Re: DKIM checking but not signing with Postfix?
VR a écrit : My Debian(Lenny)/Postfix environment is inbound only (except bounces/rejects of course) that uses transports to hand messages off to Exchange servers for multiple domains. I've been reading about DKIM in the Postfix archives most of tonight and have seen both praise and pause going back to about 2007 regarding implementing DKIM in general. I realize DKIM, nor Postfix are spam solutions but I would like to know if DKIM might reduce the number of forgeries passed through my Postfix gateway? More specifically, from hosts claiming to be larger organizations that do use DKIM signing for their outbound traffic? dkim won't help you much. you can't simply reject on dkim failure. Even when the site policy says dkim is mandatory, you'll see broken signatures. dkim can help as one component of a content filtering solution. Ideally I would not like to do content inspection (at this time) nor would I like to implement outbound signing. I have seen some write ups on DKIM but all discuss signing outbound. Can DKIM be done just for inbound? yes. And which DKIM implementation works smoothly or is recommended with Postfix? I use milter-dkim. if you use amavisd-new, then it has DKIM support.
Re: DKIM checking but not signing with Postfix?
On Sun, 2010-05-09 at 21:57 -0400, VR wrote: My Debian(Lenny)/Postfix environment is inbound only (except bounces/rejects of course) that uses transports to hand messages off to Exchange servers for multiple domains. I've been reading about DKIM in the Postfix archives most of tonight and have seen both praise and pause going back to about 2007 regarding implementing DKIM in general. I realize DKIM, nor Postfix are spam solutions but I would like to know if DKIM might reduce the number of forgeries passed through my Postfix gateway? More specifically, from hosts claiming to be larger organizations that do use DKIM signing for their outbound traffic? Ideally I would not like to do content inspection (at this time) nor would I like to implement outbound signing. I have seen some write ups on DKIM but all discuss signing outbound. Can DKIM be done just for inbound? And which DKIM implementation works smoothly or is recommended with Postfix? DKIM checking for inbound mails has almost nothing to do with postfix. The best way will be to use spamassassin and use the DKIM_* rules. Default SA has them configured If you use some other antispam , see how it supports DKIM checks Thanks Ram
Re: Drop mail when X-Something header contains value AND destination domain == somedomain.com
The (real) problem is the following: my Amavis/Spamasssin setup analyzes mail and adds X-Spam-* headers accordingly but it does NOT block/drop any mail. Filtering is done at the MDA level via sieve, which analyzes headers and decides what to do with certain mails based on those headers (the advantage is that the user has the last choice, so he/she can decide whether the spam threshold would be, etc). Now, I need my MTA to perform additional functionality: to act as relay for CERTAIN domains (keeping, of course, the *other* domains which my server owns mailboxes for). I do NOT control the final delivery for these relayed domains (I do NOT own final MTA with mailboxes), so I'd like to make some blocking based on headers but ONLY for my relayed domains. Postfix supports filtering based on headers but all mail (relayed and not relayed) would be filtered in this case (which is not what I want), I don't know how could I add the conditional behaviour: if mail destination is one of my relayed domains, check headers and drop spam mail; if not, don't check headers. I think Postfix supports the concept of classes, but I never used them and I don't know if what I need could be done with that feature. Hope it is clear now, and sorry for the long email. You're making a great work here in this list, mouss. Thank you in advance. PS: I'm using Postfix 2.5.5. Cheers, -Roman mouss escribió: Roman Medina-Heigl Hernandez a écrit : Hello, (see subject) Is it easily doable with Postfix? (notice that I'd like to combine some checks and that the block action should only be performed in both conditions are met; I'd like to be able to put more similar complex rules mixed with the common/simple/typical rules). you can't do that in a single check inside postfix. postfix header checks test headers one at a time, indendently(so you can say if head A matches foo AND header B matches bar). to do what you want, you need one of: - milter or filter. where you can do anything you want - pass mail through multiple smtpd listeners. when you can cascade checks. not recommended except in a few cases... now, what (real) problem are you trying to solve? (h don't tell us you want to block spam from joe to joe. this has been discussed many times. the answer is to use standard checks such as spamhaus and only if you still get that junk should you ask for more...).
Re: PostFix Mail Delivery to Different Hosts
On 07/05/2010 14:32, Wietse Venema wrote: Simon Croome: # main.cf transport_maps = hash:/etc/postfix/transports # /etc/postfix/transports firstname.lastn...@example.com relay:lotus.notes.server:25 firstname1.lastna...@example.comrelay:lotus.notes.server:25 firstname2.lastna...@example.comrelay:lotus.notes.server:25 example.com relay:ocs.server:25 If you take the transport_maps solution, then you need to set up a relay-recipient_maps table with the addresses of valid recipients, I can save you a lot of work if your problem description was accurate. 1) Set up the relay_recipient_maps over LDAP as discussed by Patrick. This ensures that Postfix will NOT accept mail for bogus addresses. 2) Instead of one transport map entry per user, use a regular expression: /etc/postfix/main.cf: transport_maps = regexp:/etc/postfix/transports.regexp /etc/postfix/transports.regexp /\...@example\.com$/relay:lotus.notes.server:25 /@example\.com$/relay:ocs.server:25 The first pattern sends send first.l...@example.com to lotus.notes.server, and the second sends all other example.com mail to ocs.server. Caution: regular expressions are unlike file name wildcards. The above example uses \. to match a dot character, .+ for wild-card, and $ at the end. Wietse Thanks for you help with the above problem. Could I ask what would be the best way to prevent connections to postfix, similar to how tcp wrappers is used with sendmail. I only want approx 4 ip addresses which would be in different network to be able to connect the postfix daemon ? Thanks again.
Re: Postfix architecture + Ldap + Courier IMAP
On Mon, 10 May 2010 01:00:29 -0430 Jose Ildefonso Camargo Tolosa ildefonso.cama...@gmail.com wrote: Hi! Yes, I know, this is kinda off-topic, but looks interesting. Thank you for your interest! |-| | postfix1 | very big storage | LDAP1 |-| | server1 | | * |-| | /home1 * | | * | |---* |-| | * | postfix2 | | * | LDAP2 |-| /home2 * | server2 | | * |-| | * | |---* | | * |-| | /home3 * | postfix3 | | * | LDAP3 |-| | server3 | |-| Ok, so, load balancing here, with different homes for each server, so, each server have its own set of users, right? Yes, each LDAP have list of his users. For each LDAP entry we have a record telling us, who is the Mail server for that user. So if the balancer send user test to mail server1 and from the LDAP we see that test user belong to server1 then test request is served, ELSE if user test has mail server set on mailserver3 for example, the request is redirect to mailserver3 that will handle his request. if one server goes down, the one next to him will Up his ip address and mount his partition on the storage untill the server restarts correctly. Now, this is more typical of HA clusters, what gets me confused is what I asked on the last question, so, when say, server 1 goes down, server 2 mount server1's home partition and start getting mails (and serving IMAP requests) as if it were server1, right? I'll reserve my other comments until I get more information on this. Yes, if server1 goes down the cluster will mount up server1 interface and home partition on server2. Server2 will temporarily act as server1 and server2 untill server1 is back on line. 1) I've never used Courier IMAP, but reading on the internet i've found that it use gethostbyname() to resolve and this may cause an infinite loop for a host with 2 interface but one hostname if one server goes down. So, i'm afraid that i will be able to installa courier-imap on each server and this will cause a big problem to the scalability of the system. 2) Has anyone ever tryed something like this and its ablet to redirect me to some good documentation? I don't use Courier (several reasons, off-topic here), I use Dovecot (I can even use SASL from Dovecot to authenticate Postifx's smtp, really handy along with reject_authenticated_sender_login_mismatch and smtpd_sender_login_maps on ldap). Nice, i gave a look to this Dovecot and its looks pretty nice! i'vent tested it yet but it seems it can be a valid alternative. Im trying to move from Qmail to postfix because Qmail is patch-project(dead), while i think Postfix is a valid alternative that will make life a lot easyer. -- spambox spam...@fastwebnet.it
Re: lpr notifications thru postfix
On Sun, May 9, 2010 at 11:24 PM, Jamal Mubarak jmubar...@gmail.com wrote: 'owner process' isn't 'owner of lp* files', you need look owner pf cups process with 'ps' command. jamal% ps -afx | grep cups 0 11783 1 0 0:00.90 ?? 0:00.96 /usr/sbin/cupsd -l Who is the process onwer? try 'ps -ef | grep cups' jamal% ls -l /usr/sbin/cupsd -r-x-- 1 root wheel 887456 Feb 11 01:47 /usr/sbin/cupsd Is this what you are asking for? I have tried to change the group of /usr/sbin/postdrop to wheel from _postdrop without any difference. Same error. Cups process onwer is in wheel? I think no. Jamal -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net Don't try to adapt the software to the way you work, but rather yourself to the way the software works (myself)
Postfix, SASL sending mail through Postfix.
I have been trying to get this to work for about a year and I have had no success. I have installed Debian Lenny AMD-64 bit with this setup. http://www200.pair.com/mecham/spam/virtual2p1.html I am trying to send mail through my own mail server so Postfix will handle everything. What do I need to do to get this to work correctly.
Re: Postfix, SASL sending mail through Postfix.
On 2010-05-10 10:08 AM, BABEDH-DHRA wrote: I have been trying to get this to work for about a year and I have had no success. I have installed Debian Lenny AMD-64 bit with this setup. http://www200.pair.com/mecham/spam/virtual2p1.html I am trying to send mail through my own mail server so Postfix will handle everything. What do I need to do to get this to work correctly. You're asking the wrong question in the wrong way without providing necessary details: Per the welcome message you received when you joined the list: TO REPORT A PROBLEM see: http://www.postfix.org/DEBUG_README.html#mail At a minimum, postfix version, output of postconf -n and unedited NON-verbose logs exhibiting the problem should be provided... -- Best regards, Charles
Re: Postfix, SASL sending mail through Postfix.
On 2010-05-10 Charles Marcus wrote: On 2010-05-10 10:08 AM, BABEDH-DHRA wrote: I have been trying to get this to work for about a year and I have had no success. I have installed Debian Lenny AMD-64 bit with this setup. http://www200.pair.com/mecham/spam/virtual2p1.html I am trying to send mail through my own mail server so Postfix will handle everything. What do I need to do to get this to work correctly. You're asking the wrong question in the wrong way without providing necessary details: Per the welcome message you received when you joined the list: TO REPORT A PROBLEM see: http://www.postfix.org/DEBUG_README.html#mail At a minimum, postfix version, output of postconf -n and unedited NON-verbose logs exhibiting the problem should be provided... Since the OP wants to send SASL-authenticated e-mail, I'd suggest to start with Postfix' SASL Howto [1]. Debugging comes as a second step when he encounters problems while following the documentation. [1] http://www.postfix.org/SASL_README.html Regards Ansgar Wiechers -- Abstractions save us time working, but they don't save us time learning. --Joel Spolsky
RE: Postfix, SASL sending mail through Postfix.
I certainly appreciate the input but as I have said I have tried to get this working over the last 365 days + I do not quite understand how it is not working. I have seen posts that say Postfix to Dovecot SASL communication SMTP Authentication with Postfix using files or MySQL Postfix Howtos and FAQs I am not an expert I do however have two books on Postfix and of course the ever popular GOOGLE From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of BABEDH-DHRA Sent: Monday, May 10, 2010 10:08 AM To: postfix-users@postfix.org Subject: Postfix, SASL sending mail through Postfix. I have been trying to get this to work for about a year and I have had no success. I have installed Debian Lenny AMD-64 bit with this setup. http://www200.pair.com/mecham/spam/virtual2p1.html I am trying to send mail through my own mail server so Postfix will handle everything. What do I need to do to get this to work correctly.
Re: Postfix, SASL sending mail through Postfix.
On 10/05/2010 16:02, BABEDH-DHRA wrote: I certainly appreciate the input but as I have said I have tried to get this working over the last 365 days + I do not quite understand how it is not working. In that case, what you really need to do is explain what you've done so far, and where you are getting stuck. In particular, have you successfully installed Postfix and got it working with unauthenticated SMTP (ie, without SASL)? If not, is that because you haven't tried to get it working without SASL, or because you have tried but can't get it working at all? If you haven't tried getting it to work without SASL, then do that first. SASL is difficult to debug, so it's essential that you first ensure that the problem isn't anything to do with SASL! Mark
Re: lmtp_generic_maps for delivery to dovecot
On 5/10/2010 8:33 AM, ram wrote: Can I use somthing like lmtp_generic_maps for delivery to dovecot Your question is incomplete. What are you trying to accomplish? How does postfix deliver to dovecot?
Re: Postfix, SASL sending mail through Postfix.
Ok I can start over can you please tell me if this is going to be the right place to start. apt-get install libsasl2-modules smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_type = cyrus relayhost = [smtp.comcast.net]:2525 In /etc/postfix/sasl_passwd: [outbound.mailhop.org]:2525 username:password
Re: DKIM checking but not signing with Postfix?
dkim can help as one component of a content filtering solution. Current versions of Spamassassin can do DKIM checking. Don't turn on ADSP reject because I say so checks (I say this as one of the authors of the ADSP RFC), but you can adjust your config to list a few heavily phished DKIM signers like paypal.com and ebay.com on which you can reject unsigned mail with little collateral damage. If you're already using spamassassin, you just add stuff to local.cf as suggested by comments in the DKIM plugin, and then restart spamd. R's, John
Postfix ignoring , won't do fingerprint checking
I'm trying to enable TLS client fingerprint checking on Postfix - that is, I want Postfix, acting as a server, to check the fingerprint of clients trying to connect against a table of cert fingerprints. From the Postfix logfile, TLS is working, client certs are being requested, but I can't get Postfix to do the fingerprint check. In a nutshell, Postfix doesn't seem to pay any attention at all to the following line in main.cf: smtpd_client_restrictions=permit_tls_clientcerts,warn_if_reject,reject I can put gibberish in the right side of the above main.cf parameter and Postfix doesn't seem to pay any attention. postconf -n shows that the parameter was correctly read from main.cf. master.cf does not override this value. This is on an Ubuntu 9.10 system, running Postfix v 2.6.5 The frustrating thing is, I can get this to work on other Ubuntu systems running the same version of Postfix, so obviously I'm doing something wrong. Anyone know of a reason Postfix would ignore smtpd_client_restrictions? As this is the first time I've ever tried to post a Postfix question, please don't hesitate to let me know if there's a better way to pPost such a newb question ... Dave
Re: Postfix ignoring , won't do fingerprint checking
On 5/10/2010 10:30 AM, Dave O'Larte wrote: I'm trying to enable TLS client fingerprint checking on Postfix - that is, I want Postfix, acting as a server, to check the fingerprint of clients trying to connect against a table of cert fingerprints. From the Postfix logfile, TLS is working, client certs are being requested, but I can't get Postfix to do the fingerprint check. In a nutshell, Postfix doesn't seem to pay any attention at all to the following line in main.cf http://main.cf: smtpd_client_restrictions=permit_tls_clientcerts,warn_if_reject,reject I can put gibberish in the right side of the above main.cf http://main.cf parameter and Postfix doesn't seem to pay any attention. postconf -n shows that the parameter was correctly read from main.cf http://main.cf. master.cf http://master.cf does not override this value. This is on an Ubuntu 9.10 system, running Postfix v 2.6.5 The frustrating thing is, I can get this to work on other Ubuntu systems running the same version of Postfix, so obviously I'm doing something wrong. Anyone know of a reason Postfix would ignore smtpd_client_restrictions? As this is the first time I've ever tried to post a Postfix question, please don't hesitate to let me know if there's a better way to pPost such a newb question ... Dave http://www.postfix.org/DEBUG_README.html#mail Show us your postconf -n and non-comment entries in master.cf. Are you sure you're editing the right main.cf? Maybe you have multiple postfix installations. Run find / -name main.cf -ls to make sure. Also, postfix/master logs the configuration directory when postfix starts or reloads. -- Noel Jones
Re: Postfix, SASL sending mail through Postfix.
On 2010-05-10 BABEDH-DHRA wrote: Ok I can start over can you please tell me if this is going to be the right place to start. As already mentioned, the right place to start is here: http://www.postfix.org/SASL_README.html If you encounter any problems while following this Howto, follow the procedure described here: http://www.postfix.org/DEBUG_README.html#mail Regards Ansgar Wiechers -- Abstractions save us time working, but they don't save us time learning. --Joel Spolsky
two domains on one server
I have a setup with one qualified domain name, i.e., example.com on one ubuntu server running postfix 2.5.5 I now need to have this setup send and receive mail for another_domain.com I have successfully set up the sending and receiving, however all mail from this secondary domain is seen as spam, whereas all mail from the primary domain is never seen as spam. I'm wondering what I might be doing wrong, or if indeed this even is a postfix issue? I would appreciate it if someone could eyeball my main.cf file below and see if there are any security issues with the setup and if anything might be accountable for this spam issue. Thanks in advance. Any help much appreciated. main.cf follows: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate delayed mail warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt smtpd_tls_key_file = /etc/ssl/private/smtpd.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname =example.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = example.com, other_domain.com, localhost relayhost = mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all home_mailbox = Maildir/ mailbox_command = #always_bcc = u...@example.com smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination inet_protocols = allsmtp_tls_security_level = may smtpd_tls_security_level = may smtpd_tls_auth_only = no smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8892 non_smtpd_milters = inet:localhost:8892
Re: Postfix ignoring , won't do fingerprint checking
Regarding using the right main.cf: I've only installed a single Postfix instance, and changes I make to main.cfdo affect Postfix. (E.g. turning up logging, etc.) The Postfix log says I'm using the config in /etc/postfix. The output from postfinger: # ./postfinger postfinger - postfix configuration on Mon May 10 17:27:44 UTC 2010 version: 1.30 Warning: postfinger output may show private configuration information, such as ip addresses and/or domain names which you do not want to show to the public. If this is the case it is your responsibility to modify the output to hide this private information. [Remove this warning with the --nowarn option.] --System Parameters-- mail_version = 2.6.5 hostname = AA-DD-DDD-DDD-DDD uname = Linux aa-dd-ddd-ddd-ddd d.d.dd-ddd-aaa #7-Ubuntu SMP Tue Oct 13 19:06:04 UTC 2009 i686 GNU/Linux --Packaging information-- looks like this postfix comes from deb package: postfix-2.6.5-3 --main.cf non-default parameters-- alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no bounce_queue_lifetime = 0 mailbox_size_limit = 0 maximal_backoff_time = 10s maximal_queue_lifetime = 0 mydestination = aa-dd-ddd-ddd-ddd.aaa., localhost myhostname = aa-dd-ddd-ddd-ddd.aaa. mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relay_clientcerts = hash:/etc/postfix/relay_client_certs smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_client_restrictions = permit_tls_clientcerts, warn_if_reject, reject smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_cert_file = /etc/postfix/cert.pem smtpd_tls_fingerprint_digest = sha1 smtpd_tls_key_file = /etc/postfix/key.pem smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_req_ccert = yes smtpd_tls_security_level = encrypt smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_tls_cert_file = /etc/postfix/cert.pem smtp_tls_fingerprint_digest = sha1 smtp_tls_key_file = /etc/postfix/key.pem smtp_tls_loglevel = 2 smtp_tls_note_starttls_offer = yes smtp_tls_security_level = encrypt virtual_gid_maps = static:1004 virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_domains = a.com virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_uid_maps = static:1004 --master.cf-- smtp inet n - - - - smtpd smtps inet n - - - - smtpd -o smtpd_sasl_path=smtpd -o smtp_tls_security_level=fingerprint -o smtpd_tls_security_level=encrypt -o smtpd_tls_auth_only=yes -o smtp_tls_note_starttls_offer=yes -o smtpd_tls_req_ccert=no -o smtpd_tls_received_header=yes -o smtpd_sasl_local_domain= -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_security_options=noanonymous -o broken_sasl_auth_clients=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions= pickupfifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgrunix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounceunix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verifyunix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp -o smtp_fallback_relay= showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scacheunix - - - - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmailunix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail
Re: Postfix, SASL sending mail through Postfix.
Ansgar Wiechers Thanks. I have gone through this and also looking at the dovecot.conf file. I am seeing references to mysql. I am now concerned that by making changes to the conf file I will mess up my mysql configuration. Main.cf # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate delayed mail warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem smtpd_tls_key_file = /etc/ssl/private/dovecot.pem smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mail.biggdog.biz alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = biggdog.biz mydestination = relayhost = mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 mailbox_command = procmail -a $EXTENSION mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all smtpd_tls_CAfile = /etc/ssl/certs/cacert.biggdog.biz.pem smtpd_tls_received_header = yes mydomain = biggdog.biz virtual_minimum_uid = 6060 virtual_gid_maps = static:6060 virtual_uid_maps = static:6060 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf, hash:/etc/postfix/virtual virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_transport = dovecot virtual_mailbox_base = /var/vmail/ dovecot_destination_concurrency_limit = 2 dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient, check_recipient_access hash:/etc/postfix/reject_over_quota, check_sender_access hash:/etc/postfix/rbl_sender_exceptions, check_client_access hash:/etc/postfix/rbl_client_exceptions, check_recipient_access hash:/etc/postfix/rbl_recipient_exceptions, reject_rbl_client sbl-xbl.spamhaus.org smtpd_hard_error_limit = 10 smtpd_soft_error_limit = 8 smtpd_helo_required = yes smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_data_restrictions = reject_unauth_pipelining local_transport = error:no local mail delivery proxy_interfaces = 68.55.47.24 message_size_limit = 5120 transport_maps = hash:/etc/postfix/transport vacation_destination_recipient_limit = 1
Wildcard use in Aliases… or something that approxi mates this behavior…
Hello, I would like to create an everyone alias in Postfix that sends email to all of my aliases / users without having to update the aliases file every time I add a user. Is this possible using just Postfix? I am using OS X Server 10.6 3. Under Server Admin (GUI), Mail Service, Mailing Lists tab, there is an option to Enable server group mailing lists with an explanation of: Allow groups in the directory to have mailing lists. The recipients for each list will be updated periodically Can this functionality be duplicated without using the GUI? Any insight would be greatly appreciated.
Re: two domains on one server
On 5/10/2010 12:50 PM, Jeffs wrote: I have a setup with one qualified domain name, i.e., example.com on one ubuntu server running postfix 2.5.5 I now need to have this setup send and receive mail for another_domain.com I have successfully set up the sending and receiving, however all mail from this secondary domain is seen as spam, whereas all mail from the primary domain is never seen as spam. I'm wondering what I might be doing wrong, or if indeed this even is a postfix issue? I would appreciate it if someone could eyeball my main.cf file below and see if there are any security issues with the setup and if anything might be accountable for this spam issue. Not a postfix issue. You'll need to check with the receiving party to find out why they mark your mail as spam. -- Noel Jones
Re: two domains on one server
On 2010-05-10 Jeffs wrote: I have a setup with one qualified domain name, i.e., example.com on one ubuntu server running postfix 2.5.5 I now need to have this setup send and receive mail for another_domain.com I have successfully set up the sending and receiving, however all mail from this secondary domain is seen as spam, whereas all mail from the primary domain is never seen as spam. By whom? I'm wondering what I might be doing wrong, or if indeed this even is a postfix issue? If someone else's mail system classifies mail from u...@other_domain.com as spam, then this has nothing to do with your Postfix. It may be related to your DNS setup, though. Regards Ansgar Wiechers -- Abstractions save us time working, but they don't save us time learning. --Joel Spolsky
Re: Postfix ignoring , won't do fingerprint checking
On Mon, May 10, 2010 at 2:28 PM, Larry Stone lston...@stonejongleux.com wrote: Please don't top post in this group. Interleaving it is then. On Mon, 10 May 2010, Dave O'Larte wrote: --main.cf non-default parameters-- smtpd_client_restrictions = permit_tls_clientcerts, warn_if_reject, reject is overridden by: --master.cf-- smtps inet n - - - - smtpd -o smtpd_client_restrictions= for smtps. Is the problem connection to the smtps port? No - the problem is the connection to port 25 - the smtp port. The smtps port is used for SASL connections, for which a client certificate is not used. -- Larry Stone lston...@stonejongleux.com
Re: Postfix ignoring , won't do fingerprint checking
On 5/10/2010 12:52 PM, Dave O'Larte wrote: Regarding using the right main.cf http://main.cf: I've only installed a single Postfix instance, and changes I make to main.cf http://main.cf do affect Postfix. (E.g. turning up logging, etc.) The Postfix log says I'm using the config in /etc/postfix. The output from postfinger: # ./postfinger postfinger - postfix configuration on Mon May 10 17:27:44 UTC 2010 version: 1.30 Warning: postfinger output may show private configuration information, such as ip addresses and/or domain names which you do not want to show to the public. If this is the case it is your responsibility to modify the output to hide this private information. [Remove this warning with the --nowarn option.] --System Parameters-- mail_version = 2.6.5 hostname = AA-DD-DDD-DDD-DDD uname = Linux aa-dd-ddd-ddd-ddd d.d.dd-ddd-aaa #7-Ubuntu SMP Tue Oct 13 19:06:04 UTC 2009 i686 GNU/Linux --Packaging information-- looks like this postfix comes from deb package: postfix-2.6.5-3 --main.cf http://main.cf non-default parameters-- alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no bounce_queue_lifetime = 0 mailbox_size_limit = 0 maximal_backoff_time = 10s maximal_queue_lifetime = 0 mydestination = aa-dd-ddd-ddd-ddd.aaa., localhost myhostname = aa-dd-ddd-ddd-ddd.aaa. mynetworks = 127.0.0.0/8 http://127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relay_clientcerts = hash:/etc/postfix/relay_client_certs smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_client_restrictions = permit_tls_clientcerts, warn_if_reject, reject smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_cert_file = /etc/postfix/cert.pem smtpd_tls_fingerprint_digest = sha1 smtpd_tls_key_file = /etc/postfix/key.pem smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_req_ccert = yes smtpd_tls_security_level = encrypt smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_tls_cert_file = /etc/postfix/cert.pem smtp_tls_fingerprint_digest = sha1 smtp_tls_key_file = /etc/postfix/key.pem smtp_tls_loglevel = 2 smtp_tls_note_starttls_offer = yes smtp_tls_security_level = encrypt virtual_gid_maps = static:1004 virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_domains = a.com http://a.com virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_uid_maps = static:1004 --master.cf-- smtp inet n - - - - smtpd smtps inet n - - - - smtpd -o smtpd_sasl_path=smtpd -o smtp_tls_security_level=fingerprint -o smtpd_tls_security_level=encrypt -o smtpd_tls_auth_only=yes -o smtp_tls_note_starttls_offer=yes -o smtpd_tls_req_ccert=no -o smtpd_tls_received_header=yes -o smtpd_sasl_local_domain= -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_security_options=noanonymous -o broken_sasl_auth_clients=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions= pickupfifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgrunix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounceunix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verifyunix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp -o smtp_fallback_relay= showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scacheunix - - - - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmailunix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq.
Re: Postfix, SASL sending mail through Postfix.
BABEDH-DHRA, * BABEDH-DHRA babedh-d...@biggdog.biz: Ok I can start over can you please tell me if this is going to be the right place to start. please describe in detail which goal you want to accieve. As far as I understand it at the moment you want your Postfix to offer SMTP AUTH and you want to use a MySQL database to store user and password data. Is this correct? If not, what is it then you want to have? Please be as specific as possible. p...@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
Re: Postfix architecture + Ldap + Courier IMAP
Hi! On Mon, May 10, 2010 at 6:47 AM, spambox spam...@fastwebnet.it wrote: On Mon, 10 May 2010 01:00:29 -0430 Jose Ildefonso Camargo Tolosa ildefonso.cama...@gmail.com wrote: Hi! Yes, I know, this is kinda off-topic, but looks interesting. Thank you for your interest! |-| | postfix1 | very big storage | LDAP1 |-| | server1 | | * |-| | /home1 * | | * | |---* |-| | * | postfix2 | | * | LDAP2 |-| /home2 * | server2 | | * |-| | * | |---* | | * |-| | /home3 * | postfix3 | | * | LDAP3 |-| | server3 | |-| Ok, so, load balancing here, with different homes for each server, so, each server have its own set of users, right? Yes, each LDAP have list of his users. For each LDAP entry we have a record telling us, who is the Mail server for that user. So if the balancer send user test to mail server1 and from the LDAP we see that test user belong to server1 then test request is served, ELSE if user test has mail server set on mailserver3 for example, the request is redirect to mailserver3 that will handle his request. Cool, I have implemented a similar approach, but on postfix level, ie, each smtp server can receive mail for any user, and then look for the smtp server on a ldap attribute (I use maildrop attr for that). I use this to have a distributed email system, so that each user have its mail locally on the locality he/she works. If one server is unavailable, the system will keep the mail queued until the corresponding server is back, so: no HA here. if one server goes down, the one next to him will Up his ip address and mount his partition on the storage untill the server restarts correctly. Now, this is more typical of HA clusters, what gets me confused is what I asked on the last question, so, when say, server 1 goes down, server 2 mount server1's home partition and start getting mails (and serving IMAP requests) as if it were server1, right? I'll reserve my other comments until I get more information on this. Yes, if server1 goes down the cluster will mount up server1 interface and home partition on server2. Server2 will temporarily act as server1 and server2 untill server1 is back on line. Ok. 1) I've never used Courier IMAP, but reading on the internet i've found that it use gethostbyname() to resolve and this may cause an infinite loop for a host with 2 interface but one hostname if one server goes down. So, i'm afraid that i will be able to installa courier-imap on each server and this will cause a big problem to the scalability of the system. 2) Has anyone ever tryed something like this and its ablet to redirect me to some good documentation? I don't use Courier (several reasons, off-topic here), I use Dovecot (I can even use SASL from Dovecot to authenticate Postifx's smtp, really handy along with reject_authenticated_sender_login_mismatch and smtpd_sender_login_maps on ldap). Nice, i gave a look to this Dovecot and its looks pretty nice! i'vent tested it yet but it seems it can be a valid alternative. Im trying to move from Qmail to postfix because Qmail is patch-project(dead), while i think Postfix is a valid alternative that will make life a lot easyer. postfix is extremely flexible. Believe me: you can replace qmail with *no* changes to your ldap entries. Your project looks interesting, Ildefonso Camargo
Re: DKIM checking but not signing with Postfix?
John Levine a écrit : dkim can help as one component of a content filtering solution. Current versions of Spamassassin can do DKIM checking. Don't turn on ADSP reject because I say so checks (I say this as one of the authors of the ADSP RFC), but you can adjust your config to list a few heavily phished DKIM signers like paypal.com and ebay.com on which you can reject unsigned mail with little collateral damage. If you're already using spamassassin, you just add stuff to local.cf as suggested by comments in the DKIM plugin, and then restart spamd. yes. and a few rules were proposed by Mark Martinek (amavisd-new). see amavisd-new docs. however, I had to disable some of these rules because I kept seeing borked dkim sigs from yahoo. anyway, from what I have here, I don't see dkim as bringing much to the battle... I could disable dkim and it wouldn't change the results.
Re: Drop mail when X-Something header contains value AND destination domain == somedomain.com
Roman Medina-Heigl Hernandez a écrit : The (real) problem is the following: my Amavis/Spamasssin setup analyzes mail and adds X-Spam-* headers accordingly but it does NOT block/drop any mail. Filtering is done at the MDA level via sieve, which analyzes headers and decides what to do with certain mails based on those headers (the advantage is that the user has the last choice, so he/she can decide whether the spam threshold would be, etc). that's how I do it. all mail is delivered except: - if rejected at postfix level - if blocked because of a virus check (even this I used to deliver to a specific folder. but I stopped it...). dest folder depends on rules implemented in dovecot sieve. default for spam is the Junk folder. Now, I need my MTA to perform additional functionality: to act as relay for CERTAIN domains (keeping, of course, the *other* domains which my server owns mailboxes for). I do NOT control the final delivery for these relayed domains (I do NOT own final MTA with mailboxes), so I'd like to make some blocking based on headers but ONLY for my relayed domains. Postfix supports filtering based on headers but all mail (relayed and not relayed) would be filtered in this case (which is not what I want), I don't know how could I add the conditional behaviour: if mail destination is one of my relayed domains, check headers and drop spam mail; if not, don't check headers. I think Postfix supports the concept of classes, but I never used them and I don't know if what I need could be done with that feature. you need to pass relayed mail via a specific smtp which has its own cleanup, in which case you can associate specific header_checks. The difficulty in your case is that transport_maps are common to all smtpd listeners. so you can't do it with just ok, move'em first to this smtp, then relay after that. you could use FILTER as an access check result, but you'll have a problem for multi-recipient mail (only one filter is used however is the number of recipients). now, things may be easier if yoy tell us more about your setup. which content filter do you use? do you use amavisd-new? (with amavisd-new, you have more flexibility). also, what exactly do you want to do with header_checks. maybe it's ok to apply them to all inbound mail? Hope it is clear now, and sorry for the long email. You're making a great work here in this list, mouss. Thank you in advance. thanks for the compliment. but most of all, thanks to the great guys here with whom I learned...
Re: Wildcard use in Aliases... or somet hing that approximates this behavior...
Andrew Grant a écrit : Hello, I would like to create an everyone alias in Postfix that sends email to all of my aliases / users without having to update the aliases file every time I add a user. No. Under unix, add a user is so generic. I wouldn't like to send mail to bind, sys, ... etc. you can however create a wrapper that adds the user to whichever alias file you want. Is this possible using just Postfix? I am using OS X Server 10.6 3. Under Server Admin (GUI), Mail Service, Mailing Lists tab, there is an option to Enable server group mailing lists with an explanation of: Allow groups in the directory to have mailing lists. The recipients for each list will be updated periodically Can this functionality be duplicated without using the GUI? Any insight would be greatly appreciated.
Re: lpr notifications thru postfix
Reinaldo de Carvalho a écrit : On Sun, May 9, 2010 at 11:24 PM, Jamal Mubarak jmubar...@gmail.com wrote: 'owner process' isn't 'owner of lp* files', you need look owner pf cups process with 'ps' command. jamal% ps -afx | grep cups 0 11783 1 0 0:00.90 ?? 0:00.96 /usr/sbin/cupsd -l Who is the process onwer? try 'ps -ef | grep cups' That's SYSV syntax. OP is running a BSD system: ps -aux | grep cups jamal% ls -l /usr/sbin/cupsd -r-x-- 1 root wheel 887456 Feb 11 01:47 /usr/sbin/cupsd Is this what you are asking for? I have tried to change the group of /usr/sbin/postdrop to wheel from _postdrop without any difference. Same error. Cups process onwer is in wheel? I think no. OP has another problem. see Wietse posts.
Re: Postfix ignoring , won't do fingerprint checking
On Mon, May 10, 2010 at 12:52:55PM -0500, Dave O'Larte wrote: relay_clientcerts = hash:/etc/postfix/relay_client_certs smtpd_client_restrictions = permit_tls_clientcerts, warn_if_reject, reject Please see: http://www.postfix.org/SMTPD_ACCESS_README.html http://www.postfix.org/postconf.5.html#smtpd_client_restrictions I am guessing that you think a permit in smtpd_client_restrictions should mean the mail is accepted, no matter what. This is not so. Every other restriction stage must resolve to permit or DUNNO. Of particular importance is smtpd_recipient_restrictions, which controls relaying. -- end of postfinger output -- Postfix logfile contents from a client connect: May 10 17:33:14 a postfix/smtpd[5521]: localhost[127.0.0.1]: certificate verification depth=1 verify=1 subject=/C=US/ST=aa/O=aa/OU=aa/CN=aa/emailAddress= a...@aa.com May 10 17:33:14 a postfix/smtpd[5521]: localhost[127.0.0.1]: certificate verification depth=0 verify=1 subject=/C=US/ST=aa/O=aa/OU=aa/CN= aaa-nnn-nn-nnn-nnn.aa-n.a.com/emailaddress=a...@aa.com That looks verified. May 10 17:33:14 a postfix/smtpd[5521]: Trusted TLS connection established from localhost[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) May 10 17:33:29 a postfix/smtpd[5521]: disconnect from localhost[127.0.0.1] Trusted connection means it is verified. There is no reject_warning among what you posted. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: lpr notifications thru postfix
On May 10, 2010, at 8:25 AM, Reinaldo de Carvalho wrote: On Sun, May 9, 2010 at 11:24 PM, Jamal Mubarak jmubar...@gmail.com wrote: 'owner process' isn't 'owner of lp* files', you need look owner pf cups process with 'ps' command. jamal% ps -afx | grep cups 0 11783 1 0 0:00.90 ?? 0:00.96 /usr/sbin/cupsd -l Who is the process onwer? try 'ps -ef | grep cups' ps -aux does not work in Mac OS (Darwin) any more. jamal% ps -ajx | grep cups root 11783 1 11783 8fade780 Ss ??0:01.71 /usr/sbin/cupsd -l So it appears that cups is running as root. jamal% ls -l /usr/sbin/cupsd -r-x-- 1 root wheel 887456 Feb 11 01:47 /usr/sbin/cupsd Is this what you are asking for? I have tried to change the group of /usr/sbin/postdrop to wheel from _postdrop without any difference. Same error. Cups process onwer is in wheel? I think no. Apparently so, but I defer to your wisdom. On May 10, 2010, at 5:57 PM, mouss wrote: OP has another problem. see Wietse posts. Well, Mac OS has BSM (Basic Security Module) audit. http://www.trustedbsd.org/openbsm.html http://developer.apple.com/mac/library/DOCUMENTATION/Darwin/Reference/ManPages/man2/auditon.2.html Should I mess with auditon? Jamal
Postfix, Amavisd and DKIM
Just reading from amavisd docs on the how set up DKIM and I was wondering if this section of their documentation is correct: Configuring multiple mail paths in Postfix Here is one way of configuring Postfix for providing two paths through a content filter. Locally submitted or authenticated mail will go to a content filter to its port 10026 and will be signed on its way out (either by amavisd or by a signing milter). All other mail (incoming) will be diverted to port 10024 for normal content filtering, and will not be eligible for signing. main.cf: # on re-queueing of a message smtpd_*_restrictions do not apply, # so we'd better provide a safe default for a content_filter, # even at an expense of later flipping the choice twice # (which adds a bit to log clutter, but never mind) # content_filter = amavisfeed:[127.0.0.1]:10024 # each triggered FILTER deposits its argument into a # content_filter setting, the last deposited value applies # smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re permit_mynetworks permit_sasl_authenticated permit_tls_clientcerts check_sender_access regexp:/etc/postfix/tag_as_foreign.re # Make sure to assign FILTER tags in restrictions which # are only invoked once per message, e.g. client or sender # restrictions, but NOT on smtpd_recipient_restrictions, # as a message may have multiple recipients, so multiple # passes through FILTER tag assignments can yield a # surprising (and incorrect) result. /etc/postfix/tag_as_originating.re: /^/ FILTER amavisfeed:[127.0.0.1]:10026 /etc/postfix/tag_as_foreign.re: /^/ FILTER amavisfeed:[127.0.0.1]:10024 In master.cf set up two listening smtpd services for receiving filtered mail from amavisd (as per README.postfix), one on tcp port 10025 (for inbound mail) and the other on port 10027 (for originating mail). If a signing milter is in use it will be attached to a smtpd service on 10027 only. If no milters are in use and signing is done by amavisd, both smtpd services can have exactly the same settings, and in fact only one suffices, in which case redirecting $forward_method and $notify_method to 'smtp:[127.0.0.1]:10027' in later example can be disregarded. -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee Coming close to 15 years in business
Re: Postfix ignoring , won't do fingerprint checking
On Mon, May 10, 2010 at 3:31 PM, Noel Jones njo...@megan.vbhcs.org wrote: On 5/10/2010 12:52 PM, Dave O'Larte wrote: Regarding using the right main.cf http://main.cf: I've only installed a single Postfix instance, and changes I make to main.cf http://main.cf do affect Postfix. (E.g. turning up logging, etc.) The Postfix log says I'm using the config in /etc/postfix. The output from postfinger: # ./postfinger postfinger - postfix configuration on Mon May 10 17:27:44 UTC 2010 version: 1.30 Warning: postfinger output may show private configuration information, such as ip addresses and/or domain names which you do not want to show to the public. If this is the case it is your responsibility to modify the output to hide this private information. [Remove this warning with the --nowarn option.] --System Parameters-- mail_version = 2.6.5 hostname = AA-DD-DDD-DDD-DDD uname = Linux aa-dd-ddd-ddd-ddd d.d.dd-ddd-aaa #7-Ubuntu SMP Tue Oct 13 19:06:04 UTC 2009 i686 GNU/Linux --Packaging information-- looks like this postfix comes from deb package: postfix-2.6.5-3 --main.cf http://main.cf non-default parameters-- alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no bounce_queue_lifetime = 0 mailbox_size_limit = 0 maximal_backoff_time = 10s maximal_queue_lifetime = 0 mydestination = aa-dd-ddd-ddd-ddd.aaa., localhost myhostname = aa-dd-ddd-ddd-ddd.aaa. mynetworks = 127.0.0.0/8 http://127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relay_clientcerts = hash:/etc/postfix/relay_client_certs smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_client_restrictions = permit_tls_clientcerts, warn_if_reject, reject smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_cert_file = /etc/postfix/cert.pem smtpd_tls_fingerprint_digest = sha1 smtpd_tls_key_file = /etc/postfix/key.pem smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_req_ccert = yes smtpd_tls_security_level = encrypt smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_tls_cert_file = /etc/postfix/cert.pem smtp_tls_fingerprint_digest = sha1 smtp_tls_key_file = /etc/postfix/key.pem smtp_tls_loglevel = 2 smtp_tls_note_starttls_offer = yes smtp_tls_security_level = encrypt virtual_gid_maps = static:1004 virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_domains = a.com http://a.com virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_uid_maps = static:1004 --master.cf-- smtp inet n - - - - smtpd smtps inet n - - - - smtpd -o smtpd_sasl_path=smtpd -o smtp_tls_security_level=fingerprint -o smtpd_tls_security_level=encrypt -o smtpd_tls_auth_only=yes -o smtp_tls_note_starttls_offer=yes -o smtpd_tls_req_ccert=no -o smtpd_tls_received_header=yes -o smtpd_sasl_local_domain= -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_security_options=noanonymous -o broken_sasl_auth_clients=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions= pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp -o smtp_fallback_relay= showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - -
Re: lmtp_generic_maps for delivery to dovecot
On Mon, 2010-05-10 at 10:15 -0500, Noel Jones wrote: On 5/10/2010 8:33 AM, ram wrote: Can I use somthing like lmtp_generic_maps for delivery to dovecot Your question is incomplete. What are you trying to accomplish? How does postfix deliver to dovecot? I have a master.cf entry for delivery to dovecot. dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient} The rules are very simple mails to *...@local.example.com send to dovecot:[127.0.0.1] mails to *...@otherlocation.example.com send to smtp:[otherlocation] But the users are created on dovecot as u...@example.com. How can I configure postfix to send mails for *...@local.example.com to dovecot and strip off the local. I use lmtp_generic_maps for a similar thing in postfix+cyrus Thanks Derwyn.