On proxy_read_maps
Hi, I've read (e.g. here: http://readlist.com/lists/postfix.org/postfix-users/19/99851.html and elsewhere) that when we want to use proxymap (like: proxy:ldap:..., then we need to add in main.cf the output of postconf -d | grep proxy_read_maps and append any additional parameters. So in my case (Postfix 2.8.3): # postconf -d | grep proxy_read_maps proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps ...and: virtual_alias_maps = hash:/etc/postfix/aliases, hash:/etc/postfix/aliases.d/virtual_aliases, ldap:/etc/postfix/ldap-alias-vacation.cf, ldap:/etc/postfix/ldap-aliases.cf virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf As a result, if I understand things right, I should define explicitly: ldap_alias_vacation_map = proxy:ldap:/etc/postfix/ldap-alias-vacation.cf ldap_alias_map = proxy:ldap:/etc/postfix/ldap-aliases.cf ldap_virtual_mailbox_map = proxy:ldap:/etc/postfix/ldap-users.cf proxy_read_maps = $local_recipient_maps, $mydestination, $virtual_alias_maps, $virtual_alias_domains, $virtual_mailbox_maps, $virtual_mailbox_domains, $relay_recipient_maps, $relay_domains, $canonical_maps, $sender_canonical_maps, $recipient_canonical_maps, $relocated_maps, $transport_maps, $mynetworks, $sender_bcc_maps, $recipient_bcc_maps, $smtp_generic_maps, $lmtp_generic_maps, $ldap_alias_vacation_map, $ldap_alias_map, $ldap_virtual_mailbox_map virtual_alias_maps = hash:/etc/postfix/aliases, hash:/etc/postfix/aliases.d/virtual_aliases, $ldap_alias_vacation_map, $ldap_alias_map virtual_mailbox_maps = $ldap_virtual_mailbox_map Questions: 1. Is my approach right? 2. I am a bit confused in that we are adding in proxy_read_maps e.g. BOTH virtual_alias_mapsAND (some of) the values of that setting (here: $ldap_alias_vacation_map, $ldap_alias_map). How should I understand the need to add (again, as an example) $virtual_alias_mapsin proxy_read_maps? (It would seem to me natural to add the affected values only: $ldap_alias_vacation_map, $ldap_alias_map). The same goes for other similar settings. Please advise. Thanks, Nick
Re: On proxy_read_maps
Nikolaos Milas: So in my case (Postfix 2.8.3): # postconf -d | grep proxy_read_maps proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps proxy_read_maps is meant to include all the parameters that have read-only lookup tables. As Postfix evolves over time, new tables don't always get added to the proxy_read_maps default value. However, virtual_alias_maps is already listed in the default. ...and: virtual_alias_maps = hash:/etc/postfix/aliases, hash:/etc/postfix/aliases.d/virtual_aliases, ldap:/etc/postfix/ldap-alias-vacation.cf, ldap:/etc/postfix/ldap-aliases.cf There is no proxy: in there. If you use virtual_alias_maps = proxy:ldap:whatever ... Then it will automatically be included in the proxy_read_maps value, and the proxymap dameon will permit lookups. Wietse
Re: On proxy_read_maps
On 9/3/2012 1:03 μμ, Wietse Venema wrote: There is no proxy: in there. If you use virtual_alias_maps = proxy:ldap:whatever ... Then it will automatically be included in the proxy_read_maps value, and the proxymap dameon will permit lookups. Thanks Wietse, Initially, I assumed it would be as you describe (exactly because these settings were listed in proxy_read_maps), and I tried simply adding proxy: in front of my ldap:... entries and reloaded, but it failed: Mar 8 20:06:56 vmail postfix/proxymap[32375]: fatal: open /etc/postfix/ldap-alias-vacation.cf: Permission denied Mar 8 20:06:57 vmail postfix/submission/smtpd[32325]: warning: private/proxymap socket: service dict_proxy_open: Success Mar 8 20:06:57 vmail postfix/master[3162]: warning: process /usr/libexec/postfix/proxymap pid 32375 exit status 1 Mar 8 20:06:57 vmail postfix/master[3162]: warning: /usr/libexec/postfix/proxymap: bad command startup -- throttling Therefore, I started searching older threads and found the info I wrote about. For reference: # ls -la /etc/postfix/ldap-* -rw-r- 1 root root 774 Oct 26 2010 /etc/postfix/ldap-aliases.cf -rw-r- 1 root root 358 Aug 24 2010 /etc/postfix/ldap-alias-vacation.cf -rwxr-x--- 1 root root 495 Aug 24 2010 /etc/postfix/ldap-users.cf # ls -la /usr/libexec/postfix/proxy* -rwxr-xr-x 1 root root 726263 May 23 2011 /usr/libexec/postfix/proxymap Any ideas? Thanks again, Nick
Re: On proxy_read_maps
Nikolaos Milas: Mar 8 20:06:56 vmail postfix/proxymap[32375]: fatal: open /etc/postfix/ldap-alias-vacation.cf: Permission denied The ***POSTFIX*** user must be able to open the file. Wietse
Re: On proxy_read_maps
On 9/3/2012 1:33 μμ, Nikolaos Milas wrote: # ls -la /etc/postfix/ldap-* -rw-r- 1 root root 774 Oct 26 2010 /etc/postfix/ldap-aliases.cf -rw-r- 1 root root 358 Aug 24 2010 /etc/postfix/ldap-alias-vacation.cf -rwxr-x--- 1 root root 495 Aug 24 2010 /etc/postfix/ldap-users.cf I would like to add that I also tried to chmod 644 these files, but it still failed. Mar 8 20:11:55 vmail postfix/master[3162]: reload -- version 2.8.3, configuration /etc/postfix Mar 8 20:12:01 vmail postfix/proxymap[32599]: warning: request for unapproved table: ldap:/etc/postfix/ldap-alias-vacation.cf Mar 8 20:12:01 vmail postfix/proxymap[32599]: warning: to approve this table for read-only access, list proxy:ldap:/etc/postfix/ldap-alias-vacation.cf in main.cf:proxy_read_maps Mar 8 20:12:01 vmail postfix/submission/smtpd[32325]: fatal: proxymap service is not configured for table ldap:/etc/postfix/ldap-alias-vacation.cf Note: The log excerpt I sent in my previous post might be after I added proxy: and before reloading! Nick
Re: On proxy_read_maps
Am 09.03.2012 12:44, schrieb Nikolaos Milas: On 9/3/2012 1:33 μμ, Nikolaos Milas wrote: # ls -la /etc/postfix/ldap-* -rw-r- 1 root root 774 Oct 26 2010 /etc/postfix/ldap-aliases.cf -rw-r- 1 root root 358 Aug 24 2010 /etc/postfix/ldap-alias-vacation.cf -rwxr-x--- 1 root root 495 Aug 24 2010 /etc/postfix/ldap-users.cf I would like to add that I also tried to chmod 644 these files, but it still failed. Mar 8 20:11:55 vmail postfix/master[3162]: reload -- version 2.8.3, configuration /etc/postfix Mar 8 20:12:01 vmail postfix/proxymap[32599]: warning: request for unapproved table: ldap:/etc/postfix/ldap-alias-vacation.cf Mar 8 20:12:01 vmail postfix/proxymap[32599]: warning: to approve this table for read-only access, list proxy:ldap:/etc/postfix/ldap-alias-vacation.cf in main.cf:proxy_read_maps Mar 8 20:12:01 vmail postfix/submission/smtpd[32325]: fatal: proxymap service is not configured for table ldap:/etc/postfix/ldap-alias-vacation.cf Note: The log excerpt I sent in my previous post might be after I added proxy: and before reloading! this is how i configured proxy_read_maps since years 644 is a very bad idea - chown root:postfix, chmod 640 [root@srv-rhsoft:~]$ ls /etc/postfix/mysql-* -rw-r- 1 root postfix 195 2011-04-27 18:59 /etc/postfix/mysql-aliases.cf -rw-r- 1 root postfix 294 2011-05-28 19:06 /etc/postfix/mysql-forwarders.cf -rw-r- 1 root postfix 201 2011-04-27 18:59 /etc/postfix/mysql-mydestination.cf -rw-r- 1 root postfix 195 2011-04-27 18:59 /etc/postfix/mysql-mynetworks.cf -rw-r- 1 root postfix 196 2011-04-27 18:59 /etc/postfix/mysql-recipients.cf -rw-r- 1 root postfix 463 2011-04-27 18:59 /etc/postfix/mysql-rewritedomains.cf -rw-r- 1 root postfix 203 2011-04-27 18:59 /etc/postfix/mysql-rewritesenders.cf -rw-r- 1 root postfix 327 2011-04-27 18:59 /etc/postfix/mysql-senderaccess.cf -rw-r- 1 root postfix 365 2011-05-12 23:32 /etc/postfix/mysql-sender_relay_hosts_auth.cf -rw-r- 1 root postfix 202 2011-04-27 18:59 /etc/postfix/mysql-sender_relay_hosts.cf -rw-r- 1 root postfix 198 2011-04-27 18:59 /etc/postfix/mysql-spamfilter.cf -rw-r- 1 root postfix 262 2011-04-27 18:59 /etc/postfix/mysql-transport.cf proxy_read_maps = proxy:mysql:/etc/postfix/mysql-mynetworks.cf proxy:mysql:/etc/postfix/mysql-mydestination.cf proxy:mysql:/etc/postfix/mysql-recipients.cf proxy:mysql:/etc/postfix/mysql-rewritedomains.cf proxy:mysql:/etc/postfix/mysql-rewritesenders.cf proxy:mysql:/etc/postfix/mysql-transport.cf proxy:mysql:/etc/postfix/mysql-sender_relay_hosts.cf proxy:mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf proxy:mysql:/etc/postfix/mysql-aliases.cf proxy:mysql:/etc/postfix/mysql-senderaccess.cf proxy:mysql:/etc/postfix/mysql-spamfilter.cf proxy:mysql:/etc/postfix/mysql-forwarders.cf smtpd_recipient_restrictions = permit_mynetworks reject_non_fqdn_recipient reject_non_fqdn_sender reject_unlisted_sender reject_authenticated_sender_login_mismatch permit_sasl_authenticated reject_unknown_sender_domain reject_unknown_recipient_domain reject_unauth_destination reject_unknown_reverse_client_hostname reject_invalid_hostname reject_unauth_pipelining check_recipient_access proxy:mysql:/etc/postfix/mysql-spamfilter.cf mynetworks = 127.0.0.0/8, proxy:mysql:/etc/postfix/mysql-mynetworks.cf mydestination = proxy:mysql:/etc/postfix/mysql-mydestination.cf local_recipient_maps= proxy:mysql:/etc/postfix/mysql-recipients.cf recipient_canonical_maps= proxy:mysql:/etc/postfix/mysql-rewritedomains.cf sender_canonical_maps = proxy:mysql:/etc/postfix/mysql-rewritesenders.cf transport_maps = proxy:mysql:/etc/postfix/mysql-transport.cf sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql-sender_relay_hosts.cf smtp_sasl_password_maps = proxy:mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf alias_maps = proxy:mysql:/etc/postfix/mysql-aliases.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-senderaccess.cf virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-forwarders.cf signature.asc Description: OpenPGP digital signature
Re: On proxy_read_maps
For reference: # postconf -n alias_database = hash:/etc/postfix/aliases, hash:/etc/postfix/aliases.d/virtual_aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 delay_logging_resolution_limit = 3 home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = ipv4, ipv6 local_header_rewrite_clients = static:all mail_owner = postfix mailbox_command = /usr/lib/dovecot/deliver mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 41943040 milter_default_action = accept mydestination = $myhostname, localhost.$mydomain, localhost mydomain = noa.gr myhostname = vmail.noa.gr mynetworks = 195.251.204.0/24, 195.251.202.0/24, 195.251.203.0/24, 194.177.194.0/24, 194.177.195.0/24, 127.0.0.0/8, 195.251.5.0/24, [2001:648:2011::]/48 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = $smtpd_milters parent_domain_matches_subdomains = queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES recipient_canonical_maps = hash:/etc/postfix/domainrecipientmap relay_domains = $mydestination sample_directory = /usr/share/doc/postfix-2.3.3/samples sender_canonical_maps = hash:/etc/postfix/domainsendermap sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject smtpd_delay_reject = yes smtpd_milters = inet:127.0.0.1:8891 smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected_destinations, permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination, reject_unknown_recipient_domain,reject_unverified_recipient smtpd_restriction_classes = controlled_senders,allowed_list1 smtpd_sasl_auth_enable = yes smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/pki/tls/certs/chain-180.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/pki/tls/certs/cert-180.pem smtpd_tls_exclude_ciphers = DES,3DES,MD5,aNULL,AES128,CAMELLIA128 smtpd_tls_key_file = /etc/pki/tls/private/key.pem smtpd_tls_loglevel = 1 smtpd_tls_mandatory_ciphers = high smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_preempt_cipherlist = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/aliases, hash:/etc/postfix/aliases.d/virtual_aliases, ldap:/etc/postfix/ldap-alias-vacation.cf, ldap:/etc/postfix/ldap-aliases.cf virtual_gid_maps = static:500 virtual_mailbox_base = /home/vmail/ virtual_mailbox_domains = $mydomain, space.$mydomain, admin.$mydomain, nestor.$mydomain, gein.$mydomain, meteo.$mydomain, technet.$mydomain, astro.$mydomain virtual_mailbox_limit = 0 virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf virtual_transport = dovecot virtual_uid_maps = static:500
Re: On proxy_read_maps
Am 09.03.2012 12:49, schrieb Nikolaos Milas: For reference: # postconf -n snip why are you not doing simply what the error-message suggests? add it to proxy_read_maps, see me mail before Mar 8 20:12:01 vmail postfix/proxymap[32599]: warning: to approve this table for read-only access, list proxy:ldap:/etc/postfix/ldap-alias-vacation.cf in main.cf:proxy_read_maps Mar 8 20:12:01 vmail postfix/submission/smtpd[32325]: fatal: proxymap service is not configured for table ldap:/etc/postfix/ldap-alias-vacation.cf signature.asc Description: OpenPGP digital signature
Re: On proxy_read_maps
Nikolaos Milas: Mar 8 20:12:01 vmail postfix/proxymap[32599]: warning: request for unapproved table: ldap:/etc/postfix/ldap-alias-vacation.cf That is because you screwed up the proxy_read_maps parameter setting. COMMENT it OUT and THIS ERROR will go away, leaving your INCORRECT FILE PERMISSION problem. Then, FIX THE FILE PERMISSIONS. Wietse
Re: On proxy_read_maps
On 9/3/2012 1:49 μμ, Reindl Harald wrote: 644 is a very bad idea - chown root:postfix, chmod 640 You are totally right Reindl, I only did it momentarily, just to check the hypothesis that it was a permissions problem. Thanks for your feedback. Nick
Re: On proxy_read_maps
On 9/3/2012 1:53 μμ, Wietse Venema wrote: That is because you screwed up the proxy_read_maps parameter setting. When I did all tests, I did not set ANY proxy_read_maps values (so it should have the default values). All the info I sent about settings of the proxy_read_maps parameter was hypothetical. Nick
Re: On proxy_read_maps
Am 09.03.2012 12:53, schrieb Nikolaos Milas: On 9/3/2012 1:49 μμ, Reindl Harald wrote: 644 is a very bad idea - chown root:postfix, chmod 640 You are totally right Reindl, I only did it momentarily, just to check the hypothesis that it was a permissions problem even than it is still a wrong action do this with a openssh key and sshd will no longer use it because permissions are too open usually you can find out the user running the process with ps aux (if it is running) [root@srv-rhsoft:~]$ ps aux | grep proxy root 14432 0.0 0.0 56 904 pts/7S+ 13:00 0:00 grep --color proxy postfix 30858 0.0 0.0 142820 3076 ?SMar07 0:00 proxymap -t unix -u -o max_use=1 -o max_idle=1h signature.asc Description: OpenPGP digital signature
Re: On proxy_read_maps
On 9/3/2012 2:01 μμ, Reindl Harald wrote: even than it is still a wrong action I've: chown -R root:postfix /etc/postfix/ and chmod 640 to files and 750 to directories Thanks, Nick
Re: On proxy_read_maps
Am 09.03.2012 12:53, schrieb Wietse Venema: Nikolaos Milas: Mar 8 20:12:01 vmail postfix/proxymap[32599]: warning: request for unapproved table: ldap:/etc/postfix/ldap-alias-vacation.cf That is because you screwed up the proxy_read_maps parameter setting. COMMENT it OUT and THIS ERROR will go away, leaving your INCORRECT FILE PERMISSION problem. Then, FIX THE FILE PERMISSIONS. his postconf -n does not contain proxy_read_maps if you think it is not needed at all than postfix has a bug i did the follwoing long a go because exavtly the same messages in the error log after start using proxy:mysql and because proxymap service is not configured for table is really clear there is currently no magic in postfix let this work without configure proxy_read_maps what the OP did not proxy_read_maps = proxy:mysql:/etc/postfix/mysql-mynetworks.cf proxy:mysql:/etc/postfix/mysql-mydestination.cf proxy:mysql:/etc/postfix/mysql-recipients.cf proxy:mysql:/etc/postfix/mysql-rewritedomains.cf proxy:mysql:/etc/postfix/mysql-rewritesenders.cf proxy:mysql:/etc/postfix/mysql-transport.cf proxy:mysql:/etc/postfix/mysql-sender_relay_hosts.cf proxy:mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf proxy:mysql:/etc/postfix/mysql-aliases.cf proxy:mysql:/etc/postfix/mysql-senderaccess.cf proxy:mysql:/etc/postfix/mysql-spamfilter.cf proxy:mysql:/etc/postfix/mysql-forwarders.cf signature.asc Description: OpenPGP digital signature
Re: On proxy_read_maps
On 9/3/2012 1:52 μμ, Reindl Harald wrote: why are you not doing simply what the error-message suggests? add it to proxy_read_maps, see me mail before I understand. The question is why postfix did not use the proxymap service automatically - as Wietse mentioned - when I simply added proxy: before ldap: (and - I clarify again - I did not set any proxy_read_maps value). Nick
Re: Keeping a copy of all mail, and then removing headers from outbound
In that case, it should be safe to have the option in main.cf, because LMTP mail delivery uses lmtp_header_checks instead of smtp_header_checks. Thanks, Wietse. It worked like a charm. -- Lars Preben Sørsdahl lars.preben.no
Message bounced by administrator
Hi, Today somebody (user1, see below) sent a message from outside to our org. Our gateway server (Cisco Ironport C-160: mailgw.admin.noa.gr) received the message which had 9 recipients, of which one in an outside domain, one in the @astro.noa.gr domain and 7 in the @noa.gr domain. Those last 8 messages were forwarded to our final Postfix server (2.8.3 on CentOS 5.7 x86_64) for delivery. The one in the @astro.noa.gr domain(user2)was delivered fine. The other 7 bounced with the message: 5.x.0 - Message bounced by administrator ('000', []) . Note that @astro.noa.gr is not treated differently than @noa.gr, nor we have noticed such a problem again. {Comment: The time difference is due to non proper time sync on Cisco Ironport.} I have not seen something like this. Can somebody please provide some insight? Thanks in advance, Nick Logs from Postfix (true usernames changed consistently): Mar 9 04:21:36 vmail postfix/smtpd[16063]: connect from mailgw.admin.noa.gr[195.251.204.12] Mar 9 04:21:36 vmail postfix/smtpd[16063]: 535E4C4D1F8: client=mailgw.admin.noa.gr[195.251.204.12] Mar 9 04:21:36 vmail postfix/cleanup[16059]: 535E4C4D1F8: message-id=69717EF038E74A01B1B77103FAF50F8D@pavillion Mar 9 04:21:36 vmail postfix/qmgr[32594]: 535E4C4D1F8: from=us...@noa.gr, size=19392, nrcpt=1 (queue active) Mar 9 04:21:36 vmail postfix/pipe[16065]: 535E4C4D1F8: to=us...@astro.noa.gr, relay=dovecot, delay=0.15, delays=0.086/0.001/0/0.058, dsn=2.0.0, status=sent (delivered via dovecot service) Mar 9 04:21:36 vmail postfix/qmgr[32594]: 535E4C4D1F8: removed Mar 9 04:21:36 vmail postfix/smtpd[16069]: connect from mailgw.admin.noa.gr[195.251.204.12] Mar 9 04:21:36 vmail postfix/smtpd[16069]: 82EEDC4D1F8: client=mailgw.admin.noa.gr[195.251.204.12] Mar 9 04:21:36 vmail postfix/cleanup[16059]: 82EEDC4D1F8: message-id=0684c0$u...@mailgw.admin.noa.gr Mar 9 04:21:36 vmail postfix/qmgr[32594]: 82EEDC4D1F8: from=, size=3269, nrcpt=1 (queue active) Mar 9 04:21:36 vmail postfix/smtpd[16069]: 9EC3CC4D215: client=mailgw.admin.noa.gr[195.251.204.12] Mar 9 04:21:36 vmail postfix/cleanup[16059]: 9EC3CC4D215: message-id=0684c0$u...@mailgw.admin.noa.gr Mar 9 04:21:36 vmail postfix/qmgr[32594]: 9EC3CC4D215: from=, size=3258, nrcpt=1 (queue active) Mar 9 04:21:36 vmail postfix/smtpd[16069]: A8E73C4D234: client=mailgw.admin.noa.gr[195.251.204.12] Mar 9 04:21:36 vmail postfix/cleanup[16059]: A8E73C4D234: message-id=0684c0$u...@mailgw.admin.noa.gr Mar 9 04:21:36 vmail postfix/qmgr[32594]: A8E73C4D234: from=, size=3262, nrcpt=1 (queue active) Mar 9 04:21:36 vmail postfix/smtpd[16069]: B3145C4D264: client=mailgw.admin.noa.gr[195.251.204.12] Mar 9 04:21:36 vmail postfix/cleanup[16059]: B3145C4D264: message-id=0684c0$u...@mailgw.admin.noa.gr Mar 9 04:21:36 vmail postfix/qmgr[32594]: B3145C4D264: from=, size=3264, nrcpt=1 (queue active) Mar 9 04:21:36 vmail postfix/smtpd[16069]: BD551C4D266: client=mailgw.admin.noa.gr[195.251.204.12] Mar 9 04:21:36 vmail postfix/cleanup[16059]: BD551C4D266: message-id=0684c0$u...@mailgw.admin.noa.gr Mar 9 04:21:36 vmail postfix/qmgr[32594]: BD551C4D266: from=, size=3258, nrcpt=1 (queue active) Mar 9 04:21:36 vmail postfix/smtpd[16069]: C76D8C4D26A: client=mailgw.admin.noa.gr[195.251.204.12] Mar 9 04:21:36 vmail postfix/cleanup[16059]: C76D8C4D26A: message-id=0684c0$u...@mailgw.admin.noa.gr Mar 9 04:21:36 vmail postfix/qmgr[32594]: C76D8C4D26A: from=, size=3264, nrcpt=1 (queue active) Mar 9 04:21:36 vmail postfix/smtpd[16069]: D0E6CC4D27B: client=mailgw.admin.noa.gr[195.251.204.12] Mar 9 04:21:36 vmail postfix/cleanup[16059]: D0E6CC4D27B: message-id=0684c0$u...@mailgw.admin.noa.gr Mar 9 04:21:36 vmail postfix/qmgr[32594]: D0E6CC4D27B: from=, size=3273, nrcpt=1 (queue active) Mar 9 04:21:40 vmail postfix/smtp[16071]: 9EC3CC4D215: to=us...@otenet.gr, orig_to=us...@noa.gr, relay=mx.otenet.gr[62.103.147.198]:25, delay=3.5, delays=0.024/0.006/3/0.4, dsn=2.0.0, status=sent (250 2.0.0 q292LaYj023447 Message accepted for delivery) Mar 9 04:21:40 vmail postfix/qmgr[32594]: 9EC3CC4D215: removed Mar 9 04:21:40 vmail postfix/smtp[16060]: 82EEDC4D1F8: to=us...@otenet.gr, orig_to=us...@noa.gr, relay=mx.otenet.gr[62.103.147.198]:25, delay=3.6, delays=0.1/0.002/3.1/0.42, dsn=2.0.0, status=sent (250 2.0.0 q292LaxN023445 Message accepted for delivery) Mar 9 04:21:40 vmail postfix/qmgr[32594]: 82EEDC4D1F8: removed Mar 9 04:21:40 vmail postfix/smtp[16072]: A8E73C4D234: to=us...@otenet.gr, orig_to=us...@noa.gr, relay=mx.otenet.gr[62.103.147.198]:25, delay=3.5, delays=0.025/0.005/3/0.41, dsn=2.0.0, status=sent (250 2.0.0 q292LaCF023449 Message accepted for delivery) Mar 9 04:21:40 vmail postfix/qmgr[32594]: A8E73C4D234: removed Mar 9 04:21:40 vmail postfix/smtp[16073]: B3145C4D264: to=us...@otenet.gr, orig_to=us...@noa.gr, relay=mx.otenet.gr[62.103.147.198]:25, delay=3.5, delays=0.024/0.005/3/0.4, dsn=2.0.0, status=sent (250 2.0.0 q292La2Q023451 Message
mx bind ip
Hi, I gave a secondary mx with 2 ipv4 and 2 ipv6 ip's. I have dns'd one of each protocol for mx and ns Trying to get postfix to play nice with mx on outbound. hostname, mynetworks etc all setup right. I have tried smtp_bind_address(6) but for some reason, although it uses the correct IP, the relays are denied for spf failure on the main server, even though they are all permitted in spf RR, ok, evident by fact that if I remove the option, it works again, I even downed that IP on the box, and it relayed fine (yeah go figure) so, moved on to inet_interfaces included 127.0.0.1 ipv4 and ipv6 addresses for mx, but this uses the wrong ipv4 address when connecting So, what is the preferred method for assigning the outbound IP ? Thought about master.cf, but that will require an entry for ipv4 and another separate for ipv6 from my reading of docs, which seems kinda silly given sliding respources between the two protocols. Thanks
Re: mx bind ip
Nick Edwards: I have tried smtp_bind_address(6) but for some reason, although it uses the correct IP, the relays are denied for spf failure on the main server, even though they are all permitted in spf RR, ok, evident So we know that Postfix sends mail with the correct IP address but you have made some mistake with SPF, or with the configuration of the system that incorrectly uses SPF. What have you done to to find out what the mistake is? Wietse
Re: Message bounced by administrator
Am 09.03.2012 15:55, schrieb Nikolaos Milas: Hi, Today somebody (user1, see below) sent a message from outside to our org. Our gateway server (Cisco Ironport C-160: mailgw.admin.noa.gr) received the message which had 9 recipients, of which one in an outside domain, one in the @astro.noa.gr domain and 7 in the @noa.gr domain. Those last 8 messages were forwarded to our final Postfix server (2.8.3 on CentOS 5.7 x86_64) for delivery. The one in the @astro.noa.gr domain(user2)was delivered fine. The other 7 bounced with the message: 5.x.0 - Message bounced by administrator ('000', []) i doubt this is not a postfix-message additionally your postfix log does not contain anything interesting it seems to be filtered only for lines containing the queue-id signature.asc Description: OpenPGP digital signature
Re: mx bind ip
Am 09.03.2012 16:01, schrieb Nick Edwards: Hi, I gave a secondary mx with 2 ipv4 and 2 ipv6 ip's. I have dns'd one of each protocol for mx and ns Trying to get postfix to play nice with mx on outbound. hostname, mynetworks etc all setup right. I have tried smtp_bind_address(6) but for some reason, although it uses the correct IP, the relays are denied for spf failure on the main server, even though they are all permitted in spf RR, ok, evident by fact that if I remove the option, it works again, I even downed that IP on the box, and it relayed fine (yeah go figure) so, moved on to inet_interfaces included 127.0.0.1 ipv4 and ipv6 addresses for mx, but this uses the wrong ipv4 address when connecting as long you are not providing logs showing your problem and postconf -n output nobody can help you logs from both - your relay machine and the main-server for one specific message signature.asc Description: OpenPGP digital signature
[SOLVED] Strange behavior of Postfix?
After Noel Jones tips, I check his postfix config and database in MySQL, and found that his mailing list domain was added, and was empty. Of course, Postfix is not a member of Merlin´s the Magician family, empty domain, empty mailboxes, so, get the error slapping you in the face... Best regards and, as always: Thanks Wietse, Noel, and all... Participe en la XVI Convencioacute;n de Ingenieriacute;a y Arquitectura del 26 al 30 de noviembre de 2012. Habana, Cuba: http://www.congresouniversidad.cu Consulte la enciclopedia colaborativa cubana. http://www.ecured.cu
Re: mx bind ip
On 3/10/12, Wietse Venema wie...@porcupine.org wrote: Nick Edwards: I have tried smtp_bind_address(6) but for some reason, although it uses the correct IP, the relays are denied for spf failure on the main server, even though they are all permitted in spf RR, ok, evident So we know that Postfix sends mail with the correct IP address but you have made some mistake with SPF, or with the configuration of the system that incorrectly uses SPF. What have you done to to find out what the mistake is? As I said, I've dropped all other IP's except the mx2, so when it is its only route out, it connects fine, but all goes up that famous creek once I use these extra settings and I restart networking so the other IPs are there, even the openspf.net reject message says sender is authorized but was rejected and it cant help why, the spf we use is policy-spf. Is the smtp bind address correct method? or inet_interfaces? Nik
Re: mx bind ip
On 3/10/12, Reindl Harald h.rei...@thelounge.net wrote: Am 09.03.2012 16:01, schrieb Nick Edwards: Hi, I gave a secondary mx with 2 ipv4 and 2 ipv6 ip's. I have dns'd one of each protocol for mx and ns Trying to get postfix to play nice with mx on outbound. hostname, mynetworks etc all setup right. I have tried smtp_bind_address(6) but for some reason, although it uses the correct IP, the relays are denied for spf failure on the main server, even though they are all permitted in spf RR, ok, evident by fact that if I remove the option, it works again, I even downed that IP on the box, and it relayed fine (yeah go figure) so, moved on to inet_interfaces included 127.0.0.1 ipv4 and ipv6 addresses for mx, but this uses the wrong ipv4 address when connecting as long you are not providing logs showing your problem and postconf -n output nobody can help you logs from both - your relay machine and the main-server for one specific message logs are no good because it simply says rejected (ip) spf -all method. all other settings wont help either since the two new settings smtp bind address and inet_interfaces are simply IP's given, as in my OP. have to go to meeting now so ill check back in later. ciao
Re: mx bind ip
On Sat, Mar 10, 2012 at 02:19:55AM +1000, Nick Edwards wrote: Is the smtp bind address correct method? or inet_interfaces? smtp_bind_address is for sending, inet_interfaces for receiving. I think you will get better help if you get down to specifics. Post the relevant IP addresses, the SPF record, and yes, the logs. Regards, -- Ben Rosengart Like all those possessing a library, Sendmail, Inc. Aurelian was aware that he was guilty of +1 718 431 3822 not knowing his in its entirety [...] -- Jorge Luis Borges NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited.
Re: mx bind ip
Nick Edwards: Is the smtp bind address correct method? or inet_interfaces? Everybody already knows that smtp_bind_address and smtp_bind_address6 set the correct IP address for SENDING mail. If the RECEIVING server flags an error for the correct IP address, then THAT is the problem you need to fix. Over and out. Wietse
Re: mx bind ip
Am 09.03.2012 17:23, schrieb Nick Edwards: On 3/10/12, Reindl Harald h.rei...@thelounge.net wrote: Am 09.03.2012 16:01, schrieb Nick Edwards: Hi, I gave a secondary mx with 2 ipv4 and 2 ipv6 ip's. I have dns'd one of each protocol for mx and ns Trying to get postfix to play nice with mx on outbound. hostname, mynetworks etc all setup right. I have tried smtp_bind_address(6) but for some reason, although it uses the correct IP, the relays are denied for spf failure on the main server, even though they are all permitted in spf RR, ok, evident by fact that if I remove the option, it works again, I even downed that IP on the box, and it relayed fine (yeah go figure) so, moved on to inet_interfaces included 127.0.0.1 ipv4 and ipv6 addresses for mx, but this uses the wrong ipv4 address when connecting as long you are not providing logs showing your problem and postconf -n output nobody can help you logs from both - your relay machine and the main-server for one specific message logs are no good because it simply says rejected (ip) spf -all method. all other settings wont help either since the two new settings smtp bind address and inet_interfaces are simply IP's given, as in my OP logs are good because they show the connection IP! also you SPF-records are important do you have different SPF views (WAN/LAN) are the SPF records on all views sane? smtp -o smtp_bind_address=xx in main.cf works for sure __ what type of entries are you using in your SPF record? i found out that a/mx entries sometimes making troubles and since we changed our backend to use only ip and let the backend translate servernames automatically whle generating the zone-files i never saw a single spf-error the last 2 years thelounge.net. 86400 IN SPF v=spf1 ip4:91.118.73.15 ip4:91.118.73.20 ip4:91.118.73.17 ip4:91.118.73.6 ip4:91.118.73.32 ip4:91.118.73.38 ip4:91.118.73.30 ip4:91.118.73.1 ip4:89.207.144.27 -all thelounge.net. 86400 IN TXT v=spf1 ip4:91.118.73.15 ip4:91.118.73.20 ip4:91.118.73.17 ip4:91.118.73.6 ip4:91.118.73.32 ip4:91.118.73.38 ip4:91.118.73.30 ip4:91.118.73.1 ip4:89.207.144.27 -all signature.asc Description: OpenPGP digital signature
Re: Message bounced by administrator
On 9/3/2012 5:16 μμ, Reindl Harald wrote: i doubt this is not a postfix-message It can't be from anywhere else (as far as I can tell). We are not running any filters, anti-spam or anti-virus on this Postfix server. I haven't seen any errors on the associated ldap server (used for user lookups) either. I hope Wietse can provide some more info. additionally your postfix log does not contain anything interesting it seems to be filtered only for lines containing the queue-id I have copied the whole content from the maillog regarding the handling of this message. I have not filtered anything out. Thanks, Nick
Re: Message bounced by administrator
On Fri, Mar 09, 2012 at 06:35:58PM +0200, Nikolaos Milas wrote: On 9/3/2012 5:16, Reindl Harald wrote: i doubt this is not a postfix-message It can't be from anywhere else (as far as I can tell). You said it was Ironport. We are not running any filters, anti-spam or anti-virus on this Postfix server. I haven't seen any errors on the associated ldap server (used for user lookups) either. I hope Wietse can provide some more info. additionally your postfix log does not contain anything interesting This part is true. it seems to be filtered only for lines containing the queue-id I have copied the whole content from the maillog regarding the handling of this message. I have not filtered anything out. Indeed, you have pasted a complete log which shows no problem in Postfix. The bounces came from outside, not generated by Postfix. Your issue is outside Postfix. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: Message bounced by administrator
Am 09.03.2012 17:35, schrieb Nikolaos Milas: On 9/3/2012 5:16 μμ, Reindl Harald wrote: i doubt this is not a postfix-message It can't be from anywhere else (as far as I can tell). We are not running any filters, anti-spam or anti-virus on this Postfix server. Mar 9 04:21:36 vmail postfix/smtpd[16063]: connect from mailgw.admin.noa.gr[195.251.204.12] Mar 9 04:21:36 vmail postfix/smtpd[16063]: 535E4C4D1F8: client=mailgw.admin.noa.gr[195.251.204.12] Mar 9 04:21:36 vmail postfix/cleanup[16059]: 535E4C4D1F8: message-id=69717EF038E74A01B1B77103FAF50F8D@pavillion Mar 9 04:21:36 vmail postfix/qmgr[32594]: 535E4C4D1F8: from=us...@noa.gr, size=19392, nrcpt=1 (queue active) Mar 9 04:21:36 vmail postfix/pipe[16065]: 535E4C4D1F8: to=us...@astro.noa.gr, relay=dovecot, delay=0.15, delays=0.086/0.001/0/0.058, dsn=2.0.0, status=sent (delivered via dovecot service) shows clearly that the message was received and given to dovecot after that something must happen Mar 9 04:21:36 vmail postfix/smtpd[16069]: C76D8C4D26A: client=mailgw.admin.noa.gr[195.251.204.12] Mar 9 04:21:36 vmail postfix/cleanup[16059]: C76D8C4D26A: message-id=0684c0$u...@mailgw.admin.noa.gr Mar 9 04:21:36 vmail postfix/qmgr[32594]: C76D8C4D26A: from=, size=3264, nrcpt=1 (queue active) shows that the bounces are from mailgw.admin.noa.gr[195.251.204.12] you should search the logs there - the machine vmail is not responsible for me it sounds like dovecot is responsible for them after accepted the messages, sent the bounces to 195.251.204.12 (no idea why - depends on config) and from there they was simply relayed back to vmail additionally your postfix log does not contain anything interesting it seems to be filtered only for lines containing the queue-id I have copied the whole content from the maillog regarding the handling of this message. I have not filtered anything out but there is no single REJCT line or as mentinoed above you are searhcing in the wrong machines logs, so this machine did not generate/trigger any bounce signature.asc Description: OpenPGP digital signature
Re: Message bounced by administrator
Nikolaos Milas: I hope Wietse can provide some more info. Negative. The mail is rejected by a non-Postfix machine. Wietse
Re: On proxy_read_maps
On 9/3/2012 2:07 μμ, Nikolaos Milas wrote: I've: chown -R root:postfix /etc/postfix/ and chmod 640 to files and 750 to directories Since I did this, I get the error: Mar 9 21:23:53 vmail postfix/sendmail[1752]: fatal: open /etc/postfix/main.cf: Permission denied # ls -la /etc/postfix/main.cf -rw-r- 1 root postfix 32806 Mar 8 20:11 /etc/postfix/main.cf What do I have to do to get sendmail (i.e. sendmail.postfix) running correctly? Thanks, Nick
Re: On proxy_read_maps
Am 09.03.2012 20:28, schrieb Nikolaos Milas: On 9/3/2012 2:07 μμ, Nikolaos Milas wrote: I've: chown -R root:postfix /etc/postfix/ and chmod 640 to files and 750 to directories Since I did this, I get the error: Mar 9 21:23:53 vmail postfix/sendmail[1752]: fatal: open /etc/postfix/main.cf: Permission denied # ls -la /etc/postfix/main.cf -rw-r- 1 root postfix 32806 Mar 8 20:11 /etc/postfix/main.cf What do I have to do to get sendmail (i.e. sendmail.postfix) running correctly? /etc/postfix - 755 main-configuration which usually do not contain configuration should have 644 because sendmail is running as the user who starts it this is exactly the reason for proxy maps (beside better connection handling) sensible configuration files containing passwords needs only postfix-group-permissions and are not readable by other users while sendmail is talking to proxymap process and so have access to the full configuration -rw-r--r-- 1 root root 21K 2012-02-22 19:40 access -rw-r--r-- 1 root root5,1K 2011-04-17 23:03 canonical -rw-r--r-- 1 root root9,7K 2012-02-22 19:40 generic -rw-r--r-- 1 root root 22K 2012-02-22 19:40 header_checks -rw-r--r-- 1 root root6,7K 2012-02-22 19:40 relocated -rw-r--r-- 1 root root 13K 2012-02-22 19:40 transport -rw-r--r-- 1 root root 13K 2012-02-22 19:40 virtual -rw-r--r-- 1 root root4,0K 2009-08-15 21:43 bounce.cf -rw-r--r-- 1 root root8,6K 2012-02-22 20:10 main.cf -rw-r--r-- 1 root root4,2K 2011-06-11 14:01 master.cf -rw-r- 1 root postfix 198 2011-04-27 18:51 mysql-aliases.cf -rw-r- 1 root postfix 297 2011-05-28 18:37 mysql-forwarders.cf -rw-r- 1 root postfix 204 2011-04-27 18:52 mysql-mydestination.cf -rw-r- 1 root postfix 198 2011-04-27 18:42 mysql-mynetworks.cf -rw-r- 1 root postfix 199 2011-04-27 18:52 mysql-recipients.cf -rw-r- 1 root postfix 466 2011-04-27 18:52 mysql-rewritedomains.cf -rw-r- 1 root postfix 206 2011-04-27 18:53 mysql-rewritesenders.cf -rw-r- 1 root postfix 330 2011-04-27 18:53 mysql-senderaccess.cf -rw-r- 1 root postfix 368 2011-05-13 00:49 mysql-sender_relay_hosts_auth.cf -rw-r- 1 root postfix 205 2011-04-27 18:53 mysql-sender_relay_hosts.cf -rw-r- 1 root postfix 201 2011-04-27 18:53 mysql-spamfilter.cf -rw-r- 1 root postfix 490 2011-04-27 18:54 mysql-transport-backup-dbmail.cf -rw-r- 1 root postfix 265 2011-04-27 18:54 mysql-transport.cf signature.asc Description: OpenPGP digital signature
Re: On proxy_read_maps
On 9/3/2012 9:28 μμ, Nikolaos Milas wrote: Since I did this, I get the error: Mar 9 21:23:53 vmail postfix/sendmail[1752]: fatal: open /etc/postfix/main.cf: Permission denied ... What do I have to do to get sendmail (i.e. sendmail.postfix) running correctly? Note: these errors come from the web mail app, when trying to send mail. It's squirrelmail. I tried raising permissions level to main.cf but it still didn't work. With every attempt to send mail from the web interface, I get the above error. I'm getting confused... Any hint will be appreciated. Nick
Re: On proxy_read_maps
On 9/3/2012 9:59 μμ, Reindl Harald wrote: /etc/postfix - 755 Thank you! You saved me from a very bad headache. Obviously this was the main cause. I found that /etc/postfix was 750. Thanks also for the absolutely valuable details on permissions. I followed your advice. I'll now manage to sleep today (hopefully)... Nick
Re: On proxy_read_maps
Am 09.03.2012 21:01, schrieb Nikolaos Milas: On 9/3/2012 9:28 μμ, Nikolaos Milas wrote: Since I did this, I get the error: Mar 9 21:23:53 vmail postfix/sendmail[1752]: fatal: open /etc/postfix/main.cf: Permission denied ... What do I have to do to get sendmail (i.e. sendmail.postfix) running correctly? Note: these errors come from the web mail app, when trying to send mail. It's squirrelmail. I tried raising permissions level to main.cf but it still didn't work. With every attempt to send mail from the web interface, I get the above error. I'm getting confused... Any hint will be appreciated why do you not read my last answer and look it my posted permissions this dir-listing is from a long running production server * /etc/postfix - root:root - 755 * base-configuration - root:root - 644 * proxymap-files - root:postfix - 640 -rw-r--r-- 1 root root 21K 2012-02-22 19:40 access -rw-r--r-- 1 root root5,1K 2011-04-17 23:03 canonical -rw-r--r-- 1 root root9,7K 2012-02-22 19:40 generic -rw-r--r-- 1 root root 22K 2012-02-22 19:40 header_checks -rw-r--r-- 1 root root6,7K 2012-02-22 19:40 relocated -rw-r--r-- 1 root root 13K 2012-02-22 19:40 transport -rw-r--r-- 1 root root 13K 2012-02-22 19:40 virtual -rw-r--r-- 1 root root4,0K 2009-08-15 21:43 bounce.cf -rw-r--r-- 1 root root8,6K 2012-02-22 20:10 main.cf -rw-r--r-- 1 root root4,2K 2011-06-11 14:01 master.cf -rw-r- 1 root postfix 198 2011-04-27 18:51 mysql-aliases.cf -rw-r- 1 root postfix 297 2011-05-28 18:37 mysql-forwarders.cf -rw-r- 1 root postfix 204 2011-04-27 18:52 mysql-mydestination.cf -rw-r- 1 root postfix 198 2011-04-27 18:42 mysql-mynetworks.cf -rw-r- 1 root postfix 199 2011-04-27 18:52 mysql-recipients.cf -rw-r- 1 root postfix 466 2011-04-27 18:52 mysql-rewritedomains.cf -rw-r- 1 root postfix 206 2011-04-27 18:53 mysql-rewritesenders.cf -rw-r- 1 root postfix 330 2011-04-27 18:53 mysql-senderaccess.cf -rw-r- 1 root postfix 368 2011-05-13 00:49 mysql-sender_relay_hosts_auth.cf -rw-r- 1 root postfix 205 2011-04-27 18:53 mysql-sender_relay_hosts.cf -rw-r- 1 root postfix 201 2011-04-27 18:53 mysql-spamfilter.cf -rw-r- 1 root postfix 490 2011-04-27 18:54 mysql-transport-backup-dbmail.cf -rw-r- 1 root postfix 265 2011-04-27 18:54 mysql-transport.cf signature.asc Description: OpenPGP digital signature
Re: On proxy_read_maps
Am 09.03.2012 21:18, schrieb Nikolaos Milas: On 9/3/2012 9:59 μμ, Reindl Harald wrote: /etc/postfix - 755 Thank you! You saved me from a very bad headache. no problem Obviously this was the main cause. I found that /etc/postfix was 750. Thanks also for the absolutely valuable details on permissions. I followed your advice. keep in mind that after config/permission-changes and updates a hard restart of the mailservices is often a good idea some long living process otherwise may still run and possible problems get triggered delayed the same happens as example if you upgrade dovecot without restart - the service may run for a very long time until new worker processes are started noticing that running master-process has a different version - happend on the test-machine of my co-worker a hour after upgrade :-) I'll now manage to sleep today (hopefully)... good night signature.asc Description: OpenPGP digital signature
WHY?? Subject: Subject:
Has anyone ever seen this ...when I type mail at the shell prompt, I get Subject: Subject: like there is two of something running?? /tmp=id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) /tmp=mail freddy Subject: Subject: test test . Cc: /tmp=exit /tmp/=id uid=500(user) gid=500(user) groups=500(user) /tmp=mail freddy Subject: Subject: test test . Cc: /tmp/=
Re: WHY?? Subject: Subject:
On Fri, 9 Mar 2012, Ctdi Unix wrote: Has anyone ever seen this ...when I type mail at the shell prompt, I get Subject: Subject: like there is two of something running?? The shell mail command is not part of Postfix. This problem does not appear to be related to Postfix in any manner. -- Larry Stone lston...@stonejongleux.com
Re: WHY?? Subject: Subject:
Ctdi Unix: Has anyone ever seen this ...when I type mail at the shell prompt, I get Subject: Subject: like there is two of something running?? /tmp=id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) /tmp=mail freddy Subject: Subject: test test . Cc: /tmp=exit It may be worthwhile to look at /etc/mail.rc or ~/.mailrc for mis-typed commands in there. Wietse
Re: mx bind ip
On 3/10/12, Wietse Venema wie...@porcupine.org wrote: Nick Edwards: Is the smtp bind address correct method? or inet_interfaces? Everybody already knows that smtp_bind_address and smtp_bind_address6 set the correct IP address for SENDING mail. If the RECEIVING server flags an error for the correct IP address, then THAT is the problem you need to fix. thanks, and not everybody knows it, given by half the google responses I've read, including some from zimbra :- Over and out. Yes, now I have clarification, I will post followup once I get back to work and nut out the issue, it is now time for bed :-
Clever Virtual Mail Hosting Web Manager
Hi list Probably quite a few of you are running virtual domain hosting http://www.postfix.org/VIRTUAL_README.html. I have started with similar setup, but then I merged all tables into one to make management simpler. Unfortunately there wasn’t any web admin for managing such a set-up so I wrote one myself in PHP / Agile Toolkit. As it might be useful to others, I’m sharing it here: https://github.com/romaninsh/Agile-Postfix-Admin Features: - create mailboxes, redirects, aliases - supports several access levels 0=single user, 9=domain access, 99=all domains - simple to install, very small code footprint (all logic in 160 lines of PHP) - searching, filtering by domain - postfix and courier sample config included Feel free to use the tool. PHP5.3 required. You are welcome to contribute any fixes back by forking me on github. Installation instructions are in README file. Regards, Romans. NOTE: This is beta version and it stores passwords in clear text in the database. I will add encryption in the further releases.
Re: Clever Virtual Mail Hosting Web Manager
I must have mentioned that the demo is running here: http://postfixadmin.agiletoolkit.org Have a nice weekend everyone. Hi list Probably quite a few of you are running virtual domain hosting http://www.postfix.org/VIRTUAL_README.html. I have started with similar setup, but then I merged all tables into one to make management simpler. Unfortunately there wasn’t any web admin for managing such a set-up so I wrote one myself in PHP / Agile Toolkit. As it might be useful to others, I’m sharing it here: https://github.com/romaninsh/Agile-Postfix-Admin Features: - create mailboxes, redirects, aliases - supports several access levels 0=single user, 9=domain access, 99=all domains - simple to install, very small code footprint (all logic in 160 lines of PHP) - searching, filtering by domain - postfix and courier sample config included Feel free to use the tool. PHP5.3 required. You are welcome to contribute any fixes back by forking me on github. Installation instructions are in README file. Regards, Romans. NOTE: This is beta version and it stores passwords in clear text in the database. I will add encryption in the further releases.
Re: mx bind ip
On 3/10/12, Reindl Harald h.rei...@thelounge.net wrote: Am 09.03.2012 17:23, schrieb Nick Edwards: On 3/10/12, Reindl Harald h.rei...@thelounge.net wrote: logs are no good because it simply says rejected (ip) spf -all method. all other settings wont help either since the two new settings smtp bind address and inet_interfaces are simply IP's given, as in my OP logs are good because they show the connection IP! also you SPF-records are important do you have different SPF views (WAN/LAN) are the SPF records on all views sane? smtp -o smtp_bind_address=xx in main.cf works for sure __ what type of entries are you using in your SPF record? i found out that a/mx entries sometimes making troubles and since we changed our backend to use only ip and let the backend translate servernames automatically whle generating the zone-files i never saw a single spf-error the last 2 years SPF is setup correctly, I've been setting up SPF for a great many years , even back in the old qmail days, I know our SPF records are perfect (I am no newbie to mail systems, just not 100% expert in postfix) thelounge.net. 86400 IN SPF v=spf1 ip4:91.118.73.15 ip4:91.118.73.20 ip4:91.118.73.17 ip4:91.118.73.6 ip4:91.118.73.32 ip4:91.118.73.38 ip4:91.118.73.30 ip4:91.118.73.1 ip4:89.207.144.27 -all thelounge.net. 86400 IN TXT v=spf1 ip4:91.118.73.15 ip4:91.118.73.20 ip4:91.118.73.17 ip4:91.118.73.6 ip4:91.118.73.32 ip4:91.118.73.38 ip4:91.118.73.30 ip4:91.118.73.1 ip4:89.207.144.27 -all yes but I also include 'mx' and I never use 'a' or ptr, they are IMHO too wide, BTW, I hope you also use spf2.0 settings as well, makes it easier to get higher confidence level in sending to hotmail/live.com :- Given what Wietse has said, I am tending more towards spfpolicy.pl on master, but I'm too tired and it's late, so I'll investigate more after some sleep. Nik
unused parameter warnings with postfix 2.9.1
i recently upgraded my test-vm to Fedora 16 the following messages appear in the syslog (with Fedora 15 they was not there) why they are unused and why they are not in /var/log/maillog? Mar 10 02:16:45 testserver postfix[1935]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: barracuda_smtpd_recipient_restrictions=check_policy_service unix:/var/spool/postfix/dbmail-postfix-policyd/socket permit_mynetworks reject Mar 10 02:16:45 testserver postfix[1935]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: lmtp_max_idle=600 Mar 10 02:16:45 testserver postfix[1935]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: smtp_tls_received_header=yes Mar 10 02:16:45 testserver postfix[1935]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: smtpd_tls_cipherlist=HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 Mar 10 02:16:45 testserver postfix[1935]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: barracuda_smtpd_recipient_restrictions=check_policy_service unix:/var/spool/postfix/dbmail-postfix-policyd/socket permit_mynetworks reject signature.asc Description: OpenPGP digital signature
Re: unused parameter warnings with postfix 2.9.1
Reindl Harald: i recently upgraded my test-vm to Fedora 16 the following messages appear in the syslog (with Fedora 15 they was not there) why they are unused Because they are not used. For example, smtpd_tls_cipherlist does not exist, and barracuda_smtpd_recipient_restrictions also does not exist. Likewise for smtp_tls_received_header. I added these checks because it is easy to mis-type a name and then people wonder why it does not work. and why they are not in /var/log/maillog? Because postconf, like postcat, sends error messages to stderr only. The latter is intentional, but the former may be an oversight. It has never been reported before. Wietse Mar 10 02:16:45 testserver postfix[1935]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: barracuda_smtpd_recipient_restrictions=check_policy_service unix:/var/spool/postfix/dbmail-postfix-policyd/socket permit_mynetworks reject Mar 10 02:16:45 testserver postfix[1935]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: lmtp_max_idle=600 Mar 10 02:16:45 testserver postfix[1935]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: smtp_tls_received_header=yes Mar 10 02:16:45 testserver postfix[1935]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: smtpd_tls_cipherlist=HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 Mar 10 02:16:45 testserver postfix[1935]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: barracuda_smtpd_recipient_restrictions=check_policy_service unix:/var/spool/postfix/dbmail-postfix-policyd/socket permit_mynetworks reject -- End of PGP section, PGP failed!
Re: unused parameter warnings with postfix 2.9.1
Am 10.03.2012 02:35, schrieb Wietse Venema: Because they are not used. For example, smtpd_tls_cipherlist does not exist ok, got an old documentation i assume and barracuda_smtpd_recipient_restrictions also does not exist. was mentioned by you because permit_mynetworks, reject does not work in master.cf 10.0.0.15:10026 inet n - n - - smtpd -o mynetworks=10.0.0.20 -o smtpd_client_connection_count_limit=75 -o smtpd_recipient_restrictions=$barracuda_smtpd_recipient_restrictions Because postconf, like postcat, sends error messages to stderr only. The latter is intentional, but the former may be an oversight. It has never been reported before. as said - i never saw this warnings on Fedora 15 with the same config and also postfix 2.9.1 - the last hours upgraded to Fedora 16 and wondered why tehre are postfix warnings in /var/log/messages while /var/log/maillog has only the usual startup lines signature.asc Description: OpenPGP digital signature
Re: mx bind ip
On Sat, 2012-03-10 at 11:08 +1000, Nick Edwards wrote: On 3/10/12, Reindl Harald h.rei...@thelounge.net wrote: what type of entries are you using in your SPF record? i found out that a/mx entries sometimes making troubles and since we changed our backend to use only ip and let the backend translate servernames automatically whle generating the zone-files i never saw a single spf-error the last 2 years Good advice on not using A (for many reasons), though I've never seen a problem with MX myself. SPF is setup correctly, I've been setting up SPF for a great many years , even back in the old qmail days, I know our SPF records are When did you add these extra IP's? Recently? What is the actual connecting IP type to the master, IPv4, or IPv6? Does your primary mail server query a server that uses DNS views? Are you perchance using another DNS server in your tests that your primary mail server is not? You've been asked by others to supply actual details, if you don't want to make them public, try sending offlist, we can sit here for the next 6 months playing guessing games, if someone other than you has factual live information, they can perhaps run live tests using their DNS etc, kinda like a look at it with fresh eyes. Given what Wietse has said, I am tending more towards spfpolicy.pl on master, but I'm too tired and it's late, so I'll investigate more after some sleep. poppy, unless you have modified it (read as totally fscked it up) signature.asc Description: This is a digitally signed message part
Re: unused parameter warnings with postfix 2.9.1
Reindl Harald: Am 10.03.2012 02:35, schrieb Wietse Venema: Because they are not used. For example, smtpd_tls_cipherlist does not exist ok, got an old documentation i assume Nope, then there would be a backwards compatibility feature. 10.0.0.15:10026 inet n - n - - smtpd -o mynetworks=10.0.0.20 -o smtpd_client_connection_count_limit=75 -o smtpd_recipient_restrictions=$barracuda_smtpd_recipient_restrictions When I put the above in master.cf, and define barracuda_smtpd_recipient_restrictions=whatever in main.cf, then postconf does not complain about barracuda_smtpd_recipient_restrictions so you must be making some mistake. Wietse
Re: centos 5 postfix rpms?
On Thu, Mar 8, 2012 at 12:32 PM, Nikolaos Milas nmi...@noa.gr wrote: On 8/3/2012 6:40 πμ, Eero Volotinen wrote: What is the best / reliable site to find newer postfix rpm packages for centos 5 / rhel 5? by default it ships postfix 2.3.x and it's a bit antique version. Hi Eero, These are considered fine: http://postfix.wl0.org/en/**available-packages/http://postfix.wl0.org/en/available-packages/, yet they diverge from standard (include VDA patch and possibly more non-standard options). But you can download the src.rpm and build RPMs yourself disabling any undesired options (see directions: http://postfix.wl0.org/en/**building-rpms/http://postfix.wl0.org/en/building-rpms/ ). Other SRPMs I know: http://www.kutukupret.com/**downloads-page/http://www.kutukupret.com/downloads-page/ http://www.invoca.ch/pub/**packages/postfix/RPMS/ils-5/**SRPMS/http://www.invoca.ch/pub/packages/postfix/RPMS/ils-5/SRPMS/ Until now, I have not been able to find ready-made CentOS Postfix RPMs with standard-only options. You could also compile from source as described here: http://stevejenkins.com/blog/**2011/01/building-postfix-2-8-** on-rhel5-centos-5-from-source/http://stevejenkins.com/blog/2011/01/building-postfix-2-8-on-rhel5-centos-5-from-source/ I currently use the latter methodology since a year or so on a number of systems and it works fine. However, if someone can point to ready-made RPMs with standard-only options, I would be interested as well, as building from source does not scale well. Note that this has been discussed again in this list. See for example: http://www.mailinglistarchive.**com/html/postfix-users@** postfix.org/2011-10/msg00094.**htmlhttp://www.mailinglistarchive.com/html/postfix-users@postfix.org/2011-10/msg00094.html Best regards, Nick CentSLT repos http://centos.alt.ru/ has Postfix 2.9.1 http://centos.alt.ru/repository/centos/readme.txt Regards, Mihira. -- The mysteries of the Universe are revealed when you break stuff.
Re: centos 5 postfix rpms?
Le samedi 10 mars 2012 à 09:28 +0530, The_Ace a écrit : On Thu, Mar 8, 2012 at 12:32 PM, Nikolaos Milas nmi...@noa.gr wrote: On 8/3/2012 6:40 πμ, Eero Volotinen wrote: What is the best / reliable site to find newer postfix rpm packages for centos 5 / rhel 5? by default it ships postfix 2.3.x and it's a bit antique version. Hi Eero, These are considered fine: http://postfix.wl0.org/en/available-packages/, yet they diverge from standard (include VDA patch and possibly more non-standard options). But you can download the src.rpm and build RPMs yourself disabling any undesired options (see directions: http://postfix.wl0.org/en/building-rpms/). Other SRPMs I know: http://www.kutukupret.com/downloads-page/ http://www.invoca.ch/pub/packages/postfix/RPMS/ils-5/SRPMS/ Until now, I have not been able to find ready-made CentOS Postfix RPMs with standard-only options. You could also compile from source as described here: http://stevejenkins.com/blog/2011/01/building-postfix-2-8-on-rhel5-centos-5-from-source/ I currently use the latter methodology since a year or so on a number of systems and it works fine. However, if someone can point to ready-made RPMs with standard-only options, I would be interested as well, as building from source does not scale well. Note that this has been discussed again in this list. See for example: http://www.mailinglistarchive.com/html/postfix-users@postfix.org/2011-10/msg00094.html Best regards, Nick CentSLT repos http://centos.alt.ru/ has Postfix 2.9.1 http://centos.alt.ru/repository/centos/readme.txt Regards, Mihira. -- The mysteries of the Universe are revealed when you break stuff. build the antique spec for postfix rpm it is easy in reading the doc and other centosalt its poor repo do not use maybe build own rpm -s watch my doc for centos 5 http://ns.fakessh.eu/rpms/ -- http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC2626742 gpg --keyserver pgp.mit.edu --recv-key C2626742 http://urlshort.eu fakessh @ http://gplus.to/sshfake http://gplus.to/sshswilting http://gplus.to/john.swilting https://lists.fakessh.eu/mailman/ This list is moderated by me, but all applications will be accepted provided they receive a note of presentation signature.asc Description: Ceci est une partie de message numériquement signée
Re: centos 5 postfix rpms?
2012/3/10 ml m...@smtp.fakessh.eu Le samedi 10 mars 2012 à 09:28 +0530, The_Ace a écrit : On Thu, Mar 8, 2012 at 12:32 PM, Nikolaos Milas nmi...@noa.gr wrote: On 8/3/2012 6:40 πμ, Eero Volotinen wrote: What is the best / reliable site to find newer postfix rpm packages for centos 5 / rhel 5? by default it ships postfix 2.3.x and it's a bit antique version. Hi Eero, These are considered fine: http://postfix.wl0.org/en/available-packages/, yet they diverge from standard (include VDA patch and possibly more non-standard options). But you can download the src.rpm and build RPMs yourself disabling any undesired options (see directions: http://postfix.wl0.org/en/building-rpms/). Other SRPMs I know: http://www.kutukupret.com/downloads-page/ http://www.invoca.ch/pub/packages/postfix/RPMS/ils-5/SRPMS/ Until now, I have not been able to find ready-made CentOS Postfix RPMs with standard-only options. You could also compile from source as described here: http://stevejenkins.com/blog/2011/01/building-postfix-2-8-on-rhel5-centos-5-from-source/ I currently use the latter methodology since a year or so on a number of systems and it works fine. However, if someone can point to ready-made RPMs with standard-only options, I would be interested as well, as building from source does not scale well. Note that this has been discussed again in this list. See for example: http://www.mailinglistarchive.com/html/postfix-users@postfix.org/2011-10/msg00094.html Best regards, Nick CentSLT repos http://centos.alt.ru/ has Postfix 2.9.1 http://centos.alt.ru/repository/centos/readme.txt Regards, Mihira. -- The mysteries of the Universe are revealed when you break stuff. build the antique spec for postfix rpm it is easy in reading the doc and other centosalt its poor repo do not use maybe build own rpm -s watch my doc for centos 5 http://ns.fakessh.eu/rpms/ -- Oh. Whats wrong with centalt repos ? Mihira.