Re: groups other than the primary one are ignored
On Tue, 01 Sep 2009, jo...@mail.hfa3.org wrote: > /*set_ugid() sets the real, effective and saved user and group process > /*attributes and updates the process group access list to be just the > /*user's primary group. This operation is irreversible. > > Having postfix pay attention to all the user's groups would be a nice > feature. It is not important for me any longer, now that I understand > postfix only uses the primary group id, but it may save some other > person some hunting in the future. This topic has been discussed many times on the list. Search the archives. For example: http://article.gmane.org/gmane.mail.postfix.user/133410. -- Sahil Tandon
Re: Block Email sent to one account
For complex access controls, use either smtpd_restriction_classes or a policy service such as postfwd. http://www.postfix.org/RESTRICTION_CLASS_README.html http://www.postfix.org/SMTPD_POLICY_README.html http://postfwd.org/ -- Noel Jones great, I got what I want by implementing this: http://www.postfix.org/RESTRICTION_CLASS_README.html#internal thanks. Bonar
groups other than the primary one are ignored
If my .forward contains: /tmp/test/maildir/ And /tmp/test is owned by another user: $ ls -lrtd /tmp/test drwxrwx--- 2 root users 6 2009-09-01 19:19 /tmp/test And I belong to the following groups (notice I belong to users, but my primary group is wheel): $ id -n -G wheel floppy audio video cdrom fuse plugdev scanner users And my user id is jonny: $ id -n -u jonny Then, when mail is sent to jonny, it bounces, and in /var/mail.log I get: Sep 1 19:36:57 (none) postfix/local[5730]: warning: maildir access problem for UID/GID=1000/10: create maildir file /tmp/test/maildir/tmp/1251859017.P5730.augustine: Permission denied Sep 1 19:36:57 (none) postfix/local[5730]: warning: perhaps you need to create the maildirs in advance Sep 1 19:36:57 (none) postfix/bounce[5738]: 511C3A13D87: sender non-delivery notification: 6F8E0A13D89 Sep 1 19:36:57 (none) postfix/qmgr[5333]: 511C3A13D87: removed Sep 1 19:36:57 (none) postfix/local[5730]: 6F8E0A13D89: to=, relay=local, delay=0.1, delays=0.03/0/0/0.06, dsn=5.2.0, status=bounced (maildir delivery failed: create maildir file /tmp/test/maildir/tmp/1251859017.P5730.augustine: Permission denied) I think this may be by intention, as I find in set_ugid.c: /* set_ugid() sets the real, effective and saved user and group process /* attributes and updates the process group access list to be just the /* user's primary group. This operation is irreversible. I worked around the issue by doing: $ sudo chown jonny /tmp/test Having postfix pay attention to all the user's groups would be a nice feature. It is not important for me any longer, now that I understand postfix only uses the primary group id, but it may save some other person some hunting in the future.
Re: How to block spammers appearing as local users?
On Tue, 01 Sep 2009, Benny Pedersen wrote: > On tir 01 sep 2009 02:20:26 CEST, LuKreme wrote >> On 31-Aug-2009, at 08:07, nunatarsuaq wrote: >>> Aug 30 11:46:28 ghost postfix/smtpd[26223]: connect from >>> ppp-124-122-30-5.revip2.asianet.co.th[124.122.30.5] >> WHy are you accepting mail from an obvious DHCP address? > > who says this ip is dynamic, just becurse the hostname look like it is ? Oh please; just use some common sense and basic heuristics. -- Sahil Tandon
Re: Simple filter via pipe
On Tue, 01 Sep 2009, rank1see...@gmail.com wrote: > - Original Message - > From: Sahil Tandon > To: postfix-users@postfix.org > Date: Mon, 31 Aug 2009 23:37:56 -0400 > Subject: Re: Simple filter via pipe > > > On Tue, 01 Sep 2009, rank1see...@gmail.com wrote: > > > > > > I don't believe I can help you any further. > > > > > > I think it is about me comprehending pipe term. > > > I know how data is piped from one command to another or from file, or > to > > > file descriptor, etc. Ie: output only mp3 files from current dir list > > > # ls -al | grep *.mp3 > > > > > > So what does "sendmail is a pipe" means, in this context? > > > > At your shell, type 'man 8 pipe' and read carefully. > > Thanks. On FreeBSD that is section 2 > http://www.freebsd.org/cgi/man.cgi?query=pipe&sektion=2&apropos=0&manpath=FreeBSD+7.2-RELEASE > > I've read it and still have no logical clue. It seems Noel was right: you need to learn your basics before moving forward with Postfix. See 'Explanations of Man Sections' here: http://www.freebsd.org/cgi/man.cgi -- Sahil Tandon
Re: senderbase + postfix some experiences ?
David Touzeau a écrit : > Dear > > I try to find any wiki or any help in order to integrate SenderBase > ( http://www.senderbase.org ) check process in postfix. > > Did anyone have some experiences on it ? > If it is success ? > How to implement it ? > senderbase provides reputation. it should not be used to reject mail. I use it (manually) to confirm snowshoe spam networks, which are listed locally. > Best regards? > > >
Re: How to block spammers appearing as local users?
Benny Pedersen a écrit : > On tir 01 sep 2009 02:20:26 CEST, LuKreme wrote >> On 31-Aug-2009, at 08:07, nunatarsuaq wrote: >>> Aug 30 11:46:28 ghost postfix/smtpd[26223]: connect from >>> ppp-124-122-30-5.revip2.asianet.co.th[124.122.30.5] >> WHy are you accepting mail from an obvious DHCP address? > > who says this ip is dynamic, just becurse the hostname look like it is ? > it doesn't matter whether it's dynamic or not. if "they" want to send mail, they can find a better PTR. if you know about legitimate mail from *.revip2.asianet.co.th, please share. > it would have being wonderfull if it was that easy in this particular case, it's easy.
Re: How to block spammers appearing as local users?
On Tue, 01 Sep 2009 22:30:48 +0200 Benny Pedersen wrote: > On tir 01 sep 2009 02:20:26 CEST, LuKreme wrote > > On 31-Aug-2009, at 08:07, nunatarsuaq wrote: > >> Aug 30 11:46:28 ghost postfix/smtpd[26223]: connect from > >> ppp-124-122-30-5.revip2.asianet.co.th[124.122.30.5] > > WHy are you accepting mail from an obvious DHCP address? > > who says this ip is dynamic, just becurse the hostname look like it > is ? > > it would have being wonderfull if it was that easy I can tell from looking at it that it's not only a dynamic IP address, but that the hostname was originally configured for dialup, but that's not to say that I would want to try to maintain a regex filter. That's what PBL is for: http://www.spamhaus.org/pbl/index.lasso All that's being said here is to use the standard tools first. Breaking protocol isn't clever. We have enough annoyances as mail administrators with the large operations that knowingly do aggravating things without providing tech support for those who try to be clever without the payroll to handle the problems they cause themselves. Do you honestly think that you're the first one to think of this 'solution' to this class of spam? Chris signature.asc Description: PGP signature
Re: Block Email sent to one account
On tir 01 sep 2009 10:40:09 CEST, utahnix wrote I'd think there's a way to do this on Postfix, but if you're running Cyrus IMAP in conjunction with Postfix, you could accomplish the same thing with a sieve script. Just a thought. dont know how cyrus-imap handle sieve reject, if it reject in mta its fine, but dovecot sieve does a accept bounce, so make sure what to do in sieve i found this problem in my own dovecot when a user pointed me to my logs i belive exim with sieve does not have this problem, since sieve is in mta level, but how is the lda so :/ -- xpoint
Re: How to block spammers appearing as local users?
On tir 01 sep 2009 02:20:26 CEST, LuKreme wrote On 31-Aug-2009, at 08:07, nunatarsuaq wrote: Aug 30 11:46:28 ghost postfix/smtpd[26223]: connect from ppp-124-122-30-5.revip2.asianet.co.th[124.122.30.5] WHy are you accepting mail from an obvious DHCP address? who says this ip is dynamic, just becurse the hostname look like it is ? it would have being wonderfull if it was that easy -- xpoint
Re: attachment manipulations
At 10:58 AM 9/1/2009, you wrote: Hi guys I hope some of you can help in this work around I need to do. My internet conection is a very slow one, and most of the email clients are on dialup, so I need to enforce limits to the message size. I'm thinking in those email that arrive with big attachments, some of them are high res pics, or .pps so I'm thinking how can I get the email, extract the attachments, make resolution lower of the images to decrease size (using GD maybe), and rebuild the original message with the modified images. In case of .pps I can compress them. That way I can make smaller the dialup times. Have some of you some ideas about how can I do that? Maybe a filter? I apreciate any colaboration. I'm pretty sure I saw you ask this a few weeks ago with no response, so likely no one has an answer, but IMHO messing with attachments is a bad idea. I sure wouldn't like to have images changed on me. So then if I become the 'exception' - the person who WANTS to see the images at whatever resolution they come to me at, I'm SOL? Maybe a better idea - and this is still something postfix can't (AFAIK) do by itself - strip the attachments and put them onto a seperate folder. Perhaps that's a better solution - remove the attachments from the message, and put them on a FTP folder a user can access. But then you better be ready to start supporting FTP, and walking customers through downloading a FTP program, setting it up, etc. Maybe install webmail? And then if people can log into webmail if they have a large attachment?
senderbase + postfix some experiences ?
Dear I try to find any wiki or any help in order to integrate SenderBase ( http://www.senderbase.org ) check process in postfix. Did anyone have some experiences on it ? If it is success ? How to implement it ? Best regards?
attachment manipulations
Hi guys I hope some of you can help in this work around I need to do. My internet conection is a very slow one, and most of the email clients are on dialup, so I need to enforce limits to the message size. I'm thinking in those email that arrive with big attachments, some of them are high res pics, or .pps so I'm thinking how can I get the email, extract the attachments, make resolution lower of the images to decrease size (using GD maybe), and rebuild the original message with the modified images. In case of .pps I can compress them. That way I can make smaller the dialup times. Have some of you some ideas about how can I do that? Maybe a filter? I apreciate any colaboration. Thanks David
Re: Block Email sent to one account
On 9/1/2009 2:57 AM, Bonar Gultom wrote: dear all, I want to ask how to block e-mail sent to one account, let say f...@domain.com. But we can make whitelist too who can sent e-mail to f...@domain.com. I mean like this example: b...@domain.com, a...@example.com, and d...@yahoo.com can send email to f...@domain.com. But other than those three account, email sent to f...@domain.com will be block. I hope you can understand my question and help me to this problem. thank you very much Warm Regards, Bonar Gultom For complex access controls, use either smtpd_restriction_classes or a policy service such as postfwd. http://www.postfix.org/RESTRICTION_CLASS_README.html http://www.postfix.org/SMTPD_POLICY_README.html http://postfwd.org/ -- Noel Jones
Re: Simple filter via pipe
rank1see...@gmail.com wrote: > > Thanks. On FreeBSD that is section 2 > http://www.freebsd.org/cgi/man.cgi?query=pipe&sektion=2&apropos=0&manpath=FreeBSD+7.2-RELEASE > > I've read it and still have no logical clue. # uname -r 7.2-RELEASE-p2 # man 8 pipe Formatting page, please wait...Done. PIPE(8) NAME pipe - Postfix delivery to external command SYNOPSIS [snip] HTH, Mikael
Re: Simple filter via pipe
On Tue, 1 Sep 2009, rank1see...@gmail.com wrote: - Original Message - From: Sahil Tandon To: postfix-users@postfix.org Date: Mon, 31 Aug 2009 23:37:56 -0400 Subject: Re: Simple filter via pipe On Tue, 01 Sep 2009, rank1see...@gmail.com wrote: I don't believe I can help you any further. I think it is about me comprehending pipe term. I know how data is piped from one command to another or from file, or to file descriptor, etc. Ie: output only mp3 files from current dir list # ls -al | grep *.mp3 So what does "sendmail is a pipe" means, in this context? At your shell, type 'man 8 pipe' and read carefully. Thanks. On FreeBSD that is section 2 http://www.freebsd.org/cgi/man.cgi?query=pipe&sektion=2&apropos=0&manpath=FreeBSD+7.2-RELEASE I've read it and still have no logical clue. You read the FreeBSD pipe system call man page 'man 2 pipe'? Sahil does in fact mean 'man 8 pipe'. That is where the man page for the Postfix pipe delivery is located.
Re: Simple filter via pipe
- Original Message - From: Sahil Tandon To: postfix-users@postfix.org Date: Mon, 31 Aug 2009 23:37:56 -0400 Subject: Re: Simple filter via pipe > On Tue, 01 Sep 2009, rank1see...@gmail.com wrote: > > > > I don't believe I can help you any further. > > > > I think it is about me comprehending pipe term. > > I know how data is piped from one command to another or from file, or to > > file descriptor, etc. Ie: output only mp3 files from current dir list > > # ls -al | grep *.mp3 > > > > So what does "sendmail is a pipe" means, in this context? > > At your shell, type 'man 8 pipe' and read carefully. > > -- > Sahil Tandon > Thanks. On FreeBSD that is section 2 http://www.freebsd.org/cgi/man.cgi?query=pipe&sektion=2&apropos=0&manpath=FreeBSD+7.2-RELEASE I've read it and still have no logical clue.
Re: Applying Unix quota
Hi, > > Hence I would like to have a sort of > > smtpd_end_of_data_restrictions = check_policy_service something > > that could accept/reject the mail before it is being handled to the MDA. > > You could write a policy service to do this, or simply use a utility outside > of Postfix to update an access(5) map that sends 4xx or 5xx responses for > users that exceed quota. I have written the table, it send DUNNO or REJECT depending whether the user is over quota or not. Where is the best place to hook that table in Postfix? smtpd_recipient_restrictions = check_recipient_access ldap:... May not be the best choice because it seems it is check before the aliases are expanded, so if a user over quota is part of an alias, the message will not boun ce for that user. Bests, Olivier alias_maps = hash:/etc/aliases, ldap:$config_directory/ldap_user_alias, ldap:$config_directory/ldap_deleted_alias, ldap:$config_directory/l dap_user_alias_fullname,ldap:$config_directory/ldap_deleted_alias_fullna me, ldap:$config_directory/ldap_alias command_directory = /usr/local/sbin config_directory = /usr/local/ETC content_filter = smtp-amavis:[localhost]:10024 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = /usr/local/share/doc/postfix inet_interfaces = $myhostname, localhost local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated local_recipient_maps = unix:passwd.byname, $alias_maps,ldap:$config_dir ectory/ldap_local_recipient mail_owner = postfix mailbox_command = /usr/local/bin/procmail -t -a $HOME mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man masquerade_domains = cs.ait.ac.th masquerade_exceptions = root mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$my domain, ufo.$mydomain, banyan.$mydomain, ldap.$mydomain,door.$mydomain, firewall.$mydomain, dns.$mydomain, amanda.$mydomain,database.$mydomain, sysl .$mydomain, mailback.$mydomain, csim.ait.asia mydomain = cs.ait.ac.th mynetworks = 192.41.170.0/24, 203.159.32.0/32 myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix recipient_canonical_maps = ldap:$config_directory/ldap_user_uncanonical, ldap:$config_directory/ldap_deleted_uncanonical relay_domains = cs.ait.ac.th, vgl-vforge.cs.ait.ac.th, ait.ac.th, dec.ait.ac.th, interlab.ait.ac.th, gmseenet.org sample_directory = /usr/local/etc sender_canonical_maps = ldap:$config_directory/ldap_canonical sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_tls_loglevel = 2 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/run/postfix/smtp_scache smtp_tls_session_cache_timeout = 3600s ...skipping... smtpd_client_restrictions = check_client_access cidr:$config_directory/amavis_by pass smtpd_recipient_restrictions = check_recipient_access ldap:$config_directory/lda p_accesspermit_mynetworkspermit_sasl_authenticatedreject _unauth_destination check_policy_service inet:127.0.0.1:10023 smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_CAfile = /usr/local/ssl/ca/ait-itserv.crt smtpd_tls_auth_only = yes smtpd_tls_cert_file = /usr/local/ssl/crt/combined/mail.cs.ait.ac.th.pem smtpd_tls_key_file = /usr/local/ssl/key/mail.cs.ait.ac.th.key smtpd_tls_loglevel = 1 smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/run/postfix/smtpd_scache smtpd_tls_session_cache_timeout = 3600s tls_daemon_random_bytes = 32 tls_random_bytes = 32 tls_random_exchange_name = /var/run/postfix/prng_exch tls_random_prng_update_period = 3600s tls_random_reseed_period = 3600s tls_random_source = dev:/dev/urandom transport_maps = hash:/usr/local/etc/transport unknown_local_recipient_reject_code = 550
Re: Block Email sent to one account
Bonar Gultom wrote: > dear all, > > I want to ask how to block e-mail sent to one account, let say > f...@domain.com. But we can make whitelist too who can sent e-mail to > f...@domain.com. I mean like this example: > b...@domain.com, a...@example.com, and d...@yahoo.com can send email to > f...@domain.com. But other than those three account, email sent to > f...@domain.com will be block. > > I hope you can understand my question and help me to this problem. > thank you very much > > Warm Regards, > > Bonar Gultom > I'd think there's a way to do this on Postfix, but if you're running Cyrus IMAP in conjunction with Postfix, you could accomplish the same thing with a sieve script. Just a thought.
Block Email sent to one account
dear all, I want to ask how to block e-mail sent to one account, let say f...@domain.com. But we can make whitelist too who can sent e-mail to f...@domain.com. I mean like this example: b...@domain.com, a...@example.com, and d...@yahoo.com can send email to f...@domain.com. But other than those three account, email sent to f...@domain.com will be block. I hope you can understand my question and help me to this problem. thank you very much Warm Regards, Bonar Gultom
