Re: strange issue with postfix
On 05 Oct 2020, at 13:17, Bob Proulx wrote: > Here is an old resource but one that I think is still very good is > "Jim Seymour's suggestions/examples for Postfix anti-UCE configuration." > >http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt It's good, but it does need some updating as some things are… misleading. For example: If you want smtpd access map entries to match hosts and sub-domains on just the domain part (e.g.: "example.com" matches "host.example.com" and "host.subdomain.example.com," you must specify: parent_domain_matches_subdomains = smtpd_access_maps However, that is the default: # postconf -d parent_domain_matches_subdomains parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps There's the whole section on postfix not supporting cidr tables, which was certainly possible in 2005, but not so much in 2020. But yes, it's still a good starter document for understanding the configuration parameters and the order-of-operations flow, but I wouldn't rely on it to generate you own config without checking some of the `postconf -n` output that gets posted to the list. The one thing that it tries very hard to do is explain the meaning of the sender and recipient maps and while everything there is correct, I think it would still be quite confusing to someone starting off with postfix who is likely to wonder if it means that senders are always local or is senders are never local or if sender might be local and might be not local, which I think is the single biggest stumbling block for those undertaking modifying their postfix configs. Pr maybe it's smtp_ versus smtpd_, a mistake that is in the post: The "general flow" of the smtp_recipient_restrictions … But only smtpd_recipient_restrictions are in the file. But, the biggest thing that makes this document in real need of an update, is the complete lack of mention of postfix's best antispam feature: postscreen. -- Bart, don't use the Touch of Death on your sister.
Re: strange issue with postfix
Erik Thuning wrote: > Ranjan Maitra wrote: > > Thanks, I am not very knowledgeable with regard to postfix being a > > simple user, so do you mind letting me/us know what you had to fix? It > > is kind of forbidding to me. > > > > > Thank you! I had this exact issue and just couldn't wrap my head around > > > what was wrong, this solved things quite nicely. > > If you have different needs you should look into the links sent by Bob > earlier in this thread, there's quite a number of possible policies > available. Here is an old resource but one that I think is still very good is "Jim Seymour's suggestions/examples for Postfix anti-UCE configuration." http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt That posting is filled with very useful, real world, down and dirty, practical information about Postfix configuration in the face of hostile spammers, backscatter, and other abuse. If you have trouble getting started on how things work together then I think that is a good guide to read through carefully. A few times! :-) Bob
Re: strange issue with postfix
I set the following in main.cf: smtpd_relay_restrictions = permit_mynetworks, reject Which, if I understand correctly, should mean that any email coming from addresses specified in mynetworks will be accepted, while all others get rejected. Mynetworks in my case only specifies loopback addresses, so my SMTP server will accept email from localhost and reject all others. If you have different needs you should look into the links sent by Bob earlier in this thread, there's quite a number of possible policies available. /T On 2020-10-02 19:55, Ranjan Maitra wrote: Hi, Thanks, I am not very knowledgeable with regard to postfix being a simple user, so do you mind letting me/us know what you had to fix? It is kind of forbidding to me. Thanks again and best wishes, Ranjan On Fri, 2 Oct 2020 15:52:34 +0200 Erik Thuning wrote: > Thank you! I had this exact issue and just couldn't wrap my head around > what was wrong, this solved things quite nicely. > > /T > > On 2020-10-02 00:00, Bob Proulx wrote: > > Ranjan Maitra wrote: > > > > > Oct 1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in > > parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, > > specify at least one working instance of: reject_unauth_destination, > > defer_unauth_destination, reject, defer, defer_if_permit or > > check_relay_domains > > > > > > My apologies: how do I do this/what should I do here? > > > > Since you haven't shared your postfix configuration but just parts of > > it in the master.cf then we can only point to the documentation. > > > > Start here and read these: > > > > http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions > > > > http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions > > > > What is the value of these for you? This will produce some output > > which shows the current configuration. > > > > postconf smtpd_recipient_restrictions smtpd_relay_restrictions > > > > For my use I leave smtpd_relay_restrictions set to the default value > > and then set smtpd_recipient_restrictions. That's one valid > > combination. But there are others. > > > > At the least I would think something like this: > > > > smtpd_recipient_restrictions = > > permit_mynetworks, > > reject_unauth_destination, > > reject_invalid_hostname, > > reject_non_fqdn_hostname, > > reject_non_fqdn_sender, > > reject_non_fqdn_recipient, > > reject_unknown_sender_domain, > > reject_unknown_recipient_domain > > > > But in real use I have a much longer list with a lot more there for > > blocking spam and other things. You should understand it before using > > it and adjust it as needed for your environment. > > > > Bob > -- Important Notice: This mailbox is ignored: e-mails are set to be deleted on receipt. Please respond to the mailing list if appropriate. For those needing to send personal or professional e-mail, please use appropriate addresses.
Re: strange issue with postfix
Hi, Thanks, I am not very knowledgeable with regard to postfix being a simple user, so do you mind letting me/us know what you had to fix? It is kind of forbidding to me. Thanks again and best wishes, Ranjan On Fri, 2 Oct 2020 15:52:34 +0200 Erik Thuning wrote: > Thank you! I had this exact issue and just couldn't wrap my head around > what was wrong, this solved things quite nicely. > > /T > > On 2020-10-02 00:00, Bob Proulx wrote: > > Ranjan Maitra wrote: > > > > > Oct 1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in > > parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, > > specify at least one working instance of: reject_unauth_destination, > > defer_unauth_destination, reject, defer, defer_if_permit or > > check_relay_domains > > > > > > My apologies: how do I do this/what should I do here? > > > > Since you haven't shared your postfix configuration but just parts of > > it in the master.cf then we can only point to the documentation. > > > > Start here and read these: > > > > http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions > > > > http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions > > > > What is the value of these for you? This will produce some output > > which shows the current configuration. > > > > postconf smtpd_recipient_restrictions smtpd_relay_restrictions > > > > For my use I leave smtpd_relay_restrictions set to the default value > > and then set smtpd_recipient_restrictions. That's one valid > > combination. But there are others. > > > > At the least I would think something like this: > > > > smtpd_recipient_restrictions = > > permit_mynetworks, > > reject_unauth_destination, > > reject_invalid_hostname, > > reject_non_fqdn_hostname, > > reject_non_fqdn_sender, > > reject_non_fqdn_recipient, > > reject_unknown_sender_domain, > > reject_unknown_recipient_domain > > > > But in real use I have a much longer list with a lot more there for > > blocking spam and other things. You should understand it before using > > it and adjust it as needed for your environment. > > > > Bob > -- Important Notice: This mailbox is ignored: e-mails are set to be deleted on receipt. Please respond to the mailing list if appropriate. For those needing to send personal or professional e-mail, please use appropriate addresses.
Re: strange issue with postfix
Thank you! I had this exact issue and just couldn't wrap my head around what was wrong, this solved things quite nicely. /T On 2020-10-02 00:00, Bob Proulx wrote: Ranjan Maitra wrote: > > > Oct 1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains > > My apologies: how do I do this/what should I do here? Since you haven't shared your postfix configuration but just parts of it in the master.cf then we can only point to the documentation. Start here and read these: http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions What is the value of these for you? This will produce some output which shows the current configuration. postconf smtpd_recipient_restrictions smtpd_relay_restrictions For my use I leave smtpd_relay_restrictions set to the default value and then set smtpd_recipient_restrictions. That's one valid combination. But there are others. At the least I would think something like this: smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain But in real use I have a much longer list with a lot more there for blocking spam and other things. You should understand it before using it and adjust it as needed for your environment. Bob
Re: strange issue with postfix
Ranjan Maitra wrote: > > > Oct 1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in parameter > > > smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at > > > least one working instance of: reject_unauth_destination, > > > defer_unauth_destination, reject, defer, defer_if_permit or > > > check_relay_domains > > My apologies: how do I do this/what should I do here? Since you haven't shared your postfix configuration but just parts of it in the master.cf then we can only point to the documentation. Start here and read these: http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions What is the value of these for you? This will produce some output which shows the current configuration. postconf smtpd_recipient_restrictions smtpd_relay_restrictions For my use I leave smtpd_relay_restrictions set to the default value and then set smtpd_recipient_restrictions. That's one valid combination. But there are others. At the least I would think something like this: smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain But in real use I have a much longer list with a lot more there for blocking spam and other things. You should understand it before using it and adjust it as needed for your environment. Bob
Re: strange issue with postfix
> > On Oct 1, 2020, at 2:18 PM, Ranjan Maitra wrote: > > Thanks, very much. So when I hit "Send" on sylpheed, it goes on a tailspin, > and says: Connecting to SMTP server: localhost > > Looking at the /var/log/maillog as you suggested, I get: > > Oct 1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in parameter > smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least > one working instance of: reject_unauth_destination, defer_unauth_destination, > reject, defer, defer_if_permit or check_relay_domains As someone else already replied, the problem is with the smtp_relay_restrictions or smtp_recipient_restrictions. > And here is what happens when I send mail from the commandline: > > Oct 1 14:11:42 localhost postfix/pickup[3995696]: 44C4416239C: uid=1000 > from= But when you use the command line, the mail enters Postfix via the pickup service. That’s completely different from smtpd (that’s the SMTP daemon). Command line works because having the mail enter via pickup does not use the bad smtpd_…_restrictions parameters. -- Larry Stone lston...@stonejongleux.com
Re: strange issue with postfix
On Thu, 1 Oct 2020 15:39:55 -0400 "Demi M. Obenour" wrote: > On 2020-10-01 15:18, Ranjan Maitra wrote: > > Thanks, very much. So when I hit "Send" on sylpheed, it goes on a tailspin, > > and says: Connecting to SMTP server: localhost > > > > Looking at the /var/log/maillog as you suggested, I get: > > > > Oct 1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in parameter > > smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least > > one working instance of: reject_unauth_destination, > > defer_unauth_destination, reject, defer, defer_if_permit or > > check_relay_domains > > That is your problem. You haven’t told Postfix what restrictions > it should impose on mail relaying, so it exits to avoid becoming an > open relay. > My apologies: how do I do this/what should I do here? Thanks, Ranjan
Re: strange issue with postfix
On 2020-10-01 15:18, Ranjan Maitra wrote: > Thanks, very much. So when I hit "Send" on sylpheed, it goes on a tailspin, > and says: Connecting to SMTP server: localhost > > Looking at the /var/log/maillog as you suggested, I get: > > Oct 1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in parameter > smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least > one working instance of: reject_unauth_destination, defer_unauth_destination, > reject, defer, defer_if_permit or check_relay_domains That is your problem. You haven’t told Postfix what restrictions it should impose on mail relaying, so it exits to avoid becoming an open relay. Demi signature.asc Description: OpenPGP digital signature
Re: strange issue with postfix
Thanks, very much. So when I hit "Send" on sylpheed, it goes on a tailspin, and says: Connecting to SMTP server: localhost Looking at the /var/log/maillog as you suggested, I get: Oct 1 14:08:00 localhost postfix/smtpd[4142479]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains Oct 1 14:08:01 localhost postfix/master[1216]: warning: process /usr/libexec/postfix/smtpd pid 4142479 exit status 1 Oct 1 14:08:01 localhost postfix/master[1216]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling And here is what happens when I send mail from the commandline: Oct 1 14:11:42 localhost postfix/pickup[3995696]: 44C4416239C: uid=1000 from= Oct 1 14:11:42 localhost postfix/cleanup[4148016]: 44C4416239C: message-id=<20201001191142.44c44162...@localhost.name.removed> Oct 1 14:11:42 localhostlocalhost postfix/qmgr[1218]: 44C4416239C: from=, size=492, nrcpt=1 (queue active) Oct 1 14:11:42 localhost postfix/smtp[4148018]: 44C4416239C: to=, relay=mailhub.name.removed[129.186.140.5]:25, delay=0.09, delays=0.07/0/0.01/0.02, dsn=2.0.0, status=sent (250 2.0.0 091JBg2r014199 Message accepted for delivery) Oct 1 14:11:42 localhost postfix/cleanup[4148016]: 5D4A616239D: message-id=<20201001191142.5d4a6162...@localhost.name.removed> Oct 1 14:11:42 localhost postfix/bounce[4148019]: 44C4416239C: sender delivery status notification: 5D4A616239D Oct 1 14:11:42 localhost postfix/qmgr[1218]: 5D4A616239D: from=<>, size=2305, nrcpt=1 (queue active) Oct 1 14:11:42 localhost postfix/qmgr[1218]: 44C4416239C: removed Oct 1 14:11:42 localhost postfix/local[4148020]: 5D4A616239D: to=, relay=local, delay=0.07, delays=0.04/0/0/0.03, dsn=2.0.0, status=sent (delivered to mailbox) Oct 1 14:11:42 localhost postfix/qmgr[1218]: 5D4A616239D: removed What should I be looking at from here? The thing is that sylpheed is set up exactly the same for my home (the same machine). Many thanks, Ranjan On Thu, 1 Oct 2020 22:04:26 +0300 IL Ka wrote: > Hi. > I'd start with checking your logs (i.e. "/var/log/maillog") > > On Thu, Oct 1, 2020 at 10:01 PM Ranjan Maitra wrote: > > > Hi, > > > > I have an issue that I can not resolve at my work environment. > > > > When I use commandline mail, my e-mail gets delivered. > > > > However, when I use a mailer (like sylpheed) to use localhost, it does not > > get delivered. I have SMTP port set to the default, and this same setup > > works fine when I send e-mail from my home machine. What could be wrong, > > and how may I fix it? Any suggestions? > > > > Many thanks and best wishes, > > Ranjan > > > > -- Important Notice: This mailbox is ignored: e-mails are set to be deleted on receipt. Please respond to the mailing list if appropriate. For those needing to send personal or professional e-mail, please use appropriate addresses.
Re: strange issue with postfix
Hi. I'd start with checking your logs (i.e. "/var/log/maillog") On Thu, Oct 1, 2020 at 10:01 PM Ranjan Maitra wrote: > Hi, > > I have an issue that I can not resolve at my work environment. > > When I use commandline mail, my e-mail gets delivered. > > However, when I use a mailer (like sylpheed) to use localhost, it does not > get delivered. I have SMTP port set to the default, and this same setup > works fine when I send e-mail from my home machine. What could be wrong, > and how may I fix it? Any suggestions? > > Many thanks and best wishes, > Ranjan > >
strange issue with postfix
Hi, I have an issue that I can not resolve at my work environment. When I use commandline mail, my e-mail gets delivered. However, when I use a mailer (like sylpheed) to use localhost, it does not get delivered. I have SMTP port set to the default, and this same setup works fine when I send e-mail from my home machine. What could be wrong, and how may I fix it? Any suggestions? Many thanks and best wishes, Ranjan
A strange issue with postfix and altermime - redux
Well, I sent the message though, with altermime enabled, and it chopped it off. I've disabled it to send this message. Nick Original Message Message-ID: 532c4b17.2020...@krescendo.com Date: Fri, 21 Mar 2014 14:22:15 + From: Nick Warr nick.w...@krescendo.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: postfix-users@postfix.org Subject:A strange issue with postfix and altermime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I am running a CentOS 6.3 server with postfix 2.6 and altermime 0.3.10. I use altermime to append disclaimers to emails submitted by my users through port port 587, and 99.95% of the time it works without issue, recently we've had a few issues with messages sent from Mac Outlook clients, the issue is definitely related to altermime, if I disable the filter script, the problem no longer occurs. The issue is due to what is fortunately a fairly rare occurence, in the body text, there is a sentence exactly 76 characters long, including spaces, and as many sentences do, it finishes with a period, but since the period is the 77th character, it gets bumped down to the next line (and an = gets appended to the end of the sentence). Here is what it looks like, with names obscured, if it goes through the server with the altermime disclaimer disabled. This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --B_3478240988_27375889 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: quoted-printable Hi XX, This is definitely the remains of the EQCallTracker API integration since w= e originally only supported secondary allocations for the EQCallTracker teams= . I assume it would be easy enough to change this though, with a small enhancement. Kind Regards X. From: X X .xx...@krescendo.com Date: Thursday, 20 March 2014 16:58 To: XX xxx.x...@.com Cc: 'XX, XXXx XXX' .x...@.com, ConQuest Dev conquest...@krescendo.com Subject: RE: Call API question: handling of Secondary Allocation parameter= s Hi X, =20 Unfortunately no, there aren=B9t =B3hidden=B2 parameters for secondary allocation level/group. For the secondary allocation, the level is always defaulted to L2 and the group to N/A. =20 Regards, There are about three quoted messages underneath that, but I just lopped them off. This is what happens when the disclaimer is enabled; This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --B_3478241259_27341821 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: quoted-printable Hi XX, This is definitely the remains of the EQCallTracker API integration since w= e originally only supported secondary allocations for the EQCallTracker teams= --B_3478241259_27341821-- As you can see, either postfix or altermime is seeing the period by itself as a terminator of the SMTP conversation, at least for that section. I'm fairly sure it's altermime's fault (though through pipe or when it re-injects the message to postfix, I don't know), and as it's a rather rare occurence, I'm hesitant to play with the entry in master.cf, I'm thinking that the EOL setting, or a flag might make a difference, but I thought asking first might be prudent. This is the entry in master.cf dfilt unix- n n - - pipe flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} -- ${recipient} Any advice or recommendations? Thanks, Nick
Re: A strange issue with postfix and altermime - redux
On Fri, Mar 21, 2014 at 02:24:49PM +, Nick Warr wrote: This is the entry in master.cf dfilt unix- n n - - pipe flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} -- ${recipient} Any advice or recommendations? Edit the filter script, and make sure it invokes the sendmail(1) command with a -i option and (as should be already the case) without any -t option. sendmail -i -f $sender -- $@ if the argument list is simply copied from the arguments to disclaimer, add a -i before -f. -- Viktor.
Re: A strange issue with postfix and altermime - redux
On 21/03/2014 16:54, Viktor Dukhovni wrote: On Fri, Mar 21, 2014 at 02:24:49PM +, Nick Warr wrote: This is the entry in master.cf dfilt unix- n n - - pipe flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} -- ${recipient} Any advice or recommendations? Edit the filter script, and make sure it invokes the sendmail(1) command with a -i option and (as should be already the case) without any -t option. sendmail -i -f $sender -- $@ if the argument list is simply copied from the arguments to disclaimer, add a -i before -f. I just had to add in -i, From $SENDMAIL $@ in.$$ to $SENDMAIL -i $@ in.$$ Thank you! Nick __ This email is confidential and subject to Krescendo's Email Usage and Information Classification Policies.
Re: A strange issue with postfix and altermime - redux
Nick Warr: On 21/03/2014 16:54, Viktor Dukhovni wrote: On Fri, Mar 21, 2014 at 02:24:49PM +, Nick Warr wrote: This is the entry in master.cf dfilt unix- n n - - pipe flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} -- ${recipient} Any advice or recommendations? Edit the filter script, and make sure it invokes the sendmail(1) command with a -i option and (as should be already the case) without any -t option. sendmail -i -f $sender -- $@ if the argument list is simply copied from the arguments to disclaimer, add a -i before -f. I just had to add in -i, From $SENDMAIL $@ in.$$ to $SENDMAIL -i $@ in.$$ The Postfix FILTER_README instructions have: SENDMAIL=/usr/sbin/sendmail -G -i # NEVER NEVER NEVER use -t here. Wietse
Re: A strange issue with postfix and altermime - redux
On 21/03/2014 17:25, Wietse Venema wrote: Nick Warr: On 21/03/2014 16:54, Viktor Dukhovni wrote: On Fri, Mar 21, 2014 at 02:24:49PM +, Nick Warr wrote: This is the entry in master.cf dfilt unix- n n - - pipe flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} -- ${recipient} Any advice or recommendations? Edit the filter script, and make sure it invokes the sendmail(1) command with a -i option and (as should be already the case) without any -t option. sendmail -i -f $sender -- $@ if the argument list is simply copied from the arguments to disclaimer, add a -i before -f. I just had to add in -i, From $SENDMAIL $@ in.$$ to $SENDMAIL -i $@ in.$$ The Postfix FILTER_README instructions have: SENDMAIL=/usr/sbin/sendmail -G -i # NEVER NEVER NEVER use -t here. Wietse You are correct, my mistake was using a script assembled by someone else, and assuming they had sanity-checked it. Nick __ This email is confidential and subject to Krescendo's Email Usage and Information Classification Policies.