Re: PCI Compliance

2010-03-18 Thread Barney Desmond
On 18 March 2010 23:59, J. Roeleveld wrote: > Does this mean that the service-desk of companies are not compliant either? Hehe, in a way. Social engineering is thankfully(?) outside the scope of PCI-DSS compliance. > 1) Check in phonebook for number of VISA credit card service desk > 2) Call lis

Re: PCI Compliance

2010-03-18 Thread Barney Desmond
On 18 March 2010 21:57, Jonathan Tripathy wrote: > Any ideas on how to set up an "SMTP Proxy Server" to attain PCI Compliance? > I literally need postfix to just pass through mail to our ISP's smtp server. > We would then set outlook to use this local smtp proxy server. I work for a hosting compa

Re: 2.7 RPM

2010-02-23 Thread Barney Desmond
On 23 February 2010 19:34, Eero Volotinen wrote: > 2010/2/23 ram : >> All the files which I used for my compile are here >> >> https://ecm.netcore.co.in/tmp/postfix-2.7.0.rpmfiles.tgz >> >> You may want to hash-off the dotname patch which I use on my machines >> >> Of course take care of the usual

Re: postmap -q return code not very clear when using 'catch all' with smtp_generic_maps

2010-02-19 Thread Barney Desmond
On 20 February 2010 01:40, Geert Lorang wrote: > glorang:~# cat /etc/postfix/generic > @mydomain.be  accep...@relayhost.other.domain > > Now try to lookup someth...@mydomain.be: > > glorang:~# postmap -q someth...@mydomain.be /etc/postfix/generic > glorang:~# echo $? > 1 > > So no output (no match

Re: Exceptions to reject_invalid_hostname ?

2010-02-17 Thread Barney Desmond
On 17 February 2010 20:07, Frank Bonnet wrote: > smtpd_recipient_restrictions = >   reject_invalid_hostname, >   reject_non_fqdn_sender, >   reject_unknown_sender_domain, >   reject_unknown_recipient_domain, >   reject_unauth_pipelining, >   permit_mynetworks, >   reject_unauth_destination, >   re

Re: If I don't want to queue emails, which value I've to give to default_transport?

2010-02-15 Thread Barney Desmond
On 15 February 2010 21:25, Michele Carandente wrote: > Hi to everybody. > I'm queuing all the emails to be sent. > So the option that is doing it is: default_transport = smtp > > I would like to have the option to send directly emails, without queue. > So I was thinking to write something like: >

Re: Postfix - Timeout While Sending End of Data (slightly OT)

2010-02-15 Thread Barney Desmond
On 15 February 2010 18:41, Stan Hoeppner wrote: > I can't get to it without entering a CC and starting a 30 day trial.  The > "bottom" of the page is white space.  I see no options anywhere on the page to > get at the info without signing up.  This is kinda by design isn't it?  No > pay, > no pla

Re: Problems getting Gmail to use my SMTP server rather than theirs

2010-02-11 Thread Barney Desmond
On 11 February 2010 11:54, Rob Tanner wrote: > The problem is the log files are rather large (a quarter million lines since > the 4 am roll this morning, and there are lots of google entries.  In other > words I've already spent time just trying to find the entries.  Any idea > about particular ke

Re: Postfix and Exchange

2010-02-04 Thread Barney Desmond
On 4 February 2010 22:46, Jacopo Cappelli wrote: > main.cf > smtp_sasl_auth_enable = yes > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd > smtp_sasl_security_options = > relayhost = 192.168.0.10 > > sasl_password > 192.168.0.10       u...@domain.org:mypassword > > But not work. > said: 4

Re: Address rewriting problem

2010-02-04 Thread Barney Desmond
On 4 February 2010 21:29, Guy wrote: > On 4 February 2010 10:12, Barney Desmond wrote: >> Can you post the output of `postconf -n`? I suspect domain1.org is >> meant to be listed in your $mydestination, but isn't (there's plenty >> of possible causes for this pro

Re: Postfix and Exchange

2010-02-04 Thread Barney Desmond
On 4 February 2010 21:10, Jacopo Cappelli wrote: > I have three postfix as relay server on the dmz, and one exchange into > the inside that collect and distribute the mail... > We need to activate the smtp authentication on Exchange, but if we do > this the relay cannot send the mail to the exchan

Re: How to setup postfix to put the queued emails in hold (and not in deferred)

2010-02-04 Thread Barney Desmond
On 4 February 2010 20:40, Michele Carandente wrote: > Hi to everybody. > I've setup postfix to queue all the outgoing emails. > Basically I've add in master.cf this line: > hold      unix  -       -       n       -       -       smtp > > And in main.cf I've wrote: > defer_transports = hold > defau

Re: Address rewriting problem

2010-02-04 Thread Barney Desmond
On 4 February 2010 20:23, Guy wrote: > The problem I get is that when sending to t...@lists.domain2.net I get > this bounce message: > : mail for domain1.org loops back to > myself Can you post the output of `postconf -n`? I suspect domain1.org is meant to be listed in your $mydestination, but i

Re: a little bit of help with aliases

2010-01-15 Thread Barney Desmond
2010/1/15 : > Postconf -n output > > mydestination = localhost.$mydomain, localhost > mydomain = domain.tld > myhostname = mail.domain.tld > mynetworks = 127.0.0.0/8 172.16.1.0/16 > virtual_alias_maps = > proxy:mysql:$config_directory/mysql/mysql_virtual_alias_maps.cf > virtual_gid_maps = static:

Re: reject_authenticated_sender_login_mismatch

2010-01-11 Thread Barney Desmond
2010/1/11 Michael : > As follows > > smtpd_recipient_restrictions = > ... >        check_recipient_access hash:/etc/postfix/access, >        permit_mynetworks, >    reject_authenticated_sender_login_mismatch > mysql:/etc/postfix/mysql-sender-access.cf >        reject_unauth_destination > ... > RECE

Re: Huge active queue and system idle, not delivering

2010-01-07 Thread Barney Desmond
2010/1/8 Patrick Chemla > Incoming messages are entering very fast (500 smtp processes declared) and > the active queue is actually of 2 millions messages waiting for delivery. > > here is my main.cf file: That's some very thorough information, you've provided plenty of context and clear descrip

Re: certificate error

2010-01-07 Thread Barney Desmond
2010/1/8 Davy Leon : > I'm getting this message in my /var/log/maillog everytime postfix delivers a > message. The message is delivered, but it logs this message. How can I solve > this? > > Jan  6 18:17:25 centrino postfix/smtp[3699]: certificate verification failed > for smarthost.example.com: nu

Re: How to ensure that either FROM or TO is local

2010-01-03 Thread Barney Desmond
Questions similar to yours come up fairly often, I'm not sure why noone's jumped in yet with a rough solution that will do what you want. What you've mentioned you want: > How do I ensure that my mail server can only send mails either to or > from mydomains? Consider that there are three situatio

Re: multi pronged upgrade/migration

2010-01-01 Thread Barney Desmond
I should warn beforehand that I'm probably not giving this as much consideration as would be ideal - that'd mean breaking out a pen and paper to collect my thoughts, which is a tough effort at this time of year :) 2010/1/1 Stan Hoeppner : > What I want to do is: > > 1.  Switch Postfix from relay m

Re: Tweak Postfix so that it will resend emails after the initial 451 response

2009-11-22 Thread Barney Desmond
2009/11/23 jan gestre : > I have a Postfix server behind a gateway firewall that does content > filtering (SpamD on pfSense) and greylisting and we have an > application server that uses Postfix as its MTA, the problem is after > the initial 451 response the latter quits and send an Undeliverable >

Re: Time a message is queued until a warning email is sent

2009-11-21 Thread Barney Desmond
2009/11/22 Russell Jones : > I know that maximal_queue_lifetime is the time a message is queued before it > is sent back as undeliverable, however what is the configuration option for > how long a message is attempted to be delivered, before a warning message is > sent to the original sender saying

Re: Relayhost to multiple hosts

2009-11-18 Thread Barney Desmond
2009/11/19 Dhiraj Chatpar : > I believe there is an option within postfix too to achieve this? I'm fairly sure there's not. If you don't like the idea of using iptables, the alternative would be a customised DNS entry for your relayhost. Create a "virtual" relayhost A-record (eg. relayhost.mydoma

Re: ERROR in tcp protocol

2009-11-16 Thread Barney Desmond
I get the impression everyone's barking up the wrong tree. Not surprising, given that the tcp table type is documented thusly: "This protocol is not available in the stable Postfix release". 2009/11/17 Dhiraj Chatpar : > I using Centos now.. and this is the output > > [r...@lsdinkindia ~]# postcon

Re: Problem with recipient verification

2009-11-15 Thread Barney Desmond
2009/11/15 Jeremy Bowen : >>> I'm running Postfix v2.5.6 which I compiled myself from unmodified >>> sources. (postconf -d appended below) I don't seem to have the original for this, perhaps the thread got broken somewhere, but gmail shouldn't have lost it. Anyway, you need to post the output of `

Re: Mail sending problem.

2009-11-13 Thread Barney Desmond
2009/11/13 Manoj Burande : >   Here I just wanted to explain you that what exactly I am trying to do is, > > 1] I am trying to configure postfix mail server that can only send mails. > It receives no mail from the network. > > 2] The MX records tell the world which server will accept inbound mail f

Re: Mail sending problem.

2009-11-13 Thread Barney Desmond
2009/11/13 Manoj Burande : > presently used parameters in "main.cf" configuration file is as > follows: No, please show the output of `postconf -n` when describing your configuration. The contents of main.cf is less useful as it doesn't accurately describe the configuration Postfix is using. >  

Re: Test e-mailservice

2009-11-11 Thread Barney Desmond
2009/11/11 Martijn de Munnik : > remote host. Does anybody use a check which checks the complete mail loop? > I was thinking of sending a mail from a remote host (with webmin) to a test > mail account and see if I can download the mail with imap and then with pop > which removes the mail. The test

Re: SMTP-AUTH *without* SASL/PAM?

2009-10-29 Thread Barney Desmond
2009/10/30 Seth Mattinen : > Keith Palmer wrote: >> OK, thanks... but that doesn't answer my question. >> Is it possible to configure Postfix for SMTP-AUTH *without* using SASL/PAM? >> >> I'd like to *not run SASL at all* rather than have it do the lookups. >> > > Use the dovecot auth met

Re: Rate limits on mynetworks Hosts

2009-10-19 Thread Barney Desmond
2009/10/19 Craig Watson : > I have some hosts in mynetworks.  They cannot handle authentication but I > want to apply the rate limits to them too.  Is there anyway I can allow them > to relay but apply the rate limits to them?  Below is my current config. I believe the correct way is to use a poli

Re: SASL fine from iPhone, not from Nokia?

2009-10-13 Thread Barney Desmond
2009/10/14 Eero Volotinen : > Because of: > > smtpd_tls_auth_only (default: no) > When TLS encryption is optional in the Postfix SMTP server, do not announce > or accept SASL authentication over unencrypted connections. > > This feature is available in Postfix 2.2 and later. > > you need to use ope

Re: Increasing logging on queue messages

2009-10-09 Thread Barney Desmond
2009/10/10 MySQL Student : >> Unfortunately, you deleted lots of useful information from the >> logging, including the break-down of handshake delays and of >> transmission delays. > > I wasn't sure that I should post the whole queued message here. The logs for a single message are usually about h

Re: NOQUEUE: reject: RCPT from unknown

2009-10-02 Thread Barney Desmond
2009/10/3 Jon L. Miller : >  NOQUEUE: reject: RCPT from unknown[203.153.242.20]: 450 4.1.1 cp.org.au>: Recipient address rejected: User unknown in local recipient > table; from= to= @pcp.org.au> proto=ESMTP helo= > > As I happen to know the users at pcp.org.au the user yvonne does not have > an ad

Re: Postfix Mail Queue Monitor

2009-09-29 Thread Barney Desmond
2009/9/30 Scott Miller : > In case anyone is interested, I've attached a working Postfix Mail Queue > Monitor for nagios - It's working for me as is, but if anyone has any > suggested modifications I'd be glad to look at them. We do something like this where I work, a mailqueue-size check for nagi

Re: smtp client and aliased addresses

2009-09-29 Thread Barney Desmond
2009/9/30 Postfix User : > I've since implemented an iptables SNAT rule as a temporary workaround > as I really needed this working this morning. I doubt this will > interfere with the verbose logging output. What exactly is it I should > be looking for? Can you show us some proof that it's not w

Re: Semi-OT: recipient delimiter spec/std?

2009-09-25 Thread Barney Desmond
2009/9/26 Erick Calder : > oh, I think i get it.  if server A is just relaying to server B, it will get > e/j...@arix.com and hand e+j...@arix.com to B.  I'm not sure I understand > how that would break the mail (since e+j...@arix.com) is valid and will > still be received.  of course, if B is conf

Re: Choose transport from sender domain?

2009-09-15 Thread Barney Desmond
2009/9/15 Brice Figureau : > I know how to define a transport to do that, but the next-hop is chosen > by looking-up the destination domain (which makes perfectly sense) and > not the source domain. > > How is it possible to chose the transport from the source domain? > Is multi-instance my only ch

Re: Sub-domain Alias Assistance

2009-09-03 Thread Barney Desmond
2009/9/3 Henri Shustak : > However, I am now concerned that I have made some mistakes with regards the > setup of the postfix configuration. > > I updated the system (with apt-get) and I guess this updated the version of > postfix I was running. I figured everything was running correctly. However,

Re: Any C api to access Postfix programmatically?

2009-08-25 Thread Barney Desmond
2009/8/26 Δημήτριος Καραπιπέρης : > > Users source could be ldap or mysql, not a hash file. > In essence, I need to employ the local_recipient_map property, which holds > all the valid recipients > of the particular Postfix instance. You can use postmap -q to make such queries, ldap or mysql works

Re: Clearing Spam Folders

2009-08-24 Thread Barney Desmond
2009/8/24 Justin C. Le Grice : > I am new to the world of postfix. I have managed to successfully implement > Postfix etc using workaround.org's excellent guide. > > My current item on the wish list is how to sweep items from the users Spam > folders after a defined number of days. This is the Pos

Re: real-world issues with smtpd_tls_ask_ccert?

2009-08-20 Thread Barney Desmond
2009/8/21 Florin Andrei : > I'm setting up SASL with TLS for remote clients. As an additional security > measure, I would like the server to ask the email clients to present their > client certificates. According to the docs, this is accomplished with: > > smtpd_tls_ask_ccert = yes If you intend t

Re: Email Bounce Question

2009-08-19 Thread Barney Desmond
2009/8/19 Sean C. : > Is it possible in postfix to set an account to never generate bounce back > messages or to send them all to a email account rather than to the > originating user?  I have an account where users email in and it maps via > aliases to another email address.  When there is a issue

Re: mailbox_size_limit and Maildir

2009-08-19 Thread Barney Desmond
2009/8/19 Martijn de Munnik : > What is the use of mailbox_size_limit when mail is delivered to > Maildirs? > > I have mailbox_size_limit > message_size_limit but I think I can safely > change it to 0? Correct - when delivering to maildir, it can only govern the maximum message size, which is hand

Re: Content checking - bulk emails

2009-08-18 Thread Barney Desmond
2009/8/18 Jaroslaw Grzabel : > > I'm wondering is there any way to configure postfix, to check content of > messages which contains ... let say more than 10 recipients, scan those > and check contents in looking for un.sub.scribe link (or particular words) > and if found pass messages if not block

Re: postfix performance

2009-08-17 Thread Barney Desmond
2009/8/18 Evan Platt : > At 10:30 AM 8/17/2009, you wrote: >> I just make the test and the performance was not good. Outgoing 1K email >> was around 568 seconds. >> >> Any insight is appreciated. > > Although this will likely be out of my area of being able to help you, > someone else here probably

Re: Proper way to add LDAP support to an existing Postfix installation

2009-08-17 Thread Barney Desmond
2009/8/17 Yeray Gutiérrez Cedrés : > I'm running Postfix 2.3.8 in a Debian GNU/Linux 4.0 (Etch) box. I want > it to support LDAP but I don't know what would happen if I install the > postfix-ldap package via apt-get because of this: > > # apt-get install --just-print postfix-ldap > Reading package

Re: about Maildrop error message "user unknown"

2009-08-17 Thread Barney Desmond
2009/8/17 ZhenDong,Xu : > I have installed postfix 2.6 + cyrus-sasl2 + maildrop2.1.0 + mysql5.0.83 + > apache22 + extmail1.1.0 > When i send mail to myself,i can't received.and  become the maillog. > I send mail to gmail.com, Gmail can received. > > I have no idea about the log ,someone can help me

Re: SSL_accept error

2009-08-14 Thread Barney Desmond
2009/8/14 Ebbe Hjorth : > No more hints? :-( Do you still have a problem? You said, "Ahh, now we are talkin", which sounds like you were successful. Patrick's docs (http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html) are great, but I think they're a little misleadi

Re: filtering mail from outside with dynamic address

2009-08-12 Thread Barney Desmond
2009/8/12 Florin Andrei : Is there a way to bind the listener to an interface using the interface name (eth5:smtp) instead of the IP (1.2.3.4:smtp)? >> >> No. The bind(2) system call specifies an address. Not an interface, >> and not the route. Connections with source address of X are not

Re: postfix and header_checks problem.

2009-08-12 Thread Barney Desmond
2009/8/12 : > Hi all! > > I expierence problem with building regexp rules in header_checks. All I need > is to reject email coming from addre...@domain1.com to addre...@domain2.com. > How can I issue such excact rule? It's not possible with header_checks. header_checks works on each header indepe

Re: forwarding mail for a complete virtual domain to another mailserver?

2009-07-30 Thread Barney Desmond
2009/7/31 Maróy Ákos : >> I'm pretty sure you leave it in, Postfix has to know it's meant to >> handle the domain, which means either being "local", "relay" or >> "virtual" (two types). >> http://www.postfix.org/ADDRESS_CLASS_README.html > > ok, so I have my example.com in my vdomains file, and I h

Re: forwarding mail for a complete virtual domain to another mailserver?

2009-07-30 Thread Barney Desmond
2009/7/30 Maróy Ákos : > thanks for the info. so, I create a /etc/postfix/transport file, with say > the following line: > > example.com    smtp:newmachine.example.com:25 The right-hand side of the transport file should have square brackets around the hostname. By default, Postfix would attempt to

Re: Using multiple instance, does it make sense?

2009-07-30 Thread Barney Desmond
2009/7/30 Christian Wittwer : > I'm trying to setup a postfix enviroment to relay about 200k mails per hour. > The hardware and the network link will be well dimensioned, so I like > to talk about the configuration part of this setup. > There are several options to tune in postfix, like timouts and

Re: Directory Harvest

2009-07-30 Thread Barney Desmond
> Apart from the IPTables a more autonomous fix could be done with the > (improper ?) use of Anvil. Any more than X connections in a couple of > minutes and goodnight sweetheart. This is generally strongly advised against. anvil is a DoS-protection mechanism, not a rate-limit tool - it exists to h

Re: Disabling SSLv2 on Postfox 2.5.1

2009-07-24 Thread Barney Desmond
2009/7/24 Jake Vickers : > I ma having a spot of trouble disabling SSLv2 on a Postfix 2.5.1 > installation (from Fedora 9 repo). Here is my postconf: > $ postconf -n > smtpd_tls_mandatory_protocols = !SSLv2 As documented, this shouldn't be necessary: http://www.postfix.org/postconf.5.html#smtpd_

Re: Aliases

2009-07-23 Thread Barney Desmond
2009/7/24 Postfix : > I have an alias setup > testalias:    ema...@mydomain.com, ema...@mydomain.com > > I also use virtual mappings, so I have a line like this: > someem...@mydomain.com testalias That sounds about right. > However, when I email someem...@mydomain.com, it gets bounced back as: >

Re: Many SQL Lookups on outbounding mails

2009-07-23 Thread Barney Desmond
2009/7/23 Clunk Werclick : > That is a comfort to know. My main concern was this hammering was not > optimal, but it is welcome to make as many queries as it likes if it > does not crash the database server. Perhaps Postgresql would be a bit > more manly ? but slower ? Realistically you shouldn't

Re: Many SQL Lookups on outbounding mails

2009-07-22 Thread Barney Desmond
2009/7/23 Clunk Werclick : > On Wed, 2009-07-22 at 11:04 -0500, Noel Jones wrote: >> Clunk Werclick wrote: >> > I think perhaps 4-12 queries per message is not optimal? >> > If server handle 50,000 a day X 12 that is quite a lot? I don't think >> > it is going to get may fields returned for .co.uk

Re: Many SQL Lookups on outbounding mails

2009-07-22 Thread Barney Desmond
2009/7/22 Clunk Werclick : > What I am not understanding is this is my list: > > debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps > > I don't understand which 'table type' is in charge of virtual and relay. > It is perhaps not very c

Re: TLS library problems

2009-07-11 Thread Barney Desmond
2009/7/11 Wietse Venema : >> system.log:Jul 10 00:07:57 trex postfix/smtpd[45598]: warning: TLS >> library problem: 45598:error:140760FC:SSL >> routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:571: > > This is openssl's way of saying that the client sent garbage. To expand on that, I im

Re: Logging sender recipient pairs

2009-07-08 Thread Barney Desmond
2009/7/9 Chris Turan : > The idea is to count the number of envelope recipients to determine who's > sending to lots of people.  If someone goes over 500 per day, flag them as > suspicious and alert me. > > Postfix already logs part of this in syslog but the recipient list is > truncated or split u

Re: Strategies to Prevent Abuse in Bulk-Mailing?

2009-07-08 Thread Barney Desmond
2009/7/9 Ignacio Garcia : > can trigger undesired actions. People sometimes have poorly designed web > pages with a not-too good php emailing code. Practically guaranteed :) > For instance. I'd like to find a way (maybe through some header checks > in outgoing email) so if it detects a large amou

Re: Rerouting mail in queue to another SMTP

2009-07-08 Thread Barney Desmond
2009/7/9 Frank DeChellis : > We have a new postfix install (v 2.5.6) that we are trying to get going. > > My problem is ...  I setup that server to be our gateway in our DNS so the > address has propagated when I needed it.  But I left it on with the postfix > running for a few hours. > > So now I

Re: Recommended way to (quickly) get total mail queue size?

2009-07-07 Thread Barney Desmond
2009/7/8 Wietse Venema : > It's a time limit.  After $daemon_timeout (default: 18000s, or 5 > hours) the mailq/postqueue queue listing will be aborted. Alas, that won't save us. For monitoring purposes, you'd be checking queue size every 5 *minutes* or so. And if our customers are anything to go b

Re: Recommended way to (quickly) get total mail queue size?

2009-07-07 Thread Barney Desmond
2009/7/8 Stuart Matthews : > I just use: > mailq|grep Requests Except that this method was expressly *not* desired because it's so slow... (nb: mailq is a sendmail-compat feature that calls postqueue) I'll be taking home some of these nice improvements, though. :)

Re: What is a "client"? A single IP address? What about NAT?

2009-07-06 Thread Barney Desmond
2009/7/6 : > In the smtpd_client_* section of postconf(5) the word "client" is used > frequently.  What does a single "client" entail?  If multiple users are > behind a NAT box do they all apear to be a single "client"? A NAT, as commonly used in SoHo environments for masquerading/Source-NAT, eff

Re: local users: /etc/passwd vs ldap

2009-07-05 Thread Barney Desmond
2009/7/5 paul sorenson : > Logs and more background can be found at: > http://metrak.com/tmp/postfix-local.txt It's generally advisable to include this information in your email - for the sake of the archives, but it removes the external dependency. The level of detail on your linked page is good,

Re: How to backhole mail?

2009-07-04 Thread Barney Desmond
2009/7/4 Srdan Dukic : > For one of my projects I'm setting up a server to test the total > number of SMTP connections that our postfix server can handle. I am > trying to isolate the first part of the smtp server transaction up to > the recipient server receiving the message i.e. the end of the sm

Re: smarthost issue

2009-07-04 Thread Barney Desmond
2009/7/4 Ing. Davy Leon : > I deliver all my outgoing email to an smarthost. > This smarthost is sender dependant password protected. How can postfix make > the delivery? Postfix can use Cyrus SASL to perform SMTP client auth. > I think, every time posrfix open a SMTP session with the smarthost a

Re: RES: RES: single domain - multiple smtp relayhosts

2009-07-03 Thread Barney Desmond
2009/7/4 Wilson A. Galafassi Jr. : > I use Linux. How i can configure dns for this setup? In the Servers i have > to configure the same hostname? And the reverse dns same too in all the > machines i want to user as load balancing? Please don't top-post, put your responses in-line with the parts yo

Re: MTA or SMTP proxy?

2009-07-03 Thread Barney Desmond
2009/7/3 Gábor Lénárt : >> SMTP is a store-and-forward protocol, it does require queues. You cannot >> simply wave aside this requirement. > > I think, protocol itself is just the communication between MTAs (it does not > store anything itself, MTAs which uses the SMTP can/must store things while >

Re: MTA or SMTP proxy?

2009-07-03 Thread Barney Desmond
2009/7/3 Gábor Lénárt : > Hei, > > Recently I am thinking of reimplementing our MX servers. Of course rcpt > check is a must, also I should not generate NDRs later, I should only accept Huh? This is all very standard behaviour for an MTA. Recipient checking is a very common task for most Postfix

Re: Send to relay?

2009-06-27 Thread Barney Desmond
2009/6/27 Ville Walveranta : > Is it possible for Postfix to relay mail through another SMTP server? > In other words: > > [sender client] -LAN-> [Postfix SMTP] -slow-> [some other SMTP] -> > [recipient's SMTP] -> [recipient's client] What you describe sounds exactly like a relayhost, no? A pretty

Re: Postfix Logfile

2009-06-25 Thread Barney Desmond
2009/6/26 Schwalbe, Oliver : > i have a little problem to change time of logswitch for the postfix-logfile > mail in /var/log/. > the logswitch yet is every day at 11:00 am. The switch should take place at > midnight. > i can't find any parameter in main.cf or master.cf If I'm understanding you co

Re: matching IP ranges in headers

2009-06-25 Thread Barney Desmond
2009/6/25 Louis-David Mitterrand : >        /^((Received|X-Originating-IP):.+\b(124\.120\.1\.( REGEX>)\b/ > > in pcre:/etc/postfix/header_access. But converting IP ranges to regex'es > is time consuming and error prone. > > Is there a way to use a cidr table for header matching while retaining > co

Re: Tip: Restricting mail reception using a remote service's SPF records

2009-06-25 Thread Barney Desmond
> The following is "concept"; I don't have the script yet ready, but > it'll be easy to write with your favorite scripting language: > > --- > 1. get your remote sender's current SPF record: > > dig yourremotesender.com txt  > tempfile > > 2. parse the result in tempfile with regex: > > /.*?ANS

Re: Need a resolution to a weird error

2009-06-24 Thread Barney Desmond
2009/6/24 Evan Platt : > At 08:54 PM 6/23/2009, you wrote: >> >> Looks as if postifx will not send to mailbox >> which has close to 50M in the mailbox. > > http://www.postfix.org/postconf.5.html > > mailbox_size_limit (default: 5120) > > The maximal size of any

Re: A few postfix issues - LDAP / anvil and sasl?

2009-06-22 Thread Barney Desmond
2009/6/22 Evan Platt : > > make -f Makefile.init makefiles 'PREFIX=/etc/postfix ' 'CCARGS=-DUSE_TLS > -I/sw/include/sasl -DUSE_SASL_AUTH -DUSE_CYRUS_SASL ' > 'AUXLIBS=-L/opt/local/lib -lsasl2 -lssl -lcrypto' > 'CCARGS='-I/usr/local/include -DHAS_LDAP' AUXLIBS='-L/usr/local/lib -lldap > -L/usr/l

Re: Postfix email firewall/gateway with two internal smarthosts

2009-06-22 Thread Barney Desmond
2009/6/23 : > Do we have any other option ? I'd like to keep our current configuration > without installing bind for just this purpose. Based on my understanding, there's no better way then letting DNS round-robin handle it. I fully expect someone to say "installing bind is easy anyway" (I can't

Re: Multiple relay_hosts

2009-06-20 Thread Barney Desmond
2009/6/20 Cory Hawkless : > In my configuration postfix receives all mail, scans and passes to back end > mail server, but I'd like to be able to send to multiple back end mail > servers either in round robin or fail over etc. How does mail currently get from postfix to the backends? The usual way

Re: /var/mail

2009-06-19 Thread Barney Desmond
2009/6/20 mouss : >> 1 - Why this files are being generated > > it's your "adduser" command. This is not postfix related. > >> 2 - Can I delete them > > Probably, unless something relies on. I would just leave them. > >> 3 - How can I prevent future new users from having files generated in >> this

Re: Limitations of setting mydestination with virtual domains

2009-06-16 Thread Barney Desmond
2009/6/17 Tim Legg : > > Jun 16 17:54:40 genex postfix/smtpd[1665]: NOQUEUE: reject: RCPT from > web38701.mail.mud.yahoo.com[209.191.125.77]: 550 5.1.1 : > Recipient address rejected: User unknown in virtual alias table; > from= to= proto=SMTP > helo= Unless I'm mistaken, l...@example1.com is

Re: Limitations of setting mydestination with virtual domains

2009-06-16 Thread Barney Desmond
2009/6/17 Tim Legg : > > Okay, I made the changes people have suggested, but it still doesn't work. > > Recipient address rejected: User unknown in virtual alias table > > Below are the files which I believe are relevant. The first two are good, but post the output of `postconf -n` instead of main

Re: backup mx and with header checks

2009-06-15 Thread Barney Desmond
2009/6/16 Terry L. Inzauro : > I like the idea of verifying addresses, but this stuck out. > > > > > WARNING > > The sender/recipient address verification feature described in this document > is suitable only for low-traffic sites. It > performs poorly under high load; excessive sender address ve

Re: customizing postfix logs with a mailing id

2009-06-15 Thread Barney Desmond
2009/6/15 Stéphane MERLE : > Can I, at least, add the from in the logs ? > > Jun 15 11:59:01 smtp postfix/smtp[3061]: 683EB37AECA3: > to=, relay=mx1.hotmail.com[65.55.92.136]:25, > conn_use=91, delay=401662, delays=401197/464/0.13/0.32, dsn=2.0.0, > status=sent (250  <20090610182440.0a14a3776...@sm

Re: Message with 300,000+ recips via alias_maps

2009-06-13 Thread Barney Desmond
2009/6/13 Wietse Venema : > One final input: be sure to give each alias an owner-alias so that > Postfix will store the result of alias expansion in new queue > files. > > Otherwise, the result of expansion will not be stored. After failure > of delivery to one local recipient in the expansion, the

Re: what is the meaning???

2009-06-11 Thread Barney Desmond
009/6/10 Truth Seeker : > now to do flushing for a particular domain, i am trying to configure fast > flush service. in the documentation i found the following line, which i am > confused. > > could anyone explain this further > > As mentioned in the introduction, the mail is delivered by connect

Re: How is it: mynetworks = 127.0.0.0/8 yet local network users are able to send.

2009-06-03 Thread Barney Desmond
2009/6/3 Sthu Pous : > Interesting to note, but on > > postconf -d > > I see mynetworks = 127.0.0.0/8 v.x.y.z/25 192.168.0.0/24 That's well and good, but -d is for defaults, don't use it to make judgements. All that matters is what you see here and now with `postconf -n`, which you haven't shown

Re: Header V3 DSA signature: NOKEY

2009-06-02 Thread Barney Desmond
2009/6/2 Kaj Niemi : > > Please consider compiling and building packages as a non-privileged user > rather than as root. It will save you a lot of headache especially if > something unexpected happens (install script screws up on directory where > it's supposed to install). Using another directory

Re: Header V3 DSA signature: NOKEY

2009-06-01 Thread Barney Desmond
2009/6/2 Just E. Mail : > - > [r...@rs1 Desktop]# rpm -Uvh postfix-2.6.1-1.src.rpm > > warning: postfix-2.6.1-1.src.rpm: Header V3 DSA signature: NOKEY, key ID > e9198f3d > error: cannot create %sourcedir /usr/src/redhat/SOURCES > - > > In the past few days, I have downloade

Re: Postfix with PostgreSQL

2009-05-31 Thread Barney Desmond
2009/6/1 Just E. Mail : > I installed postfix-2.6.1 (SRPM from Simon Mudd's web site) on a freshly > installed LINUX CentOS 5.3 machine. I followed Roger Mudd's Instructions > (see http://postfix.wl0.org/en/building-rpms/). Subsequently,I build a local > RPM by following these instructions. I did i

Re: domain-in-a-box statistics (was myhostname etc.)

2009-05-29 Thread Barney Desmond
2009/5/30 Res : >> If example.com has A records, and www.example.com has A records, >> they often, but not always, have the same A records. > > In the hosting world this is very common, how many of those plesk boxes out > there with A,www-A and mail-A/MX point to same IP, tens of thousands > yieldi

Re: Disabling a domain

2009-05-29 Thread Barney Desmond
2009/5/30 Eduardo Júnior : > On Thu, May 28, 2009 at 11:15 PM, Sahil Tandon wrote: >> >> What is your definition of 'disable' in this context? > > In my context, disable a domain would be leave it suspended. > Become it inatve. > > I  didn't find out more information about this field in the table

Re: temporary lookup failure

2009-05-29 Thread Barney Desmond
2009/5/29 Jon Harris : > However, I have tried putting "proxy:" in front of my mysql maps and it > stopped it being able to receive email. Presumably, I need to enable > proxymap to get proxy maps to work. This is something I don't know how > to do. Error logs? My suspicion is that the proxy map

Re: Consistent Entry Stuck in Queue

2009-05-26 Thread Barney Desmond
(I patched the domain to example.org for this posting) 2009/5/27 Carlos Williams : > So today I had another user ask me why he is getting an email stating > the following: > > * > > -Original Message- > From: Content-f

Re: Temporary return code on address lookup error

2009-05-26 Thread Barney Desmond
2009/5/26 Per olof Ljungmark : > May 26 08:13:41 terrapin postfix/smtpd[79633]: NOQUEUE: reject: RCPT > from sender.server[1.2.3.4]: 550 5.1.1 : Recipient > address rejected: User unknown in relay recipient table; > from= to= proto=ESMTP > helo= > > May 26 08:23:06 terrapin postfix/smtpd[79805]: NO

Re: /etc/mailname

2009-05-22 Thread Barney Desmond
2009/5/23 Sébastien WENSKE : > What should contain this file, local or external fqdn ? As stated, it's a Debian customisation. For the record: man 5 mailname: "The file contains only one line describing the fully qualified domain name that the program wishing to get the mail name should use" As

Re: Consistent Entry Stuck in Queue

2009-05-22 Thread Barney Desmond
2009/5/23 John Peach : > Looks worse than that: > > host -t mx server.us > server.us mail is handled by 10 cm1.dnsmadeeasy.com. > > So they're not the primary MX and they're bouncing it. I'm happy to be wrong, but I suspect it's more likely that "server.us" was intended by the OP to obscur

Re: Consistent Entry Stuck in Queue

2009-05-22 Thread Barney Desmond
2009/5/23 Carlos Williams : > Thanks for all the info and I guess I am still worried because the > user who the logs indicate is sending this message is 100% not sending > this. She has been on vacation for the past 2 weeks as no webmail > activity either. I used "postcat -q" to check the message I

Re: OT: Multiple Queues

2009-05-22 Thread Barney Desmond
2009/5/22 Ralf Hildebrandt : >> 2. Rate/Anti DNS control >>       a. If IP X is seen more than 50 times in 30 minutes block it. > > Postfix can do that using anvil I'd just like to add to that; the answer here on the list is almost always, "ANVIL IS NOT FOR DOING THAT" (whatever you think you can

Re: virtual alias mapping does not match postmap query result

2009-05-21 Thread Barney Desmond
2009/5/22 Ken : > Perhaps regexp continues processing > postfix/virtual after the first match and also substitutes based on the > final catch-all rule? Correct, virtual_alias_maps are recursive (out to 1000 iterations by default, I think). http://www.postfix.org/postconf.5.html#virtual_alias_recur

  1   2   >