postfix IRC logs [May 17

[00:00:04] <ianm_> well, my email client says "bad cert!  fingerprint is 00:00:00:etc."  and I just want to verify that it's the right (obviously unsigned) cert
[00:00:16] <raw_> hm postfix starts fine, master is listening on port 25, but if i telnet to this port and type ehlo domain no reply appears
[00:00:25] <raw_> any idea what setting i've missed?
[00:02:02] <pickcoder> raw_: do you get a postfix banner?
[00:02:02] <raw_> nope
[00:02:04] <raw_> just a empty socket which times out after some minutes
[00:02:05] <pickcoder> can you do a reverse lookup on your IP?
[00:02:05] *** hoodow has joined #postfix
[00:02:09] <pickcoder> on the postfix box
[00:02:20] <pickcoder> er.. reverse lookup of the IP you are telnetting from
[00:02:45] <raw_> iam telneting from localhost
[00:03:25] <pickcoder> can you do reverse lookups on all the IPs ?
[00:03:30] <raw_> i have a rootserver with a external ip, and inside something like a private lan with virtual machines
[00:03:42] *** nerdygirl_ellie has joined #postfix
[00:03:48] <raw_> on one (with private ip) is these mailserver running
[00:03:57] <raw_> i forward port 25
[00:04:07] <raw_> no i have no reverse lookups at all
[00:04:24] <raw_> but telnet'ing localhost should work?
[00:05:20] <raw_> hm there may be a host-ip confusion
[00:06:05] <pickcoder> check the logs first
[00:06:08] *** ianm_ has left #postfix
[00:06:46] *** ph1zzle has quit IRC
[00:07:09] <nerdygirl_ellie> HI!  I'm using postfix 2.1.5-4.2 and store my email account information in LDAP.  Is there a way to tell postfix to reject (4xx) a message that is to an address in a virtual_mailbox_domain that is not found in LDAP?  Thanks! -ellie
[00:07:50] <nerdygirl_ellie> *cough* on CentOS *cough*
[00:08:57] <rob0> Not sure about 2.1.x, but that should be the default if your virtual_mailbox_maps are set to do the LDAP lookup.
[00:09:25] <rob0> hint ... upgrade :) Simon Mudd has nice SRPM's which should work.
[00:10:42] <raw_> nothing at the syslog :(
[00:11:47] <nerdygirl_ellie> Thanks rob0!  I think it's working for my other domains, but I have this one....
[00:11:56] <nerdygirl_ellie> There is always one, right? :)
[00:13:12] <pickcoder> raw_: I'm guessing it's a dns deal.. put disable_dns_lookups = yes in main.cf and restart postfix
[00:13:23] *** DickensCider has quit IRC
[00:13:32] <pickcoder> if that doesn't work, then you'll need to up the logging level and do more debugging
[00:13:39] *** fujin has joined #postfix
[00:15:09] <rob0> Nothing in syslog might mean a broken syslogd.
[00:15:32] <rob0> or, Postfix not running? netstat(8) is your friend.
[00:15:43] <pickcoder> if nothing == no logs at all
[00:16:09] <raw_> hm syslog seems not to work
[00:22:16] <pickcoder> that would be a problem then
[00:23:59] <raw_> okay now its working
[00:24:11] *** hax has joined #postfix
[00:24:37] *** SilenceGold has joined #postfix
[00:26:40] <raw_> increase debug level with  debug_peer_list stuff?
[00:26:47] <pickcoder> see if postfix works no
[00:26:49] <raw_> or is there a general debug option?
[00:26:50] <pickcoder> now
[00:26:57] *** pirho has quit IRC
[00:27:02] <pickcoder> I'd restart it
[00:27:09] <rob0> You should find out why it's not working with standard logging.
[00:27:18] *** pirho has joined #postfix
[00:27:21] <pickcoder> it may not be working b/c syslog wasn't working
[00:27:45] <raw_> syslog works nice now, or you are not talking to me? :)
[00:27:54] *** Kurtism has quit IRC
[00:27:57] <pickcoder> both
[00:28:04] <rob0> "postfix reload"
[00:28:20] <raw_> so how can i get more debug ?
[00:28:32] <rob0> and it said ... ?
[00:28:37] <raw_> nin-interactive )
[00:28:48] <rob0> Still nothing logged.
[00:29:12] * raw_ just reinstalled syslogd
[00:29:39] *** Kurtism has joined #postfix
[00:32:24] *** mindcooker has quit IRC
[00:32:44] <raw_> it works !
[00:33:15] <pickcoder> take the disable_dns_lookups = yes out
[00:34:09] <raw_> hm but telnet does not exit after typing quit :9
[00:34:32] <raw_> ehlo shows something, mail from: nothing
[00:34:38] *** LineOf7s has joined #postfix
[00:35:00] <pickcoder> so it still doesn't work
[00:35:07] <pickcoder> is dns lookups still disabled?
[00:35:13] <raw_> yes
[00:35:16] <pickcoder> hm
[00:35:48] <raw_> okay i dont know how to get this ip stuff right
[00:35:49] <pickcoder> do you know the RFC well enough to manually enter an e-mail?
[00:36:09] <raw_> i've done this 10 times with sendmail
[00:37:36] <raw_> i try to explain the network: the postfix server is on a virtual server in a virtual lan with a private ip called 192.168.1.250
[00:37:57] <raw_> the server has a external ip called i.e. 85.31.155.99
[00:38:20] *** Taube is now known as taube
[00:38:21] <raw_> i want the virtual mailserver to act like it is running on the real server
[00:38:27] <raw_> i have forwarded port 25 correctly
[00:38:34] <hax> would "inet_interfaces = localhost" cause mail to not be delivered from the internet?
[00:39:00] <raw_> but if i type ifconfig on the mailhost it gives 192.168.1.250 - as exprected, but this may confuse the mailserver
[00:39:21] <raw_> hax: yes i think so
[00:39:44] <hax> raw_: that'd make sense, right? but for some reason the centos default is to have it set to localhost
[00:40:26] <raw_> it makes sense - the most ceninstallers want to send mail and not recieve them. so for security reasons reciving vom the internet is disabled
[00:40:50] <hax> yeah, thats one thought i had
[00:41:07] <raw_> pickcoder: what do you think, how can i get this ip stuff correct?
[00:41:48] <pickcoder>  /etc/hosts and/or /var/spool/postfix/etc/hosts
[00:42:29] <pickcoder> are you running postfix under chroot?
[00:45:58] <raw_> hell, it is working now. my fault, forgot to set up the mysql-tables correctly. sorry for crying :(
[00:47:55] *** Ryushin has quit IRC
[00:48:09] *** Supaplex has quit IRC
[00:49:22] *** Bronsky has quit IRC
[00:50:08] <LineOf7s> Hello all.  Everything's working fine day-to-day.  I have a bunch of anti-UCE stuff in my main.cf.  I've confirmed (repeatedly) that my mailserver isn't acting like an open relay.  And yet every morning I find as-yet unsent entries in my queue (spam) being sent *out* as webserver@ or postmaster@.  from an external source.  I'm confused - isn't this relaying?  What sort of things should I be reading up on to avoid this?  I'm quite happy to learn for
[00:50:18] *** jordi_ is now known as jordi
[00:50:50] *** pirho has quit IRC
[00:50:56] *** Supaplex has joined #postfix
[00:52:19] <pickcoder> do you have any web forms that accept e-mail addresses?
[00:52:52] <LineOf7s> I didn't design the website originally, but that's entirely possible.
[00:53:15] <pickcoder> if e-mail is sent directly using that info and it's not sanitize for scripting then piggy-backing is easy to do
[00:53:21] <pickcoder> we got hit by that a few months ago
[00:53:45] <pickcoder> you'll never see it come in
[00:53:59] <pickcoder> but it goes out using generic from addresses
[00:54:04] <LineOf7s> Hrmmm... I don't think there's any link between the website and email - if there's any email stuff there, it's just for our information I think - but I'll check that out.
[00:54:27] <LineOf7s> So if I do the standard internet checks for an open relay, and they all come back negative, can I feel better about that at least?  :o)
[00:55:02] <pickcoder> I don't know. I don't use open relay checks.
[00:55:08] <LineOf7s> Fair enough.
[00:55:16] <lennard> sure you can feel better about it. just don't feel safe. :)
[00:55:29] <pickcoder> if you set your config correctly you shouldn't have anything to worry about
[00:55:40] <pickcoder> are you using virtuals?
[00:55:47] <LineOf7s> "if you set your config correctly"  <--- the $64,000 question  :o)
[00:55:56] <LineOf7s> Virtuals?  No.
[00:56:03] <pickcoder> then the main thing is mydestinations
[00:56:04] <LineOf7s> (I don't think so)
[00:56:09] *** rmayorga has quit IRC
[00:56:18] <pickcoder> and if you've used transports, make sure they aren't full of holes
[00:56:19] <LineOf7s> mydests - check
[00:56:33] <pickcoder> I.E. don't forward * anywhere
[00:56:44] <pickcoder> specific transports by domain minimum
[00:57:29] <pickcoder> !cheatsheet
[00:57:30] <knoba> pickcoder: 'cheatsheet' : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.
[00:57:48] <LineOf7s> The bit that's got me bejiggered is that I see hundred of "relay not permitted" in the logs every day, and yet sitting in the queue are messages that are from one IP address (not on mynetworks), going to a different domain to mine, and yet they're not rejected.  In fact, I think the only reason they're not sent is the receiver (now) has my blacklisted.
[00:57:54] *** war has quit IRC
[00:58:11] <LineOf7s> From the look of the URL, that cheatsheet was the basis of it all...
[00:58:26] <hax> if there are multiple domains postfix is serving up, how do i know what ssl cert to use?
[00:58:30] <LineOf7s> Yes, it's almost verbatim, as far as the anti-UCE stuff goes.
[00:59:03] *** daqqal has quit IRC
[00:59:29] <pickcoder> LineOf7s: so check the logs for that domain and see where they are coming from
[01:00:31] <pickcoder> if they aren't logged in the mail logs then they are coming from another source on your network
[01:01:01] <LineOf7s> The IPs change, seemingly at random.  There's only ever a handful from a single one, but they're all headed to the same sorta domain (two, so far), and formatted the same way.  I guess a band-aid fix would be just to block those...
[01:01:26] <pickcoder> you need to make sure there isn't a recipient hole somewhere
[01:01:40] <LineOf7s> "recipient hole"?
[01:02:21] <pickcoder> s/recipient/spam
[01:02:39] <LineOf7s> Spam hole?  Now that just sounds rude.  ;o)
[01:02:59] <LineOf7s> Okay, I'll focus on mydestinations and the recipient_restrictions then.
[01:03:08] <pickcoder> just check the mail logs for that domain
[01:03:18] <pickcoder> follow the transcript for a specific message ID
[01:03:59] <pickcoder> if it gets queued and it's coming from a remote IP then you have a security hole in your config
[01:04:50] <LineOf7s> That bit I guessed.  :o)
[01:04:58] <LineOf7s> Okay, I'll check those out for a start - thankyou.
[01:05:19] <pickcoder> good luck with the search
[01:05:31] <LineOf7s> Indeed.
[01:05:47] <pickcoder> time to go home.. bbl
[01:05:50] *** pickcoder has quit IRC
[01:07:29] *** rmayorga has joined #postfix
[01:12:17] <hax> it seems like there should be a different cert for each domain, right?
[01:12:58] <LineOf7s> Dumb question time:  In main.cf, in the likes of 'compound' commands like smtpd_recipient_restrictions (for example), do you need the commas that separate each element/check?  I've seen as many without as with...
[01:14:01] *** fholmes_laptop has quit IRC
[01:17:54] *** Mazon is now known as mazon
[01:21:00] *** magyar has joined #postfix
[01:24:04] *** Kurtism has quit IRC
[01:24:36] <nerdygirl_ellie> found my issue, and also cut my ldap load a lot.  I had virtual_alias_maps for all my user accounts, but no virtual_alias_domains, so it was defaulting to $virtual_mailbox_maps which was always returning a value.  I changed my virtual_mailbox_domains to virtual_alias domains and it works now.  yeah!!  -ellie
[01:25:27] *** Kurtism has joined #postfix
[01:26:23] *** hparker has joined #postfix
[01:28:55] *** Bronsky has joined #postfix
[01:29:39] *** Turt|e has joined #postfix
[01:30:50] <hax> i'm looking at sender_login_maps ... and are there other options besides hash:/ ? like maybe passwd or something?
[01:34:52] *** Kurt2 has joined #postfix
[01:37:00] *** cilly has quit IRC
[01:40:10] *** Mavvie has quit IRC
[01:43:20] *** Kurtism has quit IRC
[01:44:25] *** AJ_Z0 has quit IRC
[01:44:59] *** AJ_Z0 has joined #postfix
[01:48:01] <rob0> nerdygirl_ellie: Um, that's not quite a fix. $virtual_mailbox_domains and $virtual_alias_domains should be distinct groups, no overlap.
[01:48:56] *** AJ_Z0 has quit IRC
[01:49:16] *** AJ_Z0 has joined #postfix
[01:54:52] *** Turt|e has quit IRC
[02:01:48] *** LineOf7s has left #postfix
[02:11:09] *** nerdygirl_ellie has quit IRC
[02:31:29] *** technoid- has quit IRC
[02:37:06] *** rikstah has joined #postfix
[02:39:01] <rikstah> Hey, can someone please help.... I've got an existing setup with postfix/mysql/virtual tables using the postfixadmin db setup. I'm trying to migrate the setup to another box. I've pretty much done everything as per the guide....but postfix is failing to find an email address xxx at xxxx dot com in the virtual users table. I know that the mailbox addr exists in the DB and I can see that postfix is querying the mysql db by monitoring the mysql logs in debug mod
[02:39:01] <rikstah> e.
[02:39:19] <rikstah> Can someone tell me where i can start to look to see why postfix cant extract the virtual users? Thanks
[02:39:40] <rikstah> I can post logs of whatever you need
[02:56:40] <vice-versa> rikstah: is the uid and gid in the users table the same for the vmail user account, (or whatever you're using), on the new host?
[02:57:09] <rikstah> aha, damn i think they have changed!! damn why didnt i think of this!
[02:57:31] <rikstah> let me check that out. thanks so much
[02:59:09] <rikstah> urmm in my mailbox table, there is no uid field
[02:59:15] <rikstah> vice-versa
[03:00:18] <vice-versa> rikstah: what guide did you use?
[03:00:42] <rikstah> i used the high5.net one
[03:00:54] <rikstah> with the postfixadmin type tables
[03:04:29] <rikstah> vice-versa, i've bene fighting with this for about 2 hours :(
[03:06:02] *** Tachy_ has joined #postfix
[03:07:51] <vice-versa> rikstah: I've never used postfixadmin myself, just a generic postfix mysql virtual mail setup
[03:08:11] <rikstah> yeah...its funny because im using the exact setup (working) right now
[03:08:16] <rikstah> and i tried to copy the configuration across
[03:08:25] <rikstah> and I've clearly lacked a step but i can't figure out what
[03:09:44] <vice-versa> you got a url to the guide on high5 you're following?
[03:10:25] <rikstah> high5.net/howto
[03:11:00] <rikstah> authenumerate gives me:
[03:11:04] <rikstah> rick at hamnett dot org        5000    5000    /home/vmail     /home/vmail/rick at hamnett dot org/
[03:11:21] <rikstah> so everything in the db is fine. basically postfix is not picking up the virtual transport
[03:11:34] <rikstah> when it checks the incoming email address, it cant match it within the db
[03:12:31] *** raqamy has quit IRC
[03:16:29] <rikstah> vice-versa, don't suppose you'd kindly have 5 minutes to ssh in and have a look?
[03:17:49] *** Tachy has quit IRC
[03:17:54] <vice-versa> hehe, you're either very trusting or extremely desperate
[03:19:00] <vice-versa> rikstah: gemme a few minutes to look that howto over
[03:19:06] <rikstah> ok thanks
[03:19:18] <rikstah> that's designed for postfix 2.1 i think
[03:19:28] <rikstah> i am running 2.2 so theres differences in the mysql_virtual_*_.cf
[03:19:31] <rikstah> files
[03:20:10] <vice-versa> and what about mysqld?
[03:20:58] *** tengulre has joined #postfix
[03:22:02] <rikstah> that's fine
[03:22:15] <rikstah> postfix is querying mysql fine
[03:22:51] *** KhensU has quit IRC
[03:23:02] *** KhensU has joined #postfix
[03:23:28] *** tengulre has quit IRC
[03:24:26] *** amrit has joined #postfix
[03:24:44] *** amrit|wrk has quit IRC
[03:25:12] <rikstah> it's ok i've fixed it :)
[03:25:16] <rikstah> not quite sure how hehehe
[03:25:19] <rikstah> thanks for your time vice-versa
[03:25:44] *** rmayorga has quit IRC
[03:25:47] <vice-versa> lol, sure np
[03:30:00] *** raqamy has joined #postfix
[03:36:55] <rikstah> now to fix sasl for sending out messages!
[04:03:02] *** amrit is now known as amrit|afk
[04:04:02] *** bucketfan99 has joined #postfix
[04:04:17] <bucketfan99> hey. i'm trying tos etup postgrey, and it seems like a 1 line conf change + adding postgrey to my system
[04:04:28] <bucketfan99> but mail still keeps coming through without delay - even after restarting postfix
[04:04:30] <bucketfan99> any ideas ?
[04:05:14] <bucketfan99> ohh. heh. it just allows gmail by default
[04:06:01] <bucketfan99> actually no its just allowing anything in :/
[04:07:36] *** meandtheshell has quit IRC
[04:13:05] *** Motoko-chan has joined #postfix
[04:13:59] *** rmayorga has joined #postfix
[04:17:20] *** eltech has quit IRC
[04:17:50] *** eltech has joined #postfix
[04:18:31] *** rmayorga has quit IRC
[04:18:31] *** Tachy_ has quit IRC
[04:18:32] *** sc00p has quit IRC
[04:18:32] *** ikaro has quit IRC
[04:18:33] *** SID_seba has quit IRC
[04:18:33] *** master_of_master has quit IRC
[04:18:33] *** jordi has quit IRC
[04:18:33] *** Zeit|awy has quit IRC
[04:18:34] *** lkthomas has quit IRC
[04:18:34] *** doomas has quit IRC
[04:18:35] *** adf323 has quit IRC
[04:18:35] *** riz_ has quit IRC
[04:18:36] *** wazquis_ has quit IRC
[04:18:37] *** mazon has quit IRC
[04:18:38] *** ALKH has quit IRC
[04:18:38] *** hax has quit IRC
[04:18:39] *** tris has quit IRC
[04:18:39] *** nipuL has quit IRC
[04:18:39] *** MidBSD has quit IRC
[04:18:59] *** rmayorga has joined #postfix
[04:18:59] *** Tachy_ has joined #postfix
[04:18:59] *** hax has joined #postfix
[04:18:59] *** sc00p has joined #postfix
[04:19:00] *** ikaro has joined #postfix
[04:19:00] *** SID_seba has joined #postfix
[04:19:00] *** master_of_master has joined #postfix
[04:19:00] *** jordi has joined #postfix
[04:19:00] *** Zeit|awy has joined #postfix
[04:19:00] *** lkthomas has joined #postfix
[04:19:00] *** doomas has joined #postfix
[04:19:00] *** adf323 has joined #postfix
[04:19:00] *** nipuL has joined #postfix
[04:19:00] *** MidBSD has joined #postfix
[04:19:00] *** riz_ has joined #postfix
[04:19:00] *** tris has joined #postfix
[04:19:00] *** ALKH has joined #postfix
[04:19:00] *** mazon has joined #postfix
[04:19:00] *** wazquis_ has joined #postfix
[04:19:02] *** adf323 has quit IRC
[04:19:30] *** adf323 has joined #postfix
[04:20:38] *** Mez has quit IRC
[04:20:45] *** doomas_ has joined #postfix
[04:27:18] *** fujin has quit IRC
[04:32:12] *** Spec is now known as x-spec-t
[04:35:12] *** doomas has quit IRC
[04:39:11] *** bucketfan99 has quit IRC
[04:52:47] *** pickcoder has joined #postfix
[05:00:03] *** hoodow has left #postfix
[05:28:12] *** hparker has quit IRC
[05:33:32] *** rototo has joined #postfix
[05:33:47] <rototo> hi i have ostfix/qmgr[5326]: warning: connect to transport filter: No such file or directory and i can't find what's the probleme
[05:35:38] <Motoko-chan> what do you have for content_filter?
[05:36:34] <rototo> content_filter = smtp-amavis:[127.0.0.1]:10024 in main.cf
[05:38:25] *** xpoint has joined #postfix
[05:39:05] <lkthomas> something I don't understand
[05:39:26] <lkthomas> I think a lot of us use maillist or newsletter
[05:39:40] <lkthomas> but after we terminal our service
[05:40:00] <lkthomas> all the subscribed list would still be spamming the host
[05:40:06] <lkthomas> this is dumb
[05:40:26] <xpoint> why is it dumb ? :-)
[05:41:44] <lkthomas> the host still receiving spamming mail from maillist or newsletter
[05:41:51] <lkthomas> but those user does not exists already
[05:42:43] <xpoint> i bet you are unsubscribed where you subscribed, but where you subscribed share your email to 3dr parties that still do not know anything about you want to unsubscribe
[05:44:05] <xpoint> each time i subscribe anything i use a uniq email so i can track where the friends go :-)
[05:45:24] <xpoint> is the sendign ip to you listed in any rbl lists ?
[05:45:27] *** magyar has quit IRC
[05:48:51] <xpoint> the 3dr party problem is very common
[05:49:05] *** pickcoder has quit IRC
[05:53:04] *** xpoint has quit IRC
[05:53:04] *** doomas_ has quit IRC
[05:53:05] *** riz_ has quit IRC
[05:53:05] *** Tachy_ has quit IRC
[05:53:05] *** sc00p has quit IRC
[05:53:06] *** MidBSD has quit IRC
[05:53:06] *** SID_seba has quit IRC
[05:53:09] *** wazquis_ has quit IRC
[05:53:09] *** ALKH has quit IRC
[05:53:09] *** tris has quit IRC
[05:53:10] *** lkthomas has quit IRC
[05:53:10] *** hax has quit IRC
[05:53:10] *** master_of_master has quit IRC
[05:53:11] *** mazon has quit IRC
[05:53:11] *** jordi has quit IRC
[05:53:12] *** Zeit|awy has quit IRC
[05:53:12] *** nipuL has quit IRC
[05:53:12] *** ikaro has quit IRC
[05:53:13] *** rmayorga has quit IRC
[05:54:24] *** ikaro has joined #postfix
[05:54:27] *** ALKH has joined #postfix
[05:54:45] *** hax has joined #postfix
[05:55:03] *** MidBSD has joined #postfix
[05:55:07] *** Tachy has joined #postfix
[05:55:08] *** mazon has joined #postfix
[05:55:11] *** master_of_master has joined #postfix
[05:55:13] *** SID_seba has joined #postfix
[05:55:19] *** wazquis has joined #postfix
[05:55:21] *** PhilKC has joined #postfix
[05:57:27] *** rototo has left #postfix
[05:58:22] *** sc00p has joined #postfix
[05:59:25] *** hax has quit IRC
[05:59:30] *** xpoint has joined #postfix
[05:59:30] *** doomas_ has joined #postfix
[05:59:30] *** rmayorga has joined #postfix
[05:59:30] *** Tachy_ has joined #postfix
[05:59:30] *** hax has joined #postfix
[05:59:30] *** jordi has joined #postfix
[05:59:31] *** Zeit|awy has joined #postfix
[05:59:31] *** lkthomas has joined #postfix
[05:59:31] *** nipuL has joined #postfix
[05:59:31] *** riz_ has joined #postfix
[05:59:31] *** tris has joined #postfix
[05:59:31] *** wazquis_ has joined #postfix
[05:59:31] *** adf323 has quit IRC
[05:59:32] *** hax_ has joined #postfix
[05:59:36] *** Zeit|awy has quit IRC
[05:59:49] *** nipuL has quit IRC
[05:59:52] *** Zeit|awy has joined #postfix
[05:59:55] *** adf323 has joined #postfix
[05:59:58] *** hax has quit IRC
[06:00:09] *** tris has quit IRC
[06:00:37] *** xpoint has quit IRC
[06:00:50] *** xpoint has joined #postfix
[06:00:52] <lkthomas> damn
[06:00:56] <lkthomas> seems a lot of our client want to disable dnsbl
[06:00:58] <lkthomas> they seems can't lost any email at all
[06:01:35] *** wazquis_ has quit IRC
[06:02:42] *** doomas has joined #postfix
[06:03:24] *** nipuL has joined #Postfix
[06:03:38] *** jordi_ has joined #postfix
[06:05:58] <rob0> What dnsbl[s] are you using?
[06:07:22] *** rmayorga has quit IRC
[06:07:33] <f3ew> lkthomas, as longas they are paying for it
[06:07:33] *** haimingwei has joined #postfix
[06:07:40] <f3ew> and not complaining about spam
[06:08:13] *** amrit|afk is now known as amrit
[06:08:27] *** Tino is now known as Tinozaure
[06:08:37] <f3ew> http://www.cio.com/topic/1411/Infrastructuresecurity/spam/five_things_about_fighting_spam.html?CID=28830
[06:09:06] *** doomas_ has quit IRC
[06:09:28] *** Tachy_ has quit IRC
[06:09:42] *** jordi has quit IRC
[06:10:16] <f3ew> http://www.cio.com/article/print/101475
[06:10:18] <f3ew> better
[06:13:18] <lkthomas> isn't that sucking stupid
[06:13:20] *** tris has joined #postfix
[06:13:20] <lkthomas> I am using zen
[06:13:23] <lkthomas> spamhaus
[06:13:25] <lkthomas> only
[06:14:13] <rob0> And zen is having fp's? It's fine for me.
[06:15:50] <lkthomas> we also do SPF
[06:16:18] <xpoint> one word, policyd-weight
[06:16:18] <lkthomas> rob0, one of our client sender got blocked due to spf
[06:16:24] <f3ew> Zen has quite a few FPs
[06:16:29] <lkthomas> f3ew, yep
[06:16:39] <f3ew> It's just that they tend to be of virus spewing systems
[06:16:50] <f3ew> Actually, you can't call them FPs
[06:17:30] <rob0> I don't. That's not a FP, it's collateral damage, which happens to motivate admins to clean up their spew.
[06:17:40] <xpoint> rbl test should be removed from postfix becurse of fp :-=)
[06:18:01] <lkthomas> I can't imagine what will happen if I disable zen spamhaus bl
[06:18:17] <lkthomas> then our SA will be overloaded with spam
[06:18:28] <xpoint> lkthomas, spamassassin will catch it
[06:18:38] <f3ew> ick
[06:18:40] <lkthomas> xpoint, I know, but it will overload it
[06:18:43] <lkthomas> xpoint, I know, but it will overload SA
[06:19:07] <xpoint> 3.2.0 does a well job here
[06:19:25] <f3ew> xpoint, what volume do you handle?
[06:19:28] <xpoint> shortcircuit plugin
[06:19:59] <lkthomas> what is that?
[06:20:07] <lkthomas> shortcircuit ?
[06:20:12] *** haimingwei has quit IRC
[06:20:42] <xpoint> i think dspam is not better then spamassassin bayes, and so i maked bayes work in sa, now i see the benefit not to change to dspam :-=)
[06:20:56] <lkthomas> xpoint, we are on test with dspam
[06:21:51] <xpoint> lkthomas, drop dspam is my advice
[06:22:13] <lkthomas> nope
[06:22:18] <lkthomas> we are using both
[06:22:25] <lkthomas> first layer is SA
[06:22:28] <lkthomas> second layer is dspam
[06:22:38] <xpoint> why ?, users is clueless mostly, and what dspam does is basicly just bayes in spamassasssin
[06:22:52] <lkthomas> it got something more advanced than SA
[06:23:07] <lkthomas> neural network is one of the best feature
[06:23:30] <lkthomas> xpoint, this is our method to use dspam
[06:23:38] <lkthomas> before dspam activate
[06:23:47] <xpoint> now you know why users want you to disable dnsbl, thay all see its a big problem with your setup
[06:23:47] <lkthomas> we let dspam learn first
[06:24:15] <lkthomas> xpoint, don't consider you are smarter than I do
[06:24:24] <lkthomas> we put different pipe to diff domain
[06:24:32] <lkthomas> those production domain isn't goes to dspam pipe
[06:24:47] <xpoint> dspam is not usefull with spamassassin
[06:24:50] <lkthomas> dspam testing section will pass to other route
[06:24:56] *** olinux has joined #postfix
[06:25:15] <lkthomas> let dspam learn first
[06:25:30] <lkthomas> after 6month, we will start to enable those account which is well trained
[06:25:47] <xpoint> lkthomas, you can learn bayes aswll no ?
[06:25:57] <lkthomas> same time, both engine will learn
[06:26:34] <lkthomas> we also got web UI for user to train their bayesian
[06:27:01] <xpoint> shit dont think you are smartere then me :-)
[06:27:17] <xpoint> squirrelmail
[06:28:00] <xpoint> users train my pyzord and bayes
[06:28:17] <lkthomas> we got a lot more than training, dude
[06:28:38] <lkthomas> web ui shows statistics for the system
[06:28:43] <lkthomas> personal statistics
[06:28:52] <lkthomas> which virus is the most popular in our server
[06:28:58] <lkthomas> whitelist/blacklist
[06:29:06] <xpoint> 10 million flyes prefer shit, let them have it :-)
[06:29:07] <Dominian> what web ui ?
[06:29:21] <lkthomas> Dominian, spamassassin web ui
[06:29:22] * f3ew shrugs
[06:29:25] <Dominian> huh
[06:29:28] <Dominian> never heard of it
[06:29:33] <lkthomas> we develop it
[06:29:38] <lkthomas> of course you never heard of it :)
[06:29:48] <f3ew> If you can run all your inbound stuff through a content filter, you are either rich or very small
[06:29:48] <Dominian> Frankly, don't need it.
[06:30:10] <lkthomas> f3ew, huh
[06:30:22] <Dominian> I use mailwatch.. so.. no biggy there
[06:30:29] <f3ew> lkthomas content filtering == lots of hardware use
[06:30:31] <lkthomas> mailwatch, huh
[06:30:36] <lkthomas> f3ew, yep
[06:30:41] <Dominian> yah
[06:30:47] <lkthomas> f3ew, and expanding
[06:31:03] <f3ew> I have one Postfix box using zen outperforming 6 qmail boxes using greylisting and SA
[06:31:36] <lkthomas> hmm, f3ew why not move everything from qmail to postfix ?
[06:31:46] <f3ew> lkthomas, in process
[06:31:58] <f3ew> there's an entire management architecture codebase to rewrite
[06:32:41] <Dominian> f3ew: yeah since zen came along.. jack gets through anymore..
[06:32:49] <Dominian> having greylisting though is nice ;)
[06:33:01] <lkthomas> f3ew, we just did
[06:33:18] <lkthomas> f3ew, 4months ago we integrate 4 email server into one
[06:33:40] <lkthomas> f3ew, you will expect some client will be fucking around
[06:33:52] <f3ew> lkthomas, nah
[06:34:21] <lkthomas> I think from the start to the end, we got like 500call from diff client about the new email server
[06:34:35] <lkthomas> Dominian, so you use mailscanner ?
[06:34:54] <Dominian> lkthomas: yep
[06:34:55] <xpoint> Dominian, combine policyd and policyd-weight and spf this is what pypd does for me :)
[06:35:03] <Dominian> xpoint: nice
[06:35:10] <lkthomas> Dominian, interface seems attractive
[06:35:16] <Dominian> lkthomas: I like it.
[06:35:30] <Dominian> lkthomas: and I don't hae to screw with releasing attachments.. users can do that themselves
[06:35:48] <lkthomas> Dominian, yep, same as here
[06:36:05] <lkthomas> remember the crap old day, user have to call or email us to release the spam
[06:36:10] <lkthomas> which is fp
[06:36:14] <Dominian> yah
[06:36:16] <xpoint> Dominian, its stable here, nearly zero fp, and no spam :)
[06:36:25] <Dominian> sweet
[06:36:28] <lkthomas> Dominian, that's fucking anonying
[06:36:50] <lkthomas> personally don't like mailscanner
[06:37:11] <lkthomas> f3ew, remember that old qmail server ?
[06:37:16] <lkthomas> that one was using mailscanner
[06:37:17] <f3ew> no
[06:37:22] <lkthomas> and it crash after certain period of time
[06:37:28] <lkthomas> we have to restart mailscanner daemon
[06:37:36] <lkthomas> then, the email start to flow again
[06:37:43] <lkthomas> it's on and on
[06:37:48] <lkthomas> which drive me nuts
[06:37:53] <Dominian> hmm I don't have that problem.
[06:38:03] <lkthomas> Dominian, you are using recent version, of course
[06:38:12] <xpoint> mailscanner is shitty with postfix, but mailscanner users will sweer it works, so does amavisd :=)
[06:38:17] <lkthomas> consider 6-7years ago, what would that be
[06:38:26] <Dominian> xpoint: Mailscanner works just fine with postfix
[06:38:26] <lkthomas> xpoint, don't know
[06:38:28] <Dominian> :)
[06:38:46] <Dominian> xpoint: as long as you set up a HOLD queue for MailScanner to grab messages from.. nothing duplicates nor gets mangled.
[06:39:20] <lkthomas> Dominian, how hard to implement new engine to mailscanner ?
[06:39:29] <Dominian> new engine?
[06:39:39] <Dominian> Its not that hard to implement mailscanner into postfix.
[06:39:46] <Dominian> its quite easy actually
[06:40:18] <xpoint> amavisd have a patched version for dspam, just newer seen a release of it
[06:40:28] <Dominian> and I have mailscanner setup to run SA from /dev/shm... so spam scans go ten times faster now
[06:41:04] <xpoint> Dominian, this depends on you ram speed :-)
[06:41:14] <Dominian> xpoint: true
[06:41:24] <Dominian> xpoint: I may end up moving it out of tmpfs though..
[06:41:32] <Dominian> either that or drop the amount down
[06:41:39] <Dominian> I think it defaulted to like 400MB
[06:41:45] <xpoint> to much ram usage ?
[06:41:51] <Dominian> not really
[06:42:11] <Dominian> I have quite a bit of RAM in buffers/cache hehe
[06:42:16] <xpoint> my amavisd tmp dir is tmpfs
[06:42:18] <Dominian> so its not actually using it
[06:42:41] <Dominian> WEll I mounted /dev/shm as tmpfs
[06:42:47] <lkthomas> Dominian, for example, can you pipe the mail from mailscanner to somewhere else ? such as dspam, CRM114 ...etc ?
[06:42:59] <Dominian> lkthomas: Probably, I've never tried.
[06:43:25] <lkthomas> Dominian, we always test other engine than SA, so that feature have to exists
[06:43:34] <lkthomas> shm ?
[06:43:39] <lkthomas> what the hell is shm ?
[06:43:44] <lkthomas> RAM disk ?
[06:44:04] <Dominian> supposed to be
[06:44:05] <Dominian> :)
[06:44:13] <xpoint> lkthomas, is procmail not more what you need then fight mailscanner/amavisd-new with diff setups of postfix ? :-)
[06:44:34] <lkthomas> xpoint, I don't understand
[06:44:43] <lkthomas> also, we are running SQL based postfix
[06:44:48] <lkthomas> procmail can't be use
[06:44:49] <lkthomas> we are using maildrop
[06:45:03] <lkthomas> procmail using local
[06:45:06] <Dominian> plus I use clamd
[06:45:12] <lkthomas> and we don't want to pipe around with local and virtual
[06:45:16] <xpoint> postfix 2.4.1 have wirtual filter
[06:45:27] <xpoint> maps
[06:45:41] <lkthomas> I am using 2.3.8
[06:46:59] <xpoint> cvs version of openvisp have virtual filter maps support, search for openvisp if you need it :)
[06:47:29] <lkthomas> nah, I am happy with the current setup now
[06:47:31] <xpoint> this means for me goodbye to maildrop
[06:47:40] <lkthomas> maildrop is fun
[06:47:45] <lkthomas> very hard to debug
[06:47:59] <lkthomas> and you have no idea what is it doing on the back
[06:48:16] <xpoint> and this is fun
[06:48:26] <lkthomas> hell yeah
[06:48:59] <lkthomas> xpoint, we are using postfixadmin
[06:49:47] <xpoint> with xss secureity bugs
[06:50:30] <lkthomas> never heard about that
[06:50:52] <xpoint> that does not mean that its safe
[06:51:13] <lkthomas> I don't think it is matter here
[06:51:29] <lkthomas> our postfixadmin interface is only for our customer
[06:51:46] <lkthomas> We also got one more backup server which backup daily
[06:51:52] <lkthomas> I have less worry about that :)
[06:51:59] <lkthomas> for f3ew statement
[06:52:02] <lkthomas> we are the rich one :)
[06:52:33] <xpoint> me is rich too, i have a server :-)
[06:53:07] <f3ew> xpoint, not enough customers
[06:53:17] <xpoint> right
[06:53:19] <f3ew> what are your mail lods per host like?
[06:53:27] <xpoint> but the base is ready
[06:53:38] <f3ew> loads*
[06:54:14] *** olinux has quit IRC
[06:54:50] <xpoint> how to count ?
[06:55:13] *** Mez has joined #postfix
[06:56:33] <f3ew> mailgraph?
[06:57:07] <lkthomas> LOL!
[06:57:12] <lkthomas> how to count
[06:57:27] <Dominian> mailgrph is awesome
[06:57:28] <lkthomas> I think it is common sense to use mailgraph ?!
[06:57:54] <Dominian> http://slackadelic.com/cgi-bin/mailgraph.cgi
[06:58:15] <lkthomas> what the hell
[06:58:18] <lkthomas> that's not a lot
[06:58:25] <Dominian> nope
[06:58:27] <Dominian> :)
[06:58:32] <lkthomas> our mailgraph have problems
[06:58:34] <Dominian> greylisting/RBLs are nice
[06:58:37] <lkthomas> so I can't show you at all
[06:59:01] <lkthomas> sent mail takes around 1-2K per day
[06:59:06] <lkthomas> same as receive
[06:59:23] <xpoint> Dominian, mailgraph is just working 50% :-)
[06:59:25] <Dominian> I handled over 30000+ connection attempts a day
[06:59:30] <Dominian> xpoint: eh?
[06:59:42] <xpoint> Dominian, see the url
[07:00:01] <lkthomas> Dominian, we did 3K connection per hour before
[07:00:12] <lkthomas> which attempt to spam our server
[07:00:15] <Dominian> xpoint: Ok.. I'm lookin' at it.. what you talking about?
[07:00:23] <lkthomas> not per hour
[07:00:26] <lkthomas> hmm
[07:00:29] <xpoint> graphic is missing
[07:00:40] <lkthomas> we kicks 150K spam out per day
[07:00:56] <xpoint> lkthomas, now i know a spammer :-)
[07:01:01] <Dominian> xpoint: I see that now..
[07:01:05] <Dominian> xpoint: thanks for pointing that out
[07:02:15] <Dominian> xpoint: haha fixed
[07:02:18] <Dominian> xpoint: thanks for pointing that out
[07:02:51] <xpoint> http://home.junc.org/cgi-bin/mailgraph.cgi should work first time :-)
[07:03:08] <f3ew> http://67.15.238.68/mailgraph/
[07:03:19] <Dominian> very nice
[07:03:33] <f3ew> that's one box
[07:03:38] <xpoint> this is just my own home server, my company does not use mailgraph haha :-)
[07:03:41] <Dominian> f3ew: that's insane
[07:03:46] <f3ew> no
[07:03:54] <lkthomas> f3ew, what the fuck
[07:03:57] <f3ew> My previous employer did a bit more
[07:04:02] <Dominian> heh
[07:04:23] <Dominian> as you can see...
[07:04:26] <Dominian> my box rejects a shit load of messages
[07:04:40] <lkthomas> JEZZ!
[07:04:41] <f3ew> yeah
[07:04:46] <lkthomas> 70message per min
[07:04:47] <f3ew> a 100:1 ration, almost
[07:04:53] <Dominian> yep
[07:05:01] <Dominian> mainly botnets
[07:05:04] <f3ew> which works for the volume of mail you have
[07:05:05] <Dominian> for ONE email domain I host.
[07:05:09] <Dominian> f3ew: yep
[07:05:12] <f3ew> which domain?
[07:05:21] <Dominian> I manage quite a few domains on that box..
[07:05:29] <Dominian> but this one damn domain gets spammed.. day in and day out
[07:05:30] <f3ew> ah
[07:05:37] <Dominian> let me show you something..
[07:05:40] <f3ew> make it a spamtrap
[07:05:46] <Dominian> right now...
[07:05:53] * f3ew gets a lot more legit mail
[07:05:54] <Dominian> 1173 entries in my greylist connect table
[07:05:59] <Dominian> all of which are for that one domain.
[07:06:33] <lkthomas> Dominian, our client complain about slow email flow when we apply greylist
[07:06:36] <lkthomas> so I disable it
[07:06:51] <Dominian> lkthomas: well,,, that's the bitch of it
[07:06:56] <Dominian> YOu have to implement it and let it "learn"
[07:06:58] <lkthomas> yeah
[07:07:03] <lkthomas> "learn" ?
[07:07:03] <xpoint> f3ew, this server where mailgraph is on, forwards mails ?
[07:07:08] <f3ew> yes
[07:07:09] <Dominian> I was fortunate enough that I implemented it right away
[07:07:26] <f3ew> lkthomas, ips get whitelisted later
[07:07:32] <Dominian> yep
[07:07:33] <lkthomas> hmm
[07:07:38] <lkthomas> what daemon are you using Dominian
[07:07:41] <Dominian> Server goes "hey.. don't know you.. come back in five minutes"
[07:07:50] <Dominian> sqlgrey
[07:07:59] <Dominian> VERY easy to setup and implement
[07:08:05] <lkthomas> hmm, I see
[07:08:07] <Dominian> and I use the sqlgrey web interface to help manage it
[07:08:08] <lkthomas> sqlgrey
[07:08:11] <f3ew> http://nixcartel.org/~devdas/minute.png
[07:08:17] <f3ew> that was the previous employer
[07:08:39] <Dominian> that is insane
[07:08:42] <lkthomas> Dominian, is it include the web UI or what
[07:08:49] <Dominian> lkthomas: its seperate
[07:08:55] <f3ew> yes :P
[07:08:58] <Dominian> http://sqlgrey.sourceforge.net/
[07:09:18] <lkthomas> Dominian, and where is the webui ?
[07:09:20] <Dominian> http://www.vanheusden.com/sgwi/
[07:09:23] <Dominian> ;)
[07:09:26] <lkthomas> thx
[07:09:29] <lkthomas> let me take a look
[07:09:32] <lkthomas> I was using postgrey
[07:09:36] <lkthomas> it seems not good enought tho
[07:10:19] <Dominian> sqlgrey was based on sqlgrey iirc
[07:10:21] <Dominian> er..
[07:10:22] <Dominian> postgrey
[07:10:30] <lkthomas> hmm
[07:11:13] <xpoint> Dominian, postgresql nice
[07:11:43] <lkthomas> does sqlite run faster ?
[07:11:46] <xpoint> Dominian, i am migrateing away from mysql here step by step
[07:12:01] <lkthomas> mysql is the faster one
[07:12:25] <xpoint> might be mysql 5.2.x then
[07:12:33] <lkthomas> why
[07:12:41] <Dominian> I like mysql
[07:12:44] <Dominian> works well.. and I know it
[07:12:49] <lkthomas> msql is the best
[07:12:51] <lkthomas> yeah
[07:13:24] <lkthomas> opppss
[07:13:27] <xpoint> Dominian, mysql is plain bad for me, postgresql rooks here
[07:13:30] <lkthomas> debian etch does not have sqlgrey
[07:13:43] <lkthomas> postgresql is a pain for me
[07:13:54] <xpoint> :-)
[07:17:00] <xpoint> lkthomas, msgl is microsoft sql btw
[07:17:16] <lkthomas> ahha, ok
[07:20:21] <xpoint> Dominian, mysql is last resort for me, i have mysql 4.1.x currently and i have choiced to go postgresql then change / upgade to mysql 5.x.x
[07:21:01] <Dominian> ahh
[07:21:42] <xpoint> i still need to recompile all on gentoo :-)
[07:22:43] <xpoint> but postgresql make a backup for me at the same time, i still have mysql database for the old data, just in case :-)
[07:23:52] <rob0> Oh BTW guys, our whole company found out we were getting fired today. And just as soon, looks like we have a new gig lined up. :)
[07:24:07] <f3ew> heh
[07:24:22] <rikstah> steal the customer db ;)
[07:24:45] <xpoint> rikstah, no
[07:24:58] <rikstah> ?
[07:25:13] <xpoint> it will not pay back
[07:25:30] *** prebur has quit IRC
[07:25:36] <rikstah> it will it you poach them  hah
[07:26:11] <xpoint> give them a redhat cdrom might do it, but no
[07:27:39] <rikstah> xpoint, btw on the gentoo subject, i have completely given up trying to maintain that beast
[07:27:52] <rikstah> I just spent the past 24 hours moving completely away
[07:27:56] <rikstah> and it feels goooood ;)
[07:28:01] <vice-versa> rob0: so jobs are safe for now?
[07:28:10] <rikstah> no more revdep-rebuild for me
[07:28:17] <lkthomas> Dominian, do you need to run update sqlgrey config ?
[07:28:37] <xpoint> rikstah, why is that a problem ?
[07:29:04] <rikstah> xpoint, just sick of upgrading something, to find it broke about 20 other things that depended on it etc
[07:29:10] <rob0> vice-versa: I could easily afford to take time off, but sure, looks like there are lots of opportunities in this particular field.
[07:29:29] <xpoint> rikstah, did you make a bug on it ?
[07:29:45] <rikstah> xpoint, many times ,but sometimes it's not a bug....its just shit happens
[07:29:59] <xpoint> rikstah, portage have 533 known bugs but still portage works for most of us :-)))
[07:30:03] <rikstah> i cant handle that much breakage in production
[07:30:36] *** GMFlash has quit IRC
[07:30:39] *** GMFlash has joined #postfix
[07:30:52] <xpoint> rikstah, true, will you get back if when gentoo enterprize is here ?
[07:31:17] <rikstah> i'd maybe try again if there was a server branch of portage
[07:31:29] <rikstah> which was more heavily tested and reliable
[07:31:37] <xpoint> profile server is there
[07:31:38] <rikstah> ive been asking for that for 3 years
[07:31:42] <rikstah> oh, i didnt know
[07:31:47] <rikstah> since when
[07:32:08] <xpoint> since early 2006
[07:32:22] <rikstah> haha :)
[07:32:25] <rikstah> i never looked
[07:32:42] <rikstah> i still perfer ubuntu 6.06LTS now
[07:32:45] <xpoint> just becurse none told you to
[07:32:46] <rikstah> just less hassle and less wait
[07:32:59] <xpoint> ubuntu server ?
[07:33:03] <rikstah> yeah
[07:33:06] <xpoint> lol
[07:33:18] <rikstah> i have that on my xen cluster
[07:33:58] <xpoint> i will keep away from ubuntu for servers
[07:34:22] <xpoint> but ubuntu is ok for desktops
[07:34:37] <xpoint> but servers, no go
[07:35:17] <Kalavera> xpoint, gentoo rulez!
[07:35:22] <Kalavera> XD
[07:35:45] *** Mez has quit IRC
[07:35:51] <xpoint> Kalavera, enabled server profile aswell ? :-)
[07:36:39] <Kalavera> i use 2006.1 i need to upgrade to 2007 and i don't use server profile
[07:37:13] <xpoint> 2007.1 is there now, but 2007 is now stable
[07:37:43] <rikstah> did u ever upgrade mysql from 4 to 5 on gentoo
[07:37:46] <xpoint> Kalavera, with arch are you running ?
[07:37:54] <rikstah> it broke just about everything imaginable dependency wise
[07:38:24] <Kalavera> one machine runs amd 64
[07:38:25] <xpoint> rikstah, this is not gentoo's fault
[07:38:32] <Kalavera> the others runs x86
[07:38:47] <rikstah> xpoint, but it wont happen in ubuntu...
[07:39:06] <rikstah> right?
[07:39:19] <rikstah> (I'm no expert)
[07:39:22] <xpoint> rikstah, when mysql change major versions all programs that use mysql would need recompiling even on ubuntu
[07:39:47] <Kalavera> rikstah, i use mysql 5 on gentoo , well of them
[07:39:58] <Kalavera> well one of the
[07:39:59] <Kalavera> them
[07:40:02] <rikstah> Kalavera, so do it, it was just a pain in the ass :)
[07:40:07] <rikstah> so do i*
[07:40:28] <Kalavera> at first time maybe but you need to unmask some packets
[07:40:42] <Kalavera> and read some instuctions
[07:40:45] <rikstah> naw not because of that
[07:40:48] <rikstah> because of broken reverse deps
[07:41:04] <rikstah> eg postfix died, php died....etc etc
[07:41:07] <Kalavera> i don't have uch problems
[07:41:15] <rikstah> Kalavera, you didnt go from mysql 4 to 5
[07:41:18] <rikstah> that's why
[07:41:24] <rikstah> anyway it's off topic
[07:41:29] <xpoint> rikstah, your sure you will newer die ? :-)
[07:41:37] <rikstah> hehe :)
[07:41:41] <rikstah> im just whining
[07:42:11] <xpoint> glsa-check -t all
[07:42:21] <xpoint> is what i do daily
[07:43:14] <xpoint> and after the email is come from cron i wait a week, and then make glsa-check -f all :)))
[07:43:42] <xpoint> but only if no bugs are shown up
[07:44:09] <rikstah> ya
[07:44:35] <rikstah> i got bitten from the cacti vuln a while ago
[07:46:10] <xpoint> Kalavera, postfix mysql is hurrible, why does postfix need to lookup tld in mysql tables ?, silly imho
[07:47:20] <xpoint> even with proxymap enabled i see alot of unneeded querries
[07:47:31] <xpoint> in mysql logs
[07:47:31] <Kalavera> xpoint, i have one big server with postfix and mysql over gentoo and no problems
[07:48:11] <xpoint> i see no problemm, but imho its a performance problem
[07:49:16] <xpoint> i belive problem will go away when mysql data is dumped into a hash table :-)
[07:52:17] <xpoint> as long as postmap -q foo hash:/etc/postfix/hash_foo returns same as postmap -q foo mysql:/etc/postfix/mysql_foo then i am happy
[07:53:08] <rikstah> xpoint, i guess for managbility when in volume, the ability to dynamically update aliases.....etc
[07:53:23] <rikstah> ability to give the normal user the control of domains
[07:53:47] <rikstah> many pro's
[07:54:12] <rikstah> i was running postfix/mysql on gentoo for 3 years not a single prob
[07:54:31] <xpoint> overkill :-)
[07:54:42] <rikstah> not really. depends on your needs
[07:54:59] <xpoint> 20 users with mysql, hmm :-)
[07:55:22] <rikstah> some of the 20 users might not know how to ssh in and modify a hash ;)
[07:55:35] <xpoint> i will say mysql is needed when we talk more then 1000 users
[07:55:58] <rikstah> no, that's naive
[07:56:01] <xpoint> even with 1000 users hash tables could be fine
[07:56:30] <xpoint> that just assume we have static user base
[07:56:31] <rikstah> xpoint, it's not just about volume .. it's about flexibility and the ability to be dynamic
[07:56:39] <rikstah> hash has to be rehashed
[07:59:55] <xpoint> no problem with rehashing, if user base is stable
[08:01:29] <xpoint> i bet mysql will not make it faster then hash :-)
[08:01:59] *** mazon is now known as Mazon
[08:02:02] <xpoint> atleast not with current codebase in postfix
[08:02:54] <xpoint> well back on reading The Bock of Postfix
[08:03:40] *** Kalavera has quit IRC
[08:07:01] *** amrit is now known as amrit|zzz
[08:14:23] *** Mez has joined #postfix
[08:22:42] *** prebur has joined #postfix
[08:36:35] *** Motoko-chan has quit IRC
[08:40:29] <lkthomas> I just apply sqlgrey to our mail server
[08:49:13] *** prebur has quit IRC
[08:52:13] *** raqamy has quit IRC
[08:53:20] *** RockHound has quit IRC
[09:04:54] *** prebur has joined #postfix
[09:24:46] *** [miles] has joined #postfix
[09:33:41] *** frennkie has joined #postfix
[09:36:01] *** af_ has joined #postfix
[09:43:56] *** stellina has quit IRC
[09:43:59] *** stellina_ has joined #postfix
[09:45:44] *** j416 has joined #postfix
[09:47:45] *** the_reuper has joined #postfix
[09:48:00] *** the_reuper has left #postfix
[09:51:10] *** j416 has quit IRC
[09:53:19] *** j416 has joined #postfix
[09:59:08] <lkthomas> LOL, anyone still alive ?
[10:01:53] *** war has joined #postfix
[10:02:01] <f3ew> no
[10:02:08] <lkthomas> f3ew,
[10:02:15] <lkthomas> I got my mailgraph back
[10:02:18] <lkthomas> http://goofy.powernethk.com/cgi-bin/mailgraph.cgi
[10:02:19] <f3ew> Z    ... f3ew
[10:03:31] <f3ew> not a bad score for rejections
[10:03:36] <lkthomas> yeah
[10:03:43] <lkthomas> you see the spam rate is very low
[10:03:53] <lkthomas> because spam is hardly pass the layer one blacklist :)
[10:04:00] <f3ew> yup
[10:05:31] * sysmonk doesn't have mailgraph
[10:05:44] <sysmonk> i don't have web servers on mail servers
[10:06:57] <f3ew> you don't need those
[10:07:05] <f3ew> remote logging++
[10:07:29] <lkthomas> yep
[10:07:34] <lkthomas> I am using remote logging as well
[10:07:46] <lkthomas> the mailgraph is actually getting from two server :)
[10:11:39] <lkthomas> f3ew, did you try mailscanner ?
[10:11:43] <sysmonk> f3ew: i do remote logging
[10:12:00] <sysmonk> but, again, mailgraph doesn't support multiple servers :)
[10:12:12] <sysmonk> and running multiple mailgraph daemons sucks too :)
[10:12:17] <lkthomas> nono
[10:12:26] <lkthomas> you integrate all server into one log
[10:12:33] <lkthomas> then run one mailgraph
[10:12:39] <sysmonk> lkthomas: yes, but i'd like to see servers in different graphs
[10:12:53] <lkthomas> sysmonk, hack the damn mailgraph on your own then :)
[10:13:00] <sysmonk> lkthomas: thought about it
[10:13:04] <lkthomas> LOL
[10:13:25] <sysmonk> i'll try to do that when i'll get more time
[10:13:34] <sysmonk> now i'm reorganizing my mail servers
[10:14:57] *** smesjz has joined #postfix
[10:17:15] * sysmonk waits for the pflogsumm to finish parsing maillog on one of the servers
[10:18:33] <smesjz> moin
[10:19:51] <sysmonk> http://www.pastebin.ca/492545
[10:20:02] <sysmonk> only 38% rejected, and this is WITHOUT greylisting
[10:20:17] <sysmonk> i'd like to implement greylisting, but ... my company doesn't want to
[10:21:45] <smesjz> I wonder if that's a good solution. I'd like to use reject_unknown_hostname , but that might stop legitimate mailservers....
[10:22:17] *** j416 has quit IRC
[10:26:16] <f3ew> sysmonk are you using zen?
[10:26:41] *** UQlev has joined #postfix
[10:28:12] *** j416 has joined #postfix
[10:28:58] <sysmonk> f3ew: nope
[10:29:38] <f3ew> try it and see
[10:29:42] <f3ew> even with reject_warning
[10:29:53] <f3ew> errr, warn_if_reject
[10:31:05] *** Kurt2 has quit IRC
[10:31:41] <sysmonk> f3ew: nah, i don't like zen :)
[10:31:48] <sysmonk> i'm using good-old cbl.abuseat.org
[10:32:04] *** j416_ has joined #postfix
[10:32:06] <sysmonk> + i kinda have a lot of mails going in/out, so i have a mirror of cbl.abuseat.org
[10:32:19] <sysmonk> this saves me a lot of traffic
[10:32:28] *** Kurtism has joined #postfix
[10:33:03] *** j416 has quit IRC
[10:33:18] *** j416_ has quit IRC
[10:33:33] *** j416 has joined #postfix
[10:46:09] <smesjz> hmm, I get backscatter from mail-abuse.org...how ironic
[10:57:22] *** debuggerboy has joined #postfix
[11:00:11] *** debuggerboy has quit IRC
[11:04:39] *** taube is now known as Taube
[11:09:13] *** bishillo has joined #postfix
[11:10:15] <bishillo> Anyone has tried the sieved python implementario of neale?
[11:10:18] *** evangelion has joined #postfix
[11:10:34] <bishillo> s/implementario/implementation/
[11:11:22] <evangelion> hello
[11:12:00] <evangelion> i'm working on a dovecot + postfix setup
[11:13:10] <evangelion> and dovecot-bounced mails cause this error: postfix/sendmail[12979]: fatal: no debugger_command variable set up
[11:13:19] *** ALVAN has joined #postfix
[11:13:24] <evangelion> even if debug is off!
[11:13:56] <ALVAN> what permissions postfix needs to read the saslauthd socket
[11:14:00] <ALVAN> i got error warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
[11:14:21] <ALVAN> ls -l  /var/run/saslauthd is all owned by root
[11:16:00] <evangelion> ALVAN: check your socket permissions, should be same of postfix (IIRC)
[11:16:46] *** Lap_64 has joined #postfix
[11:17:17] <bishillo> ALVAN: usually you connect to a socket, so the postfix user should have rights to read that socket
[11:17:27] *** Zeit|awy has quit IRC
[11:17:48] <ALVAN> bishillo, yes but saslauthd is run by root postfix is runn by user postfix
[11:18:45] <ALVAN> how can i tell if postfix is looking for saslauthd socket at /var/run/saslauthd
[11:18:46] <bishillo> saslauthd is run by root, makes a socket through wich postfix checks auth
[11:18:56] <smesjz> Signum? are you there?
[11:20:10] <bishillo> I use: smtpd_sasl_type = dovecot
[11:20:10] <bishillo> smtpd_sasl_path = private/auth
[11:20:36] <bishillo> So that's the socket, and dovecot is configured to create that socket with "postfix" as user
[11:20:53] <bishillo> you should do something similar with sasld
[11:21:10] <ALVAN> bishillo, for this i msut reconfigure dovecot and i dont want to
[11:21:37] <bishillo> just to the same thing for saslauthd
[11:21:43] <bishillo> should be quite similar
[11:22:46] <ALVAN> ok so then it should be smtpd_sasl_path = /var/run saslauthd  and  smtpd_sasl_type = saslauthd
[11:23:46] <bishillo> Now check the permisions of the socket specified at smtpd_sasl_path
[11:24:22] <bishillo> it they are not right, you must configure saslauthd to create it with the proper permissions
[11:24:29] *** af_ has quit IRC
[11:24:54] <ALVAN> bishillo, all is owned by root
[11:25:08] <ALVAN> mux.accept is 600
[11:25:25] <ALVAN> and mux= is 777
[11:25:28] <Signum> smesjz: more or less... painting a room here
[11:26:16] <ALVAN> bishillo, the same error
[11:26:54] <bishillo> smtpd_sasl_path should be the path to the socket... it is?
[11:26:56] *** Kurtism has quit IRC
[11:27:07] <bishillo> the socket must be readable by postfix. it is?
[11:27:22] <ALVAN> the /var/run/saslauthd is 755
[11:27:50] <ALVAN> so everything there can be read by postfix
[11:28:22] *** Kurtism has joined #postfix
[11:28:22] <bishillo> /var/run/saslauthd is a socket?
[11:28:41] <smesjz> Signum: do you mind if I'll try to edit your en.rest a bit. I made a full conversion from Courier->Dovecot and so I can write something about a smooth migration and caveats
[11:29:21] <ALVAN> is the socket dir  .....the socket file is  is chmod 600 adn owned by root  ..hm guess that makes it not readble by postfix
[11:29:26] <bishillo> BTW: Anyone has tried the sieve python implementation of neale?
[11:29:45] <bishillo> ALVAN: sure
[11:36:15] *** Zeit|awy has joined #postfix
[11:36:22] *** rootsvr has joined #postfix
[11:38:00] <evangelion> "debugger_command = /bin/true" fix my issue!
[11:38:46] <Signum> smesjz: sure, I appreciate it.
[11:39:38] <Signum> smesjz: did you see that I the database schema so far is using a normalized approach? (id-fields with foreign keys and cascaded deletes)
[11:40:36] <Signum> smesjz: I edited a lot yesterday. So you may want to check out the newest version
[11:41:09] <smesjz> I pulled the new one 10 minutes ago.
[11:41:26] <smesjz> but the problem is also this ->
[11:41:27] <smesjz> Replaces: imap-server
[11:41:27] <smesjz> Provides: imap-server
[11:41:44] <smesjz> so you can't install the two packages (courier and dovecot) next to eachother
[11:41:57] <Signum> smesjz: vmware :)
[11:42:00] <f3ew> Signum, so you are finally achieving a civilised approach?
[11:42:21] <Signum> f3ew: besides that I don't force people to use pgsql, yet.
[11:42:25] <f3ew> next version with stored proc API goodness?
[11:42:31] <Signum> f3ew: (I plan to add a chapter for that though)
[11:42:42] <f3ew> hehe
[11:42:42] <smesjz> Signum: nah, I built dovecot from source (so I could add SHA256 passwords) but the Replaces: stuff makes testing the Dovecot install impossible
[11:42:54] <Signum> f3ew: nah, stored procs are a bit too weird. but I'll try "views" for the mappings
[11:43:08] <smesjz> so current users of the tutorial can't simply migrate to Dovecot
[11:43:29] <f3ew> smesjz, so uninstall courier and install dovecot
[11:43:34] <Signum> f3ew: I was always sceptical of storing the mappings 1:1 as in text files. that's not using the benefit of databases.
[11:43:48] <Signum> smesjz: not without downtime.
[11:44:10] <f3ew> Signum, I thought your tutorial used ImSOL?
[11:44:15] <Signum> smesjz: debian has always had such defined conflicts. install sendmail and postfix gets removed.
[11:44:18] <smesjz> nah, I mean..you can't test with Dovecot running on 10143 & 10110 for example
[11:44:44] <Signum> f3ew: imsql?
[11:44:56] <Signum> smesjz: true
[11:45:00] <f3ew> ImSOL == MySQL
[11:45:06] <Signum> f3ew: oh, sure.
[11:45:24] <f3ew> lack of foreign keys in a good schema == bad
[11:45:49] <Signum> f3ew: 5.0 doesn't look too bad either. innodb looks mature. foreign keys work. views are there. just some weirdness about auto_increment (as opposed to SERIAL) and some less SQL92-stylish queries
[11:45:56] <smesjz> or test the new delivery agent (deliver). I had maildrop and deliver coexist and tested before I made the final switch to Dovecot. Yet you can't do the same in Debian
[11:46:17] <lkthomas> smesjz, you use maildrop ?
[11:46:28] <smesjz> lkthomas: I used it for about 2.5 years
[11:46:29] <Signum> f3ew: it's indeed ridiculous that mysql's default table format "myisam" doesn't obey foreign keys.
[11:46:31] <f3ew> Signum, I'll believe in it when they actually reach stability
[11:46:32] <smesjz> until a week ago :)
[11:46:38] <lkthomas> smesjz, any idea how to debug it ?
[11:46:43] <f3ew> and when I need to stop worrying about table types
[11:46:45] <Signum> f3ew: postgresql had their problems, too. neither one is really perfect.
[11:47:03] <f3ew> I use a RDBMS for ACID compliance, not some half assed stuff
[11:47:13] <smesjz> lkthomas: maildrop <= 1.8 are a bitch to debug...strace is your friend. If maildrop is using courier-authlib..then it's much more easier
[11:47:13] <f3ew> SQLite >> MySQL
[11:47:16] <Signum> f3ew: IMHO you need to understand the pros and cons of the databases anyway. so no big deal
[11:47:26] <smesjz> however, maildrop has a verbosity level -V 9 for example
[11:48:09] <Signum> f3ew: pgsql had a lot of trouble with broken auto-vacuuming for years. I had a database table with lots of insertions and removals. although the net size was just 20 MB the database grew to 5 GB.
[11:48:18] <smesjz> Signum: but is there a way (using apt) to ignore the Replace:/Provides: properties of a package in Debian?
[11:48:39] <Signum> smesjz: not with aptitude. you can use several --force-* options with dpkg though.
[11:48:46] <Signum> smesjz: I'm not that's such a good idea though.
[11:48:59] <Signum> smesjz: for testing you may debootstrap an etch installation and run it in there.
[11:49:07] <lkthomas> smesjz, how could I know if maildrop is using courier-authlib ?
[11:49:21] <smesjz> lkthomas: maildrop -v shows it.
[11:49:28] <smesjz> or ldd maildrop
[11:49:38] <lkthomas> it does
[11:49:42] <smesjz> it should say: 'Courier Authentication Library extension enabled.'
[11:50:21] <lkthomas> yep
[11:50:22] <smesjz> otherwise you might use: strace -o dump /usr/bin/maildrop -d joe at user dot org < /tmp/some-spam-or-mail.txt
[11:50:33] <lkthomas> damn
[11:50:34] <lkthomas> I hate that
[11:50:41] <smesjz> and then do a cat dump or so
[11:50:42] <lkthomas> smesjz, what if I write a script ?
[11:50:52] <lkthomas> maildroprc
[11:50:59] *** ikaro^ has joined #postfix
[11:51:08] <smesjz> oh, the errors should show up in /var/log/mail.log I assume
[11:51:23] <smesjz> syntax errors can't be debugged using strace of course
[11:51:34] <lkthomas> do I need to use -V ? it just shows which line error, nothing else
[11:51:47] <smesjz> nah, -V doesn't help you on that
[11:51:48] <lennard> I think -V take a numerical argument
[11:51:50] <smesjz> what's the line?
[11:52:10] <smesjz> lennard: it does.
[11:52:21] *** yess has left #postfix
[11:52:25] <smesjz> lennard: but it doesn't give more information on syntax errors
[11:52:26] <lkthomas> smesjz, I forget the last error
[11:52:38] <lkthomas> smesjz, it just shows which line of the error is
[11:52:41] <lkthomas> but nothing else
[11:52:46] <lennard> that I wouldnt know, my last syntax error was a loooong time ago :)
[11:52:59] <smesjz> ok, so open /etc/maildroprc and look at the line
[11:53:13] <smesjz> in maildrop, this wouldn't work: if (/condition/) {
[11:53:23] <smesjz> the { needs to be on a new line
[11:53:46] <smesjz> lennard: same here..i've been using the same maildroprc since 1.5.3 or so
[11:53:54] <smesjz> I had to modify it a bit for 2.0 compliance
[11:54:09] <lennard> I think mine is empty :)
[11:54:18] <lennard> but my .mailfilter hasnt changed much either
[11:54:47] <smesjz> I switched to Dovecot/Sieve now. Just because Courier was too stable, so I got bored with it ;)
[11:54:55] <lennard> heh
[11:55:09] <lennard> I don't really mind stable ;)
[11:57:11] <lkthomas> smesjz, what the hell
[11:57:45] <lkthomas> smesjz, any existing maildrop script dump on net ?
[11:58:00] <lkthomas> hehe, too stable
[11:59:19] <smesjz> lkthomas: and I read & tried Dovecot. I like it a lot.
[11:59:28] <smesjz> lkthomas: sure, lemme look
[11:59:45] *** j416 has quit IRC
[12:00:14] <lkthomas> smesjz, :)
[12:03:28] *** ikaro has quit IRC
[12:03:36] *** ikaro^ is now known as ikaro
[12:25:16] *** Kurtism has quit IRC
[12:26:01] *** UQlev has quit IRC
[12:26:29] *** Kurtism has joined #postfix
[12:34:16] <bishillo> smesjz: do you use any sieve script generator, or just hand edited scripts?
[12:35:08] <bishillo> Im trying smartsieve + the sieved python implementation of neale
[12:35:17] <bishillo> But I dodn't get it working...
[12:37:23] <smesjz> oh, I have one global script and 1 Sieve script for a user. My users can't install scripts
[12:38:24] *** cpm has joined #postfix
[12:39:19] <bishillo> smesjz: you can use a global script?
[12:39:37] *** fujin has joined #postfix
[12:39:39] <bishillo> Where dovecot looks for that global script?
[12:39:50] <bishillo> You use it for spam filtering?
[12:45:20] *** j416 has joined #postfix
[12:46:09] *** j416 has quit IRC
[12:46:26] *** j416 has joined #postfix
[12:47:36] <smesjz> bishillo: global_script_path = /var/vmail/globalsieverc
[12:47:51] <smesjz> I use it for spam filtering.
[12:48:28] <smesjz> actually I redirect all SPAMMY mail in Amavis to a dedicated mailbox for further inspection. All SPAM mail is discard when the score exceeds 7.5
[12:50:02] *** raqamy has joined #postfix
[12:50:29] * cpm redirects spam with the smesjz filter
[12:51:22] * smesjz redirects spam to cpm's chainsaw
[12:51:39] * cpm rips it up!
[12:51:50] * cpm hugs his chainsaws
[12:52:45] *** fujin_ has joined #postfix
[12:55:15] <bishillo> smesjz: thanks... I didn't know that...
[12:55:45] <bishillo> Can you share your script? I'm used to procmail, and sieve is a new world for me
[12:56:50] <smesjz> bishillo:
[12:56:51] <smesjz> if exists "X-Spam-Flag" {
[12:56:51] <smesjz>   fileinto "spam";
[12:56:51] <smesjz>   # Stop here so that we do not reply on spams
[12:56:51] <smesjz>   stop;
[12:56:51] <smesjz> }
[12:57:02] <smesjz> it's even listed on the Dovecot site
[12:57:26] <bishillo> ok, sorry
[12:57:28] <bishillo> :)
[12:59:58] * cpm lists smesjz on the dovecot site
[13:00:21] *** TheOutlander has joined #postfix
[13:00:39] <bishillo> Incredible!
[13:00:42] <bishillo> it works :)
[13:00:47] * smesjz lists cpm on the spamcop.net site
[13:01:00] <cpm> does anyone use spamcop?
[13:01:11] <smesjz> I don't. It's evil
[13:01:12] <cpm> I've found them to be, , , umm, unreliable
[13:01:20] <cpm> Yeah, that's kinda my take
[13:01:31] <cpm> but I think postini is evil too
[13:01:36] <bishillo> I only use spamhaus
[13:02:42] <many> the easiest way to use spam blacklists is to add them to a score
[13:02:51] *** fujin has quit IRC
[13:02:52] <many> so only multiple hits can blacklist a host
[13:03:08] <cpm> naw, outright rejects are nice.
[13:03:14] *** PhilKC has quit IRC
[13:03:17] <cpm> :)
[13:03:42] <bishillo> I directly reject if listed on spamhaus
[13:03:45] <cpm> that's the 'easiest' way, by far. don't even have to process them
[13:03:47] <smesjz> yea, especially the country based ones :)
[13:04:08] * xpoint use spamcop, no problem with them
[13:04:35] <many> yes, there is
[13:04:43] <xpoint> i have more problems with sorbs.net
[13:04:50] <many> they are so stupid they even  blacklist complete legit hosts
[13:05:08] <xpoint> who ?
[13:05:13] <many> spamcop
[13:05:36] <xpoint> what is the defination of  "legit" ? :)
[13:05:44] <many> well.
[13:05:57] <many> lets change the definition.
[13:06:20] <xpoint> this will change the problem to
[13:06:21] <many> ive seen customers subscribing to mailinglists and then report mails to that list to spamcop and they accepted that
[13:07:03] * cpm puts on his diplomat hat
[13:07:20] <xpoint> this is becurse maillist servers admins did not contact spamcop to know thay use the ip for maillist trafix
[13:07:22] <many> and not only once, so no accidents there. ;)
[13:07:30] <cpm> spamcop has been know to be overly liberal in it's acceptance of spam host submissions
[13:07:33] *** j416 has left #postfix
[13:07:47] <many> cpm, yes, thats why they are unreliable :)
[13:08:27] <xpoint> many, stop using rbl in postfix then
[13:08:34] <many> xpoint: oh. so i report my spamming host to spamcop as being maillist traffic and they wont blacklist it? nice.
[13:08:38] <many> xpoint: no.
[13:08:59] *** fujin has joined #postfix
[13:09:09] <xpoint> many, i have lost the url now basicly yes
[13:09:40] <many> i score rbl and rwls and am satisfied with the results. what combined lists dont catch will be hit my own client access rules sooner or later.
[13:10:21] <xpoint> i just scan my own logs and make a rbl out of the results
[13:10:55] <xpoint> now my pypd uses this info in weighted check
[13:11:07] <many> well, my own rbl (for ips) and policy service (for matching hostnames)
[13:11:23] <xpoint> regexp ? :-)
[13:11:28] <many> yes.
[13:12:00] <xpoint> nice i have done this in pypd in sql table, so i greylist on base of hostnames
[13:12:58] <xpoint> just do not use a rbl direct from postfix
[13:13:05] <many> ohwell, basically i wrote a small ruby class which does some dirty work, so i can delegate all policy work in a nicey ruby script. its still getting bloated :/
[13:13:28] <many> i dont. still i wont trust any -and spamcop in special- BL as single source
[13:13:44] *** fujin has quit IRC
[13:14:24] <ALVAN> bishillo, the problem was else where ..since i have enabled the shadow mechanism in sasl and postfix run chrooted it can not access another path besides /var/spool/posix
[13:14:25] <xpoint> http://www.digital-destiny.dk/ i am Benny there :-)
[13:14:39] <many> the most evil match is \d+-\d+-\d+-\d+
[13:14:42] <many> :}
[13:14:48] <xpoint> many, sound intresting
[13:15:21] <xpoint> many, why is this evil ? :-)
[13:15:39] <many> too many static hosts, some mailignlistservers matching
[13:16:00] <bishillo> ALVAN: you should create the socket inside that directory, of course...
[13:16:03] <smesjz> Signum: which default password scheme did you have in mind for the new tutorial?
[13:16:11] <ALVAN> bishillo, yeap :)
[13:16:13] <many> digium-69-16-138-164.phx1.puregig.net like this
[13:16:33] <many> thats the digium maillist-out server (asterisk, voip, incase you heard of them)
[13:17:07] *** Kurtism has quit IRC
[13:17:34] <xpoint> many, why not a better reverse dns and a better forward dns to prove it ?
[13:17:35] <many> but then ive also seen mailinglists run on non-resolving hosts.
[13:18:11] <xpoint> many, yes same here just not as much
[13:18:28] <many> xpoint: its not mine and i have given up to tell people what would be nice.  once i've been asked which rfc requires that mailservers have a reverse dns
[13:18:39] *** Kurtism has joined #postfix
[13:18:40] <many> "none, but thats your problem."
[13:18:50] <many> *shrug*
[13:19:47] <xpoint> many, most  i have told to add reverse listen to me, just a few that does not care, one of them was godaddy.com :-)
[13:20:28] *** Mavvie has joined #postfix
[13:20:39] <xpoint> want to sell more, you atleast need to have reverse dns, else i reject mails to you custommers :-)
[13:21:04] *** meandtheshell has joined #postfix
[13:21:13] <many> thats why i delegate that stuff to my own policyd, i have pretty strict stuff which helps alot (aside from one forwarder which i do whitelist), if someones complaining loudly enough or i do care, i can still tell it to DUNNO before all other rules
[13:21:14] <f3ew> many RFC1912
[13:21:24] <xpoint> it took them one week to fix, but thay fixed it !
[13:21:31] <many> f3ew: indeed? nice to know.
[13:22:51] <Signum> smesjz: not yet decided. something encrypted at least. md5 perhaps.
[13:23:00] <xpoint> many, pypd is like your ruby code ?, sounds like for me
[13:23:12] <many> probably alot similar
[13:23:33] <many> http://krikkit.ukeer.de/ruby-policy/  dont look too close, its a fragile construct for now :}
[13:23:42] <xpoint> many, reminds me i need to update docs
[13:24:11] <xpoint> many, if it just do its works i am happy :-)
[13:26:13] *** fujin_ has quit IRC
[13:26:34] <many> well, it WFM aside from three or four cornercases where something odd happened in DNS which will result in a fallback action being "dunno"
[13:26:58] <ALVAN> bishillo, the dovecot config from  http://www.postfix.org/SASL_README.html#server_dovecot is ok ..becasue i got error in dovecot with Missing values if i use that one
[13:27:41] <many> the reason i initially wrote it to have some more sophisticated rules where one could say for example  (SPF || Sender_callout), but i havent gotten so far to implement these two.  lazy boy me. 8)
[13:27:50] <ALVAN> the shadow mechanism is insecure and hard to make it working
[13:30:42] <xpoint> many, i might even send you patches to ruby it looks easy to understand the regexp and code base :-)
[13:32:12] <smesjz> ALVAN: I use the same Dovecot SASL stuff here..works fine
[13:34:35] <many> xpoint: i certainly hope its easy to understand :)
[13:35:03] <xpoint> many, it is, and i am not even a programmer
[13:35:30] <ALVAN> well crap i have Missing value in line 445 ....i am on Solaris i dont have Pam support or Kerberos3 ..i try ti use   passdb shadow
[13:35:38] <ALVAN> but the error is still there
[13:36:05] <ALVAN> i have copied it  fine no typos or mising lines
[13:37:41] *** ikaro has quit IRC
[13:50:34] *** [miles] has quit IRC
[13:51:49] *** hoodow has joined #postfix
[13:52:36] *** TheOutlander has quit IRC
[13:57:06] *** master_o1_master has joined #postfix
[14:02:44] <smesjz> Signum: are you going to make a switch from MySQL to Postgres or not?
[14:06:10] *** Kurtism has quit IRC
[14:07:04] *** Kurtism has joined #postfix
[14:08:45] <Signum> smesjz: undecided. mysql makes it easier for the users. postgresql makes me look less stupid in the eyes of f3ew :)
[14:09:02] *** master_of_master has quit IRC
[14:09:45] <Signum> smesjz: I'm still using both DBMSs here. postgresql when I need to do anything with networks because the "inet" type is useful.
[14:10:56] <Signum> smesjz: and most applications still run on mysql because phpmyadmin has always been a good tool while phppgadmin took a while. pgadmin3 is a good attempt but no serious GUI. and "psql" is a serious console program but doesn't help you to get a good view at your database.
[14:11:15] <cpm> being less stupid in the eyes of 3few is a tall task indeed
[14:12:09] <cpm> I use postgres these days for one specific service that is postfix only, everything else I do is mysql. speed is the issue.
[14:12:19] <cpm> s/postfix/postgres
[14:12:34] <smesjz> hmm
[14:13:00] <cpm> postgres access still gets on my nerves.
[14:13:03] <cpm> :)
[14:13:28] *** birmaan has joined #postfix
[14:14:17] <Signum> cpm: why? slower? uncomfortable?
[14:14:33] <cpm> I love the way you can do math directly in postgresql and all the other really nice ways you can optimize queries. But for raw speed, mysql just slams it
[14:15:15] <cpm> Signum, , , no, just pg_hba.conf gets on my nerves, cause it's from the dark old days, and doesn't like chroots, and that kinda thing
[14:15:55] * cpm is still grumpy over oracles purchase of sleepycat
[14:16:09] *** raqamy has quit IRC
[14:18:07] *** ziro has quit IRC
[14:19:00] <Signum> Actually I had to admit that mysql and pgsql have both matured enough that the are serious choices. I don't like details of either ones. But that doesn't mean either one is just a toy.
[14:19:22] <f3ew> PostgreSQL scales better :P
[14:19:46] * f3ew doesn't care much about pg_hba.conf
[14:20:09] <Signum> f3ew: both seem to support clustering/replicatoin
[14:20:27] <f3ew> Pg doesn't do clutering, MySQL replication is in-memory-only
[14:20:34] <f3ew> clustering
[14:23:07] <lkthomas> guys
[14:23:19] <lkthomas> RBL could be implement on postfix level and spamassassin level
[14:23:24] <lkthomas> which one are you guys using now ?
[14:24:07] <Signum> both
[14:24:20] <shasta> the former one lowers your load, the latter one is resistant to false positives
[14:25:07] <lkthomas> Signum, if you are using same rbl, you are wasting time here
[14:25:21] *** raqamy has joined #postfix
[14:25:22] <lkthomas> Signum, postfix will directly reject mail which listed in rbl
[14:25:29] <lkthomas> spamassassin just counting score
[14:27:04] <many> oO
[14:27:11] <f3ew> lkthomas, not necessarily
[14:27:26] <f3ew> you could have mail sent via a DNSBLed host but relayed via another server
[14:29:16] <Signum> lkthomas: correct. some major RBLs block the spam at postfix's door. spamassassin uses further RBLs to score the spam
[14:39:56] *** UQlev has joined #postfix
[14:40:15] *** Arsenick-TC2L has joined #postfix
[14:43:31] *** Arsenick-TC2L has quit IRC
[14:45:38] *** lkthomas has quit IRC
[14:46:10] <smesjz> Signum: for some silly reason I run into dependency problems with Debian/sid while trying to install Python 2.4 for using docutils :(
[14:47:59] <Signum> Apparently I don't use the same RBLs... :)
[14:48:04] *** lkthomas has joined #postfix
[14:48:26] <Signum> smesjz: I have sid here with python-docutils. what is the problem?
[14:49:54] <smesjz> Setting up python (2.4.4-5) ...
[14:49:54] <smesjz> dpkg: error processing python (--configure):
[14:49:54] <smesjz>  subprocess post-installation script returned error exit status 1
[14:51:32] *** _yam has joined #postfix
[14:54:27] <Signum> smesjz: Uhm. Strange. Did you mix sid with experimental perhaps? Did you do a proper dist-upgrade?
[14:56:10] <smesjz> looks like 2.4.4-5 was borked..I just did a apt-get update again (did one an hour ago too) and now 2.4.4-6 installs just fine
[14:56:55] <smesjz> the release notes say -> ' * python.postinst: Fix cleanup of temporary files. Closes: #424703, #424704.' So that might make sense
[14:57:00] <smesjz> since the .postinst was hanging
[14:59:25] <Signum> oops
[14:59:34] <Signum> Good thing I didn't update sid for a week. Doing that now :)
[15:00:38] *** rworkman has left #postfix
[15:00:43] *** Kurtism has quit IRC
[15:01:45] <cpm> Okay, where is ChrisH
[15:01:46] <cpm> ?
[15:01:56] *** Kurtism has joined #postfix
[15:01:57] <Signum> cpm: dead. I killed him. muahahahaha
[15:02:06] <cpm> you sick dog!
[15:03:02] <Signum> !ChrisH
[15:03:02] <knoba> Signum: 'ChrisH' : the former nickname of Signum . His name was taken on another IRC network and to avoid permanent confusion he decided to rename himself.
[15:03:03] *** yam has quit IRC
[15:05:15] *** Ryushin has joined #postfix
[15:10:42] *** hparker has joined #postfix
[15:11:23] *** jonez has quit IRC
[15:16:48] *** UQlev has left #postfix
[15:20:49] * cpm isn't exactly happy about this development
[15:25:32] * smesjz isn't exactly happy about cpm
[15:25:48] <cpm> Yeah, I don't blame you.
[15:30:55] *** lkthomas has quit IRC
[15:31:51] *** raqamy has quit IRC
[15:32:06] * hparker wonders what problem cpm has developed for himself
[15:32:33] <cpm> well, it started with this red swollen bit, that started itching
[15:33:03] <hparker> nevermind......
[15:34:49] *** ziro has joined #postfix
[15:35:39] *** flami has joined #postfix
[15:39:57] <xpoint> hparker, what now ?
[15:40:06] *** eltech has quit IRC
[15:40:29] <hparker> xpoint: Nothing, giving cpm a hard time and .. It kinda backfired :P
[15:40:49] *** barefoot has joined #postfix
[15:40:54] *** eltech has joined #postfix
[15:41:17] <barefoot> how can I remove cram-md5 from the list of auth mechanisms?
[15:43:42] *** magyar has joined #postfix
[15:44:13] <flami> look in the sasl auth configs under mech_list
[15:45:24] <barefoot> thanks
[15:46:30] *** Jax has joined #postfix
[15:48:18] *** ALVAN has quit IRC
[15:53:11] *** andresmujica has joined #postfix
[15:55:17] *** raqamy has joined #postfix
[15:58:01] *** lkthomas has joined #postfix
[16:00:07] *** Kurtism has quit IRC
[16:01:38] *** Kurtism has joined #postfix
[16:02:25] *** asdx has joined #postfix
[16:02:27] <asdx> hi
[16:02:42] <asdx> i have sent an e-mail and it bunces back to me with this message:
[16:02:53] <asdx> Local Policy Violation (in reply to RCPT TO command)
[16:03:00] <asdx> what does it mean ?
[16:03:06] <asdx> is the problem on my side ?
[16:03:09] *** Jax0r has joined #postfix
[16:04:42] *** war has quit IRC
[16:04:46] <hparker> What do the logs say?
[16:05:11] <asdx> the same
[16:05:26] <asdx> delay=4, status=bounced
[16:05:32] <hparker> I've never seen that error
[16:05:38] *** Jax has quit IRC
[16:06:05] <sparrw> rob0: slowly making my way through the documentation on filters and policys
[16:07:05] *** ikaro has joined #postfix
[16:08:08] *** stellina has joined #postfix
[16:08:31] <stellina> hi ppl
[16:09:24] <stellina> since I installed mailscanner, I don't have in my logs  what happened to mail after it when to the hold queue... I only have a status=sent only when the delivery is local
[16:10:19] *** mordaunt has joined #postfix
[16:13:37] <stellina> can you help me pleaze/
[16:15:19] <cpm> stellina, this is why a lot of folks avoid mailscanner like the plague
[16:15:26] <cpm> you have no idea where your mail went
[16:15:43] * rob0 avoids the plague like cpm
[16:15:44] <stellina> yes
[16:15:46] <hparker> Kinda like sending mail to hotmail :P
[16:15:49] <cpm> rob0, is wise
[16:15:56] <stellina> heh
[16:16:28] <stellina> I remember before mailscanner I had logs like 'relay=[ip.ad.dr.ess] status=sent'
[16:16:46] <stellina> and now the last think I have is that the mail went to the hold queue
[16:16:51] <hparker> Setup amavisd-new, see mail traffic in logs, profit!
[16:17:02] <cpm> stellina, http://archives.neohapsis.com/archives/postfix/2004-01/1609.html
[16:17:02] <stellina> is there any solution to this?
[16:17:05] <rob0> Does mailq show anything?
[16:17:10] <cpm> what hparker said
[16:17:31] <stellina> rob0: yes sometimes maybe the mail still in queue
[16:17:41] <stellina> but what if it has gone? I need to have logs
[16:20:01] <cpm> stellina, what hparker said
[16:20:08] <cpm> if you want control, dump mailscanner
[16:20:18] *** Jax has joined #postfix
[16:20:19] <rob0> <-- not a mailscanner, nor a muleskinner, nor a milesconer
[16:20:46] <stellina> hparker: I switched from amavis to mailscanner. amavisd caused me a lot of problems
[16:21:17] <cpm> losing email is a problem
[16:21:22] *** Jax0r has quit IRC
[16:21:38] <stellina> I know.... what all these admin that use mailscanner do?
[16:22:02] *** raqamy has quit IRC
[16:22:13] <rob0> BTW yesterday our whole company (~30 people) got axed. But we have another job prospect in TX already. :)
[16:22:40] <hparker> rob0: Ouch! Great! ;)
[16:22:58] <cpm> Youch!
[16:23:08] <cpm> who's 'we' ?
[16:23:19] <stellina> they'll kill me if I tell them I don't keep such logs
[16:23:47] <rob0> the boss is working on an opportunity for all of us.
[16:24:04] <cpm> all of us = us-30 ?
[16:24:04] *** stellina has quit IRC
[16:24:07] <rob0> yes
[16:24:13] *** nfi|ermes has joined #postfix
[16:24:18] <cpm> you can have my job!
[16:24:32] <rob0> But what will they do with you?
[16:24:43] *** stellina has joined #postfix
[16:24:59] <nfi|ermes> hi all
[16:25:31] <cpm> fire me, I hope
[16:27:09] <rob0> Hmmm, but I'd want to have your head mounted on the wall as a trophy.
[16:27:55] <cpm> well, you could try and take it I suppose
[16:30:13] * Signum considers removing RBLs from Postfix and just use them in spamassassin... should be fun to collect spam :)
[16:30:21] <luke-jr> good
[16:30:51] <luke-jr> there's at least 6 RBLs that are bogus
[16:30:59] *** iratik has joined #postfix
[16:31:00] <iratik> Help!
[16:31:03] <iratik> status=bounced (Host or domain name not found. Name service error for name=netins.net type=AAAA: Host found but no data record of requested type)
[16:31:04] <cpm> and they are?
[16:31:13] <flami> why collect spam ? ^^ if you ever feel the urge to buy sheep viiiaagraaa?
[16:31:32] <iratik> I changed some nameservers around yesterday -- and now i don't know exactly whats wrong -- one of the nameservers i'm presuming is turning in a bad result
[16:31:44] <iratik> but how can i tell which nameserver postfix is using?
[16:32:07] <cpm> iratik, you don't have a v6 AAAA record
[16:32:44] *** jonez has joined #postfix
[16:32:45] <iratik> well.. -- this is one of those bastardized linux+windows server 2003 running on the same domain setups
[16:33:06] <iratik> we had to configure the router to use the windows 2003 as a dns server - so the windows pcs could recognize it as a domain controller
[16:33:19] <iratik> i think i may have slipped that ip into my /etc/resolv.conf yesterday - - would that do it?
[16:33:53] <iratik> Regular # comments work in resolv.conf right?
[16:34:41] *** Arsenick-TC2L has joined #postfix
[16:35:25] *** rmayorga has joined #postfix
[16:37:06] *** prebur has quit IRC
[16:37:50] *** Lap_64 has quit IRC
[16:38:56] *** x-ip has joined #postfix
[16:38:58] *** evangelion has quit IRC
[16:39:27] <x-ip> hi, how can i send email to multiple recipients by telnet ?
[16:39:42] <f3ew> multiple RCPT TO lines
[16:39:45] * f3ew => home
[16:40:15] <cpm> bye
[16:41:21] <x-ip> f3ew: thanks =)
[16:41:39] *** prebur has joined #postfix
[16:43:15] *** nictuku has joined #postfix
[16:43:44] *** hoodow has left #postfix
[16:45:47] *** x-ip has quit IRC
[16:51:35] *** Kurtism has quit IRC
[16:53:06] *** Kurtism has joined #postfix
[16:55:20] *** raqamy has joined #postfix
[16:59:07] *** tminos has joined #postfix
[17:04:36] *** asdx has quit IRC
[17:17:43] *** magyar has quit IRC
[17:24:37] <nfi|ermes> relay_recipient_maps = hash:/usr/local/etc/postfix/exchange_recipients
[17:24:52] *** sepski has joined #postfix
[17:24:54] <nfi|ermes> how can i transform my text file /usr/local/etc/postfix/exchange_recipients in .db ?
[17:30:25] <hparker> postmap
[17:31:16] *** Jax has quit IRC
[17:32:10] *** mirlyn has quit IRC
[17:32:36] *** UQlev has joined #postfix
[17:33:37] *** Mez has quit IRC
[17:38:58] *** Kurtism has quit IRC
[17:40:20] *** Kurtism has joined #postfix
[17:56:43] * cpm postmaps hparker
[17:56:51] <cpm> hparker.db
[18:02:42] *** hemry has joined #postfix
[18:24:40] *** Kurtism has quit IRC
[18:26:09] *** Kurtism has joined #postfix
[18:29:47] *** UQlev has quit IRC
[18:38:48] *** nfi|ermes has quit IRC
[18:43:44] *** nictuku has quit IRC
[18:45:37] <bishillo> Anyone tried to get pysieved working?
[18:47:12] *** stellina has quit IRC
[18:53:11] *** barefoot has left #postfix
[18:58:04] *** birmaan has quit IRC
[19:00:15] *** pickcoder has joined #postfix
[19:03:33] <xpoint> exchange have ad or ldap, why on earth using hash :-)
[19:04:18] *** j416 has joined #postfix
[19:05:45] <smesjz> well, if you only have 30 or so users in that LDAP it makes more sense to make a hash?
[19:06:17] <xpoint> nope
[19:06:47] <smesjz> sure it does. Otherwise you have to start fiddling around with ldap searches
[19:07:02] <xpoint> it would be the same as say dhcp will only need to give user the ip to play with
[19:07:19] <xpoint> but dhcp can do more then that
[19:07:50] <xpoint> this is here analog to using ldap instaed of hash
[19:08:30] <smesjz> sure, but if you don't want to play around with LDAP you can also maintain the userlist in a hash
[19:09:10] <xpoint> currect :-), but se above :-)
[19:09:21] *** AJ_Z0 has quit IRC
[19:09:45] <xpoint> if the user base is all that is needed ldap is overkill
[19:09:55] *** AJ_Z0 has joined #postfix
[19:10:17] <smesjz> why would he need more? I assume exchange takes care of the delivery and filtering etc
[19:11:11] <xpoint> amavisd-new ldap control from windows exchange does not makes sense ?
[19:11:42] *** Kurtism has quit IRC
[19:13:02] <smesjz> per user-settings are so overrated...
[19:13:05] *** Kurtism has joined #postfix
[19:15:12] <xpoint> :-)
[19:15:34] <cpm> per user settings are just another helpdesk headache
[19:15:50] <pickcoder> == job security
[19:16:06] <pickcoder> unless you're not in the helpdesk dept
[19:16:24] <cpm> headaches are not security.
[19:16:42] <cpm> they are slot turnover predicators
[19:16:47] <pickcoder> heh
[19:16:50] <smesjz> well you can sue the company for getting headaches...$$$ ;)
[19:17:17] <cpm> you can sue the company for anything you want, doesn't mean any judge will hear the case
[19:17:31] <smesjz> cpm: dont you live in America? :)
[19:17:44] <cpm> sure,
[19:18:37] <smesjz> but why even bother with storing amavis settings in Active Directory...
[19:18:38] <cpm> folks bring suites like this all the time, the percentage that actually get traction is so insanely low, it's immeasureble, which is why everyone knows about the ones that do
[19:19:35] *** stellina has joined #postfix
[19:19:54] *** VolVE-mk2 has joined #postfix
[19:19:59] <smesjz> well, the SCO case is still going on ;)
[19:20:05] <stellina> hi ppl
[19:20:12] <smesjz> but that should give the judge a headache ;)
[19:20:24] <stellina> it seems that postfix doesn't handle correctly mime when the recipients are more than one
[19:20:32] *** j416 has quit IRC
[19:21:12] *** VolVE has quit IRC
[19:23:09] <xpoint> i bet postfix handle mime, unless you show it does not :-)
[19:25:03] <Signum> stellina: postfix doesn't change anything in the body so the MIME will stay intact
[19:25:20] <stellina> hmmm
[19:25:37] <stellina> Signum: so the problem could be in mailscanner?
[19:25:53] <xpoint> recipient is not in body either
[19:30:01] *** notes-fauna has joined #postfix
[19:30:38] *** GMFlash has quit IRC
[19:30:42] *** GMFlash has joined #postfix
[19:32:02] *** bishillo has quit IRC
[19:32:21] <pickcoder> stellina: mailscanner doesn't change the recipient headers
[19:32:32] <pickcoder> but it could affect the body
[19:32:41] <notes-fauna> I am building a production mail server for announcements and discussions of open source related efforts in my locale. What would you suggest make sense for a mailing list manager that would handle quite a bit of use and remain flexible? Would you suggest one where the lists are managed by a RDBMS?
[19:32:50] <pickcoder> another option is the e-mail is mal-formed to start with
[19:33:10] <notes-fauna> I am familiar with Perl, Tcl,Python, Java, C#, and C, so a MLM made in these languages would be a bonus.
[19:33:15] <stellina> ok
[19:33:18] <hparker> notes-fauna: I like mailman
[19:33:35] * cpm likes mailman
[19:35:03] <notes-fauna> Hey mailman is in python. Great.
[19:36:19] <notes-fauna> hparker: are the criticisms of Mailman from the past (such as http://www.jwz.org/doc/mailman.html) largely addressed?
[19:36:38] <Signum> mailman works perfectly here. I wouldn't want to go back to majordomo.
[19:37:09] <notes-fauna> JWZ a long time ago, 2002, talked about complexity for the users.
[19:37:43] <hparker> notes-fauna: I don't have a problem with anything listed there
[19:38:03] <notes-fauna> oh it's solved.
[19:38:04] <notes-fauna> great.
[19:38:07] <hparker> And most of the lists I'm on are mailman
[19:38:20] *** fred87 has left #postfix
[19:38:38] <hparker> No, I wouldn't say solved... Looks like a propaganda page to me pushing Smartlist
[19:39:13] <pickcoder> I agree with the password comment
[19:39:20] <pickcoder> it's pointless and annoying
[19:40:02] <notes-fauna> So are there any runner ups? It's pretty clear everyone likes Mailman here.
[19:40:03] <pickcoder> occasionally I've run into the subscribe/unsubscribe problems running Gforge
[19:40:18] <notes-fauna> I'll take a hint.
[19:40:20] <pickcoder> most of that was address related
[19:40:41] <pickcoder> still I like mailman over majordomo
[19:40:46] <pickcoder> neither are perfect
[19:41:15] <pickcoder> roll your own to fit, if you plan on customizing it
[19:41:16] * xpoint likes mlmmj
[19:42:14] <notes-fauna> Very cool.
[19:43:23] <xpoint> all say mailman, but only dead fish follow the wather :)
[19:43:46] <notes-fauna> xpoint: but it will be a starter MLM for me.
[19:44:01] <notes-fauna> I should pick one that's going to have a lot of docs and tutorials for a newbie like me.
[19:44:12] <notes-fauna> Mailman sounds perfect.
[19:44:33] <xpoint> notes-fauna, it still for me, with over 40 ml here running mlmmj
[19:45:00] <notes-fauna> wow
[19:46:16] <notes-fauna> Does running a MLM involve all of the complexity of running a well fortified production mail server?
[19:46:23] <notes-fauna> It would seem so.
[19:46:41] <xpoint> no exhange will do :-)
[19:46:41] <Signum> at work our security-relevant information is sent to one user who has an outlook rule to forward it to a number of people. is that crazy? :)
[19:46:57] <Signum> they say it's better for the IT department because majordomo is too complicated.
[19:47:00] <rob0> ouch!
[19:47:22] <rob0> haha the IT dept. can't figure out the Major :)
[19:47:29] * Signum estimates that 90% of the IT department carries a tie
[19:47:29] <xpoint> Signum, fire the boss
[19:47:49] <Dominian> Or.. setup majordomo and get it working.. implement it.. don't tell anyone ;)
[19:48:00] <Signum> xpoint: pretty unlikely. :) And the boss who would dare change that is 5 hierarchy levels above me and can't tell his telephone from his coffee machine
[19:48:22] <Signum> majordomo runs already with ~300 mailing lists. but for the developers. developers are so different from the sysadmins.
[19:48:52] <rob0> Telephone: delivers whines ... coffee machine: delivers coffee
[19:48:53] <Signum> the most hated dep is the guys who maintain the intranet. so every department has their wiki now... it's completely crazy.
[19:49:17] <notes-fauna> I wonder if it makes sense to tie a RDBMS together with Mailman.
[19:49:19] <xpoint> true, most love both, even under 5 mins walk it was a hard day keeping the coffie warm and all that iretating telephones calls
[19:49:32] <cpm> notes-fauna, folks do it. doesn't make sense to me.
[19:49:45] * Signum still searches for a good and cheap cappuccino machine for his office...
[19:49:50] <rob0> cpm doesn't make sense to me
[19:49:59] <cpm> thank goodness!
[19:51:31] <notes-fauna> Okay I'll use it as is then.
[19:51:32] <xpoint> notes-fauna, mlmmj needs lees maintaince when its up then mailman does
[19:51:41] <notes-fauna> Cool. I will consider it once I get the hang of administrating mailman.
[19:51:47] <Signum> the only maintenance job in mailman could be dealing with moderated postings. and thank to "listadmin" this is a matter of a few seconds per day
[19:51:50] <notes-fauna> That way I have a point of comparison.
[19:52:13] <notes-fauna> I took the time to read through the entire source code for Enemies of Carlotta by the way. It was very procedural.
[19:52:20] * cpm wondered about that comment also
[19:53:09] * smesjz wonders about cpm
[19:53:17] <xpoint> notes-fauna, fair enough, i will say you should know atleast that mailman is just one maillist manager just not the only one
[19:54:59] *** rootsvr has quit IRC
[19:55:21] <notes-fauna> xpoint: agreed. :-)
[19:55:30] <xpoint> notes-fauna, http://www.digital-destiny.dk/ i use mlmmj on this page, try to subscripbe or send help ? :-)
[19:56:16] <notes-fauna> I will check it out sometimes, thank you for pointing it out :-)
[19:58:51] * cpm chuckles
[19:59:30] <xpoint> Signum, depends on who you call, if you call the fire department, thay will deliver fire, no ? :-)
[19:59:44] *** AJ_Z0 has quit IRC
[20:00:25] * cpm sends smesjz over to the fire deparment to scarf some donuts
[20:00:51] <notes-fauna> (is this talk of fire dept an in-joke?)
[20:01:29] <notes-fauna> and why is this talk of donuts making me hungry?
[20:01:31] <notes-fauna> :-)
[20:02:32] <xpoint> notes-fauna, you should put up mlmmj before you eath :-)
[20:02:37] *** Kurtism has quit IRC
[20:03:07] *** AJ_Z0 has joined #postfix
[20:03:19] * xpoint pizza time
[20:04:10] <notes-fauna> may I ask you guys a question? How do you make use of RDBMS's power when it comes to mailing lists?
[20:04:13] *** Kurtism has joined #postfix
[20:04:54] <notes-fauna> For example, sometimes I join a high traffic mailing list and I thought, well, I just want the meeting announcements and calls for donations (so I can donate my old hardwares or server room).
[20:05:02] <notes-fauna> But I get everything else.
[20:05:17] <notes-fauna> It would be nice to segment what people want. Like the way you can subscribe to RSS channels.
[20:05:45] <notes-fauna> It would seems that if we can tag interests with subscribers, an RDBMS can help me slice new lists.
[20:06:09] <notes-fauna> This is why it keeps swimming in the back of my head, that it would make some sense to connect an RDBMS to Mailman.
[20:07:36] <notes-fauna> I also wonder if Bayesian classification can fit into this flow somehow. Helping messages reach people who care about it most. Cut down on spamming.
[20:07:55] <notes-fauna> That way you don't have to be exposed to 12 different list to subscribe to.
[20:08:13] <notes-fauna> But instead naturally have like messages to interested people.
[20:08:31] <notes-fauna> go to interested people.
[20:08:45] <notes-fauna> Is this possible?
[20:09:35] <notes-fauna> Is this a worthwhile idea?
[20:11:28] <cpm> hehh eh eh , , calm down bevis
[20:13:18] *** amrit|zzz is now known as amrit|wrk
[20:13:35] <notes-fauna> cpm: I bet this topic has been talked about many times before...
[20:13:53] <cpm> I'd take that bet
[20:14:11] <notes-fauna> It hasn't?
[20:14:31] <cpm> no, this isn't the mailman developers mailing list, maybe you want to check those archives ?
[20:14:55] <notes-fauna> Oh it's off topic.
[20:15:01] <notes-fauna> Sorry.
[20:15:11] <cpm> not really, but pretty much, yeah. No worries
[20:15:49] *** Lap_64 has joined #postfix
[20:16:06] *** nick01 has joined #postfix
[20:17:02] <nick01> hi I'm trying to configure a domain at editdns.net - and I have t oconfigure type - like A; AAAA, CNAME NS, SRV TXT etc - what do those mean ?
[20:18:57] <nick01> NS must be nameserver
[20:19:15] *** TheOutlander has joined #postfix
[20:19:46] <sepski> A = name -> ip AAAA = name -> ipv6
[20:19:57] <sepski> CNAME = name -> another name
[20:19:58] *** nemo_work has joined #postfix
[20:20:14] <nemo_work> I am seriously loving postfix right now. beautiful lil box just sitting there blocking spam...
[20:20:25] <nemo_work> forwarding on to exchange server (yeah, we still need that)
[20:20:43] <nemo_work> in the two weeks we've added a spam blocking postfix box, there have been 106856 rejects due to blacklists and invalid
[20:20:46] <notes-fauna> nemo_work: Which version of Exchange?
[20:20:47] <nemo_work> following of rules, 50005 disconnected after losing patience with a minor timeout, and 23865 allowed through but sent to
[20:20:51] <nemo_work> junk
[20:21:16] <nick01> sepski, tks
[20:22:38] <notes-fauna> nemo_work: did you have to subscribe or buy anything for your Postfix set up?
[20:22:46] <notes-fauna> Like updated anti-virus definitions?
[20:22:55] <nemo_work> notes-fauna: using amavis
[20:23:03] <notes-fauna> cool.
[20:23:14] <nemo_work> notes-fauna: haven't enabled AV yet though, or even extension blocking.  almost no virus e-mail, just easing into it
[20:23:30] <nemo_work> right now the actual antivirus part is turned off, just spamassassin
[20:23:50] <nemo_work> notes-fauna: oh, and I do an arbitrary mapping of spamassassin scores to X-SCL tags in postfix - for benefit of Exchange junk filtering
[20:24:17] <nemo_work> ... and version of exchange appears to be.... 6 something?  I frankly am not a windows admin - just helped 'em with the postfix box
[20:24:23] <notes-fauna> nemo_work: hey are you using Debian? I am thinking of using Debian, I am more of a RedHat user in the past.
[20:24:34] <hparker> Just add clamav and restart amavisd-new
[20:24:35] <notes-fauna> Okay.
[20:24:35] <nemo_work> notes-fauna: this particular box is FC6
[20:24:41] *** Zeit|awy has quit IRC
[20:24:55] <notes-fauna> Would anyone recommend against Debian?
[20:24:57] <hparker> (and start clamav of course)
[20:24:58] * sepski uses debian. since
[20:25:23] <sepski> used redhat until it started with FC
[20:25:29] <nemo_work> notes-fauna: followed a guide on #fedora to setup, and another guide of suggested postfix rules (most of which I had on my home machine already)
[20:25:41] <nemo_work> notes-fauna: I'm contemplating adding a greylist during non-business hours which is why I'm here
[20:25:42] <notes-fauna> Ah, sweet.
[20:25:49] <hparker> !cheatsheet
[20:25:50] <knoba> hparker: 'cheatsheet' : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.
[20:25:58] <hparker> That's a nice guide to go over
[20:26:01] 
[20:26:19] <nemo_work> hm. lemme see if there are any I'm not using already
[20:26:43] <nemo_work> cbl.abuseat.org - that's a new one
[20:26:58] <hparker> Use zen.spamhause.org, it includes cbl
[20:27:19] <cpm> !hparker
[20:27:20] <knoba> cpm: Error: "hparker" is not a valid command.
[20:27:33] <hparker> No I'm not a valid command, thanks knoba!
[20:27:41] <nemo_work> hparker: oh. that's what it is. forget that then
[20:27:54] <hparker> ;)
[20:28:07] <nick01> anybody knows if changeip.com mail servers use port 25 ? they should bu no mention of it
[20:28:09] <hparker> I think he notes that farther down the page
[20:28:10] <nemo_work> I'm surprised they recommend reject unauth pipelining (which is default now) but don't suggest a sleep
[20:28:28] <nick01> the config for it
[20:28:33] <cpm> nick01, smtp servers use port 25, , , period
[20:28:42] <nick01> ok
[20:28:53] <cpm> what's behind that question?
[20:28:59] <notes-fauna> I've learned so much, thanks guys.
[20:29:02] <nemo_work> I have a ton of "unauth pipelining" which are probably due to the sleep, and 50,000 disconnects after RCPT TO which are also probably same
[20:29:09] <notes-fauna> Be back in a bit.
[20:29:14] <nemo_work> none of them, btw, from what seemed to be legit mail servers, and no user complaints
[20:29:34] <nemo_work> I think sleeps should be used more, spammers being forced to wait 5 seconds would increase their load a bit :)
[20:30:25] <nick01> cpm, grr editdns that gives free secondary MX don't allow port 25 for security reasons
[20:30:31] <hparker> On a busy server it can cause problems when under attack
[20:31:13] <nemo_work> hparker: mmm. fair 'nuff. I suppose I should have a way to remove it if needed
[20:31:18] <cpm> nick01, for one thing, secondary MX is mostly a bad idea, unless you REALLY know what you are doing, and why. and of course they run on port 25, or they aren't an MX
[20:31:20] <nemo_work> hparker: of course, attacks bring all sorts of problems
[20:31:41] <nemo_work> hparker: 'course, if an attack got really bad, could just temporarily dump spam filtering
[20:31:48] <hparker> That they do, but holding the socket open for 5 seconds can add to them
[20:31:52] <pickcoder> or take the mail server offline
[20:31:53] <nemo_work> hparker: let the postfix box connect on that IP
[20:32:04] <hparker> Anvil helps with it
[20:32:09] <nemo_work> notes-fauna: http://fedorasolved.org/server-solutions/postfix-mail-server/ <- the fedora guide I used
[20:32:16] <pickcoder> yeah it does a pretty good job handling load
[20:32:27] <notes-fauna> nemo_work: :-)
[20:32:35] <nick01> cpm, do u know another free provider of secondary MX ? and I must have one doing my own server which might have offline periods
[20:32:45] <cpm> don't use a secondary MX
[20:32:52] <cpm> why would you use a secondary MX?
[20:32:53] <nick01> cpm, and loose mail ?
[20:33:02] <nick01> lose
[20:33:04] <hparker> How?
[20:33:11] <cpm> do you plan on leaving your MX down for more than 5 days at a time?
[20:33:16] <hparker> Most sane MXs retry for 5 days...
[20:33:29] <nick01> cpm, not really
[20:33:37] <nemo_work> hparker: or at least for a day or two
[20:33:37] <cpm> all running a secondary MX will do is radically increase your spam load
[20:33:58] * cpm reiterates hparker, , , 5 days!
[20:34:03] <nemo_work> hparker: btw, that's why we dumped the spam blocking service we tested, they were getting connection failures (that were on *THEIR* end) and were bouncing mail as undeliverable
[20:34:15] <hparker> ouch
[20:34:26] <nemo_work> hparker: they tried blaming us too
[20:34:34] <hparker> I ought to sell filtering service
[20:34:35] <cpm> nemo_work, which spam blocker was that?
[20:35:14] <nemo_work> cpm: mm. one sec. lemme look 'em up. when we finally got them to admit was that management had increased their sales without increasing their hardware. but they must have software flaws to be bouncing like that
[20:35:38] <hparker> Overload could cause it
[20:35:41] *** madclicker has joined #postfix
[20:35:44] * cpm rubs his hands together and wishes 'oh, let it be postini, please let it be postini'
[20:35:48] <hparker> lol
[20:36:01] <nemo_work> cpm: MX Logic
[20:36:05] <cpm> rats!
[20:36:08] <nemo_work> cpm: they went into partnership with our ISP, ATX
[20:36:10] <nemo_work> cpm: and sucked
[20:36:22] <cpm> pretty much all of them suck.
[20:36:25] <nemo_work> postfix + amavis + spamassassin is doing a far better job
[20:36:45] <pickcoder> nick01: why not pay for a hosted box?
[20:36:46] <cpm> folks who can't run their own in house, should outsource the entire thing to someone who can
[20:37:03] <cpm> and not piecemeal it
[20:37:13] <nick01> pickcoder, cause I wanna make my own mail server :)
[20:37:20] <hparker> Or pay someone to set it up and admin it
[20:37:26] <nemo_work> cpm: you know, I've been thinking, the load on this box isn't so high - I should just make a small appliance box. put a minimal gui on it
[20:37:44] <nemo_work> cpm: after all, if they have any problems with it, they can just disconnect it and bring exchange back up on that IP
[20:37:49] <nemo_work> and, oh, ship it to me for repair :)
[20:37:50] <cpm> hparker, same thing, kinda
[20:38:06] <nemo_work> one of those cute lil linux server boxes
[20:38:06] *** frennkie has quit IRC
[20:38:46] <cpm> hparker, I know I'd rather just take the load on, on my own hardware, than toddle around someone elses shop and tell them what they 'should' do.
[20:38:49] <pickcoder> you can pick up 1U intel boxes for a hundred or so
[20:38:59] <cpm> that so? where?
[20:39:26] <hparker> cpm: I admin a couple of other mail servers.. They like it when I tell them what they should do ;)
[20:39:44] * rob0 thinks MX Logic is kind of stupid too
[20:39:45] <pickcoder> http://search.ebay.com/search/search.dll?from=R40&_trksid=m37&satitle=1U+Intel&category0=
[20:39:48] <cpm> you actually haul that hparker rear over to their shops to do it?
[20:40:04] <pickcoder> here's one: http://cgi.ebay.com/DELL-POWEREDGE-350-1U-SERVER-INTEL-P3-750MHZ-512MB-20GB_W0QQitemZ250113642485QQihZ015QQcategoryZ51225QQrdZ1QQcmdZViewItem
[20:40:09] *** mh_le has joined #postfix
[20:40:13] <nemo_work> rob0: they didn't do a bad job spam filtering, they just were absolutely horrible at actually delivering mail
[20:40:38] <nemo_work> rob0: customers who get their mail bounced always blame us. and I guess it is our fault for letting our ISP talk as into trying MX Logic
[20:40:41] <hparker> cpm: That I did.. One's in town, the other 180 miles away.. Oh, wait.. The last mail server for the one 180 miles away I shipped to them ;)
[20:40:46] <cpm> I see one antique dell for a bit more than $100
[20:40:54] <pickcoder> I didn't say they were new
[20:40:56] <pickcoder> <g>
[20:40:57] <nemo_work> I wonder if a mini-itx could handle our load level :)
[20:41:13] <hparker> They've got them up to like 1.2GHz
[20:41:14] <notes-fauna> sepski: are you pretty happy with Debian?
[20:41:21] <nemo_work> hparker: really!!! for a mini-itx??
[20:41:23] <cpm> :)
[20:41:23] <notes-fauna> sepski: I am learning with 'etch'.
[20:41:26] <pickcoder> hparker: not if you have a huge filtering system on it
[20:41:30] <hparker> nemo_work: Yup
[20:41:33] <nemo_work> sweet!
[20:41:34] <mordaunt> which rule gets checked first.. sender or recipient restrictions ?
[20:41:44] <pickcoder> you could componentize them though
[20:41:47] <nemo_work> hparker: right now filtering is sucking up like 1% of the CPU :)
[20:41:52] <hparker> pickcoder: Load it with RAM, if the volume is low it'll handle it
[20:41:56] <cpm> only reason I can find for 1tu boxes is if you have really no space, and a whole lot of machines
[20:42:08] <pickcoder> those ITX boards can't hold 4GB
[20:42:09] <cpm> they are loud, expensive, hot and a pain
[20:42:14] <hparker> I have a 1U colo'd here... Noisy damn thing!
[20:42:29] <cpm> no more 1ru boxes for me, I finally got rid of all mine.
[20:42:41] <nemo_work> hparker: load average: 0.12, 0.07, 0.08 <- some of that is my playing with it as a desktop though
[20:42:45] <hparker> pickcoder: My MTA only has 2 gig and it's not hurt at all.. I've got 2 wwith < 1 gig I admin that are fine
[20:42:56] <pickcoder> 1Ghz ITX?
[20:43:02] <cpm> recased 6 of 'em, and shipped the other 4 off to a buddy of mine in wisconson for him to heat his house with
[20:43:07] <rob0> Problem is: most of the "spam filtering" "services" are completely clueless.
[20:43:30] <cpm> rob0, and counting on you to be even more clueless. How they make their money
[20:43:39] <sepski> notes-fauna, it might take a little getting used to. but now im using it for everything, and im migrating everything else to debian when i can
[20:43:44] <sepski> i'm very happy with it
[20:44:01] <nemo_work> hparker: Intel(R) Xeon(TM) CPU 2.80GHz with a gig of ram.  If mini-itx are that powerful, well damn.  Could slap apache on there for a config gui too, heck. nxserver for maintenance.
[20:44:02] *** AJ__Z0 has joined #postfix
[20:44:02] <hparker> pickcoder: http://mail.odsgc.net/cgi-bin/mailgraph.cgi That's a .. 2.8 I think with like 1 gig
[20:44:05] <rob0> Sounds dreadfully close to Microsoft's marketing approach. And note ...
[20:44:15] <notes-fauna> sepski: What you say mirrors what my debian-using friend's say.
[20:44:19] <pickcoder> a 1.2Ghz VIA is not quite the same
[20:44:28] <pickcoder> but I agree.. it's doable
[20:44:31] <pickcoder> to an extent
[20:44:33] <notes-fauna> sepski: very cool.
[20:44:54] <pickcoder> my DediBox in France was a VIA minibox
[20:44:55] <sepski> notes-fauna, well  it's not uncommon for people to start on other distroes. and moving to debian later on.
[20:45:00] <pickcoder> it ran OK
[20:45:07] <pickcoder> I didn't get a ton of e-mail or web traffic though
[20:45:09] <hparker> pickcoder: It depends on the volume... See http://spamikaze.pcsrvc.com/cgi-bin/mailgraph.cgi .. That's a semp64 that sleeps all the time
[20:45:17] <Signum> sepski: the only other people are using debian from the start :)
[20:45:19] <notes-fauna> I started off on Slackware.
[20:45:26] <pickcoder> I started with Slack 3.0
[20:45:27] <sepski> notes-fauna, going from RH8 to debian was a religious experience :)
[20:45:27] *** AJ_Z0 has quit IRC
[20:45:31] <notes-fauna> I moved to RH chiefly because I thought that's what my employers would use.
[20:45:33] *** AJ__Z0 is now known as AJ_Z0
[20:45:34] <nemo_work> hparker: hm. you're at about 4 times the load we are at
[20:45:35] <pickcoder> went to RH and now on Debian forever
[20:45:46] <hparker> nemo_work: Which link?
[20:45:51] * Signum waves the Debian flag
[20:45:55] <notes-fauna> sepski: but I am my own boss now, so I'll use the best for the long term.
[20:45:59] * hparker pets his Gentoo systems
[20:46:00] <nemo_work> hparker: first one
[20:46:03] <nemo_work> the 2.8 with a gig
[20:46:06] *** madclicker has quit IRC
[20:46:10] <pickcoder> we have a multi-O/S IT center here
[20:46:11] <nemo_work> hparker: same specs as mine
[20:46:22] <rob0> (note continued, I was interrupted here) ... Microsoft was the one who made it possible for the whole spam problem to get so bad.
[20:46:33] <pickcoder> my mail gateway is a dual-core AMD64 with 2GB
[20:46:34] <hparker> nemo_work: That's an ISP that I admin, it gets wadded up under attack though
[20:46:43] <rob0> <== Slackware guy
[20:46:53] <pickcoder> it runs along happily
[20:46:54] <Signum> Uh... tomorrow I'll have an appointment with our windows-idiots. They: "We want to run a Linux server here." Me: "Which distribution?" They: "Linux 6". Right...
[20:47:01] <nemo_work> hparker: well, the advantage for us is that this is only an improvement over past. and they can go back to exchange on its own any day :)
[20:47:05] <notes-fauna> rob0: so you are saying SMTP is not at fault, it is the zombie's fault.
[20:47:21] <cpm> it is
[20:47:24] <nemo_work> http://m8y.org/tmp/scl.txt :)
[20:47:28] <nemo_work> that's for exchange
[20:47:33] <nemo_work> the values are mostly arbitrary
[20:47:37] *** madclicker has joined #postfix
[20:47:46] <rob0> notes-fauna: oh not entirely, but it wouldn't have gotten this bad if MS hadn't been blowing off security to such an extent.
[20:47:53] <hparker> nemo_work: Yeah, you're offloading local deliver and POP/IMAP.. That box does all of that as well for 4-500 mailboxes
[20:48:04] <cpm> if microsoft *doesn't* you mean
[20:48:12] *** cilly has joined #postfix
[20:48:20] <nemo_work> hparker: right.  'course, if I made it an appliance box I'd still be offloading
[20:48:37] <hparker> nemo_work: Now, for fun.. On that pcsrvc link.. Scroll down to the yearly graphs
[20:48:38] <nemo_work> hparker: I'd tell people - here is a magic black box that with a few point n click instructions will stop your spam
[20:48:41] <nemo_work> magic!
[20:48:49] <rob0> It's impossible to tack security onto an insecure design, so yes, they're still blowing it off.
[20:49:01] <hparker> Yet another canned spamassassin appliance...
[20:49:03] <nemo_work> rob0: the problem is yeah, years of bad habits accumulated
[20:49:09] *** hoodow has joined #postfix
[20:49:10] <nemo_work> hparker: I'm sure there are a bunch out there
[20:49:25] <nemo_work> hparker: bet I could undercut them though ;)
[20:49:39] <pickcoder> we avg 179 msgs/min rejected
[20:49:43] <hparker> Too many to keep up with.. I get at least 1 call a month from a new vendor wanting me to be a reseller
[20:49:53] <pickcoder> 6/min marked as spam
[20:50:02] *** Kurtism has quit IRC
[20:50:08] <pickcoder> out of that we get ~13/min inside
[20:50:24] <pickcoder> for today
[20:50:29] * cpm needs to remember to call hparker  and ask him to be a reseller
[20:50:43] * hparker gave up drug dealing years ago
[20:50:45] <nemo_work> hparker: what's the average cost for one of those thingers anyway? hopefully their markup isn't much over hw? after all, this stuff works so well with just minimal config...
[20:50:46] <pickcoder> yearly rejection avg is ~ 3000 msg/min
[20:51:15] <pickcoder> I think that's skewed from some misconfigs
[20:51:38] *** Kurtism has joined #postfix
[20:51:43] <hparker> nemo_work: No idea, I always ask them what makes their "one size fits all" appliance better then my custom installs that don't have a monthly fee with them.. Usually get hung up on
[20:51:55] * cpm thinks hparker needs to try this before he rejects it.
[20:52:07] * hparker doesn't do Amway either
[20:52:16] <nemo_work> hparker: bah. screw monthly fee.  I'd do one-time fee with maybe a minimal service contract :)
[20:52:21] <nemo_work> I'm a nice guy :-p
[20:52:27] <pickcoder> s/Amway/sales triangles/
[20:52:28] <hparker> cpm: But, if you want to call me, go for it
[20:52:40] <nemo_work> isn't like dumping an OS on hw is that hard
[20:52:52] * cpm chuckles
[20:53:04] <hparker> It's the support that sux... Remember, you're selling these to MCSEs :-o
[20:53:04] <pickcoder> nemo_work: doing it correctly the first time is the tough part
[20:53:06] *** Ryushin has quit IRC
[20:53:56] <nemo_work> hparker: meh. good contract to limit liability in case of first backscatter.  just have 'em switch back to vaunted exchange at that point? :)
[20:53:59] <pickcoder> reminds me of some of the auto dealer mechanics that never can actually diagnose or fix the problem
[20:54:07] <pickcoder> yet my personal mechanic fixes it in 10 mins
[20:54:14] <nemo_work> hparker: oooh. and charging 'em extra to upgrade to a machine that could handle whatever was thrown at it
[20:54:46] <nemo_work> oh well. I'm not an admin anyway. back to being productive...
[20:55:04] <hparker> pickcoder: No lie.. I was an auto tech for 12 years.. There's some loons in the garages
[20:55:22] * hparker cleaned up lots of messes
[20:55:39] <pickcoder> how do they get certified?
[20:55:41] * cpm needs hparker to come over and paint his house
[20:55:46] <pickcoder> they have no clue what they are doing
[20:55:58] <hparker> pickcoder: They can read a book... I never was certified
[20:55:59] <cpm> they paid, studied and took the test
[20:56:55] <pickcoder> hm
[20:57:13] <hparker> But I was one of the top AC techs in the south Philly area.. One of the better with the electronics when they came out (because I taught myself. Dealership techs were taught to replace what the code pointed at, not that that might be a symptom of something else)
[20:57:24] <pickcoder> so anyone can work for a manuf auth repair center and not actually know anything?
[20:57:26] <pickcoder> heh
[20:57:34] *** cooler has joined #postfix
[20:57:39] *** jonez has quit IRC
[20:57:46] <cooler> good afternoon
[20:57:47] <hparker> Code for O2 sensor, replace O2 sensor, not check if it needed a tuneup, carb rebuild, etc...
[20:57:50] <cooler> (from brazil)
[20:58:18] <pickcoder> oh.. well I guess that makes some sense
[20:58:25] <pickcoder> kinda like helpdesk employees, except your transportation is at their will
[20:58:39] <hparker> Yup
[20:58:49] <cooler> question! to change the ssl certificates, just replace the olds with the new ones ?
[20:58:54] <hparker> I worked with some real idiots when I lived in Philly
[20:59:07] <hparker> cooler: Should be, and then restart postfix
[20:59:08] <Signum> cooler: and restart postfix
[20:59:15] <pickcoder> cooler: did you resign with the same key?
[20:59:54] <pickcoder> not that it matters if you're going to change the cert and key paths
[21:00:00] <cooler> yep, the same key
[21:00:07] * cpm restarts rob0
[21:00:16] <hparker> SEGFAULT
[21:00:42] <cpm> dang!
[21:00:45] <cpm> I hate that
[21:01:29] * rob0 ready
[21:02:03] <cpm> better
[21:02:44] <nick01> any idea what country is .vg ?
[21:03:00] <hparker> killall -9 rob0
[21:03:23] <nemo_work> virgin islands?
[21:03:41] <nick01> yeah that must be it tks
[21:03:42] <nemo_work> nope. that's vi
[21:03:51] <nemo_work> oah
[21:03:52] <cpm> cat hparker | rob0 -v >> Signum
[21:03:55] <nemo_work> oh. n/m british virgin islands
[21:03:57] <cooler> thanks for the help!
[21:04:02] <cooler> cya
[21:04:15] <nemo_work> vg for brits and vi for us
[21:04:31] <nick01> I see
[21:04:32] <nick01> tks
[21:04:42] <Signum> cpm: hey... you make me look fat!
[21:04:49] * cpm chuckles
[21:04:59] <hparker> hehe
[21:05:04] *** cooler has left #postfix
[21:11:05] *** j416 has joined #postfix
[21:12:51] *** cilly has quit IRC
[21:14:46] <rob0> cat Signum
[21:15:08] *** jonez has joined #postfix
[21:15:12] <rob0> sh: rob0: -v: Unknown option ... rob0 is always verbose
[21:15:32] <Signum> rob0: haven I told you to lay off the drugs today already? :)
[21:16:05] <rob0> You expect me to remember that far back?
[21:16:20] <Signum> How long is a day in your timezone?
[21:16:22] <pickcoder> look in /var/log/rob0/
[21:16:30] <Signum> umount /mnt/rob0
[21:16:45] <hparker> Eeekkk!!! Who mounted rob0?!?!?!?!
[21:16:57] * Signum points at cpm
[21:17:35] * cpm whistles and walks away
[21:18:22] * rob0 lights a cig and looks content
[21:20:45] <Signum> Stop that. My laughing wakes up the neighborhood.
[21:20:48] *** xpoint has quit IRC
[21:21:38] <notes-fauna> is Zimbra using postfix?
[21:21:46] <rob0> yes
[21:23:36] <notes-fauna> When I told my friends I am going to spend some time refreshing my knowledge of Postfix they said to look at Zimbra.
[21:24:40] <Dominian> zimbra looks nice
[21:25:30] <cpm> if zimbra will do what you need done, it's nice software, I think
[21:26:10] <notes-fauna> They seem to have a free Open Source version.
[21:26:28] <notes-fauna> but they have also packaged additional enhancements and features into a for-paid version
[21:26:42] <cpm> its' hugely bloated, but pretty cool
[21:26:45] <pickcoder> heh..
[21:26:48] <pickcoder> Zimbra
[21:26:49] <pickcoder> good luck
[21:26:54] <notes-fauna> Perhaps by doing yourself, building it all by hand. You aren't limited by what they package.
[21:27:01] <Dominian> If you could implement it into an existing postfix setting.. might be worth a shot.
[21:27:14] <cpm> Dominian, not likely
[21:27:18] <Dominian> yah
[21:27:20] <cpm> you can add yer own hacks though
[21:27:28] <Dominian> heh
[21:27:50] <cpm> I've had good luck with that, but you have pay pretty careful attention to their hacks, or it's easy to break
[21:28:44] <cpm> like I have an email to hylafax-ism, and hacking that into zimbra was a bit fiddly, but not too awful. Mailman with virtual domains and zimbra on the other hand, , , ick!
[21:28:54] <Dominian> heh
[21:30:33] *** ph1zzle has joined #postfix
[21:31:47] <ph1zzle> hey guys, quick question, I setup a postfix server, seems to work great, how can I tell other linux machines to use that host to send mail, as in for logwatch etc?
[21:32:27] <Dominian> depends on what MTA the other machines are you using
[21:33:10] <ph1zzle> at the moment they are not
[21:33:17] <ph1zzle> what would you recommend ?
[21:36:08] <Dominian> well if they have sendmail in place.. you can still force sendmail to send through your postfix box
[21:36:30] <Dominian> or install postfix and configure relayhost in main.cf on the boxes to route mail through your main postfix
[21:38:43] *** Kurtism has quit IRC
[21:39:47] *** Kurtism has joined #postfix
[21:40:16] <many> for sendmail its ^SH
[21:40:35] <many> if you have none at all, and they send automated mail only, look at nullmailer, smail and such stuff instead
[21:42:00] *** cilly has joined #postfix
[21:47:28] *** cilly has quit IRC
[21:51:06] *** prebur has quit IRC
[21:54:20] *** cpm has quit IRC
[21:56:40] *** hemry has quit IRC
[21:57:09] <ph1zzle> thanks guys, actually I installed postfix on this box before I read your replies it's accepting on the loop back only interface and using the other machine as the relayhost
[21:57:20] *** sepski has quit IRC
[21:57:27] <ph1zzle> now I just need to know how to forward mail that would go to root to the new machine as that would be local
[21:59:48] <ph1zzle> as in when mail is sent to root on the machine that is forwarding mail to the other machine have that mail sent to the new machine instead
[22:00:25] <ph1zzle> anyone know how that would be done?
[22:02:09] <many> aliases
[22:02:44] *** notes-fauna has quit IRC
[22:03:44] *** pssh has quit IRC
[22:13:46] <nick01> in myhostname = $host.domain.name what do I put there if I have a subdomain blah.domain.net and a MX mail.blah.domain.net /
[22:13:47] <nick01> ?
[22:14:18] <nick01> for host I put the ip or what ?
[22:14:37] *** cilly has joined #postfix
[22:21:04] *** ZzimmyY has joined #postfix
[22:25:18] *** Kurtism has quit IRC
[22:26:48] *** Kurtism has joined #postfix
[22:26:59] *** mirlyn has joined #postfix
[22:28:07] <mirlyn> hey all....is there a way to disable bounce messages to a particular address/host? ie, root at some dot other.host
[22:29:51] <mirlyn> trying to prevent having all these undeliverables sitting in the queue
[22:30:40] <smesjz> you can set soft_bounce = yes
[22:30:45] <smesjz> but not per user
[22:31:24] <nick01> can somebody tell me what I put in myhostname = $host.domain.name  ?
[22:32:00] <smesjz> put subdomains in mydestination
[22:32:13] <nick01> smesjz, me ?
[22:32:34] <smesjz> yes
[22:32:44] <smesjz> 'put there if I have a subdomain blah.domain.net and'
[22:33:01] <mirlyn> its a smarthost for other webservers...people have defunct emails which try to get delivered, fail, and the bounce then tries to get delivered back to the webserver.....was hoping to stop that, but I guess not huh? :)
[22:33:42] <nick01> smesjz, ok and the myhostname = $host.domain.name ? what do I put for host and for domain I put the subdomain or the domain I don't control ?
[22:35:03] <smesjz> myhostname should your FQDN. the output of 'hostname -f'
[22:35:28] <smesjz> + be
[22:35:55] <nick01> smesjz, even though the hostname I get from my ISP has nothing to do with the domain I'm configuring ?
[22:37:27] <smesjz> put the domain you are configuring in mydestination
[22:37:38] *** iratik has left #postfix
[22:38:20] <ZzimmyY> my email system dont use the postfix sql users with dovecot.
[22:38:34] <nick01> smesjz, so  I can put T72.b.astral.ro for host ? that's what hostname -f says; and domain.name would be the main domain not my particular subdomain I'll actually use ?
[22:39:01] *** iratik has joined #postfix
[22:39:16] <smesjz> well, list that subdomain too in mydestination
[22:39:23] <nick01> this guide sure is crap
[22:39:27] <nick01> ok
[22:39:45] <nick01> ydomain = $domain.name - thats also the main domain I PRESUME
[22:40:11] <iratik> anyone else running ispconfig?
[22:40:21] <smesjz> nah, you can uncomment mydomain
[22:40:23] <smesjz> err
[22:40:24] <smesjz> comment
[22:40:46] <smesjz> just make sure myhostname is set
[22:40:49] *** flami has quit IRC
[22:41:36] <iratik> welll... i've got a tall order here
[22:41:42] <nick01> mydestination = $myhostname, localhost.$mydomain $mydomain ; do I leave $myhostname or I edit it as with myhostname = line ? do I replace localhost with my ip ? and for $mydomain I use the subdomain ?
[22:41:51] <iratik> conditional routing for emails
[22:42:01] *** Zeit|idle has joined #postfix
[22:42:05] <iratik> and mysql based logging
[22:42:11] <iratik> anything already exist?
[22:42:15] <smesjz> nick01: cant you ask one question at a time? :)
[22:42:25] <nick01> smesjz, sorry one big line :)
[22:42:58] <smesjz> but the answer is yes ;)
[22:43:02] <smesjz> that should work
[22:43:19] <smesjz> mydestination = $myhostname, localhost.$mydomain $mydomain && mydomain = yoursub.domain.org
[22:43:28] <smesjz> let's give that a try
[22:43:34] <ZzimmyY> smesjz: you used postfixadmin + mysql + dovecot
[22:44:00] <smesjz> ZzimmyY: i wrote something myself that replaced postfixadmin
[22:44:19] <smesjz> but I contributed some stuff to the postfixadmin site though
[22:44:30] <smesjz> like quota stuff and some other thingies...
[22:44:42] <ZzimmyY> ahh
[22:44:58] <ZzimmyY> i cant get dovecot to use the sql users
[22:45:06] <ZzimmyY> and its setup right
[22:45:25] <ZzimmyY> well that i can see
[22:45:32] <nick01> smesjz, intead of adding the && mydomain = yoursub.domain.org can't I put that in the previous mydomain = $domain.name ?
[22:46:05] <smesjz> ZzimmyY: it's not rocket science..but check #dovecot or the Dovecot website..it's no rocket science
[22:46:41] <ZzimmyY> ;/ ok
[22:46:56] <smesjz> nick01: i didn't mean you actually have to use the '&&' . But it was used to indicate you need to use both lines
[22:47:01] <smesjz> mydomain = $domain.name
[22:47:08] <smesjz> mydestination = $myhostname, localhost.$mydomain $mydomain
[22:47:19] <smesjz> but $ is also a variable in Postfix :)
[22:48:05] <nick01> smesjz, so mydomain = blah.domain.net without $ in front right ?
[22:48:38] <smesjz> exactly
[22:51:05] <nick01> tks for taking the time to explain this :) that gentoo guide is ridiculous it practically tells u what u need to edit without making it clear what u need to put in
[22:51:29] *** cilly has quit IRC
[22:52:02] *** cilly has joined #postfix
[22:55:08] <Signum> smesjz: Checked in a new tutorial version. The MySQL views work well and keep the .cf files small. I'm satisfied so far.
[22:56:14] <smesjz> sweet
[22:56:33] <smesjz> i'll look at it tomorrow..it's time to sleep
[22:56:42] <Signum> smesjz: sure...
[22:56:59] *** smesjz has quit IRC
[22:59:30] *** pirho has joined #postfix
[23:08:21] *** sc00p has quit IRC
[23:12:20] *** flami has joined #postfix
[23:12:21] *** prebur has joined #postfix
[23:12:50] *** Kurtism has quit IRC
[23:13:28] *** Kurtism has joined #postfix
[23:19:11] *** hparker has quit IRC
[23:22:02] *** Neoteric_ has joined #postfix
[23:22:47] <Neoteric_> how can I setup postfix to accept mail for domains X Y Z and then relay all emails to domain Y to another machine?
[23:23:41] <Neoteric_> oh I guess it's the virtual_alias bits
[23:23:47] <rob0> X and Z in $mydestination (or other class as you choose), Y in $relay_domains.
[23:24:03] <Neoteric_> wait? really?
[23:24:07] <rob0> Y also listed in transport_maps
[23:24:27] <rob0> all users in Y listed in relay_recipient_maps
[23:24:37] <rob0> see ADDRESS_CLASS_README
[23:25:16] <Neoteric_> thanks!
[23:26:33] *** andresmujica has left #postfix
[23:28:53] *** Mazon is now known as mazon
[23:40:24] <Neoteric_> rob0: what should the transport maps look like?
[23:41:27] * Neoteric_ looks at a man page
[23:41:47] <rob0> "man 5 transport"
[23:42:38] <rob0> basic form is "transport nexthop" where nexthop is [transport:]host[:port]
[23:43:11] <rob0> if omitted, relay_domains use relay_transport on port 25
[23:43:39] *** nick01 has quit IRC
[23:46:49] *** TheOutlander has quit IRC
[23:57:23] *** pirho has quit IRC
[23:58:38] *** pirho has joined #postfix





top