Re: Local network MX for newsletters and high volume mailing questions

[Thijssen]

OK, nobody has anything to say on this?

On Fri, Apr 11, 2014 at 1:13 AM, Thijssen jul...@gmail.com wrote:

 We decided to create a special MX for just the bulk mailings within
 our IP-block, the datacentre network we maintain. Here's where my
 questions arise:

 The setup is as follows:
 - We have many servers within the same range, 10.20.30.x (I'll use
 IPv4 only for ease now),
 some of them have websites and/or are shared hosting servers that are
 using a SaaS home-made mailing-GUI for their newsletters and similar
 high volume recipient list mails.
 - Our primary MX that needs to send out the bulk for them all is 10.20.30.7
 - Is there a way to NOT have to tell postfix to allow the sending
 domain names, but just the server's IP-addresses that hold those who'd
 like to send out those mails via 10.20.30.7 ?
 I would basically like them to use any (valid domain's) from-field
 they want, and postfix would have to allow it because the source is
 one of our own servers.

How do I configure that?
The postfix config mentions 'relay domains', an IP address is not a domain.

 Below is my config, it does not want to relay mail from those local
 servers and I'm not sure why. Do I really have to note down all
 from-field domains as allowed or what is the best way to accomplish
 this? I have commented out a lot in this config, because I'm working
 on getting it as perfect as possible for our purpose.

 Thanks in advance for any and all feedback on this config, feel free
 to add improvements:
 [root@somemailer~]# cat /etc/postfix/main.cf

 smtpd_banner = $myhostname ESMTP $mail_name
 #relay_domains = $mydestination, somemailer.net
 #relay_recipient_maps =
 #relayhost =
 #transport_maps = hash:/etc/postfix/transport

 debug_peer_level = 2
 debugger_command =
  PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
  ddd $daemon_directory/$process_name $process_id  sleep 5

 alias_maps = hash:/etc/aliases
 sendmail_path = /usr/sbin/sendmail.postfix
 #newaliases_path = /usr/bin/newaliases.postfix
 mailq_path = /usr/bin/mailq.postfix
 setgid_group = postdrop
 html_directory = no
 manpage_directory = /usr/share/man
 readme_directory = /usr/share/doc/postfix-2.8.14/README_FILES

 inet_protocols = ipv4
 # :-/ inet_protocols = all
 inet_interfaces = 10.20.30.7, 127.0.0.1
 smtp_bind_address =
 mynetworks = 127.0.0.0/8 [::1]/128 192.168.2.0/24, 10.20.30.0/24
 smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128 192.168.2.0/24
 10.20.30.0/24
 smtp_send_xforward_command = yes

 mydomain = somemailer.net
 myhostname = bulk.somemailer.net
 myorigin = $myhostname
 mydestination = $myhostname, localhost.$mydomain, localhost,
 $mydomain, mailer.$mydomain
 recipient_delimiter = +

 # tempfailed adapted to 3 minutes:
 queue_run_delay = 180s
 minimal_backoff_time = 180s
 maximal_backoff_time = 3601s

 disable_vrfy_command = yes
 biff = no
 default_process_limit = 1000
 trigger_timeout = 1
 # ? in_flow_delay = 1s
 smtpd_delay_reject = yes

 smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,
 reject_unknown_sender_domain, check_sender_access
 hash:/etc/postfix/sender_access, permit
 smtpd_data_restrictions = reject_multi_recipient_bounce,
 reject_unauth_pipelining, permit
 smtpd_client_restrictions = permit_mynetworks
 smtpd_relay_restrictions = permit_mynetworks,
 reject_unauth_destination, permit_sasl_authenticated
 smtpd_recipient_restrictions = reject_unauth_destination,
 reject_invalid_hostname, reject_non_fqdn_recipient,
 reject_unknown_recipient_domain, check_client_access
 hash:/etc/postfix/whitelist, reject_unauth_pipelining,
 reject_non_fqdn_sender, reject_unknown_sender_domain,
 reject_rbl_client bl.spamcop.net, reject_rbl_client
 hosts.rbl.zonnet.net, reject_rbl_client virbl.dnsbl.bit.nl,
 reject_rbl_client bl.shlink.de, reject_rbl_client bl.blocklist.de,
 reject_rbl_client spamguard.leadmon.net, reject_rbl_client
 mail-abuse.blacklist.jippg.org, permit

 default_destination_concurrency_limit = 0
 smtp_destination_concurrency_limit = 0
 slow_destination_concurrency_failed_cohort_limit = 100
 smtp_destination_rate_delay = 1s
 slow_destination_rate_delay = 1
 smtp_extra_recipient_limit = 10
 smtp_connect_timeout = 30
 smtp_extra_recipient_limit = 10
 smtpd_timeout = 3600s
 smtpd_proxy_timeout = 3600s
 smtpd_error_sleep_time = 2s
 smtpd_soft_error_limit = 8
 smtpd_hard_error_limit = 18
 smtpd_recipient_limit = 120
 smtpd_reject_unlisted_recipient = yes
 smtpd_reject_unlisted_sender = yes
 smtpd_reject_footer = For assistance, contact us at
 hostmas...@somemailer.nl, and please provide the following information
 in your problem report: time ($localtime), client ($client_address)
 and server ($server_name).
 smtpd_client_message_rate_limit = 48
 smtpd_client_recipient_rate_limit = 30

 queue_minfree = 12288
 qmgr_message_active_limit = 12000
 qmgr_message_recipient_limit = 12000
 qmgr_site_hog_factor = 100
 bounce_size_limit = 15
 mailman_destination_recipient_limit = 1
 mailbox_size_limit = 0
 

Re: Local network MX for newsletters and high volume mailing questions

[/dev/rob0]

On Sun, Apr 13, 2014 at 03:26:43PM +0200, Thijssen wrote:
 OK, nobody has anything to say on this?

The post contained a lot of misunderstanding, and it is difficult to 
know where to begin, but I'll make at least an initial try.

 On Fri, Apr 11, 2014 at 1:13 AM, Thijssen jul...@gmail.com wrote:
 
  We decided to create a special MX for just the bulk mailings

This is unclear. MX is about receiving mail, but it sounds like you 
are talking about sending bulk mail?

  within our IP-block, the datacentre network we maintain. Here's
  where my questions arise:
 
  The setup is as follows:
  - We have many servers within the same range, 10.20.30.x (I'll
  use IPv4 only for ease now),
  some of them have websites and/or are shared hosting servers
  that are using a SaaS home-made mailing-GUI for their
  newsletters and similar high volume recipient list mails.

You are an ESP? Or is this all in-house?

  - Our primary MX that needs to send out the bulk for them all is 
  10.20.30.7

I guess you mean MTA, not MX.

  - Is there a way to NOT have to tell postfix to allow the sending 
  domain names, but just the server's IP-addresses that hold those 
  who'd like to send out those mails via 10.20.30.7 ?

Where did you get the idea that Postfix is checking sender domain 
names? By default this is not so.

  I would basically like them to use any (valid domain's)
  from-field they want, and postfix would have to allow it
  because the source is one of our own servers.
 
 How do I configure that?

Perhaps you want to look up postconf.5.html#mynetworks ... linked 
from the Basic readme:

http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from

 The postfix config mentions 'relay domains', an IP address is
 not a domain.

Right, and relay_domains is about receiving mail, not sending.

  Below is my config, it does not want to relay mail from those 
  local servers and I'm not sure why.

You did not show logs.

  Do I really have to note down all from-field domains as allowed 

Of course not.

  or what is the best way to accomplish this? I have commented
  out a lot in this config, because I'm working on getting it
  as perfect as possible for our purpose.
 
  Thanks in advance for any and all feedback on this config,
  feel free to add improvements:
  [root@somemailer~]# cat /etc/postfix/main.cf

The list welcome message and DEBUG_README.html#mail both tell you 
*NOT* to do this. Send postconf -n, and include logs which show 
the problem you are having.

General advice: hire a good ESP to handle your bulk mail sending 
needs. Three [mostly-]well-regarded ESPs I can recommend, in no 
particular order: Mailchimp, Sendgrid, Constant Contact. They know 
mail, and they have relationships with large receivers. If revenue
depends on your bulk mail, their fees will be money well spent.

(Perhaps they have reseller arrangements, if that is what's 
appropriate in your case.)

Anyway, mynetworks (and the permit_mynetworks restriction) is the 
answer to the question as posed, so I'll stop here.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if /dev/rob0 is in the Subject:

Re: Local network MX for newsletters and high volume mailing questions

[Wietse Venema]

Thijssen:
 OK, nobody has anything to say on this?
 
 On Fri, Apr 11, 2014 at 1:13 AM, Thijssen jul...@gmail.com wrote:
 
  We decided to create a special MX for just the bulk mailings within
  our IP-block, the datacentre network we maintain. Here's where my
  questions arise:
 
  The setup is as follows:
  - We have many servers within the same range, 10.20.30.x (I'll use
...
  - Our primary MX that needs to send out the bulk for them all is 10.20.30.7
  - Is there a way to NOT have to tell postfix to allow the sending
  domain names, but just the server's IP-addresses that hold those who'd
  like to send out those mails via 10.20.30.7 ?

Postfix relay control is set up as follows:

mynetworks = 10.20.30.0/24 127.0.0.0/8
smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination

Look Ma! No domain names!

Some Postfix versions do the above in smtpd_recipient_restrictions
instead of the newer smtpd_relay_restrictions.

Wietse