Re: checking file references
Wietse Venema: > Geert Stappers: > > So I'm also curious if there is a "syntax checker" > > that reports missing files. > > How would a program know that a string 'foobar' is a file reference > 1) in main.cf or master.cf > 2) in a file that is referenced by 1) > 3) in a file that is referenced by a file that is referenced by 1) > 4) and so on. > > Answer: in many cases the only program that knows if 'foobar' is a > file reference is the program that uses 'foobar' as a file reference. > > For a Postfix configuration checker to answer your question, I see > two options. > > 1) In the configuration checker, duplicate all the parts of all > programs that understand file references. Code duplication is > undesirable because it makes Postfix more difficult to change. > > 2) In the configuration checker, ask every Postfix program to "check" > the file references that it knows about. Part of this involves > starting up the Postfix mail server and running all daemons with a > special option, so that each daemon opens all databases, all files, > and all sockets, and then terminates without causing permanent side > effects other than logging some warnings. > > The second option makes the most sense because it can reuse the > existing code in each daemon program that opens databases as that > daemon starts to execute. In the case of the SMTP daemon, that > includes database references in smtpd_mumble_restrictions. But > this trick cannot check pathnames in non-Postfix programs such as > those executed by the spawn(8) or pipe(8) daemons. > > I do not expect that this option will be implemented soon. It will > likely be a multi-year project, just like the effort to make the > postconf command understand master.cf, and to make it complain about > unknown parameter names. A first result looks promising. I hacked up Postfix code so that "postfix check" runs each Postfix daemon with a special option. With this the daemon initializes as usual (opening databases etc.) and terminates before it would start talking to a client. Then, I mangled the alias_maps setting in main.cf, and ran "postfix check". As expected the local daemon complains: # postfix check local: fatal: open database /etc/aliasesx.db: No such file or directory Normally, this "problem" would not be "discovered" until the local daemon tries to deliver email, but now we can find it earlier with "postfix check". That is an improvement. However, I also got some error messages from a master.cf service that I never use: the virtual daemon complained that virtual_mailbox_base was not set: virtual: fatal: bad string length 0 < 1: virtual_mailbox_base = This is a problem. The virtual daemon is enabled by default in master.cf since more than 10 years, and we can't suddenly have Postfix failing to start because 'postfix check' fails. Wietse
Re: checking file references
Geert Stappers: > So I'm also curious if there is a "syntax checker" > that reports missing files. How would a program know that a string 'foobar' is a file reference 1) in main.cf or master.cf 2) in a file that is referenced by 1) 3) in a file that is referenced by a file that is referenced by 1) 4) and so on. Answer: in many cases the only program that knows if 'foobar' is a file reference is the program that uses 'foobar' as a file reference. For a Postfix configuration checker to answer your question, I see two options. 1) In the configuration checker, duplicate all the parts of all programs that understand file references. Code duplication is undesirable because it makes Postfix more difficult to change. 2) In the configuration checker, ask every Postfix program to "check" the file references that it knows about. Part of this involves starting up the Postfix mail server and running all daemons with a special option, so that each daemon opens all databases, all files, and all sockets, and then terminates without causing permanent side effects other than logging some warnings. The second option makes the most sense because it can reuse the existing code in each daemon program that opens databases as that daemon starts to execute. In the case of the SMTP daemon, that includes database references in smtpd_mumble_restrictions. But this trick cannot check pathnames in non-Postfix programs such as those executed by the spawn(8) or pipe(8) daemons. I do not expect that this option will be implemented soon. It will likely be a multi-year project, just like the effort to make the postconf command understand master.cf, and to make it complain about unknown parameter names. Wietse
Re: checking file references
On Fri, Nov 25, 2016 at 12:00:27AM -0800, Michael Fox wrote: > Is there a command that can check if all files referenced in main.cf are > present? Currently, if my manual/visual review misses something, I don't > find out until postfix tries to process a message and discovers the missing > file. > > > > postfix check doesn't do this. > > Quick test that I did: changed 'alias_database = hash:/etc/aliases' into 'alias_database = hash:/etc/aliasez'. So creating an error. Did `postfix reload` (and also `service postfix restart` ) and checked syslog file. Reload (and Restart) entry is there, but no error on detection of the typo error. So I'm also curious if there is a "syntax checker" that reports missing files. Groeten Geert Stappers -- Leven en laten leven
Re: Mail delivery problems to outlook.com controlled domains
> On Nov 25, 2016, at 1:49 PM, Jack Raatswrote: > > Since last tuesday my mailservers cann’t deliver email to an outlook.com > controlled domain. Before tuesday everything was ok. This would be a good time to take stock of any changes you made at that time. > Accoording to microsoft my postfix server doesn’t comply with the several > rfc’s describing how to send email. Often the folks on level-1 support can barely add 1+1 without looking up the answer in their canned list of responses. There is little reason to take what they say too seriously. In the mean-time: http://www.postfix.org/DEBUG_README.html#mail http://www.postfix.org/DEBUG_README.html#logging LOGS = HELP NO LOGS = NO HELP -- Viktor.
Mail delivery problems to outlook.com controlled domains
Hi everyone, Please help me!!! Since last tuesday my mailservers cann’t deliver email to an outlook.com controlled domain. Before tuesday everything was ok. Accoording to microsoft my postfix server doesn’t comply with the several rfc’s describing how to send email. Below I included my postconf –n. Please help me!!! Gr. Jack address_verify_map = btree:/var/db/postfix/verifymap address_verify_negative_cache = yes address_verify_negative_expire_time = 3d address_verify_negative_refresh_time = 2h address_verify_poll_count = 3 address_verify_poll_delay = 3s address_verify_positive_expire_time = 31d address_verify_positive_refresh_time = 7d address_verify_sender = $double_bounce_sender alias_database = $alias_maps alias_maps = hash:/etc/aliases body_checks = pcre:/postfix/tables/body_checks bounce_size_limit = 1 command_directory = /usr/local/sbin compatibility_level = 2 content_filter = scan:aaa.bbb.ccc.ddd:10025 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debugger_command = PATH=/usr/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 default_destination_concurrency_limit = 5 disable_vrfy_command = yes header_checks = pcre:/postfix/tables/header_checks html_directory = /usr/local/share/doc/postfix inet_interfaces = aaa.bbb.ccc.ddd inet_protocols = ipv4 local_recipient_maps = proxy:unix:passwd.byname $alias_maps mail_owner = postfix mailbox_command = /usr/local/bin/procmail -a $EXTENSION mailbox_size_limit = 0 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man maximal_backoff_time = 400s maximal_queue_lifetime = 7d message_size_limit = 4096 meta_directory = /usr/local/libexec/postfix minimal_backoff_time = 100s multi_recipient_bounce_reject_code = 550 mydestination = .nl mydomain = .nl myhostname = nl..nl mynetworks = aaa.bbb.ccc.ddd myorigin = .nl newaliases_path = /usr/local/bin/newaliases notify_classes = resource, software owner_request_special = no parent_domain_matches_subdomains = smtpd_access_maps postscreen_access_list = permit_mynetworks postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = zen.spamhaus.org*2, b.barracudacentral.org*1, bl.spamcop.net*1, dnsbl.sorbs.net*1, virbl.dnsbl.bit.nl*1, all.spamrats.com*1 postscreen_dnsbl_threshold = 2 postscreen_greet_action = enforce postscreen_helo_required = yes queue_directory = /var/spool/postfix queue_run_delay = 100s rblchecks = reject_rbl_client zen.spamhaus.org, reject_rbl_client virbl.dnsbl.bit.nl, reject_rbl_client bl.spamcop.net, reject_rbl_client b.barracudacentral.org readme_directory = /usr/local/share/doc/postfix receive_override_options = no_address_mappings recipient_delimiter = + relay_domains = $mydestination, hash:/postfix/tables/transport rhsblchecks = reject_rhsbl_client multi.surbl.org, reject_rhsbl_helo multi.surbl.org, reject_rhsbl_sender multi.surbl.org, reject_rhsbl_reverse_client multi.surbl.org, reject_rhsbl_recipient multi.surbl.org, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop shlib_directory = /usr/local/lib/postfix smtp_generic_maps = hash:/postfix/tables/generic smtp_tls_CAfile = /usr/local/share/certs/ca-root-nss.crt smtp_tls_cert_file = /usr/local/etc/dehydrated/certs/.nl/fullchain.pem smtp_tls_key_file = /usr/local/etc/dehydrated/certs/.nl/privkey.pem smtp_tls_loglevel = 1 smtp_tls_mandatory_ciphers = high smtp_tls_mandatory_protocols = TLSv1.2 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_cache smtpd_banner = $myhostname ESMTP $mail_name ; The nl..nl mailserver smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_error_sleep_time = 2 smtpd_hard_error_limit = 20 smtpd_helo_required = yes smtpd_helo_restrictions = smtpd_junk_command_limit = 50 smtpd_recipient_overshoot_limit = 500 smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_helo_access hash:/postfix/tables/helo_checks, check_sender_mx_access cidr:/postfix/tables/bogus_mx, check_helo_access pcre:/postfix/tables/tld_acl, check_client_access pcre:/postfix/tables/tld_acl, check_sender_access pcre:/postfix/tables/tld_acl, check_sender_access hash:/postfix/tables/sender_checks, check_recipient_access hash:/postfix/tables/spamtrap, check_recipient_access hash:/postfix/tables/uce_strong, check_recipient_access hash:/postfix/tables/uce_strong1, check_recipient_access hash:/postfix/tables/uce_strong2, permit smtpd_relay_restrictions = smtpd_restriction_classes = ucestrong,
Re: Interoperability problem - latest Postfix on Linux vs Exchange 2007 on Win2003
On Fri, 25 Nov 2016 07:20:25 +0100, Josh Good stated: >On 2016 Nov 24, 16:58, Postfix User wrote: >> On Thu, 24 Nov 2016 22:04:41 +0100, Josh Good stated: >> >> >Now, having said that, there is a gotcha: the URL for the hotfix >> >offers a "Hotfix download available" button, which simply put does >> >NOT work. Microsoft seems to have silently retired that hotfix from >> >general availability. That is bad news for those of us who have to >> >deal with customers "not easily amenable to paying for upgrades", >> >if you know what I mean... >> >> That button worked fine for me. I was led to a site that gave me >> information on the HotFix, etcetera and how to down load it, which I >> did. >> >> Perhaps you have some firewall or whatever blocking the site. > >Yes, I could successfully "request" to Microsoft --at the hotfix' web >page-- that they send to my email address the download link for the >hotfix itself, but then I never received Microsoft email with the >download link for the hotfix. I tried for several days, from different >locations/IPs, with different browsers, etc. Never I got the email >from Microsoft with the download link for that hotfix (but I could >successfully get the Microsoft email with the link to download several >other hotfixes, like the two SHA-2 hotfixes for Windows Server 2003, >and the DES/3DES hotfix for the SMTP service of IIS 6.0 in Windows >Server 2003, etc.). > >So you got the email from Microsoft with the download link for hotfix >KB948963? Yes, almost immediately after requesting it. You must have something blocking it. This is the link I received: KB Article Number(s): 948963 Language: English Platform: x64 Location: (http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351403_ENU_x64_zip.exe) -- Jerry
noob question on filtering and sending mail to bdd or rest request
Hi, I got a 2 dedicated postfix/dovecot servers that deal with return to replyto mails. For now, I got a bash script that "read and parse" each files in /Maildir/new and if it match some criterias (most on TO/FROM/SUBJECT) send it to another domain mailbox, from that new domain, the mails are taken and inserted in a MSSQL bdd by a script that pop the box ... That way of working seems not efficient to me, so I am trying to find a way to parse the mail directly within postfix (I think that sieve can handle that), and to insert it into the bdd or make a HTTP REST call to our API ... First is that just possible (sending the mail to a bdd or to a POST HTTP call) ? and if not, where can I find information on how I can use postfix to send each mail to a developed a golang binary that would parse the mail and call the API (kind of like it seems to work with dovecot or sieve or spamassassin). In order to know what to answer to postfix for example ... or a way to tell sieve to send the mail matching those criterias to my process Sorry if the question sounds terrible, and maybee offtopic, I am trying to find a better way to deal with that task. Stéphane
checking file references
Is there a command that can check if all files referenced in main.cf are present? Currently, if my manual/visual review misses something, I don't find out until postfix tries to process a message and discovers the missing file. postfix check doesn't do this. Thanks, Michael