Re: 2.7 RPM
2010/2/23 ram r...@netcore.co.in: On Mon, 2010-02-22 at 16:48 +0200, Eero Volotinen wrote: 2010/2/22 ram r...@netcore.co.in: On Mon, 2010-02-22 at 09:17 -0500, Carlos Williams wrote: Does anyone happen to know if anyone is kindly dedicating their time to creating a Postfix 2.7 RPM for download? I know this is extremely time consuming but I am really interested to try out Postfix 2.7 on my CentOS x64 server. I realize Simon was responsible for creating the previous RPM's available on a mirror but I don't know if he is still doing so. I never saw a 2.6.5-3 RPM (only 2.6.5-1) and wasn't sure if he would continue to do so or only with major release versions. Thanks for any info! **PS** Yes I am very aware anyone including myself could create a RPM from source using the SRPM's however I attempted this in the past and failed miserably. -Carlos http://www.kutukupret.com/2010/02/08/compiling-postfix-2-7-0-as-rpm-package I followed these steps and created a Centos 5x rpm myself If you are interested in the rpm only you could contact me. can you release the .spec / srpm file including all needed files to compile it? All the files which I used for my compile are here https://ecm.netcore.co.in/tmp/postfix-2.7.0.rpmfiles.tgz You may want to hash-off the dotname patch which I use on my machines Of course take care of the usual warning :-) These are files that worked for me, there is absolutely *no guarantee* that this work for you. If someone can help me with a doc on creating a .src.rpm package I would like to try it how about command: rpmbuild -bb myprogram.spec -- Eero
Re: 2.7 RPM
On 23 February 2010 19:34, Eero Volotinen eero.voloti...@iki.fi wrote: 2010/2/23 ram r...@netcore.co.in: All the files which I used for my compile are here https://ecm.netcore.co.in/tmp/postfix-2.7.0.rpmfiles.tgz You may want to hash-off the dotname patch which I use on my machines Of course take care of the usual warning :-) These are files that worked for me, there is absolutely *no guarantee* that this work for you. If someone can help me with a doc on creating a .src.rpm package I would like to try it how about command: rpmbuild -bb myprogram.spec No, that is incorrect. From the rpmbuild manpage: -baBuild binary and source packages (after doing the %prep, %build, and %install stages). -bbBuild a binary package (after doing the %prep, %build, and %install stages). -bsBuild just the source package. We use -ba when rolling our RPMs. -bs would be suitable if you *only* want a Source RPM. If you can build the RPM (it sounds like you were successful) then the SRPM should be no problem. I've tried the procedure from the aforementioned link (http://www.kutukupret.com/2010/02/08/compiling-postfix-2-7-0-as-rpm-package/) and had no problems building the RPMs. I haven't tested the RPMs yet.
Re: 2.7 RPM
If someone can help me with a doc on creating a .src.rpm package I would like to try it Thanks Ram actually,when you're follow workaround on my site you got both binary and source. usually located at %_topdir/SRPMS/ spec files always produces both binary and source when rebuild with rpmbuild -ba isn't it? :)
Re: 2.7 RPM
* ram [23/02/2010 09:01] : If someone can help me with a doc on creating a .src.rpm package I would like to try it I've always found Guru Labs' guide to be helpful: http://www.gurulabs.com/downloads/GURULABS-RPM-LAB/GURULABS-RPM-GUIDE-v1.0.PDF Emmanuel
Re: rbl sites
brian moore put forth on 2/22/2010 12:57 PM: I like Spamhaus, and it is very effective, though they do charge a nontrivial fee for commercial usage that would never get approved around here. You may be pleasantly surprised to find out you do qualify for free use. http://www.spamhaus.org/organization/dnsblusage.html *Definition: non-commercial use is use for any purpose other than as part or all of a product or service that is resold, or for use of which a fee is charged. For example, using our DNSBLs in a commercial spam filtering appliance that is then sold to others requires a data feed, regardless of use volume. The same is true of commercial spam filtering software and commercial spam filtering services. If you're non-commercial, and at less than 100,000 SMTP transactions per day, and less than 300,000 dnsbl queries per day, then you qualify for the free service. -- Stan
copy all e-mails to a new domain
Hello, While moving the IMAP services to a new host, I'd need to copy all messages addressed to anyu...@example.com to the old inbox, and to the new at anyu...@tempsubdomain.example.com Virtual maps allows this, but needs the full list in the form us...@example.com: user1 us...@tempdomain.example.com us...@example.com: user2 us...@tempdomain.example.com ... Is there some shortcut to write replace the domain part for any user of example.com and copy to the new address? Thank you.
Re: copy all e-mails to a new domain
On Tue, 2010-02-23 at 13:23 +0200, Razvan Cosma wrote: Hello, While moving the IMAP services to a new host, I'd need to copy all messages addressed to anyu...@example.com to the old inbox, and to the new at anyu...@tempsubdomain.example.com Virtual maps allows this, but needs the full list in the form us...@example.com: user1 us...@tempdomain.example.com us...@example.com: user2 us...@tempdomain.example.com ... Is there some shortcut to write replace the domain part for any user of example.com and copy to the new address? Thank you. Please have a look at http://freshmeat.net/projects/imapsync/ I think that is what your really need. -- Martijn
Re: Add extra headers when forwarding
Hi Wietse, Yes you are correct. My browser was not showing those headers. Thanks for the prompt reply. Regards, Shameem --- On Tue, 23/2/10, Wietse Venema wie...@porcupine.org wrote: From: Wietse Venema wie...@porcupine.org Subject: Re: Add extra headers when forwarding To: Postfix users postfix-users@postfix.org Date: Tuesday, 23 February, 2010, 1:18 AM Shameem Ahamed: Yes it adds received header. But it doesn't add the user details. Received: from mx1 (INBOUNDSERVER [IPADDRESS]) by FORWARDSERVER (Postfix) with ESMTP id BA40E4940D6 for RECIPIENT; Thu, 18 Feb 2010 02:19:28 + (GMT) The recipient is HERE. If you don't see the recipient, then you use a BROKEN MAIL READER. Shameem Ahamed: I am seeing just ';' in that place. Am i doing anything wrong ?. Yes. You are using a BROKEN MAIL READER. Namely, a mail reader that processes plain text email as if it is HTML, and that removes all text that looks like an HTML tag (such as the recipient address in a Postfix Received: header. If you examine this thread via one of the on-line websites that archive this mailing list, then you will understand what I mean. Wietse The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/
Some questions about logging
Hello, I'm enhancing a program I use to follow Postfix logs in sort of real-time. It does a couple of things, and the most important is to record a single-line summaries for each message, storing source IP address, from, to, timestamp, size, final delivery destination (mail relay or mailbox) and status. In order to keep up with a lot of activity, I need to keep some data in memory, so that I can summarize all the log lines describing a message process. The problem is: many things can go wrong in a message delivery, and, worse, syslog, based on UDP, can lose datagrams due to different causes. So such a program running for a long time could end up storing a lot of incomplete messages in memory. I am planning to use timestamps in order to flush longstanding messages, but of course I don't want to discard too much incomplete data. Looking at the progress of an email message, I think I've found a possible problem (for me) with logging. Let's see a normal example: 1- Client connects - smtpd records a connect from... 2- client sends valid HELO 3- client sends valid MAIL FROM: 4- client sends valid RCPT TO: - smtpd logs a client= line with a queue id (at this point, I store the source IP address and queue id for the message) 5- client sends DATA and message headers, body. 6- client finishes sending body, sends . - cleanup logs message-id= 7- qmgr logs from= 8- transport (local, etc) logs 'to=' with delivery status, etc. 9- qmgr logs queue id removed 10- smtpd logs disconnect So far, so good, this one is trivial to follow. But, what happens if the client isn't so predictable? Let's see an example: Zaphod:~ borjam$ telnet 172.16.2.117 smtp Trying 172.16.2.117... Connected to 172.16.2.117. Escape character is '^]'. 220 pruebazfs1.sarenet.es ESMTP Postfix HELO testing 250 pruebazfs1.sarenet.es MAIL FROM: bor...@sarenet.es 250 2.1.0 Ok RCPT TO: bor...@pruebazfs1 250 2.1.5 Ok quit 221 2.0.0 Bye Connection closed by foreign host. And the log records this: Feb 23 15:08:20 pruebazfs1 postfix/smtpd[4800]: connect from unknown[172.16.1.204] Feb 23 15:08:56 pruebazfs1 postfix/smtpd[4800]: 522243F471: client=unknown[172.16.1.204] Feb 23 15:09:00 pruebazfs1 postfix/smtpd[4800]: disconnect from unknown[172.16.1.204] After this, I have recorded a (queue id, ip address) tuple, and the client disconnected. So it could be a good bet to just remove the aborted (queue_id,ip_addr) tuple from my list. But I'm worried that I could lose messages if the server is slow. The message-id= line is logged by a different program, cleanup. Doing a pipelined send, I've seen that the progress is logged as follows: Feb 23 15:13:33 pruebazfs1 postfix/smtpd[4819]: connect from unknown[172.16.1.204] Feb 23 15:13:33 pruebazfs1 postfix/smtpd[4819]: improper command pipelining after HELO from unknown[172.16.1.204] Feb 23 15:13:33 pruebazfs1 postfix/smtpd[4819]: 4DEAD418A8: client=unknown[172.16.1.204] +++Feb 23 15:13:33 pruebazfs1 postfix/cleanup[4823]: 4DEAD418A8: message-id=20100223141333.4dead41...@pruebazfs1.sarenet.es Feb 23 15:13:33 pruebazfs1 postfix/qmgr[4746]: 4DEAD418A8: from=bor...@sarenet.es, size=358, nrcpt=1 (queue active) +++Feb 23 15:13:33 pruebazfs1 postfix/smtpd[4819]: disconnect from unknown[172.16.1.204] I'm marking the two interesting lines with a +++. I could just discard a (queue_id, ip_addr) tuple in case I see a disconnect line from the same smtpd process. But, is it possible for the message-id= line from cleanup to be delayed? I've noticed that smtpd, upon reception of a valid rcpt to, connects to a cleanup process and there seems to be a strong coupling between the two. Is there, maybe, a guarantee (due to the program flow in smtpd) that the message-id= line from cleanup will always be logged before the disconnected line from smtpd? Is it a synchronous coupling, or messages sent from smtpd go to a cleanup queue to be processed asynchronously, and hence it would be possible to see a disconnected smtpd line before the message-id= line from cleanup? I hope this message is understandable ;) I need to avoid memory leaks, but I don't want to be over aggressive with discards. Mail servers can be painfully slow now and then, under heavy loads... By the way, wouldn't it be better to have a message similar to the queue_id removed logged by qmgr, when this happens? I mean, a queue id has been allocated by the smtpd/cleanup pair, and in case the client disconnects before DATA there's no other mention of that queue id on the system log. Thank you very much in advance, Borja.
Re: copy all e-mails to a new domain
ram: On Tue, 2010-02-23 at 13:23 +0200, Razvan Cosma wrote: Hello, While moving the IMAP services to a new host, I'd need to copy all messages addressed to anyu...@example.com to the old inbox, and to the new at anyu...@tempsubdomain.example.com Virtual maps allows this, but needs the full list in the form us...@example.com: user1 us...@tempdomain.example.com us...@example.com: user2 us...@tempdomain.example.com .. Is there some shortcut to write replace the domain part for any user of example.com and copy to the new address? use a pcre or a regex map ==main.cf== virtual_alias_maps=pcre:/etc/postfix/copy_mail With the above, Postfix would accept mail for non-existent recipients. Instead, use recipient_bcc_maps, and use a PCRE table of: /etc/postfix/main.cf: recipient_bcc_maps = pcre:/etc/postfix/copy_mail /etc/postfix/copy_mail /^(.*)@example\.com$/ $...@tempdomain.example.com Wietse
mailing lists
Hi, I'm using postfix as mail server and I'm very satisfied about how it works I've to implement a service that sends lists of mails including commercial offers (and no spam obviously)... the problem is that sometimes some Internet providers recognize servers that sends too much mail and can ban them... For example, I know that a particular ISP doesn't want to receive more than 30 email a day... so I need to create a service that can implement a different behaviour depending on the receiver mail server or ISP that manage it Have I to create it myself ? Does exist something that allows to set such rules?
Re: Some questions about logging
Borja Marcos: Is there, maybe, a guarantee (due to the program flow in smtpd) that the message-id= line from cleanup will always be logged before the disconnected line from smtpd? When an SMTP client aborts prematurely, then the Postfix smtpd process will immediately log the disconnected line, without waiting for the cleanup server. Waiting happens only while there are no errors. At some point, the logging of Postfix will be configurable. It's one of the first-generation pieces of code that is completely hard-coded, as part of the drive to get a mail system released. Wietse
Re: header_checks question
Zitat von Victor Duchovni victor.ducho...@morganstanley.com: On Mon, Feb 22, 2010 at 03:54:47PM -0500, Wietse Venema wrote: The rules for display names are in RFC*22. Look for the ABNF for display-name, phrase, word, and atom. Short answer: as long as =?iso-8859-1?Q?stuff?= looks like an RFC2822 atom, it needs no quoting. And of course, RFC 2047 ensures that encoded words are atoms. So the first one is correct and the second one not?? From: =?iso-8859-1?Q?H=F6fler=2C_Verena?= xx...@x.de To: =?iso-8859-1?Q?=27=22H=F6fler=2C_Martin=22=27?= xx...@kwsoft.de This was within one mail from Outlook/Exchange and at least Thunderbird badly chokes on the first one when answering Many Thanks Andreas smime.p7s Description: S/MIME Signatur
Re: header_checks question
So the first one is correct and the second one not?? From: =?iso-8859-1?Q?H=F6fler=2C_Verena?= xx...@x.de To: =?iso-8859-1?Q?=27=22H=F6fler=2C_Martin=22=27?= xx...@kwsoft.de This was within one mail from Outlook/Exchange and at least Thunderbird badly chokes on the first one when answering Same here. That's why I added the ugly hack -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Some questions about logging
On Tue, Feb 23, 2010 at 01:23:08PM +0100, Borja Marcos wrote: I'm enhancing a program I use to follow Postfix logs in sort of real-time. It does a couple of things, and the most important is to record a single-line summaries for each message, storing source IP address, from, to, timestamp, size, final delivery destination (mail relay or mailbox) and status. You can trivially have smtpd(8) help you substantially. smtpd will log everything it has regarding a message (everything before final delivery) with one simple restriction: smtpd_end_of_data_restrictions = check_recipient_access static:warn End of data was chosen because at that time the actual message size is known. Recipient access was chosen because it gives a separate entry per recipient of a multiple-recipient message. Salt to taste, enjoy. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: header_checks question
lst_ho...@kwsoft.de: Zitat von Victor Duchovni victor.ducho...@morganstanley.com: On Mon, Feb 22, 2010 at 03:54:47PM -0500, Wietse Venema wrote: The rules for display names are in RFC*22. Look for the ABNF for display-name, phrase, word, and atom. Short answer: as long as =?iso-8859-1?Q?stuff?= looks like an RFC2822 atom, it needs no quoting. And of course, RFC 2047 ensures that encoded words are atoms. So the first one is correct and the second one not?? From: =?iso-8859-1?Q?H=F6fler=2C_Verena?= xx...@x.de This is a properly encoded string. If a mail system cannot deal with it, then it mis-implements RFC 5322 syntax rules and RFC 2047 encoding. Of course we know exactly what the bug is: they apply RFC 5322 syntax rules on the DECODED string. Instead, they must apply RFC 5322 syntax rules on the ENCODED string. That is the whole point of having RFC 2047 encoding in the first place. Putting unencoded quotes around an RFC 2047 encoded string violates RFC 2047. Inserting encoded quotes into an RFC 2047 encoded string will break strings that already contain quotes. Wietse
How to tell which instance is which
Hello, just a suggestion. Below is an example how freshly started 3 Postfix instances looks in process list (I'm not posting ps from working system to not bloat this message): 18374 ?Ss 0:00 /usr/lib/postfix/master 18377 ?S 0:00 \_ pickup -l -t fifo -u -c -o content_filter= -o receive_override_options= 18378 ?S 0:00 \_ qmgr -l -t fifo -u -c 18455 ?Ss 0:00 /usr/lib/postfix/master 18458 ?S 0:00 \_ pickup -l -t fifo -u -c -o content_filter= -o receive_override_options= 18460 ?S 0:00 \_ qmgr -l -t fifo -u -c 18535 ?Ss 0:00 /usr/lib/postfix/master 18539 ?S 0:00 \_ pickup -l -t fifo -u -c -o content_filter= -o receive_override_options= 18540 ?S 0:00 \_ qmgr -l -t fifo -u -c 3 instances are: MSA, MX and outgoing relay with fast retry for specific domains. Would it be possible to add the instance name (or group name/instance name) to the line containing master process? I mean just a decorator like this: 18535 ?Ss 0:00 /usr/lib/postfix/master postfix-mx 18539 ?S 0:00 \_ pickup -l -t fifo -u -c -o content_filter= -o receive_override_options= 18540 ?S 0:00 \_ qmgr -l -t fifo -u -c It could be a tiny aid in case of problems where time is precious. Thanks in advance and regards, Andrzej
Mail Transport Unavailable
Hello If I use the command # mail -v n...@domain.com I get the folloing Mail delivery status report will be mailed to root But then I get MAILER-DAEMON (mail transport unavailable) Using FreeBSD 7.2 Postfix 2.6.5 And second instance running Thanks in advance _ Motty
Re: Mail Transport Unavailable
On Tue, Feb 23, 2010 at 08:52:23AM -0800, motty cruz wrote: If I use the command # mail -v n...@domain.com I get the folloing Mail delivery status report will be mailed to root But then I get MAILER-DAEMON (mail transport unavailable) Using FreeBSD 7.2 Postfix 2.6.5 And second instance running Thanks in advance http://www.postfix.org/DEBUG_README.html#mail -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
RE: Mail Transport Unavailable
Thanks for pointing that out Victor, does not justify that I'm newbie, please accept my apologies. I'm in the command prompt of the spam filter I finished building using FreeBSD 7.2 and Postfix 2.6.5 and I want to send email to myself mo...@domain.com so I type the following in the command prompt Filter # mail -v mo...@domain.com Subject: test postfix conf debug_peer_list = 127.0.0.1 . EOT Mail Delivery Status Report will be mailed to root. Filter # mailq -Queue ID- --Size-- Arrival Time -Sender/Recipient--- A4051B898 1938 Tue Feb 23 09:01:54 MAILER-DAEMON (mail transport unavailable) r...@domain.com -- 2 Kbytes in 1 Request. As you can see the message was sent but debug log was not sent to r...@doamin.com Below is my config file filter# postconf -n alias_database = hash:/usr/local/etc/postfix/aliases alternate_config_directories = /usr/local/etc/postfix-out anvil_rate_time_unit = 20s biff = no command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debug_peer_list = domain.com html_directory = no in_flow_delay = 1s local_recipient_maps = hash:/usr/local/etc/postfix/userdb, hash:/usr/local/etc/postfix/uservirt local_transport = no local mail delivery mail_owner = postfix mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man message_size_limit = 5000 mydestination = domain.com, myhostname = filter.domain.com mynetworks = 127.0.0.0/8, myorigin = domain.com newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_banner = filter.domain.com smtpd_error_sleep_time = 0 unknown_local_recipient_reject_code = 550 Filter# Thanks in Advance, _Motty -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Victor Duchovni Sent: Tuesday, February 23, 2010 9:00 AM To: postfix-users@postfix.org Subject: Re: Mail Transport Unavailable On Tue, Feb 23, 2010 at 08:52:23AM -0800, motty cruz wrote: If I use the command # mail -v n...@domain.com I get the folloing Mail delivery status report will be mailed to root But then I get MAILER-DAEMON (mail transport unavailable) Using FreeBSD 7.2 Postfix 2.6.5 And second instance running Thanks in advance http://www.postfix.org/DEBUG_README.html#mail -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: How to tell which instance is which
Wietse Venema put forth on 2/23/2010 10:39 AM: Not all the world is Linux. In fact there are 10 times as many Macs. Wietse Venema put forth on 2/16/2010 10:01 AM: This is a technical mailing list. When you claim that something is bad, you need to support that claim with actual evidence. Otherwise, you are just spreading rumors. Linux = operating system MAC = computer (usually runs MAC OSX but not always) Given worldwide Linux use on desktops, laptops, and servers, and given that the vast majority of Macintosh PCs and servers are sold into the US market only, I have trouble believing there are 10x more OSX installations worldwide than Linux. In fact, I would venture to guess it's the other way round, but with an even higher ratio. I have no hard figures to support this, but I'm guessing you don't either. Come to think of it, if one were to merely count the number of supercomputer cluster nodes running Linux the resulting sum would probably be more than all Macs sold throughout history. A single Cray XT4/5 Linux cluster at ORNL alone has 45,208 Linux compute nodes. This sum doesn't include the hundreds of login and filesystem nodes all running Linux. Add to this total every Linux cluster node at US government labs of various sorts, and the number of nodes running Linux is into the tens of millions. Now do the same for every nation's governement lab clusters. Now do the same for universities. We're probably now well over 20 million Linux nodes just for scientific compute clusters. Now lets add all the nodes run for Google search, a few hundred thousand worldwide, and Gmail, and Google apps. Now add in the millions of web servers of all kinds around the world running a LAMP stack or Lighttpd for image or video serving. How about all the VPS hosting offered by ISPs and colocation facilities? Most of those run Linux. Need we count Linux on the desktop in China and India? Russia? I'm pretty sure MAC OSX is fighting an uphill battle with Linux when it comes to the numbers game, and losing badly. If Apple were to release OSX as a standalone product, the trend might change a bit, though not enough for OSX to take the numbers lead. Linux offers to much choice and control, and it's free. These qualities are difficult for its competition to overcome especially amongst populations who are not yet victims of vendor lock in. ;) -- Stan
Re: Mail Transport Unavailable
On Tue, Feb 23, 2010 at 09:17:35AM -0800, motty cruz wrote: Filter # mail -v mo...@domain.com Subject: test postfix conf debug_peer_list = 127.0.0.1 . EOT Mail Delivery Status Report will be mailed to root. Filter # mailq -Queue ID- --Size-- Arrival Time -Sender/Recipient--- A4051B898 1938 Tue Feb 23 09:01:54 MAILER-DAEMON (mail transport unavailable) Third item from http://www.postfix.org/DEBUG_README.html#mail: Postfix logging. See the text at the top of the DEBUG_README document to find out where logging is stored. Please do not frustrate the helpers by word wrapping the logging. Find and post the log entries for this ( A4051B898 ) queue-id, repost the log entries and your configuration setings together in one message. filter# postconf -n alias_database = hash:/usr/local/etc/postfix/aliases alternate_config_directories = /usr/local/etc/postfix-out You seem to have multiple Postfix instances, make sure you are posting configuration information for the right one... Was MAIL_CONFIG set in the environment when you were running the mail(1) command in question? anvil_rate_time_unit = 20s Why? config_directory = /usr/local/etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 Is an smtp-amavis transport defined in master.cf? local_transport = no local mail delivery There's your problem. This is nonsense. mydestination = domain.com, Especially when you configure your domain for local delivery. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: How to tell which instance is which
On Tue, Feb 23, 2010 at 11:26:23AM -0600, Stan Hoeppner wrote: Wietse Venema put forth on 2/23/2010 10:39 AM: Not all the world is Linux. In fact there are 10 times as many Macs. Wietse Venema put forth on 2/16/2010 10:01 AM: This is a technical mailing list. When you claim that something is bad, you need to support that claim with actual evidence. Otherwise, you are just spreading rumors. Linux = operating system MAC = computer (usually runs MAC OSX but not always) Blah, blah, blah... Do we really need this lecture here? The off-the-cuff comment explains that Postfix is not single-platform software and avoids platform-specific features. There is no need to get hung up on the numbers. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: rbl sites
On Tue, 23 Feb 2010 03:47:09 -0600 Stan Hoeppner s...@hardwarefreak.com wrote: http://www.spamhaus.org/organization/dnsblusage.html *Definition: non-commercial use is use for any purpose other than as part or all of a product or service that is resold, or for use of which a fee is charged. For example, using our DNSBLs in a commercial spam filtering appliance that is then sold to others requires a data feed, regardless of use volume. The same is true of commercial spam filtering software and commercial spam filtering services. My toy domains qualify, sure. But they're mostly toys and though I have thousands of valid(!) addresses at them, they're mainly used to track who is selling my name. The addresses are effectively tracking cookies. My work domains (3 ISP's, with a few thousand users especially) do not qualify. ISP's, even small ones, must pay. | Use of the Spamhaus DNSBLs by organizations and networks with email traffic | likely to exceed the Free Use limits, or by ISPs or commercial spam filter | services, requires a subscription to the Spamhaus DNSBL Datafeed Service, | a service designed for users with professional DNSBL requirements. Strip out the commas to make the sentence simpler: Use of the Spamhaus DNSBLs by organizations and networks ... or by ISPs ... requires a subscription to the Spamhaus DNSBL Datafeed Service... When Spamhaus switched to this model, they sent mail insisting I pay, so they seem to agree with my interpretation. [Ironically, the ISP's are actually owned by a Non-profit, and one is a non-profit itself, using revenues from paying customers to subsidize low income access... but 501c3 status is not mentioned as a distinguisher between commercial and non-commercial, and it is all a very complicated arrangement to appease the IRS anyway...)
Re: How to tell which instance is which
Stan Hoeppner: Wietse Venema put forth on 2/23/2010 10:39 AM: Not all the world is Linux. In fact there are 10 times as many Macs. Wietse Venema put forth on 2/16/2010 10:01 AM: This is a technical mailing list. When you claim that something is bad, you need to support that claim with actual evidence. Otherwise, you are just spreading rumors. Linux = operating system MAC = computer (usually runs MAC OSX but not always) Given worldwide Linux use on desktops, laptops, and servers, and given that the vast majority of Macintosh PCs and servers are sold into the US market only, I have trouble believing there are 10x more OSX installations worldwide than Linux. In fact, I would venture to guess it's the other way round, but with an even higher ratio. I have no hard figures to support this, but I'm guessing you don't either. Here is one example: http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8 Wietse
RE: prepend headers logging
On 2/23/2010 11:34 AM, AMP Admin wrote: AMP Admin: is there away to stop prepend: header from being added to the logs? No. If it bothers you, use grep. Wietse - It just sucks when logwatch sends me the logs and it's an email with over 1000 lines of header prepend info. Adjust your logwatch settings to not include lines you aren't interested in. -- Noel Jones The other problem is when a large mailing goes out the log gets too full to process.
Re: prepend headers logging
AMP Admin wrote: On 2/23/2010 11:34 AM, AMP Admin wrote: AMP Admin: is there away to stop prepend: header from being added to the logs? No. If it bothers you, use grep. Wietse - It just sucks when logwatch sends me the logs and it's an email with over 1000 lines of header prepend info. Adjust your logwatch settings to not include lines you aren't interested in. -- Noel Jones The other problem is when a large mailing goes out the log gets too full to process. Have you tried using grep? grep -v stuff-you-dont-want mail.log | postfix-logwatch
Re: rbl sites
On Tue, Feb 23, 2010 at 09:40:47AM -0800, brian moore wrote: Strip out the commas to make the sentence simpler: Use of the Spamhaus DNSBLs by organizations and networks ... or by ISPs ... requires a subscription to the Spamhaus DNSBL Datafeed Service... When Spamhaus switched to this model, they sent mail insisting I pay, so they seem to agree with my interpretation. [Ironically, the ISP's are actually owned by a Non-profit, and one is a non-profit itself, using revenues from paying customers to subsidize low income access... but 501c3 status is not mentioned as a distinguisher between commercial and non-commercial, and it is all a very complicated arrangement to appease the IRS anyway...) It's not surprising that Spamhaus would fail to mention US IRS classifications of status, since they are based in UK. Did you reply to the email and ask? When my friend[1] Norman De Forest passed away in 2006, Spamhaus donated a data feed to his ISP, Chebucto Community Net, as a memorial. There are human beings behind Spamhaus; perhaps you can find a sympathetic ear. Can't hurt to ask, anyway. Good luck. [1] An Internet acquaintance only, but I think anyone[2] who came in contact with Norman thought of him as a friend. http://beacon.chebucto.ca/Content-2006/norman.html [2] Except for spammers, of course. :) -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: Mail Transport Unavailable
Please do not top-post your replies. Thank you. On Tue, Feb 23, 2010 at 09:17:35AM -0800, motty cruz wrote: FreeBSD 7.2 and Postfix 2.6.5 and I want to send email to myself mo...@domain.com Please use example.com for examples. Example.TLD is reserved for examples in every top-level domain. However, it's possible that munging your domain name will make it impossible for others to assist in solving your mail routing issues. so I type the following in the command prompt Filter # mail -v mo...@domain.com Subject: test postfix conf debug_peer_list = 127.0.0.1 In addition to what Victor said, I would point out that your mail(1)/mailx(1) client is probably not making any network connections. The debug_peer_list is not relevant for sendmail(1) submission. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: How to tell which instance is which
Wietse Venema put forth on 2/23/2010 11:41 AM: Stan Hoeppner: Wietse Venema put forth on 2/23/2010 10:39 AM: Not all the world is Linux. In fact there are 10 times as many Macs. Wietse Venema put forth on 2/16/2010 10:01 AM: This is a technical mailing list. When you claim that something is bad, you need to support that claim with actual evidence. Otherwise, you are just spreading rumors. Linux = operating system MAC = computer (usually runs MAC OSX but not always) Given worldwide Linux use on desktops, laptops, and servers, and given that the vast majority of Macintosh PCs and servers are sold into the US market only, I have trouble believing there are 10x more OSX installations worldwide than Linux. In fact, I would venture to guess it's the other way round, but with an even higher ratio. I have no hard figures to support this, but I'm guessing you don't either. Here is one example: http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8 From that same page: Market Share Help Operating System This report lists the market share of the top operating systems in use for browsing (not servers). This data is derived by aggregating the traffic across our network of websites that use our service. Not very applicable since most desktops don't run an MTA, and not very thorough since the data is strictly collected on clients connecting to Netmarketshare's web servers. It's unfortunate that there is no easy systematic way to collect server OS market share data. Even Netcraft only has httpd stats not OS stats. I concede Victor's point, obviously. I'm arguing Postfix' multi-platform support, which is fantastic. I'm merely playfully, academically, jousting with you over the Mac vs Linux numbers comment, which I believe to be upside down in favor of the wrong fighter (boxing analogy). If you'd have said Postfix must work not only with Linux, but also *BSD, AIX, Solaris, and other Unix style OS's I'd have never responded. -- Stan
Re: How to tell which instance is which
On Feb 23, 2010, at 1:30 PM, Stan Hoeppner s...@hardwarefreak.com wrote: Wietse Venema put forth on 2/23/2010 11:41 AM: Stan Hoeppner: Wietse Venema put forth on 2/23/2010 10:39 AM: Not all the world is Linux. In fact there are 10 times as many Macs. Wietse Venema put forth on 2/16/2010 10:01 AM: This is a technical mailing list. When you claim that something is bad, you need to support that claim with actual evidence. Otherwise, you are just spreading rumors. Linux = operating system MAC = computer (usually runs MAC OSX but not always) Given worldwide Linux use on desktops, laptops, and servers, and given that the vast majority of Macintosh PCs and servers are sold into the US market only, I have trouble believing there are 10x more OSX installations worldwide than Linux. In fact, I would venture to guess it's the other way round, but with an even higher ratio. I have no hard figures to support this, but I'm guessing you don't either. Here is one example: http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8 From that same page: Market Share Help Operating System This report lists the market share of the top operating systems in use for browsing (not servers). This data is derived by aggregating the traffic across our network of websites that use our service. Not very applicable since most desktops don't run an MTA, and not very thorough since the data is strictly collected on clients connecting to Netmarketshare's web servers. It's unfortunate that there is no easy systematic way to collect server OS market share data. Even Netcraft only has httpd stats not OS stats. I concede Victor's point, obviously. I'm arguing Postfix' multi- platform support, which is fantastic. I'm merely playfully, academically, jousting with you over the Mac vs Linux numbers comment, which I believe to be upside down in favor of the wrong fighter (boxing analogy). If you'd have said Postfix must work not only with Linux, but also *BSD, AIX, Solaris, and other Unix style OS's I'd have never responded. Stan can you take this pedantic nitpicking off-list if you must persist? Thanks.
RE: Mail Transport Unavailable
Thank you, I apologize for mistakes it was my first time posting my problems with postfix, The issue was resolved, I deleted local_transport = no local transport available in /usr/local/etc/postfix/main.cf as Victor point out in his response below. I appreciated your help!, Thanks, _ Motty -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of /dev/rob0 Sent: Tuesday, February 23, 2010 10:15 AM To: postfix-users@postfix.org Subject: Re: Mail Transport Unavailable Please do not top-post your replies. Thank you. On Tue, Feb 23, 2010 at 09:17:35AM -0800, motty cruz wrote: FreeBSD 7.2 and Postfix 2.6.5 and I want to send email to myself mo...@domain.com Please use example.com for examples. Example.TLD is reserved for examples in every top-level domain. However, it's possible that munging your domain name will make it impossible for others to assist in solving your mail routing issues. so I type the following in the command prompt Filter # mail -v mo...@domain.com Subject: test postfix conf debug_peer_list = 127.0.0.1 In addition to what Victor said, I would point out that your mail(1)/mailx(1) client is probably not making any network connections. The debug_peer_list is not relevant for sendmail(1) submission. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
amavisd-new+postfix with SSL/TLS
I want to deploy my actualy postfix+amavisd-new sistem with SSL/TLS with certificates.Is necessary to modify in amavisd-new config file for SSL?
Re: How to tell which instance is which
Sahil Tandon put forth on 2/23/2010 12:53 PM: Stan can you take this pedantic nitpicking off-list if you must persist? Thanks. No need to go off-list. This poor dead horse has been beaten enough, I think. Sorry to have been in pedant mode. /~$ /usr/bin/wishful_commands/pedant off -- Stan
A problem related to smtpd_recipient_restrictions
Hi, I installed postfix on a machine, which has been configured as a mail relay server. I want it to do 2 things: A. accept requests from only trusted SMTP clients B. accept requests that are addressed to domain2.net Point A is achieved by adding the following to /etc/postfix/main.cf: mynetworks = 192.168.112.0/24 127.0.0.1 smtpd_client_restrictions = permit_mynetworks reject Point B is done by adding the following to /etc/postfix/main.cf: relay_domains = domain2.net smtpd_recipient_restrictions = permit_auth_destination reject Other relevant settings in /etc/postfix/main.cf: myhostname = www1.test.domain1.net mydestination = $myhostname, localhost.$mydomain, localhost mydomain = test.domain1.net Sending an email to my yahoo email address from a trusted SMTP client is being rejected as expected. The SMTP client runs sendmail, which is properly configured to use the mail relay server. However, doing the same from the mail relay server is not being blocked as expected. What am I missing here? Thanks.
Re: amavisd-new+postfix with SSL/TLS
Zitat von Gaby L g...@autoglobus2000.ro: I want to deploy my actualy postfix+amavisd-new sistem with SSL/TLS with certificates.Is necessary to modify in amavisd-new config file for SSL? For normal usage not. The TLS/SSL endpoints are the SMTP server/clients, so it is only a Postfix thing. The only exception would be if you connect from postfix over a untrusted network diretly to amavisd. For more information on TLS/SSL with Postfix see http://www.postfix.org/TLS_README.html. Regards Andreas smime.p7s Description: S/MIME Signatur
Re: amavisd-new+postfix with SSL/TLS
On 2/23/2010 1:03 PM, Gaby L wrote: I want to deploy my actualy postfix+amavisd-new sistem with SSL/TLS with certificates.Is necessary to modify in amavisd-new config file for SSL? Typically amavisd-new and postfix are run on the same server and the connection is over localhost. In this case, there is no need for encryption. If amavisd-new and postfix are on separate servers, it is possible to encrypt the connection. See the amavisd-new RELEASE-NOTES for details. Search for tls_security_level_ http://www.ijs.si/software/amavisd/release-notes.txt To configure the postfix side of TLS, see http://www.postfix.org/TLS_README.html If you need further help configuring amavisd-new, please direct your questions to the amavis-user mail list. http://www.ijs.si/software/amavisd/#support -- Noel Jones
Re: A problem related to smtpd_recipient_restrictions
On 2/23/2010 1:54 PM, Yungwei Chen wrote: Hi, I installed postfix on a machine, which has been configured as a mail relay server. I want it to do 2 things: A. accept requests from only trusted SMTP clients B. accept requests that are addressed to domain2.net Point A is achieved by adding the following to /etc/postfix/main.cf: mynetworks = 192.168.112.0/24 127.0.0.1 smtpd_client_restrictions = permit_mynetworks reject Point B is done by adding the following to /etc/postfix/main.cf: relay_domains = domain2.net smtpd_recipient_restrictions = permit_auth_destination reject Other relevant settings in /etc/postfix/main.cf: myhostname = www1.test.domain1.net mydestination = $myhostname, localhost.$mydomain, localhost mydomain = test.domain1.net Sending an email to my yahoo email address from a trusted SMTP client is being rejected as expected. The SMTP client runs sendmail, which is properly configured to use the mail relay server. However, doing the same from the mail relay server is not being blocked as expected. What am I missing here? Thanks. Perhaps surprisingly, postfix smtpd_*_restrictions only apply to mail submitted via smtp. -- Noel Jones
Re: How to tell which instance is which
On Tue, Feb 23, 2010 at 17:39, Wietse Venema wie...@porcupine.org wrote: By default, Postfix multi-instance support logs each instance with its own name (using the syslog_name main.cf parameter). For example, to find out which instances exist and what their master PIDs are, use: # postfix status This will log information about each instance, with its own name Changing ps(1) command output is NOT portable. Not all the world is Linux. In fact there are 10 times as many Macs. Thanks, I just didn't know it's platform specific... I thought of master(8) command line arguments that are displayed but ignored -- but it's not really THAT important. And I didn't mean to start a flamewar! ;-) Thanks, Andrzej
Re: How to tell which instance is which
On Tue, Feb 23, 2010 at 09:15:59PM +0100, Andrzej Kuku??a wrote: Thanks, I just didn't know it's platform specific... I thought of master(8) command line arguments that are displayed but ignored -- but it's not really THAT important. The master(8) daemon changing its argument vector is not portable. If postfix-script launched master(8) with an instance-specific option argument, that would be reasonably portable. You get similar information from lsof, process environment, postfix status, contents of master.pid files in each queue directory, ... postfix logs, ... So you are not left entirely without means to obtain the instance to pid mapping. I am not sure the ignored instance option is compelling, though it would perhaps be somewhat convenient. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
RE: A problem related to smtpd_recipient_restrictions
Can someone confirm what Noel said? Any workaround? -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Noel Jones Sent: Tuesday, February 23, 2010 2:16 PM To: postfix-users@postfix.org Subject: Re: A problem related to smtpd_recipient_restrictions On 2/23/2010 1:54 PM, Yungwei Chen wrote: Hi, I installed postfix on a machine, which has been configured as a mail relay server. I want it to do 2 things: A. accept requests from only trusted SMTP clients B. accept requests that are addressed to domain2.net Point A is achieved by adding the following to /etc/postfix/main.cf: mynetworks = 192.168.112.0/24 127.0.0.1 smtpd_client_restrictions = permit_mynetworks reject Point B is done by adding the following to /etc/postfix/main.cf: relay_domains = domain2.net smtpd_recipient_restrictions = permit_auth_destination reject Other relevant settings in /etc/postfix/main.cf: myhostname = www1.test.domain1.net mydestination = $myhostname, localhost.$mydomain, localhost mydomain = test.domain1.net Sending an email to my yahoo email address from a trusted SMTP client is being rejected as expected. The SMTP client runs sendmail, which is properly configured to use the mail relay server. However, doing the same from the mail relay server is not being blocked as expected. What am I missing here? Thanks. Perhaps surprisingly, postfix smtpd_*_restrictions only apply to mail submitted via smtp. -- Noel Jones
postfix-users memes (was: A problem related to smtpd_recipient_restrictions)
* Noel Jones njo...@megan.vbhcs.org: Perhaps surprisingly, postfix smtpd_*_restrictions only apply to mail submitted via smtp. Someone should actually start collecting all those frequently used sayings - and perhaps translate them. I remember having asked a not-so-clever question here once, and I got the Perhaps surprisingly, ... answer right in my face (not from you). So, Perhaps surprisingly, ... would clearly translate into Since you missed the obvious, S/NR--; Stefan
Re: A problem related to smtpd_recipient_restrictions
On 2/23/2010 1:54 PM, Yungwei Chen wrote: ... Sending an email to my yahoo email address from a trusted SMTP client is being rejected as expected. ... However, doing the same from the mail relay server is not being blocked as expected. What am I missing here? Thanks. -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Noel Jones Sent: Tuesday, February 23, 2010 2:16 PM Perhaps surprisingly, postfix smtpd_*_restrictions only apply to mail submitted via smtp. -- Noel Jones On 2/23/2010 2:52 PM, Yungwei Chen wrote: Can someone confirm what Noel said? Any workaround? [Please don't top-post] The workaround is to submit mail via SMTP. Alternately, you can control who can submit mail via the postfix sendmail(1) command with the authorized_submit_users parameter. http://www.postfix.org/postconf.5.html#authorized_submit_users -- Noel Jones
Re: A problem related to smtpd_recipient_restrictions
On Tue, 23 Feb 2010 15:52:01 -0500 Yungwei Chen yung...@resolvity.com replied: Can someone confirm what Noel said? Any workaround? Why, don't you believe him? In any case, could you please stop top-posting, as well as the use of HTML e-mail? -- Jerry postfix.u...@yahoo.com TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html An efficient and a successful administration manifests itself equally in small as in great matters. Winston Churchill
Re: header_checks question
On Tue, Feb 23, 2010 at 03:47:16PM +0100, Ralf Hildebrandt wrote: So the first one is correct and the second one not?? From: =?iso-8859-1?Q?H=F6fler=2C_Verena?= xx...@x.de To: =?iso-8859-1?Q?=27=22H=F6fler=2C_Martin=22=27?= xx...@kwsoft.de This was within one mail from Outlook/Exchange and at least Thunderbird badly chokes on the first one when answering Same here. That's why I added the ugly hack Same what? Can someone explain the observed issue in some detail? All I am seeing is questions about an ill-advised hypothetical solution. When I put my Cyrillic name into Apple's MUA, the From: header read: From: =?utf-8?B?0JLQuNC60YLQvtGAINCU0YPRhdC+0LLQvdGL0Lk=?= mailbox this does not include any double quotes, and Outlook reads it just fine, at least with the one Outlook user I tested. Can someone explain with some specificity what problem you are trying to solve, rather than the (so far misguided :-( ) solution? -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
SORBS or Black holes
What is the most straight method of hooking up a milter for blackhole services. I've had more than a fewest suggestions and read a few different methods, but I'm left puzzled as to the best means of doing this. Ruben -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software Yeah - I write Free Software...so SUE ME The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society.
restricting acceptence of mail users except from local network
How do I get postfix to reject mails From my own domains coming from outside the local network? Ruben -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software I'm an engineer. I choose the best tool for the job, politics be damned. You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt. I guess you missed that one.
Re: restricting acceptence of mail users except from local network
Original-Nachricht Datum: Tue, 23 Feb 2010 19:32:25 -0500 Von: Ruben Safir ru...@mrbrklyn.com An: postfix-users@postfix.org Betreff: restricting acceptence of mail users except from local network How do I get postfix to reject mails From my own domains coming from outside the local network? If all your users are authenticating when sending mails you could use something like reject_sender_login_mismatch to reject those senders (from inside or outside) that use your domains but have not authenticated. Ruben -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software I'm an engineer. I choose the best tool for the job, politics be damned. You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt. I guess you missed that one. -- Sicherer, schneller und einfacher. Die aktuellen Internet-Browser - jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/chbrowser
Re: SORBS or Black holes
On 2/23/2010 6:30 PM, Ruben Safir wrote: What is the most straight method of hooking up a milter for blackhole services. I've had more than a fewest suggestions and read a few different methods, but I'm left puzzled as to the best means of doing this. Ruben Generally using an RBL in postfix is as simple as adding reject_rbl_client rbl.example.com at an appropriate place in your smtpd restrictions. No milter or other external software necessary. http://www.postfix.org/postconf.5.html#reject_rbl_client A basic example: # main.cf smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_rbl_client zen.spamhaus.org -- Noel Jones
Re: restricting acceptence of mail users except from local network
On Wed, Feb 24, 2010 at 01:41:00AM +0100, Steve wrote: Original-Nachricht Datum: Tue, 23 Feb 2010 19:32:25 -0500 Von: Ruben Safir ru...@mrbrklyn.com An: postfix-users@postfix.org Betreff: restricting acceptence of mail users except from local network How do I get postfix to reject mails From my own domains coming from outside the local network? If all your users are authenticating when sending mails you could use something like reject_sender_login_mismatch to reject those senders (from inside or outside) that use your domains but have not authenticated. I don't want them to autheticate. I want the mailserver to just know that my domain doesn't exist in Taiwan. Ruben Ruben -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software I'm an engineer. I choose the best tool for the job, politics be damned. You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt. I guess you missed that one. -- Sicherer, schneller und einfacher. Die aktuellen Internet-Browser - jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/chbrowser -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://fairuse.nylxs.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 Yeah - I write Free Software...so SUE ME The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society. I'm an engineer. I choose the best tool for the job, politics be damned. You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt. I guess you missed that one. © Copyright for the Digital Millennium
Re: SORBS or Black holes
On Tue, Feb 23, 2010 at 06:46:18PM -0600, Noel Jones wrote: On 2/23/2010 6:30 PM, Ruben Safir wrote: What is the most straight method of hooking up a milter for blackhole services. I've had more than a fewest suggestions and read a few different methods, but I'm left puzzled as to the best means of doing this. Ruben Generally using an RBL in postfix is as simple as adding reject_rbl_client rbl.example.com at an appropriate place in your smtpd restrictions. No milter or other external software necessary. http://www.postfix.org/postconf.5.html#reject_rbl_client A basic example: # main.cf smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_rbl_client zen.spamhaus.org Do I need to remake a database binary with it? Ruben -- Noel Jones -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://fairuse.nylxs.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 Yeah - I write Free Software...so SUE ME The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society. I'm an engineer. I choose the best tool for the job, politics be damned. You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt. I guess you missed that one. © Copyright for the Digital Millennium
Re: restricting acceptence of mail users except from local network
On Wed, Feb 24, 2010 at 01:41:00AM +0100, Steve wrote: Original-Nachricht Datum: Tue, 23 Feb 2010 19:32:25 -0500 Von: Ruben Safir ru...@mrbrklyn.com An: postfix-users@postfix.org Betreff: restricting acceptence of mail users except from local network How do I get postfix to reject mails From my own domains coming from outside the local network? If all your users are authenticating when sending mails you could use something like reject_sender_login_mismatch to reject those senders (from inside or outside) that use your domains but have not authenticated. smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination, reject_rbl_client zen.spamhaus.org Will that do it? Ruben
Re: SORBS or Black holes
On 2/23/2010 7:27 PM, Ruben Safir wrote: On Tue, Feb 23, 2010 at 06:46:18PM -0600, Noel Jones wrote: On 2/23/2010 6:30 PM, Ruben Safir wrote: What is the most straight method of hooking up a milter for blackhole services. I've had more than a fewest suggestions and read a few different methods, but I'm left puzzled as to the best means of doing this. Ruben Generally using an RBL in postfix is as simple as adding reject_rbl_client rbl.example.com at an appropriate place in your smtpd restrictions. No milter or other external software necessary. http://www.postfix.org/postconf.5.html#reject_rbl_client A basic example: # main.cf smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_rbl_client zen.spamhaus.org Do I need to remake a database binary with it? Ruben There is no local database for an RBL lookup. -- Noel Jones
Re: restricting acceptence of mail users except from local network
On 2/23/2010 7:35 PM, Ruben Safir wrote: On Wed, Feb 24, 2010 at 01:41:00AM +0100, Steve wrote: Original-Nachricht Datum: Tue, 23 Feb 2010 19:32:25 -0500 Von: Ruben Safirru...@mrbrklyn.com An: postfix-users@postfix.org Betreff: restricting acceptence of mail users except from local network How do I get postfix to reject mails From my own domains coming from outside the local network? If all your users are authenticating when sending mails you could use something like reject_sender_login_mismatch to reject those senders (from inside or outside) that use your domains but have not authenticated. smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination, reject_rbl_client zen.spamhaus.org Will that do it? Ruben While spamhaus is likely to block the majority of spam aimed at your server, it won't specifically reject mail claiming to be from your domain that isn't. If spamhaus doesn't block enough of the spam, you can tell postfix to reject mail claiming to be from unknown local sender addresses. Set in main.cf: smtpd_reject_unlisted_sender = yes or you can add a check_sender_access map to specifically reject your domain when mail isn't local. # WARNING this is likely to reject some legit mail # main.cf smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination check_sender_access hash:/etc/postfix/sender_access reject_rbl_client zen.spamhaus.org # /etc/postfix/sender_access example.com REJECT only for internal use to activate these changes you'll need to run # postmap sender_access # postfix reload -- Noel Jones
Re: restricting acceptence of mail users except from local network
On Tue, Feb 23, 2010 at 08:23:11PM -0600, Noel Jones wrote: On 2/23/2010 7:35 PM, Ruben Safir wrote: On Wed, Feb 24, 2010 at 01:41:00AM +0100, Steve wrote: Original-Nachricht Datum: Tue, 23 Feb 2010 19:32:25 -0500 Von: Ruben Safirru...@mrbrklyn.com An: postfix-users@postfix.org Betreff: restricting acceptence of mail users except from local network How do I get postfix to reject mails From my own domains coming from outside the local network? If all your users are authenticating when sending mails you could use something like reject_sender_login_mismatch to reject those senders (from inside or outside) that use your domains but have not authenticated. smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination, reject_rbl_client zen.spamhaus.org Will that do it? Ruben While spamhaus is likely to block the majority of spam aimed at your server, it won't specifically reject mail claiming to be from your domain that isn't. I didn't think it would. Different issue. I want the mail to flatly deny any mail from any of my domains unless it arrives from my local network on eth1 which is a 10.0.0.0 block with hostnames given by my dhcpd server, or from the mailserver itself. I want it to flatly reject mail claiming to be from my doamins from anywhere else. If spamhaus doesn't block enough of the spam, you can tell postfix to reject mail claiming to be from unknown local sender addresses. Set in main.cf: smtpd_reject_unlisted_sender = yes or you can add a check_sender_access map to specifically reject your domain when mail isn't local. If, if it is not from my local network it is not legitimate mail if it is using my domain. I can not service or recieve mail addressed From mrbrklyn.com that isn't coming from my local network. It is 100% of the time always wrong. I know that panix allows me to send mail from my local network to the panix mail servers for later relay, using authentication, or maybe pop. I don't want this functionality. If it is not coming from our servers or hosts, its not us and I want to summerly reject such mail. # WARNING this is likely to reject some legit mail # main.cf smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination check_sender_access hash:/etc/postfix/sender_access reject_rbl_client zen.spamhaus.org # /etc/postfix/sender_access example.com REJECT only for internal use to activate these changes you'll need to run # postmap sender_access # postfix reload -- Noel Jones -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society. © Copyright for the Digital Millennium
Re: restricting acceptence of mail users except from local network
On 23-Feb-10 17:32, Ruben Safir wrote: How do I get postfix to reject mails From my own domains coming from outside the local network? This is a FAQ, and a complicated one. Are you trying to just block any email that is from u...@yourdomain.tld and to u...@yourdomain.tld? If so, the easiest way, and the most sensible is to have users authenticate and then reject unauthenticated local users. You could also just take a sledgehammer and forbid anyone outside sending mail 'from' a local user, but unless you are absolutely positive that no one will even want to send mail to themselves (something i do daily for example) you are just going to piss people off. You can set up SPF for yourself and enforce it, but again, this is going to annoy your road warrior who is forced to use a 3rd party server to send out mail (since many ISPs block port 25). Really, the best solution is to tell your users to use port 587 and make them authenticate. Works for everyone.
Re: restricting acceptence of mail users except from local network
On Tue, Feb 23, 2010 at 08:32:57PM -0700, LuKreme wrote: On 23-Feb-10 17:32, Ruben Safir wrote: How do I get postfix to reject mails From my own domains coming from outside the local network? This is a FAQ, and a complicated one. Are you trying to just block any email that is from u...@yourdomain.tld and to u...@yourdomain.tld? If so, the easiest way, and the most sensible is to have users authenticate and then reject unauthenticated local users. You could also just take a sledgehammer and forbid anyone outside sending mail 'from' a local user, but unless you are absolutely positive that no one will even want to send mail to themselves (something i do daily for example) you are just going to piss people off. You can set up SPF for yourself and enforce it, but again, this is going to annoy your road warrior who is forced to use a 3rd party server to send out mail (since many ISPs block port 25). Really, the best solution is to tell your users to use port 587 and make them authenticate. Works for everyone. This is getting philophical and I just don't care. Mail From our domain has to originate from OUR domain. No exceptions. They can ssh in an use mutt, or use the VPN. Ruben -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://fairuse.nylxs.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 Yeah - I write Free Software...so SUE ME The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society. I'm an engineer. I choose the best tool for the job, politics be damned. You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt. I guess you missed that one. © Copyright for the Digital Millennium
Re: restricting acceptence of mail users except from local network
On 23-Feb-10 20:48, Ruben Safir wrote: This is getting philophical and I just don't care. Mail From our domain has to originate from OUR domain. No exceptions. Then you've already been given the solution by Noel. -- Bite me, suck me, show me you care
Re: restricting acceptence of mail users except from local network
On Tue, Feb 23, 2010 at 08:52:00PM -0700, LuKreme wrote: On 23-Feb-10 20:48, Ruben Safir wrote: This is getting philophical and I just don't care. Mail From our domain has to originate from OUR domain. No exceptions. Then you've already been given the solution by Noel. Thanks -- Bite me, suck me, show me you care Hah - think I'll pass :)
Re: restricting acceptence of mail users except from local network
On Tue, Feb 23, 2010 at 08:23:11PM -0600, Noel Jones wrote: On 2/23/2010 7:35 PM, Ruben Safir wrote: On Wed, Feb 24, 2010 at 01:41:00AM +0100, Steve wrote: Original-Nachricht Datum: Tue, 23 Feb 2010 19:32:25 -0500 Von: Ruben Safirru...@mrbrklyn.com An: postfix-users@postfix.org Betreff: restricting acceptence of mail users except from local network How do I get postfix to reject mails From my own domains coming from outside the local network? If all your users are authenticating when sending mails you could use something like reject_sender_login_mismatch to reject those senders (from inside or outside) that use your domains but have not authenticated. Anyway to restrict the From: header to the local domain as well as the Fromwhitespace header It seems that Majordomo will accept the mail if the From: is different than the From From mrbrk...@panix.com From: ru...@mrbrklyn.com I'd like to reject it at the mail server if either is spoofed and it is not originating from my local hosts on the internal network. Ruben smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination, reject_rbl_client zen.spamhaus.org Will that do it? Ruben While spamhaus is likely to block the majority of spam aimed at your server, it won't specifically reject mail claiming to be from your domain that isn't. If spamhaus doesn't block enough of the spam, you can tell postfix to reject mail claiming to be from unknown local sender addresses. Set in main.cf: smtpd_reject_unlisted_sender = yes or you can add a check_sender_access map to specifically reject your domain when mail isn't local. # WARNING this is likely to reject some legit mail # main.cf smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination check_sender_access hash:/etc/postfix/sender_access reject_rbl_client zen.spamhaus.org # /etc/postfix/sender_access example.com REJECT only for internal use to activate these changes you'll need to run # postmap sender_access # postfix reload -- Noel Jones -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software
Re: restricting acceptence of mail users except from local network
Anyway to restrict the From: header to the local domain as well as the Fromwhitespace header It seems that Majordomo will accept the mail if the From: is different than the From From mrbrk...@panix.com From: ru...@mrbrklyn.com I'd like to reject it at the mail server if either is spoofed and it is not originating from my local hosts on the internal network. Actually, thing about this, that might not be a good idea and I doubt it is even in the envelope. Ruben Ruben smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination, reject_rbl_client zen.spamhaus.org Will that do it? Ruben While spamhaus is likely to block the majority of spam aimed at your server, it won't specifically reject mail claiming to be from your domain that isn't. If spamhaus doesn't block enough of the spam, you can tell postfix to reject mail claiming to be from unknown local sender addresses. Set in main.cf: smtpd_reject_unlisted_sender = yes or you can add a check_sender_access map to specifically reject your domain when mail isn't local. # WARNING this is likely to reject some legit mail # main.cf smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination check_sender_access hash:/etc/postfix/sender_access reject_rbl_client zen.spamhaus.org # /etc/postfix/sender_access example.com REJECT only for internal use to activate these changes you'll need to run # postmap sender_access # postfix reload -- Noel Jones -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://fairuse.nylxs.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 Yeah - I write Free Software...so SUE ME The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society. I'm an engineer. I choose the best tool for the job, politics be damned. You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt. I guess you missed that one. © Copyright for the Digital Millennium
