[pfx] Re: Forward mail
On Mon, Apr 15, 2024 at 04:28:33PM +0200, Benny Pedersen via Postfix-users wrote: > Dimitris via Postfix-users skrev den 2024-04-15 16:22: > > > a totally different approach : > > you could advise those with gmail accounts to use gmail as an email > > client and pull emails from your server. > > maybe not ideal (=trusting their email credentials within google), but > > eitherway, people using gmail already share too much personal data with > > them. :) > > gmail users is scarred to setup roundcube for the better webmail :) gmail users may well be scarred but I suspect you meant scared! :-) -- Chris Green ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Why can't I get /etc/aliases to do anything?
On Tue, Dec 05, 2023 at 11:53:24AM -0500, Wietse Venema via Postfix-users wrote: > Ralf Hildebrandt via Postfix-users: > > * Chris Green via Postfix-users : > > > On Tue, Dec 05, 2023 at 05:41:11PM +0100, Ralf Hildebrandt via > > > Postfix-users wrote: > > > > * Chris Green via Postfix-users : > > > > > > > > > mydestination = > > > > > > > > no mail is delivered locally. Thus "/etc/aliases" doesn't get to do > > > > anything > > > > > > > Ah, that explains it. > > > > > > So what's the minimal way of doing this? > > > > > > I don't want to deliver any mail locally but I do want something like > > > /etc/aliases to redirect mail sent to root (i.e. errors) to me off site. > > > > I'd say: > > leave mydestination at the default (delete the line from main.cf) > > then it should work. > > If you want to alias off-host delivery, use virtual_alias_maps. > > user@example other-u...@example.com > > Note this file has different syntax than /etc/aliases (no colon). > Thank you Wietse, that would seem to be a sensible way to handle it. -- Chris Green ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Why can't I get /etc/aliases to do anything?
On Tue, Dec 05, 2023 at 05:41:11PM +0100, Ralf Hildebrandt via Postfix-users wrote: > * Chris Green via Postfix-users : > > > mydestination = > > no mail is delivered locally. Thus "/etc/aliases" doesn't get to do > anything > Ah, that explains it. So what's the minimal way of doing this? I don't want to deliver any mail locally but I do want something like /etc/aliases to redirect mail sent to root (i.e. errors) to me off site. -- Chris Green ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Why can't I get /etc/aliases to do anything?
I have several, small, headless systems (a couple of Beaglebone
Blacks, a couple of Raspberry Pis and some VPS's) where I want to send
any E-Mail for local users off the system to my own E-Mail.
They are all running postfix, versions from 3.4.x to 3.7.x.
They all have a pretty trivial, send-only, main.cf:
smtpd_banner = $myhostname
ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
luser_relay=ch...@isbd.co.uk
myhostname = odin
myorigin = odin
mydestination =
relayhost = [smtp-auth.mythic-beasts.com]:465
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = ipv4
smtp_sasl_auth_enable = yes
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
message_size_limit = 12048
This particular main.cf is on a Beaglebone Black in France.
/etc/aliases is:-
postmaster:root
root: ch...@isbd.co.uk
chris: ch...@isbd.co.uk
If I send a message to 'chris' (using mailx from the command line), it
gets sent off-site to chris@odin without the aliases being applied.
How do I simply get the aliases to actually do something please?
Oh, here is the mail.log for a message sent to chris:-
Dec 5 16:34:36 odin postfix/pickup[1823]: 677DFBAD: uid=0 from=
Dec 5 16:34:36 odin postfix/cleanup[2002]: 677DFBAD:
message-id=<20231205163436.677DFBAD@odin>
Dec 5 16:34:36 odin postfix/qmgr[1824]: 677DFBAD: from=,
size=371, nrcpt=1 (queue active)
Dec 5 16:34:37 odin postfix/smtp[2004]: 677DFBAD: to=,
orig_to=, relay=smtp-auth.mythic-beasts.com[46.235.227.24]:465,
delay=0.99, delays=0.16/0.11/0.51/0.21, dsn=2.0.0, status=sent (250 OK
id=1rAYNY-002U3U-Hf)
Dec 5 16:34:37 odin postfix/qmgr[1824]: 677DFBAD: removed
--
Chris Green
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Can one override use of myorigin for an unqualified recipient?
On the Postfix Basic Configuration page it says:- For the sake of consistency between sender and recipient addresses, myorigin also specifies the domain name that is appended to an unqualified recipient address. Is there any way to override this, i.e. can one explicitly set the domain that is appended to an unqualified recipient address to some value other than myorigin? I have a number of 'send only' systems running Postfix and I want mail sent to 'chris' to be sent to my home server not to user chris on the sending system. However I need myorigin set to the name of the sending machine so that I can see where the (error) message came from. -- Chris Green ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: How to configure minimal POP3/IMAP server with postfix?
On Mon, Jul 10, 2023 at 10:54:19AM +0200, Jaroslaw Rafa via Postfix-users wrote: > Dnia 10.07.2023 o godz. 09:10:32 Chris Green via Postfix-users pisze: > > > > What's the simplest way to do this? I looked in the "Postfix Howtos > > and FAQs" page but there didn't seem to be any 'minimal' sort of > > setups there. They also seemed rather old. > > > > So, can I just install and configure Dovecot with Postifx delivering > > mail to /var/mail? > > > > ... and is Dovecot the way to go? > > Yes, that's probably the simplest thing you can do :) OK, thanks all. -- Chris Green ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] How to configure minimal POP3/IMAP server with postfix?
I run simple Postfix setups on a number of systems, these are all systems which only have a very few users, two or three at the most. I want to add IMAP/POP3 access to one of the systems (it's a VPS but that's probably irrelevant). This will again be for only two or three users. What's the simplest way to do this? I looked in the "Postfix Howtos and FAQs" page but there didn't seem to be any 'minimal' sort of setups there. They also seemed rather old. So, can I just install and configure Dovecot with Postifx delivering mail to /var/mail? ... and is Dovecot the way to go? -- Chris Green ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Please remove mailing list tag
On Wed, Mar 15, 2023 at 11:42:50AM -0400, Marvin Renich via Postfix-users wrote: > * Phil Stracchino via Postfix-users > * [230315 11:11]: > > On 3/15/23 10:36, Marvin Renich via Postfix-users wrote: > > > That technical issue aside, in this thread there have been two > > > posters who expressed a desire to keep the tags, one said get > > > rid of it in users, but keep it in announce (I don't understand > > > his reasoning, I am just reporting his stated preference), > > > > > > Because if you're filtering all Postfix list traffic into the same > > folder, you probably want announcements to stand out at a glance. > > They may be of immediate importance. > > Thanks for clarifying, Phil. I can see that, and since it is a > low-volume list, I would not find it to be particularly bothersome. > My personal preference is not to have the tag as I run a filter to send mailing list messages to their own list's folder. However my filter program also has the ability to remove (space wasting IMHO) tags so that's what I do and I don't see them. ... except of course when a new one like Postfix's appears and I have to tune my filter configuration slightly to remove them again! :-) -- Chris Green ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
Re: A little help/clarification on what SPF does please
On Sat, Jan 14, 2023 at 05:03:15PM +0100, Gerald Galster wrote: > > However most of the time I use my hosting at gandi.net to send my > > E-Mail, so mail from ch...@isbd.co.uk originates on zbmc.eu, is > > transferred by authenticated SMTP to mail.gandi.net and is sent on > > from there to whatever its destination is. > > > > As I understand it the SPF records for mail.gandi.net purely confirm > > to a receiving mail server that the mail is coming from mail.gandi.net > > and reverse DNS look-up confirms that it really is mail.gandi.net. > > Have I got that right? I.e. the fact that the mail's From: is not > > connected in any way to the SPF record is irrelevant. The SPF record > > simply confirms the SMTP relay host's IP and that it is meant to be > > relaying mail for that IP. > > > Probably it's best to start with a simple smtp conversation. > ch...@isbd.co.uk wants to send an email to b...@server.com: > >[u...@client.com ~]$ nc server.com 25 >220 server.com ESMTP Postfix >HELO client.com >250 server.com >MAIL FROM: >250 2.1.0 Ok >RCPT TO: >250 2.1.5 Ok >DATA >354 End data with . >From: >To: >Subject: test > >Hello, > >this is a test. >. >250 2.0.0 Ok: queued as 4Nvabz5RcNabcHH3 >QUIT >221 2.0.0 Bye > > > SPF is about the envelope sender which is the address given at > "MAIL FROM". The address at "From:" within the "DATA" stage is > what your mailclient (Thunderbird, Outlook, ...) will display > as the sender, which may be completely different and is not > considered by SPF (or postfix). > Yes, this is what I thought/assumed was going on, thank you for confirming it. > The envelope sender in our example is ch...@isbd.co.uk, so the > receiving mailserver (server.com) will use this address for spf > checks. Therefore it will look for a TXT record via DNS that > contains spf info: > > $ host -t txt isbd.co.uk > isbd.co.uk descriptive text "v=spf1 include:_spf.mythic-beasts.com ~all" > > This has an include option which requires another DNS query: > > $ host -t txt _spf.mythic-beasts.com > _spf.mythic-beasts.com descriptive text "v=spf1 ip4:93.93.130.89 ... ~all" > > This returns ip addresses/networks that are allowed to send > emails with senders @isbd.co.uk and a hint how to proceed > (~all which means softfail or do not block right away). > > Now we have that smtp connection from client.com to server.com and > server.com will check if client.com's ip address is included in the > list returned via DNS txt/spf query. If so, client.com is authorized > to send mail in the name of @isbd.co.uk and the mail is accepted. > Otherwise it could reject that mail (-all) or take that into account > while checking spam (~all), ... > > Given an email from ch...@isbd.co.uk, originating at zbmc.eu and sent > via mail.gandi.net (authenticated smtp submission) to b...@server.com: > > - server.com sees the ip address of mail.gandi.net (incoming connection) > - server.com querys DNS for ch...@isbd.co.uk (host -t txt isbd.co.uk) > - server.com cannot find the ip address of mail.gandi.net within spf > - server.com might quarantine or classify your mail as spam because of ~all. > > The solution would be to include mail.gandi.net's ips in the spf > of isbd.co.uk (ip4, ip6, include, ...) so that it is authorized > to send emails in the name of @isbd.co.uk. > Brilliant explanation, thank you. In reality the envelope sender for E-Mail sent out of my home server is s...@zbmc.eu as I have a mailbox of that name at Gandi Internet and the zbmc.eu domain is hosted there. However zbmc.eu has no SPF record:- chris@esprimo$ host -t txt zbmc.eu zbmc.eu has no TXT record Presumably Gandi Internet accepts the mail anyway because it's an authenticated SMTP connection. What I'm not clear about is what happens when the mail is sent onwards by the 'smarthost' at Gandi. Does it change the envelope sender to something that an SPF record will be found for? Or does it get sent on with the same envelope sender with the possibility that it will then get marked as spam or something? Anyway it seems I should add an SPF record for zbmc.eu at Gandi Internet and I see they have a 'recommended' setting already there for me to use. Thank you, it's all a bit clearer now. -- Chris Green
Re: A little help/clarification on what SPF does please
On Sat, Jan 14, 2023 at 04:55:45PM +0100, Matus UHLAR - fantomas wrote: > On 14.01.23 11:02, Chris Green wrote: > >I use postfix on my home server and deliver mail by connecting to my > >hosting providers' "smart host" using authenticated SMTP. > > > >My home system's hostname is zbmc.eu but I don't use that domain in my > >E-Mail address, I use isbd.co.uk which domain is hosted at one of my > >hosting providers (mythic-beasts.com). > > > >However most of the time I use my hosting at gandi.net to send my > >E-Mail, so mail from ch...@isbd.co.uk originates on zbmc.eu, is > >transferred by authenticated SMTP to mail.gandi.net and is sent on > >from there to whatever its destination is. > > >As I understand it the SPF records for mail.gandi.net purely confirm > >to a receiving mail server that the mail is coming from mail.gandi.net > >and reverse DNS look-up confirms that it really is mail.gandi.net. > >Have I got that right? > > SPF records for mail.gandi.net are checked when someone sends mail from > @mail.gandi.net (you don't) or when server introduces itself as > mail.gandi.net (I assume yours introduces as zbmc.eu). > Yes, my server's postfix is on zbmc.eu but since the connection to Gandi is authenticated I assume Gandi will accept my E-Mails anyway. > so, you should not care about SPF record for mail.gandi.net but for SPF > record for isbd.co.uk > How does isbd.co.uk's SPF record get involved, it's hosted at Mythic Beasts so never sees my E-Mails sent from zbmc.eu to Gandi. > >I.e. the fact that the mail's From: is not > >connected in any way to the SPF record is irrelevant. The SPF record > >simply confirms the SMTP relay host's IP and that it is meant to be > >relaying mail for that IP. > > Header From: is irelevant with SPF. > > Envelope from: is relevant and "isbd.co.uk" should have SPF record > including mail.gandi.net or whatever mail.gandi.net admins tell you to > include in SPF. > As above, I don't see how isbd.co.uk's SPF record gets involved at all, isbd.co.uk is hosted at mythic-beasts.com. I have another (unrelated) domain registered at Gandi (that I thus have a password there that I use to autheticate the connection from zbmc.eu) -- Chris Green
A little help/clarification on what SPF does please
I use postfix on my home server and deliver mail by connecting to my hosting providers' "smart host" using authenticated SMTP. My home system's hostname is zbmc.eu but I don't use that domain in my E-Mail address, I use isbd.co.uk which domain is hosted at one of my hosting providers (mythic-beasts.com). However most of the time I use my hosting at gandi.net to send my E-Mail, so mail from ch...@isbd.co.uk originates on zbmc.eu, is transferred by authenticated SMTP to mail.gandi.net and is sent on from there to whatever its destination is. As I understand it the SPF records for mail.gandi.net purely confirm to a receiving mail server that the mail is coming from mail.gandi.net and reverse DNS look-up confirms that it really is mail.gandi.net. Have I got that right? I.e. the fact that the mail's From: is not connected in any way to the SPF record is irrelevant. The SPF record simply confirms the SMTP relay host's IP and that it is meant to be relaying mail for that IP. -- Chris Green
Re: Do I need to install an MUA as well as Postfix to send test messages from command line?
On Tue, Nov 22, 2022 at 03:03:09PM -0500, Wietse Venema wrote: > Chris Green: > > I have postfix installed on all of my systems and mostly they have at > > least mailx as well which is handy for sending tests. However one > > system doesn't even have mailx, do Ihave to install it to be able to > > send tests or is there some way to send test messages from the command > > line with just the basic postfix installation? > > Postfix assumes that there will be a mail command that takes input > from other programs and from users. > OK, thanks, I'll install something then. I just didn't want to do so if not necessary. -- Chris Green
Do I need to install an MUA as well as Postfix to send test messages from command line?
I have postfix installed on all of my systems and mostly they have at least mailx as well which is handy for sending tests. However one system doesn't even have mailx, do Ihave to install it to be able to send tests or is there some way to send test messages from the command line with just the basic postfix installation? -- Chris Green
Re: Adding a second line to .forward, can one prevent errors feeding back to sender?
On Tue, Jan 18, 2022 at 07:52:23AM -0500, Wietse Venema wrote: > Chris Green: > > If I add a second line to .forward, e.g. make it something like:- > > > > | /home/chris/.mutt/bin/filter.py > > | /home/chris/dev/bin/filter.py > > > > Then, if (as is likely) there are errors in /home/chris/dev/bin/filter.py > > the message sender will see an error returned even though the message > > has been delivered successfully by the first line. > > > > Is there a (simple) way to set up an extra message delivery whose > > status won't get fed back to the sender? > > Using standard shell syntax: > > | /home/chris/.mutt/bin/filter.py > | /home/chris/dev/bin/filter.py || exit 0 > Brilliant (well, 'of course' too, I should have got there myself), thank you Wietse. -- Chris Green
Adding a second line to .forward, can one prevent errors feeding back to sender?
This is a possibly naive question. Currently I deliver local mail to myself on my linux (xubuntu 21.10) system using a ~/.forward file as follows:- | /home/chris/.mutt/bin/filter.py I'm looking for a simple way to test new versions of filter.py and I'm not coming up with easy answers. If I add a second line to .forward, e.g. make it something like:- | /home/chris/.mutt/bin/filter.py | /home/chris/dev/bin/filter.py Then, if (as is likely) there are errors in /home/chris/dev/bin/filter.py the message sender will see an error returned even though the message has been delivered successfully by the first line. Is there a (simple) way to set up an extra message delivery whose status won't get fed back to the sender? I realise I could set up a complete other user and have a separate environment but that seems overkill for a simple, single user situation like this. I just want an easy way (that I can turn on and off) to feed my incoming messages into a 'second place' that won't return errors to the sender if it goes wrong. It's not super critical that I never send errors back, this is only handling my own personal mail. Up until now I have simply edited filter.py very carefully and lived with the odd undelivered message, in general SMTP copes very well and resends. It would just be nice to come up with a slightly more robust approach which would allow me to to more major changes to filter.py with less risk. -- Chris Green
Re: Can i run postfix on my home IP
On Thu, Jan 13, 2022 at 12:29:43AM -0600, Rob McGee wrote: > On 2022-01-12 21:45, Fred Morris wrote: > > If you've got a static IP and there's no games being played, it should > > work as long as the connection is "always on" and accepts connections > > (SYN) on port 25 from the outside world. -- FWM > > > > On Thu, 13 Jan 2022, Yamadaえりな wrote: > > > > > > I have got a DSL from the ISP, having a static IP. > > > Can I run postfix with this IP for accepting email for my own domain? > > Fred and Richard are of course correct, but you are very likely to > have problems sending mail from a residential IP netblock. See if > you're on PBL: > https://www.spamhaus.org/pbl/ > > If your ISP will set a custom PTR record for your IP address, you > can remove yourself from PBL. If not, you can possibly receive at > your home IP address, but you would have to relay outbound through > a VPS. Or, upgrade to business-class service from your ISP. Most > often a VPS is cheaper. I run Postfix on my home Desktop machine (always on), it basically only manages E-Mail to and from my hosting service which is where most of the domains that I actually use for my 'public' E-Mails reside. For outgoing E-Mail my postfix server just sends everything out to my ISP's 'smarthost'. -- Chris Green
Re: Google and UK.COM domains
On Tue, Dec 14, 2021 at 12:35:17PM -0500, Bill Cole wrote: > On 2021-12-13 at 06:19:47 UTC-0500 (Mon, 13 Dec 2021 19:19:47 +0800) > Frank Hwa > is rumored to have said: > > > for the second level domain, some are "com.au", "com.hk" (the com one), > > some are "co.uk", "co.jp" (the co one). I am not sure, isn't there a > > standard for this naming? > > No. The 2-letter TLDs are reserved for national authorities in each country, > who are broadly unwilling to be governed by sensible standards from > trans-national trade associations like ICANN. > > On the other hand, anyone who wants to do so can buy a 2nd-level domain in a > gTLD and run a pseudo-registry like uk.com or eu.org for subdomains. Such > operations meet great skepticism because historically spammers have tried to > insulated themselves from policy enforcement by running sock-puppet upstream > providers. I don't recall such an example in the past decade, but memories > are long. > I have a mix of .co.uk, .com, .net, .org, .biz, .uk, .be and .eu domains. They are all hosted on just two providers, one in the UK and the other in France. As far as I'm aware they could all be hosted on the same provider. Surely it's the provider of the hosting who gets blacklisted not the 'name' of the host. -- Chris Green
Re: TLS client certs question
Thanks guys. I'd like to know about both sender and recipient domain. Chris On Aug 8, 2021, 18:30, at 18:30, Wietse Venema wrote: >Viktor Dukhovni: >> On Sun, Aug 08, 2021 at 10:50:48AM -0400, Wietse Venema wrote: >> >> > I suppose that each client certificate will be valid only with a >> > specific host, so you would have to update the sender_transport >> > table to return a transport:nexthop result. >> >> FWIW, the OP's question was: > > I would like to know how Postfix handles client certificates > for delivery i.e. when it makes a remote connection to deliver > email. > >> Is it possible to control the certificate that is used per >domain? >> >> If per-domain means per destination nexthop regardless of sender, the >> configuration would be simpler. Assuming just a small number of >client >> certs, just configure a separate transport for each client cert, and >use >> transport_maps to map the domain in question to that transport. > >The question as posed previously in off-list email: > >Is it possible to control the certificate that is used per email >/ per customer? > >So we know that "customer" means "domain", and "certificate" means >"client certificate". We don't know if "domain" is sender or recipient. > > Wietse
Re: TLS client certs question
Thanks Wietse, I missed this first time, this must be the walkthrough that Viktor mentioned. Very useful, I will take a closer look on Monday. Best, Chris On Aug 7, 2021, 15:19, at 15:19, Wietse Venema wrote: >Chris Bamford: >> Hello, >> >> I would like to know how Postfix handles client certificates for >delivery >> i.e. when it makes a remote connection to deliver email. >> >> Is it possible to control the certificate that is used per domain? > >The client certificate is a Postfix SMTP client setting; the >certificate will be used for all email deliveries by that Postfix >SMTP client. > >The following example uses one Postfix SMTP client per sender domain, >each Postfix SMTP client having its own client certificate: > >/etc/postfix/main.cf: >sender_dependent_default_transport_maps = > hash:/etc/postfix/sender_transport > # In case you need a cert for all other deliveries. > # static:/etc/postfix/default-cert/pem > >/etc/postfix/sender_transport: ># Searched by sender email address and @domain. >@example.comsmtp-example-com >@example.orgsmtp-example-org >... > >/etc/postfix/master.cf: >smtp-example-com .. .. .. .. .. .. .. smtp >-o smtp_tls_cert_file=/etc/postfix/example-com-cert.pem >smtp-example-org .. .. .. .. .. .. .. smtp >-o smtp_tls_cert_file=/etc/postfix/example-org-cert.pem >... > >To make this more scalable, the Postfix SMTP client would need the >opposite of tls_server_sni_maps, to dynamically choose the client >certificate based on the sender info. > > Wietse
Re: TLS client certs question
Thanks Viktor, That's good to know. Where can I find this walkthrough? Chris On Aug 7, 2021, 17:25, at 17:25, Viktor Dukhovni wrote: >On Sat, Aug 07, 2021 at 11:10:39AM +0100, Chris Bamford wrote: > >> I would like to know how Postfix handles client certificates for >delivery >> i.e. when it makes a remote connection to deliver email. >> >> Is it possible to control the certificate that is used per domain? > >Wietse posted a detailed walk through for per *sender* domain client >certs. The short answer is that: > >* Client certificates are per-transport. Multiple TLS client certs > require multiple smtp/unix transports. > > * You can choose the transport by destination domain, and/or partition > the choice of default transport by sender domain. > >-- >VIktor.
TLS client certs question
Hello, I would like to know how Postfix handles client certificates for delivery i.e. when it makes a remote connection to deliver email. Is it possible to control the certificate that is used per domain? Thanks, - Chris
Re: Unable to connect to IMAP - Exceeded Maximum Number of Connections
On Wed, Jun 23, 2021 at 11:43:32AM +0200, Bastian Blank wrote: > On Wed, Jun 23, 2021 at 10:36:49AM +0100, Adam Weremczuk wrote: > > "Unable to connect to your IMAP server. > > You may have exceeded the maximum number of connections to this server. > > If so use the Advanced IMAP Server Settings dialog to reduce the number of > > cached connections." > > Postfix does not speak IMAP, this is all Cyrus. As this is a Postfix > mailing list, you are barking up the wrong tree. > > Also, this does not look like an IMAP error message. You need to read > logs and/or get correct error messages out of your client. "Unable to > connect" sounds like: I can't open a TCP connection, so it might be your > routing. > > I don't even think this is Cyrus related, so your best bet is the > Thunderbird support. > Yes, in my experience it's a pretty standard problem with Thunderbird. -- Chris Green
Re: Message sent by SMTP get lost whereas those via pickup(sendmail) are OK
On Sun, May 16, 2021 at 10:14:45PM +0200, Jaroslaw Rafa wrote: > Dnia 16.05.2021 o godz. 13:58:22 Bob Proulx pisze: > > Chris Green wrote: > > > I am trying to debug it by connecting directly to port 25 on localhost > > > using telnet and composing mail that way. > > > > I highly recommend "swaks" the Swiss Army Knife SMTP, the all-purpose > > SMTP transaction tester utility program for generating test emails > > using SMTP transactions. For example: > > Ubuntu desktop should have Thunderbird preinstalled. Why not just try to > send mail using a regular mail client? Most mail clients will use sendmail rather than SMTP on port 25 (or another port) won't they? As I said my postfix works fine for sending E-Mails from my MUA (mutt) which uses sendmail. I must say that swaks looks handy though and it's available from the Ubuntu repositories so it's very easy for me to install and use. -- Chris Green
Message sent by SMTP get lost whereas those via pickup(sendmail) are OK
I have postfix running on my xubuntu 21.10 desktop machine and it's working fine for sending mail from mutt which uses the 'sendmail' interface. However I have a script which attempts to send using localhost port 25 and that doesn't appear to work. I am trying to debug it by connecting directly to port 25 on localhost using telnet and composing mail that way. It appears to be sent according to the postfix mail.log but it just disappears. I.e., from mail.log, this message never arrives:- May 16 16:57:23 esprimo postfix/smtpd[190440]: 865FE2C01D6: client=localhost[127.0.0.1] May 16 16:57:36 esprimo postfix/cleanup[190255]: 865FE2C01D6: message-id=<20210516155723.865fe2c0...@esprimo.zbmc.eu> May 16 16:57:36 esprimo postfix/qmgr[1316]: 865FE2C01D6: from=, size=356, nrcpt=1 (queue active) May 16 16:57:37 esprimo postfix/smtp[190560]: 865FE2C01D6: to=, relay=mail.gandi.net[217.70.178.9]:465, delay=24, delays=23/0.01/0.57/0.36, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3D57D1C0003) May 16 16:57:37 esprimo postfix/qmgr[1316]: 865FE2C01D6: removed May 16 16:58:08 esprimo postfix/smtpd[190440]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 unknown=0/1 commands=5/6 ... but this one sent from mutt via postfix's sendmail arrives OK (you can see it arriving):- May 16 16:55:46 esprimo postfix/qmgr[1316]: 021532C0841: from=, size=425, nrcpt=1 (queue active) May 16 16:55:46 esprimo postfix/smtp[190257]: 021532C0841: to=, relay=mail.gandi.net[217.70.178.9]:465, delay=0.54, delays=0.01/0/0.18/0.35, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 68B71240003) May 16 16:55:46 esprimo postfix/qmgr[1316]: 021532C0841: removed May 16 16:55:49 esprimo postfix/smtpd[190353]: connect from p3plsmtp25-04-2.prod.phx3.secureserver.net[216.69.139.18] May 16 16:55:50 esprimo postfix/smtpd[190353]: 2AEBF2C01EB: client=p3plsmtp25-04-2.prod.phx3.secureserver.net[216.69.139.18] May 16 16:55:50 esprimo postfix/cleanup[190255]: 2AEBF2C01EB: message-id=<20210516155545.GC189386@esprimo> May 16 16:55:50 esprimo postfix/qmgr[1316]: 2AEBF2C01EB: from=, size=2507, nrcpt=1 (queue active) May 16 16:55:50 esprimo postfix/local[190332]: 2AEBF2C01EB: to=, relay=local, delay=0.49, delays=0.43/0/0/0.06, dsn=2.0.0, status=sent (delivered to command: /home/chris/.mutt/bin/filter.py) May 16 16:55:50 esprimo postfix/qmgr[1316]: 2AEBF2C01EB: removed So what's the difference? I *guess* that something in between must be rejecting the first one for some reason. -- Chris Green
Re: Speaking of Firefox and HTTP^H^H^H^HFTP...
On Fri, Apr 23, 2021 at 12:36:29AM -0400, Viktor Dukhovni wrote: > On Thu, Apr 22, 2021 at 10:41:14PM -0400, John Levine wrote: > > It appears that Viktor Dukhovni said: > > >[ Wietse's upstream FTP site for Postfix source tarballs will soon no > > > longer be browser-accessible. :-( ] > > > > If you use a Mac, FTP is built into the Finder. Who needs a browser? > > Yes, but it is rather a lot slower to produce a listing, because it > wants to treat FTP as a filesystem... :-( > Following the Unix (and Linux?) philosophy of small programs that do one thing well I've always used [nc]ftp on Unix and Linux systems. -- Chris Green
Re: File-format for Included Files for main.cf Options
On Fri, Feb 12, 2021 at 01:08:07PM -0500, Viktor Dukhovni wrote: > On Fri, Feb 12, 2021 at 11:14:24AM +, Dominic Raferd wrote: > > > On 12/01/2021 01:21, Viktor Dukhovni wrote: > > > On Tue, Jan 12, 2021 at 01:00:26AM +, JL (Postfix Readers A/c) wrote: > > > > > >> Can someone point me at the right place in the docs, or offer advice > > >> which maybe could also be added to the docs (!) to help others? > > > Each main.cf parameter documents its syntax. Various parameters, that > > > take literal lists of values in-line, also take a file name whose > > > content contains similar values... > > > > How to know which parameters accept a filename as argument in this way? > > > > By experiment, myorigin does but mydomain and myhostname do not. It > > would be helpful (to me) if myhostname took a filename as argument. > > You're perhaps confusing myorigin with mydestination. > > The myorigin parameter is also not a match list, and so (in the > "upstream" official Postfix releases) does not support indirect > specification via a file. > > I am not aware of any "single-valued" parameters that are match lists in > the upstream release. Debian patches Postfix to support an external > file for (IIRC) myhostname, but that's not something that you'll see > otherwise. > The Debian patch sets myorigin:- # Debian GNU/Linux specific: Specifying a file name will cause the # first line of that file to be used as the name. The Debian default # is /etc/mailname. # #myorigin = /etc/mailname -- Chris Green
Re: How to deal with sending mail from host isbd.uk?
On Fri, Feb 12, 2021 at 11:33:53AM -0500, Wietse Venema wrote: > Chris Green: > > Just a quickie, how do I configure /etc/hostname etc. for a system at > > isbd.uk? > > > > It really *is* just isbd.uk:- > > > > chris$ host isbd.uk > > isbd.uk has address 92.243.2.29 > > isbd.uk mail is handled by 0 mail.vhdns.net. > > > > So, if I set /etc/hostname to isbd.uk then postfix thinks the domain > > name is just uk which doesn't work very well. > > Set MYDOMAIN too, if MYHOSTNAME is a domain instead of leaf node. > OK, thanks. -- Chris Green
How to deal with sending mail from host isbd.uk?
Just a quickie, how do I configure /etc/hostname etc. for a system at isbd.uk? It really *is* just isbd.uk:- chris$ host isbd.uk isbd.uk has address 92.243.2.29 isbd.uk mail is handled by 0 mail.vhdns.net. So, if I set /etc/hostname to isbd.uk then postfix thinks the domain name is just uk which doesn't work very well. -- Chris Green
Re: Cloud9.net related responses
On Thu, Feb 11, 2021 at 11:09:06PM -0700, Bob Proulx wrote: > Bryan L. Gay wrote: > > I'm seeing some mailing list messages with to: > > postfix-us...@cloud9.net in the header. I had to update my filters to > > get them sorted into my postfix mailing list folder. > > If one is filtering mail selecting for mail through a mailing list > then one should not use the To: or Cc: for that filtering. The best > and expected header to use is the List-Id: header. That's the > standard mailing list header. See RFC2929. > > RFC 2929 https://tools.ietf.org/html/rfc2919 > > All mail through this mailing list sets this header. > > List-Id: Postfix users > Yes, that's all very well, but not all mailing lists are so well behaved so a general mailing list filter can't rely on this. One would have to base the filter on a combination of things. My filter currently relies on a single filtering string so it can't do this but, on thinking about it, it wouldn't be that difficult to come up with a 'double match' approach. However, whether it's worth the effort I'm not sure, it's "good enough" at the moment. -- Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Thu, Feb 11, 2021 at 02:16:19PM -0700, Bob Proulx wrote: > Chris Green wrote: > > Matus UHLAR - fantomas wrote: > > > >chris@isbdGandi$ more /etc/hosts > > > >127.0.0.1 isbdGandi.isbd.uk isbdGandi isbd localhost > > > > > > no no no. > > > 127.0.0.1 is always supposed to resolve to "localhost". > > > If those hosts don't have their assigned IP, Debian uses "127.0.1.1" for > > > their hostnames. > > +1. Strong agreement. > > > Given that some of my systems have their IP address allocated > > dynamically there's not really much alternative except to put the > > system's name against 127.0.0.1. Lots of things *do* rely on the name > > being there. (or for 127.0.1.1). > > If you are already going to edit /etc/hosts then you have already > committed to having a unique file on each system. > > But instead of abusing the 127.0.0.1 entry use a different loopback > address such as the typical 127.0.1.1 address which provides an always > available address and avoids the problems created by diverting > localhost. > Yes, you're absolutely right, 127.0.0.1 should be only localhost. Other names, if required, can go against 127.0.1.1 or similar. This was actually how all my systems except for one (the one I took the example from, typical) were configured. I've never noticed any problems with the one that was misconfigured though (I have corrected it now). -- Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Thu, Feb 11, 2021 at 07:26:27PM -0700, @lbutlr wrote: > On 11 Feb 2021, at 12:56, Chris Green wrote: > > On Thu, Feb 11, 2021 at 12:12:53PM -0700, @lbutlr wrote: > >> On 11 Feb 2021, at 04:45, Chris Green wrote: > >>> Yes, I think this is what it comes down to, *something* needs to be > >>> changed for each system. I was just hoping that postfix could use > >>> something that was there already (the systems do know their names and > >>> domains already). > >> > >> You keep saying this, but the evidence you provide shows they do not. > >> > >> If you set hostname on each system to the FQDN then everything works. > >> Single > >> main.cf Gile with no per-machine changes. This is what you said you want, > >> and yet you seem to be very resident to setting your machines' hostnames. > >> > > Yes, exactly! If I "set hostname on each system" it's one more thing > > I have to do on every system. > > OK, but the I something you should be doing already, IMO. What is the point > of having a FQDN if you are not using it? And you are already editing > /etc/hosts > (incorrectly), so you're already doing something on every system. > > It seems like what you want is "This should work how I want and I should > not have to do nothing at all to make it work"? > > Again, set FQDN on your machines and everything works as it should, even > things you have not though about. > If only! :-) If I set the FQDN in /etc/hostname it won't be "right for everything else" I'm afraid. I have had several long, long discussions in two other places (the dnsmasq mailing list and another dealing with resolvconf), it's a can of worms. The fewer places that I have to set the hostname and domain the better, ideally it should be possible to set them in just one place but that isn't going to happen (ever?), so minimising what one has to do seems a reasonable idea to me. -- Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Thu, Feb 11, 2021 at 12:12:53PM -0700, @lbutlr wrote: > On 11 Feb 2021, at 04:45, Chris Green wrote: > > Yes, I think this is what it comes down to, *something* needs to be > > changed for each system. I was just hoping that postfix could use > > something that was there already (the systems do know their names and > > domains already). > > You keep saying this, but the evidence you provide shows they do not. > > If you set hostname on each system to the FQDN then everything works. Single > main.cf Gile with no per-machine changes. This is what you said you want, > and yet you seem to be very resident to setting your machines' hostnames. > Yes, exactly! If I "set hostname on each system" it's one more thing I have to do on every system. -- Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Thu, Feb 11, 2021 at 11:36:24AM +0100, Matus UHLAR - fantomas wrote: > > > On 10.02.21 15:55, Chris Green wrote: > > > > I could just edit the value in each system, but then all the main.cf > > > > files would be different. > > > On Wed, Feb 10, 2021 at 05:31:47PM +0100, Matus UHLAR - fantomas wrote: > > > setting "myhostname = $(dnsdomainname)" what Wietse recommended would not. > > On 10.02.21 17:05, Chris Green wrote: > > Yes, but since I'd have to add something to each rc.local (and they're > > mostly default, i.e. as installed) it's more stuff to keep maintained. > > either you have to change system hostname to a FQDN anywhere once > or you have to change postfix's main.cf to correct domain anywhere once > or you have to change rc.local to set postfix domain anywhere at each boot > > you still have to change something, because your systems are clearly not > configured enough to find the FQDN by default. > Yes, I think this is what it comes down to, *something* needs to be changed for each system. I was just hoping that postfix could use something that was there already (the systems do know their names and domains already). > > > I was in your situation some years ago, when I maintained the same configs > > > for multiple apps on multiple servers. I maintained /etc/hosts and > > > hostnames per-machine and most of the rest was the same. > > > > > So I have the FQDN everywhere:- > > > >chris@isbdGandi$ hostname > >isbdGandi.isbd.uk > >chris@isbdGandi$ more /etc/hosts > ># The following lines are desirable for IPv4 capable hosts > >127.0.0.1 isbdGandi.isbd.uk isbdGandi isbd localhost > > no no no. > 127.0.0.1 is always supposed to resolve to "localhost". > If those hosts don't have their assigned IP, Debian uses "127.0.1.1" for > their hostnames. > Given that some of my systems have their IP address allocated dynamically there's not really much alternative except to put the system's name against 127.0.0.1. Lots of things *do* rely on the name being there. (or for 127.0.1.1). -- Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
I'm sorry everyone if I got a bit heated about this. I *think* I have most of the information I need to sort it out one way or another, and there probably isn't a 'right' answer. :-) ... and as I said before, a big thank you for all the help, I do appreciate it even if it might not seem like it sometimes. -- Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Wed, Feb 10, 2021 at 01:11:49PM -0700, Bob Proulx wrote: > Chris Green wrote: > > Viktor Dukhovni wrote: > > > Chris Green wrote: > > > > Local hostname doesn't have FQDN by default though:- > > > > > > > > chris@isbdGandi$ hostname > > > > isbdGandi > > > > chris@isbdGandi$ hostname -f > > > > isbdGandi.isbd.uk > > > > > > > > > Do your OS instances have their hostnames? > > > > > > > > See above. > > > > > > The simplest solution is to arrange for the systems to instead have > > > fully-qualified hostnames. This will likely have additional benefits > > > down the line. > > > > They have, it doesn't seem to help. > > I believe there is some confusion between "hostname" and "hostname -f" > that is creating problems. When people say "hostname" should return > the FQDN they mean that this should be true. > > $ hostname > isbdGandi.isbd.uk # simulation > > That is completely different from this. Completely different. > > $ hostname -f > isbdGandi.isbd.uk # simulation > OK, but every system I know about has hostname as just the hostname with no domain. This is how systems are *actually* configured in the main. It's not just my systems. It's how systems are configured 'out of the box' as installed with various different (OK, mostly LInux) different operating systems. It *may* be wrong but I'm afraid it's the way things are. I have looked at Debian, Ubuntu, Raspberry Pi - they are all this way. I have found one exception, one of my hosting services has the full domain as the hostname. > Also, it was previously noted that isbdGandi.isbd.uk is not a valid > domain name. > > $ host isbdGandi.isbd.uk > Host isbdGandi.isbd.uk not found: 3(NXDOMAIN) > > Therefore using that as the system hostname would not be helpful. > So, I have several local systems on a LAN behind a single NATted ipv4 address which is zbmc.eu, they have to have names, those names are necssarily invalid 'outside'. The hostname isbdGandi.isbd.uk is similar, it just happens to be a single system on the isbd.uk IP. The system has a name, the domain is isbd.uk, what should I call it? > Philosophical Discussion Time > > However there is a split in the thinking. Most of the people on this > list are in the side that wants the hostname to be a FQDN. And then > it applies globally to every program running on the system. The > Highlander principle. "There can only be one." That's a BSD > traditional behavior. > > But the other side of the split wants the hostname to be the short > hostname. And then the domain is specified in applications. Then > there can be many IP addresses on a host and many domains serviced by > the many IP addresses. Most GNU/Linux systems default this way. > > You appear to be using a GNU/Linux distribution that is typical and > defaults to the short hostname. Which means you can override that > locally and follow "The BSD Way" and have one IP and one domain > globally. Or you can set it for Postfix. Or you can use a Debian, > Ubuntu, Mint, Trisquel, others, specific behavior of /etc/myorigin. > Or you can customize main.cf's myhostname. Or any other of the many > possible solutions to this problem. > Yes, I think you have hit exactly on the issue! :-) Not everyone agrees what the 'hostname' should be. I'm stuck in the crossfire. > > What exactly do you mean by "... have fully-qualified hostnames?". I > > know what you mean by FQDN but in general although 'hostname -f' and > > 'dnsdomainname' return the domain name postfix still doesn't use it. > > When Postfix says "hostname" it means "hostname" not "hostname -f". > > The operation of "hostname -f" is to do a reverse DNS lookup on an IP > address associated with the host. This is actually not something that > is guarenteed to be configured on the host. Unless it is configured > in /etc/hosts locally it will fall through to DNS and depend upon the > DNS entry for the IP address. (Which also requires live networking > active at that moment too.) But which IP address? > > The actual configuration values for /etc/hosts is also problematic. > Because 127.0.0.1 should map to "localhost" and "localhost" should map > to 127.0.0.1. However many people have hacked this locally to map to > The One FQDN globally for the system. This topic by itself is a large > discussion of a surprisingly large number of combinations, some of > which work for some things but not others, and the reverse. > >
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Wed, Feb 10, 2021 at 02:13:22PM -0500, Viktor Dukhovni wrote:
> On Wed, Feb 10, 2021 at 05:41:49PM +0000, Chris Green wrote:
>
> > OK, what I want to do is as follows:-
> >
> > I have several headless machines which need to be able to send error
> > and other messages to me ch...@isbd.co.uk.
>
> Directly to that address, or indirectly by sending mail to various local
> accounts that alias to this address? If the latter, and $myorigin is
> listed in $mydestination, then alias these various accounts to the
> desired recipient address.
>
I don't mind how it gets there. :-) However the case in question is
a headless virtual server isbd.uk which is run by Gandi Internet in
France. I want the messages from there to get to my main E-Mail
address which is ch...@isbd.co.uk hosted on an entirely different
hosting service in the UK.
>
> > Looking at what you say above I see the following (on one of the
> > existing systems in the LAN behind zbmc.eu) :-
> >
> > chris$ postconf -d myorigin
> > myorigin = $myhostname
>
> Now you're reporting built-in default values ("-d" option of
> "postconf"). That's not useful. I was specifically telling what the
> *default* value is. If you have a non-default value you can report
> it via "postconf -n".
>
> > chris$ hostname -f
> > t470.zbmc.eu
>
> This is irrelevant.
>
> > chris$ hostname
> > t470
>
> This shows a non-FQDN hostname.
>
Which seems to be how just about every system configures itself.
It's all very well saying that the 'hostname' should include the
domain name but in the real world nothing ever seems to be actually
like that.
If (and it's a big if) I configure the hostname to be a FQDN how do I
then get mail sent to 'chris' out of isbd.uk to ch...@isbd.co.uk?
--
Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Wed, Feb 10, 2021 at 10:37:15AM -0700, @lbutlr wrote:
> On 10 Feb 2021, at 10:05, Chris Green wrote:
> > but this doesn't seem to have worked. What am I doing wrong now? (I
> > have run 'newaliases').
>
> what does
>
> postconf -d myhostname mydomain myorigin
>
> Report?
>
> It should report:
>
> myhostname = isbdGandi.isbd.uk
> mydomain = isbd.uk
> myorigin = $myhostname
>
chris@isbdGandi$ postconf -d myhostname mydomain myorigin
myhostname = isbdGandi.isbd.uk
mydomain = isbd.uk
myorigin = $myhostname
... and:-
chris@isbdGandi$ hostname
isbdGandi.isbd.uk
chris@isbdGandi$ dnsdomainname
isbd.uk
chris@isbdGandi$ hostname -f
isbdGandi.isbd.uk
chris@isbdGandi$
With the system configure like this postfix sends mail for 'chris' to
'ch...@isbd.uk' which isn't very helpful, I need it to be sent to
'ch...@isbd.co.uk'.
The above is with hostname set to the fqdn by running 'hostname
isbdGandi.isbd.uk' as root. However this isn't persistent, rebooting
sets hostname back to just isbdGandi.
If I reboot and don't explicitly set hostname I see:-
chris@isbdGandi$ hostname
isbdGandi
chris@isbdGandi$ hostname -f
isbdGandi.isbd.uk
chris@isbdGandi$ dnsdomainname
isbd.uk
chris@isbdGandi$ postconf -d myhostname mydomain myorigin
myhostname = isbdGandi.localdomain
mydomain = localdomain
myorigin = $myhostname
Obviously postfix uses localdomain as the domain and mail gets
rejected. The configuration with just isbdGandi as the hostname seems
to be the default/right way that Linux systems expect to be.
--
Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Wed, Feb 10, 2021 at 12:17:47PM -0500, Viktor Dukhovni wrote:
> On Wed, Feb 10, 2021 at 05:05:52PM +0000, Chris Green wrote:
>
> This may be a good time to clearly (re)state what problem you're trying
> to solve, now that you're apparently able to assign the desired mydomain
> to each machine.
>
OK, what I want to do is as follows:-
I have several headless machines which need to be able to send error
and other messages to me ch...@isbd.co.uk. All these systems have
'send only' postfix configurations whose sole function is to send
these messages to me. Originally all these systems were on a LAN
behind zbmc.eu so setting 'mydomain = zbmc.eu' in main.cf worked for
all of them and I could use the same main.cf.
I now would like to use the same main.cf file in a few more systems
which are not on the same LAN and thus not the same domain. Ideally
I'd like to continue using the same main.cf for all these systems,
this is simply to make my life easier maintaining them and such.
Looking at what you say above I see the following (on one of the
existing systems in the LAN behind zbmc.eu) :-
chris$ postconf -d myorigin
myorigin = $myhostname
chris$ postconf -d myhostname
myhostname = t470.localdomain
chris$ dnsdomainname
zbmc.eu
chris$ hostname -f
t470.zbmc.eu
chris$ hostname
t470
So one can see why (at present) I need to set 'mydomain = zbmc.eu'
explicitly in main.cf, however I don't quite see how to change things
so that they work how I want.
Thanks for all the help so far everybody, I really do appreciate it.
--
Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Wed, Feb 10, 2021 at 11:36:42AM -0500, Viktor Dukhovni wrote: > On Wed, Feb 10, 2021 at 03:01:44PM +0000, Chris Green wrote: > > > Local hostname doesn't have FQDN by default though:- > > > > chris@isbdGandi$ hostname > > isbdGandi > > chris@isbdGandi$ hostname -f > > isbdGandi.isbd.uk > > > > > Do your OS instances have their hostnames? > > > > See above. > > The simplest solution is to arrange for the systems to instead have > fully-qualified hostnames. This will likely have additional benefits > down the line. > They have, it doesn't seem to help. What exactly do you mean by "... have fully-qualified hostnames?". I know what you mean by FQDN but in general although 'hostname -f' and 'dnsdomainname' return the domain name postfix still doesn't use it. -- Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Wed, Feb 10, 2021 at 05:31:47PM +0100, Matus UHLAR - fantomas wrote:
> > > Dnia 10.02.2021 o godz. 15:10:09 Chris Green pisze:
> > > >
> > > > These systems are all systemd'ed so I can't just run postfix as above.
> > > > However will 'postconf "myhostname = $(dnsdomainname)"' actually
> > > > change/set the myhostname value in main.cf? If so then simply putting
> > > > the postconf command in /etc/rc.local will do all I need, especially
> > > > after one reboot.
>
> > On Wed, Feb 10, 2021 at 04:40:13PM +0100, Jaroslaw Rafa wrote:
> > > Are these machines moved from domain to domain? Ie. is it possible that
> > > "dnsdomainname" will change, or is it the same all the time? If the
> > > latter,
> > > I don't see why do you need to set it at each reboot - it is enough to set
> > > it once. So I would try to set it in a script that deploys/copies Postfix
> > > configuration to the target machine.
>
> On 10.02.21 15:55, Chris Green wrote:
> > I could just edit the value in each system, but then all the main.cf
> > files would be different.
>
> setting "myhostname = $(dnsdomainname)" what Wietse recommended would not.
>
Yes, but since I'd have to add something to each rc.local (and they're
mostly default, i.e. as installed) it's more stuff to keep maintained.
> Setting FQDN hostname or maybe setting own IP with FQDN in /etc/hosts would
> not (I'm not sure whether te latter one would be enough, you can try)
>
Yes, I've tried these. I added the FQDN to /etc/hosts such that
dnsdomainname returns the domain but postfix doesn't use that. I've
also tried setting 'hostname ' and that hasn't helped either.
> I was in your situation some years ago, when I maintained the same configs
> for multiple apps on multiple servers. I maintained /etc/hosts and
> hostnames per-machine and most of the rest was the same.
>
So I have the FQDN everywhere:-
chris@isbdGandi$ hostname
isbdGandi.isbd.uk
chris@isbdGandi$ more /etc/hosts
# The following lines are desirable for IPv4 capable hosts
127.0.0.1 isbdGandi.isbd.uk isbdGandi isbd localhost
...
...
chris@isbdGandi$ dnsdomainname
isbd.uk
chris@isbdGandi$
... and now postfix sends cron mail *to* ch...@isbd.uk as well as from
ch...@isbd.uk which doesn't help at all! I have an entry for chris in
/etc/aliases:-
chris:ch...@isbd.co.uk
but this doesn't seem to have worked. What am I doing wrong now? (I
have run 'newaliases').
--
Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Wed, Feb 10, 2021 at 04:40:13PM +0100, Jaroslaw Rafa wrote: > Dnia 10.02.2021 o godz. 15:10:09 Chris Green pisze: > > > > These systems are all systemd'ed so I can't just run postfix as above. > > However will 'postconf "myhostname = $(dnsdomainname)"' actually > > change/set the myhostname value in main.cf? If so then simply putting > > the postconf command in /etc/rc.local will do all I need, especially > > after one reboot. > > Are these machines moved from domain to domain? Ie. is it possible that > "dnsdomainname" will change, or is it the same all the time? If the latter, > I don't see why do you need to set it at each reboot - it is enough to set > it once. So I would try to set it in a script that deploys/copies Postfix > configuration to the target machine. I could just edit the value in each system, but then all the main.cf files would be different. Currently I have a single main.cf file kept in mercurial that I deploy on all these systems. If I change the file in my mercurial repository the change gets distributed to all systems (by a file synchronising process). I'm just trying to see if I can keep my single master version of main.cf with a different domain name for each system. I can keep different versions of main.cf for each system in mercurial but that means if I want/need to change something related to postfix I have to remember to make the change in multiple main.cf files. I don't currently have a mechanism for manipulating files during deployment from the mercurial repository to the destination. -- Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Wed, Feb 10, 2021 at 09:53:02AM -0500, Wietse Venema wrote: > Chris Green: > > On Wed, Feb 10, 2021 at 03:14:11PM +0100, Matus UHLAR - fantomas wrote: > > > On 10.02.21 13:57, Chris Green wrote: > > > > It would be really handy if I could get postfix to use the value > > > > returned by the dnsdomainname command for its mydomain value as I > > > > could then use the same main.cf file in several headless 'send only' > > > > systems where postfix is used solely for sending error messages from > > > > cron and similar. > > > > > > > > There isn't an 'include' type directive in postfix configuration so I > > > > can't see any way of doing this by capturing the output of > > > > dnsdomainname at startup and then including this in main.cf. > > > > > > > > Has anyone else wanted to do anything like this and come up with a > > > > solution? > > > > > > > > > the default is get from your myhostname, can't you set up that one? > > > > > > btw are you sure you dont mean myorigin instead of mydomain? > > > > > Apart from the TLS/SASL bits the main.cf for all these headless > > systems is:- > > > > mydomain = zbmc.eu > > myorigin = $mydomain > > relayhost = [mail.gandi.net]:465 > > luser_relay = ch...@isbd.co.uk > > local_recipient_maps = > > # > > # > > # We don't accept any incoming connections > > # > > mydestination = > > inet_interfaces = loopback-only > > > > So myhostname isn't explicitly set. > > > > Having 'mydomain = zbmc.eu' worked until now because the systems in > > question were on a LAN which is zbmc.eu. However I'd now rather like > > to use the same main.cf on some systems which aren't on the same LAN. > > It does need to be set so that one can tell easily where messages come > > from. > > First, there is no requirement to SET myhostname. Postfix uses the SYSTEM > HOSTNAME by default. Postfix will automatically append $mydomain > if the SYSTEM HOSTNAME is not in FQDN form. > Yes, OK, that's exactly what I'm seeing. > Second, please don't run sed on main.cf or master.cf. Use postconf > commands instead. > > For example: > > postconf "myhostname = $(dnsdomainname)" > postfix start > OK, I was just explaining why I didn't particularly want to do this sort of thing, sed was just the first thing that came to mind. These systems are all systemd'ed so I can't just run postfix as above. However will 'postconf "myhostname = $(dnsdomainname)"' actually change/set the myhostname value in main.cf? If so then simply putting the postconf command in /etc/rc.local will do all I need, especially after one reboot. > Not all the world is LINUX, and most systems get along with the > defaults just fine. > Yes, I know, I'm from a mixed background of Sun Solaris and Dec Ultrix in days gone by. I just get my ?nix fix by running Linux on all my own systems! :-) -- Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Wed, Feb 10, 2021 at 03:47:29PM +0100, Matus UHLAR - fantomas wrote: > On 10.02.21 14:36, Chris Green wrote: > > Apart from the TLS/SASL bits the main.cf for all these headless > > systems is:- > > > >mydomain = zbmc.eu > >myorigin = $mydomain > >relayhost = [mail.gandi.net]:465 > >luser_relay = ch...@isbd.co.uk > >local_recipient_maps = > ># > ># > ># We don't accept any incoming connections > ># > >mydestination = > >inet_interfaces = loopback-only > > > > So myhostname isn't explicitly set. > > myhostname is set by default to your local hostname and mydomain is set by > default to your hostname stripped of first segment. > Local hostname doesn't have FQDN by default though:- chris@isbdGandi$ hostname isbdGandi chris@isbdGandi$ hostname -f isbdGandi.isbd.uk > Do your OS instances have their hostnames? > See above. > > Having 'mydomain = zbmc.eu' worked until now because the systems in > > question were on a LAN which is zbmc.eu. However I'd now rather like > > to use the same main.cf on some systems which aren't on the same LAN. > > It does need to be set so that one can tell easily where messages come > > from. > > don't set the myhostname or mydomain in main.cf, and you'll get the default > values. You can use them. > If I remove the mydomain setting from main.cf outgoing mail fails:- Feb 10 15:42:03 isbdGandi postfix/smtp[3852]: A59B186D46: to=, relay=mail.gandi.net[217.70.178.9]:465, delay=0.35, delays=0.06/0/0.07/0.21, dsn=5.5.2, status=bounced (host mail.gandi.net[217.70.178.9] said: 504 5.5.2 : Recipient address rejected: need fully-qualified address (in reply to RCPT TO command)) -- Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Wed, Feb 10, 2021 at 03:14:11PM +0100, Matus UHLAR - fantomas wrote: > On 10.02.21 13:57, Chris Green wrote: > > It would be really handy if I could get postfix to use the value > > returned by the dnsdomainname command for its mydomain value as I > > could then use the same main.cf file in several headless 'send only' > > systems where postfix is used solely for sending error messages from > > cron and similar. > > > > There isn't an 'include' type directive in postfix configuration so I > > can't see any way of doing this by capturing the output of > > dnsdomainname at startup and then including this in main.cf. > > > > Has anyone else wanted to do anything like this and come up with a > > solution? > > > the default is get from your myhostname, can't you set up that one? > > btw are you sure you dont mean myorigin instead of mydomain? > Apart from the TLS/SASL bits the main.cf for all these headless systems is:- mydomain = zbmc.eu myorigin = $mydomain relayhost = [mail.gandi.net]:465 luser_relay = ch...@isbd.co.uk local_recipient_maps = # # # We don't accept any incoming connections # mydestination = inet_interfaces = loopback-only So myhostname isn't explicitly set. Having 'mydomain = zbmc.eu' worked until now because the systems in question were on a LAN which is zbmc.eu. However I'd now rather like to use the same main.cf on some systems which aren't on the same LAN. It does need to be set so that one can tell easily where messages come from. -- Chris Green
Re: Can I get postfix to use what's returned by dnsdomainname for mydomain?
On Wed, Feb 10, 2021 at 03:03:47PM +0100, ludic...@gmail.com wrote: > > Von: owner-postfix-us...@postfix.org Im > > Auftrag von Chris Green > > Gesendet: Mittwoch, 10. Februar 2021 14:57 > > An: postfix-users@postfix.org > > Betreff: Can I get postfix to use what's returned by dnsdomainname for > > mydomain? > > > > It would be really handy if I could get postfix to use the value returned by > > the dnsdomainname command for its mydomain value as I could then use the > > same main.cf file in several headless 'send only' > > systems where postfix is used solely for sending error messages from cron > > and similar. > > > > There isn't an 'include' type directive in postfix configuration so I can't > > see any way of doing this by capturing the output of dnsdomainname at > > startup and then including this in main.cf. > > > > Has anyone else wanted to do anything like this and come up with a solution? > > Can't this be simply done by bash/cron? > > Execute dnsdomainname > Alter main.cf > postfix reload > > Not sure about startup / system boot. > > Just my first thoughts. > Yes, I *could* do something like this but it's quite a bit of added complexity for what is really quite a simple requirement. I'd have to add a bit of code to run from (say) /etc/rc.local which would have to run sed or something similar against the main.cf file. -- Chris Green
Can I get postfix to use what's returned by dnsdomainname for mydomain?
It would be really handy if I could get postfix to use the value returned by the dnsdomainname command for its mydomain value as I could then use the same main.cf file in several headless 'send only' systems where postfix is used solely for sending error messages from cron and similar. There isn't an 'include' type directive in postfix configuration so I can't see any way of doing this by capturing the output of dnsdomainname at startup and then including this in main.cf. Has anyone else wanted to do anything like this and come up with a solution? -- Chris Green
Re: User script for modifying main.cf and other config files
On Sun, Feb 07, 2021 at 02:47:11PM -0500, Wietse Venema wrote: > Alex: > > Hi, > > > > I'm working on a front-end to modify our main.cf and other config > > files, such as the transport and relay_recips file and want to be sure > > I'm doing it securely. > > > > Postfix complains if the files are not owned by root, but I don't want > > the script to have to run as root. What is the most secure way to do > > this? > > > > Perhaps passwordless sudo with the explicit ability to act on these > > files and reload/restart postfix? Is it okay to create a backup > > directory in /etc/postfix that's owned by this script user? > > Postfix requires that config files are not writable by users. > If a non-root user can change the Postfix configuration, then that > user has root privileges over your system. The user may not know > how, but at this point all that remains is just security by obscurity. > Is some sort of sudo access possible, i.e. only the specific users you want to enable are able to run the script with sudo privilege. The /etc/sudoers file and associated configuration is somewhat arcane but actually very flexible in what's possible. -- Chris Green
Re: Copying settings in main.cf from postfix 3.5.6 to postfix 3.3.0 - any major issues?
On Thu, Jan 21, 2021 at 04:33:07PM -0500, Wietse Venema wrote: > Chris Green: > > I currently have mail for ch...@isbd.co.uk and c...@isbd.net forwarded > > by my hosting service to a Postfix server on my desktop machine (which > > is zbmc.eu). The Postfix configuration is fairly simple, just accepts > > mail for the zbmc.eu domain and sends mail via my hosting service's > > smarthost. > > > > I want to create a similar Postfix server installation on a VPS I > > already run so that if my home desktop machine has a long down time > > for any reason I can forward my mail from my hosting provider to the > > VPS instead. This is a simple reconfiguration on my hosting provider. > > > > The VPS has postfix version 3.3, my desktop has version 3.5.6, am I > > likely to encounter any problems with a similar main.cf on the older > > version? I realise I have to change the myorigin, mydestination and > > myhostname but I'm hoping that's basically all. > > I suggest that you look in the RELEASE_NOTES file. Configurations > that work for Postfix 3.3 should also work with Postfix 3.5.6. The > other way around is not possible if you use Postfix 3.5 features > that don't exist in Postfix 3.3. > > Why can't both servers run the same version? > The versions of Postfix are those that are provided by the Ubuntu repositories for the Ubuntu versions being run. The VPS is running an older version of Ubuntu as that's all the hosting service provides. I *could* maybe try and install a newer version of Postfix, it's easy enough to try I guess. -- Chris Green
Copying settings in main.cf from postfix 3.5.6 to postfix 3.3.0 - any major issues?
I currently have mail for ch...@isbd.co.uk and c...@isbd.net forwarded by my hosting service to a Postfix server on my desktop machine (which is zbmc.eu). The Postfix configuration is fairly simple, just accepts mail for the zbmc.eu domain and sends mail via my hosting service's smarthost. I want to create a similar Postfix server installation on a VPS I already run so that if my home desktop machine has a long down time for any reason I can forward my mail from my hosting provider to the VPS instead. This is a simple reconfiguration on my hosting provider. The VPS has postfix version 3.3, my desktop has version 3.5.6, am I likely to encounter any problems with a similar main.cf on the older version? I realise I have to change the myorigin, mydestination and myhostname but I'm hoping that's basically all. -- Chris Green
Re: Can I somehow customise the From: address when root sends mail?
On Wed, Dec 09, 2020 at 06:04:58AM -0700, @lbutlr wrote: > On 09 Dec 2020, at 05:59, Jaroslaw Rafa wrote: > > Dnia 9.12.2020 o godz. 04:55:13 @lbutlr pisze: > >> > >> Hmm. Might have to edit the /etc/aliases and run newalaises then. > > > > /etc/aliases works for incoming email. > > No, that is definitely not correct. It works for internal local mail as > well, otherwise I would never see mail sent to root. > Yes (OP here), that's right. On my main desktop system I use /etc/aliases to make sure I receive mail sent to postmaster, root and a couple of other user accounts. However on the other (mostly headless) systems on the LAN a way to catch *any* mail sent and fire it off to me on my desktop is handy. -- Chris Green
Re: Can I somehow customise the From: address when root sends mail?
On Wed, Dec 09, 2020 at 04:55:13AM -0700, @lbutlr wrote: > On 09 Dec 2020, at 03:00, Chris Green wrote: > > On Wed, Dec 09, 2020 at 02:33:37AM -0700, @lbutlr wrote: > >> On 08 Dec 2020, at 13:04, Chris Green wrote: > >>> On Tue, Dec 08, 2020 at 12:39:07PM -0700, @lbutlr wrote: > >>>> On 08 Dec 2020, at 10:56, Chris Green wrote: > >>>>> While I can look through the E-Mail header to see where the message > >>>>> has come from it would be good if I could somehow configure things so > >>>>> that the headers I normally see (From:, To: and Subject:) include > >>>>> something that indicates where the message is from. > >>>> > >>>> I would configure root to be an alias to root+machineID. > >>>> > >>> So how do I do that? > >> > >> Edit the .../postfix/aliases file and then run postalias on the file. > >> > > Ah, no, it never gets that far, I have:- > > > >luser_relay = m...@mydomain.co.uk > >local_recipient_maps = > > Hmm. Might have to edit the /etc/aliases and run newalaises then. > > But changing the name in /etc/password seems cleaner. > Yes, it seems to work OK, so that's what I'm doing for the moment. > > There are no local recipients, that's the whole point. These messages > > will always be errors/warnings from daemons or cron processes on > > (mostly) headless systems that I want to see so I'm sending them off > > to myself. > > Right, but cron and daemon emails do not need or use a postfix install > by default, so the question would be does the sendmail process or ssmtp > read the /etc/alaises? I THINK it does, but it's been a long time since > I needed to do this. > There is no 'default' sendmail installed on ubuntu or raspbian systems, thus errors from anacron/cron go nowhere, that's the original issue that I was addressing. While I could install ssmtp, for me it's no easier than Postfix. The required main.cf to make it work is very simple and is identical on all these systems. -- Chris Green
Re: Can I somehow customise the From: address when root sends mail?
On Wed, Dec 09, 2020 at 02:33:37AM -0700, @lbutlr wrote: > On 08 Dec 2020, at 13:04, Chris Green wrote: > > On Tue, Dec 08, 2020 at 12:39:07PM -0700, @lbutlr wrote: > >> On 08 Dec 2020, at 10:56, Chris Green wrote: > >>> While I can look through the E-Mail header to see where the message > >>> has come from it would be good if I could somehow configure things so > >>> that the headers I normally see (From:, To: and Subject:) include > >>> something that indicates where the message is from. > >> > >> I would configure root to be an alias to root+machineID. > >> > > So how do I do that? > > Edit the .../postfix/aliases file and then run postalias on the file. > Ah, no, it never gets that far, I have:- luser_relay = m...@mydomain.co.uk local_recipient_maps = There are no local recipients, that's the whole point. These messages will always be errors/warnings from daemons or cron processes on (mostly) headless systems that I want to see so I'm sending them off to myself. -- Chris Green
Re: Can I somehow customise the From: address when root sends mail?
On Tue, Dec 08, 2020 at 10:36:48PM +0100, Luciano Mannucci wrote: > On Tue, 8 Dec 2020 20:03:27 + > Chris Green wrote: > > > > root:*:0:0:Charlie Baobab &:/root:/bin/csh > > > > > So does anything in the GCOS field appear in the From: header? > Well, it seems to. "The From:" I get in the diagnostic messages looks > like this: > > From: Charlie Baobab Root > > It might be configurable, depending probably on the Mail User Agent > that you are using. > Yes, thank you! That seems to work, just what I need. -- Chris Green
Re: Can I somehow customise the From: address when root sends mail?
On Tue, Dec 08, 2020 at 07:36:57PM +0100, Luciano Mannucci wrote: > On Tue, 8 Dec 2020 17:56:33 + > Chris Green wrote: > > > So, is there something I can configure in postfix to always add some > > text of some sort (the hostname is the obvious thing) to one of From:, > > To: or Subject: ? > Personally, I use the GCOS field in /etc/passwd (the 5th field). Mine > looks moreless like "Charlie &", and all my diagnostic > messages come fairly recognizable. One real world example: > > root:*:0:0:Charlie Baobab &:/root:/bin/csh > So does anything in the GCOS field appear in the From: header? -- Chris Green
Can I somehow customise the From: address when root sends mail?
Having got my several 'send only' systems configured successfully (thank you all for your help doing this) I now have another fairly minor problem. Errors from all of these systems are (mostly) sent by root, typically they will be cron or anacron processes. As these are just systems on my LAN they don't each have their own 'valid on the internet' hostname. Thus the error messages come from r...@zbmc.eu whichever system has sent it. While I can look through the E-Mail header to see where the message has come from it would be good if I could somehow configure things so that the headers I normally see (From:, To: and Subject:) include something that indicates where the message is from. So, is there something I can configure in postfix to always add some text of some sort (the hostname is the obvious thing) to one of From:, To: or Subject: ? -- Chris Green
Re: 'Send only' postfix configuration works on Ubuntu but not on Rasberry Pi - missing TLS library?
On Mon, Dec 07, 2020 at 02:34:14PM +, Dominic Raferd wrote: > On 07/12/2020 13:11, Chris Green wrote: > > On Mon, Dec 07, 2020 at 01:01:16PM +0000, Chris Green wrote: > > [snip] > > > > > > > > While I'm about it why am I getting identical mail.log and mail.info > > > files created in /var/log on the Pi? > > > I could still do with an answer to this. > > > > Check contents of /etc/rsyslog.d (e.g. 50-default.conf) and docs at > www.rsyslog.com/doc/ Yes, thanks (and Wietse), the Raspberry Pi default rsyslog configuration has:- mail.* -/var/log/mail.log ... ... mail.info -/var/log/mail.info mail.warn -/var/log/mail.warn mail.err/var/log/mail.err Sorry for the noise. I'll go quiet again soon when I've got Postfix properly configured on these systems I've just added it to. -- Chris Green
Re: 'Send only' postfix configuration works on Ubuntu but not on Rasberry Pi - missing TLS library?
On Mon, Dec 07, 2020 at 01:01:16PM +, Chris Green wrote: [snip] > > Presumably this means there's a SASL/TLS library I need to install on > the Pi, can anyone tell me what it is please. Oh, I have run 'postmap > /etc/postfix/sasl_passwd' on both systems. > Typical! Almost immediately after posting the question I found the solution. Careful comparison of what's installed on the Pi compared with the Ubuntu system showed that libsasl2-modules was needed (I had libsasl2-modules-db already). Installing libsasl2-modules has fixed my problem. > > > While I'm about it why am I getting identical mail.log and mail.info > files created in /var/log on the Pi? > I could still do with an answer to this. -- Chris Green
'Send only' postfix configuration works on Ubuntu but not on Rasberry Pi - missing TLS library?
I am setting up a 'send only' Postfix configuration on a number of
machines so that they can send error messages to me on my desktop
machine.
The main.cf file is:-
compatibility_level = 2
#
#
# TLS parameters
#
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
#
#
# This is the actual 'custom' configuration
#
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = zbmc.eu
myorigin = $mydomain
relayhost = [mail.gandi.net]:465
#
#
# We don't accept any incoming connections
#
mydestination =
inet_interfaces = loopback-only
#
#
# SASL configuration for connecting to Gandi (or TsoHost)
#
smtp_sasl_auth_enable = yes
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
I'm running postfix 3.4.13 on the Ubuntu laptop, 3.4.14 on the
Raspberry Pi.
It's working fine on the Ubuntu laptop but on the Raspberry Pi I'm
getting the following error reported in mail.warn :-
Dec 7 12:52:16 dns postfix/smtp[15473]: warning: SASL authentication
failure: No worthy mechs found
Presumably this means there's a SASL/TLS library I need to install on
the Pi, can anyone tell me what it is please. Oh, I have run 'postmap
/etc/postfix/sasl_passwd' on both systems.
While I'm about it why am I getting identical mail.log and mail.info
files created in /var/log on the Pi?
--
Chris Green
Re: How to keep several Postfix installations in step with each other?
On Sun, Dec 06, 2020 at 12:09:06PM -0500, Wietse Venema wrote: > Chris Green: > > I run postfix on my main desktop machine both for sending mail (via my > > hosting provider 'smarthost') and for receiving mail. > > > > I want to use postfix to provide /usr/bin/sendmail on a laptop and > > some other machines. These machines won't be receiving E-Mail. > > > > I've considered the 'send only' programs such as esmtp and msmtp but > > having to maintain *different* configurations is a downside with these > > and I'm already (fairly) familiar with postfix. > > > > So, is there an easy way to copy my existing postfix configuration > > (in /etc/postfix) to other machines? What actually needs to be > > different on each machine for it to work? Does *anything* need to be > > different? > > Non-MTA machines can have identical configuration. You need a > relayhost: > > # [] to disable MX record lookups > relayhost = [smtp.example.com] > > And presumably, SASL configuration: > > smtp_sasl_password_maps = map with plaintext passwords > smtp_tls_security_level = may > smtp_sasl_auth_enable = yes > smtp_sasl_tls_security_options = noanonymous > > And this will almost never need to be updated. > Excellent, thank you Wietse, I think you have set me on my way. -- Chris Green
Filename in main.cf, specifically myorigin = /etc/mailname
Is the use of a filename in main.cf possible for any parameter or is it only applicable to myorigin (or just to a few)? I notice that installing postfix on my laptop from the Ubuntu repositories has set myorigin = /etc/mailname in main.cf. This is handy in relation to my 'how to synchronise configurations' question as one can set myorigin = /etc/mailname in every system and just set /etc/mailname to the required name on each system. I couldn't find any reference to this (use of a file) in man 5 postconf. -- Chris Green
Re: How to keep several Postfix installations in step with each other?
On Sun, Dec 06, 2020 at 05:24:39PM +0100, Jeff Abrahamson wrote: > On 06/12/2020 16:44, Chris Green wrote: > > On Sun, Dec 06, 2020 at 04:18:13PM +0100, Julian Kippels wrote: > >> Am Sun, 6 Dec 2020 15:10:12 + > >> schrieb Chris Green : [snip] > >> Might be a bit overkill for your use case, but I'd have a look at > >> keeping your configuration(s) in sync using Ansible or something > >> similar. > >> > > Yes, but I still need to know which bits are the same on all systems > > and which bits are different don't I? > > Seconded on using a config management package. Saltstack is a good > choice, too. (Your case is simple enough, though, that shell scripts > that copy from a private git repo is also reasonable. That avoids the > learning curve of something like salt/ansible/puppet/etc.) > OP here, I use mercurial rather than git but the point stands. > You have one config (on your desktop) that receives and passes to an MDA > and that also sends to a smarthost. > You have one config (maybe on multiple machines) that sends to a > smarthost but doesn't receive, not even if you cc yourself. > Exactly! :-) > So I'd start by copying your config to your laptop, then just ask > yourself what you need to change so that mail to "local" users is sent > to the smarthost. Once mail to yourself goes to smarthost, you're > probably almost there. > Yes, and then I guess the laptop's configuration should work for the others without any change. Thanks. -- Chris Green
Re: How to keep several Postfix installations in step with each other?
On Sun, Dec 06, 2020 at 04:18:13PM +0100, Julian Kippels wrote: > Am Sun, 6 Dec 2020 15:10:12 + > schrieb Chris Green : > > > I run postfix on my main desktop machine both for sending mail (via my > > hosting provider 'smarthost') and for receiving mail. > > > > I want to use postfix to provide /usr/bin/sendmail on a laptop and > > some other machines. These machines won't be receiving E-Mail. > > > > I've considered the 'send only' programs such as esmtp and msmtp but > > having to maintain *different* configurations is a downside with these > > and I'm already (fairly) familiar with postfix. > > > > So, is there an easy way to copy my existing postfix configuration > > (in /etc/postfix) to other machines? What actually needs to be > > different on each machine for it to work? Does *anything* need to be > > different? > > > > Might be a bit overkill for your use case, but I'd have a look at > keeping your configuration(s) in sync using Ansible or something > similar. > Yes, but I still need to know which bits are the same on all systems and which bits are different don't I? -- Chris Green
How to keep several Postfix installations in step with each other?
I run postfix on my main desktop machine both for sending mail (via my hosting provider 'smarthost') and for receiving mail. I want to use postfix to provide /usr/bin/sendmail on a laptop and some other machines. These machines won't be receiving E-Mail. I've considered the 'send only' programs such as esmtp and msmtp but having to maintain *different* configurations is a downside with these and I'm already (fairly) familiar with postfix. So, is there an easy way to copy my existing postfix configuration (in /etc/postfix) to other machines? What actually needs to be different on each machine for it to work? Does *anything* need to be different? -- Chris Green
Re: Getting 'Relay access denied' from one LAN host but not from another - why?
On Wed, Nov 11, 2020 at 11:43:48AM +0100, Matus UHLAR - fantomas wrote: [snip] > > this message is not relayed, but delivered locally. > [snip] > > this message is not to be delivered locally, but to relayed. > Of course, thanks Matus, one was to chris@esprimo whereas the rejected one was to ch...@isbd.co.uk. > > [snip] > > > > > > Shouldn't that permit_mynetworks allow E-Mail from > > 2820n.zbmc.eu[192.168.1.20] > > as it does allow it from pibackup.zbmc.eu[192.168.1.108]? Can anyone > > suggest what might be wrong? > > only if 192.168.1.20 was in your mynetworks list, and it is not. > Correct! I should have looked at main.cf a bit harder. Anyway, thanks for all the answers Matus, as you can see I'm am more of a Postfix 'user' than anything else. :-) (At least I managed to provide all the information needed!) -- Chris Green
Getting 'Relay access denied' from one LAN host but not from another - why?
I have Postfix 3.4.13 running on my xubuntu 20.04 system.
It's configured to send outgoing E-Mail to my hosting provider's smart
host and to deliver incoming E-Mail to local users (basically just me).
This has been working for several years.
Also configured a while ago and working OK are some local E-Mail
senders such as a backup system on the LAN which send any backup error
messages to me. I have just tested this by sending a test error
message and this works OK, see this bit of mail.log:-
Nov 11 10:10:39 esprimo postfix/smtpd[2245946]: connect from
pibackup.zbmc.eu[192.168.1.108]
Nov 11 10:10:39 esprimo postfix/smtpd[2245946]: D36AC2C059A:
client=pibackup.zbmc.eu[192.168.1.108]
Nov 11 10:10:39 esprimo postfix/cleanup[2245950]: D36AC2C059A:
message-id=<> Nov 11 10:10:39 esprimo postfix/qmgr[1320]: D36AC2C059A:
from=, size=433, nrcpt=1 (queue active)
Nov 11 10:10:39 esprimo postfix/smtpd[2245946]: disconnect from
pibackup.zbmc.eu[192.168.1.108] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Nov 11 10:10:39 esprimo postfix/local[2245951]: D36AC2C059A:
to=, relay=local, delay=0.08, delays=0.01/0.01/0/0.06,
dsn=2.0.0, status=sent (delivered to command: /home/chris/.mutt/bin/filter.py)
Nov 11 10:10:39 esprimo postfix/qmgr[1320]: D36AC2C059A: removed
However E-Mail sent from another system on the LAN (a Draytek 2820n
router) is being rejected with "Relay access denied" and I don't
understand why. Here is the mail.log output:-
Nov 9 09:41:09 esprimo postfix/smtpd[1894400]: connect from
2820n.zbmc.eu[192.168.1.20]
Nov 9 09:41:09 esprimo postfix/smtpd[1894400]: NOQUEUE: reject: RCPT from
2820n.zbmc.eu[192.168.1.20]: 454 4.7.1 : Relay access denied;
from=<28...@isbd.co.uk> to= proto=SMTP helo=
Nov 9 09:41:09 esprimo postfix/smtpd[1894400]: disconnect from
2820n.zbmc.eu[192.168.1.20] helo=1 mail=1 rcpt=0/1 quit=1 commands=3/4
Nov 9 10:09:54 esprimo postfix/smtpd[1897924]: connect from
2820n.zbmc.eu[192.168.1.20]
Nov 9 10:09:54 esprimo postfix/smtpd[1897924]: NOQUEUE: reject: RCPT from
2820n.zbmc.eu[192.168.1.20]: 454 4.7.1 : Relay access denied;
from=<28...@isbd.co.uk> to= proto=SMTP helo=
Nov 9 10:09:54 esprimo postfix/smtpd[1897924]: disconnect from
2820n.zbmc.eu[192.168.1.20] helo=1 mail=1 rcpt=0/1 quit=1 commands=3/4
I can't understand why one message is delivered while the other is
rejected.
Here's my main.cf:-
# See /usr/share/postfix/main.cf.dist for a commented, more complete
version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package
for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
myhostname = esprimo.zbmc.eu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = zbmc.eu
mydestination = zbmc.eu esprimo.zbmc.eu, esprimo, chris.zbmc.eu
relayhost = [mail.gandi.net]:465
# relayhost = [mail.gridhost.co.uk]:465
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
smtp_sasl_auth_enable = yes
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
message_size_limit = 12048
compatibility_level = 2
Shouldn't that permit_mynetworks allow E-Mail from 2820n.zbmc.eu[192.168.1.20]
as it does allow it from pibackup.zbmc.eu[192.168.1.108]? Can anyone
suggest what might be wrong?
--
Chris Green
Re: Mail server without MX record.
On Tue, Oct 13, 2020 at 04:42:31PM +, Richard wrote: > > > > Date: Tuesday, October 13, 2020 15:52:41 + > > From: Jason Long > > > > I can't have MX record because the DNS server have another MX > > record for other mail server. I'm thankful if anyone tell me how > > can I solve my problem without MX record. Is t possible with A > > record? > > Either you misstated the issue or someone has a poor understanding of > DNS. > > You might want to step back and get a more complete understanding of > the workings of mail and DNS. Without that, simply following > "cookbooks" will likely not get you where you want to be. > I think it *may* be that the OP doesn't realise he can/should change the MX record. If you have a domain hosted at your average hosting service the A record gets to point at whatever you need (home system, virtual host, whatever) but the MX record is left pointing at the hosting company's mail servers. It's quite a rarity in the general run of things that the MX record gets changed. -- Chris Green
Re: Preferred/maintained greylisting options?
> Contrary to someone else's experience related in this thread, I > still see a significant amount of spam that greylisting blocks, and > extremely few spammers retry and get through. I concurn, as reported, I curently see greylisting reduce spam by a factor of 4. > I have only had one known case (i.e. someone said they were > expecting an email that they didn't receive) in a very long time > where a legitimate email was greylisted and the sending server did > not retry, and that was recently from an outlook365 server. Aliexpress is one perplexing offender I've had to deal with. The send badly formed messages, retry aggressively for a few seconds then never again so messages get lost. I've not been able to reach anyone there.
Re: Preferred/maintained greylisting options?
> Greylisting has become pretty much useless. When I disabled it a > couple years ago, the spam levers did not increase by any measurable > amount. We now use just 3 RBLs and that seems to be a relatively > acceptable level of spam. Checking for %ge of messages that "return after defer" I see: WeekOf PctReturned -- --- 2020-04-30 22.1 2020-05-07 26.5 2020-05-14 21.2 2020-05-21 26.5
Re: Using Postfix to send home server alerts
On Sat, Feb 15, 2020 at 09:23:18PM +, Chris Green wrote: > On Sat, Feb 15, 2020 at 01:53:37PM -0500, Ian Evans wrote: > > > [2]https://marlam.de/msmtp/ > > > > > I'm not totally convinced that any of the simple/null mailers does > > the > > job either easily or well. I have a Beaglebone Black SBC on a small > > boat in France and it records data such as the battery voltages. I > > needed to set up outgoing mail so that if/when things went wrong I > > would receive E-Mail telling me. After trying several 'simple' > > mailers I ended up installing Postfix and, after somw quite simple > > configuration, it has 'just worked' ever since. > > -- > > Chris Green > > > >Thanks. Getting back to another part of my question, it's a bit unclear > >what I should set as the myhostname and mydomain in the config files. > >The machine name is buster. But its dynamic DNS address is > >[3]anothername.example.com. > > > My Beaglebone Black is connected via a WiFi hotspot and isn't visible > from outside at all. I just have myhostname set to a subdomain of a > domain I own, mydomain isn't explicitly set at all. > More to the point I see I have a comment at the top of main.cf that says:- # N.B. for the aliases in /etc/aliases to work (and thus for cron errors to get # sent to me) the value in myorigin must match one of the entries in mydestination -- Chris Green
Re: Using Postfix to send home server alerts
On Sat, Feb 15, 2020 at 01:53:37PM -0500, Ian Evans wrote: > > [2]https://marlam.de/msmtp/ > > > I'm not totally convinced that any of the simple/null mailers does > the > job either easily or well. I have a Beaglebone Black SBC on a small > boat in France and it records data such as the battery voltages. I > needed to set up outgoing mail so that if/when things went wrong I > would receive E-Mail telling me. After trying several 'simple' > mailers I ended up installing Postfix and, after somw quite simple > configuration, it has 'just worked' ever since. > -- > Chris Green > >Thanks. Getting back to another part of my question, it's a bit unclear >what I should set as the myhostname and mydomain in the config files. >The machine name is buster. But its dynamic DNS address is >[3]anothername.example.com. > My Beaglebone Black is connected via a WiFi hotspot and isn't visible from outside at all. I just have myhostname set to a subdomain of a domain I own, mydomain isn't explicitly set at all. -- Chris Green
Re: Using Postfix to send home server alerts
On Sat, Feb 15, 2020 at 07:59:21PM +1300, Peter wrote: > On 15/02/20 10:31 am, Ian Evans wrote: > > Hi, > > > > Just looking for a pointer to a recommended tutorial on setting up > > Postfix as a send only service to be able to send alert emails from a > > home server like smartmontools drive warnings etc. > > > > If this makes it easier, I do have a fully functional Postfix mail > > server on my website server. Is there a way for the home server to send > > its alert emails via the business server? Or should the home send-only > > Postfix send through Gmail somehow? > > You're basically asking postfix to fill the roll of a null mailer. Postfix > can do this but there are other tools that are simpler to configure and > better suited to that roll. I recommend msmtp: > > https://marlam.de/msmtp/ > I'm not totally convinced that any of the simple/null mailers does the job either easily or well. I have a Beaglebone Black SBC on a small boat in France and it records data such as the battery voltages. I needed to set up outgoing mail so that if/when things went wrong I would receive E-Mail telling me. After trying several 'simple' mailers I ended up installing Postfix and, after somw quite simple configuration, it has 'just worked' ever since. -- Chris Green
Re: DMARC usage opinion
> DMARC policy is best avoided unless you're a bank, or other brand > that is concerned about phishing of your customers. or have a domain that spammers use as the from/reply-to address
Re: Validation DMARC
> Or in short: DMARC intentionally breaks every mailinglist and every > mail-forwarding. So, if a mail-provider uses a strict DMARC-policy, > it effectively says: "Our mail-addresses may not be used for > mailinglists." this message (i am replying to) from you on this mailing list is not broken
Re: Will configuring a backup MX actually do me much good?
On Thu, Nov 21, 2019 at 01:04:45PM +, Gregory Heytings wrote: > > > > > Sending systems will automatically back off and retry at intervals (I > > have seen this happen when I have upgraded my home server in the past) > > so will a secondary/backup MX actually help at all? > > > > It's up to you to decide what your priorities are. It's true that sending > systems automatically retry delivering emails, but this means at least (1) > that you experience delivery delays when your main MX is down, (2) that if > your main MX is down for a long period (e.g. you're on vacation and cannot > reboot, your internet connection is physically down and needs to be > repaired, ...), and (3) some sending systems (typically mailing lists) > maintain a record of delivery failures and will stop trying to send emails > for you when there are too many failures. In cases (2) and (3) you might > lose emails. > Yes, you're right, I did get dropped off a couple of mailing lists the last time I was off air for a long time. Rebbooting isn't a problem, there is always someone who can restart the system for me, though I suppose if there was a hardware fault I'd be a bit stuck. So what do others do? Have an off-site secondary/backup MX and a means of getting mail from that system. That's my issue with this approach, I mean I could *read* the mail but it won't get delivered into my filter system at home and thus to the right destination directories etc. Have a local backup system to switch to when main system is down. Probably a bit easier to manage and if it is synchronised with the main system then filters etc. can still work. Do what I did until recently and deliver all mail, unfiltered, to an off-site system using my hosting service's mail forwarding. I can at least ready all my E-Mail there. I actually turned this off recently because I so rarely needed it, maybe I should turn it back on. Anything else? Thanks for the feedback so far, all useful stuff. -- Chris Green
Re: Will configuring a backup MX actually do me much good?
On Thu, Nov 21, 2019 at 01:00:24PM +, Dominic Raferd wrote: >I use a VM in a different country with the same priority MX so that we >should have effectively zero overall downtime. (The exceptions are when >I propagate a broken configuration from one MTA to the other - oops.) >There are some complications to this setup but I have it working >neatly. However I have often heard it said here that such an approach >is overkill. My VM is also overseas (from me)! :-) How do you read mail then that may get delivered to either of two places? >It is true that occasional downtimes may not be a big issue for >incoming emails - they should be deferred and then resent by their MTAs >when your MTA is back online. But if you (+others) need your MTA to >send outgoing emails it may cause aggravation when it is down, >especially as MUAs do not necessarily (or ever?) wait and retry. > Not really an issue for me, I'm the only user of the local postfix and I can send mail from elsewhere if I get desperate. -- Chris Green
Will configuring a backup MX actually do me much good?
I run postfix on an 'always on' machine at home and have the MX record for my domain pointing at this machine. Obviously there are occasional downtimes, for example this morning we had a 3 hour power failure and I also need to upgrade the machine occasionally. Now I could of course overcome some of these down times (by using a UPS etc.) but I have other priorities really so I think things are likely to stay much as they are at present. So, if I set up a lower priority backup MX record pointing at a virtual machine I run on a domain right away from my home machines would I actually win anything much apart from yet another bit of admin required? Sending systems will automatically back off and retry at intervals (I have seen this happen when I have upgraded my home server in the past) so will a secondary/backup MX actually help at all? Another approach I might take is to have a backup machine here at home with Postfix configured on it to take over if I know I'm doing an upgrade on the main machine. All I would need to do to swap would be to change the port forwarding destination on my router. Does anyone here do something like this and are there any 'gotchas'? -- Chris Green
Re: Remove duplicate header 'MIME-Version'
> Is there a way to remove the duplicate header in Postfix? it might (should) be possible with a milter > Alternatively, is it possible to remove the MIME-Version header(s) > altogether? Would this break the message (or the mail client from > the recipient)? it depends, it might break things if possible i would look to see why you have a duplicate header and address things there
Re: base64 encoded emails
> What is the legitimate reason to use base64 encoded emails ? i see quite a lot of legitimate email as base64 encoded > Seems to me, it is only being used by spammers to complicate > body_checks any modern checker can and will decode base64 or indeed other message details (the cost of doing so is quite low) > Would it be crazy to want to configure Postfix to not accept base64? that will break a lot of legitimate sources
Re: Suggestions for less spam
> > # reject clients without PTR > > reject_unknown_reverse_client_hostname FWIW i log/report such things but don't reject; there is some percentage of real email that comes from sources with broken PTR or missing records
Re: Refuse mail from hosts with closed port 25
> How can I refuse mail from hosts who don't have an open port 25? > > What do you think from such a check? i have tried this, it's not useful, so i didn't leave the check in place it's very common, perhaps even the norm that the IP address which delivers mail to me itself will not accept an incoming port 25 connection > I've investigated why somebody did not receive mail from a virtual > machine, and I found out her provider (reviced.nl) refuses all mail > from a host what does not have port 25 open. I have much problems > with spam and I would like to reduce it. this will stop a lot of legitimate mail and probably not stop much spam
Re: Mail forwarding through a relay
> but note in the DMARC record that you quote: ' p=none': Gmail is > telling other servers *not* to block (or quarantine) emails from > @gmail.com that do not obey SPF or DKIM rules. Yahoo by contrast: > > # dig +short _dmarc.yahoo.com TXT > "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc_y_...@yahoo.com;; IME some sites will still block or quarantine.
Re: Mail forwarding through a relay
> I have a postfix-3.2.6 system that acts as a mail server and > pop/imap using dovecot for a small domain. The problem is that > people are increasingly using it as a relay to a personal account, > such as Gmail and Yahoo. perhaps i misunderstand they are sending email from gmail/yahoo addresses from your MTA? if so those will get blocked in many cases and marked as spam in many others for example with gmail: _dmarc.gmail.com. 596 IN TXT "v=DMARC1; p=none; sp=quarantine; rua=mailto:mailauth-repo...@google.com; gmail.com. 205 IN TXT "v=spf1 redirect=_spf.google.com" _spf.google.com.176 IN TXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" ... you MTA is not going to be included in any of those records, so you're MTA isn't a valid origin for @gmail.com and you're not going to be able to sign messages with a valid (dkim) signature either this is how spf/dmarc works there is in some sense nothing to fix, if you want to send as some@gmail.com you have to do it through a gmail smtp relay (which they provide)
Re: postfix milter body chunk length
i did a quick test using tcp, i see significant no difference in performance vs using a unix domain socket
Re: postfix milter body chunk length
On Mon, Aug 19, 2019 at 10:34:51AM +0200, Matthias Schneider wrote: > Chris, can you tell me your postfix version/settings? mail_version = 3.4.5 milter_protocol = 6 (not sure what other settings are relevant here) > But postfix (3.3.0 and 3.4.5) only sends about 24 body chunks per > second to my milter application. Its the only milter configured and > the milter is running on 127.0.0.1 (so no latency issues) i tested over a unix domain socket i imagine this is faster than tcp but haven't checked
Re: postfix milter body chunk length
> Postfix with default milter body chunk size 65535: > > mail processing time 1m30.154298259s > > Postfix with milter body chunk size 1048576: > > mail processing time 17.52360866s it looks to me like postfix is able to feed a milter very quickly i just did a couple of quick tests here, an ~83 MiB message only takes a second or two to pass through two milters (debug log shows 1360 64K fragments and one smaller tail fragment)
Re: Gave up on my ISP, trying to get GMail to work but get - host smtp.gmail.com[64.233.168.108] said: 530-5.5.1 Authentication Required.
On Mon, 2019-06-24 at 08:00 +1200, Peter wrote: > On 24/06/19 3:38 AM, Chris Pollock wrote: > > I still have some that are going to /var/spool/mail/nobody however. > > Headers below: > > And your logs show what exactly? > > > Peter The pastes are from my mail.log https://pastebin.com/2kn42CRa As I said earlier it all seems to be working correctly now. -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 16:50:32 up 2 days, 23:00, 1 user, load average: 1.25, 1.20, 1.01 Description:Ubuntu 18.04.2 LTS, kernel 4.18.0-22-generic signature.asc Description: This is a digitally signed message part
Re: Gave up on my ISP, trying to get GMail to work but get - host smtp.gmail.com[64.233.168.108] said: 530-5.5.1 Authentication Required.
On Sun, 2019-06-23 at 01:21 -0400, Viktor Dukhovni wrote: > On Sat, Jun 22, 2019 at 08:56:35PM -0500, Chris Pollock wrote: > > > I've spent 3hrs going over and over my settings and can't find > > where > > I've got a problem. My /etc/postfix/sasl_passwd file contains: > > > > smtp.gmail.com:587 chris.pollock1...@gmail.com: > > * > > Since your relayhost setting is: > > relayhost = [smtp.gmail.com]:587 > > Your SASL password should (IIRC) be either: > > [smtp.gmail.com]:587 chris.pollock1...@gmail.com:** > *** > > or > > smtp.gmail.com chris.pollock1...@gmail.com: > * > > the version without the [], but the port might not work, as it is > neither the full destination, nor the underlying host. Thank you for the reply Viktor. I've finally got it partially working with my GMail account now and most of my cronjob messages are being sent and returned to me as before. By adding the [ ] around the smtp.gmail.com it started working. I still have some that are going to /var/spool/mail/nobody however. Headers below: From chris.pollock1...@gmail.com Sun Jun 23 09:01:26 2019 Return-Path: X-Original-To: root Delivered-To: root@cpollock.localdomain Received: by cpollock.localdomain (Postfix, from userid 0) id 3A4991000E12; Sun, 23 Jun 2019 09:01:25 -0500 (CDT) From: chris.pollock1...@gmail.com (Cron Daemon) To: root@cpollock.localdomain Though in my aliases file I have root set: # Person who should get root's mail. This alias # must exist. # CHANGE THIS LINE to an account of a HUMAN root: chris.pollock1...@gmail.com I'm sure it's something simple and I'll just have to read and reread until I get it figured out. It was working well under my ISP until they decided to start doing something to some of my outgoing cron messages where they weren't being returned and some even marked as spam. Chris -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 09:08:27 up 2 days, 15:18, 1 user, load average: 0.67, 0.95, 0.95 Description:Ubuntu 18.04.2 LTS, kernel 4.18.0-22-generic signature.asc Description: This is a digitally signed message part
Re: Gave up on my ISP, trying to get GMail to work but get - host smtp.gmail.com[64.233.168.108] said: 530-5.5.1 Authentication Required.
On Sat, 2019-06-22 at 19:12 -0400, Wietse Venema wrote: > Chris Pollock: > > Checking application/pgp-signature: FAILURE > -- Start of PGP signed section. > > In my previous post - "How to tell my ISP there's a problem" I > > wasn't > > able to figure out the problem and CenturyLink is no help so I > > decided > > to use my GMail account to send my messages from cron. However I've > > run > > into a problem that I keep getting the message that's in the > > subject. > > I've pasted the complete output of a test run below: > > > > https://pastebin.com/fLBqL1e0 > > Did you read the message? > > Jun 22 17:17:51 localhost postfix/smtp[11023]: C40181000BA2: > to=, > relay=smtp.gmail.com[64.233.168.108]:587, delay=0.32, > delays=0.05/0/0.24/0.03, dsn=5.5.1, status=bounced (host > smtp.gmail.com[64.233.168.108] said: 530-5.5.1 Authentication > Required. Learn more at 530 5.5.1 > https://support.google.com/mail/?p=WantAuthError t30sm2748311otb.50 - > gsmtp (in reply to MAIL FROM command)) > > And the web page in the link says: > > Outgoing Mail (SMTP) Server > smtp.gmail.com <=== good. you use this. > ...(requires SSL or TLS) <== good. you use this. > Requires Authentication: Yes <== ERROR YOU ARE NOT DOING > THIS. > ... > Port for TLS/STARTTLS: 587 <=== good. you use this. > > Account Name, User name, or Email address > Your full email address > > Password > Your Gmail password > > To configure SASL authentication, put your user name (Your full > email address) and password (Your Gmail password) in smtp_sasl_passwd > maps as described in http://www.postfix.org/SASL_README.html > > The text in /etc/postfix/sasl_passwd should look like: > > smtp.gmail.comYour-full-email-address:Your-Gmail-password > > and you should run "postmap hash:/etc/postfix/sasl_passwd" > before using that file. > > Wietse I've spent 3hrs going over and over my settings and can't find where I've got a problem. My /etc/postfix/sasl_passwd file contains: smtp.gmail.com:587 chris.pollock1...@gmail.com:* I've run postmap hash:/etc/postfix/sasl_passwd and still get the same authentication error above and each time I run sudo postfix reload. I know my password is correct because it's the same I use for fetchmail. I even logged out and back in on my browser to be sure. -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 20:40:08 up 2 days, 2:50, 1 user, load average: 1.69, 1.15, 1.07 Description:Ubuntu 18.04.2 LTS, kernel 4.18.0-22-generic signature.asc Description: This is a digitally signed message part
Gave up on my ISP, trying to get GMail to work but get - host smtp.gmail.com[64.233.168.108] said: 530-5.5.1 Authentication Required.
In my previous post - "How to tell my ISP there's a problem" I wasn't able to figure out the problem and CenturyLink is no help so I decided to use my GMail account to send my messages from cron. However I've run into a problem that I keep getting the message that's in the subject. I've pasted the complete output of a test run below: https://pastebin.com/fLBqL1e0 Here is my main.cf https://pastebin.com/1mmEP89b I'm sure I have something just not right but I can't see what it is. Thanks for any advise Chris -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 17:19:29 up 1 day, 23:29, 1 user, load average: 1.00, 1.00, 1.15 Description:Ubuntu 18.04.2 LTS, kernel 4.18.0-22-generic signature.asc Description: This is a digitally signed message part
Re: How to tell my ISP there's a problem
On Tue, 2019-06-18 at 21:15 -0500, Chris Pollock wrote: > On Tue, 2019-06-18 at 13:29 +1000, Richard James Salts wrote: > > On Monday, 17 June 2019 7:48:05 PM AEST Chris Pollock wrote: > > > Apologies if the subject is vague however I'll attempt to explain > > > further. I run a cron job once a day that updates my Spamassassin > > > rules. Up until a couple of weeks ago I would get the output of > > > that > > > cron job mailed to me. For some reason this is the only cron job > > > output > > > that's not coming back. I've determined that size it not a factor > > > since > > > some of my hourly logcheck messages are up to 400k if a restart > > > has > > > taken place. Below is the output when it was working and the > > > output > > > since them. I can't see a difference so it has to be something at > > > my > > > ISP with just this one cron job but I can't see it. > > > > > > https://pastebin.com/v0rMErQh > > > > > > Thanks for any suggestions > > > > Maybe it's going to a spam folder. I notice that the reply from > > your > > isp says > > 250 SPF validation soft failure in both cases, but if they stopped > > forwarding > > "potentially forged" emails that might be a possible cause. It is > > definitely > > the behaviour on smtp.embarqmail.com that has changed though, so > > you > > need to > > ask the administrators of that server. Is this direct to MX or is > > it > > a fixed > > relay intended to be a smarthost? > > > > I'd been told quite awhile back that the spf soft failure isn't a > problem by Centurylink Be that as it may I went into chat with > Centurylink tech support this afternoon. I had all the information > that > I could think of to share with them. After over an hour of trying to > explain what the problem is I got absolutely no where. In fact the > 2nd > person I went into chat with just up and terminated the chat on me > inJun 19 12:45:03 localhost boinc[1710]: No protocol specified > the middle of it. I was on the verge of changing my postfix setup to > use my gmail account when I decided to try one last thing and that > was > to change the port from 25 to 587. After updating postfix files and > reloading postfix I changed the time on the spamassassin update > cronjob > and let it run. Amazingly the message I expected was sent and > received. > I can only conclude that making the change from port 25 to 587 made > the > difference. I'll know for sure tomorrow when the SA-Update cronjob > runs > at the regular time. > > One last item, this isn't a mail server but just my home Ubuntu > system. > I've had postfix setup for many years from way back in my Mandrake > days > in order to easily send output of cronjobs to myself. It's probably > overkill but it works fine for me and runs without any problems > (except > this last one). > > I'd like thank those that replied. > > Chris I spoke too soon. Today with the SA-Update message at the normal time it went out as usual however as has been the case I didn't get it back. So, I changed the time on the cronjob and ran it again about 45mins later. This time since there was no update and the message that the cronjob generated was much smaller it came back. I've posted some more syslog postfix output on pastebin. One thing I've noticed is that the original SA-Update cronjob message is forwarded [1] whereas none of the others aren't. Another thing I noticed is that when there is no update the message of course is much smaller than when there is one. Update - size=215160 no update - size=5845 which of course makes sense however the message with no update output came back as it should have. [1] localhost postfix/local[22152]: 7706F10007E7: to=< root@cpollock.localdomain>, orig_to=, relay=local, delay=0.16, delays=0.11/0/0/0.05, dsn=2.0.0, status=sent (forwarded as 84C6C10004DC) I'm pretty sure it's not a file size problem because I just sent myself a 9Mb file attachment with Evolution and the fact that a logcheck message handled by postfix after a restart is around 500k. I've been trying to send a large file with mailx to see if it comes back but nomatter what command line options I use no file gets attached. mailx -a ~/Downloads/MISSION_Act_Community_Care_Booklet.pdf -s "test" cpoll...@embarqmail.com I've also tried putting the -a after the 'To:' address still doesn't work. https://pastebin.com/wd3QfxJ4 -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 16:54:11 up 1 day, 23:58, 1 user, load average: 0.68, 0.82, 0.71 Description:Ubuntu 18.04.2 LTS, kernel 4.18.0-22-generic signature.asc Description: This is a digitally signed message part
Re: How to tell my ISP there's a problem
On Tue, 2019-06-18 at 13:29 +1000, Richard James Salts wrote: > On Monday, 17 June 2019 7:48:05 PM AEST Chris Pollock wrote: > > Apologies if the subject is vague however I'll attempt to explain > > further. I run a cron job once a day that updates my Spamassassin > > rules. Up until a couple of weeks ago I would get the output of > > that > > cron job mailed to me. For some reason this is the only cron job > > output > > that's not coming back. I've determined that size it not a factor > > since > > some of my hourly logcheck messages are up to 400k if a restart has > > taken place. Below is the output when it was working and the output > > since them. I can't see a difference so it has to be something at > > my > > ISP with just this one cron job but I can't see it. > > > > https://pastebin.com/v0rMErQh > > > > Thanks for any suggestions > > Maybe it's going to a spam folder. I notice that the reply from your > isp says > 250 SPF validation soft failure in both cases, but if they stopped > forwarding > "potentially forged" emails that might be a possible cause. It is > definitely > the behaviour on smtp.embarqmail.com that has changed though, so you > need to > ask the administrators of that server. Is this direct to MX or is it > a fixed > relay intended to be a smarthost? > I'd been told quite awhile back that the spf soft failure isn't a problem by Centurylink Be that as it may I went into chat with Centurylink tech support this afternoon. I had all the information that I could think of to share with them. After over an hour of trying to explain what the problem is I got absolutely no where. In fact the 2nd person I went into chat with just up and terminated the chat on me in the middle of it. I was on the verge of changing my postfix setup to use my gmail account when I decided to try one last thing and that was to change the port from 25 to 587. After updating postfix files and reloading postfix I changed the time on the spamassassin update cronjob and let it run. Amazingly the message I expected was sent and received. I can only conclude that making the change from port 25 to 587 made the difference. I'll know for sure tomorrow when the SA-Update cronjob runs at the regular time. One last item, this isn't a mail server but just my home Ubuntu system. I've had postfix setup for many years from way back in my Mandrake days in order to easily send output of cronjobs to myself. It's probably overkill but it works fine for me and runs without any problems (except this last one). I'd like thank those that replied. Chris -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 20:38:34 up 1 day, 3:42, 1 user, load average: 1.20, 0.77, 0.68 Description:Ubuntu 18.04.2 LTS, kernel 4.18.0-22-generic signature.asc Description: This is a digitally signed message part
How to tell my ISP there's a problem
Apologies if the subject is vague however I'll attempt to explain further. I run a cron job once a day that updates my Spamassassin rules. Up until a couple of weeks ago I would get the output of that cron job mailed to me. For some reason this is the only cron job output that's not coming back. I've determined that size it not a factor since some of my hourly logcheck messages are up to 400k if a restart has taken place. Below is the output when it was working and the output since them. I can't see a difference so it has to be something at my ISP with just this one cron job but I can't see it. https://pastebin.com/v0rMErQh Thanks for any suggestions -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 17:58:24 up 1:02, 1 user, load average: 0.95, 0.82, 0.71 Description:Ubuntu 18.04.2 LTS, kernel 4.18.0-22-generic signature.asc Description: This is a digitally signed message part
unknown tls certificate problem: EVP_MD_size:message digest is null
Hi, I am using a letsencrypt tls cert and whenever I receive email, I get the following error. Is this a problem with my certificate? Or with the configuration or something?? postfix/smtpd[526]: warning: TLS library problem: error:060A209F:digital envelope routines:EVP_MD_size:message digest is null:crypto/evp/evp_lib.c:316: I have tried to search google for this error, but I haven't been able to find anything. Can anybody explain it or knows what it means? Chris
Re: I need some help with the correct value for myhostname in main.cf
On Sun, Apr 07, 2019 at 10:01:15PM +0200, Ralph Seichter wrote: > * Chris Green: > > > However, as you can see in the headers here, there are still > > references to esprimo.zbmc.eu in my outgoing E-Mail headers. > > Actually, I can't see that. ;-) What I do see is that you are using > Mutt, so so you probably want "set hidden_host=yes" in your muttrc. > Ah, thank you, that might be what I need. I'll try it. -- Chris Green
Re: I need some help with the correct value for myhostname in main.cf
On Sun, Apr 07, 2019 at 08:23:59PM +0200, Ralph Seichter wrote: > * Chris Green: > > > At the moment (and it's been that way for some years) I have > > myhostname in main.cf set as follows:- > > > > myhostname = esprimo.zbmc.eu > > That's fine. Use http://www.postfix.org/postconf.5.html#myorigin in > addition to your existing setting. "myorigin = $mydomain" should work > for your purposes. > Thanks. I have myorigin set:- ... ... myhostname = esprimo.zbmc.eu alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = zbmc.eu mydestination = zbmc.eu esprimo.zbmc.eu, esprimo, chris.zbmc.eu ... ... However, as you can see in the headers here, there are still references to esprimo.zbmc.eu in my outgoing E-Mail headers. It seems that something/somewhere has started objecting to these and bouncing my E-Mails. I've overcome this issue for the moment by moving to a different smarthost (relatively easy as I use two web hosting services). -- Chris Green
I need some help with the correct value for myhostname in main.cf
I run postfix on a Linux machine on my LAN which is behind a pretty standard NAT router. >From the outside my system's hostname is zbmc.eu and looking up that host gives the correct IP for my router's connection to the outside. I run mutt as my MUA and that sends mail out via the local postfix to my hosting provider's smarthost. At the moment (and it's been that way for some years) I have myhostname in main.cf set as follows:- myhostname = esprimo.zbmc.eu The machine on which postfix runs is called esprimo and thus, within my LAN, its name is esprimo.zbmc.eu. However the above seems to mean that mail sent outside gets the name esprimo.zbmc.eu in its headers and that seems to have provoked some errors recently, prsumably because esprimo.zbmc.eu doesn't exist in the outside world. Should I have instead:- myhostname = zbmc.eu Will this cause any local issues on my LAN? On my LAN I see:- root@esprimo# host zbmc.eu zbmc.eu has address 192.168.1.3 root@esprimo# host esprimo.zbmc.eu esprimo.zbmc.eu has address 127.0.0.1 root@esprimo# -- Chris Green
Re: Can't enable SASL authentication
Ah. That would explain why the value isn't changing for my configuration. Thanks for pointing this out, It's getting kind of late here and I'm getting a bit loopy. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Can't enable SASL authentication
Hi, I'm wondering if anyone here can help me with a problem that I'm having. I've run into an issue where I cannot enable SASL authentication. My configuration is as follows: * Slackware 64-bit 14.2 * cyrus-sasl 2.1.26 (recompiled with LDAP support) * postfix 3.3.1 (with LDAP support and cyrus-sasl support) My main.cf contains: cyrus_sasl_config_path = /etc/sasl2 smtpd_sasl_auth_enable = yes postconf -d produces: cyrus_sasl_config_path = smtpd_sasl_auth_enable = no Has anyone run into this? If so, how did you fix this? Is this a known bug? Thanks for your help, Chris -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: [OT]: Grammar, plural quantifiers
On Tue, Jan 09, 2018 at 08:55:11AM -0500, Viktor Dukhovni wrote: > > > > On Jan 9, 2018, at 4:48 AM, Chris Green <c...@isbd.net> wrote: > > > > “When this constraint is violated, or any of the digest records *IS* > > malformed, > > digest algorithm agility will *BE* disabled” > > > > ... but that's just me being pedantic. :-) > > The plural is correct as it stands: > > * If one is malformed ... > * If any one is malformed ... > * If one or more are malformed ... Possibly > * If none are malformed ... "... if none is ..." sounds better to me. > * If some are malformed ... > * If any are malformed ... I think it's "... if any is ..." though I suppose it could be either. > * If all are malformed ... > Looking at grammar references it would seem that current advice is that either is [sic] possible. It's not something to argue over in the documentation though! :-) -- Chris Green
Re: Minor grammar mistake in man 5 postconf
On Mon, Jan 08, 2018 at 07:52:16PM -0500, J Doe wrote: > Hi, > > I noticed a very small grammatical error under: man 5 postconf > > Under the configuration parameter: tls_dane_digest_agility under the “maybe” > option, the second last sentence states: > > “When this constraint is violated, or any of the digest records are > malformed, > digest algorithm agility will disabled.” > > This should be changed to: > > “When this constraint is violated, or any of the digest records are > malformed, > digest algorithm agility will *BE* disabled” > Strictly correctly it should be:- “When this constraint is violated, or any of the digest records *IS* malformed, digest algorithm agility will *BE* disabled” ... but that's just me being pedantic. :-) -- Chris Green
