Re: Many SQL Lookups on outbounding mails
On Thu, 2009-07-23 at 13:50 +1000, Barney Desmond wrote: You need to ask yourself if this is a real problem, or something you're just imagining. Mysql generally works fine, 50,000 messages a day at 12 queries each, equates to several queries per second. This is an easy load. That is a comfort to know. My main concern was this hammering was not optimal, but it is welcome to make as many queries as it likes if it does not crash the database server. Perhaps Postgresql would be a bit more manly ? but slower ? If you're concerned, then disable the parent domain searching as mentioned before. Forgive my sincere stupidness, but I did not see where it said 'do this to disable parent domain searching'. I would like to do this and see if it makes a difference. What do I need to take out/add to do this ? If you're worried about mysql's stability then you probably shouldn't be using it. Using a database as a table backend carries its own share of risks and failure cases. It is not ideal to use it but it makes it easy to write web front ends for management. I could script the generation of index postmaps from the database but will this scale well? How big can the postmaps be before it gets a little crazy? 100 lines? 1000 lines? 10,000 lines? 100,000 lines? I cannot find any figures to say at which point it is best to cross over ? This would be very useful and help me make an informed choice. I notice in your postconf output that you're not using proxymap with mysql. This is generally recommended: http://www.postfix.org/MYSQL_README.html (notes on client connections) Thank you. I have looked at this and taken your notes on board. http://www.postfix.org/proxymap.8.html (specific proxy:mysql example) And this also. I don't think there is any major benefit being sold to me here for using a proxy map and I am wondering if this will introduce a small amount of latency perhaps? But I wont kick the gifted horse and I will try this today - thank you Sir. -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
aliases forwarding on local subnetl DMZ
I have two mailservers behind a firewall and they are on the same subnet e.g. A: @test.sk 192.168.1.5 B: @test.eu 192.168.1.6 MX records in DNS on internet are e.g. A: @test.sk 194.1.1.5 B: @test.eu 194.1.1.6 On the A server I have setup aliases file to forward mails to server B, but it is not working. I guess, that when server A forwards mails to server B, it reads MX record for server B from DNS and sees its internet address 194.1.1.6. But they are behind the firewall, and they have local addresses 192.168.1.x. How can I tell the server A not to use MX record from DNS when forwarding emails to server B (@test.eu) and instead to use its local IP address for the B server? I cannot just relay emails from the server A to B, becouse I have to rewrite the users part of email address. As well, I tried to modify email address in aliases file to format: u...@192.168.1.6 instead of u...@test.eu, but I have received error bad recipient address syntax. Thank you for any easy solution, Peter Macko
Re: postfix strip ??? (highbit chars)
Benny Pedersen wrote: On Thu, July 23, 2009 01:00, Noel Jones wrote: Did you run postfix reload? yes Do you have postfix 2.3 or later? 2.5.7 Show evidence. postconf -n output, contents of your message, etc. do i really have to :/ If you ask for help and can't figure it out on your own, be prepared to give up information to help solve the problem you might consider secret. Or don't ask for help. ~Seth
Re: Many SQL Lookups on outbounding mails
2009/7/23 Clunk Werclick clunk.wercl...@wibblywobblyteapot.co.uk: That is a comfort to know. My main concern was this hammering was not optimal, but it is welcome to make as many queries as it likes if it does not crash the database server. Perhaps Postgresql would be a bit more manly ? but slower ? Realistically you shouldn't notice a difference, but every system will be different, and between those two it'll depend somewhat on tuning as well. to disable parent domain searching'. I would like to do this and see if it makes a difference. What do I need to take out/add to do this ? You can do this in main.cf, I believe you just set an empty value. http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains Something like: parent_domain_matches_subdomains = It is not ideal to use it but it makes it easy to write web front ends for management. I could script the generation of index postmaps from the database but will this scale well? How big can the postmaps be before it gets a little crazy? 100 lines? 1000 lines? 10,000 lines? 100,000 lines? I cannot find any figures to say at which point it is best to cross over ? This would be very useful and help me make an informed choice. Anecdotally, hash-based tables are very fast. CDB tables are said to perform well at least up to a million entries. http://www.postfix.org/DATABASE_README.html#types And this also. I don't think there is any major benefit being sold to me here for using a proxy map and I am wondering if this will introduce a small amount of latency perhaps? It's true that there's some latency involved, but the benefit it gives is that it consolidates the number of open connections to the database. This is a fairly common problem on setups with mysql when the system gets busy - it will open a lot of separate connections, and this can hit the configured limits, which causes things to fail (postfix can't connect to the database, so lookups fail). There are some (specific) lookup types that can't take proper advantage of proxymap, so they get handled correctly and silently (bypassing the proxymap service). There was some discussion about this a little while ago, but the outcome was that the potential performance gain of not using proxymap when it's not needed was low, so you might as well always use it. Of course, the best way to know is to try it for yourself. :)
Re: Many SQL Lookups on outbounding mails
Clunk Werclick wrote: On Thu, 2009-07-23 at 13:50 +1000, Barney Desmond wrote: You need to ask yourself if this is a real problem, or something you're just imagining. Mysql generally works fine, 50,000 messages a day at 12 queries each, equates to several queries per second. This is an easy load. That is a comfort to know. My main concern was this hammering was not optimal, but it is welcome to make as many queries as it likes if it does not crash the database server. Perhaps Postgresql would be a bit more manly ? but slower ? You'll probably not note a difference. I guess MySQL will allow you to connnect() faster if using a local socket. However you should always use proxy_read_maps - so connect()-times are not so relevant. I gave a quick look at the server statistics of our MySQL instance providing Postix and Amavis config (not used as Amavis storage etc, its only purpose is providing configuration): DB uptime 250 days with an average of 300 queries per second (our reports are showing peeks of slightly more than 6 million delivery attempts a day). We are using multiple servers, but that's mostly as of disaster recovery and failover reasons - you could handle similar traffic also on a single host (using recent server hardware). A certain percentage of queries could of course be avoided if Postfix where optimized for DB usage. As we know it isn't - this design choice however keeps it flexible and simple. Best regards, Thomas Gelf
Re: Many SQL Lookups on outbounding mails
On Thu, 2009-07-23 at 18:47 +1000, Barney Desmond wrote: From: Barney Desmond barneydesm...@gmail.com To: postfix users list postfix-users@postfix.org Subject: Re: Many SQL Lookups on outbounding mails Date: Thu, 23 Jul 2009 18:47:54 +1000 (09:47 BST) 2009/7/23 Clunk Werclick clunk.wercl...@wibblywobblyteapot.co.uk: That is a comfort to know. My main concern was this hammering was not optimal, but it is welcome to make as many queries as it likes if it does not crash the database server. Perhaps Postgresql would be a bit more manly ? but slower ? Realistically you shouldn't notice a difference, but every system will be different, and between those two it'll depend somewhat on tuning as well. to disable parent domain searching'. I would like to do this and see if it makes a difference. What do I need to take out/add to do this ? You can do this in main.cf, I believe you just set an empty value. http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains Something like: parent_domain_matches_subdomains = OK, done and reload but I'm still finding this (see below). What is weird is the lookups it does based on the mail_from command. It's recursing those in the database for a reason I am not sure I fully understand? I understand why it do this for rcpt_to, makes full sense to me, but for the sender also? Anecdotally, hash-based tables are very fast. CDB tables are said to perform well at least up to a million entries. http://www.postfix.org/DATABASE_README.html#types That scales well and I will re-engineer what I am doing to take advantage of that. There seems little useful point to use SQL for anything other than as a holding container that is used to generate maps if these figures are correct. {in my context at least} {trim} a little while ago, but the outcome was that the potential performance gain of not using proxymap when it's not needed was low, so you might as well always use it. This is in my to be doing list and I thank you Sir. After making single change suggestted and reload A single test message by telnet where; mail from: user...@yahoo.co.uk rcpt to: t...@destination.co.uk generated a lot of lookups for the 'mail from' command ? 803 Connect postfi...@localhost on mndb 803 Query SELECT transport FROM transport WHERE destination='*' 803 Query SELECT transport FROM transport WHERE destination='*' 804 Connect postfi...@localhost on mndb 804 Query SELECT virtual_user_email FROM recipients WHERE alias='yahoo.co.uk' 805 Connect postfi...@localhost on mndb 805 Query SELECT domain FROM domains WHERE domain='yahoo.co.uk' AND local=1 806 Connect postfi...@localhost on mndb 806 Query SELECT domain FROM domains WHERE domain='yahoo.co.uk' AND local=0 806 Query SELECT domain FROM domains WHERE domain='.co.uk' AND local=0 806 Query SELECT domain FROM domains WHERE domain='.uk' AND local=0 803 Query SELECT transport FROM transport WHERE destination='user...@yahoo.co.uk' 803 Query SELECT transport FROM transport WHERE destination='yahoo.co.uk' 803 Query SELECT transport FROM transport WHERE destination='.co.uk' 803 Query SELECT transport FROM transport WHERE destination='.uk' 090723 10:18:07 804 Query SELECT virtual_user_email FROM recipients WHERE alias='destination.co.uk' 805 Query SELECT domain FROM domains WHERE domain='destination.co.uk' AND local=1 806 Query SELECT domain FROM domains WHERE domain='destination.co.uk' AND local=0 803 Query SELECT transport FROM transport WHERE destination='t...@destination.co.uk' 803 Query SELECT transport FROM transport WHERE destination='destination.co.uk' 807 Connect postfi...@localhost on mndb 807 Query SELECT virtual_user_email FROM recipients WHERE alias='t...@destination.co.uk' 807 Query SELECT virtual_user_email FROM recipients WHERE alias='@destination.co.uk' 808 Connect postfi...@localhost on mndb 808 Query SELECT virtual_user_email FROM recipients WHERE alias='t...@destination.co.uk' 808 Query SELECT virtual_user_email FROM recipients WHERE alias='@destination.co.uk' 808 Query SELECT virtual_user_email FROM recipients WHERE alias='postmas...@destination.co.uk' 808 Query SELECT virtual_user_email FROM recipients WHERE alias='@destination.co.uk' 090723 10:18:21 804 Query SELECT virtual_user_email FROM recipients WHERE alias='destination.co.uk' 805 Query SELECT domain FROM domains WHERE domain='destination.co.uk' AND local=1 806 Query SELECT domain FROM domains WHERE domain='destination.co.uk' AND local=0 803 Query SELECT transport FROM transport WHERE destination='postmas...@destination.co.uk' 803 Query SELECT transport FROM transport WHERE destination='destination.co.uk' I
Re: Many SQL Lookups on outbounding mails
On Thu, 2009-07-23 at 11:24 +0200, Thomas Gelf wrote: Clunk Werclick wrote: On Thu, 2009-07-23 at 13:50 +1000, Barney Desmond wrote: You need to ask yourself if this is a real problem, or something you're just imagining. Mysql generally works fine, 50,000 messages a day at 12 queries each, equates to several queries per second. This is an easy load. That is a comfort to know. My main concern was this hammering was not optimal, but it is welcome to make as many queries as it likes if it does not crash the database server. Perhaps Postgresql would be a bit more manly ? but slower ? You'll probably not note a difference. I guess MySQL will allow you to connnect() faster if using a local socket. However you should always use proxy_read_maps - so connect()-times are not so relevant. I gave a quick look at the server statistics of our MySQL instance providing Postix and Amavis config (not used as Amavis storage etc, its only purpose is providing configuration): DB uptime 250 days with an average of 300 queries per second (our reports are showing peeks of slightly more than 6 million delivery attempts a day). That is very reassuring Thomas, thank you. Now I don't know if I should stay with SQL or drop to maps ? It is easier to configure with SQL from a web based front end - but to get SQL to dump to flat files and Postmap is also only a few Perl lines. What is a fool to do ? :-# We are using multiple servers, but that's mostly as of disaster recovery and failover reasons - you could handle similar traffic also on a single host (using recent server hardware). A certain percentage of queries could of course be avoided if Postfix where optimized for DB usage. As we know it isn't - this design choice however keeps it flexible and simple. Best regards, Thomas Gelf -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: Many SQL Lookups on outbounding mails
Clunk Werclick wrote: That is very reassuring Thomas, thank you. Now I don't know if I should stay with SQL or drop to maps ? It is easier to configure with SQL from a web based front end - but to get SQL to dump to flat files and Postmap is also only a few Perl lines. What is a fool to do ? :-# If you're comfortable with SQL: stay with SQL. Load should absolutely not be an issue with your estimated traffic - and even if I could tell some scary anecdotes regarding MySQL: it is pretty stable. Please also note that all my Postfix instances are using TCP, not local sockets. And it still performs very well! Dump to flat files is an option, but I don't see any reason why you should do so: it just adds one more layer of complexity to your system. If you're writing an SQL frontend you have all config right there in realtime, are not forced to reflect about possible locking issues (what happens if you run your recreate-flat-files-script simultaneously more than once etc) - and if you add another Postfix host in the future all you need to do is providing it some credentials to connect to your DB. Regards, Thomas
Re: Many SQL Lookups on outbounding mails
On Thu, 2009-07-23 at 11:57 +0200, Thomas Gelf wrote: Clunk Werclick wrote: That is very reassuring Thomas, thank you. Now I don't know if I should stay with SQL or drop to maps ? It is easier to configure with SQL from a web based front end - but to get SQL to dump to flat files and Postmap is also only a few Perl lines. What is a fool to do ? :-# If you're comfortable with SQL: stay with SQL. Load should absolutely not be an issue with your estimated traffic - and even if I could tell some scary anecdotes regarding MySQL: it is pretty stable. Please also note that all my Postfix instances are using TCP, not local sockets. And it still performs very well! Dump to flat files is an option, but I don't see any reason why you should do so: it just adds one more layer of complexity to your system. If you're writing an SQL frontend you have all config right there in realtime, are not forced to reflect about possible locking issues (what happens if you run your recreate-flat-files-script simultaneously more than once etc) - and if you add another Postfix host in the future all you need to do is providing it some credentials to connect to your DB. Regards, Thomas Thank you Thomas. I stick with Mysql and worry if I ever have to set up a server so big it fails. If that happens I have lots of £$£ and pay someone else to do it whilst I sit on beach sipping wine. I have now got proxy working on the maps too, so that is off my to be do list. Now I fight the recipient verification process for many many domains hosted on one Postfix - but that is a new adventure. -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: postfix strip ??? (highbit chars)
Benny Pedersen: On Thu, July 23, 2009 02:29, Sahil Tandon wrote: On Jul 22, 2009, at 7:28 PM, Benny Pedersen m...@junc.org wrote: On Thu, July 23, 2009 01:07, Sahil Tandon wrote: % postconf message_strip_charters postconf: warning: message_strip_charters: unknown parameter be more helpfull then critize my spellings I did not know it was a misspelling. How could I? Next time follow DEBUG_README an paste 'postconf -n'. I'm done with this thread. so i waste my time reply :( postconf -e 'message_strip_characters = \346' postfix reload still no strip in postfix is done :/ Show 'postconf -n' command output. Wietse
Re: Many SQL Lookups on outbounding mails
Clunk Werclick wrote: Thank you Thomas. I stick with Mysql and worry if I ever have to set up a server so big it fails. If that happens I have lots of £$£ and pay someone else to do it whilst I sit on beach sipping wine. Once that happens: let me know! I'll join you at the beach and configure your servers remotely. Of course it's up to you to pay for drinks and UTMS traffic ;-) I have now got proxy working on the maps too, so that is off my to be do list. Congratulations! Now I fight the recipient verification process for many many domains hosted on one Postfix - but that is a new adventure. Have fun ;-) Cheers, Thomas
Re: postfix strip ??? (highbit chars)
On Thu, 23 Jul 2009, Wietse Venema wrote: Benny Pedersen: On Thu, July 23, 2009 02:29, Sahil Tandon wrote: On Jul 22, 2009, at 7:28 PM, Benny Pedersen m...@junc.org wrote: On Thu, July 23, 2009 01:07, Sahil Tandon wrote: % postconf message_strip_charters postconf: warning: message_strip_charters: unknown parameter be more helpfull then critize my spellings I did not know it was a misspelling. How could I? Next time follow DEBUG_README an paste 'postconf -n'. I'm done with this thread. so i waste my time reply :( postconf -e 'message_strip_characters = \346' postfix reload still no strip in postfix is done :/ Show 'postconf -n' command output. Wietse Hello, I also see a similar issue: X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: MIME-Version Mainly from veritas-bu and asterisk-users mailing lists, is there a work-around or fix for this? Justin.
Newbie question - HOWTO Postfix cluster
Hi, I am trying to build a Postfix cluster for a large scalable company network (e.g. no. of users 1000 - 30,000). For instance :- Domain : example.com Server #1: server1.example.com Server #2: server2.example.com . The account information will be stored in a LDAP database, such that the maildir of user1 will be stored on server1, user2 on server2, etc. I am new to Postfix. Is Postfix capable to build the cluster without local user accounts on the servers? What is the mechanism how to make the mail deliver to the corresponding server using LDAP? How to make it possible? e.g. use virtual domain, or local_recipient_maps ? I hope someone could point to the documentation how to make it work. Thanks a lot. John Mok
Re: postfix strip ??? (highbit chars) (SOLVED)
On Thu, July 23, 2009 12:31, Wietse Venema wrote: Show 'postconf -n' command output. http://wordpress.junc.org/?p=5 resolved fixed here -- xpoint
Aliases
Hi All, I have postfix mostly setup and working, everything seems to work except aliases. I have an alias setup testalias:ema...@mydomain.com, ema...@mydomain.com I also use virtual mappings, so I have a line like this: someem...@mydomain.com testalias However, when I email someem...@mydomain.com, it gets bounced back as: unkown user testalias The alias map is getting built with newaliases and all the other virtual mappings work, I just can't seem to get the aliases to work. In main.cf I have: alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases Thanks for any help, Chris
Re: Newbie question - HOWTO Postfix cluster
On Thursday 23 July 2009 14:53:01 John Mok wrote: I am new to Postfix. Is Postfix capable to build the cluster without local user accounts on the servers? Yes. See virtual_mailbox_maps, virtual_mailbox_domains etc http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox When I designed a similar system I delivered email using maildir format boxes over NFS, so all the front end servers thought the recipient was local to them (as a virtual mailboxes) when in fact weird NFS mappings were hidden at the filesystem level. Afraid I never got to see how well it scaled outside the lab. You could equally define maps for relaying that deliver user1 to server1 using SMTP instead of NFS, but that seems unnecessarily involved to me.
Re: postfix strip ??? (highbit chars)
Justin Piszcz wrote: I also see a similar issue: X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: MIME-Version Mainly from veritas-bu and asterisk-users mailing lists, is there a work-around or fix for this? Justin. This is just an informational message. You can ignore it. If you're losing mail due to bad/duplicated headers, put amavisd-new back at the default to pass bad headers. Followups on the amavis-users mail list please. This isn't a postfix issue. -- Noel Jones
Re: sieve instead procmail?
On Mittwoch 22 Juli 2009 Benny Pedersen wrote: or add sieve protocol to zarafa I'd wish that, but that's not in my possibility. Just why is there not a simple sieve implementation that rewrites mails going to x...@y.z to x+mymail...@y.z and re-calls postfix again. That would be a simple postfix - sieve - postfix setup, and then you can deliver to any mailserver capable of the + mailbox addressing? mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4 signature.asc Description: This is a digitally signed message part.
Re: sieve instead procmail?
On Mittwoch 22 Juli 2009 Ralf Hildebrandt wrote: User dovecot deliver instead of procmail when doing local delivery. That's it. From dovecots documentation in LDA.Sieve.txt: NB: Sieve doesn't support running external programs. And in VirtualUsers.txt: It's not possible to use the Sieve plugin without users having home directories. So, I guess I can't use that to deliver to zarafa. I'd need to run an external program for final mail delivery, and I don't have users with home directories as well. Ah, this was s close. What a pity. Maybe there's another way? What about a postfix milter? I just need a sieve that can call an external program to deliver mails. Is that really not existing? mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4 signature.asc Description: This is a digitally signed message part.
Re: Aliases
2009/7/24 Postfix postfix_l...@ibcnetwork.com: I have an alias setup testalias: ema...@mydomain.com, ema...@mydomain.com I also use virtual mappings, so I have a line like this: someem...@mydomain.com testalias That sounds about right. However, when I email someem...@mydomain.com, it gets bounced back as: unkown user testalias Show log entries for when this happens, the exact details are important (you typo'd unknown :P) The alias map is getting built with newaliases and all the other virtual mappings work, I just can't seem to get the aliases to work. In main.cf I have: alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases Please show the output of `postconf -n`. While everything you've described so far sounds like it should work in a normal setup, it's entirely likely something else is causing problems. While I don't have an answer, one possibility is that the active values of alias_{maps|database} aren't what you think they are, or perhaps mydomain.com isn't properly local. As a note, the right-hand side of your virtual map (that *is* a virtual_alias_map, right?) doesn't specify a domain. If memory serves, postfix will automatically appead @$myorigin, which may not be what you expect. It's never caused me any problems, but it's generally recommended to put full addresses on the right-hand side, eg.: someem...@mydomain.comtestal...@fqdn.of.host That RHS needs to be considered a local address, so it'll use your /etc/aliases
Re: postfix strip ??? (highbit chars)
On Thu, July 23, 2009 16:27, Noel Jones wrote: Justin Piszcz wrote: I also see a similar issue: X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: MIME-Version Mainly from veritas-bu and asterisk-users mailing lists, is there a work-around or fix for this? contact sender, he uses a bad mua that add non standard MIME-Version or was it Mime-Version ? either way its not a bug in postfix or amavisd-new telling about the senders problem This is just an informational message. You can ignore it. If you're losing mail due to bad/duplicated headers, put amavisd-new back at the default to pass bad headers. that does not resolve the problem, but just ignore it Followups on the amavis-users mail list please. This isn't a postfix issue. correct :) -- xpoint
Re: sieve instead procmail?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/23/09 16:33, Michael Monnerie wrote: Ah, this was s close. What a pity. Maybe there's another way? What about a postfix milter? I just need a sieve that can call an external program to deliver mails. Is that really not existing? Why don't you just call the external program for the delivery as you call sieve. In my systems we call dovecot's deliver like this: dovecot unix - n n - - pipe flags=DRhu user=v:v argv=/usr/libexec/dovecot/deliver -d ${recipient} That means the using dovecot as the virtual delivery transport will pass the mesage to the piped program (deliver in this case) through it's standard input, with the parameters passed on the command line, in this case using ${recipient} as substitute parameter for the real message recipient. I can't see the need for going through hoops into sieve for just calling a program with the message piped into it when it can just be done over the pipe mechanism. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Remi - http://enigmail.mozdev.org/ iD8DBQFKaH5fV6+mDjj1PTgRAsv+AJ9mWB7ARa8ZgjtxYxFjMXGIg7RzNgCfU+JF PFtSzDj8B1s4sUy3ygOWemw= =wJnq -END PGP SIGNATURE-
Re: sieve instead procmail?
On Thu, July 23, 2009 16:32, Michael Monnerie wrote: On Mittwoch 22 Juli 2009 Benny Pedersen wrote: or add sieve protocol to zarafa I'd wish that, but that's not in my possibility. tryed http://horde.org/ ? Just why is there not a simple sieve implementation that rewrites mails going to x...@y.z to x+mymail...@y.z and re-calls postfix again. this can be done with postfix header test imho, and dovecot can use + addresing That would be a simple postfix - sieve - postfix setup, and then you can deliver to any mailserver capable of the + mailbox addressing? if it was simple then this maillist wont exists -- xpoint
Re: sieve instead procmail?
On Donnerstag 23 Juli 2009 Benny Pedersen wrote: Just why is there not a simple sieve implementation that rewrites mails going to x...@y.z to x+mymail...@y.z and re-calls postfix again. this can be done with postfix header test imho, and dovecot can use + addresing You miss the point: I need *sieve* to decide to which folder a mail should be sent, but instead of actual delivery, it should rewrite the recipient envelope to x+mymail...@y.z, and return that to postfix. This way, one could integrate sieve into every mailserver capable of + addressing. That would be a simple postfix - sieve - postfix setup, and then you can deliver to any mailserver capable of the + mailbox addressing? if it was simple then this maillist wont exists 5 years ago I maybe would have believed it's complicated. It looks very easy now, thanks to the various lists I'm in. You can learn a lot from reading here, and that's good for everybody. (But still, I can't use sieve as I want ;-) mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4 signature.asc Description: This is a digitally signed message part.
Re: Aliases
Thanks, Putting the fqn in the virtual map: someem...@mydomain.comtestal...@fqdn.of.host worked. I didn't see this in the online docs, but I may have missed it. - Original Message - From: Barney Desmond barneydesm...@gmail.com To: postfix-users@postfix.org Sent: Thursday, July 23, 2009 7:35 AM Subject: Re: Aliases 2009/7/24 Postfix postfix_l...@ibcnetwork.com: I have an alias setup testalias: ema...@mydomain.com, ema...@mydomain.com I also use virtual mappings, so I have a line like this: someem...@mydomain.com testalias That sounds about right. However, when I email someem...@mydomain.com, it gets bounced back as: unkown user testalias Show log entries for when this happens, the exact details are important (you typo'd unknown :P) The alias map is getting built with newaliases and all the other virtual mappings work, I just can't seem to get the aliases to work. In main.cf I have: alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases Please show the output of `postconf -n`. While everything you've described so far sounds like it should work in a normal setup, it's entirely likely something else is causing problems. While I don't have an answer, one possibility is that the active values of alias_{maps|database} aren't what you think they are, or perhaps mydomain.com isn't properly local. As a note, the right-hand side of your virtual map (that *is* a virtual_alias_map, right?) doesn't specify a domain. If memory serves, postfix will automatically appead @$myorigin, which may not be what you expect. It's never caused me any problems, but it's generally recommended to put full addresses on the right-hand side, eg.: someem...@mydomain.comtestal...@fqdn.of.host That RHS needs to be considered a local address, so it'll use your /etc/aliases
Re: sieve instead procmail?
On Donnerstag 23 Juli 2009 Victoriano Giralt wrote: Why don't you just call the external program for the delivery as you call sieve. In my systems we call dovecot's deliver like this: dovecot unix - n n - - pipe flags=DRhu user=v:v argv=/usr/libexec/dovecot/deliver -d ${recipient} That means the using dovecot as the virtual delivery transport will pass the mesage to the piped program (deliver in this case) through it's standard input, with the parameters passed on the command line, in this case using ${recipient} as substitute parameter for the real message recipient. I can't see the need for going through hoops into sieve for just calling a program with the message piped into it when it can just be done over the pipe mechanism. With this way, you have postfix - dovecot, calling dovecot deliver to deliver the mail to a local mailbox. We don't have local mailboxes, those are stored on another server. You'd need to call an external program from deliver, which isn't possible. Now if you can tell me the way to get the e-mail out of that deliver program again into postfix, with the recipient rewritten to user+mail...@x.y, then you made my day. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4 signature.asc Description: This is a digitally signed message part.
Re: sieve instead procmail?
Michael Monnerie wrote: On Donnerstag 23 Juli 2009 Benny Pedersen wrote: Just why is there not a simple sieve implementation that rewrites mails going to x...@y.z to x+mymail...@y.z and re-calls postfix again. this can be done with postfix header test imho, and dovecot can use + addresing You miss the point: I need *sieve* to decide to which folder a mail should be sent, but instead of actual delivery, it should rewrite the recipient envelope to x+mymail...@y.z, and return that to postfix. This way, one could integrate sieve into every mailserver capable of + addressing. You are using a proprietary MDA. You also mentioned this is across machines. Once you decide on this, you get what they give you, unless you hack it yourself. Sieve is filtering language. So what ever MDA you use, must support it to use it. If your MDA does not support specifying folders or manipulating files, nothing you do will change that. Dovecot + Sieve works because it is the same machine and simple file manipulation. You should take this up with your MDA host as it is not a Postfix issue.
Can't send mail using SSL -- Can send with TSL
Sending mail using SSL just hangs. Logs show connection, then disconnect. Sending mail using TSL works. Adding the following to main.cf didn't help: smtpd_tls_protocols = SSLv1 SSLv2 SSLv3 TLSv1 The reason for sticking with SSL is for Outlook 2003 that doesn't have an option for TSL. Thanks for any help. -SB
Re: Can't send mail using SSL -- Can send with TSL
S. Berch wrote: Sending mail using SSL just hangs. Logs show connection, then disconnect. Sending mail using TSL works. Adding the following to main.cf didn't help: smtpd_tls_protocols = SSLv1 SSLv2 SSLv3 TLSv1 The reason for sticking with SSL is for Outlook 2003 that doesn't have an option for TSL. SSL in older versions of Outlook (pre-2007 to my understanding) means the depreciated smtps port 465. Postfix supports this using wrapper mode and there is an example in your master.cf that is commented out by default. Also, do not enable SSLv2 as it is known to be insecure.
How to forwad emails to specific IP address
How can I forward emails to a specific mailserver ip address? I do not want postfix to make DNS lookup for actual mailserver ip address. I am using /etc/aliases u...@domain1.com: u...@domain2.com I would like to specify mailserver's ip address for @domain2.com in some configuration file. Is that possible? Than you a lot Peter
Re: How to forwad emails to specific IP address
man transport David On Thursday 23 July 2009, Peter Macko wrote: How can I forward emails to a specific mailserver ip address? I do not want postfix to make DNS lookup for actual mailserver ip address. I am using /etc/aliases u...@domain1.com: u...@domain2.com I would like to specify mailserver's ip address for @domain2.com in some configuration file. Is that possible? Than you a lot Peter
Re: How to forwad emails to specific IP address
Peter Macko wrote: How can I forward emails to a specific mailserver ip address? I do not want postfix to make DNS lookup for actual mailserver ip address. I am using /etc/aliases u...@domain1.com: u...@domain2.com I would like to specify mailserver's ip address for @domain2.com in some configuration file. Is that possible? Try: /etc/postfix/transport: domain2.com smtp:[x.x.x.x] /etc/postfix/main.cf: transport_maps = hash:/etc/postfix/transport $ postmap /etc/postfix/transport More detailed info: http://www.postfix.org/transport.5.html
Exclude a domain from processing, and forward?
I asked a similar question on the Amavis list, but as I think about it, it might be more appropriate to handle in postfix, before the mail ever gets to amavis. Currently postfix accepts mail for a number of domains, and all mail gets sent though amavisd-new using the configuration below, and is then delivered to appropriate local users: I would like to accept all mail for one of the domains, regardless of the username, and forward it to a single user's maildir on the mail server, with no processing at all by amavis. Does anybody have any suggestions, or can point me to a README on how to do this? Thanks! Terry --- main.cf content_filter=amavisfeed:[127.0.0.1]:10024 master.cf: smtp inet n - n - - smtpd amavisfeed unix- - n- 2 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n- n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients=
Re: sieve instead procmail?
Michael Monnerie wrote: Now if you can tell me the way to get the e-mail out of that deliver program again into postfix, with the recipient rewritten to user+mail...@x.y, then you made my day. I can be terribly wrong here, but isn't this what amavisd-new does when working together with postfix? Postfix sends the email to amavisd-new for processing, and after that the email are pushed back to postfix for delivery. Your deliver program will have to be able to push back the email into postfix exactly as amavisd-new does. I think you have to fiddle with master.cf for this to work. As I said. I may have misunderstood your purpose completely :-) HTH, Mikael Bak
Re: sieve instead procmail?
On Thu, July 23, 2009 18:20, Michael Monnerie wrote: Now if you can tell me the way to get the e-mail out of that deliver program again into postfix, with the recipient rewritten to user+mail...@x.y, then you made my day. http://wiki.dovecot.org/LDA/Postfix see the -m option on delivery sieve is cool yes, but deliver to a mailfolder dont need sieve if you add + addressing -- xpoint
which address is which?
I'm a little confused by this entry in my log: Received: from adsl-dynamic-pool-xxx.fpt.vn (unknown [118.71.113.83]) by mx.myserver.com (Postfix) with ESMTP id DAB68800D3 for __use...@aktzero.com; Thu, 23 Jul 2009 18:23:54 + (UTC) If I `host 118.71.113.83`, I get: 83.113.71.118.in-addr.arpa domain name pointer adsl-dynamic-pool-xxx.fpt.vn. So where did the unknown come from, was that in the HELO? This is postfix-2.5.5, mx.myserver.com is my server, and I have not knowingly customized any responses. -- Andrew Thompson
Re: which address is which?
Andrew Thompson wrote: I'm a little confused by this entry in my log: Received: from adsl-dynamic-pool-xxx.fpt.vn (unknown [118.71.113.83]) by mx.myserver.com (Postfix) with ESMTP id DAB68800D3 for __use...@aktzero.com; Thu, 23 Jul 2009 18:23:54 + (UTC) If I `host 118.71.113.83`, I get: 83.113.71.118.in-addr.arpa domain name pointer adsl-dynamic-pool-xxx.fpt.vn. So where did the unknown come from, was that in the HELO? This is postfix-2.5.5, mx.myserver.com is my server, and I have not knowingly customized any responses. Postfix resolves first, the IP to a domain name (aka PTR record) AND then the acquired domain name to an A record. If one is not found, Postfix will log this as unknown. When they do not match, it may do something similar too. Try doing host adsl-dynamic-pool-xxx.fpt.vn or dig adsl-dynamic-pool-xxx.fpt.vn to see for yourself. Brian
Re: Exclude a domain from processing, and forward?
Terry Carmen a écrit : I asked a similar question on the Amavis list, but as I think about it, it might be more appropriate to handle in postfix, before the mail ever gets to amavis. Currently postfix accepts mail for a number of domains, and all mail gets sent though amavisd-new using the configuration below, and is then delivered to appropriate local users: I would like to accept all mail for one of the domains, regardless of the username, and forward it to a single user's maildir on the mail server, with no processing at all by amavis. Does anybody have any suggestions, or can point me to a README on how to do this? the problem is what to do for mail to multiple recipients. if this never happens (mail is never sent to a user in this domain as well as to a user in another domain), then check_recipient_access hash:/etc/postfix/access_recipient === access_recipient: example.com FILTER smtp:[127.0.0.1]:10025 but again, if a spammer send mail to j...@example.com and virgi...@example.net, then it will not be filtered (so virginia will get the mail unfiltered, even if she is not in example.com). using amavisd-new is more robust.
Re: aliases forwarding on local subnetl DMZ
Peter Macko a écrit : I have two mailservers behind a firewall and they are on the same subnet e.g. A: @test.sk 192.168.1.5 B: @test.eu 192.168.1.6 MX records in DNS on internet are e.g. A: @test.sk 194.1.1.5 B: @test.eu 194.1.1.6 On the A server I have setup aliases file to forward mails to server B, but it is not working. I guess, that when server A forwards mails to server B, it reads MX record for server B from DNS and sees its internet address 194.1.1.6. But they are behind the firewall, and they have local addresses 192.168.1.x. How can I tell the server A not to use MX record from DNS when forwarding emails to server B (@test.eu) and instead to use its local IP address for the B server? I cannot just relay emails from the server A to B, becouse I have to rewrite the users part of email address. As well, I tried to modify email address in aliases file to format: u...@192.168.1.6 mailto:u...@192.168.1.6 instead of u...@test.eu mailto:u...@test.eu, but I have received error bad recipient address syntax. use a domain of your imagination: joe:u...@b.test.eu then either add an A record for test.eu to point to 192.1.1.6, or use transport_maps: test.eu relay:[192.1.1.6]
Re: Aliases
Postfix a écrit : Thanks, Putting the fqn in the virtual map: someem...@mydomain.comtestal...@fqdn.of.host worked. I didn't see this in the online docs, but I may have missed it. Addresses with a domain part get a @$myorigin added. see the ADDRESS REWRITE README or the entry for myorigin in postconf manual.
Re: Exclude a domain from processing, and forward?
Terry Carmen a écrit : I asked a similar question on the Amavis list, but as I think about it, it might be more appropriate to handle in postfix, before the mail ever gets to amavis. Currently postfix accepts mail for a number of domains, and all mail gets sent though amavisd-new using the configuration below, and is then delivered to appropriate local users: I would like to accept all mail for one of the domains, regardless of the username, and forward it to a single user's maildir on the mail server, with no processing at all by amavis. Does anybody have any suggestions, or can point me to a README on how to do this? the problem is what to do for mail to multiple recipients. if this never happens (mail is never sent to a user in this domain as well as to a user in another domain), then check_recipient_access hash:/etc/postfix/access_recipient === access_recipient: example.com FILTER smtp:[127.0.0.1]:10025 but again, if a spammer send mail to j...@example.com and virgi...@example.net, then it will not be filtered (so virginia will get the mail unfiltered, even if she is not in example.com). using amavisd-new is more robust. Thanks! That's exactly what I was looking for, although since you mentioned the multiple recipient problem, it's probably not the solution I need. It woul donly be a matter of time before it became a problem. I guess I'll wait and see if I get any answers on how to handle it with amavis Thanks, Terry
Forwarding Hosted Domain Mail to GMail
I want postfix to forward email from a few of my domains to my gmail account, so I followed the Postfix Virtual Domain Hosting HowTohttp://www.postfix.org/VIRTUAL_README.html#forwardingfor forwarding. Here are the changes I made to main.cf and /etc/postfix/virtual: main.cf: ... virtual_alias_domains = cubiclespace.net no-park.net we-fi.org virtual_alias_maps = hash:/etc/postfix/virtual /etc/postfix/virtual: r...@cubiclespace.net roto...@gmail.com i...@we-fi.org roto...@gmail.com However, when I send an email to one of those addresses it never arrives to my gmail, though I can see that postfix received and forwarded it. mail.log: Jul 23 18:46:05 izardry postfix/smtp[2039]: 6BF6C3F800AD: to= roto...@gmail.com, orig_to=i...@we-fi.org, relay= gmail-smtp-in.l.google.com[209.85.222.77]:25, delay=1.8, \ delays=0.28/0.01/0.06/1.5, dsn=2.0.0, status=sent (250 2.0.0 OK 1248374765 9si4113071pzk.44) I thought gmail was blocking my server, so I wrote a little perl script to send an email from the server shell itself. This email arrived immediately, but was marked as spam. Does anyone have any insights on what is going wrong here? -- ryan
Re: which address is which?
* Andrew Thompson andre...@aktzero.com: I'm a little confused by this entry in my log: Received: from adsl-dynamic-pool-xxx.fpt.vn (unknown [118.71.113.83]) by mx.myserver.com (Postfix) with ESMTP id DAB68800D3 for __use...@aktzero.com; Thu, 23 Jul 2009 18:23:54 + (UTC) If I `host 118.71.113.83`, I get: 83.113.71.118.in-addr.arpa domain name pointer adsl-dynamic-pool-xxx.fpt.vn. $ host adsl-dynamic-pool-xxx.fpt.vn Host adsl-dynamic-pool-xxx.fpt.vn not found: 3(NXDOMAIN) So where did the unknown come from, was that in the HELO? No, forward and reverse don'T match. adsl-dynamic-pool-xxx.fpt.vn is the HELO. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Forwarding Hosted Domain Mail to GMail
Sure, sure. I realize Google is Google and Postfix is Postfix. My purpose in mailing to this list is questioning whether there are additional steps I need to take when configuring my postfix server so that my mail won't be blacklisted. I'm reading a little on reverse DNS right now and it doesn't look like I have it set up, so perhaps that's the issue. Just thought I'd check with the postfix wizards out there who have more experience configuring postfix servers than I do ;-) -- ryan On Thu, Jul 23, 2009 at 3:47 PM, Seth Mattinen se...@rollernet.us wrote: Ryan O'Toole wrote: However, when I send an email to one of those addresses it never arrives to my gmail, though I can see that postfix received and forwarded it. mail.log: Jul 23 18:46:05 izardry postfix/smtp[2039]: 6BF6C3F800AD: to=roto...@gmail.com mailto:roto...@gmail.com, orig_to=i...@we-fi.org mailto:i...@we-fi.org, relay=gmail-smtp-in.l.google.com http://gmail-smtp-in.l.google.com[209.85.222.77]:25, delay=1.8, \ delays=0.28/0.01/0.06/1.5, dsn=2.0.0, status=sent (250 2.0.0 OK 1248374765 9si4113071pzk.44) I thought gmail was blocking my server, so I wrote a little perl script to send an email from the server shell itself. This email arrived immediately, but was marked as spam. Does anyone have any insights on what is going wrong here? Besides Google sucks? ;) If Google's MX says it was accepted and it proceeds to disappear into nowhere land, there's very little you can do. ~Seth
Re: Forwarding Hosted Domain Mail to GMail
Ryan O'Toole wrote: Sure, sure. I realize Google is Google and Postfix is Postfix. My purpose in mailing to this list is questioning whether there are additional steps I need to take when configuring my postfix server so that my mail won't be blacklisted. I'm reading a little on reverse DNS right now and it doesn't look like I have it set up, so perhaps that's the issue. Just thought I'd check with the postfix wizards out there who have more experience configuring postfix servers than I do ;-) Not really. Dropping a message to the floor after saying 250 OK is a horrible, horrible thing to do. This may be helpful: https://mail.google.com/support/bin/answer.py?answer=81126 ~Seth
Re: Exclude a domain from processing, and forward?
On Jul 23, 2009, at 1:58 PM, Terry Carmen te...@cnysupport.com wrote: I asked a similar question on the Amavis list, but as I think about it, it might be more appropriate to handle in postfix, before the mail ever gets to amavis. Currently postfix accepts mail for a number of domains, and all mail gets sent though amavisd-new using the configuration below, and is then delivered to appropriate local users: I would like to accept all mail for one of the domains, regardless of the username, and forward it to a single user's maildir on the mail server, with no processing at all by amavis. Does anybody have any suggestions, or can point me to a README on how to do this? Perhaps you could use multiple postfix instances; use use foo_transport (instead of content_filter) to route mail to amavisd- new. For domains or recipients that should skip the filter, use a transport_map entry to route directly from first - second instance of Postfix, bypassing amavisd-new. This elegantly handles the issue of multi-recipient mail. There are some natural consequences and caveats, but this should be enough to get you started. This would also be a good time to review the MULTI_INSTANCE_README. Thanks! Terry --- main.cf content_filter=amavisfeed:[127.0.0.1]:10024 master.cf: smtp inet n - n - - smtpd amavisfeed unix- - n- 2 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n- n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options= no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients=
mydomain alias questions
Hello, I am wanting to accept mail for mydomain but I have users that don't need system (unix) accounts and I really don't want to create them just for their mail. Is there an easy way to lookup these users outside the local table? Also, what happens to my system users if another table is created to lookup these non-system users? Do the actual system users need to be added to the new lookup table? Wow, hopefully that makes sense... Rodman
Re: Forwarding Hosted Domain Mail to GMail
Thanks Aaron! Your suggestion turns out to be the problem. I was sending my tests from gmail, though I was using a different account than my gmail account for the from address. Apparently, gmail doesn't like that. Sending from that same address but using a different mail client, the mail goes to my inbox. Looks like my postfix configuration was fine ;-) Though I went ahead and also setup a SPF record in the DNS for all my hosted domains. Seemed like a smart thing to do. -- ryan
Mydomain non-system users
Hello, I would like to receive mail at mydomain for a few users that are not system (unix) users. I know I can add them as system users, however, from a security standpoint I'd rather not. How can I have postfix deliever mail to them? Do I have to create a new local lookup table? If that is the case, what happens to my actual system users? Do they also have to be placed in the new local lookup table? Just wondering, if it is a pain in the butt if I should just add them as regular system users and be done with it... Thanks! Rodman
Re: Exclude a domain from processing, and forward?
Perhaps you could use multiple postfix instances; use use foo_transport (instead of content_filter) to route mail to amavisd- new. For domains or recipients that should skip the filter, use a transport_map entry to route directly from first - second instance of Postfix, bypassing amavisd-new. This elegantly handles the issue of multi-recipient mail. There are some natural consequences and caveats, but this should be enough to get you started. This would also be a good time to review the MULTI_INSTANCE_README. That sounds like more work and complexity than should be necessary. I think I'll wait and see of anybody on the amavis list has an idea why my processing exclusions aren't working as they seem like they should, Terry
Re: Mydomain non-system users
Rodman Frowert wrote: Hello, I would like to receive mail at mydomain for a few users that are not system (unix) users. I know I can add them as system users, however, from a security standpoint I'd rather not. How can I have postfix deliever mail to them? Do I have to create a new local lookup table? If that is the case, what happens to my actual system users? Do they also have to be placed in the new local lookup table? Just wondering, if it is a pain in the butt if I should just add them as regular system users and be done with it... Thanks! Rodman You must set them up with a username/password *somewhere* so they can check their mail. With most IMAP/POP software, that means either creating system users or using a virtual back-end such as SQL or LDAP. The quick and dirty way is just create system users with the login shell set to /bin/false or whatever so they can't actually get shell access. For a small number of somewhat-trusted users, that's the easy way to go. Dovecot can use a passwd-like file (manually maintained file with contents similar to /etc/passwd) to make local users with no system privileges, you might want to read up on that. -- Noel Jones
Re: Exclude a domain from processing, and forward?
On Jul 23, 2009, at 6:30 PM, Terry Carmen te...@cnysupport.com wrote: Perhaps you could use multiple postfix instances; use use foo_transport (instead of content_filter) to route mail to amavisd- new. For domains or recipients that should skip the filter, use a transport_map entry to route directly from first - second instance of Postfix, bypassing amavisd-new. This elegantly handles the issue of multi-recipient mail. There are some natural consequences and caveats, but this should be enough to get you started. This would also be a good time to review the MULTI_INSTANCE_README. That sounds like more work and complexity than should be necessary. I think I'll wait and see of anybody on the amavis list has an idea why my processing exclusions aren't working as they seem like they should, No, that is the work that is necessary if you wish to do this robustly in Postfix. It is not very complex. Recipient exclusions in amavisd- new are simple as well; examples are available in documentation as well as on the web -- try google. A search term like 'gary v amavis bypass' is a good start.
Re: Postfix delivery over IPv6, than ISP mail server
Joris Dobbelsteen wrote, On 22-07-09 00:27: Wietse Venema wrote, On 21-07-09 23:12: Joris Dobbelsteen: [ Charset ISO-8859-1 unsupported, converting... ] I'm using Postfix 2.3 (with debian etch, but I'm planning to go to postfix 2.5 with debian lenny). I'm using the postfix box solely for relaying e-mail and doing virus/spam scanning. Mail for local domains is relayed to a local server and everything else goes to my ISPs server. I currently use transport_maps to manage this and that is working fine for a couple years. Now I want to reduce the use of my ISP mail server. For IPv4 this is not possible: its troublesome with residential access my ISP blocks outgoing port 25. However I have an IPv6 ip address where mail delivery is available. Is there any possibility to use the transport_maps to indicate multiple destinations? No, but perhaps it is enough to set smtp_fallback_relay to the ISP. smtp_fallback_relay = [mail.isp.example] Wietse I thought so. Thanks for the confirmation, suggestion and fast reply. However that option is scaring me due to mailing loops. Postfix is behind NAT on a residential ADSL connection, meaning it doesn't know its Internet IP address (for certain). Besides the 'internal' hostname doesn't necessarily reflect the outside one. This is because internal is also a relay destination and I simply cannot guarantee it's ready to receive email. A better idea seems to be looking a bit deeper into master.cf and see if I can add some entry here that does what I want. [snip] What I currently tested is below, but it simply does not work: --- familiedobbelsteen.nl relay:joris2k.local * direct6: --- smtp unix - - - - - smtp direct6 unix - - - - - smtp -o inet_protocol=ipv6 -o smtp_fallback_relay=smtp:[smtp.online.nl] # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o fallback_relay= -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 --- I guess it doesn't like the ipv6 part of it at all. It seems that it doesn't work with ipv4 any more. Log gives: Jul 21 04:52:17 mx1 postfix/smtp[6213]: connect to smtp.online.nl[194.134.41.21]: No route to host (port 25) And I can confirm its absolutely not true, except for IPv6. - Joris
Re: Can't send mail using SSL -- Can send with TSL
Brian Evans wrote: The reason for sticking with SSL is for Outlook 2003 that doesn't have an option for TSL. SSL in older versions of Outlook (pre-2007 to my understanding) means the depreciated smtps port 465. Postfix supports this using wrapper mode and there is an example in your master.cf that is commented out by default. Also, do not enable SSLv2 as it is known to be insecure. Thanks for the help. I don't have the example in my master.cf file. Everything is working after I found this info on a forum and added it to master.cf: smtps inetn - - -- smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -Steve
Re: Postfix delivery over IPv6, than ISP mail server
Joris Dobbelsteen: direct6 unix - - - - - smtp -o inet_protocol=ipv6 % postconf inet_protocol postconf: warning: inet_protocol: unknown parameter Wietse
Re: which address is which?
On Thu, 23 Jul 2009, Andrew Thompson wrote: I'm a little confused by this entry in my log: Received: from adsl-dynamic-pool-xxx.fpt.vn (unknown [118.71.113.83]) by mx.myserver.com (Postfix) with ESMTP id DAB68800D3 for __use...@aktzero.com; Thu, 23 Jul 2009 18:23:54 + (UTC) If I `host 118.71.113.83`, I get: 83.113.71.118.in-addr.arpa domain name pointer adsl-dynamic-pool-xxx.fpt.vn. So where did the unknown come from, was that in the HELO? No, Ralf already explained the source of 'unknown'. It seems that adsl-dynamic-pool-xxx.fpt.vn was the EHLO sent by the client. The Received: header typically begins like: Received: from helo/ehlo name (client name [client IP]) except when $smtpd_helo_required = no (the default) and the client does not send a HELO/EHLO; in that case, I believe client name is displayed in lieu of helo name. -- Sahil Tandon sa...@tandon.net
Disabling SSLv2 on Postfox 2.5.1
I ma having a spot of trouble disabling SSLv2 on a Postfix 2.5.1 installation (from Fedora 9 repo). Here is my postconf: $ postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all inet_protocols = all mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = mail.network.com, localhost, localhost.localdomain myhostname = mail.network.com mynetworks = 127.0.0.0/8, 192.168.0.0/24 newaliases_path = /usr/bin/newaliases.postfix proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.5.1/README_FILES receive_override_options = no_address_mappings sample_directory = /usr/share/doc/postfix-2.5.1/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_sasl_security_options = noanonymous smtp_tls_mandatory_protocols = !SSLv2 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/ssl/mail.network.com.crt smtpd_tls_key_file = /etc/postfix/ssl/mail.network.com.key smtpd_tls_mandatory_ciphers = medium, high smtpd_tls_mandatory_protocols = !SSLv2 smtpd_tls_received_header = yes smtpd_use_tls = yes transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf unknown_local_recipient_reject_code = 450 virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf And when I try and check (from another machine) to see if it's still active: openssl s_client -connect 192.168.0.10:25 -ssl2 I get this: CONNECTED(0003) That means it's still answering SSLv2 correct? I am confused as to what I may be missing to disable this. Can anyone provide any suggestions or tips? I am using certs signed by a CA, if that makes any difference. Thanks!
Re: self signed ssl certs
Benny Pedersen wrote: yes this is clear to me its is so, but i dont know why self signed ssl is being used so much when there is plenty of good trusted signers :/ There's little advantage to using CAcert or other free signing authorities compared to self-signed, since not even Firefox has them as a trusted authority. The result is that visitors get the same confusing and uncertain message whether from a little known authority or a self-signed key. The signed keys that don't trigger warnings cost money. -Steve
Canonical forward and reverse
Hi, I managed to add canoical rewritting, but now I am stuck with postfix trying to deliver the message to the canonical name and not to the proper Unix login name. Using sendmail -bv o...@cs.ait.ac.th I get: --463023A3834.1248410743/mail2.cs.ait.ac.th Content-Description: Notification Content-Type: text/plain; charset=us-ascii This is the mail system at host mail2.cs.ait.ac.th. Enclosed is the mail delivery report that you requested. The mail system olivier.nic...@cs.ait.ac.th (expanded from o...@cs.ait.ac.th): delivery via local: unknown user: olivier.nicole --463023A3834.1248410743/mail2.cs.ait.ac.th Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; mail2.cs.ait.ac.th X-Postfix-Queue-ID: 463023A3834 X-Postfix-Sender: rfc822; r...@cs.ait.ac.th Arrival-Date: Fri, 24 Jul 2009 11:45:43 +0700 (ICT) Final-Recipient: rfc822; olivier.nic...@cs.ait.ac.th Original-Recipient: rfc822; o...@cs.ait.ac.th Action: undeliverable Status: 5.1.1 Diagnostic-Code: X-Postfix; delivery via local: unknown user: olivier.nicole --463023A3834.1248410743/mail2.cs.ait.ac.th Content-Description: Message Headers Content-Type: text/rfc822-headers Return-Path: r...@cs.ait.ac.th Received: by mail2.cs.ait.ac.th (Postfix, from userid 0) id 463023A3834; Fri, 24 Jul 2009 11:45:43 +0700 (ICT) From: r...@cs.ait.ac.th Subject: probe To: olivier.nic...@cs.ait.ac.th Message-Id: 20090724044543.463023a3...@mail2.cs.ait.ac.th Date: Fri, 24 Jul 2009 11:45:43 +0700 (ICT) --463023A3834.1248410743/mail2.cs.ait.ac.th-- Expansion from on@ into Olivier.Nicole@ is correct. How/where do I inform the LDA that it is to deliver to the Unix account associated to that canonical name Olivier.Nicole? Best regards, Olivier