DevHeads.net

Postings by Curtis

It is possible for Postfix logging to bypass journald?

We recently switched our Postfix mail servers to Ubuntu Server 18, which
uses journald for logging. Since we have monitoring systems that parse
/var/log/maillog, we enabled rsyslog with imuxsock so we still can parse
the log like we did before journald. But, it's unreliable.

Our monitoring systems are reporting failed deliveries of messages
because of missing log lines in /var/log/maillog.

What is the upper limit allowed for smtp_line_length_limit?

Yes, I understand that setting smtp_line_length_limit above 998 is not
recommend.

I agree that for most Postfix installations, where mail is relayed to
the outside world, this recommendation is your best bet for email
deliverability because lines longer than 1000 violates RFC 5321. I
totally agree with this if your Postfix installation is sending outbound
email.

I manage several gateway mail servers that only accept inbound email and
deliver to internal servers. Lately we've been seeing more and more
DKIM signed messages. Most make it though these gateway servers without
issue.

smtp threads not spawning?

We are seeing an intermittent issue in our Postfix logs where we see all
outbound threads (smtp) stop delivering email or logging anything while
the active queue continues to grow. This indicates to me that all
active smtp threads are hanging, since nothing from the smtp threads are
recorded in the logs at all. During this time, inbound email is coming
in fine and smtpd continues to log activity, while the smtp threads
slowly die one by one, over the course of several minutes.

Accept TLS connections only for certain domains?

Is it possible to only accept inbound TLS connections for specified
recipient domains only?

Thanks,

Curtis

Disable outbound smtp pipelining?

It seems we are running into an increased number of hosts that have
broken smtp pipelining. We are able to resolve delivery issues to these
hosts using the solution that Wieste recommended a couple weeks ago:

<a href="http://www.mail-archive.com/postfix- ... at postfix dot org/msg44135.html" title="http://www.mail-archive.com/postfix- ... at postfix dot org/msg44135.html">http://www.mail-archive.com/postfix- ... at postfix dot org/msg44135.html</a>

However, I'm not sure I fully understand why this fixes the problem for
outbound email.

transport_maps and round robin dns

In the case where transport_maps is used to designate the next hop
destination of a message like this:

customer.domain smtp:[mail.customer.domain]

...and the customer uses round robin dns for mail.customer.domain so that it
points to multiple IPs like this:

mail.customer.domain. 900 IN A 111.111.111.111
mail.customer.domain. 900 IN A 222.222.222.222
mail.customer.domain. 900 IN A 333.333.333.333

....will postfix rotate between the ips that it delivers to?

Re: postcat ENVELOPE RECORDS output?

A quick follow up on this. The field I was actually looking for turned out
to be "original_recipient:". Just in case anybody else goes through this,
let me document what I've learned about these three fields:

Well, I'm not really sure where this value comes from, but it can not be
used as a reliable way to determine who the local recipient is. Sometimes
it contains a non-local list address.

postcat ENVELOPE RECORDS output?

Oops... that was embarrassing... my message was missing a subject. (fixed)

I apologize if this is answered in the documention.

I apologize if this is answered in the documention. but I'm having trouble
finding where the "ENVELOPE RECORDS" section of the postcat output is
described.

Most particularly, I'm concerned about the following three fields:

named_attribute: dsn_orig_rcpt=rfc822; ... at example dot com
original_recipient: <a href="mailto: ... at example dot com"> ... at example dot com</a>
recipient: <a href="mailto: ... at example dot com"> ... at example dot com</a>

Would it be safe to say that all local recipients of the message will be
found in the "recipient:" field? (Repeated for each recipient?)

Thanks,

Curtis

Alternate mail server in transport table?

I run a spam filtering service where the customer points the MX records to our mail servers and then we forward the filtered mail on to the destination using the transport table, as follows:

customer.com smtp:[mailserver1.customer.com]

Today I got a request from a potential customer asking if it is possible to specify a secondary mail server, to be used only if their primary mail server is down. I don't see a way to do this using the transport table... perhaps there's another way? Anyone have any ideas for me?

Thanks,

Curtis

Re: How to safely re-inject an archived queue file?

On Thu, Feb 12, 2009 at 8:13 AM, Victor Duchovni

It would appear that we're seeing a side effect of dropping files into the
maildrop queue like this. if there are messages in the maildrop directory
when a "postfix reload" is run, we're seeing duplicate messages. I think
it's because the message is already picked up by postfix, but that there's a
bit of a delay before it removes the file from maildrop.

Is it possible to not bounce after smtp?

I'm building a spam filtering appliance using Postfix. We will be making
every effort to reject invalid recipient addresses at SMTP time, but since
we will not always be made aware when an email box on a final destination
server is no longer valid, we'd like to disable all bouncing after SMTP
time.
I saw one person suggest disabling the bounce service in
/etc/master.cf...which does disable bouncing, but the logs now show
the following error:
"status=deferred (bounce or trace service failure)"

What is the correct way to disable bounces?

Thanks,

Curtis

Per domain sender_access ?

I guess this has been discussed a time or two already, but, as of yet,
I haven't found anyone that has found a real solution.  We need the
ability to have around 1000 domains per physical server, while
allowing each domain to maintain their own sender blacklist (using the
sender's email address, not IP address).

While I realize that this can be done with
smtpd_recipient_restriction, but, on hosts with lots of domains, you
end up with a lot of open files (e.g.
<a href="http://tech.groups.yahoo.com/group/postfix-users/message/241874" title="http://tech.groups.yahoo.com/group/postfix-users/message/241874">http://tech.groups.yahoo.com/group/postfix-users/message/241874</a> ).

So... my thought is that a policy server is the answer.

override the catch-all ?

I've got the catch-all feature explained here working just fine...

<a href="http://www.postfix.org/VIRTUAL_README.html" title="http://www.postfix.org/VIRTUAL_README.html">http://www.postfix.org/VIRTUAL_README.html</a>

Is there an easy way to designate an explicit *invalid* email address so
that even though the catch-all is enabled for a domain, a specific email
address is considered invalid and is bounced at smtp?

Thanks,

Curtis

How to safely re-inject an archived queue file?

Hi,

I'm looking for a safe way to re-inject an archived queue file that
was backed up and removed (via postsuper) from the hold queue.