Re: Short term DNS issue causing Postfix to queue messages
On Wed, Oct 19, 2022 at 4:12 PM Eric Wilkison wrote: Are there configuration options that will > a) adjust the number of DNS failures before postfix starts deferring the > messages > b) adjust the timeout before postfix stops queueing messages Take a look at minimal_backoff_time and queue_run_delay they may help ameliorate the issue. 300 seconds is a default for many of the main.cf parameters, searching http://www.postfix.org/postconf.5.html for 300s will find them all for you. Of course, as you mentioned, fixing the DNS is the best course.
lost connections
We're getting many lost connections from our new phone systems voicemail to email service. The actual voicemails and other emails send OK but we also see constant hits anywhere from every minute to 8 minutes on the mail server from the phone system that are lost connections. The phone system is an NEC SV9100. Sender and Postfix are on the same local vlan. A snippet from the logs: === Sep 11 09:41:46 example00 postfix/smtpd[10259]: connect from sv9100.example.com[10.6.600.11] Sep 11 09:41:46 example00 postfix/smtpd[10259]: 8AF0A403E24: client=sv9100.example.com[10.6.600.11] Sep 11 09:41:46 example00 postfix/cleanup[10262]: 8AF0A403E24: message-id=<> Sep 11 09:42:03 example00 postfix/smtpd[10259]: lost connection after DATA (66836 bytes) from sv9100.example.com[10.6.600.11] Sep 11 09:42:03 example00 postfix/smtpd[10259]: disconnect from sv9100.example.com[10.6.600.11] helo=1 mail=1 rcpt=1 data=0/1 commands=3/4 Sep 11 09:43:11 example00 postfix/smtpd[10259]: connect from sv9100.example.com[10.6.600.11] Sep 11 09:43:11 example00 postfix/smtpd[10259]: 519CA403E24: client=sv9100.example.com[10.6.600.11] Sep 11 09:43:11 example00 postfix/cleanup[10262]: 519CA403E24: message-id=<> Sep 11 09:43:28 example00 postfix/smtpd[10259]: lost connection after DATA (66621 bytes) from sv9100.example.com[10.6.600.11] Sep 11 09:43:28 example00 postfix/smtpd[10259]: disconnect from sv9100.example.com[10.6.600.11] helo=1 mail=1 rcpt=1 data=0/1 commands=3/4 Sep 11 09:50:06 example00 postfix/smtpd[10321]: connect from sv9100.example.com[10.6.600.11] Sep 11 09:50:06 example00 postfix/smtpd[10321]: 58CD6403E24: client=sv9100.example.com[10.6.600.11] Sep 11 09:50:06 example00 postfix/cleanup[10324]: 58CD6403E24: message-id=<> Sep 11 09:50:23 example00 postfix/smtpd[10321]: lost connection after DATA (66767 bytes) from sv9100.example.com[10.6.600.11] Sep 11 09:50:23 example00 postfix/smtpd[10321]: disconnect from sv9100.example.com[10.6.600.11] helo=1 mail=1 rcpt=1 data=0/1 commands=3/4 Sep 11 09:50:34 example00 postfix/smtpd[10321]: connect from sv9100.example.com[10.6.600.11] Sep 11 09:50:34 example00 postfix/smtpd[10321]: 4E943403E24: client=sv9100.example.com[10.6.600.11] Sep 11 09:50:34 example00 postfix/cleanup[10324]: 4E943403E24: message-id=<> Sep 11 09:50:52 example00 postfix/smtpd[10321]: lost connection after DATA (66828 bytes) from sv9100.example.com[10.6.600.11] Sep 11 09:50:52 example00 postfix/smtpd[10321]: disconnect from sv9100.example.com[10.6.600.11] helo=1 mail=1 rcpt=1 data=0/1 commands=3/4 === Could this be some configuration in Postfix? Or is it entirely the senders doing? Anything I should be looking at? Thank you, Chris
Re: lost connections
Thank you! I think I found the issue - the new phone system was installed configured on vlan 200, but the smtp settings were copied over from the old system which was on the default vlan 1 so what was happening was that the voicemail system was contacting the smtp server via the vlan 1 address (routed through the gateway) yet the server was also listening on vlan 200, and although the replies from the server seemed to go out on the vlan 1 interface there was some issue, either timing or routing or route confusion. Switching the voicemail system to contact the smtp server directly on vlan 200 seems to have resolved the issue (as usual, time will tell). Chris
Re: Specific DNS server
You could run Postfix in a container (LXC) on the host. It would have it's own IP and it's own resolv.conf.
comma in Display Name
Hello, We have a voicemail system that emails the voice messages to the users. It uses the Caller ID info in the Display Name area of the From: field. A problem occurs when the Caller ID contains a comma which causes the recipients email server to see the post with multiple from addresses and some servers (Google's for one) bounce such posts. Instead of a header such as that we now recieve: From: SMITH,JOHN I've requested the phone techs double quote the Display Name area, ie: From: "SMITH,JOHN" ... but so far they haven't been able to accomplish this. Turning off use of the Caller ID is one resolution but a non-starter as far as management is concerned, it's quite useful. Can this somehow be worked around in Postfix, automatically double-quoting the Display Name area of the From: field? Thank you, Chris
bounced posts go to spam
Hello, I have a simple relay for sending emails from internal scanners and a voicemail system. All works fine except for posts that get bounced as the bounce notifications somehow fail both SPF and DKIM tests. The only (seemingly significant) differences I can find in the headers of normal vs bounced posts from the system are: Normal: Authentication-Results: test17.example.com; spf=pass smtp.mailfrom=u...@example.com Authentication-Results: test17.example.com; dkim=pass (2048-bit key) Bounced: Authentication-Results: test17.example.com; spf=none smtp.helo=smtp.example.com Authentication-Results: test17.example.com; dkim=none The normal mail has: smtp.mailfrom=u...@example.com and the bounced mail has: smtp.helo=smtp.example.com And so it looks like this difference is keeping the bounced notifications from passing SPF and getting processed by OpenDKIM. Suggestions? Thanks! Chris
Re: bounced posts go to spam
> does your simple relay reject the mail, does your server reject the mail > when receiving from the relay, or do remote servers reject the mail from > your simple relay? The remote servers reject, or place in spam, bounced and NDR's from the relay, due to a strict DMARC policy. > Note that "bounce" happens when mail server receives a mail, but is unable > to deliver it, so it constructs a bounce and sends is "back". > > the bounce itself should not trigger SPF (since the envelope from is empty) > nor DKIM > (unless server creating the bounce uses a domain that it can't sign) Apparently internally generated email by Postfix does not go through the milter and therefore does not get signed by OpenDKIM. It also appears to come from a sub-domain, the HELO name, and not just the SLD (in this particular case) which causes it to fail SPF as well (and possibly because of this wouldn't get signed by the milter if it was directed through it).
Re: bounced posts go to spam
> Try setting > > /etc/postfix/main.cf: > internal_mail_filter_classes = bounce > > (this assumes that you have configured "non_smtpd_milters" to invoke > the DKIM signer). > >> It also appears to come from a sub-domain, the HELO name, and not just >> the SLD (in this particular case) which causes it to fail SPF as well > > The sender domain is condigured with myorigin, you need to change > that if you want the domain instead. Hi Wietse, That works in one case but not another. If I attempt to send from a domain whose DMARC policies do not allow sending from this server, the sender will now receive the NDR in the inbox as it (the NDR) meets the SPF/DKIM tests: == Jul 31 10:43:26 eserver postfix/pickup[20439]: F02ED403E25: uid=0 from= Jul 31 10:43:26 eserver postfix/cleanup[20674]: F02ED403E25: message-id=<20180731144326.f02ed403...@smtp.office.example.com> Jul 31 10:43:27 eserver postfix/qmgr[20440]: F02ED403E25: from=, size=465, nrcpt=1 (queue active) Jul 31 10:43:27 eserver postfix/smtp[20676]: F02ED403E25: to=, relay=ASPMX.L.GOOGLE.com[74.125.202.27]:25, delay=0.59, delays=0.07/0.01/0.25/0.27, dsn=5.7.1, status=bounced (host ASPMX.L.GOOGLE.com[74.125.202.27] said: 550-5.7.1 Unauthenticated email from example.net is not accepted due to 550-5.7.1 domain's DMARC policy. Please contact the administrator of 550-5.7.1 example.net domain if this was a legitimate mail. Please visit 550-5.7.1 https://support.google.com/mail/answer/2451690 to learn about the 550 5.7.1 DMARC initiative. x23-v6si1859094ita.142 - gsmtp (in reply to end of DATA command)) Jul 31 10:43:27 eserver postfix/cleanup[20674]: 8A897403E24: message-id=<20180731144327.8a897403...@smtp.office.example.com> Jul 31 10:43:27 eserver postfix/bounce[20677]: F02ED403E25: sender non-delivery notification: 8A897403E24 Jul 31 10:43:27 eserver postfix/qmgr[20440]: 8A897403E24: from=<>, size=3329, nrcpt=1 (queue active) Jul 31 10:43:27 eserver postfix/qmgr[20440]: F02ED403E25: removed Jul 31 10:43:30 eserver postfix/smtp[20676]: 8A897403E24: to=, relay=mail.example.org[185.70.40.101]:25, delay=2.6, delays=0.03/0/1/1.5, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as AD72C92) Jul 31 10:43:30 eserver postfix/qmgr[20440]: 8A897403E24: removed However if I send from a valid user account to an address that causes a bounce (non-existent in this case), the NDR gets rejected by the senders email service: Jul 31 10:17:45 eserver postfix/pickup[19900]: 511AE403E25: uid=0 from= Jul 31 10:17:45 eserver postfix/cleanup[19977]: 511AE403E25: message-id=<20180731141745.511ae403...@smtp.office.example.com> Jul 31 10:17:45 eserver postfix/qmgr[19901]: 511AE403E25: from=, size=523, nrcpt=1 (queue active) Jul 31 10:17:46 eserver postfix/smtp[19978]: 511AE403E25: to=, relay=mail.example.org[185.70.40.101]:25, delay=1.3, dela ys=0.05/0/1/0.17, dsn=5.7.1, status=bounced (host mail.example.org[185.70.40.101] said: 554 5.7.1 : Recipient address rej ected: this address does not exist (in reply to RCPT TO command)) Jul 31 10:17:46 eserver postfix/cleanup[19977]: 88382403E24: message-id=<20180731141746.88382403...@smtp.office.example.com> Jul 31 10:17:46 eserver postfix/bounce[19981]: 511AE403E25: sender non-delivery notification: 88382403E24 Jul 31 10:17:46 eserver postfix/qmgr[19901]: 88382403E24: from=<>, size=3359, nrcpt=1 (queue active)Jul 31 10:17:46 eserver postfix/qmgr[19901]: 511AE403E25: removed Jul 31 10:17:47 eserver postfix/smtp[19978]: 88382403E24: to=, relay=ASPMX.L.GOOGLE.com[74.125.202.27]:25, delay=0.47, delays=0.02/0/0.23/0.22, dsn=5.7.1, status=bounced (host ASPMX.L.GOOGLE.com[74.125.202.27] said: 550-5.7.1 Unauthenticated email from example .com is not accepted due to 550-5.7.1 domain's DMARC policy. Please contact the administrator of 550-5.7.1 example.com domain if this was a le gitimate mail. Please visit 550-5.7.1 https://support.google.com/mail/answer/2451690 to learn about the 550 5.7.1 DMARC initiative. o20-v6si1040 1393iod.272 - gsmtp (in reply to end of DATA command)) Jul 31 10:17:47 eserver postfix/qmgr[19901]: 88382403E24: removed Of course the names have been changed to protect the guilty :-) I don't see why the NDR in the second case should fail DMARC, when it passes in the first case. Chris
Re: bounced posts go to spam
> Apparently, mail.example.org and ASPMX.L.GOOGLE.com enforce DMARC > in different ways. > > Regardless, if the DMARC policy does not authorize host Y to send > mail on behalf of domain $myorigin, then you need to fix the DMARC > policy so that those bounces sent by host Y aren't violating DMARC, > or you need to somehow route those bounces from host Y through a > host that is DMARC-authorized. All normal mail gets delivered just fine. The domain in question (example.com) has an SPF record including the server's (outside) IP address (and proper A and PTR records), and OpenDKIM signs all regular email. Examining the headers of all normal (non-NDR) post receipts show they pass both SPF, and DKIM tests and therefore DMARC as well. Plus the majority of sent posts are to the Google servers (with no issues). It's only the bounces/NDR's that have an issue. Thanks, Chris
Re: 'Linux 5' support in Postfix Stable Release 3.4.1 ?
On Fri, Mar 8, 2019 at 7:27 AM Wietse Venema wrote: > Which distro ships with Linux 5.x kernels? $ uname -r 5.0.0-gentoo
Re: Gave up on my ISP, trying to get GMail to work but get - host smtp.gmail.com[64.233.168.108] said: 530-5.5.1 Authentication Required.
I don't think you can use gmail as a relay host unless Google is handling your domain's mail service (a GSuite account - not @gmail.com addresses). They have instructions for setting this up and the proper relay host once you've done the admin work is "relayhost = smtp-relay.gmail.com:587" (at least this works for me). On Sat, Jun 22, 2019 at 9:58 PM Chris Pollock wrote: > > On Sat, 2019-06-22 at 19:12 -0400, Wietse Venema wrote: > > Chris Pollock: > > > > Checking application/pgp-signature: FAILURE > > -- Start of PGP signed section. > > > In my previous post - "How to tell my ISP there's a problem" I > > > wasn't > > > able to figure out the problem and CenturyLink is no help so I > > > decided > > > to use my GMail account to send my messages from cron. However I've > > > run > > > into a problem that I keep getting the message that's in the > > > subject. > > > I've pasted the complete output of a test run below: > > > > > > https://pastebin.com/fLBqL1e0 > > > > Did you read the message? > > > > Jun 22 17:17:51 localhost postfix/smtp[11023]: C40181000BA2: > > to=, > > relay=smtp.gmail.com[64.233.168.108]:587, delay=0.32, > > delays=0.05/0/0.24/0.03, dsn=5.5.1, status=bounced (host > > smtp.gmail.com[64.233.168.108] said: 530-5.5.1 Authentication > > Required. Learn more at 530 5.5.1 > > https://support.google.com/mail/?p=WantAuthError t30sm2748311otb.50 - > > gsmtp (in reply to MAIL FROM command)) > > > > And the web page in the link says: > > > > Outgoing Mail (SMTP) Server > > smtp.gmail.com <=== good. you use this. > > ...(requires SSL or TLS) <== good. you use this. > > Requires Authentication: Yes <== ERROR YOU ARE NOT DOING > > THIS. > > ... > > Port for TLS/STARTTLS: 587 <=== good. you use this. > > > > Account Name, User name, or Email address > > Your full email address > > > > Password > > Your Gmail password > > > > To configure SASL authentication, put your user name (Your full > > email address) and password (Your Gmail password) in smtp_sasl_passwd > > maps as described in http://www.postfix.org/SASL_README.html > > > > The text in /etc/postfix/sasl_passwd should look like: > > > > smtp.gmail.comYour-full-email-address:Your-Gmail-password > > > > and you should run "postmap hash:/etc/postfix/sasl_passwd" > > before using that file. > > > > Wietse > > I've spent 3hrs going over and over my settings and can't find where > I've got a problem. My /etc/postfix/sasl_passwd file contains: > > smtp.gmail.com:587 chris.pollock1...@gmail.com:* > > I've run postmap hash:/etc/postfix/sasl_passwd and still get the same > authentication error above and each time I run sudo postfix reload. I > know my password is correct because it's the same I use for fetchmail. > I even logged out and back in on my browser to be sure. > > -- > Chris > KeyID 0xE372A7DA98E6705C > 31.11972; -97.90167 (Elev. 1092 ft) > 20:40:08 up 2 days, 2:50, 1 user, load average: 1.69, 1.15, 1.07 > Description:Ubuntu 18.04.2 LTS, kernel 4.18.0-22-generic
Re: Domain cannot be found?
Possibly multiple PTR records causing issue? dig -x 198.241.168.120 +short mail1.payablesautomation.net. cportal3.visa.com. On Wed, Aug 14, 2019 at 11:32 AM @lbutlr wrote: > Aug 14 09:25:41 mail postfix/smtpd[44179]: NOQUEUE: reject: RCPT from > unknown[198.241.168.120]: 550 5.7.25 Client host rejected: cannot find your > hostname, [198.241.168.120]; from=<*munged*@*mybak*> to=< > lbut...@covisp.net> proto=ESMTP helo= > 👹 root@mail # dig cportal3.visa.com +short > [9:27] [/var/log] > 198.241.168.120 > > The help doesn’t match the from, but it is valid. > > And yes, this is a BANK, sigh. > > smtpd_helo_restrictions = reject_invalid_helo_hostname, > reject_non_fqdn_helo_hostname, check_helo_access > pcre:/etc/postfix/helo_checks.pcre permit > > > -- > Nihil est--in vita priore ego imperator Romanus fui. > >
[pfx] Re: Cannot get postfix email to be accepted by pair.com email service.
Looks like a normal reject of a consumer based endpoint (IP address). Pretty common, most major services will reject email from such addressess. When you're using Thunderbird you're most likely authenticating before sending which is not the case with Postfix. On Mon, Sep 18, 2023 at 4:43 PM Mike Bianchi via Postfix-users < postfix-users@postfix.org> wrote: > Thunderbird works with *.mail.pairserver.com connections, inbound and > outbound. > > But using linux mutt(1) to create and send email through postfix does > not work: > ... Client host rejected: Access denied (in reply to RCPT TO > command)) > > Pair cannot tell me what the error is. > Can I get help? I am willing to pay for expertise. > > Witness: > > Sep 18 16:27:36 foveal-12 postfix/qmgr[28154]: 6D00DDE183B: > from=, size=6496, nrcpt=1 (queue active) > Sep 18 16:27:36 foveal-12 postfix/smtp[28177]: B63D9DE1838: > to=, > relay=foveal2.mail.pairserver.com[66.39.24.138]:465, delay=397, > delays=397/0.01/0.09/0.03, dsn=5.7.1, status=bounced (host > foveal2.mail.pairserver.com[66.39.24.138] said: 554 5.7.1 > : Client host > rejected: Access denied (in reply to RCPT TO command)) > Sep 18 16:27:36 foveal-12 postfix/smtp[28179]: 6D00DDE183B: > to=, > relay=foveal2.mail.pairserver.com[66.39.24.138]:465, delay=330, > delays=330/0.02/0.09/0.02, dsn=5.7.1, status=bounced (host > foveal2.mail.pairserver.com[66.39.24.138] said: 554 5.7.1 > : Client host > rejected: Access denied (in reply to RCPT TO command)) > Sep 18 16:27:36 foveal-12 postfix/smtp[28178]: D916ADE1839: > to=, > relay=foveal2.mail.pairserver.com[66.39.24.138]:465, delay=488, > delays=488/0.01/0.09/0.03, dsn=5.7.1, status=bounced (host > foveal2.mail.pairserver.com[66.39.24.138] said: 554 5.7.1 > : Client host > rejected: Access denied (in reply to RCPT TO command)) > Sep 18 16:27:36 foveal-12 postfix/cleanup[28182]: 2F152DE1A1D: > message-id=<20230918202736.2f152de1...@foveal.com> > Sep 18 16:27:36 foveal-12 postfix/bounce[28180]: B63D9DE1838: sender > non-delivery notification: 2F152DE1A1D > Sep 18 16:27:36 foveal-12 postfix/qmgr[28154]: 2F152DE1A1D: from=<>, > size=8605, nrcpt=1 (queue active) > Sep 18 16:27:36 foveal-12 postfix/cleanup[28182]: 2FB4FDE1A1F: > message-id=<20230918202736.2fb4fde1...@foveal.com> > Sep 18 16:27:36 foveal-12 postfix/qmgr[28154]: B63D9DE1838: removed > > -- > -- > Mike Bianchi > mbian...@foveal.com > www.FovealMounts.com > > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org > ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
