Re: postfix original recipient

[Gaby L]

- Original Message - 
From: Gaby L g...@autoglobus2000.ro

To: Postfix users postfix-users@postfix.org
Sent: Wednesday, August 19, 2009 7:16 PM
Subject: Re: postfix original recipient




Ok
Postfix logs the orig_to address when the envelope recipient address
is replaced (for example with virtual_alias_maps).
The email is send to do_ch...@de.opel.com  (Envelope)but in orig_to is 
a.verme...@autoglobus2000.ro
Why not appear real delivery address in message? (although it is in 
orig_to from maillog)
Can I do original destination to appear in message? If not use virtual 
tables then appear in message original destination?

This is example email

Return-Path: dragos.do...@gm.com
X-Original-To: autoglo...@ag2000.ro
Delivered-To: autoglo...@ag2000.ro
Received: from localhost (mail.ag2000.ro [127.0.0.1])
by mail.ag2000.ro (Postfix) with ESMTP id 68F58818082;
Mon, 17 Aug 2009 13:19:41 +0300 (EEST)
X-Virus-Scanned: amavisd-new at ag2000.ro
Received: from mail.ag2000.ro ([127.0.0.1])
by localhost (mail.ag2000.ro [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id LhINW+bFSHlR; Mon, 17 Aug 2009 13:19:28 +0300 (EEST)
Received: from plgmler5.imr.gm.com (plgmler5.imr.gm.com [199.228.142.85])
by mail.ag2000.ro (Postfix) with ESMTP id 450CE818081;
Mon, 17 Aug 2009 13:19:27 +0300 (EEST)
Received: from plgmlir1.imr.gm.com (plgmlir1-2.imr.gm.com 
[199.228.142.169])

by plgmler5.imr.gm.com (8.14.2/8.13.8) with ESMTP id n7HAJHgr023744;
Mon, 17 Aug 2009 05:19:20 -0500
Received: from plgmlir1.imr.gm.com (localhost [127.0.0.1])
by plgmlir1.imr.gm.com (8.14.2/8.12.10) with ESMTP id n7HAJDxX005565;
Mon, 17 Aug 2009 05:19:13 -0500
Received: from DERUEMA16.eur.corp.gm.com ([134.46.236.103])
by plgmlir1.imr.gm.com (8.14.2/8.12.10) with ESMTP id n7HAJBwN005525;
Mon, 17 Aug 2009 05:19:11 -0500
X-EDSINT-Source-Ip: 134.46.236.103
To: do_ch...@de.opel.com
Subject: Rezultate Aftersales pe H2, la 13.08.2009.
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.4 HF1151 March 27, 2007
Message-ID: 
of07650702.057205dd-onc1257615.0036dc19-c1257615.0038b...@de.opel.com

From: Dragos Dobre dragos.do...@gm.com
Date: Mon, 17 Aug 2009 12:19:09 +0200
X-MIMETrack: Serialize by Router on DERUEMA16/M/GMSERVER/GMC at 17.08.2009 
12:19:12

Content-Type: multipart/mixed; boundary==_mixed 0038B094C125761

- Original Message - 
From: Wietse Venema wie...@porcupine.org

To: Postfix users postfix-users@postfix.org
Sent: Wednesday, August 19, 2009 5:58 PM
Subject: Re: postfix original recipient



Gaby L:


- 




I want to use virtual_alias_maps but I want to appear original
destination address in header.
It is possible?


As documented (man 5 virtual), virtual_alias_maps changes the
ENVELOPE address not the HEADER address.

Wietse


Thanks


Postfix logs the orig_to address when the envelope recipient address
is replaced (for example with virtual_alias_maps).

Gaby L:
 Hi
  I have a problem with multi-destination and hidden address email 
 (generic address is @de.opel.com)

 I use virtual table,amavisd-new.
 I don't view in header destination address but in maillog it appear in 
 orig_to field.(a.verme...@autoglobus2000.ro)
 What insert in mail header orig_to field for filter for other incoming 
 machine?

Re: Email Bounce Question

[Barney Desmond]

2009/8/19 Sean C. s...@unxhosting.com:
 Is it possible in postfix to set an account to never generate bounce back
 messages or to send them all to a email account rather than to the
 originating user?  I have an account where users email in and it maps via
 aliases to another email address.  When there is a issue I would prefer the
 users to not get the failure messages and perhaps instead send that message
 to another email account on my side.

 For all the other email which comes in to other accounts I would like to
 keep the normal bounces.

At first I thought you were referring to outgoing mail, in which case
you could use generic address rewriting. In any case, you want some
sender-address munging. Canonical rewriting may do what you want:
http://www.postfix.org/ADDRESS_REWRITING_README.html#canonical

Distribution lists/SPF with Postfix?

[Paul Hutchings]

We have a basic distribution list setup within postfix under a virtual
domain.

One of the external parties who wants to sent to it has an SPF record in
place so of course in its current configuration the message is being
rejected by our SPF, and of course even if we allowed it, it would be
rejected by the SPF of the recipients mail servers.

At present the message would come directly from sender at
theirdomain.com.

Is there a way within Postfix to have it originate from distribution
list at ourdomain.com on behalf of sender at theirdomain.com or
would I need third party listserv software to do this?

Thanks,
Paul

-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.
If you receive this e-mail in error, please delete it and notify us either by 
e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as 
this is prohibited.

Re: Distribution lists/SPF with Postfix?

[Simon Waters]

On Thursday 20 August 2009 10:01:37 Paul Hutchings wrote:
 We have a basic distribution list setup within postfix under a virtual
 domain.

 One of the external parties who wants to sent to it has an SPF record in
 place so of course in its current configuration the message is being
 rejected by our SPF,

If they aren't a permitted sender don't accept it, their SPF config is 
presumably broken?

 and of course even if we allowed it, it would be 
 rejected by the SPF of the recipients mail servers.

If you are setting the envelope sender as this domain, then get your server 
added to their SPF record is probably the appropriate thing to do.

 At present the message would come directly from sender at
 theirdomain.com.

 Is there a way within Postfix to have it originate from distribution
 list at ourdomain.com on behalf of sender at theirdomain.com or
 would I need third party listserv software to do this?

You are confusing envelope sender and headers.

I think SPF is broken by design, but if you aren't rewriting the email, then 
yes mailing list software will do that for you.

I've tended to regard SPF errors as self inflicted injuries.

Postfix + PLESK + mail filtering

[Vytenis Sabaliauskas]

Hi everyone,

	I'm trying to implement a mail filtering, which should put all SPAM 
tagged messages into a dedicated folder. It looks simple, but then PLESK 
comes in. It uses:



virtual_transport = plesk_virtual


which looks like this in master.cf:

plesk_virtual unix - n n - - pipe flags=DORhu user=popuser:popuser 
argv=/usr/lib64/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p 
/var/qmail/mailnames


This transport should be left intact. I'm looking into making a separate 
filter which will deliver the message to the Spam folder if it's tagged 
or pipe it back to postfix to deliver it with plesk_virtual if it's not.


Are there any thoughts how to implement this?

Google didn't gave the results or didn't knew how to look.

Thanks in advance

--
Regards,
Vytenis

Postfix queue problem?

[Junior Tux]

Dear all , i have a big problem with postfx queue. I'm using postfix
amavis spamassain. But queue has 5 mails. it's sending very slow.
What Can i do ? Thanks.

Postconf -n
alias_maps = hash:/etc/aliases
body_checks = regexp:/etc/postfix/body_checks
bounce_queue_lifetime = 3d
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
local_recipient_maps =
maximal_queue_lifetime = 3d
message_size_limit = 2024
milter_default_action = accept
milter_protocol = 2
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydomain = example.net
myhostname = gw.example.net
mynetworks = 127.0.0.0/8
non_smtpd_milters = inet:localhost:10026
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks
qmgr_clog_warn_time = 0
receive_override_options = no_address_mappings
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
hash:/etc/postfix/helo_access, permit
smtpd_milters = inet:localhost:10026
smtpd_recipient_limit = 250
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_address, reject_unauth_pipelining,
reject_unknown_recipient_domain, reject_non_fqdn_hostname,
reject_unauth_destination, reject_sender_login_mismatch,
check_client_access hash:/etc/postfix/backscatterer_white,
reject_rbl_client zen.spamhaus.org, check_sender_access
hash:/etc/postfix/backscatterer_white, check_sender_access
hash:/etc/postfix/check_backscatterer
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unknown_sender_domain,
warn_if_reject, reject_non_fqdn_sender, check_sender_access
hash:/etc/postfix/sender_restrictions, check_sender_access
hash:/etc/postfix/null_sender
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/example.crt
smtpd_tls_key_file = /etc/postfix/ssl/example.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf


master.cf

smtp inet n - - - 60 smtpd
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# == ==
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# == ==
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify 

Fw: postfix original recipient

[Gaby L]

I have detect the problem
All emails above @de.opel.com address is hidden addres but my domain hidden 
addres appear in orig_to from maillog.

What do I to hidden address appear in mail header?


- Subject: Re: postfix original recipient





Ok
Postfix logs the orig_to address when the envelope recipient address
is replaced (for example with virtual_alias_maps).
The email is send to do_ch...@de.opel.com  (Envelope)but in orig_to is 
a.verme...@autoglobus2000.ro
Why not appear real delivery address in message? (although it is in 
orig_to from maillog)
Can I do original destination to appear in message? If not use virtual 
tables then appear in message original destination?

This is example email

Return-Path: dragos.do...@gm.com
X-Original-To: autoglo...@ag2000.ro
Delivered-To: autoglo...@ag2000.ro
Received: from localhost (mail.ag2000.ro [127.0.0.1])
by mail.ag2000.ro (Postfix) with ESMTP id 68F58818082;
Mon, 17 Aug 2009 13:19:41 +0300 (EEST)
X-Virus-Scanned: amavisd-new at ag2000.ro
Received: from mail.ag2000.ro ([127.0.0.1])
by localhost (mail.ag2000.ro [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id LhINW+bFSHlR; Mon, 17 Aug 2009 13:19:28 +0300 (EEST)
Received: from plgmler5.imr.gm.com (plgmler5.imr.gm.com [199.228.142.85])
by mail.ag2000.ro (Postfix) with ESMTP id 450CE818081;
Mon, 17 Aug 2009 13:19:27 +0300 (EEST)
Received: from plgmlir1.imr.gm.com (plgmlir1-2.imr.gm.com 
[199.228.142.169])

by plgmler5.imr.gm.com (8.14.2/8.13.8) with ESMTP id n7HAJHgr023744;
Mon, 17 Aug 2009 05:19:20 -0500
Received: from plgmlir1.imr.gm.com (localhost [127.0.0.1])
by plgmlir1.imr.gm.com (8.14.2/8.12.10) with ESMTP id n7HAJDxX005565;
Mon, 17 Aug 2009 05:19:13 -0500
Received: from DERUEMA16.eur.corp.gm.com ([134.46.236.103])
by plgmlir1.imr.gm.com (8.14.2/8.12.10) with ESMTP id n7HAJBwN005525;
Mon, 17 Aug 2009 05:19:11 -0500
X-EDSINT-Source-Ip: 134.46.236.103
To: do_ch...@de.opel.com
Subject: Rezultate Aftersales pe H2, la 13.08.2009.
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.4 HF1151 March 27, 2007
Message-ID: 
of07650702.057205dd-onc1257615.0036dc19-c1257615.0038b...@de.opel.com

From: Dragos Dobre dragos.do...@gm.com
Date: Mon, 17 Aug 2009 12:19:09 +0200
X-MIMETrack: Serialize by Router on DERUEMA16/M/GMSERVER/GMC at 
17.08.2009 12:19:12

Content-Type: multipart/mixed; boundary==_mixed 0038B094C125761

- Original Message - 
From: Wietse Venema wie...@porcupine.org

To: Postfix users postfix-users@postfix.org
Sent: Wednesday, August 19, 2009 5:58 PM
Subject: Re: postfix original recipient



Gaby L:


- 




I want to use virtual_alias_maps but I want to appear original
destination address in header.
It is possible?


As documented (man 5 virtual), virtual_alias_maps changes the
ENVELOPE address not the HEADER address.

Wietse


Thanks


Postfix logs the orig_to address when the envelope recipient address
is replaced (for example with virtual_alias_maps).

Gaby L:
 Hi
  I have a problem with multi-destination and hidden address email 
 (generic address is @de.opel.com)

 I use virtual table,amavisd-new.
 I don't view in header destination address but in maillog it appear 
 in orig_to field.(a.verme...@autoglobus2000.ro)
 What insert in mail header orig_to field for filter for other 
 incoming machine?

Re: Postfix queue problem?

[Stefan Förster]

Hallo Junior,

* Junior Tux junior.pe...@gmail.com:
 Dear all , i have a big problem with postfx queue. I'm using postfix
 amavis spamassain. But queue has 5 mails. it's sending very slow.
 What Can i do ? Thanks.

There are various ways to debug this problem and improve performance.
A first stop should be http://www.postfix.org/QSHAPE_README.html which
describes not only how the various queues work together, but does also
give valuable hints on solving some of the problems which one might
encounter.

General hints on performance tuning can be found at
http://www.postfix.org/TUNING_README.html - those documents together
should provide you with a reasonable start.

 smtp-amavis unix - - n - 40 smtp
 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes

Can your server really handle 40 content filter processes (assuming
that $max_servers in amavisd is set to 40, too)? You might want to
look at your servers memory ressources and see if it startet swapping.

You should also provide logging output of messages which are processed
slowly - please note that you will need to track two queue IDs, one
before it enters the content_filter and one after the reinjection.


Cheers
Stefan

Re: Postfix queue problem?

[Stefan Förster]

On second thought,

* Junior Tux junior.pe...@gmail.com:
 qmgr_clog_warn_time = 0

you might want to leave that at the default value to get helpful
information.

 smtpd_milters = inet:localhost:10026

This milter could be a problem if it is slow.

 soft_bounce = yes

On a prodcution machine, this will increase the load in most cases
(senders retrying instead of giving up).

 virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
 virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf

If your database is slow or overloaded with connections, this might
could slow down mail delivery. Postfix logs lookup problems, so you
can verify that quite easily.


Cheers
Stefan

Re: SSL_accept error

[Ebbe Hjorth]

2009/8/14 Barney Desmond barneydesm...@gmail.com

 2009/8/14 Ebbe Hjorth ebbe.hjo...@gmail.com:
  No more hints? :-(

 Do you still have a problem? You said, Ahh, now we are talkin, which
 sounds like you were successful.

 Patrick's docs (
 http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html
 )
 are great, but I think they're a little misleading in this case. You
 don't need to create a full CA, you (probably) just want a self-signed
 certificate.

 Do you need a CA-signed certificate?
 No: most of the time, so just use a self-signed certificate
 Yes: if SMTP clients *require* encryption, *and* will perform
 verification of the server's certificate for trust. Note that this
 applies to controlled conditions, like an enterprise; SMTP clients
 from the internet should not care about verification.

 Want to use a self-signed certificate?

 1. Make the key:
 touch smtpd.key
 chmod 600 smtpd.key
 openssl genrsa 1024  smtpd.key

 2. Make the cert, answering the questions when asked:
 openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt

 3. Add them to your postfix config as appropriate
 smtpd_tls_key_file = /etc/postfix/smtpd.pem
 smtpd_tls_cert_file = /etc/postfix/smtpd.crt


Hi,

I did the above 3 steps, stilling getting errors - so now i have disabled
tls in main and master, and now it is working ;)

Thanks you for all your help and inputs, it is very much appreciated!!!

/ Ebbe

Re: postfix original recipient

[Wietse Venema]

Gaby L:
 Ok
 Postfix logs the orig_to address when the envelope recipient address
  is replaced (for example with virtual_alias_maps).
 The email is send to do_ch...@de.opel.com  (Envelope)but in orig_to is 
 a.verme...@autoglobus2000.ro
 Why not appear real delivery address in message? (although it is in orig_to 
 from maillog)

Email is delivered to the envelope recipient address. This address
may differ from the recipient address in the header.

For example, this message is sent to postfix-users, but it is
delivered to your mailbox (and my mailbox, and the mailbox of a
bunch of other people). Listing everyone in the message header
would not be desirable.

Postfix can be configured to add an X-Original-To: message header
upon final delivery (with local(8), pipe(8) and lmtp(8)).

Wietse

 Can I do original destination to appear in message? If not use virtual 
 tables then appear in message original destination?
 This is example email
 
 Return-Path: dragos.do...@gm.com
 X-Original-To: autoglo...@ag2000.ro
 Delivered-To: autoglo...@ag2000.ro
 Received: from localhost (mail.ag2000.ro [127.0.0.1])
  by mail.ag2000.ro (Postfix) with ESMTP id 68F58818082;
  Mon, 17 Aug 2009 13:19:41 +0300 (EEST)
 X-Virus-Scanned: amavisd-new at ag2000.ro
 Received: from mail.ag2000.ro ([127.0.0.1])
  by localhost (mail.ag2000.ro [127.0.0.1]) (amavisd-new, port 10024)
  with ESMTP id LhINW+bFSHlR; Mon, 17 Aug 2009 13:19:28 +0300 (EEST)
 Received: from plgmler5.imr.gm.com (plgmler5.imr.gm.com [199.228.142.85])
  by mail.ag2000.ro (Postfix) with ESMTP id 450CE818081;
  Mon, 17 Aug 2009 13:19:27 +0300 (EEST)
 Received: from plgmlir1.imr.gm.com (plgmlir1-2.imr.gm.com [199.228.142.169])
  by plgmler5.imr.gm.com (8.14.2/8.13.8) with ESMTP id n7HAJHgr023744;
  Mon, 17 Aug 2009 05:19:20 -0500
 Received: from plgmlir1.imr.gm.com (localhost [127.0.0.1])
  by plgmlir1.imr.gm.com (8.14.2/8.12.10) with ESMTP id n7HAJDxX005565;
  Mon, 17 Aug 2009 05:19:13 -0500
 Received: from DERUEMA16.eur.corp.gm.com ([134.46.236.103])
  by plgmlir1.imr.gm.com (8.14.2/8.12.10) with ESMTP id n7HAJBwN005525;
  Mon, 17 Aug 2009 05:19:11 -0500
 X-EDSINT-Source-Ip: 134.46.236.103
 To: do_ch...@de.opel.com
 Subject: Rezultate Aftersales pe H2, la 13.08.2009.
 MIME-Version: 1.0
 X-Mailer: Lotus Notes Release 6.5.4 HF1151 March 27, 2007
 Message-ID: 
 of07650702.057205dd-onc1257615.0036dc19-c1257615.0038b...@de.opel.com
 From: Dragos Dobre dragos.do...@gm.com
 Date: Mon, 17 Aug 2009 12:19:09 +0200
 X-MIMETrack: Serialize by Router on DERUEMA16/M/GMSERVER/GMC at 17.08.2009 
 12:19:12
 Content-Type: multipart/mixed; boundary==_mixed 0038B094C125761
 
 - Original Message - 
 From: Wietse Venema wie...@porcupine.org
 To: Postfix users postfix-users@postfix.org
 Sent: Wednesday, August 19, 2009 5:58 PM
 Subject: Re: postfix original recipient
 
 
  Gaby L:
 
  - 
 
 
 
  I want to use virtual_alias_maps but I want to appear original
  destination address in header.
  It is possible?
 
  As documented (man 5 virtual), virtual_alias_maps changes the
  ENVELOPE address not the HEADER address.
 
  Wietse
 
  Thanks
 
 
  Postfix logs the orig_to address when the envelope recipient address
  is replaced (for example with virtual_alias_maps).
 
  Gaby L:
   Hi
I have a problem with multi-destination and hidden address email 
   (generic address is @de.opel.com)
   I use virtual table,amavisd-new.
   I don't view in header destination address but in maillog it appear in 
   orig_to field.(a.verme...@autoglobus2000.ro)
   What insert in mail header orig_to field for filter for other incoming 
   machine?
 
  
 
 
 

Re: Postfix queue problem?

[Wietse Venema]

Junior Tux:
 Dear all , i have a big problem with postfx queue. I'm using postfix
 amavis spamassain. But queue has 5 mails. it's sending very slow.
 What Can i do ? Thanks.

The first thing you should do is search the logfile for signs of
trouble that causes programs to fail.

http://www.postfix.org/DEBUG_README.html#logging

Wietse

Postfix external mail receiving problems

[Paul H Park]

Hello all,

It is my first time configuring postfix and I've learned a lot the past couple 
of days from the community, thank you.

My problem is in receiving mail, it doesn't have a problem sending out test 
mails from the Linux command prompt (using: echo test | mail -s testsubject 
testem...@hotmailorwhereever.com) or from a client like zimbra/ms outlook.  It 
is sending through port 465 as a defense against abuse:

Aug 20 12:46:25 myserver postfix/smtpd[10086]: connect from 
ipxx-xxx-xxx-xxx.dc.dc.cox.net[xx.xxx.xxx.xxx]
Aug 20 12:46:25 myserver postfix/smtpd[10086]: setting up TLS connection from 
ipxx-xxx-xxx-xxx.dc.dc.cox.net[xx.xxx.xxx.xxx]
Aug 20 12:46:25 myserver postfix/smtpd[10086]: Anonymous TLS connection 
established from ipxx-xxx-xxx-xxx.dc.dc.cox.net[xx.xxx.xxx.xxx]: TLSv1 with 
cipher RC4-MD5 (128/128 bits)
Aug 20 12:46:26 myserver postfix/smtpd[10086]: 85A921E50E: 
client=ipxx-xxx-xxx-xxx.dc.dc.cox.net[xx.xxx.xxx.xxx], sasl_method=LOGIN, 
sasl_username=me
Aug 20 12:46:26 myserver postfix/cleanup[10092]: 85A921E50E: 
message-id=.1201250768782000.javamail.mehp-...@mehp-pc
Aug 20 12:46:26 myserver postfix/qmgr[10077]: 85A921E50E: 
from=m...@mydomainnamehere.org, size=609, nrcpt=1 (queue active)
Aug 20 12:46:26 myserver postfix/smtpd[10086]: disconnect from 
ipxx-xxx-xxx-xxx.dc.dc.cox.net[xx.xxx.xxx.xxx]
Aug 20 12:46:27 myserver dovecot: pop3-login: Login: user=me, method=PLAIN, 
rip=xx.xxx.xxx.xxx, lip=xx.xxx.xx.xxx, TLS
Aug 20 12:46:28 myserver dovecot: POP3(me): Disconnected: Logged out top=0/0, 
retr=0/0, del=0/0, size=0
Aug 20 12:46:28 myserver postfix/smtp[10093]: 85A921E50E: 
to=test...@gmail.com, relay=gmail-smtp-in.l.google.com[209.85.217.5]:25, 
delay=1.8, delays=0.27/0.01/0.56/0.95, dsn=2.0.0, status=sent (250 2.$
Aug 20 12:46:28 myserver postfix/qmgr[10077]: 85A921E50E: removed
Aug 20 12:49:46 myserver postfix/anvil[10089]: statistics: max connection rate 
1/60s for (smtps:68.227.203.231) at Aug 20 12:46:25
Aug 20 12:49:46 myserver postfix/anvil[10089]: statistics: max connection count 
1 for (smtps:68.227.203.231) at Aug 20 12:46:25
Aug 20 12:49:46 myserver postfix/anvil[10089]: statistics: max cache size 1 at 
Aug 20 12:46:25
Aug 20 13:00:31 myserver postfix/postfix-script[10162]: warning: 
/var/spool/postfix/etc/hosts and /etc/hosts differ
Aug 20 13:00:43 myserver postfix/postfix-script[10304]: warning: 
/var/spool/postfix/etc/hosts and /etc/hosts differ


So far, the ports are open, except for 25 (verified with tools online):

nmap mail.mydomainnamehere.org

Starting Nmap 4.62 ( http://nmap.org ) at 2009-08-20 12:13 BST
Interesting ports on mydomainnamehere.org (68.xxx.xx.xxx):
Not shown: 1709 closed ports
PORTSTATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
111/tcp open  rpcbind
465/tcp open  smtps
993/tcp open  imaps
995/tcp open  pop3s

Nmap done: 1 IP address (1 host up) scanned in 0.145 seconds


My original understanding was that postfix would send out mail from the server 
only, but then I discovered that it also receives mail as well to deliver to my 
server box ...hence the conceptual grouping with the term, mail transfer 
agent (MTA).  


The major problems in the setup include (1 through 2):


#1 Accepting emails from external sources, such as from my gmail account to 
myserver, as /var/log/mail.log indicates.

Aug 20 11:33:50 myserver postfix/smtpd[9888]: connect from unknown[67.52.59.170]
Aug 20 11:33:50 myserver postfix/smtpd[9888]: setting up TLS connection from 
unknown[67.52.59.170]
Aug 20 11:34:16 myserver postfix/smtpd[9870]: SSL_accept error from 
mail-yw0-f193.google.com[209.85.211.193]: -1
Aug 20 11:34:16 myserver postfix/smtpd[9870]: lost connection after CONNECT 
from mail-yw0-f193.google.com[209.85.211.193]
Aug 20 11:34:16 myserver postfix/smtpd[9870]: disconnect from 
mail-yw0-f193.google.com[209.85.211.193]

Here is my /etc/postfix/master.cf file:

# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: man 5 master).
#
# Do not forget to execute postfix reload after editing this file.
#
# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
#smtp  inet  n   -   -   -   -   smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_sender=yes
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o broken_sasl_auth_clients=yes


#submission inet n   -   -   -   -   smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_tls_wrappermode=yes
#  -o broken_sasl_auth_clients=yes
#  -o smtpd_reject_unlisted_sender=yes

#  -o 

Re: is my server an open relay?

[Serge Fonville]

Well,

To determine you are an opne relay, there are a couple of things you can do
Google for open relay check
From a remote site send an email from another domain to another domain
through your mail server
Check your settings agains the manual

HTH

Regards,

Serge Fonville

On Thu, Aug 20, 2009 at 2:54 PM, Israel Garciaigalva...@gmail.com wrote:
 My scenario:

 I have a lot of postfix servers, each one, use to sent mail directly
 to internet, so It's difficult to monitor them.
 What I want?

 Put all postfix's of my servers to send all their external mail  to an
 smarthost server in my network.  I mean, the smarthost must receive
 ONLY mail from my servers and relay them mail to internet. Remember I
 have a lot of different servers and domains so I don't know how to
 configure this smarthost becasuse in some way it's becoming an open
 relay.

 My question:
 How can I setup a secure smarthost to my network that receive mail
 ONLY from my servers and  relay all mail directly to Internet? Include
 some configuration if possible.

 regards,
 Israel.

Re: Special needs(filter - SASL)

[rank1seeker]

- Original Message -
From: Brian Evans - Postfix List grkni...@scent-team.com
To: Postfix users postfix-users@postfix.org
Date: Wed, 19 Aug 2009 14:41:51 -0400
Subject: Re: Special needs(filter - SASL)

 none none wrote:
  I would like email to be filtered ONLY from user that relays(SASL
  authed) mail to the outside(not localhost) mailbox.
  That is, if that same user is sending mail from local machine(no
  relaying) then filter doesn't kicks in.

 
  I've looked at postfix man pages and documentation and it is too much
  hassle about creating other instances of smtp ot smtpd etc... and pcre
  has limited caps for me.
 
  I am very skilled when it comes to PHP, so would like to create PHP
  script that would suck that mail in and spit it out for delivery by
  postfix.
 
  But Right now I would be happy even with in 
/usr/local/etc/postfix/main.cf:
  header_checks = pcre:/usr/local/etc/postfix/strip_relay_header
 
  BUT, that header_checks rule should kick in ONLY for remote SASL
  authed user when target mailbox is NOT locally hosted (goes out to the
  internet)

 header_checks are applied globally for an instance.  There is no way
 around that fact.
 
 What *is* possible is to use a content_filter or milter instead.
 
 See some ideas here:
 http://www.postfix.org/FILTER_README.html
 http://www.postfix.org/MILTER_README.html


I think I will go for before-queue Milter support
SMTP-only - which means It will be applied to incoming mail from the 
internet(Both SASL authed and those from outside senders with target 
as/for local mailboxes)

I am a little bit puzzled with qmqpd.
When it kicks in? I read only explicitly authorized client hosts are 
allowed to use  the  service
And is in network category, so were hopping that, it would be my ticket to 
apply filter only to SASL authed users and no one else.

/etc/postfix/main.cf:
# Milters for mail that arrives via the smtpd(8) server.
# See below for socket address syntax.
smtpd_milters = unix:/path/to/php_daemon/its.sock

This is how I link to my php daemon.
Now tell me, how does string(which is mail[it's header  body]) is PASSED 
to and RETRIEVED back to postfix?

I mean, is it true, that string(which is mail[it's header  body]) goes to 
its.sock AND after filtering, is returned to postfix, again, via 
its.sock

Re: is my server an open relay?

[Udo Rader]

Israel Garcia wrote:

My scenario:

I have a lot of postfix servers, each one, use to sent mail directly
to internet, so It's difficult to monitor them.
What I want?

Put all postfix's of my servers to send all their external mail  to an
smarthost server in my network.  I mean, the smarthost must receive
ONLY mail from my servers and relay them mail to internet. Remember I
have a lot of different servers and domains so I don't know how to
configure this smarthost becasuse in some way it's becoming an open
relay.

My question:
How can I setup a secure smarthost to my network that receive mail
ONLY from my servers and  relay all mail directly to Internet? Include
some configuration if possible.


if you know the IP addresses of your lots of different servers and 
domains, just use the mynetwork directive [1]


And most important, RTFM [2]

[1] http://www.postfix.org/postconf.5.html#mynetworks
[2] http://www.postfix.org/STANDARD_CONFIGURATION_README.html

--
Udo Rader, CTO
http://www.bestsolution.at
http://riaschissl.blogspot.com

Re: is my server an open relay?

[Udo Rader]

Israel Garcia wrote:

Yes, I did it, I put all my servers IPs inside mynetworks at
main.cf...BUT I noticed that a user from any server can send mail
using any sender and it's a big problem, because any user can send
spam inside my network to Internet..  How can I block this user from
sending mail with any sender address?

regards,
Israel.

On Thu, Aug 20, 2009 at 8:07 AM, Udo Raderlist...@bestsolution.at wrote:

Israel Garcia wrote:

My scenario:

I have a lot of postfix servers, each one, use to sent mail directly
to internet, so It's difficult to monitor them.
What I want?

Put all postfix's of my servers to send all their external mail  to an
smarthost server in my network.  I mean, the smarthost must receive
ONLY mail from my servers and relay them mail to internet. Remember I
have a lot of different servers and domains so I don't know how to
configure this smarthost becasuse in some way it's becoming an open
relay.

My question:
How can I setup a secure smarthost to my network that receive mail
ONLY from my servers and  relay all mail directly to Internet? Include
some configuration if possible.

if you know the IP addresses of your lots of different servers and
domains, just use the mynetwork directive [1]

And most important, RTFM [2]

[1] http://www.postfix.org/postconf.5.html#mynetworks
[2] http://www.postfix.org/STANDARD_CONFIGURATION_README.html


please don't top post and please don't reply off-list.

then, as suggested in http://www.postfix.org/DEBUG_README.html#mail
show what postconf -n gives and post log excerpts for the described 
problem from the affected server.


--
Udo Rader, CTO
http://www.bestsolution.at
http://riaschissl.blogspot.com

Re: is my server an open relay?

[Israel Garcia]

Serge, I mean I'm an open relay to my servers, becasue any user from
any server can send mail putting any sender..I'm looking a way to
block that...

regards,
Israel.

On Thu, Aug 20, 2009 at 8:02 AM, Serge Fonvilleserge.fonvi...@gmail.com wrote:
 Well,

 To determine you are an opne relay, there are a couple of things you can do
 Google for open relay check
 From a remote site send an email from another domain to another domain
 through your mail server
 Check your settings agains the manual

 HTH

 Regards,

 Serge Fonville

 On Thu, Aug 20, 2009 at 2:54 PM, Israel Garciaigalva...@gmail.com wrote:
 My scenario:

 I have a lot of postfix servers, each one, use to sent mail directly
 to internet, so It's difficult to monitor them.
 What I want?

 Put all postfix's of my servers to send all their external mail  to an
 smarthost server in my network.  I mean, the smarthost must receive
 ONLY mail from my servers and relay them mail to internet. Remember I
 have a lot of different servers and domains so I don't know how to
 configure this smarthost becasuse in some way it's becoming an open
 relay.

 My question:
 How can I setup a secure smarthost to my network that receive mail
 ONLY from my servers and  relay all mail directly to Internet? Include
 some configuration if possible.

 regards,
 Israel.





-- 
Regards;
Israel Garcia

Re: is my server an open relay?

[Serge Fonville]

My bad,

I misunderstood the question, skimmed to the msg to fast ;-)

Sorry 'bout that

As mentioned read the section on mynetworks

Regards,

Serge Fonville

On Thu, Aug 20, 2009 at 3:23 PM, Israel Garciaigalva...@gmail.com wrote:
 Serge, I mean I'm an open relay to my servers, becasue any user from
 any server can send mail putting any sender..I'm looking a way to
 block that...

 regards,
 Israel.

 On Thu, Aug 20, 2009 at 8:02 AM, Serge Fonvilleserge.fonvi...@gmail.com 
 wrote:
 Well,

 To determine you are an opne relay, there are a couple of things you can do
 Google for open relay check
 From a remote site send an email from another domain to another domain
 through your mail server
 Check your settings agains the manual

 HTH

 Regards,

 Serge Fonville

 On Thu, Aug 20, 2009 at 2:54 PM, Israel Garciaigalva...@gmail.com wrote:
 My scenario:

 I have a lot of postfix servers, each one, use to sent mail directly
 to internet, so It's difficult to monitor them.
 What I want?

 Put all postfix's of my servers to send all their external mail  to an
 smarthost server in my network.  I mean, the smarthost must receive
 ONLY mail from my servers and relay them mail to internet. Remember I
 have a lot of different servers and domains so I don't know how to
 configure this smarthost becasuse in some way it's becoming an open
 relay.

 My question:
 How can I setup a secure smarthost to my network that receive mail
 ONLY from my servers and  relay all mail directly to Internet? Include
 some configuration if possible.

 regards,
 Israel.





 --
 Regards;
 Israel Garcia

Re: is my server an open relay?

[Israel Garcia]

This is the postconf -n on my smarthost server.

server:/etc/postfix# postconf -n
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 1024000
mydestination =
myhostname = server.domain
mynetworks = 127.0.0.0/8  xx.xx.xx.xx  #-- my.network.subnet
myorigin = /etc/mailname
readme_directory = no
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name
transport_maps = hash:/etc/postfix/transport

With this conf, only the IPs from mynetworks relay mail throuhg  the
smarthost. BUT, I repeat, users can send mail from their servers using
any sender address. How can I block this?

regards,
israel.

On Thu, Aug 20, 2009 at 8:30 AM, Serge Fonvilleserge.fonvi...@gmail.com wrote:
 My bad,

 I misunderstood the question, skimmed to the msg to fast ;-)

 Sorry 'bout that

 As mentioned read the section on mynetworks

 Regards,

 Serge Fonville

 On Thu, Aug 20, 2009 at 3:23 PM, Israel Garciaigalva...@gmail.com wrote:
 Serge, I mean I'm an open relay to my servers, becasue any user from
 any server can send mail putting any sender..I'm looking a way to
 block that...

 regards,
 Israel.

 On Thu, Aug 20, 2009 at 8:02 AM, Serge Fonvilleserge.fonvi...@gmail.com 
 wrote:
 Well,

 To determine you are an opne relay, there are a couple of things you can do
 Google for open relay check
 From a remote site send an email from another domain to another domain
 through your mail server
 Check your settings agains the manual

 HTH

 Regards,

 Serge Fonville

 On Thu, Aug 20, 2009 at 2:54 PM, Israel Garciaigalva...@gmail.com wrote:
 My scenario:

 I have a lot of postfix servers, each one, use to sent mail directly
 to internet, so It's difficult to monitor them.
 What I want?

 Put all postfix's of my servers to send all their external mail  to an
 smarthost server in my network.  I mean, the smarthost must receive
 ONLY mail from my servers and relay them mail to internet. Remember I
 have a lot of different servers and domains so I don't know how to
 configure this smarthost becasuse in some way it's becoming an open
 relay.

 My question:
 How can I setup a secure smarthost to my network that receive mail
 ONLY from my servers and  relay all mail directly to Internet? Include
 some configuration if possible.

 regards,
 Israel.





 --
 Regards;
 Israel Garcia





-- 
Regards;
Israel Garcia

Re: Distribution lists/SPF with Postfix?

[Noel Jones]

Paul Hutchings wrote:

No their SPF config works as they want it.  I think perhaps mentioning
SPF was a red herring, what I really want to know is how I can have a
distribution list in a Postfix Virtual Domain that sends with the
envelope (if that's the term) set to something we control and not using
the senders domain/email address *whilst still* making it clear at MUA
level that the original sender is the sender.



Set the envelope sender to something in your domain.  Set the 
From: header, which is what mail clients display, to

something in the client's domain.

Look at this message as an example; your mail client says it's 
from me, but the envelope sender is 
owner-postfix-us...@postfix.org


  -- Noel Jones

Re: is my server an open relay?

[Udo Rader]

Israel Garcia wrote:

This is the postconf -n on my smarthost server.

server:/etc/postfix# postconf -n
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 1024000
mydestination =
myhostname = server.domain
mynetworks = 127.0.0.0/8  xx.xx.xx.xx  #-- my.network.subnet
myorigin = /etc/mailname
readme_directory = no
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name
transport_maps = hash:/etc/postfix/transport

With this conf, only the IPs from mynetworks relay mail throuhg  the
smarthost. BUT, I repeat, users can send mail from their servers using
any sender address. How can I block this?


once more: please don't top post.

And yet once more: please post log excerpts showing the misbehaviour (a 
user [...] sending mail from their servers using any server address).


whay you you mean by any sender address? An IP address or an email 
address?


And your problem is probably that you did not define who is allowed to 
use your server as a relay, read

http://www.postfix.org/postconf.5.html#smtpd_client_restrictions

it should be something like:

smtpd_client_restriction =
  permit_mynetworks
  reject

--
Udo Rader, CTO
http://www.bestsolution.at
http://riaschissl.blogspot.com

Re: Postfix external mail receiving problems

[Noel Jones]

Paul H Park wrote:

Hello all,

It is my first time configuring postfix and I've learned a lot the past couple 
of days from the community, thank you.

My problem is in receiving mail, it doesn't have a problem sending out test mails from 
the Linux command prompt (using: echo test | mail -s testsubject 
testem...@hotmailorwhereever.com) or from a client like zimbra/ms outlook.  It is sending 
through port 465 as a defense against abuse:


...


So far, the ports are open, except for 25 (verified with tools online):


port 25 must be open to receive external mail.


Here is my /etc/postfix/master.cf file:
# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
#smtp  inet  n   -   -   -   -   smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_sender=yes
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o broken_sasl_auth_clients=yes


Uncomment the smtp ... smtpd service in your master.cf.  Do 
NOT use smtpd_tls_wrappermode or any of those other options; 
they don't belong here.


  -- Noel Jones

Re: Xserve running Mac OS X

[Brian Evans - Postfix List]

The Doctor wrote:
 Right I have the following colocated box with
 the following configuration:


 $postconf -n

 mailbox_command = /usr/bin/procmail
 mailbox_transport = cyrus
   

mailbox_transport takes precidence over mailbox_command.. so procmail is
never called by Postfix

 relayhost = $mydomain
   
Remove this.  It may cause mail loops.
It's purpose is the default, next-hop destination of mail NOT meant for
your machine.
 The DNS are pointing to this box as MX and when I do a local
 test, no log nor delivery is 
 taking place.

 What do I need to fix?

   

Logging is done by your system via syslog calls.
Postfix does not log directly.

Without logs, we cannot tell what is going on.

Re: Postfix + PLESK + mail filtering

[Brian Evans - Postfix List]

Vytenis Sabaliauskas wrote:
 This transport should be left intact. I'm looking into making a
 separate filter which will deliver the message to the Spam folder if
 it's tagged or pipe it back to postfix to deliver it with
 plesk_virtual if it's not.

 Are there any thoughts how to implement this?


I'd suggest reviewing http://www.postfix.org/FILTER_README.html

Re: is my server an open relay?

[Terry Carmen]

Israel Garcia wrote:

This is the postconf -n on my smarthost server.

server:/etc/postfix# postconf -n
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 1024000
mydestination =
myhostname = server.domain
mynetworks = 127.0.0.0/8  xx.xx.xx.xx  #-- my.network.subnet
myorigin = /etc/mailname
readme_directory = no
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name
transport_maps = hash:/etc/postfix/transport

With this conf, only the IPs from mynetworks relay mail throuhg  the
smarthost. BUT, I repeat, users can send mail from their servers using
any sender address. How can I block this?
  
You can prevent relaying by unwanted systems by properly specifying 
mynetworks.


You can prevent access by unauthenticated users by using SASL on your 
smarthosts: http://www.postfix.org/SASL_README.html


Although it's not appropriate for general use, you could prevent users 
from sending using bogus email addresses with by using Sender Address 
Verification on your own servers: 
http://www.postfix.org/ADDRESS_VERIFICATION_README.html


Terry

Re: Postfix 2.2.9 and MySql 5

[Luigi Rosa]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Brent Robinson said the following on 20/08/09 16:37:

 Do we need to upgrade or recompile Postfix in order for it to work
 correctly with MySql 5?

You should, since Postfix uses MySQL libraries and include files.


Ciao,
luigi

- --
/
+--[Luigi Rosa]--
\

The last time somebody said, I find I can write much better with a word
processor.,
I replied, They used to say the same thing about drugs.
--Roy Blount, Jr.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkqNcT4ACgkQ3kWu7Tfl6ZTy4ACbBPhT3xQvYdm+1kDYnGPCab2Z
U8QAoIIY7I6cDolHUuGXnwVW2Y7W2MY9
=OV2E
-END PGP SIGNATURE-

Re: Distribution lists/SPF with Postfix?

[Benny Pedersen]

On tor 20 aug 2009 11:19:57 CEST, Simon Waters wrote

I think SPF is broken by design, but if you aren't rewriting the email, then
yes mailing list software will do that for you.


spf brokken ?, it brokken as much as spam filters using blacklists and  
not whitelists, seriously if it was whitelist url it will not be easy  
to just get a new domain that is not blacklisted, but how long will  
the fun continue ?


back to the op problem is that spf is checking envelope senders so use  
a maillist software that is not brokken to have the envelope on the  
maillist not as the same as the maillist poster from address, then its  
possible to have spf pass to the recipient, just like its working on  
plenty of other maillist i am on


--
xpoint

RE: domainkey

[AMP Admin]

At Wed, 19 Aug 2009 10:31:45 -0500,
AMP Admin wrote:
 
 We have the following setup for dkimproxy but it's only signing with dkim
 and not domainkey.  We would like to do both.  Any ideas?

Use sender_map.conf ;;

-- 

I'm not sure how to use sender_map.conf.  can you give me an example or point 
me to some documentation on it?

RE: domainkey

[AMP Admin]

-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of Byung-Hee HWANG
Sent: Wednesday, August 19, 2009 7:21 PM
To: AMP Admin
Cc: postfix-users@postfix.org
Subject: Re: domainkey

At Wed, 19 Aug 2009 10:31:45 -0500,
AMP Admin wrote:
 
 We have the following setup for dkimproxy but it's only signing with dkim
 and not domainkey.  We would like to do both.  Any ideas?

Use sender_map.conf ;;

-- 
Byung-Hee HWANG
∑ WWW: http://izb.knu.ac.kr/~bh/


Never mind!  I found it and it's working!

Re: is my server an open relay?

[/dev/rob0]

Please stop the top-posting.

On Thursday 20 August 2009 09:09:34 Israel Garcia wrote:
 This is the postconf -n on my smarthost server.

 myhostname = server.domain

Typically myhostname should be a real DNS name, resolvable from
outside, and should also be the valus of the PTR for the IP address.

 mynetworks = 127.0.0.0/8  xx.xx.xx.xx  #-- my.network.subnet

1. Munging essential information will make it impossible for you to
   get real help.
2. You're going to have to limit this to hosts that you TRUST. If
   that's the empty set, unset it: mynetworks =.

 myorigin = /etc/mailname

Be sure to read your Debian README for Debian-specific information.

 transport_maps = hash:/etc/postfix/transport

Why?

 With this conf, only the IPs from mynetworks relay mail throuhg
 the smarthost. BUT, I repeat, users can send mail from their
 servers using any sender address. How can I block this?

Did you know that this default behavior has always existed for mail
systems? Did you know that this is a FAQ on this list, I believe
already asked once this week?

Is this an actual problem, or a theoretical one? If you have actual
abusers (senders using external addresses are probably not real
abusers, but that's for you to decide) revoke their access to your
network. Political/social problems generally do not have solutions
that are technological.

The answer, repeated for you and yet again for the archives, is to
require and enforce authentication, and use smtpd_sender_login_maps,
listing sender addresses you allow for each SASL AUTH user.

http://www.postfix.org/SASL_README.html
http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps

You then use reject_authenticated_sender_login_mismatch *before*
permit_sasl_authenticated in your smtpd_recipient_restrictions.
-- 
Offlist mail to this address is discarded unless
/dev/rob0 or not-spam is in Subject: header

RE: domainkey

[AMP Admin]

Ok, new problem.

Sender: i...@example.com
dkim: Does work
Domainkey: Does work

Sender: i...@differentdomain.com
Dkim: Does work
Domainkey: Does NOT work

Our sender map looks like this:

# sign i...@differentdomain.com
i...@differentdomain.comdkim(d=example.com), domainkeys(d=example.com)
# sign example.com mail with both a domainkeys and dkim signature
example.com   dkim(c=relaxed,a=rsa-sha256), domainkeys(c=nofws)
mail.example.com  dkim(c=relaxed,a=rsa-sha256), domainkeys(c=nofws)

split domain and relaying

[David Koski]

I have a domain split on two postfix servers.  The secondary (not the default) 
hosts only a few email accounts so I added them to the transport map:

off...@domainchanged.com  dovecot:
o...@domainchanged.comdovecot:
reu...@domainchanged.com  dovecot:
...

This works for local delivery and accepts email from the primary server just 
fine.  However, when using this secondary server for relaying to accounts 
hosted on the primary the delivery fails:

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 imail.domainchanged.com ESMTP Postfix (Debian/GNU)
helo kosmosisland.com
250 imail.domainchanged.com
mail from:da...@kosmosisland.com
250 2.1.0 Ok
rcpt to:t...@domainchanged.com
550 5.1.1 t...@domainchanged.com: Recipient address rejected: User unknown 
in virtual mailbox table

So I added to the transport table at the end:

*   smtp:[mail.domainchanged.com]

mail.domainchanged.com is the primary.  This did not help.  What is the trick?

Regards,
David Koski
da...@kosmosisland.com

RE: Distribution lists/SPF with Postfix?

[Paul Hutchings]

Thanks for the reply.

Can I do this with Postfix and if so, how please?

I did read the address-rewriting help but frankly am struggling to find the 
exact details I need.

This is literally the only distribution list that we have on Postfix and it 
only has a handful of members so I really don't want to have to start looking 
at listserv software just for that.

Paul

-Original Message-
From: owner-postfix-us...@postfix.org on behalf of Noel Jones
Sent: Thu 8/20/2009 3:28 PM
To: postfix-users@postfix.org
Subject: Re: Distribution lists/SPF with Postfix?
 
Paul Hutchings wrote:
 No their SPF config works as they want it.  I think perhaps mentioning
 SPF was a red herring, what I really want to know is how I can have a
 distribution list in a Postfix Virtual Domain that sends with the
 envelope (if that's the term) set to something we control and not using
 the senders domain/email address *whilst still* making it clear at MUA
 level that the original sender is the sender.
 

Set the envelope sender to something in your domain.  Set the 
From: header, which is what mail clients display, to
something in the client's domain.

Look at this message as an example; your mail client says it's 
from me, but the envelope sender is 
owner-postfix-us...@postfix.org

   -- Noel Jones


-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.
If you receive this e-mail in error, please delete it and notify us either by 
e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as 
this is prohibited.

Re: split domain and relaying

[Magnus Bäck]

On Thursday, August 20, 2009 at 19:21 CEST,
 David Koski da...@kosmosisland.com wrote:

 I have a domain split on two postfix servers.  The secondary (not the
 default) hosts only a few email accounts so I added them to the
 transport map:
 
 off...@domainchanged.com  dovecot:
 o...@domainchanged.comdovecot:
 reu...@domainchanged.com  dovecot:
 ...
 
 This works for local delivery and accepts email from the primary
 server just fine.  However, when using this secondary server for
 relaying to accounts hosted on the primary the delivery fails:
 
 # telnet localhost 25
 Trying 127.0.0.1...
 Connected to localhost.localdomain.
 Escape character is '^]'.
 220 imail.domainchanged.com ESMTP Postfix (Debian/GNU)
 helo kosmosisland.com
 250 imail.domainchanged.com
 mail from:da...@kosmosisland.com
 250 2.1.0 Ok
 rcpt to:t...@domainchanged.com
 550 5.1.1 t...@domainchanged.com: Recipient address rejected: User unknown 
 in virtual mailbox table
 
 So I added to the transport table at the end:
 
 *   smtp:[mail.domainchanged.com]
 
 mail.domainchanged.com is the primary.  This did not help.  What is
 the trick?

The transport table isn't used for recipient address validation. Remove
the wildcard entry. You must list all of the domain's valid addresses in
the virtual mailbox table.

-- 
Magnus Bäck
mag...@dsek.lth.se

Re: is my server an open relay?

[Jose Alberto]

check your server:   http://www.mxtoolbox.com/

are you server open relay?  You must use smtp autenticate.





2009/8/20 Israel Garcia igalva...@gmail.com:
 My scenario:

 I have a lot of postfix servers, each one, use to sent mail directly
 to internet, so It's difficult to monitor them.
 What I want?

 Put all postfix's of my servers to send all their external mail  to an
 smarthost server in my network.  I mean, the smarthost must receive
 ONLY mail from my servers and relay them mail to internet. Remember I
 have a lot of different servers and domains so I don't know how to
 configure this smarthost becasuse in some way it's becoming an open
 relay.

 My question:
 How can I setup a secure smarthost to my network that receive mail
 ONLY from my servers and  relay all mail directly to Internet? Include
 some configuration if possible.

 regards,
 Israel.




-- 
Jose Alberto Pertuz
GNU-Linux user #452473
Caracas,Venezuela
58+414+1279657

Re: is my server an open relay?

[Israel Garcia]

On Thu, Aug 20, 2009 at 11:32 AM, /dev/rob0r...@gmx.co.uk wrote:
 Please stop the top-posting.
OK, I'm sorry.


 On Thursday 20 August 2009 09:09:34 Israel Garcia wrote:
 This is the postconf -n on my smarthost server.

 myhostname = server.domain
DONE!


 Typically myhostname should be a real DNS name, resolvable from
 outside, and should also be the valus of the PTR for the IP address.

 mynetworks = 127.0.0.0/8  xx.xx.xx.xx  #-- my.network.subnet

 1. Munging essential information will make it impossible for you to
   get real help.
 2. You're going to have to limit this to hosts that you TRUST. If
   that's the empty set, unset it: mynetworks =.

 myorigin = /etc/mailname

 Be sure to read your Debian README for Debian-specific information.

 transport_maps = hash:/etc/postfix/transport

 Why?
DELETED!


 With this conf, only the IPs from mynetworks relay mail throuhg
 the smarthost. BUT, I repeat, users can send mail from their
 servers using any sender address. How can I block this?

 Did you know that this default behavior has always existed for mail
 systems? Did you know that this is a FAQ on this list, I believe
 already asked once this week?

 Is this an actual problem, or a theoretical one? If you have actual
 abusers (senders using external addresses are probably not real
 abusers, but that's for you to decide) revoke their access to your
 network. Political/social problems generally do not have solutions
 that are technological.

theoretical.

 The answer, repeated for you and yet again for the archives, is to
 require and enforce authentication, and use smtpd_sender_login_maps,
 listing sender addresses you allow for each SASL AUTH user.

    http://www.postfix.org/SASL_README.html
    http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps

 You then use reject_authenticated_sender_login_mismatch *before*
 permit_sasl_authenticated in your smtpd_recipient_restrictions.
 --
    Offlist mail to this address is discarded unless
    /dev/rob0 or not-spam is in Subject: header

well, here's my actual postconf -n

append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
disable_vrfy_command = yes
inet_interfaces = all
local_recipient_maps =
local_transport = error:local mail delivery is disabled
mailbox_size_limit = 1024000
mydestination =
myhostname = vps198.domain.xxx
mynetworks = 127.0.0.0/8 67.XXX.XX.0/24
myorigin = /etc/mailname
readme_directory = no
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_unknown_sender_domain,
check_client_access hash:/etc/postfix/access,   permit_mynetworks,
 reject
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_error_sleep_time = 60
smtpd_hard_error_limit = 10
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/recipients, permit_mynetworks,  reject
smtpd_restriction_classes = no_spam
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/blackwhitelist
smtpd_soft_error_limit = 60
virtual_alias_maps = hash:/etc/postfix/virtual

Now that I control all mail on this server, What would add to this
configuration in order to improve the cuality of my mail service.
Thanks.

-- 
Regards;
Israel Garcia

Re: Distribution lists/SPF with Postfix?

[Noel Jones]

Paul Hutchings wrote:

Thanks for the reply.

Can I do this with Postfix and if so, how please?


Control From: header and envelope sender from whatever 
software submits the mail to postfix.


  -- Noel Jones



I did read the address-rewriting help but frankly am struggling to find the 
exact details I need.

This is literally the only distribution list that we have on Postfix and it 
only has a handful of members so I really don't want to have to start looking 
at listserv software just for that.

Paul

-Original Message-
From: owner-postfix-us...@postfix.org on behalf of Noel Jones
Sent: Thu 8/20/2009 3:28 PM
To: postfix-users@postfix.org
Subject: Re: Distribution lists/SPF with Postfix?
 
Paul Hutchings wrote:

No their SPF config works as they want it.  I think perhaps mentioning
SPF was a red herring, what I really want to know is how I can have a
distribution list in a Postfix Virtual Domain that sends with the
envelope (if that's the term) set to something we control and not using
the senders domain/email address *whilst still* making it clear at MUA
level that the original sender is the sender.



Set the envelope sender to something in your domain.  Set the 
From: header, which is what mail clients display, to

something in the client's domain.

Look at this message as an example; your mail client says it's 
from me, but the envelope sender is 
owner-postfix-us...@postfix.org


   -- Noel Jones

Re: Distribution lists/SPF with Postfix?

[mouss]

Paul Hutchings a écrit :
 We have a basic distribution list setup within postfix under a virtual
 domain.
 
 One of the external parties who wants to sent to it has an SPF record in
 place so of course in its current configuration the message is being
 rejected by our SPF, and of course even if we allowed it, it would be
 rejected by the SPF of the recipients mail servers.
 
 At present the message would come directly from sender at
 theirdomain.com.
 
 Is there a way within Postfix to have it originate from distribution
 list at ourdomain.com on behalf of sender at theirdomain.com or
 would I need third party listserv software to do this?
 

use a list manager: mailman or sympa, for example.

Re: Distribution lists/SPF with Postfix?

[Leonardo Rodrigues]

Paul Hutchings escreveu:

This is literally the only distribution list that we have on Postfix and it 
only has a handful of members so I really don't want to have to start looking 
at listserv software just for that.
  


   why not  that would be the correct way of handling a 
distribution list without messing with SPF


   having a single list or thousands of lists doesnt change the fact 
that use a list manager is the correct way of doing that.



--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it

rbl checks, best place

[Dave]

Hello,
I'm running postfix, amavisd-new and spamassassin. Currently in my
postfix smtpd_recipient_restrictions right at the end last thing i have some
rbl checks. I'm wondering if that's the best place for them or should i
disable that and activate them in spamassassin? Suggestions welcome.
Thanks.
Dave.

Re: rbl checks, best place

[Olivier Nicole]

Hi Dave,

   I'm running postfix, amavisd-new and spamassassin. Currently in my
 postfix smtpd_recipient_restrictions right at the end last thing i have some
 rbl checks. I'm wondering if that's the best place for them or should i
 disable that and activate them in spamassassin? Suggestions welcome.

This is a difficult question.

Do you really 100% trust the rbl you are using to have no false
positive (some were listing gmail.com recently)?

If yes, the you can keep the rbl in postfix, it rejects the email at
earlier stage.

If no, you better test rbl in SA, as the rbl test only contributes to
the final score.

I personnally use the second.

Bests,

Olivier

Re: Email server health check?

[email builder]

   I am wondering if anyone has advice on where there are any email health 

 checks online.  I used to use dnsstuff.com but they have since gone 
 commercial.
 
 You have been given links and other suggestions for this that are sound, I 
 would 
 follow those suggestions.
 
   It's frustrating to have your users' emails land in Yahoo or Gmail spam 
 folders, but not be able to understand why.  DNS checks out fine as far as I 
 can 
 tell (tried out intodns.com and did my own DIGging) and all the rest as far 
 as I 
 am able to check.  Checked the big name RBLs and got nothing there, either.
 
 At that point, you sound like you are doing ok.
 
   Where do people turn to try to get feedback on their outgoing emails?  
  Even a 
 spamassassin score checker would be nice, but alas (and specific issues 
 with 
 Yahoo/Gmail are of course nearly hopeless because those companies could care 
 less about us little people).
 
 
 I have around 10 servers that have had issues with yahoo or hotmail or aol, 
 ranging from ending up in the spam folder, to bounces, to eating the messages 
 silently and not providing any data.  I have been able to resolve all cases.

Scott, thank you for the following information/experiences.  I have done a 
little bit of that before, but nowhere near as much as you.  It's good to hear 
someone who has made it work for them.  Generally, I find Google the most 
objectionable as both a postmaster and a end user, because they don't provide 
ANY means of contact that I can tell -- they only provide some Google Groups 
that are dedicated to certain categories of troubles with their services, but 
from what I can tell, they just let the people in those groups/forums babble at 
each other and make wild guesses about various problems and they never chime in 
or actually help anyone themselves.  Maybe they've done interesting things with 
their interfaces and usability and so forth, but their customer service 
approach (we don't have any) makes the likes of hotmail seem pleasant to deal 
with.

Anyway, I'll take your cue and try to stay upbeat about it!  :-)  Thanks again!

 Aol: http://postmaster.aol.com/
 Start there, you need to get into their feedback loop, this will alert you 
 any 
 time someone reports your emails as spam.  They make it hard by only giving a 
 message id, which I find can be tough to track down on a BCC/CC delivery with 
 a 
 lot of aol.com addresses in it.
 
 Apply for their whitelist, follow the feedback loop reports, and act on them, 
 and you will be fine.  Email their support system.  While it will take 10-20 
 frustrating emails, that had they just read the first email in full, you will 
 get unblocked.
 
 * Different providers like different things, some like DKIM, others SPF, and 
 others something more proprietary, you just have to work with them, and you 
 can 
 get in their good graces.
 
 yahoo and hotmail
 http://help.yahoo.com/l/us/yahoo/mail/postmaster/
 http://postmaster.msn.com/
 
 Their general policy is to send to the spam folder, and ask questions later.  
 If 
 they do not do that, and you have a new IP they have never seen, they may 
 accept 
 the message, not deliver it, and not notify anyone about it.  It is all about 
 IP 
 history, if you have none, you are considered a bad guy.
 
 With both providers, you will need to email their support system.  You will 
 fill 
 out a form, asking for attention.  They will reply, asking you to fill out 
 the 
 same form again. They will reply, asking for clarification that you already 
 provided in forms 1 and 2.  Those will then be replied to asking for 
 specifics 
 that you answered in form 3.  This will go on for a while.
 
 I generally see it takes 15 emails back and forth to get resolution. At some 
 point, you will get a survey, to rate their performance on the issue.  This 
 is 
 when you know they have unblocked you.  By filling out the survey, at least 
 with 
 yahoo, that closes the ticket, so unless you have tested you are done, do not 
 fill the survey out until you are sure you are deliverable.
 
 They may get you to a real human, who asks you to do telnet tests, and other 
 things they should be doing on their end by looking at their logs.  Just go 
 through the motions, be polite, or they will drop the email communication and 
 ignore.  The email address of ticket-id-x...@silly-big-provider.example.com 
 will 
 expire and you get to start it all over.
 
 Many of the questions will ask how you manage your mailing lists, which most 
 of 
 the time for me, are not applicable.  Others ask questions about a setup that 
 would not be applicable to an outbound only smtp host for formmail type 
 things.  You sort of just have to logically fill in the blanks.
 
 The up front forms you are filling out are just a process to get you to a 
 real 
 human who will look into your issues.
 
 Be diligent, I have never walked away with emails that could not hit an inbox.
 
 I have not ran into this issue with 

Significant relay delays

[MySQL Student]

Hi,

I have been using an older version of postfix on a relay server for
quite a few years now, without any real incident. It accepts mail from
one or two other servers and forwards it on to an internal Exchange
server on the same network. It handles about 250k messages per day.
It's configured with dual instances.

It seems for the last few months there is an increasing delay in
delivery times and I can't explain why. I suspect something on the
Exchange side because nothing has changed on the postfix server. The
administrators of the Exchange box aren't able to provide any ideas
either. I'm also pretty sure it's not a network issue. After passing
billions of packets there isn't a single error. I'm also pretty sure
DNS is configured properly.

I'm seeing occasions where there will be a constant 50 messages in the
second instance, and as many as 500 at times. The 500 messages may sit
there for a half-hour, and then all of the sudden they are delivered.
However, there remains a constant 50 in the queue with status info
like conversation timed out while sending end of data -- message may
be sent more than once or Error: timeout exceeded (in reply to end
of DATA command).

The messages may sit in the queue for even a few weeks, and I assume
are eventually delivered.

In my mail log, I see info like the following:

Aug 20 01:08:12 bocmailrelay POSTFIX_F/smtp[1186]: C638B1A8008: to=marie
l...@example.com, relay=mail.example.com[xxx.yyy.zzz.3], delay=625109, st
atus=deferred (conversation with mail.example.com[xxx.yyy.zzz.3] timed out
while sending end of data -- message may be sent more than once)

I'm having difficulty discerning messages entering the second queue
(with delay=0, typically) and messages being
queued because they couldn't immediately be delivered. Is there an
easier way to establish which messages are
being queued because they couldn't easily be delivered?

I thought I would try debug_peer_list and increase logging to try
and get information on delays from a specific domain, but I'm not sure
that is what this variable is used for. Is there another way to
increase logging either for a specific domain or for this problem to
better troubleshoot it?

Thanks,
Alex Hayes

Re: Significant relay delays

[Olivier Nicole]

Hi,

This is just a wild guess...

 I'm also pretty sure it's not a network issue. After passing
 billions of packets there isn't a single error. I'm also pretty sure
 DNS is configured properly.

Have you checked the connection between postfix and the exchange
machines? After some years, a cable can get bad, lousy, and the
packets would not pass so reliably anymore. After moving a
machine/wandering around a rack cabinet, one may have step on a cable
and disconnect it or damage it.

Bests,

Olivier

Re: rbl checks, best place

[/dev/rob0]

On Thursday 20 August 2009 22:56:31 Olivier Nicole wrote:
  I'm running postfix, amavisd-new and spamassassin. Currently in my
  postfix smtpd_recipient_restrictions right at the end last thing i have
  some rbl checks. I'm wondering if that's the best place for them or
  should i disable that and activate them in spamassassin? Suggestions
  welcome.

 This is a difficult question.

I disagree.

First part I'd pick on is some rbl checks. Know your DNSBL. Read
their policies. Subscribe to announce lists if they offer it. Many
HOWTOs you might find on the 'net show an assortment of DNSBLs being
queried, and beginners quite foolishly copy that assortment without
thought. Big mistake!

The only DNSBL I would recommend for widespread use is Zen,
http://www.spamhaus.org/zen/ . The Caution advised is easily
addressed in Postfix by putting restrictions to permit relaying ahead
of the reject_rbl_client lookup: precisely as Dave has it. But do note
that there's a risk in using a DNSBL in content inspection.

 Do you really 100% trust the rbl you are using to have no false
 positive (some were listing gmail.com recently)?

1. Again, know your DNSBL.
2. Gmail is not squeaky clean, it's no surprise that they end up in
   DNSBLs at times. I think this was SORBS. They also get into the
   automated Spamcop DNSBL. It's not a false positive, because they
   were listed for actually relaying spam. (Most of the 419's I see
   tend to come from gmail.)
3. If Zen makes a mistake or gets too aggressive, I guarantee yours
   will not be the only site blocking mail from that sender. The
   sending site is going to have to resolve the issue.
4. Quite often the real mail blocked by Zen is XBL. That's typically
   important as a wake-up call to the administrator of the blocked
   site; perhaps they have a virus or 37 spewing. (BTDT, myself.)
5. A reject_rbl_client false positive results in the sender getting
   an immediate bounce. The sender knows the mail was not delivered.
   Rejection in a post-queue content_filter requires the difficult
   choice: do you bounce, and risk getting yourself listed as a
   backscatter source? Or, do you deliver to quarantine, and risk
   having real mail lost in the deluge? Or, do you just give it all
   to our friend Dave Null, and ensure that real mail will be lost
   sooner or later?

 If yes, the you can keep the rbl in postfix, it rejects the email
 at earlier stage.

 If no, you better test rbl in SA, as the rbl test only contributes
 to the final score.

 I personnally use the second.

And that's a misuse of a good RBL. Sure, some of them are more
appropriate in scoring. Don't use those with reject_rbl_client.

It's also a huge waste of bandwidth and resources. It varies from
site-to-site and even from user-to-user, but my rough unscientific
estimate is that about 90% of all SMTP traffic is abuse. What is the
point in filtering through all that garbage, only to make your mail
less safe and reliable than it would have been, if using the DNSBL
properly?

The choice is clear, to me.
-- 
Offlist mail to this address is discarded unless
/dev/rob0 or not-spam is in Subject: header

Re: rbl checks, best place

[Olivier Nicole]

  This is a difficult question.
 I disagree. 

Just that because you disagree makes the question not simple :)

 2. Gmail is not squeaky clean, it's no surprise that they end up in

Of course, but then it gets people complaining why they cannot receive
mails from gmail.

 5. A reject_rbl_client false positive results in the sender getting
an immediate bounce. The sender knows the mail was not delivered.

Then you are lucky, your are only dealing with educated
senders. Regular sender will disregard/delete a bounce message and
will simply complain his message was not delivered.

 1. Again, know your DNSBL.
 3. If Zen makes a mistake or gets too aggressive, I guarantee yours
will not be the only site blocking mail from that sender. The
sending site is going to have to resolve the issue.

That means you must spend more time on checking that the quality of
the RBL you are using is constant.

Olivier

Re: Xserve running Mac OS X

[The Doctor]

On Thu, Aug 20, 2009 at 10:38:42AM -0400, Brian Evans - Postfix List wrote:
 The Doctor wrote:
  Right I have the following colocated box with
  the following configuration:
 
 
  $postconf -n
 
  mailbox_command = /usr/bin/procmail
  mailbox_transport = cyrus

 
 mailbox_transport takes precidence over mailbox_command.. so procmail is
 never called by Postfix
 
  relayhost = $mydomain

 Remove this.  It may cause mail loops.
 It's purpose is the default, next-hop destination of mail NOT meant for
 your machine.
  The DNS are pointing to this box as MX and when I do a local
  test, no log nor delivery is 
  taking place.
 
  What do I need to fix?
 

 
 Logging is done by your system via syslog calls.
 Postfix does not log directly.
 
 Without logs, we cannot tell what is going on.

One moment I got:

tail /var/log/mail.log
Aug 20 21:44:28 Xserve-002436F349EE postfix/postfix-script[57707]: fatal: the 
Postfix mail system is not running
Aug 20 21:44:31 Xserve-002436F349EE postfix/postfix-script[57710]: fatal: the 
Postfix mail system is not running
Aug 20 21:44:31 Xserve-002436F349EE postfix/postfix-script[57713]: fatal: the 
Postfix mail system is not running
Aug 20 21:44:32 Xserve-002436F349EE postfix/postfix-script[57716]: fatal: the 
Postfix mail system is not running
Aug 20 21:44:34 Xserve-002436F349EE postfix/postfix-script[57718]: fatal: 
usage: postfix start (or stop, reload, abort, flush, check, set-permissions, 
upgrade-configuration)
Aug 20 21:44:37 Xserve-002436F349EE postfix/master[57766]: fatal: open lock 
file pid/master.pid: unable to set exclusive lock: Resource temporarily 
unavailable
Aug 20 21:44:47 Xserve-002436F349EE postfix/master[57768]: fatal: open lock 
file pid/master.pid: unable to set exclusive lock: Resource temporarily 
unavailable
Aug 20 21:44:57 Xserve-002436F349EE postfix/master[57779]: fatal: open lock 
file pid/master.pid: unable to set exclusive lock: Resource temporarily 
unavailable
Aug 20 21:45:07 Xserve-002436F349EE postfix/master[57782]: fatal: open lock 
file pid/master.pid: unable to set exclusive lock: Resource temporarily 
unavailable 

-- 
Member - Liberal International  This is doc...@nl2k.ab.ca
Ici doc...@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
The fool says in his heart, There is no God. They are corrupt, and their ways 
are vile; there is no one who does good. - Ps 53:1