Postings by Phil Stracchino

Puzzling error: Mailbox file "too large"

One of my daughters cannot receive mail because Postfix apparently
thinks her mailbox file is too large:

Oct 28 16:05:31 minbar postfix/local[4960]: 4EF344037B962:
to=< ... at caerllewys dot net>, relay=local, delay=5.6,
delays=5.5/0.01/0/0.01, dsn=5.2.2, status=bounced (cannot update mailbox
/var/spool/mail/valkyrie for user valkyrie. error writing message: File
too large)

The file is only 50MB and contains just under a thousand messages. That
doesn't seem fatally oversized to me.

A problem I'm not sure how best to solve

I have a perplexing puzzle thrust upon me.

Consider the following:

Oct 8 15:55:33 minbar postfix/smtpd[7422]: NOQUEUE: reject: RCPT from[]: 551 5.1.8 < ... at mg dot>:
Sender address rejected: Domain not found;
from=<bounce+db1162.5fcd4c-alrekr=caerllewys. ... at mg dot>
to=< ... at caerllewys dot net> proto=ESMTP helo=<> is connecting with a good HELO, and appears to be authorized
to send mail on behalf of, but the mail has a sender
address that is bad because does not resolve in DNS, and

Heads up for Gentoo users: mail-mta/postfix-3.3.1-r1 has permissions problems

For anyone using Postfix on Gentoo, be aware that
mail-mta/postfix-3.3.1-r1 installs with many incorrect file permissions
that result in impaired functionality (specifically, postdrop won't
work). You may want to consider rolling back to 3.2.4 until the ebuild
is fixed. If you want to just fix the permissions, you'll need to do it
manually, because 'postfix set-permissions' isn't working correctly in
3.3.1-r1 either.

(See Gentoo bug #665280)

SPF + outside backup MX relay = redelivery failures: Help requested

I am running Postfix with opendkim, rspamd, pypolicyd-spf, and DMARC.
This is working fine for mail delivered directly to my domain. However,
if my net connection goes down and mail gets queued by my backup MX at
another domain (which I do not control), then when my connection comes
back up and the MX relay attempts to redeliver all the queued mail,
delivery fails due to SPF failures like this one, because the sender's
domain has not authorized my mail relay to send mail on its behalf.

Fail2ban integration questions

This is semi-hypothetical ...

I often see spews of failed connect attempts logged by postscreen:

Sep 12 11:13:09 minbar postfix/postscreen[9238]: CONNECT from
[]:54708 to []:25
Sep 12 11:13:09 minbar postfix/postscreen[9238]: PREGREET 14 after 0.12
from []:54708: EHLO ylmf-pc\r\n
Sep 12 11:13:10 minbar postfix/postscreen[9238]: HANGUP after 0.24 from
[]:54708 in tests after SMTP handshake
Sep 12 11:13:10 minbar postfix/postscreen[9238]: DISCONNECT
Sep 12 11:13:10 minbar postfix/postscreen[9238]: CONNECT from

This ought to be simple to stop. Am I missing something?

I'm getting spam leaking through from sites with non-resolving IP or
invalid DNS, sending mail to myself as me.

DSpam and Postfix

I use DSpam with Postfix, and it works well ... except that some time
back, redelivery of false positives stopped working.

Multiple PREPENDs

Let's suppose I have the following directives in
/etc/postfix/header-checks. (Because I do.)

/^X-Clacks-Overhead:/ IGNORE
/^Content-Transfer-Encoding:/i PREPEND X-Clacks-Overhead: GNU Terry

(If this header doesn't mean anything to you, it's a Discworld thing.
"A man is not dead while his name is still spoken.")

Now suppose I wanted to do the same for a second writer. Adding:

/^Content-Transfer-Encoding:/i PREPEND X-Clacks-Overhead: GNU Iain M. Banks

does not work. Is it simply that I cannot prepend a second header by
the same name? Or is the second PREPEND not firing?