Need Help Configuring Postfix Restrictions

Hi i have installed postfix 2.11.3 on debian jessie.Everthing works fine. I would like to restrict local users to send mails to a particular group email id and allow only few users with smtpd_restriction_classes , smtpd_recipient_restrictions following this link <a href="" title=""></a> which is not working. All the users are still able to send mails to the group id. I have the same restriction working fine with postfix 2.9 installed on wheezy.

fatal: no SASL authentication mechanisms please help!

Trying to setup sasl, postfix 2.7, dovecot 1.29. The following is in mail.log
fatal: no SASL authentication mechanisms
warning: deliver_request_get: error receiving common attributes
warning: unexpected end-of-input from dovecot socket while reading input attribute name
warning: process /usr/lib/postfix/smtpd pid 20380 exit status 1
myorigin = /etc/mailname
queue_directory = /var/spool/postfix/

biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

submission rate limit advice

I've tightened or rather overtightened several postfix limits, in what
seemed like a good idea at the time...

noticed now this warning, this user is on a dynamic IP, so can't add his
IP to exception:

going by the counter "Connection rate limit exceeded: 125", what values
should I alter?

Jan 31 14:01:09 geko postfix/smtpd[24223]: warning: Connection rate limit
exceeded: 124 from[] for
service submission
Jan 31 14:03:14 geko postfix/smtpd[24340]: warning: Connection rate limit
exceeded: 125 from[

Postfix error (warning: problem talking to server Connection timed out)

Hello, i see this error:

Apr 16 13:13:51 host02 postfix/smtpd[32761]: warning: problem talking to
server Connection timed out
Apr 16 13:13:52 host02 postfix/smtpd[32491]: warning: problem talking to
server Connection timed out
Apr 16 13:13:53 host02 postfix/smtpd[355]: warning: problem talking to
server Connection timed out
Apr 16 13:13:54 host02 postfix/smtpd[32584]: warning: problem talking to
server Connection timed out
Apr 16 13:13:54 host02 postfix/smtpd[366]: warning: problem talking to
server Conn

How modules are called during request processing phase

Hi All,

If I have two modules mod_A and mod_B. Both has defined a hook handler with
APR_HOOK_MIDDLE then which module will be called first to check handler.
Whether calling of module will be random for each request or it depends
which module is loaded first in httpd.conf.


How to bypass all rules


I would like to bypass all rules in postfix config for some recipients. I
almost did id, but i have problem with header and body checks. I don't know
why, but don't work receive_override_options=no_header_body_checks in
additional instance of smtpd.

SASL auth not working

I am not able to get postfix to authenticate on port 465 or 587 to allow account holders to relay via this server.

Everything else works.

mod_suexec with mod_userdir and fcgid (webapps in subdirs with separated user context)

Hello list,

I try to make web applications available in subfolders of one
VirtualHost, but each one in an isolated user context. All web apps are
PHP applications and I use mod_fcgid to run them.

Unfortunately, SuexecUserGroup is not not allowed in Directory context,
which would be by far the simples solution.

So to achieve my goal, I tried (and failed with) two different approaches:

1. Using mod_userdir together with mod_suexec

Question about

I create a new account at <a href="" title=""></a> <> and add my primary domain in their portal.

I also request them to add my outgoing SMTP IPs (I think they manually check it before add).

To query their database, do I have to ask them to add my resolver's IPs too?

It looks like they allow access from "unknown" IPs (test it with nslookup), but I want to make sure that registering resolver's IPs is not needed to avoid them block the requests made by my resolvers in the future.

Relay mail from virtual domains and issue when the sender and recipient is on same server

What I want to do:

I want to disable local delivery for e-mails from virtual domains / mailboxes when sender / recipient is on same server. I want these e-mails to pass through a relay.

My setup :

I have postfix and dovecot on and acts as relay for MX for points to so incoming e-mails go to this server. Outgoing e-mails for domains not hosted in go through the relay.

Certificate Replacement

I am needing to replace the certificate and key. Are they read and cached when postfix starts, or are they read during normal mail handling? In other words, can I replace the files or do I need to do a reload or restart of the service afterwards?

-- Doug

Postfix [Postfwd2 error]


In /var/log/maillog i see this error, which produce an excessive cpu usage

postfwd2/policy[4807]: warning: Complex regular subexpression recursion
limit (32766) exceeded at /opt/postfix/postfwd/sbin/postfwd2 line 1168,
<$fh> line 230.?

any ideas?


problem with sending emails from second IP

I have ovh public cloud server.

Need Help in AB load testing with random query params.

Hi All ,

I need help in passing random inputs from a input file to apache benchmark
(abs) for load testing a URL :

I want to pass random inputs for load testing my search URL . Search texts
have to be read from an Input file and appended in the URL and send for the
AB load testing .


a) Input file : text1 text2 text3

b) URL :- {{BaseURL}}/apps/{{ApplId}}/courses/search?query={{random text
from input file }}

I would like to hit this search URL with different/random texts present in
the input file .

Writting own module

Hi All,

I am writing my own module just to check process flow.

ProxyErrorOverride on with PHP-FPM


I'm trying to get rid of the message

[proxy_fcgi:error] ... AH01071: Got error 'Primary script unknown\n'

in error logs (LogLevel notice) when proxying to an php-fpm daemon and
the requested php file doesn't exist.

php-fpm config in VirtualHost is

<FilesMatch "\.php$">
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://foobar/"

When I set "ProxyErrorOverride on" the error in browser changes from
"File not found." to "Not Found

The requested URL /bla.php was not found on this server."

In error.log is still get the "Primary script unknown" message.

Initial design ideas of AB tools to test the performance of Web Server

I'm using AB tools , and I use the means to add concurrency to get
the accurate max value of RPS(request per second) ,while I found that with
the concurrency Increase, the latecy time increase , the RPS increase then
reduce . Do that mean the maximum value of RPS is the capacity of server?
If it is not correct, what's the initial design ideas of ab tools to test
the performance of Web Server?
English is not my native language; please excuse typing errors. And I
search the Internet but didn't find the systematic method to get the
performance of server.

Blocking mail from all but one domain

I have a postfix-3.1.4 installation and have been given a request to
block all incoming mail from all but a single specific domain and
block all outgoing mail with the exception of only that same single
specific domain.

Mail is received by a relay server,, then forwarded
to a pop/imap server, on the same network. We wish
to reject all inbound mail with the exception of
from being received by

Subject Regular expressión


I have a problem when locking with regular expressions

I need match

/^Subject: (Hello there(.*)|Hey man(.*))/ discard

The rule not work.!

the parameter. * is correct?

any ideas?

thanks for your help.

Apache2.4 forward proxy ssl between client and proxy server


I am looking for some help in configuring a forward proxy , the proxy has
to listing on HTTPS port , clients needs to.connect.

Error compile apache httpd-2.4.33

Dears, i try installing apache httpd-2.4.33 in debian8 but not work.

My httpd source code, in configure script, request the modules apr.

Emails from postfix are getting distorted/modified if it contains domain name

Hi All,

Recently we installed ssl certificates on our smtp postfix server which is
hosted on RHEL 6.9.

Problem we are facing is whenever the email are being sent from postfix
server the email gets modified when it encounters domain name with https
links. below is example:

original link :


Modified link which is received via email:

<a href="https://secure-cisco.wevdjkjdkfnfdfldkfne/ejkfejkfekekfsnsbbdgemmnd3565sd13d5ef/domaiddsjk5ef5ename/55%ccm/jkdfksf55%web" title="https://secure-cisco.wevdjkjdkfnfdfldkfne/ejkfejkfekekfsnsbbdgemmnd3565sd13d5ef/domaiddsjk5ef5ename/55%ccm/jkdfksf55%web">https://secure-cisco.wevdjkjdkfnfdfldkfne/ejkfejkfekekfsnsbbdgemmnd3565s...</a>

What could be the reason for the https links containing domain name to get


Need Help in AB load testing with random query params.

Hi ,How to pass random inputs from a input file to apache benchmark (abs)
for load testing a URL :

I want to pass random inputs for load testing my search URL . Search texts
have to be read from an Input file and appended in the URL and send for the
AB load testing .

Eg. a) Input file : text1 text2 text3 b) URL :-
text from input file }}

I would like to hit this search URL with different/random texts present in
the input file .

Is reject_unknown_{reverse_}client_hostname safe?


I have been using

smtpd_relay_restrictions =
warn_if_reject reject_unknown_client_hostname

for a long while in my configuration, where the warn_if_reject is there
because I thought that the more strict check could have blocked some
legitimate email.

"Require valid-user" with multiple auth providers

I want to authenticate/authorize primarily via LDAP and require a specific group membership if authenticating this way.
However, if LDAP is not available, use the file provider to authenticate. If that's the case, any user authenticated via the file provider should be allowed.

Current config is as follows.

apache, git, and gitweb


Does anyone have an apache 2.4 with git/gitweb setup going?

Problema Postfix header from is empty (<>)

Hello, i use exim with relay connection to postfix (postfix is the mta

I use a autoreply in exim:

# Exim filter
if error_message then

if $message_headers contains ${local_part}\@${domain} then
  to ${reply_address}
  from "\"=?iso-8859-1?Q?Administraci=F3n_TRIXIE?=\"
  #reply_to $h_to:
  subject "Licencia de Vacaciones.

Substitute original address in virtual_alias_maps


If I have a virtual alias map like this:

@domain.tld <a href="mailto: ... at otherdomain dot tld"> ... at otherdomain dot tld</a> <a href="mailto: ... at somedomain dot tld"> ... at somedomain dot tld</a>

Then all e-mails to domain.tld will be forwarded to the two given
addresses, right?

Fine. But then, I want those e-mails to be delivered to the original
recipient too. For example, if <a href="mailto: ... at domain dot tld"> ... at domain dot tld</a> receives an e-mail, I
want it to be delivered to 3 addresses: <a href="mailto: ... at otherdomain dot tld"> ... at otherdomain dot tld</a>,
<a href="mailto: ... at somedomain dot tld"> ... at somedomain dot tld</a>, and <a href="mailto: ... at domain dot tld"> ... at domain dot tld</a> itself. If I could
add the address to the list, it would be fine, but... it's a variable.
How can I substitute a variable there?

facing issue with building apache for latest version 2.4.33

Hi Team,

I am facing the issue while building apache on Window machine with the help of apache source code and got below error

[ 92%] Building C object CMakeFiles/mod_ssl.dir/modules/ssl/ssl_engine_init.c.obj
C:\apacheBuild\apache2.4\build\httpd-2.4.33\modules\ssl\ssl_engine_init.c(33) : fatal error C1083: Cannot open include file: 'mod_md.h': No such file or directory
NMAKE : fatal error U1077: 'c:\PROGRA~2\MICROS~2.0\VC\bin\amd64\cl.exe' : return code '0x2'

I did some investigation and found that with new version of apache we added a new module called mod_md which

LDAP not working

Hi all,

I have no idea what's going on and why my setup that's been working for
years suddenly stopped working so have to ask here after had done extensive

Maybe something has changed in the ldap and/or authentication/authorization
modules but the effect is same on apache 2.2.22 and 2.4.18 -> I'm not
getting the basic authentication pop-up any more and the site access is

I have the following config enabled:

<IfModule mod_ldap.c>
<AuthnProviderAlias ldap ldap1>
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthLDAPURL ldap://

Postfix configuration


Sorry for my english, I'm french.

I have some doubts about my Postfix configuration.

I have a private mail server, at my home, allowing me to have my
personal e-mails ( )

My architecture is the following one (on Raspberry Pi with Raspbian):

- 1 mail server with Postfix, Dovecot, Amavis, Spamassassin, ClamAV

- 3 others severs, not mail servers

I can send and receive e-mails, from inside and outside without any

I use a SMTP relay (my provider SMTP).

I have a domain and the MX record is OK.

But I'm not sure about my Postfix configuration.

Configuring httpd forward proxy to restrict destinations by subnet

I have an Apache httpd v2.2 server (on Centos 6) set up as a forward proxy
to get to a DMZ in a test lab environment. It is working, but I would like
to restrict destinations to specific subnets, both IPv4 and IPv6.

Re: Keep Postfix running in the foreground

:) I don't write the code, just reporting the bad news!

I think however the reasoning is as follows: clearly a user-mode process
can send a signal to init to force it to re-read its config, etc.
At the time that said process generates the signal with the kill system
call, it could be masked.

Re: Keep Postfix running in the foreground

Correct. The Linux kernel doesn't allow you to send a signal to pid 1
that would cause its termination. pid 1 is normally the init process,
and terminating it essentially renders the system useless.

Use of separate storage for mailboxes


I am facing one issue which is mostly about concepts. I have to be clear on
that to move forward. I have tried finding solutions about it but couldn't
find anything which talks about it.

We have a setup which includes postfix and dovecot. We are using lmtp and
delivery of mail is happening through dovecot. We want that delivery of
mail should happen in a separate node. I was able to achieve it through
lmtp by providing ip address and using port 24.

But now I have been asked to just try to deliver to a separate storage
medium and not node.

Apache build on Windows

Hi, I just joined the list.

I am trying to set up an Apache server from build on Windows as part of a
Ruby tutorial. I am stuck on PGP and wasn't sure if this would be the
correct place to ask: How do I verify a public key fingerprint? Or am I
using the wrong word?


awstats removing script path and authentication check


I've got two questions both about running awstats in a multiple domain
setup on apache 2.4.

I've got the below block in each of my ssl-enabled virtual hosts that
use awstats. Everything is working. First of all can I get a
confirmation that my authentication and authorization settings are

Second, currently I have to:

which does work.


Hello everybody,

I was wondering if anybody could advise please, on what does this log entry
mean postfix/smtp/smtpd? I know postfix/smtp is to send mails out to the
world, postfix/smtpd stands for daemon that rules out deliveries for
incoming mail. What about postfix/smtp/smtpd? Is it something in between
incoming and outgoing messages? Does it perhaps mean that some clients try
to connect to my 465 port? If that is the case then do they try to send or
receive here? Would appreciate any pointers from experts. Many thanks in

domain email autoconfiguration


If anyone has autoconfiguration going with their email domain please
email me privately. I'd like to ask you some questions about your
setup. What do you use?


processing cgi scripts


Confusion, I am running Apache 2.4 and am being asked to process cgi
scripts in various languages.

reduce loging of postscreen and dnsblog

is it possible to reduce logs from subject and still keeping loging for
new connection that are not cached in postscreen cache ?

checked logs today, i have more logs of bots then real users :/

makes it waste of log lines for content already logged :/

apache 2.4 and automx configuration


I'm trying to troubleshoot an automx error that it's giving me a 403
message, I'm using FreeBSD 11.1, and apache 2.4, and of course automx.
It's looking not like an automx-specific issue, but an apache-specific

Avoid double scanning from MailScanner

Hi All,

The question on the following is: how can I enable MailScanner filtering
for both incoming and outgoing emails, without having double scans at
incoming emails and none at outgoing?

I have setup the following:

Incoming emails are delivered with SMTP to server -> then forwarded to
MailScanner -> then to the filter script -> then to UUCP -> then to
alternate postfix server.

The Mailscanner is invoked with header_checks through
header_checks = regexp:/etc/postfix/header_checks

cat /etc/postfix/header_checks
/^Received:/ HOLD

The filter is invoked with smtpd options from m

Any one could explain the reason why postfix record log "smtp_get: EOF", Thanks!

I have add the client ip into mynetworks, but smtp connection from the
specified account from the specified device always be lost, after data

Any one could give me some suggesstion?

thanks very much!

postfix log:
2018-03-28T09:56:31.619016+08:00 localhost postfix/smtpd[2197]: smtp_get:
2018-03-28T09:56:31.619019+08:00 localhost postfix/smtpd[2197]:
match_hostname: smtpd_client_event_limit_exceptions: unknown ~?

Does postfix reject spoofed senders?

Is there a reliable way to reject incoming mails with a spoofed e-mail


Forcing TLS 1.2 on submission


I am attempting to restrict the TLS protocol version used by my SMTP AUTH’d clients on the submission service.

In I have added the following to the submission service:

-o smtpd_tls_ciphers=high
-o smtpd_tls_exclude_ciphers=EXPORT,MEDIUM
-o smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1,TLSv1.2

…however, when I test via the OpenSSL client:

openssl s_client -connect -starttls smtp -tls1

…it connects and negotiates TLS 1.0. It will also negotiate TLS 1.1 and TLS 1.2 on successive tests.

What am I doing wrong ?


- J

Bounced Messages -- LDA / Dovecot / Postfix

I am not totally even sure this is a Postfix issue, but since the error
is presented as "postfix" and I was not able to find answer elsewhere I
thought I would ask here.

I recently discovered that delivery of bounced messages is not working.
Of course as no messages were being delivered I thought everything was

Anyway, I am seeing this error in my maillog file:

Mar 29 10:48:09 firewall postfix/pipe[9089]: 19565807:
to=< ... at my dot domain>, relay=dovecot, delay=0.11,
delays=0.02/0.01/0/0.08, dsn=5.3.0, status=bounced (command line usage

550 Messages should have one or no Message-ID headers, not 2.

Dear list,

I sent out a newsletter(J!website with Acyba component) some times a month
Since two weeks (cannot remember the exact date) I get this message back
via Postfix after sending outthe newsletter.

I am thinking of the newsletter component (Acyba) in combination with
the phpmailer of my hosting provider.
Would that be an option?

MailEnable: Message could not be delivered to some recipients.
The following recipient(s) could not be reached:
     Recipient: [SMTP: ... at somedomain dot com]
     Reason: 550 Messages should have one or no Message-ID headers, not 2.


Faking the CGI content_length environment variable

Dear all,

I am trying to debug a fastcgi server-side application problem, which I
believe was caused by the value of the CONTENT_LENGTH environment
variable not matching the size of the request body sent to the

In order to debug, I need to recreate the situation, which was caused
by an unknown client request.

Can anybody suggest how I can make such a situation happen? I've tried
doing so with curl and also using a manual telnet connection. Both
times I produced a POST request with a content-length header value
greater than the size of the request body.

difference between /var/spool/postfix/etc/hosts and /etc/hosts


on debian , i am running postfix. I changed my IP ldap server in /etc/hosts
but /var/spool/postfix/etc/hosts is different. What shoud I do to make
postfix using the new IP ldap?


Suppressing (some) bounce messages

I run a gateway that delivers mail to a few different places, including
two Exchange servers. Now, some users on one of the Exchange systems
have managed to block certain senders, in a way that makes Exchange
reject such messages with "554 5.1.0 Sender denied". The Exchange admins
are trying to figure this out; in MOST cases blocking a sender results
in messages being placed in a Junk folder, which is the behaviour we
want. But sometimes, this happens.

generic rewrites not working for local

I'd like to use postfix to rewrite the "from" address on all my outgoing emails.

However, smtp_generic_maps/lmtp_generic_maps does not seem to work
with mail coming locally from my machine (from cron jobs, from a local
MUA, etc.).

Is there a way to rewrite mails from local?



Currently I'm running Apache 2.4, openssl, Php 5.6, mod_php, and with
apache the prefork mpm. my mpm from prefork to either worker or event.
What is the difference between these two mpms? It appears i'm also
going to have to make a php change, threaded php, should I move to
php7, does that have the option needed?


I am wanting to implement http2.

problem confirming delivery of a deferred message in PostFix logs

We have recently begun using PostFix to replace one of our legacy systems. For the most part, the system appears to be running fine under load. Recently we have begun seeing some sporadic delivery errors.

mod_allowmethods to get all the http methods working

Hi all,

I'm developing a REST api based on PHP 7.1 and Apache 2.4 (under ubuntu

monitoring outgoing emails

Hi people. Do you know is there any tool/plugin for monitoring outgoing
emails from server with postfix? Maybe postfix has this feature?

Postfix & logrotate

This problem is not strictly related to Postfix, but I'm going crazy
trying to solve it. I've a postfix mail server on Debian 9.

TLS 1.3

Now that TLS 1.3 has been approved, what is the status of using it with Apache? Last I heard apache 2.4 couldn't build agains openssl 1.1, but that was a year ago.

Apache HTTP Server 2.4.33 (httpd) installed on CentOS7.4


OS: CentOS7.4.1708
kernel: 3.10.0-693.21.1

Apache HTTP Server 2.4.33 has been installed successfully via rpmbuild
on CentOS7.4.
Thank you all for building this nice application.

Yours truly,
Kazuhiko Kohmoto

Postfix - catchall

Hi Everyone,

I'm facing a problem with the way postfix handle my catchall.

I am running Postfix 2.10.1 with Cyrus 2.4.17.
I use virtual_mailbox and virtual_alias to handle mailboxes. Everything works fine with users.
I would like to implement a catchall mailbox (I know it's not a good idea, but this is essential in my business) BUT only for alias that do not already exist.
Everything is flat file.

If I send a mail to <a href="mailto: ... at mail dot domain.tld"> ... at mail dot domain.tld</a> , this mail go to user1 mailbox.

Syndicate content