email to yahoo stuck in queue
Hi, I've noticed lately that I have a lot mail stuck on queue, most are intended for yahoo users where most of the emails being sent to yahoo contains attachments mostly image files, flushing the queue doesn't do anything, and most of all yahoo doesn't do anything to my complaints. Any idea how to go about this? Here's my postfix configuration: [r...@mail ~]# postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix-2.5.5-documentation/html inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maps_rbl_domains = bl.spamcop.net message_size_limit = 4096 mydestination = localhost mydomain = example.com myhostname = mail.example.com mynetworks = 192.168.8.0/24, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.5.5-documentation/readme recipient_delimiter = + relay_domains = $mydestination relayhost = sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_helo_required = yes smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination permit_tls_all_clientcerts reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_rbl_client zen.spamhaus.org reject_rhsbl_sender dsn.rfc-ignorant.org reject_rbl_client bl.spamcop.net permit smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_path = /var/run/dovecot/auth-client smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_cert_file = /etc/postfix/ssl/mail-cert.pem smtpd_tls_key_file = /etc/postfix/ssl/mail-key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf virtual_gid_maps = static:12 virtual_mailbox_base = /home/virtualmail virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 150 virtual_transport = dovecot virtual_uid_maps = static:150
Re: email to yahoo stuck in queue
On Thu, Apr 8, 2010 at 11:45 PM, Daniel V. Reinhardt crypto...@yahoo.com wrote: - Original Message From: jan gestre ipcopper...@gmail.com To: postfix users list postfix-users@postfix.org Sent: Thu, April 8, 2010 3:32:23 PM Subject: email to yahoo stuck in queue Hi, I've noticed lately that I have a lot mail stuck on queue, most are intended for yahoo users where most of the emails being sent to yahoo contains attachments mostly image files, flushing the queue doesn't do anything, and most of all yahoo doesn't do anything to my complaints. Any idea how to go about this? Here's my postfix configuration: [r...@mail ~]# postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix-2.5.5-documentation/html inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maps_rbl_domains = bl.spamcop.net message_size_limit = 4096 mydestination = localhost mydomain = example.com myhostname = mail.example.com mynetworks = 192.168.8.0/24, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.5.5-documentation/readme recipient_delimiter = + relay_domains = $mydestination relayhost = sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_helo_required = yes smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination permit_tls_all_clientcerts reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_rbl_client zen.spamhaus.org reject_rhsbl_sender dsn.rfc-ignorant.org reject_rbl_client bl.spamcop.net permit smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_path = /var/run/dovecot/auth-client smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_cert_file = /etc/postfix/ssl/mail-cert.pem smtpd_tls_key_file = /etc/postfix/ssl/mail-key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf virtual_gid_maps = static:12 virtual_mailbox_base = /home/virtualmail virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 150 virtual_transport = dovecot virtual_uid_maps = static:150 Jan, Can you show us some of the queued mail messages with obvious edits to hide the destinations user name? Also provide any logging information. Daniel Reinhardt Website: www.cryptodan.com Email: crypto...@yahoo.com Hi Daniel, Here is the log of one of the messages that is stuck on queue for sometime already: E2C48CA82EB 2028959 Thu Apr 8 12:19:23 us...@example.com (lost connection with b.mx.mail.yahoo.com[74.6.136.65] while sending end of data -- message may be sent more than once) us...@yahoo.com us...@yahoo.com Regards, Jan
Tweak Postfix so that it will resend emails after the initial 451 response
Hi Guys, I have a Postfix server behind a gateway firewall that does content filtering (SpamD on pfSense) and greylisting and we have an application server that uses Postfix as its MTA, the problem is after the initial 451 response the latter quits and send an Undeliverable Mail to sender, what changes needs to be done on the latter in order for it to resend email successfully, I don't have a problem with other third party mail server except for this one. Since I don't have access to the latter I can't provide any logs except for the following: --- This is the Postfix program at host mail.latter.sample. I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations. For further assistance, please send mail to postmaster If you do so, please include this problem report. You can delete your own text from the message returned below. The Postfix program us...@former.sample: host webmail.former.sample[210.21x.xx.xx] said: 451 Temporary failure, please try again later. (in reply to DATA command) TIA.
Re: BackScatter Problem
On Tue, Jun 2, 2009 at 7:31 AM, kj koffiejunkielistlur...@koffiejunkie.za.net wrote: jan gestre wrote: Received: from 55.Red-88-7-191.staticIP.rima-tde.net (55.Red-88-7-191.staticIP.rima-tde.net [88.7.191.55]) by mail.example.com (Postfix) with ESMTP id 9DEC4148041 for jmgar...@example.com; Mon, 1 Jun 2009 08:58:53 +0800 (PHT) Message-ID: 365683314256959.dtwibjscpdre...@55.red-88-7-191.staticip.rima-tde.net From: Jeanine jmgar...@example.com To: jmgar...@example.com Subject: Check it now MIME-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Date: Mon, 1 Jun 2009 08:58:53 +0800 (PHT) The received from ip address is obviously not the company's real ip address, and we have lots of emails like this. This is just ordinary spam, not backscatter. If it was backscatter, there would be trace of a server having bounced it. The above was sent from an IP that doesn't accept mail, and judging by that PTR, it's not a real mail server anyway. If you were using Spamhaus, it would have been rejected too - it's in PBL and XBL. --kj Hi KJ, That's the funny thing, I'm using sbl-xbl spamhaus as well as spamcop.net but it wasn't blocked, I've now changed it to zen, I'm not sure though if it would have any effect. Regards, Jan
Re: BackScatter Problem
On Thu, May 28, 2009 at 8:37 PM, jan gestre ipcopper...@gmail.com wrote: On Wed, May 27, 2009 at 5:31 PM, kj koffiejunkielistlur...@koffiejunkie.za.net wrote: jan gestre wrote: I don't have anymore the logs from Postfix and I'm not sure if it really is a backscatter problem, all I have right now is the following: The message snippet is of no use. Can you post the full headers? That and a corresponding log entry should clear things up. From what you've said so far it sounds more likely to be a forged return-path/from, in which case adding and checking against spf records would solve your issue. --kj I want to post here the complete message with headers but problem is it will take a while, I'm several kilometers away from this office and the on-site support guy still has not sent the message headers I've asked for. sample header: Received: from 55.Red-88-7-191.staticIP.rima-tde.net (55.Red-88-7-191.staticIP.rima-tde.net [88.7.191.55]) by mail.example.com (Postfix) with ESMTP id 9DEC4148041 for jmgar...@example.com; Mon, 1 Jun 2009 08:58:53 +0800 (PHT) Message-ID: 365683314256959.dtwibjscpdre...@55.red-88-7-191.staticip.rima-tde.net From: Jeanine jmgar...@example.com To: jmgar...@example.com Subject: Check it now MIME-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Date: Mon, 1 Jun 2009 08:58:53 +0800 (PHT) The received from ip address is obviously not the company's real ip address, and we have lots of emails like this.
Re: BackScatter Problem
If it's backscatter, it should be coming from , not a valid company address. Please show your logs during delivery of the alleged backscatter. I don't have anymore the logs from Postfix and I'm not sure if it really is a backscatter problem, all I have right now is the following: -- -Original Message- From: Judy Aguilar [mailto:judyagui...@example.com] Sent: Tuesday, May 26, 2009 4:41 PM To: Sheila Villanueva Subject: Fw: No branding needed! Pls see VIAGRA.Official Site's email address -- creati...@example.com Fyi. - Original Message - From: Biba Cabuquit bibacabuq...@example.com To: VIAGRA . Official Site creati...@example.com Sent: Tuesday, May 26, 2009 3:16 PM Subject: No branding needed! --- end- The creati...@example.com is a valid email address and yet it has the name VIAGRA Official site, is the mail server the causing the issue or there is a worm on the users PC that' causing this. My /etc/postfix/header_checks contain only the following: /^Received:/ HOLD Very odd that you want to hold ALL email with this check. Does MailScanner examine messages in the hold queue and then release them? MailScanner really examines messages in the HOLD queue because all emails incoming/outgoing are tagged by MailScanner as having scanned or I'm totally wrong?
BackScatter Problem
Hi, I've a backscatter problem wherein users receives emails from valid company addresses but based on content of the message it is obviously spam. I'm using postfix 2.5 with virtual domains using mysql + dovecot and mailscanner and I've already read http://www.postfix.org/BACKSCATTER_README.html however I'm not sure how to go about it since I'm using mysql lookups. This is my postconf -n: [r...@kartero ~]# postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix-2.5.5-documentation/html inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maps_rbl_domains = bl.spamcop.net message_size_limit = 4096 mydestination = localhost mydomain = example.com myhostname = kartero.example.com mynetworks = 192.168.88.0/24, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.5.5-documentation/readme recipient_delimiter = + relay_domains = $mydestination relayhost = sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_helo_required = yes smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination permit_tls_all_clientcerts reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_rbl_client sbl-xbl.spamhaus.org reject_rhsbl_sender dsn.rfc-ignorant.org reject_rbl_client bl.spamcop.net permit smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_path = /var/run/dovecot/auth-client smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_cert_file = /etc/postfix/ssl/mail-cert.pem smtpd_tls_key_file = /etc/postfix/ssl/mail-key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf virtual_gid_maps = static:12 virtual_mailbox_base = /home/virtualmail virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 150 virtual_transport = dovecot virtual_uid_maps = static:150 # --- My /etc/postfix/header_checks contain only the following: /^Received:/ HOLD According to MailScanner docs the above line is mandatory in order for MailScanner to work, what revisions do I need to add to header_checks in order to prevent backscatter? Is the following correct and will it work? if /^Received:/ /^Received:/ HOLD /^Received: +from +(example\.com) +/ reject forged client name in Received: header: $1 /^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(example\.com)\)/ reject forged client name in Received: header: $2 /^Received:.* +by +(example\.com)\b/ reject forged mail server name in Received: header: $1 endif /^Message-ID:.* !!/ DUNNO /^Message-ID:.*@(example\.com)/ reject forged domain name in Message-ID: header: $1 TIA, Jan
Re: DNS lookups not working?
On Tue, Feb 10, 2009 at 7:44 PM, Wietse Venema wie...@porcupine.org wrote: David Cottle: [ Charset ISO-8859-1 unsupported, converting... ] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, I see this a lot in my mail.log (unknown): Feb 10 20:38:28 server postfix/smtpd[21977]: connect from unknown[72.4.168.106] Feb 10 09:38:30 server postfix/smtpd[21977]: NOQUEUE: reject: RCPT from unknown[72.4.168.106]: 554 5.7.1 Service unavailable; Client host Try: http://www.postfix.org/DEBUG_README.html#no_chroot. If it works, send a complaint to your vendor. I, the Postfix author, do not recommend that chroot is turned on except by experts. Wietse Try turning off chroot operation in master.cf = A common mistake is to turn on chroot operation in the master.cf file without going through all the necessary steps to set up a chroot environment. This causes Postfix daemon processes to fail due to all kinds of missing files. The example below shows an SMTP server that is configured with chroot turned off: /etc/postfix/master.cf: # = # service type private unpriv chroot wakeup maxproc command # (yes) (yes) (yes) (never) (100) # = smtp inet n - n - - smtpd Inspect master.cf for any processes that have chroot operation not turned off. If you find any, save a copy of the master.cf file, and edit the entries in question. After executing the command postfix reload, see if the problem has gone away. If turning off chrooted operation made the problem go away, then congratulations. Leaving Postfix running in this way is adequate for most sites. If you prefer chrooted operation, see the Postfix BASIC_CONFIGURATION_README file for information about how to prepare Postfix for chrooted operation. I have this same problem that I was not able to solve for almost a week now. I posted too on various mailing lists including this (mail from gmail and yahoo are blocked), some suggested to install a caching nameserver but obviously in your case it doesn't work too. Replaced OpenDNS with other DNS server to no avail, still the same result. If rbl is enabled all incoming emails were blocked so I have no recourse but to turn it off, caveat is I've got lots of SPAM. Also I don't have Postfix in chroot environment. Here's my log: Feb 10 21:34:46 kartero postfix/smtpd[14176]: NOQUEUE: reject: RCPT from wf-out-1314.google.com[209.85.200.172]: 554 5.7.1 Service unavailable; Client host [209.85.200.172] blocked using bl.spamcop.net; from=ipcopper...@gmail.com to=jan.ges...@ddb.com.ph proto=ESMTP helo=wf-out-1314.google.com
Re: DNS lookups not working?
On Tue, Feb 10, 2009 at 9:58 PM, Wietse Venema wie...@porcupine.org wrote: jan gestre: On Tue, Feb 10, 2009 at 7:44 PM, Wietse Venema wie...@porcupine.org wrote: David Cottle: [ Charset ISO-8859-1 unsupported, converting... ] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, I see this a lot in my mail.log (unknown): Feb 10 20:38:28 server postfix/smtpd[21977]: connect from unknown[72.4.168.106] Feb 10 09:38:30 server postfix/smtpd[21977]: NOQUEUE: reject: RCPT from unknown[72.4.168.106]: 554 5.7.1 Service unavailable; Client host Try: http://www.postfix.org/DEBUG_README.html#no_chroot. If it works, send a complaint to your vendor. I, the Postfix author, do not recommend that chroot is turned on except by experts. Wietse Try turning off chroot operation in master.cf = A common mistake is to turn on chroot operation in the master.cf file without going through all the necessary steps to set up a chroot environment. This causes Postfix daemon processes to fail due to all kinds of missing files. The example below shows an SMTP server that is configured with chroot turned off: /etc/postfix/master.cf: # = # service type private unpriv chroot wakeup maxproc command # (yes) (yes) (yes) (never) (100) # = smtp inet n - n - - smtpd Inspect master.cf for any processes that have chroot operation not turned off. If you find any, save a copy of the master.cf file, and edit the entries in question. After executing the command postfix reload, see if the problem has gone away. If turning off chrooted operation made the problem go away, then congratulations. Leaving Postfix running in this way is adequate for most sites. If you prefer chrooted operation, see the Postfix BASIC_CONFIGURATION_README file for information about how to prepare Postfix for chrooted operation. I have this same problem that I was not able to solve for almost a week now. I posted too on various mailing lists including this (mail from gmail and yahoo are blocked), some suggested to install a caching nameserver but obviously in your case it doesn't work too. Replaced OpenDNS with other DNS server to no avail, still the same result. If rbl is enabled all incoming emails were blocked so I have no recourse but to turn it off, caveat is I've got lots of SPAM. Also I don't have Postfix in chroot environment. Here's my log: Feb 10 21:34:46 kartero postfix/smtpd[14176]: NOQUEUE: reject: RCPT from wf-out-1314.google.com[209.85.200.172]: 554 5.7.1 Service unavailable; Client host [209.85.200.172] blocked using bl.spamcop.net; from=ipcopper...@gmail.com to=jan.ges...@ddb.com.ph proto=ESMTP helo=wf-out-1314.google.com This thread is about CLIENT names logged as UNKNOWN, You are having a problem with a DNS server that produces bogus replies for non-existent hostnames. You can twiddle with Postfix configurations until the cows come home. It will not make an iota of difference. Wietse I apologize for that, I thought it's the same.
Re: postfix blocking yahoo and gmail
On Fri, Feb 6, 2009 at 10:39 PM, Noel Jones njo...@megan.vbhcs.org wrote: jan gestre wrote: Additional info: I have four mail servers running identical configurations and it's now exhibiting the same problem, I've disabled MailScanner in one of the server coz I thought it might be the culprit but after I did that, postfix keeps on rejecting emails even if the ip address it came from is not listed in sbl-xbl list so I've removed all reject parameters If postfix is rejecting mail it will log the reason. grep 'reject: ' /var/log/maillog If you have trouble interpreting the postfix logs, show them here. http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones New logs with reject_rbl_client sbl-xbl.spamhaus.org added to main.cf eb 8 12:49:52 kartero postfix/smtpd[6465]: NOQUEUE: reject: RCPT from web57902.mail.re3.yahoo.com[68.142.236.95]: 554 5.7.1 Service unavailable; Client host [68.142.236.95] blocked using sbl-xbl.spamhaus.org; from=jan.ges...@yahoo.com to=jan.ges...@ddbphil.com proto=SMTP helo=web57902.mail.re3.yahoo.com Feb 8 12:49:52 kartero postfix/smtpd[6468]: NOQUEUE: reject: RCPT from web57902.mail.re3.yahoo.com[68.142.236.95]: 554 5.7.1 Service unavailable; Client host [68.142.236.95] blocked using sbl-xbl.spamhaus.org; from=jan.ges...@yahoo.com to=jan.ges...@ddb.com.ph proto=SMTP helo=web57902.mail.re3.yahoo.com Feb 8 12:49:52 kartero postfix/smtpd[6465]: disconnect from web57902.mail.re3.yahoo.com[68.142.236.95] As you can see it treats legitimate email as spam at the smtp level and I have this identical configuration in my other server but it does not behave like this. I have no idea how to fix this, with this parameter off I have lots of spam but if it's turned on I have no incoming mails.
Re: postfix blocking yahoo and gmail
On Sun, Feb 8, 2009 at 1:17 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Sun, Feb 08, 2009 at 01:01:49PM +0800, jan gestre wrote: New logs with reject_rbl_client sbl-xbl.spamhaus.org added to main.cf eb 8 12:49:52 kartero postfix/smtpd[6465]: NOQUEUE: reject: RCPT from web57902.mail.re3.yahoo.com[68.142.236.95]: 554 5.7.1 Service unavailable; Client host [68.142.236.95] blocked using sbl-xbl.spamhaus.org; from=jan.ges...@yahoo.com to=jan.ges...@ddbphil.com proto=SMTP helo=web57902.mail.re3.yahoo.com Your DNS server is fabricating A records for non-existent hosts. The real spamhaus would have also returned a TXT record with a URL for looking up the reason for the block. Don't use ISP DNS servers that fabricate A records. I'm not using our ISP's DNS , I'm using OpenDNS, I'm using OpenDNS since way back it's only now that I'm getting this strange behavior in my SMTP server.
Re: postfix blocking yahoo and gmail
On Sun, Feb 8, 2009 at 1:35 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Sun, Feb 08, 2009 at 01:23:43PM +0800, jan gestre wrote: Don't use ISP DNS servers that fabricate A records. I'm not using our ISP's DNS , I'm using OpenDNS, I'm using OpenDNS since way back it's only now that I'm getting this strange behavior in my SMTP server. You should not use OpenDNS or any similar external DNS forwarder with Postfix. Especially, when doing RBL lookups. Just run a stand-alone DNS cache on your system (127.0.0.1). If you are behind a NAT device that de-randomizes UDP query ports, you are likely vulnerable to the Kaminsky attack... Running a SOHO incoming mail server is getting increasingly difficult, you may need a real SMTP server at a hosting facility. Postfix is behind a NAT device (pfSense) that does dnsmasq (dns forwarder), no machine is allowed to connect to port 53 except the NAT device. The initial configuration is NAT Firewall Untangle in bridge mode postfix, but since telnet to postfix's smtp port produces an odd result when it's behind the Untangle box so I took Untangle out.
Re: postfix blocking yahoo and gmail
On Sun, Feb 8, 2009 at 2:18 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Sun, Feb 08, 2009 at 02:02:14PM +0800, jan gestre wrote: You should not use OpenDNS or any similar external DNS forwarder with Postfix. Especially, when doing RBL lookups. Just run a stand-alone DNS cache on your system (127.0.0.1). If you are behind a NAT device that de-randomizes UDP query ports, you are likely vulnerable to the Kaminsky attack... Running a SOHO incoming mail server is getting increasingly difficult, you may need a real SMTP server at a hosting facility. Postfix is behind a NAT device (pfSense) that does dnsmasq (dns forwarder), no machine is allowed to connect to port 53 except the NAT device. This does not protect you from the Kaminsky attack. A cryptographically strong port-randomizing NAT is required. Most consumer NAT devices probably don't measure up... In any case, it is still likely that your RBL hits are a result of your DNS configuration. Good luck. Where is the best place to put the DNS caching resolver? in the NAT device? or in the Mail Server itself? TIA
Re: postfix blocking yahoo and gmail
On Sun, Feb 8, 2009 at 3:05 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: On Sun, Feb 08, 2009 at 02:55:28PM +0800, jan gestre wrote: Where is the best place to put the DNS caching resolver? in the NAT device? or in the Mail Server itself? What kind of NAT device is this? Is it capable of running a non-forwarding DNS cache? If the cache in question has sufficiently good port randomization, by all means run on the NAT device, otherwise run it on the Postfix server, and hope the NAT device port selection is not too predictable. It's a lightweight FreeBSD based firewall called pfSense, it also has an installable TinyDNS package.
Re: postfix blocking yahoo and gmail
On Fri, Feb 6, 2009 at 2:20 PM, jan gestre ipcopper...@gmail.com wrote: On Fri, Feb 6, 2009 at 12:34 PM, Sahil Tandon sa...@tandon.net wrote: On Fri, 06 Feb 2009, jan gestre wrote: Why is it that whenever I send emails using yahoo/gmail from a connection that uses dynamic ip address to the company's smtp server, postfix blocks them and say it comes from a dynamic ip address using sbl-xbl, and whenever I send emails using the same yahoo/gmail account in the office that has a public static ip address, the mail is received. Show some logs of the rejection(s) to help diagnose the problem. Here's some logs taken when I tried to send an email: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))??(No client certificate requested)??by kartero.ddbphil.com (Postfix) with ESMTP id 5E7 from unknown[122.52.174.26]; from=jan.ges...@ddbphil.com to=jan.ges...@yahoo.com proto=ESMTP helo=[127.0.0.1] Feb 6 13:45:30 kartero postfix/cleanup[22234]: 5E7A3148098: message-id=498bcf46.3000...@ddbphil.com Feb 6 13:45:30 kartero postfix/smtpd[22001]: disconnect from unknown[122.52.174.26] Feb 6 13:45:33 kartero MailScanner[16982]: Spam Checks: Found 1 spam messages Feb 6 13:45:33 kartero MailScanner[16982]: Virus and Content Scanning: Starting Feb 6 13:45:34 kartero MailScanner[16982]: Uninfected: Delivered 1 messages Feb 6 13:45:34 kartero postfix/qmgr[21997]: ED26E14809B: from=jan.ges...@ddbphil.com, size=3473, nrcpt=1 (queue active) Feb 6 13:45:34 kartero postfix/pipe[22250]: ED26E14809B: to=postmas...@ddbphil.com, relay=dovecot, delay=4.2, delays=4.2/0/0/0.02, dsn=5.1.1, status=bounced (user unknown) Feb 6 13:45:34 kartero postfix/cleanup[22234]: 8D83C14809C: message-id=20090206054534.8d83c148...@kartero.ddbphil.com Feb 6 13:45:34 kartero postfix/qmgr[21997]: 8D83C14809C: from=, size=6054, nrcpt=1 (queue active) Feb 6 13:45:34 kartero postfix/bounce[22339]: ED26E14809B: sender non-delivery notification: 8D83C14809C Feb 6 13:45:34 kartero postfix/qmgr[21997]: ED26E14809B: removed Feb 6 13:45:34 kartero postfix/pipe[22250]: 8D83C14809C: to=jan.ges...@ddbphil.com, relay=dovecot, delay=0.12, delays=0.01/0/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service) Additional info: I have four mail servers running identical configurations and it's now exhibiting the same problem, I've disabled MailScanner in one of the server coz I thought it might be the culprit but after I did that, postfix keeps on rejecting emails even if the ip address it came from is not listed in sbl-xbl list so I've removed all reject parameters and so far it's holding up, I know it's a lousy temporary solution, I would greatly appreciate your suggestions. Thanks in advance. Jan
postfix blocking yahoo and gmail
Hi Guys, Why is it that whenever I send emails using yahoo/gmail from a connection that uses dynamic ip address to the company's smtp server, postfix blocks them and say it comes from a dynamic ip address using sbl-xbl, and whenever I send emails using the same yahoo/gmail account in the office that has a public static ip address, the mail is received. TIA Jan Here's my postconf -n: alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix-2.4.7-documentation/html inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maps_rbl_domains = bl.spamcop.net message_size_limit = 4096 mydestination = localhost mydomain = ddbphil.com myhostname = kartero.ddbphil.com mynetworks = 192.168.0.0/22, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.4.7-documentation/readme recipient_delimiter = + relay_domains = $mydestination relayhost = sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks permit_tls_all_clientcerts reject_non_fqdn_hostname reject_unauth_destination reject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_unknown_sender_domain reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client zen.spamhaus.org reject_rhsbl_sender dsn.rfc-ignorant.org reject_rbl_client bl.spamcop.netpermit smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_path = /var/run/dovecot/auth-client smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_cert_file = /etc/postfix/ssl/mail-cert.pem smtpd_tls_key_file = /etc/postfix/ssl/mail-key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf virtual_gid_maps = static:12 virtual_mailbox_base = /home/virtualmail virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 150 virtual_transport = dovecot virtual_uid_maps = static:150
Re: postfix blocking yahoo and gmail
On Fri, Feb 6, 2009 at 12:34 PM, Sahil Tandon sa...@tandon.net wrote: On Fri, 06 Feb 2009, jan gestre wrote: Why is it that whenever I send emails using yahoo/gmail from a connection that uses dynamic ip address to the company's smtp server, postfix blocks them and say it comes from a dynamic ip address using sbl-xbl, and whenever I send emails using the same yahoo/gmail account in the office that has a public static ip address, the mail is received. Show some logs of the rejection(s) to help diagnose the problem. Here's some logs taken when I tried to send an email: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))??(No client certificate requested)??by kartero.ddbphil.com (Postfix) with ESMTP id 5E7 from unknown[122.52.174.26]; from=jan.ges...@ddbphil.com to=jan.ges...@yahoo.com proto=ESMTP helo=[127.0.0.1] Feb 6 13:45:30 kartero postfix/cleanup[22234]: 5E7A3148098: message-id=498bcf46.3000...@ddbphil.com Feb 6 13:45:30 kartero postfix/smtpd[22001]: disconnect from unknown[122.52.174.26] Feb 6 13:45:33 kartero MailScanner[16982]: Spam Checks: Found 1 spam messages Feb 6 13:45:33 kartero MailScanner[16982]: Virus and Content Scanning: Starting Feb 6 13:45:34 kartero MailScanner[16982]: Uninfected: Delivered 1 messages Feb 6 13:45:34 kartero postfix/qmgr[21997]: ED26E14809B: from=jan.ges...@ddbphil.com, size=3473, nrcpt=1 (queue active) Feb 6 13:45:34 kartero postfix/pipe[22250]: ED26E14809B: to=postmas...@ddbphil.com, relay=dovecot, delay=4.2, delays=4.2/0/0/0.02, dsn=5.1.1, status=bounced (user unknown) Feb 6 13:45:34 kartero postfix/cleanup[22234]: 8D83C14809C: message-id=20090206054534.8d83c148...@kartero.ddbphil.com Feb 6 13:45:34 kartero postfix/qmgr[21997]: 8D83C14809C: from=, size=6054, nrcpt=1 (queue active) Feb 6 13:45:34 kartero postfix/bounce[22339]: ED26E14809B: sender non-delivery notification: 8D83C14809C Feb 6 13:45:34 kartero postfix/qmgr[21997]: ED26E14809B: removed Feb 6 13:45:34 kartero postfix/pipe[22250]: 8D83C14809C: to=jan.ges...@ddbphil.com, relay=dovecot, delay=0.12, delays=0.01/0/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
Re: Mail Undeliverable error with Postfix
On Mon, Feb 2, 2009 at 9:28 PM, jan gestre ipcopper...@gmail.com wrote: On Mon, Feb 2, 2009 at 5:21 AM, Benny Pedersen m...@junc.org wrote: On Sun, February 1, 2009 16:17, mouss wrote: I guess the alias is defined in alias_maps, but this map is only consulted by local, which you don't use (you deliver via dovecot, not via local). use virtual_alias_maps instead. postfixadmin handle this when configured to do so :) for the OP to solve it, dovecot lda must only see the mailbox from mysql not any alias, and postfixadmin must have all destinations to mailbox not local: aliases -- http://localhost/ 100% uptime and 100% mirrored :) Forgive my ignorance but how will I do that? Thanks Can anyone tell me how to configure postfix to use mysql for smtp auth? My version of postfix was rebuilt with mysql support because the default postfix for CentOS does not come with mysql support by default. TIA
Re: Mail Undeliverable error with Postfix
On Mon, Feb 2, 2009 at 5:21 AM, Benny Pedersen m...@junc.org wrote: On Sun, February 1, 2009 16:17, mouss wrote: I guess the alias is defined in alias_maps, but this map is only consulted by local, which you don't use (you deliver via dovecot, not via local). use virtual_alias_maps instead. postfixadmin handle this when configured to do so :) for the OP to solve it, dovecot lda must only see the mailbox from mysql not any alias, and postfixadmin must have all destinations to mailbox not local: aliases -- http://localhost/ 100% uptime and 100% mirrored :) Forgive my ignorance but how will I do that? Thanks
Re: Mail Undeliverable error with Postfix
Hi Mouss, I've just replicated the issue right now, from /var/log/maillog: Feb 1 21:26:38 mail postfix/cleanup[19777]: 55E6C148049: hold: header Received: from [127.0.0.1] (unknown [122.53.207.8])??by mail.ddblocal.com(Postfix) with ESMTP id 55E6C148049??for rages...@xinapse.net; Sun, 1 Feb 2009 21:26:37 +0800 (PHT) from unknown[122.53.207.8]; from=jan.ges...@ddb.com to=rages...@xinapse.net proto=ESMTP helo=[127.0.0.1] Feb 1 21:26:38 mail postfix/cleanup[19777]: 55E6C148049: message-id= 4985a3e0.7000...@ddblocal.com Feb 1 21:26:38 mail postfix/smtpd[19520]: disconnect from unknown[122.53.207.8] Feb 1 21:26:38 mail dovecot: imap-login: Login: user=jan.ges...@ddb.com, method=plain, rip=:::122.53.207.8, lip=:::192.168.1.3 Feb 1 21:26:42 mail MailScanner[17048]: Uninfected: Delivered 1 messages Feb 1 21:26:42 mail MailScanner[17048]: MailScanner child dying of old age Feb 1 21:26:42 mail postfix/pipe[19788]: D9A6D148050: to= postmas...@ddblocal.com, relay=dovecot, delay=5.6, delays=5.6/0.01/0/0.03, dsn=5.1.1, status=bounced (user unknown) postmas...@ddbphil.com exists and has an alias jan.ges...@ddbphil.com, all emails for the postmaster gets forwarded to this account. This doesn't happen when I used a webmail client. On Sun, Feb 1, 2009 at 9:10 PM, mouss mo...@ml.netoyen.net wrote: jan gestre a écrit : Hi Mouss, This is from my inbox, user jan.ges...@ddblocal.com mailto:jan.ges...@ddblocal.com is a real user. you need to check the postfix logs (/var/log/maillog or /var/log/mail.log or the like), not bounce messages. for obvious reasons, postfix won't tell everything to an smtp client, so you won't know what is really happening by looking at a bounce message. but from the bounce message, I see that postmas...@ddbphil.com is unknown. This is bad. if this is one of your domains, make sure mail for postmaster is accepted and delivered. In general, people create an alias for this address (alias_maps if domain is in mydestination, virtual_alias_maps if domain is virtual).
Re: Mail Undeliverable error with Postfix
Hi Mouss, This is from my inbox, user jan.ges...@ddblocal.com is a real user. This is the mail system at host mail.ddblocal.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system postmas...@ddbphil.com: user unknown Reporting-MTA: dns; mail.ddblocal.com X-Postfix-Queue-ID: 39423148059 X-Postfix-Sender: rfc822; jan.ges...@lddblocal.comjan.ges...@tribalddb.com.phArrival-Date: Sun, 1 Feb 2009 15:13:14 +0800 (PHT) Final-Recipient: rfc822; postmas...@ddblocal.com postmas...@ddbphil.com Action: failed Status: 5.1.1 Diagnostic-Code: x-unix; user unknown test -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. On Sun, Feb 1, 2009 at 5:48 PM, mouss mo...@ml.netoyen.net wrote: jan gestre a écrit : Hi guys, I have several mail servers running postfix 2.4/2.5 with postfixadmin and mysql as backend and dovecot for imap/pop3. I can access the inbox from outside the office using Outlook/Thunderbird but whenever I tried to send an outside email even to an internal user I always get a Mail Undeliverable Error, but when webmail is used by the user there is no problem (to rule out dns misconfiguration). I'm already stumped for two days now and I can't figure it out. Need help. Here's the output of my postconf -n : show relevant logs. we need to make sure that the transaction is rejected by postfix and why. This information is in your logs. [snip]
Mail Undeliverable error with Postfix
Hi guys, I have several mail servers running postfix 2.4/2.5 with postfixadmin and mysql as backend and dovecot for imap/pop3. I can access the inbox from outside the office using Outlook/Thunderbird but whenever I tried to send an outside email even to an internal user I always get a Mail Undeliverable Error, but when webmail is used by the user there is no problem (to rule out dns misconfiguration). I'm already stumped for two days now and I can't figure it out. Need help. Here's the output of my postconf -n : postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix-2.4.7-documentation/html inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maps_rbl_domains = bl.spamcop.net message_size_limit = 4096 mydestination = localhost mydomain = ddblocal.com myhostname = mail.ddblocal.com mynetworks = 192.168.0.0/22, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.4.7-documentation/readme recipient_delimiter = + relay_domains = $mydestination sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworksreject_unauth_destination permit_tls_all_clientcerts reject_non_fqdn_hostnamereject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_destination reject_unauth_pipelining reject_invalid_hostnamereject_unknown_sender_domain reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client zen.spamhaus.org reject_rhsbl_sender dsn.rfc-ignorant.org reject_rbl_client bl.spamcop.net permit smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_path = /var/run/dovecot/auth-client smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_cert_file = /etc/postfix/ssl/mail-cert.pem smtpd_tls_key_file = /etc/postfix/ssl/mail-key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:$config_directory/ mysql_virtual_alias_maps.cf virtual_gid_maps = static:12 virtual_mailbox_base = /home/virtualmail virtual_mailbox_domains = proxy:mysql:$config_directory/ mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:$config_directory/ mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 150 virtual_transport = dovecot virtual_uid_maps = static:150 TIA. Jan
Re: Entourage authentication in postfix+dovecot+mysql not supported
On Thu, Dec 11, 2008 at 1:47 PM, Noel Jones [EMAIL PROTECTED] wrote: jan gestre wrote: Hi Guys, I've recently configured a mail server running postfix+dovecot+mysql+postfixadmin, it is now in production and everything is working fine except for MAC Entourage mail which is a PITA IMO which says it doesn't support authentication, outlook and thunderbird doesn't experience this issue. All mail clients are configured to use Server uses Authentication but it doesn't work for Entourage so I have to omit that part which works fine if the user is emailing from within LAN because of $mynetworks but doesn't if they email from outside LAN. Any workaround for this? It's unclear what doesn't support authentication means in your statement above. Maybe logs of a failed session would help?? Wild Guess That May Waste Your Time: You need to enable both the login and plain auth mechanisms in your dovecot.conf. Hi Noel, Here's my dovecot.conf, as you can see plain and login auth mechanisms are enabled: dovecot -n # 1.0.7: /etc/dovecot.conf base_dir: /var/run/dovecot/ log_timestamp: %Y-%m-%d %H:%M:%S ssl_cert_file: /etc/postfix/ssl/mail-cert.pem ssl_key_file: /etc/postfix/ssl/mail-key.pem login_dir: /var/run/dovecot//login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login first_valid_uid: 150 last_valid_uid: 150 mail_access_groups: mail mail_location: maildir:/home/virtualmail/%d/%u mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: mechanisms: plain login digest-md5 user: nobody passdb: driver: sql args: /etc/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot-sql.conf socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 user: postfix group: mail master: path: /var/run/dovecot/auth-master mode: 432 user: virtualmail group: mail This is the same configuration that I have in my other mail server that has no problem, that is why I'm currently baffled, I'm not sure if postfix's version that I used matters.
Re: Entourage authentication in postfix+dovecot+mysql not supported
On Thu, Dec 11, 2008 at 8:51 PM, Larry Stone [EMAIL PROTECTED]wrote: On 12/10/08 11:26 PM, jan gestre at [EMAIL PROTECTED] wrote: Hi Guys, I've recently configured a mail server running postfix+dovecot+mysql+postfixadmin, it is now in production and everything is working fine except for MAC Entourage mail which is a PITA IMO which says it doesn't support authentication, outlook and thunderbird doesn't experience this issue. All mail clients are configured to use Server uses Authentication but it doesn't work for Entourage so I have to omit that part which works fine if the user is emailing from within LAN because of $mynetworks but doesn't if they email from outside LAN. Any workaround for this? You didn't say what version of Entourage but I have clients with both Entourage 2008 and 2004 and both work fine with authentication. They have a brand new Macs so I suppose it's the 2008 version they're using. I don't use Dovecot so no help there but building on Noel's response, in my main.cf I have: smtpd_sasl_auth_enable=yes smtpd_use_pw_server=yes enable_server_options=yes smtpd_pw_server_security_options=plain, login smtpd_sasl_security_options=noanonymous broken_sasl_auth_clients=yes smtpd_sasl_local_domain=$mydomain But this was all placed there by a 3rd party utility that configures the Postfix that comes with Mac OS X into a real mail server so I have no idea why some of those are there. But most definitely works fine with Entourage. -- Larry Stone [EMAIL PROTECTED] http://www.stonejongleux.com/
Entourage authentication in postfix+dovecot+mysql not supported
Hi Guys, I've recently configured a mail server running postfix+dovecot+mysql+postfixadmin, it is now in production and everything is working fine except for MAC Entourage mail which is a PITA IMO which says it doesn't support authentication, outlook and thunderbird doesn't experience this issue. All mail clients are configured to use Server uses Authentication but it doesn't work for Entourage so I have to omit that part which works fine if the user is emailing from within LAN because of $mynetworks but doesn't if they email from outside LAN. Any workaround for this? TIA BTW, here's my postconf -n # postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix-2.5.5-documentation/html inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maps_rbl_domains = bl.spamcop.net message_size_limit = 4096 mydestination = localhost mydomain = domainname.com myhostname = kartero.dm9-js.com mynetworks = 192.168.88.0/24, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.5.5-documentation/readme recipient_delimiter = + relay_domains = $mydestination relayhost = sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination permit_tls_all_clientcerts reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_unknown_sender_domain reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client zen.spamhaus.org reject_rhsbl_sender dsn.rfc-ignorant.org reject_rbl_client bl.spamcop.net permit smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_path = /var/run/dovecot/auth-client smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_cert_file = /etc/postfix/ssl/mail-cert.pem smtpd_tls_key_file = /etc/postfix/ssl/mail-key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:$config_directory/ mysql_virtual_alias_maps.cf virtual_gid_maps = static:12 virtual_mailbox_base = /home/virtualmail virtual_mailbox_domains = proxy:mysql:$config_directory/ mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:$config_directory/ mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 150 virtual_transport = dovecot virtual_uid_maps = static:150 Postfix version was rebuilt for CentOS 5.2 with mysql support