March 2022 - dovecot - dovecot.org

Pigeonhole Sieve: Vacation Extension issue
by Zakaria 05 Mar '22

05 Mar '22

Hi there, I wondered if there is any one who can help me out on this issue. I tried to setup the vacation extension, and it works fine if the Return-Path header and Envelope-From field in Received wasn’t rewritten and contains the actual sender email address which the vacation extension will retrieve from and reply to. Given, I’ve rewritten both headers, to modify TLS connection mailed-by address and I had to revert back to get the vacation extension working, I wondered if there is anyone know how to modify the Sieve settings in Dovecot config for LMTP/LDA and Sieve, or Sieve script rules to retrieve sender email address from From header or any other specific header? If it's not possible, it would be so good if its implemented, it doesn’t seem to be a hard task, so please log this as a feature request. With thanks. Zakaria. Btw, all my prayers and solidarity I send out to Ukraine, Russia and the rest of Europe, and the world, and the sick from this and COVID and alike. We should value one another, Seriously, Putin must urgently stop giving to who want destruction and harm in Europe and manipulating behind the scene such devil affair and leading to this very sickening and unacceptable horror. Palestine deserve justice than preoccupying the world with creating more injustices.

1 0

doveadm quota get hangs for 60 seconds (some analysis done)
by jaroslav＠thinline.cz 05 Mar '22

05 Mar '22

Hello, I encountered somewhat strange behaviour when running doveadm quota get with wildcard username (all usernames are in user@domain format): doveadm -f pager quota get -u *(a)example.domain The command hangs for 60 seconds before returning its result. I tried to dig into the issue a bit using strace and found out that there seems to be some kind of communication mismatch between Dovecot processes. Here is what I found - sorry for the wall of text, strace outputs tend to be large, I tried to reduce them as much as possible. I also tried to draw some conclusions below. This is from strace in the doveadm process, it connects to auth-userdb and requests list of users 1646473083.263021 connect(10, {sa_family=AF_UNIX, sun_path="/run/dovecot/auth-userdb"}, 110) = 0 1646473083.263627 write(10, "VERSION\t1\t0\nLIST\t1\tuser=*(a)example.domain\n", 47) = 47 1646473083.263807 read(10, "VERSION\t1\t1\nSPID\t30012\n", 8192) = 23 1646473084.188212 read(10, "LIST\t1\tuser1@notthat.domain\nLIST\t1\tuser2@another.domain\nLIST\t1\tuser3@also.not\nLIST\t1\t.... This list goes on, the server has over 10000 user accounts. (As a side note, this behaviour struck me as strange - I would expect that the result would be filtered by the server side of the connection, only listing users that match the requested wildcard. I don't know anything about Dovecot internals though, so this might be perfectly normal.) At some point the returned data contain users doveadm is interested in (ie. users that match the wildcard) and requests their information from other Dovecot services, this is an excerpt for a dict service: 1646473084.224608 connect(13, {sa_family=AF_UNIX, sun_path="/run/dovecot/dict"}, 110) = 0 1646473084.225617 write(13, "H2\t2\t0\trelevantuser(a)example.domain\tsqldomainquota\n", 50) = 50 No data are read from FD 10 during this time. When all users are queried, reading from FD 10 resumes 1646473084.274405 read(10, "ifth.domain\nLIST\t1\tuser987(a)domain.six\nLIST\t1\t... At this point though, the process gets stuck: 1646473084.274514 epoll_wait(11, [], 1, 0) = 0 1646473084.274555 read(10, 0x5620076d79dd, 6035) = -1 EAGAIN (Resource temporarily unavailable) 1646473084.274601 epoll_wait(11, [{EPOLLIN, {u32=124338208, u64=94695563280416}}], 1, 155000) = 1 It resumes after 60 seconds, reads some more users and then receives string "DONE" 1646473144.287149 read(10, "LIST\t1\tuser456@domain.seven\nLIST\t1\tuser123@domain.e8\nLIST\t1\tuser7865@dom.nine\n", 6035) = 99 1646473144.287149 read(10, "LIST\t1\t ... ", 5936) = 82 ... 1646473144.294373 epoll_wait(11, [{EPOLLIN, {u32=124338208, u64=94695563280416}}], 1, 155000) = 1 1646473144.307846 read(10, "DONE\t1\t\n", 1611) = 8 Note that at this point the read syscall is no longer trucated. As opposed to reads above, which amounted to 8kB blocks, these are reading few addresses at a time. After the "DONE" string is received, there is no more communication with other Dovecot processes, doveadm prints out results to the console and terminates. Next I investigated the auth process. 1646473083.263121 accept(11, {sa_family=AF_UNIX}, [28->2]) = 23 1646473083.263181 getsockname(23, {sa_family=AF_UNIX, sun_path="/run/dovecot/auth-userdb"}, [28->27]) = 0 1646473083.263690 read(23, "VERSION\t1\t0\nLIST\t1\tuser=*(a)example.domain\n", 1024) = 47 1646473083.263939 connect(24, {sa_family=AF_UNIX, sun_path="auth-worker"}, 110) = 0 1646473083.264228 write(24, "VERSION\tauth-worker\t1\t0\nDBHASH\t1234567890abcdef1234567890abcdef\tfedcba0987654321fedcba0987654321\n", 97) = 97 1646473083.264271 writev(24, [{iov_base="1\t", iov_len=2}, {iov_base="LIST\t1\tuser=*(a)example.domain\tservice=\toriginal-username", iov_len=61}, {iov_base="\n", iov_len=1}], 3) = 64 1646473084.187567 read(24, "1\t*\tuser1(a)notthat.domain\n1\t*\t... 1646473084.187977 write(23, "LIST\t1\tuser1(a)notthat.domain\nLIST\t1\t Reads and writes alternate until these syscalls: 1646473084.238938 read(24, " ... \n1\tOK\n", 8167) = 5354 1646473084.239108 write(23, "LIST\t1\t ... , 51224) = -1 EAGAIN (Resource temporarily unavailable) 1646473084.239536 write(23, "LIST\t1\t ... , 51224) = -1 EAGAIN (Resource temporarily unavailable) From the timing this looks like a kernel buffer for the connection is filled because the other side is not reading the data. This matches strace from doveadm which is at this point reading information about quotas from dict service (timestamp 1646473084.225617.) Auth process seems to react to this by putting the FD on epoll list and then it goes to handle other connections. FD 24 is removed from the epoll list at the same time: 1646473084.239926 epoll_ctl(14, EPOLL_CTL_ADD, 23, {EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=109861328, u64=94566699784656}}) = 0 1646473084.239980 epoll_ctl(14, EPOLL_CTL_DEL, 24, 0x7ffca3a9ae2c) = 0 FD 23 becomes writable relatively quickly, pending data is written to it and read from FD 24 is attempted with no data available: 1646473084.270224 epoll_ctl(14, EPOLL_CTL_DEL, 23, 0x7ffca3a9ae5c) = 0 1646473084.270271 write(23, "LIST\t1\t ... , 51224) = 51224 1646473084.270620 epoll_ctl(14, EPOLL_CTL_ADD, 24, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP, {u32=109860944, u64=94566699784272}}) = 0 1646473084.270712 read(24, 0x5602069198e3, 2813) = -1 EAGAIN (Resource temporarily unavailable) Again, nothing else happens for 60 seconds until FD 24 signals what I presume is a connection close attempt. Note that there was no data read from FD 24 but when the "SHUTDOWN" string arrives from it, auth process starts writing items to FD 23, one by one. 1646473144.286936 read(24, "SHUTDOWN\n", 2813) = 9 1646473144.287003 write(23, "LIST\t1\tuser456(a)domain.seven\n", 29) = 29 1646473144.287059 write(23, "LIST\t1\tuser123(a)domain.e8\n", 31) = 31 1646473144.287103 write(23, "LIST\t1\tuser7865(a)dom.nine\n", 39) = 39 There are multiple user databases, I assume the following is a lookup from the others: 1646473144.294256 writev(24, [{iov_base="2\t", iov_len=2}, {iov_base="LIST\t2\tuser=*(a)example.domain\tservice=\toriginal-username", iov_len=61}, {iov_base="\n", iov_len=1}], 3) = 64 1646473144.294379 read(24, 0x5602069198ec, 2804) = -1 EAGAIN (Resource temporarily unavailable) 1646473144.300490 read(24, "2\tOK\n", 2804) = 5 1646473144.300556 writev(24, [{iov_base="3\t", iov_len=2}, {iov_base="LIST\t3\tuser=*(a)example.domain\tservice=\toriginal-username", iov_len=61}, {iov_base="\n", iov_len=1}], 3) = 64 1646473144.300653 read(24, 0x5602069198f1, 2799) = -1 EAGAIN (Resource temporarily unavailable) 1646473144.307687 read(24, "3\tOK\n", 2799) = 5 1646473144.307751 write(23, "DONE\t1\t\n", 8) = 8 1646473144.307944 close(24) = 0 1646473144.308092 read(23, "", 977) = 0 1646473144.308185 close(23) = 0 I also looked into the auth-userdb (auth -w) service, it seems to mirror what happens in the auth process: [pid 22387] 1646473083.407660 accept(7, <unfinished ...> [pid 22387] 1646473083.407767 <... accept resumed>{sa_family=AF_UNIX}, [28->2]) = 17 [pid 22387] 1646473084.187096 write(17, "1\t*\tuser1(a)notthat.domain\n1\t*\t [pid 22387] 1646473084.233120 write(17, "1\tOK\n", 5 <unfinished ...> [pid 22387] 1646473084.233577 epoll_ctl(9, EPOLL_CTL_ADD, 17, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP, {u32=659542480, u64=94356796068304}} <unfinished ...> [pid 22387] 1646473084.234006 read(17, <unfinished ...> [pid 22387] 1646473084.234254 <... read resumed>0x55d12753b7d1, 8031) = -1 EAGAIN (Resource temporarily unavailable) And after 60 seconds: [pid 22387] 1646473144.286843 write(17, "SHUTDOWN\n", 9 <unfinished ...> At which point the other two requests come in and are replied to. As I said above, I don't know anything about Dovecot internals but from I can gather from these outputs, all data are exchanged correctly and nothing gets stuck reading them from a permanent storage or alike. This bug doesn't manifest every time but seems to be fairly deterministic in that it always triggers for some domains but not for others. From what I've noticed, this affected domain receives all its users in single 8k read in the doveadm process, which in turns triggers (relatively) lengthy lookups and forces the auth process to put more writes on hold (at timestamp 1646473084.239108) Is it possible that when this happens, the "OK" string received from auth-userdb process (timestamp 1646473084.238938) is overlooked and auth process is waiting for more data from auth-userdb while auth-userdb waits for another request? The server itself runs Dovecot 1:2.3.13+dfsg1-2 from Debian repository on amd64. Output from dovecot --version is 2.3.13 (89f716dc2). As far as I can see, nothing indicates this is a performance problem related to insufficient hardware - server runs at 25% CPU utilization average, Pressure Stall Information reports average of 0.5% for CPU, 1% for I/O. System memory used is 10 out of 64GB. As far as I can see, no Dovecot process becomes CPU-bound when doveadm is running. I tried some web search but found nothing related to this. For our purposes, this issue has a relatively simple workaround - using doveadm quota get on specific usernames instead of the wildcard one. Since this might be an issue with a relatively easy fix for someone who knows where to look, I decided to post this bug report anyway. If needed, I should be able to test patches that apply cleanly to Debian sources and compile with dpkg-buildpackage. Thanks

1 0

Dupliate-ish email search?
by ＠lbutlr 04 Mar '22

04 Mar '22

I'm mulling over writing some code to find emails in a maildir that are duplicates, ish. That is to say that sometimes the same message doesn't quite show up as an exact match. Like some ad company may send you three identical messages, except they aren't actually EXACTLY identical, the message-IDs are different, and may the to address quoted part is different, so normal duplicate finders fail to find them. Before I start, is this a solved problem? -- I thought that they were angels, but to my surprise, we climbed aboard their starship, we headed for the skies.

3 2

Issue in 2.3.18 with fts_header_excludes/includes
by Alessio Cecchi 03 Mar '22

03 Mar '22

Hi, I'm still doing some test with fts-flatcurve, after updating to 2.3.18 I enabled: fts_header_excludes = * fts_header_includes = From To Cc Bcc Subject Message-ID but when I try to re-index all messages with FTS flatcurve the fts-flatcurve/ folder inside the Maildir/ become huge. Taking for example a Maildir with cur folder of 1.1G the related fts-flatcurve folder passed from 140M to 2.2G. After remove fts_header_excludes/includes config options, and re-index all messages, the fts-flatcurve/ size return to normal size. Is an issue? Thanks -- Alessio Cecchi Postmaster @http://www.qboxmail.it https://www.linkedin.com/in/alessice

1 1

Does disabling POP3 just mean removing it from the `protocols` list?
by Sean McBride 02 Mar '22

02 Mar '22

Hi all, Hopefully a simple question. If I want to disable POP3 support (because everyone is using IMAP anyway), it is just a matter of removing `pop3` from the `protocols` setting in dovecot.conf? Are there side effects or other considerations I should be aware of? Thanks, Sean

7 9

multiple doveadm ports?
by Joachim Lindenberg 02 Mar '22

02 Mar '22

Hello, I am trying to add another doveadm listener but am struggling with that. The primary reason is that I want to enable replication between two systems and want the replication to be encrypted using TLS. However there are also other doveadm clients locally that are not using TLS and I don´t want to touch all of them. I tried to define something like service doveadm { inet_listener { port = 2425 } inet_listener { port = 2426 ssl = true } } But didn´t get that to work. Is that not possible? I also tried service doveadm { inet_listener { port = 2425 } inet_listener http { port = 2426 ssl = yes } } but then I failed with plugin { mail_replica = https:dove2.example.com:2426 } Can someone please share what is supported and what not, or any pointer to documentation that does? Thanks a lot! Regards, Joachim

2 4

Apple Mail behaviour: can not create sub-folders
by Joseph Tam 02 Mar '22

02 Mar '22

One of my Apple Mail users recently complained his mail reader couldn't create sub-folders -- he could only create top-level folders. Playing around with this, I discovered that I could create folders ( as opposed to mialboxes) *if* I specified mailbox name with a trailing slash. Has anyone come across this? Is this related to https://doc.dovecot.org/configuration_manual/mail_location/mbox/mboxchildfo… ? Joseph Tam <jtam.home(a)gmail.com>

2 2

Re: dovecot Digest, Vol 212, Issue 56
by Korehicom 01 Mar '22

01 Mar '22

1 0

Custom Authentication Method
by Matthew R 01 Mar '22

01 Mar '22

Hi guys, we're using Dovecot/Postfix here for our mail system. I'd like to switch the `passdb` authentication on Dovecot from PAM over to a custom implementation. We'd prefer to have some sort of script check the password with an external IAM provider via HTTP. Is there any way we can accomplish this? The idea is to have Dovecot somehow call a script or send a username/password to some service, which checks the username/password against the identity provider and returns a "yes/no" back to Dovecot. `checkpassword` seems like it may work but I see no documentation on its API. Matthew R, AD, FSEN, FSO, FSCR Chief Director of Engineering & Chairman of the Board of Directors Library of Code sp-us matthew(a)staff.libraryofcode.org

3 2

General Locking & Replication Issues
by Paul Kudla (Scom.ca Internet Services Inc.) 01 Mar '22

01 Mar '22

Ok I am running two dovecot servers and feel pretty close to getting things resolved config wise there are however 2 or 3 issues that all seem to be related i have enclosed FULL config files for both mail18.scom.ca & mail19.scom.ca I have a private network that is used for the replication (10.221.0.0/24) - port 12345 is blocked by pf firewall from outside. I am running freebsd 12.1 and built one server and then raid copied it to the second (mail19) so all the ports / builds etc are identical I did start with dovecot-2.3.14 but pigeonhole would not build on freebsd (thanks for that advice / reply )until upgrade to dovecot-2.3.18 dovecot-2.3.18 was built and installed on both servers along with a good build (freebsd build error was fixed after upgrading) dovecot-2.3-pigeonhole-0.5.18 please note that the second mailserver (mail19) is on an nfs share dedicated to the server (i am awaiting sdram drives to replace this issue) but since i am getting errors on both servers i feel nfs share is not the issue (and yes i enabled dlock) mail18 is on normal sdram drives (more of an fyi as i dont think this is the issue) neither mail server is connected to the other in any kind of a shared way - other then replication postfix should be delivering via : pipe -n dovecot -t unix flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient} Replication only works properly at startup (ie the mail boxes do sync), afterwhich nothing seems to trigger the differences between the servers to update (notify i believe) manually running : [05:04:46] mail18.scom.ca [root:0] /usr/local/etc/dovecot # doveadm sync -u paul(a)scom.ca remote:10.221.0.19 & [05:21:18] mail19.scom.ca [root:0] /usr/local/etc/dovecot # doveadm sync -u paul(a)scom.ca remote:10.221.0.18 does seem to work but with mixed results. I also included postfix main.cf & master.cf as well as some googling has indicated the file locking may be on the postfix side ?? Also more then happy to donate just can not figure out how ??? so that being said : General logging errors are as follows ? [04:46:43] peer1.scom.ca [paul:0] /home/paul ## log dovecot rror Filtering by : dovecot & rror mail18 02-28 04:46:58 {dovecot} [30374] (859753649) doveadm(ed(a)scom.ca)<30486><SUtDJMGZHGIWdwAAz1jc/w>: Error: write(<local>) failed: Timed out after 60 seconds mail19 02-28 04:47:00 {dovecot} [22194] (859753669) doveadm(paul(a)scom.ca)<22219><KQzDNbyZHGLLVgAA0dxyZQ>: Error: write(<local>) failed: Timed out after 60 seconds mail18 02-28 04:47:05 {dovecot} [30374] (859753724) doveadm(ed.hanna(a)dssmgmt.com)<30484><0dYbI8G ZHGIUdwAAz1jc/w>: Error: write(<local>) failed: Timed out after 60 seconds mail18 02-28 04:47:14 {dovecot} [30374] (859753799) doveadm(paul(a)scom.ca)<30485><W/KsI8GZHGIVdwAAz1jc/w>: Error: write(<local>) failed: Timed out after 60 seconds mail18 02-28 04:47:57 {dovecot} [30374] (859754250) doveadm(paul(a)paulkudla.net)<30676></v6tIASaH GLUdwAAz1jc/w>: Error: write(<local>) failed: Timed out after 60 seconds mail18 02-28 04:49:05 {dovecot} [30374] (859754939) doveadm(keith(a)elirpa.com)<30675><aasfIASaHGL TdwAAz1jc/w>: Error: write(<local>) failed: Timed out after 60 seconds mail19 02-28 04:54:45 {dovecot} [22194] (859759457) doveadm(paul(a)paulkudla.net)<22533><m1NpN4GbH GIFWAAA0dxyZQ>: Error: write(<local>) failed: Timed out after 60 seconds mail19 02-28 04:55:07 {dovecot} [22194] (859759868) doveadm(ed(a)scom.ca)<22535><UrLTOYGbHGIHWAAA0dxyZQ>: Error: write(<local>) failed: Timed out after 60 seconds mail19 02-28 04:55:28 {dovecot} [22194] (859760130) doveadm(ed.hanna(a)dssmgmt.com)<22534><kc2dOIG bHGIGWAAA0dxyZQ>: Error: write(<local>) failed: Timed out after 60 seconds mail19 02-28 04:58:52 {dovecot} [22194] (859762842) replicator: Error: Raw backtrace: #0 fatal_handler_real[0x11370e50] -> #1 i_internal_fatal_handler[0x11370f80] -> #2 i_panic[0x112c4456] -> #3 mem_block_alloc.cold[0x112c3d0d] -> #4 t_malloc_real[0x1136a420] -> #5 pool_data_stack_realloc[0x113905f0] -> #6 buffer_alloc[0x11366060] -> #7 buffer_append[0x11366390] -> #8 replicator_queue_push[0x01026fb0] -> #9 dsync_callback[0x01026730] -> #10 dsync_callback[0x01025e60] -> #11 dsync_input[0x010 mail19 02-28 04:58:52 {dovecot} [22194] (859762844) replicator: Error: 0x11388360] -> #14 io_loop_handler_run[0x11386fb0] -> #15 io_loop_run[0x11387130] -> #16 master_service_run[0x112f9c00] -> #17 main[0x01024de0] -> #18 _start[0x01024ff0] -> #19 [unw_get_proc_name() failed: -1] mail19 02-28 04:58:55 {dovecot} [22194] (859762875) doveadm(keith(a)elirpa.com)<22532><zxU4NoGbHGI EWAAA0dxyZQ>: Error: write(<local>) failed: Timed out after 60 seconds Dovecot config for mail18.scom.ca (server - 1) [05:03:57] mail18.scom.ca [root:0] /usr/local/etc/dovecot # cat dovecot.conf # 2.3.14 (cee3cbc0d): /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 12.1-RELEASE amd64 # Hostname: mail18.scom.ca auth_debug = no auth_debug_passwords = no mail_debug = no #lock_method = dotlock #mail_max_lock_timeout = 300s #mbox_read_locks = dotlock #mbox_write_locks = dotlock mmap_disable = yes mail_fsync = always mail_nfs_storage = yes mail_nfs_index = yes auth_mechanisms = plain login auth_verbose = yes base_dir = /data/dovecot/run/ debug_log_path = syslog disable_plaintext_auth = no dsync_features = empty-header-workaround #imapc_features = rfc822.size fetch-headers #imapc_host = mail.scom.ca #imapc_password = Pk554669 #imapc_user = paul(a)scom.ca info_log_path = syslog login_greeting = SCOM.CA Internet Services Inc. - Dovecot ready login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_location = maildir:~/ mail_plugins = " virtual" mail_prefetch_count = 20 protocols = imap pop3 sieve mail_plugins = $mail_plugins notify replication protocol lmtp { mail_plugins = $mail_plugins notify replication sieve } protocol lda { mail_plugins = $mail_plugins notify replication sieve } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / } passdb { args = /usr/local/etc/dovecot/dovecot-pgsql.conf driver = sql } doveadm_port = 12345 doveadm_password = secretxxxx service doveadm { inet_listener { port = 12345 } } #dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u #dsync_remote_cmd = doveadm sync -d -u%u replication_dsync_parameters = -d -N -l 30 -U plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid, box, msgid, from, subject, size, vsize, flags sieve = file:~/sieve/sieve;active=~/sieve/.dovecot.sieve sieve_duplicate_default_period = 1h sieve_duplicate_max_period = 1d mail_replica = tcp:10.221.0.19 #mail_replica = remote:10.221.0.19 replication_sync_timeout = 2 } service anvil { unix_listener anvil { group = vmail mode = 0666 } } service auth { unix_listener /usr/home/postfix/private/auth { mode = 0660 user = postfix group = postfix } } service stats { unix_listener stats-reader { group = vmail mode = 0660 } unix_listener stats-writer { group = vmail mode = 0660 } } userdb { args = /usr/local/etc/dovecot/dovecot-pgsql.conf driver = sql } protocol imap { mail_max_userip_connections = 50 mail_plugins = $mail_plugins notify replication } protocol pop3 { mail_max_userip_connections = 50 mail_plugins = $mail_plugins notify replication } service managesieve-login { inet_listener sieve { port = 4190 } } verbose_proctitle = yes replication_max_conns = 10 replication_full_sync_interval = 30m service replicator { unix_listener replicator-doveadm { mode = 0666 user = vmail } } service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } #Addition ssl config !include sni.conf And dovecot-pgsql.conf file (same on both servers) : driver = pgsql connect = host=localhost port=5433 dbname=scom_billing user=pgsql password=Scom411400 default_pass_scheme = PLAIN password_query = SELECT username as user, password FROM email_users WHERE username = '%u' and password <> 'alias' and status = True and destination = '%u' user_query = SELECT home, uid, gid FROM email_users WHERE username = '%u' and password <> 'alias' and status = True and destination = '%u' iterate_query = SELECT user, password FROM email_users WHERE username = '%u' and password <> 'alias' and status = True and destination = '%u' Mail 19 dovecot config file : [05:05:40] mail19.scom.ca [root:0] /usr/local/etc/dovecot # cat dovecot.conf # 2.3.14 (cee3cbc0d): /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 12.1-RELEASE amd64 # Hostname: mail19.scom.ca auth_debug = no auth_debug_passwords = no mail_debug = no #lock_method = dotlock #mail_max_lock_timeout = 5s #mbox_read_locks = dotlock #mbox_write_locks = dotlock mmap_disable = yes mail_fsync = always mail_nfs_storage = yes mail_nfs_index = yes auth_mechanisms = plain login auth_verbose = yes base_dir = /data/dovecot/run/ debug_log_path = syslog disable_plaintext_auth = no dsync_features = empty-header-workaround #imapc_features = rfc822.size fetch-headers #imapc_host = mail.scom.ca #imapc_password = Pk554669 #imapc_user = paul(a)scom.ca info_log_path = syslog login_greeting = SCOM.CA Internet Services Inc. - Dovecot ready login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_location = maildir:~/ mail_plugins = " virtual" mail_prefetch_count = 20 mail_plugins = $mail_plugins notify replication protocols = imap pop3 sieve protocol lmtp { mail_plugins = $mail_plugins notify replication sieve } protocol lda { mail_plugins = $mail_plugins notify replication sieve } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / } passdb { args = /usr/local/etc/dovecot/dovecot-pgsql.conf driver = sql } doveadm_port = 12345 doveadm_password = secretxxxx service doveadm { inet_listener { port = 12345 } } #dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u #dsync_remote_cmd = doveadm sync -d -u%u replication_dsync_parameters = -d -N -l 30 -U plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid, box, msgid, from, subject, size, vsize, flags sieve = file:~/sieve/sieve;active=~/sieve/.dovecot.sieve sieve_duplicate_default_period = 1h sieve_duplicate_max_period = 1d mail_replica = tcp:10.221.0.18 #mail_replica = remote:vmail@10.221.0.18 replication_sync_timeout = 2 } service anvil { unix_listener anvil { group = vmail mode = 0666 } } service auth { unix_listener /usr/home/postfix/private/auth { mode = 0660 user = postfix group = postfix } } service stats { unix_listener stats-reader { group = vmail mode = 0660 } unix_listener stats-writer { group = vmail mode = 0660 } } userdb { args = /usr/local/etc/dovecot/dovecot-pgsql.conf driver = sql } protocol imap { mail_max_userip_connections = 50 mail_plugins = $mail_plugins notify replication } protocol pop3 { mail_max_userip_connections = 50 mail_plugins = $mail_plugins notify replication } service managesieve-login { inet_listener sieve { port = 4190 } } verbose_proctitle = yes replication_max_conns = 10 replication_full_sync_interval = 30m service replicator { unix_listener replicator-doveadm { mode = 0666 user = vmail } } service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service replicator { unix_listener replicator-doveadm { mode = 0600 user = vmail } } replication_dsync_parameters = -d -N -l 30 -U #Addition ssl config !include sni.conf sni.conf file (same on both servers) : #sni.conf ssl = yes verbose_ssl = yes ssl_dh =</usr/local/etc/dovecot/dh-4096.pem ssl_prefer_server_ciphers = yes #ssl_min_protocol = TLSv1.2 #Default *.scom.ca ssl_key =</usr/local/etc/dovecot/scom.pem ssl_cert =</usr/local/etc/dovecot/scom.pem ssl_ca =</usr/local/etc/dovecot/scom.pem local_name .scom.ca { ssl_key = /programs/common/getssl.cert -c *.scom.ca -q yes ssl_cert = /programs/common/getssl.cert -c *.scom.ca -q yes ssl_ca = /programs/common/getssl.cert -c *.scom.ca -q yes } local_name mail.clancyca.com { ssl_key = /programs/common/getssl.cert -c mail.clancyca.com -q yes ssl_cert = /programs/common/getssl.cert -c mail.clancyca.com -q yes ssl_ca = /programs/common/getssl.cert -c mail.clancyca.com -q yes } local_name secure.clancyca.com { ssl_key = /programs/common/getssl.cert -c secure.clancyca.com -q yes ssl_cert = /programs/common/getssl.cert -c secure.clancyca.com -q yes ssl_ca = /programs/common/getssl.cert -c secure.clancyca.com -q yes } local_name mail.paulkudla.net { ssl_key = /programs/common/getssl.cert -c mail.paulkudla.net -q yes ssl_cert = /programs/common/getssl.cert -c mail.paulkudla.net -q yes ssl_ca = /programs/common/getssl.cert -c mail.paulkudla.net -q yes } local_name mail.ekst.ca { ssl_key = /programs/common/getssl.cert -c mail.ekst.ca -q yes ssl_cert = /programs/common/getssl.cert -c mail.ekst.ca -q yes ssl_ca = /programs/common/getssl.cert -c mail.ekst.ca -q yes } local_name mail.hamletdevelopments.ca { ssl_key = /programs/common/getssl.cert -c mail.hamletdevelopments.ca -q yes ssl_cert = /programs/common/getssl.cert -c mail.hamletdevelopments.ca -q yes ssl_ca = /programs/common/getssl.cert -c mail.hamletdevelopments.ca -q yes } Postfix main.cf (same on both servers) [05:15:03] mail19.scom.ca [root:0] /usr/home/postfix.local/config # cat main.cf # Global Postfix configuration file. This file lists only a subset # of all parameters. For the syntax, and for a complete parameter # list, see the postconf(5) manual page (command: "man 5 postconf"). # # For common configuration examples, see BASIC_CONFIGURATION_README # and STANDARD_CONFIGURATION_README. To find these documents, use # the command "postconf html_directory readme_directory", or go to # http://www.postfix.org/. # # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. alternate_config_directories = /usr/home/postfix/config data_directory = /var/lib/postfix.local maillog_file = /var/log/postfix.local compatibility_level=2 #compatibility_level=3.6 # SOFT BOUNCE # # The soft_bounce parameter provides a limited safety net for # testing. When soft_bounce is enabled, mail will remain queued that # would otherwise bounce. This parameter disables locally-generated # bounces, and prevents the SMTP server from rejecting mail permanently # (by changing 5xx replies into 4xx replies). However, soft_bounce # is no cure for address rewriting mistakes or mail routing mistakes. # soft_bounce = no #relayhost = 216.106.96.23 # LOCAL PATHNAME INFORMATION # # The queue_directory specifies the location of the Postfix queue. # This is also the root directory of Postfix daemons that run chrooted. # See the files in examples/chroot-setup for setting up Postfix chroot # environments on different UNIX systems. # queue_directory = /usr/home/postfix.local # The command_directory parameter specifies the location of all # postXXX commands. # command_directory = /usr/local/sbin # The daemon_directory parameter specifies the location of all Postfix # daemon programs (i.e. programs listed in the master.cf file). This # directory must be owned by root. # daemon_directory = /usr/local/libexec/postfix # QUEUE AND PROCESS OWNERSHIP # # The mail_owner parameter specifies the owner of the Postfix queue # and of most Postfix daemon processes. Specify the name of a user # account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS # AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In # particular, don't specify nobody or daemon. PLEASE USE A DEDICATED # USER. # mail_owner = postfix # The default_privs parameter specifies the default rights used by # the local delivery agent for delivery to external file or command. # These rights are used in the absence of a recipient user context. # DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. # #default_privs = nobody # INTERNET HOST AND DOMAIN NAMES # # The myhostname parameter specifies the internet hostname of this # mail system. The default is to use the fully-qualified domain name # from gethostname(). $myhostname is used as a default value for many # other configuration parameters. # #myhostname = localhost myhostname = mail19.scom.ca # The mydomain parameter specifies the local internet domain name. # The default is to use $myhostname minus the first component. # $mydomain is used as a default value for many other configuration # parameters. # #mydomain = localhost mydomain = mail19.scom.ca # SENDING MAIL # # The myorigin parameter specifies the domain that locally-posted # mail appears to come from. The default is to append $myhostname, # which is fine for small sites. If you run a domain with multiple # machines, you should (1) change this to $mydomain and (2) set up # a domain-wide alias database that aliases each user to # user(a)that.users.mailhost. # # For the sake of consistency between sender and recipient addresses, # myorigin also specifies the default domain name that is appended # to recipient addresses that have no @domain part. # myorigin = $myhostname #myorigin = $mydomain # RECEIVING MAIL # The inet_interfaces parameter specifies the network interface # addresses that this mail system receives mail on. By default, # the software claims all active interfaces on the machine. The # parameter also controls delivery of mail to user(a)[ip.address]. # # See also the proxy_interfaces parameter, for network addresses that # are forwarded to us via a proxy or network address translator. # # Note: you need to stop/start Postfix when this parameter changes. # inet_interfaces = 127.0.0.1 #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost, 76.74.132.2 #inet_interfaces = mail.dsl.scom.ca, dsl.scom.ca # The proxy_interfaces parameter specifies the network interface # addresses that this mail system receives mail on by way of a # proxy or network address translation unit. This setting extends # the address list specified with the inet_interfaces parameter. # # You must specify your proxy/NAT addresses when your system is a # backup MX host for other domains, otherwise mail delivery loops # will happen when the primary MX host is down. # #proxy_interfaces = #proxy_interfaces = 1.2.3.4 # The mydestination parameter specifies the list of domains that this # machine considers itself the final destination for. # # These domains are routed to the delivery agent specified with the # local_transport parameter setting. By default, that is the UNIX # compatible delivery agent that lookups all recipients in /etc/passwd # and /etc/aliases or their equivalent. # # The default is $myhostname + localhost.$mydomain. On a mail domain # gateway, you should also include $mydomain. # # Do not specify the names of virtual domains - those domains are # specified elsewhere (see VIRTUAL_README). # # Do not specify the names of domains that this machine is backup MX # host for. Specify those names via the relay_domains settings for # the SMTP server, or use permit_mx_backup if you are lazy (see # STANDARD_CONFIGURATION_README). # # The local machine is always the final destination for mail addressed # to user(a)[the.net.work.address] of an interface that the mail system # receives mail on (see the inet_interfaces parameter). # # Specify a list of host or domain names, /file/name or type:table # patterns, separated by commas and/or whitespace. A /file/name # pattern is replaced by its contents; a type:table is matched when # a name matches a lookup key (the right-hand side is ignored). # Continue long lines by starting the next line with whitespace. # # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". # #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, # mail.$mydomain, www.$mydomain, ftp.$mydomain # REJECTING MAIL FOR UNKNOWN LOCAL USERS # # The local_recipient_maps parameter specifies optional lookup tables # with all names or addresses of users that are local with respect # to $mydestination, $inet_interfaces or $proxy_interfaces. # # If this parameter is defined, then the SMTP server will reject # mail for unknown local users. This parameter is defined by default. # # To turn off local recipient checking in the SMTP server, specify # local_recipient_maps = (i.e. empty). # # The default setting assumes that you use the default Postfix local # delivery agent for local delivery. You need to update the # local_recipient_maps setting if: # # - You define $mydestination domain recipients in files other than # /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. # For example, you define $mydestination domain recipients in # the $virtual_mailbox_maps files. # # - You redefine the local delivery agent in master.cf. # # - You redefine the "local_transport" setting in main.cf. # # - You use the "luser_relay", "mailbox_transport", or "fallback_transport" # feature of the Postfix local delivery agent (see local(8)). # # Details are described in the LOCAL_RECIPIENT_README file. # # Beware: if the Postfix SMTP server runs chrooted, you probably have # to access the passwd file via the proxymap service, in order to # overcome chroot restrictions. The alternative, having a copy of # the system passwd file in the chroot jail is just not practical. # # The right-hand side of the lookup tables is conveniently ignored. # In the left-hand side, specify a bare username, an @domain.tld # wild-card, or specify a user(a)domain.tld address. # local_recipient_maps = unix:passwd.byname $alias_maps #local_recipient_maps = proxy:unix:passwd.byname $alias_maps #local_recipient_maps = # The unknown_local_recipient_reject_code specifies the SMTP server # response code when a recipient domain matches $mydestination or # ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty # and the recipient address or address local-part is not found. # # The default setting is 550 (reject mail) but it is safer to start # with 450 (try again later) until you are certain that your # local_recipient_maps settings are OK. # #unknown_local_recipient_reject_code = 450 #Set by Mailscanner # TRUST AND RELAY CONTROL # The mynetworks parameter specifies the list of "trusted" SMTP # clients that have more privileges than "strangers". # # In particular, "trusted" SMTP clients are allowed to relay mail # through Postfix. See the smtpd_recipient_restrictions parameter # in postconf(5). # # You can specify the list of "trusted" network addresses by hand # or you can let Postfix do it for you (which is the default). # # By default (mynetworks_style = subnet), Postfix "trusts" SMTP # clients in the same IP subnetworks as the local machine. # On Linux, this does works correctly only with interfaces specified # with the "ifconfig" command. # # Specify "mynetworks_style = class" when Postfix should "trust" SMTP # clients in the same IP class A/B/C networks as the local machine. # Don't do this with a dialup site - it would cause Postfix to "trust" # your entire provider's network. Instead, specify an explicit # mynetworks list by hand, as described below. # # Specify "mynetworks_style = host" when Postfix should "trust" # only the local machine. # #mynetworks_style = class #mynetworks_style = subnet #mynetworks_style = host # Alternatively, you can specify the mynetworks list by hand, in # which case Postfix ignores the mynetworks_style setting. # # Specify an explicit list of network/netmask patterns, where the # mask specifies the number of bits in the network part of a host # address. # # You can also specify the absolute pathname of a pattern file instead # of listing the patterns here. Specify type:table for table-based lookups # (the value on the table right-hand side is not used). # mynetworks = 127.0.0.0/8 65.39.148.0/26 10.220.0.0/16 10.221.0.0/16 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/usr/local/etc/postfix/network_table # The relay_domains parameter restricts what destinations this system will # relay mail to. See the smtpd_recipient_restrictions description in # postconf(5) for detailed information. # # By default, Postfix relays mail # - from "trusted" clients (IP address matches $mynetworks) to any destination, # - from "untrusted" clients to destinations that match $relay_domains or # subdomains thereof, except addresses with sender-specified routing. # The default relay_domains value is $mydestination. # # In addition to the above, the Postfix SMTP server by default accepts mail # that Postfix is final destination for: # - destinations that match $inet_interfaces or $proxy_interfaces, # - destinations that match $mydestination # - destinations that match $virtual_alias_domains, # - destinations that match $virtual_mailbox_domains. # These destinations do not need to be listed in $relay_domains. # # Specify a list of hosts or domains, /file/name patterns or type:name # lookup tables, separated by commas and/or whitespace. Continue # long lines by starting the next line with whitespace. A file name # is replaced by its contents; a type:name table is matched when a # (parent) domain appears as lookup key. # # NOTE: Postfix will not automatically forward mail for domains that # list this system as their primary or backup MX host. See the # permit_mx_backup restriction description in postconf(5). # relay_domains = $mydestination # INTERNET OR INTRANET # The relayhost parameter specifies the default host to send mail to # when no entry is matched in the optional transport(5) table. When # no relayhost is given, mail is routed directly to the destination. # # On an intranet, specify the organizational domain name. If your # internal DNS uses no MX records, specify the name of the intranet # gateway host instead. # # In the case of SMTP, specify a domain, host, host:port, [host]:port, # [address] or [address]:port; the form [host] turns off MX lookups. # # If you're connected via UUCP, see also the default_transport parameter. # #relayhost = [gateway.my.domain] #relayhost = [mailserver.isp.tld] #relayhost = uucphost #relayhost = [an.ip.add.ress] # REJECTING UNKNOWN RELAY USERS # # The relay_recipient_maps parameter specifies optional lookup tables # with all addresses in the domains that match $relay_domains. # # If this parameter is defined, then the SMTP server will reject # mail for unknown relay users. This feature is off by default. # # The right-hand side of the lookup tables is conveniently ignored. # In the left-hand side, specify an @domain.tld wild-card, or specify # a user(a)domain.tld address. # #relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients # INPUT RATE CONTROL # # The in_flow_delay configuration parameter implements mail input # flow control. This feature is turned on by default, although it # still needs further development (it's disabled on SCO UNIX due # to an SCO bug). # # A Postfix process will pause for $in_flow_delay seconds before # accepting a new message, when the message arrival rate exceeds the # message delivery rate. With the default 100 SMTP server process # limit, this limits the mail inflow to 100 messages a second more # than the number of messages delivered per second. # # Specify 0 to disable the feature. Valid delays are 0..10. # #in_flow_delay = 1s # ADDRESS REWRITING # # The ADDRESS_REWRITING_README document gives information about # address masquerading or other forms of address rewriting including # username->Firstname.Lastname mapping. # ADDRESS REDIRECTION (VIRTUAL DOMAIN) # # The VIRTUAL_README document gives information about the many forms # of domain hosting that Postfix supports. # "USER HAS MOVED" BOUNCE MESSAGES # # See the discussion in the ADDRESS_REWRITING_README document. # TRANSPORT MAP # # See the discussion in the ADDRESS_REWRITING_README document. # ALIAS DATABASE # # The alias_maps parameter specifies the list of alias databases used # by the local delivery agent. The default list is system dependent. # # On systems with NIS, the default is to search the local alias # database, then the NIS alias database. See aliases(5) for syntax # details. # # If you change the alias database, run "postalias /etc/aliases" (or # wherever your system stores the mail alias file), or simply run # "newaliases" to build the necessary DBM or DB file. # # It will take a minute or so before changes become visible. Use # "postfix reload" to eliminate the delay. # #alias_maps = dbm:/etc/aliases alias_maps = hash:/usr/home/postfix/config/aliases #alias_maps = hash:/etc/aliases, nis:mail.aliases #alias_maps = netinfo:/aliases # The alias_database parameter specifies the alias database(s) that # are built with "newaliases" or "sendmail -bi". This is a separate # configuration parameter, because alias_maps (see above) may specify # tables that are not necessarily all under control by Postfix. # #alias_database = dbm:/etc/aliases #alias_database = dbm:/etc/mail/aliases alias_database = hash:/etc/postfix/aliases #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases # ADDRESS EXTENSIONS (e.g., user+foo) # # The recipient_delimiter parameter specifies the separator between # user names and address extensions (user+foo). See canonical(5), # local(8), relocated(5) and virtual(5) for the effects this has on # aliases, canonical, virtual, relocated and .forward file lookups. # Basically, the software tries user+foo and .forward+foo before # trying user and .forward. # recipient_delimiter = + # DELIVERY TO MAILBOX # # The home_mailbox parameter specifies the optional pathname of a # mailbox file relative to a user's home directory. The default # mailbox file is /var/spool/mail/user or /var/mail/user. Specify # "Maildir/" for qmail-style delivery (the / is required). # #home_mailbox = Mailbox #home_mailbox = Maildir/ # The mail_spool_directory parameter specifies the directory where # UNIX-style mailboxes are kept. The default setting depends on the # system type. # #mail_spool_directory = /var/mail # The mailbox_command parameter specifies the optional external # command to use instead of mailbox delivery. The command is run as # the recipient with proper HOME, SHELL and LOGNAME environment settings. # Exception: delivery for root is done as $default_user. # # Other environment variables of interest: USER (recipient username), # EXTENSION (address extension), DOMAIN (domain part of address), # and LOCAL (the address localpart). # # Unlike other Postfix configuration parameters, the mailbox_command # parameter is not subjected to $parameter substitutions. This is to # make it easier to specify shell syntax (see example below). # # Avoid shell meta characters because they will force Postfix to run # an expensive shell process. Procmail alone is expensive enough. # # IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN # ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. # #mailbox_command = /some/where/procmail #mailbox_command = /some/where/procmail -a "$EXTENSION" # The mailbox_transport specifies the optional transport in master.cf # to use after processing aliases and .forward files. This parameter # has precedence over the mailbox_command, fallback_transport and # luser_relay parameters. # # Specify a string of the form transport:nexthop, where transport is # the name of a mail delivery transport defined in master.cf. The # :nexthop part is optional. For more details see the sample transport # configuration file. # # NOTE: if you use this feature for accounts not in the UNIX password # file, then you must update the "local_recipient_maps" setting in # the main.cf file, otherwise the SMTP server will reject mail for # non-UNIX accounts with "User unknown in local recipient table". # mailbox_transport = dovecot # The fallback_transport specifies the optional transport in master.cf # to use for recipients that are not found in the UNIX passwd database. # This parameter has precedence over the luser_relay parameter. # # Specify a string of the form transport:nexthop, where transport is # the name of a mail delivery transport defined in master.cf. The # :nexthop part is optional. For more details see the sample transport # configuration file. # # NOTE: if you use this feature for accounts not in the UNIX password # file, then you must update the "local_recipient_maps" setting in # the main.cf file, otherwise the SMTP server will reject mail for # non-UNIX accounts with "User unknown in local recipient table". # #fallback_transport = lmtp:unix:/file/name #fallback_transport = cyrus #fallback_transport = # The luser_relay parameter specifies an optional destination address # for unknown recipients. By default, mail for unknown@$mydestination, # unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned # as undeliverable. # # The following expansions are done on luser_relay: $user (recipient # username), $shell (recipient shell), $home (recipient home directory), # $recipient (full recipient address), $extension (recipient address # extension), $domain (recipient domain), $local (entire recipient # localpart), $recipient_delimiter. Specify ${name?value} or # ${name:value} to expand value only when $name does (does not) exist. # # luser_relay works only for the default Postfix local delivery agent. # # NOTE: if you use this feature for accounts not in the UNIX password # file, then you must specify "local_recipient_maps =" (i.e. empty) in # the main.cf file, otherwise the SMTP server will reject mail for # non-UNIX accounts with "User unknown in local recipient table". # #luser_relay = $user(a)other.host #luser_relay = $local(a)other.host #luser_relay = admin+$local # JUNK MAIL CONTROLS # # The controls listed here are only a very small subset. The file # SMTPD_ACCESS_README provides an overview. # The header_checks parameter specifies an optional table with patterns # that each logical message header is matched against, including # headers that span multiple physical lines. # # By default, these patterns also apply to MIME headers and to the # headers of attached messages. With older Postfix versions, MIME and # attached message headers were treated as body text. # # For details, see "man header_checks". # #header_checks = regexp:/usr/local/etc/postfix/header_checks #Divert to Hold Queue #header_checks = regexp:/etc/postfix/header_checks # FAST ETRN SERVICE # # Postfix maintains per-destination logfiles with information about # deferred mail, so that mail can be flushed quickly with the SMTP # "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". # See the ETRN_README document for a detailed description. # # The fast_flush_domains parameter controls what destinations are # eligible for this service. By default, they are all domains that # this server is willing to relay mail to. # #fast_flush_domains = $relay_domains # SHOW SOFTWARE VERSION OR NOT # # The smtpd_banner parameter specifies the text that follows the 220 # code in the SMTP server's greeting banner. Some people like to see # the mail version advertised. By default, Postfix shows no version. # # You MUST specify $myhostname at the start of the text. That is an # RFC requirement. Postfix itself does not care. # #smtpd_banner = $myhostname ESMTP $mail_name #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) # PARALLEL DELIVERY TO THE SAME DESTINATION # # How many parallel deliveries to the same user or domain? With local # delivery, it does not make sense to do massively parallel delivery # to the same user, because mailbox updates must happen sequentially, # and expensive pipelines in .forward files can cause disasters when # too many are run at the same time. With SMTP deliveries, 10 # simultaneous connections to the same domain could be sufficient to # raise eyebrows. # # Each message delivery transport has its XXX_destination_concurrency_limit # parameter. The default is $default_destination_concurrency_limit for # most delivery transports. For the local delivery agent the default is 2. #local_destination_concurrency_limit = 1 #2 #default_destination_concurrency_limit = 100 #20 # DEBUGGING CONTROL # # The debug_peer_level parameter specifies the increment in verbose # logging level when an SMTP client or server host name or address # matches a pattern in the debug_peer_list parameter. # debug_peer_level = 9 # The debug_peer_list parameter specifies an optional list of domain # or network patterns, /file/name patterns or type:name tables. When # an SMTP client or server host name or address matches a pattern, # increase the verbose logging level by the amount specified in the # debug_peer_level parameter. # #debug_peer_list = 127.0.0.1 #debug_peer_list = some.domain # The debugger_command specifies the external command that is executed # when a Postfix daemon program is run with the -D option. # # Use "command .. & sleep 5" so that the debugger can attach before # the process marches on. If you use an X-based debugger, be sure to # set up your XAUTHORITY environment variable before starting Postfix. # debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 # If you can't use X, use this to capture the call stack when a # daemon crashes. The result is in a file in the configuration # directory, and is named after the process name and the process ID. # # debugger_command = # PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; # echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 # >$config_directory/$process_name.$process_id.log & sleep 5 # # Another possibility is to run gdb under a detached screen session. # To attach to the screen sesssion, su root and run "screen -r # <id_string>" where <id_string> uniquely matches one of the detached # sessions (from "screen -list"). # # debugger_command = # PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen # -dmS $process_name gdb $daemon_directory/$process_name # $process_id & sleep 1 # INSTALL-TIME CONFIGURATION INFORMATION # # The following parameters are used when installing a new Postfix version. # # sendmail_path: The full pathname of the Postfix sendmail command. # This is the Sendmail-compatible mail posting interface. # sendmail_path = /usr/local/sbin/sendmail # newaliases_path: The full pathname of the Postfix newaliases command. # This is the Sendmail-compatible command to build alias databases. # newaliases_path = /usr/local/bin/newaliases # mailq_path: The full pathname of the Postfix mailq command. This # is the Sendmail-compatible mail queue listing command. # mailq_path = /usr/local/bin/mailq # setgid_group: The group for mail submission and queue management # commands. This must be a group name with a numerical group ID that # is not shared with other accounts, not even with the Postfix account. # setgid_group = maildrop # html_directory: The location of the Postfix HTML documentation. # html_directory = no # manpage_directory: The location of the Postfix on-line manual pages. # manpage_directory = /usr/local/man # sample_directory: The location of the Postfix sample configuration files. # This parameter is obsolete as of Postfix 2.1. # #sample_directory = /usr/local/etc/postfix # readme_directory: The location of the Postfix README files. # #readme_directory = no #Auth Stuff smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = smtpd smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks reject_unauth_destination, #check_policy_service unix:private/policyd-spf #TLS Stuff #TLS Stuff #smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1 #smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1 #smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1 #smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1 smtpd_tls_exclude_ciphers = RC4, aNULL smtpd_tls_ask_ccert = yes smtpd_tls_security_level = may smtp_tls_security_level = may smtpd_tls_req_ccert = no smtpd_tls_auth_only = no smtpd_tls_loglevel = 2 smtp_tls_loglevel = 2 smtpd_use_tls = yes smtp_tls_chain_files = /etc/ssl/.scom.ca smtp_use_tls = yes smtp_tls_chain_files = /etc/ssl/.scom.ca smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtp_tls_CApath = /etc/ssl/certs smtpd_tls_CApath = /etc/ssl/certs #Sort out hard bounce to softbounce smtp_reply_filter = pcre:/usr/home/postfix.local/config/smtp_5xx_to_4xx #General Options delay_warning_time = 1h mailbox_size_limit = 0 message_size_limit = 1000000000 #Mailscanner Options #header_checks = regexp:/usr/local/etc/postfix/header_checks unknown_local_recipient_reject_code = 550 #Dovecot stuff #Postgres Stuff #Temp off till i am a mail server mydestination = pgsql:/usr/home/postfix/config/pgsql-mydestination.cf virtual_maps=pgsql:/usr/home/postfix/config/pgsql-virtual.cf #Dovecot Stuff? dovecot_destination_recipient_limit = 1 virtual_transport = dovecot #Spf filter #policy_time_limit = 3600 #Other restrictions strict_rfc821_envelopes = yes smtpd_client_connection_count_limit = 1000 default_process_limit = 100 #minimal_backoff_time = 300s #maximal_backoff_time = 600s #queue_run_delay = 300s #Duplicate suppresion #enable_original_recipient = no #smtpd_discard_ehlo_keywords = silent-discard, dsn milter_default_action = accept milter_protocol = 6 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 #virtual_mailbox_lock = dotlock Postfix Master.cf : [05:16:09] mail19.scom.ca [root:0] /usr/home/postfix.local/config # cat master.cf # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== #smtp inet n - n - - smtpd #submission inet n - n - - smtpd #465 inet n - n - - smtpd #995 inet n - n - - smtpd 61220 inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # #maildrop unix - n n - - pipe # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # ==================================================================== # # The Cyrus deliver program has changed incompatibly, multiple times. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/usr/local/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/usr/local/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${recipient} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # #uucp unix - n n - - pipe # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # ==================================================================== # # Other external delivery methods. # #ifmail unix - n n - - pipe # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) # #bsmtp unix - n n - - pipe # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient # #scalemail-backend unix - n n - 2 pipe # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store # ${nexthop} ${user} ${extension} # #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient} policyd-spf unix - n n - - spawn user=nobody argv=/usr/local/bin/policyd-spf postlog unix-dgram n - n - 1 postlogd -- Happy Monday !!! Thanks - paul Paul Kudla Scom.ca Internet Services <http://www.scom.ca> 004-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3 Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266

2 1