policy server continually timing out
I've setup a greylist policy server from http://mimo.gn.apc.org/gps/. It works fine for a few minutes, then I start getting these types of error messages: -- Feb 23 11:21:20 router postfix/smtpd[28012]: warning: problem talking to server private/policy: Connection timed out Feb 23 11:21:20 router postfix/smtpd[28012]: NOQUEUE: reject: RCPT from xtinmta03-187.exacttarget.com[207.250.68.187]: 451 4.3.5 Server configuration problem; from= to= proto=ESMTP helo= -- Here's my relevant master.cf line: -- policy unix - n n - - spawn user=nobody argv=/usr/bin/gps /etc/gps.conf -- Here's my main.cf lines: -- smtpd_recipient_restrictions = ... check_policy_service unix:private/policy permit policy_time_limit = 3600 -- It's as if the 'policy_time_limit' line has no effect. This is the second greylist server I've setup on this box with the exact same issue. I am thinking something else in my configuration must be wrong, but I can't find it. Any ideas would sure be appreciated. Thanks, Pablo
Re: policy server continually timing out
On Tue, Feb 24, 2009 at 04:39:58PM -0800, pa...@compugenic.com wrote: snip > > It's as if the 'policy_time_limit' line has no effect. This is the > second greylist server I've setup on this box with the exact same issue. > I am thinking something else in my configuration must be wrong, but I > can't find it. I found it. Silly but I will share. My check_sender_access hash table was using a single 'x' for the RHS instead of OK - guess I got it mixed up with a recipient map. Pablo
Error in smtpd?: smtpd[pid] general protection ip: sp: error:0 in libdigestmd5.so.2
Hello, I do not know when this started, but I was seen these entries in dmesg from last Monday to the Saturday (Sep 25): ... [209102.731313] smtpd[15461] general protection ip:7fa6ffc4bbf3 sp:7fff29a45fe0 error:0 in libdigestmd5.so.2.0.22[7fa6ffc45000+b000] [209102.895322] smtpd[15464] general protection ip:7fd48d8e6bf3 sp:7fff05dd98f0 error:0 in libdigestmd5.so.2.0.22[7fd48d8e+b000] [209103.071869] smtpd[15460] general protection ip:7fee8ba44bf3 sp:7fff85ac0a90 error:0 in libdigestmd5.so.2.0.22[7fee8ba3e000+b000] [209103.251621] smtpd[15465] general protection ip:7f5930f48bf3 sp:7fff319048e0 error:0 in libdigestmd5.so.2.0.22[7f5930f42000+b000] [209106.588699] smtpd[15257] general protection ip:7f170e7eabf3 sp:7fff80a0d280 error:0 in libdigestmd5.so.2.0.22[7f170e7e4000+b000] [209107.654911] smtpd[15550] general protection ip:7f8747d7ebf3 sp:7fff2c787d00 error:0 in libdigestmd5.so.2.0.22[7f8747d78000+b000] [209107.872113] smtpd[15546] general protection ip:7fb981222bf3 sp:7fff92a2fd70 error:0 in libdigestmd5.so.2.0.22[7fb98121c000+b000] [209172.485900] smtpd[15598] general protection ip:7fc4dc0a6bf3 sp:7fff834390e0 error:0 in libdigestmd5.so.2.0.22[7fc4dc0a+b000] [209173.181103] smtpd[15600] general protection ip:7f20ed7f8bf3 sp:7fffbacb6270 error:0 in libdigestmd5.so.2.0.22[7f20ed7f2000+b000] The last entry was this: Sep 25 19:10:26 mail kernel: [209173.181103] smtpd[15600] general protection ip:7f20ed7f8bf3 sp:7fffbacb6270 error:0 in libdigestmd5.so.2.0.22[7f20ed7f2000+b000] And this message stops to appear since then. What can be happening here? My system is: Debian Lenny whit kernel: Linux mail 2.6.26-2-amd64 #1 SMP Thu Sep 16 15:56:38 UTC 2010 x86_64 GNU/Linux Postfix: mail_version = 2.5.5 # dpkg -L libsasl2-modules | grep md5 /usr/lib/sasl2/libcrammd5.a /usr/lib/sasl2/libcrammd5.la /usr/lib/sasl2/libcrammd5.so.2.0.22 /usr/lib/sasl2/libdigestmd5.a /usr/lib/sasl2/libdigestmd5.la /usr/lib/sasl2/libdigestmd5.so.2.0.22 /usr/lib/sasl2/libdigestmd5.so.2 /usr/lib/sasl2/libdigestmd5.so /usr/lib/sasl2/libcrammd5.so.2 /usr/lib/sasl2/libcrammd5.so # Thanks in advance. Saludos. Pablo.
Problems with Postfix / Round-Robin
Hi all!, I am new in the forum. Please excuse me for my bad English. What I want to do is to set up a round-robin from the Postfix to various exchange servers | EXCH 1 (10.0.0.207) Inet => Postfix | | EXCH 2 (10.0.0.208) I define the round-robin in the local Bind, and when I ping to the MX name I do get a response from each server. The problem is that when I send mails to the postfix, for example 1000 mails, It routes 990 to one of the exchange (10.0.0.208) and 10 to the other one (10.0.0.207). I alter the order of the A records to see if it changes, but did not. In the maillog the only difference I see is that the "delay=x" value in the 10.0.0.207 server is a very high number (40) and for the 10.0.0.208 server is 0.18 aprox. Does anyone know whats going on with it? Regards, Pablo.- -- View this message in context: http://www.nabble.com/Problems-with-Postfix---Round-Robin-tp21791791p21791791.html Sent from the Postfix mailing list archive at Nabble.com.
RE: Problems with Postfix / Round-Robin
Hi, thanks for the quick answerd, the DNS is a local Bind. the command : $ postconf smtp_randomize_addresses tells me "YES" In the DNS Zone I define only one MX, and I set 2 A registries for that MX name. Thanks again! > Subject: Re: Problems with Postfix / Round-Robin > To: postfix-users@postfix.org > Date: Thu, 5 Feb 2009 14:27:49 -0500 > From: wie...@porcupine.org > > Wietse Venema: > [ Charset UNKNOWN-8BIT unsupported, converting... ] > > Bj_rn Ruberg: > > > Pablo Scheri wrote: > > > > > > [...] > > > > > > > > > > The problem is that when I send mails to the postfix, for example 1000 > > > > mails, It routes 990 to one of the exchange (10.0.0.208) and 10 to the > > > > other > > > > one (10.0.0.207). > > > > I alter the order of the A records to see if it changes, but did not. > > > > > > > > In the maillog the only difference I see is that the "delay=x" value in > > > > the > > > > 10.0.0.207 server is a very high number (40) and for the 10.0.0.208 > > > > server > > > > is 0.18 aprox. > > > > > > > > Does anyone know whats going on with it? > > > > > > > > > > If your DNS servers are running on Microsoft systems, you may be > > > affected by their LocalNetPriority logic, which consider itself smarter > > > than round robin DNS. > > > > > > See http://support.microsoft.com/kb/177883 for details. > > > > To prevent that problem, Postfix randomizes the order of DNS records > > that have equal preference. > > You may want to do > > $ postconf smtp_randomize_addresses > > to find out if some idiot maintainer has disabled this feature. > > Wietse _ ¿Quieres saber cómo va a estar el clima mañana? ¡Ingresa ahora a MSN! http://tiempo.cl.msn.com/
RE: Problems with Postfix / Round-Robin
It is strange but I think I am using the 10.0.0.207 server only when the mail is get delayed. This is the log for a mail sent to the 10.0.0.208 server (from 100 mails received 98 mails): Jan 21 19:26:18 imsva postfix/smtp[12115]: BECA84E607: to=, relay=mx.trendargentina.com.ar[10.0.0.208]:25, delay=0.43, delays=0.12/0.09/0.13/0.09, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as A4B845E0AF) This is the log for a mail sent to the 10.0.0.207 server (from 100 mails received 2 mails): Jan 21 19:26:58 imsva postfix/smtp[12115]: 0DBCF4E60B: to=, relay=mx.trendargentina.com.ar[10.0.0.207]:25, delay=40, delays=0.09/0.04/40/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 159637D96) Pablo > Subject: Re: Problems with Postfix / Round-Robin > To: postfix-users@postfix.org > Date: Thu, 5 Feb 2009 14:44:39 -0500 > From: wie...@porcupine.org > > Pablo Scheri: > > > > Hi, thanks for the quick answerd, the DNS is a local Bind. > > the command : $ postconf smtp_randomize_addresses > > tells me "YES" > > > > In the DNS Zone I define only one MX, and I set 2 A registries for that MX > > name. > > > > Now read my other reply. Look in the maillog file for the > IP address of the bad server. > > Wietse _ Adelántate a tu futuro. Ingresa ahora a MSN Astrología http://astrologia.latam.msn.com/msnlatam/
RE: Problems with Postfix / Round-Robin
This is the output of the dig command:
; <<>> DiG 9.3.3rc2 <<>> mx mx.trendargentina.com.ar
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 742
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mx.trendargentina.com.ar.INMX
;; AUTHORITY SECTION:
trendargentina.com.ar.0INSOAimsva.trendargentina.com.ar.
pablos.trendargentina.com.ar. 100 10800 3600 604800 0
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 22 10:59:00 2009
;; MSG SIZE rcvd: 91
---
This is the /etc/named.conf file:
// generated by named-bootconf.pl
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
pid-file "/var/run/named/named.pid";
forwarders {
10.0.0.14;
};
};
//
// a caching only nameserver config
//
//controls {
//inet 127.0.0.1 allow { localhost; } keys { rndckey; };
//};
zone "all.foxhunter.trendmicro.com" in {
type master;
file "ipprofiler/db.all.foxhunter.trendmicro.com";
};
zone "trendargentina.com.ar" {
type master;
file "trendargentina/trendargentina.com.ar";
};
zone "0.0.0.10.in-addr.arpa" {
type master;
file "trendargentina/trendargentina.com.ar.rev";
};
//include "/etc/rndc.key";
---
This is the configuration of the zone:
$TTL 0
trendargentina.com.ar.INSOAimsva.trendargentina.com.ar.
pablos.trendargentina.com.ar. (
100; Serial
10800; Refresh
3600; Retry
604800; Expire
0; TTL
)
trendargentina.com.ar.INNSimsva.trendargentina.com.ar.
trendargentina.com.ar.INMX10mx.trendargentina.com.ar.
mx.trendargentina.com.ar.INA10.0.0.207
mx.trendargentina.com.ar.INA10.0.0.208
-
If you think it would be helpful, I can send you the main.cf and master.cf
This is not a productive scenario but it will be with about 60K users, and is
indeed a Virtual Appliance provided by Trend Micro called InterScan Messaging
Virtual Appliance (Anti-Spam, Anti-Virus, Content Filtering).
Thank you all very much again.
Pablo.-
> Subject: Re: Problems with Postfix / Round-Robin
> To: postfix-users@postfix.org
> Date: Thu, 5 Feb 2009 16:50:03 -0500
> From: wie...@porcupine.org
>
> Pablo Scheri:
> >
> > It is strange but I think I am using the 10.0.0.207 server only when the
> > mail is get delayed.
> >
> > This is the log for a mail sent to the 10.0.0.208 server (from 100 mails
> > received 98 mails):
> >
>
> What is the output from:
>
> dig mx mx.trendargentina.com.ar
>
> Wietse
_
Permanece actualizado con MSN Noticias. Clic aquí
http://noticias.cl.msn.com/
RE: Problems with Postfix / Round-Robin
dig mx trendargentina.com.ar. ; <<>> DiG 9.3.3rc2 <<>> mx trendargentina.com.ar. ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27701 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;trendargentina.com.ar.INMX ;; ANSWER SECTION: trendargentina.com.ar.0INMX10 mx.trendargentina.com.ar. ;; AUTHORITY SECTION: trendargentina.com.ar.0INNSimsva.trendargentina.com.ar. ;; ADDITIONAL SECTION: mx.trendargentina.com.ar. 0INA10.0.0.208 mx.trendargentina.com.ar. 0INA10.0.0.207 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jan 22 16:10:05 2009 ;; MSG SIZE rcvd: 110 - dig a mx.trendargentina.com.ar. ; <<>> DiG 9.3.3rc2 <<>> a mx.trendargentina.com.ar. ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4096 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;mx.trendargentina.com.ar.INA ;; ANSWER SECTION: mx.trendargentina.com.ar. 0INA10.0.0.207 mx.trendargentina.com.ar. 0INA10.0.0.208 ;; AUTHORITY SECTION: trendargentina.com.ar.0INNSimsva.trendargentina.com.ar. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jan 22 16:10:13 2009 ;; MSG SIZE rcvd: 94 postconf | grep dns disable_dns_lookups = no lmtp_host_lookup = dns smtp_host_lookup = dns --- grep '10\.0\.0\.20..:25' /var/log/maillog | grep -v status= No result. Thanks! Pablo.- > Subject: Re: Problems with Postfix / Round-Robin > To: postfix-users@postfix.org > Date: Fri, 6 Feb 2009 09:46:43 -0500 > From: wie...@porcupine.org > > The DNS looks good. Can you give output for: > > $ dig mx trendargentina.com.ar. > $ dig a mx.trendargentina.com.ar. > $ postconf | grep dns > > The records that result in some kind of error while delivering to > the mx.trendargentina.com.ar machines. Something like: > > $ grep '10\.0\.0\.20..:25' /var/log/maillog | grep -v status= > > That's two dots before the ":". > > Wietse _ Disfruta los mejores contenidos en MSN Video http://video.msn.com/?mkt=es-xl
RE: Problems with Postfix / Round-Robin
Hi! thanks for the help and sorry for the delay. I don´t know if i am able to send attachments, I will try. I am attaching you the maillog, master.cf and main.cf Thanks again. Pablo.- > Subject: Re: Problems with Postfix / Round-Robin > To: postfix-users@postfix.org > Date: Fri, 6 Feb 2009 12:53:29 -0500 > From: wie...@porcupine.org > > Pablo Scheri: > > > > dig mx trendargentina.com.ar. > > Looks good... > > > postconf | grep dns > > > > disable_dns_lookups = no > > lmtp_host_lookup = dns > > smtp_host_lookup = dns > > It's using DNS > > > --- > > grep '10\.0\.0\.20..:25' /var/log/maillog | grep -v status= > > > > No result. > > OK so this was supposed to match > > [10.0.0.207]:25 without status= > [10.0.0.208]:25 without status= > > (that's why there were two dots in the pattern). > > If there are no such records, then the Postfix SMTP client > does not connect to one box after having tried the other first. > > To find out why random DNS is not working, we need verbose logging > > # postconf -e debug_peer_list=10.0.0.207 debug_peer_level=1 > > Wietse _ El doble de diversión: con Windows Live Messenger compartí fotos mientras charlas. http://www.microsoft.com/windows/windowslive/messenger.aspx
RE: Problems with Postfix / Round-Robin
Hi! I am not able to upload the files, I get a post error because I am exceeding the 4 characters. How can I send you the logs? May I upload them to rapidshare or something like that? Thanks!! From: pablosch...@hotmail.com To: postfix-users@postfix.org Subject: RE: Problems with Postfix / Round-Robin Date: Mon, 9 Feb 2009 17:53:14 -0200 Hi! thanks for the help and sorry for the delay. I don´t know if i am able to send attachments, I will try. I am attaching you the maillog, master.cf and main.cf Thanks again. Pablo.- > Subject: Re: Problems with Postfix / Round-Robin > To: postfix-users@postfix.org > Date: Fri, 6 Feb 2009 12:53:29 -0500 > From: wie...@porcupine.org > > Pablo Scheri: > > > > dig mx trendargentina.com.ar. > > Looks good... > > > postconf | grep dns > > > > disable_dns_lookups = no > > lmtp_host_lookup = dns > > smtp_host_lookup = dns > > It's using DNS > > > --- > > grep '10\.0\.0\.20..:25' /var/log/maillog | grep -v status= > > > > No result. > > OK so this was supposed to match > > [10.0.0.207]:25 without status= > [10.0.0.208]:25 without status= > > (that's why there were two dots in the pattern). > > If there are no such records, then the Postfix SMTP client > does not connect to one box after having tried the other first. > > To find out why random DNS is not working, we need verbose logging > > # postconf -e debug_peer_list=10.0.0.207 debug_peer_level=1 > > Wietse ¡Ahora conoce el nuevo Messenger! Hotmail está totalmente renovado. _ Disfruta los mejores contenidos en MSN Video http://video.msn.com/?mkt=es-xl
RE: Problems with Postfix / Round-Robin
Wietse, I am not able to access... It is not a productive environment, there is no private information. I upload it to http://rapidshare.com/files/196381965/postfix.rar.html Thanks!! > Subject: Re: Problems with Postfix / Round-Robin > To: postfix-users@postfix.org > Date: Tue, 10 Feb 2009 09:25:37 -0500 > From: wie...@porcupine.org > > Pablo Scheri: > > > > Hi! I am not able to upload the files, I get a post error because > > I am exceeding the 4 characters. > > > How can I send you the logs? May I upload them to rapidshare or > > something like that? > > You can upload to: > > ftp://ftp.porcupin.org/tmp/random/ > > files uploaded there cannot be "seen" or downloaded. > > Wietse _ El doble de diversión: con Windows Live Messenger compartí fotos mientras charlas. http://download.live.com/messenger
RE: Postfix, POP/IMAP server, virtual users, web administration - what do you use?
I know this: http://isp-control.net/ Also includes web site administration Regards, -Mensaje original- De: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] En nombre de Tomasz Chmielewski Enviado el: Lunes, 27 de Septiembre de 2010 07:58 a.m. Para: postfix-us...@cloud9.net Asunto: Postfix, POP/IMAP server, virtual users, web administration - what do you use? What do you use with Postfix, if you have virtual users (i.e. in a SQL database)? I know web-cyradm, which works pretty well with Cyrus (IMAP/POP) and Postfix - all users, domains, aliases etc. are stored in a SQL database. However, web-cyradm seems to be more or less abandoned now, with the last update from 2005. What other options do you use with Postfix, when it comes to "web-based" virtual users/domain/aliases management? With IMAP/POP servers like Cyrus, Courier, Dovecot? -- Tomasz Chmielewski http://wpkg.org
Relaying denied during 2 hours, driving me crazy
Today we had a 'relaying denied' issue between 15:08-17:02 p.m. Here it is the output of pflogsumm: Per-Hour Traffic Summary time received delivered deferredbounced rejected -0100 0 0 0 0 0 0100-0200 0 0 0 0 0 0200-0300 0 0 0 0 0 0300-0400 0 0 0 0 0 0400-0500 897958 51 9 10 0500-0600 835873 62 1 19 0600-0700 938 1019 53 1 16 0700-08001257 1455 73 0 10 0800-09001833 2413 38 1 26 0900-10001926 2574 70 8 25 1000-11001859 3029 72 9 29 1100-12001998 2529 31 3 13 1200-13001553 1845 52 7 27 1300-14001349 1593 47 5 20 1400-15001758 2166 62 4 23 1500-16001941 2473 31143 33 1600-17002072 5745 17283 31 1700-18002008 2821 18 2 15 1800-19001468 1769 10 0 32 1900-20001213 2391 45 71 22 2000-21001013 1119 32 0 8 2100-2200 988 1082 32 1 8 2200-23001100 3458 30 3 19 2300-2400 523550 9 2 2 The problem wasn't specific for one domain. It happened the same for Yahoo, Hotmail, GMail and others. But, according to the above table, it seems, just some of them were bounced, weren't they? I wonder what happened. Could somebody please give me an answer about what could have happened? Below a log of a sent and bounced message, as far as I understand: -- sent message, start -- Nov 4 16:02:44 correo postfix/pickup[20590]: 9198E2D6A7A: uid=101 from= Nov 4 16:02:44 correo postfix/cleanup[14980]: 9198E2D6A7A: message-id=<20101104210235.m95...@correo.ingeominas.gov.co> Nov 4 16:02:44 correo postfix/qmgr[14629]: 9198E2D6A7A: from=, size=2113, nrcpt=1 (queue active) Nov 4 16:02:44 correo postfix/smtp[18151]: 9198E2D6A7A: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.23, delays=0.07/0/0/0.15, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=20341-15, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AC18C2D6A1F) Nov 4 16:02:44 correo postfix/qmgr[14629]: 9198E2D6A7A: removed -- end -- -- bounced message, start -- Nov 4 16:02:44 correo postfix/smtpd[7447]: AC18C2D6A1F: client=localhost.localdomain[127.0.0.1] Nov 4 16:02:44 correo postfix/cleanup[17693]: AC18C2D6A1F: message-id=<20101104210235.m95...@correo.xxx.gov.co> Nov 4 16:02:44 correo postfix/qmgr[14629]: AC18C2D6A1F: from=, size=2590, nrcpt=1 (queue active) Nov 4 16:02:44 correo amavis[20341]: (20341-15) Passed CLEAN, [127.0.0.1] -> , Message-ID: <20101104210235.m95...@correo.xxx.gov.co>, mail_id: 4-lL-jKSP5zp, Hits: -, size: 2113, queued_as: AC18C2D6A1F, 154 ms Nov 4 16:02:44 correo postfix/smtp[18151]: 9198E2D6A7A: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.23, delays=0.07/0/0/0.15, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=20341-15, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AC18C2D6A1F) Nov 4 16:02:45 correo postfix/smtp[20466]: AC18C2D6A1F: to=, relay=gmail-smtp-in.l.google.com[74.125.45.27]:25, delay=0.91, delays=0.07/0.01/0.71/0.12, dsn=5.0.0, status=bounced (host gmail-smtp-in.l.google.com[74.125.45.27] said: 550 Relaying denied. (in reply to RCPT TO command)) Nov 4 16:02:45 correo postfix/bounce[8853]: AC18C2D6A1F: sender non-delivery notification: AA01E2D6A76 Nov 4 16:02:45 correo postfix/qmgr[14629]: AC18C2D6A1F: removed -- end -- Thank you very much, Pablo Chamorro IT Group
status=bounced (Command time limit exceeded: "/usr/bin/procmail")
Please, a user of mine has an inbox of over 5 GB, with no limits in the Postfix inbox max_size: [root ~]# postconf -n |grep size mailbox_size_limit = 0 message_size_limit = 2524 I have no problems sending mail to other users, thus I think I'm having this problem just for that user. When I do a simple: 'echo hello | mail -s test myuser', it goes to the Postfix queue and after some time, it gets bounced, but it seems also the email gets to the inbox too. Nov 8 18:48:35 correo postfix/local[11453]: 88CAF2D6A74: to=, relay=local, delay=1000, delays=0.27/0.05/0/1000, dsn=5.3.0, status=bounced (Command time limit exceeded: "/usr/bin/procmail") Could you please tell me if there is a solution different to reduce the size of the inbox file? Is there a 'physical' limit in the inbox file size even having mailbox_size_limit = 0? What might be the cause of my problem? I have postfix-2.3.3-2.1.el5_2 under CentOS 5.4 and ext3 as filesystem. Thank you very much. Pablo
Re: status=bounced (Command time limit exceeded: "/usr/bin/procmail")
--- On Mon, 11/8/10, Sahil Tandon wrote: > From: Sahil Tandon > Subject: Re: status=bounced (Command time limit exceeded: "/usr/bin/procmail") > To: postfix-users@postfix.org > Date: Monday, November 8, 2010, 8:35 PM > On Mon, 2010-11-08 at 19:15:42 -0800, > Pablo Chamorro wrote: > > > When I do a simple: 'echo hello | mail -s test > myuser', it goes to the > > Postfix queue and after some time, it gets bounced, > but it seems also > > the email gets to the inbox too. > > > > Nov 8 18:48:35 correo postfix/local[11453]: > 88CAF2D6A74: > > to=, > relay=local, delay=1000, > > delays=0.27/0.05/0/1000, dsn=5.3.0, status=bounced > (Command time limit > > exceeded: "/usr/bin/procmail") > > > > Could you please tell me if there is a solution > different to reduce > > the size of the inbox file? Is there a 'physical' > limit in the inbox > > file size even having mailbox_size_limit = 0? What > might be the cause > > of my problem? I have postfix-2.3.3-2.1.el5_2 under > CentOS 5.4 and > > ext3 as filesystem. > > You appear to have a procmail problem. And by the > way, Postfix 2.3 is > no longer updated, so consider upgrading. Thank you for the advice and the answer. Pablo > > -- > Sahil Tandon >
solved - Re: status=bounced (Command time limit exceeded: "/usr/bin/procmail")
--- On Mon, 11/8/10, Sahil Tandon wrote: > From: Sahil Tandon > Subject: Re: status=bounced (Command time limit exceeded: "/usr/bin/procmail") > To: postfix-users@postfix.org > Date: Monday, November 8, 2010, 8:35 PM > On Mon, 2010-11-08 at 19:15:42 -0800, > Pablo Chamorro wrote: > > > When I do a simple: 'echo hello | mail -s test > myuser', it goes to the > > Postfix queue and after some time, it gets bounced, > but it seems also > > the email gets to the inbox too. > > > > Nov 8 18:48:35 correo postfix/local[11453]: > 88CAF2D6A74: > > to=, > relay=local, delay=1000, > > delays=0.27/0.05/0/1000, dsn=5.3.0, status=bounced > (Command time limit > > exceeded: "/usr/bin/procmail") > > > > Could you please tell me if there is a solution > different to reduce > > the size of the inbox file? Is there a 'physical' > limit in the inbox > > file size even having mailbox_size_limit = 0? What > might be the cause > > of my problem? I have postfix-2.3.3-2.1.el5_2 under > CentOS 5.4 and > > ext3 as filesystem. > > You appear to have a procmail problem. And by the > way, Postfix 2.3 is > no longer updated, so consider upgrading. This problem happened yesterday night. Today it seems it's ok, although nothing was done. Thank you very much, Pablo Chamorro > > -- > Sahil Tandon >
Local to local and pop-before-smtp
Hi, I'm running postfix as a virtual mail server and I have the following issue, relay control is working fine with pop-before-smtp, but still get spam passing through because when a spammer puts the "From" header with any of my virtual domains and a "Rcpt" also is on the virtual domains no authentication is required because pop-before-smtp only authenticates for relay. So the question is, is it possible to condition the smtp access to deny access when the destination is local and the user is local and the client agent IP is not in pop-before-smtp database ? in summary my rules should do this: -Deny access on relay attempt (recipient is remote) and the smtp client IP is not in the pop-before-smtp database . (I got this working) -Deny access on non-relay attempts (deliver to local) and the from header is also local and the smtp client IP is not in the pop-before-smtp database (no idea how to do this) -Apply antispam rbl checks (this also working right now) these are my current restrictions: smtpd_recipient_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/pop-before-smtp, reject_authenticated_sender_login_mismatch, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, check_recipient_maps, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client list.dsbl.org, reject_rhsbl_client sbl-xbl.spamhaus.org, reject_rhsbl_client bl.spamcop.net, reject_rhsbl_client list.dsbl.org, reject_rhsbl_sender sbl-xbl.spamhaus.org, reject_rhsbl_sender bl.spamcop.net, reject_rhsbl_sender list.dsbl.org, permit_auth_destination, reject
Re: Local to local and pop-before-smtp
On Sunday 26 July 2009 07:19:39 pm Magnus Bäck wrote: > On Sunday, July 26, 2009 at 23:58 CEST, > Pablo Yaggi wrote: > > > I'm running postfix as a virtual mail server and I have the > > following issue, relay control is working fine with pop-before-smtp, > > but still get spam passing through because when a spammer puts the > > "From" header with any of my virtual domains and a "Rcpt" also is on > > the virtual domains no authentication is required because > > pop-before-smtp only authenticates for relay. > > So the question is, is it possible to condition the smtp access > > to deny access when the destination is local and the user is local and > > the client agent IP is not in pop-before-smtp database ? > > I suggest you use SASL instead of POP-before-SMTP and use the > smtpd_sender_login_maps feature. But I'm running a mass virtual hosting server, if i use authenticated smtp, it will not prevent for external smtp to deliver mail to my users ? > > But you can do something similar with POP-before-SMTP. > > main.cf: > smtpd_restriction_classes = permit_pop_before_smtp > permit_pop_before_smtp = > check_client_access hash:/etc/postfix/pop-before-smtp > smtpd_sender_restrictions = check_sender_access hash:/path/to/file > > /path/to/file: > example.com permit_pop_before_smtp, reject > > example.com is a domain that you want to protect from non-POPed clients. > This will prevent anyone how tries to send mail to example.com need to be authenticated, but external smtp needs no authentication. What I need is to example.com (if example.com is in my virtuals) to be protected from non-POPed clients when the signature of the mail (the FROM) is IN my virtuals. In other words, i need clients of my servers to be pop-authenticated what ever they want to do, meaning relay or not relay. And outsiders need no authentication to deliver to my locals if they are not rbl listed. > [...] > > > these are my current restrictions: > > smtpd_recipient_restrictions = permit_mynetworks, > > check_client_access hash:/etc/postfix/pop-before-smtp, > > reject_authenticated_sender_login_mismatch, > > permit_sasl_authenticated, > > These last two lines don't make any sense unless you use SASL. > > > reject_unauth_destination, > > reject_unauth_pipelining, > > check_recipient_maps, > > check_recipient_maps has been deprecated for years. Use > reject_unlisted_recipient instead. > > > reject_non_fqdn_sender, > > reject_non_fqdn_recipient, > > reject_rbl_client sbl-xbl.spamhaus.org, > > reject_rbl_client bl.spamcop.net, > > reject_rbl_client list.dsbl.org, > > dsbl.org is dead. Remove it. ok, I'm on it > > > reject_rhsbl_client sbl-xbl.spamhaus.org, > > reject_rhsbl_client bl.spamcop.net, > > reject_rhsbl_client list.dsbl.org, > > reject_rhsbl_sender sbl-xbl.spamhaus.org, > > reject_rhsbl_sender bl.spamcop.net, > > reject_rhsbl_sender list.dsbl.org, > > permit_auth_destination, > > reject > > The two last ones serve no purpose. removed ... Thank's a lot
Re: Local to local and pop-before-smtp
Thank's a lot, I'm working on it and so on sasl support. Bests, Pablo On Sunday 26 July 2009 07:55:38 pm Magnus Bäck wrote: > On Monday, July 27, 2009 at 00:49 CEST, > Pablo Yaggi wrote: > > > On Sunday 26 July 2009 07:19:39 pm Magnus Bäck wrote: > > > > > I suggest you use SASL instead of POP-before-SMTP and use the > > > smtpd_sender_login_maps feature. > > > > But I'm running a mass virtual hosting server, if i use authenticated > > smtp, it will not prevent for external smtp to deliver mail to my users ? > > Only for clients trying to use any of your domains as the sender > address. This is no different from the policy you're asking about. > > > > But you can do something similar with POP-before-SMTP. > > > > > > main.cf: > > > smtpd_restriction_classes = permit_pop_before_smtp > > > permit_pop_before_smtp = > > > check_client_access hash:/etc/postfix/pop-before-smtp > > > > > smtpd_sender_restrictions = check_sender_access hash:/path/to/file > > > > > > /path/to/file: > > > example.com permit_pop_before_smtp, reject > > > > > > example.com is a domain that you want to protect from non-POPed > > > clients. > > > > This will prevent anyone how tries to send mail to example.com need to > > be authenticated, but external smtp needs no authentication. > > No, it will prevent anyone to send FROM your domain with prior > authentication. > > [...] >
Re: Local to local and pop-before-smtp
Well Magnus, I did what you told me, and postfix stoped receiving mails, when an external smtp tries to send mail to my local users, postfix respond access denied. I didn't do it exaclty like in you example, but I was doing int the smtpd_recipent_restrictions, this is what I did: smtpd_sender_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/pop-before-smtp, reject Maybe something is missing to check for virtual users, or something, any ideas ? Bests, Pablo On Sunday 26 July 2009 07:55:38 pm Magnus Bäck wrote: > On Monday, July 27, 2009 at 00:49 CEST, > Pablo Yaggi wrote: > > > On Sunday 26 July 2009 07:19:39 pm Magnus Bäck wrote: > > > > > I suggest you use SASL instead of POP-before-SMTP and use the > > > smtpd_sender_login_maps feature. > > > > But I'm running a mass virtual hosting server, if i use authenticated > > smtp, it will not prevent for external smtp to deliver mail to my users ? > > Only for clients trying to use any of your domains as the sender > address. This is no different from the policy you're asking about. > > > > But you can do something similar with POP-before-SMTP. > > > > > > main.cf: > > > smtpd_restriction_classes = permit_pop_before_smtp > > > permit_pop_before_smtp = > > > check_client_access hash:/etc/postfix/pop-before-smtp > > > > > smtpd_sender_restrictions = check_sender_access hash:/path/to/file > > > > > > /path/to/file: > > > example.com permit_pop_before_smtp, reject > > > > > > example.com is a domain that you want to protect from non-POPed > > > clients. > > > > This will prevent anyone how tries to send mail to example.com need to > > be authenticated, but external smtp needs no authentication. > > No, it will prevent anyone to send FROM your domain with prior > authentication. > > [...] >
Re: Local to local and pop-before-smtp
Mangus, taking a deep look into your example, I notice the restriction is only applied to example.com, isn't it ? if this is the case, I have a problem on doing it, my list of domains is virtual, so I need to restrict the test to them, is it possible ? On Monday 27 July 2009 11:27:51 am Pablo Yaggi wrote: > Well Magnus, I did what you told me, and > postfix stoped receiving mails, when an external smtp > tries to send mail to my local users, postfix respond > access denied. > I didn't do it exaclty like in you example, but I was > doing int the smtpd_recipent_restrictions, > this is what I did: > > smtpd_sender_restrictions = permit_mynetworks, > check_client_access hash:/etc/postfix/pop-before-smtp, > reject > > Maybe something is missing to check for virtual users, > or something, any ideas ? > > Bests, > Pablo > > > On Sunday 26 July 2009 07:55:38 pm Magnus Bäck wrote: > > On Monday, July 27, 2009 at 00:49 CEST, > > Pablo Yaggi wrote: > > > > > On Sunday 26 July 2009 07:19:39 pm Magnus Bäck wrote: > > > > > > > I suggest you use SASL instead of POP-before-SMTP and use the > > > > smtpd_sender_login_maps feature. > > > > > > But I'm running a mass virtual hosting server, if i use authenticated > > > smtp, it will not prevent for external smtp to deliver mail to my users ? > > > > Only for clients trying to use any of your domains as the sender > > address. This is no different from the policy you're asking about. > > > > > > But you can do something similar with POP-before-SMTP. > > > > > > > > main.cf: > > > > smtpd_restriction_classes = permit_pop_before_smtp > > > > permit_pop_before_smtp = > > > > check_client_access hash:/etc/postfix/pop-before-smtp > > > > > > > smtpd_sender_restrictions = check_sender_access hash:/path/to/file > > > > > > > > /path/to/file: > > > > example.com permit_pop_before_smtp, reject > > > > > > > > example.com is a domain that you want to protect from non-POPed > > > > clients. > > > > > > This will prevent anyone how tries to send mail to example.com need to > > > be authenticated, but external smtp needs no authentication. > > > > No, it will prevent anyone to send FROM your domain with prior > > authentication. > > > > [...] > > >
Re: Local to local and pop-before-smtp
On Monday 27 July 2009 12:46:04 pm Magnus Bäck wrote: > On Monday, July 27, 2009 at 16:37 CEST, > Pablo Yaggi wrote: > > > taking a deep look into your example, I notice > > the restriction is only applied to example.com, isn't it ? > > Yes. > > > if this is the case, I have a problem on doing it, my list of domains > > is virtual, so I need to restrict the test to them, is it possible ? > > The address class of your domains is irrelevant. Just put one line per > domain into the access table. > > example.com permit_pop_before_smtp, reject > example.net permit_pop_before_smtp, reject > example.org permit_pop_before_smtp, reject > But the problem with this, is I'm using virtual domains with sql database (I thought I told you, my mistake), this is my conf: alias_maps = hash:/etc/postfix/aliases, hash:/var/lib/mailman/data/aliases virtual_mailbox_base = /home/vmail virtual_mailbox_domains = pgsql:/etc/postfix/pgsql/pgsql-virtual-domains.cf virtual_mailbox_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-maps.cf virtual_uid_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-uid.cf virtual_gid_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-gid.cf virtual_alias_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual.cf,hash:/var/lib/mailman/data/virtual-mailman is there anyway to make it work all together ?
Re: Local to local and pop-before-smtp
On Monday 27 July 2009 01:21:43 pm Magnus Bäck wrote: > On Monday, July 27, 2009 at 18:05 CEST, > Pablo Yaggi wrote: > > > On Monday 27 July 2009 12:46:04 pm Magnus Bäck wrote: > > > On Monday, July 27, 2009 at 16:37 CEST, > > > Pablo Yaggi wrote: > > > > > > > taking a deep look into your example, I notice > > > > the restriction is only applied to example.com, isn't it ? > > > > > > Yes. > > > > > > > if this is the case, I have a problem on doing it, my list of domains > > > > is virtual, so I need to restrict the test to them, is it possible ? > > > > > > The address class of your domains is irrelevant. Just put one line per > > > domain into the access table. > > > > > > example.com permit_pop_before_smtp, reject > > > example.net permit_pop_before_smtp, reject > > > example.org permit_pop_before_smtp, reject > > > > > > > But the problem with this, is I'm using virtual domains with > > sql database (I thought I told you, my mistake), this is my conf: > > How you store the data doesn't matter. You just need to construct a > `mysql' lookup table configuration that returns the desired string > iff the domain is one of your domains. For example, the following > query could satisfy that requirement: > > SELECT 'permit_pop_before_smtp, reject' FROM domains WHERE name = '%u' > > [...] > Ok, I see the concept now. I did it and it seems to be working, now I'll try to make sasl work (pluginviewer is showing nothing) , thank's a lot, best reagards Pablo
Block messages from *.mydomain.dom
Hi all! My domain is mydomain.dom. I want to block messages coming from *.mydomain.com (i.e. spamdomain.mydomain.dom). I couldn't find any configuration hint to do it. Thanks in advance, Yahoo! Cocina Encontra las mejores recetas con Yahoo! Cocina. http://ar.mujer.yahoo.com/cocina/
Date: header - Received instead of sent?
Could somebody please tell me if it's possible to setup Postfix in order to make the reception date is shown instead of the email-messages sent-date? I mean, the purpose of my inquiry, is to determine if it's possible to avoid fake or incorrect dates in received email that can cause confusion to users, chiefs and also to avoid legal issues related to the real date and time of reception of the messages. Thank you, Pablo Chamorro
Mantente en contacto conmigo a través de LinkedIn
LinkedIn Me gustaría añadirte a mi red profesional en LinkedIn. -Pablo Pablo Sánchez Director Comercial en Grupo Dixis Illes Balears, España Confirma que conoces a Pablo Sánchez: https://www.linkedin.com/e/ekybff-hf6rsycc-3l/isd/12241083068/55dEvnPW/?hs=false&tok=2Hn7GHGqmocRI1 -- Estás recibiendo invitaciones a conectar. Haz clic para darte de baja: http://www.linkedin.com/e/ekybff-hf6rsycc-3l/qB3B5040SVrp2HIWv-3fZ6Ke54Thhyz_sjk8viB/goo/postfix-users%40postfix%2Eorg/20061/I4056122001_1/?hs=false&tok=0TWP54mPSocRI1 (c) 2012 LinkedIn Corporation. 2029 Stierlin Ct, Mountain View, CA 94043, EE.UU.
Want to Improve SSL/TLS security
Afternoon postfix users. I am trying to improve the encrypted connection to my mail server running postfix 2.7.0-1ubuntu0.2 but doing tests with https://starttls.info/ I am getting very low scores (E grade) for a number of reasons despite making what I though were necessary changes 1) "There is a self-signed certificate in the trust chain. It may be a configuration problem" I have a 4096bit RSA cert signed by Comodo and configured in main.cf as follows smtpd_tls_cert_file=/etc/ssl/private/mydomain_org.crt smtpd_tls_key_file=/etc/ssl/private/mydomain_org.key smtp_tls_CAfile = /etc/ssl/private/mydomain_org.ca-bundle The .key and .csr were generated by me and the .csr send to Comodo. Comodo sent back the .crt and the .ca-bundle The contents of my /etc/ssl/private is: -rw-r--r-- 1 rootroot 4101 2014-04-12 13:17 mydomain_org.ca-bundle -rw-r--r-- 1 rootroot 2108 2014-04-12 13:17 mydomain_org.crt -rw-r--r-- 1 rootroot 1411 2014-04-12 13:17 mydomain_org.csr -rw--- 1 rootroot 2994 2014-04-12 13:17 mydomain_org.key I use the same certificate for website too and do not get "self-signed certificate" errors. Is there something obvious I did wrong here? 2) Protocol: Supports SSLV2 3) Key exchange: Anonymous Diffie-Hellman is accepted. This is suspectible to Man-in-the-Middle attacks. I am not sure where this gets set so I can disable it 4) Cipher: Weakest accepted cipher: 0 I am not sure where to set this to a higher bit rate. Strongest is 256 so a low of 128 would be good. ¬Juan
Re: Want to Improve SSL/TLS security
On 2014-05-31 22:34, li...@rhsoft.net wrote: *forget* them, they don't understand E-Mail and are too dumb for realize the difference between http/smtp OK forgetting them. I will be going encrypted connections only soon (yes I realize the consiquences) so I would like to be able to at the very least disable the insecure SSLv2, as I would not want to speak to any host that can do this weak protocol. Is there a reason why the following does not work smtpd_tls_mandatory_protocols = !SSLv2 Also using checktls.com also reports that I have an invalid certificate. Any reason for this?
receiving duplicate (or more) copies of email
Hello, I am wondering if someone can point me in direction of troubleshooting this. For the past week we have been receiving some emails as duplicates or more, some times up to 6 or 7 times. These multiple copes can be received from any host (eg, skype.com, linkedin.com, yahoo, gmail or some corporate services). From what I can see in the logs, the remote mail server is connecting multiple times but for what reason I am not sure I only have one MX accessible, so it's not coming in via multiple sources Logs for a yahoo.fr email as an example is the following (logs have been sanitized): Jun 11 21:34:13 mailsrv postfix/smtpd[30440]: connect from nm11-vm3.bullet.mail.ir2.yahoo.com[212.82.96.164] Jun 11 21:34:13 mailsrv postfix/smtpd[30440]: setting up TLS connection from nm11-vm3.bullet.mail.ir2.yahoo.com[212.82.96.164] Jun 11 21:34:13 mailsrv postfix/smtpd[30488]: connect from nm11-vm8.bullet.mail.ir2.yahoo.com[212.82.96.169] Jun 11 21:34:14 mailsrv postfix/smtpd[30488]: setting up TLS connection from nm11-vm8.bullet.mail.ir2.yahoo.com[212.82.96.169] Jun 11 21:34:14 mailsrv postfix/smtpd[30440]: Anonymous TLS connection established from nm11-vm3.bullet.mail.ir2.yahoo.com[212.82.96.164]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Jun 11 21:34:14 mailsrv postfix/smtpd[30488]: Anonymous TLS connection established from nm11-vm8.bullet.mail.ir2.yahoo.com[212.82.96.169]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Jun 11 21:34:14 mailsrv postfix/smtpd[30440]: 264B6B11D: client=nm11-vm3.bullet.mail.ir2.yahoo.com[212.82.96.164] Jun 11 21:34:14 mailsrv postfix/cleanup[30492]: 264B6B11D: message-id=<1402568771.40464.yahoomail...@web172301.mail.ir2.yahoo.com> Jun 11 21:34:14 mailsrv postfix/smtpd[30488]: C49551042: client=nm11-vm8.bullet.mail.ir2.yahoo.com[212.82.96.169] Jun 11 21:34:15 mailsrv postfix/cleanup[30491]: C49551042: message-id=<1402568771.40464.yahoomail...@web172301.mail.ir2.yahoo.com> Jun 11 21:34:16 mailsrv postfix/qmgr[29330]: 264B6B11D: from=, size=608582, nrcpt=1 (queue active) Jun 11 21:34:16 mailsrv postfix/smtpd[30440]: disconnect from nm11-vm3.bullet.mail.ir2.yahoo.com[212.82.96.164] Jun 11 21:34:16 mailsrv postfix/smtpd[30500]: connect from localhost[127.0.0.1] Jun 11 21:34:16 mailsrv postfix/smtpd[30500]: D12E6C045: client=localhost[127.0.0.1] Jun 11 21:34:16 mailsrv postfix/cleanup[30493]: D12E6C045: message-id=<1402568771.40464.yahoomail...@web172301.mail.ir2.yahoo.com> Jun 11 21:34:16 mailsrv postfix/qmgr[29330]: D12E6C045: from=, size=609073, nrcpt=1 (queue active) Jun 11 21:34:16 mailsrv postfix/smtpd[30500]: disconnect from localhost[127.0.0.1] Jun 11 21:34:16 mailsrv postfix/smtp[30497]: 264B6B11D: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=2.5, delays=2/0/0/0.51, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=30520-03, from MTA: 250 2.0.0 Ok: queued as D12E6C045) Jun 11 21:34:16 mailsrv postfix/qmgr[29330]: 264B6B11D: removed Jun 11 21:34:16 mailsrv postfix/qmgr[29330]: C49551042: from=, size=608577, nrcpt=1 (queue active) Jun 11 21:34:17 mailsrv postfix/smtp[30502]: D12E6C045: to=, relay=10.10.2.2[10.10.2.2]:25, delay=0.2, delays=0.07/0/0/0.12, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as E72551220061) Jun 11 21:34:17 mailsrv postfix/qmgr[29330]: D12E6C045: removed Jun 11 21:34:17 mailsrv postfix/smtpd[30488]: disconnect from nm11-vm8.bullet.mail.ir2.yahoo.com[212.82.96.169] Jun 11 21:34:17 mailsrv postfix/smtpd[30500]: connect from localhost[127.0.0.1] Jun 11 21:34:17 mailsrv postfix/smtpd[30500]: 32882C01D: client=localhost[127.0.0.1] Jun 11 21:34:17 mailsrv postfix/cleanup[30492]: 32882C01D: message-id=<1402568771.40464.yahoomail...@web172301.mail.ir2.yahoo.com> Jun 11 21:34:17 mailsrv postfix/qmgr[29330]: 32882C01D: from=, size=609068, nrcpt=1 (queue active) Jun 11 21:34:17 mailsrv postfix/smtpd[30500]: disconnect from localhost[127.0.0.1] Jun 11 21:34:17 mailsrv postfix/smtp[30494]: C49551042: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=2.6, delays=2.3/0/0/0.3, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=30484-10, from MTA: 250 2.0.0 Ok: queued as 32882C01D) Jun 11 21:34:17 mailsrv postfix/qmgr[29330]: C49551042: removed Jun 11 21:34:17 mailsrv postfix/smtp[30507]: 32882C01D: to=, relay=10.10.2.2[10.10.2.2]:25, delay=0.19, delays=0.08/0/0/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4978B1220071) Jun 11 21:34:17 mailsrv postfix/qmgr[29330]: 32882C01D: removed
Re: Mail graphical statistics
I use Munin, with postfix plugins. http://muninexchange.projects.linpro.no/?search=&cid=16&os[4]=on&os[7]=on&os[3]=on&os[2]=on&os[5]=on&os[8]=on&os[1]=on&os[6]=on&pid=81 Regards, Pablo On Thu, Oct 16, 2008 at 10:14 AM, Alejandro Facultad <[EMAIL PROTECTED]> wrote: > Dear all, I want to use a web interface program to see graphical statistics > about icoming/outgoing/bounced mail traffic to/from my Postfix. > > What is the best tool ??? Mailgraph, queuegraph, isoqlog,.??? > > Special thanks > > ¡Buscá desde tu celular! Yahoo! oneSEARCH ahora está en Claro > http://ar.mobile.yahoo.com/onesearch
unused parameter: policy-spf_time_limit=3600s
Hello, I am having a new Ubuntu 14.04 server set up with postfix. When using postfix check I am seeing warning about unused parameter /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: policy-spf_time_limit=3600s /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: policy-spf_time_limit=3600s /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: policy-spf_time_limit=3600s repeat 10 more time policy-spf_time_limit = 3600s is defined in my main.cf at the bottom I have the following installed: # dpkg -l | grep postfix ii postfix 2.11.0-1ubuntu1 amd64High-performance mail transport agent ii postfix-pcre 2.11.0-1ubuntu1 amd64PCRE map support for Postfix ii postfix-policyd-spf-python 1.2-1 all Postfix policy server for SPF checking Can any person tell me if this entry has been depreciated or if it is some other problem? Thanks JP
Delay deliver to a group of domains
Hi, I have a group of domains, that can't cope with our delivery rate, I need to send them mail at most at 1/second, how should I achieve that ? I tried to create a new transport in master.cf and reroute these domains thru this transpor but it doesn't seems to work. Any Help ? Regards, Pablo
Re: Delay deliver to a group of domains
I added the following lines to the configuration master.cf smtpslow unix - - n - - smtp transport yahoo.com smtpslow: yahoo.com.arsmtpslow: yahoo.com.mxsmtpslow: ymail.com smtpslow: main.cf transport_maps = hash:/etc/postfix/transport smtpslow_destination_concurrency_limit = 10 smtpslow_destination_recipient_limit = 5 ran postmap transport and restarted the postfix service Regards, Pablo On Mon, Aug 23, 2010 at 8:05 PM, Wietse Venema wrote: > Pablo Garcia Melga: >> Hi, I have a group of domains, that can't cope with our delivery rate, >> I need to send them mail at most at 1/second, how should I achieve >> that ? >> I tried to create a new transport in master.cf and reroute these >> domains thru this transpor but it doesn't seems to work. >> >> Any Help ? > > Postfix 2.5 and later has output rate delay support. > > What did you do? We can't say what mistake you made. > > Wietse >
Re: Delay deliver to a group of domains
Thanks Wietse, works just fine. On Tue, Aug 24, 2010 at 10:12 AM, Wietse Venema wrote: > Pablo Garcia Melga: >> I added the following lines to the configuration >> >> master.cf >> >> smtpslow unix - - n - - smtp >> >> transport >> >> yahoo.com smtpslow: >> yahoo.com.ar smtpslow: >> yahoo.com.mx smtpslow: >> ymail.com smtpslow: >> >> main.cf >> >> transport_maps = hash:/etc/postfix/transport >> >> smtpslow_destination_concurrency_limit = 10 >> smtpslow_destination_recipient_limit = 5 >> >> ran postmap transport and restarted the postfix service > > Your configuration works exactly as documented: it sends mail as > fast as possible while limiting the CONCURRENCY to 10 parallel > connections. > > If you want to limit the sending RATE, then you must (surprise) > use the Postfix features that limit the sending RATE. > > http://www.postfix.org/postconf.5.html#transport_destination_rate_delay > > Wietse >
Re: Delay deliver to a group of domains
I have achieved to use the delay, now I'm seeing a lot of this messages in my logfiles "warning: you may need to increase the main.cf smtpslow_destination_concurrency_limit from 1" My settings are : smtpslow_destination_concurrency_limit = 10 smtpslow_destination_recipient_limit = 15 smtpslow_destination_rate_delay = 1s smtpslow_destination_concurrency_failed_cohort_limit = 5 I've checked the logs and I'm sending roughly 1 mail per second using that transport, is there any way to send more ?, let say 5 messages per second but no more than that ? Regards, Pablo On Tue, Aug 24, 2010 at 12:46 PM, Pablo Garcia Melga wrote: > Thanks Wietse, works just fine. > > > > On Tue, Aug 24, 2010 at 10:12 AM, Wietse Venema wrote: >> Pablo Garcia Melga: >>> I added the following lines to the configuration >>> >>> master.cf >>> >>> smtpslow unix - - n - - smtp >>> >>> transport >>> >>> yahoo.com smtpslow: >>> yahoo.com.ar smtpslow: >>> yahoo.com.mx smtpslow: >>> ymail.com smtpslow: >>> >>> main.cf >>> >>> transport_maps = hash:/etc/postfix/transport >>> >>> smtpslow_destination_concurrency_limit = 10 >>> smtpslow_destination_recipient_limit = 5 >>> >>> ran postmap transport and restarted the postfix service >> >> Your configuration works exactly as documented: it sends mail as >> fast as possible while limiting the CONCURRENCY to 10 parallel >> connections. >> >> If you want to limit the sending RATE, then you must (surprise) >> use the Postfix features that limit the sending RATE. >> >> http://www.postfix.org/postconf.5.html#transport_destination_rate_delay >> >> Wietse >> >
Stopping Spam from Forwarding
Hello all, I am a rookie to postfix, I apologize in advance, and I have been tasked with not allowing SPAM to be forwarded. I basically receive messages from an edge mail server that adds a header to a messages stating whether it has been flagged for spam or not and another that gives the message a numerical spam rating spam rating. I am also not running spam assassin or clamav on my system because these edge servers already mitigate those issues. My job is to ensure that if a person has a forwarder set to another domain to only deliver the SPAM locally and not forward it. This is on a Zimbra 8.6.0 install. If someone could point me in the right direction I would greatly appreciate it. I have been looking on line and what I have been finding is mostly about rejecting SPAM. I have also been looking at postfix after-queue content filtering on the postfix docs. But I need some good examples and I am not really quite sure what commands I would use to deliver only locally. Any guidance would be appreciated. Regards, Pablo
Re: Stopping Spam from Forwarding
Christian thank you for the quick response. The edge servers are running sendmail and my zimbra install runs postfix. If I am understanding what you are saying correctly the header_checks statement runs a discard filter. I can not discard the mail I have to deliver it locally only and ensure that it does not get forwarded to gmail (or any other) because the user has a forwarder set to gmail. If I misunderstood I apologize. Regards, Pablo Garaitonandia Penn State University ITS, Administrative Information Services pa...@psu.edu - Original Message - From: "Christian Rößner" To: "Pablo E Garaitonandia" Cc: postfix-users@postfix.org Sent: Friday, May 20, 2016 3:02:39 PM Subject: Re: Stopping Spam from Forwarding > Am 20.05.2016 um 20:52 schrieb Pablo E Garaitonandia : > > Hello all, > I am a rookie to postfix, I apologize in advance, and I have been > tasked with not allowing SPAM to be forwarded. I basically receive messages > from an edge mail server that adds a header to a messages stating whether it > has been flagged for spam or not and another that gives the message a > numerical spam rating spam rating. I am also not running spam assassin or > clamav on my system because these edge servers already mitigate those issues. > My job is to ensure that if a person has a forwarder set to another domain to > only deliver the SPAM locally and not forward it. This is on a Zimbra 8.6.0 > install. If someone could point me in the right direction I would greatly > appreciate it. I have been looking on line and what I have been finding is > mostly about rejecting SPAM. I have also been looking at postfix after-queue > content filtering on the postfix docs. But I need some good examples and I am > not really quite sure what commands I would use to deliver only locally. Any > guidance would be appreciated. Not sure, if I understood correctly. You receive mail on a Postfix server that is already been spam checked and that carries headers that you can parse, right? If so, I would add a header_checks_maps parameter in PCRE format and send it through FILTER discard: For example in main.cf: - header_checks = pcre:/etc/postfix/header_checks - header_checks: - /^My-SPAM-Flag:.+Yes$/i FILTER discard: - You might need to place the header_checks inside master.cf. It depends on your setup. Maybe this works for you Christian — Christian Rößner B.Sc. Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com
Re: Stopping Spam from Forwarding
I think so. It is a good starting point for me. Thank you. Regards, Pablo Garaitonandia Penn State University ITS, Administrative Information Services pa...@psu.edu - Original Message - From: "Christian Rößner" To: "Pablo E Garaitonandia" Cc: postfix-users@postfix.org Sent: Friday, May 20, 2016 3:15:07 PM Subject: Re: Stopping Spam from Forwarding > Am 20.05.2016 um 21:10 schrieb Pablo E Garaitonandia : > > Christian thank you for the quick response. The edge servers are running > sendmail and my zimbra install runs postfix. If I am understanding what you > are saying correctly the header_checks statement runs a discard filter. I can > not discard the mail I have to deliver it locally only and ensure that it > does not get forwarded to gmail (or any other) because the user has a > forwarder set to gmail. If I misunderstood I apologize. So you could change the FILTER to: FILTER smtp:[where_your_spam_should_go]:25 Is it this, what you need? > - > header_checks = pcre:/etc/postfix/header_checks > - > > header_checks: > - > /^My-SPAM-Flag:.+Yes$/i FILTER discard: > - > > You might need to place the header_checks inside master.cf. It depends on > your setup. > > Maybe this works for you > > Christian — Christian Rößner B.Sc. Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com
