Re: Rate limiting guidance needed
If it's possible to throttle based on MX record for a domain, I'd really appreciate your help. I do it with the iptables packet filter (I'm on Linux, but I suspect there are similar packages on other systems). I shuttle incoming packets of the different protocols to individual chains, then use the 'recent' module to do rate limiting on the that protocol. It works pretty well. Sometimes somebody gets a little 'trigger happy' checking email or something. But if you like them, their IP (or their ISP) can just be whitelisted. If you're talking about outgoing traffic, the same thing could be done. -- Glenn English
check if user received messages
Dear Colleagues, is it possible to check in the Postfix logs if user delete/receive message ? Or to check if message was dropped by the server ? Thanks in advance Zalezny
Min/max cipher suite configurations
RFC2595 says that TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is REQUIRED when configuring TLS for IMAP, POP AMAP. All other cipher suites are OPTIONAL. RFC4616 replaced section 6 of RFC2595, with updated info for SASL. RFC3207 obsoleted RFC247, and covers both TCP/25 and the submission port (RFC2476). It doesn't specify any REQUIRED cipher suites, like RFC2595 does for IMAP/POP/AMAP. I'm sure I'm missing out on some info, but basically I'm trying to figure out the min/max recommended cipher suite settings for POP/IMAP, as well as for STARTTLS TCP/25 TCP/587 without breaking RFCs, best practices, or cryptographers ability to sleep well. BR, Per Thorsheim
Duplicate E-mails with different ID and timestamp
Hello Colleagues, on the one of our SMTP servers we are receiving a lot of duplicate messages with different time stamp and ID. The same message(with the same content) is received at : 11:20, 13:50, 16:30. What could be a reason for it ? Could it be a problem with Postfix server on the our client side ? For example, our client Postfix server wasn't able to send message first time but for some reason our server received message. And then after two hours its tried to sent the same message again... and again. What could be a reason of duplicate messages received in the different time stamps ? Thanks in advance for any hints! Zalezny
Re: Mail sent code 250 Queued! ?
* Francis SOUYRI francis.sou...@apec.fr: Hello, On our postfix 2.10.1 we have some mails sent (?) with in the log the code 250 Queued! and not 250 OK what does it mean ? Please show the entire log line. Some OTHER server might say 250 Queued etc. - as long as it says 250 SOMETHING it's OK!
RE: IMF envelope behaviour
Sorry lads, This was to go to the dbmail user group rather than postfix. -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: 04 June 2015 16:20 To: Postfix users Subject: Re: IMF envelope behaviour Ciaran Scolard: For some reason postfix gives the IMF header priority over the actual RCPT TO: as the destination. Please share actual concrete evidence for that claim. Wietse
Mail sent code 250 Queued! ?
Hello, On our postfix 2.10.1 we have some mails sent (?) with in the log the code 250 Queued! and not 250 OK what does it mean ? Best regards. Francis
Re: Mail sent code 250 Queued! ?
On 06/05/2015 08:10 PM, Francis SOUYRI wrote: On our postfix 2.10.1 we have some mails sent (?) with in the log the code 250 Queued! and not 250 OK what does it mean ? The same, it's a direct response from the other server that you're sending to, so some may say Queued, some may say Ok, some may be in a foreign language. Different servers will have slightly different responses but they should all give a 250 code if they've accepted the message. Peter
RE: General SPAM Strategy
Hi, You can delete spam messages after N days. I wouldn't feed too much spam into sa-learn. DB is limited in performances. You need to feed ham as well. Here is a fix for (spam) messages originated from sources with Received headers causing SpamAssassin to misfire RBL checks: Received: from HOSTNAME (HELO [ip.add.re.ss]) Should be: Received: from (HOTNAME [ip.add.re.ss]) This is a fast fix I made in Postfix (not sure is perfect): Header_checks pcre file: if /^Received: / /^(Received:\s+from)\s+(.*)\s+\(([he]+lo=|[he]+lo)\s+(.*)\s+(\[.*\])\)/ REPLACE $1 $4 ($2 $5) Endif Marius. -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Michael B Allen Sent: Friday, June 5, 2015 6:34 AM To: Postfix users Subject: General SPAM Strategy Hi, I need a better spam setup. Right now I'm using spamd to mark spam and then procmail to put spam in Maildir/.Spam and then run bayes on Maildir/.LearnAsSpam once in a while manually and then I have to delete stuff once in a while manually and so on and so on ad nausium. Can someone give me a pointer to something more integrated. It seems to me it should be possible to have one process to mark spam but also close the loop by learning from spam that gets through and also cleaning up once in a while. I can't believe most people would go through all of this trouble. Do you just delete anything flagged as spam and that's it? Mike
Re: Min/max cipher suite configurations
On Fri, Jun 05, 2015 at 10:36:03AM +0200, Per Thorsheim wrote: RFC2595 says that TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is REQUIRED when configuring TLS for IMAP, POP AMAP. All other cipher suites are OPTIONAL. Time marches on, while old RFCs stay the same. I'm sure I'm missing out on some info, but basically I'm trying to figure out the min/max recommended cipher suite settings for POP/IMAP, as well as for STARTTLS TCP/25 TCP/587 without breaking RFCs, best practices, or cryptographers ability to sleep well. Postfix by default enables all ciphers, but in upcoming releases we'll disable at least EXPORT and likely also LOW (single DES). I'd recommend similarly simple settings elsewhere. Don't over-optimize the cipherlists. While this may matter for HTTPS, for email protocols overly-specific cipherlist tweaks are often counterproductive. If it were not for Exchange 2003, the simplest setting would work well across the board. To use TLS with Exchange 2003 servers, the Postfix SMTP client needs to trim enough exotic cipher suites so that RC4-SHA appears in the top 64. That tweak applies only to outbound MTA to MTA email. -- Viktor.
Re: Duplicate E-mails with different ID and timestamp
Zalezny Niezalezny: Hello Colleagues, on the one of our SMTP servers we are receiving a lot of duplicate messages with different time stamp and ID. The same message(with the same content) is received at : 11:20, 13:50, 16:30. What could be a reason for it ? Could it be a problem with Postfix server on the our client side ? For example, our client Postfix server wasn't able to send message first time but for some reason our server received message. And then after two hours its tried to sent the same message again... and again. What could be a reason of duplicate messages received in the different time stamps ? See RFC 1047, DUPLICATE MESSAGES AND SMTP, published in 1988. This can happen when the sender times out before the receiver responds to end-of-data. For example, the sender has too short timeouts, or the receiver is too slow (too many header/body_checks in Postfix, or too many DNS lookups in content filter). Wietse
Deliver email to user based on regexp match
All; I am somewhat new to Postfix, so I hope that someone has mercy on me. I need to setup a rule such that any inbound email that matches gets forwarded to a particular user. That is, I have a host, mail.acme.com and any email that contains only digits as the user (ie, 1234567...@mail.acme.com or will get forwarded to user 'foobar'. Essentially what I am doing is setting up an email to fax server and the recipient is the fax number. I have this working using sendmail but definitely most people have moved away from Sendmail in favor of Postfix and I need to support that. Any insight at all would be greatly appreciated. Thanks in Advance; John V Tech Support Tech Support VoIP Business Solutions 240-215-3479 x325 mailto:f...@voipbusiness.us supp...@voipbusiness.us
Re: Policy server sender verification
On 6/5/2015 1:29 PM, Daniel Miller wrote: June 4 2015 4:29 PM, wie...@porcupine.org wrote: Daniel Miller: Is there a way for a policy server to validate senders using Postfix's built-in authentication (like meeting permit_mynetworks and permit_sasl_authenticated)? ?Or must the necessary checks be duplicated? Let Postfix do the permit_mynetworks, permit_sasl_authenticated etc. valudation before invoking hte policy service: smtpd_xxx_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination check_policy_service protocol:endpoint ... Wietse But doesn't the permit_xxx halt processing? My fault for not being specific - I want to invoke the policy service for doing header checks, or rather header removal, but only call the policy service after the other validation checks have been passed. -- Daniel not sure how you intend to remove headers with a policy service... Anyway, you can use a check_sasl_access table to detect sasl authenticated users, but there is no equivalent test for mynetworks; that will need to be duplicated with a check_client_access table. http://www.postfix.org/postconf.5.html#check_sasl_access Alternately, you can do those tests in your policy service with the information provided by the policy protocol. If the mail doesn't qualify for processing, just answer DUNNO. -- Noel Jones
Re: Policy server sender verification
June 4 2015 4:29 PM, wie...@porcupine.org wrote: Daniel Miller: Is there a way for a policy server to validate senders using Postfix's built-in authentication (like meeting permit_mynetworks and permit_sasl_authenticated)? ?Or must the necessary checks be duplicated? Let Postfix do the permit_mynetworks, permit_sasl_authenticated etc. valudation before invoking hte policy service: smtpd_xxx_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination check_policy_service protocol:endpoint ... Wietse But doesn't the permit_xxx halt processing? My fault for not being specific - I want to invoke the policy service for doing header checks, or rather header removal, but only call the policy service after the other validation checks have been passed. -- Daniel
Re: Deliver email to user based on regexp match
On 5 Jun 2015, at 14:38, Tech Support wrote: All; I am somewhat new to Postfix, so I hope that someone has mercy on me. I need to setup a rule such that any inbound email that matches gets forwarded to a particular user. That is, I have a host, mail.acme.com and any email that contains only digits as the user (ie, 1234567...@mail.acme.com or will get forwarded to user 'foobar'. Essentially what I am doing is setting up an email to fax server and the recipient is the fax number. I have this working using sendmail but definitely most people have moved away from Sendmail in favor of Postfix and I need to support that. Any insight at all would be greatly appreciated. This can be done by pointing virtual_alias_maps at a regex or pcre table. See 'man 5 virtual', in particular the section titled REGULAR EXPRESSION TABLES
Re: check if user received messages
On 6/5/2015 1:46 AM, Zalezny Niezalezny wrote: Dear Colleagues, is it possible to check in the Postfix logs if user delete/receive message ? Or to check if message was dropped by the server ? Thanks in advance Zalezny The postfix logs will show what happened to the message during the time postfix has responsibility for it. Generally, that means you can see if the message was accepted or rejected/discarded, and where the message was was delivered. If postfix is configured to deliver to the user's mailbox, that will be logged also. At that point, postfix's responsibility for the message ends, and postfix cannot track what happens to it. -- Noel Jones
Re: Rate limiting guidance needed
On 06/05/2015 02:00 AM, Glenn English wrote: If it's possible to throttle based on MX record for a domain, I'd really appreciate your help. I do it with the iptables packet filter (I'm on Linux, but I suspect there are similar packages on other systems). I'm doing packet shaping with tc/htb on fedora. Can you share how you're doing it with iptables? Is this using fwmark? I shuttle incoming packets of the different protocols to individual chains, then use the 'recent' module to do rate limiting on the that protocol. I'm using it for outbound shaping, to avoid flooding a remote network like yahoo, but would also like to throttle incoming for imap and smtp abusers. Thanks, Alex
Re: Rate limiting guidance needed
Hi, If it's possible to throttle based on MX record for a domain, I'd really appreciate your help. Hi, Alex. I don't do it that way, but that sounds simpler than the way I do it! Interested to see what others come up with. I didn't receive any other responses. Is that because it's not possible to do it in that way, or am I missing something? I've read practically everything I could possibly find, and haven't found a better way. If you have a list of domains that you throttle and would like to share them, I'd sure appreciate it. So SPEAKING of the way I do it, I wrote a blog post back in 2012 about how I got mine working with all the Yahoo domains (that I could find at the time). http://www.stevejenkins.com/blog/2012/08/how-to-postfix-configuration-to-reduce-yahoo-deferrals-using-transport-maps/ I believe I actually had already found that, and did indeed use a few bits from it. Thanks, Alex
Re: inet_interfaces and smtp_bind_address
On 5 Jun 2015, at 16:39, Janos Dohanics wrote: Hello Postfix Experts, More important in this case: native English speakers. I want Postfix send mail from 199.233.231.177, so I set: # postconf inet_interfaces inet_interfaces = 199.233.231.177, localhost But, the mail log on the destination server says: Jun 5 13:43:52 barrida postfix/smtpd[54769]: connect from gtxd.x.rootbsd.net[162.217.113.30] So, I added to the main.cf file: # postconf smtp_bind_address smtp_bind_address = 199.233.231.177 And now Postfix sends mail from the desired IP address, 199.233.231.177. Jun 5 16:24:47 barrida postfix/smtpd[56193]: connect from unknown[199.233.231.177] But I should not need smtp_bind_address set to 199.233.231.177 as according to http://www.postfix.org/postconf.5.html#inet_interfaces When inet_interfaces specifies just one IPv4 and/or IPv6 address that is not a loopback address, the Postfix SMTP client will use this address as the IP source address for outbound mail. Evidently, I'm missing something, would you please help? Your configuration does not specify just one IPv4 and/or IPv6 address that is not a loopback address. It specifies two addresses, just one of which is not a loopback address. Those are quite different statements. It might be less open to misunderstanding if that bit said just one IPv4 and/or IPv6 address AND that address is not a loopback address but it makes for a clumsier sentence. I am unable to explain logically why the existing sentence does not say what you understood it to mean, I can only say that it's idiomatic English.
inet_interfaces and smtp_bind_address
Hello Postfix Experts, I have a FreeBSD 10.1-STABLE system with postfix-2.11.5,1. # ifconfig lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 options=63RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 inet 127.0.0.1 netmask 0xff00 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL xn0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=503RXCSUM,TXCSUM,TSO4,LRO ether 00:16:3e:7f:3b:d8 inet 162.217.113.30 netmask 0xfffc broadcast 162.217.113.31 inet 199.233.231.176 netmask 0x broadcast 199.233.231.176 inet 199.233.231.177 netmask 0x broadcast 199.233.231.177 inet 199.233.231.178 netmask 0x broadcast 199.233.231.178 inet 199.233.231.179 netmask 0x broadcast 199.233.231.179 I want Postfix send mail from 199.233.231.177, so I set: # postconf inet_interfaces inet_interfaces = 199.233.231.177, localhost But, the mail log on the destination server says: Jun 5 13:43:52 barrida postfix/smtpd[54769]: connect from gtxd.x.rootbsd.net[162.217.113.30] So, I added to the main.cf file: # postconf smtp_bind_address smtp_bind_address = 199.233.231.177 And now Postfix sends mail from the desired IP address, 199.233.231.177. Jun 5 16:24:47 barrida postfix/smtpd[56193]: connect from unknown[199.233.231.177] But I should not need smtp_bind_address set to 199.233.231.177 as according to http://www.postfix.org/postconf.5.html#inet_interfaces When inet_interfaces specifies just one IPv4 and/or IPv6 address that is not a loopback address, the Postfix SMTP client will use this address as the IP source address for outbound mail. Evidently, I'm missing something, would you please help? # postconf -n bounce_queue_lifetime = 24h command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id sleep 5 disable_vrfy_command = yes html_directory = /usr/local/share/doc/postfix inet_interfaces = 199.233.231.177, localhost inet_protocols = ipv4 mail_owner = postfix mailbox_size_limit = 0 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man maximal_queue_lifetime = 24h message_size_limit = 67108864 mydestination = $myhostname, localhost, $mydomain myhostname = smtpd.telissant.net mynetworks = 127.0.0.0/8, 199.102.77.99/32, 199.233.230.156/32, 199.233.231.177/32 newaliases_path = /usr/local/bin/newaliases notify_classes = 2bounce, resource, software queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_bind_address = 199.233.231.177 smtpd_tls_CAfile = /etc/ssl/startssl.ca-bundle.pem smtpd_tls_cert_file = /etc/ssl/smtpd.telissant.net.startssl.crt smtpd_tls_key_file = /etc/ssl/private/smtpd.telissant.net.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may strict_rfc821_envelopes = yes unknown_local_recipient_reject_code = 550 -- Janos Dohanics
Single-end Unix sockets
Hello, tl;dr: Postfix keeps open unix sockets that seem useless to me. Why? First note I am new to postfix, so I may be wrongly interpreting some commands; but using it on a VPS with a limit of 500 non-TCP sockets triggered the limit. So I tried to search why it is using so many sockets. It currently uses 65 unix-domain sockets: # ss -exmp | grep master | wc -l 65 Among these, two are shared with other processes: # ss -exmp | grep master [...] u_str ESTAB 0 0* 329917704 * 0 users:((qmgr,5104,5),(master,5093,33)) [...] u_str ESTAB 0 0* 329917708 * 0 users:((tlsmgr,5315,5),(master,5093,36)) [...] The 63 others are all (almost) the same line: # ss -exmp | grep master u_str ESTAB 0 0* 329917676 * 0 users:((master,5093,15)) u_str ESTAB 0 0* 329917677 * 0 users:((master,5093,16)) u_str ESTAB 0 0* 329917685 * 0 users:((master,5093,19)) [...] This line seems weird to me: it is a socket with a connection that is established, but used only by master. Now looking at netstat's output: # netstat -anx --program | grep 5093/master unix 2 [ ACC ] STREAM LISTENING 329917757 5093/master private/retry [... Normal sockets associated to a file] unix 2 [ ACC ] STREAM LISTENING 329917753 5093/master private/error unix 3 [ ] STREAM CONNECTED 329917808 5093/master unix 3 [ ] STREAM CONNECTED 329917807 5093/master unix 3 [ ] STREAM CONNECTED 329917804 5093/master unix 3 [ ] STREAM CONNECTED 329917803 5093/master unix 3 [ ] STREAM CONNECTED 329917800 5093/master unix 3 [ ] STREAM CONNECTED 329917799 5093/master unix 3 [ ] STREAM CONNECTED 329917796 5093/master unix 3 [ ] STREAM CONNECTED 329917795 5093/master [... This goes on for a number of lines] unix 3 [ ] STREAM CONNECTED 329917676 5093/master unix 2 [ ] DGRAM329917651 5093/master # # Getting more precisely the number of sockets not associated to files # netstat -anx --program | grep 5093/master[[:space:]]*$ | wc -l 65 So I guess the 65 sockets without file listed by netstat are the same as the 63+2 sockets listed by ss. Which means 63 sockets are open by master, yet are neither reachable through a file nor currently used by any process. Finally, it is not even pre-reserving sockets so as not to have to allocate new ones after startup: # postconf -nf [...] default_process_limit = 1 [...] # postconf -Mf smtp inet n - - - - smtpd [... Summing the last digits (with a 1 instead of a -) yields 28] So postfix would need at most 28 sockets to communicate, should all the processes be started at the same time. Thus not needing 65. There are still two reasons why sockets could be needed: authentication is managed through dovecot, and user and domain management is managed through mysql. However, I still could not understand why 63 sockets should just lie around, neither bound nor bindable to. Is there a reason unknown to me, why these sockets exist? (they are re-created after a postfix reboot) Thanks in advance, Leo Gaspard
Re: inet_interfaces and smtp_bind_address
Janos Dohanics: em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=209bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC ether 00:16:3e:6f:18:c9 inet 199.102.77.98 netmask 0xfff8 broadcast 199.102.77.103 inet6 fe80::216:3eff:fe6f:18c9%em0 prefixlen 64 scopeid 0x2 inet 199.102.77.99 netmask 0xfff8 broadcast 199.102.77.103 inet 199.102.77.100 netmask 0xfff8 broadcast 199.102.77.103 inet 199.102.77.101 netmask 0xfff8 broadcast 199.102.77.103 inet 199.102.77.102 netmask 0xfff8 broadcast 199.102.77.103 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL # postconf inet_interfaces inet_interfaces = 199.102.77.99, localhost # postconf smtp_bind_address smtp_bind_address = And on the destination server, the mail log says: Jun 5 19:23:52 barrida postfix/smtpd[57612]: connect from smtpc.telissant.net[199.102.77.99] Can you explain? Perhaps your kernel picks a random IP address from five identically configured addresses. My FreeBSD9 box has netmasks of 0x on all IP address aliases. Perhaps you have smtp_bind_address in master.cf where it is typically used. Postfix source code is consistent with the documentation: the SMTP client bind(2)s to an inet_interfaces address only if there is one address of the requested type (IPv4 or IPv6), and if that address is not a loopback address. Wietse
Re: inet_interfaces and smtp_bind_address
On Fri, 05 Jun 2015 17:30:55 -0400 Bill Cole postfixlists-070...@billmail.scconsult.com wrote: On 5 Jun 2015, at 16:39, Janos Dohanics wrote: Hello Postfix Experts, More important in this case: native English speakers. I want Postfix send mail from 199.233.231.177, so I set: # postconf inet_interfaces inet_interfaces = 199.233.231.177, localhost But, the mail log on the destination server says: Jun 5 13:43:52 barrida postfix/smtpd[54769]: connect from gtxd.x.rootbsd.net[162.217.113.30] So, I added to the main.cf file: # postconf smtp_bind_address smtp_bind_address = 199.233.231.177 And now Postfix sends mail from the desired IP address, 199.233.231.177. Jun 5 16:24:47 barrida postfix/smtpd[56193]: connect from unknown[199.233.231.177] But I should not need smtp_bind_address set to 199.233.231.177 as according to http://www.postfix.org/postconf.5.html#inet_interfaces When inet_interfaces specifies just one IPv4 and/or IPv6 address that is not a loopback address, the Postfix SMTP client will use this address as the IP source address for outbound mail. Evidently, I'm missing something, would you please help? Your configuration does not specify just one IPv4 and/or IPv6 address that is not a loopback address. It specifies two addresses, just one of which is not a loopback address. Those are quite different statements. It might be less open to misunderstanding if that bit said just one IPv4 and/or IPv6 address AND that address is not a loopback address but it makes for a clumsier sentence. I am unable to explain logically why the existing sentence does not say what you understood it to mean, I can only say that it's idiomatic English. Bill, thanks for the English lesson which I may well have needed; I have misunderstood the sentence I quoted. But then, I have another computer (FreeBSD 9.2-STABLE, postfix-2.11.5,1) which has: # ifconfig em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=209bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC ether 00:16:3e:6f:18:c9 inet 199.102.77.98 netmask 0xfff8 broadcast 199.102.77.103 inet6 fe80::216:3eff:fe6f:18c9%em0 prefixlen 64 scopeid 0x2 inet 199.102.77.99 netmask 0xfff8 broadcast 199.102.77.103 inet 199.102.77.100 netmask 0xfff8 broadcast 199.102.77.103 inet 199.102.77.101 netmask 0xfff8 broadcast 199.102.77.103 inet 199.102.77.102 netmask 0xfff8 broadcast 199.102.77.103 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: Ethernet autoselect (1000baseT full-duplex) status: active em1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=209bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC ether 00:16:3e:54:0f:35 inet 10.12.45.98 netmask 0xfff8 broadcast 10.12.45.103 inet6 fe80::216:3eff:fe54:f35%em1 prefixlen 64 scopeid 0x3 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: Ethernet autoselect (1000baseT full-duplex) status: active plip0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST metric 0 mtu 1500 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 options=63RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet 127.0.0.1 netmask 0xff00 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL # postconf inet_interfaces inet_interfaces = 199.102.77.99, localhost # postconf smtp_bind_address smtp_bind_address = And on the destination server, the mail log says: Jun 5 19:23:52 barrida postfix/smtpd[57612]: connect from smtpc.telissant.net[199.102.77.99] Can you explain? -- Janos Dohanics
Re: Single-end Unix sockets
The Postfix master daemon opens three sockets per master.cf entry: the service endpoint (the first field in master.cf), plus one socketpair. This single socketpair is used to receive updates from all the child processes that implement the corresponding master.cf service. The current stock master.cf file has 24 entries. One is a TCP service and the remainder are UNIX-domain sockets. That corresponds with one TCP socket and 71 UNIX-domain sockets. With older master.cf files, two of those UNIX-domain services used to be FIFO services, That corresponds with one TCP socket, 69 UNIX-domain sockets, and two FIFOs. Based on your count of 65 sockets, I suppose that your master.cf file has 22 entries (one TCP service and 21 UNIX-domain services). System library routines may open other sockets or files, for example, to talk to nsswitch.conf services. The Postfix master daemon has no control over those sockets or files. Wietse
Re: inet_interfaces and smtp_bind_address
On Fri, 5 Jun 2015 20:05:02 -0400 (EDT) wie...@porcupine.org (Wietse Venema) wrote: Janos Dohanics: em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=209bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC ether 00:16:3e:6f:18:c9 inet 199.102.77.98 netmask 0xfff8 broadcast 199.102.77.103 inet6 fe80::216:3eff:fe6f:18c9%em0 prefixlen 64 scopeid 0x2 inet 199.102.77.99 netmask 0xfff8 broadcast 199.102.77.103 inet 199.102.77.100 netmask 0xfff8 broadcast 199.102.77.103 inet 199.102.77.101 netmask 0xfff8 broadcast 199.102.77.103 inet 199.102.77.102 netmask 0xfff8 broadcast 199.102.77.103 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL # postconf inet_interfaces inet_interfaces = 199.102.77.99, localhost # postconf smtp_bind_address smtp_bind_address = And on the destination server, the mail log says: Jun 5 19:23:52 barrida postfix/smtpd[57612]: connect from smtpc.telissant.net[199.102.77.99] Can you explain? Perhaps your kernel picks a random IP address from five identically configured addresses. My FreeBSD9 box has netmasks of 0x on all IP address aliases. Perhaps you have smtp_bind_address in master.cf where it is typically used. That's precisely the case... as I suspected, I was missing something. Thank you all for your help. -- Janos Dohanics