Re: Yahoo disconnecting at end of data on large messages.
Le 09/06/2010 23:19, Wietse Venema a écrit : Philippe Chaintreuil: One of our users sent a large (about 10MB) e-mail to Yahoo. Yahoo has not been accepting it, they don't give a reason, they just disconnect after getting the whole message: Jun 9 13:20:50 hobbes postfix/smtp[7398]: 02EB432E022: lost connection with e.mx.mail.yahoo.com[67.195.168.230] while sending end of data -- message may be sent more than once Small messages make it through without a problem, and sending the same message from a Gmail account works. Instead of tweaking, spend the effort to become whitelisted. Wietse I emailed Yahoo using the instructions which they had provided the previous time this subject was touched, and they replied to me: --- snip --- From : Yahoo! Mail mail-abuse-b...@cc.yahoo-inc.com Thank you for submitting your White List application. We have changed our application form so that you can provide us with more detailed information about your emailing practices. Please use our new form to submit your application. The new form can be found at: http://help.yahoo.com/l/us/yahoo/mail/postmaster/bulkv2.html Thank you. --- snip --- Not only can you get whitelisted using this form, but you can describe the time-out with large messages. Along with Postfix rate-limiting features, this should improve delivery with Yahoo MX. Kind regards, Olivier -- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
Re: Yahoo disconnecting at end of data on large messages.
Le 09/06/2010 19:35, Philippe Chaintreuil a écrit : One of our users sent a large (about 10MB) e-mail to Yahoo. Yahoo has not been accepting it, they don't give a reason, they just disconnect after getting the whole message: Jun 9 13:20:50 hobbes postfix/smtp[7398]: 02EB432E022: lost connection with e.mx.mail.yahoo.com[67.195.168.230] while sending end of data -- message may be sent more than once Small messages make it through without a problem, and sending the same message from a Gmail account works. I've tried messing with MTU size (down to 950 from 1500), various sysctl settings, DKIM signing and probably a few things I'm forgetting about: to no avail. The best I can find is this post: http://article.gmane.org/gmane.mail.postfix.user/208435 But there's no resolution. Alas, I never received any follow-up. I sense it could be a time-out due to DSL - but I still don't understand why it only does it with Yahoo and with no-one else. Warm regards, Olivier -- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
Re: lost connection with yahoo servers
Le 13/04/2010 14:28, Voytek Eymont a écrit : I seem to be having problems delivering emails to yahoo, how can I troubleshoot this ? mailq: ... 777DAB446E8 7709303 Fri Apr 9 12:15:32 a...@googlemail.com (lost connection with e.mx.mail.yahoo.com[67.195.168.230] while sending end of data -- message may be sent more than once) l...@yahoo.com.au m...@yahoo.com y...@yahoo.com ... We've got the same problem for large messages sent to Yahoo. (including yahoo.fr, yahoo.co.uk etc.) I don't think that it's a Postfix problem at all because only Yahoo causes this, so it much more likely to be a Yahoo problem. Kind regards, Olivier -- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
Re: IPv6 Reverse DNS
Le 21/03/2010 16:32, Martin Barry a écrit : Hi I noted that postfix is writing headers with unknown instead of the IPv6 reverse DNS that I know exists. e.g. Received: from merboo.mamista.net (unknown [IPv6:2001:470:1f0b:1055::1]) by tigger.mamista.net (Postfix) with ESMTP id 581F21100B4 for sage...@sage-au.org.au; Mon, 22 Mar 2010 02:18:00 +1100 (EST) $ dig -x 2001:470:1f0b:1055::1 +short merboo.mamista.net. I'm still convinced the problem is not with postfix but is there a way to imitate it's IPv6 reverse DNS lookups so I can get closer to the cause of the problem? I have no trouble with reverse IPv6 DNS in my postfix headers. Looks like a local DNS config error or mis-delegation. Either way, I don't think it's a postfix issue at all. -- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
Re: I'm not able to smtp relay email to yahoo...
Le 05/02/2010 17:11, Clayton Keller a écrit : On 2/5/2010 10:07 AM, DUBOURG Kevin wrote: Hello, Probably the yahoo domain Key policy. http://en.wikipedia.org/wiki/DomainKeys You have to install Dkimproxy. [...] It could be a part of some of the connectivity issues that they have been reporting off and on over the past week: http://tech.groups.yahoo.com/group/ymailadmin/ We have been seeing similar type deferrals amongst other connection issues during that time frame. Here too, for a while already, and we run DKIMProxy so DomainKeys/DKIM is not an issue. Not a Postfix issue either. Our sendmail-based MX have the same problem. Kind regards, -- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
Re: ipv6 address syntax in master.cf
Use the notation with the square brackets: [::1]:10028 They are used to differentiate the colon used for separaring the port, as opposed to a colon which is part of the IPv6 address. Olivier -- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html - Original Message - From: Byung-Hee HWANG b...@izb.knu.ac.kr To: postfix-users@postfix.org Sent: Saturday, January 24, 2009 10:53 AM Subject: ipv6 address syntax in master.cf hello, simple question. is that possible writing ipv6 address style in master.cf? if it is possible, which is correct syntax? [::1]:10028 inet (...) smtpd or ::1:10028 inet (...) smtpd byunghee
Re: emails not arriving timeout after CONNECT, E ND-OF-MESSAGE, DATA, EHLO
What I meant Martin was that there was a space in the destination word, which was written as destina tion rather than destination. If you make smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination Does it work? Olivier -- Olivier MJ Crepin-Leblond, Ph.D Global Information Highway Ltd http://www.gih.com/ocl.html - Original Message - From: Martin Vila To: postfix Sent: Friday, November 21, 2008 2:41 AM Subject: RE: emails not arriving timeout after CONNECT, END-OF-MESSAGE, DATA, EHLO smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destina tion Could it be this line, which as reject_unauth_destina tion or is this my email viewer of your cut/paste process? Thanks Olivier, I just tried only: smtpd_recipient_restrictions = permit_mynetworks and got this error: Nov 20 20:29:13 smtprelay postfix/postfix-script: refreshing the Postfix mail system Nov 20 20:29:13 smtprelay postfix/master[3355]: reload configuration /etc/postfix Nov 20 20:29:13 smtprelay postfix/anvil[2100]: statistics: max connection rate 1/60s for (smtp:200.38.12.191) at Nov 20 20:25:26 Nov 20 20:29:13 smtprelay postfix/anvil[2100]: statistics: max connection count 1 for (smtp:200.38.12.191) at Nov 20 20:25:26 Nov 20 20:29:13 smtprelay postfix/anvil[2100]: statistics: max cache size 5 at Nov 20 20:27:39 Nov 20 20:30:01 smtprelay postfix/smtpd[23963]: fatal: parameter smtpd_recipient_restrictions: specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit Nov 20 20:30:02 smtprelay postfix/master[3355]: warning: process /usr/libexec/postfix/smtpd pid 23963 exit status 1 Nov 20 20:30:02 smtprelay postfix/master[3355]: warning: /usr/libexec/postfix/smtpd: bad com mand startup -- throttling Nov 20 20:30:10 smtprelay postfix/smtpd[23964]: connect from unknown[10.13.0.9] what else can I try? Martin -- Discover the new Windows Vista Learn more!
Re: Postfix listening on 25, unable to telnet to 25 - my first config
Also check SElinux if you are running this. It may prevent changes to the port config from taking place. You can see entries in the logfile called /var/log/messages Regards, Olivier -- Olivier MJ Crepin-Leblond, Ph.D Global Information Highway Ltd http://www.gih.com/ocl.html - Original Message - From: D G Teed To: Paul Cocker Cc: postfix users list Sent: Friday, November 21, 2008 2:47 AM Subject: Re: Postfix listening on 25, unable to telnet to 25 - my first config Paul Cocker schrieb: Definitely nothing in between, of that I'm certain. Are there any tools which will give me more information about attempts to connect to a port on a remote host? use tcpdump for that purpose please try $ telnet $IP_OF_SMTP_HOST 25 and show exactly, what you get I ran windump in the background and did a telnet to the IP, however a findstr on the output file contains no matches. If I do the same thing using the server name the only matching output in the dump is when the server performs a name lookup, after that there are no matching entries by IP or name. Am I doing something wrong? There are a few things that can make postfix listen only locally. One is firewall. You say it isn't an issue. On the postfix machine, if it is a Unix machine, use lsof -Pni to verify what ports and addresses master is listening on. If it is only listening to 127.0.0.1 then you have a problem with inet_interfaces, or else the look up of the host name listed in inet_interfaces. On many Linux machines, the host resolution order is hosts, dns, and so a bad entry on /etc/hosts can sting you. Make sure you don't have 127.0.0.1 set up with the internet host name of the server in /etc/hosts. It should be only localhost next to 127.0.0.1 I've seen Redhat installs with this messed up. --Donald
Re: Queue ID gets reused? Not unique?
Dear Wietse, thank you for your detailed explanation. In the future, would you consider having unique identifiers generated by an algorithm which would take into account the CPU ID (or other unique identifier), process ID time, so as to make it a unique ID worldwide, or is this not something which you would find to be of interest? I am asking this, in view of future possible instances of the law re: legal status of an email its authoritative tracking. Just curious. Thanks, Olivier - Original Message - From: Wietse Venema [EMAIL PROTECTED] To: Postfix users postfix-users@postfix.org Sent: Friday, November 14, 2008 12:40 PM Subject: Re: Queue ID gets reused? Not unique? Durk Strooisma: I was examining my Postfix logs and saw two sequential sessions using the same queue ID. I was a bit surprised as I had the assumption that queue IDs were generated randomly, which means they should be practically unique. Postfix behaves as documented. Please point out where the documentation made the promise to you that queue IDs are unique. Thanks. Well, the documentation is fine. Actually, I think it's one of best among software projects. The only information I couldn't find was about the creation of queue IDs. Therefore I found myself in the situation I couldn't refute my assumption. Sometimes I am in the mood to pull people's leg. More seriously, I take pride in documenting the behavior that is guaranteed. The algorithm that assigns queue IDs may change, therefore the documentation makes no promises about how it's done. Currently the ID is the name of a short-lived file. A future queue implementation may use persistent files. In that case the queue ID may need to be assigned in some other way. The only hard requirement is that no two messages have the same ID while they are in the Postfix queue. Wietse
Re: Finally blocking some spam
Joey said: I would like to know everyone's techniques... but yes there goes that completive advantage you mentioned. I get no spam whatsoever (zero, nil, zip) because my mailer rejects email from *all* countries. :-) Seriously, rejecting emails from a complete country is overkill. Might kill all spam, but will also kill legitimate emails, and I'm not sure how your clients will know about an email they did not receive. As others have said, be careful because this might bite you back at some point. On the other hand, it's your network so do as you see fit. Cheers, -- Olivier MJ Crepin-Leblond, Ph.D. E-mail:[EMAIL PROTECTED] | http://www.gih.com/ocl.html
Re: Re[2]: Issues enabling SASL in Postfix
This problem also happens with CISCO routers (ie. not only PIX firewalls). We had a similar problem with a CISCO 837 ADSL Router here. The firewall checks normal behaviour for SMTP traffic seems to interfere with ESMTP hence TLS etc. Procedure to resolve it on the router is the same command. Regards, Olivier -- Olivier MJ Crepin-Leblond, Ph.D. E-mail:[EMAIL PROTECTED] | http://www.gih.com/ocl.html - Original Message - From: Diego Ledesma [EMAIL PROTECTED] To: Алексей Доморадов [EMAIL PROTECTED] Cc: postfix-users@postfix.org Sent: Friday, September 12, 2008 8:51 PM Subject: Re: Re[2]: Issues enabling SASL in Postfix 2008/9/12 Алексей Доморадов [EMAIL PROTECTED]: Finally it's working!. You where right. There was something interfering. Turns out that our cisco firewall had some smtp fix-up feature enabled. After disabling it i could telnet smtp from the outside as i did from the inside. cisco pix? FYI Question Background: I have a Cisco PIX firewall in place. I am trying to force SMTP authentication so that remote users can relay through my server without having to open my server up to true relay. The problem is, no one outside my firewall can use SMTPAuth. Why is this? Answer: This likely because your firewall is using the SMTP Fixup protocol. This is stopping the EHLO command sent by the clients being passed on to the server. As the EHLO command is rejected the clients then correctly go on to use HELO and thus can not authenticate. Disable fixup on your router and the clients will then be able to send the EHLO Command correctly. If your firewall is a Cisco PIX then you should be able to use the command: no fixup protocol smtp 25 Thanks for that. Yes, it´s a Cisco PIX 501 firewall and yes, the ehlo command was not working from the outside only helo thus i couldn´t authenticate. I still don´t know what is the purpose of this fixup thing, segurity messure i guess but not sure. Anyways, that´s off-topic. Thanks.
Re: Postfix not sending using TLS
as you can see, psg.com says ESMTP which indicates that it speaks ESMTP. EHLO salsa.gih.co.uk 500 unrecognized command but firewall or proxy doesn't. old code, old behaviour. The error in your previous dump was an indication (unrecognized command). psg.com exim server would have said STARTTLS command used when not advertised. check your docs on how to disable smtp filtering in your firewall (look for somthing like no ip inspect name yourrulename smtp...). That solved it! Thank you very much to you Noel. O. -- Olivier MJ Crepin-Leblond, Ph.D. E-mail:[EMAIL PROTECTED] | http://www.gih.com/ocl.html