headers
Srdan Dukic | 4 Jul 04:44

How to backhole mail?

Hi,

For one of my projects I'm setting up a server to test the total
number of SMTP connections that our postfix server can handle. I am
trying to isolate the first part of the smtp server transaction up to
the recipient server receiving the message i.e. the end of the smtp
transaction. Afterwards I would like to discard the message (send it
to /dev/null or something), so that the message doesn't place any
extra strain (cpu cycles, disk i/o) on the system.

How do I set up an Postfix server so that it accepts mail for any
domain, any username and then simply deletes the message (sends it to
/dev/null)?

Than you,
--

-- 
Srđan Đukić
Permalink | Reply | 6 comments |
headers
Ing. Davy Leon | 3 Jul 18:46

smarthost issue

Hello guys
 
I deliver all my outgoing email to an smarthost.
This smarthost is sender dependant password protected. How can postfix make the delivery?
I think, every time posrfix open a SMTP session with the smarthost after authentication should deliver one message and close it. If deliver several messages using the same smtp session, the smarthost will change the "From" header making the email looks like coming from the user owner of the credential postfix used for opening it, wich is wrong. So Postfix has to authenticate with the smarthost for every message.
 
Some times smarthost account get blocked for a short period of time due to spammers brute forde attack, so, how can I tell postfix, that keep in queue messages that could't be delivered to the smarthost because of a blocked account without noticing the user, just the postmaster.
 
I will appreciate some help here.
 
Thanks in advance.
 
David
Permalink | Reply | 1 comment |
headers
Sriram Nyshadham | 3 Jul 22:33
Favicon

Postsuper /postfix log issues

Hi All,
We have weird issue with postsuper logs.
I deleted some 20000 emails on one of our MTAs using a script(similar to below) to delete mails destined a particular domain.
mailq | tail +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" } { if ($1 !~ /(\*$)|(\!$)/ && ($8 ~ /( <at> domain.com)/) && $9 == "") print $1 }' | postsuper -d -

When i look at the logs,I don't find a log for each message deleted individually, instead, it shows something like this.
out05 postfix/postsuper[40618]: Deleted: 20000 messages
As per my experiences earlier, it should log individual message's deletion log. I am wondering why it didn't.

Can someone tell us what would have happened? Also, one of our clients lost some mails during that time and I couldn't find the logs saying that those mails
expired also.

Thanks for your help.

Sriram

--------------------------------------------------
Confidentiality And Disclaimer Notice
Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. ……www.netenrich.com
-------------------------------------------------
Permalink | Reply | 1 comment |
headers
Gábor Lénárt | 3 Jul 12:18

MTA or SMTP proxy?

Hei,

Recently I am thinking of reimplementing our MX servers. Of course rcpt
check is a must, also I should not generate NDRs later, I should only accept
mails from outside which won't cause bounce on the mail store MTA later. My
problem: there are some conditions cannot be forecasted easily, I can't be
sure that mail can be delivered (over quota, user is deleted between the
moments of mail at MX and the mail storage etc). Some people would say, that
this issue is minor, and quite rare so I should not care about this. However
I think even rcpt checking can be eliminated on MX servers if I have some
kind of SMTP proxy like thing (instead of "real" MTA with queue) at the MX
servers. Since mail store won't accept the mail for non-existing rcpt
address, an SMTP proxy like solution does not even need rcpt check itself.
Also the over quota problem is solved. Also, I hate when there is some rare
problem with the backend mail servers (mail stores) and we have huge queues
filled up with waiting mails, I would say, that MX servers shouldn't accept
anything if they are not 100% sure that they can transfer the mail to the
backend. Since MTAs should have queue anyway, I am not sure this kind of
SMTP proxy server can be implemented with postfix (it would be great since I
would be able to use its policy server and maybe milter too), the key
feature that it shouldn't use any queue, when sender MTA issues the
corresponding SMTP commands, it should do that for the backend and giving
back the result. What do you think, is it a bad idea? I know this is really
not like a traditional MTA, should I use some kind of SMTP proxy solution
instead then? Any idea? Thanks a lot.

--

-- 
- Gábor
Permalink | Reply | 13 comments |
headers
K bharathan | 3 Jul 10:57

backscatter

the following is the log from my gateway to a subdomain;  there are lot <> sender mails are going; is it backscatter?;  some are rejected on the basis of header-checks; the owner of the subdomain has got a mail server; how can i prevent this

Jul  3 10:25:28 relay2 postfix/cleanup[13619]: 60F3A2122D: reject: header Content-Type: text/plain; charset="koi8-u" from mai
lhost.council.net[195.202.154.33]; from=<> to=<pac <at> abc.com> proto=ESMTP helo=<ecenterx08.ecenter.ecenter2008>: 5.7.1 NotR
eadable2
Jul  3 10:26:04 relay2 postfix/smtp[13797]: 359D42122B: to=<pac <at> abc.com>, relay=192.168.21.12[192.168.21.12]:25, delay=0.
09, delays=0.08/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 69C482293E7)
Jul  3 10:26:04 relay2 amavis[13858]: (13858-06) Passed CLEAN, [132.208.250.43] <> -> <pac <at> abc.com>, Message-ID: <0KM700I
076NIKM00 <at> courriel2.sitel.uqam.ca>, mail_id: pvzt40i0g0xP, Hits: -2.598, size: 5216, queued_as: 359D42122B, 5242 ms
Jul  3 10:26:04 relay2 postfix/smtp[13836]: C2F6D2122A: to=<pac <at> abc.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, de
lays=2.8/0/0/5.2, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 359D42122B)

guidance appreciated

Permalink | Reply | 8 comments |
headers
priscilla | 3 Jul 08:19

Allow only authenticated sender

Dear All,
We have installed postfix with openldap and cyrus sasl.
We want to allow only authenticated sender to send mails.
We have configured the following in postfix's main.cf to implement the same.

smtpd_sender_login_maps=<ldap>
smtpd_reject_unlisted_sender=yes
smtpd_sender_restrictions=reject_sender_login_mismatch  
check_sender_access <ldap>

But we get the following error message

The mail server responded 5.7.1  <recipient address>  sender address 
rejected now owned by user <sender> . Please check the message 
recipients and try again.

Regards
Priscilla
Permalink | Reply | 3 comments |
headers
KLaM Postmaster | 3 Jul 06:07

Testing/verifying a DKIM setup

Does anybody know how I can test whether my DKIM setup, keys etc, is
correct.
Is there a public/open testbed.
TIA
JLA
Permalink | Reply | 4 comments |
headers
The Doctor | 3 Jul 04:37
Favicon

Getting better

Right

1) Upgraded to postfix 2.7 20090607 release

and no error message in SASL, YAY!!!

However,

Jul  2 20:38:57 doctor doctor[31]: postfix/smtpd[6175]: warning: milter
unix:/var/run/milter/milter-clamc.socket: can't read SMFIC_OPTNEG reply packet header: Broken pipe
Jul  2 20:38:57 doctor doctor[31]: postfix/smtpd[6175]: warning: milter
unix:/var/run/milter/milter-clamc.socket: read error in initial handshake    

Why?
--

-- 
Member - Liberal International	This is doctor <at> nl2k.ab.ca
Ici doctor <at> nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising!
Never Satan President Republic!
The fool says in his heart, "There is no God". They are corrupt, and their ways are vile; there is no one who
does good. - Ps 53:1
Permalink | Reply | 0 comments |
headers
Wilson A. Galafassi Jr. | 3 Jul 01:47

single domain - multiple smtp relayhosts

Hello to all,

I need to configure postfix to use multiple smtp relayhosts for a single
domain.

This is possible? How?

Thanks,

Wilson
Permalink | Reply | 10 comments |
headers
Avinash Sultanpur | 2 Jul 21:18

relay_recipient_maps and address verification

Hi,

I have a set of domains for which I am relaying mails through my server. 
The final destination server for some of these domains are always 
available (connected to the internet all the time and powered on) for 
which I would like to implement recipient address verification. There 
are some other destination servers which are not available all the time 
(switched off during the nights and weekends) for which I would like to 
maintain relay_recipient_maps so that I can accept and queue the mails 
till the host is back online.

I have successfully configured both types of recipient verification 
individually. Now I would like to have these working on the same server. 
I have tried the configuration below.

smtpd_recipient_restrictions =
        reject_non_fqdn_sender
        reject_non_fqdn_recipient
        reject_unknown_sender_domain
        reject_unknown_recipient_domain
        reject_unauth_pipelining
        permit_sasl_authenticated
        permit_mynetworks
        reject_unauth_destination
        reject_rbl_client zen.spamhaus.org
        reject_unverified_recipient

relay_recipient_maps = pgsql:recipients

I found that the address verification probes are sent out even for the 
recipients which are listed in the relay_recipient_maps. So I included 
check_recipient_access which returned 'OK' for the valid recipients just 
before reject_unverified_recipient and removed relay_recipient_maps. It 
does work as I expected - accepting listed recipients without a 
verification probe and rejecting unverified recipients.

smtpd_recipient_restrictions =
        ...
        check_recipient_access pgsql:rcpt_access
        reject_unverified_recipient

Is it possible to avoid check_recipient_access and use 
relay_recipient_maps and reject_unverified_recipient without triggering 
a verification probe for the listed recipient? Maybe if there was 
something like permit_listed_recipient?

thanks,
Avinash
Permalink | Reply | 2 comments |
headers
Jaroslaw Grzabel | 2 Jul 18:19

Maximum smtp process limit has been reached.

Hi,

I'm struggling with new SMTP server and I noticed that sometimes it just 
hangs because of:

Jul  2 14:14:21 smtp postfix/master[17716]: warning: service "smtp" (25) 
has reached its process limit "50": new clients may experience 
noticeable delays
Jul  2 14:15:06 smtp postfix/master[17716]: warning: to avoid this 
condition, increase the process count in master.cf or reduce the service 
time per client

The problem is when it happens I can't do nothing just reload postfix. 
Is there any way to sort it out ? I increased that value now, but for me 
it's not solving my problem because instead of increasing that I would 
rather like to postfix struggles with with on its own somehow by reload 
configuration or ... I don't know.
Maybe is there any timeout to setup, because after that when I took a 
look at netstat it showed me a lot of connections from 127.0.0.1 
(greylisting daemon).

Thank you for any help in advance.

Regards,
Jarek
Permalink | Reply | 6 comments |

Gmane