How to setup postfix to put the queued emails in hold (and not in deferred)
Michele Carandente
I've setup postfix to queue all the outgoing emails.
Basically I've add in master.cf this line:
hold unix - - n - - smtp
And in main.cf I've wrote:
defer_transports = hold
default_transport = hold
The problem is that the queued emails will be in deferred queue, and
I've to manually put in hold queue with the command 'postsuper -h
ALL'.
There is a way to put queued email directly in hold queue?
Thanks a lot
Barney Desmond
> Hi to everybody.
> I've setup postfix to queue all the outgoing emails.
> Basically I've add in master.cf this line:
> hold unix - - n - - smtp
>
> And in main.cf I've wrote:
> defer_transports = hold
> default_transport = hold
Your "hold" service is just a duplicate of the regular smtp service.
You might as well have left default_transport alone, and set
defer_transports=smtp
> The problem is that the queued emails will be in deferred queue, and
> I've to manually put in hold queue with the command 'postsuper -h
> ALL'.
>
> There is a way to put queued email directly in hold queue?
There's more than one way to do this. Googling for "postfix hold all
mail" turns up various MailScanner guides and some archives from this
list.
While MailScanner is somewhat frowned upon here, it'll help you get
the idea: http://wiki.linuxquestions.org/wiki/Using_MailScanner/Postfix/SpamAssassin/ClamAV_in_Gentoo_Linux
grep for "hold all incoming messages"
An old list posting that uses a second instance (not necessary here):
http://irbs.net/internet/postfix/0606/1285.html
The key is "smtpd_data_restrictions = static:HOLD"
I've only done this once before, to punish a customer. I can't seem to
find that config now, so you'll need to read a bit to make some sense
of it. What you're wanting to do should be fairly clean and simple to
do.
Michele Carandente
sorry if I write again, but I've found how to queue directly in HOLD.
Basically the option is:
smtpd_sender_restrictions = static:HOLD
But in this way all the emails will be queued, even the internal one...
There is a way to queue just the emails that will be relayed externally?
Googling a bit I found that should be something like:
smtpd_sender_restrictions = permit_auth_destination static:hold
but it's not working for me...
In my configuration I'm matching the internal addresses in
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
Thanks
Michele
Wietse Venema
> Hi,
> sorry if I write again, but I've found how to queue directly in HOLD.
> Basically the option is:
> smtpd_sender_restrictions = static:HOLD
>
> But in this way all the emails will be queued, even the internal one...
> There is a way to queue just the emails that will be relayed externally?
> Googling a bit I found that should be something like:
> smtpd_sender_restrictions = permit_auth_destination static:hold
> but it's not working for me...
It works exactly as documented: permit the request when the RECIPIENT
is internal; otherwise, hold the message.
These, and other features, are painstakingly documented in, for
example, http://www.postfix.org/postconf.5.html
In particular, client features are documented unter
http://www.postfix.org/postconf.5.html#smtpd_client_restrictions
Sender features are documented under
http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions
See also: http://www.postfix.org/SMTPD_ACCESS_README.html
Wietse
Michele Carandente
I had a look at the links that you've suggested me.
If I've understand correctly, I don't have to use the
'smtpd_sender_restrictions' option, because I have to match the
receiver and, if it's in transport_maps =
proxy:mysql:/etc/postfix/mysql-virtual_transports.cf, then means that
it's internal and don't need to be in queue.
So I guess I need to use the option 'smtpd_recipient_restrictions'
At the moment it is that option: smtpd_recipient_restrictions =
permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
So now I think I've to modify it, so that I'll tell that if the
receiver is matching with an address of transport_maps (Internal
email), then nothing, otherwhise put all the emails in HOLD.
This is the theory. But pratically how the
smtpd_recipient_restrictions should look like?
Thanks
Michele
Wietse Venema
What problem are you trying to solve: hold mail only from
non-local clients? then use
smtpd_client_restrictions = permit_mynetworks static:hold
Something else? This would be a good time to describe what
you actually want, instead of what does "not work".
Wietse
Michele Carandente
first of all thaks for your reply.
The problem is exatly what you said before: hold mail only from
non-local clients.
I tried as you said with smtpd_client_restrictions = permit_mynetworks
static:hold (actually was like that: smtpd_recipient_restrictions =
permit_mynetworks static:HOLD, permit_sasl_authenticated,
reject_unauth_destination) but it''s putting everithing in HOLD.
Basically my configuration is not a real standard one.
I've this mailserver that must queue all external email and, when I
want, relay them to different domains (depending of the sender).
To say to postfix which email is internal, instead of use
virtual_mailbox_domains, that will consider all the emails part of
that domain as internal, I'm using transport_maps =
proxy:mysql:/etc/postfix/mysql-virtual_transports.cf, where is
pointing to a column of the mail_users database. That column will have
as value 'virtual', so postfix will know if the receiver is internal
or not.
I hope now my configuration is more understandble.
Thanks
Michele
Wietse Venema
> Hi Wietse,
> first of all thaks for your reply.
>
> The problem is exatly what you said before: hold mail only from
> non-local clients.
> I tried as you said with smtpd_client_restrictions = permit_mynetworks
> static:hold (actually was like that: smtpd_recipient_restrictions =
> permit_mynetworks static:HOLD, permit_sasl_authenticated,
> reject_unauth_destination) but it''s putting everithing in HOLD.
If Postfix holds ALL mail, then you have other hold actions in
the configuration. Get rid of them.
With:
smtpd_client_restrictions = permit_mynetworks static:hold
Postfix will HOLD mail from clients that do not match the mynetworks
setting.
Wietse
Noel Jones
> Hi Wietse,
> first of all thaks for your reply.
>
> The problem is exatly what you said before: hold mail only from
> non-local clients.
> I tried as you said with smtpd_client_restrictions = permit_mynetworks
> static:hold (actually was like that: smtpd_recipient_restrictions =
> permit_mynetworks static:HOLD, permit_sasl_authenticated,
> reject_unauth_destination) but it''s putting everithing in HOLD.
>
> I've this mailserver that must queue all external email and, when I
> want, relay them to different domains (depending of the sender).
> To say to postfix which email is internal, instead of use
> virtual_mailbox_domains, that will consider all the emails part of
> that domain as internal, I'm using transport_maps =
> proxy:mysql:/etc/postfix/mysql-virtual_transports.cf, where is
> pointing to a column of the mail_users database. That column will have
> as value 'virtual', so postfix will know if the receiver is internal
> or not.
The documented way to tell postfix to accept mail for a domain
is to put the domain in one of {mydestination, relay_domains,
virtual_alias_domains, virtual_mailbox_domains}. See below
for some documentation links. I don't see transport_maps
listed there.
When you don't use the documented interface, you're on your
own. While it may be possible to do what you ask with your
current configuration, the standard tools and standard answers
won't work. Be aware future postfix upgrades may "break" your
non-documented configuration.
Good luck.
http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/SOHO_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
http://www.postfix.org/VIRTUAL_README.html
http://www.postfix.org/ADDRESS_CLASS_README.html
-- Noel Jones
Michele Carandente
thanks for your reply.
I know that unfortunately it's not a standard configuration of
Postfix, but it's the only one that solve all my problem...
Anyway I will not upgrade postfix for at least the next 2 years...
I'll try again to find a way to put emails in HOLD
automatically...otherwise I'll add a cronjob with the command:
'postsuper -h ALL'
Cheers
Michele
Victor Duchovni
> I'll try again to find a way to put emails in HOLD
> automatically...otherwise I'll add a cronjob with the command:
> 'postsuper -h ALL'
The cron job will be completely ineffective. It will miss all mail that
is delivered between command invocations. This would be a terrible design.
Postfix can put email on HOLD via access(5) checks, header/body checks
or milter "quarantine" actions. Plenty of rope.
--
Viktor.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.
Michele Carandente
I agree that the cron job solution is not the best one... but at the
moment it is the only one that I'm able to offer...
(Even if with a cron job every 5 seconds(for example), I'll not lose
any emails...)
As Noel Jones said before: "The documented way to tell postfix to
accept mail for a domain is to put the domain in one of
{mydestination, relay_domains, virtual_alias_domains,
virtual_mailbox_domains}. See below for some documentation links. I
don't see transport_maps listed there."
So, with my configuration, if you can suggest me a possible and better
solution I'll really appreciate it.
Thanks a lot
Michele
Victor Duchovni
To put an entire message on HOLD, use access(5) or header_checks(5)
or body_checks(5). To put some recipients on hold requires forwarding
of the held recipients into a downstream Postfix queue which holds
complete messages. HOLD a message action, not a recipient action.