Question regarding SPF
Hi All, We recently took over a company that used SPF. Because our e-mail infra is way more complicated than theirs and we have tons of external parties who send mails using our domains, we decided long ago not to use SPF. Now they say that %5 of their mailings don't arrive at customers anymore, and say this is because we removed their SPF records.. I'm no expert on SPF but as far as I understand it only checks if a sender is 'allowed' to send using that domain, so no relation what so ever on dropping mail from parties that don't use SPF... Or am I missing something? Thanks Regards, - Marco van Kammen Springer Science+Business Media System Manager Postmaster - van Godewijckstraat 30 | 3311 GX Office Number: 05E21 Dordrecht | The Netherlands - tel +31(78)6576446 fax +31(78)6576302 - www.springeronline.com http://www.springeronline.com www.springer.com http://www.springer.com/ -
Re: Question regarding SPF
W dniu 2009-04-17 08:50, Kammen van, Marco, Springer SBM NL pisze: Hi All, We recently took over a company that used SPF. Because our e-mail infra is way more complicated than theirs and we have tons of external parties who send mails using our domains, we decided long ago not to use SPF. Now they say that %5 of their mailings don’t arrive at customers anymore, and say this is because we removed their SPF records.. I’m no expert on SPF but as far as I understand it only checks if a sender is ‘allowed’ to send using that domain, so no relation what so ever on dropping mail from parties that don’t use SPF… Or am I missing something? It might be their IP's are on some blacklist and while they've had SPF record their emails were not checked in (some) RBLs. There's no such rule, but one can configure something like that. Also it can be related to mail content, or amount of emails per piece of time to the same server. You could think of SPF usage like some kind of whitelisting, but that's dependent on one's configuration at client's side (the side which uses SPF record, not the one provides it). For sure there's no straightforward relation between not using SPF and emails being rejected. Maybe you've got some more information from logs why emails are being rejected? Pawel Lesniak
Re: Plus Addressing
On 16-Apr-2009, at 23:44, Victor Duchovni wrote:
Don't use mailbox_command, use mailbox_transport (assuming that in
your
case deliver can work acceptably running as a fixed pipe(8) user
rather
than as the recipient). The recipient extension in local(8)
deliveries is
converted to lower-case (the entire local-part is converted to lower-
case,
before the extension is extracted).
Interesting. I have cirtual_transport for my virtual users set to
procmail and
procmail unix - n n - - pipe
-o flags=uhFORD user=vpopmail argv=/usr/local/bin/procmail -t -m
USER=${recipient} EXTENSION=${extension} /usr/local/etc/
procmailrc.common
And sometimes ${recipient} comes through as User instead of user.
Doesn't happen at all on local delivery, and now I know why.
--
Lisa Bonet ate no Basil
postfix for LAN - remote mail server
I have a LAN with several computers on it used by a variety of users. I have one server on the LAN running OS X and have postfix installed (probably needs updating, but not gotten that far). What I want to do is to have users on the LAN send emails to other users on the LAN (u...@example.local ) and have those email addresses mapped to specific addresses on the remote server (f...@example.com, served by mail.example.com). I do not want the users to be able to send mail via example.local to any other users but those that I have mapped, and I do not want to accept any mail from outside the LAN for u...@example.local, but might want accept mail for local users if they are sent to the outward facing rdns for the machine (say u...@subdomain.example.com). So, i have a user bob who sends email to f...@example.local and my LAN's DNS points example.local's MX record to 10.11.12.13, and then postfix gets that mail, remaps it to fsm...@example.com and sends it out via a connection to mail.example.com. if bob tries to send to m...@example.local and there is no map, the user is rejected. If bob tries to send to m...@yahoo.com via the LAN postfix, it is rejected. 10.11.12.13's postfix will ONLY send to mail.example.com and only for users in the map. The question is, what is the best way to ensure that this works. What is the best map to use, and am I forgetting anything obvious? -- I find your lack of faith disturbing.
Re: Question regarding SPF
I’m no expert on SPF but as far as I understand it only checks if a sender is ‘allowed’ to send using that domain, so no relation what so ever on dropping mail from parties that don’t use SPF… Or am I missing something? A lot of statistics are used to filter out spam so it wouldn't surprise me if having SPF records helps to lower your change of bein filtered. first hit on the search spf spam filtering http://www.wilsonweb.com/wmtp8/spf_howto.htm Martijn Brinkers -- Djigzo open source email encryption www.djigzo.com
Re: Question regarding SPF
martijn.list martijn.l...@gmail.com wrote: I’m no expert on SPF but as far as I understand it only checks if a sender is ‘allowed’ to send using that domain, so no relation what so ever on dropping mail from parties that don’t use SPF… Or am I missing something? A lot of statistics are used to filter out spam so it wouldn't surprise me if having SPF records helps to lower your change of bein filtered. first hit on the search spf spam filtering http://www.wilsonweb.com/wmtp8/spf_howto.htm Martijn Brinkers The home-page of OpenSPF is here: http://www.openspf.org/ -- Roel Wagenaar, Timmerman-aannemer, Tel.: 0513-789900. If we aren't supposed to eat amimals, why are they made with meat?
Re: Cluster of postfix
On Friday 17 April 2009 01:23:20 Wietse Venema wrote: Juan Antonio Cuesta: Hello, i have two postfix servers, and when i have to do any change in virtual file or in aliases file i must to do the same change in the 2 servers. Can someone say me how can i do my job more confortable and only do one time. Instead of a local file, use LDAP or SQL (with replicated database). If other then performance, why replicated? Also, any technical objections against moving shared files into an nfs mounted directory and adjusting main.cf to look there? -- Melvyn Sopacua
Re: postfix for LAN - remote mail server
2009/4/17 LuKreme krem...@kreme.com: I have a LAN with several computers on it used by a variety of users. I have one server on the LAN running OS X and have postfix installed (probably needs updating, but not gotten that far). What I want to do is to have users on the LAN send emails to other users on the LAN (u...@example.local) and have those email addresses mapped to specific addresses on the remote server (f...@example.com, served by mail.example.com). I do not want the users to be able to send mail via example.local to any other users but those that I have mapped, and I do not want to accept any mail from outside the LAN for u...@example.local, but might want accept mail for local users if they are sent to the outward facing rdns for the machine (say u...@subdomain.example.com). So, i have a user bob who sends email to f...@example.local and my LAN's DNS points example.local's MX record to 10.11.12.13, and then postfix gets that mail, remaps it to fsm...@example.com and sends it out via a connection to mail.example.com. if bob tries to send to m...@example.local and there is no map, the user is rejected. If bob tries to send to m...@yahoo.com via the LAN postfix, it is rejected. 10.11.12.13's postfix will ONLY send to mail.example.com and only for users in the map. The question is, what is the best way to ensure that this works. What is the best map to use, and am I forgetting anything obvious? Would hosting example.local as a virtual alias domain do the job? Assuming no other configuration, postfix will accept mail locally for $mydestination, and for virtual_alias_domains. Then just list the acceptable recipients in virtual_alias_maps. These requirements of may/may-not send to arbitrary-domain.com depending on the connecting interface sound troublesome, but I'm sure someone here has a solution.
Re: Cluster of postfix
Wietse Venema: Melvyn Sopacua: On Friday 17 April 2009 01:23:20 Wietse Venema wrote: Juan Antonio Cuesta: Hello, i have two postfix servers, and when i have to do any change in virtual file or in aliases file i must to do the same change in the 2 servers. Can someone say me how can i do my job more confortable and only do one time. Instead of a local file, use LDAP or SQL (with replicated database). If other then performance, why replicated? Availability. Also, any technical objections against moving shared files into an nfs mounted directory and adjusting main.cf to look there? NFS is not suitable for write-sharing. It is OK only for sharing read-only files, or when there is a single writer who is also the sole reader. In case this gets mis-interpreted: I was talking about NFS sharing files that are overwritten, or that are updated in place. Maildir does not have the above problems. It does not overwrite files, and it does not update files in place - rather it writes a file first in a different place and then atomically hardlinks the file into its final place. Mailbox files, on the other hand, are usually overwritten, and they are updated in place. This almost works reliably, especially if you use dotlock files and turn off NFS attribute caching. Wietse
Re: Transport map lookup failures are fatal?
Seth Mattinen: Host or domain name not found. Name service error for name=mail.x.net type=A: Host found but no data record of requested type The DNS server reported that the destination has no MX record (RFC 5321 requires MX before A lookups) and that the destination has no A record. When the DNS server says that the destination has no record that is required for SMTP, then the mail is not deliverable due to a permanent error. So am I correct in assuming that any lookup failure (aside from DNS timed out) at the transport map stage will result in a fatal condition? Incorrect. The problem has nothing to do with transport maps. Wietse
Configurable replies for hardcoded REJECTS?
Wietse, a customer asked me to help them customize Postfix replies, so clients (better: users) can get a hint why their message is being rejected. The idea is to refer to an URL in the reply where (generic) verbose explanations on the reject reason can be found. Something along these lines: 5xx REJECT: See http://www.example.com/plaintext_reject_code I can customize replies for access(5) maps and for RBL maps. What I miss is a way to append text to the following rejects that currently only allow to set a code: access_map_reject_code defer_code invalid_hostname_reject_code multi_recipient_bounce_reject_code non_fqdn_reject_code plaintext_reject_code reject_code relay_domains_reject_code unknown_address_reject_code unknown_client_reject_code unknown_hostname_reject_code unknown_local_recipient_reject_code unknown_relay_recipient_reject_code unknown_virtual_alias_reject_code unknown_virtual_mailbox_reject_code unverified_recipient_reject_code unverified_sender_reject_code Did I miss something? If not, do you believe its worth to be added? (Of course not now while 2.6 is on its way and while other work ... and ...). p...@rick -- The Book of Postfix http://www.postfix-book.com saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
Re: Cluster of postfix
Melvyn Sopacua: On Friday 17 April 2009 01:23:20 Wietse Venema wrote: Juan Antonio Cuesta: Hello, i have two postfix servers, and when i have to do any change in virtual file or in aliases file i must to do the same change in the 2 servers. Can someone say me how can i do my job more confortable and only do one time. Instead of a local file, use LDAP or SQL (with replicated database). If other then performance, why replicated? Availability. Also, any technical objections against moving shared files into an nfs mounted directory and adjusting main.cf to look there? NFS is not suitable for write-sharing. It is OK only for sharing read-only files, or when there is a single writer who is also the sole reader. Wietse
Re: Masquerage issue
Victor Duchovni wrote: On Wed, Apr 15, 2009 at 01:36:44PM -0400, Shelley Waltz wrote: master.cf smtp inet n - n - - smtpd pickupfifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup # Amavisd-new Mail/Virus Scanning daemon smtp-amavis unix - - n - 4 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes Fine. -o disable_dns_lookups=yes -o max_use=20 I would leave these two out, the first is unnecessary, and the second is generally not beneficial. 127.0.0.1:10025 inet n - n - - smtpd -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= This looks OK, rewriting is not disabled. # postconf -n masquerade_domains = !master2.cabm.rutgers.edu !raven.cabm.rutgers.edu !heron.cabm.rutgers.edu cabm.rutgers.edu This looks OK, show unedited (consistent localpart mangling is OK, if you mangle consistently, DO NOT modify the domainpart) logging for a message that did not get masqueraded, and the envelope and headers as sent and as received. You never did mention which hostname failed to be masqueraded. max_use = 10 Generally not required. mydestination = $myhostname, localhost.$mydomain, nmrlab.$mydomain, $mydomain mydomain = cabm.rutgers.edu myhostname = roadrunner.cabm.rutgers.edu mynetworks = 192.76.178.0/24 128.6.56.128/25 127.0.0.0/8 myorigin = $mydomain This should be sufficient to masquerade the hosts under cabm.rutgers.edu that not (in or) the exception sub-domains. (mail for puma.cabm.rutgers.edu loops back to myself) (mail for buena.cabm.rutgers.edu loops back to myself) (mail for falcon.cabm.rutgers.edu loops back to myself) (mail for rhino.cabm.rutgers.edu loops back to myself) these are the ones which fail to masquerade. all have MX records which point to the smtp server roadrunner.cabm.rutgers.edu any ideas?
Re: Plus Addressing
On 4/16/2009 10:44 PM, Victor Duchovni wrote: On Thu, Apr 16, 2009 at 08:24:54PM -0700, Jeff Grossman wrote: I have set up recipient_delimiter = + so I could put a folder name in an e-mail address and have it automatically filtered for me. I am using mailbox_command = /usr/local/libexec/dovecot/deliver -n -m $EXTENSION as my mailbox_command. When the mail gets passed to deliver, the extension is lower case even if it originally started as uppercase. I asked on the Dovecot mailing list how I can convert it to uppercase for Deliver. Timo stated that Deliver does not do any case changing and that Postfix must be passing the variable in lower case. Is there a way for me to not have Postfix change the case? My folder names all start with a capital letter. Deliver cannot find the mailbox because folder does not equal Folder. Don't use mailbox_command, use mailbox_transport (assuming that in your case deliver can work acceptably running as a fixed pipe(8) user rather than as the recipient). The recipient extension in local(8) deliveries is converted to lower-case (the entire local-part is converted to lower-case, before the extension is extracted). Thanks for the information. The problem I have with that is all of my users are local system users. I don't think I can use mailbox_transport with local users only virtual users. It appears the only way I can do what I want is to switch to virtual users. Jeff
Re: Plus Addressing
On 4/17/2009 6:54 AM, Jeff Grossman wrote: On 4/16/2009 10:44 PM, Victor Duchovni wrote: On Thu, Apr 16, 2009 at 08:24:54PM -0700, Jeff Grossman wrote: I have set up recipient_delimiter = + so I could put a folder name in an e-mail address and have it automatically filtered for me. I am using mailbox_command = /usr/local/libexec/dovecot/deliver -n -m $EXTENSION as my mailbox_command. When the mail gets passed to deliver, the extension is lower case even if it originally started as uppercase. I asked on the Dovecot mailing list how I can convert it to uppercase for Deliver. Timo stated that Deliver does not do any case changing and that Postfix must be passing the variable in lower case. Is there a way for me to not have Postfix change the case? My folder names all start with a capital letter. Deliver cannot find the mailbox because folder does not equal Folder. Don't use mailbox_command, use mailbox_transport (assuming that in your case deliver can work acceptably running as a fixed pipe(8) user rather than as the recipient). The recipient extension in local(8) deliveries is converted to lower-case (the entire local-part is converted to lower-case, before the extension is extracted). Thanks for the information. The problem I have with that is all of my users are local system users. I don't think I can use mailbox_transport with local users only virtual users. It appears the only way I can do what I want is to switch to virtual users. Jeff One more thing I noticed today also. All messages which have the + in the e-mail are sent to Dovecot's Deliver twice. So, I receive the message twice in the folder. All other messages are only sent to Deliver once. Any idea what I have configured wrong for the message to be sent twice?
Re: Plus Addressing
Jeff Grossman wrote: On 4/16/2009 10:44 PM, Victor Duchovni wrote: On Thu, Apr 16, 2009 at 08:24:54PM -0700, Jeff Grossman wrote: I have set up recipient_delimiter = + so I could put a folder name in an e-mail address and have it automatically filtered for me. I am using mailbox_command = /usr/local/libexec/dovecot/deliver -n -m $EXTENSION as my mailbox_command. When the mail gets passed to deliver, the extension is lower case even if it originally started as uppercase. I asked on the Dovecot mailing list how I can convert it to uppercase for Deliver. Timo stated that Deliver does not do any case changing and that Postfix must be passing the variable in lower case. Is there a way for me to not have Postfix change the case? My folder names all start with a capital letter. Deliver cannot find the mailbox because folder does not equal Folder. Don't use mailbox_command, use mailbox_transport (assuming that in your case deliver can work acceptably running as a fixed pipe(8) user rather than as the recipient). The recipient extension in local(8) deliveries is converted to lower-case (the entire local-part is converted to lower-case, before the extension is extracted). Thanks for the information. The problem I have with that is all of my users are local system users. I don't think I can use mailbox_transport with local users only virtual users. It appears the only way I can do what I want is to switch to virtual users. You are confusing mailbox_transport and virtual_transport. See: http://www.postfix.org/postconf.5.html#mailbox_transport Brian
Re: Plus Addressing
On Fri, Apr 17, 2009 at 10:11:36AM -0400, Brian Evans - Postfix List wrote: Thanks for the information. The problem I have with that is all of my users are local system users. I don't think I can use mailbox_transport with local users only virtual users. It appears the only way I can do what I want is to switch to virtual users. You are confusing mailbox_transport and virtual_transport. See: http://www.postfix.org/postconf.5.html#mailbox_transport Perhaps, but not necessarily, the key issue is how the location and ownership of the mailboxes and how the IMAP server accesses them. One can use mailbox_transport with system users, but the mail will belong to the uid of the delivery agent, not the system user. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Masquerage issue
On Fri, Apr 17, 2009 at 09:22:00AM -0400, Shelley Waltz wrote: # postconf -n masquerade_domains = !master2.cabm.rutgers.edu !raven.cabm.rutgers.edu !heron.cabm.rutgers.edu cabm.rutgers.edu This looks OK, show unedited (consistent localpart mangling is OK, if you mangle consistently, DO NOT modify the domainpart) logging for a message that did not get masqueraded, and the envelope and headers as sent and as received. You never did mention which hostname failed to be masqueraded. mydestination = $myhostname, localhost.$mydomain, nmrlab.$mydomain, $mydomain mydomain = cabm.rutgers.edu myhostname = roadrunner.cabm.rutgers.edu mynetworks = 192.76.178.0/24 128.6.56.128/25 127.0.0.0/8 myorigin = $mydomain This should be sufficient to masquerade the hosts under cabm.rutgers.edu that not (in or) the exception sub-domains. (mail for puma.cabm.rutgers.edu loops back to myself) (mail for buena.cabm.rutgers.edu loops back to myself) (mail for falcon.cabm.rutgers.edu loops back to myself) (mail for rhino.cabm.rutgers.edu loops back to myself) This is not unedited logging. Show all logging for the queue-ids in question. these are the ones which fail to masquerade. all have MX records which point to the smtp server roadrunner.cabm.rutgers.edu -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Plus Addressing
Victor Duchovni: On Fri, Apr 17, 2009 at 10:11:36AM -0400, Brian Evans - Postfix List wrote: Thanks for the information. The problem I have with that is all of my users are local system users. I don't think I can use mailbox_transport with local users only virtual users. It appears the only way I can do what I want is to switch to virtual users. You are confusing mailbox_transport and virtual_transport. See: http://www.postfix.org/postconf.5.html#mailbox_transport Perhaps, but not necessarily, the key issue is how the location and ownership of the mailboxes and how the IMAP server accesses them. One can use mailbox_transport with system users, but the mail will belong to the uid of the delivery agent, not the system user. They could do mailbox_transport = virtual. Wietse
Re: Plus Addressing
On 4/17/2009 7:11 AM, Brian Evans - Postfix List wrote: Jeff Grossman wrote: On 4/16/2009 10:44 PM, Victor Duchovni wrote: On Thu, Apr 16, 2009 at 08:24:54PM -0700, Jeff Grossman wrote: I have set up recipient_delimiter = + so I could put a folder name in an e-mail address and have it automatically filtered for me. I am using mailbox_command = /usr/local/libexec/dovecot/deliver -n -m $EXTENSION as my mailbox_command. When the mail gets passed to deliver, the extension is lower case even if it originally started as uppercase. I asked on the Dovecot mailing list how I can convert it to uppercase for Deliver. Timo stated that Deliver does not do any case changing and that Postfix must be passing the variable in lower case. Is there a way for me to not have Postfix change the case? My folder names all start with a capital letter. Deliver cannot find the mailbox because folder does not equal Folder. Don't use mailbox_command, use mailbox_transport (assuming that in your case deliver can work acceptably running as a fixed pipe(8) user rather than as the recipient). The recipient extension in local(8) deliveries is converted to lower-case (the entire local-part is converted to lower-case, before the extension is extracted). Thanks for the information. The problem I have with that is all of my users are local system users. I don't think I can use mailbox_transport with local users only virtual users. It appears the only way I can do what I want is to switch to virtual users. You are confusing mailbox_transport and virtual_transport. See: http://www.postfix.org/postconf.5.html#mailbox_transport Brian Thanks for the help and information. I am going to see if I can figure out how to configure Dovecot to use mailbox_transport with system users. Jeff
Re: Masquerage issue
Victor Duchovni wrote: On Fri, Apr 17, 2009 at 09:22:00AM -0400, Shelley Waltz wrote: # postconf -n masquerade_domains = !master2.cabm.rutgers.edu !raven.cabm.rutgers.edu !heron.cabm.rutgers.edu cabm.rutgers.edu This looks OK, show unedited (consistent localpart mangling is OK, if you mangle consistently, DO NOT modify the domainpart) logging for a message that did not get masqueraded, and the envelope and headers as sent and as received. You never did mention which hostname failed to be masqueraded. mydestination = $myhostname, localhost.$mydomain, nmrlab.$mydomain, $mydomain mydomain = cabm.rutgers.edu myhostname = roadrunner.cabm.rutgers.edu mynetworks = 192.76.178.0/24 128.6.56.128/25 127.0.0.0/8 myorigin = $mydomain This should be sufficient to masquerade the hosts under cabm.rutgers.edu that not (in or) the exception sub-domains. (mail for puma.cabm.rutgers.edu loops back to myself) (mail for buena.cabm.rutgers.edu loops back to myself) (mail for falcon.cabm.rutgers.edu loops back to myself) (mail for rhino.cabm.rutgers.edu loops back to myself) This is not unedited logging. Show all logging for the queue-ids in question. messages in maillog look like this ... Apr 12 05:25:21 roadrunner postfix/smtp[10809]: B7D9311D8008: to=r...@buena.cabm.rutgers.edu, relay=none, delay=43453, delays=43453/0.01/0/0, dsn=4.4.6, status=SOFTBOUNCE (mail for buena.cabm.rutgers.edu loops back to myself)
Re: Plus Addressing
On Fri, Apr 17, 2009 at 11:13:59AM -0400, Wietse Venema wrote: Victor Duchovni: On Fri, Apr 17, 2009 at 10:11:36AM -0400, Brian Evans - Postfix List wrote: Thanks for the information. The problem I have with that is all of my users are local system users. I don't think I can use mailbox_transport with local users only virtual users. It appears the only way I can do what I want is to switch to virtual users. You are confusing mailbox_transport and virtual_transport. See: http://www.postfix.org/postconf.5.html#mailbox_transport Perhaps, but not necessarily, the key issue is how the location and ownership of the mailboxes and how the IMAP server accesses them. One can use mailbox_transport with system users, but the mail will belong to the uid of the delivery agent, not the system user. They could do mailbox_transport = virtual. Yes, but the whole point at the start of the thread was Dovecot delivery to extension-based folders... I am however puzzled by the local(8) documentation update in the 20060202 snapshot: Index: postfix/src/local/local.c diff -u postfix/src/local/local.c:1.1.1.12 postfix/src/local/local.c:1.1.1.13 --- postfix/src/local/local.c:1.1.1.12 Sun Jan 22 21:23:33 2006 +++ postfix/src/local/local.c Thu Feb 9 03:04:06 2006 @@ -18,6 +18,12 @@ /* be tried again at a later time. Delivery status reports are sent /* to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as /* appropriate. +/* CASE FOLDING +/* .ad +/* .fi +/* All delivery decisions are made using the bare recipient +/* name (i.e. the address localpart), folded to lower case. +/* See also under ADDRESS EXTENSION below for a few exceptions. /* SYSTEM-WIDE AND USER-LEVEL ALIASING /* .ad /* .fi There is no text under ADDRESS EXTESION about case folding, and there don't seem to be any exceptions to that. Was this a feature that never got completed? Or the are these exceptions to using the whole local part, rather than exceptions to folding the case? -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Plus Addressing
On Fri, Apr 17, 2009 at 08:16:17AM -0700, Jeff Grossman wrote: Thanks for the help and information. I am going to see if I can figure out how to configure Dovecot to use mailbox_transport with system users. Works here for Cyrus IMAP. The key question is who owns the mailboxes, and how does Dovecot access them. These have to match-up. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Configurable replies for hardcoded REJECTS?
Patrick Ben Koetter: Wietse, a customer asked me to help them customize Postfix replies, so clients (better: users) can get a hint why their message is being rejected. The idea is to refer to an URL in the reply where (generic) verbose explanations on the reject reason can be found. Something along these lines: 5xx REJECT: See http://www.example.com/plaintext_reject_code I can customize replies for access(5) maps and for RBL maps. What I miss is a way to append text to the following rejects that currently only allow to set a code: access_map_reject_code defer_code invalid_hostname_reject_code multi_recipient_bounce_reject_code non_fqdn_reject_code plaintext_reject_code reject_code relay_domains_reject_code unknown_address_reject_code unknown_client_reject_code unknown_hostname_reject_code unknown_local_recipient_reject_code unknown_relay_recipient_reject_code unknown_virtual_alias_reject_code unknown_virtual_mailbox_reject_code unverified_recipient_reject_code unverified_sender_reject_code Did I miss something? If not, do you believe its worth to be added? (Of course not now while 2.6 is on its way and while other work ... and ...). If it isn't documented, then you cannot use it. I don't think it is a good idea to tweak each individual reject message. It makes perhaps more sense to append the same for support please (call xxx|see http://mumble/) text to all reject messages. Of couse no-one ever reads such text, so it is mainly CYA stuff. This text woud have to be spliced into the output stream in function smtpd_chat_reply(). Couple hours work for implementing testing, documenting, making sure it handles 421 and 521 replies, etc., and making sure that nothing calls smtpd_chat_reply() multiple times for one reply, and considering what happens with Simon's multiple replies patch. Wietse
Re: Plus Addressing
Victor Duchovni: On Fri, Apr 17, 2009 at 11:13:59AM -0400, Wietse Venema wrote: Victor Duchovni: On Fri, Apr 17, 2009 at 10:11:36AM -0400, Brian Evans - Postfix List wrote: Thanks for the information. The problem I have with that is all of my users are local system users. I don't think I can use mailbox_transport with local users only virtual users. It appears the only way I can do what I want is to switch to virtual users. You are confusing mailbox_transport and virtual_transport. See: http://www.postfix.org/postconf.5.html#mailbox_transport Perhaps, but not necessarily, the key issue is how the location and ownership of the mailboxes and how the IMAP server accesses them. One can use mailbox_transport with system users, but the mail will belong to the uid of the delivery agent, not the system user. They could do mailbox_transport = virtual. Yes, but the whole point at the start of the thread was Dovecot delivery to extension-based folders... I am however puzzled by the local(8) documentation update in the 20060202 snapshot: Postfix local() folds all text to the left of the right-most @. This won't change until pipe(8)-like functionality is put into every delivery agent. I don't want multiple copies of code doing similar things. Wietse
Re: Masquerage issue
On Fri, Apr 17, 2009 at 11:26:50AM -0400, Shelley Waltz wrote: Apr 12 05:25:21 roadrunner postfix/smtp[10809]: B7D9311D8008: to=r...@buena.cabm.rutgers.edu, relay=none, delay=43453, delays=43453/0.01/0/0, dsn=4.4.6, status=SOFTBOUNCE (mail for buena.cabm.rutgers.edu loops back to myself) Masquerading is not applied to envelope recipients. The default setting is: masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = The solution is to list root in the virtual alias table, when the domain is $myorigin or listed in $mydestination (or see docs) the bare username is used as a lookup key in virtual(5). On null-client systems, I don't rely on masquerading, instead I set $myorigin to the desired domain. See, for example, http://www.postfix.org/MULTI_INSTANCE_README.html#quick -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Configurable replies for hardcoded REJECTS?
* Wietse Venema postfix-users@postfix.org: a customer asked me to help them customize Postfix replies, so clients (better: users) can get a hint why their message is being rejected. The idea is to refer to an URL in the reply where (generic) verbose explanations on the reject reason can be found. Something along these lines: 5xx REJECT: See http://www.example.com/plaintext_reject_code I can customize replies for access(5) maps and for RBL maps. What I miss is a way to append text to the following rejects that currently only allow to set a code: access_map_reject_code defer_code invalid_hostname_reject_code multi_recipient_bounce_reject_code non_fqdn_reject_code plaintext_reject_code reject_code relay_domains_reject_code unknown_address_reject_code unknown_client_reject_code unknown_hostname_reject_code unknown_local_recipient_reject_code unknown_relay_recipient_reject_code unknown_virtual_alias_reject_code unknown_virtual_mailbox_reject_code unverified_recipient_reject_code unverified_sender_reject_code Did I miss something? If not, do you believe its worth to be added? (Of course not now while 2.6 is on its way and while other work ... and ...). If it isn't documented, then you cannot use it. I knew you were going to say that... I don't think it is a good idea to tweak each individual reject message. It makes perhaps more sense to append the same for support please (call xxx|see http://mumble/) text to all reject messages. Of couse no-one ever reads such text, so it is mainly CYA stuff. I agree on the end users, but think it would be helpful to postmasters (at least it was to me). AOL uses something like this when they block you. As a postmaster this was helpful to me figuring out what had gone wrong on a customers machine. This text woud have to be spliced into the output stream in function smtpd_chat_reply(). Couple hours work for implementing testing, documenting, making sure it handles 421 and 521 replies, etc., and making sure that nothing calls smtpd_chat_reply() multiple times for one reply, and considering what happens with Simon's multiple replies patch. Yeah, I thought so (concering the time and efforts it would take). Sounds like low priority to me at the moment. Thanks, p...@rick -- The Book of Postfix http://www.postfix-book.com saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
Re: Plus Addressing
Jeff, One more thing I noticed today also. All messages which have the + in the e-mail are sent to Dovecot's Deliver twice. So, I receive the message twice in the folder. All other messages are only sent to Deliver once. Any idea what I have configured wrong for the message to be sent twice? It probably has to do with where you implemented recipient_bcc_maps, along with a post-queue content filter which sends a checked message back to Postfix for delivery - so recipient_bcc_maps could be invoked twice. Mark
Re: Cluster of postfix
On Friday 17 April 2009 14:01:07 Wietse Venema wrote: Wietse Venema: Melvyn Sopacua: On Friday 17 April 2009 01:23:20 Wietse Venema wrote: snip replication Also, any technical objections against moving shared files into an nfs mounted directory and adjusting main.cf to look there? NFS is not suitable for write-sharing. It is OK only for sharing read-only files, or when there is a single writer who is also the sole reader. In case this gets mis-interpreted: I was talking about NFS sharing files that are overwritten, or that are updated in place. Maildir does not have the above problems. It does not overwrite files, and it does not update files in place - rather it writes a file first in a different place and then atomically hardlinks the file into its final place. Mailbox files, on the other hand, are usually overwritten, and they are updated in place. This almost works reliably, especially if you use dotlock files and turn off NFS attribute caching. And I was talking about OP's case of sharing configuration files. I do a lot more with nfs, where multiple machines can write to the same file. As long as I do it in sequence, the other ones will see the changes. Two people editing the same file falls into shooting yourself in the foot category and is not specific to NFS or even two different machines. My concern was more with the machine where postmap is /not/ run, whether it will pick up the changes in a timely fashion. From my experience with FreeBSD nfs, I would say so, but maybe there are implementations that lie/cache stat information. I've inherited a similar setup with two incoming mailhubs in a round-robin, where sharing mostly static config files would save me some work, hence my interest. -- Melvyn Sopacua
Re: Cluster of postfix
On Fri, Apr 17, 2009 at 06:11:24PM +0200, Melvyn Sopacua wrote: Mailbox files, on the other hand, are usually overwritten, and they are updated in place. This almost works reliably, especially if you use dotlock files and turn off NFS attribute caching. And I was talking about OP's case of sharing configuration files. I do a lot more with nfs, where multiple machines can write to the same file. As long as I do it in sequence, the other ones will see the changes. Two people editing the same file falls into shooting yourself in the foot category and is not specific to NFS or even two different machines. It is IMHO much more sensible to push config files from a central machine where the configs are kept under revision control in CVS, SVN, ... than to share configs (and indexed tables) via NFS. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Plus Addressing
On 4/17/2009 9:08 AM, Mark Martinec wrote: Jeff, One more thing I noticed today also. All messages which have the + in the e-mail are sent to Dovecot's Deliver twice. So, I receive the message twice in the folder. All other messages are only sent to Deliver once. Any idea what I have configured wrong for the message to be sent twice? It probably has to do with where you implemented recipient_bcc_maps, along with a post-queue content filter which sends a checked message back to Postfix for delivery - so recipient_bcc_maps could be invoked twice. Mark Aw, that makes sense. I have Amavis configured. I must have done something wrong with that. Here is a copy of my master.cf file. Would you be able to tell me what I have set wrong? # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: man 5 master). # # Do not forget to execute postfix reload after editing this file. # # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - n - - smtpd -o receive_override_options=no_address_mappings submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickupfifo n - n 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgrunix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounceunix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verifyunix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scacheunix - - n - 1 scache smtp-amavis unix- - n - 4 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 -o smtp_tls_note_starttls_offer=no 127.0.0.1:10025 inet n- n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients=
GNU mailutils maidag with postfix
Hi, I am using Postfix with the virtual agent to deliver to Maildirs for LDAP users. We use Courier IMAP to pick up mail. This all works fine, but I would like to provide Sieve for users. I have been looking at maidag (http://www.gnu.org/software/mailutils/manual/html_node/maidag.html). Would it be reasonable to use 'pipe' and pass mail for delivery to maidag instead of 'virtual'? I'm interested to note that I can find no references to maidag being used with Postfix. Can anybody foresee problems with this? In particular I am wondering if there are any subtle differences between the Maildir format used by Postfix's virtual (which I suspect uses standard Maildir since it doesn't appear to have a use for folders), Courier (which seems to use 'Maildir++') and maidaig (which presumably must have some form of extension if it is delivering mail into folders). Could this preclude all 3 programs using the same Maildirs? I am also wondering if there is an unreasonable overhead involved. pipe will have to spawn maidag for each Maildir; is this reasonable? I am unable to determine if virtual has to do the same thing. Grepping my logs I see virtual seems to deliver multiple mails using a single PID, however virtual(8) shows that it can use a range of UIDs, which I assume requires multiple processes(since virtual is not running as root)? Thanks for any help, Ian -- === Ian Crowther Tel: +44 845 4501626 Unit 108, 10th Avenue, IT Dept, ComtekFax: +44 845 4501627 Zone 3, Deeside Industrial Network Systems UK Ltd Park, CH5 2UA, Flintshire ===
Re: Cluster of postfix
On Friday 17 April 2009 18:16:01 Victor Duchovni wrote: On Fri, Apr 17, 2009 at 06:11:24PM +0200, Melvyn Sopacua wrote: Mailbox files, on the other hand, are usually overwritten, and they are updated in place. This almost works reliably, especially if you use dotlock files and turn off NFS attribute caching. And I was talking about OP's case of sharing configuration files. I do a lot more with nfs, where multiple machines can write to the same file. As long as I do it in sequence, the other ones will see the changes. Two people editing the same file falls into shooting yourself in the foot category and is not specific to NFS or even two different machines. It is IMHO much more sensible to push config files from a central machine where the configs are kept under revision control in CVS, SVN, ... than to share configs (and indexed tables) via NFS. I'm looking to save work, not add more or replace one with the other. Plus I have ZFS snapshots [1]. Either way, as long as I keep bdb libraries in sync on the machines, my initial tests show this is working as I expected. Now I'll just sit and wait for the corner cases where it won't work, but can't think of any. ;) [1] http://people.freebsd.org/~pjd/misc/zfs/zfs_snapshot.swf -- Melvyn Sopacua
Re: GNU mailutils maidag with postfix
i...@comtek.co.uk: I am also wondering if there is an unreasonable overhead involved. pipe will have to spawn maidag for each Maildir; is this reasonable? Postfix reuses a proces for multiple deliveries. You can also reuse non-Postfix delivery processes with systems that use the LMTP protocol instead of pipe-to-command. Wietse
Re: GNU mailutils maidag with postfix
2009/4/18 i...@comtek.co.uk i...@comtek.co.uk: I can't answer all your questions, but... Would it be reasonable to use 'pipe' and pass mail for delivery to maidag instead of 'virtual'? I'm interested to note that I can find no references to maidag being used with Postfix. Can anybody foresee problems with this? Sure, you can almost certainly do that. The Dovecot IMAP/POP server also includes a delivery agent which is quite popular, and it works similarly, by adding an entry to master.cf as a pipe service (there may be other possibilities, I'm not sure). In particular I am wondering if there are any subtle differences between the Maildir format used by Postfix's virtual (which I suspect uses standard Maildir since it doesn't appear to have a use for folders), Courier (which seems to use 'Maildir++') and maidaig (which presumably must have some form of extension if it is delivering mail into folders). Could this preclude all 3 programs using the same Maildirs? Postfix can deliver to Maildir or mbox just fine. Wikipedia tells me maildir++ is a compatible violation of the maildir standard, so maybe maidag can deliver to maildir++ as well.
Re: Configurable replies for hardcoded REJECTS?
* Wietse Venema wie...@porcupine.org: I don't think it is a good idea to tweak each individual reject message. It makes perhaps more sense to append the same for support please (call xxx|see http://mumble/) text to all reject messages. That was my proposal when he called me. Of couse no-one ever reads such text, so it is mainly CYA stuff. I can confirm that :) -- Ralf Hildebrandt Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.computerbeschimpfung.de When asked68% of corporate execs said a corporation Who owns the Internet?: 23% said it was Microsoft 98% of 6th graders said: no one.
Re: GNU mailutils maidag with postfix
* i...@comtek.co.uk i...@comtek.co.uk: Hi, I am using Postfix with the virtual agent to deliver to Maildirs for LDAP users. We use Courier IMAP to pick up mail. This all works fine, but I would like to provide Sieve for users. I have been looking at maidag (http://www.gnu.org/software/mailutils/manual/html_node/maidag.html). Why not use dovecot instead? That way you have it all. -- Ralf Hildebrandt Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.computerbeschimpfung.de Deutschland: Kein Weltraum links auf dem Geraet. Pfeife zerbrochen.
Re: postfix for LAN - remote mail server
On 17-Apr-2009, at 05:00, Barney Desmond wrote:
2009/4/17 LuKreme krem...@kreme.com:
What I want to do is to have users
on the LAN send emails to other users on the LAN
(u...@example.local) and
have those email addresses mapped to specific addresses on the
remote server
(f...@example.com, served by mail.example.com).
I do not want the users to be able to send mail via example.local
to any
other users but those that I have mapped, and I do not want to
accept any
mail from outside the LAN for u...@example.local, but might want
accept mail
for local users if they are sent to the outward facing rdns for the
machine
(say u...@subdomain.example.com).
Would hosting example.local as a virtual alias domain do the job?
Probably. At least insofar as mapping the local recipients to remote
addresses, but that is only part of the setup.
Assuming no other configuration, postfix will accept mail locally for
$mydestination, and for virtual_alias_domains. Then just list the
acceptable recipients in virtual_alias_maps.
These requirements of may/may-not send to arbitrary-domain.com
depending on the connecting interface sound troublesome, but I'm sure
someone here has a solution.
Well, that's not quite it. The issue is not simply that I don't want
SMTP connections out of this LAN to servers other than the
mail.example.com server (that is dealt with with relayhost, iirc) but
that no outbound mail should be accepted unless it's in the map for
delivery at mail.example.com. That is, mail originating inside the LAN
to arbitrary-domain.tld would always be rejected. Of course, this only
applies for messages that are sent via the example.local postfix
instance. Messages sent directly to mail.example.com would not be
affected. All I am concerned with here is making sure that the
example.local server will never connect to any other mailserver but
mail.example.com and that it will only do so for the specific
addresses in its map.
Mail from outside that is addressed to 'u...@example.local' should be
rejected, but mail addressed to 'u...@subdomain.example.com' ... well,
that one is not crucial at all, so let's ignore that for now.
Let's just say that this postfix should not accept any mail from
remote servers or clients, only from connections that come from inside
the LAN, and only if they are to AND FROM users in the maps.
{ From u...@example.local, RCPT-TO ot...@example.local } - OSX w/
postfix - mail.example.com
would be the ONLY acceptable path for a mail message and all messages
FROM and TO @example.local would terminate at mail.example.com.
I fear that in explaining I'v over-explained and confused the issue.
--
Eyes the shady night has shut/Cannot see the record cut And silence
sounds no worse than cheers/After earth has stopped the ears.
Re: mailserver with dynamic IP and relayhost
svoop a écrit : Hi My mailserver (mail.bitcetera.com) is behind a router that gets a dynamic IP (87.221.120.44) from the ISP. In order to prevent outgoing mail from being considered spam due to the dynamic IP, I've configured the ISP's mailserver as relayhost. Unfortunately, Yahoo still throws my mails in the spam folder. I've tried using the generic DN for the dynamic IP (44.120.221.87.dynamic.jazztel.es) as myhostname, but that doesn't help. Any idea why and what I could do to prevent this? Here are the headers of a mail to Yahoo: [snip] there's not much you can do. try marking the messages as not spam in yahoo and you'll see things improve for the test account. but this won't help for other recipients. you'll have to ask some yahoo recipients to do the same and ... pray.
Re: Question regarding SPF
Kammen van, Marco, Springer SBM NL a écrit : Hi All, We recently took over a company that used SPF. Because our e-mail infra is way more complicated than theirs and we have tons of external parties who send mails using our domains, we decided long ago not to use SPF. Now they say that %5 of their mailings don’t arrive at customers anymore, and say this is because we removed their SPF records.. it may be simply because their mail is getting out from new IPs. you can do a test by setting up SPF and trying... in short, if the IPs they used to send from have acquired some reputation, then sending via new IPs will lose that reputation. I’m no expert on SPF but as far as I understand it only checks if a sender is ‘allowed’ to send using that domain, so no relation what so ever on dropping mail from parties that don’t use SPF… in theory, yes. but... Or am I missing something?
