overide transport table
Hi @ll, is there a way to overide transport table for specific sender domains Backgound: ich have two domains which deliver out over a relay by sender_dependent_relayhost_maps, also, there is a mailman list and virtual domains on the server which deliver directly out for known reasons i want to use some slow transports for some outbound domians but not for the ones which are in sender_dependent_relayhost_maps as i looked to the postfix doku there is no way to goal this in simple way ( without postfix instances...) can anybody verify that, or did i miss some more easy possible way -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: policy service for multiple recipients
Noel Jones wrote: On 3/18/2010 10:41 AM, Alex wrote: Hi All My problem is describe here http://www.mail-archive.com/postfix-users@postfix.org/msg16775.html Basically I have a mysql table with thousands recipients , on the left hand I have recipient and on the right hand I have the action (REJECT) and some additional text u...@domain.tld REJECT Additional text In case of am multi-recipient message, if I use check_recipient_access and one of recipients is found in that table, the all message is rejected and affects all recipients of the message. No, that's not how postfix works. Only the current recipient is rejected. Every other recipient gets their own chance to be accepted or rejected. If postfix does not behave this way for you, then you've misconfigured something. Feel free to follow these directions to ask for help: http://www.postfix.org/DEBUG_README.html#mail From docs I understand that if I want to treat different every recipient ,I have two solutions : You're reading a different part of the docs that does not apply to smtpd_recipient_restrictions, or an action other than REJECT. -- Noel Jones Hi Thank you for you answer but I can't figure what is wrong. I review my config and make more tests. The relevant part is that : 1. if I use telnet , connect to the server Mail From:t...@mydomain.tld RCPT TO:recipient1 250 2.1.5 Ok RCPT TO:recipient2 #listed recipient 554 5.7.1 recipient2: Recipient address rejected: some text DATA 354 End data with CRLF.CRLF test . 250 2.0.0 Ok: queued as A532D67CC4B The message is delivered to the first recipient (correct and described behavior) I have put the server in verbose mode and do the same test but with thunderbird and a webmail client. ... postfix/smtpd[5652]: send attr protocol_state = RCPT postfix/smtpd[5652]: unknown[myip]: RCPT TO:recipient1 postfix/smtpd[5652]: dict_proxy_lookup: table=mysql:/etc/postfix/mysql-recipient.cf flags=lock|fold _fix key=recipient1 - status=1 result= .. postfix/smtpd[5652]: send attr protocol_state = RCPT postfix/smtpd[5652]: unknown[myip]: RCPT TO:recipient2 postfix/smtpd[5652]: dict_proxy_lookup: table=mysql:/etc/postfix/mysql-recipient.cf flags=lock|fold _fix key=recipient2- status=0 result=REJECT postfix/smtpd[5652]: check_table_result: proxy:mysql:/etc/postfix/mysql-recipient.cf REJECT postfix/smtpd[5652]: 9BA3467CC45: reject: RCPT from unknown[myip]: 554 5.7.1 recipient2: text from=myaddress to=recipeint2 proto=ESMTP helo=localhost.localdomain postfix/smtpd[5652]: generic_checks: name=check_recipient_access status=2 postfix/smtpd[5652]: unknown[myip]: 554 5.7.1 recipient2: Recipient address rejected: text Both recipients are evaluated , the second gets rejected but no message is delivered (to the first recipient) My relevant configs are: smtpd_recipient_restrictions = check_recipient_access proxy:mysql:/etc/postfix/mysql-recipient.cf, permit_mynetworks, permit_sasl_authenticated, permit Viktor also wrote : From false premises (the above is not true), you get false conclusions. Postfix rejects just the recipient in question. If the sending SMTP client fails to process the rejection of a single recipient out of many correctly, then this client is the problem. Generally, only MUAs and other submission SMTP talkers have such issues. If you are an MSA for poorly Alex
Re: Milter SMFIC_HEADER failure (huh, due to success? :-)
Wietse Venema: Sean Reifschneider: On 03/18/2010 05:57 AM, Wietse Venema wrote: If the Postfix milter_protocol setting specifies a too high version, the libmilter library simply hangs up without logging We've tried protocol versions 2, 4, and 6 with the same error. We've also tried two different versions of the libmilter: 8.13 and 8.14. We're trying version 3 of the protocol right now, but it will take a while to know for sure what the result of that is. It only happens for a few specific users who only send mail a few times a day. My experience in the past has been that having the wrong protocol version causes problems on all the milter interactions. In this case the milter is working fine for almost all the requests, except for a couple of users (out of thousands). Unfortunately, it seems that my crystal ball isn't working today. FYI, The crystal ball is still blank. In the mean time, it would help if you could provide verbose (smtpd AND cleanup) logging for a failed session. Please include information about Postfix version and configuration, as well as python filter version and configuration, and libmilter version information. Then, I'll see if the problem can be reproduced. Wietse
Re: Counting clients in smtpd_client_recipient_rate_limit with XFORWARD
Patrick Ben Koetter: When a message reenters from an instance that uses XFORWARD, for example amavis, will Postfix count the IP used twice and, for example, add that to smtpd_client_recipient_rate_limit? Rate limits apply to the real client IP address not the forwarded one, subject to $smtpd_client_event_limit_exceptions. Wietse
Re: overide transport table
Robert Schetterer: Hi @ll, is there a way to overide transport table for specific sender domains Content filter overrides transport_maps. Wietse
Re: every...@example.com virtual_alias_maps using ldap query
I am resending this because I've accidentaly sent the last email in HTML format, sorry. Original Message Subject: Re: every...@example.com virtual_alias_maps using ldap query From: Victor Duchovni victor.ducho...@morganstanley.com To: Ronie Gilberto Henrich ro...@ronie.com.br Cc: postfix-users@postfix.org Date: Thu Mar 18 2010 14:00:45 GMT-0300 Something like a support for variables (%u) on the left side? Example: everyone_query_filter = ((accountStatus=active)(%u=everyone)) This is not simpler it is simply wrong. The substituted LDAP search filter is parsed by LDAP server, not Postfix. Postfix will not try to interpret a subset of the conditions in the LDAP filter. To make every...@example.com an address, create an LDAP object with that address. If the LDAP object needs to expans to all user addresses, make it an LDAP-URI valued group. If the group is large (thousands of recipients), do the expansion on a dedicated list server, not your primary Postfix queue. You mean something like the ldap object below? mail=every...@example.com,ou=Mail,o=example,c=com ObjectClass=referral ref=ldaps://localhost/ou=Mail,o=example,c=com I did that and it does list all ou=Mail,o=example,c=com mail accounts. Then I modified my ldap:everyone mappings to the folowing: virtual_alias_maps = ldap:everyone everyone_server_host = ldaps://localhost everyone_version = 3 everyone_search_base = ou=Mail,o=example,c=com everyone_query_filter = (mail=%s) everyone_result_attribute = mail But it does not work. 550 every...@example.com: Recipient address rejected: User unknown; Any ideas of what I am doing wrong? Thanks, Ronie
Re: overide transport table
Am 19.03.2010 11:41, schrieb Wietse Venema: Robert Schetterer: Hi @ll, is there a way to overide transport table for specific sender domains Content filter overrides transport_maps. Wietse Thx Wiestse for info, such was i expected, in my/this case its no urgent enough to fix this by a content filter -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: overide transport table
Robert Schetterer: Am 19.03.2010 11:41, schrieb Wietse Venema: Robert Schetterer: Hi @ll, is there a way to overide transport table for specific sender domains Content filter overrides transport_maps. Wietse Thx Wiestse for info, such was i expected, in my/this case its no urgent enough to fix this by a content filter I did NOT tell you to use a content filter. I told you to use the filter FEATURE to override transport maps. For example, - A content filter of smtp:1.2.3.4 will send mail out via smtp to host 1.2.3.4, overriding the transport maps, relayhost, etc. - With Postfix 2.7, a content filter of foobar: will send mail out via a master.cf foobar transport to whatever the destination is, again overriding the transport maps, relayhost, etc. Postfix 2.7 supports filter destinations without host or port. Wietse
alternatative to Mailman
Hi there, I know this isn't exactly a Postfix question, but as postfix's administrators the users of this list probably can answer the question. Does anyone can recommend any good alternative to Mailman as a Mailing Lists Manager that plugs well with Postfix? My only problem with Mailman is that I can't have two lists with the same 'mailbox' (the part before the @) in different virtual domains (i.e. supp...@company.com and supp...@anothercompany.com), and this is mandatory in my setup. I know there is some patches that enables that functionality, but they are quite old and doesn't work well in actual versions of Mailman. I need a web management interface, so the managers of each list can do all the tasks they need. Email interface is OK, but since the users are not exactly technical experts, a web interface is better. And a Brazilian Portuguese translation is another plus. On Postfix add-ons page I could see some, but I never heard about them (besides majordomo and Mailman). Thanks in advance, Mauro
SMTP failure
One of my users had problems receiving from Yahoo a couple days ago. The sender (in FLA) got this: From: mailer-dae...@yahoo.com mailer-dae...@yahoo.com To: xx...@yahoo.com Sent: Sun, March 7, 2010 5:51:09 PM Subject: failure notice Hi. This is the qmail-send program at yahoo.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. xx...@slsware.com: CNAME lookup failed temporarily. (#4.4.3) I'm not going to try again; this message has been in the queue too long. I got the sender on the phone and had him send while I watched the mail log. Nothing showed up. Then I got ahold of Yahoo's error message today. (I receive from Yahoo accounts frequently with no probs that I know of.) It looks to me like the problem has something to do with DNS, not SMTP, right? And why would Yahoo be doing a CNAME lookup? (I checked from a remote site -- my domain's MX server's IP is an A, and I don't see anything having to do with CNAMEs in 'host -t MX slsware.com'.) One of my nameservers is on an ISDN connection -- the latency there is 140ms or so (the other's a much more responsive T1). Might that have had something to do with it? -- Glenn English g...@slsware.com
Re: policy service for multiple recipients
On Fri, Mar 19, 2010 at 12:27:21PM +0200, Alex wrote: Noel Jones wrote: On 3/18/2010 10:41 AM, Alex wrote: In case of am multi-recipient message, if I use check_recipient_access and one of recipients is found in that table, the all message is rejected and affects all recipients of the message. No, that's not how postfix works. Only the current recipient is rejected. Every other recipient gets their own chance to be accepted or rejected. snip Thank you for you answer but I can't figure what is wrong. I review my config and make more tests. The relevant part is that : 1. if I use telnet , connect to the server Mail From:t...@mydomain.tld RCPT TO:recipient1 250 2.1.5 Ok RCPT TO:recipient2 #listed recipient 554 5.7.1 recipient2: Recipient address rejected: some text DATA Different SMTP clients act differently. Here you are the client. You're remembering that you had a 250 for recipient1, so you did not abort at the 554 for recipient2. You went on through DATA, successfully completing the SMTP session. 354 End data with CRLF.CRLF test . 250 2.0.0 Ok: queued as A532D67CC4B The message is delivered to the first recipient (correct and described behavior) And this is typical of MTA SMTP clients. I have put the server in verbose mode and do the same test but with thunderbird and a webmail client. snip Both recipients are evaluated , the second gets rejected but no message is delivered (to the first recipient) You cut out the relevant part of the logs, which in NON-verbose mode would have probably showed the client disconnecting. It ended the session without DATA. Viktor also wrote : From false premises (the above is not true), you get false conclusions. Postfix rejects just the recipient in question. If the sending SMTP client fails to process the rejection of a single recipient out of many correctly, then this client is the problem. Generally, only MUAs and other submission SMTP talkers have such issues. If you are an MSA for poorly Thunderbird is a MUA, a submission client. It's not a MTA. It looks like it considers any rejection to be absolute. Attachment issues, you might call it in psychobabble; it cannot handle rejection. Maybe it's a bug ... strictly speaking it is, but the role of a MUA is different, so perhaps this is the best thing for a MUA to do. It alerts the user that his/her recipient list has problems, and forces the user to correct those problems before sending the mail. As Victor was saying, this is not uncommon for submission clients. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Mails bounced 550 5.7.1
Hi, On last Postfix install on new server some mails are refused with error 550 5.7.1 se the report : c.tra...@aflo.be: host gw.aflo.be[87.66.26.108] said: 550 5.7.1 Your email messages have been blocked by the recipient OR by Trend Micro Email Reputation Service. Contact the recipient or his/her administrator using alternate means to resolve the issue. (in reply to RCPT TO command) How to fix ? Thanks for your help. Sam.
Re: alternatative to Mailman
Hi Marc, Thanks for your suggestion: I'll take a look at it. Last time I used majordomo was in the 90's, I don't know if there is a web interface. Can you tell me if there is a official one? Or can you recommend another software to ease the management? Again, thanks. Mauro On Fri, Mar 19, 2010 at 10:53 AM, Marc G. Fournier scra...@hub.org wrote: We use Majordomo2 for the postgresql.org lists, and this definitely allows for supp...@domain1 seperate from supp...@domain2 ... On Fri, 19 Mar 2010, Mauro Faccenda wrote: Hi there, I know this isn't exactly a Postfix question, but as postfix's administrators the users of this list probably can answer the question. Does anyone can recommend any good alternative to Mailman as a Mailing Lists Manager that plugs well with Postfix? My only problem with Mailman is that I can't have two lists with the same 'mailbox' (the part before the @) in different virtual domains (i.e. supp...@company.com and supp...@anothercompany.com), and this is mandatory in my setup. I know there is some patches that enables that functionality, but they are quite old and doesn't work well in actual versions of Mailman. I need a web management interface, so the managers of each list can do all the tasks they need. Email interface is OK, but since the users are not exactly technical experts, a web interface is better. And a Brazilian Portuguese translation is another plus. On Postfix add-ons page I could see some, but I never heard about them (besides majordomo and Mailman). Thanks in advance, Mauro Marc G. Fournier Hub.Org Hosting Solutions S.A. scra...@hub.org http://www.hub.org Yahoo:yscrappy Skype: hub.org ICQ:7615664 MSN:scra...@hub.org
Re: alternatative to Mailman
Last time I used majordomo was in the 90's, I don't know if there is a web interface. Can you tell me if there is a official one? Or can you recommend another software to ease the management? Majordomo2 is a complete rewrite from scratch. All it shares with mj1 is the basic commands used in control messages. MJ2 has a web interface (more cluttered than mailmain, but quite powerful and, I can say from experience, quite usable by my users) and a shell interface if you have ssh access to the machine where mj2 runs. I've been using it for years, it works great. It does have migration tools so it's relatively straightforward to switch from mj1. R's, John
Re: Mails bounced 550 5.7.1
The problem occur when we send mail to this domain, we had no problems before we changed our IP mail server and MX record for our domain. Sam. Martijn de Munnik - Postfix List a écrit : On Fri, 19 Mar 2010 15:06:42 +0100, Sam Przyswa s...@arial-concept.com wrote: Hi, On last Postfix install on new server some mails are refused with error 550 5.7.1 se the report : Are these mails entering your system or are these mails leaving your system? If the mails are leaving your system then the remote site has decided not to accept your e-mail. c.tra...@aflo.be: host gw.aflo.be[87.66.26.108] said: 550 5.7.1 Your email messages have been blocked by the recipient OR by Trend Micro Email Reputation Service. Contact the recipient or his/her administrator using alternate means to resolve the issue. (in reply to RCPT TO command) How to fix ? Thanks for your help. Sam. -- Sam Przyswa - Chef de projet Email: s...@arial-concept.com Arial Concept - Intégrateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - Fax: 01 40 54 83 01 Fax privé: 09 57 12 27 22 Skype ID: arial-concept Web: http://www.arial-concept.com
filtering messages without using another LDA
Hi again, I'm using a setup integrated with Active Directory with Maildir and I need to do some filtering in messages (basically manipulating some headers). Using procmail as a transport like: --- procmail unix - n n - - pipe flags=Ru user=vmail argv=/usr/bin/procmail -t -m USER=${user} DOMAIN=${domain} EXTENSION=${extension} /etc/procmailrc --- This setup doesn't work well for me because it doesn't update the maildirsize (I'm using the VDA patches in Postfix) file in the user's Maildir and it doesn't automatically create the Maildir when needed. Without using procmail as a transport it does it very well. I am wondering if I can use procmail (or some other filtering software) in another way so it does it's filtering and then send the message back to Postfix, like my DSPAM setup, that uses the LMTP socket, filters the message and send it to the LMTP in the localhost:10026 port. --- smtp inet n - - - - smtpd -o content_filter=lmtp:unix:/var/run/dspam.sock 127.0.0.1:10026 inetn - - - - smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 --- Also, this setup works for both outgoing and incoming messages and I'd like to do it only for incoming messages.
Re: alternatative to Mailman
Thanks John, With that words said, definitively I'll give it a try. Mauro On Fri, Mar 19, 2010 at 11:19 AM, John Levine jo...@iecc.com wrote: Last time I used majordomo was in the 90's, I don't know if there is a web interface. Can you tell me if there is a official one? Or can you recommend another software to ease the management? Majordomo2 is a complete rewrite from scratch. All it shares with mj1 is the basic commands used in control messages. MJ2 has a web interface (more cluttered than mailmain, but quite powerful and, I can say from experience, quite usable by my users) and a shell interface if you have ssh access to the machine where mj2 runs. I've been using it for years, it works great. It does have migration tools so it's relatively straightforward to switch from mj1. R's, John
Re: Mails bounced 550 5.7.1
Sam Przyswa: Hi, On last Postfix install on new server some mails are refused with error 550 5.7.1 se the report : x...@aflo.be: host gw.aflo.be[87.66.26.108] said: 550 5.7.1 Your email messages have been blocked by the recipient OR by Trend Micro Email Reputation Service. Contact the recipient or his/her administrator using alternate means to resolve the issue. (in reply to RCPT TO command) How to fix ? Options: a) Contact the recipient or his/her administrator using alternate means, to find out why he/she is blocking your mail. b) Contact the recipient's administrator using alternate means, to find out why the Trend Micro Email Reputation Service is blocking your mail. c) Just send the undeliverable email message using alternate means, and forget about solving the problem. Alternate means could involve sending mail from a freemail service. Wietse
Re: policy service for multiple recipients
/dev/rob0 wrote: On Fri, Mar 19, 2010 at 12:27:21PM +0200, Alex wrote: Noel Jones wrote: On 3/18/2010 10:41 AM, Alex wrote: In case of am multi-recipient message, if I use check_recipient_access and one of recipients is found in that table, the all message is rejected and affects all recipients of the message. No, that's not how postfix works. Only the current recipient is rejected. Every other recipient gets their own chance to be accepted or rejected. snip Thank you for you answer but I can't figure what is wrong. I review my config and make more tests. The relevant part is that : 1. if I use telnet , connect to the server Mail From:t...@mydomain.tld RCPT TO:recipient1 250 2.1.5 Ok RCPT TO:recipient2 #listed recipient 554 5.7.1 recipient2: Recipient address rejected: some text DATA Different SMTP clients act differently. Here you are the client. You're remembering that you had a 250 for recipient1, so you did not abort at the 554 for recipient2. You went on through DATA, successfully completing the SMTP session. 354 End data with CRLF.CRLF test . 250 2.0.0 Ok: queued as A532D67CC4B The message is delivered to the first recipient (correct and described behavior) And this is typical of MTA SMTP clients. I have put the server in verbose mode and do the same test but with thunderbird and a webmail client. snip Both recipients are evaluated , the second gets rejected but no message is delivered (to the first recipient) You cut out the relevant part of the logs, which in NON-verbose mode would have probably showed the client disconnecting. It ended the session without DATA. Viktor also wrote : From false premises (the above is not true), you get false conclusions. Postfix rejects just the recipient in question. If the sending SMTP client fails to process the rejection of a single recipient out of many correctly, then this client is the problem. Generally, only MUAs and other submission SMTP talkers have such issues. If you are an MSA for poorly Thunderbird is a MUA, a submission client. It's not a MTA. It looks like it considers any rejection to be absolute. Attachment issues, you might call it in psychobabble; it cannot handle rejection. Maybe it's a bug ... strictly speaking it is, but the role of a MUA is different, so perhaps this is the best thing for a MUA to do. It alerts the user that his/her recipient list has problems, and forces the user to correct those problems before sending the mail. As Victor was saying, this is not uncommon for submission clients. Thank you /dev/rob0 You cut out the relevant part of the logs, which in NON-verbose mode would have probably showed the client disconnecting. It ended the session without DATA. that's correct : postfix/smtpd[5652]: unknown[myip]: 554 5.7.1 recipient2: Recipient address rejected: text postfix/smtpd[5652]: unknown[myip]: QUIT postfix/smtpd[5652]: unknown[myip]: 221 2.0.0 Bye after the second RCPT To evaluation, MUA doesn't send DATA , it give up by sending QUIT command. Thank you all Alex
Re: Mails bounced 550 5.7.1
On Fri, 19 Mar 2010 15:31:18 +0100, Sam Przyswa s...@arial-concept.com wrote: The problem occur when we send mail to this domain, we had no problems before we changed our IP mail server and MX record for our domain. Your mailserver seems to be listed on several blacklists, please fix those problems first. Backscatter.org SORBS-SPAM UCEPROTECTL2 maybe others... Sam. Martijn de Munnik - Postfix List a écrit : On Fri, 19 Mar 2010 15:06:42 +0100, Sam Przyswa s...@arial-concept.com wrote: Hi, On last Postfix install on new server some mails are refused with error 550 5.7.1 se the report : Are these mails entering your system or are these mails leaving your system? If the mails are leaving your system then the remote site has decided not to accept your e-mail. c.tra...@aflo.be: host gw.aflo.be[87.66.26.108] said: 550 5.7.1 Your email messages have been blocked by the recipient OR by Trend Micro Email Reputation Service. Contact the recipient or his/her administrator using alternate means to resolve the issue. (in reply to RCPT TO command) How to fix ? Thanks for your help. Sam.
Re: Mails bounced 550 5.7.1
Sam Przyswa: The problem occur when we send mail to this domain, we had no problems before we changed our IP mail server and MX record for our domain. In that case, it is likely that the IP address triggers a reject by the Trend Micro Email Reputation Service. For example: - You are suddenly sending email from a new IP address. - Your new IP address is listed with some DNS-based blocklist. Wietse Sam. Martijn de Munnik - Postfix List a ?crit : On Fri, 19 Mar 2010 15:06:42 +0100, Sam Przyswa s...@arial-concept.com wrote: Hi, On last Postfix install on new server some mails are refused with error 550 5.7.1 se the report : Are these mails entering your system or are these mails leaving your system? If the mails are leaving your system then the remote site has decided not to accept your e-mail. c.tra...@aflo.be: host gw.aflo.be[87.66.26.108] said: 550 5.7.1 Your email messages have been blocked by the recipient OR by Trend Micro Email Reputation Service. Contact the recipient or his/her administrator using alternate means to resolve the issue. (in reply to RCPT TO command) How to fix ? Thanks for your help. Sam. -- Sam Przyswa - Chef de projet Email: s...@arial-concept.com Arial Concept - Int?grateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - Fax: 01 40 54 83 01 Fax priv?: 09 57 12 27 22 Skype ID: arial-concept Web: http://www.arial-concept.com
Re: Mails bounced 550 5.7.1
On Fri, Mar 19, 2010 at 03:06:42PM +0100, Sam Przyswa wrote: On last Postfix install on new server some mails are refused with error 550 5.7.1 se the report : c.tra...@aflo.be: host gw.aflo.be[87.66.26.108] said: 550 5.7.1 Your email messages have been blocked by the recipient OR by Trend Micro Email Reputation Service. Contact the recipient or his/her administrator using alternate means to resolve the issue. (in reply to RCPT TO command) This means that the recipient or the Trend Micro Email Reputation Service is blocking you, and you might be able to resolve the issue if you contact the recipient or his/her administrator using some other means, i.e., a freemail account or phone call. You could try postmas...@aflo.be, but I doubt that would get through. How to fix ? See above. Apparently you are assuming that there is something wrong in your Postfix install. While this is possible, nothing you showed us here suggests that. I don't even know what basis you had for this assumption. Email deliverability issues are very difficult. While some discussion of these issues is tolerated on here, it's not on topic here. We cannot discuss YOUR issue because you didn't think you needed to provide any information with this post. My WAG: maybe you don't have good FCrDNS for your host. See: http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS Do note: - This is not a Trend Micro nor aflo.be support forum - There is no Trend Micro plugin for Postfix -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: RBL whitelist?
On 3/18/2010 5:28 PM, Jan P. Kessler wrote: This whitelist is 1409 records long, so indeed as you say very small. I suppose I could download it and host it locally. Apparently AXFR is not allowed, but plain text HTTP download is, so that's good enough. Then I would only need an efficient and robust way for postfix to use it. If they let you download a list of IPs, just use your favorite sed/awk/perl to change it into an access table. The question is: Will this be really more reliable than using a policy service that simply queries dns for this task? Assuming the list doesn't change very often so that updates a couple times a day will be sufficient, and assuming a sane update script that eg. doesn't clobber the existing list on failure etc., a local access table is faster and at least as reliable as a DNS query. -- Noel Jones
How to limit # of messages for one destination in the active queue?
Hello, I have a somewhat busy mail relay running postfix 2.7, which has problems with a slow destination. The symptom: the incoming queue grows large, the active queue is always at qmgr_message_active_limit and only (well, mostly) contains messages for the slow domain. What I have already tried: - growing the active_limit, which of course could help only by setting so high that it could suck in all messages in the incoming queue - defining a different transport for the slow domain and setting destination concurrency limits I don't really get the point in this, but I guess I've just overlooked something. Why is it good to move as much as qmgr_message_active_limit messages for the same domain into the active queue, without taking the outbound bandwidth into account? I mean if postfix sees that it can't deliver that much messages for the given domain as it moves into the active queue, it means it will lock (slow) everybody out, like the case below and inflate the size of the incoming queue and delivery times for other destinations. I can't limit the number (or rate) of incoming e-mails for that domain, and I can't increase the throughput of the destination, because I don't operate it (OK, that may be false, because postfix's destination concurrency adjusments can make it worse than what it could accept). So: - is there any way to let other domains get into the active queue in a fair manner? - is it possible to adjust the incoming-active rate according to the active-removed (delivered) rate? (reading through the docs I guess the basic idea is to make the mails into the deferred queue instead if the target behaves oddly, by blacklisting it, and decreasing the concurrency, but this doesn't help (maybe the opposite, it makes things worse) in this case) qshape outputs (incoming queue is truncated, it contains a lot more destinations) # qshape active T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 19994 0 9 64 212 704 2108 2066 4746 8557 1528 citromail.hu 19994 0 9 64 212 704 2108 2066 4746 8557 1528 # qshape incoming T 5 10204080 160 320 640 1280 1280+ TOTAL 372213 14382 5276 10390 19830 31805 55481 46843 103169 59415 25622 citromail.hu 125378 2645 919 1830 3649 5775 10539 9705 23019 41749 25548 freemail.hu 123731 6264 2280 4482 8526 13907 26275 17530 37212 7255 0 gmail.com 26613 1402 547 1094 2139 3149 4453 4200 8135 1494 0 hotmail.com 8384 524 181 349 636 1019 1340 1323 2515 497 0 yahoo.com 7261 228 91 171 450 596 2489 930 2079 227 0 vipmail.hu 6925 416 157 271 505 747 1174 1032 2182 441 0 t-online.hu 4413 193 86 176 307 479 795 592 1602 183 0 chello.hu 1737 104 4372 127 186 289 237 59084 5 indamail.hu 112061 204878 138 151 198 36759 0 invitel.hu94936 19385988 163 165 34635 0 mailbox.hu72448 14345778 112 107 24727 0 t-email.hu645358303668 10791 2064024 windowslive.com62341 1322606567 114 18655 0 msn.com61235 172038707773 25626 0 index.hu56139 112843838872 15740 0 fibermail.hu547309133646 10258 22524 4 c2.hu5213093229537986 17429 0 [...] I think qmgr would be fair, if the above table would contain the same line as now for citromail, and a lot of zeroes in the 5 and older columns for the other destinations (and of course lower numbers in the first column as well, because mails could get out quickly). For example delivery times after the messages could get into the active queue are fast for the other destinations: Mar 19 15:44:15 mail postfix/smtp[31804]: E55A981133: to=@freemail.hu, relay=fmx.freemail.hu[195.228.245.2]:25, delay=7161, delays=7160/0.01/0.19/1, dsn=2.0.0, status=sent (250 ok 1269009853 qp 89615) Mar 19 15:47:17 mail postfix/smtp[33163]: E8F598BD97: to=@gmail.com, relay=gmail-smtp-in.l.google.com[209.85.210.81]:25, delay=5222, delays=5221/0.01/0.35/0.92, dsn=2.0.0, status=sent (250 2.0.0 OK 1269010037 13si2214707yxe.45) Mar 19 15:47:12 mail postfix/smtp[33144]: E8FEA90176: to=@hotmail.com, relay=mx1.hotmail.com[65.54.188.126]:25, delay=4103, delays=4102/0/0.53/0.64, dsn=2.0.0, status=sent (250 26885169.544531269005928867.javamail.nore...@be Queued mail for delivery) And this is one for citromail: Mar 19 15:47:47 mail postfix/smtp[33147]:
Re: How to limit # of messages for one destination in the active queue?
What about setting a second instance up to use for your slow destinations. Then you can route to that instance from your production instance and keep those messages from impacting the faster sites. Cheers, Ken On Fri, Mar 19, 2010 at 03:58:42PM +0100, Attila Nagy wrote: Hello, I have a somewhat busy mail relay running postfix 2.7, which has problems with a slow destination. The symptom: the incoming queue grows large, the active queue is always at qmgr_message_active_limit and only (well, mostly) contains messages for the slow domain. What I have already tried: - growing the active_limit, which of course could help only by setting so high that it could suck in all messages in the incoming queue - defining a different transport for the slow domain and setting destination concurrency limits I don't really get the point in this, but I guess I've just overlooked something. Why is it good to move as much as qmgr_message_active_limit messages for the same domain into the active queue, without taking the outbound bandwidth into account? I mean if postfix sees that it can't deliver that much messages for the given domain as it moves into the active queue, it means it will lock (slow) everybody out, like the case below and inflate the size of the incoming queue and delivery times for other destinations. I can't limit the number (or rate) of incoming e-mails for that domain, and I can't increase the throughput of the destination, because I don't operate it (OK, that may be false, because postfix's destination concurrency adjusments can make it worse than what it could accept). So: - is there any way to let other domains get into the active queue in a fair manner? - is it possible to adjust the incoming-active rate according to the active-removed (delivered) rate? (reading through the docs I guess the basic idea is to make the mails into the deferred queue instead if the target behaves oddly, by blacklisting it, and decreasing the concurrency, but this doesn't help (maybe the opposite, it makes things worse) in this case) qshape outputs (incoming queue is truncated, it contains a lot more destinations) # qshape active T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 19994 0 9 64 212 704 2108 2066 4746 8557 1528 citromail.hu 19994 0 9 64 212 704 2108 2066 4746 8557 1528 # qshape incoming T 5 10204080 160 320640 1280 1280+ TOTAL 372213 14382 5276 10390 19830 31805 55481 46843 103169 59415 25622 citromail.hu 125378 2645 919 1830 3649 5775 10539 9705 23019 41749 25548 freemail.hu 123731 6264 2280 4482 8526 13907 26275 17530 37212 7255 0 gmail.com 26613 1402 547 1094 2139 3149 4453 4200 8135 1494 0 hotmail.com 8384 524 181 349 636 1019 1340 1323 2515 497 0 yahoo.com 7261 228 91 171 450 596 2489 930 2079 227 0 vipmail.hu 6925 416 157 271 505 747 1174 1032 2182 441 0 t-online.hu 4413 193 86 176 307 479 795 592 1602 183 0 chello.hu 1737 104 4372 127 186 289 237590 84 5 indamail.hu 112061 204878 138 151 198367 59 0 invitel.hu94936 19385988 163 165346 35 0 mailbox.hu72448 14345778 112 107247 27 0 t-email.hu645358303668 10791206 4024 windowslive.com62341 1322606567 114186 55 0 msn.com61235 172038707773256 26 0 index.hu56139 112843838872157 40 0 fibermail.hu547309133646 10258225 24 4 c2.hu5213093229537986174 29 0 [...] I think qmgr would be fair, if the above table would contain the same line as now for citromail, and a lot of zeroes in the 5 and older columns for the other destinations (and of course lower numbers in the first column as well, because mails could get out quickly). For example delivery times after the messages could get into the active queue are fast for the other destinations: Mar 19 15:44:15 mail postfix/smtp[31804]: E55A981133: to=@freemail.hu, relay=fmx.freemail.hu[195.228.245.2]:25, delay=7161, delays=7160/0.01/0.19/1, dsn=2.0.0, status=sent (250 ok 1269009853 qp 89615) Mar 19 15:47:17 mail postfix/smtp[33163]: E8F598BD97: to=@gmail.com, relay=gmail-smtp-in.l.google.com[209.85.210.81]:25, delay=5222, delays=5221/0.01/0.35/0.92, dsn=2.0.0, status=sent (250 2.0.0 OK 1269010037
Re: How to limit # of messages for one destination in the active queue?
On Fri, Mar 19, 2010 at 03:58:42PM +0100, Attila Nagy wrote: I have a somewhat busy mail relay running postfix 2.7, which has problems with a slow destination. I can't limit the number (or rate) of incoming e-mails for that domain, and I can't increase the throughput of the destination, because I don't operate it (OK, that may be false, because postfix's destination concurrency adjusments can make it worse than what it could accept). Forward mail for this domain to a separate queue (Postfix instance) that handles mail for this---and perhaps some other similar---domains. The slow domain will no longer clog your primary queue. Happy spamming... And this is one for citromail: Mar 19 15:47:47 mail postfix/smtp[33147]: 28E47768F4: to=@citromail.hu, relay=server03.citromail.hu[91.83.45.3]:25, conn_use=76, delay=9538, delays=5062/4475/0/0.33, dsn=2.0.0, status=sent (250 ok 1269010067 qp 29585) The latency of 0.33 seconds is not unreasonably high. Is this typical for deliveries to this domain? With a concurrency of 20, you should be able to deliver ~60 messages per second to this destination. Can you compute a smoothed latency for this destination? initialize: lavg := 0; count := 0; step: lavg := lavg * 0.95 + (c + d) * 0.05; count := count + 1 if (count % 100 == 0) println lavg; The c and d values would be the sum of the connection and delivery delays in the log entry. delays=a/b/c/d, ... How many concurrent connections do you have for this destination? What is the destination concurrency limit? -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: alternatative to Mailman
Mauro Faccenda wrote: Does anyone can recommend any good alternative to Mailman as a Mailing Lists Manager that plugs well with Postfix? I heard some praise for http://www.sympa.org/ But I never used it myself. -- Martin
Re: every...@example.com virtual_alias_maps using ldap query
On Thu, Mar 18, 2010 at 09:10:18PM -0300, Ronie Gilberto Henrich wrote: If the LDAP object needs to expans to all user addresses, make it an LDAP-URI valued group. If the group is large (thousands of recipients), do the expansion on a dedicated list server, not your primary Postfix queue. You mean something like the ldap object below? [6]mail=every...@example.com,ou=Mail,o=example,c=com ObjectClass=referral ref=ldaps://localhost/ou=Mail,o=example,c=com No, not a referral, an LDAP query URI (aka dynamic group). The above does not appear to have the syntax of a stored query, there is no filter part. I did that and it does list all ou=Mail,o=example,c=com mail accounts. What does this mean? What tool did you use? Then I modified my [7]ldap:everyone mappings to the folowing: virtual_alias_maps = [8]ldap:everyone everyone_server_host = ldaps://localhost everyone_version = 3 everyone_search_base = ou=Mail,o=example,c=com everyone_query_filter = (mail=%s) everyone_result_attribute = mail Where is the special_result_attribute definition? Did you read the ldap_table(5) documentation? But it does not work. 550 [9]every...@example.com: Recipient address rejected: User unknown; Any ideas of what I am doing wrong? Pretty much everything, so far... -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: alternatative to Mailman
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 19/3/10 16:17, Martin Schütte wrote: Mauro Faccenda wrote: Does anyone can recommend any good alternative to Mailman as a Mailing Lists Manager that plugs well with Postfix? I heard some praise for http://www.sympa.org/ But I never used it myself. I've been in the Mailman acknowledgments page for some time, and I sort of pushed the internatiolaisation of Mailman, which I'm really proud of. I'm also a declared Pythonist. But circumstances and organizational needs have made me to use Sympa and get ready for transitioning to it. Only thing I can say is that it is a wonderful performant tool, with a lot of excellent capabilities and extensions. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFLo5g0V6+mDjj1PTgRA951AJ9yYZh3XIMgjPgv194Hq63bwBXBhACgzMiZ Nxn2ROJ7DGAaryI/vaiZR1c= =ltCp -END PGP SIGNATURE-
Re: How to limit # of messages for one destination in the active queue?
Attila Nagy: So: - is there any way to let other domains get into the active queue in a No. Just like ordinary programs read large files sequentially using a limited amount of intermediate buffer space, the Postfix queue manager reads a large queue sequentially using a limited amount of buffer space called active queue. There is no mechanism to prioritizes which messages will enter the active queue. If the active queue is congested by slow destinations, then you have a few options: - Find out what is slowing down the deliveries. If a receiving site is smart, then it will rightfully rate-limit mail from strangers that send lots of mail without prior arrangements. - Use a transport map that routes mail to problem domains to a graveyard MTA, so that it won't clog up the deliveries to fast destinations. With a bit of scripting fu, you can kludge up transport maps on the fly by looking at mailq output. - Increase the size of the Postfix active queue, and make the active queue large enough so that it will pick up enough good destinations (besides bad ones) to keep mail flowing. Wietse
Re: SMTP failure
On Fri, Mar 19, 2010 at 06:08:12AM -0600, Glenn English wrote: It looks to me like the problem has something to do with DNS, not SMTP, right? Yes. And why would Yahoo be doing a CNAME lookup? Their MTA does that for all destinations, among other lookups. (I checked from a remote site -- my domain's MX server's IP is an A, and I don't see anything having to do with CNAMEs in 'host -t MX slsware.com'.) Your DNS server is a bit odd: $ dig +trace -t any slsware.com ... slsware.com.172800 IN NS ns1.richeyrentals.com. slsware.com.172800 IN NS ns1.slsware.com. slsware.com.172800 IN NS server.slsware.com. ;; Received 148 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 46 ms ;; connection timed out; no servers could be reached While asking for cname or mx works... Perhaps their code does a T_ANY lookup. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: alternatative to Mailman
Hm... that makes two recommendations, I'll take a look at it as well. Thanks Victoriano and Martin. Mauro 2010/3/19 Victoriano Giralt victori...@uma.es: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 19/3/10 16:17, Martin Schütte wrote: Mauro Faccenda wrote: Does anyone can recommend any good alternative to Mailman as a Mailing Lists Manager that plugs well with Postfix? I heard some praise for http://www.sympa.org/ But I never used it myself. I've been in the Mailman acknowledgments page for some time, and I sort of pushed the internatiolaisation of Mailman, which I'm really proud of. I'm also a declared Pythonist. But circumstances and organizational needs have made me to use Sympa and get ready for transitioning to it. Only thing I can say is that it is a wonderful performant tool, with a lot of excellent capabilities and extensions. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFLo5g0V6+mDjj1PTgRA951AJ9yYZh3XIMgjPgv194Hq63bwBXBhACgzMiZ Nxn2ROJ7DGAaryI/vaiZR1c= =ltCp -END PGP SIGNATURE-
Re: alternatative to Mailman
On 19 Mar 2010, at 15:53, Mauro Faccenda wrote: Hm... that makes two recommendations, I'll take a look at it as well. Thanks Victoriano and Martin. I have quite easily integrate mlmmj with Postfix, it's rather nice one you get setup. No fiddly web interfaces to worry about, it's all handled over email and with small config files for each list. All I had to do postfix side was create an alias for each list then have a virtual entry delivering to that local alias. The alias then fed the message directly into mlmmj and all was good. G. -- Imagine there were no hypothetical situations. http://playr.co.uk/
Re: How to limit # of messages for one destination in the active queue?
On 03/19/10 16:13, Victor Duchovni wrote: Forward mail for this domain to a separate queue (Postfix instance) that handles mail for this---and perhaps some other similar---domains. The slow domain will no longer clog your primary queue. You are right that this will solve the problem, but isn't more correct to do this automatically? I mean, this seems to be so basic that I don't understand why postfix doesn't include a mechanism to overcome it. Currently the only sane thing seems to be to raise the active queue limit to the size of (or near to) the incoming queue, which makes the delivery for other domains scream. But that's lame, and needs a lot of ram for a problem, which could be easily solved in other ways. No? Happy spamming... I'm not spamming, just relaying it from customers. :) BTW, these are e-mails, which the recipients are asked for. And they even complain if they don't get it, or it not arrives in time. And this is one for citromail: Mar 19 15:47:47 mail postfix/smtp[33147]: 28E47768F4: to=@citromail.hu, relay=server03.citromail.hu[91.83.45.3]:25, conn_use=76, delay=9538, delays=5062/4475/0/0.33, dsn=2.0.0, status=sent (250 ok 1269010067 qp 29585) The latency of 0.33 seconds is not unreasonably high. Is this typical for deliveries to this domain? With a concurrency of 20, you should be able to deliver ~60 messages per second to this destination. Can you compute a smoothed latency for this destination? I've only written this, because I was sure that somebody would miss it. This destination is not slow because of slow delivery times on the already open connections, but because of connection timeouts (I can observe this on other, mostly silent systems, which send only few messages there) and artificial limits on the recipient side. I'm aware of this, and we are always trying to make that better, but what I would like to know is why does postfix behaves this way. This is a built-in DoS feature, which could be easily solved, or I miss something? initialize: lavg := 0; count := 0; step: lavg := lavg * 0.95 + (c + d) * 0.05; count := count + 1 if (count % 100 == 0) println lavg; egrep 'to.*citromail\.hu.*status=sent' maillog | egrep -o '[0-9]+/[0-9]+/[0-9]+/[0-9]+' | awk -F '/' '{a=$1;b=$2;c=$3;d=$4; lavg=lavg*0.95+(c+d)*0.05; count=count+1; if (count % 100 == 0) print lavg}' [...] 0.0980931 1.02489 0.208484 0.107523 0.133513 0.0688768 0.113402 0.147406 0.00180754 0.00580981 3.43972e-05 0.258655 0.808811 0.0400146 0.265047 0.326359 0.206881 0.105975 0.0130569 0.187074 0.00519059 0.176418 0.65363 0.328516 0.272575 1.61656 0.0708661 0.522564 0.0504923 0.164537 1.28451 2.45355 0.629623 0.629201 1.16992 0.0219805 0.0325643 0.0172668 0.462079 0.0463653 0.195138 0.102266 0.0337765 0.505287 1.30806 0.522909 0.176148 0.00399868 0.654791 0.204687 0.24754 How many concurrent connections do you have for this destination? What is the destination concurrency limit? foreach i (`jot 8`) foreach? netstat -a | egrep 'citroma.*ESTAB' | wc -l foreach? sleep 1 foreach? end 17 15 13 19 19 20 15 17 50 I know where the problem is (so you do :), I just don't understand why is it good to have this feature in postfix.
Re: SMTP failure
Victor Duchovni: On Fri, Mar 19, 2010 at 06:08:12AM -0600, Glenn English wrote: It looks to me like the problem has something to do with DNS, not SMTP, right? Yes. And why would Yahoo be doing a CNAME lookup? Their MTA does that for all destinations, among other lookups. (I checked from a remote site -- my domain's MX server's IP is an A, and I don't see anything having to do with CNAMEs in 'host -t MX slsware.com'.) Your DNS server is a bit odd: $ dig +trace -t any slsware.com ... slsware.com. 172800 IN NS ns1.richeyrentals.com. slsware.com. 172800 IN NS ns1.slsware.com. slsware.com. 172800 IN NS server.slsware.com. ;; Received 148 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 46 ms ;; connection timed out; no servers could be reached While asking for cname or mx works... Perhaps their code does a T_ANY lookup. If I recall correctly, Yahoo runs a modified qmail, and indeed: int dns_cname(sa) stralloc *sa; { int r; int loop; for (loop = 0;loop 10;++loop) { if (!sa-len) return loop; if (sa-s[sa-len - 1] == ']') return loop; if (sa-s[sa-len - 1] == '.') { --sa-len; continue; } switch(resolve(sa,T_ANY)) { case DNS_MEM: return DNS_MEM; case DNS_SOFT: return DNS_SOFT; case DNS_HARD: return loop; default: ... } } return DNS_HARD; /* alias loop */ } Wietse
Re: alternatative to Mailman
On Fri, Mar 19, 2010 at 08:50:01AM -0300, Mauro Faccenda wrote: I know this isn't exactly a Postfix question, but as postfix's I plan to make it one. :) administrators the users of this list probably can answer the question. Does anyone can recommend any good alternative to Mailman as a Mailing Lists Manager that plugs well with Postfix? My only problem with Mailman is that I can't have two lists with the same 'mailbox' (the part before the @) in different virtual domains (i.e. supp...@company.com and supp...@anothercompany.com), and this is mandatory in my setup. There are dozens of workarounds for this limitation. First, why does the list name itself matter? What matters is that actual email addresses are aliased to the list commands. Example virtual(5) mapping: supp...@example.com example.com_supp...@localhost supp...@example.net example.net_supp...@localhost supp...@example.org example.org_supp...@localhost And other mappings as needed for the various Mailman commands. In this example, the outside senders see and use the right support@ addresses, and only the help desk people see the real list names of domain.tld_support. Second, this is trivially solved with multiple instances. You could have config_directory as subdirectories of /etc/postfix/ such as /etc/postfix/example.com, and do likewise for the queue_ and data_directory for each instance. http://www.postfix.org/MULTI_INSTANCE_README.html I don't know about other MLMs, but I am sure you can solve your problem with some Postfixation. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: How to limit # of messages for one destination in the active queue?
Attila Nagy: I've only written this, because I was sure that somebody would miss it. This destination is not slow because of slow delivery times on the already open connections, but because of connection timeouts (I can observe this on other, mostly silent systems, which send only few messages there) and artificial limits on the recipient side. I'm aware of this, and we are always trying to make that better, but what I would like to know is why does postfix behaves this way. This is a built-in DoS feature, which could be easily solved, or I miss something? Perhaps you have a suggestion for how Postfix would decide which of thousands of queue files contain a recipient in a slow or fast domain. Remember, one message may have any number of recipients, not just one, and all this needs to be accomplished while using a finite amount of memory, and in a manner that allows fast recovery from crash (i.e. no global database state with information about every message and receipient). Wietse
Re: alternatative to Mailman
On Fri, 19 Mar 2010 13:53:08 -0200 Mauro Faccenda facce...@gmail.com replied: Hm... that makes two recommendations, I'll take a look at it as well. Thanks Victoriano and Martin. Mauro 2010/3/19 Victoriano Giralt victori...@uma.es: On 19/3/10 16:17, Martin Schütte wrote: Mauro Faccenda wrote: Does anyone can recommend any good alternative to Mailman as a Mailing Lists Manager that plugs well with Postfix? I heard some praise for http://www.sympa.org/ But I never used it myself. I've been in the Mailman acknowledgments page for some time, and I sort of pushed the internatiolaisation of Mailman, which I'm really proud of. I'm also a declared Pythonist. But circumstances and organizational needs have made me to use Sympa and get ready for transitioning to it. Only thing I can say is that it is a wonderful performant tool, with a lot of excellent capabilities and extensions. I have used 'dada mail' http://dadamailproject.com/ with excellent success. The author is readily available for assistance if required. -- Jerry postfix.u...@yahoo.com TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Absolutum obsoletum. (If it works, it's out of date.) Stafford Beer
Re: SMTP failure
On Mar 19, 2010, at 9:44 AM, Victor Duchovni wrote: Your DNS server is a bit odd: $ dig +trace -t any slsware.com ... slsware.com. 172800 IN NS ns1.richeyrentals.com. slsware.com. 172800 IN NS ns1.slsware.com. slsware.com. 172800 IN NS server.slsware.com. ;; Received 148 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 46 ms ;; connection timed out; no servers could be reached While asking for cname or mx works... Perhaps their code does a T_ANY lookup. Viktor, I know I've wandered way OT for this list, but I don't understand what's going on, and it sounds like you may... I pasted your dig command into a Mac on the local net and into a remote site. The Mac worked, but from the other site, I got the same timeout error you did. bind9 claims my config is correct (at both nameservers). Can you offer any ideas as to what's wrong? -- Glenn English g...@slsware.com
Re: alternatative to Mailman
On Fri, Mar 19, 2010 at 1:35 PM, /dev/rob0 r...@gmx.co.uk wrote: [...] My only problem with Mailman is that I can't have two lists with the same 'mailbox' (the part before the @) in different virtual domains (i.e. supp...@company.com and supp...@anothercompany.com), and this is mandatory in my setup. There are dozens of workarounds for this limitation. First, why does the list name itself matter? What matters is that actual email addresses are aliased to the list commands. Example virtual(5) mapping: supp...@example.com example.com_supp...@localhost supp...@example.net example.net_supp...@localhost supp...@example.org example.org_supp...@localhost I know I can use this kind of workaround, but it doesn't seem much 'professional', as the real address/name is shown in the web interface and messages. Also, I want to ease the management for the users and every time someone creates a list I'll need to create a dozen of aliases for it, it isn't practical. Maybe I could do it with a regexp mapping, but... I think you got it. It seems that I'm using a screwdriver to hammer a nail. And other mappings as needed for the various Mailman commands. In this example, the outside senders see and use the right support@ addresses, and only the help desk people see the real list names of domain.tld_support. Second, this is trivially solved with multiple instances. You could have config_directory as subdirectories of /etc/postfix/ such as /etc/postfix/example.com, and do likewise for the queue_ and data_directory for each instance. http://www.postfix.org/MULTI_INSTANCE_README.html Yeah, I know I could do that aswell, but I'll have a lot of domains in these servers. Seems better then the first suggestion, but a another list manager seems even better (BTW: as far as I could see, Sympa is a lot better!) Another thing that bugs me, is that the Mailman's Brazilian Portuguese translation is SCARY. If I'd stick with Mailman I'd like to spend some time improving it. I don't know about other MLMs, but I am sure you can solve your problem with some Postfixation. Thanks anyway for your suggestions ;)
Re: Mails bounced 550 5.7.1
I'm sorry but since I install Postfix (a lot of years) it's the first time I have this problem, (blacklisted in Backscatter.org, SORBS-SPAM) and I would like to know why ! Actually the server is a mail relay for a Zimbra server (www.zimbra.com) on two Vservers on the same host. I don't find any explanation on why our IP is listed on Backscatter.org, on the website the request page notify this note: --- This IP is temporary listed. The listing will expire automatically and free of charge 4 weeks after the last abuse is seen from that IP. Expedited manual express delisting is available as an option, in case you do not want to wait for the automatic and free expiration. You will be charged 50 Euro's using one of the following payment services. --- It's not an ABUSE !!! But what should be the origin of the problem and what is the quick fix ? Thanks in advance. Sam. Martijn de Munnik - Postfix List a écrit : On Fri, 19 Mar 2010 15:31:18 +0100, Sam Przyswa s...@arial-concept.com wrote: The problem occur when we send mail to this domain, we had no problems before we changed our IP mail server and MX record for our domain. Your mailserver seems to be listed on several blacklists, please fix those problems first. Backscatter.org SORBS-SPAM UCEPROTECTL2 maybe others... Sam. Martijn de Munnik - Postfix List a écrit : On Fri, 19 Mar 2010 15:06:42 +0100, Sam Przyswa s...@arial-concept.com wrote: Hi, On last Postfix install on new server some mails are refused with error 550 5.7.1 se the report : Are these mails entering your system or are these mails leaving your system? If the mails are leaving your system then the remote site has decided not to accept your e-mail. c.tra...@aflo.be: host gw.aflo.be[87.66.26.108] said: 550 5.7.1 Your email messages have been blocked by the recipient OR by Trend Micro Email Reputation Service. Contact the recipient or his/her administrator using alternate means to resolve the issue. (in reply to RCPT TO command) How to fix ? Thanks for your help. Sam.
Trusting only intermediate CA
Hi list, I've created a small CA hierarchy using OpenSSL with the following structure: Root CA _/ \_ / \ Mail sub-CA Other sub-CA / \ / \ Server sub-CAClient sub-CA / \/ \ Server1 Server2 Client1 Client2 This is certainly over-engineered for my small setup, but I wanted to create a toolbox to create a full-fledged PKI... whatever. I use the following straightforward configuration: - On the server: % smtpd_tls_security_level = may % smtpd_tls_cert_file = Server.pem % smtpd_tls_key_file = Server.key % smtpd_tls_CAfile = Client_SubCA_chain.pem % smtpd_tls_ask_ccert = yes % smtpd_tls_loglevel = 1 - On the client: % smtp_tls_security_level = may % smtp_tls_cert_file = Client.pem % smtp_tls_key_file = Client.key % smtp_tls_CAfile = Server_SubCA_chain.pem % smtp_tls_loglevel = 1 It works. Postfix logs that the connection is Trusted. Woohoo! However, I'm a little bit confused about the certificates accepted. I've swept through RFC 2459 and as I understand the fourth paragraph of section 6, the certification path validation must begin with a self-signed certificate. This mean that smtpd_tls_CAfile must contains all certificates from RootCA to Server sub-CA. Therefore if a client provides a certificate issued by the Mail sub-CA or the Root CA directly, it will work. What's the way to prevent this? Of course, as the owner of the PKI, I could ensure that such certificates would never be issued. But is there any technical mean to prevent this? By the way, I have the feeling this could be done using a server-side policy map similar to smtp_tls_policy_maps but there is certainly a good reason for this setting to not exist, though I don't see why. Thanks for your help. Regards, -- Jeremie Le Hen Humans are born free and equal. But some are more equal than others. -Coluche
Re: SMTP failure
On Fri, Mar 19, 2010 at 12:32:13PM -0400, Wietse Venema wrote: And why would Yahoo be doing a CNAME lookup? Their MTA does that for all destinations, among other lookups. Your DNS server is a bit odd: $ dig +trace -t any slsware.com ;; connection timed out; no servers could be reached While asking for cname or mx works... Perhaps their code does a T_ANY lookup. If I recall correctly, Yahoo runs a modified qmail, and indeed: switch(resolve(sa,T_ANY)) So that's the issue then, the DNS server in question does not support T_ANY. Most likely it is behind a firewall that does not understand T_ANY, and drops the DNS packets for security reasons. Otherwise, the DNS server itself is deficient. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: How to limit # of messages for one destination in the active queue?
On Fri, Mar 19, 2010 at 05:28:07PM +0100, Attila Nagy wrote: On 03/19/10 16:13, Victor Duchovni wrote: Forward mail for this domain to a separate queue (Postfix instance) that handles mail for this---and perhaps some other similar---domains. The slow domain will no longer clog your primary queue. You are right that this will solve the problem, but isn't more correct to do this automatically? I mean, this seems to be so basic that I don't understand why postfix doesn't include a mechanism to overcome it. Currently the only sane thing seems to be to raise the active queue limit to the size of (or near to) the incoming queue, which makes the delivery for other domains scream. But that's lame, and needs a lot of ram for a problem, which could be easily solved in other ways. If your input rate permanently exceeds your output rate and the input rate is out of your hands, there is no solution other than negotiating a higher delivery rate to the slow destination with the admins of that destination. The mail will continue to pile-up on your server. If the input is has huge bursts, followed by prolonged inactivity, and more huge bursts, indeed build systems with more RAM and increase the active queue size. Another way to do that is to field more servers to queue this traffic. The latency of 0.33 seconds is not unreasonably high. Is this typical for deliveries to this domain? With a concurrency of 20, you should be able to deliver ~60 messages per second to this destination. Can you compute a smoothed latency for this destination? I've only written this, because I was sure that somebody would miss it. This destination is not slow because of slow delivery times on the already open connections, but because of connection timeouts (I can observe this on other, mostly silent systems, which send only few messages there) and artificial limits on the recipient side. Well the connection timeouts lead to a high c value, so that would show up in the numbers. How long is your timeout? Connection caching should compensate for high connection set-up costs, why is that failing for you? The conn_use=76 from your log message suggests that connection caching is working reasonably well. Perhaps a dedicated transport with a lower smtp_connect_timeout is the answer... You can also use the new 2.5 scheduler controls to reduce the impact of negative feedback... egrep 'to.*citromail\.hu.*status=sent' maillog | egrep -o '[0-9]+/[0-9]+/[0-9]+/[0-9]+' | awk -F '/' '{a=$1;b=$2;c=$3;d=$4; lavg=lavg*0.95+(c+d)*0.05; count=count+1; if (count % 100 == 0) print lavg}' The smoothed latencies look acceptable... How many concurrent connections do you have for this destination? What is the destination concurrency limit? foreach i (`jot 8`) foreach? netstat -a | egrep 'citroma.*ESTAB' | wc -l The connection count looks good. What is the input rate (messages with recipients in this domain per minute, with each 50 recipients of a single message counting as a single message, so that a 200 recipient message is 4 logical messages, if you have not changed the smtp_destination_recipient_limit)? What is the output rate (envelopes delivered to this domain per minute, counting deliveries to multiple recipients of a single message as one delivery when the delivery agent pid, queue-id, delays, dsn and remote reply are identical. I know where the problem is (so you do :), I just don't understand why is it good to have this feature in postfix. Explaining the entire design will take too long. Suffice it to say that the trade-offs made were decided carefully. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: SMTP failure
Victor Duchovni: On Fri, Mar 19, 2010 at 12:32:13PM -0400, Wietse Venema wrote: And why would Yahoo be doing a CNAME lookup? Their MTA does that for all destinations, among other lookups. Your DNS server is a bit odd: $ dig +trace -t any slsware.com ;; connection timed out; no servers could be reached While asking for cname or mx works... Perhaps their code does a T_ANY lookup. If I recall correctly, Yahoo runs a modified qmail, and indeed: switch(resolve(sa,T_ANY)) So that's the issue then, the DNS server in question does not support T_ANY. Most likely it is behind a firewall that does not understand T_ANY, and drops the DNS packets for security reasons. Otherwise, the DNS server itself is deficient. Just to clarify, this DNS server is likely to create the same problem with other sites that run a version of the qmail MTA. According to the qmail CHANGES file entry 19961003, it uses T_ANY as a workaround for DNS servers that broke with T_CNAME. Of course, using T_ANY introduces other failure modes (reply too big, or broken infrastructure). Wietse
Local and Remote delivery
I hope I am at the correct list for my question. I am brand new to postfix moving from sendmail and have the following problem. My domain mydomain.co.za is hosted by my ISP. I have a internal mailserver in the office newly installed with postfix, dovecot and mysql and setup my mydomain.co.za as a virtual domain. All mail going out from inside the office get locally delivered to the internal machine and mail get fetched from the ISP. Now I have one user never getting to the office which mail I would like to deliver to the ISP and not locally. So all addres...@mydomain.co.za must be delivered local except mob...@mydomain.co.za must get delivered through my relayhost to the ISP. Can anybody point me in a direction how to this? I have moved from sendmail because I was let to believe that I could easily do this in postfix. Thanks Isak Badenhorst
Re: alternatative to Mailman
Martin Schütte wrote: Mauro Faccenda wrote: Does anyone can recommend any good alternative to Mailman as a Mailing Lists Manager that plugs well with Postfix? I heard some praise for http://www.sympa.org/ But I never used it myself. a tremendous piece of work - truly industrial strength with strong support (open source from a consortium of French universities) - I use it to support several dozen lists, supports multiple virtual domains can be a bit tricky to get set up, though more recent releases have been pretty easier, and the support list is great (lots of users and the main developers respond as well) works fine with Postfix (my installation includes Postfix, amavisd, spamassassin, clamav - they all wire together just fine) I recommend it highly Miles -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra
Re: SMTP failure
On Fri, 19 Mar 2010 14:27:29 -0400 (EDT) Wietse Venema wie...@porcupine.org wrote: Just to clarify, this DNS server is likely to create the same problem with other sites that run a version of the qmail MTA. That sounds like a feature to me.
Re: SMTP failure
On Mar 19, 2010, at 2:26 PM, brian moore wrote: On Fri, 19 Mar 2010 14:27:29 -0400 (EDT) Wietse Venema wie...@porcupine.org wrote: Just to clarify, this DNS server is likely to create the same problem with other sites that run a version of the qmail MTA. That sounds like a feature to me. Soon as I get it figured out, I'll let you know how to implement it. -- Glenn English g...@slsware.com
Re: SMTP failure
On Fri, Mar 19, 2010 at 01:26:03PM -0700, brian moore wrote: On Fri, 19 Mar 2010 14:27:29 -0400 (EDT) Wietse Venema wie...@porcupine.org wrote: Just to clarify, this DNS server is likely to create the same problem with other sites that run a version of the qmail MTA. That sounds like a feature to me. Perhaps, I am misreading the above as a mildly derogatory remark about qmail... If not, then: We don't make a habit of denigrating other MTAs here. We don't need to attack other MTAs to make Postfix look better. Postfix does well enough on its own merit. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: Local and Remote delivery
On 3/19/2010 2:59 PM, Isak Badenhorst wrote: I hope I am at the correct list for my question. I am brand new to postfix moving from sendmail and have the following problem. My domain mydomain.co.za is hosted by my ISP. I have a internal mailserver in the office newly installed with postfix, dovecot and mysql and setup my mydomain.co.za as a virtual domain. All mail going out from inside the office get locally delivered to the internal machine and mail get fetched from the ISP. Now I have one user never getting to the office which mail I would like to deliver to the ISP and not locally. So all addres...@mydomain.co.za must be delivered local except mob...@mydomain.co.za must get delivered through my relayhost to the ISP. Can anybody point me in a direction how to this? I have moved from sendmail because I was let to believe that I could easily do this in postfix. Thanks Isak Badenhorst I think this is what you're looking for: http://www.postfix.org/postconf.5.html#transport_maps http://www.postfix.org/transport.5.html
Re: Reject_unlisted_recipient issue
Oleksii Krykun a écrit : If I use smtpd_reject_unlisted_recipient=yes or smtpd_recipient_restrictions=reject_unlisted_recipient options all messages to non-existant addresses are rejected. But if anybody sends message to multiple addresses in same domain and one of them doesn't exist then postfix doesn't deliver such messages anywhere. How to tell postfix to reject mail to non-existant mailboxes only and deliver it to valid recipient? your observation is wrong. postfix implements the SMTP standard. see below. if your MUA cacnels a transaction because of an error, it's a MUA issue. note that this is not a MUA bug. I like it when I mistype an address and I get an error. this way, I can fix the address and resend my mail as if there was no error (compare with: 19 people get a message with a wrong To, they reply to, and get a bounce. and I have to resend to the one I mistyped... etc). === $ telnet localhost 25 ... 220 mx.netoyen.net ESMTP Postfix EHLO some.host.example ... MAIL FROM: 250 2.1.0 Ok RCPT TO:mo...@netoyen.net 250 2.1.5 Ok RCPT TO:doesntex...@netoyen.net 550 5.1.1 doesntex...@netoyen.net: Recipient address rejected: User unknown DATA 354 End data with CRLF.CRLF Subject: test test . 250 2.0.0 Ok: queued as 093A7E54898 quit 221 2.0.0 Bye # tail -f /var/log/maillog ... ...: 093A7E54898: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 doesntex...@netoyen.net: Recipient address rejected: User unknown; from= to=doesntex...@netoyen.net ... ... ...: 48517E54871: from=, size=624, nrcpt=1 (queue active) ...: deliver(mo...@netoyen.net): sieve: msgid=unspecified: stored mail into mailbox 'INBOX' ...: 48517E54871: to=mo...@netoyen.net, relay=dovecot, delay=0.03, delays=0.01/0.02/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service) ...: 48517E54871: removed as you can see, logs say the message was delivered. and I can read it with my MUA.
Re: filtering messages without using another LDA
Mauro Faccenda a écrit : Hi again, I'm using a setup integrated with Active Directory with Maildir and I need to do some filtering in messages (basically manipulating some headers). Using procmail as a transport like: --- procmail unix - n n - - pipe flags=Ru user=vmail argv=/usr/bin/procmail -t -m USER=${user} DOMAIN=${domain} EXTENSION=${extension} /etc/procmailrc --- This setup doesn't work well for me because it doesn't update the maildirsize (I'm using the VDA patches in Postfix) file in the user's Maildir and it doesn't automatically create the Maildir when needed. Without using procmail as a transport it does it very well. I am wondering if I can use procmail (or some other filtering software) in another way so it does it's filtering and then send the message back to Postfix, like my DSPAM setup, that uses the LMTP socket, filters the message and send it to the LMTP in the localhost:10026 port. you mean SMTP, not LMTP... with procmail or maildrop, your best bet is to resubmit mail via the sendmail command (postfix sendmail, not Sendmail sendmail). for this, you must make sure that you don't have a content_filter for pickup: pickupfifo n - n 60 1 pickup -o content_filter= ... (the reason is to avoid an infinite loop: you filter mail, you pass it to sendmail, it passes it to the filter...). All that said, the VDA patch isn't supported here. so you're on your own. An latenrative based on a policy service has been proposed on the list (I'm really sorry, but I forgot who posted this. If the developer sees this message, he'll reply. otherwise, google...). In any case, this is a better approach than a patch. [snip]
Re: Reject_unlisted_recipient issue
just for example my mta return other === $ telnet localhost 25 ... 220 mx.netoyen.net ESMTP Postfix EHLO some.host.example ... MAIL FROM: 250 2.1.0 Ok RCPT TO:mo...@netoyen.net 250 2.1.5 Ok RCPT TO:doesntex...@netoyen.net 550 5.1.1 doesntex...@netoyen.net: Recipient address rejected: User unknown DATA 354 End data with CRLF.CRLF Subject: test test . 250 2.0.0 Ok: queued as 093A7E54898 quit 221 2.0.0 Bye # tail -f /var/log/maillog ... ...: 093A7E54898: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 doesntex...@netoyen.net: Recipient address rejected: User unknown; from= to=doesntex...@netoyen.net ... ... ...: 48517E54871: from=, size=624, nrcpt=1 (queue active) ...: deliver(mo...@netoyen.net): sieve: msgid=unspecified: stored mail into mailbox 'INBOX' ...: 48517E54871: to=mo...@netoyen.net, relay=dovecot, delay=0.03, delays=0.01/0.02/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service) ...: 48517E54871: removed as you can see, logs say the message was delivered. and I can read it with my MUA. [r...@r13151 ~]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 r13151.ovh.net ESMTP Postfix (2.5.1) helo fakessh.eu 250 r13151.ovh.net mail from: 250 2.1.0 Ok rcpt to:fake...@fakessh.eu 250 2.1.5 Ok data 354 End data with CRLF.CRLF . 550 5.7.1 can't identify domain in `MAILER-DAEMON' quit 221 2.0.0 Bye Connection closed by foreign host. [r...@r13151 ~]# Mar 19 22:09:00 r13151 postfix/qmgr[11363]: F0C69580BC: removed Mar 19 22:09:04 r13151 postfix/smtpd[26523]: connect from localhost.localdomain[127.0.0.1] Mar 19 22:09:57 r13151 postfix/smtpd[26523]: 16AB057F74: client=localhost.localdomain[127.0.0.1] Mar 19 22:10:11 r13151 postfix/cleanup[26527]: 16AB057F74: message-id=20100319210957.16ab057...@r13151.ovh.net Mar 19 22:10:11 r13151 sid-filter[11203]: unknown-msgid can't determine responsible domain from `MAILER-DAEMON' Mar 19 22:10:11 r13151 postfix/cleanup[26527]: 16AB057F74: milter-reject: END-OF-MESSAGE from localhost.localdomain[127.0.0.1]: 5.7.1 can't identify domain in `MAILER-DAEMON'; from= to=fake...@fakessh.eu proto=SMTP helo=fakessh.eu Mar 19 22:11:10 r13151 dovecot: imap-login: Login: user=fakessh, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS Mar 19 22:11:11 r13151 dovecot: IMAP(fakessh): Disconnected: Logged out
Re: filtering messages without using another LDA
Hi Mouss, Thanks for you answer. Bellow some observations/questions. On Fri, Mar 19, 2010 at 6:08 PM, mouss mo...@ml.netoyen.net wrote: [...] This setup doesn't work well for me because it doesn't update the maildirsize (I'm using the VDA patches in Postfix) file in the user's Maildir and it doesn't automatically create the Maildir when needed. Without using procmail as a transport it does it very well. I am wondering if I can use procmail (or some other filtering software) in another way so it does it's filtering and then send the message back to Postfix, like my DSPAM setup, that uses the LMTP socket, filters the message and send it to the LMTP in the localhost:10026 port. you mean SMTP, not LMTP... Well, SMTP or LMTP, it's a instance to only receive local mails. But, I don't think it makes any difference here, right? ;) with procmail or maildrop, your best bet is to resubmit mail via the sendmail command (postfix sendmail, not Sendmail sendmail). for this, you must make sure that you don't have a content_filter for pickup: pickup fifo n - n 60 1 pickup -o content_filter= ... (the reason is to avoid an infinite loop: you filter mail, you pass it to sendmail, it passes it to the filter...). Sure. That's why I had to use another SMTP to pick the DSPAM result. But I don't know yet how to do it with procmail (or similar), and that's what I'm asking. All that said, the VDA patch isn't supported here. so you're on your own. I know that, but I think it's unrelated to the real question. Let's just suppose I want to do it without those patches. An latenrative based on a policy service has been proposed on the list (I'm really sorry, but I forgot who posted this. If the developer sees this message, he'll reply. otherwise, google...). In any case, this is a better approach than a patch. Alternative to that patch? I did some searches and as far as I could see, none of the alternatives (that I've found) could reject the message in SMTP. I think it's nice to not generate bouncing messages/backscatter. But if someone have an alternative besides that, it's always welcome. Once more, thanks for your suggestions. ;) Mauro
Re: filtering messages without using another LDA
On Fri, Mar 19, 2010 at 6:40 PM, Mauro Faccenda facce...@gmail.com wrote: Alternative to that patch? I did some searches and as far as I could see, none of the alternatives (that I've found) could reject the message in SMTP. I think it's nice to not generate bouncing messages/backscatter. But if someone have an alternative besides that, it's always welcome. 1. http://postfixquotareject.ramattack.net/ 2. Write a policyd to check the quota and reject the message. -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net Don't try to adapt the software to the way you work, but rather yourself to the way the software works (myself)
Re: SMTP failure [solved]
On Mar 19, 2010, at 9:44 AM, Victor Duchovni wrote: Your DNS server is a bit odd: The problem turned out to be the PIX. By default, it blocks T_ANY queries on the outside port. But not the others. ip audit signature 6053 disable turns that off. Why Cisco and qmail would do things that guarantee incompatibility with each other, is beyond me -- far be it from me to disparage either of them... But it's working now. Thanks very much to all of you. -- Glenn English g...@slsware.com
Re: master.cf override main.cf parameters exception list?
On Thu, Mar 18, 2010 at 7:16 PM, /dev/rob0 r...@gmx.co.uk wrote: On Thu, Mar 18, 2010 at 06:12:32PM -0400, zhong ming wu wrote: Personalities is not a valid concept here, but I think my guess might point you in the right direction. This is the terminology used in master.cf manual page. You cannot set header_checks for a smtpd(8) daemon. But you can set $cleanup_service_name and use an alternate cleanup(8) daemon for an alternate smtpd. http://www.postfix.org/postconf.5.html#cleanup_service_name Great: this trick solves my problem. Thanks
All email forward a copy to testing server
Hi, I am migrating the Exchange 2000 to Exchange 2010, but before we switch over to new server, I want make a copy of email to new server for testing. Existing Config: Postfix - Amavisd - Exchange 2000 Here what I want : Postfix --- Amavisd - Exchange 2000 --- Exchange 2010 Is it possible? Or it is better forward all email before Postfix? email -- some program? -- Postfix --- Amavisd - Exchange 2000 -- Exchange 2010 Many thanks in advance. Regards, Paul Margaillan
Re: All email forward a copy to testing server
postfix users put forth on 3/19/2010 8:34 PM: Hi, I am migrating the Exchange 2000 to Exchange 2010, but before we switch over to new server, I want make a copy of email to new server for testing. Existing Config: Postfix - Amavisd - Exchange 2000 Here what I want : Postfix --- Amavisd - Exchange 2000 --- Exchange 2010 Is it possible? Or it is better forward all email before Postfix? email -- some program? -- Postfix --- Amavisd - Exchange 2000 -- Exchange 2010 What does Microsoft recommend? Your migration has nothing to do with Postfix but everything to do with Exchange. -- Stan
Re: All email forward a copy to testing server
On 3/19/2010 8:34 PM, postfix users wrote: Hi, I am migrating the Exchange 2000 to Exchange 2010, but before we switch over to new server, I want make a copy of email to new server for testing. Existing Config: Postfix - Amavisd - Exchange 2000 Here what I want : Postfix --- Amavisd - Exchange 2000 --- Exchange 2010 Is it possible? Or it is better forward all email before Postfix? email -- some program? -- Postfix --- Amavisd - Exchange 2000 -- Exchange 2010 Many thanks in advance. Regards, Paul Margaillan (copy of an answer from a few days ago) To deliver to two destinations, you need two recipients. You can use a regexp recipient_bcc_maps to add another recipient, then use smtp_generic_maps to rewrite it back to the original during delivery. Use a transport_maps entry to direct the bcc'ed mail to the proper server. # main.cf recipient_bcc_maps = regexp:/etc/postfix/recipient_bcc smtp_generic_maps = hash:/etc/postfix/smtp_generic transport_maps = hash:/etc/postfix/transport # recipient_bcc if /@example\.com/ /^...@example\.com$/ $...@new.example.com endif # smtp_generic @new.example.com @example.com # transport new.example.com smtp:new.server.example.com Be sure to postmap the hash: tables after making changes to them. -- Noel Jones
Re: master.cf override main.cf parameters exception list?
On Fri, Mar 19, 2010 at 08:03:47PM -0400, zhong ming wu wrote: On Thu, Mar 18, 2010 at 7:16 PM, /dev/rob0 r...@gmx.co.uk wrote: On Thu, Mar 18, 2010 at 06:12:32PM -0400, zhong ming wu wrote: Personalities is not a valid concept here, but I think my guess might point you in the right direction. This is the terminology used in master.cf manual page. Oops, in that case I will look again, thanks. You cannot set header_checks for a smtpd(8) daemon. But you can set $cleanup_service_name and use an alternate cleanup(8) daemon for an alternate smtpd. http://www.postfix.org/postconf.5.html#cleanup_service_name Great: this trick solves my problem. Thanks Glad to hear it, you're welcome. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
restrict nrcpt
hi all is there a way to restrict a sender to send only to a fixed no.of recipients in one mail! i want this to be kept as a general rule on my smtp out server thanks
[PATCH] support milter protocol 6 and 2 negotiation
Hi, Postfix 2.7.0 supports milter protocol 2, 3, 4 and 6. Postfix with milter_protocol=6 accepts a connection from a milter that uses milter protocol 2. But its milter session is broken because Postfix sends SMFIC_DATA event to the milter. In milter protocol 2, SMFIC_DATA isn't supported. So the connected milter can't reply SMFIC_DATA request. Postfix logs the following warning message on the case: Mar 20 10:25:09 mail postfix/smtpd[70678]: warning: milter inet:localhost:20025: can't read SMFIC_DATA reply packet header: Unknown error: 0 Here is a work flow on the case: SMTPPostfixmilter (protocol 6) (protocol 2) telnet localhost smtp -- negotiate-- (protocol 6) -- negotiate reply (protocol 2) accept connect -- -- connect reply -- 220 EHLO -- helo -- -- helo reply -- 250 MAIL FROM -- mail -- -- mail reply -- 250 RCPT TO -- rcpt -- -- rcpt reply -- 250 DATA -- data -- UNKNOWN REQUEST close connection can't read SMFIC_DATA reply packet header: Unknown error: 0 I'll attach a patch to fix it. Postfix doesn't send any SMFIC_DATA to protocol 2 milter with the patch. Thanks, -- kou --- postfix-2.7.0.orig/src/milter/milter8.c 2009-09-19 05:38:11.0 +0900 +++ postfix-2.7.0/src/milter/milter8.c 2010-03-20 10:12:32.0 +0900 @@ -1774,6 +1774,17 @@ } if (milter-ev_mask SMFIP_RCPT_REJ) milter-m.flags |= MILTER_FLAG_WANT_RCPT_REJ; +{ +int mask; +char version_string[2]; + +version_string[0] = milter-version + '0'; +version_string[1] = '\0'; +mask = name_code(milter8_event_masks, NAME_CODE_FLAG_NONE, + version_string); +if (mask != -1) +milter-np_mask |= (SMFIP_NOSEND_MASK ~mask); +} /* * Initial negotiations completed.
Re: restrict nrcpt
On Sat, 20 Mar 2010, K bharathan wrote: is there a way to restrict a sender to send only to a fixed no.of recipients in one mail! i want this to be kept as a general rule on my smtp out server Use a policy server: http://www.postfix.org/SMTPD_POLICY_README.html. I do this with postfwd: http://postfwd.org. -- Sahil Tandon sa...@tandon.net