in an automated email saying, "Your ip addresses are
not blocked." from Comcast. This is a difficult group to interact with.
On Sun, Sep 22, 2024 at 11:27 PM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
> On Sun, Sep 22, 2024 at 07:29:30PM -0500, Gr
Hi There,
We receive over 500 log entries per day from Comcast that look like this:
Sep 18 03:05:07 mail0 r105/smtp[15929]: AE3378857BA: to=,
relay=mx1.comcast.net[96.114.157.80]:25, delay=0.69,
delays=0/0.01/0.6/0.08, dsn=4.1.0, status=deferred (host
mx1.comcast.net[96.114.157.80]
said: 421 4.1.
Someone asked what was being sent. The email is being sent to a
mailbox collector of bounces at the Gmail level. The email contains a
VERP address of the original sender. We perform automated bounce
processing for all email that make it to the bounce address at the
Gmail level. These bounces co
t.
Thanks, Greg
On Sun, Jun 2, 2024 at 7:02 PM Greg Sims wrote:
>
> OK. I found the email in the bounce mailbox at the gmail level. The
> issue seems to be consistent with what we could see from the email
> logs only. The SPF fails because the email is being sent from domain
> m
OK. I found the email in the bounce mailbox at the gmail level. The
issue seems to be consistent with what we could see from the email
logs only. The SPF fails because the email is being sent from domain
mail01.raystedman.org. You tried (Wietse) for some time to control the
"from domain" for thi
On Tue, May 28, 2024 at 8:12 AM Greg Sims wrote:
>
> On Tue, May 28, 2024 at 6:49 AM Wietse Venema via Postfix-users
> wrote:
>
> > In recent experience with my personal porcupine.org email address,
> > they not only want SPF or DKIM, they *also* want a DMARC policy
&g
On Fri, May 31, 2024 at 8:01 AM Wietse Venema via Postfix-users
wrote:
>
> Greg Sims via Postfix-users:
> > I set the following in main.cf
> >
> > mydestination = localhost
> >
> > and received the following in our logs:
> >
> > May 31 0
PM Wietse Venema wrote:
>
> Greg Sims via Postfix-users:
> > On Thu, May 30, 2024 at 12:27?PM Greg Sims wrote:
> > >
> > > I believe I am ready to capture the double-bounce locally.
> > >
> > > This is main.cf:
> > > # 24-05-30 save the bounc
On Thu, May 30, 2024 at 12:27 PM Greg Sims wrote:
>
> I believe I am ready to capture the double-bounce locally.
>
> This is main.cf:
> # 24-05-30 save the bounces locally at bounce-local
> notify_classes = 2bounce, bounce, resource, software
> bounce_notice_rec
On Thu, May 30, 2024 at 7:12 AM Wietse Venema via Postfix-users
wrote:
>
> Greg Sims via Postfix-users:
> > double-bounces which is now unclear -- at least to me. Perhaps you
> > can give me an idea of how to capture just the double-bounces locally.
>
> 1) The postmast
On Wed, May 29, 2024 at 5:49 PM Wietse Venema via Postfix-users
wrote:
> I think it's a bad idea to send your double bounces to a different site.
> The Postfix design really wants to handle them locally.
Thank you Wietse.
I moved to a conservative configuration for tonight including deleting
th
On Wed, May 29, 2024 at 2:52 PM Wietse Venema via Postfix-users
wrote:
> Presumably you have to DKIM or SPF or DMARC for hostname.raystedman.org,
> so any way to get double-bou...@raystedman.org should help.
>
> You have to be careful about mailer loops, though.
>
> Postfix gives special treatmen
>
>
> > main.cf contains:
> >
> > # 24-05-28
> > # email comes from raystedman.org instead of mail0.raystedman.org
> > # note: the mail01 subdomain does not need a SPF record in DNS as a
> result
> > myorigin = raystedman.org
> >
> > I hoped this would allow the message being sent to be
> >
Hello,
We found the following in our email logs this morning. I ran
"collate" and here is the result:
May 29 02:10:04 mail01.raystedman.org postfix/bounce[31220]:
AFC7030537E6: postmaster non-delivery notification: 7A80D32EDB2C
May 29 02:10:04 mail01.raystedman.org postfix/cleanup[31245]:
7A
On Tue, May 28, 2024 at 6:49 AM Wietse Venema via Postfix-users <
postfix-users@postfix.org> wrote:
> In recent experience with my personal porcupine.org email address,
> they not only want SPF or DKIM, they *also* want a DMARC policy
> with p=quarantine or p=reject.
We have run p=reject for year
I do see the "qmgr active" active with the from=<>. I added
mail01.raystedman.org SPF to DNS as a result.
Thanks again, Greg
>
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
> On Mon, May 27, 2024 at 3:40 AM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
> You really should have posted "collate" output, which would have shown
> the envelope sender address in the "qmgr active" log entry. Perhaps
> the actual domain used did not have the expected
On Mon, May 27, 2024 at 3:40 AM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
>
> You really should have posted "collate" output, which would have shown
> the envelope sender address in the "qmgr active" log entry. Perhaps
> the actual domain used did not have the expected
We found the following in our email log:
May 26 00:35:57 mail01.raystedman.org postfix/t124/smtp[39065]:
0A7D630F1C7C: to==
cecytebc.edu...@devotion.raystedman.org>,
relay=aspmx.l.google.com[142.251.2.26]:25,
delay=0.52, delays=0/0/0.21/0.31, dsn=5.7.26, status=bounced (host
aspmx.l.google.com[1
On Thu, May 23, 2024 at 7:07 AM Greg Sims wrote:
>
> Thank you Viktor. All recommended changes have been made. I hope to
> collect useful "collate" data with our next distribution at Noon today
> pacific.
>
Still having problems with the inbound smtpd from our private
Thank you Viktor. All recommended changes have been made. I hope to
collect useful "collate" data with our next distribution at Noon today
pacific.
I hope you have a great day! Greg
> [root@mail01 postfix]# postconf -nf
>
> [root@mail01 postfix]# postconf -Mf
___
> It is assumed that you're not a victim of systemd-journald log mangling.
> It may be dropping some messages, and recording others out of order,
> breaking "collate". On Linux systems where systemd is doing the
> logging, you'll want to have Postfix writing its own log files directly,
> bypassing
> This is perhaps a good time to ask you for your full configuration,
> not just cherry-picked individual settings. Please post the outputs of:
>
> $ postconf -nf
> $ postconf -Mf
>
> with all whitespace (including linebreaks) preserved.
[root@mail01 postfix]# postconf -nf
alias_datab
>
> If the delay is with sending or receiving RSET, then the SMTP client
> log "conversation with XXX timed out". I don't know if that has a
> queue ID logged with that, though. Just grep for 'conversation with'.
[root@mail01 postfix]# journalctl -u postfix.service | grep 'conversation with'
retu
> It is assumed that you're not a victim of systemd-journald log mangling.
> It may be dropping some messages, and recording others out of order,
> breaking "collate". On Linux systems where systemd is doing the
> logging, you'll want to have Postfix writing its own log files directly,
> bypassing
I am having problems with "collate". I greped a 10 minute portion of
our mail.log which created a 6.8M file. I ran "collate" on this file
and collected the output -- a 796M file. I looked at the file and it
seems to be filled with records like the following:
May 22 02:10:00 mail01.raystedman.o
I have data collection homework to do -- and I will be happy to do it!
Config data and "collate" is next after morning meetings.
Here is some summary data by ISP from the logs:
Email Ave Max Conn
Relay SentDelay
Thank you again for your feedback on this issue.
I watched the workload in real time this morning and now have more
insight into what is happening. It appears the large ISPs are using
TLS connection as a way to throttle incoming traffic. I looked at the
inbound mail queue and found most of the t
TLS connection reuse is being used. About 10% of the connections are
reused for large volume ISPs. Small volume ISPs do not see connection
reuse. I believe this is as expected.
I did some testing of our DNS setup. A DNS query using dig is less
than 20 msec for both our primary and secondary dns
TLS connection reuse is being used. About 10% of the connections are
reused for large volume ISPs. Small volume ISPs do not see connection
reuse. I believe this is as expected.
I did some testing of our DNS setup. A DNS query using dig is less
than 20 msec for both our primary and secondary dns
consistent throughout the peak demand period.
Best, Greg
On Tue, May 21, 2024 at 7:12 AM Viktor Dukhovni via Postfix-users
wrote:
>
> On Tue, May 21, 2024 at 06:51:08AM -0500, Greg Sims via Postfix-users wrote:
>
> > Our main.cf contains:
> > smtpd_tls_cert_file =
> &g
TLS connections are being reused about 10% of the time for larger ISPs.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
We have been running without TLS for many years. Some of the ISPs are
beginning to complain about not sending mail using TLS. We enabled
outbound smtp as a result. Postfix receives email only from our
private network -- we do not use inbound smtpd_tls as a result.
Our main.cf contains:
sm
hanks for the feedback! Greg
www.RayStedman.org
Blessings, Greg
www.RayStedman.org
On Sun, Jul 11, 2021 at 7:04 PM Viktor Dukhovni
wrote:
>
> On Sat, Jul 10, 2021 at 07:34:15AM -0700, Greg Sims wrote:
>
> > I am tuning the performance of our mail server.We collect
> > i
I am tuning the performance of our mail server.We collect
information in our logs every 10 seconds including qshape, iostat,
free and mpstat. It seems that the maxproc parameter in master.cf is
important for us as we can see the size of the queues decrease as we
increase maxproc -- as expected
> Simon Wilson
> M: 0400 121 116
>
>
> From: Viktor Dukhovni
> Sent: Monday, 24 May 2021 7:51 am
> To: postfix-users@postfix.org
> Subject: Re: discarding EHLO keywords: CHUNKING
>
> > On Sun, May 23, 2021 at 02:16:24PM -0700, Greg Sims wr
# dnf info postfix
Updating Subscription Management repositories.
Last metadata expiration check: 2:52:06 ago on Sun 23 May 2021 11:07:16 AM PDT.
Installed Packages
Name : postfix
Epoch: 2
Version : 3.5.8
Release : 1.el8
Architecture : x86_64
Size : 4.4 M
Source
Great ideas guys -- Thanks! Greg
www.RayStedman.org
On Mon, Mar 29, 2021 at 7:26 AM Richard James Salts
wrote:
> On Monday, 29 March 2021 9:34:13 AM AEDT Wietse Venema wrote:
> ...
> > Third, look with mtr at the latency pattern. If part of your traffic
> > goes over a satellite, of if it is tu
Hi There,
We have been running Postfix successfully for months now. We sent an
email to two subscriber groups last night. We monitor the number of
emails we send per minute with the following report:
00:30541564601655633498376342
615498
00:40
the issue. I do not believe we need to configure
DNS as the LAN does not exist outside of the Host.
Thanks again victor, Greg
www.RayStedman.org
On Tue, Mar 9, 2021 at 9:57 AM Viktor Dukhovni
wrote:
> On Tue, Mar 09, 2021 at 09:35:35AM -0800, Greg Sims wrote:
>
> > Mar 09 08:
We are receiving the following in our email logs:
Mar 09 08:12:15 mail01.raystedman.org postfix/smtpd[13431]: warning:
hostname mail01.raystedman.org does not resolve to address 192.168.122.12
This warning is in fact true. I believe something is not configured
correctly.
The postfix mail server
> A more targeted approach is to use smtp_delivery_status_filter with
> a regexp that targets that exact error message, and that changes a
> 'hard' reject into a soft one.
> For inspiration to turn hard into soft rejects, see examples at
> http://www.postfixlorg/postconf.5.html#default_delivery_st
We divided our outbound email into two streams: transactional and
bulk. Each of the streams uses different ip addresses. One ip for
transactional email and a randmap group of four ips for bulk email.
The transactional email is sent from domain @raystedman.org. The bulk
email is sent from a subdo
com reliably relay
the message to recipients that do not have an outlook.com domain?
Blessings, Greg
www.RayStedman.org
Blessings, Greg
www.RayStedman.org
On Tue, Sep 8, 2020 at 4:09 PM Wietse Venema wrote:
>
> Greg Sims:
> > I placed the following post from Wietse in our main.c
I placed the following post from Wietse in our main.cf -- let's call
this "mx_access":
# There is a crude way to automatically group messages by destination
# MX hosts, but that works only for the special case that all messages
# have exactly one recipient or all recipients in the same domain.
#
#
irected them to look in their Spam
Folder. I also saw that Microsoft SNDS status went from "yellow" to
"red" for our IP addresses this morning.
Thanks, Greg
www.RayStedman.org
Blessings, Greg
www.RayStedman.org
On Mon, Aug 31, 2020 at 1:24 PM Viktor Dukhovni
wrote:
>
>
Here are the stats from this morning:
* email arrival rate: 1,000/minute
* outlook.com email sent: 7,113
* MaxConnections: 17
MaxConnections increases with the email arrival rate. It is consistent day
to day at a given email arrival rate. We are currently running four
outlook transports o
> I told you to use SENDER_DEPENDENT_DEFAULT_TRANSPORT_MAPS
Things do work much better when using the correct configuration in main.cf.
Thank you Wietse, Greg
www.RayStedman.org
On Sat, Aug 29, 2020 at 6:16 AM Wietse Venema wrote:
>
> Greg Sims:
> > I got the chance to w
I got the chance to work on what you recommended. Thank you Wietse.
main.cf:
# transactional email for the ministry
sender_dependent_relayhost_maps = regexp:/etc/postfix/sender_relay.regexp
sender_relay.regexp:
# email sent from the ministry domain will use the raystedman: smtp
transport and rel
Greg Sims wrote:
>
> I would like to separate our bulk email and transactional email on
> different ip addresses. All of the transactional email will be sent
> to a remote email gateway for delivery. This gateway is authenticated
> by ip address.
>
> It seems that I need
I would like to separate our bulk email and transactional email on
different ip addresses. All of the transactional email will be sent
to a remote email gateway for delivery. This gateway is authenticated
by ip address.
It seems that I need to add an entry to my transport.regexp so all
email for
e have available?
Thanks you, Greg
www.RayStedman.org
Blessings, Greg
www.RayStedman.org
On Sat, Aug 22, 2020 at 1:36 PM Wietse Venema wrote:
>
> Wietse Venema:
> > Greg Sims:
> > > sender_dependent_default_transport_maps = randmap:{r235,r236,r237,r238}
> > >
> >
I have looked at a number of maillogs where we receive the 'exceeded
the maximum number of connections' error from the outlook servers.
The following is very telling. The first nine are reformatted
'status=sent' records followed by a 'status=deferred' from outlook. I
obscured the email address an
We are running with the Connection Cache enabled with the default settings and:
sender_dependent_default_transport_maps = randmap:{r235,r236,r237,r238}
Here are the number of emails we sent on each of the four transports
over a fixed interval of time:
3,363 -- r235
3,398 -- r236
3,349 -
This is a typical 5 minute interval of Connection Cache data:
scache Aug 15 01:49:18 - Aug 15 01:54:18,
domain hits=52 miss=69 success=42%,
address hits=0 miss=117 success=0%,
max simultaneous domains=7 addresses=7 connection=22
The README says: "Connection cache lookups by network
> I suspect the real problem was that hundreds of domains were not
> directed to the low-concurrency 'outlook' transport, and that
> connection count 'overshoot' due to unused cached connections was
> a red herring.
Please recall that I collected 383 email domains into
transport.outlook.regexp. I
> > I changed master.cf to 3 processes for outlook: in hopes of reducing
> > MaxConnections feedback -- I can not go much smaller.
>
> This has been asked before: when Outlook puts you in the penalty
> box and starts ratelimiting your new connections, was that because
> a) you exceeded a limit for
> > I looked for domains that *are not* using the outlook: transport but
> > are using the outlook.com relay servers. There are 383 such domains
> > -- the vast majority are one email address per domain. These domains
> > are competing for the limited number of outlook.com connections and
> > the
> Your real problem is however your IP reputation. If you're sending
> unsolicited email, or you have relay customers sending unsolicited mail,
> then your difficulties delivering it are a desirable feature of
> Microsoft's email service. If you're sending email outlook.com
> customers want, then
The situation with outlook got much worse in our overnight runs. We
transferred 7K subscriber emails to relays ending in outlook.com and
saw the following feedback in our logs:
MaxConnections: 83, Connection: 1386, RateLimited: 6392
where the following regexp is used in our log post-processor:
rg
On Thu, Jul 30, 2020 at 3:52 PM Viktor Dukhovni
wrote:
>
> On Thu, Jul 30, 2020 at 10:58:20AM -0700, Greg Sims wrote:
>
> > We are seeing: "has exceeded the maximum number of connections" in our
> > logs for domains associated with outlook.com. We have a tra
We are seeing: "has exceeded the maximum number of connections" in our
logs for domains associated with outlook.com. We have a transport
named "outlook:" in transport.regexp as follows:
# outlook.com domains
#
/@outlook(\.[a-z]{2,3}){1,2}$/ outlook:
/@hotmail(\.[a-z]{2,3}){1,2}$/ outlook:
/@liv
> What is the best way to configure for the following message from
outlook.com
> in the maillog:
>
> said: 451 4.7.652 The mail server [] has exceeded the
> maximum number of connections.
>
> Please note the email is being created on a VM with .
> The email is then sent to our new mail server v
ort (I agree,
likely no help)
(4) other ideas?
Thanks, Greg
www.RayStedman.org
On Wed, Jul 22, 2020 at 8:37 AM Viktor Dukhovni
wrote:
> On Wed, Jul 22, 2020 at 07:38:52AM -0700, Greg Sims wrote:
>
> > We have main.cf configured as follows:
> >
> > sender_de
We are distributing a daily email to our subscribers -- which generates a
large burst of email. We have main.cf configured as follows:
sender_dependent_default_transport_maps =
randmap:{r192,r193,r194,r195,r196,r197,r198}
smtp_connection_cache_on_demand=no
Distributing the traffic across seven ip
is
is the expected behavior.
Apache is also running on this VM. I performed "tail
/var/log/httpd/access_log" and can see Apache logging.
Greg Sims
www.RayStedman.org
On Sun, Jul 12, 2020 at 5:08 PM Greg Sims wrote:
> I updated my maillog processing tool to make use of journalctl.
h my goals using
journalctl.
I am more than willing to collect data to help determine why the three
minutes of log data is not making it to /var/log/maillog. To be honest, I
do not know how to "... find out how your syslog daemon gets the messages
from the systemd journal.".
Greg Sims
On Su
illog -- almost
50,000 records. You discovered a way to gain access to the missing data!
The big question for me continues to be, why did this data not make it to
/var/log/maillog?
Greg Sims
On Sun, Jul 12, 2020 at 2:40 PM Christian Kivalo
wrote:
> On 2020-07-12 23:01, Greg Sims wrote:
>
Nothing Christian:
[root@mail0 postfix]# journalctl -u postfix@-.service --since="2020-07-12
03:06:00" --until="2020-07-12 03:11:00"
-- Logs begin at Sat 2020-07-11 09:35:28 CDT, end at Sun 2020-07-12
15:50:00 CDT. --
-- No entries --
Greg Sims
Blessings, Greg
www.RayStedm
We are making good progress building a mail server. The server is a KVM
running CentOs 8.2 with vcpus=2 and ram=4GB. The system is under heavy
load and is likely limited by disk performance. The load is generated by a
second KVM using SMTP to send email. Everything seems to be working except
the
2020-06-26 16:56, Greg Sims wrote:
> > ip addr
> > =
> > 3: ens4: mtu 1500 qdisc fq_codel
> > state
> > UP group default qlen 1000
> > link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
> > inet 108.xxx.xxx.45/29 brd 108.xxx.xxx.47 scope global
stent using the
75.xxx.xxx.xxx set of ip addresses.
Thanks, Greg
www.RayStedman.org
On Fri, Jun 26, 2020 at 7:40 AM Wietse Venema wrote:
> Greg Sims:
> > Good Morning Wietse,
> >
> > The error message is the same in this configuration with ens4
> > NM_CONTROLLED="no"
he VM with ens4 NM_CONTROLLED="yes" using Secondary ip
addresses. I can gather data for this configuration of the VM if you wish.
Thanks, Greg
www.RayStedman.org
On Fri, Jun 26, 2020 at 5:49 AM Wietse Venema wrote:
> Greg Sims:
> > inet 74.xxx.xxx.192/29 brd 74.xxx.xxx.1
t;
BOOTPROTO="none"
IPADDR="74.xxx.xxx.192"
PREFIX="29"
Thanks, Greg
www.RayStedman.org
On Thu, Jun 25, 2020 at 5:29 PM Wietse Venema wrote:
> Greg Sims:
> > I did notice that the 75.126.xxx.xxx addresses are not known to an
> > interface on the VM.
dress" messages in the maillog. It is interesting to
note that the relay to random ip addresses works well -- just the message
in maillog is the problem.
Thanks again! Greg
www.RayStedman.org
On Thu, Jun 25, 2020 at 12:24 PM Wietse Venema wrote:
> Greg Sims:
> > warning: smtp_conn
We have a KVM running Postfix on CentOS 8. The VM does not have access to
IPV6 (something I hope to fix in the future). Here is "ip addr" for the
public interface of the VM (the ip/mac addresses has been obscured).
3: ens4: mtu 1500 qdisc fq_codel state UP
group default qlen 1000
link/ether
Thank you all for your feedback on this issue.
The network on this KVM is configured statically in the kickstart
installation file.
I applied Peter's solution and it works perfectly.
There is a straight-forward workaround to this issue.
* set "inet_interfaces = all" in main.cf (the default)
Hi There,
We have a CentOS 7 Server that is running several KVMs of both CentOS 7 and
CentOS 8. We have a CentOS 7/Postfix KVM running as a production mail
server in this environment.
I am trying to build a CentOS 8/Postfix KVM -- but run into an error on
reboot. Here is the full error:
fatal:
Hi There,
We recently moved from RHEL 6/Postfix to CentOS 7/Postfix. I see a change
in the maillog that I need help understanding.
We are using mailman to manage three lists totaling 21K subscribers. Each
email is sent using VERP so that the Sender and Errors-to headers are
unique -- containin
79 matches
Mail list logo
