Delay and Delays in Postfix

Feb 8 12:46:24 relayserver postfix/smtp[21315]: 2vJLYX0Wghz7f3t: to=, relay=91.199.74.14[91.199.74.14]:25, delay=0.09, delays=0.01/0/0.04/0.05, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 200698166A)

If we take a look at the example email from above:

The delay parameter (delay=0.09) is fairly self explanatory, it is the total amount of time this email (2vJLYX0Wghz7f3t) has been on this server.
But what is the delays parameter all about?

delays=0.01/0/0.04/0.05

NOTE: Numbers smaller than 0.01 seconds are truncated to 0, to reduce the noise level in the logfile.

You might have guessed it is a break down of the total delay, but what do each number represent?

delays=a/b/c/d:
a=time before queue manager, including message transmission;
b=time in queue manager;
c=connection setup time including DNS, HELO and TLS;
d=message transmission time.

More explanation:

a (0.01): The time before getting to the queue manager, so the time it took to be transmitted onto the mail server and into postfix.
b (0): The time in queue manager, so this email didn’t hit the queues, so it was emailed straight away.
c (0.04): The time it took to set up a connection with the destination mail relay.
d (0.05): The time it took to transmit the email to the destination mail relay.

Forward outgoing mails of particular user to another account using sender_bbc_maps in Postfix

To forward outgoing mails of particular user to another account using sender_bbc_maps in Postfix:

To main.cf add the following entry:

sender_bcc_maps = hash:/etc/postfix/sender_bcc

and then create a file in /etc/postfix called: sender_bcc and then add the following entry to sender_bcc:

user1@domain.com anotheruser@domain.com

And then type the following command:

postmap /etc/postfix/sender_bcc

and restart Postfix. Now on, emails sent from user1@domain.com will be a blind carbon copy to anotheruser@domian.com

Postfix restriction classes.

Postfix’ built-in restriction classes are processed in the following order:

smtpd_client_restrictions
smtpd_helo_restrictions
smtpd_sender_restrictions
smtpd_recipient_restrictions
smtpd_data_restrictions

regardless of the order in which they’re listed in main.cf. Restrictions (within a restriction class) are evaluated in the order in which they’re listed.
Processing within a restriction class ends on the first match.

Useful link: http://www.postfix.org/RESTRICTION_CLASS_README.html#external

Change the default Postfix queue ID to a long format.

The benefit of non-repeating names (queue ID) is simpler logfile analysis and easier queue migration. And there is nothing wrong with the default settings 😉

New queue files are created with names such as 3Pt2mN2VXxznjll. These are encoded in a 52-character alphabet that contains digits (0-9), upper-case letters (B-Z) and lower-case letters (b-z). For safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet. The name format is: 6 or more characters for the time in seconds, 4 characters for the time in microseconds, the ‘z’; the remainder is the file inode number encoded in the first 51 characters of the 52-character alphabet.

How this looks now:

Jul 12 17:34:17 bnmrelay postfix/pickup[20475]: DA41A139183: uid=0 from=
Jul 12 17:34:17 bnmrelay postfix/cleanup[21313]: DA41A139183: message-id=<20160712163417.DA41A139183@bnmrelay.domain.com>
Jul 12 17:34:17 bnmrelay postfix/qmgr[30234]: DA41A139183: from=<root@bnmrelay.domain.com>, size=463, nrcpt=1 (queue active)
Jul 12 17:34:18 bnmrelay postfix/smtp[21302]: DA41A139183: to=<testaccount@domain.com>, relay=172.16.53.233[172.16.53.233]:25, delay=0.28, delays=0.05/0/0/0.23, dsn=2.6.0, status=sent (250 2.6.0 <20160712163417.DA41A139183@bnmrelay.domain.com> [InternalId=44586055500327, Hostname=BNM01.domain.com] Queued mail for delivery)
Jul 12 17:34:18 bnmrelay postfix/qmgr[30234]: DA41A139183: removed

And after the change:

Jul 12 17:34:17 bnmrelay postfix/pickup[20475]: 3rpnHt4Sgnz21N4: uid=0 from=
Jul 12 17:34:17 bnmrelay postfix/cleanup[21313]: 3rpnHt4Sgnz21N4: message-id=<20160712163417.DA41A139183@bnmrelay.domian.com>
Jul 12 17:34:17 bnmrelay postfix/qmgr[30234]: 3rpnHt4Sgnz21N4: from=<root@bnmrelay.domain.com>, size=463, nrcpt=1 (queue active)
Jul 12 17:34:18 bnmrelay postfix/smtp[21302]: 3rpnHt4Sgnz21N4: to=<testaccount@domain.com>, relay=172.16.53.233[172.16.53.233]:25, delay=0.28, delays=0.05/0/0/0.23, dsn=2.6.0, status=sent (250 2.6.0 <20160712163417.DA41A139183@bnmrelay.domain.com> [InternalId=44586055500327, Hostname=BNM01.domain.com] Queued mail for delivery)
Jul 12 17:34:18 bnmrelay postfix/qmgr[30234]: 3rpnHt4Sgnz21N4: removed

Proxy_interface – Postfix

proxy_interfaces (default: empty)

The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit. This feature is available in Postfix 2.0 and later.
You must specify your “outside” proxy/NAT addresses when your system is a backup MX host for other domains, otherwise mail delivery loops will happen when the primary MX host is down.

Example:

proxy_interfaces = 1.2.3.4

If you miss this step, you’ll see messages like this in your log file:

Apr 8 20:10:14 hades postfix/smtp[1908]: 08CABB59: to=, relay=mail.4network.eu[46.7.161.66]:25, delay=1.4, delays=0.39/0.01/0.99/0, dsn=4.4.6, status=deferred (mail for 4network.org loops back to myself)

http://www.postfix.org/postconf.5.html#proxy_interfaces

generic – Postfix generic table format

It has been taken from man – an interface to the on-line reference manuals.

The following shows a generic mapping with an indexed file. When mail
is sent to a remote host via SMTP, this replaces his@localdomain.local
by his ISP mail address, replaces her@localdomain.local by her ISP mail
address, and replaces other local addresses by his ISP account, with an
address extension of +local (this example assumes that the ISP supports
“+” style address extensions).

/etc/postfix/main.cf:
smtp_generic_maps = hash:/etc/postfix/generic

/etc/postfix/generic:
his@localdomain.local hisaccount@hisisp.example
her@localdomain.local heraccount@herisp.example
@localdomain.local hisaccount+local@hisisp.example

Execute the command “postmap /etc/postfix/generic” whenever the table
is changed. Instead of hash, some systems use dbm database files. To
find out what tables your system supports use the command “postconf -m”.
Continue reading “generic – Postfix generic table format”

Address masquerading in Postfix.

Address masquerading refers to the idea that you can hide the names of internal hosts, and make all addresses appear as if they originated from the gateway system itself. You may have internal systems that use your Postfix server as a gateway. When mail is sent from these systems and the sender addresses include the fully qualified hostname, you may want addresses to appear with the domain name only. The masquerade_domains parameter strips hostnames down to their simpler domain names.

The parameter takes a list of domains. Any address whose fully qualified hostname matches the domain portion is stripped down to just the domain name:

root# vim /etc/postfix/main.cf

masquerade_domains = domain.com

Addresses that look like user1@srv1.domain.com and user2@srv2.domain.com are converted to user1@domain.com and user2@example.com.

You can list multiple domains and subdomains. Postfix processes addresses against masquerade domain names in the order you list them. Consider a network that includes the two subdomains, acct.example.com and hr.example.com. You want addresses from these domains to show the subdomain, but you want addresses from any other domain or host in the network to show the parent domain. Set masquerade_domains as follows:

masquerade_domains = srv.domain.com srv1.domain.com domian.com

With this setting, the address user1@hades.srv.domain.com matches srv.domain.com, so that it becomes user1@srv.domain.com.
The address user2@prod.srv1.domain.com matches srv1.domain.com, and becomes user2@srv1.domain.com. Finally, user3@srv1.domain.com matches the last value, domain.com, to become user3@domain.com.

If you want to preserve a domain name that would otherwise be stripped down, you can preface the domain with an exclamation point:

masquerade_domains = !srv2.domain.com, domain.com

In this case, the domain srv2.domain.com will not be rewritten, so the address user10@srv2.domain.com stays as it is.

You can exclude specific account names from masquerading. For example, if you want an address like root@srv10_prod.example.com to stay intact, add the account to the masquerade_exceptions parameter:

masquerade_exceptions = admin, root

And then:

root# /etc/init.d/./postfix restart

Rewriting Addresses – Postfix canonical maps.

Postfix canonical maps can be defined in 3 ways.

1. canonical_maps – rewrites the sender and recipient address
2. sender_canonical_maps – rewrites the sender address
3. recipient_canonical_maps – rewrites the recipient address

In main.cf, point the canonical_maps parameter to the canonical file and then add addresses that you would like to rewrite.
For Example:

root# vim /etc/postfix/main.cf
# Add the following to your configuration file.
canonical_maps = hash:/etc/postfix/canonical

root# vim /etc/postfix/canonical
# address that would like to rewrite new address
user1 greg
user2@domain.com greg@otherdomian.com

root# postmap canonical && postfix reload