Loading ...
Sorry, an error occurred while loading the content.

postfix configuration to a generic handler

Expand Messages
  • Tim Prepscius
    Hello, This has probably been answered in some thread, however I m having a hard time finding it. I m reading through the documentation, and it is not clear
    Message 1 of 6 , Sep 15, 2013
    • 0 Attachment
      Hello,

      This has probably been answered in some thread, however I'm having a
      hard time finding it.
      I'm reading through the documentation, and it is not clear how I would
      fashion a configuration.



      I would like to run postfix in the following fashion:

      1. post fix receives mail from anyuser@anydomain TO
      someotheruser@anyotherdomain using SSL (PFS kind)

      2. after mail is received, my java or native handler program is
      executed with the *entire* mail sent text via a
      pipe/file/env/whatever.

      It would be great if the mail never touched disk. I could guarantee
      the mail handler returns almost instantaneously.


      3. it would be nice, but not necessary, that if the above handler
      program exits with an error, PostFix bounces with some generic
      message.



      But with the following additional needs:

      1. I don't want to make user accounts in the file system or actually
      anywhere. I don't want to write them down.
      2. I don't want to register the *real* domain name anywhere. (in any
      file or account, etc)

      Is this possible?


      To reiterate:
      Postfix would only do the protocol of receiving mail, mail would then
      be sent to a handler program I have written.


      Thank you very much for your time,

      -tim
    • Wietse Venema
      ... It s easy enough to send all mail into a pipe(8) command. /etc/postfix/main.cf: transport_maps = static:javapipe /etc/postfix/master.cf: javapipe .... pipe
      Message 2 of 6 , Sep 15, 2013
      • 0 Attachment
        Tim Prepscius:
        > Hello,
        >
        > This has probably been answered in some thread, however I'm having a
        > hard time finding it.
        > I'm reading through the documentation, and it is not clear how I would
        > fashion a configuration.
        >
        >
        >
        > I would like to run postfix in the following fashion:
        >
        > 1. post fix receives mail from anyuser@anydomain TO
        > someotheruser@anyotherdomain using SSL (PFS kind)
        >
        > 2. after mail is received, my java or native handler program is
        > executed with the *entire* mail sent text via a
        > pipe/file/env/whatever.
        >
        > It would be great if the mail never touched disk. I could guarantee
        > the mail handler returns almost instantaneously.
        >
        >
        > 3. it would be nice, but not necessary, that if the above handler
        > program exits with an error, PostFix bounces with some generic
        > message.
        >
        >
        >
        > But with the following additional needs:
        >
        > 1. I don't want to make user accounts in the file system or actually
        > anywhere. I don't want to write them down.
        > 2. I don't want to register the *real* domain name anywhere. (in any
        > file or account, etc)
        >
        > Is this possible?
        >
        > To reiterate:
        > Postfix would only do the protocol of receiving mail, mail would then
        > be sent to a handler program I have written.

        It's easy enough to send all mail into a pipe(8) command.

        /etc/postfix/main.cf:
        transport_maps = static:javapipe

        /etc/postfix/master.cf:
        javapipe .... pipe
        user=xx flags=yy argv=/some/where/java-program $sender $recipient

        However:

        - How would Postfix know what domains to receive? It's a bad idea
        to accept mail from any client to any destination. That would be
        an open relay.

        - How would Postfix know what recipients are valid? It's a bad idea
        to accept-then-bounce mail for non-existent recipients.

        Wietse
      • Tim Prepscius
        oh wow, this worked, first time too. jeeze.. that s awesome. Thank you again, to answer your questions: 1. I do in fact want to only accept mail from static
        Message 3 of 6 , Sep 15, 2013
        • 0 Attachment
          oh wow, this worked, first time too. jeeze.. that's awesome.

          Thank you again, to answer your questions:

          1. I do in fact want to only accept mail from static ips and those
          not on the block list. But I figure there are configuration examples
          for this. I can spend the time to figure this out I think. This has
          to be standard config.

          2. I do in fact want to only accept mail for people in my database,
          but I was hoping to as well provide an "external program" to return
          0/1 for accept/deny for a recipient.

          If you have suggestions on #2, I'll take them!!! ;-)

          -tim

          On 9/15/13, Wietse Venema <wietse@...> wrote:
          > Tim Prepscius:
          >> Hello,
          >>
          >> This has probably been answered in some thread, however I'm having a
          >> hard time finding it.
          >> I'm reading through the documentation, and it is not clear how I would
          >> fashion a configuration.
          >>
          >>
          >>
          >> I would like to run postfix in the following fashion:
          >>
          >> 1. post fix receives mail from anyuser@anydomain TO
          >> someotheruser@anyotherdomain using SSL (PFS kind)
          >>
          >> 2. after mail is received, my java or native handler program is
          >> executed with the *entire* mail sent text via a
          >> pipe/file/env/whatever.
          >>
          >> It would be great if the mail never touched disk. I could guarantee
          >> the mail handler returns almost instantaneously.
          >>
          >>
          >> 3. it would be nice, but not necessary, that if the above handler
          >> program exits with an error, PostFix bounces with some generic
          >> message.
          >>
          >>
          >>
          >> But with the following additional needs:
          >>
          >> 1. I don't want to make user accounts in the file system or actually
          >> anywhere. I don't want to write them down.
          >> 2. I don't want to register the *real* domain name anywhere. (in any
          >> file or account, etc)
          >>
          >> Is this possible?
          >>
          >> To reiterate:
          >> Postfix would only do the protocol of receiving mail, mail would then
          >> be sent to a handler program I have written.
          >
          > It's easy enough to send all mail into a pipe(8) command.
          >
          > /etc/postfix/main.cf:
          > transport_maps = static:javapipe
          >
          > /etc/postfix/master.cf:
          > javapipe .... pipe
          > user=xx flags=yy argv=/some/where/java-program $sender $recipient
          >
          > However:
          >
          > - How would Postfix know what domains to receive? It's a bad idea
          > to accept mail from any client to any destination. That would be
          > an open relay.
          >
          > - How would Postfix know what recipients are valid? It's a bad idea
          > to accept-then-bounce mail for non-existent recipients.
          >
          > Wietse
          >
        • Wietse Venema
          ... This is not a standard configuration. A standard configuration accepts mail from anywhere to a restricted set of domains, and accepts mail from a
          Message 4 of 6 , Sep 15, 2013
          • 0 Attachment
            Tim Prepscius:
            > oh wow, this worked, first time too. jeeze.. that's awesome.
            >
            > Thank you again, to answer your questions:
            >
            > 1. I do in fact want to only accept mail from static ips and those
            > not on the block list. But I figure there are configuration examples
            > for this. I can spend the time to figure this out I think. This has
            > to be standard config.

            This is not a standard configuration. A standard configuration
            accepts mail from anywhere to a restricted set of domains, and
            accepts mail from a restricted set of clients to anywhere.

            > 2. I do in fact want to only accept mail for people in my database,
            > but I was hoping to as well provide an "external program" to return
            > 0/1 for accept/deny for a recipient.

            Again, that is not a standard configuration.

            > If you have suggestions on #2, I'll take them!!! ;-)

            If you only accept mail from a restricted set of clients, then
            this could be as simple as

            mynetworks = list of networks and/or IP addresses
            smtpd_recipient_restrictions = permit_mynetworks, reject

            http://www.postfix.org/postconf.5.html#permit_mynetworks
            http://www.postfix.org/postconf.5.html#mynetworks

            As for validating recipients, I recommend that you use database
            that Postfix can query.

            virtual_mailbox_domains = example.com, example.net, ...
            virtual_mailbox_maps = maptype:mapname
            virtual_transport = javapipe

            http://www.postfix.org/postconf.5.html#virtual_mailbox_domains
            http://www.postfix.org/postconf.5.html#virtual_mailbox_maps
            http://www.postfix.org/postconf.5.html#virtual_transport
            http://www.postfix.org/ADDRESS_CLASS_README.html

            where maptype:mapname returns a non-empty result when the recipient
            is valid. This can be hash:/file/name, mysql:/file/name,
            ldap:/file/name, or any other database that Postfix supports.

            http://www.postfix.org/msql_table.5.html
            http://www.postfix.org/ldap_table.5.html
            http://www.postfix.org/DATABASE_README.html

            Wietse

            > -tim
            >
            > On 9/15/13, Wietse Venema <wietse@...> wrote:
            > > Tim Prepscius:
            > >> Hello,
            > >>
            > >> This has probably been answered in some thread, however I'm having a
            > >> hard time finding it.
            > >> I'm reading through the documentation, and it is not clear how I would
            > >> fashion a configuration.
            > >>
            > >>
            > >>
            > >> I would like to run postfix in the following fashion:
            > >>
            > >> 1. post fix receives mail from anyuser@anydomain TO
            > >> someotheruser@anyotherdomain using SSL (PFS kind)
            > >>
            > >> 2. after mail is received, my java or native handler program is
            > >> executed with the *entire* mail sent text via a
            > >> pipe/file/env/whatever.
            > >>
            > >> It would be great if the mail never touched disk. I could guarantee
            > >> the mail handler returns almost instantaneously.
            > >>
            > >>
            > >> 3. it would be nice, but not necessary, that if the above handler
            > >> program exits with an error, PostFix bounces with some generic
            > >> message.
            > >>
            > >>
            > >>
            > >> But with the following additional needs:
            > >>
            > >> 1. I don't want to make user accounts in the file system or actually
            > >> anywhere. I don't want to write them down.
            > >> 2. I don't want to register the *real* domain name anywhere. (in any
            > >> file or account, etc)
            > >>
            > >> Is this possible?
            > >>
            > >> To reiterate:
            > >> Postfix would only do the protocol of receiving mail, mail would then
            > >> be sent to a handler program I have written.
            > >
            > > It's easy enough to send all mail into a pipe(8) command.
            > >
            > > /etc/postfix/main.cf:
            > > transport_maps = static:javapipe
            > >
            > > /etc/postfix/master.cf:
            > > javapipe .... pipe
            > > user=xx flags=yy argv=/some/where/java-program $sender $recipient
            > >
            > > However:
            > >
            > > - How would Postfix know what domains to receive? It's a bad idea
            > > to accept mail from any client to any destination. That would be
            > > an open relay.
            > >
            > > - How would Postfix know what recipients are valid? It's a bad idea
            > > to accept-then-bounce mail for non-existent recipients.
            > >
            > > Wietse
            > >
            >
          • Tim Prepscius
            ok so i have that working with the mysql db. I ll eventually create a separate db with just one table. I m using a kludge from here:
            Message 5 of 6 , Sep 15, 2013
            • 0 Attachment
              ok so i have that working with the mysql db.
              I'll eventually create a separate db with just one table.

              I'm using a kludge from here:
              http://stackoverflow.com/questions/4772229/configure-mail-server-to-receive-mail-from-any-domain

              to get around specifying the domain:

              virtual_mailbox_domains = pcre:/etc/postfix/virtual_domains.pcre

              ...

              this postfix is great!!!! lol. the man pages are really intimidating
              though. lol.

              I really appreciate the advice,

              -tim



              On 9/15/13, Wietse Venema <wietse@...> wrote:
              > Tim Prepscius:
              >> oh wow, this worked, first time too. jeeze.. that's awesome.
              >>
              >> Thank you again, to answer your questions:
              >>
              >> 1. I do in fact want to only accept mail from static ips and those
              >> not on the block list. But I figure there are configuration examples
              >> for this. I can spend the time to figure this out I think. This has
              >> to be standard config.
              >
              > This is not a standard configuration. A standard configuration
              > accepts mail from anywhere to a restricted set of domains, and
              > accepts mail from a restricted set of clients to anywhere.
              >
              >> 2. I do in fact want to only accept mail for people in my database,
              >> but I was hoping to as well provide an "external program" to return
              >> 0/1 for accept/deny for a recipient.
              >
              > Again, that is not a standard configuration.
              >
              >> If you have suggestions on #2, I'll take them!!! ;-)
              >
              > If you only accept mail from a restricted set of clients, then
              > this could be as simple as
              >
              > mynetworks = list of networks and/or IP addresses
              > smtpd_recipient_restrictions = permit_mynetworks, reject
              >
              > http://www.postfix.org/postconf.5.html#permit_mynetworks
              > http://www.postfix.org/postconf.5.html#mynetworks
              >
              > As for validating recipients, I recommend that you use database
              > that Postfix can query.
              >
              > virtual_mailbox_domains = example.com, example.net, ...
              > virtual_mailbox_maps = maptype:mapname
              > virtual_transport = javapipe
              >
              > http://www.postfix.org/postconf.5.html#virtual_mailbox_domains
              > http://www.postfix.org/postconf.5.html#virtual_mailbox_maps
              > http://www.postfix.org/postconf.5.html#virtual_transport
              > http://www.postfix.org/ADDRESS_CLASS_README.html
              >
              > where maptype:mapname returns a non-empty result when the recipient
              > is valid. This can be hash:/file/name, mysql:/file/name,
              > ldap:/file/name, or any other database that Postfix supports.
              >
              > http://www.postfix.org/msql_table.5.html
              > http://www.postfix.org/ldap_table.5.html
              > http://www.postfix.org/DATABASE_README.html
              >
              > Wietse
              >
              >> -tim
              >>
              >> On 9/15/13, Wietse Venema <wietse@...> wrote:
              >> > Tim Prepscius:
              >> >> Hello,
              >> >>
              >> >> This has probably been answered in some thread, however I'm having a
              >> >> hard time finding it.
              >> >> I'm reading through the documentation, and it is not clear how I would
              >> >> fashion a configuration.
              >> >>
              >> >>
              >> >>
              >> >> I would like to run postfix in the following fashion:
              >> >>
              >> >> 1. post fix receives mail from anyuser@anydomain TO
              >> >> someotheruser@anyotherdomain using SSL (PFS kind)
              >> >>
              >> >> 2. after mail is received, my java or native handler program is
              >> >> executed with the *entire* mail sent text via a
              >> >> pipe/file/env/whatever.
              >> >>
              >> >> It would be great if the mail never touched disk. I could guarantee
              >> >> the mail handler returns almost instantaneously.
              >> >>
              >> >>
              >> >> 3. it would be nice, but not necessary, that if the above handler
              >> >> program exits with an error, PostFix bounces with some generic
              >> >> message.
              >> >>
              >> >>
              >> >>
              >> >> But with the following additional needs:
              >> >>
              >> >> 1. I don't want to make user accounts in the file system or actually
              >> >> anywhere. I don't want to write them down.
              >> >> 2. I don't want to register the *real* domain name anywhere. (in any
              >> >> file or account, etc)
              >> >>
              >> >> Is this possible?
              >> >>
              >> >> To reiterate:
              >> >> Postfix would only do the protocol of receiving mail, mail would then
              >> >> be sent to a handler program I have written.
              >> >
              >> > It's easy enough to send all mail into a pipe(8) command.
              >> >
              >> > /etc/postfix/main.cf:
              >> > transport_maps = static:javapipe
              >> >
              >> > /etc/postfix/master.cf:
              >> > javapipe .... pipe
              >> > user=xx flags=yy argv=/some/where/java-program $sender $recipient
              >> >
              >> > However:
              >> >
              >> > - How would Postfix know what domains to receive? It's a bad idea
              >> > to accept mail from any client to any destination. That would be
              >> > an open relay.
              >> >
              >> > - How would Postfix know what recipients are valid? It's a bad idea
              >> > to accept-then-bounce mail for non-existent recipients.
              >> >
              >> > Wietse
              >> >
              >>
              >
            • Viktor Dukhovni
              ... Postfix always commits messages to disk before notifying the remote SMTP client that the message has been accepted. ... The closest you get to this is with
              Message 6 of 6 , Sep 15, 2013
              • 0 Attachment
                On Sun, Sep 15, 2013 at 07:15:47PM -0400, Tim Prepscius wrote:

                > It would be great if the mail never touched disk. I could guarantee
                > the mail handler returns almost instantaneously.

                Postfix always commits messages to disk before notifying the remote
                SMTP client that the message has been accepted.

                > To reiterate:
                > Postfix would only do the protocol of receiving mail, mail would then
                > be sent to a handler program I have written.

                The closest you get to this is with smtpd_proxy_filter. If your
                Java progrram is modified to be a network listener that implements
                SMTP (perhaps a custom plugin for "James"), Postfix can mediate
                between the remote SMTP client (handling, TLS, SASL, access control,
                a concurrency ceiling based on the number of configured smtpd(8)
                processes, ...) and your SMTP service.

                If you don't enable "speed_adjust" in:

                http://www.postfix.org/postconf.5.html#smtpd_proxy_options

                Postfix will not write the message to disk (of course the O/S may
                write memory pages containing message content to the swap device).

                --
                Viktor.
              Your message has been successfully submitted and would be delivered to recipients shortly.