Re: Limitations of setting mydestination with virtual domains

--- On Tue, 6/16/09, Barney Desmond wrote: > From: Barney Desmond > Subject: Re: Limitations of setting mydestination with virtual domains > To: "postfix users list" > Date: Tuesday, June 16, 2009, 7:32 PM > 2009/6/17 Tim Legg : > > > > Jun 16 17:54:40 genex postfix/smtpd[1665]: NOQUEUE: > r

SSL

Hi, I am trying to setup SSL connections. I have it setup as the instructions say: smtpd_tls_CAfile = /etc/postfix/sslbundle.crt smtpd_tls_cert_file = /etc/postfix/server.crt smtpd_tls_key_file = /etc/postfix/server.key smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:/v

Re: false return addresses

Wietse Venema wrote: James D. Parra: Hello, How can I drop external messages with a return address from our domain? Something like this will reject "local" senders from outside "mynetworks". I'm glad this question came up, I too am getting from= to= hits lately and appreciate the example

relay_recipient_maps + smtp_auth

OK am looking to configure a relay server that will relay to any destination if smtp auth used or IP is defined in mynetworks BUT other than that will only relay mail for certain domains/users ... So have configured dovecot to be used to auth and IPs allowed to relay in a hash db /etc/postfix/n

Re: is reject_unknown_client_hostname safe now? (aka FCRDNS)

On Dienstag 16 Juni 2009 Jorey Bump wrote: > I tried using it for a while last year and found it still to be > unsafe. Thanks Jorey, that was our finding also. Is there someone who actually uses it in an ISP environment? mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management

Re: Limitations of setting mydestination with virtual domains

2009/6/17 Tim Legg : > > Jun 16 17:54:40 genex postfix/smtpd[1665]: NOQUEUE: reject: RCPT from > web38701.mail.mud.yahoo.com[209.191.125.77]: 550 5.1.1 : > Recipient address rejected: User unknown in virtual alias table; > from= to= proto=SMTP > helo= Unless I'm mistaken, l...@example1.com is

Re: Limitations of setting mydestination with virtual domains

Here is /var/log/mail.log Jun 16 17:54:21 genex postfix/postfix-script[1658]: refreshing the Postfix mail system Jun 16 17:54:22 genex postfix/master[1561]: reload configuration /etc/postfix Jun 16 17:54:40 genex postfix/smtpd[1665]: connect from web38701.mail.mud.yahoo.com[209.191.125.77] Jun

Re: Limitations of setting mydestination with virtual domains

Tim Legg wrote: Okay, here is the 'postconf -n' Of course, once again, I am using example1.com and example2.org to protect my innocent friends from my ignorance ;) My test e-mails still don't work in this configuration. It is true, I did make a typo when I cited /etc/virtual as a path. Good

Re: Illegal mix of collations error

On Tue, Jun 16, 2009 at 9:50 AM, Blake Hudson wrote: > > Thanks for the reply on this. I have now changed the collation of the >> tables to latin1_swedish_ci, but am still getting these errors. Dont quite >> understand what todo from here? Can anyone assist further please? >> >> Thanks!! >> >> S

Re: Signing outgoing mailman mail with DKIM

Hello, mouss pisze: you need to configure mailman to submit mail to an smtpd listener that results in signing. you have at least 3 ways: - pass mail to an smtpd listener that uses dkim milter - pass mail to an smtpd listener that passes mail to dkim proxy (but the milter is better) - pass mail

Re: Signing outgoing mailman mail with DKIM

Zbigniew Szalbot a écrit : > Hi there! > >> but why do you want to sign mailman (resent) mail? do you really think >> it will help you? > > In our scenario, mailman is not used as a discussion utility but a > newsletter type of thing. So I thought I would sign such mail to > increase the likeliho

Re: Limitations of setting mydestination with virtual domains

Okay, here is the 'postconf -n' Of course, once again, I am using example1.com and example2.org to protect my innocent friends from my ignorance ;) My test e-mails still don't work in this configuration. It is true, I did make a typo when I cited /etc/virtual as a path. Good eyes for catchin

Re: Limitations of setting mydestination with virtual domains

On Tue, Jun 16, 2009 at 03:32:19PM -0500, Noel Jones wrote: > A user in a virtual_alias_domains *must* be mapped to a different domain - > typically a "local" domain listed in mydestination. In the example I > provided previously, /etc/postfix/virtual looked like > > example1.com anything > ex

Re: Limitations of setting mydestination with virtual domains

Tim Legg wrote: Okay, I made the changes people have suggested, but it still doesn't work. Recipient address rejected: User unknown in virtual alias table Below are the files which I believe are relevant. I for the most part understand the what the documentation tries to say, but there is so

Re: Limitations of setting mydestination with virtual domains

Tim Legg wrote: > Okay, I made the changes people have suggested, but it still doesn't work. > > Recipient address rejected: User unknown in virtual alias table > > Below are the files which I believe are relevant. > > I for the most part understand the what the documentation tries to say, but > t

Re: Limitations of setting mydestination with virtual domains

2009/6/17 Tim Legg : > > Okay, I made the changes people have suggested, but it still doesn't work. > > Recipient address rejected: User unknown in virtual alias table > > Below are the files which I believe are relevant. The first two are good, but post the output of `postconf -n` instead of main

Re: Limitations of setting mydestination with virtual domains

Okay, I made the changes people have suggested, but it still doesn't work. Recipient address rejected: User unknown in virtual alias table Below are the files which I believe are relevant. I for the most part understand the what the documentation tries to say, but there is so much I don't know

Re: Restriction reject_sender_login_mismatch

Eduardo Júnior wrote: > with smtpd_delay_reject set to yes, where in my > smtpd_recipient_restrictions I must put this restrictions to that it > works properly? > After permit_sasl_authenticated? > > That isn't clear for me. If you put it after a permit, then the permit wins if the condition is met

Restriction reject_sender_login_mismatch

Hi, According to [1]: "Reject the request when $smtpd_sender_login_mapsspecifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner; or when the client is (SASL) logged in, but

Re: false return addresses

James D. Parra: > Hello, > > How can I drop external messages with a return address from our domain? Something like this will reject "local" senders from outside "mynetworks". Not tested: # Pass mail from inside mynetworks, reject senders /etc/postfix/main.cf: smtpd_sender_restrictions =

false return addresses

Hello, How can I drop external messages with a return address from our domain? Recently, we have had a number of such messages enter our mail server. For example; Return-Path: jam...@musicreports.com Received: from mri-mail.musicreports.com (LHLO mri-mail.musicreports.com) (192.168.20.65) by mr

Re: trivial-rewrite warning although mydestination is empty

Bernd Lommerzheim: [ Charset UTF-8 unsupported, converting... ] > Hello Wietse Venema! > > > Because you are overlooking some configuration file. > > > > find / \( -name master.cf -o -name main.cf \) -print > r...@lunox ~ $ find / \( -name master.cf -o -name main.cf \) -print > /usr/lib64/postfix

Re: trivial-rewrite warning although mydestination is empty

Hello Wietse Venema! > Because you are overlooking some configuration file. > > find / \( -name master.cf -o -name main.cf \) -print r...@lunox ~ $ find / \( -name master.cf -o -name main.cf \) -print /usr/lib64/postfix/main.cf /usr/lib64/postfix/master.cf /etc/postfix/main.cf /etc/postfix/master

Re: documentation for owner-* companion aliases (was: Re: Message with 300,000+ recips via alias_maps)

Matthias Andree: > Let me know if you want help implementing these documentation suggestions, > and/or if we should move to postfix-de...@. You're welcome. I'm archiving this stuff in my 39MB todo inbox and go over it as time permits. Wietse

Re: postscreen logging question

Ralf Hildebrandt: [ Charset UTF-8 unsupported, converting... ] > * Wietse Venema : > > > postscreen is a single process that "screens" all inbound SMTP > > connections. Like OpenBSD spamd, it makes the decision whether or not > > an SMTP client is allowed to talk to a real SMTP server at all. This

Re: postscreen logging question

* Wietse Venema : > postscreen is a single process that "screens" all inbound SMTP > connections. Like OpenBSD spamd, it makes the decision whether or not > an SMTP client is allowed to talk to a real SMTP server at all. This is > an attempt to lessen the impact of zombies on Postfix performance.

Preliminary postscreen logging results

% awk '/PREGREET/ {print $NF}' /var/log/mail.log |sort | uniq -c | sort -n emits ... 25 urhousecareer.info?? 26 dmx1.bfi0.com?? 104 freenet.de?? 111 gmx.de?? 113 t-online.de?? 113 web.de?? But of course the client is never *.web.de, but always some kind of dialup

Re: postscreen logging question

Ralf Hildebrandt: > I'm trying out postscreen. No unexpected explosions so far. > > Question: > > Jun 16 16:38:48 mail-ausfall postfix/postscreen[22745]: PREGREET 20 after > 0.52 from 222.124.4.14: HELO dmx1.bfi0.com?? > > The client 222.124.4.14 sent "HELO dmx1.bfi0.com??" 0.52s after the > co

RE: Cryptic message for end users

Wietse, > > Ok Ralph, I have solved the two holes in conf file of Maildrop. Now I > get the following over quota message: > > > > < posta.sttspa.it #5.7.0 x-unix; maildrop: maildir over > quota.> > > > > Which is still not completely 'human-readble'. > > The error message is produced

Re: postscreen logging question

* Stefan Palme : > > On Tue, 2009-06-16 at 16:43 +0200, Ralf Hildebrandt wrote: > > I'm trying out postscreen. No unexpected explosions so far. > > ... > > May I ask what exactly "postscreen" is? I've never heard about it > and can not find any references in the web... ftp://ftp.porcupine.org/m

Re: running a delivery agent as a daemon?

Matt Burgoon: > Understood. I'llto go with the LMTP method using an already running > daemon. In order to configure this, do I have the entry in master.cf use > lmtp as the transport type, and have argv=localhost:someport, and use > virtual_transport (with the other virual_maps/domains etc) usin

Re: postscreen logging question

On Tue, 2009-06-16 at 16:43 +0200, Ralf Hildebrandt wrote: > I'm trying out postscreen. No unexpected explosions so far. > ... May I ask what exactly "postscreen" is? I've never heard about it and can not find any references in the web... Thanks and regards -stefan-

postscreen logging question

I'm trying out postscreen. No unexpected explosions so far. Question: Jun 16 16:38:48 mail-ausfall postfix/postscreen[22745]: PREGREET 20 after 0.52 from 222.124.4.14: HELO dmx1.bfi0.com?? The client 222.124.4.14 sent "HELO dmx1.bfi0.com??" 0.52s after the connection was established. But what d

Re: running a delivery agent as a daemon?

Understood. I'llto go with the LMTP method using an already running daemon. In order to configure this, do I have the entry in master.cf use lmtp as the transport type, and have argv=localhost:someport, and use virtual_transport (with the other virual_maps/domains etc) using the new definition?

Re: is reject_unknown_client_hostname safe now? (aka FCRDNS)

Jorey Bump wrote: Michael Monnerie wrote, at 06/16/2009 02:17 AM: A big ISP here in Austria started to use reject_unknown_client_hostname (http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname) also known as http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS Is this op

Re: trivial-rewrite warning although mydestination is empty

Bernd Lommerzheim: > And by the way at looking into my posted logs: Why does trivial-rewrite > handle the domain lunox.net at that moment. Around this warning from > trivial-rewrite there are only smtpd actions for other domains. I do not > understand why a postfix application is requesting for a r

Re: documentation for owner-* companion aliases (was: Re: Message with 300,000+ recips via alias_maps)

Matthias Andree: > Am 12.06.2009, 18:42 Uhr, schrieb Wietse Venema : > > > One final input: be sure to give each alias an owner-alias so that > > Postfix will store the result of alias expansion in new queue > > files. > > > > Otherwise, the result of expansion will not be stored. After failure >

cross-reference (was: documentation for owner-* companion aliases)

Matthias Andree: > Could there be a documentation-helper script for the maintainers (i. e. > you) to sort of build a cross-reference of "which postfix daemon uses > parameter $foobar" for all non-global parameters $foobar, so that > postconf(5) can serve as a cross-reference? I have a trivia

Re: Cryptic message for end users

Rocco Scappatura: [ Charset UTF-8 unsupported, converting... ] > Ok Ralph, I have solved the two holes in conf file of Maildrop. Now I get the > following over quota message: > > < posta.sttspa.it #5.7.0 x-unix; maildrop: maildir over quota.> > > Which is still not completely 'human-

RE: Cryptic message for end users

Hello, > Error 1: maildirmake: /pathto/user/: File exists > Error 2: maildrop: maildir over quota. > > > What you mean precisely? How I can find the mistake? > > > > Here my maildrop conf file: > > > > log "test -d $HOME$DEFAULT" > > `test -d $HOME$DEFAULT` > > if ($RETURNCODE != 0) > > { > >

Re: Signing outgoing mailman mail with DKIM

Hi there! but why do you want to sign mailman (resent) mail? do you really think it will help you? In our scenario, mailman is not used as a discussion utility but a newsletter type of thing. So I thought I would sign such mail to increase the likelihood of its delivery. Thank you! Zbigni

Re: is reject_unknown_client_hostname safe now? (aka FCRDNS)

Michael Monnerie wrote, at 06/16/2009 02:17 AM: > A big ISP here in Austria started to use reject_unknown_client_hostname > (http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname) > also known as http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS > > Is this option safe t

Re: trivial-rewrite warning although mydestination is empty

And by the way at looking into my posted logs: Why does trivial-rewrite handle the domain lunox.net at that moment. Around this warning from trivial-rewrite there are only smtpd actions for other domains. I do not understand why a postfix application is requesting for a resolve of a addresse with t

Re: trivial-rewrite warning although mydestination is empty

Hello Noel Jones & Wietse Venema, thank you for your replies. > Do you by any chance have more than one postfix instance running? No. See below for my master.cf and here are my running postfix process at the moment: anvil -l -t unix -u smtpd -n smtp -t inet -u -o stress= pickup -l -t fifo -u smtp

Postfix Send Mail Restriction

Postfix 2.5 on my server I'm using Debian Lenny. Daily basis to prevent spam mail user would like to put a limit, or with this postfix 3rd party software, how can I do? Regards.

Re: SSL_accept error - somebody that could tell me what to do

Victor Duchovni wrote: > On Mon, Jun 15, 2009 at 04:48:26PM +0200, Jelle de Jong wrote: > >> Thank you Wietse, I have asked the other server party to see if they can >> sent me the logs, I hope they will sent them, they say the problem is on >> my end, but I have no diffidence for that so far. >>

Re: SSL_accept error - somebody that could tell me what to do

Wietse Venema wrote: > Wietse Venema: >> Jelle de Jong: >>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: seed >>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute value: >>> YuvlIV0a1sMFU6JK6BcvsKr6WJm8YP7zsFNJz/XEv+w= >>> Jun 15 13:57:46 emily postfix/smtpd[23401]:

Re: SSL_accept error from - somebody that could tell me what to do

Wietse Venema wrote: > Wietse Venema: >> Jelle de Jong: >>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute name: seed >>> Jun 15 13:57:46 emily postfix/smtpd[23401]: input attribute value: >>> YuvlIV0a1sMFU6JK6BcvsKr6WJm8YP7zsFNJz/XEv+w= >>> Jun 15 13:57:46 emily postfix/smtpd[23401]:

documentation for owner-* companion aliases (was: Re: Message with 300,000+ recips via alias_maps)

Am 12.06.2009, 18:42 Uhr, schrieb Wietse Venema : One final input: be sure to give each alias an owner-alias so that Postfix will store the result of alias expansion in new queue files. Otherwise, the result of expansion will not be stored. After failure of delivery to one local recipient in th