Re: qmail forward to postfix on the same machine ?
Hello again Would it be bi-directionnal ? I mean does incoming email are routed to the internal qmail server , I need this because qmail deliver emails to few users on this machine in a special way . Thank you CYBERDROID Inc. Le 21/03/2013 14:32, Noel Jones a écrit : On 3/21/2013 7:09 AM, Frank Bonnet wrote: Hello I'm in trouble with an old Qmail server that runs on an also old server. The problem is I cannot modify the existing configuration of this machine because of inhouse developped applications that use qmail. Qmail ( which i know very few ) seem a bit autistic when talking to non FQDN distants servers or with MX misconfigured. my idea is to add a postfix instance on this machine which will send emails to the Internet. In my plan Qmail will inject all outgoing SMTP traffic into Postfix instance that will send it outside . That doesn't sound too hard. Configure postfix to listen on some localhost port -- I'll use 2525 for this example -- and configure qmail to use that as a smarthost. In postfix master.cf, find the line that resembles smtp inet n - n - - smtpd and change it to 127.0.0.1:2525 inet n - n - - smtpd Then configure qmail to use that port as a smarthost. I don't use qmail, but google suggests the way to do that is echo :127.0.0.1:2525 /var/qmail/control/smtproutes but you might want to check your qmail docs for details. -- Noel Jones
Re: qmail forward to postfix on the same machine ?
Am 21.03.2013 13:09, schrieb Frank Bonnet: Hello I'm in trouble with an old Qmail server that runs on an also old server. The problem is I cannot modify the existing configuration of this machine because of inhouse developped applications that use qmail. Qmail ( which i know very few ) seem a bit autistic when talking to non FQDN distants servers or with MX misconfigured. my idea is to add a postfix instance on this machine which will send emails to the Internet. In my plan Qmail will inject all outgoing SMTP traffic into Postfix instance that will send it outside . it that config I could tweak postfix as I want to manage outgoing emails. The server is mainly used to send daily newsletters Anyone did this ? Is it possible ? There is one caveat, though: qmail-send will disassemble multi-recipient posts, i. e. you will get one Postfix message and queue ID per recipient - and Postfix has some VERP support (Mailman, for instance, uses it.) If you can somehow manage to inject outgoing mail directly into Postfix, so that you can bypass qmail-send, that may help quite a bit. If your software talks QMQP for injection into qmail for sending outbound mail, you can make Postfix provide a QMQPd.
Re: qmail forward to postfix on the same machine ?
Matthias Andree: There is one caveat, though: qmail-send will disassemble multi-recipient posts, i. e. you will get one Postfix message and queue ID per recipient - and Postfix has some VERP support (Mailman, for instance, uses it.) If you can somehow manage to inject outgoing mail directly into Postfix, so that you can bypass qmail-send, that may help quite a bit. If your software talks QMQP for injection into qmail for sending outbound mail, you can make Postfix provide a QMQPd. The following construction has worked for years at securityfocus.com: SMTP protocol - qmail - ezmlm - QMQPD protocol - Postfix This construction was chosen because qmail was falling behind with email deliveries. Wietse
Re: qmail forward to postfix on the same machine ?
CYBERDROID Inc. Le 21/03/2013 14:32, Noel Jones a écrit : On 3/21/2013 7:09 AM, Frank Bonnet wrote: Hello I'm in trouble with an old Qmail server that runs on an also old server. The problem is I cannot modify the existing configuration of this machine because of inhouse developped applications that use qmail. Qmail ( which i know very few ) seem a bit autistic when talking to non FQDN distants servers or with MX misconfigured. my idea is to add a postfix instance on this machine which will send emails to the Internet. In my plan Qmail will inject all outgoing SMTP traffic into Postfix instance that will send it outside . That doesn't sound too hard. Configure postfix to listen on some localhost port -- I'll use 2525 for this example -- and configure qmail to use that as a smarthost. In postfix master.cf, find the line that resembles smtp inet n - n - - smtpd and change it to 127.0.0.1:2525 inet n - n - - smtpd Then configure qmail to use that port as a smarthost. I don't use qmail, but google suggests the way to do that is echo :127.0.0.1:2525 /var/qmail/control/smtproutes but you might want to check your qmail docs for details. -- Noel Jones On 3/22/2013 3:01 AM, Frank Bonnet wrote: Hello again Would it be bi-directionnal ? I mean does incoming email are routed to the internal qmail server , I need this because qmail deliver emails to few users on this machine in a special way . Thank you [please do not top post] The simple example I posted above should not change the path of incoming SMTP mail. Incoming SMTP mail should still be handled by qmail, and postfix should only listen on 127.0.0.1:2525. There are tools in your OS to define which MTA will respond to the mail or sendmail local commands, such as system reports sent by cron, etc. -- Noel Jones
Dont add the $myorigin domain to the FROM header field
Hi all, I use postfix as relay server to several internal domains. xxx is the main one. postconfig | grep domain prints : append_dot_mydomain = no mydomain = xxx myorigin = $mydomain relay_domains = $mydomain yyy zzz If postfix receives an email with a FROM (headers and in the SMTP dialog) without @xxx : mars 22 17:17:05 host=127.0.0.1 tls=off auth=off from=Administrateurrecipients= a...@yyy.fr mailsize=72764 smtpstatus=250 smtpmsg='250 2.0.0 Ok: queued as 7C1A472' exitcode=EX_OK Return-Path: administrat...@yyy.fr Received: [...] Date: 22 Mar 2013 17:17:03 +0100 From: Administrateur To: a...@yyy.fr Subject: aaa [...] it automaticly add @xxx to the FROM header when it transfers the email to the next SMTP server. mars 22 17:17:06 myfinalhost postfix/qmgr[29863]: C0593684F41: from=Administrateur@xxx, size=74777, nrcpt=1 (queue active) I would like to know how to disable this behavior, append_dot_mydomain is already set to no. Regards, Victor
Re: Dont add the $myorigin domain to the FROM header field
On 3/22/2013 11:44 AM, Victor d'Agostino wrote: Hi all, I use postfix as relay server to several internal domains. xxx is the main one. postconfig | grep domain prints : append_dot_mydomain = no mydomain = xxx myorigin = $mydomain relay_domains = $mydomain yyy zzz If postfix receives an email with a FROM (headers and in the SMTP dialog) without @xxx : mars 22 17:17:05 host=127.0.0.1 tls=off auth=off from=Administrateur recipients=a...@yyy.fr mailto:a...@yyy.fr mailsize=72764 smtpstatus=250 smtpmsg='250 2.0.0 Ok: queued as 7C1A472' exitcode=EX_OK Return-Path: administrat...@yyy.fr mailto:administrat...@yyy.fr Received: [...] Date: 22 Mar 2013 17:17:03 +0100 From: Administrateur To: a...@yyy.fr mailto:a...@yyy.fr Subject: aaa [...] it automaticly add @xxx to the FROM header when it transfers the email to the next SMTP server. mars 22 17:17:06 myfinalhost postfix/qmgr[29863]: C0593684F41: from=Administrateur@xxx, size=74777, nrcpt=1 (queue active) I would like to know how to disable this behavior, append_dot_mydomain is already set to no. Regards, Victor http://www.postfix.org/ADDRESS_REWRITING_README.html#william http://www.postfix.org/postconf.5.html#remote_header_rewrite_domain When you're using a content_filter, it's often useful to set: # main.cf remote_header_rewrite_domain = domain.invalid -- Noel Jones
Re: Trouble configuring backup MX to reject unauth destination
Tue, 19 Feb 2013 16:31:05 + skrev Viktor Dukhovni postfix-us...@dukhovni.org: On Tue, Feb 19, 2013 at 12:21:35PM +0100, Titanus Eramius wrote: I've tried with relay_domains, but it matches on domain-level which is too much. I then applied relay_recipient_maps, but it don't seem to have any effect, which means that addresses is still matched on domain basis. Every Postfix will have access to a complete list of recipients through MySQL. So the question becomes two-part: Why can't I get relay_recipient_maps to work? http://www.postfix.org/DEBUG_README.html#mail http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup Wildcard entries in canonical_maps and virtual_alias_maps are the most common reason for recipient validation failing to distinguish between valid and invalid recipients. Thank you for the response and sorry for the slow reply. The problem seems to be related with the virtual setup, but I'm not sure how to best describe and document it. Besides aptget.dk this server also hosts cogky.dk (among others), and while unknown recipients is being correctly rejected with a 550 when sent to aptget.dk, they are not when sent to the other virtual domains. Instead they are accepted and then returned by the MAILER_DAEMON, which in turn opens the server to backscatter. I have tried setting local_recipient_maps = $virtual_mailbox_maps in main.cf, but without any apparent effect. To be honest, I'm unsure if I have set virtual_mailbox_maps correct, but when testing it with postalias it seems to work titanus@aptget:/etc/postfix$ sudo postalias -q tita...@aptget.dk mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf aptget.dk/titanus/ When I test mysql_virtual_mailbox_maps.cf with a non-existent address, nothing is returned and the exit status is 1. What I would like to achieve, is that Postfix rejects mail to non-existent recipients before accepting mail. Thanks again, Titanus postconf -n alias_maps = hash:/etc/aliases bounce_template_file = /etc/postfix/bounce.cf broken_sasl_auth_clients = yes config_directory = /etc/postfix delay_warning_time = 4 disable_vrfy_command = yes dovecot_destination_recipient_limit = 1 inet_interfaces = 46.21.105.38 local_recipient_maps = $virtual_mailbox_maps mailman_destination_recipient_limit = 1 maximal_queue_lifetime = 15 message_size_limit = 26214400 mydestination = localhost mydomain = aptget.dk myhostname = aptget.aptget.dk mynetworks = 127.0.0.0/8 postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = truncate.gbudb.net*2 b.barracudacentral.org*1 zen.spamhaus.org*1 bl.spamcop.net*1 postscreen_dnsbl_threshold = 2 postscreen_greet_action = enforce recipient_canonical_classes = envelope_recipient recipient_canonical_maps = hash:/etc/postfix/pfix-no-srs.cf, tcp:127.0.0.1:10002 sender_canonical_classes = envelope_sender sender_canonical_maps = hash:/etc/postfix/pfix-no-srs.cf, tcp:127.0.0.1:10001 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, smtpd_helo_required = yes smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_ask_ccert = yes smtpd_tls_cert_file = /etc/ssl/self-signed/smtpd.crt smtpd_tls_key_file = /etc/ssl/self-signed/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache spamassassin_destination_recipient_limit = 1 tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport.cf virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_transport = dovecot virtual_uid_maps = static:5000
Re: Trouble configuring backup MX to reject unauth destination
Titanus Eramius: Besides aptget.dk this server also hosts cogky.dk (among others), and while unknown recipients is being correctly rejected with a 550 when sent to aptget.dk, they are not when sent to the other virtual domains. Instead they are accepted and then returned by the MAILER_DAEMON, which in turn opens the server to backscatter. Where is cogky.dk defined: mydestination, virtual_alias_domains, virtual_mailbox_domains, relay_domains? It must be only one. This answer determines where the known recipients must be listed: local_recipient_maps, virtual_alias_maps,m virtual_mailbox_maps, relay_recipients. If you list the domain or recipients in the wrong place then mail will be rejected. See http://www.postfix.org/ADDRESS_CLASS_README.html Wietse
how to masquerade / map the from: field without masquerading the rcpt to:
Hi, I'm doing some tests to hopefully use postfix instead of the other MTA but I tried different ways of masquerading the domain name with another one and I am not successful. The closest I got was using mydomain = example.net masquerade_domains = example.org, example.net smtp_generic_maps = hash:/etc/postfix/generic @example.org @example.net This works in theory, but then the RCPT TO: going to t...@exemple.org also get rewritten to t...@exemple.net which is not good. and with sender_canonical_maps = hash:/etc/postfix/sender_canonical @example.org @example.net I only get the reply-to email from the recipient to be changed to t...@exemple.net Any hint would be appreciated. I couldn't find the exact same example on the internet which is masquerading two domain domain names under one, but only for the sender's email address and not the recipient email address. -- esimard
Re: how to masquerade / map the from: field without masquerading the rcpt to:
Etienne Simard: Hi, I'm doing some tests to hopefully use postfix instead of the other MTA but I tried different ways of masquerading the domain name with another one and I am not successful. The closest I got was using mydomain = example.net masquerade_domains = example.org, example.net masquerade_domains is a hack for poorly-organized sites. It is better if systems send mail with an valid email address. If that is not possible, consider using smtp_generic_maps on the boundary between the chaos and the external network. Use the same rewriting strategy as described, for a different problem, in http://www.postfix.org/STANDARD_CONFIGURATION_README.html#fantasy masquerade_domains breaks all kinds of things in Postfix, and it should probably be phased out, now that smtp_generic_maps exists. Wietse
Re: how to masquerade / map the from: field without masquerading the rcpt to:
Thanks for the quick response. The problem i have with the smtp_generic_maps is that when I put @exemple.org @exemple.net in the map it works, but it also changes the RCPT TO addresses. So if I send from esim...@exemple.net to wie...@exemple.org it will now try to send emails to wie...@exemple.net which does not exist. Is there a way around that? Regards, On Fri, Mar 22, 2013 at 5:40 PM, Wietse Venema wie...@porcupine.org wrote: Etienne Simard: Hi, I'm doing some tests to hopefully use postfix instead of the other MTA but I tried different ways of masquerading the domain name with another one and I am not successful. The closest I got was using mydomain = example.net masquerade_domains = example.org, example.net masquerade_domains is a hack for poorly-organized sites. It is better if systems send mail with an valid email address. If that is not possible, consider using smtp_generic_maps on the boundary between the chaos and the external network. Use the same rewriting strategy as described, for a different problem, in http://www.postfix.org/STANDARD_CONFIGURATION_README.html#fantasy masquerade_domains breaks all kinds of things in Postfix, and it should probably be phased out, now that smtp_generic_maps exists. Wietse -- Etienne Simard Network and systems administrator | Acquisio Tel: 450.465.2631 ext. 265 Cell: 514-836-9183 Email: esim...@acquisio.com Follow Us: Twitter: http://twitter.com/acquisio LinkedIn: http://www.linkedin.com/company/acquisio Facebook: http://www.facebook.com/acquisio 6300 Auteuil, suite 300 | Brossard, Québec J4Z 3P2 Toll Free: 1.866.493.9070 | www.acquisio.com
Re: Dont add the $myorigin domain to the FROM header field
2013/3/22 Noel Jones njo...@megan.vbhcs.org On 3/22/2013 11:44 AM, Victor d'Agostino wrote: Hi all, I use postfix as relay server to several internal domains. xxx is the main one. postconfig | grep domain prints : append_dot_mydomain = no mydomain = xxx myorigin = $mydomain relay_domains = $mydomain yyy zzz If postfix receives an email with a FROM (headers and in the SMTP dialog) without @xxx : mars 22 17:17:05 host=127.0.0.1 tls=off auth=off from=Administrateur recipients=a...@yyy.fr mailto:a...@yyy.fr mailsize=72764 smtpstatus=250 smtpmsg='250 2.0.0 Ok: queued as 7C1A472' exitcode=EX_OK Return-Path: administrat...@yyy.fr mailto:administrat...@yyy.fr Received: [...] Date: 22 Mar 2013 17:17:03 +0100 From: Administrateur To: a...@yyy.fr mailto:a...@yyy.fr Subject: aaa [...] it automaticly add @xxx to the FROM header when it transfers the email to the next SMTP server. mars 22 17:17:06 myfinalhost postfix/qmgr[29863]: C0593684F41: from=Administrateur@xxx, size=74777, nrcpt=1 (queue active) I would like to know how to disable this behavior, append_dot_mydomain is already set to no. Regards, Victor http://www.postfix.org/ADDRESS_REWRITING_README.html#william http://www.postfix.org/postconf.5.html#remote_header_rewrite_domain When you're using a content_filter, it's often useful to set: # main.cf remote_header_rewrite_domain = domain.invalid -- Noel Jones Thanks for your reply, I do use a homemade content filter application. So I will try setting : remote_header_rewrite_domain = Victor
Re: Trouble configuring backup MX to reject unauth destination
Fri, 22 Mar 2013 16:55:21 -0400 (EDT) skrev Wietse Venema wie...@porcupine.org: Titanus Eramius: Besides aptget.dk this server also hosts cogky.dk (among others), and while unknown recipients is being correctly rejected with a 550 when sent to aptget.dk, they are not when sent to the other virtual domains. Instead they are accepted and then returned by the MAILER_DAEMON, which in turn opens the server to backscatter. Where is cogky.dk defined: mydestination, virtual_alias_domains, virtual_mailbox_domains, relay_domains? It must be only one. This answer determines where the known recipients must be listed: local_recipient_maps, virtual_alias_maps,m virtual_mailbox_maps, relay_recipients. If you list the domain or recipients in the wrong place then mail will be rejected. See http://www.postfix.org/ADDRESS_CLASS_README.html Wietse The goal is a virtual only mailserver, so the domains is stored in MySQL and fetched through virtual_mailbox_domains. Besides virtual_mailbox_domains, I use virtual_mailbox_maps and virtual_alias_maps. The documentation is among the best documentation I have seen, but I can't seem to find the solution, even though I have read most of what I could find in relation to virtual handling. One more clue is the error messages when sending to non-existent users. When sending to aptget.dk Postfix responds with 550 5.1.1 non_exist...@aptget.dk: Recipient address rejected: User unknown in virtual mailbox table. When sending to cogky.dk the response is only non_exist...@cogky.dk: user unknown Thank you for your time, Titanus
Re: how to masquerade / map the from: field without masquerading the rcpt to:
Etienne Simard: Thanks for the quick response. The problem i have with the smtp_generic_maps is that when I put @exemple.org @exemple.net in the map it works, but it also changes the RCPT TO addresses. Use the right tool for the right job. Use smtp_generic_maps on the network boundary, to transform addresses that are valid only inside the network, into addresses that are valid outside the network, without exceptions. Use aliases on the network boundary MTA, to route mail that enters the network from outside, to whatever addresses you use internally. Wietse
Re: Trouble configuring backup MX to reject unauth destination
Titanus Eramius: Fri, 22 Mar 2013 16:55:21 -0400 (EDT) skrev Wietse Venema Where is cogky.dk defined: mydestination, virtual_alias_domains, virtual_mailbox_domains, relay_domains? It must be only one. This answer determines where the known recipients must be listed: local_recipient_maps, virtual_alias_maps,m virtual_mailbox_maps, relay_recipients. If you list the domain or recipients in the wrong place then mail will be rejected. See http://www.postfix.org/ADDRESS_CLASS_README.html The goal is a virtual only mailserver, so the domains is stored in MySQL and fetched through virtual_mailbox_domains. Besides virtual_mailbox_domains, I use virtual_mailbox_maps and virtual_alias_maps. With the domain defined in virtual_mailbox_domains, mail will fail with user unknown in virtual mailbox table when the recipient is not found in virtual_mailbox_maps. This is described in agonizing detail in ADDRESS_CLASS_README. Test your lookups: postmap -q cogky.dk the-virtual_mailbox_domains-table This should return a result (the value does not matter). postmap -q real-u...@cogky.dk the-virtual_mailbox_maps-table This should return a result (the mailbox file name). postmap -q bogus-u...@cogky.dk the-virtual_mailbox_maps-table This should return no result (Postfix treats this as user unknown in virtual mailbox table). Wietse
Forward internal RHEL6 server local user emails to postfix mailrelay
Hi list, I would like to forward all our internal RHEL6 server localuser emails to our postfix mailrelay. I have tried the following already on the RHEL6 servers: - .forward will not allow e.g. root to forward mail to user1 - relayhost only relay mail for external users Is there a global postfix setting for this ? Is there a generic LDAP postfix schema so localuser - email conversion can be done at our postfix mailrelay ? I guess there is not, and this would most likely be very customized, but what info would be needed to be able to help me on the way ? Thanks in advance :) ! ~maymann
Re: Dont add the $myorigin domain to the FROM header field
On 3/22/2013 5:58 PM, Victor d'Agostino wrote: 2013/3/22 Noel Jones njo...@megan.vbhcs.org mailto:njo...@megan.vbhcs.org On 3/22/2013 11:44 AM, Victor d'Agostino wrote: Hi all, I use postfix as relay server to several internal domains. xxx is the main one. postconfig | grep domain prints : append_dot_mydomain = no mydomain = xxx myorigin = $mydomain relay_domains = $mydomain yyy zzz If postfix receives an email with a FROM (headers and in the SMTP dialog) without @xxx : mars 22 17:17:05 host=127.0.0.1 tls=off auth=off from=Administrateur recipients=a...@yyy.fr mailto:a...@yyy.fr mailto:a...@yyy.fr mailto:a...@yyy.fr mailsize=72764 smtpstatus=250 smtpmsg='250 2.0.0 Ok: queued as 7C1A472' exitcode=EX_OK Return-Path: administrat...@yyy.fr mailto:administrat...@yyy.fr mailto:administrat...@yyy.fr mailto:administrat...@yyy.fr Received: [...] Date: 22 Mar 2013 17:17:03 +0100 From: Administrateur To: a...@yyy.fr mailto:a...@yyy.fr mailto:a...@yyy.fr mailto:a...@yyy.fr Subject: aaa [...] it automaticly add @xxx to the FROM header when it transfers the email to the next SMTP server. mars 22 17:17:06 myfinalhost postfix/qmgr[29863]: C0593684F41: from=Administrateur@xxx, size=74777, nrcpt=1 (queue active) I would like to know how to disable this behavior, append_dot_mydomain is already set to no. Regards, Victor http://www.postfix.org/ADDRESS_REWRITING_README.html#william http://www.postfix.org/postconf.5.html#remote_header_rewrite_domain When you're using a content_filter, it's often useful to set: # main.cf http://main.cf remote_header_rewrite_domain = domain.invalid -- Noel Jones Thanks for your reply, I do use a homemade content filter application. So I will try setting : remote_header_rewrite_domain = Victor The default for that parameter is already empty, so setting it that way in main.cf probably won't make much difference. My suggestion was to set it to domain.invalid. remote_header_rewrite_domain = domain.invalid -- Noel Jones