mutt headers and postfix
Hi, im using postfix as mta for automatic mail sending out of our db. All db users a logged in as the same (linux) user, as it's a terminal based system. So a created mail has usually db_user@domain.tld from and return-path headers. Of course that's not what I want, every db user should have his own from/return-path. So I let mutt build own headers (my_hdr From: ... and my_hdr Return-path:...) Until now I was still on postfix 1.1.11 now changed to 2.5.5.6.7 (SuSEs 11.1. version). Before this the From: and Return-path: were as I wanted, now I had to set use_from in /etc/postfix/main.cf to no for the correct setting of from and there's no way to prevent my_hdr Return-path: ... from rewriting. Is there a way to reget my old method, some config command or other header field to set from which postfix uses the value to set Return-path. I found some articles in the archives, but I didn't find out a solvation for my problem. Thx for any help regards Joerg
about Maildrop error message user unknown
I have installed postfix 2.6 + cyrus-sasl2 + maildrop2.1.0 + mysql5.0.83 + apache22 + extmail1.1.0 When i send mail to myself,i can't received.and become the maillog. I send mail to gmail.com, Gmail can received. I have no idea about the log ,someone can help me .Thanks. ###I have replayced the real domain to *## Aug 17 16:37:56 mail postfix/smtpd[13015]: connect from localhost[127.0.0.1] Aug 17 16:37:56 mail postfix/smtpd[13015]: 7BC418FC61: client=localhost[127.0.0.1] Aug 17 16:37:56 mail postfix/cleanup[13017]: 7BC418FC61: message-id=20090817163756.7bc418f...@mail.*.org Aug 17 16:37:56 mail postfix/qmgr[702]: 7BC418FC61: from=xuzhend...@*.org, size=642, nrcpt=1 (queue active) Aug 17 16:37:56 mail postfix/smtpd[13015]: disconnect from localhost[127.0.0.1] Aug 17 16:37:56 mail postfix/pipe[13018]: 7BC418FC61: to=xuzhend...@*.org, relay=maildrop, delay=0.12, delays=0.11/0/0/0.01, dsn=5.1.1, status=bounced (user unknown. Command output: Invalid user specified. ) Aug 17 16:37:56 mail postfix/cleanup[13017]: 984618FC65: message-id=20090817163756.984618f...@mail.*.org Aug 17 16:37:56 mail postfix/bounce[13020]: 7BC418FC61: sender non-delivery notification: 984618FC65 Aug 17 16:37:56 mail postfix/qmgr[702]: 984618FC65: from=, size=2514, nrcpt=1 (queue active) Aug 17 16:37:56 mail postfix/qmgr[702]: 7BC418FC61: removed Aug 17 16:37:56 mail postfix/pipe[13018]: 984618FC65: to=xuzhend...@*.org, relay=maildrop, delay=0.01, delays=0/0/0/0, dsn=5.1.1, status=bounced (user unknown. Command output: Invalid user specified. ) Aug 17 16:37:56 mail postfix/qmgr[702]: 984618FC65: removed
450 temp error when 550 perm error is possible
Hi all,
Sometimes our mail server is 'under attack' and we get a lot of these
entries in our log file:
Aug 17 11:08:19 stevie.youngguns.nl postfix/smtpd[14890]: [ID 197553
mail.info] NOQUEUE: reject: RCPT from unknown[212.22.199.165]: 450 4.1.8
indispensabl...@homepc: Sender address rejected: Domain not found;
from=indispensabl...@homepc to=banquetastrophys...@rpc-design.nl
proto=ESMTP helo=homepc
Normally we reject about 15 msgs/min but when such an attack happens it
peaks to about 700 msgs/min. The error is returned to the sending mail
(spam) server is 450 domain not found. Because a domain lookup could
also be a temporary failure this is a temporary error returned.
The 450 error triggers the spammer to retry sending the mail.
The to address is an unknown user on my system so postfix could return a
550 error. How can I do this?
I've attached postconf -n output in main.cf.
--
Martijn de Munnik
address_verify_map = btree:${data_directory}/verify
alias_maps = hash:/opt/csw/etc/postfix/aliases
body_checks = regexp:/opt/csw/etc/postfix/maps/body_checks
broken_sasl_auth_clients = yes
command_directory = /opt/csw/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:localhost:10024
daemon_directory = /opt/csw/libexec/postfix
data_directory = /opt/csw/var/lib/postfix
default_database_type = hash
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = regexp:/opt/csw/etc/postfix/maps/header_checks
home_mailbox = Maildir/
html_directory = /opt/csw/share/doc/postfix/html
inet_interfaces = all
mailbox_command = /opt/csw/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 209715200
mailq_path = /opt/csw/bin/mailq
manpage_directory = /opt/csw/share/man
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
message_size_limit = 20971520
mime_header_checks = regexp:/opt/csw/etc/postfix/maps/mime_header_checks
minimal_backoff_time = 1000s
mydestination = $myhostname, localhost.$mydomain
myhostname = stevie.youngguns.nl
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /opt/csw/bin/newaliases
readme_directory = /opt/csw/share/doc/postfix/README_FILES
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = $mydestination, slagenlandwonen.nl, wfcommunicatie.nl,
gooischebrink.com, interjute.nl, melamo.nl, fair-play.nl, loopbaankamer.nl,
ospl.nl, ospl.de, printcontrol.nl, dankers-schilderwerken.nl, promonta.nl,
interim-denbosch.nl
relayhost =
sample_directory = /opt/csw/share/doc/postfix/samples
sendmail_path = /opt/csw/sbin/sendmail
smtp_bind_address = 213.207.90.2
smtp_helo_timeout = 60s
smtp_send_xforward_command = yes
smtp_skip_quit_response = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_client_connection_count_limit = 10
smtpd_client_restrictions = reject_rbl_client dnsbl.njabl.org, permit
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,warn_if_reject
reject_non_fqdn_hostname,reject_invalid_hostname,
permit
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_non_fqdn_recipient,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_unauth_destination, reject_unlisted_recipient,
reject_unknown_recipient_domain,reject_unverified_recipient,
reject_invalid_hostname,reject_rbl_client virbl.dnsbl.bit.nl,
check_policy_service inet:127.0.0.1:12525, check_policy_service
inet:127.0.0.1:10023, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks,
reject_unknown_sender_domain, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /home/yghosting/ssl/secure-youngguns-nl.pem
smtpd_tls_key_file = /home/yghosting/ssl/secure-youngguns-nl.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/opt/csw/etc/postfix/transport
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/opt/csw/etc/postfix/virtual
Re: 450 temp error when 550 perm error is possible
* Martijn de Munnik mart...@youngguns.nl: Hi all, Sometimes our mail server is 'under attack' and we get a lot of these entries in our log file: Aug 17 11:08:19 stevie.youngguns.nl postfix/smtpd[14890]: [ID 197553 mail.info] NOQUEUE: reject: RCPT from unknown[212.22.199.165]: 450 4.1.8 indispensabl...@homepc: Sender address rejected: Domain not found; from=indispensabl...@homepc to=banquetastrophys...@rpc-design.nl proto=ESMTP helo=homepc Normally we reject about 15 msgs/min but when such an attack happens it peaks to about 700 msgs/min. The error is returned to the sending mail (spam) server is 450 domain not found. Because a domain lookup could also be a temporary failure this is a temporary error returned. The 450 error triggers the spammer to retry sending the mail. Do you have a caching DNS server? The to address is an unknown user on my system so postfix could return a 550 error. How can I do this? Reorder the checks relay_domains = $mydestination, slagenlandwonen.nl, wfcommunicatie.nl, gooischebrink.com, interjute.nl, melamo.nl, fair-play.nl, loopbaankamer.nl, ospl.nl, ospl.de, printcontrol.nl, dankers-schilderwerken.nl, promonta.nl, interim-denbosch.nl mydestination, is not a relay domain! smtpd_client_restrictions = reject_rbl_client dnsbl.njabl.org,permit Does this one still work? smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_recipient, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unauth_destination, reject_unlisted_recipient, reject_unknown_recipient_domain, reject_unverified_recipient, reject_invalid_hostname, reject_rbl_client virbl.dnsbl.bit.nl, check_policy_service inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:10023, permit Your problem is that you distributed the checks all ocver smtpd_sender_restrictions, smtpd_recipient_restrictions and smtpd_client_restrictions smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain, permit -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: about Maildrop error message user unknown
ZhenDong,Xu schrieb: I have installed postfix 2.6 + cyrus-sasl2 + maildrop2.1.0 + mysql5.0.83 + apache22 + extmail1.1.0 When i send mail to myself,i can't received.and become the maillog. I send mail to gmail.com, Gmail can received. I have no idea about the log ,someone can help me .Thanks. ###I have replayced the real domain to *## Aug 17 16:37:56 mail postfix/smtpd[13015]: connect from localhost[127.0.0.1] Aug 17 16:37:56 mail postfix/smtpd[13015]: 7BC418FC61: client=localhost[127.0.0.1] Aug 17 16:37:56 mail postfix/cleanup[13017]: 7BC418FC61: message-id=20090817163756.7bc418f...@mail.*.org mailto:20090817163756.7bc418f...@mail.*.org Aug 17 16:37:56 mail postfix/qmgr[702]: 7BC418FC61: from=xuzhend...@*.org mailto:xuzhend...@*.org, size=642, nrcpt=1 (queue active) Aug 17 16:37:56 mail postfix/smtpd[13015]: disconnect from localhost[127.0.0.1] Aug 17 16:37:56 mail postfix/pipe[13018]: 7BC418FC61: to=xuzhend...@*.org mailto:xuzhend...@*.org, relay=maildrop, delay=0.12, delays=0.11/0/0/0.01, dsn=5.1.1, status=bounced *(user unknown. Command output: Invalid user specified. ) *Aug 17 16:37:56 mail postfix/cleanup[13017]: 984618FC65: message-id=20090817163756.984618f...@mail.*.org mailto:20090817163756.984618f...@mail.*.org Aug 17 16:37:56 mail postfix/bounce[13020]: 7BC418FC61: sender non-delivery notification: 984618FC65 Aug 17 16:37:56 mail postfix/qmgr[702]: 984618FC65: from=, size=2514, nrcpt=1 (queue active) Aug 17 16:37:56 mail postfix/qmgr[702]: 7BC418FC61: removed Aug 17 16:37:56 mail postfix/pipe[13018]: 984618FC65: to=xuzhend...@*.org mailto:xuzhend...@*.org, relay=maildrop, delay=0.01, delays=0/0/0/0, dsn=5.1.1, status=bounced (user unknown. Command output: Invalid user specified. ) Aug 17 16:37:56 mail postfix/qmgr[702]: 984618FC65: removed I would say, something is wrong with your sender domain name as postfix replaced it to * and this causes the error. There are differences between local and internet delivery of mail. http://www.postfix.org/ADDRESS_REWRITING_README.html can give you some information about this regards Joerg
Re: 450 temp error when 550 perm error is possible
Martijn de Munnik schrieb: Hi all, Sometimes our mail server is 'under attack' and we get a lot of these entries in our log file: Aug 17 11:08:19 stevie.youngguns.nl postfix/smtpd[14890]: [ID 197553 mail.info] NOQUEUE: reject: RCPT from unknown[212.22.199.165]: 450 4.1.8 indispensabl...@homepc: Sender address rejected: Domain not found; from=indispensabl...@homepc to=banquetastrophys...@rpc-design.nl proto=ESMTP helo=homepc Normally we reject about 15 msgs/min but when such an attack happens it peaks to about 700 msgs/min. The error is returned to the sending mail (spam) server is 450 domain not found. Because a domain lookup could also be a temporary failure this is a temporary error returned. The 450 error triggers the spammer to retry sending the mail. The to address is an unknown user on my system so postfix could return a 550 error. How can I do this? I've attached postconf -n output in main.cf. -- Martijn de Munnik if you trust your dns servers ( additional you should use a local dns cache at minimum ) you can change unknown_address_reject_code = 550 in main.cf reject_unknown_recipient_domain Reject the request when Postfix is not final destination for the recipient domain, and the RCPT TO domain has no DNS A or MX record, or when it has a malformed MX record such as a record with a zero-length MX hostname (Postfix version 2.3 and later). The unknown_address_reject_code parameter specifies the numerical response code for rejected requests (default: 450). The response is always 450 in case of a temporary DNS error. -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: 450 temp error when 550 perm error is possible
On Mon, 2009-08-17 at 11:28 +0200, Ralf Hildebrandt wrote: * Martijn de Munnik mart...@youngguns.nl: Hi all, Sometimes our mail server is 'under attack' and we get a lot of these entries in our log file: Aug 17 11:08:19 stevie.youngguns.nl postfix/smtpd[14890]: [ID 197553 mail.info] NOQUEUE: reject: RCPT from unknown[212.22.199.165]: 450 4.1.8 indispensabl...@homepc: Sender address rejected: Domain not found; from=indispensabl...@homepc to=banquetastrophys...@rpc-design.nl proto=ESMTP helo=homepc Normally we reject about 15 msgs/min but when such an attack happens it peaks to about 700 msgs/min. The error is returned to the sending mail (spam) server is 450 domain not found. Because a domain lookup could also be a temporary failure this is a temporary error returned. The 450 error triggers the spammer to retry sending the mail. Do you have a caching DNS server? Yes, but still things can go wrong and I don't want a failing DNS lookup to be fatal. The to address is an unknown user on my system so postfix could return a 550 error. How can I do this? Reorder the checks relay_domains = $mydestination, slagenlandwonen.nl, wfcommunicatie.nl, gooischebrink.com, interjute.nl, melamo.nl, fair-play.nl, loopbaankamer.nl, ospl.nl, ospl.de, printcontrol.nl, dankers-schilderwerken.nl, promonta.nl, interim-denbosch.nl mydestination, is not a relay domain! Oke thanks, stupid mistake. smtpd_client_restrictions = reject_rbl_client dnsbl.njabl.org, permit Does this one still work? As far as I know it does. But I see it is also included in xbl.spamhaus.org. smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_recipient, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unauth_destination, reject_unlisted_recipient, reject_unknown_recipient_domain, reject_unverified_recipient, reject_invalid_hostname, reject_rbl_client virbl.dnsbl.bit.nl, check_policy_service inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:10023, permit Your problem is that you distributed the checks all ocver smtpd_sender_restrictions, smtpd_recipient_restrictions and smtpd_client_restrictions smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain, permit Mmm, I think I need to read the manual to really understand where all those rejects/permits belong. Met vriendelijke groet, Martijn de Munnik -- YoungGuns Kasteleinenkampweg 7b 5222 AX 's-Hertogenbosch T. 073 623 56 40 F. 073 623 56 39 www.youngguns.nl KvK 18076568
Re: 450 temp error when 550 perm error is possible
* Martijn de Munnik mart...@youngguns.nl: Do you have a caching DNS server? Yes, but still things can go wrong and I don't want a failing DNS lookup to be fatal. Postfix always returns a 4xx in case of such failures As far as I know it does. But I see it is also included in xbl.spamhaus.org. Rather use zen.spamhaus.org Mmm, I think I need to read the manual to really understand where all those rejects/permits belong. I'd put them all into smtpd_recipient_restrictions #:) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: discard external mail to explicit account
On Wed, Jul 22, 2009 at 9:28 PM, oka...@gmail.com wrote: thanks, that is what i'm looking for. BR On Wed, Jul 22, 2009 at 8:46 PM, Noel Jonesnjo...@megan.vbhcs.org wrote: oka...@gmail.com wrote: Hello all. Is there any method to discard all mails coming to t...@test.com except all mails coming from *...@test.com We want to not allow some accounts to recieve emails from outside. BR Here's general instructions for this sort of thing: http://www.postfix.org/RESTRICTION_CLASS_README.html#internal -- Noel Jones Hello again. Is there any method to allow only one email address to send an email to specific account ? For example we have all-t...@test.com and we want to only allow one-u...@test.com to send an email to all-t...@test.com, others can't send to this email address. Is this possible ? BR
Re: 450 temp error when 550 perm error is possible
On Mon, 2009-08-17 at 12:46 +0200, Ralf Hildebrandt wrote: * Martijn de Munnik mart...@youngguns.nl: Do you have a caching DNS server? Yes, but still things can go wrong and I don't want a failing DNS lookup to be fatal. Postfix always returns a 4xx in case of such failures As far as I know it does. But I see it is also included in xbl.spamhaus.org. Rather use zen.spamhaus.borg I was referring to xbl because I use policyd-weight. policyd-weight includes the spamhaus zones (http://www.policyd-weight.org/) Mmm, I think I need to read the manual to really understand where all those rejects/permits belong. I'd put them all into smtpd_recipient_restrictions #:) http://www.postfix.org/SMTPD_ACCESS_README.html#danger
Re: 450 temp error when 550 perm error is possible
* Martijn de Munnik mart...@youngguns.nl: I'd put them all into smtpd_recipient_restrictions #:) http://www.postfix.org/SMTPD_ACCESS_README.html#danger Doesn't apply for your restrictions -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: 450 temp error when 550 perm error is possible
On Mon, 2009-08-17 at 12:46 +0200, Ralf Hildebrandt wrote:
* Martijn de Munnik mart...@youngguns.nl:
Do you have a caching DNS server?
Yes, but still things can go wrong and I don't want a failing DNS lookup
to be fatal.
Postfix always returns a 4xx in case of such failures
As far as I know it does. But I see it is also included in
xbl.spamhaus.org.
Rather use zen.spamhaus.org
Mmm, I think I need to read the manual to really understand where all
those rejects/permits belong.
I'd put them all into smtpd_recipient_restrictions #:)
I did some updates in my main.cf. I've attached the updated file. I kept
the restrictions with the different smtpd_*_restrictions, I find it a
little easier to understand.
thanks,
Martijn
address_verify_map = btree:${data_directory}/verify
alias_maps = hash:/opt/csw/etc/postfix/aliases
body_checks = regexp:/opt/csw/etc/postfix/maps/body_checks
broken_sasl_auth_clients = yes
command_directory = /opt/csw/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:localhost:10024
daemon_directory = /opt/csw/libexec/postfix
data_directory = /opt/csw/var/lib/postfix
default_database_type = hash
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = regexp:/opt/csw/etc/postfix/maps/header_checks
home_mailbox = Maildir/
html_directory = /opt/csw/share/doc/postfix/html
inet_interfaces = all
mailbox_command = /opt/csw/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 209715200
mailq_path = /opt/csw/bin/mailq
manpage_directory = /opt/csw/share/man
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
message_size_limit = 20971520
mime_header_checks = regexp:/opt/csw/etc/postfix/maps/mime_header_checks
minimal_backoff_time = 1000s
mydestination = $myhostname, localhost.$mydomain
myhostname = stevie.youngguns.nl
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /opt/csw/bin/newaliases
readme_directory = /opt/csw/share/doc/postfix/README_FILES
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = slagenlandwonen.nl, wfcommunicatie.nl, gooischebrink.com,
interjute.nl, melamo.nl, fair-play.nl, loopbaankamer.nl, ospl.nl, ospl.de,
printcontrol.nl, dankers-schilderwerken.nl, promonta.nl, interim-denbosch.nl
relayhost =
sample_directory = /opt/csw/share/doc/postfix/samples
sendmail_path = /opt/csw/sbin/sendmail
smtp_bind_address = 213.207.90.2
smtp_helo_timeout = 60s
smtp_send_xforward_command = yes
smtp_skip_quit_response = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_client_connection_count_limit = 10
smtpd_client_restrictions = reject_rbl_client virbl.dnsbl.bit.nl
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname, permit
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_non_fqdn_recipient,
reject_unverified_recipient,reject_unauth_destination,
check_policy_service inet:127.0.0.1:12525, check_policy_service
inet:127.0.0.1:10023, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,
reject_unknown_sender_domain, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /home/yghosting/ssl/secure-youngguns-nl.pem
smtpd_tls_key_file = /home/yghosting/ssl/secure-youngguns-nl.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/opt/csw/etc/postfix/transport
unknown_address_reject_code = 550
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/opt/csw/etc/postfix/virtual
Proper way to add LDAP support to an existing Postfix installation
I'm running Postfix 2.3.8 in a Debian GNU/Linux 4.0 (Etch) box. I want it to support LDAP but I don't know what would happen if I install the postfix-ldap package via apt-get because of this: # apt-get install --just-print postfix-ldap Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: libpcre3 postfix postfix-pcre It says it would also install the postfix package, I don't know if it would affect my already working configuration or not. My other option is to reinstall it from source using: # make makefiles CCARGS=-I/usr/local/include -DHAS_LDAP \ AUXLIBS=-L/usr/local/lib -lldap -L/usr/local/lib -llber # make # make install But I don't know if this would have also bad effects on my existing postfix installation. What would be the proper way to do this?
Re: 450 temp error when 550 perm error is possible
* Martijn de Munnik mart...@youngguns.nl: I'd put them all into smtpd_recipient_restrictions #:) I did some updates in my main.cf. I've attached the updated file. I kept the restrictions with the different smtpd_*_restrictions, I find it a little easier to understand. Thus your initial question :) (pardon my irony) smtpd_client_restrictions = reject_rbl_client virbl.dnsbl.bit.nl smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_recipient, reject_unverified_recipient, reject_unauth_destination, check_policy_service inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:10023, permit smtpd_sender_restrictions = permit_mynetworks,reject_non_fqdn_sender, reject_unknown_sender_domain, permit Can be merged into: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unverified_recipient, reject_unauth_destination, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_rbl_client virbl.dnsbl.bit.nl check_policy_service inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:10023 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: discard external mail to explicit account
On Mon, 17 Aug 2009 13:02:34 +0200, oka...@gmail.com wrote: For example we have all-t...@test.com and we want to only allow one-u...@test.com to send an email to all-t...@test.com, others can't send to this email address. http://www.postfwd.org/ and http://www.policyd.org/ can both do this -- Benny Pedersen
Re: 450 temp error when 550 perm error is possible
On Mon, 17 Aug 2009 13:39:39 +0200, Ralf Hildebrandt ralf.hildebra...@charite.de wrote: smtpd_recipient_restrictions = reject_unverified_recipient, reject_unauth_destination, is a unverified recipient a auth destination ? :) -- Benny Pedersen
OT: dkim-milter forked to an OpenDKIM project
For those who missed it, the dkim-milter project forked. Its principal developer is now with the OpenDKIM project. The OpenDKIM v1.0.0 brings a couple of bug fixes over the dkim-milter, and uses a new build mechanism. Mark Here is the announcement posted on 2009-08-14: == The OpenDKIM project announces availability of OpenDKIM v1.0.0, its first release. OpenDKIM is derived from dkim-milter v2.8.3, produced and maintained by Sendmail, Inc. The major change in this release is the build process which uses autoconf. The configuration files used by dkim-milter are fully compatible with OpenDKIM. The release notes list the bugs that have been fixed in this release. For more information, or to download the package, please visit http://www.opendkim.org. For general questions or discussion, please subscribe to the opendkim-users list at the above URL. To report problems, use that list or the bug trackers, also at the above URL.
Re: discard external mail to explicit account
Benny Pedersen wrote: On Mon, 17 Aug 2009 13:02:34 +0200, oka...@gmail.com wrote: For example we have all-t...@test.com and we want to only allow one-u...@test.com to send an email to all-t...@test.com, others can't send to this email address. http://www.postfwd.org/ and http://www.policyd.org/ can both do this Built-in postfix per-user stuff is described in http://www.postfix.org/RESTRICTION_CLASS_README.html However, an external policy server may give you more flexibility, and may be more scalable, than the postfix built-in controls. -- Noel Jones
Re: mutt headers and postfix
Joerg Thuemmler wrote: Hi, im using postfix as mta for automatic mail sending out of our db. All db users a logged in as the same (linux) user, as it's a terminal based system. So a created mail has usually db_user@domain.tld from and return-path headers. Of course that's not what I want, every db user should have his own from/return-path. So I let mutt build own headers (my_hdr From: ... and my_hdr Return-path:...) Until now I was still on postfix 1.1.11 now changed to 2.5.5.6.7 (SuSEs 11.1. version). Before this the From: and Return-path: were as I wanted, now I had to set use_from in /etc/postfix/main.cf to no for the correct setting of from and there's no way to prevent my_hdr Return-path: ... from rewriting. Is there a way to reget my old method, some config command or other header field to set from which postfix uses the value to set Return-path. I found some articles in the archives, but I didn't find out a solvation for my problem. Your question is unclear, so I'll give you some general information. The Return-path: header cannot be set directly, but is set by controlling the envelope sender address. This really should be set by the sending application, but can be modified by postfix. Postfix address rewriting controls are described in http://www.postfix.org/ADDRESS_REWRITING_README.html For further help, please see: http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones
postfix mail queue hits a certain limit, needs restart of postfix (not aware of other choices, or root cause)
I support a couple postfix servers that do a high volume of sending mail (not direct marketing :) for billing, invoicing and account update confirmations). On one machine, when the mailq is over 5000, things seem to get stuck where I need to restart postfix. If I don't, mail will pile up in the queue. The current hack is to page my phone, then I ssh and restart it. Eventually I'll just cron it but it's annoying to figure out the root cause. Postfix version is 2.2.7. Any clues will be much appreciated, thanks.
Re: 450 temp error when 550 perm error is possible
Martijn de Munnik wrote: Hi all, Sometimes our mail server is 'under attack' and we get a lot of these entries in our log file: Aug 17 11:08:19 stevie.youngguns.nl postfix/smtpd[14890]: [ID 197553 mail.info] NOQUEUE: reject: RCPT from unknown[212.22.199.165]: 450 4.1.8 indispensabl...@homepc: Sender address rejected: Domain not found; from=indispensabl...@homepc to=banquetastrophys...@rpc-design.nl proto=ESMTP helo=homepc Normally we reject about 15 msgs/min but when such an attack happens it peaks to about 700 msgs/min. The error is returned to the sending mail (spam) server is 450 domain not found. Because a domain lookup could also be a temporary failure this is a temporary error returned. The 450 error triggers the spammer to retry sending the mail. The to address is an unknown user on my system so postfix could return a 550 error. How can I do this? I've attached postconf -n output in main.cf. -- Martijn de Munnik I do not know your overall configuration. However, you might consider using something like Fail2ban http://www.fail2ban.org/wiki/index.php/Main_Page to stop the bad traffic at your firewall. just a thought JLA
Re: postfix mail queue hits a certain limit, needs restart of postfix (not aware of other choices, or root cause)
* Richard Wurman richardsaulwur...@gmail.com: I support a couple postfix servers that do a high volume of sending mail (not direct marketing :) for billing, invoicing and account update confirmations). On one machine, when the mailq is over 5000, things seem to get stuck where I need to restart postfix. If I don't, mail will pile up in the queue. Restarting just exacerbates things, since the whole queue needs to be re-scanned. The current hack is to page my phone, then I ssh and restart it. Eventually I'll just cron it but it's annoying to figure out the root cause. Postfix version is 2.2.7. Any clues will be much appreciated, thanks. More analysis. What is actually happening? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Looking for opinions on FreeBSD OS for Postfix
Hi, I'm using Postfix 2.5.5 with Amavis/CLAM. Also looking at adding SpamAssassin in the near future. I've also got Postfix Policyd V2 on my gateways. I've currently got this all running on Ubuntu (Hardy 8.04) and it's been fine so far. I have had one or two problems along the way, not with Postfix itself, but things like NFS at one stage (mail stores are on NFS mounts) so I'm considering moving away from Ubuntu as and when servers get replaced by newer hardware. This may be in the next 6 to 12 months as our current hardware is nearing it's limits. I'm considering FreeBSD as an alternative, but I was wondering what people think of FreeBSD as a platform for Postfix. It's obviously not as easy to maintain as Ubuntu, but it does have a reputation for stability. Any thoughts, recommendations or experiences would be appreciated. Thanks Guy -- Don't just do something...sit there!
Re: Looking for opinions on FreeBSD OS for Postfix
On 17/08/2009 17:01, Guy wrote: Hi, I'm using Postfix 2.5.5 with Amavis/CLAM. Also looking at adding SpamAssassin in the near future. I've also got Postfix Policyd V2 on my gateways. I've currently got this all running on Ubuntu (Hardy 8.04) and it's been fine so far. I have had one or two problems along the way, not with Postfix itself, but things like NFS at one stage (mail stores are on NFS mounts) so I'm considering moving away from Ubuntu as and when servers get replaced by newer hardware. This may be in the next 6 to 12 months as our current hardware is nearing it's limits. I'm considering FreeBSD as an alternative, but I was wondering what people think of FreeBSD as a platform for Postfix. It's obviously not as easy to maintain as Ubuntu, but it does have a reputation for stability. Any thoughts, recommendations or experiences would be appreciated. FreeBSD is an excellent platform to run Postfix on and I think it's probably as easy to maintain as Ubuntu for the common cases and you'll find the NFS implementation on FreeBSD very good, although you should probably expect to do a little tuning if you have a FreeBSD server and Linux clients. FreeBSD as a client is quite good, but the NFS server implementation is probably more important in your case. - Mark
Re: Illegal address syntax
According to your problem report, the trading application sends: MAIL FROM:'usern...@example.com' The correct SMTP protocol syntax is: MAIL FROM:usern...@example.com Not even Sendmail accepts the incorrect syntax. You can easily view the command by logging the SMTP commands (main.cf: debug_peer_list = address of client) or by sniffing the network. Sorry to resurrect what might be an irrelevant thread, but if am testing by trying to send to an IP address rather than a domain, how can I accept the illegal syntax of mail TO usern...@ipaddress? Thank you! -Eugene
Re: postfix mail queue hits a certain limit, needs restart of postfix (not aware of other choices, or root cause)
Zitat von Richard Wurman richardsaulwur...@gmail.com: I support a couple postfix servers that do a high volume of sending mail (not direct marketing :) for billing, invoicing and account update confirmations). On one machine, when the mailq is over 5000, things seem to get stuck where I need to restart postfix. If I don't, mail will pile up in the queue. The current hack is to page my phone, then I ssh and restart it. Eventually I'll just cron it but it's annoying to figure out the root cause. Postfix version is 2.2.7. Any clues will be much appreciated, thanks. http://www.postfix.org/DEBUG_README.html What is in the logs? Output of postconf -n Regards Andreas
Re: Looking for opinions on FreeBSD OS for Postfix
I'm considering FreeBSD as an alternative, but I was wondering what people think of FreeBSD as a platform for Postfix. It's obviously not as easy to maintain as Ubuntu, but it does have a reputation for stability. Any thoughts, recommendations or experiences would be appreciated. As you still have plenty of time until the possible switchover, I definitely recommend FreeBSD 8, once out of the BETA and RC stage. The new NFS implementation alone would be worth it. My experience on FreeBSD is that if possible, maintenance is a breeze, if you dont mind digging bit more inside - the graphical tools might be lacking, but then the automation of updates and the port system are something that makes BSD's definitely an easy to administer system for me. For what it's worth I'm running postfix on all my BSD machines and it has never let me down. And of course man pages and the excellent handbook are your friends. -Reko
postfix performance
All, What do I need to do in order to have better performance on Postfix. I have Centos5 with postfix installed. The mail server is only as a relay mail server and has nothing else. I just make the test and the performance was not good. Outgoing 1K email was around 568 seconds. Any insight is appreciated. Thanks. Mark
Re: postfix performance
At 10:30 AM 8/17/2009, you wrote: All, What do I need to do in order to have better performance on Postfix. I have Centos5 with postfix installed. The mail server is only as a relay mail server and has nothing else. I just make the test and the performance was not good. Outgoing 1K email was around 568 seconds. Any insight is appreciated. Although this will likely be out of my area of being able to help you, someone else here probably can, but you'll want to post relevent logs and postconf -n output. But 568 secoonds, my guess is there's something configured MAJORLY wrong. 10 minutes? DNS lookup failure?
Re: tls_random_source and OSX
--On Tuesday, July 21, 2009 7:06 PM -0400 Wietse Venema wie...@porcupine.org wrote: There wasn't a /dev/*random when Postfix was initially ported to MacOSX, and no-one has told me when /dev/*random were added. Perhaps you can provide uname -s and uname -r. Have you verified that these work? Unfortunately existence does not always mean it works. Last time someone checked, MacOS X kqueue support was still broken for Postfix. I patched our own Mac builds on 7/21/2009 to use the /dev/*random device, and so far our QA team has not noticed any issues arising from this change. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration
Re: Illegal address syntax
Eugene Vilensky wrote: According to your problem report, the trading application sends: MAIL FROM:'usern...@example.com' The correct SMTP protocol syntax is: MAIL FROM:usern...@example.com Not even Sendmail accepts the incorrect syntax. You can easily view the command by logging the SMTP commands (main.cf: debug_peer_list = address of client) or by sniffing the network. Sorry to resurrect what might be an irrelevant thread, but if am testing by trying to send to an IP address rather than a domain, how can I accept the illegal syntax of mail TO usern...@ipaddress? Thank you! -Eugene http://www.postfix.org/postconf.5.html#resolve_numeric_domain
Re: postfix mail queue hits a certain limit, needs restart of postfix (not aware of other choices, or root cause)
Richard Wurman wrote: I support a couple postfix servers that do a high volume of sending mail (not direct marketing :) for billing, invoicing and account update confirmations). On one machine, when the mailq is over 5000, things seem to get stuck where I need to restart postfix. If I don't, mail will pile up in the queue. The current hack is to page my phone, then I ssh and restart it. Eventually I'll just cron it but it's annoying to figure out the root cause. Postfix version is 2.2.7. Any clues will be much appreciated, thanks. http://www.postfix.org/TUNING_README.html http://www.postfix.org/DEBUG_README.html#mail
Re: Postfix + Vda patch - problems with bounce
Well, let me change the subject a little: Anybody can indicate me a policy daemon or some solution to reject messages for over quota at smtp time ? This way I don't need to bounce the message like I want to do. Thanks. Regards, Marcelo H. Terres mhter...@gmail.com ICQ: 6649932 MSN: mhter...@hotmail.com Jabber: mhter...@jabber.org http://twitter.com/mhterres http://identi.ca/mhterres http://mhterres.jaiku.com/ http://mundoopensource.blogspot.com/ http://offtopicsandfun.blogspot.com/ http://www.propus.com.br Sent from Porto Alegre, RS, Brazil On Sat, Aug 15, 2009 at 9:56 PM, Wietse Venema wie...@porcupine.org wrote: Benny Pedersen: On Fri, 14 Aug 2009 21:21:47 -0300, Marcelo Terres mhter...@gmail.com wrote: I know that, and I'm looking for help there too. This patch is not a supported part of Postfix. For support please go to the maintainers of the patch. Wietse
Re: Removing Headers
Hi, On Sat, Aug 15, 2009 at 3:58 AM, Reinaldo de Carvalhoreinal...@gmail.com wrote: 2009/8/14 Eduardo Júnior ihtrau...@gmail.com: ok, but there is another way to do what I want. The example above was a test. Accepting some headers and denying the rest is an alternative: /^((Resent-)?From|To|Cc|Date|Reply-to|Reply-TO|Return-Path|Message-ID):/ OK /./ IGNORE No!! cleanup processes header_checks header by header. You're removing all headers except those listed in the first line. Each message header or message body line is compared against a list of patterns. When a match is found the corresponding action is executed, and the matching process is repeated for the next message header or message body line. http://www.postfix.org/header_checks.5.html I already read this reference, thanks. What I post here was just a test. I'm not doing that. []'s -- Eduardo Júnior GNU/Linux user #423272 :wq
Re: Removing Headers
Hi, On Sun, Aug 16, 2009 at 5:56 AM, moussmo...@ml.netoyen.net wrote: Eduardo Júnior a écrit : On Thu, Aug 13, 2009 at 5:43 PM, Magnus Bäckmag...@dsek.lth.se wrote: No, so you need to craft a more precise expression. The look of the Received: header you want to remove is very well-known, so it should be quite easy to craft a suitable expression. ok, but there is another way to do what I want. The example above was a test. Accepting some headers and denying the rest is an alternative: /^((Resent-)?From|To|Cc|Date|Reply-to|Reply-TO|Return-Path|Message-ID):/ OK /./ IGNORE No. Only remove the headers you want to remove. As Magnus said, use a precise expression. something like /^Received: from \S+ \(\S+ \[192\.168\.1\.\d+\]\)\s+by yourserver\.example\.com \(Postfix\) with ESMTP id / IGNORE (this is pcre). adjust for your setup. I read about this kind of lookup table and regexp and did a precise expression for my setup. The above example isn't a good idea really. But I don't know if these headers are essencial. Obviously, headers are rarely added for fun. Some reference about this? http://tools.ietf.org/html/rfc5321 http://tools.ietf.org/html/rfc5322 thanks, []'s -- Eduardo Júnior GNU/Linux user #423272 :wq
Re: Postfix + Vda patch - problems with bounce
Marcelo Terres: Well, let me change the subject a little: Anybody can indicate me a policy daemon or some solution to reject messages for over quota at smtp time ? I suggest: maintain an SMTPD access map that rejects mail for users that are over quota; update this access map a few times a day based on actual mailbox usage statistics. The first part talks to Postfix, and the second part talks to the message store. Wietse
Notification of non-delivery
Hi, where can I read about this? How can I change the format and what each part means? In specially, i would like the body of the message sent would come with the notification and the enconding format. I read about daemon bounce in [1], but it's yet not clear for me and hadn't the information above. [1] - http://www.postfix.org/bounce.8.html thanks, []'s -- Eduardo Júnior GNU/Linux user #423272 :wq
header_checks rule skipped
Hi, I would like to tag/replace each message Subject: with some custom pattern and leave the rest unchanged. I'm using following header_checks rule: /^Subject:.*/ REPLACE Subject: PRE $1 but I get a warning: Aug 17 19:03:57 mail postfix/cleanup[20807]: [ID 947731 mail.warning] warning: regexp map /etc/postfix/header_checks, line 1: out of range replacement index 1: skipping this rule the same rule without $1 is working fine. I'm using postfix 2.5.7. Any thoughts please? Thank you, Stefan
Re: header_checks rule skipped
Stefan Varga wrote: Hi, I would like to tag/replace each message Subject: with some custom pattern and leave the rest unchanged. I'm using following header_checks rule: /^Subject:.*/ REPLACE Subject: PRE $1 but I get a warning: Aug 17 19:03:57 mail postfix/cleanup[20807]: [ID 947731 mail.warning] warning: regexp map /etc/postfix/header_checks, line 1: out of range replacement index 1: skipping this rule the same rule without $1 is working fine. I'm using postfix 2.5.7. Any thoughts please? Thank you, Stefan $1 refers to text inside the first set of parenthesis (). You don't seem to have any, so $1 is undefined. /^Subject: (.*)$/ REPLACE Subject: PRE $1 -- Noel Jones
Re: Notification of non-delivery
Eduardo J?nior: Hi, where can I read about this? How can I change the format and what each part means? You can configure the text (see: man 5 bounce) before the non-deliverable recipients, but you cannot configure the format of bounce messages. The format is defined in Internet RFC documents. Wietse
Re: Proper way to add LDAP support to an existing Postfix installation
2009/8/17 Yeray Gutiérrez Cedrés yera...@gmail.com: I'm running Postfix 2.3.8 in a Debian GNU/Linux 4.0 (Etch) box. I want it to support LDAP but I don't know what would happen if I install the postfix-ldap package via apt-get because of this: # apt-get install --just-print postfix-ldap Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: libpcre3 postfix postfix-pcre It says it would also install the postfix package, I don't know if it would affect my already working configuration or not. My other option is to reinstall it from source using: # make makefiles CCARGS=-I/usr/local/include -DHAS_LDAP \ AUXLIBS=-L/usr/local/lib -lldap -L/usr/local/lib -llber # make # make install But I don't know if this would have also bad effects on my existing postfix installation. What would be the proper way to do this? Aha, you've installed from source... I have a pessimistic suspicion that the packaged version might well clobber your compiled version. That said, if everything (the files) is in the same place then I guess that shouldn't matter, but I've never installed Postfix from tarball before. Any particular reason you installed from source? The packaging page indicates you get the same version anyway: http://packages.debian.org/etch/postfix If you can afford the work and downtime, you're probably better off backing up your config and mailboxes, then replacing it with the packaged version (without LDAP), get it working, then add LDAP. /IMHO
Re: HELO/EHLO rejection rate
LuKreme wrote: I looked at the various rejections for the last 31 days, and I noticed that my unknown/HELO is very very high and my RBL is very very low. 5xx Reject relay denied 0.08% 5xx Reject HELO/EHLO45.97% 5xx Reject DATA 0.01% 5xx Reject unknown user 47.47% 5xx Reject recipient address 0.00% 5xx Reject sender address0.11% 5xx Reject client host 1.07% 5xx Reject RBL 5.29% 5xx Reject header0.01% -- Total 5xx Rejects 100.00% looking at some other stats I've been able to find, I am seeing numbers more like 20/1/70 where I have 46/47/5 What version of postfix-logwatch is this? A quick check of the ChangeLog suggests that versions prior to 2007-02-14 might not distinguish warn_if_reject messages from true reject messages. Since you include, warn_if_reject reject_unknown_client_hostname in your smtpd_recipient_restrictions, that could explain the difference you're seeing. smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_invalid_hostname, permit_mynetworks, check_client_access hash:$config_directory/pbs, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient, reject_unlisted_sender, reject_unknown_reverse_client_hostname, warn_if_reject reject_unknown_client_hostname, check_client_access cidr:/var/db/dnswl/postfix-dnswl-permit check_sender_access pcre:$config_directory/sender_access.pcre, check_client_access pcre:$config_directory/check_client_fqdn.pcre, check_recipient_access pcre:$config_directory/recipient_checks.pcre, check_client_access hash:$config_directory/access, reject_rbl_client zen.spamhaus.org, permit
Re: postfix performance
2009/8/18 Evan Platt e...@espphotography.com: At 10:30 AM 8/17/2009, you wrote: I just make the test and the performance was not good. Outgoing 1K email was around 568 seconds. Any insight is appreciated. Although this will likely be out of my area of being able to help you, someone else here probably can, but you'll want to post relevent logs and postconf -n output. But 568 secoonds, my guess is there's something configured MAJORLY wrong. Indeed, we need `postconf -n` to spot any glaring config errors, and log entries to see the problem actually happening. A description of how you send this mailout would also be good. Obviously we don't want a full log for all 1000 messages, but a representative sample would be good. As a minimum, we should be able to track at least a few messages from start to finish.
Re: about Maildrop error message user unknown
ZhenDong,Xu a écrit : I have installed postfix 2.6 + cyrus-sasl2 + maildrop2.1.0 + mysql5.0.83 + apache22 + extmail1.1.0 When i send mail to myself,i can't received.and become the maillog. I send mail to gmail.com, Gmail can received. I have no idea about the log ,someone can help me .Thanks. [snip] Aug 17 16:37:56 mail postfix/pipe[13018]: 7BC418FC61: to=xuzhend...@*.org mailto:xuzhend...@*.org, relay=maildrop, delay=0.12, delays=0.11/0/0/0.01, dsn=5.1.1, status=bounced *(user unknown. Command output: Invalid user specified. ) This a maildrop build/config issue. it's a FAQ. Please 1- search the web 2- if you still don't find the answer, ask on the courier-maildrop mailing list. but make sure to provide the output of 'maildrop -v' hints: - maildrop may be built with or without authlib support. maildrop will behave differently depending on this. - maildrop won't allow random users to do a '-d user'. [snip]
Re: postfix terminating on signal 15
Wietse Venema wrote: It's unprodictive to kill off Postfix under overload. At the very least you should increase your 35-second deadline. Yes I did increase it to 120 seconds. I understand just killing and restarting postfix is not a solution. As a test I switched the monitor to sending an alert and not restart. The mail.info logs show nothing very useful. The, possibly, note worthy things around the time postfix quit are: Aug 15 02:55:06 prod101 postfix/master[9402]: warning: process /usr/lib/postfix/qmgr pid 9582 exit status 1 Then at some point the master process quits (without any mention in the logs) and the postfix/smtpd processes slowly are disappearing: Aug 15 05:13:19 prod101 postfix/smtpd[15568]: warning: problem talking to server private/anvil: Connection refused Aug 15 05:13:19 prod101 postfix/smtpd[14684]: lost connection after CONNECT from unknown[77.41.50.8] (..) Aug 15 05:13:19 prod101 postfix/smtpd[14973]: lost connection after CONNECT from unknown[92.85.166.176] Aug 15 05:13:19 prod101 postfix/smtpd[11671]: disconnect from unknown[unknown] Aug 15 05:13:19 prod101 postfix/smtpd[13910]: lost connection after CONNECT from unknown[123.21.38.44] Until there is no mention of postfix anymore and a ps -ef shows postfix has ceased to run. A manual /etc/init.d/postfix start is required. So the babysitter at least prevents postfix from not running for a long amount of time. Even though it gets a few false positives. There is an entire webpage devoted to how Postfix handles overload and what recovery mechanisms alraedy exist. Yes I read it before contacting the listr. I will study it again. Thanks, Jeroen
Re: Notification of non-delivery
Hi, On Mon, Aug 17, 2009 at 4:37 PM, Wietse Venemawie...@porcupine.org wrote: Eduardo Júnior: Hi, where can I read about this? How can I change the format and what each part means? You can configure the text (see: man 5 bounce) before the non-deliverable recipients, but you cannot configure the format of bounce messages. The format is defined in Internet RFC documents. Wietse I read this, modified to my setup, adapted the maximum size of the messages bounce with: bounce_size_limit (http://www.postfix.org/postconf.5.html#bounce_size_limit) and I have some doubts. This: With Postfix 2.4 and later, a message is returned as either message/rfc822 (the complete original) or as text/rfc822-headers (the headers only) does means that if my postifxis 2.4 the body of the message sent doesn't included in the bounce message to postmaster? My postfix box is 2.3. And in man 5 bounce has this: The template message text is not sent in Postmaster copies of delivery status notifications does means the same thing above? thanks, []'s -- Eduardo Júnior GNU/Linux user #423272 :wq
Re: Looking for opinions on FreeBSD OS for Postfix
On Mon, 17 Aug 2009, Guy wrote: I'm considering FreeBSD as an alternative, but I was wondering what people think of FreeBSD as a platform for Postfix. It's obviously not as easy to maintain as Ubuntu, but it does have a reputation for stability. Any thoughts, recommendations or experiences would be appreciated. Your statement about ease of maintenance seems ill-informed; how exactly did you reach such a conclusion? FreeBSD is a fine platform for Postfix. This and other postfix-users messages are delivered to you via a Postfix instance running on FreeBSD. If you have questions about the OS, ask on the appropriate mailing list and see http://www.freebsd.org. -- Sahil Tandon sa...@tandon.net
Re: Looking for opinions on FreeBSD OS for Postfix
On Mon, Aug 17, 2009 at 09:01, Guywyldf...@gmail.com wrote: Hi, I'm using Postfix 2.5.5 with Amavis/CLAM. Also looking at adding SpamAssassin in the near future. I've also got Postfix Policyd V2 on my gateways. I've currently got this all running on Ubuntu (Hardy 8.04) and it's been fine so far. I have had one or two problems along the way, not with Postfix itself, but things like NFS at one stage (mail stores are on NFS mounts) so I'm considering moving away from Ubuntu as and when servers get replaced by newer hardware. This may be in the next 6 to 12 months as our current hardware is nearing it's limits. I'm considering FreeBSD as an alternative, but I was wondering what people think of FreeBSD as a platform for Postfix. It's obviously not as easy to maintain as Ubuntu, but it does have a reputation for stability. Any thoughts, recommendations or experiences would be appreciated. Thanks Guy I use FreeBSD with the packages you mention, but theyre' all wrapped up with Maia Mailguard. I consider it a very clean all-in-one package for Antispam/Antivirus. My user base is about 275 people, so it's all on one box - a Dell 1950 with 1g RAM, and it hardly breaks a sweat. I have lots of other FreeBSD boxes as well, and simply replace sendmail on each one with postfix. I am biased, but I've long preferred FreeBSD to any flavor of Linux for ease of administration - FreeBSD simply makes more sense to me than any Linux I've ever touched. Others will differ, but that's my preference. Tastes great, less filling. Kurt
Re: Looking for opinions on FreeBSD OS for Postfix
On Mon, 17 Aug 2009, Sahil Tandon wrote: On Mon, 17 Aug 2009, Guy wrote: I'm considering FreeBSD as an alternative, but I was wondering what people think of FreeBSD as a platform for Postfix. It's obviously not as easy to maintain as Ubuntu, but it does have a reputation for stability. Any thoughts, recommendations or experiences would be appreciated. Your statement about ease of maintenance seems ill-informed; how exactly did you reach such a conclusion? FreeBSD is a fine platform for Postfix. This and other postfix-users messages are delivered to you via a Postfix instance running on FreeBSD. If you have questions about the OS, ask on the appropriate mailing list and see http://www.freebsd.org. I have little experience with Postfix, but have been using FreeBSD as a server platform for the last 10+ years. I've generally found it to be very easy to take care of and very compatible with your usual laundry list of internet services (email, web, user auth, nntp, etc.). This isn't an advocacy list, but since the question was asked, these are my top reasons for using it: -It's a unified OS that comes from one vendor - no picking a distro, putting a kernel and some other bits together to make an OS. In short, there's one source for docs, support, and developers. Some may find this limiting, but for most server deployments, I find it simplifies things. -Binary compatibility (ie: the ABI) remains constant across major OS revisions. You can also maintain compat libs to run binaries built under previous major OS revisions. This allows you to decouple your OS upgrades from your local software upgrades if necessary. -Using ports or packages for extra software enforces a separation between the base OS and locally installed software. This is where Linux has frustrated me. I don't want stuff not part of the base OS landing in /bin, /usr/bin, /sbin or /usr/sbin. I find that keeping the base OS apart from installed applications allows for more flexibility in backup and restore operations. YMMV, etc. etc. Charles -- Sahil Tandon sa...@tandon.net
Re: Looking for opinions on FreeBSD OS for Postfix
Kurt Buff wrote: I am biased, but I've long preferred FreeBSD to any flavor of Linux for ease of administration - FreeBSD simply makes more sense to me than any Linux I've ever touched. Others will differ, but that's my preference. I prefer linux, and currently use suse and ubuntu, which have been trouble-free for me. Having said that, I do agree that FreeBSD is a solid, dependable, scalable OS for any server task, and I'd have no qualms about running postfix on it. Joe
Re: HELO/EHLO rejection rate
On 8/17/09 12:43 PM, Michael Orlitzky wrote: LuKreme wrote: I looked at the various rejections for the last 31 days, and I noticed that my unknown/HELO is very very high and my RBL is very very low. 5xx Reject relay denied 0.08% 5xx Reject HELO/EHLO 45.97% 5xx Reject DATA 0.01% 5xx Reject unknown user 47.47% 5xx Reject recipient address 0.00% 5xx Reject sender address 0.11% 5xx Reject client host 1.07% 5xx Reject RBL 5.29% 5xx Reject header 0.01% -- Total 5xx Rejects 100.00% looking at some other stats I've been able to find, I am seeing numbers more like 20/1/70 where I have 46/47/5 What version of postfix-logwatch is this? A quick check of the ChangeLog suggests that versions prior to 2007-02-14 might not distinguish warn_if_reject messages from true reject messages. The 5xx Reject format of the output above was implemented in version 1.36.13pre5: 2007-11-14 (version: 1.36.13pre5) - New: Rejects can now be categorized by reject reply code. A new option/variable reject_reply_patterns is a list of reject reply code regular expressions, which are used for categorizing rejects. This feature allows, for example, distinguishing 421 transmission channel closes from 45x errors. (eg. 450 mailbox unavailable, 451 local processing errors, 452 insufficient storage). The default list is: 5.. 4.. Warn which creates three groups of rejects: permanent rejects, temporary failures, and reject warnings (as in warn_if_reject). Requested by: Noel Jones so there is no doubt that warn_if_reject's would appear in a separate section (as would 4xx temp rejects, also not shown). Since you include, warn_if_reject reject_unknown_client_hostname The OP didn't show any Warn Reject sections, so we can't infer when any warn_if_reject was appended to reject_unknown_client_hostname. All we can infer is that there were some 5xx reject_unknown_client_hostname's in the log for the period analyzed. in your smtpd_recipient_restrictions, that could explain the difference you're seeing. If the OPs question was about why the apparent discrepancy between postfix-logwatch and the other stats generated from the unmentioned stats tools, who can say without more data. Perhaps a representative sample of log lines and direct comparison against the other tools would help clarify any confusion. -- Mike
Re: Looking for opinions on FreeBSD OS for Postfix
Hi, I'm considering FreeBSD as an alternative, but I was wondering what people think of FreeBSD as a platform for Postfix. It's obviously not as easy to maintain as Ubuntu, but it does have a reputation for stability. Any thoughts, recommendations or experiences would be appreciated. I am currently setting up a mail server based upon Postfix on FreeBSD. It works as well as one can expect. Now regarding the ease of maintenance, I would say that you have a wrong point of view: OS upgrade on a production server should never be something automated that you run blindly: at any stage, it is possible that something goes wrong, so you better keep good control when you are doing an update. That is the reason why I keep on with the RELENG update track on FreeBSD, that only applies security patches (on a running server I don't need new features or new drivers for something I don't use and that could cause trouble to my system). Beside, I agree with the comments about separation between base OS and additional software, good documentation, good ports (build from source, with a flexibility in the options you want to install), stability of NFS server (nothing specific to do to accept Ubuntu clients BTW). And yes, I have been an happy user of FreeBSD for more than 10 years, so I must be biased :) Bests, Olivier
Content checking - bulk emails
Hi guys, I'm wondering is there any way to configure postfix, to check content of messages which contains ... let say more than 10 recipients, scan those and check contents in looking for un.sub.scribe link (or particular words) and if found pass messages if not block with notification for the sender ? I know it's a bit crazy idea but I want to prevent such situations in the future as I received couple of messages from AOL that some users sends such kind of newsletters or notifications via the server to more than 10 recipients. After that I can expect an email from AOL. I know that AOL has not reject those messages from such a script, user must report it so as I see the content I could say that some AOL users are too sensitive. Anyway as long as such emailing is illegal because content doesn't contain unsubscribe link I would like to take a control over it somehow. Is there any way ? Thanks for any help in advance. Regards, Jarek
postfix + procmail master.cf question
Im having problems with the mail file being produced
when I setup procmail + postfix:
Ive setup global procmail with the following in
my master.cf file:
procmail unix - n n - - pipe
flags=DRX user=jeff argv=/usr/bin/procmail -t -o SENDER=${sender} -m
user=${us...@${domain} DOMAIN=${domain} EXTENSION=${extension}
RECIPIENT=${recipient} /etc/procmailrc
main.cf:
virtual_transport = procmail:
mailbox_transport = procmail:
# be sure to only deliver to procmail 1 user at a time
procmail_destination_recipient_limit = 1
It works, however the mail file that it produces apparently
has the wrong header info and I get:
5 fedora /home/jeff mail -f /var/spool/mail/jeff
Heirloom Mail version 12.4 7/29/08. Type ? for help.
/var/spool/mail/jeff: 0 messages
The mail file exists and my procmail log grows
with each email message. Then:
ls -l /var/spool/mail/jeff
-rw-rw 1 jeff mail 1004612 Aug 17 22:42 /var/spool/mail/jeff
If I try from thunderbird, it says:
Sending of password did not succeed. Mail server pop.mydomain.com responded:
Unable to process From lines (envelopes), change recognition modes
or check for corrupted mail drop.
Can someone tell me what Im doing wrong that the
mail file isnt being created correctly?
I tried DORX for pipe flags but that didnt work
at all (no mail file was created at all as I
recall).
Thanks for any help
