Re: LDAP related "postconf: warning" with most recent build

[Ralf Hildebrandt]

* Wietse Venema :
> Ralf Hildebrandt:
> > % postconf -h queue_directory
> >  
> > gives me a lot of LDAP related warnings:
> > 
> > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: 
> > query_filter=(proxyAddresses=smtp:%s)
> > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: 
> > start_tls=yes
> > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: 
> > bind_pw=xxx
> > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: 
> > version=3
> > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: 
> > bind_dn=yyy
> > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: 
> > server_host=10.28.0.31?  10.28.0.32
> > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: 
> > result_attribute=mail
> > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: 
> > search_base=dc=laborberlin,dc=intern
> > 
> > mail_version = 3.3-20170730
> 
> Does not reproduce when I create a file with those entries, and use
> it as alias_maps.

Odd:

3.3-20170722 no warnings
3.3-20170728 warnings
3.3-20170729 warnings
3.3-20170730 warnings 

# sh src/postconf/extract_cfg.sh
src/postconf/extract_cfg.sh: line 74: m4: command not found

I installed m4, rebuilt, and the warnings are gone.

-- 
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
   
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: Postfix and Maildrop Config

[Bill Cole]

On 6 Sep 2017, at 8:28, Markus Rosjat wrote:


Hi there,

I#m trying to get Maildrop to work with postfix but:

 - if I run it in direct mode
   - it insists on a user as arg  even I have truesed user enabled and
 setuid bit is enabled

 - if I run it in indirect mode
- I got told postfix/qmgr[1116]: warning: connect to transport
  private/maildrop: Connection refused

I followed the docs here and have a ldap directory for my user 
authentication.


Since I noticed ppl don't really bother with less information I like 
to point out that I'm totally new to the whole postfix thing so just 
trow me a bone even you don't like the ways I describe the problem . 
please


Here's a bone: http://www.postfix.org/DEBUG_README.html#mail

You have not provided enough solid information about your configuration 
to let us help you efficiently. That section of the DEBUG_README file 
specifically explains what info is generally needed.


Also, note what the distribution version of master.cf says:

   # maildrop. See the Postfix MAILDROP_README file for details.
   # Also specify in main.cf: maildrop_destination_recipient_limit=1

Finally, since maildrop is a component of the Courier MTA, you may find 
more knowledge regarding its use in the Courier user community. 
Obviously some Postfix users do use maildrop but it is not the most 
common LDA choice for Postfix. I'd be surprised if it is even in the top 
4.

postfix and multiple mandrill keys, based on sending server?

[Jason Miller]

We have a medium sized cloud with 90% of servers sending via mandrill and each 
app/server having its own key. We have a few legacy apps, for example a .net 
1.1 app, that won't send via TLS over 587, and mandrill doesn't support plan 
smtp over 25, so we set up a postfix server to do relay to mandrill via sasl 
authentication and a single mandrill key. I found how to use a different smart 
relay for different destination domains, but not for different sending servers. 
We use Mandrill to separate outgoing email by application, so 2 users both with 
@gmail.com could still go out over different mandrill keys if they are 
customers on 2 different platforms. If this is possible, can someone please 
point me toward some documentation?

Re: openldap lookup error

[Bill Cole]

On 6 Sep 2017, at 7:55, hyndavirap...@bel.co.in wrote:

Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: 
dict_ldap_debug:

TLS: could not read certificate file
/etc/postfix/new_certs_/ca_cert_ldap.pem - error -5966:Access Denied. 
Sep


Check the permissions on that file. It must be readable by the postfix 
user. Your LDAP server may require very tight permissions (0400 or 0600) 
on all the certificate files that it uses, so you may need to use a copy 
of the file that postfix can access, distinct from the copy used by the 
LDAP server.


It also MAY be that an extra security layer (such as SELinux) is 
blocking access to that file.

Postfix and Maildrop Config

[Markus Rosjat]

Hi there,

I#m trying to get Maildrop to work with postfix but:

 - if I run it in direct mode
   - it insists on a user as arg  even I have truesed user enabled and
 setuid bit is enabled

 - if I run it in indirect mode
- I got told postfix/qmgr[1116]: warning: connect to transport
  private/maildrop: Connection refused

I followed the docs here and have a ldap directory for my user 
authentication.


Since I noticed ppl don't really bother with less information I like to 
point out that I'm totally new to the whole postfix thing so just trow 
me a bone even you don't like the ways I describe the problem . please


regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

openldap lookup error

[hyndavirapuru]

Hi,

I have configured postfix to work with openldap server for lookups.
main.cf configurations are as below,

##
virtual_mailbox_domains=1CorpHQ.tcs.mil.in
virtual_mailbox_base=/var/mail/vmail
virtual_mailbox_maps=ldap:/etc/postfix/virtual_mailbox_ssl_ldapusers
virtual_alias_maps=ldap:/etc/postfix/virtual_alias_map_ssl_ldapusers,
ldap:/etc/postfix/ldapdistlist_ssl.cf
virtual_minimum_uid=1000
virtual_uid_maps=static:6000
virtual_gid_maps=static:6000

##

VIRTUAL_ALIAS_MAP_SSL_LDAPUSERS FILE IS AS BELOW

server_host = ldap://1CorpHQ:389
#server_port = 389
start_tls = yes
tls_require_cert = yes
tls_ca_cert_file = /etc/postfix/new_certs_/ca_cert_ldap.pem
bind = yes
bind_dn = cn=admin,dc=tcs,dc=mil,dc=in
bind_pwd = tcsmsg
version = 3
search_base = dc=tcs,dc=mil,dc=in
scope = sub
timeout = 5
query_filter = uid=%u
result_attribute = mailHost
debuglevel = 1


But when i'm sending mail, postfix is not able to contact directory
server. log is as follows


Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: initializing the server-side
TLS engine
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: connect from
unknown[201.123.80.7]
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: setting up TLS connection
from unknown[201.123.80.7]
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: unknown[201.123.80.7]: TLS
cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:before/accept
initialization
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 read client
hello A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write
server hello A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write
certificate A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write key
exchange A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write
server done A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 flush data
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 read client
key exchange A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 read
finished A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write
change cipher spec A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write
finished A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 flush data
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: Anonymous TLS connection
established from unknown[201.123.80.7]: TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits)
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_create
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_url_parse_ext(ldap://1CorpHQ:389)
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_extended_operation_s
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_extended_operation
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_send_initial_request
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_new_connection 1 1 0
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_int_open_connection
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_connect_to_host: TCP 1CorpHQ:389
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_new_socket: 13
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_prepare_socket: 13
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_connect_to_host: Trying 127.0.0.1:389
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_pvt_connect: fd: 13 tm: 5 async: 0
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_ndelay_on: 13
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
attempting to connect:
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
connect errno: 115
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_int_poll: fd: 13 tm: 5
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_is_sock_ready: 13
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_ndelay_off: 13
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_pvt_connect: 0
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_open_defconn: successful
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_send_server_request
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ber_scanf fmt ({it) ber:
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ber_scanf fmt ({) ber:
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ber_flush2: 31 bytes to sd 13
Sep  

Re: Timeouts when submitting mail

[Wietse Venema]

Stijn van der Ree:
> Thanks for answering. The timeouts happened because postfix was waiting for
> opendkim. Changing the socket from tcp to unix domainsockets solved this,
> almost: at busy moments postfix now logs:
> 
> telemann postfix-13/smtpd[28087]: warning: connect to Milter service
> unix:/var/run/opendkim/opendkim.sock: Resource temporarily unavailable
> 
> And opendkim says:
> 
> opendkim[3963]: OpenDKIM Filter: accept() returned invalid socket (Numerical
> result out of range), try again
> 
> Is postfix requesting something invalid, or is this a problem with opendkim?

Enter the error message into a search engine.

Look at the results.

http://lists.elandsys.com/archive/opendkim/users/2014/03/3111.html

Wietse

Re: Timeouts when submitting mail

[Stijn van der Ree]

Thanks for answering. The timeouts happened because postfix was waiting for
opendkim. Changing the socket from tcp to unix domainsockets solved this,
almost: at busy moments postfix now logs:

telemann postfix-13/smtpd[28087]: warning: connect to Milter service
unix:/var/run/opendkim/opendkim.sock: Resource temporarily unavailable

And opendkim says:

opendkim[3963]: OpenDKIM Filter: accept() returned invalid socket (Numerical
result out of range), try again

Is postfix requesting something invalid, or is this a problem with opendkim?

Thanks again. 






--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html