Postings by Matthias Schneider

Docker Postfix logging


since i don't want to mount /dev/log into a postfix container, i created
a small tool in golang to create a syslog unix socket and print all logs
to stdout,
the command `postfix start-fg` is wrapped.

Just want to share this with the community:

<a href="" title=""></a>

Best Regards

Matthias Schneider

changelog /history missing for postfix 3.4.4


I just wanted to check the newest changes but the file is missing on
every mirror.

The requested URL
/mirrors/postfix-release/official/postfix-3.4.4.RELEASE_NOTES was not
found on this server.

Can you please update the release notes?

Best regards

Matthias Schneider

X Header Logging Postfix


for incoming mails logging the X-Headers works pretty fine by using:

header_checks = regexp:/etc/postfix/header_checks

the file header_checks contains:
/^X-.*:/ INFO


Aug 17 16:56:31 mta01 postfix/cleanup[15387]: 3xY8Rz2rFJzDxk2: info:
header X-TEST: value from localhost[]:54582;
from=< ... at example dot com> to=< ... at example dot com> proto=ESMTP

For sending mails using `smtp_header_checks` it _only_ logs the headers
if a connection to the destination server was established:

Aug 17 16:48:48 mta01 postfix/smtp[14811]: 3xY8Rz2rFJzDxk2: info:

milter macro names


I just tried to upgrade our postfix instances from 2.11 to 3.1. This
broke our milter that is expecting macro with name "i" but we got "{i}".
Could we make this configurable?

postfix 2.11:


postfix 3.1:

Matthias Schneider

TLS Logging per MsgId


I would like to have the TLS state of a message in the final status=send
log line.
Currently the TLS information is only findable by searching for the
on big mail logs this can result in many false positive search results.

Jan 4 14:17:01 mailserver postfix/smtp[24344]: Anonymous TLS connection
established to[x.x.x.x]:25: TLSv1.2 with cipher
AECDH-AES128-SHA (128/128 bits)
Jan 4 14:17:03 mailserver postfix/smtp[24344]: 3pH7lN0pKHzFGF5:
to=< ... at example dot com>,[x.x.x.x]:25, delay=3.7,
delays=1.8/0/0.02/1.9, dsn=2.0.0, status=sent (250 2.0.0 Ok

TLS issues with old Exchange Servers


I noticed that many Exchange Servers nowadays have problems with TLS. Is
there a way to make a fallback to plain if there is a timeout on MAIL

tlsmgr high io load because of session cache


I had a very high I/O load on process tlsmgr because the smtp_scache and
smtpd_scache files are written to often (smtp_scache.db ~70mb) .

data_directory = /var/lib/postfix
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

moving /var/lib/postfix to a tmpfs filesystem solved my problem for now,
but i am looking for a better solution.
I noticed that postfix also supports memcache as lookup table
(<a href="" title=""></a>)
is this also supported for smtp_tls_session_cache_da

milter_header_checks not supporting pcre

i am trying to use this feature in postfix 2.11:
<a href="" title=""></a>

I have created a milter which adds a Header: "X-Body: bla" and i'd like
to filter mails, unfortunately the cleanup process doesn't support pcre
for "milter_header_checks", if i use the same pcre file for
"header_checks" instead of milter_header_checks the pcre check is working,

here my debug cleanup -v log :

Aug 12 12:30:55 mslnx postfix/cleanup[22263]: reply: SMFIR_ADDHEADER
data 11 bytes
Aug 12 12:30:55 mslnx postfix/cleanup[22263]: hbc_header_checks:
'X-Body: bla'
Aug 12 12:3