Re: postfix header check question

[Yves-Marie LE PORS-CHAUVEL]

Hi there,

*Also postmap hader_checks gives me a warning: Header_check line1: record
is in "key: value" format; is this an alias file?*


That's normal, you don't need to *postmap* regex files !

--



Postmastery
*Email Infrastructure, Analytics and Deliverability*
Amsterdam, NL / Paris, FR

PHONE : +33 6 16 83 48 97
www.postmastery.com


We welcome all (positive 😉) feedback at:
https://www.trustpilot.com/review/postmastery.com


Le mar. 14 févr. 2023 à 09:32, Cédric Gallo  a
écrit :

> Hi,
>
> Here are some examples :
> /^Subject: (.*)New Notification Regarding Your Storage(.*)$/ DISCARD
> Anti-phishing
> /^From: (.*)it.ad...@server.fr(.*)$/ REJECT Anti-phishing
> /^Subject: new photos from my party!/ REJECT
> /^Reply-To: (.*) (.*)$/
> DISCARD SPAM
>
> Hope that can help...
> Cedric
> Le 14/02/2023 à 09:08, Spam Petya a écrit :
>
> Hi!
> I would like to use postfix header check. I read the manual, examples, and
> forums, yet I am unable to set up what I would like.
>
> We are getting non delivery reports, and I'd like to silent drop/delete
> them. Any working examples are welcome.
>
> My settings are:
>
> *main.cf :*
>
> header_checks = regexp:/etc/postfix/header_checks
>
> *header_checks:*
>
> /^From:.mailer-dae...@domain.com/ REJECT comment
>
> /^Received: .*sending_domain_hostname.com
> .* / REJECT comment
>
> Also postmap hader_checks gives me a warning: Header_check line1: record
> is in "key: value" format; is this an alias file?
>
>
> Could anyone give me a hint please, or some working examples?
> Thank you
>
>

Implementing a delay between connection closing and reopening

[Yves-Marie Le Pors Chauvel]

Hi there,

Using Postfix 3.5.6, only one IP per postfix instance, I have an issue with
a specific Mailbox Provider limiting to 3 ingoing connections per IP.

Here is my setup for this Mailbox Provider for outgoing connections to this
provider :

In master.cf :





*#
==#
service type  private unpriv  chroot  wakeup  maxproc command + args#
(yes)   (yes)   (yes)   (never) (100)#
==transport
 unix  -   -   y   -   3   smtp*

In main.cf :





*# Transport policytransport_initial_destination_concurrency =
1transport_destination_concurrency_limit =
3transport_destination_rate_delay = 0transport_destination_recipient_limit
= 2*

Also, in main.cf, I have these settings :





*smtp_connection_cache_on_demand = yessmtp_tls_connection_reuse =
yessmtp_connection_reuse_time_limit = 300ssmtp_connection_reuse_count_limit
= 99smtp_connection_cache_time_limit = 2s*

I am receiving a lot of deferred messages from this Mailbox Provider : *Too
many connections from your IP*...

This kind of deferred message is happening when postfix is closing a
connection and reopening a new one. It seems that my delay to close the
connection and open a new one is much more shorter than the Mailbox
Provider to see that the connection has been closed, so he sees 4
connections and starts deferring messages.

Is there a way to implement a delay between connection closing and
reopening for a specific transport in Postfix, while still using connection
reuse ?

Regards,

-- 
Yves-Marie LE PORS-CHAUVEL
Email Product Manager
*T: +33 2 23 45 57 99* (3043)
23, rue du Bignon - 35 135 Chantepie
www.ccmbenchmark.com

Re: Do not use alternate MX in case of a specific message

[Yves-Marie Le Pors Chauvel]

Hi Wietse,

I have a dedicated transport for this ISP, so I'll add this option right
now !

Thanks,
YM

Le mar. 12 avr. 2022 à 15:54, Wietse Venema  a écrit :

> Jaros?aw Rafa:
> > W dniu wto, 12.04.2022 o godzinie 13?52?+0200, u?ytkownik Matus UHLAR -
> > fantomas napisa?:
> > > On 12.04.22 11:21, Yves-Marie Le Pors Chauvel wrote:
> > > > Using Postfix 3.5.6 on debian 11, I would like to know if there is
> > > > any
> > > > possibility not to use an alternative MX for outbound email
> > >
> > > MX is for inbound e-mail by definition
> >
> > I think what the OP meant is that recipient domain has two MX-es and
> > the goal is that the Postfix doesn't try the second MX in case the
> > first one rejects with 4xx but defers the message immediately (for
> > this specific recipient domain).
>
> This could be accomplished with a transport_maps entry that resolves
> to an SMTP client with smtp_mx_session_limit=1.
>
> /etc/postfix/transport
> example.com one-mx-only:
>
> /etc/postfix/master.cf
> one-mx-only .. .. .. .. .. .. smtp
> -o smtp_mx_session_limit=1
>
> Do "postmap /etc/postfix/transport" after editing the file.
>
> Wietse
>


-- 
Yves-Marie LE PORS-CHAUVEL
Email Product Manager
*T: +33 2 23 45 57 99* (3043)
23, rue du Bignon - 35 135 Chantepie
www.ccmbenchmark.com

Re: Do not use alternate MX in case of a specific message

[Yves-Marie Le Pors Chauvel]

Hi there,

@Rafa is right, the recipient domain has 2 MX-es and in case of that first
message, I don't wan't to my any retry on other MX. The issue it that the
deferred message does not contain this very first message so I can't see it
during my log analysis (bases on log message with 'to' and 'status')

@Matus : I am caching connections on all my transports and optimizing the
max concurrency... So this kind of issue is really really exceptional... It
just happens last time because I was sending too few messages per
connection. I just need to put that message in a complete log line with
'to' and 'status'.

Regards,

Le mar. 12 avr. 2022 à 13:58, Jarosław Rafa  a écrit :

> W dniu wto, 12.04.2022 o godzinie 13∶52 +0200, użytkownik Matus UHLAR -
> fantomas napisał:
> > On 12.04.22 11:21, Yves-Marie Le Pors Chauvel wrote:
> > > Using Postfix 3.5.6 on debian 11, I would like to know if there is
> > > any
> > > possibility not to use an alternative MX for outbound email
> >
> > MX is for inbound e-mail by definition
>
> I think what the OP meant is that recipient domain has two MX-es and
> the goal is that the Postfix doesn't try the second MX in case the
> first one rejects with 4xx but defers the message immediately (for
> this specific recipient domain).
> --
> Regards,
>Jaroslaw Rafa
>r...@rafa.eu.org
> --
> "In a million years, when kids go to school, they're gonna know: once there
> was a Hushpuppy, and she lived with her daddy in the Bathtub."
>
>

-- 
Yves-Marie LE PORS-CHAUVEL
Email Product Manager
*T: +33 2 23 45 57 99* (3043)
23, rue du Bignon - 35 135 Chantepie
www.ccmbenchmark.com

Do not use alternate MX in case of a specific message

[Yves-Marie Le Pors Chauvel]

Hi there,

Using Postfix 3.5.6 on debian 11, I would like to know if there is any
possibility not to use an alternative MX for outbound email in case of a
specific message with the very first attempt !

This is for a specific french ISP (Orange).

In some case, you can have these log messages :

*Apr  5 08:52:39 postfix-38 postfix-smtp37/smtp[21446]: DD7DE37005CF: host
smtp-in.orange.fr <http://smtp-in.orange.fr>[193.252.22.65] refused to talk
to me: 421 opmta1mti72nd1 smtp.orange.fr <http://smtp.orange.fr>
bd3OnAY4Z6kfM Service refuse. Veuillez essayer plus tard. Service refused,
please try later. OFR004_105 [105]Apr  5 08:52:40 postfix-38
postfix-smtp37/smtp[21446]: DD7DE37005CF: to=>, relay=smtp-in.orange.fr
<http://smtp-in.orange.fr>[80.12.242.9]:25, delay=2.3,
delays=0.03/0.31/2/0, dsn=4.0.0, status=deferred (host smtp-in.orange.fr
<http://smtp-in.orange.fr>[80.12.242.9] refused to talk to me: 421
opmta1mti72nd1 smtp.orange.fr <http://smtp.orange.fr> bd3PnAY4i6kfM Service
refuse. Veuillez essayer plus tard. Service refused, please try later.
OFR_999 [999])*

The first line means 'Too many connexions within the last hour, this IP
will be block for 2 hours'
The second line means 'Your IP is blocked for 2 hours'

Is there any possibility, if we see the first message, to put it in a
deferred status with this message ?

Regards,

-- 
Yves-Marie LE PORS-CHAUVEL
Email Product Manager

23, rue du Bignon - 35 135 Chantepie
www.ccmbenchmark.com

Re: How to send 10 messages, per second, through my relayhost?

[Yves-Marie Le Pors Chauvel]

Hi Russel,

You have to change your default_destination_rate_delay, as said in the
documentation :

*The default amount of delay that is inserted between individual message
deliveries to the same destination and over the same message delivery
transport.*

So, in your case, it sends only 1 message every second.

Regards,
YM

Le mer. 23 févr. 2022 à 17:08, Russell Jones  a écrit :

> Hi all,
>
> I am struggling to understand why my postfix configuration is not allowing
> me to send 10 messages per second through my configured relayhost. When
> watching the logs, it is sending 1 message per second.
>
> initial_destination_concurrency = 10
> default_destination_concurrency_limit = 10
> default_destination_rate_delay = 1s
>
> smtpinetn   -   n   -   -   smtpd -o
> smtpd_sasl_auth_enable=no -o myhostname=mail.example.com
>
>
> To me, this is saying "send 10 messages every 1 second". To Postfix, this
> doesn't seem to be happening.
>
> Could I have some help with gaining some insight into what I'm missing?
>
> Thanks!
>
>

-- 
Yves-Marie LE PORS-CHAUVEL
Email Product Manager
*T: +33 2 23 45 57 99* (3043)
23, rue du Bignon - 35 135 Chantepie
www.ccmbenchmark.com

destination_concurrency_limit after while moving from Postfix 3.1.15 to Postfix 3.5.6

[Yves-Marie Le Pors Chauvel]

Hi folks,

I moved from Postfix 3.1.15 to 3.5.6... It was mandatory to upgrade it in
order to remove any legacy version (OS and Postfix) !

Before that everything was perfect : respecting the limit of connections
for a specific route per IP with connection reuse without TLS ! Since
moving from 3.1.15 to 3.5.6, we are receiving a lot of ‘too many
connections’ deferred : 421 mwinf5c42 ME Trop de connexions, veuillez
verifier votre configuration. Too many connections, slow down. OFR004_104
[104]

Here is my transport map :

#ORANGE orange.fr orange:csp-audit.com orange:franceadhesif.fr
orange:rgr-avocats.com orange:fermedevilliers.fr orange:abex-ec.fr
orange:pyrcarto.fr orange:agencecharles.fr orange:emballagedigest.eu
orange:da-conseil.com orange:somaris.com orange:auto3000sa.fr
orange:batee.fr orange:dynamelec.fr orange:a4architectes.com
orange:transports-fronton.fr orange:fruitaliance.com
orange:exp-automoto.com orange:aaformation.com orange:aer-sa.fr
orange:atalentec.com orange:bst.fr orange:cabinetec.fr
orange:cabinetsecom.com orange:dhalluin-peny.fr orange:gescomm-fr.com
orange:gsf-am.com orange:kalyseo.fr orange:mattholding.fr
orange:mktool.com orange:quilico-archi.com orange:tea-cefi.com
orange:tramobus.com orange:
#WANADOOwanadoo.fr wanadoo:

Here is part of my main.cf :

smtp_tls_connection_reuse = yes
smtp_connection_reuse_time_limit = 100s
smtp_connection_cache_time_limit = 1s

# Orange policy
orange_initial_destination_concurrency =1
orange_destination_concurrency_limit = 1
orange_destination_rate_delay = 0
orange_destination_recipient_limit = 10

# Wanadoo policy
wanadoo_initial_destination_concurrency = 1
wanadoo_destination_concurrency_limit = 1
wanadoo_destination_rate_delay = 0
wanadoo_destination_recipient_limit = 10

Here is part of my master.cf :

# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
orange  unix  -   -   y   -   2   smtp
wanadoo  unix  -   -   y   -   1   smtp


*As you can notice maxproc = 2 for orange route, but as you know (I won’t
learn you anything) Orange + Wanadoo is a 3 connection limit (recommended 2
for Orange and 1 for Wanadoo).*

I’ve asked the MBP and he confirmed that we have more than 3 connexions at
the exact same time... Does anyone know if Postfix changed the way it is
managing connections (something like moving from connection limit to active
connection limit ? that could be an explanation ==> active + idles > 3) ?
For information, adding TLS or not, does not change this issue...

Does anyone have any advice to tune my conf in order to avoid such issues ?
If you need more elements, feel free to ask !

Regards,

-- 
Yves-Marie LE PORS-CHAUVEL
Email Product Manager
*T: +33 2 23 45 57 99* (3043)
23, rue du Bignon - 35 135 Chantepie
www.ccmbenchmark.com