On Wed, 1 Nov 2006, Wietse Venema wrote:
> > I manually cleared some spam from the host6 queue and I noticed several
> > pieces of the 'stuck' mail went through, then it 'hung' again.

I did this a second time, and requeued everything and restarted
postfix (again) and finally the queue cleared. So it was definitely
something IN one of those messages choking procmail or spamassassin.
Possibly a malformed attachment. I've had issues with those in the last
week.... :(

Just hope this doesn't happen again....

- Charles

Noel Jones wrote:
> [...] or use policyd-weight to
> determine which clients to greylist.

How would you do this?



Greetz,
Julian

I used the example (see below) from the Restriction_Class_Readme from the postfix.org website:

/etc/postfix/main.cf:
    smtpd_recipient_restrictions =
        check_sender_access hash:/etc/postfix/restricted_senders
        ...other stuff...

    smtpd_restriction_classes = local_only
    local_only = 
        check_recipient_access hash:/etc/postfix/local_domains, reject

/etc/postfix/restricted_senders:
    foo@domain      local_only
    bar@domain      local_only

/etc/postfix/local_domains:
    this.domain     OK      matches this.domain and subdomains
    that.domain     OK      matches that.domain and subdomains

--

At 03:35 PM 11/1/2006, Julian Pawlowski \(lists\) wrote:
>Noel Jones wrote:
> > [...] or use policyd-weight to
> > determine which clients to greylist.
>
>How would you do this?

Configure policyd-weight to return a result of "greylist"
for suspicious clients, then define a
smtpd_restriction_classes for greylist that contains
greylist = check_policy_service type:servicename

--
Noel Jones

At 03:25 PM 11/1/2006, Folkert van Heusden wrote:

>Thank you, but that is not entirely what I would like to
>do: I would
>like postfix to check an rbl-list and if the host is in
>that list, then
>execute the greylisting-part. So ONLY do greylisting if it
>is in an
>RBL-list.

This can only be done via a policy service.  Either modify
the greylist service you are using, or use policyd-weight
to determine which clients to greylist.

--
Noel Jones

Hello World:
                     For those of you who have been around awhile you get
that salutation. OK on a more serious note. I have installed postfix and
it works perfectly with all mail servers except one. Unfortunately, I
need to get mail from this server. When a person tries sending me mail
we get the following errors:

Nov 1 00:16:16 lts-smtpout-01 sendmail[1656]: [ID 801593 mail.info]
k9QJAs9C018885: to=<mak@...>, delay=10:05:22,
xdelay=00:03:29, mailer=esmtp, pri=1836317, relay=mail.lancertech.com.
[24.173.132.254], dsn=4.0.0, stat=Deferred: Connection timed out with
mail.lancertech.com.
Nov 1 00:20:20 lts-smtpout-01 sendmail[15327]: [ID 801593 mail.info]
k9QJAs9C018885: to=<mak@...>, delay=10:09:26,
xdelay=00:03:29, mailer=esmtp, pri=1926317, relay=mail.lancertech.com.
[24.173.132.254], dsn=4.0.0, stat=Deferred: Connection timed out with
mail.lancertech.com.
Nov 1 01:11:42 lts-smtpout-01 sendmail[23894]: [ID 801593 mail.info]
k9QJAs9C018885: to=<mak@...>, delay=11:00:48,
xdelay=00:03:29, mailer=esmtp, pri=2016317, relay=mail.lancertech.com.
[24.173.132.254], dsn=4.0.0, stat=Deferred: Connection timed out with
mail.lancertech.com.
Nov 1 01:16:59 lts-smtpout-01 sendmail[11033]: [ID 801593 mail.info]
k9QJAs9C018885: to=<mak@...>, delay=11:06:05,
xdelay=00:03:29, mailer=esmtp, pri=2106317, relay=mail.lancertech.com.
[24.173.132.254], dsn=4.0.0, stat=Deferred: Connection timed out with
mail.lancertech.com.
Nov 1 01:59:13 lts-smtpout-01 sendmail[20196]: [ID 801593 mail.info]
k9QJAs9C018885: to=<mak@...>, delay=11:48:19,
xdelay=00:03:29, mailer=esmtp, pri=2196317, relay=mail.lancertech.com.
[24.173.132.254], dsn=4.0.0, stat=Deferred: Connection timed out with
mail.lancertech.com.
Nov 1 02:39:27 lts-smtpout-01 sendmail[7694]: [ID 801593 mail.info]
k9QJAs9C018885: to=<mak@...>, delay=12:28:33,
xdelay=00:03:29, mailer=esmtp, pri=2286317, relay=mail.lancertech.com.
[24.173.132.254], dsn=4.0.0, stat=Deferred: Connection timed out with
mail.lancertech.com.

Now here's the interesting part I can SEND mail to them! I just can't
receive mail from them.

Ok so I had their Admin check to see if this was a DNS problem on my end
by doing an nslookup from their email server. Here is the information
they sent back:
root@vlb-smtpout-01>nslookup
Default Server: localhost.BoobyHead.com
Address: 127.0.0.1
> set q=any
> lancertech.com
Server: localhost.BoobyHead.com
Address: 127.0.0.1
Non-authoritative answer:
lancertech.com
origin = ns1.biz.rr.com
mail addr = dnsadmin.rr.com
serial = 2003042814
refresh = 10800 (3H)
retry = 3600 (1H)
expire = 604800 (1W)
minimum ttl = 3600 (1H)
lancertech.com internet address = 24.173.132.254
lancertech.com nameserver = ns1.biz.rr.com
lancertech.com nameserver = ns2.biz.rr.com
lancertech.com nameserver = dns4.rr.com
lancertech.com preference = 10, mail exchanger = mail.lancertech.com
Authoritative answers can be found from:
lancertech.com nameserver = ns1.biz.rr.com
lancertech.com nameserver = ns2.biz.rr.com
lancertech.com nameserver = dns4.rr.com
ns1.biz.rr.com internet address = 24.30.200.19
ns2.biz.rr.com internet address = 24.30.201.19
dns4.rr.com internet address = 65.24.0.172
mail.lancertech.com internet address = 24.173.132.254

Looks good to me. As I said in the beginning I can receive mail from
anyone else except from this domain. It looks like a timing issue, but I
haven't a clue.
Finally, here is my postconf -n output:
access_map_reject_code = 554
alias_database = dbm:/etc/mail/aliases
alias_maps = dbm:/etc/mail/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
defer_code = 554
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
in_flow_delay = 1s
invalid_hostname_reject_code = 554
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_domains = cbl.abuseat.org
maps_rbl_reject_code = 554
masquerade_domains = $mydomain
message_size_limit = 20480000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = lancertech.com
myhostname = mail.lancertech.com
mynetworks = 128.29.127.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 554
queue_directory = /var/spool/postfix
readme_directory = no
reject_code = 554
relay_domains =
relay_domains_reject_code = 554
relayhost =
sample_directory = /etc/postfix
sendmail_path = /usr/lib/sendmail
setgid_group = postdrop
show_user_unknown_table_name = no
smtpd_client_restrictions = reject_unknown_client,
reject_rbl_client relays.ordb.org
smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce,        permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 10
smtpd_etrn_restrictions = permit_mynetworks,        reject
smtpd_hard_error_limit = 5
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_hostname,     reject_invalid_hostname,
reject_unknown_hostname,     check_helo_access
dbm:/etc/postfix/helo_access
smtpd_junk_command_limit = 3
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient,        reject_unknown_sender_domain,
reject_unknown_recipient_domain,        permit_mynetworks,
reject_unauth_destination,        reject_multi_recipient_bounce,
reject_non_fqdn_hostname,        reject_invalid_hostname,
reject_unknown_client,        reject_unknown_hostname,
reject_unauth_pipelining,        reject_rhsbl_sender
dsn.rfc-ignorant.org        reject_rhsbl_sender
bogusmx.rfc-ignorant.org,        reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl-xbl.spamhaus.org,        reject_rbl_client
dnsbl.sorbs.net,        reject_rbl_client list.dsbl.org,
reject_rbl_client relays.ordb.org,        permit
smtpd_sender_restrictions = permit_mynetworks,     check_sender_access
dbm:/etc/postfix/access,     reject_non_fqdn_sender,
reject_unknown_sender_domain,     reject_unknown_address
smtpd_soft_error_limit = 2
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
Any and all help will be greatly appreciated.
Regards - Mark K.

Hi,

> > Thank you, but that is not entirely what I would like to do: I would
> > like postfix to check an rbl-list and if the host is in that list, then
> > execute the greylisting-part. So ONLY do greylisting if it is in an
> > RBL-list.
> That's only possible in the policy daemon itself, so patch the daemon
> that implements the greylisting.

I did some further googling and found this:
http://www.orangegroove.net/code/marbl/
which is exactly what you describe!
Seems to work...


Folkert van Heusden

--
www.vanheusden.com/multitail - multitail is tail on steroids. multiple
                windows, filtering, coloring, anything you can think of
----------------------------------------------------------------------
Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com

Hi

I set up postfix + ldap, and it works. (thanks guys !)

I tried to set home_mailbox = Maildir/
and every mails are stored in a dedicated folder (/vmail)
But I'm getting only only mbox format (one file per user)

I think I missed something.

Does someone know a good tuto about this, please ?

(I tried to look at the man : "When the mailbox location ends in /, the
message is delivered  in qmail maildir format. This format stores one message
per file."
with no luck)

Thanks again !
--
----
Ronan REYNAUD

On Nov 1, 2006, at 11:25 AM, Folkert van Heusden wrote:

> So ONLY do greylisting if it is in an RBL-list.

I'd suggest only NOT greylist people who are on a local whitelist.
It's a smaller set, and should have better results.

And remember, watch the logs, guyz....

Aloha mai Nai`a!
--
"Please have your Internet License             http://kapu.net/~mjwise/
    and Usenet Registration handy..."

Folkert van Heusden wrote:
> I did some further googling and found this:
> http://www.orangegroove.net/code/marbl/
> which is exactly what you describe!

Looks interesting. Should be included to policyd-weight I think :-)
I don't want to have too much policyd's running that work for the same
category...


Regards,
Julian

Noel Jones wrote:
> Configure policyd-weight to return a result of "greylist"
> for suspicious clients, then define a
> smtpd_restriction_classes for greylist that contains greylist
> = check_policy_service type:servicename

Yes, sure. Already have this (read me posting before *g*).

I was wondering if policyd-weight now has greylist support directly
included (means it handles greylisting _additionally_ to what it already
does).


Greetz
Julian

Michael J Wise wrote:
> And remember, watch the logs, guyz....

Permanently :-)

It's sometimes better than every thriller EVER! ;-D


Julian

At 03:51 PM 11/1/2006, Julian Pawlowski \(lists\) wrote:
>Noel Jones wrote:
> > Configure policyd-weight to return a result of "greylist"
> > for suspicious clients, then define a
> > smtpd_restriction_classes for greylist that contains
> greylist
> > = check_policy_service type:servicename
>
>Yes, sure. Already have this (read me posting before *g*).
>
>I was wondering if policyd-weight now has greylist support
>directly
>included (means it handles greylisting _additionally_ to
>what it already
>does).

Not that I know of - I don't use policyd-weight.
But using the method I described, you can have
policyd-weight call some other greylist service selectively
based on what you define as suspicious, such as RBL hits,
rDNS hostname (or lack of one), HELO hostname, etc.

--
Noel Jones

Noel Jones wrote:
> But using the method I described, you can have policyd-weight
> call some other greylist service selectively based on what
> you define as suspicious, such as RBL hits, rDNS hostname (or
> lack of one), HELO hostname, etc.

I didn't have a closer look to the configuration but I think that's not
possible without modifying the code itself as the configuration is not
that flexible.

Robert Adkins wrote:
> I used the example (see below) from the Restriction_Class_Readme from the
postfix.org website:
>
> /etc/postfix/main.cf <http://www.postfix.org/postconf.5.html>:
>     smtpd_recipient_restrictions
<http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions> =
>         check_sender_access
<http://www.postfix.org/postconf.5.html#check_sender_access>
hash:/etc/postfix/restricted_senders
>         /...other stuff.../
>
>     smtpd_restriction_classes
<http://www.postfix.org/postconf.5.html#smtpd_restriction_classes> = local_only
>     local_only =
>         check_recipient_access
<http://www.postfix.org/postconf.5.html#check_recipient_access>
hash:/etc/postfix/local_domains, reject
>
> /etc/postfix/restricted_senders:
>     foo@domain      local_only
>     bar@domain      local_only
>
> /etc/postfix/local_domains:
>     this.domain     OK      /matches this.domain and subdomains/
>     that.domain     OK      /matches that.domain and subdomains
>
> --
>
> /
>
>     After creating a test user account, adding that user to the
> restricted_senders and creating the local_domains file and then running
portmap
> on both files to create the .db files. I restarted the postfix daemon and
> nothing changed.
>
>     The test user can still send and receive email from outside of the domain.
>
>     Am I missing something?
>
>

1- do not hijack threads by replying to an unrelated message.

2- follow the directions explained in the ML welcome message, and on
     http://www.postfix.org/DEBUG_README.html#mail
In particular, send output of  'postconf -n'.

As you can see, copy-pasting from firefox to thunderbird is horrible.

On Nov 1, 2006, at 12:00 PM, Julian Pawlowski (lists) wrote:
> Michael J Wise wrote:
>> And remember, watch the logs, guyz....
>
> Permanently :-)

" Constant Vigilance!

> It's sometimes better than every thriller EVER! ;-D

Eh, I'll still take the Trials and Tribulations of the Boy Wizard....
Got "Exceeds Expectations" on both my WOMBATs!

	 :)

I have better things to do than watch logs.
But watching logs is important.

Aloha mai Nai`a!
--
"Please have your Internet License             http://kapu.net/~mjwise/
    and Usenet Registration handy..."

enediel gonzalez wrote:
> Hello
> I need to rewrite an specific sender addresss account@...
> to account@domain (fictisious domain in this example)
>
> but after configure the rewrite rules, I still get errors that
> server1.domain doen't exist, I want to put the rewrite before any
> check in my postfix configuration.
>
you can't. you should
- move reject_unknown_sender_domain to after reject_unauth_destination
- remove reject_unknown_recipient_domain

if you really insist on using those, then exclude the domain
server1.example from the checks. too much work I believe.

On Wednesday, November 01, 2006 at 23:18 CET,
      mouss <usebsd@...> wrote:

> 1- do not hijack threads by replying to an unrelated message.
>
> 2- follow the directions explained in the ML welcome message, and on
>    http://www.postfix.org/DEBUG_README.html#mail
> In particular, send output of  'postconf -n'.
>
> As you can see, copy-pasting from firefox to thunderbird is horrible.

And finally, do not post HTML-only messages.

--
Magnus Bäck
magnus@...

ronan reynaud wrote:
> Hi
>
> I set up postfix + ldap, and it works. (thanks guys !)
>
> I tried to set home_mailbox = Maildir/
> and every mails are stored in a dedicated folder (/vmail)
> But I'm getting only only mbox format (one file per user)
>
> I think I missed something.
>
> Does someone know a good tuto about this, please ?
>
> (I tried to look at the man : "When the mailbox location ends in /, the
> message is delivered  in qmail maildir format. This format stores one message
> per file."
> with no luck)
>
>

post logs so we see how mail is delivered. If mail is delivered by an
external agent (maildrop, postfix, whatever), then postfix parameters
are of no help.

Charles Gregory:
> On Wed, 1 Nov 2006, Wietse Venema wrote:
> > > I manually cleared some spam from the host6 queue and I noticed several
> > > pieces of the 'stuck' mail went through, then it 'hung' again.

That wansn't me.

> I did this a second time, and requeued everything and restarted
> postfix (again) and finally the queue cleared. So it was definitely
> something IN one of those messages choking procmail or spamassassin.
> Possibly a malformed attachment. I've had issues with those in the last
> week.... :(

If you sent the SAME CONTENT again into the SAME FILTERS, and this
time the mail went through, then the problem was not caused by the
content.

	 Wietse

At 03:42 PM 11/1/2006, EXT-Khan, Mark A wrote:
>Hello World:
>                     For those of you who have been around
> awhile you get
>that salutation. OK on a more serious note. I have
>installed postfix and
>it works perfectly with all mail servers except one.
>Unfortunately, I
>need to get mail from this server. When a person tries
>sending me mail
>we get the following errors:
>
>Nov 1 00:16:16 lts-smtpout-01 sendmail[1656]: [ID 801593
>mail.info]
>k9QJAs9C018885: to=<mak@...>, delay=10:05:22,
>xdelay=00:03:29, mailer=esmtp, pri=1836317,
>relay=mail.lancertech.com.
>[24.173.132.254], dsn=4.0.0, stat=Deferred: Connection
>timed out with
>mail.lancertech.com.
>...
>Now here's the interesting part I can SEND mail to them! I
>just can't
>receive mail from them.

Does the receiving system log anything during the attempts
that time out?  If not, this is a networking problem at the
sending site or maybe they are blocked by a firewall at
your site.
Seems like this must be a network issue of some type (MTU
is the usual suspect).  A packet capture might show
something interesting.
http://www.postfix.org/DEBUG_README.html#sniffer

--
Noel Jones

1.    I have set my email client to only send plaint-text emails to
postfix.org. I do attempt to remember to add mailing lists to that
filter, unfortunately being human, I sometimes forget to do so. I
apologize for the error on my part.

I used the example (see below) from the Restriction_Class_Readme from
the postfix.org website:

/etc/postfix/main.cf:
     smtpd_recipient_restrictions =
         check_sender_access hash:/etc/postfix/restricted_senders
         ...other stuff...

     smtpd_restriction_classes = local_only
     local_only =
         check_recipient_access hash:/etc/postfix/local_domains, reject

/etc/postfix/restricted_senders:
     foo@domain      local_only
     bar@domain      local_only

/etc/postfix/local_domains:
     this.domain     OK      matches this.domain and subdomains
     that.domain     OK      matches that.domain and subdomains

     After creating a test user account, adding that user to the
restricted_senders and creating the local_domains file and then running
portmap on both files to create the .db files. I restarted the postfix
daemon and nothing changed.

     The test user can still send and receive email from outside of the
domain.

  From 'postconf -n' :

alias_maps = hash:/etc/aliases
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
home_mailbox = Maildir/
html_directory = /usr/share/doc/packages/postfix/html
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 30720000
mydestination = $myhostname, localhost.$mydomain, impelind.com
myhostname = impelind.com
myorigin = impelind.com
newaliases_path = /usr/bin/newaliases
readme_directory = /usr/share/doc/packages/postfix/README_FILES
recipient_bcc_maps = hash:/etc/postfix/duper_bcc
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_bcc_maps = hash:/etc/postfix/duper_bcc
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_use_tls = no
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions =
permit_mynetworks,reject_unauth_destination, check_sender_access
hash:/etc/postfix/restricted_senders
smtpd_restriction_classes = local_only
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_use_tls = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550

     Thank you,
     Robert Adkins

Joe Auty wrote:
> Hmmm.... I don't have any receive_override_options set, and I'm
> running this under FreeBSD (not an RPM install)....
>
> Any other ideas?

check your maps (virtual_alias_maps, alias_maps) using postmap -q.

for _var in alias_maps virtual_alias_maps; do
     maps=`postconf -h $_var | sed '/,/ /'`;
     for _map in $maps; do
        echo checking in $_map
        postmap -q diane@... $_map
     done
done


PS. Please obey the Reply-To header (If you don't see what I mean, check
your last post and that of Viktor).

Robert Adkins wrote:
>
> /etc/postfix/main.cf:
>    smtpd_recipient_restrictions =
>        check_sender_access hash:/etc/postfix/restricted_senders
>        ...other stuff...
>

Now compare this to your configuration as reported by postconf -n. It
must now be clear why sending output of postconf -n is (almost) always
needed.

>   [snip]
> smtpd_recipient_restrictions =
> permit_mynetworks,reject_unauth_destination, check_sender_access
> hash:/etc/postfix/restricted_senders
permit_mynetworks permits mail from mynetworks. no further checks are
performed.

add the check_sender_access above to smtpd_sender_restrictions and it
will work.

Julian Pawlowski (lists) wrote:
> Noel Jones wrote:
>
>> But using the method I described, you can have policyd-weight
>> call some other greylist service selectively based on what
>> you define as suspicious, such as RBL hits, rDNS hostname (or
>> lack of one), HELO hostname, etc.
>>
>
> I didn't have a closer look to the configuration but I think that's not
> possible without modifying the code itself as the configuration is not
> that flexible.
>
>

You can use defer_if_reject and then have a script to parse the logs and
add the clients to a whitelist or to a blocklist.

At 04:10 PM 11/1/2006, Julian Pawlowski \(lists\) wrote:
>Noel Jones wrote:
> > But using the method I described, you can have
> policyd-weight
> > call some other greylist service selectively based on what
> > you define as suspicious, such as RBL hits, rDNS
> hostname (or
> > lack of one), HELO hostname, etc.
>
>I didn't have a closer look to the configuration but I
>think that's not
>possible without modifying the code itself as the
>configuration is not
>that flexible.

I didn't look that closely either, but it should be pretty
simple either way - just convince policyd-weight to return
a restriction class name such as "greylist" rather than
"554 foo".

--
Noel Jones

On Wednesday 01 November 2006 00:18, Matthias Schmidt [c] wrote:
> what I want to do:
> I have some virtual domains like  abc.com, abc.org, abc.info etc.
> and one user called joe@...
>
> now I'd like if a mail is adressed to joe@... that it goes to the
> same postbox as the .com mail.
> so that abc.org (etc) is just an alias of abc.com.
>
> how is that done without setting up several email accounts?

See VIRTUAL_README.html in your Postfix documentation (or online.)
There are numerous options.
--
     Offlist mail to this address is discarded unless
     "/dev/rob0" or "not-spam" is in Subject: header

hi -- my apologies if this is badly formatted; i don't usually use
gmail for my mail and there seems to be no preview.  :/

my installation is not delivering any mail since earlier this
afternoon.  it's a standard debian installation; straight out of the
box, nothing special.  i have not changed anything; it just stopped
working.  googling for the error message has not been helpful.

the log is filled with messages like the excerpt below; i stopped and
restarted postfix which changed nothing.  i looked at the messages
listed here and various other ones from earlier in the log, including
the first message for which i saw this type of entry; i see nothing
odd about them but i am not really sure what to look for.  i suspect
that there is one bad message out there on which cleanup horks, but i
don't know how to find it; i am woefully unfamiliar with how postfix
works.  help?

Nov  1 17:16:22 aegis postfix/postfix-script: starting the Postfix mail system
Nov  1 17:16:22 aegis postfix/master[25478]: daemon started -- version 2.1.5
Nov  1 17:16:23 aegis postfix/pickup[25481]: 8A180732A4: uid=1001 from=<gooroos>
Nov  1 17:16:23 aegis postfix/cleanup[25483]: 8A180732A4:
message-id=<4548E554.7080002@...>
Nov  1 17:16:23 aegis postfix/cleanup[25483]: warning:
cleanup_message_headerbody: message rejected: unexpected record type 0
in message content
Nov  1 17:16:23 aegis postfix/pickup[25481]: warning: premature
end-of-input on public/cleanup socket while reading input attribute
name
Nov  1 17:16:23 aegis postfix/pickup[25481]: warning:
maildrop/9F84776819: Error writing message file
Nov  1 17:16:23 aegis postfix/master[25478]: warning: process
/usr/lib/postfix/cleanup pid 25483 killed by signal 11
Nov  1 17:16:23 aegis postfix/master[25478]: warning:
/usr/lib/postfix/cleanup: bad command startup -- throttling
Nov  1 17:16:23 aegis postfix/pickup[25481]: 958BF732A5: uid=1001 from=<gooroos>
Nov  1 17:16:23 aegis postfix/cleanup[25485]: 958BF732A5:
message-id=<20061102010922.GH6419@...>
Nov  1 17:16:23 aegis postfix/cleanup[25485]: warning:
cleanup_message_headerbody: message rejected: unexpected record type 0
in message content
Nov  1 17:16:23 aegis postfix/pickup[25481]: warning: premature
end-of-input on public/cleanup socket while reading input attribute
name
Nov  1 17:16:23 aegis postfix/pickup[25481]: warning:
maildrop/0FCE37681A: Error writing message file

that's it.  anything else that would help analyse it, just ask; i
figured i won't copy all sorts of config stuff here unless necessary.
--
-pir anha

I think that SV is a terrible idea to begin with. I will
spare you the rant. Nevertheless:

	 "By default, Postfix probe messages have
	 postmaster@$myorigin" as the sender address. This is SAFE
	 because the Postfix SMTP server does not reject mail for this
	 address."

That doesn't make sense to me. Doesn't that presuppose that the
probed server is running Postfix or am I suffering from a senior
moment? The concept makes sense - just not the explanation.

	 "You can change this into the null address
	 ("address_verify_sender ="). This is UNSAFE because address
	 probes will fail with mis-configured sites that reject MAIL
	 FROM: <>, while probes from 'postmaster@$myorigin' would
	 succeed."

While I agree, that's not limited to mis-configured servers.
Rejecting null sender seems to be the most effective means of
eliminating backscatter. Is that an errant conclusion on my part?

--
Our DNSRBL - Eliminate Spam at the Source: http://www.TQMcube.com
                Don't Subsidize Criminals: http://boulderpledge.org

pir anha:
> hi -- my apologies if this is badly formatted; i don't usually use
> gmail for my mail and there seems to be no preview.  :/
>
> my installation is not delivering any mail since earlier this
> afternoon.  it's a standard debian installation; straight out of the
> box, nothing special.  i have not changed anything; it just stopped
> working.  googling for the error message has not been helpful.

Something changed, and it was not me breaking into your computer
sneakingly changing files. Bor does Postf contain self-modifying
programs.

Compare the MD5 or SHA-1 hash of the Postfix executables against
those from pristine media. Then compare system libraries that are
run-time linked into Postfix.

	 Wietse