relocated_maps feature causing backscatter
I recently started using the relocated_maps feature and now am seeing some bounce messages to forged addresses in the queue because of that. It looks like this feature is bouncing rather than rejecting mail. How can I avoid this? Thanks, Pim
Re: relocated_maps feature causing backscatter
On 12/12/2011 5:38 AM, Pim Zandbergen wrote: I recently started using the relocated_maps feature and now am seeing some bounce messages to forged addresses in the queue because of that. It looks like this feature is bouncing rather than rejecting mail. How can I avoid this? Thanks, Pim Are you using an ancient 1.x postfix version? The only bounces that relocated_maps should cause is when local mail is submitted via the sendmail(1) command. If you need more help, please show postconf -n output and logs. -- Noel Jones
Re: relocated_maps feature causing backscatter
I'm using postfix 2.7.5. Some relocated messages are bounced, some are rejected. It looks like this is the rule: Messages to recipients that appear to be local users (through winbind in my case) are bounced. Messages to recipients that do not appear to be local are rejected. This may be relevant: The mail is sent to a domain listed as $mydomain in $mydestination Almost all mail for this domain is relaid to an Exchange server using an entry in the transport map. Thanks, Pim
Re: Postfix lost connection after DATA from unknown... and ipfilter -AF OUT log message
On Sun, 11 Dec 2011 22:57:12 -0500 Jim Seymour jseym...@linxnet.com wrote: On Sun, 11 Dec 2011 20:03:59 -0500 (EST) Wietse Venema wie...@porcupine.org wrote: Wietse Venema: bge1 @0:24 b my_outside_ip,25 - 89.73.201.168,36545 PR tcp len 20 40 -AR OUT Why are you blocking outbound TCP RST? [snip] -AR means the ACK and RST flags are set. My question is why is your firewall blocking outbound ACK|RST? I'm using basically canned rulesets in my ipfilter setup. That is the default deny at the end of bge1's output filters. I must've messed-up, somewhere. I'll take a look in the morning. [snip] Looking at it with fresh eyes, fortified by a cup of coffee :), if I messed-up, I'll be darned if I can see where. The firewall rules related to this couldn't be more straight-forward: . . . pass out quick on bge1 proto tcp from any to any port = 25 keep state . . . block out log first quick on bge1 all That's it. Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at http://jimsun.LinxNet.com/contact/scform.php.
Re: Postfix lost connection after DATA from unknown... and ipfilter -AF OUT log message
James Seymour: -AR means the ACK and RST flags are set. My question is why is your firewall blocking outbound ACK|RST? I'm using basically canned rulesets in my ipfilter setup. That is the default deny at the end of bge1's output filters. I must've messed-up, somewhere. I'll take a look in the morning. [snip] Looking at it with fresh eyes, fortified by a cup of coffee :), if I messed-up, I'll be darned if I can see where. The firewall rules related to this couldn't be more straight-forward: . pass out quick on bge1 proto tcp from any to any port = 25 keep state . block out log first quick on bge1 all That's it. There are two stateful engines: the TCP stack and ipfilter. With keep state, ipfilter remembers the connection and lets packets pass, up to the point that ipfilter believes the connection no longer exists. The TCP stack sends an outbound ACK|RST because it received *something* on port 25. Your firewall should not have passed that. Perhaps you don't have flags S keep state for inbound port 25 traffic. Wietse
Re: Postfix lost connection after DATA from unknown... and ipfilter -AF OUT log message
On Mon, 12 Dec 2011 08:24:38 -0500 (EST) Wietse Venema wie...@porcupine.org wrote: [snip] There are two stateful engines: the TCP stack and ipfilter. *nodding* With keep state, ipfilter remembers the connection and lets packets pass, up to the point that ipfilter believes the connection no longer exists. Understood. The TCP stack sends an outbound ACK|RST because it received *something* on port 25. Your firewall should not have passed that. Should not have passed it *incoming*, do you mean? Perhaps you don't have flags S keep state for inbound port 25 traffic. I do: # SMTP to gateway pass in quick on bge1 proto tcp from any to any port = 25 flags S keep state (The stuff all says any because there are only two devices in the DMZ: The border router's inside interface and the firewall's outside one. It's a true DMZ.) Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at http://jimsun.LinxNet.com/contact/scform.php.
Re: Postfix lost connection after DATA from unknown... and ipfilter -AF OUT log message
James Seymour: The TCP stack sends an outbound ACK|RST because it received *something* on port 25. Your firewall should not have passed that. Should not have passed it *incoming*, do you mean? Indeed (assuming that ipfilter actually tracks state in the exact same way as the TCP stack, which is an assumption that may not be valid). Wietse
Re: Postfix lost connection after DATA from unknown... and ipfilter -AF OUT log message
On Mon, 12 Dec 2011 09:11:26 -0500 (EST) Wietse Venema wie...@porcupine.org wrote: James Seymour: The TCP stack sends an outbound ACK|RST because it received *something* on port 25. Your firewall should not have passed that. Should not have passed it *incoming*, do you mean? Indeed (assuming that ipfilter actually tracks state in the exact same way as the TCP stack, which is an assumption that may not be valid). I think it's only happening with spammer/scammer attempts. I'll write up a litte ad hoc script to reconcile the ipmon entries with the maillog. If it's only abusive behaviour when which it happens, I don't know as it's worth putting much time into? Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at http://jimsun.LinxNet.com/contact/scform.php.
Re: bad recipient address passed to the content filter
On 12/12/2011 7:08 AM, Tomas Macek wrote: I'm using Postfix 2.8.5 built from source and amavisd-new 2.6.4 from Scientific Linux distribution. I have virtual domain 'virtdom.cz' and some subdomain 'subdomain.virtdom.cz'. The server receives the message and passes it to amavisd-new. As you can see from the config, the re...@virtdom.cz shlould be rewritten to re...@subdomain.virtdom.cz and then passed to amavisd-new. The map always finds the key/value pair, but then Postfix does not pass the newly found address to amavis. Why? Below are 2 different cases, that appear - the first one is bad delivery, the second is the proper one where things work properly as expected. You can see it on the recipient address passed to the amavisd-new on port 10024 (find ESMTP::10024). I cannot fully reproduce this error, it happens somehow. Typically this is caused by improper use of receive_override_options = no_address_mappings somewhere in your config. -- master.cf --- smtpsinet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o receive_override_options=no_address_mappings My guess is the bad mail is coming in over smtps. Remove the receive_override_options line, and add -o syslog_name=postfix-smtps so you can see in the log when mail is coming in that port. And unless you have some good reason not to, it's customary to limit smtps access to authenticated users only with something like this: -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -- Noel Jones
Re: relocated_maps feature causing backscatter
I can't yet reproduce a bounce; i'm still figuring out under what circumstances a bounce will happen. Just being a local user, like I suggested in my previous post is not enough. But here is an actual bounce sitting in my queue right now: -Queue ID- --Size-- Arrival Time -Sender/Recipient--- 36DEA664F 3955 Sat Dec 10 03:47:06 MAILER-DAEMON (connect to smtp.anbid.com.br[200.186.108.102]:25: Connection timed out) wattagex...@anbid.com.br -- 4 Kbytes in 1 Request. Here is the log of the arrival /var/log/maillog-20111211:Dec 10 03:47:04 veldhoen postfix/smtpd[2891]: AC3E9664A: client=unknown[186.43.37.99] /var/log/maillog-20111211:Dec 10 03:47:05 veldhoen postfix/cleanup[2895]: AC3E9664A: message-id=0uiljy-wdj5a3...@anbid.com.br /var/log/maillog-20111211:Dec 10 03:47:06 veldhoen postfix/qmgr[8706]: AC3E9664A: from=wattagex...@anbid.com.br, size=1198, nrcpt=1 (queue active) /var/log/maillog-20111211:Dec 10 03:47:06 veldhoen postfix/error[2897]: AC3E9664A: to=j...@macroscoop.nl, relay=none, delay=1.5, delays=1.5/0/0/0.02, dsn=5.1.6, status=bounced (User has moved to j.do...@macroscoop.nl) /var/log/maillog-20111211:Dec 10 03:47:06 veldhoen postfix/bounce[2900]: AC3E9664A: sender non-delivery notification: 36DEA664F /var/log/maillog-20111211:Dec 10 03:47:06 veldhoen postfix/qmgr[8706]: AC3E9664A: removed Here's my postconf -n output, slightly edited; removed some domain names alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 disable_vrfy_command = yes header_checks = regexp:/etc/postfix/header_checks html_directory = no inet_interfaces = all inet_protocols = all local_destination_concurrency_limit = 5 local_destination_recipient_limit = 300 mail_owner = postfix mailbox_transport = lmtp:inet:imap.macroscoop.nl mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 2048 message_strip_characters = \0 milter_connect_macros = j {daemon_name} v {if_name} _ mydestination = $myhostname, localhost.$mydomain, localhost, [ other domains ... ] myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.7.5/README_FILES recipient_delimiter = + relay_domains = $mydestination, relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/postfix-2.7.5/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_mx_session_limit = 5 smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_client_restrictions = reject_unauth_pipelining smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_invalid_helo_hostname reject_non_fqdn_helo_hostname smtpd_milters = inet:localhost:7357 unix:/var/run/spamass-milter/postfix/sock inet:localhost:8891 smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unauth_destination reject_unverified_recipient smtpd_reject_unlisted_recipient = no smtpd_sender_restrictions = permit_mynetworks smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.crt smtpd_tls_key_file = /etc/pki/tls/private/postfix.key smtpd_tls_security_level = may transport_maps = hash:/etc/postfix/transport unknown_address_reject_code = 550 unknown_client_reject_code = 550 unknown_hostname_reject_code = 550 unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 virtual_alias_domains = [ yet more domains ] virtual_alias_maps = hash:/etc/postfix/virtual
Postfix SAV failing against postscreen itself?
Today we sent out some mails which were rejected, due to our use of postscreen. From my queue: 3T26TK1xBDz1tSG 49541 Mon Dec 12 15:47:33 aktion-sauberehae...@charite.de (host mail.klinikum-bayreuth.de[212.185.206.162] said: 450 4.1.7 aktion-sauberehae...@charite.de: Sender address rejected: unverified address: host mail2.charite.de[141.42.206.200] said: 450-4.3.2 Service currently unavailable (in reply to RCPT TO command)) recipi...@klinikum-bayreuth.de So, mail.klinikum-bayreuth.de is using Postfix: % telnet mail.klinikum-bayreuth.de 25 Trying 212.185.206.162... Connected to mail.klinikum-bayreuth.de. Escape character is '^]'. 220 mail.klinikum-bayreuth.de ESMTP Postfix EHLO foo 250-mail.klinikum-bayreuth.de 250-PIPELINING 250-SIZE 2048 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN QUIT 221 2.0.0 Bye Connection closed by foreign host. and it seems they're also using sender address verification: Dec 12 15:47:22 mail postfix/postscreen[1859]: CONNECT from [212.185.206.162]:24483 to [141.42.202.200]:25 Dec 12 15:47:27 mail postfix/smtp[5563]: 3T26T20ZNYzFvnb: host mail.klinikum-bayreuth.de[212.185.206.162] said: 450 4.1.7 aktion-sauberehae...@charite.de: Sender address rejected: unverified address: Address verification in progress (in reply to RCPT TO command) And the address verification probe meets our postscreen: Dec 12 15:47:28 mail postfix/postscreen[1859]: NOQUEUE: reject: RCPT from [212.185.206.162]:24483: 450 4.3.2 Service currently unavailable; from=postmas...@klinikum-bayreuth.de, to=aktion-sauberehae...@charite.de, proto=ESMTP, helo=mail.klinikum-bayreuth.de But: Why does their Postfix cache this tempfail for so long? Which class (positive? negative?) does apply? # fgrep 3T26TK1xBDz1tSG /var/log/mail.log Dec 12 15:47:33 mail2 postfix/smtpd[14743]: 3T26TK1xBDz1tSG: client=mail.charite.de[141.42.202.200] Dec 12 15:47:33 mail2 postfix/cleanup[14841]: 3T26TK1xBDz1tSG: message-id=73bb6a4a2e05a7e82db17ab90018a...@charite.de Dec 12 15:47:33 mail2 postfix/qmgr[11916]: 3T26TK1xBDz1tSG: from=aktion-sauberehae...@charite.de, size=49541, nrcpt=1 (queue active) Dec 12 15:47:37 mail2 postfix/smtp[12693]: 3T26TK1xBDz1tSG: to=recipi...@klinikum-bayreuth.de, relay=mail.klinikum-bayreuth.de[212.185.206.162]:25, delay=4.3, delays=0.04/0/0.91/3.3, dsn=4.1.7, status=deferred (host mail.klinikum-bayreuth.de[212.185.206.162] said: 450 4.1.7 aktion-sauberehae...@charite.de: Sender address rejected: unverified address: host mail2.charite.de[141.42.206.200] said: 450-4.3.2 Service currently unavailable 450 4.3.2 Contact postmas...@charite.de (using a different email address!) for technical assistance. Please provide the following information in your problem report: (in reply to RCPT TO command)) Dec 12 15:55:08 mail2 postfix/qmgr[11916]: 3T26TK1xBDz1tSG: from=aktion-sauberehae...@charite.de, size=49541, nrcpt=1 (queue active) Dec 12 15:55:09 mail2 postfix/smtp[16245]: 3T26TK1xBDz1tSG: to=recipi...@klinikum-bayreuth.de, relay=mail.klinikum-bayreuth.de[212.185.206.162]:25, delay=456, delays=455/0.61/0.1/0.14, dsn=4.1.7, status=deferred (host mail.klinikum-bayreuth.de[212.185.206.162] said: 450 4.1.7 aktion-sauberehae...@charite.de: Sender address rejected: unverified address: host mail2.charite.de[141.42.206.200] said: 450-4.3.2 Service currently unavailable 450 4.3.2 Contact postmas...@charite.de (using a different email address!) for technical assistance. Please provide the following information in your problem report: (in reply to RCPT TO command)) Dec 12 16:05:10 mail2 postfix/qmgr[17153]: 3T26TK1xBDz1tSG: from=aktion-sauberehae...@charite.de, size=49541, nrcpt=1 (queue active) Dec 12 16:05:10 mail2 postfix/smtp[19078]: 3T26TK1xBDz1tSG: to=recipi...@klinikum-bayreuth.de, relay=mail.klinikum-bayreuth.de[212.185.206.162]:25, delay=1057, delays=1057/0.08/0.11/0.36, dsn=4.1.7, status=deferred (host mail.klinikum-bayreuth.de[212.185.206.162] said: 450 4.1.7 aktion-sauberehae...@charite.de: Sender address rejected: unverified address: host mail2.charite.de[141.42.206.200] said: 450-4.3.2 Service currently unavailable 450 4.3.2 Contact postmas...@charite.de (using a different email address!) for technical assistance. Please provide the following information in your problem report: (in reply to RCPT TO command)) Dec 12 16:25:10 mail2 postfix/qmgr[17153]: 3T26TK1xBDz1tSG: from=aktion-sauberehae...@charite.de, size=49541, nrcpt=1 (queue active) Dec 12 16:25:12 mail2 postfix/smtp[22408]: 3T26TK1xBDz1tSG: to=recipi...@klinikum-bayreuth.de, relay=mail.klinikum-bayreuth.de[212.185.206.162]:25, delay=2259, delays=2257/0/1.9/0.54, dsn=4.1.7, status=deferred (host mail.klinikum-bayreuth.de[212.185.206.162] said: 450 4.1.7 aktion-sauberehae...@charite.de: Sender address rejected: unverified address: host mail2.charite.de[141.42.206.200] said: 450-4.3.2
Re: Postfix SAV failing against postscreen itself?
Ralf Hildebrandt: Today we sent out some mails which were rejected, due to our use of postscreen. From my queue: 3T26TK1xBDz1tSG 49541 Mon Dec 12 15:47:33 aktion-sauberehae...@charite.de (host mail.klinikum-bayreuth.de[212.185.206.162] said: 450 4.1.7 aktion-sauberehae...@charite.de: Sender address rejected: unverified address: host mail2.charite.de[141.42.206.200] said: 450-4.3.2 Service currently unavailable (in reply to RCPT TO command)) recipi...@klinikum-bayreuth.de This is no different than greylisting. Eventually, the probe will go through (unless the receiver has upper and lower time bounds for greylisting that are close together, but that is their problem). Wietse
Re: relocated_maps feature causing backscatter
Pim Zandbergen: /var/log/maillog-20111211:Dec 10 03:47:04 veldhoen postfix/smtpd[2891]: AC3E9664A: client=unknown[186.43.37.99] /var/log/maillog-20111211:Dec 10 03:47:05 veldhoen postfix/cleanup[2895]: AC3E9664A: message-id=0uiljy-wdj5a3...@anbid.com.br /var/log/maillog-20111211:Dec 10 03:47:06 veldhoen postfix/qmgr[8706]: AC3E9664A: from=wattagex...@anbid.com.br, size=1198, nrcpt=1 (queue active) /var/log/maillog-20111211:Dec 10 03:47:06 veldhoen postfix/error[2897]: AC3E9664A: to=j...@macroscoop.nl, relay=none, delay=1.5, delays=1.5/0/0/0.02, dsn=5.1.6, status=bounced (User has moved to j.do...@macroscoop.nl) The network-facing SMTP server is configured not to validate that recipient, for example, due to explicit whitelisting in an access map. Wietse
Re: Postfix SAV failing against postscreen itself?
* Wietse Venema wie...@porcupine.org: Ralf Hildebrandt: Today we sent out some mails which were rejected, due to our use of postscreen. From my queue: 3T26TK1xBDz1tSG 49541 Mon Dec 12 15:47:33 aktion-sauberehae...@charite.de (host mail.klinikum-bayreuth.de[212.185.206.162] said: 450 4.1.7 aktion-sauberehae...@charite.de: Sender address rejected: unverified address: host mail2.charite.de[141.42.206.200] said: 450-4.3.2 Service currently unavailable (in reply to RCPT TO command)) recipi...@klinikum-bayreuth.de This is no different than greylisting. Eventually, the probe will go through (unless the receiver has upper and lower time bounds for greylisting that are close together, but that is their problem). OK, I was just wondering. I'll recheck this later. It's just that I've seen that happen so often. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: RE: virtual_alias_maps / mysql problem
Ah, thank you, that led me into the exact right direction! =) i changed the way dovecot checks, if the user exists, and now it works fine. ^_^; just for curiosity, what exactly would i need to feed to the virtual_maibox_maps or rather, what does it expect to get from whatever backend put there? the virtual-readme gives the example i...@example.comexample.com/info is example.com/info the actual directory where the mails are supposed to end up relative to some other directory? or did i read that wrong? best regards and thanks again =) sil Original-Nachricht Datum: Sun, 11 Dec 2011 21:58:55 + Von: James Day james@ontraq.com An: lupin...@gmx.net lupin...@gmx.net, postfix-users@postfix.org postfix-users@postfix.org Betreff: RE: virtual_alias_maps / mysql problem I think you need to be using virtual_mailbox_maps to create a list of valid recipients. Also I can see that dovecot has also accepted the message so you must have configured something like allow_all_users=yes. From: owner-postfix-us...@postfix.org [owner-postfix-us...@postfix.org] On Behalf Of lupin...@gmx.net [lupin...@gmx.net] Sent: Sunday, December 11, 2011 4:31 PM To: postfix-users@postfix.org Subject: Re: virtual_alias_maps / mysql problem thank you for the hint! i activated the query-log and the query is executed ok. i also checked it via postmap -q hutzenp...@domain.de mysql:/etc/postfix/mysql-virtual.cf (which correctly did not return anything) and postmap -q correctu...@domain.de mysql:/etc/postfix/mysql-virtual.cf which did return the correct entry, e.g. user169 so it seems mysql is not at fault. also, when i tested it with a hash-file, it sent successfully to an address that was not listed in said file. unfortunately, now i guess i´ll have to check any and all other config parameters that have anything to do with virtual delivery ^_^; here goes the postconf -n: broken_sasl_auth_clients = yes config_directory = /etc/postfix inet_interfaces = 192.168.12.7 127.0.0.1 mailbox_size_limit = 0 message_size_limit = 2048 mydestination = localhost mydomain = domain.de myhostname = mail.domain.de mynetworks = 192.168.12.0/24 127.0.0.0/8 myorigin = $mydomain relayhost = smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = mail.domain.de smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/certs/cert.pem smtpd_tls_cert_file = /etc/certs/cert.pem smtpd_tls_key_file = /etc/certs/key.pem smtpd_tls_received_header = no smtpd_use_tls = yes transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf virtual_mailbox_domains = domain.de virtual_transport = dovecot transport_maps reads thus: domain.de : .domain.de : * smtp:192.168.12.8 (this is the external firewall-postfix-server) the mail.log reads thus: Dec 11 17:05:05 mehl postfix/smtpd[16897]: connect from unknown[192.168.12.1] Dec 11 17:05:05 mehl postfix/smtpd[16897]: DD60514A03F3: client=unknown[192.168.12.1], sasl_method=PLAIN, sasl_username=user169 Dec 11 17:05:05 mehl postfix/cleanup[16901]: DD60514A03F3: message-id=4ee4d4b2.2020...@domain.de Dec 11 17:05:06 mehl postfix/qmgr[16586]: DD60514A03F3: from=s@domain.de, size=858, nrcpt=1 (queue active) Dec 11 17:05:06 mehl postfix/smtpd[16897]: disconnect from unknown[192.168.12.1] Dec 11 17:05:06 mehl postfix/pipe[16902]: DD60514A03F3: to=grmbl...@domain.de, relay=dovecot, delay=0.32, delays=0.18/0/0/0.14, dsn=2.0.0, status=sent (delivered via dovecot service) Dec 11 17:05:06 mehl postfix/qmgr[16586]: DD60514A03F3: removed the address grmblash does not really exist ;-), when i send to an existing address, the only difference is that postfix/pipe has the correct target as to, e.g. user...@dmain.de thank you all for you hints, i hope this help shed some light on the problem. =) best regards sil Original-Nachricht Datum: Sun, 11 Dec 2011 15:26:40 +0100 Von: Reindl Harald h.rei...@thelounge.net An: postfix-users@postfix.org Betreff: Re: virtual_alias_maps / mysql problem Am 11.12.2011 15:18, schrieb lupin...@gmx.net: thank you for you reply. virtual_mailbox_domains is set, as is virtual_transport. do you mean using a hash-file to test it or for permanent use? there are some 500 mail-users on the server, who change relatively often and who have each a number of aliases..i´d rather avoid using a hash file, especially because the mysql-query is supposed to work =) is there
fallback_relay not triggered
Hi, I have a working setup of postfix that sends all mail not for me to a relayhost via smtp. I want to use a fallback_relay to send mail via uucp. Ok, I know that does not work out of the box. So I set up another instance listening on port 10027 on 127.0.0.1. This sends mail via uucp. I can telnet 127.0.0.1 10027 and see the instance. I already exchanged my relayhost with the instance at 127.0.0.1 - that works too, mail gets queued for uucico. So everything should be set up fine. But when I send mail and the original relayhost is not available (means ports are closed) then I get Dec 12 16:38:38 mhost postfix/smtp[1378]: 4278AB425ED: to=john...@live.com, relay=none, delay=0.05, delays=0.03/0/0.02/0, dsn=4.4.1, status=deferred (connect to mail.relay.de[192.10.64.2]: Connection refused) And then the message sits in the queue. It won't be delivered via my fallback_relay. I already had this working with an older version with nearly the same setup. Did anything change between early version 2 and version 2.7? What shall I do? Did I miss something? Ah, and another thing. I see the following in the logs: Dec 12 16:38:39 sharkey postfix/smtpd[1374]: warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer I already googled and found some hints but none that really helped me. I already disabled smtpd_tls_ask_ccert, but that does not help. I'm using Debian Squeeze and I also found this: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603780 . My mail client is The Bat and even with this message in the logs it seems to work. Thanks for your help! -lutzn -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Re: fallback_relay not triggered
lutz.niede...@gmx.net: Dec 12 16:38:38 mhost postfix/smtp[1378]: 4278AB425ED: to=john...@live.com, relay=none, delay=0.05, delays=0.03/0/0.02/0, dsn=4.4.1, status=deferred (connect to mail.relay.de[192.10.64.2]: Connection refused) And then the message sits in the queue. It won't be delivered via my fallback_relay. As documented: To prevent mailer loops between MX hosts and fall-back hosts, Postfix version 2.2 and later will not use the fallback relays for destinations that it is MX host for (assuming DNS lookup is turned on). Wietse
Postfwd vs Policyd
We currently run three load balanced outbound postfix servers and need to integrate a policy service that can track messages per hour for SASL users. We hope to have a service that can be cluster aware, or know how many cumulative messages have been sent by all the servers in the cluster per user per hour. Looking for some feedback from the community on your experiences with Postfwd and Policyd, or any other postfix policy servers that you have used. Thanks in advance.
Re: fallback_relay not triggered
The mails going to the uucp transport are going into the world. All other mails are handled by the first postfix instance. This machine is not the MX for the destinations the uucp transport / instance handles. It is my own MX, but the mails for me are not handled in the uucp instance. Are there any tricks how I can do that? -lutzn Original-Nachricht Datum: Mon, 12 Dec 2011 11:36:10 -0500 (EST) Von: Wietse Venema wie...@porcupine.org An: Postfix users postfix-users@postfix.org Betreff: Re: fallback_relay not triggered lutz.niede...@gmx.net: Dec 12 16:38:38 mhost postfix/smtp[1378]: 4278AB425ED: to=john...@live.com, relay=none, delay=0.05, delays=0.03/0/0.02/0, dsn=4.4.1, status=deferred (connect to mail.relay.de[192.10.64.2]: Connection refused) And then the message sits in the queue. It won't be delivered via my fallback_relay. As documented: To prevent mailer loops between MX hosts and fall-back hosts, Postfix version 2.2 and later will not use the fallback relays for destinations that it is MX host for (assuming DNS lookup is turned on). Wietse -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Re: fallback_relay not triggered
Wietse: To prevent mailer loops between MX hosts and fall-back hosts, Postfix version 2.2 and later will not use the fallback relays for destinations that it is MX host for (assuming DNS lookup is turned on). I made that change because mail would loop between the fallbax and the MX host, causing mail to be bounced. mail to be bounced. lutz.niede...@gmx.net: The mails going to the uucp transport are going into the world. You are sending mail to some other host, and want Postfix to use the smtp_fallback_feature when that host is down. Why does Postfix believe that it is MX host for the destination? Something seems to be very wromg to me. Wietse
Re: relocated_maps feature causing backscatter
On 12/12/2011 4:48 PM, Wietse Venema wrote: The network-facing SMTP server is configured not to validate that recipient, for example, due to explicit whitelisting in an access map. The access map contains whitelisted IP addresses only. I can now reproduce the bouncing. Out of 22 tested recipients in the relocated file, 7 consistently bounce, and 15 others consistently reject. I really can't tell what sets these recipients apart. All the lines in the relocated file are like usere.mailaddr...@mydomain.nl where user is the user's Active Directory account, and e.mailaddr...@mydomain.nl is their proper e-mail address. The Active Directory user accounts may be seen as valid local Unix user ID's, through Samba's winbind. The bouncing users appear just as valid as the rejecting ones when using the id user command. The user names don't appear anywhere in /etc/postfix/* (except relocated), or /etc/aliases or /etc/passwd I have removed relocated.db, rebuilt it, and restarted postfix just to be sure, without effect. Thanks, Pim
Re: relocated_maps feature causing backscatter
Pim Zandbergen: I can now reproduce the bouncing. Out of 22 tested recipients in the relocated file, 7 consistently bounce, and 15 others consistently reject. What do you mean by that: you talked to the Postfix SMTP daemon from one IP address, sent all 22 addresses in an RCPT TO command, and 15 of those RCPT TO commands did not receive a REJECT reply? Wietse
Re: relocated_maps feature causing backscatter
On 12/12/2011 7:47 PM, Wietse Venema wrote: Pim Zandbergen: I can now reproduce the bouncing. Out of 22 tested recipients in the relocated file, 7 consistently bounce, and 15 others consistently reject. What do you mean by that: you talked to the Postfix SMTP daemon from one IP address, sent all 22 addresses in an RCPT TO command, and 15 of those RCPT TO commands did not receive a REJECT reply? Wietse I sent, from one IP address, to the same Postfix SMTP daemon, 22 separate messages to single recipients, all in the same domain, all matching a relocated user. Of 22 messages, 15 were rejected immediately. 7 others were accepted and were returned shortly later. I repeated this, randomized the order of the messages and got consistent results. Yes, it sounds weird. The Postfix SMTP daemon comes as postfix-2.7.5-1.fc14.x86_64 running on Fedora 14. Pim
Re: relocated_maps feature causing backscatter
Pim Zandbergen: On 12/12/2011 7:47 PM, Wietse Venema wrote: Pim Zandbergen: I can now reproduce the bouncing. Out of 22 tested recipients in the relocated file, 7 consistently bounce, and 15 others consistently reject. What do you mean by that: you talked to the Postfix SMTP daemon from one IP address, sent all 22 addresses in an RCPT TO command, and 15 of those RCPT TO commands did not receive a REJECT reply? I sent, from one IP address, to the same Postfix SMTP daemon, 22 separate messages to single recipients, all in the same domain, all matching a relocated user. Of 22 messages, 15 were rejected immediately. 7 others were accepted and were returned shortly later. What is the output of: postconf smtpd_reject_unlisted_recipient Reason I ask is that the unlisted recipient check also does the relocated check. Wietse smtpd_reject_unlisted_recipient (default: yes) Request that the Postfix SMTP server rejects mail for unknown recipient addresses, even when no explicit reject_unlisted_recipient access restriction is specified. This prevents the Postfix queue from filling up with undeliverable MAILER-DAEMON messages.
Re: fallback_relay not triggered
lutz.niede...@gmx.net: The mails going to the uucp transport are going into the world. Wietse: You are sending mail to some other host, and want Postfix to use the smtp_fallback_feature when that host is down. Why does Postfix believe that it is MX host for the destination? Something seems to be very wromg to me. relayhost is the right way to send mails to my smarthost, correct? This works. My setup knows where to send mails not for mydestination. (Or should I better use default_transport for that?) The machine we are talking about is MX for all the domains that belong to me (=mydestination). And exactly the way relayhost is sent mails to the world they should be sent to the fallback_relay if that relayhost is down. You are right, I believe that something changed between the version I was running before (don't remember) and the version I'm running now. And it looks as if it is the MX thing. As I understood (please correct me): relayhost only takes mydestination into account whereas fallback_relay in addition to mydestination looks into the MX. Correct? So why does Postfix believe that it is the MX for the world? (Wow, my small machine is a very vital part of the internet ;-) Is there a setting that I can turn on to debug into that? A setting where I can see in the logs that and why it believes that it is an MX for those domains? The fallback_relay gets the mails where I am not the MX because all other mails are delivered locally. What is the thing that I do not understand here? -lutzn -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Re: relocated_maps feature causing backscatter
Wietse Venema: Pim Zandbergen: On 12/12/2011 7:47 PM, Wietse Venema wrote: Pim Zandbergen: I can now reproduce the bouncing. Out of 22 tested recipients in the relocated file, 7 consistently bounce, and 15 others consistently reject. What do you mean by that: you talked to the Postfix SMTP daemon from one IP address, sent all 22 addresses in an RCPT TO command, and 15 of those RCPT TO commands did not receive a REJECT reply? I sent, from one IP address, to the same Postfix SMTP daemon, 22 separate messages to single recipients, all in the same domain, all matching a relocated user. Of 22 messages, 15 were rejected immediately. 7 others were accepted and were returned shortly later. What is the output of: postconf smtpd_reject_unlisted_recipient Reason I ask is that the unlisted recipient check also does the relocated check. Unfortunately, the relocated check will be missed when the recipient address exists in virtual_alias_maps or in *canonical_maps, because those can change the address into something else. Wietse
Re: fallback_relay not triggered
lutz.niede...@gmx.net: lutz.niede...@gmx.net: The mails going to the uucp transport are going into the world. Wietse: You are sending mail to some other host, and want Postfix to use the smtp_fallback_feature when that host is down. Why does Postfix believe that it is MX host for the destination? Something seems to be very wromg to me. relayhost is the right way to send mails to my smarthost, correct? This works. My setup knows where to send mails not for mydestination. (Or should I better use default_transport for that?) The machine we are talking about is MX for all the domains that belong to me (=mydestination). And exactly the way relayhost is sent mails to the world they should be sent to the fallback_relay if that relayhost is down. Why are you MX host for a domain, and then sending its mail to the relayhost? That does not seem right. If you do that, then simply turn off DNS lookups in the SMTP client that sends to the relayhost. /etc/postfix/main.cf relay_transport = no_dns_smtp:example.com /etc/postfix/master.cf: no_dns_smtp .. ... .. .. smtp -o disable_dns_lookup=yes Wietse
Re: fallback_relay not triggered
Wietse Venema: The machine we are talking about is MX for all the domains that belong to me (=mydestination). And exactly the way relayhost is sent mails to the world they should be sent to the fallback_relay if that relayhost is down. Why are you MX host for a domain, and then sending its mail to the relayhost? That does not seem right. If you do that, then simply turn off DNS lookups in the SMTP client that sends to the relayhost. /etc/postfix/main.cf relay_transport = no_dns_smtp:example.com /etc/postfix/master.cf: no_dns_smtp .. ... .. .. smtp -o disable_dns_lookup=yes You may have to specify default_transport instead. Wietse
Saving archive copy of all mail sent/received w/Dovecot+Postfix?
I'm running Dovecot 2.0.15 and Postfix 2.7.7 with postfix handing off to Dovecot's LDA. I am hosting multiple virtual domains with multiple users and everything is working. I would now like to create a permanent archive of all sent/received mail with each virtual user's mail saved to its own sent file and received file. This needs to be independent of the user's regular Maildir store since he can't delete or modify the permanent archive. Any suggestions on how to best accomplish this either via postfix or dovecot? Postfix has in main.cf virtual_transport = dovecot and in master.cf dovecot unix - n n - - pipe flags=DRhu user=virtual:virtual argv=/usr/libexec/dovecot /dovecot-lda -d ${recipient} -f ${sender} dovecot uses this: [root@xxx andrew]# dovecot -n # 2.0.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.35.14-103.fc14.x86_64 x86_64 Fedora release 14 (Laughlin) ext4 auth_mechanisms = plain login cram-md5 disable_plaintext_auth = no mail_location = maildir:/home/vmail/%d/%n/Maildir mbox_write_locks = fcntl passdb { args = scheme=plain username_format=%u /etc/postfix/passwd driver = passwd-file } protocols = imap lmtp service auth { inet_listener { port = 12345 } unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0666 } } ssl_cert = /etc/pki/tls/certs/xxx.com.crt ssl_key = /etc/pki/tls/private/xxx.com.key userdb { args = username_format=%u uid=5000 gid=5000 home=/home/vmail/%d/%n driver = static } Thanks, Andrew
Re: fallback_relay not triggered
The machine we are talking about is MX for all the domains that belong to me (=mydestination). And exactly the way relayhost is sent mails to the world they should be sent to the fallback_relay if that relayhost is down. Why are you MX host for a domain, and then sending its mail to the relayhost? That does not seem right. No, I am the MX for all my domains. And these domains are listed in mydestination. I send all other mails to the relayhost, means the mails that I am not the destination but that come from mydestination. And if that relayhost is down I want to send the mails via the fallback_relay that does nothing. It does nothing maybe because it thinks that itself (my machine) is the MX for the rest of the world - means that it thinks that it is MX for exactly those domains that are surely not my domains and it is no MX for these/not my domains. Could you please describe the difference between default_transport and relayhost in a few words? They both seem to act the same. Thanks for your help! -lutzn -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Re: fallback_relay not triggered
Ruppert G. von Teutul: The machine we are talking about is MX for all the domains that belong to me (=mydestination). And exactly the way relayhost is sent mails to the world they should be sent to the fallback_relay if that relayhost is down. Why are you MX host for a domain, and then sending its mail to the relayhost? That does not seem right. No, I am the MX for all my domains. And these domains are listed in mydestination. I send all other mails to the relayhost, means the mails that I am not the destination but that come from mydestination. Why does Postfix believe that it is MX for those domains? If it didn't, then it would use the smtp_fallback_relay. Wietse
Re: fallback_relay not triggered
Why does Postfix believe that it is MX for those domains? If it didn't, then it would use the smtp_fallback_relay. I have no clue! If I send a mail to someone at live.com it does not pass to the fallback_relay if relayhost is down. In theory this should only happen if my machine announces itself as MX for live.com. Correct? This is what I see on the fallback_relay: ; DiG 9.7.3 live.com mx ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 14747 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 5, ADDITIONAL: 5 ;; QUESTION SECTION: ;live.com. IN MX ;; ANSWER SECTION: live.com. 3600IN MX 5 mx2.hotmail.com. live.com. 3600IN MX 5 mx3.hotmail.com. live.com. 3600IN MX 5 mx4.hotmail.com. live.com. 3600IN MX 5 mx1.hotmail.com. ;; AUTHORITY SECTION: live.com. 83725 IN NS ns4.msft.net. live.com. 83725 IN NS ns1.msft.net. live.com. 83725 IN NS ns5.msft.net. live.com. 83725 IN NS ns2.msft.net. live.com. 83725 IN NS ns3.msft.net. ;; ADDITIONAL SECTION: ns1.msft.net. 456 IN A 65.55.37.62 ns2.msft.net. 467 IN A 64.4.59.173 ns3.msft.net. 2847IN A 213.199.159.59 ns4.msft.net. 2847IN A 207.46.75.254 ns5.msft.net. 2860IN A 65.55.226.140 I am surely none of the listed machines. -lutzn -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Re: fallback_relay not triggered
Wietse Venema: Ruppert G. von Teutul: The machine we are talking about is MX for all the domains that belong to me (=mydestination). And exactly the way relayhost is sent mails to the world they should be sent to the fallback_relay if that relayhost is down. Why are you MX host for a domain, and then sending its mail to the relayhost? That does not seem right. No, I am the MX for all my domains. And these domains are listed in mydestination. I send all other mails to the relayhost, means the mails that I am not the destination but that come from mydestination. Why does Postfix believe that it is MX for those domains? If it didn't, then it would use the smtp_fallback_relay. those == destinations that you want to send to the smtp_fallback_relay. Wietse
Re: fallback_relay not triggered
lutz.niede...@gmx.net: Why does Postfix believe that it is MX for those domains? If it didn't, then it would use the smtp_fallback_relay. I have no clue! If I send a mail to someone at live.com it does not pass to the fallback_relay if relayhost is down. In theory this should only happen if my machine announces itself as MX for live.com. Correct? Oops, I wrote that code long enough that my memory is incorrect. Try putting the smtp_fallback_relay inside []. If that does not turn off MX host detection, then I will read Postfix source code more closely. Wietse
Re: fallback_relay not triggered
If I send a mail to someone at live.com it does not pass to the fallback_relay if relayhost is down. In theory this should only happen if my machine announces itself as MX for live.com. Correct? Oops, I wrote that code long enough that my memory is incorrect. Try putting the smtp_fallback_relay inside []. If that does not turn off MX host detection, then I will read Postfix source code more closely. I nearly always use [] since my first negative experiences with MX lookups. So I did here. I specified [127.0.0.1]:10027 as fallback_relay. I did that for relayhost (with another host), too. (Is there any reason I would prefer default_transport over relayhost?) -lutzn -- NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie! Jetzt informieren: http://www.gmx.net/de/go/freephone
Re: fallback_relay not triggered
Ruppert G. von Teutul: If I send a mail to someone at live.com it does not pass to the fallback_relay if relayhost is down. In theory this should only happen if my machine announces itself as MX for live.com. Correct? Oops, I wrote that code long enough that my memory is incorrect. Try putting the smtp_fallback_relay inside []. If that does not turn off MX host detection, then I will read Postfix source code more closely. I nearly always use [] since my first negative experiences with MX lookups. So I did here. I specified [127.0.0.1]:10027 as fallback_relay. I did that for relayhost (with another host), too. Dang. I'll have to check the source code against the docs. (Is there any reason I would prefer default_transport over relayhost?) default_transport specifies the name of the mail delivery service and may contain the destination as well. relayhost specifies only the destination. Wietse
Re: recipient_delimiter
Thanks ! Em 11/12/2011, às 17:46, Wietse Venema escreveu: Jose Renato Attab Braga: Hi I need use the address aaa+xyz@domain when I have the only the address aaa@domain. In my main.cf I have recipient_delimiter = +. I use Mysql to emails adress and domains. What do I need to configurate this? In Postfix, nothing. Postfix will look up aaa+xyz@domain (with the extension), then aaa@domain (no extension). After Postfix finds that the address without extension exists, it will accept the email. You may need to configure Dovecot for the recipient delimiter. Wietse My main.cf smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no append_dot_mydomain = no readme_directory = /usr/share/doc/postfix smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache myhostname = mail.example.com.br alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = mail.exemple.com, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html message_size_limit = 3072 virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /home/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination virtual_create_maildirsize = yes virtual_maildir_extended = yes proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps virtual_transport = dovecot dovecot_destination_recipient_limit = 1
Re: fallback_relay not triggered
lutz.niede...@gmx.net: Hi, I have a working setup of postfix that sends all mail not for me to a relayhost via smtp. I want to use a fallback_relay to send mail via uucp. Ok, I know that does not work out of the box. So I set up another instance listening on port 10027 on 127.0.0.1. This sends mail via uucp. I can telnet 127.0.0.1 10027 and see the instance. I already exchanged my relayhost with the instance at 127.0.0.1 - that works too, mail gets queued for uucico. So everything should be set up fine. But when I send mail and the original relayhost is not available (means ports are closed) then I get Dec 12 16:38:38 mhost postfix/smtp[1378]: 4278AB425ED: to=john...@live.com, relay=none, delay=0.05, delays=0.03/0/0.02/0, dsn=4.4.1, status=deferred (connect to mail.relay.de[192.10.64.2]: Connection refused) And then the message sits in the queue. It won't be delivered via my fallback_relay. This would be a good time to post in one message: The Postfix mail version (that would be 2.7). postconf -n command output. The master.cf definition for all SMTP client entries, in case there are any -o name=value settings. In my case, when I configure /etc/postfix/main.cf: fallback_relay = [127.0.0.1]:9900 And send mail to a down host wzv.porcupine.org, then it tries to connect to the fall-back host at [127.0.0.1]:9900. Dec 12 20:34:15 tail postfix/qmgr[1623]: 3T2NqW57lgznkHT: from=spa...@porcupine.org, size=298, nrcpt=1 (queue active) Dec 12 20:34:25 tail postfix/smtp[2518]: connect to wzv.porcupine.org[168.100.189.7]:25: Operation timed out Dec 12 20:34:25 tail postfix/smtp[2518]: connect to 127.0.0.1[127.0.0.1]:9900: Connection refused Dec 12 20:34:26 tail postfix/smtp[2518]: 3T2NqW57lgznkHT: to=spa...@wzv.porcupine.org, relay=none, delay=10, delays=0.14/0.17/10/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:9900: Connection refused) I get the same result when I specify the down host as relayhost: /etc/postfix/main.cf: fallback_relay = [127.0.0.1]:9900 relayhost = wzv.porcupine.org And send mail to some other destination: Dec 12 20:40:18 tail postfix/qmgr[1623]: 3T2NyV3vTpznkHV: from=spa...@porcupine.org, size=301, nrcpt=1 (queue active) Dec 12 20:40:28 tail postfix/smtp[2542]: connect to wzv.porcupine.org[168.100.189.7]:25: Operation timed out Dec 12 20:40:28 tail postfix/smtp[2542]: connect to 127.0.0.1[127.0.0.1]:9900: Connection refused Dec 12 20:40:28 tail postfix/smtp[2542]: 3T2NyV3vTpznkHV: to=spa...@rabbit.porcupine.org, relay=none, delay=10, delays=0.01/0/10/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:9900: Connection refused) So everything works entirely as expected. Wietse
Re: Saving archive copy of all mail sent/received w/Dovecot+Postfix?
On 12/12/2011 2:17 PM, Andrew M wrote: I'm running Dovecot 2.0.15 and Postfix 2.7.7 with postfix handing off to Dovecot's LDA. I am hosting multiple virtual domains with multiple users and everything is working. I would now like to create a permanent archive of all sent/received mail with each virtual user's mail saved to its own sent file and received file. This needs to be independent of the user's regular Maildir store since he can't delete or modify the permanent archive. Any suggestions on how to best accomplish this either via postfix or dovecot? Take a look an Enkive: http://www.enkive.org -- Stan
Re: Saving archive copy of all mail sent/received w/Dovecot+Postfix?
Am 13.12.2011 03:12, schrieb Stan Hoeppner: On 12/12/2011 2:17 PM, Andrew M wrote: I'm running Dovecot 2.0.15 and Postfix 2.7.7 with postfix handing off to Dovecot's LDA. I am hosting multiple virtual domains with multiple users and everything is working. I would now like to create a permanent archive of all sent/received mail with each virtual user's mail saved to its own sent file and received file. This needs to be independent of the user's regular Maildir store since he can't delete or modify the permanent archive. Any suggestions on how to best accomplish this either via postfix or dovecot? Take a look an Enkive: http://www.enkive.org postfix always_bcc (default: empty) Optional address that receives a blind carbon copy of each message that is received by the Postfix mail system. Note: if mail to the BCC address bounces it will be returned to the sender. Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself. recipient_bcc_maps (default: empty) Optional BCC (blind carbon-copy) address lookup tables, indexed by recipient address. The BCC address (multiple results are not supported) is added when mail enters from outside of Postfix. This feature is available in Postfix 2.1 and later. The table search order is as follows: Look up the user+extens...@domain.tld address including the optional address extension. Look up the u...@domain.tld address without the optional address extension. Look up the user+extension address local part when the recipient domain equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces. Look up the user address local part when the recipient domain equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces. Look up the @domain.tld part. Specify the types and names of databases to use. After change, run postmap /etc/postfix/recipient_bcc. Note: if mail to the BCC address bounces it will be returned to the sender. Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself. Example: recipient_bcc_maps = hash:/etc/postfix/recipient_bcc sender_bcc_maps (default: empty) Optional BCC (blind carbon-copy) address lookup tables, indexed by sender address. The BCC address (multiple results are not supported) is added when mail enters from outside of Postfix. This feature is available in Postfix 2.1 and later. The table search order is as follows: Look up the user+extens...@domain.tld address including the optional address extension. Look up the u...@domain.tld address without the optional address extension. Look up the user+extension address local part when the sender domain equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces. Look up the user address local part when the sender domain equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces. Look up the @domain.tld part. Specify the types and names of databases to use. After change, run postmap /etc/postfix/sender_bcc. Note: if mail to the BCC address bounces it will be returned to the sender. Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself. Example: sender_bcc_maps = hash:/etc/postfix/sender_bcc https://www.milter.org/milter/61 MailArchiver and simular milters http://freecode.com/projects/aox Archiveopteryx Archiveopteryx is an Internet mail server, optimized to support heavy usage and long-term archiving. It stores mail in a PostgreSQL database, and provides access to it through IMAP, POP, and more. and so on. -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria