smtp_connection_cache_destinations in master.cf

[David Touzeau]

Dear

Is it possible to smtp_connection_cache_destinations in master.cf per
smtp instance with -o option ?

example :

smtp2   unix-   -   n   -   100 smtp -o
smtp_connection_cache_destinations=hash/etc/postfix/cache_domains

Best regards

SRS for Postfix

[Hieronim Sokolski]

Hello,

I am looking for SRS solution for Postfix, as in SPF-compliant world lack of 
this breaks forwarding from my site. We use Zimbra, so hacks with .forward file 
or /etc/aliases directing to | /usr/bin/srs ... will not work. I am going to 
either install SRS software on Zimbra MTA, which is Postfix controlled by 
Zimbra configuration scripts, or on outgoing mail gateway - also Postfix now.

I realized that Postfix can support SRS through milters. Can you recommend me 
any SRS milter, stable and known to work with Postfix (not employing protocol 
features present only in Sendmail)? Eventually I can switch to another edge 
MTA, but if this is possible, I will stay with Postfix.

I suppose that the question isn't too original, but I have found surprisingly 
few information on the web, and mostly outdated.

Thanks
Hieronim

Re: Webmin as an admin tool?

[David Touzeau]

2 releases per month latest is 01-09-2011

http://www.artica.fr/forum/viewforum.php?f=11



Le mercredi 31 août 2011 à 15:30 +0200, we...@zackbummfertig.de a
écrit :
 Artica seems not any more under develpment since 2009 
  Last Changes was 2009
 
  On Sat, 27 Aug 2011 13:33:34 +0200, David Touzeau da...@touzeau.eu 
  wrote:
  Take a look here
 
   Open Source solution.
 
   Tried to perform Complex settings such has multiples postfix
  instances
   Postfix upgrade by compilation supported
   Can act has mailbox server
   Load balancing and PowerDNS support.
   LDAP and ActiveDirectory support
   PostScreen support and associated plugins like milter-greylist,
  spamassassin, Amavisd-new
   Realtime Backup on the fly
   Statistics
   Anti-hacks
   Load balancing, round-robbin...
   Multi-administrators interfaces.
   End-users interfaces for quarantine and aliases
   ..blabla...
 
   Le vendredi 26 août 2011 à 13:28 -0400, John a écrit :
 
  I do not want to start a flam war, but what are the thoughts on using
  webmin as a tool to administer postfix (+ dovecot, but that is 
  outside
 
  this group).
  TIA
  John Allen
 
 

Re: smtp_connection_cache_destinations in master.cf

[Noel Jones]

On 9/1/2011 4:12 AM, David Touzeau wrote:
 Dear
 
 Is it possible to smtp_connection_cache_destinations in master.cf per
 smtp instance with -o option ?
 
 example :
 
 smtp2 unix-   -   n   -   100 smtp -o
 smtp_connection_cache_destinations=hash/etc/postfix/cache_domains
 
 Best regards
 


Yes, that should work.
http://www.postfix.org/smtp.8.html



  -- Noel Jones

mailman configuration issue with a functional postfix server

[J. Bakshi]

Hello list,

It seems a postfix configuration problem, hence posting here.

This is an open-suse 11.4 box with a postfix server, support multidomain
and functional since 2006.

I have installed mailman here. I have followed the suse README
file shipped with this mailman package and done the configuration
accordingly.  I have created a list and can sent there subscription
request. the system also sent me back the mail having confirmation code.
Good.  A reply to that message do noting and not get any mail after sending
reply to that again and again. So completed subscription with web link.
Welcome mail sentarrived. Not bad till now. But when I sent mail to the list,
those mails are not distributed... :-( I think there is something missing
in postfix ( actually in the manual) that mailman can't sent confirmation as 
well
as distribute the mail to the list. 

The aliases has been added at /etc/aliases and main.conf has already
this file as alias_map

The main.cf and master.cf is unchanged as there is nothing
in README which advise to do any modification.

Could someone kindly enlighten me to realize the missing link ?

TIA

Re: mailman configuration issue with a functional postfix server

[Wietse Venema]

J. Bakshi:
 Hello list,
 
 It seems a postfix configuration problem, hence posting here.
 
 This is an open-suse 11.4 box with a postfix server, support multidomain
 and functional since 2006.
 
 I have installed mailman here. I have followed the suse README
 file shipped with this mailman package and done the configuration
 accordingly.  I have created a list and can sent there subscription
 request. the system also sent me back the mail having confirmation code.
 Good.  A reply to that message do noting and not get any mail after 
 sending
 reply to that again and again. So completed subscription with web link.
 Welcome mail sentarrived. Not bad till now. But when I sent mail to the list,
 those mails are not distributed... :-( I think there is something missing
 in postfix ( actually in the manual) that mailman can't sent confirmation as 
 well
 as distribute the mail to the list. 
 
 The aliases has been added at /etc/aliases and main.conf has already
 this file as alias_map
 
 The main.cf and master.cf is unchanged as there is nothing
 in README which advise to do any modification.
 
 Could someone kindly enlighten me to realize the missing link ?

First, have a look at the error and warning messages in the maillog
file.

Second, have a look at the instructions in the welcome message of
this mailing list.

Wietse

Re: mailman configuration issue with a functional postfix server

[J. Bakshi]

On Thu, 1 Sep 2011 08:29:12 -0400 (EDT)
Wietse Venema wie...@porcupine.org wrote:

 J. Bakshi:
  Hello list,
  
  It seems a postfix configuration problem, hence posting here.
  
  This is an open-suse 11.4 box with a postfix server, support multidomain
  and functional since 2006.
  
  I have installed mailman here. I have followed the suse README
  file shipped with this mailman package and done the configuration
  accordingly.  I have created a list and can sent there subscription
  request. the system also sent me back the mail having confirmation code.
  Good.  A reply to that message do noting and not get any mail after 
  sending
  reply to that again and again. So completed subscription with web link.
  Welcome mail sentarrived. Not bad till now. But when I sent mail to the 
  list,
  those mails are not distributed... :-( I think there is something missing
  in postfix ( actually in the manual) that mailman can't sent confirmation 
  as well
  as distribute the mail to the list. 
  
  The aliases has been added at /etc/aliases and main.conf has already
  this file as alias_map
  
  The main.cf and master.cf is unchanged as there is nothing
  in README which advise to do any modification.
  
  Could someone kindly enlighten me to realize the missing link ?
 
 First, have a look at the error and warning messages in the maillog
 file.
 
 Second, have a look at the instructions in the welcome message of
 this mailing list.
 
   Wietse


Thanks..

From mail.log it is seen the messages are successfully delivered
to the list account. No warning.

The welcome message is according to standard template and
the links given at that message are all working well.

Re: SRS for Postfix

[Wietse Venema]

Hieronim Sokolski:
 Hello,
 
 I am looking for SRS solution for Postfix, as in SPF-compliant
 world lack of this breaks forwarding from my site. We use Zimbra,
 so hacks with .forward file or /etc/aliases directing to |
 /usr/bin/srs ... will not work. I am going to either install SRS
 software on Zimbra MTA, which is Postfix controlled by Zimbra
 configuration scripts, or on outgoing mail gateway - also Postfix
 now.

 I realized that Postfix can support SRS through milters. Can you
 recommend me any SRS milter, stable and known to work with Postfix
 (not employing protocol features present only in Sendmail)?
 Eventually I can switch to another edge MTA, but if this is possible,
 I will stay with Postfix.

 I suppose that the question isn't too original, but I have found
 surprisingly few information on the web, and mostly outdated.

Indeed. Five years ago I hoped that it would be sufficient to provide
the Postfix hooks, so that people with more time than me could provide
the implementations of DKIM, SPF, SRS, and other protocols.

If you find a 100% Milter-based SRS solution then you are welcome
to report to the mailing list. The ones that I found invoke socketmaps
from sendmail.cf, instead of using the Milter SMFIR_CHGFROM (replace
sender) command which is available since Postfix 2.6. At this point
it would probably make sense to add Sendmail-style socketmap support
to Postfix.

Wietse

Re: mailman configuration issue with a functional postfix server

[Wietse Venema]

J. Bakshi:
J. Bakshi:
 Could someone kindly enlighten me to realize the missing link ?

Wietse:
 First, have a look at the error and warning messages in the maillog
 file.
 
 Second, have a look at the instructions in the welcome message of
 this mailing list.

J. Bakshi:
 Thanks..
 
 From mail.log it is seen the messages are successfully delivered
 to the list account. No warning.

OK, now you need to look in the mailman logfile. That may reveal
why mailman is not able to send mail into Postfix.

 The welcome message is according to standard template and
 the links given at that message are all working well.

I was referring to this mailing list (postfix-users) which has
the following welcome message:

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail

TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Thank you for using Postfix.

Wietse

header_checks and ldap aliases

[Selcuk Yazar]

Hi,

We have ldap aliases. in main.cf
virtual_alias_maps : ldap:aliases, ldap:accountsmap setting.

i want to create a control for these aliases that sent mail only internal
with using header_checks. but header_checks restriction doesn't wok with
above settings.
any way i also enable forward thing.for this i applied

ldap-forward-example.cf:
--
Code:
server_host = ldap-server.example.com
search_base = ou=People,dc=example,dc=com
version=3
timeout = 10
size_limit = 1
bind = yes
bind_dn = cn=Manager,dc=example,dc=com
bind_pw = password
query_filter = (mail=%s)
result_attribute = mail, addressToForward
--

Within the main.cf file:


virtual_alias_maps = ldap:/etc/postfix/ldap-forward-example.cf
configuration. this time header_checks works. also forward works but
after
that i have mail,
testalias@domain. user_unknow.  what is the problem ?. i think postfix
find aliases and deliver mails to aliases members, also postfix deliver copy
of mail to aliases member's forward address but server says user_unknown.

thanks in advance.


-- 
Selçuk YAZAR

Re: header_checks and ldap aliases

[Noel Jones]

On 9/1/2011 9:53 AM, Selcuk Yazar wrote:
 Hi,
 
 We have ldap aliases. in main.cf http://main.cf
 virtual_alias_maps : ldap:aliases, ldap:accountsmap setting.
 
 i want to create a control for these aliases that sent mail only
 internal with using header_checks. but header_checks restriction
 doesn't wok with above settings.



header_checks are the wrong tool for the job.  To protect a mail
alias, see this example:
http://www.postfix.org/RESTRICTION_CLASS_README.html#internal



  -- Noel Jones

RE: SRS for Postfix

[Murray S. Kucherawy]

 -Original Message-
 From: owner-postfix-us...@postfix.org 
 [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema
 Sent: Thursday, September 01, 2011 6:12 AM
 To: Hieronim Sokolski
 Cc: postfix-users@postfix.org
 Subject: Re: SRS for Postfix
 
 If you find a 100% Milter-based SRS solution then you are welcome
 to report to the mailing list. The ones that I found invoke socketmaps
 from sendmail.cf, instead of using the Milter SMFIR_CHGFROM (replace
 sender) command which is available since Postfix 2.6. At this point
 it would probably make sense to add Sendmail-style socketmap support
 to Postfix.

Which ones had you found?  I'd be interested to take a look at them.

(I'm not a fan of SRS, but I'm interested in milter-related mechanics.)

Re: SRS for Postfix

[Wietse Venema]

Murray S. Kucherawy:
  -Original Message-
  From: owner-postfix-us...@postfix.org 
  [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema
  Sent: Thursday, September 01, 2011 6:12 AM
  To: Hieronim Sokolski
  Cc: postfix-users@postfix.org
  Subject: Re: SRS for Postfix
  
  If you find a 100% Milter-based SRS solution then you are welcome
  to report to the mailing list. The ones that I found invoke socketmaps
  from sendmail.cf, instead of using the Milter SMFIR_CHGFROM (replace
  sender) command which is available since Postfix 2.6. At this point
  it would probably make sense to add Sendmail-style socketmap support
  to Postfix.
 
 Which ones had you found?  I'd be interested to take a look at them.
 
 (I'm not a fan of SRS, but I'm interested in milter-related mechanics.)

I found these with queries for srs milter and srs chgfrom:

http://srs-socketmap.info/spf/ 
Invokes socketmaps from sendmail.cf to rewrite outbound
senders, and uses Milter for inbound RCPT TO verification.
This is sendmail-milter-spf-1.42.pl, which can also be found
in other places.

http://www.bmsi.com/python/milter.html 
Mentions SMFIR_CHGFROM support real soon now for pysrs, but
I could not find it in the latest source.

pysrs and sendmail-milter-spf appear to pre-date SMFIR_CHGFROM
(introduced 2006 with Sendmail 8.14.0), and both have not been
updated in the last 5-6 years.

Wietse

Re: Postdrop doesn't always stop when postfix stop is issued

[Victor Duchovni]

On Wed, Aug 31, 2011 at 07:58:55PM -0400, Wietse Venema wrote:

  This is extremely difficult to reproduce, but it does happen occasionally 
  -- We will tell postfix to stop, and once that is complete, a postdrop 
  process will sometimes remain, and will run until it is manually killed.
  
  Is this an expected behavior of postdrop -- That after the master postfix 
  is stopped, it is expected sometimes that it may continue running, 
  regardless?
 
 This is 100% intentional. The Postfix sendmail command MUST NOT
 drop mail on the floor while the mail system is down.

Well, yes, postdrop(1) is expected to reliably enqueue mail, even when
the mail system is down. This said, it is not really expected to enter
an infinite loop!

On Wed, Aug 31, 2011 at 04:36:22PM -0700, Quanah Gibson-Mount wrote:

 This is extremely difficult to reproduce, but it does happen
 occasionally -- We will tell postfix to stop, and once that is
 complete, a postdrop process will sometimes remain, and will run
 until it is manually killed.
 
 Is this an expected behavior of postdrop -- That after the master
 postfix is stopped, it is expected sometimes that it may continue
 running, regardless?

Normally, postdrop(1) will enqueue the message and exit, whether the
mail system is up or not. The only plausible failure reason is inability
to access the maildrop directory, either because the setgid bit has
been cleared on the postdrop(1) binary, or because the directory has
been moved, deleted, modified to not allow group write access, ...

So the question is what is it that is causing postdrop to loop while
trying to create the queue file?

/*
 * Create a file with a temporary name that does not collide. The process
 * ID alone is not sufficiently unique: maildrops can be shared via the
 * network. Not that I recommend using a network-based queue, or having
 * multiple hosts write to the same queue, but we should try to avoid
 * losing mail if we can.
 *
 * If someone is racing against us, try to win.
 */
for (;;) {
GETTIMEOFDAY(tp);
vstring_sprintf(temp_path, %s/%d.%d, queue_name,
(int) tp-tv_usec, pid);
if ((fd = open(STR(temp_path), O_RDWR | O_CREAT | O_EXCL, mode)) = 0)
break;
if (errno == EEXIST || errno == EISDIR)
continue;
msg_warn(%s: create file %s: %m, myname, STR(temp_path));
sleep(10);
}

Are the create file warnings found in the system log?

-- 
Viktor.

Re: Postdrop doesn't always stop when postfix stop is issued

[Quanah Gibson-Mount]

--On Thursday, September 01, 2011 2:03 PM -0400 Victor Duchovni 
victor.ducho...@morganstanley.com wrote:



So the question is what is it that is causing postdrop to loop while
trying to create the queue file?

/*
 * Create a file with a temporary name that does not collide. The
process  * ID alone is not sufficiently unique: maildrops can be
shared via the  * network. Not that I recommend using a network-based
queue, or having  * multiple hosts write to the same queue, but we
should try to avoid  * losing mail if we can.
 *
 * If someone is racing against us, try to win.
 */
for (;;) {
GETTIMEOFDAY(tp);
vstring_sprintf(temp_path, %s/%d.%d, queue_name,
(int) tp-tv_usec, pid);
if ((fd = open(STR(temp_path), O_RDWR | O_CREAT | O_EXCL, mode))
= 0) break;
if (errno == EEXIST || errno == EISDIR)
continue;
msg_warn(%s: create file %s: %m, myname, STR(temp_path));
sleep(10);
}

Are the create file warnings found in the system log?


Yes:

Mar 22 19:24:52 domain postfix/postdrop[3624]: warning: mail_queue_enter: 
create file maildrop/976917.3624: No such file or directory


for example.

However, what is odd about this is we have postfix explicitly use a queue 
directory that is always present (/opt/zimbra/data/postfix/spool/), so it 
shouldn't be encountering any errors creating a file. :/


I was also wrong about the shutdown order -- We shutdown postfix first, and 
then the other services.


--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.

Zimbra ::  the leader in open source messaging and collaboration

Re: Postdrop doesn't always stop when postfix stop is issued

[Wietse Venema]

Victor Duchovni:
 On Wed, Aug 31, 2011 at 07:58:55PM -0400, Wietse Venema wrote:
 
   This is extremely difficult to reproduce, but it does happen occasionally 
   -- We will tell postfix to stop, and once that is complete, a postdrop 
   process will sometimes remain, and will run until it is manually killed.
   
   Is this an expected behavior of postdrop -- That after the master postfix 
   is stopped, it is expected sometimes that it may continue running, 
   regardless?
  
  This is 100% intentional. The Postfix sendmail command MUST NOT
  drop mail on the floor while the mail system is down.
 
 Well, yes, postdrop(1) is expected to reliably enqueue mail, even when
 the mail system is down. This said, it is not really expected to enter
 an infinite loop!

Well, yes, one is not supposed to remove the submission directory and
ignore postdrop error messages.

If people use Postfix, then at least they have a chance to re-create
the missing directory or permissions, and avoid losing mail.

Wietse

Re: Postdrop doesn't always stop when postfix stop is issued

[Victor Duchovni]

On Thu, Sep 01, 2011 at 11:26:48AM -0700, Quanah Gibson-Mount wrote:

 msg_warn(%s: create file %s: %m, myname, STR(temp_path));
 
 Are the create file warnings found in the system log?
 
 Yes:
 
 Mar 22 19:24:52 domain postfix/postdrop[3624]: warning:
 mail_queue_enter: create file maildrop/976917.3624: No such file or
 directory
 
 for example.

So, most likely the maildrop directory is no longer present, or the
queue directory itself has been moved, unmounted, ... The postdrop(1)
process performs a chdir(2) to the queue_directory, so if that is
replaced, it won't find a maildrop sub-directory...

 However, what is odd about this is we have postfix explicitly use a
 queue directory that is always present
 (/opt/zimbra/data/postfix/spool/), so it shouldn't be encountering
 any errors creating a file. :/

This claim looks implausible, or main.cf was briefly modified to cause
postdrop(1) to use the wrong directory, ...

Make sure you are checking the correct instance (generally the default
one with sendmail/postdrop).

-- 
Viktor.