Need Help Configuring Postfix Restrictions

Hi i have installed postfix 2.11.3 on debian jessie.Everthing works fine. I would like to restrict local users to send mails to a particular group email id and allow only few users with smtpd_restriction_classes , smtpd_recipient_restrictions following this link <a href="" title=""></a> which is not working. All the users are still able to send mails to the group id. I have the same restriction working fine with postfix 2.9 installed on wheezy.

fatal: no SASL authentication mechanisms please help!

Trying to setup sasl, postfix 2.7, dovecot 1.29. The following is in mail.log
fatal: no SASL authentication mechanisms
warning: deliver_request_get: error receiving common attributes
warning: unexpected end-of-input from dovecot socket while reading input attribute name
warning: process /usr/lib/postfix/smtpd pid 20380 exit status 1
myorigin = /etc/mailname
queue_directory = /var/spool/postfix/

biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

Virtual host config and non-virtual host directories

I am reading:

<a href="" title=""></a>

And the statement:

"The asterisks match all addresses, so the main server serves no
requests. Due to the fact that the virtual host with |ServerName| is first in the configuration file, it has the highest
priority and can be seen as the default or primary server.

logrotate, httpd and piping messages to java program


I asked following question few days ago:

I am writing messages to error_log file as well as sending to std out.
Only other thing happening per hour is rotation of error_log file by
logrotate with copytruncate option (which copies the file data and
truncates original file keeping the file descriptor uncha

Reg : Limiting http connections at Apache 2.4.25

Hi Everyone,

I just joined to this group.

I have installed Apache 2.4.25 HTTP server as a reverse proxy server and my
back-end content server is Weblogic 12c(12.1.3).

I would like to limit/restrict HTTP connections at Apache layer (example :
only maximum 50 HTTP sessions to be allowed) .What is the configuration
required to achieve this restriction.

My OS is RHEL 7.2, your help and support on this matter is highly


Hiding Apache version info on the Aix server for Apache.

Hi All,

Can anyone please let me know how to hide the apache version and the OS name running on Aix server.

The servertokens or the server signature fields are set to PROD and signature off, then I tried restarting the httpd but apache was not starting until these two parameters are removed from the config file.


This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential.

Hiding Apache version info on the Aix server for Apache.

Hi All,

Can anyone please let me know how to hide the apache version and the OS name running on Aix server.

The servertokens or the server signature fields are set to PROD and signature off, then I tried restarting the httpd but apache was not starting until these two parameters are removed from the config file.


This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential.

Merging multiple aliases files together

I don't know the best way to achieve this.

I have some "user" packages which install various users on a linux
system. I want the setup to be entirely automated, and as part of this
I want to set up some mail aliases for each user, and add their alias
to the root alias. Essentially, the following represents one user:

root: bob
bob: <a href="mailto: ... at example dot com"> ... at example dot com</a>

I have 0 or more of these user packages, and I want to, some how,
merge all these aliases together.

content negotiation default language/file?

On my current site with 2.2.31 (<a href="" title=""></a>)
I have 3 languages,
English index.html
ja index.ja.html
zh index.zh.html

I am trying to set this up similarly on my new server, 2.4.16.
I can get ja and zh to work, but I can't get it to know that index.html is
Is this still possible or I must name everything index.en.html?
Is there an option I am missing?

TLS support for Postfix server on port TCP/25

Dear, I want mail clients to send messages to Internet through an own mail
relay Posfix as smtpd server (no as client), let's say:

Mail client ---STARTTLS ---- Postfix listening on Port TCP/25 --- Internet
SMTP servers

Also, I don't need authentication to send mails from the Postfix mail relay.

In /etc/postfix/ I setup:

# TLS parameters for smtpd



smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache


How do I move messages from a sender to the HOLD queue?

Hello all

We have over a thousand messages from a certain user that are stuck in our
mail queue. Is there a way to move those messages to the HOLD queue for
now? I want to move all messages from that specific sender, to the HOLD

All help is greatly appreciated!



enforcing SSL renegotiation for AES-GCM based cipher suites

Dear team
In mod_ssl is there any option to enforce SSL renegotiation after
certain amount of data has been transfered on SSL connection .
If we are using cipher suite which has AES-GCM as encryption algorithm
, then its required that when the counter overlaps or overflows then
SSL renegotiation should happen .
In AES-GCM the final counter is
[4 bytes salt which is negotiated between client and serevr ]
[8 bytes of random bytes which are generated for the first time using
RAND_bytes (nonce_explicit).
It is incremented for each TLS packet]

Error nghttp2 version is too old

I am trying to compile Apache 2.4.25 on Fedora 25 Linux.

The current version of nghttp2 is installed:

To me, these would both seem to be greater than 1.2.1, but I am getting
this error from configure:

Apache 2.4 : Rewrite to keep the original URL


I'm trying to setup an environment with a frontend interface which login
and redirects to my application.

The scenario is: The user access with and the login page
redirects to the application, running on the same host, but on port 81.

How could I keep the original URL?

nonconsistent proxy 503 or 502 errors with apache 2.4


I'm running a FreeBSD 10.3 server which has an Apache 2.4.25 system
running on it. It's reverse proxying to two web servers
and hosted in two separate FreeBSD jails.

I'm getting nonconsistent 502 and 503 errors when atempting to access
the systems from the outside.

For example one time I hit and it works. I then go to and get either a 502 or 503 message. I try from another
browser this time going to and it works, but then going
to gives me those same 502 or 503 error messages.

Where are bounce messages for milters configured?

Hi everyone. Quick question... I have a milter set up to check at smtp
connection time. When the milter rejects a message, the sender gets a
particular bounce message. I need to know how to change the text of that
bounce message. I want it to say something else. Where can I do this?

ProxyPass ! directive

Operating System:
Operating System Version number:
Httpd Version:
Declaring the following directives in a virtual host
ProxyPass "/.well-known/" ! # don't pass lets encrypt folder
ProxyPass "/" ajp://localhost:8010/ # pass root to tomcat server
should result in .well-known folder NOT being proxy passed.


Please remove my E-mail address from your E-mail list

Thank you

Testing reject_unknown_client_hostname

Hello, in Postfix v3.1 I'm having a hard time getting
reject_unknown_client_hostname to bounce test messages.

I set an external host's Postfix myhostname to be purposefully
incorrect, like and sent a message to the test
system. If I have reject_unknown_helo_hostname enabled, it will reject
such messages.

Question about Postfix/Nginx integration / XCLIENT support


I’m playing with using Nginx as an IMAP and SMTP proxy for our mail servers,
as it will help us migrate and horizontally scale.

unused parameter: virtual_mailbox_limit_maps

I found one article:

<a href="" title=""></a>

that says it is not required anymore. To remove it. I am *assuming*
that I then also remove:


I looked around and did not see anywhere it is being used.

Seems this is a hang over from long ago. Old server does not have this
option, but still has the file.



Apache load balancing based on http request body content

Dear all,

I am using Apach httpd for loadbalaning. Now, i want to forward all the requests with an expected string in xml in http body to the same backend server. For example:

http body with string 1 --> Backend Server 1, http body with string 2 --> Backend Server 2

Does somebody know the trick?

Best Regards, Chen

Obsolete httpd-std.conf in binbuild,sh?

Hi all,

I'm trying to build Apache httpd server 2.4.25 on Ubuntu 4.8.0.
The idea is to embed httpd server into own application and to be able
to install on target machine in any location in file system.
I found the tool $(root src)/build/ which should do exactly
what I want.
After I run I get an archive
Then I unpack it and run <target dir> which deploys httpd.

The only problem I see is the issue with httpd.conf file.

Mod_dav configuration question


Since a few months we're using WebDAV (apache mod_dav) to serve files
for one of our apps. Everything works alright but when combined with an
older WebDAV client (needed for Office 2010 and older) we're running
into some issues.

The company that made the client has looked into the problem and gives
this as a possible cause for our issues:

Bypass restrictions for postmaster/abuse

Hello all,

Is there a best practices for exempting the postmaster/abuse address
from certain smtpd_mumble_restrictions?

For example, we see some small businesses who have trouble getting past
reject_unknown_helo_hostname and reject_unknown_client_hostname and if
we reach out to them, we need to allow their reply to our postmaster
address to get delivered, obviously bypassing the checks that originally
caused the rejections.

I think each organization will have restrictions that they deem
important enough to place even before exemptions for postmaster, but I'd
like to learn what other

Setting amavis content_filter in

I am reading the amavis-new readme for postfix.

It almost reads like should have:


rather than how I see it all over in Its presence as an
option in is very inconsistent.

Are there services in that should not have a content_filter to

thank you

postfix upgrade-configuration messes up

Hello everyone,

i'm having a problem upgrading to Centos-6.8 from an older 6.x version.
The problem is created when the rpm post script runs the below command:

# upgrade configuration files if necessary
/usr/sbin/postfix set-permissions upgrade-configuration \
config_directory=/etc/postfix \
daemon_directory=/usr/libexec/postfix \
command_directory=/usr/sbin \
mail_owner=postfix \
setgid_group=postdrop \
manpage_directory=/usr/share/man \
sample_directory=/usr/share/doc/postfix-2.6.6/samples \

Supporting legacy clients

After upgrading to postfix 3.1 (from 2.9), one of our clients said, it
cannot send mail anymore(he has OE6 on XP and said it's planned to
upgrade, but not now).

What we got in log's:
postfix/smtpd[16747]: connect from CLIENTIP
postfix/smtpd[16747]: setting up TLS connection from CLIENTIP
postfix/smtpd[16747]: CLIENTIP: TLS cipher list
postfix/smtpd[16747]: SSL_accept:before SSL initialization
postfix/smtpd[16747]: SSL_accept:before SSL initialization
postfix/smtpd[16747]: SSL3 alert write:fatal:handshake failure
postfix/smtpd[16747]: SSL_accept

Using postconf to manage

I am back to building a new mailserver. I am using Centos7 which has
postfix 2.10.1

Back some 4 years ago there was a thread here to add support to postconf
to manage From

<a href="" title=""></a>

It seems that there are now options here for, but I cannot
find any guidance on using this.

Piping multiple log files to a single java program

I am using this directive successfully.

ErrorLog "| /usr/bin/tee -a /var/log/httpd/error_log | java -cp
producer.jar stdin.producer.StdInProducer /CustomProducer/config.json

if I also want to send ssl_error_log to this program as well, is there
any provision to do so ?

This is what I was doing when using manual script to launch the log consumer.

*tail* *-n0* *-F** /var/log/httpd/error_log /var/log/httpd/ssl_error_log **|*

config mod_user_dir apache apache v.2.4.6.

Hi, what would be the best way to run suexec instead /home/directory,


<Directory "/home/*/public_html">
AllowOverride All FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch ExecCGI
AddHandler cgi-script .cgi .pl .py .rb
Require method GET POST OPTIONS

This is the best way, I hope for your recommendations,


Question on embedded variables in postconf command

Is there a way to get the following:

postconf -e 'smtpd_tls_key_file = /etc/pki/tls/private/$myhostname.key'

To work and substitute the value for $myhostname?

I am building a new server and writing up my scripts and I am trying to
adhere to the lessons I learned here some 2+ years ago. And trying to
be better than I was then...

Thank you.

Supported versions

I used to have a bookmark for a page that showed the currently supported versions of Postfix and (I think) when support ended for previous versions). I seem mohave lost the bookmark and I can’t fin the page on which makes me think it isn’t there.

I can get the information by going to <> and looking in specific announcements to see what (if any versions) were obsoleted.

Just as an example, I was trying to find when 2.6 support ended, and after going through he major releases I found it in the 2.10 release announcements.

mod_rewrite behavior when port is specified


I'm seeing an issue where mod_rewrite seems to behave differently when the
client connects to my VirtualHost and includes the port as a part of the
URL. i.e. <a href="http://xenial.localdomain" title="http://xenial.localdomain">http://xenial.localdomain</a> vs. <a href="http://xenial.localdomain:80" title="http://xenial.localdomain:80">http://xenial.localdomain:80</a>

With this RewriteRule, the redirection that I want (to my SSL VirtualHost
listening on port 443) is working just fine as long as the client uses
<a href="http://xenial.localdomain" title="http://xenial.localdomain">http://xenial.localdomain</a> as the URL:

RewriteRule ^/?(.*) https://%{HTTP_HOST}:443/$1 [R=301,L]

However, when the port is specified ( <a href="http://xenial.localdomain:80" title="http://xenial.localdomain:80">http://xenial.localdomain:80</a> ), the
redirect does not work as expected.

Wietse: Old Mirrors on


There are several old mirrors with bad links that don't work on the
postfix download page and needs to be updated.

404 Not Found <javascript:httperrorcode(36);>
<a href="" title=""></a> USA, MI,
Lansing <>
404 Not Found <javascript:httperrorcode(36);>
<a href="" title=""></a> Romania,
Bucharest <>
404 Not Found <javascript:httperrorcode(36);>
<a href="" title=""></a> South Korea, Seoul

httpd 2.4.25-1.fc25 avoiding search permission errors across file systems Fedora 25 linux

I am trying to set up httpd across several file systems on a Fedora 25 Linux
system, and I'm doing something wrong.

I haven't succeeded in getting httpd to serve pages across the mounted
file systems.

example errors:
[Sun Mar 05 13:31:50.628070 2017] [core:error] [pid 1001] (13)Permission
denied: [client ::1:50082] AH00035: access to /snyder/index.html denied
(filesystem path '/mnt/Workspace/snyder/www/index.html') because search
permissions are missing on a component of the path

[Sun Mar 05 13:32:01.840581 2017] [core:error] [pid 999] (13)Permission
denied: [client ::1:50084] AH0003

postfix permission check reads link mode rather its target

In I have

smtpd_tls_dh1024_param_file = /etc/postfix/dh4096.pem

The permissions on these files are 400 (probably far more restrictive
than necessary).

Help with rewriterule


This is for Apache 2.4 on Centos7. I am migrating from Apache 2.2 on

I want to support redirecting all webmail queries to https. user-defined parameters

(1) To use -o smtpd_client_restrictions in for the submission
port, I have been using

submission_client_restrictions = ...

submission ... -o smtpd_client_restrictions =

This seems to be necessary because of the space in "reject_rbl_client RBL".

This has been working in postfix 2.11 as far as I know.

Postfix, Hotmail never arrive

Hello Together

If i send any mail go @hotmail this will never arrive, but Postfix Log
are here in other thing.
(Queued mail for Delivery)

Mar 4 22:45:26 caloro postfix/qmgr[28159]: BD6EB4159E:
from=< ... at caloro dot ch>, size=569, nrcpt=1 (queue active)
Mar 4 22:45:29 caloro postfix/smtp[26958]: BD6EB4159E:
to=< ... at hotmail dot com>,[]:25,
delay=2.7, delays=0.49/0.01/1.3/0.9, dsn=2.0.0, status=sent (250
<> Queued mail for

mxtoolbox have 0 Error on me Domain.
Please for any help iam Happy


removing SASL Authentication

When I first set up my home mail server I mashed several "postfix
recipies" to get my working system. Not knowing why, this line
made it into

smtpd_relay_restrictions = \
permit_mynetworks, permit_sasl_authenticated

I have no need to relay mail from anywhere except my own network
and I don't authenticate for that. I do get 500-1000 daily attempts
to relay but because I never set up an SASL Authentication Server,
none can ever authenticate.

I'd like to get rid of the "permit_sasl_authenticated" setting,
perhaps rejecting relay attempts earlier.

postfix with possibilities for blackberry integration

Hello Together

Please exist any possibilities to integrate me old Black-Berry 7.1 with
Postfix or Dovecot i don't have any BES Server, but here are any
possibilities to Install with Postfix any Protocol to communicate with it?

Thanks for any feedback


suexec path directory.

Hi, i will install apache 2.4 with centos 7.3, I want to use ispconfig 3 as
a panel, the problem is that I want to configure apache to work in
/home/user/public_html with virtualhost but suexec default comes
-AP_DOC_ROOT="/var/www", is there any way to change the default path
without manually compiling apache.


problem with smtp_bind_address

I have small problem with smtp_bind_address

When I set smtp_bind_address the second IP 195.x.x.27 it does not work,
always sends using 195.x.x.26

my "ip addr"
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group
default qlen 1000
inet 195.x.x.26/29 scope global eth1
valid_lft forever preferred_lft forever
inet 195.x.x.27/29 scope global secondary eth1
valid_lft forever preferred_lft forever

system is debian 8, postifx 3.0.3

what I need to change?

Postfix 3.2.0 stable release

[An on-line version of this announcement will be available at]

Postfix stable release 3.2.0 is available, 20 years after work began
early 1997. This release ends support for legacy release Postfix 2.10.

The main changes in no particular order are:

* Elliptic curve negotiation with OpenSSL <= 1.0.2. This changes
the default smtpd_tls_eecdh_grade setting to "auto", and
introduces a new parameter tls_eecdh_auto_curves with the names
of curves that may be negotiated.

* Stored-procedure support for MySQL databases.

ot: 554 No SMTP service here

struck a problem sending to a particular server, get 554
everything else works fine, server unaltered since setup a while back

how can I troubleshoot this ?

Mar 3 06:36:56 emu postfix/smtp[25322]: 02D124C5D9:
to=< ... at rosscosmetics dot>,[]:25, delay=17227,
delays=17227/0.01/0.06/0, dsn=4.0.0, status=deferred (host[] refused to talk to me: 554
No SMTP service here.)

# telnet 25
Connected to
Escape character is '^]'.
554 No SMTP service here.

domain forwarding/redirecting

I need a way to forward/redirect emails to and from a specific domain and send them to a specific local email account. I need this based on the envelope sender - so regardless of one or multiple recipients (in the header), the email goes to one specific account. It looks like the access filter REDIRECT will work for inbound but I'm not finding anything for outbound messages.

Just need someone to point me in the right direction.


SPF, Postfix and majordomo


As I know, Postfix-users mailing list uses majordomo.

Suppose sender domain has set SPF policy with list of IP addresses
from which mail can originate for their domain. When the user sends a
mail to a mailing list manager like majordomo, being a member of the
list, the sender will receive back the mail posted to a mailing list.

Apache configuration - DirectoryMatch directive: Error in regex evaluation

Dear all,

I am using Apache/2.4.10 (Debian). Following the Apache documentation, I am trying to configure my server using DirectoryMatch. I get the expected behavior concerning the directories I want to handle (only user whose name is the same as the directory name can access to the directory). However I cannot access to the parent directory ("/var/www/html/webdav/directories/” in the example below) getting an “401 Unauthorized”. Changing the dynamic ldap user “%{env:MATCH_DIRECTORYNAME}” by a specific user allows me to access to "/var/www/html/webdav/directories/”.

RewriteRules with Prestashop and Drupal

2 separate needs for 2 web sites...

1) a prestashop 1.6 catalog. The owner asked to change the domain name
of the site but wanted to keed the old one for legacy purpose...

DNSBL, Spamhaus and postscreen filters

I was prompted from reading a recent post to check whether my postscreen
set up was picking up Spamhaus responses. Quick grep through my logs
confirmed that it was not. Seems I am in a bit of Bind (sorry for the
pun). If I use Google's DNS I dont get a response from
If I use my ISP's DNS I will but my ISP also hijacks NXDOMAIN responses
as I was reminded last night when postscreen blocked everything. I am
now looking at setting up my own unbound server, but I wondered if there
was a quicker solution. Can I use the filter option to ignore those
hijacked responses?

Inserting a signature


I'm wanting to insert an email signature in all outgoing email
messages. Is altermime still the best way of doing this or is there
another path?


LDAP-based autoresponder?


Not a postfix issue in fact... Forgive me, please!

I've found something like this: <a href="" title=""></a> So old so
abandoned, there is surely no forum/list/support/help on it. Is there -
by accident - anyone who used it and have integrated it with postfix?

Thanks in advance!
Best regards,

SRS software for postfix?


I'm searching for a Sender Rewriting Scheme tool well integrated with
postfix. postsrsd seems nice and generally works nice however it causes
some problems if canonicals for all four addresses are used - it
operates on the same `sender_canonical_classes' and
`recipient_canonical_classes' settings. Could you propose some other
alternative solutions?

Best regards,

Question about milters

Good day everyone. I have a quick question about a milter that I'm using.
I'm running Postfix 3.x. The milter is called SNFMilter and it uses a Unix
socket instead of inet. My question is a general question about milters. Is
there a way to bypass a milter for authenticated senders who are sending on
posts 25, 587 and 465? I know I can bypass all of Postfix antispam for
authenticated senders, but that is not what I want to do. I just want to
bypass the milter for these outbound senders. Is that even possible? Thanks
for all and any help.

dovecot lda bouncing postfix aliases

Recently configured postfix to use the dovecot lda as I wanted to use
sieve. Got that working a few days ago but noticed that I wasn't getting
any emails to aliases.

Apache Crashing Everyday

Dear All,

We are using 2 Apache & 2 Tomcat with LoadBalance. Everyday the site is
goes down and restarting Apache & Tomcat only help to bring the site back.

I could see below errors on WebServer's Error Log, when the "total
children" count increased more than 200 then Apache is not responding. I
have included my prefork configuration below.

ot: troubleshhoting MX issue (?)

I'm unable to send an email to "a. ... at surfacetreatment dot be", getting
"domain not found".

it seems to me they're misconfigured and, don't have MX set correctly?

or am i misinterpreting this, mxtoolbox find MX ?

fwiw, web redirects to

thanks for help, explanation and any pointers

Mar 1 08:58:53 emu postfix/smtpd[22849]: NOQUEUE: reject: RCPT from
localhost[]: 450 4.1.2 <a. ... at surfacetreatment dot be>: Recipient
address rejected: Domain not found; from=< ... at sbt dot>
to=<a. ... at surfacetreatment dot be> proto=ESMTP helo=<>

# dig -t MX su

Encapsulate incomming bounce mail


in one project I'm sending a bunch of status mails to a number of
different recepients. From time some of them cannot be delivered
(address changes, server misconfigurations, employment changes, ...).

The bounces from the mail come back to my mail server and should go to a
contractor of us managing the e-mail addresses. Now I forward the mail to
an email on their mail server where it arrives, but later it gets lost
somewhere when internal distribution is done.

Hi' i'm trying to use mod_proxy_ajp module with apache 2.4.25 and tomcat 8.5.11 on oel 6.8
even if i uncomment the line in httpd.conf file for enabling the module it don't seem to load, i read that i need to also activate mod_proxy module and that is done.

do you know if a bug exist that would made it unable to load.



Syndicate content