postfwd LDAP-based rules
We have started using postfwd 1.33 with Postfix 2.9.1 (on CentOS 5.8 x86_64). I was wondering whether anyone has created (and can share) a plugin which would allow LDAP-based rules (i.e. enable postfwd to use LDAP attributes in user accounts containing particular limits). Unfortunately this feature is not available by default. Any assistance will be appreciated. Regards, Nick
Re: postfwd LDAP-based rules
On 19/11/2012 11:14 πμ, Nikolaos Milas wrote: I was wondering whether anyone has created (and can share) a plugin which would allow LDAP-based rules (i.e. enable postfwd to use LDAP attributes in user accounts containing particular limits). Note: I already asked at the postfwd mailing list but I didn't get any response. Regards, Nick
Recipient address rejected: gmail.com;
For now, it's good that anything not of my fantasy FQDN: http://www.postfix.org/SOHO_README.html#fantasy of dur.bounceme.net which no-ip.com provides free as a host gets mailed out. Definitely, I don't want to inadvertently spam the internet (even just my own account). However, if I did want postfix to send out these messages, which originate with mailman, it's the mydestination value which restricts sending mail out? thufir@dur:~$ thufir@dur:~$ tail -n 3 /var/log/mail.log Nov 19 01:30:02 dur postfix/smtpd[13683]: connect from localhost[127.0.0.1] Nov 19 01:30:04 dur postfix/smtpd[13683]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 hawat.thu...@gmail.com: Recipient address rejected: gmail.com; from=alpha-boun...@dur.bounceme.net to=hawat.thu...@gmail.com proto=ESMTP helo=dur.bounceme.net Nov 19 01:30:04 dur postfix/smtpd[13683]: disconnect from localhost[127.0.0.1] thufir@dur:~$ thufir@dur:~$ cat /etc/postfix/main.cf | grep mydest mydestination = dur.bounceme.net, localhost.bounceme.net, localhost thufir@dur:~$ thanks, Thufir
Re: Recipient address rejected: gmail.com;
On Mon, Nov 19, 2012 at 01:42:22AM -0800, Thufir wrote: For now, it's good that anything not of my fantasy FQDN: http://www.postfix.org/SOHO_README.html#fantasy of dur.bounceme.net which no-ip.com provides free as a host gets mailed out. Definitely, I don't want to inadvertently spam the internet (even just my own account). However, if I did want postfix to send out these messages, which originate with mailman, it's the mydestination value which restricts sending mail out? Only insofar as mydestination decides what domains to deliver locally. http://www.postfix.org/postconf.5.html#mydestination http://www.postfix.org/BASIC_CONFIGURATION_README.html#mydestination thufir@dur:~$ thufir@dur:~$ tail -n 3 /var/log/mail.log Nov 19 01:30:02 dur postfix/smtpd[13683]: connect from localhost[127.0.0.1] Nov 19 01:30:04 dur postfix/smtpd[13683]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 hawat.thu...@gmail.com: Recipient address rejected: gmail.com; from=alpha-boun...@dur.bounceme.net to=hawat.thu...@gmail.com proto=ESMTP helo=dur.bounceme.net Nov 19 01:30:04 dur postfix/smtpd[13683]: disconnect from localhost[127.0.0.1] thufir@dur:~$ thufir@dur:~$ cat /etc/postfix/main.cf | grep mydest mydestination = dur.bounceme.net, localhost.bounceme.net, localhost UUOC. Better than grep, however, is postconf(1): /usr/sbin/postconf mydestination However, that still does not provide enough information to solve the problem you're having. I am sure that your Postfix is doing exactly what you have configured it to do. But you did not tell us how you configured it. Look for a check_recipient_access lookup before posting again. If unable to solve it with that hint, again, see the list posting guidelines: http://www.postfix.org/DEBUG_README.html#mail -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
cache MX record
due to some reason my primary DNS (windows 2003) is not giving me an MX record. even i have created one manually for my mailserver and afterwords it points to A record of my mailserver i think there is some thing going in side my DNS below is the result of nslookup with type=MX primary name server = sr-dc.mydomain.com responsible mail addr = hostmaster serial = 2286 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour) so instead of messing up with 2003 DNS is there anyway to make a cache record just like we have /etc/hosts for A records. Thanks.
Re: cache MX record
On 11/19/2012 12:51 PM, Muhammad Yousuf Khan wrote: due to some reason my primary DNS (windows 2003) is not giving me an MX record. That would be correct. No DNS server would give you an MX record of its own accord. even i have created one manually for my mailserver and afterwords it points to A record of my mailserver That's normally the way of it. i think there is some thing going in side my DNS below is the result of nslookup Please don't use nslookup for DNS troubleshooting; it has serious issues. Use either dig or host. with type=MX primary name server = sr-dc.mydomain.com responsible mail addr = hostmaster serial = 2286 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour) No, that's the SOA. I suggest you consult the Microsoft documentation for help with their implementation of DNS. so instead of messing up with 2003 DNS is there anyway to make a cache record just like we have /etc/hosts for A records. No, that is not possible. However, it doesn't say anywhere that an MX record is mandatory, or required. Please see the list welcome message about how to effectively ask for help: http://www.postfix.org/DEBUG_README.html#mail -- J.
Re: cache MX record
thanks for your guidance issue resolved
Sending of several delayed warnings
Running Postfix 2.7.x I have set delay_warning_time to 4 hours, but was wondering if it is possible to send out two or more bounce messages about a delayed message? What I am aiming for is, that if a message can not be delivered to the destination, then Postfix will inform the sender immediately, or close to immediately, about it. Then later on, if the message gets delivered before max query_time is reached, sends a confirmation to the user, that the message now have been delivered to the destination. I have tried to find the answer by searching the net and reading man pages but without any luck, since I do not really know what to search for, so any pointers will be greatly appreciated. Thanks If need be, a postconf -n from the server: --- alias_maps = hash:/etc/aliases bounce_template_file = /etc/postfix/bounce.cf broken_sasl_auth_clients = yes config_directory = /etc/postfix delay_warning_time = 4 disable_vrfy_command = yes inet_interfaces = all maximal_queue_lifetime = 15 myhostname = removed mynetworks = 127.0.0.0/8 recipient_canonical_classes = envelope_recipient recipient_canonical_maps = hash:/etc/postfix/pfix-no-srs.cf, tcp:127.0.0.1:10002 relay_domains = proxy:mysql:/etc/postfix/relay_domains.cf relay_recipient_maps = proxy:mysql:/etc/postfix/relay_recipient_maps.cf sender_canonical_classes = envelope_sender sender_canonical_maps = hash:/etc/postfix/pfix-no-srs.cf, tcp:127.0.0.1:10001 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache smtpd_data_restrictions = reject_unauth_pipelining reject_multi_recipient_bounce permit smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination warn_if_reject reject_invalid_helo_hostname warn_if_reject reject_non_fqdn_helo_hostname warn_if_reject reject_non_fqdn_sender warn_if_reject reject_non_fqdn_recipient warn_if_reject reject_unknown_sender_domain warn_if_reject reject_unknown_recipient_domain warn_if_reject reject_rbl_client truncate.gbudb.net check_policy_service unix:private/spfcheck permit smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_ask_ccert = yes smtpd_tls_cert_file = /etc/ssl/self-signed/smtpd.crt smtpd_tls_key_file = /etc/ssl/self-signed/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 5000 virtual_transport = dovecot virtual_uid_maps = static:5000 ---
Re: Sending of several delayed warnings
Titanus Eramius: Running Postfix 2.7.x I have set delay_warning_time to 4 hours, but was wondering if it is possible to send out two or more bounce messages about a delayed message? If you want to know if mail is finally out the door, turn on the DSN success notify option. As for multiple error/warning notifications: over my dead body !! What you are asking for is a message multiplier: one message goes into Postfix, N messages come out. At least, that is what you hope will happen. But you don't control everything, especially not those pesky users, and occasionally one message starts looping around and things blow up. Message multipliers are problematic. In the context of email, a well-known example is the mailing list. And indeed, a bunch of tricks has been developed to avoid explosions due to forwarding (by a naive user, or software written by a navive programmer). Message multipliers are unsafe. Don't do it. Wietse
C/C++ based Content filter API
Hi, I am implementing a customized enterprise solution where I need to receive an email , pull out the contents from the email and initiate some enterprise operations based on the received content of the email. I am using Postfix as mail receiving server and, for mail parsing I am planning to use Gmime (http://spruce.sourceforge.net/gmime/), The real problem here I am facing is that I am unable to find a good C/C++ based Content filter api, as one is provided in java like 'subethasmtp' (http://code.google.com/p/subethasmtp/). Can someone suggest one please? Thanks in advance!!! Ashish
Re: what is a virtual domain?
On Mon, 19 Nov 2012 08:40:52 -0600, Lindsay Haisley wrote: I'm not sure what's meant by the term vanity domain but I'm sure it'll do just fine, as long as it resolves to a proper local IP address and if necessary there's a MX (mail exchange) record associated with it. The terminology's from postfix: Postfix on hosts without a real Internet hostname This section is for hosts that don't have their own Internet hostname. Typically these are systems that get a dynamic IP address via DHCP or via dialup. Postfix will let you send and receive mail just fine between accounts on a machine with a fantasy name. However, you cannot use a fantasy hostname in your email address when sending mail into the Internet, because no-one would be able to reply to your mail. In fact, more and more sites refuse mail addresses with non-existent domain names. http://www.postfix.org/SOHO_README.html#fantasy The shifting nomenclature just adds to the confusion. And it's not a non-existent domain name, bounceme.net is valid and owned by no-ip.com. Only the prefix is mine in any sense. In reply to what's said above by Lindsay about resolving to a proper IP address, no it doesn't resolve, with some caveats. Or, to add to the confusion, sometimes entering http://dur.bounceme.net/ will resolve to my dynamic IP address which my ISP provides, but there's no guarantee it will work and I wouldn't want it to -- I'm not trying to run a server on the internet. Which IP address that host resolves to is up to no-ip.com, who own bounceme.net and only let me use dur.bounceme.net as a courtesy/marketing thing. On my machine, yes, the host name (?) of dur.bounceme.net seems to work fine. Mailman comes up fine, and postfix seems to manage to keep all the mail local. Many of the replies are over my head with SSL authentication, but I appreciate the information in any event. thanks again, Thufir
Re: OpenSSL: TXT_DB error number 2
I applied the suggested changes and decided to test the server. openssl s_client -tls1 -connect mail.example.com:25 returned SSL3_GET_RECORD:wrong version number. What is the problem?
Re: OpenSSL: TXT_DB error number 2
thorso...@lavabit.com: I applied the suggested changes and decided to test the server. openssl s_client -tls1 -connect mail.example.com:25 returned SSL3_GET_RECORD:wrong version number. What is the problem? Stuff the error message into a search engine. The result: one ends of the connection wants to talk SSLv3 and the other end supports only TLSv1. Wietse
Re: OpenSSL: TXT_DB error number 2
On Mon, Nov 19, 2012 at 03:48:14PM -0500, thorso...@lavabit.com wrote: I applied the suggested changes and decided to test the server. openssl s_client -tls1 -connect mail.example.com:25 returned SSL3_GET_RECORD:wrong version number. What is the problem? SMTP servers negotiate TLS over SMTP via STARTTLS, you're trying to start the SSL/TLS handshake without the prior SMTP handshake. You must: $ openssl s_client -starttls smtp -connect mail.example.com:25 -- Viktor.
Re: Simplest approach to full-adress aliases?
Le 17/11/2012 15:24, Jeroen Geilman a écrit : [snip] NOTE that domainALPHA.com must be in an address class you control: relay, local, or virtual_*. No. virtual_alias_maps apply to all mail that goes through your postfix, whatever the domain class is. The presence of the alias alone does not mean mail for the domain is accepted. and mail may be accepted even if the domain is not in an address class you control the obvious example is submitted mail. a less obvious one is a domain not declared in relayd_omains, but accepted via a check_recipient_address (yeah, that's ugly, but still possible). in short, the three things: - mail rewrite - mail address classes - mail acceptance are 3 different concepts.
Re: OpenSSL: TXT_DB error number 2
On Mon, Nov 19, 2012 at 04:03:15PM -0500, Wietse Venema wrote: I applied the suggested changes and decided to test the server. openssl s_client -tls1 -connect mail.example.com:25 returned SSL3_GET_RECORD:wrong version number. What is the problem? Stuff the error message into a search engine. The result: one ends of the connection wants to talk SSLv3 and the other end supports only TLSv1. In this case the problem is deeper, one end is not even talking SSL/TLS, the wrong version number is a bit of a red-herring, an SMTP banner is misreported as an SSL record layer header with an unexpected protocol version. Avoiding this problem would have required a more bloated TLS record layer, so better reporting is not easy. -- Viktor.
Initial 220 greeting timeout
Hi,
I have a postfix-2.8.10 server on fc15 that is having a problem with
slow connections to port 25 before receiving the initial 220 greeting.
I actually had a similar problem back in February on this same system,
and implementing postscreen seemed to have resolved it.
If I run telnet localhost 25 immediately after starting postfix, it
works fine. After a minute or so, however, there is a lengthy delay
before receiving the 220 greeting. This really seems to be a
connection or utilization issue.
I thought there was a possibility it was a problem with the bind
configuration on the system, but I've tried using a name server on the
local network and it's still an extensive delay. I really don't think
it's a name server problem.
In spite of having postscreen configured, I tried increasing process
limit to 300 and it makes no difference. I've also read through the
stress README and I believe I've implemented all of the relevant
suggestions. I don't have this smtpd line in my master.cf, however:
smtp inet n - n - 200 smtpd
Is this because I've configured amavisd with this system?
I also noticed the venerable Possible SYN flooding on port 25.
Sending cookies. kernel message today. Could this be related? Too
many new connections in a very short period...
There are also a lot of the following:
Nov 19 20:39:03 mail01 postfix/smtpd[19820]: lost connection after
CONNECT from listserver.translateplanmulti.info[198.41.120.7]
Are these related to postscreen?
There are times when the server has thousands of queued messages, and
as many as 80 or more DNS queries per second to the local caching
nameserver, but it also happens under much smaller loads. The server
is a Xeon E5345 with 8 cores and 8GB RAM that isn't even all used, and
4 1GB disks in a RAID5. It also appears to peak at processing about 60
msgs/min, but the average is closer to 20. I only noticed this today
due to a nagios alert, although I haven't done anything to the system
today that would have related to this.
There are probably other areas in which my configuration below that
could be improved, so any ideas greatly appreciated.
mail_version = 2.8.10
hostname = mail01.example.com
uname = Linux mail01.example.com 2.6.43.8-1.fc15.x86_64 #1 SMP Mon Jun
4 20:33:44 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
--Packaging information--
looks like this postfix comes from RPM package: postfix-2.8.10-1.fc15.x86_64
--main.cf non-default parameters--
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_mail_to_files = alias,forward
always_bcc = bcc-user
biff = no
body_checks = regexp:/etc/postfix/body_checks.pcre
content_filter = smtp-amavis:[127.0.0.1]:10024
debug_peer_list = 64.XX.YY.0/24
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks =
pcre:/etc/postfix/header_checks.pcre
pcre:/etc/postfix/header_checks-jimsun.pcre
initial_destination_concurrency = 20
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 2
manpage_directory = /usr/share/man
maximal_queue_lifetime = 2d
message_size_limit = 13312000
mime_header_checks = pcre:/etc/postfix/mime_header_checks
mydestination = $myhostname, localhost.$mydomain
mynetworks = 127.0.0.0/8, 192.168.1.0/24, 192.168.6.0/24,
68.XXX.YYY.40/29, 64.XX.YY.0/27
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net*2 bl.spamcop.net*1
b.barracudacentral.org*1 psbl.surriel.com*1
postscreen_dnsbl_threshold = 2
postscreen_greet_action = enforce
rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
readme_directory = /usr/share/doc/postfix-2.8.10/README_FILES
relay_domains = $mydestination, $transport_maps, example.com,
cs.example.com, dom1.example.com, example.com
sample_directory = /usr/share/doc/postfix-2.8.10/samples
smtpd_client_connection_count_limit = 2
smtpd_recipient_restrictions =
reject_non_fqdn_recipient, check_client_access
hash:/etc/postfix/client_checks_special,check_sender_access
hash:/etc/postfix/sender_checks_special,reject_non_fqdn_sender,
reject_unlisted_recipient, permit_mynetworks,
reject_unauth_destination, reject_unknown_sender_domain,
reject_unknown_recipient_domain,check_helo_access
pcre:/etc/postfix/helo_checks.pcre, reject_invalid_helo_hostname,
check_client_access
hash:/etc/postfix/client_checks,check_sender_access
hash:/etc/postfix/sender_checks,check_recipient_access
pcre:/etc/postfix/relay_recips_segtravel, check_recipient_access
pcre:/etc/postfix/relay_recips_access, check_recipient_access
pcre:/etc/postfix/property_recip_map, check_recipient_access
pcre:/etc/postfix/recipient_checks, check_recipient_access
pcre:/etc/postfix/relay_recip_checks, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname, mail01.example.com
smtpd_sasl_path
