How not to reject invalid recipient domains (here: aol.com)
Hi, apparently, aol.com is currently not resolved via DNS (at least in Germany). How can I have postfix queue mails to AOL and retry delivery in that case instead of bouncing the mails? Regards, wolfgang
Re: How not to reject invalid recipient domains (here: aol.com)
In an older episode, on 2010-12-21 10:01, Wolfgang Zeikat wrote: Hi, apparently, aol.com is currently not resolved via DNS (at least in Germany). As a workaround, it was suggested on the Postfixbuch users list to use a transport map smtp:aol.de That works so far, since aol.de apparently uses the same MX records as aol.com ... Still, I would like to know: How can I have postfix queue mails to AOL and retry delivery in that case instead of bouncing the mails? Regards, wolfgang
OT aol.com no mx record ???
Hi , sorry off topic i see disapearing mx record from aol.com anyone else ? Domain Name.. aol.com Creation Date 1995-06-22 Registration Date 2009-10-03 Expiry Date.. 2011-11-24 Organisation Name AOL Inc. Organisation Address. 22000 AOL Way Organisation Address. Organisation Address. Dulles Organisation Address. 20166 Organisation Address. VA Organisation Address. UNITED STATES Admin Name... Domain Admin Admin Address AOL Inc. Admin Address 22000 AOL Way Admin Address Dulles Admin Address 20166 Admin Address VA Admin Address UNITED STATES Admin Email.. domain-...@corp.aol.com Admin Phone.. +1.7032654670 Admin Fax Tech Name Domain Admin Tech Address. AOL Inc. Tech Address. 22000 AOL Way Tech Address. Dulles Tech Address. 20166 Tech Address. VA Tech Address. UNITED STATES Tech Email... domain-...@corp.aol.com Tech Phone... +1.7032654670 Tech Fax. Name Server.. DNS-02.NS.AOL.COM Name Server.. DNS-01.NS.AOL.COM Name Server.. DNS-07.NS.AOL.COM Name Server.. DNS-06.NS.AOL.COM r...@mboxbackup:~# dig @DNS-02.NS.AOL.COM -t mx aol.com ; DiG 9.7.0-P1 @DNS-02.NS.AOL.COM -t mx aol.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 42797 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;aol.com. IN MX ;; AUTHORITY SECTION: aol.com.300 IN SOA dns-02.ns.aol.com. hostmaster.aol.net. 304268691 43200 60 1209600 300 ;; Query time: 93 msec ;; SERVER: 205.188.157.232#53(205.188.157.232) ;; WHEN: Tue Dec 21 11:01:20 2010 ;; MSG SIZE rcvd: 89 -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
RE: OT aol.com no mx record ???
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Robert Schetterer Sent: Tuesday, December 21, 2010 11:04 AM To: postfix users list Subject: OT aol.com no mx record ??? Hi , sorry off topic i see disapearing mx record from aol.com anyone else ? Yes same here in NL: set type=mx aol.com *** Can't find aol.com: No answer
Re: How not to reject invalid recipient domains (here: aol.com)
apparently, aol.com is currently not resolved via DNS (at least in Germany). How can I have postfix queue mails to AOL and retry delivery in that case instead of bouncing the mails? Did you play with this parameter? maximal_queue_lifetime (default: 5d) The maximal time a message is queued before it is sent back as undeliverable. Christian PGP.sig Description: Signierter Teil der Nachricht
Re: OT aol.com no mx record ???
On 12/21/2010 12:08 PM, Kammen van, Marco, Springer SBM NL wrote: -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Robert Schetterer Sent: Tuesday, December 21, 2010 11:04 AM To: postfix users list Subject: OT aol.com no mx record ??? Hi , sorry off topic i see disapearing mx record from aol.com anyone else ? Yes same here in NL: set type=mx aol.com *** Can't find aol.com: No answer Same in LT: nslookup set type=mx server dns-02.ns.aol.com Default server: dns-02.ns.aol.com Address: 205.188.157.232#53 aol.com Server: dns-02.ns.aol.com Address:205.188.157.232#53 *** Can't find aol.com: No answer
Re: OT aol.com no mx record ???
I get the same ... mail# nslookup set ty=mx aol.com Server:147.215.1.4 Address:147.215.1.4#53 Non-authoritative answer: *** Can't find aol.com: No answer Authoritative answers can be found from: aol.com origin = dns-02.ns.aol.com mail addr = hostmaster.aol.net serial = 304268691 refresh = 43200 retry = 60 expire = 1209600 minimum = 300 exit On 12/21/2010 11:17 AM, edac...@gmail.com wrote: On 12/21/2010 12:08 PM, Kammen van, Marco, Springer SBM NL wrote: -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Robert Schetterer Sent: Tuesday, December 21, 2010 11:04 AM To: postfix users list Subject: OT aol.com no mx record ??? Hi , sorry off topic i see disapearing mx record from aol.com anyone else ? Yes same here in NL: set type=mx aol.com *** Can't find aol.com: No answer Same in LT: nslookup set type=mx server dns-02.ns.aol.com Default server: dns-02.ns.aol.com Address: 205.188.157.232#53 aol.com Server: dns-02.ns.aol.com Address:205.188.157.232#53 *** Can't find aol.com: No answer -- Frank BONNET 01.45.92.66.17 Service des Moyens Informatique Generaux ESIEE PARIS Cité Descartes / BP 99 93162 NOISY-LE-GRAND Cedex http://www.esiee.fr http://www.esiee.fr/
Re: How not to reject invalid recipient domains (here: aol.com)
How can I have postfix queue mails to AOL and retry delivery in that case instead of bouncing the mails? Did you play with this parameter? maximal_queue_lifetime (default: 5d) The maximal time a message is queued before it is sent back as undeliverable. Sorry, my fault. Same problem here. Christian PGP.sig Description: Signierter Teil der Nachricht
Re: OT aol.com no mx record ???
Am 21.12.2010 11:04, schrieb Robert Schetterer: Hi , sorry off topic i see disapearing mx record from aol.com anyone else ? Domain Name.. aol.com Creation Date 1995-06-22 Registration Date 2009-10-03 Expiry Date.. 2011-11-24 Organisation Name AOL Inc. Organisation Address. 22000 AOL Way Organisation Address. Organisation Address. Dulles Organisation Address. 20166 Organisation Address. VA Organisation Address. UNITED STATES Admin Name... Domain Admin Admin Address AOL Inc. Admin Address 22000 AOL Way Admin Address Dulles Admin Address 20166 Admin Address VA Admin Address UNITED STATES Admin Email.. domain-...@corp.aol.com Admin Phone.. +1.7032654670 Admin Fax Tech Name Domain Admin Tech Address. AOL Inc. Tech Address. 22000 AOL Way Tech Address. Dulles Tech Address. 20166 Tech Address. VA Tech Address. UNITED STATES Tech Email... domain-...@corp.aol.com Tech Phone... +1.7032654670 Tech Fax. Name Server.. DNS-02.NS.AOL.COM Name Server.. DNS-01.NS.AOL.COM Name Server.. DNS-07.NS.AOL.COM Name Server.. DNS-06.NS.AOL.COM r...@mboxbackup:~# dig @DNS-02.NS.AOL.COM -t mx aol.com ; DiG 9.7.0-P1 @DNS-02.NS.AOL.COM -t mx aol.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 42797 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;aol.com. IN MX ;; AUTHORITY SECTION: aol.com.300 IN SOA dns-02.ns.aol.com. hostmaster.aol.net. 304268691 43200 60 1209600 300 ;; Query time: 93 msec ;; SERVER: 205.188.157.232#53(205.188.157.232) ;; WHEN: Tue Dec 21 11:01:20 2010 ;; MSG SIZE rcvd: 89 funny now with 0 dig @DNS-02.NS.AOL.COM -t mx aol.com ; DiG 9.7.0-P1 @DNS-02.NS.AOL.COM -t mx aol.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 28147 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 15 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;aol.com. IN MX ;; ANSWER SECTION: aol.com.3600IN MX 0 mailin-04.mx.aol.com. aol.com.3600IN MX 0 mailin-01.mx.aol.com. aol.com.3600IN MX 0 mailin-02.mx.aol.com. aol.com.3600IN MX 0 mailin-03.mx.aol.com. ;; AUTHORITY SECTION: aol.com.3600IN NS dns-06.ns.aol.com. aol.com.3600IN NS dns-07.ns.aol.com. aol.com.3600IN NS dns-02.ns.aol.com. aol.com.3600IN NS dns-01.ns.aol.com. ;; ADDITIONAL SECTION: mailin-01.mx.aol.com. 3600IN A 64.12.90.98 mailin-01.mx.aol.com. 3600IN A 64.12.222.197 mailin-01.mx.aol.com. 3600IN A 205.188.146.193 mailin-01.mx.aol.com. 3600IN A 205.188.159.42 mailin-01.mx.aol.com. 3600IN A 64.12.90.1 mailin-02.mx.aol.com. 3600IN A 205.188.103.1 mailin-02.mx.aol.com. 3600IN A 205.188.155.110 mailin-02.mx.aol.com. 3600IN A 205.188.190.1 mailin-02.mx.aol.com. 3600IN A 64.12.90.65 mailin-02.mx.aol.com. 3600IN A 64.12.139.193 mailin-03.mx.aol.com. 3600IN A 64.12.90.97 mailin-03.mx.aol.com. 3600IN A 64.12.137.169 mailin-03.mx.aol.com. 3600IN A 205.188.59.193 mailin-03.mx.aol.com. 3600IN A 205.188.156.193 mailin-03.mx.aol.com. 3600IN A 205.188.190.2 ;; Query time: 97 msec ;; SERVER: 205.188.157.232#53(205.188.157.232) ;; WHEN: Tue Dec 21 11:29:57 2010 ;; MSG SIZE rcvd: 459 -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Configuration help
Hi, I'd like to set Postfix up as a high performance MTA for sending high volumes of mail. Our website (dontstayin.com) sends about 100,000 mails per day (message notifications etc.) We also send about 1-2 million bulk mails per day, in the form of newsletters and e-flyers (it's all opt-in, targetted and instantly unsubscribable) We're currently using Windows built in smtp server which can't keep up with the load at all, so I'm configuring a Ubuntu server to run Postfix to take over this job. Are the default options for Postfix able to handle this volume? Do I need performance tuning? The server is a dual processor, dual core Opteron with 16GB ram and a 60GB OCZ Vertex 2 SSD disk. Ideally I would like the two types of mail to be handled differently. The bulk mail is much less important than the notifications. I imagine my code could use two separate IP addresses to send mail - one for bulk mail and one for notifications. The expiry times for the bulk mail can be set relatively short so the queue doesn't get too big. I imagine normal settings for the notifications. The important thing is that both queues must be relayed out onto the internet from the same IP address. Our current mail server IP has good reputation and it's on all the relevant white-lists. Having to set this all up again is not something I want to do. Is there a good step-by-step guide to setting up Postfix in this sort of configuration? Thanks in advance for any help!!! -- David Brophy d...@dontstayin.com
RE: OT aol.com no mx record ???
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix- us...@postfix.org] On Behalf Of Kammen van, Marco, Springer SBM NL Sent: Tuesday, December 21, 2010 11:08 AM To: Robert Schetterer; postfix users list Subject: RE: OT aol.com no mx record ??? -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Robert Schetterer Sent: Tuesday, December 21, 2010 11:04 AM To: postfix users list Subject: OT aol.com no mx record ??? Hi , sorry off topic i see disapearing mx record from aol.com anyone else ? Yes same here in NL: set type=mx aol.com *** Can't find aol.com: No answer I did get the message from someone at AOL that it was solved.
Re: OT aol.com no mx record ???
Am 21.12.2010 12:04, schrieb Mark Scholten: -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix- us...@postfix.org] On Behalf Of Kammen van, Marco, Springer SBM NL Sent: Tuesday, December 21, 2010 11:08 AM To: Robert Schetterer; postfix users list Subject: RE: OT aol.com no mx record ??? -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Robert Schetterer Sent: Tuesday, December 21, 2010 11:04 AM To: postfix users list Subject: OT aol.com no mx record ??? Hi , sorry off topic i see disapearing mx record from aol.com anyone else ? Yes same here in NL: set type=mx aol.com *** Can't find aol.com: No answer I did get the message from someone at AOL that it was solved. i now see dig -t mx aol.com ; DiG 9.7.0-P1 -t mx aol.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 23655 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 15 ;; QUESTION SECTION: ;aol.com. IN MX ;; ANSWER SECTION: aol.com.529 IN MX 0 mailin-02.mx.aol.com. aol.com.529 IN MX 0 mailin-03.mx.aol.com. aol.com.529 IN MX 0 mailin-04.mx.aol.com. aol.com.529 IN MX 0 mailin-01.mx.aol.com. ;; AUTHORITY SECTION: aol.com.529 IN NS dns-06.ns.aol.com. aol.com.529 IN NS dns-01.ns.aol.com. aol.com.529 IN NS dns-07.ns.aol.com. aol.com.529 IN NS dns-02.ns.aol.com. this is enough for my postfixes to deliver out, so problem seems to be solved for this case thread can be closed i think -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: How not to reject invalid recipient domains (here: aol.com)
Zitat von Wolfgang Zeikat wolfgang.zei...@desy.de: Hi, apparently, aol.com is currently not resolved via DNS (at least in Germany). How can I have postfix queue mails to AOL and retry delivery in that case instead of bouncing the mails? As band-aid: soft_bounce=yes Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
getting 'No recipient addresses found in message header'
Hi all, Since yesterday I am suddenly seeing quite a few lines like: Dec 21 10:32:24 yips postfix/sendmail[3086]: fatal: www-data(33): No recipient addresses found in message header in my log. Is there any way I can determine which page/cron/something is causing this? How can I see the complete header/message that is being attempted to be send here? Greetings, Evert
Using unverified_recipient_reject_reason
Dear List, Running Postfix 2.8-20101217, with amavisd-new, clamav, spamassassin I'm trying to change the default error messages: host mx.server.com[1.0.0.0] said: 550 5.1.1 b...@email.com: Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command) host mx.server.com[1.0.0.0] said: 550 5.1.1 b...@email2.com: Recipient address rejected: User unknown in virtual alias table (in reply to RCPT TO command) To something a normal user would understand like: b...@email.com: Recipient address rejected: E-mail Address Unknown Tried to accomplish this by adding this to main.cf: smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_unknown_recipient_domain reject_unverified_recipient unverified_recipient_reject_reason = E-mail Address Unknown But I guess I'm doing something wrong cause Postfix sais: Dec 21 13:33:20 server postfix/smtpd[27862]: warning: unknown smtpd restriction: unverified_recipient_reject_reason If there are better/other ways to accomplish the same please let me know, I'm still learning! Thanks! postconf -n alias_database = hash:/usr/local/postfix/etc/aliases alias_maps = hash:/usr/local/postfix/etc/aliases bounce_queue_lifetime = 7d command_directory = /usr/local/postfix/sbin config_directory = /usr/local/postfix/etc content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/local/postfix/libexec data_directory = /var/lib/postfix debug_peer_level = 2 home_mailbox = Maildir/ hopcount_limit = 50 html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/spool/mail mailq_path = /usr/local/postfix/bin/mailq manpage_directory = /usr/local/man maximal_backoff_time = 2h maximal_queue_lifetime = 7d message_size_limit = 13981013 minimal_backoff_time = 30m mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = email.com myhostname = mx.server.com mynetworks = cidr:/usr/local/postfix/etc/mynetworks myorigin = $mydomain newaliases_path = /usr/local/postfix/bin/newaliases queue_directory = /usr/local/postfix/spool queue_run_delay = 300s readme_directory = no sample_directory = /usr/local/postfix/etc sendmail_path = /usr/local/postfix/sbin/sendmail setgid_group = postdrop smtpd_client_restrictions = check_client_access cidr:/usr/local/postfix/etc/access_internal_allow.cidr cidr:/usr/local/postfix/etc/access_external_allow.cidr smtpd_delay_reject = no smtpd_helo_required = yes smtpd_recipient_limit = 100 smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destinationreject_unknown_recipient_domain reject_unverified_recipientunverified_recipient_reject_reason = Email Address Unknown soft_bounce = no unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/usr/local/postfix/etc/virtual - Marco van Kammen Springer Science+Business Media System Manager Postmaster - van Godewijckstraat 30 | 3311 GX Office Number: 05E21 Dordrecht | The Netherlands - tel +31(78)6576446 fax +31(78)6576302 - www.springeronline.com http://www.springeronline.com www.springer.com http://www.springer.com/ - Please note that as of 27th of December, i will no longer be working at Springer.
Re: getting 'No recipient addresses found in message header'
Zitat von ev...@meulie.net: Hi all, Since yesterday I am suddenly seeing quite a few lines like: Dec 21 10:32:24 yips postfix/sendmail[3086]: fatal: www-data(33): No recipient addresses found in message header in my log. Is there any way I can determine which page/cron/something is causing this? How can I see the complete header/message that is being attempted to be send here? It looks like your webserver (account www-data) is trying to push rubbish through the sendmail binary. Have a look which script the spammers try to abuse before they succeed. Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: Using unverified_recipient_reject_reason
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destinationreject_unknown_recipient_domain reject_unverified_recipientunverified_recipient_reject_reason = Email Address Unknown As documented, the above is not valid main.cf syntax. Perhaps you were looking for: show_user_unknown_table_name (default: yes) Display the name of the recipient table in the User unknown responses. The extra detail makes trouble shooting easier but also reveals information that is nobody elses business. This feature is available in Postfix 2.0 and later. Wietyse
Re: getting 'No recipient addresses found in message header'
Zitat von ev...@meulie.net: Hi all, Since yesterday I am suddenly seeing quite a few lines like: Dec 21 10:32:24 yips postfix/sendmail[3086]: fatal: www-data(33): No recipient addresses found in message header in my log. Is there any way I can determine which page/cron/something is causing this? How can I see the complete header/message that is being attempted to be send here? It looks like your webserver (account www-data) is trying to push rubbish through the sendmail binary. Have a look which script the spammers try to abuse before they succeed. Regards Andreas Yup, that much I had concluded myself already ;-) Is there any way to see what rubbish is being pushed into sendmail? That makes it easier to determine which script is the culprit... Regards, Evert
RE: Using unverified_recipient_reject_reason
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Tuesday, December 21, 2010 2:15 PM To: Postfix users Subject: Re: Using unverified_recipient_reject_reason smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destinationreject_unknown_recipient_domain reject_unverified_recipientunverified_recipient_reject_reason = Email Address Unknown As documented, the above is not valid main.cf syntax. Perhaps you were looking for: show_user_unknown_table_name (default: yes) Display the name of the recipient table in the User unknown responses. The extra detail makes trouble shooting easier but also reveals information that is nobody elses business. This feature is available in Postfix 2.0 and later. Wietyse Exactly what I was looking for Thanks Wietse!
Re: getting 'No recipient addresses found in message header'
Zitat von ev...@meulie.net: Zitat von ev...@meulie.net: Hi all, Since yesterday I am suddenly seeing quite a few lines like: Dec 21 10:32:24 yips postfix/sendmail[3086]: fatal: www-data(33): No recipient addresses found in message header in my log. Is there any way I can determine which page/cron/something is causing this? How can I see the complete header/message that is being attempted to be send here? It looks like your webserver (account www-data) is trying to push rubbish through the sendmail binary. Have a look which script the spammers try to abuse before they succeed. Regards Andreas Yup, that much I had concluded myself already ;-) Is there any way to see what rubbish is being pushed into sendmail? That makes it easier to determine which script is the culprit... Not that i'm aware of because it was rejected, eg. no queue-file was generated. You may be able to sniff the content by using a wrapper script for the sendmail binary. Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: Configuration help
On 12/21/10 11:31 AM, David Brophy wrote: Hi, I'd like to set Postfix up as a high performance MTA for sending high volumes of mail. Our website (dontstayin.com http://dontstayin.com) sends about 100,000 mails per day (message notifications etc.) We also send about 1-2 million bulk mails per day, in the form of newsletters and e-flyers (it's all opt-in, targetted and instantly unsubscribable) We're currently using Windows built in smtp server which can't keep up with the load at all, so I'm configuring a Ubuntu server to run Postfix to take over this job. Are the default options for Postfix able to handle this volume? Do I need performance tuning? The server is a dual processor, dual core Opteron with 16GB ram and a 60GB OCZ Vertex 2 SSD disk. A single disk drive will not suffice for large volumes. Consider using at least 4 drives in RAID-10, more if you need more throughput. Postfix itself is rarely, if ever, the bottleneck - but you need to keep in mind that certain core processes are of necessity single-threaded, and hence will only be able to utilize one CPU core. The most prominent would be the queue manager: qmgr(8). This means ALL messages will pass at least once through a process that is bound to a single core. The only way to change this fundamental fact is to run multiple instances of postfix, which would be a good option in your situation. Ideally I would like the two types of mail to be handled differently. The bulk mail is much less important than the notifications. I imagine my code could use two separate IP addresses to send mail - one for bulk mail and one for notifications. The expiry times for the bulk mail can be set relatively short so the queue doesn't get too big. I imagine normal settings for the notifications. Mail doesn't have an expiry time. You may be talking about the queue lifetime of a message, but messages are sent out as soon as possible - only when messages fail to be delivered the first time does queueing come into play at all, and you normally want to avoid queueing whenever possible, because A. it introduces delays in delivery, and B. as already indicated, messages pass through the single-threaded qmgr once again. The important thing is that both queues must be relayed out onto the internet from the same IP address. Our current mail server IP has good reputation and it's on all the relevant white-lists. Having to set this all up again is not something I want to do. Multiple postfix instances can SEND mail from the same IP without any problems, of course. Is there a good step-by-step guide to setting up Postfix in this sort of configuration? The documentation is quite complete: http://www.postfix.org/OVERVIEW.html http://www.postfix.org/MULTI_INSTANCE_README.html http://www.postfix.org/TUNING_README.html Thanks in advance for any help!!! -- David Brophy d...@dontstayin.com mailto:d...@dontstayin.com -- J.
Re: getting 'No recipient addresses found in message header'
On 12/21/10 1:42 PM, ev...@meulie.net wrote: Hi all, Since yesterday I am suddenly seeing quite a few lines like: Dec 21 10:32:24 yips postfix/sendmail[3086]: fatal: www-data(33): No recipient addresses found in message header in my log. Is there any way I can determine which page/cron/something is causing this? The user sending mail is www-data. That means it is generated by apache. Do you want apache scripts to be able to send mail ? If not, look into the authorized_submit_users setting. -- J.
Re: Configuration help
Zitat von David Brophy d...@dontstayin.com: Hi, I'd like to set Postfix up as a high performance MTA for sending high volumes of mail. Our website (dontstayin.com) sends about 100,000 mails per day (message notifications etc.) We also send about 1-2 million bulk mails per day, in the form of newsletters and e-flyers (it's all opt-in, targetted and instantly unsubscribable) We're currently using Windows built in smtp server which can't keep up with the load at all, so I'm configuring a Ubuntu server to run Postfix to take over this job. Are the default options for Postfix able to handle this volume? Do I need performance tuning? The server is a dual processor, dual core Opteron with 16GB ram and a 60GB OCZ Vertex 2 SSD disk. Ideally I would like the two types of mail to be handled differently. The bulk mail is much less important than the notifications. I imagine my code could use two separate IP addresses to send mail - one for bulk mail and one for notifications. The expiry times for the bulk mail can be set relatively short so the queue doesn't get too big. I imagine normal settings for the notifications. The important thing is that both queues must be relayed out onto the internet from the same IP address. Our current mail server IP has good reputation and it's on all the relevant white-lists. Having to set this all up again is not something I want to do. Is there a good step-by-step guide to setting up Postfix in this sort of configuration? You may want to use two instances on the same host http://www.postfix.org/MULTI_INSTANCE_README.html For Performance read http://www.postfix.org/TUNING_README.html http://www.postfix.org/QSHAPE_README.html Other Topics you should keep in mind: - Local caching resolver for fast DNS (PDNS,Unbound etc.) - If sending to the big freemail Provider get on their whitelist - Keep you lists as clean as possible - Use a *sending* address perfectly reachable for SAV, bounces etc. - Be sure that your *sending* domain name is resolvable fast, and maybe with higher TTL to stay in the remote DNS caches Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: getting 'No recipient addresses found in message header'
On 12/21/10 1:42 PM, ev...@meulie.net wrote: Hi all, Since yesterday I am suddenly seeing quite a few lines like: Dec 21 10:32:24 yips postfix/sendmail[3086]: fatal: www-data(33): No recipient addresses found in message header in my log. Is there any way I can determine which page/cron/something is causing this? The user sending mail is www-data. That means it is generated by apache. Do you want apache scripts to be able to send mail ? If not, look into the authorized_submit_users setting. Well... It depends on _what_ www-data is trying to send, and to who... If it's trying to inform me of errors, I would like it to send them, yes... ;-) The error message suggests postfix is receiving a message header (albeit without a recipient). How can I see the remainder of that message header? Regards, Evert
Re: getting 'No recipient addresses found in message header'
On 12/21/10 2:43 PM, ev...@meulie.net wrote: On 12/21/10 1:42 PM, ev...@meulie.net wrote: Hi all, Since yesterday I am suddenly seeing quite a few lines like: Dec 21 10:32:24 yips postfix/sendmail[3086]: fatal: www-data(33): No recipient addresses found in message header in my log. Is there any way I can determine which page/cron/something is causing this? The user sending mail is www-data. That means it is generated by apache. Do you want apache scripts to be able to send mail ? If not, look into the authorized_submit_users setting. Well... It depends on _what_ www-data is trying to send, and to who... If it's trying to inform me of errors, I would like it to send them, yes... ;-) The error message suggests postfix is receiving a message header (albeit without a recipient). How can I see the remainder of that message header? The behaviour of the sendmail(1) binary is to take the recipient from the message's To: header if no envelope recipient is given. If both are missing, this fatal error is the result, and sendmail gives up. Fix the process sending these mails to provide a valid envelope recipient address. (postfix will copy the envelope recipient to the headers when it processes the mail). Regards, Evert -- J.
Re: getting 'No recipient addresses found in message header'
On 12/21/10 2:43 PM, ev...@meulie.net wrote: On 12/21/10 1:42 PM, ev...@meulie.net wrote: Hi all, Since yesterday I am suddenly seeing quite a few lines like: Dec 21 10:32:24 yips postfix/sendmail[3086]: fatal: www-data(33): No recipient addresses found in message header in my log. Is there any way I can determine which page/cron/something is causing this? The user sending mail is www-data. That means it is generated by apache. Do you want apache scripts to be able to send mail ? If not, look into the authorized_submit_users setting. Well... It depends on _what_ www-data is trying to send, and to who... If it's trying to inform me of errors, I would like it to send them, yes... ;-) The error message suggests postfix is receiving a message header (albeit without a recipient). How can I see the remainder of that message header? The behaviour of the sendmail(1) binary is to take the recipient from the message's To: header if no envelope recipient is given. If both are missing, this fatal error is the result, and sendmail gives up. Fix the process sending these mails to provide a valid envelope recipient address. (postfix will copy the envelope recipient to the headers when it processes the mail). Fixing the process is what I want to do, but it would help if I knew which process it was... ;-) Many sites running here, so hard to check which one has gone hay-wire in the last 24 hours... Hmm, perhaps I should look into a wrapper script, as suggested... Regards, Evert
mycingular listed on xbl
It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and PBL ) for 8 days. I have reject at the smtpd level if found. So my users are complaining and I am stuck on the phone with ATT to get them to fix this. Any suggestions ( other than disable the checks ) to work around this? Thanks, Randy Ramsdell
Postfix and external content filter
Hello, I have a postfix server accepting emails on port 25 from the Internet, and delivering to cyrus. There is another sever running Mail Marshall on Windows, that is used as the content filter. I have configured postfix master.cf as follows: smtp inet n - n -- smtpd -o content_filter=mm:[172.16.0.9]:25 -o receive_override_options=no_address_mappings mm unix- - - - 10 smtp -o smtp_send_xforward_command=yes -o disable_mime_output_conversion=yes -o disable_dns_lookups=yes -o smtp_generic_maps= 0.0.0.0:10027 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8,172.16.0.0/16 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks Mail marshall is configured to send emails to port 10027. This works OK. However, if Mail Marshall detects SPAM, rather than modify the header and send it on, it responds directly with a 550 error code. Unfortunately, postfix then notifies the email originator that the message has bounced, generating backscatter. Is there anyway I can configure postfix to drop / discard these messages rather than notify the originator? Many thanks, Stuart. -- Stuart Bailey BSc (hons) CEng CITP MBCS LinuSoft (Managing Director) Linux Specialist Software Developer ~~~ Phone: (0845) 658 3563 Direct: +44 (0)1953 878162 Fax:+44 (0) 1603 858583 ~~~ http://www.linusoft.co.uk http://www.bluetoothadvertising.org.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: mycingular listed on xbl
On Tue, Dec 21, 2010 at 12:37:24PM -0500, Randy Ramsdell wrote: It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and PBL ) for 8 days. I have reject at the smtpd level if found. So my users are complaining and I am stuck on the phone with ATT to get them to fix this. Which listing? Please post the SpamHaus listing URL... -- Viktor.
Re: mycingular listed on xbl
On 12/21/2010 11:37 AM, Randy Ramsdell wrote: It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and PBL ) for 8 days. Yes, they should be listed. I have reject at the smtpd level if found. Yes, you should reject listed IPs **if they don't authenticate**. So my users are complaining and I am stuck on the phone with ATT to get them to fix this. Nothing for ATT to fix, stop bothering them. Any suggestions ( other than disable the checks ) to work around this? Allow authenticated connections. Put permit_sasl_authenticated, permit_mynetworks before any reject_rbl_*. -- Noel Jones
Re: How not to reject invalid recipient domains (here: aol.com)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 21.12.2010 10:01, Wolfgang Zeikat a écrit : Hi, apparently, aol.com is currently not resolved via DNS (at least in Germany). How can I have postfix queue mails to AOL and retry delivery in that case instead of bouncing the mails? Regards, wolfgang basic security and well in my opinion the reason for the problem that - -- http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iD8DBQFNEOmbtXI/OwkhZKcRAh19AJ9uG9Bc+iooVtvSo1NLZCWUL14JiQCdE2bQ 5JBa6KsczCNf7P8MEBLeYJk= =ZGso -END PGP SIGNATURE-
Re: mycingular listed on xbl
Randy Ramsdell put forth on 12/21/2010 11:37 AM: It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and PBL ) for 8 days. I have reject at the smtpd level if found. So my users are complaining and I am stuck on the phone with ATT to get them to fix this. Any suggestions ( other than disable the checks ) to work around this? Have them relay via TCP 587 to your submission smtpd using SASL, with permit_sasl_authenticated toward the top of smtpd_recipient_restrictions. (Assuming you use the everything under smtpd_recipient_restrictions style of main.cf) As long as permit_sasl_authenticated is before reject_rbl_client zen.spamhaus.org in your restrictions list you shouldn't have any problems. -- Stan
Re: Postfix and external content filter
On 12/21/2010 11:46 AM, Stuart Bailey wrote: Hello, I have a postfix server accepting emails on port 25 from the Internet, and delivering to cyrus. There is another sever running Mail Marshall on Windows, that is used as the content filter. I have configured postfix master.cf as follows: smtp inet n - n - - smtpd -o content_filter=mm:[172.16.0.9]:25 -o receive_override_options=no_address_mappings mm unix - - - - 10 smtp -o smtp_send_xforward_command=yes -o disable_mime_output_conversion=yes -o disable_dns_lookups=yes -o smtp_generic_maps= 0.0.0.0:10027 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8,172.16.0.0/16 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks Mail marshall is configured to send emails to port 10027. This works OK. However, if Mail Marshall detects SPAM, rather than modify the header and send it on, it responds directly with a 550 error code. Unfortunately, postfix then notifies the email originator that the message has bounced, generating backscatter. Is there anyway I can configure postfix to drop / discard these messages rather than notify the originator? If you can't configure mail marshall to tag+deliver or quarantine, then it's unsuitable for use as a postfix content_filter. You may be able to use mail marshall as a postfix smtpd_proxy_filter, but that has performance implications you will need to investigate. http://www.postfix.org/SMTPD_PROXY_README.html -- Noel Jones
Re: mycingular listed on xbl
Noel Jones wrote: On 12/21/2010 11:37 AM, Randy Ramsdell wrote: It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and PBL ) for 8 days. Yes, they should be listed. Why should they? They have mail servers too. I just don't get this. I have reject at the smtpd level if found. Yes, you should reject listed IPs **if they don't authenticate**. That is for PBL correct? I don't reject for PBL. So my users are complaining and I am stuck on the phone with ATT to get them to fix this. Nothing for ATT to fix, stop bothering them. And I don't get this either. They should always police their servers and what is going on. btw, I did not want to, but I don't make up my daily tasks. Any suggestions ( other than disable the checks ) to work around this? Allow authenticated connections. Put permit_sasl_authenticated, permit_mynetworks before any reject_rbl_*. -- Noel Jones Actually I re-thunk this and did the obvious. No work around needed. but thanks.
Re: Postfix and external content filter
On Tue, Dec 21, 2010 at 05:46:06PM +, Stuart Bailey wrote: Mail marshall is configured to send emails to port 10027. This works OK. However, if Mail Marshall detects SPAM, rather than modify the header and send it on, it responds directly with a 550 error code. Unfortunately, postfix then notifies the email originator that the message has bounced, generating backscatter. You probably already know there are other vendors out there... In any case, if the 550 ... response for spam is sufficient distinctive, you could map it (and it alone) to a 250 response: http://www.postfix.org/postconf.5.html#smtp_reply_filter A mechanism to transform replies from remote SMTP servers one line at a time. This is a last-resort tool to work around server replies that break inter-operability with the Postfix SMTP client. Other uses involve fault injection to test Postfix's handling of invalid responses. ... This feature is available in Postfix 2.7. The effect would be to discard the mail, if that is acceptable. Generally, content filters should quarantine, not discard suspected spam. -- Viktor.
Re: mycingular listed on xbl
On Tue, Dec 21, 2010 at 01:01:25PM -0500, Randy Ramsdell wrote: Yes, they should be listed. Why should they? They have mail servers too. I just don't get this. The individual phones sending directly to your MX host should be black-listed. The ISP's outbound SMTP servers should not. Which traffic are you rejecting? -- Viktor.
RE: mycingular listed on xbl
It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and PBL ) for 8 days. Yes, they should be listed. Why should they? They have mail servers too. I just don't get this. Randy, Right now my be the time to rethink your question, as you stated your customers, their iPhone$, email blocked. What are you really saying. Are you saying your customers can't receive messages from people with iPhone$ or your customers who have iPhone$ can't send email. There is a world if difference in interpreting what you said and what you might be asking. If your customers can't send then everyone is right because they should be sending from you. In reality, they should be sending through whatever MTA their email is on, which at that point should be the origination point. Please clarify your question.
Re: mycingular listed on xbl
Victor Duchovni wrote: On Tue, Dec 21, 2010 at 12:37:24PM -0500, Randy Ramsdell wrote: It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and PBL ) for 8 days. I have reject at the smtpd level if found. So my users are complaining and I am stuck on the phone with ATT to get them to fix this. Which listing? Please post the SpamHaus listing URL... XBL/PBL http://www.spamhaus.org/query/bl?ip=166.137.11.72 Checked against 70,71,73,74 --- PBL In any case. The problem is resolved by making sure they use the correct mail server ( ours and set to default when sending )
Re: mycingular listed on xbl
Victor Duchovni wrote: On Tue, Dec 21, 2010 at 01:01:25PM -0500, Randy Ramsdell wrote: Yes, they should be listed. Why should they? They have mail servers too. I just don't get this. The individual phones sending directly to your MX host should be black-listed. The ISP's outbound SMTP servers should not. Which traffic are you rejecting? Actually I did not think of this and now I see I overlooked the possibility that the phone itself can do a direct connection to our mail server which SHOULD be blocked. I simply was thinking their mail server was listed and it appears I flew off halve cocked.
Re: mycingular listed on xbl
On Tue, Dec 21, 2010 at 01:07:03PM -0500, Randy Ramsdell wrote: Victor Duchovni wrote: On Tue, Dec 21, 2010 at 12:37:24PM -0500, Randy Ramsdell wrote: It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and PBL ) for 8 days. I have reject at the smtpd level if found. So my users are complaining and I am stuck on the phone with ATT to get them to fix this. Which listing? Please post the SpamHaus listing URL... XBL/PBL http://www.spamhaus.org/query/bl?ip=166.137.11.72 Well, it should be listed in PBL, it is the IP address of an individual phone. It is also listed in CBL, because 8 days ago that IP was sending out malware. http://cbl.abuseat.org/lookup.cgi?ip=166.137.11.72 ... It was last detected at 2010-12-12 23:00 GMT (+/- 30 minutes), approximately 8 days, 18 hours, 59 minutes ago. -- Viktor.
Sender Reputation
Does anyone know of a server/software compatible with postfix that performs sender reputation query? Thanks in advance
Re: mycingular listed on xbl
* Randy Ramsdell rramsd...@activedg.com: It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and PBL ) for 8 days. I have reject at the smtpd level if found. So my users are complaining and I am stuck on the phone with ATT to get them to fix this. What are your users trying to do? Send mail via your server? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Sender Reputation
Roman Gelfand put forth on 12/21/2010 12:29 PM: Does anyone know of a server/software compatible with postfix that performs sender reputation query? You need to be much more specific WRT sender reputation Roman. What _precisely_ are you asking us to answer? -- Stan
RE: Sender Reputation
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Roman Gelfand Sent: Tuesday, December 21, 2010 10:29 AM To: postfix users list Subject: Sender Reputation Does anyone know of a server/software compatible with postfix that performs sender reputation query? That's a fairly general question. Reputation could refer to RBLs, whitelists, dedicated open reputation systems (e.g., http://www.dkim-reputation.org), VBR, something commercial and proprietary, etc. OpenDKIM can do two of those natively now and will have RBL querying in its next release. It also has hooks to add queries to other systems you might want to try. More help is available from the mailing lists over there (http://www.opendkim.org). -MSK
Re: OT aol.com no mx record ???
Le 21/12/2010 11:31, Robert Schetterer a écrit : [snip] funny now with 0 [snip] ;; ANSWER SECTION: aol.com.3600IN MX 0 mailin-04.mx.aol.com. aol.com.3600IN MX 0 mailin-01.mx.aol.com. aol.com.3600IN MX 0 mailin-02.mx.aol.com. aol.com.3600IN MX 0 mailin-03.mx.aol.com. from here at this time, priority is 15: $ host -t mx aol.com aol.com mail is handled by 15 mailin-02.mx.aol.com. aol.com mail is handled by 15 mailin-03.mx.aol.com. aol.com mail is handled by 15 mailin-04.mx.aol.com. aol.com mail is handled by 15 mailin-01.mx.aol.com. but that's irrelevant. what matters is order if there are different priorities. [snip]
Re: Sender Reputation
Le 21/12/2010 19:44, Stan Hoeppner a écrit : Roman Gelfand put forth on 12/21/2010 12:29 PM: Does anyone know of a server/software compatible with postfix that performs sender reputation query? You need to be much more specific WRT sender reputation Roman. What _precisely_ are you asking us to answer? yeah. - sender is ambiguous. do you mean the client IP (or the client domain) or do you mean the envelope sender address (j...@example.com, *...@example.org)? - reputation is ambiguous. examples: never sent spam, should not send email, large mail origin, residential ISP, in the US, usually signs with DKIM, has a strict SPF record, uses MS Exchange, ... etc. postfix can check DNSBL (reject_rbl_client, ... etc). spamassassin can check that and other stuff such as URIBL, SPF, DKIM, ... etc.
Temporarily disable mail acceptance
Hi, To do some maintenance work, I need to temporarily disable mail acceptance in my postfix MX. I'm curious what is the best way to do this. The 2 (obvious) options I came up with: 1) stop listening on tcp/25, f.i. by firewall adjustment 2) adding some access check in smtpd_mumble_restrictions that returns DEFER for all transactions that would otherwise be accepted. There is no backup/fallback/secondary MX that comes into play when I start fumbling with this one. Is any of the above methods preferable? -- Regards, Tom signature.asc Description: OpenPGP digital signature
Re: Temporarily disable mail acceptance
Tom Hendrikx: Hi, To do some maintenance work, I need to temporarily disable mail acceptance in my postfix MX. I'm curious what is the best way to do this. The 2 (obvious) options I came up with: 1) stop listening on tcp/25, f.i. by firewall adjustment That means clients get a slow timeout, unless you configure a rule that sends a RESET to the client. 2) adding some access check in smtpd_mumble_restrictions that returns DEFER for all transactions that would otherwise be accepted. That's certainly nicer than having clients time out. Another option: 3) leave the port open on the firewall and disable the TCP service in master.cf. That gives the clients a quick RESET. Wietse There is no backup/fallback/secondary MX that comes into play when I start fumbling with this one. Is any of the above methods preferable? -- Regards, Tom -- End of PGP section, PGP failed!
Re: Configuration help
Le 21/12/2010 11:31, David Brophy a écrit : Hi, I'd like to set Postfix up as a high performance MTA for sending high volumes of mail. Our website (dontstayin.com http://dontstayin.com) sends about 100,000 mails per day (message notifications etc.) We also send about 1-2 million bulk mails per day, in the form of newsletters and e-flyers (it's all opt-in, targetted and instantly unsubscribable) We're currently using Windows built in smtp server which can't keep up with the load at all, so I'm configuring a Ubuntu server to run Postfix to take over this job. Are the default options for Postfix able to handle this volume? Do I need performance tuning? The server is a dual processor, dual core Opteron with 16GB ram and a 60GB OCZ Vertex 2 SSD disk. when you say 2 millions a day, I guess you don't care about delay? that is, it doesn't matter if a message is sent later in the same day, right? If so, 2 millions a day means less than 25 messages a second. so the bottleneck won't be processing. and assuming you have enough network bandwidth (if every message is 100 Ko, then you need about 20 Mbps), that shouldn't be network IO either. your bottleneck is most certainly disk IO. I assume messages are personalized (every recipient gets a different mail), that is, your postfix will need to queue 2 million files a day. Ideally I would like the two types of mail to be handled differently. try using different postfix instances (run postfix twice, each with its own config, queue, ... etc). The bulk mail is much less important than the notifications. I imagine my code could use two separate IP addresses to send mail - one for bulk mail and one for notifications. The expiry times for the bulk mail can be set relatively short so the queue doesn't get too big. I imagine normal settings for the notifications. The important thing is that both queues must be relayed out onto the internet from the same IP address. Our current mail server IP has good reputation and it's on all the relevant white-lists. Having to set this all up again is not something I want to do. it's still a good idea to use 2 different IPs (if at your side you find the need to have different treatment of bulk vs notification mail, be certain that recipients would like to be able to do the same. and if you help them, they'll find it nice...). so my advice is: start getting a good reputation for the new IP now and you won't regret it. Is there a good step-by-step guide to setting up Postfix in this sort of configuration? Thanks in advance for any help!!! -- David Brophy d...@dontstayin.com mailto:d...@dontstayin.com
Re: Temporarily disable mail acceptance
On 12/21/2010 4:35 PM, Tom Hendrikx wrote: Hi, To do some maintenance work, I need to temporarily disable mail acceptance in my postfix MX. I'm curious what is the best way to do this. The 2 (obvious) options I came up with: 1) stop listening on tcp/25, f.i. by firewall adjustment 2) adding some access check in smtpd_mumble_restrictions that returns DEFER for all transactions that would otherwise be accepted. There is no backup/fallback/secondary MX that comes into play when I start fumbling with this one. Is any of the above methods preferable? You could use soft_bounce See: http://www.postfix.org/postconf.5.html#soft_bounce for explanation. I've used this in the past, not sure if its the best practice, when I've had to move MX hosts under emergency circumstances. -Matt
Trying to debug mesage relay
Hello, I'm having an issue with email just disappearing. I have been looking at the documentation and logs. I have made the logs more verbose. http://www.postfix.org/DEBUG_README.html#verbose I can see the messages being accepted, but then nothing. Can anybody tell me where to look for logs or documentation on the next stages of the process. I have done manual pop\smtp transactions over telnet before and have no problem doing the equivilent, but I need some documentation. Thanks, Ray
Re: Trying to debug mesage relay
Ray: Hello, I'm having an issue with email just disappearing. I have been looking at the documentation and logs. I have made the logs more verbose. http://www.postfix.org/DEBUG_README.html#verbose Please, don't open the gates of hell unless asked to do so. I can see the messages being accepted, but then nothing. Accepted by Postfix? Why do you believe that the mail is accepted? Accepted by the remote server? Why do you believe that the mail is accepted? if the mail is accepted, then it is the responsibility of the remote server. Wietse Can anybody tell me where to look for logs or documentation on the next stages of the process. I have done manual pop\smtp transactions over telnet before and have no problem doing the equivilent, but I need some documentation. Thanks, Ray
Re: Trying to debug mesage relay
On Tue, Dec 21, 2010 at 02:51:31PM -0700, Ray wrote: Hello, I'm having an issue with email just disappearing. I have been looking at the documentation and logs. I have made the logs more verbose. http://www.postfix.org/DEBUG_README.html#verbose Don't, this just drowns the problem in noise. I can see the messages being accepted, but then nothing. What leads you to the conclusion that mail is actually entering the queue? If your logging is not misconfigured due to chroot-jail issues, you need to look in incoming or hold if mail is not making it into active or deferred. http://www.postfix.org/QSHAPE_README.html http://www.postfix.org/OVERVIEW.html Can anybody tell me where to look for logs or documentation on the next stages Postfix logs routine traffic via syslog: mail.info Postfix logs problems via syslog: mail.warning, mail.err, mail.crit Any logs are in your log files, provided you don't have a broken chroot jail setup in which there is no log socket. -- Viktor.
Re: Sender Reputation
Actually, I am using dspam for content filter. I was looking to add sender reputation query results to message header. As it turns out opendkim did the trick. Thanks On Tue, Dec 21, 2010 at 4:18 PM, mouss mo...@ml.netoyen.net wrote: Le 21/12/2010 19:44, Stan Hoeppner a écrit : Roman Gelfand put forth on 12/21/2010 12:29 PM: Does anyone know of a server/software compatible with postfix that performs sender reputation query? You need to be much more specific WRT sender reputation Roman. What _precisely_ are you asking us to answer? yeah. - sender is ambiguous. do you mean the client IP (or the client domain) or do you mean the envelope sender address (j...@example.com, *...@example.org)? - reputation is ambiguous. examples: never sent spam, should not send email, large mail origin, residential ISP, in the US, usually signs with DKIM, has a strict SPF record, uses MS Exchange, ... etc. postfix can check DNSBL (reject_rbl_client, ... etc). spamassassin can check that and other stuff such as URIBL, SPF, DKIM, ... etc.
Re: Sender Reputation
On Tue, Dec 21, 2010 at 05:11:12PM -0500, Roman Gelfand wrote: Actually, I am using dspam for content filter. I was looking to add sender reputation query results to message header. As it turns out opendkim did the trick. Did you mean reputation or authentication? If the former, which reputation service is consulted in your OpenDKIM implementation? -- Viktor.
Re: OT aol.com no mx record ???
Am 21.12.2010 22:08, schrieb mouss: Le 21/12/2010 11:31, Robert Schetterer a écrit : [snip] funny now with 0 [snip] ;; ANSWER SECTION: aol.com.3600IN MX 0 mailin-04.mx.aol.com. aol.com.3600IN MX 0 mailin-01.mx.aol.com. aol.com.3600IN MX 0 mailin-02.mx.aol.com. aol.com.3600IN MX 0 mailin-03.mx.aol.com. from here at this time, priority is 15: $ host -t mx aol.com aol.com mail is handled by 15 mailin-02.mx.aol.com. aol.com mail is handled by 15 mailin-03.mx.aol.com. aol.com mail is handled by 15 mailin-04.mx.aol.com. aol.com mail is handled by 15 mailin-01.mx.aol.com. but that's irrelevant. what matters is order if there are different priorities. [snip] yes it changed again, so there should be no problem anymore -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: Sender Reputation
Am 21.12.2010 23:11, schrieb Roman Gelfand: Actually, I am using dspam for content filter. I was looking to add sender reputation query results to message header. As it turns out opendkim did the trick. Thanks On Tue, Dec 21, 2010 at 4:18 PM, mouss mo...@ml.netoyen.net wrote: Le 21/12/2010 19:44, Stan Hoeppner a écrit : Roman Gelfand put forth on 12/21/2010 12:29 PM: Does anyone know of a server/software compatible with postfix that performs sender reputation query? You need to be much more specific WRT sender reputation Roman. What _precisely_ are you asking us to answer? yeah. - sender is ambiguous. do you mean the client IP (or the client domain) or do you mean the envelope sender address (j...@example.com, *...@example.org)? - reputation is ambiguous. examples: never sent spam, should not send email, large mail origin, residential ISP, in the US, usually signs with DKIM, has a strict SPF record, uses MS Exchange, ... etc. postfix can check DNSBL (reject_rbl_client, ... etc). spamassassin can check that and other stuff such as URIBL, SPF, DKIM, ... etc. you may use http://www.dkim-reputation.org/ too -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: OT aol.com no mx record ???
* Robert Schetterer rob...@schetterer.org: [snip] yes it changed again, so there should be no problem anymore Frankly I didn't see a problem before. Less idiots on the internet, where's the problem? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
