Questions about dedicated transport
Hello, I'm currently running Postfix 2.5 on FreeBSD 7.0 and I have a problem. I want to run many processus smtpd without using multi-instances of Postfix. So i can do it in the master.cfhttp://master.cf without any problems. Exemple : smtp inet n - n - 100 smtpd 127.0.0.1:10025http://127.0.0.1:10025 inet n - n - 100 smtpd 127.0.0.1:10026http://127.0.0.1:10026 inet n - n - 100 smtpd Ok, i have Postix listening on port 25, 10025 ans 10026. Now i want to create three processus smtp (transport). I know how to do it too. Exemple : smtp unix- - n - 100 smtp -o myhostname=server1 way1 unix- - n - 100 smtp -o myhostname=server2 way2 unix- - n - 100 smtp -o myhostname=server3 Now, i am working on a solution for associate a processus smtpd to a process smtp. When i send a mail using postfix (linstening on port 10025), i want that the mail will be send by the entry way1. Exemple : nc 127.0.0.1http://127.0.0.1 25 220 server0 ESMTP Postfix MAIL FROM ... RCPT TO ... ... ... I want that this mail will be transported by the transport smtp. If i send the mail using Postfix on port 10025, i want that it will be transported by the transport way1... Maybe there is another way to realise it. In fact, if i send a mail using Postfix on port 10025, i want that the mail will be sent by the hostname server1 and the ip IP1. If i send a mail using Postfix on port 10026, i want that the mail will be sent by the hostname server2 and the ip IP2. I hope that my request is so clear. Thank you for your reply.
Re: Questions about dedicated transport
* David Donchez [EMAIL PROTECTED]: Hello, I'm currently running Postfix 2.5 on FreeBSD 7.0 and I have a problem. I want to run many processus smtpd without using multi-instances of Postfix. So i can do it in the master.cfhttp://master.cf without any problems. Exemple : smtp inet n - n - 100 smtpd 127.0.0.1:10025http://127.0.0.1:10025 inet n - n - 100 smtpd 127.0.0.1:10026http://127.0.0.1:10026 inet n - n - 100 smtpd Ok, i have Postix listening on port 25, 10025 ans 10026. Now i want to create three processus smtp (transport). I know how to do it too. Exemple : smtp unix- - n - 100 smtp -o myhostname=server1 way1 unix- - n - 100 smtp -o myhostname=server2 way2 unix- - n - 100 smtp -o myhostname=server3 Now, i am working on a solution for associate a processus smtpd to a process smtp. That's not possible. Use multiple instances. -- Ralf Hildebrandt ([EMAIL PROTECTED]) [EMAIL PROTECTED] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job I am the ILOVEGNU signature virus. Just copy me to your signature. This email was infected under the terms of the GNU General Public License.
tiscali hostsed email domains unreachable? Or is it just me?
# qshape deferred |head T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 127 3 0 2 2 1 0 3 2 2292 worldonline.de 41 0 0 0 0 0 0 1 2 1028 surfeu.de 16 0 0 0 0 0 0 2 0 113 tiscali.de 10 0 0 0 0 0 0 0 0 2 8 planet-interkom.de 5 0 0 0 0 0 0 0 0 2 3 addcom.de 3 0 0 0 0 0 0 0 0 0 3 ~# host -t mx worldonline.de worldonline.de MX 10 mx12.unit.tiscali.de worldonline.de MX 10 mx10.unit.tiscali.de worldonline.de MX 10 mx11.unit.tiscali.de ~# host -t mx surfeu.de surfeu.deMX 10 mx10.unit.tiscali.de surfeu.deMX 10 mx12.unit.tiscali.de surfeu.deMX 10 mx11.unit.tiscali.de ~# host -t mx tiscali.de tiscali.de MX 10 mx12.unit.tiscali.de tiscali.de MX 10 mx11.unit.tiscali.de tiscali.de MX 10 mx10.unit.tiscali.de ~# host -t mx planet-interkom.de planet-interkom.de MX 10 mx10.unit.tiscali.de planet-interkom.de MX 10 mx12.unit.tiscali.de planet-interkom.de MX 10 mx11.unit.tiscali.de ~# host -t mx addcom.de addcom.deMX 10 mx11.unit.tiscali.de addcom.deMX 10 mx12.unit.tiscali.de addcom.deMX 10 mx10.unit.tiscali.de Does any of their MX hosts work for any of you? -- Ralf Hildebrandt ([EMAIL PROTECTED]) [EMAIL PROTECTED] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job Also, don't replace your computer's messages (which, to people who know how to help you, are crystal clear) with your own summaries (which are, as you know, coming from someone who doesn't understand the situation). If the messages take a lot of space, post them on the web. Try to avoid providing the answer you _think_ we are after _instead_ of the one we actually asked for. It's usually okay to do it in supplement (provided it's clear which is which), but avoid doing it _instead_.
amavisd-new with dkimproxy
Hi All, can someone give me light on this, e I followed http://www.ijs.si/software/amavisd/amavisd-new-docs.html about dkim signing, the doc talk about it can be achieve the same with dkimproxy but I google around but still can figure it out how to make it work like that. Perhaps I'm doing damn wrong here please point me out My setup is postfix 2.5.5 with amavisd-new 2.6.1 External mail --- smtp:10024 --- smtp:10025 - external mail came in - caught by postfix filter to be sent to amavis on port 10024, - enter External policy bank do some work - and goes to port 10025 fo reinjection to postfix Internal mail --- smtp:10026 dkimproxy_out:4445 -- smtp:10027 - internal mail came in, sent to amavis on port 10026 - enter 10026 policy bank do some work - goes to dkimproxy_out on port 4445 - then dkimproxy reinject the mail back to postfix on port 10027 did I break anything? thx
OT: Sender Header
At what point does the Sender: header usually get added to the mail? Because some (and so far the only pattern is It shows up when subscribing to the SpamAssassin Mailing List.) of my mails at getting that header attached (and with a bad address) and it's annoying me... Sorry for being off-topic; but I'm just not sure where to ask. Thanks, -N.
Newbie question
Hi, Theres something that i dont have very clear. I know in everywhere is recommended to have a fully qualified domain name for your system if you intend to make it a mail server. Now my question is: if is going to be an internal mail server, and the domains will be hosted virtually using mysql, is it necessary to still have an FQDN for the system? or will postfix be allright with the domain name info stored in the database? I am asking this cause the idea is to have a dedicated server in a datacenter that basically serves as primary MX, and then the internal server inhouse which will retrieve the email from the primary MX and will server the internal network. I dont know if i explain right, i am having a missconception problem i believe, could someone clarify please?, thanks in advance. regards,
Re: Questions about dedicated transport
Ralf Hildebrandt: Exemple : smtp unix- - n - 100 smtp -o myhostname=server1 way1 unix- - n - 100 smtp -o myhostname=server2 way2 unix- - n - 100 smtp -o myhostname=server3 Now, i am working on a solution for associate a processus smtpd to a process smtp. That's not possible. Use multiple instances. Multiple MTA personalities are currently not supported in Postfix. Even -o content_filter=way1: etc. comand-line options would not provide correct MTA behavior, for example, with non-delivery notifications or non-SMTP destinations. Postfix would have to store the MTA name in the queue file and pass it around in the internal client-server protocols. Wietse
Re: Questions about dedicated transport
Wietse Venema: Ralf Hildebrandt: Exemple : smtp unix- - n - 100 smtp -o myhostname=server1 way1 unix- - n - 100 smtp -o myhostname=server2 way2 unix- - n - 100 smtp -o myhostname=server3 Now, i am working on a solution for associate a processus smtpd to a process smtp. That's not possible. Use multiple instances. Multiple instances will do the job. Multiple MTA personalities are currently not supported in Postfix. That is, one set of main.cf/master.cf files that simulates multiple mail serves. Even -o content_filter=way1: etc. comand-line options would not provide correct MTA behavior, for example, with non-delivery notifications or non-SMTP destinations. Postfix would have to store the MTA name in the queue file and pass it around in the internal client-server protocols. Wietse
Re: Split MX and user name lookup
Michael Moritz пишет: On Wednesday 05 November 2008 14:41:42 mouss wrote: Thanks. Any idea how to populate /etc/postfix/relay_recipients with all valid usernames? rsync, mysql, postgres, ldap, ... etc. Thanks but I have quite a number of different soures for usernames (sql, aliases, virtusers, ..). Just thinking since one machine is already running postfix and knows all the valid reciepient names isn't there a simple way of getting that full list - surely it must be stored somewhere? It is stored on that one machine, in different sources (sql, aliases, virtusers). Postfix doesn't aggregate this information, it queries sql, db-files etc. So, if you want to have it aggregated, you must do it yourself.
Re: Split MX and user name lookup
Nikita Kipriyanov: Michael Moritz ?: On Wednesday 05 November 2008 14:41:42 mouss wrote: Thanks. Any idea how to populate /etc/postfix/relay_recipients with all valid usernames? rsync, mysql, postgres, ldap, ... etc. Thanks but I have quite a number of different soures for usernames (sql, aliases, virtusers, ..). Just thinking since one machine is already running postfix and knows all the valid reciepient names isn't there a simple way of getting that full list - surely it must be stored somewhere? It is stored on that one machine, in different sources (sql, aliases, virtusers). Postfix doesn't aggregate this information, it queries sql, db-files etc. So, if you want to have it aggregated, you must do it yourself. The only aggregation method for this purpose that's built into Postfix is called reject_unverified_recipient, and this builds the table one query at a time. Wietse
Re: Split MX and user name lookup
On Thursday 06 November 2008 14:03:09 Wietse Venema wrote: Nikita Kipriyanov: Michael Moritz ?: On Wednesday 05 November 2008 14:41:42 mouss wrote: Thanks. Any idea how to populate /etc/postfix/relay_recipients with all valid usernames? rsync, mysql, postgres, ldap, ... etc. Thanks but I have quite a number of different soures for usernames (sql, aliases, virtusers, ..). Just thinking since one machine is already running postfix and knows all the valid reciepient names isn't there a simple way of getting that full list - surely it must be stored somewhere? It is stored on that one machine, in different sources (sql, aliases, virtusers). Postfix doesn't aggregate this information, it queries sql, db-files etc. So, if you want to have it aggregated, you must do it yourself. The only aggregation method for this purpose that's built into Postfix is called reject_unverified_recipient, and this builds the table one query at a time. Thjanks Wietse and Nikita. I currently use reject_unverified_recipient. There are two (or maybe three) problems I have with this though: First if an address hasn't been checked it gives a 4xx while checking on the main machine - I'm already using gps for greylisting and this is an additional delay and the machines are even physically next to each other and secondly, since I use a recipients cache file that will grow and need maintaining. (The third problem would be having to delete (?) the cache every time users, aliases, sql, etc are altered on the mail/smtp machine). Could postfix offer some sort of verify this address service / socket / port? Thanks mimo
Re: OT: Sender Header
Neil wrote: At what point does the Sender: header usually get added to the mail? Because some (and so far the only pattern is It shows up when subscribing to the SpamAssassin Mailing List.) of my mails at getting that header attached (and with a bad address) and it's annoying me... The Sender header is optional when Sender and From are equal. It is added by the mail client, not the server. See RFC2822: http://www.apps.ietf.org/rfc/rfc2822.html#sec-3.6.2 Brian
Re: Split MX and user name lookup
Michael Moritz пишет: Thjanks Wietse and Nikita. I currently use reject_unverified_recipient. There are two (or maybe three) problems I have with this though: First if an address hasn't been checked it gives a 4xx while checking on the main machine - I'm already using gps for greylisting and this is an additional delay and the machines are even physically next to each other and secondly, since I use a recipients cache file that will grow and need maintaining. (The third problem would be having to delete (?) the cache every time users, aliases, sql, etc are altered on the mail/smtp machine). Could postfix offer some sort of verify this address service / socket / port? Don't you think that simply using same sql database (and same files, through nfs) on the relay machine might be a better idea, than copying information and maintaining cache? If these machines are physically close, it would be enough fast.
Re: tiscali hostsed email domains unreachable? Or is it just me?
Ralf Hildebrandt schrieb: # qshape deferred |head T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 127 3 0 2 2 1 0 3 2 2292 worldonline.de 41 0 0 0 0 0 0 1 2 1028 surfeu.de 16 0 0 0 0 0 0 2 0 113 tiscali.de 10 0 0 0 0 0 0 0 0 2 8 planet-interkom.de 5 0 0 0 0 0 0 0 0 2 3 addcom.de 3 0 0 0 0 0 0 0 0 0 3 ~# host -t mx worldonline.de worldonline.de MX 10 mx12.unit.tiscali.de worldonline.de MX 10 mx10.unit.tiscali.de worldonline.de MX 10 mx11.unit.tiscali.de ~# host -t mx surfeu.de surfeu.deMX 10 mx10.unit.tiscali.de surfeu.deMX 10 mx12.unit.tiscali.de surfeu.deMX 10 mx11.unit.tiscali.de ~# host -t mx tiscali.de tiscali.de MX 10 mx12.unit.tiscali.de tiscali.de MX 10 mx11.unit.tiscali.de tiscali.de MX 10 mx10.unit.tiscali.de ~# host -t mx planet-interkom.de planet-interkom.de MX 10 mx10.unit.tiscali.de planet-interkom.de MX 10 mx12.unit.tiscali.de planet-interkom.de MX 10 mx11.unit.tiscali.de ~# host -t mx addcom.de addcom.deMX 10 mx11.unit.tiscali.de addcom.deMX 10 mx12.unit.tiscali.de addcom.deMX 10 mx10.unit.tiscali.de Does any of their MX hosts work for any of you? youre right tiscali domains are offline ,company was sold to freenet nobody knows why they dont delete their mx s i advice to create error transports for those domains -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Split MX and user name lookup part II
This is a problem we came upon while setting up the split MX (described earlier on this list). On the the smtp gateway I have this in master.cf smtp inet n - - - 20 smtpd -o cleanup_service_name=pre-cleanup -o smtpd_proxy_filter=127.0.0.1:10024 -o smtpd_client_connection_count_limit=10 -o content_filter= #-o content_filter=127.0.0.1:10024 The proxy filter is amavis doing spamassassin. It's based on some docs I found about pre queue insertion content inspection on postfix.org. The idea is to eliminate backscatter. The (well known) problem with this is that once the machine gets busy messages start getting queued via the secondary MX, introducing additional delays. I think it would be a killer feature of postfix if it started doing something like this: once all the smtp processes (20 above) are in use switch to accepting smtp connections but doing content filtering (e.g. similar to the line commented out above). Is this already feasible in postfix? Thanks for any replies mimo
Re: tiscali hostsed email domains unreachable? Or is it just me?
* Robert Schetterer [EMAIL PROTECTED]: youre right tiscali domains are offline ,company was sold to freenet nobody knows why they dont delete their mx s i advice to create error transports for those domains tiscali.de error:Tiscali hat den Maildienst zu tiscali.de zum 15.10.2008 eingestellt 12move.de error:Tiscali hat den Maildienst zu 12move.de zum 15.10.2008 eingestellt planet-interkom.de error:Tiscali hat den Maildienst zu planet-interkom.de zum 15.10.2008 eingestellt addcom.de error:Tiscali hat den Maildienst zu addcom.de zum 15.10.2008 eingestellt surfeu.de error:Tiscali hat den Maildienst zu surfeu.de zum 15.10.2008 eingestellt nikocity.de error:Tiscali hat den Maildienst zu nikocity.de zum 15.10.2008 eingestellt worldonline.de error:Tiscali hat den Maildienst zu worldonline.de zum 15.10.2008 eingestellt swp-net.de error:Tiscali hat den Maildienst zu swp-net.de zum 15.10.2008 eingestellt tiscalimail.de error:Tiscali hat den Maildienst zu tiscalimail.de zum 15.10.2008 eingestellt tiscalinet.de error:Tiscali hat den Maildienst zu tiscalinet.de zum 15.10.2008 eingestellt -- Ralf Hildebrandt ([EMAIL PROTECTED]) [EMAIL PROTECTED] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job Three OS for the Hackers-Kings under the sky, Seven for the Business-Lords in their halls of stone, Nine for Mortal Lamdba-Users doomed to die, One for the Dark Lord on his dark throne, In the Land of Redmond where the FUD lie. One OS to rule them all, One OS to trick them, One OS to bring them all and in the darkness bind them, In the Land of Redmond where the FUD lie.
Re: tiscali hostsed email domains unreachable? Or is it just me?
Ralf Hildebrandt schrieb: # qshape deferred |head T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 127 3 0 2 2 1 0 3 2 2292 worldonline.de 41 0 0 0 0 0 0 1 2 1028 surfeu.de 16 0 0 0 0 0 0 2 0 113 tiscali.de 10 0 0 0 0 0 0 0 0 2 8 planet-interkom.de 5 0 0 0 0 0 0 0 0 2 3 addcom.de 3 0 0 0 0 0 0 0 0 0 3 ~# host -t mx worldonline.de worldonline.de MX 10 mx12.unit.tiscali.de worldonline.de MX 10 mx10.unit.tiscali.de worldonline.de MX 10 mx11.unit.tiscali.de ~# host -t mx surfeu.de surfeu.deMX 10 mx10.unit.tiscali.de surfeu.deMX 10 mx12.unit.tiscali.de surfeu.deMX 10 mx11.unit.tiscali.de ~# host -t mx tiscali.de tiscali.de MX 10 mx12.unit.tiscali.de tiscali.de MX 10 mx11.unit.tiscali.de tiscali.de MX 10 mx10.unit.tiscali.de ~# host -t mx planet-interkom.de planet-interkom.de MX 10 mx10.unit.tiscali.de planet-interkom.de MX 10 mx12.unit.tiscali.de planet-interkom.de MX 10 mx11.unit.tiscali.de ~# host -t mx addcom.de addcom.deMX 10 mx11.unit.tiscali.de addcom.deMX 10 mx12.unit.tiscali.de addcom.deMX 10 mx10.unit.tiscali.de Does any of their MX hosts work for any of you? as i mailed before these domains are offline tiscali was bought by freenet and stopped mail service mxs werent deleted ( who knows why ) advice to create error transports await the same for imail.de und eplus-online.de imail.de goes to gmx but users have to inform gmx to migrate their mail adresses as real world this will lead to many bounces by ignorant mailusers -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: Split MX and user name lookup
Michael Moritz ?: since I use a recipients cache file that will grow and need maintaining. (The third problem would be having to delete (?) the cache every time users, aliases, sql, etc are altered on the mail/smtp machine). Could postfix offer some sort of verify this address service / socket / port? You don't have to delete the cache when the user is changed. The socket is called SMTP, and the command is called RCPT TO. It makes no sense to implement another service for this. Wietse
Re: Split MX and user name lookup part II
Michael Moritz wrote: This is a problem we came upon while setting up the split MX (described earlier on this list). On the the smtp gateway I have this in master.cf smtp inet n - - - 20 smtpd -o cleanup_service_name=pre-cleanup -o smtpd_proxy_filter=127.0.0.1:10024 -o smtpd_client_connection_count_limit=10 -o content_filter= #-o content_filter=127.0.0.1:10024 The proxy filter is amavis doing spamassassin. It's based on some docs I found about pre queue insertion content inspection on postfix.org. The idea is to eliminate backscatter. The (well known) problem with this is that once the machine gets busy messages start getting queued via the secondary MX, introducing additional delays. I think it would be a killer feature of postfix if it started doing something like this: once all the smtp processes (20 above) are in use switch to accepting smtp connections but doing content filtering (e.g. similar to the line commented out above). Is this already feasible in postfix? don't use a proxy_filter unless you have enough resources and/or the proxy_filter is fast.
Add sender IP on the header
Hi, I'am trying to add a new header to all input messages with a label like this: X-Send-IP: senderip i have tried something like this (in main.cf): smtp_data_restrictions = check_lcient_acces cidr:/etc/postfix/add_header and add_header file is like : 0.0.0.0/0 PREPEND X-Send-IP: ${client_addr} but dont work.. any idea?
Re: Add sender IP on the header
On Thu, Nov 06, 2008 at 04:20:25PM +0100, Iker Perez de Albeniz wrote: Hi, I'am trying to add a new header to all input messages with a label like this: X-Send-IP: senderip i have tried something like this (in main.cf): smtp_data_restrictions = check_lcient_acces cidr:/etc/postfix/add_header and add_header file is like : 0.0.0.0/0 PREPEND X-Send-IP: ${client_addr} There is mention of ${client_addr} in access(5) documentation, you are making this up, and Postfix only implements what's documented. PCRE and regexp tables can interpolate data from the input key into the result: smtpd_data_restrictions = check_client_access pcre:/etc/postfix/add_header.pcre add_header.pcre: # Client name, not an IPv4/IPv6 address: /[^\d.:]/ DUNNO # Otherwise: /^(.*)$/PREPEND X-Send-IP: ${1} -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:[EMAIL PROTECTED] If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: tiscali hostsed email domains unreachable? Or is it just me?
Victor Duchovni schrieb: On Thu, Nov 06, 2008 at 03:50:41PM +0100, Ralf Hildebrandt wrote: tiscali.de error:Tiscali hat den Maildienst zu tiscali.de zum 15.10.2008 eingestellt Better version for Postfix 2.3+ (multi-line is just for readability): tiscali.de error:5.1.2 Tiscali hat den Maildienst zu tiscali.de zum 15.10.2008 eingestellt http://tools.ietf.org/html/rfc3463#section-3.2 or maybe something like this should work too check_recipient_mx_access type:table Search the specified access(5) database for the MX hosts for the RCPT TO domain, and execute the corresponding action. Note: a result of OK is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This feature is available in Postfix 2.1 and later. smtpd_recipient_restrictions = reject_non_fqdn_recipient, check_recipient_mx_access hash:/etc/postfix/tiscali_recipient_mx_access, ... /etc/postfix/tiscali_recipient_mx_access mx10.unit.tiscali.de REJECT tiscali mailservers are offline mx11.unit.tiscali.de REJECT tiscali mailservers are offline mx12.unit.tiscali.de REJECT tiscali mailservers are offline -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: tiscali hostsed email domains unreachable? Or is it just me?
On Thu, Nov 06, 2008 at 04:33:48PM +0100, Robert Schetterer wrote: Victor Duchovni schrieb: On Thu, Nov 06, 2008 at 03:50:41PM +0100, Ralf Hildebrandt wrote: tiscali.de error:Tiscali hat den Maildienst zu tiscali.de zum 15.10.2008 eingestellt Better version for Postfix 2.3+ (multi-line is just for readability): tiscali.de error:5.1.2 Tiscali hat den Maildienst zu tiscali.de zum 15.10.2008 eingestellt http://tools.ietf.org/html/rfc3463#section-3.2 or maybe something like this should work too check_recipient_mx_access type:table Search the specified access(5) database for the MX hosts for the RCPT TO domain, and execute the corresponding action. Note: a result of OK is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This feature is available in Postfix 2.1 and later. No, the original proposal is better, because it also correctly handles bounces with sender addresses in the domains in question, .forward files, ... and refuses with the appropriate DSN code. Transport table entries that resolve to the error: transport automatically lead to corresponding SMTP rejections of recipients in the problem domain. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:[EMAIL PROTECTED] If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Newbie question
Gustav Meirinho escribió: No problem: Postifix will work properly as long as there is transport configured for each non FQDN domain and reject_non_fqdn_recipient option isn't enabled. kyoku cocinillas escreveu: Hi, Theres something that i dont have very clear. I know in everywhere is recommended to have a fully qualified domain name for your system if you intend to make it a mail server. Now my question is: if is going to be an internal mail server, and the domains will be hosted virtually using mysql, is it necessary to still have an FQDN for the system? or will postfix be allright with the domain name info stored in the database? I am asking this cause the idea is to have a dedicated server in a datacenter that basically serves as primary MX, and then the internal server inhouse which will retrieve the email from the primary MX and will server the internal network. I dont know if i explain right, i am having a missconception problem i believe, could someone clarify please?, thanks in advance. regards, Thanks for the answer!
autoresponder for virtual users
Hi all. I'm looking to implement an auto-response mechanism which: - only sends responses to senders who pass SPF checks - responds from certain virtual aliases as well as certain virtual users - doesn't respond to mailing lists - finds the response message/subject through mysql - supports per-recipient charset (iso-8859-15 or utf-8) - doesn't respond several times to the same sender within a certain time period Searching the list archive and Google turned up yaa as the best alternative, but it seems to have disappeared :( http://frost.ath.cx/software/yaa/ Are there any other good options? I suppose I could write something myself, but this feels like a fairly common thing to do so I was hoping someone else had already done it.
Re: Newbie question
mouss escribió: kyoku cocinillas wrote: Hi, next time, please chose a better subject. if everyone sets Subject: I have a question, then the subject becomes useless... I am very sorry, i did not realize, you are completely right Theres something that i dont have very clear. I know in everywhere is recommended to have a fully qualified domain name for your system if you intend to make it a mail server. Now my question is: if is going to be an internal mail server, and the domains will be hosted virtually using mysql, is it necessary to still have an FQDN for the system? if this system won't connect to external mail servers, do whatever you want. if it will connect to external mail servers, it's not internal and it must comply. In paticular, the HELO name must be fqdn and must resolve (preferably to the external IP as seen from outside). By default, this helo name is $myhostname. It will relay to our dedicated server for sending mail, that will be all or will postfix be allright with the domain name info stored in the database? not sure what you mean. if you mean the default domain, this is $mydomain and can't be stored in a map. if you mean virtual domains, yes, you can store them in mysql or other. I meant virtual domains in mysql, yes. I am asking this cause the idea is to have a dedicated server in a datacenter that basically serves as primary MX, and then the internal server inhouse which will retrieve the email from the primary MX and will server the internal network. I dont know if i explain right, i am having a missconception problem i believe, could someone clarify please?, thanks in advance. don't know. it looks like you confuse the domain of the machine (mydomain, myhostname) and the (virtual) domains used in email addresses. These are different concepts. My question was regarding the domain of the machine, which i dont need to show, just the virtual domains in mysql are the ones that suppose to actually be used by postfix, am i correct?
Re: Add sender IP on the header
an other quiestion.. abaut this postfix.. why sometimes i get an IP an other a client name??? is ther any way to force postfix to resolve allways the names to get te ips? for example in uceprotect DNSBls system they give you that script: -- #!/bin/sh cd /tmp # For Level 1 use this line /usr/bin/wget -N http://wget-mirrors.uceprotect.net/uce-pfsm-1/access.gz; # For Level 2 use this line #/usr/bin/wget -N http://wget-mirrors.uceprotect.net/uce-pfsm-2/access.gz; # For Level 3 use this line #/usr/bin/wget -N http://wget-mirrors.uceprotect.net/uce-pfsm-3/access.gz; cp /tmp/access.gz /etc/postfix/access.gz cd /etc/postfix gzip -d -f access.gz /usr/sbin/postmap /etc/postfix/access /usr/sbin/postfix reload the files are like this: -- 03.78.40.189 571 IP 03.78.40.189 is LEVEL 1 listed at UCEPROTECT-NETWORK. 4.36.109.30 571 IP 4.36.109.30 is LEVEL 1 listed at UCEPROTECT-NETWORK. 4.58.120.34 571 IP 4.58.120.34 is LEVEL 1 listed at UCEPROTECT-NETWORK. 4.59.17.100 571 IP 4.59.17.100 is LEVEL 1 listed at UCEPROTECT-NETWORK. 4.59.24.34 571 IP 4.59.24.34 is LEVEL 1 listed at UCEPROTECT-NETWORK. this wont work if the value we get is a hostname... isn't it? 2008/11/6 Victor Duchovni On Thu, Nov 06, 2008 at 04:20:25PM +0100, Iker Perez de Albeniz wrote: Hi, I'am trying to add a new header to all input messages with a label like this: X-Send-IP: senderip i have tried something like this (in main.cf): smtp_data_restrictions = check_lcient_acces cidr:/etc/postfix/add_header and add_header file is like : 0.0.0.0/0 PREPEND X-Send-IP: ${client_addr} There is mention of ${client_addr} in access(5) documentation, you are making this up, and Postfix only implements what's documented. PCRE and regexp tables can interpolate data from the input key into the result: smtpd_data_restrictions = check_client_access pcre:/etc/postfix/add_header.pcre add_header.pcre: # Client name, not an IPv4/IPv6 address: /[^\d.:]/ DUNNO # Otherwise: /^(.*)$/PREPEND X-Send-IP: ${1} -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:[EMAIL PROTECTED] If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: autoresponder for virtual users
Martin Strand schrieb: Hi all. I'm looking to implement an auto-response mechanism which: - only sends responses to senders who pass SPF checks - responds from certain virtual aliases as well as certain virtual users - doesn't respond to mailing lists - finds the response message/subject through mysql - supports per-recipient charset (iso-8859-15 or utf-8) - doesn't respond several times to the same sender within a certain time period Searching the list archive and Google turned up yaa as the best alternative, but it seems to have disappeared :( http://frost.ath.cx/software/yaa/ Are there any other good options? I suppose I could write something myself, but this feels like a fairly common thing to do so I was hoping someone else had already done it. hi, in postfix admin you find a perl vaccation script for virtual users ( uses transport ) http://sourceforge.net/projects/postfixadmin/ this dont report several times as well as to mailling lists ( if their headers are known but i am not sure here ) it may not be exactly what you looking for but should target you in the right way SPF check you have to implement by your own there is a policy server in perl which you might can use after all i wouldnt recommend including that explicit in a autoresponder i modified the script not to answer to spam allready marked mails which basicly does a good job ( spf weight an check are allready done in the smtp income stage and spamassassin ) -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: Add sender IP on the header
Iker Perez de Albeniz wrote: an other quiestion.. abaut this postfix.. if it's another question, better start another thread. or at least, trim the old conversation. why sometimes i get an IP an other a client name??? if you mean in access checks, postfix will generally lookup both. first the hostname, then the IP. This should be ok for most purpuses. to only check IPs, use a cidr map. and if you use a cidr map, do not postmap it. is ther any way to force postfix to resolve allways the names to get te ips? there is no point to resolve the name. The IP is known before the name is! (the name is obtained by resolving the IP). you want cidr. for example in uceprotect DNSBls system they give you that script: 1- if this is a real mail server, don't use uceprotect. it is unsafe. 2- read about reject_rbl_client and its friends. 3- to download uceprotect lists, use rsync instead of wget: rsync --times -azv \ rsync-mirrors.uceprotect.net::RBLDNSD-ALL/dnsbl-2.uceprotect.net \ . 4- the files need to be converted to a format usable by postfix. something like: awk '{print $1 REJECT listed in uceprotect blah blah}' $file uceprotect.tmp mv uceprotect.tmp uceprotect.cidr
sending a copy of mail to another user..
Hi, i want to duplicate mails of a specific email account.. like i have mail address [EMAIL PROTECTED] and i want when [EMAIL PROTECTED] send an email to an external email account a copy of email should be send to [EMAIL PROTECTED] and i dont' want [EMAIL PROTECTED] to know about this.. plz tell me how i can make it possible.. ?? _ Windows Live Hotmail now works up to 70% faster. http://windowslive.com/Explore/Hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_faster_112008
Re: sending a copy of mail to another user..
Mumtaz Ali пишет: Hi, i want to duplicate mails of a specific email account.. like i have mail address [EMAIL PROTECTED] and i want when [EMAIL PROTECTED] send an email to an external email account a copy of email should be send to [EMAIL PROTECTED] and i dont' want [EMAIL PROTECTED] to know about this.. plz tell me how i can make it possible.. ?? use recipient_bcc_maps
Re: sending a copy of mail to another user..
Nikita Kipriyanov пишет: Mumtaz Ali пишет: Hi, i want to duplicate mails of a specific email account.. like i have mail address [EMAIL PROTECTED] and i want when [EMAIL PROTECTED] send an email to an external email account a copy of email should be send to [EMAIL PROTECTED] and i dont' want [EMAIL PROTECTED] to know about this.. plz tell me how i can make it possible.. ?? use recipient_bcc_maps It's a mistake. In this case sender_bcc_maps should be used. Sorry.
Re: OT: Sender Header
On 6 Nov 2008, at 10:07, mouss wrote: Neil wrote: Because some (and so far the only pattern is It shows up when subscribing to the SpamAssassin Mailing List.) of my mails at getting that header attached (and with a bad address) and it's annoying me... what do you exactly mean? almost all mailing lists set this header and we have no problem with that. if you are annoyed by the on behalf of..., replace your mail server(s) and/or mail user agents with ones that don't annoy you... I'm not bothered by Sender being added by mailing lists, etc. But it's that the Sender header contains one of my email addresses, and not the one I'm actually sending from... On 6 Nov 2008, at 09:23, Brian Evans - Postfix List wrote: Neil wrote: At what point does the Sender: header usually get added to the mail? Because some (and so far the only pattern is It shows up when subscribing to the SpamAssassin Mailing List.) of my mails at getting that header attached (and with a bad address) and it's annoying me... The Sender header is optional when Sender and From are equal. It is added by the mail client, not the server. Thanks, I'll turn my attention there then.
Message-id logging (include rfc822-comments?)
When a message-id is followed by rfc822 comment text: Message-Id: [EMAIL PROTECTED] (test) 2008-11-06T13:13:35-0500 amnesiac postfix/cleanup[10832]: AF24675A3D: message-id=[EMAIL PROTECTED] (test) postfix logs both the id and the comment. This is perhaps more robust, in case the header is mangled, and most of the unique data is in the comment. On the other hand, for well-formed headers, the comment is not part of the message-id: for example: 2008-11-06T01:11:19-0500 amnesiac postfix/cleanup[13756]: AE620EF8001: message-id=[EMAIL PROTECTED] (added by [EMAIL PROTECTED]) Should Postfix make any effort to log the above message differently? -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:[EMAIL PROTECTED] If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Address verification
I have double-bounce messages in the queue, not sure what that is all about. For instance, to Yahoo addresses. Is this related to the fact that I am doing AV to those addresses? -- Robert
Re: Address verification
Robert Fitzpatrick wrote: I have double-bounce messages in the queue, not sure what that is all about. For instance, to Yahoo addresses. Is this related to the fact that I am doing AV to those addresses? Logs? 'postconf -n'? Do you mean reject_unverified_recipient? It is unwise to verify the entire internet. Some places may blacklist you for doing so. The best use of such a restriction is for domains you control when you cannot list a recipients in a map. Brian
Re: Message-id logging (include rfc822-comments?)
Victor Duchovni: When a message-id is followed by rfc822 comment text: Message-Id: [EMAIL PROTECTED] (test) 2008-11-06T13:13:35-0500 amnesiac postfix/cleanup[10832]: AF24675A3D: message-id=[EMAIL PROTECTED] (test) postfix logs both the id and the comment. This is perhaps more robust, in case the header is mangled, and most of the unique data is in the comment. Indeed, the current implementation is conservative; it does not lose information in the event of malformed content (it does, however, neutralize non-printable characters before logging). On the other hand, for well-formed headers, the comment is not part of the message-id: for example: 2008-11-06T01:11:19-0500 amnesiac postfix/cleanup[13756]: AE620EF8001: message-id=[EMAIL PROTECTED] (added by [EMAIL PROTECTED]) Should Postfix make any effort to log the above message differently? How would one decide that a (message-id) header is not mangled? This would require parsing the string, counting the address tokens, and if there is only one address token, use that as the logged message ID, otherwise log the entire original string. But I wonder if it is really worth the trouble. Wietse
Re: Address verification
Robert Fitzpatrick: I have double-bounce messages in the queue, not sure what that is all about. For instance, to Yahoo addresses. Is this related to the fact that I am doing AV to those addresses? If the message has status=deliverable or status=undeliverable, then the message is an address probe: either it's sender/recipient address verification, or it's mail queued with sendmail -bv. If the status is sent, deferred or bounced then it is a non-probe message. Wietse
Re: Address verification
Robert Fitzpatrick wrote: I have double-bounce messages in the queue, not sure what that is all about. For instance, to Yahoo addresses. Is this related to the fact that I am doing AV to those addresses? Recent postfix versions use the double-bounce address as the sender of address probes. Sender address verification should be used carefully and selectively - some sites will consider probes to non-existent addresses a dictionary attack and block you. -- Noel Jones
Re: OT: Sender Header
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Evans - Postfix List wrote: [...] It is added by the mail client, not the server. Can you please show me some example? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkTe7QACgkQsCouaZaxlv41EgCfZRSYzbsvJbY3aTmrEv9KgFv1 qz0AnRhuCPxqw4XfmaO32sxowubQ256y =6I1x -END PGP SIGNATURE-
Re: OT: Sender Header
Byung-Hee HWANG: Brian Evans - Postfix List wrote: [...] It is added by the mail client, not the server. Can you please show me some example? RFC2822 section 3.6.2 has one example. http://tools.ietf.org/html/rfc2822#section-3.6.2 Mailing lists (including this one) also provide a Sender: header. Wietse
Re: autoresponder for virtual users
On Thu, 06 Nov 2008 18:24:33 +0100, Robert Schetterer [EMAIL PROTECTED] wrote: Martin Strand schrieb: Hi all. I'm looking to implement an auto-response mechanism which: - only sends responses to senders who pass SPF checks - responds from certain virtual aliases as well as certain virtual users - doesn't respond to mailing lists - finds the response message/subject through mysql - supports per-recipient charset (iso-8859-15 or utf-8) - doesn't respond several times to the same sender within a certain time period Searching the list archive and Google turned up yaa as the best alternative, but it seems to have disappeared :( http://frost.ath.cx/software/yaa/ Are there any other good options? I suppose I could write something myself, but this feels like a fairly common thing to do so I was hoping someone else had already done it. hi, in postfix admin you find a perl vaccation script for virtual users ( uses transport ) http://sourceforge.net/projects/postfixadmin/ this dont report several times as well as to mailling lists ( if their headers are known but i am not sure here ) it may not be exactly what you looking for but should target you in the right way SPF check you have to implement by your own there is a policy server in perl which you might can use after all i wouldnt recommend including that explicit in a autoresponder i modified the script not to answer to spam allready marked mails which basicly does a good job ( spf weight an check are allready done in the smtp income stage and spamassassin ) Thanks, Robert. Maybe I'll put something together myself using ideas from postfixadmin and yaa. yaa 0.3.1 can still be found through archive.org. Always being paranoid, I feel passing SPF is essential before sending anything back - what if a spammer starts sending from a spamtrap address, making my server send responses there? Yikes! :) Martin
Recommendations?
Hey all, I'm contemplating switching my email over to be hosted myself, and am wondering what the best/easiest way to accomplish what I'm thinking to do might be. Currently I don't have all that many email addresses on the system, but that might change at some point soon. What I'd like to be able to do, without going entirely into a deep level of complication, is to set up a manner in which users can send/receive email without needing to have shell access. I'm the only person who currently has/needs shell access in our current situation, and I intend to make it the same when I make the transition. I've done some googling, but 90% of the results I come up with involve anything from your basic SQL implementation to postfixadmin plus this or that plugin. MySQL is optional, but not a requirement so long as Postfix can put the mail somewhere and Courier can pick it up from said somewhere. Any suggestions/pointers would be helpful. Web interfaces are again, an option but not required. It'd be nice, but if I can do same via command line, I'm certainly not going to shy away from it. I look forward to any help/hints/tricks. Sincerely, James Homuth
Re: Split MX and user name lookup part II
Michael Moritz: This is a problem we came upon while setting up the split MX (described earlier on this list). On the the smtp gateway I have this in master.cf smtp inet n - - - 20 smtpd -o cleanup_service_name=pre-cleanup -o smtpd_proxy_filter=127.0.0.1:10024 -o smtpd_client_connection_count_limit=10 -o content_filter= #-o content_filter=127.0.0.1:10024 To switch between before/after filters depending on load, use the Postfix 2.5 stress-dependent feature. smtp inet n - - - 20 smtpd -o smtpd_proxy_filter=${stress:127.0.0.1:10024} -o content_filter=${stress?127.0.0.1:10024} This, of course, requires that the filter can handle both cases. In particular, the filter cannot reject mail. There are patches that back-port stress-dependent behavior to earlier Postfix releases. See http://www.postfix.org/downloads.html. Wietse
Re: OT: Sender Header
On 6 Nov 2008, at 13:47, Neil wrote: On 6 Nov 2008, at 09:23, Brian Evans - Postfix List wrote: Neil wrote: At what point does the Sender: header usually get added to the mail? Because some (and so far the only pattern is It shows up when subscribing to the SpamAssassin Mailing List.) of my mails at getting that header attached (and with a bad address) and it's annoying me... The Sender header is optional when Sender and From are equal. It is added by the mail client, not the server. Thanks, I'll turn my attention there then. By pure luck, I had an epiphany and figured it out. Thank you guys for your help (and for assuring me it wasn't Postfix). -N.
Re: Split MX and user name lookup part II
Wietse Venema wrote: Michael Moritz: This is a problem we came upon while setting up the split MX (described earlier on this list). On the the smtp gateway I have this in master.cf smtp inet n - - - 20 smtpd -o cleanup_service_name=pre-cleanup -o smtpd_proxy_filter=127.0.0.1:10024 -o smtpd_client_connection_count_limit=10 -o content_filter= #-o content_filter=127.0.0.1:10024 To switch between before/after filters depending on load, use the Postfix 2.5 stress-dependent feature. smtp inet n - - - 20 smtpd -o smtpd_proxy_filter=${stress:127.0.0.1:10024} -o content_filter=${stress?127.0.0.1:10024} This, of course, requires that the filter can handle both cases. In particular, the filter cannot reject mail. In the case of amavisd-new, one could use policy banks to define different behavior (reject when it's a proxy, tag+pass when a content_filter) based on the injection port number. smtp inet n - - - 20 smtpd -o smtpd_proxy_filter=${stress:127.0.0.1:10024} -o content_filter=${stress?127.0.0.1:10026} See amavsid.conf-sample and the release notes for full details on setting amavisd-new policy banks and adjusting final_{spam, virus, bad_header}_destiny in each policy. This still has the problem that only a limited number of smtpd processes can be configured, but a cool idea regardless. -- Noel Jones
Re: Recommendations?
James Homuth [EMAIL PROTECTED] wrote: I'm contemplating switching my email over to be hosted myself, and am wondering what the best/easiest way to accomplish what I'm thinking to do might be. Currently I don't have all that many email addresses on the system, but that might change at some point soon. What I'd like to be able to do, without going entirely into a deep level of complication, is to set up a manner in which users can send/receive email without needing to have shell access. I'm the only person who currently has/needs shell access in our current situation, and I intend to make it the same when I make the transition. I've done some googling, but 90% of the results I come up with involve anything from your basic SQL implementation to postfixadmin plus this or that plugin. MySQL is optional, but not a requirement so long as Postfix can put the mail somewhere and Courier can pick it up from said somewhere. Any suggestions/pointers would be helpful. Web interfaces are again, an option but not required. It'd be nice, but if I can do same via command line, I'm certainly not going to shy away from it. I look forward to any help/hints/tricks. You do not need to bother with SQL; hash files should be just fine. You should read http://www.postfix.org/VIRTUAL_README.html, specifically the section titled Postfix virtual MAILBOX example: separate domains, non-UNIX accounts. After reading that document and experimenting yourself, ask for help here following the instructions in http://www.postfix.org/DEBUG_README.html#mail. -- Sahil Tandon [EMAIL PROTECTED]
Re: amavisd-new with dkimproxy
mouss wrote: kemas wrote: mouss wrote: $enable_dkim_signing = 1; dkim_key('example.com', 'yourselector', '/path/to/key.pem', c = 'relaxed/simple'); $policy_bank{'ORIGINATING'} = { ... # force MTA conversion to 7-bit (e.g. before DKIM signing) smtpd_discard_ehlo_keywords = ['8BITMIME'], } check amavisd-new RELEASE NOTES for more. this looks better, cleaner and simple, no more one smtp hop again. is there any caveat ? as long as you don't alter mail after amavisd-new, there should be no problem. you can test your dkim signing by sending mail to [EMAIL PROTECTED] I've send email to sa-test at sendmail.org and test at dkimtest.jason.long.name and the result is ok, but I'll try amavisd-new way to sign email..
Re: autoresponder for virtual users
Martin Strand wrote: Hi all. I'm looking to implement an auto-response mechanism which: - only sends responses to senders who pass SPF checks - responds from certain virtual aliases as well as certain virtual users - doesn't respond to mailing lists - finds the response message/subject through mysql - supports per-recipient charset (iso-8859-15 or utf-8) - doesn't respond several times to the same sender within a certain time period Searching the list archive and Google turned up yaa as the best alternative, but it seems to have disappeared :( http://frost.ath.cx/software/yaa/ Are there any other good options? I suppose I could write something myself, but this feels like a fairly common thing to do so I was hoping someone else had already done it. Try managesieve service and pysieved: ManageSieve: - http://wiki.dovecot.org/ManageSieve PySieved: - http://www.woozle.org/~neale/src/pysieved/ Avelsieve: Sieve Mail Filters Plugin for Squirrelmail: - http://email.uoa.gr/avelsieve/ Plugin for Roundcube WebMail: - http://alec.pl/roundcube/managesieve/ Horde WebMail support managesieve too (via Ingo). Thunderbird has plugin for managesieve too. -- Best regards. - Open Source Mail Server Solution for RHEL/CentOS 5.x: http://code.google.com/p/iredmail/
Re: OT: Sender Header
Neil wrote: By pure luck, I had an epiphany and figured it out. good. Can you provide details so that other people who get into the same problem find the answer in the archives?