Upgrade for Postfix & Mailman

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Upgrade for Postfix & Mailman

Jeff Bernier
Hello All,

I am currently running Mailman (2.1.14) and Postfix (2.4.3) on an aging Mac OS X server (10.5.8). Mailman and Postfix on this system are Apple's implementation on their platform of course. Apple no longer supports the Xserve platform, and I am in need of replacing this system, and upgrading to newer versions of Postfix and Mailman.

We use Postfix for our on campus SMTP Gateway, and Mailman for a small number of active lists. The traffic is light.

Can anyone recommend a good replacement to this? Recommended Unix/Linux? Is a VM environment an option?

I would like to get away from the Mac solution, and set up some flavor of Unix with more current versions of Postfix and Mailman. I know this is a very broad question, but I have a blank canvas here... just looking for a direction to go in.

Any suggestions are appreciated.

Thanks


Jeff Bernier
Email & Accounts Administration
Rhode Island School of Design
20 Washington Place, Providence RI 02903
<a href="tel:401.454.6168" value="+14014546168" target="_blank">401.454.6168
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade for Postfix & Mailman

btb-2
On Jan 25, 2013, at 15.07, Jeff Bernier wrote:

> Hello All,
>
> I am currently running Mailman (2.1.14) and Postfix (2.4.3) on an aging Mac
> OS X server (10.5.8). Mailman and Postfix on this system are Apple's
> implementation on their platform of course. Apple no longer supports the
> Xserve platform, and I am in need of replacing this system, and upgrading
> to newer versions of Postfix and Mailman.

you may already know this, but do note that while the xserve and mac os x server have gone away, the underlying components themselves [apple and otherwise] have not, and are now just hidden away within "regular" mac os x.  apple sells software that you add to your standard install to provide the apple management mechanisms as were found in os x server.  of course, this means that an xserve is not needed either, since it runs just fine on any mac.

that being said, *do not* misinterpret this information as a suggestion or encouragement that you do this - it is intended only as information, for the sake of it.  quite to the contrary, if i were to offer encouragement, it would be to move away from apple products for this sort of thing, but not because the platform has changed.

> We use Postfix for our on campus SMTP Gateway, and Mailman for a small
> number of active lists. The traffic is light.
>
> Can anyone recommend a good replacement to this? Recommended Unix/Linux?

whatever os you prefer is likely perfectly fine.  i'd encourage you to use an operating system you're comfortable with rather than a particular os just for the sake of postfix.  what's more important is that you run reasonably current versions of the software - this may or may not mean using the version available in the operating system's software repositories.

> Is a VM environment an option?

in a nutshell - certainly, of course.  many people routinely run mail servers on virtual guests.  degree of utilization can always become a factor, be it a virtual guest or otherwise, but even moderately high loads can be quite efficiently accommodated by a competent admin.

-ben
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade for Postfix & Mailman

Larry Stone
On Fri, 25 Jan 2013, [hidden email] wrote:

> On Jan 25, 2013, at 15.07, Jeff Bernier wrote:
>
>> Hello All,
>>
>> I am currently running Mailman (2.1.14) and Postfix (2.4.3) on an aging Mac
>> OS X server (10.5.8). Mailman and Postfix on this system are Apple's
>> implementation on their platform of course. Apple no longer supports the
>> Xserve platform, and I am in need of replacing this system, and upgrading
>> to newer versions of Postfix and Mailman.
>
> you may already know this, but do note that while the xserve and mac os
> x server have gone away, the underlying components themselves [apple and
> otherwise] have not, and are now just hidden away within "regular" mac
> os x.  apple sells software that you add to your standard install to
> provide the apple management mechanisms as were found in os x server.
> of course, this means that an xserve is not needed either, since it runs
> just fine on any mac.
>
> that being said, *do not* misinterpret this information as a suggestion
> or encouragement that you do this - it is intended only as information,
> for the sake of it.  quite to the contrary, if i were to offer
> encouragement, it would be to move away from apple products for this
> sort of thing, but not because the platform has changed.

While I have no experience with OS X Server, I have been running a mail
server (and related software) on OS X (Client) for several years. Most
software for the "server" was installed from sources although I used the
Apple provided versions of Postfix and amavisd-new. However, I am
currently still running Lion on that machine and from what testing I've
done, do not see an easy path forward to Mountain Lion (the current OS X
version). In the upgrade to Mountain Lion, a lot of stuff was moved and
some things (like amavisd-new) removed.

One of the problems of the past was Apple's constant behind the scenes
changes which required some reconfiguration at every major upgrade. If I
do ever move forward with trying to upgrade, I most likely will go "build
from sources" for everything (ignoring Apple's provided Postfix) with
everything in /usr/local (which Apple so far does not touch) so that I am
not at the whim of their changes.

-- Larry Stone
    [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade for Postfix & Mailman

Reindl Harald-2


Am 25.01.2013 23:46, schrieb Larry Stone:
> One of the problems of the past was Apple's constant behind the scenes changes which required some reconfiguration
> at every major upgrade. If I do ever move forward with trying to upgrade, I most likely will go "build from
> sources" for everything (ignoring Apple's provided Postfix) with everything in /usr/local (which Apple so far does
> not touch) so that I am not at the whim of their changes

and that is why i said 10 years ago apple is crap on a server
nobody believed me and sweared it is the bast you can have

throw away this carp and learn how to work with a real
operating system like linx or bsd


signature.asc (271 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade for Postfix & Mailman

John Allen
In reply to this post by Jeff Bernier
On 25/01/2013 3:07 PM, Jeff Bernier wrote:
Hello All,

I am currently running Mailman (2.1.14) and Postfix (2.4.3) on an aging Mac OS X server (10.5.8). Mailman and Postfix on this system are Apple's implementation on their platform of course. Apple no longer supports the Xserve platform, and I am in need of replacing this system, and upgrading to newer versions of Postfix and Mailman.

As has been said elsewhere not really that surprising.  The flavour of the day is "the cloud"!

We use Postfix for our on campus SMTP Gateway, and Mailman for a small number of active lists. The traffic is light.

Can anyone recommend a good replacement to this? Recommended Unix/Linux? Is a VM environment an option?

I run a couple of servers for a small business co-op one Debian Wheezy and one Ubuntu (currently 12.04 LTS).
Both run mail servers( Postfix+Dovecot+Amavis-new), WEB servers (HTTP, webdav, davical) plus a few odds and ends without breaking a sweat.
The Debian machine ran Centos 5 until approx a 18 months ago.
Both machines have been running for about 4 years without any unplanned outages (Not quite true we had a power outage that lasted 4 hours and the UPSs shutdown).

I would like to get away from the Mac solution, and set up some flavor of Unix with more current versions of Postfix and Mailman. I know this is a very broad question, but I have a blank canvas here... just looking for a direction to go in.


Any suggestions are appreciated.

Go with Debian, I use Testing (wheezy) but any level would be good. Te only, very minor, problem is that Debian prefers Exim as the MTA because of the Postfix license (IBM vs GPL), but it is supported and I have not seen any plans to drop it.
Ubuntu would be a good alternative, except that they seem to be pushing their cloud solution.
Reply | Threaded
Open this post in threaded view
|

Question About Log entries

Bob Cohen
Follows are several maillog entries. I'm not clear on how to read them.

warning: restriction `reject_rbl_client' after `permit' is ignored

Does this mean, Postfix rejected an email based on the reject_rbl_client rule, which was placed in the main.cf after the permit. And, Postfix is ignoring the warning?

warning: restriction `warn_if_reject' after `permit' is ignored

Does this mean, Postfix rejected an email according to some rule in the main.cf. And, Postfix is ignoring the warning?

Thanks for the help.

-Bob

Bob Cohen
Writer, Internet Consultant, Teacher
w: bobjcohen.com
t: #itsabobworld
Reply | Threaded
Open this post in threaded view
|

Re: Question About Log entries

Reindl Harald-2


Am 26.01.2013 18:25, schrieb Bob Cohen:
> Follows are several maillog entries. I'm not clear on how to read them.
>
> warning: restriction `reject_rbl_client' after `permit' is ignored
>
> Does this mean, Postfix rejected an email based on the reject_rbl_client rule, which was placed in the main.cf after the permit. And, Postfix is ignoring the warning?
>
> warning: restriction `warn_if_reject' after `permit' is ignored
>
> Does this mean, Postfix rejected an email according to some rule in the main.cf. And, Postfix is ignoring the warning?

if you want any meaningful answer you have to poast at least
a full snippet of all lines to a specific message and output
of "postconf -n"


signature.asc (271 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Question About Log entries

Wietse Venema
In reply to this post by Bob Cohen
Bob Cohen:
> Follows are several maillog entries. I'm not clear on how to read them.
>
> warning: restriction `reject_rbl_client' after `permit' is ignored

This means that you have configured:

        something = something permit reject_rbl_client something

As documented, evaluation stops at permit. Therefore, reject_rbl_client
is ignored.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Question About Log entries

Bob Cohen
In reply to this post by Reindl Harald-2
On Jan 26, 2013, at 12:40 PM, Reindl Harald <[hidden email]> wrote:

> if you want any meaningful answer you have to poast at least
> a full snippet of all lines to a specific message and output
> of "postconf -n"

Thank you.

-Bob

log snippet 1

Jan 26 13:03:00 fortapache postfix/smtpd[29122]: connect from camomile.cloud9.net[168.100.1.3]
Jan 26 13:03:00 fortapache postfix/smtpd[29122]: warning: restriction `reject_rbl_client' after `permit' is ignored
Jan 26 13:03:00 fortapache postfix/smtpd[29122]: warning: restriction `warn_if_reject' after `permit' is ignored
Jan 26 13:03:00 fortapache postfix/smtpd[29122]: warning: restriction `warn_if_reject' after `permit' is ignored

log snippet 2

Jan 26 12:51:52 fortapache postfix/smtpd[28960]: warning: 68.168.97.243: hostname 68-168-97-243.dedicated.codero.net verification failed: Name or service not known
Jan 26 12:51:52 fortapache postfix/smtpd[28960]: connect from unknown[68.168.97.243]
Jan 26 12:51:53 fortapache postfix/smtpd[28960]: warning: restriction `reject_rbl_client' after `permit' is ignored
Jan 26 12:51:53 fortapache postfix/smtpd[28960]: warning: restriction `warn_if_reject' after `permit' is ignored
Jan 26 12:51:53 fortapache postfix/smtpd[28960]: NOQUEUE: reject: RCPT from unknown[68.168.97.243]: 450 4.1.8 <[hidden email]>: Sender address rejected: Domain not found; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<68-168-97-243.phx.dedicated.codero.com>
Jan 26 12:56:53 fortapache postfix/smtpd[28960]: timeout after RSET from unknown[68.168.97.243]
Jan 26 12:56:53 fortapache postfix/smtpd[28960]: disconnect from unknown[68.168.97.243]



postconf -n

alias_database = /etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
home_mailbox = Maildir/
html_directory = no
local_recipient_maps = $virtual_alias_maps
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = /etc/postfix/local_domains
myhostname = fortapache.bjcserver.com
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = reject_unauth_pipelining,        
check_client_access hash:/etc/postfix/access,        
check_client_access hash:/etc/postfix/poprelay,        
permit
reject_rbl_client zen.spamhaus.org,        
reject_rbl_client dnsbl.sorbs.net,
smtpd_helo_restrictions = check_helo_access pcre:/etc/postfix/tld.pcre,
permit
warn_if_reject,
check_helo_access pcre:/etc/postfix/tld.pcre
smtpd_recipient_restrictions = reject_non_fqdn_recipient,        
check_client_access hash:/etc/postfix/access,        
reject_unknown_recipient_domain,        
reject_unauth_destination,        
permit
smtpd_sender_restrictions =
reject_unknown_sender_domain,        
reject_non_fqdn_sender,
check_client_access pcre:/etc/postfix/tld.pcre,        
check_client_access hash:/etc/postfix/access,        
check_client_access hash:/etc/postfix/poprelay,
permit
warn_if_reject,
check_reverse_client_hostname_access pcre:/etc/postfix/tld.pcre

soft_bounce = no
virtual_alias_maps = hash:/etc/postfix/virtual

Bob Cohen
Writer, Internet Consultant, Teacher
w: bobjcohen.com
t: #itsabobworld

Reply | Threaded
Open this post in threaded view
|

Re: Question About Log entries

Bob Cohen
In reply to this post by Wietse Venema

On Jan 26, 2013, at 1:00 PM, Wietse Venema <[hidden email]> wrote:

> Bob Cohen:
>> Follows are several maillog entries. I'm not clear on how to read them.
>>
>> warning: restriction `reject_rbl_client' after `permit' is ignored
>
> This means that you have configured:
>
> something = something permit reject_rbl_client something
>
> As documented, evaluation stops at permit. Therefore, reject_rbl_client
> is ignored.

Thank you. Does that mean I need to put the something = something before permit? Note I just posted some log entries and postconf -n.

-Bob

Bob Cohen
Writer, Internet Consultant, Teacher
w: bobjcohen.com
t: #itsabobworld

Reply | Threaded
Open this post in threaded view
|

Re: Question About Log entries

Reindl Harald-2


Am 26.01.2013 19:13, schrieb Bob Cohen:

>
> On Jan 26, 2013, at 1:00 PM, Wietse Venema <[hidden email]> wrote:
>
>> Bob Cohen:
>>> Follows are several maillog entries. I'm not clear on how to read them.
>>>
>>> warning: restriction `reject_rbl_client' after `permit' is ignored
>>
>> This means that you have configured:
>>
>> something = something permit reject_rbl_client something
>>
>> As documented, evaluation stops at permit. Therefore, reject_rbl_client
>> is ignored.
>
> Thank you. Does that mean I need to put the something = something before permit?
logically yes

how do you imagine that anything does something after "permit" took action?


signature.asc (271 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Question About Log entries

Viktor Dukhovni
In reply to this post by Bob Cohen
On Sat, Jan 26, 2013 at 12:25:00PM -0500, Bob Cohen wrote:

> Follows are several maillog entries. I'm not clear on how to read them.
>
> warning: restriction `reject_rbl_client' after `permit' is ignored
>
> Does this mean, Postfix rejected an email based on the
> reject_rbl_client rule, which was placed in the main.cf after the
> permit. And, Postfix is ignoring the warning?

Postfix is *issuing* the warning, it takes a flight of fancy to
think Postfix is ignoring the warning. When Postfix warns you that:

        "thing Y after [thing] X is ignored"

it means what it says: Thing Y which occurs after thing X is [always]
ignored. Therefore, a configuration with thing Y after thing X is
likely the result of confusion or a careless error.

In this case confusion. Restrictions are evaluated in order, don't
modify Postfix restrictions until you understand how they work.

Perhaps this will help:

        http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

DO NOT parrot any of the specific examples in the guide, rather
read it ONLY for its explanation of how restrictions work, using
the specific examples only to help you understand the general rules.
The explanator material starts with:

        General Notes On "hostname," "helo," "client," "sender"
        and "recipient" Access Lists and Restrictions

and especially the section:

        Understanding The Order In Which SMTPD Restrictions Are Applied

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Question About Log entries

Wietse Venema
In reply to this post by Bob Cohen
Bob Cohen:

>
> On Jan 26, 2013, at 1:00 PM, Wietse Venema <[hidden email]> wrote:
>
> > Bob Cohen:
> >> Follows are several maillog entries. I'm not clear on how to read them.
> >>
> >> warning: restriction `reject_rbl_client' after `permit' is ignored
> >
> > This means that you have configured:
> >
> > something = something permit reject_rbl_client something
> >
> > As documented, evaluation stops at permit. Therefore, reject_rbl_client
> > is ignored.
>
> Thank you. Does that mean I need to put the something = something
> before permit? Note I just posted some log entries and postconf

No. It means you should read documentation instead
seeking well-known answers on the mailing list.

Start with these:
http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/SMTPD_ACCESS_README.html

and follow the hyperlinks.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Question About Log entries

Bob Cohen

On Jan 26, 2013, at 5:05 PM, Wietse Venema <[hidden email]> wrote:

> No. It means you should read documentation instead
> seeking well-known answers on the mailing list.


Thank you. Sorry if I violated list etiquette. It's hard for a ham and egger like me to know what is or isn't common knowledge.  

Bob Cohen
Writer, Internet Consultant, Teacher
w: bobjcohen.com
t: #itsabobworld

Reply | Threaded
Open this post in threaded view
|

Re: Question About Log entries

Ralf Hildebrandt-2
In reply to this post by Bob Cohen
* Bob Cohen <[hidden email]>:
> Follows are several maillog entries. I'm not clear on how to read them.
>
> warning: restriction `reject_rbl_client' after `permit' is ignored


> Does this mean, Postfix rejected an email based on the
> reject_rbl_client rule, which was placed in the main.cf after the
> permit. And, Postfix is ignoring the warning?

No. Everything after permit is ignored.

> warning: restriction `warn_if_reject' after `permit' is ignored

Again, you seem to have something like:

... stuff ...
permit
... more stuff ...

in your restrictions. "more stuff" will be ignored.

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich