> -----Original Message-----
> From: mouss@... [mailto:owner-postfix-users@...] On
> Behalf Of mouss
> Sent: Sunday, November 02, 2008 1:34 PM
> To: postfix-users@...
> Subject: Re: Multiple transports per domain
>
> Toni Van Remortel wrote:
> > Hi,
> >
> > We are migrating our mail server from Dovecot to Zarafa.
> > Problem is that we cannot migrate all users in one night, as they all
> > use POP3 and currently have approx 8GB mails each (80 users). There
> is
> > not yet an active Alfresco for archiving, so we need to carry on with
> > this way of working.
> >
> > So we like to migrate the users one by one, which incorporates that
> new
> > e-mail should be delivered in both Dovecot and Zarafa at the same
> time.
> > In this way we can migrate users selectively.
> >
> > Is there a way we can configure Postfix to deliver e-mail to both
> > transports at the same time?
> >
>
> use virtual_alias_maps:
>
> foo@... foo@..., foo@...

Virtual_alias_maps will work for 1 transport > multiple domains.
What I want, is 1 domain > multiple transports.

I know it isn't a normal way to handle e-mail delivery, but it sure would
improve the migration.

Grtz,
Toni

On Mon, November 3, 2008 8:25 am, Toni Van Remortel
<toni.van.remortel@...> said:

> > use virtual_alias_maps:
> >
> > foo@... foo@..., foo@...
>
> Virtual_alias_maps will work for 1 transport > multiple domains.
> What I want, is 1 domain > multiple transports.

If you don't want the envelope addresses rewritten rewrite them back to
the original address upon delivery with smtp_generic_maps.

Two deliveries requires two recipient addresses.

--
Magnus Bäck
magnus@...

Patrick Ben Koetter wrote:
> We are working on a new edition as I write. Yet, things are still in a
> fragile
> state. We've have a plan of what we want to do and we've collected bits and
> pieces that should go into it.
>
> Next we will have to do the actual editing. Ralf has already killed all known
> erratas. There are some new chapters - SMTP Basics, Milter, etc. - to
> translate, which we had added to the German version of the book. Then existing
> chapters need to be updated. I am talking about SASL, TLS, the company server
> chapter and last but not least the SMTP Restrictions chapter.
>
> So just to anticipate a well know question in development circles: Yes, I am
> unable to tell when it will be ready to print.
That sounds great!

>> http://marc.info/?l=postfix-users&m=117079476419038&w=2
>>
> I think this edition is on the market, but I haven't confirmed that.
>
> p@rick
>

Please let us know if and where it is.  You'll have my order straight away.

--kj

Ok, excuse me.
Now I post my postconf -n:




alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases,ldap:aliases
config_directory = /etc/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 50
double_bounce_sender = postmaster
forward_path = $home/.forward
home_mailbox = Maildir/
inet_interfaces = $myhostname,localhost
local_recipient_maps = unix:passwd.byname
local_transport = local
mail_owner = postfix
mydestination = $myhostname, localhost.localdomain, localhost.localdomain,
localhost
myhostname = hosting.pippo.it
mynetworks = 127.0.0.0/8, 192.168.1.0/24, 192.168.2.0/24
myorigin = $myhostname
queue_directory = /var/spool/postfix
relayhost = 192.168.1.4
smtpd_restriction_classes = local_only
unknown_local_recipient_reject_code = 550
virtual_alias_maps = ldap:aliases
virtual_gid_maps = static:1003
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = ldap:domains
virtual_mailbox_maps = ldap:mailbox
virtual_minimum_uid = 500
virtual_transport = virtual
virtual_uid_maps = static:1002

THANKS



Gabriele Di Giambelardini wrote:
> ok I tried it but not work well.
>
> [snip]
>
> smtpd_recipient_restriction =
>        check_sender_access hash:/etc/postfix/restricted_senders
>


Please show the output of 'postconf -n' instead of main.cf.

and no, don't fix the typo. use:
smtpd_sender_restrictions =
         check_sender_access hash:/etc/postfix/restricted_senders



> [snip]

Toni Van Remortel <toni.van.remortel@...> wrote:
>> -----Original Message-----
>> From: mouss@... [mailto:owner-postfix-users@...] On
>> [snip]
>> use virtual_alias_maps:
>>
>> foo@... foo@..., foo@...
>
> Virtual_alias_maps will work for 1 transport > multiple domains.
> What I want, is 1 domain > multiple transports.
>


Avoid stating problems and goals in terms of solutions (think in the
"problem domain", not in the "solution domain"). I am certain you don't
care about transports. what you want is the message to be delivered to
two mailboxes, one of them (or both) being hosted on a remote server.

for the message to go to two mailboxes, use virtual_alias_maps as
suggested in my previous post. now the message will be delivered to
foo@... and foo@.... you can use transport_maps to
force delivery of these addresses using whatever transport you want. for
example:

other.example.com relay:[host.example]:12345


if in addition you want host.example to see the original recipient, you
can rewrite the address back using smtp_generic_maps:

foo@... foo@...

This works (does not cause a loop) because smtp_generic_maps are
"resolved" after routing (transport selection).

If you want the same thing for a whole domain, create entries for each
valid user. you can't simply use pcre or regexp because
virtual_alias_maps are used for recipient validation, and a wildcard
alias will thus break this validation (all addresses will be accepted,
then bounced later, causing backscatter). so either use a script to
generate the mappings or use *sql/ldap to generate them on the fly.

Gabriele Di Giambelardini wrote:
> Ok, excuse me.
> Now I post my postconf -n:
>
>
>
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases,ldap:aliases
> config_directory = /etc/postfix
> debug_peer_level = 2
> default_destination_concurrency_limit = 50
> double_bounce_sender = postmaster
> forward_path = $home/.forward
> home_mailbox = Maildir/
> inet_interfaces = $myhostname,localhost
> local_recipient_maps = unix:passwd.byname
> local_transport = local
> mail_owner = postfix
> mydestination = $myhostname, localhost.localdomain, localhost.localdomain,
localhost
> myhostname = hosting.pippo.it
> mynetworks = 127.0.0.0/8, 192.168.1.0/24, 192.168.2.0/24
> myorigin = $myhostname
> queue_directory = /var/spool/postfix
> relayhost = 192.168.1.4
> smtpd_restriction_classes = local_only
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = ldap:aliases
> virtual_gid_maps = static:1003
> virtual_mailbox_base = /var/vmail
> virtual_mailbox_domains = ldap:domains
> virtual_mailbox_maps = ldap:mailbox
> virtual_minimum_uid = 500
> virtual_transport = virtual
> virtual_uid_maps = static:1002
>

as you can see, there are no smtpd_*_restrictions, probably because of a
typo in your main.cf (restrictsionS is plural). but don't fix the typo.
use smtpd_sender_restrictions as I suggested.

> -----Original Message-----
> From: mouss@... [mailto:owner-postfix-users@...] On
> Behalf Of mouss
> Sent: Monday, November 03, 2008 10:49 AM
> To: postfix-users@...
> Subject: Re: Multiple transports per domain
>
> Toni Van Remortel <toni.van.remortel@...> wrote:
> >> -----Original Message-----
> >> From: mouss@... [mailto:owner-postfix-users@...] On
> >> [snip]
> >> use virtual_alias_maps:
> >>
> >> foo@... foo@..., foo@...
> >
> > Virtual_alias_maps will work for 1 transport > multiple domains.
> > What I want, is 1 domain > multiple transports.
> >
>
>
> Avoid stating problems and goals in terms of solutions (think in the
> "problem domain", not in the "solution domain"). I am certain you don't
> care about transports. what you want is the message to be delivered to
> two mailboxes, one of them (or both) being hosted on a remote server.

I never talked about a remote server.

The 2 mailboxes reside on the same mailserver, only in a different system
(dovecot and Zarafa).
Dovecot has to be replaced by Zarafa, but user by user _and_ during work hours.

So our plan is to set up delivery of e-mails in both dovecot and Zarafa, and do
the user migration when it suits us and them.

Current simple test that works: create a script that is used as transport system
which captures the STDIN into a file and 'cat's that mail to the 2 delivery
agents. If I can find a way to duplicate STDIN, it's solved (without a real
Postfix solution).
After all, it’s a temporary solution that I need.

Regards,
Toni

Hello.

I would like to have this possibility in postfix :

I have user@.... It's a mailbox (pop or imap), and it's TOO an alias (to
redirect@...)

When a mail is sent for user@..., the mail must arrive in user mailbox,
AND be redirected to redirect@....

I have a postfix server (with virtual domains in mysql), and this possibility
does not work. When I set a mailbox AND an alias, only the alias works.

Do you have an idea for this option? Is it possible?

I have a client who wants to have a mailbox for him, and have all copies in a
redirection.

Thanks for you help.

Regards,

See my postconf -n :

alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
debug_peer_level = 2
html_directory = no
mail_owner = postfix
mail_spool_directory = /var/mail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 20480000
mydomain = xxxxxxxxxxxxxxxxxxx
myhostname = xxxxxxxxxxxxxxxx
mynetworks = xxxxxxxxxxxxxxxxxxxxxxxxxxxx
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/mail/spool
readme_directory = no
relay_domains = hash:/usr/local/etc/postfix/relay_domains
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_mynetworks,  permit_sasl_authenticated, 
reject_non_fqdn_hostname,  reject_non_fqdn_sender,  reject_non_fqdn_recipient, 
reject_unauth_destination,  reject_unauth_pipelining,  reject_invalid_hostname 
reject_rbl_client list.dsbl.org,  reject_rbl_client bl.spamcop.net, 
reject_rbl_client sbl-xbl.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated,  permit_mynetworks
smtpd_tls_cert_file = /etc/ssl/mail/xxxxxxxxxxxx.cert
smtpd_tls_key_file = /etc/ssl/mail/xxxxxxxxxxxxxxxx.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
soft_bounce = no
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
proxy:mysql:/usr/local/etc/postfix/mysql/virtual_alias_maps.cf
virtual_gid_maps = static:143
virtual_mailbox_base = /var/mail/vmails/
virtual_mailbox_domains =
proxy:mysql:/usr/local/etc/postfix/mysql/virtual_domains_maps.cf
virtual_mailbox_maps =
proxy:mysql:/usr/local/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 143
virtual_transport = dovecot
virtual_uid_maps = static:143


--
Nicolas Letellier <nicolas@...>

Toni Van Remortel <toni.van.remortel@...> wrote:
>
> I never talked about a remote server.
>

0 is a number ;-p

other.example.com mda2:

and define mda2 to pass the message to the second MDA. (you can skip the
smtp_generic_maps part).


> The 2 mailboxes reside on the same mailserver, only in a different system
(dovecot and Zarafa).
> Dovecot has to be replaced by Zarafa, but user by user _and_ during work
hours.
>
> So our plan is to set up delivery of e-mails in both dovecot and Zarafa, and
do the user migration when it suits us and them.
>
> Current simple test that works: create a script that is used as transport
system which captures the STDIN into a file and 'cat's that mail to the 2
delivery agents. If I can find a way to duplicate STDIN, it's solved (without a
real Postfix solution).
> After all, it’s a temporary solution that I need.
>

Le 3 nov. 08 à 12:02, Nicolas Letellier a écrit :

> Hello.
>
> I would like to have this possibility in postfix :
>
> I have user@.... It's a mailbox (pop or imap), and it's TOO
> an alias (to redirect@...)
>
> When a mail is sent for user@..., the mail must arrive in
> user mailbox, AND be redirected to redirect@....
>
> I have a postfix server (with virtual domains in mysql), and this
> possibility does not work. When I set a mailbox AND an alias, only
> the alias works.


you need both redirect (to other alias and to mailbox) in
virtual_alias_maps, reading your postconf i would suggest the
following lines :

user@... user@...
user@... redirect@...

you could also achieve the with with a single line in
virtual_alias_maps :

user@... user@...,redirect@...


>
>
> Do you have an idea for this option? Is it possible?
>
> I have a client who wants to have a mailbox for him, and have all
> copies in a redirection.
>
> Thanks for you help.
>
> Regards,
>
> See my postconf -n :
>
> alias_database = hash:/etc/mail/aliases
> alias_maps = hash:/etc/mail/aliases
> broken_sasl_auth_clients = yes
> command_directory = /usr/local/sbin
> config_directory = /usr/local/etc/postfix
> daemon_directory = /usr/local/libexec/postfix
> debug_peer_level = 2
> html_directory = no
> mail_owner = postfix
> mail_spool_directory = /var/mail
> mailq_path = /usr/local/bin/mailq
> manpage_directory = /usr/local/man
> message_size_limit = 20480000
> mydomain = xxxxxxxxxxxxxxxxxxx
> myhostname = xxxxxxxxxxxxxxxx
> mynetworks = xxxxxxxxxxxxxxxxxxxxxxxxxxxx
> newaliases_path = /usr/local/bin/newaliases
> queue_directory = /var/mail/spool
> readme_directory = no
> relay_domains = hash:/usr/local/etc/postfix/relay_domains
> relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
> sample_directory = /usr/local/etc/postfix
> sendmail_path = /usr/local/sbin/sendmail
> setgid_group = maildrop
> smtp_tls_note_starttls_offer = yes
> smtp_use_tls = yes
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated,  reject_non_fqdn_hostname,
> reject_non_fqdn_sender,  reject_non_fqdn_recipient,
> reject_unauth_destination,  reject_unauth_pipelining,
> reject_invalid_hostname  reject_rbl_client list.dsbl.org,
> reject_rbl_client bl.spamcop.net,  reject_rbl_client sbl-
> xbl.spamhaus.org
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_sender_restrictions = permit_sasl_authenticated,
> permit_mynetworks
> smtpd_tls_cert_file = /etc/ssl/mail/xxxxxxxxxxxx.cert
> smtpd_tls_key_file = /etc/ssl/mail/xxxxxxxxxxxxxxxx.key
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_security_level = may
> smtpd_tls_session_cache_timeout = 3600s
> soft_bounce = no
> tls_random_source = dev:/dev/urandom
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql/
> virtual_alias_maps.cf
> virtual_gid_maps = static:143
> virtual_mailbox_base = /var/mail/vmails/
> virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql/
> virtual_domains_maps.cf
> virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql/
> virtual_mailbox_maps.cf
> virtual_minimum_uid = 143
> virtual_transport = dovecot
> virtual_uid_maps = static:143
>
>
> --
> Nicolas Letellier <nicolas@...>
>

Nicolas Letellier wrote:
> Hello.
>
> I would like to have this possibility in postfix :
>
> I have user@.... It's a mailbox (pop or imap), and it's TOO an alias
(to redirect@...)
>

virtual_alias_maps:

foo@...  foo@..., bar@...



> When a mail is sent for user@..., the mail must arrive in user mailbox,
AND be redirected to redirect@....
>
> I have a postfix server (with virtual domains in mysql), and this possibility
does not work.

you need to return the original address as well.

> When I set a mailbox AND an alias, only the alias works.
>
> Do you have an idea for this option? Is it possible?
>
> I have a client who wants to have a mailbox for him, and have all copies in a
redirection.
> [snip]
>
>

ML wrote:
>
> Le 3 nov. 08 à 12:02, Nicolas Letellier a écrit :
>
>> Hello.
>>
>> I would like to have this possibility in postfix :
>>
>> I have user@.... It's a mailbox (pop or imap), and it's TOO an
>> alias (to redirect@...)
>>
>> When a mail is sent for user@..., the mail must arrive in user
>> mailbox, AND be redirected to redirect@....
>>
>> I have a postfix server (with virtual domains in mysql), and this
>> possibility does not work. When I set a mailbox AND an alias, only the
>> alias works.
>
>
> you need both redirect (to other alias and to mailbox) in
> virtual_alias_maps, reading your postconf i would suggest the following
> lines :
>
> user@...    user@...
> user@...    redirect@...
>

note that this doesn't work with hash and the like (key must be unique).
it works for OP since he uses mysql.

> you could also achieve the with with a single line in virtual_alias_maps :
>
> user@...    user@...,redirect@...
>

On Mon, November 3, 2008 11:22 am, Toni Van Remortel
<toni.van.remortel@...> said:

> > Avoid stating problems and goals in terms of solutions (think in the
> > "problem domain", not in the "solution domain"). I am certain you don't
> > care about transports. what you want is the message to be delivered to
> > two mailboxes, one of them (or both) being hosted on a remote server.
>
> I never talked about a remote server.

That's irrelevant. I repeat, two deliveries requires two recipient addresses.

[...]

> Current simple test that works: create a script that is used as transport
> system which captures the STDIN into a file and 'cat's that mail to the 2
> delivery agents. If I can find a way to duplicate STDIN, it's solved
> (without a real Postfix solution).

That's broken. How do you report back errors to Postfix if one of the two
delivery agents fail?

> After all, it’s a temporary solution that I need.

There's no reason to lax the quality just because it's temporary. It's
trivial to build a robust solution.

--
Magnus Bäck
magnus@...

Ok, I used that directive, now my postconf -n is this:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases,ldap:aliases
config_directory = /etc/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 50
double_bounce_sender = postmaster
forward_path = $home/.forward
home_mailbox = Maildir/
inet_interfaces = $myhostname,localhost
local_recipient_maps = unix:passwd.byname
local_transport = local
mail_owner = postfix
mydestination = $myhostname, localhost.localdomain, localhost.localdomain,
localhost
myhostname = hosting.pippo.it
mynetworks = 127.0.0.0/8, 192.168.1.0/24, 192.168.2.0/24
myorigin = $myhostname
queue_directory = /var/spool/postfix
relayhost = 192.168.1.4
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_
senders
smtpd_restriction_classes = local_only
unknown_local_recipient_reject_code = 550
virtual_alias_maps = ldap:aliases
virtual_gid_maps = static:1003
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = ldap:domains
virtual_mailbox_maps = ldap:mailbox
virtual_minimum_uid = 500
virtual_transport = virtual
virtual_uid_maps = static:1002
---------------------------------------------

but this is my error in log file:


daemon started -- version 2.3.8, configuration /etc/postfix
Nov  3 14:05:44 hosting postfix/smtpd[31371]: fatal: parameter
"smtpd_recipient_restrictions": specify at least one working instance of:
check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
Nov  3 14:05:45 hosting postfix/master[31350]: warning: process
/usr/lib/postfix/smtpd pid 31371 exit status 1
Nov  3 14:05:45 hosting postfix/master[31350]: warning: /usr/lib/postfix/smtpd:
bad command startup -- throttling


I don't understand....



Gabriele Di Giambelardini wrote:
> Ok, excuse me.
> Now I post my postconf -n:
>
>
>
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases,ldap:aliases
> config_directory = /etc/postfix
> debug_peer_level = 2
> default_destination_concurrency_limit = 50
> double_bounce_sender = postmaster
> forward_path = $home/.forward
> home_mailbox = Maildir/
> inet_interfaces = $myhostname,localhost
> local_recipient_maps = unix:passwd.byname
> local_transport = local
> mail_owner = postfix
> mydestination = $myhostname, localhost.localdomain, localhost.localdomain,
localhost
> myhostname = hosting.pippo.it
> mynetworks = 127.0.0.0/8, 192.168.1.0/24, 192.168.2.0/24
> myorigin = $myhostname
> queue_directory = /var/spool/postfix
> relayhost = 192.168.1.4
> smtpd_restriction_classes = local_only
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = ldap:aliases
> virtual_gid_maps = static:1003
> virtual_mailbox_base = /var/vmail
> virtual_mailbox_domains = ldap:domains
> virtual_mailbox_maps = ldap:mailbox
> virtual_minimum_uid = 500
> virtual_transport = virtual
> virtual_uid_maps = static:1002
>

as you can see, there are no smtpd_*_restrictions, probably because of a
typo in your main.cf (restrictsionS is plural). but don't fix the typo.
use smtpd_sender_restrictions as I suggested.

Gabriele Di Giambelardini wrote:
> Ok, I used that directive, now my postconf -n is this:
> [snip]
> daemon started -- version 2.3.8, configuration /etc/postfix
> Nov  3 14:05:44 hosting postfix/smtpd[31371]: fatal: parameter
"smtpd_recipient_restrictions": specify at least one working instance of:
check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
> Nov  3 14:05:45 hosting postfix/master[31350]: warning: process
/usr/lib/postfix/smtpd pid 31371 exit status 1
> Nov  3 14:05:45 hosting postfix/master[31350]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
>
>
> I don't understand....
>

you don't read carefully. I said:
"but don't fix the typo. use smtpd_sender_restrictions as I suggested."

it's smtpd_SENDER_restrictions. sender, not recipient.

your smtpd_recipient_restrictions is not acceptable, because it makes
you an open relay. it's possible to fix it, but using
smtpd_sender_restrictions is safer (and easier).

> > > postfix/smtpd[19545]: warning: unknown[xxx.yyy.www.zzz]: SASL LOGIN
> > > authentication failed: authentication failure
> >
> > I do get those all the time. Users mistyping their passwords,
> > usernames, client's getting AUTH all wrong and so on.
>
> OK.
>
> > > then
> > >
> > > postfix/smtpd[19545]: lost connection after AUTH from
> > > unknown[xxx.yyy.www.zzz]
> >
> > The client disconnects. Add that particular client to debug_peer_list
> > to see what's going on, but this is not a Postfix problem, it's the
> > client which disconnects after authentication doesn't succeed.
>
> I will try to get some more info.

I have collect an SMTP session with tcpdup eavesdroppin on the listening
interface on mail gateway. Here the output:

Command: EHLO sender.tld
Response: 250-server.tld
Command: AUTH LOGIN
Response: 334 VXNlcm5hbWU6
[TCP Retransmission] Response: 334 VXNlcm5hbWU6
[TCP Retransmission] Response: 334 VXNlcm5hbWU6
Command: aW52aW9Ad2ludmFyaWEuaXQ=
Response: 334 UGFzc3dvcmQ6
Command: aW52aW8=
Response: 535 5.7.0 Error: authentication failed: authentication failure

It seems that client try to authenticate. While is not required. But is
supported.

I don't understand if the client simply use a wrong cople of authentication
credential or nevertheless wrong authentication method..

The second strange thing is the three retrassimission of response to the AUTH
LOGIN command..

Why? Is it a symthom of network problems or what?

rocsca

Dear All,

As of lately we are getting more and more ldap lookup timeouts during
the day....

Nov  3 12:44:59 servername postfix/proxymap[31451]: warning:
dict_ldap_lookup: Search error -5: Timed out
Nov  3 12:45:09 servername postfix/proxymap[28685]: warning:
dict_ldap_lookup: Search error -5: Timed out
Nov  3 12:45:09 servername postfix/proxymap[31449]: warning:
dict_ldap_lookup: Search error -5: Timed out
Nov  3 12:45:11 servername postfix/proxymap[22154]: warning:
dict_ldap_lookup: Search error -5: Timed out

Which go paired with the following:

Transcript of session follows.

Out: 220 mx1.springer.com ESMTP Postfix
In:  HELO psmtp.com
Out: 250 mx1.springer.com
In:  MAIL FROM:<some external email address>
Out: 250 2.1.0 Ok
In:  RCPT TO:<some internal email address>
Out: 451 4.3.0 <some internal email address>: Temporary lookup failure
In:  QUIT
Out: 221 2.0.0 Bye

The ldap part of the postfix config looks like this:

server_host = ldap://server1:3268, ldap://server2:3268
search_base = DC=domain,DC=com
query_filter =
(&(homeMTA=*)(!(objectclass=publicFolder))(!(objectClass=msExchDynamicDi
stributionList))(!(objectClass=Contact))(!(objectClass=group))(!(cn=Syst
emMailbox*))(|(mail=%s)(proxyAddresses=smtp:%s)))
domain = hash:/usr/local/postfix/etc/virtual_alias_domains
special_result_attribute = homeMTA, msExchResponsibleMTAServerBL
leaf_result_attribute = cn
result_format = relay:[%s.springer-sbm.com]
scope = sub
bind = yes
bind_dn = postfixuser@...
bind_pw = password
version = 3
timeout = 5

I can imagine that because of the increasing load, both DC's are getting
a bit too busy....

1. Would it be wise to increase the timeout value to say 10 seconds?
2. In the past we used a local LDAP DB to do lookups, and never had this
issue...
    Is there a formula somewhere to calculate when its wise to move back
to a local DB, instaid of doing network AD   lookups?

Thanks for any comments!

With Kind Regards,

-
Marco van Kammen
Springer
System Manager & Postmaster

-
Van Godewijckstraat 30 | 3311 GX
Office Number: 05E21
P.O. Box 17 | 3300 AA
Dordrecht | The Netherlands
tel  +31 (0) 78 657 6446
fax  +31 (0) 78 657 6302
Marco.vanKammen@...
www.springer.com <http://www.springer.com/>
-

Hello,

i want to redirect all messages sent to exact "external" email addres
to my "internal" addres - i use header_checks and REDIRECT action

When external addres is in TO: field - action is taken.
When external addres is in CC: and BCC field - email
is sent to external MX.

My header_checks looks like
(header_checks = regexp:/etc/postfix-out/header_checks):
/^to:.*test@domain\.com$/i                  REDIRECT test@...

Any idea ?

--
Best Regards,
Daniel Chojecki

Dear postfix users

I have re-configured our postfix mailservers to remove catch all aliases to
remove the ammount of mail accepted.

I know have one more issue to resolve with respect to non delivery notifications
- backscatter

the setup is as follows

dave@... -> dave@... (demon.net is an uk isp)

This is what happens to an e-mail that has spam / virus etc from

Mail is accepted by our servers for delivery and then passed on to
dave@...
The demon.net mailserver rejects this mail with a 550 error
our mailserver then sends a non-delivery notification to the sender

If the sender has been dreamed up by the spammer etc then they receive unwanted
mail

I would like to know how to turn these non-delivery e-mails off in postfix

Rgds Dave


------------------------------
Dave Buchanan Abo Ltd
E-mail DaveBuchanan@...
Phone Spain +34 950 439 389
Fax   UK    +44 870 052 7619
Registration in England and Wales No 2736778
Registered Office: The Lodge, Little Drove, Steyning, West Sussex BN44 3PD.

Kammen van, Marco, Springer SBM NL wrote:
> Dear All,
>
> As of lately we are getting more and more ldap lookup timeouts during
> the day....
>
> Nov  3 12:44:59 servername postfix/proxymap[31451]: warning:
> dict_ldap_lookup: Search error -5: Timed out
> Nov  3 12:45:09 servername postfix/proxymap[28685]: warning:
> dict_ldap_lookup: Search error -5: Timed out
> Nov  3 12:45:09 servername postfix/proxymap[31449]: warning:
> dict_ldap_lookup: Search error -5: Timed out
> Nov  3 12:45:11 servername postfix/proxymap[22154]: warning:
> dict_ldap_lookup: Search error -5: Timed out
>
> Which go paired with the following:
>
> Transcript of session follows.
>
> Out: 220 mx1.springer.com ESMTP Postfix
> In:  HELO psmtp.com
> Out: 250 mx1.springer.com
> In:  MAIL FROM:<some external email address>
> Out: 250 2.1.0 Ok
> In:  RCPT TO:<some internal email address>
> Out: 451 4.3.0 <some internal email address>: Temporary lookup failure
> In:  QUIT
> Out: 221 2.0.0 Bye
>
> The ldap part of the postfix config looks like this:
>
> server_host = ldap://server1:3268, ldap://server2:3268
> search_base = DC=domain,DC=com
> query_filter =
> (&(homeMTA=*)(!(objectclass=publicFolder))(!(objectClass=msExchDynamicDi
> stributionList))(!(objectClass=Contact))(!(objectClass=group))(!(cn=Syst
> emMailbox*))(|(mail=%s)(proxyAddresses=smtp:%s)))
> domain = hash:/usr/local/postfix/etc/virtual_alias_domains
> special_result_attribute = homeMTA, msExchResponsibleMTAServerBL
> leaf_result_attribute = cn
> result_format = relay:[%s.springer-sbm.com]
> scope = sub
> bind = yes
> bind_dn = postfixuser@...
> bind_pw = password
> version = 3
> timeout = 5
>
> I can imagine that because of the increasing load, both DC's are getting
> a bit too busy....
>
> 1. Would it be wise to increase the timeout value to say 10 seconds?
> 2. In the past we used a local LDAP DB to do lookups, and never had this
> issue...
>    Is there a formula somewhere to calculate when its wise to move back
> to a local DB, instaid of doing network AD   lookups?
>
> Thanks for any comments!
>
> With Kind Regards,
>
> -
> Marco van Kammen
> Springer
> System Manager & Postmaster
>
> -
> Van Godewijckstraat 30 | 3311 GX
> Office Number: 05E21
> P.O. Box 17 | 3300 AA
> Dordrecht | The Netherlands
> tel  +31 (0) 78 657 6446
> fax  +31 (0) 78 657 6302
> Marco.vanKammen@...
> www.springer.com <http://www.springer.com/>
> -
>

Unless your users change very frequently, or you have millions of users,
you might be better off to do an export to a hash: formatted postfix
lookup table every day (or hour) and let postfix use that.

Aside from any performance issues, it removes a point of failure for
your mail server, as well as prevents an attack on your mail server from
bringing down your DCs.

Terry

Goet, Kees wrote:
>
>
>
> The mail-headers contain:
>
>             From: mycustomer@...
>
>             Sender: onbehalfof@...
>
>             Return-Path: mycustomer@...
>
>
>
> But, in the Postfix logfile I see:
>
>             from=mycustomer@...
>
>
>
> This gives problems with SPF: mail from "@mycomp.nl" which does not
> come from an email-server of "mycomp.nl", so it will be blocked.
>
>
>
> Doing something analogous from gmail, works allright: in that case the
> from-address in the Postfix-logfile is the gmail-address, not the
> mycompany-address (also the
>
> Return-Path header has the gmail-address).
>
>
>
> So, what determines the from-address Postfix will use?
>
>
Postfix uses envelope addresses.  It does not care about headers for
delivery purposes.
A header From and, optionally, Sender is added by the mail client doing
the original sending.  Looks pretty doesn't it ;) .
Return-Path is set by the originating MTA for a bounce path.

How did you get this list email if I did not send this directly to you then?

Brian

Dave Buchanan (Abo Ltd) wrote:
> Dear postfix users
>
> I have re-configured our postfix mailservers to remove catch all aliases to
remove the ammount of mail accepted.
>
> I know have one more issue to resolve with respect to non delivery
notifications - backscatter
>
> the setup is as follows
>
> dave@... -> dave@... (demon.net is an uk isp)
>
> This is what happens to an e-mail that has spam / virus etc from
>
> Mail is accepted by our servers for delivery and then passed on to
dave@...
> The demon.net mailserver rejects this mail with a 550 error
> our mailserver then sends a non-delivery notification to the sender
>
> If the sender has been dreamed up by the spammer etc then they receive
unwanted mail
>
> I would like to know how to turn these non-delivery e-mails off in postfix
>
>
Don't accept undeliverable mail, then you won't have to bounce it.

abo.co.uk needs to have a list of valid users and simply not accept mail
it won't be able to deliver.

Terry

On Mon, Nov 3, 2008 at 11:40 AM, Daniel Chojecki
<daniel.chojecki@...> wrote:
> Hello,
>
> i want to redirect all messages sent to exact "external" email addres
> to my "internal" addres - i use header_checks and REDIRECT action
>
> When external addres is in TO: field - action is taken.
> When external addres is in CC: and BCC field - email
> is sent to external MX.
>
> My header_checks looks like
> (header_checks = regexp:/etc/postfix-out/header_checks):
> /^to:.*test@domain\.com$/i                  REDIRECT test@...
>
> Any idea ?
>
> --
> Best Regards,
> Daniel Chojecki
>

A message may have many recipient. REDIRECT target change all
recipient to specified value.

You can think about regexp with virtual_alias_maps if is a internal
mailserver because this stop recipient validation.

virtual_alias_maps = ldpa-mysql-anythin:/path/map,
regexp:/etc/postfix/virtual.regexp

# /etc/postfix/virtual.regexp
if !/(^|@)internal\.example\.com$/
/./ test@...
endif

# main.cf
enable_original_recipient = no


--
Reinaldo de Carvalho
http://korreio.sf.net
http://python-cyrus.sf.net

* "Dave Buchanan (Abo Ltd)" <dave@...> wrote:
> This is what happens to an e-mail that has spam / virus etc from
>
> Mail is accepted by our servers for delivery and then passed on to
dave@...
> The demon.net mailserver rejects this mail with a 550 error
> our mailserver then sends a non-delivery notification to the sender
>
> If the sender has been dreamed up by the spammer etc then they receive
unwanted mail
>
> I would like to know how to turn these non-delivery e-mails off in postfix

Recommended documentation:
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup
http://www.postfix.org/postconf.5.html#relay_recipient_maps


Cheers
Stefan
--
Stefan Förster     http://www.incertum.net/     Public Key: 0xBBE2A9E9

Hi folks,


Debian Etch
Postfix
MySQL


Fail to telnet

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
ehlo localhost


Nothing printed out.


# tail /var/log/mail.log
Nov  3 15:49:45 xen03 postfix/master[1144]: warning: process
/usr/libexec/postfix/smtpd pid 1565 exit status 1
Nov  3 15:49:45 xen03 postfix/master[1144]: warning:
/usr/libexec/postfix/smtpd: bad command startup -- throttling
Nov  3 15:50:02 xen03 postfix/postfix-script[1568]: refreshing the
Postfix mail system
Nov  3 15:50:02 xen03 postfix/master[1144]: reload configuration
/etc/postfix
Nov  3 15:50:45 xen03 postfix/smtpd[1574]: fatal: open
/etc/postfix/virtual/mysql-relay-domains.cf: Not a directory
Nov  3 15:50:45 xen03 postfix/qmgr[1575]: fatal: open
/etc/postfix/virtual/mysql-relay-domains.cf: Not a directory
Nov  3 15:50:46 xen03 postfix/master[1144]: warning: process
/usr/libexec/postfix/smtpd pid 1574 exit status 1
Nov  3 15:50:46 xen03 postfix/master[1144]: warning:
/usr/libexec/postfix/smtpd: bad command startup -- throttling
Nov  3 15:50:46 xen03 postfix/master[1144]: warning: process
/usr/libexec/postfix/qmgr pid 1575 exit status 1
Nov  3 15:50:46 xen03 postfix/master[1144]: warning:
/usr/libexec/postfix/qmgr: bad command startup -- throttling


# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address
State       PID/Program name
tcp        0      0 localhost.localdo:10025 *:*
LISTEN     1144/master
tcp        0      0 *:mysql                 *:*
LISTEN     1081/mysqld
tcp        0      0 xen03.satimis.co:domain *:*
LISTEN     1187/named
tcp        0      0 localhost.locald:domain *:*
LISTEN     1187/named
tcp        0      0 *:smtp                  *:*
LISTEN     1144/master
tcp        1      0 xen03.satimis.com:smtp  ABTS-TN-dynamic-2:62312
CLOSE_WAIT -
tcp       22      0 localhost.localdom:smtp localhost.localdom:2104
CLOSE_WAIT -
tcp        1      0 xen03.satimis.com:smtp  mail.sevitol.com.u:3843
CLOSE_WAIT -
tcp        1      0 xen03.satimis.com:smtp  125.109.225.218:2764
CLOSE_WAIT -
tcp        1      0 xen03.satimis.com:smtp  124.76.86.199:10403
CLOSE_WAIT -
tcp       17      0 localhost.localdom:smtp localhost.localdom:3715
CLOSE_WAIT -
tcp        1      0 xen03.satimis.com:smtp  123.18.98.205:29905
CLOSE_WAIT -
tcp       17      0 localhost.localdom:smtp localhost.localdom:4579
CLOSE_WAIT -
tcp6       0      0 *:ssh                   *:*
LISTEN     1157/sshd
tcp6       0      0 xen03.satimis.com:ssh   xen0.satimis.com:58481
ESTABLISHED1404/1
tcp6       0      0 xen03.satimis.com:ssh   xen0.satimis.com:36525
ESTABLISHED1378/0


# find / -name BerkeleyDB
/usr/local/lib/perl/5.8.8/auto/BerkeleyDB
/usr/local/lib/perl/5.8.8/BerkeleyDB
/usr/local/src/db-4.7.25/perl/BerkeleyDB
/usr/local/src/db-4.7.25/perl/BerkeleyDB/BerkeleyDB
/usr/local/src/mysql-5.0.67/bdb/build_vxworks/BerkeleyDB


Would it be the problem of more than one BerkeleyDB.  If YES which one
shall I remove and how to do it.  TIA


B.R.
Stephen L

Send instant messages to your online friends http://uk.messenger.yahoo.com

Stephen Liu wrote:
> Nov  3 15:50:45 xen03 postfix/smtpd[1574]: fatal: open
> /etc/postfix/virtual/mysql-relay-domains.cf: Not a directory
> Nov  3 15:50:45 xen03 postfix/qmgr[1575]: fatal: open
> /etc/postfix/virtual/mysql-relay-domains.cf: Not a directory
>

Fix this error, post 'postconf -n' and logs if it does not help after
doing so

Brian

Dave Buchanan (Abo Ltd) wrote, at 11/03/2008 10:32 AM:
> Dear postfix users
>
> I have re-configured our postfix mailservers to remove catch all aliases to
remove the ammount of mail accepted.
>
> I know have one more issue to resolve with respect to non delivery
notifications - backscatter
>
> the setup is as follows
>
> dave@... -> dave@... (demon.net is an uk isp)
>
> This is what happens to an e-mail that has spam / virus etc from
>
> Mail is accepted by our servers for delivery and then passed on to
dave@...
> The demon.net mailserver rejects this mail with a 550 error
> our mailserver then sends a non-delivery notification to the sender
>
> If the sender has been dreamed up by the spammer etc then they receive
unwanted mail
>
> I would like to know how to turn these non-delivery e-mails off in postfix

Forwarding is a particularly sticky issue, because it was once a
relatively useful feature. These days it's a lot more trouble than it's
worth, so avoid it whenever possible. If you can't do that, then you
need to improve your own antispam defenses so your server is the one
rejecting the message during the SMTP session. This will have more
benefits in the long run than trying to selectively disable bounce
notifications. The rule of thumb is to try not to accept messages that
can't/won't ultimately be delivered.

Also keep in mind that there are alternatives to forwarding. There are
many client side solutions that enable you to automatically move mail
from one account to another.

Zitat von "Dave Buchanan (Abo Ltd)" <dave@...>:

> Dear postfix users
>
> I have re-configured our postfix mailservers to remove catch all
> aliases to remove the ammount of mail accepted.
>
> I know have one more issue to resolve with respect to non delivery
> notifications - backscatter
>
> the setup is as follows
>
> dave@... -> dave@... (demon.net is an uk isp)
>
> This is what happens to an e-mail that has spam / virus etc from
>
> Mail is accepted by our servers for delivery and then passed on to
> dave@...
> The demon.net mailserver rejects this mail with a 550 error
> our mailserver then sends a non-delivery notification to the sender

Never forward mail to destinations which don't accept it. Force the
users to get a clean forward target eg whitelist your server or cancel
the forwarding.

Regards

Andreas


--
All your trash belong to us ;-)  www.spamschlucker.org
To: stephan@...

--- Brian Evans - Postfix List <grknight@...> wrote:

> Stephen Liu wrote:
> > Nov  3 15:50:45 xen03 postfix/smtpd[1574]: fatal: open
> > /etc/postfix/virtual/mysql-relay-domains.cf: Not a directory
> > Nov  3 15:50:45 xen03 postfix/qmgr[1575]: fatal: open
> > /etc/postfix/virtual/mysql-relay-domains.cf: Not a directory
> >
>
> Fix this error, post 'postconf -n' and logs if it does not help after
> doing so


Hi Brian,


on /etc/postfix/main.cf
Comment out;
#relay_domains = mysql:/etc/postfix/virtual/mysql-relay-domains.cf


reload postfix.  Problem remains.


# tail /var/log/mail.log
Nov  3 17:06:02 xen03 postfix/qmgr[1775]: fatal: open
/etc/postfix/virtual/mysql-relay-domains.cf: Not a directory
Nov  3 17:06:03 xen03 postfix/master[1144]: warning: process
/usr/libexec/postfix/smtpd pid 1774 exit status 1
Nov  3 17:06:03 xen03 postfix/master[1144]: warning:
/usr/libexec/postfix/smtpd: bad command startup -- throttling
Nov  3 17:06:03 xen03 postfix/master[1144]: warning: process
/usr/libexec/postfix/qmgr pid 1775 exit status 1
Nov  3 17:06:03 xen03 postfix/master[1144]: warning:
/usr/libexec/postfix/qmgr: bad command startup -- throttling
Nov  3 17:06:13 xen03 postfix/postfix-script[1778]: refreshing the
Postfix mail system
Nov  3 17:06:13 xen03 postfix/master[1144]: reload configuration
/etc/postfix
Nov  3 17:07:03 xen03 postfix/smtpd[1785]: fatal: open
/etc/postfix/mysql-alias-maps.cf: No such file or directory
Nov  3 17:07:04 xen03 postfix/master[1144]: warning: process
/usr/libexec/postfix/smtpd pid 1785 exit status 1
Nov  3 17:07:04 xen03 postfix/master[1144]: warning:
/usr/libexec/postfix/smtpd: bad command startup -- throttling


# postconf -n
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_vrfy_command = yes
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
local_recipient_maps = $alias_maps $virtual_mailbox_maps
unix:passwd.byname
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname
mydomain = satimis.com
myhostname = xen03.satimis.com
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
show_user_unknown_table_name = no
smtpd_client_restrictions = check_client_access
mysql:/etc/postfix/mysql-client.cf
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_etrn_restrictions = reject
smtpd_helo_required = yes
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,check_recipient_access
mysql:/etc/postfix/mysql-recipient.cf,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access
mysql:/etc/postfix/mysql-sender.cf
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_use_tls = yes
transport_maps = mysql:/etc/postfix/mysql-transport.cf
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-alias-maps.cf
virtual_gid_maps = static:1005
virtual_mailbox_base = /usr/local/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
virtual_minimum_uid = 100
virtual_transport = maildrop
virtual_uid_maps = static:1005


B.R.
Stephen

Send instant messages to your online friends http://uk.messenger.yahoo.com