Randy Ramsdell skrev den 2013-01-08 00:15:
What is the configuration forces postfix to honor what is found in
virtual_alias_maps ?
e.g.
support@$domain.com LocalAccount
virtual_alias_maps does not support localaccount
if you like to use localaccount from outside, then send it
Hi Viktor,
I've added this into my main.cf:
slow_destination_concurrency_failed_cohort_limit = 5
But I noticed that even after a failure, postfix keeps trying to deliver to the
destination.
Question: how can I stop postfix from trying to deliver emails after few
failures?
I mean, if it is t
Rafael Azevedo - IAGENTE:
[ Charset ISO-8859-1 unsupported, converting... ]
> Hi Viktor,
>
> I've added this into my main.cf:
>
> slow_destination_concurrency_failed_cohort_limit = 5
This stops deliveries after 5 COHORT failures.
> I mean, if it is trying to deliver to xyz.com and it fa
Wietse Venema:
> Rafael Azevedo - IAGENTE:
> > I've added this into my main.cf:
> >
> > slow_destination_concurrency_failed_cohort_limit = 5
>
> This stops deliveries after 5 COHORT failures.
>
> > I mean, if it is trying to deliver to xyz.com and it fails 5 times,
>
> Yes, but you conf
Rafael Azevedo - IAGENTE:
> Hi Witsie,
>
> Is there anyway we can adjust Postfix to stop delivering after a
> 4XX reply?
Postfix will stop delivering after TCP or SMTP handshake failure.
Postfix WILL NOT stop delivering due to 4xx reply AFTER the SMTP
protocol handshake.
Postfix is not a tool to
On Tue, Jan 08, 2013 at 10:47:08AM -0200, Rafael Azevedo - IAGENTE wrote:
> I've added this into my main.cf:
>
> slow_destination_concurrency_failed_cohort_limit = 5
This is fine, since you set the concurrency limit to 1, it is
intended to avoid shutting down deliveries after a single connection
On Tue, Jan 08, 2013 at 11:05:20AM +0100, Benny Pedersen wrote:
> Randy Ramsdell skrev den 2013-01-08 00:15:
> >What is the configuration forces postfix to honor what is found in
> >virtual_alias_maps ?
> >
> >e.g.
> >
> >support@$domain.com LocalAccount
>
> virtual_alias_maps doe
Thank you Witsie.
We have a huge mail volume thats why I'm trying to figure out a better way to
deal with it.
Many providers have their own restrictions. We do work in compliance with most
of them, but there are a few that just won't help at all, so its easy to tell
me to make the necessary ar
Rafael Azevedo - IAGENTE:
> I truly believe that postfix is the best MTA ever, but you might
> agree with me that when the receiver start blocking the sender,
> its worthless to keep trying to deliver.
1) Postfix will back off when the TCP or SMTP handshake fails. This
is a clear signal that a sit
But Witsei, would you agree with me that error 4XX is (in general cases) a
temporary error?
Why keep trying when we have a clear signal of a temporary error?
Also, if we had a temporary error control (number of deferred messages by
recipient), it would be easy to identify when postfix should st
On Tue, Jan 08, 2013 at 01:59:14PM -0200, Rafael Azevedo - IAGENTE wrote:
> But Witse, would you agree with me that error 4XX is (in general
> cases) a temporary error?
It is a temporary error for *that* recipient. It is not a global
indication that the site is temporary unreachable. Nor is there
Rafael Azevedo - IAGENTE:
> Why keep trying when we have a clear signal of a temporary error?
As Victor noted Postfix does not keep trying the SAME delivery.
Instead, Postfix tries to deliver a DIFFERENT message. It would be
incorrect IN THE GENERAL CASE to postpone ALL deliveries to a site
just
Em 08/01/2013, às 14:21, Wietse Venema escreveu:
> Rafael Azevedo - IAGENTE:
>> Why keep trying when we have a clear signal of a temporary error?
>
> As Victor noted Postfix does not keep trying the SAME delivery.
Yes you're right and I know that. But it keeps trying for another recipients in
Att.
--
Rafael Azevedo | IAGENTE
Fone: 51 3086.0262
MSN: raf...@hotmail.com
Visite: www.iagente.com.br
Em 08/01/2013, às 14:07, Viktor Dukhovni escreveu:
> On Tue, Jan 08, 2013 at 01:59:14PM -0200, Rafael Azevedo - IAGENTE wrote:
>
>> But Witse, would you agree with me that error 4XX is (in ge
On 08/01/2013 16:38, Rafael Azevedo - IAGENTE wrote:
Em 08/01/2013, às 14:21, Wietse Venema
escreveu:
Rafael Azevedo - IAGENTE:
Why keep trying when we have a clear signal of a temporary
error?
As Victor noted Postfix does not keep trying the SAME delivery.
Yes you're right and I know tha
I'm a little unsure about best practice here, hence the question.
Running /usr/sbin/spamd from the SpamAssassin package to scan mail, I've
integrated it into /etc/postfix/master.cf with the following
lines
---
smtp inet n - n - - smtpd -o
content_filter=spamassa
Rafael Azevedo - IAGENTE:
> > Instead, Postfix tries to deliver a DIFFERENT message. It would be
> > incorrect IN THE GENERAL CASE to postpone ALL deliveries to a site
> > just because FIVE recipients were unavailable.
>
> Thats why it would be interesting to have a way to configure that.
Configu
Am 08.01.2013 17:44, schrieb Mark Goodge:
> On 08/01/2013 16:38, Rafael Azevedo - IAGENTE wrote:
>> Em 08/01/2013, às 14:21, Wietse Venema
>> escreveu:
>>
>>> Rafael Azevedo - IAGENTE:
Why keep trying when we have a clear signal of a temporary
error?
>>>
>>> As Victor noted Postfix doe
Am 08.01.2013 17:48, schrieb Wietse Venema:
> Rafael Azevedo - IAGENTE:
>>> Instead, Postfix tries to deliver a DIFFERENT message. It would be
>>> incorrect IN THE GENERAL CASE to postpone ALL deliveries to a site
>>> just because FIVE recipients were unavailable.
>>
>> Thats why it would be inte
>
> One of the most common reasons for a temporary delivery failure is a full
> mailbox. Or, where the remote server is acting as a store-and-forward, a
> temporary inability to verify the validity of the destination address.
I dont agree with that. Connection time out is the most common reason
> Configurable, perhaps. But it would a mistake to make this the
> default strategy.
>
> That would make Postfix vulnerable to a trivial denial of service
> attack where one bad recipient can block all mail for all other
> recipients at that same site.
Not if it could me parametrized. As I said
Yes Reindl, you got the point. I just want to wait for a while before retrying
to send email to the same destination.
> Am 08.01.2013 17:48, schrieb Wietse Venema:
>> Rafael Azevedo - IAGENTE:
Instead, Postfix tries to deliver a DIFFERENT message. It would be
incorrect IN THE GENERAL C
On Tue, Jan 08, 2013 at 03:04:37PM -0200, Rafael Azevedo - IAGENTE wrote:
> > Configurable, perhaps. But it would a mistake to make this the
> > default strategy.
> >
> > That would make Postfix vulnerable to a trivial denial of service
> > attack where one bad recipient can block all mail for all
Rafael Azevedo - IAGENTE:
>
>
> > Configurable, perhaps. But it would a mistake to make this the
> > default strategy.
> >
> > That would make Postfix vulnerable to a trivial denial of service
> > attack where one bad recipient can block all mail for all other
> > recipients at that same site.
>
On 1/8/2013 10:47 AM, Titanus Eramius wrote:
> I'm a little unsure about best practice here, hence the question.
>
> Running /usr/sbin/spamd from the SpamAssassin package to scan mail, I've
> integrated it into /etc/postfix/master.cf with the following
> lines
> ---
> smtp inet n -
Am 08.01.2013 19:08, schrieb Wietse Venema:
> Rafael Azevedo - IAGENTE:
>>
>>
>>> Configurable, perhaps. But it would a mistake to make this the
>>> default strategy.
>>>
>>> That would make Postfix vulnerable to a trivial denial of service
>>> attack where one bad recipient can block all mail fo
On Tue, Jan 08, 2013 at 01:08:21PM -0500, Wietse Venema wrote:
> I could add an option to treat this in the same manner as "failure
> to connect" errors (i.e. temporarily skip all further delivery to
> this site). However, this must not be the default strategy, because
> this would hurt the far ma
Reindl Harald:
> > Big deal. Now I can block all mail for gmail.com by getting 100
> > email messages into your queue
>
> how comes?
> how do you get gmail.com answer to any delivery from you with 4xx?
He wants to temporarily suspend delivery when site has 5 consecutive
delivery errors without di
Am 08.01.2013 20:16, schrieb Wietse Venema:
> Reindl Harald:
>>> Big deal. Now I can block all mail for gmail.com by getting 100
>>> email messages into your queue
>>
>> how comes?
>> how do you get gmail.com answer to any delivery from you with 4xx?
>
> He wants to temporarily suspend delivery
On Jan 8, 2013, at 19:39, Noel Jones wrote:
> On 1/8/2013 10:47 AM, Titanus Eramius wrote:
>> I'm a little unsure about best practice here, hence the question.
>>
>> Running /usr/sbin/spamd from the SpamAssassin package to scan mail, I've
>> integrated it into /etc/postfix/master.cf with the foll
Viktor Dukhovni:
> On Tue, Jan 08, 2013 at 01:08:21PM -0500, Wietse Venema wrote:
>
> > I could add an option to treat this in the same manner as "failure
> > to connect" errors (i.e. temporarily skip all further delivery to
> > this site). However, this must not be the default strategy, because
>
On Tue, Jan 08, 2013 at 02:39:17PM -0500, Wietse Venema wrote:
> Viktor Dukhovni:
> > On Tue, Jan 08, 2013 at 01:08:21PM -0500, Wietse Venema wrote:
> >
> > > I could add an option to treat this in the same manner as "failure
> > > to connect" errors (i.e. temporarily skip all further delivery to
Am 08.01.2013 20:51, schrieb Viktor Dukhovni:
> On Tue, Jan 08, 2013 at 02:39:17PM -0500, Wietse Venema wrote:
>
>> Viktor Dukhovni:
>>> On Tue, Jan 08, 2013 at 01:08:21PM -0500, Wietse Venema wrote:
>>>
I could add an option to treat this in the same manner as "failure
to connect" err
Viktor Dukhovni:
> On Tue, Jan 08, 2013 at 02:39:17PM -0500, Wietse Venema wrote:
> > Viktor Dukhovni:
> > > On Tue, Jan 08, 2013 at 01:08:21PM -0500, Wietse Venema wrote:
> > >
> > > > I could add an option to treat this in the same manner as "failure
> > > > to connect" errors (i.e. temporarily
Tue, 08 Jan 2013 12:39:58 -0600 skrev Noel Jones
:
> On 1/8/2013 10:47 AM, Titanus Eramius wrote:
> > I'm a little unsure about best practice here, hence the question.
> >
> > Running /usr/sbin/spamd from the SpamAssassin package to scan mail,
> > I've integrated it into /etc/postfix/master.cf wi
This note discusses some user-interface issues with upcoming
postconf(1) features that will be used to manage the content of
master.cf files.
User-interface consistency is important, especially for people who
work a lot with Postfix: fewer things to remember means fewer
mistakes to make (it's also
Tue, 8 Jan 2013 20:29:30 +0100 skrev DTNX Postmaster
:
...
> > The more typical way to do this is for local mail to use the
> > submission port 587. Sometimes folks redirect port 25 on the local
> > network to 587 as a migration aid.
>
>
> This. Using the submission port is highly recommended
Am 08.01.2013 21:40, schrieb Wietse Venema:
> My conclusion is that Postfix can continue to provide basic policies
> that avoid worst-case failure modes, but the choice of the settings
> that control those policies is better left to the operator. If the
> receiver slams on the brakes, then Postfi
Am 08.01.2013 21:48, schrieb Titanus Eramius:
> This raises the question (or at least I think it do), if it's
> possible to "force" the users onto 587 by denying relay access to 25?
it's more a human problem than a technically to force a large amount
of users to change their for a long time wron
Am 08.01.2013 22:03, schrieb Titanus Eramius:
> But it raises a question (like i wrote in the reply to Noel), and that
> is (as far as i know) that I need to ensure the use of 587 so users
> can't "go around" rate limiting on 587 by using 25 for relaying.
>
> Would such a thing be possible to do
* Wietse Venema :
> This note discusses some user-interface issues with upcoming
> postconf(1) features that will be used to manage the content of
> master.cf files.
>
> User-interface consistency is important, especially for people who
> work a lot with Postfix: fewer things to remember means few
how does one get off this list?
My attempts have all been blocked by majordomo.
Even Weitse's personal filter blocked my email /-:
- Original Message -
From: "Patrick Ben Koetter"
To:
Sent: Tuesday, January 08, 2013 4:38 PM
Subject: Re: RFC: postconf user interface
* Wietse
Tue, 08 Jan 2013 22:06:26 +0100 skrev Reindl Harald
:
>
>
> Am 08.01.2013 21:48, schrieb Titanus Eramius:
> > This raises the question (or at least I think it do), if it's
> > possible to "force" the users onto 587 by denying relay access to
> > 25?
>
> it's more a human problem than a technica
On 1/8/2013 2:48 PM, Titanus Eramius wrote:
> Tue, 08 Jan 2013 12:39:58 -0600 skrev Noel Jones
>> Using iptables to separate traffic is a reasonable solution.
>> Probably a good idea to add a comment to master.cf documenting what
>> you've done.
>>
>> The more typical way to do this is for local m
Patrick Ben Koetter:
> > Next, a few examples that are likely to be implemented:
> >
> > postconf -M# service-type ...
> > postconf -M# service-type.service-name ...
> >
> > postconf -MX service-type ...
> > postconf -MX service-type.service-name ...
> >
> > Delete (or co
On 1/8/2013 3:46 PM, vi...@vheuser.com wrote:
> how does one get off this list?
> My attempts have all been blocked by majordomo.
> Even Weitse's personal filter blocked my email /-:
From: http://www.postfix.org/lists.html
To stop list mail, send mail to majord...@postfix.org with content
Tue, 08 Jan 2013 15:54:41 -0600 skrev Noel Jones
:
...
> > This raises the question (or at least I think it do), if it's
> > possible to "force" the users onto 587 by denying relay access to
> > 25?
> >
>
> It's certainly possible to prevent relaying via port 25, and many
> sites do so.
>
> Th
On 1/8/2013 4:11 PM, Titanus Eramius wrote:
> I've had some trouble seeing the difference
> between -o overrides in main.cf and master.cf, but this really helps.
>
main.cf parameters are used by all postfix services (but not all
parameters apply to all services).
Individual services defined in
Le 08/01/2013 22:00, Wietse Venema a écrit :
> This note discusses some user-interface issues with upcoming
> postconf(1) features that will be used to manage the content of
> master.cf files.
>
> User-interface consistency is important, especially for people who
> work a lot with Postfix: fewer th
Le 08/01/2013 23:06, Wietse Venema a écrit :
> Patrick Ben Koetter:
> [snip]
>> Should postconf be able/offer to make backup copies before it acts a request
>> out?
> Should it with main.cf? Should we enourage the use of version control?
given that people use different version control systems, I w
Le 08/01/2013 21:48, Titanus Eramius a écrit :
> Tue, 08 Jan 2013 12:39:58 -0600 skrev Noel Jones
> :
>
>> On 1/8/2013 10:47 AM, Titanus Eramius wrote:
>>> I'm a little unsure about best practice here, hence the question.
>>>
>>> Running /usr/sbin/spamd from the SpamAssassin package to scan mail,
>
mouss:
> > I am contemplating a new class of master.cf operations that operate
> > column-wise. These currently have no main.cf equivalent.
> >
> > postconf -Mu chroot=n inet unix fifo pass
>
> I like the "mib" syntax of main.cf. so I'd prefer something like
> postconf -e service.submissio
* Wietse Venema :
> Patrick Ben Koetter:
> > > Next, a few examples that are likely to be implemented:
> > >
> > > postconf -M# service-type ...
> > > postconf -M# service-type.service-name ...
> > >
> > > postconf -MX service-type ...
> > > postconf -MX service-type.service-name
So, with the breakout in Postfix 2.10 for smtpd_relay_restrictions and
smtpd_recipient_restrictions, I seem to have goofed in relation to RBLs and
the submission port.
Right now, we have RBLs added to smtpd_recipient_restrictions. In
smtpd_relay_restrictions, I have permit_sasl_authenticated.
* Quanah Gibson-Mount :
> So, with the breakout in Postfix 2.10 for smtpd_relay_restrictions
> and smtpd_recipient_restrictions, I seem to have goofed in relation
> to RBLs and the submission port.
>
> Right now, we have RBLs added to smtpd_recipient_restrictions. In
> smtpd_relay_restrictions, I
Hello,
is there any way to set certificate / key file name depending on domain
name? I mean something similar to this Exim feature:
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html#SECTtlssni
...or this Dovecot feature:
http://wiki2.dov
Piotr Paw?ow:
> is there any way to set certificate / key file name depending on domain
> name?
Postfix does not yet implement SNI (RFC 3546). All implemented RFCs
are documented.
> I guess in Postfix it would be something like smtpd_tls_cert_map
> / ...key_map, but I haven't found any such opt
On Tue, Jan 08, 2013 at 10:02:31PM +0100, Reindl Harald wrote:
> Am 08.01.2013 21:40, schrieb Wietse Venema:
> > My conclusion is that Postfix can continue to provide basic policies
> > that avoid worst-case failure modes, but the choice of the settings
> > that control those policies is better le
Am 09.01.2013 02:57, schrieb Viktor Dukhovni:
> On Tue, Jan 08, 2013 at 10:02:31PM +0100, Reindl Harald wrote:
>
>> Am 08.01.2013 21:40, schrieb Wietse Venema:
>>> My conclusion is that Postfix can continue to provide basic policies
>>> that avoid worst-case failure modes, but the choice of the
On Tue, Jan 08, 2013 at 04:00:34PM -0500, Wietse Venema wrote:
>
> However, the syntax differs from "postconf -M" commands that can
> target multiple services, such as "postconf -M inet" or "postconf
> -Mu chroot=n inet". There, a service is better specified as
> service-type or service-type.ser
On Wed, Jan 09, 2013 at 03:06:58AM +0100, Reindl Harald wrote:
> > Suspending delivery and punting all messages from the active queue
> > for the designated nexthop is not a winning strategy. In this state
> > mail delivery to the destination is in most cases unlikely to
> > recover without manual
On Tue, Jan 08, 2013 at 07:58:38PM -0500, Wietse Venema wrote:
> > is there any way to set certificate / key file name depending on domain
> > name?
This problem is much harder for SMTP that HTTP, since the MTA does
not know with certainty which acceptable certificate a receiving
site is likely
Am 09.01.2013 03:17, schrieb Viktor Dukhovni:
>> the request was "after 20 temp fails to the same destination
>> retry the next delivers to THIS destination FIVE MINUTES later"
>
> That's not what happens when a destination is throttled, all mail
> there is deferred, and is retried some indefini
On 1/8/2013 5:26 PM, Patrick Ben Koetter wrote:
> * Wietse Venema :
>> Patrick Ben Koetter:
Next, a few examples that are likely to be implemented:
postconf -M# service-type ...
postconf -M# service-type.service-name ...
postconf -MX service-type ...
On 1/8/2013 5:38 PM, Quanah Gibson-Mount wrote:
> So, with the breakout in Postfix 2.10 for smtpd_relay_restrictions
> and smtpd_recipient_restrictions, I seem to have goofed in relation
> to RBLs and the submission port.
>
> Right now, we have RBLs added to smtpd_recipient_restrictions. In
> smt
65 matches
Mail list logo
