domain resolution in check_client_access tables

2013-11-17 Thread E.B.
Hello, I wanted to allow certain clients to relay by using a check_client_access lookup map. It works nice if I use IP addresses. If I use domain names, it stops working for my test environment. My test client doesn't have rDNS set up (I think this is the cause of "connect from unknown[x.x.x.

Re: domain resolution in check_client_access tables

2013-11-18 Thread E.B.
Thank you to Wietse and Viktor for the replies. Appreciate explanations very much. > On Sunday, November 17, 2013 4:42 PM, Viktor Dukhovni > wrote: > > On Sun, Nov 17, 2013 at 07:34:47PM -0500, Wietse Venema wrote: > > >> > I wanted to allow certain clients to relay by using a > check_c

Client host name resolution

2013-11-18 Thread E.B.
Hello, My understanding was clients for whom you see this in the logs: connect from unknown[1.2.3.4] Do not have a PTR/rDNS set up for themselves.  However, I recently tested a connection (using telnet on the client side, connecting to port 25) from a server that does have rDNS in place, but I

Re: Client host name resolution

2013-11-19 Thread E.B.
> On Monday, November 18, 2013 7:57 AM, Kris Deugau wrote: > > E.B. wrote: > >> Hello, >> >> My understanding was clients for whom you see this in the logs: >> >> connect from unknown[1.2.3.4] >> >> Do not have a PTR/rDNS set up f

Re: Client host name resolution

2013-11-19 Thread E.B.
>>>   Hello, >>> >>>   My understanding was clients for whom you see this in the logs: >>> >>>   connect from unknown[1.2.3.4] >>> >>>   Do not have a PTR/rDNS set up for themselves. >> >> For Postfix to include the rDNS in the log and Received: header, the PTR >> name must then resolve back

Re: Client host name resolution

2013-11-19 Thread E.B.
>> Thanks. So my understanding is correct that Postfix gets the hostnames you > see in the logs from PTR records? > > Yes. > >> You are saying that additionally, if the A record for the domain > doesn't match the client IP, the PTR will be ignored and thus you'll > still get "unknown"? >

Re: When to use proxymap

2013-12-13 Thread E.B.
> On Tuesday, August 14, 2012 6:19 PM, Viktor Dukhovni > wrote: > > On Tue, Aug 14, 2012 at 07:18:09PM -0400, Wietse Venema wrote: > >> > I read somewhere on this list that it's not necessary to use > proxymap >> > for transport table lookups. >> >> It is undesirable with the current a

smtpd custom reject for over quota

2015-04-17 Thread E.B.
Hi, Dovecot has a new feature that can set a flag in the userdb "quota_over_flag" http://wiki2.dovecot.org/Quota/Configuration#Overquota-flag_.28v2.2.16.2B-.29 I want to use this to reject messages during SMTP conversation for users that are over quota. I keep this flag in MySQL. I could very ea

[OT] Broken Selinux Postfix Policy?

2015-04-25 Thread E.B.
People with selinux knowledge I very really appreciate your advice!!. Trying to restart postfix installed from yum in Centos 7. Restart fails, I get: type=AVC msg=audit(1430429813.721:12167): avc: denied { unlink } for pid=31624 comm="master" name="defer" dev="dm-0" ino=981632 scontext=syst

Re: [OT] Broken Selinux Postfix Policy?

2015-04-26 Thread E.B.
> > People with selinux knowledge I very really appreciate your > > advice!!. > > > > Trying to restart postfix installed from yum in Centos 7. Restart > > fails, I get: > > > > type=AVC msg=audit(1430429813.721:12167): avc: denied { unlink } for > > pid=31624 comm="master" name="defer" dev="

Re: Stan Hoeppner's fqrdns.pcre file?

2015-04-26 Thread E.B.
HasStan stopped hosting/maintaining it? On Sun, 4/26/15, Michael Orlitzky wrote: Subject: Re: Stan Hoeppner's fqrdns.pcre file? To: postfix-users@postfix.org Date: Sunday, April 26, 2015, 11:32 AM On 04/26/2015 09:07 AM, Patrick Laimbock wrote

Re: [OT] Broken Selinux Postfix Policy?

2015-04-26 Thread E.B.
> HOWEVER: Looking more closely at my latest CentOS box makes me think > that something's wrong with your installation, since I can run > "systemctl restart postfix" without any problems. Note: > > # ls -lZ /var/spool/postfix/private/defer > srw-rw-rw-. postfix postfix system_u:object_r:postfix_pri

Resource usage of multiple instances

2015-06-19 Thread E.B.
Hi, I appreciate the development of multiple instances features thanks you for making it working so easy. I have a few domains that are light traffic right now, low volume mail but in future will become heavily using. Theres not a big need to have separate IP address or separate Postfix instances

Re: Resource usage of multiple instances

2015-06-19 Thread E.B.
Viktor, Thanks for the excellent write-up: > > My question is if there is general impact that every new > > Postfix instance has? Assuming that the volume of mail > > would be handled on the same server one way or another, > > what kind of impact does it have to run one postfix instance > > on ea

Re: Resource usage of multiple instances

2015-06-19 Thread E.B.
thanks again for responding! . > > Is it overkill to go 10-20 multiple instances vs. single > > instance with: > > > > - one submission per IP > > - one smtp bound to each IP > > You've not yet made a good case for dedicating an instance > per domain, instead of running all the domains on a si

Re: Resource usage of multiple instances

2015-06-19 Thread E.B.
Thank you Viktor! Subject: Re: Resource usage of multiple instances To: postfix-users@postfix.org On Fri, Jun 19, 2015 at 01:32:11PM -0700, E.B. wrote: > Can anyone provide reference to another thread on the list > or any studies

Efficiency of policy services? (spawn or daemon)

2015-07-08 Thread E.B.
Hi, I need create a custom policy service and I have a questions about efficiency/performance. I found two perl examples that are within my skill to understand and one is based from the example code in the Postfix examples/smtpd-policy/greylist.pl if you don't know I think this is http://heap.alt

Re: Efficiency of policy services? (spawn or daemon)

2015-07-09 Thread E.B.
> > I found two perl examples that are within my skill to understand > > and one is based from the example code in the Postfix > > examples/smtpd-policy/greylist.pl if you don't know I think this is > > http://heap.altlinux.org/usr/share/doc/postfix-2.2.11/examples/smtpd-policy/greylist.pl > > so i

Re: Efficiency of policy services? (spawn or daemon)

2015-07-09 Thread E.B.
> > while () { > > ... > > } > > > > So executed outside of Postfix it is a one-time script. > > > Nope. The above loop handles an arbitrary number of greylist queries, > until it sees EOF on the standard input stream. I see so its simply matter of postifx holds open STDIN of the script that expla

spawn service question

2015-07-14 Thread E.B.
Beginner question - I want to confirm that policy service running under postfix spawn could have multiple instances running (if there are multiple smptd processes) and so they should never cache any important user data in local memory because they would be out of sync with other instances of the sa

Re: spawn service question

2015-07-14 Thread E.B.
> However, all the requests from a single smtpd(8) service will go > to the same policy service instance. So in memory caching can be > used to construct per-transaction state (if, for example, the policy > service fires for each recipient and also at data and/or end of > data). That's guaranteed

Proxy database connections to a policy service?

2015-07-16 Thread E.B.
Another question about policy service run under postfix spawn--- If using a database to store policy service state, on a busy site I understand this could mean possibly very large number of policy servers along with each smtpd service. if each policy service has a DB connection this could be to

Re: Proxy database connections to a policy service?

2015-07-16 Thread E.B.
> > Another question about policy service run under postfix spawn--- > > Using spawn is not mandatory you know. Yes, I have been considering alternate to run a external daemon instead. According to this thread, I undersatnd if database connections are concern, choice to use external daemon could b

Re: Proxy database connections to a policy service?

2015-07-16 Thread E.B.
> > > You could run a small pool > > > (1 or more) of processes each of which handles multiple concurrent > > > smtpd connections. > > > > Sorry, sort of beginner programmer question, to be clear > > what you say, concurrent connections would be handled by > > a policy server by spawning a new thre

Re: Proxy database connections to a policy service?

2015-07-16 Thread E.B.
> > > > > You could run a small pool > > > > > (1 or more) of processes each of which handles multiple concurrent > > > > > smtpd connections. > > > > > > > > Sorry, sort of beginner programmer question, to be clear > > > > what you say, concurrent connections would be handled by > > > > a policy s