Loading ...
Sorry, an error occurred while loading the content.

Re: holding local delivery

Expand Messages
  • Vernon A. Fort
    ... The maximal_queue_lifetime-30s was for testing only - its normally set for 1d. The sole issues is to prevent mail from bouncing back if we don t get the
    Message 1 of 16 , Mar 31, 2010
    • 0 Attachment
      On 3/31/2010 9:58 PM, Noel Jones wrote:
      > On 3/31/2010 7:41 PM, Vernon A. Fort wrote:
      >> I have a setup where the local deliver using cyrus-imapd is located on
      >> an encrypted volume. When the server is rebooted, we will manually mount
      >> the volume and start the cyrus application. However, until we start
      >> cyrus, how can i configure postfix to accept email but defer or hold the
      >> local deliver indefinitely?
      >>
      >> we do have the maximal_queue_lifetime set to 1 day. I have set the
      >> defer_transports = local, soft_bounce = yes but when i setup the
      >> maximal_queue_lifetime to say 30 seconds, the message does get bounced
      >> back. Any suggestions?
      >>
      >> Vernon
      >
      > Why in the world would you set maximal_queue_lifetime to 30s???
      > Please point the gun away from your foot.
      >
      > The proper way to configure postfix to defer mail when cyrus is not
      > available is to ... do nothing. Let the connections to cyrus fail and
      > allow postfix to retry as it normally does.
      >
      > Is there some reason normal postfix scheduling and defer/retry won't
      > work for you? Then describe the original problem and maybe a better
      > solution can be found.
      >
      > -- Noel Jones
      The maximal_queue_lifetime-30s was for testing only - its normally set
      for 1d. The sole issues is to prevent mail from bouncing back if we
      don't get the encrypted volume mounted and cyrus started back up soon
      enough. A reasonable example would be if the server rebooted due to a
      power hiccup and we did not get the notifications quick enough.

      For now, i have a startup script to set the maximal_queue_lifetime to 1w
      using postconf -e. This seems to do the trick.

      Vernon
    • Wietse Venema
      ... Another option is postconf -e master_service_disable = unix.local Or even: postconf -e master_service_disable = qmgr.fifo (requires Postfix 2.6 or
      Message 2 of 16 , Apr 1, 2010
      • 0 Attachment
        Vernon A. Fort:
        > The maximal_queue_lifetime-30s was for testing only - its normally set
        > for 1d. The sole issues is to prevent mail from bouncing back if we
        > don't get the encrypted volume mounted and cyrus started back up soon
        > enough. A reasonable example would be if the server rebooted due to a
        > power hiccup and we did not get the notifications quick enough.
        >
        > For now, i have a startup script to set the maximal_queue_lifetime to 1w
        > using postconf -e. This seems to do the trick.

        Another option is

        postconf -e "master_service_disable = unix.local"

        Or even:

        postconf -e "master_service_disable = qmgr.fifo"

        (requires Postfix 2.6 or later).

        Wietse
      • J.R.Ewing
        Hello people, Iam trying to solv a problem with relaying. I want to setup a distribution list for one domain, where will postfix only relay email for
        Message 3 of 16 , Apr 1, 2010
        • 0 Attachment
          Hello people,

          Iam trying to solv a problem with relaying. I want to setup a
          distribution list for one domain, where will postfix only relay email
          for mydomain.com to selected users email addresses. No local mailboxes,
          only realaying list. Its quite simple, but.. but if I try to relay email
          comming from SPF active (has active SPF in DNS) server and it is relayed
          to SPF protected server (checking validity of sending server if SPF is
          present in DNS for the sending domain), it is rejected, because of
          course my server is not valid sending server for that domain.
          Is there any solution?
          I have idea to move senders address to "reply to" field and write new
          sender. Is it possible with postfix?

          Thanks

          J.R.
        • Ralf Hildebrandt
          ... Yes, SRS -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 |
          Message 4 of 16 , Apr 1, 2010
          • 0 Attachment
            * J.R.Ewing <jr.ewing@...>:
            > Hello people,
            >
            > Iam trying to solv a problem with relaying. I want to setup a
            > distribution list for one domain, where will postfix only relay email
            > for mydomain.com to selected users email addresses. No local
            > mailboxes, only realaying list. Its quite simple, but.. but if I try
            > to relay email comming from SPF active (has active SPF in DNS) server
            > and it is relayed to SPF protected server (checking validity of
            > sending server if SPF is present in DNS for the sending domain), it
            > is rejected, because of course my server is not valid sending server
            > for that domain.
            > Is there any solution?

            Yes, SRS
            --
            Ralf Hildebrandt
            Geschäftsbereich IT | Abteilung Netzwerk
            Charité - Universitätsmedizin Berlin
            Campus Benjamin Franklin
            Hindenburgdamm 30 | D-12203 Berlin
            Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
            ralf.hildebrandt@... | http://www.charite.de
          • Ralf Hildebrandt
            ... http://en.wikipedia.org/wiki/Sender_Rewriting_Scheme -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin
            Message 5 of 16 , Apr 1, 2010
            • 0 Attachment
              * Ralf Hildebrandt <Ralf.Hildebrandt@...>:

              > Yes, SRS

              http://en.wikipedia.org/wiki/Sender_Rewriting_Scheme

              --
              Ralf Hildebrandt
              Geschäftsbereich IT | Abteilung Netzwerk
              Charité - Universitätsmedizin Berlin
              Campus Benjamin Franklin
              Hindenburgdamm 30 | D-12203 Berlin
              Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
              ralf.hildebrandt@... | http://www.charite.de
            • Simon Waters
              ... As Ralph says SRS will do this. However I looked at this recently for a project, where I thought I d need SRS, and after reviewing the various issues and
              Message 6 of 16 , Apr 1, 2010
              • 0 Attachment
                On Thursday 01 April 2010 12:38:29 J.R.Ewing wrote:
                >
                > Is there any solution?
                > I have idea to move senders address to "reply to" field and write new
                > sender. Is it possible with postfix?

                As Ralph says SRS will do this.

                However I looked at this recently for a project, where I thought I'd need SRS,
                and after reviewing the various issues and SPF adoption figures, concluded
                I'd ignore SPF.

                In particular very few people reject outright on SPF failure (not least this
                isn't a good strategy compared to other filtering methods if all you want to
                do is reduce spam). Various systems handle SPF failed email in a more
                suspicious manner, but that isn't a practical problem in my experience.

                SRS might work better for your purpose, but SPF is broken by design and you
                should flag that to the people using it.

                We forward a lot of email, we don't do envelope rewriting, and have had a
                handful of complaints over the years, most from the same person who didn't
                seem to understand "we have no plans to change at this time".
              • Larry Stone
                ... One day is pretty short. The default is five days. Although things are a lot more reliable these days, it s still possible for an unattended destination
                Message 7 of 16 , Apr 1, 2010
                • 0 Attachment
                  On 3/31/10 11:03 PM, Vernon A. Fort at vfort@... wrote:


                  > The maximal_queue_lifetime-30s was for testing only - its normally set
                  > for 1d.

                  One day is pretty short. The default is five days. Although things are a lot
                  more reliable these days, it's still possible for an unattended destination
                  server to be down over a weekend or be down for long periods for an upgrade,
                  etc.

                  --
                  Larry Stone
                  lstone19@...
                  http://www.stonejongleux.com/
                • J.R.Ewing
                  ... Thanks Simon and Ralf for replies, I was observing SRS and it lookslike there is not a simple way to implement it with postfix. Because Iam just starting
                  Message 8 of 16 , Apr 1, 2010
                  • 0 Attachment
                    Simon Waters napsal(a):
                    > On Thursday 01 April 2010 12:38:29 J.R.Ewing wrote:
                    >> Is there any solution?
                    >> I have idea to move senders address to "reply to" field and write new
                    >> sender. Is it possible with postfix?
                    >
                    > As Ralph says SRS will do this.
                    >
                    > However I looked at this recently for a project, where I thought I'd need SRS,
                    > and after reviewing the various issues and SPF adoption figures, concluded
                    > I'd ignore SPF.
                    >
                    > In particular very few people reject outright on SPF failure (not least this
                    > isn't a good strategy compared to other filtering methods if all you want to
                    > do is reduce spam). Various systems handle SPF failed email in a more
                    > suspicious manner, but that isn't a practical problem in my experience.
                    >
                    > SRS might work better for your purpose, but SPF is broken by design and you
                    > should flag that to the people using it.
                    >
                    > We forward a lot of email, we don't do envelope rewriting, and have had a
                    > handful of complaints over the years, most from the same person who didn't
                    > seem to understand "we have no plans to change at this time".


                    Thanks Simon and Ralf for replies,

                    I was observing SRS and it lookslike there is not a simple way to
                    implement it with postfix.
                    Because Iam just starting to relaying at my server, I will let some time
                    to see, if there are some major problems with it or if it works
                    unnoticed for users. Sad is, that the major freemail provider
                    (seznam.cz) here in Czech Republic sadly implement and enforce SPF, the
                    question is, how many domains that our users would be recieving from are
                    SPF "protected" (I know only one, at domain of our company :-/).

                    Thanks again

                    J.R
                  • Wietse Venema
                    ... make that: local.unix (the connection type comes last).
                    Message 9 of 16 , Apr 1, 2010
                    • 0 Attachment
                      Wietse Venema:
                      > Vernon A. Fort:
                      > > The maximal_queue_lifetime-30s was for testing only - its normally set
                      > > for 1d. The sole issues is to prevent mail from bouncing back if we
                      > > don't get the encrypted volume mounted and cyrus started back up soon
                      > > enough. A reasonable example would be if the server rebooted due to a
                      > > power hiccup and we did not get the notifications quick enough.
                      > >
                      > > For now, i have a startup script to set the maximal_queue_lifetime to 1w
                      > > using postconf -e. This seems to do the trick.
                      >
                      > Another option is
                      >
                      > postconf -e "master_service_disable = unix.local"

                      make that: local.unix (the connection type comes last).

                      > Or even:
                      >
                      > postconf -e "master_service_disable = qmgr.fifo"
                      >
                      > (requires Postfix 2.6 or later).
                      >
                      > Wietse
                      >
                      >
                    • ram
                      ... SPF if not the only reason why you would need SRS. We provide SMTP relay for various mail servers. I want to make sure that every customer uses only his
                      Message 10 of 16 , Apr 2, 2010
                      • 0 Attachment
                        On Thu, 2010-04-01 at 12:14 +0000, Simon Waters wrote:
                        > On Thursday 01 April 2010 12:38:29 J.R.Ewing wrote:
                        > >
                        > > Is there any solution?
                        > > I have idea to move senders address to "reply to" field and write new
                        > > sender. Is it possible with postfix?
                        >
                        > As Ralph says SRS will do this.
                        >
                        > However I looked at this recently for a project, where I thought I'd need SRS,
                        > and after reviewing the various issues and SPF adoption figures, concluded
                        > I'd ignore SPF.
                        >
                        > In particular very few people reject outright on SPF failure (not least this
                        > isn't a good strategy compared to other filtering methods if all you want to
                        > do is reduce spam). Various systems handle SPF failed email in a more
                        > suspicious manner, but that isn't a practical problem in my experience.
                        >
                        > SRS might work better for your purpose, but SPF is broken by design and you
                        > should flag that to the people using it.
                        >
                        > We forward a lot of email, we don't do envelope rewriting, and have had a
                        > handful of complaints over the years, most from the same person who didn't
                        > seem to understand "we have no plans to change at this time".

                        SPF if not the only reason why you would need SRS.
                        We provide SMTP relay for various mail servers.
                        I want to make sure that every customer uses only his domain(s) and
                        sends the mail. Important to implement proper usage reporting as well as
                        stop abuse of network



                        Thanks
                        Ram





                        PS: SPF is used by gmail,hotmail, aol and 40% of the fortune 500
                        companies in the world among a huge lot of others. I dont think it
                        makes any sense to flag anything like "SPF is broken" to so many people.
                        Anyway discussing rising SPF adoption and the unreasonable arguments
                        against SPF is OT on the postfix mailing list.
                      • Wietse Venema
                        ... Postfix supports DKIM, DomainKeys, SPF, SRS, SenderID, etc., etc., via Milter plugins or SMTP-based content filters. Wietse
                        Message 11 of 16 , Apr 2, 2010
                        • 0 Attachment
                          ram:
                          >
                          > On Thu, 2010-04-01 at 12:14 +0000, Simon Waters wrote:
                          > > On Thursday 01 April 2010 12:38:29 J.R.Ewing wrote:
                          > > >
                          > > > Is there any solution?
                          > > > I have idea to move senders address to "reply to" field and write new
                          > > > sender. Is it possible with postfix?

                          Postfix supports DKIM, DomainKeys, SPF, SRS, SenderID, etc., etc.,
                          via Milter plugins or SMTP-based content filters.

                          Wietse
                        • Jose Ildefonso Camargo Tolosa
                          Hi! This is getting interesting..... How, exactly, does mailman (or other mailing list manager) handles this? I mean, I have seen several SPF-enabled domains,
                          Message 12 of 16 , Apr 3, 2010
                          • 0 Attachment
                            Hi!

                            This is getting interesting..... How, exactly, does mailman (or other
                            mailing list manager) handles this? I mean, I have seen several
                            SPF-enabled domains, and these domains have subscriptions to one or
                            more lists... now, reading the headers for one of the messages of this
                            lists, I got this:

                            Sender: owner-postfix-users@...

                            So... my guess is that the SPF check will go against this mail
                            address, not the one on the From field..... am I right?

                            What do you think?

                            lldefonso Camargo
                          • Sahil Tandon
                            ... SPF is against the ENVELOPE, not the HEADER. -- Sahil Tandon
                            Message 13 of 16 , Apr 3, 2010
                            • 0 Attachment
                              On Sat, 03 Apr 2010, Jose Ildefonso Camargo Tolosa wrote:

                              > So... my guess is that the SPF check will go against this mail
                              > address, not the one on the From field..... am I right?

                              SPF is against the ENVELOPE, not the HEADER.

                              --
                              Sahil Tandon <sahil@...>
                            • Wietse Venema
                              ... SPF uses the address in MAIL FROM command. This is sent before the RCPT TO command and before the message header/body. Wietse
                              Message 14 of 16 , Apr 3, 2010
                              • 0 Attachment
                                Jose Ildefonso Camargo Tolosa:
                                > Hi!
                                >
                                > This is getting interesting..... How, exactly, does mailman (or other
                                > mailing list manager) handles this? I mean, I have seen several
                                > SPF-enabled domains, and these domains have subscriptions to one or
                                > more lists... now, reading the headers for one of the messages of this
                                > lists, I got this:
                                >
                                > Sender: owner-postfix-users@...
                                >
                                > So... my guess is that the SPF check will go against this mail
                                > address, not the one on the From field..... am I right?
                                >
                                > What do you think?

                                SPF uses the address in MAIL FROM command. This is sent before
                                the RCPT TO command and before the message header/body.

                                Wietse
                              Your message has been successfully submitted and would be delivered to recipients shortly.