectiveness, I have no problem with someone trying to detect bad mail senders. Unfortunately, my server finds itself trying to do legit business and being "seen" by fakemx.net and having messages back up in my queue and continually retry doesn't make me happy. I'd like to immediately reject mail for all destinations with ONLY a fakemx.net record. While I could block these as I find them, I'd prefer to detect it if possible. One such: hitmail.com mail is handled by 0 mx.fakemx.net. My thought is to use the transports mechanism and BOUNCE the message... I could scrape the logs and update transports with something like: *.example.com error <http://www.postfix.org/error.8.html>:mail not deliverable (only destination is fakemx.net)* but as we know, over time systems get fixed. I'd prefer to do this detection on the fly as part of the delivery attempt. Can someone provide a suggestion on how to best accomplish this? Thanks jon
information on setting up another mail domain
I need to configure a existing mail server to accept mail for another domain until their server is replaced. I'm currently using postfix-2.2.9-10.18, which I know is old. Is it necessary to update the postfix first? Thanks Jon L Miller m (intl):+61 0412 126 166 m (aus): 0412 126 166
Re: information on setting up another mail domain
Yea, I hear ya on the historian, but you know clients "if it's not broken dont fix it" I'm wondering how much of a nightmare it would be to upgrade from this version to the latest and if there are any gotcha I need to be aware of? Jon -- From: "Wietse Venema" Sent: Tuesday, September 25, 2012 7:46 PM To: "Postfix users" Subject: Re: information on setting up another mail domain Jon Miller: I need to configure a existing mail server to accept mail for another domain until their server is replaced. I'm currently using postfix-2.2.9-10.18, which I know is old. Is it necessary to update the postfix first? No, but you might need a historian to answer your questions :-) Although Postfix documentation maintains an accurate record of when features appeared, for clarity's sake many solutions are written in terms of the current feature set. I suggest you look into virtual mailbox domains, using Dovecot as the delivery agent and POP/IMAP server. /etc/postfix/main.cf: virtual_transport = lmtp:host:port or lmtp:unix:/path/name virtual_mailbox_domains = the domain name virtual_mailbox_maps = the table with valid recipients in that domain; Postfix will ignore the lookup result value See also: http://www.postfix.org/VIRTUAL_README.html Wietse
Postscreen & Google Apps
Today, a Google Apps user sent a message with two recipients to us, one with TO and other a CC internal mailing list. Naturally, Google treated each as an independent message. Over the course of an hour or so, because Google attempted to deliver the messages using different outgoing hosts, postscreen rejected the message(s) ~20 times, with a service unavailable, as we'd expect and normally want. Eventually, the TO recipient received the email where the distribution list recipients hadn't yet... that message is still in some queue at Google, and continues to be tried with different outgoing addresses. Unfortunately, the TO recipient has since replied to all recipients. Management(TM) saw the CC'ed reply, but hadn't gotten the original message. This has caused some concern. How have others dealt with this type of situation? The only solution I can see would involve identifying the google MX IP range and white-listing those hosts. This has two undesired side effects: 1st it's on me to find the hosts,and 2nd we should expect this for other services using a huge pool of boxes. If I understand things correctly, this is too early in the process to permit based on sender's name, nor would that necessarily be good for stuff from "google" in general. The second thought I have is that the postscreen expiration should probably be made longer lest we go through this over and over again. Comments/Thoughts/Suggestions?
Re: Postscreen & Google Apps
On Wed, Jan 23, 2013 at 6:24 PM, Noel Jones wrote: > On 1/23/2013 4:33 PM, Jon A. wrote: > > Today, a Google Apps user sent a message with two recipients to us, > > one with TO and other a CC internal mailing list. Naturally, Google > > treated each as an independent message. > > > > Over the course of an hour or so, because Google attempted to > > deliver the messages using different outgoing hosts, postscreen > > rejected the message(s) ~20 times, with a service unavailable, as > > we'd expect and normally want. > > > ... > > Comments/Thoughts/Suggestions? > > > I think the usual way is to use postscreen in non-blocking mode for > a couple weeks to build up the temporary whitelist. > > *smack* Thanks, that would do it. I initially ran my configuration in test mode on some boxes, then unified the configuration when I cut everything over to production. Which meant I left that whitelist data behind. I've since moved back to building cache. Of course, as we'd expect, the original message eventually came in. > The default cache time for successful after-220 tests is 30 days; > that's probably sufficient for the majority. A very low volume > server might need to cache longer. The DNS blocklist test will only > cache for 1 hour, but that won't tempfail mail and shouldn't need to > be changed. > > If you want to proactively whitelist google's servers, they publish > SPF records so you don't have to spend much effort hunting them > down. The postscreen access list is IP-only and can't use client or > sender domain names. And you've already added a bunch of their > servers to your cache. > > Indeed, after I posted I did grab the spf records for the biggie email providers and added them to the already-configured-in-case whitelist. [Thanks Wietse for always building in exception mechanisms] However your email has convinced me this need was really a temporary measure. The idea of chasing SPF changes from the laundry list of providers for the normal case just doesn't scale. I don't bother with trying to whitelist big senders, and I don't > think many other folks do either. The big senders usually end up in > the the cache by themselves pretty quickly, and the > once-every-30-days refresh isn't particularly intrusive. You just > got caught in a situation where an important mail came through > before the whitelist had a chance to populate. > > > > > Management(TM) saw the CC'ed reply, but hadn't gotten the original > message. This has caused some concern. > > > I probably repeat once a week to folks around here something like: > "The mail protocol standards are heavily weighted towards not losing > mail rather than instant delivery, and sometimes mail is unavoidably > delayed. Much of this is outside our control. Either the delayed > message will eventually arrive, or the sender will get a notice that > it was not delivered." > > > If you don't mind, I may very well quote ya. Thanks for a well thought out response Noel! You gave me my first d'oh moment of the week.
Re: relay_recipient_maps and transport_maps
Excellent, thanks very much for the advice Noel. In particular, glad to hear wildcard entries won't open me up to accepting more than desired! I'll split up transport and implement as you suggest ;) I am trying hard to avoid makefiles for my pretty static configurations, but I'll keep that in mind if the box configurations start differing too much. On Wed, Mar 20, 2013 at 2:17 PM, Noel Jones wrote: > On 3/20/2013 1:05 PM, Jon A. wrote: > > I've a number of "nobody" type aliases that I map in transport_maps > > to the discard service. Our incoming MX boxes also reject mail > > based on the valid userlist from our internal mail server. > > > > It would appear that the relay_recipient_maps is applied before > > transport, thus anything listed in transport that isn't also in > > relay_recipients_maps bounces. > > > > The obvious solution would be to add the various "nobody" users to > > the recipient table, however that's generated off box and moved > > over/rebuilt via remote ssh cron job. I'd have to maintain the > > transport list in two places for that box to push the complete list > > to all our incoming mx servers. > > > > My second thought is to maintain two relay_recipient_maps table > > entries, something like: > > > > relay_recipient_maps = hash:/etc/postfix/primary_mail_recipients, > > hash:/etc/postfix/transport > > > > As the documentation indicates it only cares if a recipient lookup > > succeeds (and not the return value), is it reasonable to expect I > > could just use the transport_maps file both cases without issue? > > Right now transport is pretty simple but the documentation in the > > transports file indicates wildcards are possible. Would this be a > > bad choice to implement not knowing what may ultimately end up in > > this file in the future? > > > > Are there other best practices that better solve this problem? > > > You can reuse a transport map as a relay_recipients_map, but better > to name it something else so you don't accidentally add eg. a > hotmail transport and become an open relay. > > ## main.cf > > transport_maps = > # in your case, the transport file might be empty > # but "postmap transport" it anyway. > hash:/etc/postfix/transport, > # relay_transport contains relay recipients > hash:/etc/postfix/relay_transport > > relay_recipients_maps = > hash:/etc/postfix/primary_mail_recipients, > hash:/etc/postfix/relay_transport > > An alternative is to use a simple Makefile to build both files from > a common list of names. Google has examples. > > > > -- Noel Jones >
DNS and access maps
In access(5), the documentation says (in regard to HOST NAME/ADDRESS PATTERNS): domain.tld Matches domain.tld. However it fails to indicate what this actually *means*. This seems to be a bit of a documentation failure. Which one of the following is it? (a) Match an IP address whose reverse DNS matches 'domain.tld'. (b) (a), with a subsequent forward-lookup to check it isn't a fake reverse DNS entry. (c) Match an IP address which is listed as one of the results for an A-record lookup of 'doman.tld'. (d) Something else. I have a situation where I have a DNS record 'foo.example.com', which resolves to multiple A records. I want to allow mail transactions if and only if the incoming connection is from one of those IP addresses. Is this possible with Postfix, and if so, how?
Re: DNS and access maps
On Thu, Oct 16, 2008 at 04:39:58PM +0200, mouss wrote: > > (a) Match an IP address whose reverse DNS matches 'domain.tld'. > > This can't be trusted. nobody can use this for access control. Indeed. > > (c) Match an IP address which is listed as one of the results for an > > A-record lookup of 'doman.tld'. > > You can exclude this by yourself: if I use a pcre (or regexp) map, would > postfix try all possible strings that matchall the regular expressions, > do a DNS lookup until it finds a match??? That argument doesn't follow. This isn't a pcre map, it's a DNS map. > "matches domain.tld", means that the rDNS matches this. and rDNS is only > used if it is "forward confirmed". Thanks. > choice 1: give all the IPs the same rDNS. > choice 2: give each an rDNS in a specific subdomain It's not under my control, unfortunately I can't do this. It appears Postfix is inferior to Exim here :-( > choice 3: use a script to generate a cidr map from the zone file, and > run the script whenever the zone file is updated. I suppose I'll have to hack something together, yes. Thanks for your reply.
Re: DNS and access maps
On Thu, Oct 16, 2008 at 10:45:53AM -0400, Wietse Venema wrote: > DESCRIPTION >This document describes access control on remote SMTP client informa- >tion: host names, network addresses, and envelope sender or recipient >addresses; it is implemented by the Postfix SMTP server. > > Thus, it takes Postfix's idea of the client host name and compares > that name against the string "domain.tld". That can't be the whole story though, because the map can also check by IP address. I assumed the map did the DNS lookup itself; perhaps this isn't true and instead smtpd calls the map twice, once with the DNS name and once with the IP address? Thanks for your response.
Re: DNS and access maps
On Thu, Oct 16, 2008 at 05:16:59PM +0200, mouss wrote: > >> You can exclude this by yourself: if I use a pcre (or regexp) map, would > >> postfix try all possible strings that matchall the regular expressions, > >> do a DNS lookup until it finds a match??? > > > > That argument doesn't follow. This isn't a pcre map, it's a DNS map. > > what is a DNS map? There is no such thing in postfix. Whether or not that's true doesn't appear to be documented, and was in fact pretty much the point of my question. Your argument is circular. > > It's not under my control, unfortunately I can't do this. > > It appears Postfix is inferior to Exim here :-( > > Then use exim. Thank you for that very helpful advice. No, wait... it wasn't heplful at all. Never mind. > > I suppose I'll have to hack something together, yes. > > Choice 4: use a policy server or a milter. Then you can implement > whatever checks you want. Yes, that's what I said.
rejection of backup MX mail
Not sure how to ask this but ... My DNS provider also acts as my backup MX provider. A lot of mail that would be rejected by the primary mail server is accepted by the backup provider and gets through the primary server because the real source is not checked. Is there a way to inspect mail received via the backup MX provider differently than other mail? -- Jon H. LaBadie j...@labadie.us 154 Milkweed Dr (540) 868-8052 (H) Lake Frederick, VA 22630(703) 935-6720 (M)
"relayhost configuration problem" / "unable to look up host" when I can, in fact, look up the host
I'm using postfix 3.4.14-0+deb10u1 as the MTA on my Debian machine, with disable_dns_lookups = yes relayhost [mail.sonic.net]:587 This has worked fine for many years until on 12/3, without any changes in my local OS / postfix configuration, it started failing to deliver mail to the relayhost - which I only found out about 5 days later when the default maximal_queue_lifetime expired. The only meaningful messages in the mail logs were Dec 10 00:01:58 celly postfix/smtp[21050]: warning: relayhost configuration problem Dec 10 00:01:58 celly postfix/smtp[21050]: send attr reason = unable to look up host mail.sonic.net: Name or service not known I cranked the debug level in master.cf up to 3 '-v's resulting in lots of log messages, but no more details of *why* it was "unable to look up". I can nslookup, dig (either A or MX records), telnet to port 587, etc. on mail.sonic.net, so it's not a general system DNS issue. The postfix FAQ sort of touches on this scenario in FAQs 52 and 53, but about all I can make of that is that it might be running in a chroot without the right resolv.conf or other resource to do a name lookup. If that's true, any ideas on how I can figure out where the chroot is? And why this behavior would have suddenly started happening, without any changes in my local configuration (that I initiated, at least, and I don't have any auto-updates configured)? Finally, is there any way to crank postfix's verbosity up to a level where it would actually explain why and/or where it's getting these errors? It would be nice if it would tell me something about *why* there is a "relayhost configuration problem", in particular. I also have a query in to Sonic as to whether anything might have changed on their end - they are Linux-friendly, and even the front-line support people tend to be clueful. Thanks, Jon Leech oddh...@sonic.net
Re: "relayhost configuration problem" / "unable to look up host" when I can, in fact, look up the host
On Thu, Dec 10, 2020 at 02:56:17PM -0500, Viktor Dukhovni wrote: > On Thu, Dec 10, 2020 at 05:33:46AM -0800, Jon Leech wrote: > > > The only meaningful messages in the mail logs were > > > > Dec 10 00:01:58 celly postfix/smtp[21050]: warning: relayhost configuration > > problem > > Dec 10 00:01:58 celly postfix/smtp[21050]: send attr reason = unable to > > look up host mail.sonic.net: Name or service not known > > Is the "smtp" transport using "chroot" in master.cf? It is. > > I can nslookup, dig (either A or MX records), telnet to port > > 587, etc. on mail.sonic.net, so it's not a general system DNS issue. > > Are your tests performed as "root" or as an unprivileged user? As an unprivileged user. > The chroot is always the Postfix queue directory, typically > /var/spool/postfix. And its use is specified in the "chroot" column of > the master.cf service definition. Aha, it is. NetworkManager thoughtfully erased everything from /var/spool/postfix/etc/resolv.conf shortly before these problems began, which almost certainly explains the problem. I despise NM. > A Debian update? No. But IIRC, Comcast went down for a while and I switched to tethering via my phone for data around that time, and did have to restore /etc/resolv.conf. I had no idea about the chroot resolv.conf. Thanks very much! Jon P.S. I despise NM.
removing SASL Authentication
When I first set up my home mail server I mashed several "postfix recipies" to get my working system. Not knowing why, this line made it into main.cf. smtpd_relay_restrictions = \ permit_mynetworks, permit_sasl_authenticated I have no need to relay mail from anywhere except my own network and I don't authenticate for that. I do get 500-1000 daily attempts to relay but because I never set up an SASL Authentication Server, none can ever authenticate. I'd like to get rid of the "permit_sasl_authenticated" setting, perhaps rejecting relay attempts earlier. But I'm hesitant that I may be creating a relay server due to other settings. Another current setting that may be pertinent is smtpd_sender_restrictions = permit_mynetworks \ reject_non_fqdn_sender reject_unknown_sender_domain Suggestions or advice on getting rid of the SASL settings, still allowing relay from my private network, yet not an open relay? Thanks, Jon
Skip AV scan for outbound email
I collect spam emails and submit them in batches to a group that works to reduce spam. I'm running the combination of postfix, amavisd-new, clamav, and spamassassin. Some of the batches of spam contain viruses and when amavisd scans them my submission is blocked and quarantined. Is there a way to do any of the following? a) eliminate the amavisd or clamav scan for mail addressed to a specific recipient or from a specific sender b) eliminate the clamav scan for all outbound traffic c) eliminate the amavisd scan for all outbound traffic but keeping it active for inbound messages Thanks, Jon -- Jon H. LaBadie j...@jgcomp.com 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C)
Re: Skip AV scan for outbound email
On Tue, Oct 03, 2017 at 03:21:13PM -0500, Noel Jones wrote: > On 10/3/2017 2:12 PM, Jon LaBadie wrote: > > I collect spam emails and submit them in batches to > > a group that works to reduce spam. I'm running the > > combination of postfix, amavisd-new, clamav, and > > spamassassin. Some of the batches of spam contain > > viruses and when amavisd scans them my submission > > is blocked and quarantined. Is there a way to do > > any of the following? > > > > a) eliminate the amavisd or clamav scan for mail > > addressed to a specific recipient or from a > > specific sender > > > > b) eliminate the clamav scan for all outbound > > traffic > > > > c) eliminate the amavisd scan for all outbound > > traffic but keeping it active for inbound > > messages > > > > Thanks, > > Jon > > > > > If your batch is already on the server, the simplest way is to > submit your spam/virus batch to the postfix reinjection port, > bypassing amavisd completely. Use a command line SMTP tool such as > mini_sendmail to send the mail to -p 10025 or whatever port you use. > Thank you Noel, nice approach. I am already using mutt in a script to send the batches as attachments. It uses a customized muttrc file and all I had to do was add set smtp_url=smtp://127.0.0.1:10025 Jon -- Jon H. LaBadie jlaba...@acm.org 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C)
how to check email delivered via MX backup host
When I try to block spam from repeaters, via access.db, firewall, ... the first thing that happens is the blocked mail gets delivered via my MX backup host. Mail received by this route does not seem to be checked against the access database. Is there something I'm not turning on to enable checks of mail received via the MX backup host? Jon -- Jon H. LaBadie jlaba...@acm.org 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C)
Re: how to check email delivered via MX backup host
On Sun, Mar 31, 2019 at 06:59:40AM +, Dominic Raferd wrote: > On Sun, 31 Mar 2019 at 07:40, Jon LaBadie wrote: > > > When I try to block spam from repeaters, via access.db, > > firewall, ... the first thing that happens is the blocked > > mail gets delivered via my MX backup host. Mail received > > by this route does not seem to be checked against the > > access database. > > > > Is there something I'm not turning on to enable checks > > of mail received via the MX backup host? > > > > I presume the MX backup host is a third party service not under your full > control? Correct. And I have no input to its administration. > > Does the MX backup host deliver to your primary host, and if so does it do > so with authenticated access? Delivers to my primary host, but NOT authenticated access. > > If the answer to both questions is yes, I suspect that your primary host is > not applying the same anti-spam tests to connections with authenticated > access as it applies to non-authenticated. This is a common set up but in > your case it allows spam accepted by the MX backup host to reach your > mailboxes because they bypass the checks on your primary host. If so, I > suggest you change the settings on your primary host to apply the same > tests to authenticated as to non-authenticated clients. Embarrassed to say, I set it up from a "recipie" which included authentication. But I never set up any authentication method(s). Thus I "advertise" authentication and I guess forwarding, but no one ever succeeds. Generates lots of log messages ;) > > A better solution, but maybe not possible for you, would be to have your MX > backup host apply the same anti-spam tests as your primary. Would that I could :( Thanks for the input. Jon -- Jon H. LaBadie jlaba...@acm.org 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C)
Re: smtp relay server security
On 6/3/19 10:31 AM, Matus UHLAR - fantomas wrote: > >>> For the moment we have a rule that only allow mail from exchange server >>> adres to postfix (relay server), >> >> show us. >> >> # mynetworks = xxx.xxx.xxx.xxx/32, 127.0.0.1/32 >> smtpd_recipient_restrictions = >> permit_mynetworks,reject_unauth_destination > > this should be fine > > >> # thing is it is secure because postfix accept only mail from exchange >> # server, but when you get access to the exchange server, or spoof >> the ip >> # adress of the exchange server you can send mails. How can i block >> this? > > if either your postfix or your exchange server is in network where > spoofing > can happen, move them away. > >>> So I know I can use these but we are not used of working with this. >>> >>> Can we setup another way of authentication? >> While I agree entirely with Matus that if untrusted people can access your Exchange server, or steal its IP address on your network, you have larger issues that postfix will not be fixing, I will point out that could improve things a bit with careful use of TLS. See http://www.postfix.org/TLS_README.html#server_vrfy_client for details. You should be able to configure things to allow access only from the Exchange server and the certificate you configure on it. That is until those untrusted people rummage around and steal the cert off of the Exchange server. --Jon Radel Network Infrastructure Lead Folio Financial, Inc. 8180 Greensboro Drive, 8th Floor McLean, VA 22102 (T) 703-245-4844 (M) 703-861-5128 (E) rad...@foliofinancial.com www.folioinvesting.com Please do not use e-mail to transmit orders for securities or for other time-sensitive messages. Securities products and services are offered through Folio Investments, Inc. and are subject to investment risk, including the possible loss of principal. Member FINRA/SIPC. Folio Investments, Inc. and First Affirmative Financial Network, LLC are affiliates. This e-mail message and any files transmitted with it are confidential, intended only for the person(s) to whom this e-mail message is addressed. If you have received this e-mail message in error, please notify the sender immediately by telephone or e-mail and destroy the original message without making a copy. This e-mail is subject to review, retrieval, archiving and disclosure by Folio to third parties.
Re: Postfix audit
On 6/12/19 8:51 AM, Rafael Azevedo wrote: > We're being requested to give the detailed messages between the > servers to validate the message delivery. And it's allowable to have the MTA on one side do the data collection? If I were your auditor, I'd know that it would be almost impossible for you to demonstrate that any data subverted by the MTA was subverted strictly after the audit data was collected. If this is a serious requirement, I'd be looking at RMON probes on all network connections on the MTA hardware, with data analyzed by something that has no commonality with the postfix codebase. Luckily I'm not your auditor, have no idea what standards you're trying to meet, and so YMMV. --Jon Radel Network Infrastructure Lead Folio Financial, Inc. 8180 Greensboro Drive, 8th Floor McLean, VA 22102 (T) 703-245-4844 (M) 703-861-5128 (E) rad...@foliofinancial.com www.folioinvesting.com Please do not use e-mail to transmit orders for securities or for other time-sensitive messages. Securities products and services are offered through Folio Investments, Inc. and are subject to investment risk, including the possible loss of principal. Member FINRA/SIPC. Folio Investments, Inc. and First Affirmative Financial Network, LLC are affiliates. This e-mail message and any files transmitted with it are confidential, intended only for the person(s) to whom this e-mail message is addressed. If you have received this e-mail message in error, please notify the sender immediately by telephone or e-mail and destroy the original message without making a copy. This e-mail is subject to review, retrieval, archiving and disclosure by Folio to third parties.
Re: authenticate o365 users with postfix without smtp auth
> On Jun 16, 2019, at 6:38 PM, Bill Cole > wrote: > >> On 16 Jun 2019, at 16:27, @lbutlr wrote: >> >> On 16 Jun2019, at 12:05, Bill Cole >> wrote: > [...] >> >>> As the OP says, they support an outbound "smarthost" connector, >> >> >> Not a term I’ve heard before. > > The term "smarthost" dates from the days when it was fairly common for > some hosts to know more about how to route email than others, the days > I believe the term “connector” is a Microsoftism and best I can explain it is that it’s a collection of abstractions of various types for connecting email systems. I use some for sending trusted email from on premise Postfix servers to several O365 accounts. I specify the source IP addresses, or the CN of the TLS cert I’m using, in the connector configuration, and a number of capacity controls, filtering for spoofed return addresses, etc. no longer apply. I’ll note that MS appears fairly serious about depreciating anything other than TLS 1.2 with “real” certs and I validate their cert and have them validate mine. Of course, my email is flowing in the opposite direction of the OP’s. —Jon Radel Please do not use e-mail to transmit orders for securities or for other time-sensitive messages. Securities products and services are offered through Folio Investments, Inc. and are subject to investment risk, including the possible loss of principal. Member FINRA/SIPC. Folio Investments, Inc. and First Affirmative Financial Network, LLC are affiliates. This e-mail message and any files transmitted with it are confidential, intended only for the person(s) to whom this e-mail message is addressed. If you have received this e-mail message in error, please notify the sender immediately by telephone or e-mail and destroy the original message without making a copy. This e-mail is subject to review, retrieval, archiving and disclosure by Folio to third parties.
content and spam blocking
Now that I've finally got my Postfix system working, I would like to know what restrictions I can use to block Spam, Malware and do some content filtering. Also is there an order that these have to be applied? Regards Jon
content filtering and spam, malware blocking
Now that I've finally got my Postfix system working, I would like to know what restrictions I can use to block Spam, Malware and do some content filtering. Also is there an order that these have to be applied? Jon
log message
I'm seeing the following message in my log files, had a search on google and could not come up with anything. postfix/postsuper[4932]: warning: bogus file name: hold/razor-agent.log Can anyone shine some light on the subject? Thanks, Jon
configuring amavisd-new
I'm just beginning to configure amavisd-new to postfix with clamd. Since I've never done it before I would like to ask a few questions of the group. The setup is a simple postfix server serving up to 5 users running on a SuSE Linux Entreprise Server v11 at the moment. In the documentation it states to install amavisd on a dedicated SMTP-server for message reinjection I have to add some commands to the master.cf file. I noticed that some of the commands in this file are the same as the commands in the main.cf file. Is that the way it's supposed to be setup or are the commands supposed to be setup in one or the other file but not both. # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == ... 127.0.0.1:10025 inet n- n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,n o_milters -o local_header_rewrite_clients=
location of filter
Is it standard practice to have the filter: permit_my _networks at the top of a listing? Also having the filter permit at the bottom what is the reason and the difference between the two filters. Jon
Spam mail coming in
I'm getting a variety of spam mail form certain places that seems to be
repeating itself and would like to know what is the best way to blacklist
these or block them.
mmtlnx:~ # postconf -n
alias_maps = hash:/etc/aliases
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
default_rbl_reply = $rbl_code SPAM; $rbl_class [$rbl_what] blocked using
$rbl_domain${rbl_reason?; $rbl_reason} - Phone +61 412 126 166 if you
believe this to be in error.
defer_transports =
disable_mime_output_conversion = no
home_mailbox = Maildir/
html_directory = /usr/share/doc/packages/postfix/html
inet_interfaces = all
inet_protocols = all
local_recipient_maps = hash:/etc/postfix/local_user_map
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains = zen.spamhaus.org
maps_rbl_reject_code = 550
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 20024
mydestination = $myhostname, mail.mmtnetworks.com.au, mmtnetworks.com.au,
mail, localhost.localdomain, localhost, jlorenzo.com.au
mydomain = mmtnetworks.com.au
myhostname = mmtlnx.mmtnetworks.com.au
mynetworks = 192.168.2.0/24, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relay_domains = mmtnetworks.com.au mail.mmtnetworks.com.au jlorenzo.com.au
mail.jlorenzo.com.au
relayhost =
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_use_tls = no
smtpd_client_restrictions = permit_mynetworks, reject_maps_rbl
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
hash:/etc/postfix/helo_access, reject_non_fqdn_hostname,
reject_invalid_hostname, permit
smtpd_recipient_restrictions = reject_unauth_pipelining,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
check_recipient_access hash:/etc/postfix/sender_access,
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination,
check_recipient_access hash:/etc/postfix/recipient_access,
reject_rbl_client, relay.ordb.org, reject_rhsbl_sender dsn.rfc-ignorant.org,
reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org,
reject_rbl_client sbl-xbl.spamhaus.org, permit
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = permit_sasl_authenticated,
hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender,
reject_unknown_sender_domain, permit
smtpd_use_tls = no
strict_8bitmime = no
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
rbl sites
Is there a preferred list of rbl sites one can use in postfix. I keep getting the following on the following: warning: 21.27.134.89.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=21.27.134.89.zen.spamhaus.org type=A: Host not found, try again Feb 19 14:45:44 mmtlnx postfix/smtpd[31220]: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead Feb 19 14:45:45 mmtlnx postfix/smtpd[31221]: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead Feb 19 14:45:45 mmtlnx postfix/smtpd[31221]: warning: 18.101.3.83.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=18.101.3.83.zen.spamhaus.org type=A: Host not found, try again
error with a single user
I'm getting a return error message when I try to send an email to a particular user: Reporting-MTA: dns; mail.domain.com.au X-Postfix-Queue-ID: B371FF687 X-Postfix-Sender: rfc822; jlmil...@mmtnetworks.com.au Arrival-Date: Mon, 29 Nov 2010 17:26:33 +0800 (WST) Final-Recipient: rfc822; kathy.lamp...@domain.com.au Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; mail for 192.168.5.201 loops back to myself Does anyone know how to rectify the error? I have the user listed in the following db's linux-gw1:/etc/postfix # grep kathy * local_user_map:kathy.lamp...@domain.com.au kathy Binary file local_user_map.db matches virtual:kathy.lampard@@domain.com.aukathy Binary file virtual.db matches virtual_mailbox_recipients:kathy.lamp...@domain.com.au kathy Binary file virtual_mailbox_recipients.db matches Jon L Miller MMT Networks Pty Ltd e: jlmil...@mmtnetworks.com.au p: +618 9375 6597 m: +61 412 126 166 Disclaimer This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
NOQUEUE: reject: RCPT from unknown
I'm seeing a lot of these messages in my logs and would like to know what this is about. Ex: NOQUEUE: reject: RCPT from unknown[203.153.242.20]: 450 4.1.1 : Recipient address rejected: User unknown in local recipient table; from= to= proto=ESMTP helo= As I happen to know the users at pcp.org.au the user yvonne does not have an address, so she wouldn't be in the local recipient table. What I want to know is why it states "RCPT from unknown[203.153.242.20]" when the ip address is the mail server. I would have guessed that the domain name would be between the [ ]. I've seen this regarding other users and these users are vaild user and the mail does not get through. Ex: Sep 30 21:31:37 mail postfix/smtpd[1242]: NOQUEUE: reject: RCPT from unknown[203.153.242.20]: 554 5.7.1 : Relay access denied; from=<> to= proto=ESMTP helo= Sep 30 21:31:37 mail postfix/smtpd[1242]: disconnect from unknown[203.153.242.20] This user is trying to send mail to a user on another domain that we look after. It's stating relay access denied, the domain this mail is trying to get to is in the transport map and the relay_domain command in main.cf Could really need some help and understanding on this. -- Regards, - Jon L. Miller MCNE CNE CCNA East Perth, WA 6004 WA, Australia
[pfx] Future Date:
I've been getting a lot of spam with Date: headers containing future dates, typically 1 year. I don't find any header checks that would look for this type of message. Have I over looked it? In the meantime I've implemented a script and procmail rule to examine my messages. But that is post-delivery and per-user. Jon ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] smtp auth on port 25
Hello, I have disabled port 587/465 to be accessed publicly. but port 25 must be open to internet for MTA communications. My question is, can external users access port 25 for smtp auth and send mail then? Thanks. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: smtp auth on port 25
> > > On August 15, 2023 2:15:21 AM GMT+02:00, Jon Smart via Postfix-users > wrote: >>Hello, >> >>I have disabled port 587/465 to be accessed publicly. >> >>but port 25 must be open to internet for MTA communications. >> >>My question is, can external users access port 25 for smtp auth and send >>mail then? > Not if you disable auth on port 25, which you should. How can I disable auth on port 25? I really don't want users to use port 25 for auth sender. i am using postfix version 3.6.4 on ubuntu 22.04. Thanks. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: smtp auth on port 25
> Jon Smart via Postfix-users skrev den 2023-08-16 04:01: > >> How can I disable auth on port 25? I really don't want users to use >> port >> 25 for auth sender. i am using postfix version 3.6.4 on ubuntu 22.04. > > its default disabled, no ? > > unsure give us "postconf -n | grep auth" > Hello, here is my output, $ sudo postconf -n |grep smtpd_sasl_auth smtpd_sasl_auth_enable = yes my question is, if I disable smtpd_sasl_auth in configuration, does it influence the auth on ports 587 and 465? I just don't want sasl auth happened on port 25 (MTA port). Thanks. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
