to be, a unique
transaction identifier.
The postfix QueueID is guaranteed to be unique only while the
queue file exists; ie. only one file currently in the postfix
queue may have any particular ID. Once the file is removed,
that ID may be reused at any time.
and fix your clock.
--
Noel Jones
the NDN.
The above doesn't show postfix rejecting anything.
Looks like a MailScanner problem. MailScanner is not
supported on this list.
--
Noel Jones
address it came from
is not listed in sbl-xbl list so I've removed all reject parameters
If postfix is rejecting mail it will log the reason.
grep 'reject: ' /var/log/maillog
If you have trouble interpreting the postfix logs, show them here.
http://www.postfix.org/DEBUG_README.html#mail
--
Noel
and blacklists.
Such behavior would be quite surprising for an
out-of-the-box install. but I think you know that already.
--
Noel Jones
information about this transaction logged by cleanup
and qmgr, all with the same QUEUEID.
--
Noel Jones
Wietse Venema wrote:
Noel Jones:
Wietse Venema wrote:
Something that will drastically cut the time per session:
smtpd_timeout = ${stress?10s}${stress:300s}
I would be concerned about sites that are chronically short of
smtpd processes with an inexperienced or inattentive admin.
Maybe 20s~30s
cannot be a default.
The default behavior of postfix is to put scary sounding
entries in the system log when something goes wrong. It's up
to the admin to review the logs and/or configure third-party
system monitor software to watch for interesting events.
--
Noel Jones
.
--
Noel Jones
this if these are clean
spamtraps that get 100% spam.
http://www.postfix.org/access.5.html
--
Noel Jones
it off and see what
happens. If that's not it, the second guess is an incomplete
chroot jail.
If this doesn't help you get it fixed, start a new message
thread for the new problem. Include your postconf -n output
and logging demonstrating the problem.
--
Noel Jones
.
--
Noel Jones
to verify your senders.
Also no need running a whitelist in smptd_data_restrictions as my
routines only look for , postmaster and MAILER_DAEMON
You may still need a whitelist; just reuse the same one.
--
Noel Jones
/postfix/virtual
# relay_recipients
... list of valid recipients at example.com ...
us...@example.com OK
us...@example.com OK
...
# virtual
us...@example.com us...@localhost
us...@example.com us...@localhost
http://www.postfix.org/documentation.html
--
Noel Jones
#address_verify_sender
Using $double_bounce_sender has been found to cause fewer
compatibility problems than postmas...@example.com or ,
which some sites don't like as a sender.
--
Noel Jones
AUTH, although they
sometimes call it something odd.
--
Noel Jones
this using normal DNS lookups.
The instructions say to:
Postfix doesn't have a DNS whitelist feature, so you will need
to follow the rsync + access map instructions.
--
Noel Jones
Andy Spiegl wrote:
On 2009-02-10, 12:00, Noel Jones wrote:
This should get you started:
Thanks!
# relay_recipients
... list of valid recipients at example.com ...
us...@example.com OK
us...@example.com OK
...
Hm, but I don't have the list of valid recipients. :-(
All I have is the list
these checks to exempt local mail.
-- Noel Jones
/documentation.html
-- Noel Jones
zen.spamhaus.org as it's more effective.
smtpd_sender_restrictions = reject_unknown_sender_domain,
reject_non_fqdn_sender, reject_unverified_sender, permit
remove reject_unverified_sender or move it to
smtpd_data_restrictions. Probably better to remove it.
-- Noel Jones
.
You will probably want to add -o receive_override_options=...
if you haven't already, and there are some other parameters
that may be useful to you. See the README.postfix included
with amavisd-new for details.
http://www.ijs.si/software/amavisd/README.postfix.html
-- Noel Jones
jakjr wrote:
Hello,
Is there a way to check the result of a iteration(email address) on
virtual_alias_maps(cleanup) against the local_recipient_maps (smtp) ?
Best Regards
Jakjr
No. If you describe your problem maybe someone can give some
helpful suggestions.
-- Noel Jones
smtpd_discard_ehlo_keywords=silent-discard,8bitmime,etrn,dsn
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_security_options=noanonymous
-o cleanup_service_name=cleanup-out
-- Noel Jones
regexp). This is close, but will mis-fire on odd
address constructions.
In access_sender I have: mydomainREJECT message1
My assumption here is that although the From: header is your
domain, the envelope sender isn't. Examining the logs will
show the envelope sender.
-- Noel Jones
don't have tele-workers, peaple that are using other servers to relay
their e-mails.
Please don't top post.
The settings you posted earlier should already block mail from
outside using your domain as envelope sender. Check the logs
to see why mail wasn't blocked.
--
Noel Jones
://www.postfix.org/RESTRICTION_CLASS_README.html
-- Noel Jones
://www.postfix.org/DEBUG_README.html#sniffer
-- Noel Jones
:
smtp_connection_cache_on_demand = no
and then reload postfix.
# postfix reload
OR upgrade to at least postfix 2.3.5.
Let us know if you still have trouble.
-- Noel Jones
that the A record is found:
dig @server3.com -p 53 47.85.81.1.server3.com
You must test with
dig 47.85.81.1.server3.com.
Additionally, if you are running postfix with the chroot flag
in master.cf, you need to test as the postfix user from within
the chroot jail.
-- Noel Jones
/bounce.5.html
If this doesn't help, please rephrase your question.
-- Noel Jones
bharathan kailath wrote:
i understood
but why two folders 'defer' and 'deferred'! using OpenSuse 10.3
thanks
deferred stores the reason why the message is in defer.
-- Noel Jones
Sahil Tandon wrote:
On Feb 17, 2009, at 3:19 PM, Noel Jones njo...@megan.vbhcs.org wrote:
bharathan kailath wrote:
i understood
but why two folders 'defer' and 'deferred'! using OpenSuse 10.3
thanks
deferred stores the reason why the message is in defer.
Is that inverted? :-)
Oops, yes
#address_verify_sender
If that doesn't help, you will need to add the client to a
whitelist, or stop using reject_unverified_sender.
-- Noel Jones
answers
with 4xx.
Also, i would like to use the reject_unverified_sender mechanism, not
the reject_unverified_recipient one.
Right. Same thing.
-- Noel Jones
Charles Account wrote:
Hi,
I found an email from Noel Jones:
At 09:51 AM 8/2/2007, Marshal Newrock wrote:
If not, what do I need to do in order to use header and body
checks to reject mail after it has been scanned with the milter?
Header_checks does not inspect headers added by milters
, it defers mail based on criteria postfix does not care about.
All information is available to a policy server to enforce the delay policy
you're describing.
--
Melvyn Sopacua
A policy server won't really help here.
OP should read up on the at command.
-- Noel Jones
the docs to get you started.
http://www.postfix.org/SASL_README.html
http://www.postfix.org/TLS_README.html
-- Noel Jones
and other nearby
lines for clues to the problem.
-- Noel Jones
jeff donovan wrote:
On Feb 19, 2009, at 10:39 AM, Noel Jones wrote:
You can use the ips.backscatterer.org to reject bounces (*NOT* all
mail) from known backscatter sources. Do this in
smtpd_data_restrictions for compatibility with sender address
verification.
# main.cf
your own reject codes, the default is correct and sufficient.
Remove any *reject_code entries from your main.cf and let
postfix use the defaults.
-- Noel Jones
not appear to be a postfix or SASL problem.
You earlier wrote that a manual telnet session with
authentication did not exhibit the duplicated mail problem.
This confirms that it is a mail client problem, not a postfix
or SASL problem.
-- Noel Jones
text file, you will need to
postmap it to create the indexed table.
-- Noel Jones
smtpd_restriction_classes.
-- Noel Jones
would look like:
@example.com anything
You can use a check_recipient_access map that returns
reject_unverified_recipient for the domains that don't provide
a list to mitigate the problem.
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
-- Noel Jones
to
smtpd_*_restrictions since it does not travel over SMTP. Such
mail is logged with postfix/pickup rather than postfix/smtpd.
For more help, see
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
Chris Dos wrote:
Noel Jones wrote:
Chris Dos wrote:
I've been tasked to figure out a way for our three postfix relay
servers to intercept every hard bounced back
e-mail and process it for our web application.
We have about nine servers relaying mail through our three postfix
servers
jeff donovan wrote:
On Feb 20, 2009, at 12:18 PM, Noel Jones wrote:
jeff donovan wrote:
On Feb 20, 2009, at 9:56 AM, J.P. Trosclair wrote:
You should see the REJECT please... from Noel's example in the logs.
J.P.
got it working.
You can also
# grep 'reject: .*backscatterer' /var/log
.
Instructions here:
http://www.postfix.org/SASL_README.html#client_sasl
If you still have trouble, you'll need to tell us exactly what
the requirements are, what you've tried, and a better
description of the result than it doesn't work.
-- Noel Jones
.
-- Noel Jones
(delivered to maildir)
Feb 27 17:26:07 myhost postfix/qmgr[1524]: 87CA049C274: removed
have you defined a user+t...@example.com entry in your
virtual_mailbox_maps?
http://www.postfix.org/postconf.5.html#virtual_mailbox_maps
-- Noel Jones
.
Thank you for the informative reply. I understand the problem now.
Is there a reasonable way to get the destination of these stuck
messages changed?
- H
add a virtual alias maps entry like
stuckaddress newaddress
and then requeue the messages
-- Noel Jones
their own domain from an outside unauthenticated
connection, but that's guaranteed to reject some amount of legit mail. You get
to decide if some amount is acceptable at your site.
-- Noel Jones
Don't confuse library incompatibility when building postfix
with communication interoperability problems.
Gnus should communicate fine with postfix.
-- Noel Jones
/filter_service
reject
# filter_service
192.1.0.0/24 OK
... other cidr ranges filter service uses ...
-- Noel Jones
Vernon A. Fort wrote:
Noel Jones wrote:
Vernon A. Fort wrote:
I have a setup which we use an external mail filtering service and
need to limit/restrict external client access. Meaning the MX for
the domain points to the filtering service and they relay checked
email. I need to limit access
not permitted by the cidr table (or other
rules), and makes it clear at a glance that nothing else will
be accepted.
That said, adding 0.0.0.0/0 REJECT at the end of the cidr
table isn't exactly wrong, just unnecessary.
-- Noel Jones
) or to the directory size of the
entire maildir?
With a maildir, the mailbox limit applies per file (per
message), and postfix will not impose a limit on the total
storage used.
-- Noel Jones
, but this will certainly reject some
amount of legit mail.
-- Noel Jones
LuKreme wrote:
On Mar 3, 2009, at 9:38, Noel Jones njo...@megan.vbhcs.org wrote:
LuKreme wrote:
The postfix docs say:
virtual_mailbox_limit (default: 5120)
The maximal size in bytes of an individual mailbox or maildir file,
or zero (no limit)
but since a maildir is a directory, does
Paweł Leśniak wrote:
W dniu 2009-03-03 17:46, Noel Jones pisze:
Some people reject their own domain from outside, unauthenticated
clients, but this will certainly reject some amount of legit mail.
Could you write a little bit how is it possible to reject legit mail by
rejecting
feature to detect unknown
domains, but RBLs work regardless of this setting.
-- Noel Jones
.
-- Noel Jones
--- Original Message ---
From: Daniel L. Miller dmil...@amfes.com
Would I do this using the transport_maps? Something like:
myu...@otherdomain.com smtp:[192.168.0.72]:25
--
Daniel
yes, exactly.
Sounds like a firewall problem.
-- Noel Jones
Daniel L. Miller wrote:
Noel Jones wrote:
--- Original Message ---
From: Daniel L. Miller dmil...@amfes.com
Would I do this using the transport_maps? Something like:
myu...@otherdomain.com smtp:[192.168.0.72]:25
--
Daniel
yes, exactly.
Sounds like a firewall problem
/sender.regexp,
reject_non_fqdn_sender,
reject_unknown_sender_domain
Sugestions?! My idea is, if you are not part to $mynetworks, then
authenticating is the only way to get mail relaid trough this server.
Greetings.
-- Noel Jones
/sender.regexp,
reject_non_fqdn_sender,
reject_unknown_sender_domain
Sugestions?! My idea is, if you are not part to $mynetworks, then
authenticating is the only way to get mail relaid trough this server.
Greetings.
-- Noel Jones
localhost.$mydomain
virtual_alias_maps:
us...@example.com f...@localhost
aliases file:
foo: |/path/to/command
-- Noel Jones
legit mails at my place by using smtp
authentication.
This discussion is specifically about unauthenticated,
non-mynetworks mail.
-- Noel Jones
back about always including
mail_version = value in postconf -n output. I can't
remember why that isn't a good idea...
-- Noel Jones
It wouldn't be safe to do this by sender address, but you
could use a check_client_access table with a FILTER result
pointing to a pipe transport that does a sendmail -XV ...
reinjection.
-- Noel Jones
server is down
- sender mis-addressed the mail
You could ask your user to verify the address, but other than
that, nothing for you to do.
-- Noel Jones
=
check_recipient_access hash:/etc/postfix/allowed_recipients
reject
where allowed_recipients lists the valid recipients as:
us...@example.com OK
us...@example.com OK
-- Noel Jones
in virtual_alias_maps
2. Use zen.spamhaus.org. That will cure most of the rest of
the problem.
smtpd_client_restrictions =
permit_mynetworks
reject_rbl_client zen.spamhaus.org
-- Noel Jones
/README.postfix.html
There's a wealth of information to be found at
http://www.postfix.org/documentation.html
-- Noel Jones
using it as a content_filter. Once
you get that working, you can see if it works with
smtpd_proxy_filter.
I find it handy to use -o syslog_name=postfix-something in
master.cf to differentiate services; makes reading the logs
easier.
-- Noel Jones
before it ever gets
to the content_filter. zen.spamhaus.org is safe and very
effective.
-- Noel Jones
McIver
-- Noel Jones
Daniel L. Miller wrote:
Noel Jones wrote:
Looks as if the proxy filter has gotten out of sync with postfix.
I would suggest starting using it as a content_filter. Once you get
that working, you can see if it works with smtpd_proxy_filter.
I find it handy to use -o syslog_name=postfix
Daniel L. Miller wrote:
Nate Carlson wrote:
On Thu, 5 Mar 2009, Wietse Venema wrote:
I've found tricks to remove or edit Received headers for specific
IP's via
'header_checks'; however, what I'd like to be able to do is either
remove
the header altogether or modify the IP to one of the IP's
Noel Jones wrote:
Daniel L. Miller wrote:
Nate Carlson wrote:
On Thu, 5 Mar 2009, Wietse Venema wrote:
I've found tricks to remove or edit Received headers for specific
IP's via
'header_checks'; however, what I'd like to be able to do is either
remove
the header altogether or modify the IP
LuKreme wrote:
On 5-Mar-2009, at 19:15, Noel Jones wrote:
Oh, and recent postfix marks authenticated headers; note the
ESTMPSA. S = StartTLS, A = Authenticated
Received: from [192.168.5.108] (adsl-19-247-14.bna.bellsouth.net
[68.19.247.14])
by mgate2.vbhcs.org (Postfix) with ESMTPSA
Victor Duchovni wrote:
On Fri, Mar 06, 2009 at 10:11:24AM -0600, Noel Jones wrote:
/^Received: .* (myhostname \(Postfix\) with ESTMPS?A .*)$/
REPLACE X-Submitted to $1
That way you at least keep the original QUEUEID.
Probably want a : in there to make it a valid header
.
Some third-party IMAP servers may support deliver to any
extension subfolder, I haven't looked.
-- Noel Jones
configuration error
Please don't top post.
Make a copy of your mysql-virtual_domains.cf with a
result_format appropriate for your check_sender_access map.
ie. result_format permit_sasl_authenticated, reject
-- Noel Jones
Til Schubbe wrote:
* On 05.03. Noel Jones muttered:
The solution is to define an alternate cleanup service for submission,
and then define alternate header_checks for that cleanup
I have a similar problem like the OP: I want to delete a header only
if a mail is delivered non-locally.
So I
describe.
-- Noel Jones
implemented.
So no, it shouldn't be done.
Lots of interesting ideas don't really work, that doesn't mean
you should stop trying.
-- Noel Jones
#reject_unknown_client_hostname
-- Noel Jones
smtpd_sender_restrictions =
permit_auth_destination
static:hold
This requires the default setting smtpd_delay_reject = yes,
so don't change it.
-- Noel Jones
to send the
matching mail to another postfix instance with always_bcc set.
of course, your SA rule must only match mail you want to BCC.
-- Noel Jones
Policy server interface documentation:
http://www.postfix.org/SMTPD_POLICY_README.html
-- Noel Jones
.
-- Noel Jones
-defined using
smtpd_restriction_classes, but that quickly gets unmanageable.
The policy server interface is provided for more complex
restriction requirements.
-- Noel Jones
=smart.host.tld).
How could I do? Is it possible to change the relayhost postfix
parameter on the fly? Or what?
Thanks,
rocsca
You can change it based on the envelope sender
http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps
-- Noel Jones
LuKreme wrote:
On 11-Mar-2009, at 09:14, Noel Jones wrote:
You can optionally use a pcre smtp_generic_maps to rewrite the
recipient back to the original domain.
main.cf
smtp_generic_maps = pcre:/etc/postfix/smtp_generic.pcre
smtp_generic.pcre:
/^(.*)@new\.example\.com$/ $...@example.com
/SMTPD_POLICY_README.html
-- Noel Jones
with status codes.
-- Noel Jones
Victor Duchovni wrote:
On Wed, Mar 11, 2009 at 05:21:25PM -0500, Noel Jones wrote:
Curtis wrote:
On Tue, Mar 10, 2009 at 8:43 PM, Victor Duchovni
transport:
bo...@example.com error:5.1.1 Invalid recipient address
address.invalid error:5.1.1 Invalid recipient
script periodically to check the MX of hosted
domains and send you an alert when one changes.
-- Noel Jones
.
Is there something I'm missing?
You'll have to do MX monitoring outside of postfix. And maybe
on a different box with independent DNS since the customer may
decide to host their DNS records elsewhere without notice.
-- Noel Jones
1 - 100 of 3787 matches
Mail list logo
