Re: socketmap -vs- tcp_table
Wietse: Marcus: What are the benefits of socketmap (postfix 2.10+) vs tcp_table? tcp_table is Postfix-only. socketmap also works with Sendmail, and is a better protocol. Out of curiosity... when you say better, are you talking about performance and/or reliability, or do you mean it's better just because it's not a strictly Postfix-only protocol?
Re: Does it work on an air gapped intranet?
Viktor Dukhovni: To disable DNS in Postfix 2.11.0 or later: smtp_dns_support_level = none Using none will throw a fatal error because the value is invalid. The correct value to disable DNS lookups in Postfix 2.11+ is disabled i.e. smtp_dns_support_level = disabled and if lmtp: lmtp_dns_support_level = disabled With earlier Postfix versions: disable_dns_lookups = yes I would still deploy DNS even on the isolated network. Just add your own root zone, and off you go.
Re: Asking about heartbleed
On 4/10/2014 7:57 PM, postfix-us...@tja-server.de postfix-us...@tja-server.de wrote: Wietse Venema wrote: OpenSSL versions prior to 1.0.1 don't have the hearbeat feature and have never been affected by this bug. ii openssl 0.9.8o-4squeeze14 Secure Socket Layer (SSL) binary and related cryptographic tools Never change a running system :D And what would your response be if it were the older version that you were still running that was the affected version? Translation: your response is silly.
Re: socketmap -vs- tcp_table
Marcus: Wietse: Marcus: What are the benefits of socketmap (postfix 2.10+) vs tcp_table? tcp_table is Postfix-only. socketmap also works with Sendmail, and is a better protocol. Out of curiosity... when you say better, are you talking about performance and/or reliability, or do you mean it's better just because it's not a strictly Postfix-only protocol? Don't waste your time. Neither protocol is bad. Wietse
Regarding DNS lookup
Dear Expert, I have configured my postfix to lookup against LDAP server which hosts multiple domain all working fine but in case any domain moves from my mail server to another server like yahoo or gmail by changing only MX record my server still tries to deliver mail to this domain disabling domain works perfectly but i want in case MX not points to my server mail should be delivered to current set MX record of domain. Is it possible in Postfix or any hack can do the same.
Re: Regarding DNS lookup
On Wed, Apr 16, 2014 at 8:40 AM, Joy pj.netfil...@gmail.com wrote: Dear Expert, I have configured my postfix to lookup against LDAP server which hosts multiple domain all working fine but in case any domain moves from my mail server to another server like yahoo or gmail by changing only MX record my server still tries to deliver mail to this domain disabling domain works perfectly but i want in case MX not points to my server mail should be delivered to current set MX record of domain. Is it possible in Postfix or any hack can do the same. That is a rather long sentence; you might consider breaking it down so it is easier to see your points and questions. So, does your postfix install use ldap to know which domains it is responsible for? If so, disabling there should make it ignore them. Also, I would expect if you change the MX record for a give domain, the mail to that domain will go to the new server.
Re: Regarding DNS lookup
Mauricio Tavares wrote: On Wed, Apr 16, 2014 at 8:40 AM, Joy pj.netfil...@gmail.com wrote: Dear Expert, I have configured my postfix to lookup against LDAP server which hosts multiple domain all working fine but in case any domain moves from my mail server to another server like yahoo or gmail by changing only MX record my server still tries to deliver mail to this domain disabling domain works perfectly but i want in case MX not points to my server mail should be delivered to current set MX record of domain. Is it possible in Postfix or any hack can do the same. That is a rather long sentence; you might consider breaking it down so it is easier to see your points and questions. So, does your postfix install use ldap to know which domains it is responsible for? If so, disabling there should make it ignore them. Also, I would expect if you change the MX record for a give domain, the mail to that domain will go to the new server. I think the question is more along the lines of: In case some customer changes the MX records away from me, how can I automatically stop accepting mail for that domain? About the best you can do is probably a cron job that checks on MX records for domains you supposedly host, that can lead to automatically disabling domains that suddenly point somewhere other than your mail system. -kgd
Re: Regarding DNS lookup
Kris Deugau: I think the question is more along the lines of: In case some customer changes the MX records away from me, how can I automatically stop accepting mail for that domain? That is my reading too. About the best you can do is probably a cron job that checks on MX records for domains you supposedly host, that can lead to automatically disabling domains that suddenly point somewhere other than your mail system. I confirm the above answer. Postfix does not decide what domains to receive based on MX records. The SMTP protocol standard does not require MX records, and neither does Postfix. Wietse
Re: Regarding DNS lookup
On 04/16/2014 10:14 AM, Kris Deugau wrote: In case some customer changes the MX records away from me, how can I automatically stop accepting mail for that domain? About the best you can do is probably a cron job that checks on MX records for domains you supposedly host, that can lead to automatically disabling domains that suddenly point somewhere other than your mail system. Shameless plug: http://michael.orlitzky.com/code/haeredes.php
Re: Does it work on an air gapped intranet?
On Wed, Apr 16, 2014 at 11:56:51AM +0100, Marcus wrote: Viktor Dukhovni: To disable DNS in Postfix 2.11.0 or later: smtp_dns_support_level = none Using none will throw a fatal error because the value is invalid. The correct value to disable DNS lookups in Postfix 2.11+ is disabled i.e. smtp_dns_support_level = disabled and if lmtp: lmtp_dns_support_level = disabled Thanks for the correction. I forgot the option value I defined for this case. We could define none as an alias for the same case, but I think that disabled is fine, users should check the parameter reference in postconf(5) before setting it, or telling others to do so. :-) -- Viktor.
Need a main.cf file for virtual users
I need to setup: * postfix/dovecot mail server. * one domain - let's say mydomain.com * text file that allowing me to configure the users and passwords. I tried this configuration but it's not working: # Global Postfix configuration file. This file lists only a subset # of all parameters. For the syntax, and for a complete parameter # list, see the postconf(5) manual page (command: man 5 postconf). # # For common configuration examples, see BASIC_CONFIGURATION_README # and STANDARD_CONFIGURATION_README. To find these documents, use # the command postconf html_directory readme_directory, or go to # http://www.postfix.org/. # # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. # SOFT BOUNCE # # The soft_bounce parameter provides a limited safety net for # testing. When soft_bounce is enabled, mail will remain queued that # would otherwise bounce. This parameter disables locally-generated # bounces, and prevents the SMTP server from rejecting mail permanently # (by changing 5xx replies into 4xx replies). However, soft_bounce # is no cure for address rewriting mistakes or mail routing mistakes. # #soft_bounce = no # LOCAL PATHNAME INFORMATION # # The queue_directory specifies the location of the Postfix queue. # This is also the root directory of Postfix daemons that run chrooted. # See the files in examples/chroot-setup for setting up Postfix chroot # environments on different UNIX systems. # queue_directory = /var/spool/postfix # The command_directory parameter specifies the location of all # postXXX commands. # command_directory = /usr/sbin # The daemon_directory parameter specifies the location of all Postfix # daemon programs (i.e. programs listed in the master.cf file). This # directory must be owned by root. # daemon_directory = /usr/libexec/postfix # DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. # #default_privs = nobody # INTERNET HOST AND DOMAIN NAMES # # The myhostname parameter specifies the internet hostname of this # mail system. The default is to use the fully-qualified domain name # from gethostname(). $myhostname is used as a default value for many # other configuration parameters. # myhostname = sweep.gt #myhostname = virtual.domain.tld # The mydomain parameter specifies the local internet domain name. # The default is to use $myhostname minus the first component. # $mydomain is used as a default value for many other configuration # parameters. # mydomain = mydomain.com # SENDING MAIL # # The myorigin parameter specifies the domain that locally-posted # mail appears to come from. The default is to append $myhostname, # which is fine for small sites. If you run a domain with multiple # machines, you should (1) change this to $mydomain and (2) set up # a domain-wide alias database that aliases each user to # user@that.users.mailhost. # # For the sake of consistency between sender and recipient addresses, # myorigin also specifies the default domain name that is appended # to recipient addresses that have no @domain part. # myorigin = $myhostname #myorigin = $mydomain # RECEIVING MAIL # The inet_interfaces parameter specifies the network interface # addresses that this mail system receives mail on. By default, # the software claims all active interfaces on the machine. The # machines, you should (1) change this to $mydomain and (2) set up # a domain-wide alias database that aliases each user to # user@that.users.mailhost. # # For the sake of consistency between sender and recipient addresses, # myorigin also specifies the default domain name that is appended # to recipient addresses that have no @domain part. # myorigin = $myhostname #myorigin = $mydomain # RECEIVING MAIL # The inet_interfaces parameter specifies the network interface # addresses that this mail system receives mail on. By default, # the software claims all active interfaces on the machine. The # parameter also controls delivery of mail to user@[ip.address]. # # See also the proxy_interfaces parameter, for network addresses that # are forwarded to us via a proxy or network address translator. # # Note: you need to stop/start Postfix when this parameter changes. # #inet_interfaces = all #inet_interfaces = $myhostname inet_interfaces = $myhostname, localhost #inet_interfaces = localhost # Enable IPv4, and IPv6 if supported inet_protocols = all # The proxy_interfaces parameter specifies the network interface # addresses that this mail system receives mail on by way of a # proxy or network address translation unit. This setting extends # the address list specified with the inet_interfaces parameter. # # You must specify your proxy/NAT addresses when your system is a # backup MX host for other domains, otherwise mail delivery loops # will happen when the primary MX host is down. # #proxy_interfaces = #proxy_interfaces = 1.2.3.4 mydestination = $myhostname, localhost.$mydomain, localhost #mydestination = $myhostname, localhost.$mydomain,
smtp_bind_address not working through proxy
Hello, I have an imap/smtp proxy in a remote location that handles everything for the postfix backend. However, when sending to external domains such as gmail, those headers show my SPF as failing since the email seems to be coming from the actual client and not from the proxy. I already made modifications to master.cf as such and even included an SNAT rule in iptables but I am new to SNAT'ing so that may be wrong: master.cf smtp unix - - - - - smtp -o smtp_bind_address=43.38.30.84 relay unix - - - - - smtp -o smtp_bind_address=43.38.30.84 $IPT -t nat -A POSTROUTING -p tcp -o eth1 -d 75.346.73.32 -j SNAT --to 43.38.30.84 Many thanks for any help -- View this message in context: http://postfix.1071664.n5.nabble.com/smtp-bind-address-not-working-through-proxy-tp67034.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: smtp_bind_address not working through proxy
sedandgrep: Hello, I have an imap/smtp proxy in a remote location that handles everything for the postfix backend. However, when sending to external domains such as gmail, those headers show my SPF as failing since the email seems to be coming from the actual client and not from the proxy. In other words the actual client does not send mail through Postfix. Wietse
Re: smtp_bind_address not working through proxy
Upon inspection of the headers to an external domain (an email address I have at gmail), they show the SPF failing claiming that the ip of the client is not designated to send emails for our domain (the domain of our postfix of course) -- View this message in context: http://postfix.1071664.n5.nabble.com/smtp-bind-address-not-working-through-proxy-tp67034p67036.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: Need a main.cf file for virtual users
On 4/16/2014 11:02 AM, Ziv Barber wrote: I need to setup: * postfix/dovecot mail server. * one domain - let's say mydomain.com http://mydomain.com * text file that allowing me to configure the users and passwords. I tried this configuration but it's not working: (please post in plain-text only) Full documentation with working examples can be found on the postfix documentation page http://www.postfix.org/documentation.html For help with dovecot, please consult the dovecot wiki, or the dovecot mailing list. To get help with postfix, please see: http://www.postfix.org/DEBUG_README.html#mail In your particular case, we need to see postconf -n, a description of what isn't working as you expect, and postfix logs showing the problem. -- Noel Jones
Try 2 to post: I need help setting a main.cf configuration file
I need to setup: * postfix/dovecot mail server. * one domain - let's say mydomain.com * text file that allowing me to configure the users and passwords. I tried this configuration but it's not working: # Global Postfix configuration file. This file lists only a subset # of all parameters. For the syntax, and for a complete parameter # list, see the postconf(5) manual page (command: man 5 postconf). # # For common configuration examples, see BASIC_CONFIGURATION_README # and STANDARD_CONFIGURATION_README. To find these documents, use # the command postconf html_directory readme_directory, or go to # http://www.postfix.org/. # # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. # SOFT BOUNCE # # The soft_bounce parameter provides a limited safety net for # testing. When soft_bounce is enabled, mail will remain queued that # would otherwise bounce. This parameter disables locally-generated # bounces, and prevents the SMTP server from rejecting mail permanently # (by changing 5xx replies into 4xx replies). However, soft_bounce # is no cure for address rewriting mistakes or mail routing mistakes. # #soft_bounce = no # LOCAL PATHNAME INFORMATION # # The queue_directory specifies the location of the Postfix queue. # This is also the root directory of Postfix daemons that run chrooted. # See the files in examples/chroot-setup for setting up Postfix chroot # environments on different UNIX systems. # queue_directory = /var/spool/postfix # The command_directory parameter specifies the location of all # postXXX commands. # command_directory = /usr/sbin # The daemon_directory parameter specifies the location of all Postfix # daemon programs (i.e. programs listed in the master.cf file). This # directory must be owned by root. # daemon_directory = /usr/libexec/postfix # DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. # #default_privs = nobody # INTERNET HOST AND DOMAIN NAMES # # The myhostname parameter specifies the internet hostname of this # mail system. The default is to use the fully-qualified domain name # from gethostname(). $myhostname is used as a default value for many # other configuration parameters. # myhostname = mydomain.com #myhostname = virtual.domain.tld # The mydomain parameter specifies the local internet domain name. # The default is to use $myhostname minus the first component. # $mydomain is used as a default value for many other configuration # parameters. # mydomain = mydomain.com # SENDING MAIL # # The myorigin parameter specifies the domain that locally-posted # mail appears to come from. The default is to append $myhostname, # which is fine for small sites. If you run a domain with multiple # machines, you should (1) change this to $mydomain and (2) set up # a domain-wide alias database that aliases each user to # user@that.users.mailhost. # # For the sake of consistency between sender and recipient addresses, # myorigin also specifies the default domain name that is appended # to recipient addresses that have no @domain part. # myorigin = $myhostname #myorigin = $mydomain # RECEIVING MAIL # The inet_interfaces parameter specifies the network interface # addresses that this mail system receives mail on. By default, # the software claims all active interfaces on the machine. The # machines, you should (1) change this to $mydomain and (2) set up # a domain-wide alias database that aliases each user to # user@that.users.mailhost. # # For the sake of consistency between sender and recipient addresses, # myorigin also specifies the default domain name that is appended # to recipient addresses that have no @domain part. # myorigin = $myhostname #myorigin = $mydomain # RECEIVING MAIL # The inet_interfaces parameter specifies the network interface # addresses that this mail system receives mail on. By default, # the software claims all active interfaces on the machine. The # parameter also controls delivery of mail to user@[ip.address]. # # See also the proxy_interfaces parameter, for network addresses that # are forwarded to us via a proxy or network address translator. # # Note: you need to stop/start Postfix when this parameter changes. # #inet_interfaces = all #inet_interfaces = $myhostname inet_interfaces = $myhostname, localhost #inet_interfaces = localhost # Enable IPv4, and IPv6 if supported inet_protocols = all # The proxy_interfaces parameter specifies the network interface # addresses that this mail system receives mail on by way of a # proxy or network address translation unit. This setting extends # the address list specified with the inet_interfaces parameter. # # You must specify your proxy/NAT addresses when your system is a # backup MX host for other domains, otherwise mail delivery loops # will happen when the primary MX host is down. # #proxy_interfaces = #proxy_interfaces = 1.2.3.4 mydestination = $myhostname, localhost.$mydomain, localhost #mydestination = $myhostname, localhost.$mydomain,
Re: Need a main.cf file for virtual users
Yes, sorry, I forgot to post the error: NOQUEUE: reject: RCPT from mail-ig0-f169.google.com On Wed, Apr 16, 2014 at 6:09 PM, Noel Jones njo...@megan.vbhcs.org wrote: On 4/16/2014 11:02 AM, Ziv Barber wrote: I need to setup: * postfix/dovecot mail server. * one domain - let's say mydomain.com http://mydomain.com * text file that allowing me to configure the users and passwords. I tried this configuration but it's not working: (please post in plain-text only) Full documentation with working examples can be found on the postfix documentation page http://www.postfix.org/documentation.html For help with dovecot, please consult the dovecot wiki, or the dovecot mailing list. To get help with postfix, please see: http://www.postfix.org/DEBUG_README.html#mail In your particular case, we need to see postconf -n, a description of what isn't working as you expect, and postfix logs showing the problem. -- Noel Jones
timeout after ehlo
I’m banging my head on the desk over this one. Some hosts, fly right on through - connect, ehlo, mail from, rcpt-to, data, quit .. done. All in maybe 1 second. Others, will consistently timeout after ehlo. I’ve telnetted into the box from off-site (regular host, not a mail server), and it immediately connects, immediately responds with the 220 mail..com ESMTP Postfix herald, and immediately responds to the helo or ehlo. However, it will take about two minutes to respond to mail-from. Once it eventually responds with 250 2.1.0 Ok, everything else goes as expected. Is there some other check or config value I’m missing? I’m losing a ton of legitimate email because some servers simply refuse to wait the two minutes, and it’s causing my smtpd connection counts to artificially rise as well, so I’m definitely eager to figure this one out as quickly as possible. The box is somewhat active but certainly not loaded (load avg. 0.30 to 0.70, and ~50 or so established connections to smtpd, most of those waiting for the response to mail from), and I’ve turned off all rbl’s, protocol checks (reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender) as well as turned off DNS checks. tcpdump shows nothing odd or out of the ordinary, when run from either end of the wire. Any help or ideas would be GREATLY appreciated!
Re: timeout after ehlo
Brian Grimal: after ehlo. I?ve telnetted into the box from off-site (regular host, not a mail server), and it immediately connects, immediately responds with the 220 mail..com ESMTP Postfix herald, and immediately responds to the helo or ehlo. However, it will take about two minutes to respond to mail-from. Once it eventually Hey, people here are not telepathic. Follow instructions in the mailing list welcome message. Wietse
Re: smtp_bind_address not working through proxy
Am 16.04.2014 19:07, schrieb sedandgrep: Upon inspection of the headers to an external domain (an email address I have at gmail), they show the SPF failing claiming that the ip of the client is not designated to send emails for our domain (the domain of our postfix of course) you need to adjust your SPF record to the IP the destination MX is facing as connecting one, whatever proxy, NAT or not you have on your side don't matter at all SPF woks on the physical connecting IP
Re: Need a main.cf file for virtual users
Apr 16 21:26:17 hosted-by dovecot: master: Dovecot v2.0.9 starting up (core dumps disabled) Apr 16 21:26:27 hosted-by postfix[26422]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by protoc$ Apr 16 21:26:27 hosted-by postfix[26422]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:27 hosted-by postfix/master[26429]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by$ Apr 16 21:26:27 hosted-by postfix/master[26429]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:27 hosted-by postfix/master[26429]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by$ Apr 16 21:26:27 hosted-by postfix/master[26429]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/postsuper[26460]: warning: inet_protocols: IPv6 support is disabled: Address family not supported$ Apr 16 21:26:28 hosted-by postfix/postsuper[26460]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/postlog[26497]: warning: inet_protocols: IPv6 support is disabled: Address family not supported b$ Apr 16 21:26:28 hosted-by postfix/postlog[26497]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/postfix-script[26497]: starting the Postfix mail system Apr 16 21:26:28 hosted-by postfix/master[26500]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by$ Apr 16 21:26:28 hosted-by postfix/master[26500]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/master[26500]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by$ Apr 16 21:26:28 hosted-by postfix/master[26500]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/master[26500]: daemon started -- version 2.6.6, configuration /etc/postfix Apr 16 21:26:28 hosted-by postfix/pickup[26506]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by$ Apr 16 21:26:28 hosted-by postfix/pickup[26506]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/qmgr[26507]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by p$ Apr 16 21:26:28 hosted-by postfix/qmgr[26507]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/qmgr[26507]: 12A0AA40182: from=double-bou...@sweep.gt, size=844, nrcpt=1 (queue active) Apr 16 21:26:28 hosted-by postfix/trivial-rewrite[26512]: warning: inet_protocols: IPv6 support is disabled: Address family not sup$ Apr 16 21:26:28 hosted-by postfix/trivial-rewrite[26512]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/trivial-rewrite[26512]: warning: database /etc/postfix/virtual.db is older than source file /etc/$ Apr 16 21:26:28 hosted-by postfix/trivial-rewrite[26512]: fatal: open database /etc/postfix/vmail_domains.db: No such file or direc$ Apr 16 21:26:29 hosted-by postfix/master[26500]: warning: process /usr/libexec/postfix/trivial-rewrite pid 26512 exit status 1 Apr 16 21:26:29 hosted-by postfix/master[26500]: warning: /usr/libexec/postfix/trivial-rewrite: bad command startup -- throttling Apr 16 21:27:06 hosted-by postfix/smtpd[26523]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by $ Apr 16 21:27:06 hosted-by postfix/smtpd[26523]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:27:06 hosted-by postfix/proxymap[26526]: warning: inet_protocols: IPv6 support is disabled: Address family not supported $ Apr 16 21:27:06 hosted-by postfix/proxymap[26526]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:27:06 hosted-by postfix/smtpd[26523]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Apr 16 21:27:06 hosted-by postfix/smtpd[26523]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/vi$ Apr 16 21:27:06 hosted-by postfix/smtpd[26523]: fatal: open database /etc/postfix/vmail_mailbox.db: No such file or directory Apr 16 21:27:07 hosted-by postfix/master[26500]: warning: process /usr/libexec/postfix/smtpd pid 26523 exit status 1 Apr 16 21:27:07 hosted-by postfix/master[26500]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling Apr 16 21:27:29 hosted-by postfix/trivial-rewrite[26529]: warning: inet_protocols: IPv6 support is disabled: Address family not sup$ Apr 16 21:27:29 hosted-by postfix/trivial-rewrite[26529]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:27:29 hosted-by postfix/trivial-rewrite[26529]: warning: database /etc/postfix/virtual.db is older than source file /etc/$ Apr 16 21:27:29 hosted-by postfix/trivial-rewrite[26529]: fatal: open database /etc/postfix/vmail_domains.db: No such file or direc$ Apr 16 21:27:30 hosted-by
Re: Need a main.cf file for virtual users
On 4/16/2014 12:14 PM, Ziv Barber wrote: Yes, sorry, I forgot to post the error: NOQUEUE: reject: RCPT from mail-ig0-f169.google.com http://mail-ig0-f169.google.com Partial log snippets are not useful. Please provide the information requested. Please do not post in HTML. -- Noel Jones On Wed, Apr 16, 2014 at 6:09 PM, Noel Jones njo...@megan.vbhcs.org mailto:njo...@megan.vbhcs.org wrote: On 4/16/2014 11:02 AM, Ziv Barber wrote: I need to setup: * postfix/dovecot mail server. * one domain - let's say mydomain.com http://mydomain.com http://mydomain.com * text file that allowing me to configure the users and passwords. I tried this configuration but it's not working: (please post in plain-text only) Full documentation with working examples can be found on the postfix documentation page http://www.postfix.org/documentation.html For help with dovecot, please consult the dovecot wiki, or the dovecot mailing list. To get help with postfix, please see: http://www.postfix.org/DEBUG_README.html#mail In your particular case, we need to see postconf -n, a description of what isn't working as you expect, and postfix logs showing the problem. -- Noel Jones
Re: smtp_bind_address not working through proxy
The SPF record is defined only for the proxy machine and defining the actual backend postfix would reveal the backend IP. Are you saying that in this case SPF will not work unless I add a record for my backend postfix IP? -- View this message in context: http://postfix.1071664.n5.nabble.com/smtp-bind-address-not-working-through-proxy-tp67034p67046.html Sent from the Postfix Users mailing list archive at Nabble.com.
Cut over to another server
Hi, I've inherited a postfix/dovecot/postfixadmin/squirrelmail setup. I'm looking to cut over from the live mail server to this other server. I'm trying to figure out how to do this cut-over properly. I've installed and configured postfix/dovecot/postfixadmin/squirrelmail as best I could and with the same setup as the live server. I also want to use the same mx dns record. Here's what I'm not sure: - When would I copy the virtual mailboxes from the live server to the other server? Would I do this after switching the DNS MX record? What would be the proper sequence? The following? - Edit DNS MX record. - Copy mailboxes to other server. - Test other server I realize this is generalized without much detail. I have never done this before so I just want to make sure I do this without losing any mail. Downtime is not an issue as long as it is not more than an hour or 2. Thanks, Charles
Re: smtp_bind_address not working through proxy
Ok. I actually am mistaken. I am at a different location. I was testing the emails outbound from my actual postfix backend connected to my LAN (a machine within the LAN) so the public ip will always appear as the one mentioned. But the truth is, it isn't showing SPF failing based on the client, but actually the real physical backend postfix. Basically, my email are being sent FROM the postfix backend rather than the proxy. How can I make sure all emails are actually being sent from the proxy server? -- View this message in context: http://postfix.1071664.n5.nabble.com/smtp-bind-address-not-working-through-proxy-tp67034p67048.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: smtp_bind_address not working through proxy
Am 16.04.2014 19:52, schrieb sedandgrep: The SPF record is defined only for the proxy machine and defining the actual backend postfix would reveal the backend IP. Are you saying that in this case SPF will not work unless I add a record for my backend postfix IP? you need to understand SPF, TCP and networking, that's all * your machine is connectiong to the destination * the destination knows the IP you are connecting with * the SPF record has to contain that IP you reveal nothing - how do you come to that conclusion? the destination already knows the connecting IP address, you can't hide that based on how TCP works basically - your job is that in the DNS record that IP adress is listed - there is no but/if or rocket science
Re: smtp_bind_address not working through proxy
I do understand how it works but isn't there a way to force all smtp connections through the proxy and make it send from there? I wouldnt think this is so difficult given the many customizations we can do with almost anything related to mail servers and proxying. Would an SNAT rule in iptables or smtp_bind_address help in this case? -- View this message in context: http://postfix.1071664.n5.nabble.com/smtp-bind-address-not-working-through-proxy-tp67034p67050.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: smtp_bind_address not working through proxy
lists: While you were posting your response, I had just posted something right before. My postfix machine is the one doing the sending to external domains, bypassing the proxy somehow. -- View this message in context: http://postfix.1071664.n5.nabble.com/smtp-bind-address-not-working-through-proxy-tp67034p67051.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: timeout after ehlo
My apologies, Wietse. I’m having issues with timeouts after ehlo (or helo), before postfix responds with a 250 status. Some senders don’t have any issue at all (gmail). Some senders can’t get any mail through (verizon). Some are hit and miss, with a long (multiple minute) delay on the ones which make it. The first clue I believe I’m missing, is the source of the 421 timeout expired messages. I haven’t quite grasped or found what in postfix triggers the daemon to send this response. I’m probably (hopefully) missing something simple here. postconf -n -- alias_maps = hash:/etc/aliases always_add_missing_headers = yes always_bcc = mailarch...@a.com bounce_notice_recipient = postmaster bounce_queue_lifetime = 5d broken_sasl_auth_clients = yes command_directory = /opt/zimbra/postfix/sbin config_directory = /opt/zimbra/postfix-2.7.8.3z/conf content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /opt/zimbra/postfix/libexec delay_warning_time = 0h disable_dns_lookups = no header_checks = in_flow_delay = 1s inet_protocols = ipv4 lmtp_connection_cache_destinations = lmtp_connection_cache_time_limit = 4s lmtp_host_lookup = dns local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated mail_owner = postfix mailbox_size_limit = 0 mailq_path = /opt/zimbra/postfix/sbin/mailq manpage_directory = /opt/zimbra/postfix/man maximal_backoff_time = 4000s message_size_limit = 3072 minimal_backoff_time = 300s mydestination = localhost myhostname = mail.A.com mynetworks = 127.0.0.0/8 172.16.0.0/17 204.2.DD.DDD/27 192.168.132.0/24 [::1]/128 newaliases_path = /opt/zimbra/postfix/sbin/newaliases non_smtpd_milters = notify_classes = resource,software propagate_unmatched_extensions = canonical queue_directory = /opt/zimbra/data/postfix/spool queue_run_delay = 300s recipient_delimiter = relayhost = sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf sendmail_path = /opt/zimbra/postfix/sbin/sendmail setgid_group = postdrop smtpd_client_restrictions = reject_unauth_pipelining smtpd_data_restrictions = reject_unauth_pipelining smtpd_helo_required = yes smtpd_milters = smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rbl_client cbl.abuseat.org reject_rbl_client dnsbl.sorbs.net, permit smtpd_reject_unlisted_recipient = no smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sender_restrictions = smtpd_tls_auth_only = no smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf virtual_transport = error relevant (I believe) log output (note the timestamps - verizon waits 5 minutes and gives up): -- Apr 16 12:57:45 mail postfix/smtpd[18647]: connect from vms173001pub.verizon.net[206.46.173.1] Apr 16 13:02:45 mail postfix/smtpd[18647]: timeout after EHLO from vms173001pub.verizon.net[206.46.173.1] Apr 16 13:02:45 mail postfix/smtpd[18647]: disconnect from vms173001pub.verizon.net[206.46.173.1] gmail, however, delivers quite reasonably: -- Apr 16 13:54:29 mail postfix/smtpd[18169]: connect from mail-ob0-f180.google.com[209.85.214.180] Apr 16 13:54:29 mail postfix/smtpd[18169]: setting up TLS connection from mail-ob0-f180.google.com[209.85.214.180] Apr 16 13:54:29 mail postfix/smtpd[18169]: Anonymous TLS connection established from mail-ob0-f180.google.com[209.85.214.180]: TLSv1 with cipher RC4-SHA (128/128 bits) Apr 16 13:54:29 mail postfix/smtpd[18169]: 985792F872FF: client=mail-ob0-f180.google.com[209.85.214.180] Apr 16 13:54:29 mail postfix/cleanup[14592]: 985792F872FF: message-id=1705b8f9-0ef1-40c4-aaf2-a4229473c...@gmail.com Apr 16 13:54:29 mail postfix/qmgr[10700]: 985792F872FF: from=aaa...@gmail.com, size=1824, nrcpt=2 (queue active) Apr 16 13:54:29 mail postfix/smtpd[18169]: disconnect from mail-ob0-f180.google.com[209.85.214.180] Apr 16 13:54:35 mail postfix/cleanup[14592]: C46762F872A4: message-id=1705b8f9-0ef1-40c4-aaf2-a4229473c...@gmail.com Apr 16 13:54:36 mail postfix/qmgr[10700]: C46762F872A4: from=aaa...@gmail.com, size=2562, nrcpt=2 (queue active) Apr 16 13:54:36 mail postfix/smtpd[11502]: disconnect from localhost[127.0.0.1] Apr 16 13:54:36 mail postfix/smtp[18542]: 985792F872FF: to=bgri...@a.com, relay=127.0.0.1[127.0.0.1]:10024, delay=6.5, delays=0.15/0/0/6.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C46762F872A4) Apr 16 13:54:36 mail
log format (feature request)
Hi all, I love Postfix and I use it everywhere I can. At work, I now have about 6 of them for different uses. My MX alone accepts about 1 million messages per month. I must (forensic/support request/law) keep logs from all these Postfix servers, and more importantly I must be able to browse/search those logs. Unfortunately Postfix logs are not so simple to parse, so properly indexing logs into logstash/elasticsearch in almost impossible. And working on patterns is doomed to failure, because Postfix logs can evolve (new release, de/activation of a feature…). That would be really awesome if Postfix could log into a structured format. I'm thinking about JSON, because that's what logstash/elasticsearch eats. But any key=value output is fine. Any plan about such a feature/option on the roadmap ? regards, Patrick
aliasing root to a virtual user
I'm trying to alias mail to root to go to a user in a virtual domain. Local mail delivery is handled by dovecot. If I mail root, it gets transformed to r...@gamubaru.com. The mail then gets delivered by dovecot to r...@gamubaru.com. I can't figure out how to get aliases to work. I tried setting up a virtual alias: virtual_alias_maps = hash:/etc/postfix/virtual /etc/postfix/virtual contains: r...@gamubaru.com a...@gamubaru.com postmap -q r...@gamubaru.com hash:/etc/postfix/virtual a...@gamubaru.com Any idea why postfix is not using the alias? Thanks, Andy
Re: Need a main.cf file for virtual users
Well? On Wed, Apr 16, 2014 at 6:32 PM, Ziv Barber zivbar...@gmail.com wrote: Apr 16 21:26:17 hosted-by dovecot: master: Dovecot v2.0.9 starting up (core dumps disabled) Apr 16 21:26:27 hosted-by postfix[26422]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by protoc$ Apr 16 21:26:27 hosted-by postfix[26422]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:27 hosted-by postfix/master[26429]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by$ Apr 16 21:26:27 hosted-by postfix/master[26429]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:27 hosted-by postfix/master[26429]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by$ Apr 16 21:26:27 hosted-by postfix/master[26429]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/postsuper[26460]: warning: inet_protocols: IPv6 support is disabled: Address family not supported$ Apr 16 21:26:28 hosted-by postfix/postsuper[26460]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/postlog[26497]: warning: inet_protocols: IPv6 support is disabled: Address family not supported b$ Apr 16 21:26:28 hosted-by postfix/postlog[26497]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/postfix-script[26497]: starting the Postfix mail system Apr 16 21:26:28 hosted-by postfix/master[26500]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by$ Apr 16 21:26:28 hosted-by postfix/master[26500]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/master[26500]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by$ Apr 16 21:26:28 hosted-by postfix/master[26500]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/master[26500]: daemon started -- version 2.6.6, configuration /etc/postfix Apr 16 21:26:28 hosted-by postfix/pickup[26506]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by$ Apr 16 21:26:28 hosted-by postfix/pickup[26506]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/qmgr[26507]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by p$ Apr 16 21:26:28 hosted-by postfix/qmgr[26507]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/qmgr[26507]: 12A0AA40182: from=double-bou...@sweep.gt, size=844, nrcpt=1 (queue active) Apr 16 21:26:28 hosted-by postfix/trivial-rewrite[26512]: warning: inet_protocols: IPv6 support is disabled: Address family not sup$ Apr 16 21:26:28 hosted-by postfix/trivial-rewrite[26512]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/trivial-rewrite[26512]: warning: database /etc/postfix/virtual.db is older than source file /etc/$ Apr 16 21:26:28 hosted-by postfix/trivial-rewrite[26512]: fatal: open database /etc/postfix/vmail_domains.db: No such file or direc$ Apr 16 21:26:29 hosted-by postfix/master[26500]: warning: process /usr/libexec/postfix/trivial-rewrite pid 26512 exit status 1 Apr 16 21:26:29 hosted-by postfix/master[26500]: warning: /usr/libexec/postfix/trivial-rewrite: bad command startup -- throttling Apr 16 21:27:06 hosted-by postfix/smtpd[26523]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by $ Apr 16 21:27:06 hosted-by postfix/smtpd[26523]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:27:06 hosted-by postfix/proxymap[26526]: warning: inet_protocols: IPv6 support is disabled: Address family not supported $ Apr 16 21:27:06 hosted-by postfix/proxymap[26526]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:27:06 hosted-by postfix/smtpd[26523]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Apr 16 21:27:06 hosted-by postfix/smtpd[26523]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/vi$ Apr 16 21:27:06 hosted-by postfix/smtpd[26523]: fatal: open database /etc/postfix/vmail_mailbox.db: No such file or directory Apr 16 21:27:07 hosted-by postfix/master[26500]: warning: process /usr/libexec/postfix/smtpd pid 26523 exit status 1 Apr 16 21:27:07 hosted-by postfix/master[26500]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling Apr 16 21:27:29 hosted-by postfix/trivial-rewrite[26529]: warning: inet_protocols: IPv6 support is disabled: Address family not sup$ Apr 16 21:27:29 hosted-by postfix/trivial-rewrite[26529]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:27:29 hosted-by postfix/trivial-rewrite[26529]: warning: database /etc/postfix/virtual.db is older than source file
Re: timeout after ehlo
Brian Grimal: Apr 16 12:57:45 mail postfix/smtpd[18647]: connect from vms173001pub.verizon.net[206.46.173.1] Apr 16 13:02:45 mail postfix/smtpd[18647]: timeout after EHLO from vms173001pub.verizon.net[206.46.173.1] Postfix works as expected. Postfix receives *NOTHING* for 5 minutes, and then Postfix times out. 14:04:31.425682 IP 172.16.5.8.25 206.46.173.11.19129: Flags [P.], seq 35:216, ack 32, win 46, options [nop,nop,TS val 386720906 ecr 1770681376], length 181 ...mO-..J. i.t 250-mail.A.com 250-PIPELINING 250-SIZE 3072 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN 14:04:31.445742 IP 206.46.173.11.19129 172.16.5.8.25: Flags [.], ack 216, win 33304, options [nop,nop,TS val 1770681378 ecr 386720906], length 0 ...JmO i.t 14:04:41.434870 IP 172.16.5.8.25 206.46.173.11.19129: Flags [P.], seq 216:266, ack 32, win 46, options [nop,nop,TS val 386721907 ecr 1770681378], length 50 mO,..J. ...si.t421 4.4.2 mail.A.com Error: timeout exceeded Here Postfix times out after 10 seconds. Postfix reduces time limits when all server are busy. Look in your MAILLOG file for warnings like this: service XXX(XXX) has reached its process limit XXX: new clients may experience noticeable delays to avoid this condition, increase the process count in master.cf or reduce the service time per client see http://www.postfix.org/STRESS_README.html for examples of stress-adapting configuration settings Wietse Wietse
Re: log format (feature request)
Patrick Proniewski: Hi all, I love Postfix and I use it everywhere I can. At work, I now have about 6 of them for different uses. My MX alone accepts about 1 million messages per month. I must (forensic/support request/law) keep logs from all these Postfix servers, and more importantly I must be able to browse/search those logs. Unfortunately Postfix logs are not so simple to parse, so properly indexing logs into logstash/elasticsearch in almost impossible. And working on patterns is doomed to failure, because Postfix logs can evolve (new release, de/activation of a feature?). That would be really awesome if Postfix could log into a structured format. I'm thinking about JSON, because that's what logstash/elasticsearch eats. But any key=value output is fine. Any plan about such a feature/option on the roadmap ? This requires a new logging abstraction, for example attribute=value based, with different drivers for stderr, syslog, and other destinations. This came up more than 10 years ago, but there are not enough cycles to complete the design let alone implementation. Wietse
Re: Need a main.cf file for virtual users
On 4/16/2014 2:31 PM, Ziv Barber wrote: Well? First, get rid of the obvious errors in your log. On Wed, Apr 16, 2014 at 6:32 PM, Ziv Barber zivbar...@gmail.com wrote: Apr 16 21:26:17 hosted-by dovecot: master: Dovecot v2.0.9 starting up (core dumps disabled) Apr 16 21:26:27 hosted-by postfix[26422]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by protoc$ Apr 16 21:26:27 hosted-by postfix[26422]: warning: inet_protocols: configuring for IPv4 support only set in main.cf: inet_protocols = ipv4 Apr 16 21:26:28 hosted-by postfix/trivial-rewrite[26512]: warning: database /etc/postfix/virtual.db is older than source file /etc/$ looks as if you forgot to postmap /etc/postfix/virtual Remember you need to postmap the input text files to create the indexed versions used by postfix. Apr 16 21:26:28 hosted-by postfix/trivial-rewrite[26512]: fatal: open database /etc/postfix/vmail_domains.db: No such file or direc$ Looks as if you forgot to postmap /etc/postfix/vmail_domains Thanks for your help, and I hope that now gmail posting in text only mode. and please don't top-post. There may be other errors after you fix these. Read the log and fix the problems it shows. -- Noel Jones
Re: Need a main.cf file for virtual users
On 4/16/2014 3:31 PM, Ziv Barber wrote: Well? Well maybe you should read your own logs. Postfix is waiting for assistance. The warnings are pointers to reduce issues, but there is a fatal configuration error too. On Wed, Apr 16, 2014 at 6:32 PM, Ziv Barber zivbar...@gmail.com wrote: Apr 16 21:26:27 hosted-by postfix[26422]: warning: inet_protocols: IPv6 support is disabled: Address family not supported by protoc$ Apr 16 21:26:27 hosted-by postfix[26422]: warning: inet_protocols: configuring for IPv4 support only Apr 16 21:26:28 hosted-by postfix/trivial-rewrite[26512]: warning: database /etc/postfix/virtual.db is older than source file /etc/$ Apr 16 21:26:28 hosted-by postfix/trivial-rewrite[26512]: fatal: open database /etc/postfix/vmail_domains.db: No such file or direc$ Brian
Default main.cf file?
Hi, I want to try again to setup my postfix but I need the default main.cf file. Yes, I know, I had to save it before trying to play with it but... I didn't do that. Where can I download the default main.cf file? thanks, Ziv
Re: timeout after ehlo
On Wed, Apr 16, 2014 at 02:17:23PM -0500, Brian Grimal wrote: 14:04:31.425682 IP 172.16.5.8.25 206.46.173.11.19129: Flags [P.], seq 35:216, ack 32, win 46, options [nop,nop,TS val 386720906 ecr 1770681376], length 181 ...mO-..J. i.t 250-mail.A.com 250-PIPELINING 250-SIZE 3072 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN 14:04:31.445742 IP 206.46.173.11.19129 172.16.5.8.25: Flags [.], ack 216, win 33304, options [nop,nop,TS val 1770681378 ecr 386720906], length 0 ...JmO i.t The remote system ACKs the EHLO reply. After 10 seconds of silence from the remote system (see Wietse's reply about stress-dependent timeouts) your Postfix replies with a 421 timeout: 14:04:41.434870 IP 172.16.5.8.25 206.46.173.11.19129: Flags [P.], seq 216:266, ack 32, win 46, options [nop,nop,TS val 386721907 ecr 1770681378], length 50 mO,..J. ...si.t421 4.4.2 mail.A.com Error: timeout exceeded But the remote system is no longer reachable, and this reply is re-transmitted multiple times! 14:04:41.434892 IP 172.16.5.8.25 206.46.173.11.19129: Flags [F.], seq 266, ack 32, win 46, options [nop,nop,TS val 386721907 ecr 1770681378], length 0 .mOF.J. ...si.t 14:04:41.648557 IP 172.16.5.8.25 206.46.173.11.19129: Flags [P.], seq 216:266, ack 32, win 46, options [nop,nop,TS val 386721929 ecr 1770681378], length 50 mO,..J. i.t421 4.4.2 mail.A.com Error: timeout exceeded 14:04:42.088568 IP 172.16.5.8.25 206.46.173.11.19129: Flags [P.], seq 216:266, ack 32, win 46, options [nop,nop,TS val 386721973 ecr 1770681378], length 50 mO,..J. i.t421 4.4.2 mail.A.com Error: timeout exceeded Some firewall or load-balancer or similar device is losing connection state on the network path between your server and the SMTP clients. You'll have to track down the culprit. -- Viktor.
Re: Default main.cf file?
On 4/16/2014 2:44 PM, Ziv Barber wrote: Hi, I want to try again to setup my postfix but I need the default main.cf file. Yes, I know, I had to save it before trying to play with it but... I didn't do that. Where can I download the default main.cf file? thanks, Ziv The default main.cf can be found in your postfix source directory as conf/main.cf If you installed postfix as a pre-compiled package, you can grab a tarball from postfix.org and extract the main.cf from there (without installing, of course). This is not a full working configuration. See the docs for what's needed to get a working configuration. http://www.postfix.org/BASIC_CONFIGURATION_README.html http://www.postfix.org/SOHO_README.html http://www.postfix.org/STANDARD_CONFIGURATION_README.html http://www.postfix.org/documentation.html -- Noel Jones
Re: Need a main.cf file for virtual users
On Wed, Apr 16, 2014 at 8:43 PM, Brian Evans grkni...@scent-team.com wrote: Well maybe you should read your own logs. Postfix is waiting for assistance. The warnings are pointers to reduce issues, but there is a fatal configuration error too. yes: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled What's that means?
Re: timeout after ehlo
I am definitely seeing stress adaptives kick in, exactly as they should. So I do understand the reduction in postfix’ willingness to wait around for that next packet. The piece of the puzzle I’m still missing however, is what’s going on that certain mailers aren’t giving up the packet to begin with. It’s too many providers to point fingers at any one, for sure. Adding debug_peer_list = verizon in main.cf, I got this: Apr 16 13:32:20 mail postfix/smtpd[12387]: connect from vms173009pub.verizon.net[206.46.173.9] Apr 16 13:32:20 mail postfix/smtpd[12387]: match_hostname: vms173009pub.verizon.net ~? 127.0.0.0/8 Apr 16 13:32:20 mail postfix/smtpd[12387]: match_hostaddr: 206.46.173.9 ~? 127.0.0.0/8 Apr 16 13:32:20 mail postfix/smtpd[12387]: match_hostname: vms173009pub.verizon.net ~? 172.16.0.0/17 Apr 16 13:32:20 mail postfix/smtpd[12387]: match_hostaddr: 206.46.173.9 ~? 172.16.0.0/17 Apr 16 13:32:20 mail postfix/smtpd[12387]: match_hostname: vms173009pub.verizon.net ~? 204.2.DD.DDD/27 Apr 16 13:32:20 mail postfix/smtpd[12387]: match_hostaddr: 206.46.173.9 ~? 204.2.DD.DDD/27 Apr 16 13:32:20 mail postfix/smtpd[12387]: match_hostname: vms173009pub.verizon.net ~? 192.168.132.0/24 Apr 16 13:32:20 mail postfix/smtpd[12387]: match_hostaddr: 206.46.173.9 ~? 192.168.132.0/24 Apr 16 13:32:20 mail postfix/smtpd[12387]: match_hostname: vms173009pub.verizon.net ~? [::1]/128 Apr 16 13:32:20 mail postfix/smtpd[12387]: match_hostaddr: 206.46.173.9 ~? [::1]/128 Apr 16 13:32:20 mail postfix/smtpd[12387]: match_list_match: vms173009pub.verizon.net: no match Apr 16 13:32:20 mail postfix/smtpd[12387]: match_list_match: 206.46.173.9: no match Apr 16 13:32:20 mail postfix/smtpd[12387]: auto_clnt_open: connected to private/anvil Apr 16 13:32:20 mail postfix/smtpd[12387]: send attr request = connect Apr 16 13:32:20 mail postfix/smtpd[12387]: send attr ident = smtp:206.46.173.9 Apr 16 13:32:20 mail postfix/smtpd[12387]: private/anvil: wanted attribute: status Apr 16 13:32:20 mail postfix/smtpd[12387]: input attribute name: status Apr 16 13:32:20 mail postfix/smtpd[12387]: input attribute value: 0 Apr 16 13:32:20 mail postfix/smtpd[12387]: private/anvil: wanted attribute: count Apr 16 13:32:20 mail postfix/smtpd[12387]: input attribute name: count Apr 16 13:32:20 mail postfix/smtpd[12387]: input attribute value: 1 Apr 16 13:32:20 mail postfix/smtpd[12387]: private/anvil: wanted attribute: rate Apr 16 13:32:20 mail postfix/smtpd[12387]: input attribute name: rate Apr 16 13:32:20 mail postfix/smtpd[12387]: input attribute value: 1 Apr 16 13:32:20 mail postfix/smtpd[12387]: private/anvil: wanted attribute: (list terminator) Apr 16 13:32:20 mail postfix/smtpd[12387]: input attribute name: (end) Apr 16 13:32:20 mail postfix/smtpd[12387]: vms173009pub.verizon.net[206.46.173.9]: 220 mail.A.com ESMTP Postfix Apr 16 13:32:20 mail postfix/smtpd[12387]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null) Apr 16 13:32:20 mail postfix/smtpd[12387]: name_mask: noanonymous Apr 16 13:32:20 mail postfix/smtpd[12387]: watchdog_pat: 0x1a6d430 Apr 16 13:32:20 mail postfix/smtpd[12387]: vms173009pub.verizon.net[206.46.173.9]: EHLO vms173009pub.verizon.net Apr 16 13:32:20 mail postfix/smtpd[12387]: vms173009pub.verizon.net[206.46.173.9]: 250-mail.A.com Apr 16 13:32:20 mail postfix/smtpd[12387]: vms173009pub.verizon.net[206.46.173.9]: 250-PIPELINING Apr 16 13:32:20 mail postfix/smtpd[12387]: vms173009pub.verizon.net[206.46.173.9]: 250-SIZE 3072 Apr 16 13:32:20 mail postfix/smtpd[12387]: vms173009pub.verizon.net[206.46.173.9]: 250-VRFY Apr 16 13:32:20 mail postfix/smtpd[12387]: vms173009pub.verizon.net[206.46.173.9]: 250-ETRN Apr 16 13:32:20 mail postfix/smtpd[12387]: vms173009pub.verizon.net[206.46.173.9]: 250-STARTTLS Apr 16 13:32:20 mail postfix/smtpd[12387]: vms173009pub.verizon.net[206.46.173.9]: 250-AUTH LOGIN PLAIN Apr 16 13:32:20 mail postfix/smtpd[12387]: match_list_match: vms173009pub.verizon.net: no match Apr 16 13:32:20 mail postfix/smtpd[12387]: match_list_match: 206.46.173.9: no match Apr 16 13:32:20 mail postfix/smtpd[12387]: vms173009pub.verizon.net[206.46.173.9]: 250-AUTH=LOGIN PLAIN Apr 16 13:32:20 mail postfix/smtpd[12387]: vms173009pub.verizon.net[206.46.173.9]: 250-ENHANCEDSTATUSCODES Apr 16 13:32:20 mail postfix/smtpd[12387]: vms173009pub.verizon.net[206.46.173.9]: 250-8BITMIME Apr 16 13:32:20 mail postfix/smtpd[12387]: vms173009pub.verizon.net[206.46.173.9]: 250 DSN Apr 16 13:32:20 mail postfix/smtpd[12387]: watchdog_pat: 0x1a6d430 Apr 16 13:37:20 mail postfix/smtpd[12387]: vms173009pub.verizon.net[206.46.173.9]: 421 4.4.2 mail.A.com Error: timeout exceeded Apr 16 13:37:20 mail postfix/smtpd[12387]: match_hostname: vms173009pub.verizon.net ~? 127.0.0.0/8 Apr 16 13:37:20 mail postfix/smtpd[12387]: match_hostaddr: 206.46.173.9 ~? 127.0.0.0/8 Apr 16 13:37:20 mail postfix/smtpd[12387]: match_hostname: vms173009pub.verizon.net ~? 172.16.0.0/17 Apr 16
Re: timeout after ehlo
There is a regular ol’ iptables/linux box in front of this doing nat and state matching, didn’t think to poke around there. Thanks for the tip. Brian On Apr 16, 2014, at 2:47 PM, Viktor Dukhovni postfix-us...@dukhovni.org wrote: Some firewall or load-balancer or similar device is losing connection state on the network path between your server and the SMTP clients. You'll have to track down the culprit. -- Viktor.
Re: Need a main.cf file for virtual users
On 4/16/2014 2:52 PM, Ziv Barber wrote: On Wed, Apr 16, 2014 at 8:43 PM, Brian Evans grkni...@scent-team.com wrote: Well maybe you should read your own logs. Postfix is waiting for assistance. The warnings are pointers to reduce issues, but there is a fatal configuration error too. yes: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled What's that means? This is a non-fatal warning. Your config contains the nis: map type somewhere, and your system doesn't have nis configured. Sometimes this is included as a default value of alias_maps You can confirm this by typing: postconf | grep nis: and see what comes up. If alias_maps is the culprit, you fix it by setting in main.cf: alias_maps = hash:/etc/aliases ie. remove the reference to nis: -- Noel Jones
Re: Need a main.cf file for virtual users
OK, so now I don't get any errors and it looks like dovecot can login into postifx (or something like that) because if I remove this line: virtual_transport=dovecot dovecot starting to report about auth errors, so I put it back (I wonder that this is the link between postfix and dovecot that I wonder how they talk with each other). Anyway, I'm getting this warning: warning: do not list domain mydoamin.com in BOTH mydestination and virtual_mailbox_domains I guess that this is my next problem. Where and how to make postfix to know about my domain? thanks, On Wed, Apr 16, 2014 at 9:00 PM, Noel Jones njo...@megan.vbhcs.org wrote: yes: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Re: Need a main.cf file for virtual users
On 4/16/2014 3:22 PM, Ziv Barber wrote: OK, so now I don't get any errors and it looks like dovecot can login into postifx (or something like that) because if I remove this line: virtual_transport=dovecot dovecot starting to report about auth errors, so I put it back (I wonder that this is the link between postfix and dovecot that I wonder how they talk with each other). You can read the docs of what that parameter does. http://www.postfix.org/postconf.5.html#virtual_transport This is where you've told postfix to use dovecot for mailbox delivery. It seems quite unlikely removing this would cause dovecot auth errors; look elsewhere for your dovecot problem. (Removing it may cause other errors, such as postfix not being able to deliver mail -- but that will be logged by postfix, not dovecot.) Anyway, I'm getting this warning: warning: do not list domain mydoamin.com in BOTH mydestination and virtual_mailbox_domains I guess that this is my next problem. Where and how to make postfix to know about my domain? Perhaps surprisingly, the warning means you shouldn't list the same domain name in both mydestination and virtual_mailbox_domains. Where to list the domain depends on what kind of domain it is -- that is, how the users are defined and how the mail is delivered. http://www.postfix.org/ADDRESS_CLASS_README.html -- Noel Jones
Re: Need a main.cf file for virtual users
OK Now there are no errors but 1. I can see on the log a strange post of some mail (I guess) from double-bounce@ to root@! What's going on? 2. When I try to read emails via dovecot I got no mails. Why is that? 3. Where postfix storing the emails? 4. Do I have to add the domain name to the user name when configuring POP3? Sorry about all the questions, I'm newbie to the black magic of postfix/dovecot. thanks, Ziv On Wed, Apr 16, 2014 at 9:42 PM, Noel Jones njo...@megan.vbhcs.org wrote: Where to list the domain depends on what kind of domain it is -- that is, how the users are defined and how the mail is delivered. http://www.postfix.org/ADDRESS_CLASS_README.html -- Noel Jones
Re: timeout after ehlo
Viktor - you nailed it. Not certain why just yet, but for a certain subset of hosts, iptables is failing to pass packets containing the mail from:addr line. After a certain number of (TCP) retries, some will be successful. nf_conntrack isn’t hitting its limits or anything obvious (far from it), so the hunt continues. Thank you again. Wietse - nothing wrong with postfix. Brian On Apr 16, 2014, at 2:56 PM, Brian Grimal br...@grimal.com wrote: There is a regular ol’ iptables/linux box in front of this doing nat and state matching, didn’t think to poke around there. Thanks for the tip. Brian On Apr 16, 2014, at 2:47 PM, Viktor Dukhovni postfix-us...@dukhovni.org wrote: Some firewall or load-balancer or similar device is losing connection state on the network path between your server and the SMTP clients. You'll have to track down the culprit. -- Viktor.
Re: Need a main.cf file for virtual users
OK I missed that out: postfix reporting a problem: (connect to mydomain.com[/var/lib/imap/socket/lmtp]: No such file or directory) How to fix that? thanks, Ziv
Re: Need a main.cf file for virtual users
* Ziv Barber zivbar...@gmail.com: OK I missed that out: postfix reporting a problem: (connect to mydomain.com[/var/lib/imap/socket/lmtp]: No such file or directory) How to fix that? Read documentation? -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
postfix, use a custom mysql user table to reject messages
Hi postfixers, To send fewer email bounce messages, I would like to reject messages at the SMTP session if either the user doesn't exist, or the user has exceeded their quota. My mail setup is a bit different in that I only use postfix for receiving messages, user accounts and local storage is handled completely outside of postfix. What I do have is a custom mysql table that lists usernames in my mail system, and whether they have exceeded quota or not. I can of course reformat this table or duplicate it. Is there a way to have postfix look in this mysql table, verify the user exists and is not over quota, and then reject or accept the message within the SMTP session? Looking through the docs, there doesn't appear to be an out of the box way to do this, but perhaps there is a way to take advantage of how postfix currently does its user lookup at this stage of message processing to achieve this functionality? Or is my only option to go in and modify the source code? Cheers, Andy
Re: Need a main.cf file for virtual users
One small question, if you can answer me: For every user, do I have to create real unix user? So... for every user I have to: 1. Add it to the virtual file. 2. Create a unix user. 3. Add it to the dovecot user lists file. Right? On Wed, Apr 16, 2014 at 10:55 PM, Patrick Ben Koetter p...@sys4.de wrote: * Ziv Barber zivbar...@gmail.com: OK I missed that out: postfix reporting a problem: (connect to mydomain.com[/var/lib/imap/socket/lmtp]: No such file or directory) How to fix that? Read documentation? -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Almost working: I can send a mail, I can't get it via pop3 (no errors)
postfix saying that mail delivered but when I'm trying to check my mail, dovecot saying that the mailbox is empty. I do set local_recipient_maps to noting (as I found out that I need to do). Now I get no errors but no mails. Please, I almost make it to work. What is the secret configuration to make it to work? thanks, Ziv
Re: postfix, use a custom mysql user table to reject messages
Andy Yen: Hi postfixers, To send fewer email bounce messages, I would like to reject messages at the SMTP session if either the user doesn't exist, or the user has exceeded their quota. My mail setup is a bit different in that I only use postfix for receiving messages, user accounts and local storage is handled completely outside of postfix. What I do have is a custom mysql table that lists usernames in my mail system, and whether they have exceeded quota or not. I can of course reformat this table or duplicate it. You configure the domain in relay_domains, and you configure the valid recipients with relay_recipient_maps. Is there a way to have postfix look in this mysql table, verify the user exists and is not over quota, and then reject or accept the message within the SMTP session? You provide the query according to the rules in the Postfix mysql_table(5) manpage, and return the information that is needed by relay_recipient_maps. http://www.postfix.org/postconf.5.html#relay_recipient_maps See also the domain pseudo-parameter in mysql_table(5) to cut down on the number of MySQL database queries. I suggest starting with a hash map and make it work for some users, then using the instructions in http://www.postfix.org/DATABASE_README.html to make the transition to MySQL. Wietse
Re: Almost working: I can send a mail, I can't get it via pop3 (no errors)
Ziv Barber: postfix saying that mail delivered but when I'm trying to check my mail, dovecot saying that the mailbox is empty. What is the complete unabridged logfile record? You can replace the recipient address with XXX@YYY. Please, I almost make it to work. What is the secret configuration to make it to work? Please, don't be silly. Wietse
Re: Almost working: I can send a mail, I can't get it via pop3 (no errors)
Ziv Barber: I don't know how it should work but: postfix is saving the emails into /var/mail/user name file. I can see all the mails there - no problems. So you have configured Postfix to deliver mail, not Dovecot. dovecot is reading the emails from the directory ~/mail So you have two systems that expect mail to be in different places. You need to configure one or the other, or perhaps you need to configure Postfix that it should let Dovecot deliver the mail. That's the missing part - how dovecot know from where to read my emails? This is the POSTFIX mailing list, not DOVECOT. Wietse
Re: Almost working: I can send a mail, I can't get it via pop3 (no errors)
On Thu, Apr 17, 2014 at 1:14 AM, Wietse Venema wie...@porcupine.org wrote: So you have two systems that expect mail to be in different places. You need to configure one or the other, or perhaps you need to configure Postfix that it should let Dovecot deliver the mail. This is the POSTFIX mailing list, not DOVECOT. Yes yes... but I'm asking a general question: How a POP3 server (not only dovecot) getting the emails from postfix? it must be some kind of connection from my selected pop3 server and postfix. This is a postfix question thanks, Ziv
Re: Almost working: I can send a mail, I can't get it via pop3 (no errors)
Am 17.04.2014 02:19, schrieb Ziv Barber: On Thu, Apr 17, 2014 at 1:14 AM, Wietse Venema wie...@porcupine.org wrote: So you have two systems that expect mail to be in different places. You need to configure one or the other, or perhaps you need to configure Postfix that it should let Dovecot deliver the mail. This is the POSTFIX mailing list, not DOVECOT. Yes yes... but I'm asking a general question: How a POP3 server (not only dovecot) getting the emails from postfix? it must be some kind of connection from my selected pop3 server and postfix. This is a postfix question no, it is a matter of RTFM and Google https://www.google.at/search?q=postfix+dovecot http://wiki2.dovecot.org/LMTP http://wiki2.dovecot.org/LDA
Re: log format (feature request)
On 16 avr. 2014, at 21:39, Wietse Venema wrote: Patrick Proniewski: That would be really awesome if Postfix could log into a structured format. I'm thinking about JSON, because that's what logstash/elasticsearch eats. But any key=value output is fine. Any plan about such a feature/option on the roadmap ? This requires a new logging abstraction, for example attribute=value based, with different drivers for stderr, syslog, and other destinations. This came up more than 10 years ago, but there are not enough cycles to complete the design let alone implementation. I did not realized it would be so time-consuming. I wish I could offer my help on that, but I'm unable to write a single line of code. Do you think it would be relevant to launch a crowd-funding campaign so that you or a trusted Postfix contributor could get paid to work on that? I'm pretty confident some logstash users would invest. Patrick