Re: Developing tracking module with postfix server
On 3 Aug 2015, at 7:30, hyndavirap...@bel.co.in wrote: hi, I would like to develop one tracking module with postfix server to achieve following things.. 1. When mail has reached each MTA(including relay MTA) on its way to destination 2. If mail delivery fails, at which MTA mail delivery failed and at what time 3. Which MTA has Sent DSN, and when it has reached User In principle, all of this is done using the DSN extensions to SMTP. The base enhancement to the protocol is defined by RFC3461. A copy of which, with links to later additions, is at https://tools.ietf.org/html/rfc3461 What is the best way to implement this module... As a SMTP proxy through which a Postfix instance routes messages lacking the desired DSN arguments. The proxy would simply re-inject messages to Postfix using the DSN extension. Thanking you in advance. Don't be so fast to thank me. I have just advised you on what might be called a snipe hunt or a wild goose chase if you expect your tool to work across the Internet in any general sense. It will not, it cannot, it should not. In the real world, many (probably MOST) MTAs do not fully support the base DSN extension or its extensions and in many cases that is a conscious and prudent security choice. Speaking as someone who has run dozens of Internet email servers for over 20 years using about a half-dozen different MTA implementations: no MTA I have ever administered would fully cooperate with the tool you are trying to create. You cannot depend on servers that you do not control telling you about how they handle the mail you pass to them internally (or whether they pass it along to others) because they *SHOULD NOT* do so. You can detect this fact in the focus of RFCs 3885-3888, which define a robust message tracking model and mechanism. It is envisioned for the mail servers of a single enterprise, NOT the global Internet.
E-mail encoding problem
Dear Colleagues, I`m trying to understand how E-mail encoding is working, maybe somebody will be able to explain me how its working with Postfix and some E-mail client like Thunderbird for example. When I`m sending an E-mail from server command line (telnet localhost 25) my E-mail has following header. If I good understand charset=us-ascii come from the system local settings. On the server I have installed us_US settings. Is that right ? My local setting for an encoding is: LANG=en_US.utf8 # ## Subject: test message User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit # ## My server is also used by some other application servers as an relay machine to resend messages. One of the application sending an E-mails using german encoding. Now comes my question. My Postfix is running in the environment with LANG=en_US.utf8. So if I good understand each E-mail which will be send by my Postfix server will have changed encoding from german to english ? I mean from de_DE.utf8 to en_US.utf8. Is that right ? Where encoding should be setup ? On the server or on the client side ? Thanks in advance for an any hints ! With kind regards Zalezny
Odp: Re: status=bounced (mail for ... loops back to myself)
OK thanks for sharing your experience I'll be changing configurations Hello. I would also recommend having unique hostnames as well, so that postfix can keep track. It's perfectly fine to have the same IP. IE: mail.mydomain.com, mail2.mydomain.com etc Also, it might not be necessary to have two instances, you can probably do it with one, as SMTPD is for incoming and SMTP is for outbound in master.cf You can specify customer ports in master.cf as well, for example, I have: My default inbound which has amavis filtering, and I have a second listener on 127.0.0.2 for internal relay mail. smtpinet n - n - 25 smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024 127.0.0.2:25 inet n- n - 25 smtpd -o smtp_bind_address=$smtp_bind_override michalr0 wrote: Hello i have two instance of postfix one for incoming (p:25) and one for outgoing (p:587) I use this configuration because in this way i may check DNS and MX records. I have some virtual domains. When I send email to client which changing mail server (from me to other ISP) I sending emails to me server (old) not to new server and I have one trouble when I sended email from my server to outside server i working great when I received mail from outside server is working great but when i sended from me to me I have many errors NOQUEUE: reject_warning: RCPT from 1-2-3-4.dynamic.xx[1.2.3.4]: 450 4.1.7 ad...@mydomain.dd: Sender address rejected: unverified address: mail for mydomain.dd loops back to myself; from=ad...@mydomain.dd to=t...@mydomain.dd proto=ESMTP helo=[192.168.1.140]
Odp: Re: status=bounced (mail for ... loops back to myself)
Hello. I would also recommend having unique hostnames as well, so that postfix can keep track. It's perfectly fine to have the same IP. IE: mail.mydomain.com, mail2.mydomain.com etc This working great, two different hostnames solves the problem solution of one instance seems to be much better Also, it might not be necessary to have two instances, you can probably do it with one, as SMTPD is for incoming and SMTP is for outbound in master.cf You can specify customer ports in master.cf as well, for example, I have: My default inbound which has amavis filtering, and I have a second listener on 127.0.0.2 for internal relay mail. smtpinet n - n - 25 smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024 127.0.0.2:25 inet n- n - 25 smtpd -o smtp_bind_address=$smtp_bind_override In this part I don't have any changes to better for test I disable auth master.cf #smtp inetn - n - - smtpd 1.2.3.4:smtp inet n - n - - smtpd -o myhostname=xxx.domain.cc 1.2.3.4:587 inet n - - - - smtpd -o smtpd_client_restrictions=permit when I added the virtual domain to such tests (gmail.com, facebook.com) e-mails reach out locally rather than according to MX records
Re: check_policy_service not working - need a 4eye method or..
Yeah when I took the server for audit, Postfix was dead and couldn't start -the config file was (and stil is) in mess. Nevertheless, accepting SMTP is not the issue at this moment. The issue is that it seems to be disregarding the policy check. I have even precompiled it from source yesterday, thinking that it might be damaged, but no effect... On 2015-08-02 23:14, Viktor Dukhovni wrote: On Sun, Aug 02, 2015 at 10:53:35PM +0200, Istvan Prosinger wrote: smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination With the above configuration, either you never accept any SMTP email, master.cf contains an override of smtpd_recipient_restrictions and smtpd_end_of_data_restrictions, or the policy service *is* used, whether you can convince yourself of that or not. smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_use_tls = yes Better: smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_security_level = may
Developing tracking module with postfix server
hi, I would like to develop one tracking module with postfix server to achieve following things.. 1. When mail has reached each MTA(including relay MTA) on its way to destination 2. If mail delivery fails, at which MTA mail delivery failed and at what time 3. Which MTA has Sent DSN, and when it has reached User What is the best way to implement this module... Thanking you in advance.. -- Regards Hyndavi Every 3000 Sheets of paper costs us a tree.. Save trees... Conserve Trees. Don't print this email or any Files unless you really need to Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Bharat Electronics or supp...@bel.co.in immediately and destroy all copies of this message and any attachments.
Re: using virtual_uid_maps with maildrop transport
[For clarity, I have re-added the remainder of my email that was snipped.] * Wietse Venema wie...@porcupine.org [150801 16:58]: Marvin Renich: Whether you have one real user for all virtual users or a setup with one real user for each of many virtual domains, you must still have at least one real user, Nope, that is incorrect. The UNIX kernel does not care if a UID or GID has a symbolic user-land name, and therefore virtual(8) does not require that, either. Your mis-conception invalidates all your further arguments. I apologize for not making myself more clear. When I said real user it was to differentiate it from virtual user (i.e. the recipient user name in the virtual domain). user was not intended to imply user name, only an identity (uid w/ or w/o an entry in /etc/passwd) that the virtual(8) driver uses for delivery. The point I was trying to make was that allowing a numeric uid is good, but allowing the admin to choose between using a numeric uid or a user name from /etc/passwd (or other user database used by getpwent(3)) is better and has a significant advantage for migration or disaster recovery. possibly many. If the only way to specify the real user(s) is by numeric ID, then the configuration must be edited when moving the postfix setup to another machine (and depending on how it is edited, there might be a significant chance for mistakes). If names were allowed, this would not be necessary. In either case, you must ensure that the new machine has the appropriate real users with their Maildir folders. I don't see a reason to not allow names, and allowing names makes things easier. These questions are on the same general topic, but do not depend on whether the above suggestion is accepted or rejected: Btw, I do not see anything in either the virtual(8) man page or the descriptions of virtual_mailbox_maps, virtual_uid_maps, or virtual_gid_maps in postconf(5) that describes what happens if virtual_mailbox_maps has an entry for a virtual user, but virtual_uid_maps does not. What real uid is used to deliver the mail? Also, if virtual_uid_maps has an entry for a user, but virtual_gid_maps does not, how is the real gid determined? ...Marvin
Re: check_policy_service not working - need a 4eye method or..
On Mon, 03 Aug 2015 14:52:33 +0200, Istvan Prosinger stated: Yeah when I took the server for audit, Postfix was dead and couldn't start -the config file was (and stil is) in mess. Nevertheless, accepting SMTP is not the issue at this moment. The issue is that it seems to be disregarding the policy check. I have even precompiled it from source yesterday, thinking that it might be damaged, but no effect... I assume you have read everything at http://www.postfix.org/DEBUG_README.html#mail Might I suggest you provide output from the postfinger tool. This can be found at http://ftp.wl0.org/SOURCES/postfinger. -- Jerry
Re: check_policy_service not working - need a 4eye method or..
On Mon, Aug 03, 2015 at 09:48:35AM -0400, Postfix User wrote: On Mon, 03 Aug 2015 14:52:33 +0200, Istvan Prosinger stated: Yeah when I took the server for audit, Postfix was dead and couldn't start -the config file was (and stil is) in mess. Nevertheless, accepting SMTP is not the issue at this moment. The issue is that it seems to be disregarding the policy check. I have even precompiled it from source yesterday, thinking that it might be damaged, but no effect... I assume you have read everything at http://www.postfix.org/DEBUG_README.html#mail Might I suggest you provide output from the postfinger tool. This can be found at http://ftp.wl0.org/SOURCES/postfinger. Also post the output of: ps -o pid,command -p $(pgrep -x master) along with the output of: strings $command | grep /postfix where $command is the full pathname of the master executable reported running by ps. If you can examine the process environment via /proc or by other means, also report the value of the MAIL_CONFIG environment variable of the master process. -- Viktor.