# dnf info postfix
Updating Subscription Management repositories.
Last metadata expiration check: 2:52:06 ago on Sun 23 May 2021 11:07:16 AM PDT.
Installed Packages
Name : postfix
Epoch: 2
Version : 3.5.8
Release : 1.el8
Architecture : x86_64
Size : 4.4 M
Source
> Simon Wilson
> M: 0400 121 116
>
>
> From: Viktor Dukhovni
> Sent: Monday, 24 May 2021 7:51 am
> To: postfix-users@postfix.org
> Subject: Re: discarding EHLO keywords: CHUNKING
>
> > On Sun, May 23, 2021 at 02:16:24PM -0700, Greg Sims wr
I am tuning the performance of our mail server.We collect
information in our logs every 10 seconds including qshape, iostat,
free and mpstat. It seems that the maxproc parameter in master.cf is
important for us as we can see the size of the queues decrease as we
increase maxproc -- as expected
hanks for the feedback! Greg
www.RayStedman.org
Blessings, Greg
www.RayStedman.org
On Sun, Jul 11, 2021 at 7:04 PM Viktor Dukhovni
wrote:
>
> On Sat, Jul 10, 2021 at 07:34:15AM -0700, Greg Sims wrote:
>
> > I am tuning the performance of our mail server.We collect
> > i
Hi There,
We have a CentOS 7 Server that is running several KVMs of both CentOS 7 and
CentOS 8. We have a CentOS 7/Postfix KVM running as a production mail
server in this environment.
I am trying to build a CentOS 8/Postfix KVM -- but run into an error on
reboot. Here is the full error:
fatal:
Thank you all for your feedback on this issue.
The network on this KVM is configured statically in the kickstart
installation file.
I applied Peter's solution and it works perfectly.
There is a straight-forward workaround to this issue.
* set "inet_interfaces = all" in main.cf (the default)
We have a KVM running Postfix on CentOS 8. The VM does not have access to
IPV6 (something I hope to fix in the future). Here is "ip addr" for the
public interface of the VM (the ip/mac addresses has been obscured).
3: ens4: mtu 1500 qdisc fq_codel state UP
group default qlen 1000
link/ether
dress" messages in the maillog. It is interesting to
note that the relay to random ip addresses works well -- just the message
in maillog is the problem.
Thanks again! Greg
www.RayStedman.org
On Thu, Jun 25, 2020 at 12:24 PM Wietse Venema wrote:
> Greg Sims:
> > warning: smtp_conn
t;
BOOTPROTO="none"
IPADDR="74.xxx.xxx.192"
PREFIX="29"
Thanks, Greg
www.RayStedman.org
On Thu, Jun 25, 2020 at 5:29 PM Wietse Venema wrote:
> Greg Sims:
> > I did notice that the 75.126.xxx.xxx addresses are not known to an
> > interface on the VM.
he VM with ens4 NM_CONTROLLED="yes" using Secondary ip
addresses. I can gather data for this configuration of the VM if you wish.
Thanks, Greg
www.RayStedman.org
On Fri, Jun 26, 2020 at 5:49 AM Wietse Venema wrote:
> Greg Sims:
> > inet 74.xxx.xxx.192/29 brd 74.xxx.xxx.1
stent using the
75.xxx.xxx.xxx set of ip addresses.
Thanks, Greg
www.RayStedman.org
On Fri, Jun 26, 2020 at 7:40 AM Wietse Venema wrote:
> Greg Sims:
> > Good Morning Wietse,
> >
> > The error message is the same in this configuration with ens4
> > NM_CONTROLLED="no"
2020-06-26 16:56, Greg Sims wrote:
> > ip addr
> > =
> > 3: ens4: mtu 1500 qdisc fq_codel
> > state
> > UP group default qlen 1000
> > link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
> > inet 108.xxx.xxx.45/29 brd 108.xxx.xxx.47 scope global
We are making good progress building a mail server. The server is a KVM
running CentOs 8.2 with vcpus=2 and ram=4GB. The system is under heavy
load and is likely limited by disk performance. The load is generated by a
second KVM using SMTP to send email. Everything seems to be working except
the
Nothing Christian:
[root@mail0 postfix]# journalctl -u postfix@-.service --since="2020-07-12
03:06:00" --until="2020-07-12 03:11:00"
-- Logs begin at Sat 2020-07-11 09:35:28 CDT, end at Sun 2020-07-12
15:50:00 CDT. --
-- No entries --
Greg Sims
Blessings, Greg
www.RayStedm
illog -- almost
50,000 records. You discovered a way to gain access to the missing data!
The big question for me continues to be, why did this data not make it to
/var/log/maillog?
Greg Sims
On Sun, Jul 12, 2020 at 2:40 PM Christian Kivalo
wrote:
> On 2020-07-12 23:01, Greg Sims wrote:
>
h my goals using
journalctl.
I am more than willing to collect data to help determine why the three
minutes of log data is not making it to /var/log/maillog. To be honest, I
do not know how to "... find out how your syslog daemon gets the messages
from the systemd journal.".
Greg Sims
On Su
is
is the expected behavior.
Apache is also running on this VM. I performed "tail
/var/log/httpd/access_log" and can see Apache logging.
Greg Sims
www.RayStedman.org
On Sun, Jul 12, 2020 at 5:08 PM Greg Sims wrote:
> I updated my maillog processing tool to make use of journalctl.
We are distributing a daily email to our subscribers -- which generates a
large burst of email. We have main.cf configured as follows:
sender_dependent_default_transport_maps =
randmap:{r192,r193,r194,r195,r196,r197,r198}
smtp_connection_cache_on_demand=no
Distributing the traffic across seven ip
ort (I agree,
likely no help)
(4) other ideas?
Thanks, Greg
www.RayStedman.org
On Wed, Jul 22, 2020 at 8:37 AM Viktor Dukhovni
wrote:
> On Wed, Jul 22, 2020 at 07:38:52AM -0700, Greg Sims wrote:
>
> > We have main.cf configured as follows:
> >
> > sender_de
> What is the best way to configure for the following message from
outlook.com
> in the maillog:
>
> said: 451 4.7.652 The mail server [] has exceeded the
> maximum number of connections.
>
> Please note the email is being created on a VM with .
> The email is then sent to our new mail server v
We are seeing: "has exceeded the maximum number of connections" in our
logs for domains associated with outlook.com. We have a transport
named "outlook:" in transport.regexp as follows:
# outlook.com domains
#
/@outlook(\.[a-z]{2,3}){1,2}$/ outlook:
/@hotmail(\.[a-z]{2,3}){1,2}$/ outlook:
/@liv
rg
On Thu, Jul 30, 2020 at 3:52 PM Viktor Dukhovni
wrote:
>
> On Thu, Jul 30, 2020 at 10:58:20AM -0700, Greg Sims wrote:
>
> > We are seeing: "has exceeded the maximum number of connections" in our
> > logs for domains associated with outlook.com. We have a tra
The situation with outlook got much worse in our overnight runs. We
transferred 7K subscriber emails to relays ending in outlook.com and
saw the following feedback in our logs:
MaxConnections: 83, Connection: 1386, RateLimited: 6392
where the following regexp is used in our log post-processor:
> Your real problem is however your IP reputation. If you're sending
> unsolicited email, or you have relay customers sending unsolicited mail,
> then your difficulties delivering it are a desirable feature of
> Microsoft's email service. If you're sending email outlook.com
> customers want, then
> > I looked for domains that *are not* using the outlook: transport but
> > are using the outlook.com relay servers. There are 383 such domains
> > -- the vast majority are one email address per domain. These domains
> > are competing for the limited number of outlook.com connections and
> > the
> > I changed master.cf to 3 processes for outlook: in hopes of reducing
> > MaxConnections feedback -- I can not go much smaller.
>
> This has been asked before: when Outlook puts you in the penalty
> box and starts ratelimiting your new connections, was that because
> a) you exceeded a limit for
> I suspect the real problem was that hundreds of domains were not
> directed to the low-concurrency 'outlook' transport, and that
> connection count 'overshoot' due to unused cached connections was
> a red herring.
Please recall that I collected 383 email domains into
transport.outlook.regexp. I
This is a typical 5 minute interval of Connection Cache data:
scache Aug 15 01:49:18 - Aug 15 01:54:18,
domain hits=52 miss=69 success=42%,
address hits=0 miss=117 success=0%,
max simultaneous domains=7 addresses=7 connection=22
The README says: "Connection cache lookups by network
We are running with the Connection Cache enabled with the default settings and:
sender_dependent_default_transport_maps = randmap:{r235,r236,r237,r238}
Here are the number of emails we sent on each of the four transports
over a fixed interval of time:
3,363 -- r235
3,398 -- r236
3,349 -
I have looked at a number of maillogs where we receive the 'exceeded
the maximum number of connections' error from the outlook servers.
The following is very telling. The first nine are reformatted
'status=sent' records followed by a 'status=deferred' from outlook. I
obscured the email address an
e have available?
Thanks you, Greg
www.RayStedman.org
Blessings, Greg
www.RayStedman.org
On Sat, Aug 22, 2020 at 1:36 PM Wietse Venema wrote:
>
> Wietse Venema:
> > Greg Sims:
> > > sender_dependent_default_transport_maps = randmap:{r235,r236,r237,r238}
> > >
> >
I would like to separate our bulk email and transactional email on
different ip addresses. All of the transactional email will be sent
to a remote email gateway for delivery. This gateway is authenticated
by ip address.
It seems that I need to add an entry to my transport.regexp so all
email for
Greg Sims wrote:
>
> I would like to separate our bulk email and transactional email on
> different ip addresses. All of the transactional email will be sent
> to a remote email gateway for delivery. This gateway is authenticated
> by ip address.
>
> It seems that I need
I got the chance to work on what you recommended. Thank you Wietse.
main.cf:
# transactional email for the ministry
sender_dependent_relayhost_maps = regexp:/etc/postfix/sender_relay.regexp
sender_relay.regexp:
# email sent from the ministry domain will use the raystedman: smtp
transport and rel
> I told you to use SENDER_DEPENDENT_DEFAULT_TRANSPORT_MAPS
Things do work much better when using the correct configuration in main.cf.
Thank you Wietse, Greg
www.RayStedman.org
On Sat, Aug 29, 2020 at 6:16 AM Wietse Venema wrote:
>
> Greg Sims:
> > I got the chance to w
Here are the stats from this morning:
* email arrival rate: 1,000/minute
* outlook.com email sent: 7,113
* MaxConnections: 17
MaxConnections increases with the email arrival rate. It is consistent day
to day at a given email arrival rate. We are currently running four
outlook transports o
irected them to look in their Spam
Folder. I also saw that Microsoft SNDS status went from "yellow" to
"red" for our IP addresses this morning.
Thanks, Greg
www.RayStedman.org
Blessings, Greg
www.RayStedman.org
On Mon, Aug 31, 2020 at 1:24 PM Viktor Dukhovni
wrote:
>
>
I placed the following post from Wietse in our main.cf -- let's call
this "mx_access":
# There is a crude way to automatically group messages by destination
# MX hosts, but that works only for the special case that all messages
# have exactly one recipient or all recipients in the same domain.
#
#
com reliably relay
the message to recipients that do not have an outlook.com domain?
Blessings, Greg
www.RayStedman.org
Blessings, Greg
www.RayStedman.org
On Tue, Sep 8, 2020 at 4:09 PM Wietse Venema wrote:
>
> Greg Sims:
> > I placed the following post from Wietse in our main.c
We divided our outbound email into two streams: transactional and
bulk. Each of the streams uses different ip addresses. One ip for
transactional email and a randmap group of four ips for bulk email.
The transactional email is sent from domain @raystedman.org. The bulk
email is sent from a subdo
> A more targeted approach is to use smtp_delivery_status_filter with
> a regexp that targets that exact error message, and that changes a
> 'hard' reject into a soft one.
> For inspiration to turn hard into soft rejects, see examples at
> http://www.postfixlorg/postconf.5.html#default_delivery_st
We are receiving the following in our email logs:
Mar 09 08:12:15 mail01.raystedman.org postfix/smtpd[13431]: warning:
hostname mail01.raystedman.org does not resolve to address 192.168.122.12
This warning is in fact true. I believe something is not configured
correctly.
The postfix mail server
the issue. I do not believe we need to configure
DNS as the LAN does not exist outside of the Host.
Thanks again victor, Greg
www.RayStedman.org
On Tue, Mar 9, 2021 at 9:57 AM Viktor Dukhovni
wrote:
> On Tue, Mar 09, 2021 at 09:35:35AM -0800, Greg Sims wrote:
>
> > Mar 09 08:
Hi There,
We have been running Postfix successfully for months now. We sent an
email to two subscriber groups last night. We monitor the number of
emails we send per minute with the following report:
00:30541564601655633498376342
615498
00:40
Great ideas guys -- Thanks! Greg
www.RayStedman.org
On Mon, Mar 29, 2021 at 7:26 AM Richard James Salts
wrote:
> On Monday, 29 March 2021 9:34:13 AM AEDT Wietse Venema wrote:
> ...
> > Third, look with mtr at the latency pattern. If part of your traffic
> > goes over a satellite, of if it is tu
Hi There,
We recently moved from RHEL 6/Postfix to CentOS 7/Postfix. I see a change
in the maillog that I need help understanding.
We are using mailman to manage three lists totaling 21K subscribers. Each
email is sent using VERP so that the Sender and Errors-to headers are
unique -- containin
We have been running without TLS for many years. Some of the ISPs are
beginning to complain about not sending mail using TLS. We enabled
outbound smtp as a result. Postfix receives email only from our
private network -- we do not use inbound smtpd_tls as a result.
Our main.cf contains:
sm
TLS connections are being reused about 10% of the time for larger ISPs.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
consistent throughout the peak demand period.
Best, Greg
On Tue, May 21, 2024 at 7:12 AM Viktor Dukhovni via Postfix-users
wrote:
>
> On Tue, May 21, 2024 at 06:51:08AM -0500, Greg Sims via Postfix-users wrote:
>
> > Our main.cf contains:
> > smtpd_tls_cert_file =
> &g
TLS connection reuse is being used. About 10% of the connections are
reused for large volume ISPs. Small volume ISPs do not see connection
reuse. I believe this is as expected.
I did some testing of our DNS setup. A DNS query using dig is less
than 20 msec for both our primary and secondary dns
TLS connection reuse is being used. About 10% of the connections are
reused for large volume ISPs. Small volume ISPs do not see connection
reuse. I believe this is as expected.
I did some testing of our DNS setup. A DNS query using dig is less
than 20 msec for both our primary and secondary dns
Thank you again for your feedback on this issue.
I watched the workload in real time this morning and now have more
insight into what is happening. It appears the large ISPs are using
TLS connection as a way to throttle incoming traffic. I looked at the
inbound mail queue and found most of the t
I have data collection homework to do -- and I will be happy to do it!
Config data and "collate" is next after morning meetings.
Here is some summary data by ISP from the logs:
Email Ave Max Conn
Relay SentDelay
I am having problems with "collate". I greped a 10 minute portion of
our mail.log which created a 6.8M file. I ran "collate" on this file
and collected the output -- a 796M file. I looked at the file and it
seems to be filled with records like the following:
May 22 02:10:00 mail01.raystedman.o
> It is assumed that you're not a victim of systemd-journald log mangling.
> It may be dropping some messages, and recording others out of order,
> breaking "collate". On Linux systems where systemd is doing the
> logging, you'll want to have Postfix writing its own log files directly,
> bypassing
>
> If the delay is with sending or receiving RSET, then the SMTP client
> log "conversation with XXX timed out". I don't know if that has a
> queue ID logged with that, though. Just grep for 'conversation with'.
[root@mail01 postfix]# journalctl -u postfix.service | grep 'conversation with'
retu
> This is perhaps a good time to ask you for your full configuration,
> not just cherry-picked individual settings. Please post the outputs of:
>
> $ postconf -nf
> $ postconf -Mf
>
> with all whitespace (including linebreaks) preserved.
[root@mail01 postfix]# postconf -nf
alias_datab
> It is assumed that you're not a victim of systemd-journald log mangling.
> It may be dropping some messages, and recording others out of order,
> breaking "collate". On Linux systems where systemd is doing the
> logging, you'll want to have Postfix writing its own log files directly,
> bypassing
Thank you Viktor. All recommended changes have been made. I hope to
collect useful "collate" data with our next distribution at Noon today
pacific.
I hope you have a great day! Greg
> [root@mail01 postfix]# postconf -nf
>
> [root@mail01 postfix]# postconf -Mf
___
On Thu, May 23, 2024 at 7:07 AM Greg Sims wrote:
>
> Thank you Viktor. All recommended changes have been made. I hope to
> collect useful "collate" data with our next distribution at Noon today
> pacific.
>
Still having problems with the inbound smtpd from our private
We found the following in our email log:
May 26 00:35:57 mail01.raystedman.org postfix/t124/smtp[39065]:
0A7D630F1C7C: to==
cecytebc.edu...@devotion.raystedman.org>,
relay=aspmx.l.google.com[142.251.2.26]:25,
delay=0.52, delays=0/0/0.21/0.31, dsn=5.7.26, status=bounced (host
aspmx.l.google.com[1
On Mon, May 27, 2024 at 3:40 AM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
>
> You really should have posted "collate" output, which would have shown
> the envelope sender address in the "qmgr active" log entry. Perhaps
> the actual domain used did not have the expected
> On Mon, May 27, 2024 at 3:40 AM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
> You really should have posted "collate" output, which would have shown
> the envelope sender address in the "qmgr active" log entry. Perhaps
> the actual domain used did not have the expected
I do see the "qmgr active" active with the from=<>. I added
mail01.raystedman.org SPF to DNS as a result.
Thanks again, Greg
>
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On Tue, May 28, 2024 at 6:49 AM Wietse Venema via Postfix-users <
postfix-users@postfix.org> wrote:
> In recent experience with my personal porcupine.org email address,
> they not only want SPF or DKIM, they *also* want a DMARC policy
> with p=quarantine or p=reject.
We have run p=reject for year
Hello,
We found the following in our email logs this morning. I ran
"collate" and here is the result:
May 29 02:10:04 mail01.raystedman.org postfix/bounce[31220]:
AFC7030537E6: postmaster non-delivery notification: 7A80D32EDB2C
May 29 02:10:04 mail01.raystedman.org postfix/cleanup[31245]:
7A
>
>
> > main.cf contains:
> >
> > # 24-05-28
> > # email comes from raystedman.org instead of mail0.raystedman.org
> > # note: the mail01 subdomain does not need a SPF record in DNS as a
> result
> > myorigin = raystedman.org
> >
> > I hoped this would allow the message being sent to be
> >
On Wed, May 29, 2024 at 2:52 PM Wietse Venema via Postfix-users
wrote:
> Presumably you have to DKIM or SPF or DMARC for hostname.raystedman.org,
> so any way to get double-bou...@raystedman.org should help.
>
> You have to be careful about mailer loops, though.
>
> Postfix gives special treatmen
On Wed, May 29, 2024 at 5:49 PM Wietse Venema via Postfix-users
wrote:
> I think it's a bad idea to send your double bounces to a different site.
> The Postfix design really wants to handle them locally.
Thank you Wietse.
I moved to a conservative configuration for tonight including deleting
th
On Thu, May 30, 2024 at 7:12 AM Wietse Venema via Postfix-users
wrote:
>
> Greg Sims via Postfix-users:
> > double-bounces which is now unclear -- at least to me. Perhaps you
> > can give me an idea of how to capture just the double-bounces locally.
>
> 1) The postmast
On Thu, May 30, 2024 at 12:27 PM Greg Sims wrote:
>
> I believe I am ready to capture the double-bounce locally.
>
> This is main.cf:
> # 24-05-30 save the bounces locally at bounce-local
> notify_classes = 2bounce, bounce, resource, software
> bounce_notice_rec
PM Wietse Venema wrote:
>
> Greg Sims via Postfix-users:
> > On Thu, May 30, 2024 at 12:27?PM Greg Sims wrote:
> > >
> > > I believe I am ready to capture the double-bounce locally.
> > >
> > > This is main.cf:
> > > # 24-05-30 save the bounc
On Fri, May 31, 2024 at 8:01 AM Wietse Venema via Postfix-users
wrote:
>
> Greg Sims via Postfix-users:
> > I set the following in main.cf
> >
> > mydestination = localhost
> >
> > and received the following in our logs:
> >
> > May 31 0
On Tue, May 28, 2024 at 8:12 AM Greg Sims wrote:
>
> On Tue, May 28, 2024 at 6:49 AM Wietse Venema via Postfix-users
> wrote:
>
> > In recent experience with my personal porcupine.org email address,
> > they not only want SPF or DKIM, they *also* want a DMARC policy
&g
OK. I found the email in the bounce mailbox at the gmail level. The
issue seems to be consistent with what we could see from the email
logs only. The SPF fails because the email is being sent from domain
mail01.raystedman.org. You tried (Wietse) for some time to control the
"from domain" for thi
t.
Thanks, Greg
On Sun, Jun 2, 2024 at 7:02 PM Greg Sims wrote:
>
> OK. I found the email in the bounce mailbox at the gmail level. The
> issue seems to be consistent with what we could see from the email
> logs only. The SPF fails because the email is being sent from domain
> m
Someone asked what was being sent. The email is being sent to a
mailbox collector of bounces at the Gmail level. The email contains a
VERP address of the original sender. We perform automated bounce
processing for all email that make it to the bounce address at the
Gmail level. These bounces co
Hi There,
We receive over 500 log entries per day from Comcast that look like this:
Sep 18 03:05:07 mail0 r105/smtp[15929]: AE3378857BA: to=,
relay=mx1.comcast.net[96.114.157.80]:25, delay=0.69,
delays=0/0.01/0.6/0.08, dsn=4.1.0, status=deferred (host
mx1.comcast.net[96.114.157.80]
said: 421 4.1.
in an automated email saying, "Your ip addresses are
not blocked." from Comcast. This is a difficult group to interact with.
On Sun, Sep 22, 2024 at 11:27 PM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
> On Sun, Sep 22, 2024 at 07:29:30PM -0500, Gr
79 matches
Mail list logo
