Re: "Chunk exceeds message size limit"

[wilfried.es...@essignetz.de]

Hi,


how do you come to set message_size_limit = 0?

I'd suggest to comment it out for the default of 1024. Or set
something reasonable for your environment.

Or switch chunking off: http://www.postfix.org/BDAT_README.html


>> downgrading to 3.3.2 fixed the issue.As i know, chunking came with PF 3.4.



Willi



>>
>> i found the responsible code in postfix-3.4.1/src/smtpd/smtpd.c 
>> commenting out that check also fixes the issue.
>>
>> /* Block too large chunks. */
>> if (state->act_size > var_message_limit - chunk_size) {
> 
> after some more reading of code,
> it turns out that this usage of `var_message_limit` is missing the check
> of `var_message_limit > 0` that in other places enables `0` to mean
> "no limit", and thus it enforces a limit of 0 with my config :(
> 
>> state->error_mask |= MAIL_ERROR_POLICY;
>> msg_warn("%s: BDAT request from %s exceeds message size
>> limit", state->queue_id ? state->queue_id : "NOQUEUE",
>>  state->namaddr);
>> return skip_bdat(state, chunk_size, final_chunk,
>>  "552 5.3.4 Chunk exceeds message size
>> limit"); }
> 
> - T.
> 

Re: Relay access denied

[wilfried.es...@essignetz.de]

Am 03.12.18 um 19:57 schrieb Wolfgang Paul Rauchholz:
> Thank you for the help.
> But I might not have explained myself correctly. My plan is not to relay
> email from my home server via gmail.
> But I want to be able to send emails also to gmail accounts.

It's the same.

> How can I do that?

Didn't work the suggestions you got yesterday?


Willi

> 
> Wolfgang
> 
> On Mon, Dec 3, 2018 at 11:38 AM wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de> wrote:
> 
>> Hi Wolfgang,
>>
>>
>> i don`t think you have an open relay:
>>> smtpd_recipient_restrictions = permit_mynetworks,
>> permit_auth_destination,> permit_sasl_authenticated, reject,
>> reject_unauth_destination
>> But you have a dynamic IP-Address.
>>> host 83.50.89.156
>>> 156.89.50.83.in-addr.arpa domain name pointer
>> 156.red-83-50-89.dynamicip.rima-tde.net.
>>
>> Gmail doesn't like dynamic IPs very much.
>>
>> Obviously you have a gmail account. I`d suggest to setup your postfix to
>> use authenticated smtp to port 587, using your gmail credentials.
>>
>>
>> Willi
>>
> 
> 

Re: Relay access denied

[wilfried.es...@essignetz.de]

Hi Wolfgang,


i don`t think you have an open relay:
> smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination,> 
> permit_sasl_authenticated, reject, reject_unauth_destination
But you have a dynamic IP-Address.
> host 83.50.89.156
> 156.89.50.83.in-addr.arpa domain name pointer 
> 156.red-83-50-89.dynamicip.rima-tde.net.

Gmail doesn't like dynamic IPs very much.

Obviously you have a gmail account. I`d suggest to setup your postfix to
use authenticated smtp to port 587, using your gmail credentials.


Willi

Re: possibly stupid question

[wilfried.es...@essignetz.de]

Am 29.11.18 um 09:09 schrieb Francesc Peñalvez:
> it may be a silly question but.Which option is appropriate to reject 
> emails from ip without ip resolved
> 
Hi,

you could look for  reject_unknown_client_hostname and/or
reject_unknown_reverse_client_hostname under smtpd_client_restrictions
(http://www.postfix.org/postconf.5.html#smtpd_client_restrictions)


Willi

Re: "Recipient address rejected: User unknown in virtual mailbox table" and mydomain conf line

[wilfried.es...@essignetz.de]

Am 14.08.2018 um 10:30 schrieb Poliman - Serwis:
>  In console it looks like it hangs:
> root@s1:/etc/postfix# /usr/sbin/sendmail -v marc...@colonel.com.pl
> 
> [under command is blank screen - should it be?]
> 
> I have interrupted it, because from 4 mins it hang and nothing shows at
> marc...@colonel.com.pl
> 

I think it was waiting for a ctrl-D


Willi


-- 
Wilfried Essig
Narzissenstraße 6
75031 Eppingen (Adelshofen)
07262 / 20002
0151 / 50843898

Re: "Recipient address rejected: User unknown in virtual mailbox table" and mydomain conf line

[wilfried.es...@essignetz.de]

gt; -o
> receive_override_options=no_unknown_recipient_checks,no_header_body_checks
> -o smtp_send_xforward_command=yes
> -o disable_dns_lookups=yes
> 127.0.0.1:10027 inet n   -   n   -   -   smtpd
> -o content_filter=
> -o local_recipient_maps=
> -o relay_recipient_maps=
> -o smtpd_restriction_classes=
> -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o mynetworks=127.0.0.0/8
> -o strict_rfc821_envelopes=yes
> -o
> receive_override_options=no_unknown_recipient_checks,no_header_body_checks
> -o smtp_send_xforward_command=yes
> -o milter_default_action=accept
> -o milter_macro_daemon_name=ORIGINATING
> -o disable_dns_lookups=yes
> 
> 
> 2018-08-14 9:03 GMT+02:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
> 
>> Am 14.08.2018 um 08:38 schrieb Poliman - Serwis:
>>> Hi people!
>>>
>>> I have a problem with sending emails and I of course try dig. The problem
>>> in logs:
>>> Aug 14 07:13:30 s1 postfix/smtpd[8804]: NOQUEUE: filter: RCPT from
>>> ip6-localhost[127.0.0.1]: : Sender address
>>> triggers FILTER amavis:[127.0.0.1]:10026; from=> com>
>>> to= proto=ESMTP helo=
>>> Aug 14 07:13:30 s1 postfix/smtpd[8804]: NOQUEUE: reject: RCPT from
>>> ip6-localhost[127.0.0.1]: 550 5.1.1 : Recipient
>>> address rejected: User unknown in virtual mailbox table; from=<
>>> mar...@amconsulting360.com> to= proto=ESMTP
>> helo=<
>>> s1.poliman.net>
>>>
>>> Remote address marc...@colonel.com.pl  is enabled
>> and
>> Maybe a typo: why is in above line "colonel.com.pl" and "colo.com.pl"?
>>
>>
>>> work (this domain is bought on google.com). I can send emails from
>>> mar...@amconsulting360.com  which is configured on my
>>> server to whatever domain (hosted on gmail/google etc, on another domains
>>> from my server etc) but when I try send to marc...@colonel.com.pl
>>>  I have above error in logs. At the end maybe one
>> more
>>> valuable information. Domain colonel.com.pl is hosted on my server but
>> MX
>>> for this domain is served by google MX.
>>>
>>> Executing "postconf | grep mydomain" gives the output:
>>> append_dot_mydomain = no
>>> mydomain = poliman.net
>>>
>>> but in main.cf are:
>>> myhostname = s1.poliman.net
>>> mydestination = s1.poliman.net, localhost, localhost.localdomain
>>
>> Your postfix is thinking colonel.com.pl belongs to himself. Why could
>> postfix think this?
>> Try sending mentioned output from
>> http://www.postfix.org/DEBUG_README.html#mail and output of "host
>> colonel.com.pl" from console of your postfix server.
>>
>>
>> Willi
>>
>>
>>
>>
>>
>>>
>>> 1. I can't find neither main.cf nor master.cf line with "mydomain"
>> word. In
>>> main.cf is only "append_dot_mydomain".
>>> 2. Should I change mydomain to s1.poliman.net? If I should, how to do
>> it?
>>> Hostname fqdn of the server is s1.poliman.net and in main.cf are also
>> lines
>>> with this name as you can see above.
>>>
>>> I use Postfix "mail_version = 3.1.0".
>>>
>>> Could anybody help me?

Re: "Recipient address rejected: User unknown in virtual mailbox table" and mydomain conf line

[wilfried.es...@essignetz.de]

Am 14.08.2018 um 08:38 schrieb Poliman - Serwis:
> Hi people!
> 
> I have a problem with sending emails and I of course try dig. The problem
> in logs:
> Aug 14 07:13:30 s1 postfix/smtpd[8804]: NOQUEUE: filter: RCPT from
> ip6-localhost[127.0.0.1]: : Sender address
> triggers FILTER amavis:[127.0.0.1]:10026; from=
> to= proto=ESMTP helo=
> Aug 14 07:13:30 s1 postfix/smtpd[8804]: NOQUEUE: reject: RCPT from
> ip6-localhost[127.0.0.1]: 550 5.1.1 : Recipient
> address rejected: User unknown in virtual mailbox table; from=<
> mar...@amconsulting360.com> to= proto=ESMTP helo=<
> s1.poliman.net>
> 
> Remote address marc...@colonel.com.pl  is enabled and
Maybe a typo: why is in above line "colonel.com.pl" and "colo.com.pl"?


> work (this domain is bought on google.com). I can send emails from
> mar...@amconsulting360.com  which is configured on my
> server to whatever domain (hosted on gmail/google etc, on another domains
> from my server etc) but when I try send to marc...@colonel.com.pl
>  I have above error in logs. At the end maybe one more
> valuable information. Domain colonel.com.pl is hosted on my server but MX
> for this domain is served by google MX.
> 
> Executing "postconf | grep mydomain" gives the output:
> append_dot_mydomain = no
> mydomain = poliman.net
> 
> but in main.cf are:
> myhostname = s1.poliman.net
> mydestination = s1.poliman.net, localhost, localhost.localdomain

Your postfix is thinking colonel.com.pl belongs to himself. Why could
postfix think this?
Try sending mentioned output from
http://www.postfix.org/DEBUG_README.html#mail and output of "host
colonel.com.pl" from console of your postfix server.


Willi





> 
> 1. I can't find neither main.cf nor master.cf line with "mydomain" word. In
> main.cf is only "append_dot_mydomain".
> 2. Should I change mydomain to s1.poliman.net? If I should, how to do it?
> Hostname fqdn of the server is s1.poliman.net and in main.cf are also lines
> with this name as you can see above.
> 
> I use Postfix "mail_version = 3.1.0".
> 
> Could anybody help me?
> 

Re: not able to telnet on port 25 for second instances

[wilfried.es...@essignetz.de]

Victor wrote some time ago:
> By default, newly created instances have all "inet" services disabled
> via "master_service_disable".  After your master.cf file matches
> your requirements, you can re-enable them and reload the instance.

And:
>   ##
>   ## INSTANCE CONFIG ###
>   ##
>  
>   myhostname = my.example.com
>   mydomain = example.com
>   myorigin = $mydomain
>  
>   # No inet services
>   master_service_disable = inet

Did you (re-)enable inet services on the newly created instances?


Willi


Am 06.05.2018 um 21:47 schrieb ahsan2011:
> The smtp service is not working for other instances of postfix. 
> 
> It is only running on the main instance. Using a nmap,i found that smtp is 
> stopped for other service. 
> 
> I have added this in main.cf 
> 
> inet_interfaces = smtp-2.xyz, xxx.xxx.xxx.xxx(ip address) 
> 
> in master.cf, this is added 
> 
> smtp  inet  n   -   n   -   -   smtpd 
> 
> [root@smtp-1 postfix]# postmulti -ax postconf config_directory
> inet_interfaces
> config_directory = /etc/postfix
> inet_interfaces = localhost, ip addr0
> config_directory = /etc/postfix-1
> inet_interfaces = ipaddr 3
> config_directory = /etc/postfix-2
> inet_interfaces = ip addr 2
> config_directory = /etc/postfix-3
> inet_interfaces = ip addr 3
> 
> I dont smtp service running from postfix-1, postfix-2, postfix-3
> 
> Can you please help.
> 
> Ahsan
> 
> 
> 
> 
> 
> --
> Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
> 

Re: user unknown in virtual mailbox table

[wilfried.es...@essignetz.de]

Ok. Now i'm really shure it's clear.

But, what is the third mentioned domain "mydomain2.it"? (in your Mail
from 28.04.2018 17:11)

Please give the thoughts from my last mail a try:
>> Where comes @mydomain1.com from? Thinks you provided doesn'g give an
>> idea. Maybe from extending "areluca" from parameters like mydomain /
>> myorigin / remote_header_rewrite_domain = $mydomain?
>>
>> Where go mails to arel...@mydomain2.com? Possibly they go into what
>> postfix thinks is local mailbox of areluca? What the logs are saying >> for 
>> that case?
>>
Additionally i'd suggest you provide logs of both of the mentioned
cases. Usually this helps much.
>>
>> You could try whats described under
>> http://www.postfix.org/ADDRESS_REWRITING_README.html#debugging


Willi



Am 30.04.2018 um 14:14 schrieb Alfredo De Luca:
> Hi Wilfried. Sorry for the delay.
> So... we used to have as company mydomain1.com then we became
> mydomain2.com. The email are still mydomain1.com but we translate them
> through postfix on mydomain2.com.
> I see... It's a bit of mess and I agree but for now can't do anything about
> the double domain. So when we receive a valid_u...@mydomain1.com or
> valid_u...@mydomain2.com  its' all ok.
> The mess is when we have a not_valid_u...@mydomain1.com we reject the
> incoming email but when we not_valid_u...@mydomain2.com that translation
> doesn/t work because the translation get  NOT_valid_user@*mydomain1.com
> <http://mydomain1.com> *so for postfix it's not an error so we dont' reject
> an email to the sender.
> 
> Not sure if it's clear.
> 
> Cheers
> 
> On Thu, Apr 26, 2018 at 9:58 AM wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de> wrote:
> 
>> Am 25.04.2018 um 19:44 schrieb Alfredo De Luca:
>>> Hi guys. any clue on this issue?
>>
>> Not really, only some thougt:
>>
>> Testing arel...@mydomain1.com   returns  "user unknown"
>>
>> Testing arel...@mydomain2.com   returns  arel...@mydomain1.com
>>
>> Where comes @mydomain1.com from? Thinks you provided doesn'g give an
>> idea. Maybe from extending "areluca" from parameters like mydomain /
>> myorigin / remote_header_rewrite_domain = $mydomain?
>>
>> Where go mails to arel...@mydomain2.com? Possibly they go into what
>> postfix thinks is local mailbox of areluca? What the logs are saying for
>> that case?
>>
>> You could try whats described under
>> http://www.postfix.org/ADDRESS_REWRITING_README.html#debugging
>>
>>
>>
>> Have a good time!
>>
>> Willi
>>
>>>
>>> /Alfredo
>>>
>>> On Fri, 20 Apr 2018, 17:24 Alfredo De Luca, <alfredo.del...@gmail.com>
>>> wrote:
>>>
>>>> Hi all. I had a run with postmap and these are the founding
>>>>
>>>> so we have mydomain1.com which is the original domain.and
>>>> mydomain2.com which is the actual domanin of our company.
>>>> So when I do the following
>>>>
>>>> - postmap -q arel...@mydomain1.comregexp:./domain_rewriting ldap:./
>>>> ldap-virtual-maps.cf
>>>>areluca basically doesn't exist with my mydomain1.com so...I get a
>>>> message back with *user unknown*
>>>>
>>>> - postmap -q arel...@mydomain2.comregexp:./domain_rewriting ldap:./
>>>> ldap-virtual-maps.cf
>>>> returns arel...@mydomain1.com..which DOESN\t exist. but cause
>> it
>>>> find a result anyway I dont get any mail back saying *user unknown*
>>>>
>>>> So it's something in the ldap that I need to add or trigger.
>>>>
>>>> Maybe mailacceptinggeneralid will do the job accordingly to *
>> http://www.postfix.org/LDAP_README.html#config?
>>>> <http://www.postfix.org/LDAP_README.html#config?>??*
>>>>
>>>>
>>>> Thanks
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Apr 20, 2018 at 4:03 PM, Viktor Dukhovni <
>>>> postfix-us...@dukhovni.org> wrote:
>>>>
>>>>>
>>>>>
>>>>>> On Apr 20, 2018, at 8:03 AM, @lbutlr <krem...@kreme.com> wrote:
>>>>>>
>>>>>> The biggest issue between regex (POSIX) and PCRE is that POSIX regex
>> is
>>>>> greedy. that is, it matches the longest possible left, while PCRE
>> matches
>>>>> the shortest possible left.
>>>>>
>>>>> That's false (example uses a Bash in-line file):
>>>>>
>>>>>$ postmap -q aaa pcre:<(printf '%s\n' '/(a*)(a)/ $1:$2')
>>>>>aa:a
>>>>>
>>>>> however, PCRE does also provide non-greedy "*" and "+" variants:
>>>>>
>>>>>   $ postmap -q aaa pcre:<(printf '%s\n' '/(a+?)(a)/ $1:$2')
>>>>>   a:a
>>>>>
>>>>>   $ postmap -q aaa pcre:<(printf '%s\n' '/(a*?)(a)/ $1:$2')
>>>>>   :a
>>>>>
>>>>> --
>>>>> Viktor.
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> *Alfredo*
>>>>
>>>>
>>>
>>
>>

Re: user unknown in virtual mailbox table

[wilfried.es...@essignetz.de]

Am 25.04.2018 um 19:44 schrieb Alfredo De Luca:
> Hi guys. any clue on this issue?

Not really, only some thougt:

Testing arel...@mydomain1.com   returns  "user unknown"

Testing arel...@mydomain2.com   returns  arel...@mydomain1.com

Where comes @mydomain1.com from? Thinks you provided doesn'g give an
idea. Maybe from extending "areluca" from parameters like mydomain /
myorigin / remote_header_rewrite_domain = $mydomain?

Where go mails to arel...@mydomain2.com? Possibly they go into what
postfix thinks is local mailbox of areluca? What the logs are saying for
that case?

You could try whats described under
http://www.postfix.org/ADDRESS_REWRITING_README.html#debugging



Have a good time!

Willi

> 
> /Alfredo
> 
> On Fri, 20 Apr 2018, 17:24 Alfredo De Luca, 
> wrote:
> 
>> Hi all. I had a run with postmap and these are the founding
>>
>> so we have mydomain1.com which is the original domain.and
>> mydomain2.com which is the actual domanin of our company.
>> So when I do the following
>>
>> - postmap -q arel...@mydomain1.comregexp:./domain_rewriting ldap:./
>> ldap-virtual-maps.cf
>>areluca basically doesn't exist with my mydomain1.com so...I get a
>> message back with *user unknown*
>>
>> - postmap -q arel...@mydomain2.comregexp:./domain_rewriting ldap:./
>> ldap-virtual-maps.cf
>> returns arel...@mydomain1.com..which DOESN\t exist. but cause it
>> find a result anyway I dont get any mail back saying *user unknown*
>>
>> So it's something in the ldap that I need to add or trigger.
>>
>> Maybe mailacceptinggeneralid will do the job accordingly to 
>> *http://www.postfix.org/LDAP_README.html#config?
>> ??*
>>
>>
>> Thanks
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Fri, Apr 20, 2018 at 4:03 PM, Viktor Dukhovni <
>> postfix-us...@dukhovni.org> wrote:
>>
>>>
>>>
 On Apr 20, 2018, at 8:03 AM, @lbutlr  wrote:

 The biggest issue between regex (POSIX) and PCRE is that POSIX regex is
>>> greedy. that is, it matches the longest possible left, while PCRE matches
>>> the shortest possible left.
>>>
>>> That's false (example uses a Bash in-line file):
>>>
>>>$ postmap -q aaa pcre:<(printf '%s\n' '/(a*)(a)/ $1:$2')
>>>aa:a
>>>
>>> however, PCRE does also provide non-greedy "*" and "+" variants:
>>>
>>>   $ postmap -q aaa pcre:<(printf '%s\n' '/(a+?)(a)/ $1:$2')
>>>   a:a
>>>
>>>   $ postmap -q aaa pcre:<(printf '%s\n' '/(a*?)(a)/ $1:$2')
>>>   :a
>>>
>>> --
>>> Viktor.
>>>
>>>
>>
>>
>> --
>> *Alfredo*
>>
>>
> 


-- 
Wilfried Essig
Narzissenstraße 6
75031 Eppingen (Adelshofen)
07262 / 20002
0151 / 50843898

Re: Postfix set up with postfixadmin, trying to create /dev/null account

[wilfried.es...@essignetz.de]

Hi,


suggest you to tell your postfix to accept mail for bounce.localdomain
for local delivery (http://www.postfix.org/postconf.5.html#mydestination)


Willi

Am 25.04.2018 um 11:11 schrieb K F:
> Hi All
> As I wrote above, this mailserver is set up with postfixadmin and mysql.
> I'm trying to set up a /dev/null mail account.So I've created an 
> aliasdevnull: /dev/nullAnd I've created a virtual mailbox on one of the 
> domains
> If I look in the MySQL database I see:
> select * from alias where address='relayt...@my.ownserver.com';
> +---+-+-+-+-++
> | address   | goto    | domain  | 
> created | modified    | active |
> +---+-+-+-+-++
> | relayt...@my.ownserver.com | devnull | my.ownserver.com | 2018-04-25 
> 10:18:24 | 2018-04-25 10:18:24 |  1 |
> +---+-+-+-+-++
> But if I look in the maillog I see this:Apr 25 10:28:13 bounce 
> postfix/smtp[61347]: 6A23E40ED1F2: to=, 
> orig_to=, relay=none, delay=22, 
> delays=22/0.01/0.02/0, dsn=5.4.4, status=bounced (Host or domain name not 
> found. Name service error for name=bounce.localdomain type=A: Host not found)
> The servers hostname is bounce.
> So what should I do?I tried changing the goto to devnull@localhost and also 
> devnull@bounce.localdomain but I still get errors.
> I hope somebody can help me out?
> Best wishesKenneth
> 

Re: Not receiving messages from mail servers

[wilfried.es...@essignetz.de]

Try

debug_peer_list = 94.237.32.243

in main.cf


Willi

Am 17.04.2018 um 14:38 schrieb @lbutlr:
> I finally managed to isolate this. I have no been receiving mails from some 
> mail servers and there's very little being logged. I obviously set some 
> configuration that mucked things up. Here is the entire mail.log from the 
> first minute after midnight:
> 
> Apr 17 00:00:09 mail postfix/postscreen[67061]: CONNECT from 
> [94.237.32.243]:46598 to [65.121.55.42]:25
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by 
> domain hostkarma.junkemailfilter.com as 127.0.0.1
> Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by 
> domain hostkarma.junkemailfilter.com as 127.0.1.1
> Apr 17 00:00:09 mail postfix/dnsblog[74865]: addr 94.237.32.243 listed by 
> domain score.senderscore.com as 127.0.4.97
> Apr 17 00:00:09 mail postfix/dnsblog[74950]: addr 94.237.32.243 listed by 
> domain list.dnswl.org as 127.0.9.2
> Apr 17 00:00:10 mail postfix/postscreen[67061]: PASS OLD [94.237.32.243]:46598
> Apr 17 00:00:11 mail postfix/smtpd[84666]: connect from 
> wursti.dovecot.fi[94.237.32.243]
> Apr 17 00:00:37 mail dovecot: imap-login: Login: user=, x.x.x.x, 
> PLAIN, TLS
> Apr 17 00:00:37 mail dovecot: imap-login: Login: user=, x.x.x.x, 
> PLAIN, TLS
> Apr 17 00:00:37 mail dovecot: imap(kreme): Logged out in=34 out=497
> Apr 17 00:00:37 mail dovecot: imap(kremels): Logged out in=34 out=497
> Apr 17 00:00:39 mail postfix/smtpd[84666]: disconnect from 
> wursti.dovecot.fi[94.237.32.243] ehlo=1 mail=0/1 rcpt=0/1 data=0/1 rset=0/1 
> quit=1 commands=2/6
> 
> As you can see, 94.237.32.243 connected and then after 30 seconds 
> disconnected. It says it sent an ehlo, but it is not logged.
> 
> This is one of the lists effected, so please include a Cc to me. 
> 
> 

Re: Strange errors in mail.warn log

[wilfried.es...@essignetz.de]

Look here:
> Mar 18 17:21:25 jessie postfix/proxymap[873]: warning: connect to mysql
> server localhost: Can't connect to local MySQL server through socket
> '/var/run/mysqld/mysqld.sock' (2 "No such file or directory")


Willi

Re: Emails are not passed to Amavis after redirection by header check

[wilfried.es...@essignetz.de]

Please provide some information:

http://www.postfix.org/DEBUG_README.html#mail

Willi

Am 03.11.2017 um 11:13 schrieb ruttentuttels:
> Hi,
> I have an issue with the postfix configuration. Amavis is configured and
> running fine when emails are received directly to clients but when an email
> is forwarded by a header check rule, the mail is send straight to the
> alternative email mailbox without having the email scanned by Amavis.
> 
> Does anyone have a clue?
> 
> 
> 
> 
> --
> Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
> 

Re: Recipient address rejected: User unknown in local recipient table

[wilfried.es...@essignetz.de]

Hi,

is zimbra running on the same machine? Then you should read zimbra doc,
how to integrate with postfix.

If zimbra is running on another machine, you should read postfix doc on
relaying (http://www.postfix.org/documentation.html)


Willi


Am 27.10.2017 um 15:32 schrieb 9acca9:
> Hello everyone.
> I have configured a zimbra and a postfix different pc. (zimbra is on my
> local network, and postfix on an external network).
> 
> the only thing I want is for postfix to send the mails from my domain to any
> side, and that the ones of any side send them to zimbra.
> 
> The sending of mails was correct but if from my google mail account I want
> to answer, I find this error in the log:
> 
> Recipient address rejected: User unknown in local recipient table
> 
> of course the "user" is not know by postfix or that server, I want postfix
> to deliver this mail to zimbra, who knows them.
> 
> smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
> biff = no
> 
> append_dot_mydomain = no
> 
> readme_directory = no
> 
> smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
> smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
> smtpd_use_tls = yes
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> 
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
> defer_unauth_destination
> myhostname = postfix.mydomain.es
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> myorigin = /etc/mailname
> mydestination = $myhostname, mydomain.es, localhost.mydomain.es, localhost,
> relay_domains = $mydestination
> relayhost =
> mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 172.16.5.5/32
> 190.2.19.187/32
> mailbox_size_limit = 8192000
> recipient_delimiter = +
> inet_interfaces = all
> inet_protocols = all
> home_mailbox = Maildir/
> 
> Thanks to all.
> 
> 
> 
> --
> Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
> 

Re: Postfix, mailman, and aliases problem

[wilfried.es...@essignetz.de]

Hi,

what is alias_maps?

Willi

Am 26.10.2017 um 16:36 schrieb James Dore:
> Same: 
> 
> console@corelli:/var/log$ postconf alias_database
> alias_database = hash:/etc/aliases
> 
> J
> 
> 
> 
>> On 26 Oct 2017, at 15:30, chaouche yacine  wrote:
>>
>> Make sure you're using the /etc/aliases is actually used as your 
>> alias_database
>>
>>
>> root@messagerie[10.10.10.19] ~ # postconf alias_database 
>> alias_database = hash:/etc/aliases
>> root@messagerie[10.10.10.19] ~ #
>>
>> Here's mine
>>
>> root@messagerie[10.10.10.19] ~ # cat /etc/aliases
>> # /etc/aliases
>> mailer-daemon: postmaster
>> postmaster: root
>> nobody: root
>> hostmaster: root
>> usenet: root
>> news: root
>> webmaster: root
>> www: root
>> ftp: root
>> abuse: root
>> noc: root
>> security: root
>> root: serveur
>> clamav: root
>>
>> root@messagerie[10.10.10.19] ~ #
>>
>>
>> Check that the map is working correctly :
>>
>> root@messagerie[10.10.10.19] ~ # postalias -q mailer-daemon /etc/aliases
>> postmaster
>> root@messagerie[10.10.10.19] ~ #
>>
>>
>>
>> On Thursday, October 26, 2017 3:18 PM, James Dore  
>> wrote:
>>
>>
>> Hi list,
>>
>> I recently migrated our mailman server from an old SLES 11 box to Ubuntu 
>> 16.04.3 LTS, and installed Mailman from the Ubuntu repositories along with 
>> Postfix and other prerequisites. Mailman itself is working fine, but I have 
>> a handful of regular email aliases in /etc/aliases which do not receive 
>> mail, and when examining the logs, get bounced with a “User unknown” error. 
>> What did I screw up?
>>
>> (I’ve checked my aliases and they’re good, and I’ve run the newaliases 
>> command numerous times).
>>
>> Cheers,
>> James
>>
>> -- 
>> James Dore,
>> IT Officer, 
>> New College Oxford
>>
>>

Re: unable to send email to hotmail.com domain

[wilfried.es...@essignetz.de]

Follow the given guidelines from bouncemessage.

Otherwise, you could think about the chances of an ant fighting an
elephant or an hippo.

Willi


Am 26.10.2017 um 12:33 schrieb Poliman - Serwis:
> I have strange irritating problem. When I send emails from my server to any
> email address to any domain they reach the target without any problem. But
> when I try send to address in "hotmail.com" I got bounce:
> : host
> hotmail-com.olc.protection.outlook.com[104.47.40.33] said: 550 5.7.1
> Unfortunately, messages from [ip_of_my_server] weren't sent. Please
> contact
> your Internet service provider since part of their network is on our
> block
> list (AS3140). You can also refer your provider to
> http://mail.live.com/mail/troubleshooting.aspx#errors.
> [CO1NAM03FT055.eop-NAM03.prod.protection.outlook.com] (in reply to MAIL
> FROM command)
> 
> I know that MS has own black list but why they block me. Domain which I use
> to send confirmation links is clear (checked in), ip address of my server
> also is clear. I can put some config files if needed.
> 

Re: DANE logs

[wilfried.es...@essignetz.de]

Possibly setting smtp_tls_loglevel to "1", or higher, will help.

A warning from the docs: "Do not use "smtp_tls_loglevel = 2" or higher
except in case of problems. Use of loglevel 4 is strongly discouraged."

(Same with smtpd_tls_loglevel for incomming connections.)


Willi


Am 13.10.2017 um 06:53 schrieb Mal:
> Hello
> 
> Wondering if Postfix logs any DANE operations? 
> 
> Postfix MTAs configured:
>>
> smtp_use_tls = yes
> smtp_tls_security_level = dane
> smtp_dns_support_level = dnssec
> 
> MTA hostnames pass various online SMTP TLS checkers  (like 
> https://www.huque.com/bin/danecheck ). 
> 
> Mal
> 

Re: Specify VPN for postfix

[wilfried.es...@essignetz.de]

Am 01.08.2017 um 06:07 schrieb Yubin Ruan:
> Hi,
> Can anyone tell me how to point postfix to a VPN connection? I have
> setup a VPN listening at background on my Ubuntu and I want to point
> postfix to that listening port whenever postfix try to connect to the
> internet.


Hi,

read description of parameter "inet_interfaces"
(http://www.postfix.org/postconf.5.html#inet_interfaces). That should
help you finding the best way for you.

Willi

Re: SMTP session failure: 501 5.1.7 - how to solve it ?

[wilfried.es...@essignetz.de]

Please read http://www.postfix.org/DEBUG_README.html#mail


Willi


Am 23.06.2017 um 11:32 schrieb Zalezny Niezalezny:
> Dear Colleagues,
> 
> 
> I have a problem with my Postfix/Mailman configuration. Basicly everything
> is working fine except one thing.
> 
> When I`m sending message to mailman admins:
> 
> From: u...@example.com
> To: mailman-ow...@list.example.com
> 
> 
> Postfix generating SMTP session failure.
> 
> 
> Jun 23 10:59:25 2017 (18113) SMTP session failure: 501, 5.1.7 Bad sender
> address syntax, msgid: 

Re: telnet hangs when I enable sasl

[wilfried.es...@essignetz.de]

Am 05.06.2017 um 18:51 schrieb Roelof Wobben:
> Op 5-6-2017 om 18:35 schreef wilfried.es...@essignetz.de:
>> Internal Error -4 in server.c
> 
> 
> I did already and google does not have a answer
> 
> Roelof
> 

Sorry, got the wrong out of my history. This is the correct one:

https://serverfault.com/questions/618229/postfix-on-centos-7-cannot-authenticate-against-cyrus-saslauthd


Willi

Re: telnet hangs when I enable sasl

[wilfried.es...@essignetz.de]

Am 05.06.2017 um 17:58 schrieb Roelof Wobben:
> Op 5-6-2017 om 16:31 schreef wilfried.es...@essignetz.de:
>> Am 05.06.2017 um 14:42 schrieb Roelof Wobben:
>> ...
>>>> Is the postfix user allowed to read /etc/sasl/smtpd.conf?
>>> At this moment, not.  smtpd.conf has as owner root:root
>>> Schould I change it to postfix:root ?
>> Yes, if it's not already world readable.
>>
>> BTW: Can the postfix user traverse into /etc/sasl?
>>
>> We can see it on output of "ls -al /etc/sasl".
>>
>> Are the logs showing still the same errors?
>>
>>
>> Willi
>>
> 
> Changed it.
> output of ls -al /etc/sasl2
> 
> totaal 16
> drwxr-xr-x.  2 rootroot   24  5 jun 13:42 .
> drwxr-xr-x. 76 rootroot 8192  5 jun 15:26 ..
> -rw-r--r--.  1 postfix root   47  5 jun 13:42 smtpd.conf
I assume, postfix had seen the config all the time ;-)


> And the maillogs still give this error message :
> 
> warning : sasl authentication failure: Internal Error -4 in server.c near 
> line 1757
> fatal : no sasl authentication mechanisms

The error message changed, compared to your mail from 01.06.2017 18:23
+0200. Look for "Internal Error -4 in server.c" in the searchengine of
your confidence.

Good luck.


Willi

Re: telnet hangs when I enable sasl

[wilfried.es...@essignetz.de]

Am 05.06.2017 um 14:42 schrieb Roelof Wobben:
...
>> Is the postfix user allowed to read /etc/sasl/smtpd.conf?
> 
> At this moment, not.  smtpd.conf has as owner root:root
> Schould I change it to postfix:root ?

Yes, if it's not already world readable.

BTW: Can the postfix user traverse into /etc/sasl?

We can see it on output of "ls -al /etc/sasl".

Are the logs showing still the same errors?


Willi

Re: telnet hangs when I enable sasl

[wilfried.es...@essignetz.de]

Hi,


it's rather less information. Please provide information described under
http://www.postfix.org/DEBUG_README.html#mail


Willi


Am 01.06.2017 um 11:36 schrieb Roelof Wobben:
> Hello, 
> 
> I have this in my main.cf : 
> 
> smtpd_sasl_path = smtpd 
> smtpd_sasl_auth_enable = yes 
> 
> in my sasl2 config file I have this : 
> 
> pwcheck_method = auxprop 
> auxprop_plugin = sasldb
> mech_list = plain login cram-md5 digest-md5 ntlm 
> 
> but when I do telnet 127.0.0.1 25 and I do then ehlo locahost I see now 
> respons
> at all. 
> 
> When I disable the smtpd_sasl_auth_enable_line telnet works but I do not see 
> the
> auth headers back. 
> 
> 
> What can be the culprit here 
> 
> Roelof
> 

Re: confused with ssl settings and some error - need help

[wilfried.es...@essignetz.de]

Your loglines seem to come from "dovecot: imap-login".

Does your postfix makes imap logins? Mine doesn't do that.

But it should be possible by way of using smtp-auth that tests logins
against an imap server. Do you have this? Then, why didn't you provide
the according loglines from your postfix?

As i see on dovecot list, you asked the same question over there -
yesterday. And you got a smart answer - yesterday.
(http://markmail.org/message/u2b5aytovpkuxwgj)

Do you use LMTP or smtp-auth against imap?

Otherwise, i assume, you are completely wrong here on postfix list.


Try to learn the difference between postfix, dovecot and the clients you
and/or your customers are using. That will really help you more.



Willi



Am 27.04.2017 um 07:12 schrieb Poliman - Serwis:
> Hi,
> To default dovecot.conf file I added (based on found documentation):
> ssl = required
> disable_plaintext_auth = yes #change default 'no' to 'yes'
> ssl_prefer_server_ciphers = yes
> ssl_options = no_compression
> ssl_dh_parameters_length = 2048
> ssl_cipher_list =
> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> 
> I have below errors (they appear in loop in mail.err log file):
> #Apr 25 14:08:09 serwer-1 dovecot: imap-login: Error: SSL: Stacked error:
> error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> #Apr 25 14:08:09 serwer-1 dovecot: imap-login: Error: SSL: Stacked error:
> error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
> #Apr 25 14:08:51 serwer-1 dovecot: imap-login: Error: SSL: Stacked error:
> error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record
> mac
> #Apr 25 14:08:51 serwer-1 dovecot: imap-login: Error: SSL: Stacked error:
> error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
> 
> When I setup in postfix main.cf file (other lines default):
> tls_ssl_options = no_ticket, no_compression
> tls_preempt_cipherlist = yes
> smtpd_sasl_security_options=noanonymous,noplaintext
> smtpd_sasl_tls_security_options=noanonymous,noplaintext
> smtpd_tls_mandatory_ciphers = high
> smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
> #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I don't
> know what should be setup
> smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
> aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, ECDHE-RSA-DES-CBC3-SHA,
> DES-CBC3-SHA, RC4-MD5, RC4-SHA, ECDHE-RSA-RC4-SHA
> smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH,
> EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, ECDHE-RSA-DES-CBC3-SHA,
> DES-CBC3-SHA, RC4-MD5, RC4-SHA, ECDHE-RSA-RC4-SHA
> 
> Is between dovecot and postfix some communication using above ciphers or
> something that generate that errors in log or maybe some public client try
> connect and can't establish connection?
> 
> Server with Ubuntu 16.04 LTS, postfix 3.1 and dovecot 2.2.22 and openssl
> 1.0.2k.
> 

Re: Postfix impatient with mysql?

[wilfried.es...@essignetz.de]

Possibly you should ask some dovecot people. The loglines you provided,
show processname "dovecot", not postfix.


Willi


Am 06.04.2017 um 17:54 schrieb Robert Moskowitz:
> It seems postfix is impatient with connecting with mysql, as I see in 
> maillog entries like:
> 
> Apr  6 11:48:30 z9m9z dovecot: dict: Error: mysql(localhost): Connect 
> failed to database (postfix): Can't connect to local MySQL server 
> through socket '/var/lib/mysql/mysql.sock' (13) - waiting for 5 seconds 
> before retry
> Apr  6 11:48:35 z9m9z dovecot: dict: Error: mysql(localhost): Connect 
> failed to database (postfix): Can't connect to local MySQL server 
> through socket '/var/lib/mysql/mysql.sock' (13) - waiting for 25 seconds 
> before retry
> 
> I suspect it does connect eventually.  This is a test system with only 
> 1GB of memory and free reports:
> 
>totalusedfree  shared buff/cache   
> available
> Mem:1025484  696344   24556 21528  304584  251552
> Swap:524284   92168  432116
> 
> 
> The production box has 2GB, so if the problem is mysql is swapping out, 
> that will be 'fixed', if it is processor, well this is an ARMv7 duo 
> core, as is the production box.  I am considering buying the new quad core.
> 
> Is there anything I can do to get postfix more patient with mysql, or 
> just ignore there messages?
> 
> thank you
> 
> 
> 

Re: growing size of mail.log file - postfix logs

[wilfried.es...@essignetz.de]

> From two days log file has 18MB. What is wrong?


Do you have logging still active from your threat

"dovecot cram-md5 setting break sending emails"?


Willi

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

---
Maybe you should change your DB-Password: You sent it to the list inside
the atteched file:
password=06549...3acd port=3306
---


Your problem with cram-md5 is, that you have

"default_pass_scheme = CRYPT"

in /etc/dovecot/dovecot-sql.conf.


As mentioned in this text from my last mail, you need to change the
schema your passwords are stored in:
>>> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find
>>> under "Non-plaintext authentication mechanisms":
>>> "The problem with non-plaintext auth mechanisms is that the password
>>> must be stored either in plaintext, or using a mechanism-specific scheme
>>> that's incompatible with all other non-plaintext mechanisms. In
>>> addition, the mechanism-specific schemes often offer very little
>>> protection. This isn't a limitation of Dovecot, it's a requirement for
>>> the algorithms to even work.
>>>
>>> For example if you're going to use CRAM-MD5 authentication, the password
>>> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to
>>> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in
>>> plaintext. "

You'll have to set an other default scheme in your
/etc/dovecot/dovecot-sql.conf and recreate your passwords in the db.
Read more in above mentioned URL.

Or you can prefix every password with its scheme, but i don't remember
details.


Willi



Am 23.02.2017 um 15:35 schrieb Poliman - Serwis:
> "Now i understand, that you want to add cram-md5 to the mechs, but to
> authenticate still against the sql-db?" Hehe no. I have cram-md5 and when I
> try sql-db I can't send emails.
> I use ubuntu server 14.04.5 lts with 16.04 kernel. I found out that Postfix
> logs go to mail.log and mail.err files.
> "dovecot logs for the mentioned two cases?" - which two cases? :)
> dovecot-sql.conf output in attachement.
> "maybe a link to the mentioned dovecot threat" - do You mean tutorial based
> on I setup cram-md5 in dovecot?
> 
> 2017-02-23 15:26 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
> 
>> Now i understand, that you want to add cram-md5 to the mechs, but to
>> authenticate still against the sql-db?
>>
>>
>> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find
>> under "Non-plaintext authentication mechanisms":
>> "The problem with non-plaintext auth mechanisms is that the password
>> must be stored either in plaintext, or using a mechanism-specific scheme
>> that's incompatible with all other non-plaintext mechanisms. In
>> addition, the mechanism-specific schemes often offer very little
>> protection. This isn't a limitation of Dovecot, it's a requirement for
>> the algorithms to even work.
>>
>> For example if you're going to use CRAM-MD5 authentication, the password
>> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to
>> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in
>> plaintext. "
>>
>> Does that possibly point out your problem?
>>
>>
>> Otherwise please provide
>> - dovecot logs for the mentioned two cases?
>> - contnet of /etc/dovecot/dovecot-sql.conf?
>> - maybe a link to the mentioned dovecot threat.
>>
>> Did you find your postfix logs? Which system do you use?
>>
>>
>> Willi
>>
>>

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

Now i understand, that you want to add cram-md5 to the mechs, but to
authenticate still against the sql-db?


On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find
under "Non-plaintext authentication mechanisms":
"The problem with non-plaintext auth mechanisms is that the password
must be stored either in plaintext, or using a mechanism-specific scheme
that's incompatible with all other non-plaintext mechanisms. In
addition, the mechanism-specific schemes often offer very little
protection. This isn't a limitation of Dovecot, it's a requirement for
the algorithms to even work.

For example if you're going to use CRAM-MD5 authentication, the password
needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to
allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in
plaintext. "

Does that possibly point out your problem?


Otherwise please provide
- dovecot logs for the mentioned two cases?
- contnet of /etc/dovecot/dovecot-sql.conf?
- maybe a link to the mentioned dovecot threat.

Did you find your postfix logs? Which system do you use?


Willi


Am 23.02.2017 um 13:56 schrieb Poliman - Serwis:
> Still nothing. If I removed "noplaintext" from these lines, sending email
> still working when I have:
> auth_mechanisms = plain login cram-md5 #added cram-md5
> passdb {
>   #args = /etc/dovecot/dovecot-sql.conf
>   #driver = sql
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
> 
> but with this:
> auth_mechanisms = plain login
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> 
> I still can't send. So sending (or not sending) depends (I think) from
> above configurations from dovecot.conf.
> 
> 2017-02-23 13:39 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
> 
>> Am 23.02.2017 um 13:27 schrieb Poliman - Serwis:
>>> Test email go through when I have in dovecot.conf:
>>> auth_mechanisms = plain login cram-md5 #added cram-md5
>>> passdb {
>>>   #args = /etc/dovecot/dovecot-sql.conf
>>>   #driver = sql
>>>driver = passwd-file
>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>> }
>>>
>>> but this isn't default setting. I don't need this, need default:
>>> auth_mechanisms = plain login
>>> passdb {
>>>   args = /etc/dovecot/dovecot-sql.conf
>>>   driver = sql
>>> }
>>>
>>> but then sending testing email is not working.
>>
>> Now (i think) i understand. You should look to your postfix main.cf.
>>
>> smtpd_sasl_security_options = noanonymous,noplaintext
>> smtpd_sasl_tls_security_options = noanonymous,noplaintext
>>
>> Possibly you should remove "noplaintext" from
>> smtpd_sasl_tls_security_options.
>>
>> If you remove it also from smtpd_sasl_security_options your password
>> will traverse internet in cleartext.
>>
>> Details :
>> http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options
>>
>>
>> Willi
>>
>>
>>>
>>> Unfortunatelly dovecot list didn't help me. One developer sends me to
>> this
>>> group. ;)
>>>
>>> All logs from mail.log I pasted. I have mail.log and mail.err files.
>>>
>>> 2017-02-23 13:08 GMT+01:00 wilfried.es...@essignetz.de <
>>> wilfried.es...@essignetz.de>:
>>>
>>>> Hi,
>>>>
>>>>
>>>> i assume your test mail got through now?
>>>>
>>>>
>>>> Am 23.02.2017 um 11:17 schrieb Poliman - Serwis:
>>>>> I am not sure that all in these logs are good because there is info
>>>> 'passdb
>>>>> didn't return userdb entries'.
>>>> I think there is nothing to worry about.
>>>>
>>>> Dovecot knows about password and user databases. It is possible to have
>>>> password and userdata in the same db, like the sql-db from your default
>>>> entry. But the cram-md5 file didn't have userdata, which made dovecot
>>>> looking in the other db it got to know. I recommend you read details in
>>>> http://wiki.dovecot.org/PasswordDatabase ,
>>>> http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe
>> other
>>>> info from dovecot wiki.
>>>>
>>>>
>>>>> Authentication worked because dovecot used
>>>>> cram-md5 file (still custom settings in dovecot.conf about which I say
>>>> all
>>>>> time) but dovecot can't find match in database (configured in line:
>>>>>  args = /etc/dovec

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

Am 23.02.2017 um 13:27 schrieb Poliman - Serwis:
> Test email go through when I have in dovecot.conf:
> auth_mechanisms = plain login cram-md5 #added cram-md5
> passdb {
>   #args = /etc/dovecot/dovecot-sql.conf
>   #driver = sql
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
> 
> but this isn't default setting. I don't need this, need default:
> auth_mechanisms = plain login
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> 
> but then sending testing email is not working.

Now (i think) i understand. You should look to your postfix main.cf.

smtpd_sasl_security_options = noanonymous,noplaintext
smtpd_sasl_tls_security_options = noanonymous,noplaintext

Possibly you should remove "noplaintext" from
smtpd_sasl_tls_security_options.

If you remove it also from smtpd_sasl_security_options your password
will traverse internet in cleartext.

Details :
http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options


Willi


> 
> Unfortunatelly dovecot list didn't help me. One developer sends me to this
> group. ;)
> 
> All logs from mail.log I pasted. I have mail.log and mail.err files.
> 
> 2017-02-23 13:08 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
> 
>> Hi,
>>
>>
>> i assume your test mail got through now?
>>
>>
>> Am 23.02.2017 um 11:17 schrieb Poliman - Serwis:
>>> I am not sure that all in these logs are good because there is info
>> 'passdb
>>> didn't return userdb entries'.
>> I think there is nothing to worry about.
>>
>> Dovecot knows about password and user databases. It is possible to have
>> password and userdata in the same db, like the sql-db from your default
>> entry. But the cram-md5 file didn't have userdata, which made dovecot
>> looking in the other db it got to know. I recommend you read details in
>> http://wiki.dovecot.org/PasswordDatabase ,
>> http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe other
>> info from dovecot wiki.
>>
>>
>>> Authentication worked because dovecot used
>>> cram-md5 file (still custom settings in dovecot.conf about which I say
>> all
>>> time) but dovecot can't find match in database (configured in line:
>>>  args = /etc/dovecot/dovecot-sql.conf
>>>  driver = sql).
>> As this is the postfix list, i'd like to send you to the dovecot
>> forum/list to ask what you concerns.
>>
>>
>>>  How can I provide postfix logs - where can I find them? I have only
>>> mail.log and mail.err files for mailing errors. :)
>> If mail got through now, there is no need for further info from postfix.
>> As i know, postfix logs usually by means of syslog into
>> /var/log/mail.log or /var/log/mail/mail.log.
>>
>>
>> Willi
>>
>>
>>
>>
>>
>>>
>>> 2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de <
>>> wilfried.es...@essignetz.de>:
>>>
>>>> Hi,
>>>>
>>>>
>>>> now i'm rather unsure what you want to say with this?
>>>>
>>>> It looks something like authentification worked. But without the postfix
>>>> loglines i cant see it for sure.
>>>>
>>>>
>>>>
>>>> Willi
>>>>
>>>>
>>>> Am 23.02.2017 um 10:47 schrieb Poliman - Serwis:
>>>>> I setup like You pasted and in mail.log I have:
>>>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT
>>>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file(
>>>>> do_not_re...@example.com,93.179.231.31,<Fl+mbC9JRABds+cf>): lookup:
>>>> user=
>>>>> do_not_re...@example.com file=/etc/dovecot/cram-m$
>>>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out:
>>>>> OK#0111#011user=do_not_re...@example.com
>>>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in:
>>>>> REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57c
>>>> bfada#011session_pid=5092
>>>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch(
>>>>> do_not_re...@example.com,93.179.231.31,<Fl+mbC9JRABds+cf>): passdb
>>>> didn't
>>>>> return userdb entries, trying the next userdb
>>>>> Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql(
>>>>> do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir
>>>> as
>>>>> home, CONCA

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

Hi,


i assume your test mail got through now?


Am 23.02.2017 um 11:17 schrieb Poliman - Serwis:
> I am not sure that all in these logs are good because there is info 'passdb
> didn't return userdb entries'. 
I think there is nothing to worry about.

Dovecot knows about password and user databases. It is possible to have
password and userdata in the same db, like the sql-db from your default
entry. But the cram-md5 file didn't have userdata, which made dovecot
looking in the other db it got to know. I recommend you read details in
http://wiki.dovecot.org/PasswordDatabase ,
http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe other
info from dovecot wiki.


> Authentication worked because dovecot used
> cram-md5 file (still custom settings in dovecot.conf about which I say all
> time) but dovecot can't find match in database (configured in line:
>  args = /etc/dovecot/dovecot-sql.conf
>  driver = sql).
As this is the postfix list, i'd like to send you to the dovecot
forum/list to ask what you concerns.


>  How can I provide postfix logs - where can I find them? I have only
> mail.log and mail.err files for mailing errors. :)
If mail got through now, there is no need for further info from postfix.
As i know, postfix logs usually by means of syslog into
/var/log/mail.log or /var/log/mail/mail.log.


Willi





> 
> 2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
> 
>> Hi,
>>
>>
>> now i'm rather unsure what you want to say with this?
>>
>> It looks something like authentification worked. But without the postfix
>> loglines i cant see it for sure.
>>
>>
>>
>> Willi
>>
>>
>> Am 23.02.2017 um 10:47 schrieb Poliman - Serwis:
>>> I setup like You pasted and in mail.log I have:
>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT
>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file(
>>> do_not_re...@example.com,93.179.231.31,<Fl+mbC9JRABds+cf>): lookup:
>> user=
>>> do_not_re...@example.com file=/etc/dovecot/cram-m$
>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out:
>>> OK#0111#011user=do_not_re...@example.com
>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in:
>>> REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57c
>> bfada#011session_pid=5092
>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch(
>>> do_not_re...@example.com,93.179.231.31,<Fl+mbC9JRABds+cf>): passdb
>> didn't
>>> return userdb entries, trying the next userdb
>>> Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql(
>>> do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir
>> as
>>> home, CONCAT( maildir_format, ':', mail$
>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out:
>>> USER#0113625975809#
>>> 011do_not_re...@example.com#011home=/var/vmail/example.
>> com/do_not_reply#011mail=maildir:/var/vma$
>>> Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=<
>>> do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31,
>>> lip=193.70.38.6, mpid=5092, TLS, session=<Fl+mbC9JRABds+cf>
>>> Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl):
>>> Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243
>>>
>>>
>>> 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de <
>>> wilfried.es...@essignetz.de>:
>>>
>>>> I wonderd about how dovecot would deside, which "args" belongs to wich
>>>> "driver" line. So looked over
>>>> http://wiki.dovecot.org/Authentication/MultipleDatabases.
>>>>
>>>> Possibly you should write something like:
>>>>
>>>> passdb {
>>>>   args = /etc/dovecot/dovecot-sql.conf
>>>>   driver = sql
>>>> }
>>>>
>>>> passdb {
>>>>driver = passwd-file
>>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>>> }
>>>>
>>>>
>>>> Willi
>>>>
>>>>
>>>> Am 23.02.2017 um 10:30 schrieb Poliman - Serwis:
>>>>> You have right, I added 'noplaintext'. But main thing what I want to
>> get
>>>> -
>>>>> no cram-md5 in dovecot and ability to send emails. All worked fine
>> until
>>>> I
>>>>> set in dovecot.conf:
>>>>> auth_mechanisms = plain login cram-md5
>>>>> passdb {
>>>>>   #args = /etc/dovecot/dovecot-sql.conf
>>>>>   #driver = sql
>>>>>driver = passwd-file
>>>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>>>> }
>>>>
>>>>
>>>
>>>
>>
>>
> 
> 

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

Hi,


now i'm rather unsure what you want to say with this?

It looks something like authentification worked. But without the postfix
loglines i cant see it for sure.



Willi


Am 23.02.2017 um 10:47 schrieb Poliman - Serwis:
> I setup like You pasted and in mail.log I have:
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file(
> do_not_re...@example.com,93.179.231.31,<Fl+mbC9JRABds+cf>): lookup: user=
> do_not_re...@example.com file=/etc/dovecot/cram-m$
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out:
> OK#0111#011user=do_not_re...@example.com
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in:
> REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57cbfada#011session_pid=5092
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch(
> do_not_re...@example.com,93.179.231.31,<Fl+mbC9JRABds+cf>): passdb didn't
> return userdb entries, trying the next userdb
> Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql(
> do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir as
> home, CONCAT( maildir_format, ':', mail$
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out:
> USER#0113625975809#
> 011do_not_re...@example.com#011home=/var/vmail/example.com/do_not_reply#011mail=maildir:/var/vma$
> Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=<
> do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31,
> lip=193.70.38.6, mpid=5092, TLS, session=<Fl+mbC9JRABds+cf>
> Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl):
> Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243
> 
> 
> 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
> 
>> I wonderd about how dovecot would deside, which "args" belongs to wich
>> "driver" line. So looked over
>> http://wiki.dovecot.org/Authentication/MultipleDatabases.
>>
>> Possibly you should write something like:
>>
>> passdb {
>>   args = /etc/dovecot/dovecot-sql.conf
>>   driver = sql
>> }
>>
>> passdb {
>>driver = passwd-file
>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>> }
>>
>>
>> Willi
>>
>>
>> Am 23.02.2017 um 10:30 schrieb Poliman - Serwis:
>>> You have right, I added 'noplaintext'. But main thing what I want to get
>> -
>>> no cram-md5 in dovecot and ability to send emails. All worked fine until
>> I
>>> set in dovecot.conf:
>>> auth_mechanisms = plain login cram-md5
>>> passdb {
>>>   #args = /etc/dovecot/dovecot-sql.conf
>>>   #driver = sql
>>>driver = passwd-file
>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>> }
>>
>>
> 
> 

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

I wonderd about how dovecot would deside, which "args" belongs to wich
"driver" line. So looked over
http://wiki.dovecot.org/Authentication/MultipleDatabases.

Possibly you should write something like:

passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}

passdb {
   driver = passwd-file
   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}


Willi


Am 23.02.2017 um 10:30 schrieb Poliman - Serwis:
> You have right, I added 'noplaintext'. But main thing what I want to get -
> no cram-md5 in dovecot and ability to send emails. All worked fine until I
> set in dovecot.conf:
> auth_mechanisms = plain login cram-md5
> passdb {
>   #args = /etc/dovecot/dovecot-sql.conf
>   #driver = sql
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

Am 23.02.2017 um 10:06 schrieb Poliman - Serwis:
> I also turned on verbose log in dovecot and below is output in mail.log:
> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
> xsasl_dovecot_server_connect: auth reply: DONE
> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
> xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN
> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
> xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN
> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL
> authentication mechanisms
I'm no dovecot brain - but there is cram-md5 missing.


Seems to less loglines for debug_peer_list active. Did you reload postfix?

Can you also add the postfix loglines according to the sending client?


Willi


> Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process
> /usr/lib/postfix/smtpd pid 3640 exit status 1
> Feb 23 10:03:52 vps342401 postfix/master[25124]: warning:
> /usr/lib/postfix/smtpd: bad command startup -- throttling
> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection
> rate 27/60s for (submission:54.175.125.239) at Feb 23 09:58:20
> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection
> count 1 for (submission:54.175.125.239) at Feb 23 09:58:08
> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message rate
> 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37
> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache size 3
> at Feb 23 09:58:21
> 
> 
> 2017-02-23 9:59 GMT+01:00 Poliman - Serwis <ser...@poliman.pl>:
> 
>> Ok, so I added in main.cf at the bottom of the file the line:
>> debug_peer_list = 127.0.0.1,93.X.X.31
>>
>> and in master.cf (set 'n' in chroot column):
>> submission inet n   -   n   -   -   smtpd
>> smtps inet  n   -   n   -   -   smtpd
>>
>> What is next step?
>>
>> 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de <
>> wilfried.es...@essignetz.de>:
>>
>>> Hi,
>>>
>>>
>>> would suggest :
>>> - Try turning off chroot operation in master.cf
>>> - Verbose logging for specific SMTP connections
>>> (see http://www.postfix.org/DEBUG_README.html)
>>>
>>>
>>> Willi
>>>
>>>
>>> Am 23.02.2017 um 09:21 schrieb Poliman - Serwis:
>>>> Hmm. I think that above is not working. Probably I tried sent email too
>>>> fast after restart dovecot and new settings weren't loaded.
>>>>
>>>> 2017-02-23 9:18 GMT+01:00 Poliman - Serwis <ser...@poliman.pl>:
>>>>
>>>>> By the way I did some test. I removed cram-md5 from auth_mechanisms
>>> line
>>>>> and I uncommented default lines in passdb block and also left
>>> uncommented
>>>>> two lines added by me like below:
>>>>> auth_mechanisms = plain login
>>>>>
>>>>> passdb {
>>>>>   args = /etc/dovecot/dovecot-sql.conf
>>>>>   driver = sql
>>>>>driver = passwd-file
>>>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>>>> }
>>>>>
>>>>> I can send emails but I have no idea which setting is used - these two
>>>>> lines:
>>>>>   args = /etc/dovecot/dovecot-sql.conf
>>>>>   driver = sql
>>>>>
>>>>> or these
>>>>>driver = passwd-file
>>>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>>>>
>>>>> 2017-02-23 8:17 GMT+01:00 Dominic Raferd <domi...@timedicer.co.uk>:
>>>>>
>>>>>> On 23 February 2017 at 07:01, Poliman - Serwis <ser...@poliman.pl>
>>> wrote:
>>>>>>> ...
>>>>>>> All worked fine. Then I added in dovecot.conf file:
>>>>>>> auth_mechanisms = plain login cram-md5 #added cram-md5
>>>>>>>
>>>>>>> passdb {
>>>>>>>   #args = /etc/dovecot/dovecot-sql.conf
>>>>>>>   #driver = sql
>>>>>>>driver = passwd-file
>>>>>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>>>>>> }
>>>>>>>
>>>>>>> In passdb block commented out default lines and add two (I can put
>>> whole
>>>>>>> dovecot config). All things still worked fine. Then - in dovecot.conf
>>>>>> file I
>>>>>>> changed back setting to default. After this I can't send emails. In
>>> log
>>>>>> I
>>>>>>> have:
>>>>>>> Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
>>>>>>> authentication mechanisms
>>>>>>> Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
>>>>>>> authentication mechanisms
>>>>>>
>>>>>> I suspect it is not permitted to have # comments in dovecot conf files
>>>>>> except on a line of their own, though I admit I can't find this
>>>>>> documented. Try removing '#added cram-md5' or putting it on a line of
>>>>>> its own.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *Pozdrawiam / Best Regards*
>>>>> *Piotr Bracha*
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *tel. 534 555 877*
>>>>>
>>>>> *ser...@poliman.pl <ser...@poliman.pl>*
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>> --
>>
>> *Pozdrawiam / Best Regards*
>> *Piotr Bracha*
>>
>>
>>
>>
>> *tel. 534 555 877*
>>
>> *ser...@poliman.pl <ser...@poliman.pl>*
>>
> 
> 
> 

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

Am 23.02.2017 um 09:59 schrieb Poliman - Serwis:
> Ok, so I added in main.cf at the bottom of the file the line:
> debug_peer_list = 127.0.0.1,93.X.X.31

Only for shure: you didn't really wrote "X" in main.cf?

> and in master.cf (set 'n' in chroot column):
> submission inet n   -   n   -   -   smtpd
> smtps inet  n   -   n   -   -   smtpd
> 
> What is next step?

Next steps :
- try sending mails
- looking up the logs (for finding error or to make shure you didn't
open your system up completely)


Willi

> 
> 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
> 
>> Hi,
>>
>>
>> would suggest :
>> - Try turning off chroot operation in master.cf
>> - Verbose logging for specific SMTP connections
>> (see http://www.postfix.org/DEBUG_README.html)
>>
>>
>> Willi
>>
>>
>> Am 23.02.2017 um 09:21 schrieb Poliman - Serwis:
>>> Hmm. I think that above is not working. Probably I tried sent email too
>>> fast after restart dovecot and new settings weren't loaded.
>>>
>>> 2017-02-23 9:18 GMT+01:00 Poliman - Serwis <ser...@poliman.pl>:
>>>
>>>> By the way I did some test. I removed cram-md5 from auth_mechanisms line
>>>> and I uncommented default lines in passdb block and also left
>> uncommented
>>>> two lines added by me like below:
>>>> auth_mechanisms = plain login
>>>>
>>>> passdb {
>>>>   args = /etc/dovecot/dovecot-sql.conf
>>>>   driver = sql
>>>>driver = passwd-file
>>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>>> }
>>>>
>>>> I can send emails but I have no idea which setting is used - these two
>>>> lines:
>>>>   args = /etc/dovecot/dovecot-sql.conf
>>>>   driver = sql
>>>>
>>>> or these
>>>>driver = passwd-file
>>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>>>
>>>> 2017-02-23 8:17 GMT+01:00 Dominic Raferd <domi...@timedicer.co.uk>:
>>>>
>>>>> On 23 February 2017 at 07:01, Poliman - Serwis <ser...@poliman.pl>
>> wrote:
>>>>>> ...
>>>>>> All worked fine. Then I added in dovecot.conf file:
>>>>>> auth_mechanisms = plain login cram-md5 #added cram-md5
>>>>>>
>>>>>> passdb {
>>>>>>   #args = /etc/dovecot/dovecot-sql.conf
>>>>>>   #driver = sql
>>>>>>driver = passwd-file
>>>>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>>>>> }
>>>>>>
>>>>>> In passdb block commented out default lines and add two (I can put
>> whole
>>>>>> dovecot config). All things still worked fine. Then - in dovecot.conf
>>>>> file I
>>>>>> changed back setting to default. After this I can't send emails. In
>> log
>>>>> I
>>>>>> have:
>>>>>> Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
>>>>>> authentication mechanisms
>>>>>> Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
>>>>>> authentication mechanisms
>>>>>
>>>>> I suspect it is not permitted to have # comments in dovecot conf files
>>>>> except on a line of their own, though I admit I can't find this
>>>>> documented. Try removing '#added cram-md5' or putting it on a line of
>>>>> its own.
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Pozdrawiam / Best Regards*
>>>> *Piotr Bracha*
>>>>
>>>>
>>>>
>>>>
>>>> *tel. 534 555 877*
>>>>
>>>> *ser...@poliman.pl <ser...@poliman.pl>*
>>>>
>>>
>>>
>>>
>>
>>
> 
> 

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

Hi,


would suggest :
- Try turning off chroot operation in master.cf
- Verbose logging for specific SMTP connections
(see http://www.postfix.org/DEBUG_README.html)


Willi


Am 23.02.2017 um 09:21 schrieb Poliman - Serwis:
> Hmm. I think that above is not working. Probably I tried sent email too
> fast after restart dovecot and new settings weren't loaded.
> 
> 2017-02-23 9:18 GMT+01:00 Poliman - Serwis :
> 
>> By the way I did some test. I removed cram-md5 from auth_mechanisms line
>> and I uncommented default lines in passdb block and also left uncommented
>> two lines added by me like below:
>> auth_mechanisms = plain login
>>
>> passdb {
>>   args = /etc/dovecot/dovecot-sql.conf
>>   driver = sql
>>driver = passwd-file
>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>> }
>>
>> I can send emails but I have no idea which setting is used - these two
>> lines:
>>   args = /etc/dovecot/dovecot-sql.conf
>>   driver = sql
>>
>> or these
>>driver = passwd-file
>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>
>> 2017-02-23 8:17 GMT+01:00 Dominic Raferd :
>>
>>> On 23 February 2017 at 07:01, Poliman - Serwis  wrote:
 ...
 All worked fine. Then I added in dovecot.conf file:
 auth_mechanisms = plain login cram-md5 #added cram-md5

 passdb {
   #args = /etc/dovecot/dovecot-sql.conf
   #driver = sql
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
 }

 In passdb block commented out default lines and add two (I can put whole
 dovecot config). All things still worked fine. Then - in dovecot.conf
>>> file I
 changed back setting to default. After this I can't send emails. In log
>>> I
 have:
 Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
 authentication mechanisms
 Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
 authentication mechanisms
>>>
>>> I suspect it is not permitted to have # comments in dovecot conf files
>>> except on a line of their own, though I admit I can't find this
>>> documented. Try removing '#added cram-md5' or putting it on a line of
>>> its own.
>>>
>>
>>
>>
>> --
>>
>> *Pozdrawiam / Best Regards*
>> *Piotr Bracha*
>>
>>
>>
>>
>> *tel. 534 555 877*
>>
>> *ser...@poliman.pl *
>>
> 
> 
> 

Re: Invalid argument on remote SMTP servers

[wilfried.es...@essignetz.de]

Hi,


unfiltered postconf output is overwhelming. Please provide output of
postconf -n.

Also complete loglines of a failed smtp delivery would be very useful.

Seems you are using your host as smarthost, because no relayhost is set.
So it would be helpful to know if you have problems sending mail to all,
or only some, hosts.


Willi



On 12.01.2017 11:12, Jeremy Hansen wrote:
> I have a mail server behind a NAT/Firewall.  This mail server was set up to 
> move away a publicly facing mail server.
> 
> I can’t figure out why this is happening.  Incoming mail is working fine but 
> trying to send mail outbound from this mail server is resulting in this error:
> 
> mail.blah.com[X.X.X.111]:25: Invalid argument
> 
> and the mail is deferred.  
> 
> The error isn’t very descriptive.  I’m trying to figure out what is happening 
> here.
> 
> Here’s my conf:
> 
> 2bounce_notice_recipient = postmaster
> access_map_defer_code = 450
> access_map_reject_code = 554
> address_verify_cache_cleanup_interval = 12h
> address_verify_default_transport = $default_transport
> address_verify_local_transport = $local_transport
> address_verify_map = btree:$data_directory/verify_cache
> address_verify_negative_cache = yes
> address_verify_negative_expire_time = 3d
> address_verify_negative_refresh_time = 3h
> address_verify_poll_count = ${stress?1}${stress:3}
> address_verify_poll_delay = 3s
> address_verify_positive_expire_time = 31d
> address_verify_positive_refresh_time = 7d
> address_verify_relay_transport = $relay_transport
> address_verify_relayhost = $relayhost
> address_verify_sender = $double_bounce_sender
> address_verify_sender_dependent_default_transport_maps = 
> $sender_dependent_default_transport_maps
> address_verify_sender_dependent_relayhost_maps = 
> $sender_dependent_relayhost_maps
> address_verify_sender_ttl = 0s
> address_verify_service_name = verify
> address_verify_transport_maps = $transport_maps
> address_verify_virtual_transport = $virtual_transport
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases, nis:mail.aliases
> allow_mail_to_commands = alias, forward
> allow_mail_to_files = alias, forward
> allow_min_user = no
> allow_percent_hack = yes
> allow_untrusted_routing = no
> alternate_config_directories =
> always_add_missing_headers = no
> always_bcc =
> amavisfeed_delivery_slot_cost = $default_delivery_slot_cost
> amavisfeed_delivery_slot_discount = $default_delivery_slot_discount
> amavisfeed_delivery_slot_loan = $default_delivery_slot_loan
> amavisfeed_destination_concurrency_failed_cohort_limit = 
> $default_destination_concurrency_failed_cohort_limit
> amavisfeed_destination_concurrency_limit = 
> $default_destination_concurrency_limit
> amavisfeed_destination_concurrency_negative_feedback = 
> $default_destination_concurrency_negative_feedback
> amavisfeed_destination_concurrency_positive_feedback = 
> $default_destination_concurrency_positive_feedback
> amavisfeed_destination_rate_delay = $default_destination_rate_delay
> amavisfeed_destination_recipient_limit = $default_destination_recipient_limit
> amavisfeed_extra_recipient_limit = $default_extra_recipient_limit
> amavisfeed_initial_destination_concurrency = $initial_destination_concurrency
> amavisfeed_minimum_delivery_slots = $default_minimum_delivery_slots
> amavisfeed_recipient_limit = $default_recipient_limit
> amavisfeed_recipient_refill_delay = $default_recipient_refill_delay
> amavisfeed_recipient_refill_limit = $default_recipient_refill_limit
> anvil_rate_time_unit = 60s
> anvil_status_update_time = 600s
> append_at_myorigin = yes
> append_dot_mydomain = yes
> application_event_drain_time = 100s
> authorized_flush_users = static:anyone
> authorized_mailq_users = static:anyone
> authorized_submit_users = static:anyone
> backwards_bounce_logfile_compatibility = yes
> berkeley_db_create_buffer_size = 16777216
> berkeley_db_read_buffer_size = 131072
> best_mx_transport =
> biff = yes
> body_checks =
> body_checks_size_limit = 51200
> bounce_notice_recipient = postmaster
> bounce_queue_lifetime = 5d
> bounce_service_name = bounce
> bounce_size_limit = 5
> bounce_template_file =
> broken_sasl_auth_clients = no
> canonical_classes = envelope_sender, envelope_recipient, header_sender, 
> header_recipient
> canonical_maps =
> cleanup_service_name = cleanup
> command_directory = /usr/sbin
> command_execution_directory =
> command_expansion_filter = 
> 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
> command_time_limit = 1000s
> config_directory = /etc/postfix
> connection_cache_protocol_timeout = 5s
> connection_cache_service_name = scache
> connection_cache_status_update_time = 600s
> connection_cache_ttl_limit = 2s
> content_filter =
> cyrus_sasl_config_path =
> daemon_directory = /usr/libexec/postfix
> daemon_table_open_error_is_fatal = no
> daemon_timeout = 18000s
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> debug_peer_list =
> debugger_command =
> default_database_type = 

Re: Getting false unknown user errors

[wilfried.es...@essignetz.de]

Am 02.11.2016 um 06:57 schrieb @lbutlr:
> Not sure how to force amavis to generate a virus alert.

Ask searchengine you confide to for EICAR and Testvirus.


Willi

Re: Getting false unknown user errors

[wilfried.es...@essignetz.de]

Sorry, the port in my example should be 10027:

Set in amavisd configs:
$notify_method = 'smtp:[127.0.0.1]:10027';

Willi

Re: Getting false unknown user errors

[wilfried.es...@essignetz.de]

Am 01.11.2016 um 06:46 schrieb @lbutlr:
...
>>> 127.0.0.1:10025 inet n   -   n   -   -   smtpd
>>>-o content_filter=
>>>-o local_recipient_maps=
>>>-o relay_recipient_maps=
>>>-o smtpd_restriction_classes=
>>>-o smtpd_client_restrictions=
>>>-o smtpd_helo_restrictions=
>>>-o smtpd_sender_restrictions=
>>>-o smtpd_recipient_restrictions=permit_mynetworks,reject
>>>-o mynetworks=127.0.0.0/8
>>>-o strict_rfc821_envelopes=yes
>>>-o smtpd_error_sleep_time=0
>>>-o smtpd_soft_error_limit=1001
>>>-o smtpd_hard_error_limit=1000
>>>-o 
>>> receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
>>
>> I suspect no_address_mappings isn't appropriate here. It disables virtual 
>> aliases, so you're doing that ahead of amavisd, which may be OK but to quote 
>> postconf(5):
> 
> That is the amavis port, and it breaks without no_address_map

You should follow Viktor. When you are using amavisd in
after-queue-mode, you should set no_address_mappings before amavisd:

/etc/postfix/main.cf:
content_filter = scan:localhost:10025
receive_override_options = no_address_mappings

(from http://www.postfix.org/FILTER_README.html#advanced_filter)

And remove no_address_mappings from your "127.0.0.1:10025 inet"-smtpd.


---
If you have very(!) good reasons for doing adress mapping before
amavisd, you could provide a special smtpd-service for amavisd's
notifies, like :
> 127.0.0.1:10027 inet n   -   n   -   -   smtpd
> -o content_filter=
> -o local_recipient_maps=
> -o relay_recipient_maps=
> -o smtpd_restriction_classes=
> -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o mynetworks=127.0.0.0/8
> -o strict_rfc821_envelopes=yes
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
> -o 
> receive_override_options=no_header_body_checks,no_unknown_recipient_checks

Set in amavisd configs:
$notify_method = 'smtp:[127.0.0.1]:10025';



Willi

Re: Getting false unknown user errors

[wilfried.es...@essignetz.de]

Am 31.10.2016 um 23:51 schrieb @lbutlr:
...
No loglines of the denied mail?


> If I manually send a mail to virusal...@covisp.net

What do you mean with "manually"? (What is the difference to the denied
mail?)



PLease, provide output of postconf -n and postconf -Mf.

(Read http://www.postfix.org/DEBUG_README.html#mail ?)

Willi

Re: can't connect/send to postfix

[wilfried.es...@essignetz.de]

Hi,


looks like your mysql table for mysql-virtual-alias-maps.cf is not, what
postfix expects:

Am 30.09.2016 um 09:27 schrieb patg:
> Sep 30 09:00:06 mail postfix/cleanup[8397]: warning: mysql query failed: 
> Unknown column 'address' in 'where clause'

> Sep 30 09:00:06 mail postfix/cleanup[8397]: warning: 
> mysql:/etc/postfix/mysql-virtual-alias-maps.cf lookup error for 
> "t...@domain.com"

> Sep 30 09:00:06 mail postfix/cleanup[8397]: warning: B8077376081C: 
> virtual_alias_maps map lookup problem for t...@domain.com -- message not 
> accepted, try again later


---
If mysql table lookups work, look, if you still have problems with
amavis and come back if necessary.
> Sep 30 09:01:06 mail postfix/cleanup[8397]: warning: 
> mysql:/etc/postfix/mysql-virtual-alias-maps.cf lookup error for 
> "ama...@domain.com"



Willi

Re: Postfix not able to find databases for virtual mailboxes

[wilfried.es...@essignetz.de]

Hi,

is your trivial-rewrite daemon running chrooted?

On Debian (and possibly its childs, like Ubuntu) it matters how you
restarted postfix to get the new config active. /etc/init.d/postfix
copies some necessary files into chroot. In doubt, you should restart
postfix by "/etc/init.d/postfix restart".

Willi


Am 23.03.2016 um 02:35 schrieb Bernardo Vecchia Stein:
> Hello,
> 
> I have configured my postfix to use virtual mailboxes (using berkeley dbs
> for each setting), however postfix is not able to find the database files.
> Here's the relevant configuration and setup:
> 
> /etc/postfix/main.cf:
> canonical_maps = hash:/etc/postfix/canonical
> virtual_alias_maps = hash:/etc/postfix/virtual
> virtual_mailbox_domains = hash:/etc/postfix/virtual-mailbox-domains
> virtual_mailbox_maps = hash:/etc/postfix/virtual-mailbox-users
> 
> After doing that, I've created all 4 files (/etc/postfix/canonical,
> /etc/postfix/virtual, /etc/postfix/virtual-mailbox-domains,
> /etc/postfix/virtual-mailbox-users) with the necessary information in them,
> and then:
> 
> postmap /etc/postfix/canonical
> postmap /etc/postfix/virtual
> postmap /etc/postfix/virtual-mailbox-domains
> postmap /etc/postfix/virtual-mailbox-users
> 
> After that, I confirmed that all the .db files were created inside
> /etc/postfix.
> When I start postfix and try to send a test message from this email address
> to the one I wanted to test, I get the following in /var/log/mail.log:
> 
> Mar 22 22:15:45 sidhion postfix/postscreen[1799]: CONNECT from
> [209.85.213.51]:36861 to [**]:25
> Mar 22 22:15:45 sidhion postfix/postscreen[1799]: PASS OLD
> [209.85.213.51]:36861
> Mar 22 22:15:45 sidhion postfix/smtpd[1800]: error: open database
> /etc/postfix/virtual-mailbox-users.db: No such file or directory
> Mar 22 22:15:45 sidhion postfix/smtpd[1800]: connect from
> mail-vk0-f51.google.com[209.85.213.51]
> Mar 22 22:15:45 sidhion postfix/smtpd[1800]: Trusted TLS connection
> established from mail-vk0-f51.google.com[209.85.213.51]: TLSv1.2 with
> cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
> Mar 22 22:15:46 sidhion postfix/trivial-rewrite[1802]: error: open database
> /etc/postfix/virtual-mailbox-domains.db: No such file or directory
> Mar 22 22:15:46 sidhion postfix/trivial-rewrite[1802]: warning:
> hash:/etc/postfix/virtual-mailbox-domains is unavailable. open database
> /etc/postfix/virtual-mailbox-domains.db: No such file or directory
> Mar 22 22:15:46 sidhion postfix/trivial-rewrite[1802]: warning:
> hash:/etc/postfix/virtual-mailbox-domains: table lookup problem
> Mar 22 22:15:46 sidhion postfix/trivial-rewrite[1802]: warning:
> virtual_mailbox_domains lookup failure
> Mar 22 22:15:46 sidhion postfix/trivial-rewrite[1802]: warning:
> hash:/etc/postfix/virtual-mailbox-domains is unavailable. open database
> /etc/postfix/virtual-mailbox-domains.db: No such file or directory
> Mar 22 22:15:46 sidhion postfix/trivial-rewrite[1802]: warning:
> hash:/etc/postfix/virtual-mailbox-domains: table lookup problem
> Mar 22 22:15:46 sidhion postfix/smtpd[1800]: NOQUEUE: reject: RCPT from
> mail-vk0-f51.google.com[209.85.213.51]: 451 4.3.0 :
> Temporary lookup failure; from= to= in test> proto=ESMTP helo=
> 
> I am running everything on an Ubuntu 14.04. Postfix's package version is
> 2.11.0-1ubuntu1, and was installed by installing the mail-stack-delivery
> package.
> 
> The /usr/lib/postfix/master process is being run as root, and the pickup,
> qmgr and tlsmgr processes are being run with user "postfix". Everything
> inside /etc/postfix is owned by root.
> 
> Do you have any idea of what might be causing the issue here? I have tried
> deleting the current .db files and recreating them with postmap, but no
> luck. Error messages are not helping much (because the files do exist).
> 
> Thank you,
> Bernardo
> 

Re: Thousands of login attempts

[wilfried.es...@essignetz.de]

Did you try postscreen_blacklist_action
(http://www.postfix.org/postconf.5.html#postscreen_blacklist_action)

Default is "ignore"

Willi




Am 20.03.2016 um 20:10 schrieb @lbutlr:
> On Sun Mar 20 2016 12:59:08 @lbutlr    said:
>>
>> Mar 20 12:55:37 mail postfix/postscreen[29826]: BLACKLISTED 
>> [185.103.253.246]:50804
> 
> Stopped postfix and removed the post screen_cache file and restarted postfix.
> 
> Mar 20 13:03:59 mail postfix/postscreen[30633]: BLACKLISTED 
> [185.103.253.246]:51950
> Mar 20 13:03:59 mail postfix/dnsblog[30638]: addr 185.103.253.246 listed by 
> domain dnsbl-2.uceprotect.net as 127.0.0.2
> Mar 20 13:04:03 mail postfix/postscreen[30633]: PASS NEW 
> [185.103.253.246]:51950
> Mar 20 13:04:03 mail postfix/smtpd[30660]: connect from 
> unknown[185.103.253.246]
> 
> And then
> 
> Mar 20 13:04:35 mail postfix/smtpd[30660]: warning: unknown[185.103.253.246]: 
> SASL LOGIN authentication failed: UGFzc3dvcmQ6
> Mar 20 13:04:35 mail postfix/smtpd[30660]: lost connection after AUTH from 
> unknown[185.103.253.246]
> Mar 20 13:04:35 mail postfix/smtpd[30660]: disconnect from 
> unknown[185.103.253.246] ehlo=1 auth=0/1 commands=1/2
> Mar 20 13:04:38 mail postfix/postscreen[30633]: CONNECT from 
> [185.103.253.246]:55822 to [65.121.55.42]:25
> Mar 20 13:04:38 mail postfix/postscreen[30633]: BLACKLISTED 
> [185.103.253.246]:55822
> Mar 20 13:04:38 mail postfix/postscreen[30633]: PASS OLD 
> [185.103.253.246]:55822
> Mar 20 13:04:48 mail postfix/smtpd[30702]: warning: unknown[185.103.253.246]: 
> SASL LOGIN authentication failed: UGFzc3dvcmQ6
> Mar 20 13:04:48 mail postfix/smtpd[30702]: lost connection after AUTH from 
> unknown[185.103.253.246]
> Mar 20 13:04:48 mail postfix/smtpd[30702]: disconnect from 
> unknown[185.103.253.246] ehlo=1 auth=0/1 commands=½
> 
> So, no matter what I try to do, the IP comes back and is added to post 
> screen_cache and is handed off to smtpd. All I seem to have accomplished is 
> adding one more log line to the process that is currently hitting every 13-35 
> seconds.
> 
>  $ postconf -d mail_version
> mail_version = 3.0.3
> 

Re: canonicalised address gives: Recipient address rejected: User unknown in local recipient table

[wilfried.es...@essignetz.de]

> I was guessing that this would have to be aliased but didn't see it in the 
> documentation for
> canonical. Is it the correct way to set up full.name mapping to local users? 
> Also I'm more used to
> sendmail and qmail. This is my first time configuring postfix.

Correct is probably the wrong word.

If you need mailadresses, that aren't the same as loginnames or
mailboxnames, you have to define aliases. For me, using aliases, instead
of internal usernames, is the usual way. But, usually, i don't use
canonical for that. Maybe it makes sense, when changing from mailaddress
scheme "firstname" to, e.g.,  "first.lastname".

You can define aliases also in virtual table.


Willi

Re: canonicalised address gives: Recipient address rejected: User unknown in local recipient table

[wilfried.es...@essignetz.de]

Am 02.03.2016 um 21:52 schrieb Tom Robinson:
> On 03/03/16 06:33, wilfried.es...@essignetz.de wrote:
>> Am 02.03.2016 um 06:32 schrieb Tom Robinson:
>>> Hi,
>>> 
>>> I'm trying to map users to first.last in canonical but I get
>>> an error when sending email to the canonicalized address 
>>> first.last@domain:
>> ...
>>> My Error: Mar  2 15:47:36 camber policyd-spf[17984]: None; 
>>> identity=helo; client-ip=10.0.6.3; helo=motec.com.au; 
>>> envelope-from=r...@motec.com.au; 
>>> receiver=tom.robin...@motec.com.au Mar  2 15:47:36 camber 
>>> policyd-spf[17984]: None; identity=mailfrom;
>>> client-ip=10.0.6.3; helo=motec.com.au;
>>> envelope-from=r...@motec.com.au; 
>>> receiver=tom.robin...@motec.com.au Mar  2 15:47:36 camber 
>>> postfix/smtpd[17974]: NOQUEUE: reject: RCPT from 
>>> caster.motec.com.au[10.0.6.3]: 550 5.1.1 
>>> <tom.robin...@motec.com.au>: Recipient address rejected: User 
>>> unknown in local recipient table; from=<r...@motec.com.au> 
>>> to=<tom.robin...@motec.com.au> proto=SMTP helo= 
>> 
>> Hi,
>> 
>> can you show the according entries from /etc/aliases and 
>> /etc/postfix/canonical?
>> 
>> What name has the target mailbox for tom.robin...@motec.com.au?
> 
> Hi Willi,
> 
> Thanks for taking a look.
> 
> I don't have an entry in aliases and maybe that's the problem. From
> /etc/postfix/canonical:
> 
> tom tom.robinson
> 
> The real user is tom.


OK. I think you'll need entries like

tom.robinson:   tom

in your /etc/aliases. (Don't forget newaliases)


Willi




> 
> Kind regards, Tom
> 

Re: canonicalised address gives: Recipient address rejected: User unknown in local recipient table

[wilfried.es...@essignetz.de]

Am 02.03.2016 um 06:32 schrieb Tom Robinson:
> Hi,
> 
> I'm trying to map users to first.last in canonical but I get an
> error when sending email to the canonicalized address
> first.last@domain:
...
> My Error: Mar  2 15:47:36 camber policyd-spf[17984]: None;
> identity=helo; client-ip=10.0.6.3; helo=motec.com.au;
> envelope-from=r...@motec.com.au;
> receiver=tom.robin...@motec.com.au Mar  2 15:47:36 camber
> policyd-spf[17984]: None; identity=mailfrom; client-ip=10.0.6.3; 
> helo=motec.com.au; envelope-from=r...@motec.com.au;
> receiver=tom.robin...@motec.com.au Mar  2 15:47:36 camber
> postfix/smtpd[17974]: NOQUEUE: reject: RCPT from 
> caster.motec.com.au[10.0.6.3]: 550 5.1.1
> : Recipient address rejected: User
> unknown in local recipient table; from=
> to= proto=SMTP helo= 

Hi,

can you show the according entries from /etc/aliases and
/etc/postfix/canonical?

What name has the target mailbox for tom.robin...@motec.com.au?


Willi

Re: postfix to mailman: User doesn't exist/relay access denied

[wilfried.es...@essignetz.de]

Hi Walter,


would suggest to expand "mydestination" by "lists.ifkuk.org".



Willi


Am 01.02.2016 um 00:21 schrieb wal...@ifkuk.org:
> Hey guys
> 
> since three days I am stuck with a problem and it seems to me I am blind
> for the solution by digging
> into it so much, so I need your help to have a look at it please!
> 
> our server is up and running dovecot/postfix on debian 8 for three years
> by now, without any problems.
> 
> I urgently needed to set up some mailinglists and choose mailman for it
> (what else?).
> 
> I thought everything went fine till I tried to test my installation and
> discovered that,
> when I try to send from an internal emailaddress (managed by the server
> itself) I get an
> "User doesn't exist" error and if I send an email from an external
> service like gmail,
> I get "relay access denied".
> 
> Like I've said, I tried to fix this problem for over three days now and
> can't see my mistake.
> 
> I uploaded my config files at HowtoForge, where you can have a look at it:
> https://www.howtoforge.com/community/threads/postfix-mailman-debian8.72052/
> 
> 
> Greetings and thank you in advance for your help
> Walter
> 

Re: PCRE regex in header_checks ignored - why?

[wilfried.es...@essignetz.de]

Hi,

do you use amavis in before or after queue mode?

If before, you should possibly look to your master.cf, to the lines
who get the mail from amavis back. Do you have somthing like

-o receive_override_options=no_header_body_checks
or
-o header_checks=
there ?

Willi


Am 31.01.2016 um 11:56 schrieb Sebastian Wolfgarten:
> Hi,
> 
> I have a problem with a PCRE-based rule in header_checks which
> seems to be ignored and I can’t understand why this is the case.
> Hopefully you guys have an idea on how to fix this :-)
> 
> So here is my setup: I am using Postfix 2.11.7 on FreeBSD 10 and as
> I am being bombarded with emails from certain hosts in France (and
> I have no idea why). These hosts are always following this format:
> 
> letter e 1-2 digit number hostname .fr
> 
> Here are some samples from today:
> 
> e16.sodipoc.fr e38.info-essentiel.fr e42.1jour1news.fr
> 
> I have defined a rule in SpamAssassin which successfully marks the
> related spam accordingly (works like a charm):
> 
> header French_Spam ALL =~ / e\d{1,2}\.\S+\.fr /i score French_Spam
> 4.8
> 
> Now I am trying not to mark the unsolicited emails anymore but
> block them entirely. As such I have defined the following rule in
> header_checks based on the rule that I have defined in
> SpamAssassin:
> 
> /e\d{1,2}\.\S+\.fr/i REJECT French Spam
> 
> I reloaded Postfix (postmap is not necessary for PCRE files, or?)
> but still I have received three spam mails today. Still the rule
> seems okay from my perspective - here is a test of the rule with
> three hosts I have received spam from today:
> 
> $ postmap -q "e16.sodipoc.fr" pcre:/etc/postfix/header_checks 
> REJECT French Spam
> 
> $ postmap -q "e38.info-essentiel.fr"
> pcre:/etc/postfix/header_checks REJECT French Spam
> 
> $ postmap -q "e42.1jour1news.fr" pcre:/etc/postfix/header_checks 
> REJECT French Spam
> 
> Any idea why this is happening?
> 
> Here an extract of the headers of one of the emails received today
> (note: The message was marked as spam by Postfix but I manually
> removed all the related headers and information not to end up in
> your spam filters):
> 
> Return-Path:  Delivered-To:
> sebast...@wolfgarten.com Received: from waldfest (localhost
> [127.0.0.1]) by waldfest.wolfgarten.com (Postfix) with ESMTP id
> 4154D704B9 for ; Sun, 31 Jan 2016
> 11:06:58 +0100 (CET) X-Quarantine-ID:  Received: from
> waldfest.wolfgarten.com ([127.0.0.1]) by waldfest
> (waldfest.wolfgarten.com [127.0.0.1]) (amavisd-new, port 10024) 
> with LMTP id xg91jhFD9UJP for ; Sun, 31
> Jan 2016 11:06:44 +0100 (CET) X-Greylist: delayed 300 seconds by
> postgrey-1.36 at waldfest; Sun, 31 Jan 2016 11:06:44 CET Received:
> from e42.1jour1news.fr (e42.1jour1news.fr [62.210.13.102]) by
> waldfest.wolfgarten.com (Postfix) with ESMTP id A6750704AC for
> ; Sun, 31 Jan 2016 11:06:44 +0100 (CET) 
> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key;
> d=e42.1jour1news.fr; 
> h=List-Unsubscribe:Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type;
> i=s...@e42.1jour1news.fr; bh=zQj93n30egRyo2hFB5OnJZSylLw=; 
> b=FSLGriDlKRcl/NXBkxXU7ANj7JEO3+ltGllwY3hZu2bXxjJLXjFbz+fTZljB2BHbYMaKFmZxd6cF
>
> 
6OhoV689FNZPqC1SBUt7rA2qMTRP0gqpuCGkMqTZ9KaSObrSNlZgCsxnsOuLWt7zrjF1OHL6jT8C
> y0Nre8XUjO0vR+d2Jbs= DomainKey-Signature: a=rsa-sha1; c=nofws;
> q=dns; s=key; d=e42.1jour1news.fr; 
> b=Y4c0lfDPkQ4YaimLaY4exKzB9WpnZVLpQ+HP7976BIB5gFzWEIF+n9wYB7afXxThUNNWaomOHcJs
>
> 
LxgAMqLl9nmkNLI6FRS0zn3cC/Pq8wUoUxdhyity3JWxiTo3q12ZP2/UxsYaOcWccB03Ch8VsB2u
> 9dhJQsHlnHCxcvj2Grs=; List-Unsubscribe:
> 
>
> 
Message-ID: <1454234504.tinkiwinkilalapo56addb880b...@link.lilinews.fr>
> Date: Sun, 31 Jan 2016 11:01:44 +0100 Subject:
> =?UTF-8?Q?15=E2=82=AC?= offerts sur la nouvelle collection
> 
> Finally, here is Postfix config:
> 
> alias_maps =
> hash:/etc/aliases,mysql:/etc/postfix/mysql_virtual_alias_maps.cf 
> body_checks =
> pcre:/etc/postfix/body_checks,pcre:/etc/postfix/bad_urls 
> canonical_maps = regexp:/etc/postfix/rewrite command_directory =
> /usr/sbin config_directory = /etc/postfix content_filter =
> amavisfeed:[127.0.0.1]:10024 daemon_directory =
> /usr/libexec/postfix data_directory = /var/db/postfix 
> debug_peer_level = 2 debugger_command =
> PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
> $daemon_directory/$process_name $process_id & sleep 5 
> default_destination_concurrency_limit = 20 
> dovecot_destination_recipient_limit = 1 header_checks =
> pcre:/etc/postfix/header_checks html_directory =
> /usr/share/doc/postfix in_flow_delay = 1s inet_interfaces = all 
> inet_protocols = ipv4 local_destination_concurrency_limit = 2 
> mail_owner = postfix mail_spool_directory = /var/mail 
> mailbox_size_limit = 0 mailq_path = /usr/bin/mailq 
> 

Re: lmtp: transport unavailable

[wilfried.es...@essignetz.de]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am 20.01.2016 um 12:18 schrieb Arian Sanusi:
> 
>> You need to look earlier in the logfile. Look for fatal or
>> warning records.
> 
> Just did - the only thing that's there is not helpful to me,
> either: Jan 20 11:31:40 chichak postfix/qmgr[31189]: warning:
> connect to transport private/local: Connec tion refused
> 

Looks like lack of rights or wrong path.

Did you run your smtp-source test as user postfix?

BTW - what user is your dovecot running with?

What makes you shure, postfix will try to use
/var/spool/postfix/private/dovecot-lmtp?



Willi
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlafijMACgkQ3fC18neDqYEK1gCg3l1rgR6AWUnocItBp425NCyr
Og0An33FYG+8wYpZJy81W5aJHI0YKlH2
=wapy
-END PGP SIGNATURE-

Re: lmtp: transport unavailable

[wilfried.es...@essignetz.de]

Am 20.01.2016 um 14:59 schrieb Wietse Venema:
> Wietse Venema:
>> Arian Sanusi:
>>> /var/log/mail.log:
 Jan 20 11:31:40 chichak postfix/error[31253]: 6716E6A79: 
 to=, orig_to=, relay=none, 
 delay=0.42, delays=0.37/0/0/0.04, dsn=4.3.0, status=deferred (mail 
 transport unavailable)

Hi Arian,

maybe i'm completely wrong. What ist "to="
inside the above printed logline?

I know the "+"-addressing, but i don't know what the "$local" should do
in that place. As i see, that looks like an entry with name expansion,
for instance in a luser_relay file.


Willi

Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[wilfried.es...@essignetz.de]

Am 18.01.2016 um 23:21 schrieb bi...@sent.at:

> So now when I send email with the test string in it it gets rejected, I get 
> this in the reject message
> 
>   : host mx.example.com[###.###.###.###]
>   said: 550 5.7.1 id=04518-01 - Rejected by next-hop MTA on relaying, 
> from
>   MTA(smtp:[127.0.0.1]:50100): 550 5.7.1 554 5.7.1 Message not allowed
>   (in reply to end of DATA command)
> 
> where
> 
>   smtp:[127.0.0.1]:50100
> 
> is what catches the return from before-queue Amavisd.
> 
> So it's rejecting it now!  Thanks a bunch :-)
> 
> One thing, that reject message has the IP/Port (smtp:[127.0.0.1]:50100) of 
> the next-hop MTA in it.
> 
> Can I quiet that message down somewhere to NOT include that info?  Just 
> include the REJECT, but not the IP/Port, maybe referring to it by its 
> 'syslog_name' or something like that?

My reject messages are also containing this information. As this
interfaces aren't accessible from outside, it doesn't bother me much.

As i understand, amavis is putting the "from MTA(smtp
[127.0.0.1]:50100)" into the reject message. I assume, postfix can't
filter this message out, because it's all happening during the smtp
dialog, while getting the mail from sending outside server. You will
have to rewrite amavis, to get this stopped.


Willi

Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[wilfried.es...@essignetz.de]

Hi,

seems you are using amavis in before-queue mode?. As i remember, a
proxy-smtpd, doesn't do any header- and body-checks

The more interresting master.cf lines are the ones who get the mail from
amavis. Do you have somthing like

-o receive_override_options=no_header_body_checks
or
-o body_checks=
there ?


Am 18.01.2016 um 22:34 schrieb bi...@sent.at:
> Re-looking at my config, I set up Postfix to 
> 
>  1) receive via postfix
>  2) hand off what passes postscreen and the body_checks to amavis
> 
> So I have
> 
>  master.cf
> 
>   [mx.example.com]:25  inet  n  -  n  -  1  postscreen
> -o smtpd_service_name=ps-int
> 
>   ps-int  pass  -  -  n  -  -  smtpd
> -o receive_override_options=no_address_mappings
> -o smtpd_authorized_xforward_hosts=127.0.0.0/8
> -o smtpd_client_connection_count_limit=20
> -o smtpd_proxy_filter=127.0.0.1:5
> -o smtpd_proxy_options=speed_adjust
> -o smtpd_proxy_timeout=300s
> -o syslog_name=postfix/ps-int
> 
>..
> 
> 
> Which then hands-off to amavisd listening on 127.0.0.1:5
> 
> Like I said above, and verified with postconf,
> 
>  main.cf
>..
>body_checks=pcre:/etc/postfix/body_checks.pcre
>..
>   
> IIUC the 'ps-int' smtpd instance should be using body_checks from main.cf.
> 
> So this should work, right?
> 
> Unless ... the body_checks doesn't happen soon enough? And it gets passed to 
> Amavisd *before* ever hitting that check?
> 
> Do I  need some kind of a separate additional smtpd instance in there to pass 
> to FROM ps-int BEFORE passing to the Amavisd filter?
> 
> Thanks,
> 
> Billy
> 

Re: Problem with XFORWARD relay hack

[wilfried.es...@essignetz.de]

Hi,


XFORWARD access is opend by smtpd_authorized_xforward_hosts. The default
is empty, wich means, nobody can use xforward. That's since postfix 2.1.
(http://www.postfix.org/postconf.5.html#smtpd_authorized_xforward_hosts)

Possibly smtpd_authorized_xclient_hosts could help an attacker to fool you.

If you don't have any smtpd_authorized_xforward_hosts (and maybe
smtpd_authorized_xclient_hosts) i assume you don't drilling the right hole.

If the mail comes in from a host you are relaying for, i'd suggest to
block him in your firewall and get his admin out of his bed.

If the mail comes in from a webmail service, you are providing, you
should get the acoount(s) that are hacked and disable their login).


Willi


Am 11.01.2016 um 04:12 schrieb Steven Kiehl:
> Thanks for the tip, Robert.  However, I have all that configured currently,
> plus additional measures.
> My setup is on Postfix 2.7.0, so I'm wondering if there are some XFORWARD
> bugs in there.  I'm in the process of upgrading that because I don't have
> too many other options at the moment.
> 
> If anyone has more advice on disabling XFORWARD support on 2.7.0 or 2.9+,
> please let me know.  I see no point in having it for a basic mail server
> host setup.  As far as I can tell, the moment I start up postfix, junk
> starts flying in with these XFORWARD commands, and moments later the queue
> fills up with deferred messages refused from remote hosts.
> 
> 
> On Sun, Jan 10, 2016 at 8:37 PM, Wolfe, Robert > wrote:
> 
>> Ooops.  Didn’t reply to the list. L
>>
>>
>>
>> Hope this will help you a bit:
>>
>>
>>
>>
>> http://www.linuxquestions.org/questions/linux-security-4/how-to-postfix-disable-relay-forwarding-mail-security-redhat-5-1-a-643331/
>>
>>
>>
>>
>>
>> *From:* owner-postfix-us...@postfix.org [mailto:
>> owner-postfix-us...@postfix.org] *On Behalf Of *Steven Kiehl
>> *Sent:* Sunday, January 10, 2016 7:21 PM
>> *To:* postfix-users@postfix.org
>> *Subject:* Problem with XFORWARD relay hack
>>
>>
>>
>> Good evening,
>>
>>
>>
>> I've had no trouble solving my issues with my postfix/dovecot setup with
>> manpages and the like before, but this new issue has me subscribing to the
>> mailing list because this is urgent.  I've been the victim of an XFORWARD
>> relay hack of sorts on my postfix server.  I'm not sure how many messages
>> got through, but they all sent from a domain that I web service but don't
>> mail service.
>>
>>
>>
>> Essentially, someone found a way to connect to my server, sent an XFORWARD
>> SOURCE=LOCAL command, and attempted to send thousands of messages via relay
>> one after another with a reset command after each message was completed, so
>> they could maintain the connection.  My problem is that I don't have any
>> XFORWARD settings defined in my config and I can't find anything that would
>> normally authorize or deauthorize these commands.
>>
>>
>>
>> I deleted over 47000 messages stuck in queue after I'm pretty sure I've
>> been blocked by all major mailing services.
>>
>>
>>
>> How do I disable XFORWARD in a postfix/dovecot setup?
>>
> 

Re: R: R: R: smtpd_recipient_restrictions in error

[wilfried.es...@essignetz.de]

Am 23.12.2015 um 09:13 schrieb Nicola Piazzi:
> Do you mean that i must give logging of the problem ?
I think so.

> I don't undestrand if you say that there is a solution and I have done some 
> error in typing
You corrected your misspelling. But now there seems to be another error.

Additionally i'd like to ask you the following:

Which postfix version do you use?

Can you show us the complete "smtpd_recipient_restrictions = ..." part,
when it failed?


Willi


> Nicola Piazzi
> CED - Sistemi
> COMET s.p.a.
> Via Michelino, 105 - 40127 Bologna - Italia
> Tel.  +39 051.6079.293
> Cell. +39 328.21.73.470
> Web: www.gruppocomet.it
> 
> 
> 
> -Messaggio originale-
> Da: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] 
> Per conto di Viktor Dukhovni
> Inviato: mercoledì 23 dicembre 2015 09:00
> A: postfix-users@postfix.org
> Oggetto: Re: R: R: smtpd_recipient_restrictions in error
> 
> On Wed, Dec 23, 2015 at 07:54:22AM +, Nicola Piazzi wrote:
> 
>> At now my "smtpd_recipient_restrictions" is configured to use sqlgrey 
>> and is working :  smtpd_recipient_restrictions = 
>> permit_sasl_authenticated, permit_mynetworks, 
>> reject_unauth_destination, reject_non_fqdn_recipient, 
>> reject_unknown_recipient_domain, check_recipient_access 
>> hash:/etc/postfix/recipient_access, check_policy_service 
>> inet:127.0.0.1:2501
>>
>> If I want to verify recipients in exchange I need to put 
>> "reject_unverified_recipient" but it work ONLY if I remove 
>> "check_policy_service" :  smtpd_recipient_restrictions = 
>> permit_sasl_authenticated, permit_mynetworks, 
>> reject_unauth_destination, reject_non_fqdn_recipient, 
>> reject_unknown_recipient_domain, check_recipient_access 
>> hash:/etc/postfix/recipient_access,
>> reject_unverified_recipient
>>
>> Using together "reject_unverified_recipient" and check_policy_service 
>> give error after typing rcpt to
> 
> http://www.postfix.org/DEBUG_README.html#mail
> http://www.postfix.org/ADDRESS_VERIFICATION_README.html
> 

Re: relay not working - dns problem ?

[wilfried.es...@essignetz.de]

Am 08.12.2015 um 14:08 schrieb Zalezny Niezalezny:
...

> On Relay01 I have configured /etc/postfix/transport file like this:
> 
> domain.fr relay:Relay02
> 

Hi,

try to use []. They'll stop DNS-Lookups for MX.

domain.fr :[Relay02oritsIP-Adress]


Possibly better solution is using "relayhost"-parameter for getting all
noninternal mail out (http://www.postfix.org/postconf.5.html#relayhost).


Willi

Re:

[wilfried.es...@essignetz.de]

Am 30.11.2015 um 10:31 schrieb Андрей:
>  lists
> 
Hi,

did you ever think about sending comands to majord...@postfix.org ?


Willi

Re: Postfix doesn't reject hard bounced emails

[wilfried.es...@essignetz.de]

Hi,

what was your docker config for postfix, when it didn't work?

Willi


Am 09.08.2015 um 23:46 schrieb post...@pd.lv:
 Hello Postfix community,
 
 This problem is related to docker + postfix + Ubuntu LTS with kernel 
 3.16 host (I didnt test with 3.13).
 
 Issue can be reproduced without any configuration change if postfix is 
 installed within docker container.
 
 I tried to rebuild postfix from source (2.x and 3.x), but that didn't 
 solve the problem.
 
 I even tested multiple existing postfix images in docker hub and all 
 have the same issue.
 
 To solve the issue I had to install newest kernel version that is 
 available for Ubuntu LTS - 3.19.
 apt-get install linux-generic-lts-vivid
 
 With regard,
 Agris
 
 
 
 On 2015-07-31 10:31, post...@pd.lv wrote:
 Dear Postfix community,
 I'm having problem with Postfix and I can't figure out what's wrong..

 I have configured Postfix to send and receive emails, but there is an
 issue with HARD bounced emails - they are not rejected and Postfix
 repeats sending them every x minutes and user receives Undelivered
 Mail Returned to Sender multiple times.

 In mail.log I see: [..] delay=5.2, delays=0.11/0.01/0.07/5, dsn=4.3.0,
 status=deferred (bounce or trace service failure)

 I added -v to bounce, qmgr daemons in master.cf, but still I can't
 figure out what is wrong.

 Here is full log: http://pastebin.com/bsFDsFB9
 And here is my config (below config there is master.cf config):
 http://pastebin.com/u75w2qQ3

 Could there be an issue with my config or there is a bug in Postfix 
 2.11.0?

 I posted same question in serverfault, but there are no answers:
 http://serverfault.com/questions/709741/postfix-hard-bounced-emails-are-not-rejected

 I would appreciate if any could help me solving this.. Thanks!

 With regard,
 Agris
 

Re: Mailing list sending mail to server with strong anti-spoofing setting

[wilfried.es...@essignetz.de]

Hi,


maybe this, from postfix doc, will help you:

http://www.postfix.org/ADDRESS_REWRITING_README.html#generic


Willi



Am 07.08.2015 um 13:51 schrieb Vincent Pelletier:
 Hello,
 
 I have a Mailman + postfix setup (old versions: mailman 2.1.11,
 postfix 2.5.5), and the mail server of one of subscribers' domain
 started rejecting mails when From header domain is its own domain
 (foo.com MX rejecting incoming @foo.com mails). This of course happens
 when a @foo.com member posts to the list: other @foo.com subscribers
 never receive his post.
 
 From my understanding of the From header, it is legal for it to have
 a domain which is not hosted by sender (ie, the SMTP transaction
 initiator).
 
 So my plan is to change nothing on the Mailman level, but rather add an
 exception in our postfix config to mangle From header of mails being
 sent to that server.
 
 In my understanding, I need 2 distinct postfix features:
 - transport_maps for the recipient-dependent aspect
 - header_check for the mangling part
 
 Is my understanding correct so far ?
 
 Here is how I implemented the above:
 
 main.cf:
 transport_maps = hash:/etc/postfix/transport_map
 
 transport_map:
 foo.com mangle_from:
 
 master.cf:
 mangle_from unix - - - - - smtpd
   -o header_checks=pcre:/etc/postfix/mangle_from.pcre
 
 mangle_from.pcre:
 /^From:[[:space:]]+.*@foo.com/ REPLACE From: nob...@nexedi.com
 
 But this fails between transport_map and master.cf:
 mail.log:
 Aug  7 12:56:46 ns208770 postfix/oqmgr[4535]: 2B67ABF017B: 
 from=vinc...@nexedi.com, size=5497, nrcpt=1 (queue active)
 Aug  7 13:01:46 ns208770 postfix/error[22126]: 2B67ABF017B: to=...@foo.com, 
 relay=none, delay=1833, delays=1533/300/0/0.16, dsn=4.3.0, status=deferred 
 (mail transport unavailable)
 
 mail.warn:
 Aug  7 13:01:46 ns208770 postfix/oqmgr[4535]: warning: unexpected 
 end-of-input from private/mangle_from socket while reading input attribute 
 name
 Aug  7 13:01:46 ns208770 postfix/oqmgr[4535]: warning: private/mangle_from 
 socket: malformed response
 
 What did I do wrong ?
 Can I do anything without having to upgrade right now ?
 
 Regards,
 

Re: Mailing list sending mail to server with strong anti-spoofing setting

[wilfried.es...@essignetz.de]

Am 07.08.2015 um 18:24 schrieb Vincent Pelletier:
 On Fri, 07 Aug 2015 17:10:11 +0200,
 wilfried.es...@essignetz.de wilfried.es...@essignetz.de wrote :
 maybe this, from postfix doc, will help you:

 http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
 
 The problem with this is that it will rewrite To: field too, so
 sending to ...@foo.com pushes to their SMTP a mail for
 nob...@nexedi.com - which they rightfully reject as a relay attempt.

That makes me wonder. Do they know the difference  between envelope-to
and to-field, or envelope-from and from-field? (This makes me
remember to the beginning of my fechmail era - they do not use fetchmail
or something similar?)

Usually smtp-Servers should only look to the the envelope-to/-from,
which they exchange during the smtp dialogue. If a smtp-server is
checking only the from and to fields in the header of the received mail,
they will loose receipient information. That concerns not only mail from
lists, but also mail sent with adressess in BCC.

Possibly, you should try to talk to this special admin. Looks like he's
violating some really important rfc's.


Willi

 
 Or I botched my configuration and/or missed an extra option.
 
 Regards,
 

Re: status=bounced (mail for ... loops back to myself)

[wilfried.es...@essignetz.de]

Hello,


mail.mydomain.dd[6.7.8.9] is the machine running your two instances?

Looks like your outgoing postfix himself thinks, he is the one for
domain mydomain.dd. Maybe you could give him a transport-table entry like :

mydomain.dd smtp:[1.2.3.4]:25

(Remember to run postmap)


If that doesn't help, please send master.cf and main.cf of both instances.


Willi



Am 02.08.2015 um 13:53 schrieb michalr0:
 Hello i have two instance of postfix
 one for incoming (p:25) and one for outgoing (p:587)
 
 I use this configuration because in this way i may check DNS and MX records. 
 I have some virtual domains. When I send email to client which changing mail 
 server (from me to other ISP) I sending emails to me server (old) not to new 
 server
 
 and I have one trouble
 when I sended email from my server to outside server i working great
 when I received mail from outside server is working great
 
 but when i sended from me to me I have many errors
 NOQUEUE: reject_warning: RCPT from 1-2-3-4.dynamic.xx[1.2.3.4]: 450 4.1.7 
 ad...@mydomain.dd: Sender address rejected: unverified address: mail for 
 mydomain.dd loops back to myself; from=ad...@mydomain.dd 
 to=t...@mydomain.dd proto=ESMTP helo=[192.168.1.140]
 Aug  2 13:20:46 node1 postfix-out/smtp[13651]: warning: host 
 mail.mydomain.dd[6.7.8.9]:25 greeted me with my own hostname 
 node25.myserver.ss
 Aug  2 13:20:46 node1 postfix-out/smtp[13651]: warning: host 
 mail.mydomain.dd[6.7.8.9]:25 replied to HELO/EHLO with my own hostname 
 node25.myserver.ss
 Aug  2 13:20:46 node1 postfix-out/smtp[13651]: 351E9406A0: 
 to=ad...@mydomain.dd, relay=mail.mydomain.dd[6.7.8.9]:25, delay=0.08, 
 delays=0/0/0.08/0, dsn=5.4.6, status=bounced (mail for mydomain.dd loops back 
 to myself)
 
 -- from log --
 Aug  2 13:20:45 node1 postfix-out/smtpd[13643]: connect from 
 1-2-3-4.dynamic.xx[1.2.3.4]
 Aug  2 13:20:46 node1 postfix-out/smtpd[13643]: NOQUEUE: reject_warning: RCPT 
 from 1-2-3-4.dynamic.xx[1.2.3.4]: 450 4.1.7 ad...@mydomain.dd: Sender 
 address rejected: unverified address: mail for mydomain.dd loops back to 
 myself; from=ad...@mydomain.dd to=t...@mydomain.dd proto=ESMTP 
 helo=[192.168.1.140]
 Aug  2 13:20:46 node1 postfix-out/smtpd[13643]: 18BF74067D: 
 client=1-2-3-4.dynamic.xx[1.2.3.4], sasl_method=PLAIN, 
 sasl_username=ad...@mydomain.dd
 Aug  2 13:20:46 node1 postfix-out/cleanup[13649]: 18BF74067D: 
 message-id=55bdfcfd.7050...@mydomain.dd
 Aug  2 13:20:46 node1 postfix-out/qmgr[12600]: 18BF74067D: 
 from=ad...@mydomain.dd, size=563, nrcpt=1 (queue active)
 Aug  2 13:20:46 node1 postfix/smtpd[13652]: connect from 
 mail.mydomain.dd[6.7.8.9]
 Aug  2 13:20:46 node1 postfix-out/smtp[13651]: warning: host 
 mail.mydomain.dd[6.7.8.9]:25 greeted me with my own hostname 
 node25.myserver.ss
 Aug  2 13:20:46 node1 postfix-out/smtp[13651]: warning: host 
 mail.mydomain.dd[6.7.8.9]:25 replied to HELO/EHLO with my own hostname 
 node25.myserver.ss
 Aug  2 13:20:46 node1 postfix-out/smtp[13651]: 18BF74067D: 
 to=t...@mydomain.dd, relay=mail.mydomain.dd[6.7.8.9]:25, delay=0.15, 
 delays=0.07/0/0.08/0, dsn=5.4.6, status=bounced (mail for mydomain.dd loops 
 back to myself)
 Aug  2 13:20:46 node1 postfix/smtpd[13652]: disconnect from 
 mail.mydomain.dd[6.7.8.9] ehlo=1 quit=1 commands=2
 Aug  2 13:20:46 node1 postfix-out/cleanup[13649]: 351E9406A0: 
 message-id=20150802112046.351e940...@node25.myserver.ss
 Aug  2 13:20:46 node1 postfix-out/bounce[13654]: 18BF74067D: sender 
 non-delivery notification: 351E9406A0
 Aug  2 13:20:46 node1 postfix-out/qmgr[12600]: 351E9406A0: from=, 
 size=2339, nrcpt=1 (queue active)
 Aug  2 13:20:46 node1 postfix-out/qmgr[12600]: 18BF74067D: removed
 Aug  2 13:20:46 node1 postfix-out/smtpd[13643]: disconnect from 
 1-2-3-4.dynamic.xx[1.2.3.4] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 
 quit=1 commands=8
 Aug  2 13:20:46 node1 postfix/smtpd[13652]: connect from 
 mail.mydomain.dd[6.7.8.9]
 Aug  2 13:20:46 node1 postfix-out/smtp[13651]: warning: host 
 mail.mydomain.dd[6.7.8.9]:25 greeted me with my own hostname 
 node25.myserver.ss
 Aug  2 13:20:46 node1 postfix-out/smtp[13651]: warning: host 
 mail.mydomain.dd[6.7.8.9]:25 replied to HELO/EHLO with my own hostname 
 node25.myserver.ss
 Aug  2 13:20:46 node1 postfix-out/smtp[13651]: 351E9406A0: 
 to=ad...@mydomain.dd, relay=mail.mydomain.dd[6.7.8.9]:25, delay=0.08, 
 delays=0/0/0.08/0, dsn=5.4.6, status=bounced (mail for mydomain.dd loops back 
 to myself)
 Aug  2 13:20:46 node1 postfix/smtpd[13652]: disconnect from 
 mail.mydomain.dd[6.7.8.9] ehlo=1 quit=1 commands=2
 Aug  2 13:20:46 node1 postfix-out/qmgr[12600]: 351E9406A0: removed
 -- from log --
 
 
 Thanks for help
 Michael Rybnik
 
 

Re: RR Duplicate entry

[wilfried.es...@essignetz.de]

Hi Peter,


retry with grep -i name.surna...@domain.com.


Willi


Am 30.07.2015 um 15:44 schrieb Peter:
 Hi guys, 
 
 I have stumbled upon this warning today while wanting to remove
 duplicates from /etc/postfix/relay_recipients:
 
 [root@mx ~]# postmap /etc/postfix/relay_recipients
 postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry:
 name.surna...@domain.com
 postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry:
 name.surna...@domain.com
 postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry:
 name.surna...@domain.com
 postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry:
 name.surna...@domain.com
 ...
 
 I have got 10 of such entries.
 
 Now:
 
 [root@mx ]# cat /etc/postfix/relay_recipients | grep
 name.surna...@domain.com
 name.surna...@domain.com OK
 
 so tehre is only 1 entry. Why does postfix think the value is
 duplicated?
 
 P.
 

Re: newbie faq - sorry: recipient lists

[wilfried.es...@essignetz.de]

Am 13.06.2015 um 09:51 schrieb Martin S:
 hi,
 
 I've set up a mailserver (as my hosting mail is crap) using this site:
 http://www.server-world.info/en/note?os=CentOS_7p=httpdf=13 I am
 having problems with recipients. No matter how I set up my recipeints
 (local or virtual) I get Recipient address rejected: User unknown in
 relay recipient table

Hi,

it would help to see at least your main.cf your relay recipient file,
and logmessages from postfix.

Do you plan to use this machine for relaying only?


Willi