Jie Wang | 29 Aug 01:08

Explicitly reject SMTP connections

Hello, everyone,
 
I have a box running 2.2.3 and encounter the following problem.
 
The box is behind a firewall (ISA), and is under attack frequently ( a lots of SMTP connections). When there are a lot of SMTP connection requests arriving at the box, Postfix does not reject them, instead it put these requests on hold. But to the firewall, it seems these connections are being set up, therefore they occupy some resources, when there are too many of these requests, the firewall freezes.
 
I am looking for ways to get Postfix reject SMTP connections explicitly when Maxproc is reached, and send a server busy message along with the rejection message. How can I do this?
 
Thanks a lot.
 
Jie Wang
Diego Ledesma | 29 Aug 00:43

Conversation timed out

Hello.
A few weeks ago and out of the blue i started getting some messages deferred at random times.

Aug 28 18:44:30 mailserver postfix/qmgr[13315]: EDD5B3505B4: from=<sender <at> senderdomain.com>, size=14529, nrcpt=1 (queue active)
Aug 28 19:04:30 mailserver postfix/smtp[27936]: EDD5B3505B4: to=<recipient <at> recipientdomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1200, delays=0.13/0.01/0/1200, dsn=4.4.2, status=deferred (conversation with 127.0.0.1[127.0.0.1] timed out while sending end of data -- message may be sent more than once)

This also had happened with messages sent in the intranet (sender and recipient on the same mail server).
I just can't seem to find the reason for this time outs.

Output of postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
always_bcc = control <at> ourdomain.com
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
home_mailbox = Maildir/
inet_interfaces = all
mailbox_size_limit = 0
mydestination = ourdomain.com.uy, mailserver, localhost.localdomain, localhost
myhostname = mail.ourdomain.com
mynetworks = 127.0.0.0/8, 192.168.1.0/24
myorigin = /etc/mailname
receive_override_options = no_address_mappings
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
recipient_delimiter = +
relayhost =
sender_bcc_maps = hash:/etc/postfix/sender_bcc
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_mynetworks,   reject_unauth_destination,   reject_non_fqdn_sender,   reject_non_fqdn_recipient,   reject_invalid_helo_hostname,   reject_unlisted_recipient,   reject_unlisted_sender,   permit
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes

Any help is greatly appreciated.
Thanks.

Rob Kelledy | 28 Aug 09:17

Separation of log facilities

Hi,
I'd like to send logging for emails sent from a specific IP to a different syslog facility. I am able to define
the port used by the sending machine and have configured a new instance of smtpd to listen on 26 with the '-o
syslog_facility=' parameter. This successfully captures the connections coming in on 26 but I'd also
like to send the smtp side of things to the same facility. I was thinking transport maps but seems to only be
able to examine rcpt addresses.

Is there a more simple way to do this. Ultimately I'd like to have an instance of postfix (both smtpd and smtp)
listening on a separate port and logging to a difference facility so I can isolate log information without
disrupting current activity.

Thanks,

Rob Kelledy

ram | 28 Aug 08:30

Disallow Mails to multiple domains in single connection

   I have a custom milter setup on my shared postfix servers that allow
customers to maintain their own blacklists 

A domain admin can simply reject mails at the MTA. ( That gets rid of
all NDR's are backscatter automatically ) 
But that fails when a smtp client sends mails to multiple email ids of
different domains in a single transaction. Can I block this 

Thanks
Ram

Chris St Denis | 28 Aug 19:18

max number of multi-recipient aliases?

What is the maximum number of addresses to have in a multi-recipient 
alias? I realize a real mailing list system like majordomo or mailman is 
better for large numbers but I need to use aliases for now 'till I have 
time to set it up and need to know how many I can use before I start to 
run into problems.

Is there any hard limit in postfix?
At what number of aliases can I expect to start to run into some sort of 
problems?

Alex | 28 Aug 19:06

error code 5xx with action as 421.

Hello everyone!

Do we have some 5xx error code, which drop connection immediately as it fo
421?

From docs:
"Use "421" reply codes for botnet-related RBLs or for selected non-RBL
restrictions. This causes Postfix 2.3 and later to disconnect immediately
without waiting for the remote SMTP client to send a QUIT command."

Thank you.

Alex.

Rob Tanner | 28 Aug 18:23

Getting error: queue file size limit exceeded

Hi,

We have a printer IP segment/VLAN which is only printers and these printers are also scanners, and they email the scan back to the user.  Since the scan outputs frequently exceed the configured message_size_limit of 7.5MB, in master.cf I configured a non-standard port (2526) that is restricted to the printer segment and sets to message_size_limit back to the default of 10240000. 

Now, when I send an oversize message (6.2MB, not even that large), I no longer get the message telling me that I have exceeded the 7.5MB message size limit (6.2MB, when BASE64 encoded will more than exceed the message_size_limit being bypassed), but instead, I am getting the message from cleanup: "queue file size limit exceeded". 

Aug 28 08:45:04 neskowin postfix/cleanup[14971]: warning: E6F3B580F3: queue file size limit exceeded

I did a bit of googling, and all I found was to check the amount of free space left in the queue and whether the message size exceeds queue_minfree.  There is several gigabytes free on the partition where the Postfix queue reside and queue_minfree is set to zero which is the default and I presume means unlimited.

Any idea what the problem might be?


Thanks,

Rob Tanner
Linfield College


shawn D.Wang | 28 Aug 18:14

I need help with mail delivery

Hi guys:
 
I'm fresh at postfix. Resently, we have built the postfix for our web service. We would like to deliver some e-magzines to our registered users. but the size of each magzine is over 1 M. but we have hundreds of thousands users. As a result, the bandwidth is embarrassing. Since most of our users use yahoo, Hotmail and some other huge ISP, so if we can just send one copy to certain number of users of the same ISP, the bandwidth could be saved a lot. just let the ISP themselves to distribute the mails to those users. Is there some method to deal with this problem?or just some configuration change can do?
 
thanks a lot~
Marc SCHAEFER | 28 Aug 17:57

Conditional smart-host routing

Hi,

I would like to configure a bizarre setup like this:

   if the mail is sent as usual, do not use a smart-host, just
   deliver (that is easy and works)

   if the recipient domain ends in ".through-smart-host", it should
   deliver via a SMTP relay (smart-host). Of course, just before
   delivering, it should remove the ".through-smart-host" suffix.

Something like this could be interesting:

   s/^(.+)\.through-smart-host$/$1/ smtp:[smart-host]

However I didn't figure out how to implement this using pcre_table(1).

If all fails, I could create a new UNIX mailer in master.cf and route
through it, and make it deliver the mail (e.g. through a nullmailer
or something) after changing the destination with a Perl script,
but that would be complicated, slow and clumsy.

Does anyone have any suggestion ?  (basically, what I want is the
obsolete mixed UUCP/domain routing, such as user%domain.org <at> relay.org,
but that doesn't usually work anymore nowadays)

Thank you.

PS: another idea could be to have a specific header or subject to do the
    routing.

Stefan Palme | 28 Aug 16:11

rbl / rhsbl services?

Hi again,

where do I get information about current well known 
services to be used for

  reject_rbl_client
  reject_rhsbl_sender
  reject_rhsbl_recipient 

Thanks and regards
-stefan-


Directives SMTP main.cf



Hi,



I was reading in [1] and I do not have much experience with Postfix I came the following questions:

In smtpd_sender_restrictions session, for example, he lists some settings possible.
These settings for each session are limited to those listed?


[1] - http://www.postfix.org/uce.html#smtpd_sender_restrictions

[]´s

--
Eduardo Júnior
GNU/Linux user #423272

:wq

Gmane