Re: DMARC report analyzer - Open Source solution
Hello, On December 26, 2019 7:54:02 PM UTC, Roberto Carna wrote: >Dear, I'm receiving DMARC reports in one mail account from my domain. >All >the reports coming for Google and Yahoo mainly are attached in ZIP >format, >and they are XML files. > >Is there any open source DMARC report analyzer for a Linux platform ??? >I >prefer Debian or Ubuntu. > >Thanks a lot !!! I've used dmarc-cat for some time: https://github.com/keltia/dmarc-cat (nowadays I just ignore the reports..) Cheers. (I apologize if the formatting is off.. mobile phone..)
Re: Postfix: Variable meanings table
On 06/09/2019 20.25, Phil Stracchino wrote: On 9/6/19 2:03 PM, @lbutlr wrote: > On 6 Sep 2019, at 09:30, Phil Stracchino wrote: >> Can anyone by chance point me to any documentation that explains how to do this? > > Not off hand, but what you are looking for on google is: > > fail2ban "action.d” > > (the quotes will force google to return results with action.d) > > In fact, if you look in the action.d/ folder there should be a couple of files there that will likely get you started. (I’d check, but I’m using sshguard now). Yeah, I've already had a browse through that, but it appears to me that all of the prewritten actions assume you're talking to a *local* firewall, and I don't know enough about fail2ban yet to feel confident modifying it without something to work from. I was *about to say* that every single document I've so far found seems to assume a local firewall, but I just now stumbled across one with a remote-firewall example that I think I can work with. I use a custom script (/usr/local/sbin/fail2ban_action.sh) to block a given IP, from which I call nft to add the IP to a set, by calling "nft $1 element inet filter fail2ban { $2 }" (where $1 is add or delete and $2 is the IP). If you want that action to happen on a remote system you could just prepend "ssh " to the command (assuming that your local root can login as root to the firewall system without user interaction..) For reference, here is my /etc/fail2ban/action.d/local_block.conf: [Definition] actionban = /usr/local/sbin/fail2ban_action.sh add actionunban = /usr/local/sbin/fail2ban_action.sh delete actioncheck = actionstart = actionstop = [Init] where in /etc/fail2ban/jail.local I have .. banaction = local_block .. Hope that helps!
Re: spam from own email address
On Tue, 23 Apr 2019, Ian Jones wrote: I am getting emails like the one below, in which the header from is my own address. The emails contain text in a jpg image and claims my account has been hacked and demands $1000 paid to a bitcoin account. I would like to find a way to reject emails from my own addresses except from my own servers, but so far I have not succeeded. :-( The relevant parts of my configuration are below. I am probably duplicating some actions, since I have recently added restrictions in the hope of preventing these emails. In case you find this interesting, I think most such e-mails always include a bogus List-Id header. Given that the number of mailing lists (and hence possible valid List-Id fields) is usually limited and rather static, one could use header checks to implement a kind of white list for this. (I haven't tried this myself, since I rarely receive such e-mails, and just can just delete them..) Cheers.
Re: Big problem with this mailing list and Majordomo regarding DMARC
On Fri, 19 Apr 2019, TG Servers wrote: according to RFC this would be the full list for rspamd sign_headers = 'from:reply-to:subject:date:\ to:cc:resent-to:resent-cc:resent-from:resent-date\ in-reply-to:references:'; although they leave it open as "subjective" regarding message-id, in-reply-to and references Thanks for the clarification! Yet, "subjective" (or trade-off, etc.) does not mean "will be changed remotely", so I fail to see the issue here (and man 5 opendkim.conf does not mention it AFAICT..) Cheers.
Re: Big problem with this mailing list and Majordomo regarding DMARC
On Fri, 19 Apr 2019, Benny Pedersen wrote: B. Reino skrev den 2019-04-19 15:48: sign_headers = 'from:to:subject:date:message-id:in-reply-to:references'; man 5 opendkim.conf dont sign headers that are added or changed remotely I'm not sure I follow here. AFAIK all of the headers I mentioned above are user/MUA generated (.. I know Message-ID can be generated by MTA if the MUA sucks and doesn't do it itself). Care to clarify?
Re: Big problem with this mailing list and Majordomo regarding DMARC
On Fri, 19 Apr 2019, TG Servers wrote: Yes thanks Nick I am signing with rspamd and will have to check the signed headers there as this seems not compliant, I already checked that from the other mails, thanks for the hint to you, too I also use rspamd, and had exactly the same problem you're facing now. I now (for some time already) use a more relaxed sign_headers in my local.d/dkim_signing.conf sign_headers = 'from:to:subject:date:message-id:in-reply-to:references'; i.e. no oversigning and no "sender" in there. (I also have policy=none and send received reports to /dev/null but don't tell anyone! :) Cheers, Bernardo.
Re: Relay Access Denied
On Mon, 25 Mar 2019, VP Lists wrote: On Mar 25, 2019, at 1:37 AM, Viktor Dukhovni wrote: This must be some Apple-specific Postfix setting, are you running Apple's Postfix binaries? mail_version = 2.9.2 smtpd_relay_restrictions appeared only with 2.10. That explains the "unused parameter" warning. Your (old) version should IIRC use only smtpd_recipient_restrictions. But given that you have some weird version on a weird OS with a weird configuration, I will have to pass. Best is to reinstall, from a trusted (non-Apple?) source, and start with default configuration, which is very sane. Only touch what you actually need to touch, and leave the rest to Viktor and Wietse, who seem to know what they do :) Cheers and good luck.
Re: Relay Access Denied
Sorry for top posting. Mobile client here.. Your mynetworks has 192.168.0.0/24 but you say you use 192.168.x.x, i.e. 192.168.0.0/16. In the headers of your mail I see 192.168.1.4, which would thus not be in mynetworks. So you may want to check that.. Cheers. On March 24, 2019 8:35:59 PM UTC, VP Lists wrote: >Hi folks. > >I’m on a LAN, with a mail server on OS X Server Mountain Lion. It’s >running Postfix as a mail server. > >My LAN has a 192.168.x.x range. I’m getting that error when an app I’m >developing, is trying to send an email out through this email server to >the internet. A gmail address specifically. > > > >My main.cf: > >biff = no >command_directory = /usr/sbin >config_directory = /Library/Server/Mail/Config/postfix >daemon_directory = /usr/libexec/postfix >data_directory = /Library/Server/Mail/Data/mta >debug_peer_level = 2 >debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin >xxgdb $daemon_directory/$process_name $process_id & sleep 5 >dovecot_destination_recipient_limit = 1 >html_directory = /usr/share/doc/postfix/html >imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred >inet_interfaces = loopback-only >inet_protocols = all >mail_owner = _postfix >mailbox_size_limit = 0 >mailq_path = /usr/bin/mailq >manpage_directory = /usr/share/man >message_size_limit = 10485760 >mydomain_fallback = localhost >mynetworks = 192.168.0.0/24 127.0.0.0/8# RF >newaliases_path = /usr/bin/newaliases >queue_directory = /Library/Server/Mail/Data/spool >readme_directory = /usr/share/doc/postfix >recipient_delimiter = + >sample_directory = /usr/share/doc/postfix/examples >sendmail_path = /usr/sbin/sendmail >setgid_group = _postdrop >smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated >permit >smtpd_recipient_restrictions = permit_sasl_authenticated >permit_mynetworks reject unauthdestination permit >smtpd_tls_ciphers = medium >smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL >tls_random_source = dev:/dev/urandom >unknown_local_recipient_reject_code = 550 >use_sacl_cache = yes >postconf: warning: /etc/postfix/main.cf: unused parameter: >smtpd_relay_restrictions=permit_mynetworks permit_sasl_authenticated >reject_unauth_destination > >I’m hosting a handful of local and FQDN on the LAN, and I develop using >a machine.local naming scheme. Just wondering how I can whitelist my >internal domains to get outgoing emails past my mail server. Not >really sure what to post here as well. > >Any insight appreciated. > >Cheers > > >_ >Rich in Toronto @ VP
Re: Postfix Active: active (exited) - (code=exited, status=0/SUCCESS)
On Fri, 22 Mar 2019, Davide Marchi wrote: Hi Friends, on a VPS Debian Stretch, Postfix 3.1.9-0, Dovecot 2.2.27-3, rspamd 1.8.3-1, Clamav 0.100.2, postfix-mysql 3.1.9-0, dovecot-mysql 2.2.27-3 running "systemctl -l status postfix" obtain: ● postfix.service - Postfix Mail Transport Agent Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled) Active: active (exited) since Thu 2019-03-21 22:04:46 CET; 18h ago Process: 4453 ExecReload=/bin/true (code=exited, status=0/SUCCESS) Process: 4644 ExecStart=/bin/true (code=exited, status=0/SUCCESS) Main PID: 4644 (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 4915) Memory: 0B CPU: 0 CGroup: /system.slice/postfix.service I've try to, reload (Postfix+Dovecot), restart (Postfix+Dovecot), upgrade (Postfix) but the behavior stay the same. The entire email server seems working fine, no error on /var/log/mail.err and the various features seem to be operating. Is this one referable to this bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877992 ? Could you suggest me how debug this issue, if problem is it? It is not an issue. Try systemctl status postfix@- Postfix is configured as a multi-instance unit, or whatever systemd calls it. Nothing to worry about.
Re: downgrading from postfix-3.4 fails - unix-dgram
On Fri, 1 Feb 2019, Eray Aslan wrote: Downgrading from postfix-3.4 fails with: [...] bin/postconf: fatal: invalid type field "unix-dgram" in "postlog unix-dgram n - n - 1 postlogd" Just letting you know. If you downgrade, you also have to "downgrade" the config :) AFAIK postlogd didn't exist until 3.4 Cheers. Bernardo Reino.
Re: G Suite mx checker complains "do not configure the mail service on the only domain name."
On 2018-11-15 12:24, Poliman - Serwis wrote: I have few domains on the server. Some part of them use my server for send emails but few have configured external mail service like Google. I need to disable using my mail service by colonel.com.pl on my server. There need to be only google, nothing more but other domains need to use my mail service. Well then just leave it as it is. Obviously the warning you got from Google does not apply, because that SMTP server is taking care of other, unrelated, domains. Therefore you can safely ignore the warning, as it is wrong.
Re: G Suite mx checker complains "do not configure the mail service on the only domain name."
On 2018-11-14 08:21, Poliman - Serwis wrote: 2018-11-13 19:58 GMT+01:00 Wietse Venema : You man still want to turn off the SMTP listener on colonel.com.pl, because it will never receive legitimate email. Wietse Thank you for answer. I suppose I don't understand properly. How could I do this if this domain has MX on Google? If your e-mail is handled by Google, then you should not have an SMTP server running (listening) on colonel.com.pl. So you should go (ssh) to colonel.com.pl and disable/deinstall/firewall/etc. postfix so that it does not accept incoming e-mails (e.g. ports 25, 465, 587). If anyone wants to send you an e-mail, the MTA (sending server) will lookup colonel.com.pl and find the relevant MX record pointing to Google. The MTA will then send the e-mail to the Google server. In severely broken situations an MTA might decide to try to send it directly to colonel.com.pl and -- surprise -- find a welcoming (listening) SMTP server. You don't want that, so, again, you should disable/remove/uninstall the SMTP server on colonel.com.pl Hopefully this is clear now.
Re: what does these log lines mean?
On Tue, 6 Nov 2018, Poliman - Serwis wrote: Thank you for answer. I attach .txt file with output of postconf -n. Your original message showed amavis filtering on ports 10024 and 10026. Your postfix configuration shows only amavis on port 10024. I think your logs don't come from the postfix with the configuration you posted. In any case, what do you need to know? Have YOU configured the postfix server, or are you trying to understand why something happens (your log lines) on a server which you DO NOT administer? I don't think anybody here has time for puzzles.
Re: what does these log lines mean?
On Tue, 6 Nov 2018, Poliman - Serwis wrote: Sorry for http markup, I got knowledge for the future. Thank you for brief answer. Does each email is filtered by amavisd or only some kind of suspicious? You're the only one who can answer that question. Did you configure such filtering? You could post your $(postconf -n) Cheers.
Re: how set postfix server as non-functional
On 2018-10-26 14:36, Poliman - Serwis wrote: Thank you for answer. I have static IP - I bought VPS from OVH. I have there configured few domains with mailboxes. On the server are services like www, ftp, mail. So, if I understood well, I should block port 25. Maybe you can go back one step and explain why you think you need to block port 25? I mean, if you want to be able to receive e-mails you need to allow incoming connections on port 25. If you want to send e-mails from your server then you need outgoing connections on port 25. Or did I misunderstand you?
Re: TLSv1.2 only for auth connection
On Thu, 25 Oct 2018, Thomas Bourdon wrote: Because mail providers send mail to my smtp server through this port, don't they ? Le 25.10.2018 15:00, B. Reino a écrit : On Thu, 25 Oct 2018, Thomas Bourdon wrote: Is there a way to allow tlsv1.0 minimum for unauth connection and allow tlsv1.2 minimum for auth connection on port 465 ? Why would you want unauthenticated connections on port 465? (smtps). It's AFAIK a submission port. SMTP<->SMTP is (should be) always on port 25, with or without STARTTLS. Port 465 is submission with TLS wrapper-mode, and port 587 is submission (with or without STARTTLS). I don't know if there are any smtp clients (in the sense of postfix smtp "client") using 465 for sending to a smtp server (in the sense of postfix smtpd..)
Re: TLSv1.2 only for auth connection
On Thu, 25 Oct 2018, Thomas Bourdon wrote: Is there a way to allow tlsv1.0 minimum for unauth connection and allow tlsv1.2 minimum for auth connection on port 465 ? Why would you want unauthenticated connections on port 465? (smtps). It's AFAIK a submission port.
Re: postfix stops sending mail after sometime
On Tue, 23 Oct 2018, Dominic Raferd wrote: On Tue, 23 Oct 2018 at 09:06, B. Reino wrote: On Sat, 20 Oct 2018, Wietse Venema wrote: gaurav.parashar: Hii, I had installed postfix in Ubuntu 16.04 and it was working seamlessly. Some time back I upgraded it to Ubuntu 18.04 and suddenly emails stop coming to my inbox. It gave me this error: postfix/postdrop[27466]: warning: mail_queue_enter: create file maildrop/675261.27466: Permission denied Somoene messed up file permissions, or someone decided to break setgid programs. It might be unrelated but in the dovecot debian package the systemd service file includes (included?) the option "NoNewPrivileges=false", which causes (caused..) many problems. In my case, forwarding mails (via a sieve filter), didn't work because dovecot/sieve could not use postdrop. I don't know whether Ubuntu makes use of this option in either dovecot, postfix, or both, but it may be worth checking.. I don't see this setting in Ubuntu 18.04's /lib/systemd/system/dovecot.service. (It has ProtectSystem=full, which doesn't cause me any problems.) Good to know :) BTW note that the "wrong" setting is NoNewPrivileges=true. I got it backwards in the previous e-mail (because I copied what I have...)
Re: postfix stops sending mail after sometime
On Sat, 20 Oct 2018, Wietse Venema wrote: gaurav.parashar: Hii, I had installed postfix in Ubuntu 16.04 and it was working seamlessly. Some time back I upgraded it to Ubuntu 18.04 and suddenly emails stop coming to my inbox. It gave me this error: postfix/postdrop[27466]: warning: mail_queue_enter: create file maildrop/675261.27466: Permission denied Somoene messed up file permissions, or someone decided to break setgid programs. It might be unrelated but in the dovecot debian package the systemd service file includes (included?) the option "NoNewPrivileges=false", which causes (caused..) many problems. In my case, forwarding mails (via a sieve filter), didn't work because dovecot/sieve could not use postdrop. I don't know whether Ubuntu makes use of this option in either dovecot, postfix, or both, but it may be worth checking.. Cheers, -- Bernardo.
Re: Multiple sasl configuration
On Mon, 22 Oct 2018, Emmanuel Jaep wrote: You are also right that openrelay.customer.com has a non-working STARTTLS. They actually have neither authentication nor encryption. This is actually my current 'challenge': how to set this relay up without encryption and authentication while keeping our current config for other relays (encryption + authentication). If OK, you might also want to change: smtp_tls_security_level = encrypt to smtp_tls_security_level = may so that TLS is opportunistic rather than enforced. Cheers, -- Bernardo.
Re: Outbound DKIM signing milter options for Postfix?
On Thu, 11 Oct 2018, Benny Pedersen wrote: B. Reino skrev den 2018-10-11 09:48: I can recommend rspamd. The DKIM module is very flexible, supports multiple domains, etc. rspamd is a bit of overkill for dkim signing If you only want DKIM signing, then yes. In my case, rspamd does DKIM signing, DKIM/SPF/DMARC checking (+ DMARC Reporting), plus of course its core task of spam filtering. One milter to rule them all, so to speak :) Cheers.
Re: Outbound DKIM signing milter options for Postfix?
On 2018-10-11 04:08, pg...@dev-mail.net wrote: I'm setting up outbound DKIM signing for a Postfix instance. I'd prefer something other that OpenDKIM or Amavisd. Other than DIY, is there a solid/stable milter for outbound signing folks are successfully using with Postfix? Appreciate any references! I can recommend rspamd. The DKIM module is very flexible, supports multiple domains, etc. Cheers.
Re: BCC to a local account
(Excuse the off-topic message but, see below, I cannot reach Mr. Carville) Dear Mr. Carville, I noticed that when you send an e-mail to the postfix mailing list, my mail server (mail.reinob.de, 5.189.132.144) tries to send a DMARC report to your mail server, i.e. to dmarc-...@lereta.com, as per your DMARC record (it is also sent to dmarc_...@emaildefense.proofpoint.com, which does not cause any problems). However your server then rejects my DMARC report: : host mx02.lereta.com[198.204.112.74] said: 554 5.7.1 : Client host rejected: reject_by_client blacklist (in reply to RCPT TO command) AFAIK mail.reinob.de is not in any blacklist and has never been used to send spam (it's my private e-mail server, used strictly by me and my family). Could you let me know which blacklists you are using? (and if you manage the list, could you please remove my server from it?) Thank you in advance, -- Bernardo Reino.
Re: spf dkim authentication-failure
On Mon, 24 Sep 2018, Maurizio Caloro wrote: Since last week i become everytime this messages if send any Email, i don't find me mistake Please can you give me the right search way that i need to view.. Or what are here me trouble. opendkim[714]: 8D328402FC: DKIM-Signature field added (s=mail, d=caloro.ch) This is a spf/dkim authentication-failure report for an email message received from IP 149.20.1.60 on Mon, 24 Sep 2018 11:41:36 +0800. Below is some detail information about this message: 1. SPF-authenticated Identifiers: none; 2. DKIM-authenticated Identifiers: none; 3. DMARC Mechanism Check Result: Identifier non-aligned, DMARC mechanism >check failures; Hello, From what I can see, at least in the message I'm responding to: Authentication-Results: mail.reinob.de; dkim=pass header.d=caloro.ch; dmarc=pass (policy=none) header.from=caloro.ch so at least my mail server didn't complain about your message. The only thing that looks odd is that your message is DKIM-signed twice. However you've only shown the received DMARC failure report, and not the original message, so it's hard to know what the problem was. Cheers, -- Bernardo Reino.
Re: Double-Bounce
On 2018-09-14 11:11, Benny Pedersen wrote: B. Reino skrev den 2018-09-14 10:52: So in a way this message is just a test, but hopefully also a clarification :) Authentication-Results: linode.junc.eu; dkim=fail reason="signature verification failed" (1024-bit key) header.d=bbmk.org header.i=@bbmk.org header.b=I6ED3eZq; do not sign all headers :) I was just using the default in rspamd. After failing this time and removing the Sender header I think my messages to the list are now being validated OK. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bbmk.org; s=default; t=1536915126; h=from:from:sender:subject:subject:date:date:to:to:cc: in-reply-to:in-reply-to:references:references; 2 header lines with from ? 2 header lines with subject ? 2 header lines with references ? DKIM Oversigning (https://tools.ietf.org/html/rfc6376#section-5.4.2) Should not hurt, but I might remove that as well.. Cheers and thanks a lot.
Re: Double-Bounce
On 2018-09-14 10:52, B. Reino wrote: I think the postfix ML is not so "DKIM safe". In my case, it causes my DKIM signature to fail. I have now compared a message sent by me against other messages sent e.g. by Benny Pedersen, and concluded that my configuration (using rspamd) was signing way too many fields. I have now reduced the number of fields and hopefully this message should now come back from the postfix ML with a valid DKIM signature. So in a way this message is just a test, but hopefully also a clarification :) Cheers, Bernardo Reino. Well I guess the above test failed :( I forgot to exclude the "Sender:" header as well. This is however my last test. I don't want to spam the list. Sorry and cheers, -- Bernardo Reino.
Re: Double-Bounce
On 2018-09-14 10:36, Dominic Raferd wrote: On Fri, 14 Sep 2018 at 07:14, Benny Pedersen wrote: Benny Pedersen skrev den 2018-09-14 08:08: Dominic Raferd skrev den 2018-09-14 07:33: On Fri, 14 Sep 2018 at 00:29, Julian Opificius wrote: Why is it that my system marks everything from you as spam, Benny? Is it your tld? I've added you to my address book, but my server keeps spitting you out. Because the domain that he uses to send emails through this mailing list has DMARC p=quarantine setting: # dig +short _dmarc.junc.eu TXT "v=DMARC1; p=quarantine; rua=mailto:report_...@dmarc.junc.eu; fo=d; adkim=r; aspf=r; sp=none" postfix maillist is dkim safe, so if it breaks, show the link that breaks it, whitelist postfix maillist so it does not go into quarantine can i help more ? i get dmarc pass back on my post here DMARC-Filter: OpenDMARC Filter v1.3.2 linode.junc.eu 2C5B31BE06F Authentication-Results: linode.junc.eu; dmarc=pass (p=quarantine dis=none) header.from=junc.eu Authentication-Results: linode.junc.eu; dkim=pass (1024-bit key) header.d=junc.eu header.i=@junc.eu header.b=Aedk3uHj; dkim-atps=neutral Received-SPF: none (postfix.org: No applicable sender policy available) receiver=localhost.junc.eu; identity=mailfrom; envelope-from="owner-postfix-us...@postfix.org"; helo=russian-caravan.cloud9.net; client-ip="2604:8d00:0:1::4" Sorry you are right: your emails pass DKIM and also, when going through postfix mailing list (but not all others), pass DKIM alignment, so they pass DMARC. However, when sent through mailing lists, they fail SPF, and (for DMARC) SPF alignment, so servers that make decisions based only on this (which is not the DMARC way) may choose to treat them as spam. Mine don't, but I have seen your emails quarantined (or, previously, blocked) on other mailing lists, hence my original comment. I think the postfix ML is not so "DKIM safe". In my case, it causes my DKIM signature to fail. I have now compared a message sent by me against other messages sent e.g. by Benny Pedersen, and concluded that my configuration (using rspamd) was signing way too many fields. I have now reduced the number of fields and hopefully this message should now come back from the postfix ML with a valid DKIM signature. So in a way this message is just a test, but hopefully also a clarification :) Cheers, Bernardo Reino.
Re: multiple/simultaneous virtual_transports?
On Tue, 4 Sep 2018, Noel Jones wrote: To override the transport for a single recipient, use a transport_maps entry with the recipient address as the key. No change needed for the existing virtual_transport. something like: # /path/to/transport_file u...@example.com lmtp:[someotherhost]:port # main.cf transport_maps = hash:/path/to/transport_file OK! Thanks for the confirmation :) === Delivering one mail to multiple servers is more complicated. Add a virtual_alias_maps entry to add a second recipient for the message, then deliver the second recipient to the alternate server. If necessary, you can use lmtp_generic_maps to rewrite the recipient back to the original name during delivery. # virtual_alias u...@example.com u...@example.com u...@other.example.com # transport u...@other.example.com lmtp:[other.example.com]:port # lmtp_generic other.example.com example.com # main.cf virtual_alias_maps = hash:/path/to/virtual_alias transport_maps = hash:/path/to/transport lmtp_generic_maps = hash:/path/to/lmtp_generic Double thanks for this! I still need to clarify what to do with that domain (I host it for a friend, but I'd rather he keeps his own IMAP server/storage while I take care of incoming/outgoing e-mails (postfix)). The multiple delivery would allow me to verify that his own IMAP server (which still needs to be prepared) receives and serves the e-mails correctly. Then I'd "pull the plug" and switch to the first option described above (delivering directly, and only, to his own IMAP server). Thanks again! (to Viktor too for confirming!)
multiple/simultaneous virtual_transports?
Hello, I currently host three virtual domains with a postfix instance. Delivery is, for all accounts, to a (local, using unix socket) dovecot server using LMTP. For one of those virtual domains I'd like to have a separate (remote) dovecot server, while keeping the SMTP (postfix) at the current server. Thus I'd need something like: virtual_transport = lmtp:[hostname]:port (if recipient is in the now-external domain) (using [] to deliver via lmtp to hostname directly) virtual_transport = lmtp:unix:private/dovecot-lmtp (otherwise) I believe the correct way to do this is defining the default virtual transport with virtual_transport = lmtp:unix:private/dovecot-lmtp and then: transport_maps = hash:/etc/postfix/virtual_transport having in /etc/postfix/virtual_transport external.domain lmtp:[hostname]:port Q1) does the above make sense? i.e. will it work as intended (as explained above), so that e.g. if the (valid, as otherwise rejected) recipient domain is not found in the hash table then the (default) virtual_transport will be used? (otherwise, and assuming the above would work, I could just define the remaining domains also in the table, but I'd prefer keeping it as generic as possible). Q2) would it also be possible to -- during a testing period -- have TWO virtual_transports for a single virtual domain? This way I could deliver via LMTP to the existing server (via unix socket) as well as to the new remote server (lmtp via inet). Thanks a lot in advance for any replies or clarifications!