Re: re-route mails on demand during block of ip address

[Viktor Dukhovni]

On Tue, Mar 10, 2020 at 05:18:01PM -0500, Noel Jones wrote:

> On 3/10/2020 4:55 PM, Stefan Bauer wrote:
> > 
> > i know this is quite old, but
> > smtp_fallback_relay should only get triggered on 
> > undeliverable-events and not when remote replies with a 4xx or 5xx - 
> > right?

Not quite.  When a delivery via the primary nexthop tempfails, the
fallback relay is used:

smtp_mx_session_limit (default: 2)
The maximal number of SMTP sessions per delivery request before the
Postfix SMTP client gives up or delivers to a fall-back relay host, or
zero (no limit). This restriction ignores sessions that fail to
complete the SMTP initial handshake (Postfix version 2.2 and earlier)
or that fail to complete the EHLO and TLS handshake (Postfix version
2.3 and later).

With 5xx, of course, the message the message is normally immediately
bounced (modulo soft_bounce and all that).

-- 
Viktor.

Re: Mail loops back to itself ONLY when using `mail` command on server

[Viktor Dukhovni]

On Wed, Mar 11, 2020 at 09:50:42AM +1000, Jay wrote:

> But, it seems like the true problem is finding out why the `mail`
> command isn’t putting messages into
> /Library/Server/Mail/Data/spool/maildrop instead of
> /var/spool/postfix/maildrop.

The mail(1) command undoubtedly invokes sendmail(1) to actually deliver
the message.  The Postfix sendmail(1) in turn invokes postdrop(1) to
deposit messages into the "maildrop" queue. So your task boils down to
finding how many sendmail(1)+postdrop(1) combinations you have, and
identifying which ones deposit the mail where.  On my non-server MacOS
laptop, I have:

$ type -p sendmail   
/usr/sbin/sendmail

$ strings -a $(type -p sendmail) | grep /postfix
/etc/postfix
/usr/libexec/postfix
/var/lib/postfix
/var/spool/postfix

which, with high probability, uses main.cf from /etc/postfix, and
invokes a postdrop(1) which deposits messages in
/var/spool/postfix/maildrop.

$ type -p postdrop
/usr/sbin/postdrop

$ strings -a $(type -p postdrop) | grep /postfix
/etc/postfix
/usr/libexec/postfix
/var/lib/postfix
/var/spool/postfix

-- 
Viktor.

Re: Mail loops back to itself ONLY when using `mail` command on server

[Jay]

> On 11 Mar 2020, at 3:33 am, Noel Jones  wrote:
> 
> On 3/10/2020 12:03 AM, Jay wrote:
>>> On 10 Mar 2020, at 2:02 pm, Noel Jones  wrote:
>>> 
>>> On 3/9/2020 9:09 PM, Jay wrote:
 Hi folks,
 I’m having a strange situation on one of my macOS X Servers (10.13.6) 
 running postfix 3.1.1.
 The server is configured to only use virtual_domains and virtual. When an 
 email is received externally on port 25 for one of those domains, it’s 
 accepted and handed off to Dovecot happily. All such received mail works 
 perfectly. Here is a log excerpt of a successful receipt:
 2020-03-10 11:53:47.417928+1000 0x3afa0e   Info0x0 
   96460  smtpd: connect from office.externaldomain.com.au 
 [203.1.1.1]
 2020-03-10 11:53:47.985328+1000 0x3afa0e   Info0x0 
   96460  smtpd: F075E1803D04: client=office.externaldomain.com.au 
 [203.1.1.1]
 2020-03-10 11:53:48.001337+1000 0x3afdd7   Info0x0 
   96498  cleanup: F075E1803D04: 
 message-id=<968781c4-1a74-42be-b4ce-141ea65e9...@externaldomain.com.au 
 >
 2020-03-10 11:53:48.005938+1000 0x35759a   Info0x0 
   74101  qmgr: F075E1803D04: from=>>> >, size=859, nrcpt=1 (queue active)
 2020-03-10 11:53:48.032335+1000 0x3afa0e   Info0x0 
   96460  smtpd: disconnect from office.externaldomain.com.au 
 [203.1.1.1] ehlo=2 starttls=1 mail=1 
 rcpt=1 data=1 quit=1 commands=7
 2020-03-10 11:53:49.699136+1000 0x3b00c5   Info0x0 
   96565  smtpd: connect from localhost[127.0.0.1]
 2020-03-10 11:53:49.702840+1000 0x3b00c5   Info0x0 
   96565  smtpd: AB8771803D0F: client=localhost[127.0.0.1]
 2020-03-10 11:53:49.705075+1000 0x3afdd7   Info0x0 
   96498  cleanup: AB8771803D0F: 
 message-id=<968781c4-1a74-42be-b4ce-141ea65e9...@externaldomain.com.au 
 >
 2020-03-10 11:53:49.705801+1000 0x3b00c5   Info0x0 
   96565  smtpd: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 
 data=1 quit=1 commands=5
 2020-03-10 11:53:49.706072+1000 0x35759a   Info0x0 
   74101  qmgr: AB8771803D0F: from=>>> >, size=1555, nrcpt=1 (queue active)
 2020-03-10 11:53:49.719987+1000 0x3b006e   Info0x0 
   96562  smtp: F075E1803D04: to=>>> >, orig_to=>>> >, relay=127.0.0.1[127.0.0.1]:10024, 
 delay=2.1, delays=0.36/0/0/1.7, dsn=2.0.0, status=sent (250 2.0.0 from 
 MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as AB8771803D0F)
 2020-03-10 11:53:49.720777+1000 0x35759a   Info0x0 
   74101  qmgr: F075E1803D04: removed
 2020-03-10 11:53:49.825969+1000 0x35759a   Info0x0 
   74101  qmgr: AB8771803D0F: removed
 However, when I use the `mail` command on the server, specifically `mail 
 j...@myvirtualdomain.com `, I get a mail 
 loops back to itself error:
 2020-03-10 11:55:43.060996+1000 0x3b04ce   Info0x0 
   96627  cleanup: 061A21803DE0: 
 message-id=<20200310015543.061a21803...@home.myvirtualdomain.com 
 >
 2020-03-10 11:55:43.062048+1000 0x3b04cb   Info0x0 
   96626  qmgr: 061A21803DE0: from=>>> >, size=338, nrcpt=1 (queue active)
 2020-03-10 11:55:43.972784+1000 0x3afa0e   Info0x0 
   96460  smtpd: connect from home.myvirtualdomain.com 
 [10.0.5.201]
 2020-03-10 11:55:43.973557+1000 0x3b04d3   Default 0x0 
   96629  smtp: warning: host home.myvirtualdomain.com 
 [10.0.5.201]:25 greeted me with my own 
 hostname home.myvirtualdomain.com 
 2020-03-10 11:55:43.974021+1000 0x3b04d3   Default 0x0 
   96629  smtp: warning: host home.myvirtualdomain.com 
 [10.0.5.201]:25 replied to HELO/EHLO with 
 my own hostname home.myvirtualdomain.com 
 2020-03-10 11:55:44.013568+1000 0x3b04d3   Info0x0 
   96629  smtp: 061A21803DE0: to=>>> >, relay=home.myvirtualdomain.com 
 [10.0.5.201]:25, 

Re: re-route mails on demand during block of ip address

[Noel Jones]

On 3/10/2020 4:55 PM, Stefan Bauer wrote:

Hi Noel,

i know this is quite old, but
smtp_fallback_relay should only get triggered on 
undeliverable-events and not when remote replies with a 4xx or 5xx - 
right?






That's what the docs say, which implies my off-the-cuff crappy 
workaround is misguided.

http://www.postfix.org/postconf.5.html#smtp_fallback_relay

So the solution is to use a better ISP.



  -- Noel Jones




Am Freitag, 31. Mai 2019 schrieb Noel Jones >:

 > On 5/31/2019 1:48 AM, Stefan Bauer wrote:
 >>
 >> Hi,
 >>
 >> I'm running a pair of postfix-servers in different data-centers 
(different ip networks) for outgoing-only delivery. once in a while 
my providers /22 appear on public blacklists, so mails from my nodes 
also gets rejected.

 >>
 >> For this, i have now a third backup-instance in another data 
center that is not visible to my users and only fairly with dummy 
mails used to keep reputation up and good. Howto re-route traffic on 
demand with postfix in case, ip-networks get blocked again?

 >>
 >> How do others handle this?
 >>
 >> Thank you.
 >>
 >> Stefan
 >
 >
 > Much better to send all your mail via the ISP that doesn't get 
their whole space blocked, rather than a crappy workaround.

 >
 > For a crappy workaround, you can use smtp_reply_filter to turn 
5xx rejects due to blacklists into 4xx temp failures, then use 
smtp_fallback_relay to send the temp failures to your backup 
server.  This will send other mail to the backup server, such as 
greylisted mail or mail that temp fails for unrelated reasons. Try 
to make your reply filter narrow enough that it doesn't transform 
rejects for non-rbl reasons, such as unknown recipient.

 >
 > http://www.postfix.org/postconf.5.html#smtp_reply_filter
 > http://www.postfix.org/postconf.5.html#smtp_fallback_relay
 >
 >
 >
 >   -- Noel Jones
 >

Re: Client cert based relaying setup not working

[Viktor Dukhovni]

On Tue, Mar 10, 2020 at 03:33:44PM +0100, Adam Cecile wrote:

> submission inet  n   -   y   -   -   smtpd
>      -o syslog_name=postfix/submission
>      -o smtpd_tls_security_level=encrypt
>      -o smtpd_sasl_auth_enable=yes
>  -o smtpd_tls_fingerprint_digest=sha1
>      -o relay_clientcerts=hash:/etc/postfix/relay_clientcerts
>      -o 
> smtpd_client_restrictions=permit_tls_clientcerts,permit_sasl_authenticated,reject
>      -o milter_macro_daemon_name=ORIGINATING
>      -o content_filter=dkimproxy:[127.0.0.1]:10028

I don't see "-o smtpd_tls_ask_ccert=yes" in there...

-- 
Viktor.

Re: t/s outbound 99% timeout on TBird?

[Viktor Dukhovni]

On Tue, Mar 10, 2020 at 10:53:02PM +1100, li...@sbt.net.au wrote:

> Mar 10 00:10:50 geko postfix/cleanup[9389]: C099F42B0143:
> message-id=<5262b5f4-18d5-b7fb-b09a-be37f1d61b9e@a_tld.com>
> Mar 10 00:12:38 geko opendkim[1322]: C099F42B0143: DKIM-Signature field
> added (s=default, d=a_tld.com)
> Mar 10 00:12:39 geko opendmarc[1295]: C099F42B0143: SPF(mailfrom):
> bb@a_tld.com fail
> Mar 10 00:12:39 geko opendmarc[1295]: C099F42B0143: a_tld.com fail

So were the milters slow, or the message transmission slow?

Also, while you may want to DKIM-sign submission traffic, what's the
purpose of DMARC in this case?  I'd expect that SPF and DMARC checks are
not relevant for submission, and not should not be turned on.

-- 
Viktor.

Re: Warning about non-existent MX for destination domain

[Viktor Dukhovni]

On Tue, Mar 10, 2020 at 12:18:28PM -0700, Fred Morris wrote:

> NOERROR doesn't necessarily mean that there was an answer. The number of 
> answers to the question asked can be 0, even if the FQDN (fully qualified 
> domain name) exists, if some other type of information is associated with 
> it. It could also be an ENT (empty non terminal), there could be 
> subrecords.

Correct, NOERROR is the non-failure status code when the target name
(possibly after one or more CNAME redirects) exists.  Whether or not
there it has associated records of the requested type.

Non-failure means the DNS server was able to give you a definitive
answer, it may or may not be the answer you were looking for.

C: www.example.com. IN MX ?
S: NOERROR(1/1/0): www.example.com. IN CNAME www.example.net.
   example.net. IN SOA ...

The above indicates that www.example.com is aliased to www.example.net,
which exists, but has no MX records.

[ (1/1/0) means 1 answer (CNAME), 1 authority record (SOA), 0 additional ]

> NXDOMAIN means there are no records.

No, this is wrong.  NXDOMAIN is the non-failure status code when the
target name (possibly after one or more CNAME redirects) does not exist.

C: www.example.com. IN MX ?
S: NXDOMAIN(1/1/0): www.example.com. IN CNAME www.example.net.
example.net. IN SOA ...

The above indicates that www.example.com is aliased to www.example.net,
which does not exist.

> SERVFAIL means that no usable records were found. This can be returned by 
> your caching / recursive resolver. SERVFAIL is also the common result if 
> you're using DNSSEC and your resolver becomes untethered from NTP.

No. This is wrong.  SERVFAIL means that the nameserver (authoritative or
iterative) was unable to provide an answer.  It has nothing to do with
"usable records".  This is a catch-all "I tried to service your query,
but failed, sorry about that, better luck next time..."  answer.

Yes, resolvers return SERVFAIL when the upstream answer fails DNSSEC
validation (is "bogus"), but also when the domain is lame, or upstream
queries time out, ...

-- 
Viktor.

Re: postfix and systemctl

[Peter]

On 11/03/20 1:10 am, Emanuel Postfix wrote:

In the file /etc/yum.repos.d/gf.repo add this config:


Get rid of that, the gf-release package contains that file.


from console I execute the following:


yum --nogpg install 
http://mirror.ghettoforge.org/distributions/gf/gf-release-latest.gf.el7.noarch.rpm


yum --enablerepo=gf-plus install postfix3

Also see http://ghettoforge.org/index.php/Postfix3


Peter

Re: Warning about non-existent MX for destination domain

[Fred Morris]

Let's try to clear up DNS even though that's not what the original querant 
is asking.


On Tue, 10 Mar 2020, Wietse Venema wrote:

Catalin Bucur:

On 10/03/2020 17:16, Wietse Venema wrote:

This is a problem with your DNS resolver WHICH IS NOT PART OF
POSTFIX. You need to use a better DNS resolver.

With a properly functioning resolver:

$ host -t mxwww.postfix.org
www.postfix.org  has no MX record



By the same logic that we should be looking at postfix logs rather than 
thunderbird logs, we should probably be looking at the DNS logs rather 
than the output of some tool.



type=MX: Host not found, try again)"/, but AFTER
/maximal_queue_lifetime/, which is very annoying.


NOERROR doesn't necessarily mean that there was an answer. The number of 
answers to the question asked can be 0, even if the FQDN (fully qualified 
domain name) exists, if some other type of information is associated with 
it. It could also be an ENT (empty non terminal), there could be 
subrecords.


NXDOMAIN means there are no records.

SERVFAIL means that no usable records were found. This can be returned by 
your caching / recursive resolver. SERVFAIL is also the common result if 
you're using DNSSEC and your resolver becomes untethered from NTP.


Interactions between search lists and wildcarded domains (in the DNS) can 
result in an unexpected mailserver receiving the email. The behavior of 
that mailserver is determined by the configuration of that mailserver. If 
you fatfingered the domain and it ends up here you may get lucky and 
recognize the address of the remote MTA.


Any given domain can choose to do any number of things with received email 
(a policy issue outside of the DNS), including dropping it silently or 
kicking unexpected errors. If you fatfingered the domain and they choose 
to send your submission silently to /dev/null your message was 
"successfully" delivered.


--

Fred Morris

Re: Warning about non-existent MX for destination domain

[Catalin Bucur]

On 10/03/2020 19:49, Dominic Raferd wrote:

My responses seem like OP's:
# host -t mx imake.ro  8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

Host imake.ro  not found: 2(SERVFAIL)
# host -t mx sometotallyINVENTEDdomainTHATdoesNOTexist.com 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

Host sometotallyINVENTEDdomainTHATdoesNOTexist.com not found: 3(NXDOMAIN)

I read this as: imake.ro  exists but is not configured.


Right. And for this type of domains (bad configured) I want that postfix 
warn me as soon as possbile, not after a few days.


Catalin Bucur

Re: Warning about non-existent MX for destination domain

[Dominic Raferd]

On Tue, 10 Mar 2020 at 17:37, Jaroslaw Rafa  wrote:

> Dnia 10.03.2020 o godz. 19:33:14 Catalin Bucur pisze:
> > Google dns says:
> > # host -t mx imake.ro 8.8.8.8
> > Using domain server:
> > Name: 8.8.8.8
> > Address: 8.8.8.8#53
> > Aliases:
> > Host imake.ro not found: 2(SERVFAIL)
>
> Something's wrong with resolver library on your machine. Mine says:
>
> raj@rafa:~$ host -t mx imake.ro 8.8.8.8
> Using domain server:
> Name: 8.8.8.8
> Address: 8.8.8.8#53
> Aliases:
>
> Host imake.ro not found: 3(NXDOMAIN)
>
> That's the correct answer - NXDOMAIN, not SERVFAIL.
>
> My responses seem like OP's:
# host -t mx imake.ro 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

Host imake.ro not found: 2(SERVFAIL)
# host -t mx sometotallyINVENTEDdomainTHATdoesNOTexist.com 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

Host sometotallyINVENTEDdomainTHATdoesNOTexist.com not found: 3(NXDOMAIN)

I read this as: imake.ro exists but is not configured.

Re: Warning about non-existent MX for destination domain

[Gerald Galster]

> Gerald and Bill, you have both of you right, delay_warning_time it's the 
> parameter I was looking for.
> Anyway, after setting up delay_warning_time=5m I noticed some warnings in 
> logs:
> 
> Mar 10 17:52:02 mail postfix/bounce[7326]: warning: [built-in]: zero result 
> in delay template conversion of parameter "delay_warning_time_hours"
> Mar 10 17:52:02 mail postfix/bounce[7326]: warning: please reduce time unit 
> "hours" of "delay_warning_time_hours" in delay template
> Mar 10 17:52:02 mail postfix/bounce[7326]: warning: for instructions see the 
> bounce(5) manual

what happens if you set delay_warning_time=1h or delay_warning_time=300  (as in 
300 seconds)?

In the template file it says hours, so everything below one hour might evaluate 
to zero?

Best regards
Gerald

Re: Warning about non-existent MX for destination domain

[Catalin Bucur]

On 10/03/2020 19:33, Jaroslaw Rafa wrote:
If you get reply 2(SERVFAIL) it means DNS server for the domain failed 
and

did not return any usable reply, so we actually don't know if the domain
exists or not. In that case Postfix SHOULD keep trying to deliver mail
(maybe the DNS server for the domain will resume working?) until max queue
time is exceeded.


You're right, but it should be nice if sender would receive an warning 
about that, as soon as possible. And that happened ONLY after I modified 
/delay_warning_time/ parameter to a couple of minutes.



A reply actually confirming that the domain does not exist would be
3(NXDOMAIN). In that case Postfix should return mail immediately.


Catalin Bucur

Re: Warning about non-existent MX for destination domain

[Jaroslaw Rafa]

Dnia 10.03.2020 o godz. 19:33:14 Catalin Bucur pisze:
> Google dns says:
> # host -t mx imake.ro 8.8.8.8
> Using domain server:
> Name: 8.8.8.8
> Address: 8.8.8.8#53
> Aliases:
> Host imake.ro not found: 2(SERVFAIL)

Something's wrong with resolver library on your machine. Mine says:

raj@rafa:~$ host -t mx imake.ro 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

Host imake.ro not found: 3(NXDOMAIN)

That's the correct answer - NXDOMAIN, not SERVFAIL.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

Re: Warning about non-existent MX for destination domain

[Jaroslaw Rafa]

Dnia 10.03.2020 o godz. 19:11:33 Catalin Bucur pisze:
> You mean that I should modify standard configuration for my dns
> server (resolver) to force reply that MX record does not exist,
> instead of "Host doman.com not found: 2(SERVFAIL)" ?

If you get reply 2(SERVFAIL) it means DNS server for the domain failed and
did not return any usable reply, so we actually don't know if the domain
exists or not. In that case Postfix SHOULD keep trying to deliver mail
(maybe the DNS server for the domain will resume working?) until max queue
time is exceeded.
A reply actually confirming that the domain does not exist would be
3(NXDOMAIN). In that case Postfix should return mail immediately.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

Re: Mail loops back to itself ONLY when using `mail` command on server

[Noel Jones]

On 3/10/2020 12:03 AM, Jay wrote:

On 10 Mar 2020, at 2:02 pm, Noel Jones  wrote:

On 3/9/2020 9:09 PM, Jay wrote:

Hi folks,
I’m having a strange situation on one of my macOS X Servers (10.13.6) running 
postfix 3.1.1.
The server is configured to only use virtual_domains and virtual. When an email 
is received externally on port 25 for one of those domains, it’s accepted and 
handed off to Dovecot happily. All such received mail works perfectly. Here is 
a log excerpt of a successful receipt:
2020-03-10 11:53:47.417928+1000 0x3afa0e   Info0x0   96460  
smtpd: connect from office.externaldomain.com.au 
[203.1.1.1]
2020-03-10 11:53:47.985328+1000 0x3afa0e   Info0x0   96460  
smtpd: F075E1803D04: client=office.externaldomain.com.au 
[203.1.1.1]
2020-03-10 11:53:48.001337+1000 0x3afdd7   Info0x0   96498  
cleanup: F075E1803D04: 
message-id=<968781c4-1a74-42be-b4ce-141ea65e9...@externaldomain.com.au 
>
2020-03-10 11:53:48.005938+1000 0x35759a   Info0x0   74101  qmgr: 
F075E1803D04: from=mailto:j...@externaldomain.com.au>>, size=859, nrcpt=1 (queue active)
2020-03-10 11:53:48.032335+1000 0x3afa0e   Info0x0   96460  
smtpd: disconnect from office.externaldomain.com.au 
[203.1.1.1] ehlo=2 starttls=1 mail=1 
rcpt=1 data=1 quit=1 commands=7
2020-03-10 11:53:49.699136+1000 0x3b00c5   Info0x0   
96565  smtpd: connect from localhost[127.0.0.1]
2020-03-10 11:53:49.702840+1000 0x3b00c5   Info0x0   
96565  smtpd: AB8771803D0F: client=localhost[127.0.0.1]
2020-03-10 11:53:49.705075+1000 0x3afdd7   Info0x0   96498  
cleanup: AB8771803D0F: 
message-id=<968781c4-1a74-42be-b4ce-141ea65e9...@externaldomain.com.au 
>
2020-03-10 11:53:49.705801+1000 0x3b00c5   Info0x0   
96565  smtpd: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 
quit=1 commands=5
2020-03-10 11:53:49.706072+1000 0x35759a   Info0x0   74101  qmgr: 
AB8771803D0F: from=mailto:j...@externaldomain.com.au>>, size=1555, nrcpt=1 (queue active)
2020-03-10 11:53:49.719987+1000 0x3b006e   Info0x0   96562  smtp: F075E1803D04: 
to=mailto:j...@home.myvirtualdomain.com>>, 
orig_to=mailto:j...@myvirtualdomain.com>>, 
relay=127.0.0.1[127.0.0.1]:10024, delay=2.1, delays=0.36/0/0/1.7, dsn=2.0.0, status=sent (250 2.0.0 
from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as AB8771803D0F)
2020-03-10 11:53:49.720777+1000 0x35759a   Info0x0   
74101  qmgr: F075E1803D04: removed
2020-03-10 11:53:49.825969+1000 0x35759a   Info0x0   
74101  qmgr: AB8771803D0F: removed
However, when I use the `mail` command on the server, specifically `mail 
j...@myvirtualdomain.com `, I get a mail loops 
back to itself error:
2020-03-10 11:55:43.060996+1000 0x3b04ce   Info0x0   96627  
cleanup: 061A21803DE0: message-id=<20200310015543.061a21803...@home.myvirtualdomain.com 
>
2020-03-10 11:55:43.062048+1000 0x3b04cb   Info0x0   96626  qmgr: 
061A21803DE0: from=mailto:r...@home.myvirtualdomain.com>>, size=338, nrcpt=1 (queue active)
2020-03-10 11:55:43.972784+1000 0x3afa0e   Info0x0   96460  
smtpd: connect from home.myvirtualdomain.com 
[10.0.5.201]
2020-03-10 11:55:43.973557+1000 0x3b04d3   Default 0x0   96629  smtp: 
warning: host home.myvirtualdomain.com 
[10.0.5.201]:25 greeted me with my own hostname 
home.myvirtualdomain.com 
2020-03-10 11:55:43.974021+1000 0x3b04d3   Default 0x0   96629  smtp: 
warning: host home.myvirtualdomain.com 
[10.0.5.201]:25 replied to HELO/EHLO with my own 
hostname home.myvirtualdomain.com 
2020-03-10 11:55:44.013568+1000 0x3b04d3   Info0x0   96629  smtp: 061A21803DE0: 
to=mailto:j...@myvirtualdomain.com>>, 
relay=home.myvirtualdomain.com [10.0.5.201]:25, delay=1.5, 
delays=0.59/0.04/0.87/0, dsn=5.4.6, status=bounced (mail for myvirtualdomain.com 
 loops back to myself)
2020-03-10 11:55:44.013989+1000 0x3afa0e   Info0x0   96460  
smtpd: disconnect from home.myvirtualdomain.com 
[10.0.5.201] ehlo=1 quit=1 commands=2
2020-03-10 11:55:44.015809+1000 0x3b04ce   Info0x0   96627  

Re: Warning about non-existent MX for destination domain

[Catalin Bucur]

On 10/03/2020 19:26, Wietse Venema wrote:

SERVFAIL (for a domain without MX record) means that something is
broken. If the fault is not with your local resolver, then you need
make sure that you point your resolver at a proper implementation.
I have seen nonsense results from cheap routers that expect queries
from web clients that never ask for MX.

What is the domain name? I gave an example of what the expected
response looks like.

Wietse

Let's say for example imake.ro
This domain it's configured wrong, but it's not managed by me. Which 
resolver should I use for a non-SERVFAIL error?


Google dns says:
# host -t mx imake.ro 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:
Host imake.ro not found: 2(SERVFAIL)

Catalin Bucur

Re: Warning about non-existent MX for destination domain

[Wietse Venema]

SERVFAIL (for a domain without MX record) means that something is
broken. If the fault is not with your local resolver, then you need
make sure that you point your resolver at a proper implementation.
I have seen nonsense results from cheap routers that expect queries
from web clients that never ask for MX.

What is the domain name? I gave an example of what the expected
response looks like.

Wietse

Re: Warning about non-existent MX for destination domain

[Catalin Bucur]

On 10/03/2020 17:55, Wietse Venema wrote:

THAT is a DNS resolver issue. If a domain has no MX record the
resolver should say sa IMMEDIATELY, instead of forever returning
NO RESPONSE.

Again, with proper resolver will IMMEDIATELY reply that the MX
record does not exist, allowing Postfix to proceed IMMEDIATELY.

With your broken resolver, Postfix gets NO RESPONSE, and therefore
it MUST NOT proceed.

Wietse


You mean that I should modify standard configuration for my dns server 
(resolver) to force reply that MX record does not exist, instead of 
"Host doman.com not found: 2(SERVFAIL)" ? I don't really know that my 
actual nameserver configuration it's a "broken" configuration, I belive 
that it's somehow a "standard" configuration.

And what if server's resolver isn't managed by me? Let's say:

# cat /etc/resolv.conf
nameserver 8.8.8.8

Catalin Bucur

Re: Warning about non-existent MX for destination domain

[Catalin Bucur]

On 10/03/2020 17:57, Gerald Galster wrote:
In case there is no MX record the mail is delivered to the domain's ip 
(a/ record).
It's up to the domain's administrator to set a NULL MX to prevent 
that, but it's quite new:

https://tools.ietf.org/html/rfc7505

What postfix can do:

delay_warning_time (default: 0h)
       The time after which the sender receives a copy of the message 
headers of mail that is still queued


bounce_queue_lifetime = 4h
maximal_queue_lifetime = 1d
...

man 5 postconf

Best regards
Gerald


Gerald and Bill, you have both of you right, /delay_warning_time/ it's 
the parameter I was looking for.
Anyway, after setting up delay_warning_time=5m I noticed some warnings 
in logs:


Mar 10 17:52:02 mail postfix/bounce[7326]: warning: [built-in]: zero 
result in delay template conversion of parameter "delay_warning_time_hours"
Mar 10 17:52:02 mail postfix/bounce[7326]: warning: please reduce time 
unit "hours" of "delay_warning_time_hours" in delay template
Mar 10 17:52:02 mail postfix/bounce[7326]: warning: for instructions see 
the bounce(5) manual


Thank you for your help.

Best regards,

Catalin Bucur

Re: Warning about non-existent MX for destination domain

[Gerald Galster]

> On 10/03/2020 17:16, Wietse Venema wrote:
>> This is a problem with your DNS resolver WHICH IS NOT PART OF
>> POSTFIX. You need to use a better DNS resolver.
>> 
>> With a properly functioning resolver:
>> 
>> $ host -t mx www.postfix.org 
>> www.postfix.org  has no MX record
>> 
>>  Wietse
> 
> You didn't understood my issue, you didn't read enough from my message or I 
> didn't was clear enough.
> It's not a MY dns issue, in fact it's not a really dns issue. Again:
>  1. I want to send mail to someb...@domain.com 
>  2. From mistake, I send message to someb...@doman.com 
>  (note a missing 'i')
>  3. doman.com exists, BUT it doesn't have MX record defined
>  4. my message stays in queue until maximal_queue_lifetime expires and 
> postfix try to resend it
>  5. I DON'T receive any warning about that error until maximal_queue_lifetime 
> expires (implicitly 5 days), and THIS is the real problem, I don't know that 
> my message didn't arrive at destination because I've accidentally missed a 
> letter from destination domain name.

In case there is no MX record the mail is delivered to the domain's ip (a/ 
record).
It's up to the domain's administrator to set a NULL MX to prevent that, but 
it's quite new:
https://tools.ietf.org/html/rfc7505

What postfix can do:

delay_warning_time (default: 0h)
   The time after which the sender receives a copy of the message headers 
of mail that is still queued

bounce_queue_lifetime = 4h
maximal_queue_lifetime = 1d
...

man 5 postconf

Best regards
Gerald

Re: Warning about non-existent MX for destination domain

[Wietse Venema]

Catalin Bucur:
> On 10/03/2020 17:16, Wietse Venema wrote:
> > This is a problem with your DNS resolver WHICH IS NOT PART OF
> > POSTFIX. You need to use a better DNS resolver.
> >
> > With a properly functioning resolver:
> >
> > $ host -t mxwww.postfix.org
> > www.postfix.org  has no MX record
> >
> > Wietse
> 
> You didn't understood my issue, you didn't read enough from my message 
> or I didn't was clear enough.
> It's not a MY dns issue, in fact it's not a really dns issue. Again:

You wrote:
> For an existing domain but without MX, I receive the error /"Host or
> domain name not found. Name service error for name=onedomain.com
> type=MX: Host not found, try again)"/, but AFTER
> /maximal_queue_lifetime/, which is very annoying. In this case the

THAT is a DNS resolver issue. If a domain has no MX record the
resolver should say sa IMMEDIATELY, instead of forever returning
NO RESPONSE.

Again, with proper resolver will IMMEDIATELY reply that the MX
record does not exist, allowing Postfix to proceed IMMEDIATELY.

With your broken resolver, Postfix gets NO RESPONSE, and therefore
it MUST NOT proceed.

Wietse

Re: Warning about non-existent MX for destination domain

[Catalin Bucur]

On 10/03/2020 17:16, Wietse Venema wrote:

This is a problem with your DNS resolver WHICH IS NOT PART OF
POSTFIX. You need to use a better DNS resolver.

With a properly functioning resolver:

$ host -t mxwww.postfix.org
www.postfix.org  has no MX record

Wietse


You didn't understood my issue, you didn't read enough from my message 
or I didn't was clear enough.

It's not a MY dns issue, in fact it's not a really dns issue. Again:
 1. I want to send mail to someb...@domain.com
 2. From mistake, I send message to someb...@doman.com (note a missing 'i')
 3. doman.com exists, BUT it doesn't have MX record defined
 4. my message stays in queue until /maximal_queue_lifetime/ expires 
and postfix try to resend it
 5. I DON'T receive any warning about that error until 
/maximal_queue_lifetime/ expires (implicitly 5 days), and THIS is the 
real problem, I don't know that my message didn't arrive at destination 
because I've accidentally missed a letter from destination domain name.


Regards,

Catalin Bucur

Re: Warning about non-existent MX for destination domain

[Bill Cole]

On 10 Mar 2020, at 10:26, Catalin Bucur wrote:


Hello,

I have a question about how Postfix generate warning messages about 
non-existent domains, non-existent MX domain names or for timeout 
connecting to a destination mail server. In fact, my real problem is 
that postfix does not warn me about nothing when I incorrectly write 
the domain name for an email address AND by chance that domain exists 
but does not have configured MX record on its DNS.


For example for a non-existent domain I receive almost instantly the 
message /"t...@asdasdasd.ro : Host or domain 
name not found. Name service error for name=asdasdasd.ro type=A: Host 
not found"/
For an existing domain but without MX, I receive the error /"Host or 
domain name not found. Name service error for name=onedomain.com 
type=MX: Host not found, try again)"/, but AFTER 
/maximal_queue_lifetime/, which is very annoying. In this case the 
sender finds out only after 5 days about the real problem.


This should only happen in cases where the target domain has no MX 
record but does have an A record, and the host at the A record's IP has 
no mail service.


Fallback to A records is a standard part of how SMTP works. MX records 
are not required for mail delivery and never have been.


Is there any way to modify postfix configuration to inform the sender 
about such a problem instantly and to retry to send message until 
/maximal_queue_lifetime/ expires?


Not instantly, but you CAN warn the user sooner by setting a short 
non-zero delay_warning_time. It should probably be at least as long as a 
slow DNS lookup might take.


From the postconf(5) man page:

  delay_warning_time (default: 0h)
The time after which the sender receives a copy of the message of 
mail
that is still queued.  The  confirm_delay_cleared  parameter  
controls

sender notification when the delay clears up.

To enable this feature, specify a  non-zero  time  value  (an  
integral
value plus an optional one-letter suffix that specifies the time 
unit).


Time units: s (seconds), m (minutes), h (hours), d (days),  w  
(weeks).

The default time unit is h (hours).

See also: delay_notice_recipient, notify_classes, 
confirm_delay_cleared.





--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)

Re: Warning about non-existent MX for destination domain

[Wietse Venema]

Catalin Bucur:
> For an existing domain but without MX, I receive the error /"Host or 
> domain name not found. Name service error for name=onedomain.com 
> type=MX: Host not found, try again)"/, but AFTER 
> /maximal_queue_lifetime/, which is very annoying. In this case the 
> sender finds out only after 5 days about the real problem.

This is a problem with your DNS resolver WHICH IS NOT PART OF
POSTFIX. You need to use a better DNS resolver.

With a properly functioning resolver:

$ host -t mx www.postfix.org
www.postfix.org has no MX record

Wietse

Re: postfix3 with opendkim

[Wietse Venema]

SysAdmin EM:
> grep milter /etc/postfix/master.cf
> #  -o milter_macro_daemon_name=ORIGINATING
> #  -o milter_macro_daemon_name=ORIGINATING
> 
> I can't find the problem flaw

To find out what Postfix really uses:

$ postconf -n | grep milter
$ postconf -P | grep milter

Postfix does not use mail.cf files. Details matter.

Wietse


> Any ideas? postfix 3 is compatible?
> 
> El mar., 10 de mar. de 2020 a la(s) 10:58, Dominic Raferd (
> domi...@timedicer.co.uk) escribi?:
> 
> > On Tue, 10 Mar 2020 at 13:52, SysAdmin EM  wrote:
> > >
> > > Hello.!
> > >
> > > In the mail.cf i add this options:
> > > # OpenDKIM
> > > smtpd_milters   = inet:127.0.0.1:8891
> > > non_smtpd_milters   = $smtpd_milters
> > > milter_default_action   = accept
> > > milter_protocol = 6
> > >
> > > when i send and email from console, i not see communication with postfix
> > and opendkim
> > >
> > > Mar 10 10:50:15 server003 postfix/pickup[19505]: BC053C09B473: uid=0
> > from=
> > > Mar 10 10:50:15 server003 postfix/cleanup[19512]: BC053C09B473:
> > message-id=<20200310135015.bc053c09b...@mail03.server003.com>
> > > Mar 10 10:50:15 server003 postfix/qmgr[19506]: BC053C09B473: from=<
> > r...@mail03.server003.com>, size=512, nrcpt=1 (queue active)
> > > Mar 10 10:50:16 server003 postfix/smtp[19515]: BC053C09B473: to=<
> > emaw...@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.186.26]:25,
> > delay=1, delays=0
> > > .04/0/0.34/0.62, dsn=2.0.0, status=sent (250 2.0.0 OK  1583848216
> > f20si8353764qkm.11 - gsmtp)
> > > Mar 10 10:50:16 server003 postfix/qmgr[19506]: BC053C09B473: removed
> > >
> > >
> > > El mar., 10 de mar. de 2020 a la(s) 10:47, Fazzina, Angelo (
> > angelo.fazz...@uconn.edu) escribi?:
> > >>
> > >> Hi, may I ask what your Postfix config looks like for OpenDkim ?
> > >> In Postfix 2.x it is close to this :
> > >>
> > >> smtpd_milters = inet:127.0.0.1:8891
> > >> non_smtpd_milters = $smtpd_milters
> > >> milter_default_action = accept
> > >> milter_protocol = 6
> > >> -ANGELO FAZZINA
> > >>
> > >>
> > >> From: owner-postfix-us...@postfix.org 
> > On Behalf Of SysAdmin EM
> > >> Sent: Tuesday, March 10, 2020 9:26 AM
> > >> To: postfix-users@postfix.org
> > >> Subject: postfix3 with opendkim
> > >>
> > >> I update my Postfix 2 to Postfix 3. Postfix not communicating with
> > opendkim.
> > >>
> > >>
> > >>
> > >> Mar 10 10:14:31 server003 opendkim[18596]: OpenDKIM Filter: mi_stop=1
> > >> Mar 10 10:14:31 server003 opendkim[18596]: OpenDKIM Filter v2.11.0
> > terminating with status 0, errno = 0
> > >> Mar 10 10:14:34 server opendkim[18915]: OpenDKIM Filter v2.11.0
> > starting (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)
> > >> Mar 10 10:15:44 server003 postfix/cleanup[19015]: 614D2C09B473:
> > message-id=<20200310131544.614d2c09b...@mail03.server.com>
> > >> Mar 10 10:15:44 server003 postfix/qmgr[18994]: 614D2C09B473: from=<
> > r...@mail03.server.com>, size=512, nrcpt=1 (queue active)
> > >> Mar 10 10:15:44 server003 postfix/smtp[19018]: connect to
> > gmail-smtp-in.l.google.com[2800:3f0:4003:c00::1a]:25: Network is
> > unreachable
> > >> Mar 10 10:15:45 server003 postfix/smtp[19018]: 614D2C09B473: to=<
> > emaw...@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.186.26]:25,
> > delay=1, delay
> > >> s=0.07/0/0.43/0.54, dsn=2.0.0, status=sent (250 2.0.0 OK  1583846145
> > z199si8204777qka.20 - gsmtp)
> > >> Mar 10 10:15:45 server003 postfix/qmgr[18994]: 614D2C09B473: removed
> > >>
> > >> In the openDKIM config file i add this options:...
> >
> >
> > Maybe you have something in your master.cf that overrides the milter
> > settings in main.cf. Have a look for keyword 'milter' in master.cf.
> >

Client cert based relaying setup not working

[Adam Cecile]

Hello,


Here is my submission definition on *server* master.cf:

submission inet  n   -   y   -   -   smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
#    -o smtpd_tls_fingerprint_digest=sha1
#    -o relay_clientcerts=hash:/etc/postfix/relay_clientcerts
#    -o 
smtpd_client_restrictions=permit_tls_clientcerts,permit_sasl_authenticated,reject

    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o milter_macro_daemon_name=ORIGINATING
    -o content_filter=dkimproxy:[127.0.0.1]:10028

That I turned into:

submission inet  n   -   y   -   -   smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
-o smtpd_tls_fingerprint_digest=sha1
    -o relay_clientcerts=hash:/etc/postfix/relay_clientcerts
    -o 
smtpd_client_restrictions=permit_tls_clientcerts,permit_sasl_authenticated,reject

    -o milter_macro_daemon_name=ORIGINATING
    -o content_filter=dkimproxy:[127.0.0.1]:10028


File /etc/postfix/relay_clientcerts contains client certificate 
retreived by running: openssl x509 -fingerprint -sha1 -in 
/etc/ssl/certs/ssl-cert-snakeoil.pem then a space the the client hostname



On *client* main.cf contains the following:

smtp_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtp_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtp_use_tls = yes
relayhost = [server.hostname.com]:587


But when I send an email, server says:

postfix/submission/smtpd[569]: NOQUEUE: reject: RCPT from 
unknown[1.2.3.4]: 554 5.7.1 : Client host rejected: 
Access denied



Can someone give me a hint to get this working ?


Thanks in advance,

Regards, Adam.

Warning about non-existent MX for destination domain

[Catalin Bucur]

Hello,

I have a question about how Postfix generate warning messages about 
non-existent domains, non-existent MX domain names or for timeout 
connecting to a destination mail server. In fact, my real problem is 
that postfix does not warn me about nothing when I incorrectly write the 
domain name for an email address AND by chance that domain exists but 
does not have configured MX record on its DNS.


For example for a non-existent domain I receive almost instantly the 
message /"t...@asdasdasd.ro : Host or domain 
name not found. Name service error for name=asdasdasd.ro type=A: Host 
not found"/
For an existing domain but without MX, I receive the error /"Host or 
domain name not found. Name service error for name=onedomain.com 
type=MX: Host not found, try again)"/, but AFTER 
/maximal_queue_lifetime/, which is very annoying. In this case the 
sender finds out only after 5 days about the real problem.


Is there any way to modify postfix configuration to inform the sender 
about such a problem instantly and to retry to send message until 
/maximal_queue_lifetime/ expires?


Thank you for your time.

Best regards,
Catalin

Re: postfix3 with opendkim

[Dominic Raferd]

On Tue, 10 Mar 2020 at 14:08, SysAdmin EM  wrote:
>
> grep milter /etc/postfix/master.cf
> #  -o milter_macro_daemon_name=ORIGINATING
> #  -o milter_macro_daemon_name=ORIGINATING
>
> I can't find the problem flaw
>
> Any ideas? postfix 3 is compatible?
>
> El mar., 10 de mar. de 2020 a la(s) 10:58, Dominic Raferd 
> (domi...@timedicer.co.uk) escribió:
>>
>> On Tue, 10 Mar 2020 at 13:52, SysAdmin EM  wrote:
>> >
>> > Hello.!
>> >
>> > In the mail.cf i add this options:
>> > # OpenDKIM
>> > smtpd_milters   = inet:127.0.0.1:8891
>> > non_smtpd_milters   = $smtpd_milters
>> > milter_default_action   = accept
>> > milter_protocol = 6
>> >
>> > when i send and email from console, i not see communication with postfix 
>> > and opendkim
>> >
>> > Mar 10 10:50:15 server003 postfix/pickup[19505]: BC053C09B473: uid=0 
>> > from=
>> > Mar 10 10:50:15 server003 postfix/cleanup[19512]: BC053C09B473: 
>> > message-id=<20200310135015.bc053c09b...@mail03.server003.com>
>> > Mar 10 10:50:15 server003 postfix/qmgr[19506]: BC053C09B473: 
>> > from=, size=512, nrcpt=1 (queue active)
>> > Mar 10 10:50:16 server003 postfix/smtp[19515]: BC053C09B473: 
>> > to=, 
>> > relay=gmail-smtp-in.l.google.com[64.233.186.26]:25, delay=1, delays=0
>> > .04/0/0.34/0.62, dsn=2.0.0, status=sent (250 2.0.0 OK  1583848216 
>> > f20si8353764qkm.11 - gsmtp)
>> > Mar 10 10:50:16 server003 postfix/qmgr[19506]: BC053C09B473: removed
>> >
>> >
>> > El mar., 10 de mar. de 2020 a la(s) 10:47, Fazzina, Angelo 
>> > (angelo.fazz...@uconn.edu) escribió:
>> >>
>> >> Hi, may I ask what your Postfix config looks like for OpenDkim ?
>> >> In Postfix 2.x it is close to this :
>> >>
>> >> smtpd_milters = inet:127.0.0.1:8891
>> >> non_smtpd_milters = $smtpd_milters
>> >> milter_default_action = accept
>> >> milter_protocol = 6
>> >> -ANGELO FAZZINA
>> >>
>> >>
>> >> From: owner-postfix-us...@postfix.org  
>> >> On Behalf Of SysAdmin EM
>> >> Sent: Tuesday, March 10, 2020 9:26 AM
>> >> To: postfix-users@postfix.org
>> >> Subject: postfix3 with opendkim
>> >>
>> >> I update my Postfix 2 to Postfix 3. Postfix not communicating with 
>> >> opendkim.
>> >>
>> >>
>> >>
>> >> Mar 10 10:14:31 server003 opendkim[18596]: OpenDKIM Filter: mi_stop=1
>> >> Mar 10 10:14:31 server003 opendkim[18596]: OpenDKIM Filter v2.11.0 
>> >> terminating with status 0, errno = 0
>> >> Mar 10 10:14:34 server opendkim[18915]: OpenDKIM Filter v2.11.0 starting 
>> >> (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)
>> >> Mar 10 10:15:44 server003 postfix/cleanup[19015]: 614D2C09B473: 
>> >> message-id=<20200310131544.614d2c09b...@mail03.server.com>
>> >> Mar 10 10:15:44 server003 postfix/qmgr[18994]: 614D2C09B473: 
>> >> from=, size=512, nrcpt=1 (queue active)
>> >> Mar 10 10:15:44 server003 postfix/smtp[19018]: connect to 
>> >> gmail-smtp-in.l.google.com[2800:3f0:4003:c00::1a]:25: Network is 
>> >> unreachable
>> >> Mar 10 10:15:45 server003 postfix/smtp[19018]: 614D2C09B473: 
>> >> to=, 
>> >> relay=gmail-smtp-in.l.google.com[64.233.186.26]:25, delay=1, delay
>> >> s=0.07/0/0.43/0.54, dsn=2.0.0, status=sent (250 2.0.0 OK  1583846145 
>> >> z199si8204777qka.20 - gsmtp)
>> >> Mar 10 10:15:45 server003 postfix/qmgr[18994]: 614D2C09B473: removed
>> >>
>> >> In the openDKIM config file i add this options:...
>>
>>
>> Maybe you have something in your master.cf that overrides the milter
>> settings in main.cf. Have a look for keyword 'milter' in master.cf.

Yes, postfix 3.x is compatible with opendkim and the same settings
should work. (And the etiquette here BTW is to bottom-post not
top-post.)

Re: postfix3 with opendkim

[SysAdmin EM]

grep milter /etc/postfix/master.cf
#  -o milter_macro_daemon_name=ORIGINATING
#  -o milter_macro_daemon_name=ORIGINATING

I can't find the problem flaw

Any ideas? postfix 3 is compatible?

El mar., 10 de mar. de 2020 a la(s) 10:58, Dominic Raferd (
domi...@timedicer.co.uk) escribió:

> On Tue, 10 Mar 2020 at 13:52, SysAdmin EM  wrote:
> >
> > Hello.!
> >
> > In the mail.cf i add this options:
> > # OpenDKIM
> > smtpd_milters   = inet:127.0.0.1:8891
> > non_smtpd_milters   = $smtpd_milters
> > milter_default_action   = accept
> > milter_protocol = 6
> >
> > when i send and email from console, i not see communication with postfix
> and opendkim
> >
> > Mar 10 10:50:15 server003 postfix/pickup[19505]: BC053C09B473: uid=0
> from=
> > Mar 10 10:50:15 server003 postfix/cleanup[19512]: BC053C09B473:
> message-id=<20200310135015.bc053c09b...@mail03.server003.com>
> > Mar 10 10:50:15 server003 postfix/qmgr[19506]: BC053C09B473: from=<
> r...@mail03.server003.com>, size=512, nrcpt=1 (queue active)
> > Mar 10 10:50:16 server003 postfix/smtp[19515]: BC053C09B473: to=<
> emaw...@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.186.26]:25,
> delay=1, delays=0
> > .04/0/0.34/0.62, dsn=2.0.0, status=sent (250 2.0.0 OK  1583848216
> f20si8353764qkm.11 - gsmtp)
> > Mar 10 10:50:16 server003 postfix/qmgr[19506]: BC053C09B473: removed
> >
> >
> > El mar., 10 de mar. de 2020 a la(s) 10:47, Fazzina, Angelo (
> angelo.fazz...@uconn.edu) escribió:
> >>
> >> Hi, may I ask what your Postfix config looks like for OpenDkim ?
> >> In Postfix 2.x it is close to this :
> >>
> >> smtpd_milters = inet:127.0.0.1:8891
> >> non_smtpd_milters = $smtpd_milters
> >> milter_default_action = accept
> >> milter_protocol = 6
> >> -ANGELO FAZZINA
> >>
> >>
> >> From: owner-postfix-us...@postfix.org 
> On Behalf Of SysAdmin EM
> >> Sent: Tuesday, March 10, 2020 9:26 AM
> >> To: postfix-users@postfix.org
> >> Subject: postfix3 with opendkim
> >>
> >> I update my Postfix 2 to Postfix 3. Postfix not communicating with
> opendkim.
> >>
> >>
> >>
> >> Mar 10 10:14:31 server003 opendkim[18596]: OpenDKIM Filter: mi_stop=1
> >> Mar 10 10:14:31 server003 opendkim[18596]: OpenDKIM Filter v2.11.0
> terminating with status 0, errno = 0
> >> Mar 10 10:14:34 server opendkim[18915]: OpenDKIM Filter v2.11.0
> starting (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)
> >> Mar 10 10:15:44 server003 postfix/cleanup[19015]: 614D2C09B473:
> message-id=<20200310131544.614d2c09b...@mail03.server.com>
> >> Mar 10 10:15:44 server003 postfix/qmgr[18994]: 614D2C09B473: from=<
> r...@mail03.server.com>, size=512, nrcpt=1 (queue active)
> >> Mar 10 10:15:44 server003 postfix/smtp[19018]: connect to
> gmail-smtp-in.l.google.com[2800:3f0:4003:c00::1a]:25: Network is
> unreachable
> >> Mar 10 10:15:45 server003 postfix/smtp[19018]: 614D2C09B473: to=<
> emaw...@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.186.26]:25,
> delay=1, delay
> >> s=0.07/0/0.43/0.54, dsn=2.0.0, status=sent (250 2.0.0 OK  1583846145
> z199si8204777qka.20 - gsmtp)
> >> Mar 10 10:15:45 server003 postfix/qmgr[18994]: 614D2C09B473: removed
> >>
> >> In the openDKIM config file i add this options:...
>
>
> Maybe you have something in your master.cf that overrides the milter
> settings in main.cf. Have a look for keyword 'milter' in master.cf.
>

Re: postfix3 with opendkim

[Dominic Raferd]

On Tue, 10 Mar 2020 at 13:52, SysAdmin EM  wrote:
>
> Hello.!
>
> In the mail.cf i add this options:
> # OpenDKIM
> smtpd_milters   = inet:127.0.0.1:8891
> non_smtpd_milters   = $smtpd_milters
> milter_default_action   = accept
> milter_protocol = 6
>
> when i send and email from console, i not see communication with postfix and 
> opendkim
>
> Mar 10 10:50:15 server003 postfix/pickup[19505]: BC053C09B473: uid=0 
> from=
> Mar 10 10:50:15 server003 postfix/cleanup[19512]: BC053C09B473: 
> message-id=<20200310135015.bc053c09b...@mail03.server003.com>
> Mar 10 10:50:15 server003 postfix/qmgr[19506]: BC053C09B473: 
> from=, size=512, nrcpt=1 (queue active)
> Mar 10 10:50:16 server003 postfix/smtp[19515]: BC053C09B473: 
> to=, relay=gmail-smtp-in.l.google.com[64.233.186.26]:25, 
> delay=1, delays=0
> .04/0/0.34/0.62, dsn=2.0.0, status=sent (250 2.0.0 OK  1583848216 
> f20si8353764qkm.11 - gsmtp)
> Mar 10 10:50:16 server003 postfix/qmgr[19506]: BC053C09B473: removed
>
>
> El mar., 10 de mar. de 2020 a la(s) 10:47, Fazzina, Angelo 
> (angelo.fazz...@uconn.edu) escribió:
>>
>> Hi, may I ask what your Postfix config looks like for OpenDkim ?
>> In Postfix 2.x it is close to this :
>>
>> smtpd_milters = inet:127.0.0.1:8891
>> non_smtpd_milters = $smtpd_milters
>> milter_default_action = accept
>> milter_protocol = 6
>> -ANGELO FAZZINA
>>
>>
>> From: owner-postfix-us...@postfix.org  On 
>> Behalf Of SysAdmin EM
>> Sent: Tuesday, March 10, 2020 9:26 AM
>> To: postfix-users@postfix.org
>> Subject: postfix3 with opendkim
>>
>> I update my Postfix 2 to Postfix 3. Postfix not communicating with opendkim.
>>
>>
>>
>> Mar 10 10:14:31 server003 opendkim[18596]: OpenDKIM Filter: mi_stop=1
>> Mar 10 10:14:31 server003 opendkim[18596]: OpenDKIM Filter v2.11.0 
>> terminating with status 0, errno = 0
>> Mar 10 10:14:34 server opendkim[18915]: OpenDKIM Filter v2.11.0 starting 
>> (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)
>> Mar 10 10:15:44 server003 postfix/cleanup[19015]: 614D2C09B473: 
>> message-id=<20200310131544.614d2c09b...@mail03.server.com>
>> Mar 10 10:15:44 server003 postfix/qmgr[18994]: 614D2C09B473: 
>> from=, size=512, nrcpt=1 (queue active)
>> Mar 10 10:15:44 server003 postfix/smtp[19018]: connect to 
>> gmail-smtp-in.l.google.com[2800:3f0:4003:c00::1a]:25: Network is unreachable
>> Mar 10 10:15:45 server003 postfix/smtp[19018]: 614D2C09B473: 
>> to=, relay=gmail-smtp-in.l.google.com[64.233.186.26]:25, 
>> delay=1, delay
>> s=0.07/0/0.43/0.54, dsn=2.0.0, status=sent (250 2.0.0 OK  1583846145 
>> z199si8204777qka.20 - gsmtp)
>> Mar 10 10:15:45 server003 postfix/qmgr[18994]: 614D2C09B473: removed
>>
>> In the openDKIM config file i add this options:...


Maybe you have something in your master.cf that overrides the milter
settings in main.cf. Have a look for keyword 'milter' in master.cf.

Re: t/s outbound 99% timeout on TBird?

[Wietse Venema]

li...@sbt.net.au:
> Mar 10 00:10:50 geko postfix/cleanup[9389]: C099F42B0143:
> message-id=<5262b5f4-18d5-b7fb-b09a-be37f1d61b9e@a_tld.com>
> Mar 10 00:12:38 geko opendkim[1322]: C099F42B0143: DKIM-Signature field
> added (s=default, d=a_tld.com)

You need to find out why this took TWO MINUTES.

Wietse

Re: postfix3 with opendkim

[SysAdmin EM]

Hello.!

In the mail.cf i add this options:
# OpenDKIM
smtpd_milters   = inet:127.0.0.1:8891
non_smtpd_milters   = $smtpd_milters
milter_default_action   = accept
milter_protocol = 6

when i send and email from console, i not see communication with postfix
and opendkim

Mar 10 10:50:15 server003 postfix/pickup[19505]: BC053C09B473: uid=0
from=
Mar 10 10:50:15 server003 postfix/cleanup[19512]: BC053C09B473: message-id=<
20200310135015.bc053c09b...@mail03.server003.com>
Mar 10 10:50:15 server003 postfix/qmgr[19506]: BC053C09B473: from=<
r...@mail03.server003.com>, size=512, nrcpt=1 (queue active)
Mar 10 10:50:16 server003 postfix/smtp[19515]: BC053C09B473: to=<
emaw...@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.186.26]:25,
delay=1, delays=0
.04/0/0.34/0.62, dsn=2.0.0, status=sent (250 2.0.0 OK  1583848216
f20si8353764qkm.11 - gsmtp)
Mar 10 10:50:16 server003 postfix/qmgr[19506]: BC053C09B473: removed

any ideas?

Thanks for the help.

Regards,


El mar., 10 de mar. de 2020 a la(s) 10:47, Fazzina, Angelo (
angelo.fazz...@uconn.edu) escribió:

> Hi, may I ask what your Postfix config looks like for OpenDkim ?
>
>
>
> In Postfix 2.x it is close to this :
>
> smtpd_milters = inet:127.0.0.1:8891
> non_smtpd_milters = $smtpd_milters
> milter_default_action = accept
> milter_protocol = 6
>
>
>
>
>
>
>
> -ANGELO FAZZINA
>
>
>
> ang...@uconn.edu
>
> University of Connecticut,  ITS, SSG, Server Systems
>
> 860-486-9075
>
>
>
> *From:* owner-postfix-us...@postfix.org  *On
> Behalf Of *SysAdmin EM
> *Sent:* Tuesday, March 10, 2020 9:26 AM
> *To:* postfix-users@postfix.org
> *Subject:* postfix3 with opendkim
>
>
>
> *Message sent from a system outside of UConn.*
>
>
>
> Hello, my again.
>
>
>
> I update my Postfix 2 to Postfix 3. Postfix not communicating with
> opendkim.
>
>
>
> Mar 10 10:14:31 server003 opendkim[18596]: OpenDKIM Filter: mi_stop=1
> Mar 10 10:14:31 server003 opendkim[18596]: OpenDKIM Filter v2.11.0
> terminating with status 0, errno = 0
> Mar 10 10:14:34 server opendkim[18915]: OpenDKIM Filter v2.11.0 starting
> (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)
>
>
>
>
>
>
>
> Mar 10 10:15:44 server003 postfix/cleanup[19015]: 614D2C09B473:
> message-id=<20200310131544.614d2c09b...@mail03.server.com>
> Mar 10 10:15:44 server003 postfix/qmgr[18994]: 614D2C09B473: from=<
> r...@mail03.server.com>, size=512, nrcpt=1 (queue active)
> Mar 10 10:15:44 server003 postfix/smtp[19018]: connect to
> gmail-smtp-in.l.google.com
> [2800:3f0:4003:c00::1a]:25:
> Network is unreachable
> Mar 10 10:15:45 server003 postfix/smtp[19018]: 614D2C09B473: to=<
> emaw...@gmail.com>, relay=gmail-smtp-in.l.google.com
> [64.233.186.26]:25,
> delay=1, delay
> s=0.07/0/0.43/0.54, dsn=2.0.0, status=sent (250 2.0.0 OK  1583846145
> z199si8204777qka.20 - gsmtp)
> Mar 10 10:15:45 server003 postfix/qmgr[18994]: 614D2C09B473: removed
>
> In the openDKIM config file i add this options:
>
>
>
>  /etc/opendkim.conf
>
>
>
> PidFile>/var/run/opendkim/opendkim.pid
> KeyTable/etc/opendkim/KeyTable
> SigningTable   refile:/etc/opendkim/SigningTable
> ExternalIgnoreList  refile:/etc/opendkim/TrustedHosts
> InternalHosts   refile:/etc/opendkim/TrustedHosts
> Mode<-->v
> Syslog<>yes
> SyslogSuccess<->yes
> LogWhy<>yes
> UserID<>opendkim:opendkim
> Socket<>inet:8891@localhost
> Umask<->002
> SendReports<--->yes
> SoftwareHeader<>yes
> Canonicalization<-->relaxed/relaxed
> Selector<-->default
> MinimumKeyBits<>1024
> KeyFile>/etc/opendkim/keys/default.private
> OversignHeaders>From
>
>
>
> any ideas?
>
>
>
> Regards,
>
>
>

RE: postfix3 with opendkim

[Fazzina, Angelo]

Hi, may I ask what your Postfix config looks like for OpenDkim ?

In Postfix 2.x it is close to this :
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 6



-ANGELO FAZZINA

ang...@uconn.edu
University of Connecticut,  ITS, SSG, Server Systems
860-486-9075

From: owner-postfix-us...@postfix.org  On 
Behalf Of SysAdmin EM
Sent: Tuesday, March 10, 2020 9:26 AM
To: postfix-users@postfix.org
Subject: postfix3 with opendkim

*Message sent from a system outside of UConn.*

Hello, my again.

I update my Postfix 2 to Postfix 3. Postfix not communicating with opendkim.

Mar 10 10:14:31 server003 opendkim[18596]: OpenDKIM Filter: mi_stop=1
Mar 10 10:14:31 server003 opendkim[18596]: OpenDKIM Filter v2.11.0 terminating 
with status 0, errno = 0
Mar 10 10:14:34 server opendkim[18915]: OpenDKIM Filter v2.11.0 starting (args: 
-x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)



Mar 10 10:15:44 server003 postfix/cleanup[19015]: 614D2C09B473: 
message-id=<20200310131544.614d2c09b...@mail03.server.com>
Mar 10 10:15:44 server003 postfix/qmgr[18994]: 614D2C09B473: 
from=mailto:r...@mail03.server.com>>, size=512, nrcpt=1 
(queue active)
Mar 10 10:15:44 server003 postfix/smtp[19018]: connect to 
gmail-smtp-in.l.google.com[2800:3f0:4003:c00::1a]:25:
 Network is unreachable
Mar 10 10:15:45 server003 postfix/smtp[19018]: 614D2C09B473: 
to=mailto:emaw...@gmail.com>>, 
relay=gmail-smtp-in.l.google.com[64.233.186.26]:25,
 delay=1, delay
s=0.07/0/0.43/0.54, dsn=2.0.0, status=sent (250 2.0.0 OK  1583846145 
z199si8204777qka.20 - gsmtp)
Mar 10 10:15:45 server003 postfix/qmgr[18994]: 614D2C09B473: removed
In the openDKIM config file i add this options:

 /etc/opendkim.conf

PidFile>/var/run/opendkim/opendkim.pid
KeyTable/etc/opendkim/KeyTable
SigningTable   refile:/etc/opendkim/SigningTable
ExternalIgnoreList  refile:/etc/opendkim/TrustedHosts
InternalHosts   refile:/etc/opendkim/TrustedHosts
Mode<-->v
Syslog<>yes
SyslogSuccess<->yes
LogWhy<>yes
UserID<>opendkim:opendkim
Socket<>inet:8891@localhost
Umask<->002
SendReports<--->yes
SoftwareHeader<>yes
Canonicalization<-->relaxed/relaxed
Selector<-->default
MinimumKeyBits<>1024
KeyFile>/etc/opendkim/keys/default.private
OversignHeaders>From

any ideas?

Regards,

postfix3 with opendkim

[SysAdmin EM]

Hello, my again.

I update my Postfix 2 to Postfix 3. Postfix not communicating with opendkim.

Mar 10 10:14:31 server003 opendkim[18596]: OpenDKIM Filter: mi_stop=1
Mar 10 10:14:31 server003 opendkim[18596]: OpenDKIM Filter v2.11.0
terminating with status 0, errno = 0
Mar 10 10:14:34 server opendkim[18915]: OpenDKIM Filter v2.11.0 starting
(args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)



Mar 10 10:15:44 server003 postfix/cleanup[19015]: 614D2C09B473: message-id=<
20200310131544.614d2c09b...@mail03.server.com>
Mar 10 10:15:44 server003 postfix/qmgr[18994]: 614D2C09B473: from=<
r...@mail03.server.com>, size=512, nrcpt=1 (queue active)
Mar 10 10:15:44 server003 postfix/smtp[19018]: connect to
gmail-smtp-in.l.google.com[2800:3f0:4003:c00::1a]:25: Network is
unreachable
Mar 10 10:15:45 server003 postfix/smtp[19018]: 614D2C09B473: to=<
emaw...@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.186.26]:25,
delay=1, delay
s=0.07/0/0.43/0.54, dsn=2.0.0, status=sent (250 2.0.0 OK  1583846145
z199si8204777qka.20 - gsmtp)
Mar 10 10:15:45 server003 postfix/qmgr[18994]: 614D2C09B473: removed

In the openDKIM config file i add this options:

 /etc/opendkim.conf

PidFile>/var/run/opendkim/opendkim.pid
KeyTable/etc/opendkim/KeyTable
SigningTable   refile:/etc/opendkim/SigningTable
ExternalIgnoreList  refile:/etc/opendkim/TrustedHosts
InternalHosts   refile:/etc/opendkim/TrustedHosts
Mode<-->v
Syslog<>yes
SyslogSuccess<->yes
LogWhy<>yes
UserID<>opendkim:opendkim
Socket<>inet:8891@localhost
Umask<->002
SendReports<--->yes
SoftwareHeader<>yes
Canonicalization<-->relaxed/relaxed
Selector<-->default
MinimumKeyBits<>1024
KeyFile>/etc/opendkim/keys/default.private
OversignHeaders>From

any ideas?

Regards,

Re: t/s outbound 99% timeout on TBird?

[lists]

On Tue, March 10, 2020 12:33 pm, Viktor Dukhovni wrote:

>
> One interesting tidbit however is the 111s "before active" time in the
> delays= times.
>
> http://www.postfix.org/postconf.5.html#delay_logging_resolution_limit
>
>
> This does seem to suggest that it took ~111 seconds for the message to
> be accepted before it entered the active queue.  Perhaps PMTU or similar
> issues?  Or a slow pre-queue filter.

Viktor, thanks

maybe the default amavisd value of 'pre forked children' of '2' was
causing this, have increased it now to '10'

V

Re: postfix and systemctl

[Emanuel Postfix]

Hi!

In the file /etc/yum.repos.d/gf.repo add this config:

cat /etc/yum.repos.d/gf.repo
[gf]
name=Ghettoforge packages that won't overwrite core distro packages.
mirrorlist=http://mirrorlist.ghettoforge.org/el/7/gf/$basearch/mirrorlist
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-gf.el7
failovermethod=priority

[gf-plus]
name=Ghettoforge packages that will overwrite core distro packages.
mirrorlist=http://mirrorlist.ghettoforge.org/el/7/plus/$basearch/mirrorlist
# Please read http://ghettoforge.org/index.php/Usage *before* enabling this
repository!
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-gf.el7
failovermethod=priority
includepkgs=postfix*

[gf-testing]
name=GhettoForge packages that are currently untested.
mirrorlist=
http://mirrorlist.ghettoforge.org/el/7/testing/$basearch/mirrorlist
# This repo may contain packages that overwrite core distro packages.
Please
# read http://ghettoforge.org/index.php/Usage before enabling this
repository.
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-gf.el7
failovermethod=priority

[gf-source]
name=Ghettoforge packages - Source
mirrorlist=http://mirrorlist.ghettoforge.org/el/7/gf/SRPMS/mirrorlist
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-gf.el7
failovermethod=priority

[gf-plus-source]
name=Ghettoforge plus packages - Source
mirrorlist=http://mirrorlist.ghettoforge.org/el/7/plus/SRPMS/mirrorlist
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-gf.el7
failovermethod=priority

[gf-testing-source]
name=Ghettoforge testing packages - Source
mirrorlist=http://mirrorlist.ghettoforge.org/el/7/testing/SRPMS/mirrorlist
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-gf.el7
failovermethod=priority

from console I execute the following:

yum search postfix3

yum install postfix3.x86_64

I received this error: Couldn't open file
/etc/pki/rpm-gpg/RPM-GPG-KEY-gf.el7

then i execute the command:

yum install
http://mirror.ghettoforge.org/distributions/gf/gf-release-latest.gf.el7.noarch.rpm

yum install postfix3.x86_64



El mar., 10 de mar. de 2020 a la(s) 08:55, Peter (pe...@pajamian.dhs.org)
escribió:

> On 10/03/20 11:50 pm, Emanuel Postfix wrote:
> > I install postfix3 in Centos 7, I'm used to working with the systemctl
> > command but I can't administer the service that way. Does anyone have an
> > example of the configuration to work via systemctl?
>
> Where did you get postfix 3 from?  The packages at GhettoForge certainly
> come with systemd unit files and work fine with the systemctl command.
>
>
> Peter
>

Re: postfix and systemctl

[Peter]

On 10/03/20 11:50 pm, Emanuel Postfix wrote:
I install postfix3 in Centos 7, I'm used to working with the systemctl 
command but I can't administer the service that way. Does anyone have an 
example of the configuration to work via systemctl?


Where did you get postfix 3 from?  The packages at GhettoForge certainly 
come with systemd unit files and work fine with the systemctl command.



Peter

Re: t/s outbound 99% timeout on TBird?

[lists]

On Tue, March 10, 2020 10:27 am, Wietse Venema wrote:

> This is Postfix logging while SENDING email through an after-queue
> content filter (which has serious congestion, but that is not the problem
> in $SUBJECT).
>
> To come back to $SUBJECT, if you have user clients timing out, then
> you should be looking at Postfix logging while RECEIVING email from the
> client.

Wietse, thanks
oops, sorry.. I guess it the first 'section', for completeness, included
whole progress

noticed (unrelated I think) issue, user has both a_tld.com as well as
a_tld.com.au, from the log, he seems to use both, .com.au in sasl auth


# grep C099F42B0143 /var/log/maillog
Mar 10 00:10:49 geko postfix/smtpd[9483]: C099F42B0143:
client=unknown[119.42.117.134], sasl_method=PLAIN,
sasl_username=bb@a_tld.com.au
Mar 10 00:10:50 geko postfix/cleanup[9389]: C099F42B0143:
message-id=<5262b5f4-18d5-b7fb-b09a-be37f1d61b9e@a_tld.com>
Mar 10 00:12:38 geko opendkim[1322]: C099F42B0143: DKIM-Signature field
added (s=default, d=a_tld.com)
Mar 10 00:12:39 geko opendmarc[1295]: C099F42B0143: SPF(mailfrom):
bb@a_tld.com fail
Mar 10 00:12:39 geko opendmarc[1295]: C099F42B0143: a_tld.com fail
Mar 10 00:12:39 geko postfix/qmgr[1857]: C099F42B0143:
from=, size=240046, nrcpt=1 (queue active)
Mar 10 00:12:42 geko amavis[4998]: (04998-13) Passed CLEAN
{RelayedOutbound}, ORIGINATING LOCAL [119.42.117.134]:58287
[119.42.117.134]  -> , Queue-ID:
C099F42B0143, Message-ID:
<5262b5f4-18d5-b7fb-b09a-be37f1d61b9e@a_tld.com>, mail_id: qJth6ESNbOwS,
Hits: 0.222, size: 240858, queued_as: 145BB42B0149, 2796 ms
Mar 10 00:12:42 geko postfix/smtp[9497]: C099F42B0143:
to=, relay=127.0.0.1[127.0.0.1]:10026, delay=113,
delays=111/0.01/0.01/2.8, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 145BB42B0149)
Mar 10 00:12:42 geko postfix/qmgr[1857]: C099F42B0143: removed


# grep 145BB42B0149  /var/log/maillog
Mar 10 00:12:42 geko postfix/smtpd[9501]: 145BB42B0149:
client=localhost[127.0.0.1]
Mar 10 00:12:42 geko postfix/cleanup[9389]: 145BB42B0149:
message-id=<5262b5f4-18d5-b7fb-b09a-be37f1d61b9e@a_tld.com>
Mar 10 00:12:42 geko postfix/qmgr[1857]: 145BB42B0149:
from=, size=241161, nrcpt=1 (queue active)
Mar 10 00:12:42 geko amavis[4998]: (04998-13) Passed CLEAN
{RelayedOutbound}, ORIGINATING LOCAL [119.42.117.134]:58287
[119.42.117.134]  -> , Queue-ID:
C099F42B0143, Message-ID:
<5262b5f4-18d5-b7fb-b09a-be37f1d61b9e@a_tld.com>, mail_id: qJth6ESNbOwS,
Hits: 0.222, size: 240858, queued_as: 145BB42B0149, 2796 ms
Mar 10 00:12:42 geko postfix/smtp[9497]: C099F42B0143:
to=, relay=127.0.0.1[127.0.0.1]:10026, delay=113,
delays=111/0.01/0.01/2.8, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 145BB42B0149)
Mar 10 00:12:46 geko postfix/smtp[9502]: 145BB42B0149:
to=, relay=aspmx.l.google.com[172.217.194.26]:25,
delay=4, delays=0.01/0.02/1.9/2, dsn=2.0.0, status=sent (250 2.0.0 OK 
1583759565 i6si12263894pjk.13 - gsmtp)
Mar 10 00:12:46 geko postfix/qmgr[1857]: 145BB42B0149: removed

# grep 1707542B0143  /var/log/maillog
Mar 10 00:13:13 geko postfix/smtpd[9491]: 1707542B0143:
client=unknown[119.42.117.134], sasl_method=PLAIN,
sasl_username=bb@a_tld.com.au
Mar 10 00:13:16 geko postfix/cleanup[9389]: 1707542B0143:
message-id=
Mar 10 00:14:07 geko opendkim[1322]: 1707542B0143: DKIM-Signature field
added (s=default, d=a_tld.com)
Mar 10 00:14:08 geko opendmarc[1295]: 1707542B0143: SPF(mailfrom):
bb@a_tld.com fail
Mar 10 00:14:08 geko opendmarc[1295]: 1707542B0143: a_tld.com fail
Mar 10 00:14:08 geko postfix/qmgr[1857]: 1707542B0143:
from=, size=239372, nrcpt=1 (queue active)
Mar 10 00:14:09 geko amavis[4927]: (04927-14) Passed CLEAN
{RelayedOutbound}, ORIGINATING LOCAL [119.42.117.134]:58356
[119.42.117.134]  -> , Queue-ID:
1707542B0143, Message-ID:
, mail_id: Gkn3suP0kf4K,
Hits: 2.714, size: 240145, queued_as: 175C542B0146, 1052 ms
Mar 10 00:14:09 geko postfix/smtp[9497]: 1707542B0143:
to=, relay=127.0.0.1[127.0.0.1]:10026, delay=57,
delays=55/0/0.01/1.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 175C542B0146)
Mar 10 00:14:09 geko postfix/qmgr[1857]: 1707542B0143: removed

# grep 175C542B0146  /var/log/maillog
Mar 10 00:14:09 geko postfix/smtpd[9501]: 175C542B0146:
client=localhost[127.0.0.1]
Mar 10 00:14:09 geko postfix/cleanup[9389]: 175C542B0146:
message-id=
Mar 10 00:14:09 geko postfix/qmgr[1857]: 175C542B0146:
from=, size=240448, nrcpt=1 (queue active)
Mar 10 00:14:09 geko amavis[4927]: (04927-14) Passed CLEAN
{RelayedOutbound}, ORIGINATING LOCAL [119.42.117.134]:58356
[119.42.117.134]  -> , Queue-ID:
1707542B0143, Message-ID:
, mail_id: Gkn3suP0kf4K,
Hits: 2.714, size: 240145, queued_as: 175C542B0146, 1052 ms
Mar 10 00:14:09 geko postfix/smtp[9497]: 1707542B0143:
to=, relay=127.0.0.1[127.0.0.1]:10026, delay=57,
delays=55/0/0.01/1.1, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 175C542B0146)
Mar 10 

Re: postfix and systemctl

[Gerald Galster]

> I install postfix3 in Centos 7, I'm used to working with the systemctl 
> command but I can't administer the service that way. Does anyone have an 
> example of the configuration to work via systemctl? 

You should check if there is a postfix service file for systemd:

[root@server ~]# rpm -ql postfix | grep service
/usr/lib/systemd/system/postfix.service


If not, create one at the given path:

[root@server ~]# cat /usr/lib/systemd/system/postfix.service 
[Unit]
Description=Postfix Mail Transport Agent
After=syslog.target network.target
Conflicts=sendmail.service exim.service

[Service]
Type=forking
PIDFile=/var/spool/postfix/pid/master.pid
EnvironmentFile=-/etc/sysconfig/network
ExecStartPre=-/usr/libexec/postfix/aliasesdb
ExecStartPre=-/usr/libexec/postfix/chroot-update
ExecStart=/usr/sbin/postfix start
ExecReload=/usr/sbin/postfix reload
ExecStop=/usr/sbin/postfix stop

[Install]
WantedBy=multi-user.target



Then reload systemd and start the service:

systemctl daemon-reload
systemctl enable postfix
systemctl start postfix
systemctl status postfix

Best regards
Gerald

postfix and systemctl

[Emanuel Postfix]

Hello,

I install postfix3 in Centos 7, I'm used to working with the systemctl
command but I can't administer the service that way. Does anyone have an
example of the configuration to work via systemctl?

Thank you.

Regards,