Re: limiting outgoing
On Sat, Jan 14, 2012 at 1:36 PM, Robert Schetterer rob...@schetterer.orgwrote: Am 14.01.2012 04:40, schrieb Benny Pedersen: On Thu, 12 Jan 2012 17:31:17 +0100, Jiri Vitek wrote: slow_destination_concurrency_limit = 2 slow_destination_concurrency_limit = 2 ymvw, only one line is needed :) ups , yes youre right, some copy paste stuff thx !!! -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria Can anyone please explain slow_destination_concurrency_failed_cohort_limit = 100? I tried to figure it out, couldn't.
Re: limiting outgoing
Am 27.01.2012 10:40, schrieb DN Singh: On Sat, Jan 14, 2012 at 1:36 PM, Robert Schetterer rob...@schetterer.org mailto:rob...@schetterer.org wrote: Am 14.01.2012 04:40, schrieb Benny Pedersen: On Thu, 12 Jan 2012 17:31:17 +0100, Jiri Vitek wrote: slow_destination_concurrency_limit = 2 slow_destination_concurrency_limit = 2 ymvw, only one line is needed :) ups , yes youre right, some copy paste stuff thx !!! -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria Can anyone please explain slow_destination_concurrency_failed_cohort_limit = 100? I tried to figure it out, couldn't. transport_destination_concurrency_failed_cohort_limit (default: $default_destination_concurrency_failed_cohort_limit) A transport-specific override for the default_destination_concurrency_failed_cohort_limit parameter value, where transport is the master.cf name of the message delivery transport. Note: some transport_destination_concurrency_failed_cohort_limit parameters will not show up in postconf command output before Postfix version 2.9. This limitation applies to many parameters whose name is a combination of a master.cf service name and a built-in suffix (in this case: _destination_concurrency_failed_cohort_limit). This feature is available in Postfix 2.5 and later. default_destination_concurrency_failed_cohort_limit (default: 1) How many pseudo-cohorts must suffer connection or handshake failure before a specific destination is considered unavailable (and further delivery is suspended). Specify zero to disable this feature. A destination's pseudo-cohort failure count is reset each time a delivery completes without connection or handshake failure for that specific destination. A pseudo-cohort is the number of deliveries equal to a destination's delivery concurrency. Use transport_destination_concurrency_failed_cohort_limit to specify a transport-specific override, where transport is the master.cf name of the message delivery transport. This feature is available in Postfix 2.5. The default setting is compatible with earlier Postfix versions. -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: limiting outgoing
* DN Singh dnsingh@gmail.com: Can anyone please explain slow_destination_concurrency_failed_cohort_limit = 100? I tried to figure it out, couldn't. http://www.postfix.org/QSHAPE_README.html IMPORTANT!! The large slow_destination_concurrency_failed_cohort_limit value is needed. This prevents Postfix from deferring all mail for the same destination after only one connection or handshake error (the reason for this is that non-zero slow_destination_rate_delay forces a per-destination concurrency of 1). -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
[no subject]
Hi Fellow Postfixers, ( belated H a P p Y N e W Y e A r ) Looking to find out the pros and cons of using MySQL based Postfix over the current basic (text based) setup I have. Is it more secure? must be faster - no? Thanks, Nick. . . -- _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ . . . . . . . . Please visit my Web Hosting/Design Business at: http://MyHost.org -=[ The prices are great - as is the service ]=- . . . . . . . . _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/
Re:
Il 27/01/2012 11.47, Nickalf ha scritto: Hi Fellow Postfixers, ( belated H a P p Y N e W Y e A r ) Looking to find out the pros and cons of using MySQL based Postfix over the current basic (text based) setup I have. Is it more secure? must be faster - no? Thanks, Nick. . . A few things I've noticed.. 1. Nowhere near as many reloads needed, you can add domains, change what they are (local, transport, etc), add and remove users, all from a browser, instead of from the command line. You don't need to postmap, or postfix reload very often at all. 2. Speedwise, I think it's about the same, in theory reading from text files is quicker, but mysql is very quick with selects, and I've never noticed any difference. Being able to pass a question to mysql (does user d...@email.com exist here) might be faster than looking through a big list in memory (or a text file), but I think Wietse would be able to say with much more confidence. 3. Makes backups easier, mysqldump occasionally, it's a lot easier than dealing with PAM and shadow files (if your users are local). 4. It's easy to administer users, password, vacations, and a lot of it can be delegated to the users themselves.. I'm sure there are other reasons, but this is my experience.
Re:
On 28/01/12 00:00, nick wrote: Il 27/01/2012 11.47, Nickalf ha scritto: Hi Fellow Postfixers, ( belated H a P p Y N e W Y e A r ) Looking to find out the pros and cons of using MySQL based Postfix over the current basic (text based) setup I have. Is it more secure? must be faster - no? Thanks, Nick. . . A few things I've noticed.. 1. Nowhere near as many reloads needed, you can add domains, change what they are (local, transport, etc), add and remove users, all from a browser, instead of from the command line. You don't need to postmap, or postfix reload very often at all. 2. Speedwise, I think it's about the same, in theory reading from text files is quicker, but mysql is very quick with selects, and I've never noticed any difference. Being able to pass a question to mysql (does user d...@email.com exist here) might be faster than looking through a big list in memory (or a text file), but I think Wietse would be able to say with much more confidence. 3. Makes backups easier, mysqldump occasionally, it's a lot easier than dealing with PAM and shadow files (if your users are local). 4. It's easy to administer users, password, vacations, and a lot of it can be delegated to the users themselves.. I'm sure there are other reasons, but this is my experience. 5. Ability to work with the same data in different ways. You can write different SQL queries for the same data in an SQL table that can do different things, for example you can have a list of IP addresses in the SQL table and in one query you can return PERMIT if there's a match and in another REJECT. In a third query you can return some data that is in a 2nd column of the same table. With flat files you are limited to one match and one return value, and if you want to use the same data for some other purpose you need to copy it to another file. Don't think that you are limited to just using mysql either, a lot of people prefer postgresql and you may find if you take the time to check it out that you do as well, there is also sqlite if you want something lighter weight. Peter
Re:
On 1/27/2012 6:00 AM, nick wrote: Il 27/01/2012 11.47, Nickalf ha scritto: Hi Fellow Postfixers, ( belated H a P p Y N e W Y e A r ) Looking to find out the pros and cons of using MySQL based Postfix over the current basic (text based) setup I have. Is it more secure? must be faster - no? Thanks, Nick. . . A few things I've noticed.. 1. Nowhere near as many reloads needed, you can add domains, change what they are (local, transport, etc), add and remove users, all from a browser, instead of from the command line. You don't need to postmap, or postfix reload very often at all. 2. Speedwise, I think it's about the same, in theory reading from text files is quicker, but mysql is very quick with selects, and I've never noticed any difference. Being able to pass a question to mysql (does user d...@email.com exist here) might be faster than looking through a big list in memory (or a text file), but I think Wietse would be able to say with much more confidence. 3. Makes backups easier, mysqldump occasionally, it's a lot easier than dealing with PAM and shadow files (if your users are local). 4. It's easy to administer users, password, vacations, and a lot of it can be delegated to the users themselves.. I'm sure there are other reasons, but this is my experience. I went one step further and I use dbmail (http://www.dbmail.org) which also stores the mail in a mysql database via lmtp. dbmail also provides an imap, pop3 and sieve server Many of my maps are mysql based. My users can manage sieve rules through their webmail. Makes doing the nightly backup a snap. restoring a single mailbox can be done by restoring the mailbox to a staging server and then running imapcopy.
Re: postfix and imap cluster structure
Matteo Cazzador: Hello, i'va a particular question about mail server. Suppose a customer have more than one locations in different geographic sites, each one with a mail server with the same domain. Suppose all email addresses have the form u...@example.com, that the company has two locations site-a and site-b, and that the mail servers are mail.site-a.example.com and mail.site-b.example.com. There is no need to deliver every email message to every mail server. Instead, you set up one virtual alias for every user: us...@example.com us...@mail.site-a.example.com us...@example.com us...@mail.site-a.example.com us...@example.com us...@mail.site-b.example.com user1 will receive all their mail on mail.site-a.example.com, and will read all their mail there. There is no need for complex synchronization protocols. Instead, you use SMTP to deliver mail to the right server. Wietse
Re: postfix and imap cluster structure
On Jan 27, 2012, at 8:52 AM, Wietse Venema wrote: Matteo Cazzador: Hello, i'va a particular question about mail server. Suppose a customer have more than one locations in different geographic sites, each one with a mail server with the same domain. Suppose all email addresses have the form u...@example.com, that the company has two locations site-a and site-b, and that the mail servers are mail.site-a.example.com and mail.site-b.example.com. There is no need to deliver every email message to every mail server. Instead, you set up one virtual alias for every user: us...@example.com us...@mail.site-a.example.com us...@example.com us...@mail.site-a.example.com us...@example.com us...@mail.site-b.example.com user1 will receive all their mail on mail.site-a.example.com, and will read all their mail there. There is no need for complex synchronization protocols. Instead, you use SMTP to deliver mail to the right server. Wietse sorry to thread jump, weiste, is it more efficient in this case to run a virtual alias over a transport map ? does one way out perform another ? i have a simliar scenario but i use a transport map. -j
Re: postfix and imap cluster structure
Yes this point is solved for me, the several problem is about imap cluster structure. Il 27/01/2012 15:20, jeffrey j donovan ha scritto: On Jan 27, 2012, at 8:52 AM, Wietse Venema wrote: Matteo Cazzador: Hello, i'va a particular question about mail server. Suppose a customer have more than one locations in different geographic sites, each one with a mail server with the same domain. Suppose all email addresses have the form u...@example.com, that the company has two locations site-a and site-b, and that the mail servers are mail.site-a.example.com and mail.site-b.example.com. There is no need to deliver every email message to every mail server. Instead, you set up one virtual alias for every user: us...@example.com us...@mail.site-a.example.com us...@example.com us...@mail.site-a.example.com us...@example.com us...@mail.site-b.example.com user1 will receive all their mail on mail.site-a.example.com, and will read all their mail there. There is no need for complex synchronization protocols. Instead, you use SMTP to deliver mail to the right server. Wietse sorry to thread jump, weiste, is it more efficient in this case to run a virtual alias over a transport map ? does one way out perform another ? i have a simliar scenario but i use a transport map. -j -- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail. Le informazioni contenute in questa e-mail e nei files eventualmente allegati sono destinate unicamente ai destinatari della stessa e sono da considerarsi strettamente riservate. E' proibito copiare, salvare, utilizzare, inoltrare a terzi e diffondere il contenuto della presente senza il preventivo consenso, ai sensi dell'articolo 616 c.p. e della Legge n. 196/2003. Se avete ricevuto questo messaggio per errore siete pregati di comunicarlo immediatamente all'indirizzo mittente, nonché di cancellarne il contenuto senza procedere ad ulteriore o differente trattamento. ** Ing. Matteo Cazzador NetLite snc di Cazzador Gagliardi Corso Vittorio Emanuele II, 188 37069 Villafranca di Verona VR Tel 0454856656 Fax 0454856655 Email: mat...@netlite.it Web: http://www.netlite.it **
Re: SQL and apostrophes in localparts
On Fri, Jan 27, 2012 at 12:54:46PM -0500, Wietse Venema wrote: /dev/rob0: Postfix 2.9.0-RC2, trying to send to an external address with an apostrophe: rob0@chestnut:~$ fortune -o | mail -so Joe's@example.net rob0@chestnut:~$ mailq Queue ID- --Size-- ---Arrival Time --Sender/Recipient-- 3TZMM8068wzp1Qr405 Fri Jan 27 08:05:08 rob0 Joe's...@example.net and this is logged: Jan 27 08:05:08 chestnut postfix/pickup[20923]: 3TZMM80HjFzBn8B2: uid=1007 from=rob0 Jan 27 08:05:08 chestnut postfix/cleanup[20967]: fatal: dict_sqlite_lookup: /etc/postfix/query/maps-valias.query: SQL prepare failed: near s: syntax error? Postfix runs the search string through sqlite3_mprintf(%q), which is documented to double single quotes to avoid SQL syntax troubles when the string is used in a query like this: SELECT select_field FROM table WHERE where_field = '%s' You can verify that this happens with verbose Postfix logging. Changed cleanup and trivial-rewrite to -v, reloaded. $ fortune -o | mail -so Joe's@example.net ; sleep 2 ; mailq Queue ID- --Size-- ---Arrival Time --Sender/Recipient-- 3TZSg13DMWz1mZx454 Fri Jan 27 12:04:13 chuck Joe's...@example.net -- 0 Kbytes in 1 Request. $ sqlite3 --version 3.6.23.1 Logged (a bunch of other stuff and) this query: Jan 27 12:04:13 chestnut postfix/cleanup[22861]: dict_sqlite_lookup: /etc/postfix/query/maps-valias.query: Searching with query SELECT TA.localpart || (CASE WHEN VA.extension IS NOT NULL? THEN '-' || VA.extension ELSE '' END) ||? (CASE WHEN TD.id=0 THEN '' ELSE '@' || TD.name END)?FROM Alias AS VA? JOIN Address AS TA ON (VA.target = TA.id)? JOIN Domain AS TD ON (TA.domain = TD.id)? JOIN Address AS AA ON (VA.address = AA.id)? JOIN Domain AS AD ON (AA.domain = AD.id)?WHERE AA.localpart || '@' || AD.name IS 'joe's...@example.net'?AND VA.active!=0 ---^ single apostrophe here I will try with a more recent sqlite3 version, thanks. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Indiscriminate maildir processing
Hello, We have a QA department that loves to send out email blasts that kill our Exchange servers for periods of time, and once in a while, will accidentally email a customer or 10,000 with a test message because they forgot to scrub their test database clones prior to running their test. Because of this, I want to set up a server to basically answer for absolutely any email sent to it and create a maildir mailbox in a humungous filesystem. I would also plan in writing a cron to delete all emails older than a week, and allow users to imap in and grab what they want to see. Currently, I have a QA system to handle some generic mailboxes used by dev/qa, but I would like to try and expand this postfix installation to just accept all mail indiscriminately. Can this be done? I use Postfix 2.8.7 on that box. Thanks, Eric Chandler Systems Architect 23 Main Street, Holmdel, NJ 07733 (: 732.203.7437 (: 732.284.8504 (iPhone) *: eric.chand...@vonage.com mailto:eric.chand...@vonage.com þ: www.vonage.com http://www.vonage.com/ NOTE: The information contained in this email message is considered confidential and proprietary to the sender and is intended solely for review and use by the named recipient. Any unauthorized review, use or distribution is strictly prohibited. If you have received this message in error, please advise the sender by reply email and delete the message image001.gifimage002.jpg
Custom error messages
I was curious, is it possible to create custom error messages? For example when I get a bounce back error: - The following addresses had permanent fatal errors - b...@test.com (reason: 550 5.1.1 b...@test.com: Recipient address rejected: User unknown in virtual mailbox table) (expanded from: b...@test.com) Want it to be something like... You received b...@test.com in error (reason: 550 5.1.1). If you don't know what this error means, please visit http://www.test.com/550.html ^ Keep it simple... any suggestions or direction will be greatly appreciated.
Re: Custom error messages
Am 27.01.2012 20:08, schrieb Mailing Lists: I was curious, is it possible to create custom error messages? For example when I get a bounce back error: - The following addresses had permanent fatal errors - b...@test.com mailto:b...@test.com (reason: 550 5.1.1 b...@test.com mailto:b...@test.com: Recipient address rejected: User unknown in virtual mailbox table) (expanded from: b...@test.com mailto:b...@test.com) Want it to be something like... You received b...@test.com mailto:b...@test.com in error (reason: 550 5.1.1). If you don't know what this error means, please visit http://www.test.com/550.html ^ Keep it simple... any suggestions or direction will be greatly appreciated. to say it not polite: it is idiotic to remove User unknown as example we are doing fully automated bounce-managment based on /var/log/maillog and remove adresses from ALL tables of all customers which contains newsletter in the table-name and having a field email it is hard enough to cover most of the stupid versons of user unknown out there currently and this should not be raised use smtpd_reject_footer for additional messages ___ why i am not polite here is this blacklist combined with a whitelist of all sorts of disk full and quoza reached and i have no understanding for people who wants changing default messages which can automatically processed 1 abgelaufen-expired 2 account disabled 3 account expired 4 account has been disabled or discontinued 5 account inactive 6 account invalid 7 account is disabled 8 account is unavailable 9 account that you tried to reach is disabled 10 account unavailable 11 account unknown 12 address invalid 13 address rejected 14 address unknown 15 addressee unknown 16 adresse unbekannt 17 adresse ungueltig 18 benutzer existiert nicht 19 benutzer unbekannt 20 deactivated due to abuse 21 delivery denied 22 email invalid 23 email unbekannt 24 email ungueltig 25 empfaenger unbekannt 26 empfaenger ungueltig 27 has no mail-records 28 here by that name 29 host found but no data record of requested type 30 in my list of allowed rcpt 31 in name directory 32 inactive user 33 inbox invalid 34 invalid address 35 invalid inbox 36 invalid mailbox 37 invalid or expired email 38 invalid rcpt 39 invalid recipient 40 invalid rhodes university e-mail address 41 invalid user 42 is restricted 43 is unknown 44 mailbox invalid 45 mailbox unavailable 46 mailbox unknown 47 my list of allowed rcpthosts 48 nicht bekannt 49 nicht gefunden 50 nicht vorhanden 51 no forwarding address known 52 no person with that email 53 no such address 54 no such inbox 55 no such mailbox 56 no such person 57 no such rcpt 58 no such recipient 59 no such user 60 no third-party dsns 61 no valid address 62 no valid rcpt 63 no valid recipient 64 no valid user 65 non-existant 66 not a known address 67 not a known mailbox 68 not a known rcpt 69 not a known recipient 70 not a known user 71 not a valid mailbox 72 not a valid user 73 not exist 74 not found 75 not in my validrcptto list 76 not known 77 not our customer 78 not present in directory 79 please contact the receiver with another way 80 points to mx.fakemx.net 81 rcpt invalid 82 rcpt is not accepted 83 rcpt not accepted 84 rcpt unknown 85 recipient invalid 86 recipient is not accepted 87 recipient rejected 88 recipient unknown 89 relay access denied 90 relay not permitted 91 relaying denied 92 rule imposed mailbox access 93 target invalid 94 this account is not allowed 95 this target address is not our mx service client 96 this user doesn 97 this username doesn 98 unable to deliver to 99 unable to relay 100 unbekanntes ziel 101 undeliverable address 102 unknown (in reply to rcpt to command) 103 unknown address 104 unknown alias 105 unknown email address 106
Re: SQL and apostrophes in localparts
Try this patch. Wietse *** ./dict_sqlite.c-Fri Jan 13 17:24:39 2012 --- ./dict_sqlite.c Fri Jan 27 14:45:59 2012 *** *** 109,115 /* Fix 20100616 */ if (quoted_text == 0) msg_fatal(dict_sqlite_quote: out of memory); ! vstring_strcat(result, raw_text); sqlite3_free(quoted_text); } --- 109,115 /* Fix 20100616 */ if (quoted_text == 0) msg_fatal(dict_sqlite_quote: out of memory); ! vstring_strcat(result, quoted_text); sqlite3_free(quoted_text); }
Re: Custom error messages
Thanks for the suggestion sir, you have a good point on the black listing, didn't think of that perspective. On Jan 27, 2012, at 2:17 PM, Reindl Harald wrote: Am 27.01.2012 20:08, schrieb Mailing Lists: I was curious, is it possible to create custom error messages? For example when I get a bounce back error: - The following addresses had permanent fatal errors - b...@test.com mailto:b...@test.com (reason: 550 5.1.1 b...@test.com mailto:b...@test.com: Recipient address rejected: User unknown in virtual mailbox table) (expanded from: b...@test.com mailto:b...@test.com) Want it to be something like... You received b...@test.com mailto:b...@test.com in error (reason: 550 5.1.1). If you don't know what this error means, please visit http://www.test.com/550.html ^ Keep it simple... any suggestions or direction will be greatly appreciated. to say it not polite: it is idiotic to remove User unknown as example we are doing fully automated bounce-managment based on /var/log/maillog and remove adresses from ALL tables of all customers which contains newsletter in the table-name and having a field email it is hard enough to cover most of the stupid versons of user unknown out there currently and this should not be raised use smtpd_reject_footer for additional messages ___ why i am not polite here is this blacklist combined with a whitelist of all sorts of disk full and quoza reached and i have no understanding for people who wants changing default messages which can automatically processed 1 abgelaufen-expired 2 account disabled 3 account expired 4 account has been disabled or discontinued 5 account inactive 6 account invalid 7 account is disabled 8 account is unavailable 9 account that you tried to reach is disabled 10account unavailable 11account unknown 12address invalid 13address rejected 14address unknown 15addressee unknown 16adresse unbekannt 17adresse ungueltig 18benutzer existiert nicht 19benutzer unbekannt 20deactivated due to abuse 21delivery denied 22email invalid 23email unbekannt 24email ungueltig 25empfaenger unbekannt 26empfaenger ungueltig 27has no mail-records 28here by that name 29host found but no data record of requested type 30in my list of allowed rcpt 31in name directory 32inactive user 33inbox invalid 34invalid address 35invalid inbox 36invalid mailbox 37invalid or expired email 38invalid rcpt 39invalid recipient 40invalid rhodes university e-mail address 41invalid user 42is restricted 43is unknown 44mailbox invalid 45mailbox unavailable 46mailbox unknown 47my list of allowed rcpthosts 48nicht bekannt 49nicht gefunden 50nicht vorhanden 51no forwarding address known 52no person with that email 53no such address 54no such inbox 55no such mailbox 56no such person 57no such rcpt 58no such recipient 59no such user 60no third-party dsns 61no valid address 62no valid rcpt 63no valid recipient 64no valid user 65non-existant 66not a known address 67not a known mailbox 68not a known rcpt 69not a known recipient 70not a known user 71not a valid mailbox 72not a valid user 73not exist 74not found 75not in my validrcptto list 76not known 77not our customer 78not present in directory 79please contact the receiver with another way 80points to mx.fakemx.net 81rcpt invalid 82rcpt is not accepted 83rcpt not accepted 84rcpt unknown 85recipient invalid 86recipient is not accepted 87recipient rejected 88recipient unknown 89relay access denied 90relay not permitted 91relaying denied 92rule imposed mailbox access 93target invalid 94this account is not allowed 95this target address is not our mx service client 96this user doesn 97this username doesn 98unable to deliver to 99unable to relay 100 unbekanntes ziel 101 undeliverable address 102 unknown (in reply to rcpt to command) 103 unknown
Re: Indiscriminate maildir processing
On 1/27/2012 12:40 PM, Eric Chandler wrote: Hello, We have a QA department that loves to send out email blasts that kill our Exchange servers for periods of time, and once in a while, will accidentally email a customer or 10,000 with a test message because they forgot to scrub their test database clones prior to running their test. Because of this, I want to set up a server to basically answer for absolutely any email sent to it and create a maildir mailbox in a humungous filesystem. I would also plan in writing a cron to delete all emails older than a week, and allow users to imap in and grab what they want to see. Currently, I have a QA system to handle some generic mailboxes used by dev/qa, but I would like to try and expand this postfix installation to just accept all mail indiscriminately. Can this be done? An easy capture everything alias would look like: # main.cf virtual_alias_maps = pcre:/etc/postfix/virtual_all.pcre # virtual_all.pcre /^/ someuser@somehost where someuser is a valid user on the domain somehost. somehost could be localhost.localdomain (also listed in mydestination), or some other destination. Search the mail list archives for further examples. -- Noel Jones
alias and forward
Hi everyone, I'm managing to migrate several mail servers from qmail+vpopmail to postfix+dovecot+mysql. I've got the system up and running with virtual users on mysql but I've a problem with aliases. With qmail it was possible to create a mailbox and setup a forward to all incoming emails for this mailbox to one or more mailboxes. I know I can use aliases but I need to let the alias address authenticate on postfix in order to send emails. It was also possibile with qmail to create a mailbox and setup a storeforward policy: all messages were kept in the original mailbox and a copy was forwarded to one or more mailboxes; again I had in that case 2 real mailboxes that I can use for smtp authentication. Of course I'm able now to create 2 real mailbox (foo@ and bar@) and an alias (foobar@) that forward the email to the 2 real mailboxes. Of course I'm not comparing the 2 softwares and I know it would be better to use the postfix way the I have to make the migration transparent so I cannot ask to the users to change settings and for the old mailboxes I need to replicate the same functions. For the new one no problem at all, I'll use the standard postfix mailbox and alias when needed. I really hope there's a way for me to replicate those policies I was able to use with qmail in order to go ahead with the migration and make all our users use postfix. Thanks for your help (I hope I was clear enough in my question) Alex
Re: Sending NDRs (if any) from different server than normal mails
On 01/26/2012 10:37 AM, Gábor Lénárt wrote: Hi, First of all, I know sending NDRs is not a great idea. .. they are a requirement of SMTP. What on Earth posesses you to think they are bad ? I do sender/rcpt checking, and so on, No, you don't - see below. but still there are some cases when NDRs are generated or sent (for example: customer's own mail server which generates NDR - I have no control over it - and I have outgoing relay service for customers -, This is how it works: the sender SHOULD be notified of a failure to deliver mail. or when I accept mails at the MX server, but after some hops inside my system it turns out that the target mail server is over quota for that rcpt meanwhile, or customer has inbound mail relay service, and they can't provide map for rcpt check, etc). Do not accept mail that YOU cannot deliver. If there are multiple systems involved, share the valid recipients between these systems. Fortunately, the rate of sending out NDRs are quite low now (after I've introduced rcpt checking, also sender check for senders I have information on within a domain I'm handling, at least, not SAV!). However, still, I would like to make things better by passing NDRs to another server: its task is only send out the NDRs, nothing more. It would help to analyze/block the NDR traffic there, also if that server is blacklisted (because of being source of backscatter), it's not a real problem, as normal mails are not sent from there. I have no idea what you mean here. Why should bounces be sent by a different server ? If you're not already using proper client DNSBL blacklisting, as you seem to indicate above - you're really running a decade behind the times. And if YOU are generating backscatter, then you are not using sufficient restrictions on incoming mail. DO NOT accept mail that you cannot deliver. I'm trying to implement this, but I have got few problems. First, I've tried this: sender_dependent_relayhost_maps = hash:/etc/postfix/sender_is_null_for_ndr The table specified the null-key and target is the ndr server. My second try was this: smtpd_sender_restrictions = [...] check_sender_access hash:/etc/postfix/sender_is_null_for_ndr_filter where the /etc/postfix/sender_is_null_for_ndr_filter file is: FILTER smtp:[10.10.10.10] The idea about this, that though it's a filter, it won't pass back the mail (the NDR server, 10.10.10.10 in this example) just I use FILTER action to be able to modify the target of the mails. However it seems both of these solutions has problems: It seems, locally generated NDRs (if there is any at all, it was a test scenario, that I wanted to generate) won't be handled well, at least not with the second solution. The problem I've experienced with the first solution: if I have a domain with a transport map, then NDRs (would be sent for an rcpt in that domain) are sent directly, bypassing my need to be relayed for the NDR server (which use the same ldap based transport map to send them out - or block, as I plan to analyze NDR traffic there, as I've told). My head hurts. WHY do you think bounces should be sent by a different server ? What is the nice and clean solution for this problem What problem ? -- J.
Re: alias and forward
Alessandro Vicari: Hi everyone, I'm managing to migrate several mail servers from qmail+vpopmail to postfix+dovecot+mysql. I've got the system up and running with virtual users on mysql but I've a problem with aliases. With qmail it was possible to create a mailbox and setup a forward to all incoming emails for this mailbox to one or more mailboxes. I know I can use aliases but I need to let the alias address authenticate on postfix in order to send emails. What does ``let the alias address authenticate on postfix'' mean? Please do not assume that people here are qmail experts. Wietse
Re: alias and forward
Hi Wietse, thanks for your replay. I mean that creating an alias my user cannot use these credentials for authentication on smtp-auth. I'm sorry if I wasn't clear enough, I hope now I make myself more clear thanks! Alex 2012/1/28 Wietse Venema wie...@porcupine.org Alessandro Vicari: Hi everyone, I'm managing to migrate several mail servers from qmail+vpopmail to postfix+dovecot+mysql. I've got the system up and running with virtual users on mysql but I've a problem with aliases. With qmail it was possible to create a mailbox and setup a forward to all incoming emails for this mailbox to one or more mailboxes. I know I can use aliases but I need to let the alias address authenticate on postfix in order to send emails. What does ``let the alias address authenticate on postfix'' mean? Please do not assume that people here are qmail experts. Wietse
Re: alias and forward
Alessandro Vicari: Hi Wietse, thanks for your replay. I mean that creating an alias my user cannot use these credentials for authentication on smtp-auth. With SMTP AUTH, the Postfix SMTP server gives a remote SMTP client permission to RELAY mail through Postfix. Postfix aliases control what mail Postfix can receive. This is unrelated to SMTP AUTH. Wietse
Re: alias and forward
On 28/01/12 13:36, Alessandro Vicari wrote: I mean that creating an alias my user cannot use these credentials for authentication on smtp-auth. You need ton configure your SASL AUTH server (dovecot?) to recognize the names in your alias table as well as those in the mailboxes table. How you do this is dependent on the particular SASL AUTH server you use and a question that should probably be directed to their docs and support. Peter
Re: Indiscriminate maildir processing
On 1/27/2012 6:34 PM, Stan Hoeppner wrote: On 1/27/2012 4:30 PM, Noel Jones wrote: On 1/27/2012 12:40 PM, Eric Chandler wrote: We have a QA department that loves to send out email blasts that kill our Exchange servers for periods of time, and once in a while, will accidentally email a customer or 10,000 with a test message because they forgot to scrub their test database clones prior to running their test. Because of this, I want to set up a server to basically answer for absolutely any email sent to it and create a maildir mailbox in a humungous filesystem. I would also plan in writing a cron to delete all emails older than a week, and allow users to imap in and grab what they want to see. Currently, I have a QA system to handle some generic mailboxes used by dev/qa, but I would like to try and expand this postfix installation to just accept all mail indiscriminately. Can this be done? An easy capture everything alias would look like: # main.cf virtual_alias_maps = pcre:/etc/postfix/virtual_all.pcre # virtual_all.pcre /^/ someuser@somehost where someuser is a valid user on the domain somehost. somehost could be localhost.localdomain (also listed in mydestination), or some other destination. Does this assume the Postfix server in question is an outbound relay for the Exchange server? If so wouldn't the OP need to add a sender address test to the catch all logic, lest break his mail system for all traffic? The above simple example catches *EVERYTHING* and is suitable to be used in a lab or test setting. This is consistent with the initial request as I understand it. If the request was incomplete, it should be clarified. -- Noel Jones
Re: Address verification database
Il 26/01/2012 13:15, Wietse Venema ha scritto: Do you have quantitative evidence, based on actual email traffic, that this would make a difference? Wietse Hi Wietse, thanks for your reply ..i've taken some time to collect some data. I've monitored for 2 days one single host wich handles about 200 domains (it cleans mails for ..and forward to external mbox server). I've noticed about 2000 remote mailbox verify tasks; redundancy checks caused by case-sensitive re-checks are about 65-70% About every mailbox has 2-3 different case variants. I know and I agree on that it would not make sensitive differences on performances but I've some other behaviours in mind (consider also that remote host mailboxes could not be under my/our direct control): - if remote hosts are temporarily unreachable ..or host is backup for .. 'case variants' re-checks are little bit more boring - we can have different case variants with different cache values ..some accepted and some blocked (this is the case in wich I've kicked my head into) - logs are a little bit more dirty - remote host with rate-checks (tcp connections, smtp ones ..) .. I know postfix reuses the single connection for delivery, but I mean on negative results - .. maybe others .. On other side I'm also considering now that remote hosts could specifically implement some particular policies (..like rejecting Ucase variants, etc..) wich could bring us into problems. Maybe a little parameter .. address_verify_casesensitive = yes/no ? :-))) I'm joking.. Thanks for your time, I'm really interested what you think. Have a nice week-end Amedeo Amedeo Rinaldo -- Una volta eliminato l'impossibile, quello che resta, per improbabile che sia, deve essere la verità.
Re: Custom error messages
On 27 Jan 2012, at 14:17, Reindl Harald wrote: Am 27.01.2012 20:08, schrieb Mailing Lists: I was curious, is it possible to create custom error messages? For example when I get a bounce back error: - The following addresses had permanent fatal errors - b...@test.com mailto:b...@test.com (reason: 550 5.1.1 b...@test.com mailto:b...@test.com: Recipient address rejected: User unknown in virtual mailbox table) (expanded from: b...@test.com mailto:b...@test.com) Want it to be something like... You received b...@test.com mailto:b...@test.com in error (reason: 550 5.1.1). If you don't know what this error means, please visit http://www.test.com/550.html ^ Keep it simple... any suggestions or direction will be greatly appreciated. to say it not polite: it is idiotic to remove User unknown That's debatable. However, it is explicitly allowed by RFC5321 and its ancestors. See http://tools.ietf.org/html/rfc5321#section-4.2 as example we are doing fully automated bounce-managment based on /var/log/maillog and remove adresses from ALL tables of all customers which contains newsletter in the table-name and having a field email If you relied on the text in that way in an SMTP client, it would violate a MUST statement in RFC5321. FWIW, I believe I've used the word idiotic in fighting against the creation of such ill-conceived tools. It is unfortunate that you did not take the advice of the relevant RFC's before deploying and becoming reliant on such an intrinsically broken tool that is destined for a permanent state of needing maintenance. it is hard enough to cover most of the stupid versons of user unknown out there currently and this should not be raised use smtpd_reject_footer for additional messages ___ why i am not polite here is this blacklist combined with a whitelist of all sorts of disk full and quoza reached and i have no understanding for people who wants changing default messages which can automatically processed Since maillog lines contain the failed command, the standard reply code, and (if it exists) the extended DSN code, there should be no problems identifying rejections that should be treated as User unknown responses if the server sending the response intends that state to be detected. In short: in reply to RCPT, '550' should be treated as User Unknown unless it is followed by a standard enhanced status code other than '5.1.1' (which should be considered as an unequivocal and authoritative statement that the addressed mailbox is nonexistent.) With other enhanced status codes there may be some circumstances where it is reasonable not to scrub an address from a mailing list in reaction to one rejection, but the standard enhanced status codes exist precisely to save the mail environment from the proliferation of tools that try to interpret the text part of SMTP replies as the SMTP standard insists that they must not. See RFC3463, RFC5248 and their references for details on the standard codes and their meanings.
verify_sender clarification
Hello I need some clarifications on the verify_sender statement : What I would like to do : When our MX receive an email from t...@domain.tld I would like Postfix perform a DNS lookup to verify that the IP address of the sender is really part of the domain domain.tld and if not reject the email from t...@domain.tld saying : Your email has been rejected because your IP address is not in the domain domain.tld Does verify_sender do that ? Thank you
Re: verify_sender clarification
I read this page http://posluns.com/guides/classes/ before asking but i'm a bit confuse , sorry Le 28/01/2012 07:54, Frank Bonnet a écrit : Hello I need some clarifications on the verify_sender statement : What I would like to do : When our MX receive an email from t...@domain.tld I would like Postfix perform a DNS lookup to verify that the IP address of the sender is really part of the domain domain.tld and if not reject the email from t...@domain.tld saying : Your email has been rejected because your IP address is not in the domain domain.tld Does verify_sender do that ? Thank you
Re: verify_sender clarification
I also tried to read this page but ... Forbidden You don't have permission to access /~hildeb/postfix/postfix_restriction_classes.shtml on this server. Apache/2.2.8 Server at www.stahl.bau.tu-bs.de Port 80 Le 28/01/2012 08:04, Frank Bonnet a écrit : I read this page http://posluns.com/guides/classes/ before asking but i'm a bit confuse , sorry Le 28/01/2012 07:54, Frank Bonnet a écrit : Hello I need some clarifications on the verify_sender statement : What I would like to do : When our MX receive an email from t...@domain.tld I would like Postfix perform a DNS lookup to verify that the IP address of the sender is really part of the domain domain.tld and if not reject the email from t...@domain.tld saying : Your email has been rejected because your IP address is not in the domain domain.tld Does verify_sender do that ? Thank you
Re: Sending NDRs (if any) from different server than normal mails
On 27 Jan 2012, at 23:57, Jeroen Geilman wrote: On 01/26/2012 10:37 AM, Gábor Lénárt wrote: First of all, I know sending NDRs is not a great idea. .. they are a requirement of SMTP. What on Earth posesses you to think they are bad ? An increasingly crackpot attitude towards all forms of backscatter by the Spam fighters and other supposed legions of the light, I suspect. The idea is not to generate bounces in case the sender address is forged. While it's a legitimate concern, it's not enough of a concern to deny senders disposition reports. Those people affected by enough backscatter should seriously consider employing BATV. TMDA also has a built-in address signing mechanism which you should be using anyway if you use TMDA at all to help with this. A very small number of things are affected by SES; whitelist them (EG ezmlm, which has problems of its own worth considering replacing it anyway). However, still, I would like to make things better by passing NDRs to another server: its task is only send out the NDRs, nothing more. It would help to analyze/block the NDR traffic there, also if that server is blacklisted (because of being source of backscatter), it's not a real problem, as normal mails are not sent from there. I have no idea what you mean here. Why should bounces be sent by a different server ? He wants to send bounces through another IP so *that* IP can get blocked. He wants to reduce the effects of getting blocked to just bounces, when one of the legions of the light swoop on him for daring to send backscatter. Example: http://www.backscatterer.org/ . Qmail has this as a patch. Courier has some nice backscatter suppression logic in it, to stop trouble users causing more trouble over a short period of time. These are both reasonable approaches. If you're not already using proper client DNSBL blacklisting, as you seem to indicate above - you're really running a decade behind the times. And if YOU are generating backscatter, then you are not using sufficient restrictions on incoming mail. DO NOT accept mail that you cannot deliver. These are points I'd rather not debate, though not from agreement. I think it is fair to say though that where options exist not to accept mail, according to your policies, then you should not accept that mail. This almost always includes protocol violations, viruses, known spam, MX relay RCPT, etc. It won't include autoresponders, challenge-response, mailing list servers, failed/delayed mail, etc, at least until implementations of some of these come along which reject at SMTP time, where that makes sense. Cheers, Sabahattin
