Re: Problem translating domain to UTF8 form

[Viktor Dukhovni]

On Sat, Jul 01, 2017 at 09:41:32PM +, Mark Raynsford wrote:

> Jul  1 19:15:16 mail postfix/bounce[88353]: warning: 
> midna_domain_to_utf8_create: Problem translating domain "mail.io7m.com" to 
> UTF8 form: U_FILE_ACCESS_ERROR
> Jul  1 19:15:16 mail postfix/bounce[88353]: warning: [built-in]:
> conversion "myhostname" failed: input value: "mail.io7m.com"

> The only thing I can think of, from searching for the
> U_FILE_ACCESS_ERROR code online, is that the library code
> doing the conversion (libicu?) is failing to load its own
> internal resource files. Perhaps this is because "bounce"
> is running in a chroot?

That's the most likely cause.

> My system is:
> 
> $ uname -a
> FreeBSD mail.io7m.com 11.0-RELEASE-p9 FreeBSD 11.0-RELEASE-p9 #0: Tue
> Apr 11 08:48:40 UTC 2017
> r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

On my FreeBSD system:

$ uname -sr
FreeBSD 11.0-RELEASE-p8

tracing "posttls-finger" shows:

stat("/usr/local/share/icu/58.2/icudt58l.dat",{ mode=-rwxr-xr-x 
,inode=220126,size=26213232,blksize=131072 }) = 0 (0x0)
openat(AT_FDCWD,"/usr/local/share/icu/58.2/icudt58l.dat",O_RDONLY,00) = 3 
(0x3)

Quite likely this file is needed in the chroot jail, or avoid chroot.

-- 
Viktor.

Re: Problem translating domain to UTF8 form

[Wietse Venema]

You could try without chroot, that would help identifying the
problem. If the problem is that ICU library does file lookups after
process initialization, then we don't have much choice - either
duplicate the files until eternity, or don't run the process chrooted.

I am on vacation, so this is not a good time to fetch a DVD imaage
and build a VM for testing.

Wietse

Re: postfwd

[@lbutlr]

On Jul 1, 2017, at 11:18 AM, /dev/rob0  wrote:
> Most importantly for many sites, it can do rate limiting for your 
> authenticated users, to stop them if they have malware spewing spam.

Ah, that might be good. Thanks for the info.

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: Mail Forwarding

[wa6vvv]

I think I have it working now.  Typos are killers.  I added @lafn.org to each
of the keys in the virtual_alias_maps file.  That seems to have worked.  I
am not sure why I needed (or if I needed) the virtual_mailbox_domains table.  

I did notice there were no entries for [second_domain] in
virtual_alias_maps.  Those are all locally delivered so I assumed they were
not necessary.  I am receiving mail for that domain without them.

I have found the diagrams in the documentation quite helpful in
understanding postfix.  However, is there similar information on how the
various tables are used and in which order?



--
View this message in context: 
http://postfix.1071664.n5.nabble.com/Mail-Forwarding-tp91078p91095.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Re: postfwd

[/dev/rob0]

On Sat, Jul 01, 2017 at 10:45:50AM -0600, @lbutlr wrote:
> After installing the latest postfix I thought I’d look into postfwd.
> 
> 1) is this the right place to ask about this package?

Probably not.  They have their own mailing list IIRC.

> 2) Is this package generally recommended or not?

I know no reason to steer you away from it, but the one I have used 
is "cluebringer" or cbpolicyd, formerly "policyd".

> 3) It appears to me postfwd does largely what post screen would 
> already do. Is that correct or am I missing something?

Well, I suppose it could do something like DNSBL scoring if you 
configured it to do that, but it can also do things postscreen 
cannot, such as, complex policy decisions based on various elements.

Most importantly for many sites, it can do rate limiting for your 
authenticated users, to stop them if they have malware spewing spam.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

postfwd

[@lbutlr]

After installing the latest postfix I thought I’d look into postfwd.

1) is this the right place to ask about this package?

2) Is this package generally recommended or not?

3) It appears to me postfwd does largely what post screen would already do. Is 
that correct or am I missing something?

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Mail Forwarding

[Doug Hardie]

I thought I had everything working, but something broke. What I need to do is 
to accept mail for local delivery for several users on a couple domains 
(sermon-archive.info and one other) and relay mail for a number of users on 
domain (lafn.org) to a variety of different locations.  Each user could be on a 
different server.  My tests seemed to work, but when adding in the full tables, 
it broke.  Here are the various config files etc:

mail# postconf -n
command_directory = /usr/local/sbin
compatibility_level = 2
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd 
$daemon_directory/$process_name $process_id & sleep 5
dovecot_destination_recipient_limit = 1
enable_long_queue_ids = yes
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 0
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
max_use = 5
message_size_limit = 102400
mydestination = localhost.$mydomain, localhost
mydomain = sermon-archive.info
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
postscreen_access_list = permit_mynetworks, 
cidr:/usr/local/etc/postfix/access.cidr
postscreen_greet_action = enforce
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_destination_recipient_limit = 25
smtpd_authorized_xclient_hosts = 10.0.1.0/24
smtpd_command_filter = pcre:/usr/local/etc/postfix/quote
smtpd_error_sleep_time = 10
smtpd_hard_error_limit = 10
smtpd_milters = unix:/var/run/clamav/clmilter.sock
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 1
smtpd_tls_cert_file = /etc/ssl/certs/mail.pem
smtpd_tls_key_file = /etc/ssl/private/mail.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/usr/local/etc/postfix/vmail_domains
virtual_alias_maps = hash:/usr/local/etc/postfix/vmail_alias
virtual_gid_maps = static:
virtual_mailbox_base = /var/mail/
virtual_mailbox_domains = hash:/usr/local/etc/postfix/local_domains
virtual_mailbox_limit = 102400
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmail_mailbox
virtual_minimum_uid = 
virtual_transport = dovecot
virtual_uid_maps = static:

mail# more local_domains
sermon-archive.info OK
mail.sermon-archive.infoOK
second.domain   OK


mail# more vmail_alias
postmaster  doug
bc979   doug
bc979-1 edward
bc979-4 jeanne
user1   mailb...@gmail.com
user2   mailb...@aol.com
refund  mailb...@hotmail.com


Plus a bunch more.  Other than postmaster, I thought that the left names should 
have @lafn.org, but that didn't seem to work either.


mail# more vmail_domains
lafn.orgOK


mail# more vmail_mailbox
d...@sermon-archive.infohome_mail/doug/
d...@mail.sermon-archive.info   home_mail/doug/


I also wanted to be able to have different users with the same name of 
different addresses such as d...@sermon-archive.info and doug@second.domain and 
have them go to different places.  Both seem to get local delivery to doug.

I am sure I have something configured wrong.  

When I try to send from a non-local system I get the following:

brain% telnet sermon-archive.info 25
Trying 71.177.216.148...
Connected to sermon-archive.info.
Escape character is '^]'.
220 mail.sermon-archive.info ESMTP Postfix
helo me
250 mail.sermon-archive.info
mail from:wa6...@arrl.net
250 2.1.0 Ok
rcpt to:ref...@lafn.org
550 5.1.1 : Recipient address rejected: User unknown in 
virtual alias table


— Doug