Re: A couple of problems
- Original Message - From: Benny Pedersen m...@junc.org To: postfix-users@postfix.org Date: Wed, 02 Sep 2009 20:43:10 +0200 Subject: Re: A couple of problems On ons 02 sep 2009 20:06:08 CEST, Daniel L'Hommedieu wrote I guess nobody has any ideas on the other problem I mentioned, because nobody has responded to that half of my original email. :( are you saying that your wife cant use smtp auth ? :) -- xpoint I bet it definitely must be that! :)) Well, look like its time for you, to supply your wife with a proper amount of educatinon. ;)
Re: A couple of problems
On Aug 27, 2009, at 15:02, LuKreme wrote: On 27-Aug-2009, at 09:58, Daniel L'Hommedieu wrote: I could remove the limitation as you suggest, but doing so would open me up to hundreds of spams a day. So you have a choice, you can figure out how else to deal with the from/to spam, or you can not get the mail from your wife. There is a reason that people are told not to reject mail from their own domain. LuKreme Victor: Everyone who sends mail through my mail server is authenticated, so I do not want to accept any email from my domain that does not come from an authenticated source. But, I need to accept email for my wife, so the proper solution is to do what Victor suggested (short-circuit the email loop). Thanks. I guess nobody has any ideas on the other problem I mentioned, because nobody has responded to that half of my original email. :( Daniel
Re: A couple of problems
On ons 02 sep 2009 20:06:08 CEST, Daniel L'Hommedieu wrote I guess nobody has any ideas on the other problem I mentioned, because nobody has responded to that half of my original email. :( are you saying that your wife cant use smtp auth ? :) -- xpoint
A couple of problems
Greetings, all. I'm having a couple of problems I hope someone here can help me with. First, a problem with sender restrictions. Specifically I am being told that I cannot send on behalf of my domain name. I am sending mail to my wife's address at mac.com, through my mail server. The route the mail takes is: - my mail server (Postfix on Linux) - relay through my ISP (because my ISP blocks outbound SMTP) - Apple's .mac service (a couple of hops) - forward from .mac back to our ISP (for additional spam filtering) - forward from ISP back to my Linux box (this is where all of her email ends up) My guess is that the final hop (ISP to my Linux box) generates the error message, but the headers seem to imply otherwise...I'm not really sure. The returned error message is copied here: --- 8 --- clip'n'save --- 8 --- This message was created automatically by mail delivery software (Exim). A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: wife's-local-addr...@example.net SMTP error from remote mailer after RCPT TO:wife's-local-addr...@example.net : host hostname.is-a-geek.com [1.2.3.4]: 554 5.7.1 my-addr...@example.net : Sender address rejected: you cannot send on behalf of example.net --- 8 --- clip'n'save --- 8 --- hostname.is-a-geek.com is my local Linux box, and the address given (shown as 1.2.3.4) is my cable router's external address. Is it possible to do this sort of thing? I guess I could add my ISP's servers to mynetworks, but I'd rather not have to keep up with that, and I'm not sure that would solve the problem. Another problem I'm having, which I mentioned recently but for which I did not get a response, is canonical/virtual resolution. I might not have gotten a response because of thread hijacking, which I now know to be taboo here. (I had changed the subject line and had denoted that in the subject line, but that probably wasn't enough.) Most of the domains in mydestination are virtual alias domains, so I'm guessing that those should be moved to virtual_alias_domains, and that mydestination should be $myhostname, localhost.$mydomain, localhost, $mydomain only. The others are FQDNs that point to my hostname but are not used in email addresses. In my config, you'll notice that I'm using SSL; these are self-signed certificates that I pretty much only use for my personal mail delivery (my MacBook Pro has the cert loaded, so I can send SSL email from my laptop to my server); I don't think remote SMTP servers like those certs, but mail always gets through so I'm not very concerned about it just now. Also, you'll note that I'm using my ISP's mail server as a relay; this is because my server runs in a dynamic pool, and I don't want my legitimate outbound mail blocked because I'm running a server on a dynamic range. Using this relay requires an ISP username password, which is in /etc/postfix/sasl_password. The only thing that isn't working the way I need it to work is some combination of canonical, generic, virtual maps. I have a GroupWise account at work, with that email forwarded to my Postfix server. It appears that GroupWise mail forwarding is broken, because GroupWise changes the recipient to be the address on my Postfix server, instead of leaving it to be the GroupWise address and simply forwarding the email. I have the following mappings set, but they don't correct that email address: canonical: f...@example.net daniel_lhommed...@example.edu generic: foo daniel_lhommed...@example.edu virtual: daniel_lhommed...@example.edu f...@example.net dclho...@example.edu f...@example.net dclho...@gw.example.edu f...@example.net dclho...@abc.example.edu f...@example.net Email addressed to dclho...@example.edu and dclho...@abc.example.edu works fine, but the two GroupWise addresses (daniel_lhommed...@example.edu and dclho...@gw.example.edu) do not properly correct. Any pointers on what I might be doing wrong here? Thanks so much. Daniel postconf -n output: --- 8 --- clip'n'save --- 8 --- alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases broken_sasl_auth_clients = yes canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, hostname.example.com, www.example.com, mail.example.com, example.com, hostname.dyndns.org, hostname.gotdns.com, hostname.is-a- geek.com, example.com mynetworks = 10.0.1.0/24, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix
Re: A couple of problems
On Thu, Aug 27, 2009 at 11:41:08AM -0400, Daniel L'Hommedieu wrote: wife's-local-addr...@example.net SMTP error from remote mailer after RCPT TO:wife's-local-addr...@example.net: host hostname.is-a-geek.com [1.2.3.4]: 554 5.7.1 my-addr...@example.net: Sender address rejected: you cannot send on behalf of example.net Delete the rule in your access tables that rejects mail from remote systems with envelope sender addresses in your domain. This is not default Postfix behaviour. You configured your Postfix to reject such mail, now appears that you need to accept it. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: A couple of problems
On Aug 27, 2009, at 11:50, Victor Duchovni wrote: On Thu, Aug 27, 2009 at 11:41:08AM -0400, Daniel L'Hommedieu wrote: wife's-local-addr...@example.net SMTP error from remote mailer after RCPT TO:wife's-local-addr...@example.net: host hostname.is-a-geek.com [1.2.3.4]: 554 5.7.1 my-addr...@example.net: Sender address rejected: you cannot send on behalf of example.net Delete the rule in your access tables that rejects mail from remote systems with envelope sender addresses in your domain. This is not default Postfix behaviour. You configured your Postfix to reject such mail, now appears that you need to accept it. Indeed I did, Viktor. The huge majority of the spam I get is from me to me spam, and this was an attempt to avoid that spam. It is proving to be phenomenally successful - it is the single greatest spam limiter I have ever seen, blocking nearly twice as much spam than the ZEN spamhaus list that I implemented at the same time. I could remove the limitation as you suggest, but doing so would open me up to hundreds of spams a day. I could certainly email my wife at the local address instead of the .mac address, and shall begin doing so, but is there any other way? Thanks. Daniel
Re: A couple of problems
On Thu, Aug 27, 2009 at 11:58:38AM -0400, Daniel L'Hommedieu wrote: my-addr...@example.net: Sender address rejected: you cannot send on behalf of example.net Delete the rule in your access tables that rejects mail from remote systems with envelope sender addresses in your domain. This is not default Postfix behaviour. You configured your Postfix to reject such mail, now appears that you need to accept it. Indeed I did, Viktor. The huge majority of the spam I get is from me to me spam, and this was an attempt to avoid that spam. It is proving to be phenomenally successful - it is the single greatest spam limiter I have ever seen, blocking nearly twice as much spam than the ZEN spamhaus list that I implemented at the same time. I could remove the limitation as you suggest, but doing so would open me up to hundreds of spams a day. I could certainly email my wife at the local address instead of the .mac address, and shall begin doing so, but is there any other way? Pick one: - You want to receive some external email with envelope sender addresses in your domain. - You do not want to receive any external email with envelope sender addresses in your domain. If the former includes some spam, deploy a decent spam content filter, use good RBLs, ... This said don't send mail out that you already know will come back in, use virtual_alias_maps to short-circuit appropriate external addresses to internal mailboxes. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.