[pfx] Re: TLS for SMTP Outbound -- Only One tlsproxy

Le 22/05/2024 à 12:35, Greg Sims via Postfix-users a écrit : Thank you again for your feedback on this issue. I watched the workload in real time this morning and now have more insight into what is happening. It appears the large ISPs are using TLS connection as a way to throttle incoming

[pfx] Re: Postfix using proxy protocol outbound?

Le 21/12/2023 à 10:03, Joachim Lindenberg via Postfix-users a écrit : Emmanuel, please read the thread https://www.mail-archive.com/postfix-users@postfix.org/msg100852.html from the beginning. SOCKS5 was already considered as an alternative to proxy protocol. If you want to bash nginx then

[pfx] Re: Postfix using proxy protocol outbound?

Le 20/12/2023 à 21:25, Joachim Lindenberg via Postfix-users a écrit : Emmanuel : That's crazy, If you're able to run a dedicated proxy instance, you're able to run an outboud postfix instance too: the perfect proxy software for smtp/postfix is postfix. Otherwise it means that you're trying to

[pfx] Re: Postfix using proxy protocol outbound?

Le 20/12/2023 à 20:53, Joachim Lindenberg via Postfix-users a écrit : Wietse: Obviously, nginx will not know the Postfix SMTP client protocol stage, and the nginx settings will have to match the largest Postfix timeouts to avoid persistent mail delivery problems with some sites. Settings

[pfx] Re: new waves of connect/disconnect from *.outlook.com; any add'l pfx configs useful for further remediation?

Le 15/08/2023 à 23:12, Viktor Dukhovni via Postfix-users a écrit : On Tue, Aug 15, 2023 at 04:14:58PM -0400, pgnd via Postfix-users wrote: 2023-08-14T13:11:53.782611-04:00 svr01 postfix/postscreen[27910]: CONNECT from [52.101.56.17]:32607 to [209.123.234.54]:25

[pfx] Re: MX load balancing

Le 30/05/2023 à 16:07, Benny Pedersen via Postfix-users a écrit : Viktor Dukhovni via Postfix-users skrev den 2023-05-30 14:30: There's no good reason to have mail sent to mx2 unless mx1 is down. and subject says load balancing, not backup mx imho OP asked not to have mx backup, but load

[pfx] Re: invalid and non-fqdn hostname

Le 06/04/2023 à 16:44, Emmanuel Fusté a écrit : Le 06/04/2023 à 14:09, Emmanuel Fusté a écrit : Le 06/04/2023 à 13:35, Ken Peng via Postfix-users a écrit : On 2023-04-06 19:07, Jaroslaw Rafa via Postfix-users wrote: I just now learned about the UTF8 thing, I would never think of using non

[pfx] Re: invalid and non-fqdn hostname

Le 06/04/2023 à 14:09, Emmanuel Fusté a écrit : Le 06/04/2023 à 13:35, Ken Peng via Postfix-users a écrit : On 2023-04-06 19:07, Jaroslaw Rafa via Postfix-users wrote: I just now learned about the UTF8 thing, I would never think of using non-ASCII characters in host/domain names :) You can

[pfx] Re: invalid and non-fqdn hostname

Le 06/04/2023 à 13:35, Ken Peng via Postfix-users a écrit : On 2023-04-06 19:07, Jaroslaw Rafa via Postfix-users wrote: I just now learned about the UTF8 thing, I would never think of using non-ASCII characters in host/domain names :) You can dig the UTF8 hostname, they are valid for query.

Re: none SRS issues

Le 12/01/2023 à 19:45, post...@ptld.com a écrit : No SPF is OK, but as long as the domain of RFC822 MAIL FROM address has a SPF, this SPF must pass. DMARC will pass as long as either SPF or DMARC passes. DMARC will still pass if SPF fails and DKIM passes. I think you might be misinterpreting

Re: none SRS issues

Le 12/01/2023 à 18:17, Emmanuel Fusté a écrit : Le 12/01/2023 à 17:51, Wietse Venema a écrit : Emmanuel Fust?: Le jeu. 12 janv. 2023, 17:15, a ?crit : Since I am using SPF as a validation method, the non-srs messages from those big providers will have possibility to break SPF

Re: none SRS issues

Le 12/01/2023 à 17:51, Wietse Venema a écrit : Emmanuel Fust?: Le jeu. 12 janv. 2023, 17:15, a ?crit : Since I am using SPF as a validation method, the non-srs messages from those big providers will have possibility to break SPF and be rejected by our systems. Do you reject based on solely

Re: none SRS issues

Le jeu. 12 janv. 2023, 17:15, a écrit : > > Since I am using SPF as a validation method, the non-srs messages from > those big providers will have possibility to break SPF and be rejected by > our systems. > > Do you reject based on solely the SPF result? It would be better to use > DMARC, have

Re: Dumping effective postfix configuration

Le 06/01/2023 à 21:03, Demi Marie Obenour a écrit : On 1/6/23 07:15, Wietse Venema wrote: Peter Wienemann: Hi, is there a way to dump the effective postfix configuration rather than the one specified in main.cf/master.cf? It seems that changes to main.cf/master.cf have an immediate impact on

Re: parent_domain_matches_subdomains && smtpd_access_maps

Le 02/01/2023 à 20:38, Laurent Frigault a écrit : Hi, Is there any way to have some smtpd_access_maps with parent_domain_matches_subdomains and some other without it ? I have : smtpd_recipient_restrictions = permit_mynetworks reject_non_fqdn_sender

Re: no shared cipher revisited

Le 02/10/2022 à 11:51, Matus UHLAR - fantomas a écrit : On 10/1/22 16:16, Viktor Dukhovni wrote: 4096-bit RSA certificates mostly work, but are pointless crypto exhibitionism, waste CPU, can run into client implementation limitations, and so are not a good idea. On 01.10.22 17:20, Shawn

Re: Subject encoding; logs not matching header

Le 26/08/2022 à 16:54, Emmanuel Fusté a écrit : Le 26/08/2022 à 15:52, post...@ptld.com a écrit : Check RFC5322, section 2.2.1 "Unstructured Header Field Bodies".   Semantically, unstructured field bodies are simply to be treated as a   single line of characters with no further

Re: Subject encoding; logs not matching header

Le 26/08/2022 à 15:52, post...@ptld.com a écrit : Check RFC5322, section 2.2.1 "Unstructured Header Field Bodies".   Semantically, unstructured field bodies are simply to be treated as a   single line of characters with no further processing (except for   "folding" and "unfolding" as described

Re: Mail and mail traces lost (?)

Le 30/03/2022 à 18:36, Viktor Dukhovni a écrit : On Wed, Mar 30, 2022 at 06:11:33PM +0200, Michael Ströder wrote: Or simply set in /etc/systemd/journald.conf: [Journal] Storage=none ForwardToSyslog=yes That does not fully solve the problem, since IIRC rate limits and performance limitations

Re: destination_concurrency_limit after while moving from Postfix 3.1.15 to Postfix 3.5.6

Le 03/12/2021 à 14:48, Yves-Marie Le Pors Chauvel a écrit : Hi folks, I moved from Postfix 3.1.15 to 3.5.6... It was mandatory to upgrade it in order to remove any legacy version (OS and Postfix) ! Before that everything was perfect : respecting the limit of connections for a specific route

Re: Fwd: Issue with Postfix and GSSAPI Authentication

Hello, Le 01/10/2021 à 16:17, Sam R a écrit : Hello, I want to set up a Postfix SMTP server with cyrus-sasl in GSSAPI mode. I have two Samba4 servers in AD mode, and my clients are in windows 10. I removed the execution of Posfix in chroot to simplify. I added two keytab in /etc/krb5.keytab

Re: DANE TLSA lookup "whitelist"

Le 05/08/2021 à 16:48, Matteo Cazzador a écrit : Hi everybody,  i've this configuration active in postfix: smtp_dns_support_level=dnssec smtp_tls_security_level = dane Is it possible to exclude some check for specific domain name ? Something like whitelist domain name and lookup. I use a

Re: Null sender rewrite from a specified host.

Le 07/07/2021 à 15:41, Emmanuel Fusté a écrit : Le 07/07/2021 à 15:36, Emmanuel Fusté a écrit : Le 07/07/2021 à 15:26, Wietse Venema a écrit : Emmanuel Fust?: Le 07/07/2021 ? 15:06, Wietse Venema a ?crit?: Viktor Dukhovni: On Tue, Jul 06, 2021 at 12:56:50PM +0200, Xavier Beaudouin wrote

Re: Null sender rewrite from a specified host.

Le 07/07/2021 à 15:36, Emmanuel Fusté a écrit : Le 07/07/2021 à 15:26, Wietse Venema a écrit : Emmanuel Fust?: Le 07/07/2021 ? 15:06, Wietse Venema a ?crit?: Viktor Dukhovni: On Tue, Jul 06, 2021 at 12:56:50PM +0200, Xavier Beaudouin wrote: I currently have an appliance that misuse

Re: Null sender rewrite from a specified host.

Le 07/07/2021 à 15:26, Wietse Venema a écrit : Emmanuel Fust?: Le 07/07/2021 ? 15:06, Wietse Venema a ?crit?: Viktor Dukhovni: On Tue, Jul 06, 2021 at 12:56:50PM +0200, Xavier Beaudouin wrote: I currently have an appliance that misuse the null sender (mail from:<>) to send mail.

Re: Null sender rewrite from a specified host.

Le 07/07/2021 à 15:06, Wietse Venema a écrit : Viktor Dukhovni: On Tue, Jul 06, 2021 at 12:56:50PM +0200, Xavier Beaudouin wrote: I currently have an appliance that misuse the null sender (mail from:<>) to send mail. Unfortunatly, this appliance is closed source and we can only setup : fixed

Re: TLS client certificates and auth external

Le 24/08/2020 à 21:14, Steffen Nurpmeso a écrit : Something else, maybe. I do not understand why my (stupid) config smtpd_sender_restrictions = check_ccert_access hash:/etc/postfix/relay_clientcert, permit_tls_clientcerts, reject_unknown_sender_domain,

Re: Connection reuse and tlsproxy

Le 27/09/2019 à 17:01, Emmanuel Fusté a écrit : Hello, I started to deploy TLS connection reuse on some non trivial outboud gateway setups. First I was hit by an non obvious configuration behavior: On my gateway I have: smtpd_tls_security_level=none smtp_tls_security_level=dane If I switch

Re: Connection reuse and tlsproxy

Le 27/09/2019 à 18:07, Viktor Dukhovni a écrit : On Fri, Sep 27, 2019 at 05:01:03PM +0200, Emmanuel Fusté wrote: Next, more a feature request: I have some custom transports defined for different/custom client side TLS certs and conf. Client-side TLS certs typically have private keys that only

Re: Connection reuse and tlsproxy

Le 27/09/2019 à 17:39, Wietse Venema a écrit : Emmanuel Fust?: I have some custom transports defined for different/custom client side TLS certs and conf. But we presently have no way to specify a different tlsproxy instance for smtp as for cleanup for smtpd. So for now I must disable TLS

Connection reuse and tlsproxy

Hello, I started to deploy TLS connection reuse on some non trivial outboud gateway setups. First I was hit by an non obvious configuration behavior: On my gateway I have: smtpd_tls_security_level=none smtp_tls_security_level=dane If I switch to TLS session reuse with

Re: authenticate o365 users with postfix without smtp auth

Le 17/06/2019 à 20:29, Wietse Venema a écrit : Emmanuel Fust?: Le 17/06/2019 ? 12:05, Emmanuel Fust? a ?crit?: Le 16/06/2019 ? 22:37, Viktor Dukhovni a ?crit?: On Sun, Jun 16, 2019 at 05:46:52PM +0200, Stefan Bauer wrote: Some of our users use o365 but would like to use our service for

Re: authenticate o365 users with postfix without smtp auth

Le 17/06/2019 à 21:31, Wietse Venema a écrit : Viktor Dukhovni: On Mon, Jun 17, 2019 at 02:29:05PM -0400, Wietse Venema wrote: I suppose that Postfix will need to forward the OORG information that it received from the Microsoft server, not a name that is hard-coded in main.cf, and that

Re: authenticate o365 users with postfix without smtp auth

Le 17/06/2019 à 13:08, Stefan Bauer a écrit : Emmanuel, thank you. That was of great help to see, that others have same isses with o365. Do you have any more infos how you do the experimental certificate matching part with postifx? In the official experimental release from Wietse.

Re: authenticate o365 users with postfix without smtp auth

Le 17/06/2019 à 12:05, Emmanuel Fusté a écrit : Le 16/06/2019 à 22:37, Viktor Dukhovni a écrit : On Sun, Jun 16, 2019 at 05:46:52PM +0200, Stefan Bauer wrote: Some of our users use o365 but would like to use our service for outgoing mails.  We are offering smtp sending services.  Integrating

Re: authenticate o365 users with postfix without smtp auth

Le 17/06/2019 à 13:14, Wietse Venema a écrit : Emmanuel Fust?: The "proper" Microsoft way is to use their proprietary XOORG SMTP extension used in their hybrid cloud scenario. - Is there a protocol definition for this, or is there only implementation by trial and error? The only official

Re: authenticate o365 users with postfix without smtp auth

Le 16/06/2019 à 22:37, Viktor Dukhovni a écrit : On Sun, Jun 16, 2019 at 05:46:52PM +0200, Stefan Bauer wrote: Some of our users use o365 but would like to use our service for outgoing mails. We are offering smtp sending services. Integrating our service in o365 is tricky, as one can only

Re: TLS client certificates and auth external

Le 18/04/2019 à 21:45, Viktor Dukhovni a écrit : On Apr 18, 2019, at 12:01 PM, Wietse Venema wrote: Eventually there will be a postfix--nonprod release that combines all the code (jay) and none of the guarantees (bleh). I am not convinced that stuffing arbitrary PKI identities into a SASL

Re: TLS client certificates and auth external

Le 18/04/2019 à 12:05, lst_ho...@kwsoft.de a écrit : Zitat von Emmanuel Fusté : Hello, Great piece of work ! It solve a big part of my problem, but sadly I need to go deeper. Le 18/03/2019 à 22:45, Bastian Schmidt a écrit : In the meantime I have completed a patch and sent it to Wietse

Re: TLS client certificates and auth external

Le 27/03/2019 à 18:10, Emmanuel Fusté a écrit : Le 27/03/2019 à 17:14, Viktor Dukhovni a écrit : On Wed, Mar 27, 2019 at 04:31:33PM +0100, Emmanuel Fusté wrote: The goal is to be as transparent as possible : - if the client is not found in the relay_clientcerts, act as usual - if the client

Re: TLS client certificates and auth external

Le 27/03/2019 à 17:14, Viktor Dukhovni a écrit : On Wed, Mar 27, 2019 at 04:31:33PM +0100, Emmanuel Fusté wrote: The goal is to be as transparent as possible : - if the client is not found in the relay_clientcerts, act as usual - if the client is found in the relay_clientcerts, no longer

Re: TLS client certificates and auth external

Hello, Great piece of work ! It solve a big part of my problem, but sadly I need to go deeper. Le 18/03/2019 à 22:45, Bastian Schmidt a écrit : In the meantime I have completed a patch and sent it to Wietse and Victor, which adds an option smtpd_sasl_tls_ccert_username. As the patch is

Re: permit_tls_clientcerts with CN matching

Le 27/03/2019 à 15:15, Wietse Venema a écrit : lst_ho...@kwsoft.de: Hello, we need to authenticate a SMTP client connection base on the CN of the (trusted) client certificate. The client is not under our control (O365 connector), so we will get no notification if the key fingerprint will

Re: best practice for HA cluster

Le 08/02/2019 à 15:58, Harald Koch a écrit : On Fri, Feb 8, 2019, at 06:40, Emmanuel Fusté wrote: Never use shared storage. It will be your main source of problems. Recognizing that shared storage is always a headache: How do you handle the situation where your active node crashes with queued

Re: best practice for HA cluster

Le 08/02/2019 à 11:35, De Petter Mattheas a écrit : Hello Which work method do you guys prefer for ha with postfix? 2 postfix nodes with f5 load balancer active passive and shared storage for the que How can you share config between active and passive ? can we use my sql cluster for

Re: SMTP session caching

Le 19/03/2018 à 17:32, Msd a écrit : Le 19/03/2018 à 16:28, Wietse Venema a écrit : Please provide quantitative evidence that connection reuse is necessary to get mail into the 'big providers' (i.e. they punish connection rate and message rate differently). Hi Wietse, The biggest email

Re: SMTP session caching

Le 19/03/2018 à 16:42, Emmanuel Fusté a écrit : Le 19/03/2018 à 16:28, Wietse Venema a écrit : Emmanuel Fust?: Is there any document that describe how interprocess notification is done in postfix ? More precisely the scheduler -> delivery agent notification ? There is no public documentat

Re: SMTP session caching

Le 19/03/2018 à 16:28, Wietse Venema a écrit : Emmanuel Fust?: Is there any document that describe how interprocess notification is done in postfix ? More precisely the scheduler -> delivery agent notification ? There is no public documentation for *internal* Postfix interfaces, so that I can

Re: SMTP session caching

Le 18/03/2018 à 19:23, Viktor Dukhovni a écrit : On Mar 18, 2018, at 1:55 PM, Matus UHLAR - fantomas wrote: * Caching open TLS connections in the smtp(8) delivery agent for reuse by scheduling repeated deliveries to the same delivery agent runs into complex

Re: SMTP session caching

Matus UHLAR - fantomas: a smtp client that able to process multiple mails in a single run is not planned, correct? On 15.03.18 09:22, Wietse Venema wrote: Wasn't a dedicated per-destination delivery agent one of the possible solutions? if you mean this one: - For each destination, use

Re: cleanup Adds From: Using Comment Syntax for GECOS Name.

Le 07/01/2018 à 02:49, Wietse Venema a écrit : Quick update: I've done a brain-dead simple, but correct, implementation that always quotes the name (just like qmail, BTW). If needed, it can be made smarter later. There 's some draft documentation below. Wietse header_from_format

Re: Is not honoring bounces-to violation of RFC?

Le 29/06/2016 17:02, Chip a écrit : If Return-path is added by receiving MTA, as you say, below, and that it contains the MAIL FROM, then why do I see the following in source code of received message in which return-path does not match From? X-Mozilla-Status: 0001 X-Mozilla-Status2:

Re: SMTP AUTH issue

Le 14/03/2015 09:15, Viktor Dukhovni a écrit : On Fri, Mar 13, 2015 at 06:13:56PM +0100, Emmanuel Fust? wrote: Ok, what do you think about this one ? I added XSASL_AUTH_TEMP in case of crashed / stopped dovecot auth server too. Looks fine to me. What SMTP client is it by the way that treats

Re: SMTP AUTH issue

Le 13/03/2015 17:14, Emmanuel Fusté a écrit : Le 11/03/2015 16:54, Emmanuel Fusté a écrit : Le 11/03/2015 16:39, Viktor Dukhovni a écrit : On Wed, Mar 11, 2015 at 01:41:00PM +0100, Emmanuel Fust? wrote: Hello, On a heavy i/o loaded Postfix (2.11.0) server, i've got this behavior: 535 5.7.8

Re: SMTP AUTH issue

Le 11/03/2015 16:54, Emmanuel Fusté a écrit : Le 11/03/2015 16:39, Viktor Dukhovni a écrit : On Wed, Mar 11, 2015 at 01:41:00PM +0100, Emmanuel Fust? wrote: Hello, On a heavy i/o loaded Postfix (2.11.0) server, i've got this behavior: 535 5.7.8 Error: authentication failed: Connection lost

Re: SMTP AUTH issue

Le 11/03/2015 16:39, Viktor Dukhovni a écrit : On Wed, Mar 11, 2015 at 01:41:00PM +0100, Emmanuel Fust? wrote: Hello, On a heavy i/o loaded Postfix (2.11.0) server, i've got this behavior: 535 5.7.8 Error: authentication failed: Connection lost to authentication server Mar 10 16:37:08

SMTP AUTH issue

Hello, On a heavy i/o loaded Postfix (2.11.0) server, i've got this behavior: === Connected to x.x.x.x. - 220 xx.xx.xx ESMTP Postfix - EHLO localhost - 250-xx.xx.xx - 250-PIPELINING - 250-SIZE 1024 - 250-VRFY - 250-ETRN - 250-STARTTLS - 250-AUTH CRAM-MD5 DIGEST-MD5 -

Re: tlsmgr high io load because of session cache

Le 14/11/2014 18:47, Viktor Dukhovni a écrit : On Fri, Nov 14, 2014 at 05:20:14PM +, Viktor Dukhovni wrote: So gmail.com and postfix.org offer and actually reuses sessions, On the other hand, storing hotmail, AOL or Yahoo sessions is just a waste of I/O, since they are rarely if ever

Re: Small Enhancement Request

Le 10/10/2014 06:40, Ronald F. Guilmette a écrit : In message 20141010030256.gw13...@mournblade.imrryr.org, Viktor Dukhovni postfix-us...@dukhovni.org wrote: On Thu, Oct 09, 2014 at 10:28:52AM -0700, Ronald F. Guilmette wrote: What happens if in fact the matching rules specified in the

Re: Small Enhancement Request

Le 09/10/2014 07:43, Ronald F. Guilmette a écrit : This is a request for a very minor change to the semantics of the PREPEND text result that can be returned from policy servers and/or from specific entries within an access(5) lookup table. It would be maximally convenient if the subject text

Re: reject_sender_login_mismatch behavior

Le 16/09/2013 18:43, Viktor Dukhovni a écrit : On Mon, Sep 16, 2013 at 11:24:12AM -0400, Wietse Venema wrote: So I think putting sender first and indicating that *only* listed senders are in scope makes sense: reject_restricted_sender_wrong_login this should likely automatically

Re: anlyzing sudden spam flood, how?

Le 18/09/2013 05:40, Viktor Dukhovni a écrit : On Wed, Sep 18, 2013 at 01:00:48PM +1000, li...@sbt.net.au wrote: Return-Path: bayedfresc...@reuters.com ... Received: from p2p (unknown [124.11.170.87]) by geko.domain.tld (Postfix) with SMTP id 9E40A3827C6 for vvv...@domain.tld; Wed,

Re: anlyzing sudden spam flood, how?

Le 18/09/2013 12:48, Wietse Venema a écrit : Wietse Venema: Emmanuel Fust?: In an access table, could I use any postfix reject_xxx and permit_xxx directive ? I did not find it in the documentation. It could be very powerfull. It *is* documented. OTHER ACTIONS restriction...

reject_sender_login_mismatch behavior

Hello, I did not find a way to emulate the behavior of reject_sender_login_mismatch for authenticated connexions as for unauthenticated connexions. I need that as in the unauthenticated case, if the envelope sender is not in the smtpd_sender_login_maps maps, the request is accepted. Is there

Re: reject_sender_login_mismatch behavior

Le 16/09/2013 12:41, Wietse Venema a écrit : Emmanuel Fust?: Hello, I did not find a way to emulate the behavior of reject_sender_login_mismatch for authenticated connexions as for unauthenticated connexions. reject_authenticated_sender_login_mismatch Enforces the

Re: reject_sender_login_mismatch behavior

Le 16/09/2013 14:35, Wietse Venema a écrit : Emmanuel Fust?: But in either case, I want to accept the email if the envelope address is not in the map. Given that reject_sender_login_mismatch is implemented internally as an alias for reject_authenticated_sender_login_mismatch,

Re: serious bug with check_client_access

Le 04/11/2010 05:24, Noel Jones a écrit : On 11/3/2010 11:07 PM, Vincent Lefevre wrote: BTW, so, there is no way to match only subdomains (by that, I mean all possible subdomains, but not the domain itself) without changing parent_domain_matches_subdomains? That's correct with indexed tables.

Sub-domains ignore transport relayhost

Hello, Relevant config parameters: parent_domain_matches_subdomains = relay_domains = hash:some_relay_domains_map relay_relayhost = [a.b.c.d] some_relay_domains_map contain: xxx.comx yyy.comx aaa.xxx.comx bbb.yyy.comx symptom: messages for xxx.com and yyy.com are correctly

Re: Sub-domains ignore transport relayhost

Le 01/04/2010 15:20, Wietse Venema a écrit : Emmanuel Fust�: relay_relayhost = [a.b.c.d] As always, use postconf -n output when reporting a problem. This would have revealed immediately that relay_relayhost is a mistake. Wietse Ok so transport_postfix-conf-parameter is no longer a

Re: SNMP + MTA-MIB + Postfix

Wietse Venema a écrit : Ralf Hildebrandt: * no7find - no7f...@gmail.com: Hi list ! I want to know if there is any implementation of MTA-MIB (defined @ RFC 2789) for the Postfix. The answer is: type SNMP into the search window at http://www.postfix.org. Sounds like

Re: SNMP + MTA-MIB + Postfix

Ralf Hildebrandt a écrit : * Emmanuel Fusté emmanuel.fu...@external.thalesgroup.com: In corporate environment, it is now a big pain for us to provide accurate realtime metrics, reliable weekly statistics which are mandatory things requested by our bosses. Big piles of pearl scripts