Problem with email to subdomains

2010-07-29 Thread Nikolaos Milas
Hello, I have been setting up a new mail server for our organization which has different mailservers, one for each subdomain. The new server, will take over the whole organization using LDAP and Postfix/Dovecot and things up to now are looking (almost) nice. However, I have this problem: C

Re: Problem with email to subdomains

2010-07-30 Thread Nikolaos Milas
Jones wrote: On 7/29/2010 8:07 AM, Nikolaos Milas wrote: Hello, I have been setting up a new mail server for our organization which has different mailservers, one for each subdomain. The new server, will take over the whole organization using LDAP and Postfix/Dovecot and things up to now are

Re: Problem with email to subdomains

2010-07-30 Thread Nikolaos Milas
On 30/7/2010 4:14 μμ, Noel Jones wrote: Please don't top-post. Please don't post HTML crap mail. OK, Thanks. No, bare user names won't match random domains. The lookup search orders is documented in virtual(5). Hmm, I tested in my installation and found that using a bare user name in

Problem with controlling access using cidr

2011-02-07 Thread Nikolaos Milas
Hi, I am using this piece of code to restrict access to some mail aliases (only clients from the allowed IP addresses are permitted to send email to the protected email addresses): smtpd_restriction_classes = allowed_list1 allowed_list1 = check_client_access hash:/etc/postfix/client_acc

Re: Problem with controlling access using cidr

2011-02-07 Thread Nikolaos Milas
Thanks Wietse, Sorry, I didn't notice in the documentation. Could you please suggest any alternative with using subnetting for this purpose? Otherwise, we would have to include a very large number of unique IP addresses in a hash file for client access control. Thanks again, Nick On 7/2/

Re: Problem with controlling access using cidr

2011-02-07 Thread Nikolaos Milas
Sorry Wietse, I don't understand. You mean I shouldn't have changed the true domain names / IP addresses in my email? (I usually do in mailing list posts, it's considered proper conduct.) If it's needed, I can provide the actual domain names / networks / files. Would you please clarify? Th

Re: Problem with controlling access using cidr

2011-02-07 Thread Nikolaos Milas
Thans Brian, But, could I have used "allowed_list1= check_client_access cidr:/etc/postfix/client.cidr,reject" ? Is this feasible? I understand from Wietse's feedback that I couldn't use CIDR lookups in a smtpd_restriction_classes statement which is used in a hash table in smtpd_recipient_res

Re: Problem with controlling access using cidr (SOLVED)

2011-02-07 Thread Nikolaos Milas
OK Brian, Per your advice, I modified it as below: smtpd_restriction_classes = allowed_list1 allowed_list1= check_client_access cidr:/etc/postfix/client.cidr,reject smtpd_recipient_restrictions = hash:/etc/postfix/protected_destinations,permit_mynetworks,permit_sasl_authenticated,re

check_client_access using smtp auth usernames

2011-02-07 Thread Nikolaos Milas
I have parenthetically asked in another - solved - thread if postfix offers the ability to control access to specific mail addresses using as a key the authenticated usernames (and got no reply). So, I am posting this as a new thread, hoping that someone has faced this scenario. The idea is:

Re: check_client_access using smtp auth usernames

2011-02-08 Thread Nikolaos Milas
Thanks Jeroen, I checked the documentation and I think smtpd_sender_login_maps might do the trick. Does anyone know if a many-to-many (M-to-M) mapping is allowed in these maps? That is, the following example is valid (a hash file)? ma...@example.com user1 ma...@example.com u

Re: check_client_access using smtp auth usernames

2011-02-08 Thread Nikolaos Milas
Thanks Ralf, That means that the following format should be OK? ma...@example.com user1,user2,user3 ma...@example.com user1,user2 ma...@example.com user1,user3 This is still a M-to-M mapping (many mail addresses are mapped to many SASL login usernames), it's just format

Re: How to get a list of mails from mail log?

2011-02-09 Thread Nikolaos Milas
You may want to try pflogsumm. It's a perl script. See http://jimsun.linxnet.com/postfix_contrib.html. Nick On 9/2/2011 7:59 πμ, meyer-jor...@t-online.de wrote: I would be surprised if no one before was interested in clearly readable and complete mail lists... H.

Re: Users restrictions in one local domain

2011-02-10 Thread Nikolaos Milas
You could try using restriction classes, as documented: http://www.postfix.org/RESTRICTION_CLASS_README.html For example: smtpd_restriction_classes = restr_class1 restr_class1= check_sender_access hash:/etc/postfix/somesenders,permit_mynetworks,reject smtpd_recipient_restrictions = hash:/etc/

Re: check_client_access using smtp auth usernames

2011-02-11 Thread Nikolaos Milas
Thank you Noel, After searching for a while, I found your info/solutions were complete and accurate. Locking sender addresses with authenticated users appears to be a good practice, anyway. Here, I have two questions about reject_sender_login_mismatch: 1. If sender is in the form "f...@e

Re: check_client_access using smtp auth usernames

2011-02-11 Thread Nikolaos Milas
Thank you Harald, Please, let me ask for some clarifications, cause I'm confused: If we have (SASL) UNauthenticated clients (who are allowed to send emails from mynetworks) AND (SASL) authenticated clients (in mynetworks or anywhere), what will happen to our UNauthenticated clients (in mynetw

Re: check_client_access using smtp auth usernames

2011-02-11 Thread Nikolaos Milas
Thanks Noel, for the detailed info. In the meantime, I had already tested, and here are the test results, for reference (tested by removing ownership of f...@example.com by foo and logging in (in scenario II) as user foo): I.  1 --->a (mes

Re: check_client_access using smtp auth usernames

2011-02-11 Thread Nikolaos Milas
(I'm sending again, because by mistake the message I sent before was in html form.) Thanks Noel, for the detailed info. In the meantime, I had already tested, and here are the test results, for reference (tested by removing ownership of f...@example.com by foo and logging in (in scenario II)

Re: check_client_access using smtp auth usernames

2011-02-11 Thread Nikolaos Milas
complication, and thanks again for your detailed analysis. I believe this explanation should find its way into the documentation, because I am afraid the explanation of the three directives is otherwise obscure. All the best, Nick On 11/2/2011 5:58 μμ, Nikolaos Milas wrote: Thanks Noel, for the

Mailbox limit not observed

2011-02-17 Thread Nikolaos Milas
Hello, Although I'm using virtual_mailbox_limit (in main.cf), it seems it's not being observed. I set it to: 314572800 (300MB), but I see our users have sometimes larger mailboxes. Should I do something more to enforce the limit? Please advise. Thanks, Nick Follows my config (postconf -n):

Re: Mailbox limit not observed

2011-02-17 Thread Nikolaos Milas
Thanks Witsie, Could the use of an IMAP client program (workstation-based or web-based, like Squirrelmail) to access the incoming ("new/" Maildir) mailbox, somehow override the directive? Or, what other, common tools could cause such an override? Our users are virtual, and don't have shell o

Re: Mailbox limit not observed

2011-02-17 Thread Nikolaos Milas
Wietse, Would you have any plans to integrate in Postfix support for global AND per user mailbox quotas supporting both Maildir and MBOX? This is a frequently needed feature, as I am sure you are aware. Of course, everything is always a matter of priorities and policies for the Postfix proje

Re: Mailbox limit not observed

2011-02-18 Thread Nikolaos Milas
OK guys, I'll set up quotas in Dovecot and see how it goes. I've also just installed (compiled from source on CentOS 5.5) Postfix 2.8.0 with VDA (just published for 2.8.0), and I will experiment with all the available settings. Just a question: If quota is useless on the MTA, why there is al

Re: Mailbox limit not observed

2011-02-18 Thread Nikolaos Milas
n" ? Nick On 18/2/2011 11:58 πμ, Nikolaos Milas wrote: I've also just installed (compiled from source on CentOS 5.5) Postfix 2.8.0 with VDA (just published for 2.8.0), and I will experiment with all the available settings.

Configuring a mail gateway

2011-02-18 Thread Nikolaos Milas
Hi, Our mail server (vmail.example.com) uses Postfix (with ldap backend for table lookups). However, in our domain (example.com) mail is always reaching us through a gateway (which is defined as an MX for our domain), say mailgw.example.com. This is a mail appliance (Cisco Ironport) which fil

Re: How to require smtp authentication and disallow not local sender?

2011-03-04 Thread Nikolaos Milas
You mean you want to allow (SASL) authenticated clients (wherever they are) and allow them only to send from their true ("local") mail address? For example, if your hosted domain is example.com and the user's mail address is us...@example.com, you want the user to (SASL) authenticate as userx

Re: How to require smtp authentication and disallow not local sender?

2011-03-04 Thread Nikolaos Milas
You can: # Define address ownerships: smtpd_sender_login_maps = hash:/etc/postfix/mailloginmap # Reject the request if ownership is not observed smtpd_sender_restrictions = reject_sender_login_mismatch # /etc/postfix/mailloginmap: a...@example.com A a...@example.com A a...@example.com A a...@exa

Re: Dovecot, Postfix and Dovecot LDA (LMTP) delivery

2011-03-06 Thread Nikolaos Milas
I'm asking trying to learn: Is there a benefit of using LMTP for local delivery when using Dovecot? Why not use Dovecot LDA (without using LMTP)? In Postfix documentation, I've read about lmtp that "The advantage of this setup is that one Postfix machine can feed multiple mailbox servers ove

Re: rewrite the from based on a client hostname or ip

2011-03-09 Thread Nikolaos Milas
Just my 2c: Here: http://stevejenkins.com/blog/2011/01/building-postfix-2-8-on-rhel5-centos-5-from-source/ you can find directions to build Postfix from source, fully-compatible with CentOS Postfix packages. The above process should be identical in RHEL 5. I have found that building/upgradin

Re: Duplicated messages

2011-03-12 Thread Nikolaos Milas
A question related to those settings: When we activate these settings (in v. 2.8.1) duplicates are eliminated indeed, but in the logs I see that there is no more any indication of the original recipient. Is it possible to have both duplicate elimination AND (additional) logging of the origin

Re: Duplicated messages

2011-03-12 Thread Nikolaos Milas
Sorry Wietse, I would never say Postfix is a probabilistic machine - we all trust it fully. But, if a message is sent to: a...@example.com, j...@example.com, n...@example.com and jack is a member of group aliases: all and noc, and even jack is an alias to real address: jack.br...@example.com

Re: Duplicated messages

2011-03-12 Thread Nikolaos Milas
On 12/3/2011 5:55 μμ, Wietse Venema wrote: There is no code to store multiple original recipients with each recipient in queue files, to read multiple original recipients from queue files, to log multiple original recipients, to prepend multiple X-Original-To: headers upon delivery, or other cod

Re: Mailbox limit not observed

2011-03-12 Thread Nikolaos Milas
On 12/3/2011 7:03 μμ, /dev/rob0 wrote: That ONE message, a "maildir file", is subject to virtual_mailbox_limit. The maildir structure itself is not. As discussed earlier in this thread, in order to enforce maildir quotas the best solution is to use Dovecot with LDA or LMTP and define quotas

Re: Postfix and aliases

2011-03-15 Thread Nikolaos Milas
If you use: enable_original_recipient = no ...then Postfix will suppress duplicates (but, unfortunately, it will no more log all original recipients). See this thread: http://tech.groups.yahoo.com/group/postfix-users/message/275275 Nick On 15/3/2011 11:03 πμ, Rindra RAZAFIMBELO wrote: Hi, I

Re: removed virtual domain, still get local delivery

2011-03-16 Thread Nikolaos Milas
On 16/3/2011 3:22 μμ, Voytek Eymont wrote: I have postfix 2.4.5 with several virtual domains in mysql/postfixadmin one of the hosted virtual domains moved off the mail server If you have virtual aliases for that domain, they are always applicable, even if the domain is not parked there. Nic

Re: removed virtual domain, still get local delivery

2011-03-17 Thread Nikolaos Milas
On 17/3/2011 5:39 πμ, Voytek Eymont wrote: ahem, where do I unalias it..? search for domain.tld in /etc/postfix/ with no avail? cd /etc/postfix # grep domain.tld * I only wanted to point to the fact that if you have explicit aliases using domain.tld in your: virtual_alias_maps = proxy:mys

Re: Permissions

2011-04-06 Thread Nikolaos Milas
On 6/4/2011 1:20 μμ, Tolga wrote: Hi, I have just tried with another user I added with postfixadmin, and I am still getting that permission error. So, I am wondering what /var/mail/vhosts permissions and owning user:group should be? chmod 777 works but I know 777 is evil, so I chmod'd 770 and

Re: Permissions

2011-04-06 Thread Nikolaos Milas
On 6/4/2011 1:55 μμ, Tolga wrote: I have just checked, uid/gid 8 is vmail and the directory is owned by vmail:vmail, and I just chmod'd to 700. It still doesn't work :( Hi, I don't know what OS you are using, but I see you are not using the natural home dir of the vmail user (should be mo

Re: need help for controlling authenticated realy

2011-04-24 Thread Nikolaos Milas
On 24/4/2011 5:09 πμ, Evan Platt wrote: Enforce a better password policy - our work password policy is minimum My 2c: Check your server logs to see if someone found some password(s) by brute-force (you'll see multiple failed logins). * If yes, enforce a strict password policy as sugges

Re: FYI - Postfix 2.8.2 and CentOS 5.6

2011-05-03 Thread Nikolaos Milas
On 3/5/2011 1:35 πμ, Steve Jenkins wrote: I actually didn't have it in either - I was under the (apparently false) impression that just putting the exclude in yum.conf would apply to any repo. It's in the CentOS-Base.repo file in [base] and [updates] now, tho. Thank you. :) I also have serve

fatal: lock file defer error

2011-05-22 Thread Nikolaos Milas
Hi, We are running Postfix 2.8.1 with Dovecot 1.2.12 on CentOS 5.6 (64 bit) on a VM. The system is in production. From time to time (about 2-3 times a week), I get an error "fatal: lock file defer : defer service failure". After that, it seems to continue normally, without any intervention.

Re: fatal: lock file defer error

2011-05-22 Thread Nikolaos Milas
On 23/5/2011 8:55 πμ, Nikolaos Milas wrote: Can someone please provide some insight to the problem and suggest a solution? With some googling I found this rather old message: http://archives.neohapsis.com/archives/postfix/2004-03/2663.html where Wietse suggested to increase the

Re: Relay Access Denied

2011-05-27 Thread Nikolaos Milas
On 27/5/2011 10:42 πμ, Thomas Berger wrote: Hi Kurniawan, this is the default. Please have a look at the great docs: http://www.postfix.org/SMTPD_ACCESS_README.html In two words: Do not open access to external IP addresses (except perhaps particular trusted ones!) unless you restrict acces

Re: fatal: lock file defer error

2011-06-05 Thread Nikolaos Milas
On 23/5/2011 9:26 πμ, Nikolaos Milas wrote: With some googling I found this rather old message: http://archives.neohapsis.com/archives/postfix/2004-03/2663.html where Wietse suggested to increase the var_flock_tries undocumented parameter in main.cf (from 20 to 40). Would this suggestion be

Re: Buliding postfix with all supports .

2011-06-23 Thread Nikolaos Milas
On 23/6/2011 9:13 πμ, kshitij mali wrote: Hi have seen all the readme file explaining install support for individual feature such as dovecot only or mysql only. My direct question is give me the command or syntax atleast for bulding the postfix for all of the supported feature . If you u

Error with Dovecot LDA when recipient address is incomplete

2011-06-23 Thread Nikolaos Milas
Hi, We are using Postfix 2.8.3 with Dovecot 2.0.13 on CentOS 5.6. The problem we have is that sometimes, due to mail sender's error when composing a message, the sender attempts to send an email to "@noa.gr" (without specifying the user part of the address). This results in a Postfix error du

Re: Error with Dovecot LDA when recipient address is incomplete

2011-06-24 Thread Nikolaos Milas
On 23/6/2011 6:11 μμ, Victor Duchovni wrote: However, if none of the above is useful, you can I believe use: -d ${user:no-such-user} this may not be documented in the pipe(8) manual page, if sothink this is a rare documentation oversight. Almost universally, undocumented Postfix behavio

Re: Keep backup of mails

2011-07-15 Thread Nikolaos Milas
On 15/7/2011 11:48 πμ, Pol Hallen wrote: I've only one production server, I'd like keep copy (on this server) of all emails. carbon copy :-) Use: always_bcc = mailstore@localhost See: http://www.postfix.org/postconf.5.html Nick smime.p7s Description: S/MIME Cryptographic Signature

Re: postfix duplicate mail aliases

2011-08-01 Thread Nikolaos Milas
On Mon, Aug 01, 2011 at 02:52:31PM +0300, Vasil Mikhalenya wrote: Hi all, I can not find solution for the following problem: if I send mail to user1@mydomain, and list1@mydomain and /etc/aliases contains list1: user1,user2 postfix duplicates email for the user1(2 identical email delivered to us

Question on max message size

2011-08-05 Thread Nikolaos Milas
Hi everyone, A quick question: message_size_limit refers to the MIME-encoded (base64) "final" message size or to the initial (non-encoded) size of message + attachments? (Encoded message size should be about 30% larger than the original, so if we want to allow attachments of max size e.g. 30

Re: Question on max message size

2011-08-05 Thread Nikolaos Milas
On 5/8/2011 5:12 μμ, Magnus Bäck wrote: A quick question: message_size_limit refers to the MIME-encoded (base64) "final" message size or to the initial (non-encoded) size of message + attachments? The former. That's the only representation of an email that's ever sent or stored. Thanks, Nick

Re: Configuring a mail gateway

2011-09-03 Thread Nikolaos Milas
On 18/2/2011 6:48 μμ, Victor Duchovni wrote: On Fri, Feb 18, 2011 at 06:43:28PM +0200, Nikolaos Milas wrote: What is the suggested way to configure Postfix to play this role, i.e. to simply send all incoming (clean, after filtering) mail to another mail server? http://www.postfix.org

Re: Configuring a mail gateway

2011-09-03 Thread Nikolaos Milas
On 3/9/2011 9:41 μμ, Noel Jones wrote: To accept mail for specified subdomains, add those domains to the relay_domains parameter. This is the recommended solution. Thanks Noel, And to route incoming mails to different mail servers would we use: transport_maps = hash:/etc/postfix/transpor

Re: Configuring a mail gateway

2011-09-03 Thread Nikolaos Milas
On 3/9/2011 10:10 μμ, Noel Jones wrote: Yes, although you may want to use relay: rather than smtp: as the transport name. The different name allows postfix to more efficiently schedule delivery for those domains, and allows you to use different relay delivery settings if needed. -- Noel Jones

Building from source on CentOS

2011-09-05 Thread Nikolaos Milas
Hello, To build on CentOS from source and get an installation with standard features (as provided in CentOS standard Postfix RPMs) we use: make makefiles \ CCARGS='-fPIC -DUSE_TLS -DUSE_SSL -DUSE_SASL_AUTH \ -DUSE_CYRUS_SASL -DPREFIX=\"/usr\" \ -DHAS_LDAP -DLDAP_DEPRECATED=1 \ -DHAS_PCRE -I/us

Re: Configuring a mail gateway

2011-09-05 Thread Nikolaos Milas
On 3/9/2011 11:09 μμ, Noel Jones wrote: If we use: relay_recipient_maps = (that is, empty) then *all* recipients for the hosted domains (those listed in relay_domains) are accepted/forwarded? Yes. That turns you into a backscatter source, clogging your queue with undeliverable mail and ev

Re: Configuring a mail gateway

2011-09-05 Thread Nikolaos Milas
On 5/9/2011 3:26 μμ, Nikolaos Milas wrote: So, in order to implement such a solution, would it be sufficient to do something like the following, on the *gateway* mail server: smtpd_recipient_restrictions = permit_mynetworks, reject_unverified_recipient

Re: Configuring a mail gateway

2011-09-09 Thread Nikolaos Milas
Thanks to Noel (and to the Postfix community in general) for the guidance, my mail gateway is now running (still in test mode), together with spamassassin, clamav and amavis-new. Now, one more thing: Since this is just a relay, mail is not stored locally; yet, I would like to train spamassass

Re: Configuring a mail gateway

2011-09-09 Thread Nikolaos Milas
On 9/9/2011 4:00 μμ, Wietse Venema wrote: If you don't use permit_mynetworks at all (check with: "postconf | grep permit_mynetworks"), then mynetworks can be empty. Thanks Wietsie, mynetworks = 127.0.0.1/32 [::1]/128 seems the right solution. In fact I am using permit_mynetworks as the firs

Re: Configuring a mail gateway

2011-09-09 Thread Nikolaos Milas
On 9/9/2011 3:14 μμ, Nikolaos Milas wrote: Since this is just a relay, mail is not stored locally; ... So I was thinking I should configure postfix/spamassassin to keep local copies of spam (to be also available for checking using IMAP) and non-spam mail so as to make training feasible

Re: Configuring a mail gateway

2011-09-09 Thread Nikolaos Milas
On 9/9/2011 5:52 μμ, jeffrey j donovan wrote: use local recipient map for your local users and transport maps for the delivery of others. You will have to tell amavisd how to relay local and remote. do what Weiste said and allow programs to relay mail via localhost. Thanks Jeffrey, I guess w

Re: upgrade to 2.8.5 with src rpm

2011-10-03 Thread Nikolaos Milas
I would suggest you to use source code and build according to these directions: http://stevejenkins.com/blog/2011/01/building-postfix-2-8-on-rhel5-centos-5-from-source/ I use SASL, LDAP, TLS and all are supported with the default CentOS configuration options as described on that page. That's

Re: Ldap Domain aliases and Domain catchalls

2011-10-05 Thread Nikolaos Milas
On 5/10/2011 10:23 πμ, Shane Chrisp wrote: no problems, but I am having trouble working out how I will be able to add domain to domain aliases and also catchall accounts for domains. Personally I hate catchall accounts for domains, but some customers just have to have them, or ... using the Pham

Re: Ldap Domain aliases and Domain catchalls

2011-10-05 Thread Nikolaos Milas
On 5/10/2011 3:17 μμ, Shane Chrisp wrote: Hi Nick, Thank you very much for your reply. From that setuo I can see how to setup a catchall with a minor change to our current setup. The domain to domain alias is a way of saying that we have a real domain of dom1.tld and another domain od dom2

Re: Ldap Domain aliases and Domain catchalls

2011-10-05 Thread Nikolaos Milas
On 5/10/2011 8:47 μμ, Shane Chrisp wrote: If I cant find a way of working around the domain aliasing, it wont be the end of the world. You might want to read this thread: http://tech.groups.yahoo.com/group/postfix-users/message/239812 After some thought, you could try adding to virtual_alia

Re: bypassing alias lookups when from another local smtp

2011-10-05 Thread Nikolaos Milas
On 5/10/2011 10:20 μμ, John Baker wrote: We have been having some trouble with Temporary lookup failures from ldap lookup timeouts and I have been trying to find ways to solve the problem. One thing I would like to do is cut down on the volume of lookups by skipping virtual alias lookups if th

Re: Multi value LDAP attributes

2011-10-06 Thread Nikolaos Milas
On 6/10/2011 6:38 μμ, Viktor Dukhovni wrote: Rather, group expansion MUST ONLY happen when in alias_maps or virtual_alias_maps, where you are replacing an address with one or more target addresses. Exactly. See here for an implementation: http://www.openldap.org/lists/openldap-technical/20110

.forward ignored

2011-10-13 Thread Nikolaos Milas
I have two identical CentOS 6 servers using postfix-2.6.6-2.1.el6_0.x86_64 (provided as a standard distribution package through the repos). On these boxes, postfix only serves as local mail server (just to send mail from the local system). One of them obeys .forward file for root account whi

Re: .forward ignored

2011-10-13 Thread Nikolaos Milas
On 13/10/2011 2:05 μμ, Wietse Venema wrote: To find out what system call is failing, see the strace instructions in http://www.postfix.org/DEBUG_README.html, and compare strace results. Thank you Wietsie. (In the meantime I upgraded to postfix v2.8.5 but the behavior didn't change.) I ran

Re: .forward ignored

2011-10-13 Thread Nikolaos Milas
On 13/10/2011 4:59 μμ, Wietse Venema wrote: You need to STRACE the program that reads .forward files! That would be the local(8) delivery agent. Thanks Wietsie, I ran with: local unix - n n - - local -D -vv and found: Oct 13 17:48:47 vpnspot postfix/local[12683]: deliver_dotforward[3]: lo

Re: .forward ignored

2011-10-13 Thread Nikolaos Milas
On 13/10/2011 6:40 μμ, Wietse Venema wrote: A few messages ago, I asked this: To find out what system call is failing, see the strace instructions in http://www.postfix.org/DEBUG_README.html, and compare strace results. Hi Wietse, First, I found the cause: It was selinux (once more...). Alt

Re: .forward ignored

2011-10-13 Thread Nikolaos Milas
On 13/10/2011 9:36 μμ, Wietse Venema wrote: The DEBUG_README example has a ';' between PATH=stuff and '('. debugger_command = PATH=/bin:/usr/bin:/usr/local/bin; (truss -p $process_id 2>&1 | logger -p mail.info)& sleep 5 Without this ';' you have a syntax error. Ahh,

Re: using postfix for smarthost?

2011-10-17 Thread Nikolaos Milas
On 17/10/2011 11:16 πμ, lupin...@gmx.net wrote: is it possible to configure postfix as "smarthost" in the sense, that it 1) accepts mails from the internet and then forwards them to the "real" mailserver? You might want to read this thread too: http://www.mail-archive.com/postfix-users@postf

Enabling TLS/SSL (in addition to STARTTLS)

2011-10-25 Thread Nikolaos Milas
Hello, I have mail_version = 2.8.3 on CentOS 5.7 (x86_64). Everything is running OK; the server only accepts local or authorized (using STARTTLS) connections, as there is another mail gateway receiving/filtering and delivering locally to this one. STARTTLS is configured and works fine. In /

Re: Enabling TLS/SSL (in addition to STARTTLS)

2011-10-25 Thread Nikolaos Milas
On 25/10/2011 3:01 μμ, Charles Marcus wrote: You want to uncomment these lines: ... Thank you very much Charles, I got confused. Perhaps, since this is a fairly standard scenario, it might be useful to include details on enablement of port 587 TLS/SSL service in http://www.postfix.org/TLS

Re: relay_recipient_maps and LDAP as backend

2011-10-26 Thread Nikolaos Milas
On 26/10/2011 10:29 πμ, Nerijus Kislauskas wrote: On 10/25/2011 03:09 PM, Nerijus Kislauskas wrote: So why it is important to return something from LDAP in order to be *sure* entry exists? Search without result_attribute responds with 1 match. Why it can't be a key for descision, that there is

Re: relay_recipient_maps and LDAP as backend

2011-10-26 Thread Nikolaos Milas
On 26/10/2011 12:06 μμ, Nerijus Kislauskas wrote: you miss a point. It's not about the usage of one or another postfix config parameter. It is about postfix behavior based on LDAP protocol search operation/results. Sorry, I misread your initial post. Nick smime.p7s Description: S/MIME Cryp

Re: relay_recipient_maps and LDAP as backend

2011-10-26 Thread Nikolaos Milas
On 27/10/2011 12:59 πμ, Nerijus Kislauskas wrote: (a) group needs "read" permission on result_attribute attributes, while (b) group needs only "search" permission. What I want from all ot this, that postfix would be able to work with minimal required ldap access permissions. And now you require

Re: upgrade postfix

2011-10-31 Thread Nikolaos Milas
On 31/10/2011 6:07 μμ, Amira Othman wrote: I am trying to upgrade postfix version form 2.3 to 2.7 but each time I finish installing rpm I get error Since you are in CentOS (as you describe in earlier posts), I would suggest you to follow these *easy* directions and upgrade to 2.8 (latest

Re: Quota for mail

2011-11-07 Thread Nikolaos Milas
On 7/11/2011 5:41 μμ, Leslie León Sinclair wrote: But I need to put quota in my webmail Hi, Use postfix and dovecot, with lda or lmtp and setup quotas in dovecot. See: http://www.dovecot.org/list/dovecot/2011-February/057630.html Hope that helps, Nick smime.p7s Description: S/MIME Crypto

Re: Low Budget Backups

2011-12-05 Thread Nikolaos Milas
On 2/12/2011 8:02 πμ, email builder wrote: No other people have systems for doing this? Perhaps a bit late in this thread, but we are using Mondo Archive (on CentOS 5.7) and it works great; quite flexible and with easy and effective restore. Check: http://www.mondorescue.org/ A short intr

Postfix-Amavisd quarantined mail inspection

2011-12-29 Thread Nikolaos Milas
Hello, I am using postfix, amavisd-new, spam assassin, clamav on a gateway system. A short question (I know it's a bit off-topic but I know that people here run similar systems): I've read how to release and/or forward quarantined mail. But can I read the quarantined mails in situ (i.e. in t

Re: Mail statistics

2012-01-04 Thread Nikolaos Milas
On 4/1/2012 10:04 πμ, Michael Maymann wrote: All recommendations are welcome. As has been discussed in the past, pflogsumm + mailgraph is a very effective combination. See: http://www.howtoforge.com/postfix-monitoring-with-mailgraph-and-pflogsumm-on-debian-lenny (Earlier discussion: e.g

Declaring options for submission port daemon

2012-01-19 Thread Nikolaos Milas
Hello, When defining options for the submission port (587) daemon in master.cf, we must re-define explicitly all smtpd_* settings or not, or some (*which?*) are inherited from the standard main.cf settings? More specifically, should we define separately: submission inet n - n

Re: Declaring options for submission port daemon

2012-01-19 Thread Nikolaos Milas
On 19/1/2012 8:54 μμ, Mark Alan wrote: This will give you a fairly secure submission: submission inet n - - - - smtpd -o syslog_name=postfix-submission -o tls_preempt_cipherlist=yes -o smtpd_tls_mandatory_ciphers=high -o smtpd_tls_exclude_ciphers=DES,3D

Re: Declaring options for submission port daemon

2012-01-19 Thread Nikolaos Milas
On 19/1/2012 7:06 μμ, Noel Jones wrote: or define the restriction in main.cf and refer to it ... (or make up your own macro names) Thank you all for your valuable suggestions. These "macro names" seem really interesting. Can we use them in main.cf too (to define sets of restrictions) and how

Restricting port 25 with cidr table

2012-01-20 Thread Nikolaos Milas
Hello, As our internal (main) mail server only accepts mail from two mail gateways and users submit their mail through submission port (587), I am planning to explicitly allow accepting mail on port 25 ONLY by our mail gateway servers (and the mail server itself). So, in main.cf: smtpd_clien

Stats on smtp method used by clients (with pflogsumm or not)

2012-01-20 Thread Nikolaos Milas
Hi, Is there a solution to display stats on how many of the incoming smtp connections were using port 25 and how many of them 587 (or other custom)? (We are still allowing client connections to port 25.) We are using pflogsumm (with --smtpd_stats options), but smtp stats don't differentiate

Re: Restricting port 25 with cidr table

2012-01-20 Thread Nikolaos Milas
On 20/1/2012 12:55 μμ, Charles Marcus wrote: # reject all clients not matching anything above, and be damn sure # to comment out the last reject under recipient_restrictions # 0.0.0.0/0 reject unauthorized client, please use our MX You mean to remove "reject" from *smtpd_client_restri

Re: Stats on smtp method used by clients (with pflogsumm or not)

2012-01-20 Thread Nikolaos Milas
On 20/1/2012 4:47 μμ, James Seymour wrote: [snip] In the logging you will see postfix/smtps/smtpd, postfix/submission/smtpd and postfix/smtpd. [snip] Two things (addressed to the OP and other readers): 1. This will break Pflogsumm. It expects to see "postfix/smtpd" 2. (1) is easil

Re: Restricting port 25 with cidr table

2012-01-20 Thread Nikolaos Milas
On 20/1/2012 3:24 μμ, Nikolaos Milas wrote: # reject all clients not matching anything above, and be damn sure # to comment out the last reject under recipient_restrictions # 0.0.0.0/0 reject unauthorized client, please use our MX You mean to remove "reject&

Re: Restricting port 25 with cidr table

2012-01-21 Thread Nikolaos Milas
On 20/1/2012 10:54 μμ, Wietse Venema wrote: > seems to me the same to use: > smtpd_client_restrictions = check_client_access > cidr:/etc/postfix/gwservers.cidr > where gwservers.cidr is: > xxx.xxx.xxx.xxx OK > xxx.xxx.xxx.xxx OK > 0.0.0.0/0 reject unauthori

Re: could not find any active network interfaces (no IPv6)

2012-01-21 Thread Nikolaos Milas
On 21/1/2012 2:49 πμ, Wietse Venema wrote: Try using strace. See http://www.postfix.org/DEBUG_README.html Trying to help from my past experience, I add here some details on this (I used Postfix 2.8.5 on CentOS 6 64bit): I added in /etc/postfix/main.cf: debugger_command = PATH=/bin:/usr/bin:

Re: Restricting port 25 with cidr table

2012-01-31 Thread Nikolaos Milas
On 26/1/2012 1:09 πμ, Charles Marcus wrote: However, we could formulate gwservers.cidr as (for example): > > xxx.xxx.xxx.xxx OK > xxx.xxx.xxx.xxx OK > 127.0.0.1 OK > :::::: OK > :::::OK > ::1

Re: Postfix stable release 2.9.0

2012-02-02 Thread Nikolaos Milas
On 2/2/2012 12:01 πμ, Reindl Harald wrote: rebuild postfix usually is a work of 5 minutes was there and distributed 2.8.8 two hours ago to 20 machines via RPM Hi, Where can we find a 2.8.x .src.rpm with *standard* Centos 5 postfix features (ldap, sasl, tls etc.) Thanks, Nick

Pflogsumm: Specialization in SMTPD connections

2012-02-02 Thread Nikolaos Milas
On 1/2/2012 6:00 μμ, James Seymour wrote: rel-1.1.4 20120201 Thank you James for offering and supporting this great tool. I have upgraded to v1.1.4 and it runs smoothly on our CentOS 5.7. A question on pflogsumm: Is there a way to include stats on SMTPD connections from particular or

Messages from=<> and pflogsumm

2012-02-02 Thread Nikolaos Milas
Hello, In the logs, there are cases where some message seems to be coming from=<>. This seems to be happening when local Postfix returns some delivery report to sender (sender delivery status notification). In such cases PFLOGSUMM, instead of a domain name or full sender address, displays in

Re: High Number Of Connection Attempts

2012-02-04 Thread Nikolaos Milas
On 4/2/2012 7:58 μμ, Nick Bright wrote: The only thing I have found is ConfigServer firewall: http://configserver.com/cp/csf.html It is a dynamic firewall containing a "login failure daemon" that monitors for failed logins on various services, and blocks offending IP's based on your defined

Re: Disallow user to send external mails

2012-02-07 Thread Nikolaos Milas
On 7/2/2012 2:47 μμ, Denis Witt wrote: Hi, I wonder if there is an easy solution to disallow a specific sender (From-Header) to send e-mails to non $mydestination addresses. Thanks in advance for any hint. Check smtpd_sender_restrictions and/or smtpd_client_restrictions, as well as restr

Adding envelope-from in Received headers

2012-02-12 Thread Nikolaos Milas
Hello, I've noticed that message Received headers do not include the envelope-from address. Is there a way to include the envelope-from address in message Received headers? I am running Postfix 2.8.x (built from source). Thanks, Nick

Re: Adding envelope-from in Received headers

2012-02-13 Thread Nikolaos Milas
On 13/2/2012 10:24 πμ, Peter wrote: It's the Return-Path header. Great Peter! Thanks. Nick

  1   2   3   4   >