date:20080805

Re: smart hosting issues

2008-08-05 Thread Henrik K

On Tue, Aug 05, 2008 at 06:21:58PM -0500, Stan Hoeppner wrote:
> Hello fellow smart hosters,
>
> I've been running this way for 3 years now because I could never figure  
> out how to wildcard "everything else".  Here's the top of my transport  
> file (a very small portion of it):

Three years you didn't look at any documentation? I'm beginning not to
wonder..

The other way (relayhost) come up already, and here is another:

http://www.postfix.org/transport.5.html

"and  specify  a  wildcard
   for all other destinations."

*smtp:outbound-relay.my.domain

"Note 1: the special pattern * represents any address (i.e.
   it functions as the wild-card pattern)."

Re: Missing Something - header_checks Entry

2008-08-05 Thread Noel Jones


Sahil Tandon wrote:

Steve Lowe <[EMAIL PROTECTED]> wrote:


I am testing a new entry in my header_checks file:

   /^Return-Path:.*mjhunter=aurora\.edu*/DISCARD From Address 
 Rejected 018


Sorry for the wrapping above.  PCRE right?  You don't need the second 
"*", so the following should work:


/^Return-Path:.*mjhunter=aurora\.edu/

But even with the extraneous "*", the PCRE hits here with postmap -q.



The bigger problem is that the Return-Path header isn't 
present in the original mail, so header_checks is the wrong 
tool here.


Steve will need to use a check_sender_access map to reject 
unwanted envelope senders.


--
Noel Jones

Re: 504 5.5.2 error workaraound

2008-08-05 Thread Noel Jones


Security Admin (NetSec) wrote:

One of my network devices seems to have issues with its hostname:

"Unexpected error from e-mail server(state=3): 504 5.5.2 : Helo 
command rejected: need fully-qualified hostname."


Appears in my event log of the device when it tries to send logs to my Postfix 
gateway server.  Is there a filter I can add via main.cf to allow just this 
host/IP address without needed the full hostname (which my device has suddenly 
not to give :) )

Thanks in advance!

Edward Ray



Is this device's IP included in your mynetworks setting?  You 
should list "permit_mynetworks" before you 
"reject_non_fqdn_helo_hostname".


If you don't want to list this device in mynetworks for some 
reason, you can use a check_client_access map to whitelist the 
client's IP.  See the archives if you need examples.


--
Noel Jones

RE: E-mail "alias"

2008-08-05 Thread Dov Oxenberg

Thank you Sahil, and Noel, works beautifully!
 



> Date: Tue, 5 Aug 2008 22:14:24 -0400> From: [EMAIL PROTECTED]> To: [EMAIL 
> PROTECTED]> CC: postfix-users@postfix.org> Subject: Re: E-mail "alias"> > Dov 
> Oxenberg <[EMAIL PROTECTED]> wrote:> > > Sorry to be a bother, but another 
> newbie question - in my main.cf, when > > creating the entry for 
> "virtual_alias_maps =" do I have to prepend the > > path value with "hash:?" 
> or do I just put the path to the virtual_alias > > file?> > It doesn't have 
> to be hash, but it does have to be the database type that > corresponds to 
> that map. For more information and examples, see:> > 
> http://www.postfix.org/postconf.5.html#virtual_alias_maps> 
> http://www.postfix.org/postmap.1.html> > -- > Sahil Tandon <[EMAIL PROTECTED]>

Re: Missing Something - header_checks Entry

2008-08-05 Thread Sahil Tandon

Steve Lowe <[EMAIL PROTECTED]> wrote:

> I am testing a new entry in my header_checks file:
> 
>/^Return-Path:.*mjhunter=aurora\.edu*/DISCARD From Address 
>  Rejected 018

Sorry for the wrapping above.  PCRE right?  You don't need the second 
"*", so the following should work:

/^Return-Path:.*mjhunter=aurora\.edu/

But even with the extraneous "*", the PCRE hits here with postmap -q.

-- 
Sahil Tandon <[EMAIL PROTECTED]>

Re: E-mail "alias"

2008-08-05 Thread Sahil Tandon

Dov Oxenberg <[EMAIL PROTECTED]> wrote:

> Sorry to be a bother, but another newbie question - in my main.cf, when 
> creating the entry for "virtual_alias_maps =" do I have to prepend the 
> path value with "hash:?" or do I just put the path to the virtual_alias 
> file?

It doesn't have to be hash, but it does have to be the database type that 
corresponds to that map.  For more information and examples, see:

http://www.postfix.org/postconf.5.html#virtual_alias_maps
http://www.postfix.org/postmap.1.html

-- 
Sahil Tandon <[EMAIL PROTECTED]>

RE: E-mail "alias"

2008-08-05 Thread Dov Oxenberg

In my post below the question mark in the "hash:?" was a typo

From: [EMAIL PROTECTED]: [EMAIL PROTECTED]: RE: E-mail "alias"Date: Tue, 5 Aug 
2008 22:05:23 -0400


Sorry to be a bother, but another newbie question - in my main.cf, when 
creating the entry for "virtual_alias_maps =" do I have to prepend the path 
value with "hash:?" or do I just put the path to the virtual_alias file? 
Thanks!Dov

> A virtual_alias_maps entry should do what you want. Note that > example.com 
> does *not* need to be defined in > virtual_alias_domains (but OK if it is for 
> other purposes).> > # virtual_alias> [EMAIL PROTECTED] [EMAIL PROTECTED]

RE: E-mail "alias"

2008-08-05 Thread Dov Oxenberg

Sorry to be a bother, but another newbie question - in my main.cf, when 
creating the entry for "virtual_alias_maps =" do I have to prepend the path 
value with "hash:?" or do I just put the path to the virtual_alias file?
 
Thanks!
Dov



> A virtual_alias_maps entry should do what you want. Note that > example.com 
> does *not* need to be defined in > virtual_alias_domains (but OK if it is for 
> other purposes).> > # virtual_alias> [EMAIL PROTECTED] [EMAIL PROTECTED]

Re: 504 5.5.2 error workaraound

2008-08-05 Thread Sahil Tandon

Security Admin (NetSec) <[EMAIL PROTECTED]> wrote:

> One of my network devices seems to have issues with its hostname:
> 
> "Unexpected error from e-mail server(state=3): 504 5.5.2 
> : Helo command rejected: need fully-qualified 
> hostname."
> 
> Appears in my event log of the device when it tries to send logs to my 
> Postfix gateway server.  Is there a filter I can add via main.cf to 
> allow just this host/IP address without needed the full hostname (which 
> my device has suddenly not to give :) )
   
You can probably use a check_helo_access map in your smtpd_*_checks 
before you reject_non_fqdn_helo_hostname, but please provide the output 
of postconf -n and read:

http://www.postfix.org/DEBUG_README.html#mail

-- 
Sahil Tandon <[EMAIL PROTECTED]>

504 5.5.2 error workaraound

2008-08-05 Thread Security Admin (NetSec)

One of my network devices seems to have issues with its hostname:

"Unexpected error from e-mail server(state=3): 504 5.5.2 : 
Helo command rejected: need fully-qualified hostname."


Appears in my event log of the device when it tries to send logs to my Postfix 
gateway server.  Is there a filter I can add via main.cf to allow just this 
host/IP address without needed the full hostname (which my device has suddenly 
not to give :) )

Thanks in advance!

Edward Ray

-- 
This mail was scanned by BitDefender
For more informations please visit http://www.bitdefender.com

Missing Something - header_checks Entry

2008-08-05 Thread Steve Lowe


I am testing a new entry in my header_checks file:

   /^Return-Path:.*mjhunter=aurora\.edu*/DISCARD From Address Rejected 
018

in an attempt to test this header entry:

Return-Path: <[EMAIL PROTECTED]>

I have entries for From, Subject, X-Barracuda-Connect and they work.

For some reason, I cannot see the 'Trees for the Forest" on this new entry.

Any suggestions?

Steve

==
Steve Lowe
Information Technology Services
Aurora University
(630) 844 4200

Re: SMTP-AUTH with crypt passwords in SQL backend

2008-08-05 Thread kj


Juan Miscaro wrote:

Hi everybody,

I have STARTTLS, SMTP-AUTH, and SASL running with cleartext passwords
in a SQL backend for a while now.  I am trying to switch over from
cleartext to crypt in terms of my passwords stored in MySQL.  I have
things running for IMAP with crypt.  For SMTP-AUTH I am using the same
SQL table and password.  I thought all I would need to do is edit my
smtpd.conf file (point to the encrypted table column and specify crypt
as password format) but I'm getting

postfix/smtpd[6085]: warning: SASL authentication failure: Password
verification failed
postfix/smtpd[6085]: warning: modemcableBLAH[69.10.10.10]: SASL PLAIN
authentication failed: authentication failure
postfix/smtpd[6085]: warning: modemcableBLAH[69.10.10.10]: SASL LOGIN
authentication failed: authentication failure


I'm using libsasl2 in Debian Etch (not sure if this is Cyrus or not, 
none of the included documents specify) but either ways, I use sasl with 
pam and pam with mysql.


~# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login

# cat /etc/pam.d/smtp
auth required pam_mysql.so user=postfix passwd=YOURPASS host=127.0.0.1 
db=postfix table=mailbox usercolumn=username passwdcolumn=password 
crypt=1 md5=1
account sufficient pam_mysql.so user=postfix passwd=YOURPASS 
host=127.0.0.1 db=postfix table=mailbox usercolumn=username 
passwdcolumn=password crypt=1 md5=1


One other gotcha is that if you're running Postfix in a chroot, you have 
to make sasl put it's socket in the Postfix chroot, otherwise it won't work.


From /etc/defaults/saslauthd:

# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian

Hope this helps!

--kj

RE: E-mail "alias"

2008-08-05 Thread Dov Oxenberg

Thank you Noel, that is exactly what I am looking for.
So if I understand you correctly, once I have the virtual_alias value in place, 
assuming I can configure my mail client with an alternate address, matching the 
value of "virtual_alias" in my Postfix, the Postfix MTA will relay the mail for 
me, is that correct?
Thanks for the prompt reply,
Dov



> Date: Tue, 5 Aug 2008 17:17:51 -0500> From: [EMAIL PROTECTED]> To: 
> postfix-users@postfix.org> CC: [EMAIL PROTECTED]> Subject: Re: E-mail 
> "alias"> > Dov Oxenberg wrote:> > Hello,> > Please forgive the stupid 
> question but I have done my due diligence and > > was unable to locate a 
> definitive answer in the Postfix FAQ, > > Documentation, or How To.> > 
> Basically what I want to do seems simple enough I am just not sure how > > to 
> go about it. Currently I run a Mailman mailing list using Postfix as > > the 
> MTA and all mail is getting sent to the subscribers. > > Outside of the 
> mailing list, I want to create an e-mail alias such as > > [EMAIL PROTECTED] 
>  where example.com is my > > qualified Internet 
> Domain name (same as the Domain name used for the > > Mailman mailing list), 
> and have that forwarded to either this Hotmail > > account or my BellSouth 
> e-mail box.> > Where would I create this e-mail address and how do I tell 
> Postfix to > > send the mail to my legitimate mailbox?> > A 
> virtual_alias_maps entry should do what you want. Note that > example.com 
> does *not* need to be defined in > virtual_alias_domains (but OK if it is for 
> other purposes).> > # virtual_alias> [EMAIL PROTECTED] [EMAIL PROTECTED]> > > 
> > Secondly, would it be possible to compose a message from my legitimate > > 
> e-mail account and use my Postfix as a sort of relay, where Postfix > > would 
> accept my message, then make it appear as though it were coming > > from 
> [EMAIL PROTECTED]  and send it to its > > intended 
> recipient? What I mean is, at the final intended destination > > of the 
> message, I would like the e-mail to appear as though it was from > > [EMAIL 
> PROTECTED]  as opposed to my real > > e-mail 
> address.> > Thanks!> > Dov> > It's generally better to configure your mail 
> client to set the > sender address to what you need.> You can use 
> smtp_generic_maps to rewrite some address to some > other specific address.> 
> http://www.postfix.org/ADDRESS_REWRITING_README.html#generic> > If what you 
> are wanting to do is send mail through your > hotmail account and have it 
> appear as if it comes from > example.com, that depends on what hotmail 
> allows. Gmail, for > example, allows you to set an alternate sender address 
> once > you prove you control that alternate address - but this has > nothing 
> to do with postfix or your local server.> > -- > Noel Jones

Re: smart hosting issues

2008-08-05 Thread Noel Jones


Stan Hoeppner wrote:

Hello fellow smart hosters,

I've been running this way for 3 years now because I could never figure 
out how to wildcard "everything else".  Here's the top of my transport 
file (a very small portion of it):


hardwarefreak.com   smtp:[192.168.100.2]
earthlink.net   smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.earthlink.net  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
sbcglobal.net   smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.sbcglobal.net  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
swbell.net  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.swbell.net smtp:[smtp.sbc.mail.yahoo4.akadns.net]
sbc.com smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.sbc.comsmtp:[smtp.sbc.mail.yahoo4.akadns.net]
yahoo.com   smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.yahoo.com  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
aol.com smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.aol.comsmtp:[smtp.sbc.mail.yahoo4.akadns.net]


Is there a way to wildcard everything other than hardwarefreak.com?  I'd 
sure like to have a two line transport file instead of 200.


Any help in getting this fixed would be greatly appreciated.

Thanks.

Stan Hoeppner
TheHardwareFreak


# main.cf
relayhost = [smtp.sbc.mail.yahoo4.akadns.net]

# transport
hardwarefreak.com   smtp:[192.168.100.2]

All mail is sent to the relayhost, except for overrides listed 
in the transport map.


--
Noel Jones

Re: mail queue is filling up with bounce messages

2008-08-05 Thread Sahil Tandon

Tait Grove <[EMAIL PROTECTED]> wrote:

> I have a lot of messages that are being delivered to `double-bounce`
> accounts. What setting do I have that may cause this buildup?

Might be related to the existence and placement of your 
reject_unverified_recipient parameter.  See:

http://article.gmane.org/gmane.mail.postfix.user/181317

-- 
Sahil Tandon <[EMAIL PROTECTED]>

Re: Postfix log warning

2008-08-05 Thread Ken Hathaway

Doh! forgot to include this

kenhat: postconf -d myhostname
myhostname = swi.spellwellinc.com
SWI.spellwellinc.com:~


On Tue, Aug 5, 2008 at 6:01 PM, Ken Hathaway <[EMAIL PROTECTED]
> wrote:

> Thanks Brian! You got me going in the right direction.
>
> I probably should have mentioned that this running in a FreeBSD jail.
>
> I read the archive reference you gave and pulled and compiled gethostbyaddr
> & gethostbyname. I haven't used c in long time so I was pretty impressed
> with myself getting these to compile. ;) So here is what I got.
>
> SWI.spellwellinc.com:~
> kenhat: ./gethostbyaddr 74.86.26.64
> host 74.86.26.64 not found
> SWI.spellwellinc.com:~
> kenhat: ./gethostbyname swi.spellwellinc.com
> Hostname:swi.spellwellinc.com
> Aliases:
> Addresses:74.86.26.64
> SWI.spellwellinc.com:~
> kenhat:
>
> I copied these programs to my master server (not a jail) and get the same
> results.
>
> While I'm further along with my debugging I'm still not sure how to fix it.
> Any help appreciated...
>
> Also would this cause the assorted email ISP out there to classify my email
> as junk? Is postfix passing on the warning message to the far end smtp? That
> doesn't seem right.
>
> Anyway thanks for the help
>
> ken
>
>
>
> So if I'm reading this right the warning message is coming from postfix.
>
>
> On Tue, Aug 5, 2008 at 1:12 PM, Brian Evans - Postfix List <
> [EMAIL PROTECTED]> wrote:
>
>> Ken Hathaway wrote:
>>
>>>
>>> First off I don't think this is a postfix problem. I'm hoping someone
>>> here has seen something similar and can help me out. Google so far has
>>> turned up nothing for me. :(
>>>
>>> I get this same warning from gmail, yahoo & live. The email goes straight
>>> the the junk email folder on all of these systems. :( Makes me very unhappy.
>>>
>>> Log snippet: (74.86.26.64  spellwellinc.com <
>>> http://spellwellinc.com> is my server)
>>>
>>> Aug  4 16:55:03 swi postfix/smtpd[23275]: warning: 74.86.26.64 <
>>> http://74.86.26.64>: address not listed for hostname spellwellinc.com <
>>> http://spellwellinc.com>
>>> Aug  4 16:55:03 swi postfix/smtpd[23275]: connect from unknown[
>>> 74.86.26.64 ]
>>> Aug  4 16:55:03 swi postfix/smtpd[23275]: 03377BDCC2: client=unknown[
>>> 74.86.26.64 ]
>>> Aug  4 16:55:03 swi postfix/cleanup[23278]: 03377BDCC2: message-id=<
>>> [EMAIL PROTECTED] >> [EMAIL PROTECTED]> (Spell Well Inc.
>>> Password Reset)>
>>> Aug  4 16:55:03 swi postfix/qmgr[66310]: 03377BDCC2: from=<
>>> [EMAIL PROTECTED] >, size=1193,
>>> nrcpt=1 (queue active)
>>> Aug  4 16:55:03 swi postfix/smtpd[23275]: disconnect from unknown[
>>> 74.86.26.64 ]
>>> Aug  4 16:55:04 swi postfix/smtp[23279]: 03377BDCC2: to=<
>>> [EMAIL PROTECTED] >, relay=
>>> gmail-smtp-in.l.google.com [
>>> 64.233.185.27 ]:25, delay=1.4,
>>> delays=0.11/0.01/0.09/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1217868904
>>> l43si10712889wrl.17)
>>> Aug  4 16:55:04 swi postfix/qmgr[66310]: 03377BDCC2: removed
>>>
>>> I assume the warning: 27.86.26.64 : address not
>>> listed message if from the far end. I check DNS and see PTR is there. Then
>>> check dig -x
>>>
>>
>> Postfix smtpd uses gethostbyaddr() and gethostbyname() system libraries.
>> Here's a great post by Wietse from the archives to see what Postfix sees:
>> http://archives.neohapsis.com/archives/postfix/2001-02/1165.html
>> This should help you debug a bit more.
>>
>> If that turns up nothing interesting, someone more knowledgeable than me
>> can help further.
>>
>>  I must have something screwed up in DNS but can't find it. I can post my
>>> zone file if that helps. Anyone out there that can toss me a bone?
>>>
>>> I'm only using postfix for outgoing mail. No incoming.
>>>
>>> Just in case someone thinks my postconf might help.
>>>
>>> root: postconf -n
>>>
>> [...]
>>
>>> mydestination = $myhostname, localhost.$mydomain, localhost
>>>
>> myhostname is default.  Hard to tell what it is from this output.
>> 'postconf -d myhostname' may help you know what postfix is using.
>>
>>  smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
>>>
>>
>> This line is useless as everything permits (implied permit at the end).
>>
>> Brian
>>
>
>

Re: Postfix log warning

2008-08-05 Thread Ken Hathaway

Thanks Brian! You got me going in the right direction.

I probably should have mentioned that this running in a FreeBSD jail.

I read the archive reference you gave and pulled and compiled gethostbyaddr
& gethostbyname. I haven't used c in long time so I was pretty impressed
with myself getting these to compile. ;) So here is what I got.

SWI.spellwellinc.com:~
kenhat: ./gethostbyaddr 74.86.26.64
host 74.86.26.64 not found
SWI.spellwellinc.com:~
kenhat: ./gethostbyname swi.spellwellinc.com
Hostname:swi.spellwellinc.com
Aliases:
Addresses:74.86.26.64
SWI.spellwellinc.com:~
kenhat:

I copied these programs to my master server (not a jail) and get the same
results.

While I'm further along with my debugging I'm still not sure how to fix it.
Any help appreciated...

Also would this cause the assorted email ISP out there to classify my email
as junk? Is postfix passing on the warning message to the far end smtp? That
doesn't seem right.

Anyway thanks for the help

ken



So if I'm reading this right the warning message is coming from postfix.

On Tue, Aug 5, 2008 at 1:12 PM, Brian Evans - Postfix List <
[EMAIL PROTECTED]> wrote:

> Ken Hathaway wrote:
>
>>
>> First off I don't think this is a postfix problem. I'm hoping someone here
>> has seen something similar and can help me out. Google so far has turned up
>> nothing for me. :(
>>
>> I get this same warning from gmail, yahoo & live. The email goes straight
>> the the junk email folder on all of these systems. :( Makes me very unhappy.
>>
>> Log snippet: (74.86.26.64  spellwellinc.com <
>> http://spellwellinc.com> is my server)
>>
>> Aug  4 16:55:03 swi postfix/smtpd[23275]: warning: 74.86.26.64 <
>> http://74.86.26.64>: address not listed for hostname spellwellinc.com <
>> http://spellwellinc.com>
>> Aug  4 16:55:03 swi postfix/smtpd[23275]: connect from unknown[
>> 74.86.26.64 ]
>> Aug  4 16:55:03 swi postfix/smtpd[23275]: 03377BDCC2: client=unknown[
>> 74.86.26.64 ]
>> Aug  4 16:55:03 swi postfix/cleanup[23278]: 03377BDCC2: message-id=<
>> [EMAIL PROTECTED] > [EMAIL PROTECTED]> (Spell Well Inc.
>> Password Reset)>
>> Aug  4 16:55:03 swi postfix/qmgr[66310]: 03377BDCC2: from=<
>> [EMAIL PROTECTED] >, size=1193,
>> nrcpt=1 (queue active)
>> Aug  4 16:55:03 swi postfix/smtpd[23275]: disconnect from unknown[
>> 74.86.26.64 ]
>> Aug  4 16:55:04 swi postfix/smtp[23279]: 03377BDCC2: to=<
>> [EMAIL PROTECTED] >, relay=
>> gmail-smtp-in.l.google.com [
>> 64.233.185.27 ]:25, delay=1.4,
>> delays=0.11/0.01/0.09/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1217868904
>> l43si10712889wrl.17)
>> Aug  4 16:55:04 swi postfix/qmgr[66310]: 03377BDCC2: removed
>>
>> I assume the warning: 27.86.26.64 : address not
>> listed message if from the far end. I check DNS and see PTR is there. Then
>> check dig -x
>>
>
> Postfix smtpd uses gethostbyaddr() and gethostbyname() system libraries.
> Here's a great post by Wietse from the archives to see what Postfix sees:
> http://archives.neohapsis.com/archives/postfix/2001-02/1165.html
> This should help you debug a bit more.
>
> If that turns up nothing interesting, someone more knowledgeable than me
> can help further.
>
>  I must have something screwed up in DNS but can't find it. I can post my
>> zone file if that helps. Anyone out there that can toss me a bone?
>>
>> I'm only using postfix for outgoing mail. No incoming.
>>
>> Just in case someone thinks my postconf might help.
>>
>> root: postconf -n
>>
> [...]
>
>> mydestination = $myhostname, localhost.$mydomain, localhost
>>
> myhostname is default.  Hard to tell what it is from this output.
> 'postconf -d myhostname' may help you know what postfix is using.
>
>  smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
>>
>
> This line is useless as everything permits (implied permit at the end).
>
> Brian
>

mail queue is filling up with bounce messages

2008-08-05 Thread Tait Grove

I have a lot of messages that are being delivered to `double-bounce`
accounts. What setting do I have that may cause this buildup?

 

Sample log:

 

-Queue ID- --Size-- Arrival Time -Sender/Recipient---

AE3FD7E833* 288 Tue Aug  5 16:57:20
[EMAIL PROTECTED]

 [EMAIL PROTECTED]

 

 

Postconf -n:

alias_database = hash:/etc/mail/aliases

alias_maps = hash:/etc/mail/aliases

bounce_queue_lifetime = 2d

broken_sasl_auth_clients = yes

command_directory = /usr/local/sbin

config_directory = /usr/local/etc/postfix

daemon_directory = /usr/local/libexec/postfix

data_directory = /var/db/postfix

debug_peer_level = 2

disable_vrfy_command = yes

enable_original_recipient = no

html_directory = no

inet_interfaces = 127.0.0.1, localhost, $myhostname

invalid_hostname_reject_code = 550

mail_owner = postfix

mailq_path = /usr/local/bin/mailq

manpage_directory = /usr/local/man

maps_rbl_reject_code = 554

maximal_backoff_time = 5135s

maximal_queue_lifetime = 2d

message_size_limit = 4096

minimal_backoff_time = 535s

mydestination = localhost.$mydomain, $mydomain, localhost, $myhostname

myhostname = post-app1.tdpserver.net

mynetworks = 127.0.0.0/8, 10.0.0.0/8, 38.119.86.0/25, $myhostname

newaliases_path = /usr/local/bin/newaliases

non_fqdn_reject_code = 504

proxy_interfaces = 10.11.0.29

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
$virtual_mailbox_limit_maps

queue_directory = /var/spool/postfix

queue_run_delay = 535s

readme_directory = no

relay_domains =

sample_directory = /usr/local/etc/postfix

sendmail_path = /usr/local/sbin/sendmail

setgid_group = maildrop

smtp_sasl_password_maps =
proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf

smtp_tls_CAfile = /usr/local/share/certs/ca-root.crt

smtp_tls_cert_file = /usr/local/etc/dovecot/certs/tdpserver.crt

smtp_tls_key_file = /usr/local/etc/dovecot/certs/tdpserver.key

smtp_tls_security_level = may

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_client_connection_rate_limit = 400

smtpd_client_event_limit_exceptions = $mynetworks, 10.0.0.0/8, 127.0.0.1,
38.119.86.0/25, localhost

smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce,permit

smtpd_recipient_limit = 3000

smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,reject_invalid_helo_hostname,
reject_non_fqdn_sender,reject_non_fqdn_recipient,
check_policy_service inet:127.0.0.1:10031,permit_tls_clientcerts,
reject_unauth_destination,warn_if_reject
reject_non_fqdn_helo_hostname,warn_if_reject
reject_unknown_helo_hostname,warn_if_reject reject_unknown_client,
reject_unverified_recipient,reject_unknown_sender_domain,
check_recipient_access  hash:$config_directory/recipient.list,
reject_rbl_client zen.spamhaus.org,permit

smtpd_sasl_auth_enable = yes

smtpd_sasl_exceptions_networks = $mynetworks

smtpd_sasl_local_domain = $myhostname

smtpd_sasl_path = private/auth

smtpd_sasl_security_options = noanonymous

smtpd_sasl_type = dovecot

smtpd_tls_CAfile = /usr/local/share/certs/ca-root.crt

smtpd_tls_ask_ccert = no

smtpd_tls_cert_file = /usr/local/etc/dovecot/certs/tdpserver.crt

smtpd_tls_key_file = /usr/local/etc/dovecot/certs/tdpserver.key

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

smtpd_tls_security_level = may

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

soft_bounce = no

transport_maps = hash:/etc/mail/transport

unknown_local_recipient_reject_code = 550

unverified_sender_reject_code = 550

virtual_alias_maps =
proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf

virtual_mailbox_domains =
proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf

virtual_mailbox_maps =
proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf

virtual_transport = dovecot

 

 

-- Tait

smart hosting issues

2008-08-05 Thread Stan Hoeppner


Hello fellow smart hosters,

I've been running this way for 3 years now because I could never figure 
out how to wildcard "everything else".  Here's the top of my transport 
file (a very small portion of it):


hardwarefreak.com   smtp:[192.168.100.2]
earthlink.net   smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.earthlink.net  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
sbcglobal.net   smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.sbcglobal.net  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
swbell.net  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.swbell.net smtp:[smtp.sbc.mail.yahoo4.akadns.net]
sbc.com smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.sbc.comsmtp:[smtp.sbc.mail.yahoo4.akadns.net]
yahoo.com   smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.yahoo.com  smtp:[smtp.sbc.mail.yahoo4.akadns.net]
aol.com smtp:[smtp.sbc.mail.yahoo4.akadns.net]
.aol.comsmtp:[smtp.sbc.mail.yahoo4.akadns.net]


Is there a way to wildcard everything other than hardwarefreak.com?  I'd 
sure like to have a two line transport file instead of 200.


Any help in getting this fixed would be greatly appreciated.

Thanks.

Stan Hoeppner
TheHardwareFreak

Re: E-mail "alias"

2008-08-05 Thread Noel Jones


Dov Oxenberg wrote:

Hello,
Please forgive the stupid question but I have done my due diligence and 
was unable to locate a definitive answer in the Postfix FAQ, 
Documentation, or How To.
Basically what I want to do seems simple enough I am just not sure how 
to go about it.  Currently I run a Mailman mailing list using Postfix as 
the MTA and all mail is getting sent to the subscribers. 
Outside of the mailing list, I want to create an e-mail alias such as 
[EMAIL PROTECTED]  where example.com is my 
qualified Internet Domain name (same as the Domain name used for the 
Mailman mailing list), and have that forwarded to either this Hotmail 
account or my BellSouth e-mail box.
Where would I create this e-mail address and how do I tell Postfix to 
send the mail to my legitimate mailbox?


A virtual_alias_maps entry should do what you want.  Note that 
example.com does *not* need to be defined in 
virtual_alias_domains (but OK if it is for other purposes).


# virtual_alias
[EMAIL PROTECTED]  [EMAIL PROTECTED]


Secondly, would it be possible to compose a message from my legitimate 
e-mail account and use my Postfix as a sort of relay, where Postfix 
would accept my message, then make it appear as though it were coming 
from [EMAIL PROTECTED]  and send it to its 
intended recipient?  What I mean is, at the final intended destination 
of the message, I would like the e-mail to appear as though it was from 
[EMAIL PROTECTED]  as opposed to my real 
e-mail address.

Thanks!
Dov


It's generally better to configure your mail client to set the 
sender address to what you need.
You can use smtp_generic_maps to rewrite some address to some 
other specific address.

http://www.postfix.org/ADDRESS_REWRITING_README.html#generic

If what you are wanting to do is send mail through your 
hotmail account and have it appear as if it comes from 
example.com, that depends on what hotmail allows.  Gmail, for 
example, allows you to set an alternate sender address once 
you prove you control that alternate address - but this has 
nothing to do with postfix or your local server.


--
Noel Jones

E-mail "alias"

2008-08-05 Thread Dov Oxenberg

Hello,
Please forgive the stupid question but I have done my due diligence and was 
unable to locate a definitive answer in the Postfix FAQ, Documentation, or How 
To.
Basically what I want to do seems simple enough I am just not sure how to go 
about it.  Currently I run a Mailman mailing list using Postfix as the MTA and 
all mail is getting sent to the subscribers.  
Outside of the mailing list, I want to create an e-mail alias such as [EMAIL 
PROTECTED] where example.com is my qualified Internet Domain name (same as the 
Domain name used for the Mailman mailing list), and have that forwarded to 
either this Hotmail account or my BellSouth e-mail box.
Where would I create this e-mail address and how do I tell Postfix to send the 
mail to my legitimate mailbox?
Secondly, would it be possible to compose a message from my legitimate e-mail 
account and use my Postfix as a sort of relay, where Postfix would accept my 
message, then make it appear as though it were coming from [EMAIL PROTECTED] 
and send it to its intended recipient?  What I mean is, at the final intended 
destination of the message, I would like the e-mail to appear as though it was 
from [EMAIL PROTECTED] as opposed to my real e-mail address.
Thanks!
Dov

Re: poor perfomance for multiple-recipient emails

2008-08-05 Thread Wietse Venema

Aaron Bennett:
> Hello,
> 
> I'm experiencing very poor performance on receipt of email with large 
> numbers of multiple recipients.  One particular listserv for example 
> sends emails to 1600+ users in chunks of 50-60 per message.  Users are 
> either local (maildir) or forwarded.  We do have three ldap maps in each 
> receipt so that's a possible source of slowness, however, a previous 
> setup that used sendmail with the same ldap server didn't experience 
> this at all.  By 'very poor' I mean it takes almost two hours for the 
> message to be delivered to all 1600 users.  Each message of 50 users 
> sits in the incoming queue for quite a while and then in the active 
> queue for quite a while as well.
> 
> Any tips?   The hardware is sufficient to run almost any number of smtp 
> or local processes if that is what's required.

man ldap_table
...
   domain (default: no domain list)
  This is a list of domain names, paths to files, or dictionaries.
  When  specified,  only  fully qualified search keys with a *non-
  empty* localpart and a matching domain are eligible for  lookup:
  'user'  lookups,  bare  domain lookups and "@domain" lookups are
  not performed. This can significantly reduce the query  load  on
  the LDAP server.

  domain = postfix.org, hash:/etc/postfix/searchdomains

Re: Bounce problem continued

2008-08-05 Thread Wietse Venema

Richard Wolterink:
> Wietse Venema schreef:
> > Richard Wolterink:
> >   
> >> tlsmgrunix  -   -   -   10?   1   tlsmgr
> >> flush unix  n   -   -   10?   0   flush
> >> 
> >
> > Undo these changes. They are detrimental to Postfix performance.
> >
> > Wietse
> >
> >   
> Do I have to comment them out or alter them?

It is a good idea to make a backup copy before changing a configuration
file.

It is also a good idea to make notes of configuration changes that
you make.

Wietse

Re: Bounce problem continued

2008-08-05 Thread Richard Wolterink


Brian Evans - Postfix List schreef:

Richard Wolterink wrote:

Wietse Venema schreef:

Richard Wolterink:
 

tlsmgrunix  -   -   -   10?   1   tlsmgr
flush unix  n   -   -   10?   0   flush



Undo these changes. They are detrimental to Postfix performance.

Wietse

  

Do I have to comment them out or alter them?

Kind regards

Richard Wolterink

Their defaults are "1000?" not "10?".

Please change them back to this to be more sane.

Brian


Brian,

I have altered them to the defaults.
Thanks for your help.

Kind regards

Richard Wolterink

Re: Bounce problem continued

2008-08-05 Thread Brian Evans - Postfix List


Richard Wolterink wrote:

Wietse Venema schreef:

Richard Wolterink:
 

tlsmgrunix  -   -   -   10?   1   tlsmgr
flush unix  n   -   -   10?   0   flush



Undo these changes. They are detrimental to Postfix performance.

Wietse

  

Do I have to comment them out or alter them?

Kind regards

Richard Wolterink

Their defaults are "1000?" not "10?".

Please change them back to this to be more sane.

Brian

Re: Bounce problem continued

2008-08-05 Thread Richard Wolterink


Wietse Venema schreef:

Richard Wolterink:
  

tlsmgrunix  -   -   -   10?   1   tlsmgr
flush unix  n   -   -   10?   0   flush



Undo these changes. They are detrimental to Postfix performance.

Wietse

  

Do I have to comment them out or alter them?

Kind regards

Richard Wolterink

Re: Bounce problem continued

2008-08-05 Thread Brian Evans - Postfix List


Richard Wolterink wrote:

Hello postfix-users,

The problem with the bounce warning is fixed due to the alteration 
sugested in the master.cf


Now I have another one. The mailq clogs up with bounces. I have 
altered main.cf and added the line local_recipient_maps = but with no 
result.


What could be wrong.

I installed and configured postfix by using the following tutorial: 
http://www.howtoforge.com/virtual_users_and_domains_with_postfix_debian_etch 



I left out the parts concerning spamfilters

My master.cf looks like this

[...]

#bounceunix  -   -   -   10   0   bounce
#defer unix  -   -   -   -   0   bounce
#trace unix  -   -   -   -   0   bounce


Change this 10 to a - as well. and uncomment these. (Wietse pointed this 
out in his last post)

Your Postfix will complain if they are not there.

Brian

Re: Bounce problem continued

2008-08-05 Thread Richard Wolterink


Noel Jones schreef:

Richard Wolterink wrote:

Hello postfix-users,

The problem with the bounce warning is fixed due to the alteration 
sugested in the master.cf


Now I have another one. The mailq clogs up with bounces. I have 
altered main.cf and added the line local_recipient_maps = but with no 
result.


What could be wrong.

I installed and configured postfix by using the following tutorial: 
http://www.howtoforge.com/virtual_users_and_domains_with_postfix_debian_etch 





If you're using virtual users, then the LOCAL_RECIPIENT_README doesn't 
apply.  for why, see:

http://www.postfix.org/ADDRESS_CLASS_README.html

Make sure you don't have any wildcard rewrites in your 
virtual_alias_maps or *canonical_maps, and that your SQL lookups don't 
return succeed for unknown/undeliverable recipients.


If you need more help, please see:
http://www.postfix.org/DEBUG_README.html#mail


Noel,

You are my hero.
Many thanks

The removal of the *canonical_maps did the trick

Kind regards

Richard Wolterink

Re: Bounce problem continued

2008-08-05 Thread Wietse Venema

Richard Wolterink:
> tlsmgrunix  -   -   -   10?   1   tlsmgr
> flush unix  n   -   -   10?   0   flush

Undo these changes. They are detrimental to Postfix performance.

Wietse

Re: Bounce problem continued

2008-08-05 Thread Noel Jones


Richard Wolterink wrote:

Hello postfix-users,

The problem with the bounce warning is fixed due to the alteration 
sugested in the master.cf


Now I have another one. The mailq clogs up with bounces. I have altered 
main.cf and added the line local_recipient_maps = but with no result.


What could be wrong.

I installed and configured postfix by using the following tutorial: 
http://www.howtoforge.com/virtual_users_and_domains_with_postfix_debian_etch 





If you're using virtual users, then the LOCAL_RECIPIENT_README 
doesn't apply.  for why, see:

http://www.postfix.org/ADDRESS_CLASS_README.html

Make sure you don't have any wildcard rewrites in your 
virtual_alias_maps or *canonical_maps, and that your SQL 
lookups don't return succeed for unknown/undeliverable recipients.


If you need more help, please see:
http://www.postfix.org/DEBUG_README.html#mail

--
Noel Jones

Bounce problem continued

2008-08-05 Thread Richard Wolterink


Hello postfix-users,

The problem with the bounce warning is fixed due to the alteration 
sugested in the master.cf


Now I have another one. The mailq clogs up with bounces. I have altered 
main.cf and added the line local_recipient_maps = but with no result.


What could be wrong.

I installed and configured postfix by using the following tutorial: 
http://www.howtoforge.com/virtual_users_and_domains_with_postfix_debian_etch


I left out the parts concerning spamfilters



This is my main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = vps683.wolvecreations.eu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = vps683.wolvecreations.eu, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

smtpd_reject_unlisted_recipient = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = vps683.wolvecreations.eu
smtpd_recipient_restrictions = permit_mynetworks, 
permit_sasl_authenticated, reject_unauth_destination


smtpd_sasl_security_options = noanonymous
html_directory = /usr/share/doc/postfix/html
local_recipient_maps =
virtual_alias_domains =
virtual_alias_maps = 
proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, 
mysql:/etc/postfix/mysql-virtual_email2email.cf

virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
broken_sasl_auth_clients = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = 
proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is 
over quota."

virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination 
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps 
$virtual_mailbox_domains $relay_recipient_maps $relay_domains 
$canonical_maps $sender_canonical_maps $recipient_canonical_maps 
$relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps

default_process_limit = 20

My master.cf looks like this
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
smtp  inet  n   -   -   -   -   smtpd
#submission inet n   -   -   -   -   smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps inet  n   -   -   -   -   smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628  inet  n   -   -   -   -   qmqpd
pickupfifo  n   -   -   60  1   pickup
cleanup   unix  n   -   -   -   0   cleanup
qmgr  fifo  n   -   n   300 1   qmgr
#qmgr fifo  n   -   -   300 1   oqmgr
tlsmgrunix  -   -   -   10?   1   tlsmgr
rewrite   unix  -   -   -   -   -   trivial-rewrite
#bounceunix  -   -   -   10   0   bounce
#defer unix  -   -   -   -   0   bounce
#trace unix  -   -   -   -   0   bounce
verifyunix  -   -

Re: Postfix log warning

2008-08-05 Thread Brian Evans - Postfix List


Ken Hathaway wrote:


First off I don't think this is a postfix problem. I'm hoping someone 
here has seen something similar and can help me out. Google so far has 
turned up nothing for me. :(


I get this same warning from gmail, yahoo & live. The email goes 
straight the the junk email folder on all of these systems. :( Makes 
me very unhappy.


Log snippet: (74.86.26.64  spellwellinc.com 
 is my server)


Aug  4 16:55:03 swi postfix/smtpd[23275]: warning: 74.86.26.64 
: address not listed for hostname spellwellinc.com 

Aug  4 16:55:03 swi postfix/smtpd[23275]: connect from 
unknown[74.86.26.64 ]
Aug  4 16:55:03 swi postfix/smtpd[23275]: 03377BDCC2: 
client=unknown[74.86.26.64 ]
Aug  4 16:55:03 swi postfix/cleanup[23278]: 03377BDCC2: 
message-id=<[EMAIL PROTECTED] 
 (Spell Well 
Inc. Password Reset)>
Aug  4 16:55:03 swi postfix/qmgr[66310]: 03377BDCC2: 
from=<[EMAIL PROTECTED] >, 
size=1193, nrcpt=1 (queue active)
Aug  4 16:55:03 swi postfix/smtpd[23275]: disconnect from 
unknown[74.86.26.64 ]
Aug  4 16:55:04 swi postfix/smtp[23279]: 03377BDCC2: 
to=<[EMAIL PROTECTED] >, 
relay=gmail-smtp-in.l.google.com 
[64.233.185.27 
]:25, delay=1.4, delays=0.11/0.01/0.09/1.2, 
dsn=2.0.0, status=sent (250 2.0.0 OK 1217868904 l43si10712889wrl.17)

Aug  4 16:55:04 swi postfix/qmgr[66310]: 03377BDCC2: removed

I assume the warning: 27.86.26.64 : address not 
listed message if from the far end. I check DNS and see PTR is there. 
Then check dig -x


Postfix smtpd uses gethostbyaddr() and gethostbyname() system libraries.
Here's a great post by Wietse from the archives to see what Postfix 
sees: http://archives.neohapsis.com/archives/postfix/2001-02/1165.html

This should help you debug a bit more.

If that turns up nothing interesting, someone more knowledgeable than me 
can help further.


I must have something screwed up in DNS but can't find it. I can post 
my zone file if that helps. Anyone out there that can toss me a bone?


I'm only using postfix for outgoing mail. No incoming.

Just in case someone thinks my postconf might help.

root: postconf -n

[...]

mydestination = $myhostname, localhost.$mydomain, localhost

myhostname is default.  Hard to tell what it is from this output.
'postconf -d myhostname' may help you know what postfix is using.


smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks


This line is useless as everything permits (implied permit at the end).

Brian

Postfix log warning

2008-08-05 Thread Ken Hathaway

First off I don't think this is a postfix problem. I'm hoping someone here
has seen something similar and can help me out. Google so far has turned up
nothing for me. :(

I get this same warning from gmail, yahoo & live. The email goes straight
the the junk email folder on all of these systems. :( Makes me very unhappy.


Log snippet: (74.86.26.64 spellwellinc.com is my server)

Aug  4 16:55:03 swi postfix/smtpd[23275]: warning: 74.86.26.64: address not
listed for hostname spellwellinc.com
Aug  4 16:55:03 swi postfix/smtpd[23275]: connect from unknown[74.86.26.64]
Aug  4 16:55:03 swi postfix/smtpd[23275]: 03377BDCC2: client=unknown[
74.86.26.64]
Aug  4 16:55:03 swi postfix/cleanup[23278]: 03377BDCC2: message-id=<
[EMAIL PROTECTED] (Spell Well Inc. Password
Reset)>
Aug  4 16:55:03 swi postfix/qmgr[66310]: 03377BDCC2: from=<
[EMAIL PROTECTED]>, size=1193, nrcpt=1 (queue active)
Aug  4 16:55:03 swi postfix/smtpd[23275]: disconnect from unknown[
74.86.26.64]
Aug  4 16:55:04 swi postfix/smtp[23279]: 03377BDCC2: to=<[EMAIL PROTECTED]>,
relay=gmail-smtp-in.l.google.com[64.233.185.27]:25, delay=1.4,
delays=0.11/0.01/0.09/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1217868904
l43si10712889wrl.17)
Aug  4 16:55:04 swi postfix/qmgr[66310]: 03377BDCC2: removed

I assume the warning: 27.86.26.64: address not listed message if from the
far end. I check DNS and see PTR is there. Then check dig -x

kenhat: dig -x 74.86.26.64

; <<>> DiG 9.4.1-P1 <<>> -x 74.86.26.64
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12869
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;64.26.86.74.in-addr.arpa.INPTR

;; ANSWER SECTION:
64.26.86.74.in-addr.arpa. 86400INPTRspellwellinc.com.

;; Query time: 79 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Tue Aug  5 12:36:02 2008
;; MSG SIZE  rcvd: 72

So dig finds the correct lookup. I'm stumped on where to go now.

I must have something screwed up in DNS but can't find it. I can post my
zone file if that helps. Anyone out there that can toss me a bone?

I'm only using postfix for outgoing mail. No incoming.

Just in case someone thinks my postconf might help.

root: postconf -n
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = no
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550

poor perfomance for multiple-recipient emails

2008-08-05 Thread Aaron Bennett


Hello,

I'm experiencing very poor performance on receipt of email with large 
numbers of multiple recipients.  One particular listserv for example 
sends emails to 1600+ users in chunks of 50-60 per message.  Users are 
either local (maildir) or forwarded.  We do have three ldap maps in each 
receipt so that's a possible source of slowness, however, a previous 
setup that used sendmail with the same ldap server didn't experience 
this at all.  By 'very poor' I mean it takes almost two hours for the 
message to be delivered to all 1600 users.  Each message of 50 users 
sits in the incoming queue for quite a while and then in the active 
queue for quite a while as well.


Any tips?   The hardware is sufficient to run almost any number of smtp 
or local processes if that is what's required.


thanks,

Aaron Bennett

# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, proxy:ldap:/etc/postfix/ldap-localonly.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 1
default_destination_concurrency_limit = 50
default_process_limit = 500
home_mailbox =
html_directory = no
in_flow_delay = 0
inet_interfaces = all
local_recipient_maps = $alias_maps $virtual_alias_maps
mail_owner = postfix
mail_spool_directory = /export/maildirs/
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, 
depot.bwh.harvard.edu, maildrop.bwh.harvard.edu, bwh.harvard.edu, 
spl.harvard.edu
mynetworks = 127.0.0.1, 134.174.8.0/24, 134.174.9.0/24, 134.174.54.0/24, 
170.223.221.0/24, 155.52.0.0/16

mynetworks_style = host
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_client_connection_count_limit = 500
smtpd_recipient_restrictions = permit_sasl_authenticated, 
permit_mynetworks, reject

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_tls_CAfile = /etc/pki/smtp.bwh.harvard.edu.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/smtp.bwh.harvard.edu.pem
smtpd_tls_key_file = /etc/pki/smtp.bwh.harvard.edu.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-forwardonly.cf, 
proxy:ldap:/etc/postfix/ldap-forwardkeep.cf

Re: Question about Bounces

2008-08-05 Thread Noel Jones


Wietse Venema wrote:

Richard Wolterink:
Aug  5 18:37:36 vps683 postfix/bounce[15429]: warning: unexpected 
attribute W from bounce socket (expecting: nrequest)

Aug  5 18:37:36 vps683 postfix/bounce[15429]: warning: malformed request


In master.cf you have turned on the wakeup timer for the bounce service.

See: man 5 master.

Only these entries have a wakeup timer by default:
pickupfifo  n   -   n   60  1   pickup
qmgr  fifo  n   -   n   300 1   qmgr
#qmgr fifo  n   -   n   300 1   oqmgr
tlsmgrunix  -   -   n   1000?   1   tlsmgr
flush unix  n   -   n   1000?   0   flush

Wietse



It looks something goes wrong with bounces wich are generated for mails send to 
users which do not exist on the server. But what do these entries exactly mean 
and what can I do to correct them?


You should configure your system so it doesn't accept then 
bounce unknown recipients; they should be rejected during SMTP 
and not generate a bounce.  Accepting and bouncing adds extra 
load to your server, clogs your queue with undeliverable 
bounces, and annoys innocent forged senders with your 
backscatter.  Here's a place to start with fixing the problem:

http://www.postfix.org/LOCAL_RECIPIENT_README.html

--
Noel Jones

Re: Question about Bounces

2008-08-05 Thread Wietse Venema

Richard Wolterink:
> Aug  5 18:37:36 vps683 postfix/bounce[15429]: warning: unexpected 
> attribute W from bounce socket (expecting: nrequest)
> Aug  5 18:37:36 vps683 postfix/bounce[15429]: warning: malformed request

In master.cf you have turned on the wakeup timer for the bounce service.

See: man 5 master.

Only these entries have a wakeup timer by default:
pickupfifo  n   -   n   60  1   pickup
qmgr  fifo  n   -   n   300 1   qmgr
#qmgr fifo  n   -   n   300 1   oqmgr
tlsmgrunix  -   -   n   1000?   1   tlsmgr
flush unix  n   -   n   1000?   0   flush

Wietse

Question about Bounces

2008-08-05 Thread Richard Wolterink


Hello Postfix-users

Sorry for being so rude for being a new member and immediately sending a 
pleed for help.


I have been surfing the internet for serveral days now, searching for 
information on the problem I am having.


I use postfix on several linux servers and I am very pleased with how 
well everything functions.


On one machine however (It is a so called virtual private server with a 
limit to the number of sockets and processes) I have a lot of the 
following logfile entries.


Aug  5 18:37:36 vps683 postfix/bounce[15429]: warning: unexpected 
attribute W from bounce socket (expecting: nrequest)

Aug  5 18:37:36 vps683 postfix/bounce[15429]: warning: malformed request

It looks something goes wrong with bounces wich are generated for mails 
send to users which do not exist on the server. But what do these 
entries exactly mean and what can I do to correct them?


Thanks for any help.

Kind regards
Richard Wolterink

Re: log file help

2008-08-05 Thread Wietse Venema

Ebbe Hjorth:
> Hi,
> 
> On of my users asked me about, why she got an error sending mail with
> attachment in squirrelmail, i dont know - but the thing i want to ask you
> about, is that the reciever got 2 emails, one with no attachments and one
> with.

Postfix cannot remove attachments.

Wietse

log file help

2008-08-05 Thread Ebbe Hjorth

Hi,

On of my users asked me about, why she got an error sending mail with
attachment in squirrelmail, i dont know - but the thing i want to ask you
about, is that the reciever got 2 emails, one with no attachments and one
with.

cat /var/log/maillog | grep [EMAIL PROTECTED]

Aug  5 14:51:09 yyy01 postfix/pipe[42017]: 49D181CC70:
to=<[EMAIL PROTECTED]>, relay=spamd, delay=1.1, delays=0.32/0.04/0/0.71,
dsn=2.0.0, status=sent (delivered via spamd service)
Aug  5 14:51:11 yyy01 amavis[41452]: (41452-06) ESMTP::10024
/var/amavis/tmp/amavis-20080805T134904-41452: <[EMAIL PROTECTED]> ->
<[EMAIL PROTECTED]> SIZE=1087360 BODY=8BITMIME Received: from yyy01.apz.dk
([127.0.0.1]) by localhost (yyy01.apz.dk [127.0.0.1]) (amavisd-new, port
10024) with ESMTP for <[EMAIL PROTECTED]>; Tue,  5 Aug 2008 14:51:11 +0200
(CEST)
Aug  5 14:51:12 yyy01 amavis[41452]: (41452-06) Checking: OHI8Y0pDs4kn
[127.0.0.1] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
Aug  5 14:52:28 yyy01 postfix/pipe[42033]: 071071CCDB:
to=<[EMAIL PROTECTED]>, relay=spamd, delay=52, delays=0.19/0.02/0/52,
dsn=2.0.0, status=sent (delivered via spamd service)
Aug  5 14:52:31 yyy01 amavis[41452]: (41452-06) FWD via SMTP:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>,BODY=8BITMIME 250 2.0.0 Ok,
id=41452-06, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
0B6DA1CD00
Aug  5 14:52:35 yyy01 amavis[41452]: (41452-06) Passed CLEAN, [127.0.0.1]
[83.92.80.128] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Message-ID:
<[EMAIL PROTECTED]>, yyy_id:
OHI8Y0pDs4kn, Hits: -, size: 1087360, queued_as: 0B6DA1CD00, 85268 ms
Aug  5 14:52:37 yyy01 postfix/smtp[42024]: 343691CCC6:
to=<[EMAIL PROTECTED]>, relay=127.0.0.1[127.0.0.1]:10024, delay=88,
delays=0.61/0.02/1.8/86, dsn=2.0.0, status=sent (250 2.0.0 Ok,
id=41452-06, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
0B6DA1CD00)
Aug  5 14:52:44 yyy01 amavis[41452]: (41452-07) ESMTP::10024
/var/amavis/tmp/amavis-20080805T134904-41452: <[EMAIL PROTECTED]> ->
<[EMAIL PROTECTED]> SIZE=1680 BODY=8BITMIME Received: from yyy01.apz.dk
([127.0.0.1]) by localhost (yyy01.apz.dk [127.0.0.1]) (amavisd-new, port
10024) with ESMTP for <[EMAIL PROTECTED]>; Tue,  5 Aug 2008 14:52:44 +0200
(CEST)
Aug  5 14:52:45 yyy01 amavis[41452]: (41452-07) Checking: px8-36kEpiPY
[127.0.0.1] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
Aug  5 14:52:53 yyy01 postfix/smtp[42046]: 0B6DA1CD00:
to=<[EMAIL PROTECTED]>, relay=yyy.6agency.dk[64.106.174.62]:25, delay=23,
delays=1.2/0.37/15/6.5, dsn=2.6.0, status=sent (250 2.6.0 1087776 bytes
received in 00:00:06; Message id LUG13401 accepted for delivery)
Aug  5 14:53:37 yyy01 amavis[41452]: (41452-07) FWD via SMTP:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>,BODY=8BITMIME 250 2.0.0 Ok,
id=41452-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
EB2CB1CC70
Aug  5 14:53:37 yyy01 amavis[41452]: (41452-07) Passed CLEAN, [127.0.0.1]
[83.92.80.128] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Message-ID:
<[EMAIL PROTECTED]>, yyy_id:
px8-36kEpiPY, Hits: -3.83, size: 1680, queued_as: EB2CB1CC70, 53300 ms
Aug  5 14:53:38 yyy01 postfix/smtp[42024]: 70CEE1CCFF:
to=<[EMAIL PROTECTED]>, relay=127.0.0.1[127.0.0.1]:10024, delay=122,
delays=52/9.1/6.9/53, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=41452-07,
from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as EB2CB1CC70)
Aug  5 14:53:53 yyy01 postfix/smtp[42046]: EB2CB1CC70:
to=<[EMAIL PROTECTED]>, relay=yyy.6agency.dk[64.106.174.62]:25, delay=18,
delays=1.9/0.72/15/0.38, dsn=2.6.0, status=sent (250 2.6.0 1907 bytes
received in 00:00:00; Message id LUH58707 accepted for delivery)

Can you help me analyse?

Thank you very much,


Ebbe, Denmark

System: Freebsd, with postfix, amavis-new and spamassassin.

RE: spam status with postfix ( thank you )

2008-08-05 Thread Darin McGee

I too would like to thank Wietse for Postfix along with the authors of
Maia Mailguard, amavis-new, clamav, spamhaus, et al..

Our Postfix frontend gateway processes almost 500,000 emails a day of
which we only accept less than 3% as being legitimate email for over
4,000 user accounts. Enterprise environment with the majority of users
are minimal Internet mail users.

We do this on one HP DL360G4 dual Xeon, 4GB RAM, (1 GB used as RAM disk
for amavis temporary work space) mirrored 36GB 15K SCSI320 drives
running SUSE Enterprise 10. We have been using this configuration for
almost two years now. 

Considering we have been quoted well over $30,000 per year for a
"commercial" spam / anti-virus solution that would require a beefier
piece of hardware, Postfix has proved to our management that open source
software is in fact a very viable alternative to commercial software.

Thanks,
Darin

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stan Hoeppner
Sent: Tuesday, August 05, 2008 8:21 AM
To: postfix-users@postfix.org
Subject: Re: spam status with postfix ( thank you )

Richard Foley wrote:
> 
> This mail is just FYI and by way of saying: 
> 
>   "postfix and friends do a great job - many thanks!"

Hi Richard,

I second your sentiments and would like to shout out a big thank you to 
Wietse for creating Postfix!

I was at about the same point you are now for more than 2 of the last 3 
years, with about 5 spam a day making it into my inbox.  Over the last 6

months or so that number has steadily increased, and in the last month 
the curve has become much steeper, averaging 25-40 spam per day until 
just this past week.

Over the weekend I implemented an access table and have started adding 
the class C network of each host successfully getting spam into my 
inbox.  I'm down to less than 5 a day again.  :)

Give it a shot.  It doesn't take much time at all and the results are 
well worth the effort.

Stan

__ Information from ESET Smart Security, version of virus
signature database 3328 (20080805) __

The message was checked by ESET Smart Security.

http://www.eset.com

__ Information from ESET Smart Security, version of virus
signature database 3328 (20080805) __

The message was checked by ESET Smart Security.

http://www.eset.com

Re: postfix 2.5.1: smtp_sasl_tls_verified_security_options non-functional?

2008-08-05 Thread Matthias Andree

Victor Duchovni <[EMAIL PROTECTED]> writes:

> On Tue, Jul 29, 2008 at 08:21:09PM +0200, Matthias Andree wrote:
>
>> > > smtp_sasl_tls_verified_security_options apparently stopped working after
>> > > the upgrade.
>> > 
>> > There has never been an official release where this feature is fully
>> > implemented. The code for 2.6 is ready, but it is in the review queue
>> > behind multi-instance support.
>> 
>> Well - then the smtp(8) manpage and "postfix -n" could need fixing for
>> the next 2.5.X and 2.4.Y releases to remove this confusion, as the
>> former (as of 2.5.1, I didn't check 2.4.X) states:
>
>> |  Available in Postfix version 2.4 and later:
>> |
>> |  smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)
>> |
>> |  The SASL authentication security options that the Postfix SMTP
>> |  client uses for TLS encrypted SMTP sessions with a verified server
>> |  certificate.
>
> The docs I see say:
>
> The SASL authentication security options that the Postfix SMTP
> client uses for TLS encrypted SMTP sessions with a verified server
> certificate. This feature is under construction as of Postfix
> version 2.3.
>
> You have left out the crucial final sentence. If the TLS patch-set
> for 2.6 is reviewed in time, this should be fully available in 2.6.

No Victor, I haven't left that out, I simply don't have it in the smtp(8)
manual page:

$ cat /etc/SuSE-release 
openSUSE 11.0 (i586)
VERSION = 11.0
$ rpm -qf $(man -w 8 smtp)
postfix-2.5.1-28.1
$ postconf mail_version
mail_version = 2.5.1
$ postconf mail_release_date
mail_release_date = 20080216

and Novell isn't patching documentation in said RPM - I downloaded the
.src.rpm and checked - the contained 2.5.1 tarball verifies with
Wietse's official .sig GnuPG checksum, and smtp.c, .8 and .8.html also
match what I quoted (left in).

Conclusion: documentation doesn't match implementation. Reason unknown.
I suggest to fix the former in the current situation.

Best regards,

-- 
Matthias Andree

Re: lmtp port in 2.1.5 vs 2.3.8

2008-08-05 Thread Wietse Venema

Rudy Gevaert:
> Hi,
> 
> Previously we were running postfix 2.1.5 (Debian Sarge) and now have 
> upgraded to 2.3.8 (Etch).
> 
> We have several lmtp transports in master.cf:
> 
> mail1 unix  -   -   n   -   -   lmtp
> mail2 unix  -   -   n   -   -   lmtp
> mail3 unix  -   -   n   -   -   lmtp
> 
> We used an ldap directory to route to the correct backend:
> umTransport: mail1:mail1.ugent.be
> 
> In postfix 2.1.5 the destination port of our lmtp connections was *by 
> default* 2003.

No, the built-in default LMTP TCP port was 24. However the precedence
has changed. With 2.1.5, Postfix would use lmtp_tcp_port only if
/etc/services had no entry for LMTP.

>  Because we had the following entry  in /etc/services:
> lmtp  2003/tcp
> 
> When I did the upgrade to 2.3.8 I noticed that was not the case anymore. 
>   It connected to an other port (I can't remember what anymore).

The built-in default LMTP TCP port is still 24. However the precedence
has changed. The lmtp_tcp_port parameter now overrides /etc/services.
If you want to use /etc/services, you now need to specify:

lmtp_tcp_port = lmtp

> I tried changing lmtp_tcp_port to 2003 but that didn't help.

You mis-typed something.

I think the best way out is to drop support for lmtp_tcp_port,
for consistency with SMTP.

Wietse

>  In the end 
> I changed the result attribute of my ldap lookup to add the port number 
> to the transport:
> result_format = %s:2003
> 
> I was wondering why this was changed, or did I miss something?
> 
> Thanks in advance,
> -- 
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Rudy Gevaert  [EMAIL PROTECTED]  tel:+32 9 264 4734
> Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office
> Groep SystemenSystems group
> Universiteit Gent Ghent University
> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie   www.UGent.be
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> 
>

Re: sasl parameters missing

2008-08-05 Thread Daniel Black

Thanks Wietse,

On Tue, 5 Aug 2008 09:30:44 am Wietse Venema wrote:
> Postfix passes the information in the SMTP client's AUTH command.
> This is how I got the Dovecot extension from Timo. If someone is
> willing to monitor his docs for changes,

it seems fairly stable. Going off the doc/auth-protocol.txt changelog
Nov 12 2006 lport/rport was added.
Aug 07 2005 changed valid-client-cert to ssl-valid-cert
Oct 22 2004 original documentation

Current implementation of the authentication server in dovecot seems to ignore 
parameters it doesn't understand.

> then they are welcome to do so. I won't.

On the basis of this apparent stability and compatibility would you consider 
accepting a patch?

> > Is adding these parameters to postfix's sasl authentication a useful
> > feature request?
> >
> > Should I be doing this another way?
>
> Just whitelist the client with:
>
good idea. Though by offering smtp services to users I don't think I can get 
away with something so simple.

Strictly speaking don't need the web mail to authenticate though I like the 
added anti-spoofing protection it provides.

I guess a password so long that it isn't realistically brute-forceable will 
do.

-- 

Daniel Black
--
Proudly a Gentoo Linux User.
Gnu-PG/PGP signed and encrypted email preferred
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x76677097
GPG Signature D934 5397 A84A 6366 9687  9EB2 861A 4ABA 7667 7097

signature.asc
Description: This is a digitally signed message part.

Re: spam status with postfix ( thank you )

2008-08-05 Thread Stan Hoeppner


Richard Foley wrote:


This mail is just FYI and by way of saying: 


"postfix and friends do a great job - many thanks!"



Hi Richard,

I second your sentiments and would like to shout out a big thank you to 
Wietse for creating Postfix!


I was at about the same point you are now for more than 2 of the last 3 
years, with about 5 spam a day making it into my inbox.  Over the last 6 
months or so that number has steadily increased, and in the last month 
the curve has become much steeper, averaging 25-40 spam per day until 
just this past week.


Over the weekend I implemented an access table and have started adding 
the class C network of each host successfully getting spam into my 
inbox.  I'm down to less than 5 a day again.  :)


Give it a shot.  It doesn't take much time at all and the results are 
well worth the effort.


Stan

Re: Whitelist a host using check_client_access before the rbl check?

2008-08-05 Thread Nicolas KOWALSKI

On Mon, Aug 04, 2008 at 02:40:54PM -0400, Brian Evans - Postfix List wrote:
> Nicolas KOWALSKI wrote:
>> On Mon, Aug 04, 2008 at 12:29:34PM -0400, Brian Evans - Postfix List wrote:
>>   
 A *better* way is force them to Authenticate using SASL.
 See http://www.postfix.org/SASL_README.html
 Postfix supports either Cyrus or Dovecot SASL.

>>> P.S. This is if you fully trust and know this host
>>
>> Yes, I fully trust this host. Actually, it is the mx backup for my home 
>> server:
>>
>> $ host petole.dyndns.org
>> petole.dyndns.org has address 87.90.240.206
>> petole.dyndns.org mail is handled by 10 demisel.dyndns.org.
>> petole.dyndns.org mail is handled by 5 petole.dyndns.org.
>>
>> Can I use authentication for MX?
>>
> I would highly recommend setting SASL up on both ends in this case. This  
> is much more secure and reliable than whitelisting a dynamic host.
> See the above link for details.

Just to close this thread, we implemented SMTP AUTH over TLS between my 
server and its secondary MX, and it works perfectly.

Thanks for your suggestions,
-- 
Nicolas

Re: Problem sending to email, getting sender verify failed

2008-08-05 Thread Charles Marcus


On 8/4/2008 9:10 PM, fajar wrote:

Why are you using sender verification? You should NOT use SAV for all
messages, only for messages destined to domains that you control or have
already gotten permission to do SAV for, or you WILL evenutally get
blacklisted.

Please post postconf -n output...



This response wasn't generated by our postfix server, but, by remote
destination mail server, and I believe it is Exim mail server. Our postfix
mail server is working fine. It can send to other mail server without
problem. Thanks.


Sorry... I thought that was from your logs...

Obviously, then, THEY are trying to perform sender verification on you 
AFTER they have already accepted your message for delivery - which means 
they are engaging in backscatter.


Still no postconf -n output - how do you expect anyone to help?

--

Best regards,

Charles

lmtp port in 2.1.5 vs 2.3.8

2008-08-05 Thread Rudy Gevaert


Hi,

Previously we were running postfix 2.1.5 (Debian Sarge) and now have 
upgraded to 2.3.8 (Etch).


We have several lmtp transports in master.cf:

mail1 unix  -   -   n   -   -   lmtp
mail2 unix  -   -   n   -   -   lmtp
mail3 unix  -   -   n   -   -   lmtp

We used an ldap directory to route to the correct backend:
umTransport: mail1:mail1.ugent.be

In postfix 2.1.5 the destination port of our lmtp connections was *by 
default* 2003.  Because we had the following entry  in /etc/services:

lmtp  2003/tcp

When I did the upgrade to 2.3.8 I noticed that was not the case anymore. 
 It connected to an other port (I can't remember what anymore).


I tried changing lmtp_tcp_port to 2003 but that didn't help.  In the end 
I changed the result attribute of my ldap lookup to add the port number 
to the transport:

result_format = %s:2003

I was wondering why this was changed, or did I miss something?

Thanks in advance,
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert  [EMAIL PROTECTED]  tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office
Groep SystemenSystems group
Universiteit Gent Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie   www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

Re: Postfix anormal DNS lookup ?

2008-08-05 Thread Wietse Venema

Seblu:
[ Charset ISO-8859-1 unsupported, converting... ]
> Hello,
> 
> i use postfix postfix 2.5.1 on an OpenBSD 4.3 and i have a stange
> behaviour (for me) with DNS lookup in logs.
> 
> i've a local dns, which resolv 192.42.42.1 to toto.titi
> 
> # host 192.42.42.1
> 1.42.42.192.in-addr.arpa domain name pointer toto.titi.

Not here:

% host 192.42.42.1
1.42.42.192.in-addr.arpa domain name pointer accessa.unine.ch.

Check your resolv.conf files.

Wietse

Re: Postfix Pipe Error

2008-08-05 Thread Wietse Venema

Tait Grove:
> Why would I be getting this error message? I am experiencing message delays
> with this too.
> 
>  
> 
> Aug  4 22:46:56 app1 postfix/pipe[54935]: fatal: watchdog timeout
> 
> Aug  4 22:48:21 app1 postfix/pipe[54454]: fatal: watchdog timeout
> 
> Aug  4 22:50:22 app1 postfix/pipe[55545]: fatal: watchdog timeout
> 
> Aug  4 22:51:35 app1 postfix/pipe[55546]: fatal: watchdog timeout
> 
> Aug  4 23:04:22 app1 postfix/pipe[62922]: fatal: watchdog timeout
> 

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail

TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Thank you for using Postfix.

spam status with postfix ( thank you )

2008-08-05 Thread Richard Foley

Hi all,

When I first ran postfix, on my own machine instead of having my mail hosted 
by an ISP, the set up was as it came 'out of the box' - I was absolutely 
swamped by spam, probably one every second or two - and I almost panicked 
when I saw what a horrendous volume of crap I was recieving.  At first I 
tried to handle these using header- and body- checks, looking for 
recognisable spam strings via regexes, and brought the volume down to 
something more managable.  Then I sat down, RTFM'd some more, (read lots of 
posts on this list and Ralf's excellent postfix book), and set up my main- 
and master- .cf files to something more sensible using postfixes reject- this 
and reject- that filters (which reject most of the spam at connection time). 
I ensured I wasn't an open-relay, and incorporated an RBL check as well as 
ensuring amavis-new worked correctly.  Additions to this was a minimum of 
regex checks to suit my particular domain usage and to ensure I'm RFC 
compliant.  This was all a little complex to make sure I wasn't disabling one 
thing while enabling another, but in the end I think I have it reasonably 
under control.  I now recieve approx. five spam messages each day, which 
while in a perfect world this may be five too many, is really quite 
acceptable when you consider from where I started.

This mail is just FYI and by way of saying: 

"postfix and friends do a great job - many thanks!"

-- 
Richard Foley
Ciao - shorter than aufwiedersehen

http://www.rfi.net/

RE: Postfix Pipe Error

2008-08-05 Thread Tait Grove

Why would I be getting this error message? I am experiencing message delays
with this too.

 

Aug  4 22:46:56 app1 postfix/pipe[54935]: fatal: watchdog timeout

Aug  4 22:48:21 app1 postfix/pipe[54454]: fatal: watchdog timeout

Aug  4 22:50:22 app1 postfix/pipe[55545]: fatal: watchdog timeout

Aug  4 22:51:35 app1 postfix/pipe[55546]: fatal: watchdog timeout

Aug  4 23:04:22 app1 postfix/pipe[62922]: fatal: watchdog timeout

 

 

-- T

51 matches

Mail list logo