forbid forwarding
hello I need for forbid all kind of automatic forwarding actually I have the following in main.cf allow_mail_to_commands = alias, forward allow_mail_to_files = alias, forward To avoid .forward all I need is to have : allow_mail_to_commands = alias allow_mail_to_files = alias Right ? Thank you
Re: forbid forwarding
Frank Bonnet: hello I need for forbid all kind of automatic forwarding http://www.postfix.org/postconf.5.html#forward_path
Setting Up FallBack Transport
Hi, When reading the documentations about this feature, it's explained that it can be used to delivery mail for user that dont't exist under postfix but maybe exist in other system, this is why we specify a smtp server to serve thoses users. I'm trying to setup a split delivery with Google Apps / Postfix, i.e users are first delivered to Google Apps, if a user don't exist on Google Apps, the mail is relayed to Postfix. This is why, I'm trying to setup a fallback transport for a virtual domain, under ZPanel/Postfix (Postfix version : 2.9.1), i.e when Postfix don't find a user locally it will relay mails to Google Apps server. I tried to setup the parameter fallback_transport like this : fallback_transport= smtp : aspmx.l.google.com But it doesn't work, why ? i don't know. Thanks, -- View this message in context: http://postfix.1071664.n5.nabble.com/Setting-Up-FallBack-Transport-tp59754.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: Setting Up FallBack Transport
HanniBaL: Hi, When reading the documentations about this feature, it's explained that it can be used to delivery mail for user that dont't exist under postfix but maybe exist in other system, this is why we specify a smtp server to serve thoses users. I'm trying to setup a split delivery with Google Apps / Postfix, i.e users are first delivered to Google Apps, if a user don't exist on Google Apps, the mail is relayed to Postfix. This is why, I'm trying to setup a fallback transport for a virtual domain, under ZPanel/Postfix (Postfix version : 2.9.1), i.e when Postfix don't find a user locally it will relay mails to Google Apps server. I tried to setup the parameter fallback_transport like this : fallback_transport= smtp : aspmx.l.google.com But it doesn't work, why ? i don't know. TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Thank you for using Postfix.
Re: Setting Up FallBack Transport
On Tue, Jul 16, 2013 at 07:07:55AM -0700, HanniBaL wrote: This is why, I'm trying to setup a fallback transport for a virtual domain, under ZPanel/Postfix (Postfix version : 2.9.1), i.e when Postfix don't find a user locally it will relay mails to Google Apps server. The Postfix fallback_transport is a feature of the local(8) delivery agent. And user non-existence means not found in either the local aliases(5) file or /etc/passwd user database. It is far better to map each users mail destination explicitly, than to rely on fallback mechanisms. Lazy is good, too lazy is trouble. Use virtual_alias_maps to rewrite each user to id@gmail.example.com (where example.com is your domain) and route id@gmail.example.com to Google apps via a suitable border Postfix instance. This should canonicalize the recipient address to a stable identifier that will deliver it to the right Gmail mailbox. -- Viktor.
Re: Setting Up FallBack Transport
Hi, I posted this thread because i'm not sure if i'm right or not. how can i verify that i'm in the second case ? Thanks, -- View this message in context: http://postfix.1071664.n5.nabble.com/Setting-Up-FallBack-Transport-tp59754p59757.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: Setting Up FallBack Transport
Hi Viktor, Thanks for your quick answer, if i understand correctly you suggested to me to define transport map for each user that still under Postfix (to deliver locally), other way use a global transport map (that will be applied to the whole domain) for all other users that are not currently under Postfix. I tried with this manner, and it's seems to work correctly. But concretely, how can i use the fallback_transport option under Postfix 2.9.1 ? -- View this message in context: http://postfix.1071664.n5.nabble.com/Setting-Up-FallBack-Transport-tp59754p59758.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: Setting Up FallBack Transport
On Tue, Jul 16, 2013 at 07:54:18AM -0700, HanniBaL wrote: Thanks for your quick answer, if i understand correctly you suggested to me to define transport map for each user that still under Postfix (to deliver locally), other way use a global transport map (that will be applied to the whole domain) for all other users that are not currently under Postfix. I tried with this manner, and it's seems to work correctly. But concretely, how can i use the fallback_transport option under Postfix 2.9.1 ? Don't use fallback_transport. It is a legacy last resort mechanism of the Sendmail-compatible local(8) delivery agent. Don't get fixated by this feature. -- Viktor.
Re: Mail server, what else?
On 07/13/2013 02:35 PM, Peter wrote: On 07/13/2013 11:15 AM, J Gao wrote: http://vault.centos.org/6.4/os/Source/SPackages/postfix-2.6.6-2.2.el6_1.src.rpm And patched with quota patch. That's brilliant, now you can't get support for it anywhere. You don't need to patch postfix to get quotas, dovecot 2 has a policy daemon that plugs right into postfix for that now. Seriously, go to Dovecot and get a newer version of postfix. It is well worth it just to get postscreen support (which requires version 2.8 or higher), and you really don't need to be patching it. Fairly current postfix packages for RHEL are available from several sources - we've been using postfix 2.8.8 on RHEL 6 here. Joe
Re: Mail server, what else?
Hi, 14.07.2013 0:17 пользователь Bastian Blank bastian+postfix-users= postfix@waldi.eu.org написал: On Fri, Jul 12, 2013 at 11:55:00AM -0700, J Gao wrote: Now I would like your advises on my system so I can improve it more. Here is my mail server system: - CentOS 6.4 64bit (SELinux disabled), iptables is in action. Enterprisey. Well. - Apache, MySql, PHP What for? If at all use nginx mit php-fpm and mariadb. - Postfix 2.6.6 Not longer supported here. Get a current version. - Courier(Support virtual domain) Use Dovecot. - MailScanner with ClamAV and Spamassassin(with pyzor/rozor2/DCC) This _will_ eat your mail for breakfast. Use amavisd-new. - Fail2ban (SSH, RoundCube, SASL) Self-DoS. What is Self-DoS? What does you mean? - SPF, OpenDKIM, DMARC Why? - RoundCube webmail Not on the same machine. Bastian -- Virtue is a relative term. -- Spock, Friday's Child, stardate 3499.1
sasl on smtps: allowing plaintext
Hi. Following pointers and advice from pj and adaptr on freenode, I've setup postfix on my box to send mail through the mail accounts I have (including the one I'm sending from now). The problem is, some of my account providers do not support TLS, so I have to use stunnel. Then, postfix logs warning: SASL authentication failure: No worthy mechs found thanks to smtp_sasl_security_options = noanonymous, noplaintext and queues the message for retry. How can I tell postfix that plaintext auth mechanisms should be allowed when sending to a specific ip (and maybe port) ? Of course, I would like to keep plaintext auth disallowed anywhere else. Regards, -- Vincent Pelletier
Re: sasl on smtps: allowing plaintext
On Tue, Jul 16, 2013 at 11:06:47PM +0200, Vincent Pelletier wrote: Following pointers and advice from pj and adaptr on freenode, I've setup postfix on my box to send mail through the mail accounts I have (including the one I'm sending from now). The problem is, some of my account providers do not support TLS, so I have to use stunnel. Then, postfix logs warning: SASL authentication failure: No worthy mechs found thanks to smtp_sasl_security_options = noanonymous, noplaintext and queues the message for retry. How can I tell postfix that plaintext auth mechanisms should be allowed when sending to a specific ip (and maybe port) ? Of course, I would like to keep plaintext auth disallowed anywhere else. Separate destinations with incompatible SASL requirements by transport (clone smtp/unix under additional names). Configure each transport's SASL settings via: master.cf: mumble unix ... smtp -o smtp_sasl_security_options=$mumble_sasl_security_options main.cf: mumble_sasl_security_options = ... transport: example.com mumble:[mail.example.com]:587 And similarly from sender_dependent_default_transport_maps, ... -- Viktor.
Re: sasl on smtps: allowing plaintext
On Tue, Jul 16, 2013 at 10:03:57PM +, Viktor Dukhovni wrote: On Tue, Jul 16, 2013 at 11:06:47PM +0200, Vincent Pelletier wrote: Following pointers and advice from pj and adaptr on freenode, I've setup postfix on my box to send mail through the mail accounts I have (including the one I'm sending from now). The problem is, some of my account providers do not support TLS, so I have to use stunnel. Then, postfix logs warning: SASL authentication failure: No worthy mechs found thanks to smtp_sasl_security_options = noanonymous, noplaintext and queues the message for retry. How can I tell postfix that plaintext auth mechanisms should be allowed when sending to a specific ip (and maybe port) ? Of course, I would like to keep plaintext auth disallowed anywhere else. Separate destinations with incompatible SASL requirements by transport (clone smtp/unix under additional names). Configure each transport's SASL settings via: Sure, this works, but why is it a problem? Why not just enforce TLS where it is needed? http://www.postfix.org/TLS_README.html#client_tls_policy http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps A Postfix which is using a relayhost is not going to connect to random Internet sites, and it is definitely not going to attempt to AUTH at any site not configured in $smtp_sasl_password_maps. master.cf: mumble unix ... smtp -o smtp_sasl_security_options=$mumble_sasl_security_options main.cf: mumble_sasl_security_options = ... transport: example.com mumble:[mail.example.com]:587 And similarly from sender_dependent_default_transport_maps, ... -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: Mail server, what else?
On 16 Jul 2013, at 14:03 , Kirill Bychkov kirill.bych...@gmail.com wrote: What is Self-DoS? What does you mean? A self inflicted Denial of Service. sort of like when you ping flood yourself… -- Can't seem to face up to the facts Tense and nervous and I can't relax Can't sleep, bed's on fire Don't touch me I'm a real live wire
