Postings by Voytek Eymont

migrating 2.1 to 3.x ?

I currently have Postfix 2.11 /MySQL on Centos 6, looking at migrating to
current Postfix.

current server:
CentOS release 6.x
mail_version = 2.11.0

new server:
CentOS 7.3
mail_version = 2.10.1

reading some of the ML posts: is ghettoforge the way to do it ?
<a href="" title=""></a>

what can or should I do with current ?

exempting user or domain from one RBL check ?

I have a user's inbound mail blocked by barracudacentral, is there a way
to exempt this particular user/domain from this particular RBL check ?

or what else can or should I do ?

this is the only known issue with barracuda I have and, otherwise it seems
quite effective, I think ?

smtpd_recipient_restrictions =
check_policy_service inet:,
check_sasl_access hash:/etc/postfix/sasl_access

ot: 554 No SMTP service here

dumb question:

if I get 'connection closed' as below, does that confirm problem is at
remote end, not my Postfix ?

is there any other diags I can run from my end ?

Postfix works well, but, can not send to one particular server

from my Postfix server, I get telnet failure as so:

# telnet 25
Connected to
Escape character is '^]'.
554 No SMTP service here.
Connection closed by foreign host.

from a Win box on another network I get though

ot: 554 No SMTP service here

struck a problem sending to a particular server, get 554
everything else works fine, server unaltered since setup a while back

how can I troubleshoot this ?

Mar 3 06:36:56 emu postfix/smtp[25322]: 02D124C5D9:
to=< ... at rosscosmetics dot>,[]:25, delay=17227,
delays=17227/0.01/0.06/0, dsn=4.0.0, status=deferred (host[] refused to talk to me: 554
No SMTP service here.)

# telnet 25
Connected to
Escape character is '^]'.
554 No SMTP service here.

ot: troubleshhoting MX issue (?)

I'm unable to send an email to "a. ... at surfacetreatment dot be", getting
"domain not found".

it seems to me they're misconfigured and, don't have MX set correctly?

or am i misinterpreting this, mxtoolbox find MX ?

fwiw, web redirects to

thanks for help, explanation and any pointers

Mar 1 08:58:53 emu postfix/smtpd[22849]: NOQUEUE: reject: RCPT from
localhost[]: 450 4.1.2 <a. ... at surfacetreatment dot be>: Recipient
address rejected: Domain not found; from=< ... at sbt dot>
to=<a. ... at surfacetreatment dot be> proto=ESMTP helo=<>

# dig -t MX su

whitelisting to correct rbl false positives

just noticed some email sent from gmail/google bouncing from my server as
sorbs RBL had that server/host listed;

Nov 17 12:56:47 emu postfix/smtpd[16381]: NOQUEUE: reject: RCPT from[]: 554 5.7.1 Service unavailable;
Client host [] blocked using; Currently
Sending Spam See: <a href=";" title=";">;</a>
from=< ... at tld dot au> to=< ... at xyz dot au> proto=ESMTP

what is correct way to whiltelist gmail/google

I have like this in[1]

so I should enter gmail into /etc/postfix/

incoming queue question: 'not found'

I monitor Postfix queue with Cacti, normally see warning on deffered
queue, charts in red, sends treshold warning, when there is some issues

today, first time ever saw that, I see incoming queue in Cacti growing, up
to 14/16, (charts blue) never observed that before...?

mailq gives nothing, pfqueue has like(1);

how to better asses what's going on?

Queue: 'incoming', 7 messages, 0 tagged, unsorted
ID From To
E29D64CBC2 *Not found* *Not found*
1B8654CBC1 *Not found* *Not fou

ot: exempting black listed domain for a user?

I have a user who can not receive emails as his correspondent's domain is currently on multiple rbls.

As an interim measure, should I look at temporarily allowing this domain?

Or, is that a bad idea, shouldn't consider such temp workarounds?

domain in question:

Checking which resolves to119.59.120.56 against 107 known blacklists... 
Listed 7 times. 

Blacklist Reason 
LISTED CBL was listed 
LISTED ivmSIP was listed 
 LISTED ivmSIP24 was listed  
LISTED Protected Sky was listed 

ot: poor repution work arounds? standby smtp?

I have a small Postfix/Dovecot virtual server, low usage
every so often a user account get compromised and spam sent (like couple
of days ago), now I'm seeing 5 or 6 emails 'stuck' in the queue with like:

(host[217.xx.xx.xx] refused to talk to me: 554 Your access to this mail system has been rejected
due to the sending MTA's poor reputation.

ot: pre emptive throttling/limiting ?

I have a small server with several domains, always worry some dumb users'
account will get hacked and start spamming (including this dumb user,
like, my own forgotten test account got hacked....)

is it a good idea to put some limits or throttling 'just in case' ?

Postfix 2.11, average server usage is like:
Per-Day Traffic Summary

mime header and header pcre Q

I was updating file type definitions in my header checks when I noticed I
have header checks as well as mime header checks :


header_checks = pcre:/etc/postfix/header_checks.pcre
mime_header_checks = pcre:$config_directory/mime_headers.pcre

header_checks has (now updated) "/^Content-(Disposition|Type)...." AND
lots of old rules from Jim Seymor's page and securitysage page and stuff
from the ml;

mime_header_checks has just "/^Content-(Disposition|Type)...." AND nothing

do I need both ?
do I need "/^Content-(Disposition|Type)...." in both checks ?

thanks for any po

header .com check false positive

I've struck a false positive problem rejecting email,
should reject on file extension '.com', but, rejected on a domain name as

I think this is the rule ?:

# grep "may not end with" *head*

REJECT Attachment name "$2" may not end with ".$3" = pcre:$config_directory/mime_headers.pcre

rate limit compromised sasl senders ?

is there a way to block or rate limit compromised sasl senders ?

postconf -d | grep mail_version
mail_version = 2.11.0

grep limit

recipient_delimiter = +
message_size_limit = 20971520
dovecot_destination_recipient_limit = 1
smtpd_client_connection_rate_limit = 50

grep sasl_username= ... at example dot /var/log/maillog | wc
6374 57366 902481

Oct 27 22:11:42 emu postfix/smtpd[20784]: 391BF24ECEA:
client=unknown[], sasl_method=PLAIN,
sasl_username= ... at example dot
Oct 27 22:11:45 emu postfix/smtpd[20732]: 10A0924EC8B:
client=unknown[], s

aliased domain works for test user, doesn't for another

I have Postfix/MySQL/Postfixadmin/Dovecot, using postfixadmin I've aliased
one domain to another

using a mailbox for myself for testing, sent emails to aliased domain,
both from outside (gmail) and through this server, receiving OK to my own

BUT, when tried sending to a different user, got "User unknown in virtual
mailbox table"

what am I missing ?

fails to <a href="mailto: ... at aa dot com"> ... at aa dot com</a>

Oct 11 22:38:59 emu postfix/smtpd[1506]: NOQUEUE: reject: RCPT from[]: 550 5.1.1 < ... at aa dot com>: Recipient
address rejected: User unknown in virtual mailbox table;

Re: blocking compromised sasl users ?

Nicolás, thanks

# grep 104.200


how to do that ?

blocking compromised sasl users ?

it looks like I have a couple of compromised user accounts on one of the
domains on this server, I've changed the user password then even deleted
the user (through postfixadmin) but that didn't help..?

bypass rbl listing for one domain/defined users only till removed from rbl?

I have several domains on virtual mailbox Postfix server,
also use several RBL lists as so; that all works well

but now, of the domains, mydomain.tld needs to recive emails from a server
currently blacklisted on spamhaus

till the blacklist issue is resolved, how can allow such blacklisted
domain just for a several users ?

mirroring one domain.tld to

I have Postfix/Dovecot/postfixadmin/MySQL with several virtual mailbox

one of the domains is like, the user also now has,
and, would like to 'mirror' most of the addresses to be <a href="mailto: ... at aname dot com"> ... at aname dot com</a>,
THOUGH, some are to remain as <a href="mailto: ... at aname dot"> ... at aname dot</a>

so, both <a href="mailto: ... at aname dot com"> ... at aname dot com</a> as well as <a href="mailto: ... at aname dot"> ... at aname dot</a> should be one user

what's the best/proper way to do so ?

I think there is an option in postfixadmin to "Mirror addresses of one of
your domains to another." , is that the way to do this?

thanks for any pointers, suggestions or advice

mail_version = 2.11.0

ot: maildir has overdrawn his diskspace quota

I have Postfix/Dovecot with virtual domains, same setup unaltered since
quite a while ago

last month, added a new virtual domain, 'just like before'.

but, today noticed this in the queue/log 'overdrawn his diskspace quota'[1]:

user's Maildir cur has like 48,762,696 bytes (lot less than other users)

tried some searches, found similar probs, but, no solution as yet

any ideas ?
mail_version = 2.11.0
# quota -g vmail
# quota -u vmail

# grep 719855FC42 /var/log/maillog

Mar 3 15:20:58 emu postfix/smtpd[18535]: 719855FC42:[]

Mar 3 15:20:5

ot: hotmail bouncing since two days ago, is there some new requiremtns?

I have Postfix running mail server for several small domains, all working

since about 48 hours, several of my domains started getting bounced from
hotmail as per below

checked with mxtoolbox, mail server is:

Checking which resolves to against 100 known
Listed 0 times with 3 timeouts

has hotmail changed or enforced something new in the last few days ?

is there something I should do on my Postfix ?

blocking bounces from spam advice

I have a small Postfix installation with virtual domains that runs well,
however, a user is complaining of being hit with flood of rejects from
spam sent out from elsewhere as though from him, the rejects are coming
back to him

the user in question has been, by his former request, exempted from some
checks: OK
I'll remove him from recipient_no_checks, but, is there some other stuff I
should be doing as well ?

Greetings to the

ot: monitoring for 'spam breaches' ? cleanup woes?

I have Postfix server that runs pretty well, today a user got reject, our
server got listed on lashback and one other list as 'spam sender';

looking through logs it seems a sasl user is/was hacked few days ago:

# grep username /var/log/maillog | wc
4382 59184 765780
# grep username /var/log/maillog.1 | wc
1148 14914 190332
# grep username /var/log/maillog.2 | wc
67 1385 18475
# grep username /var/log/maillog.3 | wc
76 910 13651
# grep username /var/log/maillog.4 | wc
22 364 4692

I've now edited that username sasl password

what sort of monit

'aliasing' one domain to another?

I have Postfix 2.11.0 with virtual domains in mysql/postfixadmin, all
working well, as per setup below

user of the has also registered mydom.tld (to prevent

sometimes they make mistakes and attempt to send emails to
<a href="mailto: ... at mydom dot tld"> ... at mydom dot tld</a> RATHER THAN (correct email) <a href="mailto: ... at mydom dot"> ... at mydom dot</a>

what is correct way/correct terminology to 'alias' (?) mydom.tld to ?

with the aim so that <a href="mailto: ... at mydom dot"> ... at mydom dot</a> but addressed
in error without '.au' will get delivered properly?

# postconf -n | grep virtual
proxy_read_maps = $canonical_maps $lmtp_generic

different repo upgrade question 2.1/2.6 ?

I have a new server since few month ago, it was delivered with Postfix
(and Dovecot) preinstalled from iRedMail repo, it all works well with
Postfix 2.6.6

# postconf -d | grep mail_version
mail_version = 2.6.6
milter_macro_v = $mail_name $mail_version

couple of days I noticed this on yum update[1];

I don't understand what yum is telling me:
'an update'

is it going to update 2.6.6 to 2.6.6-2.3 ?
why is it offering 2.11 ?

I'll head over to iRedMail to ask, but, thought it prudent to ask here as
well, apologies for asking dumb questions, as always
(frightened to break a working set

are these 'good and reliable' adls/dynamic pcre rejects?

my pre configured Postfix inluded these helo_access.pcre rejects;

today, I noticed an expected email was bounced by one of the
pre-configured rules as so:

Jan 31 10:08:01 emu postfix/smtpd[11075]: NOQUEUE: reject: RCPT from
unknown[]: 554 5.7.1 <>:
Helo command rejected: Go away, bad guy (adsl).; from=<helen. ... at tld dot>
to=< ... at tld dot> proto=ESMTP

host domain name pointer

before I contact the sender to tell them "you are misconfigured

Re: 450 4.7.1 Client host rejected from unknown query

is it my freemail host line ?

"from_freemail_host =
check_client_access hash:/etc/postfix/freemail_hosts,
check_client_access regexp:/etc/post

450 4.7.1 Client host rejected from unknown query

I have a new server, and, have been trying to 'migrate' over to
new server, few lines at a time;
suspect might have screwed something in the process ?

just noticed eleven similar rejects for what seems like valid email:

Dec 16 23:07:02 emu postfix/smtpd[27747]: NOQUEUE: reject: RCPT from
unknown[]: 450 4.7.1 Client host rejected: cannot find your
hostname, []; from=< ... at yahoo dot com>
to=< ... at sbt dot> proto=ESMTP helo=<>
Dec 17 14:22:25 emu postfix/smtpd[29232]: NOQUEUE: reject: RCPT from

adding rbl to smtpd restrictions

I have a new Postfix 2.6 server that came pre-configured, I'm trying to
'migrate' various anti UCE settings from the old server:

order of some of the params is quite different on new server, hence I'm
confused (as always) (so I'm trying to only make 1 or 2 changes at a time)

is this correct place for rbls, after 'unauth_dest' and before 'greylist' ?

thanks for any suggestions

smtpd_recipient_restrictions =.
check_policy_service inet:127.0.0

Re: relaying individual virtual domain to new postfix server ?

On Tue, November 19, 2013 1:34 pm, Viktor Dukhovni wrote:

relaying individual virtual domain to new postfix server ?

I would like to transfer some virtual domains to a new postfix server,
what is the proper way to do so,

I've tried adding to /etc/ like:

relay_domains =
transport_maps = hash:$config_directory/transport

and /etc/transport smtp:[]

that returned a warning
Nov 19 12:06:49 postfix/trivial-rewrite[24520]: warning: do not list
domain in BOTH virtual_mailbox_domains and relay_domains

I've removed from the sql, that removed the error, but, mail
still gets delivered localy

Nov 19 12:21:37 geko postfix/qmgr[24491]: 8770E382B93: