Setting up virtual mail users

[bobby]

I stood up my server using these instructions from this website, which have
gotten me VERY far.  However, I'm at a deviation point.  I'd like to have
virtual users (and not require local unix accounts for those "users"), and
then possibly even forward those emails to a real user, effectively
masking/masquerading.
https://www.linuxbabe.com/mail-server/setup-basic-postfix-mail-sever-ubuntu
I noticed on her site, she has a section for:
Create Virtual Mailboxes with PostfixAdmin (Ubuntu 18.04, Ubuntu 20.04)
Trying to avoid a gui when/where possible, for security reasons.  I am
running 20.04 by the way.  Just noticed the following bullet point actually
on her site:
"command-line client postfixadmin-cli for those who don’t want to click
around in a web interface", which is probably what I'd do, or would like to
do.  But this is what caught my attention: "
Note: Once you finish part 3, you can no longer use local Unix accounts as
email addresses. You must create email addresses from the PostfixAdmin web
interface." So I'm sure completing these instructions, would break my
current setup.
What is the best way to accomplish this?  I've been playing around with the
mysql path - thoughts on this approach? Any good tutorials that anyone can
recommend, that use dovecot, postfix, and imap?
I should note, I'd be the only user of this mail server.

Re: virtual mailbox domains??

[Wietse Venema]

post...@aecperformance.com:
> I stopped postfix and dovecot, 
> cleared the logs, 
> started postfix and dovecot, 
> attempted to send an email to smok...@sizzelicks.com (I don't see this in
> the logs) and then 
> attempted to create a mail account in Thunderbird for smok...@sizzelicks.com

Indeed there is nothing in the logs that shows attempts to receive
or deliver email. Could it be possible that your client is talking
to a different machine?

Wietse

RE: virtual mailbox domains??

[postfix]

dovcot -n

# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf

# Pigeonhole version 0.5.7.2 ()

# OS: Linux 5.4.0 x86_64 Ubuntu 20.04.3 LTS ext4

# Hostname: softlinksys.com

auth_mechanisms = plain login

auth_username_format = %n

mail_location = maildir:/var/mail/vhosts/%d/%n

mail_privileged_group = mail

namespace inbox {

  inbox = yes

  location =

  mailbox Drafts {

auto = create

special_use = \Drafts

  }

  mailbox Junk {

auto = create

special_use = \Junk

  }

  mailbox Sent {

auto = create

special_use = \Sent

  }

  mailbox "Sent Messages" {

special_use = \Sent

  }

  mailbox Trash {

auto = create

special_use = \Trash

  }

  prefix =

}

passdb {

  args = /etc/dovecot/dovecot-sql.conf.ext

  driver = sql

}

protocols = imap pop3 lmtp

service auth-worker {

  user = vmail

}

service auth {

  unix_listener /var/spool/postfix/private/auth {

group = postfix

mode = 0660

user = postfix

  }

  unix_listener auth-userdb {

mode = 0600

user = vmail

  }

  user = dovecot

}

service imap-login {

  inet_listener imap {

port = 143

  }

  inet_listener imaps {

port = 993

ssl = yes

  }

}

service lmtp {

  unix_listener /var/spool/postfix/private/dovecot-lmtp {

group = postfix

mode = 0600

user = postfix

  }

}

service pop3-login {

  inet_listener pop3 {

port = 110

  }

  inet_listener pop3s {

port = 995

ssl = yes

  }

}

ssl = required

ssl_cert =  On
Behalf Of Wietse Venema
Sent: Friday, December 3, 2021 1:35 PM
To: Postfix users 
Subject: Re: virtual mailbox domains??

 

  post...@aecperformance.com:

> How can I debug/resolve this problem?

 

By sharing Postfix logs, in addition to Postfix configurations.

 

"email to X bounces" is not sufficient to determine *WHY* delivery is
failing.

 

Wietse

RE: virtual mailbox domains??

[postfix]

 

postconf n

append_dot_mydomain = no

biff = no

compatibility_level = 2

inet_interfaces = all

mailbox_size_limit = 0

mydestination = localhost

myhostname = softlinksys.com

readme_directory = no

recipient_delimiter = +

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)

smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_invalid_hostname, reject_unknown_client_hostname

smtpd_helo_restrictions = reject_unknown_helo_hostname

smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,reject_unauth_destination

smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
defer_unauth_destination

smtpd_sasl_auth_enable = yes

smtpd_sasl_path = private/auth

smtpd_sasl_type = dovecot

smtpd_sender_restrictions = reject_unknown_sender_domain, permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_sender

smtpd_tls_auth_only = yes

smtpd_tls_cert_file =
/etc/letsencrypt/live/mail.softlinksys.com/fullchain.pem

smtpd_tls_key_file = /etc/letsencrypt/live/mail.softlinksys.com/privkey.pem

smtpd_use_tls = yes

virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf

virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf

virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf

virtual_transport = lmtp:unix:private/dovecot-lmtp

 

postconf -Mf

smtp   inet  n   -   y   -   -   smtpd

submission inet  n   -   y   -   -   smtpd

-o syslog_name=postfix/submission

-o smtpd_tls_security_level=encrypt

-o smtpd_sasl_auth_enable=yes

-o smtpd_sasl_type=dovecot

-o smtpd_sasl_path=private/auth

-o smtpd_reject_unlisted_recipient=no

-o smtpd_client_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

smtps  inet  n   -   y   -   -   smtpd

-o syslog_name=postfix/smtps

-o smtpd_tls_wrappermode=yes

-o smtpd_sasl_auth_enable=yes

-o smtpd_sasl_type=dovecot

-o smtpd_sasl_path=private/auth

-o smtpd_client_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

pickup unix  n   -   y   60  1   pickup

cleanupunix  n   -   y   -   0   cleanup

qmgr   unix  n   -   n   300 1   qmgr

tlsmgr unix  -   -   y   1000?   1   tlsmgr

rewriteunix  -   -   y   -   -   trivial-rewrite

bounce unix  -   -   y   -   0   bounce

defer  unix  -   -   y   -   0   bounce

trace  unix  -   -   y   -   0   bounce

verify unix  -   -   y   -   1   verify

flush  unix  n   -   y   1000?   0   flush

proxymap   unix  -   -   n   -   -   proxymap

proxywrite unix  -   -   n   -   1   proxymap

smtp   unix  -   -   y   -   -   smtp

relay  unix  -   -   y   -   -   smtp

-o syslog_name=postfix/$service_name

showq  unix  n   -   y   -   -   showq

error  unix  -   -   y   -   -   error

retry  unix  -   -   y   -   -   error

discardunix  -   -   y   -   -   discard

local  unix  -   n   n   -   -   local

virtualunix  -   n   n   -   -   virtual

lmtp   unix  -   -   y   -   -   lmtp

anvil  unix  -   -   y   -   1   anvil

scache unix  -   -   y   -   1   scache

postlogunix-dgram n  -   n   -   1   postlogd

maildrop   unix  -   n   n   -   -   pipe flags=DRhu

user=vmail argv=/usr/bin/maildrop -d ${recipient}

uucp   unix  -   n   n   -   -   pipe flags=Fqhu

user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail unix  -   n   n   -   -   pipe flags=F
user=ftn

argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp  unix  -   n   n   -   -   pipe flags=Fq.

user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient

scalemail-backend unix - n   n   -   2   pipe flags=R

user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}

${user} ${extension}

mailmanunix  -   n   n   -   -   pipe flags=FR

user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}

${user}

 

 

-Original Message-
From: owner-postfix-us...@postfix.org  On
Behalf Of Wietse Venema
Sent: Friday, December 3, 2021 1:35 PM
To: Postfix users 
Subject: Re: virtual mailbox domains??

 

  post...@aecperformance.com:

> How can I debug/resolve this 

RE: virtual mailbox domains??

[postfix]

Thunderbird



 

 

-Original Message-
From: owner-postfix-us...@postfix.org  On
Behalf Of Wietse Venema
Sent: Friday, December 3, 2021 1:35 PM
To: Postfix users 
Subject: Re: virtual mailbox domains??

 

  post...@aecperformance.com:

> How can I debug/resolve this problem?

 

By sharing Postfix logs, in addition to Postfix configurations.

 

"email to X bounces" is not sufficient to determine *WHY* delivery is
failing.

 

Wietse

RE: virtual mailbox domains??

[postfix]

I stopped postfix and dovecot, 
cleared the logs, 
started postfix and dovecot, 
attempted to send an email to smok...@sizzelicks.com (I don't see this in
the logs) and then 
attempted to create a mail account in Thunderbird for smok...@sizzelicks.com

syslog
Dec  3 19:26:55 softlinksys systemd[1]: Starting Postfix Mail Transport
Agent (instance -)...
Dec  3 19:26:55 softlinksys postfix/postfix-script[5508]: warning: symlink
leaves directory: /etc/postfix/./makedefs.out
Dec  3 19:26:56 softlinksys postfix/postfix-script[5675]: starting the
Postfix mail system
Dec  3 19:26:56 softlinksys postfix/master[5677]: daemon started -- version
3.4.13, configuration /etc/postfix
Dec  3 19:26:56 softlinksys systemd[1]: Started Postfix Mail Transport Agent
(instance -).
Dec  3 19:26:56 softlinksys systemd[1]: Starting Postfix Mail Transport
Agent...
Dec  3 19:26:56 softlinksys systemd[1]: Finished Postfix Mail Transport
Agent.
Dec  3 19:27:05 softlinksys systemd[1]: Started Dovecot IMAP/POP3 email
server.
Dec  3 19:27:05 softlinksys dovecot: master: Dovecot v2.3.7.2 (3c910f64b)
starting up for imap, pop3, lmtp (core dumps disabled)
Dec  3 19:32:10 softlinksys dovecot: imap-login: Disconnected (auth failed,
3 attempts in 14 secs): user=, method=PLAIN, rip=67.8.3.170,
lip=194.163.45.150, TLS, session=

mail.log
Dec  3 19:26:55 softlinksys postfix/postfix-script[5508]: warning: symlink
leaves directory: /etc/postfix/./makedefs.out
Dec  3 19:26:56 softlinksys postfix/postfix-script[5675]: starting the
Postfix mail system
Dec  3 19:26:56 softlinksys postfix/master[5677]: daemon started -- version
3.4.13, configuration /etc/postfix
Dec  3 19:27:05 softlinksys dovecot: master: Dovecot v2.3.7.2 (3c910f64b)
starting up for imap, pop3, lmtp (core dumps disabled)
Dec  3 19:32:10 softlinksys dovecot: imap-login: Disconnected (auth failed,
3 attempts in 14 secs): user=, method=PLAIN, rip=67.8.3.170,
lip=194.163.45.150, TLS, session=

-Original Message-
From: owner-postfix-us...@postfix.org  On
Behalf Of Wietse Venema
Sent: Friday, December 3, 2021 1:35 PM
To: Postfix users 
Subject: Re: virtual mailbox domains??

post...@aecperformance.com:
> How can I debug/resolve this problem?

By sharing Postfix logs, in addition to Postfix configurations.

"email to X bounces" is not sufficient to determine *WHY* delivery is
failing.

Wietse

RE: virtual mailbox domains??

[postfix]

I tried to send  the logs and configs. 

I cleared the logs before I: started postfix & dovecot; attempted to send an
email; attempted to create a mail account in Thunderbird.

Then I retrieved syslog and mail.log.

 

For configs I did: postconf -n postconf Mf dovecot -n

 

The email bounced because it was too long.

I really need help and I'm finding it almost as difficult as finding the
answers to my problem.

 

What do I do now?

 

-Original Message-
From: owner-postfix-us...@postfix.org  On
Behalf Of Wietse Venema
Sent: Friday, December 3, 2021 1:35 PM
To: Postfix users 
Subject: Re: virtual mailbox domains??

 

  post...@aecperformance.com:

> How can I debug/resolve this problem?

 

By sharing Postfix logs, in addition to Postfix configurations.

 

"email to X bounces" is not sufficient to determine *WHY* delivery is
failing.

 

Wietse

Re: virtual mailbox domains??

[Wietse Venema]

post...@aecperformance.com:
> How can I debug/resolve this problem?

By sharing Postfix logs, in addition to Postfix configurations.

"email to X bounces" is not sufficient to determine *WHY*
delivery is failing.

Wietse

virtual mailbox domains??

[postfix]

VPS Ubuntu 20.04 postfix 3.4.13 and dovecot 2.3.7.2

Virtual Mailboxes MySql

 

Our server hosts multiple mail domains each having multiple email addresses.

Domain: sizzelicks.com has an MX record pointing to mail.sizzelicks.com
showing the IP: 194:163:45:150 which is our VPS IP.

https://mxtoolbox.com/SuperTool.aspx?action=mx%3asizzelicks.com=toolpage

 

We have a domain: sizzelicks.com (I tried mail.sizzelicks.com also) in our
MySql virtual_domains table.

We have an address: smok...@sizzelicks.com 
as the email field in our MySql virtual_ users table.

Command line tests:

sudo postmap -q sizzelicks.com
mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf 

1

sudo postmap -q smok...@sizzelicks.com
mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf

1

sudo postmap -q spa...@sizzelicks.com
mysql:/etc/postfix/mysql-virtual-alias-maps.cf

smok...@sizzelicks.com

 

I cannot send an email to smok...@sizzelicks.com.
I've tried setting the domain (MySql virtual_domains) as both sizzelicks.com
and mail.sizzelicks.com.
The email bounces in either case.

 

I created an account for smok...@sizzelicks.com
  in Thunderbird on a Windows client.

If I set the IMAP and SMTP server as sizzelicks.com Thunderbird will
connect.

If I set the IMAP and SMTP server as mail.sizzelicks.com Thunderbird will
NOT connect.

 

How can I correlate sizzelicks.com with mail.sizzelicks.com in postfix and
dovecot.

How can I debug/resolve this problem?

 

postconf n

append_dot_mydomain = no

biff = no

compatibility_level = 2

inet_interfaces = all

mailbox_size_limit = 0

mydestination = localhost

myhostname = softlinksys.com

readme_directory = no

recipient_delimiter = +

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)

smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_invalid_hostname, reject_unknown_client_hostname

smtpd_helo_restrictions = reject_unknown_helo_hostname

smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,reject_unauth_destination

smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
defer_unauth_destination

smtpd_sasl_auth_enable = yes

smtpd_sasl_path = private/auth

smtpd_sasl_type = dovecot

smtpd_sender_restrictions = reject_unknown_sender_domain, permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_sender

smtpd_tls_auth_only = yes

smtpd_tls_cert_file =
/etc/letsencrypt/live/mail.softlinksys.com/fullchain.pem

smtpd_tls_key_file = /etc/letsencrypt/live/mail.softlinksys.com/privkey.pem

smtpd_use_tls = yes

virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf

virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf

virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf

virtual_transport = lmtp:unix:private/dovecot-lmtp

 

postconf -Mf

smtp   inet  n   -   y   -   -   smtpd

submission inet  n   -   y   -   -   smtpd

-o syslog_name=postfix/submission

-o smtpd_tls_security_level=encrypt

-o smtpd_sasl_auth_enable=yes

-o smtpd_sasl_type=dovecot

-o smtpd_sasl_path=private/auth

-o smtpd_reject_unlisted_recipient=no

-o smtpd_client_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

smtps  inet  n   -   y   -   -   smtpd

-o syslog_name=postfix/smtps

-o smtpd_tls_wrappermode=yes

-o smtpd_sasl_auth_enable=yes

-o smtpd_sasl_type=dovecot

-o smtpd_sasl_path=private/auth

-o smtpd_client_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

pickup unix  n   -   y   60  1   pickup

cleanupunix  n   -   y   -   0   cleanup

qmgr   unix  n   -   n   300 1   qmgr

tlsmgr unix  -   -   y   1000?   1   tlsmgr

rewriteunix  -   -   y   -   -   trivial-rewrite

bounce unix  -   -   y   -   0   bounce

defer  unix  -   -   y   -   0   bounce

trace  unix  -   -   y   -   0   bounce

verify unix  -   -   y   -   1   verify

flush  unix  n   -   y   1000?   0   flush

proxymap   unix  -   -   n   -   -   proxymap

proxywrite unix  -   -   n   -   1   proxymap

smtp   unix  -   -   y   -   -   smtp

relay  unix  -   -   y   -   -   smtp

-o syslog_name=postfix/$service_name

showq  unix  n   -   y   -   -   showq

error  unix  -   -   y   -   -   error

retry  unix  -   -   y   -   -   error

discardunix  -   -   y   -   -   discard

local  unix  -   n   n   -   -   local

Re: destination_concurrency_limit after while moving from Postfix 3.1.15 to Postfix 3.5.6

[Emmanuel Fusté]

Le 03/12/2021 à 14:48, Yves-Marie Le Pors Chauvel a écrit :

Hi folks,

I moved from Postfix 3.1.15 to 3.5.6... It was mandatory to upgrade it 
in order to remove any legacy version (OS and Postfix) !


Before that everything was perfect : respecting the limit of 
connections for a specific route per IP with connection reuse without 
TLS ! Since moving from 3.1.15 to 3.5.6, we are receiving a lot of 
‘too many connections’ deferred : 421 mwinf5c42 ME Trop de connexions, 
veuillez verifier votre configuration. Too many connections, slow 
down. OFR004_104 [104]


Here is my transport map :
#ORANGE orange.fr  orange: csp-audit.com 
 orange: franceadhesif.fr 
 orange: rgr-avocats.com 
 orange: fermedevilliers.fr 
 orange: abex-ec.fr  
orange: pyrcarto.fr  orange: agencecharles.fr 
 orange: emballagedigest.eu 
 orange: da-conseil.com 
 orange: somaris.com  
orange: auto3000sa.fr  orange: batee.fr 
 orange: dynamelec.fr  orange: 
a4architectes.com  orange: 
transports-fronton.fr  orange: 
fruitaliance.com  orange: exp-automoto.com 
 orange: aaformation.com 
 orange: aer-sa.fr  orange: 
atalentec.com  orange: bst.fr  
orange: cabinetec.fr  orange: cabinetsecom.com 
 orange: dhalluin-peny.fr 
 orange: gescomm-fr.com 
 orange: gsf-am.com  orange: 
kalyseo.fr  orange: mattholding.fr 
 orange: mktool.com  orange: 
quilico-archi.com  orange: tea-cefi.com 
 orange: tramobus.com  
orange: #WANADOO wanadoo.fr  wanadoo:

Here is part of my main.cf  :
smtp_tls_connection_reuse = yes smtp_connection_reuse_time_limit = 
100s smtp_connection_cache_time_limit = 1s
# Orange policy orange_initial_destination_concurrency =1 
orange_destination_concurrency_limit = 1 orange_destination_rate_delay 
= 0 orange_destination_recipient_limit = 10 # Wanadoo policy 
wanadoo_initial_destination_concurrency = 1 
wanadoo_destination_concurrency_limit = 1 
wanadoo_destination_rate_delay = 0 wanadoo_destination_recipient_limit 
= 10

Here is part of my master.cf  :

# 
== 
# service type private unpriv chroot wakeup maxproc command + args # 
(yes) (yes) (yes) (never) (100) # 
== 
orange unix - - y - 2 smtp wanadoo unix - - y - 1 smtp


/As you can notice maxproc = 2 for orange route, but as you know (I 
won’t learn you anything) Orange + Wanadoo is a 3 connection limit 
(recommended 2 for Orange and 1 for Wanadoo)./


I’ve asked the MBP and he confirmed that we have more than 3 
connexions at the exact same time... Does anyone know if Postfix 
changed the way it is managing connections (something like moving from 
connection limit to active connection limit ? that could be an 
explanation ==> active + idles > 3) ? For information, adding TLS or 
not, does not change this issue...


Does anyone have any advice to tune my conf in order to avoid such 
issues ? If you need more elements, feel free to ask !


Regards,


Hello,

Orange/Wanadoo setup is a mess for SMTP servers.
Take in mind that all their rate limiting is implemented at the IP/TCP 
level, not SMTP level.
Orange and Wanadoo are behind the same IPs so do not use two transport 
but only one or you will trigger the simultaneous max TCP session quota.
Use aggressive SMTP session reuse for SMTP  AND for SMTP TLS or you will 
trigger the max session per hour.


So relevant part of my config is:
main.cf : (no need to touch other default values)
slow_destination_concurrency_limit=1
smtp_tls_connection_reuse = yes

master.cf:(yes 30s is insane, but their setup too)
slow  unix  -   -   n   -   -   smtp
    -o { smtp_connection_cache_destinations = wanadoo.fr, orange.fr }
    -o smtp_connection_cache_time_limit=30

Fix your transport table :
Many entries are no longer hosted on "Orange" system.
All entries but  wanadoo.fr and orange.fr are on a different MX : 
smtppromx.orange.fr for which the rate limiting is less problematic.
So limiting your transport table with only an entry for wanadoo.fr and 
and entry for orange.fr poining to the "slow" transport should be 
sufficient.
Postfix will not exactly honor the max simultaneous connection 

destination_concurrency_limit after while moving from Postfix 3.1.15 to Postfix 3.5.6

[Yves-Marie Le Pors Chauvel]

Hi folks,

I moved from Postfix 3.1.15 to 3.5.6... It was mandatory to upgrade it in
order to remove any legacy version (OS and Postfix) !

Before that everything was perfect : respecting the limit of connections
for a specific route per IP with connection reuse without TLS ! Since
moving from 3.1.15 to 3.5.6, we are receiving a lot of ‘too many
connections’ deferred : 421 mwinf5c42 ME Trop de connexions, veuillez
verifier votre configuration. Too many connections, slow down. OFR004_104
[104]

Here is my transport map :

#ORANGE orange.fr orange:csp-audit.com orange:franceadhesif.fr
orange:rgr-avocats.com orange:fermedevilliers.fr orange:abex-ec.fr
orange:pyrcarto.fr orange:agencecharles.fr orange:emballagedigest.eu
orange:da-conseil.com orange:somaris.com orange:auto3000sa.fr
orange:batee.fr orange:dynamelec.fr orange:a4architectes.com
orange:transports-fronton.fr orange:fruitaliance.com
orange:exp-automoto.com orange:aaformation.com orange:aer-sa.fr
orange:atalentec.com orange:bst.fr orange:cabinetec.fr
orange:cabinetsecom.com orange:dhalluin-peny.fr orange:gescomm-fr.com
orange:gsf-am.com orange:kalyseo.fr orange:mattholding.fr
orange:mktool.com orange:quilico-archi.com orange:tea-cefi.com
orange:tramobus.com orange:
#WANADOOwanadoo.fr wanadoo:

Here is part of my main.cf :

smtp_tls_connection_reuse = yes
smtp_connection_reuse_time_limit = 100s
smtp_connection_cache_time_limit = 1s

# Orange policy
orange_initial_destination_concurrency =1
orange_destination_concurrency_limit = 1
orange_destination_rate_delay = 0
orange_destination_recipient_limit = 10

# Wanadoo policy
wanadoo_initial_destination_concurrency = 1
wanadoo_destination_concurrency_limit = 1
wanadoo_destination_rate_delay = 0
wanadoo_destination_recipient_limit = 10

Here is part of my master.cf :

# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
orange  unix  -   -   y   -   2   smtp
wanadoo  unix  -   -   y   -   1   smtp


*As you can notice maxproc = 2 for orange route, but as you know (I won’t
learn you anything) Orange + Wanadoo is a 3 connection limit (recommended 2
for Orange and 1 for Wanadoo).*

I’ve asked the MBP and he confirmed that we have more than 3 connexions at
the exact same time... Does anyone know if Postfix changed the way it is
managing connections (something like moving from connection limit to active
connection limit ? that could be an explanation ==> active + idles > 3) ?
For information, adding TLS or not, does not change this issue...

Does anyone have any advice to tune my conf in order to avoid such issues ?
If you need more elements, feel free to ask !

Regards,

-- 
Yves-Marie LE PORS-CHAUVEL
Email Product Manager
*T: +33 2 23 45 57 99* (3043)
23, rue du Bignon - 35 135 Chantepie
www.ccmbenchmark.com

Re: are my helo restrictions too strict ?

[Togan Muftuoglu]

> "JR" == Jaroslaw Rafa  writes:

JR> Dnia 3.12.2021 o godz. 09:14:23 Fourhundred Thecat pisze:
>> Hello,
>>
>> I have strict helo checks:
>>
>> smtpd_helo_required = yes smtpd_helo_restrictions =
>> reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
>> reject_unknown_helo_hostname
>>
>> now I have noticed mails being rejected:
>>
>> Helo command rejected: Host not found
>>
>> warning: hostname mail-eopbgr80085.outbound.protection.outlook.com does not
>> resolve to address 40.107.8.85: Name or service not known

JR> reject_unknown_helo_hostname is known to produce quite a lot of false
JR> positives, and it is not recommended to use this restriction.

The postfix main.cf documentation says for reject_unknown_helo_hostname:

"Reject the request when the HELO or EHLO hostname has no DNS A or MX record. "

http://www.postfix.org/SMTPD_ACCESS_README.html has a comment

 # Don't talk to mail systems that don't know their own hostname.
 # With Postfix < 2.3, specify reject_unknown_hostname.
 smtpd_helo_restrictions = reject_unknown_helo_hostname


I am confused care to elaborate.

Re: are my helo restrictions too strict ?

[Jaroslaw Rafa]

Dnia  3.12.2021 o godz. 09:14:23 Fourhundred Thecat pisze:
> Hello,
> 
> I have strict helo checks:
> 
>   smtpd_helo_required = yes
>   smtpd_helo_restrictions = reject_non_fqdn_helo_hostname,
>   reject_invalid_helo_hostname,
>   reject_unknown_helo_hostname
> 
> now I have noticed mails being rejected:
> 
>   Helo command rejected: Host not found
> 
>   warning: hostname mail-eopbgr80085.outbound.protection.outlook.com
> does not resolve to address 40.107.8.85: Name or service not known

reject_unknown_helo_hostname is known to produce quite a lot of false
positives, and it is not recommended to use this restriction.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

Re: are my helo restrictions too strict ?

[Matus UHLAR - fantomas]

On 03.12.21 09:14, Fourhundred Thecat wrote:

I have strict helo checks:

 smtpd_helo_required = yes
 smtpd_helo_restrictions = reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
reject_unknown_helo_hostname


should be OK


now I have noticed mails being rejected:

 Helo command rejected: Host not found

 warning: hostname mail-eopbgr80085.outbound.protection.outlook.com
does not resolve to address 40.107.8.85: Name or service not known


this is just a warning, not an error


full log here:
https://paste.ofcode.org/GK7Rnau3etXZmUsV5CbE7L




what exactly happened?



postfix/smtpd:  NOQUEUE: reject: RCPT from
mail-eopbgr80045.outbound.protection.outlook.com[40.107.8.45]: 450 4.7.1
: Helo command rejected: Host
not found; from= to= proto=ESMTP
helo=


EUR04-VI1-obe.outbound.protection.outlook.com wasn't resolved at that time.


a) Are my settings too strict?
b) was there temporary interruption in DNS resolution?


looks like that.

% host EUR05-VI1-obe.outbound.protection.outlook.com
EUR05-VI1-obe.outbound.protection.outlook.com has address 23.103.134.15
EUR05-VI1-obe.outbound.protection.outlook.com has IPv6 address 
2a01:111:f400:7d00::200



c) or, is the domain really misconfigured?



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease

Re: are my helo restrictions too strict ?

[David Bürgin]

Fourhundred Thecat:
> Hello,
> 
> I have strict helo checks:
> 
>   smtpd_helo_required = yes
>   smtpd_helo_restrictions = reject_non_fqdn_helo_hostname,
>     reject_invalid_helo_hostname,
>     reject_unknown_helo_hostname

Anecdotal: I used to have these exact settings but removed
‘reject_unknown_helo_hostname’ about a year ago, after I encountered a
legitimate sender that had not bothered to set up DNS properly.

Other than that your settings work perfectly for me.

are my helo restrictions too strict ?

[Fourhundred Thecat]

Hello,

I have strict helo checks:

  smtpd_helo_required = yes
  smtpd_helo_restrictions = reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
reject_unknown_helo_hostname

now I have noticed mails being rejected:

  Helo command rejected: Host not found

  warning: hostname mail-eopbgr80085.outbound.protection.outlook.com
does not resolve to address 40.107.8.85: Name or service not known

full log here:
https://paste.ofcode.org/GK7Rnau3etXZmUsV5CbE7L

what exactly happened?

a) Are my settings too strict?
b) was there temporary interruption in DNS resolution?
c) or, is the domain really misconfigured?

thank you,