Re: Would Postfix accept decimal values in main.cf?
Thanks. I was thinking in general. On 01/29/2015 05:34 PM, Noel Jones wrote: On 1/29/2015 10:24 AM, Istvan Prosinger wrote: Hello, As in the subject. Something like, maximal_queue_lifetime = 0.5d This was the first parameter that came to my mind, for example (don't look for sense). I was wondering if Postfix would accept vaules like this. Regards, Istvan No. Only whole numbers in the range given in the docs. In the case of maximal_queue_lifetime, the unit can also be specified with h m or s, so 2.5 days could be specified as 60h Is there some specific value you need to adjust, or you just fishing? -- Noel Jones
Re: A strange problem when adding DSPAM to Postfix
I always intend to understand configs that I take from examples. The problem is, almost all examples describing master.cf say to put the string: -o content_filter=lmtp:unix:/var/run/dspam.sock under smtp inet n - n - - smtpd In my setup, if I do so, it accomplishes nothing: DSPAM doesn't tag headers at all. What worked in my case for local mails, was the same string -o content_filter=lmtp:unix:/var/run/dspam.sock under smtps inet n - n - - smtpd Then DSPAM started to tag headers for mail from local users. I don't know why this happens, maybe it's because of SSL configs in Postfix? (However, I've provided main.cf, is there something wrong?) But if my current way of applying a content filter is not correct, then with correct config like in examples: smtp inet n - n - - smtpd -o content_filter=lmtp:unix:/var/run/dspam.sock DSPAM just doesn't tag any header. We can describe the problem in this way, if you wish. I have neither separate Posfix instances, nor additional mail server for now. The only configs I didn't provide now is Dovecot configs, but if you suspect that they can cause my problems, I can provide those configs also. 2015-01-29 20:29 GMT+04:00 Noel Jones njo...@megan.vbhcs.org: The fix I provided is correct. If it doesn't work, then either you are editing the wrong postfix config or you have some additional problem. -- Noel Jones On 1/29/2015 10:19 AM, Орхан Ибад-оглы Гасымов wrote: That string does nothing when uncommented. Previously it was uncommented, but then DSPAM didn't tag headers at all. Then I copied that string under string starting with smtps (as you can see in master.cf http://master.cf), and DSPAM started to tag mails from local users, but not from outer domains. After that I commented out the first string (the one that you were talking about), to see if anything changes, and nothing changed. In short: if I uncomment that string, the situation doesn't change, but if I remove identical string currently put under smtps, then DSPAM won't tag even local mail. Отправлено от Blue Mail http://r.bluemailapp.com На 29.01.2015, в 18:43, Noel Jones njo...@megan.vbhcs.org mailto:njo...@megan.vbhcs.org написал:п On 1/29/2015 7:32 AM, Орхан Ибад-оглы Гасымов wrote: 2. master.cf http://master.cf http://master.cf: # # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # smtp inet n - n - - smtpd # -o content_filter=lmtp:unix:/var/run/dspam.sock You commented out the content_filter setting for mail arriving from the internet. Remove the #, but be sure to leave some spaces before the -o then restart postfix. -- Noel Jones
Re: A strange problem when adding DSPAM to Postfix
The fix I provided is correct. If it doesn't work, then either you are editing the wrong postfix config or you have some additional problem. -- Noel Jones On 1/29/2015 10:19 AM, Орхан Ибад-оглы Гасымов wrote: That string does nothing when uncommented. Previously it was uncommented, but then DSPAM didn't tag headers at all. Then I copied that string under string starting with smtps (as you can see in master.cf http://master.cf), and DSPAM started to tag mails from local users, but not from outer domains. After that I commented out the first string (the one that you were talking about), to see if anything changes, and nothing changed. In short: if I uncomment that string, the situation doesn't change, but if I remove identical string currently put under smtps, then DSPAM won't tag even local mail. Отправлено от Blue Mail http://r.bluemailapp.com На 29.01.2015, в 18:43, Noel Jones njo...@megan.vbhcs.org mailto:njo...@megan.vbhcs.org написал:п On 1/29/2015 7:32 AM, Орхан Ибад-оглы Гасымов wrote: 2. master.cf http://master.cf http://master.cf: # # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # smtp inet n - n - - smtpd # -o content_filter=lmtp:unix:/var/run/dspam.sock You commented out the content_filter setting for mail arriving from the internet. Remove the #, but be sure to leave some spaces before the -o then restart postfix. -- Noel Jones
Re: Would Postfix accept decimal values in main.cf?
On 1/29/2015 10:24 AM, Istvan Prosinger wrote: Hello, As in the subject. Something like, maximal_queue_lifetime = 0.5d This was the first parameter that came to my mind, for example (don't look for sense). I was wondering if Postfix would accept vaules like this. Regards, Istvan No. Only whole numbers in the range given in the docs. In the case of maximal_queue_lifetime, the unit can also be specified with h m or s, so 2.5 days could be specified as 60h Is there some specific value you need to adjust, or you just fishing? -- Noel Jones
Re: A strange problem when adding DSPAM to Postfix
Am 29.01.2015 um 17:52 schrieb Орхан Ибад-оглы Гасымов: But if my current way of applying a content filter is not correct, then with correct config like in examples: smtp inet n - n - - smtpd -o content_filter=lmtp:unix:/var/run/dspam.sock if you write it taht way it is completly wrong smtp inet n - n - - smtpd -o content_filter=lmtp:unix:/var/run/dspam.sock versus smtp inet n - n - - smtpd -o content_filter=lmtp:unix:/var/run/dspam.sock the space before -o means the previous line is continued what you really want to achieve is the following and the breaks with ident are for better readability smtp inet n - n - - smtpd -o content_filter=lmtp:unix:/var/run/dspam.sock
Re: A strange problem when adding DSPAM to Postfix
In the configs I use all spacings properly (as you could see, if you had a glance at them). It's just my mail client deletes spaces if they are the first character of a string. Once again: the problem is that if I use this in master.cf: smtp inet n - n - - smtpd -o content_filter=lmtp:unix:/var/run/dspam.sock (with a space before -o) DSPAM doesn't tag any header. If I use this: smtps inet n - n - - smtpd -o content_filter=lmtp:unix:/var/run/dspam.sock (with a space before -o) then DSPAM tags local mails. I can't make DSPAM tag all received mail. 2015-01-29 21:10 GMT+04:00 li...@rhsoft.net li...@rhsoft.net: Am 29.01.2015 um 17:52 schrieb Орхан Ибад-оглы Гасымов: But if my current way of applying a content filter is not correct, then with correct config like in examples: smtp inet n - n - - smtpd -o content_filter=lmtp:unix:/var/run/dspam.sock if you write it taht way it is completly wrong smtp inet n - n - - smtpd -o content_filter=lmtp:unix:/var/run/dspam.sock versus smtp inet n - n - - smtpd -o content_filter=lmtp:unix:/var/run/dspam.sock the space before -o means the previous line is continued what you really want to achieve is the following and the breaks with ident are for better readability smtp inet n - n - - smtpd -o content_filter=lmtp:unix:/var/run/dspam.sock
Re: A strange problem when adding DSPAM to Postfix
Personally for me, it's an interesting situation: DSPAM works, but tags only local mail; other mail is delivered as if there's no content filter at all. Maybe something is wrong with my master.cf file? If anyone here used Postfix with DSPAM, please take a look at my Postfix configs, I'm stuck in this situation and don't know what troubleshooting steps to take further. Thanks in advance! 2015-01-29 11:03 GMT+04:00 Орхан Ибад-оглы Гасымов gasymov...@vfmgiu.ru: I read the file postfix.txt in shared docs of DSPAM, but I can't make DSPAM insert any headers into mails if I only specify it as a content filter under smtp in master.cf, and not under smtps. Probably my configuration files (with stripped comments) will explain everything better: dspam.conf: https://cloud.mail.ru/public/8eda6c0df06a/dspam.conf.txt master.cf: https://cloud.mail.ru/public/7a06ab781307/master.cf.txt main.cf: https://cloud.mail.ru/public/2dd1062220e2/main.cf.txt For simplicity of my first setup, I installed DSPAM on the same machine as Postfix, and configured it to use libhash_drv.so, not other DB drivers. Software versions are the latest DSPAM and Postfix installed on FreeBSD 10.0. I didn't change too many defaults in configs, but maybe I've misconfigured something so obvious that any experienced user will be able to point it out right away. Please help me to find the error, any help is highly appreciated! 2015-01-28 23:05 GMT+04:00 Орхан Ибад-оглы Гасымов gasymov...@vfmgiu.ru: ...on the dspam list are for sure more people using dspam as here - probably correct. That's why I started conversation with a question: Did anyone had this type of misconfiguration before? If nobody on this list ever used DSPAM, then there's no point to bother list users with questions about Postfix - DSPAM interaction. 2015-01-28 22:50 GMT+04:00 k...@rice.edu k...@rice.edu: On Wed, Jan 28, 2015 at 10:44:27PM +0400, Орхан Ибад-оглы Гасымов wrote: Thanks for your reply. 2. ...dspam is abandonware - thanks for an interesting piece of information. This statement is unsupported. It is not being developed agressively which seems to provoke this person. Regards, Ken
Re: A strange problem when adding DSPAM to Postfix
OK. 1. postconf -n: broken_sasl_auth_clients = yes command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id sleep 5 html_directory = /usr/local/share/doc/postfix inet_interfaces = all inet_protocols = ipv4 mail_owner = postfix mailbox_command = /usr/local/libexec/dovecot/dovecot-lda -f $SENDER -a $RECIPIENT mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man message_size_limit = 10485760 mydestination = $myhostname mydomain = XXX.az myhostname = mx2.XXX.az mynetworks = AAA.AAA.AAA.AAA/BB, CCC.CCC.CCC.CCC/DD, 127.0.0.1/32 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = inet:here_is_the_address_of_imap.XXX.az:666 smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_CAfile = /usr/local/etc/postfix/certs/root-ca.crt smtpd_tls_cert_file = /usr/local/etc/postfix/certs/smtp.XXX.az.crt smtpd_tls_key_file = /usr/local/etc/postfix/certs/smtp.XXX.az.key smtpd_tls_received_header = yes smtpd_use_tls = yes unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/ mysql_virtual_alias_maps.cf virtual_gid_maps = static:1981 virtual_mailbox_base = /pool/mail virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/ mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/ mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 1981 virtual_uid_maps = static:1981 2. master.cf: # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - n - - smtpd # -o content_filter=lmtp:unix:/var/run/dspam.sock #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy #submission inet n - n - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd # -o syslog_name=postfix/smtps -o content_filter=lmtp:unix:/var/run/dspam.sock -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o broken_sasl_auth_clients=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickupunix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgrunix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounceunix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verifyunix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix -
Re: A strange problem when adding DSPAM to Postfix
please don't top-post and don't link to external ressources especially not ones require javascript * output of pstconf -n * master.cf * directly into the mail the whole sentence with unders smtp and not under smtps makes no sense Am 29.01.2015 um 11:25 schrieb Орхан Ибад-оглы Гасымов: Personally for me, it's an interesting situation: DSPAM works, but tags only local mail; other mail is delivered as if there's no content filter at all. Maybe something is wrong with my master.cf http://master.cf file? If anyone here used Postfix with DSPAM, please take a look at my Postfix configs, I'm stuck in this situation and don't know what troubleshooting steps to take further. 2015-01-29 11:03 GMT+04:00 Орхан Ибад-оглы Гасымов gasymov...@vfmgiu.ru mailto:gasymov...@vfmgiu.ru: I read the file postfix.txt in shared docs of DSPAM, but I can't make DSPAM insert any headers into mails if I only specify it as a content filter under smtp in master.cf http://master.cf, and not under smtps. Probably my configuration files (with stripped comments) will explain everything better: dspam.conf: https://cloud.mail.ru/public/8eda6c0df06a/dspam.conf.txt master.cf http://master.cf: https://cloud.mail.ru/public/7a06ab781307/master.cf.txt main.cf http://main.cf: https://cloud.mail.ru/public/2dd1062220e2/main.cf.txt For simplicity of my first setup, I installed DSPAM on the same machine as Postfix, and configured it to use libhash_drv.so, not other DB drivers. Software versions are the latest DSPAM and Postfix installed on FreeBSD 10.0. I didn't change too many defaults in configs, but maybe I've misconfigured something so obvious that any experienced user will be able to point it out right away. Please help me to find the error, any help is highly appreciated! 2015-01-28 23:05 GMT+04:00 Орхан Ибад-оглы Гасымов gasymov...@vfmgiu.ru mailto:gasymov...@vfmgiu.ru: ...on the dspam list are for sure more people using dspam as here - probably correct. That's why I started conversation with a question: Did anyone had this type of misconfiguration before? If nobody on this list ever used DSPAM, then there's no point to bother list users with questions about Postfix - DSPAM interaction. 2015-01-28 22:50 GMT+04:00 k...@rice.edu mailto:k...@rice.edu k...@rice.edu mailto:k...@rice.edu: On Wed, Jan 28, 2015 at 10:44:27PM +0400, Орхан Ибад-оглы Гасымов wrote: Thanks for your reply. 2. ...dspam is abandonware - thanks for an interesting piece of information. This statement is unsupported. It is not being developed agressively which seems to provoke this person.
Re: A strange problem when adding DSPAM to Postfix
On 1/29/2015 10:52 AM, Орхан Ибад-оглы Гасымов wrote: I always intend to understand configs that I take from examples. The problem is, almost all examples describing master.cf http://master.cf say to put the string: -o content_filter=lmtp:unix:/var/run/dspam.sock under smtp inet n - n - - smtpd Yes, that is the correct way to enable a content filter for mail coming from the internet. Note the second line must be indented with at least one space character. Your dspam filter will certainly never work without this line. In my setup, if I do so, it accomplishes nothing: DSPAM doesn't tag headers at all. What worked in my case for local mails, was the same string -o content_filter=lmtp:unix:/var/run/dspam.sock under smtps inet n - n - - smtpd Then DSPAM started to tag headers for mail from local users. Yes, that enables the same content filter for mail arriving via the smtps port 465. That shows you postfix really does call dspam when told to. Once you eliminate the possibility of master.cf syntax errors, then the problem is outside postfix and you need to look at your dspam logging and config. -- Noel Jones
Re: Would Postfix accept decimal values in main.cf?
Istvan Prosinger: Hello, As in the subject. Something like, maximal_queue_lifetime = 0.5d It accepts the values as documented (this may take some getting used to). As Noel noted, times can be specified in seconds to weeks. Wietse This was the first parameter that came to my mind, for example (don't look for sense). I was wondering if Postfix would accept vaules like this. Regards, Istvan
Re: A strange problem when adding DSPAM to Postfix
This message was really informative, thanks. Actually in my configs I use spaces where needed, it's just my mail client deletes spases if they are the first character of a sentence. I didn't find anything useful in DSPAM logs, but I'll take a second look at them tomorrow. The only thing I'd like to ask now is: is it possible with Postfix to redirect mail from port 25 to port 465? If yes, I'd like to check such a setup. 2015-01-29 21:39 GMT+04:00 Noel Jones njo...@megan.vbhcs.org: On 1/29/2015 10:52 AM, Орхан Ибад-оглы Гасымов wrote: I always intend to understand configs that I take from examples. The problem is, almost all examples describing master.cf http://master.cf say to put the string: -o content_filter=lmtp:unix:/var/run/dspam.sock under smtp inet n - n - - smtpd Yes, that is the correct way to enable a content filter for mail coming from the internet. Note the second line must be indented with at least one space character. Your dspam filter will certainly never work without this line. In my setup, if I do so, it accomplishes nothing: DSPAM doesn't tag headers at all. What worked in my case for local mails, was the same string -o content_filter=lmtp:unix:/var/run/dspam.sock under smtps inet n - n - - smtpd Then DSPAM started to tag headers for mail from local users. Yes, that enables the same content filter for mail arriving via the smtps port 465. That shows you postfix really does call dspam when told to. Once you eliminate the possibility of master.cf syntax errors, then the problem is outside postfix and you need to look at your dspam logging and config. -- Noel Jones
Re: A strange problem when adding DSPAM to Postfix
Am 29.01.2015 um 19:03 schrieb Орхан Ибад-оглы Гасымов: This message was really informative, thanks. Actually in my configs I use spaces where needed, it's just my mail client deletes spases if they are the first character of a sentence. I didn't find anything useful in DSPAM logs, but I'll take a second look at them tomorrow. The only thing I'd like to ask now is: is it possible with Postfix to redirect mail from port 25 to port 465? If yes, I'd like to check such a setup. that makes no sense at all postfix listens on both and receives incoming mail, that's it port 465 is *smtp over ssl* and only useable for *mail clients* no MTA can deliver mail over the wrapper mode nor will any MTA connect to something else than 25 frankly i don't get the idea apply the contentfilter at all on 465 because that can only be a MUA for submission and is not incoming mail at all (outgoing mail needs a complete different ruleset hence you normally have different machines for MX and for submission) 2015-01-29 21:39 GMT+04:00 Noel Jones njo...@megan.vbhcs.org mailto:njo...@megan.vbhcs.org: On 1/29/2015 10:52 AM, Орхан Ибад-оглы Гасымов wrote: I always intend to understand configs that I take from examples. The problem is, almost all examples describing master.cf http://master.cf http://master.cf say to put the string: -o content_filter=lmtp:unix:/var/run/dspam.sock under smtp inet n - n - - smtpd Yes, that is the correct way to enable a content filter for mail coming from the internet. Note the second line must be indented with at least one space character. Your dspam filter will certainly never work without this line. In my setup, if I do so, it accomplishes nothing: DSPAM doesn't tag headers at all. What worked in my case for local mails, was the same string -o content_filter=lmtp:unix:/var/run/dspam.sock under smtps inet n - n - - smtpd Then DSPAM started to tag headers for mail from local users. Yes, that enables the same content filter for mail arriving via the smtps port 465. That shows you postfix really does call dspam when told to. Once you eliminate the possibility of master.cf http://master.cf syntax errors, then the problem is outside postfix and you need to look at your dspam logging and config
Re: A strange problem when adding DSPAM to Postfix
On 1/29/2015 7:32 AM, Орхан Ибад-оглы Гасымов wrote: 2. master.cf http://master.cf: # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - n - - smtpd # -o content_filter=lmtp:unix:/var/run/dspam.sock You commented out the content_filter setting for mail arriving from the internet. Remove the #, but be sure to leave some spaces before the -o then restart postfix. -- Noel Jones
Would Postfix accept decimal values in main.cf?
Hello, As in the subject. Something like, maximal_queue_lifetime = 0.5d This was the first parameter that came to my mind, for example (don't look for sense). I was wondering if Postfix would accept vaules like this. Regards, Istvan
Re: A strange problem when adding DSPAM to Postfix
That string does nothing when uncommented. Previously it was uncommented, but then DSPAM didn't tag headers at all. Then I copied that string under string starting with smtps (as you can see in master.cf), and DSPAM started to tag mails from local users, but not from outer domains. After that I commented out the first string (the one that you were talking about), to see if anything changes, and nothing changed. In short: if I uncomment that string, the situation doesn't change, but if I remove identical string currently put under smtps, then DSPAM won't tag even local mail. Отправлено от Blue Mail На 18:43, 29.01.2015, в 18:43, Noel Jones njo...@megan.vbhcs.org написал:пOn 1/29/2015 7:32 AM, Орхан Ибад-оглы Гасымов wrote: 2. master.cf http://master.cf: # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - n - - smtpd # -o content_filter=lmtp:unix:/var/run/dspam.sock You commented out the content_filter setting for mail arriving from the internet. Remove the #, but be sure to leave some spaces before the -o then restart postfix. -- Noel Jones
Re: Postfix SMTP mail is sent to SPAM
El 29/01/2015 a las 18:46, Aravindhan escribió: I have installed postfix mail server in ubuntu machine. I configured the mail server as well as DNS properly. Mails are sent from our mail server properly, but all the mails are listed in the spam folder(in Yahoo Outlook). It is listing properly in the inbox in Gmail. I have implemented the following methodologies to prevent the SPAM, which is as follows, * SPF * DKIM * Domain Keys After the above implementation, Headers of the email is as follows, Authentication-Results: hotmail.com; spf=pass (sender IP is xx.xx.xx.xx) smtp.mailfrom=t...@maildomain.com; dkim=pass header.d=maildomain.com; x-hmca=pass header.id=t...@maildomain.com DomainKey-Signature: a=rsa-sha1; s=mail; d=maildomain.com; c=simple; q=dns; b=key DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=maildomain.com;s=mail; t=1422532895;bh=W+pft8+RS+1CGEuNXIA20Br1EeZE1qaANUx3o6nvb3E=;h=From: To:Subject:From;b=key I have checked the several email testing service to detect why our emails are marked as spam and the result is as follows, * Sent the mail to the check-a...@verifier.port25.com and got the authentication report mail. == Summary of Results == SPF check: pass DomainKeys check: pass DKIM check: pass Sender-ID check:pass SpamAssassin check: ham * Tested the email with https://www.mail-tester.com/; and got the score 9.3/10. * Checked our mail server IP address in http://whatismyipaddress.com/blacklist-check; and our IP address is not blacklisted. Note: * Mailserver hosted in Amazon EC2 instance with a static IP address (connect to internet, and all traffic ports are opened for inbound and outbound in security groups). * Mail sending service limit has been increased properly(Support query has been raised to amazon and the mail restriction has been removed in our account). * I am using self signed certificate in my Mail server. Can any one let us know, how to prevent the email sent as spam. Is there anything, we need to look into our mail server configuration? -- View this message in context: http://postfix.1071664.n5.nabble.com/Postfix-SMTP-mail-is-sent-to-SPAM-tp74232.html Sent from the Postfix Users mailing list archive at Nabble.com. Some free e-mail providers tend to establish a rather agressive policies for e-mails from not well known domains or domains that don't have a good enough reputation. This might probably block a big amount of spam, but on the other side it also sends a lot of legitime mail traffic to junk folders (in the best of cases, in other cases mails are directly rejected via 5XX). Probably this has nothing to do with your configuration, but if you want to be sure you can try to find a service that does all kind of deep checkings for you (for example, try finding 'Unlock the inbox'). If everything is ok, all you can do is tell your mail recipients to whitelist your mail so your domain gains reputation little by little. Regards, Nicolás
Re: Postfix SMTP mail is sent to SPAM
On 1/29/2015 12:46 PM, Aravindhan wrote: I have installed postfix mail server in ubuntu machine. I configured the mail server as well as DNS properly. Mails are sent from our mail server properly, but all the mails are listed in the spam folder(in Yahoo Outlook). It is listing properly in the inbox in Gmail. I have implemented the following methodologies to prevent the SPAM, which is as follows, * SPF * DKIM * Domain Keys After the above implementation, Headers of the email is as follows, Authentication-Results: hotmail.com; spf=pass (sender IP is xx.xx.xx.xx) smtp.mailfrom=t...@maildomain.com; dkim=pass header.d=maildomain.com; x-hmca=pass header.id=t...@maildomain.com DomainKey-Signature: a=rsa-sha1; s=mail; d=maildomain.com; c=simple; q=dns; b=key DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=maildomain.com;s=mail; t=1422532895;bh=W+pft8+RS+1CGEuNXIA20Br1EeZE1qaANUx3o6nvb3E=;h=From: To:Subject:From;b=key I have checked the several email testing service to detect why our emails are marked as spam and the result is as follows, * Sent the mail to the check-a...@verifier.port25.com and got the authentication report mail. == Summary of Results == SPF check: pass DomainKeys check: pass DKIM check: pass Sender-ID check:pass SpamAssassin check: ham * Tested the email with https://www.mail-tester.com/; and got the score 9.3/10. * Checked our mail server IP address in http://whatismyipaddress.com/blacklist-check; and our IP address is not blacklisted. Note: * Mailserver hosted in Amazon EC2 instance with a static IP address (connect to internet, and all traffic ports are opened for inbound and outbound in security groups). * Mail sending service limit has been increased properly(Support query has been raised to amazon and the mail restriction has been removed in our account). * I am using self signed certificate in my Mail server. Can any one let us know, how to prevent the email sent as spam. Is there anything, we need to look into our mail server configuration? Sounds as if you're doing every thing right. Make sure your IP has correct FCrDNS. Looks as if your SPF and DKIM are working. Does anyone still use DomainKeys? Not sure that adds any value. Some of the freemail providers will spam-tag perfect mail from new domains and/or new IP addresses, especially if a large amount of mail shows up from that new domain or IP. For some undefined value of large. See if you can sign up for the bulk mail feedback loop or whatever bulk sender programs they might have at hotmail or yahoo. Only the receiving system can answer why some specific mail was marked as spam, all we can do is guess. -- Noel Jones
Postfix SMTP mail is sent to SPAM
I have installed postfix mail server in ubuntu machine. I configured the mail server as well as DNS properly. Mails are sent from our mail server properly, but all the mails are listed in the spam folder(in Yahoo Outlook). It is listing properly in the inbox in Gmail. I have implemented the following methodologies to prevent the SPAM, which is as follows, * SPF * DKIM * Domain Keys After the above implementation, Headers of the email is as follows, Authentication-Results: hotmail.com; spf=pass (sender IP is xx.xx.xx.xx) smtp.mailfrom=t...@maildomain.com; dkim=pass header.d=maildomain.com; x-hmca=pass header.id=t...@maildomain.com DomainKey-Signature: a=rsa-sha1; s=mail; d=maildomain.com; c=simple; q=dns; b=key DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=maildomain.com;s=mail; t=1422532895;bh=W+pft8+RS+1CGEuNXIA20Br1EeZE1qaANUx3o6nvb3E=;h=From: To:Subject:From;b=key I have checked the several email testing service to detect why our emails are marked as spam and the result is as follows, * Sent the mail to the check-a...@verifier.port25.com and got the authentication report mail. == Summary of Results == SPF check: pass DomainKeys check: pass DKIM check: pass Sender-ID check:pass SpamAssassin check: ham * Tested the email with https://www.mail-tester.com/; and got the score 9.3/10. * Checked our mail server IP address in http://whatismyipaddress.com/blacklist-check; and our IP address is not blacklisted. Note: * Mailserver hosted in Amazon EC2 instance with a static IP address (connect to internet, and all traffic ports are opened for inbound and outbound in security groups). * Mail sending service limit has been increased properly(Support query has been raised to amazon and the mail restriction has been removed in our account). * I am using self signed certificate in my Mail server. Can any one let us know, how to prevent the email sent as spam. Is there anything, we need to look into our mail server configuration? -- View this message in context: http://postfix.1071664.n5.nabble.com/Postfix-SMTP-mail-is-sent-to-SPAM-tp74232.html Sent from the Postfix Users mailing list archive at Nabble.com.
What is my self-made TLS problem for Postfix to Postfix transport TLS not available due to local problem ?
Bleh. I think I am tired and making worse and worse mistakes. May be I need to make a step away for some time. :-( I have made some change that I cannot find and have an error now I do not see or know the cause for. I made a Postfix instance for getting mail with Postscreen and recipient verify steps, and some of the recipient restrictions for smtpd. It is named 'pf-in'. I also made a Postfix instance for simple sending out mail. It is named 'pf-out'. The TLS is turned on to the 'Opportunistic' type with '= may' for both the instances. So I think it should use the TLS when it is available and be okay if not. On my laptop I send a test email. It sends to the 'pf-in' instance sendmail -i -f root -t EOF From: s...@srchdomain.com To: srcht...@clientdomain.com Subject: test test EOF I see the mail processing with Postscreen 'pf-in' Jan 29 19:01:08 srchsvr pf-in/postscreen[11780]: CONNECT from [XX.XX.XX.XX]:43942 to [YY.YY.YY.YY]:25 Jan 29 19:01:08 srchsvr pf-in/postscreen[11780]: WHITELISTED [XX.XX.XX.XX]:43942 Then next after the Postscreen PASS the mail goes to the internal smtpd on 'pf-in' Jan 29 19:01:08 srchsvr pf-in/smtpd[11781]: connect from unknown[XX.XX.XX.XX] Jan 29 19:01:08 srchsvr pf-in/smtpd[11781]: AB1E08F422: client=unknown[XX.XX.XX.XX] Jan 29 19:01:08 srchsvr pf-in/cleanup[11785]: AB1E08F422: message-id=20150129190108.4200d40...@srchdell.srchdomain.com Jan 29 19:01:08 srchsvr pf-in/smtpd[11781]: disconnect from unknown[XX.XX.XX.XX] And then into the queue and is send to the 'pf-out' instance Jan 29 19:01:08 srchsvr pf-in/qmgr[11632]: AB1E08F422: from=r...@srchdomain.com, size=536, nrcpt=1 (queue active) Jan 29 19:01:08 srchsvr pf-out/smtpd[11787]: connect from http://srchsvr.srchdomain.com[127.0.0.1] But now the log says Jan 29 19:01:08 srchsvr pf-in/smtp[11786]: AB1E08F422: to=srcht...@clientdomain.com, relay=127.0.0.1[127.0.0.1]:10026, delay=0.13, delays=0.11/0.01/0.02/0, dsn=4.7.0, status=deferred (TLS is required, but host 127.0.0.1[127.0.0.1] refused to start TLS: 454 4.7.0 TLS not available due to local problem) I think this says the problem is in the 'pf-out' instance but it is the 'pf-in' instance that hears it and says it in the log. I have been searching on the sentences TLS is required refused to start TLS 454 4.7.0 TLS not available due to local problem But only found some suggestions that the Certificate I use is not good. I know that it is since it uses okay in other applications. What idea can I try to fix for this crazy problem I have done myself? *S*
Re: What is my self-made TLS problem for Postfix to Postfix transport TLS not available due to local problem ?
The problem is probaly in the lines above in your log. Have you tried to reload postfix (to get a clear offset in the log) and then telnet to 127.0.0.1? Send postconf -n and we will be able to help you. p@rick * srach hndls...@tutanota.de: Bleh. I think I am tired and making worse and worse mistakes. May be I need to make a step away for some time. :-( I have made some change that I cannot find and have an error now I do not see or know the cause for. I made a Postfix instance for getting mail with Postscreen and recipient verify steps, and some of the recipient restrictions for smtpd. It is named 'pf-in'. I also made a Postfix instance for simple sending out mail. It is named 'pf-out'. The TLS is turned on to the 'Opportunistic' type with '= may' for both the instances. So I think it should use the TLS when it is available and be okay if not. On my laptop I send a test email. It sends to the 'pf-in' instance sendmail -i -f root -t EOF From: s...@srchdomain.com To: srcht...@clientdomain.com Subject: test test EOF I see the mail processing with Postscreen 'pf-in' Jan 29 19:01:08 srchsvr pf-in/postscreen[11780]: CONNECT from [XX.XX.XX.XX]:43942 to [YY.YY.YY.YY]:25 Jan 29 19:01:08 srchsvr pf-in/postscreen[11780]: WHITELISTED [XX.XX.XX.XX]:43942 Then next after the Postscreen PASS the mail goes to the internal smtpd on 'pf-in' Jan 29 19:01:08 srchsvr pf-in/smtpd[11781]: connect from unknown[XX.XX.XX.XX] Jan 29 19:01:08 srchsvr pf-in/smtpd[11781]: AB1E08F422: client=unknown[XX.XX.XX.XX] Jan 29 19:01:08 srchsvr pf-in/cleanup[11785]: AB1E08F422: message-id=20150129190108.4200d40...@srchdell.srchdomain.com Jan 29 19:01:08 srchsvr pf-in/smtpd[11781]: disconnect from unknown[XX.XX.XX.XX] And then into the queue and is send to the 'pf-out' instance Jan 29 19:01:08 srchsvr pf-in/qmgr[11632]: AB1E08F422: from=r...@srchdomain.com, size=536, nrcpt=1 (queue active) Jan 29 19:01:08 srchsvr pf-out/smtpd[11787]: connect from http://srchsvr.srchdomain.com[127.0.0.1] But now the log says Jan 29 19:01:08 srchsvr pf-in/smtp[11786]: AB1E08F422: to=srcht...@clientdomain.com, relay=127.0.0.1[127.0.0.1]:10026, delay=0.13, delays=0.11/0.01/0.02/0, dsn=4.7.0, status=deferred (TLS is required, but host 127.0.0.1[127.0.0.1] refused to start TLS: 454 4.7.0 TLS not available due to local problem) I think this says the problem is in the 'pf-out' instance but it is the 'pf-in' instance that hears it and says it in the log. I have been searching on the sentences TLS is required refused to start TLS 454 4.7.0 TLS not available due to local problem But only found some suggestions that the Certificate I use is not good. I know that it is since it uses okay in other applications. What idea can I try to fix for this crazy problem I have done myself? *S* -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Re: What is my self-made TLS problem for Postfix to Postfix transport TLS not available due to local problem ?
Hello Patrick 29. Jan 2015 19:37 by p...@sys4.de: The problem is probaly in the lines above in your log. Have you tried to reload postfix (to get a clear offset in the log) Yes many times. and then telnet to 127.0.0.1? Before I am complaining some more times I will first explore with telnet. I was only sending mails. telnet I think will make some things clear Send postconf -n and we will be able to help you. Okay I will get there. For what instance do you think? the 'in' or 'out'? Or both of them? *S*
Re: Postfix SMTP mail is sent to SPAM
Am 29.01.2015 um 20:10 schrieb Noel Jones: On 1/29/2015 12:46 PM, Aravindhan wrote: I have installed postfix mail server in ubuntu machine. I configured the mail server as well as DNS properly. Mails are sent from our mail server properly, but all the mails are listed in the spam folder(in Yahoo Outlook). It is listing properly in the inbox in Gmail. I have implemented the following methodologies to prevent the SPAM, which is as follows, * SPF * DKIM * Domain Keys After the above implementation, Headers of the email is as follows, Authentication-Results: hotmail.com; spf=pass (sender IP is xx.xx.xx.xx) smtp.mailfrom=t...@maildomain.com; dkim=pass header.d=maildomain.com; x-hmca=pass header.id=t...@maildomain.com DomainKey-Signature: a=rsa-sha1; s=mail; d=maildomain.com; c=simple; q=dns; b=key DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=maildomain.com;s=mail; t=1422532895;bh=W+pft8+RS+1CGEuNXIA20Br1EeZE1qaANUx3o6nvb3E=;h=From: To:Subject:From;b=key I have checked the several email testing service to detect why our emails are marked as spam and the result is as follows, * Sent the mail to the check-a...@verifier.port25.com and got the authentication report mail. == Summary of Results == SPF check: pass DomainKeys check: pass DKIM check: pass Sender-ID check:pass SpamAssassin check: ham * Tested the email with https://www.mail-tester.com/; and got the score 9.3/10. * Checked our mail server IP address in http://whatismyipaddress.com/blacklist-check; and our IP address is not blacklisted. Note: * Mailserver hosted in Amazon EC2 instance with a static IP address (connect to internet, and all traffic ports are opened for inbound and outbound in security groups). * Mail sending service limit has been increased properly(Support query has been raised to amazon and the mail restriction has been removed in our account). * I am using self signed certificate in my Mail server. Can any one let us know, how to prevent the email sent as spam. Is there anything, we need to look into our mail server configuration? Sounds as if you're doing every thing right. Make sure your IP has correct FCrDNS. Looks as if your SPF and DKIM are working. Does anyone still use DomainKeys? Not sure that adds any value. Some of the freemail providers will spam-tag perfect mail from new domains and/or new IP addresses, especially if a large amount of mail shows up from that new domain or IP. For some undefined value of large. See if you can sign up for the bulk mail feedback loop or whatever bulk sender programs they might have at hotmail or yahoo. Only the receiving system can answer why some specific mail was marked as spam, all we can do is guess. -- Noel Jones just one more idea add a dmarc policy, i think there is a whitelist feature at yahoo Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: What is my self-made TLS problem for Postfix to Postfix transport TLS not available due to local problem ?
srach: Jan 29 19:01:08 srchsvr pf-in/smtp[11786]: AB1E08F422: to=srcht...@clientdomain.com, relay=127.0.0.1[127.0.0.1]:10026, delay=0.13, delays=0.11/0.01/0.02/0, dsn=4.7.0, status=deferred (TLS is required, but host 127.0.0.1[127.0.0.1] refused to start TLS: 454 4.7.0 TLS not available due to local problem) The Postfix SMTP SERVER logs TLS initialization errors while the process is started. Maybe your syslog daemon logs errors in a different logfile than non-error events. Wietse
Re: Re: Re: What is my self-made TLS problem for Postfix to Postfix transport TLS not available due to local problem ?
With the testing by both telnet and openssl s_client I can see the TLS as the available option but I see too the None cipher. I am suspecting this though confusing. I will first read more on the testing with these tools and understanding the meaning of the logging reply for them. I also see the idea from Wietse to look in to other location for logs reply. I did that once or more alredy but will see to that again right now. telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 http://mx.srchdomain.com ESMTP . No UCE permitted. EHLO http://test.com http://250-mx.srchdomain.com 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-STARTTLS 250-XCLIENT NAME ADDR PROTO HELO REVERSE_NAME PORT LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN telnet 127.0.0.1 10026 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 http://srchsvr.srchdomain.com ESMTP . No UCE permitted. EHLO http://test.com http://250-srchsvr.srchdomain.com 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN openssl s_client -crlf -connect 127.0.0.1:25 -starttls smtp -tls1_2 -CApath /etc/ssl/certs CONNECTED(0003) 139892197459600:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:361: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 312 bytes and written 7 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1422561244 Timeout : 7200 (sec) Verify return code: 0 (ok) --- openssl s_client -crlf -connect 127.0.0.1:10026 -starttls smtp -tls1_2 -CApath /etc/ssl/certs CONNECTED(0003) 140014293526160:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:361: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 246 bytes and written 7 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1422561276 Timeout : 7200 (sec) Verify return code: 0 (ok) --- And then I will look at my 'postconf -n' myself first too. Better to do it myself first. I must find this since I did it to myself. When I can not then I will have to be begging. Bleh again! *S*
Re: Re: Re: Re: Re: What is my self-made TLS problem for Postfix to Postfix transport TLS not available due to local problem ?
Hello Wietse 29. Jan 2015 20:49 by wie...@porcupine.org: submission inet n - n - - smtpd -o syslog_name=postfix/submission ... smtps inet n - n - - smtpd -o syslog_name=postfix/smtps ... The same could be done with the smtp service: relay unix - - n - - smtp -o syslog_name=postfix/relay That is a good advise to be reminded! For while I am doing the debugging like this and may be always too I am adding this idea to many services I clone and use. *S*
Re: Re: Re: Re: Re: Re: What is my self-made TLS problem for Postfix to Postfix transport TLS not available due to local problem ?
Hello Wietse: 29. Jan 2015 21:02 by wie...@porcupine.org: Postfix could do this automatically, but it is too late for the upcoming stable release to make such a change. Only knowing the info is good for now! If it is some day done automatically then that I think would be usefull. For that possibility I will ask one more question. When this is created in the config relay unix - - n - - smtp -o syslog_name=postfix/relay or -o syslog_name=postfix/relay2 In the logs it says ... postfix/relay/smtp ... ... postfix/relay2/smtp ... Is that all the needed infos? May be it is enough only to say ... postfix/relay ... ... postfix/relay2 ... I do not know the best for all cases but for just my debugging now it is enough infos. *S*
Re: Re: Re: Re: What is my self-made TLS problem for Postfix to Postfix transport TLS not available due to local problem ?
srach: I think it is strange in the Postfix log it is showing only the 'smtp' service name not the 'relay2' name.? It was some misdirection for me.? May be You could use the same trick as the submission and smtpd examples in master.cf: submission inet n - n - - smtpd -o syslog_name=postfix/submission ... smtps inet n - n - - smtpd -o syslog_name=postfix/smtps ... The same could be done with the smtp service: relay unix - - n - - smtp -o syslog_name=postfix/relay Wietse
Re: Re: Re: Re: Re: What is my self-made TLS problem for Postfix to Postfix transport TLS not available due to local problem ?
srach: Hello Wietse 29. Jan 2015 20:49 by wie...@porcupine.org: submission inet n - n - - smtpd -o syslog_name=postfix/submission ... smtps inet n - n - - smtpd -o syslog_name=postfix/smtps ... The same could be done with the smtp service: relay unix - - n - - smtp -o syslog_name=postfix/relay That is a good advise to be reminded!? For while I am doing the debugging like this and may be always too I am adding this idea to many services I clone and use. Postfix could do this automatically, but it is too late for the upcoming stable release to make such a change. Wietse
Re: Re: Re: Re: What is my self-made TLS problem for Postfix to Postfix transport TLS not available due to local problem ?
It is like I said that I did this to myself. I was looking under the wrong cup in the Shell Game! Yesterday I had a change to trasnport from 'pf-out' not over the open internet only over my private internet with a VPN. I did this with reading a posting from another person. I changed the http://main.cf for 'pf-out' - relay_transport = relay:[XX.XX.XX.XX]:25 + relay_transport = relay2:[192.168.1.66]:25 In the http://master.cf config for 'pf-out' there is relay unix - - n - - smtp -o smtp_bind_address=YY.YY.YY.YY relay2 unix - - n - - smtp -o smtp_bind_address=192.168.0.15 Returning the change - relay_transport = relay2:[192.168.1.66]:25 + relay_transport = relay:[XX.XX.XX.XX]:25 it is sending again with no TLS errors. I think it is some more firewall rules I need on the server so that TLS negotiation may be okay in bi-direction. But I do not yet see any DROP infos in the logs I am looking into. I think it is strange in the Postfix log it is showing only the 'smtp' service name not the 'relay2' name. It was some misdirection for me. May be it can be done to add some more labels. Thanks for the advise to look with telnet and very much watch in detail the step-by-step sending through each IP and port. Now I must understand the missing rules in the firewall. *S*
maximal_queue_lifetime not honored
We are seeing some issues with our bounce complex. This complex only handles bounces so if we can't deliver them, they are typically discarded. We are expecting mail to be removed after 30 minutes but we're queuing on the complex where some mails messages are around for 10+ hours. I am curious if anyone knows under what circumstance would the maximum queue lifetime value not have the message removed after a delivery failure attempt? Below is an example of a message where it has repeatedly logged the following: Jan 29 17:29:12 xxx-m6 postfix/smtp[28467]: 0A98F38001327: lost connection with mx3..com.ar[xxx.xxx.xx.xxx] while sending DATA command Jan 29 17:29:14 xxx-m6 postfix/smtp[28467]: warning: 0A98F38001327: non-ESMTP response from mx1.jx.com.ar[xxx.xxx.xx.xxx]:25: Has superado la cantidad de destinatarios desconocidos permitida (#5.3.0) Jan 29 17:29:14 xxx-m6 postfix/smtp[28467]: 0A98F38001327: to=xx...@x.com.ar, relay=mx1.x.com.ar[xxx.xxx.xx.xxx]:25, delay=589066, delays=588941/0/124/0.33, dsn=4.4.2, status=deferred (lost connection with mx1.xx.com.ar[xxx.xxx.xx.xxx] while sending DATA command) postconf values are queue_run_delay = 1m maximal_backoff_time = 10m maximal_queue_lifetime = 30m minimal_backoff_time = 5m smtp_cache_connection = yes smtp_connect_timeout = 2m smtp_connection_cache_on_demand = yes smtp_connection_reuse_time_limit = 2m smtp_data_done_timeout = 2m smtp_data_init_timeout = 2m smtp_data_xfer_timeout = 5m smtp_defer_if_no_mx_address_found = no smtp_helo_timeout = 2m smtp_mail_timeout = 2m smtp_quit_timeout = 2m smtp_rcpt_timeout = 2m smtp_rset_timeout = 2m smtp_xforward_timeout = 2m
Re: maximal_queue_lifetime not honored
On Thu, Jan 29, 2015 at 06:25:28PM -0500, Charles Orth wrote: maximal_queue_lifetime = 30m And bounce_queue_lifetime is? -- Viktor.
Postfix 2.12 is now Postfix 3.0
As the subject says, Postfix has been renamed, and the next stable release will be Postfix 3.0. This is the result of a mostly-mechanical edit, with human inspection after mechanical checks. Wietse
How to detect the receiving of mail for sure from only that relay and then make action only in that case?
I am working on making secure conditions on Postfix sending and receiving only relays. There are two Postfix servers in two locations. In the #1 location Postfix configuration is so that 1. Send any mail out to any server on the internet with SMTP like always 2. Relay some specifics mail to only the #2 location Postfix in to Port 25 #1 Postfix instance is doing all the Postscreen BeforeQueue filters. So when it passes to #2 server the mail with relay I want #2 server 1. Know for sure that the relay mail comes from the #1 server. A added header can be made fake so I look for a better way that is not possible to fake. 2. If from (1.) it is known for sure to be good relay from the #1 server then the #2 server must NOT do the normal scanning with Postscreen more filter. 3. Still receive normal mail from the internet to Port 25 too. Only in this case then do not bypass and do the normal scanning. In the documents Relay control, junk mail control, and per-user policies http://www.postfix.org/SMTPD_ACCESS_README.html#relay There is much discussions on the restrictions to do. Only I am concerned of the Dangerous use I read and the faking I said above. What is the good method for sure identity detection like above and then disable the scanning only in that case? *S*
Re: Re: How to detect the receiving of mail for sure from only that relay and then make action only in that case?
On Fri, Jan 30, 2015 at 05:27:59AM +, srach wrote: ?1. Know for sure that the relay mail comes from the #1 server.? A added header can be made fake so I look for a better way that is not possible to fake. Restrict access to the non-default port via TLS client certs or SASL. And I often find it easier to configure client certs, no SASL or PAM configuration nightmares. :-) With the SASL opportunity is it still true that Postfix with the Dovecot SASL where I am building Postfix with -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=dovecot is not possible to use as SASL client but only Cyrus? Indeed Dovecot only provides the (complex) server-side of SASL. The client side still requires Cyrus SASL support, so you can build with both. With the TLS client cert opportunity for authenticating my Postfix relay as client to the other mail server that is receiving the relay mail I have some small confusion. -o smtpd_tls_security_level=encrypt -o smtpd_tls_ask_ccert=yes # If all clients need a cert on this port # -o smtpd_tls_req_ccert=yes on port 587 or whatever you choose for the relay-to-relay service port. When I make the self-signed client certificate for my Postfix relay instance I have read that I must give it the email address of the 'login user' exactly so it can be a match? Nothing of the sort. Postfix access control between the relays will be by fingerprint. Just set: # Default, backwards-compatible, md5 looks bad in audits: # SHA-1 still has plenty of 2nd-preimage resistance: # smtpd_tls_fingerprint_digest = sha1 I do not know which user I must give?? Becuase there will be mail for many different users that will be relayed? I'd have said something about that if it were relevant. -- Viktor.
Re: Re: How to detect the receiving of mail for sure from only that relay and then make action only in that case?
Hello Viktor 30. Jan 2015 04:05 by postfix-us...@dukhovni.org: Save yourself a lot of complexity and use a different port for this on the destination system. You could use 587, for example. This automatically bypasses postscreen. So when it passes to #2 server the mail with relay I want #2 server ?1. Know for sure that the relay mail comes from the #1 server.? A added header can be made fake so I look for a better way that is not possible to fake. Restrict access to the non-default port via TLS client certs or SASL. Okay good advise again. With the SASL opportunity is it still true that Postfix with the Dovecot SASL where I am building Postfix with -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=dovecot is not possible to use as SASL client but only Cyrus? http://www.postfix.org/SASL_README.html#client_sasl At this time, the Dovecot SASL implementation does not provide client functionality. With the TLS client cert opportunity for authenticating my Postfix relay as client to the other mail server that is receiving the relay mail I have some small confusion. When I make the self-signed client certificate for my Postfix relay instance I have read that I must give it the email address of the 'login user' exactly so it can be a match. I do not know which user I must give? Becuase there will be mail for many different users that will be relayed. *S*
Re: How to detect the receiving of mail for sure from only that relay and then make action only in that case?
On Fri, Jan 30, 2015 at 02:43:15AM +, srach wrote: I am working on making secure conditions on Postfix sending and receiving only relays. There are two Postfix servers in two locations. In the #1 location Postfix configuration is so that ?1.? Send any mail out to any server on the internet with SMTP like always ?2.? Relay some specifics mail to only the #2 location Postfix in to Port 25 Save yourself a lot of complexity and use a different port for this on the destination system. You could use 587, for example. This automatically bypasses postscreen. So when it passes to #2 server the mail with relay I want #2 server ?1. Know for sure that the relay mail comes from the #1 server.? A added header can be made fake so I look for a better way that is not possible to fake. Restrict access to the non-default port via TLS client certs or SASL. -- Viktor.
Re: A strange problem when adding DSPAM to Postfix
When looking into Postfix messages in /var/log/maillog, I noticed that for every mail that I send between 2 mailboxes on my local server, Posfix creates messages. When I send a mail from outer server to my server, Posfix creates no messages at all (although with no DSPAM tags, mail is delivered). Is it the way it should be? 2015-01-29 22:19 GMT+04:00 li...@rhsoft.net li...@rhsoft.net: Am 29.01.2015 um 19:03 schrieb Орхан Ибад-оглы Гасымов: This message was really informative, thanks. Actually in my configs I use spaces where needed, it's just my mail client deletes spases if they are the first character of a sentence. I didn't find anything useful in DSPAM logs, but I'll take a second look at them tomorrow. The only thing I'd like to ask now is: is it possible with Postfix to redirect mail from port 25 to port 465? If yes, I'd like to check such a setup. that makes no sense at all postfix listens on both and receives incoming mail, that's it port 465 is *smtp over ssl* and only useable for *mail clients* no MTA can deliver mail over the wrapper mode nor will any MTA connect to something else than 25 frankly i don't get the idea apply the contentfilter at all on 465 because that can only be a MUA for submission and is not incoming mail at all (outgoing mail needs a complete different ruleset hence you normally have different machines for MX and for submission) 2015-01-29 21:39 GMT+04:00 Noel Jones njo...@megan.vbhcs.org mailto:njo...@megan.vbhcs.org: On 1/29/2015 10:52 AM, Орхан Ибад-оглы Гасымов wrote: I always intend to understand configs that I take from examples. The problem is, almost all examples describing master.cf http://master.cf http://master.cf say to put the string: -o content_filter=lmtp:unix:/var/run/dspam.sock under smtp inet n - n - - smtpd Yes, that is the correct way to enable a content filter for mail coming from the internet. Note the second line must be indented with at least one space character. Your dspam filter will certainly never work without this line. In my setup, if I do so, it accomplishes nothing: DSPAM doesn't tag headers at all. What worked in my case for local mails, was the same string -o content_filter=lmtp:unix:/var/run/dspam.sock under smtps inet n - n - - smtpd Then DSPAM started to tag headers for mail from local users. Yes, that enables the same content filter for mail arriving via the smtps port 465. That shows you postfix really does call dspam when told to. Once you eliminate the possibility of master.cf http://master.cf syntax errors, then the problem is outside postfix and you need to look at your dspam logging and config