[P-U] Postfix lists have migrated to a new list manager
The Postfix mailing list migration should be complete by now, except for some old messages that may still be queued on some mail servers. I'll manually handle any sub/unsubscribe requests that may still arrive at the old address. See below for the pre-migration announcement, with a summary of the most important changes. Wietse This week, the Postfix mailing lists will be migrated from Majordomo at Cloud9.net to Mailman at Sys4.de. Thanks to Cloud9.net for hosting the Postfix lists for 24 years, and thanks to Sys4 for being the new host. This is the pre-migration announcement. If you don't receive a post-migration announcement by the end of Tuesday, then please check your spam filters, sieve rules, etc. Existing list members will be imported into the new list manager. Changes: - Subjects have a very short tag that identifies the mailing list. - A new footer gives a hint for how to get off a mailing list (in addition to the List-Mumble headers that mail readers may not display). - The new envelope sender address is postfix-mumble-boun...@postfix.org for mumble in [announce, devel, users]. - The list server does not add a Sender: header. - The new From: header address is postfix-mum...@postfix.org for mumble in [announce, devel, users]. The original sender address is added as a Reply-To address. - There is a new DKIM signature from the domain postfix.org. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[P-U] Re: Postfix lists are migrating to a new list server
Gerald Galster via Postfix-users: > > >> Out of sheer curiosity ... Mailman 2 or 3? > > > > Mailman 3 with ARC support enabled. Additionally all listmail will be DKIM > > signed. > > Do you plan to enable a public archive at > https://list.sys4.de/hyperkitty/list/postfix-us...@de.postfix.org/ > as an alternative to marc.info, mail-archive.com, ... ? Patrick and I agreed that a local archive was not needed, and I have verified that marc.info and mail-archive.com are receiving the new postings (though marc.info appears to be missing one). Someone should figure out how to delete the archive link from the Postorius web pages. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[P-U] Re: Postfix lists are migrating to a new list server
Gerald Galster via Postfix-users: > The tab "Archiving" under "List Settings" offers "Archive policy": > "Public archives", "Private archives", "Do not archive this list". These settings are mutually exclusive, i.e. the setting "Private archives" turns OFF "Do not archive this list". The correct solution is to "Do not archive this list" and to also turn off hyperkitty. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[P-U] Re: Postfix lists are migrating to a new list server
Michael via Postfix-users: > wietse, > > On Monday, 6 March 2023 17:08:49 CET, Wietse Venema wrote: > > This week, the Postfix mailing lists will be migrated from Majordomo at > > Cloud9.net to Mailman at Sys4.de. > > [...] > > what a coincidence! Let me help remind you that your email address has been out there for a while. Here are some samples from the postfix-users list: From: Michael To: Subject: how does postfix determine hostnames in 'received' header? Date: Tue, 31 Jan 2023 15:51:23 +0100 From: Michael To: Subject: Re: does 'permit_tls_clientcerts' work with self-signed certificates? Date: Wed, 05 Oct 2022 10:08:29 +0200 Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[P-U] Re: New List Host and Reply-to Header
postfix--- via Postfix-users: > Is it the best idea to add a reply-to header to the author on mailing list > emails? > The problem I see is many people will hit reply in their email client which > will create an email from them to the author, bypassing the mailing list. > Unless they remember to manually alter the To: field to keep the conversation > on the list, it wont be. > > Was that the intent? This (same-domain From: header and DKIM signature) is DMARC damage control. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[P-U] Re: milter_header_checks + WARN length limit
Aleksandr Stankevic via Postfix-users: > Hi, > > I've got a milter that, as part of the job, adds an X-Test-Tracking header > with a 76 char length string. > Then, in postfix, i've got a milter_header_checks which uses WARN to log > this to logs, like: > /^X-Test-Tracking/ WARN > I've noticed that it only logs the first 43 chars. > In example the header added is: > X-Test-Tracking: > MTY3ODM4OTcxOS40MDMyMTIzLTAxNWIzMjRlLTdlNWEtNDQ0ZC05MzRhLWVlMDUzZTMxNDgxMA== > And the logs shows it as: > Mar 9 19:21:59 smtp1 postfix/cleanup[3497349]: 4PXfFM2XQYz45TTK: > milter-header-warning: header X-Test-Tracking: > MTY3ODM4OTcxOS40MDMyMTIzLTAxNWIzMjRlLTdlNWE from unknown[127.0.0.1]; > from= to= proto=ESMTP helo=: > > Whereas when i use the WARN method in header_checks it logs the full > header. As this header is added in milter I can't use header_checks. > > I couldn't find any information about differences of WARN / header length > logged in milter_header_checks vs header_checks. > > Is there a way to actually log the full header in this case through postfix? As a matter of principle, Postfix limits the amount of text that it logs, to to prevent trivial resource exhaustion attacks, or attempts to prevent Postfix from logging from= and to= information after a long string. It just so happens that the limit for milter_header_checks content (60) is different from the limit for other header_checks (200). milter_header_checks was implemented in 2006, the other in 1999. Most other logging limits are around 100 bytes or so. I could make both the same 200, but there will always be a limit. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[P-U] Re: New List Host and Reply-to Header
This list uses Mailman configuration settings, not handcrafted code. If people believe that it is worthwhile to change the Mailman implementation or the DMARC spec, then I suggest that they work with the people responsible for that. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[P-U] Re: New List Host and Reply-to Header
Gerald Galster via Postfix-users: > > This list uses Mailman configuration settings, not handcrafted code. > > If people believe that it is worthwhile to change the Mailman > > implementation or the DMARC spec, then I suggest that they work > > with the people responsible for that. > > There is no need for changing implementations, it's already there. > > https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/config/docs/config.html > > > remove_dkim_headers THAT is a global Mailman setting. It cannot be configured on a per-list basis. The postfix lists are hosted on a multi-tenant service, it does not run on its dedicated MTA. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[P-U] Re: The joke writes itself.
Peter via Postfix-users: > On 10/03/23 10:04, Dan Mahoney via Postfix-users wrote: > > I know that P-U stands for postfix users. I get it that a short subject > > tag was desired, but would [postfix] have been that much more distracting, > > without adding the obvious third-grader label that might better be held by > > qmail? > > Indeed, please consider changing it. There are three tags because there are three lists: postfix-users, postfix-devel, and postfix-announce. I am subscribed to several mailing lists that have [uppercase abbreviation] as their tag, and that works well. None of those tags are more than 5 characters long. If I'd change anything I would delete the '-' in the middle of the current tag. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [P-U] Re: The joke writes itself.
Peter via Postfix-users: > I think that [postfix] or [postfix-users] and [postfix-devel] > [postfix-announce] are just fine, but if you want shortened versions, > might I suggest: > > [pf] [pf-dev] [pf-ann] Changed to: [pfx], [pfx-dev], [pfx-ann] Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] The joke writes itself
Wietse Venema via Postfix-users: > Peter via Postfix-users: > > I think that [postfix] or [postfix-users] and [postfix-devel] > > [postfix-announce] are just fine, but if you want shortened versions, > > might I suggest: > > > > [pf] [pf-dev] [pf-ann] > > Changed to: [pfx], [pfx-dev], [pfx-ann] It would be nice if folks could delete the old tag from their follow-up posts. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: milter_header_checks + WARN length limit
Aleksandr Stankevic: > Hi, > > I understand that there's always a limit - this is expected. > But the unexpected part was that the limit is very different on same-ish > functions. > I think making the limit the same for both scenarios would be best - if > either 60 or 200 ( more preferred :P ). Done, in Postfix 3.8. I also updated a similar limit in the smtp header/body checks. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Sender Caninical Condition
SysAdmin EM via Postfix-users: > Good days, request help, is it possible to use conditions in the > sender_canonical file? we are migrating an entire system and some customers > do not have our SPF added. > > I would like to add a condition for you to rewrite the from when it does > not match a condition. > > Example, > > If the from is not domain1.com and domain2.com do a rewrite of the from by > no-re...@mydomain.com. > > Any helps? A regexp or pcre table could do that: /etc/postfix/main.cf: sender_canonical_maps = regexp:/etc/postfix/sender_canonical.regexp /etc/postfix/sender_canonical.regexp: !/@(domain1\.example|domain2\.example)$/ no-reply@mydomain.example Don't forget the '@', '\', and '$'. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: mailman mangling (Was: Re: milter: could it splice (, somehow)?)
Steffen Nurpmeso via Postfix-users: > Steffen Nurpmeso wrote in > <20230311005401.bynjz%stef...@sdaoden.eu>: > ... > |>From [.] This is part of the mbox format, and most likely happens at your end. The Postfix-Mailman interface uses LMTP which requires no such quoting. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: mailman mangling (Was: Re: milter: could it splice (, somehow)?)
Wietse Venema via Postfix-users: > Steffen Nurpmeso via Postfix-users: > > Steffen Nurpmeso wrote in > > <20230311005401.bynjz%stef...@sdaoden.eu>: > > ... > > |>From [.] > > This is part of the mbox format, and most likely happens at your end. > The Postfix-Mailman interface uses LMTP which requires no such quoting. In the local(8) manpage: In the case of UNIX-style mailbox delivery, the local(8) daemon prepends a "From sender time_stamp" envelope header to each message, [...]. prepends a > character to lines beginning with "From ", and appends an empty line. See also: https://en.wikipedia.org/wiki/Mbox Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Integrating a new milter with Postfix
EML via Postfix-users:
> I've written a before-queue milter that I'm trying to integrate with
> Postfix, but there doesn't seem to be any specific documentation on how
> to do this. During development, I ran the milter manually, listening on
> port 7950, with nothing in master.cf, and this in main.cf:
>
> smtpd_milters = inet:localhost:7950
> non_smtpd_milters = $smtpd_milters
>
> This works. For production, I'd like to get Postfix to run the milter,
> so I've added this to master.cf:
>
> 7950 inet n y n 0 - samilter { -p inet:7950@localhost }
>
You can only run POSTFIX programs this way.
Non-Postfix program can be run with the pipe(8) daemon (for transient
programs) and spawn(8) daemon (for persistemt programs).
Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Integrating a new milter with Postfix
Wietse Venema via Postfix-users:
> EML via Postfix-users:
> > I've written a before-queue milter that I'm trying to integrate with
> > Postfix, but there doesn't seem to be any specific documentation on how
> > to do this. During development, I ran the milter manually, listening on
> > port 7950, with nothing in master.cf, and this in main.cf:
> >
> > smtpd_milters = inet:localhost:7950
> > non_smtpd_milters = $smtpd_milters
> >
> > This works. For production, I'd like to get Postfix to run the milter,
> > so I've added this to master.cf:
> >
> > 7950 inet n y n 0 - samilter { -p inet:7950@localhost }
> >
>
> You can only run POSTFIX programs this way.
>
> Non-Postfix program can be run with the pipe(8) daemon (for transient
> programs) and spawn(8) daemon (for persistemt programs).
Actually, both are for running a transient command. This setup is
not suitable for Milters that want to create their own socket, it
is for programs that read from stdin and that write to stdout.
Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: use object storage as message store
Demi Marie Obenour via Postfix-users: > On 3/12/23 01:21, Bill Cole via Postfix-users wrote: > > On 2023-03-12 at 00:03:32 UTC-0500 (Sun, 12 Mar 2023 00:03:32 -0500) > > Phil Stracchino via Postfix-users > > is rumored to have said: > > > >> On 3/11/23 19:04, pyh--- via Postfix-users wrote: > >>> Hello list, > >>> > >>> Is it possible to use an object storage system (like aws's S3) to > >>> store > >>> message files? if this can be implemented we may have a more > >>> persistent > >>> storage for email. AFAIK aws's S3 has three replicas for each file in > >>> their system by default. > >> > >> > >> S3 really isn't intended to be used that way. I'm not sure how you'd > >> make that work and it would probably be a bad idea. > > > > Agreed. > > > > As far as Postfix specifically is concerned (i.e. the queues) S3 would > > be a performance disaster. > > Is this because Postfix is designed assuming that queue access has low > latency, and therefore does not try to hide the latency with asynchronous > operations and batching? Postfix must wait for fsync() to complete (or whatever its Cloud equivalent is), before it can take responsibility for delivery of a message. Only then can the sender delete that message from their mail queue. This waiting introduces latency. Postfix can receive and deliver messages in parallel (default 100 parallel connections), but those transactions compete for access to the mail queue. And there is only one scheduler. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: use object storage as message store
Steffen Nurpmeso via Postfix-users: > Postfix users wrote in > <4pzsd16nkpzj...@spike.porcupine.org>: > ... > |Postfix must wait for fsync() to complete (or whatever its Cloud > |equivalent is), before it can take responsibility for delivery of > > (postfix does not support FULLFSYNC on MacOS.) Indeed. Postfix requires POSIX semantics, not platform-specific stuff. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] PATCH: check_ccert_access fails when table spec contains spaces inside braces
Sean Gallagher via Postfix-users:
> I have been trying to understand why check_ccert_access does not work
> with an inline:{} table and I believe I have uncovered a subtle bug.
>
> My investigation has focused on
> https://github.com/vdukhovni/postfix/blob/master/postfix/src/global/map_search.c
>
>
>
> To cut to the chase, I believe line 161 should call mystrtokq() instead
> of mystrtok().
Thanks for a correct diagnosis. In the patch below, I added a unit
test. There actually was a test for inline{} maps, but that test
covered only a trivial case.
Wietse
--- /var/tmp/postfix-3.8-20230312/src/global/map_search.c 2022-07-19
16:49:47.0 -0400
+++ src/global/map_search.c 2023-03-14 08:53:58.435550969 -0400
@@ -158,7 +158,8 @@
if ((heap_err = extpar(&bp, CHARS_BRACE, EXTPAR_FLAG_STRIP)) != 0) {
msg_warn("malformed map specification: '%s'", heap_err);
MAP_SEARCH_CREATE_RETURN(0);
- } else if ((map_type_name = mystrtok(&bp, CHARS_COMMA_SP)) == 0) {
+ } else if ((map_type_name = mystrtokq(&bp, CHARS_COMMA_SP,
+ CHARS_BRACE)) == 0) {
msg_warn("empty map specification: '%s'", map_spec);
MAP_SEARCH_CREATE_RETURN(0);
}
@@ -308,6 +309,7 @@
{"{type:name {search_order=one, two}}", 1, "type:name", "\01\02"},
{"{type:name {search_order=one, two, bad}}", 0, 0, 0},
{"{inline:{a=b} {search_order=one, two}}", 1, "inline:{a=b}", "\01\02"},
+ {"{inline:{a=b, c=d} {search_order=one, two}}", 1, "inline:{a=b, c=d}",
"\01\02"},
{0},
};
TEST_CASE *test_case;
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: /etc/postfix/access only doamin is blocked
Gerd Hoerst via Postfix-users: > > domain.com DISCARD Spam rule domain block > > .domain.com DISCARD Spam rule domain block > > as is wrote? i tried with both versions , depending on my setting in > parent_domain_matching_subdomains both did not work.. How would we know that you did not make a mistake? Show output from: postconf -n postmap -q domain.com hash:/etc/postfix/access postmap -q .domain.com hash:/etc/postfix/access Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: /etc/postfix/access only doamin is blocked
Gerd Hoerst via Postfix-users: > Hi ! > > in email source text is > > From: Der heutige Gewinner! That is is a header, that not used in SMTPD access maps. Look in your logs for from=. THAT is the address in the SMTP RCPT TO command that ia uaws in SMTPD access maps. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Improper use of SMTP command pipelining
William Bowden via Postfix-users: > I have disabled reject_unauth_pipelining to no avail the server appears to > be one of the big boys server any clues or ideas to allow this through. > Prove it. Show output postconf -n postconf -P Also, Postfix should log this: improper command pipelining after [command nmae]s from [host]:[port]s: [blah] Which might help to diagnose the issue. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Improper use of SMTP command pipelining
Wietse Venema via Postfix-users: > William Bowden via Postfix-users: > > I have disabled reject_unauth_pipelining to no avail the server appears to > > be one of the big boys server any clues or ideas to allow this through. > > > > Prove it. Show output > > postconf -n > postconf -P Perhap this helps: you can't put a #comment after other text. Th '#' must be before other text. Wietse > Also, Postfix should log this: > > improper command pipelining after [command nmae]s from [host]:[port]s: > [blah] > > Which might help to diagnose the issue. > > Wietse > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org > ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Allow TLSv1 only for internal senders
If you must (not necessariy a god idea), your options are:
- Multiple Posifix instances on different IP addresses. Each instance
has its own main.cf and master.cf.
- Single Postfix instance with different smtpd configurations in
master.cf on different server IP addresses, using main.cf only for
common settings.
/etc/postfix.master.cf:
# =
# service type private unpriv chroot wakeup maxproc command
# (yes) (yes) (yes) (never) (100)
# =
# SMTP service for internal clients)
1.2.3.4:smtp inet n - n - - smtpd
-o { parameter = value }
...
# SMTP service for xternal clients
1.2.3.5:smtp inet n - n - - smtpd
-o { parameter = value }
...
This is manageable when the differences ar small.
Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: timeout after END-OF-MESSAGE
Fourhundred Thecat via Postfix-users: > Hello, > > I occasionally see timeout after END-OF-MESSAGE in my logs: > >timeout after END-OF-MESSAGE from mail-lf1-f49.google.com[209.85.167.49] >disconnect from mail-lf1-f49.google.com[209.85.167.49] ehlo=2 > starttls=1 mail=1 rcpt=1 bdat=1 commands=6 > > Is this misbehaving client, or might this be some misconfiguration on my > side? > > I have pasted postconf -n output here: > https://ctxt.io/2/AACQGjeiEQ When asking a timing related question, it would be helpful if you did not delete the timing related onfo from the logs. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: difference between relay and smtp
Gino Ferguson via Postfix-users: > Hi, > > > Can you explain me the practical difference between relay and smtp delivery > on a relay server? Background for what is different: https://www.postfix.org/ADDRESS_CLASS_README.html Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: smtp_tls_security_level per user
postfix--- via Postfix-users:
> smtp_tls_security_level = may/encrypt sets global policy for the
> server. Is there a way to override that on a per user basis when
> delivering mail to another public server? For example if the server
> default is "may" can email being sent from a_select_u...@example.com
> behave as if smtp_tls_security_level = encrypt?
Use sender_dependent_default_transport_maps to choose a delivery
agent from:
/etc/postfix/master.cf:
smtp-may unix .. .. .. .. .. smtp
-o { smtp_tls_security_level = may }
smtp-encrypt unix .. .. .. .. .. smtp
-o { smtp_tls_security_level = encrypt }
smtp-whatever unix .. .. .. .. .. smtp
-o { smtp_tls_security_level = whatever }
Keep in mind that SMTP is not HTTP. A destination can have multiple
MXes, and you have no contol over TLS usage between them.
Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: destination based rate limiting
Gino Ferguson via Postfix-users: > Hi, > > How can one set up outbound rate limiting for a certain mail service > provider? Did you mean concurrency limit (number of parallal deliveries) or rate limit (for example, number of deliveries per minute)? > Can postfix 'recognise' that recipientdomainA, recipientdomainB > and recipientdomainC are hosted at the same mail service provider > (bigmxprovider.com) so this limiting must be applied automatically? > > The destination is not immediately obvious by the recipient domain's > name and it would be enormous work to maintain such a list manually. You are sending multi-recipient messages, with some of those recipients in different domains that are hosted at the same email service provider. This should be possible but requires deep understanding of how Postfix works. It may be as simple as using check_recipient_mx_access with a FILTER action, or it may require a more subtle approach. Please let us know what you really need. To get an idea of the complexities, there is a thread that covers provider-dependent routing starting at https://www.mail-archive.com/postfix-users@postfix.org/msg91619.html The context is selective relaying through a content filter, but it could be tweaked to imnplement selective relaying through an email service providers. Relevant responses by Michael Storz and Viktor Dukhovni at https://www.mail-archive.com/postfix-users@postfix.org/msg91632.html https://www.mail-archive.com/postfix-users@postfix.org/msg91634.html Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Different set of milters for one domain?
Dan Mahoney (Gushi) via Postfix-users:
> Hey there all,
>
> Dayjob sometimes receives mail for one domain that we'd like to have
> bypass certain milters (specifically, we want to exempt them from some
> filtering/scanning mitlers since the domain is pretty much entirely
> passthrough) --
The recipient domain is not known until deep into the SMTP session.
> Is there an easy way to do this in postfix without completely splitting
> the config up?
You don't need to split much, just the smtpd service. If it
is added to an existing Postfix instance it may be as simple as:
master.cf:
1.2.3.5:smtp inet n - n - - smtpd
-o { smtpd_milters = }
with suitable MX and A records to direct mail there.
This additional smtpd service for would have an empty smtpd_milters
setting, and perhaps a -o { name = value } override to reject mail
for other domains (relay_domains or access map).
(it's a bit more complicated if this service is implemented by a
separate Postfix instance, because you would have to make sure that
other Postfix instances don't listen on a wildcard IP address because
they would receive mail for 1.2.3.5 when that service is down).
Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: max_use and smtp connection cache
Amit Gupta via Postfix-users: > Is there any relation between max_use and the smtp connection cache? C None whatsoever. The max_use parameter specifies a limit for number of consequtive client connections that a short-lived Postfix daemon process will handle before it terminates. For example, a Postfix smtpd(8), cleanup(8), and smtp(8) process will handle up to 100 consecutive client connections, while the long-lived qmgr(8) daemon has no such limit. Wietse > I read the documentation for max_use (default: 100) and was unclear what it > means when it's "ignored by the Postfix queue manager and by other > long-lived Postfix daemon processes". Could you give some examples of > where max_use would have an effect? > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Success DSN for virtual mailboxes not working
Nuno Pereira via Postfix-users: > Hello. > > We have a setup where postifix is configured to send all mails sent to domain > virtualdomain.com are virtual and sent to realdomain.com. > > This is done with the following configuration: > > virtual_alias_domains = virtualdomain.com > > virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-email2email.cf > > virtual_mailbox_domains = realdomain.com ... > The problem is with DSN for success messages: they're not returned for emails > sent to @virtualdomain.com, but are for ones sent to @realdomain.com (which > aren't a virtual on it's own). When an alias is 1-many or when a virtual address is aliased to a (different) real address, Postfix will send a DSN with action=expanded for the virtual address. So maybe you should look for Postfix logs with "action=expanded" notificiations. The reason for sending an action=expanded DSN (with the virtual address in the "Final-Recipient:" field) instead of action=success (with the real address in the "Final-Recipient:" field) is that Postfix tries to avoid revealing the real address to the sender. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Success DSN for virtual mailboxes not working
Nuno Pereira via Postfix-users: > > De: Wietse Venema via Postfix-users > > Enviada: 30 de mar?o de 2023 21:25 > > Para: Postfix users > > Assunto: [pfx] Re: Success DSN for virtual mailboxes not working > > > > Nuno Pereira via Postfix-users: > > > Hello. > > > > > > We have a setup where postifix is configured to send all mails sent to > > > domain virtualdomain.com are virtual and sent to realdomain.com. > > > > > > This is done with the following configuration: > > > > > > virtual_alias_domains = virtualdomain.com > > > > > > virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-email2email.cf > > > > > > virtual_mailbox_domains = realdomain.com > > ... > > > The problem is with DSN for success messages: they're not returned for > > > emails sent to @virtualdomain.com, but are for ones sent to > > > @realdomain.com (which aren't a virtual on it's own). > > > > When an alias is 1-many or when a virtual address is aliased to a > > (different) real address, Postfix will send a DSN with action=expanded for > > the > virtual > > address. So maybe you should look for Postfix logs with "action=expanded" > > notificiations. > > > > The reason for sending an action=expanded DSN (with the virtual address in > > the > > "Final-Recipient:" field) instead of action=success (with the real address > > in > the > > "Final-Recipient:" field) is that Postfix tries to avoid revealing the real > address to the > > sender. > > I can't find that information on postfix logs. Is there anything that I should > activate to log it? > And as we're at logs, is there any configuration that enables logging of > emails > for which a success DSN (delivery receipt) was requested? When I send a mesage with notify=success to a virtual alias, that results in a sender notification. Logging: Mar 31 07:29:50 spike postfix/cleanup[72315]: 4PnykQ6rRgzJrP3: message-id=<4pnykq6rrgzj...@spike.porcupine.org> Mar 31 07:29:51 spike postfix/qmgr[34836]: 4PnykQ6rRgzJrP3: from=, size=350, nrcpt=1 (queue active) Mar 31 07:29:51 spike postfix/local[72318]: 4PnykQ6rRgzJrP3: to=, orig_to=, relay=local, delay=0.15, delays=0.13/0.0077/0/0.0039, dsn=2.0.0, status=sent (delivered to command: umask 077; exec /usr/local/bin/filter) Mar 31 07:29:51 spike postfix/cleanup[72315]: 4PnykR0h1BzJrP1: message-id=<4pnykr0h1bzj...@spike.porcupine.org> Mar 31 07:29:51 spike postfix/bounce[72317]: 4PnykQ6rRgzJrP3: sender delivery status notification: 4PnykR0h1BzJrP1 Mar 31 07:29:51 spike postfix/qmgr[34836]: 4PnykR0h1BzJrP1: from=<>, size=2572, nrcpt=1 (queue active) Mar 31 07:29:51 spike postfix/qmgr[34836]: 4PnykQ6rRgzJrP3: removed Mar 31 07:29:51 spike postfix/local[72318]: 4PnykR0h1BzJrP1: to=, relay=local, delay=0.12, delays=0.11/0.0038/0/0.0035, dsn=2.0.0, status=sent (delivered to command: umask 077; exec /usr/local/bin/filter) Mar 31 07:29:51 spike postfix/qmgr[34836]: 4PnykR0h1BzJrP1: removed The original message is logged with queue ID 4PnykQ6rRgzJrP3. The cleanup daemon does not log the status=expanded, but it does request a DSN, which is logged with queue ID 4PnykR0h1BzJrP1. Content of delivery status notification:: >From MAILER-DAEMON Fri Mar 31 07:29:51 2023 Return-Path: <> X-Original-To: wie...@porcupine.org Delivered-To: wie...@porcupine.org Received: by spike.porcupine.org (Postfix) id 4PnykR0h1BzJrP1; Fri, 31 Mar 2023 07:29:51 -0400 (EDT) DKIM-Signature: ...omitted... Date: Fri, 31 Mar 2023 07:29:51 -0400 (EDT) From: Mail Delivery System Subject: Successful Mail Delivery Report To: wie...@porcupine.org Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="4PnykQ6rRgzJrP3.1680262191/spike.porcupine.org" Content-Transfer-Encoding: 8bit Message-Id: <4pnykr0h1bzj...@spike.porcupine.org> This is a MIME-encapsulated message. --4PnykQ6rRgzJrP3.1680262191/spike.porcupine.org Content-Description: Notification Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit This is the mail system at host spike.porcupine.org. Your message was successfully delivered to the destination(s) listed below. If the message was delivered to mailbox you will receive no further notifications. Otherwise you may still receive notifications of mail delivery errors from other systems. The mail system : alias expanded --4PnykQ6rRgzJrP3.1680262191/spike.porcupine.org Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; spike.porcupine.org X-Postfix-Queue-ID: 4PnykQ6rRgzJrP3 X-Postfix-Sender: rfc822; wie...@porcupine.org Arriva
[pfx] Re: Success DSN for virtual mailboxes not working
Nuno Pereira via Postfix-users: > Logs of message with success DSN sent: > > Mar 31 13:26:16 MAIL01 postfix/cleanup[110]: 21069213F: > message-id= uYAAA4AABB+0ZLW85dyTYzsfdF+fjJNAQA=@otherdomain.com> > Mar 31 13:26:19 MAIL01 MailScanner[1402982]: Requeue: 21069213F.A0295 to > C91CB2217 > Mar 31 13:26:19 MAIL01 dovecot: > lmtp(nuno.pere...@virtualdomain.com)<1448368>: > msgid= 4AABB+0ZLW85dyTYzsfdF+fjJNAQA=@otherdomain.com>: saved mail to > INBOX > Mar 31 13:26:19 MAIL01 dovecot: lmtp(1448368): Disconnect from local: Client > has > quit the connection (state=READY) > Mar 31 13:26:19 MAIL01 postfix/lmtp[1444780]: C91CB2217: > to=, > relay=mail01.nortenet.pt[private/dovecot-lmtp], delay=3, delays=2.9/0/0/0.07, > dsn=2.0.0, status=sent (250 2.0.0 > CCo8BWvRJmSwGRYAi7tdOA Saved) > Mar 31 13:26:19 MAIL01 postfix/cleanup[110]: 26C44213F: > message-id=<20230331122619.26c442...@mail01.nortenet.pt> > Mar 31 13:26:19 MAIL01 postfix/qmgr[3435793]: 26C44213F: from=<>, size=3618, > nrcpt=1 (queue active) > Mar 31 13:26:19 MAIL01 postfix/bounce[1449644]: C91CB2217: sender delivery > status notification: 26C44213F > Mar 31 13:26:19 MAIL01 postfix/qmgr[3435793]: C91CB2217: removed > Mar 31 13:26:19 MAIL01 postfix/smtp[1449595]: 26C44213F: > to=, relay=a.mx.interacesso.pt[212.13.45.18]:25, > delay=0.02, delays=0/0/0.02/0, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as > 2BAA81D38) > Mar 31 13:26:19 MAIL01 postfix/qmgr[3435793]: 26C44213F: removed Above a DSN is created with: > Mar 31 13:26:19 MAIL01 postfix/bounce[1449644]: C91CB2217: sender delivery > status notification: 26C44213F Which is delivered as expected. > Logs of message with success DSN not sent: > > Mar 31 13:25:39 MAIL01 postfix/cleanup[110]: E3F7220E5: > message-id= uYAAA4AABAEaRBcggJbQphyIaiykwwrAQA=@otherdomain.com> > Mar 31 13:25:43 MAIL01 MailScanner[1402982]: Requeue: E3F7220E5.A2EE1 to > 048FA228D > Mar 31 13:26:19 MAIL01 postfix/qmgr[3435793]: C91CB2217: > from=, size=27235, nrcpt=1 (queue active) > Mar 31 13:25:43 MAIL01 postfix/qmgr[3435793]: 048FA228D: > from=, size=20866, nrcpt=1 (queue active) > Mar 31 13:25:43 MAIL01 dovecot: lmtp(1448368): Connect from local > Mar 31 13:25:43 MAIL01 MailScanner[1402982]: Unscanned: Delivered 1 messages > Mar 31 13:25:43 MAIL01 MailScanner[1402982]: Deleted 1 messages from > processing-database > Mar 31 13:25:43 MAIL01 MailScanner[1402982]: MailWatch: Logging message > E3F7220E5.A2EE1 to SQL > Mar 31 13:25:43 MAIL01 MailScanner[1405172]: MailWatch: E3F7220E5.A2EE1: > Logged > to MailWatch SQL > Mar 31 13:25:43 MAIL01 dovecot: > lmtp(nuno.pere...@interacesso.pt)<1448368>: > msgid= 4AABAEaRBcggJbQphyIaiykwwrAQA=@otherdomain.com>: saved mail to > INBOX > Mar 31 13:25:43 MAIL01 postfix/lmtp[1448361]: 048FA228D: > to=, orig_to=, > relay=mail01.nortenet.pt[private/dovecot-lmtp], delay=3.2, > delays=3.1/0/0/0.06, > dsn=2.0.0, status=sent (250 2.0.0 > iPZaA0fRJmSwGRYAi7tdOA Saved) > Mar 31 13:25:43 MAIL01 postfix/qmgr[3435793]: 048FA228D: removed Here, no sender notification is created: there is no logging that says: > MAIL01 postfix/bounce[XXX]: : sender delivery > status notification: Either the original message had no "notify=success", or MailScanner mis-handled the Postfix queue file record. There is a history of MailScanner breaking DSN Success notification, see for example https://github.com/E-F-A/v4/issues/193 - the bug report has two examples: one example where a success DSN is created, and one example where no success DSN is created. Perhaps that sounds familiar to you. For a workaround, see https://github.com/E-F-A/v4/issues/193#issuecomment-688494424 https://github.com/E-F-A/v4/issues/193#issuecomment-688494619 If you still believe that this is a Postfix problem, then you MUST reproduce the problem WITHOUT USING MailScanner. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Success DSN for virtual mailboxes not working
There is a difference in MailScanner logging when a SUCCESS DSN is created and when it is not created. Wietse Venema via Postfix-users: > Nuno Pereira via Postfix-users: > > Logs of message with success DSN sent: > > > > Mar 31 13:26:16 MAIL01 postfix/cleanup[110]: 21069213F: > > message-id= > uYAAA4AABB+0ZLW85dyTYzsfdF+fjJNAQA=@otherdomain.com> > > Mar 31 13:26:19 MAIL01 MailScanner[1402982]: Requeue: 21069213F.A0295 to > > C91CB2217 > > Mar 31 13:26:19 MAIL01 dovecot: > > lmtp(nuno.pere...@virtualdomain.com)<1448368>: > > msgid= > 4AABB+0ZLW85dyTYzsfdF+fjJNAQA=@otherdomain.com>: saved mail to > > INBOX > > Mar 31 13:26:19 MAIL01 dovecot: lmtp(1448368): Disconnect from local: > > Client has > > quit the connection (state=READY) > > Mar 31 13:26:19 MAIL01 postfix/lmtp[1444780]: C91CB2217: > > to=, > > relay=mail01.nortenet.pt[private/dovecot-lmtp], delay=3, > > delays=2.9/0/0/0.07, > > dsn=2.0.0, status=sent (250 2.0.0 > > CCo8BWvRJmSwGRYAi7tdOA Saved) > > Mar 31 13:26:19 MAIL01 postfix/cleanup[110]: 26C44213F: > > message-id=<20230331122619.26c442...@mail01.nortenet.pt> > > Mar 31 13:26:19 MAIL01 postfix/qmgr[3435793]: 26C44213F: from=<>, size=3618, > > nrcpt=1 (queue active) > > Mar 31 13:26:19 MAIL01 postfix/bounce[1449644]: C91CB2217: sender delivery > > status notification: 26C44213F > > Mar 31 13:26:19 MAIL01 postfix/qmgr[3435793]: C91CB2217: removed > > Mar 31 13:26:19 MAIL01 postfix/smtp[1449595]: 26C44213F: > > to=, > > relay=a.mx.interacesso.pt[212.13.45.18]:25, > > delay=0.02, delays=0/0/0.02/0, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued > > as > > 2BAA81D38) > > Mar 31 13:26:19 MAIL01 postfix/qmgr[3435793]: 26C44213F: removed > > Above a DSN is created with: > > > Mar 31 13:26:19 MAIL01 postfix/bounce[1449644]: C91CB2217: sender delivery > > status notification: 26C44213F Note that the above has no MailWatch logging. > > Logs of message with success DSN not sent: > > > > Mar 31 13:25:39 MAIL01 postfix/cleanup[110]: E3F7220E5: > > message-id= > uYAAA4AABAEaRBcggJbQphyIaiykwwrAQA=@otherdomain.com> > > Mar 31 13:25:43 MAIL01 MailScanner[1402982]: Requeue: E3F7220E5.A2EE1 to > > 048FA228D > > Mar 31 13:26:19 MAIL01 postfix/qmgr[3435793]: C91CB2217: > > from=, size=27235, nrcpt=1 (queue active) > > Mar 31 13:25:43 MAIL01 postfix/qmgr[3435793]: 048FA228D: > > from=, size=20866, nrcpt=1 (queue active) > > Mar 31 13:25:43 MAIL01 dovecot: lmtp(1448368): Connect from local > > Mar 31 13:25:43 MAIL01 MailScanner[1402982]: Unscanned: Delivered 1 messages > > Mar 31 13:25:43 MAIL01 MailScanner[1402982]: Deleted 1 messages from > > processing-database > > Mar 31 13:25:43 MAIL01 MailScanner[1402982]: MailWatch: Logging message > > E3F7220E5.A2EE1 to SQL > > Mar 31 13:25:43 MAIL01 MailScanner[1405172]: MailWatch: E3F7220E5.A2EE1: > > Logged > > to MailWatch SQL > > Mar 31 13:25:43 MAIL01 dovecot: > > lmtp(nuno.pere...@interacesso.pt)<1448368>: > > msgid= > 4AABAEaRBcggJbQphyIaiykwwrAQA=@otherdomain.com>: saved mail to > > INBOX > > Mar 31 13:25:43 MAIL01 postfix/lmtp[1448361]: 048FA228D: > > to=, orig_to=, > > relay=mail01.nortenet.pt[private/dovecot-lmtp], delay=3.2, > > delays=3.1/0/0/0.06, > > dsn=2.0.0, status=sent (250 2.0.0 > > iPZaA0fRJmSwGRYAi7tdOA Saved) > > Mar 31 13:25:43 MAIL01 postfix/qmgr[3435793]: 048FA228D: removed > > Here, no sender notification is created: there is no logging that says: > > > MAIL01 postfix/bounce[XXX]: : sender delivery > > status notification: Note that this message had "MailScanner" logging that the first mssage had not: > > Mar 31 13:25:43 MAIL01 MailScanner[1402982]: Unscanned: Delivered 1 messages > > Mar 31 13:25:43 MAIL01 MailScanner[1402982]: Deleted 1 messages from > > processing-database > > Mar 31 13:25:43 MAIL01 MailScanner[1402982]: MailWatch: Logging message > > E3F7220E5.A2EE1 to SQL > > Mar 31 13:25:43 MAIL01 MailScanner[1405172]: MailWatch: E3F7220E5.A2EE1: > > Logged > > to MailWatch SQL "Deleted 1 messages from processing-database" could that be the lost SUCCESS DSN? > If you still believe that this is a Postfix problem, then you MUST > reproduce the problem WITHOUT USING MailScanner. And I'll keep that requirement. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Issues on incoming queue
Israel britto via Postfix-users: [ Charset ISO-8859-1 converted... ] > Hey, I have a strange problem, my incoming queue is growing and my active and > deferred queues are low on queue items. I checked and I have a lot of > incoming mailer-daemon and double-bounce emails, is there a way to discard > these messages? > I've already tried to create a transport_map by sending all incoming messages > to my domain to be discarded, like this @mydomain discard:silently > But even so I continue to be flooded with messages of this type in incoming. > Has anyone had this problem that can help me? Likely, you have broken recipient address validation. Start by looking for "@domain" wildcards in virtual_alias_maps or relay_recipient_maps, and replace that with valid recipient addresses. If relay_recipient_maps is empty, and relay_domains is non-empty, relay_recipient_maps needs to be populated with valid recipient addresses. If you can't create a list of valid recipient addresses, you need to implement recipient address verification as described in https://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Re: Issues on incoming queue
Ralf Hildebrandt via Postfix-users: > * Wietse Venema via Postfix-users : > > > Start by looking for "@domain" wildcards in virtual_alias_maps or > > Somewhat related: I was under the impression that virtual_alias_maps > "@domainA @domainB" did NOT break recipient verifiction. Or am I > hallucinating? Without reject_unverified_recipient, @domain breaks SMTP recipient validation, as does an empty relay_recipient_maps setting. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: secondary MX server
fh--- via Postfix-users: > > > > > If I remember correctly, someone mentioned NoListing recently on that > > list. > > For this, you *need* a secondary MX, and it is actually your main mail > > server - the primary MX never accepts mail... > > Hallo, > > 1. what's the advantage of this architecture? > 2. how to make primary MX not accepting messages? Found with a web search engine. https://en.wikipedia.org/wiki/Nolisting Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: pf snap 3.8-20230402 mem corruption issues
Florian Piekert via Postfix-users: Checking application/pgp-signature: FAILURE -- Start of PGP signed section. > Hello all, > > I get dozens of > Apr 6 10:34:22 blueberry postfix/smtp[2590]: panic: myfree: corrupt or > unallocated memory block > Apr 6 10:34:23 blueberry postfix/qmgr[4313]: warning: private/smtp socket: > malformed response > Apr 6 10:34:23 blueberry postfix/qmgr[4313]: warning: transport smtp > failure -- see a previous warning/fatal/panic logfile record for the problem > description > Apr 6 10:34:23 blueberry postfix/master[4311]: warning: process > /usr/lib/postfix/smtp pid 2590 killed by signal 6 > Apr 6 10:34:23 blueberry postfix/master[4311]: warning: > /usr/lib/postfix/smtp: bad command startup -- throttling > > with the current snapshot of 3.8-20230402 on ubuntu. The 3.8-20230314 runs > smoothly. > > Did anybody else encounter this (yet)? I have some, starting after I updated from 3.8-202304331 to 3.8-20230402. This was not found running the tests under Valgrind. Apr 4 07:29:42 spike postfix/smtp[37107]: 4PrQXP6G74zJrP4: to=<...@gmail.com>, relay=gmail-smtp-in.l.google.com[142.251.16.26]:25, delay=1.4, delays=0.58/0.015/0.19/0.62, dsn=2.0.0, status=sent (250 2.0.0 OK 1680607782 u2-2002...2112qta.687 - gsmtp) Apr 4 07:29:42 spike postfix/smtp[37107]: panic: myfree: corrupt or unallocated memory block There are two changes, one in util/match_list.c, and one in DNS client code dns/dns.h and dns/dns_rr.c. Investigating. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: pf snap 3.8-20230402 mem corruption issues
Wietse Venema via Postfix-users: > I have some, starting after I updated from 3.8-202304331 to 3.8-20230402. > This was not found running the tests under Valgrind. > > Apr 4 07:29:42 spike postfix/smtp[37107]: 4PrQXP6G74zJrP4: > to=<...@gmail.com>, relay=gmail-smtp-in.l.google.com[142.251.16.26]:25, > delay=1.4, delays=0.58/0.015/0.19/0.62, dsn=2.0.0, status=sent (250 2.0.0 OK > 1680607782 u2-2002...2112qta.687 - gsmtp) > Apr 4 07:29:42 spike postfix/smtp[37107]: panic: myfree: corrupt or > unallocated memory block > > There are two changes, one in util/match_list.c, and one in DNS client code > dns/dns.h and dns/dns_rr.c. Investigating. In postfix-3.8-20230402 I updated dns_rr_create() and dns_rr_free(), but forgot to update dns_rr_copy(). I'll issue postfix-3.8-20230406 later today. No mail is lost, the SMTP client panics after completing a delivery. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Success DSN for virtual mailboxes not working
Nuno Pereira via Postfix-users: > My best guess for now is that the virtuals are messing around with notify. Is > there any way to put it marking the virtual destination as the final > destination, even not being so? I have demonstrated that Postfix will send "success" notification after virtual alias expansion of a recipient that has a notify=success property. You are using MailScanner which has at least one problem with propagating DSN notify requests. For example: Postfix -milter-protocol-> MailScaner -qmqp-protocol-> Postfix If you can't run Postfix without MailScanner the you will have to demonstrate that: - MailScanner generates a message with a recipient that has a notify=success property. - Postfix delivers that message without creating a sender notification after virtual alias expansion of that recipient. - MailScanner does not drop the sender noticiation. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: simple content filter for outgoing message
Corey Hickman via Postfix-users: > Hello buddies, > > I just want to make some simple filters for outgoing messages. > for example, the message content has some keywords (like "VPN sale") > included, it will be rejected by the system. > > I know there are the software Rspamd and Spamassassin, but they are too > heavy for my simple usage. > > Do you have any other ideas? Builtin: header_checks, body_checks, Plugin: milter-regex Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: pf snap 3.8-20230402 mem corruption issues
Steffen Nurpmeso via Postfix-users: > Wietse Venema wrote in > <4pshgn4l8vzj...@spike.porcupine.org>: > |Wietse Venema via Postfix-users: > |> I have some, starting after I updated from 3.8-202304331 to 3.8-2023040\ > |> 2. > > There are snapshots, there is source access beyond regular > releases? There are stable releases (postfix-n.n.n), unstable releases (postfix-n.n-mmdd) and non-production releases. With respect to your other questions, I have no desire to re-invent all those other wheels, too. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: confused about two options
tom--- via Postfix-users: > Hello, > > 1. use MIME encoding for 8bit chars I suppose you mean that you encode message header or boody content using Base64 or Quoted-Printable. > 2. Content-Transfer-Encoding: 7bit Both base64 and quoted-printable are 7-bit transfer encodings. > Do they mean the same stuff? No. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: invalid and non-fqdn hostname
raf via Postfix-users: > > From reading the code, these two restrictions seem equivalent except when > > SMTPUTF8 extension is used. > > when the SMTPUTF8 is in play, reject_non_fqdn_helo_hostname will convert a > > hostname containing UTF to an internationalized domain name > > before checking. https://en.wikipedia.org/wiki/Internationalized_domain_name > > > > So reject_invalid_helo_hostname will reject hostnames that contain UTF8 but > > are otherwise valid. The implementation almost gets this right. reject_invalid_helo_hostname only allows valid ASCII forms. There is a source-code comment "Fix 20140706" that EAI is not allowed here. reject_non_fqdn_helo_hostname allows UTF-8 if the client requests SMTPUTF8, which makes no sense because EHLO must be sent before the client can request SMTPUTF8 support. This was not fixed on 20140706, apparently the result of a classical mistake: fix one problem and assume that there are not other instances of that problem. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Headers and Forwarding
Viktor Dukhovni via Postfix-users: > Apparently, reading RFC5321 and RFC5322 is too tedious. Reading RFCs is so old-school. It's much easier to be ignorant. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Question to reject_rbl_client zen.spamhaus.org
tom--- via Postfix-users: > I have this setting in main.cf: > > smtpd_recipient_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination, > check_policy_service unix:private/policyd-spf, > reject_rbl_client zen.spamhaus.org, > reject_rbl_client bl.spamcop.net > > When I sent message from a Spamhaus Zen listed IP (this IP not in my > whitelist), the message still came into system. > it seemsreject_rbl_client zen.spamhaus.org has no effect. > Where should i debug it? By studying Postfix documentation? http://www.postfix.org/SMTPD_ACCESS_README.html#lists Each restriction list is evaluated from left to right until some restriction produces a result of PERMIT, REJECT or DEFER (try again later). The end of each list is equivalent to a PERMIT result. In your case, reject_rbl_client was NOT USED because permit_mynetworks, permit_sasl_authenticated, or check_policy_service returned a PERMIT result. @Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: REPOST: Envelope sender is not modified correctly
How do you specify the test message envelope sender addresses? You can't put them in a message header (From:, Return-Path:, etc.). Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: REPOST: Envelope sender is not modified correctly
Fran?ois via Postfix-users: > mail program links to mailx. mailx man page says: > > -r address > Sets the From address. Overrides any from variable specified Envelope from? Header from? Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: REPOST: Envelope sender is not modified correctly
Fran?ois via Postfix-users:
> >Envelope from? Header from?
>
> I just don't know. I tried to find the info but could not. My best guess:
> header from.
It sets both.
With a very simple canonical map
main.cf:
canonical_maps = inline:{{f...@porcupine.org = b...@porcupine.org}}
Command:
echo test|mail -r f...@porcupine.org wietse
Logging shows f...@porcupine.org before canonical mapping, and
b...@porcupine.org after canonical mapping.
Apr 9 16:32:06 wzv postfix/pickup[263275]: 9E0E0A01AA: uid=0
from=
...
Apr 9 16:32:06 wzv postfix/qmgr[263274]: 9E0E0A01AA:
from=, size=405, nrcpt=1 (queue active)
I used the inline map to keep the example as simple as possible. It is very
easy to make mistakes with regular expressions (by forgetting ^, \, or $).
Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: REPOST: Envelope sender is not modified correctly
Fran?ois via Postfix-users: > I'm sorry if any part of my request seemed disagreeable: not my intention. > > I did post the relevant parts (I believe) of main.cf: > > canonical_maps = regexp:/etc/postfix/canonical > canonical_classes = envelope_sender You failed to post "postconf -n" output as requested. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postfix and opendkim
Fourhundred Thecat via Postfix-users: > Hello, > > I am setting up opendkim on my postfix server: > > what is the practical difference between using inet or UNIX domain > socket in /etc/opendkim.conf ? > > If I leave socket at the default settings: > >Socket local:/var/run/opendkim/opendkim.sock Here, the socket is bound to a name in the file system, and directory access permissions are in effect (the permissions on the socket name itself may not have any observable effect). > What do I need to put into /etc/postfix/main.cf instead of inet:localhost ? > >smtpd_milters = inet:localhost:8891 This is not subject to directory access permissions. Any process on the local machine can talk to the opendkim service. > I am not using chroot for my postfix installation, so I assume I don't > need inet and can use UNIX domain socket ? Both would work. > Or what is the practical difference? One can have directory access permissions, the other is world readable (for processes on the same machine). Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: HELO checks for desktop clients
Did you set 'smtpd_delay_reject=no'? Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: SPF: HELO does not publish an SPF Record
Fourhundred Thecat via Postfix-users: > > On 2023-04-12 14:48, Byung-Hee HWANG via Postfix-users wrote: > >>2) change smtp_helo_name to > >> > >> smtp_helo_name = $mydomain > > > > It is very strange, i think. > > what do you mean? > is it strange to use example.com, instead of mail.example.com as > smtp_helo_name, when the smtp client is actually mail.example.com ? The smtp_helo_name used in the Postfix SMTP client should resolve to the client IP address that is seen by a remote SMTP server. Thus, setting smtp_helo_name=$mydomain may appear to work when your domain has only one machine that sends email, but it does not work well when there are multiple machines. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: SPF: HELO does not publish an SPF Record
Fourhundred Thecat via Postfix-users: > > On 2023-04-12 15:30, Wietse Venema via Postfix-users wrote: > > Fourhundred Thecat via Postfix-users: > >> > On 2023-04-12 14:48, Byung-Hee HWANG via Postfix-users wrote: > > > > The smtp_helo_name used in the Postfix SMTP client should resolve to the > > client IP address that is seen by a remote SMTP server. > > > > Thus, setting smtp_helo_name=$mydomain may appear to work when your > > domain has only one machine that sends email, but it does not work > > well when there are multiple machines. > > OK, I see. > So should the client (mail.example.com) then have it's own SPF record, > in addition to the domain itself (example.com) ? Yes, if you must use SPF. In that case you may also want to "close a loophole", by configuring one SPF record for every name in the domain that does NOT send email. Otherwise those names would not be "protected" with SPF (would evaluate to "neutral"). Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Postfix 3.8 release candidsate 1
I'm wrapping up the Postfix 3.8 stable release, and have rolled out a release candidate postfix-3.8.0-RC1. This is mainly so that people can find out if Postfix 3.8 will build and run as expected. The changes involve code and documentation improvements, SRV record lookup, configuration for a feature new in OpenSSL 3.0, and removal of TLS features that are no longer available in OpenSSL 1.1.1 (the minimum version required in Postfix 3.6 and later). Separately, I'll do a bug-fix release for Postfix stable releases 3.4 - 3.7. AFter ths, Postfix 3.4 will no longer receive updates. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: temporary lookup error with utf8mb4 characters
V?ctor Rubiella Monfort via Postfix-users:
> Hi again,
>
> I realized than same error is raised when database is in utf8 if email
> contains utf8mb4 characters.
>
> Which is the convenient database collation for postfix? We can force
> postfix to accept only utf8 characters?.
With "smtputf8_enable = yes" in main.cf, Postfix will accept
well-formed UTF-8. However, before Postfix 3.8, the Postfix pgsql:
client code sets the client encoding to LATIN1.
The client encoding is configurable (default: UTF8) with Postfix
3.8 which is to be released soon (postfix-3.8.0-RC1 was published
a few days ago).
As for the temp error becoming persistent, the Postfix pgsql: client
code returns an error when it gets an error from all of the hosts
configured in the Postfix pgsql: client configuration file, or when
all hosts have been flagged as 'down'. If a host returns an error
then the Postfix pgsql: client code flags that host as 'down', and
resets that 'down' state after about 60 seconds.
In your case having multiple hosts configured in the Postfix pgsql:
client configuration would not help, because they would have the
same error.
Wietse
>
>
> El 13/4/23 a las 18:36, V?ctor Rubiella Monfort via Postfix-users escribi?:
> > When mysql_table lookup is executing nonascii characters and database
> > is in latin1, not only fails query, all sesion/connection is corrupted
> > and produces a lot of "temporary lookup table" errors until sesion is
> > recreated (about 1 minute later).
> >
> > Today some external ip was trying to deliver an email with special
> > character on one on my legacy servers (with latin1) and produces this
> > errors.
> >
> > I can understant that lookup fails for query with special characters,
> > but main issue was for all raised failures for other accounts and
> > lookups during 1-2 minutes. This is a knew issue?.
> >
> >
> > I deploy an workaround using "CONVERT('%s' using ascii)" until not
> > pass all database tables to utf8.
> >
> > The main problem debuging this issue was "proxy:mysql" , "proxy" was
> > hiding original collation error and only shows regular lookup errors
> > on postfix log, when user "postmap" to debug, I only see root cause
> > when execute without "proxy".
> >
> > postfix versions tested:
> >
> > postfix 3.5.17-0+deb11u1
> > postfix-mysql??? 3.5.17-0+deb11u1
> >
> > postfix 3.5.15-0+deb11u1
> > postfix-mysql??? 3.5.15-0+deb11u1
> >
> >
> >
> >
> > ___
> > Postfix-users mailing list -- postfix-users@postfix.org
> > To unsubscribe send an email to postfix-users-le...@postfix.org
> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
>
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: temporary lookup error with utf8mb4 characters
Wietse Venema via Postfix-users:
> As for the temp error becoming persistent, the Postfix pgsql: client
> code returns an error when it gets an error from all of the hosts
> configured in the Postfix pgsql: client configuration file, or when
> all hosts have been flagged as 'down'. If a host returns an error
> then the Postfix pgsql: client code flags that host as 'down', and
> resets that 'down' state after about 60 seconds.
As implemented, the Postfix pgsql: clien code treats all errors as
a connection failure, and skips the connection for 60 seconds. That
may not be optimal when an error is data dependent.
What error did Postfix log for a bad query? It would be helpful if
you could look in your logs for the exact error message.
The relevant code is below my signature.
Wietse
if ((res = PQexec(host->db, vstring_str(query))) != 0) {
...
switch ((status = PQresultStatus(res))) {
case PGRES_TUPLES_OK:
case PGRES_COMMAND_OK:
/* Success. */
if (msg_verbose)
msg_info("dict_pgsql: successful query from host %s",
host->hostname);
event_request_timer(dict_pgsql_event, (void *) host,
dict_pgsql->idle_interval);
return (res);
case PGRES_FATAL_ERROR:
msg_warn("pgsql query failed: fatal error from host %s: %s",
host->hostname, PQresultErrorMessage(res));
break;
case PGRES_BAD_RESPONSE:
msg_warn("pgsql query failed: protocol error, host %s",
host->hostname);
break;
default:
msg_warn("pgsql query failed: unknown code 0x%lx from host %s",
(unsigned long) status, host->hostname);
break;
}
} else {
...
msg_warn("pgsql query failed: fatal error from host %s: %s",
host->hostname, PQerrorMessage(host->db));
}
...
/*
* XXX An error occurred. Clean up memory and skip this connection.
*/
...
plpgsql_down_host(dict_pgsql, host);
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: temporary lookup error with utf8mb4 characters
Viktor Dukhovni via Postfix-users: > On Fri, Apr 14, 2023 at 01:06:16PM -0400, Wietse Venema via Postfix-users > wrote: > > > Wietse Venema via Postfix-users: > > > As for the temp error becoming persistent, the Postfix pgsql: client > > > code returns an error when it gets an error from all of the hosts > > > configured in the Postfix pgsql: client configuration file, or when > > > all hosts have been flagged as 'down'. If a host returns an error > > > then the Postfix pgsql: client code flags that host as 'down', and > > > resets that 'down' state after about 60 seconds. > > > > As implemented, the Postfix pgsql: clien code treats all errors as > > a connection failure, and skips the connection for 60 seconds. That > > may not be optimal when an error is data dependent. > > FWIW, the OP's issue was with MySQL, not Postgres... The database > should be configured for client and server encoding of UTF8. Oops. Where did I get that from. There is no hard-coded encoding type in the Postfix mysql client. With smtputf8_enable=yes, Postfix will accept email addresses with well-formed UTF8 (and ASCII) but not Latin1. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: any web.de staff here?
Jaroslaw Rafa via Postfix-users: > Dnia 16.04.2023 o godz. 16:32:41 Gerald Galster via Postfix-users pisze: > > > > Mails classified as spam or external forwards seemingly take another route > > via mout-xforward.web.de. These servers are SBL-listed by intention, most > > likely because the spam probability is higher in this context. This > > separation > > helps mout.web.de to maintain a better reputation. > > While I can fully understand separation of outgoing servers for different > classes of emails, who the hell intentionally puts their own outgoing > servers on a blacklist??? If I recall correctly, it has nothing to do with logic, and everything with (German) law. Once a provider's server accepts an email message, it is illegal for the provider to delete that message. By forwarding SPAM they would risk messing up their non-spam repoutation. So they forward it only from a sacrificial server that has a bad reputation. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: temporary lookup error with utf8mb4 characters
V?ctor Rubiella Monfort via Postfix-users:
> Hi, I have more info and I try to explain it better:
>
> First of all I have smtputf8_enable = no (disabled).
>
> I have several databases related with several mysql_virtual maps:
>
> - Some with utf8 + utf8_general_ci collation
>
> - Another ones with latin1 + latin1_spanish_ci.
>
> I'm using mysql-postfix (mysql_table) lookups, not postgres.
> "proxy:mysql:/XXX.cf".
>
> I can reproduce same issue with both cf files (tables with utf8 and
> tables with latin1).
>
> As I say before, the worst part is when error is raised during about 1
> minute all lookups raises failures.
>
> Error is easy to reproduce manually calling to "postmap -q
> "emailWithspecialchar" "proxy:mysql:/XXX.cf"
>
> Debugging I observe 2 things.
>
> - adding CONVERT('%s' using ascii) fix the issue but I don't want/like
> add converts on all my sql queries...
>
> - adding COLLATE utf8_general_ci raises error "this collate is not valid
> for utf8mb4". This error shows me than mysql_table lookup connections
> are using "utf8mb4" charset by default.
>
> My conclusion to hard-solve this issue on my system is transform all
> tables to utf8mb4.
>
> But:
>
> - I don't see any option to change default charset on mysql_table
> connector, maybe should be interesting add this option on configuration
> file.
Is there such an API?
> - mix collation error should raise 1 error, but next queries should be
> work ok, this could be considered and issue right?.
For the Postfix MySQL client the expected result of a query is:
- found,
- not found,
- error.
The client does not distinguish between errors, and all errors have
the same result (skip this connection for 60s). That code is almost
20 years old, so I wonder if you are doing something unusal that
other people aren't doing.
Based on https://dev.mysql.com/doc/c-api/8.0/en/mysql-next-result.html
I suppose that the client could distinguish between
errors that indicate a connection error and other errors. But that
would be a major code change.
It would help if you could show the warning that Postfix logs.
mysql:/file/name: query failed (mysql_next_result): >>>THIS TEXT
> - with "smtputf8_enable = no" I should be able to work without this kind
> of issues right?
No. With "smtputf8_enable = no", Postfix will not verify that a
query contains malformed text. This can result in errors from the
MySQL server.
On the other hand, with "smtputf8_enable = yes", Postfix will skip
a query that contains malformed UTF-8, thus avoiding errors from
the MySQL server.
> For modern protocols I can undestant change to utf8, but utf8mb4? this
> is much more expensive for the database, is it really necessary?
By design UTF-8 is a multi-byte encoding for all non-ASCII characters.
The only single-byte in UTF-8 is the ASCII subset.
Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: temporary lookup error with utf8mb4 characters
Wietse Venema via Postfix-users:
> > My conclusion to hard-solve this issue on my system is transform all
> > tables to utf8mb4.
> >
> > But:
> > - I don't see any option to change default charset on mysql_table
> > connector, maybe should be interesting add this option on configuration
> > file.
>
> Is there such an API?
Based on documentation, perhaps mysql_set_character_set() can do that.
https://dev.mysql.com/doc/c-api/8.0/en/mysql-set-character-set.html
Attached is patch 20230417-mysql-charset-patch.txt that adds a
"charset" parameter to the Postfix MySQL configuration file.
I don't have a MySQL testbed; someone else would have to test this,
or this would have to wait until I have time to set up MySQL.
> > - mix collation error should raise 1 error, but next queries should be
> > work ok, this could be considered and issue right?.
>
> For the Postfix MySQL client the expected result of a query is:
>
> - found,
>
> - not found,
>
> - error.
>
> The client does not distinguish between errors, and all errors have
> the same result (skip this connection for 60s). That code is almost
> 20 years old, so I wonder if you are doing something unusal that
> other people aren't doing.
>
> Based on https://dev.mysql.com/doc/c-api/8.0/en/mysql-next-result.html
> I suppose that the client could distinguish between
> errors that indicate a connection error and other errors. But that
> would be a major code change.
It is possible to distinguish between errors without having tp
restructure code.
Attached is patch 20230417-mysql-retry-patch.txt that more selectively
backs off from a server connection.
Again if someone else can test this, great, otherwise this will
have to wait.
Wietse
20230417
Cleanup: in the MySQL client, temporarily stay away from a
server only if the last error was caused by connection-level
failure. File: global/dict_mysql.c.
diff '--exclude=man' '--exclude=html' '--exclude=README_FILES'
'--exclude=INSTALL' '--exclude=.indent.pro' -r -ur
/var/tmp/postfix-3.9-20230416/src/global/dict_mysql.c ./src/global/dict_mysql.c
--- /var/tmp/postfix-3.9-20230416/src/global/dict_mysql.c 2023-04-16
16:44:39.0 -0400
+++ ./src/global/dict_mysql.c 2023-04-17 11:07:47.0 -0400
@@ -108,6 +108,7 @@
/* Application-specific. */
#include "dict_mysql.h"
+#include "mysql/errmsg.h"
/* MySQL 8.x API change */
@@ -546,7 +547,14 @@
* See what we got.
*/
if (query_error) {
- plmysql_down_host(host);
+ switch (mysql_errno(host->db)) {
+ case CR_COMMANDS_OUT_OF_SYNC:
+ case CR_SERVER_GONE_ERROR:
+ case CR_SERVER_LOST:
+ plmysql_down_host(host);
+ default:
+ break;
+ }
if (errno == 0)
errno = ENOTSUP;
if (first_result) {
diff '--exclude=man' '--exclude=html' '--exclude=README_FILES'
'--exclude=INSTALL' '--exclude=.indent.pro' -r -ur
/var/tmp/postfix-3.9-20230416/HISTORY ./HISTORY
--- /var/tmp/postfix-3.9-20230416/HISTORY 2023-04-16 17:09:29.0
-0400
+++ ./HISTORY 2023-04-17 11:01:00.531589777 -0400
@@ -27055,3 +27055,9 @@
Cleanup: in source-code comments, replaced redundant (and
sometimes incomplete) lookup table configuration info with
a reference to the corresponding *_table(5) manpage.
+
+20230417
+
+ Cleanup: in the MySQL client, make the default characterset
+ (and collation) configurable (the MySQL defaults are latin1
+ and latin1_swedish_ci). File: global/dict_mysql.c.
diff '--exclude=man' '--exclude=html' '--exclude=README_FILES'
'--exclude=INSTALL' '--exclude=.indent.pro' -r -ur
/var/tmp/postfix-3.9-20230416/proto/mysql_table ./proto/mysql_table
--- /var/tmp/postfix-3.9-20230416/proto/mysql_table 2022-12-27
18:01:00.0 -0500
+++ ./proto/mysql_table 2023-04-17 11:24:16.0 -0400
@@ -79,6 +79,11 @@
# .nf
# dbname = customer_database
# .fi
+# .IP "\fBcharset\fR (empty for backwards compatibility)"
+# The default client character set (and implicitly, the
+# collation order). According to MySQL documentation the
+# built-in default is "latin1"; for SMTP, "utf8" would be
+# more appropriate.
# .IP "\fBquery\fR"
# The SQL query template used to search the database, where \fB%s\fR
# is a substitute for the address Postfix is trying to resolve,
diff '--exclude=man' '--exclude=html' '--exclude=README_FILES'
'--exclude=INSTALL' '--exclude=.indent.pro' -r -ur
[pfx] Postfix stable release 3.8.0
Postfix stable release 3.8.0 is available. Postfix 3.4..3.7 will be updated soon; after that, Postfix 3.4 will no longer be updated. The main changes are below. See the RELEASE_NOTES file for further details. * Support to look up DNS SRV records in the Postfix SMTP/LMTP client, Based on code by Tomas Korbar (Red Hat). For example, with "use_srv_lookup = submission" and "relayhost = example.com:submission", the Postfix SMTP client will look up DNS SRV records for _submission._tcp.example.com, and will relay email through the hosts and ports that are specified with those records. * TLS obsolescence: Postfix now treats the "export" and "low" cipher grade settings as "medium". The "export" and "low" grades are no longer supported in OpenSSL 1.1.1, the minimum version required in Postfix 3.6.0 and later. Also, Postfix default settings now exclude deprecated or unused ciphers (SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms (DH, ECDH), and public key algorithm (DSS). * Attack resistance: the Postfix SMTP server can now aggregate smtpd_client_*_rate and smtpd_client_*_count statistics by network block instead of by IP address, to raise the bar against a memory exhaustion attack in the anvil(8) server; Postfix TLS support unconditionally disables TLS renegotiation in the middle of an SMTP connection, to avoid a CPU exhaustion attack. * The PostgreSQL client encoding is now configurable with the "encoding" Postfix configuration file attribute. The default is "UTF8". Previously the encoding was hard-coded as "LATIN1", which is not useful in the context of SMTP. * The postconf command now warns for #comment in or after a Postfix parameter value. Postfix programs do not support #comment after other text, and treat that as input. You can find the Postfix source code at the mirrors listed at https://www.postfix.org/. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: temporary lookup error with utf8mb4 characters
Gerald Galster via Postfix-users: > > > Wietse Venema via Postfix-users : > > > >>> My conclusion to hard-solve this issue on my system is transform all > >>> tables to utf8mb4. > >>> > >>> But: > > > >>> - I don't see any option to change default charset on mysql_table > >>> connector, maybe should be interesting add this option on configuration > >>> file. > >> > >> Is there such an API? > > > > Based on documentation, perhaps mysql_set_character_set() can do that. > > https://dev.mysql.com/doc/c-api/8.0/en/mysql-set-character-set.html > > > > Attached is patch 20230417-mysql-charset-patch.txt that adds a > > "charset" parameter to the Postfix MySQL configuration file. > > > I've patched postfix 3.7.4 on a low volume server. Thank you! > "charset" has to be present and defined in all mysql configs, otherwise > startup fails: > (no backwards compatibility) > > postfix/proxymap[3996]: fatal: /etc/postfix/test.mysql.cf: bad string length > 0 < 1: charset = Grr. In the patch, cfg_get_int(stuff, "charset", "", 1, 0) should be cfg_get_int(stuff, "charset", "", 0, 0) > Setting "charset" to the non-default cp1250 works (from mysql general_log): > > (terminal encoding utf8) > # postmap -q "bl?.com" mysql:/etc/postfix/relay_domains.mysql.cf > Connect postfix@localhost on postfix using Socket > Query SET NAMES cp1250 > Query SELECT destination as relaydestination FROM relay WHERE domain = > 'bl?.com' > Quit > (postfix restart) > > (terminal encoding latin1) > # postmap -q "bl?.com" mysql:/etc/postfix/relay_domains.mysql.cf > Connect postfix@localhost on postfix using Socket > Query SET NAMES cp1250 > Query SELECT destination as relaydestination FROM relay WHERE domain = > 'bl?.com' > > Unfortunately I can't help with mix collation error as this mysql 8 instance > is configured with utf8mb4/utf8_bin, skip-character-set-client-handshake and > all tables are utf8mb4. I could not trigger a collation error. No problem, I am happy that the patch does not break something that works without the patch. > +# .IP "\fBcharset\fR (empty for backwards compatibility)" > +# The default client character set (and implicitly, the > +# collation order). According to MySQL documentation the > +# built-in default is "latin1"; for SMTP, "utf8" would be > +# more appropriate. > > As of mysql 8.0 the default character set is utf8mb4: > https://dev.mysql.com/blog-archive/mysql-8-0-collations-migrating-from-older-collations/ I'll delete the comnment about "latin1" as it is MySQL version dependent. > Historically utf8 had been a mysql alias for utf8mb3: > https://dev.mysql.com/doc/refman/8.0/en/charset-unicode-utf8mb3.html Again, thanks for what you could test. The error handling should be better because the new code will no longer skip a connection for 60s after every errror, but only after an error that involves a really messed-up connection. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: temporary lookup error with utf8mb4 characters
Wietse Venema via Postfix-users: > Gerald Galster via Postfix-users: > > > > > Wietse Venema via Postfix-users : > > > > > >>> My conclusion to hard-solve this issue on my system is transform all > > >>> tables to utf8mb4. > > >>> > > >>> But: > > > > > >>> - I don't see any option to change default charset on mysql_table > > >>> connector, maybe should be interesting add this option on configuration > > >>> file. > > >> > > >> Is there such an API? > > > > > > Based on documentation, perhaps mysql_set_character_set() can do that. > > > https://dev.mysql.com/doc/c-api/8.0/en/mysql-set-character-set.html > > > > > > Attached is patch 20230417-mysql-charset-patch.txt that adds a > > > "charset" parameter to the Postfix MySQL configuration file. > > > > > > I've patched postfix 3.7.4 on a low volume server. > > Thank you! > > > "charset" has to be present and defined in all mysql configs, otherwise > > startup fails: > > (no backwards compatibility) > > > > postfix/proxymap[3996]: fatal: /etc/postfix/test.mysql.cf: bad string > > length 0 < 1: charset = > > Grr. In the patch, > > cfg_get_int(stuff, "charset", "", 1, 0) > > should be > > cfg_get_int(stuff, "charset", "", 0, 0) That should be cfg_get_str. Wietse > > Setting "charset" to the non-default cp1250 works (from mysql general_log): > > > > (terminal encoding utf8) > > # postmap -q "bl?.com" mysql:/etc/postfix/relay_domains.mysql.cf > > Connect postfix@localhost on postfix using Socket > > Query SET NAMES cp1250 > > Query SELECT destination as relaydestination FROM relay WHERE domain = > > 'bl?.com' > > Quit > > (postfix restart) > > > > (terminal encoding latin1) > > # postmap -q "bl?.com" mysql:/etc/postfix/relay_domains.mysql.cf > > Connect postfix@localhost on postfix using Socket > > Query SET NAMES cp1250 > > Query SELECT destination as relaydestination FROM relay WHERE domain = > > 'bl?.com' > > > > Unfortunately I can't help with mix collation error as this mysql 8 instance > > is configured with utf8mb4/utf8_bin, skip-character-set-client-handshake and > > all tables are utf8mb4. I could not trigger a collation error. > > No problem, I am happy that the patch does not break something that > works without the patch. > > > +# .IP "\fBcharset\fR (empty for backwards compatibility)" > > +# The default client character set (and implicitly, the > > +# collation order). According to MySQL documentation the > > +# built-in default is "latin1"; for SMTP, "utf8" would be > > +# more appropriate. > > > > As of mysql 8.0 the default character set is utf8mb4: > > https://dev.mysql.com/blog-archive/mysql-8-0-collations-migrating-from-older-collations/ > > I'll delete the comnment about "latin1" as it is MySQL version dependent. > > > Historically utf8 had been a mysql alias for utf8mb3: > > https://dev.mysql.com/doc/refman/8.0/en/charset-unicode-utf8mb3.html > > Again, thanks for what you could test. The error handling should > be better because the new code will no longer skip a connection > for 60s after every errror, but only after an error that involves a > really messed-up connection. > > Wietse > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org > ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: temporary lookup error with utf8mb4 characters
And here is a more conservative patch for MySQL client retries.
It closes the server connection after every error, and it delays
making a new server connection only after specific errors.
Closing the connection eliminates the possibility that the client
becomes stuck.
Wietse
20230417
Cleanup: in the MySQL client, temporarily stay away from a
server only if the last error was caused by a connection-level
or protocol-level failure. File: global/dict_mysql.c.
diff -ur /var/tmp/postfix-3.9-20230416/src/global/dict_mysql.c
./src/global/dict_mysql.c
--- /var/tmp/postfix-3.9-20230416/src/global/dict_mysql.c 2023-04-16
16:44:39.0 -0400
+++ ./src/global/dict_mysql.c 2023-04-17 19:17:02.0 -0400
@@ -108,6 +108,7 @@
/* Application-specific. */
#include "dict_mysql.h"
+#include "mysql/errmsg.h"
/* MySQL 8.x API change */
@@ -179,7 +180,7 @@
static int plmysql_query(DICT_MYSQL *, const char *, VSTRING *, MYSQL_RES **);
static void plmysql_dealloc(PLMYSQL *);
static void plmysql_close_host(HOST *);
-static void plmysql_down_host(HOST *);
+static void plmysql_down_host(HOST *, int);
static void plmysql_connect_single(DICT_MYSQL *, HOST *);
static const char *dict_mysql_lookup(DICT *, const char *);
DICT *dict_mysql_open(const char *, int, int);
@@ -546,7 +547,16 @@
* See what we got.
*/
if (query_error) {
- plmysql_down_host(host);
+ switch (mysql_errno(host->db)) {
+ case CR_COMMANDS_OUT_OF_SYNC:
+ case CR_SERVER_GONE_ERROR:
+ case CR_SERVER_LOST:
+ plmysql_down_host(host, RETRY_CONN_INTV);
+ break;
+ default:
+ plmysql_down_host(host, 0);
+ break;
+ }
if (errno == 0)
errno = ENOTSUP;
if (first_result) {
@@ -609,7 +619,7 @@
} else {
msg_warn("connect to mysql server %s: %s",
host->hostname, mysql_error(host->db));
- plmysql_down_host(host);
+ plmysql_down_host(host, RETRY_CONN_INTV);
}
}
@@ -625,11 +635,11 @@
* plmysql_down_host - close a failed connection AND set a "stay away from
* this host" timer
*/
-static void plmysql_down_host(HOST *host)
+static void plmysql_down_host(HOST *host, int delay)
{
mysql_close(host->db);
host->db = 0;
-host->ts = time((time_t *) 0) + RETRY_CONN_INTV;
+host->ts = time((time_t *) 0) + delay;
host->stat = STATFAIL;
event_cancel_timer(dict_mysql_event, (void *) host);
}
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: temporary lookup error with utf8mb4 characters
Gerald Galster via Postfix-users: > > > Wietse Venema via Postfix-users : > > > > And here is a more conservative patch for MySQL client retries. > > > > It closes the server connection after every error, and it delays > > making a new server connection only after specific errors. > > > > Closing the connection eliminates the possibility that the client > > becomes stuck. > > dict_mysql.c: In function 'plmysql_connect_single': > dict_mysql.c:709:13: error: too few arguments to function 'plmysql_down_host' > 709 | plmysql_down_host(host); > > > After adding RETRY_CONN_INTV to plmysql_down_host it works. > My version of 20230417-mysql-charset-patch.txt contained > plmysql_down_host(host). > > > Setting charset = testcharset yields: > > postfix/proxymap[14072]: warning: dict_mysql: mysql_set_character_set > 'testcharset' failed: Can't initialize character set testcharset (path: > compiled_in) > postfix/postmap[14078]: fatal: table > proxy:mysql:/etc/postfix/relay_domains.mysql.cf: query error: Application > error > > Mysql connects then pause for about a minute. > > Introducing a simple sql syntax error yields: > > postfix/proxymap[15610]: warning: mysql:/etc/postfix/relay_domains.mysql.cf: > query failed: You have an error in your SQL syntax... > > There is no pause, every new request hits MySQL. Well, almost. I spent some time this morning analyzing code, because I was suspicious that this 'no delay after error' fix did not cause the code to go into a fast retry loop. The reason it does not loop is that there will be a delay of up to one second, because the delay is in effect while some deadline >= current_time (the time is measured with one-second resolution). While the delay is in effect, I discovered that the MySQL client will reply with "not found" instead of "error". That bug was introduced in Postfix 3.2, a 'missing initialization' error that none of my compilers reported. I can't eliminate the up-to-one-second delay (changing the code to delay while 'deadline > current_time'), because the MySQL client would go into a fast retry loop. Fixing that would require more invasive changes than I can reasonably do in a stable release. Consdering that - the 60-second delay after error has been in effect since the MySQL client was adopted into Postfix on 19991208, - the same 60-second delay afer error exists in the PostgreSQL client, - there have been no other complaints about the 60-second delay, I'll not change the stable Postfix releases except for the "not found instead of error" bug that I mentioned above. Again, thanks for the assistance with testing. I ended up setting up a MySQL test locally. I should have done that 24 years ago. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Postfix as relay server let us send messages with anothyer domain than ours
Demi Marie Obenour via Postfix-users: > > While Postfix can to some extent enforce envelope to sender mismatches, > > the real concern is usually the "From:" header, ... whose content is not > > the MSAs job to enforce. > > A milter must be used for this. Since this, along with DMARC, is a > core responsibility of a modern MTA, I am curious if making this a > part of Postfix itself (as Exim did) has been considered. We have different ideas of what is 'core'. In my world view, progress is made by composition and specialization, not by one system trying to do everything. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: *_error_limit and exclude
natan via Postfix-users: > Hi > I have question about *_error_limit and postfix > > I have separated services like > smtp incomming and smtp outgoing and webmail > > I have roudcube which is used by several thousand users > > On smtp outgoing in main.cf: > ... > smtpd_client_connection_count_limit = 900 > smtpd_hard_error_limit = 5 > smtpd_soft_error_limit = 2 First: your limits are much smaller than the default, and second: what kinds of errors are causing Postfix to reject commands? Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Postfix legacy releases 3.7.5, 3.6.9, 3.5.19, 3.4.29
[An on-line version of this announcement will be available at
https://www.postfix.org/announcements/postfix-3.7.5.html]
This will be the last update for Postfix version 3.4.
Fixed with Postfix 3.7.5, 3.6.9, 3.5.19:
* Bugfix (problem introduced in Postfix 3.5): check_ccert_access
did not handle inline map specifications. Report and fix by
Sean Gallagher.
Fixed with Postfix 3.7.5, 3.6.9, 3.5.1, 3.4.29:
* Bugfix (problem introduced in Postfix 3.4): the posttls-finger
command failed to detect that a connection was resumed in the
case that a server did not return a certificate. Fix by Viktor
Dukhovni.
* Workaround: OpenSSL 3.x EVP_get_cipherbyname() can return
lazily-bound handles. Postfix now checks that the expected
functionality will be available instead of failing later. Fix
by Viktor Dukhovni.
* Safety: the long form "{ name = value }" in import_environment
or export_environment is not documented (with spaces around the
'='), but it was silently accepted, and it was stored in the
process environment as the invalid form "name = value", thus
not setting or overriding an entry for "name". This form is now
stored as the expected "name=value". Found during code maintenance.
* Bugfix (problem introduced in Postfix 3.2): the MySQL client
could return "not found" instead of "error" (for example,
resulting in a 5XX SMTP status instead of 4XX) during the time
that all MySQL server connections were turned down after error.
Found during code maintenance.
You can find the updated Postfix source code at the mirrors listed
at https://www.postfix.org/.
Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: 3.8.0: spawn says "command time limit exceeded"
Steffen Nurpmeso via Postfix-users: > Hello. > > On 3.8.0 services managed via spawn(8) now produce > > Apr 19 01:03:04 postfix/spawn[8485]: warning: /usr/libexec/s-postgray: > process id 8486: command time limit exceeded > Apr 19 14:43:56 postfix/spawn[19651]: warning: /usr/libexec/s-postgray: > process id 19755: command time limit exceeded > > log messages, which they did not do in the past. I find this > irritating, because the service works properly, it does not "hang" > or fails to give answers, for example: The time limit is configured in main.cf. You need to figure out the name of the correspnding master.cf entry, and then add a configuration parameter with that name: main.cf: *name*_time_limit = some suitable number Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Mailing list is being Spam Filtered by O-365
White, Daniel E. (GSFC-770.0)[AEGIS] via Postfix-users: > Is there any chance that SPF and DKIM records could be added to > appear in the headers ? The list server adds its own DKIM-Signature: on behalf of the domain postfix.org, AND it adds ARC headers and Authentication-Results: for the message as received before modiification and redistribution. However it does NOT remove existing DKIM-Signature: headers that are no longer matching header and body content. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: 3.8.0: spawn says "command time limit exceeded"
Steffen Nurpmeso: > Wietse Venema wrote in > <4q21sp16m7zj...@spike.porcupine.org>: > |Steffen Nurpmeso via Postfix-users: > |> On 3.8.0 services managed via spawn(8) now produce > |> > |> Apr 19 01:03:04 postfix/spawn[8485]: warning: /usr/libexec/s-postgray: \ > |> process id 8486: command time limit exceeded > |> Apr 19 14:43:56 postfix/spawn[19651]: warning: /usr/libexec/s-postgray:\ > |>process id 19755: command time limit exceeded > |> > |> log messages, which they did not do in the past. I find this > |> irritating, because the service works properly, it does not "hang" > |> or fails to give answers, for example: > | > |The time limit is configured in main.cf. > | > |You need to figure out the name of the correspnding master.cf > |entry, and then add a configuration parameter with that name: > | > |main.cf: > |*name*_time_limit = some suitable number > > Is there a reason this happens now? I mean, that policy thing is > waiting for postfix to ask it something, not vice versa? > But ok, will do. Thanks. The spawn daemon has always worked this way. Below is a sample from the Postfix 2.1.0 SMTPD_POLICY_README file, almost 20 years ago. Wietse 1 /etc/postfix/master.cf: 2 policy unix - n n - - spawn 3 user=nobody argv=/some/where/policy-server 4 5 /etc/postfix/main.cf: 6 smtpd_recipient_restrictions = 7 ... 8 reject_unauth_destination 9 check_policy_service unix:private/policy 10 ... 11 policy_time_limit = 3600 ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: 3.8.0: spawn says "command time limit exceeded"
Steffen Nurpmeso:
> Wietse Venema wrote in
> <4q2khr57flzj...@spike.porcupine.org>:
> |Steffen Nurpmeso:
> |> Wietse Venema wrote in
> |> <4q21sp16m7zj...@spike.porcupine.org>:
> |>|Steffen Nurpmeso via Postfix-users:
> |>|> On 3.8.0 services managed via spawn(8) now produce
> |>|>
> |>|> Apr 19 01:03:04 postfix/spawn[8485]: warning: /usr/libexec/s-postgray\
> |>|> : \
> |>|> process id 8486: command time limit exceeded
> |>|> Apr 19 14:43:56 postfix/spawn[19651]: warning: /usr/libexec/s-postgra\
> |>|> y:\
> |>|>process id 19755: command time limit exceeded
> |>|>
> |>|> log messages, which they did not do in the past. I find this
> |>|> irritating, because the service works properly, it does not "hang"
> |>|> or fails to give answers, for example:
> |>|
> |>|The time limit is configured in main.cf.
> |>|
> |>|You need to figure out the name of the correspnding master.cf
> |>|entry, and then add a configuration parameter with that name:
> |>|
> |>|main.cf:
> |>|*name*_time_limit = some suitable number
> |>
> |> Is there a reason this happens now? I mean, that policy thing is
> |> waiting for postfix to ask it something, not vice versa?
> |> But ok, will do. Thanks.
> |
> |The spawn daemon has always worked this way. Below is a sample from
> |the Postfix 2.1.0 SMTPD_POLICY_README file, almost 20 years ago.
>
> Yes, but it never logged it with a warning:, which is what this
> thread is about? I am absolutely fine with postfix rotating the
> processes, but why warn about my little policy thing, and not
> about the postfix instance going home, too?
That code has not changed since it was written 23 years ago.
Wietse
Postfix 1.0.0 spawn_command.c:
if ((err = timed_waitpid(pid, &wait_status, 0, args.time_limit)) < 0
&& errno == ETIMEDOUT) {
msg_warn("%s: process id %lu: command time limit exceeded",
args.command, (unsigned long) pid);
kill(-pid, SIGKILL);
err = waitpid(pid, &wait_status, 0);
}
Postfix 3.8.0 spawn_command.c:
if ((err = timed_waitpid(pid, &wait_status, 0, args.time_limit)) < 0
&& errno == ETIMEDOUT) {
msg_warn("%s: process id %lu: command time limit exceeded",
args.command, (unsigned long) pid);
kill(-pid, SIGKILL);
err = waitpid(pid, &wait_status, 0);
}
The last change in that file was in Postfix 3.0, and that was
a cosmetic change.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: *_error_limit and exclude
natan via Postfix-users: > W dniu 19.04.2023 o?17:23, Wietse Venema via Postfix-users pisze: > > natan via Postfix-users: > >> Hi > >> I have question about *_error_limit and postfix > >> > >> I have separated services like > >> smtp incomming and smtp outgoing and webmail > >> > >> I have roudcube which is used by several thousand users > >> > >> On smtp outgoing in main.cf: > >> ... > >> smtpd_client_connection_count_limit = 900 > >> smtpd_hard_error_limit = 5 > >> smtpd_soft_error_limit = 2 > > First: your limits are much smaller than the default, and second: > > what kinds of errors are causing Postfix to reject commands? > > I'd like to exclude all too many errors * for a specific IP > I would like to avoid that in case of any "too many errors" problems > with sending mails from roundcube Why do you have such ridiculously low error limits? Why are there ANY errors at all from Roundcube? It is supposed to be well-behaved software. For the crap client, if they won't fix the client, and you won't fix your error limits, you can configure a different SMTP service in master.cf on a different IP address or port. On a different IP address: master.cf: 1.2.3.5:smtp inet n - n - - smtpd -o smtpd_junk_command_limit=some-huge-number -o smtpd_hard_error_limit=some-huge-number -o smtpd_soft_error_limit=some-huge-number On a different port: master.cf: :2525 inet n - n - - smtpd -o smtpd_junk_command_limit=some-huge-number -o smtpd_hard_error_limit=some-huge-number -o smtpd_soft_error_limit=some-huge-number Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: maillog_file is unintentionally? created with 600 permissions
David Roe via Postfix-users: > I was doing some work with postfix logrotation as part of a recent > project and ran across what seems to be unintended behavior. > > When running postfix logrotate the maillog_file is created with > 600 permissions which was tripping up a log tail system of ours. > I'm working on the log tailer, but looking through the source it > appears the maillog_file is intended to have 0644 permissions > https://github.com/vdukhovni/postfix/blob/master/postfix/src/util/logwriter.c#L85 The (safe_)open call specifies permissions of 0644, but this is modified by the postlogd process umask setting (077 as inherited from the master daemon), so the effective permissions are 0600. Sorry, this is the result of an inconsistency. - When the logfile is first created with "postfix start" or "postfix reload" it has mode 0644 because the postlog command runs with umask 022. This logfile mode 0644 is only the initial state. - Every time the logfile is rotated, it is recreated with mode 0600 because the postlogd daemon runs with umask 077. This logfile mode 0600 is the long-term state. I'm reluctant to change the "long-term state" permissions, because sites may have come to rely on the files not being world-readable. In other words, hard-coding the postlogd daemon's umask as 022 is not a good fix. I'll fix this first in Postfix 3.9. Back-port to older versions may not be feasible if the solution requires too much change. > I've got ways around this situation, but this seemed like unintended > behavior so figured I'd bring it up Thanks for spotting this. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postfix does not add Return-Path if mail is missing it
Benny Pedersen via Postfix-users: > > imho a bug Insifficient ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Use of PTR record
Jos Chrispijn via Postfix-users: > Running mailservice with Postfix > PTR record is set to myserver.mydomain.com (1.2.3.4) > > Every time I receive external e-mail, my logfile shows: > Apr 25 15:01:39 terra postfix/smtpd[12479]: 073416D2: > client=unknown[1.2.3.4], sasl_method=LOGIN, sasl_username=me Postfix ALSO logs a warning that this name does not resolve to the client IP address. Hint, hint, ... Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Error when telnet testing, 1st cmd always fails
Ue netcat (nc) instead of putty. I suspsect that putty is sending telnet protocol options, even when it connets to a server on a non-telnet port. That would be a putty bug. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: qmgr tuning
Gino Ferguson via Postfix-users: > Hi, > > > > I'm wondering why is the qmgr process count set to 1 by default in master.cf Because there MUST be only one scheduler. > Does it make any sense to increase this number to 2 or 5 or 10? > There are a couple of million emails are going through our servers > per day and there is a plenty of free CPU and RAM which could be > used. If you want to use more resourcs for email delivery, use more *delivery agent* proesses. Howevever, millions/day is nothing to worry about, even a Raspberri Pi could do that. > Also I'm wondering if it would help to speed up the delivery of > the new emails if there are higher number of delayed, older mails > in the queue. That's how it already works. See maximal_backoff_time and minimal_backoff_time. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Subject modification based on recipient
Andreas Cieslak via Postfix-users: > Hi list, > > i want to achieve that my postfix relay will modify the subject based on > the recipients. > The postfiy relay is receiving email from other internal systems and > forwards all mail to a mail group (testgroup) on another internal mail > system. Suggestion: use milter-regex. You can install it from source code, or install as a package for many distributions. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Subject modification based on recipient
Wietse Venema via Postfix-users: > Andreas Cieslak via Postfix-users: > > Hi list, > > > > i want to achieve that my postfix relay will modify the subject based on > > the recipients. > > The postfiy relay is receiving email from other internal systems and > > forwards all mail to a mail group (testgroup) on another internal mail > > system. > > Suggestion: use milter-regex. You can install it from source code, > or install as a package for many distributions. Unfortunately, it looks like milter-regex is good for rejecting mail, not for message modification. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: follow-up: Re: regression: cleanup crashes if fullname contains only whitespace(s) . fixed?
PGNet Dev via Postfix-users: > fedora 38/rhel pkg builds carry a few patches > > i'm trying to figure out what still needs to be carried > > one was reported @ distro > > Bug 1977732 - [Regression] postfix "cleanup" crashes when processing > messages containing a "whitespace-only" fullname >https://bugzilla.redhat.com/show_bug.cgi?id=1977732 This was fixed almost 2 years ago in postfix-3.3.19, postfix-3.4.22, postfix-3.5.12, postfix-3.6.3. Wiietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postscreen question
Mihaly Zachar via Postfix-users: > Dear All, > > I am building a new server where I would like to build the best spam filter > possible :) > I am checking postscreen these days. I am planning to turn on the "deep > tests" as well, but it seems to be really scary to me :) Don't do it unless you aree willing to suffer some pain. The mere fast that a button exists does not impy that everyone must use it. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postconf -M foo/unix='foo unix ...' get segfault if multiple entries exist in master.cf
SATOH Fumiyasu (TSUCHIDA Fumiyasu) via Postfix-users: > I see the following problems. > > 1. `postconf -M bar/unix='foo unix ...'` will duplicates entries > in master.cf. Nice find: postconf should reject this request, because the key (bar/unix) does not match the content (foo unix ...). > 2. `postconf -M foo/unix='foo unix ...' get segfault if multiple > entries exist in master.cf. postconf has not been tested on all possible forms of broken master.cf file. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: broken links in postfix.org
Eray Aslan via Postfix-users: > Some links seem to be broken in postfix.org downloads page > http://ftp.porcupine.org/mirrors/postfix-release/index.html. Example: > http://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-3.9-20230419.tar.gz > > I also do not see a link to postfix-3.7.5, 3.6.9 etc Should now be fixed (at ftp.porcupine.org). Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Setting up postfix relay as AWS spot instance...
Andrew Athan via Postfix-users: > I have a postfix based AWS on-demand instance but I can save some $ by > running it as a spot instance ... after all, I don't mind brief delays > delivering mail. > > To do this, I need to determine any and all directories that may get > written to by postfix so that I can put those on a separate EBS volume that > gets mounted separately from the AMI that boots the spot instance. > Otherwise, when the spot instance is stopped or moved, I'll lose the mail > queue etc. > > What is the best way for me to determine all those dirs? I'd either config > them to be under a single "persistent parent folder" that is the EBS mount > point, or symlink those dirs over to dirs within the mountpoint... > > ... any guidance on this is appreciated. > It's a subset of "postconf | grep _directory" output: data_directory = /var/lib/postfix queue_directory = /var/spool/postfix Each has specific requirements for ownership and permissions. If in doubt, run "postfix set-permissions". Also. if you run the Postfix local delivery agent, mail_spool_directory = /var/mail Wietse > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Painful Postfix
Intrigued by a complaint about poor logging from Postfix, I decided to investigate. What was logged? Apr 30 14:32:16 generalpurpose postfix/smtp[2299]: 78D1D80AD7: to=, relay=none, delay=414074, delays=413981/0.19/93/0, dsn=4.4.1, status=deferred (connect to mxw.mxhichina.com[47.246.99.195]:25: Connection timed out) What failed? connect to mxw.mxhichina.com[ipaddr]. The attempt to connect to mxw.mxhichina.com[ipaddr] failed. There was no TCP connection, thus no SMTP commands could be sent, and no SMTP responses could be received. I like to think that a reasonable person would agree with the above assessment. Why did it fail? Connection timed out. This is the system-defined error text for an error code that is defined by a POSIX standard. I like to think that a reasonable person would agree that regardless of what the exact error was, an attempt to log SMTP commands or responses would be pointless, because there was no TCP connection. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: E-mail problem
Kolusion K via Postfix-users: > Hello > > > So I have a problem sending and receiving e-mail from some people. > > The problem I have sending e-mail to some people is that Postfix > says the connection times out when attempting to connect to the > server. > > This is my setup: > [amazing complexity] > > The strange thing is, when I Telnet on port 25 on the VPS to the > e-mail servers Postfix can't connect to from my e-mail server, I > can connect to them. > > What could be causing Postfix being able to send e-mail to some > servers but not others, and some people being able to e-mail me > but not others? Assuming that you did the telnet tests from the *same host or container or VM* that also runs Postfix: Speculation: - The telnet command uses a different source IP address than Postfix. A tcpdump recording would reveal that. - The telnet command ran as root, whereas the Postfix SMTP client runs as non-root, resulting in different behavior in your netwotrk stack. A tcpdump recording would reveal that. Hint: make a tcpdump recording. As root: tcpdump -s 0 -w /file/name -i interface-name dst port 25 You'll have to experiment a bit to figure out which interface to look at; it may be differfent for the telnet and Postfix cases. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: E-mail problem
Kolusion K: > Ok, I did what you asked and I got this: > > reading from file dump.txt, link-type LINUX_SLL (Linux cooked v1) > 23:11:23.019120 IP 192.168.2.2.40415 > 47.246.137.47.smtp: Flags [S], seq > 3300139944, win 65280, options [mss 1360,sackOK,TS val 912070706 ecr > 0,nop,wscale 7], length 0 > 23:11:24.037250 IP 192.168.2.2.40415 > 47.246.137.47.smtp: Flags [S], seq > 3300139944, win 65280, options [mss 1360,sackOK,TS val 912071724 ecr > 0,nop,wscale 7], length 0 > 23:11:26.054636 IP 192.168.2.2.40415 > 47.246.137.47.smtp: Flags [S], seq > 3300139944, win 65280, options [mss 1360,sackOK,TS val 912073742 ecr > 0,nop,wscale 7], length 0 > 23:11:30.158588 IP 192.168.2.2.40415 > 47.246.137.47.smtp: Flags [S], seq > 3300139944, win 65280, options [mss 1360,sackOK,TS val 912077846 ecr > 0,nop,wscale 7], length 0 > 23:11:38.333669 IP 192.168.2.2.40415 > 47.246.137.47.smtp: Flags [S], seq > 3300139944, win 65280, options [mss 1360,sackOK,TS val 912086021 ecr > 0,nop,wscale 7], length 0 Presumably this is Postfix trying to connect. The TCP/IP stack sends SYN packets - from source IP address 192.168.2.2 (chosen by Postfix or by TCP/IP stack) - from source port 40415 (chosen by TCP/IP stack) - to destination IP address 47.246.137.47 port 25 (both chosen by Postfix) and times out because the TCP/IP stack receives no SYN+ACK response. What is the result when you connect to the same host using telnet? You may be to specify a different '-i' option in the tdpcump command. > 23:11:53.050567 IP 192.168.2.2.41905 > cz-clare.com.smtp: Flags [S], seq > 3744182035, win 65280, options [mss 1360,sackOK,TS val 2086976875 ecr > 0,nop,wscale 7], length 0 > ...etc... Same problem, with source IP address 192.168.2.2 and port 41905. > 23:12:23.115056 IP 192.168.2.2.45487 > 47.246.99.195.smtp: Flags [S], seq > 757318789, win 65280, options [mss 1360,sackOK,TS val 2582719398 ecr > 0,nop,wscale 7], length 0 > ...etc... Same problem, with source IP address 192.168.2.2 and 45487. A recording for a successful telnet connection would be illustrative. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Future Date:
Jon LaBadie via Postfix-users: > > I've been getting a lot of spam with Date: headers > containing future dates, typically 1 year. > > I don't find any header checks that would look for > this type of message. Have I over looked it? > > In the meantime I've implemented a script and procmail > rule to examine my messages. But that is post-delivery > and per-user. Postfix built-ins typically block mail based on a single indicator (a well-known signature). A sledgehammer approach. Dates and other indicators are typically handled by a scoring system such as as SpamAssassin and the like. They plug into Postfix via the (before queue) Milter protocol. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postscreen and checking proper operation
Alex via Postfix-users: > Hi, > > I have postscreen implemented on postfix-3.7.3 on fedora37, and not sure I > understand if it's working properly. Sometimes I see the postscreen/dnsblog > combination ending with a simple DISCONNECT. In this case, it met the > 8-point threshold to be rejected, but appears to only received a DISCONNECT: > > May 1 20:57:53 petra postfix-226/postscreen[1104961]: CONNECT from > [95.214.27.139]:50021 to [5.196.7.226]:25 > May 1 20:57:53 petra postfix-226/postscreen[1104961]: PREGREET 11 after > 0.01 from [95.214.27.139]:50021: EHLO User\r\n > May 1 20:57:53 petra postfix-226/dnsblog[1105023]: addr 95.214.27.139 > listed by domain bl.mailspike.net as 127.0.0.2 > May 1 20:57:53 petra postfix-226/dnsblog[1105041]: addr 95.214.27.139 > listed by domain mykey.zen.dq.spamhaus.net as 127.0.0.4 > May 1 20:57:53 petra postfix-226/dnsblog[1105041]: addr 95.214.27.139 > listed by domain mykey.zen.dq.spamhaus.net as 127.0.0.2 > May 1 20:57:53 petra postfix-226/dnsblog[1105041]: addr 95.214.27.139 > listed by domain mykey.zen.dq.spamhaus.net as 127.0.0.9 > May 1 20:57:53 petra postfix-226/dnsblog[1105024]: addr 95.214.27.139 > listed by domain score.senderscore.com as 127.0.4.6 > May 1 20:57:53 petra postfix-226/dnsblog[1105025]: addr 95.214.27.139 > listed by domain sip-sip24.mykey.invaluement.com as 127.0.0.2 > May 1 20:57:53 petra postfix-226/postscreen[1104961]: DNSBL rank 23 for > [95.214.27.139]:50021 > May 1 20:57:54 petra postfix-226/postscreen[1104961]: DISCONNECT > [95.214.27.139]:50021 With postscreen_greet_action = enforce: server: 220-myhostname ESMTP client: EHLO User server: 550 5.5.1 Protocol error client disconnects immediately > while other times I do see there is a NOQUEUE/reject involved: > May 1 20:13:15 petra postfix-226/postscreen[1095132]: CONNECT from > [185.146.23.43]:46126 to [5.196.7.226]:25 > May 1 20:13:15 petra postfix-226/dnsblog[1095229]: addr 185.146.23.43 > listed by domain score.senderscore.com as 127.0.4.89 > May 1 20:13:15 petra postfix-226/dnsblog[1095233]: addr 185.146.23.43 > listed by domain bb.barracudacentral.org as 127.0.0.2 > May 1 20:13:15 petra postfix-226/dnsblog[1095232]: addr 185.146.23.43 > listed by domain sip-sip24.mykey.invaluement.com as 127.0.0.2 > May 1 20:13:21 petra postfix-226/postscreen[1095132]: DNSBL rank 13 for > [185.146.23.43]:46124 > May 1 20:13:21 petra postfix-226/postscreen[1095132]: NOQUEUE: reject: > RCPT from [185.146.23.43]:46124: 550 5.7.1 Service unavailable; client > [185.146.23.43] blocked using DNS Blocklist (invaluement); from=< > simon...@server.sito-wp.com>, to=, proto=ESMTP, > helo= Here, the client passed the PREGREET test, but failed the DNSBL check, and with "postscreen_dnsbl_action = enforce" was redirected to the dummy SMTP engine. It's working exactly as promised. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: stop bulk messages
Corey Hickman via Postfix-users: > Hello list, > > Some clients abuse the outgoing smtp server for sending bulk messages. > The messages have the same content of business promotion letter. > Do you know how to stop this behavior? Perhaps you can use postfwd (www.postfwd.org) to limit the number of messages that a customer can send in some time interval. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Contradicting Postfix documentation
Kolusion K via Postfix-users: Yesterday you sent a tcpdump trace where Postfix fails to make a connection from 192.168.2.2: 23:11:38.333669 IP 192.168.2.2.40415 > 47.246.137.47.smtp: Flags [S], seq 3300139944, win 65280, options [mss 1360,sackOK,TS val 912086021 ecr 0,nop,wscale 7], length 0 Today you claim that Postfix does NOT USE THAT IP ADDRESS. I have specified Postfix to use a certain interface in 'main.cf': inet_interfaces = 192.168.2.2 The problem is, Postfix is not using this interface and is instead using another interface to send e-mail. In fact it does use the IP address, but there is no route from 192.168.2.2 to the remote destination. According to the inet_interfaces manpage, EMPHASIS ADDED FOR CLARITY: When inet_interfaces specifies just one IPv4 and/or IPv6 address that is not a loopback address, the Postfix SMTP client will use this ad? dress as the IP source address for outbound mail. Support for IPv6 is available in Postfix version 2.2 and later. On a multi-homed firewall with separate Postfix instances listening on the "inside" and "outside" interfaces, THIS CAN PREVENT EACH INSTANCE FROM BEING ABLE TO REACH REMOTE SMTP SERVERS ON THE "OTHER SIDE" OF THE FIREWALL. Setting smtp_bind_address to 0.0.0.0 avoids the potential problem for IPv4, and setting smtp_bind_address6 to :: solves the prob- lem for IPv6. A better solution for multi-homed firewalls is to leave inet_interfaces at the default value and instead use explicit IP addresses in the mas- ter.cf SMTP server definitions. This preserves the Postfix SMTP client's loop detection, by ensuring that each side of the firewall knows that the other IP address is still the same host. Setting $inet_interfaces to a single IPv4 and/or IPV6 address is primarily use- ful with virtual hosting of domains on secondary IP addresses, when each IP address serves a different domain (and has a different $myhost- name setting). Your complex network configuration makes it a multi-homed host, and it is subject to the same problems as described above. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Contradicting Postfix documentation
Kolusion K: > Good point. Now that I think about that TCP dump, it did use 192.168.2.2. > > I can't see why there is no route. The firewall on the other side > is set to allow traffic through and it logged blocking traffic > before I allowed it. Maybe there is a problem with routing. One reason could be that IP forwarding is not enabled by default. Additionally, you have a very complex routing configuration. > I will do a traceroute from the Postfix server tomorrow and or > other investigation to see what's up. You will need to do traceroute with a very specific source IP address. traceroute -s 192.168.2.2 ... You may also need to specify "-P tcp", "-p 25" and other options if your routes depend on the protocol or destination port. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Behaviour change between 3.2.2 and 3.7.4?
kwoody--- via Postfix-users: > The local recipient table has a list of all valid users in the format > u...@citytel.net. This is rebuilt when needed. > > Postifx is appending mail.citytel.net, not citytel.net. Over the last 25+ years, Postfix appends the domain that is configured in the myorigin setting. Typically, that's one of: myorigin = $myhostname (the default) myorigin = $myomain You may want to check the output from this command: postconf -x myorigin myhostname mydomain HOWEVER Postfix will not append a domain if your mail command already provides one. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: icloud mx ip
Ken Peng via Postfix-users: > Hello > > iCloud mail has two MX RR: > > icloud.com. 3600IN MX 10 mx01.mail.icloud.com. > icloud.com. 3600IN MX 10 mx02.mail.icloud.com. > > But these two MX have the same IPs included. > > mx01: > mx01.mail.icloud.com. 300 IN A 17.42.251.62 > mx01.mail.icloud.com. 300 IN A 17.56.9.29 > mx01.mail.icloud.com. 300 IN A 17.57.152.5 > mx01.mail.icloud.com. 300 IN A 17.57.154.33 > mx01.mail.icloud.com. 300 IN A 17.57.155.34 > mx01.mail.icloud.com. 300 IN A 17.57.156.30 > > mx02: > mx02.mail.icloud.com. 300 IN A 17.42.251.62 > mx02.mail.icloud.com. 300 IN A 17.56.9.29 > mx02.mail.icloud.com. 300 IN A 17.57.152.5 > mx02.mail.icloud.com. 300 IN A 17.57.154.33 > mx02.mail.icloud.com. 300 IN A 17.57.155.34 > mx02.mail.icloud.com. 300 IN A 17.57.156.30 > > What's the advantage for this settings? Thanks. Whatever the motivation to do this, it does not matter for Postfix. The Postfix SMTP client will randomly choose up to 5 IP addresses from the combined list(*). Usually, some addresses will be a duplicate, but most will be distinct. (*) By default, smtp_mx_address_limit = 5. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postconf -M foo/unix='foo unix ...' get segfault if multiple entries exist in master.cf
SATOH Fumiyasu (TSUCHIDA Fumiyasu) via Postfix-users: > I see the following problems. > > 1. `postconf -M bar/unix='foo unix ...'` will duplicates entries in master.cf. > 2. `postconf -M foo/unix='foo unix ...' get segfault if multiple entries > exist in master.cf. Both problems with master.cf updates are solved in the next stable release. The fix is being tested in the development release postfix-3.9-20230502. This release also fixes an unrelated problem with main.cf updates. Wietse 20230428 Bugfix (defect introduced: Postfix 1.0): the command "postconf .. name=v1 .. name=v2 .." (multiple instances of the same parameter name) created multiple name=value entries with the same parameter name. It now logs a warning and skips the earlier update. Found during code maintenance. File: postconf/postconf_edit.c Bugfix (defect introduced: Postfix 3.3): the command "postconf -M name1/type1='name2 type2 ...'" died with a segmentation violation when the request matched multiple master.cf entries. The master.cf file was not damaged. Problem reported by SATOH Fumiyasu. File: postconf/postconf_master.c. 20230502 Bugfix (defect introduced: Postfix 2.11): the command "postconf -M name1/type1='name2 type2 ...'" could add a service definition to master.cf that conflicted with an already existing service definition. It now replaces all existing service definitions that match the service pattern 'name1/type1' or the service name and type in 'name2 type2 ...' with a single service definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. File: postconf/postconf_edit.c. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: relocated: Allow custom message
Paul Menzel via Postfix-users: > Dear Postfix users, > > > Some of our users, that relocate, ask for a custom message over the > current one: > > user has moved to new_location > > For example: > > This address is out of service. For business please contact > funct...@company.example.net, or n...@private.example.net for private > contact. > > I guess, it could be reworded to > > user has moved to n...@private.example.net, please contact > funct...@company.example.net for business The following builds on an example in the transport(5) manpage. With SMTP, this will reject mail during the RCPT TO phase (Postfix does not generate a boune message). In non-SMTP contexts, Postfix generates a bounce message when it attempts to deliver mail. /etc/postfix/main.cf; transport_maps = hash:/etc/postfix/transport /etc/postfix/transport: # The lookup result is indented by one space. user@some.example error:5.1.6 This address is out of service. For business please contact funct...@company.example.net, or n...@private.example.net for private contact. This should use a 'fast' lookup mechanism (not LDAP or *SQL) as it is in the critical path of the queue manager. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] inet_interfaces documentation
I updated the inet_interfaces documentation anmd clarified its relationship with smtp_bind*_address and system-chosen source IP addresses. Wietse When smtp_bind_address and/or smtp_bind_address6 are not specified, the inet_interfaces setting may constrain the source IP address for out- bound connections over IPv4 and/or IPv6. Support for IPv6 is available in Postfix version 2.2 and later. o When inet_interfaces specifies one IPv4 address, and that is not a loopback address, the Postfix SMTP client uses that as the source address for outbound IPv4 connections. o Otherwise, the Postfix SMTP client does not constrain the source IPv4 address, and connects using a system-chosen source IPv4 address. This includes the cases where inet_interfaces specifies all, or no IPv4 address, or one IPv4 address that is a loopback address, or multiple IPv4 addresses. o The same reasoning as above applies to IPv6. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
