DevHeads.net

Server

Need Help Configuring Postfix Restrictions

Hi i have installed postfix 2.11.3 on debian jessie.Everthing works fine. I would like to restrict local users to send mails to a particular group email id and allow only few users with smtpd_restriction_classes , smtpd_recipient_restrictions following this link <a href="http://www.postfix.net/RESTRICTION_CLASS_README.html" title="http://www.postfix.net/RESTRICTION_CLASS_README.html">http://www.postfix.net/RESTRICTION_CLASS_README.html</a> which is not working. All the users are still able to send mails to the group id. I have the same restriction working fine with postfix 2.9 installed on wheezy.

fatal: no SASL authentication mechanisms please help!

Trying to setup sasl, postfix 2.7, dovecot 1.29. The following is in mail.log
fatal: no SASL authentication mechanisms
warning: deliver_request_get: error receiving common attributes
warning: unexpected end-of-input from dovecot socket while reading input attribute name
warning: process /usr/lib/postfix/smtpd pid 20380 exit status 1

main.cf
myorigin = /etc/mailname
queue_directory = /var/spool/postfix/

biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

submission rate limit advice

I've tightened or rather overtightened several postfix limits, in what
seemed like a good idea at the time...

noticed now this warning, this user is on a dynamic IP, so can't add his
IP to exception:

going by the counter "Connection rate limit exceeded: 125", what values
should I alter?

Jan 31 14:01:09 geko postfix/smtpd[24223]: warning: Connection rate limit
exceeded: 124 from d27-99-95-44.bla2.nsw.optusnet.com.au[27.99.95.44] for
service submission
Jan 31 14:03:14 geko postfix/smtpd[24340]: warning: Connection rate limit
exceeded: 125 from d27-99-95-44.bla2.nsw.optusnet.com.au[27.99.95.44

httpd.conf Invalid Argument

Hi all,

I compiled apache 2.4.27 on an AIX server and installed it on to other AIX
servers of same OS. It works on all servers except one where I see the
error "httpd: Could not open configuration file
/usr/local/etc/httpd/conf/httpd.conf: Invalid argument" when I try to start
using apachectl. The same error appears when I try httpd -M. The
configuration file exists and the permissions are correct.

Need help restricting LDAP authorization to subdirectory

hi,
We are working on a new intranet page for our office and I'm having trouble getting one specific thing working.

Our old intranet was strictly static content in file system directories and permissions were set exclusively on directories. Unfortunately even though this is a new development, I'm currently stuck on Apache 2.2 on CentOS 6.

Apache 2.4 and DirectoryIndex and htaccess

I have a working webroot, and it has an index.php file.

exclude specific external IP from postfix blacklists

I have a problem with specific IP 91.218.208.22. People from network behind
this address can't connect to mailserver, because - as I found out - this
ip address is listed. Not exactly this specific address but whole C class.
I saw Postfix uses blacklists in own configuration but I would like to
exclude only this one IP.

Use of proxypassReverse

Hi,

Can someone tell me in detail the difference between proxypass and
proxypassreverse?
I have just read links stating that proxypassreverse is used for "redirect"
request. But I am not understanding how.

Thanks,
Ananya

.php3 files recognised but .php files not

I have just installed openSUSE Leap 15.0 on a server including Apache
2.4.33 and php 7.2.5.

If I attempt to access .php files, I'm offered them as downloads,
although renaming them to .php3 makes them work fine.

Guidelines for headers in original message

Hello,

What are the general guidelines for headers and their values that are shown
in the original message of an email? I'm particularly interested in the
'Received from: foo by bar'. Do people generally append the actual
servernames along with their IP addresses for all the hops? Or, do they
make the mails come out from a common relay server.

Also, if it's fine to make mails come from a common relay, is it a bad idea
to set $myhostname to foo.relay for all the mails from foo domain, instead
of showing all the hops? I've seen people put this as $myorigin.

Are passwords with embedded spaces allowed using htdbm?

I can get htdbm to accept a cleartext password with spaces when using the
mode where I enter the password at the command line, e.g.,

htdbm -cB dbmfilename user

and the password is validated ok using

htdbm -vB dbmfilename user

but I can’t get it to work using the batch mode:

htdbm -cbB dbmfilename user passwordwithspaces

I have tried using single quotes around the password as well as backslashes
before the space without success.

I would love to be able to programmatically use passwords with spaces if
anyone can show me how to do it.

Thanks.

Best regards,

-Tom

gmail blocking 6to4 ipv6 addresses

Does gmail universally block 6to4 addresses, or is there something else I
am doing wrong?

Jun 07 23:32:14 <a href="http://www.git.icu" title="www.git.icu">www.git.icu</a> postfix/smtp[19358]: 0695A2409C: to=<
... at gmail dot com>, orig_to=< ... at git dot icu>, relay=
gmail-smtp-in.l.google.com[2607:f8b0:400d:c08::1b]:25, delay=1.6,
delays=0.12/0.07/0.84/0.56, dsn=5.7.1, status=bounced (host
gmail-smtp-in.l.google.com[2607:f8b0:400d:c08::1b] said: 550-5.7.1
[2002:c62e:c6c6::1] Our system has detected that this message does not
550-5.7.1 meet IPv6 sending guidelines regarding PTR records and
authentication 550-5.7.1 .

Oddity using FallbackResource in PHP development

Apache is returning 404 when an invalid PHP script is called, even though
FallbackResource is configured and working fine for invalid scripts without
the .php extension.

Said another way, when I use FallbackResource, with a PHP file as the
target, it works fine only when I don't reference an invalid PHP file. When
I do, it doesn't work.

sender_bcc_maps which use reply_to header ?

Hi !

I have a case I want to solve : a mail is sent from <a href="mailto: ... at example dot com"> ... at example dot com</a> with
reply_to defined to <a href="mailto: ... at example dot com"> ... at example dot com</a>.
I want to automaticaly BCC to <a href="mailto: ... at example dot com"> ... at example dot com</a> if reply_to is defined to
<a href="mailto: ... at example dot com"> ... at example dot com</a>.

sender_bcc_maps use "from" header, I want same with reply_to header.
It seems this doesn't exist.

What's the best solution to achieve this ?
Content filter ?

Thanks,
Sylvain

When should someone use TCP socket vs Unix socket vs Websocket for PHP execution

If you have php-fpm running on same server as Apache, and you have a lot of virtual hosts (hundreds+) using PHP. Which is the best approach for executing PHP as the owner of each virtual host (web directory)?

Looking thru this page at the moment for guidance ....

<a href="https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html" title="https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html">https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html</a>

Thanks

local mail submission sendmail fails when loopback is down

Hello all,

TL;DR: `sendmail <address>` fails with `sendmail: fatal: could not find
any active network interfaces` if loopback interface is not up. Is this
expected behaviour?

Longer:

I know applications can expect the loopback interface to be available.
However, strictly speaking, sendmail when invoked for local mail
submission shouldn't attempt to access the network, all it has to do is
drop the file into the maildrop directory.

Rotate logs in apache-2.4.29

Hi All,

I am trying to use rotatelogs in my webserver, but unable to do that.
Please help me to know where I am going wrong.

httpd.conf:
CustomLog "|/bin/rotatelogs logs/httpd_log 60" combined

error_log:
(4002)No such file or directory: AH00104: unable to start piped log program
' /bin/rotatelogs /logs/httpd_log 60'
AH00015: Unable to open logs

I tired for access_log too. But getting the same error.

Thanks
Hemant

mod_proxy_http rewrite problem

All,

I'm facing what seemingly is a very difficult challenge, tyring to set up a
proxy to a backend application. I say 'seemingly very difficult' because I
have reached out to the HTTPD community, codementor.io (offering money for
help), as well as consultants who say they really are not skilled enough to
help. When I started looking into this (I've had to put it on the back
burner due to more urgent needs) I didn't anticipate the setup being
excessively difficult, but it seems to be.

MySQL Java 10 and XQuery

Can MySQL work with Java 10 and XQuery?

reject_sender_login_mismatch exception

:-)

I have all users in an LDAP database and store users' aliases, virtuals,
canonicals, forwards etc as attributes. For that purpose using the
`reject_sender_login_mismatch' seems to be a simple and powerful
solution for increasing security and I'm using it. Excluding some e-mail
addresses from this restriction if necessary is not a problem. The
problem is:
I'd like to allow sending mail from some certain hosts as some certain
users without SASL authentication.

Valid examples for mynetworks file

Good day,

i am working on a migration from an IBM Domino SMTP server to Postfix. In
Domino we had SMTP_allow documents with IP addresses of systems allowed for
sending mails via this server.

Standard IP addresses are fine so i add them like:

192.168.148.52 OK

As far as i understand are *names *like system2.acme.com allowed in the
mynetworks file ?
So this would be OK :

system2.acme.com OK

What about wildcards * ? Would that be also OK or do i need to translate it
into CIDR ?

192.168.*.* OK
or
192.168.50.* OK

Thank you,
Olaf

not adding message-id

Hello,

I have a issue with a message-id automatically added when not present.

Postfix mail system:
postfix 25 (content-filter) --> AV 10026 --> postfix 10025

Summary of the problem:
When a message arrives to the postfix mail system, if it not present, a message-id is added by the second postfix MTA (10025) while "always_add_missing_headers" is set to "no".
Note that this second MTA listens to the loopback interface (see master.cf below).

Logs:
Jun 5 16:51:37 rhel62-agu-fe1 postfix/smtpd[3063]: C51FD40092: client=unknown[10.1.6.31]
Jun 5 16:51:46 rhel62-agu-fe1 postfix/cleanup[3067]: C51F

FINAL REMINDER: Apache EU Roadshow 2018 in Berlin next week!

Hello Apache Supporters and Enthusiasts

This is a final reminder that our Apache EU Roadshow will be held in
Berlin next week on 13th and 14th June 2018. We will have 28 different
sessions running over 2 days that cover some great topics.

Re: [users@httpd] Apache 2.4.x - Restriction of HTTPS Enforcement to external clients

I think you can add an additional RewriteCond under the first:

RewriteCond %{HTTP_HOST} ^www\.example\.com$

mod_rewrite or reverse proxy?

So, I have an Ubuntu 16.04 server (host) with Apache 2.4.18

I have created 4 LXD containers on this server.

Each container has media server app installed.

I want to be able to access a container based on the input query.

So if I browse to http:// <http://"host> "host server"/LPC1, I access
container 1.

If I browse to <a href="http://host" title="http://host">http://host</a> server"/LPC2, I access container 2.

Is this possible with mod_rewrite?

Note that the host and containers can ping each other's IP.

I want to be able to do something like this:

RewriteEngine on

Redirect "localhost/LPC1" "rtmp://10.22.175.19:

Apache 2.4.x - Restriction of HTTPS Enforcement to external clients

Hello,

I have a need to restrict https enforcement on my Apache installation to only external clients.

The server hosting the Apache instance is accessible over the internet via a domain http://www.domainname.net<http://www.domainname.net> while the same server is accessed internally/locally (LAN) by application servers via <a href="http://172.16.10.x/" title="http://172.16.10.x/">http://172.16.10.x/</a>

Whenever https is enforced, the internal applications become unstable because they have not been programmed to make https calls and cannot deal with the https redirection done by Apache.

Re: [users@httpd] Apache httpd 2.4.34-RC1 Win available

Removed the RC download, not in line with registered marks and
identity of the Apache HTTP Server project.

On Monday 04/06/2018 at 16:15, Steffen wrote:

Hi,

I am trying to track a single email throughout the entire postfix process.
The idea is that when a customer calls us and says that a certain email
never reached them, we can quickly trace the email through the logs and see
that it died due to RBL, virus threshold, etc.

Ideally, I'd like to be able to get or set a unique message ID and then be
able to match that ID in the logfiles to see what the outcome of a specific
email was. Is there a way to trace a single email through everything
postfix does to it?

TIA.

Apache httpd 2.4.34-RC1 Win available

Apachelounge informed the ASF-httpd-project on the dev-list that we
have, because the vote time is too short, once in a while RC’s
from branches before voting, so the Win community had more time to
test. Issues are then earlier discovered.

An reaction from Jim (does mostly act as RM and does T&R ) was: I
agree a case could be made for considering adding an RC stage to our
release process... it would require some additional tooling and some
sort of additions to ap_release.h but nothing insurmountable.

Question regardin postfix. postfwd and spam

Hi!

I would like to have some help regarding this issue/scenario:

We have a "central" smtp-relay for (almost) all our servers.

progress with TLS connection reuse

Postfix TLS connection reuse will improve delivery performance,
especially for sites that punish clients that send one message per
connection. This feature is evolving in a 'non-production' Postfix
release, currently postfix-3.4-20180603-nonprod.

Instead of changing how Postfix schedules deliveries, this builds
on the Postfix connection caching infrastructure that already exists
for plaintext connections.

Apache 2.4 authentication and authorization “toggling” - with custom authentication mod

I'm upgrading Apache 2.2 to Apache 2.4, and have encountered an issue
regarding authentication and authorization with a custom authentication
provider.

Emails from localhost

Hello,

I'm seeing lot of emails coming from local IP address trying to send
message to non existing accounts. Sending accounts are valid and even
authenticated. They all try to send messages to domain matching the
sending one. For example:

<a href="mailto: ... at example dot org"> ... at example dot org</a> -> <a href="mailto: ... at example dot org"> ... at example dot org</a>
<a href="mailto: ... at example dot net"> ... at example dot net</a> -> <a href="mailto: ... at example dot net"> ... at example dot net</a>

and so on. support@* is valid, user@* is not. In logs they are coming
from inet_interfaces address set in main.cf.

Apache 2.4 authentication and authorization “toggling” - with custom authentication mod

I'm upgrading Apache 2.2 to Apache 2.4, and have encountered an issue
regarding authentication and authorization with a custom authentication
provider.

Modifying request body and content type going to proxy url

Hi All,
I am able to configure httpd as reverse proxy, I have to modify json body
in post request coming from client to URL encoded format before sending
that to specific proxy server, I have searched for the answer on the
internet but got nothing can anyone give a hint on this.

Thanks,
Shiva

mod_wsgi in Apache 2.4

To support Python code, it appears that mod_wsgi is necessary? |
desirable. It appears to function correctly within Apache 2.4, but I
cannot find it in the *Apache* documentation
<https://httpd.apache.org/docs/2.4/mod/> (the developer's documentation
is easily available.)

Does anyone have any experience, thoughts, caveats, recommendations?

Thanks -- Paul

Distribution repository vs compiled.

Hello dears.

Tell me, please, what's better to use in production:
1) Precompiled binaries of apache httpd from distribution
2) or Self compiled from sources

What are the risks for each options and pro and cons of each?

Thank you.

REMINDER: Apache EU Roadshow 2018 in Berlin is less than 2 weeks away!

Hello Apache Supporters and Enthusiasts

This is a reminder that our Apache EU Roadshow in Berlin is less than
two weeks away and we need your help to spread the word. Please let your
work colleagues, friends and anyone interested in any attending know
about our Apache EU Roadshow event.

We have a great schedule including tracks on Apache Tomcat, Apache Http
Server, Microservices, Internet of Things (IoT) and Cloud Technologies.

possiblities to release a mail

Hello Together

I ask me if are possible to view on console with postfix command witch
mail's are holding back, Status mailtraffic, and so on not mail.log about
different reasons - blacklisted, spam, or score - and to release this mail
for resend a blacklisted mail.

In the meantime I do this steps with ASSP but I see postfix are so stable I
don't think that no possibilities will exist. And I don't will play with 2
or 3 tools if this possibilities with Postfix exist.

Please kindly let my view and understand the aspect from us thanx for
discuss this possible aspect.

Regards

Mauri

strangely unable to access http://httpd.apache.org/ or https://subversion.apache.org/ ??

Apache folks :

Something strange happened in the last 36 hours or so.

Re: [users@httpd] Web page works with "php -S" but not with apache

On 05/29/2018 04:05 PM, Mahmood Naderan wrote:

Email's from local users - with no accounts.

I think I've config issue.

I have some accounts:
<a href="mailto: ... at example dot com"> ... at example dot com</a>
<a href="mailto: ... at example dot com"> ... at example dot com</a>

I have noticed in the logs that spam is getting though as:

* ... at example dot com* sent to -> <a href="mailto: ... at example dot com"> ... at example dot com</a>

May 27 22:00:05 server amavis[12839]: (12839-13) Passed CLEAN
{RelayedInbound}, [127.0.0.1] [X.X.X.X] < ... at example dot com> ->
< ... at example dot com>, Message-ID:
< ... at dcsgaakl01 dot example.com>,
mail_id: aUZXib5w4tLp, Hits: -0.028, size: 1675, queued_as: 56B11204D5,
822 ms

* ... at example dot com* shouldn't be able to send to a local user
bec

APR Table vs. Hash & Array vs. Skip List vs. Ring

Hi everyone,

First of all, I am not sure if this is the right place to ask this.
Please send me to the appropriate mailing list. Thanks.

I want to know basically what the difference is between a table and a
hash table - regarding the APR implementation.

The one difference that stands out to me is that I can iterate over a
hash. So is a hash like a table with a linked list?

Perhaps a table can also be iterated over too. I haven't used tables yet
- nor skip list nor ring.

I will describe my goal:

I have several sets of data that I want to combine in order to iterate
over them all at once.

advice on postscreen setup / exception / dnsbls

I've recently updated Postfix from 2.1, and, enabled postscreen, all's
working well, though, just picked up a false positive:

several users inbound mail blocked with dnsbl.spfbl.net

I have like:

# grep spfbl.net main.cf
postscreen_dnsbl_sites = zen.spamhaus.org*5, psbl.surriel.com*2,
bl.spamcop.net*2, dnsbl.spfbl.net*2,

as this is a gov.au server, should I whitelist health.gov.au ? or sge.net
?

smtp_bind_address and inet_interfaces

Hello,

we have exactly one non-looopback address in inet_interfaces. In this cause
the address is also used as smtp_bind_address.

can we still configure postfix send from any address?

...maybe smtp_bind_address=0.0.0.0 ?

many le ssl certs assigned to postfix

I have server created based on Perfect Server tutorial for Ubuntu 16.04.
Is it possible to assign to postfix/dovecot as many lets encrypt ssl certs
as possible?

Same sender, same sasl user

Hello people
I'm trying to setup sender must be tha same sasl user authentication, but I don't care where the connection comes from or is going.
I'd like only to prevent fake sender. I've tried 'smtp_sender_dependent_authentication = yes', but I think that is not enough.
Some tip?

Thanks.

problem on a relay server

Hello,

i am working on a relay server, but it isn't functionnal.

my main.cf is  :

<a href="http://paste.debian.net/1026390/" title="http://paste.debian.net/1026390/">http://paste.debian.net/1026390/</a>

but i ve theses errors in logs :

<a href="http://paste.debian.net/1026400/" title="http://paste.debian.net/1026400/">http://paste.debian.net/1026400/</a>

did i miss something or did i do something wrong ?

Thanks,

Patrice G

Apache as a Mutual SSL enabled Forward Proxy

Hi all,

Im trying to configure Apache http server as a forward proxy with mutual
ssl enabled. Following is the setup,

[HTTP client] ----------> [Apache Http Server]----------->[Web Server]

I need to enable Mutual SSL between Apache Http Server, Web Server.
Following is the proxy I have configured.

How to route userdir requests to different hosts?

Looking for a way to route requests for different users to different back end hosts behind a proxy of some sort

For example ...

http request to ...

<a href="http://abc.com/~user1" title="http://abc.com/~user1">http://abc.com/~user1</a>

always goes to one specific host

an http requests to ...

<a href="http://abc.com/~user2" title="http://abc.com/~user2">http://abc.com/~user2</a>

always goes to a another specific host

Any suggestions appreciated

Thanks

John

Log Messages

I am running a mail server that has a few local recipients and a bunch of forwarded recipients for one domain. All is working properly. However, there are some log messages that I find confusing. The server receives many messages delivery attempts where the user is not included in the virtual_alias_maps. All but one of them receive log messages like

Recipient address rejected: unverified address

That makes sense. However, one of them receives

Recipient address rejected: User unknown in virtual alias table

I don't see what is different for this particular user.

Apache 2.4: Users autenthication in Active Directory

Hi!
Thanks in advance!
I need help with Apache configuration to enable login through Active directory.
I want allow login if a user is member of a group contained in other group.
Now I have this:
Alias /nagios /opt/nagios/share
<Directory "/opt/nagios/share">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Acceso restringido"
AuthBasicProvider ldap
AuthLDAPURL
"ldap://server/DC=domain,DC=red?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN <a href="mailto: ... at domain dot red"> ... at domain dot red</a>
AuthLDAPBindPassword "xxxxxx"
Require l

Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

Hello all

I have opportunistic TLS (offering STARTLS) configured in my main.cf
file. I have been tasked to disable SSLv2 and SSLv3 as well as disable
medium strength ciphers (to use high strength ones instead) in my postfix
server. If I was to add the following to my main.cf:

smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3

will this be enough to disable medium strength ciphers as well as disable
SSLv2/v3? Or will I need more?

Postfix stable release 3.3.1, and legacy releases 3.2.6, 3.1.9, 3.0.13

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.3.1.html]

Fixed in Postfix 3.3:

* Postfix did not support running as a PID=1 process, which
complicated Postfix deployment in containers. The "postfix
start-fg" command will now run the Postfix master daemon as a
PID=1 process if possible.

Help needed on Apache http server setting

Hi All,

We are using HTTP server to route the request to Winchill PLM. There is a requirement to force the user to change the password once the login first time into the PLM.

Mail being delayed for 5 minutes in active queue before being relayed

Hi there,

I've set up a mail server that should be relaying messages to a different
cluster of Postfix boxes. When I attempt to send a message to the first box,
mail sits in the active queue for 5 minutes before being (successfully)
relayed to the cluster of Postfix boxes. which is then delivered correctly.
I'm trying to figure out why this is and have it relay immediately (as
expected).

*My box I'm attempting to relay FROM is on:
*

*Here's my (sanitized) postconf -n:*

Thanks for your help.

openDKIM and postfix

Hello,

I invested a lot of time tweaking OpenDKIM+Sendmail not to break DKIM-
Signatures, when sendmail is used at the same time to verify available
signatures, adding an Authentication-Results header, signing the
message and forwarding it to the alias-destination.

Problem with virtual_alias_maps and backscatter

Hi,

I got 2 domains, let's call them example.org and example.com and i want
them to share the same mail addresses. So <a href="mailto: ... at example dot org"> ... at example dot org</a> and
<a href="mailto: ... at example dot com"> ... at example dot com</a> should always reach the same destination.

The mail system consists of 2 MX hosts and a single backend MTA that
forwards all mails to my imap server.

How to setup a mailbox clone

I understand how a MX relay works and how to implement it in postfix, but
what I am looking to do is create a clone of all the mailboxes on our
system to another system. So is one server setup like a MX backup relay and
then there is some switch or option that I don't know or do I just setup
'virtual_alias_maps' in main.cf on both systems to save a copy of the email
and forward it to the other?

Syndicate content