How to conditionally deliver to a different server ONLY when a main/usual network path is down?

Hi, I've been working on setting up a Postfix + Dovecot mail service that's split across two machines. It took me awhile to work out the kinks, but it now works like this: mail in -> [ Postfix ] -> deliver over vpn -> [ Postfix ] -> deliver locally -> [ Dovecot IMAP ] [

Mail forward vs duplication

Hello colleagues! Please help me solve the problem with duplicate letters when sending mail. The problem manifests itself in one of two cases, and the solutions are mutually exclusive: We have a mailbox emar...@domain.com, to which some external analytics application has access. This mailbox is

Re: How to conditionally deliver to a different server ONLY when a main/usual network path is down?

On 6/14/2021 7:21 AM, Bill wrote: What I'm trying to achieve is something like: mail in -> [ Postfix ] -> deliver over vpn -> [ Postfix ] -> deliver locally -> [ Dovecot IMAP ] [ CloudServer A ][ LocalServer B ] [ LocalSe

Postfix stable release 3.6.1 and legacy releases 3.5.11, 3.4.21, 3.3.18

[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.6.1.html] Fixed in Postfix 3.6.1, 3.5.11, 3.4.21, 3.3.18: * Bugfix (introduced: Postfix 2.11): the command "postmap lmdb:/file/name" (create LMDB database from textfile) handled

Re: How to conditionally deliver to a different server ONLY when a main/usual network path is down?

[deliver to local Dovecot replica when SMTP is down] Noel Jones: > Maybe use local (split DNS) MX records records to deliver locally > when the remote vpn connection Postfix-B is unavailable. This would > probably require a second local postfix instance to receive the mail > for dovecot since M

Re: How to conditionally deliver to a different server ONLY when a main/usual network path is down?

> Maybe use local (split DNS) MX records records to deliver locally when the > remote vpn connection Postfix-B is unavailable. I hadn't considered an alternate MX. IIUC, if multiple MXs are defined, Postfix will always attempt delivery first to the lowest priority# MX, and (according to some co

Re: Unable to get Postfix to respond on port 465

Thanks everyone. I'm still at a loss here. I have tried everything you guys have suggested and it's also not a firewall issue so at this point I have no idea why I can't get this to work. Currently I have the following in my master.cf for port 465... 465 inet n - n - -

Re: Unable to get Postfix to respond on port 465

Dnia 14.06.2021 o godz. 09:51:30 Linda Pagillo pisze: > > Any other ideas of what may be causing this? Is it possible that the client is trying STARTTLS (and not TLS-wrapped SMTP) on port 465? Have you tried a different mail client instead of Outlook? -- Regards, Jaroslaw Rafa r...@rafa.e

Re: Unable to get Postfix to respond on port 465

Linda Pagillo: > The packets come in, but there is no response to them on eth0... That is exactly what happens when a firewall drops the packets. Wietse

Re: Mail forward vs duplication

On 14.06.21 15:51, yuryb wrote: Please help me solve the problem with duplicate letters when sending mail. The problem manifests itself in one of two cases, and the solutions are mutually exclusive: [...] In both cases, each email addressed to emar...@domain.com comes twice. The problem is

Re: Unable to get Postfix to respond on port 465

On 14/06/2021 15:51, Linda Pagillo wrote: Thanks everyone. I'm still at a loss here. I have tried everything you guys have suggested and it's also not a firewall issue so at this point I have no idea why I can't get this to work. Currently I have the following in my master.cf

Re: Unable to get Postfix to respond on port 465

On Mon, Jun 14, 2021 at 04:07:06PM +0100, Dominic Raferd wrote: > > Thanks everyone. I'm still at a loss here. I have tried everything you > > guys have suggested and it's also not a firewall issue so at this > > point I have no idea why I can't get this to work. Currently I have > > the follow

Re: Unable to get Postfix to respond on port 465

On Mon, Jun 14, 2021 at 04:55:42PM +0200, Jaroslaw Rafa wrote: > Dnia 14.06.2021 o godz. 09:51:30 Linda Pagillo pisze: > > > > Any other ideas of what may be causing this? > > Is it possible that the client is trying STARTTLS (and not TLS-wrapped > SMTP) on port 465? Random speculation inconsis

Re: Unable to get Postfix to respond on port 465

On 2021-06-14 at 10:51:30 UTC-0400 (Mon, 14 Jun 2021 09:51:30 -0500) Linda Pagillo is rumored to have said: > Any other ideas of what may be causing this? SELinux or AppArmor? -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) N

Re: Unable to get Postfix to respond on port 465

Thank you all again. Back to the network troubleshooting :) On Mon, Jun 14, 2021 at 10:26 AM Viktor Dukhovni wrote: > On Mon, Jun 14, 2021 at 04:55:42PM +0200, Jaroslaw Rafa wrote: > > > Dnia 14.06.2021 o godz. 09:51:30 Linda Pagillo pisze: > > > > > > Any other ideas of what may be causing this

Re: Unable to get Postfix to respond on port 465

Hi Bill. Both are disabled for the moment, but it was running AppArmor. On Mon, Jun 14, 2021 at 10:42 AM Bill Cole < postfixlists-070...@billmail.scconsult.com> wrote: > On 2021-06-14 at 10:51:30 UTC-0400 (Mon, 14 Jun 2021 09:51:30 -0500) > Linda Pagillo > is rumored to have said: > > > Any othe

Re: Unable to get Postfix to respond on port 465

If packets for port 465 arrive on eth0 and nothing is sent in response then we know the following: 1) Your system replies to ARP requests. So there is two-way communication at the ethetnet layer. 2) Your system does not respond to TCP SYN requests. There is no two-way communication at the TCP lay

LMTP connection

Greetings, I am using Postfix 3.6.0 on NetBSD 9.2 with Dovecot 2.3.14 acting as LMTP service. LMTP was working, but I was unhappy with the message Recipient address rejected: unverified address: host mail.example.com[/var/run/dovecot/lmtp]: ... because it expose name of IMAP server and it is

Re: LMTP connection

I found that private/lmtp is the service which do the actual transport into other LMTPs, so it should not be replaced in any way. This was my mistake, excuse me. On 14.06.2021 17:43, Dima Veselov wrote: Greetings, I am using Postfix 3.6.0 on NetBSD 9.2 with Dovecot 2.3.14 acting as LMTP servic

Re: Unable to get Postfix to respond on port 465

Thank you Wietse. I have already verified and reverified with our server host that port 465 is open on their main fw. However, when I do a port scan to 465 from the outside it says it is closed. My server host did the same scan and said that it's not them and it's a firewall on the server. I only

[BUG] tls_server_sni_maps parameter can't use texthash tables

Hi, all! My apologies if I've gotten anything wrong below. Version --- 3.4.13-0ubuntu1 (from Ubuntu 20.04.2) (although I suspect this affects all versions >= 3.4) Configuration - /etc/postfix/main.cf: smtpd_tls_security_level = may tls_server_sni_maps = texthash:/etc/pos

Re: LMTP connection

Dima Veselov: > I found that private/lmtp is the service which do > the actual transport into other LMTPs, so it should not be > replaced in any way. Confirmed. This is how Postfix connects to its own LMTP client. That client uses a TCP or UNIX-domain socket to talk to an LMTP server. Wie

Re: How to conditionally deliver to a different server ONLY when a main/usual network path is down?

On 6/14/2021 9:47 AM, Bill wrote: Maybe use local (split DNS) MX records records to deliver locally when the remote vpn connection Postfix-B is unavailable. I hadn't considered an alternate MX. IIUC, if multiple MXs are defined, Postfix will always attempt delivery first to the lowest prio

Re: [BUG] tls_server_sni_maps parameter can't use texthash tables

Christopher Gurnee: > Workaround > -- > > Use a hash table: > tls_server_sni_maps = hash:/etc/postfix/tls_server_sni > and create it with: > sudo postmap -F /etc/postfix/tls_server_sni There is some code that was added to postmap/postmap.c but not to util/dict_thash.c. This is a

Re: [BUG] tls_server_sni_maps parameter can't use texthash tables

Wietse Venema: > Christopher Gurnee: > > Workaround > > -- > > > > Use a hash table: > > tls_server_sni_maps = hash:/etc/postfix/tls_server_sni > > and create it with: > > sudo postmap -F /etc/postfix/tls_server_sni > > There is some code that was added to postmap/postmap.c but

Re: [BUG] tls_server_sni_maps parameter can't use texthash tables

That was quick, thanks! Regards, Chris On 06/14/2021 4:22 pm, Wietse Venema wrote: Wietse Venema: Christopher Gurnee: > Workaround > -- > > Use a hash table: > tls_server_sni_maps = hash:/etc/postfix/tls_server_sni > and create it with: > sudo postmap -F /etc/postfix/tls_serv

Re: [BUG] tls_server_sni_maps parameter can't use texthash tables

Christopher Gurnee: > That was quick, thanks! Well you did the work by finding the missing code in postmap.c :-) Wietse

Re: [BUG] tls_server_sni_maps parameter can't use texthash tables

On Mon, Jun 14, 2021 at 04:57:24PM -0400, Christopher Gurnee wrote: > That was quick, thanks! Welcome to Postfix, where we don't let bugs linger and have no (need for a) bug tracking system, because there are no open bugs. Bugs are fixed in near real time, and show up in snaphots and patch relea

Re: Unable to get Postfix to respond on port 465

On Mon, Jun 14, 2021 at 01:55:40PM -0500, Linda Pagillo wrote: > I have already verified and reverified with our server host that port 465 > is open on their main fw. However, when I do a port scan to 465 from the > outside it says it is closed. My server host did the same scan and said > that it'