postfix IRC logs [May 27

[00:00:59] *** narcissist has left #postfix
[00:02:53] *** pirho has quit IRC
[00:08:31] *** killown has joined #postfix
[00:09:02] *** frennkie has quit IRC
[00:18:22] *** killown has quit IRC
[00:25:31] *** madclicker has quit IRC
[00:26:05] *** prebur has joined #postfix
[00:36:19] *** tuxben has quit IRC
[00:37:01] *** TheOutlander has joined #postfix
[00:46:10] *** stony has quit IRC
[00:46:41] *** killown has joined #postfix
[00:54:51] *** frennkie has joined #postfix
[01:00:14] *** killown has quit IRC
[01:00:35] *** killown has joined #postfix
[01:04:34] *** Mazon is now known as mazon
[01:10:13] <tuxcrafter> question: does this mean i dont have to set the auth only
[01:10:14] <tuxcrafter>  Note 2: The parameter setting "smtpd_tls_security_level = encrypt" implies "smtpd_tls_auth_only = yes".
[01:10:46] <tuxcrafter> so if i set security level to encrypt i can leave auth_only
[01:13:51] *** rmayorga has quit IRC
[01:21:19] *** killown has quit IRC
[01:25:07] *** killown has joined #postfix
[01:25:45] <tuxcrafter> i cant find the dovecot_destination_recipient_limit on the postfix documentation website!
[01:29:13] *** killown has quit IRC
[01:31:10] *** killown has joined #postfix
[01:33:41] *** frennkie has quit IRC
[01:33:49] <Menkaure> i have entries in main.cf and master.cf for procmail. but my neither /$HOME/.procmail nor /etc/procmail is taken. i put a sample filter in both and a logfile direction. nothing at all happened. i also restarted postfix. any ideas what can be forgotten?
[01:42:57] *** roe_ has joined #postfix
[01:43:21] <tuxcrafter> Menkaure: sorry cant help you dont use procmail
[01:44:14] <Menkaure> i tried nearly everything now. ^since more then 10 hours. its frustrating
[01:47:06] *** Mavvie has quit IRC
[01:47:07] *** killown has quit IRC
[01:47:20] *** Mavvie has joined #postfix
[01:59:46] *** GMFlash has joined #postfix
[02:15:42] <ALKH> hi all ! how can i have a shell script executed after each delivered mail ?
[02:16:00] *** roe_ has quit IRC
[02:16:12] <Menkaure> thats what i am trying at the moment. but its not working :)
[02:16:22] <Menkaure> http://www.postfix.org/VIRTUAL_README.html#autoreplies#
[02:16:54] *** roe_ has joined #postfix
[02:17:24] <ALKH> Menkaure: Somebody tell me about the master.cf
[02:17:30] <Menkaure> with that you can execute a script but on me it still says that the autoreply at blabla dot com user did not exist :(
[02:18:26] <Menkaure> in this tutorial you had to edit main.cf also. but i am still fighting with this. but for sure i am a big noob with email
[02:18:32] <ALKH> Menkaure: arg, i can't get shell script executed
[02:18:41] <ALKH> with the master.cf ...
[02:18:50] <ALKH> ;)
[02:19:31] <Menkaure> since over 12 hours i try to install a autoreply without success. its terrible
[02:20:33] <ALKH> and, is your task in master.cf working ? (are they callled?)
[02:21:58] <Menkaure> yes. it should pipe it to a script. before the mail is copied for normal mailbox and for the script. but it says user unknown in case of the script one
[02:22:42] <Menkaure> so the pipe should work but don't accept the adress
[02:23:39] <tuxcrafter> bye guys
[02:23:48] <tuxcrafter> i have to get some sleep
[02:23:51] <Menkaure> bye
[02:23:53] <ALKH> i try to pipe to a simple commande like "echo toto > /tmp/toto" but nothing is writed into /tmp/toto :s
[02:24:02] <ALKH> tuxcrafter: cu!
[02:24:08] *** tuxcrafter has left #postfix
[02:25:18] <Menkaure> i wish i would know more about this to help you. but i still have the same problem :(
[02:27:23] *** war has quit IRC
[02:28:49] <ALKH> Menkaure: pv
[02:29:05] <Menkaure> pv?
[02:30:01] <ALKH> oups sorry ;)
[02:30:44] <Menkaure> np
[02:38:55] <Menkaure> " connect to transport autoreply: No such file or directory" says my logfile now. but wich file exactly does that mean? i think i will have it soon. something about the next 20 hours
[02:41:16] <lennard> Menkaure: what does the master.cf entry for autoreply look like?
[02:42:08] <Menkaure>  autoreply unix  -       n       n       -       -       pipe
[02:42:08] <Menkaure>        flags= user=nobody argv=/home/vmail/response.sh $sender $mailbox
[02:42:33] <Menkaure> response.sh is the file, right? should be renamed?
[02:43:47] <lennard> and what service is telling you 'no such file or directory'?
[02:44:18] <Menkaure> this file /var/log/mail.warn
[02:44:37] <lennard> yes, but is says postfix/xxxxxx before the actuall error
[02:44:42] <lennard> whats in the x's :)
[02:45:14] <Menkaure> qmgr[26582]
[02:45:29] <Menkaure> whats that?
[02:45:40] <lennard> queue manager
[02:45:51] <lennard> what is the master.cf line for qmgr?
[02:46:51] <Menkaure> qmgr    fifo  n       -       n       300     1       qmgr
[02:47:15] <Menkaure> for me thats all hyroglyphs or how that is written in english :)
[02:47:27] <lennard> :)
[02:48:33] <lennard> could you paste the complete line from mail.warn containing the error?
[02:48:42] <Menkaure> one moment
[02:49:01] <Menkaure> May 27 03:03:29 h1162614 postfix/qmgr[26582]: warning: connect to transport autoreply: No such file or directory
[02:49:09] <lennard> hmm
[02:49:22] <lennard> I'd guess /home/vmail/response.sh doesn't exist
[02:49:47] <Menkaure> i renamed it also in autoreply
[02:49:56] <Menkaure> and then in the master.cf
[02:50:00] <Menkaure> and restarted
[02:50:07] <Menkaure> all different possibilities
[02:50:26] <lennard> are you sure? the master.cf paste you just gave me says response.sh
[02:51:10] <Menkaure> yes but i try all
[02:51:11] <Menkaure> with response.sh in that /home/vmail
[02:51:11] <Menkaure> then renamed in autoreply
[02:51:24] <Menkaure> then changed the master.cf to /home/vmail/autoreply and so one and so one
[02:52:08] <lennard> hmm
[02:52:21] <lennard> well, it still is the only thing I can think of :)
[02:52:46] <Menkaure> so if the line i posted with the entry /home/vmail/response.sh and i restart again and the file exists with that name it should be working?
[02:53:16] <lennard> I don't know about that, but I don't think the error will be No such file or directory
[02:53:20] <lennard> anymore
[02:53:47] <Menkaure> mmh.
[02:56:29] <Menkaure> something i think its stupid that in that mail.warn the line witch says file or directory not found doesn't show the file name exactly. thats confusing i think.
[02:56:56] *** rmayorga has joined #postfix
[02:57:22] *** olinux has joined #postfix
[02:58:47] <Menkaure> that autoreply is an defined name in the /etc/postfix/transport when i understand that clearly. but how does postfix know which file to use. about that entry in master.cf?
[03:00:11] <lennard> I cant be sure how exactly your transport is configured, but I'm guessing it is pointing to the transport called 'autoreply'. this is configured in master.cf
[03:00:48] <lennard> you'll notice all the 'regular' transports, local, smtp, virtual, relay etc. are also defined in a similar manner in there
[03:01:57] <Menkaure> this is the line in "main.cf transport_maps = hash:/etc/postfix/transport" and this is my /etc/postfix/transport "autoreply.heroautographs.com autoreply:" should be correct if the howto is also
[03:02:23] <Menkaure> this is the line in main.cf "transport_maps = hash:/etc/postfix/transport" and this is my /etc/postfix/transport "autoreply.heroautographs.com autoreply:" should be correct if the howto is also
[03:02:28] <Menkaure> this way :)
[03:04:26] <Menkaure> the problem at all is that email at all is an absolut crazy thing for me. webserver and linux itself is ok. but email is nothing for me. mmh but thank you anyway for the help.
[03:06:00] <lennard> np :)
[03:06:20] <Menkaure> maybe i use software wich is not working with that. i think that happends often with email. i use postfix, courier-pop, virtual mailboxes. maybe its not working with that configuration
[03:06:39] <lennard> I don't know, I never have used autoreply
[03:07:09] <Menkaure> this is terrible
[03:08:19] <Menkaure> i tried procmail, sieve maildrop and now this. all over the whole day. nothing is working. ok i think i am not the most intelligent one but on webserver and coding things i get it normaly. but this is frustrating
[03:09:15] <Menkaure> and its just such a simple thing from an outside look. just send back an small email with a few lines of text. crazy really
[03:09:46] <lennard> nothing is as simple as it seems :)
[03:10:08] <Menkaure> :(
[03:11:37] <Menkaure> mail.err says before that there is a transport.db file missing. i create it with "postmap transport" and "postmap virtual". is it possible that this is in relationship to this?
[03:12:19] <lennard> postmap transport probably fixed it
[03:12:51] <lennard> although personally usually explitely add the type, so postmap hash:transport
[03:13:09] <Menkaure> yes this is in main.cf
[03:13:10] *** mischko has joined #postfix
[03:13:29] <Menkaure> mmh. i think i had to reply all my messages in my holidays :(
[03:13:35] *** SilenceGold has quit IRC
[03:14:02] <mischko> I need all external email to be delivered by another server out on the Net and on a different port than 25.  Do I set that in master.cf?
[03:14:32] <lennard> main.cf would be more suitable
[03:14:47] <lennard> simply use the smarthost directive
[03:15:30] <mischko> lennard, thanks.
[03:21:43] *** mischko has quit IRC
[03:33:06] <Menkaure> i think the qmgr already try to deliver undelivered mails. does he stop that one day or will he continue that until its delivered?
[03:33:49] *** simon_ has joined #postfix
[03:34:14] *** simon_ is now known as sweede
[03:45:10] *** roe_ has quit IRC
[04:22:54] *** doomas has joined #postfix
[04:27:49] *** Zand3r has joined #postfix
[04:29:09] <Zand3r> Hi all... I'm having trouble using Outlook  (and Outlook Express) with SASL authentication in Postfix. Does anyone know if this might be because I'm using a self-signed certificate (I've registered one to see if it solves the problem but it's taking a while to arrive)?
[04:30:59] <hax> Zand3r: do you have postfix set up to deal with broken sasl requests?
[04:31:04] <hax> (it's an option in main.cf)
[04:31:38] <Zand3r> hax: Yes, I have broken_sasl_auth_clients = yes
[04:32:16] <hax> Zand3r: well, the certs should have nothing to do with it, because that isnt related to the authentication
[04:32:21] <hax> then again, it is outlook
[04:32:24] <hax> not sure :/
[04:32:34] <rob0> Outlooks lies and gives misleading error messages.
[04:33:04] <rob0> You tell it to auth, but AS YOU KNOW since you already reviewed your logs, it's not authenticating.
[04:33:27] <Zand3r> Outlook hasn;t complained about the certificates - I am jsut grasping at strawers because I can jsu tnot track down what on earth is wrong. Everything's working great in Thunderbird (no surprise there) so my general setup seems ok.
[04:33:35] <hax> rob0: i wish you'd yell the answers to my problems at me :/
[04:34:02] <Zand3r> rob0: That's exactly what seems to be happening - it's establishing the TLS conenction but not authenticating as far as I can tell from the logs.
[04:34:06] <rob0> The tricks I know: use smtps, not TLS; and use LOGIN mechanism.
[04:34:42] *** rmayorga has quit IRC
[04:34:47] <Zand3r> rob0: I understand what you mean by smtps - what do you mean by use LOGIN mechanism?
[04:35:12] <hax> Zand3r: check your mech_list
[04:35:53] <rob0> Your SASL backend (Cyrus or Dovecot) should have both PLAIN and LOGIN mechanisms.
[04:37:21] *** doomas_ has quit IRC
[04:39:36] <Zand3r> I'm using Dovecot - I'll go look over my settings - I know I've most likely avoided LOGIN but plain text over smpts would be ok
[04:41:07] <Zand3r> Aha - i see - I currently have jsut "mechanisms = plain" so I need to add "login" and see what implications this has.
[04:41:10] <rob0> mechanisms = plain login # in your auth default section
[04:41:16] <rob0> zackly
[04:44:02] *** JeffH has left #postfix
[04:45:23] <Zand3r> oh nice - Outlook Express jsut sent mail - and most importantly - adding "login" does not seem to affect things over none-secured connections (i think).
[04:45:48] <hax> Zand3r: 'login' is insecure, i think
[04:46:00] <hax> rob0: any idea on my thing? http://pastebin.ca/513039
[04:46:06] <rob0> LOGIN is no more/less secure than PLAIN.
[04:46:28] <Zand3r> hax: not if it's used over SSL which I think it is (hope it is)
[04:46:39] *** Menkaure has left #postfix
[04:47:01] <hax> Zand3r: just disable any connection that doesnt use tls
[04:47:26] <rob0> reject_sender_login_mismatch ... I don't understand the question.
[04:47:44] <hax> rob0: well, say you auth hax at domain dot com then want to send mail as root at domain dot com, that's a problem
[04:47:58] <hax> rob0: so i want to make sure the sender name matches the login name
[04:48:07] <hax> rob0: from the docs, that looks like reject_sender_login_mismatch
[04:48:10] <rob0> SMTPS is SSL, so that's reasonably secure.
[04:48:49] <rob0> hax, I never messed with those login mismatch settings.
[04:50:34] <hax> rob0: hmm, i used to have it working using hash:/, and i'm wondering if i actually need to do it with mysql:/ somehow... but it'd make sense if it just worked with SASL
[04:50:39] <rob0> Why is root needing to authenticate anyway? Shouldn't it only be sending from/thru localhost? Isn't that in $mynetworks?
[04:50:50] <hax> rob0: err yeha, root doesnt need to authenticate
[04:50:59] <hax> rob0: but someone could send mail as root by logging in with their own user name
[04:51:08] <hax> or could send mail as me by loggin in as someone else
[04:51:22] <hax> in other words, the MAIL FROM should match the SASL login name/realmn
[04:51:23] <hax> *realm
[04:51:24] <rob0> Don't give shell access to people you can't trust,
[04:51:31] <hax> it's not shell access, it's SMTP access
[04:51:55] <hax> that's the point :/
[04:52:14] <rob0> are you listening?
[04:53:03] <hax> yeah...
[04:53:04] <rob0> Are you trying to use a MUA as root? Why?
[04:53:10] <hax> i'm not
[04:53:19] <hax> let me try explaining again:
[04:53:28] <rob0> If root is sending cron output, isn't localhost in mynetworks?
[04:53:38] <hax> err yeah, root has nothing to do with it, i should have just picked another user name
[04:53:39] <rob0> or sending using sendmail(1) ?
[04:54:13] <hax> rob0: i'm just talking about sending mail over smtp... i'm saying that if 'rob0' authenticates, he can send 'MAIL FROM' 'hax'
[04:54:54] <hax> rob0: so say you connect to auth with rob0 at domain dot com and you want to be sneaky and send mail that looks like it's from me... since you have an authentication on my server, you can just spoof the MAIL FROM and there would be no difference to the recepient if it was really me sending it or your spoof
[04:55:15] <rob0> Okay, you used a bad example. In your *munged* paste, you didn't mention who "hax at domain dot com" authenticated as.
[04:55:48] <hax> rob0: nope, it doesnt matter... if i enable reject_sender_login_mismatch, it doesnt let *anyone* send any mail
[04:56:03] <hax> because it apparently does know what the sender login is to check if it's mismatched? or something?
[04:56:13] <rob0> hax, I think ... yes something like that.
[04:56:14] <hax> rob0: that log is me trying to send from a valid account, but not being able to, because it apparently think it's a mismatch
[04:56:15] *** hparker has joined #postfix
[04:56:28] <hax> *thinks
[04:56:33] <rob0> how big is your user base?
[04:57:05] <hax> really small, but i want it to both be secure and scale
[04:57:25] <hax> rob0: the docs show me that i could hash:/ it... which almost makes sense... but you'd think i could do the same thing with SASL directly
[04:57:36] <hax> or at least with mysql, somehow
[04:58:09] <hax> rob0: or maybe this is just an unrealistic problem to solve, it just seemed that it should be this way
[04:58:10] <rob0> if the users are authenticating as user@domain, and using that as envelope sender, it should work IIUC.
[04:59:42] <hax> rob0: with some kind of sender map? yeah... with just sasl and no map? apparently not
[04:59:55] <hax> i just thought this would be a really common thing to do, apparently not
[05:00:07] <rob0> If you auth as "hax" and use "hax at some dot domain" as envelope sender, that's probably a mismatch.
[05:00:39] <rob0> Nah, I think it's reasonable in most cases to solve as a political issue.
[05:02:07] <hax> rob0: yeah, i can't even really tell thunderbird to spoof it, since it'd change my login name... i just recognized it as a potential vulnerability
[05:02:22] <hax> rob0: but because i don't speak SSL in telnet anyway, i can't very much test it with real SMTP commands
[05:03:30] <rob0> openssl(1) has s_client(1) which can do this.
[05:04:16] <hax> oh thats neat, i did not know such a thing existed
[05:05:29] <hparker> Look for ... Errmm.. saslfinger I think it is
[05:05:53] <rob0> saslnose
[05:06:30] * hparker pokes rob0 in his saslnose
[05:06:44] * rob0 saslbleeds
[05:06:53] <Zand3r> rob0: Well - I'm reading with interest what hax is saying but I wanted to thank you because my problem is now solved. Using LOGIN works fine with Outlook Express and my system seems to restrict this functionality to smtps so should be secure.
[05:07:31] <Zand3r> My only problem now is that Outlook Express is complaining about the certificate and doesn;t seem to have a way to "remember the certificate" so it complains every session but that's a minor thing.
[05:07:59] <rob0> That's an issue between Outhouse users and Microsoft support :)
[05:08:08] <hax> Zand3r: you can install the CA into the OS
[05:08:21] *** cilly has quit IRC
[05:08:36] <rob0> yeah, poke around IE Internet settings
[05:08:57] <hax> Zand3r: once your CA is installed in the windows OS, any certs you sign with it are auto-magically valid
[05:09:04] <rob0> I don't use Windows at all, can't help.
[05:09:37] <hparker> Zand3r: look into cacert.org
[05:09:45] <Zand3r> hax: Thanks - I'll look arround - I vaguely remember reading somehthing about importing in to IE to help Outlook (and I guess Outlook express - I'll go play) -
[05:10:28] * hparker just puts a link to cacert on the webmail page so people can import the cert
[05:16:37] <hax> ok, i'm pretty much good with postfix then
[05:16:45] <hax> the only other thing i haven't done (yet) is setup maildrop
[05:19:50] <hax> which is what i should really be using for the best spam filtering, right?
[05:19:52] <hax> (at least, eventually)
[05:24:54] <rob0> !cheatsheet
[05:24:55] <knoba> rob0: 'cheatsheet' : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.
[05:28:37] <hax> well that's an interesting document
[05:30:21] <hax> rob0: if i do need to use maildrop for SA or something, maildrop should be about 1:1 with virtual(8), right?
[05:31:11] <Zand3r> hmm... Outlook Express works - Outlook doesn;t - I can't believe MS's stuff is such a mess - OK, I can - But I can;t believe I'm being affected by it :(
[05:33:15] <hax> heh
[05:38:25] *** raqamy has quit IRC
[05:38:59] *** raqamy has joined #postfix
[06:16:46] *** roe_ has joined #postfix
[06:17:48] *** roe_ has joined #postfix
[06:20:33] *** roe_ has quit IRC
[06:25:23] *** FuzzyB has quit IRC
[06:33:23] *** magyar has quit IRC
[07:16:30] *** Zand3r has quit IRC
[07:39:38] *** olinux has quit IRC
[07:55:49] *** Motoko-chan has joined #postfix
[08:33:45] *** Motoko-chan has quit IRC
[08:45:37] *** sweede has quit IRC
[09:10:10] <Techdeck> Hello, I'm trying to make an alias from the user 'dfns' to an external email, but when I send an email to it, I get relay access denied
[09:10:14] <Techdeck> any ideas how to fix this?
[09:12:12] <Techdeck> May 27 10:11:29 beer postfix/smtpd[17162]: NOQUEUE: reject: RCPT from wx-out-0506.google.com[66.249.82.235]: 554 5.7.1 <dfns at defense-industries dot com>: Relay access denied; from=<peledn at gmail dot com> to=<dfns at defense-industries dot com> proto=ESMTP helo=<wx-out-0506.google.com>
[09:12:15] <Techdeck> thats the error
[09:14:04] <Techdeck> never mind, fixed
[09:16:55] *** KhensU has quit IRC
[09:23:37] *** hparker has quit IRC
[09:24:30] *** henno has joined #postfix
[09:26:12] <henno> I am running a postfix/courier setup, but have a qmail maildir I need to merge into a new server
[09:26:53] <henno> what is the preccess of migrating the files from the /cur/ and /new/ directories into the new users' Maildir (with some existing emails)
[09:26:54] <henno> proces*
[09:26:58] <henno> darn
[09:27:14] *** victori__ has left #postfix
[09:35:27] <eat_life> if they're both using maildir then you can simple move/merge it by moving to the right path
[09:54:03] *** prebur has quit IRC
[10:05:02] *** prebur has joined #postfix
[10:26:43] <henno> eat_life: you're right, turned out it was a permissions issue only (set the wrong guid)
[10:27:50] *** rmayorga has joined #postfix
[10:32:37] *** war has joined #postfix
[10:40:26] *** Devilman_ has joined #postfix
[10:47:32] *** MrRagga has joined #postfix
[10:56:45] *** GodSp33d has quit IRC
[11:04:51] *** js_ has quit IRC
[11:07:30] *** eckhard has joined #postfix
[11:08:24] <eckhard> Hi, can anyone give me a hint what I have to do to make postfix look for the .forward file and (re)act on that?
[11:08:48] *** henno has left #postfix
[11:11:38] *** KhensU has joined #postfix
[11:13:43] <eckhard> Hi KhensU
[11:14:04] <eckhard> can you give me a hint what I have to do to make postfix look for the .forward file and (re)act on that?
[11:21:03] *** Zeit|awy has quit IRC
[11:23:58] *** prebur has quit IRC
[11:25:03] <Signum> eckhard: postfix looks for the .forward file in the user's home directory upon local delivery automatically
[11:31:08] *** prebur has joined #postfix
[11:31:23] *** frennkie has joined #postfix
[11:36:46] *** tuxcrafter has joined #postfix
[11:36:55] <tuxcrafter> morning
[11:44:01] *** rmayorga has quit IRC
[12:11:39] *** frennkie has quit IRC
[12:23:03] *** js_ has joined #postfix
[12:27:59] *** frennkie has joined #postfix
[12:29:49] <tuxcrafter> warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
[12:30:00] <tuxcrafter> can someone help me with that warning
[12:38:44] <snappy> are you using NIS?
[12:40:01] <tuxcrafter> snappy: not that i know of
[12:40:14] <tuxcrafter> i am trying to set up a secrure smtp relay
[12:41:02] <many> postfix is loading some default nis resolver module
[12:41:03] *** Zeit|idle has joined #postfix
[12:41:04] <snappy> postconf | grep nis
[12:41:17] <snappy> find out waht variables use NIS, remove the NIS lookups.
[12:41:40] <many> heh. ;-)
[12:41:41] <tuxcrafter> alias_maps = hash:/etc/aliases, nis:mail.aliases
[12:41:59] <tuxcrafter> I got vuser not using alias_maps
[12:42:55] <tuxcrafter> someone got a good howto for a secrure smtp relay host
[12:44:17] <tuxcrafter> I want got a isp with a  open smtp server on port 25
[12:44:57] <tuxcrafter> i want to be able to have 1 smtp.domain adress voor every virtual host that direct to my server
[12:45:10] <tuxcrafter> that it will relay to the isp smtp and query the mail
[12:45:24] <tuxcrafter> but It must be safe
[12:45:31] <tuxcrafter> i dont want to come in any blacklist
[12:46:58] <tuxcrafter> with my current setup i got errors like: client host rejected
[12:47:20] <tuxcrafter> i can pastebin the configuration I changed from default
[12:47:53] <tuxcrafter> many: do you know how to set up a smtp relay host
[12:50:39] <many> you need to express your problem in an understandable fashion, i didnt understand what your problem is
[12:51:32] <tuxcrafter> Client host rejected: Access denied;
[12:55:18] <tuxcrafter> (what is the best way to clean all logs to start fresh)
[12:56:22] <tuxcrafter> echo "" > /var/log/mail.log?
[12:59:08] <tuxcrafter> many: http://pastebin.ca/513658
[12:59:17] <tuxcrafter> that is al the information i have
[12:59:30] <tuxcrafter> i used the information on this webstie
[12:59:54] <tuxcrafter> http://www.postfix.org/SMTPD_ACCESS_README.html
[13:05:52] <tuxcrafter> postconf -e 'smtpd_client_restrictions = '
[13:05:52] <tuxcrafter> this will solve the block
[13:05:57] <tuxcrafter> but its not save
[13:06:07] <tuxcrafter> i think
[13:07:33] <eat_life> Signum: are you around?
[13:09:06] *** war has left #postfix
[13:11:43] <tuxcrafter> many: http://pastebin.ca/513683
[13:11:46] <tuxcrafter> found the problem
[13:12:06] <tuxcrafter> i think my isp smtp does not support TLS
[13:15:43] *** pirho has joined #postfix
[13:20:36] *** [dmp] has joined #postfix
[13:29:55] *** smesjz has joined #postfix
[13:44:44] *** hemry has joined #postfix
[13:55:36] <tuxcrafter> what is the difference between the smtp_tls_cert_file and the smtpd_tls_cert_file. I know that the smtpd is the server deamon and smtp is for the client. But what does this option exactly do?
[13:56:18] <Signum> eat_life: half, yes.
[13:57:25] <tuxcrafter> Signum: hello good to see you
[13:58:04] <Signum> tuxcrafter: hi, penguin...
[13:59:34] *** GMFlash has quit IRC
[13:59:38] *** GMFlash has joined #postfix
[14:00:24] *** TheOutlander has quit IRC
[14:00:26] <tuxcrafter> Signum: when to use smtp_tls_cert_file and when to use smtpd_tls_cert_file
[14:00:41] <Signum> tuxcrafter: smtp = the process that sends email to other servers. smtpd = the process that receives mail.
[14:01:08] <Signum> tuxcrafter: smtpd_* is for your users/clients. smtp_* is used if you need to present a client cert to your relay server (very rare)
[14:01:14] <tuxcrafter> Signum: do you now a TLS enabeld mail server
[14:01:25] <Signum> yup
[14:01:44] <tuxcrafter> my isp is not TLS supported
[14:02:04] <tuxcrafter> Signum: is it open so i can use it
[14:04:09] <tuxcrafter> Signum: do you have to set the smtp_tls_cert_file if you want to use TLS on smtp site like smtp_tls_security_level = encrypt
[14:05:09] <Signum> unsure. I don't use it. most of the world expects unencrypted tcp/25 anywa
[14:07:00] *** MrRagga has quit IRC
[14:10:31] <smesjz> afaik you only need smtp_tls_* if you want to have your Postfix server make secure connections to other SMTP servers
[14:15:18] <tuxcrafter> Signum: smesjz: The more secure the better it will be. It Would be create to be able to drop OpenPGP
[14:16:12] <smesjz> tuxcrafter: you have the wrong idea about security
[14:16:25] * rob0 was going to say that too
[14:16:34] <tuxcrafter> smesjz: why is that
[14:16:48] <smesjz> TLS only encrypts the connection while PGP alike apps encrypts the e-mail itself.
[14:16:56] <rob0> What are you trying to protect against?
[14:16:57] *** TheOutlander has joined #postfix
[14:17:05] <smesjz> tuxcrafter: because you don't know what you are talking about, that's why
[14:17:18] <tuxcrafter> it all connections are secure that contains important data it is correct right
[14:17:32] <rob0> "Secure" means what to you?
[14:17:52] <smesjz> if you want to secure important data, encrypt it using PGP
[14:18:02] <smesjz> or Truecrypt (files etc)
[14:18:06] <tuxcrafter> rob0: being in control of your own data
[14:18:20] * smesjz gives up on tuxcrafter
[14:18:33] <rob0> Definitely, you want PGP.
[14:18:52] <Signum> tuxcrafter: pgp is end-to-end encryption. SSL would just encrypt the SMTP channel between two servers. all other servers in the delivery chain probably don't use SSL
[14:18:59] <rob0> That's the only way to have real security from end-to-end.
[14:19:08] <tuxcrafter> rob0: true true
[14:19:19] <tuxcrafter> http://www.homeport.org/~adam/starttls.html
[14:19:22] <tuxcrafter> i was reading that
[14:19:30] <rob0> Furthermore SSL might be vulnerable to man-in-the-middle attacks.
[14:20:04] <smesjz> tuxcrafter: that does not encrypt the actual message. So the content is unencrypted stored on the mailserver.
[14:20:26] <rob0> You can protect against m-i-t-m by checking client and server certs, but normally that's not done in SMTP.
[14:21:50] <smesjz> tuxcrafter: the problem with using just SSL is that some hacker who gains control over the destination SMTP server can just read the entire message.
[14:22:03] <smesjz> with a PGP encrypted mail, he cannot
[14:22:17] <tuxcrafter> that is totally true, i was aware of that
[14:22:18] *** af_ has joined #postfix
[14:22:33] <smesjz> are you?
[14:23:09] <tuxcrafter> yes it was obvious and it stood on that website ]
[14:23:25] *** Zeit|awy has joined #postfix
[14:24:08] <smesjz> tuxcrafter: that website does not say anything at all about message encryption
[14:24:35] <tuxcrafter> TLS is no message encryption
[14:24:42] <tuxcrafter> so why should it
[14:25:15] <smesjz> you were saying this: "The more secure the better it will be. It Would be create to be able to drop OpenPGP"
[14:25:26] <smesjz> TLS cannot substitute OpenPGP
[14:26:48] <Signum> tuxcrafter: the problem is that you had to trust all the mail server admins in between you and the recipient.
[14:27:03] <tuxcrafter> smesjz: If you can secure the server were the unencrypted messages are stored it can have the same effect
[14:27:06] <Signum> tuxcrafter: and *I* wouldn't trust anyone.
[14:27:27] <tuxcrafter> ofcourse it is not the same, but it solves the same problem
[14:27:28] * rob0 would trust Signum :)
[14:27:29] <Signum> tuxcrafter: that's why messages are always lying around in encrypted format.
[14:27:45] <Signum> rob0: you have no other chance. Or didn't I tell you I work for the BND? :)
[14:27:59] <tuxcrafter> BND?
[14:28:14] <Signum> tuxcrafter: Bundesnachrichtendienst. Germany's security agency.
[14:28:27] <smesjz> tuxcrafter: no. That's not true. PGP garantuees that only the intended recipient can read/decrypt the message. But in your case his coworkers can read that mail too while he's away
[14:28:39] <rob0> http://en.wikipedia.org/wiki/Bundesnachrichtendienst
[14:28:42] <smesjz> Signum: kinda like Stasi? :)
[14:28:59] <tuxcrafter> smesjz: good point
[14:29:02] *** Zeit|idle has quit IRC
[14:29:08] <smesjz> I know
[14:29:27] <rob0> Signum is Agent 00A (they gave him a hex number)
[14:29:32] <smesjz> hehe
[14:29:53] <Signum> rob0: Hey. You weren't authorized to reveal that information. Oh, great. Now I have to kill you all.
[14:30:52] * smesjz dispatches a ninja to kill rob0
[14:30:56] <Signum> That's my common joke I play with coworkers who ask me for the root password of the infrastructure servers (mainly because they want to disable the porn filter at the proxy): "I can tell you but I'd have to shoot you afterwards." Nobody asked me twice.
[14:31:13] *** f3ew has quit IRC
[14:31:37] *** f3ew has joined #postfix
[14:32:15] <smesjz> tuxcrafter: and PGP also tells you (because of public/private keying) that the message actually originates from the claimed sender...
[14:32:48] <smesjz> now stop asking silly questions and tell your users to use PGP alike security
[14:33:15] <tuxcrafter> alright
[14:33:25] <smesjz> and use Truecrypt for locally stored important data
[14:33:28] <tuxcrafter> i got FSFE smartcards here :_D
[14:34:02] <rob0> Securing your SMTP transmissions against snooping will not protect against other, more common, attacks.
[14:34:06] <smesjz> Free Software Foundation Europe?
[14:34:10] <tuxcrafter> yes
[14:34:28] <smesjz> didnt know they were selling hardware...
[14:34:54] <tuxcrafter> only the cards you must buy the readers somewere else
[14:35:06] <tuxcrafter> problem is they are quite expensive
[14:35:37] <tuxcrafter> I think a good piece of software on usb sticks can deliver the same security a lot cheaper
[14:36:04] <smesjz> but also less secure. Have you read the Tweakers.net review on them?
[14:37:13] <smesjz> but using some toys does not make a good security policy if you have weak root passwords or so
[14:37:25] <smesjz> or unecrypted backups etc
[14:40:51] <tuxcrafter> everything is as strong as its weakest link
[14:41:42] <smesjz> no shit. So if you drop openpgp/truecrypt the use of TLS doesnt mean anything at all
[15:08:42] *** quik_ has joined #postfix
[15:17:57] *** Bronsky has joined #postfix
[15:24:55] <frennkie> I'm trying to fight against false NDNs (got this hint from this channel yesterday: http://www.postfix.org/BACKSCATTER_README.html). How likely is it that a correct NDN doesn't include the original headers?
[15:26:44] <tuxcrafter> smesjz: I got this message certificate verification failed for mx1.cyso.net: num=18:self signed certificate
[15:27:03] <tuxcrafter> is this a failure of my certificate or there ?
[15:29:50] <smesjz> you have a self signed certificate so it cannot be verified. Self signed certs should be ok while testing
[15:31:22] <smesjz> but if you're going to use in a production env. contact Verisign or so
[15:33:07] <tuxcrafter> so it is my certificate that files not there:
[15:33:08] <tuxcrafter> May 27 15:29:09 ashley postfix/smtp[12432]: setting up TLS connection to mx1.cyso.net
[15:33:08] <tuxcrafter> May 27 15:29:09 ashley postfix/smtp[12432]: certificate verification failed for mx1.cyso.net: num=18:self signed certificate
[15:33:08] <tuxcrafter> May 27 15:29:09 ashley postfix/smtp[12432]: Unverified: subject_CN=mx1.mail.cyso.net, issuer=mx1.mail.cyso.net
[15:33:08] <tuxcrafter> May 27 15:29:09 ashley postfix/smtp[12432]: TLS connection established to mx1.cyso.net: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
[15:33:56] <smesjz> it's fine
[15:34:03] <smesjz> but not verified
[15:34:11] <smesjz> read up on SSL and signing certs
[15:34:50] <smesjz> the TLS connection is established, so it's all working
[15:35:03] <smesjz> however you dont want this in a production environment :)
[15:35:18] <mh_le> I try to test postfix with the telnet session in this doc (http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/test.html) I get no responce after I type en helo localhost... any idea as to what's up?
[15:36:13] <mh_le> s/en/
[15:36:57] <sysmonk> mh_le: the most common problem is the alias file
[15:37:09] <sysmonk> (postalias /etc/aliases or whatever alias file you use)
[15:37:15] <frennkie> tuxcrafter: is mx1.cyso.net your mailserver?
[15:37:20] <sysmonk> but you'd have to look in the log file
[15:37:49] <mh_le> sysmonk: what should be in that file?
[15:38:02] *** quik_ has quit IRC
[15:38:11] <tuxcrafter> frennkie: yes its the mail relay host i use, i am reading here that i have to set-up my server to trust the mail server but I dont know how to do this yet
[15:38:23] <sysmonk> mh_le: your system should have it by default, you just need to make a 'hash' file of it by issuing postalias /path/to/alias/file
[15:39:04] <frennkie> tuxcrafter: it doesn't look like thats an error.. only a warning.. so it should be fine..
[15:40:08] <tuxcrafter> frennkie: yes its working but it I must be possible to remove the waring by trusting the certificate like you do with your mail client like TB
[15:40:12] <mh_le> sysmonk: I get alot of these in my log..
[15:40:14] <mh_le> May 27 15:39:01 octavian postfix/trivial-rewrite[16738]: fatal: mysql:/etc/postfix/mysql-mydestination.cf(0,lock|fold_fix): table lookup problem
[15:40:43] <frennkie> tuxcarfter: hm.. yes.. i'd think so too..
[15:40:45] <tuxcrafter> smtp_tls_verify_cert_match
[15:41:46] <sysmonk> mh_le: so, you've got a problem then. with that file
[15:42:28] <sysmonk> mh_le: look at your config, look at what kind of type that file should be ( it should be mysql:, but maybe you've misconfigured )
[15:42:38] <sysmonk> and if that file does exist, is readable by postfix, and etc
[15:43:49] <frennkie> tuxcrafter: "This feature is available in Postfix 2.3 and later." d'oh.
[15:44:13] <frennkie> tuxcrafter: I'm running 2.2 .. ;-)
[15:44:45] <tuxcrafter> i am version 2.3.8
[15:45:33] <frennkie> unfortunatly ubuntu dapper drake only has 2.2
[15:48:07] <tuxcrafter> found a possible solution working on it know
[15:49:39] <smesjz> 2.4.0 here :)
[15:54:21] <mh_le> sysmonk: ther file is there, it's owned my postfix and still there a problem.. I can't see any misconfiguration in the file...
[15:54:53] <sysmonk> mh_le: maybe the query is bad
[15:55:37] <mh_le> sysmonk: how do I check that?
[15:57:58] *** devdas has joined #postfix
[16:00:15] <frennkie> i have lots of mails in postqueue -p ; most of them won't be delivered.. can i delete them somehow?
[16:04:16] <Signum> frennkie: "man postsuper"
[16:15:01] <tuxcrafter> Signum: how do I tell postefix that certificates from mx1.cyso.net (smtp) are valid
[16:16:35] <Signum> tuxcrafter: by trusting their CA? no idea. I don't use that normally.
[16:16:52] <tuxcrafter> smesjz: do you know how to do this?
[16:17:59] <Signum> smesjz: Customer! ;)
[16:21:37] *** af_ has quit IRC
[16:24:40] *** dealer has joined #postfix
[16:26:14] <dealer> i want to setup a smtp forwarder using postfix.. how can i make that?
[16:26:34] <devdas> what kind of forwarder?
[16:27:11] <dealer> hm, the postfix is on a server machine in my house, i send the mail using it and it sends the email, understand?
[16:31:50] <smesjz> tuxcrafter: dunno, in Windows you add the SSL cert to your trusted zones somewhere. But the best approach is to a CA signed SSL cert.
[16:32:54] <smesjz> tuxcrafter: are you working at cyso.net?
[16:33:28] <dealer> devdas: can you understand that?
[16:33:48] <tuxcrafter> smesjz: Can i create my own CA trusted signed certificates or do I always have to pay for that?. But In this case I think the certificates of cyso.net are bit signed. So i want to say to my server that they are trusted.
[16:34:01] <tuxcrafter> smesjz: no i am not working for cyso.net
[16:35:20] <smesjz> tuxcrafter: dunno, I am only using xs4all's mail servers for SSL. My own servers dont do SSL
[16:35:21] <tuxcrafter> smesjz: openssl s_client -starttls smtp -connect mx1.cyso.net:25
[16:37:24] <smesjz> maybe in /etc/ssl/openssl.conf . I dont know and dont care :)
[16:39:54] <devdas> dealer: see
[16:39:55] <devdas> !basic
[16:39:56] <knoba> devdas: 'basic' : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[16:44:19] <dealer> but it can be maked?
[16:45:14] <smesjz> have you even read the page?
[16:45:15] <dealer> or i have to install something else?
[16:46:01] <dealer> i'm reading, i'm just asking if that's possible with only postfix.
[16:46:24] <smesjz> it's possible
[16:47:35] <dealer> did you understand? i send the mail to the machine and then the machine will send as a gmail accout, for an example
[16:47:38] <frennkie> tuxcrafter: I'm pretty sure that you can build your own CA; create a cert for your mail server and import your Root-CA-Cert to your trusted root CAs
[16:48:13] <tuxcrafter> frennkie: the only thing now is a good step to step tutorial
[16:49:02] <smesjz> or the fine openssl manual
[16:49:43] <tuxcrafter> I have almost solved the relay problem
[16:49:54] <smesjz> which one?
[16:50:03] <tuxcrafter> i only need the *.cert file of my mail server
[16:50:27] <tuxcrafter> not mine but the mail server I use
[16:50:55] <tuxcrafter> I need the cert file of mx1.cyso.net
[16:51:18] <smesjz> so what's the relay problem then?
[16:51:20] <Signum> dealer: you can send with a sender address of "...gmail@com" and *relay* mail through your postfix instance (with authentication of course)
[16:51:40] * smesjz relays some spam to rob0
[16:54:52] <devdas> dealer: yes
[16:55:33] * devdas sells spamfiltering services to rob0
[16:59:31] * Signum sells rolex replicas to rob0
[17:00:52] * smesjz sells SCO stocks to rob0
[17:04:49] <dealer> Signum: where i can find something like a howto to make that?
[17:05:03] <dealer> sasl stuff?
[17:08:29] <devdas> Just set the correct address in your MUA
[17:09:55] <dealer> the kmail prints that i need encryption to the auth work, but when i check what smtp supports, it shows that tls doesn't work
[17:11:58] <smesjz> devdas: do you know how to enable address checks for rewritten mail when using aliased domains? This company  has two domains: domA.com and domB.com with domB.com being an alias for domB.com. But if mail is sent to joe at domA dot com, postfix doesn't check if joe at domB dot com exists. Do you know how/where to enable these checks? I dont want to be backscattering host
[17:12:49] <dealer> The server responded: "5.7.0 Encryption required for requested authentication mechanism"
[17:13:27] <dealer> devdas: any idea?
[17:17:28] <dealer> and if i don't want crypt..
[17:18:18] *** the_sniff has joined #postfix
[17:18:58] <the_sniff> how can i set a default charset header for all emails with no charset header?
[17:23:22] <ssquid> dealer: check what you have in' smtpd_sasl_security_options', if you really don't wan't to require encryption, remove 'noplaintext'
[17:23:42] <dealer> on main.cf, right?
[17:23:49] <ssquid> right
[17:24:35] <dealer> i don't have noplaintext
[17:24:50] <dealer> just noanonymous
[17:28:07] *** Tino is now known as Tinozaure
[17:28:22] <dealer> ssquid: is this stuff?
[17:29:56] <ssquid> dealer: sorry, that's not it.. check if you have smtpd_tls_autg_only = yes
[17:30:57] <dealer> i don't use tls
[17:31:39] <dealer> it's printing on kmail now The server responded: "5.7.0 Error: authentication failed: generic failure"
[17:31:49] <ssquid> dealer:  that's the point. If you wan't do do auth with no TLS, that parameter must not be 'yes'
[17:32:35] <dealer> i have to set that smtpd_tls stuff?
[17:32:42] <ssquid> dealer: having ' smtpd_tls_auth_only=yes' will require encryption to do auth
[17:33:04] <dealer> but i don't have this setted..
[17:33:49] <ssquid> dealer: if your postfix replies with 'Encryption required for requested authentication mechanism' I would say you have that set somewhere..
[17:34:12] <dealer> and this generic failure
[17:34:13] <dealer> ?
[17:34:40] <ssquid> dunno, that's vague
[17:34:44] <ssquid> have to go.. cya
[17:35:03] <dealer> its telling that it not support plain, but i'm using plain and kmail checked, that supports plain
[17:36:10] *** devda1 has joined #postfix
[17:37:30] <devda1> smesjz: are both the domains virtual domains?
[17:37:49] <devda1> then you need to explicitly list all the recipients in your virtual_alias_maps
[17:38:02] <devda1> Alternatively, you need to list both domains in mydestination
[17:39:42] *** devdas has quit IRC
[17:51:15] <tuxcrafter> http://www.postfix.org/TLS_README.html#client_tls_encrypt
[17:51:26] <tuxcrafter> i am giving up for today i cant solve the problem
[17:52:14] <tuxcrafter> how do I set-up postfix to trust the certificat from mx1.cyso.net
[17:52:35] <tuxcrafter> mx1.cyso.net is the server I connect to to send mail
[17:54:40] <frennkie> tuxcrafter: wie is it so important for you..? mails are delievered..aren't they?
[17:55:27] <tuxcrafter> nou this way i cant never use it in a production machine
[17:56:27] <frennkie> in production you would use officially signed certs, wouldn't you?
[17:59:08] <tuxcrafter> frennkie: not in the beginning, I would pick a few server I trust and say to the server they are trusted
[17:59:34] <tuxcrafter> those certs cost a lot of money
[17:59:39] <tuxcrafter> but I will have a look at
[17:59:48] <tuxcrafter> http://www.cacert.org/
[18:00:47] <mh_le> how do I make the file /etc/postfix/virtual.db?
[18:01:20] <mh_le> I tried touch but now it complains about a bad file descriptor
[18:01:59] <frennkie> postmap /etc/postfix/virtual
[18:03:32] <tuxcrafter> frennkie: i am here
[18:03:41] <the_sniff> can i set a default charset header for emails with no charet?
[18:03:58] <frennkie> tuxcrafter:i have quite a few entries in my logs claiming that some smtp server only has a self signed cert..
[18:04:37] <tuxcrafter> frennkie: and did you add those servers to a trusted list? how did you do this?
[18:05:01] <frennkie> no.. why would i?
[18:05:55] <tuxcrafter> frennkie: If it is the only smtp server you use and you know it can be trusted
[18:06:58] <tuxcrafter> Signum: I am now going to setup spamassassin, did you already wrote a part for this in the tutorial?
[18:07:21] <frennkie> no.. that are just some random servers on the internet to which my server is delievering mails from my customers. .(e.g arcor a major german isp seems to have a self signed cert on at least one of their servers)
[18:11:33] <the_sniff> CAN i set a default charset header for emails with no charet?
[18:12:38] *** dealer has left #postfix
[18:18:02] *** [dmp] has quit IRC
[18:18:44] *** caravena has joined #postfix
[18:27:53] *** xpoint has joined #postfix
[18:32:58] *** the_sniff has quit IRC
[18:37:41] *** devda1 is now known as devdas
[18:56:18] *** thrawn has joined #postfix
[19:02:19] <mh_le> I get the following error in my logs from postfix about SASL.. http://www.pastebin.ca/514247
[19:02:52] *** magyar has joined #postfix
[19:03:58] <Zerberus> mh_le: your SASL setup within main.cf is not correct
[19:05:39] *** rmayorga has joined #postfix
[19:06:37] *** caravena has quit IRC
[19:15:01] *** thrawn has quit IRC
[19:16:19] *** RedShift has joined #postfix
[19:16:22] <RedShift> hi
[19:16:37] <RedShift> RFC 822 state that headers should be terminated with \r\n (crlf), right?
[19:17:08] <RedShift> however, when I send mail through postfix using sendmail, no carriage returns are found?
[19:21:35] <mh_le> Zerberus: thanks
[19:24:09] <mh_le> Zerberus: do you know which options I should pay attention to?
[19:24:16] *** caravena has joined #postfix
[19:26:03] *** devdas has quit IRC
[19:29:26] <mh_le> http://www.pastebin.ca/514295 these are my sasl related options..
[19:29:44] *** mazon is now known as Mazon
[19:33:23] <tuxcrafter> back]
[19:34:55] *** raqamy has quit IRC
[19:37:51] <smesjz> hmm
[19:38:54] *** cilly has joined #postfix
[19:38:55] *** Tinozaure is now known as Tino
[19:54:39] *** xpoint has quit IRC
[19:54:40] <tuxcrafter> does someone have a good resently created tutorial for postfix and amavis-new
[19:57:37] <mh_le> after I have cleared mail.log, why dosen't postfix write new data to it?
[19:58:04] <smesjz> tuxcrafter: there are plenty of tutorials for postfix/amavis.
[19:58:17] <smesjz> mh_le: restart the syslog daemon
[19:58:33] <tuxcrafter> smesjz: yes i know but i like to use one that is still up to date
[19:58:52] <mh_le> smesjz: thanks
[19:59:05] <smesjz> tuxcrafter: well, amavis hasnt changed so much over the past year or so. Especially the integration with Postfix hasnt changed
[19:59:09] <tuxcrafter> i have find a lot of info with a specific internet search machine, but there all a bit old and outdated
[19:59:26] <smesjz> I think Chris's tutorial on amavis is nice
[19:59:32] <smesjz> but you have to tune it anyway
[19:59:33] <tuxcrafter> smesjz: link
[19:59:50] <smesjz> stfw :)
[20:00:04] <smesjz> search the fucking web...
[20:00:05] <smesjz> http://workaround.org/articles/ispmail-sarge/
[20:00:35] <smesjz> and http://www.ijs.si/software/amavisd/#doc
[20:00:40] <tuxcrafter> http://workaround.org/articles/ispmail-sarge/#amavis
[20:01:01] <mh_le> I'm getting this error in my log..
[20:01:02] <mh_le> May 27 20:00:15 octavian postfix/trivial-rewrite[27127]: fatal: mysql:/etc/postfix/mysql-mydestination.cf(0,lock|fold_fix): table lookup problem
[20:01:12] <mh_le> but as far as I can see there is nothing wrong with it..
[20:02:06] <mh_le> also get htis one..
[20:02:10] <mh_le> May 27 20:00:13 octavian postfix/trivial-rewrite[27053]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
[20:03:37] <smesjz> fix your config
[20:03:58] <mh_le> I got that much, but where?
[20:04:19] <smesjz> does /var/run/mysqld/mysqld.sock exists?
[20:05:06] <smesjz> i've this in my fstab for Postfix -> '/var/run/mysqld /var/spool/postfix/var/run/mysqld none bind 0 0' Dunno if it's still needed
[20:05:09] <smesjz> are you using Debian?
[20:06:05] <mh_le> ubuntu
[20:06:47] <mh_le> the path exits
[20:07:26] <mh_le> exists even
[20:07:55] <smesjz> ok, try this: mount --bind /var/run/mysqld  /var/spool/postfix/var/run/mysqld
[20:08:18] <smesjz> but are you sure the mysql user/pass are working?
[20:08:23] <smesjz> have you tested them from the commandline?
[20:08:31] <mh_le> no
[20:08:35] <mh_le> I haven't
[20:08:51] <smesjz> like: 'mysql -u postfix -p' and after logging in: 'use $db' where $db is the database where the postfix tables are
[20:08:56] <smesjz> ok, try it first
[20:09:03] <mh_le> okay
[20:10:55] <smesjz> tuxcrafter: my amavisd.conf is at http://www.insidersonline.nl/amavisd.conf . Unsupported but it should/could give you a clue about config
[20:11:00] <mh_le> yep the password and user works
[20:11:28] <smesjz> and 'use postfix' too?
[20:11:39] <smesjz> or whatever the database is
[20:11:52] <tuxcrafter> smesjz: thanks can you also tell me were it is located i don't have /etc/amavis/amavisd.conf
[20:12:31] <smesjz> i have it at /etc/amavisd.conf
[20:12:40] <smesjz> installed amavis?
[20:12:41] *** brancaleone has joined #postfix
[20:12:54] <smesjz> amavis will complain where it expects the amavisd.conf if it's not there
[20:13:48] <mh_le> yep use $db works
[20:13:59] <smesjz> mh_le: did you do the mount --bind?
[20:14:10] <mh_le> not yet
[20:14:19] <smesjz> ok, do that and restart postfix
[20:15:26] *** AJ_Z0 has quit IRC
[20:15:37] <tuxcrafter> smesjz: aptitude install amavisd-new
[20:15:38] <tuxcrafter> aptitude install spamassassin clamav-daemon cpio arj zoo nomarch lzop cabextract
[20:15:38] <tuxcrafter> aptitude install lha unrar
[20:15:38] <tuxcrafter> find / -name amavisd.conf
[20:15:46] <tuxcrafter> but there is no amavisd.conf
[20:15:51] *** raqamy has joined #postfix
[20:16:13] <smesjz> what happens if you type 'amavisd'
[20:16:23] <smesjz> and check the mail.log
[20:16:27] *** raqamy has quit IRC
[20:17:26] <smesjz> or look for 'amavis.conf'. I am using amavisd-new 2.5 from source
[20:17:31] <tuxcrafter> amavisd
[20:17:31] <tuxcrafter> bash: amavisd: command not found
[20:17:36] <tuxcrafter> hmm
[20:17:49] <tuxcrafter> amavisd-new
[20:18:16] <smesjz> ok, amavisd-new it'll be
[20:18:19] <smesjz> but no errors?
[20:18:29] <RedShift> hi
[20:18:30] <RedShift> RFC 822 state that headers should be terminated with \r\n (crlf), right?
[20:18:32] <RedShift> however, when I send mail through postfix using sendmail, no carriage returns are found?
[20:19:13] <tuxcrafter> amavisd-new-2.4.2 (20060627), Unicode aware, LANG=en_US.UTF-8
[20:19:14] <tuxcrafter> May 27 20:16:29 ashley amavis[13355]: Perl version               5.008008
[20:19:14] <tuxcrafter> root@ashley:/home/administrator#
[20:19:14] <tuxcrafter> smesjz: looks ok
[20:19:38] <mh_le> smesjz: that did it.. I still don't recieve mail though..
[20:20:13] <smesjz> tuxcrafter: yes it does ;)
[20:20:18] <smesjz> mh_le: what's in the logs?
[20:20:32] <smesjz> mh_le: getting mysql to work is the first step to world domination ;)
[20:21:05] <mh_le> ;)
[20:21:36] <tuxcrafter> :-D
[20:21:56] *** sepski has joined #postfix
[20:22:19] <tuxcrafter> cat /etc/amavis/conf.d/
[20:22:20] <tuxcrafter> 01-debian                 05-node_id                15-content_filter_mode    25-amavis_helpers         50-user
[20:22:20] <tuxcrafter> 05-domain_id              15-av_scanners            20-debian_defaults        30-template_localization
[20:22:45] <tuxcrafter> is this a new configuration or something because i cant find info about it on the Internet very wel
[20:22:57] <RedShift> cat /etc/amavis/conf.d/? you mean ls ? :p
[20:24:32] <smesjz> tuxcrafter: it's just debian specific. You can replace it with your own config I assume
[20:25:47] <mh_le> I'm getting this error in the logs..
[20:25:48] <mh_le>  postfix/trivial-rewrite[28367]: warning: mysql query failed: Unknown column 'status' in 'where clause'
[20:26:19] *** MrRagga has joined #postfix
[20:26:20] <mh_le> I think it may be related to this line..
[20:26:21] <mh_le> additional_conditions = and status = '1' limit 1
[20:26:31] <mh_le> in mysql-canonical.cf
[20:27:08] *** rmayorga_ has joined #postfix
[20:27:09] *** rmayorga has quit IRC
[20:27:38] <smesjz> mh_le: that's from an old-style template
[20:27:49] *** rmayorga_ is now known as rmayorga
[20:28:03] <mh_le> smesjz: I got the contents of the files from an howto
[20:28:10] <smesjz> the postfix >= 2.2 support stuff like: query = SELECT goto FROM alias WHERE active=1 AND address='%s'
[20:28:33] <smesjz> so you dont need the other stuff
[20:28:43] <smesjz> there are just too many outdated tutorials out there
[20:28:49] * mh_le dosen't even know what it does..
[20:28:59] <smesjz> hmm?
[20:29:36] <mh_le> so I need to replace what I have with what you just wrote (query =... )?
[20:29:43] <smesjz> yes
[20:30:00] <smesjz> well, it's just example which you have to adapt to your own columns
[20:30:28] <smesjz> but postfix understands a sprintf() alike syntax
[20:30:44] <smesjz> but more details are to be found at the postfix website
[20:30:58] <smesjz> and for now, I am gone to see a movie. Take care of yourselves and of your postfix install :)
[20:31:20] <mh_le> thx
[20:31:30] <mh_le> thanks for your help
[20:31:33] *** AJ_Z0 has joined #postfix
[20:32:03] <mh_le> how do I adapt to modern postfix versions? additional_conditions = and status = '1' limit 1
[20:32:14] <tuxcrafter> smesjz: thanks for your help
[20:51:49] *** FlashNet3 has quit IRC
[20:52:08] <mh_le> I don't seem to be able to have mail delivered
[20:52:11] <mh_le> to cyrus..
[20:52:43] *** FlashNet3 has joined #postfix
[20:59:13] <tuxcrafter> mynetworks = 127.0.0.1/32 192.168.1.50/32
[20:59:19] <tuxcrafter> what does the /32 mean
[20:59:23] <tuxcrafter> is it a port?
[20:59:31] <tuxcrafter> or a range
[20:59:33] <tuxcrafter> ??
[21:00:18] <mh_le> it means the last 32 bits of the IP
[21:00:23] <mh_le> it's the hostmask
[21:00:51] <tuxcrafter> can you give a example
[21:01:37] <mh_le> 10.0.0.0/8 means a hostmask of 255.255.255.0
[21:02:24] <mh_le>  /32 means 255.255.255.255
[21:02:44] <sepski> 10.0.0.0/8 means netmask of 255.0.0.0
[21:02:49] <sepski>  /24 = 255.255.255.0
[21:03:07] <tuxcrafter> 8 bit is max 255
[21:03:09] <mh_le> oops sorry
[21:03:15] <sepski> tuxcrafter, /32 = 255.255.255.255 = exactly 1 host (1 ip)
[21:03:26] <tuxcrafter> from left to right
[21:03:42] <tuxcrafter> mynetworks = 127.0.0.1/32 192.168.1.50/32  so what will that mean it
[21:03:54] <tuxcrafter> there is a mask on the total adress
[21:04:09] <tuxcrafter> is it denied or permitted
[21:04:17] <sepski> that means that localhost  and the ip  192.168.1.50   can relay mail
[21:04:33] <tuxcrafter> so what do the masks do
[21:04:49] <sepski> tuxcrafter, it's just a variable. if it's permitted depends if you use permit_mynetworks in the restrictions lines, but usualy permitted
[21:05:30] <tuxcrafter> sepski: i know i have to use it in the restriction lines, just wondering what that maskting is doing with the ip
[21:05:55] <sepski> what do you mean the mask defines the size of the range
[21:06:20] <sepski> 192.168.1.50/32 = that ip only    192.168.1.50/24 = 192.168.1.0 - 192.168.1.255 (the whole net)
[21:06:27] <tuxcrafter> mynetworks = 127.0.0.1/8 192.168.1.50/8
[21:06:27] <tuxcrafter> what will be the functional difference
[21:06:47] <tuxcrafter> ah ok
[21:06:54] <tuxcrafter> know i get it
[21:06:55] <sepski>  192.168.1.50/8   = 192.0.0.0 - 192.255.255.255 can freely abuse your postfix
[21:07:19] <sepski> 127.0.0.1/8 = the loopback and every one of those is your local pc
[21:07:19] <tuxcrafter> just like a normal netmask
[21:07:25] <sepski> it IS a netmask
[21:07:45] <sepski> it's just written in a sane way instead of that confusing 255.255.255.0 shit
[21:07:49] <tuxcrafter> mh_le: its a netmask not a hostmask :-D
[21:07:59] <sepski> masklength :)
[21:08:11] <mh_le> tuxcrafter: sorry sometimes I type faster than I think :)
[21:08:31] <tuxcrafter> have the same thing. think before you type :-P
[21:08:44] <tuxcrafter> sepski: thanks
[21:09:20] <tuxcrafter> i cant send local smtp messages because it wants STARTTLS
[21:09:26] <tuxcrafter> but is local -S
[21:09:43] <mh_le> who should own the cyrus lmpt socket?
[21:09:56] <mh_le> tuxcrafter: :)
[21:10:23] <tuxcrafter> mh_le: dont use cyrus i use dovecot SALS
[21:10:43] <tuxcrafter> s/dont/ I don't
[21:10:46] <mh_le> wrong channel.. should have been in #cyrus :)
[21:11:26] <tuxcrafter> what is the difference between a lmpt and smtp socket?
[21:12:31] <tuxcrafter> because i can choose  both for amavisd
[21:12:48] <mh_le> lmtp is used to transfer mail from MTA to MUA, AFAIK
[21:16:53] *** MrRagga has quit IRC
[21:17:38] <Zerberus> not to the MUA
[21:18:10] <mh_le> imap server for eg is a MUA, right?
[21:18:42] <Zerberus> no
[21:18:49] <Zerberus> MUA = mail user agent
[21:18:58] <Zerberus> like thunderbird or outbreak
[21:19:44] <Zerberus> an imap server describes a mail access method (protocol)
[21:22:15] <tuxcrafter> got them it i forgot the filterrule :_D
[21:24:20] *** frennkie has quit IRC
[21:24:29] <tuxcrafter> A damm i fucked up my configuration
[21:27:24] <RedShift> hi
[21:27:27] <RedShift> RFC 822 state that headers should be terminated with \r\n (crlf), right?
[21:27:30] <RedShift> however, when I send mail through postfix using sendmail, no carriage returns are found?
[21:30:07] <tuxcrafter> RedShift: sorry i don't know maybe you can check the RFC 822 standaard (check wikipedia)
[21:30:22] <RedShift> tuxcrafter: I did, that's why I'm asking
[21:31:14] <tuxcrafter> RedShift: maybe postfix or sendmail dont follow the standard that strikt?
[21:32:51] <RedShift> appearntly
[21:33:08] <RedShift> or maybe they just don't alter the message body anyway... but how do they communicate with other servers then? etc...
[21:33:28] <sepski> maybe you can configure it yourself http://www.postfix.org/uce.html#strict_rfc821_envelopes
[21:33:45] <RedShift> aha!
[21:33:47] *** meandtheshell has joined #postfix
[21:34:13] <Zerberus> no, that config setting is something very different
[21:34:32] <Zerberus> of course sendmail and postfix follow rfcs and rfc822 especially
[21:34:46] <RedShift> hmmm no that was not what I was looking for
[21:35:19] <RedShift> Zerberus: how come my line endings arrive as \n and not as \r\n like rfc822 states?
[21:35:24] <Zerberus> strict_rfc821 means that only "MAIL FROM:<address@domain>" is accepted and not any form of "MAIL FROM: foo@bar"
[21:35:54] <Zerberus> RedShift: how do you check that?
[21:36:13] <RedShift> I set local_delivery to <myscript>, I read stdin and check for \r\n
[21:36:19] <tuxcrafter> sepski: i got a problem :  (TLS is required, but was not offered by host 127.0.0.1[127.0.0.1])
[21:36:57] <RedShift> Zerberus: unless when delivering, postfix filters out the carriage returns?
[21:37:16] <sepski> tuxcrafter, and is the problem that it was not offered, or that it's requiered  ?
[21:37:23] <tuxcrafter> It seems my configuration needs TLS for internal use so i did something wrong but i have permit_mynetworks by every restriction
[21:37:35] *** MrRagga has joined #postfix
[21:38:02] <sepski> is 127.0.0.1 listed in your mynetworks
[21:38:10] <tuxcrafter> sepski: the problem is that it is required for local use, what is nonsense
[21:38:24] <tuxcrafter> postconf -e 'mynetworks = 127.0.0.0/8 192.168.1.0/24'
[21:38:40] <tuxcrafter> postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
[21:38:40] <tuxcrafter> postconf -e 'smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject'
[21:38:40] <tuxcrafter> postconf -e 'smtpd_helo_restrictions = permit_mynetworks, reject_unknown_helo_hostname'
[21:38:40] <tuxcrafter> postconf -e 'smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain'
[21:38:41] <tuxcrafter> postconf -e 'smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining'
[21:38:49] <tuxcrafter> i will make a pastbin sorry
[21:39:23] <tuxcrafter> sepski: http://pastebin.ca/514499
[21:39:37] <tuxcrafter> al my beautiful settins
[21:39:56] <sepski> tuxcrafter, my mynetworks line have comma sepatated values, but i do not know if it's requiered
[21:40:05] <sepski> mynetworks = 127.0.0.0/8, 192.168.50.1/32
[21:40:29] <tuxcrafter> sepski: i got that line from postconf -d and the doc website
[21:40:55] *** hundfred has quit IRC
[21:41:03] <sepski> i guess  postfix check would complain if it was not ok
[21:42:22] <tuxcrafter> sepski: http://pastebin.ca/514500
[21:42:42] *** meandtheshell has quit IRC
[21:45:21] <sepski> tuxcrafter, paste your master.cf file
[21:45:58] <tuxcrafter> sepski: http://pastebin.ca/514506
[21:46:01] <tuxcrafter> master is comming
[21:47:24] <tuxcrafter> sepski: http://pastebin.ca/514510
[21:49:52] *** meandtheshell has joined #postfix
[21:50:16] <sepski> tuxcrafter, why do you have 2 lines with  amavisfeed  ???
[21:51:03] <tuxcrafter> sepski: I first had one but it was not working and the how-to was not very clear if i need poth
[21:51:05] <tuxcrafter> both
[21:51:11] <tuxcrafter> one is lmtp
[21:51:17] <tuxcrafter> other smtp
[21:52:04] <sepski> but they have the same name.
[21:52:07] <sepski> amavisfeed
[21:52:12] <sepski> i only use one
[21:52:15] <sepski> based on smtp
[21:52:24] <sepski> comment out the other and try ?
[21:53:15] *** udi_trugman has left #postfix
[21:53:55] <tuxcrafter> sepski: i will try but I is not te problem because before i changed the master.cf i tried sending mail with squirrelmail local and it was not working to
[21:53:58] <tuxcrafter> Authentication required
[21:53:59] <tuxcrafter> Server replied: 530 5.7.0 Must issue a STARTTLS command first
[21:54:05] <tuxcrafter> that is form webmail
[21:55:40] <tuxcrafter> sepski: http://pastebin.ca/514519 the new master.cf
[21:58:11] <tuxcrafter> sepski: http://pastebin.ca/514524
[21:58:28] <tuxcrafter> i can break down my security but i dont want that
[21:58:37] <tuxcrafter> it sould not use TLS localy
[21:58:48] <tuxcrafter> but i dont know why it wants
[22:02:49] <tuxcrafter> sepski: do you see the problem i will break the security just to see if can get it working
[22:04:45] <tuxcrafter> ah is see it
[22:04:51] <tuxcrafter> it is the local problem
[22:04:54] <tuxcrafter>  i think
[22:05:03] <tuxcrafter> postconf -e 'content_filter = amavisfeed:[127.0.0.1]:10024'
[22:05:03] <tuxcrafter> postconf -e 'mynetworks = 127.0.0.0/8, 192.168.1.0/24'
[22:05:12] <tuxcrafter> 127.0.0.1 != local ?
[22:06:03] <tuxcrafter> lo        Link encap:Local Loopback
[22:06:03] <tuxcrafter>           inet addr:127.0.0.1  Mask:255.0.0.0
[22:06:51] <sepski> seams ok
[22:07:42] <tuxcrafter> fatal: non-null host address bits in "127.0.0.1/8", perhaps you should use "127.0.0.0/8" instead
[22:08:06] <RedShift> tuxcrafter: well that one is pretty obvious
[22:08:23] <tuxcrafter> 192.168.1.50/8   = 192.0.0.0 - 192.255.255.255
[22:08:47] <sepski>  mynetworks = 127.0.0.0/8        i have the same and it's working here
[22:11:45] <tuxcrafter> postconf -e 'smtp_tls_security_level = none'
[22:11:45] <tuxcrafter> postconf -e 'smtpd_tls_security_level = none'
[22:11:50] <tuxcrafter> and now its working
[22:12:03] <tuxcrafter> however there is one big strange thing
[22:12:31] <RedShift> tuxcrafter: did you set 127.0.0.1 somewhere else?
[22:12:58] <tuxcrafter> no I only changed the security levels
[22:13:05] <sepski> tuxcrafter, have you tried unsetting smtp_tls_security_level = in your 127.0.0.1:10025 ?
[22:13:55] <tuxcrafter> but its was also not working with the webmail
[22:14:13] <tuxcrafter> without security level it the webmail is working again
[22:14:46] <tuxcrafter> but when i set the security level it will not detect 127.0.0.1 as localhost anymore that is the problem
[22:14:53] <tuxcrafter> let me show the log files
[22:15:03] <sepski> tuxcrafter, that would be expected
[22:15:14] <sepski> with that security level you enforce the use of tls
[22:15:15] *** etaylor has joined #postfix
[22:15:15] *** rcsu has joined #postfix
[22:16:12] <sepski> i dont use  smtp_tls_security_level , i use permit_sasl_authenticated where it's suiteable in my restrictions
[22:17:19] <sepski> tuxcrafter, after all the manual say "This security level is not an appropriate default for systems delivering mail to the Internet."
[22:17:43] <sepski> http://www.postfix.org/postconf.5.html#smtp_tls_security_level
[22:18:54] <tuxcrafter> sepski: so it should just not work :-S because i want a bit more secure
[22:19:39] <tuxcrafter> how sould i tell the postifix not to use TLS internally
[22:21:56] <sepski> tuxcrafter, for amavis you can try  -o smtp_tls_security_level = none   in your amavisfeed: and your 127.0.01:10025 in you master.cf
[22:22:07] <tuxcrafter> ok
[22:22:14] <tuxcrafter> and for squerlmail
[22:22:17] <sepski> for webmail you must simply use TLS. or use a custom  port
[22:22:25] <tuxcrafter> ok
[22:22:42] <tuxcrafter> i still needed to add the apache module
[22:23:01] <sepski> but why you think setting the security_level is more secure then using the restriction lines i do not know
[22:24:01] <tuxcrafter> sepski: what is better lmtp or smtp for the avavisfeed
[22:24:16] <sepski> i do not know i use smtp
[22:25:31] <tuxcrafter>  Local Mail Transfer Protocol (LMTP)
[22:25:36] <tuxcrafter> lets try lmtp :-D
[22:26:39] <sepski> tuxcrafter, so how do you sent mail to the internet at large ? you use a smtp smarthost somewhere ?
[22:26:48] <tuxcrafter> yes
[22:27:02] <tuxcrafter> via TLS
[22:27:05] <sepski> ok
[22:27:12] <tuxcrafter> nice he:-P
[22:29:49] <eat_life> smesjz: mail_location = /home/vmail/%d/%u is not a valid parameter for dovecot-sql.conf
[22:33:03] *** killown has joined #postfix
[22:34:52] <tuxcrafter> sepski: postconf -e 'mydestination = ashley.tuxblogger.nl, localhost.tuxblogger.nl, localhost'
[22:35:03] <tuxcrafter> are you sure that line is correct
[22:35:19] <tuxcrafter> the localhost parts
[22:40:38] <Signum> eat_life: you need to prepend it with "maildir:"
[22:40:52] <Signum> tuxcrafter: the new section about authenticated smtp is now included
[22:41:11] <tuxcrafter> Signum: got that working perfect
[22:41:38] <tuxcrafter> Signum: i am at the avavis part
[22:41:47] <tuxcrafter> but got problems with localmail and STL
[22:42:01] <tuxcrafter> i dont want STL on local mail
[22:42:09] <tuxcrafter> but postfix does
[22:42:22] <tuxcrafter> and its delivering some problems
[22:43:22] <Signum> STL? local mail?
[22:45:20] <tuxcrafter> Signum: exactly!
[22:45:59] <tuxcrafter> that is the problem postfix sould not want it
[22:46:04] <tuxcrafter> it has no use
[22:46:26] 
[22:47:25] <tuxcrafter> Secure Transport Layer
[22:48:57] <RedShift> you mean TLS?
[22:49:06] <RedShift> Transport Layer Security
[22:49:32] <Signum> Lay Thousands Securely? (could be a name of a condom manufacturer)
[22:50:11] <tuxcrafter> RedShift: woeps :-D
[22:50:21] <tuxcrafter> Signum: http://pastebin.ca/514633
[22:50:58] <tuxcrafter> I mean TLS  = Transport Layer Security , my at most apology's
[22:51:43] <eat_life> Signum: in the tutorial, mail_location is listed to be put into dovecot_sql.conf
[22:51:51] <eat_life> and it just doesn't accept that parameter, thats what i meant
[22:51:58] <tuxcrafter> now working on a fix that sepski proposed
[22:52:29] <Signum> tuxcrafter: setting it to encrypt is a hard thing. you deny everyone who is not voluntarily using encryption.
[22:53:05] <tuxcrafter> Signum: yes and that is no problem for not local users
[22:53:06] <Signum> eat_life: oops
[22:53:26] <tuxcrafter> but postfix si demanding it from local users, but there is a premit_mynetwork
[22:53:30] <tuxcrafter> so i dont understand
[22:53:38] <Signum> eat_life: removed it. thanks
[22:54:09] <Signum> tuxcrafter: you are demanding it, yes. so you are throwing everyone out who is not trying authentication first.
[22:54:15] <tuxcrafter> Signum: I already told you about the mail location part :-P
[22:54:16] <Signum> tuxcrafter: I don't use that setting here so I can't really tell if it's a good idea
[22:54:23] <Signum> tuxcrafter: I never listen to you. :)
[22:54:46] * Signum announces a new alpha version at http://workaround.org/articles/ispmail-etch/en.html
[22:55:59] <RedShift> postfix  f o r  t h e  w i n
[22:56:41] *** coopsh has left #postfix
[22:57:18] * Signum wonders if anything here is from 83.172.129.40
[22:57:39] <eat_life> i have trouble with getting dovecot to work
[22:57:53] <eat_life> it keeps checking mail in, /home/vmail/domain/user/Maildir
[22:58:00] <eat_life> when the maildir is /home/vmail/domain/user/
[22:58:09] <RedShift> Signum: nice article
[22:58:26] <RedShift> eat_life: this is #postfix, not a dovecot!
[22:58:40] *** coopsh has joined #postfix
[22:58:41] <eat_life> yes but i'm referring to Signum's article
[22:58:46] <RedShift> oh
[22:58:47] <RedShift> ok
[22:58:48] <RedShift> excuse me
[22:58:59] <coopsh> how is it called if postfix does a reverse check of a mail address before accepting it?
[22:59:22] <RedShift> coopsh: you mean, search a PTR on the IP-address that's connecting?
[22:59:26] <coopsh> no
[22:59:42] <RedShift> then what exactly do you mean a reverse check of a mail address?
[22:59:43] <Signum> RedShift: thanks
[22:59:48] <coopsh> i do a mail from: bla at gmail dot com
[23:00:07] <coopsh> and the postfix goes to the MX of gmail.com and asks him if bla is a valid account
[23:00:29] <Signum> coopsh: http://www.postfix.org/ADDRESS_VERIFICATION_README.html
[23:00:35] <RedShift> ah
[23:00:41] <coopsh> Signum: thanks
[23:01:17] <coopsh> do you guys have experience with it?
[23:02:04] <tuxcrafter> sepski: I got it Working :-D
[23:02:12] <Signum> coopsh: yes. most of the time it works. but many web services send you emails from nonexisting addresses and that gets rejected.
[23:02:13] <RedShift> coopsh: sounds pretty fragile
[23:02:36] <Signum> coopsh: RBLs were more useful here.
[23:02:44] <RedShift> agreed
[23:03:12] <Signum> Address verification that added up the spam score would be nice though.
[23:03:19] <RedShift> checking for an fqdn on the PTR and helo works good too (never had any false positives on that ones)
[23:03:39] <RedShift> *those ones
[23:03:48] <Signum> eat_life: is your mail_location correct now? did you restart dovecot?
[23:04:10] <RedShift> let's see how many spam I received yesterday
[23:04:15] <RedShift> much
[23:04:17] <tuxcrafter> amavis workign
[23:04:18] <RedShift> damn my english is bad today
[23:04:43] <tuxcrafter> now spam and virus check
[23:04:44] <coopsh> so I turn on address verification for specific mail addresses, only
[23:04:53] <RedShift> [root@shared2 spam]# ls -lhat|grep "May 26"|wc -l
[23:04:54] <RedShift> 130
[23:05:03] <RedShift> that's not bad
[23:09:27] <tuxcrafter> Signum: do you now how to create TLS keys that are trusted
[23:09:45] <tuxcrafter> so signed by a trusted CA
[23:09:49] <Signum> tuxcrafter: trust in certificates depends on the CA that signs it
[23:10:05] <Signum> tuxcrafter: you'll have to either buy a certificate or spread your CA to all the users of your service
[23:10:20] <Signum> tuxcrafter: cacert.org may be interesting, too
[23:10:21] <tuxcrafter> how did you do it
[23:10:28] <tuxcrafter> yes i will contact them
[23:10:40] <Signum> tuxcrafter: I use a self-signed cert that I let my users download
[23:11:34] *** killown has quit IRC
[23:11:42] <tuxcrafter> Signum: I still have some issues the way the alias database is setup
[23:11:44] <sepski> tuxcrafter, using cacert.  requires installing the root CA cert in all clients. but they are free. (i do this) or you can buy certs from verisign/thawte
[23:11:56] <tuxcrafter> but i dont have a simple solution yet
[23:11:56] <sepski>  /other
[23:12:38] <Signum> tuxcrafter: make me understand the problem and I'll provide a solution
[23:14:28] <RedShift> tuxcrafter: lol an alias database is probably one of the easiest parts...
[23:15:01] <Signum> RedShift: not if you use a normalized database, have no clue of SQL and your name is tuxcrafter ;)
[23:15:03] <eat_life> Signum: well, the maildir -is- /home/vmail/domain/user because i followed the sarge tutorial
[23:15:04] * Signum is evil
[23:15:07] <eat_life> and i am 'upgrading' right now
[23:15:16] <Signum> eat_life: the directory schema should be the same
[23:15:38] <Signum> eat_life: and it worked here: /home/vmail/example.com/john at example dot com/cur
[23:15:46] <Signum> eat_life: there is no "Maildir" in between
[23:15:49] <eat_life> well, i didnt specify mail_location
[23:16:01] <eat_life> because then i wouldn't be able to get system user mail
[23:16:10] <RedShift> sql is tha bomb
[23:16:15] *** ploploop has joined #postfix
[23:16:19] <eat_life> but the sql password_query should override the mail_location anyway right?
[23:16:33] <eat_life> but it appends a Maildir at the end of of the userdb_mail you have
[23:16:38] <Signum> eat_life: the mail_location is derived from the email address is not looked up from the database
[23:16:41] <RedShift> eat_life: the sql USER query
[23:16:52] <tuxcrafter> Signum: :-D
[23:17:15] <Signum> eat_life: use "mail_location = maildir:/home/vmail/%d/%n" in your /etc/dovecot/dovecot.conf
[23:17:34] <eat_life> yea but i wouldn't be able to get local mail (non-virtual) /home/user/Maildir mail
[23:17:47] <eat_life> while in the old tutorial it worked interchangably with courier
[23:18:10] <RedShift> Signum: you forgot the trailing /
[23:18:11] <Signum> eat_life: that's true
[23:18:35] <Signum> RedShift: according to the dovecot documentation there is no trailing slash needed
[23:19:16] <RedShift> Signum: doesn't the trailing slash indicate if it's mbox or maildir?
[23:19:24] <Signum> RedShift: for the postfix virtual delivery agent, yes
[23:19:29] <RedShift> hmmm
[23:19:55] <Signum> RedShift: And in the tutorial I use an SQL view that creates the virtual_mailbox_maps path with a trailing slash
[23:20:03] <RedShift> ah
[23:21:10] <Signum> views and normalization... that will surely blow a lot of SQL newbies away
[23:23:04] *** Slyh has joined #postfix
[23:24:30] <eat_life> Signum: well i guess i can use local and virtual users if i just correct the path
[23:24:33] <eat_life> on the system
[23:24:42] <eat_life> just didnt know how to correct it within the conf file
[23:25:22] <eat_life> because right now i have it being able to grab local mail, and i'm assuming virtual mail to aslong as i make the directory structure /home/vmail/domain/user/Maildir
[23:26:12] <Signum> eat_life: if your mailbox is on the same server a symlink might also be an easy solution
[23:26:41] <Signum> eat_life: currently I forward my own virtual email to a local domain and use procmail there
[23:26:59] *** sepski has quit IRC
[23:27:28] <RedShift> Signum: true, I once blew a seasoned php developer away just by telling him about myisam, heap and innodb...
[23:28:20] <Signum> RedShift: I prefer not worrying about that. pgsql. :)
[23:32:01] *** brancaleone has quit IRC
[23:43:22] <tuxcrafter> Signum: you have some experience with amavis i read here :-P, i got it working and did not change any setting in /etc/amavis...
[23:43:22] <tuxcrafter> but is it doing a spamassassin and virus check? I currently don't receive a changed mail header, like form my other mail that uses spamassasssin
[23:44:06] <eat_life> check mail.log
[23:45:00] <tuxcrafter> May 27 23:14:45 ashley amavis[15529]: (15529-08) Passed CLEAN, [84.245.7.46] [84.245.7.46] <jelle at tuxblogger dot nl> -> <jelle at tuxblogger dot nl>, Message-ID: <4659F050.1050602 at tuxblogger dot nl>, mail_id: SCIKhdaBZp74, Hits: -, queued_as: 95BDF3C19, 551 ms
[23:45:21] <tuxcrafter> noting about spam or virus checking there
[23:45:22] <eat_life> well the best way really is to check the log when you start amavisd
[23:45:25] <eat_life> you know for sure that way
[23:45:36] <tuxcrafter> eat_life: were is that log
[23:46:03] <eat_life> mail.log
[23:46:13] <eat_life> May 27 21:46:43 22078 amavis[14101]: ANTI-VIRUS code      loaded
[23:46:13] <eat_life> May 27 21:46:43 22078 amavis[14101]: ANTI-SPAM code       loaded
[23:46:13] <eat_life> May 27 21:46:43 22078 amavis[14101]: ANTI-SPAM-SA code    loaded
[23:46:23] <eat_life> it will show you everything that is being loaded when you start amavisd
[23:46:39] <tuxcrafter> ah then there is nothing loaded by default
[23:46:47] <eat_life> if you're using debian, nope
[23:46:52] <eat_life> it's commented out by default
[23:46:53] <tuxcrafter> jup debian
[23:47:27] <eat_life> check out /etc/amavis/conf.d/15-content_filter_mode
[23:47:42] *** xpoint has joined #postfix
[23:48:32] *** hemry has quit IRC
[23:50:45] *** rcsu has quit IRC
[23:51:00] <Signum> eat_life: IMHO these options are very confusing. @bypass is diabled. to both filters should be enabled. are they?
[23:51:49] <Signum> tuxcrafter: check your levels... http://workaround.org/articles/ispmail-etch/en.html#step-8-filtering-spam-and-viruses
[23:52:13] *** quik_ has joined #postfix
[23:53:40] <tuxcrafter> It is a free virus scanner that gets updated frequently although does not provide the quality of commercial virus scanners.
[23:53:52] <tuxcrafter> are you sure you want to have that line in the how-to :-D
[23:54:11] <tuxcrafter> not very nice forClamAV
[23:54:18] <Signum> just being realistic.
[23:54:34] <Signum> ISPs use postfix. but if they expect decent virus scanning they might not be happy with clamav.
[23:54:46] <tuxcrafter> alrigth
[23:55:08] <tuxcrafter> if you go to the ClamAV website they say diffrent
[23:55:21] <Signum> Actually I could let viruses through anyway. I don't run windows. :)
[23:55:32] <Signum> Well, I'm leaving it out.
[23:57:35] <RedShift> virus mails get quarantained here
[23:57:40] <RedShift> don't get forwarded to the client
[23:58:49] <RedShift> I get more virusmails quarantained that expected though
[23:58:57] <RedShift> I tought the time of email virussen had passed
[23:59:03] <RedShift> *virusses
[23:59:23] <RedShift> or how do the fancy people call it
[23:59:26] <RedShift> virii
[23:59:47] <Signum> stock spam is much more fun anyway





top