distribution list with postfix

[Thomas Koch]

Hi,

could you please give me an addvise, whether the following is possible with 
postfix? I'd like to manage distribution lists with postfix, so that when a 
user sends a message to

li...@mydomain

postfix looks up an alias map in MySQL and sends individual emails to each 
alias found in the table. It is important that the To: header of the mail 
contains the expanded address, not the original one so that the resulting 
mails looks exactly as if the user would have send them individually to each 
recipient.

Thanks for your time!

Thomas Koch, http://www.koch.ro

Re: relay_domains vs virtual_mailbox_domains

[Steve Heaven]

On Mon, 2009-09-07 at 11:50 -0400, Sahil Tandon wrote:


 
 You should not accept mail for invalid recipients.  Use existing
 functionality to build a cache/database of valid recipients on the fly.
 See: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient



We have no way of knowing if the recipient address is valid or not as we
are only acting as a relay for the final destination.
We cannot build a database of recipients on the fly as that information
is held on the various servers of our clients, to which we do not have
access.
 
-- 
thorNET 

Internet Services, Consultancy  Training
www.thornet.co.uk

lost connection after CONNECT / SSL_accept error from errors / network_biopair_interop: no inbound mail

[Paul Beard]

I am getting no inbound email after locking down the requirements of  
users to authenticate before sending. I dropped back from current  
(2.7.*) to 2.6.5.


Not having any success getting tcpdump output. The version I have  
differs from the example in the DEBUG instructions.


Complete error messages. Please use cut-and-paste, or use attachments,  
instead of reciting information from memory.


Sep  8 00:45:30 shuttle postfix/smtpd[56332]:  
qmta10.emeryville.ca.mail.comcast.net[76.96.30.17]: TLS cipher list  
ALL:!EXPORT:!LOW:+RC4:@STRENGTH
Sep  8 00:45:30 shuttle postfix/smtpd[56332]: SSL_accept:before/accept  
initialization
Sep  8 00:45:30 shuttle postfix/smtpd[56332]: read from 34103AC0  
[341BF000] (11 bytes = -1 (0x))
Sep  8 00:45:33 shuttle postfix/smtpd[56335]: SSL_accept error from  
mail-pz0-f204.google.com[209.85.222.204]: -1
Sep  8 00:45:33 shuttle postfix/smtpd[56335]: lost connection after  
CONNECT from mail-pz0-f204.google.com[209.85.222.204]
Sep  8 00:45:33 shuttle postfix/smtpd[56335]: disconnect from mail-pz0- 
f204.google.com[209.85.222.204]
Sep  8 00:46:03 shuttle postfix/smtpd[56437]: warning:  
network_biopair_interop: error reading 11 bytes from the network:  
Connection reset by peer
Sep  8 00:46:03 shuttle postfix/smtpd[56437]: SSL_accept error from  
mail-px0-f194.google.com[209.85.216.194]: -1
Sep  8 00:46:03 shuttle postfix/smtpd[56437]: lost connection after  
CONNECT from mail-px0-f194.google.com[209.85.216.194]
Sep  8 00:46:03 shuttle postfix/smtpd[56437]: disconnect from mail-px0- 
f194.google.com[209.85.216.194]
Sep  8 00:47:07 shuttle postfix/smtpd[56335]: connect from elasmtp- 
masked.atl.sa.earthlink.net[209.86.89.68]
Sep  8 00:47:07 shuttle postfix/smtpd[56335]: setting up TLS  
connection from elasmtp-masked.atl.sa.earthlink.net[209.86.89.68]
Sep  8 00:47:07 shuttle postfix/smtpd[56335]: elasmtp- 
masked.atl.sa.earthlink.net[209.86.89.68]: TLS cipher list ALL:! 
EXPORT:!LOW:+RC4:@STRENGTH


postfinger - postfix configuration on Tue Sep  8 00:53:35 PDT 2009

version: 1.30



--System Parameters--

mail_version = 2.6.5

hostname = shuttle.ferbil.fotz

uname = FreeBSD shuttle.ferbil.fotz 7.2-RELEASE-p1 FreeBSD 7.2-RELEASE- 
p1 #1: Fri Jun 12 22:10:40 PDT 2009 r...@shuttle.ferbil.fotz:/usr/ 
obj/usr/src/sys/SHUTTLE  i386




--Packaging information--

looks like this postfix comes from BSD package: postfix-2.6.5,1



--main.cf non-default parameters--

default_process_limit = 200

disable_vrfy_command = yes

invalid_hostname_reject_code = 554

maps_rbl_domains = blackholes.mail-abuse.org

multi_recipient_bounce_reject_code = 554

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

myhostname = mail.ferbil.fotz

mynetworks = 192.168.2.0/24, 127.0.0.0/8

myorigin = $mydomain

non_fqdn_reject_code = 554

proxy_interfaces = 72.1.134.183

smtp_tls_session_cache_database = btree:/var/lib/postfix/ 
smtp_tls_session_cache


smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname,  
reject_invalid_hostname, permit


smtpd_reject_unlisted_sender = yes

smtpd_sasl_auth_enable = yes

smtpd_sasl_path = private/auth

smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated

smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/cacert.pem

smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/pbo-cert.pem

smtpd_tls_key_file = /usr/local/etc/postfix/ssl/pbo-key.pem

smtpd_tls_loglevel = 3

smtpd_tls_received_header = yes

smtpd_tls_security_level = may

strict_rfc821_envelopes = yes

unknown_address_reject_code = 554

unknown_client_reject_code = 554

unknown_hostname_reject_code = 554

unknown_relay_recipient_reject_code = 554

unknown_virtual_alias_reject_code = 554

unknown_virtual_mailbox_reject_code = 554

unverified_recipient_reject_code = 554

unverified_sender_reject_code = 554

virtual_alias_domains = mildew.org

virtual_alias_maps = hash:/usr/local/etc/postfix/mildew.cf



--master.cf--

smtp  inet  n   -   n   -   200   smtpd

-o content_filter=filter:

  -o smtpd_tls_wrappermode=yes

  -o smtpd_sasl_auth_enable=yes

pickupfifo  n   -   n   60  1   pickup

cleanup   unix  n   -   n   -   0   cleanup

qmgr  fifo  n   -   n   300 1   qmgr

tlsmgrunix  -   -   n   1000?   1   tlsmgr

rewrite   unix  -   -   n   -   -   trivial-rewrite

bounceunix  -   -   n   -   0   bounce

defer unix  -   -   n   -   0   bounce

trace unix  -   -   n   -   0   bounce

verifyunix  -   -   n   -   1   verify

flush unix  n   -   n   1000?   0   flush

proxymap  unix  -   -   n   -   -   proxymap

proxywrite unix -   -   n   -   1   proxymap

smtp  unix  -   -   n   -   -   smtp

relay unix  - 

Re: relay_domains vs virtual_mailbox_domains

[Mikael Bak]

Steve Heaven wrote:
 On Mon, 2009-09-07 at 11:50 -0400, Sahil Tandon wrote:
 

 You should not accept mail for invalid recipients.  Use existing
 functionality to build a cache/database of valid recipients on the fly.
 See: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
 
 We have no way of knowing if the recipient address is valid or not as we
 are only acting as a relay for the final destination.
 We cannot build a database of recipients on the fly as that information
 is held on the various servers of our clients, to which we do not have
 access.
 

Sahil Tandon gave you a link containing the solution to you problem. I
suggest you read it before you say it can't be done.

Tip: scoll up to How address verification works.

Mikael

Re: relay_domains vs virtual_mailbox_domains

[Clunk Werclick]

From: 
Clunk Werclick
mailbacku...@googlemail.com
Reply-to: 
mailbacku...@googlemail.com
  Cc: 
postfix-users@postfix.org
 Subject: 
Re: relay_domains
vs
virtual_mailbox_domains
Date: 
Tue, 08 Sep 2009
09:28:36 +0100
  Mailer: 
Evolution 2.24.3 



On Tue, 2009-09-08 at 08:52 +0100, Steve Heaven wrote:
 On Mon, 2009-09-07 at 11:50 -0400, Sahil Tandon wrote:
 
  
  You should not accept mail for invalid recipients.  Use existing
  functionality to build a cache/database of valid recipients on the
fly.
  See:
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
 
 We have no way of knowing if the recipient address is valid or not as
 we are only acting as a relay for the final destination.
 We cannot build a database of recipients on the fly as that
 information is held on the various servers of our clients, to which we
 do not have access.
 
Please forgive the bluntness - and drifting off a bit as I've not seen
all of this; If you are acting as a relay and not able to verify the
final recipients exist - you will quickly run into serious problems and
side effects.

Postfix provides a probing/discovery mechanism that spares you the need
to build maps - it's not ideal when compared to the sheer speed of SQL,
MAPS or LDAP, but it exists - so there is no excuse to accept mail for
invalid recipients with Postfix. The link given tells you how this
'probing' works.

Failing to verify final recipients means you will probably accept mail
that is sequentially refused, leaving you holding the baby and having to
bounce it. (Old Chinese Proverb say, man who gives 250 OK to SMTP, take
ownership and responsibility). With invalid recipients, the sender is
usually forged and as your relay has nothing left to do but bounce the
message, your IP(s) are going to become really unpopular *fast*, and
probably have it blacklisted in no time at all.

This is, of course, not only limited to invalid recipients. Accepting
any kind of mail for a destination that cannot be delivered gives the
same problem. Perhaps the recipient is valid, but the destination
refused the message because of the content/spam. You end up holding the
baby again.

If you really need the ability to catch all without bounce then the
final destination needs to absolutely white list everything your throw
at it - regardless of recipient or content. That is most certainly *not*
ideal without some serious UCE measures on the relay itself.

In commercial solutions I have seen, RELAYS have held the message and
not given a 250 until the final destination has taken it -or- (less
ideal) taken the message and put it into an 'outbound' Postfixen where
it is retried for 48-72 hours. This gives the Relay admin time to see it
and liase with the final destination host admin. This would be a real
headache if you wind up with thousands of messages in the queue for
invalid recipients, bringing us full circle to the topic once more.

Good luck with what it is you are doing.


-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment. 

[Bounce Handling] Searching information

[no_spam]

Hello postfix users
First I’ll say that it’s about 10 days I read Mailing list history, and I
that I Google around in order to understand Bounce Handling in postfix. (I’m
a former Exim user)

I’ve found with Google several sites explaining how to set up bounce
handling, but up to now all methods tested do not work for me…

Let me explain first what we want to do and what is done up to now : 

- We have approx 150 customers that wish to do marketing email with their
customers, and we have had these customers knowing former spam listing,
because they / we did not cope feedback loops, list retrieval and all the
‘quality service’ recommendations. These customers are mostly Automotive
software users that use our integrated mailing service in the software,
using simple outlook  mailing dll’s (software is made under windev, and uses
all Windows dll’s).
- We want to offer our customers a service that will allow them by using
their software, to mail their customers, through a mailing platform,
independent of their outlook / email software and that will cope : Mailing
unsubscription, feedback loops with webmail / ISP, bounce handling to bring
their mailing lists to quality….

What we have setup : 
- Postfix mailing servers (5), (servers A – E) with authorized (login /
password) account set in our software, and ID control of our users sending
their marketing mail. These servers are only purposed to mail sending, all
web and bounce treatment is done on 2 other servers (F/G) loadbalanced, that
cope bounces (return path sends to these 2 servers domain name, it is set to
send bounce emails to @F.net). These five servers work to our needs with no
problem.
- Mailing List unsubscription, feedback loops, online data handling, mysql
mailing statistics, on servers F/G
- Bounce Handling php script, checking bounces and coping in databases all
post-bounce treatements on servers F / G
- Bounce Handling administrative script allowing us to learn new Bounce
codes not already treated automatically by system on servers F/G.

What we haven’t managed to setup.
- On servers F/G, postfix is not able to send bounced email received to php
script.
- Postfix answers to all bounces received on these servers : 
bounce.kiuk0xhqtmkr-jf3t8kmh-mfs8q6qvq5s...@bounces.f.net: unknown user
    bounce.kiuk0xhqtmkr-jf3t8kmh-mfs8q6qvq5s5cq

I know I haven’t setup things correctly on these servers, and I would
appreciate your help to identify my errors.

Here is master.cf  which I think meets most websites indications in term of
bounce handling to php scripts : 

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: man 5 master).
#
# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
smtp  inet  n   -   -   -   -   smtpd
#submission inet n   -   -   -   -   smtpd
#  -o smtpd_enforce_tls=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet  n   -   -   -   -   smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628  inet  n   -   -   -   -   qmqpd
pickup    fifo  n   -   -   60  1   pickup
cleanup   unix  n   -   -   -   0   cleanup
qmgr  fifo  n   -   n   300 1   qmgr
#qmgr fifo  n   -   -   300 1   oqmgr
tlsmgr    unix  -   -   -   1000?   1   tlsmgr
rewrite   unix  -   -   -   -   -   trivial-rewrite
bounce    unix  -   -   -   -   0   bounce
defer unix  -   -   -   -   0   bounce
trace unix  -   -   -   -   0   bounce
verify    unix  -   -   -   -   1   verify
flush unix  n   -   -   1000?   0   flush
proxymap  unix  -   -   n   -   -   proxymap
smtp  unix  -   -   -   -   -   smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix  -   -   -   -   -   smtp
   -o smtp_fallback_relay=
#   -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix  n   -   -   -   -   showq
error unix  -   -   -   -   -   error
retry unix  -   -   -   -   -   error
discard   unix  -   -   -   -   -   discard
local unix  -   n   n   -   -   local
virtual   unix  -   n   n   -   -   virtual
lmtp  unix  -   -   -   -   -   lmtp
anvil unix  -

Listing IP addresses in mail queue

[Duncan B.]

Hi,

Firstly this is my first post to the list, so apologies if I've not
correctly followed any procedures.

I'm a new user to Postfix (ex Qmail user) and love it.  However, there is 
one feature of qmqtool that was very useful: qmqtool -i, to list queue 
entries by IP address.  Is there any way to see which IP addresses in the 
postfix queues are the most dominant?


Also I am seeing a lot of bounces in the deferred queue from 
mailer-dae...@my-host.  Is there a way to instantly destroy double bounces

rather than defer them, or is this bad practice/against RFC standards?

Finally, is there a way to emulate the 'greet pause' feature of Sendmail, 
whereby Postfix will kill the client connection if they send any commands 
before the 220 prompt?  This seemed to be working with a 2.4 version of 
Postfix that I was testing, but not with 2.6/2.7.  The docs mention a 
change to the way this works, but I don't fully understand this.


I have the following in main.cf

smtpd_client_restrictions = sleep 3, reject_unauth_pipelining, 
permit_mynetworks, reject

smtpd_delay_reject = no


Thanks for any help

Cheers,
Duncan Baxter
Portsmouth.

Re: [Bounce Handling] Searching information

[Clunk Werclick]

On Tue, 2009-09-08 at 13:27 +0200, no_s...@cardiff.fr wrote:
 Hello postfix users
 We have approx 150 customers that wish to do marketing email with their
 customers, and we have had these customers knowing former spam listing,
 because they / we did not cope feedback loops, list retrieval and all the
 ‘quality service’ recommendations.
So they *are* spammers then?

 Where am I wrong, and what is necessary to setup bounce handling knowing
 that : 
 1- Bounces return addresses are constructed dynamically, and there is no
 real user account corresponding to bounce.--x...@bounces.f.net
If you are sending mail to valid users who have opted in, it won't
bounce. Will it :-)
-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment. 

Re: [Bounce Handling] Searching information

[Mark Goodge]

Clunk Werclick wrote:

On Tue, 2009-09-08 at 13:27 +0200, no_s...@cardiff.fr wrote:


Where am I wrong, and what is necessary to setup bounce handling knowing
that : 
1- Bounces return addresses are constructed dynamically, and there is no

real user account corresponding to bounce.--x...@bounces.f.net



If you are sending mail to valid users who have opted in, it won't
bounce. Will it :-)


Oh yes it will. Mailing lists decay over time as people change their 
email addresses and forget to update their details with any opt-in lists 
they've subscribed to. Bounce handling is, therefore, an essential 
aspect of list administration - you need to be able to update the list 
regularly to remove inactive addresses from it. Lack of bounce handling 
is precisely the sort of thing that can get an otherwise entirely 
reputable list flagged as a spam source.


Mark

RE: [Bounce Handling] Searching information

[no_spam]

[Humour on]Wooow
Thanks a lot, I knew I would have this sort of response, and it helps me and 
others certainly a lot...[/humour off]

Clunk Werclick wrote 
 So they *are* spammers then?

Are they ??? Well in fact no, it's their client database, collected through 
vehicles they sold, with emails of client that have legitimately opted in when 
buying their vehicles. Our clients are responsible legally of their databases, 
we offer the technical interface, that will help all opt-out, quality 
responses, and bounces to be dealt with. (things they can't and don't do under 
outlook... man)
Most of all, andafter asking our clients, last-end email users are at 
90 % vehicles professional that himself sells vehicles to individuals.
Now do we provide a spamming solution ? We hope not, and we are providing all 
last-end emailed user the possibility to unsubscribe at any moment of single / 
all databases. And if we have spam complain / reports, it is clear that the 
concerned client, will have to give us it's opt in policy, if he wants to 
continue using his services.


Clunk Werclick wrote 
 If you are sending mail to valid users who have opted in, it won't bounce. 
 Will it :-)

Do you have any email marketing knowledge ? Here are some cases of bounces that 
do need to be dealt with : 
- User email address changes not notified to our clients. (I change my mail 
from wanadoo to neufcegetel, and I certainly did not tell it to all subscripted 
mailing lists)
- ISP domain change (we have had the case in France the last 6 months : 2 ISP's 
have closed, and more than 500 000 email addresses are not valid anymore, this 
gives our clients a chance in 5 to have a closed address in his legitimate 
database)
- Domain MX problems. (Soft or hard)
And this only concerns valid users, not spam databases.

Now I don't need lessons on spamming. We are setting this up in order to let 
our client, do email marketing, the best way possible (including SPF / DK / 
DomainKeys / ReturnPath, and all available systems), and allowing users  / 
admins to identify spam source, complain, and unsubscribe.

My question is how to I manage bounces back in my postfix servers, knowing that 
the bounce addresses do not exists as valid users ??? 
If you don't have the answer, I don't think community needs your personal 
comments on what's good and what's bad...

Re: [Bounce Handling] Searching information

[Mark Goodge]

no_s...@cardiff.fr wrote:


My question is how to I manage bounces back in my postfix servers,
knowing that the bounce addresses do not exists as valid users ??? If
you don't have the answer, I don't think community needs your
personal comments on what's good and what's bad...


Create a virtual domain (eg, bounces.example.com) and add a catch-all 
alias so that everything to that domain gets forwarded to the bounce 
handler's inbox. The bounce handler can then parse all the incoming 
messages and  take action based on the recipient address.


Yes, you'll also get lots of spam to this domain, but as long as 
everything is being handled automatically then that's not an issue as no 
human ever needs to read it.


Mark

RE: [Bounce Handling] Searching information

[Clunk Werclick]

On Tue, 2009-09-08 at 14:02 +0200, no_s...@cardiff.fr wrote:
 [Humour on]Wooow
{snip}

The answer is you check your logs, write a script to check your logs and
update your databases - or use one of the many mailing list manager
programs that exist. Postfix is simply the MTA. In fact I guess this
very mailing list is using something similar to what you need.

Forgive the bluntness of my response. 

-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment. 

Mixing Unix accounts (PAM) and database

[bsd]

Hello,

I am trying to figure out if it is possible to mix both shared  
domains with UNIX system accounts  virtual MAILBOX with separate  
domains, non-UNIX accounts at the same time.


The reason for this is quite simple :

I have a mail server with Postfix installed since quite a long time  
and Local Unix users.
I wish to migrate this server but I am not necessarily wishing to call  
all my customers to guide them to reconfigure their accounts…


So the idea was to mix both…


I am using dovecot as authentication scheme for SASL.
A MySQL database is deployed with some new accounts in It.


What will be your roadmap for this migration ?

Can I mix both type of accounts / config (local with Unix type   
virtual) ?



Thanks for your reply



Gregober --- PGP ID -- 0x1BA3C2FD
bsd @at@ todoo.biz


P Please consider your environmental responsibility before printing  
this e-mail

AW: --- Delivery report unavailable ---

[Stefan Bunse]

Hi again,

thanks for the quick reply and sorry for my (outlook's ;) ) bad quoting.

At least i know now what caused the strange bounce message. Since the server 
had to be (relatively) hard resetted while sending the newsletter because of 
many long blocking processes, i assume this caused some data (the bounce files) 
to be lost. With ext3 this is not what i would expect to happen, but that has 
nothing to do with the original subject and presumably has nothing to do with 
postfix.

Kind regards
Stefan


-Ursprüngliche Nachricht-
Von: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
Im Auftrag von Wietse Venema
Gesendet: Montag, 7. September 2009 17:00
An: Postfix users
Betreff: Re: --- Delivery report unavailable ---

Stefan Bunse:
 --4D1DB6737244.1252203488/newsbox.webmatch.de
 Content-Description: Notification
 Content-Type: text/plain; charset=us-ascii
 
 This is the mail system at host newsbox.webmatch.de.
 
 I'm sorry to have to inform you that your message could not
 be delivered to one or more recipients. It's attached below.
 
 For further assistance, please send mail to postmaster.
 
 If you do so, please include this problem report. You can
 delete your own text from the attached returned message.
 
 The mail system
 
 --- Delivery report unavailable ---

 --4D1DB6737244.1252203488/newsbox.webmatch.de
 Content-Description: Delivery report
 Content-Type: message/delivery-status
 
 Reporting-MTA: dns; newsbox.webmatch.de
 X-Postfix-Queue-ID: 4D1DB6737244
[snip]

The file /var/spool/postfix/bounce/4D1DB6737244 did not exist.
Postfix does not log this, as mail may be deleted with postsuper
-d.

Postfix does not give details of queue file errors in its bounce
messages.

Wietse

Re: Mixing Unix accounts (PAM) and database

[Simon Waters]

On Tuesday 08 September 2009 13:30:32 bsd wrote:
 
 Can I mix both type of accounts / config (local with Unix type 
 virtual) ?

Answer is simply yes.

Just add relevant virtual mailbox settings to main.cf.

Unless it is overly complex, my migration plan would be enable soft_bounce, 
add relevant settings, test, remove soft_bounce when happy. But I have a 
test server as well to work it all out on first!

You can even use Dovecot LDA for local delivery of virtual users if it makes 
the configuration simpler.

http://wiki.dovecot.org/LDA/Postfix

You can have distinct delivery for virtual mailboxes and local mailboxes.

virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_mailbox_domains = pop.mail.zynet.net
virtual_mailbox_base = /var/spool/mail
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

If it were me, I'd be tempted to replace local users with virtual users for 
all customer emails. You can probably do that and preserve all the settings 
the end user needs. As unless there is a need for a system account I prefer 
to have all in a database, not creating some little understood weakness in my 
system authentication.

Re: Listing IP addresses in mail queue

[Noel Jones]

On 9/8/2009 6:20 AM, Duncan B. wrote:


Hi,

Firstly this is my first post to the list, so apologies if I've not
correctly followed any procedures.

I'm a new user to Postfix (ex Qmail user) and love it. However, there is
one feature of qmqtool that was very useful: qmqtool -i, to list queue
entries by IP address. Is there any way to see which IP addresses in the
postfix queues are the most dominant?


Postfix doesn't store IPs in the queue file, so there is no 
such tool for postfix.


However, the 'qshape' tool will list the queue by destination 
domain.

http://www.postfix.org/QSHAPE_README.html#qshape



Also I am seeing a lot of bounces in the deferred queue from
mailer-dae...@my-host. Is there a way to instantly destroy double bounces
rather than defer them, or is this bad practice/against RFC standards?


These aren't double bounces, just regular non-delivery reports.

It's far better to find out why you have a bunch of bounces in 
your queue and fix the problem.


Generally this is a result of accepting undeliverable mail. 
Don't do that.  Use proper recipient validation so postfix can 
reject unknown recipients automatically.

http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/LOCAL_RECIPIENT_README.html



Finally, is there a way to emulate the 'greet pause' feature of
Sendmail, whereby Postfix will kill the client connection if they send
any commands before the 220 prompt? This seemed to be working with a 2.4
version of Postfix that I was testing, but not with 2.6/2.7. The docs
mention a change to the way this works, but I don't fully understand this.


I believe this feature is deprecated, but it should still work.



I have the following in main.cf

smtpd_client_restrictions = sleep 3, reject_unauth_pipelining,
permit_mynetworks, reject


You probably don't want reject at the end.


smtpd_delay_reject = no


This is no longer needed for proper detection of unauth 
pipelining, and it causes other complications.  Suggest you 
remove it.





Thanks for any help


Welcome to postfix.

  -- Noel Jones

Re: Listing IP addresses in mail queue

[Duncan B.]

I'm a new user to Postfix (ex Qmail user) and love it. However, there is
one feature of qmqtool that was very useful: qmqtool -i, to list queue
entries by IP address. Is there any way to see which IP addresses in the
postfix queues are the most dominant?


Postfix doesn't store IPs in the queue file, so there is no such tool for 
postfix.


However, the 'qshape' tool will list the queue by destination domain.
http://www.postfix.org/QSHAPE_README.html#qshape


Thanks, this is handy but I still find it quite hard to determine which 
box the mail has originated from.




Also I am seeing a lot of bounces in the deferred queue from
mailer-dae...@my-host. Is there a way to instantly destroy double bounces
rather than defer them, or is this bad practice/against RFC standards?


These aren't double bounces, just regular non-delivery reports.

It's far better to find out why you have a bunch of bounces in your queue and 
fix the problem.


Generally this is a result of accepting undeliverable mail. Don't do that. 
Use proper recipient validation so postfix can reject unknown recipients 
automatically.

http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/LOCAL_RECIPIENT_README.html


This box is a mail relay for broadband users, so will accept all mail from 
pre-defined IP ranges, and relay the mail on.  I've implemented as much 
checking as possible, but of course checking recipients at the end 
addresses is unfortunately impossible (without doing read-ahead 
checking?).


The main problems seem to be with Yahoo/BT Internet etc, they have such 
strict blacklisting policies nowadays, the server spends most of it's 
time deferring mail to Yahoo.  Yahoo receive a few invalid recipients and 
reject connections from the box.  I'm not too sure how to get around this, 
other than tracking down the offending senders (which I *am* doing also)!




Finally, is there a way to emulate the 'greet pause' feature of
Sendmail, whereby Postfix will kill the client connection if they send
any commands before the 220 prompt? This seemed to be working with a 2.4
version of Postfix that I was testing, but not with 2.6/2.7. The docs
mention a change to the way this works, but I don't fully understand this.


I believe this feature is deprecated, but it should still work.


Hmm, it just seemed to stop working after I upgraded to 2.7 :(  I wonder 
if anyone else has experienced this?




I have the following in main.cf

smtpd_client_restrictions = sleep 3, reject_unauth_pipelining,
permit_mynetworks, reject


You probably don't want reject at the end.


The mailserver is firewalled off to everything other than our IP ranges, 
just thought I'd be an extra measure to prevent connections from invalid 
IPs should there be a firewall breach some how :-)  I'll remove it though.



smtpd_delay_reject = no


This is no longer needed for proper detection of unauth pipelining, and it 
causes other complications.  Suggest you remove it.


Ok cool, thanks.



Welcome to postfix.


Pleasure to be on board, thanks for the quick response!

Cheers
Duncan

Re: Listing IP addresses in mail queue

[Wietse Venema]

Noel Jones:
 On 9/8/2009 6:20 AM, Duncan B. wrote:
 
  Hi,
 
  Firstly this is my first post to the list, so apologies if I've not
  correctly followed any procedures.
 
  I'm a new user to Postfix (ex Qmail user) and love it. However, there is
  one feature of qmqtool that was very useful: qmqtool -i, to list queue
  entries by IP address. Is there any way to see which IP addresses in the
  postfix queues are the most dominant?
 
 Postfix doesn't store IPs in the queue file, so there is no 
 such tool for postfix.

Client information records were added late in the Postfix life
cycle, and they are used mainly by for xforward and milters.

 However, the 'qshape' tool will list the queue by destination 
 domain.
 http://www.postfix.org/QSHAPE_README.html#qshape

Indeed, qshape targets outflow. Inflow analysis is easily done
based on logfile records.

Wietse

Re: Listing IP addresses in mail queue

[Noel Jones]

On 9/8/2009 8:48 AM, Duncan B. wrote:



I'm a new user to Postfix (ex Qmail user) and love it. However, there is
one feature of qmqtool that was very useful: qmqtool -i, to list queue
entries by IP address. Is there any way to see which IP addresses in the
postfix queues are the most dominant?


Postfix doesn't store IPs in the queue file, so there is no such tool
for postfix.

However, the 'qshape' tool will list the queue by destination domain.
http://www.postfix.org/QSHAPE_README.html#qshape


Thanks, this is handy but I still find it quite hard to determine which
box the mail has originated from.


Ah, I was thinking destination rather than origin.
There are several tools to extract historical information from 
the logs, I suggest postfix-logwatch and/or pflogsumm.
Or I suppose it's possible to hack qshape to retrieve client 
information from queue files if you want to try that.







Also I am seeing a lot of bounces in the deferred queue from
mailer-dae...@my-host. Is there a way to instantly destroy double
bounces
rather than defer them, or is this bad practice/against RFC standards?


These aren't double bounces, just regular non-delivery reports.

It's far better to find out why you have a bunch of bounces in your
queue and fix the problem.

Generally this is a result of accepting undeliverable mail. Don't do
that. Use proper recipient validation so postfix can reject unknown
recipients automatically.
http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/LOCAL_RECIPIENT_README.html


This box is a mail relay for broadband users, so will accept all mail
from pre-defined IP ranges, and relay the mail on. I've implemented as
much checking as possible, but of course checking recipients at the end
addresses is unfortunately impossible (without doing read-ahead checking?).


OK, you didn't explain the problem fully.  If your users are 
sending lots of undeliverable mail, you'll need to take that 
up with your users.


Postfix has a bounce_queue_lifetime parameter that can adjust 
how long a bounce hangs around in the queue.  The default is 5 
days - you can set is somewhat smaller, but I would hesitate 
to set it less than one or two days.

http://www.postfix.org/postconf.5.html#bounce_queue_lifetime


Finally, is there a way to emulate the 'greet pause' feature of
Sendmail, whereby Postfix will kill the client connection if they send
any commands before the 220 prompt? This seemed to be working with a 2.4
version of Postfix that I was testing, but not with 2.6/2.7. The docs
mention a change to the way this works, but I don't fully understand
this.


I believe this feature is deprecated, but it should still work.


Hmm, it just seemed to stop working after I upgraded to 2.7 :( I wonder
if anyone else has experienced this?


(I wonder if anyone else is using it.)  This feature is a 
great tool for self-DoS.






I have the following in main.cf

smtpd_client_restrictions = sleep 3, reject_unauth_pipelining,
permit_mynetworks, reject


You probably don't want reject at the end.


The mailserver is firewalled off to everything other than our IP ranges,
just thought I'd be an extra measure to prevent connections from invalid
IPs should there be a firewall breach some how :-) I'll remove it though.


I was assuming this was a general purpose MTA; apparently it's 
a user submission point only - MSA.  In that case, the final 
reject is fine, and probably a good idea.



  -- Noel Jones

Re: Listing IP addresses in mail queue

[Duncan B.]

On Tue, 8 Sep 2009, Wietse Venema wrote:


Indeed, qshape targets outflow. Inflow analysis is easily done
based on logfile records.


Are you able to recommend any methods / tools to extract this information
from the log files, Wietse, or is it just a case of writing a script to do
so?


I understand that you are actually doing from-to analysis: for
example, who sends mail to Yahoo that is getting stuck in the queue.

In that case, qshape -s (statistics by sender domain) could help.
(Assuming that there is a relationship between sender domain and
sender IP address).

Otherwise, a qshape option for stats by IP address might be an idea.



I think a qshape option to view stats per IP address would be brilliant, 
if possible!!


Cheers,
Duncan.

Re: Listing IP addresses in mail queue

[Wietse Venema]

Duncan B.:
 On Tue, 8 Sep 2009, Wietse Venema wrote:
 
  Indeed, qshape targets outflow. Inflow analysis is easily done
  based on logfile records.
 
  Are you able to recommend any methods / tools to extract this information
  from the log files, Wietse, or is it just a case of writing a script to do
  so?
 
  I understand that you are actually doing from-to analysis: for
  example, who sends mail to Yahoo that is getting stuck in the queue.
 
  In that case, qshape -s (statistics by sender domain) could help.
  (Assuming that there is a relationship between sender domain and
  sender IP address).
 
  Otherwise, a qshape option for stats by IP address might be an idea.
 
 I think a qshape option to view stats per IP address would be brilliant, 
 if possible!!

Why are stats by sender domain not sufficient?

Wietse

Re: Listing IP addresses in mail queue

[Victor Duchovni]

On Tue, Sep 08, 2009 at 02:32:30PM +, Duncan B. wrote:

 On Tue, 8 Sep 2009, Wietse Venema wrote:

 Indeed, qshape targets outflow. Inflow analysis is easily done
 based on logfile records.

 Are you able to recommend any methods / tools to extract this information
 from the log files, Wietse, or is it just a case of writing a script to 
 do
 so?

 I understand that you are actually doing from-to analysis: for
 example, who sends mail to Yahoo that is getting stuck in the queue.

 In that case, qshape -s (statistics by sender domain) could help.
 (Assuming that there is a relationship between sender domain and
 sender IP address).

 Otherwise, a qshape option for stats by IP address might be an idea.


 I think a qshape option to view stats per IP address would be brilliant, if 
 possible!!

The qshape script is relatively straight-forward, if somewhat
under-commented, Perl code. It would not be difficult to parse attribute
records and extract client information. Also useful could be stats
by the full sender address *with* the local part, so that an outbound
system administrator can pin-point the *user* causing congestion when
all senders have the same domain, but differ in the local-part of the
address.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: lost connection after CONNECT / SSL_accept error from errors / network_biopair_interop: no inbound mail

[Noel Jones]

On 9/8/2009 3:07 AM, Paul Beard wrote:


I am getting no inbound email after locking down the requirements of
users to authenticate before sending. I dropped back from current
(2.7.*) to 2.6.5.

Not having any success getting tcpdump output. The version I have
differs from the example in the DEBUG instructions.

Complete error messages. Please use cut-and-paste, or use attachments,
instead of reciting information from memory.

Sep 8 00:45:33 shuttle postfix/smtpd[56335]: lost connection after
CONNECT from mail-pz0-f204.google.com[209.85.222.204]


Looks like the client disconnected.

Test your TLS implementation with
openssl s_client -connect IP:port -starttls smtp

If you get a
250 DSN
or similar message after all the SSL handshake goop, then it 
worked.



maps_rbl_domains = blackholes.mail-abuse.org


maps_rbl_domains parameter is deprecated.  See the 
reject_rbl_client command instead.




smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname,
reject_invalid_hostname, permit


You need permit_sasl_authenticated right after permit_mynetworks.


smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated


This is a no-op, you can remove it.

I don't see an smtpd_recipient_restrictions here.  You will 
need at least:

smtpd_recipient_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_unauth_destination




smtpd_tls_loglevel = 3


Everything you may need should be logged at level 1.


strict_rfc821_envelopes = yes


This may reject legit mail.



--master.cf--

smtp inet n - n - 200 smtpd

-o content_filter=filter:

-o smtpd_tls_wrappermode=yes


Ouch!  Don't do that!
This is likely why the client disconnected; your server was 
speaking SSL and the client was speaking normal SMTP.  It 
looked like garbage to the client.
Wrappermode should only be used on a dedicated port, typically 
465 smtps.




-o smtpd_sasl_auth_enable=yes



Since smtpd_sasl_auth_enable is set in main.cf, no reason to 
set it here.


 -- Noel Jones

Undelivered Mail and Postmaster copy

[Eduardo Júnior]

Hi,


when a message cannot be delivered, a DSN is generated and returned to sender.
According to [1] I can customize this message  throught variable
bounce_template_file, in [2].

The message that is returned to sender has subject Undelivered Mail
Returned to Sender.
But, a notification to admin is sent to admin (postmaster), with
subject Postmaster Copy.


My question is:

Is it possible set any configuration to send all Undelivered Mails to
a specific account, like is done
with variable alway_bcc?



[1] - http://www.postfix.org/bounce.5.html
[2] - http://www.postfix.org/postconf.5.html#bounce_template_file


Thanks,

[]'s

-- 
Eduardo Júnior
GNU/Linux user #423272

:wq

Re: lost connection after CONNECT / SSL_accept error from errors / network_biopair_interop: no inbound mail

[paul beard]

On Tue, Sep 8, 2009 at 8:01 AM, Noel Jones njo...@megan.vbhcs.org wrote:

 Looks like the client disconnected.

 Test your TLS implementation with
 openssl s_client -connect IP:port -starttls smtp

 If you get a
 250 DSN
 or similar message after all the SSL handshake goop, then it worked.


OK, all is well here.

 maps_rbl_domains = blackholes.mail-abuse.org


 maps_rbl_domains parameter is deprecated.  See the reject_rbl_client
 command instead.


  smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname,
 reject_invalid_hostname, permit


 You need permit_sasl_authenticated right after permit_mynetworks.

  smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated


 This is a no-op, you can remove it.

 I don't see an smtpd_recipient_restrictions here.  You will need at least:
 smtpd_recipient_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_unauth_destination


 smtpd_recipient_restrictions was there, as specified. So that's alright.



  smtpd_tls_loglevel = 3


 Everything you may need should be logged at level 1.

  strict_rfc821_envelopes = yes


 This may reject legit mail.

 OK, I fixed those. I cranked logging up in vain hope of finding something
indicative.


 --master.cf--

 smtp inet n - n - 200 smtpd

 -o content_filter=filter:

 -o smtpd_tls_wrappermode=yes


 Ouch!  Don't do that!
 This is likely why the client disconnected; your server was speaking SSL
 and the client was speaking normal SMTP.  It looked like garbage to the
 client.
 Wrappermode should only be used on a dedicated port, typically 465 smtps.


Hmm, that's been here forever, but I guess it was obsoleted by the recent
authentication changes.


Well, it looks like I am seeing some deliveries being logged, so maybe it's
fixed.

Any idea if I should care about this?

Sep  8 08:06:57 shuttle postfix/smtpd[61994]: warning:
network_biopair_interop: error reading 11 bytes from
 the network: Connection reset by peer

I see it's a warning but the only mention I found in the Google was that it
was fixed in the next release and that was some time ago.
-- 
Paul Beard / www.paulbeard.org/

Re: Listing IP addresses in mail queue

[Wietse Venema]

Duncan B.:
 
 On Tue, 8 Sep 2009, Wietse Venema wrote:
 
  Postfix doesn't store IPs in the queue file, so there is no
  such tool for postfix.
 
  Client information records were added late in the Postfix life
  cycle, and they are used mainly by for xforward and milters.
 
  However, the 'qshape' tool will list the queue by destination
  domain.
  http://www.postfix.org/QSHAPE_README.html#qshape
 
  Indeed, qshape targets outflow. Inflow analysis is easily done
  based on logfile records.
 
 Are you able to recommend any methods / tools to extract this information 
 from the log files, Wietse, or is it just a case of writing a script to do 
 so?

I understand that you are actually doing from-to analysis: for
example, who sends mail to Yahoo that is getting stuck in the queue.

In that case, qshape -s (statistics by sender domain) could help.
(Assuming that there is a relationship between sender domain and
sender IP address).

Otherwise, a qshape option for stats by IP address might be an idea.

Wietse

Re: lost connection after CONNECT / SSL_accept error from errors / network_biopair_interop: no inbound mail

[Victor Duchovni]

On Tue, Sep 08, 2009 at 08:20:19AM -0700, paul beard wrote:

 Any idea if I should care about this?
 
 Sep  8 08:06:57 shuttle postfix/smtpd[61994]: warning:
 network_biopair_interop: error reading 11 bytes from
  the network: Connection reset by peer

After you turned-off wrapper mode and reloaded or restarted Postfix?

In your original report this was a client-server deadlock because you
had TLS wrapper mode on port 25, and so the client was waiting for a
220 banner,

http://tools.ietf.org/html/rfc5321#section-3.1

while the server was waiting for an SSL client hello.

http://tools.ietf.org/html/rfc4346#section-7.4.1.2

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: [Bounce Handling] Searching information

[Noel Jones]

On 9/8/2009 6:27 AM, no_s...@cardiff.fr wrote:

Hello postfix users
First I’ll say that it’s about 10 days I read Mailing list history, and I
that I Google around in order to understand Bounce Handling in postfix. (I’m
a former Exim user)

I’ve found with Google several sites explaining how to set up bounce
handling, but up to now all methods tested do not work for me…

Let me explain first what we want to do and what is done up to now :

- We have approx 150 customers that wish to do marketing email with their
customers,


Bounces are returned to the envelope sender address; to 
control where bounces go, set the envelope sender address 
appropriately.


Use VERP to encode the recipient as part of the envelope 
sender.  This way bounces are easily parsed to see which 
recipient caused the bounce.

http://www.postfix.org/VERP_README.html

A mailing list manager will do all this and more for you 
automatically.  I strongly suggest you use one of the fine 
MLMs available.  Mailman and majordomo are frequently suggested.


  -- Noel Jones

Re: Listing IP addresses in mail queue

[Duncan B.]

On Tue, 8 Sep 2009, Wietse Venema wrote:


Postfix doesn't store IPs in the queue file, so there is no
such tool for postfix.


Client information records were added late in the Postfix life
cycle, and they are used mainly by for xforward and milters.


However, the 'qshape' tool will list the queue by destination
domain.
http://www.postfix.org/QSHAPE_README.html#qshape


Indeed, qshape targets outflow. Inflow analysis is easily done
based on logfile records.


Are you able to recommend any methods / tools to extract this information 
from the log files, Wietse, or is it just a case of writing a script to do 
so?


Thanks,
Duncan.

Re: Untrusted TLS connection

[Victor Duchovni]

On Tue, Sep 08, 2009 at 11:37:56AM -0400, Gerard wrote:

 I have 'tls' working fine, except for on site. While the mail is still
 sent correctly, I am wondering why I have this warning message in the
 logs:

There is no warning message.

 
 Sep  8 11:27:02 scorpio postfix/smtp[88433]: SSL_connect:before/connect 
 initialization

You log level is too high.

 Sep  8 11:27:06 scorpio postfix/smtp[88433]: Untrusted TLS connection 
 established to smtp.cesmail.net[64.88.168.93]:25: TLSv1 with cipher 
 ADH-AES256-SHA (256/256 bits)

This is not a warning. The connection is using an anonymous cipher, so there
is no peer certificate, and hence the session is untrusted.

 This is the only site that produces the Untrusted warning.

Postfix marks all warning messages with warning: . This is not a warning.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: lost connection after CONNECT / SSL_accept error from errors / network_biopair_interop: no inbound mail

[Noel Jones]

On 9/8/2009 10:20 AM, paul beard wrote:


I don't see an smtpd_recipient_restrictions here.  You will need at
least:
smtpd_recipient_restrictions =

  permit_mynetworks
  permit_sasl_authenticated
  reject_unauth_destination


smtpd_recipient_restrictions was there, as specified. So that's alright.


Did I miss it in your postconf -n output?  If it's not listed 
in postconf -n, then postfix doesn't see it either.  Usually a 
typo in the parameter name.




Any idea if I should care about this?

Sep  8 08:06:57 shuttle postfix/smtpd[61994]: warning:
network_biopair_interop: error reading 11 bytes from
  the network: Connection reset by peer


This is logged by the openssl library when a client aborts the 
SSL handshake.
As long as mail (usually) works from clients you want mail 
from, you can ignore this message.


  -- Noel Jones

RE: [Bounce Handling] Searching information

[no_spam]

For those who might need this later, I've finally with the help of
gandi-hosting newsgroup / irc 
Found solution to my problems :

1rst thing : 

My transport_map was not initialized in main.cf : 
To make piping work it's better to set it correctly without any
misspelling...

transport_maps = hash:/etc/postfix/transport_maps
which contains : 
bounces.f.net bounceh:

2nd thing : 

Master.cf had a problem with php file mapping, 
I had followed : http://answers.google.com/answers/threadview?id=562518
In my case I had to use following : 

bounceh   unix  -   n   n   -   -   pipe
  flags=Rq user=phpuser argv=/usr/bin/php
/srv/f/www/f.net/htdocs/bounces/get_bounces.php $sender $recipient

Last thing : 
Php script must take a #!/usr/bin/php in first line to make it bash
comprehensible... don't know why but seems needed.
Script must evidently have rights to execute.
Php script must be unix formatted, beware of any Windows / Mac editors that
can loose the unix format to file and throw errors like file not found, when
the file does exist with a ls -la.

Thanks any case for your ideas...

T. de LASSAT

How to add more than one recipient on the notice recipient

[Mark Johnson]

All,

How can I add more one recipient? I want both webmaster and postmaster can 
receive error email.
The default setting:
bounce_notice_recipient = postmaster
delay_notice_recipient = postmaster
error_notice_recipient = postmaster

I know Sendmail can just add next to it = postmaster, webmaster, but I have no 
ideal on the Postfix.
Can anyone help?

Thanks.

Mark



  

Re: How to add more than one recipient on the notice recipient

[Evan Platt]

At 12:55 PM 9/8/2009, you wrote:

All,

How can I add more one recipient? I want both webmaster and 
postmaster can receive error email.

The default setting:
bounce_notice_recipient = postmaster
delay_notice_recipient = postmaster
error_notice_recipient = postmaster

I know Sendmail can just add next to it = postmaster, webmaster, but 
I have no ideal on the Postfix.

Can anyone help?


I haven't tried, but one of the below should work:

postmaster, webmaster, or create an alias of say bouncerecipient to 
be postmaster and webmaster...

feature request: deliver to compressed files on Maildir boxes

[Leonardo Rodrigues]

   Hi,

   I was recently playing with dovecot plugins, and one of them caught 
my attention: zlib. This plugin allows dovecot imap4/pop3 modules to 
deal with gzipped messages on Maildir+ boxes ... files are stored in 
compressed format and users can normally check them through IMAP4/POP3, 
decompression is on-the-fly and users doesnt notice anything.


   On several mailboxes i have access and could test, gzipping all 
message files would save about 40% of storage space. Of course the 
compression/decompression is a very CPU intensive task ... but 40% of 
storage saving really calls my attention.


   Apparently there's no problem with mailbox quota management because 
dovecot uses the S=size parameter which is present on the filenames, 
which postfix writes correctly, instead of filesize on the file system.


   Altough dovecot supports reading gzipped files through IMAP4/POP3 
modules, it does not automatically compress files on its delivery agent, 
that should be done by some script somehow.


   Dovecot delivery agent do not support on-the-fly compression when 
delivering messages  but when (and if) dovecot delivery agent 
supports that on-the-fly compression as well, i'll really study it.


   Anyway, as i dont use dovecot delivery agent because postfix virtual 
delivery agent really fits my needs  i would like to propose a 
feature request here, the on-the-fly compression on virtual delivery 
agent, which would be a perfect match for dovecot zlib module i described.



   Because of locking things, that on-the-fly compression/decompression 
is not possible for mbox boxes.



   Some minor information about dovecot zlib module:

http://wiki.dovecot.org/Plugins/Zlib

--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it

Re: feature request: deliver to compressed files on Maildir boxes

[mouss]

Leonardo Rodrigues a écrit :
 
Hi,
 
I was recently playing with dovecot plugins, and one of them caught
 my attention: zlib. This plugin allows dovecot imap4/pop3 modules to
 deal with gzipped messages on Maildir+ boxes ... files are stored in
 compressed format and users can normally check them through IMAP4/POP3,
 decompression is on-the-fly and users doesnt notice anything.
 
On several mailboxes i have access and could test, gzipping all
 message files would save about 40% of storage space. Of course the
 compression/decompression is a very CPU intensive task ... but 40% of
 storage saving really calls my attention.
 
Apparently there's no problem with mailbox quota management because
 dovecot uses the S=size parameter which is present on the filenames,
 which postfix writes correctly, instead of filesize on the file system.
 
Altough dovecot supports reading gzipped files through IMAP4/POP3
 modules, it does not automatically compress files on its delivery agent,
 that should be done by some script somehow.
 
Dovecot delivery agent do not support on-the-fly compression when
 delivering messages  but when (and if) dovecot delivery agent
 supports that on-the-fly compression as well, i'll really study it.
 
Anyway, as i dont use dovecot delivery agent because postfix virtual
 delivery agent really fits my needs  i would like to propose a
 feature request here, the on-the-fly compression on virtual delivery
 agent, which would be a perfect match for dovecot zlib module i described.
 
 
Because of locking things, that on-the-fly compression/decompression
 is not possible for mbox boxes.
 
 
Some minor information about dovecot zlib module:
 
 http://wiki.dovecot.org/Plugins/Zlib
 

I don't wanna sound negative, but
- since dovecot solves the problem...
- this can also be handled at fielsystem level
- every time I hear zlib, someting like vulnerability hits my ears.
so if I can vote, I'd say no to zlib integration. this applies to
dovecot too. unfortunately, it seems that Timo is too open, which
makes the with security in mind of dovecot debatable at least. is it
time to move back to courier?
- the best code is that you don't write
...

Re: How to add more than one recipient on the notice recipient

[mouss]

Mark Johnson a écrit :
 All,
 
 How can I add more one recipient? I want both webmaster and postmaster can 
 receive error email.
 The default setting:
 bounce_notice_recipient = postmaster
 delay_notice_recipient = postmaster
 error_notice_recipient = postmaster
 

just make it joemaster and have joemaster as a (virtual) alias that
explodes to whomever you want.

 I know Sendmail can just add next to it = postmaster, webmaster, but I have 
 no ideal on the Postfix.
 Can anyone help?
 
 Thanks.
 
 Mark
 
 
 
   

Re: distribution list with postfix

[mouss]

Thomas Koch a écrit :
 Hi,
 
 could you please give me an addvise, whether the following is possible with 
 postfix? I'd like to manage distribution lists with postfix, so that when a 
 user sends a message to
 
 li...@mydomain
 
 postfix looks up an alias map in MySQL and sends individual emails to each 
 alias found in the table. It is important that the To: header of the mail 
 contains the expanded address, not the original one so that the resulting 
 mails looks exactly as if the user would have send them individually to each 
 recipient.
 

no, postfix is not a mass mailing application.

if the headers differ, then there is no point to not send one mail per
recipient.

please note that mass mailing is not easy. you need to manage bounces,
errors, ... etc.

 Thanks for your time!
 
 Thomas Koch, http://www.koch.ro

Re: relay_domains vs virtual_mailbox_domains

[mouss]

Steve Heaven a écrit :
 On Mon, 2009-09-07 at 11:50 -0400, Sahil Tandon wrote:
 

 You should not accept mail for invalid recipients.  Use existing
 functionality to build a cache/database of valid recipients on the fly.
 See: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
 
 We have no way of knowing if the recipient address is valid or not as we
 are only acting as a relay for the final destination.
 We cannot build a database of recipients on the fly as that information
 is held on the various servers of our clients, to which we do not have
 access.


the old: try to pass to next, until  final server accepts or rejects
is n more acceptable. recipients must be checked at the edge.

postfix provides reject_unverified_recipient to help you for that
(assuming the next relay really validates the recipient).

It's been a time that most people acknowledge that backscatter is a
problem. those who take a selfish approach to mail should not be
surprised if they are blacklisted, and should not ask for help.

Re: relay_domains vs virtual_mailbox_domains

[mouss]

yar mailer got borked?

Clunk Werclick a écrit :
 From: 
 Clunk Werclick
 mailbacku...@googlemail.com
 Reply-to: 
 mailbacku...@googlemail.com
   Cc: 
 postfix-users@postfix.org
  Subject: 
 Re: relay_domains
 vs
 virtual_mailbox_domains
 Date: 
 Tue, 08 Sep 2009
 09:28:36 +0100
   Mailer: 
 Evolution 2.24.3 
 
 
 
 On Tue, 2009-09-08 at 08:52 +0100, Steve Heaven wrote:
 On Mon, 2009-09-07 at 11:50 -0400, Sahil Tandon wrote:

 You should not accept mail for invalid recipients.  Use existing
 functionality to build a cache/database of valid recipients on the
 fly.
 See:
 http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
 We have no way of knowing if the recipient address is valid or not as
 we are only acting as a relay for the final destination.
 We cannot build a database of recipients on the fly as that
 information is held on the various servers of our clients, to which we
 do not have access.

 Please forgive the bluntness - and drifting off a bit as I've not seen
 all of this; If you are acting as a relay and not able to verify the
 final recipients exist - you will quickly run into serious problems and
 side effects.
 
 Postfix provides a probing/discovery mechanism that spares you the need
 to build maps - it's not ideal when compared to the sheer speed of SQL,
 MAPS or LDAP, but it exists - so there is no excuse to accept mail for
 invalid recipients with Postfix. The link given tells you how this
 'probing' works.
 
 Failing to verify final recipients means you will probably accept mail
 that is sequentially refused, leaving you holding the baby and having to
 bounce it. (Old Chinese Proverb say, man who gives 250 OK to SMTP, take
 ownership and responsibility). With invalid recipients, the sender is
 usually forged and as your relay has nothing left to do but bounce the
 message, your IP(s) are going to become really unpopular *fast*, and
 probably have it blacklisted in no time at all.
 
 This is, of course, not only limited to invalid recipients. Accepting
 any kind of mail for a destination that cannot be delivered gives the
 same problem. Perhaps the recipient is valid, but the destination
 refused the message because of the content/spam. You end up holding the
 baby again.
 
 If you really need the ability to catch all without bounce then the
 final destination needs to absolutely white list everything your throw
 at it - regardless of recipient or content. That is most certainly *not*
 ideal without some serious UCE measures on the relay itself.
 
 In commercial solutions I have seen, RELAYS have held the message and
 not given a 250 until the final destination has taken it -or- (less
 ideal) taken the message and put it into an 'outbound' Postfixen where
 it is retried for 48-72 hours. This gives the Relay admin time to see it
 and liase with the final destination host admin. This would be a real
 headache if you wind up with thousands of messages in the queue for
 invalid recipients, bringing us full circle to the topic once more.
 
 Good luck with what it is you are doing.
 
 

Re: How to add more than one recipient on the notice recipient

[Wietse Venema]

Mark Johnson:
 All,
 
 How can I add more one recipient? I want both webmaster and postmaster can 
 receive error email.
 The default setting:
 bounce_notice_recipient = postmaster
 delay_notice_recipient = postmaster
 error_notice_recipient = postmaster
 
 I know Sendmail can just add next to it = postmaster, webmaster, but I have 
 no ideal on the Postfix.
 Can anyone help?
 

/etc/aliases:
postmaster: you, webmaster

Wietse

Re: feature request: deliver to compressed files on Maildir boxes

[Noel Jones]

On 9/8/2009 2:59 PM, Leonardo Rodrigues wrote:


Hi,

I was recently playing with dovecot plugins, and one of them caught my
attention: zlib. This plugin allows dovecot imap4/pop3 modules to deal
with gzipped messages on Maildir+ boxes ... files are stored in
compressed format and users can normally check them through IMAP4/POP3,
decompression is on-the-fly and users doesnt notice anything.

...

Anyway, as i dont use dovecot delivery agent because postfix virtual
delivery agent really fits my needs  i would like to propose a
feature request here, the on-the-fly compression on virtual delivery
agent, which would be a perfect match for dovecot zlib module i described.


The postfix virtual delivery agent is intentionally 
bare-bones.  Any new feature discussed would need to be 
compelling and widely usable; compressed maildir support is 
neither.


The right place for this feature is the dovecot deliver 
program, not postfix virtual.


  -- Noel Jones

Re: feature request: deliver to compressed files on Maildir boxes

[Seth Mattinen]

mouss wrote:
 Leonardo Rodrigues a écrit :

 http://wiki.dovecot.org/Plugins/Zlib

 
 I don't wanna sound negative, but
 - since dovecot solves the problem...
 - this can also be handled at fielsystem level
 - every time I hear zlib, someting like vulnerability hits my ears.
 so if I can vote, I'd say no to zlib integration. this applies to
 dovecot too. unfortunately, it seems that Timo is too open, which
 makes the with security in mind of dovecot debatable at least. is it
 time to move back to courier?

Well, it *is* a plugin, just don't enable it and you're zlib free. I'll
agree with you on the too open part though.

~Seth

Re: feature request: deliver to compressed files on Maildir boxes

[Timo Sirainen]

On Sep 8, 2009, at 6:16 PM, mouss wrote:

- every time I hear zlib, someting like vulnerability hits my  
ears.


Well, you inspired me to finally implement a prevention method against  
almost all vulnerabilities there could be in zlib: http://hg.dovecot.org/dovecot-1.2/rev/b359aac78f92 
 I had been planning this since the beginning, but since few people  
used zlib plugin I guess I always just treated it as second class  
citizen and thought other things were more important. And sure, that  
patch doesn't help if users have some other way of writing files to  
maildir, but in typical setups I would now consider using zlib plugin  
safe.



so if I can vote, I'd say no to zlib integration. this applies to
dovecot too. unfortunately, it seems that Timo is too open, which
makes the with security in mind of dovecot debatable at least. is it
time to move back to courier?


I try to keep the defaults secure, but I also understand that others  
just want the best performance and fancy features.