Re: LDAP related "postconf: warning" with most recent build
* Wietse Venema: > Ralf Hildebrandt: > > % postconf -h queue_directory > > > > gives me a lot of LDAP related warnings: > > > > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: > > query_filter=(proxyAddresses=smtp:%s) > > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: > > start_tls=yes > > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: > > bind_pw=xxx > > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: > > version=3 > > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: > > bind_dn=yyy > > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: > > server_host=10.28.0.31? 10.28.0.32 > > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: > > result_attribute=mail > > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: > > search_base=dc=laborberlin,dc=intern > > > > mail_version = 3.3-20170730 > > Does not reproduce when I create a file with those entries, and use > it as alias_maps. Odd: 3.3-20170722 no warnings 3.3-20170728 warnings 3.3-20170729 warnings 3.3-20170730 warnings # sh src/postconf/extract_cfg.sh src/postconf/extract_cfg.sh: line 74: m4: command not found I installed m4, rebuilt, and the warnings are gone. -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Postfix and Maildrop Config
On 6 Sep 2017, at 8:28, Markus Rosjat wrote: Hi there, I#m trying to get Maildrop to work with postfix but: - if I run it in direct mode - it insists on a user as arg even I have truesed user enabled and setuid bit is enabled - if I run it in indirect mode - I got told postfix/qmgr[1116]: warning: connect to transport private/maildrop: Connection refused I followed the docs here and have a ldap directory for my user authentication. Since I noticed ppl don't really bother with less information I like to point out that I'm totally new to the whole postfix thing so just trow me a bone even you don't like the ways I describe the problem . please Here's a bone: http://www.postfix.org/DEBUG_README.html#mail You have not provided enough solid information about your configuration to let us help you efficiently. That section of the DEBUG_README file specifically explains what info is generally needed. Also, note what the distribution version of master.cf says: # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 Finally, since maildrop is a component of the Courier MTA, you may find more knowledge regarding its use in the Courier user community. Obviously some Postfix users do use maildrop but it is not the most common LDA choice for Postfix. I'd be surprised if it is even in the top 4.
postfix and multiple mandrill keys, based on sending server?
We have a medium sized cloud with 90% of servers sending via mandrill and each app/server having its own key. We have a few legacy apps, for example a .net 1.1 app, that won't send via TLS over 587, and mandrill doesn't support plan smtp over 25, so we set up a postfix server to do relay to mandrill via sasl authentication and a single mandrill key. I found how to use a different smart relay for different destination domains, but not for different sending servers. We use Mandrill to separate outgoing email by application, so 2 users both with @gmail.com could still go out over different mandrill keys if they are customers on 2 different platforms. If this is possible, can someone please point me toward some documentation?
Re: openldap lookup error
On 6 Sep 2017, at 7:55, hyndavirap...@bel.co.in wrote: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: TLS: could not read certificate file /etc/postfix/new_certs_/ca_cert_ldap.pem - error -5966:Access Denied. Sep Check the permissions on that file. It must be readable by the postfix user. Your LDAP server may require very tight permissions (0400 or 0600) on all the certificate files that it uses, so you may need to use a copy of the file that postfix can access, distinct from the copy used by the LDAP server. It also MAY be that an extra security layer (such as SELinux) is blocking access to that file.
Postfix and Maildrop Config
Hi there, I#m trying to get Maildrop to work with postfix but: - if I run it in direct mode - it insists on a user as arg even I have truesed user enabled and setuid bit is enabled - if I run it in indirect mode - I got told postfix/qmgr[1116]: warning: connect to transport private/maildrop: Connection refused I followed the docs here and have a ldap directory for my user authentication. Since I noticed ppl don't really bother with less information I like to point out that I'm totally new to the whole postfix thing so just trow me a bone even you don't like the ways I describe the problem . please regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
openldap lookup error
Hi, I have configured postfix to work with openldap server for lookups. main.cf configurations are as below, ## virtual_mailbox_domains=1CorpHQ.tcs.mil.in virtual_mailbox_base=/var/mail/vmail virtual_mailbox_maps=ldap:/etc/postfix/virtual_mailbox_ssl_ldapusers virtual_alias_maps=ldap:/etc/postfix/virtual_alias_map_ssl_ldapusers, ldap:/etc/postfix/ldapdistlist_ssl.cf virtual_minimum_uid=1000 virtual_uid_maps=static:6000 virtual_gid_maps=static:6000 ## VIRTUAL_ALIAS_MAP_SSL_LDAPUSERS FILE IS AS BELOW server_host = ldap://1CorpHQ:389 #server_port = 389 start_tls = yes tls_require_cert = yes tls_ca_cert_file = /etc/postfix/new_certs_/ca_cert_ldap.pem bind = yes bind_dn = cn=admin,dc=tcs,dc=mil,dc=in bind_pwd = tcsmsg version = 3 search_base = dc=tcs,dc=mil,dc=in scope = sub timeout = 5 query_filter = uid=%u result_attribute = mailHost debuglevel = 1 But when i'm sending mail, postfix is not able to contact directory server. log is as follows Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: initializing the server-side TLS engine Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: connect from unknown[201.123.80.7] Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: setting up TLS connection from unknown[201.123.80.7] Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: unknown[201.123.80.7]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:before/accept initialization Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 read client hello A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write server hello A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write certificate A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write key exchange A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write server done A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 flush data Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 read client key exchange A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 read finished A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write change cipher spec A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write finished A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 flush data Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: Anonymous TLS connection established from unknown[201.123.80.7]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_create Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_url_parse_ext(ldap://1CorpHQ:389) Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_extended_operation_s Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_extended_operation Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_send_initial_request Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_new_connection 1 1 0 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_int_open_connection Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_connect_to_host: TCP 1CorpHQ:389 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_new_socket: 13 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_prepare_socket: 13 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_connect_to_host: Trying 127.0.0.1:389 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_pvt_connect: fd: 13 tm: 5 async: 0 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_ndelay_on: 13 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: attempting to connect: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: connect errno: 115 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_int_poll: fd: 13 tm: 5 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_is_sock_ready: 13 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_ndelay_off: 13 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_pvt_connect: 0 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_open_defconn: successful Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_send_server_request Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ber_scanf fmt ({it) ber: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ber_scanf fmt ({) ber: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ber_flush2: 31 bytes to sd 13 Sep
Re: Timeouts when submitting mail
Stijn van der Ree: > Thanks for answering. The timeouts happened because postfix was waiting for > opendkim. Changing the socket from tcp to unix domainsockets solved this, > almost: at busy moments postfix now logs: > > telemann postfix-13/smtpd[28087]: warning: connect to Milter service > unix:/var/run/opendkim/opendkim.sock: Resource temporarily unavailable > > And opendkim says: > > opendkim[3963]: OpenDKIM Filter: accept() returned invalid socket (Numerical > result out of range), try again > > Is postfix requesting something invalid, or is this a problem with opendkim? Enter the error message into a search engine. Look at the results. http://lists.elandsys.com/archive/opendkim/users/2014/03/3111.html Wietse
Re: Timeouts when submitting mail
Thanks for answering. The timeouts happened because postfix was waiting for opendkim. Changing the socket from tcp to unix domainsockets solved this, almost: at busy moments postfix now logs: telemann postfix-13/smtpd[28087]: warning: connect to Milter service unix:/var/run/opendkim/opendkim.sock: Resource temporarily unavailable And opendkim says: opendkim[3963]: OpenDKIM Filter: accept() returned invalid socket (Numerical result out of range), try again Is postfix requesting something invalid, or is this a problem with opendkim? Thanks again. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html