DevHeads.net

Postings by Per Jessen

mysql write support patch updated to 3.4.5

I have updated Stefan Jakobs' patch (see
<a href="https://marc.info/?l=postfix-users&amp;m=128714800025241" title="https://marc.info/?l=postfix-users&amp;m=128714800025241">https://marc.info/?l=postfix-users&amp;m=128714800025241</a> ) to apply to
postfix 3.4.5.

<a href="https://wiki.jessen.ch/index/Postfix_with_mysql_write_support" title="https://wiki.jessen.ch/index/Postfix_with_mysql_write_support">https://wiki.jessen.ch/index/Postfix_with_mysql_write_support</a>

looks like smtpd_recipient_restrictions check_client_access is being ignored ?

I have just built 2.11.1 from source, but otherwise retained
my old config.

php website issue

Hi,

I've been keeping a local mirror of the php website for a few years now, has
always worked well. Recently though I've noticed the following:

When I do search in the Function List for e.g. "base64", I am presented with a
list of hits, presumably ordered by quality. The problem is - those hits link
to pages on "php.net", not on my local site.

The same behaviour is also evident on official php mirrors - go to ch.php.net
and do the search for base64. The list of hits has links to php.net, not
ch.php.net.

thanks
Per Jessen

UDF writing to unix socket - segfaults?

I am writing a UDF for sending messages to a local daemon. I've been
trying to make it use a UNIX socket, but it keeps segfaulting on
connect() or sendto(). I have double and tripled checked everything,
but I'm not finding anything.

After a day or two, I finally decided to switch to UDP and writing to
localhost instead, which works fine. I still feel writing to a UNIX
socket ought to work and even if I've got a permission issue or
similar, a segfault is not the appropriate handling. Any clues?

STARTTLS and mailservers who choke on it

I'm wondering how others handle this. We offer TLS for all inbound
traffic, which works fine 99% of the time. Every other day though I
notice one or two mailservers who simply cannot cope with it. They try,
but they keep getting a timeout. Something is clearly not working on
their side and the email will eventually not get delivered. (I'm pretty
certain they're all MSEX, but that's just a hunch).

To prevent this I check our logs regularly and use
smtpd_discard_ehlo_keyword_address_maps to disable starttls for those
servers that have a problem.

restrict mysql replication ?

I have a need to have a number of small tables (perhaps up to 10000 rows
each) replicated to a number of mysql slaves. Frequency of change is
very low, and they need not be replicated within seconds, an hour is
fine. The master server has a lot more and bigger tables, but each
slave will only have a small subset of those. I've held off setting up
proper replication, thinking it was too much effort, but I've now just
yesterday set up one such replication.

I've got the slave only replicating two tiny, mostly static tables, so I
had kind of expected not to see a lot of network traffic.

selective behaviour for reject_sender_login_mismatch ?

I would like to be able to do "soft" or "hard" checks on sasl userid +
sender domains depending on the sasl userid, i.e.:

if userid=='customer1' then only log warnings on mismatch
if userid=='customer2' then reject on mismatch

I was thinking of creating two restrictions classes:

soft = warn_if_reject,reject_sender_login_mismatch
hard = reject_sender_login_mismatch

but I can't find an access table that is indexed by sasl userid.

Is there a way to do this without a policy server?

/Per Jessen, Zürich

bounce address in smtp_sasl_password_maps

(resending with appropriate subject)

Is there a way of specifying the bounce/null address in an
smtp_sasl_password_maps table ? I've tried using '<>', but that didn't
seem to work.

thanks
Per Jessen, Zürich

postfix bounce acces table

Is there a way of specifying the bounce/null address in an
smtp_sasl_password_maps table ? I've tried using '<>', but that didn't
seem to work.

thanks
Per Jessen, Zürich

smtpd_tls_security_level encrypt or may ?

I'm trying to setup an SMTP service on port 587, TLS required,
authentication in plaintext allowed.

What I can't understand is the following:

with smtpd_tls_security_level=encrypt, the SMTP server does not offer
any AUTH options. With smtpd_tls_security_level=may, I get what I
want:

250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5

I also have smtpd_sasl_security_options=noanonymous.

This is with postfix 2.6.2+cyrus.

/Per Jessen, Zürich

is there any way of distinguishing the bcc copy from the original?

I'd like to treat the original and the bcc copy slightly different based
on their content. Basically:

a) original: if headerX matches condition1, override transport to divert
email.

b) bcc-copy: if headerX matches condition2, override transport to
discard email.

Anything that matches condition2 will also match condition1, but not
vice versa. I was hoping there was e.g. a way of making an if-style
header_check to apply different conditions to each copy.

(I've already looked at running multiple cleanup daemons etc., but that
gets very ugly very quickly).

/Per Jessen, Zürich