Re: checking file references

[Wietse Venema]

Wietse Venema:
> Geert Stappers:
> > So I'm also curious if there is a "syntax checker"
> > that reports missing files.
> 
> How would a program know that a string 'foobar' is a file reference
> 1) in main.cf or master.cf
> 2) in a file that is referenced by 1)
> 3) in a file that is referenced by a file that is referenced by 1)
> 4) and so on.
> 
> Answer: in many cases the only program that knows if 'foobar' is a
> file reference is the program that uses 'foobar' as a file reference.
> 
> For a Postfix configuration checker to answer your question, I see
> two options.
> 
> 1) In the configuration checker, duplicate all the parts of all
> programs that understand file references. Code duplication is
> undesirable because it makes Postfix more difficult to change.
> 
> 2) In the configuration checker, ask every Postfix program to "check"
> the file references that it knows about.  Part of this involves
> starting up the Postfix mail server and running all daemons with a
> special option, so that each daemon opens all databases, all files,
> and all sockets, and then terminates without causing permanent side
> effects other than logging some warnings.
> 
> The second option makes the most sense because it can reuse the
> existing code in each daemon program that opens databases as that
> daemon starts to execute. In the case of the SMTP daemon, that
> includes database references in smtpd_mumble_restrictions.  But
> this trick cannot check pathnames in non-Postfix programs such as
> those executed by the spawn(8) or pipe(8) daemons.
> 
> I do not expect that this option will be implemented soon. It will
> likely be a multi-year project, just like the effort to make the
> postconf command understand master.cf, and to make it complain about
> unknown parameter names.

A first result looks promising. I hacked up Postfix code so that
"postfix check" runs each Postfix daemon with a special option.
With this the daemon initializes as usual (opening databases etc.)
and terminates before it would start talking to a client.

Then, I mangled the alias_maps setting in main.cf, and ran "postfix
check". As expected the local daemon complains:

# postfix check
local: fatal: open database /etc/aliasesx.db: No such file or directory

Normally, this "problem" would not be "discovered" until the local
daemon tries to deliver email, but now we can find it earlier with
"postfix check". That is an improvement.

However, I also got some error messages from a master.cf service
that I never use: the virtual daemon complained that virtual_mailbox_base
was not set:

virtual: fatal: bad string length 0 < 1: virtual_mailbox_base = 

This is a problem. The virtual daemon is enabled by default in
master.cf since more than 10 years, and we can't suddenly have
Postfix failing to start because 'postfix check' fails.

Wietse

Re: checking file references

[Wietse Venema]

Geert Stappers:
> So I'm also curious if there is a "syntax checker"
> that reports missing files.

How would a program know that a string 'foobar' is a file reference
1) in main.cf or master.cf
2) in a file that is referenced by 1)
3) in a file that is referenced by a file that is referenced by 1)
4) and so on.

Answer: in many cases the only program that knows if 'foobar' is a
file reference is the program that uses 'foobar' as a file reference.

For a Postfix configuration checker to answer your question, I see
two options.

1) In the configuration checker, duplicate all the parts of all
programs that understand file references. Code duplication is
undesirable because it makes Postfix more difficult to change.

2) In the configuration checker, ask every Postfix program to "check"
the file references that it knows about.  Part of this involves
starting up the Postfix mail server and running all daemons with a
special option, so that each daemon opens all databases, all files,
and all sockets, and then terminates without causing permanent side
effects other than logging some warnings.

The second option makes the most sense because it can reuse the
existing code in each daemon program that opens databases as that
daemon starts to execute. In the case of the SMTP daemon, that
includes database references in smtpd_mumble_restrictions.  But
this trick cannot check pathnames in non-Postfix programs such as
those executed by the spawn(8) or pipe(8) daemons.

I do not expect that this option will be implemented soon. It will
likely be a multi-year project, just like the effort to make the
postconf command understand master.cf, and to make it complain about
unknown parameter names.

Wietse

Re: checking file references

[Geert Stappers]

On Fri, Nov 25, 2016 at 12:00:27AM -0800, Michael Fox wrote:
> Is there a command that can check if all files referenced in main.cf are
> present?  Currently, if my manual/visual review misses something, I don't
> find out until postfix tries to process a message and discovers the missing
> file.  
> 
>  
> 
> postfix check doesn't do this.
> 
>  

Quick test that I did: changed 'alias_database = hash:/etc/aliases'
into 'alias_database = hash:/etc/aliasez'. So creating an error.

Did `postfix reload` (and also `service postfix restart` )
and checked syslog file. Reload (and Restart) entry is there,
but no error on detection of the typo error.


So I'm also curious if there is a "syntax checker"
that reports missing files.


Groeten
Geert Stappers
-- 
Leven en laten leven

Re: Mail delivery problems to outlook.com controlled domains

[Viktor Dukhovni]

> On Nov 25, 2016, at 1:49 PM, Jack Raats  wrote:
>  
> Since last tuesday my mailservers cann’t deliver email to an outlook.com 
> controlled domain. Before tuesday everything was ok.

This would be a good time to take stock of any changes you made at that time.

> Accoording to microsoft my postfix server doesn’t comply with the several 
> rfc’s describing how to send email.

Often the folks on level-1 support can barely add 1+1 without looking
up the answer in their canned list of responses.  There is little reason
to take what they say too seriously.

In the mean-time:

   http://www.postfix.org/DEBUG_README.html#mail
   http://www.postfix.org/DEBUG_README.html#logging

LOGS = HELP
NO LOGS = NO HELP

-- 
Viktor.

Mail delivery problems to outlook.com controlled domains

[Jack Raats]

Hi everyone,

 

Please help me!!!

 

Since last tuesday my mailservers cann’t deliver email to an outlook.com 
controlled domain. Before tuesday everything was ok.

Accoording to microsoft my postfix server doesn’t comply with the several rfc’s 
describing how to send email.

 

Below I included my postconf –n.

 

Please help me!!!

 

Gr.

Jack

 

address_verify_map = btree:/var/db/postfix/verifymap

address_verify_negative_cache = yes

address_verify_negative_expire_time = 3d

address_verify_negative_refresh_time = 2h

address_verify_poll_count = 3

address_verify_poll_delay = 3s

address_verify_positive_expire_time = 31d

address_verify_positive_refresh_time = 7d

address_verify_sender = $double_bounce_sender

alias_database = $alias_maps

alias_maps = hash:/etc/aliases

body_checks = pcre:/postfix/tables/body_checks

bounce_size_limit = 1

command_directory = /usr/local/sbin

compatibility_level = 2

content_filter = scan:aaa.bbb.ccc.ddd:10025

daemon_directory = /usr/local/libexec/postfix

data_directory = /var/db/postfix

debug_peer_level = 2

debugger_command = PATH=/usr/bin:/usr/X11R6/bin xxgdb 
$daemon_directory/$process_name $process_id & sleep 5

default_destination_concurrency_limit = 5

disable_vrfy_command = yes

header_checks = pcre:/postfix/tables/header_checks

html_directory = /usr/local/share/doc/postfix

inet_interfaces = aaa.bbb.ccc.ddd

inet_protocols = ipv4

local_recipient_maps = proxy:unix:passwd.byname $alias_maps

mail_owner = postfix

mailbox_command = /usr/local/bin/procmail -a $EXTENSION

mailbox_size_limit = 0

mailq_path = /usr/local/bin/mailq

manpage_directory = /usr/local/man

maximal_backoff_time = 400s

maximal_queue_lifetime = 7d

message_size_limit = 4096

meta_directory = /usr/local/libexec/postfix

minimal_backoff_time = 100s

multi_recipient_bounce_reject_code = 550

mydestination = .nl

mydomain = .nl

myhostname = nl..nl

mynetworks = aaa.bbb.ccc.ddd

myorigin = .nl

newaliases_path = /usr/local/bin/newaliases

notify_classes = resource, software

owner_request_special = no

parent_domain_matches_subdomains = smtpd_access_maps

postscreen_access_list = permit_mynetworks

postscreen_dnsbl_action = enforce

postscreen_dnsbl_sites = zen.spamhaus.org*2, b.barracudacentral.org*1, 
bl.spamcop.net*1, dnsbl.sorbs.net*1, virbl.dnsbl.bit.nl*1, all.spamrats.com*1

postscreen_dnsbl_threshold = 2

postscreen_greet_action = enforce

postscreen_helo_required = yes

queue_directory = /var/spool/postfix

queue_run_delay = 100s

rblchecks = reject_rbl_client zen.spamhaus.org, reject_rbl_client 
virbl.dnsbl.bit.nl, reject_rbl_client bl.spamcop.net, reject_rbl_client 
b.barracudacentral.org

readme_directory = /usr/local/share/doc/postfix

receive_override_options = no_address_mappings

recipient_delimiter = +

relay_domains = $mydestination, hash:/postfix/tables/transport

rhsblchecks = reject_rhsbl_client multi.surbl.org, reject_rhsbl_helo 
multi.surbl.org, reject_rhsbl_sender multi.surbl.org, 
reject_rhsbl_reverse_client multi.surbl.org, reject_rhsbl_recipient 
multi.surbl.org, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_helo 
dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org

sample_directory = /usr/local/etc/postfix

sendmail_path = /usr/local/sbin/sendmail

setgid_group = maildrop

shlib_directory = /usr/local/lib/postfix

smtp_generic_maps = hash:/postfix/tables/generic

smtp_tls_CAfile = /usr/local/share/certs/ca-root-nss.crt

smtp_tls_cert_file = /usr/local/etc/dehydrated/certs/.nl/fullchain.pem

smtp_tls_key_file = /usr/local/etc/dehydrated/certs/.nl/privkey.pem

smtp_tls_loglevel = 1

smtp_tls_mandatory_ciphers = high

smtp_tls_mandatory_protocols = TLSv1.2

smtp_tls_security_level = may

smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_cache

smtpd_banner = $myhostname ESMTP $mail_name ; The nl..nl mailserver

smtpd_data_restrictions = reject_unauth_pipelining, 
reject_multi_recipient_bounce, permit

smtpd_error_sleep_time = 2

smtpd_hard_error_limit = 20

smtpd_helo_required = yes

smtpd_helo_restrictions =

smtpd_junk_command_limit = 50

smtpd_recipient_overshoot_limit = 500

smtpd_recipient_restrictions = reject_non_fqdn_recipient, 
reject_non_fqdn_sender, reject_unknown_sender_domain, 
reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, 
reject_unauth_destination, check_helo_access hash:/postfix/tables/helo_checks, 
check_sender_mx_access cidr:/postfix/tables/bogus_mx, check_helo_access 
pcre:/postfix/tables/tld_acl, check_client_access pcre:/postfix/tables/tld_acl, 
check_sender_access pcre:/postfix/tables/tld_acl, check_sender_access 
hash:/postfix/tables/sender_checks, check_recipient_access 
hash:/postfix/tables/spamtrap, check_recipient_access 
hash:/postfix/tables/uce_strong, check_recipient_access 
hash:/postfix/tables/uce_strong1, check_recipient_access 
hash:/postfix/tables/uce_strong2, permit

smtpd_relay_restrictions =

smtpd_restriction_classes = ucestrong, 

Re: Interoperability problem - latest Postfix on Linux vs Exchange 2007 on Win2003

[Postfix User]

On Fri, 25 Nov 2016 07:20:25 +0100, Josh Good stated:

>On 2016 Nov 24, 16:58, Postfix User wrote:
>> On Thu, 24 Nov 2016 22:04:41 +0100, Josh Good stated:
>>   
>> >Now, having said that, there is a gotcha: the URL for the hotfix
>> >offers a "Hotfix download available" button, which simply put does
>> >NOT work. Microsoft seems to have silently retired that hotfix from
>> >general availability. That is bad news for those of us who have to
>> >deal with customers "not easily amenable to paying for upgrades",
>> >if you know what I mean...  
>> 
>> That button worked fine for me. I was led to a site that gave me
>> information on the HotFix, etcetera and how to down load it, which I
>> did.
>> 
>> Perhaps you have some firewall or whatever blocking the site.  
>
>Yes, I could successfully "request" to Microsoft --at the hotfix' web
>page-- that they send to my email address the download link for the
>hotfix itself, but then I never received Microsoft email with the
>download link for the hotfix. I tried for several days, from different
>locations/IPs, with different browsers, etc. Never I got the email
>from Microsoft with the download link for that hotfix (but I could
>successfully get the Microsoft email with the link to download several
>other hotfixes, like the two SHA-2 hotfixes for Windows Server 2003,
>and the DES/3DES hotfix for the SMTP service of IIS 6.0 in Windows
>Server 2003, etc.).
>
>So you got the email from Microsoft with the download link for hotfix
>KB948963?

Yes, almost immediately after requesting it. You must have something
blocking it. This is the link I received:

KB Article Number(s): 948963
Language: English
Platform: x64
Location:
(http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351403_ENU_x64_zip.exe)

-- 
Jerry

noob question on filtering and sending mail to bdd or rest request

[Stéphane MERLE]

Hi,

I got a 2 dedicated postfix/dovecot servers that deal with return to 
replyto mails. For now, I got a bash script that "read and parse" each 
files in /Maildir/new and if it match some criterias (most on 
TO/FROM/SUBJECT) send it to another domain mailbox, from that new 
domain, the mails are taken and inserted in a MSSQL bdd by a script that 
pop the box ...


That way of working seems not efficient to me, so I am trying to find a 
way to parse the mail directly within postfix (I think that sieve can 
handle that), and to insert it into the bdd or make a HTTP REST call to 
our API ...


First is that just possible (sending the mail to a bdd or to a POST HTTP 
call) ?


and if not, where can I find information on how I can use postfix to 
send each mail to a developed a golang binary that would parse the mail 
and call the API (kind of like it seems to work with dovecot or sieve or 
spamassassin). In order to know what to answer to postfix for example 
... or a way to tell sieve to send the mail matching those criterias to 
my process


Sorry if the question sounds terrible, and maybee offtopic, I am trying 
to find a better way to deal with that task.


Stéphane

checking file references

[Michael Fox]

Is there a command that can check if all files referenced in main.cf are
present?  Currently, if my manual/visual review misses something, I don't
find out until postfix tries to process a message and discovers the missing
file.  

 

postfix check doesn't do this.

 

Thanks,

Michael