Am 17.04.2014 08:49, schrieb Patrick Proniewski:
> As you wrote, it's very complex. But more importantly it's almost certainly
> useless because next change in Postfix settings or next Postfix update can
> also change log outputs and break your patterns. Now imagine you host several
> Postfix in
On 2014-04-17 Ziv Barber wrote:
> One small question, if you can answer me:
>
> For every user, do I have to create real unix user?
No. Please read the documentation on virtual hosting:
http://www.postfix.org/VIRTUAL_README.html
While people on this list are willing to help you with problems,
hi,
in our university we have to use a relay server, for delivering mails to
external destinations. It works since two years with:
smtp_fallback_relay = mailout.example.com
Postfix tries to deliver the mail directly, but it fails, with a connection
refused /network unreachable(ipv6) (blocked
Ziv Barber skrev den 2014-04-16 19:10:
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
# reject_unknown_client,
smtpd_mumble_restrictions stops here, since # lines does not imho
continue next line restrictions, when you move this line it works i bet
:=)
reje
hi,
Am 17.04.2014 um 13:16 schrieb Denny Fuchs :
> smtp_fallback_relay = mailout.example.com
just for testing: I added relayhost = mailout.example.com && postfix reload
&& postsuper -r && sendmailq -q .. and mails are delivered through the
relay server. So, it was working. After that, I re
On 4/17/2014 6:42 AM, Benny Pedersen wrote:
> Ziv Barber skrev den 2014-04-16 19:10:
>
>> smtpd_recipient_restrictions = permit_mynetworks,
>> reject_unauth_destination,
>> # reject_unknown_client,
>
> smtpd_mumble_restrictions stops here, since # lines does not imho
> continue next line restric
Last Fall, Viktor posted a patch that introduced a new % substitution
that I thought would be very useful for my setup. From his original e-mail:
> With:
>
>search_base = ou=People, %,
>query_filter = mail=%s
>
> a query for u...@example.com will use the search base:
>
>ou=
On 4/17/2014 7:04 AM, Denny Fuchs wrote:
> hi,
>
> Am 17.04.2014 um 13:16 schrieb Denny Fuchs :
>
>
>> smtp_fallback_relay = mailout.example.com
>
> just for testing: I added relayhost = mailout.example.com && postfix reload
> && postsuper -r && sendmailq -q .. and mails are delivered throu
Denny Fuchs:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> hi,
>
> in our university we have to use a relay server, for delivering mails to
> external destinations. It works since two years with:
>
> smtp_fallback_relay = mailout.example.com
>
> Postfix tries to
Mello, Cody:
> Last Fall, Viktor posted a patch that introduced a new % substitution
> that I thought would be very useful for my setup. From his original e-mail:
>
> > With:
> >
> >search_base = ou=People, %,
> >query_filter = mail=%s
> >
> > a query for u...@example.com will use
On Thu, Apr 17, 2014 at 09:55:59AM -0400, Wietse Venema wrote:
> With this:
>
> mailin.marc-werner.eu. 86060 IN MX 10 mx01.isphosts.de.
> mailin.marc-werner.eu. 86060 IN MX 100 mx02.isphosts.net.
> mx01.isphosts.de. 273 IN A 109.239.57.96
> mx02.isph
On Thu, Apr 17, 2014 at 10:08 AM, Wietse Venema wrote:
>
> This needs a better user interface.
In which ways? Do you mean to avoid making people follow the RFC2247
style of writing the base DN? Or is there something else?
>
> Wietse
hi,
Am 17.04.2014 um 15:21 schrieb Noel Jones :
> Typically in your situation one would use relayhost, with
> transport_maps overrides for internal destinations that are directly
> reachable.
thanks @all for debugging ... I think, is is simply broken, what the maintainer
of the zone does. Is th
On 4/17/2014 9:55 AM, Denny Fuchs wrote:
> hi,
>
> Am 17.04.2014 um 15:21 schrieb Noel Jones :
>
>> Typically in your situation one would use relayhost, with
>> transport_maps overrides for internal destinations that are directly
>> reachable.
>
> thanks @all for debugging ... I think, is is sim
Wietse Venema:
> With this:
>
> mailin.marc-werner.eu. 86060 IN MX 10 mx01.isphosts.de.
> mailin.marc-werner.eu. 86060 IN MX 100 mx02.isphosts.net.
> mx01.isphosts.de. 273 IN A 109.239.57.96
> mx02.isphosts.net. 285 IN A 127.0.0.1
Any way to have the backend send through the proxy outbound? Would appreciate
some input. Thanks again
--
View this message in context:
http://postfix.1071664.n5.nabble.com/smtp-bind-address-not-working-through-proxy-tp67034p67109.html
Sent from the Postfix Users mailing list archive at Nabble.
sedandgrep:
> Any way to have the backend send through the proxy outbound? Would appreciate
> some input. Thanks again
Which of these runs Postfix?
Wietse
On Thu, Apr 17, 2014 at 10:53:53AM -0400, Mello, Cody wrote:
> > This needs a better user interface.
>
> In which ways? Do you mean to avoid making people follow the RFC2247
> style of writing the base DN? Or is there something else?
The "%," notation could perhaps be less cryptic or more genera
Just the backend. The nginx is an smtp/imap proxy and both work fine. The
only issue is that postfix seems to send directly to external domains, which
I find strange.
--
View this message in context:
http://postfix.1071664.n5.nabble.com/smtp-bind-address-not-working-through-proxy-tp67034p67112.
On Thu, Apr 17, 2014 at 09:51:04AM -0700, sedandgrep wrote:
> Just the backend. The nginx is an smtp/imap proxy and both work fine. The
> only issue is that postfix seems to send directly to external domains, which
> I find strange.
This is a new use of the word "strange" I've never seen before.
Yes you are correct. MTAs do send direct to other domains. But if there isn't
a way to get postfix to send via the proxy, it defeats the purpose for my
use. A workaround is simply to place the postfix/dovecot server on a
completely separate box and run no smtp/imap proxy at all. I would have
better
Viktor Dukhovni:
> On Thu, Apr 17, 2014 at 10:53:53AM -0400, Mello, Cody wrote:
>
> > > This needs a better user interface.
> >
> > In which ways? Do you mean to avoid making people follow the RFC2247
> > style of writing the base DN? Or is there something else?
>
> The "%," notation could perha
sedandgrep:
> Just the backend. The nginx is an smtp/imap proxy and both work fine. The
> only issue is that postfix seems to send directly to external domains, which
> I find strange.
In that case smtp_bind_address is not the solution. Instead
ise relayhost or transport_maps.
Wietse
On Thu, Apr 17, 2014 at 10:04:26AM -0700, sedandgrep wrote:
> Yes you are correct. MTAs do send direct to other domains. But if there isn't
> a way to get postfix to send via the proxy, it defeats the purpose for my
> use. A workaround is simply to place the postfix/dovecot server on a
> completel
Am 17.04.2014 19:04, schrieb sedandgrep:
> Yes you are correct. MTAs do send direct to other domains. But if there isn't
> a way to get postfix to send via the proxy, it defeats the purpose for my
> use. A workaround is simply to place the postfix/dovecot server on a
> completely separate box and
I'm glad you posted this. I have been seeing these various agents sending
email to me from addresses of my own domain that I don't even have. I have
been looking at the logs and these "agents" are being sent all day. It was
also a mess getting the smtp proxy to work both with imap proxy with nginx
You guys have been very helpful. Even if I needed a proxy, I should go with
another postfix as proxy and not something else like nginx. The best
solution is just a WAN facing postfix/dovecot but still use nginx for my
actual web. I fear a web exploit would gain access to everything including
the da
I knew something was wrong with this setup. The unauthorized agents sending
mail and the fact that I felt the MTA sending outbound directly was strange.
What was strange was what I thought!
--
View this message in context:
http://postfix.1071664.n5.nabble.com/smtp-bind-address-not-working-throu
On Thu, Apr 17, 2014 at 12:20 PM, Viktor Dukhovni
wrote:
> On Thu, Apr 17, 2014 at 10:53:53AM -0400, Mello, Cody wrote:
>
>> > This needs a better user interface.
>>
>> In which ways? Do you mean to avoid making people follow the RFC2247
>> style of writing the base DN? Or is there something else?
On Thu, Apr 17, 2014 at 01:08:11PM -0400, Wietse Venema wrote:
> For example, "dc=%{labels:d,}" produces a comma-separated list of
> "dc=example, dc=com" given an email address of u...@example.com.
This specific example works poorly, because the construct in question
is part of a larger single st
Hi,
For a GNU GPLv3 open source project I'm working on - the ELSE - and
about which I posted some time ago there, I've studied greylisting and
various open source tools like PostGrey, or GLD (that seems to not be
maintained any more), or policyd. I've also read
http://www.postfix.org/SMTPD_PO
Am 17.04.2014 21:26, schrieb Nicolas HAHN:
> For a GNU GPLv3 open source project I'm working on - the ELSE - and about
> which I posted some time ago there, I've
> studied greylisting and various open source tools like PostGrey, or GLD (that
> seems to not be maintained any more),
> or policyd.
Viktor Dukhovni:
> I realize this leaves "%," deadlocked for now between opposite
> poles of "too specialized" and "needlessly over-generalized".
>
> Resolving this requires either new insight to find the more general
> use-cases, or sufficient evidence to conclude that nothing more
> general is l
In short, the GreyLSE is:
- a daemon made with C/C++
- needs the PostgreSQL database of the ELSE because works only with that
forget it - starting 2014 and limit to a single DB backend is crazy
Hummm... It's a new tool... The possibility to use other backends in the
futur is not closed speci
Am 17.04.2014 21:44, schrieb Nicolas HAHN:
> In short, the GreyLSE is:
> - a daemon made with C/C++
> - needs the PostgreSQL database of the ELSE because works only with that
>
>> forget it - starting 2014 and limit to a single DB backend is crazy
>
> Hummm... It's a new tool... The possibility
MySQL... :)
don't get me wrong but abstraction layers exists
http://www.tildeslash.com/libzdb/
nobody needs to write backends for every database
frankly for a greylisting daemon there is no need for a full-featured database
server
like MySQl or PostgrSQL, in context of postfix it should at l
On 17-04-14 21:56, li...@rhsoft.net wrote:
[snip]
frankly for a greylisting daemon there is no need for a full-featured database
server
like MySQl or PostgrSQL, in context of postfix it should at least support BDB as
postfix does
Why add BDB when there's LMDB? Postfix also supports LMDB and be
Am 17.04.2014 22:48, schrieb Patrick Laimbock:
> On 17-04-14 21:56, li...@rhsoft.net wrote:
> [snip]
>> frankly for a greylisting daemon there is no need for a full-featured
>> database server
>> like MySQl or PostgrSQL, in context of postfix it should at least support
>> BDB as
>> postfix does
an no database abstraction alyer is *really not* the performance problem
to excuse a "vendor-lockin" or to say it in other words: if you start
these days a proect and the frist decision you make is what RDBMS you
will use your whole software design is broken from that moment
Again, we'll see
On Thu, Apr 17, 2014 at 10:55:32PM +0200, li...@rhsoft.net wrote:
> whatever backends, there needs to be at least one without an
> explicit daemon and no maintainance of the backend itself
> or a free choice
Give the OP a break, it seems he is trying to put together an
integrated tool set, rather
I wrote yesterday that I couldn't map root to a virtual user. It seems the
problem is more
fundamental than that. I can't create an alias for any virtual user.
>From my understanding of the man pages, the virtual aliases should be mapped
>in cleanup. I
tried turning on verbose logging of cleanup
On Thu, Apr 17, 2014 at 05:12:04PM -0500, Andy Howell wrote:
> I wrote yesterday that I couldn't map root to a virtual user. It
> seems the problem is more fundamental than that. I can't create an
> alias for any virtual user.
>
> ...
> receive_override_options = no_address_mappings
> ...
There'
On 04/17/2014 06:10 PM, Viktor Dukhovni wrote:
> On Thu, Apr 17, 2014 at 05:12:04PM -0500, Andy Howell wrote:
>
>> I wrote yesterday that I couldn't map root to a virtual user. It
>> seems the problem is more fundamental than that. I can't create an
>> alias for any virtual user.
>>
>> ...
>> rece
On Thu, Apr 17, 2014 at 10:05:05PM +0200, Nicolas HAHN wrote:
>
> exist. Except that the GreyLSE is built for ISP type loads (well, this is
> what I wouldl ike to focus on), and my wish was to optimize the thing
> everywhere possible. Adding abstraction layers is adding milliseconds to
> the proce
to compile it with various DB libs... Why not...
SQL backend for greylisting and most other stuff is pretty pointless and
awkward to set up. My own perl greylister simply stores everything in
memory and easily performs 5000+ requests per second. If you need more
redundancy, you could simply
45 matches
Mail list logo
