Rate limiting with anvil
Hello, I am trying to set rate limits on our smtp relays to prevent abusive (compromised) user hosts from flooding the service with fast, intensive mail floods. I have used the following directives (I can post whole main.cf, but I don't think it's necessary): smtpd_recipient_limit = 100 smtpd_error_sleep_time = 5 smtpd_client_recipient_rate_limit = 60 smtpd_client_connection_rate_limit = 30 smtpd_client_message_rate_limit = 100 smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 anvil_rate_time_unit = 300 However, these limits do not seem to apply, I have recently experienced a massive flood from a single user that managed to send hundreds of thousands of mails overnight. I thought that especially limiting the number of recipients to 60 / 5 minutes will be quite effective against spam floods, but the anvil is probably working in a different way than I thought, please advice. Thank you kindly in advance. Best regards Daniel Ryslink
Re: Don't filter the users
You can tell the users that the submission port gets a better level of service than port 25, because they share that port with spammers. As you pointed out in your original email, they would be subject to less filtering, and therefore there would be less delay, less false positives, and so on. I agree. That's the best option and it's a good solution in technical and commercial terms. -- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. Bene Gesserit Litany Against Fear.
Re: Design: sender-dependent default_transport
Hi Wietse, thanks for addressing this issue, a scaling solution for this problem will be really appreciated. We are an E-Mail Marketing provider and offer a hosted solution for a broad customer base for which we want to be able separate the reputation (so individual customers can take part in reputation systems for content originators as opposed to sending servers, and those often require dedicated IP addresses). On Sunday 22 November 2009 16:42:41 Wietse Venema wrote: Finally, this is not the only way source IP address selection can be implemented. [...] 3) New access/header_checks/body_checks actions that set an SMTPSOURCE attribute and that is used only by the SMTP client. This decouples source IP address selection from the sender envelope address, and requires no transport selection. As a user with limited knowledge of the internal infrastructure of Postfix, I like this option best. For my understanding, outgoing SMTP configuration parameters and mail routing are logically separate concerns, and it is easier to understand if these are configured separately. More important, we need to tune other parameters (destination concurrency, timeouts, ...) based on the recipient domain. So only a way of combining sender and recipient specific configuration solves our problem completely. This option 3) seems to offer the greatest flexibility in this regard. Feature 3) while it appears straightforward, it also completely ignores the existing infrastructure of transport and nexthop selection. Which, as said above, can be seen as a good thing from a user perspective. It has the appeal of a short-sighted^h^h^h^h^h^h^hterm solution and needs more analysis to understand its implications. One thing that comes to my mind: there are anti-spam measures that want the reverse lookup of the sending IP address to correspond with the SMTP HELO hostname. I know that this is not required by any standards, but some providers use such rules to at least give bad score to non-complying senders. An example is UCEProtect, which is used quite often in some parts of Germany. Therefore it would be necessary (or at least desirable) to not only select the source address, but also the HELO name. Wietse Rainer -- Software Developer -- Inxmail GmbH Wentzingerstr. 21, 79106 Freiburg, Germany Tel: +49 761 296979-0, Fax: -9 rainer.f...@inxmail.de, www.inxmail.de Handelsregister Freiburg, HRB 5870 Ust.-ID: DE198371679 Geschäftsleitung: Martin Bucher, Peter Ziras
Re: Rate limiting with anvil
Daniel Ryslink: Hello, I am trying to set rate limits on our smtp relays to prevent abusive (compromised) user hosts from flooding the service with fast, intensive mail floods. I have used the following directives (I can post whole main.cf, but I don't think it's necessary): smtpd_recipient_limit = 100 smtpd_error_sleep_time = 5 smtpd_client_recipient_rate_limit = 60 smtpd_client_connection_rate_limit = 30 smtpd_client_message_rate_limit = 100 smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 anvil_rate_time_unit = 300 According to the instructions in the mailing list welcome message, send postconf -n output instead of cut-and-paste. However, these limits do not seem to apply, I have recently experienced a massive flood from a single user that managed to send hundreds of thousands of mails overnight. According to the instructions in the mailing list welcome message, show Postfix LOGGING to demonstrate that the mail actually arrived via the Postfix SMTP SERVER and not via a PHP script that invokes the Postfix SENDMAIL command. Wietse I thought that especially limiting the number of recipients to 60 / 5 minutes will be quite effective against spam floods, but the anvil is probably working in a different way than I thought, please advice. Thank you kindly in advance. Best regards Daniel Ryslink
Re: valid checkers for POSTFIX/DKIM/DOMAINKEYS
Le mercredi 25 novembre 2009 03:55, Israel Garcia a écrit : Hi I'm really sorry if it's OT but I'm having problems verifying my setup of postfix/dkim/domainkeys. I've found some dkim/domainkeys online checkers, one told me dkim/domainkeys valid others checkers not. When sending the same test email to Google say it has domainkeys/dkim valid, but yahoo doesn't. Which dkim/domain cheker is telling me the truth? is there any official dkim/domainkeys checker? Also, Where can I find some good, new, tested guide to setup postfix/dkim/domainkeys? NOTE: I don't use amavisd or any other mailscanner. My setup now is simple, postfix, dkim-filter and dk-filter running on debian. thanks much! Hi there is autoresponders sa-t...@sendmail.net check-a...@verifier.port25.com check-au...@verifier.port25.com they respect the norms and standards
Re: valid checkers for POSTFIX/DKIM/DOMAINKEYS
On Tue, 2009-11-24 at 21:55 -0500, Israel Garcia wrote: Hi I'm really sorry if it's OT but I'm having problems verifying my setup of postfix/dkim/domainkeys. I've found some dkim/domainkeys online checkers, one told me dkim/domainkeys valid others checkers not. When sending the same test email to Google say it has domainkeys/dkim valid, but yahoo doesn't. Which dkim/domain cheker is telling me the truth? is there any official dkim/domainkeys checker? Also, Where can I find some good, new, tested guide to setup postfix/dkim/domainkeys? NOTE: I don't use amavisd or any other mailscanner. My setup now is simple, postfix, dkim-filter and dk-filter running on debian. thanks much! Send a mail to you gmail id and look for authentication results
Re: Rate limiting with anvil
Thank you for answering, here is the requested information: According to the instructions in the mailing list welcome message, send postconf -n output instead of cut-and-paste. alias_database = hash:/etc/mail/aliases alias_maps = hash:/etc/mail/aliases allow_min_user = yes allow_percent_hack = no anvil_rate_time_unit = 300 body_checks = hash:/usr/local/etc/postfix/body_checks bounce_queue_lifetime = 1d broken_sasl_auth_clients = yes command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 default_destination_concurrency_limit = 8 default_process_limit = 200 delay_notice_recipient = postmastercopy_delay disable_vrfy_command = yes error_notice_recipient = postmastercopy_error header_checks = regexp:/usr/local/etc/postfix/header_checks html_directory = /usr/local/share/doc/postfix initial_destination_concurrency = 5 mail_owner = postfix mailbox_size_limit = 1073741824 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man max_use = 30 maximal_queue_lifetime = 1d message_size_limit = 52428800 minimal_backoff_time = 1000s mydestination = $myhostname, localhost.$mydomain, mydomain = vol.cz myhostname = smtp1.vol.cz mynetworks = $config_directory/our_network_blocks myorigin = $myhostname newaliases_path = /usr/local/bin/newaliases notify_classes = resource,software queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix recipient_delimiter = + sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_destination_concurrency_limit = 20 smtp_sasl_type = cyrus smtp_tls_security_level = may smtpd_banner = $myhostname ESMTP Mailer smtpd_client_connection_rate_limit = 30 smtpd_client_message_rate_limit = 100 smtpd_client_recipient_rate_limit = 60 smtpd_client_restrictions = hash:/usr/local/etc/postfix/access_local, hash:/usr/local/etc/postfix/access,permit smtpd_delay_reject = yes smtpd_error_sleep_time = 5 smtpd_hard_error_limit = 20 smtpd_helo_required = yes smtpd_recipient_limit = 100 smtpd_recipient_restrictions = hash:/usr/local/etc/postfix/access, permit_mynetworks,permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_exceptions_networks = $mynetworks smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, hash:/usr/local/etc/postfix/access, permit smtpd_soft_error_limit = 10 smtpd_tls_auth_only = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom transport_maps = hash:/usr/local/etc/postfix/transport unknown_local_recipient_reject_code = 550 According to the instructions in the mailing list welcome message, show Postfix LOGGING to demonstrate that the mail actually arrived via the Postfix SMTP SERVER and not via a PHP script that invokes the Postfix SENDMAIL command. No such thing is possible in this case, php is not even installed on the server, and no scripts that would parse client input from the outside are used. Maillog excerpts: Nov 20 00:16:10 smtp1 postfix/smtpd[76127]: B054899114: client=unknown[212.27.195.34] Nov 20 00:16:11 smtp1 postfix/smtpd[69825]: 14B859916D: client=unknown[212.27.195.34] Nov 20 00:16:11 smtp1 postfix/smtpd[70486]: 171A29916E: client=unknown[212.27.195.34] Nov 20 00:16:11 smtp1 postfix/smtpd[70251]: 172BE9916F: client=unknown[212.27.195.34] Nov 20 00:16:11 smtp1 postfix/smtpd[69709]: 1EA4999170: client=unknown[212.27.195.34] Nov 20 00:16:11 smtp1 postfix/smtpd[71764]: 3452299187: client=unknown[212.27.195.34] Nov 20 00:16:11 smtp1 postfix/smtpd[76193]: 474C599193: client=unknown[212.27.195.34] Nov 20 00:16:11 smtp1 postfix/smtpd[92549]: 7F21B991A2: client=unknown[212.27.195.34] Nov 20 00:16:11 smtp1 postfix/smtpd[70588]: 870E2991B7: client=unknown[212.27.195.34] Nov 20 00:16:11 smtp1 postfix/smtpd[70708]: 9550999152: client=unknown[212.27.195.34] Nov 20 00:16:11 smtp1 postfix/smtpd[72303]: B5A5C99184: client=unknown[212.27.195.34] Nov 20 00:16:11 smtp1 postfix/smtpd[72416]: B881599190: client=unknown[212.27.195.34] Nov 20 00:16:11 smtp1 postfix/smtpd[72378]: B892899191: client=unknown[212.27.195.34] Nov 20 00:16:11 smtp1 postfix/smtpd[72415]: BF6EE9919F: client=unknown[212.27.195.34] Nov 20 00:16:12 smtp1 postfix/smtpd[69844]: 058E2991B1: client=unknown[212.27.195.34] Nov 20 00:16:12 smtp1 postfix/smtpd[70183]: 061C4991B2: client=unknown[212.27.195.34] Nov 20 00:16:12 smtp1 postfix/smtpd[72751]: 24F66991C0: client=unknown[212.27.195.34] Nov 20 00:16:12 smtp1 postfix/smtpd[88614]: B2468991E6: client=unknown[212.27.195.34] Nov 20 00:16:12 smtp1 postfix/smtpd[69853]: B2FFF991D9: client=unknown[212.27.195.34] Number of connection that day: # zgrep 212.27.195.34 /var/log/maillog.4.gz | wc -l 227123 Example of a mail that made it
Re: valid checkers for POSTFIX/DKIM/DOMAINKEYS
On 11/25/09, fake...@fakessh.eu fake...@fakessh.eu wrote: Le mercredi 25 novembre 2009 03:55, Israel Garcia a écrit : Hi I'm really sorry if it's OT but I'm having problems verifying my setup of postfix/dkim/domainkeys. I've found some dkim/domainkeys online checkers, one told me dkim/domainkeys valid others checkers not. When sending the same test email to Google say it has domainkeys/dkim valid, but yahoo doesn't. Which dkim/domain cheker is telling me the truth? is there any official dkim/domainkeys checker? Also, Where can I find some good, new, tested guide to setup postfix/dkim/domainkeys? NOTE: I don't use amavisd or any other mailscanner. My setup now is simple, postfix, dkim-filter and dk-filter running on debian. thanks much! Hi there is autoresponders sa-t...@sendmail.net check-a...@verifier.port25.com check-au...@verifier.port25.com Hi fakessh Thanks for your answer, do you know any official guide to install domainkeys/dkim using postfix? Should I use both domainkeys and dkim to sign my outbound emails? Or just one of them? thanks regards, Israel. they respect the norms and standards -- Regards; Israel Garcia
Re: Rate limiting with anvil
By default, Postfix will exclude clients in mynetworks from smtpd_client_mumble_limits. You may want to specify a separate list for mynetworks (relay control) and for anvil (rate control). http://www.postfix.org/postconf.5.html#smtpd_client_event_limit_exceptions (with Postfix 2.1, this was called smtpd_client_connection_limit_exceptions). Wietse
Re: Don't filter the users\
Stan Hoeppner wrote: Why bother? This is an ISP scenario, correct? The 587 command set is standard SMTP right? Just iptables (verb) TCP 25 to TCP 587 for any IP ranges within the ISP's MUA customer range. This is assuming said customers already have to submit auth over TCP 25 to relay mail. Simple solution. Done. Or, have I missed something? Submission on port 587 implies STARTTLS (I think). In that case perhaps stunnel magic is needed too. Mikael
Re: Rate limiting with anvil
On Wed, Nov 25, 2009 at 01:20:45PM +0100, Daniel Ryslink wrote:
anvil_rate_time_unit = 300
mynetworks = $config_directory/our_network_blocks
What is in this file?
smtpd_client_connection_rate_limit = 30
smtpd_client_message_rate_limit = 100
smtpd_client_recipient_rate_limit = 60
These apply to *untrusted* clients, hosts in $mynetworks are by
default exempt.
smtpd_client_event_limit_exceptions =
${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_recipient_restrictions =
hash:/usr/local/etc/postfix/access,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
For clarity add check_recipient_access before the hash:...
Nov 20 00:16:10 smtp1 postfix/smtpd[76127]: B054899114:
client=unknown[212.27.195.34]
Is this client IP listed in $mynetworks?
zgrep B5A5C99184 /var/log/maillog.4.gz
Nov 20 00:16:11 smtp1 postfix/smtpd[72303]: B5A5C99184:
client=unknown[212.27.195.34]
Nov 20 00:16:12 smtp1 postfix/cleanup[94057]: B5A5C99184:
message-id=7f8eab84.40...@uj8g.org
Nov 20 00:16:13 smtp1 postfix/qmgr[23822]: B5A5C99184:
from=ntvuuy...@gmail.com, size=1003, nrcpt=9 (queue active)
Nov 20 00:17:37 smtp1 postfix/error[94968]: B5A5C99184:
to=abuszgi...@yahoo.com, relay=none, delay=87, delays=2/85/0/0.01,
dsn=4.7.0, status=deferred (delivery temporarily suspended: host
e.mx.mail.yahoo.com[67.195.168.230] refused to talk to me: 421 4.7.0 [TS01]
Messages from 195.250.128.78 temporarily deferred due to user complaints -
4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Looks like this client sent mail to an external address, so it is probably
in $mynetworks...
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users
If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.
Re: Don't filter the users\
Mikael Bak schrieb: Submission on port 587 implies STARTTLS (I think). Well, only if you configure it that way. (OK, it *really* makes sense to encrypt transfer, if you do authentication...) But: jan...@kohni ~ $ telnet smtp.web.de 587 Trying 217.72.192.157... Connected to smtp.web.de. Escape character is '^]'. 220 smtp06.web.de ESMTP WEB.DE V4.110#314 Wed, 25 Nov 2009 15:58:37 +0100 ehlo smtp.web.de 250-smtp06.web.de Hello XXX 250-SIZE 69920427 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP quit 221 smtp06.web.de closing connection Connection closed by foreign host. jan...@kohni ~ $ -- MfG Jan signature.asc Description: This is a digitally signed message part.
Re: Postfix DKIM
On Tuesday 24 November 2009 20:38:51 Michael Saldivar wrote: On Wed, Sep 9, 2009 at 8:08 PM, KLaM Postmaster postmas...@klam.ca wrote: I found the easiest way by far, was to use the DKIM feature of amavisd-new http://www.ijs.si/software/amavisd/amavisd-new-docs.html simple to setup and work like a charm. I couldn't tell from the docs: http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim Does amavisd-new insert DomainKeys signatures also? or just DKIM? Just DKIM. I'm impressed at how easy it looks to implement and configure for multiple domains, but we need both DK and DKIM. The DomainKeys is historical. Most checkers now understand both, so there is not much need for new installations to also provide a DomainKeys signature, when they can generate a DKIM signature. Mark
Re: Postfix/Cyrus Forwarding Question
Dennis Putnam: I'm not sure if this is the right forum for this question but I don't know where else to start. I am running Postfix/Cyrus on the same server that contains user home directories. The forwarding mechanism (.forward) is, of course, working and I understand it. What I don't understand is how this mechanism works, or even if it does, when a user's home directory is on a different server than Postfix/Cyrus. In other words when Postfix/Cyrus does not have access to the user's home directory. Or is there some other delivery mechanism involved that I am missing? Thanks. Can someone explain if this can work and if, so how. If not, what do users do in that case? With Postfix, these files don't have to live in the user's home directory. You can specify an alternate location with the forward_path configuration parameter. Wietse
Re: Postfix/Cyrus Forwarding Question
Dennis Putnam wrote: I'm not sure if this is the right forum for this question but I don't know where else to start. I am running Postfix/Cyrus on the same server that contains user home directories. The forwarding mechanism (.forward) is, of course, working and I understand it. What I don't understand is how this mechanism works, or even if it does, when a user's home directory is on a different server than Postfix/Cyrus. In other words when Postfix/Cyrus does not have access to the user's home directory. Or is there some other delivery mechanism involved that I am missing? Thanks. Can someone explain if this can work and if, so how. If not, what do users do in that case? Postfix's local delivery agent (local) http://www.postfix.org/local.8.html handles the .forward file. If local is delivering the mail to the user's directory, it can see the .forward file and should handle it properly. If it can't see the user's home directories, it can't deliver the mail or read the forward file. However, delivery can be delegated to an alternate transport method or application, in which case local does nothing with the .forward file. If you're not sure how the mail is being delivered, it would be useful to follow a single message id in the maillog file and watch exactly what happens to it. Terry
Re: Postfix/Cyrus Forwarding Question
On Wed, Nov 25, 2009 at 11:27:18AM -0500, Dennis Putnam wrote: I am running Postfix/Cyrus I assume you mean Cyrus IMAP... on the same server that contains user home directories. With the local(8) transport delegating delivery via mailbox_transport. The forwarding mechanism (.forward) is, of course, working and I understand it. This assumes system users who have passwd file entries, and so by definition have home directories. What I don't understand is how this mechanism works, or even if it does, when a user's home directory is on a different server than Postfix/Cyrus. A system user's home directory is never on a different server, NFS, AFS and the like don't matter in this context, the home directory is still locally accessible. Perhaps you are looking to integrate Cyrus IMAP with virtual users. In other words when Postfix/Cyrus does not have access to the user's home directory. Or is there some other delivery mechanism involved that I am missing? You can change the forward_path setting to create .forward files for users (each owned by the user in question, or local(8) will not trust it), in a location different from the user's home directory. http://www.postfix.org/postconf.5.html#forward_path If the users don't have passwd file entries, then forwarding needs to be managed via aliases(5) or better yet virtual(5). http://www.postfix.org/postconf.5.html#alias_maps http://www.postfix.org/postconf.5.html#virtual_alias_maps http://www.postfix.org/ADDRESS_REWRITING_README.html http://www.postfix.org/VIRTUAL_README.html You can deliver to Cyrus IMAP via LMTP, after rewriting recipient addresses in virtual(5) into a domain that is routed to a suitable transport(5). -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
RE: About SMTP Auth with Mysql
Hello, You can find out related out below. Regards Vahric [r...@postfix-auth1 ~]# ./saslfinger-1.0.3/saslfinger -s saslfinger - postfix Cyrus sasl configuration Wed Nov 25 18:47:20 EET 2009 version: 1.0.2 mode: server-side SMTP AUTH -- basics -- Postfix: 2.5.9 System: CentOS release 5.4 (Final) -- smtpd is linked to -- libsasl2.so.2 = /usr/lib64/libsasl2.so.2 (0x003dfba0) -- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes -- listing of /usr/lib64/sasl2 -- total 3500 drwxr-xr-x 2 root root 4096 Nov 22 23:17 . drwxr-xr-x 55 root root 36864 Nov 21 04:03 .. -rwxr-xr-x 1 root root890 Sep 4 03:04 libanonymous.la -rwxr-xr-x 1 root root 15880 Sep 4 03:05 libanonymous.so -rwxr-xr-x 1 root root 15880 Sep 4 03:05 libanonymous.so.2 -rwxr-xr-x 1 root root 15880 Sep 4 03:05 libanonymous.so.2.0.22 -rwxr-xr-x 1 root root876 Sep 4 03:04 libcrammd5.la -rwxr-xr-x 1 root root 19264 Sep 4 03:05 libcrammd5.so -rwxr-xr-x 1 root root 19264 Sep 4 03:05 libcrammd5.so.2 -rwxr-xr-x 1 root root 19264 Sep 4 03:05 libcrammd5.so.2.0.22 -rwxr-xr-x 1 root root899 Sep 4 03:04 libdigestmd5.la -rwxr-xr-x 1 root root 48520 Sep 4 03:05 libdigestmd5.so -rwxr-xr-x 1 root root 48520 Sep 4 03:05 libdigestmd5.so.2 -rwxr-xr-x 1 root root 48520 Sep 4 03:05 libdigestmd5.so.2.0.22 -rwxr-xr-x 1 root root939 Sep 4 03:04 libgssapiv2.la -rwxr-xr-x 1 root root 28096 Sep 4 03:05 libgssapiv2.so -rwxr-xr-x 1 root root 28096 Sep 4 03:05 libgssapiv2.so.2 -rwxr-xr-x 1 root root 28096 Sep 4 03:05 libgssapiv2.so.2.0.22 -rwxr-xr-x 1 root root883 Sep 4 03:04 libldapdb.la -rwxr-xr-x 1 root root 17736 Sep 4 03:05 libldapdb.so -rwxr-xr-x 1 root root 17736 Sep 4 03:05 libldapdb.so.2 -rwxr-xr-x 1 root root 17736 Sep 4 03:05 libldapdb.so.2.0.22 -rwxr-xr-x 1 root root862 Sep 4 03:04 liblogin.la -rwxr-xr-x 1 root root 16448 Sep 4 03:05 liblogin.so -rwxr-xr-x 1 root root 16448 Sep 4 03:05 liblogin.so.2 -rwxr-xr-x 1 root root 16448 Sep 4 03:05 liblogin.so.2.0.22 -rwxr-xr-x 1 root root864 Sep 4 03:04 libntlm.la -rwxr-xr-x 1 root root 32704 Sep 4 03:05 libntlm.so -rwxr-xr-x 1 root root 32704 Sep 4 03:05 libntlm.so.2 -rwxr-xr-x 1 root root 32704 Sep 4 03:05 libntlm.so.2.0.22 -rwxr-xr-x 1 root root862 Sep 4 03:04 libplain.la -rwxr-xr-x 1 root root 16416 Sep 4 03:05 libplain.so -rwxr-xr-x 1 root root 16416 Sep 4 03:05 libplain.so.2 -rwxr-xr-x 1 root root 16416 Sep 4 03:05 libplain.so.2.0.22 -rwxr-xr-x 1 root root936 Sep 4 03:04 libsasldb.la -rwxr-xr-x 1 root root 893304 Sep 4 03:05 libsasldb.so -rwxr-xr-x 1 root root 893304 Sep 4 03:05 libsasldb.so.2 -rwxr-xr-x 1 root root 893304 Sep 4 03:05 libsasldb.so.2.0.22 -rwxr-xr-x 1 root root878 Sep 4 03:04 libsql.la -rwxr-xr-x 1 root root 24808 Sep 4 03:05 libsql.so -rwxr-xr-x 1 root root 24808 Sep 4 03:05 libsql.so.2 -rwxr-xr-x 1 root root 24808 Sep 4 03:05 libsql.so.2.0.22 -rw-r--r-- 1 root root 25 Mar 15 2007 Sendmail.conf -rw-r--r-- 1 root root280 Nov 22 23:17 smtpd.conf -- listing of /usr/lib/sasl2 -- total 3440 drwxr-xr-x 2 root root 4096 Nov 20 13:43 . drwxr-xr-x 50 root root 28672 Nov 20 13:43 .. -rwxr-xr-x 1 root root884 Sep 4 03:04 libanonymous.la -rwxr-xr-x 1 root root 14372 Sep 4 03:04 libanonymous.so -rwxr-xr-x 1 root root 14372 Sep 4 03:04 libanonymous.so.2 -rwxr-xr-x 1 root root 14372 Sep 4 03:04 libanonymous.so.2.0.22 -rwxr-xr-x 1 root root870 Sep 4 03:04 libcrammd5.la -rwxr-xr-x 1 root root 16832 Sep 4 03:04 libcrammd5.so -rwxr-xr-x 1 root root 16832 Sep 4 03:04 libcrammd5.so.2 -rwxr-xr-x 1 root root 16832 Sep 4 03:04 libcrammd5.so.2.0.22 -rwxr-xr-x 1 root root893 Sep 4 03:04 libdigestmd5.la -rwxr-xr-x 1 root root 47172 Sep 4 03:04 libdigestmd5.so -rwxr-xr-x 1 root root 47172 Sep 4 03:04 libdigestmd5.so.2 -rwxr-xr-x 1 root root 47172 Sep 4 03:04 libdigestmd5.so.2.0.22 -rwxr-xr-x 1 root root933 Sep 4 03:04 libgssapiv2.la -rwxr-xr-x 1 root root 26496 Sep 4 03:04 libgssapiv2.so -rwxr-xr-x 1 root root 26496 Sep 4 03:04 libgssapiv2.so.2 -rwxr-xr-x 1 root root 26496 Sep 4 03:04 libgssapiv2.so.2.0.22 -rwxr-xr-x 1 root root877 Sep 4 03:04 libldapdb.la -rwxr-xr-x 1 root root 15484 Sep 4 03:04 libldapdb.so -rwxr-xr-x 1 root root 15484 Sep 4 03:04 libldapdb.so.2 -rwxr-xr-x 1 root root 15484 Sep 4 03:04 libldapdb.so.2.0.22 -rwxr-xr-x 1 root root856 Sep 4 03:04 liblogin.la -rwxr-xr-x 1 root root 14752 Sep 4 03:04 liblogin.so -rwxr-xr-x 1 root root 14752 Sep 4 03:04 liblogin.so.2 -rwxr-xr-x 1 root root 14752 Sep 4 03:04 liblogin.so.2.0.22 -rwxr-xr-x 1 root root858 Sep 4 03:04 libntlm.la -rwxr-xr-x 1 root root 31548 Sep 4 03:04 libntlm.so -rwxr-xr-x 1 root root 31548 Sep 4 03:04 libntlm.so.2 -rwxr-xr-x 1 root root 31548 Sep 4 03:04 libntlm.so.2.0.22 -rwxr-xr-x 1 root root856 Sep 4
Re: Postfix/Cyrus Forwarding Question
Hi Wietse, Thanks for the reply. I'm not sure I completely understand. Is the forward_path a directory on the mail server or a path to the remote users' home? Is that a per user or system setting (e.g. users' home directories may be on different servers)? I'm guessing that the forward_path is on the mail server. If that is the case, from the users' perspective, how do they handle forwarding? On Nov 25, 2009, at 11:37 AM, Wietse Venema wrote: Dennis Putnam: I'm not sure if this is the right forum for this question but I don't know where else to start. I am running Postfix/Cyrus on the same server that contains user home directories. The forwarding mechanism (.forward) is, of course, working and I understand it. What I don't understand is how this mechanism works, or even if it does, when a user's home directory is on a different server than Postfix/Cyrus. In other words when Postfix/Cyrus does not have access to the user's home directory. Or is there some other delivery mechanism involved that I am missing? Thanks. Can someone explain if this can work and if, so how. If not, what do users do in that case? With Postfix, these files don't have to live in the user's home directory. You can specify an alternate location with the forward_path configuration parameter. Wietse Dennis Putnam Sr. IT Systems Administrator AIM Systems, Inc. 11675 Rainwater Dr., Suite 200 Alpharetta, GA 30009 Phone: 678-240-4112 Main Phone: 678-297-0700 FAX: 678-297-2666 or 770-576-1000 The information contained in this e-mail and any attachments is strictly confidential. If you are not the intended recipient, any use, dissemination, distribution, or duplication of any part of this e-mail or any attachment is prohibited. If you are not the intended recipient, please notify the sender by return e-mail and delete all copies, including the attachments.
Re: Postfix/Cyrus Forwarding Question
Hi Viktor, Thanks, that clears up a few things. It appears that this applies to individual users via the $name parameter. It is not clear how to handle many users (surely I can't list everyone) which may be on different servers. Is there a wild card format and/or a default? Can the path be set to a mounted filesystem that contains the user home directories? If no mount, how does the user create/maintain the .forward file in that alternate location? On Nov 25, 2009, at 11:42 AM, Victor Duchovni wrote: On Wed, Nov 25, 2009 at 11:27:18AM -0500, Dennis Putnam wrote: I am running Postfix/Cyrus I assume you mean Cyrus IMAP... on the same server that contains user home directories. With the local(8) transport delegating delivery via mailbox_transport. The forwarding mechanism (.forward) is, of course, working and I understand it. This assumes system users who have passwd file entries, and so by definition have home directories. What I don't understand is how this mechanism works, or even if it does, when a user's home directory is on a different server than Postfix/Cyrus. A system user's home directory is never on a different server, NFS, AFS and the like don't matter in this context, the home directory is still locally accessible. Perhaps you are looking to integrate Cyrus IMAP with virtual users. In other words when Postfix/Cyrus does not have access to the user's home directory. Or is there some other delivery mechanism involved that I am missing? You can change the forward_path setting to create .forward files for users (each owned by the user in question, or local(8) will not trust it), in a location different from the user's home directory. http://www.postfix.org/postconf.5.html#forward_path If the users don't have passwd file entries, then forwarding needs to be managed via aliases(5) or better yet virtual(5). http://www.postfix.org/postconf.5.html#alias_maps http://www.postfix.org/postconf.5.html#virtual_alias_maps http://www.postfix.org/ADDRESS_REWRITING_README.html http://www.postfix.org/VIRTUAL_README.html You can deliver to Cyrus IMAP via LMTP, after rewriting recipient addresses in virtual(5) into a domain that is routed to a suitable transport(5). -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly. Dennis Putnam Sr. IT Systems Administrator AIM Systems, Inc. 11675 Rainwater Dr., Suite 200 Alpharetta, GA 30009 Phone: 678-240-4112 Main Phone: 678-297-0700 FAX: 678-297-2666 or 770-576-1000 The information contained in this e-mail and any attachments is strictly confidential. If you are not the intended recipient, any use, dissemination, distribution, or duplication of any part of this e-mail or any attachment is prohibited. If you are not the intended recipient, please notify the sender by return e-mail and delete all copies, including the attachments.
Re: Postfix/Cyrus Forwarding Question
On Wed, Nov 25, 2009 at 11:56:41AM -0500, Dennis Putnam wrote:
Thanks, that clears up a few things. It appears that this applies to
individual users via the $name parameter.
There is no $name parameter. That is a generic place-holder for any of
the parameters above it, to explain that you can use ${extension?foo}
or ${extension:bar} (for example) to handle the case when there is
(or is not) an address extension.
It is not clear how to handle
many users (surely I can't list everyone) which may be on different
servers. Is there a wild card format and/or a default?
What do you mean on different servers? The forward_path specifies
a local file on the Postfix server's filesystem which contains
the .forward content for each user. Various ${parameters}, as part
of this setting, make the path user-dependent.
Can the path be set to a mounted filesystem that contains the user
home directories? If no mount, how does the user create/maintain the
.forward file in that alternate location?
If you want users to edit their own .forward files with vi, emacs,
ed, ... Give them home directories on the mail server, use NFS if
that's sufficiently reliable, and the security risk is acceptable.
[ Please don't top-post, and reply to each paragraph in-line with the
original text quoted with , as above ].
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users
If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.
Re: Postfix/Cyrus Forwarding Question
Hi Viktor,
My bad, I was referring to this line in the documentation when I used $name:
$user
The recipient's username.
In any case I think the light is starting to glow, albeit dimly.
The examples in the documentation are not very helpful. Is there someplace I
can look for better ones?
When I say on different servers, perhaps I need to better explain the
environment we plan. User home directories are on a SAN while the mail server
is not. The home directories are served out by a pair of SAN file servers and
users are distributed between them for some semblance of load balancing. While
ultimately all the home directories are on the same SAN LUN, the logical path
to them will be on different servers.
If I understand this correctly, I can set the forward_path to a directory on
the mail server (not sure what the syntax would look like based on the
examples). The hierarchy of that directory is not clear but one way or another
each user has a unique .forward file of some form. In order to maintain it I
can create scripts that access those files via 'ssh' or 'scp' or some such
mechanism.
How far off am I?
On Nov 25, 2009, at 12:12 PM, Victor Duchovni wrote:
On Wed, Nov 25, 2009 at 11:56:41AM -0500, Dennis Putnam wrote:
Thanks, that clears up a few things. It appears that this applies to
individual users via the $name parameter.
There is no $name parameter. That is a generic place-holder for any of
the parameters above it, to explain that you can use ${extension?foo}
or ${extension:bar} (for example) to handle the case when there is
(or is not) an address extension.
It is not clear how to handle
many users (surely I can't list everyone) which may be on different
servers. Is there a wild card format and/or a default?
What do you mean on different servers? The forward_path specifies
a local file on the Postfix server's filesystem which contains
the .forward content for each user. Various ${parameters}, as part
of this setting, make the path user-dependent.
Can the path be set to a mounted filesystem that contains the user
home directories? If no mount, how does the user create/maintain the
.forward file in that alternate location?
If you want users to edit their own .forward files with vi, emacs,
ed, ... Give them home directories on the mail server, use NFS if
that's sufficiently reliable, and the security risk is acceptable.
[ Please don't top-post, and reply to each paragraph in-line with the
original text quoted with , as above ].
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users
If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.
Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA 30009
Phone: 678-240-4112
Main Phone: 678-297-0700
FAX: 678-297-2666 or 770-576-1000
The information contained in this e-mail and any attachments is strictly
confidential. If you are not the intended recipient, any use, dissemination,
distribution, or duplication of any part of this e-mail or any attachment is
prohibited. If you are not the intended recipient, please notify the sender by
return e-mail and delete all copies, including the attachments.
Re: Postfix/Cyrus Forwarding Question
On Wed, Nov 25, 2009 at 12:41:37PM -0500, Dennis Putnam wrote: If I understand this correctly, I can set the forward_path to a directory No, not a directory a file, and not a file, but a set of files, one for each user. The hierarchy of that directory is not clear The construction of the .forward path is entirely up to you. You can list multiple patterns, the first one found to exist will be used. This allows extension-specific .forward files to be used when available. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Postfix/Cyrus Forwarding Question
Victor Duchovni:
On Wed, Nov 25, 2009 at 12:41:37PM -0500, Dennis Putnam wrote:
If I understand this correctly, I can set the forward_path to a directory
No, not a directory a file, and not a file, but a set of files, one
for each user.
For example I remember from historic times something like:
forward_path = /var/forward/$user
With address extensions turned on, it would look like:
forward_path = /var/forward/${user}${recipient_delimiter}${extension},
/var/forward/${user}
But, the latter is untested.
Wietse
Re: Multiple Mail domains for reverse ptr records? I'm confused
ML a écrit : Hi Wietse, I have some confusion about multiple reverse PTR records per IP. You need only one. The name (from the address-name) lookup must resolve to the address. I am still confused. Like my example below, what happens if I want to setup a single mail server that hosts mail for 20 different domains? I am told that 18 of those domains will be blacklisted and SMTP will fail because the lookup wont grab the right record. for a given IP, you only setup one PTR. do not confuse this with multihoming, where you assign multiple IPs to a single name (that is, you use multiple A for a single name). in short you only need somthing like this: 192.0.2.1 = sillywilly.example.com sillywilly.example.com = 192.0.2.1 mail1.example.com = 192.0.2.1 mail2.example.com = 192.0.2.1 mail3.example.com = 192.0.2.1 ... as you see in this example, the IP resolves to a single name (PTR), but many names resolve to that IP. finally, the IP and hostname of the box have nothing to do with the domains you host mail for. Think about Postini, google, ...
Re: About SMTP Auth with Mysql
Vahriç, * Vahriç Muhtaryan vah...@doruk.net.tr: You can find out related out below. thanks for the debug output. Your config looks okay. Your problem is - as I understand it - you want Cyrus SASL to do something it can't do: 1. If you list more than one host with $sql_hostnames then those hosts will be queried in order listed from left to right. 2. The first host in the list that answers will be used. Any other host will not be queried. 3. It is not possible to query all hosts at the same time. So, if you want to query several MySQL servers at the same time, it cannot be done. All I can think of is moving your data to one SQL server instance. OTOH maybe you can use mysql-proxy http://forge.mysql.com/wiki/MySQL_Proxy, configure that to transform the query to query both servers and let SASL query the mysql-proxy. HTH, p...@rick Regards Vahric [r...@postfix-auth1 ~]# ./saslfinger-1.0.3/saslfinger -s saslfinger - postfix Cyrus sasl configuration Wed Nov 25 18:47:20 EET 2009 version: 1.0.2 mode: server-side SMTP AUTH -- basics -- Postfix: 2.5.9 System: CentOS release 5.4 (Final) -- smtpd is linked to -- libsasl2.so.2 = /usr/lib64/libsasl2.so.2 (0x003dfba0) -- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes -- listing of /usr/lib64/sasl2 -- total 3500 drwxr-xr-x 2 root root 4096 Nov 22 23:17 . drwxr-xr-x 55 root root 36864 Nov 21 04:03 .. -rwxr-xr-x 1 root root890 Sep 4 03:04 libanonymous.la -rwxr-xr-x 1 root root 15880 Sep 4 03:05 libanonymous.so -rwxr-xr-x 1 root root 15880 Sep 4 03:05 libanonymous.so.2 -rwxr-xr-x 1 root root 15880 Sep 4 03:05 libanonymous.so.2.0.22 -rwxr-xr-x 1 root root876 Sep 4 03:04 libcrammd5.la -rwxr-xr-x 1 root root 19264 Sep 4 03:05 libcrammd5.so -rwxr-xr-x 1 root root 19264 Sep 4 03:05 libcrammd5.so.2 -rwxr-xr-x 1 root root 19264 Sep 4 03:05 libcrammd5.so.2.0.22 -rwxr-xr-x 1 root root899 Sep 4 03:04 libdigestmd5.la -rwxr-xr-x 1 root root 48520 Sep 4 03:05 libdigestmd5.so -rwxr-xr-x 1 root root 48520 Sep 4 03:05 libdigestmd5.so.2 -rwxr-xr-x 1 root root 48520 Sep 4 03:05 libdigestmd5.so.2.0.22 -rwxr-xr-x 1 root root939 Sep 4 03:04 libgssapiv2.la -rwxr-xr-x 1 root root 28096 Sep 4 03:05 libgssapiv2.so -rwxr-xr-x 1 root root 28096 Sep 4 03:05 libgssapiv2.so.2 -rwxr-xr-x 1 root root 28096 Sep 4 03:05 libgssapiv2.so.2.0.22 -rwxr-xr-x 1 root root883 Sep 4 03:04 libldapdb.la -rwxr-xr-x 1 root root 17736 Sep 4 03:05 libldapdb.so -rwxr-xr-x 1 root root 17736 Sep 4 03:05 libldapdb.so.2 -rwxr-xr-x 1 root root 17736 Sep 4 03:05 libldapdb.so.2.0.22 -rwxr-xr-x 1 root root862 Sep 4 03:04 liblogin.la -rwxr-xr-x 1 root root 16448 Sep 4 03:05 liblogin.so -rwxr-xr-x 1 root root 16448 Sep 4 03:05 liblogin.so.2 -rwxr-xr-x 1 root root 16448 Sep 4 03:05 liblogin.so.2.0.22 -rwxr-xr-x 1 root root864 Sep 4 03:04 libntlm.la -rwxr-xr-x 1 root root 32704 Sep 4 03:05 libntlm.so -rwxr-xr-x 1 root root 32704 Sep 4 03:05 libntlm.so.2 -rwxr-xr-x 1 root root 32704 Sep 4 03:05 libntlm.so.2.0.22 -rwxr-xr-x 1 root root862 Sep 4 03:04 libplain.la -rwxr-xr-x 1 root root 16416 Sep 4 03:05 libplain.so -rwxr-xr-x 1 root root 16416 Sep 4 03:05 libplain.so.2 -rwxr-xr-x 1 root root 16416 Sep 4 03:05 libplain.so.2.0.22 -rwxr-xr-x 1 root root936 Sep 4 03:04 libsasldb.la -rwxr-xr-x 1 root root 893304 Sep 4 03:05 libsasldb.so -rwxr-xr-x 1 root root 893304 Sep 4 03:05 libsasldb.so.2 -rwxr-xr-x 1 root root 893304 Sep 4 03:05 libsasldb.so.2.0.22 -rwxr-xr-x 1 root root878 Sep 4 03:04 libsql.la -rwxr-xr-x 1 root root 24808 Sep 4 03:05 libsql.so -rwxr-xr-x 1 root root 24808 Sep 4 03:05 libsql.so.2 -rwxr-xr-x 1 root root 24808 Sep 4 03:05 libsql.so.2.0.22 -rw-r--r-- 1 root root 25 Mar 15 2007 Sendmail.conf -rw-r--r-- 1 root root280 Nov 22 23:17 smtpd.conf -- listing of /usr/lib/sasl2 -- total 3440 drwxr-xr-x 2 root root 4096 Nov 20 13:43 . drwxr-xr-x 50 root root 28672 Nov 20 13:43 .. -rwxr-xr-x 1 root root884 Sep 4 03:04 libanonymous.la -rwxr-xr-x 1 root root 14372 Sep 4 03:04 libanonymous.so -rwxr-xr-x 1 root root 14372 Sep 4 03:04 libanonymous.so.2 -rwxr-xr-x 1 root root 14372 Sep 4 03:04 libanonymous.so.2.0.22 -rwxr-xr-x 1 root root870 Sep 4 03:04 libcrammd5.la -rwxr-xr-x 1 root root 16832 Sep 4 03:04 libcrammd5.so -rwxr-xr-x 1 root root 16832 Sep 4 03:04 libcrammd5.so.2 -rwxr-xr-x 1 root root 16832 Sep 4 03:04 libcrammd5.so.2.0.22 -rwxr-xr-x 1 root root893 Sep 4 03:04 libdigestmd5.la -rwxr-xr-x 1 root root 47172 Sep 4 03:04 libdigestmd5.so -rwxr-xr-x 1 root root 47172 Sep 4 03:04 libdigestmd5.so.2 -rwxr-xr-x 1 root root 47172 Sep 4 03:04 libdigestmd5.so.2.0.22 -rwxr-xr-x 1 root root933 Sep 4 03:04 libgssapiv2.la -rwxr-xr-x 1 root root
Re: Postfix/Cyrus Forwarding Question
I belive the best way to way to to this is to use sieve k - Dennis Putnam dennis.put...@aimaudit.com wrote: I'm not sure if this is the right forum for this question but I don't know where else to start. I am running Postfix/Cyrus on the same server that contains user home directories. The forwarding mechanism (.forward) is, of course, working and I understand it. What I don't understand is how this mechanism works, or even if it does, when a user's home directory is on a different server than Postfix/Cyrus. In other words when Postfix/Cyrus does not have access to the user's home directory. Or is there some other delivery mechanism involved that I am missing? Thanks. Can someone explain if this can work and if, so how. If not, what do users do in that case? Thanks. Dennis Putnam Sr. IT Systems Administrator AIM Systems, Inc. 11675 Rainwater Dr., Suite 200 Alpharetta, GA 30009 Phone: 678-240-4112 Main Phone: 678-297-0700 FAX: 678-297-2666 or 770-576-1000 The information contained in this e-mail and any attachments is strictly confidential. If you are not the intended recipient, any use, dissemination, distribution, or duplication of any part of this e-mail or any attachment is prohibited. If you are not the intended recipient, please notify the sender by return e-mail and delete all copies, including the attachments.
RE: About SMTP Auth with Mysql
Thanks for answer I will check mysql proxy -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Patrick Ben Koetter Sent: Wednesday, November 25, 2009 11:06 PM To: postfix-users@postfix.org Subject: Re: About SMTP Auth with Mysql Vahriç, * Vahriç Muhtaryan vah...@doruk.net.tr: You can find out related out below. thanks for the debug output. Your config looks okay. Your problem is - as I understand it - you want Cyrus SASL to do something it can't do: 1. If you list more than one host with $sql_hostnames then those hosts will be queried in order listed from left to right. 2. The first host in the list that answers will be used. Any other host will not be queried. 3. It is not possible to query all hosts at the same time. So, if you want to query several MySQL servers at the same time, it cannot be done. All I can think of is moving your data to one SQL server instance. OTOH maybe you can use mysql-proxy http://forge.mysql.com/wiki/MySQL_Proxy, configure that to transform the query to query both servers and let SASL query the mysql-proxy. HTH, p...@rick Regards Vahric [r...@postfix-auth1 ~]# ./saslfinger-1.0.3/saslfinger -s saslfinger - postfix Cyrus sasl configuration Wed Nov 25 18:47:20 EET 2009 version: 1.0.2 mode: server-side SMTP AUTH -- basics -- Postfix: 2.5.9 System: CentOS release 5.4 (Final) -- smtpd is linked to -- libsasl2.so.2 = /usr/lib64/libsasl2.so.2 (0x003dfba0) -- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes -- listing of /usr/lib64/sasl2 -- total 3500 drwxr-xr-x 2 root root 4096 Nov 22 23:17 . drwxr-xr-x 55 root root 36864 Nov 21 04:03 .. -rwxr-xr-x 1 root root890 Sep 4 03:04 libanonymous.la -rwxr-xr-x 1 root root 15880 Sep 4 03:05 libanonymous.so -rwxr-xr-x 1 root root 15880 Sep 4 03:05 libanonymous.so.2 -rwxr-xr-x 1 root root 15880 Sep 4 03:05 libanonymous.so.2.0.22 -rwxr-xr-x 1 root root876 Sep 4 03:04 libcrammd5.la -rwxr-xr-x 1 root root 19264 Sep 4 03:05 libcrammd5.so -rwxr-xr-x 1 root root 19264 Sep 4 03:05 libcrammd5.so.2 -rwxr-xr-x 1 root root 19264 Sep 4 03:05 libcrammd5.so.2.0.22 -rwxr-xr-x 1 root root899 Sep 4 03:04 libdigestmd5.la -rwxr-xr-x 1 root root 48520 Sep 4 03:05 libdigestmd5.so -rwxr-xr-x 1 root root 48520 Sep 4 03:05 libdigestmd5.so.2 -rwxr-xr-x 1 root root 48520 Sep 4 03:05 libdigestmd5.so.2.0.22 -rwxr-xr-x 1 root root939 Sep 4 03:04 libgssapiv2.la -rwxr-xr-x 1 root root 28096 Sep 4 03:05 libgssapiv2.so -rwxr-xr-x 1 root root 28096 Sep 4 03:05 libgssapiv2.so.2 -rwxr-xr-x 1 root root 28096 Sep 4 03:05 libgssapiv2.so.2.0.22 -rwxr-xr-x 1 root root883 Sep 4 03:04 libldapdb.la -rwxr-xr-x 1 root root 17736 Sep 4 03:05 libldapdb.so -rwxr-xr-x 1 root root 17736 Sep 4 03:05 libldapdb.so.2 -rwxr-xr-x 1 root root 17736 Sep 4 03:05 libldapdb.so.2.0.22 -rwxr-xr-x 1 root root862 Sep 4 03:04 liblogin.la -rwxr-xr-x 1 root root 16448 Sep 4 03:05 liblogin.so -rwxr-xr-x 1 root root 16448 Sep 4 03:05 liblogin.so.2 -rwxr-xr-x 1 root root 16448 Sep 4 03:05 liblogin.so.2.0.22 -rwxr-xr-x 1 root root864 Sep 4 03:04 libntlm.la -rwxr-xr-x 1 root root 32704 Sep 4 03:05 libntlm.so -rwxr-xr-x 1 root root 32704 Sep 4 03:05 libntlm.so.2 -rwxr-xr-x 1 root root 32704 Sep 4 03:05 libntlm.so.2.0.22 -rwxr-xr-x 1 root root862 Sep 4 03:04 libplain.la -rwxr-xr-x 1 root root 16416 Sep 4 03:05 libplain.so -rwxr-xr-x 1 root root 16416 Sep 4 03:05 libplain.so.2 -rwxr-xr-x 1 root root 16416 Sep 4 03:05 libplain.so.2.0.22 -rwxr-xr-x 1 root root936 Sep 4 03:04 libsasldb.la -rwxr-xr-x 1 root root 893304 Sep 4 03:05 libsasldb.so -rwxr-xr-x 1 root root 893304 Sep 4 03:05 libsasldb.so.2 -rwxr-xr-x 1 root root 893304 Sep 4 03:05 libsasldb.so.2.0.22 -rwxr-xr-x 1 root root878 Sep 4 03:04 libsql.la -rwxr-xr-x 1 root root 24808 Sep 4 03:05 libsql.so -rwxr-xr-x 1 root root 24808 Sep 4 03:05 libsql.so.2 -rwxr-xr-x 1 root root 24808 Sep 4 03:05 libsql.so.2.0.22 -rw-r--r-- 1 root root 25 Mar 15 2007 Sendmail.conf -rw-r--r-- 1 root root280 Nov 22 23:17 smtpd.conf -- listing of /usr/lib/sasl2 -- total 3440 drwxr-xr-x 2 root root 4096 Nov 20 13:43 . drwxr-xr-x 50 root root 28672 Nov 20 13:43 .. -rwxr-xr-x 1 root root884 Sep 4 03:04 libanonymous.la -rwxr-xr-x 1 root root 14372 Sep 4 03:04 libanonymous.so -rwxr-xr-x 1 root root 14372 Sep 4 03:04 libanonymous.so.2 -rwxr-xr-x 1 root root 14372 Sep 4 03:04 libanonymous.so.2.0.22 -rwxr-xr-x 1 root root870 Sep 4 03:04 libcrammd5.la -rwxr-xr-x 1 root root 16832 Sep 4 03:04 libcrammd5.so -rwxr-xr-x 1 root root 16832 Sep 4 03:04 libcrammd5.so.2 -rwxr-xr-x 1 root root 16832 Sep 4 03:04 libcrammd5.so.2.0.22 -rwxr-xr-x 1 root root893 Sep 4
