Re: Postfix SMTP server
* motty.cruz motty.c...@gmail.com: Hello, When a client has a typo in the recipient email address it takes 5 days for my SMTP server to notify that the user does not exist or was unable to deliver email. Any idea where to change the option to make it more reliable. Please sho some logs of this behaviour. Is this your server sending out mail someplace else or your server receiving? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Postfix, POP/IMAP server, virtual users, web administration - what do you use?
On Sep 27, 2010, at 6:58 PM, Tomasz Chmielewski wrote: What do you use with Postfix, if you have virtual users (i.e. in a SQL database)? I know web-cyradm, which works pretty well with Cyrus (IMAP/POP) and Postfix - all users, domains, aliases etc. are stored in a SQL database. However, web-cyradm seems to be more or less abandoned now, with the last update from 2005. What other options do you use with Postfix, when it comes to web-based virtual users/domain/aliases management? With IMAP/POP servers like Cyrus, Courier, Dovecot? Another one: iRedMail + iRedAdmin. It's under active development. iRedMail: http://www.iredmail.org/ iRedAdmin: http://www.iredmail.org/admin_panel.html
Re: SPF and greylisting conditioning
Hello On 29. 9. 2010 0:05, Stan Hoeppner wrote: Henrik K put forth on 9/28/2010 12:28 AM: On Mon, Sep 27, 2010 at 03:12:01PM -0500, Stan Hoeppner wrote: Snowshoe spam will most probably pass greylisting too. Better not clutter greylisting database with useless things. Have the blacklists block'em instead. I don't follow your logic here. Yes, most snowshoe is sent from real MTAs, not bots, so greylisting won't stop it. However, dnsbls and local block lists aren't very effective against snowshoe either, although Spamhaus DBL is getting much better WRT snowshoe. I have a local snowshoe cidr table I've been building for 2 years and it works rather well as I see maybe 1 snowshoe in the inbox every two weeks or so. However, most people probably don't have such a local snowshoe blocking list. Umm, what's YOUR logic here? Greylisting won't stop it, dnsbls won't stop it? So I guess it's ok to blindly greylist stuff in case it happens to stop it? Of course I'm not advocating folks blindly greylist. I promote super-selective greylisting, and have many times on this list. The point I was making is that SPF is not a solution for making a reject/ok determination as an isolated smtpd test. It's only useful for scoring systems. Greylisting in isolation won't stop snowshoe either. Again, it is useful in blocking snowhoe if used in a scoring system such as SA. So OP's request is valid IMO. Shooting mail straight into the inbox based on an SPF pass is not a valid strategy, but a recipe for more spam in the inbox. SPF is properly used in a scoring system within a policy daemon or external content filter such as SA, same as DKIM etc are. Shooting mail straight into inbox? At some point you seemed to understand the original question, but again you seen to have missed the point? He was asking to bypass greylisting, which is fine. How does that make it STRAIGHT into inbox? Michal Bruncko put forth on 9/26/2010 4:24 AM: It is possible in some way to configure postfix, that SPF Passed mails will be automatically accepted with postfix without greylisting? Maybe I misunderstood the OP's use of the term automatically accepted. I mean automatically accepted by postfix, but not automatically forwarded to mailboxes. My idea lies on principle, that if sender have valid SPF record, there is no need to greylist (and delaying mail receiving), but... SPF and greylisting are only one part of mail checking (checking directly in smtpd_recipient_restrictions in postfix). I am using amavis with SA, viruschecking and next supplementary tests (razor, ddc and so on) for scoring mails and then forwarding through MDA to mailboxes. michal smime.p7s Description: S/MIME Cryptographic Signature
Re: SPF and greylisting conditioning
Michal Bruncko put forth on 9/29/2010 4:03 AM: I mean automatically accepted by postfix, but not automatically forwarded to mailboxes. My idea lies on principle, that if sender have valid SPF record, there is no need to greylist (and delaying mail receiving), but... SPF and greylisting are only one part of mail checking (checking directly in smtpd_recipient_restrictions in postfix). I am using amavis with SA, viruschecking and next supplementary tests (razor, ddc and so on) for scoring mails and then forwarding through MDA to mailboxes. milter-greylist will do exactly what you want. http://hcpnet.free.fr/milter-greylist/ SPF records Starting with version 1.1.3, milter-greylist is able to use libspf_alt to check SPF records. SPF records are DNS objects that tell the whole Internet which server(s) can legally send e-mail from a domain. Using SPF records, milter-greylist will avoid greylisting any mail that comes from an SPF-compliant server. This feature is optionnal and requires libspf_alt Starting with 1.1.10, libspf (James Couzens's version) is also supported. libpsf2 is supported starting with version 1.7.2. -- Stan
Re: Postfix SMTP server
On 2010-09-28 6:43 PM, Noel Jones wrote: You can also consider setting delay_warning_time to a non-zero value, 4h is probably reasonable, so the user will be notified when their mail isn't delivered in a timely manner. http://www.postfix.org/postconf.5.html#delay_warning_time SMTP is reliable enough these days that if my users - who deal with a lot of time-sensitive issues - send an email that isn't delivered almost immediately, I want them to know there is a problem, so I have mine set to 15 minutes for years now and it works great. Admittedly our server is not very heavily loaded, and this obviously wouldn't be practical in all cases (ie ISPs), but for small/medium businesses that run their own smtp servers, since most users *do* consider email to be virtually an 'instant' method of communication, I think it makes sense to let them know early on if it wasn't delivered immediately. One thing I'd like is the ability to have more than one warning... say an 'early warning like 1o or 15 minutes, then one (or more) secondary warnings (maybe 4 hours, then 24 hours)... -- Best regards, Charles
Re: postfix message size
On 2010-09-28 8:12 PM, Sahil Tandon wrote: Charles Marcus wrote: Are you submitting this message via a webmail client? Huh? Maybe this is a web server/php upload size limitation? No. What in the log excerpt makes you suspect that? The 127.0.0.1 IP address - but obviously I replied without considering all of the evidence, sorry... crawling back in my hole now... -- Best regards, Charles
Re: Postfix SMTP server
On 2010-09-28 9:25 PM, pf at alt-ctrl-del.org wrote: And set a value for: maximal_queue_lifetime (default: 5d) And this I set to 1d... if the user wants to resend it again, they can. These settings were what the owner of a company I do work for decided on after I explained to him how smtp works and what his options were, and they have worked extremely well. Honestly - most users forget what messages they have sent in the morning by the end of the day - waiting 5 days for a notice of a permanent failure is just ... well, let's just say it isn't very helpful to the user. -- Best regards, Charles
Re: Postfix SMTP server
On Tue, 28 Sep 2010 17:43:50 -0500 Noel Jones njo...@megan.vbhcs.org articulated: An example of this is hotmal.com -- it has an A record but doesn't answer on port 25. This behavior is identical to a domain whose mail server is temporarily down, so it would be wrong for postfix to return the mail immediately. It works just fine on port 25 here. -- Jerry ✌ postfix-u...@seibercom.net _ TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
Re: Inform postmaster, if message gets on HOLD
* Christian Rößner c...@roessner-network-solutions.com: Hi, simply question: I have configured my postfix that it keeps mails on HOLD, if they come from the webserver and are not addressed to me (i.e. if the webserver tries do relay mail over my MTA). This works pretty well, but how could the postmaster (me) get notified, if new mail is on hold? Use a script to parse your log. E.g. logcheck -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Submission on an additional port
On 2010-09-29 12:09 AM, Neil wrote: Oh, I definitely do use 587/submission right now (as you might've deduced from above). The reason I want 785 is because I recently find myself visiting a network quite regularly where 25, 465, 587 are all blocked (don't ask me why; doesn't make much sense to me). Crap... yeah, thats a good reason. I haven't run into that, but I wouldn't call myself a road warrior either. I understand and agree with public networks that block outbound port 25, but they shouldn't be blocking 587... -- Best regards, Charles
Re: Postfix SMTP server
On Wed, 29 Sep 2010 13:57:00 +0200 Ralf Hildebrandt ralf.hildebra...@charite.de articulated: hotmal.com without i? Opps, sorry. Too early in the morning, I haven't had my third cup of coffee yet. -- Jerry ✌ postfix-u...@seibercom.net _ TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
Re: Inform postmaster, if message gets on HOLD
simply question: I have configured my postfix that it keeps mails on HOLD, if they come from the webserver and are not addressed to me (i.e. if the webserver tries do relay mail over my MTA). This works pretty well, but how could the postmaster (me) get notified, if new mail is on hold? Use a script to parse your log. E.g. logcheck Probably nothings wrong with logcheck, but I do not get it running here. So it seems, I have to code a little policy_servicen here. @Patrick: ;-) Best wishes Christian --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com PGP.sig Description: Signierter Teil der Nachricht
Re: SPF and greylisting conditioning
Thank you for hint. It seems that this soft is also included in my distro repository (fedora), perfect! :) michal On 29. 9. 2010 11:36, Stan Hoeppner wrote: Michal Bruncko put forth on 9/29/2010 4:03 AM: I mean automatically accepted by postfix, but not automatically forwarded to mailboxes. My idea lies on principle, that if sender have valid SPF record, there is no need to greylist (and delaying mail receiving), but... SPF and greylisting are only one part of mail checking (checking directly in smtpd_recipient_restrictions in postfix). I am using amavis with SA, viruschecking and next supplementary tests (razor, ddc and so on) for scoring mails and then forwarding through MDA to mailboxes. milter-greylist will do exactly what you want. http://hcpnet.free.fr/milter-greylist/ SPF records Starting with version 1.1.3, milter-greylist is able to use libspf_alt to check SPF records. SPF records are DNS objects that tell the whole Internet which server(s) can legally send e-mail from a domain. Using SPF records, milter-greylist will avoid greylisting any mail that comes from an SPF-compliant server. This feature is optionnal and requires libspf_alt Starting with 1.1.10, libspf (James Couzens's version) is also supported. libpsf2 is supported starting with version 1.7.2. smime.p7s Description: S/MIME Cryptographic Signature
Postfix and Mailman ...
Hello, I am trying to get postfix working with mailman and I just can’t seem to get it to work. Essentially what I want is this: My mailing domain is students.wesleyseminary.edu. I want messages going to allstude...@students.wesleyseminary.edu to go to a mailman managed distribution list that sends to the other accounts on the system. Any help on this? Thanks. Here is what I have so far: Postconf –n alias_maps = hash:/var/lib/mailman/data/aliases,hash:/etc/mail/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib64/postfix data_directory = /var/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 20 home_mailbox = .Maildir/ html_directory = /usr/share/doc/postfix-2.6.6/html inet_interfaces = all local_destination_concurrency_limit = 2 local_recipient_maps = proxy:unix:passwd.byname $alias_maps local_transport = virtual mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man mydestination = mydomain = students.wesleyseminary.edu myhostname = wts-zimbra.wesleysem.edu mynetworks_style = subnet newaliases_path = /usr/bin/newaliases owner_request_special = no queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/readme recipient_delimiter = + sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_banner = students.wesleyseminary.edu ESMTP $mail_name ($mail_version) smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_cert_file = /etc/postfix/newcert.pem smtpd_tls_key_file = /etc/postfix/newkey.pem smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/old_students.cf virtual_gid_maps = static:1000 virtual_mailbox_base = / virtual_mailbox_domains = /etc/postfix/virtual_domains.cf virtual_mailbox_maps = ldap:/etc/postfix/ldap-maps.cf virtual_minimum_uid = 1000 virtual_uid_maps = static:1000 This is the mailmain’s alias file referenced in alias_maps: /var/lib/mailman/data/aliases # This file is generated by Mailman, and is kept in sync with the # binary hash file aliases.db. YOU SHOULD NOT MANUALLY EDIT THIS FILE # unless you know what you're doing, and can keep the two files properly # in sync. If you screw it up, you're on your own. # The ultimate loop stopper address mailman-loop: /var/lib/mailman/data/owner-bounces.mbox # STANZA START: mailman # CREATED: Thu Sep 2 14:05:34 2010 mailman: |/usr/lib64/mailman/mail/mailman post mailman mailman-admin: |/usr/lib64/mailman/mail/mailman admin mailman mailman-bounces: |/usr/lib64/mailman/mail/mailman bounces mailman mailman-confirm: |/usr/lib64/mailman/mail/mailman confirm mailman mailman-join:|/usr/lib64/mailman/mail/mailman join mailman mailman-leave: |/usr/lib64/mailman/mail/mailman leave mailman mailman-owner: |/usr/lib64/mailman/mail/mailman owner mailman mailman-request: |/usr/lib64/mailman/mail/mailman request mailman mailman-subscribe: |/usr/lib64/mailman/mail/mailman subscribe mailman mailman-unsubscribe: |/usr/lib64/mailman/mail/mailman unsubscribe mailman # STANZA END: mailman # STANZA START: allstudents # CREATED: Thu Sep 2 14:05:34 2010 allstudents: |/usr/lib64/mailman/mail/mailman post allstudents allstudents-admin: |/usr/lib64/mailman/mail/mailman admin allstudents allstudents-bounces: |/usr/lib64/mailman/mail/mailman bounces allstudents allstudents-confirm: |/usr/lib64/mailman/mail/mailman confirm allstudents allstudents-join:|/usr/lib64/mailman/mail/mailman join allstudents allstudents-leave: |/usr/lib64/mailman/mail/mailman leave allstudents allstudents-owner: |/usr/lib64/mailman/mail/mailman owner allstudents allstudents-request: |/usr/lib64/mailman/mail/mailman request allstudents allstudents-subscribe: |/usr/lib64/mailman/mail/mailman subscribe allstudents allstudents-unsubscribe: |/usr/lib64/mailman/mail/mailman unsubscribe allstudents # STANZA END: allstudents And this is my mailman’s mm_cfg.py file: /etcmainman/mm_cfg.py: # -*- python -*- # Copyright (C) 1998,1999,2000,2001,2002 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This
Forwarding Message to Multiple Mailboxes using LDAP ...
Hello, Is there anyway to forward one message to multiple places using LDAP? So, if a message comes in to one account it can go to multiple destinations as specified in an LDAP configuration? Thanks. Regards, Christopher Koeber
Re: Postfix and Mailman ...
Christopher Koeber wrote: Hello, I am trying to get postfix working with mailman and I just can’t seem to get it to work. Essentially what I want is this: My mailing domain is students.wesleyseminary.edu http://students.wesleyseminary.edu. I want messages going to allstude...@students.wesleyseminary.edu mailto:allstude...@students.wesleyseminary.edu to go to a mailman managed distribution list that sends to the other accounts on the system. Any help on this? Thanks. Do you have a error/warning log entry regarding the problem? please show some evidence about the problem, dont expect every member of the list read all your configs. For my setup I use: alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf Here is what I have so far: Postconf –n alias_maps = hash:/var/lib/mailman/data/aliases,hash:/etc/mail/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib64/postfix data_directory = /var/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 20 home_mailbox = .Maildir/ html_directory = /usr/share/doc/postfix-2.6.6/html inet_interfaces = all local_destination_concurrency_limit = 2 local_recipient_maps = proxy:unix:passwd.byname $alias_maps local_transport = virtual mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man mydestination = mydomain = students.wesleyseminary.edu http://students.wesleyseminary.edu myhostname = wts-zimbra.wesleysem.edu http://wts-zimbra.wesleysem.edu mynetworks_style = subnet newaliases_path = /usr/bin/newaliases owner_request_special = no queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/readme recipient_delimiter = + sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_banner = students.wesleyseminary.edu http://students.wesleyseminary.edu ESMTP $mail_name ($mail_version) smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_cert_file = /etc/postfix/newcert.pem smtpd_tls_key_file = /etc/postfix/newkey.pem smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/old_students.cf http://old_students.cf virtual_gid_maps = static:1000 virtual_mailbox_base = / virtual_mailbox_domains = /etc/postfix/virtual_domains.cf http://virtual_domains.cf virtual_mailbox_maps = ldap:/etc/postfix/ldap-maps.cf http://ldap-maps.cf virtual_minimum_uid = 1000 virtual_uid_maps = static:1000 This is the mailmain’s alias file referenced in alias_maps: /var/lib/mailman/data/aliases # This file is generated by Mailman, and is kept in sync with the # binary hash file aliases.db. YOU SHOULD NOT MANUALLY EDIT THIS FILE # unless you know what you're doing, and can keep the two files properly # in sync. If you screw it up, you're on your own. # The ultimate loop stopper address mailman-loop: /var/lib/mailman/data/owner-bounces.mbox # STANZA START: mailman # CREATED: Thu Sep 2 14:05:34 2010 mailman: |/usr/lib64/mailman/mail/mailman post mailman mailman-admin: |/usr/lib64/mailman/mail/mailman admin mailman mailman-bounces: |/usr/lib64/mailman/mail/mailman bounces mailman mailman-confirm: |/usr/lib64/mailman/mail/mailman confirm mailman mailman-join:|/usr/lib64/mailman/mail/mailman join mailman mailman-leave: |/usr/lib64/mailman/mail/mailman leave mailman mailman-owner: |/usr/lib64/mailman/mail/mailman owner mailman mailman-request: |/usr/lib64/mailman/mail/mailman request mailman mailman-subscribe: |/usr/lib64/mailman/mail/mailman subscribe mailman mailman-unsubscribe: |/usr/lib64/mailman/mail/mailman unsubscribe mailman # STANZA END: mailman # STANZA START: allstudents # CREATED: Thu Sep 2 14:05:34 2010 allstudents: |/usr/lib64/mailman/mail/mailman post allstudents allstudents-admin: |/usr/lib64/mailman/mail/mailman admin allstudents allstudents-bounces: |/usr/lib64/mailman/mail/mailman bounces allstudents allstudents-confirm: |/usr/lib64/mailman/mail/mailman confirm allstudents allstudents-join:|/usr/lib64/mailman/mail/mailman join allstudents allstudents-leave: |/usr/lib64/mailman/mail/mailman leave allstudents
Re: Forwarding Message to Multiple Mailboxes using LDAP ...
On Wed, Sep 29, 2010 at 01:10:55PM -0400, Christopher Koeber wrote: Is there anyway to forward one message to multiple places using LDAP? So, if a message comes in to one account it can go to multiple destinations as specified in an LDAP configuration? Postfix capabilities are table-type agnostic. If you can forward to multiple recipients with any of hash, btree, cdb, ... you can forward to multiple recipients with all of them, and also with ldap, mysql, pcre, ... See http://www.postfix.org/ADDRESS_REWRITING_README.html for details. With LDAP, queries that return multiple results are automatically treated the same way as an indexed table lookup that returns a comma-separated list of results. -- Viktor.
Re: Postfix and Mailman ...
Christopher Koeber wrote: Hello, I am trying to get postfix working with mailman and I just can’t seem to get it to work. Essentially what I want is this: My mailing domain is students.wesleyseminary.edu http://students.wesleyseminary.edu. I want messages going to allstude...@students.wesleyseminary.edu mailto:allstude...@students.wesleyseminary.edu to go to a mailman managed distribution list that sends to the other accounts on the system. Any help on this? Thanks. Do you have a error/warning log entry regarding the problem? please show some evidence about the problem, dont expect every member of the list read all your configs. *OK, everytime I send to the allstudents list I have I get this: Sep 29 13:42:57 WTS-ZIMBRA postfix/virtual[27388]: 0CE72322739: to= allstude...@students.wesleyseminary.edu, relay=virtual, delay=12994, delays=12994/0/0/0.1, dsn=5.1.1, status=bounced (unknown user: allstude...@students.wesleyseminary.edu) Thanks for the setup info below. I am comparing now.* For my setup I use: alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf Here is what I have so far: Postconf –n alias_maps = hash:/var/lib/mailman/data/aliases,hash:/etc/mail/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib64/postfix data_directory = /var/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 20 home_mailbox = .Maildir/ html_directory = /usr/share/doc/postfix-2.6.6/html inet_interfaces = all local_destination_concurrency_limit = 2 local_recipient_maps = proxy:unix:passwd.byname $alias_maps local_transport = virtual mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man mydestination = mydomain = students.wesleyseminary.edu http://students.wesleyseminary.edu myhostname = wts-zimbra.wesleysem.edu http://wts-zimbra.wesleysem.edu mynetworks_style = subnet newaliases_path = /usr/bin/newaliases owner_request_special = no queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/readme recipient_delimiter = + sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_banner = students.wesleyseminary.edu http://students.wesleyseminary.edu ESMTP $mail_name ($mail_version) smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_cert_file = /etc/postfix/newcert.pem smtpd_tls_key_file = /etc/postfix/newkey.pem smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/old_students.cf http://old_students.cf virtual_gid_maps = static:1000 virtual_mailbox_base = / virtual_mailbox_domains = /etc/postfix/virtual_domains.cf http://virtual_domains.cf virtual_mailbox_maps = ldap:/etc/postfix/ldap-maps.cf http://ldap-maps.cf virtual_minimum_uid = 1000 virtual_uid_maps = static:1000 This is the mailmain’s alias file referenced in alias_maps: /var/lib/mailman/data/aliases # This file is generated by Mailman, and is kept in sync with the # binary hash file aliases.db. YOU SHOULD NOT MANUALLY EDIT THIS FILE # unless you know what you're doing, and can keep the two files properly # in sync. If you screw it up, you're on your own. # The ultimate loop stopper address mailman-loop: /var/lib/mailman/data/owner-bounces.mbox # STANZA START: mailman # CREATED: Thu Sep 2 14:05:34 2010 mailman: |/usr/lib64/mailman/mail/mailman post mailman mailman-admin: |/usr/lib64/mailman/mail/mailman admin mailman mailman-bounces: |/usr/lib64/mailman/mail/mailman bounces mailman mailman-confirm: |/usr/lib64/mailman/mail/mailman confirm mailman mailman-join:|/usr/lib64/mailman/mail/mailman join mailman mailman-leave: |/usr/lib64/mailman/mail/mailman leave mailman mailman-owner: |/usr/lib64/mailman/mail/mailman owner mailman mailman-request: |/usr/lib64/mailman/mail/mailman request mailman mailman-subscribe: |/usr/lib64/mailman/mail/mailman subscribe mailman mailman-unsubscribe: |/usr/lib64/mailman/mail/mailman unsubscribe mailman # STANZA END: mailman
Re: Postscreen update
Stan Hoeppner wrote: For example: http://www.spamhaus.org/datafeed/ The Spamhaus DNSBL Datafeed is a service for users with professional DNSBL query requirements, such as corporate networks and ISPs. It offers both a Query service and an Rsync service (you can choose). The paid Query service mentioned above requires the Postfix feature you are asking about. It's an authentication mechanism. The Rsync service allows downloading the entire Spamhaus databases multiple times a day and hosting them on a local dns server or via an rbldnsd daemon on each MX. The latter is suitable for those such as big ISPs with massive mail flows, who cannot afford the latency of over the wire network based dnsbl queries. It's also a reasonable option due to cost; the paid query service is more expensive (at least at the level we were looking at here) compared to the rsync service. A remote dnsbl query can take anywhere from 20-200 milliseconds (or more) depending on number of hops and network conditions. A query to a local network dns server can take less than 1ms. A query to an rbldnsd daemon residing on the MX MTA host itself can occur in a few microseconds, as it is an interprocess communication occurring at the speed of system memory. This is the preferred method for some of the worlds busiest MTAs. All this performance comes at a cost: the rbldnsd method requires multiple gigabytes of system memory for the Spamhaus zone files alone. Hmm, no, less than 100M: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 28776 rbldns20 0 81740 65m 700 S0 3.3 118:49.42 rbldnsd And this with a modest local blacklist loaded in as well. The on-disk files for all of the lists total just over 100M. We just run the Spamhaus data on a non-public zone on our general resolvers (running dnscache) and we have yet to see any latency problems. The biggest sysadmin/network costs for the rsync service are in configuration (may need extra scripting to distribute the data to multiple rbldnsd instances, depending on how you want to arrange your DNS services - otherwise, it's set up once, let it run) and update bandwidth - currently they provide a script intended to be called once a minute to update the zone data source files. -kgd
Re: Postfix SMTP server
On 09/29/2010 01:35 PM, Charles Marcus wrote: On 2010-09-28 9:25 PM, pf at alt-ctrl-del.org wrote: And set a value for: maximal_queue_lifetime (default: 5d) And this I set to 1d... if the user wants to resend it again, they can. These settings were what the owner of a company I do work for decided on after I explained to him how smtp works and what his options were, and they have worked extremely well. Honestly - most users forget what messages they have sent in the morning by the end of the day - waiting 5 days for a notice of a permanent failure is just ... well, let's just say it isn't very helpful to the user. Again, his settings are plain wrong. soft_bounce = on should never be set on a production system. Permanent errors will be bounced immediately. -- J.
Negative Greeting using Amavis
Hey, I'm baffled by yet another problem. I installed Amavis, performed necessary master.cf, amavis conf.d, and main.cf changes, and launched the service. However, it seems that Amavis is being denied by the Postfix SMTPD listening on 10025 when it attempts to reinject the mail. When I telnet to 127.0.0.1:10025 (on the server), I am immediately disconnected (Connection closed by foreign host.) The log output generated by this connection looks like this: Sep 29 16:59:45 shanedittmar postfix/smtpd[10141]: fatal: unexpected command-line argument: reject Sep 29 16:59:46 shanedittmar postfix/master[26160]: warning: process /usr/lib/postfix/smtpd pid 10141 exit status 1 Sep 29 16:59:46 shanedittmar postfix/master[26160]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling This is the configuration I added to master.cf to creat the second SMTPD. amavis unix- - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks, reject -o smtpd_ehlo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_auth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks -o smtpd_bind_address=127.0.0.1 -o disable_dns_lookups=yes Thanks for your help in advance. If you need more information, please let me know.
Re: Postfix SMTP server
Le 28/09/2010 23:44, motty.cruz a écrit : Hello, When a client has a typo in the recipient email address it takes 5 days for my SMTP server to notify that the user does not exist or was unable to deliver email. No. you are wrong. when you mistype an address, you get an immediate error stating doesn't exist. try sending mail to j...@netoyen.net and tell me when you get the error. if it takes you 5 days to see an error that was sent 5 days before, you have a serious issue. Any idea where to change the option to make it more reliable.
Re: Negative Greeting using Amavis
Le 29/09/2010 23:17, Shane Dittmar a écrit : Hey, I'm baffled by yet another problem. I installed Amavis, performed necessary master.cf, amavis conf.d, and main.cf changes, and launched the service. However, it seems that Amavis is being denied by the Postfix SMTPD listening on 10025 when it attempts to reinject the mail. When I telnet to 127.0.0.1:10025 (on the server), I am immediately disconnected (Connection closed by foreign host.) The log output generated by this connection looks like this: Sep 29 16:59:45 shanedittmar postfix/smtpd[10141]: fatal: unexpected command-line argument: reject Sep 29 16:59:46 shanedittmar postfix/master[26160]: warning: process /usr/lib/postfix/smtpd pid 10141 exit status 1 Sep 29 16:59:46 shanedittmar postfix/master[26160]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling This is the configuration I added to master.cf to creat the second SMTPD. amavis unix- - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks, reject space before reject. [snip]
Re: Postfix SMTP server
Le Wed 29/09/2010, mouss disait Le 28/09/2010 23:44, motty.cruz a écrit : Hello, When a client has a typo in the recipient email address it takes 5 days for my SMTP server to notify that the user does not exist or was unable to deliver email. No. you are wrong. when you mistype an address, you get an immediate error stating doesn't exist. try sending mail to j...@netoyen.net and tell me when you get the error. if it takes you 5 days to see an error that was sent 5 days before, you have a serious issue. Any idea where to change the option to make it more reliable. It might be that the receiving server is set up to return a temporary error code for unexistent address -- Erwan
Re: Negative Greeting using Amavis
Wow, that was a stupid error. (I probably misssed it because I'm blind) Thanks! On 9/29/10, mouss mo...@ml.netoyen.net wrote: Le 29/09/2010 23:17, Shane Dittmar a écrit : Hey, I'm baffled by yet another problem. I installed Amavis, performed necessary master.cf, amavis conf.d, and main.cf changes, and launched the service. However, it seems that Amavis is being denied by the Postfix SMTPD listening on 10025 when it attempts to reinject the mail. When I telnet to 127.0.0.1:10025 (on the server), I am immediately disconnected (Connection closed by foreign host.) The log output generated by this connection looks like this: Sep 29 16:59:45 shanedittmar postfix/smtpd[10141]: fatal: unexpected command-line argument: reject Sep 29 16:59:46 shanedittmar postfix/master[26160]: warning: process /usr/lib/postfix/smtpd pid 10141 exit status 1 Sep 29 16:59:46 shanedittmar postfix/master[26160]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling This is the configuration I added to master.cf to creat the second SMTPD. amavis unix- - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks, reject space before reject. [snip] -- -Shane Website: http://www.blind-geek.com AIM: inhaddict MSN: sh...@blind-geek.com Skype: chatter8712 Twitter: @shanervr
Re: Postscreen update
Kris Deugau put forth on 9/29/2010 2:33 PM: Hmm, no, less than 100M: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 28776 rbldns20 0 81740 65m 700 S0 3.3 118:49.42 rbldnsd I was going by information I received from another list. I don't use the data feed service. Does this include the CBL data set within Zen? I would make an educated guess that the size of the CBL data set would be over 100MB alone. 25 million 32bit IP addresses (4 bytes) would be 100MB, if my math is correct. 25 million bot infected hosts around the world seems like a very conservative estimate. And this with a modest local blacklist loaded in as well. The on-disk files for all of the lists total just over 100M. We just run the Spamhaus data on a non-public zone on our general resolvers (running dnscache) and we have yet to see any latency problems. With fast resolvers and local GigE, performance should be fine for many sites as you state. It's also easier to manage than running rbldnsd on each MX as you have a single update point. I know of one site, coincidentally also in Canada, running two MX hosts. Each receives, IIRC, on an average day, ~50 million connection attempts, 100 million total. This is nowhere near the numbers of a good sized ISP obviously and tiny compared to a gorilla such as Gmail. The OP runs rbldnsd on each MX, with the full Spamhaus zones minus the CBL. Also incorporated into the rbldnsd instances are extensive local block lists, the Enemies List, the CBL data, and some other mirrored dnsbl data. This may be the multi gigabyte setup I was thinking of, which isn't just Spamhaus zones. Interestingly, this site doesn't reject any spam due to any hits against any list. After DATA, a 55x is returned to the client, but the entire message is saved for further anti spam heuristics processing. It's one of the most elaborate setups I've heard of. Then again, some of the most elaborate setups _no one_ will probably hear about. ;) The biggest sysadmin/network costs for the rsync service are in configuration (may need extra scripting to distribute the data to multiple rbldnsd instances, depending on how you want to arrange your DNS services - otherwise, it's set up once, let it run) and update bandwidth - currently they provide a script intended to be called once a minute to update the zone data source files. Yeah, running the Spamhaus zones on local rbldnsd instances on each MX would require some distribution magic, as you state. Never done this myself. I'd be more inclined to go the route you've taken, if I were ever in a position to manage such a thing. -- Stan