|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Victor Duchovni (Victor.Duchovni
MorganStanley.com)
Date: Tue Jul 20 2004 - 07:36:22 CDT
On Tue, Jul 20, 2004 at 02:27:54PM +0200, CutMaster wrote:
> But the problem is that, using this method, postfix ALWAYS uses the
> relayhost to send mail georgin.com The way I wanted to do is that,
> if a mail has to be sent to georgin.com AND IS NOT "one of the listed
> email addresses" so it deliver it directly to local mailboxes (to permit
> to distributed internal email even if the internet connexion is down).
This is documented:
http://www.postfix.org/ADDRESS_REWRITING_README.html
http://www.postfix.org/ADDRESS_REWRITING_README.html#virtual
http://www.postfix.org/ADDRESS_REWRITING_README.html#transport
http://www.postfix.org/ADDRESS_REWRITING_README.html#aliases
http://www.postfix.org/ADDRESS_REWRITING_README.html#luser_relay
http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/ADDRESS_CLASS_README.html#classes
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
From: Richard Wood (richardukrm.co.uk)
Date: Tue Jul 20 2004 - 07:41:50 CDT
From: "Ralf Hildebrandt" <Ralf.Hildebrandtcharite.de>
> * Richard Wood <richardukrm.co.uk>:
>
> > Would there happen to be a script that takes the output of postqueue,
> > gives me a little menu of all the message IDs with the option of
> > viewing them via postcat, and deleting or unholding them?
>
> Yes, on my webpages
Thanks.
I've downloaded them, upon running qvmenu.pl I get
"Can't locate Curses/UI.pm in <snip directories>"
Tried to do an install Curses from CPAN but that failed to
compile with :-
"Curses.c:275: error: too few arguments to function `Perl_sv_isa'"
plus many warning, and many functions "NOT found".
Googling returned very little (just one log file, not really any use!)
Any clues as to what I should do next?
Thanks,
Richard
From: Wietse Venema (wietseporcupine.org)
Date: Tue Jul 20 2004 - 07:45:01 CDT
CutMaster:
[ Charset ISO-8859-1 unsupported, converting... ]
> Thanks Wietse.
>
> But the problem is that, using this method, postfix ALWAYS uses the relayhost to send mail georgin.com
> The way I wanted to do is that, if a mail has to be sent to georgin.com AND IS NOT "one of the listed email addresses" so it deliver it directly to local mailboxes (to permit to distributed internal email even if the internet connexion is down).
>
> Any idea ?
Yes. Give local georgin.com users a local(8) alias
thisuser userthis.server
otheruser userother.server
And don't believe what people say about mail loops and Delivered-To:
message headers.
Wietse
From: CutMaster (postfixvlproduction.com)
Date: Tue Jul 20 2004 - 07:49:40 CDT
----- Original Message -----
From: Wietse Venema
To: CutMaster
Cc: postfix-userspostfix.org
Sent: Tuesday, July 20, 2004 2:45 PM
Subject: Re: How to relay only some email addresses ?
CutMaster:
[ Charset ISO-8859-1 unsupported, converting... ]
> Thanks Wietse.
>
> But the problem is that, using this method, postfix ALWAYS uses the relayhost to send mail georgin.com
> The way I wanted to do is that, if a mail has to be sent to georgin.com AND IS NOT "one of the listed email addresses" so it deliver it directly to local mailboxes (to permit to distributed internal email even if the internet connexion is down).
>
> Any idea ?
Yes. Give local georgin.com users a local(8) alias
thisuser userthis.server
otheruser userother.server
And don't believe what people say about mail loops and Delivered-To:
message headers.
Wietse
In fact, Thanks to Victor Duchovni, the good result is the following :
- Let the mydestination handle the domain georgin.com
- Set local_recipient_maps to nothing
- Put the users to relay in luser_relay like luser_relay = someonegeorgin.com, someoneelsegeorgin.com
Thanks for your help guys :)
From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Tue Jul 20 2004 - 08:05:45 CDT
On Tue, Jul 20, 2004 at 02:29:14PM +0200, Arvinn L?kkebakken wrote:
> >The Exchange guys use this scheme. That's why Exchange is so unreliable.
> >
>
> Does it have to be unreliable? In my experience Exchange is unreliable
> because of a lot of things. But then again, Exchange is much more than a
> MTA, so it's kinda not the right example to look at anyway IMO.
>
Exchange is a mailstore with an MTA bolted-on for state replication and
messaging. While the MTA could use a dose of transparency and better
logging, the real problem is the storage, not the fancy features, but
the underlying storage design.
The choice of a monolithic store for mail is a major design error, since
it imposes excessive global consistency requirements that make recovery
difficult, and corruption likely.
File-systems offer fine-grained rather than global consistency:
Directories point at files that really exist, files point at blocks that
belong to them, data flushed to a file persists after a sync operation
(explicit or delayed from the buffer cache). Even if a single file is
corrupted, global file-system corruption is rare with mature file-systems
(I make no specific public claims about which file-systems are mature
on which OS).
By separating data and meta-data into different files, and ideally
meta-data for each folder into a separate file, a mailstore can support
fast meta-data recovery (it is the meta-data that is most likely to
become corrupted).
File-systems support a rich ecosystem of file manipulation tools, if
something goes wrong the mail-store meta-data the administrator can
still wrest the underlying content from the mailstore and re-build
(portions of) the meta-data, obviating the need for a full data and
meta-data recovery (in these days of TB sized stores full recovery can
be totally impractical).
File-system recovery can be faster than database recovery because it is
not necessary to arrive at a globally consistent state. One can recover
parts of a file-system, restoring individual mailboxes or messages.
I cannot honestly recommend to anyone a mailstore design based on any
database, regardless of the technology.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Tue Jul 20 2004 - 08:08:32 CDT
On Tue, Jul 20, 2004 at 02:49:40PM +0200, CutMaster wrote:
> - Put the users to relay in luser_relay like luser_relay =
> someonegeorgin.com, someoneelsegeorgin.com > > Thanks for your help
You have failed to understand luser_relay. Read the documentation again,
see also the local(8) manpage.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
From: Xavier Beaudouin (kiwioav.net)
Date: Tue Jul 20 2004 - 08:13:57 CDT
Hello there,
My mailhub is getting more and more spam that have Subject header like
this :
Subject: $85145
Starting with a $ and 5 numbers only.
SA is not enough to kill it... But I really like to kill such spams
directly using good and nice regexp... So anyone have a optimized one
on his desk ?
Thanks,
/Xavier
--
Xavier Beaudouin - Unix System Administrator & Projects Leader.
President of Kazar Organization : http://www.kazar.net/
Please visit http://caudium.net/, home of Caudium & Camas projects
From: Wietse Venema (wietseporcupine.org)
Date: Tue Jul 20 2004 - 08:17:17 CDT
CutMaster:
> > But the problem is that, using this method, postfix ALWAYS uses the relayhost to send mail georgin.com
> > The way I wanted to do is that, if a mail has to be sent to georgin.com AND IS NOT "one of the listed email addresses" so it deliver it directly to local mailboxes (to permit to distributed internal email even if the internet connexion is down).
> >
> > Any idea ?
>
> Yes. Give local georgin.com users a local(8) alias
>
> thisuser userthis.server
> otheruser userother.server
>
> And don't believe what people say about mail loops and Delivered-To:
> message headers.
>
> Wietse
>
>
> In fact, Thanks to Victor Duchovni, the good result is the following :
>
> - Let the mydestination handle the domain georgin.com
> - Set local_recipient_maps to nothing
> - Put the users to relay in luser_relay like luser_relay = someonegeorgin.com, someoneelsegeorgin.com
>
> Thanks for your help guys :)
DO NOT use luser_relay for this.
DO USE local aliases or transport maps.
Wietse
From: Dimitri Aivaliotis (dnaeveryware.ch)
Date: Tue Jul 20 2004 - 08:18:48 CDT
check the archives for a thread with subject "regexp mime_header_checks : subject" started this past sunday
- Dimitri
On Tue, 20 Jul 2004 15:13:57 +0200
Xavier Beaudouin <kiwioav.net> wrote:
> Hello there,
>
> My mailhub is getting more and more spam that have Subject header like
> this :
>
> Subject: $85145
>
> Starting with a $ and 5 numbers only.
>
> SA is not enough to kill it... But I really like to kill such spams
> directly using good and nice regexp... So anyone have a optimized one
> on his desk ?
>
> Thanks,
> /Xavier
>
> --
> Xavier Beaudouin - Unix System Administrator & Projects Leader.
> President of Kazar Organization : http://www.kazar.net/
> Please visit http://caudium.net/, home of Caudium & Camas projects
>
>
> !DSPAM:40fd1aaa506788517415467!
>
>
--
Dimitri Aivaliotis
EveryWare AG
Birmensdorferstrasse 125
8003 Zurich
tel: +41 (1) 466 60 00
fax: +41 (1) 466 60 10
From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Tue Jul 20 2004 - 08:27:43 CDT
On Tue, Jul 20, 2004 at 09:17:17AM -0400, Wietse Venema wrote:
> DO NOT use luser_relay for this.
>
> DO USE local aliases or transport maps.
>
Likely either local (aliases(5)) or virtual (virtual(5)) aliases are
necessary, because the ultimate destination for the users who are not
local will, unless configured to short-circuit individual mailboxes,
forward all mail addressed to the domain back to the primary MX.
The OP needs to diagram the delivery logic for various users conving
himself that mail delivery follows the appropriate loop-free paths in
all cases.
The tools at hand are virtual_alias_maps (virtual(5)), alias_maps
(aliases(5)), transport_maps (transport(5)), in and in rare cases
luser_relay, but either virtual_alias_maps or alias_maps is usually the
right answer and they do not require disabling recipient validation.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
From: Matthias Andree (madt.e-technik.uni-dortmund.de)
Date: Tue Jul 20 2004 - 08:37:03 CDT
On Tue, 20 Jul 2004, Wietse Venema wrote:
> > This will only lead spammers to identity theft, using addresses
> > harvested from the net. Not really useful.
>
> I have the right to stop spam that is sent to my machine,
> and I won't let you dispute that right.
I don't dispute your right,
but I dispute workability of this particular technical solution in the
long run.
We've seen blacklists, and the result was that spammers started using
home computers as spam relays (through mail worms).
We've seen address verification start and spammers and worms harvest
used addresses.
Seen from a distance, spamming is a social and economical problem that
cannot be solved technically.
All technical solutions we are implementing that fall short of real
authentication and accountability and letting the SENDER pay the proper
amount per mail rather than the recipient will ultimately fail.
UCE measures such as sender address verification work only as long as
there are some spammers that roll their dice to create a sender address.
--
Matthias Andree
Encrypted mail welcome: my GnuPG key ID is 0x052E7D95 (PGP/MIME preferred)
From: CutMaster (postfixvlproduction.com)
Date: Tue Jul 20 2004 - 08:48:38 CDT
----- Original Message -----
From: Victor Duchovni
To: postfix-userspostfix.org
Sent: Tuesday, July 20, 2004 3:27 PM
Subject: Re: How to relay only some email addresses ?
On Tue, Jul 20, 2004 at 09:17:17AM -0400, Wietse Venema wrote:
> DO NOT use luser_relay for this.
>
> DO USE local aliases or transport maps.
>
Likely either local (aliases(5)) or virtual (virtual(5)) aliases are
necessary, because the ultimate destination for the users who are not
local will, unless configured to short-circuit individual mailboxes,
forward all mail addressed to the domain back to the primary MX.
The OP needs to diagram the delivery logic for various users conving
himself that mail delivery follows the appropriate loop-free paths in
all cases.
The tools at hand are virtual_alias_maps (virtual(5)), alias_maps
(aliases(5)), transport_maps (transport(5)), in and in rare cases
luser_relay, but either virtual_alias_maps or alias_maps is usually the
right answer and they do not require disabling recipient validation.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
I'm sorry but I'm a newbie and this documentation is REALLY hard to understand.
That's why I ask some help from you.
It's kind of you to tell me which documentation I've to read but if I ask help to you, be sure that I've previously read the www.postfix.org documentation before.
The luser_relay I used works in this particular case.
I tried, before asking your for help, to put the following on transport map file :
someonethedomain.com stmp:mail.thedomain.com
expecting that, only for this email address, postfix will use the mail.thedomain.com relay to send it instead of trying to deliver locally, but it doesn't.
So if I haven't take the good way, can you provide me just a syntax sample of what I've to do to deliver localy all email from thedomain.com EXCEPT for someonethedomain.com which must be sent through the relayhost ?
Thanks again...
From: Schaefer, Dirk Alexander (dasmydom.ath.cx)
Date: Tue Jul 20 2004 - 08:58:00 CDT
Hi there,
i've got a little question about ldap.
A view days ago I tried to configure ldap lookups. But when I'm activate it
I cannot use the mail server anymore.
At the messages log file I see, that postfix is searching for the user
postmaster at the ldap directory but cannot find it and therefore it results
in errors. Does anybody now how to configure it proper and what kind of
objects and attributes are to be added to an user and how to set the correct
values for them?
Thx in advance.
Mit freundlichen Gruessen / With kind regards
D. A. Schaefer
From: Covington, Chris (ccovingtonplusone.com)
Date: Tue Jul 20 2004 - 08:59:03 CDT
>The Exchange guys use this scheme. That's why Exchange is
>so unreliable.
It seems to work well for us. YMMV.
Chris
From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Tue Jul 20 2004 - 09:01:26 CDT
On Tue, Jul 20, 2004 at 03:37:03PM +0200, Matthias Andree wrote:
> I don't dispute your right, but I dispute workability of this particular
> technical solution in the long run.
Everyone may be right, but this discussion belongs (and already died
down) on SPAM-L. The issue there was Verizon's use of a (non-Postfix)
SAV system. There is a big difference between a major ISP using SAV and
Wietse's personal domain using SAV. Most of the real issues arise when
the SAV user has a lot more network and CPU resources than the domain
being verified...
It is probably best to not use Postfix-users cycles to rehash this.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
From: Covington, Chris (ccovingtonplusone.com)
Date: Tue Jul 20 2004 - 09:03:06 CDT
>I tought this was due mostly to the exchange database being
>unmaintainable.
I don't think there's anything wrong with the concept. Most
'enterprise' commercial systems work this way, Lotus, Exchange, Oracle.
I hear the Oracle system is great:
http://www.oracle.com/collabsuite/index.html?feature_email.html
Chris
From: Marcelo Gonçalves Narciso (narcisocnptia.embrapa.br)
Date: Tue Jul 20 2004 - 09:09:19 CDT
Hi,
I have installed and configured postfix.
I can send mail from my domain to
others domains, but I can´t receive mail
from others domains to my domain.
in /var/mail directory postfix don´t write any
message if someone sends mail for me
or any user im cnptia.embrapa.br domain.
If you know what happens, please,
send the answer for narcisocnptia.embrapa.br
thanks a lot
The result or "postconf -n" is
alias_database = dbm:/export/home/postfix/etc/postfix/aliases
alias_maps = dbm:/export/home/postfix/etc/postfix/aliases,
dbm:/export/home/postfix/etc/postfix/majordomo.aliases
command_directory = /export/home/postfix/usr/sbin
config_directory = /etc/postfix
daemon_directory = /export/home/postfix/usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
header_checks = regexp:/export/home/postfix/etc/postfix/header_checks
home_mailbox = /export/home/mail
html_directory = no
inet_interfaces = all
local_recipient_maps =
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command = /usr/sbin/scanmails
mailq_path = /export/home/postfix/usr/bin/mailq
manpage_directory = /export/home/postfix/usr/local/man
message_size_limit = 10485760
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = cnptia.embrapa.br
myhostname = norma.cnptia.embrapa.br
mynetworks = 200.0.70.0/24 192.207.194.0/24
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /export/home/postfix/usr/bin/newaliases
notify_classes = resource, software, policy, bounce, delay
queue_directory = /export/home/postfix/var/spool/postfix
readme_directory = no
relay_domains = $mydomain, localhost
sample_directory = /export/home/postfix/etc/postfix
sendmail_path = /export/home/postfix/usr/lib/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_restrictions = dbm:/export/home/postfix/etc/postfix/access,
reject_maps_rbl
smtpd_helo_required = yes
smtpd_sender_restrictions = dbm:/export/home/postfix/etc/postfix/access,
reject_unknown_sender_domain, warn_if_reject reject_unverified_sender
strict_rfc821_envelopes = yes
unknown_local_recipient_reject_code = 550
From: Wietse Venema (wietseporcupine.org)
Date: Tue Jul 20 2004 - 09:07:57 CDT
Matthias Andree:
> On Tue, 20 Jul 2004, Wietse Venema wrote:
>
> > > This will only lead spammers to identity theft, using addresses
> > > harvested from the net. Not really useful.
> >
> > I have the right to stop spam that is sent to my machine,
> > and I won't let you dispute that right.
>
> I don't dispute your right,
> but I dispute workability of this particular technical solution in the
> long run.
>
> We've seen blacklists, and the result was that spammers started using
> home computers as spam relays (through mail worms).
>
> We've seen address verification start and spammers and worms harvest
> used addresses.
>
> Seen from a distance, spamming is a social and economical problem that
> cannot be solved technically.
The "no silver bullet" statement.
> All technical solutions we are implementing that fall short of real
> authentication and accountability and letting the SENDER pay the proper
> amount per mail rather than the recipient will ultimately fail.
Real authentication will not be the silver bullet. The spammer will
use a backdoored windows PC and impersonate the owner of that
machine until their credential is revoked.
Making the sender pay will not be the silver bullet. The spammer
will use a backdoored windows PC and impersonate the owner of that
machine until their credits run out, and then move to the next
victim.
No single solution will be the silver bullet. Each solution by
itself only raises the bar.
> UCE measures such as sender address verification work only as long as
> there are some spammers that roll their dice to create a sender address.
No silver bullet. That doesn't mean that I have to accept all the
junk mail that is sent to my machine.
Meanwhile, work is under way to attack the problem at multiple
levels, including political, and legal. Only a combination of
technical and non-technical measures and enforcement methods
will get the situation under control.
Wietse
Ali.Naddaftrilogy.com
Date: Tue Jul 20 2004 - 09:09:45 CDT
Dirk,
Take a look at these instructions, they should give you some idea as to
what kind of settings you may need. If you couldn't make it work, drop me
a line and I will try to help you:
http://jeroen.protheus.com/postfix-courier-ldap-howto.html
Ali.
"Schaefer, Dirk Alexander" <dasmydom.ath.cx>
Sent by: owner-postfix-userspostfix.org
07/20/2004 08:58 AM
To: <postfix-userspostfix.org>
cc:
Subject: postfix and ldap
Hi there,
i've got a little question about ldap.
A view days ago I tried to configure ldap lookups. But when I'm activate
it I cannot use the mail server anymore.
At the messages log file I see, that postfix is searching for the user
postmaster at the ldap directory but cannot find it and therefore it
results in errors. Does anybody now how to configure it proper and what
kind of objects and attributes are to be added to an user and how to set
the correct values for them?
Thx in advance?
Mit freundlichen Gruessen / With kind regards
D. A. Schaefer
From: Hariharan Gopalan (hariom100yahoo.com)
Date: Tue Jul 20 2004 - 09:13:58 CDT
Hi all
Was wondering if there was a way for the SMTP server
to respond with different HELO as per the domain name
it is called as, for example, with a single instance
of postfix with virtual domains:
"telnet mail.abc.com 25" should resond as
Trying 9.21.57.75..
Connected to mail.abc.com
Escape character is '^]'.
220 mail.abc.com ESMTP Postfix
And "telnet mail.xyz.com 25" should respond as
Trying 9.21.57.75...
Connected to mail.xyz.com
Escape character is '^]'.
220 mail.xyz.com ESMTP Postfix
Would appreciate any pointers.
thanks
Hariom
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
From: Ian Hunter (ihunterhunterweb.net)
Date: Tue Jul 20 2004 - 09:16:11 CDT
> > testsaslauthd -u <username> -p <password> -s smtp
> >
> > ...works fine, even if I "su postfix" and then run it. (Couldn't get
> > pam working that way, switched to shadow, works fine as shadow)
> >
> > However, when I connect to smtpd (with Outlook Express, ack! phht!),
> > I see absolutely no activity from "saslauthd -d -a shadow" (and I see
> > all kinds of messages when I connect from testsaslauthd) and Outlook
> > keeps prompting me for my username and password.
>
> Usually this indicates that saslauthd and smtpd don't meet at the sasl
> socket.
That's what I thought. I just don't know how to troubleshoot it.
> How do you start saslauthd?
service saslauthd start, the actual command winds up looking like
/usr/sbin/saslauthd -m /var/run/saslauthd -a shadow -V
I stuck the -V in there in hopes of seeing some clue in the logs. Problem
is, I can't find anything in the logs after it starts up. The only
interesting thing I see in the logs is in /var/log/messages, when I try to
authenticate via smtpd:
Jul 20 09:55:08 charlie postfix/smtpd[12106]: unable to dlopen
/usr/lib/sasl/libgssapiv2.so: /usr/lib/sasl/libgssapiv2.so: undefined
symbol: GSS_C_NT_HOSTBASED_SERVICE
But I'm using shadow, and I've seen references to people getting that error
and still being able to authenticate.
> Where does it create the socket?
Per the command above, it winds up in the /var/run/saslauthd directory
> What are the permissions for that directory? Can postfix access it?
Yup, postfix can access it, and in fact, the postfix account can
successfully execute testsaslauthd.
> Can you show a telnet to localhost with EHLO foo to see the AUTH
> announcement?
Sure:
[rootcharlie sasl2]# telnet localhost 4025
Trying 127.0.0.1...
Connected to charlie (127.0.0.1).
Escape character is '^]'.
220 mail.hunterweb.net ESMTP Postfix
EHLO foo
250-mail.hunterweb.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME
> Can you run 'postfinger' to give us debug info for your
> setup?
[rootcharlie sasl2]# postfinger
postfinger - postfix configuration on Tue Jul 20 10:03:22 EDT 2004
version: 1.29
--System Parameters--
mail_version = 2.1.4
hostname = charlie
uname = Linux charlie 2.4.20-24.9 #1 Mon Dec 1 11:35:51 EST 2003 i686 i686
i386 GNU/Linux
--Packaging information--
looks like this postfix comes from RPM package:
postfix-2.1.4-3.sasl1.tls.rh9
--main.cf non-default parameters--
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
html_directory = /usr/share/doc/postfix-2.1.4-documentation/html
luser_relay = postmaster
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
masquerade_domains = $mydomain
mydestination = $mydomain
mydomain = [doesn't matter]
myhostname = [doesn't matter]
mynetworks = [doesn't matter]
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
readme_directory = /usr/share/doc/postfix-2.1.4-documentation/readme
sample_directory = /usr/share/doc/postfix-1.1.12/samples
sendmail_path = /usr/sbin/sendmail.postfix
unknown_local_recipient_reject_code = 450
--master.cf--
smtp inet n - n - - smtpd
4025 inet n - n - - smtpd -o
smtpd_recipient_restrictions=$smtpd2_recipient_restrictions -o
smtpd_sasl_auth_enable=$smtpd2_sasl_auth_enable -o
broken_sasl_auth_clients=yes
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail.postfix
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
-- end of postfinger output --
> Can I write on sentence that doesn't end with a question mark?
I'm seen them from you before, so I'm guessing "yes." :)
Here's a really good example of what's happening, soup to nuts:
--snip--
[rootcharlie root]# useradd sasltest
[rootcharlie root]# passwd sasltest
Changing password for user sasltest.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[rootcharlie root]# testsaslauthd -u sasltest -p sasltest -s smtp
0: OK "Success."
[rootcharlie root]# su postfix
bash-2.05b$ testsaslauthd -u sasltest -p sasltest -s smtp
0: OK "Success."
bash-2.05b$ exit
exit
[rootcharlie root]# cat saslauth.pl
#!/usr/bin/perl -w
use MIME::Base64;
print "Username: ";
chomp($username=<>);
print "Password: ";
chomp($password=<>);
print encode_base64("$username\0$username\0$password");
[rootcharlie root]# ./saslauth.pl
Username: sasltest
Password: sasltest
c2FzbHRlc3QAc2FzbHRlc3QAc2FzbHRlc3Q=
[rootcharlie root]# telnet localhost 4025
Trying 127.0.0.1...
Connected to charlie (127.0.0.1).
Escape character is '^]'.
220 mail.hunterweb.net ESMTP Postfix
EHLO foo
250-mail.hunterweb.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME
AUTH PLAIN c2FzbHRlc3QAc2FzbHRlc3QAc2FzbHRlc3Q=
535 Error: authentication failed
quit
221 Bye
Connection closed by foreign host.
[rootcharlie root]# echo Doh!
Doh!
[rootcharlie root]#
--snip---
See, auth works fine as root and postfix, but via stmpd it barfs, and
there's NOTHING in the logs from saslauth itself; smtpd whines about unable
to dlopen /usr/lib/sasl/libgssapiv2.so: /usr/lib/sasl/libgssapiv2.so:
undefined symbol: GSS_C_NT_HOSTBASED_SERVICE but that's it.
Argh!!
From: J.D. Bronson (jbronsonwixb.com)
Date: Tue Jul 20 2004 - 09:21:12 CDT
I use some of the ideas on this list to setup postfix to accept email from
hotmail.com (for example) only if it comes from a hotmail.com server...
/(^|.)hotmail.com$/ OK
/(^|.)msn.com$/ OK
Recently microsoft seems to be using blocks of IPs that dont always have
reverse DNS on them ( go figure ) and as such, email is getting accidently
rejected...
Can someone please tell me the syntax for adding IP blocks in the above?
Here is what I have come up with that I need to add:
64.4
65.52
65.53
65.54
65.55
207.46
207.68
209.185
216.32
216.33
thanks in advance for any help. This approach really does drop a ton of
spam with very little (if any) ill effects. At least until now!
--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: jdaurora.org // Pager: 414.314.8282
From: John Peach (postfixjohnpeach.com)
Date: Tue Jul 20 2004 - 09:19:57 CDT
On Tue, 20 Jul 2004 07:13:58 -0700 (PDT)
Hariharan Gopalan <hariom100yahoo.com> wrote:
> Hi all
>
> Was wondering if there was a way for the SMTP server
> to respond with different HELO as per the domain name
> it is called as, for example, with a single instance
> of postfix with virtual domains:
>
No - only the client machine knows what name was used - it is translated
to an address, which is what is used to connect.
From: Ian Hunter (ihunterhunterweb.net)
Date: Tue Jul 20 2004 - 09:23:21 CDT
If anything, not enough info on how postfix calls saslauthd -- I see lots of
references to /var/spool/postfix/var/run/saslauthd but nowhere does it says
where postfix invents that socket path from, nor does that appear in
/usr/lib/sasl2/smptd.conf.
----- Original Message -----
From: "Luca Berra" <blucacomedia.it>
To: <postfix-userspostfix.org>
Sent: Tuesday, July 20, 2004 7:10 AM
Subject: Re: Postfix SASL Issues...
> On Mon, Jul 19, 2004 at 12:59:37PM -0700, Shawn Daniel wrote:
> >I am looking for documentation on configuring SASL in Postfix
> >2.1.1x, but haven't found anything that really covers Postfix 2.x.
> >All of the docs seem to be for 1.x. Does anyone know of such a
> >document and where I might acquire it?
> >
> >I am running in to config issues that I haven't been able to resolve
> >with the SASL that is in Postfix.
>
> are there shortcomings in the postfix SASL_REAMDE document?
>
> L.
>
> --
> Luca Berra -- blucacomedia.it
> Communication Media & Services S.r.l.
> /"\
> \ / ASCII RIBBON CAMPAIGN
> X AGAINST HTML MAIL
> / \
From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Tue Jul 20 2004 - 09:23:45 CDT
On Tue, Jul 20, 2004 at 10:03:06AM -0400, Covington, Chris wrote:
> I don't think there's anything wrong with the concept. Most
> 'enterprise' commercial systems work this way, Lotus, Exchange, Oracle.
> I hear the Oracle system is great:
>
> http://www.oracle.com/collabsuite/index.html?feature_email.html
>
The popularity of the design does not make it right, the reason the
design is chosen is *developer* convenience rather than greater likely
robustness.
It is possible to architect all the fancy features in a more robustly
designed system with separate data and metadata repositories, tools for
metadata recovery, ...
I believe that OpenExchange uses Cyrus as a mailstore, and still offers
enterprise features. This is a reasonable design in my view.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
From: John Peach (postfixjohnpeach.com)
Date: Tue Jul 20 2004 - 09:27:58 CDT
On Tue, 20 Jul 2004 09:21:12 -0500
"J.D. Bronson" <jbronsonwixb.com> wrote:
> I use some of the ideas on this list to setup postfix to accept email
> from hotmail.com (for example) only if it comes from a hotmail.com
> server...
>
> /(^|.)hotmail.com$/ OK
> /(^|.)msn.com$/ OK
>
> Recently microsoft seems to be using blocks of IPs that dont always
> have reverse DNS on them ( go figure ) and as such, email is getting
> accidently rejected...
AHG - not msn as well as hotmail.
>
> Can someone please tell me the syntax for adding IP blocks in the
> above?
It all depends what type of map you are using....
I use a cidr map for hotmail - looks like I need to add these msn
netblocks.
FYI - these are the hotmail ones without PTR records:
64.4.0.0/18 OK
65.52.0.0/14 OK
207.46.0.0/16 OK
207.68.128.0/18 OK
207.68.192.0/20 OK
209.185.240.0/23 OK
216.32.180.0/23 OK
216.32.240.0/23 OK
216.33.148.0/23 OK
216.33.236.0/23 OK
216.33.240.0/23 OK
From: John Peach (postfixjohnpeach.com)
Date: Tue Jul 20 2004 - 09:31:15 CDT
On Tue, 20 Jul 2004 10:27:58 -0400
John Peach <postfixjohnpeach.com> wrote:
To follow up to my own post :)
I should have looked at the netblocks listed - they must be shared
between msn and hotmail, because they match the ones I already have.
> FYI - these are the hotmail ones without PTR records:
>
> 64.4.0.0/18 OK
> 65.52.0.0/14 OK
> 207.46.0.0/16 OK
> 207.68.128.0/18 OK
> 207.68.192.0/20 OK
> 209.185.240.0/23 OK
> 216.32.180.0/23 OK
> 216.32.240.0/23 OK
> 216.33.148.0/23 OK
> 216.33.236.0/23 OK
> 216.33.240.0/23 OK
From: J.D. Bronson (jbronsonwixb.com)
Date: Tue Jul 20 2004 - 09:38:15 CDT
At 09:27 AM 07/20/2004, you wrote:
>On Tue, 20 Jul 2004 09:21:12 -0500
>"J.D. Bronson" <jbronsonwixb.com> wrote:
>
> > I use some of the ideas on this list to setup postfix to accept email
> > from hotmail.com (for example) only if it comes from a hotmail.com
> > server...
> >
> > /(^|.)hotmail.com$/ OK
> > /(^|.)msn.com$/ OK
> >
> > Recently microsoft seems to be using blocks of IPs that dont always
> > have reverse DNS on them ( go figure ) and as such, email is getting
> > accidently rejected...
>
>AHG - not msn as well as hotmail.
> >
> > Can someone please tell me the syntax for adding IP blocks in the
> > above?
>
>It all depends what type of map you are using....
>I use a cidr map for hotmail - looks like I need to add these msn
>netblocks.
>
>
>FYI - these are the hotmail ones without PTR records:
>
>64.4.0.0/18 OK
>65.52.0.0/14 OK
>207.46.0.0/16 OK
>207.68.128.0/18 OK
>207.68.192.0/20 OK
>209.185.240.0/23 OK
>216.32.180.0/23 OK
>216.32.240.0/23 OK
>216.33.148.0/23 OK
>216.33.236.0/23 OK
>216.33.240.0/23 OK
yes I think they are shared...so I left them in for MSN/HOTMAIL just in case??
I didnt see any side effects to doing that.
Here is what i am doing:
main.cf:
from_msn_com = check_client_access regexp:/etc/postfix/freemail/from_msn_com
then the file referenced:
/(^|.)msn.com$/ OK
so can I simply add you examples to this:
/(^|.)msn.com$/ OK
64.4.0.0/18 OK
65.52.0.0/14 OK
...
...
Thanks John-
--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: jdaurora.org // Pager: 414.314.8282
From: John Peach (postfixjohnpeach.com)
Date: Tue Jul 20 2004 - 09:44:22 CDT
On Tue, 20 Jul 2004 09:38:15 -0500
"J.D. Bronson" <jbronsonwixb.com>
> yes I think they are shared...so I left them in for MSN/HOTMAIL just
> in case?? I didnt see any side effects to doing that.
>
> Here is what i am doing:
>
> main.cf:
> from_msn_com = check_client_access
> regexp:/etc/postfix/freemail/from_msn_com
>
> then the file referenced:
> /(^|.)msn.com$/ OK
>
>
> so can I simply add you examples to this:
>
> /(^|.)msn.com$/ OK
> 64.4.0.0/18 OK
> 65.52.0.0/14 OK
Actually I just allow all mail from those netblocks. It doesn't seem to
have caused me any problems. I was working under the, possible mistaken,
assumption that those are corporate netblocks......
From: Arshavir Grigorian (agm-cam.com)
Date: Tue Jul 20 2004 - 09:59:07 CDT
On Sat, 2004-07-17 at 06:50, lst_hoe01kwsoft.de wrote:
> Zitat von Arshavir Grigorian <agm-cam.com>:
>
> > Hello,
> >
> > Although I have used Postfix for a long time, I just subscribed to this
> > list and this is my first post.
> >
> > I have a secondary MX server running Postfix, and I thought I properly
> > configured it. But then I started seeing certain entries in my logs,
> > which I couldn't understand. If someone could enlighten me as to what
> > these messages mean and/or what's causing them to appear in my logs, I
> > would very much appreciate it.
> >
> > 1) Jul 15 19:38:21 mail1 postfix/nqmgr[7349]: 3E0323E8A9: from=<>,
> > size=9458, nrcpt=1 (queue active)
> > Jul 15 19:38:51 mail1 postfix/smtp[8517]: connect to
> > mail.kf7.us[65.182.130.10]: Connection timed out (port 25)
> > Jul 15 19:38:51 mail1 postfix/smtp[8517]: 3E0323E8A9: to=<kf7.us>,
> > relay=none, delay=1559, status=deferred (connect to
> > mail.kf7.us[65.182.130.10]: Connection timed out)
>
> These are bounces. Have a look which mail was bounced. Don't accept mail for
> invalid user (see xxxx_recipient_maps feature)
>
> > 2) Jul 15 22:39:26 mail1 postfix/smtpd[2184]: warning: smtpd_peer_init:
> > 201.129.238.141: hostname dsl-201-129-238-141.prod-infinitum.com.mx
> > verification failed: Name or service not known
> >
> > Jul 16 00:18:25 mail1 postfix/smtpd[2344]:warning: smtpd_peer_init:
> > 65.182.129.81: address not listed for hostname www-way.biz
> >
> > Jul 15 22:57:13 mail1 postfix/smtpd[2211]: warning: smtpd_peer_init:
> > 24.208.216.195: hostname dhcp024-208-216-195.indy.rr.com verification
> > failed: Temporary failure in name resolution
> >
> > I guess the last one is caused by some DNS failure, though I can't
> > figure out what failure exactly, since both the IP and the hostname are
> > present. I have no idea about the former 2.
>
> Forward (A) and reverse (PTR) lookups must match. If either one fails or the
> results don't match postfix log this warnings.
>
> Regards
>
> Andreas
Thanks for the comments, Andres.
I am not quite sure I understand how that entry is considered a bounce.
I have bounce entries for unknown users:
Jul 19 03:32:31 mail1 postfix/local[22892]: 02DA93E8B9:
to=<zylkijyxenrmail1.xxxxxxxx.com>, orig_to=<zylkijyxenr>,
relay=local, delay=0, status=bounced (unknown user: "zylkijyxenr")
My understanding it that if a mail is to be bounced it's done during the
SMTP conversation. So why is my server trying to connect to the other
server? Are you saying that the other server closed connection before my
server could bounce the message?
Could you please elaborate? Thanks.
Arshavir
From: Arvinn Løkkebakken (arvinnsandakerveien.net)
Date: Tue Jul 20 2004 - 10:02:06 CDT
Victor Duchovni wrote:
> On Tue, Jul 20, 2004 at 02:29:14PM +0200, Arvinn L?kkebakken wrote:
>
>
>>>The Exchange guys use this scheme. That's why Exchange is so unreliable.
>>>
>>
>>Does it have to be unreliable? In my experience Exchange is unreliable
>>because of a lot of things. But then again, Exchange is much more than a
>>MTA, so it's kinda not the right example to look at anyway IMO.
>>
>
>
> Exchange is a mailstore with an MTA bolted-on for state replication and
> messaging. While the MTA could use a dose of transparency and better
> logging, the real problem is the storage, not the fancy features, but
> the underlying storage design.
>
> The choice of a monolithic store for mail is a major design error, since
> it imposes excessive global consistency requirements that make recovery
> difficult, and corruption likely.
>
> File-systems offer fine-grained rather than global consistency:
> Directories point at files that really exist, files point at blocks that
> belong to them, data flushed to a file persists after a sync operation
> (explicit or delayed from the buffer cache). Even if a single file is
> corrupted, global file-system corruption is rare with mature file-systems
> (I make no specific public claims about which file-systems are mature
> on which OS).
>
> By separating data and meta-data into different files, and ideally
> meta-data for each folder into a separate file, a mailstore can support
> fast meta-data recovery (it is the meta-data that is most likely to
> become corrupted).
>
> File-systems support a rich ecosystem of file manipulation tools, if
> something goes wrong the mail-store meta-data the administrator can
> still wrest the underlying content from the mailstore and re-build
> (portions of) the meta-data, obviating the need for a full data and
> meta-data recovery (in these days of TB sized stores full recovery can
> be totally impractical).
>
> File-system recovery can be faster than database recovery because it is
> not necessary to arrive at a globally consistent state. One can recover
> parts of a file-system, restoring individual mailboxes or messages.
>
> I cannot honestly recommend to anyone a mailstore design based on any
> database, regardless of the technology.
>
Damn, that was a quite a few good arguments :)
Arvinn
From: Robin Lynn Frank (rlfrankparadigm-omega.com)
Date: Tue Jul 20 2004 - 01:27:16 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
On Monday 19 July 2004 21:37, Peter H. Coffin wrote:
> > Wrong read : The objection is that spammer will use *valid* sender
> > addresses if SAV gets widespread. Taken the fact that still many
> > sites generate bounces i prefer this bounces to be to invalid
> > addresses at my site instead of valid ones.
>
> Some spammers will change. Some won't. You'll catch the ones that don't.
>
> Some sites still bounce. Some probably ALWAYS will. That will fill the
> spoofed mailbox with bounces very quickly, and SAV will again start
> catching spam.
>
> Spammers still send direct from dialups, still send to dictionary
> addresses, still use broken SMTP-ware, continue to use hijacked machines
> even after the hijacked machine shows up in block lists that they can
> look at. Why discard a rejection criterion that smart spammers might be
> able to get around when there's so much evidence that most of them are
> slightly smarter than begonias?
I'm not so sure you are correct. When spammers managed to get people more
concerned with backscatter than in blocking UCE, they won and we lost. That
makes them considerably smarter than begonias and vastly smarter than the the
crew on spam-l that spend so much time grousing about backscatter and,
apparently so little time in effectively blocking UCE.
- --
Robin Lynn Frank
Director of Operations
Paradigm-Omega, LLC
======================
A bug in the code is worth two in the documentation.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Sed quis custodiet ipsos custodes?
iD8DBQFA/LtOo0pgX8xyW4YRA1gUAJ95vOYmW6GZdfDznAapwIaL4G92MACfRn5w
9TgnWfOyAWBG147UzlTYwn0=
=nBXZ
-----END PGP SIGNATURE-----
From: Kevin W. Gagel (gagelcnc.bc.ca)
Date: Tue Jul 20 2004 - 10:30:24 CDT
I upgraded postfix from 2.0.16 to 2.1.4 yesterday. Doing a tail showed that the
new version was considering messages as corrupt. Venturing a guess I upgraded
amavisd-new which did solve that problem.
Can these messages be returned to service? How? Mind pointing me to docs please.
====================
Kevin W. Gagel
Network Administrator
(250) 561-5848 local 448
(250) 562-2131 local 448
--------------------------------------------------------------
The College of New Caledonia, Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
--------------------------------------------------------------
From: Kevin OGorman (kogormanpacbell.net)
Date: Tue Jul 20 2004 - 10:11:55 CDT
Yes. A .forward file will do the trick. Details surely
depend on your OS, but here's the Unix/Linux way:
Suppose your login name is 'joe'. Then in Joe's home
directory create the forwarding file ~joe/.forward,
with 600 permissions. In it, put a line to deliver the
mail locally as usual (because the .forward file preempts
that function) and also a line to send it to your test
domain: something like this
=== cut here
\joe
joetest.domain.top
=== cut here
Now the incoming mail goes to two places.
You can also send the mail to local files, or even to
a command pipeline, but it seems you don't need those
functions.
++ kevin
--- Sean Tempesta <tempestamore.net> wrote:
> Hello,
>
> I have been tasked with testing out a anti-spam solution
> for my
> company. It has been very challenging, however, to test
> the system
> simply because any mail I send through it has the same
> headers and is
> not very suspicious.
>
> Is there any way to copy mail (with postfix) that is
> incoming on one of
> my real mail servers and send one of the copies to my
> test email servers
> while letting the original pass through?
>
> Sean Tempesta
> GRA - S&P
>
>
=====
Dr. Kevin O'Gorman (805) 756-2986 mailto:kogormanpacbell.net
Home Page: http://www.csc.calpoly.edu/~kogorman
From: Luca Berra (blucacomedia.it)
Date: Tue Jul 20 2004 - 10:13:22 CDT
On Tue, Jul 20, 2004 at 10:23:45AM -0400, Victor Duchovni wrote:
>It is possible to architect all the fancy features in a more robustly
>designed system with separate data and metadata repositories, tools for
>metadata recovery, ...
>
>I believe that OpenExchange uses Cyrus as a mailstore, and still offers
>enterprise features. This is a reasonable design in my view.
The only nice enterprise feature that i believe is worthwile having a robust
database as a mail store are the fact that some database already solved
the problem of data replication.
Doing this kind of work with a filesystem is not that easy, since you
have to insure some level of coherency between data and metadata.
and keeping two filesystem synchronous might be expensive in terms of
bandwith or responsiveness.
L.
--
Luca Berra -- blucacomedia.it
Communication Media & Services S.r.l.
/"\
\ / ASCII RIBBON CAMPAIGN
X AGAINST HTML MAIL
/ \
From: Eddy Beliveau (eddy.beliveauhec.ca)
Date: Tue Jul 20 2004 - 10:13:20 CDT
Hi!
I'm using the following rule within /etc/mail/spamassassin/88FVGT_subject.cf
header FS_DOLLAR_ONLY Subject =~ /^\$\d{4,7}$/
score FS_DOLLAR_ONLY 6.5
You can take a look at http://www.rulesemporium.com/rules/88_FVGT_subject.cf
You just need to put that file in /etc/mail/spamassassin/
and reload your amavisd-new (or whatever scanner you are using) configuration files
Hope it help
Eddy
----- Original Message -----
From: "Xavier Beaudouin" <kiwioav.net>
To: <postfix-userspostfix.org>
Sent: Tuesday, July 20, 2004 9:13 AM
Subject: Good header check for some spamsource ?
> Hello there,
>
> My mailhub is getting more and more spam that have Subject header like
> this :
>
> Subject: $85145
>
> Starting with a $ and 5 numbers only.
>
> SA is not enough to kill it... But I really like to kill such spams
> directly using good and nice regexp... So anyone have a optimized one
> on his desk ?
>
> Thanks,
> /Xavier
>
> --
> Xavier Beaudouin - Unix System Administrator & Projects Leader.
> President of Kazar Organization : http://www.kazar.net/
> Please visit http://caudium.net/, home of Caudium & Camas projects
>
From: Luca Berra (blucacomedia.it)
Date: Tue Jul 20 2004 - 10:28:41 CDT
On Tue, Jul 20, 2004 at 10:23:21AM -0400, Ian Hunter wrote:
>If anything, not enough info on how postfix calls saslauthd -- I see lots of
>references to /var/spool/postfix/var/run/saslauthd but nowhere does it says
>where postfix invents that socket path from, nor does that appear in
>/usr/lib/sasl2/smptd.conf.
postfix does NOT call saslauthd
the sasl library to which postfix is linked to can be configured to
exchange authentication information over a socket
the default placement for the socket depends on the flags the sasl
library was configured with, and unfortunately it is not possible to
find this value at runtime.
the same can be said for the smtpd.conf path.
the value can be changed at runtime by adding to
/where/ever/sasl/smtpd.conf
a line like
saslauthd_path: /where/ever/you/like/to/have/the/mux
there is not a single reference to /var/spool/postfix/var/run/saslauthd
in SASL_README, so you must be looking at a different doc.
regards,
L.
--
Luca Berra -- blucacomedia.it
Communication Media & Services S.r.l.
/"\
\ / ASCII RIBBON CAMPAIGN
X AGAINST HTML MAIL
/ \
From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Tue Jul 20 2004 - 10:48:38 CDT
On Tue, Jul 20, 2004 at 05:13:22PM +0200, Luca Berra wrote:
> The only nice enterprise feature that i believe is worthwile having a robust
> database as a mail store are the fact that some database already solved
> the problem of data replication.
IMAP clients that support off-line operation do data replication. It
is not necessary to replicat the filesystem in-order to replicate (or
more usefully just cache) the data. Do non-synchronous replication of
the the metadata, opportunistically cache the data.
> Doing this kind of work with a filesystem is not that easy, since you
> have to insure some level of coherency between data and metadata.
The filesystem is the wrong level at which to implement distributed
mailstore replication. One builds enterprise disaster-proof filesystems
on remote-mirrored SAN or NAS storage.
For distributed replication (e.g. Exchange public folders) the appropriate
data to replicate is information about messages and caching or replication
is also sometimes appropriate for the messages themselves.
Indeed Exchange uses SMTP for replication, because the database
near-real-time replication technologies are not appropriate for
replicating message streams over WAN links that are not always up in
the target environment (costly fragile links to remote offices half-way
around the globe).
> and keeping two filesystem synchronous might be expensive in terms of
> bandwith or responsiveness.
>
I do not advocate bit-for-bit filesystem replication. No such thing is
necessary unless one attempts to use a mailstore as a payroll or bank
account balance system. I don't advocate using databases for mail.
I don't advocate mailstores for OLTP.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
From: João Silva (joaopfmlistlipc.fis.uc.pt)
Date: Tue Jul 20 2004 - 10:57:35 CDT
I need to skip the smtpd_client_restrictions for certain users.
I have one access table where I have the emails associated with restriction
classes but the mail yyyyy is always blocked by a rbl test when I intended
to receive it.
I have tried to write the restriction spamtraps as:
spamtraps = permit
but it didn't work.
So I wrote the pcre table (don't know if well writen) so all clients are valid
but it didn't work also.
Any mistake in the configuration? there are any problems in the order that
smtpd_client_restrictions and smtpd_recipient_restrictions are evaluated?
the mailing_lists restriction is working right
postfix version is 2.0.6
configuration follows
in main.cf
-------------------------------------------------------------------------
smtpd_client_restrictions =
hash:/etc/postfix/protectaccess,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client relays.ordb.org
smtpd_recipient_restrictions = hash:/etc/postfix/protectaccess,
permit_mynetworks,
reject_unauth_destination
smtpd_restriction_classes = mailing_lists, spamtraps
mailing_lists = check_client_access hash:/etc/postfix/mailinglists,
permit_mynetworks,
reject_invalid_hostname,
warn_if_reject,
reject_unauth_destination,
reject
spamtraps = check_client_access pcre:/etc/postfix/spamtrap,
permit
-------------------------------------------------------------------------
in /etc/postfix/protectaccess:
xxxxxxxxxxxxxx mailing_lists
xxxx mailing_lists
#
#
yyyyy spamtraps
yyyyyyyyyyyyyy spamtraps
-------------------------------------------------------------------------
in /etc/postfix/spamtrap:
/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ OK
/([a-z]|[A-Z]|-|\.|[0-9])+\.([a-z]|[A-Z]){2,3}/ OK
-------------------------------------------------------------------------
From: Wietse Venema (wietseporcupine.org)
Date: Tue Jul 20 2004 - 11:04:47 CDT
Kevin W. Gagel:
[ Charset ISO-8859-1 unsupported, converting... ]
> I upgraded postfix from 2.0.16 to 2.1.4 yesterday. Doing a tail showed that the
> new version was considering messages as corrupt. Venturing a guess I upgraded
> amavisd-new which did solve that problem.
>
> Can these messages be returned to service? How? Mind pointing me to docs please.
This happens when new mail is stored by new Postfix daemons while
2.0 daemon processes (notably qmgr) are still running that don't
grok the 2.1 queue files.
Moving the files to the maildrop queue might fix it.
Wietse
From: Kevin W. Gagel (gagelcnc.bc.ca)
Date: Tue Jul 20 2004 - 11:09:22 CDT
----- Original Message Follows -----
Date: Tue, 20 Jul 2004 12:04:47 -0400 (EDT)
> Kevin W. Gagel:
> This happens when new mail is stored by new Postfix daemons while
> 2.0 daemon processes (notably qmgr) are still running that don't
> grok the 2.1 queue files.
>
> Moving the files to the maildrop queue might fix it.
>
> Wietse
Thankyou, worked just fine.
====================
Kevin W. Gagel
Network Administrator
(250) 561-5848 local 448
(250) 562-2131 local 448
--------------------------------------------------------------
The College of New Caledonia, Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
--------------------------------------------------------------
From: Andre Tomt (andretomt.net)
Date: Tue Jul 20 2004 - 11:10:13 CDT
Andre Tomt wrote:
> A mitigating solution have already been brought up - transport_map and
> relay_domains beeing exported to local lookup tables. This will drop the
> database load quite a bit, even though recipient maps still has a
> real-time dependency and thus uses the database directly. I'll integrate
> that into the maintance system.
Success! The relays are down to 1-2 queries for each delivery. Thats
very much bearable :-)
Now on to the backend mailbox-machinery..
From: Ian Hunter (ihunterhunterweb.net)
Date: Tue Jul 20 2004 - 11:13:18 CDT
> >If anything, not enough info on how postfix calls saslauthd -- I see lots
of
>
> postfix does NOT call saslauthd
> the sasl library to which postfix is linked to can be configured to
> exchange authentication information over a socket
Ah-hah.
> the default placement for the socket depends on the flags the sasl
> library was configured with, and unfortunately it is not possible to
> find this value at runtime.
Drat. I installed from an RPM.
> the same can be said for the smtpd.conf path.
Sounds like that could be my whole problem?
> the value can be changed at runtime by adding to
> /where/ever/sasl/smtpd.conf
> a line like
> saslauthd_path: /where/ever/you/like/to/have/the/mux
I had posted that my smtpd.conf had a saslauthd_path line, but I didn't have
the /mux at the end. Fixed that, still doesn't work. :(
> there is not a single reference to /var/spool/postfix/var/run/saslauthd
> in SASL_README, so you must be looking at a different doc.
I meant in general, all over the web.
Does anyone have a clue where smtpd.conf should be if my RPM was
cyrus-sasl-2.1.18-5.i386.rpm? The only place it installed an smtpd.conf
file was /usr/lib/sasl2 which is consistent with the docs I've seen. For
that matter, how can I test to see if smtpd is reading that smtpd.conf file?
Thanks all...
From: Magnus Bäck (magnusdsek.lth.se)
Date: Tue Jul 20 2004 - 11:24:02 CDT
On Tuesday, July 20, 2004 at 17:57 CEST,
João Silva <joaopfmlistlipc.fis.uc.pt> wrote:
> I need to skip the smtpd_client_restrictions for certain users.
[...]
> smtpd_client_restrictions =
> hash:/etc/postfix/protectaccess,
> reject_rbl_client sbl-xbl.spamhaus.org,
> reject_rbl_client relays.ordb.org
Equivalent to:
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/protectaccess,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client relays.ordb.org
[...]
> in /etc/postfix/protectaccess:
>
> xxxxxxxxxxxxxx mailing_lists
> xxxx mailing_lists
> #
> #
> yyyyy spamtraps
> yyyyyyyyyyyyyy spamtraps
These are email addresses. check_client_access is for hostnames and IP
addresses.
[...]
--
Magnus Bäck
magnusdsek.lth.se
From: Magnus Bäck (magnusdsek.lth.se)
Date: Tue Jul 20 2004 - 11:24:50 CDT
On Tuesday, July 20, 2004 at 16:09 CEST,
Marcelo Gonçalves Narciso <narcisocnptia.embrapa.br> wrote:
> I have installed and configured postfix.
> I can send mail from my domain to others domains, but I can´t receive
> mail from others domains to my domain.
What say the logs?
[...]
--
Magnus Bäck
magnusdsek.lth.se
From: Luca Berra (blucacomedia.it)
Date: Tue Jul 20 2004 - 11:29:21 CDT
On Tue, Jul 20, 2004 at 11:48:38AM -0400, Victor Duchovni wrote:
>IMAP clients that support off-line operation do data replication. It
I mean server side replication, imap fortunately already freed us to
also have to care about data stored on individual PCs.
>> Doing this kind of work with a filesystem is not that easy, since you
>> have to insure some level of coherency between data and metadata.
>
>The filesystem is the wrong level at which to implement distributed
when i said "with a filesystem" i meant "using the filesystem as a mail
store in opposite to using a db as a mail store"
>mailstore replication. One builds enterprise disaster-proof filesystems
>on remote-mirrored SAN or NAS storage.
as i said the remote mirroring solution is very expensive if the remote
san/nas storage is not in the next building.
That said, some nas vendors have interesting snapshot capabilities.
>For distributed replication (e.g. Exchange public folders) the appropriate
I was not thinking about public folders, you are right on this point.
>> and keeping two filesystem synchronous might be expensive in terms of
>> bandwith or responsiveness.
>
>I do not advocate bit-for-bit filesystem replication. No such thing is
>necessary unless one attempts to use a mailstore as a payroll or bank
>account balance system. I don't advocate using databases for mail.
>I don't advocate mailstores for OLTP.
nevertheless mail is becoming more and more important for business and
while not being by far on the same level of importance as OLTP data is
still cited as an item in many business impact analysis i've seen.
but then i am starting to get way offtopic.
L.
--
Luca Berra -- blucacomedia.it
Communication Media & Services S.r.l.
/"\
\ / ASCII RIBBON CAMPAIGN
X AGAINST HTML MAIL
/ \
From: Marcelo Gonçalves Narciso (narcisocnptia.embrapa.br)
Date: Tue Jul 20 2004 - 11:32:27 CDT
Hi, Magnus,
below there is a piece of log.
There is no error. The status is
sent, but the user narciso receives no mail.
Bye.
-------
Jul 20 10:12:57 norma.cnptia.embrapa.br postfix/local[20723]: [ID 197553
mail.info] 6B3D06B9CC: to=<narcisocnptia.embrapa.br>
, orig_to=<postmaster>, relay=local, delay=2, status=sent (delivered to
command: /usr/sbin/scanmails)
Jul 20 10:12:57 norma.cnptia.embrapa.br postfix/local[20723]: [ID 197553
mail.info] 6B3D06B9CC: to=<narcisocnptia.embrapa.br>
, orig_to=<postmaster>, relay=local, delay=2, status=sent (delivered to
command: /usr/sbin/scanmails)
Magnus Bäck wrote:
> On Tuesday, July 20, 2004 at 16:09 CEST,
> Marcelo Gonçalves Narciso <narcisocnptia.embrapa.br> wrote:
>
> > I have installed and configured postfix.
> > I can send mail from my domain to others domains, but I can´t receive
> > mail from others domains to my domain.
>
> What say the logs?
>
> [...]
>
> --
> Magnus Bäck
> magnusdsek.lth.se
From: Luca Berra (blucacomedia.it)
Date: Tue Jul 20 2004 - 11:35:35 CDT
On Tue, Jul 20, 2004 at 12:13:18PM -0400, Ian Hunter wrote:
>Sounds like that could be my whole problem?
we cannot know, since you refuse to tell us what your problem is
please read again patrick mail and the list welcome message, then post
the info that would be necessary to anyone willing to help you.
Regards,
L.
--
Luca Berra -- blucacomedia.it
Communication Media & Services S.r.l.
/"\
\ / ASCII RIBBON CAMPAIGN
X AGAINST HTML MAIL
/ \
From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Tue Jul 20 2004 - 11:45:26 CDT
On Tue, Jul 20, 2004 at 06:29:21PM +0200, Luca Berra wrote:
> >I don't advocate mailstores for OLTP.
>
> Nevertheless mail is becoming more and more important for business and
> while not being by far on the same level of importance as OLTP data is
> still cited as an item in many business impact analysis i've seen.
> but then i am starting to get way offtopic.
>
Yes mail is critical for messaging and as a historical repository, but
not as 100% guaranteed consistency transactional store. Messages sent
are sometimes lost, imperfect recovery is often good-enough, ...
Viewed this way, overall *availability* (as with a network) of email is
more important than 100% reliability (as with OLTP). If we optimize for
availability, (unlikely global failures, fast recovery) the solutions that
are architected on databases look inferior to me.
Low-end hardware is getting rediculously cheap and powerful, for
enterprise-class service use a decent LVM and give each email user his own
filesystem, give each <= 128 users their own 1 or 2U box (sure solves the
quota problem). Manage the boxes as disposable units attached to storage
pool, cluster them for reliability. I doubt that Gmail uses a database...
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
From: Marcos Gomez (marcosresponsenet.net)
Date: Tue Jul 20 2004 - 11:48:42 CDT
i have a server at domain1.com which correctly receives mail for users
domain1.com. i also configured postfix to receive mail for the virtual
domains domain2.com and domain3.com, but i get a "mail for domain2.com
(or domain3.com) loops back to myself" error sent back to whoever sends
a mail to userdomain2.com. i configured my debian woody server by
configuring the /etc/postfix/main.cf as follows:
--------
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) setgid_group =
postdrop biff = no append_dot_mydomain = no myhostname =
galaxy.domain1.com alias_maps = hash:/etc/aliases alias_database =
hash:/etc/aliases myorigin = /etc/mailname (this reads 'domain1.com')
mydestination = domain1.com, galaxy.domain1.com, localhost.domain1.com,
localhost relayhost = mynetworks = 127.0.0.0/8 mailbox_command =
mailbox_size_limit = 0 recipient_delimiter = + home_mailbox = Maildir/
virtual_alias_domains = domain1.com, domain2.com virtual_alias_maps =
hash:/etc/postfix/virtual_alias
--------
my /etc/postfix/virtual_alias looks like this:
--------
infodomain2.com info-domain2-comlocalhost
contactdomain3.com contact-domain3-comlocalhost
--------
info-domain2-com and contact-domain3-com are system accounts i created
the exact same way i created my system accounts for the users at the
working domain1.com
the zone file for domain1.com looks like this:
--------
domain1.com. IN SOA galaxy.domain1.com.
webmaster.domain1.com. (
1907041 ; Serial
21600 ; Refresh
3600 ; Retry
864000 ; Expire
86400 ) ; Negative Cache TTL
domain1.com. IN NS galaxy.domain1.com.
domain1.com. IN NS mustang.domain1.com.
localhost.domain1.com. IN A 127.0.0.1
domain1.com. IN A 10.0.0.42
mustang.domain1.com. IN A 10.0.0.43
galaxy.domain1.com. IN CNAME domain1.com.
www.domain1.com. IN CNAME galaxy.domain1.com.
mail.domain1.com. IN CNAME galaxy.domain1.com.
domain1.com. IN MX 10 domain1.com.
--------
and for domain2.com it looks like this (domain3.com is similar):
--------
domain2.com. IN SOA galaxy.domain1.com.
webmaster.domain1.com. (
1907042 ; Serial
21600 ; Refresh
3600 ; Retry
864000 ; Expire
86400 ) ; Negative Cache TTL
domain2.com. IN NS galaxy.domain1.com.
domain2.com. IN NS mustang.domain1.com.
localhost.domain2.com. IN A 127.0.0.1
domain2.com. IN A 10.0.0.42
www.domain2.com. IN CNAME domain2.com.
mail.domain2.com. IN CNAME domain2.com.
domain2.com. IN MX 10 domain2.com.
--------
i have been researching this problem for hours now, and i keep hitting a
wall. can anyone out there please help? thanks in advance.
From: Marcos Gomez (marcosresponsenet.net)
Date: Tue Jul 20 2004 - 11:51:02 CDT
i have a server at domain1.com which correctly receives mail for users
domain1.com. i also configured postfix to receive mail for the virtual
domains domain2.com and domain3.com, but i get a "mail for domain2.com
(or domain3.com) loops back to myself" error sent back to whoever sends
a mail to userdomain2.com. i configured my debian woody server by
configuring the /etc/postfix/main.cf as follows:
--------
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
setgid_group = postdrop
biff = no
append_dot_mydomain = no
myhostname = galaxy.domain1.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname (this reads 'domain1.com')
mydestination = domain1.com, galaxy.domain1.com, localhost.domain1.com,
localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
home_mailbox = Maildir/
virtual_alias_domains = domain1.com, domain2.com
virtual_alias_maps = hash:/etc/postfix/virtual_alias
--------
my /etc/postfix/virtual_alias looks like this:
--------
infodomain2.com info-domain2-comlocalhost
contactdomain3.com contact-domain3-comlocalhost
--------
info-domain2-com and contact-domain3-com are system accounts i created
the exact same way i created my system accounts for the users at the
working domain1.com
the zone file for domain1.com looks like this:
--------
domain1.com. IN SOA galaxy.domain1.com.
webmaster.domain1.com. (
1907041 ; Serial
21600 ; Refresh
3600 ; Retry
864000 ; Expire
86400 ) ; Negative Cache TTL
domain1.com. IN NS galaxy.domain1.com.
domain1.com. IN NS mustang.domain1.com.
localhost.domain1.com. IN A 127.0.0.1
domain1.com. IN A 10.0.0.42
mustang.domain1.com. IN A 10.0.0.43
galaxy.domain1.com. IN CNAME domain1.com.
www.domain1.com. IN CNAME galaxy.domain1.com.
mail.domain1.com. IN CNAME galaxy.domain1.com.
domain1.com. IN MX 10 domain1.com.
--------
and for domain2.com it looks like this (domain3.com is similar):
--------
domain2.com. IN SOA galaxy.domain1.com.
webmaster.domain1.com. (
1907042 ; Serial
21600 ; Refresh
3600 ; Retry
864000 ; Expire
86400 ) ; Negative Cache TTL
domain2.com. IN NS galaxy.domain1.com.
domain2.com. IN NS mustang.domain1.com.
localhost.domain2.com. IN A 127.0.0.1
domain2.com. IN A 10.0.0.42
www.domain2.com. IN CNAME domain2.com.
mail.domain2.com. IN CNAME domain2.com.
domain2.com. IN MX 10 domain2.com.
--------
i have been researching this problem for hours now, and i keep hitting a
wall. can anyone out there please help? thanks in advance.
google:
From: marcos_gomezhotmail.com (Marcos Gomez)
Newsgroups: mailing.postfix.users
Subject: virtual alias loopback problem
NNTP-Posting-Host: 24.199.13.46
Message-ID: <c4752d7b.0407192143.30c51937posting.google.com>
yahoo:
To: postfix-usersegroups.com
From: bluefmc427 <bluefmc427yahoo.com>
Date: Mon Jul 19, 2004 10:49 pm
Subject: "mail for domain2.com (or domain3.com) loops back to
myself" error
From: Devdas Bhagat (devdasdvb.homelinux.org)
Date: Tue Jul 20 2004 - 12:04:37 CDT
On 20/07/04 12:13 -0400, Ian Hunter wrote:
<snip>
> > there is not a single reference to /var/spool/postfix/var/run/saslauthd
> > in SASL_README, so you must be looking at a different doc.
>
> I meant in general, all over the web.
Postfix smtpd can run chrooted. If the smtpd is chrooted, then the
saslauthd socket must be within the chroot directory. If your smtpd is
not chrooted, then the default from the rpm is /var/run/saslauthd (the
mux is automatically added, see man saslauthd).
> Does anyone have a clue where smtpd.conf should be if my RPM was
> cyrus-sasl-2.1.18-5.i386.rpm? The only place it installed an smtpd.conf
> file was /usr/lib/sasl2 which is consistent with the docs I've seen. For
> that matter, how can I test to see if smtpd is reading that smtpd.conf file?
smtpd does not read the smtpd.conf file. saslauthd does.
/usr/lib/sasl2/smtpd.conf works fine for me.
Devdas Bhagat
From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Tue Jul 20 2004 - 12:15:18 CDT
On Tue, Jul 20, 2004 at 10:34:37PM +0530, Devdas Bhagat wrote:
> smtpd does not read the smtpd.conf file. saslauthd does.
> /usr/lib/sasl2/smtpd.conf works fine for me.
>
This claim seems unlikely to be true... Debian even puts the
file in /etc/postfix/sasl/smtpd.conf to drive home the point.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
From: Marcos Gomez (marcosresponsenet.net)
Date: Tue Jul 20 2004 - 12:21:02 CDT
sorry to resend this, but i found a couple errors in my original and I
wanted to make the differences between my real and virtual domains more
clear. i have read the http://www.postfix.org/VIRTUAL_README.html and
numerous other resources, however i am still having problems getting my
virtual domains to work properly. i have a server at domain1.com which
correctly receives mail for users domain1.com. i also configured
postfix to receive mail for the virtual domains virtualdomain1.com and
virtualdomain2.com, but i get a "mail for virtualdomain1.com (or
virtualdomain2.com) loops back to myself" error sent back to whoever
sends a mail to uservirtualdomain1.com. i configured my debian woody
server by configuring the /etc/postfix/main.cf as follows:
--------
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
setgid_group = postdrop
biff = no
append_dot_mydomain = no
myhostname = galaxy.domain1.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname (this reads 'domain1.com')
mydestination = domain1.com, galaxy.domain1.com, localhost.domain1.com,
localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
home_mailbox = Maildir/
virtual_alias_domains = virtualdomain1.com, virtualdomain2.com
virtual_alias_maps = hash:/etc/postfix/virtual_alias
--------
my /etc/postfix/virtual_alias looks like this:
--------
infovirtualdomain1.com info-virtualdomain1-comlocalhost
contactvirtualdomain2.com contact-virtualdomain2-comlocalhost
--------
info-virtualdomain1-com and contact-virtualdomain2-com are system
accounts i created the exact same way i created my system accounts for
the users at the working domain1.com
the zone file for domain1.com looks like this:
--------
domain1.com. IN SOA galaxy.domain1.com.
webmaster.domain1.com. (
1907041 ; Serial
21600 ; Refresh
3600 ; Retry
864000 ; Expire
86400 ) ; Negative Cache TTL
domain1.com. IN NS galaxy.domain1.com.
domain1.com. IN NS mustang.domain1.com.
localhost.domain1.com. IN A 127.0.0.1
domain1.com. IN A 10.0.0.42
mustang.domain1.com. IN A 10.0.0.43
galaxy.domain1.com. IN CNAME domain1.com.
www.domain1.com. IN CNAME galaxy.domain1.com.
mail.domain1.com. IN CNAME galaxy.domain1.com.
domain1.com. IN MX 10 domain1.com.
--------
and for virtualdomain1.com it looks like this (virtualdomain2.com is
similar):
--------
virtualdomain1.com. IN SOA galaxy.domain1.com.
webmaster.domain1.com. (
1907042 ; Serial
21600 ; Refresh
3600 ; Retry
864000 ; Expire
86400 ) ; Negative Cache TTL
virtualdomain1.com. IN NS galaxy.domain1.com.
virtualdomain1.com. IN NS mustang.domain1.com.
localhost.virtualdomain1.com. IN A 127.0.0.1
virtualdomain1.com. IN A 10.0.0.42
www.virtualdomain1.com. IN CNAME virtualdomain1.com.
mail.virtualdomain1.com. IN CNAME virtualdomain1.com.
virtualdomain1.com. IN MX 10 virtualdomain1.com.
--------
i have been researching this problem for hours now, and i keep hitting a
wall. can anyone out there please help? thanks in advance.
From: Ian Hunter (ihunterhunterweb.net)
Date: Tue Jul 20 2004 - 12:21:51 CDT
> Postfix smtpd can run chrooted. If the smtpd is chrooted, then the
> saslauthd socket must be within the chroot directory. If your smtpd is
> not chrooted, then the default from the rpm is /var/run/saslauthd (the
> mux is automatically added, see man saslauthd).
Then I have it configured right. Since saslauthd is complaining of invalid
authentication, not "can't reach socket" I'm probably OK there.
> > Does anyone have a clue where smtpd.conf should be if my RPM was
> > cyrus-sasl-2.1.18-5.i386.rpm? The only place it installed an smtpd.conf
> > file was /usr/lib/sasl2 which is consistent with the docs I've seen.
For
> > that matter, how can I test to see if smtpd is reading that smtpd.conf
file?
>
> smtpd does not read the smtpd.conf file. saslauthd does.
Right, I meant where saslauthd looks for smtpd.conf when called by smtpd. I
was thinking perhaps the library is acting different when called by
different clients, as if the "smtpd.conf_location" was a setting or
someting. I guess not. But why, then, would testsaslauthd work at all, let
alone as the postfix user? Don't make no sense to me.
> /usr/lib/sasl2/smtpd.conf works fine for me.
Then it should work for me. Just for fun, I tried adding DIGEST to the
mech_list in smtpd.conf and it doesn't change what I get from EHLO when
connecting via telnet. I guess that means something isn't looking in the
right place.
Ian
From: Jason Dixon (jasondixongroup.net)
Date: Tue Jul 20 2004 - 12:21:09 CDT
Hi folks-
I've run into a strange scenario with a fairly simple configuration.
On a relay server I've setup, postfix relays everything fine except
$mydomain. It attempts to relay mail for that domain, but it ignores
the public MX and attempts to deliver directly to the A record instead.
This is a very simple configuration with very little outside of the
defaults. Any ideas?
Here is the error from maillog:
Jul 19 12:56:03 mail6 postfix/smtp[2608]: 62F3C32405F:
to=<postmaster1somedomain.net>, relay=somedomain.net[x.x.x.x],
delay=0, status=bounced (host somedomain.net[x.x.x.x] said: 550 5.7.1
Unable to relay for postmaster1somedomain.net (in reply to RCPT TO
command))
and here is "postconf -n":
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_process_limit = 200
disable_dns_lookups = yes
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain
mydomain = somedomain.net
myhostname = mail6.somedomain.net
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.0.16/README_FILES
sample_directory = /usr/share/doc/postfix-2.0.16/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 450
Thanks,
--
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net
From: Devdas Bhagat (devdasdvb.homelinux.org)
Date: Tue Jul 20 2004 - 12:21:29 CDT
On 20/07/04 13:15 -0400, Victor Duchovni wrote:
> On Tue, Jul 20, 2004 at 10:34:37PM +0530, Devdas Bhagat wrote:
>
> > smtpd does not read the smtpd.conf file. saslauthd does.
> > /usr/lib/sasl2/smtpd.conf works fine for me.
> >
>
> This claim seems unlikely to be true... Debian even puts the
> file in /etc/postfix/sasl/smtpd.conf to drive home the point.
This works with sasl2.x on RedHat 9. I make no claims for any other
platforms.
Devdas Bhagat
From: Cowles, Steve (stevestevecowles.com)
Date: Tue Jul 20 2004 - 12:22:20 CDT
Dimitri Aivaliotis wrote:
> check the archives for a thread with subject "regexp
> mime_header_checks : subject" started this past sunday
>
> - Dimitri
>
There's actually a new variant to this subject that I received this morning.
The subject still displays the same - $45873, but is not caught by the test
discussed the other day. When I exmained the e-mail headers, I found...
Subject: =?iso-8859-1?B?JDQ1ODcz?=
I added the following test to my postfix header_checks file to stop this
sorry SOB - but I know I'll be adding another test within days. <groan>
/^Subject: =\?iso-8859-1\?./ REJECT Go Away!
Steve Cowles
From: Devdas Bhagat (devdasdvb.homelinux.org)
Date: Tue Jul 20 2004 - 12:23:05 CDT
On 20/07/04 13:21 -0400, Ian Hunter wrote:
<snip>
> > /usr/lib/sasl2/smtpd.conf works fine for me.
>
> Then it should work for me. Just for fun, I tried adding DIGEST to the
> mech_list in smtpd.conf and it doesn't change what I get from EHLO when
> connecting via telnet. I guess that means something isn't looking in the
> right place.
In that case, can you try with /usr/lib/sasl/smtpd.conf instead?
Devdas Bhagat
sasabhygia.pharmacy.bg.ac.yu
Date: Tue Jul 20 2004 - 12:25:33 CDT
On Tue, Jul 20, 2004 at 01:32:27PM -0300, Marcelo Gon?alves Narciso wrote:
> Hi, Magnus,
>
> below there is a piece of log.
> There is no error. The status is
> sent, but the user narciso receives no mail.
>
> Bye.
> -------
>
> Jul 20 10:12:57 norma.cnptia.embrapa.br postfix/local[20723]: [ID 197553 mail.info] 6B3D06B9CC: to=<narcisocnptia.embrapa.br>, orig_to=<postmaster>, relay=local, delay=2, status=sent (delivered to command: /usr/sbin/scanmails)
> Jul 20 10:12:57 norma.cnptia.embrapa.br postfix/local[20723]: [ID 197553 mail.info] 6B3D06B9CC: to=<narcisocnptia.embrapa.br>, orig_to=<postmaster>, relay=local, delay=2, status=sent (delivered to command: /usr/sbin/scanmails)
The mail has been sent and the responsibility for further processing
(like delivery to local users) is now on the
/usr/sbin/scanmails
command. Not a postfix related problem.
BTW, please try not to wrap the log file lines.
From: Luca Berra (blucacomedia.it)
Date: Tue Jul 20 2004 - 12:29:43 CDT
On Tue, Jul 20, 2004 at 10:16:11AM -0400, Ian Hunter wrote:
>> > testsaslauthd -u <username> -p <password> -s smtp
>> >
>> > ...works fine, even if I "su postfix" and then run it. (Couldn't get
>> > pam working that way, switched to shadow, works fine as shadow)
you should be able to use pam, but you need an /etc/pam.d/smtp conf
file.
>/usr/sbin/saslauthd -m /var/run/saslauthd -a shadow -V
why do you need to specify the socket path? the default should be used
by both libsasl and saslauthd
>Jul 20 09:55:08 charlie postfix/smtpd[12106]: unable to dlopen
>/usr/lib/sasl/libgssapiv2.so: /usr/lib/sasl/libgssapiv2.so: undefined
>symbol: GSS_C_NT_HOSTBASED_SERVICE
this at least tells us that smtpd.conf should reside in /usr/lib/sasl/
>--master.cf--
>smtp inet n - n - - smtpd
>4025 inet n - n - - smtpd -o
>smtpd_recipient_restrictions=$smtpd2_recipient_restrictions -o
>smtpd_sasl_auth_enable=$smtpd2_sasl_auth_enable -o
>broken_sasl_auth_clients=yes
good, you are not chrooted
>AUTH PLAIN c2FzbHRlc3QAc2FzbHRlc3QAc2FzbHRlc3Q=
this is a plaintext password, hope you changed it after posting
if all else fails please read DEBUG_README and use something like "strace
-e trace=file -p $process_id > /some/where/smtp.log" as a
debugger_command
L.
--
Luca Berra -- blucacomedia.it
Communication Media & Services S.r.l.
/"\
\ / ASCII RIBBON CAMPAIGN
X AGAINST HTML MAIL
/ \
From: Ian Hunter (ihunterhunterweb.net)
Date: Tue Jul 20 2004 - 12:48:30 CDT
> > > /usr/lib/sasl2/smtpd.conf works fine for me.
> >
> > Then it should work for me. Just for fun, I tried adding DIGEST to the
> > mech_list in smtpd.conf and it doesn't change what I get from EHLO when
> > connecting via telnet. I guess that means something isn't looking in
the
> > right place.
>
> In that case, can you try with /usr/lib/sasl/smtpd.conf instead?
Sure, just did, it didn't make any change.
moonrockusa-pass.net
Date: Tue Jul 20 2004 - 12:50:36 CDT
I made some changes recently and now I'm not getting roots mail. I haven't
determined which change I made caused the problem yet, but I figure I can
reverse the changes one at a time and figure it out - instead I want to try
and understand why my change caused the problem and if there is a better
solution. I have reversed one change (thinking that was the cause) but it
didn't fix the issue. I went over the documentation on the other changes
but can't find anything that indicates I might have a problem.
The changes I made were:
alias_maps = hash:/etc/aliases to hash:/etc/postfix/aliases
alias_database = hash:/etc/aliases to hash:/etc/postfix/aliases
local_recipient_maps = unix:passwd.byname $alias_maps to
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
Postconf - n:
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[localhost]:10024
daemon_directory = /usr/libexec/postfix
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 5000000
mydestination = $myhostname, localhost.$mydomain
mydomain = usa-pass.net
myhostname = moon.usa-pass.net
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = no
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = moon.usa-pass.net
smtpd_client_restrictions =
permit_mynetworks,
check_client_access hash:/etc/postfix/client_access,
reject_unauth_pipelining
smtpd_data_restrictions =
reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_hostname,
check_helo_access hash:/etc/postfix/helo_access
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
reject_multi_recipient_bounce,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rhsbl_client blackhole.securitysage.com,
reject_rhsbl_sender blackhole.securitysage.com,
permit
smtpd_sender_restrictions =
reject_non_fqdn_sender,
reject_unknown_sender_domain
unknown_local_recipient_reject_code = 550
virtual_alias_domains = $virtual_alias_maps
virtual_alias_maps = hash:/etc/postfix/virtual
From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Tue Jul 20 2004 - 12:51:13 CDT
On Tue, Jul 20, 2004 at 01:21:09PM -0400, Jason Dixon wrote:
> disable_dns_lookups = yes
What do you expect this to do?
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
From: Wietse Venema (wietseporcupine.org)
Date: Tue Jul 20 2004 - 12:52:05 CDT
moonrockusa-pass.net:
> I made some changes recently and now I'm not getting roots mail. I haven't
Send mail to root, then look in the maillog file.
Wietse
From: Marcos Gomez (marcosresponsenet.net)
Date: Tue Jul 20 2004 - 13:04:02 CDT
below are the relevant mail.log entries that may be of a help. thanks
again.
Jul 20 10:55:05 galaxy postfix/smtpd[6129]: connect from
gateway.domain1.com[10.0.0.46]
Jul 20 10:55:05 galaxy postfix/smtpd[6129]: 2777CB772:
client=gateway.domain1.com[10.0.0.46]
Jul 20 10:55:05 galaxy postfix/cleanup[6130]: 2777CB772:
message-id=<000001c46e82$d90b3250$8001a8c0websystem>
Jul 20 10:55:05 galaxy postfix/qmgr[6110]: 2777CB772:
from=<marcosdomain1.com>, size=687, nrcpt=1 (queue active)
Jul 20 10:55:05 galaxy postfix/smtp[6131]: warning: mailer loop: best MX
host for virtualdomain3.com is local
Jul 20 10:55:05 galaxy postfix/smtp[6131]: 2777CB772:
to=<contactvirtualdomain3.com>, relay=none, delay=0, status=bounced
(mail for virtualdomain3.com loops back to myself)
Jul 20 10:55:05 galaxy postfix/cleanup[6130]: 3D7ABB775:
message-id=<20040720175505.3D7ABB775galaxy.domain1.com>
Jul 20 10:55:05 galaxy postfix/qmgr[6110]: 3D7ABB775: from=<>,
size=2371, nrcpt=1 (queue active)
Jul 20 10:55:05 galaxy postfix/local[6133]: 3D7ABB775:
to=<marcosdomain1.com>, relay=local, delay=0, status=sent (maildir)
Jul 20 10:55:07 galaxy postfix/smtpd[6129]: disconnect from
gateway.domain1.com[10.0.0.46]
moonrockusa-pass.net
Date: Tue Jul 20 2004 - 13:06:03 CDT
----- Original Message -----
From: "Wietse Venema" <wietseporcupine.org>
To: <moonrockusa-pass.net>
Cc: <postfix-userspostfix.org>
Sent: Tuesday, July 20, 2004 12:52 PM
Subject: Re: Not getting root's mail
> moonrockusa-pass.net:
> > I made some changes recently and now I'm not getting roots mail. I
haven't
>
> Send mail to root, then look in the maillog file.
>
> Wietse
>
Logs show it is sent, but I'm not getting it.
In /etc/postfix/aliases I have
root: mwalkdenusa-pass.net
If I send a message to rootusa-pass.net, I get that OK, but if I send to
rootmoon.usa-pass.net it shows it sent but I don't get the mail.
Logs:
Jul 20 12:15:23 moon postfix/smtpd[8201]: connect from
pass-gate.usa-pass.net[192.168.252.204]
Jul 20 12:15:23 moon postfix/smtpd[8201]: CD1483080B4:
client=pass-gate.usa-pass.net[192.168.252.204]
Jul 20 12:15:23 moon postfix/cleanup[8203]: CD1483080B4:
message-id=<000d01c46e7c$87efdb60$20fda8c0pass.local>
Jul 20 12:15:23 moon postfix/qmgr[3997]: CD1483080B4:
from=<moonrockusa-pass.net>, size=630, nrcpt=1 (queue active)
Jul 20 12:15:23 moon postfix/smtpd[8201]: disconnect from
pass-gate.usa-pass.net[192.168.252.204]
Jul 20 12:15:24 moon postfix/smtpd[8207]: connect from
localhost.localdomain[127.0.0.1]
Jul 20 12:15:24 moon postfix/smtpd[8207]: 34F883080B6:
client=localhost.localdomain[127.0.0.1]
Jul 20 12:15:24 moon postfix/cleanup[8203]: 34F883080B6:
message-id=<000d01c46e7c$87efdb60$20fda8c0pass.local>
Jul 20 12:15:24 moon postfix/qmgr[3997]: 34F883080B6:
from=<moonrockusa-pass.net>, size=1086, nrcpt=1 (queue active)
Jul 20 12:15:24 moon postfix/smtpd[8207]: disconnect from
localhost.localdomain[127.0.0.1]
Jul 20 12:15:24 moon amavis[8068]: (08068-06) Passed,
<moonrockusa-pass.net> -> <rootmoon.usa-pass.net>, Message-ID:
<000d01c46e7c$87efdb60$20fda8c0pass.local>, Hits: 0.339
Jul 20 12:15:24 moon postfix/smtp[8204]: CD1483080B4:
to=<rootmoon.usa-pass.net>, relay=localhost[127.0.0.1], delay=1,
status=sent (250 2.6.0 Ok, id=08068-06, from MTA: 250 Ok: queued as
34F883080B6)
Jul 20 12:15:24 moon postfix/qmgr[3997]: CD1483080B4: removed
Jul 20 12:15:24 moon postfix/local[8208]: 34F883080B6:
to=<rootmoon.usa-pass.net>, relay=local, delay=0, status=sent (delivered to
mailbox)
Jul 20 12:15:24 moon postfix/qmgr[3997]: 34F883080B6: removed
From: Jason Dixon (jasondixongroup.net)
Date: Tue Jul 20 2004 - 13:07:30 CDT
On Jul 20, 2004, at 1:51 PM, Victor Duchovni wrote:
> On Tue, Jul 20, 2004 at 01:21:09PM -0400, Jason Dixon wrote:
>
>> disable_dns_lookups = yes
>
> What do you expect this to do?
LOL. You know what they say about seeing the forest for the trees? :)
Thanks,
--
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net
From: Vivek Khera (vivekkhera.org)
Date: Tue Jul 20 2004 - 13:14:04 CDT
I have a virtual host for tech support that uses aliases to feed the
incoming messages into our trouble ticket system, RT. Each queue is
set up like this:
virtual:
generalsupport.m1e.net supportlocalhost
and in aliases:
support: "|rt-mailgate ...bunch of options..."
Now, last week I went to upgrade my RT from an old version to a newer
version, and that meant holding all mail for a couple of hours while
the data was transferred from the old version to the new. My initial
attempt was to set up a dedicated transport for the support.m1e.net
domain:
in transports:
support.m1e.net support:
and in master.cf, the "support" transport was a clone of the "smtp"
transport.
when I added "support" to the list of deferred transports in the
main.cf file, it did not hold messages. The other transport I put on
hold during the upgrade which goes to a pipe delivery agent in the
master.cf file did get deferred as expected.
So my question is, what is the proper method to defer mail destined for
a single virtual host?
My hack was to define each of the aliases as "| exit 75", which
effectively queued up all the mail until I set back the aliases.
Vivek Khera, Ph.D.
+1-301-869-4449 x806
From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Tue Jul 20 2004 - 13:25:21 CDT
On Tue, Jul 20, 2004 at 02:14:04PM -0400, Vivek Khera wrote:
> I have a virtual host for tech support that uses aliases to feed the
> incoming messages into our trouble ticket system, RT. Each queue is
> set up like this:
>
> virtual:
>
> generalsupport.m1e.net supportlocalhost
>
> in transports:
>
> support.m1e.net support:
>
http://www.postfix.org/ADDRESS_REWRITING.html
transport selection happens *after* virtual alias mapping. The
right transport table entry is:
supportlocalhost.your.domain support:
> So my question is, what is the proper method to defer mail destined for
> a single virtual host?
>
If the mail is destined for virtual alias domain, you can either
use HOLD (or perhaps DELAY if it is ever implemented in a way that
Wietse and I can agree on :-), or add transport table entries for
the targets of the virtual rewrites.
One approach is to add a dedicated local domain (say "rt.local.invalid")
to $mydestination, and rewrite all the RT recipients to
aliasdedicated.tld (don't accept any mail for the "invalid" TLD from
the network). Then a signle transport table entry can reroute or delay
all the RT recipients.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
From: Javier Henderson (JavierKJSL.COM)
Date: Tue Jul 20 2004 - 13:29:48 CDT
Besides the message_size_limit variable, is there anything else that
could affect the maximal size of a message?
mail javiernode1 <~xxx/SCAN/67.8.scan
# postdrop: warning: uid=0: File too large
send-mail: fatal: root(0): Message file too big
# grep message_size_limit /usr/local/etc/postfix/main.cf
message_size_limit = 40960000
# ls -la ~xxx/SCAN/67.8.scan
-rw-r--r-- 1 xxx yyy 15245587 Jul 20 05:12 /usr/home/xxx/SCAN/67.8.scan
Note: I did 'postfix reload' after editing main.cf
Thanks,
-jav
From: Wietse Venema (wietseporcupine.org)
Date: Tue Jul 20 2004 - 13:40:25 CDT
moonrockusa-pass.net:
> > moonrockusa-pass.net:
> > > I made some changes recently and now I'm not getting roots mail. I
> haven't
> >
> > Send mail to root, then look in the maillog file.
> >
> > Wietse
> >
>
> Logs show it is sent, but I'm not getting it.
>
> In /etc/postfix/aliases I have
>
> root: mwalkdenusa-pass.net
What's the output from:
postmap -q root hash:/etc/postfix/aliases
Output should show:
mwalkdenusa-pass.net
What's the output from:
postconf alias_maps
Output should show:
hash:/etc/postfix/aliases
> If I send a message to rootusa-pass.net, I get that OK, but if I send to
> rootmoon.usa-pass.net it shows it sent but I don't get the mail.
> to=<rootmoon.usa-pass.net>, relay=local, delay=0, status=sent (delivered to
> mailbox)
It's delivered to /var/whatever/root.
Wietse
From: Ian Hunter (ihunterhunterweb.net)
Date: Tue Jul 20 2004 - 13:46:32 CDT
> if all else fails please read DEBUG_README and use something like "strace
> -e trace=file -p $process_id > /some/where/smtp.log" as a
> debugger_command
Great idea. It seems that it's reading /usr/lib/sasl/smtpd.conf after all.
Jul 20 14:29:04 charlie logger: open("/usr/lib/sasl/smtpd.conf", O_RDONLY) =
10
Other than that, I still don't know anything new. Sign... Maybe I need to
build cyrus-saslauth myself. Argh. I'll have to meditate on that.
From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Tue Jul 20 2004 - 13:58:21 CDT
On Tue, Jul 20, 2004 at 02:46:32PM -0400, Ian Hunter wrote:
> Great idea. It seems that it's reading /usr/lib/sasl/smtpd.conf after all.
>
> Jul 20 14:29:04 charlie logger: open("/usr/lib/sasl/smtpd.conf", O_RDONLY) = 10
>
An acquaintance of mine who teaches UNIX and C evening classes has a special
stamp for grading student homework. The stamp says "Inattention To Detail"!
From your original mail:
> If I didn't know any better, I'd say postfix wasn't calling saslauthd at
> all. My /usr/lib/sasl2/smtpd.conf looks like:
>
> mech_list: PLAIN LOGIN
> pwcheck_method: saslauthd
> saslauthd_path: /var/run/saslauthd
Notice anything?
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
From: Ian Hunter (ihunterhunterweb.net)
Date: Tue Jul 20 2004 - 14:06:10 CDT
> > Great idea. It seems that it's reading /usr/lib/sasl/smtpd.conf after
all.
> >
> > Jul 20 14:29:04 charlie logger: open("/usr/lib/sasl/smtpd.conf",
O_RDONLY) = 10
> >
>
> An acquaintance of mine who teaches UNIX and C evening classes has a
special
> stamp for grading student homework. The stamp says "Inattention To
Detail"!
>
> >From your original mail:
>
> > If I didn't know any better, I'd say postfix wasn't calling saslauthd at
> > all. My /usr/lib/sasl2/smtpd.conf looks like:
Ah, but my /usr/lib/sasl2/smptd.conf has been copied to
/usr/lib/sasl/smtpd.conf and still the band plays on...
Actually, I think I'm going to take this to the sasl people, because after
using strace to catch all the system calls and such, I trapped it sending my
correct username and password to the socket at /var/run/saslauthd/mux and
the socket responding "NO" even when I can use testsaslauthd and get a
"yes" --- mmmmmmm, fishy, eh?
From: Pollywog (linuxshadypond.com)
Date: Tue Jul 20 2004 - 14:12:02 CDT
On 07/20/2004 06:46 pm, Ian Hunter wrote:
> > if all else fails please read DEBUG_README and use something like "strace
> > -e trace=file -p $process_id > /some/where/smtp.log" as a
> > debugger_command
>
> Great idea. It seems that it's reading /usr/lib/sasl/smtpd.conf after all.
>
> Jul 20 14:29:04 charlie logger: open("/usr/lib/sasl/smtpd.conf", O_RDONLY)
> = 10
>
> Other than that, I still don't know anything new. Sign... Maybe I need to
> build cyrus-saslauth myself. Argh. I'll have to meditate on that.
Have you tried copying the smtpd.conf file to /etc/postfix/sasl/ ?
Are you using Debian?
8)
From: Shawn Daniel (sdanielnseng.net)
Date: Tue Jul 20 2004 - 14:13:16 CDT
It would seem that Ian and I are having a similar problem. I am
attempting to get SASL to work properly but it doesn't seem to want to
work. I keep getting an error about the sasl.db not existing. I am not
using the sasl.db for the password list...I am using pam...I have even
tried shadow and neither seems to work.
When I attempt to login, it continually prompts for a password.
This is the sasl.db error:
Jul 20 11:54:49 master postfix/smtpd[10812]: warning: SASL
authentication problem: unable to open Berkeley db
/var/lib/sasl2/sasl.db: No such file or directory
As far as the above error goes, it isn't even looking for the sasl.db in
the right place, even if I was using it.
--- postconf ---
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
delay_warning_time = 4
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail -Y -a $DOMAIN
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname localhost.$mydomain $mydomain mail.$mydomain
www.$mydomain localhost
mydomain = dcsvc.com
myhostname = mail.dcsvc.com
mynetworks = 127.0.0.0/8
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
owner_request_special = no
readme_directory = /usr/share/doc/postfix-2.0.13/README_FILES
recipient_delimiter = +
relay_domains = $virtual_maps
sample_directory = /usr/share/doc/postfix-2.0.13/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
virtual_alias_domains = sad209.com kmjackson.com
mcfaddenconstruction.com thesoilsource.com adfif.org mail.sad209.com
mail.kmjackson.com mail.mcfaddenconstruction.com mail.thesoilsource.com
mail.adfif.org
virtual_alias_maps = hash:/etc/postfix/virtual
--- /etc/sysconfig/saslauthd ---
# $Id: saslauthd.sysconfig,v 1.1 2001/05/02 10:55:48 wiget Exp $
# Authentications mechanism (for list see saslauthd -v)
SASL_AUTHMECH=pam
# Hostname for remote IMAP server (if rimap auth mech is used)
# Ldap configuration file (if ldap auth mech is used)
SASL_MECH_OPTIONS=
# Extra options (for list see saslauthd -h)
SASLAUTHD_OPTS="-m /var/spool/postfix/var/lib/sasl2/"
--- /var/spool/postfix/var/lib/sasl2/smtpd.conf ---
pwcheck_method: saslauthd
I am running Mandrake 9.2 and have turned off the chroot for
postfix...which didn't seem to do anything.
I am not exactly sure where to go from here. Any help would
appreciated. I hope I have provided enough info.
Shawn
From: Michael Gale (michael.galeutilitran.com)
Date: Tue Jul 20 2004 - 14:29:30 CDT
Hello,
I am using nagios to monitor my Postfix Q ... but is seems the check_mailq plugin is either broken or at least not
working for me. I was going to write my own and just want to make sure that I should be checking the:
../postfix/defer folder to find the proper number of messages stuck in the Q ?
--
Michael Gale
From: Wietse Venema (wietseporcupine.org)
Date: Tue Jul 20 2004 - 14:28:47 CDT
Javier Henderson:
> Besides the message_size_limit variable, is there anything else that
> could affect the maximal size of a message?
For example, the file size limit of your shell process. Postfix
will not magically exceed that limit when you specify a larger one
in main.cf.
Another example: file system quota (the error message should be
different, but Linux file systems sometimes report inaccurate
errors, such as ENOENT on an open file).
Another possibility is a bug in the file system. Don't shoot
Postfix, it's only the messenger of bad news from your kernel.
Wietse
> mail javiernode1 <~xxx/SCAN/67.8.scan
> # postdrop: warning: uid=0: File too large
> send-mail: fatal: root(0): Message file too big
>
> # grep message_size_limit /usr/local/etc/postfix/main.cf
> message_size_limit = 40960000
>
> # ls -la ~xxx/SCAN/67.8.scan
>
> -rw-r--r-- 1 xxx yyy 15245587 Jul 20 05:12 /usr/home/xxx/SCAN/67.8.scan
>
> Note: I did 'postfix reload' after editing main.cf
>
> Thanks,
>
> -jav
>
>
From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Tue Jul 20 2004 - 14:29:33 CDT
On Tue, Jul 20, 2004 at 01:29:30PM -0600, Michael Gale wrote:
> I am using nagios to monitor my Postfix Q ... but is seems the check_mailq
> plugin is either broken or at least not working for me. I was going to
> write my own and just want to make sure that I should be checking the:
> ../postfix/defer folder to find the proper number of messages stuck in
> the Q ?
http://www.postfix.org/QSHAPE_README.html
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
From: Robin Lynn Frank (rlfrankparadigm-omega.com)
Date: Tue Jul 20 2004 - 14:07:19 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Has improper use of 8-bit data in message header become so commonplace as to
render strict_7bit_headers = yes , pretty much useless. I can't believe how
much of it comes off mail lists (not this one) where users are generally
standards-savvy.
- --
Robin Lynn Frank
Director of Operations
Paradigm-Omega, LLC
======================
42
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Sed quis custodiet ipsos custodes?
iD8DBQFA/W1yo0pgX8xyW4YRA33PAJ0X0Bn1AzMEiFoM5YN8vBlkZwEkWQCeNZlr
kZUe1Sd0yMQa0rhAEWAOlRs=
=I3aQ
-----END PGP SIGNATURE-----
From: Ian Hunter (ihunterhunterweb.net)
Date: Tue Jul 20 2004 - 14:43:37 CDT
> On 07/20/2004 06:46 pm, Ian Hunter wrote:
> > > if all else fails please read DEBUG_README and use something like
"strace
> > > -e trace=file -p $process_id > /some/where/smtp.log" as a
> > > debugger_command
> >
> > Great idea. It seems that it's reading /usr/lib/sasl/smtpd.conf after
all.
> >
> > Jul 20 14:29:04 charlie logger: open("/usr/lib/sasl/smtpd.conf",
O_RDONLY)
> > = 10
> >
> > Other than that, I still don't know anything new. Sign... Maybe I need
to
> > build cyrus-saslauth myself. Argh. I'll have to meditate on that.
>
> Have you tried copying the smtpd.conf file to /etc/postfix/sasl/ ?
> Are you using Debian?
I'm using Redhat 9, and I haven't copied anything to anyplace because and
the strace I ran clearly shows the "open" call to /usr/lib/sasl/smtpd.conf,
as well as the successful connect to the socket at /var/run/saslauthd/mux,
as well as the correct username and password being sent, and the "NO"
response. I'm convinced that saslauth is at fault now.
From: Peter H. Coffin (hellsopninehells.com)
Date: Tue Jul 20 2004 - 14:52:16 CDT
On Tue, Jul 20, 2004 at 10:59:07AM -0400, Arshavir Grigorian wrote:
> I am not quite sure I understand how that entry is considered a bounce.
> I have bounce entries for unknown users:
>
> Jul 19 03:32:31 mail1 postfix/local[22892]: 02DA93E8B9:
> to=<zylkijyxenrmail1.xxxxxxxx.com>, orig_to=<zylkijyxenr>,
> relay=local, delay=0, status=bounced (unknown user: "zylkijyxenr")
>
> My understanding it that if a mail is to be bounced it's done during the
> SMTP conversation. So why is my server trying to connect to the other
> server? Are you saying that the other server closed connection before my
> server could bounce the message?
rejects happen during the SMTP connection, and look like
Jul 20 14:45:24 othin postfix/smtpd[25146]: NOQUEUE: reject: RCPT from
user-0ceiell.cable.mindspring.com[24.233.58.181]: 554
<lashdigitaldiscipline.com>: Recipient address rejected: Access denied;
from=<todddhcids.de> to=<lashdigitaldiscipline.com> proto=SMTP
helo=<mode-herzog.ch>
Bounces happen after SMTP, when something else later realizes that it
cannot deliver the message as promised, and a bounce is a *new* mail,
which may contain all or part of the old mail, which attempts to deliver
back to the sender of the old message.
Jul 19 03:32:31 mail1 postfix/local means it's already passed off to the
local delivery agent, and the SMTP connection is gone. In your logs,
shortly after the bit you copied, you will see a new mail, from=<>, to
the sender of 02DA93E8B9, which is probably not going anywhere fast.
--
The plural of datum is not "facts".
A collection of facts is not "knowledge".
lst_hoe01kwsoft.de
Date: Tue Jul 20 2004 - 14:55:08 CDT
Zitat von Arshavir Grigorian <agm-cam.com>:
>
> Thanks for the comments, Andres.
> I am not quite sure I understand how that entry is considered a bounce.
> I have bounce entries for unknown users:
>
> Jul 19 03:32:31 mail1 postfix/local[22892]: 02DA93E8B9:
> to=<zylkijyxenrmail1.xxxxxxxx.com>, orig_to=<zylkijyxenr>,
> relay=local, delay=0, status=bounced (unknown user: "zylkijyxenr")
>
> My understanding it that if a mail is to be bounced it's done during the
> SMTP conversation. So why is my server trying to connect to the other
> server? Are you saying that the other server closed connection before my
> server could bounce the message?
No. If mail is allowed to enter your system and your MTA later can't find the
recipient it have to create a bounce. If you reject invalid recipients at SMTP
stage the *sender* have to create a bounce (if it is a real MTA at all).
Have a look at xxxx_recipient_maps and how they work. Be sure to use
"reject_non_fqdn_recipient".
Post "postconf -n" to the list if you have further questions.
Read (and understand) http://www.mengwong.com/misc/postfix-uce-guide.txt.
Regards
Andreas