col tests. As per design, future connections are passed on
to smtpd(8) which then delivers the mail.
Please let me know if any other portions of the log or a full 'postconf
-n' (I'll just have to sanitize certain portions) would be useful.
--
Sahil Tandon
On Sat, 2012-05-05 at 19:49:18 -0400, Wietse Venema wrote:
> Sahil Tandon:
> > May 5 15:24:07 mx1 postfix/postscreen[38500]: CONNECT from
> > [88.23.204.109]:40294 to [69.147.83.52]:25
> > May 5 15:24:07 mx1 postfix/dnsblog[45237]: addr 88.23.204.109
find references to this issue in the archives, and I know
others manage much higher-volume sites, so I suspect it just indicates a
severely borked system (FreeBSD 8.3) on my side.
--
Sahil Tandon
ts to the postscreen daemon; postscreen '-v' logging will
> show how it maintains DNSBL scores.
OK, thanks; I'm now running postscreen with '-v' and will report back if
the same scenario recurs.
--
Sahil Tandon
rap.trblspam.com 469
1609/18263 zen.spamhaus.org 5
UNIQ/TOTAL DNSWLDNSBL
2514/2520list.dnswl.org 510
0/6 swl.spamhaus.org 0
--
Sahil Tandon
Just following up to close this discussion.
On Sun, 2012-05-06 at 09:35:24 -0400, Wietse Venema wrote:
> Sahil Tandon:
> > May 5 10:00:26 mx1 postfix/postscreen[38500]: warning: psc_dnsbl_request:
> > connect to private/dnsblog service: Connection refused
> > May 5 10:0
be my desired domain and added in one for
> the new subdomain.
>
> Thanks for any assistance. I've gone through the virtual and local
> readmes, but I am not seeing the solution.
Can we see the output of 'postconf -n'? Absent additional information,
I guess you may find a clue in virtual(5) under TABLE SEARCH ORDER.
--
Sahil Tandon
multi_server driver. This one-line code change has no performance
> impact for other systems, and eliminates a high-frequency accept()
> race on a shared socket that appears to cause trouble on FreeBSD. The
> same single_server program driver has proven itself for many years in
> smtpd(
learn if others are experiencing
the same issue /only/ with barracuda.
--
Sahil Tandon
On Sun, 2012-06-03 at 00:03:06 +0100, Ned Slider wrote:
> On 02/06/12 17:44, Sahil Tandon wrote:
> ...
> >I've separately engaged our DNS admins in case they could offer some
> >insight, but it would be interesting to learn if others are experiencing
> >the sam
akemx += 1
if fakemx == len(answer):
print('200 REJECT mail not deliverable (only destination is fakemx.net)')
else:
print('200 DUNNO')
except:
print('200 DUNNO')
--
Sahil Tandon
mplish this?
Rather than the hold queue, use the retry service.
/path/to/main.cf:
transport_maps = hash:/path/to/transport
/path/to/transport:
mda.example.com retry:4.2.1 mda.example.com is temporarily disabled
--
Sahil Tandon
o update
> done due to optimistic caching?
My understanding of this parameter is that a _successful_ refresh probe
updates the timestamp of an address verification result; positive expire
time is measured from that revised timestamp.
--
Sahil Tandon
orks before updating the FreeBSD port.
--
Sahil Tandon
On Wed, 2012-10-31 at 09:01:23 -0400, Wietse Venema wrote:
> Ralf Hildebrandt:
> > * Sahil Tandon :
> ...
> > > test -n "`$POSTCONF -c $config_directory -n smtpd_relay_restrictions`"
> > >
> > > With this, the forward compatibility shim wou
On Fri, 2012-11-02 at 19:13:04 +, Viktor Dukhovni wrote:
> On Fri, Nov 02, 2012 at 08:18:09AM -0400, Wietse Venema wrote:
>
> > Sahil Tandon:
> > > Some background: upon deinstall, unaltered files installed by a FreeBSD
> > > package are supposed to be delet
tp://thread.gmane.org/gmane.mail.postfix.user/148887
Read the entire thread before trying to implement the suggestion
"solutions".
--
Sahil Tandon
t require Maildir delivery, use .forward files that
specify a destination mailbox name ending in '/'.
--
Sahil Tandon
had cobbled
together a slower (it is Python rather than a set of grep(1)
expressions) script[1] to collect similar statistics. No promises that
it is error-free.
[1] http://people.freebsd.org/~sahil/scripts/mailstats.py.txt
--
Sahil Tandon
reate a file
> with users listed:
>
> /hold-users:
> us...@domain.com HOLD
> us...@domain.com HOLD
> ...
The HOLD action affects all recipients; you can be more specific by
using the retry service. See the following thread:
http://article.gmane.org/gmane.mail.postfix.user/197989
--
Sahil Tandon
ment earlier in the thread is for others who
might chance upon this chain in the archives, and prefer the alternative
(and IMHO more robust) approach.
--
Sahil Tandon
or by explicitly linking against a different, non-default DB
version, which would then appear in ldd(1) output. Or, you can disable
Berkeley DB support entirely by including -DNO_DB in CCARGS.
--
Sahil Tandon
On Fri, 2013-04-12 at 05:10:09 -0600, LuKreme wrote:
> ...
> In our previous episode (Thursday, 11-Apr-2013), Sahil Tandon said:
> > As documented, Postfix uses the default Berkeley DB version that ships
> > with your system, which I am assuming is FreeBSD.
>
> Yes
epted, actual mail dropped.
Use virtual alias mapping to direct mail for user{1,2}@domain.tld to
actual accounts. Then, implement a catch-all which maps *@domain.tld to
an address that, via transport(5), directs mail to the discard(8)
service.
--
Sahil Tandon
> http://marc.info/?l=postfix-users
*nod*
It seems the old link stopped working earlier this year; I remember
seeing a mention of this on the SA issues tracker and just found it:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6898
--
Sahil Tandon
expected to see a 550 or something else from postfix/smtp
> --- Any ideas what I have done wrong?
[ .. ]
> smtpd_sender_restrictions = check_sender_access
> hash:/etc/postfix/listed_senders reject_unlisted_sender
Instead, try:
# main.cf
check_sender_access hash:/etc/postfix/listed_senders, reject
--
Sahil Tandon
On Sun, 2013-09-01 at 11:09:33 -0400, Sahil Tandon wrote:
[ .. ]
> Instead, try:
>
> # main.cf
> check_sender_access hash:/etc/postfix/listed_senders, reject
To be clear, this will not help in your test case (but rather, only when
mail is received via smtpd) as Wietse points out
om courier -> dovecot, like I did many years
ago. :-)
http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/
--
Sahil Tandon
in main.cf . Transport_maps will still be honored, won't it?
Yes, but remember that transport mapping occurs after address rewriting;
take care to accordingly specify the lookup keys in your transport
table.
--
Sahil Tandon
sl setup
did not hiccup with Postfix, only ejabberd.
http://www.freebsd.org/cgi/query-pr.cgi?pr=181994
--
Sahil Tandon
A81E01ED: uid=5001
> from=
During its periodic scan of the "maildrop" queue, pickup(8) sees the new
mail and passes it to cleanup(8), as logged below.
> Mar 12 08:00:06 postfix/cleanup[21191]: 5B5A81E01ED:
> message-id=<20140312130006.5B5A81E01ED@localhost>
> Mar 12 08:00:06 postfix/qmgr[20944]: 5B5A81E01ED: from=,
> ...
--
Sahil Tandon
What, if anything, is output after you issue the following commands?
# ls -ld /var/spool/postfix/public{,/pickup}
and
# postfix check
--
Sahil Tandon
e to update the alias_maps definition, so that Postfix
is made aware of valid Mailman addresses. In your follow-up, include the
output of 'postconf -n' rather than snippets from main.cf. See:
http://www.gnu.org/software/mailman/mailman-install/postfix-integration.html
http://www.postfix.org/postconf.5.html#alias_maps
--
Sahil Tandon
On Sat, 2014-04-05 at 18:40:39 -0400, Curtis Maurand wrote:
> Sahil Tandon wrote:
> > On Fri, 2014-04-04 at 14:55:49 -0400, Curtis Maurand wrote:
> >
> >> I'm getting local user unknown errors when I try to send email to the
> >> list., but as far as I kno
seems like this should be
> really simple. Any thoughts?
% dig +short MX cgdgoalies.com chdcentre.com completeathletics.ca
5 webmail.cgdgoalies.com.
10 webmail.cgdgoalies.com.
10 mail.cgdgoalies.com.
If you want mail for completeathletics.ca to go to your Postfix server,
update the MX entry.
--
Sahil Tandon
lay/DEV/DMARC
i.e., set dmarc_moderation_action and dmarc_quarantine_moderation_action
in Mailman rather than changing Postfix.
--
Sahil Tandon
[1] http://article.gmane.org/gmane.mail.postfix.user/243056
--
Sahil Tandon
On Wed, 2014-05-07 at 03:31:13 +, Viktor Dukhovni wrote:
> On Tue, May 06, 2014 at 10:49:20PM -0400, Sahil Tandon wrote:
>
> > We are experiencing a problem that seems to manifest *only* when
> > delivering to MXs that exhibit the SSL problem described by Viktor[1]
> >
On Tue, 2014-05-06 at 23:57:41 -0400, Sahil Tandon wrote:
> On Wed, 2014-05-07 at 03:31:13 +, Viktor Dukhovni wrote:
>
> > On Tue, May 06, 2014 at 10:49:20PM -0400, Sahil Tandon wrote:
> >
> > > We are experiencing a problem that seems to manifest *only* when
&
caching. The problem
did not recur. I see Wietse has already rolled out snapshot 20140507, to
which we will upgrade soon.
Thank you both.
--
Sahil Tandon
me time now and I would have thought that
> Postfix would have supported it.
Based on src/util/dict_db.c, the latest supported Berkeley DB major
version is 5.
--
Sahil Tandon
On Mon, 2014-06-30 at 10:40:18 -0400, Jerry wrote:
> On Mon, 30 Jun 2014 09:37:32 -0400 (EDT), Wietse Venema stated:
> ...
> >Can you ping the maintainer?
> ...
> I have sent him an email
ACK.
--
Sahil Tandon
rchives.neohapsis.com/archives/postfix/2008-06/1179.html
--
Sahil Tandon <[EMAIL PROTECTED]>
y use MS Outlook to check messages but for this test I used
> Thunderbird.
>
> In the logs, it does show that there is an inquiry to check new messages for
> the above email account.
This has nothing to do with Postfix; your IMAP server is logging this message.
[...]
--
Sahil Tandon <[EMAIL PROTECTED]>
AM**" on the subject line,
> remove it (i.e. rewrite the Subject line), and add something like
> "X-Spam: yes" into the header of the messages whose Subject includes
> "**SPAM**"?
>
> Thanks for any advise, insights on this!
AFAIK this cannot be done within Postfix.
--
Sahil Tandon <[EMAIL PROTECTED]>
how postconf -n? Also see the soft_bounce parameter in postconf(5).
--
Sahil Tandon <[EMAIL PROTECTED]>
Brian Puccio <[EMAIL PROTECTED]> wrote:
> On Jul 26, 2008, at 8:51 PM, Sahil Tandon wrote:
>> Can you show postconf -n?
>
> # postconf -n
[...]
Wietse already answered your question; see his response.
--
Sahil Tandon <[EMAIL PROTECTED]>
where dig and whois do not supply the
> same IP address and domain name.
There are several references to access(5) maps in your main.cf; do any of
them have reject_unverified_sender as an action on the RHS? Check with:
# grep reject_unverified_sender /path/to/maps/folder/*
[...]
--
Sahil Tandon <[EMAIL PROTECTED]>
nf --
> pwcheck_method: authdaemond
> log_level: 3
> mech_list: PLAIN LOGIN
> authdaemond_path: /var/run/authdaemond/socket
Is there any trailing whitespace after the word "socket" above?
[...]
--
Sahil Tandon <[EMAIL PROTECTED]>
s on every one of those three machines for perhaps the IP of the
Win XP PC in question.
> Is it possible to point to the setting which may be causing this problem? I
> can post any additional information.
First prove this is a Postfix-related problem.
--
Sahil Tandon <[EMAIL PROTECTED]>
ion about your system, you can start by grepping for
'smtp' in your logs (excluding smtpd).
--
Sahil Tandon <[EMAIL PROTECTED]>
t show any Postfix
services running chrooted, so I am not sure that will help.
--
Sahil Tandon <[EMAIL PROTECTED]>
are trolling, stop.
--
Sahil Tandon <[EMAIL PROTECTED]>
r
to Maildir/ -- if the Maildir directory structure does not already exist for
a new user receiving mail, Postfix (through its delivery agent) does
automatically create it.
--
Sahil Tandon <[EMAIL PROTECTED]>
http://article.gmane.org/gmane.mail.postfix.user/181317
--
Sahil Tandon <[EMAIL PROTECTED]>
bly use a check_helo_access map in your smtpd_*_checks
before you reject_non_fqdn_helo_hostname, but please provide the output
of postconf -n and read:
http://www.postfix.org/DEBUG_README.html#mail
--
Sahil Tandon <[EMAIL PROTECTED]>
ias
> file?
It doesn't have to be hash, but it does have to be the database type that
corresponds to that map. For more information and examples, see:
http://www.postfix.org/postconf.5.html#virtual_alias_maps
http://www.postfix.org/postmap.1.html
--
Sahil Tandon <[EMAIL PROTECTED]>
ot;, so the following should work:
/^Return-Path:.*mjhunter=aurora\.edu/
But even with the extraneous "*", the PCRE hits here with postmap -q.
--
Sahil Tandon <[EMAIL PROTECTED]>
m 192.168.1.1. I relayed from two
different locations and each time your system thought mail arrived from
that same internal gateway IP.
--
Sahil Tandon <[EMAIL PROTECTED]>
will work. See "TABLE SEARCH ORDER" in virtual(5).
Also see an example specific to virtual mailbox domains in the
VIRTUAL_README. You will need:
# /path/to/virtual
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
--
Sahil Tandon <[EMAIL PROTECTED]>
Exchange Server).
>
> Is there a tweak in postfix to do this.?
If you want to direct all mail destined for zone1.example.com to
example.net, then instead of virtual aliases, you might consider
transport maps:
http://www.postfix.org/transport.5.html
--
Sahil Tandon <[EMAIL PROTECTED]>
Ralf Hildebrandt <[EMAIL PROTECTED]> wrote:
> How can I redirect it to another recipient?
http://archives.neohapsis.com/archives/postfix/2004-03/0890.html
http://archives.neohapsis.com/archives/postfix/2004-02/0915.html
--
Sahil Tandon <[EMAIL PROTECTED]>
7;t hear about it, because that person will be blocked from
> sending you mail.
If the OP allows messages from all senders to postmaster@ and/or
abuse@ (the so called "role" accounts), then this isn't a big deal.
--
Sahil Tandon <[EMAIL PROTECTED]>
nd. Name service error for name=meriden.nsw.edu.au type=MX: Host
> not found, try again)
The mail was deferred; not bounced.
--
Sahil Tandon <[EMAIL PROTECTED]>
/gmane.mail.postfix.user/130821/focus=130832
for related discussion.
--
Sahil Tandon <[EMAIL PROTECTED]>
[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> I disagree, and believe this *is* the right forum for this question.
This isn't a matter of belief or opinion; this is not the right forum.
Please try asking on a Perl mailing list.
--
Sahil Tandon <[EMAIL PROTECTED]>
rious examples available on the web, so you will have to interpret
and tweak. Configuring the above software will take some patience and a
basic understanding of UNIX.
Also read http://www.ijs.si/software/amavisd/README.postfix.html.
--
Sahil Tandon <[EMAIL PROTECTED]>
lease paste output of 'postconf -n'.
--
Sahil Tandon <[EMAIL PROTECTED]>
st is pathetic; that
would be a silly (not to mention inaccurate) way to start an email asking
for help.
If you are in love with vpopmail, then just use it with Postfix. There
are a few examples on the web on how to do this.
--
Sahil Tandon <[EMAIL PROTECTED]>
x27;re having with load balancing? We've
had luck balancing load at the firewall (using the round-robin feature in
OpenBSD PF) instead of with multiple A records for a MX hostname (your
current setup).
--
Sahil Tandon <[EMAIL PROTECTED]>
ling list archives:
http://archives.neohapsis.com/archives/postfix/2007-08/0663.html
--
Sahil Tandon <[EMAIL PROTECTED]>
> maps etc files
> .
> Can it be done
> Pl help me
Hard to help without more information; and the installation and
configuration of Procmail is beyond the scope of this mailing list.
Please see:
http://www.postfix.org/DEBUG_README.html#mail
--
Sahil Tandon <[EMAIL PROTECTED]>
a more elegant way to do this, but you could parse the
output of mailq, and pass the queue IDs to postsuper thusly:
% mailq | grep sender | cut -c 1-9 | postsuper -h -
--
Sahil Tandon <[EMAIL PROTECTED]>
orry for the noise; maybe the following variant, if the OP wants
to HOLD messages in the active queue:
% mailq | grep sender | cut -d \* -f 1 | postsuper -h -
--
Sahil Tandon <[EMAIL PROTECTED]>
e in the active queue, so "*" is not
> the right delimeter.
This is why, above, I wrote _if_ the OP wants to HOLD messages in the
_active_ queue.
--
Sahil Tandon <[EMAIL PROTECTED]>
.
>
> Better tools than cut have been posted before. Piping garbage into
> postsuper -h - is not a good idea.
How is the output of cut in last example "garbage"?
--
Sahil Tandon <[EMAIL PROTECTED]>
of cut, in and of itself, is
considered garbage.
--
Sahil Tandon <[EMAIL PROTECTED]>
ve queue:
% mailq | grep [EMAIL PROTECTED] | cut -s -d "*" -f 1 | less
> is it sensible input for "postsuper -d -"
Probably just a typo above, but for posterity, this thread is about
holding (not deleting) messages in the queue from a specific sender.
--
Sahil Tandon <[EMAIL PROTECTED]>
? I am able to connect to
66.7.148.25 (which is coreteamsolutions.in's external IP) from here.
--
Sahil Tandon <[EMAIL PROTECTED]>
; That's what I thought postgrey did?
No, postgrey does greylisting; see the web site linked above; policyd is
different. You may want to also explore postfwd and policyd-weight.
--
Sahil Tandon <[EMAIL PROTECTED]>
ing like:
-o content_filter=
--
Sahil Tandon <[EMAIL PROTECTED]>
xample is specific to amavisd-new as a content_filter but you can
amend for your needs.
--
Sahil Tandon <[EMAIL PROTECTED]>
m i guessin right? (i know im reinventing the wheel, this is just for
> fun)
For clues, see how this and many other things are done in pflogsumm,
postfix-logwatch etc.
--
Sahil Tandon <[EMAIL PROTECTED]>
scarded. Discarded mail is saved in an admin-access-only quarantine
> for a few days, then removed by a cron job. We rarely need to release
> something from quarantine - maybe once every 3 or 4 months - but
> management likes to know it's there.
+1 for this setup used here as well.
--
Sahil Tandon <[EMAIL PROTECTED]>
ist. Or
read the DEBUG_README on the web site and try again.
--
Sahil Tandon <[EMAIL PROTECTED]>
s the output of postconf -n? Please
read http://www.postfix.org/DEBUG_README.html#mail before replying to
this message.
--
Sahil Tandon <[EMAIL PROTECTED]>
ME.html#mail to get the
most out of this mailing list.
--
Sahil Tandon <[EMAIL PROTECTED]>
; with per-destination recipient limit >
1, a destination is a domain, otherwise it is a recipient.
--
Sahil Tandon <[EMAIL PROTECTED]>
bleshoot this would be appreciated.
>From DEBUG_README:
If the problem is SASL related, consider including the output from the
saslfinger tool. This can be found at:
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/.
--
Sahil Tandon <[EMAIL PROTECTED]>
able = yes
You have this (which enables SASL on your *server*), but I did not see
"smtp_sasl_auth_enable = yes" in your postconf -n output. smtp ==
client; smtpd == server.
Can you also show the output (with mangled password) of your sasl_passwd
file?
--
Sahil Tandon <[EMAIL PROTECTED]>
>_is_blocked.
__For_information_see_http://att.net/blocks
The MX IP is not listed on the blocklists suggested by
http://att.net/blocks or robtex. Does anyone else know the DNSBL
prodigy.net might be using?
--
Sahil Tandon <[EMAIL PROTECTED]>
ee how it can have too many
> connections.
Clearly, *something* has changed.
> Anyone have any ideas what is going on, from what i can see email is still
> being sent and delivered (well I havent had any incoming or outgoing emaills
> go missing)
Before posting here, read http://www.postfix.o
per: https://po2.uni-stuttgart.de/~rusjako/sal-wrapper -- so
users can send spam and ham to dedicated addresses that dump mail to
sa-learn. You can probably do something similar with DSPAM if you
choose to use it.
--
Sahil Tandon <[EMAIL PROTECTED]>
Karl O. Pinc <[EMAIL PROTECTED]> wrote:
> On 09/21/2008 12:08:08 PM, Wayne Catterton wrote:
>> What I'm wondering is if I missed something, is there something vital
>> I missed as far as security/mail processing?
>
> I like sqlgrey, others prefer postgrey.
+1
tch and then write your own script that uses that
and others as inspiration. And next time please don't hi-jack an
unrelated thread. :-)
--
Sahil Tandon <[EMAIL PROTECTED]>
Matthew <[EMAIL PROTECTED]> wrote:
> I know there's a simple solution and it's right in front of me, I just
> can't see it...
>
> Any help with this is sincerely appreciated.
http://www.postfix.org/DEBUG_README.html#mail
... especially the section about '
e:
http://www.postfix.org/postconf.5.html#frozen_delivered_to
--
Sahil Tandon <[EMAIL PROTECTED]>
mail destined for
example.com should instead be directed to smtp:[some.where.else], then
instead of removing the transport map entirely, you would obviously
update it (replacing the "defer:" portion) as necessary and then flush
the queue. See transport(5).
--
Sahil Tandon <[EMAIL PROTECTED]>
Victor Duchovni <[EMAIL PROTECTED]> wrote:
> On Wed, Sep 24, 2008 at 06:42:11PM -0400, Sahil Tandon wrote:
>
> > To avoid this situation, use a transport map to temporarily defer mail
> > *just* for those recipients. Once you're ready to "go live" o
ught that what I'm doing is standard but obviously it
> breaks in such a common scenario. Comments?
What is 'example.com' really? The way I understand it,
check_sender_mx_access checks whether the MX host(s) for the MAIL FROM
address match whatever you may have in your access table. Just because
one user is sending to another in the same domain, that does not mean
the domain itself should have an MX record that points to loopback.
--
Sahil Tandon <[EMAIL PROTECTED]>
701 - 800 of 851 matches
Mail list logo
