Re: unionmap?

2017-02-21 Thread Marek Kozlowski 
On 02/22/2017 01:16 AM, Wietse Venema wrote:
> Marek Kozlowski:
>>> virtual_alias_maps = unionmap:{sth1, sth2}
>>> if:
>>> `sth1' maps someone1 -> someone2
>>> `sth2' maps someone2 -> someone1
>>
>> ERROR! Message not delivered due to recursion!
> 
> You can do the exacts same with just one table:
> 
> a->b
> b->a
> 
> will produce 'unreasonable virtual_alias_maps map nesting for a --
> message not accepted, try again later'.

Why in this case:

`sth1': someone1 -> someone1,someone2
`sth2': someone2 -> someone3

someone3 receives the mail in two copies??
(someone1 receives it once)

Best regards,
Marek



smime.p7s
Description: S/MIME Cryptographic Signature

simultaneous sessions from old client

2017-02-21 Thread Michael Fox 
I've got some very old clients that takes a message to multiple recipients
at the same destination domain and separates the TO recipients and the CC
recipients into two messages and then sends them separately.  Until
recently, the message to the TO address would go out in one queue run and
the message to the CC addresses would go out in the next queue run.
Recently a patch was made to allow the client to open multiple sessions to
the destination MX so that both messages could go out at nearly the same
time.

 

While keeping one message as one message would be ideal, the client would
need a substantial overhaul, which is just not realistic.  So, although the
workaround is not an ideal solution, it seems to work.  

 

Question:

I haven't seen anything in Postfix documentation that would indicate that
this is would be a problem.  But is there anything I should be worried
about?  

 

Thanks,

Michael

Re: unionmap?

2017-02-21 Thread Wietse Venema 
Marek Kozlowski:
> > virtual_alias_maps = unionmap:{sth1, sth2}
> > if:
> > `sth1' maps someone1 -> someone2
> > `sth2' maps someone2 -> someone1
> 
> ERROR! Message not delivered due to recursion!

You can do the exacts same with just one table:

a->b
b->a

will produce 'unreasonable virtual_alias_maps map nesting for a --
message not accepted, try again later'.

So don't do that.

Wietse

AW: free email fax setup postfix integration

2017-02-21 Thread Maurizio Caloro 

Am 21.02.2017 um 23:53 schrieb David Mehler:
> Hello,
>
> I am looking for a free email 2 fax system that integrates with 
> postfix. I looked at faximum but that's very out of my range.
>
> Anyone know of any product comparable?
>
> Thanks.
> Dave.
>

Hello

Email2Fax:
https://sourceforge.net/projects/email2fax/?source=directory

Re: free email fax setup postfix integration

2017-02-21 Thread J. Echter 

Am 21.02.2017 um 23:53 schrieb David Mehler:

Hello,

I am looking for a free email 2 fax system that integrates with
postfix. I looked at faximum but that's very out of my range.

Anyone know of any product comparable?

Thanks.
Dave.



Hi,

you could try hylafax.

http://hylafax.sourceforge.net

http://hylafax.sourceforge.net/howto/faxing.php

free email fax setup postfix integration

2017-02-21 Thread David Mehler 
Hello,

I am looking for a free email 2 fax system that integrates with
postfix. I looked at faximum but that's very out of my range.

Anyone know of any product comparable?

Thanks.
Dave.

Re: unionmap?

2017-02-21 Thread Marek Kozlowski 
On 02/21/2017 08:00 PM, Marek Kozlowski wrote:

> Maybe by example. Let's assume:

I've just checked :-)

> virtual_alias_maps = unionmap:{sth1, sth2}

Note: `unionmap' available since postfix 3.0!

> What is the result of `rcpt to:' set to `someone1' in the original mail?
>
> if:
> `sth1' maps someone1 -> someone2,someone3
> `sth2' maps someone3 -> someone4

someone2, someone4

> if:
> `sth1' maps someone1 -> someone2,someone3
>   and someone4 -> someone5
> `sth2' maps someone1 -> someone4

someone2, someone3, someone5

> if:
> `sth1' maps someone1 -> someone2
> `sth2' maps someone2 -> someone1

ERROR! Message not delivered due to recursion!

> if:
> `sth1' maps someone1 -> someone2
>   and someone3 -> someone4
> `sth2' maps someone1 -> someone3
>   and someone2 -> someone5

someone4, someone5

Best regards,
Marek





smime.p7s
Description: S/MIME Cryptographic Signature

Re: Postfix, Dmarc, and Dkim for multiple domains

2017-02-21 Thread Christian Kivalo 


Am 21. Februar 2017 19:52:42 MEZ schrieb David Mehler :
>Hello,
>
>I'm not sure if this is the right place to ask this question, but it
>is mail related.
>
>I've got Postfix 3.1, and two milter filters dkim (with OpenDKIM), and
>dmarc (with OpenDMARC). At the time of initial setup I had one virtual
>mailbox domain and things were working fine.
>
>Now I've added two more virtual mailbox domains and need to configure
>both opendkim and opendmarc to handle them. I believe I have this with
>OpenDKIM here's the config:
>
>AllowSHA1Only  no
>AlwaysAddARHeader  yes
>AuthservID hostname.example.com
>AutoRestartYes
>AutoRestartRate5/1h
>Canonicalization   relaxed/simple
>ExternalIgnoreList refile:/usr/local/etc/mail/TrustedHosts
>InternalHosts  refile:/usr/local/etc/mail/TrustedHosts
>KeyTable   /usr/local/etc/mail/KeyTable
>MinimumKeyBits 2048
>Mode   sv
>PidFile/var/run/milteropendkim/opendkim.pid
>SigningTable   /usr/local/etc/mail/SigningTable
>Socket inet:8891@localhost
>SoftwareHeader yes
>SubDomains  yes
>Syslog Yes
>SyslogSuccess  yes
>UserID opendkim
>
># OPENDKIM TRUSTED HOSTS
>127.0.0.1
>::1
>localhost
>host.example.com
>example.com
>host.example2.com
>example2.com
>host.example3.com
>example3.com
>
># KeyTable
>selector._domainkey.example.com
>example.com:selector:/usr/local/etc/mail/keys/example.com/selector
>selector._domainkey.example2.com
>example2.com:selector:/usr/local/etc/mail/keys/example2.com/selector
>selector._domainkey.example3.com
>example3.com:selector:/usr/local/etc/mail/keys/example3.com/selector
>
># SigningTable
>example.com selector._domainkey.example.com
>example2.com selector._domainkey.example2.com
>example3.com selector._domainkey.example3.com
>
>With regards dkim will having an AuthservID of hostname.example.com
>mess up dkim checks for any of the other virtual mailbox domains as
>they are all on the one server?
No.
If you don't set the AuthservID configuration parameter the name of the MTA is 
used, when looking at the emails in my inbox this is the systems hostname.
The AuthservID has nothing to do with your virtual domains and is just a label 
that e.g. opendmarc uses to get the input for its decisions, when checking SPF 
then there is probably another AR header with the same authservid name.

>I am not sure how to do this using opendmarc as I can't use a table.
Why would you need a table for opendmarc?
Opendmarc uses the authentication-result headers of SPF and dkim checks and 
then retrieves the sending domains dmarc policy from DNS and makes its decision 
based on that information.

>If anyone has this working with these filters please let me know.
I'm running such a setup with 6 domains for which I dkim sign and i receive for 
11 domains. The AuthservID is the receiving systems hostname (postfix 
$myhostname and the real fqdn are the same, did not test which name is used 
when they differ)

-- 
Christian Kivalo
>
>Thanks.
>Dave.

Re: unionmap?

2017-02-21 Thread Wietse Venema 
Marek Kozlowski:
>  unionmap (read-only)
> A table that sends each query to multiple lookup tables and that
> concatenates all found results, separated by comma. The table name
> syntax is the same as for pipemap tables.
> (http://www.postfix.org/DATABASE_README.html#types)
> 
> Seems a little unclear to me how it works :-( Maybe by example. Let's
> assume:
> 
> virtual_alias_maps = unionmap:{sth1, sth2}

virtual_alias_maps lookups are recursive, therefore every result
address is also subject to virtual_alias_maps lookups. The recursion
ends when an address expands into itself, to avoid going into a loop.

As for the questions, you can simulate that by hand.

Wietse

Re: SMTPD for different IPs with IPv4 and IPv6

2017-02-21 Thread Dirk Stöcker 

On Wed, 22 Feb 2017, Peter wrote:


On 22/02/17 09:18, Dirk Stöcker wrote:

main.cf:
inet_interfaces = localhost, mail.stoecker.eu


Just remove the above, so it defaults to, "all".


That assumes that mail.stoecker.eu is the only external IPv6 address.
The advantage of IPv6 is that each service can have an own address, so
that server has many addresses and they should not offer port 25 or 587 :-)


The issue is that you're forcing it to do a DNS lookup for
mail.stoecker.eu, a DNS lookup that could fail, btw, and cause problems.


No. As said, the name mail.stoecker.eu is defined in /etc/hosts. If it 
would lookup DNS it would fail always, as the external and internal IPv4 
addresses don't match :-)



If you're specifying the IP in master.cf anyways then postfix will only
bind to what is in master.cf even if this is set to all.  Try it and
check your binds with netstat or ss.


Yes, for 25. But for 587 the inet_interfaces will still be used, as these 
aren't separated in master.cf.


Ciao
--
http://www.dstoecker.eu/ (PGP key available)

Re: SMTPD for different IPs with IPv4 and IPv6

2017-02-21 Thread Peter 
On 22/02/17 09:18, Dirk Stöcker wrote:
>>> main.cf:
>>> inet_interfaces = localhost, mail.stoecker.eu
>>
>> Just remove the above, so it defaults to, "all".
> 
> That assumes that mail.stoecker.eu is the only external IPv6 address.
> The advantage of IPv6 is that each service can have an own address, so
> that server has many addresses and they should not offer port 25 or 587 :-)

The issue is that you're forcing it to do a DNS lookup for
mail.stoecker.eu, a DNS lookup that could fail, btw, and cause problems.

If you're specifying the IP in master.cf anyways then postfix will only
bind to what is in master.cf even if this is set to all.  Try it and
check your binds with netstat or ss.

> Seems the newer systems don't assign ::1 to localhost anymore
> to reduce trouble with old software.

If you're worried about this you can always assign a new name such as
localhost_all or something and use that so as not to break old software
that relies on localhost only being assigned to IPv4.


Peter

Re: SMTPD for different IPs with IPv4 and IPv6

2017-02-21 Thread Dirk Stöcker 

On Wed, 22 Feb 2017, Peter wrote:


Yes, at least for a linux box and possibly other unix hosts.  You will
want to make sure that /etc/host.conf has the setting, "multi on", then
you can list multiple IPv4 and IPv6 addresses for the same name in
/etc/hosts and use those names in your master.cf file instead of the IP
addresses, so for example:


I already use multiple domain names per IP in /etc/hosts and it also works 
fine with Apache. Setting "multi on" did not change anything.



main.cf:
inet_interfaces = localhost, mail.stoecker.eu


Just remove the above, so it defaults to, "all".


That assumes that mail.stoecker.eu is the only external IPv6 address. 
The advantage of IPv6 is that each service can have an own address, so 
that server has many addresses and they should not offer port 25 or 587 
:-)


As above works fine for binding mail.stoecker.eu I rechecked everything. 
The name localhost is only assigned to IPv4 and I tested most stuff with 
localhost (easier name to type :-). Works now (still without "multi on").


It's disturbing that the localhost definition default is system depending. 
Seems the newer systems don't assign ::1 to localhost anymore to reduce 
trouble with old software. Because of the fallbacks to IPv4 I didn't 
recognize this until now, as everything works fine.



inet_protocols = ipv4, ipv6


Same, just remove this and let it default to, "all".


IPv6 wasn't default always. Removed it now.

Now I only need to switch the remaining old users submitting with SASL on 
port 25 to submit port 587 and all is perfect (until I find the next issue 
:-)


Ciao
--
http://www.dstoecker.eu/ (PGP key available)

Re: SMTPD for different IPs with IPv4 and IPv6

2017-02-21 Thread Peter 
On 22/02/17 07:19, Dirk Stöcker wrote:
> I did setup separate entries for localhost and external IP. Now with
> IPv4 and IPv6 that results in 4 lines of SMTP in master.cf.
> 
> Is this the way to go or can it be reduced to 2 lines?

Yes, at least for a linux box and possibly other unix hosts.  You will
want to make sure that /etc/host.conf has the setting, "multi on", then
you can list multiple IPv4 and IPv6 addresses for the same name in
/etc/hosts and use those names in your master.cf file instead of the IP
addresses, so for example:

/etc/host.conf:
multi on

/etc/hosts:
127.0.0.1   localhost
::1 localhost
172.31.1.100external
2a01:4f8:c17:15d5::1:40 external

master.cf:
localhost:smtp inet ...
...
external:smtp inet ...
...

> main.cf:
> inet_interfaces = localhost, mail.stoecker.eu

Just remove the above, so it defaults to, "all".

> inet_protocols = ipv4, ipv6

Same, just remove this and let it default to, "all".

> In case you wonder - The local IPv4 is not equal to the external visible
> one for mail.stoecker.eu.

In this case postfix will see the connection on and need to bind to the
local address.


Peter

unionmap?

2017-02-21 Thread Marek Kozlowski 
:-)

 unionmap (read-only)
A table that sends each query to multiple lookup tables and that
concatenates all found results, separated by comma. The table name
syntax is the same as for pipemap tables.
(http://www.postfix.org/DATABASE_README.html#types)

Seems a little unclear to me how it works :-( Maybe by example. Let's
assume:

virtual_alias_maps = unionmap:{sth1, sth2}

What is the result of `rcpt to:' set to `someone1' in the original mail?

if:
`sth1' maps someone1 -> someone2,someone3
`sth2' maps someone3 -> someone4

if:
`sth1' maps someone1 -> someone2,someone3
and someone4 -> someone5
`sth2' maps someone1 -> someone4

if:
`sth1' maps someone1 -> someone2
`sth2' maps someone2 -> someone1

if:
`sth1' maps someone1 -> someone2
and someone3 -> someone4
`sth2' maps someone1 -> someone3
and someone2 -> someone5

Best regards,
Marek



smime.p7s
Description: S/MIME Cryptographic Signature

Postfix, Dmarc, and Dkim for multiple domains

2017-02-21 Thread David Mehler 
Hello,

I'm not sure if this is the right place to ask this question, but it
is mail related.

I've got Postfix 3.1, and two milter filters dkim (with OpenDKIM), and
dmarc (with OpenDMARC). At the time of initial setup I had one virtual
mailbox domain and things were working fine.

Now I've added two more virtual mailbox domains and need to configure
both opendkim and opendmarc to handle them. I believe I have this with
OpenDKIM here's the config:

AllowSHA1Only   no
AlwaysAddARHeader   yes
AuthservID  hostname.example.com
AutoRestart Yes
AutoRestartRate 5/1h
Canonicalizationrelaxed/simple
ExternalIgnoreList  refile:/usr/local/etc/mail/TrustedHosts
InternalHosts   refile:/usr/local/etc/mail/TrustedHosts
KeyTable/usr/local/etc/mail/KeyTable
MinimumKeyBits  2048
Modesv
PidFile /var/run/milteropendkim/opendkim.pid
SigningTable/usr/local/etc/mail/SigningTable
Socket  inet:8891@localhost
SoftwareHeader  yes
SubDomains  yes
Syslog  Yes
SyslogSuccess   yes
UserID  opendkim

# OPENDKIM TRUSTED HOSTS
127.0.0.1
::1
localhost
host.example.com
example.com
host.example2.com
example2.com
host.example3.com
example3.com

# KeyTable
selector._domainkey.example.com
example.com:selector:/usr/local/etc/mail/keys/example.com/selector
selector._domainkey.example2.com
example2.com:selector:/usr/local/etc/mail/keys/example2.com/selector
selector._domainkey.example3.com
example3.com:selector:/usr/local/etc/mail/keys/example3.com/selector

# SigningTable
example.com selector._domainkey.example.com
example2.com selector._domainkey.example2.com
example3.com selector._domainkey.example3.com

With regards dkim will having an AuthservID of hostname.example.com
mess up dkim checks for any of the other virtual mailbox domains as
they are all on the one server?

I am not sure how to do this using opendmarc as I can't use a table.
If anyone has this working with these filters please let me know.

Thanks.
Dave.

SMTPD for different IPs with IPv4 and IPv6

2017-02-21 Thread Dirk Stöcker 

Hello,

I did clean up my mail server a bit to finally get rid of my known issues 
(i.e. filtering outgoing mails with SpamAssasin).


Using the approach like in

http://www.postfix.org/FILTER_README.html#remote_only

I did setup separate entries for localhost and external IP. Now with IPv4 
and IPv6 that results in 4 lines of SMTP in master.cf.


Is this the way to go or can it be reduced to 2 lines? I tried to use 
dns-names resolving to both addresses instead of IP addresses, but then 
only the IPv4 address was used.


master.cf:
172.31.1.100:smtp inet n -   n   -   -   smtpd
  -o smtpd_milters=inet:localhost:10027,inet:localhost:10028
  -o content_filter=scan:[127.0.0.1]:10025
[2a01:4f8:c17:15d5::1:40]:smtp inet n - n -  -   smtpd
  -o smtpd_milters=inet:localhost:10027,inet:localhost:10028
  -o content_filter=scan:[127.0.0.1]:10025
127.0.0.1:smtp inet  n   -   n   -   -   smtpd
[::1]:smtp inet  n   -   n   -   -   smtpd

main.cf:
inet_interfaces = localhost, mail.stoecker.eu
inet_protocols = ipv4, ipv6

In case you wonder - The local IPv4 is not equal to the external visible 
one for mail.stoecker.eu.


Ciao
--
http://www.dstoecker.eu/ (PGP key available)

send an email with specified sender/recipient address to different servers

2017-02-21 Thread Zalezny Niezalezny 
Hi,

I just would like to know, how may send specified messages to different
hosts.


/etc/postfix/transport

domain.comrelay:mx-domain.local
*   host


All E-mails To: u...@domain.com system sending to mx-domain.local.
This is working fine.

But what should I do if I would like to send an e-mail To:
user_...@domain.com to some other system with IP 10.204.2.2 ? What should I
do ?


The same question for senders. How to send message From:
sender@domain.example not via my default gateway ("*   host" like the rest
of not defined E-mails ) but via some other system "host2" ?


How to properly do it ?


Thanks in advance for Your support.



Cheers

Zalezny

Re: Know wich mail client connect in postix

2017-02-21 Thread Wietse Venema 
/dev/rob0:
> > On Mon, Feb 20, 2017 at 02:48:15PM +, Luis Miguel Flores dos 
> > Santos wrote:
> > > Hi, exist a way to know which mail client try or are connected in 
> > > 587? Like Android Mail, Outlook, thunderbird?
> > 
> > No, because to protocol doesn't care about "which client".
> 
> The actual problem, whatever it is, might be better addressed from 
> the angle of the IMAP server.  MUAs generally do much more with the 
> imapd than with postfix/submission; the latter is typically a short, 
> single transaction.
> 
> Perhaps there is no associated IMAP login, in which case there's a 
> high probability that you're faced with malware.

You can use a policy daemon, http://www.maiamailguard.com/maia/wiki/p0f
to add a header with the client type.  This is a perl script that
needs to be edited to use the right server IP address ($mta_ipaddr
in the script) and port (25 in the script).

With recent versions of Postfix, the policy protocol sends the local
and remote IP address and port, so you could use $attr{'server_address'}
and $attr{'server_port'} in the script.

Background: lcamtuf.coredump.cx/p0f3/

Wietse

Re: Know wich mail client connect in postix

2017-02-21 Thread /dev/rob0 
> On Mon, Feb 20, 2017 at 02:48:15PM +, Luis Miguel Flores dos 
> Santos wrote:
> > Hi, exist a way to know which mail client try or are connected in 
> > 587? Like Android Mail, Outlook, thunderbird?
> 
> No, because to protocol doesn't care about "which client".

The actual problem, whatever it is, might be better addressed from 
the angle of the IMAP server.  MUAs generally do much more with the 
imapd than with postfix/submission; the latter is typically a short, 
single transaction.

Perhaps there is no associated IMAP login, in which case there's a 
high probability that you're faced with malware.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: Know wich mail client connect in postix

2017-02-21 Thread luistkd4 
Thank you


De: Repost [via Postfix] 
Enviado: segunda-feira, 20 de fevereiro de 2017 11:55:20
Para: luistkd4
Assunto: Re: Know wich mail client connect in postix

On Mon, Feb 20, 2017 at 02:48:15PM +, Luis Miguel Flores dos Santos wrote:
> Hi, exist a way to know which mail client try or are connected in 587?
> Like Android Mail, Outlook, thunderbird?

No, because to protocol doesn't care about "which client".


Groeten
Geert Stappers
--
Leven en laten leven



If you reply to this email, your message will be added to the discussion below:
http://postfix.1071664.n5.nabble.com/Know-wich-mail-client-connect-in-postix-tp88963p88964.html
To start a new topic under Postfix Users, email 
ml-node+s1071664n2...@n5.nabble.com
To unsubscribe from Postfix, click 
here.
NAML




--
View this message in context: 
http://postfix.1071664.n5.nabble.com/Know-wich-mail-client-connect-in-postix-tp88963p88970.html
Sent from the Postfix Users mailing list archive at Nabble.com.