Randy Ramsdell skrev den 2013-01-08 00:15:
What is the configuration forces postfix to honor what is found in
virtual_alias_maps ?
e.g.
support@$domain.com LocalAccount
virtual_alias_maps does not support localaccount
if you like to use localaccount from outside, then send
Hi Viktor,
I've added this into my main.cf:
slow_destination_concurrency_failed_cohort_limit = 5
But I noticed that even after a failure, postfix keeps trying to deliver to the
destination.
Question: how can I stop postfix from trying to deliver emails after few
failures?
I mean, if it is
Rafael Azevedo - IAGENTE:
[ Charset ISO-8859-1 unsupported, converting... ]
Hi Viktor,
I've added this into my main.cf:
slow_destination_concurrency_failed_cohort_limit = 5
This stops deliveries after 5 COHORT failures.
I mean, if it is trying to deliver to xyz.com and it fails 5
Wietse Venema:
Rafael Azevedo - IAGENTE:
I've added this into my main.cf:
slow_destination_concurrency_failed_cohort_limit = 5
This stops deliveries after 5 COHORT failures.
I mean, if it is trying to deliver to xyz.com and it fails 5 times,
Yes, but you configured
Rafael Azevedo - IAGENTE:
Hi Witsie,
Is there anyway we can adjust Postfix to stop delivering after a
4XX reply?
Postfix will stop delivering after TCP or SMTP handshake failure.
Postfix WILL NOT stop delivering due to 4xx reply AFTER the SMTP
protocol handshake.
Postfix is not a tool to
On Tue, Jan 08, 2013 at 10:47:08AM -0200, Rafael Azevedo - IAGENTE wrote:
I've added this into my main.cf:
slow_destination_concurrency_failed_cohort_limit = 5
This is fine, since you set the concurrency limit to 1, it is
intended to avoid shutting down deliveries after a single connection
On Tue, Jan 08, 2013 at 11:05:20AM +0100, Benny Pedersen wrote:
Randy Ramsdell skrev den 2013-01-08 00:15:
What is the configuration forces postfix to honor what is found in
virtual_alias_maps ?
e.g.
support@$domain.com LocalAccount
virtual_alias_maps does not support
Thank you Witsie.
We have a huge mail volume thats why I'm trying to figure out a better way to
deal with it.
Many providers have their own restrictions. We do work in compliance with most
of them, but there are a few that just won't help at all, so its easy to tell
me to make the necessary
Rafael Azevedo - IAGENTE:
I truly believe that postfix is the best MTA ever, but you might
agree with me that when the receiver start blocking the sender,
its worthless to keep trying to deliver.
1) Postfix will back off when the TCP or SMTP handshake fails. This
is a clear signal that a site
But Witsei, would you agree with me that error 4XX is (in general cases) a
temporary error?
Why keep trying when we have a clear signal of a temporary error?
Also, if we had a temporary error control (number of deferred messages by
recipient), it would be easy to identify when postfix should
On Tue, Jan 08, 2013 at 01:59:14PM -0200, Rafael Azevedo - IAGENTE wrote:
But Witse, would you agree with me that error 4XX is (in general
cases) a temporary error?
It is a temporary error for *that* recipient. It is not a global
indication that the site is temporary unreachable. Nor is there
Rafael Azevedo - IAGENTE:
Why keep trying when we have a clear signal of a temporary error?
As Victor noted Postfix does not keep trying the SAME delivery.
Instead, Postfix tries to deliver a DIFFERENT message. It would be
incorrect IN THE GENERAL CASE to postpone ALL deliveries to a site
just
Em 08/01/2013, às 14:21, Wietse Venema wie...@porcupine.org escreveu:
Rafael Azevedo - IAGENTE:
Why keep trying when we have a clear signal of a temporary error?
As Victor noted Postfix does not keep trying the SAME delivery.
Yes you're right and I know that. But it keeps trying for another
Att.
--
Rafael Azevedo | IAGENTE
Fone: 51 3086.0262
MSN: raf...@hotmail.com
Visite: www.iagente.com.br
Em 08/01/2013, às 14:07, Viktor Dukhovni postfix-us...@dukhovni.org escreveu:
On Tue, Jan 08, 2013 at 01:59:14PM -0200, Rafael Azevedo - IAGENTE wrote:
But Witse, would you agree with me
On 08/01/2013 16:38, Rafael Azevedo - IAGENTE wrote:
Em 08/01/2013, às 14:21, Wietse Venema wie...@porcupine.org
escreveu:
Rafael Azevedo - IAGENTE:
Why keep trying when we have a clear signal of a temporary
error?
As Victor noted Postfix does not keep trying the SAME delivery.
Yes you're
I'm a little unsure about best practice here, hence the question.
Running /usr/sbin/spamd from the SpamAssassin package to scan mail, I've
integrated it into /etc/postfix/master.cf with the following
lines
---
smtp inet n - n - - smtpd -o
Rafael Azevedo - IAGENTE:
Instead, Postfix tries to deliver a DIFFERENT message. It would be
incorrect IN THE GENERAL CASE to postpone ALL deliveries to a site
just because FIVE recipients were unavailable.
Thats why it would be interesting to have a way to configure that.
Configurable,
Am 08.01.2013 17:44, schrieb Mark Goodge:
On 08/01/2013 16:38, Rafael Azevedo - IAGENTE wrote:
Em 08/01/2013, às 14:21, Wietse Venema wie...@porcupine.org
escreveu:
Rafael Azevedo - IAGENTE:
Why keep trying when we have a clear signal of a temporary
error?
As Victor noted Postfix does
Am 08.01.2013 17:48, schrieb Wietse Venema:
Rafael Azevedo - IAGENTE:
Instead, Postfix tries to deliver a DIFFERENT message. It would be
incorrect IN THE GENERAL CASE to postpone ALL deliveries to a site
just because FIVE recipients were unavailable.
Thats why it would be interesting to
One of the most common reasons for a temporary delivery failure is a full
mailbox. Or, where the remote server is acting as a store-and-forward, a
temporary inability to verify the validity of the destination address.
I dont agree with that. Connection time out is the most common reason
Configurable, perhaps. But it would a mistake to make this the
default strategy.
That would make Postfix vulnerable to a trivial denial of service
attack where one bad recipient can block all mail for all other
recipients at that same site.
Not if it could me parametrized. As I said,
Yes Reindl, you got the point. I just want to wait for a while before retrying
to send email to the same destination.
Am 08.01.2013 17:48, schrieb Wietse Venema:
Rafael Azevedo - IAGENTE:
Instead, Postfix tries to deliver a DIFFERENT message. It would be
incorrect IN THE GENERAL CASE to
On Tue, Jan 08, 2013 at 03:04:37PM -0200, Rafael Azevedo - IAGENTE wrote:
Configurable, perhaps. But it would a mistake to make this the
default strategy.
That would make Postfix vulnerable to a trivial denial of service
attack where one bad recipient can block all mail for all other
Rafael Azevedo - IAGENTE:
Configurable, perhaps. But it would a mistake to make this the
default strategy.
That would make Postfix vulnerable to a trivial denial of service
attack where one bad recipient can block all mail for all other
recipients at that same site.
Not if it
On 1/8/2013 10:47 AM, Titanus Eramius wrote:
I'm a little unsure about best practice here, hence the question.
Running /usr/sbin/spamd from the SpamAssassin package to scan mail, I've
integrated it into /etc/postfix/master.cf with the following
lines
---
smtp inet n - n
Am 08.01.2013 19:08, schrieb Wietse Venema:
Rafael Azevedo - IAGENTE:
Configurable, perhaps. But it would a mistake to make this the
default strategy.
That would make Postfix vulnerable to a trivial denial of service
attack where one bad recipient can block all mail for all other
On Tue, Jan 08, 2013 at 01:08:21PM -0500, Wietse Venema wrote:
I could add an option to treat this in the same manner as failure
to connect errors (i.e. temporarily skip all further delivery to
this site). However, this must not be the default strategy, because
this would hurt the far
Reindl Harald:
Big deal. Now I can block all mail for gmail.com by getting 100
email messages into your queue
how comes?
how do you get gmail.com answer to any delivery from you with 4xx?
He wants to temporarily suspend delivery when site has 5 consecutive
delivery errors without
Am 08.01.2013 20:16, schrieb Wietse Venema:
Reindl Harald:
Big deal. Now I can block all mail for gmail.com by getting 100
email messages into your queue
how comes?
how do you get gmail.com answer to any delivery from you with 4xx?
He wants to temporarily suspend delivery when site has
On Jan 8, 2013, at 19:39, Noel Jones wrote:
On 1/8/2013 10:47 AM, Titanus Eramius wrote:
I'm a little unsure about best practice here, hence the question.
Running /usr/sbin/spamd from the SpamAssassin package to scan mail, I've
integrated it into /etc/postfix/master.cf with the following
Viktor Dukhovni:
On Tue, Jan 08, 2013 at 01:08:21PM -0500, Wietse Venema wrote:
I could add an option to treat this in the same manner as failure
to connect errors (i.e. temporarily skip all further delivery to
this site). However, this must not be the default strategy, because
this
On Tue, Jan 08, 2013 at 02:39:17PM -0500, Wietse Venema wrote:
Viktor Dukhovni:
On Tue, Jan 08, 2013 at 01:08:21PM -0500, Wietse Venema wrote:
I could add an option to treat this in the same manner as failure
to connect errors (i.e. temporarily skip all further delivery to
this
Am 08.01.2013 20:51, schrieb Viktor Dukhovni:
On Tue, Jan 08, 2013 at 02:39:17PM -0500, Wietse Venema wrote:
Viktor Dukhovni:
On Tue, Jan 08, 2013 at 01:08:21PM -0500, Wietse Venema wrote:
I could add an option to treat this in the same manner as failure
to connect errors (i.e.
Viktor Dukhovni:
On Tue, Jan 08, 2013 at 02:39:17PM -0500, Wietse Venema wrote:
Viktor Dukhovni:
On Tue, Jan 08, 2013 at 01:08:21PM -0500, Wietse Venema wrote:
I could add an option to treat this in the same manner as failure
to connect errors (i.e. temporarily skip all further
Tue, 08 Jan 2013 12:39:58 -0600 skrev Noel Jones
njo...@megan.vbhcs.org:
On 1/8/2013 10:47 AM, Titanus Eramius wrote:
I'm a little unsure about best practice here, hence the question.
Running /usr/sbin/spamd from the SpamAssassin package to scan mail,
I've integrated it into
This note discusses some user-interface issues with upcoming
postconf(1) features that will be used to manage the content of
master.cf files.
User-interface consistency is important, especially for people who
work a lot with Postfix: fewer things to remember means fewer
mistakes to make (it's
Tue, 8 Jan 2013 20:29:30 +0100 skrev DTNX Postmaster
postmas...@dtnx.net:
...
The more typical way to do this is for local mail to use the
submission port 587. Sometimes folks redirect port 25 on the local
network to 587 as a migration aid.
This. Using the submission port is highly
Am 08.01.2013 21:40, schrieb Wietse Venema:
My conclusion is that Postfix can continue to provide basic policies
that avoid worst-case failure modes, but the choice of the settings
that control those policies is better left to the operator. If the
receiver slams on the brakes, then Postfix
Am 08.01.2013 21:48, schrieb Titanus Eramius:
This raises the question (or at least I think it do), if it's
possible to force the users onto 587 by denying relay access to 25?
it's more a human problem than a technically to force a large amount
of users to change their for a long time wrong
Am 08.01.2013 22:03, schrieb Titanus Eramius:
But it raises a question (like i wrote in the reply to Noel), and that
is (as far as i know) that I need to ensure the use of 587 so users
can't go around rate limiting on 587 by using 25 for relaying.
Would such a thing be possible to do?
* Wietse Venema postfix-users@postfix.org:
This note discusses some user-interface issues with upcoming
postconf(1) features that will be used to manage the content of
master.cf files.
User-interface consistency is important, especially for people who
work a lot with Postfix: fewer things
how does one get off this list?
My attempts have all been blocked by majordomo.
Even Weitse's personal filter blocked my email /-:
- Original Message -
From: Patrick Ben Koetter p...@sys4.de
To: postfix-users@postfix.org
Sent: Tuesday, January 08, 2013 4:38 PM
Subject: Re: RFC:
Tue, 08 Jan 2013 22:06:26 +0100 skrev Reindl Harald
h.rei...@thelounge.net:
Am 08.01.2013 21:48, schrieb Titanus Eramius:
This raises the question (or at least I think it do), if it's
possible to force the users onto 587 by denying relay access to
25?
it's more a human problem than
On 1/8/2013 2:48 PM, Titanus Eramius wrote:
Tue, 08 Jan 2013 12:39:58 -0600 skrev Noel Jones
Using iptables to separate traffic is a reasonable solution.
Probably a good idea to add a comment to master.cf documenting what
you've done.
The more typical way to do this is for local mail to use
Patrick Ben Koetter:
Next, a few examples that are likely to be implemented:
postconf -M# service-type ...
postconf -M# service-type.service-name ...
postconf -MX service-type ...
postconf -MX service-type.service-name ...
Delete (or comment) out the
On 1/8/2013 3:46 PM, vi...@vheuser.com wrote:
how does one get off this list?
My attempts have all been blocked by majordomo.
Even Weitse's personal filter blocked my email /-:
From: http://www.postfix.org/lists.html
To stop list mail, send mail to majord...@postfix.org with content
Tue, 08 Jan 2013 15:54:41 -0600 skrev Noel Jones
njo...@megan.vbhcs.org:
...
This raises the question (or at least I think it do), if it's
possible to force the users onto 587 by denying relay access to
25?
It's certainly possible to prevent relaying via port 25, and many
sites do
On 1/8/2013 4:11 PM, Titanus Eramius wrote:
I've had some trouble seeing the difference
between -o overrides in main.cf and master.cf, but this really helps.
main.cf parameters are used by all postfix services (but not all
parameters apply to all services).
Individual services defined in
Le 08/01/2013 22:00, Wietse Venema a écrit :
This note discusses some user-interface issues with upcoming
postconf(1) features that will be used to manage the content of
master.cf files.
User-interface consistency is important, especially for people who
work a lot with Postfix: fewer things
Le 08/01/2013 23:06, Wietse Venema a écrit :
Patrick Ben Koetter:
[snip]
Should postconf be able/offer to make backup copies before it acts a request
out?
Should it with main.cf? Should we enourage the use of version control?
given that people use different version control systems, I
Le 08/01/2013 21:48, Titanus Eramius a écrit :
Tue, 08 Jan 2013 12:39:58 -0600 skrev Noel Jones
njo...@megan.vbhcs.org:
On 1/8/2013 10:47 AM, Titanus Eramius wrote:
I'm a little unsure about best practice here, hence the question.
Running /usr/sbin/spamd from the SpamAssassin package to
mouss:
I am contemplating a new class of master.cf operations that operate
column-wise. These currently have no main.cf equivalent.
postconf -Mu chroot=n inet unix fifo pass
I like the mib syntax of main.cf. so I'd prefer something like
postconf -e service.submission.chroot=n
* Wietse Venema postfix-users@postfix.org:
Patrick Ben Koetter:
Next, a few examples that are likely to be implemented:
postconf -M# service-type ...
postconf -M# service-type.service-name ...
postconf -MX service-type ...
postconf -MX
So, with the breakout in Postfix 2.10 for smtpd_relay_restrictions and
smtpd_recipient_restrictions, I seem to have goofed in relation to RBLs and
the submission port.
Right now, we have RBLs added to smtpd_recipient_restrictions. In
smtpd_relay_restrictions, I have
* Quanah Gibson-Mount qua...@zimbra.com:
So, with the breakout in Postfix 2.10 for smtpd_relay_restrictions
and smtpd_recipient_restrictions, I seem to have goofed in relation
to RBLs and the submission port.
Right now, we have RBLs added to smtpd_recipient_restrictions. In
Hello,
is there any way to set certificate / key file name depending on domain
name? I mean something similar to this Exim feature:
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html#SECTtlssni
...or this Dovecot feature:
Piotr Paw?ow:
is there any way to set certificate / key file name depending on domain
name?
Postfix does not yet implement SNI (RFC 3546). All implemented RFCs
are documented.
I guess in Postfix it would be something like smtpd_tls_cert_map
/ ...key_map, but I haven't found any such
On Tue, Jan 08, 2013 at 10:02:31PM +0100, Reindl Harald wrote:
Am 08.01.2013 21:40, schrieb Wietse Venema:
My conclusion is that Postfix can continue to provide basic policies
that avoid worst-case failure modes, but the choice of the settings
that control those policies is better left to
Am 09.01.2013 02:57, schrieb Viktor Dukhovni:
On Tue, Jan 08, 2013 at 10:02:31PM +0100, Reindl Harald wrote:
Am 08.01.2013 21:40, schrieb Wietse Venema:
My conclusion is that Postfix can continue to provide basic policies
that avoid worst-case failure modes, but the choice of the settings
On Tue, Jan 08, 2013 at 04:00:34PM -0500, Wietse Venema wrote:
However, the syntax differs from postconf -M commands that can
target multiple services, such as postconf -M inet or postconf
-Mu chroot=n inet. There, a service is better specified as
service-type or service-type.service-name.
On Wed, Jan 09, 2013 at 03:06:58AM +0100, Reindl Harald wrote:
Suspending delivery and punting all messages from the active queue
for the designated nexthop is not a winning strategy. In this state
mail delivery to the destination is in most cases unlikely to
recover without manual
On Tue, Jan 08, 2013 at 07:58:38PM -0500, Wietse Venema wrote:
is there any way to set certificate / key file name depending on domain
name?
This problem is much harder for SMTP that HTTP, since the MTA does
not know with certainty which acceptable certificate a receiving
site is likely to
Am 09.01.2013 03:17, schrieb Viktor Dukhovni:
the request was after 20 temp fails to the same destination
retry the next delivers to THIS destination FIVE MINUTES later
That's not what happens when a destination is throttled, all mail
there is deferred, and is retried some indefinite time
On 1/8/2013 5:26 PM, Patrick Ben Koetter wrote:
* Wietse Venema postfix-users@postfix.org:
Patrick Ben Koetter:
Next, a few examples that are likely to be implemented:
postconf -M# service-type ...
postconf -M# service-type.service-name ...
postconf -MX service-type ...
On 1/8/2013 5:38 PM, Quanah Gibson-Mount wrote:
So, with the breakout in Postfix 2.10 for smtpd_relay_restrictions
and smtpd_recipient_restrictions, I seem to have goofed in relation
to RBLs and the submission port.
Right now, we have RBLs added to smtpd_recipient_restrictions. In
65 matches
Mail list logo
