Re: Question about relay_domains parameter

2017-11-01 Thread Noel Jones 
On 11/1/2017 8:41 PM, J Doe wrote:
> Hello,
> 
> I currently have my server configured to perform virtual domain hosting.  It 
> forwards mail addressed to addresses for my virtual domain (ex: example.com), 
> to Gmail accounts.
> 
> Mail —> u...@example.com —> u...@gmail.com
> 
> I was reading more about the relay_domains parameter in “man 5 postconf”.  It 
> states:
> 
> “[specifies] destination domains (and subdomains thereof) this system
> will relay mail *TO*”
> 
> I note that on Postfix 3.0 and later (my server is Postfix 3.1.0), this value 
> defaults to an empty value.  When I specify “postconf | grep -i 
> relay_domains”, I note that if the compatibility_level is 2 or higher (which 
> my server is configured to), the value defaults to $mydestination.

Yes, "relay_domains=$mydestination" was intended to mirror
(historical) behavior of sendmail(TM).  It has also been a source of
confusion, so the default was changed to empty some time ago.

> Would I not have to specify the Gmail DNS names in relay_hosts ?  Should I 
> explicitly configure that ?

Not unless you own the gmail.com domain.  ;)

IIRC you're using virtual_alias_maps to rewrite local addresses to
gmail addresses.  If that's right, your domain should be listed in
virtual_alias_domains, with the user mappings listed in
virtual_alias_maps.

This is covered in ADDRESS_CLASS_README and the config examples.
http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
http://www.postfix.org/documentation.html



  -- Noel Jones

Question about relay_domains parameter

2017-11-01 Thread J Doe 
Hello,

I currently have my server configured to perform virtual domain hosting.  It 
forwards mail addressed to addresses for my virtual domain (ex: example.com), 
to Gmail accounts.

Mail —> u...@example.com —> u...@gmail.com

I was reading more about the relay_domains parameter in “man 5 postconf”.  It 
states:

“[specifies] destination domains (and subdomains thereof) this system
will relay mail *TO*”

I note that on Postfix 3.0 and later (my server is Postfix 3.1.0), this value 
defaults to an empty value.  When I specify “postconf | grep -i relay_domains”, 
I note that if the compatibility_level is 2 or higher (which my server is 
configured to), the value defaults to $mydestination.

I have mydestination configured to “localhost”.

How is it, then, that my server is successfully forwarding to Gmail ?  Would I 
not have to specify the Gmail DNS names in relay_hosts ?  Should I explicitly 
configure that ?

Thanks,

- J

Re: directing logs to remote syslog with any local syslog instance

2017-11-01 Thread zhong ming wu 
On Tue, Oct 31, 2017 at 7:35 AM, Wietse Venema  wrote:

> zhong ming wu:
> > On Mon, Oct 30, 2017 at 8:45 AM, Wietse Venema 
> wrote:
> >
> > > Wietse Venema:
> > > > zhong ming wu:
> > > > > Hello,
> > > > > I had successfully used postfix for years and now I am trying to
> > > recreate
> > > > > postfix clusters in docker and in particular interested in how I
> can
> > > direct
> > > > > all postfix logs from a container to other places.
> > > > >
> > > > > I do not find in postfix configuration how one can achieve this
> > > without any
> > > > > local syslog daemon.
> > > >
> > > > Syslog is a hard library dependency for Postfix. Why can't dockerd
> > > > provide a syslog forwarder, just like it already provides a stdout
> > > > and stderr forwarder? That would also help with other daemons that
> > > > rely on syslog to avoid app-specific logfiles.
> > >
> > > A search for 'container syslog' turned up some results.  Apparently,
> > > this can be done by mounting the host's logging sockets inside a
> > > container.
> > >
> > > Example:
> > > https://www.projectatomic.io/blog/2016/10/playing-with-docker-logging/
> >
> > Great find!  It works well except it's not so simple to distinguish the
> > logs between host mail log and container mail logs!   postfix is relying
> on
> > the syslog daemon to add hostname information.
>
> You can configure in main.cf:
>
> syslog_name = $myhostname/postfix (default=postfix)
>
> This takes effect after reading main.cf. Errors that happen earlier
> will be logged as "syslog_name = postfix".
>
>
This works perfectly!  Thank you




> Wietse
>

Re: greeted me with my own hostname (mail for mydomain.org.ar loops back to myself)

2017-11-01 Thread Noel Jones 
On 11/1/2017 11:02 AM, 9acca9 wrote:
> This is the desing:
> 
> local network
> (zimbra (192.168.1.5)) - (postfix (192.168.1.20))

> to=, relay=postfix.mydomain.org.ar[190.2.135.194]:25,
> delay=0.48, delays=0.19/0.01/0.28/0, dsn=5.4.6, status=bounced (mail for
> mydomain.org.ar loops back to myself)
> 
> This is the public ip (190.2.135.194) of postfix... so, yes he is talking to
> it self... but why?? why postfix dont send those mails to zimbra??? What im
> doing wrong???


Sounds like you're missing a transport_maps entry to tell postfix
where to send mail for your domain.

http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall



  -- Noel Jones

greeted me with my own hostname (mail for mydomain.org.ar loops back to myself)

2017-11-01 Thread 9acca9 
Hi to all.
Please help..
im going crazy (i try a lot of thing and nothing) i cand send mails but, i
cant receive.

This is the desing:

local network
(zimbra (192.168.1.5)) - (postfix (192.168.1.20))
in different machines (yes i know that zimbra have postfix, but i want
config postfix in a different machine), so i dont have users in the postfix
machine for receive mails. 

this is all my config:

main.cf

command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydomain = mydomain.org.ar
myhostname = postfix.mydomain.org.ar
myorigin = $mydomain
relay_domains = mydomain.org.ar
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = mydomain.org.ar
smtpd_sasl_path = /etc/sasl2/smtpd.conf
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
unknown_local_recipient_reject_code = 550



master.cf

smtp  inet  n   -   n   -   -   smtpd
pickupunix  n   -   n   60  1   pickup
cleanup   unix  n   -   n   -   0   cleanup
qmgr  unix  n   -   n   300 1   qmgr
tlsmgrunix  -   -   n   1000?   1   tlsmgr
rewrite   unix  -   -   n   -   -   trivial-rewrite
bounceunix  -   -   n   -   0   bounce
defer unix  -   -   n   -   0   bounce
trace unix  -   -   n   -   0   bounce
verifyunix  -   -   n   -   1   verify
flush unix  n   -   n   1000?   0   flush
proxymap  unix  -   -   n   -   -   proxymap
proxywrite unix -   -   n   -   1   proxymap
smtp  unix  -   -   n   -   -   smtp
relay unix  -   -   n   -   -   smtp
showq unix  n   -   n   -   -   showq
error unix  -   -   n   -   -   error
retry unix  -   -   n   -   -   error
discard   unix  -   -   n   -   -   discard
local unix  -   n   n   -   -   local
virtual   unix  -   n   n   -   -   virtual
lmtp  unix  -   -   n   -   -   lmtp
anvil unix  -   -   n   -   1   anvil
scacheunix  -   -   n   -   1   scache

--

This is the log error:


Nov  1 12:50:52 postfix postfix/smtpd[6206]: connect from
mail-pg0-f49.google.com[74.125.83.49]
Nov  1 12:50:53 postfix postfix/smtpd[6206]: 292EFAFC09:
client=mail-pg0-f49.google.com[74.125.83.49]
Nov  1 12:50:53 postfix postfix/cleanup[6210]: 292EFAFC09:
message-id=
Nov  1 12:50:53 postfix postfix/qmgr[6201]: 292EFAFC09:
from=, size=2693, nrcpt=1 (queue active)
Nov  1 12:50:53 postfix postfix/smtpd[6206]: disconnect from
mail-pg0-f49.google.com[74.125.83.49]
Nov  1 12:50:53 postfix postfix/smtpd[6206]: connect from
unknown[172.16.0.1]
Nov  1 12:50:53 postfix postfix/smtp[6211]: warning: host
postfix.mydomain.org.ar[190.2.135.194]:25 greeted me with my own hostname
postfix.mydomain.org.ar
Nov  1 12:50:53 postfix postfix/smtp[6211]: warning: host
postfix.mydomain.org.ar[190.2.135.194]:25 replied to HELO/EHLO with my own
hostname postfix.mydomain.org.ar
Nov  1 12:50:53 postfix postfix/smtp[6211]: 292EFAFC09:
to=, relay=postfix.mydomain.org.ar[190.2.135.194]:25,
delay=0.48, delays=0.19/0.01/0.28/0, dsn=5.4.6, status=bounced (mail for
mydomain.org.ar loops back to myself)
Nov  1 12:50:53 postfix postfix/smtpd[6206]: disconnect from
unknown[172.16.0.1]
Nov  1 12:50:53 postfix postfix/cleanup[6210]: 9F392AFC0B:
message-id=<20171101155053.9f392af...@postfix.mydomain.org.ar>
Nov  1 12:50:53 postfix postfix/qmgr[6201]: 9F392AFC0B: from=<>, size=4683,
nrcpt=1 (queue active)
Nov  1 12:50:53 postfix postfix/bounce[6212]: 292EFAFC09: sender
non-delivery notification: 9F392AFC0B
Nov  1 12:50:53 postfix

Re: Eliminating backscatter

2017-11-01 Thread Matus UHLAR - fantomas 

On 31.10.17 18:38, J Doe wrote:

Because my server is configured to perform virtual domain hosting, I have
the following:

  /etc/postfix/main.cf
  mydestination = localhost

...but if a message is sent to a non-existent domain that I *virtually host* 
for:


you apparently mean, non-existent recipient within existent domain
(example.com)


   /etc/postfix/main.cf
   virtual_alias_domains = example.com
   virtual_alias_maps = hash:/etc/postfix/virtual

...it generates a NOQUEUE and terminates the SMTP conversation by default.


which is correct behaviour.


To catch mail that is addressed to non-existent recipients, I add the
following to my virtual_alias_maps hash file:

   /etc/postfix/virtual

   @example.com ADDRESS_TO_SEND_TO

...where ADDRESS_TO_SEND_TO is the e-mail address to catch e-mails addressed to 
a non-existent domain.


Non-existent recipient, again. And this is exactly what causes backscatter. 
Don't accept mail to non-existent recipients.  If you really must accept it

(why?), don't forward it, especially not to gmail.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #9: Out of error messages.

Re: How to financially support Postfix project?

2017-11-01 Thread Wietse Venema 
Paul Menzel:
> Dear Postfix folks,
> 
> 
> Looking at the Postfix Web site [1], I couldn?t find any information if 
> Postfix needs financial support to ensure the maintenance and 
> improvement of the code.

All that requires a non-profit that can accept funds, which just
takes a bit of time and money to set up (I have some experience
with US-based ones). Finding the time is the main thing. But yeah,
it needs to be done. In the mean time, an organization can donate
code by paying a contractor (for example, CNNIC paid for SMTPUTF8
support).

BTW Viktor and I are fully employed (and compensated). Work on
Postfix is permitted, but it is not part of my job.

Wietse

> As the background, a lot of public organizations use Postfix in their 
> infrastructure, and, as for example with OpenSSL, they do not pay 
> anything for it, but they expect that it is maintained and improved. 
> This is a fatal attitude in my opinion. Additionally, the administrators 
> normally do not need training or support, as a lot of them are quite 
> capable, and know their way around Postfix. Also, public organizations 
> getting tax payer money also have a hard time to donate money.
> 
> So, can the Postfix project be supported financially? Can ?core 
> developers? like Wietse and Viktor be supported?
> 
> Are their companies providing support contracts, where employees are 
> actively supporting the Postfix development by either sending patches 
> (including documentation) or promising to give a certain amount of that 
> money to the Postfix project? I found for example credativ [2].
> 
> 
> Kind regards,
> 
> Paul
> 
> 
> [1] http://www.postfix.org/
> [2] http://www.credativ.de/software/software%C3%BCbersicht/mail/postfix
>

How to financially support Postfix project?

2017-11-01 Thread Paul Menzel 

Dear Postfix folks,


Looking at the Postfix Web site [1], I couldn’t find any information if 
Postfix needs financial support to ensure the maintenance and 
improvement of the code.


As the background, a lot of public organizations use Postfix in their 
infrastructure, and, as for example with OpenSSL, they do not pay 
anything for it, but they expect that it is maintained and improved. 
This is a fatal attitude in my opinion. Additionally, the administrators 
normally do not need training or support, as a lot of them are quite 
capable, and know their way around Postfix. Also, public organizations 
getting tax payer money also have a hard time to donate money.


So, can the Postfix project be supported financially? Can “core 
developers” like Wietse and Viktor be supported?


Are their companies providing support contracts, where employees are 
actively supporting the Postfix development by either sending patches 
(including documentation) or promising to give a certain amount of that 
money to the Postfix project? I found for example credativ [2].



Kind regards,

Paul


[1] http://www.postfix.org/
[2] http://www.credativ.de/software/software%C3%BCbersicht/mail/postfix