Re: EHLO command generating lots of errors - Firewall or Load issue.
Klaus Engelmann put forth on 8/20/2010 2:32 PM: Stan, thanks for your answer. Searching heavily the list I found that this problem was related to firewall issues, specially when the firewall does a sort of SMTP (layer 7) validation or check. I disabled some features on my H3C firewall (ASPF - Application Specific Packet Filter) related only to SMTP and everything works fine now again. Glad you found the culprit Klaus. As you probably know now, one should never allow a firewall to touch SMTP traffic, whether it be Cisco's SMTP Fixup feature or other vendor implementations. In so so many cases this simply breaks things, and often makes troubleshooting at the SMTP server more difficult. It threw my troubleshooting off in this case, but then again, I'm not one of the resident experts. That's why they spotted this and I didn't--much more experience. I like to thanks all the other members of the list for their contribution on this issue, specially Wietse. I am surprised how some modern firewalls are poorly implemented when dealing with SMTP. Postfix really opens a wide knowledge about RFCs and all the SMTP resources. The road to hell is paved with good intentions. Firewall vendors have many good intentions. Unfortunately, their implementations sometimes yield results opposite of that which is desired. ;) Your suggestions about reject_unauth_destination are right and now implemented in my production server. Thank you again for this advise. Well at least I'm batting 50% and if this were baseball that would be pretty good right. :) I wish I'd nailed your bigger issue here, but that's why this list has multiple people with varying degrees of experience and expertise. If folks like myself miss the dart board, Noel, Viktor, or Wietse will come in and hit the bullseye for you. :) Glad I was able to help in a small way. -- Stan
Re: Multi-domain certificates and TLS
Alex: Aug 6 09:44:20 smtp01 postfix/smtp[24772]: setting up TLS connection to mail.messaging.microsoft.com Aug 6 09:44:20 smtp01 postfix/smtp[24772]: Peer verification: CommonName in certificate does not match: mail.global.frontbridge.com != mail.messaging.microsoft.com The certificate CommonName is mail.global.frontbridge.com. This is easily demonstrated with $ openssl s_client -connect 65.55.88.22:25 -starttls smtp Why do you believe that the server certificate has MULTIPLE names? Wietse
Re: popbeforesmtp and sender_login_mismatch
On 8/21/2010 12:18 AM, Jerrale G wrote: I don't think you get it. I'm concerned that, if they don't authenticate with postfix - the purpose of popb4smtp, their sender authenticated header will not be in the message header for postfix to reject a bogus sender address. If it did, I wouldn't be asking the question. As said, the only way I can think of having postfix to validate the sender address is by a global general check allowing anyone to use any email address, as outgoing, that is hosted with postfix. Meaning, if you are f...@sheltoncomputers.com, you would be able to send mail with the sender address b...@sheltoncomputers.com as long as it exists as an email address or alias on our systems but at least you wouldn't be able to do a bogus sender address of nonexistentaddr...@nonexistentdomain.com; it wouldn't be hard to trace who sent spam I'm asking for an alternative way than this, if sender authenticated header doesn't work. Thank you Jerrale G S C The alternative you are looking for is SMTP AUTH. That's the standard authentication method supported by postfix and virtually all mail clients. http://www.postfix.org/SASL_README.html pop-before-smtp is a hack and will never be considered a standard authentication method and will never be directly supported in postfix. You could write a policy service that validates the sender address when using pop-before-smtp, but your time would be better spent implementing SMTP AUTH. -- Noel Jones
one mail account that needs to foward a copy of the mail to another account
I had a request to take a internal mail account that receives email and need to copy that information to another account. I can do a aliase but that just fowards the mail not make a copy. I'm using postfix, mysql, and postfix.admin. I will answer any other questions. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
Re: one mail account that needs to foward a copy of the mail to another account
On 08/21/2010 04:08 PM, Josh Cason wrote: I had a request to take a internal mail account that receives email and need to copy that information to another account. I can do a aliase but that just fowards the mail not make a copy. I'm using postfix, mysql, and postfix.admin. I will answer any other questions. In Postfix, if you want to send a copy of us...@example.com's mail to us...@example.com, you would create an alias, us...@example.com - us...@example.com, us...@example.com Since the original address appears in the alias as well, Postfix knows not to expand it again. In Postfix.admin, each address is already aliased to itself but this is hidden by default. Add these two settings to your config.local.php: $CONF['alias_control'] = 'YES'; $CONF['alias_control_admin'] = 'YES'; Now, you should see that each account is aliased to itself, and you can edit that alias. To copy another recipient, simply add that recipient's address to the alias.
virtual deliveries
Halo list, We have thousands domain and user, we have two different configuration, we now look to make one. Anyone suggest how have postfix virtual deliver binary, deliver mail to format of /virtual/domain_first letter/domain_second letter/domain_third_letter/domain/user_first_letter/user_second_letter/user/Maildir our pop3 use offset configuration identical to perl for location and work very fast and good now and we very happy with it and not wanting to change ( we know dovecot can do it but not going to use dovecot), but we want to retire (patched) qmail and use postfix, man page is unclear to us and English is not native language, we do use MySQL for user settings, but not store mail location there, letting qmail put mail based on recipient. thaks
Re: virtual deliveries
Edward avanti: Halo list, We have thousands domain and user, we have two different configuration, we now look to make one. Anyone suggest how have postfix virtual deliver binary, deliver mail to format of /virtual/domain_first letter/domain_second letter/domain_third_letter/domain/user_first_letter/user_second_letter/user/Maildir You could let the computer do the work, and write a (Perl, etc.) script that outputs entries for the Postfix virtual_mailbox_maps table, using your user account database as input. The virtual_mailbox_maps can be a file or a *SQL database. Wietse our pop3 use offset configuration identical to perl for location and work very fast and good now and we very happy with it and not wanting to change ( we know dovecot can do it but not going to use dovecot), but we want to retire (patched) qmail and use postfix, man page is unclear to us and English is not native language, we do use MySQL for user settings, but not store mail location there, letting qmail put mail based on recipient. thaks
