OT Configuration Questions/Help {LDAP}
On Thu, 2009-07-30 at 22:45 -0500, Noel Jones wrote: Jeff Grossman wrote: have seen articles about exporting the Exchange users via LDAP and putting them in an access map file on the Postfix server, but I am not a big fan of that. I would prefer to just query the Exchange server directly for valid addresses. OK, your choice. Ehlo and sorry to high jack a little here {hence subjective change}, but some thing has crossed my mind along these lines with multiple exchange servers using active directory. Perhaps someone has, say, 10 different domains and uses Postfix as a common incoming gateway. From a look cursory I see there exists a ldap map system. Would this allow each domain to define a different LDAP server to query? Perhaps to be clear; DOMAIN.ONE - LDAP{1.2.3.4} DOMAIN.TWO - LDAP{1.2.3.5} DOMAIN.THREE - LDAP{1.2.3.6} ... repeat to fade ... Can this be achieved and is there some further reading I can do this weekend whilst I sip champagne in the sun ? -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
No such file or directory
Hi, i followed this guide for setting up postfix with virtual users. http://www.howtoforge.com/virtual-users-and-domains-postfix-courier-mysql-centos5.1 After i finished i got several errors that i fixed but im stuck on this: Jul 31 05:09:49 localhost pop3d: chdir advies4you.nl/admin/: No such file or directory Im trying to log in with a account named ad...@advies4you.nl and this is what i get when i look at the /var/log/maillog Also, where does postfix store its data/email for the users?
Re: No such file or directory
Ruud v.d Burg wrote: Hi, i followed this guide for setting up postfix with virtual users. http://www.howtoforge.com/virtual-users-and-domains-postfix-courier-mysql-centos5.1 After i finished i got several errors that i fixed but im stuck on this: Jul 31 05:09:49 localhost pop3d: chdir advies4you.nl/admin/: No such file or directory Im trying to log in with a account named ad...@advies4you.nl and this is what i get when i look at the /var/log/maillog Also, where does postfix store its data/email for the users? My guess is that you have either not received any email to that account yet, or you did not use something like mailx to generate a message which will create the mailbox for you. I had a similar issue with a Ubuntu/Postfix/yadi ya set up. You need to send a message to the intended recipient in order to create the mailbox before you will get POP3 or IMAP access to it. Hope this helps. Justin
Re: No such file or directory
On Fri, 2009-07-31 at 09:16 +0200, Ruud v.d Burg wrote: Hi, i followed this guide for setting up postfix with virtual users. http://www.howtoforge.com/virtual-users-and-domains-postfix-courier-mysql-centos5.1 After i finished i got several errors that i fixed but im stuck on this: Jul 31 05:09:49 localhost pop3d: chdir advies4you.nl/admin/: No such file or directory Im trying to log in with a account named ad...@advies4you.nl and this is what i get when i look at the /var/log/maillog Also, where does postfix store its data/email for the users? Good morning Ruud, First of all the log line 'pop3d' is not Postfix saying that to you. It is a pop/imap server which I guess is courier. That to one side, this will almost certainly be the wrong leading path set somewhere *or* chrooting. I am sure that directory advies4you.nl/admin/ does not exists, but /home/advies4you.nl/admin/ may do - so the leading directory is missing somewhere. Postfix for example defines the top directory in main.cf like this; queue_directory = /path/to/queue/directory/ {don't change this... just for example} Dovecot Pop/Imap has: mail_location = maildir:/path/to/mailbox/%h/ I'm not familiar with courier imap/pop server but you will probably find a similar directive in the configuration file that needs to be set to point to the directory where advies4you.nl/admin/ can be found. There is also an outside chance that there is some chroot issue going on here, but I would forget this until you prove that your popd is looking in the right top directory. -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
ACCESS CONTROL FOR LOCAL PICKUP AND VIRTUAL DOMAINS
Hi There, I have a real scenario that I'm not sure how to solve it, local clients on the same machine that postfix resides : I want them to be restricted to their particular virtual domains that they have access to: This is a sample: User one (UID/GID 500) : has 2 virtual domains: domain1.com domain2.com I want to restrict this user one with UID 500 to be able to send email only from those two domains, remember this is not SASL authenticated it is local sendmail delivery, and if user uses programming techniques or Mutt he can forge return-path (actual from) and of course from fields SMTPD_RESTRICTIONS_* cannot be used as local to local delivery is not passing SMTPD daemon and local to external has overlapping with other users no particular restriction can be applied per userid, I tried to use a dedicated cleanup, assigned to pre-cleanup name in master.cnf and utilize a header-check searching for (userid) , the problems are: two things must be checked: A) userid from first received line matching servers details , however a user can put forged received lines but it is cleaned up so no problem B) does that userid have access to the domain it used in from fields Cons: it requires utilizing PCRE/REGEX + hash altogether which I think is not possible, a nested PCRE/REGEX can be used which is messy and too much in case of so many users against cleanup policies as should not be used for deep content inspection Something like smtpd_recipient_restrictions would be great but with hash capability , however for local deliveries it is missing local to local deliveries can be solved somewhat using procmail or pop or maildrop but the most important stuff is local to external deliveries, people on the same host can easily forge their other mates emails without limiting hem to their domains anybody has such issue to apply such restriction per userid /per domain ACCESS control, Am I missing something obvious there? I thought SMTPD_POLICY can be used, there are two problems: local deliveries don't pass that (can be circumvented by making all local deliveries to pass an SMTPD daemon using master.cnf) but the SECOND problem is system userid is not reported in SMTP policies!! even headers are not passed which is required for this task I know postdrop (sendmail) maildrop have ACCESS CONTROL directive that can be used : which is : authorized_submit_users and by default it is set to static:anyone the problem is I want to restrict a user to a particular domain and that domain is Virtual any help? or I have to modify source codes of sendmail, postdrop maildrop !!! Thanks Sincerely, Kia P.
Re: forwarding mail for a complete virtual domain to another mailserver?
Brian, Do not set relayhost on the edge machine. unsetting relayhost makes everything work. thank you! Akos
Re: No such file or directory
Clunk Werclick schreef: On Fri, 2009-07-31 at 09:16 +0200, Ruud v.d Burg wrote: Hi, i followed this guide for setting up postfix with virtual users. http://www.howtoforge.com/virtual-users-and-domains-postfix-courier-mysql-centos5.1 After i finished i got several errors that i fixed but im stuck on this: Jul 31 05:09:49 localhost pop3d: chdir advies4you.nl/admin/: No such file or directory Im trying to log in with a account named ad...@advies4you.nl and this is what i get when i look at the /var/log/maillog Also, where does postfix store its data/email for the users? Good morning Ruud, First of all the log line 'pop3d' is not Postfix saying that to you. It is a pop/imap server which I guess is courier. That to one side, this will almost certainly be the wrong leading path set somewhere *or* chrooting. I am sure that directory advies4you.nl/admin/ does not exists, but /home/advies4you.nl/admin/ may do - so the leading directory is missing somewhere. Postfix for example defines the top directory in main.cf like this; queue_directory = /path/to/queue/directory/ {don't change this... just for example} Dovecot Pop/Imap has: mail_location = maildir:/path/to/mailbox/%h/ I'm not familiar with courier imap/pop server but you will probably find a similar directive in the configuration file that needs to be set to point to the directory where advies4you.nl/admin/ can be found. There is also an outside chance that there is some chroot issue going on here, but I would forget this until you prove that your popd is looking in the right top directory. Good morning! I only added the user in the mysql db. Is there any web admin panel for postfix that adds the user with mailx and in the mysql or something? My company currently has qmailrocks and here we use the web admin panel to add users. Is there something similair for postfix? main.cf points to queue_directory = /var/spool/postfix But i cant find the config for the pop3 thing. I also manually created the advies4you/admin thing in the home/vmail folder (the home/vmail did exist) but that did not fix the problem. I cant recall i edited any config that has mail_location either, or atleast i cant find it. Best regards, Ruud
Re: No such file or directory
On Fri, 2009-07-31 at 11:40 +0200, Ruud v.d Burg wrote: Clunk Werclick schreef: On Fri, 2009-07-31 at 09:16 +0200, Ruud v.d Burg wrote: Hi, i followed this guide for setting up postfix with virtual users. http://www.howtoforge.com/virtual-users-and-domains-postfix-courier-mysql-centos5.1 After i finished i got several errors that i fixed but im stuck on this: Jul 31 05:09:49 localhost pop3d: chdir advies4you.nl/admin/: No such file or directory Im trying to log in with a account named ad...@advies4you.nl and this is what i get when i look at the /var/log/maillog Also, where does postfix store its data/email for the users? Good morning Ruud, First of all the log line 'pop3d' is not Postfix saying that to you. It is a pop/imap server which I guess is courier. That to one side, this will almost certainly be the wrong leading path set somewhere *or* chrooting. I am sure that directory advies4you.nl/admin/ does not exists, but /home/advies4you.nl/admin/ may do - so the leading directory is missing somewhere. Postfix for example defines the top directory in main.cf like this; queue_directory = /path/to/queue/directory/ {don't change this... just for example} Dovecot Pop/Imap has: mail_location = maildir:/path/to/mailbox/%h/ I'm not familiar with courier imap/pop server but you will probably find a similar directive in the configuration file that needs to be set to point to the directory where advies4you.nl/admin/ can be found. There is also an outside chance that there is some chroot issue going on here, but I would forget this until you prove that your popd is looking in the right top directory. Good morning! I only added the user in the mysql db. Is there any web admin panel for postfix that adds the user with mailx and in the mysql or something? My company currently has qmailrocks and here we use the web admin panel to add users. Is there something similair for postfix? There may be, but I am not a user so I could not recommend one. Some people speak of webmin but personally I have command line scripts to manage my setup. main.cf points to queue_directory = /var/spool/postfix But i cant find the config for the pop3 thing. I also manually created the advies4you/admin thing in the home/vmail folder (the home/vmail did exist) but that did not fix the problem. I do not use that pop3 - I use dovecot so I cannot really help you. However, a look at: http://www.courier-mta.org/pop3d.html refers to a config file: /etc/courier/pop3d Further use of google took me here which has some information I would find useful if I were using that server: http://www.linuxfromscratch.org/hints/downloads/files/OLD/courier.txt I cant recall i edited any config that has mail_location either, or atleast i cant find it. Best regards, Ruud Cutting to the chase here and not confusing yourself, the log error you have specifically points to pop3d not being able to find your directory. This is either because it does not exist or it is looking in the wrong place. It is no more complex than that so do not confuse yourself. You may be best to ask on a courier mail list. If after solving your directory issues you have other Postfix issues be sure to check back here for help. -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: what is ESMTP (Nemesis)
Please don't top-post... On 7/30/2009, AMP Admin (ad...@ampprod.com) wrote: Sorry. Didn't think about this going to a thread and just hit reply and changed the title. haha Thats exactly what 'hijacking' is, and it isn't funny... haha I meant more what is the Nemesis part. What kind of mail server is that? I think most if not all smtp servers can customize the banner to say whatever they want, so you can't really tell anything specific/precise about a server jujst from the banner it provides. You'd need to provide the responses from a telnet session to get any kind of meaningful idea... -- Best regards, Charles
Re: what is ESMTP (Nemesis)
I meant more what is the Nemesis part. What kind of mail server is that? I think most if not all smtp servers can customize the banner to say whatever they want, so you can't really tell anything specific/precise about a server jujst from the banner it provides. You'd need to provide the responses from a telnet session to get any kind of meaningful idea... ESMTP (Nemesis) is the mailserver of Schlund Partner: Nemesis - Schlund+Partner entwickelt sein eigenes Mailsystem (Linux-Magazin, 08/05) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: what is ESMTP (Nemesis)
* Ralf Hildebrandt postfix-users@postfix.org: I meant more what is the Nemesis part. What kind of mail server is that? I think most if not all smtp servers can customize the banner to say whatever they want, so you can't really tell anything specific/precise about a server jujst from the banner it provides. You'd need to provide the responses from a telnet session to get any kind of meaningful idea... ESMTP (Nemesis) is the mailserver of Schlund Partner: Nemesis - Schlund+Partner entwickelt sein eigenes Mailsystem (Linux-Magazin, 08/05) An article written by Ralf Hildebrandt ;) p...@rick -- The Book of Postfix http://www.postfix-book.com saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
Re: what is ESMTP (Nemesis)
On 7/31/2009 8:12 AM, Ralf Hildebrandt wrote: I meant more what is the Nemesis part. What kind of mail server is that? I think most if not all smtp servers can customize the banner to say whatever they want, so you can't really tell anything specific/precise about a server jujst from the banner it provides. You'd need to provide the responses from a telnet session to get any kind of meaningful idea... ESMTP (Nemesis) is the mailserver of Schlund Partner: Ralf! You got your crystall ball fixed! But seriously... there is nothing stopping anyone else from customizing their banner to show the same thing, right? -- Best regards, Charles
Re: ACCESS CONTROL FOR LOCAL PICKUP AND VIRTUAL DOMAINS
k p: Hi There, I have a real scenario that I'm not sure how to solve it, local clients on the same machine that postfix resides : I want them to be restricted to their particular virtual domains that they have access to: This is a sample: User one (UID/GID 500) :? has 2 virtual domains:? domain1.com? domain2.com I want to restrict this user one with UID 500 to be able to send email only? from those two domains, remember this is not SASL authenticated it is local sendmail delivery, and if user uses programming techniques or Mutt he can forge return-path (actual from) and of course from fields Tell the user they cannot cheat, or else they lose email privilege. Wietse
Re: what is ESMTP (Nemesis)
* Charles Marcus cmar...@media-brokers.com: Ralf! You got your crystall ball fixed! *POLISH* But seriously... there is nothing stopping anyone else from customizing their banner to show the same thing, right? Indeed. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: what is ESMTP (Nemesis)
Charles Marcus wrote: But seriously... there is nothing stopping anyone else from customizing their banner to show the same thing, right? Sure. You should keep ESTMP in your banner - the rest is up to you. Add smtpd_banner = I think ESMTP is a prehistorical protocol to your main.cd to read 220 I think ESMTP is a prehistorical protocol Lay back and wait for some nerd having fun with your response. Or save the time, enjoy the weekend, drink some beer, do some sport - get a live ;-) Cheers, Thomas
Re: No such file or directory
Ruud v.d Burg wrote: Clunk Werclick schreef: On Fri, 2009-07-31 at 09:16 +0200, Ruud v.d Burg wrote: Hi, i followed this guide for setting up postfix with virtual users. http://www.howtoforge.com/virtual-users-and-domains-postfix-courier-mysql-centos5.1 After i finished i got several errors that i fixed but im stuck on this: Jul 31 05:09:49 localhost pop3d: chdir advies4you.nl/admin/: No such file or directory Good morning! I only added the user in the mysql db. Is there any web admin panel for postfix that adds the user with mailx and in the mysql or something? My company currently has qmailrocks and here we use the web admin panel to add users. Is there something similair for postfix? main.cf points to queue_directory = /var/spool/postfix But i cant find the config for the pop3 thing. I also manually created the advies4you/admin thing in the home/vmail folder (the home/vmail did exist) but that did not fix the problem. I cant recall i edited any config that has mail_location either, or atleast i cant find it. Welcome to the list. Unfortunately, you seem to have missed the important welcome message line: TO REPORT A PROBLEM, SEE: http://www.postfix.org/DEBUG_README.html#mail; Without a 'postconf -n', a *full* log of a transaction and knowing if chroot is enabled in master.cf (column 5), it will be difficult to give answers. In addition, once you have it working, you can probably use the product postfixadmin to administer users. They have their own site and mail list.
Postfix BCC handling - visibility
How does Postfix handle BCCs in terms of visibility? I was checking whether a 3rd party would be able to access the BCC list if they received an e-mail with BCC recipients, but was unable to determine whether: A) This is dependent upon all mail servers in the chain or only the e-mail gateway on our side B) Postfix includes the BCC header and thus provides a route for people to find out who was BCC'd Clarification would be much appreciated. Paul Cocker _ Please consider the environment, think before you print. TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897), TNT Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.
Re: Postfix BCC handling - visibility
Paul Cocker wrote: How does Postfix handle BCCs in terms of visibility? I was checking whether a 3rd party would be able to access the BCC list if they received an e-mail with BCC recipients, but was unable to determine whether: A) This is dependent upon all mail servers in the chain or only the e-mail gateway on our side B) Postfix includes the BCC header and thus provides a route for people to find out who was BCC'd BCCs are not headers. They are envelope recipients. Mail clients simply translate them into RCPT TO on delivery and never add them to the header.
Integration of content_filter and mailbox/alias
Hello. I have two mailboxes (read with pop/imap connection), called us...@domain.tld and us...@domain.tld. All mails sent to user1 are redirected to user2. To do this, I have in virtual_alias_maps: , reading your postconf i would suggest the us...@domain.tld us...@domain.tld us...@domain.tld us...@domain.tld It's working fine with this in master.cf: smtp inet n - n - - smtpd However, when I want to integrate a script (spamassassin for example) in master.cf, there is problem. smtp inet n - n - - smtpd -o content_filter=antispam:dummy spamassassin unix - n n - - pipe user=spamd argv=/usr/local/bin/spamc -f -e /usr/sbin/sendmail - oi -f ${sender} ${recipient} The mail for us...@domain.tld is sent two times. That's 'normal' because the script do: sendmail -oi -f sen...@domain.tld us...@domain.tld (and send two mails - user1@ and user2@) sendmail -oi -f sen...@domain.tld us...@domain.tld So, user2@ receive two mails. Do you have an idea to prevent this problem? Any advices? Thanks a lot. Regards, -- -Nicolas.
Re: Integration of content_filter and mailbox/alias
I use Postfix 2.4.7. In other terms, I don't want virtual_alias_maps be read in these two lines: 1 smtp inet n - n - - smtpd -o content_filter=antispam:dummy 2 antispam unix - n n - - pipe user=spamd argv=/usr/local/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} If virtual_alias_maps is read in these two lines, there's problem with this configuration: us...@domain.tld us...@domain.tld us...@domain.tld us...@domain.tld I hope you could help me. Regards, Nicolas On Fri, 31 Jul 2009 15:44:36 +0200 Nicolas Letellier nico...@nicoelro.net wrote: Hello. I have two mailboxes (read with pop/imap connection), called us...@domain.tld and us...@domain.tld. All mails sent to user1 are redirected to user2. To do this, I have in virtual_alias_maps: , reading your postconf i would suggest the us...@domain.tldus...@domain.tld us...@domain.tldus...@domain.tld It's working fine with this in master.cf: smtp inet n - n - - smtpd However, when I want to integrate a script (spamassassin for example) in master.cf, there is problem. smtp inet n - n - - smtpd -o content_filter=antispam:dummy spamassassin unix - n n - - pipe user=spamd argv=/usr/local/bin/spamc -f -e /usr/sbin/sendmail - oi -f ${sender} ${recipient} The mail for us...@domain.tld is sent two times. That's 'normal' because the script do: sendmail -oi -f sen...@domain.tld us...@domain.tld (and send two mails - user1@ and user2@) sendmail -oi -f sen...@domain.tld us...@domain.tld So, user2@ receive two mails. Do you have an idea to prevent this problem? Any advices? Thanks a lot. Regards, -- -Nicolas. -- -Nicolas.
Re: OT Configuration Questions/Help {LDAP}
Clunk Werclick wrote: On Thu, 2009-07-30 at 22:45 -0500, Noel Jones wrote: Jeff Grossman wrote: have seen articles about exporting the Exchange users via LDAP and putting them in an access map file on the Postfix server, but I am not a big fan of that. I would prefer to just query the Exchange server directly for valid addresses. OK, your choice. Ehlo and sorry to high jack a little here {hence subjective change}, but some thing has crossed my mind along these lines with multiple exchange servers using active directory. Perhaps someone has, say, 10 different domains and uses Postfix as a common incoming gateway. From a look cursory I see there exists a ldap map system. Would this allow each domain to define a different LDAP server to query? Perhaps to be clear; DOMAIN.ONE - LDAP{1.2.3.4} DOMAIN.TWO - LDAP{1.2.3.5} DOMAIN.THREE - LDAP{1.2.3.6} ... repeat to fade ... Can this be achieved and is there some further reading I can do this weekend whilst I sip champagne in the sun ? http://www.postfix.org/postconf.5.html#relay_recipient_maps Notice maps is plural; list as many maps as necessary. Separate multiple map definitions with a comma and/or space. There is no limit built into postfix concerning how many maps you can define, but each map definition consumes system resources (memory, file handles, etc). At some point too many maps will impact system performance. Many admins find it easier and cleaner to create a single map by dumping related data together under the control of a Makefile. -- Noel Jones
Re: OT Configuration Questions/Help {LDAP}
On Fri, 2009-07-31 at 09:50 -0500, Noel Jones wrote: Clunk Werclick wrote: On Thu, 2009-07-30 at 22:45 -0500, Noel Jones wrote: Jeff Grossman wrote: have seen articles about exporting the Exchange users via LDAP and putting them in an access map file on the Postfix server, but I am not a big fan of that. I would prefer to just query the Exchange server directly for valid addresses. OK, your choice. Ehlo and sorry to high jack a little here {hence subjective change}, but some thing has crossed my mind along these lines with multiple exchange servers using active directory. Perhaps someone has, say, 10 different domains and uses Postfix as a common incoming gateway. From a look cursory I see there exists a ldap map system. Would this allow each domain to define a different LDAP server to query? Perhaps to be clear; DOMAIN.ONE - LDAP{1.2.3.4} DOMAIN.TWO - LDAP{1.2.3.5} DOMAIN.THREE - LDAP{1.2.3.6} ... repeat to fade ... Can this be achieved and is there some further reading I can do this weekend whilst I sip champagne in the sun ? http://www.postfix.org/postconf.5.html#relay_recipient_maps Notice maps is plural; list as many maps as necessary. Separate multiple map definitions with a comma and/or space. There is no limit built into postfix concerning how many maps you can define, but each map definition consumes system resources (memory, file handles, etc). At some point too many maps will impact system performance. Many admins find it easier and cleaner to create a single map by dumping related data together under the control of a Makefile. -- Noel Jones Thank you Noel. I will sip some champagne for you this weekend whilst I consider the options :-) -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: Configuration Questions/Help
On Thu, 30 Jul 2009 22:45:04 -0500, Noel Jones njo...@megan.vbhcs.org wrote: Jeff Grossman wrote: I am currently running a Gentoo machine with Sendmail/MIMEDefang/Spamassassin/Clamav which acts as a front-end mail server to a couple of different mail servers. The main back-end mail server is an Exchange 2003 server and the other is currently a Mac OSX machine running Mailman. I am using a mailertable to direct the different domains (10 domains go to the Exchange server and 1 domain goes to the OSX machine). I am using MIMEDefang's md_check_against_smtp_server feature to verify recipients before they are accepted at the gateway. I am going to switch to a Debian machine with Postfix/Amavisd/Spamassassin/Clamav as my new front-end mail server to the Exchange server and the OSX machine (I am going to use the old Gentoo machine for mailman once I wipe it and install Debian). 1. Can I use the reject_unverified_recipient feature to get the same functionality as I did with MIMEDefang's md_check_against_smtp_server? Yes, postfix built-in verification works very similar. See: http://www.postfix.org/ADDRESS_VERIFICATION_README.html Thank you. Makes me feel better knowing that I can get the same functionality. have seen articles about exporting the Exchange users via LDAP and putting them in an access map file on the Postfix server, but I am not a big fan of that. I would prefer to just query the Exchange server directly for valid addresses. OK, your choice. 2. Is it possible to only require the reject_unverified_recipient option on certain domains? Yes. Use a check_recipient_access map that returns reject_unverified_recipient for the target domain. Cool. I wasn't aware of that. I will look into that and see what I need to do. 3. Do I just set up each domain in a Transport Map file and tell it which server to send the mail to? This step is only necessary if the destination IP differs from what postfix will find with an MX lookup of the domain. I am going to use it just in case I screw something up with DNS in the future. Do I also need to put each domain in a relay allowed file? Or is putting them in transport maps enough to tell Postfix to accept mail for those domains? I also have some e-mail addresses on the Exchange server that I do not want the gateway to accept mail for. That should be pretty easy I can just put them in a recipient check hash file. But, nothing is ever easy, there are a few e-mail addresses that I would like to receive mail for to those restricted Exchange e-mail addresses. General per-sender, per-recipient, etc. info can be found here: http://www.postfix.org/RESTRICTION_CLASS_README.html Thanks again for the pointer. And, any mail created from that machine itself would need to be able to send to those restricted Exchange addresses. How can I do that? Mail locally submitted via the sendmail(1) interface does not go through the various smtpd_*_restrictions. and generally the inside machine would be included in mynetworks, which is normally excluded from most restrictions by the permit_mynetworks rule. Yeah, I think the mynetworks should be good enough. I will test it out next week after I get it all setup and see how everything works. Thank you for any help you can offer me or guidance on where I can look for answers. Jeff Welcome to postfix! Thank you for your help. Jeff
Re: Integration of content_filter and mailbox/alias
Hello. I find a solution with receive_override_options=no_address_mappings is my friend ;) All is written here: http://www.postfix.org/FILTER_README.html smtp inet n - n - - smtpd -o content_filter=spamassassin -o receive_override_options=no_address_mappings Regards, Nicolas On Fri, 31 Jul 2009 16:00:26 +0200 Nicolas Letellier nico...@nicoelro.net wrote: I use Postfix 2.4.7. In other terms, I don't want virtual_alias_maps be read in these two lines: 1 smtp inet n - n - - smtpd -o content_filter=antispam:dummy 2 antispam unix - n n - - pipe user=spamd argv=/usr/local/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} If virtual_alias_maps is read in these two lines, there's problem with this configuration: us...@domain.tldus...@domain.tld us...@domain.tldus...@domain.tld I hope you could help me. Regards, Nicolas On Fri, 31 Jul 2009 15:44:36 +0200 Nicolas Letellier nico...@nicoelro.net wrote: Hello. I have two mailboxes (read with pop/imap connection), called us...@domain.tld and us...@domain.tld. All mails sent to user1 are redirected to user2. To do this, I have in virtual_alias_maps: , reading your postconf i would suggest the us...@domain.tld us...@domain.tld us...@domain.tld us...@domain.tld It's working fine with this in master.cf: smtp inet n - n - - smtpd However, when I want to integrate a script (spamassassin for example) in master.cf, there is problem. smtp inet n - n - - smtpd -o content_filter=antispam:dummy spamassassin unix - n n - - pipe user=spamd argv=/usr/local/bin/spamc -f -e /usr/sbin/sendmail - oi -f ${sender} ${recipient} The mail for us...@domain.tld is sent two times. That's 'normal' because the script do: sendmail -oi -f sen...@domain.tld us...@domain.tld (and send two mails - user1@ and user2@) sendmail -oi -f sen...@domain.tld us...@domain.tld So, user2@ receive two mails. Do you have an idea to prevent this problem? Any advices? Thanks a lot. Regards, -- -Nicolas. -- -Nicolas. -- -Nicolas.
RE: what is ESMTP (Nemesis)
I wasn't aware of that and I was laughing at myself for being an idiot and making a mistake. I wasn't aware how the system worked. I didn't think to look at the interworking and thought changing the title would create a new post. My fault for not researching it before doing that. If it was intentional then I can see getting so bent out of shape. I'm all about working within the guidelines and abiding by the rules. Live and learn. telnet only gives 220 smtp.perfora.net (mrus1) Welcome to Nemesis ESMTP server oh well. Thanks anyway. -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Charles Marcus Sent: Friday, July 31, 2009 7:01 AM To: AMP Admin Cc: postfix-users@postfix.org Subject: Re: what is ESMTP (Nemesis) Please don't top-post... On 7/30/2009, AMP Admin (ad...@ampprod.com) wrote: Sorry. Didn't think about this going to a thread and just hit reply and changed the title. haha Thats exactly what 'hijacking' is, and it isn't funny... haha I meant more what is the Nemesis part. What kind of mail server is that? I think most if not all smtp servers can customize the banner to say whatever they want, so you can't really tell anything specific/precise about a server jujst from the banner it provides. You'd need to provide the responses from a telnet session to get any kind of meaningful idea... -- Best regards, Charles
RE: what is ESMTP (Nemesis)
Oh, just saw this. Thank you! -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Ralf Hildebrandt Sent: Friday, July 31, 2009 7:13 AM To: postfix-users@postfix.org Subject: Re: what is ESMTP (Nemesis) I meant more what is the Nemesis part. What kind of mail server is that? I think most if not all smtp servers can customize the banner to say whatever they want, so you can't really tell anything specific/precise about a server jujst from the banner it provides. You'd need to provide the responses from a telnet session to get any kind of meaningful idea... ESMTP (Nemesis) is the mailserver of Schlund Partner: Nemesis - Schlund+Partner entwickelt sein eigenes Mailsystem (Linux-Magazin, 08/05) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
transforming attachment
Hi folks, I have a question for you. I have a Centos 5.3 with postfix 2.3.3. I'm using Amavisd-new and clamav for virus checking. My server daily receive lots of messages with JPG files attached. The number of JPF files in each message is variable. My question is. When receiving an email with at least one JPG file attached can I check if filesize is greater than let's say 100K and if yes, extract that file, change it's resolution (lowering file size) and put it again in the email message without modifiying the rest of the email and them make the local delivery? I think GD could be useful, but I don't know how to integrate the hole process. Thanks in advance David
Re: what is ESMTP (Nemesis)
On 7/31/2009, AMP Admin (ad...@ampprod.com) wrote: telnet only gives 220 smtp.perfora.net (mrus1) Welcome to Nemesis ESMTP server oh well. Thanks anyway. I meant a session where you actually submit mail, and make submissions that will fail. You can tell a lot from the error messages... -- Best regards, Charles
Re: transforming attachment
On Friday 31 July 2009 18:16:35 Ing. Davy Leon wrote: I have a Centos 5.3 with postfix 2.3.3. I'm using Amavisd-new and clamav for virus checking. My server daily receive lots of messages with JPG files attached. The number of JPF files in each message is variable. My question is. When receiving an email with at least one JPG file attached can I check if filesize is greater than let's say 100K and if yes, extract that file, change it's resolution (lowering file size) and put it again in the email message without modifiying the rest of the email and them make the local delivery? Yes you could, but is it wise? Almost certainly cheaper and easier to buy a bunch of TB disk drives and add a bit of extra storage. Or address why you get so many oversized JPG files from a business perspective. If you really want to do this, might be easier to use existing scripts, I know there are some around that extract attachments and save them to a webserver. Anyway I'd suggest doing this as part of local delivery, ala procmail recipe. So it wouldn't be much to do with Postfix at that point. Fiddling with content of email is not something Postmasters usually should concern themselves with. Down this path lies madness and responsibility for the content of other people's emails. Simon
Hash file oddity
A client uses hash files for transport and access on a couple relays. When I need to make a change to one of these files I typically just edit it and then do a postmap whatever. On one of the machines it doesn't seem to pickup the change until I restart postfix (it's an older machine with an older version of postfix on it -- which I'm working on the upgrade plan for). Can someone confirm that we only need to postmap something and not restart the entire subsystem? At least, that's been my understanding for years anyway. Gary
Re: Hash file oddity
Gary Smith wrote: A client uses hash files for transport and access on a couple relays. When I need to make a change to one of these files I typically just edit it and then do a postmap whatever. On one of the machines it doesn't seem to pickup the change until I restart postfix (it's an older machine with an older version of postfix on it -- which I'm working on the upgrade plan for). Can someone confirm that we only need to postmap something and not restart the entire subsystem? At least, that's been my understanding for years anyway. Gary All versions of postfix (at least since 1.0 anyway, and probably before that) will automatically recognize changes to hash: type files. Other file types may require a postfix reload or may be picked up eventually. See the docs for that specific file type. http://www.postfix.org/postfix-manuals.html -- Noel Jones
RE: filter incoming but not outgoing
Thanks Olivier! I'll take a look at that. This server is reserved only for bounces, notices, newsletters, and policy/competence updates so there's only a few system accounts on there. :) -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Olivier Nicole Sent: Thursday, July 30, 2009 8:00 PM To: ad...@ampprod.com Cc: postfix-users@postfix.org Subject: Re: filter incoming but not outgoing Hi, 1. Sign outgoing messages with dkim and vbr (currently doing this with amavis) 2. Only allow sending from our networks 3. Do NOT filter, virus scan or spam scam outgoing messages 4. DO scan and filter incoming messages 5. Optimize / Tweak settings for large number of outgoing messages Yesterday I was looking for the same thing and I found that page: http://www200.pair.com/mecham/spam/bypassing.html though it applies to Postfix+amavis, that is Postfix is in charge of deciding if a message is incoming or outgoing. Now I think it is a *very bad* idea to disable virus filtering on outgoing messages: I do filter all messages, and in case of outgoing message containing a virus, I sent a warning to the administrator: it means one of the machines in my network has a virus, I better know that and take action. Bests, Olivier
Postfix dns lookup and throttle?
Postfix experts, I am running Postfix 2.3.3 on a Centos 5.3 system. We are using it as our primary gateway for relaying email to many of our users at Google (in the cloud). The problem is that during heavier usage times, many messages seem to get queued and delayed due to Google's smtp server not being able to handle to many messages at one time (seemingly). So I have a couple questions that might help us address this problem. - how long does Postfix cache the IP address of dns names for email relaying purpose? Is this a variable that can be changed? - can Postfix be configured to back off from relaying messages, for example for 1 or 2 seconds when it receives deferrals from the receiving smtp server side? Thanks! Tim Tyler Network Engineer Beloit College
Re: Postfix dns lookup and throttle?
Tim Tyler wrote: Postfix experts, I am running Postfix 2.3.3 on a Centos 5.3 system. We are using it as our primary gateway for relaying email to many of our users at Google (in the cloud). The problem is that during heavier usage times, many messages seem to get queued and delayed due to Google’s smtp server not being able to handle to many messages at one time (seemingly). So I have a couple questions that might help us address this problem. - how long does Postfix cache the IP address of dns names for email relaying purpose? Is this a variable that can be changed? Postfix does not cache DNS lookups. - can Postfix be configured to back off from relaying messages, for example for 1 or 2 seconds when it receives deferrals from the receiving smtp server side? See: http://www.postfix.org/TUNING_README.html#mailing_tips and following sections on frequency of deferred attempts. Beware! tuning queue parameters often results in poorer performance than the carefully-chosen defaults. -- Noel Jones Thanks! Tim Tyler Network Engineer Beloit College
RE: Hash file oddity
Noel, I had thought as much. I think the problem with the old box is the filesystem. It's a RH 3.x series box, with that stupid hybrid 2.4/2.6 kernel. I justed wanted to confirm so I can document the process of changes for the client when I rebuilt the box Sunday. Gary PS: Sorry for top posting. OWA doesn't have a good way to do it. From: Noel Jones [njo...@megan.vbhcs.org] Sent: Friday, July 31, 2009 10:46 AM To: Gary Smith; postfix-users@postfix.org Subject: Re: Hash file oddity Gary Smith wrote: A client uses hash files for transport and access on a couple relays. When I need to make a change to one of these files I typically just edit it and then do a postmap whatever. On one of the machines it doesn't seem to pickup the change until I restart postfix (it's an older machine with an older version of postfix on it -- which I'm working on the upgrade plan for). Can someone confirm that we only need to postmap something and not restart the entire subsystem? At least, that's been my understanding for years anyway. Gary All versions of postfix (at least since 1.0 anyway, and probably before that) will automatically recognize changes to hash: type files. Other file types may require a postfix reload or may be picked up eventually. See the docs for that specific file type. http://www.postfix.org/postfix-manuals.html -- Noel Jones
RE: Hash file oddity
At 11:50 AM 7/31/2009, you wrote: PS: Sorry for top posting. OWA doesn't have a good way to do it. Can't you just hit the down arrow or the page down key? :)
RE: Hash file oddity
From: owner-postfix-us...@postfix.org [owner-postfix-us...@postfix.org] On Behalf Of Evan Platt [e...@espphotography.com] Sent: Friday, July 31, 2009 11:55 AM To: postfix-users@postfix.org Subject: RE: Hash file oddity At 11:50 AM 7/31/2009, you wrote: PS: Sorry for top posting. OWA doesn't have a good way to do it. Can't you just hit the down arrow or the page down key? :) I guess one could, but then you can't tell where one began and the other ended ;) At least they finally added the ability to select Plain Text as an option when sending the emails from OWA.
RE: Hash file oddity
At 12:00 PM 7/31/2009, you wrote: I guess one could, but then you can't tell where one began and the other ended ;) At least they finally added the ability to select Plain Text as an option when sending the emails from OWA. There should be a append thing (or prepend?) to add a bracket to quoted text... Been a while since I used OWA.
Re: not receiving forwarded mail from postfix, all logs seem fine
On Jul 30, 2009, at 2:44 PM, dvodvo wrote: Jul 30 00:59:42 mydomain postfix/trivial-rewrite[13937]: warning: do not list domain mydomain.ca in BOTH mydestination and virtual_alias_domains Fix this Jul 30 00:59:44 mydomain postfix/smtp[13941]: 7D04B96117E4: to=mygmailn...@gmail.com, orig_to=d...@mydomain.ca, relay=gmail-smtp-in.l.google.com[209.85.133.27]:25, delay=1.6, delays=0/0.01/0.13/1.4, dsn=2.0.0, status=sent (250 2.0.0 OK 1248933584 d35si1808699and.15) The message was sent to Google, google accepted it. At this point, if you are not getting the mail the either you are forwarding it to the wrong google account or Google is loosing it. Check your spam folder and your addresses and then check with Google. Hmm.. looking further it looks like you are forwarding a gmail message back to gmail. If you are forwarding a message to the same account you get it from you will never see it, Google discards duplicate emails. -- I loved you when our love was blessed I love you now there's nothing left But sorrow and a sense of overtime
High volume Milter experiences?
Did anybody ever measure how many clients a Postfix server using Milter can serve? Somewhere hidden in my brain I recall someone on the list reporting problems with Milter under high load. I am wondering how high the load was and if there was a solution to the problem? Reason I am asking is: I need to plan a rather large system (~600 messages/sec at 150kb average size) and I ask myself if I need to do some tests now or if I can rely on some others numbers for the moment and do the tests at a later stage. Thanks, p...@rick -- All technical answers asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
Re: High volume Milter experiences?
may be used in http://milter-manager.sourceforge.net/ On Fri, 31 Jul 2009 21:59:47 +0200, Patrick Ben Koetter p...@state-of-mind.de wrote: Did anybody ever measure how many clients a Postfix server using Milter can serve? Somewhere hidden in my brain I recall someone on the list reporting problems with Milter under high load. I am wondering how high the load was and if there was a solution to the problem? Reason I am asking is: I need to plan a rather large system (~600 messages/sec at 150kb average size) and I ask myself if I need to do some tests now or if I can rely on some others numbers for the moment and do the tests at a later stage. Thanks, p...@rick -- All technical answers asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
Re: Preventing www@ abuse
On Thu, 30 Jul 2009, The Doctor wrote: Get a turkey that seems to be doing a 302 redicrecting and using www@webserver to 'frame' the point. This means nothing to me. Can you try again? Any way of locking down the use of the www to just webforms on the local web server? Yes an access(5) map to REJECT envelope sender w...@foo.bar. -- Sahil Tandon sa...@tandon.net
Re: Hash file oddity
On Fri, 31 Jul 2009, Gary Smith wrote: A client uses hash files for transport and access on a couple relays. When I need to make a change to one of these files I typically just edit it and then do a postmap whatever. On one of the machines it doesn't seem to pickup the change until I restart postfix (it's an older machine with an older version of postfix on it -- which I'm working on the upgrade plan for). Can someone confirm that we only need to postmap something and not restart the entire subsystem? At least, that's been my understanding for years anyway. From DATABASE_README: If you change a local file based database such as DBM or Berkeley DB, there is no need to execute postfix reload. Postfix uses file locking to avoid read/write access conflicts, and whenever a Postfix daemon process. notices that a file has changed it will terminate before handling the next client request, so that a new process can initialize with the new database. By any chance, are you testing the change by using the same lookup key? -- Sahil Tandon sa...@tandon.net
Received: headers and mail forwarding loops
When I submit a mail to my Postfix server (using SASL auth over a TLS connection), Postfix adds the following received header: Received: from aletheia.cite.lan (33.33.33.333.dynamic.cablesurf.de [33.33.33.333]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.incertum.net (Postfix) with ESMTPSA for c...@example.net; Fri, 31 Jul 2009 23:42:33 +0200 (CEST) This is working as expected. If I create a new mail and forcibly insert the above header before I submit it, I get a NDR saying that there is a mail forwarding loop for c...@example.net - which is exactly what I expected, but I'm not 100% sure how this mechanism works. So my question is: Does Postfix compare both the sending host _and_ the recipient address in Received: headers? If not, with regard to Received: headers, which (if any) information is compared to detect a mail forwarding loop? Cheers Stefan
Re: Received: headers and mail forwarding loops
Stefan F?rster: When I submit a mail to my Postfix server (using SASL auth over a TLS connection), Postfix adds the following received header: Received: from aletheia.cite.lan (33.33.33.333.dynamic.cablesurf.de [33.33.33.333]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.incertum.net (Postfix) with ESMTPSA for c...@example.net; Fri, 31 Jul 2009 23:42:33 +0200 (CEST) This is working as expected. If I create a new mail and forcibly insert the above header before I submit it, I get a NDR saying that there is a mail forwarding loop for c...@example.net - which is As documented, Postfix uses Delivered-To: headers for loop detection. Local delivery agent: = prepend_delivered_header (default: command, file, forward) The message delivery contexts where the Postfix local(8) delivery agent prepends a Delivered-To: message header with the address that the mail was delivered to. This information is used for mail delivery loop detection. By default, the Postfix local delivery agent prepends a Delivered-To: header when forwarding mail and when delivering to file (mailbox) and command. Turning off the Delivered-To: header when forwarding mail is not recommended. Specify zero or more of forward, file, or command. Example: prepend_delivered_header = forward Pipe delivery agent: flags=BDFORXhqu. (optional) Optional message processing flags. By default, a message is copied unchanged. ... D Prepend a Delivered-To: recipient message header with the envelope recipient address. Note: for this to work, the transport_destination_recipient_limit must be 1 (see SINGLE-RECIPIENT DELIVERY above for details). The D flag also enforces loop detection (Postfix 2.5 and later): if a message already contains a Delivered-To: header with the same recipient address, then the message is returned as undeliverable. The address comparison is case insensitive. Wietse exactly what I expected, but I'm not 100% sure how this mechanism works. So my question is: Does Postfix compare both the sending host _and_ the recipient address in Received: headers? If not, with regard to Received: headers, which (if any) information is compared to detect a mail forwarding loop? Cheers Stefan
Re: Received: headers and mail forwarding loops
* Wietse Venema wie...@porcupine.org wrote: Stefan Förster: This is working as expected. If I create a new mail and forcibly insert the above header before I submit it, I get a NDR saying that there is a mail forwarding loop for c...@example.net - which is As documented, Postfix uses Delivered-To: headers for loop detection. I am very sorry - I had indeed pasted too many lines into my test email. Cheers Stefan
Re: mySQL Query not working
On Friday 31 July 2009, Tino Donderwinkel wrote: I have a virtual_alias map setup that uses this mySQL query; SELECT rcpt FROM aliases WHERE alias = '%s' OR alias = (SELECT CONCAT('%u@', alias_of) FROM domains WHERE domain = '%d') hmm I think the way the % vars are replaced is the problem, try this. CONCAT('%u', '@', alias_of) or the easier way (this is what I use. SELECT goto FROM alias, alias_domain WHERE alias_domain.alias_domain = '%d' AND alias.address = concat('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active = 1 -- Simple things make people happy. Willy De la Court PGP Public Key at http://www.linux-lovers.be/download/public_key.asc PGP Key fingerprint = 784E E18F 7F85 9C7C AC1A D5FB FE08 686C 37C7 A689
Re: Blocking Hotmail
On Thu, July 30, 2009 16:50, Rodman Frowert wrote: I wish there was a message board on the Postfix main site instead of JUST the mailing list. Would making find things that are asked a lot quite easier. Some of the mailing list archives don't have search functions... reject spf softfail, fail, neotral aswell on spf pass check sender in squirrelmail addressbook is known if yes accept else reject, how to make it work is up to others for yahoo i check it with postfwd to match if client_name match sender_domain, if not reject lack of spf force me to this :) -- xpoint