OT: Check out my photos on Facebook
Now this is the problem of all invites, especially those invites that scrape my addressbook and invite everyone. Should not all invites carry some header or any other identification , that list management software can automatically detect and /dev/null the mails Thanks Ram
Re: OT: Check out my photos on Facebook
Ram put forth on 7/15/2010 1:29 AM: Now this is the problem of all invites, especially those invites that scrape my addressbook and invite everyone. Should not all invites carry some header or any other identification , that list management software can automatically detect and /dev/null the mails Why even bother with that? What is the probability that an email from Facebook IP space to this list would have anything to do with Postfix? I calculate such odds at somewhere around 0.0. Same for MySpace. If either company has OPs on this list they can sub from gmail addresses etc (they probably would already anyway). Wietse should simply ban all of Facebook's IP space: 65.201.208.24/29 65.203.134.64/28 65.204.104.128/28 66.92.180.48/28 66.93.78.176/29 66.220.144.0/20 67.200.105.48/30 69.63.176.0/20 74.119.76.0/22 204.15.20.0/22 And while he's at it, MySpace as well: 63.135.80.0/20 64.94.105.24/29 67.134.143.0/24 67.205.113.16/29 69.25.172.128/28 69.89.67.248/29 69.89.74.0/24 70.42.10.112/29 99.161.102.168/29 204.16.32.0/22 216.52.240.232/29 216.115.73.192/29 216.178.32.0/20 Can't hurt to ban them by domain as well for some obvious reasons. -- Stan
Re: Relaying mail from the same domain to another server
Le mardi 13 juillet 2010 17:47:21, John A. a écrit : Le mardi 13 juillet 2010 14:12:22, John A. a écrit : On Tue, 13 Jul 2010 12:42:42 +0200 John A. j...@edatis.com articulated: I tried to use transport as following: transport_maps = local.cf remote.cf - local.cf contains a sql query which returns virtual if the u...@domain matches. - remote.cf contains a sql query which return smtp:[mail.gateway] if the domain matches. Did this according to TABLE SEARCH ORDER section of transport(5), but it still doesn't work. Local users are finely delivered but I get Recipient address rejected: User unknown in virtual mailbox table for remote users. As I said, I'm still not (yet :)) very familiar with Postfix. Could somebody tell what am I missing ? Well, for starters you are 'top posting'. If you are not sure what that means, Google for it. Did you read the information at: http://www.postfix.org/DEBUG_README.html In particular, post the output of 'postconf -n'. Oups, sorry for top posting, I'm quite a mailing list newbie! Here is my postconf -n (don't pay attention to the domain name, it's testing) alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all mydestination = $myhostname localhost.$mydomain localhost mydomain = edatis.cam myhostname = mparis mynetworks = 127.0.0.0/8 10.0.0.0/22 192.168.2.69 myorigin = $mydomain relayhost = [mxhub.$mydomain] smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) transport_maps = proxy:mysql:/etc/postfix/mysql-transport-fr.cf proxy:mysql:/etc/postfix/mysql-transport-tn.cf virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-users-fr.cf proxy:mysql:/etc/postfix/mysql-aliases.cf virtual_gid_maps = static:105 virtual_mailbox_base = /var/mail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-boxes-fr.cf virtual_uid_maps = static:102 I put the smtpd service in verbose mode and I notice several things: After the RCPT TO, I can see this: resolve_clnt: `' - `...@edatis.cam' - transp=`smtp' host=`[mxhub.edatis.cam]' rcpt=...@edatis.cam' flags= class=virtual - sk is a user of the remote server and the transport is properly set to the mail gateway = GOOD But, after there is the CHECKING RECIPIENT MAPS step, which fails to find a matching entry for the address. I don't know why the mail is not directly relayed after the transport match. To be continued :) I forgot to say that: When I use the mail command from the server, email is delivered correctly to the destination server through the gateway. However, when I telnet to the server (or use my desktop's kmail), I get the User unknown error. And sorry for top posting my sig again... Hello. I'm coming back because I'm still stuck at the same point. I posted my config in he previous message so if somebody could give me advice or idea... Thanks by advance.
Different disclaimaer for each domain???
Hi, Can I automagically attach a different disclaimer for each domain? if so, how? Are there different options? Adri -- Adrian P. van Bloois Postbus 2575 email: adr...@accu.uu.nl 3500 GN Utrecht voice: +31-(0)-30-68-94649 The Netherlands fax: +31-30-68-94649 The whole point of cooking is to get as much flavour out of the ingredients as possible. -- Delia Smith
Re: Different disclaimaer for each domain???
* Adrian P. van Bloois adr...@accu.uu.nl: Hi, Can I automagically attach a different disclaimer for each domain? if so, how? Are there different options? Which program is appending the single disclaimer now? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
info about From: address without domain
Hi to all! I've a environmetn with two postfix server, with relaying scope. If I send an email without domain: 220 * helo test 250 relay2.A.com mail from:test 250 2.1.0 Ok it will arrive with the domain suffix A appended. I want to send an email without any domain, wath I have to configure? Thanks -- Stefano Villa
Re: info about From: address without domain
* Stefano Villa st...@pobox.com: Hi to all! I've a environmetn with two postfix server, with relaying scope. If I send an email without domain: 220 * helo test 250 relay2.A.com mail from:test 250 2.1.0 Ok it will arrive with the domain suffix A appended. local_header_rewrite_clients = -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: where to put domain name that's only it virtual map
On Wed, Jul 14, 2010 at 18:38, Wietse Venema wie...@porcupine.org wrote: Phil Howard: Every address in these domains will be rewritten to some other address (not all with the same domain) and sent on their way. Some of them will be rewritten to addresses that do fall into other classes for some kind of local delivery (right now, in virtual mailbox). You give pretty much the definition of a Postfix virtual alias domain. All addresses are rewritten to an address in a different local or remote domain, therefore, the domain must be listed as a virtual alias domain, as per ADDRESS_CLASS_README.html. Wietse Thanks for confirming it. I wasn't clear from the documentation because it seemed the only way to implement this would be to have multiple maps be looked up each time a domain needed to be checked. I just couldn't imagine that happening. BTW, I do think about how things work not in terms of abstract definition, but rather, how steps actually take place. So as I read documentation, I'm always thinking about it that way. It's just who I am. Now I need to rewrite my scripts to create separate maps for the domains. -- sHiFt HaPpEnS!
Re: proxymap(8), number of connections, detecting altered tables
* Stefan Foerster cite+postfix-us...@incertum.net: While I agree that it is totally obvious that table are re-read as soon as a new proxymap(8) process is spawned, on a resonably busy system, this won't happen too often. So getting a definitive answer on that one would still be helpful. Has this been answered? It also affects me, so I'd like to know :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: proxymap(8), number of connections, detecting altered tables
Ralf Hildebrandt: * Stefan Foerster cite+postfix-us...@incertum.net: While I agree that it is totally obvious that table are re-read as soon as a new proxymap(8) process is spawned, on a resonably busy system, this won't happen too often. So getting a definitive answer on that one would still be helpful. Has this been answered? It also affects me, so I'd like to know :) There is no definitive answer. The strategy of how to detect changes is evolving over time, and some tables (pcre, regexp, cidr) do not implement change detection at this time. If you really must force a change, use postfix reload. Wietse
Re: where to put domain name that's only it virtual map
Phil Howard: [ Charset ISO-8859-1 unsupported, converting... ] On Wed, Jul 14, 2010 at 18:38, Wietse Venema wie...@porcupine.org wrote: Phil Howard: Every address in these domains will be rewritten to some other address (not all with the same domain) and sent on their way. ?Some of them will be rewritten to addresses that do fall into other classes for some kind of local delivery (right now, in virtual mailbox). You give pretty much the definition of a Postfix virtual alias domain. All addresses are rewritten to an address in a different local or remote domain, therefore, the domain must be listed as a virtual alias domain, as per ADDRESS_CLASS_README.html. ? ? ? ?Wietse Thanks for confirming it. I wasn't clear from the documentation because it seemed the only way to implement this would be to have multiple maps be looked up each time a domain needed to be checked. What part of the document suggests this? Wietse
Re: where to put domain name that's only it virtual map
On Thu, Jul 15, 2010 at 09:53, Wietse Venema wie...@porcupine.org wrote: Phil Howard: [ Charset ISO-8859-1 unsupported, converting... ] On Wed, Jul 14, 2010 at 18:38, Wietse Venema wie...@porcupine.org wrote: Phil Howard: Every address in these domains will be rewritten to some other address (not all with the same domain) and sent on their way. ?Some of them will be rewritten to addresses that do fall into other classes for some kind of local delivery (right now, in virtual mailbox). You give pretty much the definition of a Postfix virtual alias domain. All addresses are rewritten to an address in a different local or remote domain, therefore, the domain must be listed as a virtual alias domain, as per ADDRESS_CLASS_README.html. ? ? ? ?Wietse Thanks for confirming it. I wasn't clear from the documentation because it seemed the only way to implement this would be to have multiple maps be looked up each time a domain needed to be checked. What part of the document suggests this? The part that tells about more than one map for domains. If there is one map for domains of one class, and another map for domains of another class (e.g. virtual_alias_domains, and virtual_mailbox_domains), then to determine how to handle a domain (such as for an arriving message), more than one map would have to be checked in at least some cases (where the domain isn't found in the first that is checked). -- sHiFt HaPpEnS!
Re: where to put domain name that's only it virtual map
Phil Howard: On Thu, Jul 15, 2010 at 09:53, Wietse Venema wie...@porcupine.org wrote: Phil Howard: [ Charset ISO-8859-1 unsupported, converting... ] On Wed, Jul 14, 2010 at 18:38, Wietse Venema wie...@porcupine.org wrote: Phil Howard: Every address in these domains will be rewritten to some other address (not all with the same domain) and sent on their way. ?Some of them will be rewritten to addresses that do fall into other classes for some kind of local delivery (right now, in virtual mailbox). You give pretty much the definition of a Postfix virtual alias domain. All addresses are rewritten to an address in a different local or remote domain, therefore, the domain must be listed as a virtual alias domain, as per ADDRESS_CLASS_README.html. ? ? ? ?Wietse Thanks for confirming it. ?I wasn't clear from the documentation because it seemed the only way to implement this would be to have multiple maps be looked up each time a domain needed to be checked. What part of the document suggests this? The part that tells about more than one map for domains. If there is one map for domains of one class, and another map for domains of another class (e.g. virtual_alias_domains, and virtual_mailbox_domains), then to determine how to handle a domain (such as for an arriving message), more than one map would have to be checked in at least some cases (where the domain isn't found in the first that is checked). Postfix will search up to four tables to decide how to handle a recipient address: virtual_alias_domains - rewrite recipient to other domain mydestination - deliver with local(8) virtual_mailbox_domains - deliver with virtual(8) relay_domains - deliver with smtp(8) This could have been done with one table, but that would have broken compatibility with Postfix version 1.1 which already had multiple tables (mydestination and relay_domains). Wietse
Better spam filter for postfix
As most of you guys know. I use mailscanner. I would like recomendations of what else to use. I prefer a all in one package like what mailscanner does. It also utilizes clamav and spamassion. The problem is most of the information I find on the net is outdated or for projects that stops. Seems like everybody has there way of dealing wiht spam filterting. So This is a ask of what you guys find the most usefull. I'm hosting mutiple domains (virtual via mysql) so I cannot be sepecific to each one. Also I'm using postini with some but not all the domains. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
null client doc
In http://www.postfix.org/STANDARD_CONFIGURATION_README.html this text ... A null client is a machine that can only send mail. It receives no mail from the network, and it does not deliver any mail locally. A null client typically uses POP, IMAP or NFS for mailbox access. ... is confusing (the part about POP, IMAP, or NFS). Can this configuration be used for a null server (I'm guessing this term)? This new server only needs to send mail. It has no access to the internet (though it does have access to the internal DNS caches and the real mail server via private IPs) so it won't be able to reach the MX host for recipients by means of the IP address it would get via MX and A lookups. It just needs to always forward everything via the primary mail server (or the secondary if not configured to have a send queue of its own). It won't receive or read any email (no POP, no IMAP, no NFS). -- sHiFt HaPpEnS!
Re: null client doc
Phil Howard: This new server only needs to send mail. Then is is a null MAIL client. Wietse
Re: where to put domain name that's only it virtual map
On Thu, Jul 15, 2010 at 14:17, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Wed, Jul 14, 2010 at 06:38:17PM -0400, Wietse Venema wrote: Phil Howard: Every address in these domains will be rewritten to some other address (not all with the same domain) and sent on their way. Some of them will be rewritten to addresses that do fall into other classes for some kind of local delivery (right now, in virtual mailbox). You give pretty much the definition of a Postfix virtual alias domain. All addresses are rewritten to an address in a different local or remote domain, therefore, the domain must be listed as a virtual alias domain, as per ADDRESS_CLASS_README.html. He mentioned not all witht the same domain, which is not entirely clear. I read it to mean that some of the rewrites are to different local-parts, but with the domain unmodified. In that case, and especially if this is followed by virtual mailbox delivery, the domain is a virtual_mailbox_domain with partial forwarding. If what the phrase meant was that there are multiple target domains into which the original domain is rewritten, but no addresses stay in the original domain, then it is a virtual alias domain. I think this is what it is. This is all documented Phil, please read more carefully, and if not sure what something means, test your understanding in a test configuration that does not handle live mail traffic. Fortunately I have that test machine, now. I've now tried both ways with a limited set of addresses hand coded (not the full set of data). It works exactly the same either way. I'm working on recoding the script that generates the maps. To split the domains between these two maps, it has to look at whether there are real mailboxes for a domain or not. Basically, the mailbox data will dictate what goes in virtual_mailbox_domains. But for virtual_alias_domains, derived from the forwarding data, it has to exclude the domains that have mailboxes. -- sHiFt HaPpEnS!
Re: proxymap(8), number of connections, detecting altered tables
On Thu, Jul 15, 2010 at 02:31:36PM -0400, Wietse Venema wrote: Also, only use proxymap for IPC based tables (ldap, mysql, pgsql, tcp, ...), do not use proxymap for indexed files, cidr tables, pcre/regexp tables, It depends on what the trade-offs are. I know of one user with very large cidr tables - sacrificing performance to avoid running out of physical memory. One might suggest that CIDR is not a good fit for this even if stored just once, an IPC based server that walks trees rather than lists would be far more suitable... -- Viktor.
Re: Better spam filter for postfix
Use greylisting, eg postgrey and set it up to work before amavisd-new or mailscanner. 2010/7/15 Josh Cason joc...@mychoice.cc As most of you guys know. I use mailscanner. I would like recomendations of what else to use. I prefer a all in one package like what mailscanner does. It also utilizes clamav and spamassion. The problem is most of the information I find on the net is outdated or for projects that stops. Seems like everybody has there way of dealing wiht spam filterting. So This is a ask of what you guys find the most usefull. I'm hosting mutiple domains (virtual via mysql) so I cannot be sepecific to each one. Also I'm using postini with some but not all the domains. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
Re: Better spam filter for postfix
Original-Nachricht Datum: Thu, 15 Jul 2010 19:37:48 +0200 Von: Ralf Hildebrandt ralf.hildebra...@charite.de An: postfix-users@postfix.org Betreff: Re: Better spam filter for postfix * Josh Cason joc...@mychoice.cc: As most of you guys know. I use mailscanner. I would like recomendations of what else to use. I prefer a all in one package like what mailscanner does. It also utilizes clamav and spamassion. So does amavisd-new If you looking for something that is beyond just being better then I recommend CRM114 or DSPAM or OSBF-Lua. If you insist in having the AV included in the Anti-Spam tool then use something like DSPAM. I use all of the above mentioned and all of them are fast and accurate. DSPAM is the one that is the easiest to scale and DSPAM is the one using the lowest amount of memory (DSPAM alone uses on my setup less then 10MB of memory for hundreds of domains having thousands of users in total). From a algorithm viewpoint CRM114 is a insane tool. It offers you a lot of algorithms and is virtually expendable to anything you like (it includes it's own language). If you used SA in the past then any of the above will surprise you in terms of speed, memory consumption and accuracy. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
Re: Better spam filter for postfix
Or sqlgrey, a fork of postgrey. http://sqlgrey.sourceforge.net/ On Jul 15, 2010, at 11:59 AM, Kai Krakow wrote: Use greylisting, eg postgrey and set it up to work before amavisd-new or mailscanner. 2010/7/15 Josh Cason joc...@mychoice.cc As most of you guys know. I use mailscanner. I would like recomendations of what else to use. I prefer a all in one package like what mailscanner does. It also utilizes clamav and spamassion. The problem is most of the information I find on the net is outdated or for projects that stops. Seems like everybody has there way of dealing wiht spam filterting. So This is a ask of what you guys find the most usefull. I'm hosting mutiple domains (virtual via mysql) so I cannot be sepecific to each one. Also I'm using postini with some but not all the domains. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
Re: where to put domain name that's only it virtual map
On Thu, Jul 15, 2010 at 02:45:10PM -0400, Phil Howard wrote: This is all documented Phil, please read more carefully, and if not sure what something means, test your understanding in a test configuration that does not handle live mail traffic. Fortunately I have that test machine, now. I've now tried both ways with a limited set of addresses hand coded (not the full set of data). It works exactly the same either way. I'm working on recoding the script that generates the maps. To split the domains between these two maps, it has to look at whether there are real mailboxes for a domain or not. Basically, the mailbox data will dictate what goes in virtual_mailbox_domains. But for virtual_alias_domains, derived from the forwarding data, it has to exclude the domains that have mailboxes. I am reluctant to recommend an approach where domains automatically morph between virtual mailbox domains and virtual alias domains based on transient surveys for the presence of non-forwarded mailboxes. The distinction between the two address classes should be a *design* decision, that is made or changed by intent rather than circumstance. If you don't know in advance whether a domain may or may not host mailboxes, then assume it will, and virtual mailbox domains for all domains. There is nothing wrong with a virtual mailbox domain, that has no mailboxes yet, so long as the possibility to have them later is a requirement. You are working too hard if you are trying to optimize mailbox domains to alias domains when there are not yet any mailboxes. -- Viktor.
Re: Better spam filter for postfix
Original-Nachricht Datum: Thu, 15 Jul 2010 12:03:17 -0700 Von: Bradley Giesbrecht bradley.giesbre...@gmail.com An: postfix-users postfix-users@postfix.org Betreff: Re: Better spam filter for postfix Or sqlgrey, a fork of postgrey. http://sqlgrey.sourceforge.net/ Or GROSS (the only greylisting application that I know working with a bloom filter (http://en.wikipedia.org/wiki/Bloom_filter)). http://code.google.com/p/gross/ On Jul 15, 2010, at 11:59 AM, Kai Krakow wrote: Use greylisting, eg postgrey and set it up to work before amavisd-new or mailscanner. 2010/7/15 Josh Cason joc...@mychoice.cc As most of you guys know. I use mailscanner. I would like recomendations of what else to use. I prefer a all in one package like what mailscanner does. It also utilizes clamav and spamassion. The problem is most of the information I find on the net is outdated or for projects that stops. Seems like everybody has there way of dealing wiht spam filterting. So This is a ask of what you guys find the most usefull. I'm hosting mutiple domains (virtual via mysql) so I cannot be sepecific to each one. Also I'm using postini with some but not all the domains. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean. -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
Re: proxymap(8), number of connections, detecting altered tables
Victor Duchovni: On Thu, Jul 15, 2010 at 02:31:36PM -0400, Wietse Venema wrote: Also, only use proxymap for IPC based tables (ldap, mysql, pgsql, tcp, ...), do not use proxymap for indexed files, cidr tables, pcre/regexp tables, It depends on what the trade-offs are. I know of one user with very large cidr tables - sacrificing performance to avoid running out of physical memory. One might suggest that CIDR is not a good fit for this even if stored just once, an IPC based server that walks trees rather than lists would be far more suitable... I agree that the Postfix CIDR implementation achieves simplicity of implementation (including correctness) by sacrificing space and speed. It seems that speed-wise improvements could be made cheaply by adding IF/ENDIF support, similar to the regexp/pcre tables. Wietse
Re: proxymap(8), number of connections, detecting altered tables
On Thu, Jul 15, 2010 at 03:37:02PM -0400, Wietse Venema wrote: One might suggest that CIDR is not a good fit for this even if stored just once, an IPC based server that walks trees rather than lists would be far more suitable... I agree that the Postfix CIDR implementation achieves simplicity of implementation (including correctness) by sacrificing space and speed. It seems that speed-wise improvements could be made cheaply by adding IF/ENDIF support, similar to the regexp/pcre tables. Yes, this did occur to me: IF 192.0.0.0/4 IF 192.0.0.0/12 IF 192.0.0.0/20 192.0.2.1 REJECT example address ENDIF optional text ENDIF 192.0.0.0/12 ENDIF 192.0.0.0/4 plus a suitable compiler script that constructs a sensibly efficient nested IF structure from a list of CIDR blocks. -- Viktor.
Re: Better spam filter for postfix
On 07/15/2010 12:29 PM, Steve wrote: Or GROSS (the only greylisting application that I know working with a bloom filter (http://en.wikipedia.org/wiki/Bloom_filter)). http://code.google.com/p/gross/ Thanks for the link, what I see there is very interesting - I'll check this out... Joe
TROUBLE in process_request: Error writing a SMTP response to the socket
Hi, does anyone know something about this error with postfix and amavis? Jul 13 17:57:25 e200 amavis[27308]: (27308-05) Passed CLEAN, [209.132.180.67] [213.165.64.20] linux-kernel-ow...@vger.kernel.org - li...@imt-systems.com,mstev...@imt-systems.com, Message-ID: 1279036642.5733.7.ca...@maggy.simson.net, mail_id: tsOvUhRB8Tnn, Hits: -4, size: 3003, queued_as: 3095C1F81E9, 2163 ms Jul 13 17:57:25 e200 amavis[27308]: (27308-05) (!!)TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 83) line 957, GEN79 line 78. Jul 13 17:57:25 e200 amavis[27308]: (27308-05) (!)Requesting process rundown after fatal error Note: the mail was delivered successful. I´ve seen this error only one-time and the server is apart from that working without any problems. Thank you. Best regards, Morten
Re: where to put domain name that's only it virtual map
On Thu, Jul 15, 2010 at 15:19, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Thu, Jul 15, 2010 at 02:45:10PM -0400, Phil Howard wrote: This is all documented Phil, please read more carefully, and if not sure what something means, test your understanding in a test configuration that does not handle live mail traffic. Fortunately I have that test machine, now. I've now tried both ways with a limited set of addresses hand coded (not the full set of data). It works exactly the same either way. I'm working on recoding the script that generates the maps. To split the domains between these two maps, it has to look at whether there are real mailboxes for a domain or not. Basically, the mailbox data will dictate what goes in virtual_mailbox_domains. But for virtual_alias_domains, derived from the forwarding data, it has to exclude the domains that have mailboxes. I am reluctant to recommend an approach where domains automatically morph between virtual mailbox domains and virtual alias domains based on transient surveys for the presence of non-forwarded mailboxes. The distinction between the two address classes should be a *design* decision, that is made or changed by intent rather than circumstance. It is a design decision. It's just that the information about it is not recorded in the data the script will be building from. If you don't know in advance whether a domain may or may not host mailboxes, then assume it will, and virtual mailbox domains for all domains. There is nothing wrong with a virtual mailbox domain, that has no mailboxes yet, so long as the possibility to have them later is a requirement. You are working too hard if you are trying to optimize mailbox domains to alias domains when there are not yet any mailboxes. I *know* certain domains will never have mailboxes. However, if things work fine (and they do seem to) by assuming they may have mailboxes some day in the future but just don't, yet, then that really would simplify things. I wasn't trying to do this to optimize ... I have no idea what is optimal in Postfix. Instead, I was trying to be correct without knowing for sure what was correct (initially). Actually, my script would be noticeably slower to separate the domains. It's simpler to put them all in virtual_mailbox_domains by concatenating all the domains from my mailbox password data and all the domains from my forwarding data (which can have domains from both sets) and piping that through sort -u. By correct above, I mean semantically, not methodically. Methodically, it all looks identical (mail comes in, domain lookup is done, it gets OK from virtual_mailbox_domains ... BUT ... virtual_alias_maps rewrites it to something else ... before or after I don't know ... mail goes on to its final destination). A case of unknown user part, this may cause the wrong message. I don't know if I need to be concerned with that, or not. If not, virtual_mailbox_domains should suffice. It's kind of like some web design issues. There's a right way if you listen to the semantic web people, but many ways actually work. The problem is, some of the many ways that work may not do so in the future. Or it's like using undefined aspects of C programming known to always work fine on x86. Maybe they won't in x86_64 or PPC. -- sHiFt HaPpEnS!
Re: TROUBLE in process_request: Error writing a SMTP response to the socket
Morten P.D. Stevens: Hi, does anyone know something about this error with postfix and amavis? Jul 13 17:57:25 e200 amavis[27308]: (27308-05) Passed CLEAN, [209.132.180.67] [213.165.64.20] linux-kernel-ow...@vger.kernel.org - li...@imt-systems.com,mstev...@imt-systems.com, Message-ID: 1279036642.5733.7.ca...@maggy.simson.net, mail_id: tsOvUhRB8Tnn, Hits: -4, size: 3003, queued_as: 3095C1F81E9, 2163 ms Jul 13 17:57:25 e200 amavis[27308]: (27308-05) (!!)TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 83) line 957, GEN79 line 78. Jul 13 17:57:25 e200 amavis[27308]: (27308-05) (!)Requesting process rundown after fatal error Note: the mail was delivered successful. I?ve seen this error only one-time and the server is apart from that working without any problems. What the previous logfile record from process amavis[27308]? Wietse
Re: Better spam filter for postfix
On Thu, Jul 15, 2010 at 09:02:52PM +0200, Steve wrote: Original-Nachricht Datum: Thu, 15 Jul 2010 19:37:48 +0200 Von: Ralf Hildebrandt ralf.hildebra...@charite.de An: postfix-users@postfix.org Betreff: Re: Better spam filter for postfix * Josh Cason joc...@mychoice.cc: As most of you guys know. I use mailscanner. I would like recomendations of what else to use. I prefer a all in one package like what mailscanner does. It also utilizes clamav and spamassion. So does amavisd-new If you looking for something that is beyond just being better then I recommend CRM114 or DSPAM or OSBF-Lua. If you insist in having the AV included in the Anti-Spam tool then use something like DSPAM. I'd consider those as engines. You can run one or all of them if you really want. MailScanner, Amavisd-new, Mimedefang and even SA (as a framework) are some of the glues that might utilize them. Also ClamAV isn't just an AV tool. It's a lot more of an Anti-Spam tool when used with Sanesecurity signatures etc. There are a million combinations of glues, engines and other general anti-spam methods. You need to be very clear on your needs to get a meaningful answer (and maybe not even then). I use all of the above mentioned and all of them are fast and accurate. DSPAM is the one that is the easiest to scale and DSPAM is the one using the lowest amount of memory (DSPAM alone uses on my setup less then 10MB of memory for hundreds of domains having thousands of users in total). From a algorithm viewpoint CRM114 is a insane tool. It offers you a lot of algorithms and is virtually expendable to anything you like (it includes it's own language). If you used SA in the past then any of the above will surprise you in terms of speed, memory consumption and accuracy. Generally DSPAM etc require user interaction/learning. SA does not, since it's a framework of rules and plugins and can autolearn Bayes if you want to - or even do the same for DSPAM etc if you use them as SA plugins. Let's not forget that DSPAM etc also require a database backend, which might require lots of memory and/or disk, so it's not exactly free either. Accuracy depends heavily on configuration of all the components and other voodoo. There are no easy answers.
RE: TROUBLE in process_request: Error writing a SMTP response to the socket
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix- us...@postfix.org] On Behalf Of Wietse Venema Sent: Thursday, July 15, 2010 10:46 PM To: Postfix users Subject: Re: TROUBLE in process_request: Error writing a SMTP response to the socket What the previous logfile record from process amavis[27308]? Wietse This one: Jul 13 17:48:34 e200 amavis[27308]: (27308-04) Passed CLEAN, [168.100.1.7] [80.101.24.220] owner-postfix-us...@postfix.org - li...@imt-systems.com,mstev...@imt-systems.com, Message-ID: m2lj9fgz9b@phoenix.squirrel.nl, mail_id: UkNOSaYmg+mw, Hits: -7, size: 4090, queued_as: BD1D31F81E7, 2023 ms Best regards, Morten
Re: where to put domain name that's only it virtual map
On Thu, Jul 15, 2010 at 04:44:00PM -0400, Phil Howard wrote: You are working too hard if you are trying to optimize mailbox domains to alias domains when there are not yet any mailboxes. I *know* certain domains will never have mailboxes. You can make these virtual alias domains, but if you make them virtual mailbox domains with no mailboxes, the difference will be rather small. Instead of the queue manager routing the mail of non-existing users directly to the error transport, they'll be routed to the virtual(8) transport, which will bounce them instead. Since smtpd(8) rejects non-existing users (when not misconfigured), the different internal logic has little practical impact. things work fine (and they do seem to) by assuming they may have mailboxes some day in the future but just don't, yet, then that really would simplify things. If you have a lot of domains to manage, you can make do with virtual mailbox domains as a sensible default. You need separate tables for virtual aliases and virtual mailboxes regardless of which designation you choose, all that changes is the contents of virtual_mailbox_domains vs. virtual_alias_domains. -- Viktor.
Re: Better spam filter for postfix
Original-Nachricht Datum: Thu, 15 Jul 2010 23:54:22 +0300 Von: Henrik K h...@hege.li An: postfix-users@postfix.org Betreff: Re: Better spam filter for postfix On Thu, Jul 15, 2010 at 09:02:52PM +0200, Steve wrote: Original-Nachricht Datum: Thu, 15 Jul 2010 19:37:48 +0200 Von: Ralf Hildebrandt ralf.hildebra...@charite.de An: postfix-users@postfix.org Betreff: Re: Better spam filter for postfix * Josh Cason joc...@mychoice.cc: As most of you guys know. I use mailscanner. I would like recomendations of what else to use. I prefer a all in one package like what mailscanner does. It also utilizes clamav and spamassion. So does amavisd-new If you looking for something that is beyond just being better then I recommend CRM114 or DSPAM or OSBF-Lua. If you insist in having the AV included in the Anti-Spam tool then use something like DSPAM. I'd consider those as engines. You can run one or all of them if you really want. MailScanner, Amavisd-new, Mimedefang and even SA (as a framework) are some of the glues that might utilize them. Well those so called engines can run on their own. They don't need to be wrapped inside any of the glues you mention. Especially not when those glues are memory hogs. Also ClamAV isn't just an AV tool. It's a lot more of an Anti-Spam tool when used with Sanesecurity signatures etc. There are a million combinations of glues, engines and other general anti-spam methods. You need to be very clear on your needs to get a meaningful answer (and maybe not even then). I use all of the above mentioned and all of them are fast and accurate. DSPAM is the one that is the easiest to scale and DSPAM is the one using the lowest amount of memory (DSPAM alone uses on my setup less then 10MB of memory for hundreds of domains having thousands of users in total). From a algorithm viewpoint CRM114 is a insane tool. It offers you a lot of algorithms and is virtually expendable to anything you like (it includes it's own language). If you used SA in the past then any of the above will surprise you in terms of speed, memory consumption and accuracy. Generally DSPAM etc require user interaction/learning. So does CRM114 and OSBF-Lua. But you are wrong in thinking that they need an insane amount of training/learning. SA does not, since it's a framework of rules and plugins and can autolearn Bayes if you want to - or even do the same for DSPAM etc if you use them as SA plugins. Let's not forget that DSPAM etc also require a database backend, You are WRONG. DSPAM does NOT require a database backend. I don't know where you have that from? DSPAM MIGHT use a database backend but can run well without one (using the Hash driver). which might require lots of memory and/or disk, so it's not exactly free either. Accuracy depends heavily on configuration of all the components and other voodoo. What? Voodoo? Yeah right. There is less voodoo in CRM114, OSBF-Lua and DSPAM then in SA. I explain a user the following: * you get mail and if it is wrongly classified by the Anti-Spam filter then you correct it and the filter will learn. * the wrong classification is done based on YOUR prior classification you have feed to the Anti-Spam filter. * if you feed wrong data to the Anti-Spam filter then the filter will make errors. * the more you correct the higher the accuracy gets and you need less and less to correct errors. That's easy to understand. IMHO it is easier to explain then telling the user: * there is an army of rule writers out there that is writing rules for SA where THEY are telling what is spam and what is ham. And if the user asks me: what rules are that? Then I would need to say that there are a gazillion of rules that I can not explain in detail without taking much of his time to go throw all the rules one by one. Anyway... For me the three mentioned products are all better then SA because they have a smaller memory footprint then SA and are way faster then SA and properly set up require less maintenance and are way more accurate then SA. And regarding the training: DSPAM and CRM114 offers features where you can pre-learn so that your users are having from day one already a high accuracy (generally above 95%) and if they re-classify the first bunch of errors then their accuracy jumps easy over 98.x%/99.x%. In DSPAM that kind of setup is accomplished with merged groups or classification groups or shared groups. In CRM114 you can at run time allocate and merge as many CSS files (one pre-trained should be enough) as you like. There are no easy answers. And this is generally the field where Anti-Spam tools that do not depend on pre-made rules are shining, because they are very adaptive. -- GMX DSL: Internet-, Telefon- und Handy-Flat ab 19,99 EUR/mtl. Bis zu 150 EUR Startguthaben inklusive! http://portal.gmx.net/de/go/dsl
Re: TROUBLE in process_request: Error writing a SMTP response to the socket
Morten P.D. Stevens: What the previous logfile record from process amavis[27308]? Wietse This one: Jul 13 17:48:34 e200 amavis[27308]: (27308-04) Passed CLEAN, [168.100.1.7] [80.101.24.220] owner-postfix-us...@postfix.org - li...@imt-systems.com,mstev...@imt-systems.com, Message-ID: m2lj9fgz9b@phoenix.squirrel.nl, mail_id: UkNOSaYmg+mw, Hits: -7, size: 4090, queued_as: BD1D31F81E7, 2023 ms Well in that case you will need to show the POSTFIX logging that precedes the AMAVIS transaction with the warning. Wietse
deferred mail
Hello, I'm using two instances of postfix and lately I've been getting a lot of deferred email, any suggestions how to stop accepting email that can't be delivered. I do have local recipients table, server should not accept email that can't be deliver. Please help! host# perl check_outmail -Queue ID- --Size-- Arrival Time -Sender/Recipient--- CC858A1091 4664 Thu Jul 15 12:58:42 MAILER-DAEMON (connect to forum.ituin.org[69.43.160.175]:25: Connection refused) mavn...@forum.ituin.org 49735A109F 4663 Thu Jul 15 13:16:52 MAILER-DAEMON (host offworldventures.com[216.97.232.215] said: 451 Temporary local problem - please try later (in reply to RCPT TO command)) adow...@offworldventures.com -- 10 Kbytes in 2 Requests. Host# postconf -n local_recipient_maps = hash:/usr/local/etc/postfix/userdb, hash:/usr/local/etc/postfix/uservirt mail_owner = postfix mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man message_size_limit = 5000 mydestination = example.com, example2.com, example3.com myhostname = host.example.com mynetworks = 127.0.0.0/8, myorigin = example.com newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no relay_domains = hash:/usr/local/etc/postfix/relay_domains sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_banner = host.example.com smtpd_error_sleep_time = 0 smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination,reject_invalid_hostname, reject_non_fqdn_sender,reject_non_fqdn_recipient, reject_unknown_sender_domain,reject_unknown_recipient_domain, smtpd_sender_restrictions = hash:/usr/local/etc/postfix/access unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 unverified_sender_reject_code = 550
RE: TROUBLE in process_request: Error writing a SMTP response to the socket
Mit freundlichen Grüßen Morten Stevens IMT-Systems GmbH Helfmann-Park 10 65760 Eschborn Tel: +49(0)6196 95 48 10 Mobil: +49(0)179 66 38 401 E-Mail: mstev...@imt-systems.com Internet: http://www.imt-systems.com Sitz der Gesellschaft: Eschborn am Taunus Eingetragen im Handelsregister Frankfurt am Main - HRB 86696 Geschäftsführer: Morten Stevens -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix- us...@postfix.org] On Behalf Of Wietse Venema Sent: Thursday, July 15, 2010 11:30 PM To: Postfix users Subject: Re: TROUBLE in process_request: Error writing a SMTP response to the socket Morten P.D. Stevens: What the previous logfile record from process amavis[27308]? Wietse This one: Jul 13 17:48:34 e200 amavis[27308]: (27308-04) Passed CLEAN, [168.100.1.7] [80.101.24.220] owner-postfix-us...@postfix.org - li...@imt-systems.com,mstev...@imt-systems.com, Message-ID: m2lj9fgz9b@phoenix.squirrel.nl, mail_id: UkNOSaYmg+mw, Hits: -7, size: 4090, queued_as: BD1D31F81E7, 2023 ms Well in that case you will need to show the POSTFIX logging that precedes the AMAVIS transaction with the warning. Wietse
RE: TROUBLE in process_request: Error writing a SMTP response to the socket
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix- us...@postfix.org] On Behalf Of Wietse Venema Sent: Thursday, July 15, 2010 11:30 PM To: Postfix users Subject: Re: TROUBLE in process_request: Error writing a SMTP response to the socket Morten P.D. Stevens: What the previous logfile record from process amavis[27308]? Wietse This one: Jul 13 17:48:34 e200 amavis[27308]: (27308-04) Passed CLEAN, [168.100.1.7] [80.101.24.220] owner-postfix-us...@postfix.org - li...@imt-systems.com,mstev...@imt-systems.com, Message-ID: m2lj9fgz9b@phoenix.squirrel.nl, mail_id: UkNOSaYmg+mw, Hits: -7, size: 4090, queued_as: BD1D31F81E7, 2023 ms Well in that case you will need to show the POSTFIX logging that precedes the AMAVIS transaction with the warning. Wietse Okay: Jul 13 17:57:22 e200 postfix/smtpd[27826]: connect from vger.kernel.org[209.132.180.67] Jul 13 17:57:22 e200 postfix/smtpd[27826]: B78901F81E7: client=vger.kernel.org[209.132.180.67] Jul 13 17:57:23 e200 postfix/cleanup[27832]: B78901F81E7: message-id=1279036642.5733.7.ca...@maggy.simson.net Jul 13 17:57:23 e200 dkim-filter[2996]: B78901F81E7: no signature data Jul 13 17:57:23 e200 postfix/qmgr[27814]: B78901F81E7: from=linux-kernel-ow...@vger.kernel.org, size=3037, nrcpt=2 (queue active) Jul 13 17:57:23 e200 postfix/smtpd[27826]: disconnect from vger.kernel.org[209.132.180.67] Jul 13 17:57:24 e200 postfix/master[27809]: terminating on signal 15 Jul 13 17:57:24 e200 postfix/master[27942]: daemon started -- version 2.5.5, configuration /etc/postfix Jul 13 17:57:24 e200 postfix/qmgr[27947]: B78901F81E7: from=linux-kernel-ow...@vger.kernel.org, size=3037, nrcpt=2 (queue active) Jul 13 17:57:25 e200 postfix/smtpd[27953]: connect from localhost[127.0.0.1] Jul 13 17:57:25 e200 postfix/smtpd[27953]: 3095C1F81E9: client=localhost[127.0.0.1] Jul 13 17:57:25 e200 postfix/cleanup[27956]: 3095C1F81E9: message-id=1279036642.5733.7.ca...@maggy.simson.net Jul 13 17:57:25 e200 dkim-filter[2996]: 3095C1F81E9: no signature data Jul 13 17:57:25 e200 postfix/qmgr[27947]: 3095C1F81E9: from=linux-kernel-ow...@vger.kernel.org, size=3590, nrcpt=2 (queue active) Jul 13 17:57:25 e200 postfix/smtpd[27953]: disconnect from localhost[127.0.0.1] Jul 13 17:57:25 e200 amavis[27308]: (27308-05) Passed CLEAN, [209.132.180.67] [213.165.64.20] linux-kernel-ow...@vger.kernel.org - li...@imt-systems.com,mstev...@imt-systems.com, Message-ID: 1279036642.5733.7.ca...@maggy.simson.net, mail_id: tsOvUhRB8Tnn, Hits: -4, size: 3003, queued_as: 3095C1F81E9, 2163 ms Jul 13 17:57:25 e200 amavis[27308]: (27308-05) (!!)TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 83) line 957, GEN79 line 78. Jul 13 17:57:25 e200 amavis[27308]: (27308-05) (!)Requesting process rundown after fatal error Jul 13 17:57:25 e200 postfix/smtp[27958]: 3095C1F81E9: to=li...@imt-systems.com, relay=smtp.imt-systems.com[89.146.219.44]:25, delay=0.06, delays=0.03/0.02/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7AC7A9780AE) Jul 13 17:57:25 e200 postfix/smtp[27958]: 3095C1F81E9: to=mstev...@imt-systems.com, relay=smtp.imt-systems.com[89.146.219.44]:25, delay=0.06, delays=0.03/0.02/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7AC7A9780AE) Jul 13 17:57:25 e200 postfix/qmgr[27947]: 3095C1F81E9: removed Jul 13 17:57:26 e200 postfix/smtpd[27953]: connect from localhost[127.0.0.1] Jul 13 17:57:26 e200 postfix/smtpd[27953]: 980291F81E9: client=localhost[127.0.0.1] Jul 13 17:57:26 e200 postfix/cleanup[27956]: 980291F81E9: message-id=1279036642.5733.7.ca...@maggy.simson.net Jul 13 17:57:26 e200 dkim-filter[2996]: 980291F81E9: no signature data Jul 13 17:57:26 e200 postfix/smtpd[27953]: disconnect from localhost[127.0.0.1] Jul 13 17:57:26 e200 postfix/qmgr[27947]: 980291F81E9: from=linux-kernel-ow...@vger.kernel.org, size=3590, nrcpt=2 (queue active) Jul 13 17:57:26 e200 postfix/smtp[27958]: 980291F81E9: to=li...@imt-systems.com, relay=smtp.imt-systems.com[89.146.219.44]:25, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as DF9079780AE) Jul 13 17:57:26 e200 postfix/smtp[27958]: 980291F81E9: to=mstev...@imt-systems.com, relay=smtp.imt-systems.com[89.146.219.44]:25, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as DF9079780AE) Jul 13 17:57:26 e200 postfix/qmgr[27947]: 980291F81E9: removed Jul 13 17:57:26 e200 amavis[27567]: (27567-06) Passed CLEAN, [209.132.180.67] [213.165.64.20] linux-kernel-ow...@vger.kernel.org - li...@imt-systems.com,mstev...@imt-systems.com, Message-ID: 1279036642.5733.7.ca...@maggy.simson.net, mail_id: HtnMkDd6OIpN, Hits: -4, size: 3003, queued_as: 980291F81E9, 2024 ms Jul 13 17:57:26 e200 postfix/lmtp[27950]: B78901F81E7: to=li...@imt-systems.com, relay=127.0.0.1[127.0.0.1]:10024, delay=3.9, delays=1.9/0.01/0.01/2, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=27567-06,
Re: PATCH: defer when pipe command dies
Jeroen Geilman jeroen at adaptr.nl writes: I completely agree that non-delivery to a (presumably dependable) MDA should never error out, but I thought a soft solution would be better than choosing the more extreme route (of altering working code). I believe the code is not working as intended and documented. Please let me know if I have missed something. -- TA
Re: PATCH: defer when pipe command dies
On Thu, Jul 15, 2010 at 10:10:32PM +, Thomas Arnett wrote: Jeroen Geilman jeroen at adaptr.nl writes: I completely agree that non-delivery to a (presumably dependable) MDA should never error out, but I thought a soft solution would be better than choosing the more extreme route (of altering working code). I believe the code is not working as intended and documented. Please let me know if I have missed something. I don't think you have missed anything. The folks suggesting soft_bounce as a solution are not looking at the big picture. Wietse, if I understand correctly, wants to ensure that the issue is clearly defined, so we don't solve the wrong one, and is worth fixing. Not all minor bugs are worth fixing, the benefit may not outweigh the risk of unforseen consequences or implementation errors in the fix. Why does your Dovecot intermittently SIGBUS? Surely that's the real problem that needs fixing. (Yes, I would probably still change Postfix to treat killed processes as a transient condition, but I am a bit less conservative than Wietse). -- Viktor.
Re: deferred mail
On Thu, Jul 15, 2010 at 02:42:17PM -0700, motty.cruz wrote: Hello, I'm using two instances of postfix and lately I've been getting a lot of deferred email, any suggestions how to stop accepting email that can't be delivered. I do have local recipients table, server should not accept email that can't be deliver. Please help! host# perl check_outmail -Queue ID- --Size-- Arrival Time -Sender/Recipient--- CC858A1091 4664 Thu Jul 15 12:58:42 MAILER-DAEMON (connect to forum.ituin.org[69.43.160.175]:25: Connection refused) mavn...@forum.ituin.org 49735A109F 4663 Thu Jul 15 13:16:52 MAILER-DAEMON (host offworldventures.com[216.97.232.215] said: 451 Temporary local problem - please try later (in reply to RCPT TO command)) adow...@offworldventures.com -- 10 Kbytes in 2 Requests. Two deferred bounces is a lot??? You need to read the bounce messages (use postcat -q) to see what undeliverable mail failed, how it got to you and where it was found undeliverable). local_recipient_maps = hash:/usr/local/etc/postfix/userdb, hash:/usr/local/etc/postfix/uservirt This covers local(8) recipients for domains listed in $mydestination. mydestination = example.com, example2.com, example3.com relay_domains = hash:/usr/local/etc/postfix/relay_domains You also have relay_domains, but no relay_recipient_maps, so you are accepting bouncing invalid recipients in these domains. -- Viktor.
Re: Better spam filter for postfix
On Thu, Jul 15, 2010 at 11:16:43PM +0200, Steve wrote: If you looking for something that is beyond just being better then I recommend CRM114 or DSPAM or OSBF-Lua. If you insist in having the AV included in the Anti-Spam tool then use something like DSPAM. I'd consider those as engines. You can run one or all of them if you really want. MailScanner, Amavisd-new, Mimedefang and even SA (as a framework) are some of the glues that might utilize them. Well those so called engines can run on their own. They don't need to be wrapped inside any of the glues you mention. Especially not when those glues are memory hogs. Can you be more specific? Maybe you are addressing SA memory usage, which might only matter on some cases. Servers have lots of memory these days, and good MTA checks might reduce scanning needs greatly. Generally DSPAM etc require user interaction/learning. So does CRM114 and OSBF-Lua. But you are wrong in thinking that they need an insane amount of training/learning. That's what I meant with etc. I did use DSPAM exclusively for few months in the past, but for my personal use I saw no benefits from it. SA does not, since it's a framework of rules and plugins and can autolearn Bayes if you want to - or even do the same for DSPAM etc if you use them as SA plugins. Let's not forget that DSPAM etc also require a database backend, You are WRONG. DSPAM does NOT require a database backend. I don't know where you have that from? DSPAM MIGHT use a database backend but can run well without one (using the Hash driver). So you don't consider the CSS Hash driver a database backend? It requires disk, memory and CPU to store and retrieve tokens. Whatever.. which might require lots of memory and/or disk, so it's not exactly free either. Accuracy depends heavily on configuration of all the components and other voodoo. What? Voodoo? Yeah right. There is less voodoo in CRM114, OSBF-Lua and DSPAM then in SA. I explain a user the following: * you get mail and if it is wrongly classified by the Anti-Spam filter then you correct it and the filter will learn. * the wrong classification is done based on YOUR prior classification you have feed to the Anti-Spam filter. * if you feed wrong data to the Anti-Spam filter then the filter will make errors. * the more you correct the higher the accuracy gets and you need less and less to correct errors. That's easy to understand. IMHO it is easier to explain then telling the user: * there is an army of rule writers out there that is writing rules for SA where THEY are telling what is spam and what is ham. And if the user asks me: what rules are that? Then I would need to say that there are a gazillion of rules that I can not explain in detail without taking much of his time to go throw all the rules one by one. Anyway... So you have made your point. You prefer (or are required) to have user in control. I guess you don't use ANY other methods (blacklists etc) than users own statistical input, since you might have to tell your users that THEY though your mail was spam? For me the three mentioned products are all better then SA because they have a smaller memory footprint then SA and are way faster then SA and properly set up require less maintenance and are way more accurate then SA. Good for you. Naturally resource usage is lower, the less stuff you do. One has to balance needs against that. But let's forget the accuracy bs, there are too many variables for such generic claims to be made. You can achieve happy users with pretty much any tool out there if used right. I'm in a happy position to be able to reject/quarantine spam for 1000+ users without ever bothering them with it, and very rarely get any questions about mail. If I had to do it the ISP way, I might consider DSPAM, then again I see nothing against using SA (or any other tool out there). And regarding the training: DSPAM and CRM114 offers features where you can pre-learn so that your users are having from day one already a high accuracy (generally above 95%) and if they re-classify the first bunch of errors then their accuracy jumps easy over 98.x%/99.x%. In DSPAM that kind of setup is accomplished with merged groups or classification groups or shared groups. In CRM114 you can at run time allocate and merge as many CSS files (one pre-trained should be enough) as you like You make it sound like statistical filters are invincible against different mail flows and pure user stupidity. There are no easy answers. And this is generally the field where Anti-Spam tools that do not depend on pre-made rules are shining, because they are very adaptive. Right, like SA for example only depends on pre-made rules and doesn't have any statistical or realtime capabilities.. I think continuing this is pointless and a bit off-topic.
Re: TROUBLE in process_request: Error writing a SMTP response to the socket
Morten P.D. Stevens: Jul 13 17:57:24 e200 postfix/master[27809]: terminating on signal 15 ... Jul 13 17:57:25 e200 amavis[27308]: (27308-05) (!!)TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 83) line 957, GEN79 line 78. Well, you terminate the Postfix while amavis is processing the message, therefore it is no surprise that amavis cannot send the response to the BEFORE-QUEUE SMTP client. Wietse
Re: PATCH: defer when pipe command dies
Victor Duchovni: On Thu, Jul 15, 2010 at 10:10:32PM +, Thomas Arnett wrote: Jeroen Geilman jeroen at adaptr.nl writes: I completely agree that non-delivery to a (presumably dependable) MDA should never error out, but I thought a soft solution would be better than choosing the more extreme route (of altering working code). I believe the code is not working as intended and documented. Please let me know if I have missed something. I don't think you have missed anything. The folks suggesting soft_bounce as a solution are not looking at the big picture. Wietse, if I understand correctly, wants to ensure that the issue is clearly defined, so we don't solve the wrong one, and is worth fixing. Not all minor bugs are worth fixing, the benefit may not outweigh the risk of unforseen consequences or implementation errors in the fix. Why does your Dovecot intermittently SIGBUS? Surely that's the real problem that needs fixing. (Yes, I would probably still change Postfix to treat killed processes as a transient condition, but I am a bit less conservative than Wietse). I already updated Postfix a few days ago, but I don't have time to roll out a new release yet. Wietse
RE: TROUBLE in process_request: Error writing a SMTP response to the socket
-Original Message- From: Wietse Venema [mailto:wie...@porcupine.org] Sent: Friday, July 16, 2010 1:20 AM To: Morten P.D. Stevens Cc: Postfix users Subject: Re: TROUBLE in process_request: Error writing a SMTP response to the socket Morten P.D. Stevens: Jul 13 17:57:24 e200 postfix/master[27809]: terminating on signal 15 ... Jul 13 17:57:25 e200 amavis[27308]: (27308-05) (!!)TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 83) line 957, GEN79 line 78. Well, you terminate the Postfix while amavis is processing the message, therefore it is no surprise that amavis cannot send the response to the BEFORE-QUEUE SMTP client. Wietse Ah yes, you are right. Thank you. Best regards, Morten
Re: Better spam filter for postfix
Original-Nachricht Datum: Fri, 16 Jul 2010 02:09:43 +0300 Von: Henrik K h...@hege.li An: postfix-users@postfix.org Betreff: Re: Better spam filter for postfix On Thu, Jul 15, 2010 at 11:16:43PM +0200, Steve wrote: If you looking for something that is beyond just being better then I recommend CRM114 or DSPAM or OSBF-Lua. If you insist in having the AV included in the Anti-Spam tool then use something like DSPAM. I'd consider those as engines. You can run one or all of them if you really want. MailScanner, Amavisd-new, Mimedefang and even SA (as a framework) are some of the glues that might utilize them. Well those so called engines can run on their own. They don't need to be wrapped inside any of the glues you mention. Especially not when those glues are memory hogs. Can you be more specific? Maybe you are addressing SA memory usage, which might only matter on some cases. Servers have lots of memory these days, and good MTA checks might reduce scanning needs greatly. Yes. Servers have a lot of memory those days but not enough memory to waste it. My point is not only memory. My biggest problem with tools such as SA is that it is very slow compared to other solutions out there. I in general can say that I classify x messages per second with filter XYZ while I in general would say that SpamAssassin needs x seconds per message. All the test in the past I have done with SpamAssassin confirm that statement. And for me system resources are important. Be it memory, CPU cycles, throughput etc... Generally DSPAM etc require user interaction/learning. So does CRM114 and OSBF-Lua. But you are wrong in thinking that they need an insane amount of training/learning. That's what I meant with etc. I did use DSPAM exclusively for few months in the past, but for my personal use I saw no benefits from it. Okay. SA does not, since it's a framework of rules and plugins and can autolearn Bayes if you want to - or even do the same for DSPAM etc if you use them as SA plugins. Let's not forget that DSPAM etc also require a database backend, You are WRONG. DSPAM does NOT require a database backend. I don't know where you have that from? DSPAM MIGHT use a database backend but can run well without one (using the Hash driver). So you don't consider the CSS Hash driver a database backend? It requires disk, memory and CPU to store and retrieve tokens. Whatever.. Well... it has a structure but I would not consider it a database in the classical way. If the CSS file is a database then a XML file is a database too and I personally don't consider a XML file to be a database. which might require lots of memory and/or disk, so it's not exactly free either. Accuracy depends heavily on configuration of all the components and other voodoo. What? Voodoo? Yeah right. There is less voodoo in CRM114, OSBF-Lua and DSPAM then in SA. I explain a user the following: * you get mail and if it is wrongly classified by the Anti-Spam filter then you correct it and the filter will learn. * the wrong classification is done based on YOUR prior classification you have feed to the Anti-Spam filter. * if you feed wrong data to the Anti-Spam filter then the filter will make errors. * the more you correct the higher the accuracy gets and you need less and less to correct errors. That's easy to understand. IMHO it is easier to explain then telling the user: * there is an army of rule writers out there that is writing rules for SA where THEY are telling what is spam and what is ham. And if the user asks me: what rules are that? Then I would need to say that there are a gazillion of rules that I can not explain in detail without taking much of his time to go throw all the rules one by one. Anyway... So you have made your point. You prefer (or are required) to have user in control. Yes. The big problem is that no solution out there is 100% accurate for all users. So the only way to make the user happy is to delegate the control to him. I guess you don't use ANY other methods (blacklists etc) than users own statistical input, since you might have to tell your users that THEY though your mail was spam? No. I use other methods. A lot of them. I even developed my own stuff based on research papers from Anti-Spam researchers/companies. My setup is made that way that I have made many defense rings around Postfix. Each ring has it's own techniques and the father the ring is from Postfix the less resources it uses. However... each domain owner and/or user has control over the rings. He/she can turn them on/off, depending on their needs. I preset which are on and which are off but at the end each one of them is controllable by the end-user (or domain owner, which precedes user rules). Some stuff however is not controllable by the end user or domain
Re: Better spam filter for postfix
Steve put forth on 7/15/2010 4:16 PM: * if you feed wrong data to the Anti-Spam filter then the filter will make errors. Content (header/body) filters have always been error prone and always will be. The key to success is if the error rate is acceptable. For users to train them, they have to be run in post-queue mode. For performance reasons, most OPs run them in post-queue mode anyway. And by doing this you're unnecessarily eating b/w on your internet link(s). There are plenty of good methods available to drop spam connections at SMTP time without ever having to accept the spam for content analysis. I use many such methods, and I don't use content filters. Never have. I probably spend more time fighting spam than other OPs do. Using content filters such as SA can definitely cut down on mail OP time spent fighting spam. Which method is more effective depends on one's priorities, and thus this subject can be debated ad infinitum. I will say generically that for an OP who has the time, avoiding content filters and using SMTP time blocking methods is probably more effective in the long run and makes more efficient use of network and server resources. YMMV, etc. -- Stan
Re: Better spam filter for postfix
On Thu, Jul 15, 2010 at 11:06:44PM -0500, Stan Hoeppner wrote: I will say generically that for an OP who has the time, avoiding content filters and using SMTP time blocking methods is probably more effective in the long run and makes more efficient use of network and server resources. You always have time to advertise content filters being bad, so I just have to make a pointless rebuttal.. Can you tell me any big public service (not a one man server) that doesn't use content filtering at all? By public I don't mean a site that has the ability to block freemailers, universities, etc hacked accounts.. I'm sure any serious site uses lots of SMTP time rejects, but you _need_ some sort of content filtering for the rest. Unless you bear the burden on clients MUA. PS. I think I've spent maybe an hour or two maintaining our mail server in the last few months, and it's still running fine.. how is that not efficient? My work time costs much more than the imaginary network and server resources.
