Re: cannot find your hostname

[Sahil Tandon]

On Wed, 02 Sep 2009, Scott Haneda wrote:

> On Sep 2, 2009, at 4:07 PM, Sahil Tandon wrote:
>
>> As clearly documented in postconf(5),
>
> How exactly does one get to that man page?
> man postconf
> That of course works.

That "works" because, absent a section specification, man(1) will only
display the first manual page it finds in MANPATH.

> man postconf(5)
>   -bash: syntax error near unexpected token `('
> man postconf5
>   No manual entry for postconf5

The correct syntax is documented in the man(1) manpage. :-)

> Does this imply there are version 1, 2, 3, and 4 as well?  How do I find 
> out?

To see which manual sections contain a 'postconf' page:

 % man -wa postconf
 /usr/local/man/man1/postconf.1.gz
 /usr/local/man/man5/postconf.5.gz

-- 
Sahil Tandon 

Re: cannot find your hostname

[LuKreme]

On 2-Sep-2009, at 17:02, /dev/rob0 wrote:

On Wednesday 02 September 2009 17:46:38 LuKreme wrote:

The rDNS is wrong, but does reject_unknown_hostname
care about that?


You seem to be confusing several restrictions here.


Actually, I merely typoed. I do not have "reject_unknown_hostname"

smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
permit

smtpd_recipient_restrictions =
 reject_non_fqdn_sender,
 reject_non_fqdn_recipient,
 reject_unknown_sender_domain,
 reject_invalid_hostname,
 permit_mynetworks,
 check_client_access hash:$config_directory/pbs,
 permit_sasl_authenticated,
 reject_unauth_destination,
 reject_unlisted_recipient,
 reject_unlisted_sender,
 reject_unknown_reverse_client_hostname,
 warn_if_reject reject_unknown_client_hostname,
 [Checks go here]



2. reject_unknown_reverse_client_hostname rejects if there is no PTR
for an IP address. It doesn't enforce FCrDNS[1]. If a PTR is found,
that's good enough.

3. reject_unknown_client_hostname rejects if the FCrDNS fails.

In your case, it was probably #2 or #3 in warn_if_reject mode,


Exactly right, as you can see from above.


because the logged message says, "Client host rejected: ..." A HELO
restriction would say "HELO command rejected: ..."



--
Outside of a dog, a book is a man's best friend. Inside of a dog,
it's too dark to read.

Re: cannot find your hostname

[LuKreme]

On 2-Sep-2009, at 20:40, Scott Haneda wrote:

On Sep 2, 2009, at 4:07 PM, Sahil Tandon wrote:


As clearly documented in postconf(5),


How exactly does one get to that man page?


man 5 postconf


--
Did they get you to trade your heroes for ghosts? Hot
ashes for trees? Hot air for a cool breeze? Cold comfort
for change?

Re: cannot find your hostname

[Marcel Montes]

Scott Haneda さんは書きました:

man postconf(5)
-bash: syntax error near unexpected token `('
man postconf5
No manual entry for postconf5

Does this imply there are version 1, 2, 3, and 4 as well? How do I 
find out?


The number specifies the section, not version.

$ man 5 postconf
$ whereis postconf
postconf: /usr/sbin/postconf /usr/share/man/man5/postconf.5.gz 
/usr/share/man/man1/postconf.1.gz


So postconf has sections 1 and 5 available.

RE: cannot find your hostname

[Terry Gilsenan]

On Sep 2, 2009, at 4:07 PM, Sahil Tandon wrote:

> As clearly documented in postconf(5),

How exactly does one get to that man page?
man postconf
That of course works.

man postconf(5)
-bash: syntax error near unexpected token `('
man postconf5
No manual entry for postconf5

like this..:

man 5 postconf


Does this imply there are version 1, 2, 3, and 4 as well?  How do I
find out?
--
Scott * If you contact me off list replace talklists@ with scott@ *

Re: cannot find your hostname

[Scott Haneda]

On Sep 2, 2009, at 4:07 PM, Sahil Tandon wrote:


As clearly documented in postconf(5),


How exactly does one get to that man page?
man postconf
That of course works.

man postconf(5)
-bash: syntax error near unexpected token `('
man postconf5
No manual entry for postconf5

Does this imply there are version 1, 2, 3, and 4 as well?  How do I  
find out?

--
Scott * If you contact me off list replace talklists@ with scott@ *

Re: Converting Sendmail to Postfix

[Noel Butler]

On Wed, 2009-09-02 at 15:54 -0600, Scott Miller wrote:

> I'm having a bit of an issue I'm hoping someone can help me out with.  I've
> recently replaced Sendmail with Postfix, and so far so good.  I also ran a
> script written by Russel Nelson that converts all e-mail located in
> /var/spool/mail to a Maildir format.  That seemed to work just great.  Now,
> my issue is with how squirrelmail handles the messages.  Squirrelmail can
> not see customer's custom folders that have been created, nor can they see
> any old messages - only new messages are visible.  Is there any way to
> convert how Squirrelmail looks at these messages, or any way to convert the
> old folders to the new format?  Anyone with experience with this?  Any help
> would be greatly appreciated.


Scott, make sure your pop/imap server knows about the change from mbox
to maildir.
Squirrelmail is only talking to IMAP, so research your IMAP/POP server
software.

Re: cannot find your hostname

[Sahil Tandon]

On Wed, 02 Sep 2009, LuKreme wrote:

> what exactly does "Cannot find your hostname" mean?
>
> NOQUEUE: reject_warning: RCPT from unknown[216.1.201.141]: 450 4.7.1  
> Client host rejected: cannot find your hostname, [216.1.201.141];  
> from= to= proto=SMTP 
> helo=
>
> ;; ANSWER SECTION:
> wellmissionstyle.com. 6402IN  A   216.1.201.164
>
> $ host 216.1.201.141
> 141.201.1.216.in-addr.arpa domain name pointer unite13.ufot.com.
>
> the mailserver (I'm sure it's a spammer, but still) gives the "right"  
> hostname based on the domains DNS, but it's still tagged as unknown. The 
> rDNS is wrong, but does reject_unknown_hostname care about that?

As clearly documented in postconf(5), reject_unknown_hostname is a deprecated
reference to reject_unknown_helo_hostname, and thus unrelated to the client
hostname.  The *client* host above is being rejected because of
reject_unknown_client_hostname, which rejects a request when "1) the client
IP address->name mapping fails, 2) the name->address mapping fails, or 3) the
name->address mapping does not match the client IP address."

In your follow-up, you already determined which one of these tests triggered
the rejection.

-- 
Sahil Tandon 

Re: cannot find your hostname

[/dev/rob0]

On Wednesday 02 September 2009 17:46:38 LuKreme wrote:
> what exactly does "Cannot find your hostname" mean?
>
> NOQUEUE: reject_warning: RCPT from unknown[216.1.201.141]: 450 4.7.1
> Client host rejected: cannot find your hostname, [216.1.201.141];
> from= to=
> proto=SMTP helo=
>
> ;; ANSWER SECTION:
> wellmissionstyle.com. 6402IN  A   216.1.201.164
>
> $ host 216.1.201.141
> 141.201.1.216.in-addr.arpa domain name pointer unite13.ufot.com.

$ host 216.1.201.141
Host 141.201.1.216.in-addr.arpa. not found: 3(NXDOMAIN)

... is what I get.

> the mailserver (I'm sure it's a spammer, but still) gives the
> "right" hostname based on the domains DNS, but it's still tagged
> as unknown. The rDNS is wrong, but does reject_unknown_hostname
> care about that? 

You seem to be confusing several restrictions here.

1. reject_unknown_hostname is the deprecated form, now known as
reject_unknown_helo_hostname. It attempts to resolve the HELO
hostname, rejects if that fails to resolve.

2. reject_unknown_reverse_client_hostname rejects if there is no PTR
for an IP address. It doesn't enforce FCrDNS[1]. If a PTR is found,
that's good enough.

3. reject_unknown_client_hostname rejects if the FCrDNS fails.

In your case, it was probably #2 or #3 in warn_if_reject mode,
because the logged message says, "Client host rejected: ..." A HELO
restriction would say "HELO command rejected: ..."


[1] http://en.wikipedia.org/wiki/FCrDNS
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: cannot find your hostname

[LuKreme]

On 2-Sep-2009, at 16:46, LuKreme wrote:

what exactly does "Cannot find your hostname" mean?


Never mind. Found the answer a few seconds after hitting send.


$ host 216.1.201.141
141.201.1.216.in-addr.arpa domain name pointer unite13.ufot.com.


$ host unite13.ufot.com
Host unite13.ufot.com not found: 3(NXDOMAIN)


--
It was intended that when Newspeak had been adopted once and for
all and Oldspeak forgotten, a heretical thought...should be
literally unthinkable, at least so far as thought is dependent
on words.

cannot find your hostname

[LuKreme]

what exactly does "Cannot find your hostname" mean?

NOQUEUE: reject_warning: RCPT from unknown[216.1.201.141]: 450 4.7.1  
Client host rejected: cannot find your hostname, [216.1.201.141];  
from= to=  
proto=SMTP helo=


;; ANSWER SECTION:
wellmissionstyle.com.   6402IN  A   216.1.201.164

$ host 216.1.201.141
141.201.1.216.in-addr.arpa domain name pointer unite13.ufot.com.

the mailserver (I'm sure it's a spammer, but still) gives the "right"  
hostname based on the domains DNS, but it's still tagged as unknown.  
The rDNS is wrong, but does reject_unknown_hostname care about that?





--
Today the road all runners come/Shoulder high we bring you home.
And set you at your threshold down/Townsman of a stiller
town.

Re: question about logging of blocks resulting from message_size_limit

[/dev/rob0]

Please do not top-post your replies. Thank you.

On Wednesday 02 September 2009 17:03:20 Christopher Adams wrote:
> Thank you for your reply. I did find the bounce that indicates
> that the limit had been exceeded. I thought that the logs might
> also reflect that it had been blocked.

Only if it was actually blocked by your server, such as if the DATA
had been sent and was in excess of your limit. ESMTP is designed to
avoid this, as the ESMTP server tells the client its size limit in
response to EHLO.

What seems to have happened in your case is that the client
disconnected without attempting to send the message, which is the
proper thing to do.

> Another question - can the message that the sender receives be
> modified? 

If the connecting client was Postfix, and you control it, see the
bounce(5) man page. Of course you cannot modify bounces sent by
systems you do not control.

But in many cases you can customize the rejection seen by the
connecting client. See the SMTPD_ACCESS_README and access(5) for
details.
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: Converting Sendmail to Postfix

[Sahil Tandon]

On Wed, 02 Sep 2009, Scott Miller wrote:

> I'm having a bit of an issue I'm hoping someone can help me out with.  I've
> recently replaced Sendmail with Postfix, and so far so good.  I also ran a
> script written by Russel Nelson that converts all e-mail located in
> /var/spool/mail to a Maildir format.  That seemed to work just great.  Now,
> my issue is with how squirrelmail handles the messages.  Squirrelmail can
> not see customer's custom folders that have been created, nor can they see
> any old messages - only new messages are visible.  Is there any way to
> convert how Squirrelmail looks at these messages, or any way to convert the
> old folders to the new format?  Anyone with experience with this?  Any help
> would be greatly appreciated.

It appears your question has nothing to do with Postfix.  You will probably
have better luck with this on the squirrelmail or IMAP server mailing lists.

-- 
Sahil Tandon 

Re: question about logging of blocks resulting from message_size_limit

[Christopher Adams]

Thank you for your reply. I did find the bounce that indicates that
the limit had been exceeded. I thought that the logs might also
reflect that it had been blocked.

Another question - can the message that the sender receives be modified?

On Wed, Sep 2, 2009 at 1:17 PM, Victor
Duchovni wrote:
> On Wed, Sep 02, 2009 at 01:04:30PM -0700, Christopher Adams wrote:
>
>> I have modified the message_size_limit in main.cf and restarted
>> postfix. If I send messages under the size specified, they are
>> delivered normally. If the message is over the limit, the message is
>> not delivered, but there is no entry in the /var/log/maillog that
>> shows that it was blocked.
>
> Messages over the size limit are not typically blocked. Rather the
> sending system sees the size limit and does even send the message,
> returning a bounce to the sender instead.
>
> --
>        Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> 
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>



-- 
Christopher Adams
adam...@gmail.com

Converting Sendmail to Postfix

[Scott Miller]

I'm having a bit of an issue I'm hoping someone can help me out with.  I've
recently replaced Sendmail with Postfix, and so far so good.  I also ran a
script written by Russel Nelson that converts all e-mail located in
/var/spool/mail to a Maildir format.  That seemed to work just great.  Now,
my issue is with how squirrelmail handles the messages.  Squirrelmail can
not see customer's custom folders that have been created, nor can they see
any old messages - only new messages are visible.  Is there any way to
convert how Squirrelmail looks at these messages, or any way to convert the
old folders to the new format?  Anyone with experience with this?  Any help
would be greatly appreciated.

Thanks,
Scott Miller

Re: question about logging of blocks resulting from message_size_limit

[Wietse Venema]

Christopher Adams:
> I have modified the message_size_limit in main.cf and restarted
> postfix. If I send messages under the size specified, they are
> delivered normally. If the message is over the limit, the message is
> not delivered, but there is no entry in the /var/log/maillog that
> shows that it was blocked. What am I missing or is this normal
> behavior. Also, is there a way to send something back to the sender to
> indicate that the message was too big?

It's not logged because the SMTP client never sends the mail.
The SMTP server announces the size limit and that is sufficient.

Wietse

Re: Deferred queue settings?

[Wietse Venema]

LuKreme:
> On 2-Sep-2009, at 11:09, Remy Lambert wrote:
> > I come from the land of MS Exchange so, although I'm competent
> 
> I'm not sure one is allowed to use "MS Exchange" and "competent" in  
> the same sentence without a negation.
> 
> Only half kidding :)

LuKreme, stick to the technical topic, please.

Wietse

Re: question about logging of blocks resulting from message_size_limit

[Victor Duchovni]

On Wed, Sep 02, 2009 at 01:04:30PM -0700, Christopher Adams wrote:

> I have modified the message_size_limit in main.cf and restarted
> postfix. If I send messages under the size specified, they are
> delivered normally. If the message is over the limit, the message is
> not delivered, but there is no entry in the /var/log/maillog that
> shows that it was blocked.

Messages over the size limit are not typically blocked. Rather the
sending system sees the size limit and does even send the message,
returning a bounce to the sender instead.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

RE: Deferred queue settings?

[Remy Lambert]

I did indeed miss that part, thanks!

Actually, now that I've looked we don't have that configured.  I find that 
quite odd.  I didn't set this system up, but they guy who did I have high 
respect for and I'm a little amazed that he didn't configure it.

I'll do so immediately - thanks again for pointing this out!

-Rem

-Original Message-
From: Charles Marcus [mailto:cmar...@media-brokers.com] 
Sent: Wednesday, September 02, 2009 11:04 AM
To: Remy Lambert
Cc: 'Postfix users'
Subject: Re: Deferred queue settings?

On 9/2/2009, Remy Lambert (rlamb...@healthforcepartners.com) wrote:
> Regarding the error counts, I see what you're getting at - when
> taking into consideration how often a message can be retried over any
> given span of time, it makes error count pretty irrelevant.  I
> suppose if I want the message to bounce after x number of failures, I
> should just compute the average time it would take to produce that
> condition and shorten "maximal_queue_lifetime" to that number.

Did you miss this:

Postfix can also be configured to send mail when there is a delay:

http://www.postfix.org/postconf.5.html#delay_warning_time

I set mine to 15 minutes (15m) - that way a user will know that their
message was not delivered when they sent it, and can follow it up with a
phone call if it is important...

EMail is reliable enough these days that we rarely ever get a delay
warning...

-- 

Best regards,

Charles

question about logging of blocks resulting from message_size_limit

[Christopher Adams]

I have modified the message_size_limit in main.cf and restarted
postfix. If I send messages under the size specified, they are
delivered normally. If the message is over the limit, the message is
not delivered, but there is no entry in the /var/log/maillog that
shows that it was blocked. What am I missing or is this normal
behavior. Also, is there a way to send something back to the sender to
indicate that the message was too big?

-- 
Christopher Adams
adam...@gmail.com

Re: Deferred queue settings?

[LuKreme]

On 2-Sep-2009, at 11:09, Remy Lambert wrote:

I come from the land of MS Exchange so, although I'm competent


I'm not sure one is allowed to use "MS Exchange" and "competent" in  
the same sentence without a negation.


Only half kidding :)

--
A marriage is always made up of two people who are prepared to
swear that only the other one snores.

Re: Deferred queue settings?

[Charles Marcus]

On 9/2/2009, Victor Duchovni (victor.ducho...@morganstanley.com) wrote:
> A bit too soon, given typical grey-listing minimum retry timers. I
> would not send delay notices sooner than an hour after a message has
> been queued. FWIW, I use a 2 hour delay warning.

Hmmm... I just realized why we haven't had any problems.

We relay all outbound mail through our outsourced anti-spam provider
(Webroot SaaS). So, unless *their* system is down - which it pretty much
never is - our mail is accepted immediately.

I've commented my config so if I ever fire webroot, I'll be sure to
change it to 2 hours...

Thanks Victor...

-- 

Best regards,

Charles

Re: A couple of problems

[Benny Pedersen]

On ons 02 sep 2009 20:06:08 CEST, Daniel L'Hommedieu wrote
I guess nobody has any ideas on the other problem I mentioned,  
because nobody has responded to that half of my original email. :(


are you saying that your wife cant use smtp auth ? :)

--
xpoint

Re: Deferred queue settings?

[Victor Duchovni]

On Wed, Sep 02, 2009 at 02:04:12PM -0400, Charles Marcus wrote:

> On 9/2/2009, Remy Lambert (rlamb...@healthforcepartners.com) wrote:
> > Regarding the error counts, I see what you're getting at - when
> > taking into consideration how often a message can be retried over any
> > given span of time, it makes error count pretty irrelevant.  I
> > suppose if I want the message to bounce after x number of failures, I
> > should just compute the average time it would take to produce that
> > condition and shorten "maximal_queue_lifetime" to that number.
> 
> Did you miss this:
> 
> Postfix can also be configured to send mail when there is a delay:
> 
> http://www.postfix.org/postconf.5.html#delay_warning_time
> 
> I set mine to 15 minutes (15m) - that way a user will know that their
> message was not delivered when they sent it, and can follow it up with a
> phone call if it is important...

A bit too soon, given typical grey-listing minimum retry timers. I
would not send delay notices sooner than an hour after a message has
been queued. FWIW, I use a 2 hour delay warning.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: A couple of problems

[Daniel L'Hommedieu]

On Aug 27, 2009, at 15:02, LuKreme wrote:

On 27-Aug-2009, at 09:58, Daniel L'Hommedieu wrote:
I could remove the limitation as you suggest, but doing so would  
open me up to hundreds of spams a day.


So you have a choice, you can figure out how else to deal with the  
from/to spam, or you can not get the mail from your wife.


There is a reason that people are told not to reject mail from their  
own domain.


LuKreme & Victor:

Everyone who sends mail through my mail server is authenticated, so I  
do not want to accept any email from my domain that does not come from  
an authenticated source.  But, I need to accept email for my wife, so  
the proper solution is to do what Victor suggested (short-circuit the  
email loop).


Thanks.

I guess nobody has any ideas on the other problem I mentioned, because  
nobody has responded to that half of my original email. :(


Daniel

Re: Deferred queue settings?

[Charles Marcus]

On 9/2/2009, Remy Lambert (rlamb...@healthforcepartners.com) wrote:
> Regarding the error counts, I see what you're getting at - when
> taking into consideration how often a message can be retried over any
> given span of time, it makes error count pretty irrelevant.  I
> suppose if I want the message to bounce after x number of failures, I
> should just compute the average time it would take to produce that
> condition and shorten "maximal_queue_lifetime" to that number.

Did you miss this:

Postfix can also be configured to send mail when there is a delay:

http://www.postfix.org/postconf.5.html#delay_warning_time

I set mine to 15 minutes (15m) - that way a user will know that their
message was not delivered when they sent it, and can follow it up with a
phone call if it is important...

EMail is reliable enough these days that we rarely ever get a delay
warning...

-- 

Best regards,

Charles

Re: Postfix Error

[Noel Jones]

On 9/2/2009 12:43 PM, Postfix wrote:

Hi,
It seems when a mail box file gets to about 49MB, postfix will start
giving the error:
"can't create user output file" when trying to send mail to that account.
Is there a setting for this somewhere in postfix? I can't seem to find
one in the main.cf file about it.
I didn't have a problem when I was using sendmail, all I did was convert
to using postfix.
Thanks,
Chris


http://www.postfix.org/postconf.5.html#mailbox_size_limit

If you need more help:
http://www.postfix.org/DEBUG_README.html#mail

  -- Noel Jones

Postfix Error

[Postfix]

Hi,
It seems when a mail box file gets to about 49MB, postfix will start giving the 
error:
"can't create user output file" when trying to send mail to that account.

Is there a setting for this somewhere in postfix? I can't seem to find one in 
the main.cf file about it.

I didn't have a problem when I was using sendmail, all I did was convert to 
using postfix.

Thanks,
Chris

RE: Deferred queue settings?

[Remy Lambert]

Oops, you're right - typed the wrong parameter name!

Regarding the error counts, I see what you're getting at - when taking into 
consideration how often a message can be retried over any given span of time, 
it makes error count pretty irrelevant.  I suppose if I want the message to 
bounce after x number of failures, I should just compute the average time it 
would take to produce that condition and shorten "maximal_queue_lifetime" to 
that number.

Thanks again for your help!

-Rem

-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of Wietse Venema
Sent: Wednesday, September 02, 2009 10:20 AM
To: Postfix users
Subject: Re: Deferred queue settings?

Remy Lambert:
> Awesome, this is what I needed - thanks!
> 
> I see that what ended up happening in my case is the
> "bounce_queue_lifetime" default maximum of 432000 seconds (5 days)
> was eventually reached.  I'll shorten that up to 3 days for my
> purposes...if it's something on our side we can fix it way before
> then, and if it's not our problem then our users need to know
> quickly so they can get on the phone.

You need to update maximal_queue_lifetime.

> I don't see any parameter that tracks error counts for deferred
> items - in the 120 hours that the message was deferred it suffered
> as many errors, at least - surely enough to alert the user that
> there is trouble.  Is there a way for me to configure any sort of
> error-tracking functionality, either built-in or scripted?

Limiting the retry COUNTS makes no sense. Consider that a host is
down for 24 hours. No matter how often you try, mail won't go
through until the host comes back. In fact, Postfix increases the
retry time, up to a configurable limit, as mail gets older.

> I'm going to take your advice and get a book on Postfix - there
> are many!  I've always been fond of the O'Reilly series, any
> suggestions?

I'll let other people speak to that.

> I come from the land of MS Exchange so, although I'm competent
> with mail server management, this is all new to me!

Welcome, stranger.

Wietse

> Thanks for your help!
> 
> -Rem
> -Original Message-
> From: owner-postfix-us...@postfix.org 
> [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema
> Sent: Wednesday, September 02, 2009 9:49 AM
> To: Postfix users
> Subject: Re: Deferred queue settings?
> 
> Remy Lambert:
> > I'm a Postfix n00b, so I may be asking a loaded question...but here goes:
> > 
> > Recently, a user of mine sent an email to an incorrect address -
> > he garbled the domain name.  It took six days for our mail server
> > to decide that it was undeliverable...
> [snip]
> 
> Indeed, the mail system does not know whether the user made a typing
> error, or whether the address is correct and the host or network
> are down.
> 
> > In my opinion, this should have happened much, much sooner.
> 
> See http://www.postfix.org/TUNING_README.html for an overview
> of available options.
> 
> The time before return is configurable. The default is 5 days so
> that email will survive a weekend outage plus time for repair.
> 
> http://www.postfix.org/postconf.5.html#maximal_queue_lifetime
> 
> Postfix can also be configured to send mail when there is a delay:
> 
> http://www.postfix.org/postconf.5.html#delay_warning_time
> 
> If you are totally unfamiliar with managing an email server, the
> Postfix manpages alone will not get far, and you should consider
> one of the excellent books that is written on Postfix.
> 
>   Wietse
> 
> 

Re: Deferred queue settings?

[Wietse Venema]

Remy Lambert:
> Awesome, this is what I needed - thanks!
> 
> I see that what ended up happening in my case is the
> "bounce_queue_lifetime" default maximum of 432000 seconds (5 days)
> was eventually reached.  I'll shorten that up to 3 days for my
> purposes...if it's something on our side we can fix it way before
> then, and if it's not our problem then our users need to know
> quickly so they can get on the phone.

You need to update maximal_queue_lifetime.

> I don't see any parameter that tracks error counts for deferred
> items - in the 120 hours that the message was deferred it suffered
> as many errors, at least - surely enough to alert the user that
> there is trouble.  Is there a way for me to configure any sort of
> error-tracking functionality, either built-in or scripted?

Limiting the retry COUNTS makes no sense. Consider that a host is
down for 24 hours. No matter how often you try, mail won't go
through until the host comes back. In fact, Postfix increases the
retry time, up to a configurable limit, as mail gets older.

> I'm going to take your advice and get a book on Postfix - there
> are many!  I've always been fond of the O'Reilly series, any
> suggestions?

I'll let other people speak to that.

> I come from the land of MS Exchange so, although I'm competent
> with mail server management, this is all new to me!

Welcome, stranger.

Wietse

> Thanks for your help!
> 
> -Rem
> -Original Message-
> From: owner-postfix-us...@postfix.org 
> [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema
> Sent: Wednesday, September 02, 2009 9:49 AM
> To: Postfix users
> Subject: Re: Deferred queue settings?
> 
> Remy Lambert:
> > I'm a Postfix n00b, so I may be asking a loaded question...but here goes:
> > 
> > Recently, a user of mine sent an email to an incorrect address -
> > he garbled the domain name.  It took six days for our mail server
> > to decide that it was undeliverable...
> [snip]
> 
> Indeed, the mail system does not know whether the user made a typing
> error, or whether the address is correct and the host or network
> are down.
> 
> > In my opinion, this should have happened much, much sooner.
> 
> See http://www.postfix.org/TUNING_README.html for an overview
> of available options.
> 
> The time before return is configurable. The default is 5 days so
> that email will survive a weekend outage plus time for repair.
> 
> http://www.postfix.org/postconf.5.html#maximal_queue_lifetime
> 
> Postfix can also be configured to send mail when there is a delay:
> 
> http://www.postfix.org/postconf.5.html#delay_warning_time
> 
> If you are totally unfamiliar with managing an email server, the
> Postfix manpages alone will not get far, and you should consider
> one of the excellent books that is written on Postfix.
> 
>   Wietse
> 
> 

Re: How to block spammers appearing as local users?

[Clunk Werclick]

On Wed, 2009-09-02 at 18:22 +0200, Benny Pedersen wrote:
> On ons 02 sep 2009 18:07:27 CEST, LuKreme wrote
> >> who says this ip is dynamic, just becurse the hostname look like
> >> it is ?
> > Erm don't be naive. If they can't be bothered to have a better  
> > rDNS then I can't be bothered to get their spam.
> 
> who is naive now ?, i have seen dynamic ip with a static looking  
> hostname, should you just accept it ?
1. ppp = point to point protocol? Tends to smell a bit of dsl/dialup
2. The IP is in the PBL because it is dynamic. 
Forgive Benny, he is just a bit odd.
-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment. 

RE: Deferred queue settings?

[Remy Lambert]

Awesome, this is what I needed - thanks!

I see that what ended up happening in my case is the "bounce_queue_lifetime" 
default maximum of 432000 seconds (5 days) was eventually reached.  I'll 
shorten that up to 3 days for my purposes...if it's something on our side we 
can fix it way before then, and if it's not our problem then our users need to 
know quickly so they can get on the phone.

I don't see any parameter that tracks error counts for deferred items - in the 
120 hours that the message was deferred it suffered as many errors, at least - 
surely enough to alert the user that there is trouble.  Is there a way for me 
to configure any sort of error-tracking functionality, either built-in or 
scripted?

I'm going to take your advice and get a book on Postfix - there are many!  I've 
always been fond of the O'Reilly series, any suggestions?

I come from the land of MS Exchange so, although I'm competent with mail server 
management, this is all new to me!

Thanks for your help!

-Rem
-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
On Behalf Of Wietse Venema
Sent: Wednesday, September 02, 2009 9:49 AM
To: Postfix users
Subject: Re: Deferred queue settings?

Remy Lambert:
> I'm a Postfix n00b, so I may be asking a loaded question...but here goes:
> 
> Recently, a user of mine sent an email to an incorrect address -
> he garbled the domain name.  It took six days for our mail server
> to decide that it was undeliverable...
[snip]

Indeed, the mail system does not know whether the user made a typing
error, or whether the address is correct and the host or network
are down.

> In my opinion, this should have happened much, much sooner.

See http://www.postfix.org/TUNING_README.html for an overview
of available options.

The time before return is configurable. The default is 5 days so
that email will survive a weekend outage plus time for repair.

http://www.postfix.org/postconf.5.html#maximal_queue_lifetime

Postfix can also be configured to send mail when there is a delay:

http://www.postfix.org/postconf.5.html#delay_warning_time

If you are totally unfamiliar with managing an email server, the
Postfix manpages alone will not get far, and you should consider
one of the excellent books that is written on Postfix.

Wietse

Re: Deferred queue settings?

[Wietse Venema]

Remy Lambert:
> I'm a Postfix n00b, so I may be asking a loaded question...but here goes:
> 
> Recently, a user of mine sent an email to an incorrect address -
> he garbled the domain name.  It took six days for our mail server
> to decide that it was undeliverable...
[snip]

Indeed, the mail system does not know whether the user made a typing
error, or whether the address is correct and the host or network
are down.

> In my opinion, this should have happened much, much sooner.

See http://www.postfix.org/TUNING_README.html for an overview
of available options.

The time before return is configurable. The default is 5 days so
that email will survive a weekend outage plus time for repair.

http://www.postfix.org/postconf.5.html#maximal_queue_lifetime

Postfix can also be configured to send mail when there is a delay:

http://www.postfix.org/postconf.5.html#delay_warning_time

If you are totally unfamiliar with managing an email server, the
Postfix manpages alone will not get far, and you should consider
one of the excellent books that is written on Postfix.

Wietse

Re: How to block spammers appearing as local users?

[LuKreme]

On 2-Sep-2009, at 10:22, Benny Pedersen wrote:

On ons 02 sep 2009 18:07:27 CEST, LuKreme wrote

who says this ip is dynamic, just becurse the hostname look like
it is ?
Erm don't be naive. If they can't be bothered to have a better  
rDNS then I can't be bothered to get their spam.


who is naive now ?, i have seen dynamic ip with a static looking  
hostname, should you just accept it ?


If they have valid PTR and their rDNS checks out and they aren't in  
the zen list then chances are very good I will accept it.



--
Anybody who tells me what happens to me after I'm dead is either
a liar or a fool because they DON'T KNOW --Stephen Fry

Deferred queue settings?

[Remy Lambert]

I'm a Postfix n00b, so I may be asking a loaded question...but here goes:

Recently, a user of mine sent an email to an incorrect address - he garbled the 
domain name.  It took six days for our mail server to decide that it was 
undeliverable...

Basically, the (incorrect) domain name actually resolved to a valid host, but 
threw timeouts on each attempt to deliver.  The message sat in the deferred 
queue retrying every hour or so and accumulating errors, until it reached about 
~435000 seconds, then finally resolved it as undeliverable and notified the 
user.

In my opinion, this should have happened much, much sooner.  It may just be a 
niche case, but I'd like to know how I can adjust the parameters that control 
how a deferred message remains deferred - for instance, how much time has 
passed since initial delivery attempt or how many errors have been encountered 
before the delivery failure is considered permanent.

I've looked through the documentation, but I can't see anything that relates to 
this - just the minimal and maximal retry timers for the deferred queue.  Am I 
looking for the wrong keyword here or can I not adjust these parameters?

Thanks!

-Rem

Re: How to block spammers appearing as local users?

[Benny Pedersen]

On ons 02 sep 2009 18:07:27 CEST, LuKreme wrote

who says this ip is dynamic, just becurse the hostname look like
it is ?
Erm don't be naive. If they can't be bothered to have a better  
rDNS then I can't be bothered to get their spam.


who is naive now ?, i have seen dynamic ip with a static looking  
hostname, should you just accept it ?


--
xpoint

Re: How to block spammers appearing as local users?

[LuKreme]

On 2-Sep-2009, at 05:00, Benny Pedersen wrote:

On ons 02 sep 2009 03:28:20 CEST, Sahil Tandon wrote

ppp-124-122-30-5.revip2.asianet.co.th[124.122.30.5]

WHy are you accepting mail from an obvious DHCP address?

who says this ip is dynamic, just becurse the hostname look like

it is ?

Oh please; just use some common sense and basic heuristics.


http://www.robtex.com/ip/124.122.30.5.html#blacklists

rbl listed yes, but where is it dynamic ?

i have seen enough static hostname on dynamic ip to not count on  
reverse ptr


It doesn't matter, does it? If they have a static IP on a ppp-###-###- 
### sort of PTR, then they can *STILL* piss off, and I will *STILL*  
consider them to be dynamic until the end of days.


--
Can I borrow your underpants for 10 minutes?

Re: How to block spammers appearing as local users?

[LuKreme]

please don't reply off- list
On 1-Sep-2009, at 02:48, nunatarsuaq wrote:

2009/9/1 LuKreme :

On 31-Aug-2009, at 08:07, nunatarsuaq wrote:


Aug 30 11:46:28 ghost postfix/smtpd[26223]: connect from
ppp-124-122-30-5.revip2.asianet.co.th[124.122.30.5]


WHy are you accepting mail from an obvious DHCP address?



How to determine and block all dynamic addresses?


Assuming that the address is not caught by zen (and most all of them  
are) then there are a number of strategies used that you can find  
searching the list archives. This is what I use for postfix.


smtpd_recipient_restrictions =
[ Stuff ]
 check_client_access pcre:$config_directory/check_client_fqdn.pcre,
 check_recipient_access pcre:$config_directory/recipient_checks.pcre,
 check_client_access hash:$config_directory/access,
 reject_rbl_client zen.spamhaus.org,
 permit

check_client_fqdn.pcre:
/\.?(dhcp|dialup|dynamic|ppp|pool)\.?/   REJECT Dynamic addresses  
must use a real mailserver
/\.(dsl|\d+dsl|dsl\d+)\./REJECT Dynamic DSL  
looking address
/([[:digit:]]{1,3}[.-]){3}[[:digit:]]{1,3}/ REJECT Too many numbers in  
HELO/EHLO


The first line would have caught that zombie, as would the third.

On 1-Sep-2009, at 14:30, Benny Pedersen wrote:

who says this ip is dynamic, just becurse the hostname look like it  
is ?


Erm don't be naive. If they can't be bothered to have a better  
rDNS then I can't be bothered to get their spam.


--
I said pretend you've got no money, she just laughed and said, 'Eh
you're so funny.' I said, 'Yeah? Well I can't see anyone else
smiling in here.'

Re: attachment manipulations

[Davy Leon]

ok sounds like an alternative, but, in my case, as I told before, most of my 
clients are on dialup, so one high res pic attached, let's say 3 MB it's 
like about 15 minutes of conection to get the message using POP or IMAP, so, 
my idea was letting the user enjoy the picture (silently modified) instead 
of putting some message limit below 1MB by force. At the end it's better a 
lower res pic than nothing.
That was just an idea. Thanks anyway, but message size limit sounds better 
to keep my lines at a not annoying busy level.



- Original Message - 
From: "Evan Platt" 

To: 
Sent: Tuesday, September 01, 2009 2:57 PM
Subject: Re: attachment manipulations



At 10:58 AM 9/1/2009, you wrote:

Hi guys

I hope some of you can help in this work around I need to do. My internet 
conection is a very slow one, and most of the email clients are on dialup, 
so I need to enforce limits to the message size. I'm thinking in those 
email that arrive with big attachments, some of them are high res pics, or 
.pps so I'm thinking how can I get the email, extract the attachments, 
make resolution lower of the images to decrease size (using GD maybe), and 
rebuild the original message with the modified images. In case of .pps I 
can compress them. That way I can make smaller the dialup times. Have some 
of you some ideas about how can I do that? Maybe a filter? I apreciate any 
colaboration.


I'm pretty sure I saw you ask this a few weeks ago with no response, so 
likely no one has an answer, but IMHO messing with attachments is a bad 
idea. I sure wouldn't like to have images changed on me. So then if I 
become the 'exception' - the person who WANTS to see the images at 
whatever resolution they come to me at, I'm SOL?


Maybe a better idea - and this is still something postfix can't (AFAIK) do 
by itself - strip the attachments and put them onto a seperate folder. 
Perhaps that's a better solution - remove the attachments from the 
message, and put them on a FTP folder a user can access. But then you 
better be ready to start supporting FTP, and walking customers through 
downloading a FTP program, setting it up, etc.


Maybe install webmail? And then if people can log into webmail if they 
have a large attachment? 

Re: Custom 550 error message

[Ralf Hildebrandt]

* Richard Smits :
> Let me explain why I ask this,
> 
> We want to include a message in the error message , like :
> 
> #5.5.0 smtp;550 : Recipient address
> > rejected: Please see http://telephonebook.domain.com for email info
> 
> Is this possible ?

By editing the sourcecode, yes

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: Custom 550 error message

[Richard Smits]

Let me explain why I ask this,

We want to include a message in the error message , like :

#5.5.0 smtp;550 : Recipient address
> rejected: Please see http://telephonebook.domain.com for email info

Is this possible ?

Ralf Hildebrandt wrote:

* Richard Smits :

Hello,

After the "rejected" so the "User unknown in virtual alias table"
part. Or the entire message. Also O.K.


show_user_unknown_table_name = no

Re: Custom 550 error message

[Ralf Hildebrandt]

* Richard Smits :
> Hello,
> 
> After the "rejected" so the "User unknown in virtual alias table"
> part. Or the entire message. Also O.K.

show_user_unknown_table_name = no

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: Custom 550 error message

[Richard Smits]

Hello,

After the "rejected" so the "User unknown in virtual alias table" part. 
Or the entire message. Also O.K.


Greetings ..

Ralf Hildebrandt wrote:

* Richard Smits :

Hello,

I was wondering, is it possible to change the default error message
with a 550 or 450 ?

It is now : #5.5.0 smtp;550 : Recipient address
rejected: User unknown in virtual alias table

Can this be changed ?


Which part of it?

Re: Custom 550 error message

[Ralf Hildebrandt]

* Richard Smits :
> Hello,
> 
> I was wondering, is it possible to change the default error message
> with a 550 or 450 ?
> 
> It is now : #5.5.0 smtp;550 : Recipient address
> rejected: User unknown in virtual alias table
> 
> Can this be changed ?

Which part of it?

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: Reject subdomains

[Noel Jones]

On 9/2/2009 6:48 AM, indio wrote:

I want to reject all mails sent from *.mydomain.tld, or at least apply
the same
restrictions as to mydomain.tld. I tried some
parent_domain_matches_subdomains,
but wasn't able to make it work.
I want u...@mydomain.tld needed to log in to send mails, and I want
u...@other.mydomain.tld be treated as any other external mail account
mailing me.
Aleady tried subdomain_matches_parent_domain, but nothing happened.

[...]
mynetworks = 127.0.0.1 , 10.111.1.0/24
myhostname = mail.mydomain.tld
mydomain = mail.mydomain.tld
myorigin = $mydomain
mydestination = $myhostname, $mydomain, localhost
mynetworks_style = subnet
relay_domains = $mydestination
smtpd_sender_login_maps = mysql:/etc/postfix/smtpd_sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch
smtpd_reject_unlisted_sender = yes
[...]



You probably want to set
relay_domains =
ie. set it empty.

  -- Noel Jones

Reject subdomains

[indio]

I want to reject all mails sent from *.mydomain.tld, or at least apply the same
restrictions as to mydomain.tld. I tried some parent_domain_matches_subdomains,
but wasn't able to make it work.
I want u...@mydomain.tld needed to log in to send mails, and I want
u...@other.mydomain.tld be treated as any other external mail account mailing 
me.
Aleady tried subdomain_matches_parent_domain, but nothing happened.

[...]
mynetworks = 127.0.0.1 , 10.111.1.0/24
myhostname = mail.mydomain.tld
mydomain = mail.mydomain.tld
myorigin = $mydomain
mydestination = $myhostname, $mydomain, localhost
mynetworks_style = subnet
relay_domains = $mydestination
smtpd_sender_login_maps = mysql:/etc/postfix/smtpd_sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch
smtpd_reject_unlisted_sender = yes
[...]

Re: Simple filter via pipe

[rank1seeker]

> It seems Noel was right: you need to learn your basics before moving 
forward
> with Postfix.  See 'Explanations of Man Sections' here:
> 
>  http://www.freebsd.org/cgi/man.cgi
> 
> -- 
> Sahil Tandon 
>

There was some error when user, other than root, has been filtering mail.
Error was visible only when I manually executed:

# cat mail_in_file | ./mail_filter.php r...@example1.com j...@example2.com
Syntax error: "(" unexpected

I simply changed php code related to execution of shell functions.(to work 
for user other than root)
Finally, I've completely solved a problem.

Error:
Syntax error: "(" unexpected,
wasn't in postfix error log: /var/log/maillog


And by passing macro ${sasl_method} in addition to ${sender} ${recipient} 
in /usr/local/etc/postfix/master.cf
I am able to selectivly apply filtering ONLY to SASL authed users and avoid 
all others

Guys! You are constantly totally confusing me, literally not saying 
anything useful to me!
Just giving me too ambiguous(many possible interpretations) DIRECTIONS.

Thankx anyway ;)

Re: How to block spammers appearing as local users?

[Benny Pedersen]

On ons 02 sep 2009 03:28:20 CEST, Sahil Tandon wrote


ppp-124-122-30-5.revip2.asianet.co.th[124.122.30.5]

WHy are you accepting mail from an obvious DHCP address?

who says this ip is dynamic, just becurse the hostname look like

it is ?

Oh please; just use some common sense and basic heuristics.


http://www.robtex.com/ip/124.122.30.5.html#blacklists

rbl listed yes, but where is it dynamic ?

i have seen enough static hostname on dynamic ip to not count on reverse ptr

--
xpoint

Custom 550 error message

[Richard Smits]

Hello,

I was wondering, is it possible to change the default error message with 
a 550 or 450 ?


It is now : #5.5.0 smtp;550 : Recipient address 
rejected: User unknown in virtual alias table


Can this be changed ?

Greetings .. Richard Smits

Re: Variables in delayed notification mail.

[Wietse Venema]

Guy:
> Hi,
> 
> I'm using a slight variation of the default delay notification
> template which includes things like $delay_warning_time_hours and
> $maximal_queue_lifetime_days.
> 
> A lot of users (ours anyway) won't read past the word "MAILER-DAEMON"
> so if it's possible I'd like to be able to make the subject of the
> delay notification include the subject and/or from address of the
> message that has been delayed. Are there variables for any of the
> headers (subject/from address specifically in my case) of the delayed
> mail that can be used in the template?

Citing the bounce(5) manpage:

   o  Template message headers do not support $parameter expansions.

And:

   The second portion of a bounce template consists of  message  text.  As
   the  above  example  shows,  template  message text may contain main.cf
   $parameters. Besides the parameters that are defined  in  main.cf,  the
   following parameters are treated specially depending on the suffix that
   is appended to their name.

   delay_warning_time_
  ...
   maximal_queue_lifetime_

Postfix does behave as documented.

Wietse

> I suspect it's not possible, but it doesn't hurt to make sure.
> 
> Thanks
> Guy
> 
> -- 
> Don't just do something...sit there!
> 
> 

Variables in delayed notification mail.

[Guy]

Hi,

I'm using a slight variation of the default delay notification
template which includes things like $delay_warning_time_hours and
$maximal_queue_lifetime_days.

A lot of users (ours anyway) won't read past the word "MAILER-DAEMON"
so if it's possible I'd like to be able to make the subject of the
delay notification include the subject and/or from address of the
message that has been delayed. Are there variables for any of the
headers (subject/from address specifically in my case) of the delayed
mail that can be used in the template?

I suspect it's not possible, but it doesn't hurt to make sure.

Thanks
Guy

-- 
Don't just do something...sit there!