Outbound gateway for Google Apps or Exchange online, how to authenticate?

Hi, Google Apps and Exchange online allows you to relay all outgoing email through an external mail server. Google Apps calls this an "Outbound mail gateway": https://support.google.com/a/answer/178333 And Microsoft calls this "Outbound Smart Hosting": http://technet.microsoft.com/en-us/librar

Re: Outbound gateway for Google Apps or Exchange online, how to authenticate?

Am 27.03.2014 08:45, schrieb martijn.list: > as anyone on this list has any experience in setting up an outbound > gateway for Google Apps and/or Exchange online? > > If so any ideas how to make sure this will work without any problems? whatever microsoft or google does, it maybe ok to allow rela

Backup relay possible?

Hello, On our gateway server, we have: transport_maps = hash:/etc/postfix/transportmap /etc/postfix/transportmap noa.gr relay:[vmail.noa.gr] admin.noa.grrelay:[vmail.noa.gr] nestor.noa.gr relay:[vmail.noa.gr] space.noa.grrelay:[vmail.noa.gr]

Re: Backup relay possible?

Make vmail.noa.gr with multi ip then postfix will resolve it self Else make dns split view on local servers Avoid transport maps

Re: transport_maps "loops back to myself"

> Wietse Venema wrote: > In other words, RTFM. I'd love to say I haven't read the manual and thank you for pointing it out to me, but my OCD is too damn high, so I always read manuals. Unfortunately this time I can't quite get my head around it to figure it out on my own how to correctly and sanel

Re: Backup relay possible?

On 27/03/2014 13:49, Nikolaos Milas wrote: Hello, On our gateway server, we have: transport_maps = hash:/etc/postfix/transportmap /etc/postfix/transportmap noa.gr relay:[vmail.noa.gr] admin.noa.grrelay:[vmail.noa.gr] nestor.noa.gr relay:[vmail.noa.gr]

Re: Backup relay possible?

On 27/3/2014 2:04 μμ, Birta Levente wrote: http://www.postfix.org/postconf.5.html#fallback_relay Oh, thanks! So, since the two conditions are by default fulfilled: * In main.cf specify "relay_transport = relay", * In master.cf specify "-o fallback_relay =" (i.e., empty) at the end of

Re: transport_maps "loops back to myself"

MV: > As far as I can tell, in my case since I'm using sing tcp-base tables > some look ups are not performed and that's fine. But there are no > mentions to the change in the order which patterns are checked. > So am I wrong to expect to see the logs showing "get bar > foreign.tld" and "get foo

How to force Postfix 2.5.9 to try another MX?

Hi, I've got quite a strange problem. A user is trying to send email to a domain, "tn.odessa.ua" which has 3 MX servers. One of them is clearly not working, "notes.uptel.net[195.138.170.139]", which has a priority of 30. Checking the logs I see that Postfix always tries to deliver to "notes.up

Re: How to force Postfix 2.5.9 to try another MX?

Am 27.03.2014 14:24, schrieb Bogdan Enache: > Hi, > I've got quite a strange problem. > A user is trying to send email to a domain, "tn.odessa.ua" which has 3 > MX servers. One of them is clearly not working, > "notes.uptel.net[195.138.170.139]", which has a priority of 30. Checking > the logs I se

Re: How to force Postfix 2.5.9 to try another MX?

Bogdan Enache: > I restarted Postfix and flushed the queue a few times, but there isn't > any change. It's always trying "notes.uptel.net", never any of the other > 2 MXs. The Postfix client tries a limited number of IP addresses and a limited number of SMTP sessions. Number of IP addresses, de

Re: How to force Postfix 2.5.9 to try another MX?

Pe 27.03.2014 15:51, Wietse Venema a scris: Bogdan Enache: I restarted Postfix and flushed the queue a few times, but there isn't any change. It's always trying "notes.uptel.net", never any of the other 2 MXs. The Postfix client tries a limited number of IP addresses and a limited number of SMT

Re: Backup relay possible?

On 27/03/2014 15:05, Nikolaos Milas wrote: On 27/3/2014 2:04 μμ, Birta Levente wrote: http://www.postfix.org/postconf.5.html#fallback_relay Oh, thanks! So, since the two conditions are by default fulfilled: * In main.cf specify "relay_transport = relay", * In master.cf specify "-o fallbac

Re: How to force Postfix 2.5.9 to try another MX?

Am 27.03.2014 14:58, schrieb Bogdan Enache: > Pe 27.03.2014 15:51, Wietse Venema a scris: >> Bogdan Enache: >>> I restarted Postfix and flushed the queue a few times, but there isn't >>> any change. It's always trying "notes.uptel.net", never any of the other >>> 2 MXs. >> The Postfix client tries

RE: Backup relay possible?

> -Original Message- > From: owner-postfix-us...@postfix.org [mailto:owner-postfix- > us...@postfix.org] On Behalf Of Nikolaos Milas > Sent: 27 March 2014 14:27 > To: postfix-users@postfix.org > Subject: Re: Backup relay possible? > > On 27/3/2014 4:10 μμ, Birta Levente wrote: > > > Not r

Re: Backup relay possible?

On 27/3/2014 4:10 μμ, Birta Levente wrote: Not really IMHO AFAIK since you have two entries with same key in transport map, postfix will choose the first. I think this is the way: main.cf: fallback_relay=[vmail1.noa.gr] transport_map: noa.gr relay:[vmail.noa.gr] admin.noa.gr relay:[vmail.n

Re: Reject client from domains without MX records

Hi, i'm really getting nuts trying to get is running. The current behavior is: * An authenticated user can login as user f...@example.com and then send an email using from/sender address b...@example2.com * When another server i have, also running a Postfix 2.11, which relays emails on the main s

Re: Backup relay possible?

On 27/03/2014 16:26, Nikolaos Milas wrote: On 27/3/2014 4:10 μμ, Birta Levente wrote: Not really IMHO AFAIK since you have two entries with same key in transport map, postfix will choose the first. I think this is the way: main.cf: fallback_relay=[vmail1.noa.gr] transport_map: noa.gr rela

Re: transport_maps "loops back to myself"

On Thu, Mar 27, 2014 at 12:04:34PM +, MV wrote: > As far as I can tell, in my case since I'm using sing tcp-base tables > some look ups are not performed and that's fine. But there are no > mentions to the change in the order which patterns are checked. > So am I wrong to expect to see the log

Re: Backup relay possible?

On 27/3/2014 4:32 μμ, James Day wrote: noa.gr relay:noa.gr.local I have then configured A records for the multiple relay destinations, queries are then balanced in a DNS round robin fashion. Yes, I undertand. However, we don't want balancing (our traffic is low - but we want failover). In

Re: Backup relay possible?

On 27.03.2014 16:01, Nikolaos Milas wrote: > On 27/3/2014 4:32 μμ, James Day wrote: > >> noa.gr relay:noa.gr.local >> >> I have then configured A records for the multiple relay destinations, >> queries are then balanced in a DNS round robin fashion. > > Yes, I undertand. However, we don't want b

Re: Outbound gateway for Google Apps or Exchange online, how to authenticate?

On Thu, Mar 27, 2014 at 08:45:01AM +0100, martijn.list wrote: > Has anyone on this list has any experience in setting up an outbound > gateway for Google Apps and/or Exchange online? I set up Google Apps some years back, but have switched jobs since and have forgotten some of the details. We def

Re: Backup relay possible?

On 27/3/2014 5:04 μμ, Robert Sander wrote: You do not need A records, but you can instead add MX records with priority. This way your use case is implemented. No, these are not MXs. They are internal (final destination) servers. MXs are gateway servers relaying to the internal one (for which

Re: Backup relay possible?

On 27/3/2014 4:47 μμ, Birta Levente wrote: I'm not sure and this is not tested, but maybe you can: transport_map: noa.gr relay1:[vmail.noa.gr] admin.noa.gr relay2:[vmail.noa.gr] add to master.cf: relay1 unix - - n - - smtp -o fallback_relay=[firstwhateverhost] relay2 unix - - n - - smtp -o fal

Re: How to force Postfix 2.5.9 to try another MX?

On Thu, Mar 27, 2014 at 03:24:14PM +0200, Bogdan Enache wrote: > A user is trying to send email to a domain, "tn.odessa.ua" which has 3 MX > servers. One of them is clearly not working, > "notes.uptel.net[195.138.170.139]", which has a priority of 30. Checking the > logs I see that Postfix always

Re: How to force Postfix 2.5.9 to try another MX?

* Viktor Dukhovni : > On Thu, Mar 27, 2014 at 03:24:14PM +0200, Bogdan Enache wrote: > > > A user is trying to send email to a domain, "tn.odessa.ua" which has 3 MX > > servers. One of them is clearly not working, > > "notes.uptel.net[195.138.170.139]", which has a priority of 30. Checking the > >

Re: Backup relay possible?

On 27.03.2014 16:09, Nikolaos Milas wrote: > On 27/3/2014 5:04 μμ, Robert Sander wrote: > >> You do not need A records, but you can instead add MX records with >> priority. This way your use case is implemented. > > No, these are not MXs. They are internal (final destination) servers. > MXs are

Re: Domain masquerading, but not for local

Thanks Victor—I solved this by diving in the deep end with multiple postfix instances. The main instance accepts incoming mail and delivers any local-bound, then smtp_generic_maps everything else (to remove the unwanted hostname from host.example.com) and relays to the secondary instance. This

Re: Backup relay possible?

On 27/3/2014 6:18 μμ, Robert Sander wrote: I know that they are not "official" MX. The whole point is that you create an internal domain name with two MX records pointing to these servers. This is then used in your transport map and nowhere else. Hmm, interesting. It sounds a good idea! Thank

Re: transport_maps "loops back to myself"

>Wietse: >> MV: >> As far as I can tell, in my case since I'm using sing tcp-base tables >> some look ups are not performed and that's fine. But there are no >> mentions to the change in the order which patterns are checked. >> So am I wrong to expect to see the logs showing "get bar >> foreign.tl

Re: transport_maps "loops back to myself"

On Thu, Mar 27, 2014 at 04:50:25PM +, MV wrote: > Now going a step further, how can I split the "*" (all non-local) > between smtpX and smtpY (without running multiple postfix instances) ? > Something like ... > > mydomain.ltd: > .mydomain.ltd : > * smtpX > *

Re: Reject client from domains without MX records

If i try to spoof email/sender address through Mozilla Thunderbird i get the same error message as the one when relaying : Sender address rejected: not owned by user us...@example.com; So it looks like the issue only exists when working locally like through the webmail solution. On Thu, Mar 27, 2

Re: Reject client from domains without MX records

After doing another try and looking carefully at the mail.log file i realize that after the first attempt to reject the email i finally gets delivered. https://gist.github.com/sibok/82f84dcc71bfa75deeeb Hope someone can help. Thanks! On Thu, Mar 27, 2014 at 6:52 PM, Pau Peris wrote: > If i try

Re: Reject client from domains without MX records

Am 27.03.2014 18:52, schrieb Pau Peris: > If i try to spoof email/sender address through Mozilla Thunderbird i get the > same error message as the one when > relaying mailto:u...@example.com>>: Sender address > rejected: not owned by user us...@example.com > ; So it loo

Re: transport_maps "loops back to myself"

>Viktor Dukhovni wrote: > Furthermore, because "*" is cached, you really don't want to use > "*" at all for dynamic transport resolution. Thanks for your input RE the caching of the special pattern "*" results. > I answered your question upthread, use: > sender_dependent_default_transport_maps

Re: Reject client from domains without MX records

Am 27.03.2014 18:52, schrieb Pau Peris: > If i try to spoof email/sender address through Mozilla Thunderbird i get > the same error message as the one when relaying >: Sender address rejected: not owned by user > us...@example.com ; So it looks li

Re: transport_maps "loops back to myself"

MV: > I don't want to use sender-based static "routes". I'm looking for > a "random" or round-robin-ish split of smtp that provides consistent > "helo .. hostname .. ip .. reverse-dns-lookup" What is the legitimate use case for this kind of policy evasion? Wietse

Re: Reject client from domains without MX records

Hi, i didn't configure mynetworks because i mynetworks_style is set to host. I thought it was right thing to do to fit my needs which obviously looks like not. Could you please exaplain me why is it wrong? I think i'm not fully understanding why permit_mynetworks is wrong there. Robert, i'm using

Re: Reject client from domains without MX records

can you please stop top-posting and using HTML on lists? what is bad with HTML? look at the quote below after convert you message to plain Am 27.03.2014 19:53, schrieb Pau Peris: > i didn't configure mynetworks because i mynetworks_style is set to host. I > thought > it was right thing to do to

Re: Reject client from domains without MX records

Hi, i understand now the mistake. I'm reviewing the whole restrictions lot to fix permit_mynetworks where it is needed. I'm looking at Postfix site - http://postfix.org/postconf.5.html - for a way to create exceptions as i would like some users like root to be able to spoof their from address but

Re: transport_maps "loops back to myself"

On Thu, Mar 27, 2014 at 06:23:39PM +, MV wrote: > >Viktor Dukhovni wrote: > > Furthermore, because "*" is cached, you really don't want to use > > "*" at all for dynamic transport resolution. > Thanks for your input RE the caching of the special pattern "*" results. > > > I answered your ques

Re: transport_maps "loops back to myself"

> Wietse: > What is the legitimate use case for this kind of policy evasion? Just to be clear, I'm not a spammer, if anything, I couldn't be more far from it. I'm in the business of (strictly subscription-only) "monitoring stuff". I mean, as soon as an event happens the subscribers who signed up t

Re: transport_maps "loops back to myself"

Viktor Dukhovni: > Of course you can. You're just not listening carefully. Your I'm failing to grasp the concept and can't find any working examples online... Finding this thread http://thread.gmane.org/gmane.mail.postfix.user/203958 has helped a bit.. > sender dependent maps would actually larg

Re: Reject client from domains without MX records

PLEASE LEARN TO USE YOUR MAIL-CLIENT AND HOW TO QUOTE * do not top post * do not post HTML * do not reply only to your own questions while you refer to answers * if you continue that way of posting i just ignore you this is a completly unreadable thread in the meanwhile that below is hardly a res

Re: transport_maps "loops back to myself"

On Thu, Mar 27, 2014 at 07:44:46PM +, MV wrote: > > sender dependent maps would actually largely ignore the sender, > > But how to I define the sender (map), if that's not asking too much, > could you please provide me with an example file? It is a program! Not a fixed mapping. It receives

Re: transport_maps "loops back to myself"

Viktor Dukhovni wrote: > It is a program! Not a fixed mapping. It receives a sender address, > and replies (with a possibly cached per-sender) answer which is > computed on a mostly-round-robin basis. If that's not asking too much, could you please provide me with a practical example or point me

Re: transport_maps "loops back to myself"

MV: > > Wietse: > > What is the legitimate use case for this kind of policy evasion? > > Just to be clear, I'm not a spammer, if anything, I couldn't be more > far from it. > I'm in the business of (strictly subscription-only) "monitoring > stuff". I mean, as soon as an event happens the subscribe

Can I reject when sender doesn't appear in from: header?

I'm seeing messages occasionally where the envelope sender is a verifiable address at someone else's domain, but the from: header contains some non-existent user @ our local domain. Can postfix reject those messages? Can postfix perform address verification on from: or reply-to: headers?

Attachment decoder (slightly O/T)

Just a quick request for advice on filtering incoming email. About 12+ years ago on a system which has long since retired, I remember having a problem with WINMAIL.DAT attachments in emails. The solution used some combination of tools which, from memory, included things like tnefclean and mmencode

Re: transport_maps "loops back to myself"

On Thu, Mar 27, 2014 at 08:48:17PM +, MV wrote: > > It is a program! Not a fixed mapping. It receives a sender address, > > and replies (with a possibly cached per-sender) answer which is > > computed on a mostly-round-robin basis. > > If that's not asking too much, could you please provide

Re: transport_maps "loops back to myself"

Wietse wrote: > In that case, arrange for whitelisting like ever legitimate sender does. I do that for Gmail, Yahoo, Microsoft, AOL .. and it works, so much so that we have never been graylisted by any of those folks despite the tens of thousands emails we send daily. But I can't afford do that f

Re: Attachment decoder (slightly O/T)

Hi Jeremy, > I was thinking of doing something similar to the above (re-encode > mime attachments) now but I'm not sure what the best way of handling > this is. I'm using the following setup to modify attachments from a specific sender only: /etc/postfix/master.cf: tiff2pdf unix - n

Re: Reject client from domains without MX records

Excuse me, i'll try to follow your rules. The HTML thing was due to the reader, i think it took web URL and emails into HTML tags. Excuses. Respect the exceptions list, you talk about cron emails using sendmail but it is using aliases table specified in main.cf also uses an email rewriter table sp