distribution list with postfix
Hi, could you please give me an addvise, whether the following is possible with postfix? I'd like to manage distribution lists with postfix, so that when a user sends a message to li...@mydomain postfix looks up an alias map in MySQL and sends individual emails to each alias found in the table. It is important that the To: header of the mail contains the expanded address, not the original one so that the resulting mails looks exactly as if the user would have send them individually to each recipient. Thanks for your time! Thomas Koch, http://www.koch.ro
Re: relay_domains vs virtual_mailbox_domains
On Mon, 2009-09-07 at 11:50 -0400, Sahil Tandon wrote: You should not accept mail for invalid recipients. Use existing functionality to build a cache/database of valid recipients on the fly. See: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient We have no way of knowing if the recipient address is valid or not as we are only acting as a relay for the final destination. We cannot build a database of recipients on the fly as that information is held on the various servers of our clients, to which we do not have access. -- thorNET Internet Services, Consultancy Training www.thornet.co.uk
lost connection after CONNECT / SSL_accept error from errors / network_biopair_interop: no inbound mail
I am getting no inbound email after locking down the requirements of users to authenticate before sending. I dropped back from current (2.7.*) to 2.6.5. Not having any success getting tcpdump output. The version I have differs from the example in the DEBUG instructions. Complete error messages. Please use cut-and-paste, or use attachments, instead of reciting information from memory. Sep 8 00:45:30 shuttle postfix/smtpd[56332]: qmta10.emeryville.ca.mail.comcast.net[76.96.30.17]: TLS cipher list ALL:!EXPORT:!LOW:+RC4:@STRENGTH Sep 8 00:45:30 shuttle postfix/smtpd[56332]: SSL_accept:before/accept initialization Sep 8 00:45:30 shuttle postfix/smtpd[56332]: read from 34103AC0 [341BF000] (11 bytes = -1 (0x)) Sep 8 00:45:33 shuttle postfix/smtpd[56335]: SSL_accept error from mail-pz0-f204.google.com[209.85.222.204]: -1 Sep 8 00:45:33 shuttle postfix/smtpd[56335]: lost connection after CONNECT from mail-pz0-f204.google.com[209.85.222.204] Sep 8 00:45:33 shuttle postfix/smtpd[56335]: disconnect from mail-pz0- f204.google.com[209.85.222.204] Sep 8 00:46:03 shuttle postfix/smtpd[56437]: warning: network_biopair_interop: error reading 11 bytes from the network: Connection reset by peer Sep 8 00:46:03 shuttle postfix/smtpd[56437]: SSL_accept error from mail-px0-f194.google.com[209.85.216.194]: -1 Sep 8 00:46:03 shuttle postfix/smtpd[56437]: lost connection after CONNECT from mail-px0-f194.google.com[209.85.216.194] Sep 8 00:46:03 shuttle postfix/smtpd[56437]: disconnect from mail-px0- f194.google.com[209.85.216.194] Sep 8 00:47:07 shuttle postfix/smtpd[56335]: connect from elasmtp- masked.atl.sa.earthlink.net[209.86.89.68] Sep 8 00:47:07 shuttle postfix/smtpd[56335]: setting up TLS connection from elasmtp-masked.atl.sa.earthlink.net[209.86.89.68] Sep 8 00:47:07 shuttle postfix/smtpd[56335]: elasmtp- masked.atl.sa.earthlink.net[209.86.89.68]: TLS cipher list ALL:! EXPORT:!LOW:+RC4:@STRENGTH postfinger - postfix configuration on Tue Sep 8 00:53:35 PDT 2009 version: 1.30 --System Parameters-- mail_version = 2.6.5 hostname = shuttle.ferbil.fotz uname = FreeBSD shuttle.ferbil.fotz 7.2-RELEASE-p1 FreeBSD 7.2-RELEASE- p1 #1: Fri Jun 12 22:10:40 PDT 2009 r...@shuttle.ferbil.fotz:/usr/ obj/usr/src/sys/SHUTTLE i386 --Packaging information-- looks like this postfix comes from BSD package: postfix-2.6.5,1 --main.cf non-default parameters-- default_process_limit = 200 disable_vrfy_command = yes invalid_hostname_reject_code = 554 maps_rbl_domains = blackholes.mail-abuse.org multi_recipient_bounce_reject_code = 554 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain myhostname = mail.ferbil.fotz mynetworks = 192.168.2.0/24, 127.0.0.0/8 myorigin = $mydomain non_fqdn_reject_code = 554 proxy_interfaces = 72.1.134.183 smtp_tls_session_cache_database = btree:/var/lib/postfix/ smtp_tls_session_cache smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_reject_unlisted_sender = yes smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/cacert.pem smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/pbo-cert.pem smtpd_tls_key_file = /usr/local/etc/postfix/ssl/pbo-key.pem smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_security_level = may strict_rfc821_envelopes = yes unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_relay_recipient_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_recipient_reject_code = 554 unverified_sender_reject_code = 554 virtual_alias_domains = mildew.org virtual_alias_maps = hash:/usr/local/etc/postfix/mildew.cf --master.cf-- smtp inet n - n - 200 smtpd -o content_filter=filter: -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes pickupfifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgrunix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounceunix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verifyunix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix -
Re: relay_domains vs virtual_mailbox_domains
Steve Heaven wrote: On Mon, 2009-09-07 at 11:50 -0400, Sahil Tandon wrote: You should not accept mail for invalid recipients. Use existing functionality to build a cache/database of valid recipients on the fly. See: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient We have no way of knowing if the recipient address is valid or not as we are only acting as a relay for the final destination. We cannot build a database of recipients on the fly as that information is held on the various servers of our clients, to which we do not have access. Sahil Tandon gave you a link containing the solution to you problem. I suggest you read it before you say it can't be done. Tip: scoll up to How address verification works. Mikael
Re: relay_domains vs virtual_mailbox_domains
From: Clunk Werclick mailbacku...@googlemail.com Reply-to: mailbacku...@googlemail.com Cc: postfix-users@postfix.org Subject: Re: relay_domains vs virtual_mailbox_domains Date: Tue, 08 Sep 2009 09:28:36 +0100 Mailer: Evolution 2.24.3 On Tue, 2009-09-08 at 08:52 +0100, Steve Heaven wrote: On Mon, 2009-09-07 at 11:50 -0400, Sahil Tandon wrote: You should not accept mail for invalid recipients. Use existing functionality to build a cache/database of valid recipients on the fly. See: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient We have no way of knowing if the recipient address is valid or not as we are only acting as a relay for the final destination. We cannot build a database of recipients on the fly as that information is held on the various servers of our clients, to which we do not have access. Please forgive the bluntness - and drifting off a bit as I've not seen all of this; If you are acting as a relay and not able to verify the final recipients exist - you will quickly run into serious problems and side effects. Postfix provides a probing/discovery mechanism that spares you the need to build maps - it's not ideal when compared to the sheer speed of SQL, MAPS or LDAP, but it exists - so there is no excuse to accept mail for invalid recipients with Postfix. The link given tells you how this 'probing' works. Failing to verify final recipients means you will probably accept mail that is sequentially refused, leaving you holding the baby and having to bounce it. (Old Chinese Proverb say, man who gives 250 OK to SMTP, take ownership and responsibility). With invalid recipients, the sender is usually forged and as your relay has nothing left to do but bounce the message, your IP(s) are going to become really unpopular *fast*, and probably have it blacklisted in no time at all. This is, of course, not only limited to invalid recipients. Accepting any kind of mail for a destination that cannot be delivered gives the same problem. Perhaps the recipient is valid, but the destination refused the message because of the content/spam. You end up holding the baby again. If you really need the ability to catch all without bounce then the final destination needs to absolutely white list everything your throw at it - regardless of recipient or content. That is most certainly *not* ideal without some serious UCE measures on the relay itself. In commercial solutions I have seen, RELAYS have held the message and not given a 250 until the final destination has taken it -or- (less ideal) taken the message and put it into an 'outbound' Postfixen where it is retried for 48-72 hours. This gives the Relay admin time to see it and liase with the final destination host admin. This would be a real headache if you wind up with thousands of messages in the queue for invalid recipients, bringing us full circle to the topic once more. Good luck with what it is you are doing. -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
[Bounce Handling] Searching information
Hello postfix users First Ill say that its about 10 days I read Mailing list history, and I that I Google around in order to understand Bounce Handling in postfix. (Im a former Exim user) Ive found with Google several sites explaining how to set up bounce handling, but up to now all methods tested do not work for me Let me explain first what we want to do and what is done up to now : - We have approx 150 customers that wish to do marketing email with their customers, and we have had these customers knowing former spam listing, because they / we did not cope feedback loops, list retrieval and all the quality service recommendations. These customers are mostly Automotive software users that use our integrated mailing service in the software, using simple outlook mailing dlls (software is made under windev, and uses all Windows dlls). - We want to offer our customers a service that will allow them by using their software, to mail their customers, through a mailing platform, independent of their outlook / email software and that will cope : Mailing unsubscription, feedback loops with webmail / ISP, bounce handling to bring their mailing lists to quality . What we have setup : - Postfix mailing servers (5), (servers A E) with authorized (login / password) account set in our software, and ID control of our users sending their marketing mail. These servers are only purposed to mail sending, all web and bounce treatment is done on 2 other servers (F/G) loadbalanced, that cope bounces (return path sends to these 2 servers domain name, it is set to send bounce emails to @F.net). These five servers work to our needs with no problem. - Mailing List unsubscription, feedback loops, online data handling, mysql mailing statistics, on servers F/G - Bounce Handling php script, checking bounces and coping in databases all post-bounce treatements on servers F / G - Bounce Handling administrative script allowing us to learn new Bounce codes not already treated automatically by system on servers F/G. What we havent managed to setup. - On servers F/G, postfix is not able to send bounced email received to php script. - Postfix answers to all bounces received on these servers : bounce.kiuk0xhqtmkr-jf3t8kmh-mfs8q6qvq5s...@bounces.f.net: unknown user bounce.kiuk0xhqtmkr-jf3t8kmh-mfs8q6qvq5s5cq I know I havent setup things correctly on these servers, and I would appreciate your help to identify my errors. Here is master.cf which I think meets most websites indications in term of bounce handling to php scripts : # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: man 5 master). # # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - - - - smtpd #submission inet n - - - - smtpd # -o smtpd_enforce_tls=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #smtps inet n - - - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix -
Listing IP addresses in mail queue
Hi, Firstly this is my first post to the list, so apologies if I've not correctly followed any procedures. I'm a new user to Postfix (ex Qmail user) and love it. However, there is one feature of qmqtool that was very useful: qmqtool -i, to list queue entries by IP address. Is there any way to see which IP addresses in the postfix queues are the most dominant? Also I am seeing a lot of bounces in the deferred queue from mailer-dae...@my-host. Is there a way to instantly destroy double bounces rather than defer them, or is this bad practice/against RFC standards? Finally, is there a way to emulate the 'greet pause' feature of Sendmail, whereby Postfix will kill the client connection if they send any commands before the 220 prompt? This seemed to be working with a 2.4 version of Postfix that I was testing, but not with 2.6/2.7. The docs mention a change to the way this works, but I don't fully understand this. I have the following in main.cf smtpd_client_restrictions = sleep 3, reject_unauth_pipelining, permit_mynetworks, reject smtpd_delay_reject = no Thanks for any help Cheers, Duncan Baxter Portsmouth.
Re: [Bounce Handling] Searching information
On Tue, 2009-09-08 at 13:27 +0200, no_s...@cardiff.fr wrote: Hello postfix users We have approx 150 customers that wish to do marketing email with their customers, and we have had these customers knowing former spam listing, because they / we did not cope feedback loops, list retrieval and all the ‘quality service’ recommendations. So they *are* spammers then? Where am I wrong, and what is necessary to setup bounce handling knowing that : 1- Bounces return addresses are constructed dynamically, and there is no real user account corresponding to bounce.--x...@bounces.f.net If you are sending mail to valid users who have opted in, it won't bounce. Will it :-) -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: [Bounce Handling] Searching information
Clunk Werclick wrote: On Tue, 2009-09-08 at 13:27 +0200, no_s...@cardiff.fr wrote: Where am I wrong, and what is necessary to setup bounce handling knowing that : 1- Bounces return addresses are constructed dynamically, and there is no real user account corresponding to bounce.--x...@bounces.f.net If you are sending mail to valid users who have opted in, it won't bounce. Will it :-) Oh yes it will. Mailing lists decay over time as people change their email addresses and forget to update their details with any opt-in lists they've subscribed to. Bounce handling is, therefore, an essential aspect of list administration - you need to be able to update the list regularly to remove inactive addresses from it. Lack of bounce handling is precisely the sort of thing that can get an otherwise entirely reputable list flagged as a spam source. Mark
RE: [Bounce Handling] Searching information
[Humour on]Wooow Thanks a lot, I knew I would have this sort of response, and it helps me and others certainly a lot...[/humour off] Clunk Werclick wrote So they *are* spammers then? Are they ??? Well in fact no, it's their client database, collected through vehicles they sold, with emails of client that have legitimately opted in when buying their vehicles. Our clients are responsible legally of their databases, we offer the technical interface, that will help all opt-out, quality responses, and bounces to be dealt with. (things they can't and don't do under outlook... man) Most of all, andafter asking our clients, last-end email users are at 90 % vehicles professional that himself sells vehicles to individuals. Now do we provide a spamming solution ? We hope not, and we are providing all last-end emailed user the possibility to unsubscribe at any moment of single / all databases. And if we have spam complain / reports, it is clear that the concerned client, will have to give us it's opt in policy, if he wants to continue using his services. Clunk Werclick wrote If you are sending mail to valid users who have opted in, it won't bounce. Will it :-) Do you have any email marketing knowledge ? Here are some cases of bounces that do need to be dealt with : - User email address changes not notified to our clients. (I change my mail from wanadoo to neufcegetel, and I certainly did not tell it to all subscripted mailing lists) - ISP domain change (we have had the case in France the last 6 months : 2 ISP's have closed, and more than 500 000 email addresses are not valid anymore, this gives our clients a chance in 5 to have a closed address in his legitimate database) - Domain MX problems. (Soft or hard) And this only concerns valid users, not spam databases. Now I don't need lessons on spamming. We are setting this up in order to let our client, do email marketing, the best way possible (including SPF / DK / DomainKeys / ReturnPath, and all available systems), and allowing users / admins to identify spam source, complain, and unsubscribe. My question is how to I manage bounces back in my postfix servers, knowing that the bounce addresses do not exists as valid users ??? If you don't have the answer, I don't think community needs your personal comments on what's good and what's bad...
Re: [Bounce Handling] Searching information
no_s...@cardiff.fr wrote: My question is how to I manage bounces back in my postfix servers, knowing that the bounce addresses do not exists as valid users ??? If you don't have the answer, I don't think community needs your personal comments on what's good and what's bad... Create a virtual domain (eg, bounces.example.com) and add a catch-all alias so that everything to that domain gets forwarded to the bounce handler's inbox. The bounce handler can then parse all the incoming messages and take action based on the recipient address. Yes, you'll also get lots of spam to this domain, but as long as everything is being handled automatically then that's not an issue as no human ever needs to read it. Mark
RE: [Bounce Handling] Searching information
On Tue, 2009-09-08 at 14:02 +0200, no_s...@cardiff.fr wrote: [Humour on]Wooow {snip} The answer is you check your logs, write a script to check your logs and update your databases - or use one of the many mailing list manager programs that exist. Postfix is simply the MTA. In fact I guess this very mailing list is using something similar to what you need. Forgive the bluntness of my response. -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Mixing Unix accounts (PAM) and database
Hello, I am trying to figure out if it is possible to mix both shared domains with UNIX system accounts virtual MAILBOX with separate domains, non-UNIX accounts at the same time. The reason for this is quite simple : I have a mail server with Postfix installed since quite a long time and Local Unix users. I wish to migrate this server but I am not necessarily wishing to call all my customers to guide them to reconfigure their accounts… So the idea was to mix both… I am using dovecot as authentication scheme for SASL. A MySQL database is deployed with some new accounts in It. What will be your roadmap for this migration ? Can I mix both type of accounts / config (local with Unix type virtual) ? Thanks for your reply Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz P Please consider your environmental responsibility before printing this e-mail
AW: --- Delivery report unavailable ---
Hi again, thanks for the quick reply and sorry for my (outlook's ;) ) bad quoting. At least i know now what caused the strange bounce message. Since the server had to be (relatively) hard resetted while sending the newsletter because of many long blocking processes, i assume this caused some data (the bounce files) to be lost. With ext3 this is not what i would expect to happen, but that has nothing to do with the original subject and presumably has nothing to do with postfix. Kind regards Stefan -Ursprüngliche Nachricht- Von: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] Im Auftrag von Wietse Venema Gesendet: Montag, 7. September 2009 17:00 An: Postfix users Betreff: Re: --- Delivery report unavailable --- Stefan Bunse: --4D1DB6737244.1252203488/newsbox.webmatch.de Content-Description: Notification Content-Type: text/plain; charset=us-ascii This is the mail system at host newsbox.webmatch.de. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system --- Delivery report unavailable --- --4D1DB6737244.1252203488/newsbox.webmatch.de Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; newsbox.webmatch.de X-Postfix-Queue-ID: 4D1DB6737244 [snip] The file /var/spool/postfix/bounce/4D1DB6737244 did not exist. Postfix does not log this, as mail may be deleted with postsuper -d. Postfix does not give details of queue file errors in its bounce messages. Wietse
Re: Mixing Unix accounts (PAM) and database
On Tuesday 08 September 2009 13:30:32 bsd wrote: Can I mix both type of accounts / config (local with Unix type virtual) ? Answer is simply yes. Just add relevant virtual mailbox settings to main.cf. Unless it is overly complex, my migration plan would be enable soft_bounce, add relevant settings, test, remove soft_bounce when happy. But I have a test server as well to work it all out on first! You can even use Dovecot LDA for local delivery of virtual users if it makes the configuration simpler. http://wiki.dovecot.org/LDA/Postfix You can have distinct delivery for virtual mailboxes and local mailboxes. virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_mailbox_domains = pop.mail.zynet.net virtual_mailbox_base = /var/spool/mail virtual_minimum_uid = 100 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 If it were me, I'd be tempted to replace local users with virtual users for all customer emails. You can probably do that and preserve all the settings the end user needs. As unless there is a need for a system account I prefer to have all in a database, not creating some little understood weakness in my system authentication.
Re: Listing IP addresses in mail queue
On 9/8/2009 6:20 AM, Duncan B. wrote: Hi, Firstly this is my first post to the list, so apologies if I've not correctly followed any procedures. I'm a new user to Postfix (ex Qmail user) and love it. However, there is one feature of qmqtool that was very useful: qmqtool -i, to list queue entries by IP address. Is there any way to see which IP addresses in the postfix queues are the most dominant? Postfix doesn't store IPs in the queue file, so there is no such tool for postfix. However, the 'qshape' tool will list the queue by destination domain. http://www.postfix.org/QSHAPE_README.html#qshape Also I am seeing a lot of bounces in the deferred queue from mailer-dae...@my-host. Is there a way to instantly destroy double bounces rather than defer them, or is this bad practice/against RFC standards? These aren't double bounces, just regular non-delivery reports. It's far better to find out why you have a bunch of bounces in your queue and fix the problem. Generally this is a result of accepting undeliverable mail. Don't do that. Use proper recipient validation so postfix can reject unknown recipients automatically. http://www.postfix.org/ADDRESS_CLASS_README.html http://www.postfix.org/LOCAL_RECIPIENT_README.html Finally, is there a way to emulate the 'greet pause' feature of Sendmail, whereby Postfix will kill the client connection if they send any commands before the 220 prompt? This seemed to be working with a 2.4 version of Postfix that I was testing, but not with 2.6/2.7. The docs mention a change to the way this works, but I don't fully understand this. I believe this feature is deprecated, but it should still work. I have the following in main.cf smtpd_client_restrictions = sleep 3, reject_unauth_pipelining, permit_mynetworks, reject You probably don't want reject at the end. smtpd_delay_reject = no This is no longer needed for proper detection of unauth pipelining, and it causes other complications. Suggest you remove it. Thanks for any help Welcome to postfix. -- Noel Jones
Re: Listing IP addresses in mail queue
I'm a new user to Postfix (ex Qmail user) and love it. However, there is one feature of qmqtool that was very useful: qmqtool -i, to list queue entries by IP address. Is there any way to see which IP addresses in the postfix queues are the most dominant? Postfix doesn't store IPs in the queue file, so there is no such tool for postfix. However, the 'qshape' tool will list the queue by destination domain. http://www.postfix.org/QSHAPE_README.html#qshape Thanks, this is handy but I still find it quite hard to determine which box the mail has originated from. Also I am seeing a lot of bounces in the deferred queue from mailer-dae...@my-host. Is there a way to instantly destroy double bounces rather than defer them, or is this bad practice/against RFC standards? These aren't double bounces, just regular non-delivery reports. It's far better to find out why you have a bunch of bounces in your queue and fix the problem. Generally this is a result of accepting undeliverable mail. Don't do that. Use proper recipient validation so postfix can reject unknown recipients automatically. http://www.postfix.org/ADDRESS_CLASS_README.html http://www.postfix.org/LOCAL_RECIPIENT_README.html This box is a mail relay for broadband users, so will accept all mail from pre-defined IP ranges, and relay the mail on. I've implemented as much checking as possible, but of course checking recipients at the end addresses is unfortunately impossible (without doing read-ahead checking?). The main problems seem to be with Yahoo/BT Internet etc, they have such strict blacklisting policies nowadays, the server spends most of it's time deferring mail to Yahoo. Yahoo receive a few invalid recipients and reject connections from the box. I'm not too sure how to get around this, other than tracking down the offending senders (which I *am* doing also)! Finally, is there a way to emulate the 'greet pause' feature of Sendmail, whereby Postfix will kill the client connection if they send any commands before the 220 prompt? This seemed to be working with a 2.4 version of Postfix that I was testing, but not with 2.6/2.7. The docs mention a change to the way this works, but I don't fully understand this. I believe this feature is deprecated, but it should still work. Hmm, it just seemed to stop working after I upgraded to 2.7 :( I wonder if anyone else has experienced this? I have the following in main.cf smtpd_client_restrictions = sleep 3, reject_unauth_pipelining, permit_mynetworks, reject You probably don't want reject at the end. The mailserver is firewalled off to everything other than our IP ranges, just thought I'd be an extra measure to prevent connections from invalid IPs should there be a firewall breach some how :-) I'll remove it though. smtpd_delay_reject = no This is no longer needed for proper detection of unauth pipelining, and it causes other complications. Suggest you remove it. Ok cool, thanks. Welcome to postfix. Pleasure to be on board, thanks for the quick response! Cheers Duncan
Re: Listing IP addresses in mail queue
Noel Jones: On 9/8/2009 6:20 AM, Duncan B. wrote: Hi, Firstly this is my first post to the list, so apologies if I've not correctly followed any procedures. I'm a new user to Postfix (ex Qmail user) and love it. However, there is one feature of qmqtool that was very useful: qmqtool -i, to list queue entries by IP address. Is there any way to see which IP addresses in the postfix queues are the most dominant? Postfix doesn't store IPs in the queue file, so there is no such tool for postfix. Client information records were added late in the Postfix life cycle, and they are used mainly by for xforward and milters. However, the 'qshape' tool will list the queue by destination domain. http://www.postfix.org/QSHAPE_README.html#qshape Indeed, qshape targets outflow. Inflow analysis is easily done based on logfile records. Wietse
Re: Listing IP addresses in mail queue
On 9/8/2009 8:48 AM, Duncan B. wrote: I'm a new user to Postfix (ex Qmail user) and love it. However, there is one feature of qmqtool that was very useful: qmqtool -i, to list queue entries by IP address. Is there any way to see which IP addresses in the postfix queues are the most dominant? Postfix doesn't store IPs in the queue file, so there is no such tool for postfix. However, the 'qshape' tool will list the queue by destination domain. http://www.postfix.org/QSHAPE_README.html#qshape Thanks, this is handy but I still find it quite hard to determine which box the mail has originated from. Ah, I was thinking destination rather than origin. There are several tools to extract historical information from the logs, I suggest postfix-logwatch and/or pflogsumm. Or I suppose it's possible to hack qshape to retrieve client information from queue files if you want to try that. Also I am seeing a lot of bounces in the deferred queue from mailer-dae...@my-host. Is there a way to instantly destroy double bounces rather than defer them, or is this bad practice/against RFC standards? These aren't double bounces, just regular non-delivery reports. It's far better to find out why you have a bunch of bounces in your queue and fix the problem. Generally this is a result of accepting undeliverable mail. Don't do that. Use proper recipient validation so postfix can reject unknown recipients automatically. http://www.postfix.org/ADDRESS_CLASS_README.html http://www.postfix.org/LOCAL_RECIPIENT_README.html This box is a mail relay for broadband users, so will accept all mail from pre-defined IP ranges, and relay the mail on. I've implemented as much checking as possible, but of course checking recipients at the end addresses is unfortunately impossible (without doing read-ahead checking?). OK, you didn't explain the problem fully. If your users are sending lots of undeliverable mail, you'll need to take that up with your users. Postfix has a bounce_queue_lifetime parameter that can adjust how long a bounce hangs around in the queue. The default is 5 days - you can set is somewhat smaller, but I would hesitate to set it less than one or two days. http://www.postfix.org/postconf.5.html#bounce_queue_lifetime Finally, is there a way to emulate the 'greet pause' feature of Sendmail, whereby Postfix will kill the client connection if they send any commands before the 220 prompt? This seemed to be working with a 2.4 version of Postfix that I was testing, but not with 2.6/2.7. The docs mention a change to the way this works, but I don't fully understand this. I believe this feature is deprecated, but it should still work. Hmm, it just seemed to stop working after I upgraded to 2.7 :( I wonder if anyone else has experienced this? (I wonder if anyone else is using it.) This feature is a great tool for self-DoS. I have the following in main.cf smtpd_client_restrictions = sleep 3, reject_unauth_pipelining, permit_mynetworks, reject You probably don't want reject at the end. The mailserver is firewalled off to everything other than our IP ranges, just thought I'd be an extra measure to prevent connections from invalid IPs should there be a firewall breach some how :-) I'll remove it though. I was assuming this was a general purpose MTA; apparently it's a user submission point only - MSA. In that case, the final reject is fine, and probably a good idea. -- Noel Jones
Re: Listing IP addresses in mail queue
On Tue, 8 Sep 2009, Wietse Venema wrote: Indeed, qshape targets outflow. Inflow analysis is easily done based on logfile records. Are you able to recommend any methods / tools to extract this information from the log files, Wietse, or is it just a case of writing a script to do so? I understand that you are actually doing from-to analysis: for example, who sends mail to Yahoo that is getting stuck in the queue. In that case, qshape -s (statistics by sender domain) could help. (Assuming that there is a relationship between sender domain and sender IP address). Otherwise, a qshape option for stats by IP address might be an idea. I think a qshape option to view stats per IP address would be brilliant, if possible!! Cheers, Duncan.
Re: Listing IP addresses in mail queue
Duncan B.: On Tue, 8 Sep 2009, Wietse Venema wrote: Indeed, qshape targets outflow. Inflow analysis is easily done based on logfile records. Are you able to recommend any methods / tools to extract this information from the log files, Wietse, or is it just a case of writing a script to do so? I understand that you are actually doing from-to analysis: for example, who sends mail to Yahoo that is getting stuck in the queue. In that case, qshape -s (statistics by sender domain) could help. (Assuming that there is a relationship between sender domain and sender IP address). Otherwise, a qshape option for stats by IP address might be an idea. I think a qshape option to view stats per IP address would be brilliant, if possible!! Why are stats by sender domain not sufficient? Wietse
Re: Listing IP addresses in mail queue
On Tue, Sep 08, 2009 at 02:32:30PM +, Duncan B. wrote: On Tue, 8 Sep 2009, Wietse Venema wrote: Indeed, qshape targets outflow. Inflow analysis is easily done based on logfile records. Are you able to recommend any methods / tools to extract this information from the log files, Wietse, or is it just a case of writing a script to do so? I understand that you are actually doing from-to analysis: for example, who sends mail to Yahoo that is getting stuck in the queue. In that case, qshape -s (statistics by sender domain) could help. (Assuming that there is a relationship between sender domain and sender IP address). Otherwise, a qshape option for stats by IP address might be an idea. I think a qshape option to view stats per IP address would be brilliant, if possible!! The qshape script is relatively straight-forward, if somewhat under-commented, Perl code. It would not be difficult to parse attribute records and extract client information. Also useful could be stats by the full sender address *with* the local part, so that an outbound system administrator can pin-point the *user* causing congestion when all senders have the same domain, but differ in the local-part of the address. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: lost connection after CONNECT / SSL_accept error from errors / network_biopair_interop: no inbound mail
On 9/8/2009 3:07 AM, Paul Beard wrote: I am getting no inbound email after locking down the requirements of users to authenticate before sending. I dropped back from current (2.7.*) to 2.6.5. Not having any success getting tcpdump output. The version I have differs from the example in the DEBUG instructions. Complete error messages. Please use cut-and-paste, or use attachments, instead of reciting information from memory. Sep 8 00:45:33 shuttle postfix/smtpd[56335]: lost connection after CONNECT from mail-pz0-f204.google.com[209.85.222.204] Looks like the client disconnected. Test your TLS implementation with openssl s_client -connect IP:port -starttls smtp If you get a 250 DSN or similar message after all the SSL handshake goop, then it worked. maps_rbl_domains = blackholes.mail-abuse.org maps_rbl_domains parameter is deprecated. See the reject_rbl_client command instead. smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit You need permit_sasl_authenticated right after permit_mynetworks. smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated This is a no-op, you can remove it. I don't see an smtpd_recipient_restrictions here. You will need at least: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_tls_loglevel = 3 Everything you may need should be logged at level 1. strict_rfc821_envelopes = yes This may reject legit mail. --master.cf-- smtp inet n - n - 200 smtpd -o content_filter=filter: -o smtpd_tls_wrappermode=yes Ouch! Don't do that! This is likely why the client disconnected; your server was speaking SSL and the client was speaking normal SMTP. It looked like garbage to the client. Wrappermode should only be used on a dedicated port, typically 465 smtps. -o smtpd_sasl_auth_enable=yes Since smtpd_sasl_auth_enable is set in main.cf, no reason to set it here. -- Noel Jones
Undelivered Mail and Postmaster copy
Hi, when a message cannot be delivered, a DSN is generated and returned to sender. According to [1] I can customize this message throught variable bounce_template_file, in [2]. The message that is returned to sender has subject Undelivered Mail Returned to Sender. But, a notification to admin is sent to admin (postmaster), with subject Postmaster Copy. My question is: Is it possible set any configuration to send all Undelivered Mails to a specific account, like is done with variable alway_bcc? [1] - http://www.postfix.org/bounce.5.html [2] - http://www.postfix.org/postconf.5.html#bounce_template_file Thanks, []'s -- Eduardo Júnior GNU/Linux user #423272 :wq
Re: lost connection after CONNECT / SSL_accept error from errors / network_biopair_interop: no inbound mail
On Tue, Sep 8, 2009 at 8:01 AM, Noel Jones njo...@megan.vbhcs.org wrote: Looks like the client disconnected. Test your TLS implementation with openssl s_client -connect IP:port -starttls smtp If you get a 250 DSN or similar message after all the SSL handshake goop, then it worked. OK, all is well here. maps_rbl_domains = blackholes.mail-abuse.org maps_rbl_domains parameter is deprecated. See the reject_rbl_client command instead. smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit You need permit_sasl_authenticated right after permit_mynetworks. smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated This is a no-op, you can remove it. I don't see an smtpd_recipient_restrictions here. You will need at least: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_recipient_restrictions was there, as specified. So that's alright. smtpd_tls_loglevel = 3 Everything you may need should be logged at level 1. strict_rfc821_envelopes = yes This may reject legit mail. OK, I fixed those. I cranked logging up in vain hope of finding something indicative. --master.cf-- smtp inet n - n - 200 smtpd -o content_filter=filter: -o smtpd_tls_wrappermode=yes Ouch! Don't do that! This is likely why the client disconnected; your server was speaking SSL and the client was speaking normal SMTP. It looked like garbage to the client. Wrappermode should only be used on a dedicated port, typically 465 smtps. Hmm, that's been here forever, but I guess it was obsoleted by the recent authentication changes. Well, it looks like I am seeing some deliveries being logged, so maybe it's fixed. Any idea if I should care about this? Sep 8 08:06:57 shuttle postfix/smtpd[61994]: warning: network_biopair_interop: error reading 11 bytes from the network: Connection reset by peer I see it's a warning but the only mention I found in the Google was that it was fixed in the next release and that was some time ago. -- Paul Beard / www.paulbeard.org/
Re: Listing IP addresses in mail queue
Duncan B.: On Tue, 8 Sep 2009, Wietse Venema wrote: Postfix doesn't store IPs in the queue file, so there is no such tool for postfix. Client information records were added late in the Postfix life cycle, and they are used mainly by for xforward and milters. However, the 'qshape' tool will list the queue by destination domain. http://www.postfix.org/QSHAPE_README.html#qshape Indeed, qshape targets outflow. Inflow analysis is easily done based on logfile records. Are you able to recommend any methods / tools to extract this information from the log files, Wietse, or is it just a case of writing a script to do so? I understand that you are actually doing from-to analysis: for example, who sends mail to Yahoo that is getting stuck in the queue. In that case, qshape -s (statistics by sender domain) could help. (Assuming that there is a relationship between sender domain and sender IP address). Otherwise, a qshape option for stats by IP address might be an idea. Wietse
Re: lost connection after CONNECT / SSL_accept error from errors / network_biopair_interop: no inbound mail
On Tue, Sep 08, 2009 at 08:20:19AM -0700, paul beard wrote: Any idea if I should care about this? Sep 8 08:06:57 shuttle postfix/smtpd[61994]: warning: network_biopair_interop: error reading 11 bytes from the network: Connection reset by peer After you turned-off wrapper mode and reloaded or restarted Postfix? In your original report this was a client-server deadlock because you had TLS wrapper mode on port 25, and so the client was waiting for a 220 banner, http://tools.ietf.org/html/rfc5321#section-3.1 while the server was waiting for an SSL client hello. http://tools.ietf.org/html/rfc4346#section-7.4.1.2 -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: [Bounce Handling] Searching information
On 9/8/2009 6:27 AM, no_s...@cardiff.fr wrote: Hello postfix users First I’ll say that it’s about 10 days I read Mailing list history, and I that I Google around in order to understand Bounce Handling in postfix. (I’m a former Exim user) I’ve found with Google several sites explaining how to set up bounce handling, but up to now all methods tested do not work for me… Let me explain first what we want to do and what is done up to now : - We have approx 150 customers that wish to do marketing email with their customers, Bounces are returned to the envelope sender address; to control where bounces go, set the envelope sender address appropriately. Use VERP to encode the recipient as part of the envelope sender. This way bounces are easily parsed to see which recipient caused the bounce. http://www.postfix.org/VERP_README.html A mailing list manager will do all this and more for you automatically. I strongly suggest you use one of the fine MLMs available. Mailman and majordomo are frequently suggested. -- Noel Jones
Re: Listing IP addresses in mail queue
On Tue, 8 Sep 2009, Wietse Venema wrote: Postfix doesn't store IPs in the queue file, so there is no such tool for postfix. Client information records were added late in the Postfix life cycle, and they are used mainly by for xforward and milters. However, the 'qshape' tool will list the queue by destination domain. http://www.postfix.org/QSHAPE_README.html#qshape Indeed, qshape targets outflow. Inflow analysis is easily done based on logfile records. Are you able to recommend any methods / tools to extract this information from the log files, Wietse, or is it just a case of writing a script to do so? Thanks, Duncan.
Re: Untrusted TLS connection
On Tue, Sep 08, 2009 at 11:37:56AM -0400, Gerard wrote: I have 'tls' working fine, except for on site. While the mail is still sent correctly, I am wondering why I have this warning message in the logs: There is no warning message. Sep 8 11:27:02 scorpio postfix/smtp[88433]: SSL_connect:before/connect initialization You log level is too high. Sep 8 11:27:06 scorpio postfix/smtp[88433]: Untrusted TLS connection established to smtp.cesmail.net[64.88.168.93]:25: TLSv1 with cipher ADH-AES256-SHA (256/256 bits) This is not a warning. The connection is using an anonymous cipher, so there is no peer certificate, and hence the session is untrusted. This is the only site that produces the Untrusted warning. Postfix marks all warning messages with warning: . This is not a warning. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: lost connection after CONNECT / SSL_accept error from errors / network_biopair_interop: no inbound mail
On 9/8/2009 10:20 AM, paul beard wrote: I don't see an smtpd_recipient_restrictions here. You will need at least: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_recipient_restrictions was there, as specified. So that's alright. Did I miss it in your postconf -n output? If it's not listed in postconf -n, then postfix doesn't see it either. Usually a typo in the parameter name. Any idea if I should care about this? Sep 8 08:06:57 shuttle postfix/smtpd[61994]: warning: network_biopair_interop: error reading 11 bytes from the network: Connection reset by peer This is logged by the openssl library when a client aborts the SSL handshake. As long as mail (usually) works from clients you want mail from, you can ignore this message. -- Noel Jones
RE: [Bounce Handling] Searching information
For those who might need this later, I've finally with the help of gandi-hosting newsgroup / irc Found solution to my problems : 1rst thing : My transport_map was not initialized in main.cf : To make piping work it's better to set it correctly without any misspelling... transport_maps = hash:/etc/postfix/transport_maps which contains : bounces.f.net bounceh: 2nd thing : Master.cf had a problem with php file mapping, I had followed : http://answers.google.com/answers/threadview?id=562518 In my case I had to use following : bounceh unix - n n - - pipe flags=Rq user=phpuser argv=/usr/bin/php /srv/f/www/f.net/htdocs/bounces/get_bounces.php $sender $recipient Last thing : Php script must take a #!/usr/bin/php in first line to make it bash comprehensible... don't know why but seems needed. Script must evidently have rights to execute. Php script must be unix formatted, beware of any Windows / Mac editors that can loose the unix format to file and throw errors like file not found, when the file does exist with a ls -la. Thanks any case for your ideas... T. de LASSAT
How to add more than one recipient on the notice recipient
All, How can I add more one recipient? I want both webmaster and postmaster can receive error email. The default setting: bounce_notice_recipient = postmaster delay_notice_recipient = postmaster error_notice_recipient = postmaster I know Sendmail can just add next to it = postmaster, webmaster, but I have no ideal on the Postfix. Can anyone help? Thanks. Mark
Re: How to add more than one recipient on the notice recipient
At 12:55 PM 9/8/2009, you wrote: All, How can I add more one recipient? I want both webmaster and postmaster can receive error email. The default setting: bounce_notice_recipient = postmaster delay_notice_recipient = postmaster error_notice_recipient = postmaster I know Sendmail can just add next to it = postmaster, webmaster, but I have no ideal on the Postfix. Can anyone help? I haven't tried, but one of the below should work: postmaster, webmaster, or create an alias of say bouncerecipient to be postmaster and webmaster...
feature request: deliver to compressed files on Maildir boxes
Hi, I was recently playing with dovecot plugins, and one of them caught my attention: zlib. This plugin allows dovecot imap4/pop3 modules to deal with gzipped messages on Maildir+ boxes ... files are stored in compressed format and users can normally check them through IMAP4/POP3, decompression is on-the-fly and users doesnt notice anything. On several mailboxes i have access and could test, gzipping all message files would save about 40% of storage space. Of course the compression/decompression is a very CPU intensive task ... but 40% of storage saving really calls my attention. Apparently there's no problem with mailbox quota management because dovecot uses the S=size parameter which is present on the filenames, which postfix writes correctly, instead of filesize on the file system. Altough dovecot supports reading gzipped files through IMAP4/POP3 modules, it does not automatically compress files on its delivery agent, that should be done by some script somehow. Dovecot delivery agent do not support on-the-fly compression when delivering messages but when (and if) dovecot delivery agent supports that on-the-fly compression as well, i'll really study it. Anyway, as i dont use dovecot delivery agent because postfix virtual delivery agent really fits my needs i would like to propose a feature request here, the on-the-fly compression on virtual delivery agent, which would be a perfect match for dovecot zlib module i described. Because of locking things, that on-the-fly compression/decompression is not possible for mbox boxes. Some minor information about dovecot zlib module: http://wiki.dovecot.org/Plugins/Zlib -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: feature request: deliver to compressed files on Maildir boxes
Leonardo Rodrigues a écrit : Hi, I was recently playing with dovecot plugins, and one of them caught my attention: zlib. This plugin allows dovecot imap4/pop3 modules to deal with gzipped messages on Maildir+ boxes ... files are stored in compressed format and users can normally check them through IMAP4/POP3, decompression is on-the-fly and users doesnt notice anything. On several mailboxes i have access and could test, gzipping all message files would save about 40% of storage space. Of course the compression/decompression is a very CPU intensive task ... but 40% of storage saving really calls my attention. Apparently there's no problem with mailbox quota management because dovecot uses the S=size parameter which is present on the filenames, which postfix writes correctly, instead of filesize on the file system. Altough dovecot supports reading gzipped files through IMAP4/POP3 modules, it does not automatically compress files on its delivery agent, that should be done by some script somehow. Dovecot delivery agent do not support on-the-fly compression when delivering messages but when (and if) dovecot delivery agent supports that on-the-fly compression as well, i'll really study it. Anyway, as i dont use dovecot delivery agent because postfix virtual delivery agent really fits my needs i would like to propose a feature request here, the on-the-fly compression on virtual delivery agent, which would be a perfect match for dovecot zlib module i described. Because of locking things, that on-the-fly compression/decompression is not possible for mbox boxes. Some minor information about dovecot zlib module: http://wiki.dovecot.org/Plugins/Zlib I don't wanna sound negative, but - since dovecot solves the problem... - this can also be handled at fielsystem level - every time I hear zlib, someting like vulnerability hits my ears. so if I can vote, I'd say no to zlib integration. this applies to dovecot too. unfortunately, it seems that Timo is too open, which makes the with security in mind of dovecot debatable at least. is it time to move back to courier? - the best code is that you don't write ...
Re: How to add more than one recipient on the notice recipient
Mark Johnson a écrit : All, How can I add more one recipient? I want both webmaster and postmaster can receive error email. The default setting: bounce_notice_recipient = postmaster delay_notice_recipient = postmaster error_notice_recipient = postmaster just make it joemaster and have joemaster as a (virtual) alias that explodes to whomever you want. I know Sendmail can just add next to it = postmaster, webmaster, but I have no ideal on the Postfix. Can anyone help? Thanks. Mark
Re: distribution list with postfix
Thomas Koch a écrit : Hi, could you please give me an addvise, whether the following is possible with postfix? I'd like to manage distribution lists with postfix, so that when a user sends a message to li...@mydomain postfix looks up an alias map in MySQL and sends individual emails to each alias found in the table. It is important that the To: header of the mail contains the expanded address, not the original one so that the resulting mails looks exactly as if the user would have send them individually to each recipient. no, postfix is not a mass mailing application. if the headers differ, then there is no point to not send one mail per recipient. please note that mass mailing is not easy. you need to manage bounces, errors, ... etc. Thanks for your time! Thomas Koch, http://www.koch.ro
Re: relay_domains vs virtual_mailbox_domains
Steve Heaven a écrit : On Mon, 2009-09-07 at 11:50 -0400, Sahil Tandon wrote: You should not accept mail for invalid recipients. Use existing functionality to build a cache/database of valid recipients on the fly. See: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient We have no way of knowing if the recipient address is valid or not as we are only acting as a relay for the final destination. We cannot build a database of recipients on the fly as that information is held on the various servers of our clients, to which we do not have access. the old: try to pass to next, until final server accepts or rejects is n more acceptable. recipients must be checked at the edge. postfix provides reject_unverified_recipient to help you for that (assuming the next relay really validates the recipient). It's been a time that most people acknowledge that backscatter is a problem. those who take a selfish approach to mail should not be surprised if they are blacklisted, and should not ask for help.
Re: relay_domains vs virtual_mailbox_domains
yar mailer got borked? Clunk Werclick a écrit : From: Clunk Werclick mailbacku...@googlemail.com Reply-to: mailbacku...@googlemail.com Cc: postfix-users@postfix.org Subject: Re: relay_domains vs virtual_mailbox_domains Date: Tue, 08 Sep 2009 09:28:36 +0100 Mailer: Evolution 2.24.3 On Tue, 2009-09-08 at 08:52 +0100, Steve Heaven wrote: On Mon, 2009-09-07 at 11:50 -0400, Sahil Tandon wrote: You should not accept mail for invalid recipients. Use existing functionality to build a cache/database of valid recipients on the fly. See: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient We have no way of knowing if the recipient address is valid or not as we are only acting as a relay for the final destination. We cannot build a database of recipients on the fly as that information is held on the various servers of our clients, to which we do not have access. Please forgive the bluntness - and drifting off a bit as I've not seen all of this; If you are acting as a relay and not able to verify the final recipients exist - you will quickly run into serious problems and side effects. Postfix provides a probing/discovery mechanism that spares you the need to build maps - it's not ideal when compared to the sheer speed of SQL, MAPS or LDAP, but it exists - so there is no excuse to accept mail for invalid recipients with Postfix. The link given tells you how this 'probing' works. Failing to verify final recipients means you will probably accept mail that is sequentially refused, leaving you holding the baby and having to bounce it. (Old Chinese Proverb say, man who gives 250 OK to SMTP, take ownership and responsibility). With invalid recipients, the sender is usually forged and as your relay has nothing left to do but bounce the message, your IP(s) are going to become really unpopular *fast*, and probably have it blacklisted in no time at all. This is, of course, not only limited to invalid recipients. Accepting any kind of mail for a destination that cannot be delivered gives the same problem. Perhaps the recipient is valid, but the destination refused the message because of the content/spam. You end up holding the baby again. If you really need the ability to catch all without bounce then the final destination needs to absolutely white list everything your throw at it - regardless of recipient or content. That is most certainly *not* ideal without some serious UCE measures on the relay itself. In commercial solutions I have seen, RELAYS have held the message and not given a 250 until the final destination has taken it -or- (less ideal) taken the message and put it into an 'outbound' Postfixen where it is retried for 48-72 hours. This gives the Relay admin time to see it and liase with the final destination host admin. This would be a real headache if you wind up with thousands of messages in the queue for invalid recipients, bringing us full circle to the topic once more. Good luck with what it is you are doing.
Re: How to add more than one recipient on the notice recipient
Mark Johnson: All, How can I add more one recipient? I want both webmaster and postmaster can receive error email. The default setting: bounce_notice_recipient = postmaster delay_notice_recipient = postmaster error_notice_recipient = postmaster I know Sendmail can just add next to it = postmaster, webmaster, but I have no ideal on the Postfix. Can anyone help? /etc/aliases: postmaster: you, webmaster Wietse
Re: feature request: deliver to compressed files on Maildir boxes
On 9/8/2009 2:59 PM, Leonardo Rodrigues wrote: Hi, I was recently playing with dovecot plugins, and one of them caught my attention: zlib. This plugin allows dovecot imap4/pop3 modules to deal with gzipped messages on Maildir+ boxes ... files are stored in compressed format and users can normally check them through IMAP4/POP3, decompression is on-the-fly and users doesnt notice anything. ... Anyway, as i dont use dovecot delivery agent because postfix virtual delivery agent really fits my needs i would like to propose a feature request here, the on-the-fly compression on virtual delivery agent, which would be a perfect match for dovecot zlib module i described. The postfix virtual delivery agent is intentionally bare-bones. Any new feature discussed would need to be compelling and widely usable; compressed maildir support is neither. The right place for this feature is the dovecot deliver program, not postfix virtual. -- Noel Jones
Re: feature request: deliver to compressed files on Maildir boxes
mouss wrote: Leonardo Rodrigues a écrit : http://wiki.dovecot.org/Plugins/Zlib I don't wanna sound negative, but - since dovecot solves the problem... - this can also be handled at fielsystem level - every time I hear zlib, someting like vulnerability hits my ears. so if I can vote, I'd say no to zlib integration. this applies to dovecot too. unfortunately, it seems that Timo is too open, which makes the with security in mind of dovecot debatable at least. is it time to move back to courier? Well, it *is* a plugin, just don't enable it and you're zlib free. I'll agree with you on the too open part though. ~Seth
Re: feature request: deliver to compressed files on Maildir boxes
On Sep 8, 2009, at 6:16 PM, mouss wrote: - every time I hear zlib, someting like vulnerability hits my ears. Well, you inspired me to finally implement a prevention method against almost all vulnerabilities there could be in zlib: http://hg.dovecot.org/dovecot-1.2/rev/b359aac78f92 I had been planning this since the beginning, but since few people used zlib plugin I guess I always just treated it as second class citizen and thought other things were more important. And sure, that patch doesn't help if users have some other way of writing files to maildir, but in typical setups I would now consider using zlib plugin safe. so if I can vote, I'd say no to zlib integration. this applies to dovecot too. unfortunately, it seems that Timo is too open, which makes the with security in mind of dovecot debatable at least. is it time to move back to courier? I try to keep the defaults secure, but I also understand that others just want the best performance and fancy features.