Triple retry?
A mail was greylisted. No big deal, let's flush the queue and grep the log: # postfix flush tail -f /var/log/mail.log|grep timmer Aug 27 08:00:09 mail-ausfall postfix/smtp[3983]: 3D7143DB09: host smtp.kontent.com[81.88.40.24] said: 450 4.7.1 [EMAIL PROTECTED]: Recipient address rejected: You have been greylisted, please try later (187 secs left) (in reply to RCPT TO command) Aug 27 08:00:09 mail-ausfall postfix/smtp[3983]: 3D7143DB09: host smtp.kontent.com[81.88.40.23] said: 450 4.7.1 [EMAIL PROTECTED]: Recipient address rejected: You have been greylisted, please try later (183 secs left) (in reply to RCPT TO command) Aug 27 08:00:09 mail-ausfall postfix/smtp[3983]: 3D7143DB09: host smtp.kontent.com[81.88.40.26] said: 450 4.7.1 [EMAIL PROTECTED]: Recipient address rejected: You have been greylisted, please try later (183 secs left) (in reply to RCPT TO command) Aug 27 08:00:10 mail-ausfall postfix/smtp[3983]: 3D7143DB09: to=[EMAIL PROTECTED], relay=smtp.kontent.com[81.88.40.25]:25, delay=118, delays=109/0/8.2/0.14, dsn=4.7.1, status=deferred (host smtp.kontent.com[81.88.40.25] said: 450 4.7.1 [EMAIL PROTECTED]: Recipient address rejected: You have been greylisted, please try later (183 secs left) (in reply to RCPT TO command)) Why does ONE postfix flush cause THREE delivery attemps? It's just one queuefile (as you can see) queue_run_delay = 180s maximal_backoff_time = 4000s minimal_backoff_time = 180s maximal_queue_lifetime = 5d -- Ralf Hildebrandt ([EMAIL PROTECTED]) [EMAIL PROTECTED] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job SMTP is not Calvin Ball. If you make up your own rules about forwarding please do not be surprised that other people ignore them.
Re: Triple retry?
On Wed, Aug 27, 2008 at 08:11:16AM CEST, Erwan David [EMAIL PROTECTED] said: Maybe because postfix tries 3 different MXs when it receives the 4xx errors ? Sorry, I was trapped by the long lines in editors, I wanted to put the emphasis on the different IP addresses (81.88.40. 24, 23 or 26), not the time. -- Erwan
bounce delivery report
Hi all, when postfix creates a bounce message, a Delivery report will be attached describing the problem. Is it possible to modify the format of this delivery report, e.g. adding a line to it? Regards -stefan-
Re: bounce delivery report
* Stefan Palme [EMAIL PROTECTED]: Hi all, when postfix creates a bounce message, a Delivery report will be attached describing the problem. Is it possible to modify the format of this delivery report, e.g. adding a line to it? http://postfix.state-of-mind.de/bounce-templates/index.html [EMAIL PROTECTED] Regards -stefan- -- The Book of Postfix http://www.postfix-book.com saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
Re: Triple retry?
* Erwan David [EMAIL PROTECTED]: Why does ONE postfix flush cause THREE delivery attemps? It's just one queuefile (as you can see) Maybe because postfix tries 3 different MXs when it receives the 4xx errors ? I suck. You're the best. I just didn't see that. -- Ralf Hildebrandt ([EMAIL PROTECTED]) [EMAIL PROTECTED] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job And when all the snow were burnt, yet ashes would remain
Re: bounce delivery report
Is it possible to modify the format of this delivery report, e.g. adding a line to it? http://postfix.state-of-mind.de/bounce-templates/index.html Great, thanks! -stefan-
canonical_classes per sender?
Hi, I want to apply canonical_maps to different canonical_classes, depending on the sender. E.g. I have the following sender_canonical_maps file: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] I want the first rule be applied only to the envelope_sender, while the second rule should be applied to both envelope_sender and header_sender. So I would need a per-sender sender_canonical_classes configuration directive... Is this possible? Thanks and regards -stefan-
Erronous Legal bounces... query
Hi, With all this discussion on how to and not to take care of legal bounces, be they wanted or not... How do you people take care of legal bounces that really are erronous? What do I mean? At one of our domains we get a lot of SPAM, thats relatively easily handled with all the filters and software available today, but one thing we are plagued with is bounces from spam sent to other domains using our domains users as faked senders... these will not be caught in our spam engines and are really erronous since none of our accounts was the really sending these emails... but we sure do get the bounces... How do you people sort these out? We are really not interested in bounces and rejects because of mail WE did not send. Johan A Beginning postix admin
Re: Erronous Legal bounces... query
At one of our domains we get a lot of SPAM, thats relatively easily handled with all the filters and software available today, but one thing we are plagued with is bounces from spam sent to other domains using our domains users as faked senders... these will not be caught in our spam engines and are really erronous since none of our accounts was the really sending these emails... but we sure do get the bounces... How do you people sort these out? We are really not interested in bounces and rejects because of mail WE did not send. Probably this helps: http://www.postfix.org/BACKSCATTER_README.html Johan A Beginning postix admin The first rule to be a good postfix admin: don't misspell postfix ;-) -stefan-
Re: proxy_interfaces uses
Luca Cazzaniga: I'm running postfix on a host behind a firewall which performs a port address translation of the port 25 on the inbound connections, whilst the outbound connection gets a nat to a extranet address. The daemon supplies smtp service for the local network. An intranet dns resolves its hostname in a intranet address whilst the same fqdn is resolved to the extranet address used for the pat translation via a public dns. The extranet address used by the pat is other than the global address of the outbound connection. I haven't used the proxy_interfaces variable and it seems to be any problem. When the proxy_interfaces is necessary? Might I set it to the extranet address used by inbound connection? man 5 postconf proxy_interfaces (default: empty) The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit. This feature is available in Postfix 2.0 and later. You must specify your outside proxy/NAT addresses when your system is a backup MX host for other domains, otherwise mail delivery loops will happen when the primary MX host is down. Example: proxy_interfaces = 1.2.3.4
Re: Postfix not sending using TLS
Olivier MJ Crepin-Leblond: [ Charset ISO-8859-1 unsupported, converting... ] Hi, I am running Postfix 2.5.1 with OpenSSL on an email gateway and I configured the mailer to use STARTTLS whenever it is possible. My config works fine *receiving* emails and I therefore receive TLS mails. I am using self-signed certificate etc. However, it doesn't work when sending email out. ie. when I send to a mailer that I know accepts TLS encrypted e-mail, my mailer just sends it out normally. Not even a mention of a failed handshake or whatever on the maillog file. Just sends out like normal ESMTP. Why do you believe that the server supports TLS? Show evidence in the form of a session recording. http://www.postfix.org/DEBUG_README#mail Wietse
Vacation virtual users
Hi, I have a postfix configured with virtual domains and virtual users. And by how-to I found it was requested that the user set up your own vacation is authenticating the system. Any reference to how to do this? []´s -- Eduardo Júnior GNU/Linux user #423272 :wq
R: proxy_interfaces uses
I saw the description of the variable nonetheless I was asking if is it only useful in case of a backup mail exchange. Thanks for your support. Regards Luca Cazzaniga -- ** ATTENZIONE !!! ** Il presente messaggio ed i suoi allegati devono intendersi ad uso esclusivo dei suoi destinatari e sono confidenziali. Se ricevete questo messaggio per errore, Vi preghiamo di cancellarlo, di distruggerne ogni copia e di informarci immediatamente. Internet non garantisce l'integrita' dei messaggi. A.M.S. (Asset Management Service) declina pertanto ogni responsabilita' in caso di intercettazione o modifiche del presente messaggio. A.M.S. (Asset Management Service) non assume alcuna responsabilita' riguardo al contenuto del presente messaggio; le opinioni ivi espresse sono quelle dell'autore. -- WARNING !!! -- This message and any attachments is intended solely for the use of the intended addressees and is confidential. If you receive this message in error, please delete it, destroy all copies and immediately notify us. Internet can not guarantee the integrity of this message. A.M.S. (Asset Management Service) shall (will) not therefore be liable for interception or amendment of this message. A.M.S. (Asset Management Service) accepts no responsibility as to the contents of this message: the opinions expressed therein are solely the writer's. **
Re: Restriction classes
* Ralf Hildebrandt [EMAIL PROTECTED]: If a smtpd_restriction_class return NEITHER OK NOR REJECT, what happens? Postfix continues in the calling set of restrictions? Somebody built a testcase on the German lists, and yes, Postfix continues in the calling set of restrictions -- Ralf Hildebrandt ([EMAIL PROTECTED]) [EMAIL PROTECTED] Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job Make something idiot-proof and the universe will create a better idiot.
Re: Postfix not sending using TLS
Olivier MJ Crepin-Leblond wrote: Hi, I am running Postfix 2.5.1 with OpenSSL on an email gateway and I configured the mailer to use STARTTLS whenever it is possible. My config works fine *receiving* emails and I therefore receive TLS mails. I am using self-signed certificate etc. However, it doesn't work when sending email out. ie. when I send to a mailer that I know accepts TLS encrypted e-mail, my mailer just sends it out normally. Not even a mention of a failed handshake or whatever on the maillog file. Just sends out like normal ESMTP. Here's my TLS-specific config on main.cf: smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_auth_only = no smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem smtpd_tls_key_file = /etc/postfix/certs/foo-key.pem smtpd_tls_cert_file = /etc/postfix/certs/foo-cert.pem smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_enforce_tls = no smtpd_tls_ask_ccert = yes smtpd_tls_req_ccert = no tls_random_source = dev:/dev/urandom smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtp_tls_CAfile = /etc/postfix/certs/cacert.pem smtp_tls_key_file = /etc/postfix/certs/foo-key.pem smtp_tls_cert_file = /etc/postfix/certs/foo-cert.pem tls_random_exchange_name = /var/db/postfix/prng_exch Don't trust your eyes. Show postconf -n output, those are the settings postfix will use. /etc/postfix/certs/cacert.pem is self-signed CA /etc/postfix/certs/foo-key.pem is self-generated RSA private key /etc/postfix/certs/foo-cert.pem is self-generated Cert What am I doing wrong? There's obviously something that's sticking somewhere and I've spent 2 weeks on-off on this, with no success. Thanks for all help! Why do you think the other server supports TLS? What makes you think it's not working? Show logs and other evidence. Test TLS connection to the other server with # openssl s_client -connect hostname:25 -starttls smtp If that doesn't work, it's unlikely postfix will work either... http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones
Re: Vacation virtual users
Eduardo Júnior wrote: I have a postfix configured with virtual domains and virtual users. And by how-to I found it was requested that the user set up your own vacation is authenticating the system. Any reference to how to do this? I use a package called gnarwl, which handles vacation messages with virtual users backed with LDAP. Regards, Graham -- smime.p7s Description: S/MIME Cryptographic Signature
Re: R: proxy_interfaces uses
Luca Cazzaniga wrote: I saw the description of the variable nonetheless I was asking if is it only useful in case of a backup mail exchange. If your question is really I'm not a backup MX. Will anything bad happen if I don't set proxy_interfaces? then the answer is probably not. But go ahead and set it anyway. Postfix expects to know the external IP address and there isn't any reason to keep it secret from postfix. One other thing this setting does is enable mail to [EMAIL PROTECTED] which is a required but seldom used support address. -- Noel Jones
local/virtual alias problems
Hello all Could I just check the correct way of doing this, I've tried a few different things but never with the correct outcome. I have a real local domain, with a user in /etc/aliases that gets forwarded remotely. Now I want to add a real local user to a virtual domain with the same name as that alias, eg :- [EMAIL PROTECTED] (local domain, but forwards remotely) [EMAIL PROTECTED] (virtual domain, local user) What seems to happen is mail for [EMAIL PROTECTED] ends up being forwarded to the remote entry for [EMAIL PROTECTED], and not being delivered locally. To try and fix the problem, I made my real domain a virtual as well, but then all my real users end up being rejected as they're not listed in the virtual alias table. I know I could just use a different username for the virtual domain, but I was just interested if there was another way? Cheers Lee
Re: R: proxy_interfaces uses
Luca Cazzaniga wrote: I saw the description of the variable nonetheless I was asking if is it only useful in case of a backup mail exchange. if the external IP is not declared as the MX for some domain, you don't care. if the external IP is the MX for some domain, you may or may not need to care, depending on your setup. In short - it is not required except in some situations - it costs nothing to add it
Re: Restriction classes
Ralf Hildebrandt wrote: If a smtpd_restriction_class return NEITHER OK NOR REJECT, what happens? Postfix continues in the calling set of restrictions? as in check_mumble_access and the like, the default is to continue. restriction classes are simply a holder (you can replace them by their values).
Re: Vacation virtual users
Graham Leggett wrote: Eduardo Júnior wrote: my situation is different. My virtual users are in MYSQL and not LDAP. Initially, i want a reference generic explain how implement this. Maybe, more latter, i use any tool specific if necessary. The trouble you will run into by storing users in a SQL database is that there is a far smaller array of tools available to maintain or gain access to your data. There are far more tools that integrate with sql than with other stuff. Email clients for example generally have functionality to query an LDAP based address book, but not a SQL one. and which email clients support configuring a vacation program running on postfix via ldap? In the long term, you may find LDAP easier and more flexible to use, but it's your call. how does one store Bayes data in ldap? oh please. ldap, sql, bdb, cdb, ... are all good for what they do well.
Re: local/virtual alias problems
[EMAIL PROTECTED] wrote: Hello all Could I just check the correct way of doing this, I've tried a few different things but never with the correct outcome. I have a real local domain, with a user in /etc/aliases that gets forwarded remotely. Now I want to add a real local user to a virtual domain with the same name as that alias, eg :- [EMAIL PROTECTED] (local domain, but forwards remotely) [EMAIL PROTECTED] (virtual domain, local user) when you say virtual, you mean virtual alias domain? if so, you must know that at delivery time, the domain part in local domains is ignored. use virtual_alias_maps: [EMAIL PROTECTED] [EMAIL PROTECTED] to redirect the address to a specific account. What seems to happen is mail for [EMAIL PROTECTED] ends up being forwarded to the remote entry for [EMAIL PROTECTED], and not being delivered locally. To try and fix the problem, I made my real domain a virtual as well, but then all my real users end up being rejected as they're not listed in the virtual alias table. I know I could just use a different username for the virtual domain, but I was just interested if there was another way? if you want different .forward, you need different unix accounts. whether directly or after virtual_alias_maps expansion, you need different accounts. alternatively, you can deliver via an external MDA that does what you want.
Re: restrictions classes and restricted users..
Mumtaz Ali wrote: i have postfix + fetchmail + dovecot setup my postfix relays mail to ISP mail server , i want to give some of users of my domain to send mail to outside local domain. and all other users to restrict from sending mail outside currently i have configured mail server on below liniked restrictions http://www.arschkrebs.de/postfix/postfix_restriction_classes2.shtml but these restrictions aren't working because when i configure mynetworks to 127.0.0.1/8 postfix rejects mail to outside local domain completely .. please suggest what should i do ?? if you have any solution plz send me.. please show the output of 'postconf -n' (and add the deifntion of your restriction classes) and relevant logs (the logs showing the rejection). I guess it says relay access denied? relay access is only given to hosts in mynetworks. you can give relay access to users authenticated with SASL if you want. but you should never give relay access without control (otherwise, you become a more or less open relay).
Re: Erronous Legal bounces... query
Johan Andersson wrote: Hi, With all this discussion on how to and not to take care of legal bounces, be they wanted or not... How do you people take care of legal bounces that really are erronous? What do I mean? At one of our domains we get a lot of SPAM, thats relatively easily handled with all the filters and software available today, but one thing we are plagued with is bounces from spam sent to other domains using our domains users as faked senders... these will not be caught in our spam engines and are really erronous since none of our accounts was the really sending these emails... but we sure do get the bounces... How do you people sort these out? We are really not interested in bounces and rejects because of mail WE did not send. This is called backscatter. now that you have the name, you can google :) - the backscatter readme has some ideas that you can use. - spamassassin has a vbounce module. - if at loss, you can tag envelope sender addresses and only accept bounces to the tagged addresses. (here, there is no need to go for BATV. just use address extensions). - you can use backscatterer.org list. beware though. it also lists SAV (CBV) sources. ...
Re: Vacation virtual users
mouss wrote: There are far more tools that integrate with sql than with other stuff. Not that I have found, but YMMV. Email clients for example generally have functionality to query an LDAP based address book, but not a SQL one. and which email clients support configuring a vacation program running on postfix via ldap? That is a bit of an arb example - I don't know of any email clients capable of configuration a vacation program running on SQL either. You will probably run into scaling issues, and access control issues, all issues that LDAP gives you solutions for out the box. Like I said, your call. Regards, Graham -- smime.p7s Description: S/MIME Cryptographic Signature
RE: Need Script, Can't Use Perl With Perl Modules
(reformatted for top-posting, per list custom) On Wed, 27 Aug 2008, [EMAIL PROTECTED] wrote: Date: Wed, 27 Aug 2008 16:33:40 +0200 From: [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: All; I need a script, must be in shell or perl without any perl mods. [...] I've tried to modify pflogsumm.pl, but it requires perl mods and I am unable to install any at the moment. This is not a postfix issue. please try a perl related forum. I disagree, and believe this *is* the right forum for this question. You need either custom programming (that's what a perl script without any modules amounts to) or help installing the perl modules pflogsumm needs. The former is a perl programming request - the source of the data is irrelevant here. The latter is a general perl use / sysadmin problem. Neither is a problem with postfix itself. Thank you for your useless response. Being a jerk to acknowledged, respected list contributors isn't likely to help you get help here - or even polite answers.
Re: Outbound NDR
Raymond Jette wrote: Good morning, I am using the relay_recipient_maps feature in Postfix. This is working and is rejecting the connection for mail destined to users that do not exist. Excellent. If I understand this correctly when the connection is dropped a NDR should not be delivered? Is this correct? Yes, this is correct. I have noticed that I have been getting messages stuck in the queue. Not as much as before using relay_recipient_maps. So what are the messages stuck in the queue? NDRs to over quota users? NDRs to recipients who exist in your relay_recipients_maps but are actually undeliverable? NDRs to users in virtual_alias_maps or *canonical_maps where the expanded recipient is undeliverable? Not NDRs at all? # postcat -q QUEUEID -- Noel Jones
Re: restrictions classes and restricted users..
Mumtaz Ali wrote: i m sending you my main.cf ( named setting) file and my classes definition files.. and in logs it says relay access denied i m not expert i m authentication local linux users with my networks ... it rejects mail when i set mynetworks = 127.0.0.0/8 please post to the list (this increases the chances to get help, and this helps improving the archives so that people can find answers ifthey have the same problems). if you set mynetworks = 127.0.0.0/8, then postfix will not relay mail except if you submit it from localhost. relay means sending mail to foreign domains (domains not managed by your postfix). if you want postfix to relay for some clients (machines), put their IPs in mynetworks (see mynetworks doc for the valid notations). this assumes that these IPs are static and trusted. if you want to relay mail for untrusted machines, you'll need to setup SASL authentication.
Postfix and multiple IP configuration
Hello, Each of my client has a domain, a website, a ftp and other services. I have one IP per client and only one server. So I have one server with multiple IP (eth0, eth0:0, eth0:1 etc...). An example : eth0:0 has IP 1.2.3.4 eth0:1 has IP 5.6.7.8 When a client send an email to IP 1.2.3.4, I'd like that postfix send this email with this options : smtp_bind_address=1.2.3.4 myhostname=domain1 And when a client send an email to IP 5.6.7.8, I'd like to have this options : smtp_bind_address=5.6.7.8 myhostname=domain2 I have test that configuration : 1.2.3.4:smtp inet n - - - - smtpd -o content_filter=ip1 ip1 unix - - - - - smtp -o relayhost= -o smtp_bind_address=1.2.3.4 -o myhostname=domain1 I have no relayhost in master.cf and main.cf. But when I send an email trought IP 1.2.3.4, the server send it to my MX server. Example : Aug 27 22:34:05 ns12 postfix/qmgr[27700]: 911D27C1F: from=[EMAIL PROTECTED], size=344, nrcpt=1 (queue active) Aug 27 22:34:05 ns12 postfix/smtp[27738]: 911D27C1F: to=[EMAIL PROTECTED], relay=ns9.bacto.net[91.121.71.16]:25, delay=533, delays=533/0/0.01/0.01, dsn=5.7.1, status=bounced (host ns9.bacto.net[91.121.71.16] said: 554 5.7.1 [EMAIL PROTECTED]: Relay access denied (in reply to RCPT TO command)) Aug 27 22:34:05 ns12 postfix/cleanup[27740]: 249AA7C9F: message-id=[EMAIL PROTECTED] Aug 27 22:34:05 ns12 postfix/bounce[27739]: 911D27C1F: sender non-delivery notification: 249AA7C9F Aug 27 22:34:05 ns12 postfix/qmgr[27700]: 249AA7C9F: from=, size=2204, nrcpt=1 (queue active) Aug 27 22:34:05 ns12 postfix/qmgr[27700]: 911D27C1F: removed Aug 27 22:34:06 ns12 postfix/smtp[27742]: 249AA7C9F: to=[EMAIL PROTECTED], relay=mx1.freesurf.fr[212.43.206.56]:25, delay=1.1, delays=0.01/0/0.93/0.14, dsn=2.0.0, status=sent (250 Ok: queued as F07C14FE1C) Aug 27 22:34:06 ns12 postfix/qmgr[27700]: 249AA7C9F: removed I don't know why the mail is send to ns9.bacto.net (my server here is ns12.bacto.net and the MX is ns9.bacto.net). Somebody has an idea ? An other method to do this ? I can do it with multiple instance of postfix but I think it's not a perfomant solution, no ? I need your help :-( Thanks, Adrien
Re: recipient restriction on known address?
Okay - I've tried this but it isn't working. Emails are still being delivered (and rejected) despite being added to the blacklist. I really need postfix to check a file for bad email addresses before attempting to deliver an email - can Postfix do that? For instance my recipient_blacklist shows: [EMAIL PROTECTED] reject in my main.cf file: smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/ sender_access,check_recipient_accesshash:/etc/postfix/ recipient_blacklist, hash:/etc/postfix/ permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,pe rmit but my mail log shows: Aug 27 15:32:01 ourmailserver postfix/smtp[13606]: DB60B128A19E9: to=[EMAIL PROTECTED], relay=relay.verizon.net[206.46.232.11], delay=1, status=bounced (host relay.verizon.net[206.46.232.11] said: 550 4.2.1 mailbox temporarily disabled: [EMAIL PROTECTED] (in reply to RCPT TO command)) On Aug 12, 2008, at 12:28 PM, Noel Jones wrote: carconni wrote: I need to set up a blacklist of sorts on our mail server. One of our client servers handles approximately a million emails a day and we've been experiencing some delivery delays. In addition, we occasionally get blocked for SPAM and while getting unlisted is easy, I'd like to find more ways of preventing it. Is there a means of setting up a file that postfix will check before delivery? I don't want to restrict based on domain, but rather by address and I would prefer not to use my alias file to move bad addresses to /dev/null. Because our client base is so varied and in many cases we don't have access to the email database, I need to try and find alternatives on the mail server itself. For example, lets say one of our client's users signed up for notifications on a particular service, but she's new to it all and she types in the wrong address. Our application system sends an email to the user and it bounces back from the ISP as undeliverable because of a bad address. How can prevent mail from being delivered to that bad address in the future? So if [EMAIL PROTECTED] comes back as a 450/550, I want to be able to block mail sent to [EMAIL PROTECTED] but not block any other mail that may be going to yahoo.com I've taken a look at http://www.postfix.org/postconf. 5.html#smtpd_client_restrictions but I'm not sure how to apply it for what I need, can anyone advise me on how to set this up? (I've also looked at http://www.postfix.org/ ADDRESS_VERIFICATION_README.html; but the README states quite clearly that this feature is designed for low traffic sites) Thank you very much Use the check_recipient_access restriction to set up a recipient blacklist. One way: # main.cf smtpd_recipient_restrictions permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_recipient_access hash:/etc/postfix/recipient_blacklist And the blacklist itself would look like: # recipient blacklist [EMAIL PROTECTED] REJECT [EMAIL PROTECTED] REJECT After making changes to recipient_blacklist, be sure to run postmap recipient_blacklist to create the hash file that postfix needs. It might be easier to have postfix do automatic verification of recipients in your relay domains, and reject mail to all undeliverable recipients. http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient This does add some load to the server, but in the end it's a lot less load than handling the undeliverable messages. -- Noel Jones
Re: Postfix not sending using TLS
as you can see, psg.com says ESMTP which indicates that it speaks ESMTP. EHLO salsa.gih.co.uk 500 unrecognized command but firewall or proxy doesn't. old code, old behaviour. The error in your previous dump was an indication (unrecognized command). psg.com exim server would have said STARTTLS command used when not advertised. check your docs on how to disable smtp filtering in your firewall (look for somthing like no ip inspect name yourrulename smtp...). That solved it! Thank you very much to you Noel. O. -- Olivier MJ Crepin-Leblond, Ph.D. E-mail:[EMAIL PROTECTED] | http://www.gih.com/ocl.html
Having problems with smtpd_client_restrictions=check_client_access
Hi, I have set up a second port for postfix to listen on specifically to bypass the message_size_limit parameter. Basically, we have a couple of IP segments that have printer scanners and the scanners email the scan to the user and so I also want to restrict access to the port so that only devices in the specific IP segments can use it. This is the configuration for the additional port in the master.cf file: 2526 inet n - n - - smtpd -o cleanup_service_name=pre-cleanup -o message_size_limit=1024 -o smtpd_client_restrictions=check_client_access hash:/etc/postfix/printer_access The contents of printer_access is: 10.169OK 10.219OK 10 REJECT I don't think it should matter where the REJECT line is, but I have tried both in the first and the last position. When I try to telnet to port 2526 fom a machine with a 10.219/16 address, the connection comes up momemtarily (i.e., I get the telnet connected response) and that's followed immediately by Connection closed by foreign host. In the maillog, I see the connect and disconnect log entries and nothing else. If I comment out the smtpd_client_restrictions line in master.cf, it connects just fine. Any ideas about what I'm doing wrong? Thanks, Rob Tanner Linfield College
Re: Need Script, Can't Use Perl With Perl Modules
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I disagree, and believe this *is* the right forum for this question. This isn't a matter of belief or opinion; this is not the right forum. Please try asking on a Perl mailing list. -- Sahil Tandon [EMAIL PROTECTED]
How/when is defer directory cleaned?
I just noticed files in the defer que directory that are over a year old in a postfix 2.3.4 installation. Is there a process that is supposed to be cleaning that directory? I looked at a few machines (2.3.4, 2.4.5) and they had simmilar scenarios; old files in the defer diretory.
