Re: smtpd_reject_unlisted_recipient

2022-01-23 Thread Wietse Venema
post...@ptld.com: > If reject_unlisted_recipient isn't used in any of the smtpd_*_restrictions > And smtpd_reject_unlisted_recipient = yes > > At what stage is smtpd_reject_unlisted_recipient checked and rejected? > During smtpd_recipient_restrictions checks? > At the end after

Re: Should that behaviour be like this?

2022-01-22 Thread Wietse Venema
Demi Marie Obenour: > On 1/20/22 08:13, Wietse Venema wrote: > > tobs...@brain-force.ch: > >> we had in main.cf > >> > >> > >> smtpd_client_restrictions = > >>check_helo_access > >> pcre:/etc/postfix/helo_access.pcre,regexp:/etc/

Re: Some README files are not included in the postfix-files

2022-01-20 Thread Wietse Venema
Jaroslav Skarvada: > Hi, > > it seems the following README files are not included in the > conf/postfix-files: > BDAT_README > MAILLOG_README > POSTSCREEN_3_5_README > SMTPUTF8_README > > Is it intended? Yikes, these are all "new" files added with Postfix 3.x. I'll add a pre-release check for

Re: Should that behaviour be like this?

2022-01-20 Thread Wietse Venema
tobs...@brain-force.ch: > Today we stumbled over a postfix behaviour that was quite unexpected > for us. > > we had in main.cf > > > smtpd_client_restrictions = >check_helo_access > pcre:/etc/postfix/helo_access.pcre,regexp:/etc/postfix/helo_access.rege Commas and spaces are treated

Re: Appricate some help in understanding a connection refused situation.

2022-01-19 Thread Wietse Venema
James B. Byrne: [ Charset ISO-8859-1 converted... ] > > > On Wed, January 19, 2022 13:29, Wietse Venema wrote: > > James B. Byrne: > > > > > > For me, alt4.gmail-smtp-in.l.google.com does not resolve to > > 66.102.1.27, but instead to 142.250.153

Re: Appricate some help in understanding a connection refused situation.

2022-01-19 Thread Wietse Venema
James B. Byrne: > postconf mail_version > mail_version = 3.6.3 > > OS FreeBSD-13.0p5 > > I am in the process of transferring one of our MX services to a > new host. During one of the test sessions against live traffic a > connection to the final delivery host from the test service could > be

Re: TLS returning self-signed cert

2022-01-19 Thread Wietse Venema
connected to port 25, not 443? Wietse > Wayne > > -Original Message- > From: owner-postfix-us...@postfix.org On > Behalf Of Wietse Venema > Sent: Wednesday, January 19, 2022 1:03 PM > To: Wayne Spivak > Cc: postfix-users@postfix.org > Subject: Re: TLS

Re: TLS returning self-signed cert

2022-01-19 Thread Wietse Venema
Wayne Spivak: > My Postfix Server 3.6.2 running on a newly created Fedora 35 is returning > self-signed SSL certs, where none were configured. Why do you believe that this is a self-signed certifcate? Isn't this an issue where the server returns a leaf certificate without intermediate

Re: Routing Gmail/Workspace mail through postfix first

2022-01-19 Thread Wietse Venema
Alex: > Hi, > > I'm using postfix-3.5.10 and would like to use it to front-end a > domain currently being managed by Google Workspace to be able to send > mail through our filters first. Is this for - Email from "users inside the domain" to Google Workspace? This is like a relayhost for

Re: SASL per user or per host disable and, use of trace, strace

2022-01-18 Thread Wietse Venema
Wietse Venema: > Joe Acquisto-j4: > > For version 3.7.4, is there a means of disabling for smtp per user, > > per domain, per IP, when "smtp_sender_dependent_authentication = > > yes"? > > Postfix will search smtp_sasl_password_maps by sender first, and > i

Re: SASL per user or per host disable and, use of trace, strace

2022-01-18 Thread Wietse Venema
Joe Acquisto-j4: > For version 3.7.4, is there a means of disabling for smtp per user, > per domain, per IP, when "smtp_sender_dependent_authentication = > yes"? Postfix will search smtp_sasl_password_maps by sender first, and if that is not found, then by destination. If you don't want Postfix

Re: GhettoForge Postfix3

2022-01-18 Thread Wietse Venema
post...@ptld.com: > GhettoForge has a repo for Postfix3, it is not clear to me if > Postfix3 is another beast entirely or if it is just a normal Postfix > version 3 and higher. Can someone explain what is the purpose of > "Postfix3"? According to http://ghettoforge.org/index.php/Postfix3 it's the

Postfix stable release 3.6.4 and legacy releases 3.5.14, 3.4.24, 3.3.21

2022-01-18 Thread Wietse Venema
[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.6.4.html] Fixed in Postfix 3.6.4, 3.5.14, 3.4.24, 3.3.21: * Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient entries in postconf output. This was caused by an

Re: master_wakeup_timer_event

2022-01-18 Thread Wietse Venema
natan: > W dniu 18.01.2022 o 16:17, Wietse Venema pisze: > > natan: > >> Hi > >> My happiness did not last long > >> > >> Jan 18 13:33:22? postfix/master[3581]: warning: > >> master_wakeup_timer_event: service qmgr(public/qmgr): Resource

Re: Adding Additional domains and outgoing email

2022-01-18 Thread Wietse Venema
Wietse Venema: > Ruben Safir: > > UNDER main.cf I have this: > > > > smtpd_data_restrictions = reject_unauth_pipelining, permit > > > >

Re: Adding Additional domains and outgoing email

2022-01-18 Thread Wietse Venema
Ruben Safir: > > -o milter_macro_daemon_name=ORIGINATING > > I don't need the milter I assume? You can comment it out and leave it as a reminder. If you ever want to add a signing milter, then this may be needed. Wietse

Re: Adding Additional domains and outgoing email

2022-01-18 Thread Wietse Venema
Ruben Safir: > UNDER main.cf I have this: > > smtpd_data_restrictions = reject_unauth_pipelining, permit > > > # SASL stuff > ... > smtpd_sasl_auth_enable = yes Note, SASL

Re: master_wakeup_timer_event

2022-01-18 Thread Wietse Venema
natan: > Hi > My happiness did not last long > > Jan 18 13:33:22? postfix/master[3581]: warning: > master_wakeup_timer_event: service qmgr(public/qmgr): Resource > temporarily unavailable > > I'm so confused beacuse I cannot resolv thats problem and I dont known > where is realy problem Repeat:

Re: Adding Additional domains and outgoing email

2022-01-18 Thread Wietse Venema
Ruben Safir: > On Wed, Jan 12, 2022 at 10:44:18AM -0500, Wietse Venema wrote: > > Wietse Venema: > > > Wietse: > > > > I think it is a mistake to enforce Spamhaus for clients that connect > > > > to port 578. Clients on port 25 must authenticate. > >

Re: Adding a second line to .forward, can one prevent errors feeding back to sender?

2022-01-18 Thread Wietse Venema
Chris Green: > If I add a second line to .forward, e.g. make it something like:- > > | /home/chris/.mutt/bin/filter.py > | /home/chris/dev/bin/filter.py > > Then, if (as is likely) there are errors in /home/chris/dev/bin/filter.py > the message sender will see an error returned even

Re: nullmx_reject_code gone from source but not from docs

2022-01-17 Thread Wietse Venema
Andreas Weigel: > Hi everyone, > > I just had a case which had me looking for said parameter, just to find > out that while it's still in the documentation it seems to have been > purged from the sources in commit > 2bcd79195232042d77b79cbcdbde74f1327e6f8e. Postfix 3.4.19's postconf just >

Re: master_wakeup_timer_event

2022-01-17 Thread Wietse Venema
natan: > W dniu 17.01.2022 o?15:58, Wietse Venema pisze: > > natan: > >> W dniu 14.01.2022 o 22:18, Wietse Venema pisze: > >>> natan: > >>> Wietse: > >>>> Do you know if the problem is a kernel limit or a per-process limit? > >>

Re: master_wakeup_timer_event

2022-01-17 Thread Wietse Venema
natan: > W dniu 14.01.2022 o 22:18, Wietse Venema pisze: > > natan: > > Wietse: > >> Do you know if the problem is a kernel limit or a per-process limit? > >> Does master have 4096 open files (including network sockets: ip, > >> unix-domain, etc.). >

Re: How to filter email (DKIM) without keeping the message in memory and without writing it to disc twice?

2022-01-15 Thread Wietse Venema
Robert Siemer: > Hello everyone, > > I need to DKIM sign possibly huge emails (up to 150MB). > > Conceptually DKIM needs to go over the email twice: once to calculate > and sign the checksum and once to write it out with the result of > the previous step in the headers.? > > A DKIM signer can do

Re: No current announcement for Postfix 3.6.4

2022-01-15 Thread Wietse Venema
I normally announce the code after the mirrors have had some time to update. Wietse

Re: How can I build a reliable distribution list?

2022-01-14 Thread Wietse Venema
raf: > If the distribution itself is working, and the list of > members doesn't change often, and it's only SPF that's > getting in the way, perhaps the least disruptive > solution is to add SRS to Postfix. The problem being > that someone who sends to the list has SPF on their > domain and a

Re: master_wakeup_timer_event

2022-01-14 Thread Wietse Venema
natan: Wietse: > Do you know if the problem is a kernel limit or a per-process limit? > Does master have 4096 open files (including network sockets: ip, > unix-domain, etc.). Wietse: > BTW that last one was a trick question: you need a huge number of > services in master.cf to exceed the 4096

Re: INVALID MessageID reporting?

2022-01-14 Thread Wietse Venema
Gomes, Rich: > Does anyone have a good way of reporting on this? > I see a great deal in the maillog with either an incorrect format (no @ > symbol) or just completely blank ( message-id=<>). According to RFC,the Message-ID header is optional, and therefore, email without Message-ID MUST NOT BE

Re: master_wakeup_timer_event

2022-01-14 Thread Wietse Venema
Wietse Venema: > natan: > > W dniu 14.01.2022 o?14:54, Wietse Venema pisze: > > > natan: > > >> Hi > > >> I have very strong machine with load average: 2,22, 2,32, 2,19 > > >> > > >> and today i get > > >> > > >

Re: master_wakeup_timer_event

2022-01-14 Thread Wietse Venema
natan: > W dniu 14.01.2022 o?14:54, Wietse Venema pisze: > > natan: > >> Hi > >> I have very strong machine with load average: 2,22, 2,32, 2,19 > >> > >> and today i get > >> > >> Jan 14 12:34:25 thebe postfix/master[4925]: wa

Re: How can I build a reliable distribution list?

2022-01-14 Thread Wietse Venema
raf: > If the distribution itself is working, and the list of > members doesn't change often, and it's only SPF that's > getting in the way, perhaps the least disruptive > solution is to add SRS to Postfix. The problem being > that someone who sends to the list has SPF on their > domain and a

Re: master_wakeup_timer_event

2022-01-14 Thread Wietse Venema
natan: > Hi > I have very strong machine with load average: 2,22, 2,32, 2,19 > > and today i get > > Jan 14 12:34:25 thebe postfix/master[4925]: warning: > master_wakeup_timer_event: service qmgr(public/qmgr): Resource > temporarily unavailable > Jan 14 12:39:25 thebe postfix/master[4925]:

Re: How can I build a reliable distribution list?

2022-01-13 Thread Wietse Venema
Benny Pedersen: > On 2022-01-13 16:06, Wietse Venema wrote: > > > You need a list manager (such as gnu mailman) that replaces the > > From: header AND the envelope sender address (SMTP MAIL FROM) with > > the name of your list's domain. > > if mailman can stop break

Re: How can I build a reliable distribution list?

2022-01-13 Thread Wietse Venema
Markus Grunwald: > Hello! > > I have a postfix server with one local and two virtual > domains. For one of the virtual domains, I need a mail > distribution list. I used the virtual alias list for a long time, > but meanwhile I have many recipients that block mail from that > list. An

Re: Adding Additional domains and outgoing email

2022-01-12 Thread Wietse Venema
Wietse Venema: > Wietse: > > I think it is a mistake to enforce Spamhaus for clients that connect > > to port 578. Clients on port 25 must authenticate. Sorry, 25 should have been 578. > Ruben Safir: > > I agree, but I don't know how to control rules for 587? >

Re: Adding Additional domains and outgoing email

2022-01-12 Thread Wietse Venema
Wietse: > I think it is a mistake to enforce Spamhaus for clients that connect > to port 578. Clients on port 25 must authenticate. Ruben Safir: > I agree, but I don't know how to control rules for 587? > How do I tell it to do something only on port 587? In the stock master.cf file:

Re: Adding Additional domains and outgoing email

2022-01-12 Thread Wietse Venema
Ruben Safir: > > > > I hope that makes some sense. But I still don't > > understand your statement that "It is hitting on port > > 587" I'm not sure what you mean by "It". > > > It means that thunderbird, outside the network, is reaching across the > internet and tickling port 587 on postfix

Re: All links are broken for postfix-3.7-20220103

2022-01-10 Thread Wietse Venema
Pavel Yakovlev: > Hello > > http://ftp.porcupine.org/mirrors/postfix-release/index.html > > All links are broken (404) for postfix-3.7-20220103 > > And this happens constantly once every 2-3 months for the experimental > release. Updated. Wietse

Re: multi instance and always_bcc

2022-01-10 Thread Wietse Venema
Zsombor B: > Hi, > > > > We'd like to debug some emails sent through a multi instance withouth > having any impact on the mail flow so I have added > always_bcc=de...@whatever.com to the main.cf of that instance and > reloaded it. > > But instead of sending copies of the emails to the debug

Re: TLS enforcement options?

2022-01-10 Thread Wietse Venema
?ukasz W?sikowski: > > W dniu 2022-01-10 o?13:02, Jaroslaw Rafa pisze: > > > There are many sites like this, that contain only publicly available > > information. No login, no purchases, no personal data collected. What is the > > benefit of using HTTTPS in that case? (Except of protecting you

Re: No delivery delay notification for particular recipients?

2022-01-07 Thread Wietse Venema
Wietse Venema: > tobs...@brain-force.ch: > > Yes postmaster as recipient of delivery status notifications. I have > > set > > > > > notify_classes = bounce, 2bounce, delay, policy, protocol, resource, > > software > > > > so postmaster

Re: No delivery delay notification for particular recipients?

2022-01-07 Thread Wietse Venema
tobs...@brain-force.ch: > Yes postmaster as recipient of delivery status notifications. I have > set > > > notify_classes = bounce, 2bounce, delay, policy, protocol, resource, > software > > so postmaster receives delay warnings in general on my system. But it > also receives warnings for

Re: No delivery delay notification for particular recipients?

2022-01-07 Thread Wietse Venema
ly. Always good to have a graveyard behind the house ;-) > > > > Have a good one and happy 2022 to all > > > > tobi > > > > On Thu, 2022-01-06 at 11:30 -0500, Wietse Venema wrote: > > > Viktor Dukhovni: > > > > On Thu

Re: postconf -d smtpd_relay_restrictions

2022-01-06 Thread Wietse Venema
Jim Popovitch: > This config produces the warning/error message: > > mail_version = 3.6.3 > smtpd_relay_restrictions = ${{$compatibility_level} {permit_mynetworks, permit_sasl_authenticated, > defer_unauth_destination}} > smtpd_recipient_restrictions = check_client_access >

Re: postconf -d smtpd_relay_restrictions

2022-01-06 Thread Wietse Venema
Jim Popovitch: > On Thu, 2022-01-06 at 22:29 +1100, Viktor Dukhovni wrote: > > > > > > Removing the compatibility_level setting entirely could introduce > > the reported symptoms, if "smtpd_recipient_restrictions" doesn't > > have any of the "default deny" rules, and relies on the relay > >

Re: No delivery delay notification for particular recipients?

2022-01-06 Thread Wietse Venema
Viktor Dukhovni: > On Thu, Jan 06, 2022 at 01:08:33PM +0100, tobs...@brain-force.ch wrote: > > > Is somehow possible to use other delay notification settings for a > > particular recipient address? > > No, this is a message-level property, same for all delayed recipients > of the message. With

Re: Compiler warnings on Debian

2022-01-05 Thread Wietse Venema
Wietse Venema: > Christian G?ttsche: > > While building postfix for Debian a couple of compiler warnings show > > up, all caused by the warning `-Wunused-result`[1]. > > > > Two of them are caused by attempts to silence compilers via a > > void-cast, but

Re: Compiler warnings on Debian

2022-01-05 Thread Wietse Venema
Christian G?ttsche: > While building postfix for Debian a couple of compiler warnings show > up, all caused by the warning `-Wunused-result`[1]. > > Two of them are caused by attempts to silence compilers via a > void-cast, but GCC does not respect that, see [2]. > One solution is to cast the

Re: [PATCH] Drop accidental macro definition in postconf.5

2022-01-05 Thread Wietse Venema
Christian G?ttsche: > Groff interprets lines staring with a single quote as commands. > Enclose in double quotes instead. > > Found by Lintian: > > groff-message usr/share/man/man5/postconf.5.gz (line 1) 13368: warning: > macro 'close'' not defined > > See the line in question missing at

Re: Fatal: no SASL authentication mechanisms

2022-01-05 Thread Wietse Venema
Ken Wright: > > There are many other possibilities.? Perhaps, instead of doing all > > the integration work yourself, you may be better off with a "turnkey" > > email server such as ? > > If I don't do the work, how will I learn? You learn by starting with a WORKING

Re: Mail system is down

2022-01-04 Thread Wietse Venema
Ken Wright: > On Tue, 2022-01-04 at 07:30 -0500, Wietse Venema wrote: > > Ken Wright: > > > Okay, I ran sudo postfix set-permissions.? It ran with no trouble > > > whatsoever; no errors, warnings, nothing.? Still getting the exact > > > same messages in mail

Re: different mechanism filter for two ISPs

2022-01-04 Thread Wietse Venema
Wietse Venema: > Henrique Martins: > > Redirection through google or dreamhost is handle through > > relayhost = [gmail-smtp.l.google.com]:587 > > smtp_tls_policy_maps = hash:/etc/postfix/tls_policy > > smtp_use_tls = yes > > smtp_tls_security_level = may

Re: different mechanism filter for two ISPs

2022-01-04 Thread Wietse Venema
Henrique Martins: > Redirection through google or dreamhost is handle through > relayhost = [gmail-smtp.l.google.com]:587 > smtp_tls_policy_maps = hash:/etc/postfix/tls_policy > smtp_use_tls = yes > smtp_tls_security_level = may > smtp_sasl_auth_enable = yes > smtp_sasl_password_maps =

Re: SMTP over IPv6

2022-01-04 Thread Wietse Venema
post...@ptld.com: > The part i am still confused about is the perceived behavior > difference between > >inet_interfaces = all >inet_interfaces = ipv4, ipv6 inet_interfaces takes 'all' or a list of IP addresses. It will also take hostnames but such configuration is fragile; however if

Re: Mail system is down

2022-01-04 Thread Wietse Venema
Alex JOST: > Am 04.01.2022 um 02:02 schrieb Ken Wright: > > $ sudo chmod g+s /usr/sbin/postdrop > > $ ls -la /usr/sbin/postdrop > > -r-xr-sr-x 1 postfix postdrop 22808 Sep 7 02:58 /usr/sbin/postdrop > > > > Wietse, is this what's expected? > > AFAICT you are lacking write permission for the

Re: SMTP over IPv6

2022-01-04 Thread Wietse Venema
post...@ptld.com: > If i use these settings >inet_interfaces = all >inet_protocols = all >smtp_bind_address = >smtp_bind_address6 = >smtp_address_preference = any (* Not actually included in main.cf, > relying on 'any' as the default) > > Then most of the time email being

Re: Mail system is down

2022-01-04 Thread Wietse Venema
Ken Wright: > On Mon, 2022-01-03 at 20:50 -0500, Viktor Dukhovni wrote: > > On Mon, Jan 03, 2022 at 08:02:20PM -0500, Ken Wright wrote: > > > > > $ sudo chmod g+s /usr/sbin/postdrop > > > $ ls -la /usr/sbin/postdrop > > > -r-xr-sr-x 1 postfix postdrop 22808 Sep? 7 02:58 /usr/sbin/postdrop > > >

Re: Mail system is down

2022-01-03 Thread Wietse Venema
Ken Wright: > On Tue, 2022-01-04 at 08:32 +1100, raf wrote: > > Actually, if you are still getting > > "/usr/lib/postfix/sbin/0: No such file or directory" > > messages (with new timestamps), that must mean that you > > didn't reload postfix after fixing master.cf. You need > > to do that. Reload

Re: "ignoring DNS RR:" for only google.com MX ?

2022-01-03 Thread Wietse Venema
Viktor Dukhovni: > On Mon, Jan 03, 2022 at 12:32:03PM -0500, Wietse Venema wrote: > > > > offhand, is that generally needed/beneficial for google.com MXs? > > > > I don't know, does anyone want to be the guinea pig and discover > > if they still randomly bounce e

Re: Use of CIDR with mynetworks tables

2022-01-03 Thread Wietse Venema
Scott Kitterman: > Last one on my postfix bug triage pile for today: > > A Debian user complained that using CIDR notation in hash tables for > mynetworks doesn't work. Of course it doesn't. I found discussions about > this going back a long time [1], which suggests to me that the

Re: Some DNSSEC/DANE questions

2022-01-03 Thread Wietse Venema
Dan Mahoney: > > If you enable DNSSEC lookups, Postfix will log a warning when the root > > zone appears unsigned. See: > > > >http://www.postfix.org/postconf.5.html#dnssec_probe > > > >This feature is available in Postfix 3.6 and later. It was > >backported to Postfix versions

Re: "ignoring DNS RR:" for only google.com MX ?

2022-01-03 Thread Wietse Venema
PGNet Dev: > cat ./local/smtp_dns_reply_filter.pcre > # <- Wietse Venema: > # force IPv4 for all domains that have Google as an MX host. > # This drops all records from Google MX hosts, > # effectively forcing

Re: after adding IPv6 config, getting fail on submission -> "fatal: open dictionary: expecting "type:name" form instead of "::1"" ?

2022-01-03 Thread Wietse Venema
PGNet Dev: > I'm trying to add IPv6 addresses to a previously IPv4-only/working > internal-network submission node (mx1); the node receives submissions from > another sending postfix instance (mx2) > > I've botched something, & am getting an error I don't yet > recognize/understand, > >

Re: Possible issue when user has single space as comment

2022-01-03 Thread Wietse Venema
Scott Kitterman: > I have been remiss in forwarding this bug report, thinking I would get time > to > build a concise test case. It keeps not happening, so here you go. > > A Debian user reported [1] a problem where their cleanup process was killed > by > signal 11 during local mail

Re: Mail system is down

2022-01-03 Thread Wietse Venema
Ken Wright: > On Sun, 2022-01-02 at 21:59 -0500, Wietse Venema wrote: > > Ken Wright: > > > On Sun, 2022-01-02 at 19:40 -0500, Wietse Venema wrote: > > > > Sorry, I mis-typed 'postqueue'. > > > > > > > > Try this inste

Re: Mail system is down

2022-01-02 Thread Wietse Venema
Ken Wright: > Just checked my mail logs. Do any of these help anyone? > > kwright:~$ tail /var/log/mail.log > Jan 2 21:23:31 grace postfix/postdrop[58322]: warning: > mail_queue_enter: create file maildrop/914822.58322: Permission denied Yes, that is because I made a mistake in my first

Re: Mail system is down

2022-01-02 Thread Wietse Venema
Ken Wright: > On Sun, 2022-01-02 at 19:40 -0500, Wietse Venema wrote: > > Sorry, I mis-typed 'postqueue'. > > > > Try this instead. > > > > Here is what happens on my system. > > > > As root: > > > > # chmod g-s /usr/sbin/postqueue >

Re: Mail system is down

2022-01-02 Thread Wietse Venema
Sorry, I mis-typed 'postqueue'. Try this instead. Here is what happens on my system. As root: # chmod g-s /usr/sbin/postqueue # ls -l /usr/sbin/postqueue -rwxr-xr-x 1 root postdrop 60072 Dec 23 18:08 /usr/sbin/postqueue # chmod 777 /var/spool/postfix/public # ls -ld /var/spool/postfix/public

Re: Mail system is down

2022-01-02 Thread Wietse Venema
John Fawcett: > On 03/01/2022 00:37, Wietse Venema wrote: > > Here is what happens on m system. > > As root: > > > > # chmod g-s /usr/sbin/postdrop > > # ls -l /usr/sbin/postdrop > > -rwxr-xr-x 1 root postdrop 44472 Dec 23 18:08 /usr/sbin/postdrop > > #

Re: Mail system is down

2022-01-02 Thread Wietse Venema
Ken Wright: > On Sun, 2022-01-02 at 17:30 -0500, Wietse Venema wrote: > > Ken Wright: > > > On Sun, 2022-01-02 at 16:01 -0500, Wietse Venema wrote: > > > > Does it also fail when run as root? In that case, > > > > > > > > ??? # strace -e c

Re: Mail system is down

2022-01-02 Thread Wietse Venema
Kenneth Irving: > > On Sun, 2 Jan 2022, Ken Wright wrote: > > > On Sun, 2022-01-02 at 16:01 -0500, Wietse Venema wrote: > >> Does it also fail when run as root? In that case, > >> > >> ??? # strace -e connect postqueue -p | showq > >

Re: Mail system is down

2022-01-02 Thread Wietse Venema
Ken Wright: > On Sun, 2022-01-02 at 16:01 -0500, Wietse Venema wrote: > > Does it also fail when run as root? In that case, > > > > ??? # strace -e connect postqueue -p | showq > > > > Otherwise, some temporary hack is needed. > > > > As root, di

Re: Mail system is down

2022-01-02 Thread Wietse Venema
Ken Wright: > On Sun, 2022-01-02 at 11:16 -0500, Wietse Venema wrote: > > Ken Wright: > > > On Sat, 2022-01-01 at 18:50 -0500, Wietse Venema wrote: > > > > Ken Wright: > > > > > > > > > > I did a quick Google search, and ran sudo app

Re: Mail system is down

2022-01-02 Thread Wietse Venema
Ken Wright: > On Sat, 2022-01-01 at 18:50 -0500, Wietse Venema wrote: > > Ken Wright: > > > > > > I did a quick Google search, and ran sudo apparmor_status. There > > > don't appear to be any postfix-related programs listed. > > > > Then that leav

Re: Macro explanation?

2022-01-01 Thread Wietse Venema
Dan Mahoney (Gushi): > Hey there, > > I'm trying to modernize older configs at the day job and have found that a > coworker specified: > > milter_connect_macros = b i j _ {daemon_name} {if_name} {if_addr} > milter_end_of_data_macros = b i j _ {daemon_name} {if_name} {if_addr} > {mail_addr} >

Re: Mail system is down

2022-01-01 Thread Wietse Venema
Ken Wright: > On Sat, 2022-01-01 at 16:22 -0500, Wietse Venema wrote: > > Ken Wright: > > > > ? Is the postqueue command subject to AppArmor reduced > > > > privileges? > > > > ? The postqueue command will log EACES (Permission denied) > &

Re: Mail system is down

2022-01-01 Thread Wietse Venema
Ken Wright: > > Is the postqueue command subject to AppArmor reduced privileges? > > The postqueue command will log EACES (Permission denied) errors, > > but when AppArmor returns a different error code such as EPERM, > > postqueue will just say "mail system is down" (it does not try > >

Re: Mail system is down

2022-01-01 Thread Wietse Venema
Ken Wright: > What a way to start the new year! > > I got the following message in /var/log/mail.err this morning: > > Jan 1 01:34:03 grace postfix/postqueue[1684046]: fatal: Queue report > unavailable - mail system is down postqueue will log this when it is unable to connect to the "showq"

Re: postfix will not send

2021-12-31 Thread Wietse Venema
John Fawcett: > On 31/12/2021 10:36, Doug Denault wrote: > > This is a postfix/cyrus/mysql system running in a FreeBSD jail. It is > > (as far as I can make it) identical to a bare metal with the same > > configuration. Delivery & reading email works fine, the jailed system > > will not send

Re: Why postfix client performs a dns AAAA lookup if smtp_address_preference=ipv4 ?

2021-12-30 Thread Wietse Venema
sh you a "guten Rutsch" and happy 2022 And a healthy 2022! Wietse > tobi > > On Wed, 2021-12-29 at 12:58 -0500, Wietse Venema wrote: > > tobs...@brain-force.ch: > > > in main.cf > > > > > > smtp_address_preference = ipv4 > > >

Re: Problem with time out

2021-12-29 Thread Wietse Venema
Jason Hirsh: > I am having an issue with mail from my server to a particular mail > server. My errors message is > > > Dec 29 12:08:23 triggerfish postfix/smtp[34597]: connect to > m1.caribisles.net[204.10.3.4]:25: Operation timed out > Dec 29 12:08:23 triggerfish postfix/smtp[34597]:

Re: Why postfix client performs a dns AAAA lookup if smtp_address_preference=ipv4 ?

2021-12-29 Thread Wietse Venema
tobs...@brain-force.ch: > in main.cf > > smtp_address_preference = ipv4 > inet_protocols=all > > which should ensure postfix client prefers ipv4 over ipv6 Actually, this means try to make connections over IPv4 BEFORE trying to make connections over IPv6. > But now we have a mail where we can

Re: SMTPD delay rejects evaluation]

2021-12-26 Thread Wietse Venema
Lefteris Tsintjelis: > On 25/12/2021 17:55, Wietse Venema wrote: > > > > Use fail2ban etc. to lock out bad clients, whether they fail SASL > > requirements, rate limit requirements, or other requirements. > > I used to do it with fail2ban for a while and still us

Re: SMTPD delay rejects evaluation]

2021-12-25 Thread Wietse Venema
Lefteris Tsintjelis: > On 25/12/2021 16:50, Wietse Venema wrote: > > Wietse Venema: > > > > Rejects for SMTP syntax and SASL login are evaluated separate from > > smtpd_{client, helo, etc}_restrictions. > > SASL was my main concern. Is it possible to eval

Re: SMTPD delay rejects evaluation]

2021-12-25 Thread Wietse Venema
Wietse Venema: > Lefteris Tsintjelis: > > That is the impression I got. When delay rejects are on, in case of > > multiple rejections, the final rejection reason appears to always be the > > same even if a client rejection precedes a helo one for example(?). As > >

Re: SMTPD delay rejects evaluation]

2021-12-25 Thread Wietse Venema
Lefteris Tsintjelis: > That is the impression I got. When delay rejects are on, in case of > multiple rejections, the final rejection reason appears to always be the > same even if a client rejection precedes a helo one for example(?). As > much as delay rejects have some benefits, this can be

Re: SMTPD delay rejects evaluation

2021-12-25 Thread Wietse Venema
Lefteris Tsintjelis: > I am trying to find more info about how delay rejects work and more > specifically how they are evaluated in case of multiple rejections when > delay rejects are on. Are all restrictions evaluated until RCPT TO in > case of multiple rejects? Do some restrictions have

Re: message_size_limit documentation

2021-12-23 Thread Wietse Venema
Scott Kitterman: > Thanks. I don't think it's worth a lot of effort. I'd imagine it's a pretty > niche use case to send multi-gigabyte files via SMTP. People do do it though > (clearly or there wouldn't be a bug). > > I wrestled with a few options for a simple explanation, but didn't come up

Re: [PATCH 2/3] Fix parallel build dependencies

2021-12-23 Thread Wietse Venema
Christian G?ttsche: > > I'll add a check to makedefs to fail the build with an UNSUPPORTED > > error if it sees that database plugins are linked with libpostfix-*. > > > > I'll also fix the makedefs check to reject LD_LIBRARY_PATH settings. > > Thanks, please disregard those two sent patches. No

Re: message_size_limit documentation

2021-12-23 Thread Wietse Venema
Scott Kitterman: > Currently, postconf.5 has this to say about message_size_limit: > > message_size_limit (default: 1024) > > The maximal size in bytes of a message, including envelope information. > > Note: be careful when making changes. Excessively small values will result > in the

Re: [PATCH 2/3] Fix parallel build dependencies

2021-12-23 Thread Wietse Venema
Christian G?ttsche: > On Wed, 22 Dec 2021 at 22:21, Wietse Venema wrote: > > > > Christian G?ttsche: > > > Plugin shared util objects require the global util object to be build. > > > > > What was the make command? > > /usr/bin/make -j2 LD_LIBRAR

Re: After network outage postfix found not running

2021-12-23 Thread Wietse Venema
Demi Marie Obenour: > My intuition is that either some timeout somewhere got hit, or that > some I/O failed (rather than being queued forever) and caused an error > paging in some code. That would cause Postfix to die with SIGBUS. If the file system was unavailable, then yes, failure to page in

Re: After network outage postfix found not running

2021-12-23 Thread Wietse Venema
Bob Proulx: > Wietse Venema wrote: > > Bob Proulx: > > > Any ideas on why postfix would not be running after such an event on > > > two of the systems but okay on the others? > > > > LOGS. Postfix logs a sh*load, including processes that fail to > >

Re: After network outage postfix found not running

2021-12-22 Thread Wietse Venema
Bob Proulx: > Any ideas on why postfix would not be running after such an event on > two of the systems but okay on the others? LOGS. Postfix logs a sh*load, including processes that fail to start. If the systems were unable to record this in LOGS, then you will never know. Wietse

Re: [PATCH 1/3] Fix parallel build dependencies

2021-12-22 Thread Wietse Venema
Wietse Venema: > Christian G?ttsche: > > Plugin shared objects require the global object to be build. > > > > : rv libpostfix-global.so abounce.o anvil_clnt.o been_here.o bounce.o > > bounce_log.o canon_addr.o cfg_parser.o [snip] > > What was the make command?

Re: [PATCH 2/3] Fix parallel build dependencies

2021-12-22 Thread Wietse Venema
Christian G?ttsche: > Plugin shared util objects require the global util object to be build. > What was the make command?

Re: [PATCH 1/3] Fix parallel build dependencies

2021-12-22 Thread Wietse Venema
Christian G?ttsche: > Plugin shared objects require the global object to be build. > > : rv libpostfix-global.so abounce.o anvil_clnt.o been_here.o bounce.o > bounce_log.o canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o > clnt_stream.o conv_time.o db_common.o debug_peer.o

Re: Resource temporarily

2021-12-22 Thread Wietse Venema
Wietse Venema: > natan: > > W dniu 22.12.2021 o?15:44, Wietse Venema pisze: > > > natan: > > >> And today I get other error: > > >> Dec 22 10:38:28 mx4 postfix/proxymap[27207]: warning: connect to mysql > > >> server 10.x.x.10:3307: Lost conne

Re: Resource temporarily

2021-12-22 Thread Wietse Venema
natan: > W dniu 22.12.2021 o?15:44, Wietse Venema pisze: > > natan: > >> And today I get other error: > >> Dec 22 10:38:28 mx4 postfix/proxymap[27207]: warning: connect to mysql > >> server 10.x.x.10:3307: Lost connection to MySQL server at 'reading > >

Re: postconf outputs 2 bounce_notice_recipient lines

2021-12-22 Thread Wietse Venema
Scott Kitterman: > > > Any chance of the glibc-2.34 fix being in there too? We haven't > > > switched, so not a rush directly for Debian, but some of our > > > downstreams have, so it would be nice to see. > > > > What is 'the glibc-2.34 fix'? closefrom() ? Thanks for confirming that this is

  1   2   3   4   5   6   7   8   9   10   >