Re: exchange like feature for always_bcc?
Kov?cs Albert: Wietse: If you want forward to different recipient addresses, then don't use always_bcc. Instead, use recipient_bcc_maps which allows you to specify different addresses for different recipients. [example deleted] Kov?cs Albert: Thanks Wietse, it works. However, is there a chance to send only 1 bcc email with 10 recipients? Currently postfix sends 10 bcc emails If you want to forward one copy then use always_bcc. Wietse
Re: Sender-Dependent Aliases
Dnia 2012-05-30, śro o godzinie 22:08 +0100, t t pisze: Hi, I'm using postfix aliases for mapping incoming emails to my mailman mailing lists, as described in the Adding MySQL aliases of this guide: http://freemars.org/howto/mailman.html#conadd What I'd like to do is to make this mapping sender-dependent. For instance, a mail from pers...@gmail.com to mail...@example.com should go to mailm...@lists.example.com, but a mail from pers...@gmail.com to mail...@example.com should go to mailm...@lists.example.com. (Here, mailman1 and mailman2 are two completely separate mailing lists.) Is there a simple way to configure postfix to do this? I've seen the sender dependent functionality like sender dependent transport map, but I'm still a little unclear about how to accomplish what I want. I'm sorry if this turns out to be trivial. I've been searching around for a couple hours for an answer to this question to no avail, so I figured I'd ask here. Hi t t, You can use sender-dependant aliases like that: main.cf: smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access sender_access: from_address@domain redirect new_to_address@anotherdomain Regards, -- Robert Wysocki administrator systemów linuksowych Contium S.A., http://www.contium.pl
Re: Sender-Dependent Aliases
Cool, thanks for the response. I'm in the process of setting this up right now, but while I do that, I have a couple quick questions: 1) This seems like it might redirect *all* mail coming from from_address@domain to new_to_address@anotherdomain. That's not quite what I want. In my first example, pers...@gmail.com might be subscribed to more than one mailing list, so I need to redirect based both on the sender and the mailing list. I can see that this wasn't clear from my first email, so sorry about that. To be absolutely clear, an email from pers...@gmail.com to mail...@example.com should go to mailm...@lists.example.com, an email from pers...@gmail.com to another_l...@example.com should go to another_li...@lists.example.com mailm...@lists.example.com, an email from pers...@gmail.com to mail...@example.com should go to mailm...@lists.example.com 2) I assume it's possible to enter the redirect mappings into a mysql database directly, rather than write the mapping in a file, right? (e.g.: I enter my aliases in the way described here: http://flurdy.com/docs/postfix/#data) Thanks for your help! On Thu, May 31, 2012 at 9:36 AM, Robert Wysocki robert.wyso...@contium.plwrote: Dnia 2012-05-30, śro o godzinie 22:08 +0100, t t pisze: Hi, I'm using postfix aliases for mapping incoming emails to my mailman mailing lists, as described in the Adding MySQL aliases of this guide: http://freemars.org/howto/mailman.html#conadd What I'd like to do is to make this mapping sender-dependent. For instance, a mail from pers...@gmail.com to mail...@example.com should go to mailm...@lists.example.com, but a mail from pers...@gmail.com to mail...@example.com should go to mailm...@lists.example.com. (Here, mailman1 and mailman2 are two completely separate mailing lists.) Is there a simple way to configure postfix to do this? I've seen the sender dependent functionality like sender dependent transport map, but I'm still a little unclear about how to accomplish what I want. I'm sorry if this turns out to be trivial. I've been searching around for a couple hours for an answer to this question to no avail, so I figured I'd ask here. Hi t t, You can use sender-dependant aliases like that: main.cf: smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access sender_access: from_address@domain redirect new_to_address@anotherdomain Regards, -- Robert Wysocki administrator systemów linuksowych Contium S.A., http://www.contium.pl
Equivalent of sender_dependent_relayhost_maps, but for recipients?
Hello, I'm still looking for a reliable workaround to my alias external_address problem using postini for outbound relay... I just realized that if there were a simple way to do the same as sender_dependent_relayhost_maps, but for recipients (ie, recipient_dependent_relayhost_maps), this would totally solve my problem... So, for any outbound messages destined for u...@example.com, use a specified relay, but for all else use the one set in main.cf (relayhost =)... Any simple/reliable way to do this? -- Best regards, Charles
Re: Equivalent of sender_dependent_relayhost_maps, but for recipients?
Charles Marcus: Hello, I'm still looking for a reliable workaround to my alias external_address problem using postini for outbound relay... I just realized that if there were a simple way to do the same as sender_dependent_relayhost_maps, but for recipients (ie, recipient_dependent_relayhost_maps), this would totally solve my problem... So, for any outbound messages destined for u...@example.com, use a specified relay, but for all else use the one set in main.cf (relayhost =)... If this alias is a mailing list, you set the envelope sender accordingly (like any mailing list). Then, sender-dependent-mumble will do the job. Wietse -- Best regards, Charles
Re: Equivalent of sender_dependent_relayhost_maps, but for recipients?
On 2012-05-31 6:00 AM, Wietse Venema wie...@porcupine.org wrote: If this alias is a mailing list, you set the envelope sender accordingly (like any mailing list). No, these are simply aliases I have set up in my virtual alias maps. There are two different uses for these aliases... 1. We have (currently) 3 accounts that I need to forward all incoming mail to a gmail account (for archiving)... 2. We have (currently) 4 email addresses set up for non-employees that we are working closely with that are aliased to their personal (external) email addresses. Currently, when an email comes in from outside for any of these addresses, when postfix attempts to send the email on to the external target address, postini rejects these as an external relay attempt - because the original sender is an external address, they refuse to relay it to an outside/external address. Manually forwarding using a normal MUA works fine, because the sender is an internal address. So, for these specific recipient addresses (the alias' external target address), I need to relay through my ISP relayhost (which is our fallback relayhost)... all other outbound messages should be relayed through the relayhost set in main.cf... Looking more closely at the docs, it appears I can simply use per recipient transport maps to achieve this... So, would this work? main.cf ... relayhost = [outbounds6.obsmtp.com] ... then in my transport map, just have: externaltarg...@example.com :[smtp.myisp.com] externaltarg...@example.com :[smtp.myisp.com] ... this would then result in *only* these addresses using the alternate transport, and the rest would use the one defined in main.cf? I would just test it, but this is a live system, so would prefer at least a 'that should work as desired' from someone who has done something similar before... Thanks, -- Best regards, Charles
Re: Equivalent of sender_dependent_relayhost_maps, but for recipients?
Charles Marcus: On 2012-05-31 6:00 AM, Wietse Venema wie...@porcupine.org wrote: If this alias is a mailing list, you set the envelope sender accordingly (like any mailing list). No, these are simply aliases I have set up in my virtual alias maps. There are two different uses for these aliases... 1. We have (currently) 3 accounts that I need to forward all incoming mail to a gmail account (for archiving)... 2. We have (currently) 4 email addresses set up for non-employees that we are working closely with that are aliased to their personal (external) email addresses. If you need a recipient-dependent override for outbound delivery, consider using a transport map, and use relayhost for the remainder. Wietse
Re: Equivalent of sender_dependent_relayhost_maps, but for recipients?
On 2012-05-31 7:29 AM, Wietse Venema wie...@porcupine.org wrote: If you need a recipient-dependent override for outbound delivery, consider using a transport map, and use relayhost for the remainder. I guess you didn't bother reading my entire email (no worries, I tend to ramble)... ;) At the end, I asked about a config using transport maps: On 2012-05-31 7:15 AM, Charles Marcus cmar...@media-brokers.com wrote: Looking more closely at the docs, it appears I can simply use per recipient transport maps to achieve this... So, would this work? main.cf ... relayhost = [outbounds6.obsmtp.com] ... then in my transport map, just have: externaltarg...@example.com :[smtp.myisp.com] externaltarg...@example.com :[smtp.myisp.com] ... this would then result in *only* these addresses using the alternate transport, and the rest would use the one defined in main.cf? I would just test it, but this is a live system, so would prefer at least a 'that should work as desired' from someone who has done something similar before... Thanks, -- Best regards, Charles
Re: Equivalent of sender_dependent_relayhost_maps, but for recipients?
Charles Marcus: On 2012-05-31 7:29 AM, Wietse Venema wie...@porcupine.org wrote: If you need a recipient-dependent override for outbound delivery, consider using a transport map, and use relayhost for the remainder. I guess you didn't bother reading my entire email (no worries, I tend to ramble)... ;) At the end, I asked about a config using transport maps: On 2012-05-31 7:15 AM, Charles Marcus cmar...@media-brokers.com wrote: Looking more closely at the docs, it appears I can simply use per recipient transport maps to achieve this... So, would this work? main.cf ... relayhost = [outbounds6.obsmtp.com] ... then in my transport map, just have: externaltarg...@example.com :[smtp.myisp.com] externaltarg...@example.com :[smtp.myisp.com] ... this would then result in *only* these addresses using the alternate transport, and the rest would use the one defined in main.cf? I would just test it, but this is a live system, so would prefer at least a 'that should work as desired' from someone who has done something similar before... I recall that transport_maps was introduced in 1998, and per-recipient transport map support in 2002. All precedences of relayhost etc. are documented in postconf(5). Wietse
Postfix ignoring relayhost parameter
Hello We've been having huge problems delivering email to hotmail addresses (Hotmail is blocking all our emails since yesterday without any plausible reason). Microsoft's phone support is non-existant and they don't reply to any of our emails, even those sent from Hotmail addresses. Filled in their draconian sender information form form hotmail, no reply whatsoever. Anyway, since hundreds of mailboxes in our server are unable right to to send emails to Hotmail, we need to find some alternative. Relaying emails with an @hotmail.com destination through another email server that isn't blocked seems to be the more plausible alternative. So, i added the parameter to Postfix: relayhost = [our.email.server] Where our.email.server is our relay mails server address and reloaded Postfix, but Postfix keeps sending email using the local machine without trying to use the relay host. Am i missing something. Is there any other parameter (other than relayhost necessary for the server to relay emails to another server)? Many thanks Luis Oliveira Elaconta
Re: Postfix ignoring relayhost parameter
On Thu, May 31, 2012 at 02:01:22PM +0100, webmas...@elaconta.com wrote: Anyway, since hundreds of mailboxes in our server are unable right to to send emails to Hotmail, we need to find some alternative. Relaying emails with an @hotmail.com destination through another email server that isn't blocked seems to be the more plausible alternative. So, i added the parameter to Postfix: relayhost = [our.email.server] Where our.email.server is our relay mails server address and reloaded Postfix, but Postfix keeps sending email using the local machine without trying to use the relay host. Am i missing something. Is there any other parameter (other than relayhost necessary for the server to relay emails to another server)? Absent the logs I can only guess, but my best WAG here is that you should look at -r in man postsuper. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: Postfix ignoring relayhost parameter
Em 2012-05-31 14:17, /dev/rob0 escreveu: On Thu, May 31, 2012 at 02:01:22PM +0100, webmas...@elaconta.com wrote: Anyway, since hundreds of mailboxes in our server are unable right to to send emails to Hotmail, we need to find some alternative. Relaying emails with an @hotmail.com destination through another email server that isn't blocked seems to be the more plausible alternative. So, i added the parameter to Postfix: relayhost = [our.email.server] Where our.email.server is our relay mails server address and reloaded Postfix, but Postfix keeps sending email using the local machine without trying to use the relay host. Am i missing something. Is there any other parameter (other than relayhost necessary for the server to relay emails to another server)? Absent the logs I can only guess, but my best WAG here is that you should look at -r in man postsuper. Ok it's working now, i had a transport in the transport maps that overrided the relayhost, duh... My bad, i am sorry, problem solved. Luis Oliveira Elaconta
Re: Postfix ignoring relayhost parameter
Em 2012-05-31 14:22, webmas...@elaconta.com escreveu: Em 2012-05-31 14:17, /dev/rob0 escreveu: On Thu, May 31, 2012 at 02:01:22PM +0100, webmas...@elaconta.com wrote: Anyway, since hundreds of mailboxes in our server are unable right to to send emails to Hotmail, we need to find some alternative. Relaying emails with an @hotmail.com destination through another email server that isn't blocked seems to be the more plausible alternative. So, i added the parameter to Postfix: relayhost = [our.email.server] Where our.email.server is our relay mails server address and reloaded Postfix, but Postfix keeps sending email using the local machine without trying to use the relay host. Am i missing something. Is there any other parameter (other than relayhost necessary for the server to relay emails to another server)? Absent the logs I can only guess, but my best WAG here is that you should look at -r in man postsuper. Ok it's working now, i had a transport in the transport maps that overrided the relayhost, duh... My bad, i am sorry, problem solved. Luis Oliveira Elaconta To piggyback a little on my own question, i now have set up a relayhost specifically for any emails sent to the hotmail.com domain, in the transport maps: hotmail.com smtp:[my.email.relay.server] It's working great. I previously had hotmail.com assigned to a slow transport to only send one email to hotmail every five minutes in order not to tax Microsoft's poor email servers: hotmail.com slow: Now i'm wondering, is there any way to combine both the transports? First, emails sent to @hotmail.com should be queued on the server (using the slow transport), only then sent to the relay host? Luis Oliveira Elaconta
Re: Use authorized_submit_users to exclude all users in a Unix Group
I did review the http://www.postfix.org/postconf.5.html#authorized_submit_users page and it mentions that patterns can be negated, here are the relevant strings of the docs I thought applicable to this case. Specify a list of user names, /file/name or type:table patterns ... Specify !pattern to exclude a user name from the list. The form !/file/name is supported only in Postfix version 2.4 and later. If patterns aren't supported, thank you for setting me straight, I was just hoping to avoid building a script to regularly re/create the nosend file. Should I submit a bug report for a documentation change to make this point more clearly? As for the authorized_submit_users=!unix:group.byname=badUnixGroup syntax, I found an OLD example in a mailing list, not the manpage-docs, I was trying to show what I was attempting. There are no 'untrusted' users, but in this case we need this functionality for software-testing accounts which has in the past repeatedly spammed a large group of people when 3rd-party utilities that call mutt/sendmail/etc when certain error conditions occurred. We thought about disabling Postfix entirely for all users, but in this case, we would miss out on other more necessary alerts from other users/utilities on that box. On 5/30/2012 7:24 PM, /dev/rob0 wrote: On Wed, May 30, 2012 at 05:05:16PM -0400, JLP wrote: Originally, I was trying to make smtpd_sender_restrictions work, but Noel Jones (thanks again!) clued-me into the config-option authorized_submit_users when using the sendmail (or derivative) binaries. I tried unsuccessfully making some form of unix:group.byname work like these options: authorized_submit_users=!unix:group.byname, static:all authorized_submit_users=!unix:group.byname=badUnixGroup, static:all Short of creating a cronjob-script to regularly re/create a HASH file of disallowed users in the Unix group, is there something obvious I am missing? You missed the postconf(5) manual, specifically the description of authorized_submit_users. Negation can apply to a /file/name but not to a type:table lookup. http://www.postfix.org/postconf.5.html#authorized_submit_users You'll want to make your list, e.g., /etc/postfix/nosend, and then negate the list: authorized_submit_users=!/etc/postfix/nosend, static:all Two bits of general advice: You might want to save a link in your browser to your $html_directory. Everything is in there; no need to guess. I don't see any reference to your unix:group.byname=badUnixGroup syntax, therefore I'd assume that it is not implemented. Having untrusted shell users on a machine is a bad idea. If you cannot trust them to honor your mail policies, can you trust them to refrain from other nefarious activities?
Re: Use authorized_submit_users to exclude all users in a Unix Group
Please don't top-post your replies here. It makes the conversation much harder to follow. On Thu, May 31, 2012 at 10:35:25AM -0400, JLP wrote: On 5/30/2012 7:24 PM, /dev/rob0 wrote: On Wed, May 30, 2012 at 05:05:16PM -0400, JLP wrote: Originally, I was trying to make smtpd_sender_restrictions work, but Noel Jones (thanks again!) clued-me into the config-option authorized_submit_users when using the sendmail (or derivative) binaries. I tried unsuccessfully making some form of unix:group.byname work like these options: authorized_submit_users=!unix:group.byname, static:all authorized_submit_users=!unix:group.byname=badUnixGroup, static:all Short of creating a cronjob-script to regularly re/create a HASH file of disallowed users in the Unix group, is there something obvious I am missing? You missed the postconf(5) manual, specifically the description of authorized_submit_users. Negation can apply to a /file/name but not to a type:table lookup. http://www.postfix.org/postconf.5.html#authorized_submit_users I did review the http://www.postfix.org/postconf.5.html#authorized_submit_users page and it mentions that patterns can be negated, here are the relevant strings of the docs I thought applicable to this case. Specify a list of user names, /file/name or type:table patterns ... Specify !pattern to exclude a user name from the list. The form !/file/name is supported only in Postfix version 2.4 and later. If patterns aren't supported, thank you for setting me straight, I was just hoping to avoid building a script to regularly re/create the nosend file. Should I submit a bug report for a documentation change to make this point more clearly? Actually I think your interpretation of the negation was correct, mine was wrong. Where you were in error was the fact that the search performed was for the username, not for the group name. unix:group.byname will return a value if the group name is found. There is no authorized_submit_groups feature. That would have done what you wanted to do. As for the authorized_submit_users=!unix:group.byname=badUnixGroup syntax, I found an OLD example in a mailing list, not the manpage-docs, I was trying to show what I was attempting. Right. My point being that the person who posted that was guessing. There is no shortage of false and misleading information on the web; not so, in the documentation. We do have our occasional misunderstandings, as you did confusing a username search for a groupname search, and as I did with the !pattern negation, but careful rereading usually clears things up. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Repeated emails
Hello I having problems with some emails that arrives 2 or 7 times to their destination I have check the log and each time they generate a different ID, other issue that probably is related is this error I get in my log May 30 12:23:23 mail postfix/local[22794]: 1023A80188: to=h...@we.com, relay=local, delay=140, delays=119/0/0/20, dsn=4.2.0, status=deferred (cannot update mailbox /var/mail/her.mailbox for user her.mailbox. unable to lock for exclusive access: Resource temporarily unavailable) Thanks Octavio
turn off mailer daemon returns
Hi everybody, I would like to know if it's possible to prevent postfix to NOT send a MAILER DAEMON email back to the sender if something is wrong? thanks in advance,
Re: Use authorized_submit_users to exclude all users in a Unix Group
On Wed, May 30, 2012 at 06:24:31PM -0500, /dev/rob0 wrote: I tried unsuccessfully making some form of unix:group.byname work like these options: authorized_submit_users=!unix:group.byname, static:all authorized_submit_users=!unix:group.byname=badUnixGroup, static:all Short of creating a cronjob-script to regularly re/create a HASH file of disallowed users in the Unix group, is there something obvious I am missing? You missed the postconf(5) manual, specifically the description of authorized_submit_users. Negation can apply to a /file/name but not to a type:table lookup. No in fact Postfix these days supports negation of table lookups in match lists. However, the lookup key remains the same, and clearly authorized_submit_users searching any given table with the user name as the lookup key, which cannot do what the OP wants. With tables in match lists the result of the lookup is ignored, the only thing that matters is whether the key is present in the table or not. So the !unix:group.byname=foo syntax is a desperate attempt to clutch at straws and invent new syntax. Don't do that with Postfix, it doesn't have fancy undocumented syntax. There is nothing special about the = character in a table name, so the OP was trying to use unix:group.byname=foo table, which does not exist, in fact there is not even a unix:group.byname table, rather per: http://www.postfix.org/DATABASE_README.html#types there are only these: unix (read-only) A limited way to query the UNIX authentication database. The following tables are implemented: unix:passwd.byname The table is the UNIX password database. The key is a login name. The result is a password file entry in passwd(5) format. unix:group.byname The table is the UNIX group database. The key is a group name. The result is a group file entry in group(5) format. Don't use a tcptable or a socketmap (I forget which recent Postfix versions have this) to check the user's group, since this is fragile, if the table service is down no local mail can be queued, and sendmail/postdrop are designed to queue mail under adverse conditions, even when the rest of Postfix is not running. So only tables that persist on disk are appropriate in this context. -- Viktor.
Re: exchange like feature for always_bcc?
On Thu, May 31, 2012 at 04:09:09AM -0400, Wietse Venema wrote: If you want forward to different recipient addresses, then don't use always_bcc. Instead, use recipient_bcc_maps which allows you to specify different addresses for different recipients. [example deleted] Kov?cs Albert: Thanks Wietse, it works. However, is there a chance to send only 1 bcc email with 10 recipients? Currently postfix sends 10 bcc emails If you want to forward one copy then use always_bcc. A more complete answer is that to emulate Exchange Envelope Journalling: http://technet.microsoft.com/en-us/library/aa998649.aspx you need to generate a single recipient *encapsulated copy* of the message, not add recipients to the original message. When I was at Morgan Stanley, I wrote a transparent SMTP Y-proxy, that queued the message in parallel to the output (post-filter) queue and to an archive queue, where the archive message was encapsulated (easy because MIME messages nest) as a message/rfc822 attachment to an archive message whose body contained the original recipient list. The SMTP DOT terminating the parallel transmissions was sent first to the archive server and only if that succeeds to the destination server (otherwise the connection is abruptly severed). Since both queues are local (well SAN disk attached to the same server), this was sufficiently reliable to accept (never happened AFAIK) the possibility of occasional double archiving if the the second DOT command fails. In any case the archive stream was de-duped downstream from the original message capture at the MTA. -- Viktor.
[ACL] File containing users authorized to forward their emails ?
Hello Would it be possible with Postfix to have a file containing users authorized to use the .forward facility ? We really need such utility , students are playing too much with forwarding and this generate a lot of troubles with great free email providers, but in the same time our professors and other employees really need it so we really want to separate Normal users from students for that utility. We use UNIX system with standard users ( not virtual ) thank you for any advice.
Re: [ACL] File containing users authorized to forward their emails ?
Frank Bonnet: Hello Would it be possible with Postfix to have a file containing users authorized to use the .forward facility ? No. You can a) Specify a forward_path that does not include the UNIX home directory, and move all .forward files there (leaving behind a symlink so that users can still edit their own file). I expect that a root-owned directory would suffice. b) Use a transport map and delivery agent such as virtual(8) which does not support forwarding. That requires a bit of scripting to generate the virtual_mailbox_uid/gid/maps files from /etc/passwd. Woetse We really need such utility , students are playing too much with forwarding and this generate a lot of troubles with great free email providers, but in the same time our professors and other employees really need it so we really want to separate Normal users from students for that utility. We use UNIX system with standard users ( not virtual ) thank you for any advice.
Re: Sender-Dependent Aliases
On 5/31/2012 4:01 AM, t t wrote: Cool, thanks for the response. I'm in the process of setting this up right now, but while I do that, I have a couple quick questions: 1) This seems like it might redirect /all/ mail coming from from_address@domain to new_to_address@anotherdomain. That's not quite what I want. In my first example, pers...@gmail.com Yes, the REDIRECT action affects all recipients of a message. Postfix does not support true sender-based aliasing. Maybe you can find a milter that will do what you need. 2) I assume it's possible to enter the redirect mappings into a mysql database directly, rather than write the mapping in a file, Postfix is table-type agnostic; any function that supports table lookups can use any table type (although some choices might not make much sense). -- Noel Jones
Re: Postfix ignoring relayhost parameter
On 5/31/2012 8:43 AM, webmas...@elaconta.com wrote: I previously had hotmail.com assigned to a slow transport to only send one email to hotmail every five minutes in order not to tax Microsoft's poor email servers: hotmail.com slow: Now i'm wondering, is there any way to combine both the transports? First, emails sent to @hotmail.com should be queued on the server (using the slow transport), only then sent to the relay host? hotmail.com slow:[my.relay] -- Noel Jones
Re: Postfix ignoring relayhost parameter
Noel Jones wrote: On 5/31/2012 8:43 AM, webmas...@elaconta.com wrote: I previously had hotmail.com assigned to a slow transport to only send one email to hotmail every five minutes in order not to tax Microsoft's poor email servers: hotmail.com slow: Now i'm wondering, is there any way to combine both the transports? First, emails sent to @hotmail.com should be queued on the server (using the slow transport), only then sent to the relay host? hotmail.com slow:[my.relay] -- Noel Jones Works perfectly, thanks :) Luis Oliveira Elaconta
Re: [ACL] File containing users authorized to forward their emails ?
On Thu, May 31, 2012 at 12:48:04PM -0400, Wietse Venema wrote: Frank Bonnet: Hello Would it be possible with Postfix to have a file containing users authorized to use the .forward facility ? No. You can a) Specify a forward_path that does not include the UNIX home directory, and move all .forward files there (leaving behind a symlink so that users can still edit their own file). I expect that a root-owned directory would suffice. b) Use a transport map and delivery agent such as virtual(8) which does not support forwarding. That requires a bit of scripting to generate the virtual_mailbox_uid/gid/maps files from /etc/passwd. I implemented a hybrid of virtual(8) delivery to system users in my Postfix+SQLite HOWTO. It's not something I use in real-life, but it might serve as an example of how it can be done. We really need such utility , students are playing too much with forwarding and this generate a lot of troubles with great free email providers, but in the same time our professors and other employees really need it so we really want to separate Normal users from students for that utility. We use UNIX system with standard users ( not virtual ) If the system users are in LDAP already, this would not be much of a chore, to make virtual_[ug]id_maps and virtual_mailbox_maps queries from LDAP. Presumably you already have an attribute which indicates whether the user is student, staff or faculty. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: [ACL] File containing users authorized to forward their emails ?
thank you wiese Envoyé de mon iPhone. Le 31 mai 2012 à 18:48, Wietse Venema wie...@porcupine.org a écrit : Frank Bonnet: Hello Would it be possible with Postfix to have a file containing users authorized to use the .forward facility ? No. You can a) Specify a forward_path that does not include the UNIX home directory, and move all .forward files there (leaving behind a symlink so that users can still edit their own file). I expect that a root-owned directory would suffice. b) Use a transport map and delivery agent such as virtual(8) which does not support forwarding. That requires a bit of scripting to generate the virtual_mailbox_uid/gid/maps files from /etc/passwd. Woetse We really need such utility , students are playing too much with forwarding and this generate a lot of troubles with great free email providers, but in the same time our professors and other employees really need it so we really want to separate Normal users from students for that utility. We use UNIX system with standard users ( not virtual ) thank you for any advice.
Re: Make smtpd/Postscreen compatible with load balancers
Adding a haproxy-to-postscreen adapter turns out to be pretty trivial. However, a major code rewrite would be needed in the way that postscreen(8) talks to smtpd(8). Begin background: Postscreen is optimized for the following case: a client connects, postscreen looks up the client IP address in its temporary cache, and when the client is OK, postscreen sends the connection's file descriptor to a Postfix SMTP server process and gets out of the loop. There is no other communication between postscreen and SMTP server processes. The file descriptor carries all information that an SMTP server process needs. In fact, the file descriptor is indistinguishable from a file descriptor that an SMTP server gets when it is configured in master.cf to listen directly on the SMTP port. End background. To make postscreen work with before-postscreen proxies, it either has to become a proxy itself (over my dead body) or Postfix needs a small protocol to send (attributes plus a file descriptor) from postscreen to smtpd. It's relatively simple to pass a few attributes from haproxy to postscreen with a simple hard-coded non-reusable protocol. On the other hand, Postfix support for (file descriptor + arbitrary attribute passing) will have to be reusable (*), so that the same infrastructure can be used later to improve Postfix. For example, to hand off a connection mid-session from postscreen to smtpd, something that is currently not possible. Wietse (*) The client decides what attributes to send and passes the attributes + file descriptor to the low-level sender infrastructure; the low-level receiver infrastructure first reads the attributes into a hash and then passes the attributes and file descriptor up to the application, in an application-specified order, and deals with missing attributes and other problems.
[OT] Hotmail change the mail policy yesterday????'
Hi. From yesterday many servers to i admin has been banned to send messages to hotmail. The error is related to said: 550 SC-001 Do you are experimenting the same issue today? Thanks and regards.
Re: [OT] Hotmail change the mail policy yesterday????'
* kazabe kaz...@gmail.com: Hi. From yesterday many servers to i admin has been banned to send messages to hotmail. The error is related to said: 550 SC-001 Do you are experimenting the same issue today? mail.python.org is working as before. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [OT] Hotmail change the mail policy yesterday????'
Le jeudi 31 mai 2012 à 13:37 -0500, kazabe a écrit : Hi. From yesterday many servers to i admin has been banned to send messages to hotmail. The error is related to said: 550 SC-001 Do you are experimenting the same issue today? Thanks and regards. I do not encounter any problem for hotmail mail servers. I use spf2 -- http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC2626742 gpg --keyserver pgp.mit.edu --recv-key C2626742 http://urlshort.eu fakessh @ http://gplus.to/sshfake http://gplus.to/sshswilting http://gplus.to/john.swilting https://lists.fakessh.eu/mailman/ This list is moderated by me, but all applications will be accepted provided they receive a note of presentation signature.asc Description: Ceci est une partie de message numériquement signée
Fishing, Virus and Bots RBL
Hi everybody, I've thoght to use a kind of fishing, virus and bots RBL to stop (or almost) spam sending by my users. Any tip? BR, Alfredo
Re: [OT] Hotmail change the mail policy yesterday????'
I experienced this last week ; I changed the server that send to hotmail, live etc using transport as the new server is not on the same subnet than the preceding it seems to work ;-) Le 31/05/2012 21:27, ml a écrit : Le jeudi 31 mai 2012 à 13:37 -0500, kazabe a écrit : Hi. From yesterday many servers to i admin has been banned to send messages to hotmail. The error is related to said: 550 SC-001 Do you are experimenting the same issue today? Thanks and regards. I do not encounter any problem for hotmail mail servers. I use spf2
Re: Sender-Dependent Aliases
Hi, On Thu, 31 May 2012 10:01:07 +0100 t t tt640...@gmail.com wrote: so I need to redirect based both on the sender and the mailing list address rewriting is possible with qpsmtpd. The disadvantage is that it's a second smtpd, but it works. - Chris
Re: [OT] Hotmail change the mail policy yesterday????'
On Thu, May 31, 2012 at 3:37 PM, kazabe kaz...@gmail.com wrote: Hi. From yesterday many servers to i admin has been banned to send messages to hotmail. The error is related to said: 550 SC-001 Do you are experimenting the same issue today? Thanks and regards. Hi, you're not alone, we're having the same issue with hotmail, since yesterday too. The bounce message is: 550 SC-001Mail rejected by Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation. If you are not an email/network admin please contact your Email/Internet Service Provider for help. We're not listed in any RBL list... I've opened a ticket today going to this url: https://support.msn.com/eform.aspx?productKey=edfsmsblct=eformtsst=1wfxredirect=1 Regards, LU.
postfix-gld: mxgrey not working?
Hi Postfix users, I have to apology: This is not a Postfix problem. But since there seem to be not mailing list for GLD, I was thinking that maybe some of you may be using postfix-gld and have some clue for me. BTW, if you know of a mailing list that would be more appropriate for this question, let me know :) I emailed GLD's author, but he didn't reply. So... I'm using GLD for greylisting and just noticed today that MXGREY doesn't seem to work at all with my setup. My OS is 32bit Debian Squeeze, and I'm using GLD 1.7 (1.7-3 for Debian). In /etc/gld.conf, I have set: MXGREY=10 In my greylist table, I have this record, among others: IP sender recipient first last n 74.125.83.0 loicsnip@snip.com l...@somedomain1.tld 1338411795 1338412124 11 Now I try to send an email from my company email to one of my other pvt email address. Here's what GLD says when started in debug mode: ___ 5190: New incoming connexion from localhost (127.0.0.1) 5190: Got the following valid data req=(smtpd_access_policy) sender=(loicsnip@snip.com) recipient=(l...@somedomain2.tld) ip=(74.125.83.54) 5190: Starting the greylist algo 5190: lightgrey is on, let's remove the last octet of ip 5190: Query=(select first from greylist where ip='74.125.83.0' and sender='loicsnip@snip.com' and recipient='l...@somedomain2.tld') result=0 5190: whitelist is on 5190: Query=(select count(mail) from whitelist where mail in ('loicsnip@snip.com','@snip.com','74.125.83.54','74.125.83')) result=0 5190: Query=(insert into greylist values('74.125.83.0','loicsnip@snip.com','l...@somedomain2.tld',1338412124,1338412124,1)) 5190: Mxgrey Query=(select count(first) from greylist where ip='74.125.83.0' and n1) result=3 (minimum needed is 10) 5190: End of the greylist algo 5190: Decision is to greylist ___ Well, I really don't get why email to this new address is greylisted, since it is sent by 74.125.83.54, which should match 74.125.83.0 (because of lightgrey) for which n 10. Am I missing something? Is my GLD binary broken? Help will be warmly welcomed :) Cheers
Re: [ACL] File containing users authorized to forward their emails ?
Den 2012-05-31 18:28, Frank Bonnet skrev: Would it be possible with Postfix to have a file containing users authorized to use the .forward facility ? ... We really need such utility , students are playing too much with forwarding and this generate a lot of troubles with great free email providers, your server is one of them ? but in the same time our professors and other employees really need it so we really want to separate Normal users from students for that utility. why not disable users that dont follow the tos ? We use UNIX system with standard users ( not virtual ) so simple disable users accounts thank you for any advice. no problem :=) if freemail providers starts disable users for abuse, then students try to learn what not to do, but if no one cares, who cares so ?
mynetworks support for ipv6 link local (fe80) hosts
Hi, I've got a weird configuration issue that I'm trying to track down. I've got a partial ipv6 network where some machines have public addresses and some of them only have link local (fe80::/10) addresses. I just upgraded my mail server to a public v6 address and now a bunch of my other machines (which only have v6ll addresses) can no longer send their nightly logwatch mail. They worked just fine when everything was v4 only. The failure is in the smtpd_sender_restrictions rule: smtpd_sender_restrictions = permit_mynetworks, permit_tls_clientcerts, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/goodsender, check_sender_access hash:/etc/postfix/badsender, reject_unknown_sender_domain, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access, reject_unverified_sender, permit The failure appears to be that postfix does not honor the fe80 link local addresses in mynetworks. If I get the machine onto a public v6 IP address then it works fine, so really the only issue is the acceptance of the v6 link local address. Here is the mynetworks configuration: mynetworks = 127.0.0.0/8 1.2.3.4/24 192.168.1.0/24 [2001:1234:1234::]/48 [fe80::]/10 [fe80::%eth0]/10 [::1]/128 Machines are connecting as from their LL address just fine: May 31 15:55:31 mail2 postfix/smtpd[29712]: connect from unknown[fe80::20c:29ff:fecf:7df0%eth0] But they are not being treated as being on mynetworks even though they should (as per the above configuration). I have a permit_mynetworks that seems to work fine for v4 and for public v6 addresses but not for v6-ll addresses. In the v6-ll case is falls through to later checks (and then fails in the reject_unverified_sender. What am I doing wrong? Do I have the correct encoding of a link local address? Or is there a problem with postfix matching a v6 link local address? This is postfix-2.7.4-1.fc14.i686 If this is a bug, has this been fixed in a more recent release? Thanks, -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH warl...@mit.eduPGP key available
Fw: Telnet not authenticating
- Original Message - From: Masoumeh Izadi iz...@iranet.ir To: postfix-users@postfix.org Sent: Wednesday, May 30, 2012 1:14 PM Subject: Telnet not authenticating Hi; We have a postfix Email server . when someone telnet to port 25 on our server, it is possible to send email from any ID user1@ anydomain to any user2@ mydomain telnet x.x.x.x 25 ehlo localhost mail from:user@anydomain sender OK rcpt to: user@mydomain recipient OK The question is that: Is there any solution to prevent this matter or somehow make postfix to authenticate the users telneting the server directly? By the way, our email server is not an open relay server. Thanks Well one thing you could do is to put your internal domains in a sender_access map and make them auth enabled only and add the the changes to your smtpd_sender_restriction in main.conf. Postfix internal functions such as error notification among other things doesn't seem to be interrupted by setting this.
How to block forged From: in DATA section?
Hi, My Postfix setup works quite well blocking most spam. But I sometimes get spam with (to my untrained eye) valid MAIL from: and RCPT to: email addresses but in the DATA section there is a forged From: m...@mydomain.com. At least that's how it works when I use telnet to port 25 on my Postfix box. I tried the example header_checks [1] from the BACKSCATTER_README which work fine except that they also block my own email. What is the proper way to block forged From: addresses in the DATA section? Thanks for any pointers or which FMTR. Regards, Patrick /etc/postfix/header_checks: /^(From|Return-Path):.*\b(user@domain\.tld)\b/ reject forged sender address in $1: header: $2
Re: How to block forged From: in DATA section?
Am 01.06.2012 02:07, schrieb Patrick Lists: My Postfix setup works quite well blocking most spam. But I sometimes get spam with (to my untrained eye) valid MAIL from: and RCPT to: email addresses but in the DATA section there is a forged From: m...@mydomain.com. At least that's how it works when I use telnet to port 25 on my Postfix box. I tried the example header_checks [1] from the BACKSCATTER_README which work fine except that they also block my own email. What is the proper way to block forged From: addresses in the DATA section? there is no proper way simply because it is legitimate that From: is not the same as the envelope sender - if you are trying to block such mails you would block many regular mails! signature.asc Description: OpenPGP digital signature
Making postfix use an internal ip a good fix??
Hello all having a problem getting postfix to send email, i think its sort of related to virtual machine/LAN/WAN/MX i'm sure its a simple fix but i cannot seem to get postfix to do what i want when i try to send email to myseld i get the following errors in the mail.log May 31 18:03:13 erp postfix/pickup[9738]: 801FE27599: uid=0 from=root May 31 18:03:13 erp postfix/cleanup[10069]: 801FE27599: message-id=20120601000313.801FE27599@erp.localdomain May 31 18:03:13 erp postfix/qmgr[29637]: 801FE27599: from=r...@erp.computerking.ca, size=323, nrcpt=1 (queue active) May 31 18:03:34 erp postfix/smtp[10072]: connect to mx1.computerking.ca[204.X.X.X]:25: Connection timed out May 31 18:03:34 erp postfix/smtp[10072]: 801FE27599: to=r...@computerking.ca, relay=none, delay=21, delays=0.09/0.01/21/0, dsn=4.4.1, status=deferred (connect to mx1.computerking.ca[204.244.122.131]:25: Connection timed out) This machine is on the same LAN as the server its ip is 10.0.0.108 and the server is 10.0.0.102 however these machines are all virtual on the same hardware. As seen in the logs postfix trys to deliver to the external ip 204.X.X.X where sure enough it get disconnected and im not sure why however i can connect to postfix on using the interal IP telnet 10.0.0.102 25 Trying 10.0.0.102... Connected to 10.0.0.102. Escape character is '^]'. 220 mx1.computerking.ca ESMTP Postfix \ I have added mx1.computerking..ca to the hosts file to try and fix things and now i can even telnet to the hostname since i added the LAN ip in hosts telnet mx1.computerking.ca 25 Trying 10.0.0.102... Connected to mx1.computerking.ca. Escape character is '^]'. 220 mx1.computerking.ca ESMTP Postfix However Postfix insists on sending to the external ip address probably an mx record thing and i telnet does not work there telnet 204.244.122.131 25 Trying 204.244.122.131... telnet: Unable to connect to remote host: Connection timed out I'm not sure why the vm cannot connect to the other vm on the external ip, but is there anyway to make postfix use the LAN address or is there a better way to fix this? I ha Computer King CaN-Mail Surveillance King http://computerking.ca http://canmail.org http://surveillanceking.net Surveillance - Sales Service - Hosting Backup Internet Based Surveillance Systems Custom Service Pac kages Secure IMAP Email - Automated Remote Backups - Photo Blogs - Online ERP and Accounting Packages
Re: Making postfix use an internal ip a good fix??
Am 01.06.2012 02:15, schrieb RYAN M. vAN GINNEKEN: This machine is on the same LAN as the server its ip is 10.0.0.108 and the server is 10.0.0.102 however these machines are all virtual on the same hardware. As seen in the logs postfix trys to deliver to the external ip 204.X.X.X where sure enough it get disconnected and im not sure why however i can connect to postfix on using the interal IP telnet 10.0.0.102 25 Trying 10.0.0.102... Connected to 10.0.0.102. Escape character is '^]'. 220 mx1.computerking.ca ESMTP Postfix\ I have added mx1.computerking..ca to the hosts file to try and fix things and now i can even telnet to the hostname since i added the LAN ip in hosts telnet mx1.computerking.ca 25 Trying 10.0.0.102... Connected to mx1.computerking.ca. Escape character is '^]'. 220 mx1.computerking.ca ESMTP Postfix However Postfix insists on sending to the external ip address probably an mx record thing and i telnet does not work there telnet 204.244.122.131 25 Trying 204.244.122.131... telnet: Unable to connect to remote host: Connection timed out I'm not sure why the vm cannot connect to the other vm on the external ip, but is there anyway to make postfix use the LAN address or is there a better way to fix this? /etc/hosts is per default not relevant for MTAs becasue they use MX records which can and do often differ from A-Records and /etc/hosts can not provide this if you are have a mailserver you should use your own DNS server in your LAn with proper records for internal servers that you can not connect to the public IP has nothing to do with VM or not it is simply your router which does not like connects from the lAN side to WAN addresses nor translate them to your local IPs, one reason more for a internal DNS view! cisco routers can deal with this and rewrite the dns-anserws with public IPs matching NAt rules - but this has the side effect that you always will get your LAN-IPs if you make any DNS request even to 8.8.8.8 additionally you should NOT rely on such translations even if they are working . iwas there for years and after a infrastructure-change we got a router from our ISp which did not translate and even does not support this _ finally i spent the whole next night to change our DNS backends in a way importing all zones on both internal nameservers and translate Public/NAt in the zone-files, not a big deal in the case you have your own backend software but not funny if you are sitting in your copmany NAT-LAN without any access to your own public servcices because you relied on your public ones nad the router-translation signature.asc Description: OpenPGP digital signature
Re: How to block forged From: in DATA section?
Hi Reindl, On 01-06-12 02:10, Reindl Harald wrote: I tried the example header_checks [1] from the BACKSCATTER_README which work fine except that they also block my own email. What is the proper way to block forged From: addresses in the DATA section? there is no proper way simply because it is legitimate that From: is not the same as the envelope sender - if you are trying to block such mails you would block many regular mails! Thank you for making that clear. Regards, Patrick
Re: Making postfix use an internal ip a good fix??
On 5/31/2012 7:15 PM, RYAN M. vAN GINNEKEN wrote: Hello all having a problem getting postfix to send email, i think its sort of related to virtual machine/LAN/WAN/MX i'm sure its a simple fix but i cannot seem to get postfix to do what i want when i try to send email to myseld i get the following errors in the mail.log Easy fix: http://www.postfix.org/transport.5.html # transport my.domain relay:[relay.ip.goes.here] ps. use the [ ] brackets. Not as easy complete fix: use split-horizon DNS. -- Noel Jones
Re: Making postfix use an internal ip a good fix??
Thanks alot for your replies and i went with the easier fix for now using a transport worked like a charm However not before I messed around with my Bind server till i got super confused i will get around to setting up a split DNS soon just not today, as i have my hands full with other things. Thanks again for the quick replies and thanks Noel for the easy way out :) - Original Message - From: Noel Jones njo...@megan.vbhcs.org To: postfix-users@postfix.org Sent: Thursday, 31 May, 2012 8:43:38 PM Subject: Re: Making postfix use an internal ip a good fix?? On 5/31/2012 7:15 PM, RYAN M. vAN GINNEKEN wrote: Hello all having a problem getting postfix to send email, i think its sort of related to virtual machine/LAN/WAN/MX i'm sure its a simple fix but i cannot seem to get postfix to do what i want when i try to send email to myseld i get the following errors in the mail.log Easy fix: http://www.postfix.org/transport.5.html # transport my.domain relay:[relay.ip.goes.here] ps. use the [ ] brackets. Not as easy complete fix: use split-horizon DNS. -- Noel Jones