Re: Blocking Spam
bijayant kumar wrote: Bijayant Kumar --- On Tue, 6/1/09, DJ Lucas d...@lucasit.com wrote: From: DJ Lucas d...@lucasit.com Subject: Re: Blocking Spam To: postfix postfix-users@postfix.org Date: Tuesday, 6 January, 2009, 6:34 AM bijayant kumar wrote: Hello list, Now a days we are getting lots of spam emails from our own email-ids. I want to block this. I have tried to block senders domains which are local and not doing smtp-auth. While implementing I come across a new problem like, when I rejected a spam coming from my own email-id from another spam server, I got Bounce-Notification message also. As the account(my email id) is local, it entitled to get the Bounce Notification. How to overcome this issue? Any suggestion or reading. SNIP I am trying to reject the mails which is coming from a...@abc.com without smtp-authentication. It is being rejected but the bounce message is getting delivered to a...@abc.com as this domain and email is local. This is the problem. Bijayant Kumar What is the source of the NDR (show headers if it is not you) and why/how was the original message rejected (logs)? I think I was not clear on my question. As we all know spammers uses the from address as our own email address and spamming like anything, right. In those emails from address and To address both are same. So, I tried to block those spams which are local and not doing smtp-authentication. I have tried to simulate the scenario on my local testing environments. I have created a test domain kavach.com and a user bijay...@kavach.com. I have telneted on one another postfix installation and tried to send emails from bijay...@kavach.com to bijay...@kavach.com. What I observed the email is rejected as desired because it has sent without the smtp-authentication. But bijay...@kavach.com also received the bounce-notification message i.e undelivered mail returned to sender. Postconf -n on test machine mynetworks = 127.0.0.0/8 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.5.5/readme sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_sender_access hash:/etc/postfix/access_sender smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous unknown_local_recipient_reject_code = 550 cat /etc/postfix/access_sender kavach.com REJECT .kavach.com REJECT Mail-Log I sent a mail from another postfix installation postfix/smtpd[14415]: connect from unknown[192.168.99.22] postfix/smtpd[14415]: NOQUEUE: reject: RCPT from unknown[192.168.99.22]: 554 5.7.1 bijay...@kavach.com: Sender address rejected: Access denied; from=bijay...@kavach.com to=bijay...@kavach.com proto=ESMTP helo=test1.localdomain postfix/smtpd[14415]: disconnect from unknown[192.168.99.22] postfix/smtpd[14415]: connect from unknown[192.168.99.22] postfix/smtpd[14415]: 4C8ED7F68D: client=unknown[192.168.99.22] postfix/cleanup[14421]: 4C8ED7F68D: message-id=20090106054312.37623df...@test1.localdomain postfix/qmgr[14308]: 4C8ED7F68D: from=, size=2520, nrcpt=1 (queue active) postfix/smtpd[14415]: disconnect from unknown[192.168.99.22] postfix/virtual[14422]: 4C8ED7F68D: to=bijay...@kavach.com, relay=virtual, delay=0.05, delays=0.03/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to maildir) Hope I am clear this time. Unfortunately, you did not ask a question, but using the logs will help the reader (me) to figure out what the question is. :-) Right now, it is working perfectly as per your description. 192.168.99.22 is not the final destination, nor is it responsible for the sender of the message, but it accepted the message anyway, and sent it on to the final destination. The destination correctly rejected it, as you configured it to do. 192.168.99.22 received the 550 message and notified the original sender (since it is not responsible for the sender, it notified the sever responsible for the sender with an NDR). I think your question revolves around 192.168.99.22 sending a bounce message. The short answer is that it is misconfigured, in that it accepts mail that it should not accept. If you do not want your relay server to bounce, then configure it not to accept messages from senders, or to recipients, that it is not responsible for. If I've got it backwards, and you simply do not want to receive bounce messages, though it is generally considered a bad idea as it's against RFC, you can filter on the empty envelope sender (). Standard disclaimer: DON'T DO THAT! Somebody recently mentioned a DNSBL (ips.backscatterers.org I think, search for it) to use as a conditional aid, but that would do nothing about the 'problem' in this scenario, the first server (internal server)
Re: Mailman
On Tuesday, January 06, 2009 at 08:54 CET, Tolga to...@ozses.net wrote: I tried to create a list, then I sent a request e-mail, and I saw in the logs that it arrived. But I can't find it anywhere. Where did it go? Arrived where, Mailman? Show logs. Also, is this the appropriate list? That depends. Did Postfix deliver the message to the right place, i.e. did the responsibility turn over to Mailman? -- Magnus Bäck mag...@dsek.lth.se
Re: Relaying/forwarding query
On Sunday, January 04, 2009 at 21:36 CET, Nigel Gilbert n.gilb...@surrey.ac.uk wrote: On 04/01/2009 20:11, mouss mo...@ml.netoyen.net wrote: the question is whether some users may be rejected by the second server. if so, they must also be rejected by the first one. if this is ok, then simply declare the domain as a relay domain and use virtual_alias_maps to deliver some users locally. May I ask for one more level of detail about how to do this? I am new to postfix. simply declare the domain as a relay domain I add relay_domains = surrey.ac.uk to main.cf. Correct? Yes, if you don't already have a relay_domains line. In that case add surrey.ac.uk to that line. If a variable is specified multiple times the last assignment wins. use virtual_alias_maps to deliver some users locally I add virtual_alias_maps = hash:/etc/postfix/virtual to main.cf In the file hash:/etc/postfix/virtual I put: known.local.us...@soc.surrey.ac.uk known.local.user Etc. And then run postmap /etc/postfix/virtual Is that right? Yes, but beware that the right-hand side of the virtual alias table doesn't necessarily denote a local user. If the address isn't fully qualified it will be qualified with @$myorigin, and $myorigin isn't necessarily a local domain. It's good practice to explicitly state the domain and choose a domain that's always local (i.e. listed in mydestination). localhost is a typical choice. known.local.us...@soc.surrey.ac.uk known.local.u...@localhost When the mail for an unknown user is relayed to surrey.ac.uk, will it appear to be addressed to unknown.u...@surrey.ac.uk (although originally sent to unknown.u...@soc.surrey.ac.uk)? It needs to be, because otherwise surrey.ac.uk will just send it back to soc.surrey.ac.uk! When acting as a relay Postfix will not alter any recipient addresses. If you want to rewrite soc.surrey.ac.uk to surrey.ac.uk use the virtual alias table. @soc.surrey.ac.uk @surrey.ac.uk -- Magnus Bäck mag...@dsek.lth.se
Re: Mailman
On Tuesday, January 06, 2009 at 10:01 CET, Tolga to...@ozses.net wrote: On Tue, Jan 06, 2009 at 09:49:36AM +0100, Magnus Bäck wrote: Arrived where, Mailman? Show logs. Jan 5 16:51:07 ozses postfix/pipe[22613]: D0E0A352E5: to=mailman-requ...@kunduz.org, relay=spamassassin, delay=0.77, delays=0.32/0.02/0/0.43, dsn=2.0.0, status=sent (delivered via spamassassin service) Jan 5 16:51:07 ozses postfix/local[22617]: 5EA533748A: to=mailman-requ...@kunduz.org, relay=local, delay=0.56, delays=0.05/0.02/0/0.5, dsn=2.0.0, status=sent (delivered to command: /var/lib/mailman/mail/mailman request mailman) Okay, so Mailman did receive the message. Then look in the Mailman logs to see what it did with it. [...] -- Magnus Bäck mag...@dsek.lth.se
CDB map files for virtual alias maps
if I use virtual_alias_maps = cdb:/path/mapfile This doesnt work if mails are sent to users in uppercase But if I use check_recipient_access cdb:/path/valid_recipients , that works fine for uupercase as well as lowercase recipients Is there any setting required to be done to enable uppercase recipient ids in virtual_alias_maps Thanks Ram
Re: Mailman
Magnus Bäck yazmış: On Tuesday, January 06, 2009 at 10:01 CET, Tolga to...@ozses.net wrote: On Tue, Jan 06, 2009 at 09:49:36AM +0100, Magnus Bäck wrote: Arrived where, Mailman? Show logs. Jan 5 16:51:07 ozses postfix/pipe[22613]: D0E0A352E5: to=mailman-requ...@kunduz.org, relay=spamassassin, delay=0.77, delays=0.32/0.02/0/0.43, dsn=2.0.0, status=sent (delivered via spamassassin service) Jan 5 16:51:07 ozses postfix/local[22617]: 5EA533748A: to=mailman-requ...@kunduz.org, relay=local, delay=0.56, delays=0.05/0.02/0/0.5, dsn=2.0.0, status=sent (delivered to command: /var/lib/mailman/mail/mailman request mailman) Okay, so Mailman did receive the message. Then look in the Mailman logs to see what it did with it. [...] All I had to do was mailmanctl start /me hides Regards, /mto -- Don't go surfing in South Dakota for a while.
Re: CDB map files for virtual alias maps
ram: if I use virtual_alias_maps = cdb:/path/mapfile This doesnt work if mails are sent to users in uppercase Please show evidence of this in the form of SMTP commands and Postfix logging. Wietse
Re: Using Postfix for business continuity
On Mon, Jan 5, 2009 at 3:25 PM, Wietse Venema wie...@porcupine.org wrote: Kenneth Kalmer: Hi all Just got asked by one our sales guys if we could implement a Postfix business continuity service, by his definition it means that Postfix acts as a normal backup MX but gives the users access to their email via webmail of sorts. I understand the issues of user authentication, validating users, etc. I'd just like to find out if anyone has implemented something similar, or have any pointers for implementing something like this. I don't know of any, but this is how I would do it. Business continuity requires that users keep access to old email. This requires continuous replication. In the absence of file systems with built-in replication, the best option is to implement replication at the message store level. From the Postfix point of view this requires a replicated DBMS with standard (LMTP or pipe-to-command) mail injection interfaces. For web or IMAP access, another set of adapters would be needed. Of course this also requires that the customer's systems are replication enabled, and that your message store DBMSes can communicate with theirs. The way we envisioned it it would be an offsite server acting as a normal backup MX, giving the users access to their email through a web interface. This would involve reading through the spool files, which for high volumes would be horribly slow. Most of our potential clients would be running MS Exchange (I see this as the continuity issue) and we'll be far removed from them. The woes of this just sounds too much. Synchronizing LDAP details, parsing spool files, and all kinds of other issues, not to mention the remote site going down totally leaving the users with any means to access the continuity service... Thanks for the reply in any case, much appreciated. Best -- Kenneth Kalmer kenneth.kal...@gmail.com http://opensourcery.co.za
Re: Using Postfix for business continuity
On Tue, Jan 06, 2009 at 02:49:21PM +0200, Kenneth Kalmer wrote: The way we envisioned it it would be an offsite server acting as a normal backup MX, giving the users access to their email through a web interface. This would involve reading through the spool files, which for high volumes would be horribly slow. This would be a design error, far better to deliver a per-recipient Bcc copy to a real IMAP mail-store and to set up a suitable IMAP webmail client. A full business continuity solution is along the lines Wietse suggested. If a hack is required to serve just new mail, divert all queued mail from the backup MX to a separate queue with maximally long queue lifetimes (100d at present) and in that queue generate the recipient-bcc copies to IMAP. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: CDB map files for virtual alias maps
On Tue, 2009-01-06 at 06:48 -0500, Wietse Venema wrote: ram: if I use virtual_alias_maps = cdb:/path/mapfile This doesnt work if mails are sent to users in uppercase Please show evidence of this in the form of SMTP commands and Postfix logging. Wietse I did a default postfix install just to replicate this scenario [r...@50.133 SPECS]# rpm -q postfix postfix-2.5.5-1.cdb.notls.rhel5 [r...@50.133 SPECS]# cat /etc/postfix/vmap t...@netcore.co.in r...@netcore.co.in [r...@50.133 SPECS]# postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = /usr/share/doc/postfix-2.5.5-documentation/html mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.5.5-documentation/readme relayhost = [192.168.2.105] sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550 virtual_alias_maps = cdb:/etc/postfix/vmap --- Mail from b...@netcore.co.in to t...@netcore.co.in - (mapping OK) Jan 6 19:58:17 chatserver-devel postfix/smtpd[22474]: connect from localhost[127.0.0.1] Jan 6 19:58:17 chatserver-devel postfix/smtpd[22474]: AFC0A18CF2E: client=localhost[127.0.0.1] Jan 6 19:58:17 chatserver-devel postfix/cleanup[22477]: AFC0A18CF2E: message-id=v9ow6ak9p2m3.1231252...@netcore.co.in Jan 6 19:58:17 chatserver-devel postfix/qmgr[22417]: AFC0A18CF2E: from=b...@netcore.co.in, size=564, nrcpt=1 (queue active) Jan 6 19:58:17 chatserver-devel postfix/smtpd[22474]: disconnect from localhost[127.0.0.1] Jan 6 19:58:17 chatserver-devel postfix/smtp[22478]: AFC0A18CF2E: to=r...@netcore.co.in, orig_to=t...@netcore.co.in, relay=192.168.2.105[192.168.2.105]:25, delay=0.07, delays=0.06/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as DDA566682F9) Jan 6 19:58:17 chatserver-devel postfix/qmgr[22417]: AFC0A18CF2E: removed - Mail from b...@netcore.co.in to t...@netcore.co.in (mapping failed) Jan 6 19:59:28 chatserver-devel postfix/smtpd[22474]: connect from localhost[127.0.0.1] Jan 6 19:59:28 chatserver-devel postfix/smtpd[22474]: 8E42D18CF2E: client=localhost[127.0.0.1] Jan 6 19:59:28 chatserver-devel postfix/cleanup[22477]: 8E42D18CF2E: message-id=c3zr8pu4g2i2.1231252...@netcore.co.in Jan 6 19:59:28 chatserver-devel postfix/qmgr[22417]: 8E42D18CF2E: from=b...@netcore.co.in, size=564, nrcpt=1 (queue active) Jan 6 19:59:28 chatserver-devel postfix/smtpd[22474]: disconnect from localhost[127.0.0.1] Jan 6 19:59:28 chatserver-devel postfix/smtp[22478]: 8E42D18CF2E: to=t...@netcore.co.in, relay=192.168.2.105[192.168.2.105]:25, delay=0.1, delays=0.09/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as C17846682F9) Jan 6 19:59:28 chatserver-devel postfix/qmgr[22417]: 8E42D18CF2E: removed --This is the postmap output [r...@50.133 postfix]# postmap -q t...@netcore.co.in cdb:/etc/postfix/vmap r...@netcore.co.in [r...@50.133 postfix]# postmap -q t...@netcore.co.in cdb:/etc/postfix/vmap [r...@50.133 postfix]#
Re: CDB map files for virtual alias maps
On Tue, Jan 06, 2009 at 07:58:07PM +0530, ram wrote: [r...@50.133 postfix]# postmap -q t...@netcore.co.in cdb:/etc/postfix/vmap r...@netcore.co.in [r...@50.133 postfix]# postmap -q t...@netcore.co.in cdb:/etc/postfix/vmap [r...@50.133 postfix]# Well, that's not how CDB tables work here, looks someone helpfully modified your CDB driver or Postfix dictionary lookup interface. The results below are obtained from Wietse's Postfix 2.5.5 code: # postmap -q root cdb:/etc/postfix/virtual | tr 'a-z' 'x' xx # postmap -q ROOT cdb:/etc/postfix/virtual xx # postconf mail_version mail_release_date mail_version = 2.5.5 mail_release_date = 20080902 # postconf -m btree cdb cidr environ hash ldap pcre proxy static unix -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Getting reject_sender_login_mismatch/smtpd_sender_login_maps and mysql to work together
Hi: I would very much appreciate any help, advice, pointers, etc. to resolve an issue I am encountering. I am having a challenge trying to use a mysql table for smtpd_sender_login_maps. Right now I have: In main.cf: smtpd_sender_login_maps=mysql:/path/to/map.cf smtpd_sender_restrictions=reject_sender_login_mismatch, My virtual mailbox table contains the username for authentication (which is also the e-mail address), the password and I am using a text (VARCHAR) field to hold the list of e-mail addresses that each user is allowed to send from. For example, my e-mail is jeff (at) jweinberger.homeip.net. I can send as that e-mail, but I also want to allow sending from someothername (at) jweinberger.homeip.net and from jeff (at) some-other-domain-I- own.tld. so the table row looks like: field username: jeff (at) jweinberger.homeip.net field password: (password) field valid_from: jeff (at) jweinberger.homeip.net, someothername (at) jweinberger.homeip.net, jeff (at) some-other-domain-I-own.tld The select statement in the maps.cf file is select username from virtual_mailbox_table where (INSTR(valid_from, %s) 0) which successfully (tested outside postfix) looks up the sender address and returns the login name (field: username). I run into problems when more than one login name is permitted to send from a given address. For example, say i include one of my valid addresses as postmaster (at) jweinberger.homeip.net (so I can send from it - mail to it goes into a postmaster mailbox as required). I also want someone else to be able to send from postmaster (at) jweinberger.homeip.net. So the virtual mailbox table would contain: Row 1: field username: jeff (at) jweinberger.homeip.net field password: (password) field valid_from: jeff (at) jweinberger.homeip.net, someothername (at) jweinberger.homeip.net, jeff (at) some-other-domain-I-own.tld, postmaster (at) jweinberger.homeip.net Row 2: field username: someoneelse (at) jweinberger.homeip.net field password: (password) field valid_from: someoneelse (at) jweinberger.homeip.net, yetanothername (at) jweinberger.homeip.net, postmaster (at) jweinberger.homeip.net And when I try to send mail authenticated at jeff (at) jweinberger.homeip.net from postmaster (at) jweinberger.homeip.net it fails with this log entry: postfix/smtpd[83245]: NOQUEUE: reject: RCPT from unknown[10.0.1.1]: 553 5.7.1 postmaster (at) jweinberger.homeip.net : Sender address rejected: not owned by user jeff (at) jweinberger.homeip.net from=postmaster (at) jweinberger.homeip.net to=--edited-- proto=ESMTP helo=[10.0.1.7] The query in this case would return two rows, as both users are allowed to send from that address. According to the description of smtpd_sender_login_maps in http://www.postfix.com/postconf.5.html : In all cases the result of table lookup must be either not found or a list of SASL login names separated by comma and/or whitespace I conclude that the mysql query is not returning the list in the right form. Since I don't know how mysql calls are implemented in postfix, I don't know what to do to correct this, if it's possible. So my questions: 1) Is my analysis and conclusion (that mysql is not returning the result in the required form) correct? 2) Is there anything I can do to make the result come back in the form postfix needs it? I would like to be able to do this in this way, as I think it makes sense to track which addresses are authorized for each user, rather than the other way around. If there is no direct way to do this, I can build a reverse lookup table that will return the list postfix expects. And of course, if there is any additional information that would help in diagnosing or resolving this, I'd be happy to provide it. Any help, direction, pointers, etc. are much appreciated! Thanks, --Jeff
Re: Getting reject_sender_login_mismatch/smtpd_sender_login_maps and mysql to work together
On Tue, Jan 06, 2009 at 12:16:00PM -0800, Jeff Weinberger wrote: Hi: I would very much appreciate any help, advice, pointers, etc. to resolve an issue I am encountering. I am having a challenge trying to use a mysql table for smtpd_sender_login_maps. Right now I have: In main.cf: smtpd_sender_login_maps=mysql:/path/to/map.cf smtpd_sender_restrictions=reject_sender_login_mismatch, My virtual mailbox table contains the username for authentication (which is also the e-mail address), the password and I am using a text (VARCHAR) field to hold the list of e-mail addresses that each user is allowed to send from. For example, my e-mail is jeff (at) jweinberger.homeip.net. I can send as that e-mail, but I also want to allow sending from someothername (at) jweinberger.homeip.net and from jeff (at) some-other-domain-I- own.tld. so the table row looks like: field username: jeff (at) jweinberger.homeip.net field password: (password) field valid_from: jeff (at) jweinberger.homeip.net, someothername (at) jweinberger.homeip.net, jeff (at) some-other-domain-I-own.tld This violates 1st normal form. Avoid multi-value fields stored as a concatenation. The correct schema for this uses an additional table to correlate addresses to users: The select statement in the maps.cf file is select username from virtual_mailbox_table where (INSTR(valid_from, %s) 0) which successfully (tested outside postfix) looks up the sender address and returns the login name (field: username). This is an inefficient table scan. You need a better schema to model this. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Getting reject_sender_login_mismatch/smtpd_sender_login_maps and mysql to wo
--- In post...@yahoogroups.com, Victor Duchovni victor.ducho...@... wrote: On Tue, Jan 06, 2009 at 12:16:00PM -0800, Jeff Weinberger wrote: Hi: I would very much appreciate any help, advice, pointers, etc. to resolve an issue I am encountering. I am having a challenge trying to use a mysql table for smtpd_sender_login_maps. Right now I have: In main.cf: smtpd_sender_login_maps=mysql:/path/to/map.cf smtpd_sender_restrictions=reject_sender_login_mismatch, My virtual mailbox table contains the username for authentication (which is also the e-mail address), the password and I am using a text (VARCHAR) field to hold the list of e-mail addresses that each user is allowed to send from. For example, my e-mail is jeff (at) jweinberger.homeip.net. I can send as that e-mail, but I also want to allow sending from someothername (at) jweinberger.homeip.net and from jeff (at) some-other-domain-I- own.tld. so the table row looks like: field username: jeff (at) jweinberger.homeip.net field password: (password) field valid_from: jeff (at) jweinberger.homeip.net, someothername (at) jweinberger.homeip.net, jeff (at) some-other-domain-I-own.tld This violates 1st normal form. Avoid multi-value fields stored as a concatenation. The correct schema for this uses an additional table to correlate addresses to users: The select statement in the maps.cf file is select username from virtual_mailbox_table where (INSTR(valid_from, %s) 0) which successfully (tested outside postfix) looks up the sender address and returns the login name (field: username). This is an inefficient table scan. You need a better schema to model this. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@...?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly. Victor: Thank you. I know that it is not a good model for the way postfix requires the query, but from a logical standpoint, I am trying to this about it as which addresses is a user allowed to send from. This makes sense when you think about a user having e-mail service through my server, and using that to send e-mail from another unrelated valid address then he/she owns. (validating that is also important, but not in the scope of this issue). So I want to associate valid from addresses with the user, not the other way around. I understand fully the point of view that postfix takes, asking who is allowed to send from this e-mail address (more or less masquerade as this e-mail identity), which makes sense also. There may be better schema for answering the question I am asking, but it sounds from your response (I am assuming, possibly dangerously) That there is no way to do what I want to do without creating another table in the database, indexed by from address with resuting lists of users. Is that correct? Also, this seems that it won't work either. As inefficient as my query is, it successfully returned the list of valid SASL users for a given from address. But whether it found only one SASL user or a list of them, postfix rejected the mail with the same error. All of the above debate about the most effective way to achieve this is helpful, but the important question is this: Why does postfix reject the mail when the mysql query return one or several valid SASL users? And, if there are multiple SASL users permitted to send e-mail from a specific address, does postfix expect the query to return a one-row result with the one result containing a list of valid SASL users, or to return one row per SASL user, with each row containing the user name only? Any suggestions on how to make the query work? Thank you!!
Re: Getting reject_sender_login_mismatch/smtpd_sender_login_maps and mysql to wo
On Tue, Jan 06, 2009 at 10:20:12PM -, jeff_homeip wrote: I know that it is not a good model for the way postfix requires the query, More stronly, an SQL schema in which multiple data items are stored concatenated in a single table element is a poor schema regardless of the application. This violates fundamental principles of database schema design. Multi-valued elements are stored in separate tables that are joined to the main table. This is not a Postfix requirement, it is basic database design. but from a logical standpoint, I am trying to this about it as which addresses is a user allowed to send from. The correct design has a address table which links address objects to user objects, and a user table which holds attribtues of users. To discover the addresses of a user, join the two tables. Implement appropriate indices and forein keys to make the expected queries efficient. This makes sense when you think about a user having e-mail service through my server, and using that to send e-mail from another unrelated valid address then he/she owns. (validating that is also important, but not in the scope of this issue). So I want to associate valid from addresses with the user, not the other way around. In a correct SQL schema the question is moot, SQL stores relation tuples, there is no notion of which is the primary element in a relation. x R y = row (x,y) is present in table R I understand fully the point of view that postfix takes, asking who is allowed to send from this e-mail address (more or less masquerade as this e-mail identity), which makes sense also. Yes, but your schema is poorly designed. A good schema will naturally support a variety of queries that select ether the x values for which x R y is true for a given y or just as easily the converse. There may be better schema for answering the question I am asking, but it sounds from your response (I am assuming, possibly dangerously) That there is no way to do what I want to do without creating another table in the database, indexed by from address with resuting lists of users. Is that correct? I am claiming that what you can't be done with your existing schema, perhaps it can. I am claiming that you should change your schema as soon as you can. Why does postfix reject the mail when the mysql query return one or several valid SASL users? To solve such questions, divide and conquer: - Use a simple indexed file to store the sasl_sender_login table. Make this work, resolving any issues that you find. - Once SASL sender validation is working without SQL, create an SQL query that given verbatim keys from the indexed file, returns the identical RHS values. Verify with multiple postmap -q tests. Once this works, use SQL in the Postfix configuration. The above approach allows you to identify and solve the right problem. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
RE: Using Postfix for business continuity
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Kenneth Kalmer Sent: Tuesday, 6 January 2009 11:49 PM To: Postfix users Subject: Re: Using Postfix for business continuity On Mon, Jan 5, 2009 at 3:25 PM, Wietse Venema wie...@porcupine.org wrote: Kenneth Kalmer: Hi all Just got asked by one our sales guys if we could implement a Postfix business continuity service, by his definition it means that Postfix acts as a normal backup MX but gives the users access to their email via webmail of sorts. I understand the issues of user authentication, validating users, etc. I'd just like to find out if anyone has implemented something similar, or have any pointers for implementing something like this. The way we envisioned it it would be an offsite server acting as a normal backup MX, giving the users access to their email through a web interface. This would involve reading through the spool files, which for high volumes would be horribly slow. Most of our potential clients would be running MS Exchange (I see this as the continuity issue) and we'll be far removed from them. Exchange 2007 has pretty good clustering and cross-site replication (using log-shipping) these days. Of course, any replication partner would need to be in the same domain, but it might be possible to host several instances on one box using a virtual server solution. Naturally, if a business has multiple sites, they'd be much better off doing any replication internally anyway. Otherwise, Victor's suggestion about BCCing everything and hosting an IMAP server is the best other option (given all the account co-ordination hassles).
Re: Catchall Domains
Corey Chandler a écrit : [snip] While I've got my postconf output up here, I'm also attempting to have this gateway rewrite all addresses of the form u...@server.example.com to u...@example.com before looking for a match in the transport / relay recipient table. Is there a way to achieve this within Postfix? -- CJC Whoops, sorted it out. The problem came from my using relay_recpients as a transport map as well; I had to declare my wildcarded domain both with and without the @ in it... instead oh gross hacks, use a script to generate two maps. don't reuse maps like that. if one day you decide to add a transport entry for some domain (to select different options for smpt for instance), it will accidentally become a relay domain...
Re: Getting reject_sender_login_mismatch/smtpd_sender_login_maps and mysql to work together
On Tue Jan 6, 2009 2:42 pm Victor Duchovni wrote: I know that it is not a good model for the way postfix requires the query, More stronly, an SQL schema in which multiple data items are stored concatenated in a single table element is a poor schema regardless of the application. This violates fundamental principles of database schema design. Multi-valued elements are stored in separate tables that are joined to the main table. This is not a Postfix requirement, it is basic database design. but from a logical standpoint, I am trying to this about it as which addresses is a user allowed to send from. The correct design has a address table which links address objects to user objects, and a user table which holds attribtues of users. To discover the addresses of a user, join the two tables. Implement appropriate indices and forein keys to make the expected queries efficient. This makes sense when you think about a user having e-mail service through my server, and using that to send e-mail from another unrelated valid address then he/she owns. (validating that is also important, but not in the scope of this issue). So I want to associate valid from addresses with the user, not the other way around. In a correct SQL schema the question is moot, SQL stores relation tuples, there is no notion of which is the primary element in a relation. x R y = row (x,y) is present in table R I understand fully the point of view that postfix takes, asking who is allowed to send from this e-mail address (more or less masquerade as this e-mail identity), which makes sense also. Yes, but your schema is poorly designed. A good schema will naturally support a variety of queries that select ether the x values for which x R y is true for a given y or just as easily the converse. There may be better schema for answering the question I am asking, but it sounds from your response (I am assuming, possibly dangerously) That there is no way to do what I want to do without creating another table in the database, indexed by from address with resuting lists of users. Is that correct? I am claiming that what you can't be done with your existing schema, perhaps it can. I am claiming that you should change your schema as soon as you can. Why does postfix reject the mail when the mysql query return one or several valid SASL users? To solve such questions, divide and conquer: - Use a simple indexed file to store the sasl_sender_login table. Make this work, resolving any issues that you find. - Once SASL sender validation is working without SQL, create an SQL query that given verbatim keys from the indexed file, returns the identical RHS values. Verify with multiple postmap -q tests. Once this works, use SQL in the Postfix configuration. The above approach allows you to identify and solve the right problem. -- Viktor. Viktor: Thank you. I agree with all your comments about the database schema, which I have not yet built. I am in testing mode and want to make sure this kind of validation will work as expected and give me the desired results. So if I may, I'd like to focus on getting this to work. I did the testing you suggested before I posted. Here are the tests: I created a hash table (text file then used postmap hash:). The text file had lines like this: sender_address1 sasl_owner sender_address2 sasl_owner2, sasl_owner3, sasl_owner4 and so on, for the several addresses I tested. I then used postmap -q to verify that the lookup returned the correct values. As speficied in the documentation for smtpd_sender_login_maps, it returned one single SASL user name when only one user is authorized to send from that from address and a string of comma-separated names when multiple users are authorized to send from that from address. I then added the line: smtpd_sender_login_maps=hash:/path/to/map to my main.cf and send a few messages. Postfix correctly allowed and rejected all of the test messaages, and the logs showed the correct reason for the rejection, and no log entries showing a successful match. I then, again just to test, added a field to my virtual users table to hold authorized addresses, and wrote the query noted above into a mysql_sender_login_maps.cf file. I used postmap -q to verify that the results of the query were correct and were exactly the same as the results received when I used postmap - q on the hash: file. They all were identical for the same lookup keys. I then changed the main.cf line to: smtpd_sender_login_maps=hash:/path/to/mysql_sender_login_maps.cf and tried the same series of test messages. All of the test messages failed. The ones where the lookup produced the same comma-separated line as with the hash: file, and the ones where the lookup produced a single result. All were rejected (as noted in the log entry I posted previously) with the reason that the from address was not authorized for that sasl
Re: Getting reject_sender_login_mismatch/smtpd_sender_login_maps and mysql to work together
On Jan 6, 2009, at 5:59 PM, Wietse Venema wrote: Jeff Weinberger: I then added the line: smtpd_sender_login_maps=hash:/path/to/map to my main.cf and send a few messages. Postfix correctly allowed and rejected all of the test messaages, and the logs showed the correct reason for the rejection, and no log entries showing a successful match. I then, again just to test, added a field to my virtual users table to hold authorized addresses, and wrote the query noted above into a mysql_sender_login_maps.cf file. I used postmap -q to verify that the results of the query were correct and were exactly the same as the results received when I used postmap - q on the hash: file. They all were identical for the same lookup keys. smtpd does the same lookups as postmap -q. If the result is different than when you run postmap -q by hand, then it is almost certain that you are using a different search key than Postfix uses. Postfix does the lookups as documented in the postconf(5) manual page: smtpd_sender_login_maps (default: empty) Optional lookup table with the SASL login names that own sender (MAIL FROM) addresses. Specify zero or more type:table lookup tables. With lookups from indexed files such as DB or DBM, or from networked tables such as NIS, LDAP or SQL, the following search operations are done with a sender address of u...@domain: 1) u...@domain This table lookup is always done and has the highest precedence. 2) user This table lookup is done only when the domain part of the sender address matches $myorigin, $mydestination, $inet_inter- faces or $proxy_interfaces. 3) @domain This table lookup is done last and has the lowest precedence. You can see what lookups Postfix does by setting the debug_peer_list parameter in main.cf. For example: # postconf -e debug_peer_list=static:all # postfix reload Wietse Wietse Thank you very much for your help. I just responded to Viktor as well, and plead stupid. I just re-ran all the same tests (by hand this time) and everything worked. All postmap-q commands gave the correct results, and all messages were accepted or rejected as expected. I checked the scripts I used earlier for logical errors and typos, but found none. so I have no idea why I was getting odd results. Never-the-less, all works now. I thank you and Victor for your generous help. --Jeff
how to specify an over-ride in master.cf that contains whitespace
Hi: Yet another question I hope I can impose upon your help for... I am testing sender restrictions and have defined an alternate submission entry in master.cf for this purpose (and not to disrupt other users while I test). I want to test the check_sender_access which requires the form check_sender_access type:table which includes whitespace, which is not permitted in master.cf According to the master(5) documentation: do not specify whitespace around the =. In parameter values, either avoid whitespace altogether, use commas instead of spaces, or consider overrides like -o name=$override_parameter with $over- ride_parameter set in main.cf. So will this work: main.cf: $my_test_sender_restrictions=check_sender_access pcre:/path/to/ file.pcre master.cf -o smtpd_sender_restrictions= $my_test_sender_restrictions,reject_sender_login_mismatch,. or am I missing something? Thank you! --Jeff
Re: how to specify an over-ride in master.cf that contains whitespace
On Tue, Jan 06, 2009 at 07:07:59PM -0800, Jeff Weinberger wrote: According to the master(5) documentation: do not specify whitespace around the =. In parameter values, either avoid whitespace altogether, use commas instead of spaces, or consider overrides like -o name=$override_parameter with $over- ride_parameter set in main.cf. So will this work: main.cf: $my_test_sender_restrictions=check_sender_access pcre:/path/to/ file.pcre master.cf -o smtpd_sender_restrictions= $my_test_sender_restrictions,reject_sender_login_mismatch,. or am I missing something? http://archives.neohapsis.com/archives/postfix/2005-07/1384.html -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: CDB map files for virtual alias maps
On Tue, 2009-01-06 at 09:57 -0500, Victor Duchovni wrote: On Tue, Jan 06, 2009 at 07:58:07PM +0530, ram wrote: [r...@50.133 postfix]# postmap -q t...@netcore.co.in cdb:/etc/postfix/vmap r...@netcore.co.in [r...@50.133 postfix]# postmap -q t...@netcore.co.in cdb:/etc/postfix/vmap [r...@50.133 postfix]# Well, that's not how CDB tables work here, looks someone helpfully modified your CDB driver or Postfix dictionary lookup interface. The results below are obtained from Wietse's Postfix 2.5.5 code: which CDB package ( rpm ? ) does this use I downloaded the package from http://www.corpit.ru/mjt/tinycdb.html#download created installed the rpm on a centos 5 box # postmap -q root cdb:/etc/postfix/virtual | tr 'a-z' 'x' xx # postmap -q ROOT cdb:/etc/postfix/virtual xx # postconf mail_version mail_release_date mail_version = 2.5.5 mail_release_date = 20080902 # postconf -m btree cdb cidr environ hash ldap pcre proxy static unix
Re: how to specify an over-ride in master.cf that contains whitespace
--- In post...@yahoogroups.com, Victor Duchovni victor.ducho...@... wrote: On Tue, Jan 06, 2009 at 07:07:59PM -0800, Jeff Weinberger wrote: According to the master(5) documentation: do not specify whitespace around the =. In parameter values, either avoid whitespace altogether, use commas instead of spaces, or consider overrides like -o name=$override_parameter with $over- ride_parameter set in main.cf. So will this work: main.cf: $my_test_sender_restrictions=check_sender_access pcre:/path/to/ file.pcre master.cf -o smtpd_sender_restrictions= $my_test_sender_restrictions,reject_sender_login_mismatch,. or am I missing something? http://archives.neohapsis.com/archives/postfix/2005-07/1384.html -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@...?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly. Thank you very much! exactly what I needed to know. (sorry it didn't come up when I googled...) --Jeff
Copy incoming email to two destinations
On an email gateway (accepting internet email and passing it on to other machines), how do I send one user's email to two different destinations? I tried with aliases, but that only appears to work with local delivery. Thanks!
Re: Copy incoming email to two destinations
Magnus Bck wrote (on Wed, Jan 07, 2009 at 06:54:55AM +0100): On Wednesday, January 07, 2009 at 06:46 CET, N. Yaakov Ziskind aw...@ziskind.us wrote: On an email gateway (accepting internet email and passing it on to other machines), how do I send one user's email to two different destinations? I tried with aliases, but that only appears to work with local delivery. Use virtual aliases (which doesn't imply virtual alias DOMAINS). http://www.postfix.org/ADDRESS_REWRITING_README.html#virtual -- Magnus Bäck mag...@dsek.lth.se Thank you!
queue buildup
Hi All, My mail server has due to some reasons queued plenty of mails: - qshape deferred T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 1349 0 2 2 6 5 6 18 23 58 1229 multilinks.com 1342 0 2 1 6 5 6 18 23 57 1224 mac.com 1 0 0 0 0 0 0 0 0 1 0 diamato.com 1 0 0 0 0 0 0 0 0 0 1 schweif.net 1 0 0 1 0 0 0 0 0 0 0 cablenet5.com 1 0 0 0 0 0 0 0 0 0 1 mail.mtc.com.pl 1 0 0 0 0 0 0 0 0 0 1 tmda.easydns.com 1 0 0 0 0 0 0 0 0 0 1 kreadesign1.model-fx.com 1 0 0 0 0 0 0 0 0 0 1 I want to flush mails for one specific domain, basically multilinks.comwhich have been queued for long time. I was thinking of running postqueue -s multilinks.com but it says postqueue: fatal: Flush service is not configured for destination multilinks.com Thanks in advance.