DevHeads.net

Server

Need Help Configuring Postfix Restrictions

Hi i have installed postfix 2.11.3 on debian jessie.Everthing works fine. I would like to restrict local users to send mails to a particular group email id and allow only few users with smtpd_restriction_classes , smtpd_recipient_restrictions following this link <a href="http://www.postfix.net/RESTRICTION_CLASS_README.html" title="http://www.postfix.net/RESTRICTION_CLASS_README.html">http://www.postfix.net/RESTRICTION_CLASS_README.html</a> which is not working. All the users are still able to send mails to the group id. I have the same restriction working fine with postfix 2.9 installed on wheezy.

fatal: no SASL authentication mechanisms please help!

Trying to setup sasl, postfix 2.7, dovecot 1.29. The following is in mail.log
fatal: no SASL authentication mechanisms
warning: deliver_request_get: error receiving common attributes
warning: unexpected end-of-input from dovecot socket while reading input attribute name
warning: process /usr/lib/postfix/smtpd pid 20380 exit status 1

main.cf
myorigin = /etc/mailname
queue_directory = /var/spool/postfix/

biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

submission rate limit advice

I've tightened or rather overtightened several postfix limits, in what
seemed like a good idea at the time...

noticed now this warning, this user is on a dynamic IP, so can't add his
IP to exception:

going by the counter "Connection rate limit exceeded: 125", what values
should I alter?

Jan 31 14:01:09 geko postfix/smtpd[24223]: warning: Connection rate limit
exceeded: 124 from d27-99-95-44.bla2.nsw.optusnet.com.au[27.99.95.44] for
service submission
Jan 31 14:03:14 geko postfix/smtpd[24340]: warning: Connection rate limit
exceeded: 125 from d27-99-95-44.bla2.nsw.optusnet.com.au[27.99.95.44

SSL cipher suites

Hello,

I'm looking for recommendations. I'm running apache 2.4 and Openssl
1.0.2n.

Error in 3.2.4 on startup, service not found (rspamd milter)

Hi,

I am getting the following error messages when starting up postfix 3.2.4

2018-02-17T21:50:34.594521+01:00 ms2 postfix/cleanup[9220]: fatal:
host/service localhost/11332 not found: Name or service not known

2018-02-17T21:50:35.594843+01:00 ms2 postfix/pickup[8886]: warning:
maildrop/4612EA0DCA: error writing 90F5AA0EB0: queue file write error

2018-02-17T21:50:35.595321+01:00 ms2 postfix/master[8885]: warning:
process /usr/libexec/postfix/cleanup pid 9220 exit status 1

2018-02-17T21:50:35.595521+01:00 ms2 postfix/master[8885]: warning:
/usr/libexec/postfix/cleanup: bad command startup -

MTA-STS when?

Hi

Hopefully, I am not one of several who already has asked this question
before, but here it goes:

When does postfix plans to implement MTA-STS?

rewrite not working, still going https

Hello,

I'm trying to get apache 2.4 not to rewrite urls with
.well-known/acme-challenge in them. I do not want these urls
redirected to https but all other urls to do so.

Add additional smtp port in postfix

Hello all,

I need to add an additional port for postfix to listen for incoming connections (port 2525). Most of the stuff I've seen on the Internet simply states to add the following in my master.cf

smtp inet n - n - - smtpd
2525 inet n - n - - smtpd

However, since I have postscreen enabled my

#smtp inet n - n - - smtpd

Line in my master.cf is commented out, so I'm thinking the config is different in my case. Can someone help with this?

Thanks a lot

FilterProvider - list of providers

Hi,

I am trying to get my head round what I can do with filters.

append_at_myorigin problem

Hi,

i'm having quite severe problems with append_at_myorigin - Postfix is
appending myorigin to sneder name if it contains a colon character and
is encoded into quoted-printable format, for example (generated by
Thunderbird):

This is rewritten to:

I tried to disable it with this but it doesn't work:
append_dot_mydomain = no
append_at_myorigin = no
local_header_rewrite_clients =

Postfix 2.11.3. Any hints?

azur

httpd running with uid - apache 2.4.29

All,

I am experimenting a scratch install of Apache 2.4 on RHEL. I noticed the
httpd process is running with UID instead of username. Any ideas?

root 30426 1 0 14:40 ? 00:00:00
/app/apache/apache24/bin/httpd -k start
30139 30427 30426 0 14:40 ? 00:00:00
/app/apache/apache24/bin/httpd -k start
30139 30428 30426 0 14:40 ? 00:00:00
/app/apache/apache24/bin/httpd -k start
30139 30429 30426 0 14:40 ? 00:00:00
/app/apache/apache24/bin/httpd -k start

The httpd.conf file has the user and group configured as apache

General websites on e-mail administration that also cover Postfix ?

Hi,

I was looking for some websites that covered e-mail administration in general and that also mentioned Postfix.

I checked the Postfix homepage [1] and on the link “Howtos and FAQs” there are two links at the bottom under the heading “General E-mail/System Administration”. Unfortunately the first link appears to be dead and the second link is more of a discussion of the C10K problem, which appears to be more of use to people writing software on the scale of Postfix.

Can anyone recommend any good sites that cover e-mail administration in general ?

Apache httpd dynamically links to wrong ssl library on macOS causing a crash

Hi,

I’m currently working on a new php formula in the Homebrew package manager
project where we have noticed that httpd crashes on macOS High Sierra under
certain conditions.

Apache httpd directory listing no longer working

Directory listing inside one of our VirtualHost configurations has stopped working recently.
It now returns a 403 Forbidden when trying to access a directory.

The url is protected with basic authentication from a .htpasswd file.
Accessing a specific file under de location presents no problem.

"apachectl -S" and DocumentRoot

Hello

apachectl -S

is a nice command. We are looking for something that outputs the "DocumentRoot" for all virtual hosts

Is there some way to do that with a single command?

Thanks

upgrade or new install

All,

Looking for best practice upgrade method from Apache 2.2.29 to Apache
2.4.29.

Should i perform an in place upgrade or install a new version of Apache
2.4.29?

E-commerce Rewrite Rule

Good morning Team,

Below 4 URL in my e-commerce, please guide me right rewriterule for it.

1. domain.com / Clothing[Department] / Mens[Main Catagory] / Shirts[Sub
Catagory] / T-Shirts [Sub Sub Catagory] / White Shirt [product_id=15]

2. domain.com / Mens[Main Catagory] / Shirts[Sub Catagory] / T-Shirts [Sub
Sub Catagory] / White Shirt [product_id=15]

3. domain.com / Clothing[Department] / Mens[Main Catagory] / Shirts[Sub
Catagory] / White Shirt [product_id=15]

4.

temp avoiding RBL block with client_checks OK?

one of the users is waiting for an email from server currently listed on
<a href="http://www.dnsbl.manitu.net/lookup.php?value=203.12.160.162" title="http://www.dnsbl.manitu.net/lookup.php?value=203.12.160.162">http://www.dnsbl.manitu.net/lookup.php?value=203.12.160.162</a>

chances are it might get fixed in 12 hours, or, maybe not

short of removing dnsbl.manitu.net from my RBL checks, is there a way to
'bypass' this current predicament, and, allow mails from the IP/host?

can I simply put IP ? hostname ? both ? in /etc/postfix/client_checks ?

or is it /etc/postfix/sender_checks ? as so:

203.12.160.162 OK
mail12.tpgi.com.au OK

from main.cf:

Testing Postfix-3.3....0-RC1

Hi,

so far, the RC1 works.

Setting up Apache 2.4 with Letsencrypt

I have dehydrate properly renewing certs from Let's Encrypt (which I am using successfully for mail authentication) and I ma trying to get them working for Apache 2.4, but no luck so far.

I created aliases in /usr/local/etc/apache24/ pointing to the files in /usr/local/etc/dehydrated/certs/domain.tld/fullchain.pem and privkey.pem

in httpd.conf I have:

LoadModule ssl_module libexec/apache24/mod_ssl.so

Include etc/apache24/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

/etc/httpd/extra//httpd-ssl.conf:
Listen 443
SSLCipher

How to best test from VM with port 25 closed by ISP

Hi,

how can I best test postfix delivery from a local VM if port 25 is
blocked by ISP.
My only intention is to setup another VM and make a network between them
and then send mails between them.
Or is there any other solution how I could get postfix from a VM to the
"world"?

Thanks!

sender AND recipient based routing

I have a requirement to deliver via 'X' when sender = 'A' /and/ recipient =
'B', else deliver via configured defaults.
I see how I could use sender_dependent_default_transport_maps to set nexthop
to 'X' when sender = 'A' but I still need to deal with the additional
condition that recipient = 'B'.
It's like I need multiple transport tables, dependent upon sender.
Is there any way to fulfill this requirement within the postfix framework?

Postfix queue

Lately I wrote in python postfix policy service that can do something for
me what I want.
Now I am thinking about next service butI don't know maybe it is not
possible.

That is my question:

There is posssible write some service similar to eg.

check_policy_service unix:private/policy-spf

It is possible to write some policy service that will be working with
postfix queue ?

I would like have policy service that will be able to write do data base
some information eg. when exactly message was sent, message ID, DSN if
soemthing goes wrong.

Apache Unable to reinitiate connection after application server's ip change.

Hello All,

I'm using Apache as my Webserver and we have Tomcat and Websphere as our application servers. We are making an IP change on application servers. On our application servers we don't specify any IP address in any of Tomcat or Websphere configuration. We only specify server name everywhere.

We are only changing IP address but not the server name.

aquamail connecting to postfix

Hello,

Does anyone have Android's aquamail app successfully connecting to a
Postfix server? If so, w hat settings did you use? I keep getting an
authentication denied error. I've tried for authentication choose
automatically, sasl plain, sasl login. For server security I've tried
ssl strict check, ssl accept any (both on port 465), and starttls
strict check and starttls accept any (port 587).

Thanks.
Dave.

FWIW, port 465 gets standards-track blessing from RFC8314

<a href="https://tools.ietf.org/html/rfc8314#section-3.3" title="https://tools.ietf.org/html/rfc8314#section-3.3">https://tools.ietf.org/html/rfc8314#section-3.3</a>

The STARTTLS mechanism on port 587 is relatively widely deployed due
to the situation with port 465 (discussed in Section 7.3). This
differs from IMAP and POP services where Implicit TLS is more widely
deployed on servers than STARTTLS. It is desirable to migrate core
protocols used by MUA software to Implicit TLS over time, for
consistency as well as for the additional reasons discussed in
Appendix A.

apache 2.4 and python

Hello,

I'm trying to get mod python 3.5 working with apache 2.4. I keep
getting an error on the PythonHandler line. I've got python 3.5
installed, and mod_python 3.5 with apache 2.4, they are not talking to
each other.

Any ideas?

Thanks.
Dave.

Mutual authentication between Apache HTTP server and an application server.

Hi,

I'm using Apache HTTP server as a webserver and Websphere application server as an Application server. Apache is using Proxy to redirect requests from Apache to Websphere. On my websphere side security is enabled, and its looking for mutual authentication. Could you please help me with where I can add my Application server's root certificate on Apache end?

Could you please let me know how can I add websphere certificate in my Apache.

IP ACL’s for smtpd port 25 and not submission

Hi,

I currently use postscreen on my Postfix version 3.1.0 mail server. I implement IP ACL’s via it to ban malicious connections (generally from xDSL IP blocks), against smtpd running on port 25.

I have recently configured and turned on submission with SASL. With submission available, I don’t want to ban any particular xDSL IP blocks as clients that are travelling around the world may make use of Internet in cafes, hotels, etc.

Diffing man 5 postconf changes between releases

Hi,

I currently use Postfix version 3.1.0. I know that there are announcements of feature changes between each release of Postfix via e-mail and I read these, but I was wondering if there was an easy way to see the changes to the main.cf configuration parameters between versions ?

For example, can I somehow diff the difference between man 5 postconf on version 3.1.0 and the current release of Postfix ?

t/s missing inbound mails with limited info

I've noticed I'm missing certain inbound emails addressed to me, the IT
support of sender is of limited help, as when I've asked for any rejection
notice or IP of sending server I was told "Please be informed that we
couldn't see failure/rejection notice from our end as we have received the
response from our transactional email provider which we are using in the
system."

I was told 'we rectified the error', but, I don't think I'm getting these
emails, and, the sender is of no help with any info

looking at header of one email that I have received, they are using
amazonses.com.

Set up an Apache HTTP server as a rotating proxy

Hi,

Suppose that I have many proxies that I can use (called secondary
proxies here). I'd like to create a master proxy that rotates its
connection to these secondary proxies. In this way, an application
only needs to connect to this master proxy and does not need to know
whether the master proxy rotates among these secondary proxies.

I see that apache reverse proxy probably may be able to do this. But I
am not very sure. Could anybody confirm whether this is the case? Is
there any specific configuration need to done to ensure a strict
rotation policy?

Spurious access denied errors

Dear list,

I've installed and configured mediawiki as follows (on top of default
Ubuntu 16.04 Apache/2.4.18 installation):

Postfix lost connection after EHLO from neon.domain.com

Hello,

I am trying to figure out why my Postfix disconnect after EHLO command. A
customer is trying to email me something but Postfix disconnect: ( on the
customer side this is the bounced message "Remote Server returned '<
spring1.mydomain.com #5.0.0 smtp; 554 Security violation. Email Session
ID:" )

your help is appreciated!

Feb 8 09:46:03 spring1 postfix/smtpd[47824]: connect from neon.domain.com
[189.45.22.55]
Feb 8 09:46:03 spring1 postfix/smtpd[47824]: match_hostname:
smtpd_client_event_limit_exceptions: neon.domain.com ~?

Help with ProxyPass and ProxyPassReverse

I have a HTTP mail client running on port 7080 on the server that must be
proxied through Apache.

Using a workstation, I can enter:

<a href="http://192.168.1.7:7080/mail.html" title="http://192.168.1.7:7080/mail.html">http://192.168.1.7:7080/mail.html</a>

and it brings up the mail client correctly.

I tried to use ProxyPass/ProxyPassReverse to move the mail client to run on
port 80 with the following configuration:

# Surgemail redirect to allow web based e-mail
<VirtualHost *:80>
ServerName mail.mymaildomain.ca
ProxyPass "/" "http://127.0.0.1:7080/"
ProxyPassReverse "/" "http://127.0.0.1:7080/"
ProxyPassReverseCookieDomain "127.0.0.1" "mail.mymaildomain.ca"
</V

Re: [users@httpd] websocket header not passing a long with ProxyPass and mod_headers

On Thu, Feb 8, 2018 at 1:33 PM, <users-digest- ... at httpd dot apache.org> wrote:
Hi Rainer,

Thanks. Yes, I am using mod_proxy_wstunnel and it appears that that is
the issue.

~Mark

websocket header not passing a long with ProxyPass and mod_headers

Hello, I have an operational setup where Apache httpd is proxying secure
websockets traffic to an Apache Tomcat server. In other words, I'm using
ProxyPass to pass traffic along to a WSS url.

I'm now having some issues trying to throw mod_headers into the mix.

SSL Certificate Validation

Dear users,
We are currently using Apache 2.2.22 (mod_ssl 2.2.22, OpenSSL/0.9.8t) and we have a security concern since developers are able to bypass the SSL certificate verification when using HTTPS calls. Kindly advise what configuration is needed to enforce the certificate verification?

symbol SSLv2_client_method

hello

i have a solaris zone whit apache:

# /app/apache/bin/httpd -version
Server version: Apache/2.0.59
Server built: Jun 18 2007 14:27:08

when a try to start receive this error:

yntax error on line 32 of /app/apache/conf/httpd.conf:
Cannot load /app/apache/modules/mod_ssl.so into server: ld.so.1: httpd:
fatal: relocation error: file /app/apache/modules/mod_ssl.so: symbol
SSLv2_client_method: referenced symbol not found

# ldd /app/apache/modules/mod_ssl.so
libc.so.1 => /lib/libc.so.1
libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1
libm.so.2 => /lib/li

Designing a proper postfix/dovecot LMTP/LDAP layout

I want to replace old Sendmail server with new with Postfix. And although
I have read some documentation and howtos, I'm still disoriented in the
vast array of possibilities in Postfix itself and its interaction with
other pieces.

Virtual/Proxy setup to internal webserver

I have apache24 running on freebsd.

Can I configure virtual host to direct a request for forum.mydomain.com
to an internal webserver on my network

eg; DocumentRoot "forum.mydomain.com"
or "xxx.xxx.xx.xxx"

I tried using Proxy mod but not sure how to setup.

Any hints welcome

mail.log - verify_cache.db: No such file or directory

Hello

Last week I had problems with my mail server but now everything
has settled again. I have in my logs now the following error
message that I do not understand. As I've seen, this has
already been discussed a few times.

Please, how do I tackle this or how can I solve this!?

Probably small problem with SSL config

I'm setting up an Apache server 2.4.25 in our DMZ for the first time,
and having an issue with getting SSL configured correctly.

I am using links text based browser to connect from a second machine
to the first machine.

apxs tool for Windows x64

Hi All,

Is there apxs tool for Windows x64?
I could only find a very old version for Win32 at <a href="https://www.apachelounge.com/download/additional/" title="https://www.apachelounge.com/download/additional/">https://www.apachelounge.com/download/additional/</a> .

Thanks

How to build httpd module on Windows

Hi All:

How can I build a module on Windows platform without apxs tool?
I downloaded and installed Apache httpd binaries for Windows. Httpd runs and is functional. I would like to build my own module on Windows.
When I try to start up httpd with my custom *.so module built on VS2015, I receive and error, as expected:

C:\Apache24\bin>httpd.exe
httpd.exe: Syntax error on line 181 of C:/Apache24/conf/httpd.conf: Can't locate API module structure `example_module' in file C:/Apache24/modules/mod_example_post.so: No error

Thanks

Re: Duplicate mails in mailq / always_bcc

This was one of the things I already tried without resolving the issue, as stated in my feedback mail:

Re: Duplicate mails in mailq / always_bcc

This is *only* the case with mails that later get deferred. Messages that are sucessfully sent to the appliance that archives the mails are only logged once, with the status "sent" obviously.
The recipients address in this and all other cases is always the appliances address ( ... at mailappliance dot local) .

Re: Duplicate mails in mailq / always_bcc

Hi,

I did not change anything that I am not able to revert back to it's original settings.
I am not "blindly trying random changes" but implementing suggestions being made in this thread and / or I found elsewhere online when I searched for keywords like "postfix", "always_bcc", "content_filter" etc.

For the sake of keeping this mail readable, please refer to this link (<a href="https://pastebin.com/nUz5BEdB" title="https://pastebin.com/nUz5BEdB">https://pastebin.com/nUz5BEdB</a>) , there you will find an excerpt of the maillog

Re: Duplicate mails in mailq / always_bcc

Hi list,

sorry for my belated reply.

First of all: thanks for the input to everyone suggesting where / what the error may be.

What I tried so far:
1) reducing the MTU all the way down to 1400 - no change, error still persists.
2) sniffing the connection: nothing suspicious, one or two RST flags in a bunch of 1800 packets
3) Uncomment the filters we use, to rule them out as an error cause: this was partly successful; with every filter uncommented the error still persists
4) deactivate the tcp_window_scaling -> the problem still persists
5) removed the comment from this line:
relay unix

Upgrade unbound resolver to 1.6.8 if used for DANE

If you're using unbound as your local DNSSEC-validating
resolver and have enabled DANE, an issue is resolved in
unbound 1.6.8 where NSEC records for wildcards could be
misused for invalid denial-of-existence proofs. See:

<a href="https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be" title="https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be">https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-...</a>
<a href="https://unbound.net/downloads/CVE-2017-15105.txt" title="https://unbound.net/downloads/CVE-2017-15105.txt">https://unbound.net/downloads/CVE-2017-15105.txt</a>

The first article mentions that the same issue affected
PowerDNS and Dnsmasq. So if you're using one of those,
you might also need to update.

Question regarding smtpd DNS resolution

Hello,

I had a question about Postfix’s smtpd DNS resolution.

In my logs (generally from spam sources), I see the following:

Feb 4 15:05:46 server postfix/smptd[718]: warning: hostname 1-2-3-4.dyn.isp.net does not resolve to address 1.2.3.4: Name or service not known

Does this mean that:

1. smtpd receives a connection from an smtp client and does a reverse DNS lookup
2. smtpd performs a forward DNS lookup on the result and compares the resulting IP address to the initial IP
3. If the IP addresses don’t match it reports this error

...

Trying to get VERP working with Majordomo

I have had a Majordomo configuration working for years (with help from
this list getting the aliases configured).

Help: Vhost default whit other IP.

Hi, i've http(apache2) in debinan 8 and my setup a second vhost(
<a href="http://www.hostB.com" title="www.hostB.com">www.hostB.com</a>) with ip: 192.168.1.51:8000 but my default host in apache is
<a href="http://www.hostA.com" title="www.hostA.com">www.hostA.com</a>.
My apache with received request from browser in 192.168.1.51:8000, redirect
my request for <a href="http://www.hostA.com" title="www.hostA.com">www.hostA.com</a>
I need help
[]'s

Retry connection to reverse proxy backend

Hello,

I've configured Apache as a reverse proxy for my application server.
When the backend server isn't available, Apache quickly responds the
browser with an error 503.

There are short downtimes while I'm upgrading the application server.
But Apache doesn't even care to retry and make the connection request
succeed maybe a few seconds later. It always raises error 503.

Can I configure Apache to try a little harder, and if the backend isn't
responding, wait a second and try again a couple times?

apache httpd2.4.29 error when running make command

Hello group,

I am getting following error when running the make command for httpd2.4.28
on RHEL6

Please advice.

*make[2]: Entering directory
`/app/apache/httpd-2.4.29/support'/app/apache/httpd-2.4.29/srclib/apr/libtool
--silent --mode=link gcc -std=gnu99 -g -O2 -pthread -o htpasswd
htpasswd.lo passwd_common.lo
/app/apache/httpd-2.4.29/srclib/apr-util/libaprutil-1.la
<http://libaprutil-1.la> /app/apache/httpd-2.4.29/srclib/apr/libapr-1.la
<http://libapr-1.la> -lrt -lcrypt -lpthread
-lcrypt/app/apache/httpd-2.4.29/srclib/apr-util/.libs/libaprutil-1.so:
undefined refe

How to retrieve variables from POST XML data

Hi All,

Can please someone provide an example of how to retrieve values from POST xml data.

I use ap_xml_parse_input() to get and parse XML POST.

At the moment I can retrieve everything, including elements, attributes, cdata, but the actual string values.

stable version of 2.4 running in production?

I am planing to upgrade Apache from 2.2 to 2.4 on RHEL 6.6.

I am looking for best practice, should i perform an upgrade from 2.2 or
install 2.4?

Thank you.

Apache responding with wrong protocol

I'm trying to set up Apache 2.4.25 with a Let's Encrypt certificate on
Raspian Stretch. However, I can't get SSL working. Apache keeps
responding with a 400 using HTTP instead of doing the SSL handshake.
What's most confusing is that the log produces lines like:

hostname:80 148.72.168.62 - - [31/Jan/2018:18:23:13 +0100]
"\x16\x03\x01" 400 0 "-" "-"

i.e. it says the request was coming in through port 80, even though it
didn't. I changed my configuration to include 'Listen 443 https' and
disabled the default listener on port 80.

apache 2.4, git smart http, and gitweb configuration

Hello,

I'm trying to host a git repository via smart http on apache 2.4. I'm
also trying to make it viewable using gitweb. The goal is for all
transactions to happen over https so I've got a letsencrypt
certificate. Both reading and writing to the repo on the server should
prompt for a password.

Syndicate content