Re: mysql local_recipient_map

2016-06-20 Thread Peter 
On 21/06/16 10:47, Benny Pedersen wrote:
> On 2016-06-21 00:42, Peter wrote:
>> On 19/06/16 14:22, Paul R. Ganci wrote:
>>> I am running CentOS 7 which runs postfix chroot.
>>
>> No it does not.
>>
>> If your postfix is running chroot on CentOS 7 (or indeed any version of
>> CentOS or RHEL, etc) then eitehr you have (1) modified the config
>> yourself to make it chroot, (2) installed postfix packages from some 3rd
>> party repo (not mine) that has postfix configured for chroot, or (3)
>> installed postfix from source yourself.
> 
> number 3 is incorrect

I should have said, "installed postfix from source yourself *and*
modified the config to make it chroot."  But I suppose this is covered
under #1.


Peter

Re: mysql local_recipient_map

2016-06-20 Thread Benny Pedersen 

On 2016-06-21 00:42, Peter wrote:

On 19/06/16 14:22, Paul R. Ganci wrote:

I am running CentOS 7 which runs postfix chroot.


No it does not.

If your postfix is running chroot on CentOS 7 (or indeed any version of
CentOS or RHEL, etc) then eitehr you have (1) modified the config
yourself to make it chroot, (2) installed postfix packages from some 
3rd

party repo (not mine) that has postfix configured for chroot, or (3)
installed postfix from source yourself.


number 3 is incorrect

Re: mysql local_recipient_map

2016-06-20 Thread Peter 
On 20/06/16 02:56, Wietse Venema wrote:
> No offense taken. It just is a recurring problem with Linux distros
> that turn on chroot without providing the necessary files to make
> things like mysql work properly. Postfix 3.0 makes it harder to
> turn on chroot; hopefully that will end these problems.

I'd like to point out ... again ... that CentOS does *not* do this.


Peter

Re: mysql local_recipient_map

2016-06-20 Thread Peter 
On 19/06/16 14:22, Paul R. Ganci wrote:
> I am running CentOS 7 which runs postfix chroot.

No it does not.

If your postfix is running chroot on CentOS 7 (or indeed any version of
CentOS or RHEL, etc) then eitehr you have (1) modified the config
yourself to make it chroot, (2) installed postfix packages from some 3rd
party repo (not mine) that has postfix configured for chroot, or (3)
installed postfix from source yourself.


Peter

Re: mysql local_recipient_map

2016-06-19 Thread Wietse Venema 
Paul R. Ganci:
> On 06/19/2016 07:26 AM, Wietse Venema wrote:
> > Turn off chroot (edit master.cf, then do "postfix reload"). If RedHat 
> > decides to turn on chroot, then it is is their responsibility, not 
> > mine, to figure out what nsswitch, pam, etc. files are needed under 
> > /var/spool/postfix, and to keep those files in sync with the base 
> > operating system. 
> Sorry I didn't mean to offend if I did.  As I said there is no issue 

No offense taken. It just is a recurring problem with Linux distros
that turn on chroot without providing the necessary files to make
things like mysql work properly. Postfix 3.0 makes it harder to
turn on chroot; hopefully that will end these problems.

> running chroot. The setup works just fine and has for months now. Only 
> recently did I try to use the mysql database with the 
> local_recipient_maps and saw the issue I did. I am happy with my 
> solution but was curious and thought you had some magic.

Except that the mysql support won't work unless you do one
of the following:
a) you turn off chroot in Postfix.
b) you add some files under /var/spool/postfix, the details of which
   change with the distribution and version, and which are discovered
   by stracing programs until all errors are accounted for.

> Thanks for your help.

You're welcome.

Wietse

Re: mysql local_recipient_map

2016-06-19 Thread Paul R. Ganci 



On 06/19/2016 07:26 AM, Wietse Venema wrote:
Turn off chroot (edit master.cf, then do "postfix reload"). If RedHat 
decides to turn on chroot, then it is is their responsibility, not 
mine, to figure out what nsswitch, pam, etc. files are needed under 
/var/spool/postfix, and to keep those files in sync with the base 
operating system. 
Sorry I didn't mean to offend if I did.  As I said there is no issue 
running chroot. The setup works just fine and has for months now. Only 
recently did I try to use the mysql database with the 
local_recipient_maps and saw the issue I did. I am happy with my 
solution but was curious and thought you had some magic.


Thanks for your help.

--
Paul (ga...@nurdog.com)
Cell: (303)257-5208

Re: mysql local_recipient_map

2016-06-19 Thread Wietse Venema 
Paul R. Ganci:
> I am running CentOS 7 which runs postfix chroot. Everything works as 
> expected in this mode except for the mysql configuration. []
> I am okay with the setup as it is now however can you elaborate on 
> what additional setup I would need to get the mysql database to work 

Turn off chroot (edit master.cf, then do "postfix reload"). If
RedHat decides to turn on chroot, then it is is their responsibility,
not mine, to figure out what nsswitch, pam, etc. files are needed
under /var/spool/postfix, and to keep those files in sync with the
base operating system.

Wietse

Re: mysql local_recipient_map

2016-06-18 Thread Paul R. Ganci 



On 06/14/2016 08:02 AM, Wietse Venema wrote:

Paul R. Ganci:

On 06/14/2016 04:28 AM, Wietse Venema wrote:

Paul R. Ganci:

  If the MYSQL library was handling the host name resolution
then why does the postmap -q query succeed? Shouldn't both queries fail?

Perhaps you are running postmap as ROOT; Postfix runs as on-root.

Indeed I was.

Perhaps you have chroot enabled in master.cf. This is the default on
debian/ubuntu. See http://www.postfix.org/DEBUG_README.html#no_chroot
Change the master.cf entry should to this:
 smtp  inet  n   -   n   -   -   smtpd
---^^^
Using chroot requires additional setup.
I am running CentOS 7 which runs postfix chroot. Everything works as 
expected in this mode except for the mysql configuration. You are 
suggesting a permissions problem but I have verified that even with 
world read access the problem occurs. I do not want to run postfix as 
root. I am okay with the setup as it is now however can you elaborate on 
what additional setup I would need to get the mysql database to work 
with a server name rather than a server IP address? I really thought it 
was as simple as making the config file and then just making the proper 
entry in main.cf ala:


local_recipient_maps = mysql:/etc/postfix/local_recipient_map.cf

There is definitely something strange because I just put back the server 
name and did a postmap query from a non-root account and it works fine. 
I also verified that I don't have a typo in the main.cf config so I 
really don't understand what might be different between the mysql access 
from postfix vs postmap.


--
Paul (ga...@nurdog.com)
Cell: (303)257-5208

Re: mysql local_recipient_map

2016-06-14 Thread Wietse Venema 
Paul R. Ganci:
> On 06/14/2016 04:28 AM, Wietse Venema wrote:
> > Paul R. Ganci:
> >> anyone know what I am missing in that it seems postfix did resolve the
> >> IP address when communicating with the mysql database?
> > The host lookup is done by the MSQL library.
> That doesn't seem correct to me because with hosts = 
> server-1.example.comin/etc/postfix/local_recipient_map.cf
> 
> postmap -q sally@example.commysql:/etc/postfix/local_recipient_map.cf
> 
> works correctly
> 
> but the postfix daemon query fails (both requests work with an IP 
> address). If the MYSQL library was handling the host name resolution 
> then why does the postmap -q query succeed? Shouldn't both queries fail?

Perhaps you are running postmap as ROOT; Postfix runs as on-root.

Perhaps you have chroot enabled in master.cf. This is the default on 
debian/ubuntu. See http://www.postfix.org/DEBUG_README.html#no_chroot
Change the master.cf entry should to this:
smtp  inet  n   -   n   -   -   smtpd
---^^^
Using chroot requires additional setup.

Wietse

Re: mysql local_recipient_map

2016-06-14 Thread Paul R. Ganci 

On 06/14/2016 04:28 AM, Wietse Venema wrote:

Paul R. Ganci:

anyone know what I am missing in that it seems postfix did resolve the
IP address when communicating with the mysql database?

The host lookup is done by the MSQL library.
That doesn't seem correct to me because with hosts = 
server-1.example.comin/etc/postfix/local_recipient_map.cf


postmap -q sally@example.commysql:/etc/postfix/local_recipient_map.cf

works correctly

but the postfix daemon query fails (both requests work with an IP 
address). If the MYSQL library was handling the host name resolution 
then why does the postmap -q query succeed? Shouldn't both queries fail?


--
Paul (ga...@nurdog.com)
Cell: (303)257-5208

Re: mysql local_recipient_map

2016-06-14 Thread Wietse Venema 
Paul R. Ganci:
> I changed the line hosts = server-1.example.com to use an IP address 
> instead hosts = 192.168.1.200 and everything started working. Does 
> anyone know what I am missing in that it seems postfix did resolve the 
> IP address when communicating with the mysql database?

The host lookup is done by the MSQL library.

Wietse

Re: mysql local_recipient_map

2016-06-13 Thread Paul R. Ganci 
I changed the line hosts = server-1.example.com to use an IP address 
instead hosts = 192.168.1.200 and everything started working. Does 
anyone know what I am missing in that it seems postfix did resolve the 
IP address when communicating with the mysql database?



On 06/13/2016 07:52 PM, Paul R. Ganci wrote:
I have setup a mysql data baseto provide a list of of local email 
recipients for a gateway email server. The configuration file looks 
like this:


> cat /etc/postfix/local_recipient_map.cf
user = postfix
password = Secret
hosts = server-1.example.com
dbname = postfix
query = SELECT destination FROM postfix_virtual WHERE email = '%s'

If I do a test query ala:

> postmap -q sa...@example.com mysql:/etc/postfix/local_recipient_map.cf
sallysemail

This last command seems to indicate that the query completes 
successfully. So I then configured the main.cf per this extracted stanza:


# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
#
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
#
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
#
# - You define $mydestination domain recipients in files other than
#   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
#   For example, you define $mydestination domain recipients in
#   the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
#
# - You redefine the "local_transport" setting in main.cf.
#
# - You use the "luser_relay", "mailbox_transport", or 
"fallback_transport"

#   feature of the Postfix local delivery agent (see local(8)).
#
# Details are described in the LOCAL_RECIPIENT_README file.
#
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a u...@domain.tld address.
#
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
#local_recipient_maps =
local_recipient_maps = mysql:/etc/postfix/local_recipient_map.cf

However after I issue

>postfix reload

I get the following warning in the /var/log/maillog file:

Jun 13 17:02:33 mx02 postfix/smtpd[24400]: warning: 
mysql:/etc/postfix/local_recipient_map.cf lookup error for 
"sa...@example.com"
Jun 13 17:02:33 mx02 postfix/smtpd[24400]: NOQUEUE: reject: RCPT from 
unknown[50.31.61.193]: 451 4.3.0 : Temporary lookup 
failure; 
from= 
to= proto=ESMTP helo=


Can somebody tell me what I am doing wrong? Why does the postmap -q 
command line query successfully return a result but fail from postfix?


Thank you for your help.



--
Paul (ga...@nurdog.com)
Cell: (303)257-5208

mysql local_recipient_map

2016-06-13 Thread Paul R. Ganci 
I have setup a mysql data baseto provide a list of of local email 
recipients for a gateway email server. The configuration file looks like 
this:


> cat /etc/postfix/local_recipient_map.cf
user = postfix
password = Secret
hosts = server-1.example.com
dbname = postfix
query = SELECT destination FROM postfix_virtual WHERE email = '%s'

If I do a test query ala:

> postmap -q sa...@example.com mysql:/etc/postfix/local_recipient_map.cf
sallysemail

This last command seems to indicate that the query completes 
successfully. So I then configured the main.cf per this extracted stanza:


# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
#
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
#
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
#
# - You define $mydestination domain recipients in files other than
#   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
#   For example, you define $mydestination domain recipients in
#   the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
#
# - You redefine the "local_transport" setting in main.cf.
#
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
#   feature of the Postfix local delivery agent (see local(8)).
#
# Details are described in the LOCAL_RECIPIENT_README file.
#
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a u...@domain.tld address.
#
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
#local_recipient_maps =
local_recipient_maps = mysql:/etc/postfix/local_recipient_map.cf

However after I issue

>postfix reload

I get the following warning in the /var/log/maillog file:

Jun 13 17:02:33 mx02 postfix/smtpd[24400]: warning: 
mysql:/etc/postfix/local_recipient_map.cf lookup error for 
"sa...@example.com"
Jun 13 17:02:33 mx02 postfix/smtpd[24400]: NOQUEUE: reject: RCPT from 
unknown[50.31.61.193]: 451 4.3.0 : Temporary lookup 
failure; from= 
to= proto=ESMTP helo=


Can somebody tell me what I am doing wrong? Why does the postmap -q 
command line query successfully return a result but fail from postfix?


Thank you for your help.