How to setup postfix to put the queued emails in hold (and not in deferred)

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

How to setup postfix to put the queued emails in hold (and not in deferred)

Michele Carandente
Hi to everybody.
I've setup postfix to queue all the outgoing emails.
Basically I've add in master.cf this line:
hold      unix  -       -       n       -       -       smtp

And in main.cf I've wrote:
defer_transports = hold
default_transport = hold

The problem is that the queued emails will be in deferred queue, and
I've to manually put in hold queue with the command 'postsuper -h
ALL'.

There is a way to put queued email directly in hold queue?

Thanks a lot
Reply | Threaded
Open this post in threaded view
|

Re: How to setup postfix to put the queued emails in hold (and not in deferred)

Barney Desmond
On 4 February 2010 20:40, Michele Carandente <[hidden email]> wrote:
> Hi to everybody.
> I've setup postfix to queue all the outgoing emails.
> Basically I've add in master.cf this line:
> hold      unix  -       -       n       -       -       smtp
>
> And in main.cf I've wrote:
> defer_transports = hold
> default_transport = hold

Your "hold" service is just a duplicate of the regular smtp service.
You might as well have left default_transport alone, and set
defer_transports=smtp

> The problem is that the queued emails will be in deferred queue, and
> I've to manually put in hold queue with the command 'postsuper -h
> ALL'.
>
> There is a way to put queued email directly in hold queue?

There's more than one way to do this. Googling for "postfix hold all
mail" turns up various MailScanner guides and some archives from this
list.

While MailScanner is somewhat frowned upon here, it'll help you get
the idea: http://wiki.linuxquestions.org/wiki/Using_MailScanner/Postfix/SpamAssassin/ClamAV_in_Gentoo_Linux
grep for "hold all incoming messages"

An old list posting that uses a second instance (not necessary here):
http://irbs.net/internet/postfix/0606/1285.html
The key is "smtpd_data_restrictions = static:HOLD"

I've only done this once before, to punish a customer. I can't seem to
find that config now, so you'll need to read a bit to make some sense
of it. What you're wanting to do should be fairly clean and simple to
do.
Reply | Threaded
Open this post in threaded view
|

Re: How to setup postfix to put the queued emails in hold (and not in deferred)

Michele Carandente
Hi,
sorry if I write again, but I've found how to queue directly in HOLD.
Basically the option is:
smtpd_sender_restrictions = static:HOLD

But in this way all the emails will be queued, even the internal one...
There is a way to queue just the emails that will be relayed externally?
Googling a bit I found that should be something like:
smtpd_sender_restrictions = permit_auth_destination static:hold
but it's not working for me...

In my configuration I'm matching the internal addresses in
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf

Thanks
Michele
Reply | Threaded
Open this post in threaded view
|

Re: How to setup postfix to put the queued emails in hold (and not in deferred)

Wietse Venema
Michele Carandente:

> Hi,
> sorry if I write again, but I've found how to queue directly in HOLD.
> Basically the option is:
> smtpd_sender_restrictions = static:HOLD
>
> But in this way all the emails will be queued, even the internal one...
> There is a way to queue just the emails that will be relayed externally?
> Googling a bit I found that should be something like:
> smtpd_sender_restrictions = permit_auth_destination static:hold
> but it's not working for me...

It works exactly as documented: permit the request when the RECIPIENT
is internal; otherwise, hold the message.

These, and other features, are painstakingly documented in, for
example, http://www.postfix.org/postconf.5.html

In particular, client features are documented unter
http://www.postfix.org/postconf.5.html#smtpd_client_restrictions

Sender features are documented under
http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions

See also: http://www.postfix.org/SMTPD_ACCESS_README.html

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: How to setup postfix to put the queued emails in hold (and not in deferred)

Michele Carandente
Hi Wietse,
I had a look at the links that you've suggested me.
If I've understand correctly, I don't have to use the
'smtpd_sender_restrictions' option, because I have to match the
receiver and, if it's in transport_maps =
proxy:mysql:/etc/postfix/mysql-virtual_transports.cf, then means that
it's internal and don't need to be in queue.

So I guess I need to use the option 'smtpd_recipient_restrictions'
At the moment it is that option: smtpd_recipient_restrictions =
permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination

So now I think I've to modify it, so that I'll tell that if the
receiver is matching with an address of transport_maps (Internal
email), then nothing, otherwhise put all the emails in HOLD.

This is the theory. But pratically how the
smtpd_recipient_restrictions should look like?

Thanks
Michele
Reply | Threaded
Open this post in threaded view
|

Re: How to setup postfix to put the queued emails in hold (and not in deferred)

Wietse Venema
Michele Carandente:

> Hi Wietse,
> I had a look at the links that you've suggested me.
> If I've understand correctly, I don't have to use the
> 'smtpd_sender_restrictions' option, because I have to match the
> receiver and, if it's in transport_maps =
> proxy:mysql:/etc/postfix/mysql-virtual_transports.cf, then means that
> it's internal and don't need to be in queue.
>
> So I guess I need to use the option 'smtpd_recipient_restrictions'
> At the moment it is that option: smtpd_recipient_restrictions =
> permit_mynetworks, permit_sasl_authenticated,
> reject_unauth_destination
>
> So now I think I've to modify it, so that I'll tell that if the
> receiver is matching with an address of transport_maps (Internal
> email), then nothing, otherwhise put all the emails in HOLD.
>
> This is the theory. But pratically how the
> smtpd_recipient_restrictions should look like?

What problem are you trying to solve: hold mail only from
non-local clients? then use

smtpd_client_restrictions = permit_mynetworks static:hold

Something else? This would be a good time to describe what
you actually want, instead of what does "not work".

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: How to setup postfix to put the queued emails in hold (and not in deferred)

Michele Carandente
Hi Wietse,
first of all thaks for your reply.

The problem is exatly what you said before: hold mail only from
non-local clients.
I tried as you said with smtpd_client_restrictions = permit_mynetworks
static:hold (actually was like that: smtpd_recipient_restrictions =
permit_mynetworks static:HOLD, permit_sasl_authenticated,
reject_unauth_destination) but it''s putting everithing in HOLD.

Basically my configuration is not a real standard one.
I've this mailserver that must queue all external email and, when I
want, relay them to different domains (depending of the sender).
To say to postfix which email is internal, instead of use
virtual_mailbox_domains, that will consider all the emails part of
that domain as internal, I'm using transport_maps =
proxy:mysql:/etc/postfix/mysql-virtual_transports.cf, where is
pointing to a column of the mail_users database. That column will have
as value 'virtual', so postfix will know if the receiver is internal
or not.

I hope now my configuration is more understandble.

Thanks
Michele
Reply | Threaded
Open this post in threaded view
|

Re: How to setup postfix to put the queued emails in hold (and not in deferred)

Wietse Venema
Michele Carandente:
> Hi Wietse,
> first of all thaks for your reply.
>
> The problem is exatly what you said before: hold mail only from
> non-local clients.
> I tried as you said with smtpd_client_restrictions = permit_mynetworks
> static:hold (actually was like that: smtpd_recipient_restrictions =
> permit_mynetworks static:HOLD, permit_sasl_authenticated,
> reject_unauth_destination) but it''s putting everithing in HOLD.

If Postfix holds ALL mail, then you have other hold actions in
the configuration. Get rid of them.

With:

    smtpd_client_restrictions = permit_mynetworks static:hold

Postfix will HOLD mail from clients that do not match the mynetworks
setting.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: How to setup postfix to put the queued emails in hold (and not in deferred)

Noel Jones-2
In reply to this post by Michele Carandente
On 2/8/2010 9:23 AM, Michele Carandente wrote:

> Hi Wietse,
> first of all thaks for your reply.
>
> The problem is exatly what you said before: hold mail only from
> non-local clients.
> I tried as you said with smtpd_client_restrictions = permit_mynetworks
> static:hold (actually was like that: smtpd_recipient_restrictions =
> permit_mynetworks static:HOLD, permit_sasl_authenticated,
> reject_unauth_destination) but it''s putting everithing in HOLD.
>
> Basically my configuration is not a real standard one.
> I've this mailserver that must queue all external email and, when I
> want, relay them to different domains (depending of the sender).
> To say to postfix which email is internal, instead of use
> virtual_mailbox_domains, that will consider all the emails part of
> that domain as internal, I'm using transport_maps =
> proxy:mysql:/etc/postfix/mysql-virtual_transports.cf, where is
> pointing to a column of the mail_users database. That column will have
> as value 'virtual', so postfix will know if the receiver is internal
> or not.

The documented way to tell postfix to accept mail for a domain
is to put the domain in one of {mydestination, relay_domains,
virtual_alias_domains, virtual_mailbox_domains}.  See below
for some documentation links.  I don't see transport_maps
listed there.

When you don't use the documented interface, you're on your
own.  While it may be possible to do what you ask with your
current configuration, the standard tools and standard answers
won't work.  Be aware future postfix upgrades may "break" your
non-documented configuration.

Good luck.

http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/SOHO_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
http://www.postfix.org/VIRTUAL_README.html
http://www.postfix.org/ADDRESS_CLASS_README.html


   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: How to setup postfix to put the queued emails in hold (and not in deferred)

Michele Carandente
Hi Noel,
thanks for your reply.
I know that unfortunately it's not a standard configuration of
Postfix, but it's the only one that solve all my problem...
Anyway I will not upgrade postfix for at least the next 2 years...

I'll try again to find a way to put emails in HOLD
automatically...otherwise I'll add a cronjob with the command:
'postsuper -h ALL'

Cheers
Michele
Reply | Threaded
Open this post in threaded view
|

Re: How to setup postfix to put the queued emails in hold (and not in deferred)

Victor Duchovni
On Tue, Feb 09, 2010 at 09:44:16AM +0000, Michele Carandente wrote:

> I'll try again to find a way to put emails in HOLD
> automatically...otherwise I'll add a cronjob with the command:
> 'postsuper -h ALL'

The cron job will be completely ineffective. It will miss all mail that
is delivered between command invocations. This would be a terrible design.

Postfix can put email on HOLD via access(5) checks, header/body checks
or milter "quarantine" actions. Plenty of rope.

--
        Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment.  If you are interested, please drop me a note.
Reply | Threaded
Open this post in threaded view
|

Re: How to setup postfix to put the queued emails in hold (and not in deferred)

Michele Carandente
Hi Victor,
I agree that the cron job solution is not the best one... but at the
moment it is the only one that I'm able to offer...
(Even if with a cron job every 5 seconds(for example), I'll not lose
any emails...)

As Noel Jones said before: "The documented way to tell postfix to
accept mail for a domain is to put the domain in one of
{mydestination, relay_domains, virtual_alias_domains,
virtual_mailbox_domains}.  See below for some documentation links.  I
don't see transport_maps listed there."

So, with my configuration, if you can suggest me a possible and better
solution I'll really appreciate it.

Thanks a lot
Michele
Reply | Threaded
Open this post in threaded view
|

Re: How to setup postfix to put the queued emails in hold (and not in deferred)

Victor Duchovni
On Wed, Feb 10, 2010 at 09:22:41AM +0000, Michele Carandente wrote:

> I agree that the cron job solution is not the best one... but at the
> moment it is the only one that I'm able to offer...
> (Even if with a cron job every 5 seconds(for example), I'll not lose
> any emails...)
>
> As Noel Jones said before: "The documented way to tell postfix to
> accept mail for a domain is to put the domain in one of
> {mydestination, relay_domains, virtual_alias_domains,
> virtual_mailbox_domains}.  See below for some documentation links.  I
> don't see transport_maps listed there."
>
> So, with my configuration, if you can suggest me a possible and better
> solution I'll really appreciate it.

To put an entire message on HOLD, use access(5) or header_checks(5)
or body_checks(5). To put some recipients on hold requires forwarding
of the held recipients into a downstream Postfix queue which holds
complete messages. HOLD a message action, not a recipient action.

--
        Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment.  If you are interested, please drop me a note.
Reply | Threaded
Open this post in threaded view
|

Re: How to setup postfix to put the queued emails in hold (and not in deferred)

Michele Carandente
Hi Victor.
Thanks for your reply.

My problem is that I want to put all the emails in HOLD, apart the local one.
As I said before, my installation is not exatly a standard one...
I recognize local emails with:
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
where a database say me 'virtual' if the email is local, ':' otherwise.

So I don't know how to say to postfix which email will not be HOLD...

I'm quite lost at the moment... can you put me in the right way?

Thanks
Michele