postfix definitive guide
Hi, I am looking for a definitive guide to setting up postfix on a system where i have a domain for eg. xyz.com configured. and i setup the mail server as mail1.xyz.com. Request you to please send me a complete guide to settings up DNS for a perfect mail server setup as i am only able to find the setting up for postfix but not the DNS settings required which is most essential. Thanks in advance Dhiraj
Re: postfix definitive guide
Dhiraj Chatpar wrote: Hi, I am looking for a definitive guide to setting up postfix on a system where i have a domain for eg. xyz.com http://xyz.com configured. and i setup the mail server as mail1.xyz.com http://mail1.xyz.com. Request you to please send me a complete guide to settings up DNS for a perfect mail server setup as i am only able to find the setting up for postfix but not the DNS settings required which is most essential. http://www.linux.org/docs/ldp/howto/DNS-HOWTO.html contains dns configuration. -- Eero
Problem with recipient verification
Hi I'm running Postfix v2.5.6 which I compiled myself from unmodified sources. (postconf -d appended below) I have a small server handling 5 domains and I'm having trouble with one of my virtual domains wrt recipient verification. Mail to 4 of the domains behaves correctly and is either accepted if the email address exists or is rejected with a 550 Mailbox unknown. The other domain (just added) attempts to connect to my ISP (relayhost) and rejects with a: 450 4.1.1 bo...@aaa.co.nz: Recipient address rejected: unverified address: connect to A.net.nz[XXX.XX.242.10]:24: Connection refused (see /var/log/mail excerpt below) Fair enough that this is being refused, but why is postfix probing my relayhost ? It should be verifying the address locally like it does with all the other domains. I've read the ADDRESS VERIFICATION README file but I cannot figure out why this one domain is behaving differently to all the others. Each domain is listed identically in my /etc/postfix/vdomains file on a line by itself. (I've also tried with hash:/etc/postfix/vdomains and adding an OK to the end and postmap'ing the vdomains file + reload, to no effect.) I'm running with Cyrus IMAP and using essentially the: Non-Postfix mailbox store: separate domains, non-UNIX accounts configuration from the VIRTUAL README. Any assistance would be appreciated. Thanks = /var/log/mail=== Nov 15 21:33:31 aeryn postfix/cleanup[1566]: 67AFAD0621: message- id=20091115083331.67afad0...@aeryn.aaa.aa Nov 15 21:33:31 aeryn postfix/qmgr[1425]: 67AFAD0621: from=double-bou...@aaa.aa, size=266, nrcpt=1 (queue active) Nov 15 21:33:31 aeryn postfix/lmtp[1568]: 67AFAD0621: to=mdxad...@aaa.aa, orig_to=aa...@aaa.co.nz, relay=aeryn.AAA.AA[/var/lib/imap/socket/lmtp], del ay=0.3, delays=0.01/0.04/0.22/0.04, dsn=2.1.5, status=deliverable (250 2.1.5 ok) Nov 15 21:33:31 aeryn postfix/qmgr[1425]: 67AFAD0621: removed Nov 15 21:33:31 aeryn postfix/smtpd[1543]: NOQUEUE: reject: RCPT from unknown[DDD.DDD.157.227]: 450 4.1.1 aa...@aa.co.nz: Recipient address rejected: unverified address: connect to myisp.net.nz[DDD.DD.242.10]:24: Connection refused; from=t...@aaa.aaa to=aa...@aa.co.nz proto=SMTP helo=.co.nz Nov 15 21:33:48 aeryn postfix/master[1110]: terminating on signal 15 =postconf -n= address_verify_map = btree:/var/lib/postfix/verify alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10028 daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no disable_vrfy_command = yes header_checks = regexp:/etc/postfix/header_checks html_directory = no local_destination_concurrency_limit = 5 local_destination_recipient_limit = 300 local_recipient_maps = mail_owner = postfix mail_spool_directory = /var/mail
Re: Problem with recipient verification
Jeremy Bowen wrote: Hi I'm running Postfix v2.5.6 which I compiled myself from unmodified sources. (postconf -d appended below) I have a small server handling 5 domains and I'm having trouble with one of my virtual domains wrt recipient verification. Why you even use address verification, if all users are on local machine? -- Eero
Re: Problem with recipient verification
Eero Volotinen wrote: Jeremy Bowen wrote: Hi I'm running Postfix v2.5.6 which I compiled myself from unmodified sources. (postconf -d appended below) I have a small server handling 5 domains and I'm having trouble with one of my virtual domains wrt recipient verification. Why you even use address verification, if all users are on local machine? Sorry, I forgot to mention that one domain is used for a few mailing lists handled by a mailman installation running on a separate server. This is handled by an entry in the transport file.
Re: Problem with recipient verification
Jeremy Bowen wrote: Eero Volotinen wrote: Jeremy Bowen wrote: Hi I'm running Postfix v2.5.6 which I compiled myself from unmodified sources. (postconf -d appended below) I have a small server handling 5 domains and I'm having trouble with one of my virtual domains wrt recipient verification. Why you even use address verification, if all users are on local machine? Sorry, I forgot to mention that one domain is used for a few mailing lists handled by a mailman installation running on a separate server. This is handled by an entry in the transport file. Well, sounds like configuration problem? maybe you missed postmap the transport file? Is that domain listed in my domains? -- Eero
Re: Problem with recipient verification
2009/11/15 Jeremy Bowen jer...@smartpoint.co.nz: I'm running Postfix v2.5.6 which I compiled myself from unmodified sources. (postconf -d appended below) I don't seem to have the original for this, perhaps the thread got broken somewhere, but gmail shouldn't have lost it. Anyway, you need to post the output of `postconf -n` (settings that are non-default) - read the help, it tells you that -d shows the defaults, which are useless for diagnosis. I'm not sure where people get this from... I have a small server handling 5 domains and I'm having trouble with one of my virtual domains wrt recipient verification. Why you even use address verification, if all users are on local machine? Sorry, I forgot to mention that one domain is used for a few mailing lists handled by a mailman installation running on a separate server. This is handled by an entry in the transport file. That sounds like that domain is a candidate for classification as a relay_domain. Apologies if this has been mentioned before, but is that how you've got it configured? If you don't change too many settings, you generally already get recipient verification for designated local domains.
Re: Postfix send emails from a subnet, how to config?
Phillip, you're my hero. It works perfectly. I never though about involving iptables. Thank you very much. Phillip Smith wrote: 2009/11/15 Mihai Mustea mihai.mus...@swissventure.ro: work for) a website with fashion campaigns and it sends more than 50K emails each day, 90% of them being hosted by Yahoo (all users being registered, so this is not spam) and I'm sure that you are aware of Yahoo's policies. I tried to use throttling solutions (send 2 emails per second or even less), the messages are still deferred after some time. So my last option before buying some service from inxmail or mailchimp is to try this, but I cannot implement it (google is not my best friend in this case). If your aim is to distribute the outbound load across multiple IP addresses for the purposes of fooling Yahoo into believing you're multiple different mail servers (ie, mail doesn't *have* to be in .2 and out .2, it can be in .2 and out .57) then you can do some nasty hacky workarounds in iptables... Something along the lines of iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.1 iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.2 iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.3 iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.4 iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.5 iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.6 etc etc etc iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.199 iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.200 1) I'm assuming all these IP addresses are on the one interface (eth0) 2) Replace the '--every 200' with the total number of IP addresses you have for outgoing mail. This is untested so it's at your own risk, but I believe it should work. -- Mihai Mustea Network Administrator mihai.mus...@swissventure.ro Mobile +40 752 088 617 Phone +40 369 561 672 SWISS Venture S.R.L. Str. Matei Basarab Nr. 16, Et. 3 030674 Bucuresti www.swissventure.ro
Re: Postfix send emails from a subnet, how to config?
My emails are deferred by Yahoo (when I was sending from only one interface). Do you think this solution can solve my issues or I can get into trouble? Thank you again. Mihai Mustea wrote: Phillip, you're my hero. It works perfectly. I never though about involving iptables. Thank you very much. Phillip Smith wrote: 2009/11/15 Mihai Mustea mihai.mus...@swissventure.ro: work for) a website with fashion campaigns and it sends more than 50K emails each day, 90% of them being hosted by Yahoo (all users being registered, so this is not spam) and I'm sure that you are aware of Yahoo's policies. I tried to use throttling solutions (send 2 emails per second or even less), the messages are still deferred after some time. So my last option before buying some service from inxmail or mailchimp is to try this, but I cannot implement it (google is not my best friend in this case). If your aim is to distribute the outbound load across multiple IP addresses for the purposes of fooling Yahoo into believing you're multiple different mail servers (ie, mail doesn't *have* to be in .2 and out .2, it can be in .2 and out .57) then you can do some nasty hacky workarounds in iptables... Something along the lines of iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.1 iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.2 iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.3 iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.4 iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.5 iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.6 etc etc etc iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.199 iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 200 -j SNAT --to-source 192.168.10.200 1) I'm assuming all these IP addresses are on the one interface (eth0) 2) Replace the '--every 200' with the total number of IP addresses you have for outgoing mail. This is untested so it's at your own risk, but I believe it should work. -- Mihai Mustea Network Administrator mihai.mus...@swissventure.ro Mobile +40 752 088 617 Phone +40 369 561 672 SWISS Venture S.R.L. Str. Matei Basarab Nr. 16, Et. 3 030674 Bucuresti www.swissventure.ro
Re: Postfix send emails from a subnet, how to config?
Please do not top-post your replies. Thank you. On Sun, Nov 15, 2009 at 03:40:54PM +0200, Mihai Mustea wrote: My emails are deferred by Yahoo (when I was sending from only one interface). Do you think this solution can solve my issues First, I really doubt it IS an issue. My solution to the same issue was to do nothing. List mail goes out, Yahoo defers, other members receive their list mail in a timely manner. If any of the deferrals persisted to become bounces, it would be my problem. TTBOMK this has never happened. Therefore the problem lies with the individual list subscriber. If they want list mail faster, they should not use a Yahoo address. Second, maybe, but probably not. Any particular dispatch will likely involve multiple Yahoo recipients in excess of their arbitrary limit for deferral. or I can get into trouble? Fixing problems which do not exist is, by definition, trouble. More trouble than it's worth, I would say. Furthermore it is indeed possible that your approach will yield a longer wait in queue for Yahoo recipients, because the second and subsequent attempts will come from different IP addresses. This looks new, says the Yahoo deferral logic, so go away. Finally, do note that you need valid FCrDNS on each IP address you're using. You would probably need multiple A records for $myhostname and a PTR of the same name for each. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: postfix definitive guide
On Sun, Nov 15, 2009 at 03:06:51PM +0530, Dhiraj Chatpar wrote: Request you to please send me a complete guide to settings up DNS for a perfect mail server setup as i am only able to find the setting up for postfix but not the DNS settings required which is most essential. Postfix, the MTA, is definitively documented, but this does not (and should not attempt IMO) to teach you every prerequisite that a mail administrator needs to know. Buy a book? Ralf and p...@rick have one they would like to sell you! :) -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: Problem with recipient verification
Barney Desmond wrote: 2009/11/15 Jeremy Bowen jer...@smartpoint.co.nz: I'm running Postfix v2.5.6 which I compiled myself from unmodified sources. (postconf -d appended below) Anyway, you need to post the output of `postconf -n` (settings that are non-default) - read the help, it tells you that -d shows the defaults, which are useless for diagnosis. I'm not sure where people get this from... Actually the output I posted was from postconf -n. The -d was a typo. Sorry for the confusion. Sorry, I forgot to mention that one domain is used for a few mailing lists handled by a mailman installation running on a separate server. This is handled by an entry in the transport file. That sounds like that domain is a candidate for classification as a relay_domain. Apologies if this has been mentioned before, but is that how you've got it configured? If you don't change too many settings, you generally already get recipient verification for designated local domains. That part of the system isn't the problem and is working perfectly well. (Yes, it is a relay, handled in the transport file) I have a prolem with the new domain I added to the server and it is this new domain which is doing verification probes to my ISP.
Re: Problem with recipient verification
That part of the system isn't the problem and is working perfectly well. (Yes, it is a relay, handled in the transport file) I have a prolem with the new domain I added to the server and it is this new domain which is doing verification probes to my ISP. So, you need to add that domain to mydestination= parameter? -- Eero
Re: Problem with recipient verification
I have a prolem with the new domain I added to the server and it is this new domain which is doing verification probes to my ISP. So, you need to add that domain to mydestination= parameter? It's added to my vdomains file as per: virtual_mailbox_domains = /etc/postfix/vdomains (And Yes, I've done all the relevant postmap and posfix reload commands)
Re: Problem with recipient verification
On 11/15/2009, (Wietse Venema) wie...@porcupine.org wrote: If you specify /etc/postfix/vdomains then postmap is not required, and some parts of Postfix never find out that the file has changed until postfix reload. postmap is required with, for example, hash:/etc/postfix/vdomains instead of /etc/postfix/vdomains. Thanks. Yes, I know this. I'm not a newbie. I was just trying to pre-empt a bunch of replies telling me I needed to remap/reload. I detailed this in my original post. What is the logic behind where the verification probe is sent ? 4 out of 5 domains (all configured identically as far as I can tell) operate correctly and the probe seems to be handled locally. The other domain passes the verification probe to my upstream (relayhost). For the domain handling my mailing lists (relay[] entry in transport) verification probes are sent correctly to the mailman server.
Re: Problem with recipient verification
On 11/15/2009, Eero Volotinen eero.voloti...@iki.fi wrote: virtual_mailbox_domains ($virtual_mailbox_maps) Postfix is final destination for the specified list of domains; mail is delivered via the $vir- tual_transport mail delivery transport. That domain is delivered via smtp, not via: No. I think I've confused you with the different domains. 1) Mailing list domain is a relay domain. Behaves correctly. External verify 2) Problem domain. Virtual domain. Locally handled. Verify via upstream. 3) Other domains. Virtual domains. Locally handled. Verify local. virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp The problem domain is (should be) handled by lmtp. Other identically configured domains are handled by lmtp and appear to be doing verification correctly. There is something different about one domain which causes it to send verification upstream.
Re: Problem with recipient verification
Jeremy Bowen: I have a prolem with the new domain I added to the server and it is this new domain which is doing verification probes to my ISP. So, you need to add that domain to mydestination= parameter? It's added to my vdomains file as per: virtual_mailbox_domains = /etc/postfix/vdomains If you specify /etc/postfix/vdomains then postmap is not required, and some parts of Postfix never find out that the file has changed until postfix reload. postmap is required with, for example, hash:/etc/postfix/vdomains instead of /etc/postfix/vdomains. Wietse
Re: Problem with recipient verification
Jeremy Bowen wrote: I have a prolem with the new domain I added to the server and it is this new domain which is doing verification probes to my ISP. So, you need to add that domain to mydestination= parameter? It's added to my vdomains file as per: virtual_mailbox_domains = /etc/postfix/vdomains (And Yes, I've done all the relevant postmap and posfix reload commands) Well, I think it is not virtual domain, if it is relayed via smtp? As you can see from documentation: virtual_mailbox_domains ($virtual_mailbox_maps) Postfix is final destination for the specified list of domains; mail is delivered via the $vir- tual_transport mail delivery transport. That domain is delivered via smtp, not via: virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp Maybe you just need to remove it from virtual_mailbox_maps and add it to mydestination = -- Eero
Re: Problem with recipient verification
Jeremy Bowen: What is the logic behind where the verification probe is sent ? 4 out of 5 domains (all configured identically as far as I can tell) operate correctly and the probe seems to be handled locally. The other domain passes the verification probe to my upstream (relayhost). You configured one domain in a different manner than the four domains. To convince yourself, you could add a sixth domain (such as example.com) and see how Postfix tries to handle it. Wietse
Re: Problem with recipient verification
On 11/15/2009, Jeremy Bowen jer...@smartpoint.co.nz wrote: On 11/15/2009, (Wietse Venema) wie...@porcupine.org wrote: You configured one domain in a different manner than the four domains. To convince yourself, you could add a sixth domain (such as example.com) and see how Postfix tries to handle it. OK, Just added example.com to /etc/postfix/vdomains. [snip] I really cannot explain what is going on here. No actually I can. I am an idiot. Found the issue after grep'ing my /etc/postfix directory and diff'ing the example.com and problem domain occurrences. Previously this domain was hosted on another server. I still had an old entry in my transport file which was forwarding it. Doh! Thanks for all the pointers.
Re: Problem with recipient verification
On 11/15/2009, (Wietse Venema) wie...@porcupine.org wrote: You configured one domain in a different manner than the four domains. To convince yourself, you could add a sixth domain (such as example.com) and see how Postfix tries to handle it. OK, Just added example.com to /etc/postfix/vdomains. Added t...@example.com jeremy to /etc/postfix/virtual and t...@example.com OK to /etc/postfix/vmailbox Ran postmap virtual, postmap vmailbox, postfix reload Tested a message to t...@example.com Accepted OK and delivered to my mailbox. Tested a message to bo...@example.com got a: 550 5.1.1 bo...@example.com: Recipient address rejected: undeliverable address: in the SMTP conversation and a ...[/var/lib/imap/socket/lmtp] said: 550-Mailbox unknown in my /var/log/mail This seems to work as expected. I really cannot explain what is going on here.
Re: Postfix send emails from a subnet, how to config?
2009/11/16 Mihai Mustea mihai.mus...@swissventure.ro: My emails are deferred by Yahoo (when I was sending from only one interface). Do you think this solution can solve my issues or I can get into trouble? I did say it was a nasty hack ;) Everything mentioned by /dev/rob0 are valid comments. Deferrals are part of the process for a reason, and as frustrating as Yahoo's policy may be for you, you could be creating more problems for yourself when a retry comes from a different address than the first attempt.
Re: Postfix send emails from a subnet, how to config?
On Sat, Nov 14, 2009 at 03:32:13PM -0600, Noel Jones wrote: http://www.postfix.org/MULTI_INSTANCE_README.html This can be scripted to easily support hundreds of instances. Never tried hundreds. The cost of postfix start, etc. would be quite high in that case... A handful is more typical. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: postfix definitive guide
Hi Dhiraj, Here I am providing you some useful URL's for DNS configuration. I hope this will help you a lot to setup your mail server with perfect DNS. 1] http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch18_:_Configuring_DNS#Introduction_to_DNS 2] http://www.charvolant.org/~doug/network/html/node10.html Hi, I am looking for a definitive guide to setting up postfix on a system where i have a domain for eg. xyz.com configured. and i setup the mail server as mail1.xyz.com. Request you to please send me a complete guide to settings up DNS for a perfect mail server setup as i am only able to find the setting up for postfix but not the DNS settings required which is most essential. Thanks in advance Dhiraj -- Manoj M. Burande, Artificial Machines Pvt Ltd, System Administrator.
increase queue lifetime
Hi All, Because of a crashed exchange server we need to queue messages longer on our smarthost then usual. I want to increase the time messages are queued to at least 2 weeks... Is changing the 'maximal_queue_lifetime' in main.cf sufficient to accomplish this? Thanks! - Marco van Kammen Springer Science+Business Media System Manager Postmaster - van Godewijckstraat 30 | 3311 GX Office Number: 05E21 Dordrecht | The Netherlands - tel +31(78)6576446 fax +31(78)6576302 - www.springeronline.com http://www.springeronline.com www.springer.com http://www.springer.com/ -
