Re: Relay mail from virtual domains and issue when the sender and recipient is on same server
> On Apr 14, 2018, at 12:23 AM, Christos Chatzaraswrote: > > I think the only way to fix this is to have 2 postfix instances, right? One > for incoming and one for outgoing. If you want to round-trip mail through an external SMTP server, and then bring it back to the same host, then yes, there typically need to be two queues (Postfix instances), one that sends all mail out, and another that accepts and delivers. One can play games with rewriting, so that mail originally rewrites to a domain that goes off-box, possibly rewrites in the outbound smtp delivery agent smtp_generic_maps, and then returns into an smtpd(8)/cleanup(8) pair that does no or different rewriting. That could make it possible to use a single queue, because the destination domain would be different for returned mail than for originally incoming mail. -- Viktor.
Re: Relay mail from virtual domains and issue when the sender and recipient is on same server
More info to make it clearer: The 'relay denied' I wrote in my previous is not in smtp.example.com logs. E-mail from u...@example.com to u...@example.com : -- client (1) --> server1.example.com (2) --> smtp.example.com (3) --> server1.example.com (4) -- The 'relay denied' message is on server1.example.com logs at step (4). I can solve the 'relay denied' by changing main.cf at server1.example.com from: -- smtpd_relay_restrictions = permit_sasl_authenticated, defer_unauth_destination -- to: -- mynetworks = IP_address_for_smtp.example.com smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination -- But then I have an infinitive loop: -- client --> server1.example.com --> smtp.example.com --> server1.example.com --> smtp.example.com --> server1.example.com --> smtp.example.com --> ... -- I think the only way to fix this is to have 2 postfix instances, right? One for incoming and one for outgoing.
Relay mail from virtual domains and issue when the sender and recipient is on same server
What I want to do: I want to disable local delivery for e-mails from virtual domains / mailboxes when sender / recipient is on same server. I want these e-mails to pass through a relay. -- My setup : I have postfix and dovecot on server1.example.com and smtp.example.com acts as relay for server1.example.com. MX for example.com points to server1.example.com so incoming e-mails go to this server. Outgoing e-mails for domains not hosted in server1.example.com go through the relay. Now I want the e-mails that sender and recipient is on the same server (server1.example.com) to go through the relay (smtp.example.com). For example, currently I send e-mail from u...@example.com to u...@example.com and it does local delivery (e-mail does not leave server1.example.com). I want the e-mail to pass through relay smtp.example.com The problem is that if I remove domain example.com from virtual_mailbox_domains then e-mails goes from server1.example.com to smtp.example.com but when it comes to server1.example.com it says "Relay denied" which I believe is related to postfix don't consider that is the server that actually hosts this domain (final destination). -- /var/log/mailog : Apr 12 19:49:08 server1 postfix/smtpd[24278]: connect from unknown[62.103.227.xxx] Apr 12 19:49:08 server1 postfix/smtpd[24278]: Anonymous TLS connection established from unknown[62.103.227.xxx]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Apr 12 19:49:08 server1 dovecot: auth: passwd-file(u...@example.com,62.103.227.xxx): unknown user Apr 12 19:49:09 server1 postfix/smtpd[24278]: 24B2A2730A: client=unknown[62.103.227.xxx], sasl_method=PLAIN, sasl_username=u...@example.com Apr 12 19:49:09 server1 postfix/cleanup[33817]: 24B2A2730A: message-id=<671ae13c-dbce-449e-922c-011294a59...@example.com> Apr 12 19:49:09 server1 postfix/qmgr[77128]: 24B2A2730A: from=, size=740, nrcpt=1 (queue active) Apr 12 19:49:09 server1 dovecot: lmtp(40507): Connect from local Apr 12 19:49:09 server1 dovecot: lmtp(u...@example.com)<40507> : sieve: msgid=<671ae13c-dbce-449e-922c-011294a59...@example.com>: stored mail into mailbox 'INBOX' Apr 12 19:49:09 server1 dovecot: lmtp(40507): Disconnect from local: Client has quit the connection (state = READY) Apr 12 19:49:09 server1 postfix/lmtp[34621]: 24B2A2730A: to= , relay=server1.example.com[private/dovecot-lmtp], delay=0.24, delays=0.22/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 w+0rEgWOz1o7ngAAPz4RRA Saved) Apr 12 19:49:09 server1 postfix/qmgr[77128]: 24B2A2730A: removed postconf -Mf: smtp inet n - n - - smtpd -o content_filter=filter: -o receive_override_options=no_address_mappings submission inet n - n - - smtpd -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING pickup fifo n - n 60 1 pickup cleanupunix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewriteunix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o smtp_fallback_relay= showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discardunix - - n - - discard local unix - n n - - local virtualunix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache filter unix - n n - - pipe flags=Rq user=filter argv=/usr/local/etc/bogofilter/postfix-filter.sh -f ${sender} -- ${recipient} -- postconf -n:
Re: problem with sending emails from second IP'
Viktor Dukhovni: > > > > On Apr 13, 2018, at 7:25 AM, Poliman - Serwiswrote: > > > > Apr 12 11:48:09 s1 postfix/smtp[12985]: fatal: > > smtp_connect_addr: bad smtp_bind_address parameter: > > 54.38.202.128,: Name or service not known > > That "," there looks like it does not belong. Something's wrong with your > smtp_bind_address syntax. > > > Apr 12 11:49:00 s1 postfix/smtp[13190]: fatal: > > smtp_connect_addr: bad smtp_bind_address parameter: > > 54.38.202.128:10025,: Name or service not known > > Ditto. Good job. smtp_bind_address needs an IP address, no commas, no TCP ports. Wietse
Re: problem with sending emails from second IP'
> On Apr 13, 2018, at 7:25 AM, Poliman - Serwiswrote: > > Apr 12 11:48:09 s1 postfix/smtp[12985]: fatal: > smtp_connect_addr: bad smtp_bind_address parameter: > 54.38.202.128,: Name or service not known That "," there looks like it does not belong. Something's wrong with your smtp_bind_address syntax. > Apr 12 11:49:00 s1 postfix/smtp[13190]: fatal: > smtp_connect_addr: bad smtp_bind_address parameter: > 54.38.202.128:10025,: Name or service not known Ditto. -- Viktor.
Re: problem with sending emails from second IP'
Thank you for answer. About 1st: root@s1:/tmp/roundcubemail-1.3.6# ifconfig ens3 Link encap:Ethernet HWaddr fa:16:3e:21:c7:80 inet addr:145.239.29.218 Bcast:145.239.29.218 Mask:255.255.255.255 inet6 addr: fe80::f816:3eff:fe21:c780/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6751087 errors:0 dropped:0 overruns:0 frame:0 TX packets:6952810 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1144198503 (1.1 GB) TX bytes:14201583464 (14.2 GB) ens3:0Link encap:Ethernet HWaddr fa:16:3e:21:c7:80 inet addr:54.38.202.128 Bcast:54.38.202.128 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:79544422 errors:0 dropped:0 overruns:0 frame:0 TX packets:79544422 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:69690489045 (69.6 GB) TX bytes:69690489045 (69.6 GB) I have changes dns for the hostname of the server: reverse and a records in dns and modify /etc/hosts file. I can ping anything using this interface: root@s1:/usr/share/roundcube/config# ping -I 54.38.202.128 google.com PING google.com (172.217.18.206) from 54.38.202.128 : 56(84) bytes of data. 64 bytes from par10s38-in-f14.1e100.net (172.217.18.206): icmp_seq=1 ttl=49 time=28.8 ms 64 bytes from par10s38-in-f14.1e100.net (172.217.18.206): icmp_seq=2 ttl=49 time=28.8 ms 64 bytes from par10s38-in-f14.1e100.net (172.217.18.206): icmp_seq=3 ttl=49 time=28.8 ms ^C --- google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 28.819/28.820/28.823/0.196 ms About 2nd: For Postfix I have added in main.cf the line smtp_bind_address like below: inet_interfaces = all smtp_bind_address = 54.38.202.128 inet_protocols = all In master.cf I tried add above line but it didn't work or I did something wrong. In my case - Postfix 3.1.0 - part with smtp_bind_address (which is there by default) looks like below: amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes * -o smtp_bind_address=* 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10027 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o milter_default_action=accept -o milter_macro_daemon_name=ORIGINATING -o disable_dns_lookups=yes I tried add after equal sign the ip address: * -o smtp_bind_address=54.38.202.128 * but without success, so I decided to try in main.cf. 2018-04-13 15:37 GMT+02:00 Wietse Venema: > Poliman - Serwis: > > Strange thing. Google says "spf=pass", mailing works but in mail.err > file I > > have: > > > > Apr 12 11:48:09 s1 postfix/smtp[12985]: fatal: smtp_connect_addr: bad > > smtp_bind_address parameter: 54.38.202.128,: Name or service not known > > Apr 12 11:49:00 s1 postfix/smtp[13190]: fatal: smtp_connect_addr: bad > > smtp_bind_address parameter: 54.38.202.128:10025,: Name or service not > > known > > > > > > As I mentioned in earlier message I set smtp_bind_address = 54.38.202.128 > > in /etc/postfix/main.cf. > > 1) You need to 'ifconfig' 54.38.202.128 on your network interface, > otherwise how would your network stack know how to deliver packets > for that IP address? > > 2) You made a mistake when setting the IP address in master.cf, but > you failed to show us what you did, so no-one can help with that. > > Wietse > -- *Pozdrawiam / Best Regards* *Piotr Bracha*
Re: problem with sending emails from second IP'
Poliman - Serwis: > Strange thing. Google says "spf=pass", mailing works but in mail.err file I > have: > > Apr 12 11:48:09 s1 postfix/smtp[12985]: fatal: smtp_connect_addr: bad > smtp_bind_address parameter: 54.38.202.128,: Name or service not known > Apr 12 11:49:00 s1 postfix/smtp[13190]: fatal: smtp_connect_addr: bad > smtp_bind_address parameter: 54.38.202.128:10025,: Name or service not > known > > > As I mentioned in earlier message I set smtp_bind_address = 54.38.202.128 > in /etc/postfix/main.cf. 1) You need to 'ifconfig' 54.38.202.128 on your network interface, otherwise how would your network stack know how to deliver packets for that IP address? 2) You made a mistake when setting the IP address in master.cf, but you failed to show us what you did, so no-one can help with that. Wietse
Re: problem with sending emails from second IP'
Strange thing. Google says "spf=pass", mailing works but in mail.err file I have: Apr 12 11:48:09 s1 postfix/smtp[12985]: fatal: smtp_connect_addr: bad smtp_bind_address parameter: 54.38.202.128,: Name or service not known Apr 12 11:49:00 s1 postfix/smtp[13190]: fatal: smtp_connect_addr: bad smtp_bind_address parameter: 54.38.202.128:10025,: Name or service not known As I mentioned in earlier message I set smtp_bind_address = 54.38.202.128 in /etc/postfix/main.cf. 2018-04-12 16:29 GMT+02:00 Wietse Venema: > 2018-04-12 15:39 GMT+02:00 Wietse Venema : > > > 2018-04-12 12:56 GMT+02:00 Wietse Venema : > > > Please define "not working". > > > > Poliman - Serwis: > > > main ip - 145.239.29.218 > > > failover ip - 54.38.202.128 > > > Not working means mails do not outbound. This same as for line > > > inet_interfaces = 54.38.202.128. > > > > As documented in http://www.postfix.org/postconf.5.html#inet_interfaces, > > on a multi-homed host DO NOT restrict inet_interfaces, instead: > > - specify the server IP address in master.cf. > > - specify the client IP address with smtp_bind_address. > > > > No further support without error messages. > > Poliman - Serwis: > > Thank you for answer. In logs I have this same line which I pasted. I can > > Please do not ask me to go read the whole thread. > > What is the POSTFIX error message for the configuration cited above? > > How does POSTFIX know that it should send mail from the main IP address? > > How does POSTFIX know that it should send mail from the failover IP > address? > > Wietse > -- *Pozdrawiam / Best Regards* *Piotr Bracha*
Re: Postfix [Postfwd2 error]
On 12 Apr 2018, at 18:20, Viktor Dukhovni wrote: On Apr 12, 2018, at 5:57 PM, Bill Colewrote: postfwd2/policy[4807]: warning: Complex regular subexpression recursion limit (32766) exceeded at /opt/postfix/postfwd/sbin/postfwd2 line 1168, <$fh> line 230.? Perhaps ask whoever maintains "postfwd2" what they mean by "<$fh>" ? The "<$fh>" is not the issue. The problem is on line 1168 of the postfwd2 Perl script, while matching a regular expression against line 230 of the file handle <$fh>. One would expect that I'd recognize that error message but it seems that I need to write MORE bad Perl. In my defense, I don't use postfwd2 and didn't know it was written in Perl. So the thing to check with the author of postfwd2 is what's going on with the regular expression on line 1168. That is a scary one. It seems like an attempt to express all of the leniencies in a config format in a single regex, where a preliminary canonicalization (reducing all runs of whitespace to a single space maybe?) would eliminate the need for some of the complexities. But yes, that's really an issue to take up with the author and/or other postfwd2 users. The postfwd.org site indicates that a user mailing list exists.