Re: Postfix 2.9.6/OpenLDAP Recipient Not Found in Table after Attribute Change

Wietse, Thank you for the reply. However, I didn’t have any entry for “ron” in the maps previously. I think it’s as Matthijs indicated, and something is going on in the Dovecot side. I clearly need to re-read docs I haven’t visited in awhile and regain understanding of lmtp configurations. I’ll

Re: Postfix 2.9.6/OpenLDAP Recipient Not Found in Table after Attribute Change

You made a great point here, as I did a little digging and discovered that dovecot’s bind and search LDAP account had mismatched credentials. However, the issue persists after fixing this and restarting the services. I’m pursuing the dovecot side, as this may be the problem after all. Thanks! O

Re: Different content_filter for incoming & outgoing mail?

On 2/27/2014 8:49 PM, Nilesh Govindrajan wrote: > On Fri, Feb 28, 2014 at 8:16 AM, Noel Jones > wrote: > > On 2/27/2014 8:31 PM, Nilesh Govindrajan wrote: > > > > One more possible way could be not allowing authentication on port > > 25. Is that poss

Re: Different content_filter for incoming & outgoing mail?

On Fri, Feb 28, 2014 at 8:16 AM, Noel Jones wrote: > On 2/27/2014 8:31 PM, Nilesh Govindrajan wrote: > > > > One more possible way could be not allowing authentication on port > > 25. Is that possible? That way I can be sure that I get only > > incoming mail on port 25. > > > > Yes, that is a fai

Re: Different content_filter for incoming & outgoing mail?

On 2/27/2014 8:31 PM, Nilesh Govindrajan wrote: > > One more possible way could be not allowing authentication on port > 25. Is that possible? That way I can be sure that I get only > incoming mail on port 25. > Yes, that is a fairly common policy -- only allow AUTH on the submission port, not o

Re: Different content_filter for incoming & outgoing mail?

On Fri, Feb 28, 2014 at 7:58 AM, Nilesh Govindrajan wrote: > I have setup amavisd-new to listen on ports 10024 & 10026. Currently, all > mail is going to port 10024. The policy for 10024 is to alert spam.police / > virus.police whenever a virus / spam message is passed through. > > I want alerts

Different content_filter for incoming & outgoing mail?

I have setup amavisd-new to listen on ports 10024 & 10026. Currently, all mail is going to port 10024. The policy for 10024 is to alert spam.police / virus.police whenever a virus / spam message is passed through. I want alerts only if the mail originates from localhost (I have setup the ORIGNATIN

Re: Postfix postmap DB

On Thu, Feb 27, 2014 at 03:44:49PM -0700, LuKreme wrote: > Excellent. If you build with cdb there's no reason to build > against BerkeleyDB, right? You'll still need something else for caches, that's Berkeley DB or LMDB. -- Viktor.

Re: Postfix postmap DB

* LuKreme : > > On 27 Feb 2014, at 14:50 , Viktor Dukhovni wrote: > > > For read-only indexed files, that are not updated incrementaly, > > the best database type is "cdb". It is fastest, requires least > > per-process private memory, has the most stable on-disk format and > > has proved reliab

Re: Postfix postmap DB

On 27 Feb 2014, at 14:50 , Viktor Dukhovni wrote: > For read-only indexed files, that are not updated incrementaly, > the best database type is "cdb". It is fastest, requires least > per-process private memory, has the most stable on-disk format and > has proved reliable over many years. Excel

Re: Postfix postmap DB

On Thu, Feb 27, 2014 at 02:35:52PM -0700, LuKreme wrote: > What is the best choice for the database to compile postfix > against for use of hash/postmap files? For read-only indexed files, that are not updated incrementaly, the best database type is "cdb". It is fastest, requires least per-proce

Re: temporarily "softly" bouncing incoming email

cderr: > > Use a transport map: > > > > u...@example.comretry:mailbox temporarily unavailable > > > > This will still accept mail from SMTP, but will queue it. > > I added this line to /etc/postfix/transport (for a test account) and > then as root ran > > # postmap /etc/postfix/tra

Postfix postmap DB

What is the best choice for the database to compile postfix against for use of hash/postmap files? is LMDB (lmdb:) in postfix 2.11 going to be the best choice when I move to 2.11? Currently the only hash: type files I have are alias_maps, alias_database, check_client_acces. There's also trans

Re: temporarily "softly" bouncing incoming email

Thanks so very much for the detailed response. Unfortunately I still seem to be confused. On 2014-02-25 13:47, wie...@porcupine.org wrote: cderr: Greetings, We run postfix-2.6.6-2.2.el6_1.x86_64 and I would like to be able to temporarily manipulate the filesystem on the mailserver for

Postfix DSpam retrain aliases and error 555 user does not exist

Hello, I'm using Postfix 2.10 and DSpam 3.10 on an FC20 system. I'm trying to set up the DSpam aliases for retraining, s...@domain.com and nots...@domain.com and I keep getting an error 555 from Postfix, user does not exist. I thought this was because I was trying to forward an email to the notsp

Re: Gateway Server queues too many mails

On 2/27/2014 2:09 PM, Nikolaos Milas wrote: > On 27/2/2014 8:45 μμ, Noel Jones wrote: > >> Sounds as if the real problem is you're sending amavisd more mail at >> a time than your system can handle. > > Thank you Noel, > > I just found the cause: a particular peculiar mail (long, without > attac

Re: Gateway Server queues too many mails

On 27/2/2014 10:09 μμ, Nikolaos Milas wrote: Can I isolate these mails somehow in the deferred or active queue, remove them all at once and blast them? Is there a way to tell postfix: remove from queue all mail messages whose sender is x...@example.com? With a bit of googling, I found the f

Re: Gateway Server queues too many mails

On 27/2/2014 8:45 μμ, Noel Jones wrote: Sounds as if the real problem is you're sending amavisd more mail at a time than your system can handle. Thank you Noel, I just found the cause: a particular peculiar mail (long, without attachment, containing multiple languages and html character codi

Re: Make TLS errors hard, not soft

Viktor Dukhovni: > On Thu, Feb 27, 2014 at 07:33:29PM +0100, li...@rhsoft.net wrote: > > > > Also TLS is a transport mechanism, but transport failure is not > > > message failure. Equating transport failure with message failure > > > is semantically flawed. > > > > > > Are all the destinations i

Re: Make TLS errors hard, not soft

On Thu, Feb 27, 2014 at 07:33:29PM +0100, li...@rhsoft.net wrote: > > Also TLS is a transport mechanism, but transport failure is not > > message failure. Equating transport failure with message failure > > is semantically flawed. > > > > Are all the destinations in question served by exactly on

Re: Make TLS errors hard, not soft

Fourth option (mentioned before): short delay warning time. Fifth option (best): short queue life time, to that Postfix does not give up after the first MX host failure. Wietse

Re: Make TLS errors hard, not soft

Fourth option (mentioned before) use a short delay warning time or message queue life time, so that Postfix does not give up after the first MX host failure. Wietse

Re: Gateway Server queues too many mails

On 2/27/2014 11:07 AM, Nikolaos Milas wrote: > On 27/2/2014 5:10 μμ, Nikolaos Milas wrote: > >> Now, I am thinking of temporarily removing the: >> >>content_filter = smtp-amavis:[127.0.0.1]:10024 >> >> line from main.cf and *restarting* postfix (or rebooting the >> server), then run "postqueu

Re: Make TLS errors hard, not soft

Am 27.02.2014 19:28, schrieb Viktor Dukhovni: > On Thu, Feb 27, 2014 at 12:48:47PM -0500, Wietse Venema wrote: >> Peer Heinlein: >>> You got it. That's what we ARE doing and that's why I'm asking for. :-) >> >> Well this is a very non-standard deployment. I have to spend my >> limited cycles wise

Re: Bounce mails manually

LuKreme: > OK, what is pfqgrep? I don't see it in my ports tree? see http://www.arschkrebs.de/postfix/scripts/

Re: Make TLS errors hard, not soft

On Thu, Feb 27, 2014 at 12:48:47PM -0500, Wietse Venema wrote: > Peer Heinlein: > > You got it. That's what we ARE doing and that's why I'm asking for. :-) > > Well this is a very non-standard deployment. I have to spend my > limited cycles wisely on things that benefit the most people. > > > We

Re: Make TLS errors hard, not soft

Robert Sander: > Am 27.02.2014 18:48, schrieb Wietse Venema: > > > Are you blindly requiring TLS without even thinking about whether > > the remote party supports it? > > Yes, and the DSN should inform the user about that fact in a timely manner. Well the otions are: - Have a lot of patience.

Re: Make TLS errors hard, not soft

Am 27.02.2014 18:48, schrieb Wietse Venema: > Are you blindly requiring TLS without even thinking about whether > the remote party supports it? Yes, and the DSN should inform the user about that fact in a timely manner. Regards -- Robert Sander Heinlein Support GmbH Schwedter Str. 8/9b, 10119 B

Re: Make TLS errors hard, not soft

Peer Heinlein: > You got it. That's what we ARE doing and that's why I'm asking for. :-) Well this is a very non-standard deployment. I have to spend my limited cycles wisely on things that benefit the most people. > We have situations, where a mail MUST send using TLS. And I need a > FAST and re

Re: Make TLS errors hard, not soft

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 25.02.2014 14:43, schrieb Wietse Venema: You got it. That's what we ARE doing and that's why I'm asking for. :-) That's my actual workaround. But it's nothing more then a workaround. We have situations, where a mail MUST send using TLS. An

Re: Bounce mails manually

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 25.02.2014 15:42, schrieb Wietse Venema: That#s what i need. That#s what I need. :-) Peer - -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-42 Fax: 030 / 405051-19 Zwangsanga

Re: Gateway Server queues too many mails

On 27/2/2014 5:10 μμ, Nikolaos Milas wrote: Now, I am thinking of temporarily removing the: content_filter = smtp-amavis:[127.0.0.1]:10024 line from main.cf and *restarting* postfix (or rebooting the server), then run "postqueue -f" again, at least to have queued messages delivered. I

Re: Gateway Server queues too many mails

On 27/2/2014 5:36 μμ, lst_ho...@kwsoft.de wrote: You should use a process limit matching the number of amavisd processes to not feed it with too much concurrent smtp connections. Have a look how smtp-amavis is setup in master.cf, if there is no limit set the default (100) applies. This *could*

Re: Gateway Server queues too many mails

Zitat von Nikolaos Milas : On 27/2/2014 4:40 μμ, Nikolaos Milas wrote: Now that amavis seems to be running correctly, how can I resend immediately those suspended mails? Unfortunately, I am afraid that after I run postqueue -f and messages were moved to the active queue, amavisd again to

Re: Bounce mails manually

On 26 Feb 2014, at 07:24 , Noel Jones wrote: > On 2/26/2014 12:41 AM, Andreas Schulze wrote: >> >> wietse: >> >>> I don't know what people are asking for: >>> 1 - Bounce all recipients of one specific queue file >>> 2 - Bouncing only specific recipients >> >> option 1 (for me) >> >> in cas

Re: Gateway Server queues too many mails

On 27/2/2014 4:40 μμ, Nikolaos Milas wrote: Now that amavis seems to be running correctly, how can I resend immediately those suspended mails? Unfortunately, I am afraid that after I run postqueue -f and messages were moved to the active queue, amavisd again topped CPU at 100% and postfix s

Re: Gateway Server queues too many mails

Nikolaos Milas: > Yet, I now have 2120 suspended messages; when running: postqueue -p > those entries are indicated as: > > "(delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: > Connection refused)" > > (10024 is an amavisd port) > > Now that amavis seems to be running cor

Re: Gateway Server queues too many mails

On 27/2/2014 4:10 μμ, Wietse Venema wrote: All MASTER daemon logging is suspect. All ERROR logging is suspect. All FATAL logging is suspect. All PANIC logging is suspect. Please show all master/error/fatal/panic logging. I had no such log entries (only warnings). I found that amavisd was

Re: Gateway Server queues too many mails

Nikolaos Milas: > Thanks Wietse, > > I am following on this thread, replying to my own sent mail, because > your reply is still in the queue... (I read it with pfqueue). > > I did not see anything suspicious looking for > errors/fatals/warnings/panics, except perhaps: All MASTER daemon logging

Re: License question

Alessandro Vesely: > Hi, > I found some interesting filtering recipes maintained in Postfix > format, such as http://www.hardwarefreak.com/fqrdns.pcre.txt > > Since I'm not running Postfix, I think I need to roll my own filter in > order to run those recipes. At a first glance, smtpd_check.c and

Re: Gateway Server queues too many mails

Thanks Wietse, I am following on this thread, replying to my own sent mail, because your reply is still in the queue... (I read it with pfqueue). I did not see anything suspicious looking for errors/fatals/warnings/panics, except perhaps: Feb 27 05:27:02 mailgw1 postfix/postscreen[16639]: w

Re: Gateway Server queues too many mails

Nikolaos Milas: > Hello, > > I am running Postfix 2.9.4 (for more than a year now) on CentOS 6.5 > x86_64 as a gateway server with postscreen, amavis, spamassassin. The > server receives mail from the Internet and forwards (relays) clean mail > to the final internal mail server (also running po

Gateway Server queues too many mails

Hello, I am running Postfix 2.9.4 (for more than a year now) on CentOS 6.5 x86_64 as a gateway server with postscreen, amavis, spamassassin. The server receives mail from the Internet and forwards (relays) clean mail to the final internal mail server (also running postfix). Today, I am facin

License question

Hi, I found some interesting filtering recipes maintained in Postfix format, such as http://www.hardwarefreak.com/fqrdns.pcre.txt Since I'm not running Postfix, I think I need to roll my own filter in order to run those recipes. At a first glance, smtpd_check.c and dict_pcre.c look like good star

Re: Log the HELO/EHLO name?

Philip Prindeville wrote: > This is trivial to do with MIMEDefang. Thanks for all the help, everyone! I've now got something like 15 ways of doing this :) I'll see which of these I'm most comfortable with. Regards Eivind Olsen